aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * Recognize armv8l [ci skip]tcely2018-04-171-0/+2
| | | | | | Addresses https://github.com/randombit/botan/issues/1543
* | Add EC_Group::inverse_mod_orderJack Lloyd2018-04-176-6/+21
| | | | | | | | | | | | | | Centralizing this logic allows curve specific implementations such as using a precomputed ladder for exponentiating by p - 2 GH #1479
* | Precompute for multiexponentation when verifying ECC signaturesJack Lloyd2018-04-175-15/+22
|/ | | | | ECDSA already did this. Improves repeated ECGDSA, ECKCDSA, SM2, and GOST signature verification by 10-15%
* Update newsJack Lloyd2018-04-171-0/+6
|
* Merge GH #1542 Optimize RSA keygen and avoid side channelJack Lloyd2018-04-174-43/+179
|\
| * Avoid potential side channel when generating RSA primesJack Lloyd2018-04-174-43/+179
|/ | | | | | | | | | Add a new function dedicated to generating RSA primes. Don't test for p.bits() > bits until the very end - rarely happens, and speeds up prime generation quite noticably. Add Miller-Rabin error probabilities for 1/2**128, which again speeds up RSA keygen and DL param gen quite a bit.
* Remove debug assignment [ci skip]Jack Lloyd2018-04-161-1/+0
|
* Truncate new SKIDs to 192 bitsJack Lloyd2018-04-163-6/+14
| | | | | More than long enough, and saves quite a bit of space especially for SHA-512 certificates.
* Update newsJack Lloyd2018-04-161-0/+13
|
* Add vars to split the two Karatsuba sub-workspacesJack Lloyd2018-04-161-14/+20
|
* Merge GH #1540 Progress towards const-time RSAJack Lloyd2018-04-1610-47/+112
|\
| * Add const time annotationsJack Lloyd2018-04-156-7/+43
| |
| * Simplify Karatsuba codeJack Lloyd2018-04-153-39/+43
| | | | | | | | And set us up for eventually having this be completely const time.
| * Use GCC builtins for clz operationJack Lloyd2018-04-151-1/+26
| |
* | Use bad_record_mac instead of decode_error for short TLS packetsJack Lloyd2018-04-161-1/+8
|/ | | | | Decode error seems more appropriate but it confuses some automated tools including older versions of TLS-Attacker.
* Add an explicit test mode buildJack Lloyd2018-04-144-7/+14
| | | | GH #1537
* Merge GH #1538 Minor ECC optimizationsJack Lloyd2018-04-148-21/+137
|\
| * Various minor ECC optimizationsJack Lloyd2018-04-138-21/+137
| | | | | | | | | | | | | | | | | | Add a way of getting Montgomery representation of one. Reduce use of temporaries in variable point mult. Prefer doubling over addition in precomputing fixed window. Add Brainpool ECDH tests Improves ECDH by 2-3% across the board
* | Merge GH #1531 Improve XMSS test coverageJack Lloyd2018-04-145-12/+14
|\ \
| * | Removes unused overload in XMSS_HashMatthias Gierlings2018-04-122-12/+0
| | | | | | | | | | | | - Removes overload `XMSS_Hash::h_msg_update(secure_vector<uint8_t>&)`
| * | Codecov - cover MT code in XMSS_PrivateKeyMatthias Gierlings2018-04-123-0/+14
| | | | | | | | | | | | | | | | | | Codecov does not reach all parts of the `XMSS_PrivateKey` code because too few cores are detected during the CI run. To cover the missed codepaths always return a large enough core count if botan is compiled with coverage.
* | | Another todoJack Lloyd2018-04-141-0/+2
| |/ |/|
* | Merge GH #1537 Add missing XMSS signature length checkJack Lloyd2018-04-124-23/+183
|\ \
| * | Adds missing XMSS signature length check.Matthias Gierlings2018-04-124-23/+183
| | | | | | | | | | | | | | | | | | | | | | | | - Fixes out of bounds read in `XMSS_Signature` constructor when the raw signature data supplied as arguments is shorter than the signature size defined by the XMSS parameter set encoded in the `XMSS_PublicKey`. - Fixes valid signatures with arbitrary appended data to be verified as correct signature.
* | | In XMSS_Tools::bench_threads only call hardware_concurrency onceJack Lloyd2018-04-121-7/+9
| | | | | | | | | | | | | | | Getting this value will typically require either a system call or a cpuid call, both of which are fairly expensive.
* | | Add missing override [ci skip]Jack Lloyd2018-04-121-1/+1
| | |
* | | Clarify log message [ci skip]Jack Lloyd2018-04-121-2/+2
| | |
* | | Correct name of script [ci skip]Jack Lloyd2018-04-121-1/+1
| | |
* | | Allow year up to 2200 in ASN1 time objectsJack Lloyd2018-04-124-5/+100
| |/ |/| | | | | | | | | Also tighten up checking of days Fixes GH #1536
* | Lint fixesJack Lloyd2018-04-121-3/+8
| |
* | Some makefile simplificationsJack Lloyd2018-04-112-13/+5
| |
* | Merge GH #1535 Don't create solib symlinks on OpenBSDJack Lloyd2018-04-113-1/+4
|\ \
| * | Do not create shared library symlinks on OpenBSD.Alexander Bluhm2018-04-123-1/+4
| |/ | | | | | | | | | | | | | | Symlinks to shared libraries confuse the OpenBSD dynamic linker. We need one file with two numbers. The problem became apparent when the abi_rev and the OpenBSD ports shared libs numbers diverged. Add a new conditional variable symlink_shared_lib to suppress the symlink in the makefile.
* | Update newsJack Lloyd2018-04-111-0/+3
| |
* | Merge GH #1534 Optimize EC doubling for curves with a == 0 and a == -3Jack Lloyd2018-04-114-10/+61
|\ \
| * | Optimize EC point doubling for a == 0 and a == -3Jack Lloyd2018-04-114-10/+61
| |/
* / Fix indentation [ci skip]Jack Lloyd2018-04-111-5/+5
|/
* Fix the botan-test --verbose flag, which did nothingJack Lloyd2018-04-119-24/+30
| | | | It used to do something, then I broke it.
* Merge GH #1533 Use mkstemp for temp files in testsJack Lloyd2018-04-113-1/+42
|\
| * Move mkstemp to Test::temp_file_nameJack Lloyd2018-04-113-8/+40
| |
| * Use mkstemp(3) to create file for test.Alexander Bluhm2018-04-101-1/+10
| | | | | | | | | | | | Creating a temporary file in the current directory may fail due to permissions. Use POSIX mkstemp(3) to create a temporary file in a secure way for the filter test.
* | Add EC_Group::a_is_zeroJack Lloyd2018-04-113-1/+19
| |
* | Merge GH #1532 Add missing include for muslJack Lloyd2018-04-111-0/+1
|\ \
| * | Add missing errno.h include to entropy/dev_randomfwsGonzo2018-04-111-0/+1
|/ /
* | Bump version to 2.7.0Jack Lloyd2018-04-102-1/+4
| |
* | Update for 2.6.0 release2.6.0Jack Lloyd2018-04-102-4/+10
| |
* | Add security advisoryJack Lloyd2018-04-101-0/+11
| |
* | Add missing overrideJack Lloyd2018-04-091-1/+1
|/
* Add DL_Group::exponent_bitsJack Lloyd2018-04-094-7/+25
| | | | Just a useful helper
* Add a Montgomery exponentiation that takes variable timeJack Lloyd2018-04-094-8/+54
| | | | | | | | In the case of RSA encryption/verification the public exponent is... public. So we don't need to carefully guard against side channels that leak the exponent. Improves RSA verification performance by 50% or more.