aboutsummaryrefslogtreecommitdiffstats
path: root/doc/manual
Commit message (Collapse)AuthorAgeFilesLines
* Add document for distribution maintainersJack Lloyd2017-01-062-0/+39
|
* Merge GH #803 Add botan_ffi_supports_version funcJack Lloyd2017-01-051-1/+11
|\
| * Add botan_ffi_supports_api functionJack Lloyd2017-01-041-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | This lets us upgrade the FFI version over time and still allow applications to reliably detect if the current library binary supports their version. As an example, it would be useful to be able to add features to FFI sometime in 2.x. In that case, we would increase the value of the FFI API version, even though anything calling the old API would still work perfectly. Applications can verify at runtime the API they want to use is supported using this new call.
* | Comment on warnings in goals doc [ci skip]Jack Lloyd2017-01-051-2/+4
| |
* | Add missing entry to manual TOCJack Lloyd2017-01-041-1/+1
|/ | | | [ci skip]
* Update roadmap, add support and versioning infoJack Lloyd2017-01-032-1/+33
| | | | [ci skip]
* Merge GH #793 Add iOS targetJack Lloyd2017-01-031-8/+8
|\
| * Update docs on building for iosSimon Warta2017-01-031-8/+8
| |
* | Minor tweaks to side channel textJack Lloyd2017-01-031-14/+18
|/ | | | [ci skip]
* Tweak AES text a bitJack Lloyd2017-01-021-20/+26
| | | | | | Finish a sentence in GCM [ci skip]
* Remove unhelpful firststep.rstJack Lloyd2017-01-022-39/+0
| | | | | | A general intro/outline doc would be useful, but this isn't it. [ci skip]
* Update RNG doc [ci skip]Jack Lloyd2017-01-021-20/+14
|
* Merge GH #788 Add project goals statementJack Lloyd2017-01-022-0/+130
|\
| * Add a statement of project goals (and non-goals)Jack Lloyd2016-12-302-0/+130
| | | | | | | | [ci skip]
* | Merge GH #787 Add side channel docJack Lloyd2017-01-022-4/+396
|\ \
| * | Address review comments on side channel docJack Lloyd2017-01-022-4/+396
| | | | | | | | | | | | [ci skip]
* | | Small documentation updatesJack Lloyd2016-12-302-3/+14
| |/ |/| | | | | [ci skip]
* | Add note about CECPQ1 in TLS manualJack Lloyd2016-12-281-0/+16
| | | | | | | | [ci skip]
* | Misc doc tweaksJack Lloyd2016-12-282-8/+8
|/ | | | [ci skip]
* Address some review comments by @cordney in TPM docJack Lloyd2016-12-281-4/+4
| | | | [ci skip]
* Detail supported platforms/compilers for Botan 2Jack Lloyd2016-12-262-0/+45
| | | | | | Prior related discussion tickets GH #111 #703 [ci skip]
* Add basic docs for TPM APIJack Lloyd2016-12-242-1/+115
|
* Update OCSP manual, and inline to main X.509 docJack Lloyd2016-12-173-48/+116
| | | | [ci skip]
* Update the X.509 manual and add more informationRené Korthaus2016-12-171-58/+243
|
* Update pubkey docsDaniel Neus2016-12-082-41/+71
|
* resolved invalid links to build with sphinx 1.5Never2016-12-072-2/+2
|
* Merge GH #745 Make --via-amalgamation an error. Improve quoting in Travis ↵Jack Lloyd2016-12-041-4/+7
|\ | | | | | | build script
| * Adapt docs to --amalgamation changeSimon Warta2016-12-021-4/+7
| |
* | Update tls_verify_cert_chain docs to reflect OCSP stapling changesJack Lloyd2016-12-041-5/+19
|/ | | | | | GH #755 [ci skip]
* Add note on rfc6979 signatures to manual [ci skip]René Korthaus2016-11-282-2/+14
|
* Document TLS::Policy::require_cert_revocation_infoJack Lloyd2016-11-281-0/+20
|
* Address review comments from @cordneyJack Lloyd2016-11-251-2/+2
| | | | | | | | | | | | Primarily doc updates but also expose some more logic in PKIX namespace, overall_status and merge_revocation_status. This allows calling more or less all of the logic used by the monolitic x509_path_validate in any way needed by an application. Add Certificate_Store_In_Memory::add_crl variant taking shared_ptr Add optional Certificate_Store_In_Memory* pointer to check_crl_online, valid CRLs are saved there.
* Move TLS cert verification callback from Credentials_Manager to TLS::CallbacksJack Lloyd2016-11-232-27/+37
| | | | | | It is the only function in C_M which is called on to process session-specific (and adversarially provided) inputs, rather than passively returning some credential which is typically not session specific.
* Merge GH #731 Add CLI docsJack Lloyd2016-11-193-12/+165
|\ | | | | | | [ci skip]
| * Minor changes and fixesJuraj Somorovsky2016-11-191-19/+23
| |
| * added CLI sectionNever2016-11-173-12/+161
| |
* | Order default TLS ECC curve preferences by performanceJack Lloyd2016-11-191-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | Moves x25519 to the front for best by-default side channel resistance, and orders remaining NIST/BP curves by performance rather than size. That means putting P-521 before P-384, since P-521 is much faster at least in Botan (due to much simpler modular reduction for P-521 prime), and Brainpools to the end due to being quite slow (no fast reductions). All of the supported curves seem strong enough, and if someone can break P-256 they can probably break P-384 as well so there doesn't seem much advantage in preferring slower curves by default.
* | Add CECPQ1 TLS ciphersuitesJack Lloyd2016-11-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | Tested against BoringSSL (as client + server) and google.com (as client). Fix a stupid crashing bug in NewHope's BoringSSL mode. Remove unneeded error return from curve25519_donna - always returned 0. Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which means the default no-extra-configuration ciphersuite (for Botan client speaking to Botan server) is a ciphersuite which is both implemented in constant time on all platforms and (hopefully) provides post quantum security. Good Things.
* | Merge GH #721 Documentation reorg and expansionJack Lloyd2016-11-166-272/+943
|\|
| * added manual code examples and removed Nyberg-Rueppel, Rabin-Williams from docNever2016-11-161-37/+101
| |
| * Doc changes/additions: hash,symmetric crypto and pubkeyNever2016-11-116-272/+879
| |
* | Add PKCS#11 documentationDaniel Neus2016-11-142-0/+1245
|/
* Remove mention of GNU MP engine optionJack Lloyd2016-11-071-6/+1
| | | | | | | | Was removed in 1.11.10, but reference here remained. GH #719 Update OpenSSL requirements - 1.0.0 and all older versions are EOL [ci skip]
* Revert "Remove the Perl XS module"Jack Lloyd2016-11-051-0/+38
| | | | | | | This reverts commit 2ec08fa6b5fd270e50f8526c1c6dfaabfda66e02. The Perl wrapper was removed as unmaintained, but nobody is likely to maintain it if they don't know it exists.
* Change TLS default policy to disable DSA, CCM-8, and static RSAJack Lloyd2016-11-021-18/+60
| | | | | | | | | | | | | | | Disables static RSA by default. The advantage here is twofold: enforcing forward security and protecting TLS servers from oracle attacks since by default they will never negotiate a suite which forces them to act as a decryption oracle. Some applications/users may be forced to enable RSA in order to speak with old or misconfigured peers, but these can be the exception not the default. Disable DSA and CCM-8 by default: if you need to enable these things, you know it. Adds TLS policy hooks to enforce DSA key sizes, default 2048 bits. Remove an incorrect warning about DTLS in the manual; the sequence number window check prevents this scenario from occuring.
* Add note on status of Pipe/Filter APIJack Lloyd2016-10-291-0/+15
| | | | [ci skip]
* Merge GH #673 X25519 TLS key exchangeJack Lloyd2016-10-241-1/+1
|\
| * X25519 key exchange for TLSJack Lloyd2016-10-211-1/+1
| | | | | | | | | | Client interops with google.com, server not tested against an independent client yet.
* | Build the docs during CIJack Lloyd2016-10-222-3/+5
|/ | | | Fix various doc building problems/warnings.
* Update manualRené Korthaus2016-10-031-0/+13
|