aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Fix warningsJack Lloyd2017-05-191-1/+1
|
* Fixes for MSVC version detectionJack Lloyd2017-05-191-1/+1
| | | | | See comments in https://github.com/randombit/botan/commit/7f019174bfcf3c2b31bda74fe40ce35727db1cef
* Merge GH #826 Add support for Intel SHA instructionsJack Lloyd2017-05-198-1/+477
|\
| * Set minimum compiler versions for SHA intrinsicsJack Lloyd2017-05-192-0/+12
| |
| * Add support for Intel SHA-1/SHA-2 instructionsJack Lloyd2017-05-198-1/+465
| | | | | | | | Based on GH #807 and #808
* | Add SM3 OIDs and PKCSv1.5 hash prefixJack Lloyd2017-05-192-1/+13
|/
* Merge GH #1052 Add build-time compiler detectionJack Lloyd2017-05-191-3/+3
|\
| * Let modules specify minimum compiler version, add runtime compiler version checkJack Lloyd2017-05-181-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | This comes up recently to support CPU extensions by Intel (#826) and ARM (#844) since the intrinsic functions were only added in compiler versions more recent than the minimums we generally support, but might actually be useful for all kinds of things in the future since one can add a (new, otherwise optional) C++14 or C++17 module in 2.x branch while continuing to support the current set of supported compiler versions for the main library functionality. Uses RDSEED as the test case, to ensure version detection/comparisons work on all platforms.
* | Merge GH #1051 Extensions for PKCSv1.5 signature formattingJack Lloyd2017-05-196-5/+61
|\ \
| * | Accept SHA1 and SHA-1 as aliases for hash_idJack Lloyd2017-05-181-2/+3
| | |
| * | Add botan_pkcs_hash_id to FFIJack Lloyd2017-05-185-3/+58
| | | | | | | | | | | | | | | | | | Extend EMSA_PKCS1v15_Raw to optionally take a hash function for which the PKCS hash id is prefixed to the message as usual. This allows signing a message using PKCSv1.5 padding where the hash is provided externally.
* | | Merge GH #1044 Handle IV carryover in CBC, CFB, and stream ciphersJack Lloyd2017-05-196-35/+38
|\ \ \ | |_|/ |/| |
| * | Handle IV carryover in CBC, CFB, and stream ciphersJack Lloyd2017-05-136-35/+38
| | | | | | | | | | | | | | | | | | Allow an empty nonce to mean "continue using the current cipher state". GH #864
* | | Maintainer mode fixesJack Lloyd2017-05-182-4/+9
| |/ |/|
* | Fix botan_privkey_load_rsa misleading parameter names.Daniel Wyatt2017-05-132-4/+4
|/ | | | RSA_PrivateKey's constructor take p,q,e,d,n.
* Post-merge changes to SP 800-56A KDF (GH #1040)Jack Lloyd2017-05-063-77/+120
| | | | | | | Instead of using a template split the KDF into two different classes that both call a template utility function to actually run the KDF algo. Simplify the "empty salt" logic and avoid having to instantiate a hash object just to get the hash block size.
* Merge GH #1040 Add SP800-56A KDFJack Lloyd2017-05-064-0/+178
|\
| * Align with comments from code reviewKrzysztof Kwiatkowski2017-05-042-6/+5
| |
| * Use uint64_t to represent 32-bit number (fixes unittests)Krzysztof Kwiatkowski2017-05-031-1/+1
| |
| * Update copyright headersKrzysztof Kwiatkowski2017-05-032-2/+6
| |
| * SP800-56A revision 2 implementationKrzysztof Kwiatkowski2017-05-033-29/+74
| |
| * Adds KDF based on SP 800-56A. Currently it is revision 1 (alternative 1). It ↵Krzysztof Kwiatkowski2017-05-034-0/+130
| | | | | | | | should be extended to revision 2.
* | Merge GH #1036 Add FFI botan_hash_block_sizeJack Lloyd2017-05-032-0/+13
|\ \
| * | Add FFI botan_hash_block_size.Daniel Wyatt2017-04-302-0/+13
| |/
* | Merge GH #1033 Fix FFI botan_bcrypt_is_valid return codeJack Lloyd2017-05-031-2/+1
|\ \
| * | Fix botan_bcrypt_is_valid return code.Daniel Wyatt2017-04-291-2/+1
| |/ | | | | | | | | Currently it returns 0 on success and BOTAN_FFI_ERROR_EXCEPTION_THROWN otherwise, which is a bit inaccurate and not consistent with the rest of the FFI interface.
* / Generate private RSA key with OpenSSL.Alexander Bluhm2017-04-304-2/+80
|/ | | | | Implement RSA private key generation with RSA_generate_key_ex(). Make PK_Key_Generation_Test iterate over all providers.
* Merge GH #1032 Throw exception with OpenSSL error message if OpenSSL API ↵Jack Lloyd2017-04-295-35/+65
|\ | | | | | | call fails
| * Throw OpenSSL exception if any OpenSSL function failed.Alexander Bluhm2017-04-295-35/+65
| | | | | | | | | | Checking for all failures helps to find problems early. The OpenSSL_Error() exception provides the OpenSSL error string.
* | Do not load OpenSSL error messages in library.Alexander Bluhm2017-04-281-1/+0
|/ | | | | | The function ERR_load_crypto_strings() should be called by the program or during library initializeation. Remove it from get_openssl_enc_pad(), this looks like an accident.
* Merge GH #1000 Support seeking in CTR modeJack Lloyd2017-04-272-25/+46
|\
| * Refactor: remove big-endian addition code duplicationRené Meusel2017-04-132-18/+27
| |
| * Refactor: use ::seek(0) in CTR_BE::set_iv()René Meusel2017-04-131-18/+1
| |
| * Add implementation of CTR_BE::seek()René Meusel2017-04-132-2/+31
| |
* | Merge GH #1022 Support CBC ciphers via OpenSSLJack Lloyd2017-04-274-5/+253
|\ \
| * | Implement cipher modes with OpenSSL.Alexander Bluhm2017-04-254-5/+253
| | | | | | | | | | | | | | | | | | Use the OpenSSL provider to implement AES CBC mode. Also pass down the provider to the encryption layer if there is no matching OpenSSL mode. Add a test with empty nonce.
* | | Merge GH #1017 Complete wildcard handling for X.509 certificatesJack Lloyd2017-04-271-4/+84
|\ \ \
| * | | Complete wildcard handling for X.509 certificatesRené Korthaus2017-04-201-4/+84
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hostname validation is used to make sure the certificate hostname matches the hostname of the connected host. RFC 6125 allows one wildcard in the left-most label of a hostname. Up to now, we only supported only the wildcard as the left-most label, e.g., www.example.com would match *.example.com, but www.example.com would not match www*.example.com, although it is permitted. Also adds test vectors from RFC 6125 as well as the OpenSSL test suite.
* | | Merge GH #1023 Add missing functions to TLS::Text_PolicyJack Lloyd2017-04-271-1/+13
|\ \ \
| * | | Make it easier to customize Text_Policy when inheriting from itlouiz’2017-04-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | This way, the library user can improve the class by adding missing functions or some other tweak they may find useful. Without any access to m_kv this is impossible.
| * | | Add some missing function overrides in TLS::Text_Policylouiz’2017-04-251-0/+12
| |/ /
* | | Merge GH #1027 Add error return to botan_mp_to_strJack Lloyd2017-04-271-1/+1
|\ \ \
| * | | Add explicit return to FFI botan_mp_to_str.Daniel Wyatt2017-04-261-1/+1
| |/ / | | | | | | | | | This way we know if the buffer is insufficient.
* / / Add BOTAN_ALIGNAS macro for MSVC 2013Jack Lloyd2017-04-271-0/+9
|/ / | | | | | | GH #1009
* | Fix Clang warning in ffiJack Lloyd2017-04-191-121/+117
| | | | | | | | | | | | | | The do_get_field functions had C linkage but returned BigInt, which is a warning under Clang at least. Move these functions up outside of the extern "C" block, and rename them to not match the FFI function since these are not publically accessible APIs, just helper functions.
* | Use 3 arg BOTAN_UNUSED in a codepath that is compiled oftenSimon Warta2017-04-171-3/+1
| | | | | | | | | | just to verify the implementation works fine across platforms and compilers
* | Mark correct variables unused in FFI botan_{pub,priv}key_load_elgamalSimon Warta2017-04-161-7/+2
| | | | | | | | Closes #1011
* | Improve unused handling in ffi methodsSimon Warta2017-04-161-16/+8
| | | | | | | | | | Make sure `key` is not touched when method is not implemented. Use one line UNUSED statements
* | Let BOTAN_UNUSED take between 1 and 9 argumentsSimon Warta2017-04-161-2/+26
| |
* | Merge GH #1006 Fix FFI cipher interface (see also GH #1003)Jack Lloyd2017-04-151-0/+2
|\ \