| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Fixes #767 and #19
Main purpose is to support external libs like OpenSSL on Windows.
|
|
|
|
|
|
| |
The pkcs11 module once required the pkcs11 headers as an external dependency,
but the headers were included a while ago. Still, the module was set to be
load_on vendor. Instead, we can enable the module by default now.
|
|
|
|
| |
Flagged by Coverity
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
|
|
|
|
| |
OpenSSL 1.0.2 added support for brainpool curves, so we
can use it provided the version check succeeds.
|
|
|
|
|
|
| |
Kind of a vestigial thing from an earlier iteration of the module
design, and never useful to specify anymore since taking all the cpp
files is what you want exactly 100% of the time.
|
| |
|
|
|
|
|
|
|
| |
Adds new Private_Key::private_key_info() that returns
a PKCS#8 PrivateKeyInfo structure. Renames the current
Private_Key::pkcs8_private_key() to private_key_bits().
BER_encode() just invokes private_key_info().
|
|
|
|
|
|
|
| |
Adds new Public_Key::subject_public_key() that returns
a X.509 SubjectPublicKey structure. Renames the current
Public_Key::x509_subject_public_key() to public_key_bits().
BER_encode() just invokes subject_public_key().
|
|
|
|
|
|
|
|
|
|
|
|
| |
I was initially thinking of Botan as somewhat closed system, but
@cordney has a legit use case of wanting to expose a TPM sign
operation, but using their internal TPM library and TPM key type.
This requires the API be exposed so the derivation can occur.
Add a comment in the header explaining that the header is not for
normal application use and directing them to pubkey.h
This basically reverts 2747e8e23aec43162
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add Public_Key::key_length usable for policy checking (as in
TLS::Policy::check_peer_key_acceptable)
Remove Public_Key::max_input_bits because it didn't make much sense
for most algorithms actually.
Remove message_parts and message_part_size from PK_Ops
|
|
|
|
| |
Also part of Algo_Registry and not needed after #668
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously PKCS11_ECDSA_PrivateKey::check_key failed because no
verification is possible using this key type (does not derive from
public key). Split keypair consistency to allow two key arguments.
ECDSA keypair consistency disabled in the tests still, because
SoftHSMv2 gives mechanism invalid errors. I think this is a SoftHSMv2
issue with the signature mechanism.
Remove no longer used Key_Type typedefs (need to be removed everywhere).
GH #712
|
| |
|
|
|
|
| |
Found by cppcheck
|
|
|
|
|
|
|
|
|
| |
Check return value of read, found by Clang. See also #677
Remove unused member variable in OpenSSL ECC, found by Clang.
In ECDSA tests, if the pointer is null we should return rather
than dereferencing it. Found by Coverity.
|
| |
|
|
|
|
|
| |
One of the constructors initialized the member, the others did not.
Found by Coverity scanner.
|
|\ |
|
| | |
|
| |
| |
| |
| |
| |
| | |
This required taking a global lock and doing a map lookup each
time an algorithm was requested (and so many times during a TLS
handshake).
|
| |
| |
| |
| |
| |
| |
| | |
I repent my use of global constructors.
I repent my use of global locks.
Hopefully I will never touch this code again.
:)
|
|/
|
|
|
|
| |
An invalid UTF-8 character prevented Latex
from generating a PDF document from the
doxygen-generated Latex API docs via make pdf.
|
| |
|
| |
|
|
|
|
| |
GH #656
|
|
|
|
| |
Some fixes for missing system_rng in ECIES and tests.
|
| |
|
|
|
|
|
|
|
| |
Verification is deterministic and public, so really no RNG is ever needed.
Change provider handling - accepts "base", "openssl", or empty, otherwise
throws a Provider_Not_Found exception.
|
|
|
|
|
|
|
|
| |
Instead the key types exposes operations like `create_encryption_op`
which will return the relevant operation if the algorithm supports it.
Changes pubkey.h interface, now RNG is passed at init time.
Blinder previous created its own RNG, now it takes it from app.
|
|
|
|
|
|
| |
Compiling botan with disabled rc4 module fails in case of openssl w/o rc4...
Error:
./src/lib/prov/openssl/openssl_rc4.cpp:15:25: fatal error: openssl/rc4.h: No such file or directory
#include <openssl/rc4.h>
|
| |
|
|
|
|
|
| |
For block ciphers, stream ciphers, hashes, MACs, and cipher modes.
Cipher_Mode already had it, with a slightly different usage.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change reseed interval logic to count calls to `randomize` rather than
bytes, to match SP 800-90A
Changes RNG reseeding API: there is no implicit reference to the
global entropy sources within the RNGs anymore. The entropy sources
must be supplied with the API call. Adds support for reseding directly
from another RNG (such as a system or hardware RNG).
Stateful_RNG keeps optional references to both an RNG and a set of
entropy sources. During a reseed, both sources are used if set.
These can be provided to HMAC_DRBG constructor.
For HMAC_DRBG, SP800-90A requires we output no more than 2**16 bytes
per DRBG request. We treat requests longer than that as if the caller
had instead made several sequential maximum-length requests. This
means it is possible for one or more reseeds to trigger even in the
course of generating a single (long) output (generate a 256-bit key
and use ChaCha or HKDF if this is a problem).
Adds RNG::randomize_with_ts_input which takes timestamps and uses them
as the additional_data DRBG field. Stateful_RNG overrides this to also
include the process ID and the reseed counter. AutoSeeded_RNG's
`randomize` uses this.
Officially deprecates RNG::make_rng and the Serialized_RNG construtor
which creates an AutoSeeded_RNG. With these removed, it would be
possible to perform a build with no AutoSeeded_RNG/HMAC_DRBG at all
(eg, for applications which only use the system RNG).
Tests courtesy @cordney in GH PRs #598 and #600
|
| |
|
|
|
|
|
|
| |
I think probably what these headers had should work, but end up
confusing the generator and breaking the build:
https://travis-ci.org/randombit/botan/jobs/154197472
|
| |
|
|
|
|
|
|
|
| |
These headers are copied/linked into build_dir/include/external
This has the advantage that external includes can be taken as they are, they haven't to be modified.
Fixes amalgamation build with enabled pkcs#11 module
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It provided a default implementation that only checked
that the length was correct, but ignored the actual data
and did not notify the caller, which seemed like a
rather odd behaviour.
The only implementation that used this default implementation,
RC4, now throws an exception.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handles fork checking for HMAC_RNG and HMAC_DRBG
AutoSeeded_RNG change - switch to HMAC_DRBG as default.
Start removing the io buffer from entropy poller.
Update default RNG poll bits to 256.
Fix McEliece test, was using wrong RNG API.
Update docs.
|
|
|
|
|
|
|
|
| |
Add support and tests for additional_data param to HMAC_DRBG
Add Stateful_RNG class which has fork detection and periodic reseeding.
AutoSeeded_RNG passes the current pid and time as additional_data
|
|
|
|
| |
no longer needed since hash_for_emsa() is now in emsa.h
|
|\ |
|
| | |
|
| | |
|
| | |
|
| | |
|