| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
extant for a long long time and was never caught because until
recently the code did not depend on M.size(). However with the recent
loadstore changes that use memcpy to load the entire array in one
shot, an extra 128 bytes of memory would be read (but not used) in
each iteration.
This probably did not cause any problems except for Valgrind warnings,
though in some situations it would be possible for the M buffer and
MDx_HashFunctions buffer to be close enough that memcpy would be called
with overlapping regions, which could cause arbitrarily weird failures
since memcpy is allowed to assume they do not overlap.
|
|
|
|
| |
including loadstor.h actually just needed get_byte and nothing else.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
password hashing schemes.
Increase salt size to 80 bits.
Research shows that virtually no other PBKDF2 implementations support
anything but SHA-1; for ease of implementation elsehwere switch back
from SHA-512 to SHA-1. Should be mostly harmless; it limits total
entropy of the password to a maximum of 160 bits, but this is unlikely
anyway.
Use two bytes to specify the work factor for future-proofing.
Add a test.
|
|
|
|
|
|
|
|
| |
the passhash example to the library. Support variable work factors;
default work factor of 10 takes about half a second to do one password
on my Core2. Switch to using SHA-512 instead of SHA-1 in PBKDF2. To keep
the output evenly sized for base64 purposes, reduce PBKDF2 output size by
one byte (to 112 bits).
|
| |
|
|
|
|
|
| |
include for the exception types in pbkdf1 since previously it inherited
that from the rng.h include.
|
|
|
|
|
|
|
|
|
|
|
| |
and iteration count, force it to be passed to each call to derive_key.
So remove current_salt, set_iterations, new_random_salt, and change_salt
functions from S2K interface.
Update examples and test application to match.
While I was in there, change the passhash example to use 64 bit salts
and 128 bit PBKDF2 outputs.
|
| |
|
|
|
|
|
| |
Crypto++ 5.6.0. Includes several largeish (64 and 128 block) tests, as
further tests for a future bitslice implementation.
|
|
|
|
|
|
|
|
|
|
| |
or 128-bit cipher, but so far only 128-bit ciphers had been tested. I could
not find another implementation of XTS supporting 3DES so these may be wrong,
but at least this ensures they will be consistently wrong.
Mostly in the smaller range (9 to 128 bytes) plus a few with large inputs
(64 blocks) because if a bitslice DES implementation is ever added a test
that actually does 64 blocks in parallel will be needed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cause bad results if the input was not an even multiple of the block
size.
No released version was broken because the changes which caused the
problem were related to using Buffered_Filter, which was introduced
after 1.9.3 was released.
Add more XTS test vectors using AES, Serpent, and Twofish. The AES
tests come from Brian Gladman's XTS implementation. The Serpent and
Twofish tests were generated by botan.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
reinitialized. It would cache an Allocator pointer on first use,
and then never zero it, so after the reinit the pointer would be going
to a now deallocated Allocator object.
Encountered in the SoftHSM test suite, reported by Ondrej Sury.
Use a simple reference counting scheme to zero the pointer, and reset
the GNU MP memory functions. This also fixes a quite obscure and never
reported bug, that if the GMP engine was used, and if the library was
deinitialized but then the program tried to use GNU MP, the allocator
functions would crash. Now after deinit the allocator funcs revert to the
defaults.
The reference count is not updated atomically so this is not thread safe,
but seems a non-issue; the only time this could happen (especially now that
the GMP engine header is internal-only) is if multiple threads were attempting
to initialize / shutdown the library at once - which won't work anyway for
a variety of reasons, including contention on the (unlocked) global_lib_state
pointer.
If at some point thread safety is useful here, the refcnt can be locked by
a mutex, or kept in an atomic<unsigned int>.
|
|
|
|
| |
Twofish in XTS mode for encryption by default, but is easily tweakable.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
and 1.6x faster using SIMD_Scalar.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
hierarchy.
|
|\
| |
| |
| | |
and 'e30a741f6014987e9683842ede22c44b2db03c56'
|
| |
| |
| |
| |
| |
| |
| | |
Invalid_Argument just a typedef for std::invalid_argument. Make
Botan::Exception a typedef for std::runtime_error. Make Memory_Exhaustion
a public exception, and use it in other places where memory allocations
can fail.
|
| | |
|
| |
| |
| |
| | |
of AES-NI instructions, etc, in the PRNGs.
|
| | |
|
| | |
|
|/ |
|
|
|
|
|
|
| |
and don't even have access to a VIA with AES so could not test it anyway.
If someone else wants to do it, then the implementation for AES-NI should
provide a good template.
|
| |
|
|\
| |
| |
| | |
and 'aafa02a299b61c7762ae71dfc429396aa6bd25b3'
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|\|
| |
| |
| | |
and 'c6c0f6c14a5e0163127ceb1c299297450a50b06f'
|
| | |
|
| | |
|
|/
|
|
|
|
| |
application code that wants to use loadstor.h, since that loads bswap.h
and if SSSE3 isn't enabled via -march GCC will error out. Doesn't seem to
be at all faster than the shuffle-based bswap for SSE2 on a Core2 in any case.
|
|
|
|
| |
other examples
|
|
|
|
| |
encoding/decoding, bzip2 and zlib compression/decompression, and hashing.
|