Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix further compiler macro bug exposed by #921 | Jack Lloyd | 2017-03-19 | 1 | -1/+1 |
| | |||||
* | BOTAN_TARGET_COMPILER_IS -> BOTAN_BUILD_COMPILER_IS | Daniel Neus | 2017-03-15 | 2 | -2/+2 |
| | |||||
* | Merge GH #913 Follow PKIX rules for X.509 time formatting | Jack Lloyd | 2017-03-13 | 2 | -24/+97 |
|\ | |||||
| * | Fix: UTCTime interpreted as GeneralizedTime | Daniel Neus | 2017-03-13 | 2 | -24/+97 |
| | | | | | | | | | | | | | | | | | | | | | | | | Example: "200305100350Z" interpreted as "2003/05/10 03:50:00 UTC" correct is "2020/03/05 10:03:50 UTC" According to RFC 5280: UTCTime values ... MUST include seconds (i.e., times are YYMMDDHHMMSSZ) -> length 13 GeneralizedTime values ... MUST include seconds (i.e., times are YYYYMMDDHHMMSSZ) -> length 15 I think we should enforce the RFC5280 rules even if the ASN.1 rules are not that strict. | ||||
* | | Merge GH #912 Fix OpenBSD shared lib name | Jack Lloyd | 2017-03-13 | 2 | -9/+11 |
|\ \ | |||||
| * | | OpenBSD does not have 3 digit soname and library symlinks. | Alexander Bluhm | 2017-03-13 | 2 | -9/+11 |
| |/ | | | | | | | | | Set library name for openbsd to libbotan-2.so.0.0 and do not install symlinks. | ||||
* / | Small fixes in API docs [ci skip] | René Korthaus | 2017-03-09 | 2 | -4/+4 |
|/ | |||||
* | Merge GH #901 Allow OCSP requests without the full subject certificate | Jack Lloyd | 2017-03-07 | 6 | -18/+51 |
|\ | |||||
| * | Allow OCSP requests without the full subject certificate | Nuno Goncalves | 2017-03-04 | 6 | -18/+51 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A OCSP request doesn't need the full subject certificate. This extends the API to require instead of the subject certificate: * OCSP::Request: subject serial. * OCSP::online_check: subject serial AND ocsp responder url. API breaking change: * removal of OCSP::Request::subject() as OCSP::Request doesn't need to hold the certificate, but only the serial. Signed-off-by: Nuno Goncalves <[email protected]> | ||||
* | | Merge GH #904 Fix memory leak in TLS tests | Jack Lloyd | 2017-03-03 | 1 | -4/+6 |
|\ \ | |/ |/| | |||||
| * | fix mem leak in tls unit tests | Daniel Neus | 2017-03-03 | 1 | -4/+6 |
| | | |||||
* | | Change name constraint test to use a fixed reference time | Jack Lloyd | 2017-03-03 | 1 | -2/+6 |
| | | | | | | | | Test certs have expired. | ||||
* | | Avoid calling memmove with a null source in PKCSv1 signature encoding | Jack Lloyd | 2017-03-03 | 1 | -1/+7 |
| | | | | | | | | Only occured with EMSA_Raw. Caught by GCC 7 warning | ||||
* | | Add missing include, caught by GCC 7 | Jack Lloyd | 2017-03-03 | 1 | -0/+1 |
| | | | | | | | | Closes GH #903 | ||||
* | | Fix compiler warnings in timing_test CLI | Jack Lloyd | 2017-03-03 | 1 | -2/+4 |
|/ | |||||
* | Merge GH #902 Extend EC_PublicKey check, add EC_Group check, ECC invalid key ↵ | Jack Lloyd | 2017-03-02 | 8 | -4/+534 |
|\ | | | | | | | tests | ||||
| * | remove debug output from ecc_invalid unit tests | Never | 2017-02-28 | 1 | -2/+0 |
| | | |||||
| * | Merge pull request #2 from ↵ | Tobias | Never | 2017-02-28 | 5 | -1/+457 |
| |\ | | | | | | | | | | | | | Rohde-Schwarz-Cybersecurity/extended-ec-public-key-checks Extended ec public key checks | ||||
| | * | Add ECDSA key tests from Google's project Wycheproof | René Korthaus | 2017-02-12 | 4 | -13/+57 |
| | | | |||||
| | * | Add test vectors for invalid ECDSA public keys from FIPS 186-4 | René Korthaus | 2017-02-12 | 2 | -0/+185 |
| | | | |||||
| | * | Add test vectors for invalid ECDSA public keys from FIPS 186-2 | René Korthaus | 2017-02-12 | 3 | -1/+228 |
| | | | |||||
| * | | verify ec domain in EC_PublicKey::check_key | Never | 2017-02-28 | 1 | -1/+6 |
| | | | |||||
| * | | EC_PublicKey::check_key for curves with cofactor > 1 | Never | 2017-02-27 | 1 | -1/+24 |
| | | | |||||
| * | | Add ec_group verify function | Never | 2017-02-24 | 2 | -1/+49 |
| | | | |||||
* | | | Merge GH #893 Remove ECC fixed window code | Jack Lloyd | 2017-03-02 | 2 | -60/+7 |
|\ \ \ | |||||
| * | | | Converge on a single side channel silent ec mp alg: randomized | Never | 2017-02-22 | 2 | -60/+7 |
| | | | | | | | | | | | | | | | | | | | | Montgomery ladder with order.bits()/2 bit scalar blinding and point randomization | ||||
* | | | | Increase timing test defaults | Jack Lloyd | 2017-02-26 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | Mona errors out on < 512 values per secret [ci skip] | ||||
* | | | | Merge GH #894 Add timing_test command line util | Jack Lloyd | 2017-02-26 | 1 | -0/+454 |
|\ \ \ \ | |||||
| * | | | | Add `botan timing_test` command line utility | Jack Lloyd | 2017-02-26 | 1 | -0/+454 |
| | | | | | |||||
* | | | | | The certificate being tested by the OCSP online test has expired. | Jack Lloyd | 2017-02-26 | 1 | -1/+2 |
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This caused a test failure if run with --run-online-tests. This is not the default but it caused the coverage build to fail. Fix the test to reflect expired status. The whole thing does not seem wholly satsifactory since we are still relying the behavior on an external party, perhaps a mock OCSP responder should be created for the tests. | ||||
* | | | | Add missing try/catch in invalid signature test | Jack Lloyd | 2017-02-26 | 1 | -2/+10 |
| | | | | | | | | | | | | | | | | From GH #889 | ||||
* | | | | Merge GH #891 Constant time decoding for ISO 9796 unpadding | Jack Lloyd | 2017-02-26 | 1 | -14/+26 |
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | Including missing length check #888 Replaces #889 | ||||
| * | | | | fix possible iso9796 side channel and add length check | Never | 2017-02-21 | 1 | -14/+26 |
| |/ / / | |||||
* | / / | Remove verify_end() chained immediatly before end_cons() (close #890) | Nuno Goncalves | 2017-02-25 | 8 | -12/+0 |
| |/ / |/| | | | | | | | | | | | | | | | | | BER_Decoder::end_cons() allready assures the verify_end() function, so it is redundant. Signed-off-by: Nuno Goncalves <[email protected]> | ||||
* | | | In CLI, if system RNG is available prefer it | Jack Lloyd | 2017-02-23 | 2 | -3/+10 |
|/ / | |||||
* | | Fix ECDSA timing test data | Jack Lloyd | 2017-02-20 | 1 | -1/+1 |
| | | | | | | | | | | | | See GH #880 [ci skip] | ||||
* | | Avoid use of deprecated function in (deprecated) Serialized_RNG constructor | Jack Lloyd | 2017-02-19 | 2 | -2/+12 |
| | | |||||
* | | Merge GH #880 Add ECDSA timing tests | Jack Lloyd | 2017-02-19 | 5 | -1/+71 |
|\ \ | |||||
| * | | Add ecdsa timing test | Never | 2017-02-16 | 5 | -1/+71 |
| | | | |||||
* | | | Merge GH #881 Adjust number of Miller-Rabin iterations in DSA param gen and ↵ | Jack Lloyd | 2017-02-19 | 2 | -3/+3 |
|\ \ \ | | | | | | | | | | | | | RSA checks | ||||
| * | | | increase miller-rabin iterations for RSA strong check_key. We call is_prime ↵ | Never | 2017-02-13 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | with prob=128 during sampling and we should check with the same prob | ||||
| * | | | increase miller-rabin iterations for dsa primes (FIPS-186-4) | Never | 2017-02-13 | 1 | -2/+2 |
| |/ / | |||||
* | | | Merge GH #886 Improve ffi docs | Jack Lloyd | 2017-02-19 | 1 | -29/+196 |
|\ \ \ | |||||
| * | | | Document hash, rng, mac, pbkdf and kdf in ffi handbook | René Korthaus | 2017-02-19 | 1 | -34/+171 |
| | | | | |||||
| * | | | Add more docs for ffi | René Korthaus | 2017-02-19 | 1 | -1/+31 |
| | | | | |||||
* | | | | CLI OCSP: fix expected OK return code | Nuno Goncalves | 2017-02-18 | 1 | -1/+1 |
|/ / / | | | | | | | | | | Signed-off-by: Nuno Goncalves <[email protected]> | ||||
* | | | Fix botan-test verbose mode | René Korthaus | 2017-02-14 | 2 | -2/+2 |
| | | | |||||
* | | | Remove std::cout accidentally left from debugging | René Korthaus | 2017-02-12 | 1 | -4/+0 |
| |/ |/| | |||||
* | | Resolve Doxygen error in cpuid.h | Jack Lloyd | 2017-02-11 | 1 | -1/+2 |
| | | | | | | | | The macro has to be on its own line or Doxygen gets confused. | ||||
* | | Fix compiling TLS tests without DSA | Jack Lloyd | 2017-02-11 | 1 | -0/+2 |
|/ |