Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Merge GH #1053 Fix path length constraint checking (GH #991) | Jack Lloyd | 2017-05-21 | 14 | -5/+310 |
|\ | |||||
| * | fix pathLenConstraint validation | Daniel Neus | 2017-05-19 | 14 | -5/+310 |
| | | | | | | | | | | | | | | | | | | | | | | Fixes GH #991 The problem with the current implementation of the chain validation code is that is runs from the end certificate to the trust cert. @securitykernel and me tried to fix the pathLenConstraint validation within this reverse loop but we were not sure if we missed some edge cases. So we felt safer to use the algorithm listed in RFC 5280 which executes from the top to the bottom. It's probably best to rewrite the code to use the whole algorithm from RFC 5280, i.e. validating the chain from the trust to the end cert. Additionally, we wrote some tests including the one that raised this issue initially. | ||||
* | | Fix warnings | Jack Lloyd | 2017-05-19 | 2 | -3/+3 |
| | | |||||
* | | Fixes for MSVC version detection | Jack Lloyd | 2017-05-19 | 1 | -1/+1 |
| | | | | | | | | | | See comments in https://github.com/randombit/botan/commit/7f019174bfcf3c2b31bda74fe40ce35727db1cef | ||||
* | | Merge GH #826 Add support for Intel SHA instructions | Jack Lloyd | 2017-05-19 | 13 | -2/+485 |
|\ \ | |||||
| * | | Set minimum compiler versions for SHA intrinsics | Jack Lloyd | 2017-05-19 | 2 | -0/+12 |
| | | | |||||
| * | | Add support for Intel SHA-1/SHA-2 instructions | Jack Lloyd | 2017-05-19 | 13 | -2/+473 |
| | | | | | | | | | | | | Based on GH #807 and #808 | ||||
* | | | Add SM3 OIDs and PKCSv1.5 hash prefix | Jack Lloyd | 2017-05-19 | 3 | -1/+16 |
|/ / | |||||
* | | Merge GH #359 Add botan cli encryption tool | Jack Lloyd | 2017-05-19 | 4 | -0/+355 |
|\ \ | |||||
| * | | Fix 3 space indent | Simon Warta | 2017-04-18 | 1 | -4/+4 |
| | | | |||||
| * | | Add BOTAN_HAS_AEAD_MODES requirement for encryption cli | Simon Warta | 2017-04-18 | 2 | -2/+2 |
| | | | |||||
| * | | Run cli tests on Travis | Simon Warta | 2017-04-18 | 1 | -0/+7 |
| | | | |||||
| * | | Some linting cleanups for cli_tests.py | Simon Warta | 2017-04-18 | 1 | -6/+6 |
| | | | |||||
| * | | Update registration format of "encryption" cli command | Simon Warta | 2017-04-18 | 1 | -2/+2 |
| | | | |||||
| * | | Add more ciphers | Simon Warta | 2017-04-18 | 2 | -13/+71 |
| | | | |||||
| * | | Fix whitespace errors | Simon Warta | 2017-04-18 | 2 | -3/+3 |
| | | | |||||
| * | | Fix bug in vecparser: member must not be static | Simon Warta | 2017-04-18 | 1 | -2/+1 |
| | | | |||||
| * | | Adapt cli command encryption to new cli interface | Simon Warta | 2017-04-18 | 1 | -37/+42 |
| | | | |||||
| * | | Add botan encryption cli app | Simon Warta | 2017-04-18 | 3 | -0/+286 |
| | | | |||||
* | | | Merge GH #1052 Add build-time compiler detection | Jack Lloyd | 2017-05-19 | 1 | -3/+3 |
|\ \ \ | |||||
| * | | | Let modules specify minimum compiler version, add runtime compiler version check | Jack Lloyd | 2017-05-18 | 1 | -3/+3 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This comes up recently to support CPU extensions by Intel (#826) and ARM (#844) since the intrinsic functions were only added in compiler versions more recent than the minimums we generally support, but might actually be useful for all kinds of things in the future since one can add a (new, otherwise optional) C++14 or C++17 module in 2.x branch while continuing to support the current set of supported compiler versions for the main library functionality. Uses RDSEED as the test case, to ensure version detection/comparisons work on all platforms. | ||||
* | | | | Merge GH #1051 Extensions for PKCSv1.5 signature formatting | Jack Lloyd | 2017-05-19 | 8 | -5/+96 |
|\ \ \ \ | |||||
| * | | | | Accept SHA1 and SHA-1 as aliases for hash_id | Jack Lloyd | 2017-05-18 | 1 | -2/+3 |
| | | | | | |||||
| * | | | | Add botan_pkcs_hash_id to FFI | Jack Lloyd | 2017-05-18 | 7 | -3/+93 |
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | Extend EMSA_PKCS1v15_Raw to optionally take a hash function for which the PKCS hash id is prefixed to the message as usual. This allows signing a message using PKCSv1.5 padding where the hash is provided externally. | ||||
* | | | | Merge GH #1044 Handle IV carryover in CBC, CFB, and stream ciphers | Jack Lloyd | 2017-05-19 | 9 | -43/+243 |
|\ \ \ \ | |_|/ / |/| | | | |||||
| * | | | Handle IV carryover in CBC, CFB, and stream ciphers | Jack Lloyd | 2017-05-13 | 9 | -43/+243 |
| | | | | | | | | | | | | | | | | | | | | | | | | Allow an empty nonce to mean "continue using the current cipher state". GH #864 | ||||
* | | | | Maintainer mode fixes | Jack Lloyd | 2017-05-18 | 2 | -4/+9 |
| | | | | |||||
* | | | | Add ability to clear cpuid bits before running benchmarks. | Jack Lloyd | 2017-05-18 | 1 | -1/+14 |
| |/ / |/| | | | | | | | | | | | | | | | | | Should be extended further, and some duplicated logic with the tests here, but useful as is. [ci skip] | ||||
* | | | Fix botan_privkey_load_rsa misleading parameter names. | Daniel Wyatt | 2017-05-13 | 3 | -5/+5 |
|/ / | | | | | | | RSA_PrivateKey's constructor take p,q,e,d,n. | ||||
* | | Post-merge changes to SP 800-56A KDF (GH #1040) | Jack Lloyd | 2017-05-06 | 3 | -77/+120 |
| | | | | | | | | | | | | | | Instead of using a template split the KDF into two different classes that both call a template utility function to actually run the KDF algo. Simplify the "empty salt" logic and avoid having to instantiate a hash object just to get the hash block size. | ||||
* | | Merge GH #1040 Add SP800-56A KDF | Jack Lloyd | 2017-05-06 | 5 | -0/+3071 |
|\ \ | |||||
| * | | Align with comments from code review | Krzysztof Kwiatkowski | 2017-05-04 | 2 | -6/+5 |
| | | | |||||
| * | | KDF SP800-56A: Add test vectors with 0 length salt to improve coverage | Krzysztof Kwiatkowski | 2017-05-03 | 1 | -0/+60 |
| | | | |||||
| * | | Use uint64_t to represent 32-bit number (fixes unittests) | Krzysztof Kwiatkowski | 2017-05-03 | 1 | -1/+1 |
| | | | |||||
| * | | Update copyright headers | Krzysztof Kwiatkowski | 2017-05-03 | 2 | -2/+6 |
| | | | |||||
| * | | Add vectors for HMAC backed SP800-56A KDF | Krzysztof Kwiatkowski | 2017-05-03 | 1 | -2/+1417 |
| | | | |||||
| * | | SP800-56A revision 2 implementation | Krzysztof Kwiatkowski | 2017-05-03 | 3 | -29/+74 |
| | | | |||||
| * | | Adds KDF based on SP 800-56A. Currently it is revision 1 (alternative 1). It ↵ | Krzysztof Kwiatkowski | 2017-05-03 | 5 | -0/+1548 |
| | | | | | | | | | | | | should be extended to revision 2. | ||||
* | | | Don't use len() to verify emptyness | Simon Warta | 2017-05-04 | 1 | -1/+4 |
| | | | |||||
* | | | Remove comment: FIXME without further description | Simon Warta | 2017-05-04 | 1 | -1/+1 |
| | | | |||||
* | | | Make pylint mandatory for botan2.py | Simon Warta | 2017-05-04 | 1 | -2/+2 |
| | | | |||||
* | | | Work around name conflict of symbol "rng" | Simon Warta | 2017-05-04 | 1 | -13/+14 |
| | | | |||||
* | | | Add base exception type: BotanException | Simon Warta | 2017-05-04 | 1 | -22/+30 |
| | | | |||||
* | | | Fix various pylint warnings | Simon Warta | 2017-05-04 | 1 | -8/+10 |
| | | | |||||
* | | | Avoid redefining build-in name "hash" | Simon Warta | 2017-05-04 | 1 | -3/+3 |
| | | | | | | | | | | | | | | | this breaks applications using a parameter labels, e.g. pubkey.fingerprint(hash='SHA-512') | ||||
* | | | Silence invalid name warning for module "botan" | Simon Warta | 2017-05-04 | 1 | -2/+2 |
| | | | |||||
* | | | Silence pylint invalid class name warnings | Simon Warta | 2017-05-04 | 1 | -12/+12 |
| | | | |||||
* | | | Use comments to organize code sections | Simon Warta | 2017-05-04 | 1 | -35/+40 |
| | | | |||||
* | | | Remove trailing whitespace | Simon Warta | 2017-05-04 | 1 | -1/+1 |
| | | | |||||
* | | | Break long lines | Simon Warta | 2017-05-04 | 1 | -14/+29 |
| | | |