| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
reinitialized. It would cache an Allocator pointer on first use,
and then never zero it, so after the reinit the pointer would be going
to a now deallocated Allocator object.
Encountered in the SoftHSM test suite, reported by Ondrej Sury.
Use a simple reference counting scheme to zero the pointer, and reset
the GNU MP memory functions. This also fixes a quite obscure and never
reported bug, that if the GMP engine was used, and if the library was
deinitialized but then the program tried to use GNU MP, the allocator
functions would crash. Now after deinit the allocator funcs revert to the
defaults.
The reference count is not updated atomically so this is not thread safe,
but seems a non-issue; the only time this could happen (especially now that
the GMP engine header is internal-only) is if multiple threads were attempting
to initialize / shutdown the library at once - which won't work anyway for
a variety of reasons, including contention on the (unlocked) global_lib_state
pointer.
If at some point thread safety is useful here, the refcnt can be locked by
a mutex, or kept in an atomic<unsigned int>.
|
|
|
|
| |
and 1.6x faster using SIMD_Scalar.
|
| |
|
|
|
|
|
|
| |
and don't even have access to a VIA with AES so could not test it anyway.
If someone else wants to do it, then the implementation for AES-NI should
provide a good template.
|
| |
|
|
|
|
| |
faster than the scalar version on a Core2.
|
|
|
|
| |
Move most of the engine headers to internal
|
| |
|
|
|
|
| |
system before returning a new instance.
|
|
|
|
|
|
|
| |
Currently requires SSE4.1 for _mm_extract_epi32 for the key schedule, it
would be nice to remove this dependency, though all currently known/scheduled
chips with AES-NI (Intel Westmere and Sandy Bridge, and AMD Bulldozer) are
supposed to include SSE 4.1 so this is not a huge problem.
|
|
|
|
| |
which is currently just a stub returning false.
|
|
|
|
|
|
|
|
|
| |
tests under Intel's emulator.
Document and enable in the engine.
Merge both versions to aes_intel.cpp - some shared code and much similiar
structure which might be sharable via macros.
|
|
|
|
|
|
|
|
|
|
|
|
| |
on a particular ISA extension rather than a list of CPUs. Much
easier to edit and audit, too. Add markers on the AES-NI code and
SHA-1/SSE2. Serpent and XTEA don't need it because they are
generic and only depend on simd_32 which will silenty swap out a
scalar version if SSE2/AltiVec isn't enabled (since it turns out
on supersclar processors just doing 4 blocks in parallel can be a
win even in GPRs).
Add pentium3 to the list of CPUs with rdtsc, was missing. Odd!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From looking at how key gen works in particular, it seems easiest to provide
only AES-128, AES-192, and AES-256 and not a general AES class that can
accept any key length. This also has the bonus of allowing full loop unrolling
which may be a win (how much so will depend on the latency/throughput of
the AES instructions which is currently unknown).
No block interleaving, though of course it works very nicely here, simply
due to the desire to keep things simple until what is currently here can
actually be tested. (Intel has an emulator that is supposed to work but
just crashes on my machine...)
I'm not entirely sure if byte swapping is required. Intel has a white paper
out that suggests it isn't (and really it would have been stupid of them to
not build this into the aes instructions), but who knows. If it turns
out to be necessary there is a pretty fast bswap instruction for SSE anyway.
|
|
|
|
|
| |
providing it. Also stubs in the engine for VIA's AES instructions, but
needs CPUID checking also.
|
| |
|
|\
| |
| |
| |
| |
| | |
8fb69dd1c599ada1008c4cab2a6d502cbcc468e0)
to branch 'net.randombit.botan.general-simd' (head c05c9a6d398659891fb8cca170ed514ea7e6476d)
|
| |
| |
| |
| | |
and Altivec (though Altivec is seemingly slower ATM...)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
operations.
Also add a pure scalar code version.
Convert Serpent to use this new interface, and add an implementation of
XTEA in SIMD.
The wrappers plus the scalar version allow SIMD-ish code to work on all
platforms. This is often a win due to better ILP being visible to the
processor (as with the recent XTEA optimizations). Only real danger is
register starvation, mostly an issue on x86 these days. So it may (or may
not) be a win to consolidate the standard C++ versions and the SIMD versions
together.
Future work:
- Add AltiVec/VMX version
- Maybe also for ARM's NEON extension? Less pressing, I would think.
- Convert SHA-1 code to use SIMD_32
- Add XTEA SIMD decryption (currently only encrypt)
- Change SSE2 engine to SIMD_engine
- Modify configure.py to set BOTAN_TARGET_CPU_HAS_[SSE2|ALTIVEC|NEON|XXX] macros
|
|/
|
|
|
| |
Pretty much useless and unused, except for listing the module names in
build.h and the short versions totally suffice for that.
|
|
|
|
|
|
| |
just too fragile and not that useful. Something like Java's checked exceptions
might be nice, but simply killing the process entirely if an unexpected
exception is thrown is not exactly useful for something trying to be robust.
|
| |
|
|
|
|
|
|
| |
StreamCipher_Filter
to pass it directly to a Pipe now.
|
| |
|
|\
| |
| |
| | |
and 'bb55abb64b64ca63aeb361db40c6bc4692d4ce48'
|
| |
| |
| |
| | |
existing on the current CPU before returning an object.
|
|/ |
|
|
|
|
|
|
| |
Add support for SHA-2 and SEED.
Wrap block cipher usage in checks for OPENSSL_NO_XXX
|
| |
|
| |
|
|\
| |
| |
| |
| |
| | |
c2624292793f396cf940403e0d12073a9b2c7b17)
to branch 'net.randombit.botan' (head 07a71effa1ba495b6ea57b2490ad38bf58a23bd0)
|
| |
| |
| |
| | |
Wrap the EVP_ calls in OPENSSL_NO_XXX checks to handle this.
|
| |
| |
| |
| |
| | |
works on, have sse2_eng rely on a specific compiler/arch; each sse2 impl
depends on the engine anyway, so they will only be loaded if OK.
|
|/
|
|
|
|
| |
enc/dec functions it replaces, these are public interfaces.
Add the first bits of a SSE2 implementation of Serpent. Currently incomplete.
|
| |
|
|
|
|
|
|
| |
the info.txt files with the right module dependencies.
Apply it across the codebase.
|
|
|
|
|
|
|
|
|
|
|
|
| |
and all CPU-specific implementations now depend on the appropriate engine
module.
The most common problem before with this was that the SSE2 module was built,
but the sole SSE2 code (SHA-1) was not (for instance, on an i686). This would
cause a compile warning about the unused request object.
Preventing unused engines from being built will also (very slightly) speed
up the lookup process on most system.
|
|
|
|
| |
personalization option.
|
| |
|
|
|
|
|
|
| |
been removed when that portion of the code was split off. Remove the
duplicated code from engine.h and update some code in pubkey that still
relied on the declarations in engine.h instead of pk_engine.h
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
up during the Fedora submission review, that each source file include some
text about the license. One handy Perl script later and each file now has
the line
Distributed under the terms of the Botan license
after the copyright notices.
While I was in there modifying every file anyway, I also stripped out the
remainder of the block comments (lots of astericks before and after the
text); this is stylistic thing I picked up when I was first learning C++
but in retrospect it is not a good style as the structure makes it harder
to modify comments (with the result that comments become fewer, shorter and
are less likely to be updated, which are not good things).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GostR3411_94_TestParamSet, this is compatible with the implementations in
Crypto++ and OpenSSL. This is not backwards compatible, though once the
implementation supports multiple param sets (which is required, unfortunately,
for compatability with various standards by CryptoCom, who have defined not
one but at least 4 (!!!) different sboxes to use with GOST), I may offer
Botan's previous sbox set as an option.
Since adding the GOST hash function (34.11) and signing algorithm (34.10)
are on the long term agenda (request by Rickard Bondesson, as the Russian
authorities want to use their local standards for their DNSSEC use), I
renamed the block cipher class (which had been just 'GOST') to GOST_28147_89
to minimize future name clashes.
|
|
|
|
|
|
| |
Backtrace is deep inside EVP. Valgrind says it is writing after the end of
the allocated buffer. Other ciphers (all 64-bit blocks) are fine. I do not
know if the problem is 64/128 bit or some other reason.
|
|
|
|
| |
dependency on libstate.h
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
algo_factory and algorithm_factory. This is confusing
so for consistency/simplicity, remove algo_factory, making
algorithm_factory the function to call.
In 1.7.14, several functions in lookup.h, including
retrieve_block_cipher, retrieve_hash, etc were changed to accept
a Library_State& reference. However it turns out with the
modified design I've settled upon for 1.8 that it is not
necessary to change those interfaces; instead they always refer
to the global_state algorithm factory which is exactly the
semantics one would expect/desire 99% of the time (and is source
compatible with code written for 1.6, also a plus)
|
|
|
|
|
|
|
|
|
|
|
|
| |
was not the right place to keep track of this information. Also modify
all Algorithm_Factory constructor functions to take instead of a SCAN_Name
a pair of std::strings - the SCAN name and an optional provider name. If
a provider is specified, either that provider will be used or the request
will fail. Otherwise, the library will attempt best effort, based on
user-set algorithm implementation settings (combine with benchmark.h for
choosing the fastest implementation at runtime) or if not set, a static
ordering (preset in static_provider_weight in prov_weight.cpp, though it
would be nice to make this easier to toggle).
|