aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Change http://botan.randombit.net to https URIsJack Lloyd2017-09-014-6/+6
| | | | | | Not a big deal since the site already uses HSTS, but whatever. [ci skip]
* Add a CLI util for inspecting TLS client hellosJack Lloyd2017-09-011-0/+111
|
* De-inline accessor functions in Client_Hello typeJack Lloyd2017-09-012-93/+130
| | | | | This class is exposed but the extension types aren't, so calls to these functions from outside the library would not link.
* Fix --error-output= option to cliJack Lloyd2017-09-011-3/+3
| | | | [ci skip]
* Merge GH #1173 Correct TLS signature hash policy checkJack Lloyd2017-09-015-18/+62
|\
| * Don't try enforcing the hash policy for PSK ciphersuitesJack Lloyd2017-09-011-1/+1
| | | | | | | | Since we don't end up signing anything in any case.
| * Enforce signature hash policy properlyJack Lloyd2017-08-315-18/+62
| | | | | | | | | | | | | | | | Previously if the client did not send signature_algorithms, or if it only included algos not in the policy, we would just fallback to the hardcoded SHA-1 default of TLS v1.2 Instead check the policy before accepting anything.
* | Merge GH #1174 Simplify AppVeyor build config closes #1172Jack Lloyd2017-09-011-50/+22
|\ \
| * | Simplifiy AppVeyor config, single debug build on VC2017Jack Lloyd2017-09-011-50/+22
| |/
* / Just skip Sonar build if SONAR_TOKEN is not setJack Lloyd2017-09-011-10/+5
|/ | | | | | This is the case for a PR coming from an external repo [ci skip]
* Rename file to match conventionsJack Lloyd2017-08-311-0/+0
| | | | [ci skip]
* Fix missing virtual destructor on CSP_HandleJack Lloyd2017-08-313-3/+4
| | | | Caught by GCC cross compiling. Also fix a couple 0-as-null warnings.
* Remove python3 dep from cli_testsJack Lloyd2017-08-311-1/+1
| | | | It runs fine under python2
* Simplify RNG logic in CLI a bitJack Lloyd2017-08-312-15/+13
|
* Merge GH #1169 Add LLVM bitcode targetJack Lloyd2017-08-3113-88/+133
|\
| * Work around limitation in old GCC and ClangJack Lloyd2017-08-311-1/+1
| |
| * Add support for fuzzing with KLEEJack Lloyd2017-08-302-2/+18
| | | | | | | | | | | | For the fuzzers, builds an object and then links in a second step, because we need that to link the fuzzer binaries for LLVM. (Clang will emit bitcode for us, but doesn't want to link it.)
| * Add support for LLVM bitcode targetJack Lloyd2017-08-309-17/+34
| |
| * Refactor RNG seeding logic in command line interfaceJack Lloyd2017-08-302-69/+81
| | | | | | | | | | This is needed for LLVM which doesn't have any usable entropy sources. Also useful for determinsitic private key creation, etc.
* | Make shellcheck happyJack Lloyd2017-08-311-6/+0
| | | | | | | | | | I have no idea if an empty if/then/fi block in shell is valid or not but anyway shellcheck doesn't like it so remove it.
* | Fix a few more MSVC warningsJack Lloyd2017-08-313-5/+5
| |
* | Merge GH #1171 Fix various MSVC warningsJack Lloyd2017-08-3142-101/+136
|\ \
| * | More MSVC warnings fixesJack Lloyd2017-08-3115-25/+34
| | |
| * | Fix various MSVC warningsJack Lloyd2017-08-3128-76/+102
| |/ | | | | | | Based on VC2017 output
* | Avoid variable overwriteJack Lloyd2017-08-311-7/+7
| | | | | | | | I hate (and always forget) how Python list comprehensions leak the iteration variable.
* | Ensure --unsafe-fuzzer-mode buildsJack Lloyd2017-08-311-0/+2
| |
* | Some attempts at speeding up CIJack Lloyd2017-08-312-11/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | First do amalgamation build on static instead of shared build. This is arbitrary, except that we do 3 shared builds, and only one static lib build, and the amalgamation kind of screws up ccache. Also avoid installing LZMA or Python3 on OS X. Just running Homebrew to install turns out to be significantly more expensive than either building the library or running the tests (!). Removes the workaround for homebrew #42553 because apparently it is fixed now.
* | Use multiprocessing in the fuzzer test scriptJack Lloyd2017-08-311-29/+37
|/ | | | Improved performance from ~48 seconds to ~10 seconds on my machine.
* Slight cleanup in Curve25519_PrivateKey constructorJack Lloyd2017-08-291-8/+6
|
* Remove unused includeJack Lloyd2017-08-291-1/+0
|
* Avoid having variable named m_emsa twice in class hierarchyJack Lloyd2017-08-292-8/+16
| | | | | | | | In fact the variable was only used if we use deterministic nonces, and just to extract the hash name. So just do that once, and only if we are not using random nonces. Flagged by Sonar
* Fix a valgrind const-time error in ISO 9796 paddingJack Lloyd2017-08-291-2/+7
| | | | It didn't unpoison the output values.
* Try to get Sonar to look at header filesJack Lloyd2017-08-291-1/+2
|
* Avoid false positive valgrind in TLS CBC decryptionJack Lloyd2017-08-291-2/+2
| | | | | | We poisoned the record before decrypting it, which caused failures with Camellia ciphersuites (or AES, on platforms that use T-tables). Instead poison it right after decrypting.
* Revert f16c3df4fc4edJack Lloyd2017-08-291-1/+1
| | | | Substantially more work required to get Sonar to report coverage
* Seems Sonar wants coverage infoJack Lloyd2017-08-291-1/+1
|
* For cross builds, build everything but test only a limited subsetJack Lloyd2017-08-291-6/+13
| | | | | | | | | Problem is running everything under qemu takes too long. But compiling everything will help catch some issues, and then we just restrict tests to those that complete quickly and/or are very important and/or excercise system specific code. Also add -j flag to make, got lost at some point.
* Avoid math on booleansJack Lloyd2017-08-291-3/+3
| | | | Sonar find
* Avoid catching by valueJack Lloyd2017-08-291-1/+1
| | | | Sonar find
* In OCSP::CertID don't crash if SHA-1 not availableJack Lloyd2017-08-291-1/+1
| | | | Caught with Sonar
* Avoid `throw new Exception`Jack Lloyd2017-08-291-1/+1
| | | | Caught by Sonar, once I managed to wade through the noise.
* Use Xenial ccache on TravisJack Lloyd2017-08-291-4/+4
| | | | | The Trusty ccache is too old and apparently ignores our ccache env variables.
* Drop CircleCIJack Lloyd2017-08-295-50/+0
| | | | | | | It wasn't buying us much (just replicating a subset of Travis) and after futzing with it for several hours yesterday trying to get it to run via the Python script and running into all kinds of dumb problems, I am officially not a fan.
* Rename (and fix) Sonar targetJack Lloyd2017-08-293-6/+6
|
* Rename Travis setup scriptJack Lloyd2017-08-291-0/+0
|
* Further fixes to ci build scriptJack Lloyd2017-08-293-58/+99
|
* OpenSSL module requires public key code be enabled in buildJack Lloyd2017-08-291-0/+4
|
* Skip PKCS11 tests if SoftHSM library isn't thereJack Lloyd2017-08-291-3/+7
|
* We've always been at war with shell scriptsJack Lloyd2017-08-298-415/+208
|
* CI build using Python script to orchestrateJack Lloyd2017-08-292-1/+259
| | | | Slightly incomplete