aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge GH #1610 Make exponentiation loop independent of exponent sizeJack Lloyd2018-06-1711-51/+119
|\
| * Avoid leaking size of exponentJack Lloyd2018-06-1711-51/+119
|/ | | | See #1606 for discussion
* Merge GH #1609 Avoid small side channel in ECC field mulJack Lloyd2018-06-151-22/+15
|\
| * In ECC avoid using significant words to dispatch the mult algoJack Lloyd2018-06-151-22/+15
| | | | | | | | | | | | Normally all elements will be exact number of limbs as the field. Any situation with short elements is rare and not worth optimizing for, and likely leads to some unfortunate side channel.
* | Merge GH #1608 Fix TLS when x25519 is disabledJack Lloyd2018-06-156-8/+18
|\ \
| * | TLS would try to negotiate x25519 even if disabledJack Lloyd2018-06-156-8/+18
| |/ | | | | | | | | | | | | | | Also reorder ECC groups to actually match performance characteristics. I'm not sure when P-384 was slower than P-521 but it certainly isn't anymore. Fixes #1607
* / Use Botan specific CVE for ECDSA side channel [ci skip]Jack Lloyd2018-06-152-4/+3
|/
* Update newsJack Lloyd2018-06-151-0/+2
|
* Merge GH #1606 Make Montgomery exponentation const timeJack Lloyd2018-06-157-60/+124
|\
| * Document leak of exponent sizeJack Lloyd2018-06-141-2/+4
| |
| * Add combined conditional add-or-subtractJack Lloyd2018-06-143-5/+41
| |
| * Remove CT annotations from Montgomery reductionJack Lloyd2018-06-141-8/+0
| | | | | | | | | | The poisons don't stack so the unpoison hid conditional jumps we want to find.
| * In Montgomery mul, avoid branching based on sig words of integersJack Lloyd2018-06-141-13/+21
| | | | | | | | Instead just assume they are the same size as the prime
| * Make Karatsuba multiply completely const timeJack Lloyd2018-06-145-36/+62
|/
* Fix CLI testJack Lloyd2018-06-141-0/+1
|
* Avoid overallocation of memory for EC base point multiplesJack Lloyd2018-06-141-1/+1
| | | | | | | The size is rounded up to next 8 words so there was substantial slack here. No noticable perf difference.
* Merge GH #1605 Add 192-bit Suite B TLS policyJack Lloyd2018-06-147-8/+74
|\
| * Add 192-bit Suite B policyJack Lloyd2018-06-147-8/+74
| | | | | | | | Since 128-bit policy is actually not even allowed since 2015.
* | Output order with ec_group_infoJack Lloyd2018-06-141-0/+1
| |
* | Update news [ci skip]Jack Lloyd2018-06-141-0/+4
|/
* Merge GH #1604 Resolve ECDSA/DSA side channelJack Lloyd2018-06-135-17/+88
|\
| * Address DSA/ECDSA side channelJack Lloyd2018-06-135-17/+88
|/
* Merge GH #1603 Unroll Montgomery reduction for specific sizesJack Lloyd2018-06-117-26/+2784
|\
| * Unroll bigint_monty_redc for various sizesJack Lloyd2018-06-117-26/+2784
| | | | | | | | Speedup of 10 to 30% depending on algo
* | Merge GH #1602 Support GCC --sysroot option for embedded cross compilesJack Lloyd2018-06-115-1/+20
|\ \ | |/ |/|
| * Corrected error messageHegedüs Márton Csaba2018-06-111-1/+1
| |
| * Required changes according to the code reviewHegedüs Márton Csaba2018-06-114-5/+16
| |
| * Updated news.rstHegedüs Márton Csaba2018-06-081-0/+2
| |
| * Add support for GCC's --sysroot option to configure.pyHegedüs Márton Csaba2018-06-082-2/+8
|/
* Merge GH #1601 Fix typos in configure script [ci skip]Jack Lloyd2018-06-081-2/+2
|\
| * Fix some typos in configure.pyFelix Yan2018-06-091-2/+2
|/
* Add missing statementJack Lloyd2018-06-081-0/+1
|
* Merge GH #1600 Optimizations in BER decodingJack Lloyd2018-06-089-102/+252
|\
| * Attempt at MSVC 2013 workaroundJack Lloyd2018-06-081-2/+4
| |
| * Expose BER_Decoder constructor taking BER_Object&&Jack Lloyd2018-06-082-4/+10
| |
| * Reduce copying/allocations when BER decodingJack Lloyd2018-06-082-81/+194
| | | | | | | | | | | | | | We are constrained in how far we can go because BER_Object must mandatorily copy its value (due to the public member variable exposting the bytes). But this reduces the number of allocations when parsing a sample X.509 certificate by about 15%
| * Allow passing a writer function callback to DER_EncoderJack Lloyd2018-06-082-10/+18
| |
| * Declare copy and move constructors on BER_ObjectJack Lloyd2018-06-081-0/+8
| |
| * Constify some local variablesJack Lloyd2018-06-081-2/+2
| |
| * Improve error reporting on unexpected EOF when decoding ASNJack Lloyd2018-06-082-5/+18
|/
* Doc tweaks [ci skip]Jack Lloyd2018-06-083-21/+6
|
* Add "info" and "codec" groups for cli commands [ci skip]Jack Lloyd2018-06-072-10/+12
|
* Merge GH #1599 Fix bug in Barrett reduction of negative numbersJack Lloyd2018-06-054-30/+45
|\
| * Fix a bug in Barrett reductionJack Lloyd2018-06-054-30/+45
|/ | | | | | -x*n % n would reduce to n instead of zero. Also some small optimizations and cleanups.
* Merge GH #1598 Avoid using -j flag when Sphinx does not support itJack Lloyd2018-06-051-2/+19
|\
| * Conditionally use concurrency with sphinx-build.Daniel Wyatt2018-06-041-2/+19
|/
* Correct exception message [ci skip]Jack Lloyd2018-06-041-1/+1
| | | | The previous message was both incorrect and very misleading.
* Remove stray header in vector file [ci skip]Jack Lloyd2018-06-011-2/+0
|
* Merge GH #1594 Add EdDSA/X25519 Wycheproof testsJack Lloyd2018-05-315-1/+831
|\
| * Add EdDSA and X25519 tests from WycheproofJack Lloyd2018-05-315-1/+831
| |
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 18:07:22 +0000