Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Deprecate many publically available headers | Jack Lloyd | 2019-09-06 | 12 | -0/+24 |
| | |||||
* | Reduce usage of oids.h with the addition of some helpers on OID | Jack Lloyd | 2019-08-04 | 3 | -5/+2 |
| | |||||
* | Avoid using deprecated public fields of AlgorithmIdentifier | Jack Lloyd | 2019-08-04 | 3 | -19/+12 |
| | |||||
* | Deprecate and replace OIDS::lookup | Jack Lloyd | 2019-08-04 | 3 | -5/+3 |
| | |||||
* | Update GOST to use 2012 OIDs/params | Jack Lloyd | 2019-08-03 | 2 | -2/+9 |
| | |||||
* | Fix various MSVC warnings | Jack Lloyd | 2019-06-29 | 1 | -11/+14 |
| | |||||
* | Fix feature macro checks. | Jack Lloyd | 2019-04-26 | 2 | -2/+3 |
| | | | | Add a checker script. | ||||
* | Fixes for minimized builds | Jack Lloyd | 2019-02-16 | 1 | -1/+6 |
| | | | | Various configurations would fail build or test, fix that. | ||||
* | Remove trailing whitespace | Jack Lloyd | 2019-01-13 | 1 | -3/+1 |
| | |||||
* | Use consistent logic for OAEP and PKCS1v15 decoding | Jack Lloyd | 2018-12-21 | 3 | -24/+27 |
| | | | | | | | | | | | | The decoding leaked some information about the delimiter index due to copying only exactly input_len - delim_idx bytes. I can't articulate a specific attack that would work here, but it is easy enough to fix this to run in const time instead, where all bytes are accessed regardless of the length of the padding. CT::copy_out is O(n^2) and thus terrible, but in practice it is only used with RSA decryption, and multiplication is also O(n^2) with the modulus size, so a few extra cycles here doesn't matter much. | ||||
* | Add CT::Mask type | Jack Lloyd | 2018-11-28 | 3 | -37/+39 |
| | |||||
* | Add some missing includes | Jack Lloyd | 2018-11-08 | 2 | -0/+2 |
| | | | | This is not exhaustive. See GH #1733 | ||||
* | Add a fuzzer for OAEP unpadding | Jack Lloyd | 2018-09-22 | 2 | -10/+33 |
| | | | | This tests the delim scanning section which must be const time. | ||||
* | Slight optimization for MGF1 | Jack Lloyd | 2018-09-20 | 1 | -2/+3 |
| | | | | Avoid needless allocations during PSS and OAEP operations. | ||||
* | Remove unneeded load_on auto | Jack Lloyd | 2018-09-04 | 1 | -2/+0 |
| | | | | It is the default... | ||||
* | Check PSS salt length during verification | Jack Lloyd | 2018-08-30 | 3 | -36/+94 |
| | | | | Fixes #1665 | ||||
* | Accept PKCS1v15 as an alias for EMSA3 | Jack Lloyd | 2018-08-02 | 1 | -2/+3 |
| | | | | Not sure why it didn't have this already | ||||
* | DER improvements | Jack Lloyd | 2018-05-22 | 1 | -18/+10 |
| | | | | | | | | | | | Let DER_Encoder write to a user specified vector instead of only to an internal vector. This allows encoding to a std::vector without having to first write to a locked vector and then copying out the result. Add ASN1_Object::BER_encode convenience method. Replaces X509_Object::BER_encode which had the same logic but was restricted to a subtype. This replaces many cases where DER_Encoder was just used to encode a single object (X509_DN, AlgorithmIdentifier, etc). | ||||
* | Support passing an OAEP label in EME name | René Korthaus | 2018-04-02 | 1 | -4/+5 |
| | | | | | | | TPM 1.2 expects passing the owner and SRK secret encrypted with the public endorsement key. For asymmetric encryption, the TPM 1.2 uses OAEP with the label "TCPA". | ||||
* | Support "mixed" OAEP hashes | Jack Lloyd | 2018-03-21 | 1 | -2/+17 |
| | | | | | | Test vectors from pyca/cryptography Fixes GH #109 | ||||
* | Mixed mode OAEP | Jack Lloyd | 2018-03-21 | 3 | -10/+27 |
| | |||||
* | Catch exceptions by reference not value | Jack Lloyd | 2018-03-16 | 1 | -17/+11 |
| | | | | Fixes a new warning in GCC 8 | ||||
* | Use API annotations | Jack Lloyd | 2018-03-02 | 1 | -1/+1 |
| | |||||
* | Fix crash in EMSA_PKCS1v15_Raw if the hash function was not enabled. | Jack Lloyd | 2018-01-17 | 1 | -1/+1 |
| | | | | GH #1416 | ||||
* | Add note on OAEP version implemented [ci skip] | René Korthaus | 2018-01-04 | 1 | -0/+1 |
| | |||||
* | Fix a couple Doxygen format errors [ci skip] | Jack Lloyd | 2017-12-26 | 1 | -4/+4 |
| | |||||
* | Deinline functions in EMSA, add pubkey as dependency | Jack Lloyd | 2017-12-23 | 12 | -22/+48 |
| | |||||
* | EMSA has a build-time dependency on ASN.1 now [ci skip] | Jack Lloyd | 2017-12-23 | 1 | -0/+1 |
| | |||||
* | Avoid unused parameter warnings | Jack Lloyd | 2017-12-22 | 2 | -4/+9 |
| | |||||
* | Enable signing X509 structures with rsa-pss | Fabian Weissberg | 2017-12-22 | 14 | -0/+268 |
| | |||||
* | Correct the SHA-3 PKCSv1.5 IDs | Jack Lloyd | 2017-10-05 | 1 | -4/+10 |
| | | | | | | | Thanks to @noloader for pointing me at draft-jivsov-openpgp-sha3-01 which has the correct values. Adds a test so this can't happen again. | ||||
* | Make EMSA1 data private | Jack Lloyd | 2017-10-02 | 1 | -6/+4 |
| | | | | It was already final so leaving data as protected makes no sense... | ||||
* | Further build/test fixes for restricted configurations | Jack Lloyd | 2017-09-24 | 1 | -0/+1 |
| | |||||
* | Apply final annotations to the library also | Jack Lloyd | 2017-09-22 | 1 | -1/+1 |
| | | | | | Done by a perl script which converted all classes to final, followed by selective reversion where it caused compilation failures. | ||||
* | Header file cleanups | Jack Lloyd | 2017-09-21 | 14 | -5/+23 |
| | | | | Some help from include-what-you-use | ||||
* | Merge GH #1212 Add support for 'raw' PSS signatures | Jack Lloyd | 2017-09-20 | 3 | -51/+167 |
|\ | |||||
| * | Clear return value, and verify 'raw' hash matches expected size | Jack Lloyd | 2017-09-16 | 1 | -1/+7 |
| | | |||||
| * | Support PSSR_Raw | Jack Lloyd | 2017-09-16 | 3 | -51/+161 |
| | | | | | | | | | | | | | | Allows PSS-signing a raw hash while also still specifying the salt length. GH #1211 | ||||
* | | Change header guard format to BOTAN_FOO_H_ | Jack Lloyd | 2017-09-20 | 13 | -26/+26 |
| | | | | | | | | | | | | ISO C++ reserves names with double underscores in them Closes #512 | ||||
* | | Add API stability annotations. | Jack Lloyd | 2017-09-19 | 13 | -19/+19 |
| | | | | | | | | | | Defined in build.h, all equal to BOTAN_DLL so ties into existing system for exporting symbols. | ||||
* | | Use constant_time_compare instead of same_mem | Jack Lloyd | 2017-09-16 | 5 | -5/+5 |
|/ | | | | New name, same great operation | ||||
* | Added SHA3_XXX_PKCS OID | Francis Dupont | 2017-09-04 | 1 | -0/+28 |
| | |||||
* | Fix a valgrind const-time error in ISO 9796 padding | Jack Lloyd | 2017-08-29 | 1 | -2/+7 |
| | | | | It didn't unpoison the output values. | ||||
* | Allow signature using `Raw(hashname)` | Jack Lloyd | 2017-08-15 | 3 | -7/+38 |
| | | | | | | This confirms the message is exactly the size of the expected hash, and also causes RFC 6979 nonces to be generated using the specified hash. See also https://github.com/riboseinc/rnp/issues/367 | ||||
* | Add SM3 OIDs and PKCSv1.5 hash prefix | Jack Lloyd | 2017-05-19 | 1 | -0/+8 |
| | |||||
* | Accept SHA1 and SHA-1 as aliases for hash_id | Jack Lloyd | 2017-05-18 | 1 | -2/+3 |
| | |||||
* | Add botan_pkcs_hash_id to FFI | Jack Lloyd | 2017-05-18 | 3 | -3/+35 |
| | | | | | | Extend EMSA_PKCS1v15_Raw to optionally take a hash function for which the PKCS hash id is prefixed to the message as usual. This allows signing a message using PKCSv1.5 padding where the hash is provided externally. | ||||
* | Content: | Tomasz Frydrych | 2017-04-03 | 3 | -4/+2 |
| | | | | | | | | | * fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations) * `default` specifier instead of `{}` in some places(probably all) * removal of unreachable code (for example `return` after `throw`) * removal of compilation unit only visible, but not used functions * fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT` * removed not needed semicolons | ||||
* | Remove "Dirty hack" for multiple defines in lex_me_harder() | Simon Warta | 2017-04-02 | 12 | -12/+36 |
| | |||||
* | Avoid calling memmove with a null source in PKCSv1 signature encoding | Jack Lloyd | 2017-03-03 | 1 | -1/+7 |
| | | | | Only occured with EMSA_Raw. Caught by GCC 7 warning |