aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xconfigure.py2
-rw-r--r--doc/dev/todo.rst9
-rw-r--r--src/cmd/speed.cpp23
-rw-r--r--src/lib/base/algo_registry.h35
-rw-r--r--src/lib/block/block_utils.h1
-rw-r--r--src/lib/entropy/egd/info.txt2
-rw-r--r--src/lib/openssl/ossl_arc4.cpp89
-rw-r--r--src/lib/openssl/ossl_bc.cpp248
-rw-r--r--src/lib/openssl/ossl_md.cpp150
-rw-r--r--src/lib/stream/stream_utils.h1
-rw-r--r--src/lib/vendor/boost/info.txt (renamed from src/lib/utils/boost/info.txt)0
-rw-r--r--src/lib/vendor/openssl/openssl_block.cpp212
-rw-r--r--src/lib/vendor/openssl/openssl_hash.cpp115
-rw-r--r--src/lib/vendor/openssl/openssl_rc4.cpp49
-rw-r--r--src/lib/vendor/sqlite3/info.txt (renamed from src/lib/utils/sqlite3/info.txt)0
-rw-r--r--src/lib/vendor/sqlite3/sqlite3.cpp (renamed from src/lib/utils/sqlite3/sqlite3.cpp)0
-rw-r--r--src/lib/vendor/sqlite3/sqlite3.h (renamed from src/lib/utils/sqlite3/sqlite3.h)0
17 files changed, 418 insertions, 518 deletions
diff --git a/configure.py b/configure.py
index 371e8390f..947d85066 100755
--- a/configure.py
+++ b/configure.py
@@ -386,7 +386,7 @@ def process_command_line(args):
mods_group.add_option('--no-autoload', action='store_true', default=False,
help='disable automatic loading')
- third_party = ['boost', 'sqlite3', 'zlib', 'bzip2', 'lzma']
+ third_party = ['boost', 'sqlite3', 'openssl', 'zlib', 'bzip2', 'lzma']
hidden_third_party = ['gnump']
for mod in third_party + hidden_third_party:
diff --git a/doc/dev/todo.rst b/doc/dev/todo.rst
index 6c89367e0..ae1853dbf 100644
--- a/doc/dev/todo.rst
+++ b/doc/dev/todo.rst
@@ -14,7 +14,6 @@ Basic Crypto
* BLAKE2
* EdDSA
* Skein-MAC
-* IETF standard HKDF (RFC 5869)
* ARIA (Korean block cipher, RFCs 5794 and 6209)
* Extend Cascade_Cipher to support arbitrary number of ciphers
@@ -54,16 +53,14 @@ New Protocols
Accelerators / backends
----------------------------------------
+* Improve OpenSSL provider (add cipher modes, RSA, etc)
* /dev/crypto
* Windows CryptoAPI
* Apple CommonCrypto
* ARMv8 crypto extensions
* Intel Skylake SHA-1/SHA-2
-FFI
+Python
----------------------------------------
-* Expose TLS to Python
-* Expose ECC to Python
-* Expose bcrypt to Python
-
+* TLS, ECDSA, bcrypt, ...
diff --git a/src/cmd/speed.cpp b/src/cmd/speed.cpp
index 7e8dbd412..185105ee2 100644
--- a/src/cmd/speed.cpp
+++ b/src/cmd/speed.cpp
@@ -120,9 +120,6 @@ void report_results(const std::string& algo,
void time_transform(std::unique_ptr<Transform> tf,
RandomNumberGenerator& rng)
{
- if(!tf)
- return;
-
const std::chrono::seconds runtime(2);
for(size_t buf_size : { 16, 64, 256, 1024, 8192 })
@@ -156,15 +153,18 @@ void time_transform(std::unique_ptr<Transform> tf,
}
}
-void time_transform(const std::string& algo, RandomNumberGenerator& rng)
+bool time_transform(const std::string& algo, RandomNumberGenerator& rng)
{
std::unique_ptr<Transform> tf;
tf.reset(get_cipher_mode(algo, ENCRYPTION));
+ if(!tf)
+ return false;
if(Keyed_Transform* keyed = dynamic_cast<Keyed_Transform*>(tf.get()))
keyed->set_key(rng.random_vec(keyed->key_spec().maximum_keylength()));
time_transform(std::move(tf), rng);
+ return true;
}
void bench_algo(const std::string& algo,
@@ -175,15 +175,18 @@ void bench_algo(const std::string& algo,
std::chrono::milliseconds ms(
static_cast<std::chrono::milliseconds::rep>(seconds * 1000));
- std::map<std::string, double> speeds = algorithm_benchmark(algo, rng, ms, buf_size);
+ if(time_transform(algo, rng))
+ return;
- report_results(algo, speeds);
+ std::map<std::string, double> speeds = algorithm_benchmark(algo, rng, ms, buf_size);
- if(speeds.empty())
- time_transform(algo, rng);
+ if(!speeds.empty())
+ {
+ report_results(algo, speeds);
+ return;
+ }
- if(speeds.empty())
- bench_pk(rng, algo, seconds);
+ bench_pk(rng, algo, seconds);
}
int speed(int argc, char* argv[])
diff --git a/src/lib/base/algo_registry.h b/src/lib/base/algo_registry.h
index 9582180bd..709b035fc 100644
--- a/src/lib/base/algo_registry.h
+++ b/src/lib/base/algo_registry.h
@@ -63,7 +63,7 @@ class Algo_Registry
class Add
{
public:
- Add(const std::string& basename, maker_fn fn, const std::string& provider = "builtin", byte pref = 128)
+ Add(const std::string& basename, maker_fn fn, const std::string& provider, byte pref)
{
Algo_Registry<T>::global_registry().add(basename, provider, fn, pref);
}
@@ -190,21 +190,30 @@ make_new_T_1X(const typename Algo_Registry<T>::Spec& spec)
return new T(x.release());
}
-#define BOTAN_REGISTER_NAMED_T(T, namestr, type, maker) \
- namespace { Algo_Registry<T>::Add g_ ## type ## _reg(namestr, maker); }
-#define BOTAN_REGISTER_T(T, name, maker) \
- namespace { Algo_Registry<T>::Add g_ ## name ## _reg(#name, maker); }
-#define BOTAN_REGISTER_T_NOARGS(T, name) \
- namespace { Algo_Registry<T>::Add g_ ## name ## _reg(#name, make_new_T<name>); }
-#define BOTAN_REGISTER_T_1LEN(T, name, def) \
- namespace { Algo_Registry<T>::Add g_ ## name ## _reg(#name, make_new_T_1len<name, def>); }
+#define BOTAN_REGISTER_TYPE(T, type, name, maker, provider, pref) \
+ namespace { Algo_Registry<T>::Add g_ ## type ## _reg(name, maker, provider, pref); }
+
+#define BOTAN_REGISTER_TYPE_COND(cond, T, type, name, maker, provider, pref) \
+ namespace { Algo_Registry<T>::Add g_ ## type ## _reg(cond, name, maker, provider, pref); }
+
+#define BOTAN_REGISTER_NAMED_T(T, name, type, maker) \
+ BOTAN_REGISTER_TYPE(T, type, name, maker, "builtin", 128)
+
+#define BOTAN_REGISTER_T(T, type, maker) \
+ BOTAN_REGISTER_TYPE(T, type, #type, maker, "builtin", 128)
+
+#define BOTAN_REGISTER_T_NOARGS(T, type) \
+ BOTAN_REGISTER_TYPE(T, type, #type, make_new_T<type>, "builtin", 128)
+#define BOTAN_REGISTER_T_1LEN(T, type, def) \
+ BOTAN_REGISTER_TYPE(T, type, #type, (make_new_T_1len<type,def>), "builtin", 128)
#define BOTAN_REGISTER_NAMED_T_NOARGS(T, type, name, provider) \
- namespace { Algo_Registry<T>::Add g_ ## type ## _reg(name, make_new_T<type>, provider); }
+ BOTAN_REGISTER_TYPE(T, type, name, make_new_T<type>, provider, 128)
#define BOTAN_COND_REGISTER_NAMED_T_NOARGS(cond, T, type, name, provider, pref) \
- namespace { Algo_Registry<T>::Add g_ ## type ## _reg(cond, name, make_new_T<type>, provider, pref); }
-#define BOTAN_REGISTER_NAMED_T_2LEN(T, type, name, provider, len1, len2) \
- namespace { Algo_Registry<T>::Add g_ ## type ## _reg(name, make_new_T_2len<type, len1, len2>, provider); }
+ BOTAN_REGISTER_TYPE_COND(cond, T, type, name, make_new_T<type>, provider, pref)
+
+#define BOTAN_REGISTER_NAMED_T_2LEN(T, type, name, provider, len1, len2) \
+ BOTAN_REGISTER_TYPE(T, type, name, (make_new_T_2len<type,len1,len2>), provider, 128)
// TODO move elsewhere:
#define BOTAN_REGISTER_TRANSFORM(name, maker) BOTAN_REGISTER_T(Transform, name, maker)
diff --git a/src/lib/block/block_utils.h b/src/lib/block/block_utils.h
index ebf6354e0..dacc79a45 100644
--- a/src/lib/block/block_utils.h
+++ b/src/lib/block/block_utils.h
@@ -8,6 +8,7 @@
#ifndef BOTAN_BLOCK_CIPHER_UTILS_H__
#define BOTAN_BLOCK_CIPHER_UTILS_H__
+#include <botan/block_cipher.h>
#include <botan/internal/algo_registry.h>
#include <botan/loadstor.h>
#include <botan/rotate.h>
diff --git a/src/lib/entropy/egd/info.txt b/src/lib/entropy/egd/info.txt
index bdf6db71e..fdf5c4959 100644
--- a/src/lib/entropy/egd/info.txt
+++ b/src/lib/entropy/egd/info.txt
@@ -1,6 +1,6 @@
define ENTROPY_SRC_EGD 20131128
-load_on request
+load_on auto
<source>
es_egd.cpp
diff --git a/src/lib/openssl/ossl_arc4.cpp b/src/lib/openssl/ossl_arc4.cpp
deleted file mode 100644
index 4533c2688..000000000
--- a/src/lib/openssl/ossl_arc4.cpp
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
-* OpenSSL RC4
-* (C) 1999-2007 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#include <botan/internal/openssl_engine.h>
-#include <botan/parsing.h>
-#include <openssl/rc4.h>
-
-namespace Botan {
-
-namespace {
-
-/**
-* RC4 as implemented by OpenSSL
-*/
-class RC4_OpenSSL : public StreamCipher
- {
- public:
- void clear() { clear_mem(&state, 1); }
-
- std::string name() const;
- StreamCipher* clone() const { return new RC4_OpenSSL(SKIP); }
-
- Key_Length_Specification key_spec() const
- {
- return Key_Length_Specification(1, 32);
- }
-
-
- RC4_OpenSSL(size_t s = 0) : SKIP(s) { clear(); }
- ~RC4_OpenSSL() { clear(); }
- private:
- void cipher(const byte[], byte[], size_t);
- void key_schedule(const byte[], size_t);
-
- const size_t SKIP;
- RC4_KEY state;
- };
-
-/*
-* Return the name of this type
-*/
-std::string RC4_OpenSSL::name() const
- {
- if(SKIP == 0) return "RC4";
- if(SKIP == 256) return "MARK-4";
- else return "RC4_skip(" + std::to_string(SKIP) + ")";
- }
-
-/*
-* RC4 Key Schedule
-*/
-void RC4_OpenSSL::key_schedule(const byte key[], size_t length)
- {
- RC4_set_key(&state, length, key);
- byte dummy = 0;
- for(size_t i = 0; i != SKIP; ++i)
- RC4(&state, 1, &dummy, &dummy);
- }
-
-/*
-* RC4 Encryption
-*/
-void RC4_OpenSSL::cipher(const byte in[], byte out[], size_t length)
- {
- RC4(&state, length, in, out);
- }
-
-}
-
-/**
-* Look for an OpenSSL-supported stream cipher (RC4)
-*/
-StreamCipher*
-OpenSSL_Engine::find_stream_cipher(const SCAN_Name& request,
- Algorithm_Factory&) const
- {
- if(request.algo_name() == "RC4")
- return new RC4_OpenSSL(request.arg_as_integer(0, 0));
- if(request.algo_name() == "RC4_drop")
- return new RC4_OpenSSL(768);
-
- return 0;
- }
-
-}
diff --git a/src/lib/openssl/ossl_bc.cpp b/src/lib/openssl/ossl_bc.cpp
deleted file mode 100644
index 8e8c6e5a8..000000000
--- a/src/lib/openssl/ossl_bc.cpp
+++ /dev/null
@@ -1,248 +0,0 @@
-/*
-* OpenSSL Block Cipher
-* (C) 1999-2010 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#include <botan/internal/openssl_engine.h>
-#include <openssl/evp.h>
-
-namespace Botan {
-
-namespace {
-
-/*
-* EVP Block Cipher
-*/
-class EVP_BlockCipher : public BlockCipher
- {
- public:
- void clear();
- std::string name() const { return cipher_name; }
- BlockCipher* clone() const;
-
- size_t block_size() const { return block_sz; }
-
- EVP_BlockCipher(const EVP_CIPHER*, const std::string&);
-
- EVP_BlockCipher(const EVP_CIPHER*, const std::string&,
- size_t, size_t, size_t);
-
- Key_Length_Specification key_spec() const { return cipher_key_spec; }
-
- ~EVP_BlockCipher();
- private:
- void encrypt_n(const byte in[], byte out[], size_t blocks) const;
- void decrypt_n(const byte in[], byte out[], size_t blocks) const;
- void key_schedule(const byte[], size_t);
-
- size_t block_sz;
- Key_Length_Specification cipher_key_spec;
- std::string cipher_name;
- mutable EVP_CIPHER_CTX encrypt, decrypt;
- };
-
-/*
-* EVP Block Cipher Constructor
-*/
-EVP_BlockCipher::EVP_BlockCipher(const EVP_CIPHER* algo,
- const std::string& algo_name) :
- block_sz(EVP_CIPHER_block_size(algo)),
- cipher_key_spec(EVP_CIPHER_key_length(algo)),
- cipher_name(algo_name)
- {
- if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE)
- throw Invalid_Argument("EVP_BlockCipher: Non-ECB EVP was passed in");
-
- EVP_CIPHER_CTX_init(&encrypt);
- EVP_CIPHER_CTX_init(&decrypt);
-
- EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0);
- EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0);
-
- EVP_CIPHER_CTX_set_padding(&encrypt, 0);
- EVP_CIPHER_CTX_set_padding(&decrypt, 0);
- }
-
-/*
-* EVP Block Cipher Constructor
-*/
-EVP_BlockCipher::EVP_BlockCipher(const EVP_CIPHER* algo,
- const std::string& algo_name,
- size_t key_min, size_t key_max,
- size_t key_mod) :
- block_sz(EVP_CIPHER_block_size(algo)),
- cipher_key_spec(key_min, key_max, key_mod),
- cipher_name(algo_name)
- {
- if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE)
- throw Invalid_Argument("EVP_BlockCipher: Non-ECB EVP was passed in");
-
- EVP_CIPHER_CTX_init(&encrypt);
- EVP_CIPHER_CTX_init(&decrypt);
-
- EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0);
- EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0);
-
- EVP_CIPHER_CTX_set_padding(&encrypt, 0);
- EVP_CIPHER_CTX_set_padding(&decrypt, 0);
- }
-
-/*
-* EVP Block Cipher Destructor
-*/
-EVP_BlockCipher::~EVP_BlockCipher()
- {
- EVP_CIPHER_CTX_cleanup(&encrypt);
- EVP_CIPHER_CTX_cleanup(&decrypt);
- }
-
-/*
-* Encrypt a block
-*/
-void EVP_BlockCipher::encrypt_n(const byte in[], byte out[],
- size_t blocks) const
- {
- int out_len = 0;
- EVP_EncryptUpdate(&encrypt, out, &out_len, in, blocks * block_sz);
- }
-
-/*
-* Decrypt a block
-*/
-void EVP_BlockCipher::decrypt_n(const byte in[], byte out[],
- size_t blocks) const
- {
- int out_len = 0;
- EVP_DecryptUpdate(&decrypt, out, &out_len, in, blocks * block_sz);
- }
-
-/*
-* Set the key
-*/
-void EVP_BlockCipher::key_schedule(const byte key[], size_t length)
- {
- secure_vector<byte> full_key(key, key + length);
-
- if(cipher_name == "TripleDES" && length == 16)
- {
- full_key += std::make_pair(key, 8);
- }
- else
- if(EVP_CIPHER_CTX_set_key_length(&encrypt, length) == 0 ||
- EVP_CIPHER_CTX_set_key_length(&decrypt, length) == 0)
- throw Invalid_Argument("EVP_BlockCipher: Bad key length for " +
- cipher_name);
-
- if(cipher_name == "RC2")
- {
- EVP_CIPHER_CTX_ctrl(&encrypt, EVP_CTRL_SET_RC2_KEY_BITS, length*8, 0);
- EVP_CIPHER_CTX_ctrl(&decrypt, EVP_CTRL_SET_RC2_KEY_BITS, length*8, 0);
- }
-
- EVP_EncryptInit_ex(&encrypt, 0, 0, &full_key[0], 0);
- EVP_DecryptInit_ex(&decrypt, 0, 0, &full_key[0], 0);
- }
-
-/*
-* Return a clone of this object
-*/
-BlockCipher* EVP_BlockCipher::clone() const
- {
- return new EVP_BlockCipher(EVP_CIPHER_CTX_cipher(&encrypt),
- cipher_name,
- cipher_key_spec.minimum_keylength(),
- cipher_key_spec.maximum_keylength(),
- cipher_key_spec.keylength_multiple());
- }
-
-/*
-* Clear memory of sensitive data
-*/
-void EVP_BlockCipher::clear()
- {
- const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(&encrypt);
-
- EVP_CIPHER_CTX_cleanup(&encrypt);
- EVP_CIPHER_CTX_cleanup(&decrypt);
- EVP_CIPHER_CTX_init(&encrypt);
- EVP_CIPHER_CTX_init(&decrypt);
- EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0);
- EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0);
- EVP_CIPHER_CTX_set_padding(&encrypt, 0);
- EVP_CIPHER_CTX_set_padding(&decrypt, 0);
- }
-
-}
-
-/*
-* Look for an algorithm with this name
-*/
-BlockCipher*
-OpenSSL_Engine::find_block_cipher(const SCAN_Name& request,
- Algorithm_Factory&) const
- {
-#define HANDLE_EVP_CIPHER(NAME, EVP) \
- if(request.algo_name() == NAME && request.arg_count() == 0) \
- return new EVP_BlockCipher(EVP, NAME);
-
-#define HANDLE_EVP_CIPHER_KEYLEN(NAME, EVP, MIN, MAX, MOD) \
- if(request.algo_name() == NAME && request.arg_count() == 0) \
- return new EVP_BlockCipher(EVP, NAME, MIN, MAX, MOD);
-
-#if !defined(OPENSSL_NO_AES)
- /*
- Using OpenSSL's AES causes crashes inside EVP on x86-64 with OpenSSL 0.9.8g
- cause is unknown
- */
- HANDLE_EVP_CIPHER("AES-128", EVP_aes_128_ecb());
- HANDLE_EVP_CIPHER("AES-192", EVP_aes_192_ecb());
- HANDLE_EVP_CIPHER("AES-256", EVP_aes_256_ecb());
-#endif
-
-#if !defined(OPENSSL_NO_DES)
- HANDLE_EVP_CIPHER("DES", EVP_des_ecb());
- HANDLE_EVP_CIPHER_KEYLEN("TripleDES", EVP_des_ede3_ecb(), 16, 24, 8);
-#endif
-
-#if !defined(OPENSSL_NO_BF)
- HANDLE_EVP_CIPHER_KEYLEN("Blowfish", EVP_bf_ecb(), 1, 56, 1);
-#endif
-
-#if !defined(OPENSSL_NO_CAST)
- HANDLE_EVP_CIPHER_KEYLEN("CAST-128", EVP_cast5_ecb(), 1, 16, 1);
-#endif
-
-#if !defined(OPENSSL_NO_CAMELLIA)
- HANDLE_EVP_CIPHER("Camellia-128", EVP_camellia_128_ecb());
- HANDLE_EVP_CIPHER("Camellia-192", EVP_camellia_192_ecb());
- HANDLE_EVP_CIPHER("Camellia-256", EVP_camellia_256_ecb());
-#endif
-
-#if !defined(OPENSSL_NO_RC2)
- HANDLE_EVP_CIPHER_KEYLEN("RC2", EVP_rc2_ecb(), 1, 32, 1);
-#endif
-
-#if !defined(OPENSSL_NO_RC5) && 0
- if(request.algo_name() == "RC5")
- if(request.arg_as_integer(0, 12) == 12)
- return new EVP_BlockCipher(EVP_rc5_32_12_16_ecb(),
- "RC5(12)", 1, 32, 1);
-#endif
-
-#if !defined(OPENSSL_NO_IDEA) && 0
- HANDLE_EVP_CIPHER("IDEA", EVP_idea_ecb());
-#endif
-
-#if !defined(OPENSSL_NO_SEED)
- HANDLE_EVP_CIPHER("SEED", EVP_seed_ecb());
-#endif
-
-#undef HANDLE_EVP_CIPHER
-#undef HANDLE_EVP_CIPHER_KEYLEN
-
- return 0;
- }
-
-}
diff --git a/src/lib/openssl/ossl_md.cpp b/src/lib/openssl/ossl_md.cpp
deleted file mode 100644
index 063271151..000000000
--- a/src/lib/openssl/ossl_md.cpp
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
-* OpenSSL Hash Functions
-* (C) 1999-2007 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#include <botan/internal/openssl_engine.h>
-#include <openssl/evp.h>
-
-namespace Botan {
-
-namespace {
-
-/*
-* EVP Hash Function
-*/
-class EVP_HashFunction : public HashFunction
- {
- public:
- void clear();
- std::string name() const { return algo_name; }
- HashFunction* clone() const;
-
- size_t output_length() const
- {
- return EVP_MD_size(EVP_MD_CTX_md(&md));
- }
-
- size_t hash_block_size() const
- {
- return EVP_MD_block_size(EVP_MD_CTX_md(&md));
- }
-
- EVP_HashFunction(const EVP_MD*, const std::string&);
- ~EVP_HashFunction();
- private:
- void add_data(const byte[], size_t);
- void final_result(byte[]);
-
- std::string algo_name;
- EVP_MD_CTX md;
- };
-
-/*
-* Update an EVP Hash Calculation
-*/
-void EVP_HashFunction::add_data(const byte input[], size_t length)
- {
- EVP_DigestUpdate(&md, input, length);
- }
-
-/*
-* Finalize an EVP Hash Calculation
-*/
-void EVP_HashFunction::final_result(byte output[])
- {
- EVP_DigestFinal_ex(&md, output, 0);
- const EVP_MD* algo = EVP_MD_CTX_md(&md);
- EVP_DigestInit_ex(&md, algo, 0);
- }
-
-/*
-* Clear memory of sensitive data
-*/
-void EVP_HashFunction::clear()
- {
- const EVP_MD* algo = EVP_MD_CTX_md(&md);
- EVP_DigestInit_ex(&md, algo, 0);
- }
-
-/*
-* Return a clone of this object
-*/
-HashFunction* EVP_HashFunction::clone() const
- {
- const EVP_MD* algo = EVP_MD_CTX_md(&md);
- return new EVP_HashFunction(algo, name());
- }
-
-/*
-* Create an EVP hash function
-*/
-EVP_HashFunction::EVP_HashFunction(const EVP_MD* algo,
- const std::string& name) :
- algo_name(name)
- {
- EVP_MD_CTX_init(&md);
- EVP_DigestInit_ex(&md, algo, 0);
- }
-
-/*
-* Destroy an EVP hash function
-*/
-EVP_HashFunction::~EVP_HashFunction()
- {
- EVP_MD_CTX_cleanup(&md);
- }
-
-}
-
-/*
-* Look for an algorithm with this name
-*/
-HashFunction* OpenSSL_Engine::find_hash(const SCAN_Name& request,
- Algorithm_Factory&) const
- {
-#if !defined(OPENSSL_NO_SHA)
- if(request.algo_name() == "SHA-160")
- return new EVP_HashFunction(EVP_sha1(), "SHA-160");
-#endif
-
-#if !defined(OPENSSL_NO_SHA256)
- if(request.algo_name() == "SHA-224")
- return new EVP_HashFunction(EVP_sha224(), "SHA-224");
- if(request.algo_name() == "SHA-256")
- return new EVP_HashFunction(EVP_sha256(), "SHA-256");
-#endif
-
-#if !defined(OPENSSL_NO_SHA512)
- if(request.algo_name() == "SHA-384")
- return new EVP_HashFunction(EVP_sha384(), "SHA-384");
- if(request.algo_name() == "SHA-512")
- return new EVP_HashFunction(EVP_sha512(), "SHA-512");
-#endif
-
-#if !defined(OPENSSL_NO_MD2)
- if(request.algo_name() == "MD2")
- return new EVP_HashFunction(EVP_md2(), "MD2");
-#endif
-
-#if !defined(OPENSSL_NO_MD4)
- if(request.algo_name() == "MD4")
- return new EVP_HashFunction(EVP_md4(), "MD4");
-#endif
-
-#if !defined(OPENSSL_NO_MD5)
- if(request.algo_name() == "MD5")
- return new EVP_HashFunction(EVP_md5(), "MD5");
-#endif
-
-#if !defined(OPENSSL_NO_RIPEMD)
- if(request.algo_name() == "RIPEMD-160")
- return new EVP_HashFunction(EVP_ripemd160(), "RIPEMD-160");
-#endif
-
- return 0;
- }
-
-}
diff --git a/src/lib/stream/stream_utils.h b/src/lib/stream/stream_utils.h
index 2e8f58562..8ba8d4b01 100644
--- a/src/lib/stream/stream_utils.h
+++ b/src/lib/stream/stream_utils.h
@@ -8,6 +8,7 @@
#ifndef BOTAN_STREAM_CIPHER_UTILS_H__
#define BOTAN_STREAM_CIPHER_UTILS_H__
+#include <botan/stream_cipher.h>
#include <botan/internal/algo_registry.h>
#include <botan/loadstor.h>
#include <botan/rotate.h>
diff --git a/src/lib/utils/boost/info.txt b/src/lib/vendor/boost/info.txt
index 119a54175..119a54175 100644
--- a/src/lib/utils/boost/info.txt
+++ b/src/lib/vendor/boost/info.txt
diff --git a/src/lib/vendor/openssl/openssl_block.cpp b/src/lib/vendor/openssl/openssl_block.cpp
new file mode 100644
index 000000000..34f0e5607
--- /dev/null
+++ b/src/lib/vendor/openssl/openssl_block.cpp
@@ -0,0 +1,212 @@
+/*
+* OpenSSL Block Cipher
+* (C) 1999-2010,2015 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include <botan/internal/block_utils.h>
+#include <openssl/evp.h>
+
+namespace Botan {
+
+namespace {
+
+class OpenSSL_BlockCipher : public BlockCipher
+ {
+ public:
+ void clear();
+ std::string name() const { return cipher_name; }
+ BlockCipher* clone() const;
+
+ size_t block_size() const { return block_sz; }
+
+ OpenSSL_BlockCipher(const EVP_CIPHER*, const std::string&);
+
+ OpenSSL_BlockCipher(const EVP_CIPHER*, const std::string&,
+ size_t, size_t, size_t);
+
+ Key_Length_Specification key_spec() const { return cipher_key_spec; }
+
+ ~OpenSSL_BlockCipher();
+ private:
+ void encrypt_n(const byte in[], byte out[], size_t blocks) const
+ {
+ int out_len = 0;
+ EVP_EncryptUpdate(&encrypt, out, &out_len, in, blocks * block_sz);
+ }
+
+ void decrypt_n(const byte in[], byte out[], size_t blocks) const
+ {
+ int out_len = 0;
+ EVP_DecryptUpdate(&decrypt, out, &out_len, in, blocks * block_sz);
+ }
+
+ void key_schedule(const byte[], size_t);
+
+ size_t block_sz;
+ Key_Length_Specification cipher_key_spec;
+ std::string cipher_name;
+ mutable EVP_CIPHER_CTX encrypt, decrypt;
+ };
+
+OpenSSL_BlockCipher::OpenSSL_BlockCipher(const EVP_CIPHER* algo,
+ const std::string& algo_name) :
+ block_sz(EVP_CIPHER_block_size(algo)),
+ cipher_key_spec(EVP_CIPHER_key_length(algo)),
+ cipher_name(algo_name)
+ {
+ if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE)
+ throw Invalid_Argument("OpenSSL_BlockCipher: Non-ECB EVP was passed in");
+
+ EVP_CIPHER_CTX_init(&encrypt);
+ EVP_CIPHER_CTX_init(&decrypt);
+
+ EVP_EncryptInit_ex(&encrypt, algo, nullptr, nullptr, nullptr);
+ EVP_DecryptInit_ex(&decrypt, algo, nullptr, nullptr, nullptr);
+
+ EVP_CIPHER_CTX_set_padding(&encrypt, 0);
+ EVP_CIPHER_CTX_set_padding(&decrypt, 0);
+ }
+
+OpenSSL_BlockCipher::OpenSSL_BlockCipher(const EVP_CIPHER* algo,
+ const std::string& algo_name,
+ size_t key_min, size_t key_max,
+ size_t key_mod) :
+ block_sz(EVP_CIPHER_block_size(algo)),
+ cipher_key_spec(key_min, key_max, key_mod),
+ cipher_name(algo_name)
+ {
+ if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE)
+ throw Invalid_Argument("OpenSSL_BlockCipher: Non-ECB EVP was passed in");
+
+ EVP_CIPHER_CTX_init(&encrypt);
+ EVP_CIPHER_CTX_init(&decrypt);
+
+ EVP_EncryptInit_ex(&encrypt, algo, nullptr, nullptr, nullptr);
+ EVP_DecryptInit_ex(&decrypt, algo, nullptr, nullptr, nullptr);
+
+ EVP_CIPHER_CTX_set_padding(&encrypt, 0);
+ EVP_CIPHER_CTX_set_padding(&decrypt, 0);
+ }
+
+OpenSSL_BlockCipher::~OpenSSL_BlockCipher()
+ {
+ EVP_CIPHER_CTX_cleanup(&encrypt);
+ EVP_CIPHER_CTX_cleanup(&decrypt);
+ }
+
+/*
+* Set the key
+*/
+void OpenSSL_BlockCipher::key_schedule(const byte key[], size_t length)
+ {
+ secure_vector<byte> full_key(key, key + length);
+
+ if(cipher_name == "TripleDES" && length == 16)
+ {
+ full_key += std::make_pair(key, 8);
+ }
+ else
+ if(EVP_CIPHER_CTX_set_key_length(&encrypt, length) == 0 ||
+ EVP_CIPHER_CTX_set_key_length(&decrypt, length) == 0)
+ throw Invalid_Argument("OpenSSL_BlockCipher: Bad key length for " +
+ cipher_name);
+
+ EVP_EncryptInit_ex(&encrypt, nullptr, nullptr, &full_key[0], nullptr);
+ EVP_DecryptInit_ex(&decrypt, nullptr, nullptr, &full_key[0], nullptr);
+ }
+
+/*
+* Return a clone of this object
+*/
+BlockCipher* OpenSSL_BlockCipher::clone() const
+ {
+ return new OpenSSL_BlockCipher(EVP_CIPHER_CTX_cipher(&encrypt),
+ cipher_name,
+ cipher_key_spec.minimum_keylength(),
+ cipher_key_spec.maximum_keylength(),
+ cipher_key_spec.keylength_multiple());
+ }
+
+/*
+* Clear memory of sensitive data
+*/
+void OpenSSL_BlockCipher::clear()
+ {
+ const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(&encrypt);
+
+ EVP_CIPHER_CTX_cleanup(&encrypt);
+ EVP_CIPHER_CTX_cleanup(&decrypt);
+ EVP_CIPHER_CTX_init(&encrypt);
+ EVP_CIPHER_CTX_init(&decrypt);
+ EVP_EncryptInit_ex(&encrypt, algo, nullptr, nullptr, nullptr);
+ EVP_DecryptInit_ex(&decrypt, algo, nullptr, nullptr, nullptr);
+ EVP_CIPHER_CTX_set_padding(&encrypt, 0);
+ EVP_CIPHER_CTX_set_padding(&decrypt, 0);
+ }
+
+std::function<BlockCipher* (const BlockCipher::Spec&)>
+make_evp_block_maker(const EVP_CIPHER* cipher, const char* algo)
+ {
+ return [cipher,algo](const BlockCipher::Spec&)
+ {
+ return new OpenSSL_BlockCipher(cipher, algo);
+ };
+ }
+
+std::function<BlockCipher* (const BlockCipher::Spec&)>
+make_evp_block_maker_keylen(const EVP_CIPHER* cipher, const char* algo,
+ size_t kmin, size_t kmax, size_t kmod)
+ {
+ return [cipher,algo,kmin,kmax,kmod](const BlockCipher::Spec&)
+ {
+ return new OpenSSL_BlockCipher(cipher, algo, kmin, kmax, kmod);
+ };
+ }
+
+#define BOTAN_REGISTER_OPENSSL_EVP_BLOCK(NAME, EVP) \
+ BOTAN_REGISTER_TYPE(BlockCipher, EVP_BlockCipher ## EVP, NAME, \
+ make_evp_block_maker(EVP(), NAME), "openssl", 96);
+
+#define BOTAN_REGISTER_OPENSSL_EVP_BLOCK_KEYLEN(NAME, EVP, KMIN, KMAX, KMOD) \
+ BOTAN_REGISTER_TYPE(BlockCipher, OpenSSL_BlockCipher ## EVP, NAME, \
+ make_evp_block_maker_keylen(EVP(), NAME, KMIN, KMAX, KMOD), \
+ "openssl", 96);
+
+#if !defined(OPENSSL_NO_AES)
+ BOTAN_REGISTER_OPENSSL_EVP_BLOCK("AES-128", EVP_aes_128_ecb);
+ BOTAN_REGISTER_OPENSSL_EVP_BLOCK("AES-192", EVP_aes_192_ecb);
+ BOTAN_REGISTER_OPENSSL_EVP_BLOCK("AES-256", EVP_aes_256_ecb);
+#endif
+
+#if !defined(OPENSSL_NO_DES)
+ BOTAN_REGISTER_OPENSSL_EVP_BLOCK("DES", EVP_des_ecb);
+ BOTAN_REGISTER_OPENSSL_EVP_BLOCK_KEYLEN("TripleDES", EVP_des_ede3_ecb, 16, 24, 8);
+#endif
+
+#if !defined(OPENSSL_NO_BF)
+ BOTAN_REGISTER_OPENSSL_EVP_BLOCK_KEYLEN("Blowfish", EVP_bf_ecb, 1, 56, 1);
+#endif
+
+#if !defined(OPENSSL_NO_CAST)
+ BOTAN_REGISTER_OPENSSL_EVP_BLOCK_KEYLEN("CAST-128", EVP_cast5_ecb, 1, 16, 1);
+#endif
+
+#if !defined(OPENSSL_NO_CAMELLIA)
+ BOTAN_REGISTER_OPENSSL_EVP_BLOCK("Camellia-128", EVP_camellia_128_ecb);
+ BOTAN_REGISTER_OPENSSL_EVP_BLOCK("Camellia-192", EVP_camellia_192_ecb);
+ BOTAN_REGISTER_OPENSSL_EVP_BLOCK("Camellia-256", EVP_camellia_256_ecb);
+#endif
+
+#if !defined(OPENSSL_NO_IDEA)
+ BOTAN_REGISTER_OPENSSL_EVP_BLOCK("IDEA", EVP_idea_ecb);
+#endif
+
+#if !defined(OPENSSL_NO_SEED)
+ BOTAN_REGISTER_OPENSSL_EVP_BLOCK("SEED", EVP_seed_ecb);
+#endif
+
+}
+
+}
diff --git a/src/lib/vendor/openssl/openssl_hash.cpp b/src/lib/vendor/openssl/openssl_hash.cpp
new file mode 100644
index 000000000..6133e36a4
--- /dev/null
+++ b/src/lib/vendor/openssl/openssl_hash.cpp
@@ -0,0 +1,115 @@
+/*
+* OpenSSL Hash Functions
+* (C) 1999-2007,2015 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include <botan/internal/hash_utils.h>
+#include <openssl/evp.h>
+
+namespace Botan {
+
+namespace {
+
+class OpenSSL_HashFunction : public HashFunction
+ {
+ public:
+ void clear()
+ {
+ const EVP_MD* algo = EVP_MD_CTX_md(&m_md);
+ EVP_DigestInit_ex(&m_md, algo, nullptr);
+ }
+
+ std::string name() const { return m_name; }
+
+ HashFunction* clone() const
+ {
+ const EVP_MD* algo = EVP_MD_CTX_md(&m_md);
+ return new OpenSSL_HashFunction(algo, name());
+ }
+
+ size_t output_length() const
+ {
+ return EVP_MD_size(EVP_MD_CTX_md(&m_md));
+ }
+
+ size_t hash_block_size() const
+ {
+ return EVP_MD_block_size(EVP_MD_CTX_md(&m_md));
+ }
+
+ OpenSSL_HashFunction(const EVP_MD* md, const std::string& name) : m_name(name)
+ {
+ EVP_MD_CTX_init(&m_md);
+ EVP_DigestInit_ex(&m_md, md, nullptr);
+ }
+
+ ~OpenSSL_HashFunction()
+ {
+ EVP_MD_CTX_cleanup(&m_md);
+ }
+
+ private:
+ void add_data(const byte input[], size_t length)
+ {
+ EVP_DigestUpdate(&m_md, input, length);
+ }
+
+ void final_result(byte output[])
+ {
+ EVP_DigestFinal_ex(&m_md, output, nullptr);
+ const EVP_MD* algo = EVP_MD_CTX_md(&m_md);
+ EVP_DigestInit_ex(&m_md, algo, nullptr);
+ }
+
+ std::string m_name;
+ EVP_MD_CTX m_md;
+ };
+
+std::function<HashFunction* (const HashFunction::Spec&)>
+make_evp_hash_maker(const EVP_MD* md, const char* algo)
+ {
+ return [md,algo](const HashFunction::Spec&)
+ {
+ return new OpenSSL_HashFunction(md, algo);
+ };
+ }
+
+#define BOTAN_REGISTER_OPENSSL_EVP_HASH(NAME, EVP) \
+ BOTAN_REGISTER_TYPE(HashFunction, OpenSSL_HashFunction ## EVP, NAME, \
+ make_evp_hash_maker(EVP(), NAME), "openssl", 32);
+
+#if !defined(OPENSSL_NO_SHA)
+ BOTAN_REGISTER_OPENSSL_EVP_HASH("SHA-160", EVP_sha1);
+#endif
+
+#if !defined(OPENSSL_NO_SHA256)
+ BOTAN_REGISTER_OPENSSL_EVP_HASH("SHA-224", EVP_sha224);
+ BOTAN_REGISTER_OPENSSL_EVP_HASH("SHA-256", EVP_sha256);
+#endif
+
+#if !defined(OPENSSL_NO_SHA512)
+ BOTAN_REGISTER_OPENSSL_EVP_HASH("SHA-384", EVP_sha384);
+ BOTAN_REGISTER_OPENSSL_EVP_HASH("SHA-512", EVP_sha512);
+#endif
+
+#if !defined(OPENSSL_NO_MD2)
+ BOTAN_REGISTER_OPENSSL_EVP_HASH("MD2", EVP_md2);
+#endif
+
+#if !defined(OPENSSL_NO_MD4)
+ BOTAN_REGISTER_OPENSSL_EVP_HASH("MD4", EVP_md4);
+#endif
+
+#if !defined(OPENSSL_NO_MD5)
+ BOTAN_REGISTER_OPENSSL_EVP_HASH("MD5", EVP_md5);
+#endif
+
+#if !defined(OPENSSL_NO_RIPEMD)
+ BOTAN_REGISTER_OPENSSL_EVP_HASH("RIPEMD-160", EVP_ripemd160);
+#endif
+
+}
+
+}
diff --git a/src/lib/vendor/openssl/openssl_rc4.cpp b/src/lib/vendor/openssl/openssl_rc4.cpp
new file mode 100644
index 000000000..966aecd66
--- /dev/null
+++ b/src/lib/vendor/openssl/openssl_rc4.cpp
@@ -0,0 +1,49 @@
+/*
+* OpenSSL RC4
+* (C) 1999-2007,2015 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include <botan/internal/stream_utils.h>
+#include <botan/parsing.h>
+#include <openssl/rc4.h>
+
+namespace Botan {
+
+namespace {
+
+class OpenSSL_RC4 : public StreamCipher
+ {
+ public:
+ void clear() { clear_mem(&m_rc4, 1); }
+
+ std::string name() const { return "RC4"; }
+ StreamCipher* clone() const { return new OpenSSL_RC4; }
+
+ Key_Length_Specification key_spec() const
+ {
+ return Key_Length_Specification(1, 32);
+ }
+
+ OpenSSL_RC4() { clear(); }
+ ~OpenSSL_RC4() { clear(); }
+ private:
+ void cipher(const byte in[], byte out[], size_t length)
+ {
+ RC4(&m_rc4, length, in, out);
+ }
+
+ void key_schedule(const byte key[], size_t length)
+ {
+ RC4_set_key(&m_rc4, length, key);
+ }
+
+ RC4_KEY m_rc4;
+ };
+
+}
+
+BOTAN_REGISTER_TYPE(StreamCipher, OpenSSL_RC4, "RC4", make_new_T<OpenSSL_RC4>, "openssl", 64);
+
+}
diff --git a/src/lib/utils/sqlite3/info.txt b/src/lib/vendor/sqlite3/info.txt
index 6370f4b2b..6370f4b2b 100644
--- a/src/lib/utils/sqlite3/info.txt
+++ b/src/lib/vendor/sqlite3/info.txt
diff --git a/src/lib/utils/sqlite3/sqlite3.cpp b/src/lib/vendor/sqlite3/sqlite3.cpp
index 61c7f15bc..61c7f15bc 100644
--- a/src/lib/utils/sqlite3/sqlite3.cpp
+++ b/src/lib/vendor/sqlite3/sqlite3.cpp
diff --git a/src/lib/utils/sqlite3/sqlite3.h b/src/lib/vendor/sqlite3/sqlite3.h
index 8495a1d1b..8495a1d1b 100644
--- a/src/lib/utils/sqlite3/sqlite3.h
+++ b/src/lib/vendor/sqlite3/sqlite3.h