| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OID map is now generated from an input file on an as needed basis.
Just uses a sequence of ifs - simple, fast, and small code size.
Merges oid_lookup sub-module which was already required by asn1 anyway,
so completely non-optional.
Removes @neusdan's nice OID tests since without any runtime adds the
tests are moot.
|
| |\ \ |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rarely expected and often causes performance problems, especially for private keys.
Instead applications should call check_key explicitly to validate keys when
necessary.
Note this removal doesn't apply to tests like ECDH on-the-curve tests, where a check
on the public key is required for security of our own key.
Updates most APIs to remove RNG calls, where they are no longer required. Exception
is PKCS8 interface, pending further work there (see GH #685) it just ignores the RNG
argument now.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Uses -Os for GCC/Clang/ICC, /O1 for MSVC.
Might be used in the future to control compile time features also
(eg using a large precomputed table, vs not). Does not have any
influence on module selection, just informs the build that a smaller
binary is preferable.
[ci skip]
|
| | | |
|
| | |
| |
| |
| |
| | |
Split commit with 4c777878 because, no git, I did not rename
blfs_tab.cpp -> blowfish.cpp
|
| | |
| |
| |
| | |
Only needed there.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The `cert` dir was just an artifact of having previously supported
CVC (smartcard cert format), removed a long time ago.
The pem and pbes2 code is directly related to the pubkey code,
in fact the only caller of pbes2 (likely anywhere, not just
in the library) is in pkcs8.cpp
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Previously it made sense for them to be in distinct dirs because
they were standalone. However with #580 that is no longer the case,
so move them to subdirs. Configure knows that anything underneath
a directory has a dependency on the parent dir, so update info.txt
files accordingly to remove explicit dependencies where set.
|
| | |
| |
| |
| |
| | |
Now that #668 is landed I'm comfortable that we will not need
any type of global init.
|
| | |
| |
| |
| | |
GH #707
|
| |/
|
|
| |
Not used anymore.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Disables static RSA by default. The advantage here is twofold: enforcing forward
security and protecting TLS servers from oracle attacks since by default they
will never negotiate a suite which forces them to act as a decryption
oracle. Some applications/users may be forced to enable RSA in order to speak
with old or misconfigured peers, but these can be the exception not the default.
Disable DSA and CCM-8 by default: if you need to enable these things, you know it.
Adds TLS policy hooks to enforce DSA key sizes, default 2048 bits.
Remove an incorrect warning about DTLS in the manual; the sequence number window
check prevents this scenario from occuring.
|
| | |
|
| |\ |
|
| | |
| |
| |
| | |
of r)
|
| |/ |
|
| |
|
|
| |
Found by cppcheck
|
| |\ |
|
| | | |
|
| | |
| |
| |
| |
| | |
These files are important so make them easy to find for someone
unpacking the tarball for the first time.
|
| | |
| |
| |
| | |
[ci skip]
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
|
| |
Originally from https://github.com/randombit/botan-fuzzers but
merging to the main tree (without the corpus files, since I suspect
the corpus files in that repo are not useful anymore)
Adds --unsafe-fuzzer-mode which can be used to selectively disable
cryptographic checks which get in the way of fuzzer testing. This
setting is reflected in build.h and in the version string. Right
now it doesn't actually disable anything.
|
| |
|
|
| |
GH #681
|
| |\ |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Treats it as an all-zero 64-bit IV. GH #697
|
| | |
| |
| |
| |
| |
| |
| | |
Just handled base64 encoding/decoding with a CRC and that's it.
This would be better off being rewritten as part of a larger effort
to support a meaningful subset of OpenPGP, and does not seem useful
on its own.
|
| |/ |
|
| |\ |
|
| | |
| |
| |
| |
| | |
Change AutoSeeded_RNG to use SHA-384, SHA-256, SHA-3(256), or SHA-1,
whichever is available (in that order).
|
| |/
|
|
| |
Simplify algo_filt.cpp using create_or_throw
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
GMAC needs a per-message nonce specified with `start`, and other
MACs are capable of using nonces (Skein-MAC, for instance) so move
this API up to MAC class.
Change GMAC::clone to clone the owned cipher.
|
| | |
| |
| |
| |
| | |
Adds support for Galois Message Authentication Code calculation based on
GHASH, rather than GCM_Mode.
|
| | |
| |
| |
| |
| |
| | |
- Added GMAC class
- Integrated GMAC into MAC-Class test bench. Run GMAC tests using
./botan-test mac
|
| | |
| |
| |
| |
| | |
Not currently called but leaves us the opening to use them in the future
without breaking ABI.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
[ci skip]
|
| |\ \ |
|
| | |/ |
|
| | | |
|
