aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* The last checkin did not work; the Library_State constructor called code1.7.2lloyd2007-10-133-14/+40
| | | | | | | | that called global_state(), which cased an infinite recursion. Make creating a Library_State a two-phase operation, first an empty constructor (just sets all pointers to NULL), then an initializer that sets up everything needed to start up the library.
* Move most of the initializer code directly into the Library_State constructorlloyd2007-10-133-84/+68
|
* Bump the version numbers in configure.pl and readme.txtlloyd2007-10-082-2/+2
|
* Initial changelog note for 1.7.2. Currently targeting a Oct 13 release.lloyd2007-10-081-0/+9
|
* If the LibraryInitializer is created with just default arguments, don'tlloyd2007-10-0724-104/+56
| | | | | | | bother creating it, just let it be initialized lazily when needed. Reindents in encypt.cpp and hash_fd.cpp (indenting the brace after a try statement).
* Optionally, you can specify an argument that is passed to the LibraryInitializerlloyd2007-10-071-7/+19
| | | | constructor.
* If we attempt to access the global state, and it is null, calllloyd2007-10-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | LibraryInitializer::initialize(), which will set it for us (or fail by throwing an exception, which will be propogated to the caller). So any instances of creating a LibraryInitializer where no option arguments are passed can be removed; instead that initialization will run when or if you execute an operation where Botan requires the services provided in the state. Because no options are passed, the library will be using the default (debug and not thread safe) mutex type: so hopefully you'll quickly get an exception when the debug mutex realizes it is being used in a threaded application, but there is risk of operations silently failing before that happens. You can call LibraryInitializer::deinitialize() at the end of your main function (or whenever you think you won't need Botan anymore), to free the global state; if not a number of cleanup destructors will not run (including the final scrub of memory). You can even shut down Botan speculatively; if it turns out you need it again, it just means you'll have to take the cost of another initialization. However in applications that use Botan only in small bursts, or in rarely taken codepaths, you can remove the state entirely and suffer zero memory overhead. This probably only makes sense in memory constrained systems, but it's reasonable to do now. Speculatively deallocating the state is probably not thread safe without extra work. One thread calling deinitialize() would invalidate pointers that would have been visible to other threads. One (untested) idea: have an atomic integer with the number of current threads using Botan. If any thread decrements and hits zero, it could deinitialize Botan safely. This might cause too many repeated startup/shutdowns, which would depend on the app use pattern. In addition, since you can't pass arguments to the new Library_State, you can't specify the use of real mutexes (or anything else): so for right now, this only works in applications that are fine with the standard options. I want to find a way to get that working, though, since it's very inelegant. Currently a Default_Mutex (not at all thread safe but somewhat error checking) will be used. And self test will always be run (more on that below). I wrote a program that just initializes and shuts down in a tight loop. Running on my Gentoo box (Core2 E6400, gcc 4.1.2): thread_safe? selftest? time (ms) ------------ --------- --------- no yes 6.1 no no 3.8 yes yes 6.7 yes no 3.8 If you're actually worried that the library might start up OK but then start failing basic self tests, what you actually want to do is have a thread that runs diagnostics on your entire process state (including calling Botan's self test code) every N seconds. The question is how to get arguments from the outside world to the constructor of the Library_State that is created inside of global_state(): avoiding many self tests to save a bit of time (many applications won't care about the extra cost but sometimes 2 or 3 ms is important), and thread safety (beacuse you can't specify to use a real mutex).
* Add OIDs for SHA-224, SHA-256, SHA-384, SHA-512, and DSA with SHA-224 andlloyd2007-10-031-1/+9
| | | | SHA-256 (from draft-ietf-pkix-sha2-dsa-ecdsa-01)
* merge of '47a5010fef7cfb037831ae7db581e20ad8ec5b03'lloyd2007-10-031-1/+6
|\ | | | | | | and 'fbf3d94a0adf58cf44bd52a391f647b9ea49a5ba'
| * If DL_Group's constructor can't find a group, throw a reasonably informativelloyd2007-09-291-1/+6
| | | | | | | | exception instead of one for a PEM decode error which is not very helpful.
* | Typo fixlloyd2007-09-201-1/+1
| |
* | Add a line mentioning sources of further informationlloyd2007-09-201-0/+3
| |
* | Increase the (arbitrary) upper bound on how long the benchmarks can run tolloyd2007-09-181-1/+1
|/ | | | 5 minutes (300 seconds).
* Add CBC-MAC(AES) tests that use longer inputslloyd2007-09-171-1/+85
|
* Use the OUTPUT_LENGTH constant instead of assuming the block size of the cipherlloyd2007-09-171-6/+7
| | | | is 64 bits.
* Check in an initial implementation of CBC-MAC.lloyd2007-09-164-136/+282
| | | | | | | The test vectors were generated by Crypto++ 5.5 on a Linux/x86-64 machine. Test vectors for CBC-MAC(DES) all pass, for inputs up to 63 bytes. For CBC-MAC(AES-128), all test vectors with inputs over 10 bytes fail to verify against what Crypto++ produces. Unknown at this time where the bug lies.
* Cleanup the public key benchmark code: avoid macros, use PEM/PKCSlloyd2007-09-1311-190/+119
| | | | | | | | | #8 format to store Rabin-Williams keys, inline small functions that are only called once into their caller. Reduces overall length of the file from 458 to 367 lines. Rename all the key files in keys/ to use a .pem suffix since they are all now in PEM format (the RSA keys had been for a long time but were never renamed).
* Add x86-64 to the list of Darwin/OS X platformslloyd2007-09-131-0/+1
|
* Remove code checking the BOTAN_NO_ macros for if particular public keylloyd2007-09-132-69/+9
| | | | | algorithms exist. They haven't been used since the 'minimal' module was removed in Botan 1.3.14
* Update the copyright notice to include 2007lloyd2007-09-132-2/+2
|
* Comment out the CBC-MAC test vectors for now since they cause warningslloyd2007-09-131-136/+136
| | | | about unknown algorithm names.
* Check in some test vectors for plain FIPS 113 CBC-MAC using DES and AES-128lloyd2007-08-031-0/+137
|
* Typo (s/holdin/holding/)lloyd2007-08-011-6/+7
|
* merge of '7704b6e82a74605099a06fcd56190d4796d761df'lloyd2007-07-271-0/+4
|\ | | | | | | and 'b52ffb84f6e232e32db9f8090937c9def3a276d4'
| * propagate from branch 'net.randombit.botan.stable' (head ↵lloyd2007-07-272-2/+6
| |\ | | | | | | | | | | | | | | | b8139f65cc60ecf9c4b2e789474f81d97036f43e) to branch 'net.randombit.botan' (head 257e32039477e27e354f0cebf2f139fcd9f7400a)
| | * Use Botan:: prefixes to work around a bug in Visual Studio C++ 2003. Patchlloyd2007-07-271-2/+2
| | | | | | | | | | | | from Christophe Meessen on the development list.
| | * Document 1.6.3 changes1.6.3lloyd2007-07-232-2/+5
| | |
| | * applied changes from 4195f29bd5b52227e8c0786b4dfd1a71a53e2df5lloyd2007-07-172-12/+17
| | | | | | | | | | | | | | | | | | | | | through 1b3b93981f425fcc78d0d283136542ff58a8bb07 Cherrypick the change to fix the algorithm cache lookups made on mainline back to the stable tree.
| | * Bump to 1.6.3lloyd2007-07-171-1/+1
| | |
* | | Use Botan:: prefixes to work around a bug in Visual Studio C++ 2003. Patchlloyd2007-07-271-2/+2
|/ / | | | | | | from Christophe Meessen on the development list.
* | If counter overflows, truncate the output of KDF2. That effectivelylloyd2007-07-261-1/+1
| | | | | | | | | | limits the output to just a bit under 2^32 bytes, which is the maximum you can request anyway.
* | Add information for 1.7.1 release1.7.1lloyd2007-07-232-0/+9
| |
* | Avoid some C-style casts in the moduleslloyd2007-07-234-4/+4
| |
* | Avoid C-style casts (as detected by GCC's -Wold-style-cast) and instead use lloyd2007-07-2338-117/+147
| | | | | | | | static_cast or reinterpret_cast, as needed.
* | Use the get_clock/get_ticks code instead of calling std::clock directly. Allowslloyd2007-07-231-5/+6
| | | | | | | | (nominally) more accurate results.
* | Move the load/store operations to their own header, to allow assemblylloyd2007-07-233-167/+183
| | | | | | | | or other non-portable implementations as modules.
* | Use std::string::data() instead of std::string::c_str() in cases where welloyd2007-07-219-10/+10
| | | | | | | | | | just want access to the underlying data representation but don't care if the return value is NULL terminated or not.
* | Combine the Blowfish initial sbox contents into a single 1024 element array.lloyd2007-07-173-100/+92
| |
* | If an algorithm cache lookup fails, index the newly created prototype objectlloyd2007-07-172-12/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | under the name that the algorithm was originally requested by. This enables proper caching for algorithm names which deref_alias fails to fully dereference such as "HMAC(SHA-1)". The previous code had two major problems with names of that type, firstly that the cache was effectively bypassed due to all prototype objects in Algorithm_Cache_Impl being indexed by their canonical names rather than the alias that they were requested under, and that there existed a race condition where a prototype object might be deleted while in use in multithreaded code. The downside of this change is that using multiple names to refer to a single algorithm causes multiple prototype objects to be created, one for each name that is in use. However the memory overhead of this should be fairly minimal and given the severity of the race condition this seems like a worthwhile tradeoff. A more complete fix would be to fix deref_alias to properly derference all alias names. That fix would be complimentary with this change in that if deref_alias handled all names properly there would be a single prototype object and there would then be no additional memory overhead to the cache.
* | Add memory allocator to the todolloyd2007-06-121-0/+7
| |
* | We don't need to use locked memory in the X.509 distinguished name.lloyd2007-06-112-4/+4
| |
* | Remove unused include of blinding.hlloyd2007-06-111-1/+0
| |
* | Add a couple more aliases for Core 2lloyd2007-05-311-0/+3
| |
* | On an assignment or initialization split across lines, put the = at the endlloyd2007-05-312-6/+6
| | | | | | | | of the line rather than the start.
* | Update Yves' credits with the other changes he sent that are being mergedlloyd2007-05-311-1/+1
| | | | | | | | into mainline rather than stable.
* | propagate from branch 'net.randombit.botan.stable' (head ↵lloyd2007-05-312-1/+6
|\| | | | | | | | | | | e92fe807f749c526669303bd1530dd76a4d10a86) to branch 'net.randombit.botan' (head 04a56f961f413296df6637b77ec45aa444513cfc)
| * Update credits with Yves' information.lloyd2007-05-311-0/+5
| |
| * Typo: RFC 882 instead of 822. Reported by Yves Jerschow.lloyd2007-05-311-1/+1
| |
* | Use the word-loading operations in SHA-384/SHA-512 as welllloyd2007-05-311-5/+4
| |
* | Bump the version to 1.7.1 in configure; there has been enough that it shouldn'tlloyd2007-05-311-1/+1
| | | | | | | | be marked as 1.7.0 at least.