aboutsummaryrefslogtreecommitdiffstats
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* Document new optionsJack Lloyd2019-04-102-0/+20
|
* Update roadmap [ci skip]Jack Lloyd2019-04-081-16/+4
|
* Add todoJack Lloyd2019-03-301-0/+1
|
* Fix quotingJack Lloyd2019-03-291-1/+1
|
* added documentation for acceptable_ciphersuite() and ciphersuite_list()Sergii Cherkavskyi2019-03-271-0/+15
|
* Rename 'darwin' target to 'macos'Jack Lloyd2019-03-271-16/+17
| | | | | Both because that's the more common term, and because iOS/watchOS also uses the Darwin kernel, but we have a distinct target for mobile.
* Deprecate the low level algorithm types [ci skip]Jack Lloyd2019-03-272-0/+6
|
* Another todoJack Lloyd2019-03-251-0/+2
|
* Darwin supports getentropy tooDavid Carlier2019-03-241-1/+1
|
* Clean up TLS deprecation noticesJack Lloyd2019-03-181-22/+28
| | | | | Drop deprecation of CCM-8 as while ugly it is used by CoAP and even still included in TLS v1.3
* Android can possibly support arc4random API.David Carlier2019-03-071-1/+1
|
* Another mistakeJack Lloyd2019-02-261-0/+8
|
* Add todoJack Lloyd2019-02-211-0/+1
|
* Another todoJack Lloyd2019-02-191-1/+1
|
* Update docs to replace from_configuration.Kelvin2019-02-181-6/+10
| | | PasswordHash::from_configuration has bee replace with with PasswordHash::from_params.
* Document the private OID assignmentsJack Lloyd2019-02-181-0/+42
|
* Improve hash function docs. Deprecate SHAKE default output lengths.Jack Lloyd2019-02-132-10/+27
|
* More todosJack Lloyd2019-02-111-1/+1
|
* Add documentation of all configure.py optionsJack Lloyd2019-02-051-15/+441
|
* More todosJack Lloyd2019-01-311-1/+2
|
* Better document hash function strings [ci skip]Jack Lloyd2019-01-311-3/+29
| | | | See #1822
* Another mistakeJack Lloyd2019-01-291-2/+8
|
* Add todoJack Lloyd2019-01-251-0/+1
|
* Doc updatesJack Lloyd2019-01-241-2/+21
|
* Merge GH #1816 Rename Integrity_Failure to Invalid_Authentication_TagJack Lloyd2019-01-212-6/+15
|\
| * Rename Integrity_Failure to Invalid_Authentication_TagJack Lloyd2019-01-182-6/+15
| | | | | | | | | | | | | | | | | | This makes the meaning and usage more clear. Add a specific error type so invalid tags can be distinguished without having to catch that specific type. See also #1813
* | Add a list of mistakesJack Lloyd2019-01-211-0/+50
| |
* | Minor updates to filter docsJack Lloyd2019-01-211-0/+13
| |
* | Add todosJack Lloyd2019-01-211-0/+2
|/
* Remove use of std::filesystem / boost::filesystemJack Lloyd2019-01-171-22/+24
| | | | | | | | | Boost doesn't buy us anything here since we need to maintain Win32 and POSIX implementations for non-Boost builds, and Boost only supports those two APIs anyway. MSVC's implementation of std::filesystem does not help for similar reasons, as we have to maintain a Win32 version for MinGW.
* Add todoJack Lloyd2019-01-041-0/+1
|
* Clarify statements re supportJack Lloyd2019-01-041-9/+10
|
* Update support doc textJack Lloyd2018-12-311-7/+7
|
* Use posix_memalign instead of mmap for creating the locking poolJack Lloyd2018-12-281-10/+9
| | | | | | | | | | | | | As described in #602, using mmap with fork causes problems because the mmap remains shared in the child instead of being copy-on-write, then the parent and child stomp on each others memory. However we really do not need mmap semantics, we just want a block of memory that is page-aligned, which can be done with posix_memalign instead. This was added in POSIX.1-2001 and seems to be implemented by all modern systems. Closes #602
* Fix Barrett reduction input boundJack Lloyd2018-12-261-4/+5
| | | | | | | | | | | | In the long ago when I wrote the Barrett code I must have missed that Barrett works for any input < 2^2k where k is the word size of the modulus. Fixing this has several nice effects, it is faster because it replaces a multiprecision comparison with a single size_t compare, and now the branch does not reveal information about the input or modulus, but only their word lengths, which is not considered sensitive. Fixing this allows reverting the change make in a57ce5a4fd2 and now RSA signing is even slightly faster than in 2.8, rather than 30% slower.
* Update side channel docJack Lloyd2018-12-241-30/+34
|
* Correct affected version range for CVE-2018-20187Jack Lloyd2018-12-191-1/+1
| | | | | | Using the Montgomery ladder for operator* was introduced in ca155a7e54, previous versions did something different, which was itself vulnerable to side channels, but not with the same issue as CVE-2018-20187.
* Avoid using unblinded Montgomery ladder during ECC key generationJack Lloyd2018-12-181-0/+9
| | | | | | | | | | | As doing so means that information about the high bits of the scalar can leak via timing since the loop bound depends on the length of the scalar. An attacker who has such information can perform a more efficient brute force attack (using Pollard's rho) than would be possible otherwise. Found by Ján Jančár (@J08nY) using ECTester (https://github.com/crocs-muni/ECTester) CVE-2018-20187
* Update roadmap [ci skip]Jack Lloyd2018-12-182-56/+30
|
* Another todo [ci skip]Jack Lloyd2018-12-131-0/+1
|
* More todos [ci skip]Jack Lloyd2018-12-121-0/+2
|
* Make this comment more clear [ci skip]Jack Lloyd2018-12-121-1/+2
|
* More todosJack Lloyd2018-12-101-1/+2
|
* More todos [ci skip]Jack Lloyd2018-12-101-0/+6
|
* More todosJack Lloyd2018-12-091-0/+2
|
* Add base58 encoding/decodingJack Lloyd2018-12-091-1/+0
|
* Todos [ci skip]Jack Lloyd2018-12-091-2/+2
|
* Few features added for BSD.David Carlier2018-12-091-1/+2
| | | | | explicit_bzero/explicit_memset since quite a time. getentropy exists for FreeBSD, but only from 12.x.
* Document #1756Jack Lloyd2018-12-021-0/+5
|
* Update newsJack Lloyd2018-12-011-0/+5
|