aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Enable BoringSSL SSLv3 testsJack Lloyd2020-12-091-1/+1
| | | | | | Previously these tested SSLv3 functionality but now BoringSSL has also removed SSLv3 so the remaining test is just to confirm that SSLv3 can't be negotiated.
* Update the BoringSSL runner and update the shimJack Lloyd2020-12-058-4/+48
| | | | | | | Notable changes are checking if a message is sent past a flight boundary, and some new policy logic to distinguish between signature algorithms that we will accept and signature algorithms which we are willing to use ourselves.
* Cleanups in the Aarch64 SHA-2 codeJack Lloyd2020-12-051-101/+88
|
* Clean up the SHA-2 x86 SHA-NI implementationJack Lloyd2020-12-051-98/+99
|
* Fix #2525 for Pwdhash interfaceJack Lloyd2020-12-051-2/+2
|
* Remove cast_sboxes.hJack Lloyd2020-12-042-199/+181
| | | | | This was only in a header as these Sboxes were shared with CAST-256, which has been removed.
* Combine the DES tables into oneJack Lloyd2020-12-041-30/+17
| | | | Saves several cycles per byte
* Simplify Camellia key schedule a bitJack Lloyd2020-12-041-25/+29
|
* Use smaller tables for DESJack Lloyd2020-12-043-389/+121
| | | | Saves 6K, minimal performance impact
* Use smaller tables in Camellia, ARIA, and SEEDJack Lloyd2020-12-043-955/+350
| | | | | | | | This saves 15K in Camellia, 3K in ARIA and 3.5K in SEED, at the cost of somewhat slower implementation. ARIA and SEED see the worst hit because they never made any attempt at lessening impact of a cache based side channel. Camellia did, and the new implementation is much faster than the previous F_SLOW so perf impact there is minimal.
* Remove ULL suffixesJack Lloyd2020-12-014-803/+803
| | | | Not required anymore
* Switch MAC vs HMAC preference in KDF and PBKDF2Jack Lloyd2020-12-012-4/+4
| | | | | | | | Adding BLAKE2b as a MAC caused "PBKDF2(BLAKE2b)" to become interpreted as PBKDF2 with keyed BLAKE, instead of the previous interpretation of PBKDF2 with BLAKE2/HMAC. (And similarly for HKDF, etc) Fixes #2525
* Do not accept EC signatures when the public point is invalidJack Lloyd2020-11-301-0/+9
| | | | | | | | | | Force g*x+p*y to the point at infinity if g or p is not a valid point. This does not seem to be a security issue since if you can control the public point you can just use a regular key and sign whatever you like. Still, it's odd to accept anything here, and easy to prevent it. Found by CryptoFuzz reported offline by @guidovranken
* Add missing check for zero point during ECKCDSA verificationJack Lloyd2020-11-301-0/+2
|
* Make this comment easier to readJack Lloyd2020-11-301-1/+2
|
* Break complicated expression down into several statementsJack Lloyd2020-11-301-2/+6
|
* ReformatJack Lloyd2020-11-291-37/+38
|
* Add support for keyed Blake2b and also MAC via Blake2b.Tom2020-11-296-5/+172
|
* Merge GH #2523 Remove KDF truncation behaviorJack Lloyd2020-11-2819-158/+212
|\
| * Remove the KDF truncation behaviorJack Lloyd2020-11-2819-158/+212
| | | | | | | | Closes GH #2347
* | Avoid a duplicated call of hash_for_emsaJack Lloyd2020-11-282-10/+2
|/ | | | | We already invoke this in the PK_Signer superclass constructor so no need to repeat the work.
* Merge GH #2521 Deprecate and inline some old compat key loader functionsJack Lloyd2020-11-284-202/+124
|\
| * Deprecate some of the old PK load functions, inline othersJack Lloyd2020-11-284-202/+124
| |
* | Merge GH #2520 Add Private_Key::public_keyJack Lloyd2020-11-2838-3/+149
|\ \
| * | Add Private_Key::public_keyJack Lloyd2020-11-2838-3/+149
| |/
* / Make scan_name.h, cpuid.h and http_util.h internalJack Lloyd2020-11-2853-61/+47
|/
* Avoid using C++ attribute for ffi.hJack Lloyd2020-11-281-3/+7
|
* Remove some unused macro checks/includesJack Lloyd2020-11-281-8/+0
|
* Merge GH #2517 Allow custom RSA private keys during TLSJack Lloyd2020-11-281-1/+1
|\
| * Allow custom RSA Private_Key in Client_Key_Exchange messageClaudius Hauptmann2020-11-271-1/+1
| |
* | Merge GH #2516 Add a flag for VSX instructionsJack Lloyd2020-11-282-6/+10
|\ \
| * | Add a new ISA flag for VSX instructionsJack Lloyd2020-11-272-6/+10
| |/ | | | | | | GH #2515
* | Merge GH #2513 Various math improvementsJack Lloyd2020-11-287-53/+118
|\ \
| * | SRP6 improvementsJack Lloyd2020-11-241-28/+32
| | |
| * | Some DL_Group and Montgomery exp improvementsJack Lloyd2020-11-246-25/+86
| |/ | | | | | | Leverage precomputation better
* | Merge GH #2512 Remove support for TLS DHE_PSK suitesJack Lloyd2020-11-288-38/+9
|\ \
| * | Remove support for DHE_PSKJack Lloyd2020-11-248-38/+9
| |/ | | | | | | Retains PSK and ECDHE_PSK
* / Fix placement of deprecated macroJack Lloyd2020-11-281-1/+2
|/
* Merge GH #2511 Remove support for AES-128 OCB ciphersuitesJack Lloyd2020-11-243-11/+1
|\
| * Remove support for AES-128 OCB ciphersuitesJack Lloyd2020-11-243-11/+1
| |
* | Merge GH #2510 Fix some C++17 todosJack Lloyd2020-11-242-43/+37
|\ \ | |/ |/|
| * try to calm gcc 9Hannes Rantzsch2020-11-241-0/+2
| |
| * directly use return value of emplace_backHannes Rantzsch2020-11-241-10/+7
| |
| * use if constexpr rather than sfinaeHannes Rantzsch2020-11-241-33/+28
| | | | | | | | to disable asio_stream setup_native_handle setup in test code
* | Remove Camellia CBC TLS ciphersuitesJack Lloyd2020-11-233-39/+15
| |
* | Remove support for SEED TLS ciphersuitesJack Lloyd2020-11-233-5/+1
| |
* | Remove outer shared_ptr from Certificate in certstore interfaceJack Lloyd2020-11-2323-291/+274
| | | | | | | | | | | | Since 2.4.0 X509_Certificate and X509_CRL have been internally shared so an other shared_ptr is just overhead and API complexity. Use std::optional for APIs where the object was optional.
* | Remove SRP support from TLSJack Lloyd2020-11-2321-376/+26
|/
* Remove TLS support for DSA certificates/ciphersuitesJack Lloyd2020-11-218-88/+2
|
* Improvements to TLS suite generation scriptJack Lloyd2020-11-211-6/+2
| | | | | | | | Port to Python 3 Use SHA-256 instead of SHA-1 for the content hash Use C++17 nested namespace syntax