aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Move decl of blinding bits into the source fileJack Lloyd2019-07-272-2/+6
| | | | Only used in this one place.
* Darwin, monitoring anonymous locked pages via vm_stat tool.David Carlier2019-07-271-1/+9
| | | | | Userland applications are allowed taking ID from 240->255. The ID can be made dynamic later on if wished.
* Fix "OSCP" typo in OCSP code.Jack Lloyd2019-07-234-9/+13
| | | | GH #2048
* Fix tls_proxy and use =default for policy optionsJack Lloyd2019-07-224-5/+5
|
* In CLI support setting TLS policy to any known typeJack Lloyd2019-07-226-128/+109
| | | | | Previously you could only do either a file or the default policy, and tls_proxy was hardcoded to only do the default policy.
* Merge GH #2042 Optimize DTLS MTU splittingJack Lloyd2019-07-202-25/+30
|\
| * Split more carefully to exactly MTU in DTLS handshake fragmentation.Jack Lloyd2019-07-182-25/+30
| |
* | Remove duplicated test, add XChaCha20Poly1305 test from i-dJack Lloyd2019-07-201-6/+8
| |
* | Indent conditional includesJack Lloyd2019-07-191-13/+13
| | | | | | | | | | | | This broke the amalgamation on iOS GH #2045
* | Support MAP_ANONJack Lloyd2019-07-191-1/+6
| | | | | | | | | | | | Got lost in the mmap->posix_memalign->mmap rewrite sequence. GH #2045
* | Support disable thread_local but not threadsJack Lloyd2019-07-1921-5/+28
|/ | | | Needed for old iOS and maybe other things GH #2045
* Only use getauxval replacement on ARMv7Jack Lloyd2019-07-151-9/+12
| | | | | | | Since this code only works on 32-bit systems due to casts to 32-bit ELF specific types. The code should be completely unnecessary on Aarch64 since the oldest supported Android API version for 64-bit supports getauxval, but it is possible someone not knowing that might disable use of native getauxval for a 64-bit build.
* Restructure OS::get_cpu_xxx functions a bitJack Lloyd2019-07-151-19/+15
| | | | | In particular if sysconf fails, fall back to std::thread if that is available instead of falling back to return 1 right away.
* Add support for OS-specific feature macrosJack Lloyd2019-07-157-5/+18
| | | | | | We already needed this but didn't have a first class notion for it. GH #2028
* Merge GH #2029 Support a DTLS client reconnecting from same source portJack Lloyd2019-07-1415-57/+423
|\
| * Bump ABI versionJack Lloyd2019-07-131-1/+1
| | | | | | | | Channel changed size
| * Fix DTLS reconnectionJack Lloyd2019-07-1313-56/+187
| |
| * Add test case for DTLS reconnection from same client portJack Lloyd2019-07-131-0/+235
| |
* | Update of docker android build.David Carlier2019-07-142-7/+8
|/ | | | Using direct image with more modern NDK.
* Improve error messages when reporting TLS state transition violationsJack Lloyd2019-07-132-22/+34
|
* Don't block forever in cli tests if something goes wrongJack Lloyd2019-07-131-3/+13
| | | | Or at least, not on Python3 which actually supports timeouts
* Ignore the record version on alert messages.Jack Lloyd2019-07-121-18/+21
| | | | | | It is always better to report the alert value than reject it due to unexpected record version. In particular OpenSSL 1.1.1 sends an alert with a version we don't expect when the v1.3 downgrade indicator fires.
* Add TLS v1.3 downgrade indicatorJack Lloyd2019-07-125-3/+48
|
* Remove tab charsJack Lloyd2019-07-107-30/+28
| | | | Death to \t
* Avoid needless allocation during GMAC finalizationJack Lloyd2019-07-101-2/+2
|
* Set C++11 flags for PGIJack Lloyd2019-07-101-0/+2
|
* Fix Coverity issueJack Lloyd2019-07-101-3/+1
| | | | I think this is a false positive but whatever
* Fix shellcheck warningJack Lloyd2019-07-081-1/+1
|
* Remove another malloc+free per GCM message overheadJack Lloyd2019-07-051-3/+4
|
* Report parallism for AES when hardware is availableJack Lloyd2019-07-051-0/+14
|
* Avoid pointless writeJack Lloyd2019-07-051-1/+1
| | | | The last 4 bytes are always overwritten in this loop.
* Avoid allocations during GCM message processingJack Lloyd2019-07-054-23/+41
| | | | | On Skylake with 1024 byte buffer brings perf from 2.69 cpb to 2.2 cpb. And over 50% improvement for small messages.
* Merge GH #2022 Support 64-bit RDRAND on x86-64Jack Lloyd2019-07-051-3/+47
|\
| * Use 64-bit RDRAND on x86-64Jack Lloyd2019-07-051-3/+47
| | | | | | | | | | | | | | | | This doubles RDRAND performance on 64-bit systems. Based on a patch from Jeffrey Walton in #934 Closes #934
* | Merge GH #2023 Avoid needless allocation in OctetString default constructorJack Lloyd2019-07-051-2/+5
|\ \
| * | Skip allocation if OctetString is constructed with empty string.Tom2019-07-051-2/+5
| |/
* | Fix LGTM warningJack Lloyd2019-07-051-4/+2
| |
* | Disable noisy LGTM ruleJack Lloyd2019-07-051-1/+0
|/ | | | It doesn't interact well with SIMD instrinsics
* Merge GH #2021 TLS record layer cleanupsJack Lloyd2019-07-054-196/+173
|\
| * Avoid &v[v.size()]Jack Lloyd2019-07-051-2/+2
| | | | | | | | GCC 8 is ok with this but GCC 5's iterator checks don't like it.
| * Small cleanupJack Lloyd2019-07-051-12/+4
| |
| * Return the record metadata in a structJack Lloyd2019-07-054-122/+135
| | | | | | | | | | | | | | Avoids passing pointers down the call stack. Also add a second buffer to hold the record plaintext, which avoids an extra alloc+free per record.
| * Remove Record_Raw_InputJack Lloyd2019-07-043-43/+30
| |
| * Remove Record_Message structJack Lloyd2019-07-043-40/+25
| |
* | Merge GH #2020 Remove BearSSL providerJack Lloyd2019-07-058-445/+2
|\ \
| * | Remove BearSSL providerJack Lloyd2019-07-058-445/+2
| | | | | | | | | | | | | | | | | | BearSSL is much slower than Botan's builtins, and it is not commonly included in distributions so doesn't even have the advantage of ubiquity.
* | | Enable more LGTM alertsJack Lloyd2019-07-051-0/+23
|/ / | | | | | | GH #2012
* / tls cli sandbox freebsd update.David Carlier2019-07-051-0/+28
|/ | | | | Expanding on capsicum usage limiting those file descriptors to what they re supposed to do.
* Merge GH #2017 Add Android build to Travis CIJack Lloyd2019-07-046-4/+63
|\
| * Fix include for getentropyJack Lloyd2019-07-042-4/+5
| | | | | | | | Everyone but BSDs puts it in sys/random.h