Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Include correct header for getenv. GH #99 | joerg | 2015-05-24 | 1 | -0/+1 |
| | |||||
* | Correct buffering logic in compression filter. GH issue #93 pull #95 | eric.cornelius | 2015-05-16 | 2 | -3/+4 |
| | | | | Found and fixed by Eric Cornelius <[email protected]> | ||||
* | Fix various bugs found by Coverity scanner. | lloyd | 2015-05-15 | 14 | -23/+39 |
| | | | | | | | Uninitialized variables, missing divide by zero checks, missing virtual destructor, etc. Only thing serious is bug in TLS maximum fragment decoder; missing breaks in switch statement meant receiver would treat any negotiated max frament as 4k limit. | ||||
* | Remove RC4 (and all support for stream ciphers) from TLS | lloyd | 2015-05-15 | 4 | -54/+9 |
| | |||||
* | Return null instead of throwing if compressor obj not available | lloyd | 2015-05-13 | 1 | -1/+3 |
| | |||||
* | Add tests for compression and SRP. | lloyd | 2015-05-13 | 6 | -4/+176 |
| | | | | | | | | Fix zlib decompression which was not ignoring Z_BUF_ERROR which is harmless in this context as process is already checking avail_in and avail_out after run returns. Bump version to 1.11.17 | ||||
* | Add Coverity scan to Travis. | lloyd | 2015-05-13 | 1 | -1/+1 |
| | |||||
* | Build fix | lloyd | 2015-05-12 | 1 | -2/+2 |
| | |||||
* | Use static amalgamation build for AppVeyor as the static library | lloyd | 2015-05-12 | 1 | -1/+1 |
| | | | | is more likely to run into problems. Discussion in GH #52 #88 | ||||
* | Move AppVeyor yml | lloyd | 2015-05-12 | 1 | -0/+9 |
| | |||||
* | Skip the NIST X.509 tests if the FS code is not available. Previously | lloyd | 2015-05-12 | 1 | -1/+8 |
| | | | | would fail with a very unhelpful message. | ||||
* | The BUILD_MODE env var was not being passed through sudo by default | lloyd | 2015-05-12 | 1 | -8/+8 |
| | | | | | | which broke coverage testing. Instead run the setup script as the regular user and use sudo for specific commands, which seems cleaner anyway. | ||||
* | Shell is not my favorite language | lloyd | 2015-05-12 | 2 | -4/+2 |
| | |||||
* | Fix lcov script | lloyd | 2015-05-11 | 1 | -2/+0 |
| | |||||
* | Fix compare | lloyd | 2015-05-11 | 1 | -1/+1 |
| | |||||
* | Typo | lloyd | 2015-05-11 | 1 | -1/+1 |
| | |||||
* | Add coveralls.io support based on GH #91 by cordney | lloyd | 2015-05-11 | 3 | -0/+49 |
| | | | | Move the more complex CI logic to scripts instead of yaml | ||||
* | Change `make_compressor` and `make_decompressor` to return a | lloyd | 2015-05-10 | 2 | -39/+49 |
| | | | | | compression type instead of the base transform class. Add some final annotations. | ||||
* | Change zlib to use Z_SYNC_FLUSH instead of Z_FULL_FLUSH for flushing. | lloyd | 2015-05-10 | 1 | -1/+1 |
| | | | | | This lets flush work for decompression also, and more generally provides what an application wants from a mid-stream compression flush. | ||||
* | Compression filters were not sizing buffer, causing no input to | lloyd | 2015-05-07 | 2 | -11/+16 |
| | | | | be consumed. GH #89 | ||||
* | Comparison was inverted | lloyd | 2015-04-28 | 1 | -1/+5 |
| | |||||
* | Add .exe suffix to MinGW and Cygwin binaries also | lloyd | 2015-04-27 | 3 | -0/+4 |
| | |||||
* | Disable tls_client on MinGW, missing netdb.h GH#82 | joerg | 2015-04-27 | 1 | -1/+1 |
| | |||||
* | Use available MinGW APIs (CryptoAPI and Unix-style fds). GH#84 | joerg | 2015-04-27 | 2 | -1/+3 |
| | |||||
* | Add evbarm as platform alias for NetBSD. GH#81 | joerg | 2015-04-27 | 1 | -0/+1 |
| | |||||
* | Fix spaces vs tabs in makefile template. GH#78 | lloyd | 2015-04-18 | 1 | -1/+1 |
| | |||||
* | Fix | lloyd | 2015-04-12 | 1 | -1/+1 |
| | |||||
* | Remove the stray binary character making Python3 unhappy, remove | lloyd | 2015-04-12 | 1 | -3/+2 |
| | | | | encoding= flags since they are not needed anymore and broke Python2. | ||||
* | Add coverage checking with gcov/lcov | lloyd | 2015-04-12 | 4 | -2/+9 |
| | |||||
* | Fix code that triggers a strange MSVC 'performance warning' | git | 2015-04-08 | 4 | -5/+5 |
| | | | | Github pull 74 from Chris Desjardins | ||||
* | Add new IETF ChaCha suites | lloyd | 2015-04-04 | 1 | -7/+29 |
| | |||||
* | Key agreement was missing the return check, add it to get_pk_op instead | lloyd | 2015-03-29 | 1 | -17/+11 |
| | |||||
* | Disable OpenSSL RSA by default until the test issues are worked out | lloyd | 2015-03-28 | 1 | -2/+2 |
| | | | | | (OpenSSL's PKCS/OAEP padding code naturally ignores our RNG, so we cannot fix the nonces for encryption). | ||||
* | Cleanups | lloyd | 2015-03-23 | 2 | -16/+11 |
| | |||||
* | Avoid putting very small values in mlock memory | lloyd | 2015-03-23 | 2 | -3/+9 |
| | |||||
* | Move the signature padding schemes to the PK operation classes, | lloyd | 2015-03-23 | 14 | -366/+393 |
| | | | | | | | | | as was previously done with encrypt/decrypt ops. One feature dropped on the floor here is previously PK_Signer by default did verification of signatures before releasing them as an measure against fault attacks. However in addition to being expensive this turned out to be difficult to implement with the new scheme. | ||||
* | RSA encrypt and decrypt using OpenSSL | lloyd | 2015-03-23 | 1 | -0/+148 |
| | |||||
* | Fix rare test failure in pubkey. | lloyd | 2015-03-22 | 1 | -1/+4 |
| | | | | | | | | The pubkey encrypt/decrypt test function tests various randomly corrupted ciphertexts to ensure none of them decrypt. On rare occasions PKCS #1 v1.5 does legitimately fail this test, but, well, PKCS v1.5 isn't a very good padding scheme. When this test fails and the pad is PKCS, log the values but don't actually fail the test since this is an expected behavior of PKCS padding. | ||||
* | Add ALPN (RFC 7301) and remove NPN | lloyd | 2015-03-20 | 21 | -343/+169 |
| | |||||
* | Windows fix | lloyd | 2015-03-20 | 2 | -5/+4 |
| | |||||
* | Add timeouts to HMAC_RNG entropy polling | lloyd | 2015-03-18 | 3 | -62/+63 |
| | |||||
* | Add HKDF(SHA-512) test vectors | lloyd | 2015-03-18 | 1 | -17/+51 |
| | |||||
* | This check doesn't make sense as the entropy source is shared | lloyd | 2015-03-18 | 1 | -15/+6 |
| | |||||
* | Remove the shared IO buffer from EntropySource_Accumulator. | lloyd | 2015-03-18 | 13 | -60/+51 |
| | | | | Instead each source that needs a buffer maintains their own. | ||||
* | I just now assumed configure.py --os=osx would work, and I'm probably not ↵ | lloyd | 2015-03-15 | 1 | -0/+1 |
| | | | | the first. | ||||
* | Consider AES-NI as implying SSSE3 which lets us merge two of the | lloyd | 2015-03-15 | 3 | -3/+3 |
| | | | | | | amalgamation objects (aes_ni and clmul). The real advantage is for the static link, as GCM will pull in clmul via its reference, which is sufficient to also pull the AES impl into the link. | ||||
* | In PK encrypt/decrypt move pad calls to the operation. This allows an | lloyd | 2015-03-14 | 13 | -154/+284 |
| | | | | | | | | | op to use a padding scheme outside of our knowledge or control, for instance an OpenSSL RSA op which uses OpenSSL's padding code. Similar change for key agreement and KDFs for the same reason. Add an EME_Raw type; previously this operation was implicit in the code in pubkey.cpp | ||||
* | Specify class name for static function | lloyd | 2015-03-13 | 1 | -1/+1 |
| | |||||
* | Fix clmul which was broken by amalgamation ISA split. | lloyd | 2015-03-12 | 2 | -2/+2 |
| | | | | | Change GCM update granularity to BS (16) which is sufficient for GCM and more convenient to callers | ||||
* | Externalize the state of a RFC 6979 nonce computation. | lloyd | 2015-03-12 | 6 | -32/+94 |
| | | | | | | | | | | | | This lets you amortize quite a few memory allocations (RNG, various BigInts, etc) over many nonce generations. Change generate_rfc6979_nonce to just instantiate one of these states, call the function once, and return. This doesn't have any additional overhead versus the previous implementation of this function. Fix HMAC_DRBG to correctly reset its state to its starting position when you call clear() on it. |