aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Merge GH #814 Avoid negotiating CECPQ1 if x25519 ECC is disabledJack Lloyd2017-01-061-0/+10
|\
| * Avoid negotiating CECPQ1 if x25519 ECC is disabledJack Lloyd2017-01-051-0/+10
| |
* | Merge GH #813 Remove obsolete entropy source infoJack Lloyd2017-01-061-18/+0
|\ \
| * | removed two more obsolete entropy source referencesDaniel Neus2017-01-061-14/+0
| | |
| * | Remove obsolete hres_timer includeDaniel Neus2017-01-061-4/+0
| | | | | | | | | | | | module doesn't exist anymore
* | | Return 0 bits in Darwin_SecRandom::poll on SecRandomCopyBytes failureDaniel Neus2017-01-061-0/+2
|/ /
* | Merge GH #806 Add tests for TLS certificate static messageJack Lloyd2017-01-051-8/+8
|\ \
| * | Add tests for certificate status messageJack Lloyd2017-01-041-8/+8
| |/ | | | | | | | | | | | | Currently untested by TLS crosstalk tests because it is not supported on the server side. Exposes the rest of TLS message types to application.
* | Merge GH #803 Add botan_ffi_supports_version funcJack Lloyd2017-01-052-0/+17
|\ \
| * | Add botan_ffi_supports_api functionJack Lloyd2017-01-042-0/+17
| |/ | | | | | | | | | | | | | | | | | | | | | | This lets us upgrade the FFI version over time and still allow applications to reliably detect if the current library binary supports their version. As an example, it would be useful to be able to add features to FFI sometime in 2.x. In that case, we would increase the value of the FFI API version, even though anything calling the old API would still work perfectly. Applications can verify at runtime the API they want to use is supported using this new call.
* / Move Data_Store from utils to x509Jack Lloyd2017-01-045-4/+4
|/ | | | | It is not a general purpose util or something we want applications to use. It is only used by x509 and hopefully will be removed from there soon enough.
* Merge GH #793 Add iOS targetJack Lloyd2017-01-031-0/+2
|\
| * Add os iosSimon Warta2017-01-031-0/+2
| |
* | Fix comment typo [ci skip]Jack Lloyd2017-01-031-1/+1
| |
* | Avoid using target function attribute in Clang before 3.8Jack Lloyd2017-01-031-1/+1
|/ | | | | | | | | | We support 3.5 or higher generally, but only Clang 3.8 has the function attributes. This doesn't affect the build with older Clang because the makefile still sets file-wide ISA flags. GCC supports this attribute in all versions we support. Fixes GH #797
* Remove SRP6 file supportJack Lloyd2016-12-312-133/+0
| | | | | | | | | | | | | It turns out SRP6 files use a different base64 alphabet than standard, and additionally Botan's decoding of the group id seems wrong though I haven't verified this second was a bug. In any case this code couldn't parse anything it was supposed to and never could. I had already planned on adding a database backed SRP store and removing this code but the fact that it's actually not functional for purpose suggests it's best to remove this now rather than let someone chance upon it and be endlessly frustrated that it doesn't seem to work because all the verifiers are garbled.
* Add a simple test of the all or nothing transformJack Lloyd2016-12-311-2/+2
|
* Improve filter testsJack Lloyd2016-12-313-2/+10
| | | | | | | Fix a bug in Pipe::check_available that must date back 15 years... Add destructors to compression filter so unique_ptr destructor runs without user having to include an extra header for the owned type.
* Increase default TLS DH min to 2048 bits, and add BSI policy class.Jack Lloyd2016-12-302-2/+56
| | | | | Moves BSI policy file to test data dir where it can be compared with what the hardcoded class outputs.
* Merge GH #785 Disable SHA-1 and weak RSA by default during cert validationJack Lloyd2016-12-301-6/+8
|\
| * Increase Path_Validation_Restrictions default min strength to 110Jack Lloyd2016-12-271-6/+8
| | | | | | | | | | Effectively disables 1024 bit RSA as well as SHA-1. Edit the tests where required to enable it again.
* | Add CECPQ1 OCB ciphersuitesJack Lloyd2016-12-301-1/+3
| | | | | | | | | | | | Clean up the ciphersuite generation script a bit. [ci skip]
* | Tiny code simplificationJack Lloyd2016-12-301-3/+1
| |
* | Prohibit SHA256/SHA384 ciphersuites in TLS 1.0/1.1 (GH #496)Jack Lloyd2016-12-281-3/+10
|/
* Remove unnecessary BOTAN_DLL annotationsJack Lloyd2016-12-274-5/+5
|
* Speed up DSA param gen testJack Lloyd2016-12-262-8/+14
| | | | Record counter value in test data, and start the search from there.
* Merge GH #783 Expose TLS message types to applicationsJack Lloyd2016-12-2420-30/+43
|\
| * Export tls_messages.h as a public headerRené Korthaus2016-12-2320-30/+43
| | | | | | | | | | | | | | TLS::Callbacks::inspect_handshake_message() allows applications to inspect all handshake messages, but this requires access to the types in tls_messages.h. As a matter of fact, this also exports tls_extensions.h as a public header.
* | Compile fixJack Lloyd2016-12-231-0/+1
| |
* | Fix file descriptor leak introduced in bcae34c0cJack Lloyd2016-12-232-5/+1
|/ | | | Caused tests to fail on CI
* Remove nested anon namespaceJack Lloyd2016-12-231-4/+0
|
* Add DL_Group testsJack Lloyd2016-12-232-6/+6
| | | | | | | | | Fix a bug in how the 6144 and 8192 IETF MODP groups were encoded; they have g and q values switched. Fixed by just switching the PEM header to match the actual encoded format. Rename DL_Group::X942_DH_PARAMETERS to ANSI_X9_42_DH_PARAMETERS to avoid a macro conflict with Windows cryptography headers (GH #482)
* More filter testsJack Lloyd2016-12-224-33/+28
| | | | | Expose Data{Source,Sink}_Stream types even if no filesystem is available. Instead just guard the constructors taking a pathname.
* Merge GH #779 Add ECDH/ECIES blinding and DH small subgroup checkingJack Lloyd2016-12-214-18/+55
|\
| * Add missing q == 0 check in DL_Scheme_PublicKey::check_key() as q may not be ↵Never2016-12-201-7/+19
| | | | | | | | available in all groups
| * Blind the ECDH/ECIES agree operation.Never2016-12-192-12/+21
| |
| * Added DH public key check y^q mod p = 1 against small-subgroup attacks as ↵Never2016-12-191-0/+2
| | | | | | | | described in rfc2785
| * Improved DL_Group verification. The group is invalid, if g^q mod p !=1 and ↵Never2016-12-191-5/+19
| | | | | | | | increased number of Miller-Rabin iterations, if strong is set (we pass 128 as prob in make_prm.cpp).
* | ISO-9796-2 doxygen build fixesDaniel Neus2016-12-191-4/+4
| |
* | Add CertificatePathStatusCodes typedefJack Lloyd2016-12-182-31/+37
| | | | | | | | Little easier to read perhaps, and helps prevent some astyle confusion.
* | Convert to using standard uintN_t integer typesJack Lloyd2016-12-18545-5334/+5338
| | | | | | | | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* | IncludeOS has random device files nowJack Lloyd2016-12-181-0/+1
| | | | | | | | | | | | GH #726 [ci skip]
* | Disable TLS signature and finished message checks in fuzzer modeJack Lloyd2016-12-173-3/+23
| | | | | | | | | | Also use a const time comparison for the finished message, though I don't see any real way of exploiting that timing channel.
* | Add support for brainpool curves in openssl providerRené Korthaus2016-12-171-1/+17
| | | | | | | | | | OpenSSL 1.0.2 added support for brainpool curves, so we can use it provided the version check succeeds.
* | Fix clang-analyzer warning in AES codeJack Lloyd2016-12-161-6/+4
| | | | | | | | | | | | The previous assert had been already put there for the benefit of clang-analyzer, but in Clang 3.9 it does not help. Instead test X value directly, which works.
* | Remove debug codeJack Lloyd2016-12-141-1/+1
| |
* | Fix exponentiation bug, related fixesJack Lloyd2016-12-147-34/+79
|/ | | | | | | | | | | | | | | GH #754 exposed a bug in the non-Montgomery exponentiation case. It turned out then when the fixed window was picked to any value > 1, the result would be incorrect due to an off by one. This is the one line fix in powm_fw.cpp Also fix a bug in bigint_mul which caused incorrect results, because the output BigInt was not being zeroed out before use. This is only exposed in rare cases, found (somewhat indirectly) in OSS-Fuzz #287. Add more modular exponentiation tests, which would have caught these issues earlier.
* In ressol, prohibit a >= pJack Lloyd2016-12-111-3/+5
| | | | Technically defined, but should never be seen in practical crypto context.
* Public_Key derived class ctors take an std::vector<byte>René Korthaus2016-12-1123-37/+37
| | | | | | | Changes all the Public_Key derived classes ctors to take a std::vector instead of a secure_vector for the DER encoded public key bits. There is no point in transporting a public key in secure storage. (GH #768)
* Merge GH #765 Rewrite CBC unpadding operations as const timeJack Lloyd2016-12-102-41/+69
|\