Jonathan Herzog ff736a61bb Hash functions now check for input-length overflow. ...

Because many of the hash-functions implemented by LTC use the length
of the input when padding the input out to a block-length, LTC keeps
track of the input length in a 64-bit integer. However, it did not
previously test for overflow of this value. Since many of the
hash-functions implemented by LTC are defined for inputs of length
2^128 bits or more, this means that LTC was incorrectly implementing
these hash functions for extremely long inputs. Also, this might have
been a minor security problem: A clever attacker might have been able
to take a message with a known hash and find another message (longer
by 2^64 bits) that would be hashed to the same value by LTC.

Fortunately, LTC uses a pre-processor macro to make the actual code
for hashing, and so this problem could be fixed by adding an
overflow-check to that macro.

2014-08-06 19:06:00 +02:00

..

base64

base64: add define LTC_BASE64_URL, make _internal functions static

2013-11-24 22:11:44 +01:00

crypt

fix unregister_prng() where always the first prng would have been removed

2014-08-05 17:47:50 +02:00

hkdf

minor changes/clean-up sources

2014-04-30 01:10:22 +02:00

pkcs5

minor changes/clean-up sources

2014-04-30 01:10:22 +02:00

burn_stack.c

added libtomcrypt-1.17

2010-06-16 12:39:13 +02:00

error_to_string.c

Hash functions now check for input-length overflow.

2014-08-06 19:06:00 +02:00

pk_get_oid.c

der fixes and additions

2013-02-13 10:01:20 +01:00

zeromem.c

use corrected version of zeromem() from @dtrebbien

2012-11-23 00:53:54 +01:00