Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add new module `ffi` which provides a plain C interface, plus a new | lloyd | 2015-02-16 | 3 | -15/+108 |
| | | | | | | | | | | | | ctypes Python wrapper that uses it. The API is intentionally designed to have a very simple ABI (extern "C", all structs are opaque, no memory ownership passing the FFI boundary, limited set of simple types as args) so the ctypes wrapper is quite simple. Currently ffi provides ciphers, hashes, MACs, RNGs, PBKDF, KDF, bcrypt, and most public key operations. Remove the old boost.python wrapper and all the build code for it. | ||||
* | Mark modules pulling in external deps (zlib, boost, etc) as such, and | lloyd | 2015-02-06 | 1 | -40/+22 |
| | | | | | | notify the user when they are enabled. Drop botan-config, replaced by `botan config` command added in 1.11.8 | ||||
* | Add typedefs for function signatures/types used in TLS for easier reading | lloyd | 2015-01-27 | 1 | -31/+37 |
| | |||||
* | Add Strict_Policy. Disable server initiated renegotiation by default. | lloyd | 2015-01-23 | 1 | -5/+8 |
| | |||||
* | Update TLS OCB ciphersuites to match draft-zauner-tls-aes-ocb-00 | lloyd | 2015-01-21 | 1 | -0/+3 |
| | | | | | and enable them in the default build, though still not enabled in the runtime policy. | ||||
* | Remove SSLv3 and handling of SSLv2 client hellos. | lloyd | 2015-01-11 | 1 | -22/+15 |
| | |||||
* | Convert the asio server from a weird example server to a generic proxy server. | lloyd | 2015-01-10 | 1 | -7/+3 |
| | |||||
* | Change TLS session encryption to use AES-256/GCM instead of CBC+HMAC | lloyd | 2015-01-08 | 1 | -3/+5 |
| | |||||
* | Fix doc bugs | lloyd | 2015-01-05 | 2 | -2/+2 |
| | |||||
* | Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC). | lloyd | 2015-01-04 | 1 | -4/+5 |
| | | | | | | | | | | | | | | Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map. | ||||
* | Add ChaCha20Poly1305 TLS ciphersuites compatible with Google's implementation | lloyd | 2014-12-31 | 1 | -9/+10 |
| | |||||
* | More info on AEAD decryption handling | lloyd | 2014-12-31 | 1 | -0/+10 |
| | |||||
* | Update TLS doc | lloyd | 2014-12-20 | 1 | -11/+26 |
| | |||||
* | Make the connection between calling TLS::Channel::send and a new | lloyd | 2014-12-13 | 1 | -3/+9 |
| | | | | wire record being created more clear. | ||||
* | A TLS Server can now process either TLS or DTLS but not either, | lloyd | 2014-11-15 | 1 | -7/+12 |
| | | | | | with the setting set in the constructor. This prevents various surprising things from happening to applications and simplifies record processing. | ||||
* | Replace Transformatio::nstart with start_raw so we can do a full set | lloyd | 2014-11-05 | 1 | -1/+1 |
| | | | | of overloads in the base class with the same name. | ||||
* | Various small fixes and cleanups, new is_prime util | lloyd | 2014-11-03 | 1 | -0/+8 |
| | |||||
* | Correct documentation | lloyd | 2014-10-14 | 1 | -1/+1 |
| | |||||
* | Some documentation updates WRT DTLS and X.509 cert path processing | lloyd | 2014-10-06 | 2 | -25/+100 |
| | |||||
* | Any fixed MR iterations is probably wrong for somebody. Allow the user | lloyd | 2014-04-25 | 1 | -9/+19 |
| | | | | | | to specify a probability as well as if n was randomly chosen or not. If the input is random use a better bounds to reduce the number of needed tests. | ||||
* | Doc fix | lloyd | 2014-04-16 | 1 | -1/+1 |
| | |||||
* | Link to instructions for Android by Daniel Seither | lloyd | 2014-01-23 | 1 | -5/+2 |
| | |||||
* | Fix binary names | lloyd | 2014-01-20 | 1 | -6/+6 |
| | |||||
* | Split up docs into the reference manual, the website, and everything else. | lloyd | 2014-01-10 | 23 | -0/+4364 |
Add `website` target to makefile. Some progress towards fixing minimized builds. TLS now hard requires ECDSA and GCM since otherwise a minimized build has only insecure options. Remove boost_thread dependency in command line tool |