aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Avoid using target function attribute in Clang before 3.8Jack Lloyd2017-01-031-1/+1
| | | | | | | | | | We support 3.5 or higher generally, but only Clang 3.8 has the function attributes. This doesn't affect the build with older Clang because the makefile still sets file-wide ISA flags. GCC supports this attribute in all versions we support. Fixes GH #797
* Tweak AES text a bitJack Lloyd2017-01-021-20/+26
| | | | | | Finish a sentence in GCM [ci skip]
* Add some final annotations in the PK testsJack Lloyd2017-01-021-7/+7
|
* Convert DH invalid key test to read from fileJack Lloyd2017-01-023-42/+62
|
* Merge GH #790 Add DH tests from NIST CAVPJack Lloyd2017-01-024-3/+315
|\
| * Add test vectors for public key checks from NIST CAVPRené Korthaus2017-01-021-0/+39
| |
| * Load q for DH public key in testsRené Korthaus2017-01-021-1/+11
| |
| * Add positive DH test vectors from NIST CAVPRené Korthaus2017-01-024-2/+265
| |
* | Remove unhelpful firststep.rstJack Lloyd2017-01-022-39/+0
| | | | | | | | | | | | A general intro/outline doc would be useful, but this isn't it. [ci skip]
* | Update RNG doc [ci skip]Jack Lloyd2017-01-021-20/+14
| |
* | Merge GH #792 Fix BigInt::random_integer testJack Lloyd2017-01-021-9/+8
|\ \
| * | Increase value of ITERATIONS_PER_POSSIBLE_VALUE to 750Simon Warta2017-01-021-1/+2
| | | | | | | | | | | | to avoid test failures
| * | Simplify loop to foreach in test_random_integer()Simon Warta2017-01-021-2/+2
| | |
| * | Fix math in test_random_integer()Simon Warta2017-01-021-5/+3
| | | | | | | | | | | | | | | Removes complicated extra variable "dev", which was calculated incorrectly: if ratio = 0.0 then dev = 0.0, resulting in a test success.
| * | Rename ITERATIONS -> ITERATIONS_PER_POSSIBLE_VALUESimon Warta2017-01-021-3/+3
| |/
* | Merge GH #789 Avoid deprecated constructor in RSA testJack Lloyd2017-01-021-1/+1
|\ \
| * | Don't use deprecated PK_Signer ctor in testsRené Korthaus2017-01-011-1/+1
| |/
* | Merge GH #788 Add project goals statementJack Lloyd2017-01-022-0/+130
|\ \
| * | Add a statement of project goals (and non-goals)Jack Lloyd2016-12-302-0/+130
| | | | | | | | | | | | [ci skip]
* | | Merge GH #787 Add side channel docJack Lloyd2017-01-022-4/+396
|\ \ \ | |_|/ |/| |
| * | Address review comments on side channel docJack Lloyd2017-01-022-38/+79
| | | | | | | | | | | | [ci skip]
| * | Add a doc on side channel countermeasures and known issuesJack Lloyd2016-12-281-0/+351
| | | | | | | | | | | | [ci skip]
* | | Run python in coverage modeJack Lloyd2016-12-311-1/+1
| | |
* | | Add test for TPMJack Lloyd2016-12-311-0/+83
| | | | | | | | | | | | | | | | | | | | | Compiles, but basically untested as my machine with a working TPM suffered a fatal logic board failure some time ago. If TPM is compiled in but creating the TPM context fails, test assumes no hardware is available and returns.
* | | Fix for minimized buildJack Lloyd2016-12-311-1/+7
| | |
* | | Fix for EME-Raw being disabled as in BSI policyJack Lloyd2016-12-311-1/+8
| | |
* | | Remove SRP6 file supportJack Lloyd2016-12-313-133/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It turns out SRP6 files use a different base64 alphabet than standard, and additionally Botan's decoding of the group id seems wrong though I haven't verified this second was a bug. In any case this code couldn't parse anything it was supposed to and never could. I had already planned on adding a database backed SRP store and removing this code but the fact that it's actually not functional for purpose suggests it's best to remove this now rather than let someone chance upon it and be endlessly frustrated that it doesn't seem to work because all the verifiers are garbled.
* | | Add a simple test of the all or nothing transformJack Lloyd2016-12-312-2/+58
| | |
* | | Add test that triggers Blinder to reinitialize stateJack Lloyd2016-12-311-0/+36
| | |
* | | Improve filter testsJack Lloyd2016-12-316-8/+127
| | | | | | | | | | | | | | | | | | | | | Fix a bug in Pipe::check_available that must date back 15 years... Add destructors to compression filter so unique_ptr destructor runs without user having to include an extra header for the owned type.
* | | Another fix for missing SHA1, and workaround Apple Clang problem.Jack Lloyd2016-12-311-8/+9
| | |
* | | Fix test with SHA-1 disabledJack Lloyd2016-12-311-0/+3
| | |
* | | Missing addJack Lloyd2016-12-311-0/+1
| | |
* | | Add more tests for random prime and DL group generationJack Lloyd2016-12-303-3/+120
| | |
* | | Increase default TLS DH min to 2048 bits, and add BSI policy class.Jack Lloyd2016-12-309-8/+68
| | | | | | | | | | | | | | | Moves BSI policy file to test data dir where it can be compared with what the hardcoded class outputs.
* | | Update readmeJack Lloyd2016-12-301-23/+37
| | | | | | | | | | | | [ci skip]
* | | Small documentation updatesJack Lloyd2016-12-302-3/+14
| | | | | | | | | | | | [ci skip]
* | | Remove reference to CECPQ1_PSK OCB ciphersuite in test.Jack Lloyd2016-12-301-1/+0
| | | | | | | | | | | | | | | Initially planned, then decided to skip because supporting it requires more changes to the TLS handshake code than I want to do right now.
* | | Merge GH #785 Disable SHA-1 and weak RSA by default during cert validationJack Lloyd2016-12-305-13/+23
|\ \ \
| * | | Increase Path_Validation_Restrictions default min strength to 110Jack Lloyd2016-12-275-13/+23
| | | | | | | | | | | | | | | | | | | | Effectively disables 1024 bit RSA as well as SHA-1. Edit the tests where required to enable it again.
* | | | Add CECPQ1 OCB ciphersuitesJack Lloyd2016-12-303-25/+42
| | | | | | | | | | | | | | | | | | | | | | | | Clean up the ciphersuite generation script a bit. [ci skip]
* | | | Update todo [ci skip]Jack Lloyd2016-12-301-0/+2
| | | |
* | | | Disable OpenSSL in lcov scriptJack Lloyd2016-12-301-1/+1
| | | | | | | | | | | | | | | | | | | | Kind of confuses the output. And also seems to crash for me (somewhere deep inside OpenSSL). Unclear what the problem is there.
* | | | Tiny code simplificationJack Lloyd2016-12-301-3/+1
| | | |
* | | | Update ABI doc to reflect new versioning schemeJack Lloyd2016-12-301-13/+10
| |_|/ |/| | | | | | | | | | | | | | Also link to ABI report [ci skip]
* | | Add note about CECPQ1 in TLS manualJack Lloyd2016-12-281-0/+16
| | | | | | | | | | | | [ci skip]
* | | One more Camellia TLS test fixJack Lloyd2016-12-281-1/+8
| | |
* | | Misc doc tweaksJack Lloyd2016-12-284-11/+11
| |/ |/| | | | | [ci skip]
* | Fix Camellia TLS testsJack Lloyd2016-12-281-2/+9
| | | | | | | | | | | | Disabling SHA-256 in TLS 1.1/1.2 has the effect of disabling the Camellia ECDH ciphersuites. So the test policy ended up with an empty ciphersuite list, when negotiating older versions.
* | Merge GH #786 Fix fuzzer after #783 header changeJack Lloyd2016-12-281-1/+1
|\ \ | | | | | | | | | [ci skip]