aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* merge of '540ae85af1cc9245c325ef716fcc5c5b334251d0'lloyd2010-05-1920-83/+45
|\ | | | | | | and 'ce3d40d9f2e90346189ca6dfed2a1f38804d5c10'
| * Add a build.h macro BOTAN_GCC_VERSION which is set to major*100+minor*10+patchlloyd2010-05-132-2/+10
| | | | | | | | | | | | | | | | if we are compiling under GCC, or 0 otherwise. Use it in cpuid.cpp for use of GCC's cpuid.h header file. If we don't have a method of calling cpuid, print a warning.
| * Remove the old (unused) <supports_shared> config block. It specifiedlloyd2010-05-1317-69/+7
| | | | | | | | | | | | | | which architectures the OS supported shared libs on; in all cases it was either all or none. Replace with new config build_shared [yes|no], which defaults to yes but is set to no for MinGW and Cygwin since shared libs don't seem to be working well there.
| * Partially protect OAEP decoding against a timing attack. Possibilitylloyd2010-05-121-12/+28
| | | | | | | | | | | | | | | | of this pointed out by Falko Strenzke. The timing differences between different error conditions could lead to attacks even with the same error message. Instead use a (mostly) straightline implementation. However scanning for the delim byte is still timing/input dependenant, so this is not a 100% fix.
* | Use memcpy to copy gethostbyname's result to the socket info structlloyd2010-05-101-0/+5
|/ | | | | instead of doing cast+assign - GCC on SPARC rejects because the required alignment increases.
* Avoid trying to use GCC's cpuid.h in versions where it doesn't existlloyd2010-05-061-1/+3
| | | | | (before 4.3). Probably will need to write asm blocks for those older versions.
* Modify the implementation of multiplication mod 65537 used in IDEA tolloyd2010-04-301-10/+13
| | | | | | | | | | be branch-free. This reduces performance noticably on my Core2 (from 32 MiB/s to a bit over 27 MiB), but so it goes. The IDEA implementation using SSE2 is already branch-free here, and runs at about 135 MiB/s on my machine. Also add more IDEA tests, generated by OpenSSL
* HMAC_RNG handling changes - split up reseed() and add_entropy()lloyd2010-04-272-35/+31
| | | | | | | | entirely. add_entropy() just adds the input into the extractor; if more than 1024 bytes of input have been added by the user since the last reseed, then force a reseed. Until that point, the data simply remains accumulating in the extractor, which is fast and helps ensure a large block of data is input when we finally do reseed.
* Remove add_entropy_vec. Much cleaner way of doing this: add the entirelloyd2010-04-273-7/+4
| | | | contents of all SSL/TLS handshake messages into the PRNG input.
* mutex.h is internal - had been picking up system installed versionlloyd2010-04-231-1/+1
|
* Add the other parties Random value to the local PRNG statelloyd2010-04-232-0/+4
|
* Return SecureVector vals by const reflloyd2010-04-231-4/+4
|
* Add add_entropy_vec which calls add_entropy on the passed vector. Haslloyd2010-04-231-0/+3
| | | | | to be named differently from add_entropy to deal with odd C++ overloading/virtual rules.
* Check to make sure the user didn't provide two of the same has forlloyd2010-04-231-0/+3
| | | | | | Comb4P. If you do this, the first N bytes are all zero, which could expose some problems, especially if the caller truncates or is relying on Comb4P acting like a random function.
* Remove some C-style castslloyd2010-04-234-6/+6
|
* Comb4P: hashes must be the same lengthlloyd2010-04-221-2/+0
|
* Fix EMSA_Raw in the case where the original input had leading 0 bytes.lloyd2010-04-211-1/+19
|
* Extension codes for ECC negotiationlloyd2010-04-211-0/+3
|
* If we couldn't agree on a suite, fail immediatelylloyd2010-04-201-0/+5
|
* Expose public_value() in ECDH public keylloyd2010-04-201-3/+10
|
* Compile fixlloyd2010-04-201-1/+1
|
* Expose function breaking down ciphersuite to algo valueslloyd2010-04-192-3/+5
|
* In the string constructor of EC_Domain_Params, check if the PEM decodinglloyd2010-04-192-6/+16
| | | | failed. If so, assume the input string was an OID and try that.
* Add codes for SHA-1 based ECC suites (RFC 4492).lloyd2010-04-192-25/+81
|
* Add support for SEED ciphersuites. Tested against OpenSSL 0.9.8nlloyd2010-04-173-0/+24
|
* Add support for reading SSLv2 client helloslloyd2010-04-175-8/+86
|
* Clean up ciphersuite handlinglloyd2010-04-177-91/+273
|
* Add support for TLS 1.2 PRFlloyd2010-04-172-22/+63
|
* Add Comb4P hash combiner, as described in Anja Lehmann's thesis.lloyd2010-04-174-0/+167
|
* If the CBC padding is incorrect, then assume the pad size is zero andlloyd2010-04-091-4/+10
| | | | | | | | carry on with the procedure. This prevents a timing attack where an attacker could distinguish bad padding vs MAC failure. This timing channel used in the paper "Password Interception in a SSL/TLS Channel" by Vaudenay et. al. to attack SSL in certain fairly realistic use scenarios.
* Present requested hostname (SNI extn) to TLS_Server userlloyd2010-03-302-0/+6
|
* Remove bad filenamelloyd2010-03-301-1/+0
|
* Instead of just discarding the extension size, confirm that thelloyd2010-03-301-1/+4
| | | | | claimed length matches the length of the data left in the client hello packet.
* Support TLS Extensions, specifically SNIlloyd2010-03-301-35/+29
|
* Constify assert_at_least. Add some helperslloyd2010-03-301-1/+17
|
* Add some magic numbers for TLS extension codeslloyd2010-03-301-0/+11
|
* Add a class that knows how to decode a (very small subset of) TLS datalloyd2010-03-306-61/+249
| | | | | | formatting. Particularly useful in the ClientHello, but generally helps centralize the offset handling, which was particularly unreadable in the hello messages.
* Don't fail simply because the client sent a version code that we don'tlloyd2010-03-301-6/+0
| | | | | | | | know about; just continue and the server will choose either whatever the client supports, if it knows about it, or else the latest version it supports. So for instance if a client attempts to negotiate TLS 1.2, we'll not know about that version and return a ServerHello for 1.1 instead.
* Fix server handshake.lloyd2010-03-302-15/+14
| | | | Support TLS 1.1 servers
* Fix DSA TLS serverslloyd2010-03-301-1/+1
|
* Add support for TLS v1.1's per-record random IV. Tested against GnuTLS server.lloyd2010-03-307-12/+46
|
* Rename pad_amount to block_size, more accurate/descriptivelloyd2010-03-303-12/+20
|
* Also remove compression bits from record writerlloyd2010-03-251-14/+4
|
* Remove single byte versions of read and write - caused problems with overloadslloyd2010-03-251-3/+0
| | | | for bind/function
* Remove the bits for supporting compression - it was never actuallylloyd2010-03-252-19/+4
| | | | | supported, and compression can come later on when the overall architecture is more solid/stable.
* Use size_t for lengths in Socket interfacelloyd2010-03-253-9/+9
|
* Allow adding engines dynamicallylloyd2010-03-243-17/+20
|
* Remove printfslloyd2010-03-231-17/+0
|
* Make Record_Reader event driven. Callers (eg TLS_Client andlloyd2010-03-236-45/+132
| | | | | TLS_Server) are not; they instead loop blocking on the socket. Will move the event-driven behavior upwards as I go.
* Delete global RNG and the mutex in ~Library_Statelloyd2010-03-231-3/+5
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-19 03:05:33 +0000