Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Merge GH #1995 Allow setting max OCSP response age during verification | Jack Lloyd | 2019-06-14 | 2 | -22/+45 |
|\ | |||||
| * | add option to specify ocsp max age | Patrick Schmidt | 2019-06-14 | 2 | -22/+45 |
| | | |||||
* | | Merge GH #1992 Allow overriding cert verify in TLS::Stream | Jack Lloyd | 2019-06-14 | 2 | -34/+155 |
|\ \ | |/ |/| | |||||
| * | TLS::Context holds references rather than pointers | Hannes Rantzsch | 2019-06-13 | 2 | -47/+60 |
| | | | | | | | | | | | | | | | | Parameters passed from TLS::Context to TLS::Client for initialization are now held as references in the context. Ownership of these members is thereby explicitly left with the user. Co-authored-by: Tim Oesterreich <[email protected]> | ||||
| * | Update comments as suggested per review | Hannes Rantzsch | 2019-06-04 | 2 | -9/+14 |
| | | | | | | | | Co-Authored-By: René Meusel <[email protected]> | ||||
| * | Refactor: template meta-programming to reuse the callback signature | René Meusel | 2019-06-03 | 1 | -7/+16 |
| | | |||||
| * | Use TLS::Context::verifyCallback as tls_verify_cert_chain callback | Hannes Rantzsch | 2019-06-03 | 1 | -22/+62 |
| | | | | | | | | | | | | | | | | | | StreamCore uses the user-provided verify callback as a tls_verify_cert_chain if any is provided to the Context. Stream allows configuring the context as well using Stream::set_verify_callback. Stream now keeps a reference to the Context, rather than copying it. This allows users to configure the Context after constructing the Stream, but requires them to manage its lifetime. | ||||
| * | allow setting a verify_callback in TLS::Context | Hannes Rantzsch | 2019-06-03 | 1 | -7/+61 |
| | | | | | | | | | | This will allow customizing the tls_verify_cert_chain callback for TLS::Stream. TLS::Context is now a class and its members are protected. | ||||
* | | Officially deprecate headers | Jack Lloyd | 2019-06-07 | 28 | -686/+597 |
| | | | | | | | | | | | | | | | | | | | | Create BOTAN_DEPRECATED_HEADER so we can warn about this consistently. Shuffle around the filter headers so all of the concrete filters are defined in filters.h instead of being spread across many headers. Document which headers are deprecated as well as a list of headers which will be made internal-only in a future major release. | ||||
* | | Merge GH #1979 Fix PKCS11 buffer output sizing | Jack Lloyd | 2019-06-05 | 1 | -10/+30 |
|\ \ | |/ |/| | |||||
| * | Fix PKCS#11 C_SignFinal output size. | Daniel Wyatt | 2019-05-27 | 1 | -1/+6 |
| | | |||||
| * | Fix PKCS#11 C_Sign output size. | Daniel Wyatt | 2019-05-27 | 1 | -2/+7 |
| | | |||||
| * | Fix PKCS#11 C_Encrypt output size. | Daniel Wyatt | 2019-05-27 | 1 | -2/+7 |
| | | |||||
| * | Fix PKCS#11 C_Decrypt buffer output size. | Daniel Wyatt | 2019-05-26 | 1 | -5/+10 |
| | | | | | | | | | | | | | | | | | | | | | | | | Section 5.2 of the spec states that there are two ways to call functions that return a variable-length buffer: 1. When the output buffer is NULL, an estimated size is returned (which may be larger than required). 2. When the output buffer is not NULL, the exact size must be returned. So only after the second call to C_Decrypt has the final output size been determined, and we must resize the output buffer. | ||||
* | | Add Bcrypt-PBKDF | Jack Lloyd | 2019-05-31 | 6 | -4/+288 |
| | | |||||
* | | Merge rest of GH #1987 Argon2 improvements | Jack Lloyd | 2019-05-30 | 2 | -35/+41 |
|\ \ | |||||
| * | | Argon2: minor optimizations, add tests of CLI, tweak tuning | Jack Lloyd | 2019-05-30 | 2 | -33/+38 |
| | | | |||||
| * | | Improve test coverage. Fix Argon2 default params | Jack Lloyd | 2019-05-29 | 1 | -2/+2 |
| | | | |||||
| * | | Add missing include | Jack Lloyd | 2019-05-29 | 1 | -0/+1 |
| | | | |||||
* | | | Merge GH #1987 Argon2 improvements | Jack Lloyd | 2019-05-30 | 4 | -2/+371 |
|\| | | |||||
| * | | Argon2: PasswordHash, documentation, hash formatting | Jack Lloyd | 2019-05-29 | 4 | -2/+371 |
| | | | |||||
* | | | Revert part of #1744 making Exception constructors protected | Jack Lloyd | 2019-05-30 | 1 | -1/+11 |
| | | | | | | | | | | | | This broke SoftHSM build | ||||
* | | | Document that FFI destroy operations can fail | Jack Lloyd | 2019-05-29 | 1 | -3/+37 |
| | | | |||||
* | | | Verify ffi object is not null before dereferencing it | Jack Lloyd | 2019-05-28 | 1 | -1/+5 |
| | | | | | | | | | | | | | | | This shouldn't even happen if the header is still intact, but seemingly it can: #1983 so be robust as possible. | ||||
* | | | Merge GH #1986 Fix compat with SoftHSM 2.5.0 | Jack Lloyd | 2019-05-28 | 1 | -1/+1 |
|\ \ \ | |||||
| * | | | SoftHSM 2.5.0 compatibility | Daniel Neus | 2019-05-28 | 1 | -1/+1 |
| |/ / | | | | | | | | | | Fixes "src\lib\softhsm.cpp(10191): CKA_VALUE_LEN does not have the size of CK_ULONG" | ||||
* / / | Correct documentation for botan_rng_init | Jack Lloyd | 2019-05-28 | 1 | -2/+5 |
|/ / | | | | | | | Fixes #1984 | ||||
* | | Merge GH #1974 Add ability to set max allowed age for an OCSP response | Jack Lloyd | 2019-05-28 | 6 | -14/+29 |
|\ \ | |||||
| * | | add 'OCSP_IS_TOO_OLD' to Botan::to_string() | René Meusel | 2019-05-28 | 1 | -0/+2 |
| | | | |||||
| * | | add optional max_age for ocsp checks | Patrick Schmidt | 2019-05-27 | 5 | -14/+27 |
| | | | |||||
* | | | Merge GH #1982 Ask for updated cert status during a TLS resumption | Jack Lloyd | 2019-05-28 | 1 | -0/+3 |
|\ \ \ | |||||
| * | | | Ask for certificate status even on a resumption attempt | Jack Lloyd | 2019-05-28 | 1 | -0/+3 |
| | |/ | |/| | | | | | | | | | | This makes sense to do since if the server doesn't resume, we would like to see a updated status message. | ||||
* | | | Fix problem in TLS message parsing tests | Jack Lloyd | 2019-05-27 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | | | | | | This started failing due to use of store_be in Buffered_Computation::update_be in this PR. The hello request cookie generation depended on the size of size_t, however the lib code and test had the same bug so it was missed. Force the lengths to be 64 bit. | ||||
* | | | Add Argon2 | Jack Lloyd | 2019-05-27 | 4 | -5/+469 |
|/ / | | | | | | | Closes GH #459 | ||||
* | | Merge AEAD and CBC codepaths here | Jack Lloyd | 2019-05-25 | 1 | -5/+8 |
| | | |||||
* | | Return reference here | Jack Lloyd | 2019-05-25 | 2 | -13/+16 |
| | | |||||
* | | Tweak | Jack Lloyd | 2019-05-25 | 2 | -12/+13 |
| | | |||||
* | | More record layer refactorings | Jack Lloyd | 2019-05-24 | 4 | -74/+56 |
| | | |||||
* | | Simplification in record layer | Jack Lloyd | 2019-05-24 | 4 | -10/+34 |
| | | |||||
* | | Make it possible to regen tls_suite_info.cpp with recent tls-parameters.txt | Jack Lloyd | 2019-05-24 | 1 | -2/+2 |
| | | |||||
* | | Remove bogus comment | Jack Lloyd | 2019-05-24 | 2 | -2/+0 |
| | | |||||
* | | Add reminder comments re enum class | Jack Lloyd | 2019-05-24 | 4 | -0/+6 |
| | | |||||
* | | Merge GH #1858 Update XMSS to conform to RFC 8391 | Jack Lloyd | 2019-05-24 | 15 | -161/+147 |
|\ \ | |||||
| * | | Fix param names to match RFC | Jack Lloyd | 2019-05-13 | 2 | -25/+25 |
| | | | |||||
| * | | Fix param names | Jack Lloyd | 2019-05-10 | 2 | -24/+24 |
| | | | |||||
| * | | Serialize XMSS leaf index as four bytes | Matthias Gierlings | 2019-05-06 | 3 | -10/+6 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Internally XMSS uses a 64 Bit type for the leaf index. This patch removes the four leading zero bytes from the XMSS leaf index and serializes it as a four byte value as described in RFC 8391. Test cases are adjusted accordingly. The 64 Bit type is kept internally which potentially allows for code reuse when implementing XMSS^MT on top of the current XMSS code. | ||||
| * | | Updates copyright notices | Matthias Gierlings | 2019-05-06 | 11 | -11/+11 |
| | | | |||||
| * | | Updates references to XMSS the standard document | Matthias Gierlings | 2019-05-06 | 11 | -47/+37 |
| | | | |||||
| * | | Updates XMSS parameters corresponding to RFC 8391 | Matthias Gierlings | 2019-05-06 | 4 | -92/+92 |
| | | | | | | | | | | | | | | | Changes XMSS and XMSS WOTS algorithm names and OIDs to correspond to RFC 8391. | ||||
* | | | Let TLS serialization know which side we are sending as | Jack Lloyd | 2019-05-24 | 5 | -59/+56 |
| | | | | | | | | | | | | Since this matters for some extensions |