| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |\ |
|
| | | |
|
| | | |
|
| | | |
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | | |
MSVC seems to not allow defining aliases inside lambda capture expressions.
Defining the aliases beforehand, outside the lambda fixes the issue.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Adds a small runtime benchmark to prevent performance degradation by
overprovisioning SMT CPUs with too many threads. This is a temporary
workaround until a hardware and OS independent detection of the
physical core count through Botan::CPUID is in place.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
- Adds XMSS to the index of supported signature schemes.
- Adds XMSS multithreading support to news.rst
- Updates copyright notices of edited files.
|
| | | | |
|
| | | | |
|
| |\ \ \ |
|
| | | | | |
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
Issued raised by @securitykernel on Slack, there was no non-hacky
way to decode a list of certificate objects because creating an
uninitialized one wasn't allowed. However after #884 that got much
closer to being viable, this is the last pieces.
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| |
| | |
We have to rely on non-portable OS calls to convert UTC times,
and they are not available on many systems (including Solaris and MinGW).
But instead there is a simple algorithm due to Howard Hinnant that
does the same job. Woo.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
Give applications using an external crypto device for signature
generation and/or verification and/or (ec)dh key exchange while
establishing a TLS session hooks to implement the corresponding
functionality.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Don't postpone the verification of a server certificate if certificate
status messages are not expected in client handshake. When using an
external crypto device it may be necessary to verify the certificate
before using the public key for verification of the signature in the
server key exchange message.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Since eventually CAST-256 is going away.
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This previously enabled doing something unsafe (misaligned reads),
but it turns out even on hardware that supports this, it is not
safe to do because the compiler may do something unfortunate.
Now memcpy is used, which is safe on any platform.
Should provide a noticable speedup for ARM and PPC64, which previously
used the byte-at-a-time fallback code.
|
| |\ \ \ |
|
| | |/ / |
|
| |/ /
| |
| |
| |
| | |
It's been dropped from GCC, appears OpenACC is the new hotness
for this kind of thing.
|
| | |
| |
| |
| | |
This caused a build failure when compiling with amalgamation + minimized.
|
| | | |
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This was already caught with the policy check later but it's better
to be explicit. (And in theory an application might implement their
policy version check to be "return true", which would lead to us
actually attempting to negotiate SSLv3).
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Due to an oversight in the logic, previously a client attempt to
negotiate SSLv3 would result in the server trying to negotiate
TLS v1.2. Now instead they get a protocol_error alert.
Similarly, detect the the (invalid) case of a major number <= 2,
which does not coorespond to any real TLS version. The server
would again reply as a TLS v1.2 server in that case, and now
just closes the connection with an alert.
|
| | | |
| | |
| | |
| | | |
An empty extension is not allowed, but was previously accepted.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In the client key exchange if the message was malformed (eg an
completely empty ECDH share) a Decoding_Error would be thrown,
then caught and a fake pre master secret generated. Move the
parsing of the message out of the try/catch block, so the correct
error is reported.
|
| | | |
| | |
| | |
| | |
| | | |
The previous limit of 512 bytes meant that TLS was unable to
negotiate using FFDHE-6144 or FFDHE-8192 groups.
|
| | | |
| | |
| | |
| | | |
Was a copy+paste of FFDHE 3072
|
| |/ /
| |
| |
| | |
Avoids exposing RNG output on the wire. Cheap precaution.
|
| | | |
|
| |\ \ |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
Otherwise this ended up as an assertion failure which translated
to internal_error alert.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Don't send EC point format extension in server hello unless an EC
suite was negotiated *and* the client sent the extension.
Fix server FFDHE logic, this effectively disabled DHE ciphersuites
for clients without FFDHE extension.
Use unexpected_message alert in case of an unexpected message.
(Previously an internal_error alert was sent.)
|
| |\ \ \ |
|
| | | | | |
|
| |\ \ \ \ |
|
| | |/ / / |
|
| |\ \ \ \
| |_|/ /
|/| | |
| | | | |
Compression_Algorithm and Decompression_Algorithm.
|
| | | | | |
|
| | |/ /
| | |
| | |
| | | |
Decompression_Algorithm.
|
| |/ /
| |
| |
| |
| |
| | |
When finishing, bzip2 returns BZ_STREAM_END when it has produced all output.
If we end up calling the compression routine again (even with avail_in == 0),
bzip2 returns an error.
|
