Updates for news, readme

[ci skip]

2 files changed, 34 insertions, 31 deletions

diff --git a/doc/news.rst b/doc/news.rst
index 2622c66bd..68a81f189 100644
--- a/doc/news.rst
+++ b/doc/news.rst
@@ -14,17 +14,16 @@ Version 1.11.25, Not Yet Released
 * The OpenSSL implementation of RC4 would return the wrong value from `name` if
   leading bytes of the keystream had been skipped in the output.
 
-* Fixed the signature of botan_pubkey_destroy which took the wrong type and was
-  not usable.
+* Fixed the signature of the FFI function botan_pubkey_destroy, which took the
+  wrong type and was not usable.
 
-* The TLS client would erronously reject any server key exchange
-  packet smaller than 6 bytes. This prevented negotiating a plain PSK
-  TLS ciphersuite with an empty identity hint. ECDHE_PSK and DHE_PSK
-  suites were not affected.
+* The TLS client would erronously reject any server key exchange packet smaller
+  than 6 bytes. This prevented negotiating a plain PSK TLS ciphersuite with an
+  empty identity hint. ECDHE_PSK and DHE_PSK suites were not affected.
 
-* Fixed a bug that would cause the TLS client to occasionally reject a
-  valid server key exchange message as having an invalid signature.
-  This only affected DHE ciphersuites.
+* Fixed a bug that would cause the TLS client to occasionally reject a valid
+  server key exchange message as having an invalid signature. This only affected
+  DHE and SRP ciphersuites.
 
 * Support for negotiating use of SHA-224 in TLS has been disabled in the
   default policy.
diff --git a/readme.rst b/readme.rst
index 1a0ec1e4a..144364bb4 100644
--- a/readme.rst
+++ b/readme.rst
@@ -1,15 +1,14 @@
 Botan: Crypto and TLS for C++11
 ========================================
 
-Botan (Japanese for peony) is a C++ cryptography library released
-under the permissive `Simplified BSD
+Botan (Japanese for peony) is a cryptography library written in C++11
+and released under the permissive `Simplified BSD
 <http://botan.randombit.net/license.txt>`_ license.
 
-It provides TLS, X.509 certificates, OCSP, ECDSA, AES, GCM,
-ChaCha20Poly1305, McEliece, bcrypt, and quite a few other things. It
-also provides a `botan` command line tool for various cryptographic
-operations, the source for which also helps demonstrate usage of the
-library.
+It provides TLS, X.509 certificates, OCSP, ECDSA, AES, GCM, ChaCha20Poly1305,
+McEliece, bcrypt, and quite a few other things. It also provides a `botan`
+command line tool for various cryptographic operations, the source for which
+also helps demonstrate usage of the library.
 
 Development is coordinated on `GitHub <https://github.com/randombit/botan>`_
 and contributions are welcome. Read `doc/hacking.rst` for more
@@ -47,9 +46,9 @@ may also prove useful resources.
 
 In addition to C++, botan has a C89 API specifically designed to be easy
 to call from other languages. A Python binding using ctypes is included,
-there are also bindings for
+there are also partial bindings for
 `Node.js <https://github.com/justinfreitag/node-botan>`_ and
-`OCaml <https://github.com/randombit/botan-ocaml>`_
+`OCaml <https://github.com/randombit/botan-ocaml>`_ among others.
 
 There is also a third party open source implementation of
 `SSHv2 <https://github.com/cdesjardins/cppssh>`_ using the library.
@@ -151,27 +150,27 @@ the very least ask for review/input on a mailing list such as the
 crypto lists. And (if possible) pay a professional cryptographer or
 security company to review your design and code.
 
-Supported Algorithms/Protocols/RFCs
+Find Enclosed
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 TLS/Public Key Infrastructure
 ----------------------------------------
 
-* TLS/DTLS (v1.0 to v1.2), including using preshared keys (TLS-PSK)
-  or passwords (TLS-SRP) and most important extensions (including
-  secure renegotiation, session tickets, SNI, and ALPN)
-* X.509 certificates (including generating new self-signed and CA
-  certs) and CRLs
-* PKIX certificate path validation, OCSP requests, PKCS #10 CSRs
+* TLS and DTLS (v1.0 to v1.2), including using preshared keys
+  (TLS-PSK) and passwords (TLS-SRP) and most important extensions,
+  such as session tickets, SNI, and ALPN.
+* X.509v3 certificates and CRLs
+* PKIX certificate path validation with multiple test suites for same
+* OCSP requests
+* PKCS #10 certificate requests
 
 Public Key Cryptography
 ----------------------------------------
 
-* Encryption algorithms RSA and ElGamal (with OAEP or PKCS #1 v1.5)
-* Signature algorithms RSA, DSA, ECDSA, GOST 34.10-2001, Nyberg-Rueppel,
-  Rabin-Williams (with PSS, PKCS #1 v1.5, or X9.31)
-* Diffie-Hellman, ECDH using NIST/Brainpool prime groups, Curve25519
-* McEliece code based encryption providing a KEM scheme
+* Encryption with RSA and ElGamal
+* Signatures with RSA, DSA, ECDSA, GOST 34.10-2001, Nyberg-Rueppel, Rabin-Williams
+* Key agreement with Diffie-Hellman, ECDH, Curve25519, and McEliece
+* Padding schemes OAEP, PSS, PKCS #1 v1.5, X9.31
 
 Ciphers and cipher modes
 ----------------------------------------
@@ -204,8 +203,12 @@ Other Useful Things
 ----------------------------------------
 
 * Key derivation functions for passwords, including PBKDF2
-* Password hashing functions, including bcrypt
+* Password hashing functions, including bcrypt and a PBKDF based scheme
 * General key derivation functions KDF1 and KDF2 from IEEE 1363
+* Format preserving encryption scheme FE1
+* Threshold secret sharing
+* RFC 3394 keywrapping
+* Rivest's all or nothing transform
 
 Recommended Algorithms
 ----------------------------------------
@@ -228,3 +231,4 @@ currently recommend using:
   or ECDSA with P-256/SHA-256 or P-384/SHA-384
 
 * Key Agreement: ECDH P-256 or Curve25519, with KDF2(SHA-256)
+  Or McEliece if you are concerned about attacks by quantum computers.