aboutsummaryrefslogtreecommitdiffstats
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* Specific ideas re PGP supportJack Lloyd2016-04-151-3/+15
|
* Don't reject TLS packets with zero plaintext bytesJack Lloyd2016-04-151-0/+5
| | | | | | | | OpenSSL sends an empty record before each new data record in TLS v1.0 to randomize the IV, as a countermeasure to the BEAST attack. Most implementations use 1/(n-1) splitting for this instead. Bug introduced with the const time changes in 1.11.23
* Fix formatting bugs in TLS docJack Lloyd2016-04-131-11/+6
| | | | | | | Fixes GH #460 Closes GH #474 [ci skip]
* Add support for ChaCha(12)Jack Lloyd2016-04-091-1/+0
|
* Update OCB ciphersuites to follow new nonce scheme from -04 draftJack Lloyd2016-04-041-0/+5
|
* More todosJack Lloyd2016-04-031-2/+8
|
* Add IETF standard ChaCha20Poly1305 ciphersuites to TLSJack Lloyd2016-03-232-1/+12
|
* Typo fixJack Lloyd2016-03-221-1/+1
| | | | [ci skip]
* Release 1.11.291.11.29Jack Lloyd2016-03-202-11/+103
|
* Remove support for TLS v1.2 MD5 and SHA-224 signatures.Jack Lloyd2016-03-171-7/+4
| | | | | | | | | Remove support for weak ECC curves (anything under P-256) from TLS. This includes secp256k1 since we don't take advantage of the special form for any performance advantage; might as well use P-256. The manual still mentioned that it was possible to use MD5 in Policy::allowed_macs, but all HMAC-MD5 suites are already removed.
* Deprecate Rabin-WilliamsJack Lloyd2016-03-161-0/+4
|
* Merge GH #454 X.509 name constraintsJack Lloyd2016-03-162-1/+1
|\
| * Changes from GH #454 reviewJack Lloyd2016-03-162-1/+1
| |
* | TLS client featuresJack Lloyd2016-03-161-3/+8
| | | | | | | | | | | | Add flags --policy, --print-certs, --tls1.0, --tls1.1, --tls1.2 Update todo
* | Merge GH #450 Add support for Windows VirtualLockJack Lloyd2016-03-102-1/+3
|\ \
| * | add support for VirtualLock/VirtualUnlock on WindowsDaniel Neus2016-03-072-1/+3
| | | | | | | | | | | | equivalent to mlock on Unix to prevent swapping out of memory
* | | Add section on fork safety to rng manualRené Korthaus2016-03-081-0/+19
|/ /
* / Use a distinct PGP for signing git commits.Jack Lloyd2016-03-031-1/+35
|/ | | | New key is signed with my existing key.
* Update release notesJack Lloyd2016-02-201-0/+31
| | | | [ci skip]
* Fix formatting GH #415Jack Lloyd2016-02-172-24/+32
| | | | [ci skip]
* Update iOS build instructionsRené Korthaus2016-02-071-16/+16
| | | When building for iOS, you want to build for all three architectures, so you can run your app on an iOS device and on the simulator.
* Bump version to 1.11.29 preJack Lloyd2016-02-061-0/+5
|
* Update todoJack Lloyd2016-02-061-11/+15
| | | | [ci skip]
* Add info for 1.10.12 releaseJack Lloyd2016-02-031-0/+25
| | | | [ci skip]
* Fix two bugs in 1.11.27 which caused test failures.1.11.28Jack Lloyd2016-02-011-0/+6
| | | | | | | | | | | | | The check on each individual size in curve_mul is too strict since we rely on redc(x*1) during the on the curve computation. Fix an off by one in ressol which caused it to occasionally reject valid values. Updating version 1.11.28 since existing 1.11.27 tag already pushed :( Fix an off-by-one in ressol which would cause it to occasionly give up too early.
* Update news for 1.11.27 release1.11.27Jack Lloyd2016-02-012-4/+18
|
* Fix heap overflow in ECC point multiplicationJack Lloyd2016-02-011-1/+34
| | | | | | | | | | | | | | If affine coordinates larger than the prime modulus were given, a later multiplication could overflow the size of an allocated output buffer, which was sized based on the size of the prime. This will cause an overflow into either the system heap or if the mlock/mmap pool allocator is in use, then into the adjacent key material stored in the pool. Reported by Alex Gaynor who found it with AFL Also fix a one word overwrite in P-521 reduction. Found with AFL
* Fix (nearly) infinite loop in RESSOL (modular square root).Jack Lloyd2016-02-011-0/+13
| | | | | | | It first computed the first i for q**(2**i) == 1, then checked that i was smaller than s. Given a composite modulus (for which the algorithm does not work), the loop might do a very large amount of work before returning the failure.
* Bump version to 1.11.27 preJack Lloyd2016-01-171-0/+15
|
* Move hacking.rst to contributing.rstJack Lloyd2016-01-131-86/+71
| | | | [ci skip]
* Release 1.11.261.11.26Jack Lloyd2016-01-041-1/+1
|
* Misc doc updatesJack Lloyd2016-01-048-40/+91
| | | | [ci skip]
* Fix configure.py for CPython 2.6Jack Lloyd2016-01-041-0/+7
| | | | Based on GH #362 by emilymaier
* Add ECDH via OpenSSLJack Lloyd2016-01-041-0/+2
| | | | | | | | | | Expose provider param in PK_Key_Agreement API Handle multiple providers in key agreement tests Fix some funky formatting of P-521 EC points in ecdh.vec which was being rejected by OpenSSL; for whatever reason the CAVS file had the affine coords with far more leading zeros than necessary.
* Use valgrind's memcheck API for checking const time annotationsJack Lloyd2016-01-031-5/+12
| | | | | | | Has the same effect as using ctgrind, but without requiring a custom-compiled valgrind binary. Add ct checking annotations to the SSSE3 AES code.
* Add extended master secret extension (RFC 7627) to TLSJack Lloyd2016-01-031-0/+7
| | | | Interop tested with mbed TLS
* Fix PointGFp multiplication bugJack Lloyd2016-01-031-6/+19
| | | | | | There was a special case for small scalars which managed to forget that the integer 3 also fits into two bits. Found by adding a new set of ECC point mul tests for the NIST curves.
* Use memcpy instead of misaligned pointer casts for reading words.Jack Lloyd2015-12-311-0/+9
| | | | | | | | | | | | | | | | | | | | | | It works on x86, but C says it is undefined and it makes UBSan unhappy. Happily, this memcpy approach probably also works fine under processors which previously used the byte-at-a-time approach such as ARM. But for right now using memcpy here is still gated under the processor alignment flags. In my tests recent GCC and Clang seemed to produce basically identical code for either approach when using -O3; I imagine most compilers these days are very good at analyzing/inlining/unrolling memcpys. Also remove the manually unrolled versions of xor_buf, which caused problems with GCC and -O3 due to it vectorizing the loads into (aligned) SSE2 loads, which would fail when a misaligned pointer was passed. Which always seemed kind of bogus to me, but I guess that's what undefined behavior is for. Enable -O3 for GCC. With this change the test suite is clean under GCC ASan+UBSan and Clang ASan+UBSan, with the exception of one failure due to a bug in libstdc++ (GCC bug 60734) when compiled by Clang.
* Add missing assignment in DataSource::discard_nextJack Lloyd2015-12-311-0/+4
| | | | Reported on the mailing list by Falko
* Reading listJack Lloyd2015-12-261-0/+69
|
* Add generalized KEM interfaceJack Lloyd2015-12-261-0/+8
| | | | | | Convert McEliece KEM to use it Add RSA-KEM
* On PythonJack Lloyd2015-12-251-4/+22
|
* Export mgf1_mask GH #380Jack Lloyd2015-12-251-0/+2
|
* Guard all std::mem* ops against any call with zero length.Jack Lloyd2015-12-251-0/+11
| | | | | | | | | | Calling memset, memmove, memcpy with an undefined or null pointer, even with length zero, causes undefined behavior. Prevent that from happening within the functions that call these dangerous things since allowing a caller to pass length == 0 with null or just past the end and not have things explode is nice. Oh C, you so crazy.
* Fix a lot of backquotes in hacking.rstSimon Warta2015-12-221-51/+51
|
* Remove hyperlink from m_ in hacking.rstSimon Warta2015-12-221-2/+1
|
* Add TPM v1.2 support (RSA keygen/signing, RNG)Jack Lloyd2015-12-191-1/+5
|
* Remove references to deleted examples GH #339Jack Lloyd2015-12-194-36/+1
|
* Merge pull request #370 from neusdan/rdseedJack Lloyd2015-12-191-0/+2
|\ | | | | Add support for Intel RdSeed instruction
| * add support for Intel RdSeedDaniel Neus2015-12-181-0/+2
| |