| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Avoid using auto_ptr in the CVC headers.
|
| |
|
|
| |
integer values. Update callers.
|
| |
|
|
|
|
|
|
|
| |
derived from a DNSSEC RFC. Bug reported by Bert Hubert to the
mailing list. According to Bert, this ordering is compatible with
the version included in OpenSSL.
Also, benchmark GOST 34.10 using the GOST 34.11 hash since that
is always what it is used with.
|
| | |
|
| | |
|
| |
|
|
| |
deprecation warnings (at least for GCC and VC++). Use in some places.
|
| |
|
|
|
|
|
|
| |
query, clearing, and cloning. Applies to ciphers, hashes, MACs, and
PBKDFs. May extend to KDFs later as well.
A single combined hierarchy in particular will make the algo_factory
much simpler.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
with a new k.
|
| |
|
|
|
|
|
| |
the requested bitsize, simply repeat instead of failing
immediately. The condition could actually occur in practice if a prime
that was on the very low end of the specified range was chosen (eg q
happened to be chosen as 10000...001).
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
MemoryRegions and concatenated them.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Add RandomNumberGenerator::random_vec, which takes an length n and
returns a new SecureVector with randomized contents of that size. This
nicely covers most of the cases where randomize was being called on a
vector, and is a little cleaner in the code as well, instead of
vec.resize(length);
rng.randomize(&vec[0], vec.size());
we just write
vec = rng.random_vec(length);
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
algorithm had changed to AES-256. This was wrong, it actually changed
to AES-128. However in retrospect AES-256 is probably a reasonable
move (in particular for the 4 extra rounds; the related key attacks
possible against AES-256 are probably not viable since we generate the
key using PBKDF2), so update the 1.9.4 changelog to correctly indicate
the change made in that release, and also modify PKCS #8 to actually
use AES-256.
|
| |
|
|
| |
BOTAN_DLL
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
using the 1.8 names continues to work.
|
| |
|
|
|
|
| |
choose 256 bits unless the pbits was exactly 1024. That would mean you
for pbits = 512/768, the FIPS 186-3 size check would fail and it
wouldn't work. Pointed out by Rickard Bellgrim.
|
| | |
|
| |
|
|
| |
failed. If so, assume the input string was an OID and try that.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
not useful; in all cases, we immediately caught it and then returned
false.
Modify as follows:
- Create the pubkey objects inside the checking code, so calling code
doesn't need to do it.
- Return true/false for pass/fail
Also add consistency checking for ECDSA keys
|
| |
|
|
|
|
|
|
|
|
|
| |
or throw an exception, with PointGFp::on_the_curve, which returns a bool.
Update callers.
This showed several cases where check_invaraints was being called
multiple times, for instance when decoding a point with OS2ECP,
check_invaraints was called; many callers of OS2ECP would then call
check_invaraints again on the same object.
|
| |
|
|
|
|
|
|
|
|
| |
decode_and_check takes an expected value; if the decoded value does
not match, a Decoding_Error with a specified string is thrown. Useful
for checking embedded version codes.
decode_octet_string_bigint is for decoding INTEGER values that are
stored as OCTET STRINGs. Totally obnoxious and useless, but common
especially in the ECC standards.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use 64 bit nonces in the Miller-Rabin test, instead of 40 bits.
Rename check_prime to quick_check_prime and is_prime to check_prime
Remove some internal functions which weren't used outside the
primality test code, along with the prime products table.
For quick checking, instead of doing Miller-Rabin with fixed base 2,
do a small number of randomized tests.
Always use random bases instead of the first n primes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PRNG everywhere. The removal of the global PRNG was generated by a
desire to remove the global library state entirely. However the real
point of this was to remove the use of globally visible _mutable_
state; of the mutable state, the PRNG is probably the least important,
and the most useful to share. And it seems unlikely that thread
contention would be a major issue in the PRNG.
Add back a global PRNG to Library_State. Use lazy initialization, so
apps that don't ever use a PRNG don't need a seeding step. Then have
AutoSeeded_RNG call that global PRNG.
Offer once again
RandomNumberGenerator& Library_State::global_rng();
which returns a reference to the global PRNG.
This RNG object serializes access to itself with a mutex.
Remove the hack known as Blinding::choose_nonce, replace with using
the global PRNG to choose a blinding nonce
|
| |
|
|
|
|
| |
would like to replace these functions with generic engine code instead
of hardcoded lookup, and NULL return value would be impossible to
disambiguate.
|
| |
|
|
|
|
|
|
|
|
|
| |
Generating the test vectors found yet another inane (and, of course,
undocumented) behavior in the GOST implementation included in OpenSSL;
it treats the hash inputs as little endian. Just out of curiousity, I
checked RFC 5832, which supposedly specifies this algorithm; not a
peep about endian conversions.
The more I deal with standards coming out of the CryptoPro people, the
less confidence I have in them.
|
| | |
|
| | |
|
