aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Add missing mutex info.txt filelloyd2009-07-011-0/+9
|
* Move mutex.h from utils/ to mutex/ dir as more relevant arealloyd2009-07-012-1/+0
|
* DataSource::discard_next did not actually return the number of discardedlloyd2009-06-241-1/+1
| | | | bytes. Bug noted by Falko Strenzke, fix by M. Braun. (bug id 31)
* Use an input insensitive implementation of same_mem instead of memcmp.lloyd2009-06-221-1/+8
| | | | | | I don't know that having same_mem be sensitive to input would actually allow any form of timing attack in the current codebase, but it seemed like a prudent thing to do in any case.
* Improve handling of low-entropy situations in HMAC_RNG and Randpool.lloyd2009-06-212-8/+14
| | | | | | | | | | | When a reseed is attempted, up to poll_bits attempts will be made, running in order through the set of available sources. So for instance if poll_bits is set to the default 256, then up to 256 polls will be performed (some of which might not provide any entropy, of course) before stopping; of course if the accumulators goal is achived before that point, then the polling stops. This should greatly help to resolve the recent rash of PRNG unseeded problems some people have been having.
* Add variable names to decls in kdf.hlloyd2009-06-191-12/+20
|
* Changes to /dev/*random poller - read up to 48 bytes, and wait longer in ↵lloyd2009-06-091-3/+2
| | | | select loop (up to a second)
* Change the order of preference for /dev/*random polling tolloyd2009-06-091-1/+1
| | | | | | /dev/urandom /dev/random /dev/srandom (OpenBSD-specific)
* Patch to fix --as-needed bug was slightly wrong: linked to -lbotan-@{version},lloyd2009-06-061-1/+1
| | | | | but with the most recent change to decouple version # and so version this is wrong - use @{var:so_version} instead.
* Fix Gentoo bug 272242lloyd2009-06-061-2/+2
|
* Mark Skein_512 with the BOTAN_DLL macrolloyd2009-06-062-3/+9
| | | | | | | | | | | | | | Add a comment that the limitation of the personalization string being a maximum of 64 characters is due to the implementation and not the specification (but it makes it easy to implement, and in this particular case 64 characters is probably fine). Add some tests for the personalization option, generated by the Skein reference implementation. Disable stripping whitespace in checks/misc.cpp:strip - it strips the personalization tag, which breaks the test, and isn't needed otherwise because the test files are well-formed.
* Small cleanups in the Skein-512 source, and add support for thelloyd2009-06-033-71/+67
| | | | personalization option.
* Add an implementation of Skein-512lloyd2009-06-024-0/+318
|
* Many source files included bit_ops.h when what was really desired waslloyd2009-05-1325-25/+22
| | | | | rotate.h, or when it was not needed at all. Remove or change the includes as needed.
* One more s/engine.h/pk_engine.h/lloyd2009-05-131-1/+1
|
* engine.h had copies of some declarations from pk_engine.h that had notlloyd2009-05-138-50/+7
| | | | | | been removed when that portion of the code was split off. Remove the duplicated code from engine.h and update some code in pubkey that still relied on the declarations in engine.h instead of pk_engine.h
* Allow for the shared library soname to stay fixed even when the versionlloyd2009-05-132-13/+6
| | | | number increments, for stable releases that don't affect binary compat.
* Add XTS mode, from IEEE P1619lloyd2009-04-164-0/+449
|
* Make AutoSeeded_RNG::reseed's parameter default to 256 for compatabilitylloyd2009-04-161-1/+1
| | | | | with the version in earlier releases. Rickard Bondesson pointed out that this was a problem on the mailing list.
* Place -lbotan before the other -l flags in the output oflloyd2009-04-111-2/+2
| | | | | | | botan-config --libs - with shared objects it makes no difference, but with static libs this doesn't bring in the needed symbols correctly since only symbols needed by earlier objects on the command line are brought in. Reported by Thomas Moschny.
* Use S2 instead of x,y vars as temps for single iteration of psilloyd2009-04-101-4/+4
|
* Include <algorithm> in secmem.h for std::swaplloyd2009-04-081-0/+1
|
* Fully expand the linear recurence phi - about twice as fast on my Core2lloyd2009-04-081-77/+80
|
* Expand the first 12 iterations of phi, though more simplification is needed.lloyd2009-04-071-2/+58
|
* Add the GOST 34.11 hash function. Pretty slow, but functional.lloyd2009-04-074-0/+237
|
* Make the member variables of MDx_HashFunction private instead of protected -lloyd2009-04-071-6/+5
| | | | no subclass needs access to any of these variables.
* Avoid calling compress_n in MDx_HashFunction unless at least one block islloyd2009-04-071-1/+2
| | | | going to be compressed - otherwise it's a noop.
* Remove some commented out code in MDx_HashFunction which was used duringlloyd2009-04-072-26/+0
| | | | | the changeover from single block hashing to having each hash support multiple sequential blocks of input.
* Clean up the GOST_2ROUND macro a bit. Put in do/while block so it is alloyd2009-04-071-7/+8
| | | | statement (at least as far as the calling code is concerned)
* Hide the declarations of the GOST sboxes inside the Param constructor sincelloyd2009-04-012-25/+26
| | | | | that is the only code that needs to see them. Record the name in the Param object.
* Simplify the XTEA key schedule code - there really is no reason tolloyd2009-03-311-29/+13
| | | | | precompute the deltas when they are just a few additions; removing the additions from the encrypt/decrypt rounds seems enough to me.
* Support different GOST paramters in the lookup interface.lloyd2009-03-311-1/+1
|
* Add support for multiple Sbox parameter sets in the GOST 28147-89 ↵lloyd2009-03-312-17/+71
| | | | | | | | implementation. In addition to the GOST 34.11 test parameters (used in Crypto++ among other things), the GOST 34.11 CryptoPro parameters (used in implementations of the GOST hash function) are now supported.
* Add a new version of SCAN_Name::arg that returns a default value if thelloyd2009-03-312-2/+17
| | | | param isn't set.
* Partially unroll the round structure, enough so that the subkey accesseslloyd2009-03-312-36/+40
| | | | | | | can be done directly, so there is no need to copy the key several times for the key schedule (since the GOST 'key schedule' is very simple and the access pattern can now be directly inserted into the code). Looks to be about 10% faster on my Core2, as well.
* Thomas Moschny passed along a request from the Fedora packagers which camelloyd2009-03-30570-8019/+9153
| | | | | | | | | | | | | | | up during the Fedora submission review, that each source file include some text about the license. One handy Perl script later and each file now has the line Distributed under the terms of the Botan license after the copyright notices. While I was in there modifying every file anyway, I also stripped out the remainder of the block comments (lots of astericks before and after the text); this is stylistic thing I picked up when I was first learning C++ but in retrospect it is not a good style as the structure makes it harder to modify comments (with the result that comments become fewer, shorter and are less likely to be updated, which are not good things).
* Use Libs.private for listing dependencies in pkg-config, this leads tolloyd2009-03-281-1/+2
| | | | somewhat cleaner .so dependencies on ELF systems. Patch from Zack Weinberg.
* No reason to include mdx_hash.h in MD2 since it derives directly fromlloyd2009-03-272-24/+24
| | | | HashFunction; include hash.h instead
* Compile fix: missing a commalloyd2009-03-271-1/+1
|
* Check the return value of lseek in the mmap allocatorlloyd2009-03-271-1/+3
|
* Use u32bit instead of int for loop counter in ctzlloyd2009-03-271-1/+1
|
* GOST was using a completely non-standard set of sboxes. Change it to uselloyd2009-03-279-316/+158
| | | | | | | | | | | | | | | GostR3411_94_TestParamSet, this is compatible with the implementations in Crypto++ and OpenSSL. This is not backwards compatible, though once the implementation supports multiple param sets (which is required, unfortunately, for compatability with various standards by CryptoCom, who have defined not one but at least 4 (!!!) different sboxes to use with GOST), I may offer Botan's previous sbox set as an option. Since adding the GOST hash function (34.11) and signing algorithm (34.10) are on the long term agenda (request by Rickard Bondesson, as the Russian authorities want to use their local standards for their DNSSEC use), I renamed the block cipher class (which had been just 'GOST') to GOST_28147_89 to minimize future name clashes.
* Add back the public key filters, at the request of Andreas Podgurski onlloyd2009-03-193-0/+204
| | | | the mailing list.
* Fix misspelled words in algo_factory.{cpp,h}, from Charles Brockman in bug 40lloyd2009-03-022-12/+13
|
* Update some doxygen comments. Contributed by Charles Brockman in bug #39lloyd2009-03-023-28/+28
|
* merge of '93d8e162df445b607d3085d0f966f4e7b286108a'lloyd2009-01-3110-112/+115
|\ | | | | | | and 'fc89152d6d99043fb9ed1e9f2569fde3fee419e5'
| * In es_unix, two changeslloyd2009-01-311-6/+3
| | | | | | | | | | | | | | | | | | | | | | Make the fast poll significantly more pessimistic/realistic about how many bits of randomness we're getting from getrusage and stat. Don't cut out from execing programs if the desired poll bits is under 128. Simply poll until either the accumulator says we're done or we run out of sources. Assumption is that the poll won't be run at all unless it is ncessary (es_unix comes late in the list of sources to use since it is pretty slow).
| * Recast to byte pointer in Entropy_Accumulator before passing to add_byteslloyd2009-01-311-4/+4
| |
| * propagate from branch 'net.randombit.botan' (head ↵lloyd2009-01-3132-848/+674
| |\ | | | | | | | | | | | | | | | 4518ef63a5e28e22a61d21a6066d0d4a5cf0616e) to branch 'net.randombit.botan.entropy-poll-redesign' (head c8e07f10a193b25bab726af99ea2ea77a0f30eaf)
| | * Remove the notion of counting entropy bits in HMAC_RNG or Randpool.lloyd2009-01-314-35/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | Instead simply consider the PRNG seeded if a poll kicked off from reseed met its goal, or if the user adds data. Doing anything else prevents creating (for instance) a PRNG seeded with 64 bits of entropy, which is unsafe for some purposes (key generation) but quite possibly safe enough for others (generating salts and such).