Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add gzip compression transform and compress command line prog. | lloyd | 2014-11-19 | 1 | -0/+5 |
| | |||||
* | Fix warnings in Altivec header and add AltiVec detection for POWER8 | lloyd | 2014-11-16 | 1 | -0/+2 |
| | |||||
* | Add some util functions for timing attack countermeasures from Falko | lloyd | 2014-11-15 | 1 | -1/+1 |
| | |||||
* | A TLS Server can now process either TLS or DTLS but not either, | lloyd | 2014-11-15 | 2 | -25/+38 |
| | | | | | with the setting set in the constructor. This prevents various surprising things from happening to applications and simplifies record processing. | ||||
* | Fix relnotes index title | lloyd | 2014-11-15 | 1 | -0/+4 |
| | |||||
* | Update relnotes | lloyd | 2014-11-15 | 1 | -0/+15 |
| | |||||
* | Replace Transformatio::nstart with start_raw so we can do a full set | lloyd | 2014-11-05 | 1 | -1/+1 |
| | | | | of overloads in the base class with the same name. | ||||
* | Various small fixes and cleanups, new is_prime util | lloyd | 2014-11-03 | 1 | -0/+8 |
| | |||||
* | Add TLS fallback signalling (draft-ietf-tls-downgrade-scsv-00) | lloyd | 2014-10-31 | 1 | -0/+6 |
| | |||||
* | Correct documentation | lloyd | 2014-10-14 | 1 | -1/+1 |
| | |||||
* | Some documentation updates WRT DTLS and X.509 cert path processing | lloyd | 2014-10-06 | 2 | -25/+100 |
| | |||||
* | Fix decoding indefinite length BER constructs that contain a context | lloyd | 2014-09-27 | 1 | -0/+3 |
| | | | | sensitive tag of zero. Github pull 26 from Janusz Chorko. | ||||
* | Correct CCM for L != 2. Bugzilla 270 | lloyd | 2014-05-16 | 1 | -0/+5 |
| | |||||
* | Any fixed MR iterations is probably wrong for somebody. Allow the user | lloyd | 2014-04-25 | 2 | -11/+22 |
| | | | | | | to specify a probability as well as if n was randomly chosen or not. If the input is random use a better bounds to reduce the number of needed tests. | ||||
* | Doc fix | lloyd | 2014-04-16 | 1 | -1/+1 |
| | |||||
* | Use 20 Miller-Rabin iterations regardless of the size of the integer. This | lloyd | 2014-04-13 | 1 | -0/+5 |
| | | | | | provides a much better worst-case error bound. Also take the nonce from anywhere in the usable range rather than limiting the bit size. | ||||
* | Deindent to avoid github mangling | lloyd | 2014-04-13 | 1 | -36/+34 |
| | |||||
* | Update release note pointers1.11.9 | lloyd | 2014-04-10 | 2 | -6/+8 |
| | |||||
* | Add 1.10.8 release notes | lloyd | 2014-04-10 | 1 | -0/+12 |
| | |||||
* | Fix a bug in Miller-Rabin primality testing introduced in 1.8.3 | lloyd | 2014-04-10 | 1 | -1/+8 |
| | | | | | | | | where we chose a single random nonce and tested it repeatedly, rather than choosing new nonces each time. Reported by Jeff Marrison. Also remove a pointless comparison (also pointed out by Jeff) and add an initial test using a witness of 2. | ||||
* | X.509 path validation now performs all possible tests and returns a | lloyd | 2014-04-05 | 1 | -0/+9 |
| | | | | | | set of error codes, instead of failing immediately on first error. This prevents a 'weak' error like an expired certificate from hiding a major error such as signature validation failure or hard revocation. | ||||
* | Fix an OCSP response decoding bug, we were not decoding KeyID properly. | lloyd | 2014-04-05 | 1 | -0/+4 |
| | | | | | | | | Also prioritize checking the status code before the dates, as otherwise an attacker could substitue a valid but expired response which marked the cert as revoked and we would still just return OCSP_EXPIRED. Obviously they can still play this game with an old (valid) OCSP response, but no point making it easy. | ||||
* | Add RFC 6979 nonce generator. Also some HMAC_DRBG cleanups. | lloyd | 2014-03-22 | 1 | -0/+3 |
| | |||||
* | Add HMAC_DRBG | lloyd | 2014-03-21 | 1 | -0/+4 |
| | |||||
* | Use stdint.h instead of cstdint for Clang. Bugzilla 266 | lloyd | 2014-02-21 | 1 | -0/+3 |
| | |||||
* | Website tweaks | lloyd | 2014-02-19 | 4 | -22/+28 |
| | |||||
* | Transformation_Filter calls send() inside of start_msg() which means | lloyd | 2014-02-17 | 1 | -0/+4 |
| | | | | | | | | | | that any filters which follow in the pipe will get write() called on them before start_msg(), causing confusion and/or crashes. This patch fixes it for the case when start() returns an empty vector which covers all current use cases. I'll have to figure out another approach for the general case (or decide the general case isn't worth supporting and remove the return value from start). | ||||
* | Don't assume the leading cert chain is presented in-order | lloyd | 2014-02-16 | 1 | -0/+3 |
| | |||||
* | Tick version to 1.11.9 | lloyd | 2014-02-15 | 1 | -0/+2 |
| | |||||
* | Website tweaks | lloyd | 2014-02-15 | 2 | -28/+28 |
| | |||||
* | Release 1.11.81.11.8 | lloyd | 2014-02-14 | 3 | -8/+24 |
| | |||||
* | Fix minimized builds. Patch by Markus Wanner sent to botan-devel | lloyd | 2014-02-08 | 2 | -1/+4 |
| | |||||
* | Fix a bug introduced in 1.11.6 where we tried to check CRL signatures | lloyd | 2014-02-08 | 3 | -3/+4 |
| | | | | | | against the wrong key, causing any check to fail. Clean up the NIST X.509 path validation tests and run them by default. | ||||
* | Install command line app | lloyd | 2014-02-08 | 1 | -0/+3 |
| | |||||
* | Remove Square, Skipjack, Luby-Rackoff, and Blue Midnight Wish. | lloyd | 2014-02-08 | 2 | -4/+8 |
| | |||||
* | Have Skein call Threefish, rather than duplicating the code. | lloyd | 2014-02-08 | 1 | -2/+8 |
| | |||||
* | Resurrect algos.rst | lloyd | 2014-02-08 | 3 | -7/+111 |
| | |||||
* | Simplify | lloyd | 2014-01-31 | 1 | -11/+1 |
| | |||||
* | Add ChaCha | lloyd | 2014-01-31 | 1 | -0/+12 |
| | |||||
* | Link to instructions for Android by Daniel Seither | lloyd | 2014-01-23 | 1 | -5/+2 |
| | |||||
* | Fix binary names | lloyd | 2014-01-20 | 1 | -6/+6 |
| | |||||
* | Fix Skein_512::clear | lloyd | 2014-01-18 | 1 | -0/+5 |
| | |||||
* | Remove PBES1 entirely | lloyd | 2014-01-18 | 1 | -0/+5 |
| | |||||
* | Website tweaks. Rename TLS suite script options. | lloyd | 2014-01-11 | 5 | -26/+34 |
| | |||||
* | Fix link. Release 1.11.71.11.7 | lloyd | 2014-01-10 | 3 | -5/+6 |
| | |||||
* | Split up docs into the reference manual, the website, and everything else. | lloyd | 2014-01-10 | 41 | -315/+196 |
| | | | | | | | | | | | Add `website` target to makefile. Some progress towards fixing minimized builds. TLS now hard requires ECDSA and GCM since otherwise a minimized build has only insecure options. Remove boost_thread dependency in command line tool | ||||
* | Move lib into src | lloyd | 2014-01-10 | 1 | -5/+0 |
| | |||||
* | Split up test vectors into per-algo files and app into botan-test for | lloyd | 2014-01-10 | 3 | -75/+70 |
| | | | | the tests and botan for everything else. | ||||
* | Move python to src, add to main makefile | lloyd | 2014-01-07 | 1 | -15/+8 |
| | |||||
* | Fix qca links | lloyd | 2014-01-07 | 1 | -2/+3 |
| |