| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
| |
Has the same effect as using ctgrind, but without requiring a
custom-compiled valgrind binary.
Add ct checking annotations to the SSSE3 AES code.
|
| |
|
|
|
|
| |
GH #370 for background
|
| |
|
|
|
|
|
|
|
|
| |
Provide abstractions for the locking allocator (allocate and free
locked pages) to decouple it from the platform dependent code. Should
make it easy to write a Windows version using VirtualAlloc+VirtualLock.
Exposes max mlock limit as a build.h toggle
|
|
|
|
|
|
|
|
| |
Take the value from build.h if we have no way of getting it dynamically.
Fixes an infinite loop in AES on non-x86 introduced in ebf2164a,
as otherwise it does for(size_t i = 0; i != ...; i += 0) {}
while iterating over the TE tables.
|
|
|
|
| |
Defaults should be fine for everyone but it makes the values more transparent
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provides an easier way for an application to configure a list of
entropy sources they'd like to use, or add a custom entropy source to
their seeding.
Exposes some toggles for the global/default entropy sources to build.h
Adds basic entropy tests which runs the polls and does sanity checking
on the results, including compression tests if available. These are
less useful for the CSPRNG outputs but a good check for the ones
producing plain ASCII like the /proc reader.
|
|
|
|
|
|
| |
sanitizers and coverage as all 4 are usefully set independently.
Use GCC 4.9 on CircleCI as it seems to be supported. Add ASan + UBSan test.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously a build had optimizations disabled completely when debug info was
emitted. But there are many reasons to use optimized builds with debug symbols
(running under valgrind, against afl, with Asan/Ubsan, in prod, etc).
And personally I find even debugging at -O2 or -O3 is fine most of the time and
worth it for the speed. Use the (now documented!) --no-optimizations flag if no
optimization is desired while debugging.
This also removes the distinction between library and application compile flags;
there is a single optimization level that is probably good enough for everything.
On Win32 it removes definding _CONSOLE for the application. This seems to be
some mythical value that may have been required at some point, but is not
documented anywhere I can find. Who knows what VC thinks, hoping I don't have to
add this back. It also drops defining `EBUG` which is what happens when you
tell cl.exe to '/DEBUG'. LOL.
|
|
|
|
|
|
|
|
| |
via timing channels.
Add annotations for checking constant-time code using ctgrind to
PKCS #1 and OAEP, as well as IDEA and Curve25519 which were already
written as constant time code.
|
|
|
|
| |
deriving it by squaring the previous value.
|
|
|
|
| |
Some tweaks for point multiplication using fixed windows.
|
| |
|
|
|
|
| |
GH #103
|
| |
|
| |
|
|
|
|
| |
Based on github pull req 23 by Robert Daily.
|
| |
|
|
|
|
|
|
|
|
| |
problematic for requiring a special define before the first include of
string.h. Instead optionally call memset via a volatile function
pointer as a faster alternative to byte at a time writes.
Github 42, 45
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
compiler and target platform might support it. For instance the AES
SSSE3 code is now always in any x86 build, with just that specific
file being compiled with -mssse3. Since we'll only call that code if
cpuid confirms it works at runtime, we don't have portability issues,
and it can be safely included in generic builds (eg for distributions).
Tweak how machine specific compiler flags are generated to be a bit
easier to maintain.
|
|
|
|
|
| |
botan_version.py via the release script, and propagate it to
version.cpp via build.h
|
|
|
|
|
| |
Move Karatsuba cutoffs to mp_karat.cpp as that is the only place that
uses them and I doubt these get tweaked much (ever).
|
|
|
|
|
|
|
|
|
|
|
| |
pointer checks as a sufficiently smart compiler might optimize way
pointer comparisons otherwise. Avoid using an iterator value after we
have released it from the map.
Reduce the default buffer size to 1K to reduce pressure on mlock
memory.
Drop the old mlock wrapper code.
|
|
|
|
|
| |
Try to detect the mtn revision (by shelling out to mtn automate), and
including it in build.h as BOTAN_VERSION_VC_REVISION.
|
|
|
|
|
|
|
|
|
|
|
| |
and -fvisibility support if the version is too old. You can also turn
them off explicitly with the (hidden) option --without-visibility. We
get the version number from the binary specified with --cc-bin, if the
user set that, rather than from plain 'g++'.
Fix Solaris install - apparently 'install' cmd is broken/dumb.
Fix Ekopath flags for submodels.
|
|
|
|
|
|
| |
key. This slowed down loading private keys somewhat dramatically.
Most people don't care, but both groups using botan for DNSSEC has
performance problems due to it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in build.h named BOTAN_DISTRIBUTION_INFO. The default value is
'unspecified'. People packaging botan could set this to another
value, for instance 'Gentoo 1.9.13-r3' or 'Debian 1.9.13-1', or
'pristine' to indicate a completely unmodified/stock version. This
was suggested by Zooko for Crypto++ in
http://sourceforge.net/apps/trac/cryptopp/ticket/11
and seemed like an idea worth stealing.
Don't default the version datestmap to the current day if unset,
instead set to zero. This allows applications to detect
unreleased versions. Document that version_datestamp will return
zero for unreleased versions.
Change the version_string function to return more information about
the current version, including the release date and distribution
information. It will now return strings like:
Botan 1.9.13 (released 20110207, distribution Gentoo 1.9.13-r3)
or for an unreleased version:
Botan 1.9.13 (unreleased version, distribution unspecified)
|
| |
|
| |
|
|
|
|
|
| |
pretends to be GCC but doesn't understand the warning attribute), and
older GCC (which also has issues with it)
|
|
|
|
|
|
|
| |
the macro BOTAN_NO_DEPRECATED_WARNINGS
Remove the full modules list; not that useful/informative. Put the
remaining build information at the top of the file.
|
|
|
|
| |
deprecation warnings (at least for GCC and VC++). Use in some places.
|
| |
|
|
|
|
| |
getting runtime value.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the implementation rather than the preferred one. Update all
implementations.
Add a new function parallel_bytes() which returns
parallelism() * BLOCK_SIZE * BUILD_TIME_CONSTANT
This is because i noticed all current calls of parallelism() just
multiplied the result by the block size already, so this simplified
that code.
The build time constant is set to 4, which was the previous default
return value of parallelism(). However the SIMD versions returned
2*native paralellism rather than 4*, so this increases the buffer
sizes used for those algorithms.
The constant multiple lives in buildh.in and build.h, and is named
BOTAN_BLOCK_CIPHER_PAR_MULT.
|
|
|
|
|
|
|
|
| |
if we are compiling under GCC, or 0 otherwise.
Use it in cpuid.cpp for use of GCC's cpuid.h header file.
If we don't have a method of calling cpuid, print a warning.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are multiple unsatisfactory elements to the current solution,
as compared to how blinding was previously done:
Firstly, blinding is only used in the baseline implementations; the code
using OpenSSL and GMP is not protected by blinding at all.
Secondly, at the point we need to set up blinding, there is no access
to a PRNG. Currently I am going with a quite nasty solution, of using
a private key parameter to seed a simple PRNG constructed as:
SHA-512(TS1 || private_key_param || public_key_param || TS2)
I really want to fix both of these elements but I'm not sure how to do
so easily.
|
|
|
|
|
|
|
|
|
| |
depend on the particular implementation. Add a new virtual function to
BlockCipher named parallelism that returns the number of blocks the
cipher object could or might want to process in parallel. Currently
set to 1 by default but may make sense to increase this for even
scalar implementations since it seems like better caching behavior
makes it a win.
|
| |
|
|
|
|
|
|
|
|
|
| |
This is somewhat faster, especially with SIMD-ed ciphers. The ceiling on
performance looks to be CMAC, which is iterative and thus can't take advantage
of them.
Remove BOTAN_PARALLEL_BLOCKS_EAX, since it implicitly is whatever CTR is doing.
Bump CTR's default parallel blocks to 16.
|
| |
|
|
|
|
|
|
| |
But, disable warnings 4250 and 4251 in build.h with a pragma. Both seem
impossible to work around without very major code changes, and both seem
harmless AFAICT.
|
|
|
|
| |
be either fixed little or big endian. Unset if mixed endian or unknown.
|