| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
block of data in the X9.31 PRNG (previously, adding entropy would cause
a new block to be computed but the read pointer would be the same as it
had been in the old block). Nominally this is very slightly faster (we
don't throw away bytes we just computed) but the change is more to make
the code more obvious/explicit; I was surprised by its old behavior, which
seems bad.
In theory it could introduce additional weaknesses, if gaining advantage
to this partial block that was being thrown away assisted in an attack
(I do not know of any attacks against the X9.31 PRNG that work that way,
however).
|
|\
| |
| |
| | |
and 'ed4893ff06b11d74a03afdd3d4a99672045ab68e'
|
| | |
|
|/
|
|
|
| |
sources, etc), but drivers for x86-64/2.6 are not in evidence these days. To test
this I would probably have to get a 32-bit machine running ~RH9/2.4 kernel...
|
|\
| |
| |
| | |
and 'fcc3affb2faabb6cf819877452cfc88201d4e1a0'
|
| | |
|
| | |
|
| | |
|
| | |
|
|/
|
|
| |
to grep through.
|
| |
|
|
|
|
|
|
|
| |
compilers. Currently all are empty except MSVC.
This is getting messy... but libtool is not great either. Maybe there
should be two totally distinct builds, static and shared?
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
currently existing variables and the first 60 characters of their
values.
Simplify match_any_of - it just uses it's first two arguments and then
matches against the rest, rather than forcing them to be joined into a
single string (that it would just split and iterate over anyway).
Add support for two new compiler config vars, dll_import_flags and
dll_export_flags
When autoconfig prints that it has guessed something, provide the name
of the variable that can be used to override it.
|
|
|
|
|
| |
good if configure.pl put some more useful information in build.h, such as
the time it was run and the arguments it was given.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This was done by replacing Pipe::message_id with a completely opaque
type and adding only the necessary operations. In this revision
Pipe::message_id does remain a u32bit. However it may become an
opaque type in the future.
Move the Invalid_Message_Number exception to Pipe since that is the only
piece of code which throws it.
|
| |
|
|
|
|
| |
an exception saying so.
|
|
|
|
| |
operations (to prevent timing attacks) a compile time constant.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to_u32but on the return value from Config::option was that it passed
it through parse_expr, which did some simple evaluation tricks so you
could say 64*1024. That does not seem worth the cost in code, especially
because most of the values so controlled are probably never changed.
By making them compile time constants, additional optimizations are
possible in the source as well as by the compiler.
Remove the pkcs8_tries config option. Hardcode that value to 3 instead.
I want to rewrite that code in the relatively near future and all that will
(hopefully) go away.
|
|
|
|
| |
new build.h macro BOTAN_MEM_POOL_CHUNK_SIZE
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
with FIPS-140 aside from being a startup self test.
Remove the test of X9.19 MAC at startup because it's not that important, and
loading it in the startup means a prototypical object will be created and
exist in memory for the entire process runtime. This actually raises an
interesting idea, that periodically the cache of objects could be cleared
and, if one is needed again, it can be created again as if it was the first
time.
|
| |
|
|
|
|
| |
instead passing those values as arguments.
|
|
|
|
|
| |
source will default to using the PROV_RSA_FULL provider if an empty string
is passed to the constructor.
|
|
|
|
| |
functions in pem.h. All have defaults with reasonable values.
|
|
|
|
|
|
|
|
| |
the configuration value default_expire
Remove signing_offset as well - it is only used for setting the
default time of a X509_Cert_Options: not worth the cost of a global
variable.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- The allow_ca policy value is no longer checked. Callers should check
if the request is for a CA cert and treat it accordingly; this makes
it simpler to to case-by-case decisions (expecially among multiple
threads)
- Instead of a single time value, a u32bit representing the number of
seconds from now the certificate should expire, the start and end times
are passed explicitly as two X509_Time values.
|
|
|
|
|
|
| |
failures.
Seemingly from a bad merge around Christmas?
|
| |
|
|
|
|
|
|
| |
the actual copyright holders. For rationale, see my post to botan-devel
on April 9, subject 'Changing license to directly reflect contributors'
(http://www.randombit.net/pipermail/botan-devel/2008-April/000527.html)
|
|
|
|
| |
terms of Extensions::operator=
|
|
|
|
| |
to access it.
|
|
|
|
|
| |
static function of the Timer base class - since that is the only code which
actually needs to access it.
|
|
|
|
|
| |
whatever the current user/group is. If you wish to override, edit the
makefile or override the INSTALL_CMD_* variables on the command line.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
instead allocate a reference to a mutex locally and use the more typical
Mutex_Holder RAII object.
Named_Mutex_Holder (and in particular the string->mutex mappings contained
in the global state) have been found to be pretty expensive in at least
some situations (see post by Jack Cummings to monotone-devel 2008-03-12),
and doesn't really buy us that much in terms of ease of use. Also, it
relies on the global state object, which has shown itself to be a rich
source of race conditions and locking bugs. The intent is to incrementally
remove all of the shared / global state and require applications to maintain
that state where necessary.
|
| |
|
| |
|