| Commit message (Collapse) | Author | Age | Files | Lines |
|\ |
|
| | |
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
| |
Was removed in 1.11.10, but reference here remained. GH #719
Update OpenSSL requirements - 1.0.0 and all older versions are EOL
[ci skip]
|
|
|
|
|
|
|
| |
This reverts commit 2ec08fa6b5fd270e50f8526c1c6dfaabfda66e02.
The Perl wrapper was removed as unmaintained, but nobody is likely
to maintain it if they don't know it exists.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Disables static RSA by default. The advantage here is twofold: enforcing forward
security and protecting TLS servers from oracle attacks since by default they
will never negotiate a suite which forces them to act as a decryption
oracle. Some applications/users may be forced to enable RSA in order to speak
with old or misconfigured peers, but these can be the exception not the default.
Disable DSA and CCM-8 by default: if you need to enable these things, you know it.
Adds TLS policy hooks to enforce DSA key sizes, default 2048 bits.
Remove an incorrect warning about DTLS in the manual; the sequence number window
check prevents this scenario from occuring.
|
|
|
|
| |
[ci skip]
|
|\ |
|
| |
| |
| |
| |
| | |
Client interops with google.com, server not tested against an
independent client yet.
|
|/
|
|
| |
Fix various doc building problems/warnings.
|
| |
|
|
|
|
|
|
| |
This command got lost somewhere along the way.
[ci skip]
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The Cipher_Mode::update API is more general than needed to just
support ciphers (this is due to it previously being an API of
Transform which before 8b85b780515 was Cipher_Mode's base class)
Define a less general interface `process` which either processes the
blocks in-place, producing exactly as much output as there was input,
or (SIV/CCM case) saves the entire message for processing in `finish`.
These two uses cover all current or anticipated cipher modes.
Leaves `update` for compatability with existing callers; all that is
needed is an inline function forwarding to `process`.
Removes the return type from `start` - in all cipher implementations,
this always returned an empty vector.
Adds BOTAN_ARG_CHECK macro; right now BOTAN_ASSERT is being used
for argument checking in some places, which is not right at all.
|
|/
|
|
| |
[ci skip]
|
|\ |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make TLS::Channel::m_callbacks a reference, so deriving from TLS::Callbacks works
Split out the compat (std::function) based interface to Compat_Callbacks.
This avoids the overhead of empty std::functions when using the virtual
interface, and ensures the virtual interface works since there is no
callback path that does not involve a vtable lookup.
Rename the TLS::Callback functions. Since the idea is that often an owning
class will pass *this as the callbacks argument, it is good to namespace
the virtual functions so as not to conflict with other names chosen by
the class. Specifically, prefixes all cb functions with tls_
Revert changes to use the old style alert callback (with no longer used data/len
params) so no API changes are required for old code. The new Callbacks interface
continues to just receive the alert code itself.
Switch to virtual function interface in CLI tls_client for testing.
Inline tls_server_handshake_state.h - only used in tls_server.cpp
Fix tests - test looked like it was creating a new client object but it
was not actually being used. And when enabled, it failed because the queues
were not being emptied in between. So, fix that.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handles fork checking for HMAC_RNG and HMAC_DRBG
AutoSeeded_RNG change - switch to HMAC_DRBG as default.
Start removing the io buffer from entropy poller.
Update default RNG poll bits to 256.
Fix McEliece test, was using wrong RNG API.
Update docs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With sufficient squinting, Transform provided an abstract base
interface that covered both cipher modes and compression algorithms.
However it mapped on neither of them particularly well. In addition
this API had the same problem that has made me dislike the Pipe/Filter
API: given a Transform&, what does it do when you put bits in? Maybe
it encrypts. Maybe it compresses. It's a floor wax and a dessert topping!
Currently the Cipher_Mode interface is left mostly unchanged, with the
APIs previously on Transform just moved down the type hierarchy. I
think there are some definite improvements possible here, wrt handling
of in-place encryption, but left for a later commit.
The compression API is split into two types, Compression_Algorithm and
Decompression_Algorithm. Compression_Algorithm's start() call takes
the compression level, allowing varying compressions with a single
object. And flushing the compression state is moved to a bool param on
`Compression_Algorithm::update`. All the nonsense WRT compression
algorithms having zero length nonces, input granularity rules, etc
as a result of using the Transform interface goes away.
|
|
|
|
|
|
|
| |
Fixes GH #460
Closes GH #474
[ci skip]
|
|
|
|
|
|
|
|
|
| |
Remove support for weak ECC curves (anything under P-256) from TLS.
This includes secp256k1 since we don't take advantage of the special
form for any performance advantage; might as well use P-256.
The manual still mentioned that it was possible to use MD5 in
Policy::allowed_macs, but all HMAC-MD5 suites are already removed.
|
| |
|
|
|
|
| |
[ci skip]
|
|
|
| |
When building for iOS, you want to build for all three architectures, so you can run your app on an iOS device and on the simulator.
|
|
|
|
| |
[ci skip]
|
| |
|
|
|
|
|
|
| |
Closes #356.
[ci skip]
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a bug which rejected any short server key exchanges. These can
occur with a plain PSK with short or empty identity hints.
Disable SHA-224 by default.
Remove some vestigal RC4 cruft.
Push more on the TLS corruption tests.
|
|\
| |
| | |
TLS improvements
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use constant time operations when checking CBC padding in TLS decryption
Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes
from working: on decode the session id and hello cookie would be
swapped, causing confusion between client and server.
Various changes in the service of finding the above DTLS bug that
should have been done before now anyway - better control of handshake
timeouts (via TLS::Policy), better reporting of handshake state in the
case of an error, and finally expose the facility for per-message
application callbacks.
|
| |
| |
| |
| | |
[ci skip]
|
| |
| |
| |
| | |
[ci skip]
|
| |
| |
| |
| |
| |
| | |
Confirm http://sphinx-doc.org/domains.html#directive-cpp:enum-struct
[ci skip]
|
| |
| |
| |
| | |
[ci skip]
|
|/
|
|
| |
[ci skip]
|
|
|
|
|
| |
but the meaning of the option is probably easier to understand with
this name.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove and consolidate various headers
Reduce memory usage of GF2m_Field by sharing the log and exponent
tables across all instances of a particular word size.
Remove McEliece_Public_Operation and McEliece_Private_Operation which
were difficult to use safely. Instead only the KEM operations are exposed.
Add McEliece_PublicKey::random_plaintext_element
Add command line `mce` tool and some McEliece documentation
Convert the speed program to check McEliece keys of the suggested size
Add McEliece KATs for both key generation and KEM
Fix HMAC_DRBG constructor which derefed a pointer before its time
|
| |
|
|
|
|
|
| |
When building for iOS with clang, the C++ standard library
must be set to libc++ instead of libstdc++.
|
|
|
|
| |
LibraryInitializer, PK filters, Algorithm base class, PGP S2K
|
|
|
|
| |
[ci skip]
|
|
|
|
| |
Thanks to @vlajos https://github.com/vlajos/misspell_fixer
|
|
|
|
| |
[ci skip]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Merge the website index, download page, algo page into the readme file
so all the important information is in one place. The readme.rst is now
also used as the website landing page.
Remove the website target on the makefile, replaced by website.sh,
since I'm the only one who ever needs to run this.
Fix various ReST formatting bugs in news.rst and the manual
Remove the old build_log which hasn't been touched in years and
refers entirely to compilers which we don't support anymore.
|
| |
|
| |
|
| |
|