Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Another fix for missing SHA1, and workaround Apple Clang problem. | Jack Lloyd | 2016-12-31 | 1 | -8/+9 |
| | |||||
* | Fix test with SHA-1 disabled | Jack Lloyd | 2016-12-31 | 1 | -0/+3 |
| | |||||
* | Missing add | Jack Lloyd | 2016-12-31 | 1 | -0/+1 |
| | |||||
* | Add more tests for random prime and DL group generation | Jack Lloyd | 2016-12-30 | 3 | -3/+120 |
| | |||||
* | Increase default TLS DH min to 2048 bits, and add BSI policy class. | Jack Lloyd | 2016-12-30 | 8 | -7/+85 |
| | | | | | Moves BSI policy file to test data dir where it can be compared with what the hardcoded class outputs. | ||||
* | Remove reference to CECPQ1_PSK OCB ciphersuite in test. | Jack Lloyd | 2016-12-30 | 1 | -1/+0 |
| | | | | | Initially planned, then decided to skip because supporting it requires more changes to the TLS handshake code than I want to do right now. | ||||
* | Merge GH #785 Disable SHA-1 and weak RSA by default during cert validation | Jack Lloyd | 2016-12-30 | 4 | -13/+17 |
|\ | |||||
| * | Increase Path_Validation_Restrictions default min strength to 110 | Jack Lloyd | 2016-12-27 | 4 | -13/+17 |
| | | | | | | | | | | Effectively disables 1024 bit RSA as well as SHA-1. Edit the tests where required to enable it again. | ||||
* | | Add CECPQ1 OCB ciphersuites | Jack Lloyd | 2016-12-30 | 3 | -25/+42 |
| | | | | | | | | | | | | Clean up the ciphersuite generation script a bit. [ci skip] | ||||
* | | Disable OpenSSL in lcov script | Jack Lloyd | 2016-12-30 | 1 | -1/+1 |
| | | | | | | | | | | Kind of confuses the output. And also seems to crash for me (somewhere deep inside OpenSSL). Unclear what the problem is there. | ||||
* | | Tiny code simplification | Jack Lloyd | 2016-12-30 | 1 | -3/+1 |
| | | |||||
* | | One more Camellia TLS test fix | Jack Lloyd | 2016-12-28 | 1 | -1/+8 |
| | | |||||
* | | Fix Camellia TLS tests | Jack Lloyd | 2016-12-28 | 1 | -2/+9 |
| | | | | | | | | | | | | Disabling SHA-256 in TLS 1.1/1.2 has the effect of disabling the Camellia ECDH ciphersuites. So the test policy ended up with an empty ciphersuite list, when negotiating older versions. | ||||
* | | Merge GH #786 Fix fuzzer after #783 header change | Jack Lloyd | 2016-12-28 | 1 | -1/+1 |
|\ \ | | | | | | | | | | [ci skip] | ||||
| * | | Fix building this fuzzer | Alex Gaynor | 2016-12-28 | 1 | -1/+1 |
| |/ | | | | | (untested) | ||||
* | | Add tls_ciphers command | Jack Lloyd | 2016-12-28 | 1 | -0/+123 |
| | | | | | | | | Lists ciphersuites that will be sent for a particular policy/version. | ||||
* | | Prohibit SHA256/SHA384 ciphersuites in TLS 1.0/1.1 (GH #496) | Jack Lloyd | 2016-12-28 | 1 | -3/+10 |
|/ | |||||
* | Remove unnecessary BOTAN_DLL annotations | Jack Lloyd | 2016-12-27 | 4 | -5/+5 |
| | |||||
* | Speed up DSA param gen test | Jack Lloyd | 2016-12-26 | 4 | -14/+42 |
| | | | | Record counter value in test data, and start the search from there. | ||||
* | Travis did not like these long tests | Jack Lloyd | 2016-12-25 | 1 | -2/+2 |
| | |||||
* | Fix XMSS speed command | Jack Lloyd | 2016-12-24 | 1 | -4/+6 |
| | |||||
* | Long test was too long | Jack Lloyd | 2016-12-24 | 1 | -6/+3 |
| | |||||
* | Add test option --run-long-tests | Jack Lloyd | 2016-12-24 | 13 | -58/+131 |
| | | | | | | Previously longer tests were hidden behind higher 'soak levels' but these arbitrary cutoffs are confusing compared to a simple short tests/long tests split. | ||||
* | Merge GH #783 Expose TLS message types to applications | Jack Lloyd | 2016-12-24 | 21 | -31/+45 |
|\ | |||||
| * | Export tls_messages.h as a public header | René Korthaus | 2016-12-23 | 21 | -31/+45 |
| | | | | | | | | | | | | | | TLS::Callbacks::inspect_handshake_message() allows applications to inspect all handshake messages, but this requires access to the types in tls_messages.h. As a matter of fact, this also exports tls_extensions.h as a public header. | ||||
* | | Compile fix | Jack Lloyd | 2016-12-23 | 1 | -0/+1 |
| | | |||||
* | | Fix file descriptor leak introduced in bcae34c0c | Jack Lloyd | 2016-12-23 | 2 | -5/+1 |
|/ | | | | Caused tests to fail on CI | ||||
* | Ignore the right thing | Jack Lloyd | 2016-12-23 | 1 | -1/+1 |
| | |||||
* | Fix minimized build | Jack Lloyd | 2016-12-23 | 1 | -0/+4 |
| | |||||
* | Remove nested anon namespace | Jack Lloyd | 2016-12-23 | 1 | -4/+0 |
| | |||||
* | Add DL_Group tests | Jack Lloyd | 2016-12-23 | 4 | -7/+153 |
| | | | | | | | | | Fix a bug in how the 6144 and 8192 IETF MODP groups were encoded; they have g and q values switched. Fixed by just switching the PEM header to match the actual encoded format. Rename DL_Group::X942_DH_PARAMETERS to ANSI_X9_42_DH_PARAMETERS to avoid a macro conflict with Windows cryptography headers (GH #482) | ||||
* | Fix ECDH test | Jack Lloyd | 2016-12-22 | 1 | -13/+10 |
| | |||||
* | More filter tests | Jack Lloyd | 2016-12-22 | 5 | -35/+83 |
| | | | | | Expose Data{Source,Sink}_Stream types even if no filesystem is available. Instead just guard the constructors taking a pathname. | ||||
* | Add tests for AEAD name and nonce size APIs | Jack Lloyd | 2016-12-22 | 1 | -0/+3 |
| | |||||
* | Add tests for 4-pass Tiger hash | Jack Lloyd | 2016-12-22 | 1 | -0/+12 |
| | |||||
* | Add AES GCM tests from Wycheproof | Jack Lloyd | 2016-12-22 | 1 | -0/+35 |
| | |||||
* | Add Wycheproof EAX test cases | Jack Lloyd | 2016-12-21 | 1 | -18/+170 |
| | |||||
* | Merge GH #779 Add ECDH/ECIES blinding and DH small subgroup checking | Jack Lloyd | 2016-12-21 | 4 | -18/+55 |
|\ | |||||
| * | Add missing q == 0 check in DL_Scheme_PublicKey::check_key() as q may not be ↵ | Never | 2016-12-20 | 1 | -7/+19 |
| | | | | | | | | available in all groups | ||||
| * | Blind the ECDH/ECIES agree operation. | Never | 2016-12-19 | 2 | -12/+21 |
| | | |||||
| * | Added DH public key check y^q mod p = 1 against small-subgroup attacks as ↵ | Never | 2016-12-19 | 1 | -0/+2 |
| | | | | | | | | described in rfc2785 | ||||
| * | Improved DL_Group verification. The group is invalid, if g^q mod p !=1 and ↵ | Never | 2016-12-19 | 1 | -5/+19 |
| | | | | | | | | increased number of Miller-Rabin iterations, if strong is set (we pass 128 as prob in make_prm.cpp). | ||||
* | | Add RSA PKCS1v1.5 signature verification tests from Wycheproof suite. | Jack Lloyd | 2016-12-20 | 5 | -1/+229 |
| | | | | | | | | | | A set of carefully generated invalid signatures which are sometimes accepted by implementations due to bugs in padding verification. | ||||
* | | Remove obsolete test data | Jack Lloyd | 2016-12-19 | 34 | -152/+0 |
| | | | | | | | | | | Remove test files for CVC as well as various tests which have subsequently been rewritten. | ||||
* | | Remove duplicate test data | Jack Lloyd | 2016-12-19 | 153 | -0/+6 |
| | | | | | | | | | | | | All 76 of the NIST certificate tests use the same root certificate and that issuer has an identical CRL for each test. So, just have the one copy. | ||||
* | | Add additional primality tests | Jack Lloyd | 2016-12-19 | 2 | -64/+222 |
| | | | | | | | | | | | | | | Add a long list of 'false' primes from Google's Wycheproof tests: https://github.com/google/wycheproof/blob/master/java/com/google/security/wycheproof/testcases/BigIntegerTest.java Split vector file format into Prime and NonPrime sections for easier reading. | ||||
* | | Merge GH #781 Fix Doxygen comments for ISO 9796 padding | Jack Lloyd | 2016-12-19 | 1 | -4/+4 |
|\ \ | |||||
| * | | ISO-9796-2 doxygen build fixes | Daniel Neus | 2016-12-19 | 1 | -4/+4 |
| | | | |||||
* | | | add some PKCS#11 negative tests | Daniel Neus | 2016-12-19 | 1 | -0/+52 |
|/ / | | | | | | | | | - for PKCS11::Slot - for PKCS11::Session | ||||
* | | Fix ECIES test | Jack Lloyd | 2016-12-19 | 1 | -1/+1 |
| | |