aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge GH #1129 Split up ffi.cppJack Lloyd2017-07-3119-2314/+2552
|\
| * Split up ffi.cpp into several filesJack Lloyd2017-07-3119-2314/+2552
|/ | | | | It was getting pretty big and would get worse over time, eg whenver I get around to adding TLS support.
* Merge GH #1128 Improve FFI exception safetyJack Lloyd2017-07-315-703/+368
|\
| * Add missing return in ffi_delete_objectJack Lloyd2017-07-251-4/+5
| | | | | | | | | | Somehow this still passed all the tests, downside of 0 as the success return I suppose.
| * Merge commit 'e015fd170' into ffi-fixesJack Lloyd2017-07-253-2/+13
| |\ | | | | | | | | | From PR #1097
| | * Don't crash if openssl can't allocate a new contextKirill A. Korinsky2017-06-293-2/+13
| | |
| * | In FFI, check the object magic before deletingJack Lloyd2017-07-251-30/+42
| | | | | | | | | | | | | | | Previously any X_destroy function would just delete its arg regardless of whatever the application passed in.
| * | Better exception guarding in FFIJack Lloyd2017-07-252-671/+312
| | | | | | | | | | | | | | | Based on PR #1097 but I wanted to decrease the verbosity of the resulting code.
* | | Merge GH #1135 Add RFC 3394 keywrap to FFIJack Lloyd2017-07-312-0/+57
|\ \ \ | |/ / |/| |
| * | Move declarations above TLS blockKrzysztof Kwiatkowski2017-07-301-11/+11
| | |
| * | FFI: Add interface for key wrapping with RFC 3394Krzysztof Kwiatkowski2017-06-292-0/+57
| | |
* | | Merge GH #1123 Add OCSP::Response::certificates APIJack Lloyd2017-07-242-0/+36
|\ \ \
| * | | add OCSP::Response::certificates() + unit testRené Meusel2017-07-212-0/+36
| | | |
* | | | Change arbitrary privkey size to a smaller arbitrary number.Jack Lloyd2017-07-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | GH #1122 [ci skip]
* | | | Revert GH #1119 90e8cbbc02 Causes irregular timeouts on TravisJack Lloyd2017-07-241-1/+1
|/ / / | | | | | | | | | [ci skip]
* | | Merge GH #1119 Run full tests on big-endian ppc qemuJack Lloyd2017-07-171-1/+1
|\ \ \
| * | | Enable all tests on ppc32 cross buildJack Lloyd2017-07-161-1/+1
| | | | | | | | | | | | | | | | Ensures big-endian gets tested
* | | | Appease shellcheckJack Lloyd2017-07-171-3/+3
|/ / /
* | | Merge GH #1112 Cleanup in configureJack Lloyd2017-07-161-5/+6
|\ \ \
| * | | configure: explicitly concatenate stdout+stdderr for cc_putputSimon Warta2017-07-051-5/+6
| | | | | | | | | | | | | | | | | | | | | | | | This prevents a lint error in newer pylint versions ("R:2600, 8: Redefinition of cc_output type from tuple to str (redefined-variable-type)") and makes code clearer.
* | | | Merge GH #1110 Fix documentation of PKCS11 moduleJack Lloyd2017-07-162-12/+12
|\ \ \ \
| * | | | Remove "pkcs11" provider paramater for pk ops in handbook and testsRené Korthaus2017-07-042-12/+12
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have special key types for PKCS#11 public and private keys. When using the PK ops classes, passing the "pkcs11" provider parameter is not necessary, as the PK ops is internally chosen by the PKCS#11 key class, in contrast to other providers such as openssl, which don't have special key classes. Updates the handbook code examples and the tests.
* | | | Merge GH #1116 Fix loading of unencrypted PKCS#8 key via CLIJack Lloyd2017-07-161-10/+16
|\ \ \ \
| * | | | Fix loading of unencrypted PKCS#8 key via CLIRené Korthaus2017-07-111-10/+16
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | CLI passed an emtpy password to PKCS8::load_key(), even if --pass-in was not given, which caused loading of unencrypted private keys to fail. Fixed by calling the corresponding flavour of load_key().
* / / / Fix failure to fully zero memory before freeJack Lloyd2017-07-163-1/+17
|/ / / | | | | | | | | | | | | | | | Introduced in 455bd2557cbb1343e59eefd97cb449f06a702c28 Found and reported by Roman Pozlevich
* | | Increase ABI versionJack Lloyd2017-07-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Already we broke ABI in 2.1 but did not bump the soversion (see comments in https://github.com/randombit/botan/commit/7bdffd52a96e08e9452d1985258376a3925a497b) and 2.2 again changes ABI for example by adding HashFunction::copy_state function. [ci skip]
* | | Update newsJack Lloyd2017-07-031-0/+7
| | |
* | | Merge GH #1093 In EC keys, use OID encoding if possibleJack Lloyd2017-07-031-6/+16
|\ \ \
| * | | ECC: use OID encoding if possiblePatrick Wildt2017-06-301-6/+16
| | | | | | | | | | | | | | | | | | | | | | | | Instead of explicitly encoding the domain, encode them with the OID if the OID is available. This makes the ecdsa_sign test run with OpenSSL, since OpenSSL needs the OID explicitly set.
| * | | Revert previous, we should fix it differently.Patrick Wildt2017-06-301-16/+20
| | | |
| * | | Allow ECDSA tests for OpenSSL by comparing EC GroupsPatrick Wildt2017-06-281-20/+16
| |/ / | | | | | | | | | | | | | | | | | | | | | The ecdsa_sign test does not work for OpenSSL since the public key that is derived from the private key does not store the OID of the curve. Thus, the OpenSSL code cannot find the proper NID for the given public key and cannot do a verification operation. We can fix this by comparing the actual groups and not using the OIDs.
* | | Merge GH #1107 Improve documentation of x509_path_validateJack Lloyd2017-07-031-1/+1
|\ \ \
| * | | Add position of end entity cert in x509_path_validate() doc [ci skip]René Korthaus2017-07-021-1/+1
| | | | | | | | | | | | | | | | | | | | It's not so obvious to a user at which end of the chain the end entity certificate must be placed.
* | | | Merge GH #1106 Fix sign_cert CLI incorrectly handling --ca-key-pass (GH #1104)Jack Lloyd2017-07-031-2/+4
|\ \ \ \
| * | | | Fix sign_cert CLI incorrectly handling --ca-key-passRené Korthaus2017-07-011-2/+4
| |/ / /
* | | | Merge GH #1103 Fix error in Doxygen commentJack Lloyd2017-07-031-1/+1
|\ \ \ \ | |/ / / |/| | |
| * | | escape \Z in doxygen comment causing doxygen warning (and in turn error), ↵Zoltan Gyarmati2017-07-011-1/+1
|/ / / | | | | | | | | | fixes #1102
* | | Update newsJack Lloyd2017-06-302-1/+5
| | |
* | | Update modern and nist policies with recent additionsJack Lloyd2017-06-303-0/+21
| | |
* | | Merge GH #1082 Add support for SM2 signature schemeJack Lloyd2017-06-3016-2/+654
|\ \ \
| * | | Remove debug printsJack Lloyd2017-06-301-17/+1
| | | |
| * | | Add SM2 signature schemeJack Lloyd2017-06-2916-2/+671
| | |/ | |/| | | | | | | | | | | | | From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 This is a contribution from Ribose Inc (@riboseinc).
* | | Merge GH #1084 Support multiple buffer sizes in speed reportJack Lloyd2017-06-301-86/+446
|\ \ \
| * | | use buffer sizes only once in performance tests0xdefaced2017-06-261-2/+16
| | | | | | | | | | | | | | | | | | | | | | | | Remove duplicates from given buffer sizes in performance tests. Additionally, sort buffer sizes for better grouping in logs and add a colon before printing the measurements.
| * | | print a summary for performance tests0xdefaced2017-06-241-7/+306
| | | |
| * | | only speed test different msg sizes when tests require a message size0xdefaced2017-06-241-204/+222
| | | | | | | | | | | | | | | | | | | | Don't perform performance tests for different buffer sizes when the algorithm does not care about the message size.
| * | | accept multiple buffer sizes used for speed tests0xdefaced2017-06-241-141/+170
| | |/ | |/|
* | | Merge GH #1098 Cleanups in SM3Jack Lloyd2017-06-301-81/+25
|\ \ \
| * | | Cleanups in SM3 codeJack Lloyd2017-06-291-81/+25
| |/ / | | | | | | | | | | | | | | | | | | | | | T[] variable is actually a constant, so precompute it in SM3_TJ W1 expansion is very simple and can just be done inline. Somewhat faster on my machine.
* | | Merge GH #1099 Update BSI policyJack Lloyd2017-06-301-0/+3
|\ \ \ | |_|/ |/| |