Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix hardcoded SHA-1 in elgamal consistency check | René Korthaus | 2016-10-24 | 1 | -1/+1 |
| | |||||
* | Add gitter.im hooks+link | Jack Lloyd | 2016-10-24 | 2 | -0/+8 |
| | |||||
* | Limit locking_allocator only to OSes that even might support it. | Jack Lloyd | 2016-10-24 | 1 | -0/+8 |
| | | | | | | The pool allocator itself is portable code, but it doesn't do anything useful unless we have the ability to mlock/VirtualLock memory, which is OS specific. | ||||
* | Remove unneeded includes | Jack Lloyd | 2016-10-24 | 2 | -2/+0 |
| | |||||
* | Fixes for build without 25519 | Jack Lloyd | 2016-10-24 | 2 | -3/+6 |
| | |||||
* | Update release notes | Jack Lloyd | 2016-10-24 | 1 | -4/+12 |
| | | | | [ci skip] | ||||
* | Merge GH #673 X25519 TLS key exchange | Jack Lloyd | 2016-10-24 | 9 | -44/+113 |
|\ | |||||
| * | X25519 key exchange for TLS | Jack Lloyd | 2016-10-21 | 9 | -44/+113 |
| | | | | | | | | | | Client interops with google.com, server not tested against an independent client yet. | ||||
* | | Merge GH #675 Lucky13 countermeasures | Jack Lloyd | 2016-10-24 | 2 | -0/+82 |
|\ \ | |||||
| * | | Final changes, now using the countermeasure from the Lucky 13 paper again ↵ | Juraj Somorovsky | 2016-10-23 | 1 | -36/+32 |
| | | | | | | | | | | | | | | | | | | (or a countermeasure that is very similar to it). Timing differences in the test suite show at most 120 clock cycle difference (SHA-1/256/384). | ||||
| * | | SHA384 countermeasure (not perfect, but makes the attack harder) | Juraj Somorovsky | 2016-10-22 | 1 | -19/+27 |
| | | | |||||
| * | | Lucky 13 patch for SHA-1 and SHA-256 | Juraj Somorovsky | 2016-10-16 | 2 | -0/+78 |
| | | | |||||
* | | | Merge GH #679 Unify test naming | Jack Lloyd | 2016-10-24 | 4 | -5/+5 |
|\ \ \ | |||||
| * | | | Reunify registered test names [ci skip] | René Korthaus | 2016-10-23 | 4 | -5/+5 |
| | | | | |||||
* | | | | Merge GH #668: Remove Algo_Registry and associated global locks | Jack Lloyd | 2016-10-24 | 95 | -1673/+1485 |
|\ \ \ \ | |/ / / |/| | | | |||||
| * | | | ECIES ISO tests require SHA-1 | Jack Lloyd | 2016-10-21 | 1 | -1/+1 |
| | | | | |||||
| * | | | Missing include, noticed by Clang on OS X | Jack Lloyd | 2016-10-21 | 1 | -0/+1 |
| | | | | |||||
| * | | | Cleanup from rebase | Jack Lloyd | 2016-10-21 | 1 | -5/+0 |
| | | | | |||||
| * | | | Fix PSSR | Jack Lloyd | 2016-10-21 | 1 | -1/+1 |
| | | | | |||||
| * | | | Remove unused functions from SCAN_Name | Jack Lloyd | 2016-10-21 | 2 | -39/+0 |
| | | | | |||||
| * | | | Small cleanup in OpenSSL EC | Jack Lloyd | 2016-10-21 | 1 | -12/+13 |
| | | | | |||||
| * | | | Remove alias logic from SCAN_Name | Jack Lloyd | 2016-10-21 | 12 | -182/+168 |
| | | | | | | | | | | | | | | | | | | | | | | | | This required taking a global lock and doing a map lookup each time an algorithm was requested (and so many times during a TLS handshake). | ||||
| * | | | Remove Algo_Registry | Jack Lloyd | 2016-10-21 | 92 | -1551/+1419 |
| | |/ | |/| | | | | | | | | | | | | | | | | I repent my use of global constructors. I repent my use of global locks. Hopefully I will never touch this code again. :) | ||||
* | | | Merge GH #676 Fix invalid UTF-8 [ci skip] | Jack Lloyd | 2016-10-22 | 1 | -1/+1 |
|\ \ \ | |||||
| * | | | Fix invalid UTF-8 char in API doc [ci skip] | René Korthaus | 2016-10-22 | 1 | -1/+1 |
|/ / / | | | | | | | | | | | | | | | | An invalid UTF-8 character prevented Latex from generating a PDF document from the doxygen-generated Latex API docs via make pdf. | ||||
* | | | Initialize member variable (Coverity find) | Jack Lloyd | 2016-10-22 | 1 | -1/+1 |
| | | | |||||
* | | | Fix handling of file descriptor zero | Jack Lloyd | 2016-10-22 | 1 | -13/+11 |
| | | | | | | | | | | | | | | | If opening /dev/*random resulted in fd 0, we would both not use that RNG and leak the file descriptor. Found with Coverity. | ||||
* | | | Address some Coverity warnings | Jack Lloyd | 2016-10-22 | 3 | -9/+9 |
| | | | | | | | | | | | | Nothing exciting. | ||||
* | | | GH #674 Check Doxygen and Sphinx builds as part of CI | Jack Lloyd | 2016-10-22 | 8 | -19/+46 |
|\ \ \ | |||||
| * | | | Build the docs during CI | Jack Lloyd | 2016-10-22 | 8 | -19/+46 |
| |/ / | | | | | | | | | | Fix various doc building problems/warnings. | ||||
* | | | Fix Coverity scan | Jack Lloyd | 2016-10-22 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | The build interceptor got confused by use of g++-4.8 vs g++ This used to work but broke at some point. Fixes #612 | ||||
* | | | Don't test non-master branches on CircleCI either | Jack Lloyd | 2016-10-22 | 1 | -0/+5 |
| | | | |||||
* | | | Use correct macro for ECC in create_private_key | Jack Lloyd | 2016-10-22 | 1 | -1/+1 |
|/ / | |||||
* | | Allow setting the validation time during PKIX path validation | Jack Lloyd | 2016-10-21 | 3 | -19/+34 |
| | | | | | | | | | | | | | | Previously validation asked the system clock which is not always the correct thing (for example when using Roughtime protocol). Had been on the todo list forever, forced into it by some of the test certs expiring today. | ||||
* | | Add create_private_key, expose key loading functions in pk_algs.h | Jack Lloyd | 2016-10-20 | 9 | -153/+236 |
| | | |||||
* | | Tighten up TLS server handshake logic. | Jack Lloyd | 2016-10-20 | 1 | -20/+15 |
| | | | | | | | | | | | | | | | | | | Previously client was allowed to omit the Certificate message, a leftover from supporting SSLv3. In all versions of TLS, an empty message must be sent if the client does not want to use a cert. No known security impact, but nothing we need to allow anymore. Clean up the handshake switch a bit by using return statements. | ||||
* | | cli: Add dl_group_info cmdlet | Jack Lloyd | 2016-10-20 | 1 | -0/+24 |
| | | |||||
* | | Update release notes | Jack Lloyd | 2016-10-20 | 1 | -0/+29 |
| | | |||||
* | | Merge GH #669 Add SHA-3, SHAKE-128, and BoringSSL-mode NewHope | Jack Lloyd | 2016-10-20 | 20 | -215/+5161 |
|\ \ | |||||
| * | | Update policy files for SHA-3 | Jack Lloyd | 2016-10-19 | 2 | -1/+3 |
| | | | | | | | | | | | | BSI drops Keccak in favor of SHA-3. Modern adds SHA-3 and SHAKE-128. | ||||
| * | | Add SHAKE-128 as stream cipher | Jack Lloyd | 2016-10-19 | 9 | -106/+3619 |
| | | | | | | | | | | | | | | | Updates NewHope to use that instead of the hard-coded SHAKE-128, and adds toggle for BoringSSL compat mode using AES-128/CTR + SHA-256. | ||||
| * | | Add proper SHA-3 | Jack Lloyd | 2016-10-19 | 12 | -120/+1551 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Kind of a copy and paste of Keccak, but only a single copy of the permutation at least. Keccak depends on SHA-3 instead of the reverse, so that SHA-3 can be enabled without also bringing in an unapproved hash function. Updates newhope code and removes API function newhope_hash which was an unofficial SHA-3-256. | ||||
* | | | Merge GH #671 Allow eme_raw in BSI mode | Jack Lloyd | 2016-10-20 | 1 | -1/+0 |
|\ \ \ | |||||
| * | | | we do the padding ourself so eme_raw is fine | Daniel Neus | 2016-10-20 | 1 | -1/+0 |
| |/ / | | | | | | | | | | So it shouldn't be prohibited in the module policy | ||||
* | | | Merge GH #670 Improve Doxygen coverage | Jack Lloyd | 2016-10-20 | 93 | -142/+882 |
|\ \ \ | |/ / |/| | | |||||
| * | | Reorganize anon namespace code to fix last doxygen warn [ci skip] | René Korthaus | 2016-10-20 | 1 | -8/+8 |
| | | | |||||
| * | | Predefine some variables for doxygen [ci skip] | René Korthaus | 2016-10-20 | 1 | -1/+8 |
| | | | |||||
| * | | Remove obsolete doxygen tag [ci skip] | René Korthaus | 2016-10-19 | 1 | -1/+0 |
| | | | |||||
| * | | Fix doxygen warnings [ci skip] | René Korthaus | 2016-10-19 | 39 | -58/+101 |
| | | | |||||
| * | | Minor doxygen fixes [ci skip] | René Korthaus | 2016-10-19 | 10 | -10/+10 |
| | | |