Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Change http://botan.randombit.net to https URIs | Jack Lloyd | 2017-09-01 | 4 | -6/+6 |
| | | | | | | Not a big deal since the site already uses HSTS, but whatever. [ci skip] | ||||
* | Add a CLI util for inspecting TLS client hellos | Jack Lloyd | 2017-09-01 | 1 | -0/+111 |
| | |||||
* | De-inline accessor functions in Client_Hello type | Jack Lloyd | 2017-09-01 | 2 | -93/+130 |
| | | | | | This class is exposed but the extension types aren't, so calls to these functions from outside the library would not link. | ||||
* | Fix --error-output= option to cli | Jack Lloyd | 2017-09-01 | 1 | -3/+3 |
| | | | | [ci skip] | ||||
* | Merge GH #1173 Correct TLS signature hash policy check | Jack Lloyd | 2017-09-01 | 5 | -18/+62 |
|\ | |||||
| * | Don't try enforcing the hash policy for PSK ciphersuites | Jack Lloyd | 2017-09-01 | 1 | -1/+1 |
| | | | | | | | | Since we don't end up signing anything in any case. | ||||
| * | Enforce signature hash policy properly | Jack Lloyd | 2017-08-31 | 5 | -18/+62 |
| | | | | | | | | | | | | | | | | Previously if the client did not send signature_algorithms, or if it only included algos not in the policy, we would just fallback to the hardcoded SHA-1 default of TLS v1.2 Instead check the policy before accepting anything. | ||||
* | | Merge GH #1174 Simplify AppVeyor build config closes #1172 | Jack Lloyd | 2017-09-01 | 1 | -50/+22 |
|\ \ | |||||
| * | | Simplifiy AppVeyor config, single debug build on VC2017 | Jack Lloyd | 2017-09-01 | 1 | -50/+22 |
| |/ | |||||
* / | Just skip Sonar build if SONAR_TOKEN is not set | Jack Lloyd | 2017-09-01 | 1 | -10/+5 |
|/ | | | | | | This is the case for a PR coming from an external repo [ci skip] | ||||
* | Rename file to match conventions | Jack Lloyd | 2017-08-31 | 1 | -0/+0 |
| | | | | [ci skip] | ||||
* | Fix missing virtual destructor on CSP_Handle | Jack Lloyd | 2017-08-31 | 3 | -3/+4 |
| | | | | Caught by GCC cross compiling. Also fix a couple 0-as-null warnings. | ||||
* | Remove python3 dep from cli_tests | Jack Lloyd | 2017-08-31 | 1 | -1/+1 |
| | | | | It runs fine under python2 | ||||
* | Simplify RNG logic in CLI a bit | Jack Lloyd | 2017-08-31 | 2 | -15/+13 |
| | |||||
* | Merge GH #1169 Add LLVM bitcode target | Jack Lloyd | 2017-08-31 | 13 | -88/+133 |
|\ | |||||
| * | Work around limitation in old GCC and Clang | Jack Lloyd | 2017-08-31 | 1 | -1/+1 |
| | | |||||
| * | Add support for fuzzing with KLEE | Jack Lloyd | 2017-08-30 | 2 | -2/+18 |
| | | | | | | | | | | | | For the fuzzers, builds an object and then links in a second step, because we need that to link the fuzzer binaries for LLVM. (Clang will emit bitcode for us, but doesn't want to link it.) | ||||
| * | Add support for LLVM bitcode target | Jack Lloyd | 2017-08-30 | 9 | -17/+34 |
| | | |||||
| * | Refactor RNG seeding logic in command line interface | Jack Lloyd | 2017-08-30 | 2 | -69/+81 |
| | | | | | | | | | | This is needed for LLVM which doesn't have any usable entropy sources. Also useful for determinsitic private key creation, etc. | ||||
* | | Make shellcheck happy | Jack Lloyd | 2017-08-31 | 1 | -6/+0 |
| | | | | | | | | | | I have no idea if an empty if/then/fi block in shell is valid or not but anyway shellcheck doesn't like it so remove it. | ||||
* | | Fix a few more MSVC warnings | Jack Lloyd | 2017-08-31 | 3 | -5/+5 |
| | | |||||
* | | Merge GH #1171 Fix various MSVC warnings | Jack Lloyd | 2017-08-31 | 42 | -101/+136 |
|\ \ | |||||
| * | | More MSVC warnings fixes | Jack Lloyd | 2017-08-31 | 15 | -25/+34 |
| | | | |||||
| * | | Fix various MSVC warnings | Jack Lloyd | 2017-08-31 | 28 | -76/+102 |
| |/ | | | | | | | Based on VC2017 output | ||||
* | | Avoid variable overwrite | Jack Lloyd | 2017-08-31 | 1 | -7/+7 |
| | | | | | | | | I hate (and always forget) how Python list comprehensions leak the iteration variable. | ||||
* | | Ensure --unsafe-fuzzer-mode builds | Jack Lloyd | 2017-08-31 | 1 | -0/+2 |
| | | |||||
* | | Some attempts at speeding up CI | Jack Lloyd | 2017-08-31 | 2 | -11/+8 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | First do amalgamation build on static instead of shared build. This is arbitrary, except that we do 3 shared builds, and only one static lib build, and the amalgamation kind of screws up ccache. Also avoid installing LZMA or Python3 on OS X. Just running Homebrew to install turns out to be significantly more expensive than either building the library or running the tests (!). Removes the workaround for homebrew #42553 because apparently it is fixed now. | ||||
* | | Use multiprocessing in the fuzzer test script | Jack Lloyd | 2017-08-31 | 1 | -29/+37 |
|/ | | | | Improved performance from ~48 seconds to ~10 seconds on my machine. | ||||
* | Slight cleanup in Curve25519_PrivateKey constructor | Jack Lloyd | 2017-08-29 | 1 | -8/+6 |
| | |||||
* | Remove unused include | Jack Lloyd | 2017-08-29 | 1 | -1/+0 |
| | |||||
* | Avoid having variable named m_emsa twice in class hierarchy | Jack Lloyd | 2017-08-29 | 2 | -8/+16 |
| | | | | | | | | In fact the variable was only used if we use deterministic nonces, and just to extract the hash name. So just do that once, and only if we are not using random nonces. Flagged by Sonar | ||||
* | Fix a valgrind const-time error in ISO 9796 padding | Jack Lloyd | 2017-08-29 | 1 | -2/+7 |
| | | | | It didn't unpoison the output values. | ||||
* | Try to get Sonar to look at header files | Jack Lloyd | 2017-08-29 | 1 | -1/+2 |
| | |||||
* | Avoid false positive valgrind in TLS CBC decryption | Jack Lloyd | 2017-08-29 | 1 | -2/+2 |
| | | | | | | We poisoned the record before decrypting it, which caused failures with Camellia ciphersuites (or AES, on platforms that use T-tables). Instead poison it right after decrypting. | ||||
* | Revert f16c3df4fc4ed | Jack Lloyd | 2017-08-29 | 1 | -1/+1 |
| | | | | Substantially more work required to get Sonar to report coverage | ||||
* | Seems Sonar wants coverage info | Jack Lloyd | 2017-08-29 | 1 | -1/+1 |
| | |||||
* | For cross builds, build everything but test only a limited subset | Jack Lloyd | 2017-08-29 | 1 | -6/+13 |
| | | | | | | | | | Problem is running everything under qemu takes too long. But compiling everything will help catch some issues, and then we just restrict tests to those that complete quickly and/or are very important and/or excercise system specific code. Also add -j flag to make, got lost at some point. | ||||
* | Avoid math on booleans | Jack Lloyd | 2017-08-29 | 1 | -3/+3 |
| | | | | Sonar find | ||||
* | Avoid catching by value | Jack Lloyd | 2017-08-29 | 1 | -1/+1 |
| | | | | Sonar find | ||||
* | In OCSP::CertID don't crash if SHA-1 not available | Jack Lloyd | 2017-08-29 | 1 | -1/+1 |
| | | | | Caught with Sonar | ||||
* | Avoid `throw new Exception` | Jack Lloyd | 2017-08-29 | 1 | -1/+1 |
| | | | | Caught by Sonar, once I managed to wade through the noise. | ||||
* | Use Xenial ccache on Travis | Jack Lloyd | 2017-08-29 | 1 | -4/+4 |
| | | | | | The Trusty ccache is too old and apparently ignores our ccache env variables. | ||||
* | Drop CircleCI | Jack Lloyd | 2017-08-29 | 5 | -50/+0 |
| | | | | | | | It wasn't buying us much (just replicating a subset of Travis) and after futzing with it for several hours yesterday trying to get it to run via the Python script and running into all kinds of dumb problems, I am officially not a fan. | ||||
* | Rename (and fix) Sonar target | Jack Lloyd | 2017-08-29 | 3 | -6/+6 |
| | |||||
* | Rename Travis setup script | Jack Lloyd | 2017-08-29 | 1 | -0/+0 |
| | |||||
* | Further fixes to ci build script | Jack Lloyd | 2017-08-29 | 3 | -58/+99 |
| | |||||
* | OpenSSL module requires public key code be enabled in build | Jack Lloyd | 2017-08-29 | 1 | -0/+4 |
| | |||||
* | Skip PKCS11 tests if SoftHSM library isn't there | Jack Lloyd | 2017-08-29 | 1 | -3/+7 |
| | |||||
* | We've always been at war with shell scripts | Jack Lloyd | 2017-08-29 | 8 | -415/+208 |
| | |||||
* | CI build using Python script to orchestrate | Jack Lloyd | 2017-08-29 | 2 | -1/+259 |
| | | | | Slightly incomplete |