| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
| |
Remove unimplemented declaration botan_x509_cert_gen_selfsigned
|
|
|
|
|
| |
Also remove the TLS declarations from ffi.h for now since that
isn't supported at all.
|
|
|
|
|
|
|
|
|
| |
This makes the meaning and usage more clear.
Add a specific error type so invalid tags can be distinguished without
having to catch that specific type.
See also #1813
|
|
|
|
| |
Here the caller is assumed to have provided a buffer of sufficient size.
|
|
|
|
| |
Combines the priv check and the getenv call on one.
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid throwing base Botan::Exception type, as it is difficult to
determine what the error is in that case.
Add Exception::error_code and Exception::error_type which allows
(for error code) more information about the error and (for error type)
allows knowing the error type without requiring a sequence of catches.
See GH #1742
|
| |
|
|
|
|
| |
Closes GH #1557
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several problems in CBC found by adding tests
- If you set a key, then set a nonce, then set a new key,
you could encrypt without setting a new nonce.
- It was possible to call CBC finish without setting a nonce,
which would crash.
- If you had an CBC decryption object, set a key, set a nonce, then
reset message state, it should throw because no nonce is set.
Instead it would carry on using an all-zero nonce.
Disable CommonCrypto with PKCS7 padding as it seems to have some
problem that I cannot figure out from the build logs.
This work sponsored by Ribose Inc
|
|
|
|
|
|
|
|
| |
If a function returning variable length output was called with a
null output buffer but a non-zero output buffer length, FFI layer
would call memset(nullptr, 0, buffer_len) and crash.
Caught by Coverity.
|
|
|
|
|
|
|
|
| |
Avoid any getenv toggles or reading /proc if we are setuid/setgid.
It is possible there is or will someday be some file in /proc that
is world-readable, but if read by a privileged user causes some side
effect.
|
| |
|
| |
|
|\ |
|
| | |
|
| |
| |
| |
| | |
This is a contribution of Ribose Inc (@riboseinc)
|
| |
| |
| |
| |
| | |
Downgrade min Sphinx to 1.2 again - I checked and while Sphinx 1.2
produce many warnings it does generate usable output.
|
|/
|
|
| |
See GH #1680
|
|
|
|
|
| |
It avoids having to rewrite existing logic when a new API version
is introduced.
|
|
|
|
|
| |
Fixes: dc85761ef02c ("Add path validation to FFI")
Signed-off-by: Tobias Brunner <[email protected]>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This caused get_field, when called with a non-existing field, to
return success and set the field to a small negative integer.
|
|
|
|
| |
No reason given we know the message is going to be thrown away.
|
| |
|
| |
|
|
|
|
|
|
| |
Add/fix Doxygen comments.
Remove warning which is not really true anymore.
|
|
|
|
|
|
|
|
|
|
| |
It turned out 8 bit was very broken (failed to compile, due to
overload problems with functions taking uint8_t vs word).
16 bit words work aside from a test failure, but is really slow.
Practically speaking we are not in a position to support 16-bit CPUs
very well. And being able to assume sizeof(word) >= sizeof(uint32_t)
allows simplifying some code.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instigated by finding a bug where BigInt::encode with decimal output
would often have a leading '0' char. Which is papered over in the IO
operator, but was exposed by botan_mp_to_str which called BigInt::encode
directly.
Split BigInt::encode/decode into two versions, one taking the Base
argument and the other using the (previously default) binary base.
With a view of eventually deprecating the versions taking a base.
Add BigInt::to_dec_string() and BigInt::to_hex_string()
|
| |
|
|\ |
|
| | |
|
|/ |
|
|
|
|
| |
Saves about 300 Kb of code space in the FFI object files
|
|
|
|
|
| |
Previously safe_get(x) where x was null would return an error
about an exception being thrown, instead of a null pointer error.
|
|
|
|
| |
Very useful when using "Raw" DH/ECDH via the FFI API.
|
|
|
|
|
|
| |
Adopt APIs added in 2.8
Expose botan_error_description which was added in 2.5 but not exported!
|
| |
|
|
|
|
|
|
|
| |
botan_cipher_query_keylen doesn't return the modulus.
Renames (recently added/unreleased) botan_{block_cipher,mac}_query_keylen
to x_get_keyspec so the names are consistent.
|
| |
|
| |
|
|
|
|
| |
Needed for https://github.com/strongswan/strongswan/pull/109
|
| |
|
|\ |
|
| | |
|
| | |
|