aboutsummaryrefslogtreecommitdiffstats
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* Split amalagamation into ISA specific objectslloyd2015-02-221-10/+11
|
* Update relnotes and todo, fix python signaturelloyd2015-02-193-38/+62
|
* Reduce the CTR_BE buffer down to just a few blocks.lloyd2015-02-171-0/+2
| | | | No performance impact afaict.
* Python: docs, key agreement, fix bcrypt trailing null byte.lloyd2015-02-162-1/+224
| | | | Initial very incomplete pass at error return value sanity.
* Add new module `ffi` which provides a plain C interface, plus a newlloyd2015-02-164-15/+114
| | | | | | | | | | | | ctypes Python wrapper that uses it. The API is intentionally designed to have a very simple ABI (extern "C", all structs are opaque, no memory ownership passing the FFI boundary, limited set of simple types as args) so the ctypes wrapper is quite simple. Currently ffi provides ciphers, hashes, MACs, RNGs, PBKDF, KDF, bcrypt, and most public key operations. Remove the old boost.python wrapper and all the build code for it.
* Mark modules pulling in external deps (zlib, boost, etc) as such, andlloyd2015-02-062-40/+27
| | | | | | notify the user when they are enabled. Drop botan-config, replaced by `botan config` command added in 1.11.8
* Enable OpenSSL for providing ciphers and hashes again.lloyd2015-02-051-6/+3
|
* Remove algo factory, engines, global RNG, global state, etc.lloyd2015-02-041-8/+4
| | | | | | | | | | | | | | | Convert all uses of Algorithm_Factory and the engines to using Algo_Registry The shared pool of entropy sources remains but is moved to EntropySource. With that and few remaining initializations (default OIDs and aliases) moved elsewhere, the global state is empty and init and shutdown are no-ops. Remove almost all of the headers and code for handling the global state, except LibraryInitializer which remains as a compatability stub. Update seeding for blinding so only one hacky almost-global RNG instance needs to be setup instead of across all pubkey uses (it uses either the system RNG or an AutoSeeded_RNG if the system RNG is not available).
* Add typedefs for function signatures/types used in TLS for easier readinglloyd2015-01-271-31/+37
|
* Handle repeated initializations of the library better and deal withlloyd2015-01-241-0/+8
| | | | initializations across multiple threads safely.
* Allow reducing the size of the allocated mlock pool via env variablelloyd2015-01-241-0/+9
| | | | | | (BOTAN_MLOCK_POOL_SIZE, specified in decimal KB). Currently we read this even when setuid as the worst a user could do is disable mlock, which they can already do via ulimits.
* Fix list formattinglloyd2015-01-241-20/+21
|
* Add Strict_Policy. Disable server initiated renegotiation by default.lloyd2015-01-231-5/+8
|
* Remove memset_s, not implemented on any machine I can test on andlloyd2015-01-231-2/+2
| | | | | | | | problematic for requiring a special define before the first include of string.h. Instead optionally call memset via a volatile function pointer as a faster alternative to byte at a time writes. Github 42, 45
* Update TLS OCB ciphersuites to match draft-zauner-tls-aes-ocb-00lloyd2015-01-213-0/+13
| | | | | and enable them in the default build, though still not enabled in the runtime policy.
* Update for 1.11.13 release1.11.13lloyd2015-01-112-3/+3
|
* Add SipHashlloyd2015-01-113-2/+4
|
* Remove SSLv3 and handling of SSLv2 client hellos.lloyd2015-01-113-27/+21
|
* Create a combined news page for the websitelloyd2015-01-102-2/+2
|
* Convert the asio server from a weird example server to a generic proxy server.lloyd2015-01-102-8/+7
|
* Move license text to a plain text file without ReST marketlloyd2015-01-103-56/+55
|
* Add MCEIES, an integrated encryption system using McEliece and AES-256/OCBlloyd2015-01-081-0/+3
|
* Joel also wrote Threaded_Forklloyd2015-01-081-0/+1
|
* Add a sketch of a support roadmaplloyd2015-01-081-0/+59
|
* Change TLS session encryption to use AES-256/GCM instead of CBC+HMAClloyd2015-01-082-9/+27
|
* Add SHA-512/256lloyd2015-01-081-0/+2
| | | | | Define some new functions for copying out arrays of words and use them across hashes.
* Add todo.rst derived from enhancement tickets in bugzillalloyd2015-01-071-0/+69
|
* Netsieben.com appears to be gone but there is a fork on githublloyd2015-01-061-1/+1
|
* Fix install script under Python3lloyd2015-01-061-2/+5
|
* Fix doc bugslloyd2015-01-052-2/+2
|
* Update relnoteslloyd2015-01-041-0/+8
|
* Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC).lloyd2015-01-041-4/+5
| | | | | | | | | | | | | | Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map.
* Tick version to 1.11.13lloyd2015-01-033-1/+6
|
* Update for 1.11.12 release1.11.12lloyd2015-01-024-6/+10
|
* Point to github on index pagelloyd2015-01-021-3/+6
|
* Add ChaCha20Poly1305 TLS ciphersuites compatible with Google's implementationlloyd2014-12-312-9/+13
|
* More info on AEAD decryption handlinglloyd2014-12-311-0/+10
|
* Add AEAD based on ChaCha20 and Poly1305 defined in ↵lloyd2014-12-291-2/+3
| | | | draft-irtf-cfrg-chacha20-poly1305-03
* Add Poly1305, based on poly1305-donna by Andrew Moon.lloyd2014-12-293-1/+5
|
* Update algoslloyd2014-12-271-1/+2
|
* When encrypting McEliece or Curve25519 keys, default to GCM instead of CBC.lloyd2014-12-271-3/+9
| | | | Add OIDS for OCB mode with various ciphers.
* Add Curve25519 based on curve25519-donna by Adam Langley.lloyd2014-12-273-0/+9
| | | | | | This uses only the c64 version from curve25519-donna; on systems that don't have a native uint128_t type, a donna128 type stands in for just enough 128-bit operations to satisfy donna.cpp
* Mention github issueslloyd2014-12-271-4/+5
|
* Update download link and tick version number.lloyd2014-12-223-2/+6
|
* Update for 1.11.11 release1.11.11lloyd2014-12-221-1/+4
|
* Enable system_rng on Windows and MinGW (untested)lloyd2014-12-211-0/+10
|
* Update TLS doclloyd2014-12-201-11/+26
|
* Add abstract database interface so applications can easily store infolloyd2014-12-201-0/+12
| | | | | | in places other than sqlite3, though sqlite3 remains the only implementation. The interface is currently limited to precisely the functionality the TLS session manager needs and will likely expand.
* Add 1.10.9 releaselloyd2014-12-132-5/+23
|
* Tick to 1.11.11lloyd2014-12-131-0/+3
|