aboutsummaryrefslogtreecommitdiffstats
Commit message (Expand)AuthorAgeFilesLines
...
* Put warning about 64-bit ciphers in a warning blockJack Lloyd2018-06-281-5/+7
* Correct computing of discriminant in EC_Group::verify_groupJack Lloyd2018-06-272-16/+36
* Prohibit empty nonces with GCMJack Lloyd2018-06-273-5/+13
* Add todo [ci skip]Jack Lloyd2018-06-271-0/+1
* Avoid useless multiplication in Montgomery exponentiationJack Lloyd2018-06-263-22/+39
* Add a warning about win32 stats making antivirus unhappy [ci skip]Jack Lloyd2018-06-251-0/+4
* Fix error in 1024-bit polynomial doubleJack Lloyd2018-06-252-2/+7
* Merge GH #1616 Use ASCII versions of Win32 filesystem callsJack Lloyd2018-06-251-3/+3
|\
| * Use ASCII specific function calls for Windows API callsJack Lloyd2018-06-251-3/+3
|/
* Test all multiplication variants in ECC scalar mult testJack Lloyd2018-06-251-4/+15
* Document preconditions of BigInt::mod_add/mod_subJack Lloyd2018-06-231-0/+2
* Minor optimization for Montgomery exponentiationJack Lloyd2018-06-233-17/+26
* Fix typo [ci skip]Jack Lloyd2018-06-221-1/+1
* Some fiddling with RSA private operationJack Lloyd2018-06-221-18/+29
* Improve documentation of the AES T-table situation [ci skip]Jack Lloyd2018-06-221-8/+26
* Document what we do in GCM a bit better [ci skip]Jack Lloyd2018-06-211-2/+5
* Remove outdated comment [ci skip]Jack Lloyd2018-06-211-2/+0
* Avoid needless alloc and copyJack Lloyd2018-06-212-7/+11
* Fix a header comment and inline PointGFp::add/add_affineJack Lloyd2018-06-212-26/+23
* Attempt to verify decoded ECC groups are using prime fieldsJack Lloyd2018-06-202-5/+57
* Add todoJack Lloyd2018-06-201-0/+1
* Avoid an unncecessary mallocJack Lloyd2018-06-201-1/+1
* Use masked table lookups for variable point scalar multJack Lloyd2018-06-202-16/+36
* Changes to allow masked lookups for variable point multJack Lloyd2018-06-208-146/+174
* Fix SM2 encryption testsJack Lloyd2018-06-201-3/+4
* Update side channel docJack Lloyd2018-06-201-9/+25
* Remove build time toggle for ECC coordinate maskingJack Lloyd2018-06-203-23/+16
* Perform ECC mult starting from top bit of the exponentJack Lloyd2018-06-201-17/+16
* Avoid a small timing channel in Barrett reductionJack Lloyd2018-06-202-25/+31
* More cli testsJack Lloyd2018-06-191-0/+27
* Ensure that trying to add points from different groups fails.Jack Lloyd2018-06-193-13/+35
* Use masked table lookup in ECC base point multiplicationJack Lloyd2018-06-192-9/+42
* Avoid a special case in Barrett reduction for x < modJack Lloyd2018-06-181-8/+3
* Avoid unnecessary realloc in BigInt::mod_subJack Lloyd2018-06-171-2/+7
* Add some todo comments wrt side channels in ECC scalar multJack Lloyd2018-06-171-0/+5
* Merge GH #1610 Make exponentiation loop independent of exponent sizeJack Lloyd2018-06-1711-51/+119
|\
| * Avoid leaking size of exponentJack Lloyd2018-06-1711-51/+119
|/
* Merge GH #1609 Avoid small side channel in ECC field mulJack Lloyd2018-06-151-22/+15
|\
| * In ECC avoid using significant words to dispatch the mult algoJack Lloyd2018-06-151-22/+15
* | Merge GH #1608 Fix TLS when x25519 is disabledJack Lloyd2018-06-156-8/+18
|\ \
| * | TLS would try to negotiate x25519 even if disabledJack Lloyd2018-06-156-8/+18
| |/
* / Use Botan specific CVE for ECDSA side channel [ci skip]Jack Lloyd2018-06-152-4/+3
|/
* Update newsJack Lloyd2018-06-151-0/+2
* Merge GH #1606 Make Montgomery exponentation const timeJack Lloyd2018-06-157-60/+124
|\
| * Document leak of exponent sizeJack Lloyd2018-06-141-2/+4
| * Add combined conditional add-or-subtractJack Lloyd2018-06-143-5/+41
| * Remove CT annotations from Montgomery reductionJack Lloyd2018-06-141-8/+0
| * In Montgomery mul, avoid branching based on sig words of integersJack Lloyd2018-06-141-13/+21
| * Make Karatsuba multiply completely const timeJack Lloyd2018-06-145-36/+62
|/
* Fix CLI testJack Lloyd2018-06-141-0/+1