aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Reduction of code complexity in TLS classes.Matthias Gierlings2016-06-1929-942/+1256
| | | | | | | -reduced number of parameters in various methods -reduced cyclomatic complexity (McCabe-Metric) -removed "TLSEXT_HEARTBEAT_SUPPORT" from tls_extensions.h (leftover from heartbeat extension removal?)
* Use https:// urls for randombit.net links.Jack Lloyd2016-06-191-3/+3
| | | | | | | | | Previously avoided since many clients don't have the CACert root, but now that Let's Encrypt is used instead anyone with a recent trust root should accept the certs for botan.randombit.net and lists.randombit.net [ci skip]
* Merge GH #497 Add StreamCipher::seek and implementation for ChaChaJack Lloyd2016-06-1814-5/+575
|\ | | | | | | Also adds ChaCha8 support
| * Adding StreamCipher::seek interface, supporting seek in ChaCha, and also ↵SimCog2016-06-1814-5/+575
| | | | | | | | adding ChaCha8 support
* | Merge GH #487 Remove CVC certificates and EMSA1_BSI signature encodingJack Lloyd2016-06-1727-3072/+11
|\ \
| * | remove the already bitrotting and probably broken CVC implementationDaniel Neus2016-05-1819-2961/+0
| | |
| * | remove all uses of EMSA1_BSIDaniel Neus2016-05-025-43/+8
| | |
| * | remove EMSA1_BSI (no longer recommended by BSI)Daniel Neus2016-04-304-70/+5
| | |
* | | Merge GH #495 Add label argument to KDF::derive_keyJack Lloyd2016-06-1727-5577/+4714
|\ \ \
| * | | fix python 3 bindingsKai Michaelis2016-06-011-1/+1
| | | |
| * | | fix python bindingsKai Michaelis2016-06-011-4/+4
| | | |
| * | | make sure kdf labels are always usedKai Michaelis2016-06-018-20/+41
| | | |
| * | | pycryptodome generated test vectors for SP800-56CKai Michaelis2016-05-191-120/+160
| | | |
| * | | BouncyCastle generated test vectors for SP800-108Kai Michaelis2016-05-194-5399/+4331
| | | |
| * | | add label parameter to KDF::derive_keyKai Michaelis2016-05-1922-45/+189
| | | |
* | | | Merge GH #503 Space savings for TLS::CiphersuiteJack Lloyd2016-06-174-458/+392
|\ \ \ \
| * | | | Save the IETF ciphersute name directly in TLS::CiphersuiteJack Lloyd2016-06-094-458/+392
| | |_|/ | |/| | | | | | | | | | | | | | | | | | instead of trying (badly) to reconstruct it in to_string Save all strings in Ciphersuite as const char*
* / | | fix test failures and seg faults when Botan is configured with ↵René Korthaus2016-06-1712-29/+85
|/ / / | | | | | | | | | --module-policy bsi
* | | Fix CircleCI buildJack Lloyd2016-06-071-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The LLVM apt mirror was removed due to excessive load, preventing us from installing a new enough Clang for our needs. However CircleCI also supports Ubuntu 14.04 images, instead of the Ubuntu 12 we were on. The new version has GCC 4.8 and Clang 3.4 as the base install. Removes UBSan from the CircleCI sanitizer build, since that requires at least GCC 4.9 GH #498
* | | Merge GH #489 Add support probabilistic DSA & ECDSAJack Lloyd2016-06-0711-13/+2703
|\ \ \
| * | | Add support probabilistic DSA & ECDSARené Korthaus2016-05-0811-13/+2703
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds support for probabilistic, aka the standard, DSA and ECDSA. Can be enabled by disabling the rfc6979 module. Includes test vectors from NIST CAVP. Adds rfc6979 to the list of prohibited modules in BSI policy.
* | | | Add Not_Implemented exceptionJack Lloyd2016-06-074-7/+17
| | | |
* | | | Tweak for readability in McEliece testsJack Lloyd2016-06-071-15/+10
| | | | | | | | | | | | | | | | Using a struct here seems cleaner
* | | | Clean symlinks to shared libraries properlyLauri Nurmi2016-06-071-1/+1
| | | | | | | | | | | | | | | | The 'clean' target left dangling symlinks because undefined variables were used in Makefile.
* | | | Remove DN field requirements on generating certs and PKCS #10Jack Lloyd2016-05-233-22/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I have no idea why this is requiring the country code be set, but for many applications a country is not even meaningful. This change also allows CN to be empty/unset on the request or cert, since there is no actual requirement for any specific DN entry type and RFC 5280 specifically allows even an completely empty DN, with name information only in the subjectAltName extension. This change also allows generating a self-signed cert or cert request that expires before it starts. That could only happen with an explicit decision by the application to set it that way, and there is no harm in returning these non-secret bits. They will probably notice their problem as soon as the cert is rejected by any receiving system.
* | | | Fix GCM counter incrementJack Lloyd2016-05-234-3/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | GCM is defined as having a 32-bit counter, but CTR_BE incremented the counter across the entire block. This caused incorrect results if a very large message (2**39 bits) was processed, or if the GHASH derived nonce ended up having a counter field near to 2**32 Thanks to Juraj Somorovsky for the bug report and repro.
* | | | Add FPE_FE1 runtime metricsJack Lloyd2016-05-231-0/+47
| | | |
* | | | Fix for GCC 6Jack Lloyd2016-05-231-0/+1
| |/ / |/| |
* | | Merge GH #484 use explicit casts to avoids MSVC warning C4267Jack Lloyd2016-05-0921-64/+62
|\ \ \ | |/ / |/| |
| * | Add explicit static_cast operations to eliminate implicit cast compiler ↵Dan Brown2016-04-2718-36/+34
| | | | | | | | | | | | warnings.
| * | Change calls to 'get_byte' to explicitly cast parameters and eliminate ↵Dan Brown2016-04-277-28/+28
| | | | | | | | | | | | compiler warnings
* | | Turn MSVC warnings to /W4 and enable C4267Jack Lloyd2016-05-063-8/+1
| | | | | | | | | | | | | | | | | | Move disabling C4250 and C4251 to cmd line instead of header pragma. This means these warnings will show up in application code. But disabling warnings inside a library header is probably not good form.
* | | AppVeyor used amalgamation build due to strict build time restrictionsJack Lloyd2016-05-061-1/+1
| | | | | | | | | | | | Now allows up to 60 minute builds, so build normally.
* | | Somewhat more helpful helpJack Lloyd2016-04-281-5/+7
| |/ |/|
* | Add missing overrideJack Lloyd2016-04-281-1/+1
| |
* | Check that the version in botan_version.py matches the tagged versionJack Lloyd2016-04-281-23/+44
|/
* Merge GH #469 Generate error on unknown critical extension during path ↵Jack Lloyd2016-04-239-78/+241
|\ | | | | | | | | | | | | validation Previously an unknown extension would be rejected during parsing, which prevents examining such a cert at all
| * Move name constraints validation code to extension classRené Korthaus2016-04-173-101/+111
| |
| * Add Unknown_Critical_Extension typeRené Korthaus2016-04-103-16/+43
| |
| * Generate error on unknown critical extension during path validationRené Korthaus2016-04-069-19/+145
| | | | | | | | | | | | | | | | | | | | | | | | Previously unknown critical extensions were rejected during X509_Certificate constructor, which inhibited inspecting other parts of such a certificate. Refactored the certificate extensions code so that the path validation routine performs this check only. Additionally, added an interface for extensions to inspect the path during path validation. TODOs were added in places where existing path validation code can use the new interface. Fixes GH #449.
* | Fix return type of TLS_Reader::get_u32bitJack Lloyd2016-04-211-2/+2
| | | | | | | | | | | | Only affects decoding of session ticket lifetimes. GH #478
* | Merge GH #475 Remove Transform base classJack Lloyd2016-04-2134-637/+615
|\ \
| * | Remove Transform base classJack Lloyd2016-04-2134-637/+615
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With sufficient squinting, Transform provided an abstract base interface that covered both cipher modes and compression algorithms. However it mapped on neither of them particularly well. In addition this API had the same problem that has made me dislike the Pipe/Filter API: given a Transform&, what does it do when you put bits in? Maybe it encrypts. Maybe it compresses. It's a floor wax and a dessert topping! Currently the Cipher_Mode interface is left mostly unchanged, with the APIs previously on Transform just moved down the type hierarchy. I think there are some definite improvements possible here, wrt handling of in-place encryption, but left for a later commit. The compression API is split into two types, Compression_Algorithm and Decompression_Algorithm. Compression_Algorithm's start() call takes the compression level, allowing varying compressions with a single object. And flushing the compression state is moved to a bool param on `Compression_Algorithm::update`. All the nonsense WRT compression algorithms having zero length nonces, input granularity rules, etc as a result of using the Transform interface goes away.
* | | Merge GH #481 Add NIST SP800-108 & 56c KDFsJack Lloyd2016-04-2111-0/+5991
|\ \ \
| * | | NIST SP800-108 & 56cKai Michaelis2016-04-2011-0/+5991
| |/ /
* | | Enable ECGDSA in default buildRené Korthaus2016-04-201-2/+0
| | |
* | | Add ECGDSARené Korthaus2016-04-1916-14/+617
|/ /
* | Catch the right exception type so errors are reported instead ofJack Lloyd2016-04-151-8/+17
| | | | | | | | | | | | manifesting as broken sockets. Leave the client socket open until the alert has been sent.
* | Don't reject TLS packets with zero plaintext bytesJack Lloyd2016-04-152-13/+19
| | | | | | | | | | | | | | | | OpenSSL sends an empty record before each new data record in TLS v1.0 to randomize the IV, as a countermeasure to the BEAST attack. Most implementations use 1/(n-1) splitting for this instead. Bug introduced with the const time changes in 1.11.23
* | Empty the key/tweak containers which is used to signal the key was setJack Lloyd2016-04-151-3/+3
| | | | | | | | Fix exception message