aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Remove bogus declJack Lloyd2016-09-051-2/+0
|
* Merge GH #613 NewHope R-LWE key exchangeJack Lloyd2016-09-059-7/+6876
|\
| * Fix tests on things that are not little endianJack Lloyd2016-08-301-12/+6
| |
| * Newhope is really limited by RNG speed.Jack Lloyd2016-08-301-5/+33
| | | | | | | | 4x-8x overall speedup switching from HMAC_DRBG to ChaCha20
| * Avoid requiring alignment (think this was just for the AVX2 version)Jack Lloyd2016-08-302-37/+35
| | | | | | | | Change to standard int types
| * Fix tests with newhope disabledJack Lloyd2016-08-301-3/+10
| |
| * Fix header guard, macro tidyJack Lloyd2016-08-302-5/+7
| |
| * Add NEWHOPE KEM schemeJack Lloyd2016-08-309-7/+6847
| | | | | | | | | | | | | | | | | | | | Provides conjectured 200-bit security against a quantum attacker. Based on the public domain reference implementation at https://github.com/tpoeppelmann/newhope and bit-for-bit compatible with that version. Test vectors generated by the reference testvector.c
* | No need for long all-zero input after cd9f852Jack Lloyd2016-09-051-1/+0
| |
* | Merge GH #616 ChaCha SSE2 optimizationsJack Lloyd2016-09-056-72/+371
|\ \
| * | Avoid _mm_set_epi64x which is missing on 32-bit MSVC 12Jack Lloyd2016-09-021-8/+8
| | |
| * | Correct macro checkJack Lloyd2016-09-012-2/+2
| | |
| * | Missing increment in SSE2 version, broke ChaCha20Poly1305 testsJack Lloyd2016-09-012-0/+11
| | | | | | | | | | | | But not any ChaCha20 tests due to no long test inputs. Add one.
| * | 4x interleaved SSE2Jack Lloyd2016-09-012-69/+228
| | |
| * | ChaCha 4 waysJack Lloyd2016-09-013-129/+153
| | |
| * | SSE2 ChaChaJack Lloyd2016-09-014-6/+111
| | |
* | | Merge GH #624 Use compiler generated operators in X509_CertificateJack Lloyd2016-09-053-30/+4
|\ \ \
| * | | Make copy constructor and assignment defaultRené Korthaus2016-09-052-29/+2
| | | |
| * | | Call base class assignment operator in X509_CertificateRené Korthaus2016-09-042-2/+3
| | | |
* | | | Merge GH #621 Make amalgamation build simplerJack Lloyd2016-09-042-8/+20
|\ \ \ \
| * | | | Simplify amalgamation generationSimon Warta2016-09-042-8/+20
| |/ / /
* / / / Update BSI_TR-02102-2.txtJuraj Somorovsky2016-09-031-1/+0
|/ / / | | | | | | Duplicate ecc_curves entry.
* | | Update news and deprecated filesJack Lloyd2016-09-022-11/+5
| | |
* | | Merge GH #580 Remove deprecated algosJack Lloyd2016-09-0275-14777/+190
|\ \ \
| * | | Update policy files wrt algorithm removalsJack Lloyd2016-09-022-13/+0
| | | |
| * | | Update readme wrt removed algorithmsJack Lloyd2016-09-021-6/+2
| | | |
| * | | Remove IF_Scheme_{Public,Private}KeyJack Lloyd2016-09-026-283/+186
| | | | | | | | | | | | | | | | | | | | | | | | With the removal of Rabin-Williams, RSA is the only remaining subclass, And it's very unlikely any new integer factorization based scheme would be added in the future.
| * | | Remove XTEA SIMD implJack Lloyd2016-09-023-165/+0
| | | | | | | | | | | | | | | | | | | | Testing showed no actual speedup on either i7 (SSE2) or POWER7 (Altivec), so it is just dead weight.
| * | | Remove deprecated Nyberg-Rueppel and Rabin-Williams signaturesJack Lloyd2016-09-0215-972/+1
| | | |
| * | | Remove deprecated hashes MD2, HAS-160, and RIPEMD-128Jack Lloyd2016-09-0220-999/+0
| | | |
| * | | Remove deprecated ciphers MARS, RC2, RC5, RC6, SAFER-SK and TEAJack Lloyd2016-09-0231-12339/+1
|/ / / | | | | | | | | | | | | XTEA was also deprecated but has been spared, it does seem to be somewhat common (eg, included in the Go x/crypto library)
* / / Let the input arg to stream cipher test be optional.Jack Lloyd2016-09-013-98/+5
|/ / | | | | | | | | | | If ommitted, assume an all zero input. Remove some In = 0000... from test files.
* | Merge GH #610 Fix coverageJack Lloyd2016-09-011-3/+3
|\ \
| * | new tryDaniel Neus2016-09-011-3/+3
| | |
| * | fix coverageDaniel Neus2016-08-281-2/+2
| | |
* | | get_processor_timestamp should never return 0 if it can help it.Jack Lloyd2016-09-011-16/+59
| | | | | | | | | | | | | | | | | | | | | For example it used to return 0 on Linux/ARM... If no QPC or asm version, use clock_gettime if available, or else std::chrono::high_resolution_clock as a fallback.
* | | Bump version to 1.11.32-preJack Lloyd2016-09-012-1/+13
| | |
* | | Check for non-existent modules in policy files.Jack Lloyd2016-09-013-10/+20
| | | | | | | | | | | | | | | | | | Fix policy files. GH #614
* | | Merge GH #578/#492: TLS EtM extension and new policy togglesJack Lloyd2016-08-3125-132/+620
|\ \ \
| * \ \ Merge master into this branch, resolving conflicts with #457/#576Jack Lloyd2016-08-31372-15386/+39453
| |\ \ \ | | | | | | | | | | | | | | | which recently landed on master.
| * | | | Address some issues with PR 492Jack Lloyd2016-08-1316-58/+123
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds copyright notices for Juraj Somorovsky and Christian Mainka of Hackmanit for the changes in 7c7fcecbe6a and 6d327f879c Add Policy::check_peer_key_acceptable which lets the app set an arbitrary callback for examining keys - both the end entity signature keys from certificates and the peer PFS public keys. Default impl checks that the algorithm size matches the min keylength. This centralizes this logic and lets the application do interesting things. Adds a policy for ECDSA group size checks. Increases default policy minimums to 2048 RSA and 256 ECC. (Maybe I'm an optimist after all.)
| * | | | Merge branch 'master' into Encrypt-then-MAC-with-policyJuraj Somorovsky2016-05-1228-80/+104
| |\ \ \ \ | | | | | | | | | | | | | | | | | | Merged recent changes and resolved minor conflicts in tls record classes.
| * | | | | Encrypt-then-MAC extension (RFC 7366)Juraj Somorovsky2016-05-1120-112/+372
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduced a countermeasure against the logjam attack Short TLS records (AES-CBC) now return BAD_RECORD_MAC Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
| * | | | | TLS Policy supportChristian Mainka2016-05-038-27/+193
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * --policy works for TLS Server and TLS Client * Example policy BSI_TR-02102-2.txt * Fine granular configuration for TLS 1.0, 1.1, 1.2 and DTLS 1.0 and 1.2 * Minimum ecdh and rsa group size
* | | | | | Fix TLS build with SRP6 disabledJack Lloyd2016-08-311-1/+1
| |_|/ / / |/| | | |
* | | | | Maintainer mode fixesJack Lloyd2016-08-313-4/+4
| | | | |
* | | | | HMAC_RNG ignored its entropy_source argument :(Jack Lloyd2016-08-311-1/+1
| | | | |
* | | | | Fix another unused variable warningJack Lloyd2016-08-311-1/+1
| | | | |
* | | | | Move some Callback functions to a source file.Jack Lloyd2016-08-312-7/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Just to avoid the unused parameter warning (we want the parameter to be named in the header for documentation purposes, but in that case GCC warns that the param is unused).
* | | | | Remove debug printfJack Lloyd2016-08-311-1/+0
| | | | |