| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Tested for ARM only under qemu-aarch64, need to check hardware before merging.
Changes x86 CPUID bitmasks which does break ABI for 2.1, no API implications.
|
|
|
|
|
|
| |
Already pkg-config had this, was missed in GH #802
See also GH #830
|
|\ |
|
| | |
|
|/ |
|
|\
| |
| |
| | |
[ci skip]
|
| |
| |
| |
| |
| |
| |
| | |
Move some text and change some headers to look better with how rtd
theme formats the table of contents.
GH #822
|
|/
|
|
|
|
|
|
| |
Fixes a test problem on Cygwin.
GH #824
[ci skip]
|
|
|
|
|
|
| |
Based on compiling on AIX 7.1
[ci skip]
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Cleans up so object naming since most of the time (across Unix)
we follow the exact same naming scheme; just make it the default
if only the so suffix is specified in the file.
Also updates include header dir to be botan-${major}
Changes behavior when shared lib not supported; instead of making
the user explicitly try again with --disable-shared, just assume it
and continue running.
|
| |
| |
| |
| | |
these don't exist anymore
|
|\ \ |
|
| |/
| |
| |
| | |
Just my best reckoning of what is NIST approved, may have errors.
|
|/ |
|
| |
|
|
|
|
| |
[ci skip]
|
|
|
|
| |
[ci skip]
|
|
|
|
|
|
|
| |
Not a good thing to offer at this level. If you know what you
are doing for the strange special case where it is necessary,
the raw BlockCipher interface is available and probably more
convenient.
|
|
|
|
|
|
|
| |
- Moves SHAKE to prohibited algorithms
- Catches an error during XMSS private key generation when SHAKE is disabled.
This should not be reported as error by the test bench since [SHAKE is
optional in XMSS](https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-07#section-5)
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
All this is just standard C that the user should not touch, so it doesn't
really make sense to have it in the build.h template file.
Remove BOTAN_TARGET_CPU_HAS_KNOWN_ENDIANESS - only used twice (in loadstor.h)
and that code is clearer without it.
|
| |
|
|
|
|
|
|
| |
- Added GMAC to list of supported MAC algorithms in readme.rst
- Updated module policy to prevent CI crash
- Added myself to credits.rst
|
|
|
|
|
| |
No actual reason for it to be in the root dir, only Sonar needs it,
so just copy it to the root dir before starting.
|
|
|
|
| |
Add some try/catch blocks to the X.509 tests, and use create_private_key API
|
|
|
|
|
| |
Also CCM OIDS, and SHA-384/SHA-512 DSA OIDs. All from NIST:
http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[1] XMSS: Extended Hash-Based Signatures,
draft-itrf-cfrg-xmss-hash-based-signatures-06
Release: July 2016.
https://datatracker.ietf.org/doc/
draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1
Provides XMSS_PublicKey and XMSS_PrivateKey classes as well as implementations
for the Botan interfaces PK_Ops::Signature and PK_Ops::Verification. XMSS has
been integrated into the Botan test bench, signature generation and verification
can be tested independently by invoking "botan-test xmss_sign" and
"botan-test xmss_verify"
- Some headers that are not required to be exposed to users of the library have
to be declared as public in `info.txt`. Declaring those headers private will
cause the amalgamation build to fail. The following headers have been
declared public inside `info.txt`, even though they are only intended for
internal use:
* atomic.h
* xmss_hash.h
* xmss_index_registry.h
* xmss_address.h
* xmss_common_ops.h
* xmss_tools.h
* xmss_wots_parameters.h
* xmss_wots_privatekey.h
* xmss_wots_publickey.h
- XMSS_Verification_Operation Requires the "randomness" parameter out of the
XMSS signature. "Randomness" is part of the prefix that is hashed *before*
the message. Since the signature is unknown till sign() is called, all
message content has to be buffered. For large messages this can be
inconvenient or impossible.
**Possible solution**: Change PK_Ops::Verification interface to take
the signature as constructor argument, and provide a setter method to be able
to update reuse the instance on multiple signatures. Make sign a parameterless
member call. This solution requires interface changes in botan.
**Suggested workaround** for signing large messages is to not sign the message
itself, but to precompute the message hash manually using Botan::HashFunctio
and sign the message hash instead of the message itself.
- Some of the available test vectors for the XMSS signature verification have
been commented out in order to reduce testbench runtime.
|
|
|
|
| |
Only works for GCC and Clang
|
|
|
|
| |
[ci skip]
|
|
|
|
|
|
| |
One additional, application-specific curve can be added
at compile time, using the new
configure.py --house-curve=curve.pem,funky311,1.2.3.4,FEFF.
|
|
|
|
|
|
|
| |
Have the /proc setting in build.h actually control the entropy source
configuration (!)
GH #708
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OID map is now generated from an input file on an as needed basis.
Just uses a sequence of ifs - simple, fast, and small code size.
Merges oid_lookup sub-module which was already required by asn1 anyway,
so completely non-optional.
Removes @neusdan's nice OID tests since without any runtime adds the
tests are moot.
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
Rarely expected and often causes performance problems, especially for private keys.
Instead applications should call check_key explicitly to validate keys when
necessary.
Note this removal doesn't apply to tests like ECDH on-the-curve tests, where a check
on the public key is required for security of our own key.
Updates most APIs to remove RNG calls, where they are no longer required. Exception
is PKCS8 interface, pending further work there (see GH #685) it just ignores the RNG
argument now.
|
|
|
|
|
|
|
|
|
|
|
| |
Uses -Os for GCC/Clang/ICC, /O1 for MSVC.
Might be used in the future to control compile time features also
(eg using a large precomputed table, vs not). Does not have any
influence on module selection, just informs the build that a smaller
binary is preferable.
[ci skip]
|
|
|
|
|
|
|
|
|
|
|
| |
Originally from https://github.com/randombit/botan-fuzzers but
merging to the main tree (without the corpus files, since I suspect
the corpus files in that repo are not useful anymore)
Adds --unsafe-fuzzer-mode which can be used to selectively disable
cryptographic checks which get in the way of fuzzer testing. This
setting is reflected in build.h and in the version string. Right
now it doesn't actually disable anything.
|
|
|
|
|
| |
Change AutoSeeded_RNG to use SHA-384, SHA-256, SHA-3(256), or SHA-1,
whichever is available (in that order).
|
|\ |
|
| |
| |
| |
| |
| | |
Adds support for Galois Message Authentication Code calculation based on
GHASH, rather than GCM_Mode.
|
|/ |
|
|
|
|
| |
Fix various doc building problems/warnings.
|
|\ |
|
| |
| |
| |
| | |
BSI drops Keccak in favor of SHA-3. Modern adds SHA-3 and SHAKE-128.
|
|\ \ |
|
| |/
| |
| |
| | |
So it shouldn't be prohibited in the module policy
|
| | |
|
|/ |
|