aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/contributing.rst (renamed from doc/hacking.rst)157
-rw-r--r--readme.rst2
2 files changed, 72 insertions, 87 deletions
diff --git a/doc/hacking.rst b/doc/contributing.rst
index 7c7ae3fb2..a0b8daec1 100644
--- a/doc/hacking.rst
+++ b/doc/contributing.rst
@@ -1,3 +1,4 @@
+
Source Code Layout
=================================================
@@ -36,8 +37,8 @@ Library Layout
* ``rng`` contains the random number generators
* ``entropy`` has various entropy sources
* ``asn1`` is the DER encoder/decoder
-* ``cert`` has ``x509`` (X.509 PKI OCSP is also here) and ``cvc`` (Card Verifiable Ceritifcates,
- for ePassports)
+* ``cert/x509`` is X.509 certificates, PKCS #10 requests, OCSP
+* ``cert/cvc`` is Card Verifiable Certificates (ePassport credentials)
* ``tls`` contains the TLS implementation
* ``filters`` is a filter/pipe API for data transforms
* ``compression`` has the compression wrappers (zlib, bzip2, lzma)
@@ -49,94 +50,92 @@ Library Layout
Copyright Notice
========================================
-At the top of any new file add a comment with a copyright and
-a reference to the license, for example::
+At the top of any new file add a comment with a copyright and a reference to the
+license, for example::
/*
* (C) 2015,2016 Copyright Holder
* Botan is released under the Simplified BSD License (see license.txt)
*/
-If you are making a substantial or non-trivial change to an existing
-file, add or update your own copyright statement at the top of the
-file. If you are making a change in a new year not covered by your
-existing statement, add the year. Even if the years you are making the
-change are consecutive, avoid year ranges: specify each year separated
-by a comma.
+If you are making a substantial or non-trivial change to an existing file, add
+or update your own copyright statement at the top of the file. If you are making
+a change in a new year not covered by your existing statement, add the
+year. Even if the years you are making the change are consecutive, avoid year
+ranges: specify each year separated by a comma.
-Also if you are a new contributor or making an addition in a new year,
-include an update to ``doc/license.txt`` in your PR.
+Also if you are a new contributor or making an addition in a new year, include
+an update to ``doc/license.txt`` in your PR.
Style Conventions
========================================
-When writing your code remember the need for it to be easily
-understood by reviewers and auditors, both at the time of the patch
-submission and in the future.
+When writing your code remember the need for it to be easily understood by
+reviewers and auditors, both at the time of the patch submission and in the
+future.
-Avoid complicated template metaprogramming where possible. It has its
-places but should be used judiciously.
+Avoid complicated template metaprogramming where possible. It has its places but
+should be used judiciously.
-When designing a new API (for use either by library users or just
-internally) try writing out the calling code first. That is, write out
-some code calling your idealized API, then just implement that API.
-This can often help avoid cut-and-paste by creating the correct
-abstractions needed to solve the problem at hand.
+When designing a new API (for use either by library users or just internally)
+try writing out the calling code first. That is, write out some code calling
+your idealized API, then just implement that API. This can often help avoid
+cut-and-paste by creating the correct abstractions needed to solve the problem
+at hand.
-The C++11 ``auto`` keyword is very convenient but only use it when the
-type truly is obvious (considering also the potential for unexpected
-integer conversions and the like, such as an apparent uint8_t being
-promoted to an int).
+The C++11 ``auto`` keyword is very convenient but only use it when the type
+truly is obvious (considering also the potential for unexpected integer
+conversions and the like, such as an apparent uint8_t being promoted to an int).
-If a variable is defined and not modified, declare it ``const``.
-Some exception for very short-lived variables, but generally speaking
-being able to read the declaration and know it will not be modified
-is useful.
+If a variable is defined and not modified, declare it ``const``. Some exception
+for very short-lived variables, but generally speaking being able to read the
+declaration and know it will not be modified is useful.
-Use ``override`` annotations whenever overriding a virtual function.
+Use ``override`` annotations whenever overriding a virtual function. If
+introducing a new type that is not intended for derivation, mark it ``final``.
-A formatting setup for emacs is included in `scripts/indent.el` but
-the basic formatting style should be obvious. No tabs, and remove
-trailing whitespace.
+Use ``m_`` prefix on all member variables.
-Use ``m_`` prefix on all member variables. The current code is not
-consistent but all new code should use it.
+A formatting setup for emacs is included in `scripts/indent.el` but the basic
+formatting style should be obvious. No tabs, and remove trailing whitespace.
-Prefer using braces on both sides of if/else blocks, even if only
-using a single statement. Again the current code doesn't always do
-this.
+Prefer using braces on both sides of if/else blocks, even if only using a single
+statement. The current code doesn't always do this.
-Avoid ``using namespace`` declarations, even inside of single functions.
-One allowed exception is ``using namespace std::placeholders`` in
-functions which use ``std::bind``.
+Avoid ``using namespace`` declarations, even inside of single functions. One
+allowed exception is ``using namespace std::placeholders`` in functions which
+use ``std::bind``.
-Use ``::`` to explicitly refer to the global namespace (eg, when calling
-an OS or library function like ``::select`` or ``::sqlite3_open``).
+Use ``::`` to explicitly refer to the global namespace (eg, when calling an OS
+or library function like ``::select`` or ``::sqlite3_open``).
Sending patches
========================================
All contributions should be submitted as pull requests via GitHub
-(https://github.com/randombit/botan). If you are planning a large
-change email the mailing list or open a discussion ticket on github
-before starting out to make sure you are on the right path.
+(https://github.com/randombit/botan). If you are planning a large change email
+the mailing list or open a discussion ticket on github before starting out to
+make sure you are on the right path.
+
+If possible please sign your git commits using a PGP key.
+See https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work for
+instructions on how to set this up.
-Depending on what your change is, your PR should probably also include
-an update to ``doc/news.rst`` with a note explaining the change. If your
-change is a simple bug fix, a one sentence description is perhaps
-sufficient. If there is an existing ticket on GitHub with discussion
-or other information, reference it in your change note as 'GH #000'.
+Depending on what your change is, your PR should probably also include an update
+to ``doc/news.rst`` with a note explaining the change. If your change is a
+simple bug fix, a one sentence description is perhaps sufficient. If there is an
+existing ticket on GitHub with discussion or other information, reference it in
+your change note as 'GH #000'.
-Update ``doc/credits.txt`` with your information so people know what
-you did! (This is optional)
+Update ``doc/credits.txt`` with your information so people know what you did!
-If you are interested in contributing but don't know where to start
-check out ``doc/todo.rst`` for some ideas - these are changes we would
-almost certainly accept once they've passed code review.
+If you are interested in contributing but don't know where to start check out
+``doc/todo.rst`` for some ideas - these are changes we would almost certainly
+accept once they've passed code review.
Also, try building and testing it on whatever hardware you have handy,
-especially non-x86 platforms, or especially C++11 compilers other
-than the regularly tested GCC, Clang, and Visual Studio compilers.
+especially non-x86 platforms, or especially C++11 compilers other than the
+regularly tested GCC, Clang, and Visual Studio compilers.
External Dependencies
========================================
@@ -196,18 +195,18 @@ may give some estimate of the bar - you can do pretty much anything in 1000
lines of well written C++11 (the implementations of *all* of the message
authentication codes is much less than 1K SLOC).
-Current (all optional) external dependencies of the library are OpenSSL (for
-accessing their fast RSA and ECDSA impls, not the handshake code!), zlib, bzip2,
-lzma, sqlite3, plus various operating system utilities like basic filesystem
-operations. These are hugely useful libraries that provide serious value, and
-are worth the trouble of maintaining an integration with. And importantly their
-API contract doesn't change often: code calling zlib doesn't bitrot much.
+Current the (optional) external dependencies of the library are OpenSSL (for
+access to fast and side channel hardened RSA, ECDSA, AES), zlib, bzip2, lzma,
+sqlite3, Trousers (TPM integration), plus various operating system utilities
+like basic filesystem operations. These provide major pieces of functionality
+which seem worth the trouble of maintaining an integration with.
-Examples of external dependencies that would be appropriate include integration
-with system crypto (PKCS #11, TPM, CommonCrypto, CryptoAPI algorithms),
-potentially a parallelism framework such as Cilk (as part of a larger design for
-parallel message processing, say), or hypothentically use of a safe ASN.1 parser
-(that is, one written in Rust or OCaml providing a C API).
+Examples of other external dependencies that would be appropriate include
+integration with system crypto (PKCS #11, TPM, CommonCrypto, CryptoAPI
+algorithms), potentially a parallelism framework such as Cilk (as part of a
+larger design for parallel message processing, say), or hypothentically use of a
+safe ASN.1 parser (that is, one written in a safe language like Rust or OCaml
+providing a C API).
Test Tools
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -217,6 +216,8 @@ valgrind, ASan/UBSan, AFL, LLVM libFuzzer, KLEE, Coq, etc is fine. Typically
these are not enabled or used during normal builds but are specially set up by
developers or auditors.
+The fuzzer tests currently live at https://github.com/randombit/botan-fuzzers
+
Python
========================================
@@ -248,19 +249,3 @@ very quick rebuilds by caching the compiler output.
Use ``--with-sanitizers`` to enable ASan. UBSan has to be added separately
with ``--cc-abi-flags`` at the moment as GCC 4.8 does not have UBSan.
-
-Other Ways You Can Help
-========================================
-
-Convince your employer that the software your company uses and relies on is
-worth the time and cost of serious audit. The code may be free, but you are
-still using it - so make sure it is any good. Fund code and design reviews
-whenever you can of the free software your company relies on, including Botan,
-then share the results with the developers to improve the ecosystem for everyone.
-
-Funding Development
-========================================
-
-If there is a change you'd like implemented in the library but you'd rather not,
-or can't, write it yourself, you can contact Jack Lloyd who in addition to being
-the primary author also works as a freelance contractor and security consultant.
diff --git a/readme.rst b/readme.rst
index 743b103da..5b121e101 100644
--- a/readme.rst
+++ b/readme.rst
@@ -11,7 +11,7 @@ command line tool for various cryptographic operations, the source for which
also helps demonstrate usage of the library.
Development is coordinated on `GitHub <https://github.com/randombit/botan>`_
-and contributions are welcome. Read `doc/hacking.rst` for more
+and contributions are welcome. Read `doc/contributing.rst` for more
about how to contribute.
.. highlight:: none