aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Use a true lexicographic ordering in MemoryRegion::operator<lloyd2010-09-091-8/+11
|
* Update the dynamic engine protocol. The initial version had an enginelloyd2010-09-081-30/+15
| | | | | | | | | | | | | destructor function which would delete the engine; this was to handle the case that the heaps were not shared between the application and the library. However in this case we have bigger problems, because we want to be able to pass std::strings into the engine, and additionally be able to return objects from the library which are later deleted by the algorithm factory. So without a major restructuring we can't support this style of operation anyway; the DLL and application must share the same heap. This can be done on Windows using the /MD linking scheme for both the library and the DLL. The library already uses this model by default on Windows.
* Dynamic loading confirmed to work on Windows (tested Windows 7 x64)lloyd2010-09-081-0/+1
|
* Under certain compilation modules, HMODULE isn't a void* but rather alloyd2010-09-081-2/+2
| | | | | | pointer to a nonce struct; presumably for slightly better typechecking. In case we're compiling under such a mode, case the first argument to FreeLibrary and GetProcAddress to a HMODULE.
* In the nmake clean target, delete additional stuff that VC++ drops intolloyd2010-09-081-0/+1
| | | | the directory when building a DLL
* Fix binary input in DataSource_Stream - the conditional was backwards.lloyd2010-09-082-11/+10
| | | | | Use a slightly cleaner invocation that doesn't require duplicating so much code between the binary and non-binary cases.
* Really fix RC4 suites - it was set to use a key of 128 bytes == 1024 bits!lloyd2010-09-081-1/+1
| | | | Tested against a GnuTLS server.
* Rename MemoryRegion::destroy to MemoryRegion::clear to match STLlloyd2010-09-0811-21/+20
|
* Fix RC4 suiteslloyd2010-09-081-1/+1
|
* Big, invasive but mostly automated change, with a further attempt atlloyd2010-09-0771-157/+165
| | | | | | | | | | | | | | harmonising MemoryRegion with std::vector: The MemoryRegion::clear() function would zeroise the buffer, but keep the memory allocated and the size unchanged. This is very different from STL's clear(), which is basically the equivalent to what is called destroy() in MemoryRegion. So to be able to replace MemoryRegion with a std::vector, we have to rename destroy() to clear() and we have to expose the current functionality of clear() in some other way, since vector doesn't support this operation. Do so by adding a global function named zeroise() which takes a MemoryRegion which is zeroed. Remove clear() to ensure all callers are updated.
* Realization while thinking about the recently added truncate: in a STLlloyd2010-09-076-51/+39
| | | | | | | | | | | | | | | | | | container like vector, truncate is simply resize, but what MemoryRegion called resize will zap the entire contents, and then what was resize was called grow_to. This is really problematic in terms of the goal of replacing MemoryRegion with a vector with a custom allocator. In this checkin: - Remove MemoryRegion::grow_to and MemoryRegion::truncate - Change the semantics of MemoryRegion::resize to change the size while keeping any current contents intact (up to the new size), zero initializing any new values. Unrelated, just noticed the lack while I was in there, add a version of CryptoBox::decrypt taking a std::string for the input.
* Avoid name clashing, Sun Studio doesn't like thislloyd2010-09-071-2/+3
|
* Disable a couple of very noisy warnings which don't provde a hugelloyd2010-09-071-1/+2
| | | | | amount of value. Add a note that -library=stlport4 may be needed on Linux (seems to depend on glibc version).
* Prevent loop variable shadowinglloyd2010-09-071-12/+12
|
* Remove trailing comma from enum decllloyd2010-09-071-1/+1
|
* Prevent shadowing of one loop param with anotherlloyd2010-09-071-1/+1
|
* Update CPU optimization flags for Sun Studio to the previous decade.lloyd2010-09-071-6/+10
| | | | | | | Also use -xO5 instead of -xO2; everything seems to work under -xO5 on x86-32 and x86-64 with my version of Sun Studio. Curiously, several things are miscompiled with -xO2! Definitely doesn't give me positive feelings about this optimizer.
* The SSSE3 intrinsics apparently work under Sun Studio as welllloyd2010-09-071-0/+1
|
* Cast the first argument to msync, munmap, mlock, and munlock to char*lloyd2010-09-072-4/+4
| | | | | to fix compilation on Solaris. Everybody else, including POSIX.1, uses void* here, but as usual Solaris likes to be special.
* Fix comparison functorlloyd2010-09-031-3/+3
|
* According to Thomas Maier-Komor in a post to botan-devel, the rightlloyd2010-09-031-0/+2
| | | | | way to create a static library using Sun Studio is to invoke the compiler with the -xar flag.
* Clean up the unix process running entropy source a little bit. Tweaklloyd2010-09-033-24/+35
| | | | | | priorities slightly, pushing netstat -s and netstat -an higher since they change freqently and don't have a huge amount of output. Use the -n flag with lsof, which inhibits name lookups which we don't need.
* Work around Sun Studio multimap insert buglloyd2010-09-031-0/+5
|
* The modern name for Sun Workshop Pro is Sun Studiolloyd2010-09-031-1/+1
|
* Uglify Data_Store::search_with a little to go through multimap_insertlloyd2010-09-031-1/+7
| | | | to avoid a Sun Studio bug.
* Remove calling getsid, it causes problems with too many differentlloyd2010-09-031-3/+1
| | | | | various compilers/platforms, and likely doesn't contribute much of anything. Also only grab real uid and gid, ignoring effective ids.
* Remove declaration of Hex_Encoder::encode, which was removed in an earlierlloyd2010-09-031-8/+4
| | | | checkin.
* Add dependencies for SSL modulelloyd2010-09-031-0/+20
|
* Remove filter/pipe dependency herelloyd2010-09-032-14/+6
|
* Update some callers that were using Hex_Encoder or Hex_Decoder butlloyd2010-09-034-35/+26
| | | | | | | | | | | | | | | | | | really didn't need to. The ones in symkey and big_code were actually calling accessor functions to do the encoding themselves without a Pipe (should have definitely recognized that as a code smell). These versions have changed semantically with this checkin - previously they would completely ignore bad inputs, but now invalid inputs are rejected. For instance, you cannot say SymmetricKey key("Only some of this is hex, most of it isn't"); And expect to get a valid key formed by filtering out the non-hex characters and then decoding it. This is almost certainly a good thing. Also fix include in Botan.xs
* Add a simple function to MemoryRegion to truncate to a specified size.lloyd2010-09-031-0/+10
| | | | Required by the hex decoder.
* Add a standalone version of hex encoding and decoding, defining the filterslloyd2010-09-038-137/+334
| | | | | | | | in terms of these calls. The header for the hex filter is renamed hex_filt.h. This probably won't affect people because filters.h (included by botan.h) already included hex.h, and now just includes hex_filt.h instead.
* Interesting factoid, turns out that overloading std::swap is notlloyd2010-09-021-1/+5
| | | | | | | allowed by the standard, however specializing it is. Fix this for BigInt; it appears the Flexsecure guys knew this since the CurveGFp and PointGFp classes already uses the template specialization rather than an overload.
* Rename mp_amd64_msvc to mp_msvc64 since it supports both AMD64 andlloyd2010-08-253-2/+2
| | | | | IA-64 (and, hypothetically, any other 64 bit CPU Visual C++ might target in the future).
* Add support for Windows-style dynamic loading with LoadLibrary. Notlloyd2010-08-253-8/+32
| | | | yet tested.
* merge of '4c134c636202fe03606cf0825bad22bd5362a224'lloyd2010-08-222-0/+2
|\ | | | | | | and '9e16b5a133480199541647fe245b79b059c9d5ca'
| * Add support for Atom processors.lloyd2010-08-222-0/+2
| | | | | | | | | | | | | | Fix a bug that would cause a harmless but bogus macro to be generated in build.h if you used --enable-sse2 Add --enable-movbe to turn on a macro marking movbe as available
* | For passhash9, add another interface that allows the caller to specifylloyd2010-08-222-14/+35
|/ | | | | | | | | | | which PRF they want to use. The old interface just calls this new version with alg_id set to 0 which is HMAC(SHA-1), which was previously the only supported PRF. Assign new codepoints for HMAC(SHA-256) and CMAC(Blowfish) to allow their use with passhash9. Have the generate+check tests run a test for each supported PRF.
* When creating a PBKDF2, first check if the argument name is a knownlloyd2010-08-211-2/+6
| | | | | | | | | | | | | MAC. If it is, use it as the PRF. Otherwise assume it is a hash function and use it with HMAC. Instead of instantiating the HMAC directly, go through the algorithm factory. Add a test using PBKDF2 with CMAC(Blowfish); Blowfish mainly because it supports arbitrarily large keys, and also the required 4 KiB of sbox tables actually would make it fairly useful in that it would make cracking using hardware or GPUs rather expensive. Have not confirmed this vector against any other implementation because I don't know of any other implementation of PBKDF2 that supports MACs other than HMAC.
* Turns out OpenSSL's implementation of PBKDF2 allows empty passphrases,lloyd2010-08-212-6/+11
| | | | | | | | | | | | | | | | | so for compatability with keys that were encrypted with an empty passphrase we probably want to support it as well. In PBKDF2, don't reject empty passphrases out of hand; simply call set_key and if the underlying MAC cannot use the key, throw an informative exception. This will also be more helpful in the case that someone tries using another MAC (say, CMAC) with a block cipher that only supports keys of specific sizes. In HMAC, allow zero-length keys. This is not really optimal in the sense of allowing the user to do something dumb, but a 1 byte key would be pretty dumb as well and we already allowed that. Add a test vector using an empty passphrase generated by OpenSSL
* Fix paper ref URL, remove unused prefetch includelloyd2010-08-201-5/+9
|
* Also use a smaller table in the first round of AES in the decrypt directionlloyd2010-08-191-9/+19
|
* Use a different idiom for handling the different cases between beinglloyd2010-08-194-45/+48
| | | | | passed a ref and having to allocate a new stream object, a little bit cleaner I think.
* In the first round of AES, use a 256 element table and do thelloyd2010-08-181-9/+28
| | | | | | | | | | | | | rotations in the code. This reduces the number of cache lines potentially accessed in the first round from 64 to 16 (assuming 64 byte cache lines). On average, about 10 cache lines will actually be accessed, assuming a uniform distribution of the inputs, so there definitely is still a timing channel here, just a somewhat smaller one. I experimented with using the 256 element table for all rounds but it reduced performance significantly and I'm not sure if the benefit is worth the cost or not.
* Correct Doxygen commentlloyd2010-08-171-3/+2
|
* Fix Doxygen comment in PBKDF2 constructorlloyd2010-08-131-2/+2
|
* The changelog for 1.9.4 claimed that the default PKCS #8 encryptionlloyd2010-08-131-1/+1
| | | | | | | | | | algorithm had changed to AES-256. This was wrong, it actually changed to AES-128. However in retrospect AES-256 is probably a reasonable move (in particular for the 4 extra rounds; the related key attacks possible against AES-256 are probably not viable since we generate the key using PBKDF2), so update the 1.9.4 changelog to correctly indicate the change made in that release, and also modify PKCS #8 to actually use AES-256.
* Add also AES-192 using SSSE3lloyd2010-08-123-23/+151
|
* Support AES-256 is the SSSE3 implementationlloyd2010-08-123-5/+95
|
* Use _mm_set_epi32 instead of _mm_set_epi64x - VC++ obnoxiously onlylloyd2010-08-112-79/+79
| | | | supports epi64x in 64-bit mode.