Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix emphasis | lloyd | 2012-08-02 | 1 | -3/+2 |
| | |||||
* | Add TLS::Protocol_Version::supports_ciphersuite_specific_prf | lloyd | 2012-08-02 | 4 | -14/+16 |
| | |||||
* | Fix DTLS HelloVerify message decoding | lloyd | 2012-08-02 | 1 | -3/+12 |
| | |||||
* | Use m_ namespace member vars in CurveGFp | lloyd | 2012-08-01 | 1 | -35/+36 |
| | |||||
* | Move monty_invert to numthry.h and use it in CurveGFp as well | lloyd | 2012-08-01 | 4 | -51/+48 |
| | |||||
* | Remove z_size parameter to bigint_monty_redc because it should always | lloyd | 2012-08-01 | 4 | -26/+12 |
| | | | | | | | | | | | be 2*(p_size+1). Document that it clears the high part of z. Don't clear the workspace before calling Karatsuba in bigint_mul or bigint_sqr - they clear it every time anyway. Don't bother masking words in the Montgomery_Exponentiator as redc zeros those words. Also don't bother calling z.clear() as the multiply operation does that already. | ||||
* | Cleanup BigInt::cmp | lloyd | 2012-08-01 | 4 | -41/+43 |
| | | | | | | Move bigint_divcore to divide.cpp which is the only place it is used. Probably not computationally intensive enough to really be worth optimizing in asm. | ||||
* | Move all BigInt constructors to the top of the decl | lloyd | 2012-08-01 | 1 | -81/+82 |
| | |||||
* | Remove BigInt::assign | lloyd | 2012-08-01 | 3 | -28/+27 |
| | |||||
* | Remove BigInt(NumberType type, size_t n) and replace it with a static | lloyd | 2012-08-01 | 10 | -37/+26 |
| | | | | BigInt function power_of_2. (Power2 was the only available NumberType) | ||||
* | Remove all support for octal BigInt conversions. | lloyd | 2012-08-01 | 5 | -39/+35 |
| | |||||
* | Remove BigInt::get_reg | lloyd | 2012-08-01 | 3 | -13/+6 |
| | |||||
* | Remove BigInt::operator[]. Use BigInt::word_at, which checks sizes | lloyd | 2012-08-01 | 4 | -14/+12 |
| | |||||
* | Remove BigInt::operator[] returning a mutable word reference | lloyd | 2012-08-01 | 3 | -13/+9 |
| | |||||
* | Rename the version of BigInt::data returning a mutable pointer | lloyd | 2012-08-01 | 5 | -38/+38 |
| | | | | to BigInt::mutable_data. Update callers. | ||||
* | Remove the mutable version of BigInt::get_reg | lloyd | 2012-07-31 | 5 | -22/+18 |
| | |||||
* | m_ namespace BigInt members | lloyd | 2012-07-31 | 3 | -40/+40 |
| | |||||
* | Remove BigInt::grow_reg which was only used by a few tests. | lloyd | 2012-07-31 | 3 | -18/+8 |
| | |||||
* | Rename activate to more descriptive change_cipher_spec | lloyd | 2012-07-29 | 5 | -28/+41 |
| | |||||
* | Use unique_ptr for handshake state, avoid lots of delete+nullptr assign | lloyd | 2012-07-29 | 4 | -48/+43 |
| | |||||
* | Clang warning about missing result type | lloyd | 2012-07-29 | 1 | -1/+1 |
| | |||||
* | If we're going to reject an insecure renegotiation, do it immediately, | lloyd | 2012-07-29 | 3 | -41/+63 |
| | | | | | | | | | | | | | even before parsing the client hello, since there is nothing the client can say in the hello that will change our mind about it. Call Policy::acceptable_protocol_version on the final negotiated version, not what the client offered! Clean up the server version choosing logic a bit. Add Protocol_Version::best_known_match which returns the 'best' version we know of matching a particular version. | ||||
* | Helper func for loading 24 bit value | lloyd | 2012-07-28 | 1 | -8/+15 |
| | |||||
* | Pass protocol to initiate_handshake | lloyd | 2012-07-28 | 2 | -5/+7 |
| | |||||
* | OpenSSL gets cranky if we send application data mid handshake | lloyd | 2012-07-28 | 1 | -3/+2 |
| | |||||
* | Combine client initial handshake and renegotiation in initiate_handshake. | lloyd | 2012-07-28 | 2 | -55/+39 |
| | | | | | | One behavioral change is we now send SNI on renegotation hellos. This is probably harmless (?) and might be helpful for the server in finding the right certs. | ||||
* | Fix DTLS version string. | lloyd | 2012-07-28 | 5 | -15/+27 |
| | | | | | | Pass version to ciphersuite_list, avoid negotiating RC4 with DTLS Disable ECC <= 192 bits. | ||||
* | Make Handshake_Writer non-copyable | lloyd | 2012-07-28 | 1 | -0/+6 |
| | |||||
* | Add format() hook to Handshake_Writer, so that Handshake_Hash does not | lloyd | 2012-07-28 | 6 | -39/+34 |
| | | | | | | | | need to know what the handshake format is. Remove unused functions from Handshake_Hash and store all handshake data as a plain std::vector, since as handshake information it is not sensitive. | ||||
* | Add Public_Key::estimated_strength which gives an approximation of how | lloyd | 2012-07-27 | 12 | -14/+99 |
| | | | | | | | hard that key is to break. Use it in cert path validation, rejecting keys with estimated strength less than 80 bits. | ||||
* | Small doc tweaks | lloyd | 2012-07-27 | 5 | -20/+23 |
| | |||||
* | Have the release script pull the datestamp from monotone, so it does | lloyd | 2012-07-25 | 3 | -17/+60 |
| | | | | not need to be manually set before a release. | ||||
* | Build on Sheevaplug | lloyd | 2012-07-24 | 1 | -0/+2 |
| | |||||
* | Update for 1.11.0 release1.11.0 | lloyd | 2012-07-19 | 4 | -4/+6 |
| | |||||
* | In RSA and RW signers, add the message contents to the RNG state | lloyd | 2012-07-19 | 2 | -5/+9 |
| | |||||
* | Fix divisibility check in DL_Group::make_dsa_generator | lloyd | 2012-07-19 | 1 | -3/+4 |
| | |||||
* | Move EGD to the end of the priority list for entropy sources, as it | lloyd | 2012-07-18 | 1 | -6/+6 |
| | | | | | really is quite rare at this point given that all modern Unices have a /dev/random. | ||||
* | Add 1.8.14 release notes | lloyd | 2012-07-18 | 3 | -3/+21 |
| | |||||
* | Some changes to HMAC_RNG: | lloyd | 2012-07-18 | 2 | -23/+13 |
| | | | | | | | | | | | | | - Only give out half of K in each iteration. This prevents an attacker who recovers the PRF key and knows some RNG outputs from being able to determine other RNG outputs. - Don't reset the counter on a reseed, and every 1024 outputs (16 Kbytes with default PRF) initiate a poll. - Don't ever reseed when called with add_entropy, just give it to the extractor, as we know that eventually we'll reseed at which time that input will be incorporated. | ||||
* | Add FAQ entry for old Pythons having issues with configure | lloyd | 2012-07-18 | 1 | -0/+30 |
| | |||||
* | Add check for out of range DH keys | lloyd | 2012-07-17 | 1 | -0/+3 |
| | |||||
* | Add helper for writing 24-bit integer | lloyd | 2012-07-16 | 1 | -2/+12 |
| | |||||
* | Add a class that handles writing handshake messages instead of pushing | lloyd | 2012-07-16 | 24 | -166/+248 |
| | | | | that task to Record_Writer. Needed for DTLS work. | ||||
* | Sort by last name | lloyd | 2012-07-13 | 1 | -5/+5 |
| | |||||
* | Make page wider. QNX build report. Link to 1.10.2 notes in 1.10.3. | lloyd | 2012-07-13 | 3 | -6/+10 |
| | |||||
* | Add a set of power mod tests generated by python with highly regular | lloyd | 2012-07-13 | 1 | -0/+2485 |
| | | | | binary structure (tends to expose carry bugs, etc). | ||||
* | Use uintptr_t in ptr_in_pool instead of size_t as uintptr_t is now | lloyd | 2012-07-13 | 2 | -6/+4 |
| | | | | | | | | standard in C++11 and makes more sense than size_t Make m_poolsize a const. There is no real reason to reset it to zero if a failure occurs since a) we are throwing an exception anyway and b) we check for !m_pool first thing. | ||||
* | Hook creating just the handshake reader vs the entire state | lloyd | 2012-07-12 | 6 | -12/+12 |
| | |||||
* | Add an optional parameter to TLS::Client specifying the port number. | lloyd | 2012-07-12 | 9 | -48/+100 |
| | | | | | | Pass this down into the session managers. Also document how to use session tickets with TLS servers. | ||||
* | Changes to version handling in support of DTLS work. | lloyd | 2012-07-12 | 16 | -78/+114 |
| | | | | | | | | | | | | | | | Add a few 'feature tests' to Protocol_Version which helps avoid some explicit comparisons. Additionally, remove the relational comparisons, except for operator> which is still used in a few locations. TLS::Policy has changed and no longer has min_version. The new hook that replaces it is acceptable_protocol_version, which should return true if and only if we are willing to negotiate the version returned. This leads to a somewhat cleaner result and additionally allows one to do maybe interesting though mostly useless things like allowing TLS 1.0 or 1.2 but not 1.1. Fix the version sent in the (unused) DTLS hello verify message. |