aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix install when static lib is disabledJack Lloyd2017-12-022-4/+9
| | | | Add a test in CI to cover this
* Drop support for Cilk+Jack Lloyd2017-12-024-47/+4
| | | | | It's been dropped from GCC, appears OpenACC is the new hotness for this kind of thing.
* Update newsJack Lloyd2017-12-011-0/+6
|
* Merge GH #1325 Merge makefile typesJack Lloyd2017-12-0115-255/+201
|\
| * Fix macOS dynamic linkJack Lloyd2017-12-013-11/+10
| |
| * Merge the gnumake and nmake makefilesJack Lloyd2017-12-0114-248/+195
|/
* Merge GH #1324 Add ability to disable static libraryJack Lloyd2017-12-019-159/+175
|\
| * Avoid naming Windows library botand if in debug modeJack Lloyd2017-12-013-39/+23
| | | | | | | | | | Apparently introduced in #584 but unnecessary afaict as the CLI was renamed at the same time.
| * Add ability to disable static library buildJack Lloyd2017-11-308-124/+156
|/
* Describe cross builds [ci skip]Jack Lloyd2017-11-301-0/+18
|
* Remove support for setting install commandJack Lloyd2017-11-304-16/+1
| | | | Unused since the Python install script was introduced.
* Lint fixes [ci skip]Jack Lloyd2017-11-302-4/+4
|
* Fixes for make cleanJack Lloyd2017-11-292-7/+10
|
* Fix missing headerJack Lloyd2017-11-291-0/+1
| | | | This caused a build failure when compiling with amalgamation + minimized.
* Merge GH #1321 Use a script for make cleanJack Lloyd2017-11-298-107/+186
|\
| * Fix dependenciesJack Lloyd2017-11-294-31/+34
| |
| * Add the build commands back to the main makefilesJack Lloyd2017-11-293-14/+28
| | | | | | | | | | | | | | | | The header is processed early, but when doing an amalgamation we need to regenerate the makefile template. But we only do that for the main makefile not the include inputs. Should fix this but for now just just get it to work.
| * Add a script to handle `make clean` targetJack Lloyd2017-11-297-115/+177
| | | | | | | | | | | | | | This removes a lot of logic that cannot be shared between the nmake (Windows environment) and gnumake (Unix env) makefiles. Also it cleans up inconsistencies, eg nmake's make distclean did not remove amalgamation files, but gnumake version did.
* | Merge GH #1319 Allow overriding ar commandJack Lloyd2017-11-2919-104/+38
|\ \
| * | Use this to prevent fallback to Unix ar default argsJack Lloyd2017-11-291-1/+1
| |/
| * Remove unused command variables in makefilesJack Lloyd2017-11-293-17/+6
| |
| * Allow overriding ar commandJack Lloyd2017-11-2918-87/+32
| | | | | | | | | | | | | | | | Splits up the ar command and ar options to make this possible. Removes support for calling `ranlib` after `ar`: testing in #1317 confirms that all platforms we support no longer need it. See #1237. Also fixes #455
* | CRL_Data is a struct not a classJack Lloyd2017-11-291-1/+2
| |
* | Merge GH #1320 Switch to default Travis XCodeJack Lloyd2017-11-291-1/+0
|\ \
| * | Start using Travis default XCode image (8.3)Jack Lloyd2017-11-291-1/+0
| |/
* / Deprecate PathScale and HP aCC support [ci skip]Jack Lloyd2017-11-291-0/+2
|/ | | | | PathScale is out of business, and HP is untested and almost certainly doesn't work.
* Merge GH #1318 Build improvementsJack Lloyd2017-11-294-23/+46
|\
| * Lint fixes [ci skip]Jack Lloyd2017-11-291-7/+7
| |
| * Add flags to disable building/installing documentationJack Lloyd2017-11-292-13/+31
| |
| * Split the language flags out of CXXFLAGSJack Lloyd2017-11-293-10/+15
|/ | | | | Allows distributor to override CFLAGS without having to worry about what -std=c++xx options we are using. See GH #1237
* Update newsJack Lloyd2017-11-281-2/+9
|
* Merge GH #1316 Various TLS fixesJack Lloyd2017-11-287-25/+47
|\
| * Add an explicit catch for a server trying to negotiate SSLv3Jack Lloyd2017-11-281-1/+7
| | | | | | | | | | | | | | This was already caught with the policy check later but it's better to be explicit. (And in theory an application might implement their policy version check to be "return true", which would lead to us actually attempting to negotiate SSLv3).
| * Correct version selection logic in TLS serverJack Lloyd2017-11-281-0/+5
| | | | | | | | | | | | | | | | | | | | | | Due to an oversight in the logic, previously a client attempt to negotiate SSLv3 would result in the server trying to negotiate TLS v1.2. Now instead they get a protocol_error alert. Similarly, detect the the (invalid) case of a major number <= 2, which does not coorespond to any real TLS version. The server would again reply as a TLS v1.2 server in that case, and now just closes the connection with an alert.
| * Tighten up checks on signature key exchange messageJack Lloyd2017-11-281-1/+1
| | | | | | | | An empty extension is not allowed, but was previously accepted.
| * Return correct alert type on malformed DH/ECDH messages.Jack Lloyd2017-11-281-7/+11
| | | | | | | | | | | | | | | | In the client key exchange if the message was malformed (eg an completely empty ECDH share) a Decoding_Error would be thrown, then caught and a fake pre master secret generated. Move the parsing of the message out of the try/catch block, so the correct error is reported.
| * Increase HMAC key size limit to 4096 bytes.Jack Lloyd2017-11-282-5/+7
| | | | | | | | | | The previous limit of 512 bytes meant that TLS was unable to negotiate using FFDHE-6144 or FFDHE-8192 groups.
| * Correct definition of FFDHE 4096 groupJack Lloyd2017-11-281-11/+16
| | | | | | | | Was a copy+paste of FFDHE 3072
* | Run TLS hello random fields through SHA-256Jack Lloyd2017-11-281-1/+7
|/ | | | Avoids exposing RNG output on the wire. Cheap precaution.
* Fix DoxygenJack Lloyd2017-11-261-1/+1
|
* Update newsJack Lloyd2017-11-261-0/+10
|
* Merge GH #1302 Add PSK database interfaceJack Lloyd2017-11-2613-5/+853
|\
| * PSK DatabaseJack Lloyd2017-11-2613-5/+853
| |
* | Merge GH #1315 Add tls_http_server command line utilJack Lloyd2017-11-261-0/+543
|\ \
| * | Add tls_http_server cmd utilJack Lloyd2017-11-261-0/+543
| | | | | | | | | | | | | | | It parses just enough of an HTTP message that it can be used to test against a browser, or tlsfuzzer.
* | | Throw a Decoding_Error if TLS AEAD packet is shorter than the tag.Jack Lloyd2017-11-261-0/+3
|/ / | | | | | | | | Otherwise this ended up as an assertion failure which translated to internal_error alert.
* | Fix errors caught with tlsfuzzerJack Lloyd2017-11-264-10/+6
| | | | | | | | | | | | | | | | | | | | | | Don't send EC point format extension in server hello unless an EC suite was negotiated *and* the client sent the extension. Fix server FFDHE logic, this effectively disabled DHE ciphersuites for clients without FFDHE extension. Use unexpected_message alert in case of an unexpected message. (Previously an internal_error alert was sent.)
* | Merge #1313 Fix Doxygen comment on HashFunction::create_or_throwJack Lloyd2017-11-251-1/+1
|\ \
| * | Minor documentation fix in HashFunction::create_or_throw.Marcus Brinkmann2017-11-261-1/+1
| | |
* | | Merge #1312 Fix documentation of compression/decompression update function.Jack Lloyd2017-11-251-2/+2
|\ \ \