aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Change how install_name is set on OS X. Not tested, taken from patchlloyd2010-06-111-1/+1
| | | | used by MacPorts; I assume they know what they are doing.
* Oops. On a private key, call PKCS8::encode so the full key is exportedlloyd2010-06-111-1/+1
|
* Add to_ber to the RSA objects so you can get the raw BER encoding.lloyd2010-06-111-0/+20
| | | | Requested by Thomas Capricelli.
* Fix problem that prevented AES-NI code from getting loaded in at leastlloyd2010-06-111-1/+3
| | | | | | | some cases. Add a westmere alias for "Core i5 CPU M 520", which is what uname (and thus, platform.processor()) returns on my laptop. Mostly for my benefit of course.
* Include generic mp_asmi.h for MSVClloyd2010-06-113-1/+3
| | | | | | | Don't use /EHc; it says "C" functions are nothrow, which is not true for bigint_sub2_rev. Include needed <intrin.h> for mp_asm.h
* Have to add it as explicit dep in bigintlloyd2010-06-111-1/+1
|
* Add (untested) support for VC++'s _umul128 intrinsic, which apparentlylloyd2010-06-112-0/+76
| | | | works on both x86-64 and ia64. Will allow using 64-bit limbs on Windows.
* For 64-bit InnoSetuplloyd2010-06-101-1/+5
|
* Add a simple Windows install targetlloyd2010-06-101-5/+3
|
* Fix comparison to use IVs with a hypothetical negotiated TLS that useslloyd2010-06-092-2/+2
| | | | a larger major version #.
* merge of '0ab1e77862bca53dec5ac1f2f9dbe994378e91f7'lloyd2010-06-081-2/+4
|\ | | | | | | and 'b9e4e0dcc98d3266c2d7e4fd631038babdfd933b'
| * In BigInt::bits, cache sig_words() result instead of calling twicelloyd2010-06-071-2/+4
| |
* | Exclude Python/Perl wrappers from Doxygen outputlloyd2010-06-071-1/+1
| |
* | Make Filter::new_msg and finish_msg private; only used by Pipe, which is a ↵lloyd2010-06-071-12/+13
| | | | | | | | friend
* | Add Doxygen header comments for XTS modeslloyd2010-06-071-4/+4
| |
* | Fix buildlloyd2010-06-071-0/+1
| |
* | Use "/*" instead of "/**" in starting comments at the begining of a file.lloyd2010-06-0785-97/+96
|/ | | | | This caused Doxygen to think this was markup meant for it, which really caused some clutter in the namespace page.
* Show inherited members; makes Doxygen output much more sensiblelloyd2010-06-021-1/+1
|
* Add constructor and destructor for pipe_wrapper to handle init and closelloyd2010-06-021-5/+5
|
* Put PKCS hash ids in anon namespacelloyd2010-06-021-21/+22
|
* OpenBSD doesn't have MSG_NOSIGNAL; you need to set up a signal handlerlloyd2010-06-011-1/+0
| | | | | | | | to catch SIGPIPE instead. Simply avoid building the unix_socket module there. Yet another reason to move to a fully async/event-based interface that doesn't interact with sockets directly.
* If you didn't specify a qbits for the DSA kosherizer, then it wouldlloyd2010-05-281-19/+20
| | | | | | choose 256 bits unless the pbits was exactly 1024. That would mean you for pbits = 512/768, the FIPS 186-3 size check would fail and it wouldn't work. Pointed out by Rickard Bellgrim.
* Hid --enable-isa and instead expose --enable-{sse2,ssse3,aes-ni,altivec}lloyd2010-05-261-1/+1
| | | | | | | | | | | | in the help. Unfortunately we can't just remove --enable-isa, because for the callback to work the target list has to already exist, and it only does by virtue of the default=[] param to the enable-isa setup. We could just use append_const, except then we can't run on Python 2.4, and the latest release of RHEL only has 2.4 :( Rename aes_ni to aes-ni in configuration-speak
* Remove FORK-256; it's obscure and has been definitively broken.lloyd2010-05-254-198/+0
| | | | | More commentary posted to the list: http://lists.randombit.net/pipermail/botan-devel/2010-May/001123.html
* Change BlockCipher::parallelism() to return the native parallelism oflloyd2010-05-2511-27/+31
| | | | | | | | | | | | | | | | | | | | the implementation rather than the preferred one. Update all implementations. Add a new function parallel_bytes() which returns parallelism() * BLOCK_SIZE * BUILD_TIME_CONSTANT This is because i noticed all current calls of parallelism() just multiplied the result by the block size already, so this simplified that code. The build time constant is set to 4, which was the previous default return value of parallelism(). However the SIMD versions returned 2*native paralellism rather than 4*, so this increases the buffer sizes used for those algorithms. The constant multiple lives in buildh.in and build.h, and is named BOTAN_BLOCK_CIPHER_PAR_MULT.
* Add a couple of small patches from Thomas Capricelli <[email protected]>lloyd2010-05-212-14/+26
| | | | that enable botan to be built under the clang C++ compiler.
* merge of '540ae85af1cc9245c325ef716fcc5c5b334251d0'lloyd2010-05-1920-83/+45
|\ | | | | | | and 'ce3d40d9f2e90346189ca6dfed2a1f38804d5c10'
| * Add a build.h macro BOTAN_GCC_VERSION which is set to major*100+minor*10+patchlloyd2010-05-132-2/+10
| | | | | | | | | | | | | | | | if we are compiling under GCC, or 0 otherwise. Use it in cpuid.cpp for use of GCC's cpuid.h header file. If we don't have a method of calling cpuid, print a warning.
| * Remove the old (unused) <supports_shared> config block. It specifiedlloyd2010-05-1317-69/+7
| | | | | | | | | | | | | | which architectures the OS supported shared libs on; in all cases it was either all or none. Replace with new config build_shared [yes|no], which defaults to yes but is set to no for MinGW and Cygwin since shared libs don't seem to be working well there.
| * Partially protect OAEP decoding against a timing attack. Possibilitylloyd2010-05-121-12/+28
| | | | | | | | | | | | | | | | of this pointed out by Falko Strenzke. The timing differences between different error conditions could lead to attacks even with the same error message. Instead use a (mostly) straightline implementation. However scanning for the delim byte is still timing/input dependenant, so this is not a 100% fix.
* | Use memcpy to copy gethostbyname's result to the socket info structlloyd2010-05-101-0/+5
|/ | | | | instead of doing cast+assign - GCC on SPARC rejects because the required alignment increases.
* Avoid trying to use GCC's cpuid.h in versions where it doesn't existlloyd2010-05-061-1/+3
| | | | | (before 4.3). Probably will need to write asm blocks for those older versions.
* Modify the implementation of multiplication mod 65537 used in IDEA tolloyd2010-04-301-10/+13
| | | | | | | | | | be branch-free. This reduces performance noticably on my Core2 (from 32 MiB/s to a bit over 27 MiB), but so it goes. The IDEA implementation using SSE2 is already branch-free here, and runs at about 135 MiB/s on my machine. Also add more IDEA tests, generated by OpenSSL
* HMAC_RNG handling changes - split up reseed() and add_entropy()lloyd2010-04-272-35/+31
| | | | | | | | entirely. add_entropy() just adds the input into the extractor; if more than 1024 bytes of input have been added by the user since the last reseed, then force a reseed. Until that point, the data simply remains accumulating in the extractor, which is fast and helps ensure a large block of data is input when we finally do reseed.
* Remove add_entropy_vec. Much cleaner way of doing this: add the entirelloyd2010-04-273-7/+4
| | | | contents of all SSL/TLS handshake messages into the PRNG input.
* mutex.h is internal - had been picking up system installed versionlloyd2010-04-231-1/+1
|
* Add the other parties Random value to the local PRNG statelloyd2010-04-232-0/+4
|
* Return SecureVector vals by const reflloyd2010-04-231-4/+4
|
* Add add_entropy_vec which calls add_entropy on the passed vector. Haslloyd2010-04-231-0/+3
| | | | | to be named differently from add_entropy to deal with odd C++ overloading/virtual rules.
* Check to make sure the user didn't provide two of the same has forlloyd2010-04-231-0/+3
| | | | | | Comb4P. If you do this, the first N bytes are all zero, which could expose some problems, especially if the caller truncates or is relying on Comb4P acting like a random function.
* Remove some C-style castslloyd2010-04-234-6/+6
|
* Comb4P: hashes must be the same lengthlloyd2010-04-221-2/+0
|
* Fix EMSA_Raw in the case where the original input had leading 0 bytes.lloyd2010-04-211-1/+19
|
* Extension codes for ECC negotiationlloyd2010-04-211-0/+3
|
* If we couldn't agree on a suite, fail immediatelylloyd2010-04-201-0/+5
|
* Expose public_value() in ECDH public keylloyd2010-04-201-3/+10
|
* Compile fixlloyd2010-04-201-1/+1
|
* Expose function breaking down ciphersuite to algo valueslloyd2010-04-192-3/+5
|
* In the string constructor of EC_Domain_Params, check if the PEM decodinglloyd2010-04-192-6/+16
| | | | failed. If so, assume the input string was an OID and try that.
* Add codes for SHA-1 based ECC suites (RFC 4492).lloyd2010-04-192-25/+81
|