| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
RFC 5915 mandates that the OID of an ECDSA ECPrivateKey
shall be id-ecPublicKey with the named curve as the parameters.
ECPrivateKey may contain the named curve OID, too, which is
compared to id-ecPublicKey. Such keys could not be loaded.
We remove this check and add a test vector from strongswan.
|
|\ |
|
| |
| |
| |
| |
| |
| | |
Test data generated by 1.10 so hopefully no further issues here.
GH #1200
|
| |
| |
| |
| |
| |
| |
| |
| | |
Unfortunately it seems the SM2 format changed between 2010 and 2012,
now the ciphertext is C1 || C3 || C2.
Unfortunate no matter how you slice it, but at least it's easy to
convert from one form to another.
|
|\ \ |
|
| |/ |
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | | |
Weirdly Wine at least does not set FILE_ATTRIBUTE_NORMAL on the files,
instead sets FILE_ATTRIBUTE_ARCHIVE. ?? I have no idea what that's about.
|
| |/ |
|
|/
|
|
| |
[ci skip]
|
|
|
|
|
| |
We fixed this in the C++ API in GH #381, but apparently not
in ffi. Also adds the missing tests.
|
|
|
|
|
|
|
| |
Could end up causing a throw during a destructor leading to a crash,
if the application created a very large secure_vector.
Flagged by Coverity.
|
|
|
|
| |
Found by Coverity
|
|
|
|
|
|
| |
To reflect support for arbitrary hashes
[ci skip]
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
This function changed behavior in 0d403a3 see also GH #1187
Add new return code BOTAN_FFI_INVALID_VERIFIER and use it for
both signature and bcrypt verification functions.
|
| |
| |
| |
| | |
This is a contribution from Ribose Inc.
|
| |
| |
| |
| | |
This is a contribution from Ribose Inc
|
| | |
|
|/
|
|
| |
This is a contribution from Ribose Inc.
|
|
|
|
|
|
|
|
|
|
| |
GCC and Clang generate effectively identical code for a template
with parameters, vs completely unrolled code as was used previously.
Add a little-endian variant so XTS can use it. This extends XTS support
to cover 256 and 512-bit ciphers. I was not able to find another
implementation that supports both XTS and ciphers with large blocks,
so the XTS test vectors are self-generated.
|
|
|
|
|
| |
This would do the wrong thing if TLS v1.2 was disabled but v1.0/v1.1
allowed.
|
| |
|
|
|
|
| |
Still need basic system headers even when using asio for network
|
| |
|
|\ |
|
| |
| |
| |
| | |
Based on the patch in GH #1146
|
|\ \ |
|
| |/
| |
| |
| | |
Contributed in GH #842
|
|\ \
| |/
|/| |
|
| | |
|
| |
| |
| |
| | |
Ugh Windows headers y u so nasty.
|
| | |
|
| |
| |
| |
| | |
Move the actual socket stuff to os_utils.cpp
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This OS has its own crypto API and does not support CryptGenRandom.
Splits System_RNG_Impl into distinct declarations one per implementation
type. Easier to read now that we are up to 4 distinct versions.
Removes the CryptoAPI entropy source, and replaces it with an entropy
source that calls the system RNG. This is nominally a bit less flexible
in that the entropy source allowed polling multiple providers (though
we didn't actually make use of that). Plus side is it works on all
systems.
Currently the dev_random entropy source is still there because we do
actually use it to poll both /dev/random and /dev/urandom, and it
might be useful (on certain systems) to also poll a HW RNG, which
are often assigned their own device node. This could debatably also
be removed in favor of just reading the system RNG.
|
| | |
|
| |
| |
| |
| | |
Reserving it for globals so they are easy to grep for
|
|/
|
|
| |
Don't include it where it is not needed, included it where it is used.
|
|
|
|
| |
We only need <istream> + <ostream> here
|
|
|
|
| |
Closes #1168
|
|
|
|
|
| |
This class is exposed but the extension types aren't, so calls to
these functions from outside the library would not link.
|
|
|
|
| |
Since we don't end up signing anything in any case.
|
|
|
|
|
|
|
|
| |
Previously if the client did not send signature_algorithms, or if
it only included algos not in the policy, we would just fallback to
the hardcoded SHA-1 default of TLS v1.2
Instead check the policy before accepting anything.
|
|
|
|
| |
[ci skip]
|
|
|
|
| |
Caught by GCC cross compiling. Also fix a couple 0-as-null warnings.
|
|\ |
|
| | |
|
| | |
|
|/
|
|
| |
Based on VC2017 output
|
| |
|