| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With sufficient squinting, Transform provided an abstract base
interface that covered both cipher modes and compression algorithms.
However it mapped on neither of them particularly well. In addition
this API had the same problem that has made me dislike the Pipe/Filter
API: given a Transform&, what does it do when you put bits in? Maybe
it encrypts. Maybe it compresses. It's a floor wax and a dessert topping!
Currently the Cipher_Mode interface is left mostly unchanged, with the
APIs previously on Transform just moved down the type hierarchy. I
think there are some definite improvements possible here, wrt handling
of in-place encryption, but left for a later commit.
The compression API is split into two types, Compression_Algorithm and
Decompression_Algorithm. Compression_Algorithm's start() call takes
the compression level, allowing varying compressions with a single
object. And flushing the compression state is moved to a bool param on
`Compression_Algorithm::update`. All the nonsense WRT compression
algorithms having zero length nonces, input granularity rules, etc
as a result of using the Transform interface goes away.
|
|
|
|
|
|
|
| |
Fixes GH #460
Closes GH #474
[ci skip]
|
|
|
|
|
|
|
|
|
| |
Remove support for weak ECC curves (anything under P-256) from TLS.
This includes secp256k1 since we don't take advantage of the special
form for any performance advantage; might as well use P-256.
The manual still mentioned that it was possible to use MD5 in
Policy::allowed_macs, but all HMAC-MD5 suites are already removed.
|
| |
|
|
|
|
| |
[ci skip]
|
|
|
| |
When building for iOS, you want to build for all three architectures, so you can run your app on an iOS device and on the simulator.
|
|
|
|
| |
[ci skip]
|
| |
|
|
|
|
|
|
| |
Closes #356.
[ci skip]
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a bug which rejected any short server key exchanges. These can
occur with a plain PSK with short or empty identity hints.
Disable SHA-224 by default.
Remove some vestigal RC4 cruft.
Push more on the TLS corruption tests.
|
|\
| |
| | |
TLS improvements
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use constant time operations when checking CBC padding in TLS decryption
Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes
from working: on decode the session id and hello cookie would be
swapped, causing confusion between client and server.
Various changes in the service of finding the above DTLS bug that
should have been done before now anyway - better control of handshake
timeouts (via TLS::Policy), better reporting of handshake state in the
case of an error, and finally expose the facility for per-message
application callbacks.
|
| |
| |
| |
| | |
[ci skip]
|
| |
| |
| |
| | |
[ci skip]
|
| |
| |
| |
| |
| |
| | |
Confirm http://sphinx-doc.org/domains.html#directive-cpp:enum-struct
[ci skip]
|
| |
| |
| |
| | |
[ci skip]
|
|/
|
|
| |
[ci skip]
|
|
|
|
|
| |
but the meaning of the option is probably easier to understand with
this name.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove and consolidate various headers
Reduce memory usage of GF2m_Field by sharing the log and exponent
tables across all instances of a particular word size.
Remove McEliece_Public_Operation and McEliece_Private_Operation which
were difficult to use safely. Instead only the KEM operations are exposed.
Add McEliece_PublicKey::random_plaintext_element
Add command line `mce` tool and some McEliece documentation
Convert the speed program to check McEliece keys of the suggested size
Add McEliece KATs for both key generation and KEM
Fix HMAC_DRBG constructor which derefed a pointer before its time
|
| |
|
|
|
|
|
| |
When building for iOS with clang, the C++ standard library
must be set to libc++ instead of libstdc++.
|
|
|
|
| |
LibraryInitializer, PK filters, Algorithm base class, PGP S2K
|
|
|
|
| |
[ci skip]
|
|
|
|
| |
Thanks to @vlajos https://github.com/vlajos/misspell_fixer
|
|
|
|
| |
[ci skip]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Merge the website index, download page, algo page into the readme file
so all the important information is in one place. The readme.rst is now
also used as the website landing page.
Remove the website target on the makefile, replaced by website.sh,
since I'm the only one who ever needs to run this.
Fix various ReST formatting bugs in news.rst and the manual
Remove the old build_log which hasn't been touched in years and
refers entirely to compilers which we don't support anymore.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Both from Uri B to mailing list.
|
| |
|
| |
|
|
|
|
| |
Initial very incomplete pass at error return value sanity.
|
|
|
|
|
|
|
|
|
|
|
|
| |
ctypes Python wrapper that uses it. The API is intentionally designed
to have a very simple ABI (extern "C", all structs are opaque, no
memory ownership passing the FFI boundary, limited set of simple types
as args) so the ctypes wrapper is quite simple.
Currently ffi provides ciphers, hashes, MACs, RNGs, PBKDF, KDF,
bcrypt, and most public key operations.
Remove the old boost.python wrapper and all the build code for it.
|
|
|
|
|
|
| |
notify the user when they are enabled.
Drop botan-config, replaced by `botan config` command added in 1.11.8
|
| |
|
| |
|
|
|
|
|
| |
and enable them in the default build, though still not enabled in the
runtime policy.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Github issue 27.
Refactor server hello handling to make it easier to handle other extensions.
The manual specified that 224 bit NIST primes were disabled by default
for TLS but they were not. Additionaly disable the 256k1 curve and
reorder the remaining curves by size.
Rewrite the max fragment length extension code to roughly what an
ideal compiler would have turned the original code into, using a
switch instead of a lookup into a small constant std::map.
|
| |
|
| |
|
| |
|
|
|
|
| |
wire record being created more clear.
|
|
|
|
|
| |
with the setting set in the constructor. This prevents various surprising
things from happening to applications and simplifies record processing.
|
|
|
|
| |
of overloads in the base class with the same name.
|