aboutsummaryrefslogtreecommitdiffstats
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* Merge GH #645 TLS compressed pointsJack Lloyd2016-10-072-0/+15
|\
| * Update manualRené Korthaus2016-10-031-0/+13
| |
| * Support encoding of supported point formats extensionRené Korthaus2016-10-031-0/+2
| |
* | Fix entropy source selection logic on WindowsJack Lloyd2016-10-041-0/+4
|/ | | | Fixes GH #644
* Tick to 1.11.33Jack Lloyd2016-09-281-0/+3
|
* 1.11.32 release1.11.32Jack Lloyd2016-09-281-15/+27
|
* Fix docJack Lloyd2016-09-281-2/+1
| | | | | | This command got lost somewhere along the way. [ci skip]
* Merge GH #516 Cipher_Mode API improvementsJack Lloyd2016-09-261-3/+1
|\
| * Cipher_Mode API improvementsJack Lloyd2016-09-011-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Cipher_Mode::update API is more general than needed to just support ciphers (this is due to it previously being an API of Transform which before 8b85b780515 was Cipher_Mode's base class) Define a less general interface `process` which either processes the blocks in-place, producing exactly as much output as there was input, or (SIV/CCM case) saves the entire message for processing in `finish`. These two uses cover all current or anticipated cipher modes. Leaves `update` for compatability with existing callers; all that is needed is an inline function forwarding to `process`. Removes the return type from `start` - in all cipher implementations, this always returned an empty vector. Adds BOTAN_ARG_CHECK macro; right now BOTAN_ASSERT is being used for argument checking in some places, which is not right at all.
* | Update todoJack Lloyd2016-09-241-63/+60
| | | | | | | | [ci skip]
* | Todos [ci skip]Jack Lloyd2016-09-181-1/+16
| |
* | Add a relnoteJack Lloyd2016-09-171-0/+16
| | | | | | | | [ci skip]
* | Update RNG docs a bitJack Lloyd2016-09-071-8/+27
| | | | | | | | [ci skip]
* | Document removing `hres_timer` module in 1.11.31Jack Lloyd2016-09-071-0/+3
| | | | | | | | [ci skip]
* | Update news and readmeJack Lloyd2016-09-051-7/+18
| |
* | Simplify amalgamation generationSimon Warta2016-09-041-0/+5
| |
* | Update news and deprecated filesJack Lloyd2016-09-022-11/+5
|/
* Bump version to 1.11.32-preJack Lloyd2016-09-011-0/+12
|
* Merge master into this branch, resolving conflicts with #457/#576Jack Lloyd2016-08-3110-176/+443
|\ | | | | | | which recently landed on master.
| * Merge GH #567/GH #457 TLS refactoring and Callbacks interfaceJack Lloyd2016-08-311-83/+91
| |\
| | * Add a Callbacks function for ALPNJack Lloyd2016-08-161-14/+30
| | |
| | * Changes to TLS::Callbacks for GH PR #457Jack Lloyd2016-08-161-76/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make TLS::Channel::m_callbacks a reference, so deriving from TLS::Callbacks works Split out the compat (std::function) based interface to Compat_Callbacks. This avoids the overhead of empty std::functions when using the virtual interface, and ensures the virtual interface works since there is no callback path that does not involve a vtable lookup. Rename the TLS::Callback functions. Since the idea is that often an owning class will pass *this as the callbacks argument, it is good to namespace the virtual functions so as not to conflict with other names chosen by the class. Specifically, prefixes all cb functions with tls_ Revert changes to use the old style alert callback (with no longer used data/len params) so no API changes are required for old code. The new Callbacks interface continues to just receive the alert code itself. Switch to virtual function interface in CLI tls_client for testing. Inline tls_server_handshake_state.h - only used in tls_server.cpp Fix tests - test looked like it was creating a new client object but it was not actually being used. And when enabled, it failed because the queues were not being emptied in between. So, fix that.
| * | Update for 1.11.31 release1.11.31Jack Lloyd2016-08-302-1/+19
| | |
| * | Update todoJack Lloyd2016-08-301-2/+2
| | | | | | | | | | | | [ci skip]
| * | Add ECIES to newsJack Lloyd2016-08-301-2/+4
| | | | | | | | | | | | [ci skip]
| * | Update release notesJack Lloyd2016-08-291-5/+22
| | |
| * | Merge GH #593 RNG workJack Lloyd2016-08-261-0/+5
| |\ \
| | * | RNG changes (GH #593)Jack Lloyd2016-08-241-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change reseed interval logic to count calls to `randomize` rather than bytes, to match SP 800-90A Changes RNG reseeding API: there is no implicit reference to the global entropy sources within the RNGs anymore. The entropy sources must be supplied with the API call. Adds support for reseding directly from another RNG (such as a system or hardware RNG). Stateful_RNG keeps optional references to both an RNG and a set of entropy sources. During a reseed, both sources are used if set. These can be provided to HMAC_DRBG constructor. For HMAC_DRBG, SP800-90A requires we output no more than 2**16 bytes per DRBG request. We treat requests longer than that as if the caller had instead made several sequential maximum-length requests. This means it is possible for one or more reseeds to trigger even in the course of generating a single (long) output (generate a 256-bit key and use ChaCha or HKDF if this is a problem). Adds RNG::randomize_with_ts_input which takes timestamps and uses them as the additional_data DRBG field. Stateful_RNG overrides this to also include the process ID and the reseed counter. AutoSeeded_RNG's `randomize` uses this. Officially deprecates RNG::make_rng and the Serialized_RNG construtor which creates an AutoSeeded_RNG. With these removed, it would be possible to perform a build with no AutoSeeded_RNG/HMAC_DRBG at all (eg, for applications which only use the system RNG). Tests courtesy @cordney in GH PRs #598 and #600
| * | | Update release notesJack Lloyd2016-08-241-6/+42
| | | | | | | | | | | | | | | | [ci skip]
| * | | git notesJack Lloyd2016-08-241-3/+20
| | | | | | | | | | | | | | | | [ci skip]
| * | | Add release notes for 1.8.15 which escaped news.rstJack Lloyd2016-08-241-0/+13
| |/ / | | | | | | | | | [ci skip]
| * | Doc/relnote updatesJack Lloyd2016-08-204-29/+57
| | | | | | | | | | | | [ci skip]
| * | DeprecationsJack Lloyd2016-08-172-0/+35
| | | | | | | | | | | | [ci skip]
| * | Update newsJack Lloyd2016-07-181-2/+5
| | | | | | | | | | | | [ci skip]
| * | Merge GH #520 RNG changesJack Lloyd2016-07-181-82/+51
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds Stateful_RNG base class which handles reseeding after some amount of output (configurable at instantiation time, defaults to the build.h value) as well as detecting forks (just using pid comparisons, so still vulnerable to pid wraparound). Implemented by HMAC_RNG and HMAC_DRBG. I did not update X9.31 since its underlying RNG should already be fork safe and handle reseeding at the appropriate time, since a new block is taken from the underlying RNG (for the datetime vector) for each block of output. Adds RNG::randomize_with_input which for most PRNGs is just a call to add_entropy followed by randomize. However for HMAC_DRBG it is used for additional input. Adds tests for HMAC_DRBG with AD from the CAVS file. RNG::add_entropy is implemented by System_RNG now, as both CryptGenRandom and /dev/urandom support receiving application provided data. The AutoSeeded_RNG underlying type is currently selectable in build.h and defaults to HMAC_DRBG(SHA-256). AutoSeeded_RNG provides additional input with each output request, consisting of the current pid, a counter, and timestamp (unless the application explicitly calls randomize_with_input, in which case we just take what they provided). This is the same hedge used in HMAC_RNGs output PRF. AutoSeeded_RNG is part of the base library now and cannot be compiled out. Removes Entropy_Accumulator type (which just served to bridge between the RNG and the entropy source), instead the Entropy_Source is passed a reference to the RNG being reseeded, and it can call add_entropy on whatever it can come up with.
| | * | Add Stateful_RNGJack Lloyd2016-07-171-82/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Handles fork checking for HMAC_RNG and HMAC_DRBG AutoSeeded_RNG change - switch to HMAC_DRBG as default. Start removing the io buffer from entropy poller. Update default RNG poll bits to 256. Fix McEliece test, was using wrong RNG API. Update docs.
| * | | Merge GH #533 DLIES changesJack Lloyd2016-07-173-0/+18
| |\ \ \
| | * | | DLIES reworkDaniel Neus2016-07-133-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With these fixes the implementation is now compatible with bouncycastle and it should operate as it is specified in "DHIES: An encryption scheme based on Diffie-Hellman Problem" or in BSI technical guideline TR-02102-1. In addition to the already present XOR-encrypion/decryption mode it's now possible to use DLIES with a block cipher. Previously the input to the KDF was the concatenation of the (ephemeral) public key and the secret value derived by the key agreement operation: ``` secure_vector<byte> vz(m_my_key.begin(), m_my_key.end()); vz += m_ka.derive_key(0, m_other_key).bits_of(); const size_t K_LENGTH = length + m_mac_keylen; secure_vector<byte> K = m_kdf->derive_key(K_LENGTH, vz); ``` I don't know why this was implemented like this. But now the input to the KDF is only the secret value obtained by the key agreement operation. Furthermore the order of the output was changed from {public key, tag, ciphertext} to {public key, ciphertext, tag}. Multiple test vectors added that were generated with bouncycastle and some with botan itself.
| * | | | Merge GH #534 Update changelog with X9.23 bug fixJack Lloyd2016-07-171-0/+3
| |\ \ \ \ | | |_|/ / | |/| | |
| | * | | Update changelog with ANSI X9.23 padding bugfixRené Korthaus2016-07-131-0/+3
| | |/ /
| * / / Fix undefined behavior in donna128 typeJack Lloyd2016-07-151-0/+4
| |/ / | | | | | | | | | | | | | | | | | | Caused Curve25519 tests to fail when compiled by Clang on ARM, may have affected other 32-bit platforms. GH #532
| * | Deprecate EGDJack Lloyd2016-07-111-0/+4
| | |
| * | Update news.rst with changes so far for 1.11.31Jack Lloyd2016-07-041-0/+11
| | | | | | | | | | | | [ci skip]
| * | Merge GH #504 Add ECKCDSAJack Lloyd2016-06-201-0/+7
| |\ \
| | * | Add entry to creditsRené Korthaus2016-06-141-0/+7
| | | |
| * | | Merge GH #483 Add ECIES and KDF1 from ISO 18033Jack Lloyd2016-06-201-6/+12
| |\ \ \ | | |_|/ | |/| |
| | * | Merge remote-tracking branch 'remotes/origin/master' into eciesPhilipp Weber2016-05-303-3/+50
| | |\ \
| | * | | add ecies implementation according to iso-18033Philipp Weber2016-04-271-1/+1
| | | | |
| | * | | add kdf1 implementation according to iso-18033 (preparation for ecies)Philipp Weber2016-04-271-0/+6
| | | | |
| * | | | Tick to 1.11.31Jack Lloyd2016-06-191-0/+3
| | | | | | | | | | | | | | | | | | | | [ci skip]