aboutsummaryrefslogtreecommitdiffstats
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* Merge GH #731 Add CLI docsJack Lloyd2016-11-193-12/+165
|\ | | | | | | [ci skip]
| * Minor changes and fixesJuraj Somorovsky2016-11-191-19/+23
| |
| * added CLI sectionNever2016-11-173-12/+161
| |
* | Order default TLS ECC curve preferences by performanceJack Lloyd2016-11-191-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | Moves x25519 to the front for best by-default side channel resistance, and orders remaining NIST/BP curves by performance rather than size. That means putting P-521 before P-384, since P-521 is much faster at least in Botan (due to much simpler modular reduction for P-521 prime), and Brainpools to the end due to being quite slow (no fast reductions). All of the supported curves seem strong enough, and if someone can break P-256 they can probably break P-384 as well so there doesn't seem much advantage in preferring slower curves by default.
* | Add CECPQ1 TLS ciphersuitesJack Lloyd2016-11-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | Tested against BoringSSL (as client + server) and google.com (as client). Fix a stupid crashing bug in NewHope's BoringSSL mode. Remove unneeded error return from curve25519_donna - always returned 0. Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which means the default no-extra-configuration ciphersuite (for Botan client speaking to Botan server) is a ciphersuite which is both implemented in constant time on all platforms and (hopefully) provides post quantum security. Good Things.
* | Merge GH #721 Documentation reorg and expansionJack Lloyd2016-11-166-272/+943
|\|
| * added manual code examples and removed Nyberg-Rueppel, Rabin-Williams from docNever2016-11-161-37/+101
| |
| * Doc changes/additions: hash,symmetric crypto and pubkeyNever2016-11-116-272/+879
| |
* | Todo updates [ci skip]Jack Lloyd2016-11-161-1/+2
| |
* | Add PKCS#11 documentationDaniel Neus2016-11-142-0/+1245
|/
* Update todoJack Lloyd2016-11-071-2/+12
|
* Remove mention of GNU MP engine optionJack Lloyd2016-11-071-6/+1
| | | | | | | | Was removed in 1.11.10, but reference here remained. GH #719 Update OpenSSL requirements - 1.0.0 and all older versions are EOL [ci skip]
* Fix Sphinx formatting errorsJack Lloyd2016-11-061-3/+5
| | | | [ci skip]
* Tweak readme textsJack Lloyd2016-11-051-2/+2
| | | | [ci skip]
* Revert "Remove the Perl XS module"Jack Lloyd2016-11-051-0/+38
| | | | | | | This reverts commit 2ec08fa6b5fd270e50f8526c1c6dfaabfda66e02. The Perl wrapper was removed as unmaintained, but nobody is likely to maintain it if they don't know it exists.
* Update roadmap re 2.0Jack Lloyd2016-11-031-34/+42
| | | | [ci skip]
* Update todo [ci skip]Jack Lloyd2016-11-031-2/+3
|
* Update deprecated listJack Lloyd2016-11-031-2/+14
| | | | | | | None of these are queued for removal before 2.0, but all probably should have been removed already so get out in front of things for 2.2 [ci skip]
* Change TLS default policy to disable DSA, CCM-8, and static RSAJack Lloyd2016-11-021-18/+60
| | | | | | | | | | | | | | | Disables static RSA by default. The advantage here is twofold: enforcing forward security and protecting TLS servers from oracle attacks since by default they will never negotiate a suite which forces them to act as a decryption oracle. Some applications/users may be forced to enable RSA in order to speak with old or misconfigured peers, but these can be the exception not the default. Disable DSA and CCM-8 by default: if you need to enable these things, you know it. Adds TLS policy hooks to enforce DSA key sizes, default 2048 bits. Remove an incorrect warning about DTLS in the manual; the sequence number window check prevents this scenario from occuring.
* Fix path to news fileJack Lloyd2016-10-311-1/+1
|
* Move license and news to top level directoryJack Lloyd2016-10-313-4224/+1
| | | | | These files are important so make them easy to find for someone unpacking the tarball for the first time.
* Update 1.11.34 release notesJack Lloyd2016-10-301-7/+19
|
* Merge GH #692 Remove deprecated RNGs and entropy sourcesJack Lloyd2016-10-301-10/+0
|\
| * Remove HMAC_RNG, X9.31-RNG, BeOS stats, EGD reader, Unix process runnerJack Lloyd2016-10-281-10/+0
| | | | | | | | | | Change AutoSeeded_RNG to use SHA-384, SHA-256, SHA-3(256), or SHA-1, whichever is available (in that order).
* | Add note on status of Pipe/Filter APIJack Lloyd2016-10-291-0/+15
|/ | | | [ci skip]
* Update release notes with 1.11.34 so farJack Lloyd2016-10-281-0/+10
| | | | [ci skip]
* Fix ReST formatting [ci skip]Jack Lloyd2016-10-262-2/+2
|
* Tick to 1.11.34-preJack Lloyd2016-10-261-0/+4
|
* Final changes for 1.11.33 release1.11.33Jack Lloyd2016-10-262-1/+17
|
* Fix some formatting issues in 1.11.33 notesJack Lloyd2016-10-251-12/+12
| | | | [ci skip]
* Update my email address and PGP keysJack Lloyd2016-10-253-45/+70
| | | | | | | [email protected] is still a valid email address for me but I am using [email protected] going forward. [ci skip]
* Update release notesJack Lloyd2016-10-241-4/+12
| | | | [ci skip]
* Merge GH #673 X25519 TLS key exchangeJack Lloyd2016-10-242-2/+1
|\
| * X25519 key exchange for TLSJack Lloyd2016-10-212-2/+1
| | | | | | | | | | Client interops with google.com, server not tested against an independent client yet.
* | Build the docs during CIJack Lloyd2016-10-222-3/+5
|/ | | | Fix various doc building problems/warnings.
* Update release notesJack Lloyd2016-10-201-0/+29
|
* Doc updates [ci skip]Jack Lloyd2016-10-152-0/+4
|
* Add OS2ECP benchmark.Jack Lloyd2016-10-131-6/+2
| | | | | Turns out decompressing a point is ~50x slower than checking (x,y) is on the curve. Update relnote accordingly.
* Update relnotesJack Lloyd2016-10-102-5/+42
| | | | [ci skip]
* Add missing news item for 1.11.32Jack Lloyd2016-10-091-0/+3
| | | | [ci skip]
* Update todoJack Lloyd2016-10-091-2/+4
| | | | [ci skip]
* Merge GH #645 TLS compressed pointsJack Lloyd2016-10-072-0/+15
|\
| * Update manualRené Korthaus2016-10-031-0/+13
| |
| * Support encoding of supported point formats extensionRené Korthaus2016-10-031-0/+2
| |
* | Fix entropy source selection logic on WindowsJack Lloyd2016-10-041-0/+4
|/ | | | Fixes GH #644
* Tick to 1.11.33Jack Lloyd2016-09-281-0/+3
|
* 1.11.32 release1.11.32Jack Lloyd2016-09-281-15/+27
|
* Fix docJack Lloyd2016-09-281-2/+1
| | | | | | This command got lost somewhere along the way. [ci skip]
* Merge GH #516 Cipher_Mode API improvementsJack Lloyd2016-09-261-3/+1
|\
| * Cipher_Mode API improvementsJack Lloyd2016-09-011-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Cipher_Mode::update API is more general than needed to just support ciphers (this is due to it previously being an API of Transform which before 8b85b780515 was Cipher_Mode's base class) Define a less general interface `process` which either processes the blocks in-place, producing exactly as much output as there was input, or (SIV/CCM case) saves the entire message for processing in `finish`. These two uses cover all current or anticipated cipher modes. Leaves `update` for compatability with existing callers; all that is needed is an inline function forwarding to `process`. Removes the return type from `start` - in all cipher implementations, this always returned an empty vector. Adds BOTAN_ARG_CHECK macro; right now BOTAN_ASSERT is being used for argument checking in some places, which is not right at all.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 11:31:42 +0000