aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Merge GH #1995 Allow setting max OCSP response age during verificationJack Lloyd2019-06-142-22/+45
|\
| * add option to specify ocsp max agePatrick Schmidt2019-06-142-22/+45
| |
* | Merge GH #1992 Allow overriding cert verify in TLS::StreamJack Lloyd2019-06-142-34/+155
|\ \ | |/ |/|
| * TLS::Context holds references rather than pointersHannes Rantzsch2019-06-132-47/+60
| | | | | | | | | | | | | | | | Parameters passed from TLS::Context to TLS::Client for initialization are now held as references in the context. Ownership of these members is thereby explicitly left with the user. Co-authored-by: Tim Oesterreich <[email protected]>
| * Update comments as suggested per reviewHannes Rantzsch2019-06-042-9/+14
| | | | | | | | Co-Authored-By: René Meusel <[email protected]>
| * Refactor: template meta-programming to reuse the callback signatureRené Meusel2019-06-031-7/+16
| |
| * Use TLS::Context::verifyCallback as tls_verify_cert_chain callbackHannes Rantzsch2019-06-031-22/+62
| | | | | | | | | | | | | | | | | | StreamCore uses the user-provided verify callback as a tls_verify_cert_chain if any is provided to the Context. Stream allows configuring the context as well using Stream::set_verify_callback. Stream now keeps a reference to the Context, rather than copying it. This allows users to configure the Context after constructing the Stream, but requires them to manage its lifetime.
| * allow setting a verify_callback in TLS::ContextHannes Rantzsch2019-06-031-7/+61
| | | | | | | | | | This will allow customizing the tls_verify_cert_chain callback for TLS::Stream. TLS::Context is now a class and its members are protected.
* | Officially deprecate headersJack Lloyd2019-06-0728-686/+597
| | | | | | | | | | | | | | | | | | | | Create BOTAN_DEPRECATED_HEADER so we can warn about this consistently. Shuffle around the filter headers so all of the concrete filters are defined in filters.h instead of being spread across many headers. Document which headers are deprecated as well as a list of headers which will be made internal-only in a future major release.
* | Merge GH #1979 Fix PKCS11 buffer output sizingJack Lloyd2019-06-051-10/+30
|\ \ | |/ |/|
| * Fix PKCS#11 C_SignFinal output size.Daniel Wyatt2019-05-271-1/+6
| |
| * Fix PKCS#11 C_Sign output size.Daniel Wyatt2019-05-271-2/+7
| |
| * Fix PKCS#11 C_Encrypt output size.Daniel Wyatt2019-05-271-2/+7
| |
| * Fix PKCS#11 C_Decrypt buffer output size.Daniel Wyatt2019-05-261-5/+10
| | | | | | | | | | | | | | | | | | | | | | | | Section 5.2 of the spec states that there are two ways to call functions that return a variable-length buffer: 1. When the output buffer is NULL, an estimated size is returned (which may be larger than required). 2. When the output buffer is not NULL, the exact size must be returned. So only after the second call to C_Decrypt has the final output size been determined, and we must resize the output buffer.
* | Add Bcrypt-PBKDFJack Lloyd2019-05-316-4/+288
| |
* | Merge rest of GH #1987 Argon2 improvementsJack Lloyd2019-05-302-35/+41
|\ \
| * | Argon2: minor optimizations, add tests of CLI, tweak tuningJack Lloyd2019-05-302-33/+38
| | |
| * | Improve test coverage. Fix Argon2 default paramsJack Lloyd2019-05-291-2/+2
| | |
| * | Add missing includeJack Lloyd2019-05-291-0/+1
| | |
* | | Merge GH #1987 Argon2 improvementsJack Lloyd2019-05-304-2/+371
|\| |
| * | Argon2: PasswordHash, documentation, hash formattingJack Lloyd2019-05-294-2/+371
| | |
* | | Revert part of #1744 making Exception constructors protectedJack Lloyd2019-05-301-1/+11
| | | | | | | | | | | | This broke SoftHSM build
* | | Document that FFI destroy operations can failJack Lloyd2019-05-291-3/+37
| | |
* | | Verify ffi object is not null before dereferencing itJack Lloyd2019-05-281-1/+5
| | | | | | | | | | | | | | | This shouldn't even happen if the header is still intact, but seemingly it can: #1983 so be robust as possible.
* | | Merge GH #1986 Fix compat with SoftHSM 2.5.0Jack Lloyd2019-05-281-1/+1
|\ \ \
| * | | SoftHSM 2.5.0 compatibilityDaniel Neus2019-05-281-1/+1
| |/ / | | | | | | | | | Fixes "src\lib\softhsm.cpp(10191): CKA_VALUE_LEN does not have the size of CK_ULONG"
* / / Correct documentation for botan_rng_initJack Lloyd2019-05-281-2/+5
|/ / | | | | | | Fixes #1984
* | Merge GH #1974 Add ability to set max allowed age for an OCSP responseJack Lloyd2019-05-286-14/+29
|\ \
| * | add 'OCSP_IS_TOO_OLD' to Botan::to_string()René Meusel2019-05-281-0/+2
| | |
| * | add optional max_age for ocsp checksPatrick Schmidt2019-05-275-14/+27
| | |
* | | Merge GH #1982 Ask for updated cert status during a TLS resumptionJack Lloyd2019-05-281-0/+3
|\ \ \
| * | | Ask for certificate status even on a resumption attemptJack Lloyd2019-05-281-0/+3
| | |/ | |/| | | | | | | | | | This makes sense to do since if the server doesn't resume, we would like to see a updated status message.
* | | Fix problem in TLS message parsing testsJack Lloyd2019-05-271-2/+2
| | | | | | | | | | | | | | | | | | | | | This started failing due to use of store_be in Buffered_Computation::update_be in this PR. The hello request cookie generation depended on the size of size_t, however the lib code and test had the same bug so it was missed. Force the lengths to be 64 bit.
* | | Add Argon2Jack Lloyd2019-05-274-5/+469
|/ / | | | | | | Closes GH #459
* | Merge AEAD and CBC codepaths hereJack Lloyd2019-05-251-5/+8
| |
* | Return reference hereJack Lloyd2019-05-252-13/+16
| |
* | TweakJack Lloyd2019-05-252-12/+13
| |
* | More record layer refactoringsJack Lloyd2019-05-244-74/+56
| |
* | Simplification in record layerJack Lloyd2019-05-244-10/+34
| |
* | Make it possible to regen tls_suite_info.cpp with recent tls-parameters.txtJack Lloyd2019-05-241-2/+2
| |
* | Remove bogus commentJack Lloyd2019-05-242-2/+0
| |
* | Add reminder comments re enum classJack Lloyd2019-05-244-0/+6
| |
* | Merge GH #1858 Update XMSS to conform to RFC 8391Jack Lloyd2019-05-2415-161/+147
|\ \
| * | Fix param names to match RFCJack Lloyd2019-05-132-25/+25
| | |
| * | Fix param namesJack Lloyd2019-05-102-24/+24
| | |
| * | Serialize XMSS leaf index as four bytesMatthias Gierlings2019-05-063-10/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Internally XMSS uses a 64 Bit type for the leaf index. This patch removes the four leading zero bytes from the XMSS leaf index and serializes it as a four byte value as described in RFC 8391. Test cases are adjusted accordingly. The 64 Bit type is kept internally which potentially allows for code reuse when implementing XMSS^MT on top of the current XMSS code.
| * | Updates copyright noticesMatthias Gierlings2019-05-0611-11/+11
| | |
| * | Updates references to XMSS the standard documentMatthias Gierlings2019-05-0611-47/+37
| | |
| * | Updates XMSS parameters corresponding to RFC 8391Matthias Gierlings2019-05-064-92/+92
| | | | | | | | | | | | | | | Changes XMSS and XMSS WOTS algorithm names and OIDs to correspond to RFC 8391.
* | | Let TLS serialization know which side we are sending asJack Lloyd2019-05-245-59/+56
| | | | | | | | | | | | Since this matters for some extensions