aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* First stab at an event driven TLS client.lloyd2011-12-237-228/+119
|
* Add code point for the SRP identifier extension and add a check for itlloyd2011-12-173-0/+13
| | | | | in the Client_Hello parser. Works, tested with GnuTLS command line client.
* Initial run at an SRP-6a implementation. Not entirely sure about thelloyd2011-12-174-0/+288
| | | | | interface but it's a plausible start. Will probably have more insights after adding TLS hooks.
* Add the 2048 bit SRP group from RFC 5054lloyd2011-12-171-0/+15
|
* Make this exception somewhat more understandable. I think.lloyd2011-12-171-1/+1
|
* Use LoadLibraryA instead of bare LoadLibrary so things work if used inlloyd2011-12-131-1/+1
| | | | an amalgamation and the app is compiled in Unicode mode.
* Fix PR 166lloyd2011-12-081-5/+9
|
* Add basic NaCl targetlloyd2011-12-081-0/+4
|
* LoadLibrary apparently works on MinGWlloyd2011-12-021-0/+1
|
* GCC doesn't like casting a function pointer to void* without anlloyd2011-12-021-1/+2
| | | | explicit cast.
* Add AltiVec detection on OpenBSD, contributed by Brad Smith in PR 162lloyd2011-11-281-1/+15
|
* Call cpuid via inline asm on x86-64, so we can use it with Clang (nolloyd2011-11-181-2/+16
| | | | cpuid intrinsic) and older GCC (no cpuid.h before 4.3)
* Add model name for Sandy Bridge. Use -march=corei7 with GCC and Clanglloyd2011-11-183-12/+16
| | | | as they seem to understand it as of GCC 4.6 and Clang 2.9.
* Fix declarationlloyd2011-11-181-2/+1
|
* Manually rename registers instead of rotating. Performance is aboutlloyd2011-11-181-638/+638
| | | | | the same, so clearly GCC 4.6 and/or the Core i7 are very good about renames, but might help on less capable systems.
* Poll clock_gettime in High_Resolution_Timestamp::poll with whateverlloyd2011-11-112-1/+39
| | | | clock types we know about that have macros defined for them.
* Add AltiVec detection for POWER7 processorslloyd2011-11-021-0/+2
|
* Don't set the soname on OpenBSD (PR 158)lloyd2011-10-111-0/+3
|
* Name the params for DER_Encoder in headerlloyd2011-10-061-24/+47
|
* Avoid using -march=i386 if an i386 is 'detected', instead uselloyd2011-08-151-2/+5
| | | | | | | | -mtune=generic as with i486. Python's platform reports an i386 when running on a Core Duo on MacOS X 10.6, then using -march=i368 causes a link failure due to missing atomic adds in libstdc++. PR 152 Also use generic for i586.
* Add a new, somewhat more functional dist scriptlloyd2011-07-111-0/+168
|
* The Algorithm_Factory has this logic on looking for an object:lloyd2011-07-054-8/+31
| | | | | | | | | | | | | | | | | | | | - Check the cache; if found, return value - Populate cache, if the value is already there, delete the old object and save the new one. - Recheck the cache value Raja <[email protected]> pointed out on the list that this could race if multiple threads called a lookup function in close succession while the cache was cold. All of them would fail the lookup, then each of them would add it, but the values returned would be deleted by other threads. Instead, declare that first write wins. Then, the cache stays consistent even if there is a race, the only issue is an extra search and delete. Modify GOST and Skein, as their name() function did not roundtrip properly which caused failures otherwise.
* Tick to 1.10.1 unreleased.lloyd2011-06-302-0/+3
| | | | | Try to detect the mtn revision (by shelling out to mtn automate), and including it in build.h as BOTAN_VERSION_VC_REVISION.
* Make CMAC::poly_double at least theoretically constant time, thoughlloyd2011-06-231-3/+2
| | | | most compilers will probably compile this into a conditional anyway.
* Fix -Wshadow warninglloyd2011-06-221-2/+2
|
* Invert the meaning of the Miller-Rabin test; passes_test meant 'is notlloyd2011-06-161-9/+17
| | | | | | | | | | a witness'. Instead call it 'is_witness', returning true if a is a witness for n's compositness, or otherwise false. Also, the previous version would not check that the final value of y was n-1; if it isn't, then n is not prime. This would mean the false negative rate was higher than it should have been, though I'm not sure by how much exactly.
* Detect (though not using) the CPUID bit for the RDRAND instructionlloyd2011-06-161-1/+8
|
* Add std::swap specialization for memory containerslloyd2011-06-131-0/+10
|
* Write zeros in 4K blockslloyd2011-06-071-7/+9
|
* Simplify Montgomery setup here a bitlloyd2011-06-071-6/+4
|
* Rename some dirs for shorter object files where configure willlloyd2011-06-0313-2/+2
| | | | coalesce the dir and file name if identical.
* Ignore \r as whitespace in base64 decoder - caused test failures onlloyd2011-06-031-1/+3
| | | | Windows :(
* Fix building with --via-amalgamation; it wouldn't generate thelloyd2011-06-035-432/+449
| | | | | | | | amalgamation properly, but would happen to work if a previously written amalgamation was around. Also make changes allowing using the SIMD optimized versions of SHA-1 and Serpent to be used in the amalgamation.
* Remove BOTAN_DLL from internal headers, add it to Unexpected_Messagelloyd2011-06-024-14/+14
| | | | exception.
* Change order of arguments to bigint_monty_redc (internal interface,lloyd2011-06-023-46/+43
| | | | | | not exposed to callers) Switch back redc to using the inlined version (accidental change)
* Add monty sqr and multiply routines (they just call karatsuba and thenlloyd2011-06-024-43/+77
| | | | redc, currently)
* Reduce number of temporaries needed in point additionlloyd2011-06-011-22/+14
|
* Multi-expoentiation, using the single bit variation. Using a 2 or 3lloyd2011-06-014-2/+49
| | | | | | bit window may well improve things further. Currently seeing 20-25% improvement in ECDSA signature verification and 25 to 40% in GOST-34.10 verifications.
* Remove amalg on distcleanlloyd2011-06-012-0/+2
|
* PointGFp::get_affine_{x,y} doesn't return a referencelloyd2011-05-311-2/+2
|
* MinGW install commands are the default, so don't specify explicitly.lloyd2011-05-262-5/+2
| | | | | On Solaris, use /usr/ucb/install, as /usr/sbin/install uses some kind of other strange syntax.
* Explicitly specify the types for make_pair when passing a const arraylloyd2011-05-241-2/+10
| | | | | | as the first value. Oddly, Sun Studio's default STL tries to make a pair with the first value a 'const byte[2]', and then subsequently rejects that as invalid. Reported by Jeremy Reed.
* Split the SIMD implementations into their own modules and choose onelloyd2011-05-2412-16/+41
| | | | at config time.
* FD_ZERO on Solaris uses memset, and assumes we included string.hlloyd2011-05-242-0/+2
| | | | already. Reported by Jeremy C. Reed <[email protected]>
* Only call p.sig_words once in CurveGFp constructor.lloyd2011-05-191-4/+2
| | | | Fix build log; copy and paste error.
* Move the curve over GF(p) code back into its own subdirlloyd2011-05-197-7/+22
|
* Reject s == 0 or r == 0 in a ECC signature.lloyd2011-05-192-2/+5
| | | | | | | | | | | | | | | In ECDSA, this cases should all be caught by the later check that R is not zero, so I don't believe there is any security danger. However the GOST 34.10 implementation did not have either check. Fortunately, the function that extracts the affine X coordinate from the Jacobian coordinates will throw an exception if the point is at infinity, so we would not in fact accept invalid signatures, but this is mostly by luck. And still represents a bit of a DoS potential. I checked the history, it looks like not checking for zeros at the start traces back to the original InSiTo code, and I copied the ECDSA code for GOST without thinking about it too much.
* Small cleanup in the Barrett reducer, now doesn't create a temp iflloyd2011-05-182-33/+35
| | | | abs(x) < modulus. Also remove unused member variables.
* Fix the very basic operations for encoding and decoding alloyd2011-05-172-12/+10
| | | | | | | | | certificate policies extension, though it's really not supported at all. Remove test code from secmem.h Fix building the examples
* Modify ECC points to do all math in Montgomery form, rather thanlloyd2011-05-174-156/+144
| | | | | | | | | | | | | converting back and forth. This gives a 10 to 20% speedup on a Core i7. In addition, the CurveGFp no longer contains a Barrett reducer, saving 3 BigInts worth of memory. Add a #if'ed out alternative to point multiplication using the Montgomery ladder technique. It runs in (more or less) constant time, but rather significantly slower than the 4 bit window technique currently used. Tweak the window sizes to match the theoretical optimums.