| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
| |
exceptions thrown in end_msg (for instance in CBC decryption when the
padding is bad) more or less screwed up the pipe completely. Allowing
reset here at least allows an escape hatch.
|
| |
|
|
|
|
|
|
| |
-ivb_rdrnd_cpuid option to toggle the bit off and on. Fortunately on
Intel processors the bit we were actually checking is also enabled by
Ivy Bridge. However it is also used on AMD Bulldozer processors to
signal half-precision floating point support so we could false
positive there.
|
| |
|
|
|
|
|
| |
processors. Tested using SDE on Linux with GCC 4.6, Intel C++ 11.1,
and Clang 3.0, all using the inline asm variant. I do not know if
current Visual C++ has the intrinsics available or not, so it's only
marked as available for those compilers at the moment.
|
| |
|
|
|
|
|
| |
was broken, and after fixing that and trying to compile the module it
becamse clear that the Qt mutex did not work at all with recent Qt
versions. Taking this as a clear indicator that it is not being used,
remove it.
|
| | |
|
| | |
|
| |
|
|
|
| |
interface but it's a plausible start. Will probably have more insights
after adding TLS hooks.
|
| | |
|
| |
|
|
|
| |
--os=windows since likely they actually wanted either --os=cygwin
or --os=mingw
|
| |
|
|
| |
explicit cast.
|
| | |
|
| |
|
|
| |
clock types we know about that have macros defined for them.
|
| | |
|
| | |
|
| |
|
|
| |
header shows how to return it to 2.5 compatability.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Check the cache; if found, return value
- Populate cache, if the value is already there, delete the old
object and save the new one.
- Recheck the cache value
Raja <[email protected]> pointed out on the list that this could race
if multiple threads called a lookup function in close succession while
the cache was cold. All of them would fail the lookup, then each of
them would add it, but the values returned would be deleted by other
threads.
Instead, declare that first write wins. Then, the cache stays
consistent even if there is a race, the only issue is an extra search
and delete.
Modify GOST and Skein, as their name() function did not roundtrip
properly which caused failures otherwise.
|
| |
|
|
|
| |
Try to detect the mtn revision (by shelling out to mtn automate), and
including it in build.h as BOTAN_VERSION_VC_REVISION.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
bit window may well improve things further. Currently seeing 20-25%
improvement in ECDSA signature verification and 25 to 40% in
GOST-34.10 verifications.
|
| |
|
|
| |
source file.
|
| |
|
|
| |
already. Reported by Jeremy C. Reed <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In ECDSA, this cases should all be caught by the later check that R is
not zero, so I don't believe there is any security danger.
However the GOST 34.10 implementation did not have either check.
Fortunately, the function that extracts the affine X coordinate from
the Jacobian coordinates will throw an exception if the point is at
infinity, so we would not in fact accept invalid signatures, but this
is mostly by luck. And still represents a bit of a DoS potential.
I checked the history, it looks like not checking for zeros at the
start traces back to the original InSiTo code, and I copied the ECDSA
code for GOST without thinking about it too much.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
converting back and forth. This gives a 10 to 20% speedup on a Core
i7. In addition, the CurveGFp no longer contains a Barrett reducer,
saving 3 BigInts worth of memory.
Add a #if'ed out alternative to point multiplication using the
Montgomery ladder technique. It runs in (more or less) constant time,
but rather significantly slower than the 4 bit window technique
currently used.
Tweak the window sizes to match the theoretical optimums.
|
| |
|
|
|
|
|
|
|
|
| |
working correctly under Clang - the technique for emulating unsigned
compare relied on signed overflow. The new method does not, and works
under GCC, ICC, and Clang. Even better, the compare takes only 2
instructions instead of 4.
Prevent using any of the asm implementations under Clang on x86-32.
All of them crash under Clang 2.9, unclear why.
|
| |
|
|
| |
not well tested.
|
| |
|
|
|
|
|
|
|
|
| |
maintainer.
Namespace the headers in /usr/local/include/botan-1.9/botan, so
multiple versions can be installed in parallel.
Down version to 1.9.18 since there are a good number of changes in
this release already.
|
| |
|
|
|
|
|
| |
Fix BigInt::get_substring when length is equal to 32 - an overflow
would cause the mask to be equal to 0 thus producing nothing at all.
Disable CVC by default, it's not ready for prime time in any sense.
|
| |
|
|
| |
consumer/desktop level Atoms are actually 32 bit.
|
| |
|
|
|
|
|
|
| |
currently.
Include the source directory name in object file names.
Add some more DES test vectors.
|
| |
|
|
|
|
|
| |
conditionals to help avoid timing anylsis. Unfortunately GCC is too
smart for us and compiles it to jumps anyway; probably would need to
put the delim search into its own function and pass variables by
volatile pointers to force the compiler to do what we want.
|
| |
|
|
|
|
|
|
|
|
|
| |
and -fvisibility support if the version is too old. You can also turn
them off explicitly with the (hidden) option --without-visibility. We
get the version number from the binary specified with --cc-bin, if the
user set that, rather than from plain 'g++'.
Fix Solaris install - apparently 'install' cmd is broken/dumb.
Fix Ekopath flags for submodels.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
results are undefined. This happens to work under GCC and most other
compilers, but does not under Visual C++ 2010. This broke hex_encode
when encoding an empty input, and this subsequently broke SSL
handshaking.
2010 includes a TR1 that works fine for SSL, but it puts the headers
in the main header space rather than under tr1/, so account for that.
Hack the socket header into working under WinSock
Tick version to 1.10.0
|
| | |
|
| | |
|
| |
|
|
| |
support AES-NI.
|
| |
|
|
|
|
|
|
| |
Split log by release series instead of year.
Make dedicated landing page.
If SPHINX_OPTS is set, it will be passed to sphinx-build
|
| |
|
|
|
|
| |
Back the reported version from 1.10.0 to 1.9.17 for the time
being. Still on the fence if this will be 1.10.0 or another release
candidate instead.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
around a bug in FreeBSD 6.1, which is long EOL.
If we can't figure out the CPU in configure.py, if running
verbosely dump the entire list of CPUs we know about.
Some doc cleanups.
Rename the 'beos' target to 'haiku', since testing shows that
botan can't compile under the old BeOS GCC 2.95 anyway.
Remove the call to idle_time in the stats entropy source - it causes a
crash on Haiku R1-alpha2 somewhere inside a system DLL. I didn't
bother debugging it beyond looking at the backtrace.
Add a 'bepc' alias for i386 as that is what Haiku reports its
processor as.
Fix the install dirs to match Haiku R1, though apparently they will
change in R2 anyway when they add package management.
Enable use of gmtime_r on Haiku.
|
| |
|
|
|
|
|
| |
standardized by NIST; the FPE currently included is just a random one
that was relatively easy to implement. Move the header to fpe_fe1.h,
and rename the function. Update the example and add some documentation
for it.
|
| |
|
|
|
|
| |
in the 1.9.16 change notes.
Update the passhash9 ref to match reality.
|
