| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Some cleanups in random_prime. Increase probability in prime tests from
1/2**64 to 1/2**128. Also break out of the sieve loop early if it has
failed.
|
| |
|
|
|
|
|
|
|
|
| |
For PK_Encryptor and company they are requested via a new provider param
to the constructors.
The speed command gets a --provider option so you can see benchmark results
with the different versions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove and consolidate various headers
Reduce memory usage of GF2m_Field by sharing the log and exponent
tables across all instances of a particular word size.
Remove McEliece_Public_Operation and McEliece_Private_Operation which
were difficult to use safely. Instead only the KEM operations are exposed.
Add McEliece_PublicKey::random_plaintext_element
Add command line `mce` tool and some McEliece documentation
Convert the speed program to check McEliece keys of the suggested size
Add McEliece KATs for both key generation and KEM
Fix HMAC_DRBG constructor which derefed a pointer before its time
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Increment the input message so each value is different rather than
repeatedly hashing the same message until we regen a new random one.
In ECDSA speed test be explicit about what group is being used.
Remove 160 bit groups from ECC benchmarking; 80 bits is not enough anymore
so doesn't much matter.
|
|\
| |
| | |
Add PKCS#8 private/public key processing tool GH #163
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This tool works similar to 'openssl pkey' in that it allows to
read a private key from file and output the private or
corresponding public key to file. It also allows changing a
private key passphrase this way. This tool comes in handy when
replacing use of openssl in scripts.
The syntax is:
botan pkcs8 --in=private.pem --out=key_out.pem [--pubout] [--passin=] [--passout=] [--pbe=]
|
| |
| |
| |
| |
| |
| |
| | |
* Add random_prime benchmark
* Add is_prime benchmark
* Respect runtime in benchmark_transform(). This sets default runtime
from 2s to 0.5s per configuration
|
|\ \
| | |
| | | |
Add two missing overrides and fix bug in fuzzer relating to these
|
| | | |
|
|/ /
| |
| |
| | |
Only botan-cli, botan-tests and the FFI module depend on PKCS8
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|/
|
|
| |
Fixes #146.
|
| |
|
|\
| |
| | |
Increase default keysize to 2048 bit in keygen tool
|
| |
| |
| |
| |
| |
| |
| | |
The keygen tool would generate a 1024 bit RSA
key by default. As 1024 bit RSA is not considered
secure from todays standards, default keysize is
increased to 2048 bit.
|
| |
| |
| |
| |
| | |
- 2x use BOTAN_UNUSED when OptionParser is used
- 1x argc is checked now
|
|\ \
| | |
| | | |
ifstream/ostream take std::string
|
| |/ |
|
|/
|
|
| |
to ensure proper flusing
|
|
|
|
|
|
|
| |
Uninitialized variables, missing divide by zero checks, missing
virtual destructor, etc. Only thing serious is bug in TLS maximum
fragment decoder; missing breaks in switch statement meant receiver
would treat any negotiated max frament as 4k limit.
|
| |
|
|
|
|
|
|
|
|
|
| |
as was previously done with encrypt/decrypt ops.
One feature dropped on the floor here is previously PK_Signer by
default did verification of signatures before releasing them as an
measure against fault attacks. However in addition to being expensive
this turned out to be difficult to implement with the new scheme.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
alternate implementation for Unix and add some feature checks so a
boost-free build of the tests and command line are possible again.
|
|
|
|
|
|
| |
notify the user when they are enabled.
Drop botan-config, replaced by `botan config` command added in 1.11.8
|
|
|
|
|
|
| |
Fix retreival of LZMA and bzip2 compressors from make_compressor.
Allow setting compression level from command line.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Convert all uses of Algorithm_Factory and the engines to using Algo_Registry
The shared pool of entropy sources remains but is moved to EntropySource.
With that and few remaining initializations (default OIDs and aliases)
moved elsewhere, the global state is empty and init and shutdown are no-ops.
Remove almost all of the headers and code for handling the global
state, except LibraryInitializer which remains as a compatability stub.
Update seeding for blinding so only one hacky almost-global RNG
instance needs to be setup instead of across all pubkey uses (it uses
either the system RNG or an AutoSeeded_RNG if the system RNG is not
available).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Transforms and BlockCiphers. Registration for all types is done at
startup but is very cheap as just a std::function and a std::map entry
are created, no actual objects are created until needed. This is a
huge improvement over Algorithm_Factory which used T::clone() as the
function and thus kept a prototype object of each type in memory.
Replace existing lookup mechanisms for ciphers, AEADs, and compression
to use the transform lookup. The existing Engine framework remains in
place for BlockCipher, but the engines now just call to the registry
instead of having hardcoded lookups.
s/Transformation/Transform/ with typedefs for compatability.
Remove lib/selftest code (for runtime selftesting): not the right approach.
|
| |
|
| |
|
|
|
|
| |
See github 42 for background
|
| |
|
| |
|
| |
|
| |
|
| |
|