| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Allow an empty nonce to mean "continue using the current cipher state".
GH #864
|
|
|
|
|
|
|
|
|
| |
* fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations)
* `default` specifier instead of `{}` in some places(probably all)
* removal of unreachable code (for example `return` after `throw`)
* removal of compilation unit only visible, but not used functions
* fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT`
* removed not needed semicolons
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The 56 char bound is bogus; Blowfish itself allows at most 448 bits
in the key schedule, but Bcrypt's modification allows up to 72 chars
for the password. Bug pointed out by Solar Designer.
Also reject work factors 0...3 since all other extant bcrypt
implementations require at least work factor 4.
Adds more bcrypt tests generated by crypt_bcrypt and OpenBSD's version.
|
|
|
|
|
|
| |
It was bogus and so potentially confusing
[ci skip]
|
|
|
|
|
|
| |
If all (say) stream ciphers are disabled, avoid unused arg warning.
[ci skip]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based on build output sent by @noloader.
If RLIMIT_MEMLOCK is not defined, assume regular user is not able to
call mlock. This probably also affected Clang/GCC on Solaris.
Work around resolution issue in SIMD_4x32 where it finds ambiguity
between arg taking uint32_t and __m128i. This is probably some
artifact of how SunCC represents vector types, and seems highly bogus
in general but is easy to work around here. Change constructor taking
a single value to instead be `SIMD_4x32::splat` function. The SIMD
class is internal, so no API implications.
Fix various warnings about lambda functions that were missing return
types and which were not a single return statement. AIUI C++11 doesn't
guarantee that lambda return type will be deduced in that situation,
though in practice every compiler including SunCC seems to handle it.
Disable AVX2 usage, since SunCC's intrinsics seem to be broken - its
_mm_loadu_si256 takes non-const pointer.
Rename a few variables in the tests to avoid shadowed var warnings.
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
|
|
|
|
|
| |
The previous assert had been already put there for the benefit
of clang-analyzer, but in Clang 3.9 it does not help. Instead
test X value directly, which works.
|
|
|
|
|
|
| |
Kind of a vestigial thing from an earlier iteration of the module
design, and never useful to specify anymore since taking all the cpp
files is what you want exactly 100% of the time.
|
| |
|
|
|
|
| |
Some attempt at consistency
|
| |
|
|
|
|
|
| |
Split commit with 4c777878 because, no git, I did not rename
blfs_tab.cpp -> blowfish.cpp
|
|
|
|
| |
Only needed there.
|
|
|
|
|
|
|
|
| |
Previously it made sense for them to be in distinct dirs because
they were standalone. However with #580 that is no longer the case,
so move them to subdirs. Configure knows that anything underneath
a directory has a dependency on the parent dir, so update info.txt
files accordingly to remove explicit dependencies where set.
|
|
|
|
|
|
| |
This required taking a global lock and doing a map lookup each
time an algorithm was requested (and so many times during a TLS
handshake).
|
|
|
|
|
|
|
| |
I repent my use of global constructors.
I repent my use of global locks.
Hopefully I will never touch this code again.
:)
|
| |
|
|
|
|
|
|
|
|
| |
Also emit `#pragma GCC target` in the ISA specific amalgamation files.
This allows compiling without any special compiler flags, at least
with GCC 6.2 and Clang 3.8. The ISA annotations are ignored in MSVC,
which just emits whatever instruction the intrinsic requires.
|
| |
|
| |
|
|
|
|
|
| |
For block ciphers, stream ciphers, hashes, MACs, and cipher modes.
Cipher_Mode already had it, with a slightly different usage.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Various algorithms had an optimized implementation (for SSE2, AVX2, etc)
which was offered alongside the 'base' implementation. This is
admittedly very useful for testing, but it breaks user expectations in
bad ways. See GH #477 for background.
Now encrypting with `AES_128` (say) just runs whatever implementation
is best on the current processor/build.
|
| |
|
|
|
|
|
| |
Testing showed no actual speedup on either i7 (SSE2) or POWER7 (Altivec),
so it is just dead weight.
|
|
|
|
|
| |
XTEA was also deprecated but has been spared, it does seem to be somewhat
common (eg, included in the Go x/crypto library)
|
|
|
|
|
|
|
|
|
|
|
| |
Remove loop variable R, instead derive from macro param constant
Support 2 block parallel decrypt, improves raw perf from 456 MB/s to
710 MB/s for decrypt.
Switch to alternate key schedule for encrypt.
Uses 3 ymm registers instead of 9 at the cost of more computation.
Not much faster on Skylake, unclear if this is worthwhile.
|
|
|
|
| |
Fix exception message
|
|\ |
|
| |
| |
| |
| | |
explicit.
|
| |
| |
| |
| | |
division by zero found by clang-analyzer
|
|/
|
|
| |
in aes_schedule_transform found by clang-analyzer
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In GCC 4.7 and 4.8, Wshadow also warns if a local variable conflicts
with a member function. This was changed in GCC 4.9 (GCC bugzilla
57709) but causes a lot of warnings on Travis which is on 4.8. Clang's
Wshadow behaves like GCC 4.9
The worst offendor was Exception's constructor argument being named
`what` which conflicts with the member function of the same name,
being in a public header this causes so many warnings the Travis log
files are truncated.
This fixes Exception and a couple of others. Fixing all cases would be
a slog that I'm not up for right at the moment.
|
|
|
|
|
|
|
| |
In some cases this can offer better optimization, via devirtualization.
And it lets the user know the class is not intended for derivation.
Some discussion in GH #402
|
| |
|
|
|
|
|
|
|
| |
Has the same effect as using ctgrind, but without requiring a
custom-compiled valgrind binary.
Add ct checking annotations to the SSSE3 AES code.
|
|
|
|
| |
j is never more than 30 in this loop
|
|
|
|
|
| |
(Two part commit with 64caa9a to work around git's insane implied
rename system)
|
|
|
|
| |
Simpler, and a bit faster also it seems (but not fast)
|
|
|
|
|
|
|
| |
Having the code diffused all over the place was ugly and would
not scale well to multiple alternative providers.
GH #368
|
|
|
|
|
|
|
|
| |
As the alternatives are unfortunate for applications trying to catch
all library errors, and it seems deriving from std::runtime_error
causes problems with MSVC DLLs (GH #340)
Effectively reverts 2837e915d82e43
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was already close, but the carry loop would break early and
selecting which value to copy out was indexed on the borrow bit. Have
the carry loop run through, and add a const-time conditional copy
operation and use that to copy the output.
Convert ct_utils to CT namespace. Templatize the utils, which I was
hesitant to do initially but is pretty useful when dealing with
arbitrary word sizes.
Remove the poison macros, replace with inline funcs which reads
cleaner at the call site.
|
|
|
|
|
|
| |
For RSA, RC4, and ECDSA put the openssl versions in the same directory
as the base version. They just rely on a macro check for the openssl
module to test for the desire to use OpenSSL.
|
|
|
|
|
|
|
|
| |
via timing channels.
Add annotations for checking constant-time code using ctgrind to
PKCS #1 and OAEP, as well as IDEA and Curve25519 which were already
written as constant time code.
|
|
|
|
| |
Two part commit with bd99a4f to work around git's insane rename system.
|
| |
|
|
|
|
|
|
| |
Avoids needing to include simd_32 to see if SIMD is disabled. This
had caused a build break on Linux x86-32 as SSE2 must be enabled on
a per-file basis.
|