aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Namespace AEAD header guardslloyd2013-07-013-6/+6
|
* Check for overflow when decoding OIDslloyd2013-06-271-0/+5
|
* Change same_mem to use XORs instead of equality operators.lloyd2013-06-131-3/+3
| | | | | | Potentially less prone to optimizer trickery wrt early exits, especially as it encourages a SIMD approach which modern compilers tend to prefer if they think they can get away with it.
* Add missing headerlloyd2013-06-111-0/+47
|
* Fix includelloyd2013-06-051-1/+1
|
* Move cryptobox/raw_key.cpp to new module cryptobox_psk which allows itlloyd2013-06-055-25/+12
| | | | | | to be used in TLS without requiring pulling in CTR, Serpent, PBKDF2 and other code required by password-based cryptobox but not needed for TLS session encryption.
* Have TLS::Ciphersuite::valid check that all algorithms are available,lloyd2013-06-042-21/+84
| | | | | | | | | | | | | which allows us to remove a number of algorithms as hard dependencies and instead simply allow their use if they are included in the build. Currently all key exchange algorithms (RSA, DH, ECDH, SRP) remain as hard dependencies as msg_{client,server}_key.cpp directly manipulate those types. While theoretically optional, MD5, SHA-1, SHA-2, and SSL3-MAC remain hard dependencies as their availability affects protocol support as well as ciphersuites, though in principle being able to disable MD5/SHA-1 and requiring v1.2 or higher would be useful.
* Avoid SIGFPE if no providers during benchmarklloyd2013-05-301-4/+8
|
* Avoid unnecessary allocations during GCM multiply, 20-30% speeduplloyd2013-05-301-15/+12
|
* Remove mutation from GCM multiply looplloyd2013-05-301-4/+2
|
* Add Channel::send_warning_alert and send_fatal_alertlloyd2013-05-304-8/+18
|
* Fix Windows and static-only makefileslloyd2013-04-232-6/+4
|
* Change TLS::Ciphersuite constructor to be non-inline and to takelloyd2013-04-192-17/+37
| | | | | arguments by const char*. Reduces size of tls_suite_info.o by 80% on Linux with GCC 4.8
* Add missing dependencieslloyd2013-04-191-0/+2
|
* Avoid warninglloyd2013-04-191-2/+2
|
* Compile fixlloyd2013-04-191-1/+1
|
* Add a constant to make it more obvious that the clock pollinglloyd2013-04-192-9/+11
| | | | is not considered as contributing entropy to a rng poll.
* Some small TLS doc updateslloyd2013-04-191-0/+2
|
* Avoid using representable value for internal null alertlloyd2013-04-192-14/+7
|
* Rename ARC4 to RC4lloyd2013-04-1912-63/+63
|
* Add more generalized runtime performance test, can check AEAD modeslloyd2013-04-172-135/+109
| | | | and for block ciphers will time both encrypt and decrypt.
* Always include modules requiring ISA extensions as long as thelloyd2013-04-1714-85/+94
| | | | | | | | | | | compiler and target platform might support it. For instance the AES SSSE3 code is now always in any x86 build, with just that specific file being compiled with -mssse3. Since we'll only call that code if cpuid confirms it works at runtime, we don't have portability issues, and it can be safely included in generic builds (eg for distributions). Tweak how machine specific compiler flags are generated to be a bit easier to maintain.
* Rewrite the TLS padding comparison to be constant timelloyd2013-04-161-6/+6
|
* Add a policy for Suite B 128-bitlloyd2013-04-122-12/+33
|
* Remove old/broken/highly incomplete CMS codelloyd2013-04-129-1337/+0
|
* Kill workaround for GCC 3.xlloyd2013-04-121-4/+0
|
* Avoid null pointer deref if key was not set in AESlloyd2013-04-121-0/+4
|
* Move zero as null pointer warning to maintainer mode flagslloyd2013-04-121-2/+2
|
* Add datestamp to autogenerated tls_suite_info.cpplloyd2013-04-122-16/+13
|
* Fix Ciphersuite::to_string when using non-GCM AEAD modeslloyd2013-04-121-2/+2
|
* Update link to CFRG OCB draftlloyd2013-04-111-1/+1
|
* Add support for AEAD modes in TLS. Add GCM ciphersuites.lloyd2013-04-115-10/+240
|
* In Channel, pre-size the IO buffers to 16K to avoid excess allocations.lloyd2013-04-111-0/+7
| | | | Translate Integrity_Failure exceptions to bad_record_mac
* GCM garbled nonces after one messagelloyd2013-04-112-4/+4
|
* Only negotiate an AEAD mode when using 1.2lloyd2013-04-113-0/+12
|
* Mark Channel IO buffers for zeroinglloyd2013-04-103-7/+7
|
* Make the IV length and MAC keylength explicit in the ciphersuitelloyd2013-04-107-128/+164
| | | | Add support for alternate PRFs
* Make ciphersuite_list a virtual member of TLS::Policylloyd2013-04-104-21/+20
| | | | so it can be overridden by applications.
* Add erase_chars and replace_charslloyd2013-04-102-7/+47
|
* Avoid crash in get_aead if handed a string with no slasheslloyd2013-04-101-0/+3
|
* Add AEAD_Mode::output_lengthlloyd2013-04-104-0/+34
|
* Add a param to Connection_Cipher_State so it knows which directionlloyd2013-04-103-1/+5
| | | | processing is happening.
* Lost get_aead decl in revertlloyd2013-04-101-0/+5
|
* Revert part of 5be6e329324fc8263de56167091754e27305917b,lloyd2013-04-108-14/+15
| | | | | | | AEAD_Mode::start now returns a value again. While not useful for any current modes it allows future flexibility of presenting protoocol-level concepts (eg, OpenPGP encryption) using the AEAD interface.
* Change the default PKCS #8 PBKDF runtime from 200 to 300 milliseconds.lloyd2013-04-044-5/+6
| | | | | | | Round PBKDF1 and PBKDF2 time-based iterations to multiples of 10000 instead of 8192. Update the password hashing docs a bit.
* Make SHA-256 the default instead of SHA-1 in passhash9 - it's beenlloyd2013-04-042-4/+16
| | | | | | | | supported since 1.8.10, so shouldn't be any problems there. Add support for SHA-384 and SHA-512. Check for work factors over 512 and reject for now as too large.
* Remove return value of AEAD_Mode::start as it doesn't seem necessarylloyd2013-04-0312-42/+89
| | | | | | | and is an extra complication for callers. Replace the get_aead in lookup.h returning a Filter with one in aead.h returning AEAD_Mode.
* Add an offset to ignore at the start of the buffer in AEAD processinglloyd2013-03-287-67/+117
| | | | | | which makes more complicated packet building easier to do in-place. For instance now update can take a buffer that contains a header and be told to ignore the header.
* Have tls_suite_info.py generate the entire source filelloyd2013-03-282-6/+37
| | | | | | | instead of just the switch. Next step should be having it be run by configure at build time and a copy of the the params included in build-data
* Add nonce length checks to EAX and GCMlloyd2013-03-282-0/+6
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 19:26:03 +0000