aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/prov
Commit message (Collapse)AuthorAgeFilesLines
* Add basic test for TPM UUID classJack Lloyd2017-06-041-3/+3
| | | | Constify some member functions
* Make Botan compile with LibreSSL again.Alexander Bluhm2017-05-243-6/+6
| | | | | | Add some #ifdef LIBRESSL_VERSION_NUMBER in addition to the OPENSSL_VERSION_NUMBER switch. Narrow down API compatiblity between LibreSSL and OpenSSL version in docs.
* Add copy_state to OpenSSL hash functions, and port to OpenSSL 1.1.0Jack Lloyd2017-05-225-74/+130
|
* Generate private RSA key with OpenSSL.Alexander Bluhm2017-04-302-0/+39
| | | | | Implement RSA private key generation with RSA_generate_key_ex(). Make PK_Key_Generation_Test iterate over all providers.
* Merge GH #1032 Throw exception with OpenSSL error message if OpenSSL API ↵Jack Lloyd2017-04-295-35/+65
|\ | | | | | | call fails
| * Throw OpenSSL exception if any OpenSSL function failed.Alexander Bluhm2017-04-295-35/+65
| | | | | | | | | | Checking for all failures helps to find problems early. The OpenSSL_Error() exception provides the OpenSSL error string.
* | Do not load OpenSSL error messages in library.Alexander Bluhm2017-04-281-1/+0
|/ | | | | | The function ERR_load_crypto_strings() should be called by the program or during library initializeation. Remove it from get_openssl_enc_pad(), this looks like an accident.
* Implement cipher modes with OpenSSL.Alexander Bluhm2017-04-252-0/+207
| | | | | | Use the OpenSSL provider to implement AES CBC mode. Also pass down the provider to the encryption layer if there is no matching OpenSSL mode. Add a test with empty nonce.
* Content:Tomasz Frydrych2017-04-034-6/+4
| | | | | | | | | * fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations) * `default` specifier instead of `{}` in some places(probably all) * removal of unreachable code (for example `return` after `throw`) * removal of compilation unit only visible, but not used functions * fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT` * removed not needed semicolons
* Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-023-3/+9
|
* add "--with-external-libdir" to configure.pyDaniel Neus2017-01-261-1/+2
| | | | | | Fixes #767 and #19 Main purpose is to support external libs like OpenSSL on Windows.
* Enable PKCS11 module by default and remove --with-pkcs11 optionRené Korthaus2017-01-111-2/+0
| | | | | | The pkcs11 module once required the pkcs11 headers as an external dependency, but the headers were included a while ago. Still, the module was set to be load_on vendor. Instead, we can enable the module by default now.
* Add try/catch blocks in noexcept destructors that might throwJack Lloyd2017-01-063-8/+29
| | | | Flagged by Coverity
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-1823-200/+200
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Add support for brainpool curves in openssl providerRené Korthaus2016-12-171-1/+17
| | | | | OpenSSL 1.0.2 added support for brainpool curves, so we can use it provided the version check succeeds.
* Remove <source> block from info.txt filesJack Lloyd2016-12-081-15/+0
| | | | | | Kind of a vestigial thing from an earlier iteration of the module design, and never useful to specify anymore since taking all the cpp files is what you want exactly 100% of the time.
* Fix TPM private_key_bits() exception messageRené Korthaus2016-12-051-1/+1
|
* Add Private_Key::private_key_info()René Korthaus2016-12-059-13/+13
| | | | | | | Adds new Private_Key::private_key_info() that returns a PKCS#8 PrivateKeyInfo structure. Renames the current Private_Key::pkcs8_private_key() to private_key_bits(). BER_encode() just invokes private_key_info().
* Add Public_Key::subject_public_key()René Korthaus2016-12-055-6/+6
| | | | | | | Adds new Public_Key::subject_public_key() that returns a X.509 SubjectPublicKey structure. Renames the current Public_Key::x509_subject_public_key() to public_key_bits(). BER_encode() just invokes subject_public_key().
* Expose pk_ops.h as public interface againJack Lloyd2016-12-044-5/+4
| | | | | | | | | | | | I was initially thinking of Botan as somewhat closed system, but @cordney has a legit use case of wanting to expose a TPM sign operation, but using their internal TPM library and TPM key type. This requires the API be exposed so the derivation can occur. Add a comment in the header explaining that the header is not for normal application use and directing them to pubkey.h This basically reverts 2747e8e23aec43162
* Fix OpenSSL RC4 clone - ignored skip paramJack Lloyd2016-11-261-1/+1
|
* Pubkey cleanupsJack Lloyd2016-11-1210-78/+11
| | | | | | | | | | Add Public_Key::key_length usable for policy checking (as in TLS::Policy::check_peer_key_acceptable) Remove Public_Key::max_input_bits because it didn't make much sense for most algorithms actually. Remove message_parts and message_part_size from PK_Ops
* Remove Key_Type typedefsJack Lloyd2016-11-083-9/+0
| | | | Also part of Algo_Registry and not needed after #668
* Fix PKCS11 test errorJack Lloyd2016-11-042-7/+3
| | | | | | | | | | | | | | Previously PKCS11_ECDSA_PrivateKey::check_key failed because no verification is possible using this key type (does not derive from public key). Split keypair consistency to allow two key arguments. ECDSA keypair consistency disabled in the tests still, because SoftHSMv2 gives mechanism invalid errors. I think this is a SoftHSMv2 issue with the signature mechanism. Remove no longer used Key_Type typedefs (need to be removed everywhere). GH #712
* Update PKCS11 code, no RNG requiredJack Lloyd2016-11-031-14/+1
|
* Avoid possibility of mismatched brackets.Jack Lloyd2016-10-311-2/+6
| | | | Found by cppcheck
* Static analyzer fixesJack Lloyd2016-10-251-1/+0
| | | | | | | | | Check return value of read, found by Clang. See also #677 Remove unused member variable in OpenSSL ECC, found by Clang. In ECDSA tests, if the pointer is null we should return rather than dereferencing it. Found by Coverity.
* Remote unused macrosJack Lloyd2016-10-242-5/+1
|
* Initialize member variable in PKCS11_EC_PrivateKeyJack Lloyd2016-10-242-2/+2
| | | | | One of the constructors initialized the member, the others did not. Found by Coverity scanner.
* Merge GH #668: Remove Algo_Registry and associated global locksJack Lloyd2016-10-248-118/+143
|\
| * Small cleanup in OpenSSL ECJack Lloyd2016-10-211-12/+13
| |
| * Remove alias logic from SCAN_NameJack Lloyd2016-10-211-2/+3
| | | | | | | | | | | | This required taking a global lock and doing a map lookup each time an algorithm was requested (and so many times during a TLS handshake).
| * Remove Algo_RegistryJack Lloyd2016-10-217-104/+127
| | | | | | | | | | | | | | I repent my use of global constructors. I repent my use of global locks. Hopefully I will never touch this code again. :)
* | Fix invalid UTF-8 char in API doc [ci skip]René Korthaus2016-10-221-1/+1
|/ | | | | | An invalid UTF-8 character prevented Latex from generating a PDF document from the doxygen-generated Latex API docs via make pdf.
* Fix doxygen warnings [ci skip]René Korthaus2016-10-192-8/+7
|
* Improve pkcs11 doxygen [ci skip]René Korthaus2016-10-193-13/+49
|
* The other half of 55b8fb5Jack Lloyd2016-10-091-7/+9
| | | | GH #656
* Make pk_ops.h internalJack Lloyd2016-10-085-6/+6
| | | | Some fixes for missing system_rng in ECIES and tests.
* OpenSSL fixesJack Lloyd2016-10-072-4/+4
|
* Revert PK_Verifier change (don't require RNG there).Jack Lloyd2016-10-076-31/+15
| | | | | | | Verification is deterministic and public, so really no RNG is ever needed. Change provider handling - accepts "base", "openssl", or empty, otherwise throws a Provider_Not_Found exception.
* Remove Algo_Registry usage from public key code.Jack Lloyd2016-10-0713-181/+249
| | | | | | | | Instead the key types exposes operations like `create_encryption_op` which will return the relevant operation if the algorithm supports it. Changes pubkey.h interface, now RNG is passed at init time. Blinder previous created its own RNG, now it takes it from app.
* fix compiler error: openssl w/o rc4t0b32016-10-011-1/+1
| | | | | | Compiling botan with disabled rc4 module fails in case of openssl w/o rc4... Error: ./src/lib/prov/openssl/openssl_rc4.cpp:15:25: fatal error: openssl/rc4.h: No such file or directory #include <openssl/rc4.h>
* Change T::provider to return std::stringJack Lloyd2016-09-153-3/+3
|
* Add T::provider() to allow user to inquire about implementation usedJack Lloyd2016-09-153-0/+4
| | | | | For block ciphers, stream ciphers, hashes, MACs, and cipher modes. Cipher_Mode already had it, with a slightly different usage.
* Remove deprecated hashes MD2, HAS-160, and RIPEMD-128Jack Lloyd2016-09-021-4/+0
|
* RNG changes (GH #593)Jack Lloyd2016-08-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change reseed interval logic to count calls to `randomize` rather than bytes, to match SP 800-90A Changes RNG reseeding API: there is no implicit reference to the global entropy sources within the RNGs anymore. The entropy sources must be supplied with the API call. Adds support for reseding directly from another RNG (such as a system or hardware RNG). Stateful_RNG keeps optional references to both an RNG and a set of entropy sources. During a reseed, both sources are used if set. These can be provided to HMAC_DRBG constructor. For HMAC_DRBG, SP800-90A requires we output no more than 2**16 bytes per DRBG request. We treat requests longer than that as if the caller had instead made several sequential maximum-length requests. This means it is possible for one or more reseeds to trigger even in the course of generating a single (long) output (generate a 256-bit key and use ChaCha or HKDF if this is a problem). Adds RNG::randomize_with_ts_input which takes timestamps and uses them as the additional_data DRBG field. Stateful_RNG overrides this to also include the process ID and the reseed counter. AutoSeeded_RNG's `randomize` uses this. Officially deprecates RNG::make_rng and the Serialized_RNG construtor which creates an AutoSeeded_RNG. With these removed, it would be possible to perform a build with no AutoSeeded_RNG/HMAC_DRBG at all (eg, for applications which only use the system RNG). Tests courtesy @cordney in GH PRs #598 and #600
* Another PKCS #11 amalg fixJack Lloyd2016-08-231-1/+1
|
* Work around some amalgamation issues.Jack Lloyd2016-08-232-6/+4
| | | | | | I think probably what these headers had should work, but end up confusing the generator and breaking the build: https://travis-ci.org/randombit/botan/jobs/154197472
* restore to original pkcs11.hDaniel Neus2016-08-121-4/+4
|
* Headers can be marked as external by using `<header:external>` in info.txt.Daniel Neus2016-08-122-2/+5
| | | | | | | These headers are copied/linked into build_dir/include/external This has the advantage that external includes can be taken as they are, they haven't to be modified. Fixes amalgamation build with enabled pkcs#11 module