aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Update roadmap [ci skip]Jack Lloyd2018-12-182-56/+30
|
* Test how long it takes to precompute base point multiplesJack Lloyd2018-12-162-1/+21
|
* Merge GH #1789 Improvements to const time lookupsJack Lloyd2018-12-143-22/+26
|\
| * In PointGFp addition, prevent all_zeros from being shortcircuitedJack Lloyd2018-12-141-4/+7
| | | | | | | | | | | | This doesn't matter much but it causes confusing valgrind output when const-time checking since it distinguishes between the two possible conditional returns.
| * Unroll const_time_lookup by 2Jack Lloyd2018-12-141-6/+10
| | | | | | | | | | We know the lookup table is some power of 2, unrolling a bit allows more IPC
| * Simplify the const time lookup in ECC scalar mulJack Lloyd2018-12-141-12/+9
|/ | | | | Code is easier to understand and it may let the CPU interleave the loads and logical ops better. Slightly faster on my machine.
* Update newsJack Lloyd2018-12-141-1/+1
|
* Merge GH #1788 Use 3-bit comb for ECC base point multipliesJack Lloyd2018-12-142-19/+36
|\
| * Use a 3-bit comb for ECC base point multiplyJack Lloyd2018-12-132-19/+36
|/ | | | Improves ECDSA signing by 15%
* Another todo [ci skip]Jack Lloyd2018-12-131-0/+1
|
* More todos [ci skip]Jack Lloyd2018-12-121-0/+2
|
* Make this comment more clear [ci skip]Jack Lloyd2018-12-121-1/+2
|
* Some cleanups in x25519Jack Lloyd2018-12-101-53/+43
|
* More todosJack Lloyd2018-12-101-1/+2
|
* Fix more MSVC warningsJack Lloyd2018-12-104-8/+9
|
* More todos [ci skip]Jack Lloyd2018-12-101-0/+6
|
* Merge GH #1769 Support TLS signature padding strings in PKCS11 mappingJack Lloyd2018-12-101-0/+10
|\
| * Remove EMSA1 encodings from p11 sign mechanisms mapHannes Rantzsch2018-12-101-5/+0
| |
| * Extend the SignMechanisms map for Signature_Scheme padding stringsHannes Rantzsch2018-12-041-0/+15
| | | | | | | | | | | | This addresses #730. The tls_sign_message callback was unable to handle emsa strings produced as padding strings for TLS::Signature_Scheme, due to inconsistent naming (mostly between EMSA3 and EMSA_PKCS1).
* | Fix some MSVC warningsJack Lloyd2018-12-1012-26/+35
| |
* | Update newsJack Lloyd2018-12-101-1/+3
| |
* | Merge GH #1784 Add ECDSA pubkey recoveryJack Lloyd2018-12-106-3/+236
|\ \
| * | Work around a problem when built with OpenSSLJack Lloyd2018-12-103-7/+10
| | | | | | | | | | | | | | | | | | | | | It appears OpenSSL has a different interpretation from us of how the message representative is formed for P-521 when given a hash to sign that is larger than the group order; signatures generated by us do not verify with OpenSSL and vice versa.
| * | Support recovering ECDSA public key from message/signature pairJack Lloyd2018-12-106-2/+232
|/ / | | | | | | | | | | See http://www.secg.org/sec1-v2.pdf section 4.1.6 Closes #664
* | Fix pylint3 warning [ci skip]Jack Lloyd2018-12-101-1/+1
| |
* | More todosJack Lloyd2018-12-091-0/+2
| |
* | Update newsJack Lloyd2018-12-091-0/+2
| |
* | Merge GH #1783 Add base58 encoding/decodingJack Lloyd2018-12-097-1/+454
|\ \
| * | Make ASan happyJack Lloyd2018-12-091-1/+1
| | |
| * | Add base58 encoding/decodingJack Lloyd2018-12-097-1/+454
|/ /
* | Todos [ci skip]Jack Lloyd2018-12-091-2/+2
| |
* | Merge GH #1782 Add an i386 build/test to CIJack Lloyd2018-12-093-4/+14
|\ \
| * | Add an i386 CI target to check on 32-bit asmJack Lloyd2018-12-093-4/+14
| | |
* | | Remove Chi-square test on random_integerJack Lloyd2018-12-091-46/+0
|/ / | | | | | | | | I'm not sure this test is that useful, which is not itself a big problem, but it is also flaky and occasionally fails, which is no good.
* | Update newsJack Lloyd2018-12-091-1/+1
| |
* | Merge GH #1780 Use constant time algorithm for monty_inverseJack Lloyd2018-12-092-39/+23
|\ \
| * | Use a const time algorithm for monty_inverseJack Lloyd2018-12-092-39/+23
| | | | | | | | | | | | | | | Previous EEA leaked information about the low word of the prime, which is a problem for RSA.
* | | Fix typoJack Lloyd2018-12-091-1/+1
| | |
* | | Merge GH #1779 Avoid variable time division during Montgomery setupJack Lloyd2018-12-095-14/+25
|\ \ \ | |/ / |/| |
| * | Avoid doing a variable time division during Montgomery setupJack Lloyd2018-12-095-14/+25
|/ / | | | | | | | | | | Instead require the inputs be reduced already. For RSA-CRT use Barrett which is const time already. For SRP6 inputs were not reduced, use the Barrett hook available in DL_Group.
* | Move Miller-Rabin t param inside the blockJack Lloyd2018-12-091-2/+2
| | | | | | | | This var is not used if we use Baile-PSW instead
* | Merge GH #1778 Enable explicit_bzero/explicit_memset for BSDsJack Lloyd2018-12-094-2/+8
|\ \
| * | Few features added for BSD.David Carlier2018-12-094-2/+8
|/ / | | | | | | | | explicit_bzero/explicit_memset since quite a time. getentropy exists for FreeBSD, but only from 12.x.
* | Update newsJack Lloyd2018-12-081-1/+2
| |
* | Merge GH #1777 Optimization for NIST reductionsJack Lloyd2018-12-081-25/+33
|\ \
| * | Avoid repeated size checks when setting words in NIST reductionJack Lloyd2018-12-081-25/+33
|/ / | | | | | | This is a tiny thing but it saves over 100K cycles for P-384 ECDSA
* | Merge GH #1776 Clean ups in MDx_HashFunctionJack Lloyd2018-12-082-33/+49
|\ \
| * | Require MDx_HashFunction block size to be a power of 2Jack Lloyd2018-12-082-14/+25
| | | | | | | | | | | | | | | | | | Allows replacing div/mod by a variable with a shift/mask. Allows storing just the bit count, which saves a few bytes.
| * | Cleanups in MDx_HashFunctionJack Lloyd2018-12-082-32/+37
| | |
* | | Merge GH #1775 Clean up Streebog and fix unaligned loadsJack Lloyd2018-12-082-94/+114
|\ \ \
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 13:36:30 +0000