| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
when I was testing on x86 and x86-64 machines.
|
|
|
|
|
|
|
|
|
| |
Where loadstor.h was needed but only implicitly included via bit_ops.h,
include it directly
Add endian reversal functions to bit_ops.h
Remove some unneeded includes in big_ops2.cpp and a few other files.
|
|
|
|
|
| |
occur inside the key schedule instead. This should lead to (slightly) better
scheduling in the compiled code by reducing the length of a critical path.
|
|
|
|
|
|
|
| |
All are now specified through the config. The new default is just /bin,
/sbin, /usr/bin, and /usr/sbin. Formerly /usr/ucb, /usr/etc, and /etc were
also searched. If you want this behavior again you have to explicitly set
the rng/unix_path configuration setting.
|
|\
| |
| |
| | |
and 'dda7bbd71591790326178cc71409a956cf121d6b'
|
| |
| |
| |
| |
| |
| | |
a fast poll request, and not if a slow poll was specifically requested.
So a sequence of slow and then fast polls would trigger a second slow
poll, which was not desired.
|
| |
| |
| |
| | |
Original patch from Yves Jerschow.
|
| |
| |
| |
| | |
decimal-dotted string notation.
|
| | |
|
| | |
|
| | |
|
|/
|
|
|
| |
Library_State::initialize: now the LibraryInitializer is just a simple
wrapper to create/destroy the state with no other operations.
|
|
|
|
|
|
|
|
| |
that called global_state(), which cased an infinite recursion.
Make creating a Library_State a two-phase operation, first an empty constructor
(just sets all pointers to NULL), then an initializer that sets up everything
needed to start up the library.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LibraryInitializer::initialize(), which will set it for us (or fail by
throwing an exception, which will be propogated to the caller). So any
instances of creating a LibraryInitializer where no option arguments
are passed can be removed; instead that initialization will run when
or if you execute an operation where Botan requires the services
provided in the state. Because no options are passed, the library will
be using the default (debug and not thread safe) mutex type: so
hopefully you'll quickly get an exception when the debug mutex
realizes it is being used in a threaded application, but there is risk
of operations silently failing before that happens.
You can call LibraryInitializer::deinitialize() at the end of your
main function (or whenever you think you won't need Botan anymore), to
free the global state; if not a number of cleanup destructors will not
run (including the final scrub of memory).
You can even shut down Botan speculatively; if it turns out you need
it again, it just means you'll have to take the cost of another
initialization. However in applications that use Botan only in small
bursts, or in rarely taken codepaths, you can remove the state
entirely and suffer zero memory overhead. This probably only makes
sense in memory constrained systems, but it's reasonable to do now.
Speculatively deallocating the state is probably not thread safe
without extra work. One thread calling deinitialize() would invalidate
pointers that would have been visible to other threads. One (untested)
idea: have an atomic integer with the number of current threads using
Botan. If any thread decrements and hits zero, it could deinitialize
Botan safely. This might cause too many repeated startup/shutdowns,
which would depend on the app use pattern.
In addition, since you can't pass arguments to the new Library_State,
you can't specify the use of real mutexes (or anything else): so for
right now, this only works in applications that are fine with the
standard options. I want to find a way to get that working, though,
since it's very inelegant. Currently a Default_Mutex (not at all
thread safe but somewhat error checking) will be used. And self test
will always be run (more on that below).
I wrote a program that just initializes and shuts down in a tight
loop. Running on my Gentoo box (Core2 E6400, gcc 4.1.2):
thread_safe? selftest? time (ms)
------------ --------- ---------
no yes 6.1
no no 3.8
yes yes 6.7
yes no 3.8
If you're actually worried that the library might start up OK but then
start failing basic self tests, what you actually want to do is have a
thread that runs diagnostics on your entire process state (including
calling Botan's self test code) every N seconds.
The question is how to get arguments from the outside world to the
constructor of the Library_State that is created inside of
global_state(): avoiding many self tests to save a bit of time (many
applications won't care about the extra cost but sometimes 2 or 3 ms
is important), and thread safety (beacuse you can't specify to use a
real mutex).
|
|
|
|
| |
SHA-256 (from draft-ietf-pkix-sha2-dsa-ecdsa-01)
|
|
|
|
| |
exception instead of one for a PEM decode error which is not very helpful.
|
|
|
|
| |
is 64 bits.
|
|
|
|
|
|
|
| |
The test vectors were generated by Crypto++ 5.5 on a Linux/x86-64 machine.
Test vectors for CBC-MAC(DES) all pass, for inputs up to 63 bytes. For
CBC-MAC(AES-128), all test vectors with inputs over 10 bytes fail to verify
against what Crypto++ produces. Unknown at this time where the bug lies.
|
|
|
|
| |
from Christophe Meessen on the development list.
|
|
|
|
|
| |
limits the output to just a bit under 2^32 bytes, which is the maximum
you can request anyway.
|
|
|
|
| |
static_cast or reinterpret_cast, as needed.
|
|
|
|
|
| |
just want access to the underlying data representation but don't care if
the return value is NULL terminated or not.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
under the name that the algorithm was originally requested by. This enables
proper caching for algorithm names which deref_alias fails to fully dereference
such as "HMAC(SHA-1)". The previous code had two major problems with names of
that type, firstly that the cache was effectively bypassed due to all prototype
objects in Algorithm_Cache_Impl being indexed by their canonical names rather
than the alias that they were requested under, and that there existed a race
condition where a prototype object might be deleted while in use in multithreaded
code.
The downside of this change is that using multiple names to refer to a single
algorithm causes multiple prototype objects to be created, one for each name
that is in use. However the memory overhead of this should be fairly minimal
and given the severity of the race condition this seems like a worthwhile tradeoff.
A more complete fix would be to fix deref_alias to properly derference all alias
names. That fix would be complimentary with this change in that if deref_alias
handled all names properly there would be a single prototype object and there
would then be no additional memory overhead to the cache.
|
| |
|
|
|
|
| |
of the line rather than the start.
|
|\
| |
| |
| |
| |
| | |
e92fe807f749c526669303bd1530dd76a4d10a86)
to branch 'net.randombit.botan' (head 04a56f961f413296df6637b77ec45aa444513cfc)
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
into
account endian differences.
The current code does not take advantage of the knowledge of which endianness
we are running on; an optimization suggested by Yves Jerschow is to use (unsafe)
casts to speed up the load/store operations. This turns out to provide large
performance increases (30% or more) in some cases.
Even without the unsafe casts, this version seems to average a few percent
faster, probably because the longer loading loops have been partially or
fully unrolled.
This also makes the code implementing low-level algorithms like ciphers and
hashes a bit more succint.
|
| | |
|
| |
| |
| |
| |
| | |
Seems to be about 2-3 times faster in the case where the key is smaller
than the hash's block size, which is almost always the case.
|
|\|
| |
| |
| |
| |
| | |
8a2b79c64a13d3f70b0211d4f985a678951a9663)
to branch 'net.randombit.botan' (head 677686443a5bb53b03d147999947448a9dc2679a)
|
| |
| |
| |
| | |
Studio users.
|
| |
| |
| |
| | |
fairly massive way.
|
| |
| |
| |
| | |
from a void* to a Memory_Block, so call the constructor explicitly.
|
| | |
|
| |
| |
| |
| |
| | |
These were allocated out of my IANA assigned arc, which is documented at
http://www.randombit.net/text/oids.html
|
| |
| |
| |
| |
| |
| | |
encode a public key that did not have an OID for its key format resulted
in a very confusing exception (thrown from char2digit) that was completely
meaningless to anyone.
|
| |
| |
| |
| |
| |
| |
| | |
a feeling I may want to perform automated source changes to the version
strings (eg, to insert a monotone revision ID), but I'd just as soon
perform such operations on as small a file as possible to limit any
damage that might occur due to a source code rewriting script gone awry.
|
| |
| |
| |
| |
| |
| | |
caller. The resulting code is longer and somewhat harder to read, but it's
giving 25-30% performance increases on my Core2, and something a bit
lower but still measurable on the P4.
|
| | |
|
| |
| |
| |
| | |
than using an unadorned buffer with the increment() function.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
how big q should be.
Add FIPS 186-3 DSA parameter generation, this allows for generating larger
(2048 and 3072 bit) DSA keys. At this time there do not seem to be official
test vectors for 186-3, and I have not checked against other implementations.
Tests will be constructed using the latest OpenSSL snapshot.
|
| |
| |
| |
| | |
current register size; reads return 0, writes extend the buffer.
|
| | |
|
| |
| |
| |
| | |
and actually reduced the total line count.
|