Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
| * | Recognize armv8l [ci skip] | tcely | 2018-04-17 | 1 | -0/+2 | |
| | | | | | | Addresses https://github.com/randombit/botan/issues/1543 | |||||
* | | Add EC_Group::inverse_mod_order | Jack Lloyd | 2018-04-17 | 6 | -6/+21 | |
| | | | | | | | | | | | | | | Centralizing this logic allows curve specific implementations such as using a precomputed ladder for exponentiating by p - 2 GH #1479 | |||||
* | | Precompute for multiexponentation when verifying ECC signatures | Jack Lloyd | 2018-04-17 | 5 | -15/+22 | |
|/ | | | | | ECDSA already did this. Improves repeated ECGDSA, ECKCDSA, SM2, and GOST signature verification by 10-15% | |||||
* | Update news | Jack Lloyd | 2018-04-17 | 1 | -0/+6 | |
| | ||||||
* | Merge GH #1542 Optimize RSA keygen and avoid side channel | Jack Lloyd | 2018-04-17 | 4 | -43/+179 | |
|\ | ||||||
| * | Avoid potential side channel when generating RSA primes | Jack Lloyd | 2018-04-17 | 4 | -43/+179 | |
|/ | | | | | | | | | | Add a new function dedicated to generating RSA primes. Don't test for p.bits() > bits until the very end - rarely happens, and speeds up prime generation quite noticably. Add Miller-Rabin error probabilities for 1/2**128, which again speeds up RSA keygen and DL param gen quite a bit. | |||||
* | Remove debug assignment [ci skip] | Jack Lloyd | 2018-04-16 | 1 | -1/+0 | |
| | ||||||
* | Truncate new SKIDs to 192 bits | Jack Lloyd | 2018-04-16 | 3 | -6/+14 | |
| | | | | | More than long enough, and saves quite a bit of space especially for SHA-512 certificates. | |||||
* | Update news | Jack Lloyd | 2018-04-16 | 1 | -0/+13 | |
| | ||||||
* | Add vars to split the two Karatsuba sub-workspaces | Jack Lloyd | 2018-04-16 | 1 | -14/+20 | |
| | ||||||
* | Merge GH #1540 Progress towards const-time RSA | Jack Lloyd | 2018-04-16 | 10 | -47/+112 | |
|\ | ||||||
| * | Add const time annotations | Jack Lloyd | 2018-04-15 | 6 | -7/+43 | |
| | | ||||||
| * | Simplify Karatsuba code | Jack Lloyd | 2018-04-15 | 3 | -39/+43 | |
| | | | | | | | | And set us up for eventually having this be completely const time. | |||||
| * | Use GCC builtins for clz operation | Jack Lloyd | 2018-04-15 | 1 | -1/+26 | |
| | | ||||||
* | | Use bad_record_mac instead of decode_error for short TLS packets | Jack Lloyd | 2018-04-16 | 1 | -1/+8 | |
|/ | | | | | Decode error seems more appropriate but it confuses some automated tools including older versions of TLS-Attacker. | |||||
* | Add an explicit test mode build | Jack Lloyd | 2018-04-14 | 4 | -7/+14 | |
| | | | | GH #1537 | |||||
* | Merge GH #1538 Minor ECC optimizations | Jack Lloyd | 2018-04-14 | 8 | -21/+137 | |
|\ | ||||||
| * | Various minor ECC optimizations | Jack Lloyd | 2018-04-13 | 8 | -21/+137 | |
| | | | | | | | | | | | | | | | | | | Add a way of getting Montgomery representation of one. Reduce use of temporaries in variable point mult. Prefer doubling over addition in precomputing fixed window. Add Brainpool ECDH tests Improves ECDH by 2-3% across the board | |||||
* | | Merge GH #1531 Improve XMSS test coverage | Jack Lloyd | 2018-04-14 | 5 | -12/+14 | |
|\ \ | ||||||
| * | | Removes unused overload in XMSS_Hash | Matthias Gierlings | 2018-04-12 | 2 | -12/+0 | |
| | | | | | | | | | | | | - Removes overload `XMSS_Hash::h_msg_update(secure_vector<uint8_t>&)` | |||||
| * | | Codecov - cover MT code in XMSS_PrivateKey | Matthias Gierlings | 2018-04-12 | 3 | -0/+14 | |
| | | | | | | | | | | | | | | | | | | Codecov does not reach all parts of the `XMSS_PrivateKey` code because too few cores are detected during the CI run. To cover the missed codepaths always return a large enough core count if botan is compiled with coverage. | |||||
* | | | Another todo | Jack Lloyd | 2018-04-14 | 1 | -0/+2 | |
| |/ |/| | ||||||
* | | Merge GH #1537 Add missing XMSS signature length check | Jack Lloyd | 2018-04-12 | 4 | -23/+183 | |
|\ \ | ||||||
| * | | Adds missing XMSS signature length check. | Matthias Gierlings | 2018-04-12 | 4 | -23/+183 | |
| | | | | | | | | | | | | | | | | | | | | | | | | - Fixes out of bounds read in `XMSS_Signature` constructor when the raw signature data supplied as arguments is shorter than the signature size defined by the XMSS parameter set encoded in the `XMSS_PublicKey`. - Fixes valid signatures with arbitrary appended data to be verified as correct signature. | |||||
* | | | In XMSS_Tools::bench_threads only call hardware_concurrency once | Jack Lloyd | 2018-04-12 | 1 | -7/+9 | |
| | | | | | | | | | | | | | | | Getting this value will typically require either a system call or a cpuid call, both of which are fairly expensive. | |||||
* | | | Add missing override [ci skip] | Jack Lloyd | 2018-04-12 | 1 | -1/+1 | |
| | | | ||||||
* | | | Clarify log message [ci skip] | Jack Lloyd | 2018-04-12 | 1 | -2/+2 | |
| | | | ||||||
* | | | Correct name of script [ci skip] | Jack Lloyd | 2018-04-12 | 1 | -1/+1 | |
| | | | ||||||
* | | | Allow year up to 2200 in ASN1 time objects | Jack Lloyd | 2018-04-12 | 4 | -5/+100 | |
| |/ |/| | | | | | | | | | Also tighten up checking of days Fixes GH #1536 | |||||
* | | Lint fixes | Jack Lloyd | 2018-04-12 | 1 | -3/+8 | |
| | | ||||||
* | | Some makefile simplifications | Jack Lloyd | 2018-04-11 | 2 | -13/+5 | |
| | | ||||||
* | | Merge GH #1535 Don't create solib symlinks on OpenBSD | Jack Lloyd | 2018-04-11 | 3 | -1/+4 | |
|\ \ | ||||||
| * | | Do not create shared library symlinks on OpenBSD. | Alexander Bluhm | 2018-04-12 | 3 | -1/+4 | |
| |/ | | | | | | | | | | | | | | | Symlinks to shared libraries confuse the OpenBSD dynamic linker. We need one file with two numbers. The problem became apparent when the abi_rev and the OpenBSD ports shared libs numbers diverged. Add a new conditional variable symlink_shared_lib to suppress the symlink in the makefile. | |||||
* | | Update news | Jack Lloyd | 2018-04-11 | 1 | -0/+3 | |
| | | ||||||
* | | Merge GH #1534 Optimize EC doubling for curves with a == 0 and a == -3 | Jack Lloyd | 2018-04-11 | 4 | -10/+61 | |
|\ \ | ||||||
| * | | Optimize EC point doubling for a == 0 and a == -3 | Jack Lloyd | 2018-04-11 | 4 | -10/+61 | |
| |/ | ||||||
* / | Fix indentation [ci skip] | Jack Lloyd | 2018-04-11 | 1 | -5/+5 | |
|/ | ||||||
* | Fix the botan-test --verbose flag, which did nothing | Jack Lloyd | 2018-04-11 | 9 | -24/+30 | |
| | | | | It used to do something, then I broke it. | |||||
* | Merge GH #1533 Use mkstemp for temp files in tests | Jack Lloyd | 2018-04-11 | 3 | -1/+42 | |
|\ | ||||||
| * | Move mkstemp to Test::temp_file_name | Jack Lloyd | 2018-04-11 | 3 | -8/+40 | |
| | | ||||||
| * | Use mkstemp(3) to create file for test. | Alexander Bluhm | 2018-04-10 | 1 | -1/+10 | |
| | | | | | | | | | | | | Creating a temporary file in the current directory may fail due to permissions. Use POSIX mkstemp(3) to create a temporary file in a secure way for the filter test. | |||||
* | | Add EC_Group::a_is_zero | Jack Lloyd | 2018-04-11 | 3 | -1/+19 | |
| | | ||||||
* | | Merge GH #1532 Add missing include for musl | Jack Lloyd | 2018-04-11 | 1 | -0/+1 | |
|\ \ | ||||||
| * | | Add missing errno.h include to entropy/dev_random | fwsGonzo | 2018-04-11 | 1 | -0/+1 | |
|/ / | ||||||
* | | Bump version to 2.7.0 | Jack Lloyd | 2018-04-10 | 2 | -1/+4 | |
| | | ||||||
* | | Update for 2.6.0 release2.6.0 | Jack Lloyd | 2018-04-10 | 2 | -4/+10 | |
| | | ||||||
* | | Add security advisory | Jack Lloyd | 2018-04-10 | 1 | -0/+11 | |
| | | ||||||
* | | Add missing override | Jack Lloyd | 2018-04-09 | 1 | -1/+1 | |
|/ | ||||||
* | Add DL_Group::exponent_bits | Jack Lloyd | 2018-04-09 | 4 | -7/+25 | |
| | | | | Just a useful helper | |||||
* | Add a Montgomery exponentiation that takes variable time | Jack Lloyd | 2018-04-09 | 4 | -8/+54 | |
| | | | | | | | | In the case of RSA encryption/verification the public exponent is... public. So we don't need to carefully guard against side channels that leak the exponent. Improves RSA verification performance by 50% or more. |