1. 03 Mar, 2017 7 commits
  2. 24 Feb, 2017 1 commit
  3. 23 Feb, 2017 1 commit
  4. 21 Feb, 2017 1 commit
  5. 01 Feb, 2017 1 commit
  6. 31 Jan, 2017 2 commits
  7. 30 Jan, 2017 1 commit
    • Pascal Bühler's avatar
      Simplify logging of errors and debug · 88579e67
      Pascal Bühler authored
      Previously logging of debug and errors did not always work as expected.
      Now there are three configure options to control output. The idea is not to
      be overly complicated but to give some simple options that work.
      
      --enable-log-stdout
      This will out put all debug and error logging to stdout
      
      --with-log-file=<filename>
      This will output all debug and error logging to the given filename
      
      --enable-debug-logging
      This enable debug logging for all internal debug modules. This is very
      verbose and should only be used for debugging and development.
      88579e67
  8. 24 Jan, 2017 1 commit
  9. 16 Sep, 2016 1 commit
    • Jonathan Lennox's avatar
      Changes for OpenSSL 1.1.0 compatibility. · 0b454236
      Jonathan Lennox authored
      In OpenSSL 1.1.0, EVP_CIPHER_CTX, HMAC_CTX, and EVP_MD_CTX are opaque types, and have
      to be allocated with *_new methods and deallocated with *_free.
      
      EVP_CIPHER_CTX_new/free is present in OpenSSL 1.0.1 and later, but HMAC_CTX_new and
      EVP_MD_CTX_new are new in OpenSSL 1.1.0.
      
      Use the _new unconditionally for ciphers, and conditionally use the old or new APIs
      for HMAC and MD.
      
      No noticible performance change for older OpenSSL.
      0b454236
  10. 14 Sep, 2016 10 commits
  11. 12 Sep, 2016 3 commits
  12. 27 Jul, 2016 1 commit
  13. 15 Jul, 2016 1 commit
    • Matthew Riley's avatar
      Replace octet_string_is_eq with a constant-time implementation · 1e91fd41
      Matthew Riley authored
      This function is used to check authentication tags in srtp_unprotect.
      The current early-exit implementation might offer a timing sidechannel,
      enabling attackers to brute-force a correct HMAC to a forged message.
      
      Such attacks shouldn't be possible if replay protection is enabled, but
      this is nonetheless good defense in depth.
      
      The implementation is similar to CRYPTO_memcmp from OpenSSL/BoringSSL.
      1e91fd41
  14. 23 Oct, 2015 1 commit
  15. 22 Oct, 2015 1 commit
  16. 17 Sep, 2015 4 commits
  17. 19 Feb, 2015 2 commits
  18. 18 Feb, 2015 1 commit