aboutsummaryrefslogtreecommitdiffstats
path: root/doc/manual
Commit message (Collapse)AuthorAgeFilesLines
* Replace path src/cmd/ by new src/cli/ in documentationSimon Warta2015-12-115-16/+10
| | | | | | Closes #356. [ci skip]
* Add TLS_PSK testsJack Lloyd2015-11-131-1/+2
| | | | | | | | | | | Fix a bug which rejected any short server key exchanges. These can occur with a plain PSK with short or empty identity hints. Disable SHA-224 by default. Remove some vestigal RC4 cruft. Push more on the TLS corruption tests.
* Merge pull request #314 from randombit/ct-tls-cbc-paddingJack Lloyd2015-10-261-2/+4
|\ | | | | TLS improvements
| * TLS improvementsJack Lloyd2015-10-251-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Use constant time operations when checking CBC padding in TLS decryption Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes from working: on decode the session id and hello cookie would be swapped, causing confusion between client and server. Various changes in the service of finding the above DTLS bug that should have been done before now anyway - better control of handshake timeouts (via TLS::Policy), better reporting of handshake state in the case of an error, and finally expose the facility for per-message application callbacks.
* | Update doc for issuer_dn() and subject_dn()Simon Warta2015-10-201-3/+3
| | | | | | | | [ci skip]
* | Remove redundant function definitions from docsSimon Warta2015-10-201-10/+0
| | | | | | | | [ci skip]
* | Make Version_Code an enum type for documentationSimon Warta2015-10-201-1/+1
| | | | | | | | | | | | Confirm http://sphinx-doc.org/domains.html#directive-cpp:enum-struct [ci skip]
* | Update TLC::Client constructor documentationSimon Warta2015-10-201-13/+14
| | | | | | | | [ci skip]
* | Update TLS::Server signature in docsSimon Warta2015-10-201-14/+15
|/ | | | [ci skip]
* Add `--minimized-build` which does the same thing as `--no-autoload`Jack Lloyd2015-10-141-4/+4
| | | | | but the meaning of the option is probably easier to understand with this name.
* McEliece cleanupsJack Lloyd2015-09-292-0/+75
| | | | | | | | | | | | | | | | | | | | Remove and consolidate various headers Reduce memory usage of GF2m_Field by sharing the log and exponent tables across all instances of a particular word size. Remove McEliece_Public_Operation and McEliece_Private_Operation which were difficult to use safely. Instead only the KEM operations are exposed. Add McEliece_PublicKey::random_plaintext_element Add command line `mce` tool and some McEliece documentation Convert the speed program to check McEliece keys of the suggested size Add McEliece KATs for both key generation and KEM Fix HMAC_DRBG constructor which derefed a pointer before its time
* Remove the Perl XS moduleJack Lloyd2015-09-211-38/+0
|
* Build with libc++ C++ standard library on clang for iOSRené Korthaus2015-08-291-1/+1
| | | | | When building for iOS with clang, the C++ standard library must be set to libc++ instead of libstdc++.
* Remove references to removed APIs and algosJack Lloyd2015-07-294-97/+13
| | | | LibraryInitializer, PK filters, Algorithm base class, PGP S2K
* Fix random_prime() indent in BigInt docsSimon Warta2015-07-271-5/+5
| | | | [ci skip]
* Fix typosSimon Warta2015-07-245-9/+9
| | | | Thanks to @vlajos https://github.com/vlajos/misspell_fixer
* Update building documentationSimon Warta2015-07-151-26/+24
| | | | [ci skip]
* Simplify the website and documentation layout.Jack Lloyd2015-07-033-44/+11
| | | | | | | | | | | | | | Merge the website index, download page, algo page into the readme file so all the important information is in one place. The readme.rst is now also used as the website landing page. Remove the website target on the makefile, replaced by website.sh, since I'm the only one who ever needs to run this. Fix various ReST formatting bugs in news.rst and the manual Remove the old build_log which hasn't been touched in years and refers entirely to compilers which we don't support anymore.
* Add compression doc to indexlloyd2015-06-191-1/+1
|
* Remove RC4 (and all support for stream ciphers) from TLSlloyd2015-05-151-2/+2
|
* Update compression docslloyd2015-05-102-42/+52
|
* Add ALPN (RFC 7301) and remove NPNlloyd2015-03-201-22/+17
|
* Use /usr/bin/env to find python in the install script, Python doc updateslloyd2015-03-101-7/+10
| | | | Both from Uri B to mailing list.
* Doc updateslloyd2015-02-283-7/+47
|
* Update relnotes and todo, fix python signaturelloyd2015-02-191-1/+1
|
* Python: docs, key agreement, fix bcrypt trailing null byte.lloyd2015-02-162-1/+224
| | | | Initial very incomplete pass at error return value sanity.
* Add new module `ffi` which provides a plain C interface, plus a newlloyd2015-02-163-15/+108
| | | | | | | | | | | | ctypes Python wrapper that uses it. The API is intentionally designed to have a very simple ABI (extern "C", all structs are opaque, no memory ownership passing the FFI boundary, limited set of simple types as args) so the ctypes wrapper is quite simple. Currently ffi provides ciphers, hashes, MACs, RNGs, PBKDF, KDF, bcrypt, and most public key operations. Remove the old boost.python wrapper and all the build code for it.
* Mark modules pulling in external deps (zlib, boost, etc) as such, andlloyd2015-02-061-40/+22
| | | | | | notify the user when they are enabled. Drop botan-config, replaced by `botan config` command added in 1.11.8
* Add typedefs for function signatures/types used in TLS for easier readinglloyd2015-01-271-31/+37
|
* Add Strict_Policy. Disable server initiated renegotiation by default.lloyd2015-01-231-5/+8
|
* Update TLS OCB ciphersuites to match draft-zauner-tls-aes-ocb-00lloyd2015-01-211-0/+3
| | | | | and enable them in the default build, though still not enabled in the runtime policy.
* Remove SSLv3 and handling of SSLv2 client hellos.lloyd2015-01-111-22/+15
|
* Convert the asio server from a weird example server to a generic proxy server.lloyd2015-01-101-7/+3
|
* Change TLS session encryption to use AES-256/GCM instead of CBC+HMAClloyd2015-01-081-3/+5
|
* Fix doc bugslloyd2015-01-052-2/+2
|
* Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC).lloyd2015-01-041-4/+5
| | | | | | | | | | | | | | Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map.
* Add ChaCha20Poly1305 TLS ciphersuites compatible with Google's implementationlloyd2014-12-311-9/+10
|
* More info on AEAD decryption handlinglloyd2014-12-311-0/+10
|
* Update TLS doclloyd2014-12-201-11/+26
|
* Make the connection between calling TLS::Channel::send and a newlloyd2014-12-131-3/+9
| | | | wire record being created more clear.
* A TLS Server can now process either TLS or DTLS but not either,lloyd2014-11-151-7/+12
| | | | | with the setting set in the constructor. This prevents various surprising things from happening to applications and simplifies record processing.
* Replace Transformatio::nstart with start_raw so we can do a full setlloyd2014-11-051-1/+1
| | | | of overloads in the base class with the same name.
* Various small fixes and cleanups, new is_prime utillloyd2014-11-031-0/+8
|
* Correct documentationlloyd2014-10-141-1/+1
|
* Some documentation updates WRT DTLS and X.509 cert path processinglloyd2014-10-062-25/+100
|
* Any fixed MR iterations is probably wrong for somebody. Allow the userlloyd2014-04-251-9/+19
| | | | | | to specify a probability as well as if n was randomly chosen or not. If the input is random use a better bounds to reduce the number of needed tests.
* Doc fixlloyd2014-04-161-1/+1
|
* Link to instructions for Android by Daniel Seitherlloyd2014-01-231-5/+2
|
* Fix binary nameslloyd2014-01-201-6/+6
|
* Split up docs into the reference manual, the website, and everything else.lloyd2014-01-1023-0/+4364
Add `website` target to makefile. Some progress towards fixing minimized builds. TLS now hard requires ECDSA and GCM since otherwise a minimized build has only insecure options. Remove boost_thread dependency in command line tool
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-12 07:47:46 +0000