aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Revert PK_Verifier change (don't require RNG there).Jack Lloyd2016-10-0740-178/+220
| | | | | | | Verification is deterministic and public, so really no RNG is ever needed. Change provider handling - accepts "base", "openssl", or empty, otherwise throws a Provider_Not_Found exception.
* Remove Algo_Registry usage from public key code.Jack Lloyd2016-10-0773-437/+1129
| | | | | | | | Instead the key types exposes operations like `create_encryption_op` which will return the relevant operation if the algorithm supports it. Changes pubkey.h interface, now RNG is passed at init time. Blinder previous created its own RNG, now it takes it from app.
* Merge GH #654 Fix PPC64le Travis CI buildJack Lloyd2016-10-073-15/+20
|\
| * Another try at ppc64el testsJack Lloyd2016-10-073-15/+20
| |
* | Merge GH #642 Move TLS CBC+HMAC code to AEADJack Lloyd2016-10-078-454/+850
|\ \
| * | TLS: Split CBC+HMAC modes to standalone AEAD_ModeJack Lloyd2016-10-078-454/+850
|/ / | | | | | | | | Now record layer only deals with an AEAD, and the weird complications of CBC modes mostly hidden in tls_cbc.cpp
* | Merge GH #645 TLS compressed pointsJack Lloyd2016-10-0715-9/+174
|\ \
| * | Fix tls_messages testsRené Korthaus2016-10-032-4/+4
| | |
| * | Minor improvementsRené Korthaus2016-10-033-25/+7
| | |
| * | Update manualRené Korthaus2016-10-031-0/+13
| | |
| * | Support encoding of supported point formats extensionRené Korthaus2016-10-0312-5/+175
| | |
* | | Merge GH #649 Update BSI policy (disable DES, HKDF, HMAC_RNG)Jack Lloyd2016-10-071-0/+3
|\ \ \ | |_|/ |/| |
| * | Update BSI policyRené Korthaus2016-10-041-0/+3
|/ /
* | Merge GH #631 Cert store in SQLJack Lloyd2016-10-0433-82/+1086
|\ \ | | | | | | | | | Also changes Cert store interface to return shared_ptr, see GH #471
| * | 2nd review roundseu2016-10-024-50/+68
| | |
| * | remove superfluous includesKai Michaelis2016-10-022-9/+0
| | |
| * | typoKai Michaelis2016-10-021-1/+1
| | |
| * | 1st review roundKai Michaelis2016-10-024-17/+31
| | |
| * | certstore testsKai Michaelis2016-10-0212-0/+478
| | |
| * | Certificate store using SQLiteKai Michaelis2016-10-0218-82/+585
| | |
* | | Merge GH #648 Accept read-only access to /dev/urandomJack Lloyd2016-10-041-0/+6
|\ \ \ | | | | | | | | | | | | See also GH #647
| * | | Resolve #647Nathan Hourt2016-10-031-0/+6
| | |/ | |/| | | | Implement a backoff approach to opening the system RNG: if opening read-write fails, try to open read-only. This will allow the RNG to be used, but attempts to add entropy will fail. If opening as read-only also fails, only then throw an exception.
* | | Merge GH #641: If RC4 is disabled, disable OpenSSL version alsoJack Lloyd2016-10-041-1/+1
|\ \ \
| * | | fix compiler error: openssl w/o rc4t0b32016-10-011-1/+1
| | |/ | |/| | | | | | | | | | | | | Compiling botan with disabled rc4 module fails in case of openssl w/o rc4... Error: ./src/lib/prov/openssl/openssl_rc4.cpp:15:25: fatal error: openssl/rc4.h: No such file or directory #include <openssl/rc4.h>
* | | Fix entropy source selection logic on WindowsJack Lloyd2016-10-042-1/+6
| |/ |/| | | | | Fixes GH #644
* | Have cli cert_info parse multiple certs from fileJack Lloyd2016-10-021-3/+25
| |
* | SIV is restricted to 128 bit ciphersJack Lloyd2016-10-021-0/+2
| |
* | Missing inline specifierJack Lloyd2016-10-021-1/+1
|/
* Merge PR #640 Add new TLS parsing and policy check testsJack Lloyd2016-09-3016-15/+643
|\
| * New TLS positive and negative tests.Juraj Somorovsky2016-09-3014-11/+642
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TLS message parsing: - CertificateVerify - HelloVerify - ClientHello (with extensions) - ServerHello (with extensions) - NewSessionTicket - Alert TLS message processing: - HelloVerify TLS Policy tests Unit tests with TLS client authentication Added test_throws method that checks the correct exception message.
| * Removed redundant check in ClientHello parserJuraj Somorovsky2016-09-301-3/+0
| |
| * Vector out of bounds fixJuraj Somorovsky2016-09-301-1/+1
|/
* Remove unused variableJack Lloyd2016-09-281-2/+0
| | | | [ci skip]
* Tick to 1.11.33Jack Lloyd2016-09-282-1/+4
|
* 1.11.32 release1.11.32Jack Lloyd2016-09-282-20/+32
|
* Fix docJack Lloyd2016-09-281-2/+1
| | | | | | This command got lost somewhere along the way. [ci skip]
* Merge GH #633 Cleanup TLS CBC encryption codeJack Lloyd2016-09-261-140/+88
|\
| * Move this to avoid ASan triggerJack Lloyd2016-09-221-4/+4
| |
| * Further TLS CBC cleanupsJack Lloyd2016-09-211-28/+37
| |
| * Cleanup TLS CBC encryption record codeJack Lloyd2016-09-211-130/+69
| | | | | | | | | | | | | | The EtM and MtE codepaths had a lot of duplicated code. Tests ok, also did manual testing against a few online machines including the EtM test server at eid.vx4.net
* | Merge GH #516 Cipher_Mode API improvementsJack Lloyd2016-09-2628-293/+243
|\ \
| * | Cipher_Mode API improvementsJack Lloyd2016-09-0128-293/+243
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Cipher_Mode::update API is more general than needed to just support ciphers (this is due to it previously being an API of Transform which before 8b85b780515 was Cipher_Mode's base class) Define a less general interface `process` which either processes the blocks in-place, producing exactly as much output as there was input, or (SIV/CCM case) saves the entire message for processing in `finish`. These two uses cover all current or anticipated cipher modes. Leaves `update` for compatability with existing callers; all that is needed is an inline function forwarding to `process`. Removes the return type from `start` - in all cipher implementations, this always returned an empty vector. Adds BOTAN_ARG_CHECK macro; right now BOTAN_ASSERT is being used for argument checking in some places, which is not right at all.
* | | Merge GH #630 TLS server checks client signature_algorithmsJack Lloyd2016-09-245-31/+89
|\ \ \ | | | | | | | | | | | | Only partially resolves GH #619 see both issues for discussion.
| * | | TLS Server should respect client signature_algorithms. Stricter TLS hello ↵Jack Lloyd2016-09-215-31/+89
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | decoding. If the client sent a signature_algorithms extension, we should negotiate a ciphersuite in the shared union of the ciphersuite list and the extension, instead of ignoring it. Found by Juraj Somorovsky GH #619 The TLS v1.2 spec says that clients should only send the signature_algorithms extension in a hello for that version. Enforce that when decoding client hellos to prevent this extension from confusing a v1.0 negotiation. TLS v1.2 spec says ANON signature type is prohibited in the signature_algorithms extension in the client hello. Prohibit it. Reorder the TLS extensions in the client hello so there is no chance an empty extension is the last extension in the list. Some implementations apparently reject such hellos, even (perhaps especially) when they do not recognize the extension, this bug was mentioned on the ietf-tls mailing list a while back.
* | | | Merge GH #634 Correctly detect self-signed certsJack Lloyd2016-09-244-6/+80
|\ \ \ \
| * | | | Make cli sign_cert key pass param optionalRené Korthaus2016-09-231-4/+12
| | | | |
| * | | | Fix validation of self-issued certificates in chainsRené Korthaus2016-09-233-2/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Self-issued certificates are certificates where subject_dn == issuer_dn, but the signature is from a different key (ca key). Chains with such a certificate could not be verified, because self-issued certificates (1) would be taken for a self-signed certificate and (2) find_issuing_cert() would find the same self-issued certificate that we want to verify, generating a signature error during signature verification. To fix, we now first identify a certificate as self-signed only if subject_dn == issuer_dn AND if we can verify the cert signature with it's own key. Verification will bring some extra costs, but we only do it once, in X509_Certificate's constructor. Second, we make sure find_issuing_cert() does not return the very same certificate we want to verify. This should be no problem, since path validation currently does not seem to support validating a self-signed certificate.
* | | | | Merge GH #632 Whitespace in TLS 1.2 KDF test vectorJack Lloyd2016-09-241-2/+2
|\ \ \ \ \
| * | | | | Fix TLS 1.2 PRF test vectorsRené Korthaus2016-09-231-2/+2
| | |_|_|/ | |/| | | | | | | | | | | | | When adding these to the .vec file, some unnecessary spaces were included.
* | | | | Update todoJack Lloyd2016-09-241-63/+60
| | | | | | | | | | | | | | | | | | | | [ci skip]