aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add missing overridesJack Lloyd2017-06-081-2/+2
|
* Ed25519 FFIJack Lloyd2017-06-082-0/+104
|
* Disable Ed25519 under Visual C++Jack Lloyd2017-06-081-0/+7
| | | | Miscompiles on x86-32, even with VS2017
* Fix inverted conditionalJack Lloyd2017-06-081-1/+1
|
* Avoid move operators in MSVC2013Jack Lloyd2017-06-071-2/+6
|
* Workaround unique_ptr conversion problem with old clangJack Lloyd2017-06-071-1/+1
|
* Update speedJack Lloyd2017-06-071-0/+29
|
* Add Ed25519 key type and testsJack Lloyd2017-06-078-25/+3733
| | | | This work was sponsored by Ribose Inc
* Add Ed25519 implementation based on SUPERCOP ref10Jack Lloyd2017-06-079-0/+4379
| | | | This work was sponsored by Ribose Inc
* Merge GH #1064 Use binary IO for output filesJack Lloyd2017-06-072-4/+4
|\
| * Fix missing binary mode flag on compression ofstreamsVolker Aßmann2017-06-062-4/+4
| |
* | Merge GH #1063 Use binary file IO in compress utilJack Lloyd2017-06-051-2/+2
|\|
| * Added std::ios::binary option for istream open in compression. WithoutVolker Aßmann2017-06-051-2/+2
|/ | | | | this the compress/uncompress methods may produce corrupted files on Windows.
* Add --ecc-groups= option to speedJack Lloyd2017-06-041-37/+41
| | | | Instead of hardcoding which ecc groups to test in each alg.
* Add basic test for TPM UUID classJack Lloyd2017-06-042-3/+32
| | | | Constify some member functions
* Correct failure when renegotiating with old serverJack Lloyd2017-06-041-1/+1
| | | | | | | | | | | | | | | | When renegotiating the client checks that the server hasn't changed its mind about supporting the renegotiation extension (this is a likely indicator of an attack). However due to a typo the client was actually comparing the value in the client hello of the first handshake against the server hello in the renegotiation handshake. Since Botan always sends the renegotiation extension, this would cause the check to fail when renegotiating with an old server that doesn't support the renegotiation extension. Reported on mailing list by Falko Strenzke. Tested patch against OpenSSL 0.9.8k
* Add FFI func botan_scrub_memJack Lloyd2017-05-293-0/+16
|
* Avoid infinite loop in PGP-S2KJack Lloyd2017-05-292-5/+16
| | | | | | | | In simple mode (no salt) with an empty password the input buffer is empty. Add a check that salt is not empty if iterations > 1 since PGP only has simple, salted, and iterated+salted modes.
* Merge GH #1060 Add PGP-S2KJack Lloyd2017-05-286-2/+285
|\
| * Document that timed calibration is not available for PGP-S2KJack Lloyd2017-05-272-11/+51
| | | | | | | | | | | | Made a try at implementing it but its a huge pain due to the combination of the iteration count being the byte count and that we have to end on exactly an encodable iteration count.
| * Add (back) OpenPGP-S2KJack Lloyd2017-05-276-2/+245
|/ | | | | | | | | | | | | It was removed somewhere along the line in 1.11, with the logic that it is a funky PGP-specific scheme and (quoting the commit that removed it) "not really useful outside of a full PGP implementation". This assumed that the PGP implementation would be in Botan itself, but PGP is implemented in https://github.com/evpo/EncryptPad/ (which is a PGP implementation using 1.10), and RNP (https://github.com/riboseinc/rnp) would like to use it also. This work was sponsored by Ribose Inc (@riboseinc).
* Merge GH #1059 Add botan_hash_copy_state FFI functionJack Lloyd2017-05-264-0/+38
|\
| * Add botan_hash_copy_state FFI function.Daniel Wyatt2017-05-254-0/+38
|/
* Merge GH #1058 Fix for LibreSSLJack Lloyd2017-05-244-7/+7
|\
| * Make Botan compile with LibreSSL again.Alexander Bluhm2017-05-244-7/+7
|/ | | | | | Add some #ifdef LIBRESSL_VERSION_NUMBER in addition to the OPENSSL_VERSION_NUMBER switch. Narrow down API compatiblity between LibreSSL and OpenSSL version in docs.
* Update newsJack Lloyd2017-05-221-1/+23
| | | | [ci skip]
* Merge GH #1056 Add HashFunction::copy_state and port to OpenSSL 1.1.0Jack Lloyd2017-05-2247-75/+341
|\
| * Add copy_state to OpenSSL hash functions, and port to OpenSSL 1.1.0Jack Lloyd2017-05-225-74/+130
| |
| * Fix for old GCC and ClangJack Lloyd2017-05-222-2/+2
| | | | | | | | | | They don't understand unique_ptr<Derived> to unique_ptr<Base> without help https://stackoverflow.com/questions/22018115/converting-stdunique-ptrderived-to-stdunique-ptrbase
| * Add HashFunction::copy_stateJack Lloyd2017-05-2242-1/+186
| | | | | | | | See GH #1037
* | Merge GH #1054 Add HOTP and TOTP algorithmsJack Lloyd2017-05-2211-0/+592
|\ \
| * | Doc and 32-bit build fixesJack Lloyd2017-05-223-7/+11
| | |
| * | Add HOTP (RFC 4226) and TOTP (RFC 6238)Jack Lloyd2017-05-1910-0/+588
| | |
* | | Merge GH #1055 Add fallback RNG for the testsJack Lloyd2017-05-221-0/+37
|\ \ \
| * | | Add a bogus fallback RNG for the testsJack Lloyd2017-05-211-0/+37
| | | | | | | | | | | | | | | | This allows all tests to run even if no RNG type enabled in the build
* | | | Merge GH #844 Add support for ARMv8 SHA instructionsJack Lloyd2017-05-2212-52/+890
|\ \ \ \ | |_|_|/ |/| | |
| * | | Disable ARMv8 SHA extensions on 32-bitJack Lloyd2017-05-222-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Works everywhere but Apple Clang. Could handle this with a hack to configure but running ARMv8 in 32-bit mode is rare and suboptimal, and it would be better to deal with this using compile-time feature detection.
| * | | Change SHA-2 to use a single convention for CPU extnJack Lloyd2017-05-203-9/+8
| | | |
| * | | Set minimum compiler versions for ARMv8 SHA intrinsicsJack Lloyd2017-05-202-0/+10
| | | |
| * | | Small cleanups for ARM SHA codeJack Lloyd2017-05-205-16/+411
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix for new define syntax, remove old style casts. Add some randomly generated longer SHA-256 vectors, previously had precisely zero multiblock tests.
| * | | Add SHA-256 using ARMv8 instructionsJack Lloyd2017-05-207-43/+255
| | | | | | | | | | | | | | | | Based on patch from Jeffrey Walton in GH #841
| * | | Add ARMv8 SHA-1 supportJack Lloyd2017-05-204-0/+222
| |/ / | | | | | | | | | | | | | | | Based on patch from Jeffrey Walton in GH #840 Only tested in qemu so far.
* | | Merge GH #1053 Fix path length constraint checking (GH #991)Jack Lloyd2017-05-2114-5/+310
|\ \ \ | |/ / |/| |
| * | fix pathLenConstraint validationDaniel Neus2017-05-1914-5/+310
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes GH #991 The problem with the current implementation of the chain validation code is that is runs from the end certificate to the trust cert. @securitykernel and me tried to fix the pathLenConstraint validation within this reverse loop but we were not sure if we missed some edge cases. So we felt safer to use the algorithm listed in RFC 5280 which executes from the top to the bottom. It's probably best to rewrite the code to use the whole algorithm from RFC 5280, i.e. validating the chain from the trust to the end cert. Additionally, we wrote some tests including the one that raised this issue initially.
* | | Fix warningsJack Lloyd2017-05-192-3/+3
| |/ |/|
* | Fixes for MSVC version detectionJack Lloyd2017-05-192-10/+24
| | | | | | | | | | See comments in https://github.com/randombit/botan/commit/7f019174bfcf3c2b31bda74fe40ce35727db1cef
* | Merge GH #826 Add support for Intel SHA instructionsJack Lloyd2017-05-1913-2/+485
|\ \
| * | Set minimum compiler versions for SHA intrinsicsJack Lloyd2017-05-192-0/+12
| | |
| * | Add support for Intel SHA-1/SHA-2 instructionsJack Lloyd2017-05-1913-2/+473
| | | | | | | | | | | | Based on GH #807 and #808
* | | Add SM3 OIDs and PKCSv1.5 hash prefixJack Lloyd2017-05-193-1/+16
| | |