aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Add long (4+ block) AES KATsJack Lloyd2016-10-251-0/+10
| | | | We were not previously hitting the 4 way unrolled loop in AES-NI in tests
* Merge GH #682 Improve test name consistencyJack Lloyd2016-10-255-5/+5
|\
| * Pubkey tests should express category [ci skip]René Korthaus2016-10-245-5/+5
| |
* | Merge GH #683 Avoid SHA-1 use in ElGamal+ECKCDSA self testsJack Lloyd2016-10-252-2/+2
|\ \
| * | Fix hardcoded SHA-1 in eckcdsa consistency checkRené Korthaus2016-10-241-1/+1
| | |
| * | Fix hardcoded SHA-1 in elgamal consistency checkRené Korthaus2016-10-241-1/+1
| |/
* | Add TPM and PKCS #11 to coverage buildJack Lloyd2016-10-243-11/+29
| | | | | | | | | | | | | | SoftHSMv1 included in 14.04 is too old and many tests fail, so grabs prebuilt SoftHSMv2 binaries from www.randombit.net. This can change to use the packaged SoftHSM in 16.04, whenever Travis makes that available.
* | Remote unused macrosJack Lloyd2016-10-242-5/+1
| |
* | Initialize member variable in PKCS11_EC_PrivateKeyJack Lloyd2016-10-242-2/+2
|/ | | | | One of the constructors initialized the member, the others did not. Found by Coverity scanner.
* Limit locking_allocator only to OSes that even might support it.Jack Lloyd2016-10-241-0/+8
| | | | | | The pool allocator itself is portable code, but it doesn't do anything useful unless we have the ability to mlock/VirtualLock memory, which is OS specific.
* Remove unneeded includesJack Lloyd2016-10-242-2/+0
|
* Fixes for build without 25519Jack Lloyd2016-10-242-3/+6
|
* Merge GH #673 X25519 TLS key exchangeJack Lloyd2016-10-247-42/+112
|\
| * X25519 key exchange for TLSJack Lloyd2016-10-217-42/+112
| | | | | | | | | | Client interops with google.com, server not tested against an independent client yet.
* | Merge GH #675 Lucky13 countermeasuresJack Lloyd2016-10-242-0/+82
|\ \
| * | Final changes, now using the countermeasure from the Lucky 13 paper again ↵Juraj Somorovsky2016-10-231-36/+32
| | | | | | | | | | | | | | | | | | (or a countermeasure that is very similar to it). Timing differences in the test suite show at most 120 clock cycle difference (SHA-1/256/384).
| * | SHA384 countermeasure (not perfect, but makes the attack harder)Juraj Somorovsky2016-10-221-19/+27
| | |
| * | Lucky 13 patch for SHA-1 and SHA-256Juraj Somorovsky2016-10-162-0/+78
| | |
* | | Merge GH #679 Unify test namingJack Lloyd2016-10-244-5/+5
|\ \ \
| * | | Reunify registered test names [ci skip]René Korthaus2016-10-234-5/+5
| | | |
* | | | Merge GH #668: Remove Algo_Registry and associated global locksJack Lloyd2016-10-2495-1673/+1485
|\ \ \ \ | |/ / / |/| | |
| * | | ECIES ISO tests require SHA-1Jack Lloyd2016-10-211-1/+1
| | | |
| * | | Missing include, noticed by Clang on OS XJack Lloyd2016-10-211-0/+1
| | | |
| * | | Cleanup from rebaseJack Lloyd2016-10-211-5/+0
| | | |
| * | | Fix PSSRJack Lloyd2016-10-211-1/+1
| | | |
| * | | Remove unused functions from SCAN_NameJack Lloyd2016-10-212-39/+0
| | | |
| * | | Small cleanup in OpenSSL ECJack Lloyd2016-10-211-12/+13
| | | |
| * | | Remove alias logic from SCAN_NameJack Lloyd2016-10-2112-182/+168
| | | | | | | | | | | | | | | | | | | | | | | | This required taking a global lock and doing a map lookup each time an algorithm was requested (and so many times during a TLS handshake).
| * | | Remove Algo_RegistryJack Lloyd2016-10-2192-1551/+1419
| | |/ | |/| | | | | | | | | | | | | | | | I repent my use of global constructors. I repent my use of global locks. Hopefully I will never touch this code again. :)
* | | Fix invalid UTF-8 char in API doc [ci skip]René Korthaus2016-10-221-1/+1
| | | | | | | | | | | | | | | | | | An invalid UTF-8 character prevented Latex from generating a PDF document from the doxygen-generated Latex API docs via make pdf.
* | | Initialize member variable (Coverity find)Jack Lloyd2016-10-221-1/+1
| | |
* | | Fix handling of file descriptor zeroJack Lloyd2016-10-221-13/+11
| | | | | | | | | | | | | | | If opening /dev/*random resulted in fd 0, we would both not use that RNG and leak the file descriptor. Found with Coverity.
* | | Address some Coverity warningsJack Lloyd2016-10-223-9/+9
| | | | | | | | | | | | Nothing exciting.
* | | GH #674 Check Doxygen and Sphinx builds as part of CIJack Lloyd2016-10-225-8/+29
|\ \ \
| * | | Build the docs during CIJack Lloyd2016-10-225-8/+29
| |/ / | | | | | | | | | Fix various doc building problems/warnings.
* / / Use correct macro for ECC in create_private_keyJack Lloyd2016-10-221-1/+1
|/ /
* | Allow setting the validation time during PKIX path validationJack Lloyd2016-10-213-19/+34
| | | | | | | | | | | | | | Previously validation asked the system clock which is not always the correct thing (for example when using Roughtime protocol). Had been on the todo list forever, forced into it by some of the test certs expiring today.
* | Add create_private_key, expose key loading functions in pk_algs.hJack Lloyd2016-10-209-153/+236
| |
* | Tighten up TLS server handshake logic.Jack Lloyd2016-10-201-20/+15
| | | | | | | | | | | | | | | | | | Previously client was allowed to omit the Certificate message, a leftover from supporting SSLv3. In all versions of TLS, an empty message must be sent if the client does not want to use a cert. No known security impact, but nothing we need to allow anymore. Clean up the handshake switch a bit by using return statements.
* | cli: Add dl_group_info cmdletJack Lloyd2016-10-201-0/+24
| |
* | Merge GH #669 Add SHA-3, SHAKE-128, and BoringSSL-mode NewHopeJack Lloyd2016-10-2020-215/+5161
|\ \
| * | Update policy files for SHA-3Jack Lloyd2016-10-192-1/+3
| | | | | | | | | | | | BSI drops Keccak in favor of SHA-3. Modern adds SHA-3 and SHAKE-128.
| * | Add SHAKE-128 as stream cipherJack Lloyd2016-10-199-106/+3619
| | | | | | | | | | | | | | | Updates NewHope to use that instead of the hard-coded SHAKE-128, and adds toggle for BoringSSL compat mode using AES-128/CTR + SHA-256.
| * | Add proper SHA-3Jack Lloyd2016-10-1912-120/+1551
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Kind of a copy and paste of Keccak, but only a single copy of the permutation at least. Keccak depends on SHA-3 instead of the reverse, so that SHA-3 can be enabled without also bringing in an unapproved hash function. Updates newhope code and removes API function newhope_hash which was an unofficial SHA-3-256.
* | | Merge GH #671 Allow eme_raw in BSI modeJack Lloyd2016-10-201-1/+0
|\ \ \
| * | | we do the padding ourself so eme_raw is fineDaniel Neus2016-10-201-1/+0
| |/ / | | | | | | | | | So it shouldn't be prohibited in the module policy
* | | Reorganize anon namespace code to fix last doxygen warn [ci skip]René Korthaus2016-10-201-8/+8
| | |
* | | Predefine some variables for doxygen [ci skip]René Korthaus2016-10-201-1/+8
| | |
* | | Remove obsolete doxygen tag [ci skip]René Korthaus2016-10-191-1/+0
| | |
* | | Fix doxygen warnings [ci skip]René Korthaus2016-10-1939-58/+101
| | |