aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* wget it ourselves, and include the hash of the file in the outputlloyd2013-11-282-24/+57
|
* Fix file rename in info.txt and add a check for this in configurelloyd2013-11-281-1/+1
|
* TLS in-memory session manager now requires a rng object as alloyd2013-11-282-5/+7
| | | | | constructor argument, previously it used the global rng which caused a serialization point across server threads.
* Add a simple HTTP 1.0 GET using asio (for CRLs and OCSP)lloyd2013-11-275-1/+137
|
* Include Perl's build flags. Bug 254lloyd2013-11-231-1/+1
|
* merge of '68c716734951de7d2d263d5ed5162e963d6c32be'lloyd2013-11-205-55/+14
|\ | | | | | | and '714a603d145c840eec1464ea31d0d07c2bf640fa'
| * Compile fixes for Python wrapperlloyd2013-11-205-55/+14
| |
* | Only service small allocations out of the mlock poollloyd2013-11-202-2/+5
| |
* | Add a basic DTLS policylloyd2013-11-201-0/+13
| |
* | Fix old style cast warningslloyd2013-11-201-30/+30
|/
* Add HKDFlloyd2013-11-173-0/+114
|
* Fix get_cipher_mode for OCB and GCM with short tagslloyd2013-11-171-2/+2
|
* Inline kdf.cpp as all are simple forwarding callslloyd2013-11-172-62/+24
|
* Enable all the GCC warning flags, as we now require at least GCC 4.7 anywaylloyd2013-11-165-8/+6
| | | | Fix a few nullptr and cast warnings.
* Add includes needed by OS Xlloyd2013-11-121-0/+2
|
* Split off Unix_EntropySource's fast_poll to a new sourcelloyd2013-11-103-25/+14
|
* Return a valuelloyd2013-11-091-1/+1
|
* Add to build.h templatelloyd2013-11-091-0/+7
|
* Remove decl of already removed functionlloyd2013-11-091-6/+0
|
* Move RNG reseed controls to build.hlloyd2013-11-091-9/+9
|
* Uninitialized pointerlloyd2013-11-091-1/+2
|
* In HMAC_RNG record number of bytes since last poll and reseed based onlloyd2013-11-092-17/+26
| | | | that rather than the counter.
* Include a timestamp as part of the HMAC_RNG PRF inputslloyd2013-11-091-0/+6
|
* Don't actually deprecate AutoSeeded_RNGlloyd2013-11-091-1/+0
|
* Fix EGD settings. Some cleanup and renaming.lloyd2013-11-096-49/+46
|
* Make the process running entropy source much faster by running multiple commandslloyd2013-11-099-556/+429
| | | | | | | in parallel. On my laptop, a reseed using only process running takes .22 s wall clock in trunk and .06 s with this change - and that's after increasing the amount we read by 5 times (by reducing the entropy estimate per byte from .005 bits to 1/1024 bits).
* Use a page size buffer as we are reading from a pipelloyd2013-11-081-1/+1
|
* At least 128 bits, not at most 128lloyd2013-11-081-1/+1
|
* Previously, AutoRNG was just a reference to the global rng, which canlloyd2013-11-0815-563/+210
| | | | | | | | | | | cause a huge amount of lock contention in heavily multithreaded code. Now each AutoRNG is its own uniquely seeded HMAC_RNG. The set of entropy sources is shared rather than being per-RNG (so there is only one open fd to /dev/random, etc). So reseeding is still a global lock, but sharing the resources (open file descriptors, etc) across RNGs seems worth the contention. Remove Randpool, which was only used if HMAC_RNG was disabled at build.
* merge of '5e53891d2c77f27a22d07ed26923745f9a5f3336'lloyd2013-11-081-2/+2
|\ | | | | | | and 'a895552efd212665d83064e9517976ef63f41368'
| * Use BS constant where possiblelloyd2013-11-071-2/+2
| |
* | Use overridelloyd2013-11-081-1/+1
| |
* | Simplify device opening, and avoid leaking a file descriptor if it waslloyd2013-11-081-18/+14
| | | | | | | | | | | | too large to fit in an fd_set. Read at least 128 bits even if the poll is asking for less.
* | Add more possible clock typeslloyd2013-11-081-0/+12
| |
* | Avoid static const in GCM as welllloyd2013-11-071-1/+1
|/
* Work around a strange bug where Clang won't find CCM_Mode::BS unlesslloyd2013-11-071-1/+1
| | | | it is non-static.
* Poll all randomness devices instead of breaking out earlylloyd2013-11-062-85/+38
|
* Split TLS callbacks into a data callback and an alert callback.lloyd2013-11-058-37/+61
| | | | | In practice applications treated these two cases completely differently, so there was no reason to combine them into a single callback.
* Remove duplicate definition of Serpent sboxeslloyd2013-11-024-628/+443
|
* Fix encoding error in ECC groups using OID method. Reported by andlloyd2013-10-301-1/+1
| | | | patch from fxdupont on github.
* Fix padding error in CBC encryption if offset != 0lloyd2013-10-121-3/+2
|
* Simplify AD processing in non-AEAD caselloyd2013-09-081-22/+12
|
* Add Brainpool curves to TLS, and prefer them by default.lloyd2013-09-082-0/+15
| | | | Remove 224-bit NIST curve from default parameter list.
* Remove Record structlloyd2013-09-075-196/+120
|
* Don't pass Record struct to handshake parserlloyd2013-09-063-14/+22
|
* Enable CCM ciphersuites in TLS. Disable SHA-1 for signatures in TLS v1.2lloyd2013-09-062-5/+57
|
* Correct Ciphersuite::valid and to_string for CCMlloyd2013-09-051-1/+11
|
* Support CCM-8 ciphersuiteslloyd2013-09-051-6/+14
|
* Enable CCM mode in TLS suite_info generatorlloyd2013-09-051-4/+23
|
* Add CCM modelloyd2013-09-055-20/+445
|