Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Move decl of blinding bits into the source file | Jack Lloyd | 2019-07-27 | 2 | -2/+6 |
| | | | | Only used in this one place. | ||||
* | Darwin, monitoring anonymous locked pages via vm_stat tool. | David Carlier | 2019-07-27 | 1 | -1/+9 |
| | | | | | Userland applications are allowed taking ID from 240->255. The ID can be made dynamic later on if wished. | ||||
* | Fix "OSCP" typo in OCSP code. | Jack Lloyd | 2019-07-23 | 4 | -9/+13 |
| | | | | GH #2048 | ||||
* | Fix tls_proxy and use =default for policy options | Jack Lloyd | 2019-07-22 | 4 | -5/+5 |
| | |||||
* | In CLI support setting TLS policy to any known type | Jack Lloyd | 2019-07-22 | 6 | -128/+109 |
| | | | | | Previously you could only do either a file or the default policy, and tls_proxy was hardcoded to only do the default policy. | ||||
* | Merge GH #2042 Optimize DTLS MTU splitting | Jack Lloyd | 2019-07-20 | 2 | -25/+30 |
|\ | |||||
| * | Split more carefully to exactly MTU in DTLS handshake fragmentation. | Jack Lloyd | 2019-07-18 | 2 | -25/+30 |
| | | |||||
* | | Remove duplicated test, add XChaCha20Poly1305 test from i-d | Jack Lloyd | 2019-07-20 | 1 | -6/+8 |
| | | |||||
* | | Indent conditional includes | Jack Lloyd | 2019-07-19 | 1 | -13/+13 |
| | | | | | | | | | | | | This broke the amalgamation on iOS GH #2045 | ||||
* | | Support MAP_ANON | Jack Lloyd | 2019-07-19 | 1 | -1/+6 |
| | | | | | | | | | | | | Got lost in the mmap->posix_memalign->mmap rewrite sequence. GH #2045 | ||||
* | | Support disable thread_local but not threads | Jack Lloyd | 2019-07-19 | 21 | -5/+28 |
|/ | | | | Needed for old iOS and maybe other things GH #2045 | ||||
* | Only use getauxval replacement on ARMv7 | Jack Lloyd | 2019-07-15 | 1 | -9/+12 |
| | | | | | | | Since this code only works on 32-bit systems due to casts to 32-bit ELF specific types. The code should be completely unnecessary on Aarch64 since the oldest supported Android API version for 64-bit supports getauxval, but it is possible someone not knowing that might disable use of native getauxval for a 64-bit build. | ||||
* | Restructure OS::get_cpu_xxx functions a bit | Jack Lloyd | 2019-07-15 | 1 | -19/+15 |
| | | | | | In particular if sysconf fails, fall back to std::thread if that is available instead of falling back to return 1 right away. | ||||
* | Add support for OS-specific feature macros | Jack Lloyd | 2019-07-15 | 7 | -5/+18 |
| | | | | | | We already needed this but didn't have a first class notion for it. GH #2028 | ||||
* | Merge GH #2029 Support a DTLS client reconnecting from same source port | Jack Lloyd | 2019-07-14 | 15 | -57/+423 |
|\ | |||||
| * | Bump ABI version | Jack Lloyd | 2019-07-13 | 1 | -1/+1 |
| | | | | | | | | Channel changed size | ||||
| * | Fix DTLS reconnection | Jack Lloyd | 2019-07-13 | 13 | -56/+187 |
| | | |||||
| * | Add test case for DTLS reconnection from same client port | Jack Lloyd | 2019-07-13 | 1 | -0/+235 |
| | | |||||
* | | Update of docker android build. | David Carlier | 2019-07-14 | 2 | -7/+8 |
|/ | | | | Using direct image with more modern NDK. | ||||
* | Improve error messages when reporting TLS state transition violations | Jack Lloyd | 2019-07-13 | 2 | -22/+34 |
| | |||||
* | Don't block forever in cli tests if something goes wrong | Jack Lloyd | 2019-07-13 | 1 | -3/+13 |
| | | | | Or at least, not on Python3 which actually supports timeouts | ||||
* | Ignore the record version on alert messages. | Jack Lloyd | 2019-07-12 | 1 | -18/+21 |
| | | | | | | It is always better to report the alert value than reject it due to unexpected record version. In particular OpenSSL 1.1.1 sends an alert with a version we don't expect when the v1.3 downgrade indicator fires. | ||||
* | Add TLS v1.3 downgrade indicator | Jack Lloyd | 2019-07-12 | 5 | -3/+48 |
| | |||||
* | Remove tab chars | Jack Lloyd | 2019-07-10 | 7 | -30/+28 |
| | | | | Death to \t | ||||
* | Avoid needless allocation during GMAC finalization | Jack Lloyd | 2019-07-10 | 1 | -2/+2 |
| | |||||
* | Set C++11 flags for PGI | Jack Lloyd | 2019-07-10 | 1 | -0/+2 |
| | |||||
* | Fix Coverity issue | Jack Lloyd | 2019-07-10 | 1 | -3/+1 |
| | | | | I think this is a false positive but whatever | ||||
* | Fix shellcheck warning | Jack Lloyd | 2019-07-08 | 1 | -1/+1 |
| | |||||
* | Remove another malloc+free per GCM message overhead | Jack Lloyd | 2019-07-05 | 1 | -3/+4 |
| | |||||
* | Report parallism for AES when hardware is available | Jack Lloyd | 2019-07-05 | 1 | -0/+14 |
| | |||||
* | Avoid pointless write | Jack Lloyd | 2019-07-05 | 1 | -1/+1 |
| | | | | The last 4 bytes are always overwritten in this loop. | ||||
* | Avoid allocations during GCM message processing | Jack Lloyd | 2019-07-05 | 4 | -23/+41 |
| | | | | | On Skylake with 1024 byte buffer brings perf from 2.69 cpb to 2.2 cpb. And over 50% improvement for small messages. | ||||
* | Merge GH #2022 Support 64-bit RDRAND on x86-64 | Jack Lloyd | 2019-07-05 | 1 | -3/+47 |
|\ | |||||
| * | Use 64-bit RDRAND on x86-64 | Jack Lloyd | 2019-07-05 | 1 | -3/+47 |
| | | | | | | | | | | | | | | | | This doubles RDRAND performance on 64-bit systems. Based on a patch from Jeffrey Walton in #934 Closes #934 | ||||
* | | Merge GH #2023 Avoid needless allocation in OctetString default constructor | Jack Lloyd | 2019-07-05 | 1 | -2/+5 |
|\ \ | |||||
| * | | Skip allocation if OctetString is constructed with empty string. | Tom | 2019-07-05 | 1 | -2/+5 |
| |/ | |||||
* | | Fix LGTM warning | Jack Lloyd | 2019-07-05 | 1 | -4/+2 |
| | | |||||
* | | Disable noisy LGTM rule | Jack Lloyd | 2019-07-05 | 1 | -1/+0 |
|/ | | | | It doesn't interact well with SIMD instrinsics | ||||
* | Merge GH #2021 TLS record layer cleanups | Jack Lloyd | 2019-07-05 | 4 | -196/+173 |
|\ | |||||
| * | Avoid &v[v.size()] | Jack Lloyd | 2019-07-05 | 1 | -2/+2 |
| | | | | | | | | GCC 8 is ok with this but GCC 5's iterator checks don't like it. | ||||
| * | Small cleanup | Jack Lloyd | 2019-07-05 | 1 | -12/+4 |
| | | |||||
| * | Return the record metadata in a struct | Jack Lloyd | 2019-07-05 | 4 | -122/+135 |
| | | | | | | | | | | | | | | Avoids passing pointers down the call stack. Also add a second buffer to hold the record plaintext, which avoids an extra alloc+free per record. | ||||
| * | Remove Record_Raw_Input | Jack Lloyd | 2019-07-04 | 3 | -43/+30 |
| | | |||||
| * | Remove Record_Message struct | Jack Lloyd | 2019-07-04 | 3 | -40/+25 |
| | | |||||
* | | Merge GH #2020 Remove BearSSL provider | Jack Lloyd | 2019-07-05 | 8 | -445/+2 |
|\ \ | |||||
| * | | Remove BearSSL provider | Jack Lloyd | 2019-07-05 | 8 | -445/+2 |
| | | | | | | | | | | | | | | | | | | BearSSL is much slower than Botan's builtins, and it is not commonly included in distributions so doesn't even have the advantage of ubiquity. | ||||
* | | | Enable more LGTM alerts | Jack Lloyd | 2019-07-05 | 1 | -0/+23 |
|/ / | | | | | | | GH #2012 | ||||
* / | tls cli sandbox freebsd update. | David Carlier | 2019-07-05 | 1 | -0/+28 |
|/ | | | | | Expanding on capsicum usage limiting those file descriptors to what they re supposed to do. | ||||
* | Merge GH #2017 Add Android build to Travis CI | Jack Lloyd | 2019-07-04 | 6 | -4/+63 |
|\ | |||||
| * | Fix include for getentropy | Jack Lloyd | 2019-07-04 | 2 | -4/+5 |
| | | | | | | | | Everyone but BSDs puts it in sys/random.h |