Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix for bug 209. Required some reworking of the ASN.1 bytestring | lloyd | 2012-07-09 | 8 | -47/+86 |
| | | | | decoding code but seems an improvement. | ||||
* | Remove BOTAN_ASSERT_FUNCTION, use __func__ which is now standard in C++11 | lloyd | 2012-07-09 | 2 | -41/+35 |
| | |||||
* | Add a comment so I remember how to get warnings | lloyd | 2012-07-06 | 1 | -1/+3 |
| | |||||
* | Doxygen comments | lloyd | 2012-07-06 | 7 | -11/+133 |
| | |||||
* | Add wikipedia extlinks target. Warn about SRP verifier being secret | lloyd | 2012-07-06 | 2 | -2/+18 |
| | |||||
* | Disable generating LaTeX Doxygen output as we don't really need it and | lloyd | 2012-07-06 | 1 | -0/+8 |
| | | | | it is very slow to generate. | ||||
* | More Doxygen comments | lloyd | 2012-07-06 | 2 | -3/+12 |
| | |||||
* | Correct Doxygen comments | lloyd | 2012-07-06 | 2 | -5/+5 |
| | |||||
* | Outline of docs for SRP | lloyd | 2012-07-06 | 2 | -0/+26 |
| | |||||
* | Basic PSK documentation | lloyd | 2012-07-06 | 1 | -3/+15 |
| | |||||
* | A bit more OCSP documentation | lloyd | 2012-07-05 | 1 | -3/+8 |
| | |||||
* | Record_Writer needs a PRNG for the IV generation. Share the reference | lloyd | 2012-07-05 | 6 | -16/+22 |
| | | | | with the channel object instead of calling the global object. | ||||
* | Pull the TLS padding checks out to an anon function. | lloyd | 2012-07-05 | 1 | -32/+59 |
| | |||||
* | Rename all text files that are actually reStructuredText to .rst | lloyd | 2012-07-01 | 191 | -5/+3 |
| | |||||
* | Add OCSP doc. Rewrite 1.11.0 release notes. | lloyd | 2012-07-01 | 3 | -42/+70 |
| | |||||
* | Default to just `g++`. Check GCC version and warn if we are compiling | lloyd | 2012-07-01 | 2 | -1/+7 |
| | | | | under something before 4.7.0 | ||||
* | Single basic TLS test using in-memory handshake. | lloyd | 2012-06-29 | 4 | -5/+276 |
| | | | | Fix compile flags for the NIST tests | ||||
* | Ignore *.{key,crt,pem,patch} | lloyd | 2012-06-29 | 1 | -0/+2 |
| | |||||
* | Use new header for sqlite session manager | lloyd | 2012-06-29 | 1 | -2/+2 |
| | |||||
* | Minor doc updates | lloyd | 2012-06-29 | 2 | -4/+9 |
| | |||||
* | More discussion of the TLS callbacks | lloyd | 2012-06-29 | 1 | -10/+61 |
| | |||||
* | Split TLS::Policy::allowed_hashes into allowed_signature_hashes and | lloyd | 2012-06-29 | 9 | -38/+82 |
| | | | | | | | | | | | | | allowed_macs. This allows someone to turn on MD5 for message auth, which is a little sketchy but probably OK, without also (likely unintentionally) enabling MD5 for TLS v1.2 signatures, which would be a big problem. Prioritize RC4 over 3DES in default policy. Disable ECC curves smaller than 224 bits by default. More updates to the TLS policy documentation. | ||||
* | Fix formatting of Channel docs | lloyd | 2012-06-29 | 1 | -28/+34 |
| | |||||
* | Improve TLS::Channel documentation | lloyd | 2012-06-29 | 1 | -4/+13 |
| | |||||
* | Add TLS::Session_Manager_Noop which just ignores all save requests. | lloyd | 2012-06-29 | 9 | -25/+48 |
| | | | | | | | Rename the sqlite module to sqlite3 as sometimes plain 'sqlite' is used to refer to sqlite2. Reduce the password check bits to 16 which is plenty. | ||||
* | Document more of the TLS interface | lloyd | 2012-06-28 | 1 | -44/+412 |
| | |||||
* | Clarify availability of the amalgamation build | lloyd | 2012-06-28 | 1 | -2/+4 |
| | |||||
* | Some doc updates | lloyd | 2012-06-26 | 3 | -313/+307 |
| | |||||
* | Avoid unused argument warning | lloyd | 2012-06-26 | 1 | -1/+1 |
| | |||||
* | Reorder Credentials_Manager with cert stuff first, then SRP, then PSK | lloyd | 2012-06-26 | 1 | -66/+69 |
| | |||||
* | Increase default Miller-Rabin nonce to 192 bits | lloyd | 2012-06-26 | 1 | -2/+2 |
| | |||||
* | Be explicit about swap template specialization | lloyd | 2012-06-26 | 1 | -1/+1 |
| | |||||
* | Set poolsize to zero on failure. Set m_pool to null if mmap fails | lloyd | 2012-06-26 | 1 | -0/+6 |
| | |||||
* | Add TLS::Policy::minimum_dh_group_size, default 1024. Send an | lloyd | 2012-06-25 | 5 | -2/+30 |
| | | | | | | | | insufficient_security alert if the server tries to give us a DH group smaller than that. Also check to make sure the key isn't obviously bogus (<=1 || >= p-1), though as the key is purely ephemeral it doesn't seem like a small subgroup attack would provide much advantage anyway. | ||||
* | Include FAQ and dl links in contents. Rearrange download links | lloyd | 2012-06-21 | 3 | -82/+38 |
| | |||||
* | Only use Disqus if the Sphinx tag is set. | lloyd | 2012-06-20 | 11 | -57/+58 |
| | | | | | | | | | Use extlinks extension for download links, bug reports, and mailing list archives. Disable devel mode on Disqus. Fix some broken links detected with Sphinx's linkcheck target. | ||||
* | Hooks for Disqus comments | lloyd | 2012-06-20 | 3 | -5/+44 |
| | |||||
* | Split log.txt into individual release notes. Integrate most of the | lloyd | 2012-06-20 | 175 | -2318/+2635 |
| | | | | | | | | relevant contents from the pyblosxom news site into said relnotes. DRY suggests having only one form of release notes, and having it in the public source repo. Also some updates for the allocator changes. | ||||
* | Return existing certs fast if there is a match | lloyd | 2012-06-20 | 1 | -0/+15 |
| | |||||
* | Allow configurable # of threads, useful for scale testing | lloyd | 2012-06-20 | 1 | -2/+4 |
| | |||||
* | Doc updates | lloyd | 2012-06-20 | 4 | -19/+28 |
| | |||||
* | Update docs for new secure_vector | lloyd | 2012-06-20 | 1 | -73/+23 |
| | |||||
* | Add missing headers, triggered errors under minimal builds | lloyd | 2012-06-19 | 2 | -0/+2 |
| | |||||
* | Remove BOTAN_MEM_POOL_CHUNK_SIZE macro from build.h, no longer used. | lloyd | 2012-06-19 | 2 | -10/+12 |
| | | | | | Move Karatsuba cutoffs to mp_karat.cpp as that is the only place that uses them and I doubt these get tweaked much (ever). | ||||
* | In Karatsuba multiplication, we would avoid recursing in cases where | lloyd | 2012-06-19 | 1 | -48/+10 |
| | | | | | | | | | we know one of the sub values was going to be zero. Avoid doing this as it exposes a timing channel. Some bn_asm code was manually inlined into the Karatsuba for doing additions. Just call the normal functions - if these are too slow that should be fixed. | ||||
* | Make TLS::Channel::send non-virtual as neither Client nor Server | lloyd | 2012-06-18 | 9 | -21/+58 |
| | | | | | | | | | | | | | | | | | | | needed to derive from it. Add a new overload of send taking a std::string for convenience (eg client.send("GET / HTTP/1.0\n\r")). Let Channel::renegotiatate's force_full_renegotiation argument default to false. Fix a bug where if we negotiated TLS v1.2 and our Policy was configured to only use MD5 we would send an empty allowed signatures which is maybe bogus or maybe just ambigious (RFC is unclear, though we reject in this case). To fix this, support putting MD5 in the signature algorithms extension, and then in choose_sig_format order first by our hash preference, and only allow hashes that are allowed by policy. Thus is a client claims to support both SHA-2 and MD5 we'll choose SHA-2 even if the client put MD5 first (some versions of GnuTLS ordered the list backwards due to a bug, so this is actually a useful behavior). | ||||
* | Update links for 1.10.2 | lloyd | 2012-06-17 | 1 | -11/+11 |
| | |||||
* | Port in 1.10.2 change notes | lloyd | 2012-06-17 | 1 | -5/+10 |
| | |||||
* | Patch name changed | lloyd | 2012-06-17 | 2 | -46/+15 |
| | |||||
* | Update to rev 924b482d25 from https://github.com/OlivierJG/botansqlite3 | lloyd | 2012-06-17 | 4 | -24/+28 |
| |