aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Merge GH #1444 Add (back) modifyable OID mapsJack Lloyd2018-02-073-413/+560
|\
| * Reintroduce ability to register OIDs at runtimeNever2018-02-053-413/+560
| | | | | | | | | | | | This was removed in 62e55f484a7a03e2532875696eb2479a577878e9 in favor of a faster and smaller lookup. The ability is however required if we want to use custom curves at runtime.
* | Merge GH #1441 Add a shared registry of EC_Group objectsJack Lloyd2018-02-079-400/+564
|\ \
| * | Alternate method of forcing allocator initializationJack Lloyd2018-02-043-1/+18
| | | | | | | | | | | | That doesn't require a malloc/free every time we call ec_group_data()
| * | Add hack to deal with initialization fiascoJack Lloyd2018-02-041-0/+6
| | |
| * | Create a persistent registry for ECC group dataJack Lloyd2018-02-047-400/+541
| |/ | | | | | | Now a single copy is maintained of each EC group info
* / Fix compliation problem in PKCS11Jack Lloyd2018-02-076-1/+6
|/ | | | | | | | | ./configure.py --amal --mini --enable-modules=pkcs11 would fail to build because the guarded includes of pk_keys.h ended up hiding the declaration entirely. This is really a bug in how the amalgamation is generated but may be hard to fix in the general case.
* Merge GH #1436 In Certificate_Store load multiple certs from fileJack Lloyd2018-02-021-2/+15
|\
| * Load every certificates of files found.Mathieu Souchaud2018-02-011-2/+15
| |
* | Avoid deprecated functions in OpenSSL provider [ci skip]Jack Lloyd2018-02-011-3/+3
| |
* | Fix deprecation warningsJack Lloyd2018-02-012-11/+20
| |
* | Avoid CurveGFp in EC_Group interfaceJack Lloyd2018-01-313-21/+105
| |
* | Use shared representation of EC_GroupJack Lloyd2018-01-3111-123/+304
|/ | | | Hide CurveGFp with an eye for eventual removal
* Optimize SHA_3::expandJack Lloyd2018-01-311-15/+14
| | | | Noticable speedup for SHAKE esp with longer output lengths
* Add function to query if filesystem support is enabled.Jack Lloyd2018-01-302-0/+17
| | | | Makes for much simpler code.
* WhitespaceJack Lloyd2018-01-301-5/+5
|
* Use copy_out_vec_le instead of explicit loop in SHA-3 and KeccakJack Lloyd2018-01-302-4/+2
|
* Reorganize SHA-3 source file [ci skip]Jack Lloyd2018-01-301-35/+35
| | | | Put all the statics at beginning followed by member functions.
* Avoid allocating zero bytes for SHA-3 paddingJack Lloyd2018-01-304-27/+28
| | | | Inspired by #1433
* Add botan_x509_cert_hostname_matchJack Lloyd2018-01-302-0/+15
|
* Improve X.509 documentationJack Lloyd2018-01-291-1/+9
| | | | GH #1428
* Move generic TLS tests to test_tls.cppJack Lloyd2018-01-282-5/+7
| | | | | | Leaves unit_tls.cpp for the handshake level tests. Add some basic tests of the string<->enum conversions in tls_algos.h
* Reorder signature scheme listJack Lloyd2018-01-281-12/+20
| | | | Now PSS shows up first and we negotiate it by default ;)
* Use enums to represent TLS signature and kex algorithms.Jack Lloyd2018-01-2822-716/+1144
| | | | Adds support for PSS signatures (currently verifying only).
* Avoid resuming a session if policy doesn't allow itJack Lloyd2018-01-282-3/+4
| | | | Previously if the policy changed we'd continue to resume. #1431
* Fix a leak in OpenSSL block ciphersJack Lloyd2018-01-281-0/+3
| | | | Introduced when support for 1.1.0 API was added in #1056
* For TLS client auth add callback giving list of trusted CA namesJack Lloyd2018-01-274-5/+40
| | | | Fixes #1261
* Fix a few warningsJack Lloyd2018-01-271-2/+2
|
* Make it possible to test custom extensionsJack Lloyd2018-01-273-13/+59
|
* Add an examine callback alsoJack Lloyd2018-01-277-11/+45
|
* Add ability for application to control which TLS extensions are usedJack Lloyd2018-01-279-1/+56
| | | | GH #1186
* Fix speed test of cipher modes [ci skip]Jack Lloyd2018-01-271-0/+1
| | | | | Add BOTAN_HAS_CIPHER_MODES which is an easier to read/remember macro than BOTAN_HAS_MODES
* Merge GH #1385 Remove TLS compression negotitation logicJack Lloyd2018-01-2411-118/+60
|\
| * Remove vestigial support for TLS compressionJack Lloyd2018-01-2111-118/+60
| | | | | | | | | | It was never supported and never will be. Removing negotiation entirely simplifies the code a bit.
* | Merge GH #1429 Improve application ability to set extensions in PKCS10 requestsJack Lloyd2018-01-238-121/+201
|\ \
| * | Allow applications to easily override extensions in cert requestsJack Lloyd2018-01-238-121/+201
| |/ | | | | | | | | | | | | | | | | | | | | | | | | Refactor the code so it's possible to create a cert request without going through x509self.h (PKCS10_Request::create). Add Extensions::add_new, so we can add an extension to a PKCS10 request without stomping on one already included by the application. Refactor the X509 unit tests to avoid (some) duplicated key creations. Just create a key once at the start and use it for all of the tests. GH #1428
* | Comments from code reviewKrzysztof Kwiatkowski2018-01-222-6/+71
| |
* | FFI function for Elgamal key generationKrzysztof Kwiatkowski2018-01-212-0/+19
| | | | | | | | | | Adds function for Elgamal key generation that allows usage of 'p' chosen by the caller.
* | FFI function for DSA key generationKrzysztof Kwiatkowski2018-01-212-0/+19
|/ | | | | Adds function for DSA key generation that allows usage of 'p' and 'q' chosen by the caller.
* Add Pipe::prepend_filterJack Lloyd2018-01-212-1/+32
| | | | Fixes #1402
* Fix documentation of DataSource::end_of_data.Marcus Brinkmann2018-01-191-1/+1
|
* Merge GH #1420 Changes to (eventually) allow making BER_Object members privateJack Lloyd2018-01-1818-194/+255
|\
| * Prepare for making BER_Object members privateJack Lloyd2018-01-1818-194/+255
| | | | | | | | | | Now there are usable accessors that allow the library to avoid using BER_Object members directly.
* | Make PBES2 optionalJack Lloyd2018-01-182-9/+35
|/ | | | See #1416 for reasoning
* Fix crash in EMSA_PKCS1v15_Raw if the hash function was not enabled.Jack Lloyd2018-01-171-1/+1
| | | | GH #1416
* Correct dependencies of kdf and pbkdf [ci skip]Jack Lloyd2018-01-173-2/+5
| | | | They assumed base pulled in hash and mac which is no longer true
* First update the sieve, then check for a matchJack Lloyd2018-01-171-3/+7
| | | | | | This allows shortcutting the checks Use (p-1)/2 instead p/2, same result because p is odd but confusing.
* Merge GH #1413 Improve speed of prime generation especially safe primesJack Lloyd2018-01-173-37/+85
|\
| * Correctly handle generating small primesJack Lloyd2018-01-161-0/+12
| |
| * Improve speed of prime generation especially safe primesJack Lloyd2018-01-163-37/+73
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | First, correct a bug in the sieve code. It would break early if a value did not match up with the sieve. However in that case, the sieve values would be out of sync with the value of p, and would be returning effectively random results. This caused prime generation to be slower than it should be, both because the sieve was incorrectly rejecting values that were not multiples of any small prime and was allowing values that were multiples of small primes to move on to the Miller-Rabin test. In the sieve, also sieve so that 2*q+1 is also not a multiple of the small primes. This speeds up safe prime generation. GH #1411
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 17:02:36 +0000