| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Add a new callback that is called with the session info when a
handshake completes. Currently only called on the server side as
the client doesn't have session resumption yet.
Rename CipherSuite to TLS_Cipher_Suite.
|
|
|
|
| |
OpenSSL's s_client instead of just doing a one-shot request.
|
|
|
|
|
|
|
|
| |
Add support for sending and reading the SRP identifier extension.
Add some helper classes for managing TLS extensions
Add ciphersuite codes for SRP key exchange.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
TLS 1.0/1.1, SSLv3 uses a different hash format. Only RSA certs tested
so far.
|
|
|
|
| |
old blocking interface and use that.
|
| |
|
|
|
|
| |
Also delete the obsolete/never worked CMS examples
|
| |
|
| |
|
|
|
|
| |
Update download links before I forget
|
|
|
|
|
|
|
|
|
| |
certificate policies extension, though it's really not supported
at all.
Remove test code from secmem.h
Fix building the examples
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
results are undefined. This happens to work under GCC and most other
compilers, but does not under Visual C++ 2010. This broke hex_encode
when encoding an empty input, and this subsequently broke SSL
handshaking.
2010 includes a TR1 that works fine for SSL, but it puts the headers
in the main header space rather than under tr1/, so account for that.
Hack the socket header into working under WinSock
Tick version to 1.10.0
|
|
|
|
|
| |
and probably useless threads section, also fix compilation of several
examples.
|
|
|
|
|
|
|
| |
standardized by NIST; the FPE currently included is just a random one
that was relatively easy to implement. Move the header to fpe_fe1.h,
and rename the function. Update the example and add some documentation
for it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and a random number generator, and the other taking a group and a
preset private key value. The DL private keys instead have on
constructor for this; if the x value is zero, then a new random key is
created. For consistency, do this with ECC as well.
ECDH actually didn't have one of these constructors, forcing you to
either load from PKCS #8 or else use a random key.
Rename EC_Domain_Params to EC_Group, with a typedef for compatability.
More doc updates.
Update mtn ignores for Sphinx output
|
|
|
|
|
| |
for things like this, and the User_Interface class is going to die
as soon as I can manage it, anyway.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a makefile to build it with Sphinx (http://sphinx.pocoo.org/).
Previously credits.txt listed public domain code sources; instead
directly credit the authors in the relevant files and delete that
file.
Drop the draft FIPS 140 security policy; I can't imagine FIPS 140
validation will ever happen, and if it does, I don't want
anything to do with it.
Also drop the internals doc, which was so out of date (and
incomplete) as to be worthless.
Move the tutorials and InSiTo pdfs into old/ for the time being,
until anything relevant from them can be filtered out and
converted into RST.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
The x509info example now just calls that
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
harmonising MemoryRegion with std::vector:
The MemoryRegion::clear() function would zeroise the buffer, but keep
the memory allocated and the size unchanged. This is very different
from STL's clear(), which is basically the equivalent to what is
called destroy() in MemoryRegion. So to be able to replace MemoryRegion
with a std::vector, we have to rename destroy() to clear() and we have
to expose the current functionality of clear() in some other way, since
vector doesn't support this operation. Do so by adding a global function
named zeroise() which takes a MemoryRegion which is zeroed. Remove clear()
to ensure all callers are updated.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Rename CPUID::has_aes_intel to has_aes_ni.
|
|
|
|
|
| |
initialize() call which must be called prior to use of any other
functions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
really is only used by OpenPGP, and largely it was named S2K here
because the OpenPGP S2K was implemented years before the ones in PKCS
#5. We have a typedef of PBKDF to S2K, and an inlined get_s2k that
calls get_pbkdf for source compatability.
There doesn't seem to be any reason to have a forward for the renamed
s2k.h header - to actually use a PBKDF, you'd have to either include
lookup.h and call get_s2k / get_pbkdf, or else include an
algorithm-specific header and use it directly. In either case,
including s2k.h is neither necessary nor sufficient.
|
|
|
|
| |
on Windows.
|
| |
|