| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
Currently untested by TLS crosstalk tests because it is not
supported on the server side.
Exposes the rest of TLS message types to application.
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This lets us upgrade the FFI version over time and still allow
applications to reliably detect if the current library binary
supports their version.
As an example, it would be useful to be able to add features to FFI
sometime in 2.x. In that case, we would increase the value of the
FFI API version, even though anything calling the old API would still
work perfectly. Applications can verify at runtime the API they want to
use is supported using this new call.
|
| |/
|
|
|
| |
It is not a general purpose util or something we want applications to use.
It is only used by x509 and hopefully will be removed from there soon enough.
|
| |\ |
|
| | | |
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
| |
We support 3.5 or higher generally, but only Clang 3.8 has the
function attributes. This doesn't affect the build with older Clang
because the makefile still sets file-wide ISA flags.
GCC supports this attribute in all versions we support.
Fixes GH #797
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out SRP6 files use a different base64 alphabet than standard,
and additionally Botan's decoding of the group id seems wrong though
I haven't verified this second was a bug. In any case this code couldn't
parse anything it was supposed to and never could.
I had already planned on adding a database backed SRP store and removing
this code but the fact that it's actually not functional for purpose
suggests it's best to remove this now rather than let someone chance upon
it and be endlessly frustrated that it doesn't seem to work because all
the verifiers are garbled.
|
| | |
|
| |
|
|
|
|
|
| |
Fix a bug in Pipe::check_available that must date back 15 years...
Add destructors to compression filter so unique_ptr destructor runs
without user having to include an extra header for the owned type.
|
| |
|
|
|
| |
Moves BSI policy file to test data dir where it can be compared with
what the hardcoded class outputs.
|
| |\ |
|
| | |
| |
| |
| |
| | |
Effectively disables 1024 bit RSA as well as SHA-1.
Edit the tests where required to enable it again.
|
| | |
| |
| |
| |
| |
| | |
Clean up the ciphersuite generation script a bit.
[ci skip]
|
| | | |
|
| |/ |
|
| | |
|
| |
|
|
| |
Record counter value in test data, and start the search from there.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
TLS::Callbacks::inspect_handshake_message() allows applications
to inspect all handshake messages, but this requires
access to the types in tls_messages.h. As a matter of fact,
this also exports tls_extensions.h as a public header.
|
| | | |
|
| |/
|
|
| |
Caused tests to fail on CI
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Fix a bug in how the 6144 and 8192 IETF MODP groups were encoded; they
have g and q values switched. Fixed by just switching the PEM header
to match the actual encoded format.
Rename DL_Group::X942_DH_PARAMETERS to ANSI_X9_42_DH_PARAMETERS to avoid
a macro conflict with Windows cryptography headers (GH #482)
|
| |
|
|
|
| |
Expose Data{Source,Sink}_Stream types even if no filesystem is
available. Instead just guard the constructors taking a pathname.
|
| |\ |
|
| | |
| |
| |
| | |
available in all groups
|
| | | |
|
| | |
| |
| |
| | |
described in rfc2785
|
| | |
| |
| |
| | |
increased number of Miller-Rabin iterations, if strong is set (we pass 128 as prob in make_prm.cpp).
|
| | | |
|
| | |
| |
| |
| | |
Little easier to read perhaps, and helps prevent some astyle confusion.
|
| | |
| |
| |
| |
| |
| | |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
| | |
| |
| |
| |
| |
| | |
GH #726
[ci skip]
|
| | |
| |
| |
| |
| | |
Also use a const time comparison for the finished message, though
I don't see any real way of exploiting that timing channel.
|
| | |
| |
| |
| |
| | |
OpenSSL 1.0.2 added support for brainpool curves, so we
can use it provided the version check succeeds.
|
| | |
| |
| |
| |
| |
| | |
The previous assert had been already put there for the benefit
of clang-analyzer, but in Clang 3.9 it does not help. Instead
test X value directly, which works.
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GH #754 exposed a bug in the non-Montgomery exponentiation case.
It turned out then when the fixed window was picked to any value
> 1, the result would be incorrect due to an off by one. This is
the one line fix in powm_fw.cpp
Also fix a bug in bigint_mul which caused incorrect results,
because the output BigInt was not being zeroed out before use. This
is only exposed in rare cases, found (somewhat indirectly) in
OSS-Fuzz #287.
Add more modular exponentiation tests, which would have caught
these issues earlier.
|
| |
|
|
| |
Technically defined, but should never be seen in practical crypto context.
|
| |
|
|
|
|
|
| |
Changes all the Public_Key derived classes ctors to take a
std::vector instead of a secure_vector for the DER encoded
public key bits. There is no point in transporting a public
key in secure storage. (GH #768)
|
| |\ |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
The unpad functions return the blocksize as padding position, if the padding is invalid.
.
|
| |\ \ |
|
| | | | |
|
| | | | |
|
| | | | |
|
