aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Have TLS_Data_Reader decoding errors include the actual msg type namelloyd2014-04-1212-44/+47
|
* Bump versionlloyd2014-04-121-1/+1
|
* Verify that the server did not send any extension that the client didn'tlloyd2014-04-116-12/+41
| | | | offer. Previously the client only checked a couple of special cases.
* Update release note pointers1.11.9lloyd2014-04-102-6/+8
|
* Add 1.10.8 release noteslloyd2014-04-101-0/+12
|
* Fix a bug in Miller-Rabin primality testing introduced in 1.8.3lloyd2014-04-102-6/+14
| | | | | | | | where we chose a single random nonce and tested it repeatedly, rather than choosing new nonces each time. Reported by Jeff Marrison. Also remove a pointless comparison (also pointed out by Jeff) and add an initial test using a witness of 2.
* Better TLS checkslloyd2014-04-103-29/+48
|
* A std::deque's memory is not guaranteed to be contiguouslloyd2014-04-061-1/+1
|
* Make X.509 extension decoding failures point back to the problem extensionlloyd2014-04-052-10/+17
|
* Add ECDHE_ECDSA CCM suiteslloyd2014-04-051-2/+14
|
* X.509 path validation now performs all possible tests and returns alloyd2014-04-056-140/+165
| | | | | | set of error codes, instead of failing immediately on first error. This prevents a 'weak' error like an expired certificate from hiding a major error such as signature validation failure or hard revocation.
* Check Content-Length of HTTP responseslloyd2014-04-051-1/+10
|
* Fix an OCSP response decoding bug, we were not decoding KeyID properly.lloyd2014-04-052-4/+9
| | | | | | | | Also prioritize checking the status code before the dates, as otherwise an attacker could substitue a valid but expired response which marked the cert as revoked and we would still just return OCSP_EXPIRED. Obviously they can still play this game with an old (valid) OCSP response, but no point making it easy.
* Remove debug headerslloyd2014-04-051-3/+0
|
* Darwin featureslloyd2014-04-051-0/+2
|
* NetBSD portability fix and some performance tweaks in locking allocatorlloyd2014-04-052-2/+12
|
* Avoid a ubsan warning on GCC 4.9 due uninitialized sign enum beinglloyd2014-03-302-5/+1
| | | | read during swap (in the move constructor)
* Support 0 length salts in PSSR. Bugzilla 268lloyd2014-03-272-3/+12
|
* Add rng command which can dump RNG outputs or raw entropy sampleslloyd2014-03-224-2/+55
|
* Simpify HMAC_RNG reseeding process. Actually update HMAC_DRBG reseed counter.lloyd2014-03-226-63/+33
|
* Add RFC 6979 nonce generator. Also some HMAC_DRBG cleanups.lloyd2014-03-229-11/+175
|
* Add --program-suffix option to configurelloyd2014-03-224-17/+18
|
* Add HMAC_DRBGlloyd2014-03-219-22/+2650
|
* Let Clang choose whichever C++ library it preferslloyd2014-03-131-4/+3
|
* Fix release scriptlloyd2014-02-221-0/+1
|
* Use stdint.h instead of cstdint for Clang. Bugzilla 266lloyd2014-02-212-7/+12
|
* Fix Transformation_Filter namelloyd2014-02-211-2/+1
|
* Website tweakslloyd2014-02-194-22/+28
|
* Transformation_Filter calls send() inside of start_msg() which meanslloyd2014-02-172-0/+7
| | | | | | | | | | that any filters which follow in the pipe will get write() called on them before start_msg(), causing confusion and/or crashes. This patch fixes it for the case when start() returns an empty vector which covers all current use cases. I'll have to figure out another approach for the general case (or decide the general case isn't worth supporting and remove the return value from start).
* Missing include for std::to_string, noticed with Clang 3.4 w/ libc++lloyd2014-02-161-0/+2
|
* Don't assume the leading cert chain is presented in-orderlloyd2014-02-162-5/+20
|
* Add missing std includeslloyd2014-02-162-0/+2
|
* Fix macro feature checklloyd2014-02-151-1/+1
|
* Tick version to 1.11.9lloyd2014-02-152-1/+3
|
* Website tweakslloyd2014-02-152-28/+28
|
* Sort files in the dist archive by name instead of random (inode) orderlloyd2014-02-151-1/+7
|
* Release 1.11.81.11.8lloyd2014-02-143-8/+24
|
* Add --destdir option to configure.pylloyd2014-02-133-3/+7
|
* Ignore editor temp files when looking for sourceslloyd2014-02-131-2/+1
|
* Add config and version subcommandslloyd2014-02-132-35/+83
|
* Change X9.31 to automatically reseed if randomize is called while unseeded.lloyd2014-02-132-10/+15
| | | | | If no entropy sources at all are enabled in the build, throw an exception immediately rather than having the poll mysteriously fail.
* Fix warningslloyd2014-02-133-5/+6
|
* Cleanupslloyd2014-02-135-41/+43
|
* Also avoid tuning for 686lloyd2014-02-131-1/+2
|
* Set expectationslloyd2014-02-131-1/+1
|
* Remove unused includelloyd2014-02-131-1/+0
|
* Remove dependency on boost string algoslloyd2014-02-133-13/+30
|
* Remove global variableslloyd2014-02-131-71/+64
|
* Check the feature macro before assuming boost.filesystemlloyd2014-02-101-0/+7
|
* Update Clang flags. Remove unneeded includes of init.hlloyd2014-02-093-5/+4
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 08:49:54 +0000