| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The LLVM apt mirror was removed due to excessive load, preventing
us from installing a new enough Clang for our needs. However CircleCI
also supports Ubuntu 14.04 images, instead of the Ubuntu 12 we were
on. The new version has GCC 4.8 and Clang 3.4 as the base install.
Removes UBSan from the CircleCI sanitizer build, since that requires
at least GCC 4.9
GH #498
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
Adds support for probabilistic, aka the standard, DSA and ECDSA.
Can be enabled by disabling the rfc6979 module.
Includes test vectors from NIST CAVP.
Adds rfc6979 to the list of prohibited modules in BSI policy.
|
| | |
|
| |
| |
| |
| | |
Using a struct here seems cleaner
|
| |
| |
| |
| | |
The 'clean' target left dangling symlinks because undefined variables were used in Makefile.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I have no idea why this is requiring the country code be set, but for
many applications a country is not even meaningful. This change also
allows CN to be empty/unset on the request or cert, since there is no
actual requirement for any specific DN entry type and RFC 5280
specifically allows even an completely empty DN, with name information
only in the subjectAltName extension.
This change also allows generating a self-signed cert or cert request
that expires before it starts. That could only happen with an explicit
decision by the application to set it that way, and there is no harm
in returning these non-secret bits. They will probably notice their
problem as soon as the cert is rejected by any receiving system.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
GCM is defined as having a 32-bit counter, but CTR_BE incremented the
counter across the entire block. This caused incorrect results if
a very large message (2**39 bits) was processed, or if the GHASH
derived nonce ended up having a counter field near to 2**32
Thanks to Juraj Somorovsky for the bug report and repro.
|
| | |
|
| | |
|
|\ \
| |/
|/| |
|
| |
| |
| |
| | |
warnings.
|
| |
| |
| |
| | |
compiler warnings
|
| |
| |
| |
| |
| |
| | |
Move disabling C4250 and C4251 to cmd line instead of header pragma.
This means these warnings will show up in application code. But disabling
warnings inside a library header is probably not good form.
|
| |
| |
| |
| | |
Now allows up to 60 minute builds, so build normally.
|
| | |
|
| | |
|
|/ |
|
|\
| |
| |
| |
| |
| |
| | |
validation
Previously an unknown extension would be rejected during parsing, which
prevents examining such a cert at all
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously unknown critical extensions were rejected during
X509_Certificate constructor, which inhibited inspecting other
parts of such a certificate. Refactored the certificate extensions
code so that the path validation routine performs this check only.
Additionally, added an interface for extensions to inspect the path
during path validation. TODOs were added in places where existing path
validation code can use the new interface.
Fixes GH #449.
|
| |
| |
| |
| |
| |
| | |
Only affects decoding of session ticket lifetimes.
GH #478
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
With sufficient squinting, Transform provided an abstract base
interface that covered both cipher modes and compression algorithms.
However it mapped on neither of them particularly well. In addition
this API had the same problem that has made me dislike the Pipe/Filter
API: given a Transform&, what does it do when you put bits in? Maybe
it encrypts. Maybe it compresses. It's a floor wax and a dessert topping!
Currently the Cipher_Mode interface is left mostly unchanged, with the
APIs previously on Transform just moved down the type hierarchy. I
think there are some definite improvements possible here, wrt handling
of in-place encryption, but left for a later commit.
The compression API is split into two types, Compression_Algorithm and
Decompression_Algorithm. Compression_Algorithm's start() call takes
the compression level, allowing varying compressions with a single
object. And flushing the compression state is moved to a bool param on
`Compression_Algorithm::update`. All the nonsense WRT compression
algorithms having zero length nonces, input granularity rules, etc
as a result of using the Transform interface goes away.
|
|\ \ \ |
|
| |/ / |
|
| | | |
|
|/ / |
|
| |
| |
| |
| |
| |
| | |
manifesting as broken sockets.
Leave the client socket open until the alert has been sent.
|
| |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL sends an empty record before each new data record in TLS v1.0
to randomize the IV, as a countermeasure to the BEAST attack. Most
implementations use 1/(n-1) splitting for this instead.
Bug introduced with the const time changes in 1.11.23
|
| |
| |
| |
| | |
Fix exception message
|
|\ \
| | |
| | |
| | |
| | |
| | | |
Resolves problems with shared lib on OS X caused by incorrect dylib naming
Fixes GH #467
|
| |/ |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Cast std::streamsize to size_t since MSVC is worried gcount() might
return a negative number.
The entropy callbacks took the entropy estimate as a size_t instead of
a double, which causes some verbose warnings due to the conversion.
|
|\ \
| | |
| | |
| | | |
Fixes GH #461
|
| | | |
|
| |/ |
|
|/
|
|
| |
GH #451
|
| |
|
| |
|
| |
|
| |
|