botan.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Convert to using standard uintN_t integer types	Jack Lloyd	2016-12-18	1	-23/+23
\| \| \| \| \| \|	Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
*	Improve tls doxygen [ci skip]	René Korthaus	2016-10-19	1	-0/+6
\|
*	Address some issues with PR 492	Jack Lloyd	2016-08-13	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Adds copyright notices for Juraj Somorovsky and Christian Mainka of Hackmanit for the changes in 7c7fcecbe6a and 6d327f879c Add Policy::check_peer_key_acceptable which lets the app set an arbitrary callback for examining keys - both the end entity signature keys from certificates and the peer PFS public keys. Default impl checks that the algorithm size matches the min keylength. This centralizes this logic and lets the application do interesting things. Adds a policy for ECDSA group size checks. Increases default policy minimums to 2048 RSA and 256 ECC. (Maybe I'm an optimist after all.)
*	Encrypt-then-MAC extension (RFC 7366)	Juraj Somorovsky	2016-05-11	1	-1/+6
\| \| \| \| \| \|	Introduced a countermeasure against the logjam attack Short TLS records (AES-CBC) now return BAD_RECORD_MAC Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
*	cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵	Daniel Neus	2016-03-05	1	-1/+1
\| \| \| \|	explicit.
*	Remove support for the TLS min fragment length extension.	Jack Lloyd	2016-02-07	1	-10/+1
\|
*	Add extended master secret extension (RFC 7627) to TLS	Jack Lloyd	2016-01-03	1	-1/+6
\| \| \| \|	Interop tested with mbed TLS
*	lib/tls: Convert &vec[0] to vec.data()	Simon Warta	2015-06-23	1	-1/+1
\|
*	Fix various bugs found by Coverity scanner.	lloyd	2015-05-15	1	-0/+1
\| \| \| \| \| \| \|	Uninitialized variables, missing divide by zero checks, missing virtual destructor, etc. Only thing serious is bug in TLS maximum fragment decoder; missing breaks in switch statement meant receiver would treat any negotiated max frament as 4k limit.
*	Ensure all files have copyright and license info.	lloyd	2015-01-10	1	-1/+1
\| \| \| \| \|	Update license header line to specify the terms and refer to the file, neither of which it included before.
*	Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC).	lloyd	2015-01-04	1	-12/+16
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map.
*	Move lib into src	lloyd	2014-01-10	1	-0/+206