aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Change BlockCipher::parallelism() to return the native parallelism oflloyd2010-05-2511-27/+31
| | | | | | | | | | | | | | | | | | | | the implementation rather than the preferred one. Update all implementations. Add a new function parallel_bytes() which returns parallelism() * BLOCK_SIZE * BUILD_TIME_CONSTANT This is because i noticed all current calls of parallelism() just multiplied the result by the block size already, so this simplified that code. The build time constant is set to 4, which was the previous default return value of parallelism(). However the SIMD versions returned 2*native paralellism rather than 4*, so this increases the buffer sizes used for those algorithms. The constant multiple lives in buildh.in and build.h, and is named BOTAN_BLOCK_CIPHER_PAR_MULT.
* Add a couple of small patches from Thomas Capricelli <[email protected]>lloyd2010-05-213-14/+27
| | | | that enable botan to be built under the clang C++ compiler.
* Use -dumpversion instead of -v for detecting the GCC version. Thislloyd2010-05-201-7/+8
| | | | | | | | | | | | work at least as far back as 3.2.3. And GCC's manual for -dumpversion says "Print the compiler version (for example, `3.0')", which suggests it works at least that far back, which is good enough (almost certainly GCC 2.95 can't compile botan, in any case). Also print the detected version. Make an error (being unable to executed GCC) a warning instead of a info message.
* Replace print to stderr with logging.error call on unhandled exception.lloyd2010-05-201-1/+1
| | | | This should work with both Python 2 and Python 3.
* merge of '540ae85af1cc9245c325ef716fcc5c5b334251d0'lloyd2010-05-1922-84/+60
|\ | | | | | | and 'ce3d40d9f2e90346189ca6dfed2a1f38804d5c10'
| * Note other changeslloyd2010-05-191-0/+3
| |
| * Add a build.h macro BOTAN_GCC_VERSION which is set to major*100+minor*10+patchlloyd2010-05-132-2/+10
| | | | | | | | | | | | | | | | if we are compiling under GCC, or 0 otherwise. Use it in cpuid.cpp for use of GCC's cpuid.h header file. If we don't have a method of calling cpuid, print a warning.
| * Remove the old (unused) <supports_shared> config block. It specifiedlloyd2010-05-1318-70/+19
| | | | | | | | | | | | | | which architectures the OS supported shared libs on; in all cases it was either all or none. Replace with new config build_shared [yes|no], which defaults to yes but is set to no for MinGW and Cygwin since shared libs don't seem to be working well there.
| * Partially protect OAEP decoding against a timing attack. Possibilitylloyd2010-05-121-12/+28
| | | | | | | | | | | | | | | | of this pointed out by Falko Strenzke. The timing differences between different error conditions could lead to attacks even with the same error message. Instead use a (mostly) straightline implementation. However scanning for the delim byte is still timing/input dependenant, so this is not a 100% fix.
* | On Windows, configure would default to VC++ pretty much blindly. Addlloyd2010-05-111-1/+25
| | | | | | | | | | | | | | a patch from Zbigniew Zagorski ([email protected]) that checks for cl.exe or g++.exe in the path; if cl.exe is found, use that, otherwise if g++.exe is found, use that, otherwise default to VC++ (previous behavior).
* | Use memcpy to copy gethostbyname's result to the socket info structlloyd2010-05-101-0/+5
| | | | | | | | | | instead of doing cast+assign - GCC on SPARC rejects because the required alignment increases.
* | Another XTEA vectorlloyd2010-05-101-0/+1
|/
* merge of '22c256e152c9765e98afa4d164af3f6783e96257'lloyd2010-05-101-4/+11
|\ | | | | | | and '561b7dbb17d3809ca98a31b718ee55ae9d52cb2c'
| * Prevent crash if asked to benchmark unknown block cipher with a modelloyd2010-05-051-4/+11
| | | | | | | | (eg "NoSuchCipher/CBC")
* | Avoid trying to use GCC's cpuid.h in versions where it doesn't existlloyd2010-05-061-1/+3
|/ | | | | (before 4.3). Probably will need to write asm blocks for those older versions.
* Modify the implementation of multiplication mod 65537 used in IDEA tolloyd2010-04-303-10/+534
| | | | | | | | | | be branch-free. This reduces performance noticably on my Core2 (from 32 MiB/s to a bit over 27 MiB), but so it goes. The IDEA implementation using SSE2 is already branch-free here, and runs at about 135 MiB/s on my machine. Also add more IDEA tests, generated by OpenSSL
* Tick to 1.9.8-devlloyd2010-04-283-4/+6
|
* Update log, readme, configure for 1.9.7 release1.9.7lloyd2010-04-273-3/+3
|
* HMAC_RNG handling changes - split up reseed() and add_entropy()lloyd2010-04-272-35/+31
| | | | | | | | entirely. add_entropy() just adds the input into the extractor; if more than 1024 bytes of input have been added by the user since the last reseed, then force a reseed. Until that point, the data simply remains accumulating in the extractor, which is fast and helps ensure a large block of data is input when we finally do reseed.
* Remove add_entropy_vec. Much cleaner way of doing this: add the entirelloyd2010-04-273-7/+4
| | | | contents of all SSL/TLS handshake messages into the PRNG input.
* mutex.h is internal - had been picking up system installed versionlloyd2010-04-231-1/+1
|
* Add the other parties Random value to the local PRNG statelloyd2010-04-232-0/+4
|
* Return SecureVector vals by const reflloyd2010-04-231-4/+4
|
* Add add_entropy_vec which calls add_entropy on the passed vector. Haslloyd2010-04-231-0/+3
| | | | | to be named differently from add_entropy to deal with odd C++ overloading/virtual rules.
* Add a couple of Comb4P tests, generated by the python implementationlloyd2010-04-231-0/+9
|
* Check to make sure the user didn't provide two of the same has forlloyd2010-04-231-0/+3
| | | | | | Comb4P. If you do this, the first N bytes are all zero, which could expose some problems, especially if the caller truncates or is relying on Comb4P acting like a random function.
* Remove some C-style castslloyd2010-04-234-6/+6
|
* Comb4P: hashes must be the same lengthlloyd2010-04-221-2/+0
|
* Fix EMSA_Raw in the case where the original input had leading 0 bytes.lloyd2010-04-212-1/+20
|
* Add a test for RSA verification with raw padding and an unusual keylloyd2010-04-211-0/+33
|
* Extension codes for ECC negotiationlloyd2010-04-211-0/+3
|
* If we couldn't agree on a suite, fail immediatelylloyd2010-04-201-0/+5
|
* Expose public_value() in ECDH public keylloyd2010-04-201-3/+10
|
* Compile fixlloyd2010-04-201-1/+1
|
* Expose function breaking down ciphersuite to algo valueslloyd2010-04-192-3/+5
|
* In the string constructor of EC_Domain_Params, check if the PEM decodinglloyd2010-04-192-6/+16
| | | | failed. If so, assume the input string was an OID and try that.
* Dist script updateslloyd2010-04-191-4/+8
|
* Cleanups. Name our cert for localhost. Used AutoSeeded_RNG.lloyd2010-04-191-12/+16
| | | | Report SNI request, if any.
* Just report total size output at the endlloyd2010-04-191-1/+7
|
* Add codes for SHA-1 based ECC suites (RFC 4492).lloyd2010-04-192-25/+81
|
* Add support for SEED ciphersuites. Tested against OpenSSL 0.9.8nlloyd2010-04-174-0/+25
|
* Add support for reading SSLv2 client helloslloyd2010-04-176-8/+87
|
* Clean up ciphersuite handlinglloyd2010-04-177-91/+273
|
* Add support for TLS 1.2 PRFlloyd2010-04-172-22/+63
|
* Add Comb4P hash combiner, as described in Anja Lehmann's thesis.lloyd2010-04-175-0/+168
|
* Tick version to 1.9.7-devlloyd2010-04-163-4/+6
|
* Tick for 1.9.6 release1.9.6lloyd2010-04-093-3/+4
|
* If the CBC padding is incorrect, then assume the pad size is zero andlloyd2010-04-091-4/+10
| | | | | | | | carry on with the procedure. This prevents a timing attack where an attacker could distinguish bad padding vs MAC failure. This timing channel used in the paper "Password Interception in a SSL/TLS Channel" by Vaudenay et. al. to attack SSL in certain fairly realistic use scenarios.
* Retrodocument some 1.9.5 changes. Document other TLS fixes in 1.9.6lloyd2010-04-071-2/+7
|
* Present requested hostname (SNI extn) to TLS_Server userlloyd2010-03-302-0/+6
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 21:12:20 +0000