aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Speed up DSA param gen testJack Lloyd2016-12-264-14/+42
| | | | Record counter value in test data, and start the search from there.
* Travis did not like these long testsJack Lloyd2016-12-251-2/+2
|
* Add basic docs for TPM APIJack Lloyd2016-12-242-1/+115
|
* Fix XMSS speed commandJack Lloyd2016-12-241-4/+6
|
* Long test was too longJack Lloyd2016-12-241-6/+3
|
* Add test option --run-long-testsJack Lloyd2016-12-2413-58/+131
| | | | | | Previously longer tests were hidden behind higher 'soak levels' but these arbitrary cutoffs are confusing compared to a simple short tests/long tests split.
* Merge GH #783 Expose TLS message types to applicationsJack Lloyd2016-12-2421-31/+45
|\
| * Export tls_messages.h as a public headerRené Korthaus2016-12-2321-31/+45
| | | | | | | | | | | | | | TLS::Callbacks::inspect_handshake_message() allows applications to inspect all handshake messages, but this requires access to the types in tls_messages.h. As a matter of fact, this also exports tls_extensions.h as a public header.
* | Compile fixJack Lloyd2016-12-231-0/+1
| |
* | Fix file descriptor leak introduced in bcae34c0cJack Lloyd2016-12-232-5/+1
|/ | | | Caused tests to fail on CI
* Ignore the right thingJack Lloyd2016-12-231-1/+1
|
* Fix minimized buildJack Lloyd2016-12-231-0/+4
|
* Remove nested anon namespaceJack Lloyd2016-12-231-4/+0
|
* Add DL_Group testsJack Lloyd2016-12-235-18/+169
| | | | | | | | | Fix a bug in how the 6144 and 8192 IETF MODP groups were encoded; they have g and q values switched. Fixed by just switching the PEM header to match the actual encoded format. Rename DL_Group::X942_DH_PARAMETERS to ANSI_X9_42_DH_PARAMETERS to avoid a macro conflict with Windows cryptography headers (GH #482)
* Fix ECDH testJack Lloyd2016-12-221-13/+10
|
* More filter testsJack Lloyd2016-12-225-35/+83
| | | | | Expose Data{Source,Sink}_Stream types even if no filesystem is available. Instead just guard the constructors taking a pathname.
* Add tests for AEAD name and nonce size APIsJack Lloyd2016-12-221-0/+3
|
* Add tests for 4-pass Tiger hashJack Lloyd2016-12-221-0/+12
|
* Add AES GCM tests from WycheproofJack Lloyd2016-12-221-0/+35
|
* Add Wycheproof EAX test casesJack Lloyd2016-12-211-18/+170
|
* Merge GH #779 Add ECDH/ECIES blinding and DH small subgroup checkingJack Lloyd2016-12-214-18/+55
|\
| * Add missing q == 0 check in DL_Scheme_PublicKey::check_key() as q may not be ↵Never2016-12-201-7/+19
| | | | | | | | available in all groups
| * Blind the ECDH/ECIES agree operation.Never2016-12-192-12/+21
| |
| * Added DH public key check y^q mod p = 1 against small-subgroup attacks as ↵Never2016-12-191-0/+2
| | | | | | | | described in rfc2785
| * Improved DL_Group verification. The group is invalid, if g^q mod p !=1 and ↵Never2016-12-191-5/+19
| | | | | | | | increased number of Miller-Rabin iterations, if strong is set (we pass 128 as prob in make_prm.cpp).
* | Add RSA PKCS1v1.5 signature verification tests from Wycheproof suite.Jack Lloyd2016-12-205-1/+229
| | | | | | | | | | A set of carefully generated invalid signatures which are sometimes accepted by implementations due to bugs in padding verification.
* | Some readme changesJack Lloyd2016-12-191-48/+33
| | | | | | | | | | | | Use https links where possible. [ci skip]
* | Remove obsolete test dataJack Lloyd2016-12-1934-152/+0
| | | | | | | | | | Remove test files for CVC as well as various tests which have subsequently been rewritten.
* | Remove duplicate test dataJack Lloyd2016-12-19153-0/+6
| | | | | | | | | | | | All 76 of the NIST certificate tests use the same root certificate and that issuer has an identical CRL for each test. So, just have the one copy.
* | Add additional primality testsJack Lloyd2016-12-192-64/+222
| | | | | | | | | | | | | | Add a long list of 'false' primes from Google's Wycheproof tests: https://github.com/google/wycheproof/blob/master/java/com/google/security/wycheproof/testcases/BigIntegerTest.java Split vector file format into Prime and NonPrime sections for easier reading.
* | Merge GH #781 Fix Doxygen comments for ISO 9796 paddingJack Lloyd2016-12-191-4/+4
|\ \
| * | ISO-9796-2 doxygen build fixesDaniel Neus2016-12-191-4/+4
| | |
* | | Merge GH #780 Add more PKCS11 testsJack Lloyd2016-12-191-0/+52
|\ \ \ | |/ / |/| |
| * | add some PKCS#11 negative testsDaniel Neus2016-12-191-0/+52
|/ / | | | | | | | | - for PKCS11::Slot - for PKCS11::Session
* | Fix ECIES testJack Lloyd2016-12-191-1/+1
| |
* | Minor refactoring of Text_Based_TestJack Lloyd2016-12-1939-149/+129
| | | | | | | | | | | | Turns out astyle has some bugs wrt C++11 initialize lists. Rather than having astyle mangle all of the tests, convert to using a string which is split once at the start instead of a vector of keys.
* | Add CertificatePathStatusCodes typedefJack Lloyd2016-12-182-31/+37
| | | | | | | | Little easier to read perhaps, and helps prevent some astyle confusion.
* | Merge GH #771 Use cstdint integer typesJack Lloyd2016-12-18578-5572/+5573
|\ \
| * | Convert to using standard uintN_t integer typesJack Lloyd2016-12-18578-5572/+5573
|/ / | | | | | | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* | Add libs target to makefilesJack Lloyd2016-12-182-0/+4
| | | | | | | | [ci skip]
* | IncludeOS has random device files nowJack Lloyd2016-12-181-0/+1
| | | | | | | | | | | | GH #726 [ci skip]
* | Add new module sanity check to configure.pyJack Lloyd2016-12-181-0/+14
| | | | | | | | [ci skip]
* | Disable TLS signature and finished message checks in fuzzer modeJack Lloyd2016-12-174-8/+31
| | | | | | | | | | Also use a const time comparison for the finished message, though I don't see any real way of exploiting that timing channel.
* | Update OCSP manual, and inline to main X.509 docJack Lloyd2016-12-173-48/+116
| | | | | | | | [ci skip]
* | Merge GH #777 Update X.509 manualJack Lloyd2016-12-171-58/+243
|\ \
| * | Update the X.509 manual and add more informationRené Korthaus2016-12-171-58/+243
| | |
* | | Merge GH #776 Support brainpool curves in OpenSSL providerJack Lloyd2016-12-171-1/+17
|\ \ \
| * | | Add support for brainpool curves in openssl providerRené Korthaus2016-12-171-1/+17
| |/ / | | | | | | | | | | | | OpenSSL 1.0.2 added support for brainpool curves, so we can use it provided the version check succeeds.
* / / Add OCSP fuzzerJack Lloyd2016-12-173-11/+27
|/ / | | | | | | | | | | | | | | | | Some attempts at reducing overhead in ECC math tests, unclear if really changed anything for my machine but probably can't hurt. Fix LLVM build flags [ci skip]
* | Merge GH #775 Update BSI TLS policyJack Lloyd2016-12-161-1/+4
|\ \ | | | | | | | | | [ci skip]