| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
finalized.
Move header to passhash9.h and rename the functions to be passhash9
specific ({generator,check}_passhash9)
Add an algorithm identifer field. Currently only id 0 is defined, for
HMAC(SHA-1), but this opens up for using HMAC(SHA-512) or HMAC(SHA-3)
or CMAC(Blowfish) or whatever in the future if necessary. Increase the
salt size to 96 bits and the PRF output size to 192 bits.
Document in api.tex
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
extant for a long long time and was never caught because until
recently the code did not depend on M.size(). However with the recent
loadstore changes that use memcpy to load the entire array in one
shot, an extra 128 bytes of memory would be read (but not used) in
each iteration.
This probably did not cause any problems except for Valgrind warnings,
though in some situations it would be possible for the M buffer and
MDx_HashFunctions buffer to be close enough that memcpy would be called
with overlapping regions, which could cause arbitrarily weird failures
since memcpy is allowed to assume they do not overlap.
|
| |
|
|
|
|
|
|
| |
the passhash example to the library. Support variable work factors;
default work factor of 10 takes about half a second to do one password
on my Core2. Switch to using SHA-512 instead of SHA-1 in PBKDF2. To keep
the output evenly sized for base64 purposes, reduce PBKDF2 output size by
one byte (to 112 bits).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
reinitialized. It would cache an Allocator pointer on first use,
and then never zero it, so after the reinit the pointer would be going
to a now deallocated Allocator object.
Encountered in the SoftHSM test suite, reported by Ondrej Sury.
Use a simple reference counting scheme to zero the pointer, and reset
the GNU MP memory functions. This also fixes a quite obscure and never
reported bug, that if the GMP engine was used, and if the library was
deinitialized but then the program tried to use GNU MP, the allocator
functions would crash. Now after deinit the allocator funcs revert to the
defaults.
The reference count is not updated atomically so this is not thread safe,
but seems a non-issue; the only time this could happen (especially now that
the GMP engine header is internal-only) is if multiple threads were attempting
to initialize / shutdown the library at once - which won't work anyway for
a variety of reasons, including contention on the (unlocked) global_lib_state
pointer.
If at some point thread safety is useful here, the refcnt can be locked by
a mutex, or kept in an atomic<unsigned int>.
|
| |
|
|
| |
Twofish in XTS mode for encryption by default, but is easily tweakable.
|
| |
|
|
| |
and 1.6x faster using SIMD_Scalar.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
faster than the scalar version on a Core2.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes for the amalgamation generator for internal headers.
Remove BOTAN_DLL exporting macros from all internal-only headers;
the classes/functions there don't need to be exported, and
avoiding the PIC/GOT indirection can be a big win.
Add missing BOTAN_DLLs where necessary, mostly gfpmath and cvc
For GCC, use -fvisibility=hidden and set BOTAN_DLL to the
visibility __attribute__ to export those classes/functions.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Currently requires SSE4.1 for _mm_extract_epi32 for the key schedule, it
would be nice to remove this dependency, though all currently known/scheduled
chips with AES-NI (Intel Westmere and Sandy Bridge, and AMD Bulldozer) are
supposed to include SSE 4.1 so this is not a huge problem.
|
| |
|
|
|
|
|
|
|
| |
tests under Intel's emulator.
Document and enable in the engine.
Merge both versions to aes_intel.cpp - some shared code and much similiar
structure which might be sharable via macros.
|
| |
|
|
| |
testing with Intel's emulator shows all green.
|
| |
|
|
|
|
|
| |
the user to specify the hash function to use, instead of always using SHA-1.
This was a sensible default a few years ago, when there wasn't a ~2^60 attack
on SHA-1 and support for SHA-2 was pretty much nil, but using something else
makes a lot more sense these days.
|
| |
|
|
|
| |
Rename BOTAN_UNALIGNED_LOADSTOR_OK to BOTAN_UNALIGNED_MEMORY_ACCESS_OK
which is somewhat more clear as to the point.
|
| |\
| |
| |
| |
| |
| | |
a101c8c86b755a666c72baf03154230e09e0667e)
to branch 'net.randombit.botan' (head 948905e3872b6f5904686533c6aa87d38ff90a71)
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
Document SHA optimizations, AltiVec runtime checking, fixes for cpuid
for both icc and msvc.
|
| |\ \
| | |
| | |
| | |
| | |
| | | |
8fb69dd1c599ada1008c4cab2a6d502cbcc468e0)
to branch 'net.randombit.botan.general-simd' (head c05c9a6d398659891fb8cca170ed514ea7e6476d)
|
| | | | |
|
| |\| |
| |/
|/|
| |
| |
| | |
3158f8272a3582dd44dfb771665eb71f7d005339)
to branch 'net.randombit.botan' (head bf629b13dd132b263e76a72b7eca0f7e4ab19aac)
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |\
| | |
| | |
| | | |
and 'bb55abb64b64ca63aeb361db40c6bc4692d4ce48'
|
| | | |
| | |
| | |
| | | |
existing on the current CPU before returning an object.
|
| | |/
| |
| |
| | |
version.
|
