aboutsummaryrefslogtreecommitdiffstats
path: root/doc/manual
Commit message (Collapse)AuthorAgeFilesLines
* Remove Transform base classJack Lloyd2016-04-211-27/+63
| | | | | | | | | | | | | | | | | | | | | | With sufficient squinting, Transform provided an abstract base interface that covered both cipher modes and compression algorithms. However it mapped on neither of them particularly well. In addition this API had the same problem that has made me dislike the Pipe/Filter API: given a Transform&, what does it do when you put bits in? Maybe it encrypts. Maybe it compresses. It's a floor wax and a dessert topping! Currently the Cipher_Mode interface is left mostly unchanged, with the APIs previously on Transform just moved down the type hierarchy. I think there are some definite improvements possible here, wrt handling of in-place encryption, but left for a later commit. The compression API is split into two types, Compression_Algorithm and Decompression_Algorithm. Compression_Algorithm's start() call takes the compression level, allowing varying compressions with a single object. And flushing the compression state is moved to a bool param on `Compression_Algorithm::update`. All the nonsense WRT compression algorithms having zero length nonces, input granularity rules, etc as a result of using the Transform interface goes away.
* Fix formatting bugs in TLS docJack Lloyd2016-04-131-11/+6
| | | | | | | Fixes GH #460 Closes GH #474 [ci skip]
* Remove support for TLS v1.2 MD5 and SHA-224 signatures.Jack Lloyd2016-03-171-7/+4
| | | | | | | | | Remove support for weak ECC curves (anything under P-256) from TLS. This includes secp256k1 since we don't take advantage of the special form for any performance advantage; might as well use P-256. The manual still mentioned that it was possible to use MD5 in Policy::allowed_macs, but all HMAC-MD5 suites are already removed.
* Add section on fork safety to rng manualRené Korthaus2016-03-081-0/+19
|
* Fix formatting GH #415Jack Lloyd2016-02-172-24/+32
| | | | [ci skip]
* Update iOS build instructionsRené Korthaus2016-02-071-16/+16
| | | When building for iOS, you want to build for all three architectures, so you can run your app on an iOS device and on the simulator.
* Misc doc updatesJack Lloyd2016-01-043-7/+15
| | | | [ci skip]
* Remove references to deleted examples GH #339Jack Lloyd2015-12-194-36/+1
|
* Replace path src/cmd/ by new src/cli/ in documentationSimon Warta2015-12-115-16/+10
| | | | | | Closes #356. [ci skip]
* Add TLS_PSK testsJack Lloyd2015-11-131-1/+2
| | | | | | | | | | | Fix a bug which rejected any short server key exchanges. These can occur with a plain PSK with short or empty identity hints. Disable SHA-224 by default. Remove some vestigal RC4 cruft. Push more on the TLS corruption tests.
* Merge pull request #314 from randombit/ct-tls-cbc-paddingJack Lloyd2015-10-261-2/+4
|\ | | | | TLS improvements
| * TLS improvementsJack Lloyd2015-10-251-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Use constant time operations when checking CBC padding in TLS decryption Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes from working: on decode the session id and hello cookie would be swapped, causing confusion between client and server. Various changes in the service of finding the above DTLS bug that should have been done before now anyway - better control of handshake timeouts (via TLS::Policy), better reporting of handshake state in the case of an error, and finally expose the facility for per-message application callbacks.
* | Update doc for issuer_dn() and subject_dn()Simon Warta2015-10-201-3/+3
| | | | | | | | [ci skip]
* | Remove redundant function definitions from docsSimon Warta2015-10-201-10/+0
| | | | | | | | [ci skip]
* | Make Version_Code an enum type for documentationSimon Warta2015-10-201-1/+1
| | | | | | | | | | | | Confirm http://sphinx-doc.org/domains.html#directive-cpp:enum-struct [ci skip]
* | Update TLC::Client constructor documentationSimon Warta2015-10-201-13/+14
| | | | | | | | [ci skip]
* | Update TLS::Server signature in docsSimon Warta2015-10-201-14/+15
|/ | | | [ci skip]
* Add `--minimized-build` which does the same thing as `--no-autoload`Jack Lloyd2015-10-141-4/+4
| | | | | but the meaning of the option is probably easier to understand with this name.
* McEliece cleanupsJack Lloyd2015-09-292-0/+75
| | | | | | | | | | | | | | | | | | | | Remove and consolidate various headers Reduce memory usage of GF2m_Field by sharing the log and exponent tables across all instances of a particular word size. Remove McEliece_Public_Operation and McEliece_Private_Operation which were difficult to use safely. Instead only the KEM operations are exposed. Add McEliece_PublicKey::random_plaintext_element Add command line `mce` tool and some McEliece documentation Convert the speed program to check McEliece keys of the suggested size Add McEliece KATs for both key generation and KEM Fix HMAC_DRBG constructor which derefed a pointer before its time
* Remove the Perl XS moduleJack Lloyd2015-09-211-38/+0
|
* Build with libc++ C++ standard library on clang for iOSRené Korthaus2015-08-291-1/+1
| | | | | When building for iOS with clang, the C++ standard library must be set to libc++ instead of libstdc++.
* Remove references to removed APIs and algosJack Lloyd2015-07-294-97/+13
| | | | LibraryInitializer, PK filters, Algorithm base class, PGP S2K
* Fix random_prime() indent in BigInt docsSimon Warta2015-07-271-5/+5
| | | | [ci skip]
* Fix typosSimon Warta2015-07-245-9/+9
| | | | Thanks to @vlajos https://github.com/vlajos/misspell_fixer
* Update building documentationSimon Warta2015-07-151-26/+24
| | | | [ci skip]
* Simplify the website and documentation layout.Jack Lloyd2015-07-033-44/+11
| | | | | | | | | | | | | | Merge the website index, download page, algo page into the readme file so all the important information is in one place. The readme.rst is now also used as the website landing page. Remove the website target on the makefile, replaced by website.sh, since I'm the only one who ever needs to run this. Fix various ReST formatting bugs in news.rst and the manual Remove the old build_log which hasn't been touched in years and refers entirely to compilers which we don't support anymore.
* Add compression doc to indexlloyd2015-06-191-1/+1
|
* Remove RC4 (and all support for stream ciphers) from TLSlloyd2015-05-151-2/+2
|
* Update compression docslloyd2015-05-102-42/+52
|
* Add ALPN (RFC 7301) and remove NPNlloyd2015-03-201-22/+17
|
* Use /usr/bin/env to find python in the install script, Python doc updateslloyd2015-03-101-7/+10
| | | | Both from Uri B to mailing list.
* Doc updateslloyd2015-02-283-7/+47
|
* Update relnotes and todo, fix python signaturelloyd2015-02-191-1/+1
|
* Python: docs, key agreement, fix bcrypt trailing null byte.lloyd2015-02-162-1/+224
| | | | Initial very incomplete pass at error return value sanity.
* Add new module `ffi` which provides a plain C interface, plus a newlloyd2015-02-163-15/+108
| | | | | | | | | | | | ctypes Python wrapper that uses it. The API is intentionally designed to have a very simple ABI (extern "C", all structs are opaque, no memory ownership passing the FFI boundary, limited set of simple types as args) so the ctypes wrapper is quite simple. Currently ffi provides ciphers, hashes, MACs, RNGs, PBKDF, KDF, bcrypt, and most public key operations. Remove the old boost.python wrapper and all the build code for it.
* Mark modules pulling in external deps (zlib, boost, etc) as such, andlloyd2015-02-061-40/+22
| | | | | | notify the user when they are enabled. Drop botan-config, replaced by `botan config` command added in 1.11.8
* Add typedefs for function signatures/types used in TLS for easier readinglloyd2015-01-271-31/+37
|
* Add Strict_Policy. Disable server initiated renegotiation by default.lloyd2015-01-231-5/+8
|
* Update TLS OCB ciphersuites to match draft-zauner-tls-aes-ocb-00lloyd2015-01-211-0/+3
| | | | | and enable them in the default build, though still not enabled in the runtime policy.
* Remove SSLv3 and handling of SSLv2 client hellos.lloyd2015-01-111-22/+15
|
* Convert the asio server from a weird example server to a generic proxy server.lloyd2015-01-101-7/+3
|
* Change TLS session encryption to use AES-256/GCM instead of CBC+HMAClloyd2015-01-081-3/+5
|
* Fix doc bugslloyd2015-01-052-2/+2
|
* Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC).lloyd2015-01-041-4/+5
| | | | | | | | | | | | | | Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map.
* Add ChaCha20Poly1305 TLS ciphersuites compatible with Google's implementationlloyd2014-12-311-9/+10
|
* More info on AEAD decryption handlinglloyd2014-12-311-0/+10
|
* Update TLS doclloyd2014-12-201-11/+26
|
* Make the connection between calling TLS::Channel::send and a newlloyd2014-12-131-3/+9
| | | | wire record being created more clear.
* A TLS Server can now process either TLS or DTLS but not either,lloyd2014-11-151-7/+12
| | | | | with the setting set in the constructor. This prevents various surprising things from happening to applications and simplifies record processing.
* Replace Transformatio::nstart with start_raw so we can do a full setlloyd2014-11-051-1/+1
| | | | of overloads in the base class with the same name.