aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/prov/openssl
Commit message (Collapse)AuthorAgeFilesLines
* Implement cipher modes with OpenSSL.Alexander Bluhm2017-04-252-0/+207
| | | | | | Use the OpenSSL provider to implement AES CBC mode. Also pass down the provider to the encryption layer if there is no matching OpenSSL mode. Add a test with empty nonce.
* Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-021-1/+3
|
* add "--with-external-libdir" to configure.pyDaniel Neus2017-01-261-1/+2
| | | | | | Fixes #767 and #19 Main purpose is to support external libs like OpenSSL on Windows.
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-185-45/+45
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Add support for brainpool curves in openssl providerRené Korthaus2016-12-171-1/+17
| | | | | OpenSSL 1.0.2 added support for brainpool curves, so we can use it provided the version check succeeds.
* Add Private_Key::private_key_info()René Korthaus2016-12-051-2/+2
| | | | | | | Adds new Private_Key::private_key_info() that returns a PKCS#8 PrivateKeyInfo structure. Renames the current Private_Key::pkcs8_private_key() to private_key_bits(). BER_encode() just invokes private_key_info().
* Add Public_Key::subject_public_key()René Korthaus2016-12-051-2/+2
| | | | | | | Adds new Public_Key::subject_public_key() that returns a X.509 SubjectPublicKey structure. Renames the current Public_Key::x509_subject_public_key() to public_key_bits(). BER_encode() just invokes subject_public_key().
* Fix OpenSSL RC4 clone - ignored skip paramJack Lloyd2016-11-261-1/+1
|
* Pubkey cleanupsJack Lloyd2016-11-123-9/+4
| | | | | | | | | | Add Public_Key::key_length usable for policy checking (as in TLS::Policy::check_peer_key_acceptable) Remove Public_Key::max_input_bits because it didn't make much sense for most algorithms actually. Remove message_parts and message_part_size from PK_Ops
* Remove Key_Type typedefsJack Lloyd2016-11-082-5/+0
| | | | Also part of Algo_Registry and not needed after #668
* Avoid possibility of mismatched brackets.Jack Lloyd2016-10-311-2/+6
| | | | Found by cppcheck
* Static analyzer fixesJack Lloyd2016-10-251-1/+0
| | | | | | | | | Check return value of read, found by Clang. See also #677 Remove unused member variable in OpenSSL ECC, found by Clang. In ECDSA tests, if the pointer is null we should return rather than dereferencing it. Found by Coverity.
* Small cleanup in OpenSSL ECJack Lloyd2016-10-211-12/+13
|
* Remove alias logic from SCAN_NameJack Lloyd2016-10-211-2/+3
| | | | | | This required taking a global lock and doing a map lookup each time an algorithm was requested (and so many times during a TLS handshake).
* Remove Algo_RegistryJack Lloyd2016-10-214-101/+127
| | | | | | | I repent my use of global constructors. I repent my use of global locks. Hopefully I will never touch this code again. :)
* The other half of 55b8fb5Jack Lloyd2016-10-091-7/+9
| | | | GH #656
* Make pk_ops.h internalJack Lloyd2016-10-081-1/+1
| | | | Some fixes for missing system_rng in ECIES and tests.
* OpenSSL fixesJack Lloyd2016-10-072-4/+4
|
* Revert PK_Verifier change (don't require RNG there).Jack Lloyd2016-10-071-17/+5
| | | | | | | Verification is deterministic and public, so really no RNG is ever needed. Change provider handling - accepts "base", "openssl", or empty, otherwise throws a Provider_Not_Found exception.
* Remove Algo_Registry usage from public key code.Jack Lloyd2016-10-073-115/+119
| | | | | | | | Instead the key types exposes operations like `create_encryption_op` which will return the relevant operation if the algorithm supports it. Changes pubkey.h interface, now RNG is passed at init time. Blinder previous created its own RNG, now it takes it from app.
* fix compiler error: openssl w/o rc4t0b32016-10-011-1/+1
| | | | | | Compiling botan with disabled rc4 module fails in case of openssl w/o rc4... Error: ./src/lib/prov/openssl/openssl_rc4.cpp:15:25: fatal error: openssl/rc4.h: No such file or directory #include <openssl/rc4.h>
* Change T::provider to return std::stringJack Lloyd2016-09-153-3/+3
|
* Add T::provider() to allow user to inquire about implementation usedJack Lloyd2016-09-153-0/+4
| | | | | For block ciphers, stream ciphers, hashes, MACs, and cipher modes. Cipher_Mode already had it, with a slightly different usage.
* Remove deprecated hashes MD2, HAS-160, and RIPEMD-128Jack Lloyd2016-09-021-4/+0
|
* Make Stream_Cipher::set_iv() pure virtualRené Korthaus2016-07-201-0/+6
| | | | | | | | | | It provided a default implementation that only checked that the length was correct, but ignored the actual data and did not notify the caller, which seemed like a rather odd behaviour. The only implementation that used this default implementation, RC4, now throws an exception.
* Adding StreamCipher::seek interface, supporting seek in ChaCha, and also ↵SimCog2016-06-181-0/+5
| | | | adding ChaCha8 support
* Clean up PK decryption encoding.Jack Lloyd2016-03-202-4/+11
| | | | | | | Previously RSA and ElGamal stripped off leading zeros which were then assumed by the padding decoders. Instead have them produce ciphertexts with leading zeros. Changes EME_Raw to strip leading zeros to match existing behavior.
* cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-051-1/+1
| | | | explicit.
* Add missing overrides and fix -Wpedantic 'extra ;' warningsJack Lloyd2016-01-173-28/+28
| | | | | | | | | | Remove -Wsuggest-attribute=noreturn from maintainer mode flags as it seems like outside of the assertion failure macro any other suggestion would always be a false positive (an unimplemented function or the like). Or at least, if such a function needing noreturn to assist with static analysis is added in the future it will be obvious, by virtue of the static analyzer warnings which occur due to the missing noreturn preventing the analyzer from understanding code flow.
* Mass-prefix member vars with m_René Korthaus2016-01-081-50/+50
|
* Add ECDH via OpenSSLJack Lloyd2016-01-042-15/+113
| | | | | | | | | | Expose provider param in PK_Key_Agreement API Handle multiple providers in key agreement tests Fix some funky formatting of P-521 EC points in ecdh.vec which was being rejected by OpenSSL; for whatever reason the CAVS file had the affine coords with far more leading zeros than necessary.
* Merge the openssl code together.Jack Lloyd2015-12-197-0/+941
Having the code diffused all over the place was ugly and would not scale well to multiple alternative providers. GH #368