Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | | VC2013 doesn't support __func__. Github #22 | lloyd | 2014-05-15 | 1 | -4/+4 | |
| | | ||||||
* | | Visual C++'s iterator debugging gets cranky with &vec[vec.size()]. | lloyd | 2014-05-15 | 2 | -2/+2 | |
|/ | | | | Github #21 | |||||
* | Add default constructors to work around VC2013 issue. Github #17 | lloyd | 2014-05-01 | 2 | -0/+4 | |
| | ||||||
* | Avoid initializer lists here, VC2013 doesn't like it. Github #18 | lloyd | 2014-05-01 | 2 | -5/+7 | |
| | ||||||
* | Require one plausible entropy source in auto_rng, prevents the common | lloyd | 2014-04-27 | 1 | -0/+1 | |
| | | | | error of generating an amalagamation build with all of them disabled. | |||||
* | Any fixed MR iterations is probably wrong for somebody. Allow the user | lloyd | 2014-04-25 | 6 | -16/+57 | |
| | | | | | | to specify a probability as well as if n was randomly chosen or not. If the input is random use a better bounds to reduce the number of needed tests. | |||||
* | Avoid std::chrono::steady_clock, missing in some distro gccs | lloyd | 2014-04-25 | 1 | -1/+0 | |
| | ||||||
* | Avoid crash if read returns an error. Canonical case is on the blocking device | lloyd | 2014-04-24 | 1 | -1/+2 | |
| | | | | | with concurrent readers; if someone else got the entropy first we can get -1/errno=EAGAIN | |||||
* | Use MADV_DONTDUMP on Linux, equiv to MAP_NOCORE on BSD | lloyd | 2014-04-14 | 1 | -1/+5 | |
| | ||||||
* | Use 20 Miller-Rabin iterations regardless of the size of the integer. This | lloyd | 2014-04-13 | 4 | -186/+42 | |
| | | | | | provides a much better worst-case error bound. Also take the nonce from anywhere in the usable range rather than limiting the bit size. | |||||
* | Compile fix | lloyd | 2014-04-13 | 1 | -2/+2 | |
| | ||||||
* | Have TLS_Data_Reader decoding errors include the actual msg type name | lloyd | 2014-04-12 | 12 | -44/+47 | |
| | ||||||
* | Verify that the server did not send any extension that the client didn't | lloyd | 2014-04-11 | 6 | -12/+41 | |
| | | | | offer. Previously the client only checked a couple of special cases. | |||||
* | Fix a bug in Miller-Rabin primality testing introduced in 1.8.3 | lloyd | 2014-04-10 | 1 | -5/+6 | |
| | | | | | | | | where we chose a single random nonce and tested it repeatedly, rather than choosing new nonces each time. Reported by Jeff Marrison. Also remove a pointless comparison (also pointed out by Jeff) and add an initial test using a witness of 2. | |||||
* | Better TLS checks | lloyd | 2014-04-10 | 1 | -1/+2 | |
| | ||||||
* | A std::deque's memory is not guaranteed to be contiguous | lloyd | 2014-04-06 | 1 | -1/+1 | |
| | ||||||
* | Make X.509 extension decoding failures point back to the problem extension | lloyd | 2014-04-05 | 2 | -10/+17 | |
| | ||||||
* | Add ECDHE_ECDSA CCM suites | lloyd | 2014-04-05 | 1 | -2/+14 | |
| | ||||||
* | X.509 path validation now performs all possible tests and returns a | lloyd | 2014-04-05 | 4 | -137/+153 | |
| | | | | | | set of error codes, instead of failing immediately on first error. This prevents a 'weak' error like an expired certificate from hiding a major error such as signature validation failure or hard revocation. | |||||
* | Check Content-Length of HTTP responses | lloyd | 2014-04-05 | 1 | -1/+10 | |
| | ||||||
* | Fix an OCSP response decoding bug, we were not decoding KeyID properly. | lloyd | 2014-04-05 | 1 | -4/+5 | |
| | | | | | | | | Also prioritize checking the status code before the dates, as otherwise an attacker could substitue a valid but expired response which marked the cert as revoked and we would still just return OCSP_EXPIRED. Obviously they can still play this game with an old (valid) OCSP response, but no point making it easy. | |||||
* | Remove debug headers | lloyd | 2014-04-05 | 1 | -3/+0 | |
| | ||||||
* | NetBSD portability fix and some performance tweaks in locking allocator | lloyd | 2014-04-05 | 1 | -1/+11 | |
| | ||||||
* | Avoid a ubsan warning on GCC 4.9 due uninitialized sign enum being | lloyd | 2014-03-30 | 2 | -5/+1 | |
| | | | | read during swap (in the move constructor) | |||||
* | Support 0 length salts in PSSR. Bugzilla 268 | lloyd | 2014-03-27 | 2 | -3/+12 | |
| | ||||||
* | Add rng command which can dump RNG outputs or raw entropy samples | lloyd | 2014-03-22 | 1 | -2/+2 | |
| | ||||||
* | Simpify HMAC_RNG reseeding process. Actually update HMAC_DRBG reseed counter. | lloyd | 2014-03-22 | 6 | -63/+33 | |
| | ||||||
* | Add RFC 6979 nonce generator. Also some HMAC_DRBG cleanups. | lloyd | 2014-03-22 | 5 | -11/+99 | |
| | ||||||
* | Add HMAC_DRBG | lloyd | 2014-03-21 | 4 | -1/+159 | |
| | ||||||
* | Use stdint.h instead of cstdint for Clang. Bugzilla 266 | lloyd | 2014-02-21 | 1 | -7/+9 | |
| | ||||||
* | Fix Transformation_Filter name | lloyd | 2014-02-21 | 1 | -2/+1 | |
| | ||||||
* | Transformation_Filter calls send() inside of start_msg() which means | lloyd | 2014-02-17 | 1 | -0/+3 | |
| | | | | | | | | | | that any filters which follow in the pipe will get write() called on them before start_msg(), causing confusion and/or crashes. This patch fixes it for the case when start() returns an empty vector which covers all current use cases. I'll have to figure out another approach for the general case (or decide the general case isn't worth supporting and remove the return value from start). | |||||
* | Missing include for std::to_string, noticed with Clang 3.4 w/ libc++ | lloyd | 2014-02-16 | 1 | -0/+2 | |
| | ||||||
* | Don't assume the leading cert chain is presented in-order | lloyd | 2014-02-16 | 1 | -5/+17 | |
| | ||||||
* | Add missing std includes | lloyd | 2014-02-16 | 2 | -0/+2 | |
| | ||||||
* | Fix macro feature check | lloyd | 2014-02-15 | 1 | -1/+1 | |
| | ||||||
* | Change X9.31 to automatically reseed if randomize is called while unseeded. | lloyd | 2014-02-13 | 2 | -10/+15 | |
| | | | | | If no entropy sources at all are enabled in the build, throw an exception immediately rather than having the poll mysteriously fail. | |||||
* | Remove unused include | lloyd | 2014-02-13 | 1 | -1/+0 | |
| | ||||||
* | Remove dependency on boost string algos | lloyd | 2014-02-13 | 3 | -13/+30 | |
| | ||||||
* | Check the feature macro before assuming boost.filesystem | lloyd | 2014-02-10 | 1 | -0/+7 | |
| | ||||||
* | Clang fixes | lloyd | 2014-02-09 | 2 | -1/+1 | |
| | ||||||
* | More fixes for minified builds | lloyd | 2014-02-09 | 3 | -6/+10 | |
| | ||||||
* | Fix a bug introduced in 1.11.6 where we tried to check CRL signatures | lloyd | 2014-02-08 | 4 | -13/+13 | |
| | | | | | | against the wrong key, causing any check to fail. Clean up the NIST X.509 path validation tests and run them by default. | |||||
* | Remove the engine hooks | lloyd | 2014-02-08 | 2 | -41/+0 | |
| | ||||||
* | Remove Square, Skipjack, Luby-Rackoff, and Blue Midnight Wish. | lloyd | 2014-02-08 | 13 | -1394/+0 | |
| | ||||||
* | Have Skein call Threefish, rather than duplicating the code. | lloyd | 2014-02-08 | 5 | -184/+149 | |
| | ||||||
* | Compile fixes | lloyd | 2014-02-08 | 2 | -1/+2 | |
| | ||||||
* | Add std::chrono clock poll | lloyd | 2014-02-02 | 1 | -11/+30 | |
| | ||||||
* | Avoid Windows macro damage. Github issue 13. | lloyd | 2014-02-02 | 1 | -0/+2 | |
| | ||||||
* | Add the CMAC constants for 256 and 512 bit block ciphers | lloyd | 2014-02-02 | 1 | -6/+28 | |
| | | | | | Also add test vectors for Threefish-512 CMAC and EAX, both generated by the library. |