aboutsummaryrefslogtreecommitdiffstats
path: root/checks/x509.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Add a new function to public key x509_subject_public_key which returnslloyd2010-03-041-6/+2
| | | | | what x509_encoder()->key_bits() used to return. This is much simpler than using the explicit encoder objects. Remove X509_Encoder entirely.
* Kill get_EC_Dom_Pars_by_oidlloyd2010-03-011-1/+1
|
* Add copyright and license notes to pretty much every file that didn't have them,lloyd2009-12-311-0/+6
| | | | | | | | including the examples and self-test code. Most of these files had not copyright/license information at all; since a major point of the examples is to allow users to copy and paste code that already does something they want, an ambigious license is not good.
* In creating X.509 certificates and PKCS #10 requests, let (actually: require)lloyd2009-11-091-2/+8
| | | | | | | the user to specify the hash function to use, instead of always using SHA-1. This was a sensible default a few years ago, when there wasn't a ~2^60 attack on SHA-1 and support for SHA-2 was pretty much nil, but using something else makes a lot more sense these days.
* Generate an ECDSA cert if ECDSA is enabled during testslloyd2008-10-111-0/+9
|
* Modularize the public key algorithms, though currently a great deal oflloyd2008-09-281-7/+13
| | | | | | the underlying implementation goop remains in the core library instead of being shunted off, due to various dependencies it has (most of which it shouldn't).
* Create an x509 module containing all of the X509 certificate and CAlloyd2008-09-281-37/+50
| | | | code as well as the code for handling PKCS #10 requests.
* Remove most of the direct references to the global_rng() calllloyd2008-06-281-9/+6
|
* Remove uses of global PRNG from self-test and benchmark code. Assumeslloyd2008-06-271-4/+3
| | | | access to /dev/random (will be cleaned up shortly)
* Remove load checking, as it requires an RNG (at least at the moment).lloyd2008-06-271-2/+2
| | | | | | | | | Probably some variation of it will be added back in later, at least to do basic checks like that primes are really odd (and we can do basic primality checks, etc, even with an RNG). Alternative: call check_key() manually on public keys you load with an RNG object.
* Similiar combining transform for the ElGamal, DSA, and NR private keylloyd2008-06-201-1/+1
| | | | constructors.
* Use RNG& argument for PKCS8::encrypt_key and PKCS8::PEM_encodelloyd2008-06-201-5/+6
|
* Convert pkcs8_decoder() and x509_decoder() to take a RandomNumberGenerator&lloyd2008-06-201-2/+4
| | | | | | | | reference, along with PKCS8::load_key get_pbe no longer calls new_params() on the newly instantiated instance, which is not backwards compatible (you have to either call new_params yourself, or explicitly set the iteration count, salt, etc)
* Fix remaining -Wmissing-declarations warnings in self-test/benchmark codelloyd2008-06-201-0/+2
|
* Fix some -Wmissing-declarations warningslloyd2008-06-121-0/+4
|
* X509_CA::{new_crl,update_crl} take a RandomNumberGenerator referencelloyd2008-06-111-2/+2
|
* X509::create_cert_req and X509::create_self_signed_cert take an RNG reflloyd2008-06-111-3/+9
|
* Modify X509_CA::make_cert and X509_CA::sign_request to take a RNG referencelloyd2008-06-111-7/+8
| | | | argument in favor of referencing the global PRNG argument
* Previously random_integer and friends used the global PRNG object to getlloyd2008-05-241-3/+7
| | | | | | | | | | | | | random bits. Now they take a reference to a RandomNumberGenerator object. This was applied several times out, so now the constructors to private key objects also take a RandomNumberGenerator& argument. This is also true for a number of randomized algorithms (Miller-Rabin, for instance). You can get a reference to the global PRNG with global_state().prng_reference() This is a provisional thing: and warning: it is not thread safe! If this is a problem instead keep per-thread PRNGs and pass them were needed.
* Change the interface of X509_CA::sign_request as follows:lloyd2008-04-101-2/+7
| | | | | | | | | | | - The allow_ca policy value is no longer checked. Callers should check if the request is for a CA cert and treat it accordingly; this makes it simpler to to case-by-case decisions (expecially among multiple threads) - Instead of a single time value, a u32bit representing the number of seconds from now the certificate should expire, the start and end times are passed explicitly as two X509_Time values.
* Rename X509_PublicKey and PKCS8_PrivateKey to the new types within thelloyd2006-09-061-7/+7
| | | | self-test sources
* Split PK_Key into Public_Key and Private_Key; these new classes merge inlloyd2006-09-061-5/+32
| | | | the interfaces previously included in X509_PublicKey and PKCS8_PrivateKey.
* Remove the public domain notices from the self-test/benchmark code,lloyd2006-08-091-1/+0
| | | | because it turns out to be something of a legal minefield.
* Modify the X.509 tests so they pick up a bug in PKCS10_Requestlloyd2006-06-231-0/+2
|
* Initial checkin1.5.6lloyd2006-05-181-0/+147