Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Document new options | Jack Lloyd | 2019-04-10 | 2 | -0/+20 |
| | |||||
* | Update roadmap [ci skip] | Jack Lloyd | 2019-04-08 | 1 | -16/+4 |
| | |||||
* | Add todo | Jack Lloyd | 2019-03-30 | 1 | -0/+1 |
| | |||||
* | Fix quoting | Jack Lloyd | 2019-03-29 | 1 | -1/+1 |
| | |||||
* | added documentation for acceptable_ciphersuite() and ciphersuite_list() | Sergii Cherkavskyi | 2019-03-27 | 1 | -0/+15 |
| | |||||
* | Rename 'darwin' target to 'macos' | Jack Lloyd | 2019-03-27 | 1 | -16/+17 |
| | | | | | Both because that's the more common term, and because iOS/watchOS also uses the Darwin kernel, but we have a distinct target for mobile. | ||||
* | Deprecate the low level algorithm types [ci skip] | Jack Lloyd | 2019-03-27 | 2 | -0/+6 |
| | |||||
* | Another todo | Jack Lloyd | 2019-03-25 | 1 | -0/+2 |
| | |||||
* | Darwin supports getentropy too | David Carlier | 2019-03-24 | 1 | -1/+1 |
| | |||||
* | Clean up TLS deprecation notices | Jack Lloyd | 2019-03-18 | 1 | -22/+28 |
| | | | | | Drop deprecation of CCM-8 as while ugly it is used by CoAP and even still included in TLS v1.3 | ||||
* | Android can possibly support arc4random API. | David Carlier | 2019-03-07 | 1 | -1/+1 |
| | |||||
* | Another mistake | Jack Lloyd | 2019-02-26 | 1 | -0/+8 |
| | |||||
* | Add todo | Jack Lloyd | 2019-02-21 | 1 | -0/+1 |
| | |||||
* | Another todo | Jack Lloyd | 2019-02-19 | 1 | -1/+1 |
| | |||||
* | Update docs to replace from_configuration. | Kelvin | 2019-02-18 | 1 | -6/+10 |
| | | | PasswordHash::from_configuration has bee replace with with PasswordHash::from_params. | ||||
* | Document the private OID assignments | Jack Lloyd | 2019-02-18 | 1 | -0/+42 |
| | |||||
* | Improve hash function docs. Deprecate SHAKE default output lengths. | Jack Lloyd | 2019-02-13 | 2 | -10/+27 |
| | |||||
* | More todos | Jack Lloyd | 2019-02-11 | 1 | -1/+1 |
| | |||||
* | Add documentation of all configure.py options | Jack Lloyd | 2019-02-05 | 1 | -15/+441 |
| | |||||
* | More todos | Jack Lloyd | 2019-01-31 | 1 | -1/+2 |
| | |||||
* | Better document hash function strings [ci skip] | Jack Lloyd | 2019-01-31 | 1 | -3/+29 |
| | | | | See #1822 | ||||
* | Another mistake | Jack Lloyd | 2019-01-29 | 1 | -2/+8 |
| | |||||
* | Add todo | Jack Lloyd | 2019-01-25 | 1 | -0/+1 |
| | |||||
* | Doc updates | Jack Lloyd | 2019-01-24 | 1 | -2/+21 |
| | |||||
* | Merge GH #1816 Rename Integrity_Failure to Invalid_Authentication_Tag | Jack Lloyd | 2019-01-21 | 2 | -6/+15 |
|\ | |||||
| * | Rename Integrity_Failure to Invalid_Authentication_Tag | Jack Lloyd | 2019-01-18 | 2 | -6/+15 |
| | | | | | | | | | | | | | | | | | | This makes the meaning and usage more clear. Add a specific error type so invalid tags can be distinguished without having to catch that specific type. See also #1813 | ||||
* | | Add a list of mistakes | Jack Lloyd | 2019-01-21 | 1 | -0/+50 |
| | | |||||
* | | Minor updates to filter docs | Jack Lloyd | 2019-01-21 | 1 | -0/+13 |
| | | |||||
* | | Add todos | Jack Lloyd | 2019-01-21 | 1 | -0/+2 |
|/ | |||||
* | Remove use of std::filesystem / boost::filesystem | Jack Lloyd | 2019-01-17 | 1 | -22/+24 |
| | | | | | | | | | Boost doesn't buy us anything here since we need to maintain Win32 and POSIX implementations for non-Boost builds, and Boost only supports those two APIs anyway. MSVC's implementation of std::filesystem does not help for similar reasons, as we have to maintain a Win32 version for MinGW. | ||||
* | Add todo | Jack Lloyd | 2019-01-04 | 1 | -0/+1 |
| | |||||
* | Clarify statements re support | Jack Lloyd | 2019-01-04 | 1 | -9/+10 |
| | |||||
* | Update support doc text | Jack Lloyd | 2018-12-31 | 1 | -7/+7 |
| | |||||
* | Use posix_memalign instead of mmap for creating the locking pool | Jack Lloyd | 2018-12-28 | 1 | -10/+9 |
| | | | | | | | | | | | | | As described in #602, using mmap with fork causes problems because the mmap remains shared in the child instead of being copy-on-write, then the parent and child stomp on each others memory. However we really do not need mmap semantics, we just want a block of memory that is page-aligned, which can be done with posix_memalign instead. This was added in POSIX.1-2001 and seems to be implemented by all modern systems. Closes #602 | ||||
* | Fix Barrett reduction input bound | Jack Lloyd | 2018-12-26 | 1 | -4/+5 |
| | | | | | | | | | | | | In the long ago when I wrote the Barrett code I must have missed that Barrett works for any input < 2^2k where k is the word size of the modulus. Fixing this has several nice effects, it is faster because it replaces a multiprecision comparison with a single size_t compare, and now the branch does not reveal information about the input or modulus, but only their word lengths, which is not considered sensitive. Fixing this allows reverting the change make in a57ce5a4fd2 and now RSA signing is even slightly faster than in 2.8, rather than 30% slower. | ||||
* | Update side channel doc | Jack Lloyd | 2018-12-24 | 1 | -30/+34 |
| | |||||
* | Correct affected version range for CVE-2018-20187 | Jack Lloyd | 2018-12-19 | 1 | -1/+1 |
| | | | | | | Using the Montgomery ladder for operator* was introduced in ca155a7e54, previous versions did something different, which was itself vulnerable to side channels, but not with the same issue as CVE-2018-20187. | ||||
* | Avoid using unblinded Montgomery ladder during ECC key generation | Jack Lloyd | 2018-12-18 | 1 | -0/+9 |
| | | | | | | | | | | | As doing so means that information about the high bits of the scalar can leak via timing since the loop bound depends on the length of the scalar. An attacker who has such information can perform a more efficient brute force attack (using Pollard's rho) than would be possible otherwise. Found by Ján Jančár (@J08nY) using ECTester (https://github.com/crocs-muni/ECTester) CVE-2018-20187 | ||||
* | Update roadmap [ci skip] | Jack Lloyd | 2018-12-18 | 2 | -56/+30 |
| | |||||
* | Another todo [ci skip] | Jack Lloyd | 2018-12-13 | 1 | -0/+1 |
| | |||||
* | More todos [ci skip] | Jack Lloyd | 2018-12-12 | 1 | -0/+2 |
| | |||||
* | Make this comment more clear [ci skip] | Jack Lloyd | 2018-12-12 | 1 | -1/+2 |
| | |||||
* | More todos | Jack Lloyd | 2018-12-10 | 1 | -1/+2 |
| | |||||
* | More todos [ci skip] | Jack Lloyd | 2018-12-10 | 1 | -0/+6 |
| | |||||
* | More todos | Jack Lloyd | 2018-12-09 | 1 | -0/+2 |
| | |||||
* | Add base58 encoding/decoding | Jack Lloyd | 2018-12-09 | 1 | -1/+0 |
| | |||||
* | Todos [ci skip] | Jack Lloyd | 2018-12-09 | 1 | -2/+2 |
| | |||||
* | Few features added for BSD. | David Carlier | 2018-12-09 | 1 | -1/+2 |
| | | | | | explicit_bzero/explicit_memset since quite a time. getentropy exists for FreeBSD, but only from 12.x. | ||||
* | Document #1756 | Jack Lloyd | 2018-12-02 | 1 | -0/+5 |
| | |||||
* | Update news | Jack Lloyd | 2018-12-01 | 1 | -0/+5 |
| |