aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix a bug in bigint_sub_absJack Lloyd2018-12-022-0/+10
| | | | | | | If one of the values had leading zero words, this could end up calling bigint_sub with x_size < y_size. OSS-Fuzz 11664 and 11656
* One variable per lineJack Lloyd2018-12-021-1/+2
|
* Better debugging output when a test failsJack Lloyd2018-12-021-7/+15
| | | | Printing the output key makes it easier to find the offending test.
* Update newsJack Lloyd2018-12-012-0/+26
|
* Merge GH #1755 Various BigInt improvementsJack Lloyd2018-12-0113-108/+178
|\
| * Correct a bug in BigInt::operator%(word)Jack Lloyd2018-12-014-23/+43
| | | | | | | | | | | | If reducing a negative number modulo a power of 2, an incorrect result would be returned. This only affected the versions taking a single word as the modulo.
| * No need to check x when checking if a point is at infinityJack Lloyd2018-12-011-2/+1
| | | | | | | | I'm not sure why this was here.
| * Unroll mod_sub for 6 words also, helps P-384 quite a bitJack Lloyd2018-12-011-0/+2
| |
| * Avoid conditional operations in P-521 reductionJack Lloyd2018-12-011-30/+31
| |
| * Add BigInt::mod_mulJack Lloyd2018-12-019-56/+104
|/
* Merge GH #1754 Simplify BigInt add/subtractJack Lloyd2018-12-016-187/+175
|\
| * Simplify BigInt addition and subtractionJack Lloyd2018-11-306-187/+175
|/ | | | | Addition already has to handle negative numbers so make it do double duty for subtraction.
* Fix a bug in OneAndZeros unpaddingJack Lloyd2018-11-304-24/+54
| | | | | | | Introduced in b13c0cc8590199d, it could only trigger if the block size was more than 256 bytes. In that case an invalid padding could be accepted. OSS-Fuzz 11608 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11608)
* Fix debug asserts, and add it to CIJack Lloyd2018-11-292-2/+4
|
* Merge GH #1751 Add CT::Mask<T>Jack Lloyd2018-11-2920-317/+519
|\
| * Add CT::Mask typeJack Lloyd2018-11-2820-317/+519
|/
* Fix typo [ci skip]Jack Lloyd2018-11-271-1/+1
|
* Merge GH #1750 Improve BigInt const time behaviorJack Lloyd2018-11-278-157/+349
|\
| * Need to ensure minimum size hereJack Lloyd2018-11-271-0/+1
| | | | | | | | Previously handled by the early exit
| * Optimizations for NIST reductionJack Lloyd2018-11-261-22/+20
| | | | | | | | Also avoid an early exit in P-521
| * Make more BigInt functions const-timeJack Lloyd2018-11-267-135/+328
|/ | | | In particular comparisons, calc sig words, and mod_sub are const time now.
* Deprecate SRP suites [ci skip]Jack Lloyd2018-11-261-0/+4
| | | | | This is kind of implicit by the deprecation of CBC ciphersuites but should be called out more clearly.
* Merge GH #1744 Make exception throws easier to debugJack Lloyd2018-11-2381-359/+655
|\
| * Make exceptions easier to translate to error codesJack Lloyd2018-11-2381-359/+655
| | | | | | | | | | | | | | | | | | | | | | Avoid throwing base Botan::Exception type, as it is difficult to determine what the error is in that case. Add Exception::error_code and Exception::error_type which allows (for error code) more information about the error and (for error type) allows knowing the error type without requiring a sequence of catches. See GH #1742
* | Implement const time select based on xor-swapJack Lloyd2018-11-231-1/+2
| | | | | | | | | | For some compilers this may make the difference between compiling using bitmasks as intendeded, and compiling with a conditional jump.
* | In operator>> avoid testing for zero unless requiredJack Lloyd2018-11-231-1/+1
|/
* Simplify Salsa20 xor loopJack Lloyd2018-11-211-4/+7
|
* Build docs last in makefile targetJack Lloyd2018-11-211-1/+1
| | | | Closes #1746
* Fix type errorJack Lloyd2018-11-211-1/+1
| | | | Closes #1747
* Slight simplification to ChaCha loopJack Lloyd2018-11-211-7/+13
|
* When available use RDRAND for Stateful_RNG additional dataJack Lloyd2018-11-211-4/+19
|
* Use builtin_bswap16 when availableJack Lloyd2018-11-201-0/+4
|
* Merge GH #1743 Avoid memset/memcpy in library codeJack Lloyd2018-11-1920-58/+84
|\
| * Add typecast_copyJack Lloyd2018-11-173-30/+48
| | | | | | | | | | Wraps memcpy in the cases where we really are doing a type conversion using memcpy
| * Avoid calling memset, memcpy within library codeJack Lloyd2018-11-1717-27/+36
| | | | | | | | | | | | | | | | | | Prefer using wrappers in mem_utils for this. Current exception is where memcpy is being used to convert between two different types, since copy_mem requires input and output pointers have the same type. There should be a new function to handle conversion-via-memcpy operation.
| * Remove needless memset operationJack Lloyd2018-11-171-1/+0
| |
* | Avoid a crank from Sonar [ci skip]Jack Lloyd2018-11-171-1/+1
|/
* Disable Sonar buildJack Lloyd2018-11-171-5/+5
| | | | | | | | | | | | It is suddenly 5x slower for an unknown reason https://community.sonarsource.com/t/sonar-analysis-step-suddenly-much-5x-slower-on-travis-ci/4364 Now it either times out or else completely dominates the runtime for Travis, either is not acceptable. Leave the framework for using Sonar in CI for now so it is easy to test if things have improved later. If things are still broken in a month or two I'll probably just drop support for Sonar.
* Fix Sonar warningJack Lloyd2018-11-171-1/+1
|
* Attempt to fix Sonar build problemJack Lloyd2018-11-172-1/+8
| | | | | | The build is timing out. Use -Os instead of -O3 in an attempt to speed up the build step, and enable multithreaded analysis as that step is also quite slow.
* Use vzeroupper/vzeroall to transition between AVX and SSE states.Jack Lloyd2018-11-104-0/+32
| | | | | | | | Otherwise some CPUs suffer serious stalls. Using vzeroall on exit also has the nice effect that we don't have to worry about register contents leaking. HT to @noloader for doing the background research on this.
* Avoid an implausible integer overflow flagged by Coverity [ci skip]Jack Lloyd2018-11-101-1/+6
|
* Merge GH #1738 Avoid conditional branches during NIST reductionsJack Lloyd2018-11-102-59/+58
|\
| * Avoid branching in the NIST prime reduction codeJack Lloyd2018-11-092-59/+58
|/ | | | | This is still vulnerable to a cache-based side channel since the multiple chosen leaks the final carry.
* Merge GH #1737 Inline mp_coreJack Lloyd2018-11-094-604/+439
|\
| * Use resize instead of shrink_to_fitJack Lloyd2018-11-092-3/+10
| | | | | | | | Avoid recalculating significant words which slows down reduction
| * Inline the contents of mp_core.cppJack Lloyd2018-11-092-601/+429
| |
* | Bump ABI versionJack Lloyd2018-11-091-1/+1
| | | | | | | | BigInt has changed size
* | Cleanups in Poly1305Jack Lloyd2018-11-091-23/+23
| |
* | Document the problem of old binutilsJack Lloyd2018-11-091-0/+14
| | | | | | | | See GH #1721 and #1718
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 03:25:11 +0000