Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Avoid using std::cout and std::cerr within cli code | Jack Lloyd | 2017-09-02 | 5 | -85/+87 |
| | | | | Prevents redirection using --output and --error-output | ||||
* | Output errors to cerr | Jack Lloyd | 2017-09-02 | 1 | -4/+4 |
| | |||||
* | Avoid using <iostream> header within the library | Jack Lloyd | 2017-09-02 | 2 | -2/+4 |
| | | | | We only need <istream> + <ostream> here | ||||
* | Clean up fuzzer code a bit | Jack Lloyd | 2017-09-02 | 5 | -46/+34 |
| | | | | | If we ever output something to the terminal it should be because we are crashing. | ||||
* | Merge GH #1179 Support negative base in power_mod closes #1168 | Jack Lloyd | 2017-09-02 | 3 | -3/+44 |
|\ | |||||
| * | Support a negative base in power_mod | Jack Lloyd | 2017-09-02 | 3 | -3/+44 |
| | | | | | | | | Closes #1168 | ||||
* | | Merge GH #1178 Use botan-ci-tools repo for binaries needed by CI | Jack Lloyd | 2017-09-02 | 1 | -11/+14 |
|\ \ | |/ |/| | |||||
| * | Fix qemu package | Jack Lloyd | 2017-09-02 | 1 | -1/+1 |
| | | | | | | | | The qemu-user-static package installs them under different names. | ||||
| * | Use botan-ci-tools repo for packages | Jack Lloyd | 2017-09-02 | 1 | -11/+14 |
| | | | | | | | | | | | | | | | | | | | | | | Largely the goal with that is to reduce dependencies, especially removing www.randombit.net from the critical path for CI. Other marginally related attempts at speeding up CI - Only install qemu-user-static (which should be all we need) instead of the full qemu metapackage. - Avoid running brew update, all we need is ccache and really any version is fine. | ||||
* | | Add --dump-traces option to tls_server | Jack Lloyd | 2017-09-02 | 2 | -2/+19 |
| | | |||||
* | | Add a script for running TLS-Attacker, remove old shell scripts | Jack Lloyd | 2017-09-02 | 15 | -163/+202 |
| | | | | | | | | [ci skip] | ||||
* | | Sort isa_extensions lists [ci skip] | Simon Warta | 2017-09-02 | 4 | -14/+11 |
|/ | | | | this removes the duplicate "sha" in x86_64 | ||||
* | Change http://botan.randombit.net to https URIs | Jack Lloyd | 2017-09-01 | 4 | -6/+6 |
| | | | | | | Not a big deal since the site already uses HSTS, but whatever. [ci skip] | ||||
* | Add a CLI util for inspecting TLS client hellos | Jack Lloyd | 2017-09-01 | 1 | -0/+111 |
| | |||||
* | De-inline accessor functions in Client_Hello type | Jack Lloyd | 2017-09-01 | 2 | -93/+130 |
| | | | | | This class is exposed but the extension types aren't, so calls to these functions from outside the library would not link. | ||||
* | Fix --error-output= option to cli | Jack Lloyd | 2017-09-01 | 1 | -3/+3 |
| | | | | [ci skip] | ||||
* | Merge GH #1173 Correct TLS signature hash policy check | Jack Lloyd | 2017-09-01 | 5 | -18/+62 |
|\ | |||||
| * | Don't try enforcing the hash policy for PSK ciphersuites | Jack Lloyd | 2017-09-01 | 1 | -1/+1 |
| | | | | | | | | Since we don't end up signing anything in any case. | ||||
| * | Enforce signature hash policy properly | Jack Lloyd | 2017-08-31 | 5 | -18/+62 |
| | | | | | | | | | | | | | | | | Previously if the client did not send signature_algorithms, or if it only included algos not in the policy, we would just fallback to the hardcoded SHA-1 default of TLS v1.2 Instead check the policy before accepting anything. | ||||
* | | Merge GH #1174 Simplify AppVeyor build config closes #1172 | Jack Lloyd | 2017-09-01 | 1 | -50/+22 |
|\ \ | |||||
| * | | Simplifiy AppVeyor config, single debug build on VC2017 | Jack Lloyd | 2017-09-01 | 1 | -50/+22 |
| |/ | |||||
* / | Just skip Sonar build if SONAR_TOKEN is not set | Jack Lloyd | 2017-09-01 | 1 | -10/+5 |
|/ | | | | | | This is the case for a PR coming from an external repo [ci skip] | ||||
* | Rename file to match conventions | Jack Lloyd | 2017-08-31 | 1 | -0/+0 |
| | | | | [ci skip] | ||||
* | Fix missing virtual destructor on CSP_Handle | Jack Lloyd | 2017-08-31 | 3 | -3/+4 |
| | | | | Caught by GCC cross compiling. Also fix a couple 0-as-null warnings. | ||||
* | Remove python3 dep from cli_tests | Jack Lloyd | 2017-08-31 | 1 | -1/+1 |
| | | | | It runs fine under python2 | ||||
* | Simplify RNG logic in CLI a bit | Jack Lloyd | 2017-08-31 | 2 | -15/+13 |
| | |||||
* | Merge GH #1169 Add LLVM bitcode target | Jack Lloyd | 2017-08-31 | 13 | -88/+133 |
|\ | |||||
| * | Work around limitation in old GCC and Clang | Jack Lloyd | 2017-08-31 | 1 | -1/+1 |
| | | |||||
| * | Add support for fuzzing with KLEE | Jack Lloyd | 2017-08-30 | 2 | -2/+18 |
| | | | | | | | | | | | | For the fuzzers, builds an object and then links in a second step, because we need that to link the fuzzer binaries for LLVM. (Clang will emit bitcode for us, but doesn't want to link it.) | ||||
| * | Add support for LLVM bitcode target | Jack Lloyd | 2017-08-30 | 9 | -17/+34 |
| | | |||||
| * | Refactor RNG seeding logic in command line interface | Jack Lloyd | 2017-08-30 | 2 | -69/+81 |
| | | | | | | | | | | This is needed for LLVM which doesn't have any usable entropy sources. Also useful for determinsitic private key creation, etc. | ||||
* | | Make shellcheck happy | Jack Lloyd | 2017-08-31 | 1 | -6/+0 |
| | | | | | | | | | | I have no idea if an empty if/then/fi block in shell is valid or not but anyway shellcheck doesn't like it so remove it. | ||||
* | | Fix a few more MSVC warnings | Jack Lloyd | 2017-08-31 | 3 | -5/+5 |
| | | |||||
* | | Merge GH #1171 Fix various MSVC warnings | Jack Lloyd | 2017-08-31 | 42 | -101/+136 |
|\ \ | |||||
| * | | More MSVC warnings fixes | Jack Lloyd | 2017-08-31 | 15 | -25/+34 |
| | | | |||||
| * | | Fix various MSVC warnings | Jack Lloyd | 2017-08-31 | 28 | -76/+102 |
| |/ | | | | | | | Based on VC2017 output | ||||
* | | Avoid variable overwrite | Jack Lloyd | 2017-08-31 | 1 | -7/+7 |
| | | | | | | | | I hate (and always forget) how Python list comprehensions leak the iteration variable. | ||||
* | | Ensure --unsafe-fuzzer-mode builds | Jack Lloyd | 2017-08-31 | 1 | -0/+2 |
| | | |||||
* | | Some attempts at speeding up CI | Jack Lloyd | 2017-08-31 | 2 | -11/+8 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | First do amalgamation build on static instead of shared build. This is arbitrary, except that we do 3 shared builds, and only one static lib build, and the amalgamation kind of screws up ccache. Also avoid installing LZMA or Python3 on OS X. Just running Homebrew to install turns out to be significantly more expensive than either building the library or running the tests (!). Removes the workaround for homebrew #42553 because apparently it is fixed now. | ||||
* | | Use multiprocessing in the fuzzer test script | Jack Lloyd | 2017-08-31 | 1 | -29/+37 |
|/ | | | | Improved performance from ~48 seconds to ~10 seconds on my machine. | ||||
* | Slight cleanup in Curve25519_PrivateKey constructor | Jack Lloyd | 2017-08-29 | 1 | -8/+6 |
| | |||||
* | Remove unused include | Jack Lloyd | 2017-08-29 | 1 | -1/+0 |
| | |||||
* | Avoid having variable named m_emsa twice in class hierarchy | Jack Lloyd | 2017-08-29 | 2 | -8/+16 |
| | | | | | | | | In fact the variable was only used if we use deterministic nonces, and just to extract the hash name. So just do that once, and only if we are not using random nonces. Flagged by Sonar | ||||
* | Fix a valgrind const-time error in ISO 9796 padding | Jack Lloyd | 2017-08-29 | 1 | -2/+7 |
| | | | | It didn't unpoison the output values. | ||||
* | Try to get Sonar to look at header files | Jack Lloyd | 2017-08-29 | 1 | -1/+2 |
| | |||||
* | Avoid false positive valgrind in TLS CBC decryption | Jack Lloyd | 2017-08-29 | 1 | -2/+2 |
| | | | | | | We poisoned the record before decrypting it, which caused failures with Camellia ciphersuites (or AES, on platforms that use T-tables). Instead poison it right after decrypting. | ||||
* | Revert f16c3df4fc4ed | Jack Lloyd | 2017-08-29 | 1 | -1/+1 |
| | | | | Substantially more work required to get Sonar to report coverage | ||||
* | Seems Sonar wants coverage info | Jack Lloyd | 2017-08-29 | 1 | -1/+1 |
| | |||||
* | For cross builds, build everything but test only a limited subset | Jack Lloyd | 2017-08-29 | 1 | -6/+13 |
| | | | | | | | | | Problem is running everything under qemu takes too long. But compiling everything will help catch some issues, and then we just restrict tests to those that complete quickly and/or are very important and/or excercise system specific code. Also add -j flag to make, got lost at some point. | ||||
* | Avoid math on booleans | Jack Lloyd | 2017-08-29 | 1 | -3/+3 |
| | | | | Sonar find |