| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
|
|
| |
Verification is deterministic and public, so really no RNG is ever needed.
Change provider handling - accepts "base", "openssl", or empty, otherwise
throws a Provider_Not_Found exception.
|
|
|
|
|
|
|
|
| |
Instead the key types exposes operations like `create_encryption_op`
which will return the relevant operation if the algorithm supports it.
Changes pubkey.h interface, now RNG is passed at init time.
Blinder previous created its own RNG, now it takes it from app.
|
| |
|
|
|
|
|
| |
Remove Entropy_Accumulator, instead have entropy sources directly
add entropy to the RNG.
|
|\ |
|
| | |
|
|/
|
|
| |
--module-policy bsi
|
|
|
|
|
|
|
| |
Adds support for probabilistic, aka the standard, DSA and ECDSA.
Can be enabled by disabling the rfc6979 module.
Includes test vectors from NIST CAVP.
Adds rfc6979 to the list of prohibited modules in BSI policy.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
as was previously done with encrypt/decrypt ops.
One feature dropped on the floor here is previously PK_Signer by
default did verification of signatures before releasing them as an
measure against fault attacks. However in addition to being expensive
this turned out to be difficult to implement with the new scheme.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Convert all uses of Algorithm_Factory and the engines to using Algo_Registry
The shared pool of entropy sources remains but is moved to EntropySource.
With that and few remaining initializations (default OIDs and aliases)
moved elsewhere, the global state is empty and init and shutdown are no-ops.
Remove almost all of the headers and code for handling the global
state, except LibraryInitializer which remains as a compatability stub.
Update seeding for blinding so only one hacky almost-global RNG
instance needs to be setup instead of across all pubkey uses (it uses
either the system RNG or an AutoSeeded_RNG if the system RNG is not
available).
|
|
|
|
| |
Remove global PRNG.
|
|
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|
| |
|
|
|
|
|
| |
Drop the GNU MP engine. Its implementations were potentially faster in
some scenarios but not well protected against side channels.
|
| |
|
|
|