aboutsummaryrefslogtreecommitdiffstats
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* Changes to TLS::Callbacks for GH PR #457Jack Lloyd2016-08-161-76/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | Make TLS::Channel::m_callbacks a reference, so deriving from TLS::Callbacks works Split out the compat (std::function) based interface to Compat_Callbacks. This avoids the overhead of empty std::functions when using the virtual interface, and ensures the virtual interface works since there is no callback path that does not involve a vtable lookup. Rename the TLS::Callback functions. Since the idea is that often an owning class will pass *this as the callbacks argument, it is good to namespace the virtual functions so as not to conflict with other names chosen by the class. Specifically, prefixes all cb functions with tls_ Revert changes to use the old style alert callback (with no longer used data/len params) so no API changes are required for old code. The new Callbacks interface continues to just receive the alert code itself. Switch to virtual function interface in CLI tls_client for testing. Inline tls_server_handshake_state.h - only used in tls_server.cpp Fix tests - test looked like it was creating a new client object but it was not actually being used. And when enabled, it failed because the queues were not being emptied in between. So, fix that.
* Tick to 1.11.31Jack Lloyd2016-06-191-0/+3
| | | | [ci skip]
* Update for 1.11.30 release1.11.30Jack Lloyd2016-06-191-1/+1
|
* Update release notesJack Lloyd2016-06-181-3/+12
| | | | [ci skip]
* Merge GH #497 Add StreamCipher::seek and implementation for ChaChaJack Lloyd2016-06-182-0/+8
|\ | | | | | | Also adds ChaCha8 support
| * Adding StreamCipher::seek interface, supporting seek in ChaCha, and also ↵SimCog2016-06-182-0/+8
| | | | | | | | adding ChaCha8 support
* | Fix bug that prevents LaTeX documentation from being builtMouse2016-06-171-1/+1
|/
* Update release notesJack Lloyd2016-06-032-9/+41
| | | | [ci skip]
* Fix GCM counter incrementJack Lloyd2016-05-231-1/+12
| | | | | | | | | GCM is defined as having a 32-bit counter, but CTR_BE incremented the counter across the entire block. This caused incorrect results if a very large message (2**39 bits) was processed, or if the GHASH derived nonce ended up having a counter field near to 2**32 Thanks to Juraj Somorovsky for the bug report and repro.
* Update with changes since 1.11.29Jack Lloyd2016-05-061-1/+30
|
* Doc updatesJack Lloyd2016-04-283-3/+10
| | | | [ci skip]
* Update for 1.10.13 releaseJack Lloyd2016-04-231-0/+12
|
* Remove Transform base classJack Lloyd2016-04-211-27/+63
| | | | | | | | | | | | | | | | | | | | | | With sufficient squinting, Transform provided an abstract base interface that covered both cipher modes and compression algorithms. However it mapped on neither of them particularly well. In addition this API had the same problem that has made me dislike the Pipe/Filter API: given a Transform&, what does it do when you put bits in? Maybe it encrypts. Maybe it compresses. It's a floor wax and a dessert topping! Currently the Cipher_Mode interface is left mostly unchanged, with the APIs previously on Transform just moved down the type hierarchy. I think there are some definite improvements possible here, wrt handling of in-place encryption, but left for a later commit. The compression API is split into two types, Compression_Algorithm and Decompression_Algorithm. Compression_Algorithm's start() call takes the compression level, allowing varying compressions with a single object. And flushing the compression state is moved to a bool param on `Compression_Algorithm::update`. All the nonsense WRT compression algorithms having zero length nonces, input granularity rules, etc as a result of using the Transform interface goes away.
* Specific ideas re PGP supportJack Lloyd2016-04-151-3/+15
|
* Don't reject TLS packets with zero plaintext bytesJack Lloyd2016-04-151-0/+5
| | | | | | | | OpenSSL sends an empty record before each new data record in TLS v1.0 to randomize the IV, as a countermeasure to the BEAST attack. Most implementations use 1/(n-1) splitting for this instead. Bug introduced with the const time changes in 1.11.23
* Fix formatting bugs in TLS docJack Lloyd2016-04-131-11/+6
| | | | | | | Fixes GH #460 Closes GH #474 [ci skip]
* Add support for ChaCha(12)Jack Lloyd2016-04-091-1/+0
|
* Update OCB ciphersuites to follow new nonce scheme from -04 draftJack Lloyd2016-04-041-0/+5
|
* More todosJack Lloyd2016-04-031-2/+8
|
* Add IETF standard ChaCha20Poly1305 ciphersuites to TLSJack Lloyd2016-03-232-1/+12
|
* Typo fixJack Lloyd2016-03-221-1/+1
| | | | [ci skip]
* Release 1.11.291.11.29Jack Lloyd2016-03-202-11/+103
|
* Remove support for TLS v1.2 MD5 and SHA-224 signatures.Jack Lloyd2016-03-171-7/+4
| | | | | | | | | Remove support for weak ECC curves (anything under P-256) from TLS. This includes secp256k1 since we don't take advantage of the special form for any performance advantage; might as well use P-256. The manual still mentioned that it was possible to use MD5 in Policy::allowed_macs, but all HMAC-MD5 suites are already removed.
* Deprecate Rabin-WilliamsJack Lloyd2016-03-161-0/+4
|
* Merge GH #454 X.509 name constraintsJack Lloyd2016-03-162-1/+1
|\
| * Changes from GH #454 reviewJack Lloyd2016-03-162-1/+1
| |
* | TLS client featuresJack Lloyd2016-03-161-3/+8
| | | | | | | | | | | | Add flags --policy, --print-certs, --tls1.0, --tls1.1, --tls1.2 Update todo
* | Merge GH #450 Add support for Windows VirtualLockJack Lloyd2016-03-102-1/+3
|\ \
| * | add support for VirtualLock/VirtualUnlock on WindowsDaniel Neus2016-03-072-1/+3
| | | | | | | | | | | | equivalent to mlock on Unix to prevent swapping out of memory
* | | Add section on fork safety to rng manualRené Korthaus2016-03-081-0/+19
|/ /
* / Use a distinct PGP for signing git commits.Jack Lloyd2016-03-031-1/+35
|/ | | | New key is signed with my existing key.
* Update release notesJack Lloyd2016-02-201-0/+31
| | | | [ci skip]
* Fix formatting GH #415Jack Lloyd2016-02-172-24/+32
| | | | [ci skip]
* Update iOS build instructionsRené Korthaus2016-02-071-16/+16
| | | When building for iOS, you want to build for all three architectures, so you can run your app on an iOS device and on the simulator.
* Bump version to 1.11.29 preJack Lloyd2016-02-061-0/+5
|
* Update todoJack Lloyd2016-02-061-11/+15
| | | | [ci skip]
* Add info for 1.10.12 releaseJack Lloyd2016-02-031-0/+25
| | | | [ci skip]
* Fix two bugs in 1.11.27 which caused test failures.1.11.28Jack Lloyd2016-02-011-0/+6
| | | | | | | | | | | | | The check on each individual size in curve_mul is too strict since we rely on redc(x*1) during the on the curve computation. Fix an off by one in ressol which caused it to occasionally reject valid values. Updating version 1.11.28 since existing 1.11.27 tag already pushed :( Fix an off-by-one in ressol which would cause it to occasionly give up too early.
* Update news for 1.11.27 release1.11.27Jack Lloyd2016-02-012-4/+18
|
* Fix heap overflow in ECC point multiplicationJack Lloyd2016-02-011-1/+34
| | | | | | | | | | | | | | If affine coordinates larger than the prime modulus were given, a later multiplication could overflow the size of an allocated output buffer, which was sized based on the size of the prime. This will cause an overflow into either the system heap or if the mlock/mmap pool allocator is in use, then into the adjacent key material stored in the pool. Reported by Alex Gaynor who found it with AFL Also fix a one word overwrite in P-521 reduction. Found with AFL
* Fix (nearly) infinite loop in RESSOL (modular square root).Jack Lloyd2016-02-011-0/+13
| | | | | | | It first computed the first i for q**(2**i) == 1, then checked that i was smaller than s. Given a composite modulus (for which the algorithm does not work), the loop might do a very large amount of work before returning the failure.
* Bump version to 1.11.27 preJack Lloyd2016-01-171-0/+15
|
* Move hacking.rst to contributing.rstJack Lloyd2016-01-131-86/+71
| | | | [ci skip]
* Release 1.11.261.11.26Jack Lloyd2016-01-041-1/+1
|
* Misc doc updatesJack Lloyd2016-01-048-40/+91
| | | | [ci skip]
* Fix configure.py for CPython 2.6Jack Lloyd2016-01-041-0/+7
| | | | Based on GH #362 by emilymaier
* Add ECDH via OpenSSLJack Lloyd2016-01-041-0/+2
| | | | | | | | | | Expose provider param in PK_Key_Agreement API Handle multiple providers in key agreement tests Fix some funky formatting of P-521 EC points in ecdh.vec which was being rejected by OpenSSL; for whatever reason the CAVS file had the affine coords with far more leading zeros than necessary.
* Use valgrind's memcheck API for checking const time annotationsJack Lloyd2016-01-031-5/+12
| | | | | | | Has the same effect as using ctgrind, but without requiring a custom-compiled valgrind binary. Add ct checking annotations to the SSSE3 AES code.
* Add extended master secret extension (RFC 7627) to TLSJack Lloyd2016-01-031-0/+7
| | | | Interop tested with mbed TLS
* Fix PointGFp multiplication bugJack Lloyd2016-01-031-6/+19
| | | | | | There was a special case for small scalars which managed to forget that the integer 3 also fits into two bits. Found by adding a new set of ECC point mul tests for the NIST curves.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-04 14:30:35 +0000