aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pk_pad
Commit message (Collapse)AuthorAgeFilesLines
* DER improvementsJack Lloyd2018-05-221-18/+10
| | | | | | | | | | | Let DER_Encoder write to a user specified vector instead of only to an internal vector. This allows encoding to a std::vector without having to first write to a locked vector and then copying out the result. Add ASN1_Object::BER_encode convenience method. Replaces X509_Object::BER_encode which had the same logic but was restricted to a subtype. This replaces many cases where DER_Encoder was just used to encode a single object (X509_DN, AlgorithmIdentifier, etc).
* Support passing an OAEP label in EME nameRené Korthaus2018-04-021-4/+5
| | | | | | | TPM 1.2 expects passing the owner and SRK secret encrypted with the public endorsement key. For asymmetric encryption, the TPM 1.2 uses OAEP with the label "TCPA".
* Support "mixed" OAEP hashesJack Lloyd2018-03-211-2/+17
| | | | | | Test vectors from pyca/cryptography Fixes GH #109
* Mixed mode OAEPJack Lloyd2018-03-213-10/+27
|
* Catch exceptions by reference not valueJack Lloyd2018-03-161-17/+11
| | | | Fixes a new warning in GCC 8
* Use API annotationsJack Lloyd2018-03-021-1/+1
|
* Fix crash in EMSA_PKCS1v15_Raw if the hash function was not enabled.Jack Lloyd2018-01-171-1/+1
| | | | GH #1416
* Add note on OAEP version implemented [ci skip]René Korthaus2018-01-041-0/+1
|
* Fix a couple Doxygen format errors [ci skip]Jack Lloyd2017-12-261-4/+4
|
* Deinline functions in EMSA, add pubkey as dependencyJack Lloyd2017-12-2312-22/+48
|
* EMSA has a build-time dependency on ASN.1 now [ci skip]Jack Lloyd2017-12-231-0/+1
|
* Avoid unused parameter warningsJack Lloyd2017-12-222-4/+9
|
* Enable signing X509 structures with rsa-pssFabian Weissberg2017-12-2214-0/+268
|
* Correct the SHA-3 PKCSv1.5 IDsJack Lloyd2017-10-051-4/+10
| | | | | | | Thanks to @noloader for pointing me at draft-jivsov-openpgp-sha3-01 which has the correct values. Adds a test so this can't happen again.
* Make EMSA1 data privateJack Lloyd2017-10-021-6/+4
| | | | It was already final so leaving data as protected makes no sense...
* Further build/test fixes for restricted configurationsJack Lloyd2017-09-241-0/+1
|
* Apply final annotations to the library alsoJack Lloyd2017-09-221-1/+1
| | | | | Done by a perl script which converted all classes to final, followed by selective reversion where it caused compilation failures.
* Header file cleanupsJack Lloyd2017-09-2114-5/+23
| | | | Some help from include-what-you-use
* Merge GH #1212 Add support for 'raw' PSS signaturesJack Lloyd2017-09-203-51/+167
|\
| * Clear return value, and verify 'raw' hash matches expected sizeJack Lloyd2017-09-161-1/+7
| |
| * Support PSSR_RawJack Lloyd2017-09-163-51/+161
| | | | | | | | | | | | | | Allows PSS-signing a raw hash while also still specifying the salt length. GH #1211
* | Change header guard format to BOTAN_FOO_H_Jack Lloyd2017-09-2013-26/+26
| | | | | | | | | | | | ISO C++ reserves names with double underscores in them Closes #512
* | Add API stability annotations.Jack Lloyd2017-09-1913-19/+19
| | | | | | | | | | Defined in build.h, all equal to BOTAN_DLL so ties into existing system for exporting symbols.
* | Use constant_time_compare instead of same_memJack Lloyd2017-09-165-5/+5
|/ | | | New name, same great operation
* Added SHA3_XXX_PKCS OIDFrancis Dupont2017-09-041-0/+28
|
* Fix a valgrind const-time error in ISO 9796 paddingJack Lloyd2017-08-291-2/+7
| | | | It didn't unpoison the output values.
* Allow signature using `Raw(hashname)`Jack Lloyd2017-08-153-7/+38
| | | | | | This confirms the message is exactly the size of the expected hash, and also causes RFC 6979 nonces to be generated using the specified hash. See also https://github.com/riboseinc/rnp/issues/367
* Add SM3 OIDs and PKCSv1.5 hash prefixJack Lloyd2017-05-191-0/+8
|
* Accept SHA1 and SHA-1 as aliases for hash_idJack Lloyd2017-05-181-2/+3
|
* Add botan_pkcs_hash_id to FFIJack Lloyd2017-05-183-3/+35
| | | | | | Extend EMSA_PKCS1v15_Raw to optionally take a hash function for which the PKCS hash id is prefixed to the message as usual. This allows signing a message using PKCSv1.5 padding where the hash is provided externally.
* Content:Tomasz Frydrych2017-04-033-4/+2
| | | | | | | | | * fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations) * `default` specifier instead of `{}` in some places(probably all) * removal of unreachable code (for example `return` after `throw`) * removal of compilation unit only visible, but not used functions * fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT` * removed not needed semicolons
* Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-0212-12/+36
|
* Avoid calling memmove with a null source in PKCSv1 signature encodingJack Lloyd2017-03-031-1/+7
| | | | Only occured with EMSA_Raw. Caught by GCC 7 warning
* fix possible iso9796 side channel and add length checkNever2017-02-211-14/+26
|
* ISO-9796-2 doxygen build fixesDaniel Neus2016-12-191-4/+4
|
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-1825-216/+216
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Merge GH #759 Add ISO 9796-2 signature schemesJack Lloyd2016-12-084-12/+414
|\
| * ISO 9796: Change header guard formatNever2016-12-061-2/+2
| |
| * Add ISO9796-2 Signature Schemes giving message recovery 2 and 3.Never2016-12-054-12/+414
| |
* | Fix off by one in PKCS #1 v1.5 decryption decodingJack Lloyd2016-12-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | When the code was changed in b8966d0f89e, the offset was not changed, so it would reject ciphertexts with exactly 8 bytes of random padding (the required minimum). Found by pkcs1 fuzzer which also had problems due to not having been updated at the same time. Add a test suite for decoding of PK decryption padding to cover the problem cases.
* | Avoid crash in PKCS1v1.5 unpadding if input len <= 2Jack Lloyd2016-12-081-0/+6
|/ | | | Don't think this can't happen outside of a fuzzer test
* Simplify EMSA1 message recovery codeJack Lloyd2016-11-021-14/+12
|
* Avoid timing channel in OAEP decoding (CVE-2016-8871)Juraj Somorovsky2016-10-261-7/+12
|
* Fix PSSRJack Lloyd2016-10-211-1/+1
|
* Remove alias logic from SCAN_NameJack Lloyd2016-10-212-30/+48
| | | | | | This required taking a global lock and doing a map lookup each time an algorithm was requested (and so many times during a TLS handshake).
* Remove Algo_RegistryJack Lloyd2016-10-2110-105/+74
| | | | | | | I repent my use of global constructors. I repent my use of global locks. Hopefully I will never touch this code again. :)
* Improve pk_pad doxygen [ci skip]René Korthaus2016-10-196-5/+13
|
* Remove deprecated hashes MD2, HAS-160, and RIPEMD-128Jack Lloyd2016-09-021-17/+0
|
* Merge GH #554 Add PKCS #1 v1.5 ID for SHA-512/256 signaturesJack Lloyd2016-07-271-0/+8
|\
| * add SHA-512/256 PKCS#1 hash identifierDaniel Neus2016-07-251-0/+8
| |
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 23:32:32 +0000