| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
[ci skip]
|
| | |
|
| | |
|
| |
|
|
| |
[ci skip]
|
| |
|
|
| |
[ci skip]
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out SRP6 files use a different base64 alphabet than standard,
and additionally Botan's decoding of the group id seems wrong though
I haven't verified this second was a bug. In any case this code couldn't
parse anything it was supposed to and never could.
I had already planned on adding a database backed SRP store and removing
this code but the fact that it's actually not functional for purpose
suggests it's best to remove this now rather than let someone chance upon
it and be endlessly frustrated that it doesn't seem to work because all
the verifiers are garbled.
|
| |
|
|
|
| |
Moves BSI policy file to test data dir where it can be compared with
what the hardcoded class outputs.
|
| |
|
|
|
| |
Effectively disables 1024 bit RSA as well as SHA-1.
Edit the tests where required to enable it again.
|
| |
|
|
|
|
|
|
|
| |
Fix a bug in how the 6144 and 8192 IETF MODP groups were encoded; they
have g and q values switched. Fixed by just switching the PEM header
to match the actual encoded format.
Rename DL_Group::X942_DH_PARAMETERS to ANSI_X9_42_DH_PARAMETERS to avoid
a macro conflict with Windows cryptography headers (GH #482)
|
| |
|
|
| |
[ci skip]
|
| | |
|
| |
|
|
|
|
|
| |
Changes all the Public_Key derived classes ctors to take a
std::vector instead of a secure_vector for the DER encoded
public key bits. There is no point in transporting a public
key in secure storage. (GH #768)
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Adds new Private_Key::private_key_info() that returns
a PKCS#8 PrivateKeyInfo structure. Renames the current
Private_Key::pkcs8_private_key() to private_key_bits().
BER_encode() just invokes private_key_info().
|
| |
|
|
|
|
|
| |
Adds new Public_Key::subject_public_key() that returns
a X.509 SubjectPublicKey structure. Renames the current
Public_Key::x509_subject_public_key() to public_key_bits().
BER_encode() just invokes subject_public_key().
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
[ci skip]
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
[ci skip]
|
| | |
|
| | |
|
| |
|
|
| |
[ci skip]
|
| |
|
|
| |
[ci skip]
|
| |
|
|
| |
[ci skip]
|
| |
|
|
| |
[ci skip]
|
| | |
|
| |
|
|
|
| |
Now that #668 is landed I'm comfortable that we will not need
any type of global init.
|
| |\ |
|
| | |
| |
| |
| | |
[ci-skip]
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Disables static RSA by default. The advantage here is twofold: enforcing forward
security and protecting TLS servers from oracle attacks since by default they
will never negotiate a suite which forces them to act as a decryption
oracle. Some applications/users may be forced to enable RSA in order to speak
with old or misconfigured peers, but these can be the exception not the default.
Disable DSA and CCM-8 by default: if you need to enable these things, you know it.
Adds TLS policy hooks to enforce DSA key sizes, default 2048 bits.
Remove an incorrect warning about DTLS in the manual; the sequence number window
check prevents this scenario from occuring.
|
| | |
|
|
|
These files are important so make them easy to find for someone
unpacking the tarball for the first time.
|
