| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
printer example, and really is just CONSTRUCTED | CONTEXT_SPECIFIC.
Extend the ASN.1 printer to recurse into OCTET STRINGS that
contain DER, and to print enumeration values.
BOTAN_DLL export some OID operators (+, !=, <)
Add an OID entry for 1.3.6.1.5.5.7.48.1.1 OCSP basic response.
Correct the Certificate_Policies code, it was dumping policy OIDs into
the extended key usage!
|
|
|
|
| |
binary) values which we need for OCSP.
|
| |
|
|
|
|
|
|
|
| |
as after all we are reading things that we received over a network
connection so there certainly is no reason to try to mlock them.
Also remove unneeded include in tls_record.h
|
|
|
|
| |
get a secure_vector.
|
|
|
|
|
| |
As best I can tell those are the only Unix kernels that allow
unprivledged users to mlock memory.
|
|
|
|
|
| |
Fix some bugs that triggered if DEFAULT_BUFFERSIZE was either too
small or an odd size.
|
|\
| |
| |
| |
| |
| | |
63b5a20eab129ca13287fda33d2d02eec329708f)
to branch 'net.randombit.botan' (head 8b8150f09c55184f028f2929c4e7f7cd0d46d96e)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
best_fit->first in cases where we had an almost exact match (exact fit
but with some alignment bytes at the start), meaning that not only
would we lose those bytes forever, but that we might later hand out a
range overlapping with what we handed to our current caller.
Also, in deallocate, lower_bound on the freelist might return end()
(for instance if the freelist is entirely empty). Avoid trying to
update the iterator in that case.
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
were not including it in the header chain. Caused compilation
failures using Clang 3.1 using libc++.
Remove the 3-argument version of hash_seq in SRP6, was not being used.
|
| |
| |
| |
| | |
Plus a few minor cleanups.
|
| |
| |
| |
| |
| |
| | |
We previously ignored a block that was exactly the right size for the
allocation and the needed alignment. If we find such a block prefer it
over any other (non-exact) blocks to minimize fragmentation.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
until we are actually setting a key. This avoids the problem of
prototype objects consuming not just memory but the precious few bytes
of mlock'able memory that we're given by Linux.
Use clear_mem instead of a loop in BigInt::mask_bits
If OS2ECP encounters an invalid format type, include what type it was
in the exception message.
|
| |
| |
| |
| |
| |
| | |
vector of (start,length) where we are careful to maintain the correct
ordering. Much much faster than the map version as it mostly avoids
allocations and copies.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
pointer checks as a sufficiently smart compiler might optimize way
pointer comparisons otherwise. Avoid using an iterator value after we
have released it from the map.
Reduce the default buffer size to 1K to reduce pressure on mlock
memory.
Drop the old mlock wrapper code.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a new mlock allocator which is far superior to the previous one
both in terms of behavior (will lock exactly as much memory as we can
actually mlock and will fall back to new/delete in all other cases),
and much better and much simpler freelist than the old mem_pool code.
Currently we only support systems with mmap+mlock, however it should
be easy to extend to also support Windows VirtualLock if desired.
|
| |
| |
| |
| | |
style cast in secmem.h
|
| |
| |
| |
| |
| |
| | |
using a custom allocator. Currently our allocator just does new/delete
with a memset before deletion, and the mmap and mlock allocators have
been removed.
|
| |\
| | |
| | |
| | |
| | |
| | | |
6332543aa5a8a4cc13662008ff9ac0f0016d9a4d)
to branch 'net.randombit.botan.cxx11' (head 5517c9f8f6d1990f269afb94f569a97a80c5a5f4)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
was not the right size for a signature (following DSA). This would
silently convert to an empty vector which we would treat as a valid
message on the return. However the EMSA checks will always fail so not
a huge problem.
While checking this out I noticed that an empty value for EMSA4 would
result in us reading memory we didn't own.
|
| | |
| | |
| | |
| | |
| | |
| | | |
exceptions thrown in end_msg (for instance in CBC decryption when the
padding is bad) more or less screwed up the pipe completely. Allowing
reset here at least allows an escape hatch.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
-ivb_rdrnd_cpuid option to toggle the bit off and on. Fortunately on
Intel processors the bit we were actually checking is also enabled by
Ivy Bridge. However it is also used on AMD Bulldozer processors to
signal half-precision floating point support so we could false
positive there.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
didn't work on older GCC/binutils. Instead hardcode the expression for
rdrand %eax, which should work everywhere. Also, avoid including immintrin.h
unless we're going to use it, to avoid problems with older compilers that
lack that header (this caused build failures under GCC 3.4.6).
|
| | |
| | |
| | |
| | | |
isn't working here anyway, but also broke DSA servers.
|
| | |
| | |
| | |
| | | |
caused huge performance issues with DSA/ECDSA signing performance.
|
| | |
| | |
| | |
| | | |
implement Camellia's F function. Roughtly 60 - 80% speedup on Nehalem.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
processors. Tested using SDE on Linux with GCC 4.6, Intel C++ 11.1,
and Clang 3.0, all using the inline asm variant. I do not know if
current Visual C++ has the intrinsics available or not, so it's only
marked as available for those compilers at the moment.
|
| | |
| | |
| | |
| | | |
secmem.h. Mostly replaced by assign or copy_mem.
|
| | |
| | |
| | |
| | |
| | |
| | | |
with a custom allocator; remove the 3 argument version of
MemoryRegion::copy, replacing with freestanding buffer_insert
function.
|
| | |
| | |
| | |
| | | |
was using this, so no other changes needed.
|
| | | |
|
| |\ \
| | | |
| | | |
| | | |
| | | |
| | | | |
a4741cd07f50a9e1b29b0dd97c6fb8697c038ade)
to branch 'net.randombit.botan.cxx11' (head 116e5ff139c07000be431e07d3472cc8f3919b91)
|
| | | | |
|
| | |\ \
| | | |/
| | |/|
| | | |
| | | |
| | | | |
494c5d548ce3f370c2b771ca6b11e5f41e720da2)
to branch 'net.randombit.botan.tls-state-machine' (head b2cd26ff6f093caa79aecb2d674205f45b6aadff)
|
| | | |\
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
50fa70d871f837c3c3338fabf5fb45649669aabf)
to branch 'net.randombit.botan.tls-state-machine' (head 2358daac57db0411e62da2ef5a484468cb9307b7)
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
update. Increase DHE group size from 1536 to 2048 bits, which per
NIST/ECRYPT should be good to 2030 or so.
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
renegotiation or not.
Save the hostname in the client so we can pull the session from the
session manager.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
channel, except NPN which is strictly a per-connection extension.
Makes life easier for servers. OpenSSL seems to behave the same way.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
resumption, which would cause failures if doing a renegotiation under
the same session (eg to refresh keys).
The peer_certs variable was not set until after the Session object was
created, meaning the session (or session ticket) would not include
client certs. Worse, they would be included in the next session saved,
so if a client presented one cert, then renegotiated and presented
another one, the first cert would be associated with the second
session!
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
nothing meaningful to compare to.
|
| | | | |
| | | | |
| | | | |
| | | | | |
in response to a certificate request.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
encoded CA DN has a length field but also the entire block has one.
This caused decoding errors if we requested a certificate and sent one
or more DNs to request particular CAs. The decoding side had it correct.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
the peer are automatically responded to. TLS::Channel::heartbeat can
initiate a new heartbeat if the peer allows it. Heartbeat replies are
passed back to the application processing function with an Alert value
of HEARTBEAT_PAYLOAD (a 'fake' value, 256, which is out of range of
the valid TLS alert space), along with the sent payload.
The RFC requires us to have no more than one heartbeat 'in flight' at
a time, ie without getting a response (or a timeout in the case of
DTLS). Currently we do not prevent an application from requesting
more.
|
| | | | | |
|