aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * | Explicitly number all Certificate_Status_Code enum valuesJack Lloyd2016-11-232-25/+146
| | | | | | | | | | | | Add a to_string function for this type.
| * | Somewhat better errors in HTTPJack Lloyd2016-11-231-5/+9
| | |
| * | Add final_stdvecJack Lloyd2016-11-231-0/+7
| | | | | | | | | | | | Horrible name, useful function
* | | Correct XMSS crash when a hash was disabledJack Lloyd2016-11-254-12/+20
| | | | | | | | | | | | Require SHA-256 in XMSS since that is mandatory for the index registry.
* | | Update relnotesJack Lloyd2016-11-251-3/+14
| | | | | | | | | | | | [ci skip]
* | | Easy testJack Lloyd2016-11-251-0/+1
| | |
* | | Make XMSS more friendly about invalid params.Jack Lloyd2016-11-257-35/+70
| | | | | | | | | | | | | | | | | | Previously just throw an exception from map.at Add an XMSS keygen test, and add default params for create_private_key
* | | Add a couple more workfactor testsJack Lloyd2016-11-251-0/+6
| | | | | | | | | | | | [ci skip]
* | | Add a test of TLS::Alert::type_stringJack Lloyd2016-11-251-5/+61
| | |
* | | Simplify TLS::Ciphersuite::cbc_ciphersuiteJack Lloyd2016-11-251-3/+1
| | | | | | | | | | | | With RC4 removed, anything that is not AEAD is CBC
* | | Simplify TLS::Handshake_Hash::updateJack Lloyd2016-11-251-9/+5
| | | | | | | | | | | | The lambda here wasn't really required.
* | | Merge GH #737 Remove dead stores in SSE2 ChaCha codeJack Lloyd2016-11-251-6/+3
|\ \ \
| * | | Fix dead stores in chacha_sse2_x4Never2016-11-251-6/+3
| | | |
* | | | Avoid unneeded code - previous conditionals handle these casesJack Lloyd2016-11-251-8/+0
| | | |
* | | | Merge GH #736 Add SHAKE support to XMSSJack Lloyd2016-11-257-102/+222
|\ \ \ \
| * | | | Adds SHAKE support for XMSSMatthias Gierlings2016-11-257-102/+222
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | - Enables code for shake support - Creating SHAKE hash function by name now allows to select output size of 256 Bit for SHAKE128 and 512 Bit for SHAKE256. - Adds *self-generated*, unverified test vectors for XMSS/SHAKE.
* / / / Avoid having source files start with /**Jack Lloyd2016-11-2545-46/+46
|/ / / | | | | | | | | | | | | | | | | | | This caused Doxygen to dump the copyright notices for those files into the Botan namespace description, which is not helpful. [ci skip]
* | | Fuzzer cleanup, no need for setup script anymoreJack Lloyd2016-11-226-54/+57
| | | | | | | | | | | | | | | | | | Makefile does all the things [ci skip]
* | | Add missing macro check in testJack Lloyd2016-11-221-0/+2
| | |
* | | Fix memory leak in HKDFJack Lloyd2016-11-221-1/+1
| | |
* | | Move Sonar config to build-dataJack Lloyd2016-11-222-0/+2
| | | | | | | | | | | | | | | No actual reason for it to be in the root dir, only Sonar needs it, so just copy it to the root dir before starting.
* | | Add tests for PK work factor functionsJack Lloyd2016-11-222-0/+82
| | | | | | | | | | | | Expected results are just what it generated on my machine.
* | | Merge GH #734 Export work factor functionsJack Lloyd2016-11-221-4/+4
|\ \ \ | |/ / |/| |
| * | Export work factor functionsRené Korthaus2016-11-221-4/+4
|/ / | | | | | | | | | | | | Now that users can implement custom PK ops via Private_Key and Public_Key outside the library, it makes very much sense to provide the work factor functions to them.
* | Add policy file for TLS client testingJack Lloyd2016-11-211-0/+19
| | | | | | | | [ci skip]
* | Add warning to OID script outputJack Lloyd2016-11-212-1/+10
| | | | | | | | [ci skip]
* | Add timeouts to TLS scanner [ci skip]Jack Lloyd2016-11-212-4/+17
| |
* | Fix doc of get_processor_timestamp [ci skip]Jack Lloyd2016-11-211-4/+10
| |
* | Update relnotes [ci skip]Jack Lloyd2016-11-201-5/+12
| |
* | Merge GH #733 Add timing test suiteJack Lloyd2016-11-2016-0/+589
|\ \
| * | Timing test suite needs to have TLS CBC functionality accessibleJuraj Somorovsky2016-11-201-1/+1
| | |
| * | Timing test suite with the mona timing libraryJuraj Somorovsky2016-11-2016-0/+589
| | |
* | | Merge GH #732 TLS-Attacker tests and fuzzerJack Lloyd2016-11-209-21/+175
|\ \ \ | |/ / |/| |
| * | TLS-Attacker testsuite and fuzzingJuraj Somorovsky2016-11-197-0/+143
| | |
| * | TLS CBC functionality now exposed to the library developer. Useful for ↵Juraj Somorovsky2016-11-192-21/+32
|/ / | | | | | | | | | | direct TLS CBC testing. CLI TLS server now catches an exception if an invalid connection is received (Otherwise, the server always stopped working)
* | Merge GH #731 Add CLI docsJack Lloyd2016-11-193-12/+165
|\ \ | | | | | | | | | [ci skip]
| * | Minor changes and fixesJuraj Somorovsky2016-11-191-19/+23
| | |
| * | added CLI sectionNever2016-11-173-12/+161
| | |
* | | Add brainpool test to TLSJack Lloyd2016-11-191-1/+3
| | |
* | | Update newsJack Lloyd2016-11-191-0/+10
| | |
* | | Order default TLS ECC curve preferences by performanceJack Lloyd2016-11-192-6/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Moves x25519 to the front for best by-default side channel resistance, and orders remaining NIST/BP curves by performance rather than size. That means putting P-521 before P-384, since P-521 is much faster at least in Botan (due to much simpler modular reduction for P-521 prime), and Brainpools to the end due to being quite slow (no fast reductions). All of the supported curves seem strong enough, and if someone can break P-256 they can probably break P-384 as well so there doesn't seem much advantage in preferring slower curves by default.
* | | Fix class vs struct declaration.Jack Lloyd2016-11-191-4/+6
| | | | | | | | | | | | | | | Recent Clang complains about forward decl as 'class X' when X was actually declared as a struct.
* | | Merge GH #729 Add CECPQ1 (x25519+NewHope) TLS ciphersuitesJack Lloyd2016-11-1919-46/+251
|\ \ \
| * | | Add CECPQ1 TLS ciphersuitesJack Lloyd2016-11-1719-46/+251
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Tested against BoringSSL (as client + server) and google.com (as client). Fix a stupid crashing bug in NewHope's BoringSSL mode. Remove unneeded error return from curve25519_donna - always returned 0. Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which means the default no-extra-configuration ciphersuite (for Botan client speaking to Botan server) is a ciphersuite which is both implemented in constant time on all platforms and (hopefully) provides post quantum security. Good Things.
* | | | Add key_constraints_to_string, GOST-34.10 cert handlingJack Lloyd2016-11-186-75/+127
| | | | | | | | | | | | | | | | Add some try/catch blocks to the X.509 tests, and use create_private_key API
* | | | Add X509_DN::emptyJack Lloyd2016-11-181-0/+2
| | | |
* | | | Don't force HMAC_DRBG to be enabledJack Lloyd2016-11-186-20/+27
| | | | | | | | | | | | | | | | | | | | No need to strictly require it, and some applications may only want system RNG or RDRAND.
* | | | Fix TLS testJack Lloyd2016-11-181-4/+4
|/ / / | | | | | | | | | | | | It is allowable to request the maximum length, just not more than it. Found after about 22K runs of the TLS tests.
* | | This range check was in the wrong directionJack Lloyd2016-11-171-1/+1
| | |
* | | Add OIDs for SHA-3 and SHA-3 signature algorithmsJack Lloyd2016-11-172-2/+77
| | | | | | | | | | | | | | | Also CCM OIDS, and SHA-384/SHA-512 DSA OIDs. All from NIST: http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-11 23:21:27 +0000