aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstate
Commit message (Collapse)AuthorAgeFilesLines
* Shuffle things around. Add NIST X.509 test to build.lloyd2014-01-0111-986/+0
|
* Split up libstate/get_enc.cpplloyd2013-12-253-253/+13
|
* Store OID info in a pair of maps in distinct storage rather than inlloyd2013-12-258-816/+3
| | | | | the library state. Remove library state config apis, as OIDS were the last remaining user.
* Move add_alias and deref_alias from Library_State to SCAN_Namelloyd2013-12-255-76/+59
|
* Same for EC groupslloyd2013-12-251-267/+0
|
* Store all DH group info in constant memory instead of Library_State configlloyd2013-12-251-352/+0
| | | | | | Remove all groups under 1024 bits Make workfactor.h public
* Make Serialized_RNG publiclloyd2013-12-253-105/+11
|
* Make it possible to remove Boost dependency by disabling a few moduleslloyd2013-12-141-4/+0
| | | | (though including X.509 and TLS).
* Give everything setting a feature test macro in build.h a version codelloyd2013-11-281-1/+1
| | | | | | so application code can check for the specific API it expects without having to keep track of what versions APIs x,y,z changed. Arbitrarily set all current API versions to 20131128.
* Add a simple HTTP 1.0 GET using asio (for CRLs and OCSP)lloyd2013-11-271-0/+4
|
* Split off Unix_EntropySource's fast_poll to a new sourcelloyd2013-11-101-0/+4
|
* Remove decl of already removed functionlloyd2013-11-091-6/+0
|
* Fix EGD settings. Some cleanup and renaming.lloyd2013-11-091-8/+9
|
* Previously, AutoRNG was just a reference to the global rng, which canlloyd2013-11-084-95/+53
| | | | | | | | | | | cause a huge amount of lock contention in heavily multithreaded code. Now each AutoRNG is its own uniquely seeded HMAC_RNG. The set of entropy sources is shared rather than being per-RNG (so there is only one open fd to /dev/random, etc). So reseeding is still a global lock, but sharing the resources (open file descriptors, etc) across RNGs seems worth the contention. Remove Randpool, which was only used if HMAC_RNG was disabled at build.
* Rename ARC4 to RC4lloyd2013-04-191-1/+2
|
* Remove return value of AEAD_Mode::start as it doesn't seem necessarylloyd2013-04-033-27/+0
| | | | | | | and is an extra complication for callers. Replace the get_aead in lookup.h returning a Filter with one in aead.h returning AEAD_Mode.
* Update callerslloyd2013-03-202-4/+4
|
* Add get_aead in lookup.hlloyd2013-03-163-0/+27
|
* We would fail to cache GOST-34.11 because name() did not match whatlloyd2012-11-061-0/+1
| | | | the engine was looking it up as. Fix that and add an alias.
* Move EGD to the end of the priority list for entropy sources, as itlloyd2012-07-181-6/+6
| | | | | really is quite rare at this point given that all modern Unices have a /dev/random.
* Doxygen warning fixeslloyd2012-07-091-1/+1
|
* Doxygen commentslloyd2012-07-061-2/+2
|
* Add support (decoding only) for the CRL Distribution Point extension.lloyd2012-06-131-0/+1
|
* Drop some deprecated functionslloyd2012-06-014-185/+0
|
* Allow arbitrary ciphers and hashes with PKCS #5 v2.0. The onlylloyd2012-05-311-1/+1
| | | | | | | | | | | | | | | | | | requirement is that OIDS for "<cipher>/CBC" and "HMAC(<hash>)" are defined. This does assume the normal parameter set of just the IV, so doesn't work right for (IIRC) RC5, but we don't have an OID set for RC5/CBC anyway. Continue to default to SHA-1 plus AES-256 as prior versions of the library can't handle any hashes other than SHA-1 or any ciphers other than AES or DES. OpenSSL 1.0.0j seems to understand SHA-256 + AES-256, though. BER_Decoder::decode_optional was assuming optional values were explicitly tagged. Now, only take that behavior if the input class tag was for a context specific tagging. Remove abort call for debugging from BER_Decoder Add a new version of DER_Encoder::encode_if for single objects.
* Support for the authority information access extension, limited tolloyd2012-05-271-0/+2
| | | | | | only grabbing type 6 (URL) values for OCSP which is likely the only thing it's ever used for. Expose the value with new function X509_Certificate::ocsp_responder
* Remove the PRIVATE ASN.1 tag. Not being used outside of the prettylloyd2012-05-271-0/+2
| | | | | | | | | | | | | | printer example, and really is just CONSTRUCTED | CONTEXT_SPECIFIC. Extend the ASN.1 printer to recurse into OCTET STRINGS that contain DER, and to print enumeration values. BOTAN_DLL export some OID operators (+, !=, <) Add an OID entry for 1.3.6.1.5.5.7.48.1.1 OCSP basic response. Correct the Certificate_Policies code, it was dumping policy OIDs into the extended key usage!
* Properly align return values of mlock_allocator. Be more careful aboutlloyd2012-05-221-1/+0
| | | | | | | | | | | pointer checks as a sufficiently smart compiler might optimize way pointer comparisons otherwise. Avoid using an iterator value after we have released it from the map. Reduce the default buffer size to 1K to reduce pressure on mlock memory. Drop the old mlock wrapper code.
* Replace 0 and NULL pointer constants with nullptr. Also fix an oldlloyd2012-05-186-14/+14
| | | | style cast in secmem.h
* Fairly huge update that replaces the old secmem types with std::vectorlloyd2012-05-183-92/+0
| | | | | | using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed.
* propagate from branch 'net.randombit.botan' (head ↵lloyd2012-05-181-0/+8
|\ | | | | | | | | | | 6332543aa5a8a4cc13662008ff9ac0f0016d9a4d) to branch 'net.randombit.botan.cxx11' (head 5517c9f8f6d1990f269afb94f569a97a80c5a5f4)
| * Add support for the rdrand instruction, added in Intel's Ivy Bridgelloyd2012-04-261-0/+8
| | | | | | | | | | | | | | processors. Tested using SDE on Linux with GCC 4.6, Intel C++ 11.1, and Clang 3.0, all using the inline asm variant. I do not know if current Visual C++ has the intrinsics available or not, so it's only marked as available for those compilers at the moment.
* | propagate from branch 'net.randombit.botan.tls-state-machine' (head ↵lloyd2012-04-252-2/+98
|\ \ | | | | | | | | | | | | | | | a4741cd07f50a9e1b29b0dd97c6fb8697c038ade) to branch 'net.randombit.botan.cxx11' (head 116e5ff139c07000be431e07d3472cc8f3919b91)
| * \ propagate from branch 'net.randombit.botan' (head ↵lloyd2012-04-241-3/+17
| |\ \ | | |/ | |/| | | | | | | | | | 494c5d548ce3f370c2b771ca6b11e5f41e720da2) to branch 'net.randombit.botan.tls-state-machine' (head b2cd26ff6f093caa79aecb2d674205f45b6aadff)
| | * propagate from branch 'net.randombit.botan' (head ↵lloyd2012-04-052-2/+98
| | |\ | | | | | | | | | | | | | | | | | | | | 91305e3daaae9ea8a1786daf058d961991c68251) to branch 'net.randombit.botan.tls-state-machine' (head 474a00b316f5b21a4e56033d4d990d87d9d3eed6)
| * | | Patrick Pelletier pointed out the hook for Qt_Mutex in libstate.cpplloyd2012-04-231-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | was broken, and after fixing that and trying to compile the module it becamse clear that the Qt mutex did not work at all with recent Qt versions. Taking this as a clear indicator that it is not being used, remove it.
| * | | Fix various typos, and remove an unused macro in checks/bench.cpplloyd2012-04-231-1/+1
| | |/ | |/| | | | | | | All reported by Patrick Pelletier.
| * | Remove the client SRP6 class, really free standing functions are finelloyd2012-04-051-0/+84
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | for this. Add a new function that identifies a named SRP group from the N/g params - this is important as we need to verify the SRP groups, the easiest way to do that is to to force them to be a known/published value. Add the 1536, 3072, 4096, 6144, and 8192 bit groups from RFC 5054
| * | Allow the semi-standard but rarely used 1.3.132.1.12 OID for ECDH keyslloyd2012-02-211-1/+13
| | | | | | | | | | | | | | | on decoding by default, and add a comment showing how to enable it for encoding.
* | | propagate from branch 'net.randombit.botan' (head ↵lloyd2012-02-201-1/+1
|\| | | | | | | | | | | | | | | | | c247a55e7c0bcd239fcfc672139b59ef63d7ee84) to branch 'net.randombit.botan.cxx11' (head 16d7756c6b8933d0d543ebdda9c7e8f4908a4a33)
| * | Be more conservative about entropy estimates. In particular, insteadlloyd2012-02-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | of giving /dev/random, EGD, and CryptoAPI a full 8 bits per byte of entropy, estimate at 6 bits. In the proc walker, allow more files to be read, read more of any particular file, and count each bit for 1/10 as much as before. Reading more of the file seems especially valuable, as some files are quite random, whereas others are very static, and this should ensure we read more of the actually unpredictable inputs. Prefer /dev/random over /dev/urandom
* | | propagate from branch 'net.randombit.botan.tls-state-machine' (head ↵lloyd2012-02-206-138/+52
|\ \ \ | |_|/ |/| | | | | | | | | | | 0ceb9cde62a2b3614901ae85a53546d9fc641326) to branch 'net.randombit.botan.cxx11' (head 777e65950ef3706a82e5df20dcca7fcc999ca533)
| * | propagate from branch 'net.randombit.botan' (head ↵lloyd2011-12-181-0/+25
| |\| | | | | | | | | | | | | | | | 39f53266912f33dc48e942b1b865ddcd6af66d8d) to branch 'net.randombit.botan.cxx11' (head 0bf26cec09f71e75c547b4ec53365748c6d80d86)
| * | propagate from branch 'net.randombit.botan' (head ↵lloyd2011-06-136-138/+52
| |\ \ | | | | | | | | | | | | | | | | | | | | 150bd11dd8090559ee1e83394b8283bf93a018de) to branch 'net.randombit.botan.c++0x' (head 7480693bb3f1e8a4e039a3e7ba3d9a7007f9730e)
| | * \ propagate from branch 'net.randombit.botan' (head ↵lloyd2011-03-081-0/+5
| | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | dd068808e5bf87c982765a8bcc314996053a5bdd) to branch 'net.randombit.botan.c++0x' (head 34696d52a8148d64f7021b3e193fc56f051b9dd2)
| | * \ \ propagate from branch 'net.randombit.botan' (head ↵lloyd2011-02-116-138/+52
| | |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 13a0d36dac3709f3cb88e830ed7f8cab9e7433ab) to branch 'net.randombit.botan.c++0x' (head 2221ad8796466e7e096645de77ba856a9c902d14)
| | | * \ \ propagate from branch 'net.randombit.botan' (head ↵lloyd2010-11-046-138/+52
| | | |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 303b2518a80553214b1e5ab4d9b96ef54629cbc7) to branch 'net.randombit.botan.c++0x' (head d734eefabe4816be4dd3e3e6e7bb13b7ab5be148)
| | | | * \ \ propagate from branch 'net.randombit.botan' (head ↵lloyd2010-10-281-1/+0
| | | | |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2841fb518e20d2fe0a374e4f6b08bdbb14d5d158) to branch 'net.randombit.botan.c++0x' (head 0b9275139d6346bd3aa28d63bf8b8a03851d853d)
| | | | * \ \ \ propagate from branch 'net.randombit.botan' (head ↵lloyd2010-10-136-138/+52
| | | | |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2898d79f992f27a328a3e41d34b46eb1052da0de) to branch 'net.randombit.botan.c++0x' (head 6cba76268fd69a73195760c021b7f881b8a6552c)
| | | | | * \ \ \ propagate from branch 'net.randombit.botan' (head ↵lloyd2010-09-036-138/+52
| | | | | |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a29c41b4a949207b1544096c3afab668f8b5179e) to branch 'net.randombit.botan.c++0x' (head a9d0c2f805b3c20a4c648575d7256959db8329fe)
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-23 18:31:12 +0000