aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add ChaCha20Poly1305 TLS ciphersuites compatible with Google's implementationlloyd2014-12-3110-125/+149
|
* Add helper and update commentlloyd2014-12-311-2/+8
|
* Support the older ChaCha20Poly1305 AEAD from draft-agl-tls-chacha20poly1305-04lloyd2014-12-313-10/+42
| | | | | which we distinguish by the nonce size (always 64 bits in this format, always 96 bits in the CFRG document).
* Fix one past the end write in Poly1305 finishlloyd2014-12-311-1/+1
|
* More info on AEAD decryption handlinglloyd2014-12-311-0/+10
|
* Decruftlloyd2014-12-312-15/+1
|
* Add AEAD based on ChaCha20 and Poly1305 defined in ↵lloyd2014-12-296-2/+262
| | | | draft-irtf-cfrg-chacha20-poly1305-03
* Handle malformed info.txt filelloyd2014-12-291-0/+2
|
* Add Poly1305, based on poly1305-donna by Andrew Moon.lloyd2014-12-2912-12/+626
|
* Support 96 bit nonces in ChaCha20 as specified in ↵lloyd2014-12-293-3/+21
| | | | draft-irtf-cfrg-chacha20-poly1305-03
* All tests now share an RNG. Uses system RNG if availablelloyd2014-12-2823-53/+65
|
* Update algoslloyd2014-12-271-1/+2
|
* Provide a test reportlloyd2014-12-271-0/+2
|
* When encrypting McEliece or Curve25519 keys, default to GCM instead of CBC.lloyd2014-12-274-14/+31
| | | | Add OIDS for OCB mode with various ciphers.
* Add Curve25519 based on curve25519-donna by Adam Langley.lloyd2014-12-2716-0/+1024
| | | | | | This uses only the c64 version from curve25519-donna; on systems that don't have a native uint128_t type, a donna128 type stands in for just enough 128-bit operations to satisfy donna.cpp
* Mention github issueslloyd2014-12-271-4/+5
|
* Fix header guards for amalgamation (github issue 35)lloyd2014-12-224-31/+31
|
* Printing too earlylloyd2014-12-221-4/+4
|
* Update download link and tick version number.lloyd2014-12-224-3/+7
|
* Update for 1.11.11 release1.11.11lloyd2014-12-221-1/+4
|
* Fix a couple things pointed out by VC++ warnings.lloyd2014-12-222-8/+3
|
* Remove obsolete examplelloyd2014-12-221-103/+0
|
* Fix System_RNG for Windows, fix nmake clean targetlloyd2014-12-222-3/+3
|
* Enable system_rng on Windows and MinGW (untested)lloyd2014-12-216-5/+27
|
* Stack protector flags are required also at link time, at least on MinGWlloyd2014-12-211-3/+3
| | | | Github issue 34
* Always need boost_system in cmdline due to asiolloyd2014-12-201-1/+1
|
* Update TLS doclloyd2014-12-201-11/+26
|
* Add abstract database interface so applications can easily store infolloyd2014-12-2013-311/+455
| | | | | | in places other than sqlite3, though sqlite3 remains the only implementation. The interface is currently limited to precisely the functionality the TLS session manager needs and will likely expand.
* Correct commentlloyd2014-12-181-2/+2
|
* Add MinGW support for the CryptoAPI RNG. Also disable the dependencieslloyd2014-12-174-10/+3
| | | | | | | | in auto_rng for a working entropy source as in situations where it doesn't work almost none of the library builds. Disable boost by default from the library. Github issue 34. Unrelated - remove long dead Tru64 as a target.
* New download directory structure.lloyd2014-12-172-6/+7
| | | | Point users at github issues instead of bugzilla.
* In OpenSSL engine drop support for public key operations. These PK ops just calllloyd2014-12-176-588/+0
| | | | | BN directly and so don't get the benefit of side channel protections in either OpenSSL's or Botan's implementations of the algorithms.
* Add 1.10.9 releaselloyd2014-12-132-5/+23
|
* Tick to 1.11.11lloyd2014-12-132-1/+4
|
* Make the connection between calling TLS::Channel::send and a newlloyd2014-12-131-3/+9
| | | | wire record being created more clear.
* Fix missing dependency in filters (Github pull 33 from tiwoc)lloyd2014-12-131-0/+1
|
* Update for 1.11.10 release1.11.10lloyd2014-12-102-16/+18
|
* Don't crash if /usr/share/ca-certificates doesn't existlloyd2014-12-101-1/+5
|
* Remove debug printlloyd2014-12-101-2/+0
|
* Implement RFC 6979 determinstic signatures for DSA and ECDSA.lloyd2014-12-1029-911/+331
| | | | | Drop the GNU MP engine. Its implementations were potentially faster in some scenarios but not well protected against side channels.
* Switch to using Montgomery ladder for EC point multiplication.lloyd2014-12-102-103/+79
| | | | | The test function create_random_point did not actually create a point on the curve - fix.
* Implement a strength estimator for McEliece keys based on HyMES versionlloyd2014-12-096-15/+125
|
* Figure out which decompressor to use based on the input file extension.lloyd2014-12-098-72/+123
| | | | | | | | Rename Bzip to Bzip2, and split Zlib and Deflate compressors into two completely distinct types rather than using a bool flag to the Zlib constructor. Ignore null pointers to our free implementation (LZMA does this).
* Cleanup for pbe name parsing in PKCS #8 encoderlloyd2014-12-082-16/+26
|
* Add a basic speed test for McEliecelloyd2014-12-083-7/+89
|
* Remove the Overbeck conversion at Dr. Strenzke's request.lloyd2014-12-065-330/+30
| | | | | | | | While a CCA2 proof of this scheme exists, it is written in German and for various reasons publishing a translation would be a complicated affair. Without a (well studied) English proof it is harder to understand the security of the overall scheme. Thus only KEM, which seems much easier to prove, will be offered.
* Add KEM scheme for McEliecefstrenzke2014-12-064-21/+179
|
* Add --with-everything optionlloyd2014-12-061-1/+7
|
* Nullptr cleanuplloyd2014-12-061-1/+1
|
* Untested support for using CryptGenRandom in System_RNGlloyd2014-12-061-0/+32
|