aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Clear K after new PRK is generated.lloyd2008-10-281-4/+7
|
* Add HMAC_RNG benchmarks. Change X9.31 PRNG to use HMAC_RNG as lower RNGlloyd2008-10-282-11/+35
|
* Set the default XTS (ASCII value of "Botan HMAC_RNG XTS") only once, inlloyd2008-10-281-86/+92
| | | | | | | the constructor. This avoids repeatedly resetting it for each reseed, if HMAC_RNG is used without entropy sources and using only application-provided entropy. Very slightly more efficient and also the code for reseed becomes a bit clearer.
* Mention HMAC_RNG in release noteslloyd2008-10-281-0/+1
|
* Wrap lines to 80 columnslloyd2008-10-2810-30/+54
|
* Modify AutoSeeded_RNG to use HMAC_RNG instead of Randpool, if HMAC_RNG islloyd2008-10-282-5/+20
| | | | | | | | available in the build. If neither is avilable, the constructor will throw an exception. As before, the underlying RNG will be wrapped in an X9.31 PRNG using AES-256 as the block cipher (if X9.31 is enabled in the build).
* Add HMAC_RNG, which is an RNG design based on Hugo Krawczyk's paperlloyd2008-10-283-0/+403
| | | | | | | | "On Extract-then-Expand Key Derivation Functions and an HMAC-based KDF". While it has much smaller state than Randpool (256-512 bits, typically, versus 4096 bits commonly used in Randpool), the more formal design analysis seems attractive (and realistically if the RNG can manage to contain 256 bits of conditional entropy, that is more than sufficient).
* Remove stray textlloyd2008-10-281-1/+0
|
* In ANSI_X931_RNG::reseed, only attempt to reseed the X9.31 state iflloyd2008-10-281-7/+10
| | | | the underlying PRNG's reseed was a success.
* Mention change in Randpool reseeding in release noteslloyd2008-10-281-0/+1
|
* Substantially change Randpool's reseed logic. Now when a reseedlloyd2008-10-2719-34/+107
| | | | | | | | | | | | | | | | | | | | | | | | | | is requested, Randpool will first do a fast poll on each entropy source that has been registered. It will count these poll results towards the collected entropy count, with a maximum of 96 contributed bits of entropy per poll (only /dev/random reaches this, others measure at 50-60 bits typically), and a maximum of 256 for sum contribution of the fast polls. Then it will attempt slow polls of all devices until it thinks enough entropy has been collected (using the rather naive entropy_estimate function). It will count any slow poll for no more than 256 bits (100 or so is typical for every poll but /dev/random), and will attempt to collect at least 512 bits of (estimated/guessed) entropy. This tends to cause Randpool to use significantly more sources. Previously it was common, especially on systems with a /dev/random, for only one or a few sources to be used. This change helps assure that even if /dev/random and company are broken or compromised the RNG output remains secure (assuming at least some amount of entropy unguessable by the attacker can be collected via other sources). Also change AutoSeeded_RNG do an automatic poll/seed when it is created.
* Use a single RNG in check/test codelloyd2008-10-271-10/+5
|
* Document OpenPGP_S2K changelloyd2008-10-261-0/+1
|
* TLS_PRF also depends on MD5 and SHA1, was not so markedlloyd2008-10-261-0/+2
|
* In KDF instead of lookup, instantiate fixed hashes (MD5, SHA-1) directlylloyd2008-10-264-21/+24
|
* Remove lookup.h use from OpenPGP S2Klloyd2008-10-263-23/+14
|
* Make S2K base class non-copyable and non-assignable by default (use clone ↵lloyd2008-10-261-0/+3
| | | | instead)
* Move EntropySource base class to new entropy_src.h (which allows the ↵lloyd2008-10-2616-28/+77
| | | | | | implementations to decouple from knowing about RandomNumberGenerator).
* Remove prohibition against generating DSA parameter set with a 224 bit q,lloyd2008-10-261-4/+0
| | | | since SHA-224 is now implemented.
* Move rng.h from core to rnglloyd2008-10-261-0/+0
|
* Move rng.{cpp,h} from core to rng/ topdirlloyd2008-10-2638-157/+241
| | | | | | | | | | | | | | Add a new class AutoSeeded_RNG that is a RandomNumberGenerator that wraps up the logic formerly in RandomNumberGenerator::make_rng. make_rng in fact now just returns a new AutoSeeded_RNG object. AutoSeeded_RNG is a bit more convenient because - No need to use auto_ptr - No need to dereference (same syntax everywhere - it's an underestimated advantage imo) Also move the code from timer/timer_base to timer/
* Move kdf/kdf_base to kdflloyd2008-10-2610-7/+6
|
* Move pbe/pbe_base to pbe/lloyd2008-10-266-3/+3
|
* Move s2k.{h,cpp} and S2K algos from core and kdf to new s2k/ dirlloyd2008-10-2613-2/+1
|
* Put pk_pad.{h,cpp} from core into pk_pad/ dir (cleaner I think)lloyd2008-10-266-2/+15
|
* Move libstate and selftest out of core/ dir to toplevellloyd2008-10-2626-5/+5
|
* Bump version to 1.7.19-prelloyd2008-10-263-2/+5
|
* Kill stray textlloyd2008-10-241-1/+1
|
* Add alias for Intel T2250. Based on /proc/cpuinfo sent by Benjamin Laulloyd2008-10-241-0/+1
|
* Added prescott submodel to ia32 architecture, including aliases formarkus2008-10-241-0/+7
| | | | most Intel Core Duo (32 bit, as opposed to Core 2 Duo being 64 bit).
* If we match /proc/cpuinfo or uname against a submodel alias, instead printlloyd2008-10-231-1/+6
| | | | | the submodel it is referencing - this is usually more recognizable. Suggested by Markus Wanner.
* Allow setting an environmental variable CPUINFO to override the namelloyd2008-10-231-0/+11
| | | | | | of /proc/cpuinfo in configure.pl This is probably only useful for testing.
* Update log and readme for 1.7.18 release 2008-10-221.7.18lloyd2008-10-222-2/+2
|
* Use -O2 instead of -O3 with Intel C++lloyd2008-10-221-1/+1
|
* More useful PK benchmark output (also a bit easier to parse)lloyd2008-10-221-32/+46
|
* Use heap rather than stack for data input. Increase size to 128klloyd2008-10-221-5/+5
|
* Install pkg-config file to /lib/pkgconfiglloyd2008-10-222-5/+13
|
* Update ICC flags for 10.1lloyd2008-10-221-3/+3
|
* Avoid integer overflows in the benchmark timer code. This would lead tolloyd2008-10-222-5/+10
| | | | bad results, especially noticable with fast algorithms and long test times.
* Timer tried to guess if it should use seconds or ms, but it always chooselloyd2008-10-171-13/+4
| | | | | | | the wrong one in some situation or another. Just print milliseconds no matter what. Also it's easier to read/compare if everything is in the same unit (obv)
* Mention new pkg-config support in log.txtlloyd2008-10-151-0/+1
|
* Delete generated botan.pc on make distcleanlloyd2008-10-152-2/+2
|
* Ignore files generated by InSiTo unit tests int checks/ecc_testdatalloyd2008-10-151-1/+4
|
* Add pkg-config support (requested/suggested by Zack Weinberg on monotone-dev)lloyd2008-10-153-0/+22
|
* Move CVC tests back to the last thing, also disable for the moment becauselloyd2008-10-151-1/+1
| | | | | | | | | several are failing with an uncaught exception. The test failures may be due to the fact that ECDSA's support for EAC is not included at the moment, and the CVC code that attempts to do it is #if'ed out. It certainly can't help anyway. Exception is a decoding error, so seems quite plausible.
* merge of '141433027ee455b8c8b2829f5233eb577039bd41'lloyd2008-10-151-3/+3
|\ | | | | | | and 'a70931899dfcc15fe8aa2ace40712717859afe50'
| * Doxygen commentlloyd2008-10-151-3/+3
| |
* | Clean up VC++ ia32 asm a bit, use new defs of word3_muladd* from generic ↵lloyd2008-10-151-49/+28
| | | | | | | | mp_asmi.h
* | Fix include of mp_asm.h in mp_ia32_msvc/mp_asmi.h (used quotes instead of ↵lloyd2008-10-153-6/+6
|/ | | | brackets)
* Fixup Doxygen errorlloyd2008-10-141-3/+3
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-29 14:22:01 +0000