aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Create a persistent registry for ECC group dataJack Lloyd2018-02-047-400/+541
| | | | Now a single copy is maintained of each EC group info
* Merge GH #1436 In Certificate_Store load multiple certs from fileJack Lloyd2018-02-021-2/+15
|\
| * Load every certificates of files found.Mathieu Souchaud2018-02-011-2/+15
| |
* | Avoid deprecated functions in OpenSSL provider [ci skip]Jack Lloyd2018-02-011-3/+3
| |
* | Fix deprecation warningsJack Lloyd2018-02-012-11/+20
| |
* | Avoid CurveGFp in EC_Group interfaceJack Lloyd2018-01-313-21/+105
| |
* | Use shared representation of EC_GroupJack Lloyd2018-01-3111-123/+304
|/ | | | Hide CurveGFp with an eye for eventual removal
* Optimize SHA_3::expandJack Lloyd2018-01-311-15/+14
| | | | Noticable speedup for SHAKE esp with longer output lengths
* Add function to query if filesystem support is enabled.Jack Lloyd2018-01-302-0/+17
| | | | Makes for much simpler code.
* WhitespaceJack Lloyd2018-01-301-5/+5
|
* Use copy_out_vec_le instead of explicit loop in SHA-3 and KeccakJack Lloyd2018-01-302-4/+2
|
* Reorganize SHA-3 source file [ci skip]Jack Lloyd2018-01-301-35/+35
| | | | Put all the statics at beginning followed by member functions.
* Avoid allocating zero bytes for SHA-3 paddingJack Lloyd2018-01-304-27/+28
| | | | Inspired by #1433
* Add botan_x509_cert_hostname_matchJack Lloyd2018-01-302-0/+15
|
* Improve X.509 documentationJack Lloyd2018-01-291-1/+9
| | | | GH #1428
* Move generic TLS tests to test_tls.cppJack Lloyd2018-01-282-5/+7
| | | | | | Leaves unit_tls.cpp for the handshake level tests. Add some basic tests of the string<->enum conversions in tls_algos.h
* Reorder signature scheme listJack Lloyd2018-01-281-12/+20
| | | | Now PSS shows up first and we negotiate it by default ;)
* Use enums to represent TLS signature and kex algorithms.Jack Lloyd2018-01-2822-716/+1144
| | | | Adds support for PSS signatures (currently verifying only).
* Avoid resuming a session if policy doesn't allow itJack Lloyd2018-01-282-3/+4
| | | | Previously if the policy changed we'd continue to resume. #1431
* Fix a leak in OpenSSL block ciphersJack Lloyd2018-01-281-0/+3
| | | | Introduced when support for 1.1.0 API was added in #1056
* For TLS client auth add callback giving list of trusted CA namesJack Lloyd2018-01-274-5/+40
| | | | Fixes #1261
* Fix a few warningsJack Lloyd2018-01-271-2/+2
|
* Make it possible to test custom extensionsJack Lloyd2018-01-273-13/+59
|
* Add an examine callback alsoJack Lloyd2018-01-277-11/+45
|
* Add ability for application to control which TLS extensions are usedJack Lloyd2018-01-279-1/+56
| | | | GH #1186
* Fix speed test of cipher modes [ci skip]Jack Lloyd2018-01-271-0/+1
| | | | | Add BOTAN_HAS_CIPHER_MODES which is an easier to read/remember macro than BOTAN_HAS_MODES
* Merge GH #1385 Remove TLS compression negotitation logicJack Lloyd2018-01-2411-118/+60
|\
| * Remove vestigial support for TLS compressionJack Lloyd2018-01-2111-118/+60
| | | | | | | | | | It was never supported and never will be. Removing negotiation entirely simplifies the code a bit.
* | Merge GH #1429 Improve application ability to set extensions in PKCS10 requestsJack Lloyd2018-01-238-121/+201
|\ \
| * | Allow applications to easily override extensions in cert requestsJack Lloyd2018-01-238-121/+201
| |/ | | | | | | | | | | | | | | | | | | | | | | | | Refactor the code so it's possible to create a cert request without going through x509self.h (PKCS10_Request::create). Add Extensions::add_new, so we can add an extension to a PKCS10 request without stomping on one already included by the application. Refactor the X509 unit tests to avoid (some) duplicated key creations. Just create a key once at the start and use it for all of the tests. GH #1428
* | Comments from code reviewKrzysztof Kwiatkowski2018-01-222-6/+71
| |
* | FFI function for Elgamal key generationKrzysztof Kwiatkowski2018-01-212-0/+19
| | | | | | | | | | Adds function for Elgamal key generation that allows usage of 'p' chosen by the caller.
* | FFI function for DSA key generationKrzysztof Kwiatkowski2018-01-212-0/+19
|/ | | | | Adds function for DSA key generation that allows usage of 'p' and 'q' chosen by the caller.
* Add Pipe::prepend_filterJack Lloyd2018-01-212-1/+32
| | | | Fixes #1402
* Fix documentation of DataSource::end_of_data.Marcus Brinkmann2018-01-191-1/+1
|
* Merge GH #1420 Changes to (eventually) allow making BER_Object members privateJack Lloyd2018-01-1818-194/+255
|\
| * Prepare for making BER_Object members privateJack Lloyd2018-01-1818-194/+255
| | | | | | | | | | Now there are usable accessors that allow the library to avoid using BER_Object members directly.
* | Make PBES2 optionalJack Lloyd2018-01-182-9/+35
|/ | | | See #1416 for reasoning
* Fix crash in EMSA_PKCS1v15_Raw if the hash function was not enabled.Jack Lloyd2018-01-171-1/+1
| | | | GH #1416
* Correct dependencies of kdf and pbkdf [ci skip]Jack Lloyd2018-01-173-2/+5
| | | | They assumed base pulled in hash and mac which is no longer true
* First update the sieve, then check for a matchJack Lloyd2018-01-171-3/+7
| | | | | | This allows shortcutting the checks Use (p-1)/2 instead p/2, same result because p is odd but confusing.
* Merge GH #1413 Improve speed of prime generation especially safe primesJack Lloyd2018-01-173-37/+85
|\
| * Correctly handle generating small primesJack Lloyd2018-01-161-0/+12
| |
| * Improve speed of prime generation especially safe primesJack Lloyd2018-01-163-37/+73
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | First, correct a bug in the sieve code. It would break early if a value did not match up with the sieve. However in that case, the sieve values would be out of sync with the value of p, and would be returning effectively random results. This caused prime generation to be slower than it should be, both because the sieve was incorrectly rejecting values that were not multiples of any small prime and was allowing values that were multiples of small primes to move on to the Miller-Rabin test. In the sieve, also sieve so that 2*q+1 is also not a multiple of the small primes. This speeds up safe prime generation. GH #1411
* | Merge GH #1408 Use an ABI flag for enabling Aarch64 crypto operationsJack Lloyd2018-01-174-14/+4
|\ \ | |/ |/|
| * ABI for Aarch64 cryptoJack Lloyd2018-01-124-14/+4
| |
* | Enforce an overall max depth on recursion in ASN1 printerJack Lloyd2018-01-152-14/+41
| | | | | | | | | | Otherwise a sufficiently nested value can cause us to recurse endlessly, causing stack exhaustion. OSS-Fuzz 5333
* | Fix return value of PK_Encryptor::maximum_input_sizeJack Lloyd2018-01-131-1/+1
| | | | | | | | Fixes GH #1410
* | Expose SM2_compute_zaJack Lloyd2018-01-121-6/+7
|/ | | | | Was already supposed to be public, which is why it's declared in a public header - just missed the export annotation.
* Merge GH #1407 Don't have hard dependency on base classesJack Lloyd2018-01-1226-16/+136
|\