| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| | |
Based on feedback from @securitykernel on the PR.
|
| |
| |
| |
| |
| |
| |
| | |
This commit implements the feedback from @securitykernel on the
PR and also changes the EC Group comparison to use the OID, akin
to OpenSSL. The EC Group comparison was needed before GH #1093
was merged, but now we can go use the OpenSSL variant.
|
| |
| |
| |
| |
| | |
Without the specific extern "C" declaration for the includes the
C functions might get C++'d so the linking stage fails.
|
| |
| |
| |
| |
| |
| | |
This commit adds support for ECDSA using BearSSL as a backend. This
means we can test BearSSL's ECDSA algorithms using the extensive
Botan testsuite.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
BearSSL is an implementation of the SSL/TLS protocol in C aiming
to be correct and secure, small and highly portable. Thus making
it nicer to be included in a rather sparse bootloader. This commit
adds support for BearSSL's hash routines only, with more stuff
coming up in following commits. The goal is to be able to test
BearSSL using Botan's extensive testsuite.
|
|\ \
| | |
| | |
| | | |
maintainer build
|
| |/ |
|
|\ \
| | |
| | |
| | | |
to use it
|
| |/ |
|
|/ |
|
|
|
|
| |
Constify some member functions
|
|
|
|
|
|
| |
Add some #ifdef LIBRESSL_VERSION_NUMBER in addition to the
OPENSSL_VERSION_NUMBER switch. Narrow down API compatiblity between
LibreSSL and OpenSSL version in docs.
|
| |
|
|
|
|
|
| |
Implement RSA private key generation with RSA_generate_key_ex().
Make PK_Key_Generation_Test iterate over all providers.
|
|\
| |
| |
| | |
call fails
|
| |
| |
| |
| |
| | |
Checking for all failures helps to find problems early. The
OpenSSL_Error() exception provides the OpenSSL error string.
|
|/
|
|
|
|
| |
The function ERR_load_crypto_strings() should be called by the
program or during library initializeation. Remove it from
get_openssl_enc_pad(), this looks like an accident.
|
|
|
|
|
|
| |
Use the OpenSSL provider to implement AES CBC mode. Also pass down
the provider to the encryption layer if there is no matching OpenSSL
mode. Add a test with empty nonce.
|
|
|
|
|
|
|
|
|
| |
* fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations)
* `default` specifier instead of `{}` in some places(probably all)
* removal of unreachable code (for example `return` after `throw`)
* removal of compilation unit only visible, but not used functions
* fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT`
* removed not needed semicolons
|
| |
|
|
|
|
|
|
| |
Fixes #767 and #19
Main purpose is to support external libs like OpenSSL on Windows.
|
|
|
|
|
|
| |
The pkcs11 module once required the pkcs11 headers as an external dependency,
but the headers were included a while ago. Still, the module was set to be
load_on vendor. Instead, we can enable the module by default now.
|
|
|
|
| |
Flagged by Coverity
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
|
|
|
|
| |
OpenSSL 1.0.2 added support for brainpool curves, so we
can use it provided the version check succeeds.
|
|
|
|
|
|
| |
Kind of a vestigial thing from an earlier iteration of the module
design, and never useful to specify anymore since taking all the cpp
files is what you want exactly 100% of the time.
|
| |
|
|
|
|
|
|
|
| |
Adds new Private_Key::private_key_info() that returns
a PKCS#8 PrivateKeyInfo structure. Renames the current
Private_Key::pkcs8_private_key() to private_key_bits().
BER_encode() just invokes private_key_info().
|
|
|
|
|
|
|
| |
Adds new Public_Key::subject_public_key() that returns
a X.509 SubjectPublicKey structure. Renames the current
Public_Key::x509_subject_public_key() to public_key_bits().
BER_encode() just invokes subject_public_key().
|
|
|
|
|
|
|
|
|
|
|
|
| |
I was initially thinking of Botan as somewhat closed system, but
@cordney has a legit use case of wanting to expose a TPM sign
operation, but using their internal TPM library and TPM key type.
This requires the API be exposed so the derivation can occur.
Add a comment in the header explaining that the header is not for
normal application use and directing them to pubkey.h
This basically reverts 2747e8e23aec43162
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add Public_Key::key_length usable for policy checking (as in
TLS::Policy::check_peer_key_acceptable)
Remove Public_Key::max_input_bits because it didn't make much sense
for most algorithms actually.
Remove message_parts and message_part_size from PK_Ops
|
|
|
|
| |
Also part of Algo_Registry and not needed after #668
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously PKCS11_ECDSA_PrivateKey::check_key failed because no
verification is possible using this key type (does not derive from
public key). Split keypair consistency to allow two key arguments.
ECDSA keypair consistency disabled in the tests still, because
SoftHSMv2 gives mechanism invalid errors. I think this is a SoftHSMv2
issue with the signature mechanism.
Remove no longer used Key_Type typedefs (need to be removed everywhere).
GH #712
|
| |
|
|
|
|
| |
Found by cppcheck
|
|
|
|
|
|
|
|
|
| |
Check return value of read, found by Clang. See also #677
Remove unused member variable in OpenSSL ECC, found by Clang.
In ECDSA tests, if the pointer is null we should return rather
than dereferencing it. Found by Coverity.
|
| |
|
|
|
|
|
| |
One of the constructors initialized the member, the others did not.
Found by Coverity scanner.
|
|\ |
|
| | |
|
| |
| |
| |
| |
| |
| | |
This required taking a global lock and doing a map lookup each
time an algorithm was requested (and so many times during a TLS
handshake).
|
| |
| |
| |
| |
| |
| |
| | |
I repent my use of global constructors.
I repent my use of global locks.
Hopefully I will never touch this code again.
:)
|
|/
|
|
|
|
| |
An invalid UTF-8 character prevented Latex
from generating a PDF document from the
doxygen-generated Latex API docs via make pdf.
|
| |
|
| |
|