| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
what x509_encoder()->key_bits() used to return. This is much simpler
than using the explicit encoder objects. Remove X509_Encoder entirely.
|
| |
|
|
|
|
|
|
|
|
| |
including the examples and self-test code.
Most of these files had not copyright/license information at all; since a major
point of the examples is to allow users to copy and paste code that already
does something they want, an ambigious license is not good.
|
|
|
|
|
|
|
| |
the user to specify the hash function to use, instead of always using SHA-1.
This was a sensible default a few years ago, when there wasn't a ~2^60 attack
on SHA-1 and support for SHA-2 was pretty much nil, but using something else
makes a lot more sense these days.
|
| |
|
|
|
|
|
|
| |
the underlying implementation goop remains in the core library instead of
being shunted off, due to various dependencies it has (most of which it
shouldn't).
|
|
|
|
| |
code as well as the code for handling PKCS #10 requests.
|
| |
|
|
|
|
| |
access to /dev/random (will be cleaned up shortly)
|
|
|
|
|
|
|
|
|
| |
Probably some variation of it will be added back in later, at least
to do basic checks like that primes are really odd (and we can do
basic primality checks, etc, even with an RNG).
Alternative: call check_key() manually on public keys you load with an
RNG object.
|
|
|
|
| |
constructors.
|
| |
|
|
|
|
|
|
|
|
| |
reference, along with PKCS8::load_key
get_pbe no longer calls new_params() on the newly instantiated instance,
which is not backwards compatible (you have to either call new_params
yourself, or explicitly set the iteration count, salt, etc)
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
argument in favor of referencing the global PRNG argument
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
random bits. Now they take a reference to a RandomNumberGenerator object.
This was applied several times out, so now the constructors to private
key objects also take a RandomNumberGenerator& argument. This is also true
for a number of randomized algorithms (Miller-Rabin, for instance).
You can get a reference to the global PRNG with
global_state().prng_reference()
This is a provisional thing: and warning: it is not thread safe! If this
is a problem instead keep per-thread PRNGs and pass them were needed.
|
|
|
|
|
|
|
|
|
|
|
| |
- The allow_ca policy value is no longer checked. Callers should check
if the request is for a CA cert and treat it accordingly; this makes
it simpler to to case-by-case decisions (expecially among multiple
threads)
- Instead of a single time value, a u32bit representing the number of
seconds from now the certificate should expire, the start and end times
are passed explicitly as two X509_Time values.
|
|
|
|
| |
self-test sources
|
|
|
|
| |
the interfaces previously included in X509_PublicKey and PKCS8_PrivateKey.
|
|
|
|
| |
because it turns out to be something of a legal minefield.
|
| |
|
|
|