| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Stores ciphersuites in a sorted std::vector, then lookups are done
by binary search instead of a switch lookup.
The loop that explicitly gathered all the ciphersuites out of the switch
statement can then be removed, as can Ciphersuite::all_known_ciphersuite_ids
which only existed to make the scan loop faster by avoiding having to
call by_id on the entire 0x0000-0xFFFF range.
Precomputes the result of Ciphersuite::valid at construction time.
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove loop variable R, instead derive from macro param constant
Support 2 block parallel decrypt, improves raw perf from 456 MB/s to
710 MB/s for decrypt.
Switch to alternate key schedule for encrypt.
Uses 3 ymm registers instead of 9 at the cost of more computation.
Not much faster on Skylake, unclear if this is worthwhile.
|
| | |
|
| | |
|
| | |
|
|/
|
|
|
|
|
| |
These headers are copied/linked into build_dir/include/external
This has the advantage that external includes can be taken as they are, they haven't to be modified.
Fixes amalgamation build with enabled pkcs#11 module
|
| |
|
|\ |
|
| |\ |
|
| |\ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Parameters available here: https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000024668816
- DER format according to the ANS1 syntax defined in ANSI X9.62 standard
available here: http://www.ssi.gouv.fr/agence/publication/publication-dun-parametrage-de-courbe-elliptique-visant-des-applications-de-passeport-electronique-et-de-ladministration-electronique-francaise/
|
|\ \ \ \ |
|
| | |/ /
| |/| | |
|
|\ \ \ \
| |_|_|/
|/| | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Otherwise symlinked files are ignored.
GH #565
|
| |/ /
|/| |
| | |
| | |
| | | |
Otherwise we run into problems on 64-bit CPUs with 32-bit userland.
GH #563
|
|\ \ \
| | | |
| | | |
| | | | |
due to setting m_x earlier
|
| |/ /
| | |
| | |
| | | |
generation
|
|\ \ \ |
|
| | |/
| |/| |
|
|\ \ \
| |_|/
|/| | |
|
| |/
| |
| |
| |
| |
| | |
- add test for EME::maximum_input_size()
- additionally use maximum_input_size() before pad() in OAEP and PKCS1 (remove code duplication)
- prevent C4800 MSVC warning
|
|/ |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
Avoids some cut and paste, also removes the need for special logic in
configure.py for handling mp module specially.
Merge SIMD classes into a single type SIMD_4x32
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| | |
configure.py expects all header guards to match a specific form,
for finding them when generating the amalgamation file.
|
| |
| |
| |
| |
| |
| |
| |
| | |
For those that are willing to trust uninspectible hardware. :)
Changes RDRAND entropy source to call RDRAND_RNG
Add --rdrand flag to rng cmdlet
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- add one test with SHA-256,SHA-512
- test Parallel::clone()
- test Parallel ctor
- fix memory leak in Parallel::clone():
Currently Parallel::clone() calls hash->clone() (first heap allocation) and after this clone() calls
Parallel(const std::vector<HashFunction*>& in) which does another heap allocation. So its sufficient to pass the hash pointer to
the Parallel ctor instead of a clone
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| | |
Fix for SipHash::clear() which does not clear the complete state.
Test additions:
- add a test for MessageAuthenticationCode::verify_mac()
- test MessageAuthenticationCode::clear()
|
|/
|
|
|
|
|
|
|
|
| |
It provided a default implementation that only checked
that the length was correct, but ignored the actual data
and did not notify the caller, which seemed like a
rather odd behaviour.
The only implementation that used this default implementation,
RC4, now throws an exception.
|
|\ |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
Fix BeOS stat reader - was calling wrong function on the rng.
Remove entropy estimate defines from build.h, no longer used.
|
|\ \
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adds Stateful_RNG base class which handles reseeding after some
amount of output (configurable at instantiation time, defaults to
the build.h value) as well as detecting forks (just using pid
comparisons, so still vulnerable to pid wraparound). Implemented
by HMAC_RNG and HMAC_DRBG. I did not update X9.31 since its
underlying RNG should already be fork safe and handle reseeding
at the appropriate time, since a new block is taken from the
underlying RNG (for the datetime vector) for each block of
output.
Adds RNG::randomize_with_input which for most PRNGs is just a
call to add_entropy followed by randomize. However for HMAC_DRBG
it is used for additional input. Adds tests for HMAC_DRBG with AD
from the CAVS file.
RNG::add_entropy is implemented by System_RNG now, as both
CryptGenRandom and /dev/urandom support receiving application
provided data.
The AutoSeeded_RNG underlying type is currently selectable in
build.h and defaults to HMAC_DRBG(SHA-256). AutoSeeded_RNG
provides additional input with each output request, consisting of
the current pid, a counter, and timestamp (unless the application
explicitly calls randomize_with_input, in which case we just take
what they provided). This is the same hedge used in HMAC_RNGs
output PRF.
AutoSeeded_RNG is part of the base library now and cannot be
compiled out.
Removes Entropy_Accumulator type (which just served to bridge
between the RNG and the entropy source), instead the
Entropy_Source is passed a reference to the RNG being reseeded,
and it can call add_entropy on whatever it can come up with.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use consistent naming for the max output before reseed
parameter. The constant (default) value is renamed to
BOTAN_RNG_DEFAULT_MAX_OUTPUT_BEFORE_RESEED, since without
the DEFAULT_ it reads like a compile time maximum instead.
Use uint8_t instead of byte.
|
| | |
|
| |
| |
| |
| |
| | |
Remove Entropy_Accumulator, instead have entropy sources directly
add entropy to the RNG.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Handles fork checking for HMAC_RNG and HMAC_DRBG
AutoSeeded_RNG change - switch to HMAC_DRBG as default.
Start removing the io buffer from entropy poller.
Update default RNG poll bits to 256.
Fix McEliece test, was using wrong RNG API.
Update docs.
|