aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests
Commit message (Collapse)AuthorAgeFilesLines
* Merge GH #1053 Fix path length constraint checking (GH #991)Jack Lloyd2017-05-2112-0/+276
|\
| * fix pathLenConstraint validationDaniel Neus2017-05-1912-0/+276
| | | | | | | | | | | | | | | | | | | | | | Fixes GH #991 The problem with the current implementation of the chain validation code is that is runs from the end certificate to the trust cert. @securitykernel and me tried to fix the pathLenConstraint validation within this reverse loop but we were not sure if we missed some edge cases. So we felt safer to use the algorithm listed in RFC 5280 which executes from the top to the bottom. It's probably best to rewrite the code to use the whole algorithm from RFC 5280, i.e. validating the chain from the trust to the end cert. Additionally, we wrote some tests including the one that raised this issue initially.
* | Fix warningsJack Lloyd2017-05-191-2/+2
| |
* | Add support for Intel SHA-1/SHA-2 instructionsJack Lloyd2017-05-193-1/+5
| | | | | | | | Based on GH #807 and #808
* | Merge GH #1051 Extensions for PKCSv1.5 signature formattingJack Lloyd2017-05-192-0/+35
|\ \
| * | Add botan_pkcs_hash_id to FFIJack Lloyd2017-05-182-0/+35
| |/ | | | | | | | | | | Extend EMSA_PKCS1v15_Raw to optionally take a hash function for which the PKCS hash id is prefixed to the message as usual. This allows signing a message using PKCSv1.5 padding where the hash is provided externally.
* | Merge GH #1044 Handle IV carryover in CBC, CFB, and stream ciphersJack Lloyd2017-05-193-8/+205
|\ \ | |/ |/|
| * Handle IV carryover in CBC, CFB, and stream ciphersJack Lloyd2017-05-133-8/+205
| | | | | | | | | | | | Allow an empty nonce to mean "continue using the current cipher state". GH #864
* | Fix botan_privkey_load_rsa misleading parameter names.Daniel Wyatt2017-05-131-1/+1
|/ | | | RSA_PrivateKey's constructor take p,q,e,d,n.
* Merge GH #1040 Add SP800-56A KDFJack Lloyd2017-05-061-0/+2893
|\
| * KDF SP800-56A: Add test vectors with 0 length salt to improve coverageKrzysztof Kwiatkowski2017-05-031-0/+60
| |
| * Add vectors for HMAC backed SP800-56A KDFKrzysztof Kwiatkowski2017-05-031-2/+1417
| |
| * Adds KDF based on SP 800-56A. Currently it is revision 1 (alternative 1). It ↵Krzysztof Kwiatkowski2017-05-031-0/+1418
| | | | | | | | should be extended to revision 2.
* | Merge GH #1036 Add FFI botan_hash_block_sizeJack Lloyd2017-05-031-0/+5
|\ \
| * | Add FFI botan_hash_block_size.Daniel Wyatt2017-04-301-0/+5
| |/
* | Merge GH #1035 Support generating RSA keys with OpenSSLJack Lloyd2017-05-034-95/+115
|\ \
| * | Generate private RSA key with OpenSSL.Alexander Bluhm2017-04-304-95/+115
| |/ | | | | | | | | Implement RSA private key generation with RSA_generate_key_ex(). Make PK_Key_Generation_Test iterate over all providers.
* | Fix some ugly line breaks from #980 in test_ffiJack Lloyd2017-05-031-25/+26
| |
* | Reformat code with astyle + fix code styleTomasz Frydrych2017-05-0171-1320/+1904
|/
* Show OpenSSL error messages if test fails.Alexander Bluhm2017-04-281-0/+10
| | | | | | Call ERR_load_crypto_strings() during test initialization if the openssl provider is also tested. This gives human readable error messages.
* Merge GH #1000 Support seeking in CTR modeJack Lloyd2017-04-271-0/+2810
|\
| * add test sets for CTR-BE(***)René Meusel2017-04-131-0/+2810
| |
* | Merge GH #1022 Support CBC ciphers via OpenSSLJack Lloyd2017-04-272-66/+91
|\ \
| * | Implement cipher modes with OpenSSL.Alexander Bluhm2017-04-252-66/+91
| | | | | | | | | | | | | | | | | | Use the OpenSSL provider to implement AES CBC mode. Also pass down the provider to the encryption layer if there is no matching OpenSSL mode. Add a test with empty nonce.
* | | Merge GH #1017 Complete wildcard handling for X.509 certificatesJack Lloyd2017-04-272-0/+94
|\ \ \
| * | | Complete wildcard handling for X.509 certificatesRené Korthaus2017-04-202-0/+94
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hostname validation is used to make sure the certificate hostname matches the hostname of the connected host. RFC 6125 allows one wildcard in the left-most label of a hostname. Up to now, we only supported only the wildcard as the left-most label, e.g., www.example.com would match *.example.com, but www.example.com would not match www*.example.com, although it is permitted. Also adds test vectors from RFC 6125 as well as the OpenSSL test suite.
* | | | Merge GH #1027 Add error return to botan_mp_to_strJack Lloyd2017-04-271-0/+3
|\ \ \ \
| * | | | Add explicit return to FFI botan_mp_to_str.Daniel Wyatt2017-04-261-0/+3
| | |/ / | |/| | | | | | | | | | This way we know if the buffer is insufficient.
* / | | In text-based tests clear all data if algo changesJack Lloyd2017-04-271-0/+1
|/ / / | | | | | | | | | | | | | | | | | | Curious test failure, HMAC(MD5) failing with "invalid IV length" (HMAC doesn't support an IV), it turned out to be the IV was left around from the previously run GMAC test. Just clear out all vars if a new [algo] header is seen in the file.
* | | Filter provider in test loops, skip text based without provider.Alexander Bluhm2017-04-218-22/+48
| | | | | | | | | | | | | | | | | | | | | | | | The tests for block, hash, stream, pubkey, and mac loop over all possible crypto providers. If a specific provider is given on the botan-test command line, use only this one. If the provider to be tested is restricted, skip text based tests that do not have a possible provider.
* | | Run tests for a specific provider.Alexander Bluhm2017-04-213-2/+48
|/ / | | | | | | | | | | | | | | Currently botan runs the tests for all crypto providers it can find. Add a --provider option for botan-test to specify exactly one provider. This allows to see which parts of a specific implementation have been tested. Pass down the given provider to a specific test class.
* | Merge GH #1006 Fix FFI cipher interface (see also GH #1003)Jack Lloyd2017-04-151-65/+205
|\ \
| * | Add tests of GCM and CTR modeJack Lloyd2017-04-141-64/+205
| | |
| * | Fix FFI cipher interfaceJack Lloyd2017-04-141-11/+10
| | | | | | | | | | | | | | | | | | Was totally broken, when not encrypting in one shot. (GH #1003) Enable the test, which had been commented out :(
* | | Support for ElGamal in FFI interfaceKrzysztof Kwiatkowski2017-04-141-0/+76
|/ / | | | | | | | | | | * Adds `botan_pubkey_load_elgamal' and `botan_privkey_load_elgamal' functions to FFI interface. * Adds test `ffi_test_elgamal'
* | Merge GH #989 Avoid recursion in BER_Decoder::get_next_objectJack Lloyd2017-04-131-0/+67
|\ \ | |/ |/|
| * Add test for OSS-Fuzz 813Jack Lloyd2017-04-131-0/+67
| |
* | fix missing flush in DataSink_Stream::end_msgPhilippe Lieser2017-04-101-0/+27
|/
* Add another AES-128 CFB testJack Lloyd2017-04-081-0/+6
| | | | | Generated by OpenSSL, I needed this to help test https://github.com/riboseinc/rnp/pull/48
* Merge GH #966 Add SM3 hash functionJack Lloyd2017-04-051-0/+423
|\
| * Add more SM3 hash test data.Daniel Wyatt2017-04-031-0/+417
| |
| * Add SM3 hash functionDaniel Wyatt2017-04-031-0/+6
| |
* | Merge GH #978 Fix bad read in X509 DN comparisons (CVE-2017-2801)Jack Lloyd2017-04-043-0/+70
|\ \
| * | Fix X509 DN comparisonsJack Lloyd2017-04-043-0/+70
| | | | | | | | | | | | CVE-2017-2801
* | | Merge GH #900 Add ability to search by X509 DN hashJack Lloyd2017-04-042-193/+328
|\ \ \
| * | | Add tests for find_cert_by_raw_subject_dn_sha256Nuno Goncalves2017-04-041-1/+43
| | | | | | | | | | | | | | | | Signed-off-by: Nuno Goncalves <[email protected]>
| * | | Refactor test_certstor.cpp to prepare for adding testsNuno Goncalves2017-04-041-147/+181
| | | | | | | | | | | | | | | | Signed-off-by: Nuno Goncalves <[email protected]>
| * | | Format with astyle before major changesNuno Goncalves2017-04-031-30/+32
| | | | | | | | | | | | | | | | Signed-off-by: Nuno Goncalves <[email protected]>
| * | | Add unit tests for X509 hash methods:Nuno Goncalves2017-04-031-0/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | X509_Certificate::raw_issuer_dn_sha256() X509_Certificate::raw_subject_dn_sha256() Signed-off-by: Nuno Goncalves <[email protected]>
| * | | Refactor and modernize files to be editedNuno Goncalves2017-04-031-45/+46
| | |/ | |/| | | | | | | Signed-off-by: Nuno Goncalves <[email protected]>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 16:33:39 +0000