aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix emphasislloyd2012-08-021-3/+2
|
* Add TLS::Protocol_Version::supports_ciphersuite_specific_prflloyd2012-08-024-14/+16
|
* Fix DTLS HelloVerify message decodinglloyd2012-08-021-3/+12
|
* Use m_ namespace member vars in CurveGFplloyd2012-08-011-35/+36
|
* Move monty_invert to numthry.h and use it in CurveGFp as welllloyd2012-08-014-51/+48
|
* Remove z_size parameter to bigint_monty_redc because it should alwayslloyd2012-08-014-26/+12
| | | | | | | | | | | be 2*(p_size+1). Document that it clears the high part of z. Don't clear the workspace before calling Karatsuba in bigint_mul or bigint_sqr - they clear it every time anyway. Don't bother masking words in the Montgomery_Exponentiator as redc zeros those words. Also don't bother calling z.clear() as the multiply operation does that already.
* Cleanup BigInt::cmplloyd2012-08-014-41/+43
| | | | | | Move bigint_divcore to divide.cpp which is the only place it is used. Probably not computationally intensive enough to really be worth optimizing in asm.
* Move all BigInt constructors to the top of the decllloyd2012-08-011-81/+82
|
* Remove BigInt::assignlloyd2012-08-013-28/+27
|
* Remove BigInt(NumberType type, size_t n) and replace it with a staticlloyd2012-08-0110-37/+26
| | | | BigInt function power_of_2. (Power2 was the only available NumberType)
* Remove all support for octal BigInt conversions.lloyd2012-08-015-39/+35
|
* Remove BigInt::get_reglloyd2012-08-013-13/+6
|
* Remove BigInt::operator[]. Use BigInt::word_at, which checks sizeslloyd2012-08-014-14/+12
|
* Remove BigInt::operator[] returning a mutable word referencelloyd2012-08-013-13/+9
|
* Rename the version of BigInt::data returning a mutable pointerlloyd2012-08-015-38/+38
| | | | to BigInt::mutable_data. Update callers.
* Remove the mutable version of BigInt::get_reglloyd2012-07-315-22/+18
|
* m_ namespace BigInt memberslloyd2012-07-313-40/+40
|
* Remove BigInt::grow_reg which was only used by a few tests.lloyd2012-07-313-18/+8
|
* Rename activate to more descriptive change_cipher_speclloyd2012-07-295-28/+41
|
* Use unique_ptr for handshake state, avoid lots of delete+nullptr assignlloyd2012-07-294-48/+43
|
* Clang warning about missing result typelloyd2012-07-291-1/+1
|
* If we're going to reject an insecure renegotiation, do it immediately,lloyd2012-07-293-41/+63
| | | | | | | | | | | | | even before parsing the client hello, since there is nothing the client can say in the hello that will change our mind about it. Call Policy::acceptable_protocol_version on the final negotiated version, not what the client offered! Clean up the server version choosing logic a bit. Add Protocol_Version::best_known_match which returns the 'best' version we know of matching a particular version.
* Helper func for loading 24 bit valuelloyd2012-07-281-8/+15
|
* Pass protocol to initiate_handshakelloyd2012-07-282-5/+7
|
* OpenSSL gets cranky if we send application data mid handshakelloyd2012-07-281-3/+2
|
* Combine client initial handshake and renegotiation in initiate_handshake.lloyd2012-07-282-55/+39
| | | | | | One behavioral change is we now send SNI on renegotation hellos. This is probably harmless (?) and might be helpful for the server in finding the right certs.
* Fix DTLS version string.lloyd2012-07-285-15/+27
| | | | | | Pass version to ciphersuite_list, avoid negotiating RC4 with DTLS Disable ECC <= 192 bits.
* Make Handshake_Writer non-copyablelloyd2012-07-281-0/+6
|
* Add format() hook to Handshake_Writer, so that Handshake_Hash does notlloyd2012-07-286-39/+34
| | | | | | | | need to know what the handshake format is. Remove unused functions from Handshake_Hash and store all handshake data as a plain std::vector, since as handshake information it is not sensitive.
* Add Public_Key::estimated_strength which gives an approximation of howlloyd2012-07-2712-14/+99
| | | | | | | hard that key is to break. Use it in cert path validation, rejecting keys with estimated strength less than 80 bits.
* Small doc tweakslloyd2012-07-275-20/+23
|
* Have the release script pull the datestamp from monotone, so it doeslloyd2012-07-253-17/+60
| | | | not need to be manually set before a release.
* Build on Sheevapluglloyd2012-07-241-0/+2
|
* Update for 1.11.0 release1.11.0lloyd2012-07-194-4/+6
|
* In RSA and RW signers, add the message contents to the RNG statelloyd2012-07-192-5/+9
|
* Fix divisibility check in DL_Group::make_dsa_generatorlloyd2012-07-191-3/+4
|
* Move EGD to the end of the priority list for entropy sources, as itlloyd2012-07-181-6/+6
| | | | | really is quite rare at this point given that all modern Unices have a /dev/random.
* Add 1.8.14 release noteslloyd2012-07-183-3/+21
|
* Some changes to HMAC_RNG:lloyd2012-07-182-23/+13
| | | | | | | | | | | | | - Only give out half of K in each iteration. This prevents an attacker who recovers the PRF key and knows some RNG outputs from being able to determine other RNG outputs. - Don't reset the counter on a reseed, and every 1024 outputs (16 Kbytes with default PRF) initiate a poll. - Don't ever reseed when called with add_entropy, just give it to the extractor, as we know that eventually we'll reseed at which time that input will be incorporated.
* Add FAQ entry for old Pythons having issues with configurelloyd2012-07-181-0/+30
|
* Add check for out of range DH keyslloyd2012-07-171-0/+3
|
* Add helper for writing 24-bit integerlloyd2012-07-161-2/+12
|
* Add a class that handles writing handshake messages instead of pushinglloyd2012-07-1624-166/+248
| | | | that task to Record_Writer. Needed for DTLS work.
* Sort by last namelloyd2012-07-131-5/+5
|
* Make page wider. QNX build report. Link to 1.10.2 notes in 1.10.3.lloyd2012-07-133-6/+10
|
* Add a set of power mod tests generated by python with highly regularlloyd2012-07-131-0/+2485
| | | | binary structure (tends to expose carry bugs, etc).
* Use uintptr_t in ptr_in_pool instead of size_t as uintptr_t is nowlloyd2012-07-132-6/+4
| | | | | | | | standard in C++11 and makes more sense than size_t Make m_poolsize a const. There is no real reason to reset it to zero if a failure occurs since a) we are throwing an exception anyway and b) we check for !m_pool first thing.
* Hook creating just the handshake reader vs the entire statelloyd2012-07-126-12/+12
|
* Add an optional parameter to TLS::Client specifying the port number.lloyd2012-07-129-48/+100
| | | | | | Pass this down into the session managers. Also document how to use session tickets with TLS servers.
* Changes to version handling in support of DTLS work.lloyd2012-07-1216-78/+114
| | | | | | | | | | | | | | | Add a few 'feature tests' to Protocol_Version which helps avoid some explicit comparisons. Additionally, remove the relational comparisons, except for operator> which is still used in a few locations. TLS::Policy has changed and no longer has min_version. The new hook that replaces it is acceptable_protocol_version, which should return true if and only if we are willing to negotiate the version returned. This leads to a somewhat cleaner result and additionally allows one to do maybe interesting though mostly useless things like allowing TLS 1.0 or 1.2 but not 1.1. Fix the version sent in the (unused) DTLS hello verify message.