aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix: UTCTime interpreted as GeneralizedTimeDaniel Neus2017-03-132-24/+97
| | | | | | | | | | | | Example: "200305100350Z" interpreted as "2003/05/10 03:50:00 UTC" correct is "2020/03/05 10:03:50 UTC" According to RFC 5280: UTCTime values ... MUST include seconds (i.e., times are YYMMDDHHMMSSZ) -> length 13 GeneralizedTime values ... MUST include seconds (i.e., times are YYYYMMDDHHMMSSZ) -> length 15 I think we should enforce the RFC5280 rules even if the ASN.1 rules are not that strict.
* Merge GH #905 Fix TLS doc re default DH minimum sizeJack Lloyd2017-03-071-1/+1
|\
| * Fix the default value (2048) of minimum_dh_group_size in the documentationlouiz’2017-03-071-1/+1
| |
* | Merge GH #901 Allow OCSP requests without the full subject certificateJack Lloyd2017-03-077-24/+69
|\ \ | |/ |/|
| * Allow OCSP requests without the full subject certificateNuno Goncalves2017-03-047-24/+69
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A OCSP request doesn't need the full subject certificate. This extends the API to require instead of the subject certificate: * OCSP::Request: subject serial. * OCSP::online_check: subject serial AND ocsp responder url. API breaking change: * removal of OCSP::Request::subject() as OCSP::Request doesn't need to hold the certificate, but only the serial. Signed-off-by: Nuno Goncalves <[email protected]>
* | Merge GH #904 Fix memory leak in TLS testsJack Lloyd2017-03-031-4/+6
|\ \ | |/ |/|
| * fix mem leak in tls unit testsDaniel Neus2017-03-031-4/+6
| |
* | Change name constraint test to use a fixed reference timeJack Lloyd2017-03-031-2/+6
| | | | | | | | Test certs have expired.
* | Avoid calling memmove with a null source in PKCSv1 signature encodingJack Lloyd2017-03-031-1/+7
| | | | | | | | Only occured with EMSA_Raw. Caught by GCC 7 warning
* | Add missing include, caught by GCC 7Jack Lloyd2017-03-031-0/+1
| | | | | | | | Closes GH #903
* | Fix compiler warnings in timing_test CLIJack Lloyd2017-03-031-2/+4
|/
* Merge GH #902 Extend EC_PublicKey check, add EC_Group check, ECC invalid key ↵Jack Lloyd2017-03-028-4/+534
|\ | | | | | | tests
| * remove debug output from ecc_invalid unit testsNever2017-02-281-2/+0
| |
| * Merge pull request #2 from ↵Tobias | Never2017-02-285-1/+457
| |\ | | | | | | | | | | | | Rohde-Schwarz-Cybersecurity/extended-ec-public-key-checks Extended ec public key checks
| | * Add ECDSA key tests from Google's project WycheproofRené Korthaus2017-02-124-13/+57
| | |
| | * Add test vectors for invalid ECDSA public keys from FIPS 186-4René Korthaus2017-02-122-0/+185
| | |
| | * Add test vectors for invalid ECDSA public keys from FIPS 186-2René Korthaus2017-02-123-1/+228
| | |
| * | verify ec domain in EC_PublicKey::check_keyNever2017-02-281-1/+6
| | |
| * | EC_PublicKey::check_key for curves with cofactor > 1Never2017-02-271-1/+24
| | |
| * | Add ec_group verify functionNever2017-02-242-1/+49
| | |
* | | Merge GH #893 Remove ECC fixed window codeJack Lloyd2017-03-022-60/+7
|\ \ \
| * | | Converge on a single side channel silent ec mp alg: randomizedNever2017-02-222-60/+7
| | | | | | | | | | | | | | | | | | | | Montgomery ladder with order.bits()/2 bit scalar blinding and point randomization
* | | | Increase timing test defaultsJack Lloyd2017-02-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Mona errors out on < 512 values per secret [ci skip]
* | | | Merge GH #894 Add timing_test command line utilJack Lloyd2017-02-261-0/+454
|\ \ \ \
| * | | | Add `botan timing_test` command line utilityJack Lloyd2017-02-261-0/+454
| | | | |
* | | | | The certificate being tested by the OCSP online test has expired.Jack Lloyd2017-02-261-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This caused a test failure if run with --run-online-tests. This is not the default but it caused the coverage build to fail. Fix the test to reflect expired status. The whole thing does not seem wholly satsifactory since we are still relying the behavior on an external party, perhaps a mock OCSP responder should be created for the tests.
* | | | | Merge GH #898 Fix pylint warnings in configureJack Lloyd2017-02-261-30/+40
|\ \ \ \ \ | |/ / / / |/| | | |
| * | | | Configure: rename variables to avoid redefining builtinsSimon Warta2017-02-261-7/+7
| | | | |
| * | | | Configure: Fix wrong variable name (credits to pylint)Simon Warta2017-02-261-1/+1
| | | | |
| * | | | Configure: remove trailing whitespaceSimon Warta2017-02-261-1/+1
| | | | |
| * | | | Configure: move some members to shared InfoObject constructorSimon Warta2017-02-261-20/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The classes members members `infofile`, `lives_in`, `parent_module` and `basename` are all created from the infofile path and do not need the lexer, which interprets content of the info file. Pulling those out into a shared superclass constructor makes those members visible to a linting tool, reducing the number of warnings dramatically.
| * | | | Configure: Disable wrong-import-position pylint warningSimon Warta2017-02-261-1/+1
|/ / / /
* | | | Add missing try/catch in invalid signature testJack Lloyd2017-02-261-2/+10
| | | | | | | | | | | | | | | | From GH #889
* | | | Merge GH #891 Constant time decoding for ISO 9796 unpaddingJack Lloyd2017-02-261-14/+26
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | Including missing length check #888 Replaces #889
| * | | | fix possible iso9796 side channel and add length checkNever2017-02-211-14/+26
| |/ / /
* | | | Merge GH #895Jack Lloyd2017-02-268-12/+0
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | | | | | | | | | Remove verify_end calls before end_cons, since that function already verifies there is no leftover bits. Closes #890
| * | | Remove verify_end() chained immediatly before end_cons() (close #890)Nuno Goncalves2017-02-258-12/+0
|/ / / | | | | | | | | | | | | | | | | | | BER_Decoder::end_cons() allready assures the verify_end() function, so it is redundant. Signed-off-by: Nuno Goncalves <[email protected]>
* | | Some todos [ci skip]Jack Lloyd2017-02-231-1/+4
| | |
* | | In CLI, if system RNG is available prefer itJack Lloyd2017-02-232-3/+10
|/ /
* | Fix ECDSA timing test dataJack Lloyd2017-02-201-1/+1
| | | | | | | | | | | | See GH #880 [ci skip]
* | Avoid use of deprecated function in (deprecated) Serialized_RNG constructorJack Lloyd2017-02-192-2/+12
| |
* | Merge GH #880 Add ECDSA timing testsJack Lloyd2017-02-195-1/+71
|\ \
| * | Add ecdsa timing testNever2017-02-165-1/+71
| | |
* | | Merge GH #881 Adjust number of Miller-Rabin iterations in DSA param gen and ↵Jack Lloyd2017-02-192-3/+3
|\ \ \ | | | | | | | | | | | | RSA checks
| * | | increase miller-rabin iterations for RSA strong check_key. We call is_prime ↵Never2017-02-131-1/+1
| | | | | | | | | | | | | | | | with prob=128 during sampling and we should check with the same prob
| * | | increase miller-rabin iterations for dsa primes (FIPS-186-4)Never2017-02-131-2/+2
| |/ /
* | | Merge GH #886 Improve ffi docsJack Lloyd2017-02-192-51/+554
|\ \ \
| * | | Document hash, rng, mac, pbkdf and kdf in ffi handbookRené Korthaus2017-02-192-58/+244
| | | |
| * | | Add all ffi functions and types to ffi.rstRené Korthaus2017-02-191-19/+236
| | | |
| * | | Add more docs for ffiRené Korthaus2017-02-192-4/+104
| | | |
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-14 05:21:56 +0000