Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix doc bugs | lloyd | 2015-01-05 | 2 | -2/+2 |
| | |||||
* | Update relnotes | lloyd | 2015-01-04 | 1 | -0/+8 |
| | |||||
* | Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC). | lloyd | 2015-01-04 | 1 | -4/+5 |
| | | | | | | | | | | | | | | Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map. | ||||
* | Tick version to 1.11.13 | lloyd | 2015-01-03 | 3 | -1/+6 |
| | |||||
* | Update for 1.11.12 release1.11.12 | lloyd | 2015-01-02 | 4 | -6/+10 |
| | |||||
* | Point to github on index page | lloyd | 2015-01-02 | 1 | -3/+6 |
| | |||||
* | Add ChaCha20Poly1305 TLS ciphersuites compatible with Google's implementation | lloyd | 2014-12-31 | 2 | -9/+13 |
| | |||||
* | More info on AEAD decryption handling | lloyd | 2014-12-31 | 1 | -0/+10 |
| | |||||
* | Add AEAD based on ChaCha20 and Poly1305 defined in ↵ | lloyd | 2014-12-29 | 1 | -2/+3 |
| | | | | draft-irtf-cfrg-chacha20-poly1305-03 | ||||
* | Add Poly1305, based on poly1305-donna by Andrew Moon. | lloyd | 2014-12-29 | 3 | -1/+5 |
| | |||||
* | Update algos | lloyd | 2014-12-27 | 1 | -1/+2 |
| | |||||
* | When encrypting McEliece or Curve25519 keys, default to GCM instead of CBC. | lloyd | 2014-12-27 | 1 | -3/+9 |
| | | | | Add OIDS for OCB mode with various ciphers. | ||||
* | Add Curve25519 based on curve25519-donna by Adam Langley. | lloyd | 2014-12-27 | 3 | -0/+9 |
| | | | | | | This uses only the c64 version from curve25519-donna; on systems that don't have a native uint128_t type, a donna128 type stands in for just enough 128-bit operations to satisfy donna.cpp | ||||
* | Mention github issues | lloyd | 2014-12-27 | 1 | -4/+5 |
| | |||||
* | Update download link and tick version number. | lloyd | 2014-12-22 | 3 | -2/+6 |
| | |||||
* | Update for 1.11.11 release1.11.11 | lloyd | 2014-12-22 | 1 | -1/+4 |
| | |||||
* | Enable system_rng on Windows and MinGW (untested) | lloyd | 2014-12-21 | 1 | -0/+10 |
| | |||||
* | Update TLS doc | lloyd | 2014-12-20 | 1 | -11/+26 |
| | |||||
* | Add abstract database interface so applications can easily store info | lloyd | 2014-12-20 | 1 | -0/+12 |
| | | | | | | in places other than sqlite3, though sqlite3 remains the only implementation. The interface is currently limited to precisely the functionality the TLS session manager needs and will likely expand. | ||||
* | Add 1.10.9 release | lloyd | 2014-12-13 | 2 | -5/+23 |
| | |||||
* | Tick to 1.11.11 | lloyd | 2014-12-13 | 1 | -0/+3 |
| | |||||
* | Make the connection between calling TLS::Channel::send and a new | lloyd | 2014-12-13 | 1 | -3/+9 |
| | | | | wire record being created more clear. | ||||
* | Update for 1.11.10 release1.11.10 | lloyd | 2014-12-10 | 2 | -16/+18 |
| | |||||
* | Implement RFC 6979 determinstic signatures for DSA and ECDSA. | lloyd | 2014-12-10 | 1 | -0/+4 |
| | | | | | Drop the GNU MP engine. Its implementations were potentially faster in some scenarios but not well protected against side channels. | ||||
* | Add a basic speed test for McEliece | lloyd | 2014-12-08 | 1 | -7/+8 |
| | |||||
* | Remove the Overbeck conversion at Dr. Strenzke's request. | lloyd | 2014-12-06 | 1 | -2/+5 |
| | | | | | | | | While a CCA2 proof of this scheme exists, it is written in German and for various reasons publishing a translation would be a complicated affair. Without a (well studied) English proof it is harder to understand the security of the overall scheme. Thus only KEM, which seems much easier to prove, will be offered. | ||||
* | Add an easy way to directly use the system PRNG. | lloyd | 2014-12-02 | 1 | -0/+9 |
| | |||||
* | Add an implementation of McEliece encryption based on HyMES | fstrenzke | 2014-11-26 | 3 | -4/+13 |
| | | | | | | | (https://www.rocq.inria.fr/secret/CBCrypto/index.php?pg=hymes). The original version is LGPL but cryptsource GmbH has secured permission to release it under a BSD license. Also includes the Overbeck CCA2 message encoding scheme. | ||||
* | Cleanup PBES2 and add GCM support | lloyd | 2014-11-19 | 1 | -0/+6 |
| | |||||
* | Add gzip compression transform and compress command line prog. | lloyd | 2014-11-19 | 1 | -0/+5 |
| | |||||
* | Fix warnings in Altivec header and add AltiVec detection for POWER8 | lloyd | 2014-11-16 | 1 | -0/+2 |
| | |||||
* | Add some util functions for timing attack countermeasures from Falko | lloyd | 2014-11-15 | 1 | -1/+1 |
| | |||||
* | A TLS Server can now process either TLS or DTLS but not either, | lloyd | 2014-11-15 | 2 | -25/+38 |
| | | | | | with the setting set in the constructor. This prevents various surprising things from happening to applications and simplifies record processing. | ||||
* | Fix relnotes index title | lloyd | 2014-11-15 | 1 | -0/+4 |
| | |||||
* | Update relnotes | lloyd | 2014-11-15 | 1 | -0/+15 |
| | |||||
* | Replace Transformatio::nstart with start_raw so we can do a full set | lloyd | 2014-11-05 | 1 | -1/+1 |
| | | | | of overloads in the base class with the same name. | ||||
* | Various small fixes and cleanups, new is_prime util | lloyd | 2014-11-03 | 1 | -0/+8 |
| | |||||
* | Add TLS fallback signalling (draft-ietf-tls-downgrade-scsv-00) | lloyd | 2014-10-31 | 1 | -0/+6 |
| | |||||
* | Correct documentation | lloyd | 2014-10-14 | 1 | -1/+1 |
| | |||||
* | Some documentation updates WRT DTLS and X.509 cert path processing | lloyd | 2014-10-06 | 2 | -25/+100 |
| | |||||
* | Fix decoding indefinite length BER constructs that contain a context | lloyd | 2014-09-27 | 1 | -0/+3 |
| | | | | sensitive tag of zero. Github pull 26 from Janusz Chorko. | ||||
* | Correct CCM for L != 2. Bugzilla 270 | lloyd | 2014-05-16 | 1 | -0/+5 |
| | |||||
* | Any fixed MR iterations is probably wrong for somebody. Allow the user | lloyd | 2014-04-25 | 2 | -11/+22 |
| | | | | | | to specify a probability as well as if n was randomly chosen or not. If the input is random use a better bounds to reduce the number of needed tests. | ||||
* | Doc fix | lloyd | 2014-04-16 | 1 | -1/+1 |
| | |||||
* | Use 20 Miller-Rabin iterations regardless of the size of the integer. This | lloyd | 2014-04-13 | 1 | -0/+5 |
| | | | | | provides a much better worst-case error bound. Also take the nonce from anywhere in the usable range rather than limiting the bit size. | ||||
* | Deindent to avoid github mangling | lloyd | 2014-04-13 | 1 | -36/+34 |
| | |||||
* | Update release note pointers1.11.9 | lloyd | 2014-04-10 | 2 | -6/+8 |
| | |||||
* | Add 1.10.8 release notes | lloyd | 2014-04-10 | 1 | -0/+12 |
| | |||||
* | Fix a bug in Miller-Rabin primality testing introduced in 1.8.3 | lloyd | 2014-04-10 | 1 | -1/+8 |
| | | | | | | | | where we chose a single random nonce and tested it repeatedly, rather than choosing new nonces each time. Reported by Jeff Marrison. Also remove a pointless comparison (also pointed out by Jeff) and add an initial test using a witness of 2. | ||||
* | X.509 path validation now performs all possible tests and returns a | lloyd | 2014-04-05 | 1 | -0/+9 |
| | | | | | | set of error codes, instead of failing immediately on first error. This prevents a 'weak' error like an expired certificate from hiding a major error such as signature validation failure or hard revocation. |