aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/prov
Commit message (Collapse)AuthorAgeFilesLines
* Avoid int vs size_t warning in OpenSSL codeJack Lloyd2017-09-171-1/+1
|
* OpenSSL module requires public key code be enabled in buildJack Lloyd2017-08-291-0/+4
|
* Fix bad iterator deref in OpenSSL RSAJack Lloyd2017-08-251-1/+3
|
* Merge GH #1094 Add initial BearSSL providerJack Lloyd2017-08-024-0/+392
|\
| * BearSSL: replace more NULLs with nullptrPatrick Wildt2017-07-101-4/+4
| | | | | | | | Based on feedback from @securitykernel on the PR.
| * BearSSL: implement PR feedback and compare ECGroup OID namePatrick Wildt2017-07-053-12/+29
| | | | | | | | | | | | | | This commit implements the feedback from @securitykernel on the PR and also changes the EC Group comparison to use the OID, akin to OpenSSL. The EC Group comparison was needed before GH #1093 was merged, but now we can go use the OpenSSL variant.
| * BearSSL: move includes into extern "C"Patrick Wildt2017-07-052-3/+8
| | | | | | | | | | Without the specific extern "C" declaration for the includes the C functions might get C++'d so the linking stage fails.
| * BearSSL: Support for ECDSAPatrick Wildt2017-07-052-0/+206
| | | | | | | | | | | | This commit adds support for ECDSA using BearSSL as a backend. This means we can test BearSSL's ECDSA algorithms using the extensive Botan testsuite.
| * BearSSL: Initial support and hash testsPatrick Wildt2017-07-053-0/+164
| | | | | | | | | | | | | | | | | | BearSSL is an implementation of the SSL/TLS protocol in C aiming to be correct and secure, small and highly portable. Thus making it nicer to be included in a rather sparse bootloader. This commit adds support for BearSSL's hash routines only, with more stuff coming up in following commits. The goal is to be able to test BearSSL using Botan's extensive testsuite.
* | Merge GH #1132 Fix Doxygen errors and add -Wdocumentation flag to clang ↵Jack Lloyd2017-07-312-2/+2
|\ \ | | | | | | | | | maintainer build
| * | Fix warnings from clangs -Wdocumentation flagJack Lloyd2017-07-282-2/+2
| |/
* | Merge GH #1131 Confirm OpenSSL supports curve at runtime before attempting ↵Jack Lloyd2017-07-311-12/+35
|\ \ | | | | | | | | | to use it
| * | Check if curve is built into OpenSSL at runtimeRené Korthaus2017-07-281-12/+35
| |/
* / Don't crash if openssl can't allocate a new contextKirill A. Korinsky2017-06-293-2/+13
|/
* Add basic test for TPM UUID classJack Lloyd2017-06-041-3/+3
| | | | Constify some member functions
* Make Botan compile with LibreSSL again.Alexander Bluhm2017-05-243-6/+6
| | | | | | Add some #ifdef LIBRESSL_VERSION_NUMBER in addition to the OPENSSL_VERSION_NUMBER switch. Narrow down API compatiblity between LibreSSL and OpenSSL version in docs.
* Add copy_state to OpenSSL hash functions, and port to OpenSSL 1.1.0Jack Lloyd2017-05-225-74/+130
|
* Generate private RSA key with OpenSSL.Alexander Bluhm2017-04-302-0/+39
| | | | | Implement RSA private key generation with RSA_generate_key_ex(). Make PK_Key_Generation_Test iterate over all providers.
* Merge GH #1032 Throw exception with OpenSSL error message if OpenSSL API ↵Jack Lloyd2017-04-295-35/+65
|\ | | | | | | call fails
| * Throw OpenSSL exception if any OpenSSL function failed.Alexander Bluhm2017-04-295-35/+65
| | | | | | | | | | Checking for all failures helps to find problems early. The OpenSSL_Error() exception provides the OpenSSL error string.
* | Do not load OpenSSL error messages in library.Alexander Bluhm2017-04-281-1/+0
|/ | | | | | The function ERR_load_crypto_strings() should be called by the program or during library initializeation. Remove it from get_openssl_enc_pad(), this looks like an accident.
* Implement cipher modes with OpenSSL.Alexander Bluhm2017-04-252-0/+207
| | | | | | Use the OpenSSL provider to implement AES CBC mode. Also pass down the provider to the encryption layer if there is no matching OpenSSL mode. Add a test with empty nonce.
* Content:Tomasz Frydrych2017-04-034-6/+4
| | | | | | | | | * fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations) * `default` specifier instead of `{}` in some places(probably all) * removal of unreachable code (for example `return` after `throw`) * removal of compilation unit only visible, but not used functions * fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT` * removed not needed semicolons
* Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-023-3/+9
|
* add "--with-external-libdir" to configure.pyDaniel Neus2017-01-261-1/+2
| | | | | | Fixes #767 and #19 Main purpose is to support external libs like OpenSSL on Windows.
* Enable PKCS11 module by default and remove --with-pkcs11 optionRené Korthaus2017-01-111-2/+0
| | | | | | The pkcs11 module once required the pkcs11 headers as an external dependency, but the headers were included a while ago. Still, the module was set to be load_on vendor. Instead, we can enable the module by default now.
* Add try/catch blocks in noexcept destructors that might throwJack Lloyd2017-01-063-8/+29
| | | | Flagged by Coverity
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-1823-200/+200
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Add support for brainpool curves in openssl providerRené Korthaus2016-12-171-1/+17
| | | | | OpenSSL 1.0.2 added support for brainpool curves, so we can use it provided the version check succeeds.
* Remove <source> block from info.txt filesJack Lloyd2016-12-081-15/+0
| | | | | | Kind of a vestigial thing from an earlier iteration of the module design, and never useful to specify anymore since taking all the cpp files is what you want exactly 100% of the time.
* Fix TPM private_key_bits() exception messageRené Korthaus2016-12-051-1/+1
|
* Add Private_Key::private_key_info()René Korthaus2016-12-059-13/+13
| | | | | | | Adds new Private_Key::private_key_info() that returns a PKCS#8 PrivateKeyInfo structure. Renames the current Private_Key::pkcs8_private_key() to private_key_bits(). BER_encode() just invokes private_key_info().
* Add Public_Key::subject_public_key()René Korthaus2016-12-055-6/+6
| | | | | | | Adds new Public_Key::subject_public_key() that returns a X.509 SubjectPublicKey structure. Renames the current Public_Key::x509_subject_public_key() to public_key_bits(). BER_encode() just invokes subject_public_key().
* Expose pk_ops.h as public interface againJack Lloyd2016-12-044-5/+4
| | | | | | | | | | | | I was initially thinking of Botan as somewhat closed system, but @cordney has a legit use case of wanting to expose a TPM sign operation, but using their internal TPM library and TPM key type. This requires the API be exposed so the derivation can occur. Add a comment in the header explaining that the header is not for normal application use and directing them to pubkey.h This basically reverts 2747e8e23aec43162
* Fix OpenSSL RC4 clone - ignored skip paramJack Lloyd2016-11-261-1/+1
|
* Pubkey cleanupsJack Lloyd2016-11-1210-78/+11
| | | | | | | | | | Add Public_Key::key_length usable for policy checking (as in TLS::Policy::check_peer_key_acceptable) Remove Public_Key::max_input_bits because it didn't make much sense for most algorithms actually. Remove message_parts and message_part_size from PK_Ops
* Remove Key_Type typedefsJack Lloyd2016-11-083-9/+0
| | | | Also part of Algo_Registry and not needed after #668
* Fix PKCS11 test errorJack Lloyd2016-11-042-7/+3
| | | | | | | | | | | | | | Previously PKCS11_ECDSA_PrivateKey::check_key failed because no verification is possible using this key type (does not derive from public key). Split keypair consistency to allow two key arguments. ECDSA keypair consistency disabled in the tests still, because SoftHSMv2 gives mechanism invalid errors. I think this is a SoftHSMv2 issue with the signature mechanism. Remove no longer used Key_Type typedefs (need to be removed everywhere). GH #712
* Update PKCS11 code, no RNG requiredJack Lloyd2016-11-031-14/+1
|
* Avoid possibility of mismatched brackets.Jack Lloyd2016-10-311-2/+6
| | | | Found by cppcheck
* Static analyzer fixesJack Lloyd2016-10-251-1/+0
| | | | | | | | | Check return value of read, found by Clang. See also #677 Remove unused member variable in OpenSSL ECC, found by Clang. In ECDSA tests, if the pointer is null we should return rather than dereferencing it. Found by Coverity.
* Remote unused macrosJack Lloyd2016-10-242-5/+1
|
* Initialize member variable in PKCS11_EC_PrivateKeyJack Lloyd2016-10-242-2/+2
| | | | | One of the constructors initialized the member, the others did not. Found by Coverity scanner.
* Merge GH #668: Remove Algo_Registry and associated global locksJack Lloyd2016-10-248-118/+143
|\
| * Small cleanup in OpenSSL ECJack Lloyd2016-10-211-12/+13
| |
| * Remove alias logic from SCAN_NameJack Lloyd2016-10-211-2/+3
| | | | | | | | | | | | This required taking a global lock and doing a map lookup each time an algorithm was requested (and so many times during a TLS handshake).
| * Remove Algo_RegistryJack Lloyd2016-10-217-104/+127
| | | | | | | | | | | | | | I repent my use of global constructors. I repent my use of global locks. Hopefully I will never touch this code again. :)
* | Fix invalid UTF-8 char in API doc [ci skip]René Korthaus2016-10-221-1/+1
|/ | | | | | An invalid UTF-8 character prevented Latex from generating a PDF document from the doxygen-generated Latex API docs via make pdf.
* Fix doxygen warnings [ci skip]René Korthaus2016-10-192-8/+7
|
* Improve pkcs11 doxygen [ci skip]René Korthaus2016-10-193-13/+49
|