aboutsummaryrefslogtreecommitdiffstats
path: root/doc/manual
Commit message (Collapse)AuthorAgeFilesLines
* Add PKCS#11 documentationDaniel Neus2016-11-142-0/+1245
|
* Remove mention of GNU MP engine optionJack Lloyd2016-11-071-6/+1
| | | | | | | | Was removed in 1.11.10, but reference here remained. GH #719 Update OpenSSL requirements - 1.0.0 and all older versions are EOL [ci skip]
* Revert "Remove the Perl XS module"Jack Lloyd2016-11-051-0/+38
| | | | | | | This reverts commit 2ec08fa6b5fd270e50f8526c1c6dfaabfda66e02. The Perl wrapper was removed as unmaintained, but nobody is likely to maintain it if they don't know it exists.
* Change TLS default policy to disable DSA, CCM-8, and static RSAJack Lloyd2016-11-021-18/+60
| | | | | | | | | | | | | | | Disables static RSA by default. The advantage here is twofold: enforcing forward security and protecting TLS servers from oracle attacks since by default they will never negotiate a suite which forces them to act as a decryption oracle. Some applications/users may be forced to enable RSA in order to speak with old or misconfigured peers, but these can be the exception not the default. Disable DSA and CCM-8 by default: if you need to enable these things, you know it. Adds TLS policy hooks to enforce DSA key sizes, default 2048 bits. Remove an incorrect warning about DTLS in the manual; the sequence number window check prevents this scenario from occuring.
* Add note on status of Pipe/Filter APIJack Lloyd2016-10-291-0/+15
| | | | [ci skip]
* Merge GH #673 X25519 TLS key exchangeJack Lloyd2016-10-241-1/+1
|\
| * X25519 key exchange for TLSJack Lloyd2016-10-211-1/+1
| | | | | | | | | | Client interops with google.com, server not tested against an independent client yet.
* | Build the docs during CIJack Lloyd2016-10-222-3/+5
|/ | | | Fix various doc building problems/warnings.
* Update manualRené Korthaus2016-10-031-0/+13
|
* Fix docJack Lloyd2016-09-281-2/+1
| | | | | | This command got lost somewhere along the way. [ci skip]
* Merge GH #516 Cipher_Mode API improvementsJack Lloyd2016-09-261-3/+1
|\
| * Cipher_Mode API improvementsJack Lloyd2016-09-011-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Cipher_Mode::update API is more general than needed to just support ciphers (this is due to it previously being an API of Transform which before 8b85b780515 was Cipher_Mode's base class) Define a less general interface `process` which either processes the blocks in-place, producing exactly as much output as there was input, or (SIV/CCM case) saves the entire message for processing in `finish`. These two uses cover all current or anticipated cipher modes. Leaves `update` for compatability with existing callers; all that is needed is an inline function forwarding to `process`. Removes the return type from `start` - in all cipher implementations, this always returned an empty vector. Adds BOTAN_ARG_CHECK macro; right now BOTAN_ASSERT is being used for argument checking in some places, which is not right at all.
* | Update RNG docs a bitJack Lloyd2016-09-071-8/+27
|/ | | | [ci skip]
* Merge GH #567/GH #457 TLS refactoring and Callbacks interfaceJack Lloyd2016-08-311-83/+91
|\
| * Add a Callbacks function for ALPNJack Lloyd2016-08-161-14/+30
| |
| * Changes to TLS::Callbacks for GH PR #457Jack Lloyd2016-08-161-76/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make TLS::Channel::m_callbacks a reference, so deriving from TLS::Callbacks works Split out the compat (std::function) based interface to Compat_Callbacks. This avoids the overhead of empty std::functions when using the virtual interface, and ensures the virtual interface works since there is no callback path that does not involve a vtable lookup. Rename the TLS::Callback functions. Since the idea is that often an owning class will pass *this as the callbacks argument, it is good to namespace the virtual functions so as not to conflict with other names chosen by the class. Specifically, prefixes all cb functions with tls_ Revert changes to use the old style alert callback (with no longer used data/len params) so no API changes are required for old code. The new Callbacks interface continues to just receive the alert code itself. Switch to virtual function interface in CLI tls_client for testing. Inline tls_server_handshake_state.h - only used in tls_server.cpp Fix tests - test looked like it was creating a new client object but it was not actually being used. And when enabled, it failed because the queues were not being emptied in between. So, fix that.
* | Add Stateful_RNGJack Lloyd2016-07-171-82/+51
|/ | | | | | | | | | | | | | Handles fork checking for HMAC_RNG and HMAC_DRBG AutoSeeded_RNG change - switch to HMAC_DRBG as default. Start removing the io buffer from entropy poller. Update default RNG poll bits to 256. Fix McEliece test, was using wrong RNG API. Update docs.
* Fix bug that prevents LaTeX documentation from being builtMouse2016-06-171-1/+1
|
* Remove Transform base classJack Lloyd2016-04-211-27/+63
| | | | | | | | | | | | | | | | | | | | | | With sufficient squinting, Transform provided an abstract base interface that covered both cipher modes and compression algorithms. However it mapped on neither of them particularly well. In addition this API had the same problem that has made me dislike the Pipe/Filter API: given a Transform&, what does it do when you put bits in? Maybe it encrypts. Maybe it compresses. It's a floor wax and a dessert topping! Currently the Cipher_Mode interface is left mostly unchanged, with the APIs previously on Transform just moved down the type hierarchy. I think there are some definite improvements possible here, wrt handling of in-place encryption, but left for a later commit. The compression API is split into two types, Compression_Algorithm and Decompression_Algorithm. Compression_Algorithm's start() call takes the compression level, allowing varying compressions with a single object. And flushing the compression state is moved to a bool param on `Compression_Algorithm::update`. All the nonsense WRT compression algorithms having zero length nonces, input granularity rules, etc as a result of using the Transform interface goes away.
* Fix formatting bugs in TLS docJack Lloyd2016-04-131-11/+6
| | | | | | | Fixes GH #460 Closes GH #474 [ci skip]
* Remove support for TLS v1.2 MD5 and SHA-224 signatures.Jack Lloyd2016-03-171-7/+4
| | | | | | | | | Remove support for weak ECC curves (anything under P-256) from TLS. This includes secp256k1 since we don't take advantage of the special form for any performance advantage; might as well use P-256. The manual still mentioned that it was possible to use MD5 in Policy::allowed_macs, but all HMAC-MD5 suites are already removed.
* Add section on fork safety to rng manualRené Korthaus2016-03-081-0/+19
|
* Fix formatting GH #415Jack Lloyd2016-02-172-24/+32
| | | | [ci skip]
* Update iOS build instructionsRené Korthaus2016-02-071-16/+16
| | | When building for iOS, you want to build for all three architectures, so you can run your app on an iOS device and on the simulator.
* Misc doc updatesJack Lloyd2016-01-043-7/+15
| | | | [ci skip]
* Remove references to deleted examples GH #339Jack Lloyd2015-12-194-36/+1
|
* Replace path src/cmd/ by new src/cli/ in documentationSimon Warta2015-12-115-16/+10
| | | | | | Closes #356. [ci skip]
* Add TLS_PSK testsJack Lloyd2015-11-131-1/+2
| | | | | | | | | | | Fix a bug which rejected any short server key exchanges. These can occur with a plain PSK with short or empty identity hints. Disable SHA-224 by default. Remove some vestigal RC4 cruft. Push more on the TLS corruption tests.
* Merge pull request #314 from randombit/ct-tls-cbc-paddingJack Lloyd2015-10-261-2/+4
|\ | | | | TLS improvements
| * TLS improvementsJack Lloyd2015-10-251-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Use constant time operations when checking CBC padding in TLS decryption Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes from working: on decode the session id and hello cookie would be swapped, causing confusion between client and server. Various changes in the service of finding the above DTLS bug that should have been done before now anyway - better control of handshake timeouts (via TLS::Policy), better reporting of handshake state in the case of an error, and finally expose the facility for per-message application callbacks.
* | Update doc for issuer_dn() and subject_dn()Simon Warta2015-10-201-3/+3
| | | | | | | | [ci skip]
* | Remove redundant function definitions from docsSimon Warta2015-10-201-10/+0
| | | | | | | | [ci skip]
* | Make Version_Code an enum type for documentationSimon Warta2015-10-201-1/+1
| | | | | | | | | | | | Confirm http://sphinx-doc.org/domains.html#directive-cpp:enum-struct [ci skip]
* | Update TLC::Client constructor documentationSimon Warta2015-10-201-13/+14
| | | | | | | | [ci skip]
* | Update TLS::Server signature in docsSimon Warta2015-10-201-14/+15
|/ | | | [ci skip]
* Add `--minimized-build` which does the same thing as `--no-autoload`Jack Lloyd2015-10-141-4/+4
| | | | | but the meaning of the option is probably easier to understand with this name.
* McEliece cleanupsJack Lloyd2015-09-292-0/+75
| | | | | | | | | | | | | | | | | | | | Remove and consolidate various headers Reduce memory usage of GF2m_Field by sharing the log and exponent tables across all instances of a particular word size. Remove McEliece_Public_Operation and McEliece_Private_Operation which were difficult to use safely. Instead only the KEM operations are exposed. Add McEliece_PublicKey::random_plaintext_element Add command line `mce` tool and some McEliece documentation Convert the speed program to check McEliece keys of the suggested size Add McEliece KATs for both key generation and KEM Fix HMAC_DRBG constructor which derefed a pointer before its time
* Remove the Perl XS moduleJack Lloyd2015-09-211-38/+0
|
* Build with libc++ C++ standard library on clang for iOSRené Korthaus2015-08-291-1/+1
| | | | | When building for iOS with clang, the C++ standard library must be set to libc++ instead of libstdc++.
* Remove references to removed APIs and algosJack Lloyd2015-07-294-97/+13
| | | | LibraryInitializer, PK filters, Algorithm base class, PGP S2K
* Fix random_prime() indent in BigInt docsSimon Warta2015-07-271-5/+5
| | | | [ci skip]
* Fix typosSimon Warta2015-07-245-9/+9
| | | | Thanks to @vlajos https://github.com/vlajos/misspell_fixer
* Update building documentationSimon Warta2015-07-151-26/+24
| | | | [ci skip]
* Simplify the website and documentation layout.Jack Lloyd2015-07-033-44/+11
| | | | | | | | | | | | | | Merge the website index, download page, algo page into the readme file so all the important information is in one place. The readme.rst is now also used as the website landing page. Remove the website target on the makefile, replaced by website.sh, since I'm the only one who ever needs to run this. Fix various ReST formatting bugs in news.rst and the manual Remove the old build_log which hasn't been touched in years and refers entirely to compilers which we don't support anymore.
* Add compression doc to indexlloyd2015-06-191-1/+1
|
* Remove RC4 (and all support for stream ciphers) from TLSlloyd2015-05-151-2/+2
|
* Update compression docslloyd2015-05-102-42/+52
|
* Add ALPN (RFC 7301) and remove NPNlloyd2015-03-201-22/+17
|
* Use /usr/bin/env to find python in the install script, Python doc updateslloyd2015-03-101-7/+10
| | | | Both from Uri B to mailing list.
* Doc updateslloyd2015-02-283-7/+47
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 19:47:32 +0000