aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Add AES key wrap with paddingJack Lloyd2017-11-1910-75/+1005
|
* Avoid OCSPing on the Let's Encrypt CA certJack Lloyd2017-11-191-6/+2
| | | | | | Their issuing CA seems to have some performance problems with OCSP (https://github.com/letsencrypt/boulder/issues/1929) and it's currently causing timeouts in the tests.
* Constify variables in AES-NI codeJack Lloyd2017-11-181-104/+104
|
* Add a function for checking if poly_double_n supports a particular sizeJack Lloyd2017-11-183-6/+10
|
* Allow parsing and printing certificates with unknown public key algosJack Lloyd2017-11-182-6/+31
|
* Add timings for RFC 3394 keywrapJack Lloyd2017-11-181-0/+40
|
* Add feature macro for Sqlite3 being enabled in buildJack Lloyd2017-11-181-0/+3
|
* Prefix execution of install.py with Python binaryJack Lloyd2017-11-163-2/+4
| | | | | | | Fixes GH #1297 This is done even on GNU make builds, since the same issue affects MinGW
* Fix encoding of subject key identifierJack Lloyd2017-11-165-23/+27
| | | | | | Changed in #884 - we were copying the entire public key as the public key id. Instead hash it with whatever hash we are using to sign the certificate.
* Optimize TwofishJack Lloyd2017-11-162-94/+158
| | | | | Interleaving two blocks is 40-50% faster for any mode that supports parallel operation.
* Fix path to cert test dataJack Lloyd2017-11-161-1/+1
|
* Merge GH #1296 Allow using secure_allocator with std::string under VC2013Jack Lloyd2017-11-161-5/+21
|\
| * Fix secure_allocator with std::string on VS2013Daniel Neus2017-11-161-5/+21
| | | | | | | | Closes #1295
* | Fix Python testsJack Lloyd2017-11-161-1/+1
| |
* | Move all the various X509 test data files under src/tests/data/x509Jack Lloyd2017-11-16659-41/+41
|/
* Fix a memory leak in the case where certificate extension decoding fails.Jack Lloyd2017-11-162-30/+33
| | | | | | Introduced in #884 Found by OSS-Fuzz (bug 4249)
* Correct CAST-128 decryption with more than 1 blockJack Lloyd2017-11-162-32/+36
|
* Optimizations for CAST-128Jack Lloyd2017-11-161-45/+135
| | | | | Similarly to Blowfish, 2x unrolling produces a 50-60% perf boost due to increased ILP.
* Optimize BlowfishJack Lloyd2017-11-161-41/+82
| | | | | | | Doing two blocks at a time exposes more ILP and substantially improves performance. Idea from http://jultika.oulu.fi/files/nbnfioulu-201305311409.pdf
* Update ASN.1 fuzzerJack Lloyd2017-11-152-12/+12
|
* Correct handling of nested context specificJack Lloyd2017-11-151-4/+3
|
* Move ASN1 printer to the libraryJack Lloyd2017-11-155-382/+418
|
* Encapsulate ASN1 printer logic in a classJack Lloyd2017-11-151-133/+163
|
* Increase the size of an ASN.1 tag enum to 32-bitsJack Lloyd2017-11-151-1/+1
| | | | Fixes GH #751
* Merge GH #884 Refactor X.509 cert/CRL internalsJack Lloyd2017-11-1534-999/+1630
|\
| * Remove debug abort [ci skip]Jack Lloyd2017-11-141-1/+0
| |
| * Consolidate function for testing for ASN.1 string typesJack Lloyd2017-11-144-34/+25
| |
| * Check for keyCertSign on non-CA certificates during validationJack Lloyd2017-11-141-0/+14
| | | | | | | | GH #1089
| * Catch exceptions in NIST validation testsJack Lloyd2017-11-141-33/+41
| |
| * Fix PKCS10 subject alt name usageJack Lloyd2017-11-145-7/+31
| | | | | | | | GH #1010
| * Add a test for GH #1252Jack Lloyd2017-11-144-1/+61
| |
| * Small cleanups in X509 testsJack Lloyd2017-11-141-22/+41
| |
| * Avoid deprecated functions in FFIJack Lloyd2017-11-141-3/+3
| |
| * Use new APIs in path validation and name constraint handlingJack Lloyd2017-11-142-6/+14
| |
| * Store CRL_Entry data in shared_ptrJack Lloyd2017-11-142-41/+81
| |
| * Store X509_CRL data in shared_ptrJack Lloyd2017-11-142-69/+102
| |
| * Store PKCS10 request data in structureJack Lloyd2017-11-142-65/+85
| |
| * Refactor certificate extension handlingJack Lloyd2017-11-142-274/+441
| |
| * Store all data of an X509 certificate in a shared_ptr data struct.Jack Lloyd2017-11-144-364/+567
| |
| * Use new Decoding_Error constructorJack Lloyd2017-11-141-4/+2
| |
| * Require SHA-2 for X.509 moduleJack Lloyd2017-11-141-0/+1
| | | | | | | | The certstore interface assumes it and it's probably not unreasonable...
| * In X509_CA save the hash function usedJack Lloyd2017-11-142-2/+11
| |
| * Move X509_DN and AlternativeName from asn1 to x509Jack Lloyd2017-11-148-81/+118
| |
* | Remove SIMD perf test from speedJack Lloyd2017-11-151-116/+0
|/ | | | As written it is very bogus and produces wildly incorrect results.
* Fix seek test with OpenSSL RC4Jack Lloyd2017-11-141-1/+1
|
* Support seeking in Salsa20Jack Lloyd2017-11-148-9/+61
| | | | Add a test that StreamCipher::seek throws if not keyed.
* Add OIDS::oid2str and str2oidJack Lloyd2017-11-141-0/+10
| | | | Using the name "lookup" for both directions is confusing.
* Add a second constructor to Decoding_Error which takes an exception string.Jack Lloyd2017-11-142-0/+5
|
* Add <functional> include to TLS headers which use std::functionJack Lloyd2017-11-142-0/+2
|
* Compile fixJack Lloyd2017-11-141-2/+2
|