aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Some documentation updates WRT DTLS and X.509 cert path processinglloyd2014-10-062-25/+100
|
* Add support for DTLS handshake timeouts and retransmissions.lloyd2014-10-068-65/+224
|
* Specify version number in message when we reject due to policylloyd2014-10-062-2/+4
|
* Handle new source filelloyd2014-10-061-4/+0
|
* Fix decoding indefinite length BER constructs that contain a contextlloyd2014-09-272-1/+4
| | | | sensitive tag of zero. Github pull 26 from Janusz Chorko.
* Don't bother polling std:: clocks if we have clock_gettimelloyd2014-08-091-32/+22
|
* Asserts here are nicelloyd2014-08-091-2/+7
|
* Move mul and square operations on a elliptic curve to CurveGFp so welloyd2014-08-094-213/+279
| | | | | can use different representations/operations depending on the curve (eg, using a specialized version for P-256 reduction)
* Have clear_mem just be a plain memset and only call the (slow)lloyd2014-08-092-2/+2
| | | | | zero_mem just before a deallocation where we are actually at risk of the compiler eliding the writes.
* Fix header guard for amalgamationlloyd2014-07-031-2/+2
|
* Erroring on strict-overflow is a little too strict, GCC 4.9 is smartlloyd2014-05-262-29/+25
|
* Remove unused test. Bugzilla 272lloyd2014-05-171-65/+0
|
* Correct CCM for L != 2. Bugzilla 270lloyd2014-05-163-1/+13
|
* merge of 'ae7e800adaf5627c6033a09814b7e3644e7d92b7'lloyd2014-05-161-3/+2
|\ | | | | | | and 'b0a68aa4287f0ccf387bb9e9196d4aa1a682fe77'
| * Avoid GCC 4.9 strict-overflow warninglloyd2014-05-031-3/+2
| |
* | VC2013 doesn't support __func__. Github #22lloyd2014-05-152-4/+10
| |
* | Visual C++'s iterator debugging gets cranky with &vec[vec.size()].lloyd2014-05-152-2/+2
|/ | | | Github #21
* Add default constructors to work around VC2013 issue. Github #17lloyd2014-05-012-0/+4
|
* Support restricting compiler ISAs to specific architectures. Specificallylloyd2014-05-012-8/+17
| | | | | to work around weird MSVC limitations in 32-bit mode, but maybe useful elsewhere someday. Github #11.
* Avoid initializer lists here, VC2013 doesn't like it. Github #18lloyd2014-05-012-5/+7
|
* Require one plausible entropy source in auto_rng, prevents the commonlloyd2014-04-271-0/+1
| | | | error of generating an amalagamation build with all of them disabled.
* Remove stub for testing applloyd2014-04-272-2/+0
|
* Any fixed MR iterations is probably wrong for somebody. Allow the userlloyd2014-04-2512-37/+91
| | | | | | to specify a probability as well as if n was randomly chosen or not. If the input is random use a better bounds to reduce the number of needed tests.
* Avoid std::chrono::steady_clock, missing in some distro gccslloyd2014-04-251-1/+0
|
* Avoid crash if read returns an error. Canonical case is on the blocking devicelloyd2014-04-241-1/+2
| | | | | with concurrent readers; if someone else got the entropy first we can get -1/errno=EAGAIN
* Doc fixlloyd2014-04-161-1/+1
|
* Use MADV_DONTDUMP on Linux, equiv to MAP_NOCORE on BSDlloyd2014-04-141-1/+5
|
* Use 20 Miller-Rabin iterations regardless of the size of the integer. Thislloyd2014-04-135-186/+47
| | | | | provides a much better worst-case error bound. Also take the nonce from anywhere in the usable range rather than limiting the bit size.
* Deindent to avoid github manglinglloyd2014-04-131-36/+34
|
* Compile fixlloyd2014-04-131-2/+2
|
* Have TLS_Data_Reader decoding errors include the actual msg type namelloyd2014-04-1212-44/+47
|
* Bump versionlloyd2014-04-121-1/+1
|
* Verify that the server did not send any extension that the client didn'tlloyd2014-04-116-12/+41
| | | | offer. Previously the client only checked a couple of special cases.
* Update release note pointers1.11.9lloyd2014-04-102-6/+8
|
* Add 1.10.8 release noteslloyd2014-04-101-0/+12
|
* Fix a bug in Miller-Rabin primality testing introduced in 1.8.3lloyd2014-04-102-6/+14
| | | | | | | | where we chose a single random nonce and tested it repeatedly, rather than choosing new nonces each time. Reported by Jeff Marrison. Also remove a pointless comparison (also pointed out by Jeff) and add an initial test using a witness of 2.
* Better TLS checkslloyd2014-04-103-29/+48
|
* A std::deque's memory is not guaranteed to be contiguouslloyd2014-04-061-1/+1
|
* Make X.509 extension decoding failures point back to the problem extensionlloyd2014-04-052-10/+17
|
* Add ECDHE_ECDSA CCM suiteslloyd2014-04-051-2/+14
|
* X.509 path validation now performs all possible tests and returns alloyd2014-04-056-140/+165
| | | | | | set of error codes, instead of failing immediately on first error. This prevents a 'weak' error like an expired certificate from hiding a major error such as signature validation failure or hard revocation.
* Check Content-Length of HTTP responseslloyd2014-04-051-1/+10
|
* Fix an OCSP response decoding bug, we were not decoding KeyID properly.lloyd2014-04-052-4/+9
| | | | | | | | Also prioritize checking the status code before the dates, as otherwise an attacker could substitue a valid but expired response which marked the cert as revoked and we would still just return OCSP_EXPIRED. Obviously they can still play this game with an old (valid) OCSP response, but no point making it easy.
* Remove debug headerslloyd2014-04-051-3/+0
|
* Darwin featureslloyd2014-04-051-0/+2
|
* NetBSD portability fix and some performance tweaks in locking allocatorlloyd2014-04-052-2/+12
|
* Avoid a ubsan warning on GCC 4.9 due uninitialized sign enum beinglloyd2014-03-302-5/+1
| | | | read during swap (in the move constructor)
* Support 0 length salts in PSSR. Bugzilla 268lloyd2014-03-272-3/+12
|
* Add rng command which can dump RNG outputs or raw entropy sampleslloyd2014-03-224-2/+55
|
* Simpify HMAC_RNG reseeding process. Actually update HMAC_DRBG reseed counter.lloyd2014-03-226-63/+33
|