aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add armv7a as known alias for 32-bit ARM (GH #2540)Jack Lloyd2020-12-111-0/+1
|
* Merge GH #2539 Build unversioned shared objects on AndroidJack Lloyd2020-12-104-6/+13
|\
| * Fix building Android shared objectJack Lloyd2020-12-094-6/+13
| | | | | | | | Fixes #2502
* | Merge GH #2538 Add BoringSSL SSLv3 testsJack Lloyd2020-12-103-9/+6
|\ \
| * | Enable BoringSSL SSLv3 testsJack Lloyd2020-12-093-9/+6
| |/ | | | | | | | | | | Previously these tested SSLv3 functionality but now BoringSSL has also removed SSLv3 so the remaining test is just to confirm that SSLv3 can't be negotiated.
* / TLS SEED support is gone now [ci skip]Jack Lloyd2020-12-091-2/+2
|/
* Merge GH #2536 Update the BoringSSL test suiteJack Lloyd2020-12-0512-42/+98
|\
| * Update the BoringSSL runner and update the shimJack Lloyd2020-12-0512-42/+98
|/ | | | | | | Notable changes are checking if a message is sent past a flight boundary, and some new policy logic to distinguish between signature algorithms that we will accept and signature algorithms which we are willing to use ourselves.
* Merge GH #2535 SHA-2 SHA-NI/Aarch64 cleanupsJack Lloyd2020-12-052-199/+187
|\
| * Cleanups in the Aarch64 SHA-2 codeJack Lloyd2020-12-051-101/+88
| |
| * Clean up the SHA-2 x86 SHA-NI implementationJack Lloyd2020-12-051-98/+99
|/
* Fix #2525 for Pwdhash interfaceJack Lloyd2020-12-051-2/+2
|
* Update newsJack Lloyd2020-12-051-0/+3
|
* Merge GH #2534 Use smaller tables in Camellia, SEED, ARIA and DESJack Lloyd2020-12-058-1568/+668
|\
| * Remove cast_sboxes.hJack Lloyd2020-12-042-199/+181
| | | | | | | | | | This was only in a header as these Sboxes were shared with CAST-256, which has been removed.
| * Combine the DES tables into oneJack Lloyd2020-12-041-30/+17
| | | | | | | | Saves several cycles per byte
| * Simplify Camellia key schedule a bitJack Lloyd2020-12-041-25/+29
| |
| * Use smaller tables for DESJack Lloyd2020-12-043-389/+121
| | | | | | | | Saves 6K, minimal performance impact
| * Use smaller tables in Camellia, ARIA, and SEEDJack Lloyd2020-12-043-955/+350
|/ | | | | | | | This saves 15K in Camellia, 3K in ARIA and 3.5K in SEED, at the cost of somewhat slower implementation. ARIA and SEED see the worst hit because they never made any attempt at lessening impact of a cache based side channel. Camellia did, and the new implementation is much faster than the previous F_SLOW so perf impact there is minimal.
* Merge GH #2532 Add arm32 and s390x builds back to Travis CIJack Lloyd2020-12-044-10/+22
|\
| * Update docsJack Lloyd2020-12-021-1/+9
| |
| * Add back arm32 and s390x builds to TravisJack Lloyd2020-12-023-9/+13
| |
* | Merge GH #2531 Improve installation checksJack Lloyd2020-12-045-60/+101
|\ \ | |/ |/|
| * Improve checks and avoid hard-coding the major version numberJack Lloyd2020-12-032-4/+16
| |
| * Improve CI tests of the install targetJack Lloyd2020-12-025-60/+89
|/ | | | | | | | | | Verify we install exactly the includes we expect Verify we install at least one library that looks like our name. (This check could be tightened) Change the install target to take all values via the build_config.json instead of reflecting them through the makefile.
* Merge GH #2350 Add a test that install target does somethingJack Lloyd2020-12-014-8/+66
|\
| * the linter is quite rightHannes Rantzsch2020-12-011-2/+2
| |
| * CI: validate installation after running make installHannes Rantzsch2020-12-014-8/+66
|/ | | | See https://github.com/randombit/botan/pull/2526 for details
* Merge GH #2529 Export list of includes into build_config.jsonJack Lloyd2020-12-012-13/+15
|\
| * Export the list of headers into build_config.jsonJack Lloyd2020-12-012-13/+15
| | | | | | | | Then the install target can use that instead of listdir
* | Remove ULL suffixesJack Lloyd2020-12-014-803/+803
|/ | | | Not required anymore
* Merge GH #2527 Add some more BLAKE2b MAC test vectorsJack Lloyd2020-12-011-0/+39
|\
| * Some more blake2b mac test vectors from Linux kernel.Tom2020-11-301-0/+39
| | | | | | | | https://raw.githubusercontent.com/torvalds/linux/master/crypto/testmgr.h
* | Switch MAC vs HMAC preference in KDF and PBKDF2Jack Lloyd2020-12-012-4/+4
| | | | | | | | | | | | | | | | Adding BLAKE2b as a MAC caused "PBKDF2(BLAKE2b)" to become interpreted as PBKDF2 with keyed BLAKE, instead of the previous interpretation of PBKDF2 with BLAKE2/HMAC. (And similarly for HKDF, etc) Fixes #2525
* | Fix syntax error in KDF docsJack Lloyd2020-12-011-2/+2
|/ | | | Fixes #2528
* Do not accept EC signatures when the public point is invalidJack Lloyd2020-11-304-2/+22
| | | | | | | | | | Force g*x+p*y to the point at infinity if g or p is not a valid point. This does not seem to be a security issue since if you can control the public point you can just use a regular key and sign whatever you like. Still, it's odd to accept anything here, and easy to prevent it. Found by CryptoFuzz reported offline by @guidovranken
* Add missing check for zero point during ECKCDSA verificationJack Lloyd2020-11-301-0/+2
|
* Make this comment easier to readJack Lloyd2020-11-301-1/+2
|
* Break complicated expression down into several statementsJack Lloyd2020-11-301-2/+6
|
* Add a couple more BLAKE2b MAC tests (from OpenSSL)Jack Lloyd2020-11-291-0/+11
|
* ReformatJack Lloyd2020-11-291-37/+38
|
* Update newsJack Lloyd2020-11-291-0/+2
|
* Merge GH #2524 Add support for keyed/MAC Blake2bJack Lloyd2020-11-297-5/+1225
|\
| * Add support for keyed Blake2b and also MAC via Blake2b.Tom2020-11-297-5/+1225
| |
* | Tighten up the check on feature macro datestampsJack Lloyd2020-11-291-1/+8
|/ | | | Should be YYYYMMDD make some attempt to check this.
* Update deprecatedJack Lloyd2020-11-281-1/+1
|
* Merge GH #2523 Remove KDF truncation behaviorJack Lloyd2020-11-2821-172/+236
|\
| * Remove the KDF truncation behaviorJack Lloyd2020-11-2821-172/+236
| | | | | | | | Closes GH #2347
* | Merge GH #2522 Avoid duplicated hash_for_emsa call in DSAJack Lloyd2020-11-282-10/+2
|\ \
| * | Avoid a duplicated call of hash_for_emsaJack Lloyd2020-11-282-10/+2
| | | | | | | | | | | | | | | We already invoke this in the PK_Signer superclass constructor so no need to repeat the work.