Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Split amalagamation into ISA specific objects | lloyd | 2015-02-22 | 1 | -10/+11 |
| | |||||
* | Update relnotes and todo, fix python signature | lloyd | 2015-02-19 | 3 | -38/+62 |
| | |||||
* | Reduce the CTR_BE buffer down to just a few blocks. | lloyd | 2015-02-17 | 1 | -0/+2 |
| | | | | No performance impact afaict. | ||||
* | Python: docs, key agreement, fix bcrypt trailing null byte. | lloyd | 2015-02-16 | 2 | -1/+224 |
| | | | | Initial very incomplete pass at error return value sanity. | ||||
* | Add new module `ffi` which provides a plain C interface, plus a new | lloyd | 2015-02-16 | 4 | -15/+114 |
| | | | | | | | | | | | | ctypes Python wrapper that uses it. The API is intentionally designed to have a very simple ABI (extern "C", all structs are opaque, no memory ownership passing the FFI boundary, limited set of simple types as args) so the ctypes wrapper is quite simple. Currently ffi provides ciphers, hashes, MACs, RNGs, PBKDF, KDF, bcrypt, and most public key operations. Remove the old boost.python wrapper and all the build code for it. | ||||
* | Mark modules pulling in external deps (zlib, boost, etc) as such, and | lloyd | 2015-02-06 | 2 | -40/+27 |
| | | | | | | notify the user when they are enabled. Drop botan-config, replaced by `botan config` command added in 1.11.8 | ||||
* | Enable OpenSSL for providing ciphers and hashes again. | lloyd | 2015-02-05 | 1 | -6/+3 |
| | |||||
* | Remove algo factory, engines, global RNG, global state, etc. | lloyd | 2015-02-04 | 1 | -8/+4 |
| | | | | | | | | | | | | | | | Convert all uses of Algorithm_Factory and the engines to using Algo_Registry The shared pool of entropy sources remains but is moved to EntropySource. With that and few remaining initializations (default OIDs and aliases) moved elsewhere, the global state is empty and init and shutdown are no-ops. Remove almost all of the headers and code for handling the global state, except LibraryInitializer which remains as a compatability stub. Update seeding for blinding so only one hacky almost-global RNG instance needs to be setup instead of across all pubkey uses (it uses either the system RNG or an AutoSeeded_RNG if the system RNG is not available). | ||||
* | Add typedefs for function signatures/types used in TLS for easier reading | lloyd | 2015-01-27 | 1 | -31/+37 |
| | |||||
* | Handle repeated initializations of the library better and deal with | lloyd | 2015-01-24 | 1 | -0/+8 |
| | | | | initializations across multiple threads safely. | ||||
* | Allow reducing the size of the allocated mlock pool via env variable | lloyd | 2015-01-24 | 1 | -0/+9 |
| | | | | | | (BOTAN_MLOCK_POOL_SIZE, specified in decimal KB). Currently we read this even when setuid as the worst a user could do is disable mlock, which they can already do via ulimits. | ||||
* | Fix list formatting | lloyd | 2015-01-24 | 1 | -20/+21 |
| | |||||
* | Add Strict_Policy. Disable server initiated renegotiation by default. | lloyd | 2015-01-23 | 1 | -5/+8 |
| | |||||
* | Remove memset_s, not implemented on any machine I can test on and | lloyd | 2015-01-23 | 1 | -2/+2 |
| | | | | | | | | problematic for requiring a special define before the first include of string.h. Instead optionally call memset via a volatile function pointer as a faster alternative to byte at a time writes. Github 42, 45 | ||||
* | Update TLS OCB ciphersuites to match draft-zauner-tls-aes-ocb-00 | lloyd | 2015-01-21 | 3 | -0/+13 |
| | | | | | and enable them in the default build, though still not enabled in the runtime policy. | ||||
* | Update for 1.11.13 release1.11.13 | lloyd | 2015-01-11 | 2 | -3/+3 |
| | |||||
* | Add SipHash | lloyd | 2015-01-11 | 3 | -2/+4 |
| | |||||
* | Remove SSLv3 and handling of SSLv2 client hellos. | lloyd | 2015-01-11 | 3 | -27/+21 |
| | |||||
* | Create a combined news page for the website | lloyd | 2015-01-10 | 2 | -2/+2 |
| | |||||
* | Convert the asio server from a weird example server to a generic proxy server. | lloyd | 2015-01-10 | 2 | -8/+7 |
| | |||||
* | Move license text to a plain text file without ReST market | lloyd | 2015-01-10 | 3 | -56/+55 |
| | |||||
* | Add MCEIES, an integrated encryption system using McEliece and AES-256/OCB | lloyd | 2015-01-08 | 1 | -0/+3 |
| | |||||
* | Joel also wrote Threaded_Fork | lloyd | 2015-01-08 | 1 | -0/+1 |
| | |||||
* | Add a sketch of a support roadmap | lloyd | 2015-01-08 | 1 | -0/+59 |
| | |||||
* | Change TLS session encryption to use AES-256/GCM instead of CBC+HMAC | lloyd | 2015-01-08 | 2 | -9/+27 |
| | |||||
* | Add SHA-512/256 | lloyd | 2015-01-08 | 1 | -0/+2 |
| | | | | | Define some new functions for copying out arrays of words and use them across hashes. | ||||
* | Add todo.rst derived from enhancement tickets in bugzilla | lloyd | 2015-01-07 | 1 | -0/+69 |
| | |||||
* | Netsieben.com appears to be gone but there is a fork on github | lloyd | 2015-01-06 | 1 | -1/+1 |
| | |||||
* | Fix install script under Python3 | lloyd | 2015-01-06 | 1 | -2/+5 |
| | |||||
* | Fix doc bugs | lloyd | 2015-01-05 | 2 | -2/+2 |
| | |||||
* | Update relnotes | lloyd | 2015-01-04 | 1 | -0/+8 |
| | |||||
* | Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC). | lloyd | 2015-01-04 | 1 | -4/+5 |
| | | | | | | | | | | | | | | Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map. | ||||
* | Tick version to 1.11.13 | lloyd | 2015-01-03 | 3 | -1/+6 |
| | |||||
* | Update for 1.11.12 release1.11.12 | lloyd | 2015-01-02 | 4 | -6/+10 |
| | |||||
* | Point to github on index page | lloyd | 2015-01-02 | 1 | -3/+6 |
| | |||||
* | Add ChaCha20Poly1305 TLS ciphersuites compatible with Google's implementation | lloyd | 2014-12-31 | 2 | -9/+13 |
| | |||||
* | More info on AEAD decryption handling | lloyd | 2014-12-31 | 1 | -0/+10 |
| | |||||
* | Add AEAD based on ChaCha20 and Poly1305 defined in ↵ | lloyd | 2014-12-29 | 1 | -2/+3 |
| | | | | draft-irtf-cfrg-chacha20-poly1305-03 | ||||
* | Add Poly1305, based on poly1305-donna by Andrew Moon. | lloyd | 2014-12-29 | 3 | -1/+5 |
| | |||||
* | Update algos | lloyd | 2014-12-27 | 1 | -1/+2 |
| | |||||
* | When encrypting McEliece or Curve25519 keys, default to GCM instead of CBC. | lloyd | 2014-12-27 | 1 | -3/+9 |
| | | | | Add OIDS for OCB mode with various ciphers. | ||||
* | Add Curve25519 based on curve25519-donna by Adam Langley. | lloyd | 2014-12-27 | 3 | -0/+9 |
| | | | | | | This uses only the c64 version from curve25519-donna; on systems that don't have a native uint128_t type, a donna128 type stands in for just enough 128-bit operations to satisfy donna.cpp | ||||
* | Mention github issues | lloyd | 2014-12-27 | 1 | -4/+5 |
| | |||||
* | Update download link and tick version number. | lloyd | 2014-12-22 | 3 | -2/+6 |
| | |||||
* | Update for 1.11.11 release1.11.11 | lloyd | 2014-12-22 | 1 | -1/+4 |
| | |||||
* | Enable system_rng on Windows and MinGW (untested) | lloyd | 2014-12-21 | 1 | -0/+10 |
| | |||||
* | Update TLS doc | lloyd | 2014-12-20 | 1 | -11/+26 |
| | |||||
* | Add abstract database interface so applications can easily store info | lloyd | 2014-12-20 | 1 | -0/+12 |
| | | | | | | in places other than sqlite3, though sqlite3 remains the only implementation. The interface is currently limited to precisely the functionality the TLS session manager needs and will likely expand. | ||||
* | Add 1.10.9 release | lloyd | 2014-12-13 | 2 | -5/+23 |
| | |||||
* | Tick to 1.11.11 | lloyd | 2014-12-13 | 1 | -0/+3 |
| |