aboutsummaryrefslogtreecommitdiffstats
path: root/src/policy.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Add IETF MODP 8192 DH grouplloyd2008-09-121-0/+47
|
* Reindentlloyd2008-09-071-172/+172
|
* Add the IKE 6144-bit MODP group, from RFC 3526lloyd2008-09-051-0/+37
|
* Add DSS groups with 2048 and 3072 bit p values (and 256 bit q subgroups).lloyd2008-08-311-105/+141
| | | | | | These were generated using the FIPS 186-3 PRNG, with seed values generating by applying SHA-256 to the UTF-8 encodings of the strings "Botan 2048 DSS seed #51" and "Botan 3072 DSS seed #24"
* Remove the default_pbe option. Instead hardcode the default intolloyd2008-06-301-2/+0
| | | | | | | PKCS8::encrypt_key - this is slightly less flexible, but removes the dependency on the Library_State object. And if someone wants to use a different algorithm, they just have to pass in an actual value for the pbe string instead of letting it default to the empty string.
* Remove option v1_assume_ca, no longer usedlloyd2008-06-301-2/+0
|
* Previously X509_Store took two configuration values from the librarylloyd2008-06-301-2/+0
| | | | | | | | | config state: how long successful validations should be cached, and the amount of slack to allow on time boundary checks. Now these are passed as arguments to the constructor, as a pair of 32-bit integers representing the number of seconds to allow as slack and the number of seconds to cache validations for. They default to the same compiled in defaults as before, 24 hours (86400 seconds) and 30 minutes (1800 seconds), respectively.
* Remove the Config class.lloyd2008-06-301-8/+8
| | | | | | | | In reality, Config was a singleton, with the only owner being the Library_State object. Theoretically one could create and use another Config instance, but in practice it was never done. Reflect the reality and inline the members and public functions of Config in Library_State, removing Config entirely.
* Remove setting of unused blinder_size config varlloyd2008-04-121-1/+0
|
* Remove Config::option_as_u32bit - the only advantage it had over callinglloyd2008-04-121-1/+0
| | | | | | | | | | | | | to_u32but on the return value from Config::option was that it passed it through parse_expr, which did some simple evaluation tricks so you could say 64*1024. That does not seem worth the cost in code, especially because most of the values so controlled are probably never changed. By making them compile time constants, additional optimizations are possible in the source as well as by the compiler. Remove the pkcs8_tries config option. Hardcode that value to 3 instead. I want to rewrite that code in the relatively near future and all that will (hopefully) go away.
* Make the memory allocator's chunk size a compile time constant, via alloyd2008-04-121-1/+0
| | | | new build.h macro BOTAN_MEM_POOL_CHUNK_SIZE
* Remove severa global configuration variables related to entropy gathering,lloyd2008-04-101-7/+0
| | | | instead passing those values as arguments.
* Remove the config option rng/ms_capi_prov_type - the CryptoAPI entropylloyd2008-04-101-1/+0
| | | | | source will default to using the PROV_RSA_FULL provider if an empty string is passed to the constructor.
* Remove the pem/ config arguments. Replace with arguments to the individuallloyd2008-04-101-4/+0
| | | | functions in pem.h. All have defaults with reasonable values.
* Add a second argument to X509_Cert_Options, which replaceslloyd2008-04-101-2/+0
| | | | | | | | the configuration value default_expire Remove signing_offset as well - it is only used for setting the default time of a X509_Cert_Options: not worth the cost of a global variable.
* Change the copyrights in all files in the Botan tree to directly reflectlloyd2008-04-101-1/+1
| | | | | | the actual copyright holders. For rationale, see my post to botan-devel on April 9, subject 'Changing license to directly reflect contributors' (http://www.randombit.net/pipermail/botan-devel/2008-April/000527.html)
* Mostly revert 2f4fd18182d5a75c40cd831e7ee3c314be5c57d6, only keep thelloyd2008-03-101-1/+1
| | | | | updated dates on files that have actually changed this year. This makes the diff across versions readable again.
* Mass update of the copyright date. Honestly I don't know why I bother,lloyd2008-02-141-1/+1
| | | | | | | but might as well keep it up to date. And it's easier to do it once with a 'perl -pi' command than to update each file over time. Apologies to anyone looking at diffs.
* Change the default list of PRNG devices fromlloyd2007-11-171-1/+1
| | | | | | | | | /dev/urandom /dev/random to /dev/random /dev/srandom /dev/urandom because the es_dev module can handle reads from devices that may block without ever blocking for an unbounded amount of time.
* Don't hard code any directories to search for programs into es_unix.lloyd2007-10-191-1/+1
| | | | | | | All are now specified through the config. The new default is just /bin, /sbin, /usr/bin, and /usr/sbin. Formerly /usr/ucb, /usr/etc, and /etc were also searched. If you want this behavior again you have to explicitly set the rng/unix_path configuration setting.
* Add OIDs for SHA-224, SHA-256, SHA-384, SHA-512, and DSA with SHA-224 andlloyd2007-10-031-1/+9
| | | | SHA-256 (from draft-ietf-pkix-sha2-dsa-ecdsa-01)
* Add new OIDs for Rabin-Williams and Nyberg-Rueppel keys and signatures.lloyd2007-03-101-0/+23
| | | | | These were allocated out of my IANA assigned arc, which is documented at http://www.randombit.net/text/oids.html
* Bump copyright year to 2007lloyd2007-01-201-1/+1
|
* Use set_option in policy.cpplloyd2006-12-141-40/+40
|
* Simplify the initial RNG seeding operationlloyd2006-09-211-1/+0
|
* Fix definition of OID 2.5.4.8; was accidentally changed by search-replacelloyd2006-07-311-1/+1
| | | | during cleanups of the initialization code.
* Remove a declaration for add_alias, which was removed at some pointlloyd2006-07-161-37/+37
| | | | | | | | | without the decl also being removed. Add an add_alias function to the Config class, just a simple wrapper around Config::set Change policy.cpp to use add_alias instead of set when setting an alias
* Fix config handling (stupid mismatch was causing the getter for thelloyd2006-07-011-6/+5
| | | | | | config options to always fail). Move the default config stuff from libstate to the config object.
* Access the global configuration through an object reference insteadlloyd2006-07-011-206/+207
| | | | | of stand-alone functions. Store the configuration in a distinct object, rather than just a map inside the library state.
* Syntax changes to the BER and DER APIs to improve readability of codelloyd2006-05-191-1/+0
| | | | | that uses them. These changes are not backwards compatible, this commit updates all uses of the APIs within the library.
* Initial checkin1.5.6lloyd2006-05-181-0/+374
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-29 00:50:32 +0000