| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Use the OpenSSL provider to implement AES CBC mode. Also pass down
the provider to the encryption layer if there is no matching OpenSSL
mode. Add a test with empty nonce.
|
| |
|
|
|
|
|
|
| |
Fixes #767 and #19
Main purpose is to support external libs like OpenSSL on Windows.
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
|
|
|
|
| |
OpenSSL 1.0.2 added support for brainpool curves, so we
can use it provided the version check succeeds.
|
|
|
|
|
|
|
| |
Adds new Private_Key::private_key_info() that returns
a PKCS#8 PrivateKeyInfo structure. Renames the current
Private_Key::pkcs8_private_key() to private_key_bits().
BER_encode() just invokes private_key_info().
|
|
|
|
|
|
|
| |
Adds new Public_Key::subject_public_key() that returns
a X.509 SubjectPublicKey structure. Renames the current
Public_Key::x509_subject_public_key() to public_key_bits().
BER_encode() just invokes subject_public_key().
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add Public_Key::key_length usable for policy checking (as in
TLS::Policy::check_peer_key_acceptable)
Remove Public_Key::max_input_bits because it didn't make much sense
for most algorithms actually.
Remove message_parts and message_part_size from PK_Ops
|
|
|
|
| |
Also part of Algo_Registry and not needed after #668
|
|
|
|
| |
Found by cppcheck
|
|
|
|
|
|
|
|
|
| |
Check return value of read, found by Clang. See also #677
Remove unused member variable in OpenSSL ECC, found by Clang.
In ECDSA tests, if the pointer is null we should return rather
than dereferencing it. Found by Coverity.
|
| |
|
|
|
|
|
|
| |
This required taking a global lock and doing a map lookup each
time an algorithm was requested (and so many times during a TLS
handshake).
|
|
|
|
|
|
|
| |
I repent my use of global constructors.
I repent my use of global locks.
Hopefully I will never touch this code again.
:)
|
|
|
|
| |
GH #656
|
|
|
|
| |
Some fixes for missing system_rng in ECIES and tests.
|
| |
|
|
|
|
|
|
|
| |
Verification is deterministic and public, so really no RNG is ever needed.
Change provider handling - accepts "base", "openssl", or empty, otherwise
throws a Provider_Not_Found exception.
|
|
|
|
|
|
|
|
| |
Instead the key types exposes operations like `create_encryption_op`
which will return the relevant operation if the algorithm supports it.
Changes pubkey.h interface, now RNG is passed at init time.
Blinder previous created its own RNG, now it takes it from app.
|
|
|
|
|
|
| |
Compiling botan with disabled rc4 module fails in case of openssl w/o rc4...
Error:
./src/lib/prov/openssl/openssl_rc4.cpp:15:25: fatal error: openssl/rc4.h: No such file or directory
#include <openssl/rc4.h>
|
| |
|
|
|
|
|
| |
For block ciphers, stream ciphers, hashes, MACs, and cipher modes.
Cipher_Mode already had it, with a slightly different usage.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It provided a default implementation that only checked
that the length was correct, but ignored the actual data
and did not notify the caller, which seemed like a
rather odd behaviour.
The only implementation that used this default implementation,
RC4, now throws an exception.
|
|
|
|
| |
adding ChaCha8 support
|
|
|
|
|
|
|
| |
Previously RSA and ElGamal stripped off leading zeros which were then
assumed by the padding decoders. Instead have them produce ciphertexts
with leading zeros. Changes EME_Raw to strip leading zeros to match
existing behavior.
|
|
|
|
| |
explicit.
|
|
|
|
|
|
|
|
|
|
| |
Remove -Wsuggest-attribute=noreturn from maintainer mode flags as it
seems like outside of the assertion failure macro any other suggestion
would always be a false positive (an unimplemented function or the like).
Or at least, if such a function needing noreturn to assist with static
analysis is added in the future it will be obvious, by virtue of the
static analyzer warnings which occur due to the missing noreturn
preventing the analyzer from understanding code flow.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Expose provider param in PK_Key_Agreement API
Handle multiple providers in key agreement tests
Fix some funky formatting of P-521 EC points in ecdh.vec which was
being rejected by OpenSSL; for whatever reason the CAVS file had
the affine coords with far more leading zeros than necessary.
|
|
Having the code diffused all over the place was ugly and would
not scale well to multiple alternative providers.
GH #368
|