aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* merge of 'beaa845172bcf34c757ab1428e921d996a275c6c'lloyd2010-06-152-3/+3
|\ | | | | | | and 'cf2b4d27dda134f49f065face1da51645bfbde57'
| * Increase the iteration count and salt size used for encryptedlloyd2010-06-152-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | private keys. For the older PBES1, we can only increase the iteration count (from 2048 to 10000); the salt is fixed by the standard to 64 bits. This is probably OK, since PBES1 is also limited to (at best) 64-bit encryption keys and thus is pretty unsafe anyway. For PBES2, increase the iteration count (also 2048 to 10000) and increase the size of the salt from 64 bits to 96 bits. This will only affect keys which are encrypted by a version after this revision.
* | More Doxygen fixeslloyd2010-06-1542-70/+116
| |
* | Fix a few hundred Doxygen warningslloyd2010-06-1541-132/+173
|/
* Use X509::BER_encode in the Python wrapperslloyd2010-06-151-10/+8
|
* Use X509::BER_encode. Saves 12 lines. Nicelloyd2010-06-151-18/+6
|
* New BER encoding funcs for PKCS and X.509. Remove Private_Key dep herelloyd2010-06-156-108/+122
|
* Simplify PKCS8::copy_keylloyd2010-06-151-7/+1
|
* Some PKCS #8 simplificationslloyd2010-06-143-21/+19
|
* Expose a datestamp in build.h, provide function in version.h forlloyd2010-06-143-0/+12
| | | | getting runtime value.
* Use strncpy instead of strcpy in EGD readerlloyd2010-06-131-1/+1
|
* Change how alloc_mmap's TemporaryFile class works. Don't exposelloyd2010-06-131-10/+17
| | | | | | | | | | | | | | | | | | | | | | the name at all; instead unlink it at the end of the constructor, so by the time it is fully constructed it is purely an anonymous file descriptor. mkstemp has a weird interface and returns the final name of the file in its template argument. This prevented us from using a std::string, since c_str's return is const (and we can't use &string[0], because that might not be NULL-terminated). This previously required doing nasty things like explicit new/delete and using strcpy (the strcpy was what got me started on looking at this; OpenBSD complains about it, so I was trying to figure out a good way to remove it). Instead, use the idea from http://www.gotw.ca/gotw/042.htm, and use a std::vector to hold the mkstemp argument/result. That works consistently everywhere, and we don't need to rely on strcpy, and don't have to worry about memory leaks either. Only minor nit is having to add an explicit NULL terminator as the std::string doesn't contain it.
* Add typedefs for the named EME encryptor/decryptor classes so codelloyd2010-06-111-0/+6
| | | | using the 1.8 names continues to work.
* Change how install_name is set on OS X. Not tested, taken from patchlloyd2010-06-111-1/+1
| | | | used by MacPorts; I assume they know what they are doing.
* Oops. On a private key, call PKCS8::encode so the full key is exportedlloyd2010-06-111-1/+1
|
* Add to_ber to the RSA objects so you can get the raw BER encoding.lloyd2010-06-111-0/+20
| | | | Requested by Thomas Capricelli.
* Fix problem that prevented AES-NI code from getting loaded in at leastlloyd2010-06-111-1/+3
| | | | | | | some cases. Add a westmere alias for "Core i5 CPU M 520", which is what uname (and thus, platform.processor()) returns on my laptop. Mostly for my benefit of course.
* Include generic mp_asmi.h for MSVClloyd2010-06-113-1/+3
| | | | | | | Don't use /EHc; it says "C" functions are nothrow, which is not true for bigint_sub2_rev. Include needed <intrin.h> for mp_asm.h
* Have to add it as explicit dep in bigintlloyd2010-06-111-1/+1
|
* Add (untested) support for VC++'s _umul128 intrinsic, which apparentlylloyd2010-06-112-0/+76
| | | | works on both x86-64 and ia64. Will allow using 64-bit limbs on Windows.
* For 64-bit InnoSetuplloyd2010-06-101-1/+5
|
* Add a simple Windows install targetlloyd2010-06-101-5/+3
|
* Fix comparison to use IVs with a hypothetical negotiated TLS that useslloyd2010-06-092-2/+2
| | | | a larger major version #.
* merge of '0ab1e77862bca53dec5ac1f2f9dbe994378e91f7'lloyd2010-06-081-2/+4
|\ | | | | | | and 'b9e4e0dcc98d3266c2d7e4fd631038babdfd933b'
| * In BigInt::bits, cache sig_words() result instead of calling twicelloyd2010-06-071-2/+4
| |
* | Exclude Python/Perl wrappers from Doxygen outputlloyd2010-06-071-1/+1
| |
* | Make Filter::new_msg and finish_msg private; only used by Pipe, which is a ↵lloyd2010-06-071-12/+13
| | | | | | | | friend
* | Add Doxygen header comments for XTS modeslloyd2010-06-071-4/+4
| |
* | Fix buildlloyd2010-06-071-0/+1
| |
* | Use "/*" instead of "/**" in starting comments at the begining of a file.lloyd2010-06-0785-97/+96
|/ | | | | This caused Doxygen to think this was markup meant for it, which really caused some clutter in the namespace page.
* Show inherited members; makes Doxygen output much more sensiblelloyd2010-06-021-1/+1
|
* Add constructor and destructor for pipe_wrapper to handle init and closelloyd2010-06-021-5/+5
|
* Put PKCS hash ids in anon namespacelloyd2010-06-021-21/+22
|
* OpenBSD doesn't have MSG_NOSIGNAL; you need to set up a signal handlerlloyd2010-06-011-1/+0
| | | | | | | | to catch SIGPIPE instead. Simply avoid building the unix_socket module there. Yet another reason to move to a fully async/event-based interface that doesn't interact with sockets directly.
* If you didn't specify a qbits for the DSA kosherizer, then it wouldlloyd2010-05-281-19/+20
| | | | | | choose 256 bits unless the pbits was exactly 1024. That would mean you for pbits = 512/768, the FIPS 186-3 size check would fail and it wouldn't work. Pointed out by Rickard Bellgrim.
* Hid --enable-isa and instead expose --enable-{sse2,ssse3,aes-ni,altivec}lloyd2010-05-261-1/+1
| | | | | | | | | | | | in the help. Unfortunately we can't just remove --enable-isa, because for the callback to work the target list has to already exist, and it only does by virtue of the default=[] param to the enable-isa setup. We could just use append_const, except then we can't run on Python 2.4, and the latest release of RHEL only has 2.4 :( Rename aes_ni to aes-ni in configuration-speak
* Remove FORK-256; it's obscure and has been definitively broken.lloyd2010-05-254-198/+0
| | | | | More commentary posted to the list: http://lists.randombit.net/pipermail/botan-devel/2010-May/001123.html
* Change BlockCipher::parallelism() to return the native parallelism oflloyd2010-05-2511-27/+31
| | | | | | | | | | | | | | | | | | | | the implementation rather than the preferred one. Update all implementations. Add a new function parallel_bytes() which returns parallelism() * BLOCK_SIZE * BUILD_TIME_CONSTANT This is because i noticed all current calls of parallelism() just multiplied the result by the block size already, so this simplified that code. The build time constant is set to 4, which was the previous default return value of parallelism(). However the SIMD versions returned 2*native paralellism rather than 4*, so this increases the buffer sizes used for those algorithms. The constant multiple lives in buildh.in and build.h, and is named BOTAN_BLOCK_CIPHER_PAR_MULT.
* Add a couple of small patches from Thomas Capricelli <[email protected]>lloyd2010-05-212-14/+26
| | | | that enable botan to be built under the clang C++ compiler.
* merge of '540ae85af1cc9245c325ef716fcc5c5b334251d0'lloyd2010-05-1920-83/+45
|\ | | | | | | and 'ce3d40d9f2e90346189ca6dfed2a1f38804d5c10'
| * Add a build.h macro BOTAN_GCC_VERSION which is set to major*100+minor*10+patchlloyd2010-05-132-2/+10
| | | | | | | | | | | | | | | | if we are compiling under GCC, or 0 otherwise. Use it in cpuid.cpp for use of GCC's cpuid.h header file. If we don't have a method of calling cpuid, print a warning.
| * Remove the old (unused) <supports_shared> config block. It specifiedlloyd2010-05-1317-69/+7
| | | | | | | | | | | | | | which architectures the OS supported shared libs on; in all cases it was either all or none. Replace with new config build_shared [yes|no], which defaults to yes but is set to no for MinGW and Cygwin since shared libs don't seem to be working well there.
| * Partially protect OAEP decoding against a timing attack. Possibilitylloyd2010-05-121-12/+28
| | | | | | | | | | | | | | | | of this pointed out by Falko Strenzke. The timing differences between different error conditions could lead to attacks even with the same error message. Instead use a (mostly) straightline implementation. However scanning for the delim byte is still timing/input dependenant, so this is not a 100% fix.
* | Use memcpy to copy gethostbyname's result to the socket info structlloyd2010-05-101-0/+5
|/ | | | | instead of doing cast+assign - GCC on SPARC rejects because the required alignment increases.
* Avoid trying to use GCC's cpuid.h in versions where it doesn't existlloyd2010-05-061-1/+3
| | | | | (before 4.3). Probably will need to write asm blocks for those older versions.
* Modify the implementation of multiplication mod 65537 used in IDEA tolloyd2010-04-301-10/+13
| | | | | | | | | | be branch-free. This reduces performance noticably on my Core2 (from 32 MiB/s to a bit over 27 MiB), but so it goes. The IDEA implementation using SSE2 is already branch-free here, and runs at about 135 MiB/s on my machine. Also add more IDEA tests, generated by OpenSSL
* HMAC_RNG handling changes - split up reseed() and add_entropy()lloyd2010-04-272-35/+31
| | | | | | | | entirely. add_entropy() just adds the input into the extractor; if more than 1024 bytes of input have been added by the user since the last reseed, then force a reseed. Until that point, the data simply remains accumulating in the extractor, which is fast and helps ensure a large block of data is input when we finally do reseed.
* Remove add_entropy_vec. Much cleaner way of doing this: add the entirelloyd2010-04-273-7/+4
| | | | contents of all SSL/TLS handshake messages into the PRNG input.
* mutex.h is internal - had been picking up system installed versionlloyd2010-04-231-1/+1
|
* Add the other parties Random value to the local PRNG statelloyd2010-04-232-0/+4
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 04:29:02 +0000