aboutsummaryrefslogtreecommitdiffstats
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* New reseed_with_sources call on RNGsJack Lloyd2015-11-241-1/+0
| | | | | | | | | | | | | Provides an easier way for an application to configure a list of entropy sources they'd like to use, or add a custom entropy source to their seeding. Exposes some toggles for the global/default entropy sources to build.h Adds basic entropy tests which runs the polls and does sanity checking on the results, including compression tests if available. These are less useful for the CSPRNG outputs but a good check for the ones producing plain ASCII like the /proc reader.
* Updates for news, readmeJack Lloyd2015-11-241-9/+8
| | | | [ci skip]
* Add Simon Warta to license and creditsSimon Warta2015-11-182-0/+7
| | | | [ci skip]
* Merge pull request #332 from tiwoc/creditsJack Lloyd2015-11-162-0/+5
|\ | | | | Add myself (tiwoc) to credits.rst and license.txt
| * Add myself to credits.rst and license.txtDaniel Seither2015-11-162-0/+5
| |
* | Update hacking.rst with copyright info and other hints. GH #331Jack Lloyd2015-11-161-7/+78
|/ | | | [ci skip]
* Fix bug causing TLS client to sometimes reject DHE server kexJack Lloyd2015-11-131-0/+4
| | | | | | Re-encoding the server key exchange meant that any leading zeros in the values for DHE (or SRP) would be stripped out. This would cause the signature check to fail.
* Add remove_all to TLS session manager interfaceJack Lloyd2015-11-131-0/+2
| | | | DB::spin now returns the number of rows affected
* Add TLS_PSK testsJack Lloyd2015-11-132-1/+10
| | | | | | | | | | | Fix a bug which rejected any short server key exchanges. These can occur with a plain PSK with short or empty identity hints. Disable SHA-224 by default. Remove some vestigal RC4 cruft. Push more on the TLS corruption tests.
* Update and consolidate the test framework.Jack Lloyd2015-11-111-2/+13
| | | | | | | | | | | The tests previously had used 4 to 6 different schemes internally (the vec file reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a design that works everywhere, and update all the things. Fix also a few bugs found by the test changes: SHA-512-256 name incorrect, OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy was wrong.
* Tick version to 1.11.25Jack Lloyd2015-11-041-0/+5
|
* Correct 1.11.24 release dateJack Lloyd2015-11-041-1/+1
| | | | [ci skip]
* Update for 1.11.24 release1.11.24Jack Lloyd2015-11-041-0/+11
|
* Add check for path validation result in Credentials_Manager. GH #324Jack Lloyd2015-11-041-0/+6
|
* Update newsJack Lloyd2015-10-271-0/+6
| | | | [ci skip]
* Tick version to 1.11.23Jack Lloyd2015-10-271-0/+7
| | | | [ci skip]
* Update for 1.11.23 release1.11.23Jack Lloyd2015-10-261-1/+6
| | | | [ci skip]
* 1.11.22 release1.11.22Jack Lloyd2015-10-262-11/+82
|
* Merge pull request #314 from randombit/ct-tls-cbc-paddingJack Lloyd2015-10-262-2/+6
|\ | | | | TLS improvements
| * TLS improvementsJack Lloyd2015-10-252-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Use constant time operations when checking CBC padding in TLS decryption Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes from working: on decode the session id and hello cookie would be swapped, causing confusion between client and server. Various changes in the service of finding the above DTLS bug that should have been done before now anyway - better control of handshake timeouts (via TLS::Policy), better reporting of handshake state in the case of an error, and finally expose the facility for per-message application callbacks.
* | Merge pull request #306 from webmaster128/update-docsSimon Warta2015-10-262-41/+33
|\ \ | |/ |/| Update docs to avoid Shpinx errors and warnings
| * Update doc for issuer_dn() and subject_dn()Simon Warta2015-10-201-3/+3
| | | | | | | | [ci skip]
| * Remove redundant function definitions from docsSimon Warta2015-10-201-10/+0
| | | | | | | | [ci skip]
| * Make Version_Code an enum type for documentationSimon Warta2015-10-201-1/+1
| | | | | | | | | | | | Confirm http://sphinx-doc.org/domains.html#directive-cpp:enum-struct [ci skip]
| * Update TLC::Client constructor documentationSimon Warta2015-10-201-13/+14
| | | | | | | | [ci skip]
| * Update TLS::Server signature in docsSimon Warta2015-10-201-14/+15
| | | | | | | | [ci skip]
* | Make Montgomery reduction constant time.Jack Lloyd2015-10-241-2/+6
|/ | | | | | | | | | | | | | It was already close, but the carry loop would break early and selecting which value to copy out was indexed on the borrow bit. Have the carry loop run through, and add a const-time conditional copy operation and use that to copy the output. Convert ct_utils to CT namespace. Templatize the utils, which I was hesitant to do initially but is pretty useful when dealing with arbitrary word sizes. Remove the poison macros, replace with inline funcs which reads cleaner at the call site.
* Make PKCS #1 and OAEP decoding constant time to avoid oracle attacksJack Lloyd2015-10-161-0/+17
| | | | | | | | via timing channels. Add annotations for checking constant-time code using ctgrind to PKCS #1 and OAEP, as well as IDEA and Curve25519 which were already written as constant time code.
* Add security notifications/advisory page to website.Jack Lloyd2015-10-152-0/+106
| | | | Based on GH #272
* Add prime and dl_group command line tools.Jack Lloyd2015-10-151-0/+2
| | | | | | Some cleanups in random_prime. Increase probability in prime tests from 1/2**64 to 1/2**128. Also break out of the sieve loop early if it has failed.
* Prohibit creating a DL_Group smaller than 1024 bitsJack Lloyd2015-10-151-1/+3
|
* Periodically reinitialize the blinding sequence instead of alwaysJack Lloyd2015-10-151-4/+14
| | | | deriving it by squaring the previous value.
* Add support for RSA signing and verification via OpenSSLJack Lloyd2015-10-141-0/+6
|
* Add `--minimized-build` which does the same thing as `--no-autoload`Jack Lloyd2015-10-142-4/+6
| | | | | but the meaning of the option is probably easier to understand with this name.
* Tick version on trunk to 1.11.22Jack Lloyd2015-10-111-0/+4
|
* Update for 1.11.21 release1.11.21Jack Lloyd2015-10-111-1/+1
| | | | [ci skip]
* Doc updatesJack Lloyd2015-10-052-4/+24
| | | | [ci skip]
* Update change notes for 1.11.21Jack Lloyd2015-09-301-0/+18
| | | | [ci skip]
* McEliece cleanupsJack Lloyd2015-09-292-0/+75
| | | | | | | | | | | | | | | | | | | | Remove and consolidate various headers Reduce memory usage of GF2m_Field by sharing the log and exponent tables across all instances of a particular word size. Remove McEliece_Public_Operation and McEliece_Private_Operation which were difficult to use safely. Instead only the KEM operations are exposed. Add McEliece_PublicKey::random_plaintext_element Add command line `mce` tool and some McEliece documentation Convert the speed program to check McEliece keys of the suggested size Add McEliece KATs for both key generation and KEM Fix HMAC_DRBG constructor which derefed a pointer before its time
* Update todoJack Lloyd2015-09-221-2/+3
| | | | [ci skip]
* Move contrib/sqlite to github.com/randombit/botan-sqliteJack Lloyd2015-09-211-0/+3
|
* Remove the Perl XS moduleJack Lloyd2015-09-212-38/+2
|
* Remove OCaml wrapper, moved to randombit/botan-ocamlJack Lloyd2015-09-211-0/+3
|
* Some docs on source code layoutJack Lloyd2015-09-121-0/+71
| | | | [ci skip]
* Bump version to 1.11.21(-pre)Jack Lloyd2015-09-101-0/+3
| | | | [ci skip]
* Update for 1.11.20 release1.11.20Jack Lloyd2015-09-071-6/+7
|
* Add release notes from Github tickets for 1.11.20Simon Warta2015-09-061-1/+23
| | | | [ci skip]
* Add missing Botan 1.11.19 release notesSimon Warta2015-09-031-1/+17
| | | | [ci skip]
* Build with libc++ C++ standard library on clang for iOSRené Korthaus2015-08-291-1/+1
| | | | | When building for iOS with clang, the C++ standard library must be set to libc++ instead of libstdc++.
* Reverse the algorithm priority orderingJack Lloyd2015-08-291-0/+7
| | | | | | Previously 0 was the highest priority and 255 was the lowest. But this is really quite confusing, instead treat 0 as lowest and 255 as highest so normal integer intuitions apply.