aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge GH #653 OCSP and X.509 path validation refactorJack Lloyd2016-11-2550-626/+1887
|\ | | | | | | | | | | Splits up path validation into several sub-functions for easier testing and creating customized validation code. Much improved OCSP handling and OCSP tests.
| * Account for new string in test dataJack Lloyd2016-11-251-2/+2
| |
| * Fix TLS tests wrt validation changesJack Lloyd2016-11-252-14/+27
| | | | | | | | Create empty CRLs so that revocation information is available.
| * Add missing Doxygen param [ci skip]Jack Lloyd2016-11-251-0/+2
| |
| * Add a test for to_string(Certificate_Status_Code)Jack Lloyd2016-11-252-5/+69
| |
| * Add minimum_signature_strenght to Text_PolicyJack Lloyd2016-11-252-3/+9
| | | | | | | | Also (unrelated) enable CECPQ1 in Strict_Policy
| * Add TLS::Policy::minimum_signature_strengthJack Lloyd2016-11-257-7/+28
| | | | | | | | | | | | Changes TLS callback API for cert verify to accept Policy& Sets default signature strength to 110 to force RSA ~2048.
| * Address review comments from @cordneyJack Lloyd2016-11-257-116/+252
| | | | | | | | | | | | | | | | | | | | | | | | Primarily doc updates but also expose some more logic in PKIX namespace, overall_status and merge_revocation_status. This allows calling more or less all of the logic used by the monolitic x509_path_validate in any way needed by an application. Add Certificate_Store_In_Memory::add_crl variant taking shared_ptr Add optional Certificate_Store_In_Memory* pointer to check_crl_online, valid CRLs are saved there.
| * Fix popping empty container if no revocation data availableJack Lloyd2016-11-231-2/+2
| |
| * Add macro signalling support for online revocation checks.Jack Lloyd2016-11-233-3/+11
| |
| * Windows fixJack Lloyd2016-11-231-1/+1
| |
| * Better OCSP tests including online testsJack Lloyd2016-11-2312-11/+218
| | | | | | | | Tests touching network are gated by --run-online-tests flag.
| * MSVC doesnt support #warningJack Lloyd2016-11-231-1/+1
| |
| * Add some simple OCSP testsJack Lloyd2016-11-237-0/+168
| | | | | | | | | | | | Nothing much but better than nothing. Also add a useful arg check to OCSP::Request constructor.
| * Consult the response for matching certs also, fixes Symantec OCSPJack Lloyd2016-11-231-2/+20
| |
| * Report OCSP status in tls_clientJack Lloyd2016-11-231-0/+7
| |
| * Add the documented function for OCSP timeoutsJack Lloyd2016-11-232-3/+10
| |
| * Move TLS cert verification callback from Credentials_Manager to TLS::CallbacksJack Lloyd2016-11-2312-138/+173
| | | | | | | | | | | | It is the only function in C_M which is called on to process session-specific (and adversarially provided) inputs, rather than passively returning some credential which is typically not session specific.
| * Add useful debugging output to path validation testJack Lloyd2016-11-231-1/+1
| |
| * Refactor X.509 path validationJack Lloyd2016-11-238-359/+748
| | | | | | | | | | | | | | | | | | Splits path building, path validation, CRL checks, and OCSP checks into distinct functions in namespace PKIX. The previous path validation APIs remain. Fixes to OCSP to store more information and to handle modern OCSP setups in at least some situations.
| * Add find_cert_by_pubkey_sha1 to Certificate_Store_In_MemoryJack Lloyd2016-11-234-55/+64
| |
| * Add X509_Certificate helper functions for OCSPJack Lloyd2016-11-232-4/+43
| | | | | | | | | | Using the SHA-1 of the public key to identify the signing cert is hardcoded in OCSP and unlikely to change.
| * Explicitly number all Certificate_Status_Code enum valuesJack Lloyd2016-11-232-25/+146
| | | | | | | | Add a to_string function for this type.
| * Somewhat better errors in HTTPJack Lloyd2016-11-231-5/+9
| |
| * Add final_stdvecJack Lloyd2016-11-231-0/+7
| | | | | | | | Horrible name, useful function
* | Correct XMSS crash when a hash was disabledJack Lloyd2016-11-254-12/+20
| | | | | | | | Require SHA-256 in XMSS since that is mandatory for the index registry.
* | Update relnotesJack Lloyd2016-11-251-3/+14
| | | | | | | | [ci skip]
* | Easy testJack Lloyd2016-11-251-0/+1
| |
* | Make XMSS more friendly about invalid params.Jack Lloyd2016-11-257-35/+70
| | | | | | | | | | | | Previously just throw an exception from map.at Add an XMSS keygen test, and add default params for create_private_key
* | Add a couple more workfactor testsJack Lloyd2016-11-251-0/+6
| | | | | | | | [ci skip]
* | Add a test of TLS::Alert::type_stringJack Lloyd2016-11-251-5/+61
| |
* | Simplify TLS::Ciphersuite::cbc_ciphersuiteJack Lloyd2016-11-251-3/+1
| | | | | | | | With RC4 removed, anything that is not AEAD is CBC
* | Simplify TLS::Handshake_Hash::updateJack Lloyd2016-11-251-9/+5
| | | | | | | | The lambda here wasn't really required.
* | Merge GH #737 Remove dead stores in SSE2 ChaCha codeJack Lloyd2016-11-251-6/+3
|\ \
| * | Fix dead stores in chacha_sse2_x4Never2016-11-251-6/+3
| | |
* | | Avoid unneeded code - previous conditionals handle these casesJack Lloyd2016-11-251-8/+0
| | |
* | | Merge GH #736 Add SHAKE support to XMSSJack Lloyd2016-11-257-102/+222
|\ \ \
| * | | Adds SHAKE support for XMSSMatthias Gierlings2016-11-257-102/+222
| |/ / | | | | | | | | | | | | | | | | | | - Enables code for shake support - Creating SHAKE hash function by name now allows to select output size of 256 Bit for SHAKE128 and 512 Bit for SHAKE256. - Adds *self-generated*, unverified test vectors for XMSS/SHAKE.
* / / Avoid having source files start with /**Jack Lloyd2016-11-2545-46/+46
|/ / | | | | | | | | | | | | This caused Doxygen to dump the copyright notices for those files into the Botan namespace description, which is not helpful. [ci skip]
* | Fuzzer cleanup, no need for setup script anymoreJack Lloyd2016-11-226-54/+57
| | | | | | | | | | | | Makefile does all the things [ci skip]
* | Add missing macro check in testJack Lloyd2016-11-221-0/+2
| |
* | Fix memory leak in HKDFJack Lloyd2016-11-221-1/+1
| |
* | Move Sonar config to build-dataJack Lloyd2016-11-222-0/+2
| | | | | | | | | | No actual reason for it to be in the root dir, only Sonar needs it, so just copy it to the root dir before starting.
* | Add tests for PK work factor functionsJack Lloyd2016-11-222-0/+82
| | | | | | | | Expected results are just what it generated on my machine.
* | Merge GH #734 Export work factor functionsJack Lloyd2016-11-221-4/+4
|\ \ | |/ |/|
| * Export work factor functionsRené Korthaus2016-11-221-4/+4
|/ | | | | | | Now that users can implement custom PK ops via Private_Key and Public_Key outside the library, it makes very much sense to provide the work factor functions to them.
* Add policy file for TLS client testingJack Lloyd2016-11-211-0/+19
| | | | [ci skip]
* Add warning to OID script outputJack Lloyd2016-11-212-1/+10
| | | | [ci skip]
* Add timeouts to TLS scanner [ci skip]Jack Lloyd2016-11-212-4/+17
|
* Fix doc of get_processor_timestamp [ci skip]Jack Lloyd2016-11-211-4/+10
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 16:24:23 +0000