aboutsummaryrefslogtreecommitdiffstats
path: root/doc/log.txt
Commit message (Collapse)AuthorAgeFilesLines
* Drop support for running configure with Python 2.4. This allowslloyd2010-07-091-0/+1
| | | | | | | | | removing several workarounds for limitations in optparse in that release, and also allows using the ternary operator added in 2.5. As far as I can tell, the only still active release of any Linux/BSD distro that uses 2.4 is RHEL5. The beta of RHEL6 has 2.6, and it seems likely that RHEL6 will be out before 1.10.0.
* Rename S2K to PBKDF, because that is by far the most common name - S2Klloyd2010-07-091-0/+1
| | | | | | | | | | | | | really is only used by OpenPGP, and largely it was named S2K here because the OpenPGP S2K was implemented years before the ones in PKCS #5. We have a typedef of PBKDF to S2K, and an inlined get_s2k that calls get_pbkdf for source compatability. There doesn't seem to be any reason to have a forward for the renamed s2k.h header - to actually use a PBKDF, you'd have to either include lookup.h and call get_s2k / get_pbkdf, or else include an algorithm-specific header and use it directly. In either case, including s2k.h is neither necessary nor sufficient.
* Tick version to 1.9.10-devlloyd2010-06-301-0/+3
|
* Tick readme, log, configure for 1.9.9 releaselloyd2010-06-281-1/+1
|
* The fix for build.h also fixes a problem compiling under Apple's GCC 4.2lloyd2010-06-281-0/+1
|
* Give all Filter objects a method for querying their namelloyd2010-06-281-0/+1
|
* Document other changes since 1.9.8lloyd2010-06-211-0/+3
|
* Reorder by date then versionlloyd2010-06-181-16/+16
|
* Import the 1.8.9 release noteslloyd2010-06-161-0/+13
|
* Mention Doxygen updates in release loglloyd2010-06-161-0/+1
|
* Increase the iteration count and salt size used for encryptedlloyd2010-06-151-0/+1
| | | | | | | | | | | | | | | | private keys. For the older PBES1, we can only increase the iteration count (from 2048 to 10000); the salt is fixed by the standard to 64 bits. This is probably OK, since PBES1 is also limited to (at best) 64-bit encryption keys and thus is pretty unsafe anyway. For PBES2, increase the iteration count (also 2048 to 10000) and increase the size of the salt from 64 bits to 96 bits. This will only affect keys which are encrypted by a version after this revision.
* Tick to 1.9.9-devlloyd2010-06-141-0/+2
|
* Update log, readme for 1.9.8 releaselloyd2010-06-141-1/+1
|
* Rename the --use-boost-python optin to --with-boost-python, and add alloyd2010-06-131-0/+1
| | | | | | | --without-boost-python to explicitly disable it. This makes it much easier to use at least in Gentoo's ebuild system, and perhaps with other packaging systems as well.
* Document new code for wide multiply under VClloyd2010-06-111-0/+1
|
* Document fixing 512/768 bit DL groups via DSA kosherizerlloyd2010-06-021-0/+1
|
* Remove FORK-256; it's obscure and has been definitively broken.lloyd2010-05-251-0/+1
| | | | | More commentary posted to the list: http://lists.randombit.net/pipermail/botan-devel/2010-May/001123.html
* Add a couple of small patches from Thomas Capricelli <[email protected]>lloyd2010-05-211-0/+1
| | | | that enable botan to be built under the clang C++ compiler.
* Note other changeslloyd2010-05-191-0/+3
|
* Modify the implementation of multiplication mod 65537 used in IDEA tolloyd2010-04-301-0/+1
| | | | | | | | | | be branch-free. This reduces performance noticably on my Core2 (from 32 MiB/s to a bit over 27 MiB), but so it goes. The IDEA implementation using SSE2 is already branch-free here, and runs at about 135 MiB/s on my machine. Also add more IDEA tests, generated by OpenSSL
* Tick to 1.9.8-devlloyd2010-04-281-0/+2
|
* Update log, readme, configure for 1.9.7 release1.9.7lloyd2010-04-271-1/+1
|
* Fix EMSA_Raw in the case where the original input had leading 0 bytes.lloyd2010-04-211-0/+1
|
* Add support for SEED ciphersuites. Tested against OpenSSL 0.9.8nlloyd2010-04-171-0/+1
|
* Add support for reading SSLv2 client helloslloyd2010-04-171-0/+1
|
* Add Comb4P hash combiner, as described in Anja Lehmann's thesis.lloyd2010-04-171-0/+1
|
* Tick version to 1.9.7-devlloyd2010-04-161-0/+2
|
* Tick for 1.9.6 release1.9.6lloyd2010-04-091-1/+2
|
* Retrodocument some 1.9.5 changes. Document other TLS fixes in 1.9.6lloyd2010-04-071-2/+7
|
* Document adding SNIlloyd2010-03-301-0/+1
|
* Add support for TLS v1.1's per-record random IV. Tested against GnuTLS server.lloyd2010-03-301-0/+1
|
* Tick 1.9.6-devlloyd2010-03-301-0/+2
|
* Update for 1.9.5 release 2009-03-291.9.5lloyd2010-03-291-1/+1
|
* Document GOST fixlloyd2010-03-131-0/+1
|
* Document allocator changelloyd2010-03-131-0/+1
|
* Clarifylloyd2010-03-131-2/+2
|
* Document changes since 1.9.4lloyd2010-03-131-0/+5
|
* Tick version to 1.9.5-devlloyd2010-03-101-0/+2
|
* Update version to 1.9.4 release1.9.4lloyd2010-03-091-1/+1
|
* Deconstify PK_Ops. It's quite reasonable that some op will want tolloyd2010-03-091-0/+1
| | | | | | | | | | | | | precompute only as needed, or will want to access some other expensive resource or etc. Change how the secret for generating blinding is done in cases where a PRNG isn't available. Use the operations public op to hide the secret, for instance the seed for a DH blinding variable is 2^x mod p. Make use of being able to mutate internal structures in the RW signer, since that does have access to a PRNG, so use it to initialize the blinder on first call to sign().
* Clarify that Ajisai is only SSLv3 + TLS 1.0 currentlylloyd2010-03-051-1/+1
|
* This checkin represents a pretty major change in how PK operations arelloyd2010-03-041-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | performed. Up until now, each key object (eg DSA_PublicKey or ECDH_PrivateKey) had two jobs: contain the key material, and know how to perform any operations on that key. However because of a desire to support alternative implementations (GNU MP, hardware, whatever), there was a notion of operations, with the key objects containing an op that they got via engine rather than actually implementing the underlying algorithms directly. Now, represent the operation as an abstract interface (typically mapping a byte string to a byte string), and pass a plain Public_Key& or Private_Key& to the engine. The engine does any checks it wants (eg based on name, typeid, key sizes, etc), and either returns nothing (I'll pass) or a pointer to a new operation that represents signatures or encryption or what-have-you using that key. This means that plain key objects no longer contain operations. This is a major break with the traditional interface. On the other hand, using these 'bare' operations without padding, KDFs, etc is 99% of the time a bad idea anyway (and if you really need them, there are options so you get the bare op but via the pubkey.h interfaces). Currently this change is only implemented for DH and ECDH (ie, key agreement algorithms). Additionally the optional engines (gnump and openssl) have not been updated. I'll probably wait to touch those until after I can change them all in one go for all algos.
* Document fix for VC static buildslloyd2010-03-031-0/+1
|
* Add XSalsa20lloyd2010-03-031-0/+1
|
* Rename ECKAEG to ECDH. As far as I can tell they are the same algorithm,lloyd2010-03-021-0/+1
| | | | | I'm not sure where the old name came from though as literally the only hits for it on Google are botan-related.
* Document adding SSL/TLSlloyd2010-02-241-0/+1
|
* Document adding GOST 34.10-2001lloyd2010-02-241-0/+1
|
* Document removal of TR1 dependencylloyd2010-02-241-1/+1
|
* Document removing TR1 dependency for ECClloyd2010-02-231-0/+1
|
* Further passhash changes before release and things have to belloyd2010-02-051-1/+1
| | | | | | | | | | | | | | finalized. Move header to passhash9.h and rename the functions to be passhash9 specific ({generator,check}_passhash9) Add an algorithm identifer field. Currently only id 0 is defined, for HMAC(SHA-1), but this opens up for using HMAC(SHA-512) or HMAC(SHA-3) or CMAC(Blowfish) or whatever in the future if necessary. Increase the salt size to 96 bits and the PRF output size to 192 bits. Document in api.tex