aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add TOC link to users manual and API ref for websiteRené Korthaus2017-03-311-1/+3
|
* Merge GH #954 Always poll 256 bytes from getentropy syscallJack Lloyd2017-03-301-3/+4
|\
| * Always poll 256 bytes from Getentropy.Alexander Bluhm2017-03-301-3/+4
| | | | | | | | | | | | The OpenBSD system limit for getentropy(2) is 256 bytes. It does not make sense to use the BOTAN_SYSTEM_RNG_POLL_REQUEST define here. As it is only used in one place, another define would be overkill.
* | Merge GH #953 Use arc4random for system RNG access on OpenBSDJack Lloyd2017-03-302-0/+16
|\ \ | |/ |/|
| * Use arc4random(3) as system rng on OpenBSD.Alexander Bluhm2017-03-302-0/+16
|/ | | | | | | | | OpenBSD provides the arc4random(3) function in libc for user land programs that need good random data. Use this to implement the Botan system random number generator. It has the advantage over /dev/urandom that it works without file descriptors and in chroot(2) environment. Internally libc is currently using a ChaCha20 cipher as PRNG and getentropy(2) to reseed itself automatically.
* Merge GH #948 Update release notes for 2.1Jack Lloyd2017-03-301-0/+14
|\
| * Update releases notes for 2.1.0Daniel Neus2017-03-291-0/+14
| |
* | Merge GH #952 Disable proc_walk on OpenBSDJack Lloyd2017-03-301-1/+0
|\ \
| * | Disable entropy proc_walk on OpenBSD.Alexander Bluhm2017-03-301-1/+0
| | | | | | | | | | | | | | | The /proc file system was disabled for years. With OpenBSD 5.7 the implementation has been removed from the kernel sources.
* | | Merge GH #950 Update authorsJack Lloyd2017-03-302-0/+7
|\ \ \ | |/ / |/| |
| * | Add myself as contributor.Alexander Bluhm2017-03-292-0/+7
|/ /
* | Merge GH #949 Add --entropy flag to rng cmdJack Lloyd2017-03-291-1/+11
|\ \
| * | Use entropy source for cli rng.Alexander Bluhm2017-03-291-1/+11
| | | | | | | | | | | | | | | With "botan rng --entropy" the global entropy sources are used to seed the auto seeded random number generator.
* | | Build fixJack Lloyd2017-03-291-1/+1
| | |
* | | Fix RSA blinding testJack Lloyd2017-03-291-5/+7
|/ / | | | | | | | | | | Failed if OpenSSL was used since OpenSSL does (whatever it does). GH #879
* | Fix final RSA blinding testJack Lloyd2017-03-291-4/+5
| | | | | | | | See GH #879
* | Add missing override annotationJack Lloyd2017-03-291-1/+1
| |
* | Add --test-runs option to test binaryJack Lloyd2017-03-291-5/+9
| | | | | | | | Just runs the specified test several times, or until first failure.
* | Merge GH #879 Fix rsa_blinding tests and add one more testJack Lloyd2017-03-291-3/+46
|\ \
| * | Fix rsa_blinding tests if emsa_raw is missing and add tests for rsa_blinding ↵Daniel Neus2017-02-161-3/+46
| | | | | | | | | | | | while encrypting/decrypting
* | | Document functions added in GH #899Jack Lloyd2017-03-291-0/+30
| | |
* | | Merge GH #899 Add ability to specify iterations when encrypting a private keyJack Lloyd2017-03-297-38/+390
|\ \ \
| * | | Add ability to specify iterations when encrypting a private keyJack Lloyd2017-02-267-38/+390
| | | | | | | | | | | | | | | | GH #896
* | | | Document new C APIs added in GH #946Jack Lloyd2017-03-291-5/+186
| | | |
* | | | Merge GH #946 Expose multiple precision integers in C interfaceJack Lloyd2017-03-295-27/+731
|\ \ \ \
| * | | | Expose BigInt API subset to C APIJack Lloyd2017-03-285-27/+731
| | | | | | | | | | | | | | | | | | | | Also adds RSA key constructors using BN
* | | | | Merge GH #947 Add support for getentropy syscallJack Lloyd2017-03-295-1/+79
|\ \ \ \ \
| * | | | | Use getentropy(2) as random source.Alexander Bluhm2017-03-295-1/+79
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Gather entropy from system call getentropy(2). This is available since in OpenBSD 5.6 and Solaris 11.3. It can provide up to 256 bytes entropy from the kernel without blocking. As a system call it does not need a file descriptor and works in chroot(2) environments without device nodes.
* | | | | Merge GH #945 Remove old timing test suiteJack Lloyd2017-03-2919-610/+5
|\ \ \ \ \ | |/ / / / |/| | | |
| * | | | Remove old timing test suiteJack Lloyd2017-03-2819-610/+5
| |/ / / | | | | | | | | | | | | Replaced by version in cli added in #894
* | | | Update release notesJack Lloyd2017-03-281-0/+15
| | | | | | | | | | | | | | | | [ci skip]
* | | | Note that bcrypt bug was introduced in 1.11.0Jack Lloyd2017-03-281-2/+4
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | Specifically 9644a3ecebb15. So 1.10 was not affected, as it instead throws an exception for passwords longer than 56 chars, which is incompatible with other bcrypt APIs but does not introduce any security problems. [ci skip]
* | | Merge GH #944 Add check_key to C APIJack Lloyd2017-03-284-2/+28
|\ \ \
| * | | Expose PK::check_key functions in C interfaceJack Lloyd2017-03-274-2/+28
| | | |
* | | | Merge GH #942 Avoid passing IP as hostname in tls_client command line utilJack Lloyd2017-03-282-1/+15
|\ \ \ \
| * | | | Add documentation that SNI must be FQDN.Alexander Bluhm2017-03-271-0/+4
| | | | | | | | | | | | | | | | | | | | server_info parameter of TLS::Client must not be an IP address.
| * | | | tls_client must not pass an IP address as server informationAlexander Bluhm2017-03-251-1/+11
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RFC 6066 section 3 says: Literal IPv4 and IPv6 addresses are not permitted in "HostName". But if a user passes an IP address to botan tls_client as connect address, this is also used for SNI. Some TLS server like libtls from the LibreSSL project check that a provided hostname is a DNS name. The TLS connection attempt from botan is rejected with a fatal alert.
* | | | Merge GH #938 Fix incorrect bcrypt truncationJack Lloyd2017-03-286-15/+341
|\ \ \ \
| * | | | Avoid long tests for each bcrypt passwordJack Lloyd2017-03-241-2/+22
| | | | |
| * | | | Add relnotes and CVEJack Lloyd2017-03-242-1/+5
| | | | |
| * | | | Fix incorrect password truncation in bcrypt password hashing.Jack Lloyd2017-03-245-14/+316
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The 56 char bound is bogus; Blowfish itself allows at most 448 bits in the key schedule, but Bcrypt's modification allows up to 72 chars for the password. Bug pointed out by Solar Designer. Also reject work factors 0...3 since all other extant bcrypt implementations require at least work factor 4. Adds more bcrypt tests generated by crypt_bcrypt and OpenBSD's version.
* | | | | Merge GH #936 Fix pkg-config with --build-dirJack Lloyd2017-03-282-17/+14
|\ \ \ \ \ | |_|/ / / |/| | | |
| * | | | Fix build variable botan_pkgconfigSimon Warta2017-03-251-8/+2
| | | | | | | | | | | | | | | | | | | | | | | | | This avoids an extra "hello/" path segment when configured with `./configure.py --with-build-dir hello`
| * | | | Use JSON to store build configSimon Warta2017-03-252-3/+6
| | | | | | | | | | | | | | | | | | | | to improve debuggability
| * | | | configure: write if condition positiveSimon Warta2017-03-251-6/+6
|/ / / /
* / / / shellcheck fix in website.shJack Lloyd2017-03-241-5/+3
|/ / / | | | | | | | | | [ci skip]
* | | Release notes for Botan 2.1Jack Lloyd2017-03-231-0/+50
| | | | | | | | | | | | | | | | | | GH #866 [ci skip]
* | | Merge GH #937 Fix pdf download URL [ci skip]Jack Lloyd2017-03-232-11/+9
|\ \ \
| * | | Use a hardcoded URL for the PDF downloadRené Korthaus2017-03-232-11/+9
|/ / /
* | | Fix some compiler warnings.Jack Lloyd2017-03-223-3/+3
| | |
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-23 20:25:34 +0000