| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Example:
"200305100350Z" interpreted as "2003/05/10 03:50:00 UTC"
correct is "2020/03/05 10:03:50 UTC"
According to RFC 5280:
UTCTime values ... MUST include seconds (i.e., times are YYMMDDHHMMSSZ) -> length 13
GeneralizedTime values ... MUST include seconds (i.e., times are YYYYMMDDHHMMSSZ) -> length 15
I think we should enforce the RFC5280 rules even if the ASN.1 rules are not that strict.
|
| | |
|
| |
|
|
| |
because there there is no system_rng on ios
|
| |
|
|
|
| |
Effectively disables 1024 bit RSA as well as SHA-1.
Edit the tests where required to enable it again.
|
| |
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
| | |
|
| |
|
|
|
| |
Allow custom extensions in CA-signed cert requests
Add templated getter for extensions
|
| | |
|
| |
|
|
| |
Add some try/catch blocks to the X.509 tests, and use create_private_key API
|
| | |
|
| |
|
|
| |
Some fixes for missing system_rng in ECIES and tests.
|
| |
|
|
|
|
|
|
| |
Instead the key types exposes operations like `create_encryption_op`
which will return the relevant operation if the algorithm supports it.
Changes pubkey.h interface, now RNG is passed at init time.
Blinder previous created its own RNG, now it takes it from app.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Self-issued certificates are certificates where subject_dn == issuer_dn,
but the signature is from a different key (ca key). Chains with such a
certificate could not be verified, because self-issued certificates
(1) would be taken for a self-signed certificate and
(2) find_issuing_cert() would find the same self-issued certificate
that we want to verify, generating a signature error during signature
verification.
To fix, we now first identify a certificate as self-signed only if
subject_dn == issuer_dn AND if we can verify the cert signature
with it's own key. Verification will bring some extra costs, but we
only do it once, in X509_Certificate's constructor. Second, we make
sure find_issuing_cert() does not return the very same certificate
we want to verify. This should be no problem, since path validation
currently does not seem to support validating a self-signed certificate.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Would be better to iterate over all of the key types for this type of
coverage.
Avoids Coverity dead code warning on the error-case throw.
|
| |
|
|
|
|
|
|
| |
As the alternatives are unfortunate for applications trying to catch
all library errors, and it seems deriving from std::runtime_error
causes problems with MSVC DLLs (GH #340)
Effectively reverts 2837e915d82e43
|
| |
|
|
|
|
|
|
|
|
|
| |
The tests previously had used 4 to 6 different schemes internally (the vec file
reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests
which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a
design that works everywhere, and update all the things.
Fix also a few bugs found by the test changes: SHA-512-256 name incorrect,
OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy
was wrong.
|
| | |
|
| |
|
|
|
| |
Removes filters as as an internal dependency pretty much entirely
(outside of some dusty corners in misc).
|
| |
|
|
| |
Only botan-cli, botan-tests and the FFI module depend on PKCS8
|
| | |
|
| | |
|
| |
|
|
| |
Fixes #146.
|
| |
|
|
|
|
|
| |
- Remove additional newlines in CHECK_MESSAGE call
- Remove redundant output of algo in aead_test()
Closes #115
|
| |
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
