aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge GH #2351 Update cli documentationJack Lloyd2020-05-082-32/+107
|\
| * update CLI documentationPhilippe Lieser2020-05-082-32/+107
|/
* Deprecate the KDF truncation behavior [ci skip]Jack Lloyd2020-05-061-0/+5
| | | | See #2347
* Update newsJack Lloyd2020-05-011-0/+5
|
* Merge GH #2346 Make AES key expansion constant timeJack Lloyd2020-05-012-38/+255
|\
| * Make AES key expansion constant timeJack Lloyd2020-05-012-38/+255
| |
* | Fix ReST headerJack Lloyd2020-05-011-1/+1
|/
* Merge GH #2345 Add more documentation on build/configureJack Lloyd2020-04-303-39/+81
|\
| * add some missing building and configure documentationPhilippe Lieser2020-04-293-39/+81
| |
* | Split up deprecated headers by reason for deprecationJack Lloyd2020-04-301-41/+49
|/
* Merge GH #2338 TLS record layer cleanupsJack Lloyd2020-04-263-32/+67
|\
| * Small refactorings of TLS record layerJack Lloyd2020-04-243-32/+67
| | | | | | | | Reduces some code duplication in #2320
* | Merge GH #2342 Small Clang 10 fixesJack Lloyd2020-04-255-9/+11
|\ \
| * | Avoid copying in range based for loopsJack Lloyd2020-04-244-7/+7
| | | | | | | | | | | | This is a new warning in Clang 10
| * | Avoid a new Clang 10 ASan findingJack Lloyd2020-04-241-2/+4
| |/ | | | | | | | | It doesn't like expressions that evaluate to nullptr + non-zero, even though in the end we didn't do anything with the pointer.
* / Documentation and deprecation updatesJack Lloyd2020-04-255-27/+70
|/ | | | | | | | | | | | | | | Deprecate XTEA, GOST cipher, and Tiger. GOST cipher is (AFAIK) no longer approved in Russia, so no reason to keep it. XTEA is obscure. Only reason it was saved in the last round of deprecations was its existance in Golang's x/crypto - but now x/crypto has deprecated it, so ... Found out today that Tiger has a full-round preimage attack. Not practical but still... and with it being almost never used or implemented, more than enough to push it onto the deprecation list.
* Merge GH #2341 Fix OCSP online test to handle down serverJack Lloyd2020-04-241-1/+3
|\
| * Fix OCSP online testJack Lloyd2020-04-241-1/+3
| | | | | | | | | | The Identrust OCSP server is down right now, accept either status good or server not available as responses.
* | Merge GH #2340 Work around a problem in AppVeyor imageJack Lloyd2020-04-241-1/+1
|\ \ | |/ |/|
| * Use the 2017 image for AppVeyor MinGW buildJack Lloyd2020-04-241-1/+1
|/ | | | | MinGW is broken on the latest version of the 2019 image: https://github.com/appveyor/ci/issues/3392
* Update newsJack Lloyd2020-04-221-0/+7
|
* More todosJack Lloyd2020-04-221-0/+2
|
* Bump so versionJack Lloyd2020-04-221-1/+1
|
* Merge GH #2249 Add a test of Microsoft's CVE-2020-0601Jack Lloyd2020-04-224-0/+108
|\
| * Add a test of CVE-2020-0601Jack Lloyd2020-01-284-0/+108
| | | | | | | | Closes #2242
* | Merge GH #2322 Workaround GCC UbSan false positive in XMSSJack Lloyd2020-04-2211-127/+96
|\ \
| * | Enable UbSan in GCCJack Lloyd2020-04-061-2/+1
| | |
| * | Avoid UbSan false positive in GCCJack Lloyd2020-04-0610-125/+95
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unfortunately GCC's UbSan errors out when we cast the function pointer derived from XMSS_Common_Ops as a XMSS_PrivateKey::* then use an XMSS_PrivateKey* as this. Clang accepts it. Curiously, it works in GCC if we use an XMSS_Common_Ops::* instead, but Clang rejects that at compile time. Short of compiler specific logic which is probably fragile, just make everything from XMSS_Common_Ops static instead of being inherited.
* | | Merge GH #2334 Use guard pages before and after mlocked pagesJack Lloyd2020-04-221-13/+16
|\ \ \
| * | | Add guard pages both before and after mlock'ed pagesJack Lloyd2020-04-181-13/+16
|/ / / | | | | | | | | | | | | The header comment already claimed this was the case but only a trailing guard was used.
* | | In the cli, init the mlock allocator before entering sandboxJack Lloyd2020-04-092-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | Currently OpenBSD port disables pledge because pledge doesn't have a flag for mlock. By initializing first, we can still use the allocator. Later (during shutdown) the munlock call will fail but will just fail with ENOSYS which is ignored, then we munmap the memory to free it which will unlock as a side-effect.
* | | Update newsJack Lloyd2020-04-091-0/+6
| | |
* | | Blacklist only Sphinx 3.0Jack Lloyd2020-04-091-1/+1
| | | | | | | | | | | | | | | | | | Bug has already been fixed upstream so future 3.0.1 and 3.1 will work. Current regex only grabs the major/minor versions not the patch, so this leaves parallel builds still disabled for future 3.0.1
* | | Merge GH #2326 Avoid parallel builds using Sphinx 3.0Jack Lloyd2020-04-091-3/+17
|\ \ \
| * | | If regex doesn't match, default to disabling use of -jJack Lloyd2020-04-081-2/+9
| | | |
| * | | Avoid using concurrency with Sphinx 3.0 due to a bug in that versionJack Lloyd2020-04-081-1/+8
|/ / / | | | | | | | | | | | | https://github.com/sphinx-doc/sphinx/issues/7438 https://github.com/randombit/botan/issues/2324
* | | Merge GH #2325 Fix flake GOST test closing #2197Jack Lloyd2020-04-076-34/+51
|\ \ \
| * | | Fix flaky GOST 34.10 signature testJack Lloyd2020-04-076-34/+51
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The problem was a race between the GOST 34.10 signature and verification tests. Each registered an EC group, but signature registered it with an OID and verification without. If during threaded test runs, verificatino ran first, then signature would fail because there was no OID. Fix the tests by registering using an OID in both cases. Also fix EC_Group registration so if the same group is registered with and without an OID, we update the internal state to use the OID. Fixes GH #2197
* | | Fix duplicated function definitions in Python docJack Lloyd2020-04-071-10/+2
| | |
* | | Tick version to 2.15.0Jack Lloyd2020-04-072-1/+4
| | |
* | | Fixes for test_all_configs scriptJack Lloyd2020-04-071-4/+11
| | |
* | | Fix a couple more build and test failures in certain configurationsJack Lloyd2020-04-072-3/+12
| | |
* | | Fix a ftbfs if ECDSA is disabledJack Lloyd2020-04-061-7/+9
|/ /
* | Update for 2.14.0 release2.14.0Jack Lloyd2020-04-062-5/+6
| |
* | Don't return empty vector from raw_xxx_dn_sha256 if SHA-256 disabledJack Lloyd2020-04-061-0/+4
| | | | | | | | | | | | This can't happen currently because x509 module has a hard dep on SHA-256 but if that changed in the future it would expose incorrect behavior.
* | Now ppc64le and aarch64 are tested in CIJack Lloyd2020-04-061-1/+0
| |
* | Merge GH #2321 Fix undefined shift during DTLS reconnectionJack Lloyd2020-04-052-2/+20
|\ \
| * | Fix an undefined shift operation when DTLS reconnection occursJack Lloyd2020-04-052-2/+20
|/ /
* | Update newsJack Lloyd2020-04-011-2/+11
| |
* | Merge GH #2312 Make CBC padding constant timeJack Lloyd2020-04-016-52/+197
|\ \
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 19:43:03 +0000