aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Drop InSiTo manuallloyd2011-06-101-0/+0
|
* Add (compile-time) toggle for fault protection checking in the PKlloyd2011-06-071-3/+6
| | | | benchmarks
* Write zeros in 4K blockslloyd2011-06-071-7/+9
|
* Simplify Montgomery setup here a bitlloyd2011-06-071-6/+4
|
* Update build doclloyd2011-06-071-16/+25
|
* Fix linking for exampleslloyd2011-06-062-26/+26
| | | | Update download links before I forget
* Zap this, I just replaced the 1.9.18 tarball instead.lloyd2011-06-031-2/+0
|
* Tick version to 1.10.0lloyd2011-06-033-4/+13
|
* Rename some dirs for shorter object files where configure willlloyd2011-06-0313-2/+2
| | | | coalesce the dir and file name if identical.
* Ignore \r as whitespace in base64 decoder - caused test failures onlloyd2011-06-031-1/+3
| | | | Windows :(
* Update download linkslloyd2011-06-031-11/+11
|
* Tick to 1.9.18 release1.9.18lloyd2011-06-033-3/+3
|
* Fix building with --via-amalgamation; it wouldn't generate thelloyd2011-06-036-446/+461
| | | | | | | | amalgamation properly, but would happen to work if a previously written amalgamation was around. Also make changes allowing using the SIMD optimized versions of SHA-1 and Serpent to be used in the amalgamation.
* Remove BOTAN_DLL from internal headers, add it to Unexpected_Messagelloyd2011-06-024-14/+14
| | | | exception.
* Change order of arguments to bigint_monty_redc (internal interface,lloyd2011-06-023-46/+43
| | | | | | not exposed to callers) Switch back redc to using the inlined version (accidental change)
* Add monty sqr and multiply routines (they just call karatsuba and thenlloyd2011-06-024-43/+77
| | | | redc, currently)
* Reduce number of temporaries needed in point additionlloyd2011-06-011-22/+14
|
* Multi-expoentiation, using the single bit variation. Using a 2 or 3lloyd2011-06-015-2/+54
| | | | | | bit window may well improve things further. Currently seeing 20-25% improvement in ECDSA signature verification and 25 to 40% in GOST-34.10 verifications.
* Remove amalg on distcleanlloyd2011-06-012-0/+2
|
* Add --via-amalgamation option that builds everything from a singlelloyd2011-06-012-16/+36
| | | | source file.
* PointGFp::get_affine_{x,y} doesn't return a referencelloyd2011-05-311-2/+2
|
* Use visibility control unless explicitly turned offlloyd2011-05-311-0/+3
|
* MinGW install commands are the default, so don't specify explicitly.lloyd2011-05-262-5/+2
| | | | | On Solaris, use /usr/ucb/install, as /usr/sbin/install uses some kind of other strange syntax.
* Explicitly specify the types for make_pair when passing a const arraylloyd2011-05-241-2/+10
| | | | | | as the first value. Oddly, Sun Studio's default STL tries to make a pair with the first value a 'const byte[2]', and then subsequently rejects that as invalid. Reported by Jeremy Reed.
* Split the SIMD implementations into their own modules and choose onelloyd2011-05-2413-25/+49
| | | | at config time.
* FD_ZERO on Solaris uses memset, and assumes we included string.hlloyd2011-05-243-0/+7
| | | | already. Reported by Jeremy C. Reed <[email protected]>
* Only call p.sig_words once in CurveGFp constructor.lloyd2011-05-192-5/+3
| | | | Fix build log; copy and paste error.
* Move the curve over GF(p) code back into its own subdirlloyd2011-05-197-7/+22
|
* Reject s == 0 or r == 0 in a ECC signature.lloyd2011-05-193-13/+22
| | | | | | | | | | | | | | | In ECDSA, this cases should all be caught by the later check that R is not zero, so I don't believe there is any security danger. However the GOST 34.10 implementation did not have either check. Fortunately, the function that extracts the affine X coordinate from the Jacobian coordinates will throw an exception if the point is at infinity, so we would not in fact accept invalid signatures, but this is mostly by luck. And still represents a bit of a DoS potential. I checked the history, it looks like not checking for zeros at the start traces back to the original InSiTo code, and I copied the ECDSA code for GOST without thinking about it too much.
* Small cleanup in the Barrett reducer, now doesn't create a temp iflloyd2011-05-182-33/+35
| | | | abs(x) < modulus. Also remove unused member variables.
* Fix the very basic operations for encoding and decoding alloyd2011-05-175-95/+28
| | | | | | | | | certificate policies extension, though it's really not supported at all. Remove test code from secmem.h Fix building the examples
* Modify ECC points to do all math in Montgomery form, rather thanlloyd2011-05-176-161/+153
| | | | | | | | | | | | | converting back and forth. This gives a 10 to 20% speedup on a Core i7. In addition, the CurveGFp no longer contains a Barrett reducer, saving 3 BigInts worth of memory. Add a #if'ed out alternative to point multiplication using the Montgomery ladder technique. It runs in (more or less) constant time, but rather significantly slower than the 4 bit window technique currently used. Tweak the window sizes to match the theoretical optimums.
* Fix building the tests when ECC is turned off.lloyd2011-05-171-2/+13
|
* Add RSA constructor that does not require a password. Patch submittedlloyd2011-05-161-0/+18
| | | | to the list by William Emmanuel S. Yu <[email protected]>
* Fixes for base64 incremental decoding.lloyd2011-05-164-122/+54
| | | | | | Define the Base64_Decoder filter in terms of base64_decode Don't use locked memory in the hex or base64 filters.
* Always writing to/reading from the carry word makes valgrind unhappy.lloyd2011-05-161-1/+2
|
* Fixes for maintainer mode warningslloyd2011-05-162-5/+9
|
* The new method of doing comparisons did not work all of the time: iflloyd2011-05-132-1/+85
| | | | | | | | | | | the low bytes were equal, then the saturating subtraction result in that byte would be 0 with the high byte containing a non-zero value. To deal with this, shift and or together the two values into the low byte. Add some new tests which check out the SIMD implementation more carefully, including values that trigger the problem in the earlier version.
* Add specialization for i486 that uses -mtune=generic, as Debianlloyd2011-05-132-13/+12
| | | | | | | | | | | | invokes the build with --cpu=i486 on x86-32. Add -momit-leaf-frame-pointer to x86 specializations. Use -march=atom for atom32 as well. Use -mcpu=cell for Cell PPU - it's not documented, but GCC 4.6 has it. Remove ancient/untested rs64a support from ppc64
* Add (undocumented) option --no-optimizations which turns off alllloyd2011-05-131-9/+18
| | | | compiler optimizations in the build.
* I can't spelllloyd2011-05-134-9/+9
|
* Fix the problem that prevented the SSE2 IDEA implementation fromlloyd2011-05-123-6/+7
| | | | | | | | | | working correctly under Clang - the technique for emulating unsigned compare relied on signed overflow. The new method does not, and works under GCC, ICC, and Clang. Even better, the compare takes only 2 instructions instead of 4. Prevent using any of the asm implementations under Clang on x86-32. All of them crash under Clang 2.9, unclear why.
* Add base64_decode. Seems to work OK, though incremental decoding islloyd2011-05-125-10/+225
| | | | not well tested.
* Renaming the ppc target to ppc32 prevented -mcpu flags from being setlloyd2011-05-123-2/+8
| | | | | | | by GCC. Add Niagra targets for sparc, and extend/fix the Sun Studio flags for SPARC64.
* Add support for targetting the PowerPCSPE (an embedded PPC with anlloyd2011-05-123-5/+16
| | | | | experimental Debian port), and add aliases for ARM to match the Debian architectures.
* Modify soname to match Unix conventions at suggestion of Debianlloyd2011-05-128-23/+48
| | | | | | | | | | maintainer. Namespace the headers in /usr/local/include/botan-1.9/botan, so multiple versions can be installed in parallel. Down version to 1.9.18 since there are a good number of changes in this release already.
* Add back BigInt::to_u32bitlloyd2011-05-104-20/+55
| | | | | | | Fix BigInt::get_substring when length is equal to 32 - an overflow would cause the mask to be equal to 0 thus producing nothing at all. Disable CVC by default, it's not ready for prime time in any sense.
* Make different targets for 32 and 64 bit Atom processors, since mostlloyd2011-05-095-6/+14
| | | | consumer/desktop level Atoms are actually 32 bit.
* dword was set to a size_t if we were using a 16 bit limb. Caused by anlloyd2011-05-091-1/+1
| | | | overzealous perl script...
* Disable CMS by default, since it's pretty untested and likely unusablelloyd2011-05-064-4/+72
| | | | | | | | currently. Include the source directory name in object file names. Add some more DES test vectors.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-21 07:37:56 +0000