aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Vector out of bounds fixJuraj Somorovsky2016-09-301-1/+1
|
* Remove unused variableJack Lloyd2016-09-281-2/+0
| | | | [ci skip]
* Tick to 1.11.33Jack Lloyd2016-09-282-1/+4
|
* 1.11.32 release1.11.32Jack Lloyd2016-09-282-20/+32
|
* Fix docJack Lloyd2016-09-281-2/+1
| | | | | | This command got lost somewhere along the way. [ci skip]
* Merge GH #633 Cleanup TLS CBC encryption codeJack Lloyd2016-09-261-140/+88
|\
| * Move this to avoid ASan triggerJack Lloyd2016-09-221-4/+4
| |
| * Further TLS CBC cleanupsJack Lloyd2016-09-211-28/+37
| |
| * Cleanup TLS CBC encryption record codeJack Lloyd2016-09-211-130/+69
| | | | | | | | | | | | | | The EtM and MtE codepaths had a lot of duplicated code. Tests ok, also did manual testing against a few online machines including the EtM test server at eid.vx4.net
* | Merge GH #516 Cipher_Mode API improvementsJack Lloyd2016-09-2628-293/+243
|\ \
| * | Cipher_Mode API improvementsJack Lloyd2016-09-0128-293/+243
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Cipher_Mode::update API is more general than needed to just support ciphers (this is due to it previously being an API of Transform which before 8b85b780515 was Cipher_Mode's base class) Define a less general interface `process` which either processes the blocks in-place, producing exactly as much output as there was input, or (SIV/CCM case) saves the entire message for processing in `finish`. These two uses cover all current or anticipated cipher modes. Leaves `update` for compatability with existing callers; all that is needed is an inline function forwarding to `process`. Removes the return type from `start` - in all cipher implementations, this always returned an empty vector. Adds BOTAN_ARG_CHECK macro; right now BOTAN_ASSERT is being used for argument checking in some places, which is not right at all.
* | | Merge GH #630 TLS server checks client signature_algorithmsJack Lloyd2016-09-245-31/+89
|\ \ \ | | | | | | | | | | | | Only partially resolves GH #619 see both issues for discussion.
| * | | TLS Server should respect client signature_algorithms. Stricter TLS hello ↵Jack Lloyd2016-09-215-31/+89
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | decoding. If the client sent a signature_algorithms extension, we should negotiate a ciphersuite in the shared union of the ciphersuite list and the extension, instead of ignoring it. Found by Juraj Somorovsky GH #619 The TLS v1.2 spec says that clients should only send the signature_algorithms extension in a hello for that version. Enforce that when decoding client hellos to prevent this extension from confusing a v1.0 negotiation. TLS v1.2 spec says ANON signature type is prohibited in the signature_algorithms extension in the client hello. Prohibit it. Reorder the TLS extensions in the client hello so there is no chance an empty extension is the last extension in the list. Some implementations apparently reject such hellos, even (perhaps especially) when they do not recognize the extension, this bug was mentioned on the ietf-tls mailing list a while back.
* | | | Merge GH #634 Correctly detect self-signed certsJack Lloyd2016-09-244-6/+80
|\ \ \ \
| * | | | Make cli sign_cert key pass param optionalRené Korthaus2016-09-231-4/+12
| | | | |
| * | | | Fix validation of self-issued certificates in chainsRené Korthaus2016-09-233-2/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Self-issued certificates are certificates where subject_dn == issuer_dn, but the signature is from a different key (ca key). Chains with such a certificate could not be verified, because self-issued certificates (1) would be taken for a self-signed certificate and (2) find_issuing_cert() would find the same self-issued certificate that we want to verify, generating a signature error during signature verification. To fix, we now first identify a certificate as self-signed only if subject_dn == issuer_dn AND if we can verify the cert signature with it's own key. Verification will bring some extra costs, but we only do it once, in X509_Certificate's constructor. Second, we make sure find_issuing_cert() does not return the very same certificate we want to verify. This should be no problem, since path validation currently does not seem to support validating a self-signed certificate.
* | | | | Merge GH #632 Whitespace in TLS 1.2 KDF test vectorJack Lloyd2016-09-241-2/+2
|\ \ \ \ \
| * | | | | Fix TLS 1.2 PRF test vectorsRené Korthaus2016-09-231-2/+2
| | |_|_|/ | |/| | | | | | | | | | | | | When adding these to the .vec file, some unnecessary spaces were included.
* | | | | Update todoJack Lloyd2016-09-241-63/+60
| | | | | | | | | | | | | | | | | | | | [ci skip]
* | | | | Disable --track-origins=yes in valgrind Travis config.Jack Lloyd2016-09-241-1/+1
|/ / / / | | | | | | | | | | | | | | | | | | | | Ordinarily a useful option but the manual states that "It halves Memcheck's speed and increases memory use ..." which is rough on CI.
* | / / Maintainer mode fixes.Jack Lloyd2016-09-217-7/+8
| |/ / |/| | | | | | | | | | | | | | Mostly unused args and missing override notations. Fix DH - load_check calls were commented out for debugging.
* | | Todos [ci skip]Jack Lloyd2016-09-181-1/+16
|/ /
* | Merge GH #623 Merge algorithm impl typesJack Lloyd2016-09-1764-805/+875
|\ \ | | | | | | | | | | | | | | | | | | | | | If CPU specific optimizations are available they are always used, without requiring the application to use the application registry to ensure they get the optimal type. See also GH #477
| * | Add a relnoteJack Lloyd2016-09-171-0/+16
| | | | | | | | | | | | [ci skip]
| * | Add try/catch block at top-level test runnerJack Lloyd2016-09-161-3/+17
| | |
| * | Change T::provider to return std::stringJack Lloyd2016-09-1523-33/+28
| | |
| * | Add T::provider() to allow user to inquire about implementation usedJack Lloyd2016-09-1529-20/+178
| | | | | | | | | | | | | | | For block ciphers, stream ciphers, hashes, MACs, and cipher modes. Cipher_Mode already had it, with a slightly different usage.
| * | Fix build on PowerPC. Fix test runs on non-x86Jack Lloyd2016-09-151-4/+1
| | |
| * | Add cpuid overload to test frameworkJack Lloyd2016-09-1513-75/+213
| | |
| * | Merge optimized implementations into base classJack Lloyd2016-09-1532-708/+460
|/ / | | | | | | | | | | | | | | | | | | Various algorithms had an optimized implementation (for SSE2, AVX2, etc) which was offered alongside the 'base' implementation. This is admittedly very useful for testing, but it breaks user expectations in bad ways. See GH #477 for background. Now encrypting with `AES_128` (say) just runs whatever implementation is best on the current processor/build.
* | Disable locking_allocator on valgrind/ASan builds.Jack Lloyd2016-09-141-2/+2
| | | | | | | | GH #626
* | Merge PR #628 Add tests for TLS 1.2 PRFJack Lloyd2016-09-131-0/+34
|\ \
| * | Add TLS 1.2 PRF test vectorsRené Korthaus2016-09-131-0/+34
|/ /
* | Add missing guardJack Lloyd2016-09-091-0/+4
| |
* | Add test of FPE_FE1Jack Lloyd2016-09-092-0/+59
| | | | | | | | Self-generated vectors, just a basic smoke test right now.
* | Prevent use of secure_vector with non-integer typesJack Lloyd2016-09-091-0/+3
| | | | | | | | | | If a non trival type was used, memory corruption could occur. Original issue reported by Matthias Gierlings.
* | These vectors can be constJack Lloyd2016-09-091-2/+2
| |
* | Update RNG docs a bitJack Lloyd2016-09-071-8/+27
| | | | | | | | [ci skip]
* | Document removing `hres_timer` module in 1.11.31Jack Lloyd2016-09-071-0/+3
| | | | | | | | [ci skip]
* | Update news and readmeJack Lloyd2016-09-052-10/+21
| |
* | Remove bogus declJack Lloyd2016-09-051-2/+0
| |
* | Merge GH #613 NewHope R-LWE key exchangeJack Lloyd2016-09-059-7/+6876
|\ \
| * | Fix tests on things that are not little endianJack Lloyd2016-08-301-12/+6
| | |
| * | Newhope is really limited by RNG speed.Jack Lloyd2016-08-301-5/+33
| | | | | | | | | | | | 4x-8x overall speedup switching from HMAC_DRBG to ChaCha20
| * | Avoid requiring alignment (think this was just for the AVX2 version)Jack Lloyd2016-08-302-37/+35
| | | | | | | | | | | | Change to standard int types
| * | Fix tests with newhope disabledJack Lloyd2016-08-301-3/+10
| | |
| * | Fix header guard, macro tidyJack Lloyd2016-08-302-5/+7
| | |
| * | Add NEWHOPE KEM schemeJack Lloyd2016-08-309-7/+6847
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Provides conjectured 200-bit security against a quantum attacker. Based on the public domain reference implementation at https://github.com/tpoeppelmann/newhope and bit-for-bit compatible with that version. Test vectors generated by the reference testvector.c
* | | No need for long all-zero input after cd9f852Jack Lloyd2016-09-051-1/+0
| | |
* | | Merge GH #616 ChaCha SSE2 optimizationsJack Lloyd2016-09-056-72/+371
|\ \ \