aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Content:Tomasz Frydrych2017-04-0391-238/+223
| | | | | | | | | * fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations) * `default` specifier instead of `{}` in some places(probably all) * removal of unreachable code (for example `return` after `throw`) * removal of compilation unit only visible, but not used functions * fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT` * removed not needed semicolons
* Merge GH #962 More configure.py refactorings/improvementsJack Lloyd2017-04-03177-191/+538
|\
| * Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-02177-191/+538
| |
* | Merge GH #961 Add some more BigInt functions to C APIJack Lloyd2017-04-022-47/+137
|\ \ | |/ |/|
| * Add some more useful bigint functions to C interfaceJack Lloyd2017-03-312-47/+137
| |
* | Fix Doxygen comment errorsJack Lloyd2017-03-311-1/+3
|/ | | | [ci skip]
* Merge GH #954 Always poll 256 bytes from getentropy syscallJack Lloyd2017-03-301-3/+4
|\
| * Always poll 256 bytes from Getentropy.Alexander Bluhm2017-03-301-3/+4
| | | | | | | | | | | | The OpenBSD system limit for getentropy(2) is 256 bytes. It does not make sense to use the BOTAN_SYSTEM_RNG_POLL_REQUEST define here. As it is only used in one place, another define would be overkill.
* | Use arc4random(3) as system rng on OpenBSD.Alexander Bluhm2017-03-301-0/+15
|/ | | | | | | | | OpenBSD provides the arc4random(3) function in libc for user land programs that need good random data. Use this to implement the Botan system random number generator. It has the advantage over /dev/urandom that it works without file descriptors and in chroot(2) environment. Internally libc is currently using a ChaCha20 cipher as PRNG and getentropy(2) to reseed itself automatically.
* Disable entropy proc_walk on OpenBSD.Alexander Bluhm2017-03-301-1/+0
| | | | | The /proc file system was disabled for years. With OpenBSD 5.7 the implementation has been removed from the kernel sources.
* Merge GH #899 Add ability to specify iterations when encrypting a private keyJack Lloyd2017-03-296-18/+382
|\
| * Add ability to specify iterations when encrypting a private keyJack Lloyd2017-02-266-18/+382
| | | | | | | | GH #896
* | Merge GH #946 Expose multiple precision integers in C interfaceJack Lloyd2017-03-293-10/+500
|\ \
| * | Expose BigInt API subset to C APIJack Lloyd2017-03-283-10/+500
| | | | | | | | | | | | Also adds RSA key constructors using BN
* | | Use getentropy(2) as random source.Alexander Bluhm2017-03-294-0/+78
|/ / | | | | | | | | | | | | | | Gather entropy from system call getentropy(2). This is available since in OpenBSD 5.6 and Solaris 11.3. It can provide up to 256 bytes entropy from the kernel without blocking. As a system call it does not need a file descriptor and works in chroot(2) environments without device nodes.
* | Merge GH #944 Add check_key to C APIJack Lloyd2017-03-282-1/+21
|\ \
| * | Expose PK::check_key functions in C interfaceJack Lloyd2017-03-272-1/+21
| | |
* | | Fix incorrect password truncation in bcrypt password hashing.Jack Lloyd2017-03-241-7/+11
|/ / | | | | | | | | | | | | | | | | | | The 56 char bound is bogus; Blowfish itself allows at most 448 bits in the key schedule, but Bcrypt's modification allows up to 72 chars for the password. Bug pointed out by Solar Designer. Also reject work factors 0...3 since all other extant bcrypt implementations require at least work factor 4. Adds more bcrypt tests generated by crypt_bcrypt and OpenBSD's version.
* | Fix some compiler warnings.Jack Lloyd2017-03-222-2/+2
| |
* | Remove duplicate include GH #928Jack Lloyd2017-03-221-1/+0
| |
* | Merge GH #897 Add generic memory type BER decoderJack Lloyd2017-03-221-0/+32
|\ \
| * | Add generic memory type value BER decoderNuno Goncalves2017-03-071-0/+32
| | | | | | | | | | | | Signed-off-by: Nuno Goncalves <[email protected]>
* | | Fix #917: calendar_point::to_std_timepoint() does not support years after 2037Daniel Neus2017-03-211-3/+4
| | | | | | | | | | | | Only throw on systems where 32 bit std::time_t is used.
* | | No C++ exceptions from cpu probe functions. See GH #920Jack Lloyd2017-03-192-26/+11
| | |
* | | Fix further compiler macro bug exposed by #921Jack Lloyd2017-03-191-1/+1
| | |
* | | BOTAN_TARGET_COMPILER_IS -> BOTAN_BUILD_COMPILER_ISDaniel Neus2017-03-152-2/+2
| | |
* | | Merge GH #913 Follow PKIX rules for X.509 time formattingJack Lloyd2017-03-131-2/+2
|\ \ \
| * | | Fix: UTCTime interpreted as GeneralizedTimeDaniel Neus2017-03-131-2/+2
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Example: "200305100350Z" interpreted as "2003/05/10 03:50:00 UTC" correct is "2020/03/05 10:03:50 UTC" According to RFC 5280: UTCTime values ... MUST include seconds (i.e., times are YYMMDDHHMMSSZ) -> length 13 GeneralizedTime values ... MUST include seconds (i.e., times are YYYYMMDDHHMMSSZ) -> length 15 I think we should enforce the RFC5280 rules even if the ASN.1 rules are not that strict.
* / / Small fixes in API docs [ci skip]René Korthaus2017-03-092-4/+4
|/ /
* | Allow OCSP requests without the full subject certificateNuno Goncalves2017-03-045-16/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A OCSP request doesn't need the full subject certificate. This extends the API to require instead of the subject certificate: * OCSP::Request: subject serial. * OCSP::online_check: subject serial AND ocsp responder url. API breaking change: * removal of OCSP::Request::subject() as OCSP::Request doesn't need to hold the certificate, but only the serial. Signed-off-by: Nuno Goncalves <[email protected]>
* | Avoid calling memmove with a null source in PKCSv1 signature encodingJack Lloyd2017-03-031-1/+7
| | | | | | | | Only occured with EMSA_Raw. Caught by GCC 7 warning
* | Add missing include, caught by GCC 7Jack Lloyd2017-03-031-0/+1
| | | | | | | | Closes GH #903
* | Merge GH #902 Extend EC_PublicKey check, add EC_Group check, ECC invalid key ↵Jack Lloyd2017-03-023-3/+79
|\ \ | | | | | | | | | tests
| * | verify ec domain in EC_PublicKey::check_keyNever2017-02-281-1/+6
| | |
| * | EC_PublicKey::check_key for curves with cofactor > 1Never2017-02-271-1/+24
| | |
| * | Add ec_group verify functionNever2017-02-242-1/+49
| | |
* | | Merge GH #893 Remove ECC fixed window codeJack Lloyd2017-03-021-48/+2
|\ \ \ | |_|/ |/| |
| * | Converge on a single side channel silent ec mp alg: randomizedNever2017-02-221-48/+2
| |/ | | | | | | | | Montgomery ladder with order.bits()/2 bit scalar blinding and point randomization
* | Merge GH #891 Constant time decoding for ISO 9796 unpaddingJack Lloyd2017-02-261-14/+26
|\ \ | | | | | | | | | | | | | | | Including missing length check #888 Replaces #889
| * | fix possible iso9796 side channel and add length checkNever2017-02-211-14/+26
| |/
* / Remove verify_end() chained immediatly before end_cons() (close #890)Nuno Goncalves2017-02-258-12/+0
|/ | | | | | | BER_Decoder::end_cons() allready assures the verify_end() function, so it is redundant. Signed-off-by: Nuno Goncalves <[email protected]>
* Avoid use of deprecated function in (deprecated) Serialized_RNG constructorJack Lloyd2017-02-192-2/+12
|
* Merge GH #881 Adjust number of Miller-Rabin iterations in DSA param gen and ↵Jack Lloyd2017-02-192-3/+3
|\ | | | | | | RSA checks
| * increase miller-rabin iterations for RSA strong check_key. We call is_prime ↵Never2017-02-131-1/+1
| | | | | | | | with prob=128 during sampling and we should check with the same prob
| * increase miller-rabin iterations for dsa primes (FIPS-186-4)Never2017-02-131-2/+2
| |
* | Document hash, rng, mac, pbkdf and kdf in ffi handbookRené Korthaus2017-02-191-34/+171
| |
* | Add more docs for ffiRené Korthaus2017-02-191-1/+31
| |
* | Resolve Doxygen error in cpuid.hJack Lloyd2017-02-111-1/+2
|/ | | | The macro has to be on its own line or Doxygen gets confused.
* Remove function comments n*4/3 and n*3/4 in base64Evgeny Pokhilko2017-02-062-6/+29
| | | | | | | The parameter comments were misleading because they did not take into account that input_length must be rounded up to a multiple of 3 and 4 for encode and decode respectively. Two new functions were added to calculate the correct maximum output length.
* Support zero-length IV in ChaChaJack Lloyd2017-02-022-3/+17
| | | | Equivalent to an 8 byte all-zero IV, same handling as Salsa.