| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
In some cases this can offer better optimization, via devirtualization.
And it lets the user know the class is not intended for derivation.
Some discussion in GH #402
|
| | |
|
| |
|
|
|
|
|
| |
Has the same effect as using ctgrind, but without requiring a
custom-compiled valgrind binary.
Add ct checking annotations to the SSSE3 AES code.
|
| |
|
|
| |
j is never more than 30 in this loop
|
| |
|
|
|
| |
(Two part commit with 64caa9a to work around git's insane implied
rename system)
|
| |
|
|
| |
Simpler, and a bit faster also it seems (but not fast)
|
| |
|
|
|
|
|
| |
Having the code diffused all over the place was ugly and would
not scale well to multiple alternative providers.
GH #368
|
| |
|
|
|
|
|
|
| |
As the alternatives are unfortunate for applications trying to catch
all library errors, and it seems deriving from std::runtime_error
causes problems with MSVC DLLs (GH #340)
Effectively reverts 2837e915d82e43
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was already close, but the carry loop would break early and
selecting which value to copy out was indexed on the borrow bit. Have
the carry loop run through, and add a const-time conditional copy
operation and use that to copy the output.
Convert ct_utils to CT namespace. Templatize the utils, which I was
hesitant to do initially but is pretty useful when dealing with
arbitrary word sizes.
Remove the poison macros, replace with inline funcs which reads
cleaner at the call site.
|
| |
|
|
|
|
| |
For RSA, RC4, and ECDSA put the openssl versions in the same directory
as the base version. They just rely on a macro check for the openssl
module to test for the desire to use OpenSSL.
|
| |
|
|
|
|
|
|
| |
via timing channels.
Add annotations for checking constant-time code using ctgrind to
PKCS #1 and OAEP, as well as IDEA and Curve25519 which were already
written as constant time code.
|
| |
|
|
| |
Two part commit with bd99a4f to work around git's insane rename system.
|
| | |
|
| |
|
|
|
|
| |
Avoids needing to include simd_32 to see if SIMD is disabled. This
had caused a build break on Linux x86-32 as SSE2 must be enabled on
a per-file basis.
|
| | |
|
| | |
|
| |
|
|
| |
Only user-visible change is the removal of get_byte.h
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we were hanging on the type destructors to pull in
the relevant objects. However that fails in many simple cases
where the object is never deleted.
For every type involved in the algo registry add static create
and providers functions to access the algo registry. Modify
lookup.h to be inline and call those functions, and move
a few to sub-headers (eg, get_pbkdf going to pbkdf.h). So
accessing the registry involves going through the same file
that handles the initialization, so there is no way to end up
with missing objs.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The support problems from having static libraries not work in the
obvious way will be endless trouble. Instead have each set of
registrations tag along in a source file for the basic type, at the
cost of some extra ifdefs. On shared libs this is harmless -
everything is going into the shared object anyway. With static libs,
this means pulling in a single block cipher pulls in the text of all
the them. But that's still strictly better than the amalgamation
(which is really pulling in everything), and it works (unlike status quo).
|
| |
|
|
|
|
| |
Previously 0 was the highest priority and 255 was the lowest. But this
is really quite confusing, instead treat 0 as lowest and 255 as highest
so normal integer intuitions apply.
|
| | |
|
| |
|
|
|
|
|
| |
With modern compilers, all are slower than the C++ and SSE2 versions
of the same algos.
GH #216
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Fix two memory leaks (in TLS and modes) caused by calling get_foo and
then cloning the result before saving it (leaking the original object),
a holdover from the conversion between construction techniques in 1.11.14
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Convert all uses of Algorithm_Factory and the engines to using Algo_Registry
The shared pool of entropy sources remains but is moved to EntropySource.
With that and few remaining initializations (default OIDs and aliases)
moved elsewhere, the global state is empty and init and shutdown are no-ops.
Remove almost all of the headers and code for handling the global
state, except LibraryInitializer which remains as a compatability stub.
Update seeding for blinding so only one hacky almost-global RNG
instance needs to be setup instead of across all pubkey uses (it uses
either the system RNG or an AutoSeeded_RNG if the system RNG is not
available).
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Transforms and BlockCiphers. Registration for all types is done at
startup but is very cheap as just a std::function and a std::map entry
are created, no actual objects are created until needed. This is a
huge improvement over Algorithm_Factory which used T::clone() as the
function and thus kept a prototype object of each type in memory.
Replace existing lookup mechanisms for ciphers, AEADs, and compression
to use the transform lookup. The existing Engine framework remains in
place for BlockCipher, but the engines now just call to the registry
instead of having hardcoded lookups.
s/Transformation/Transform/ with typedefs for compatability.
Remove lib/selftest code (for runtime selftesting): not the right approach.
|
| |
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
m_ namespaced everything while I'm in there. Changed CMAC poly_double signature.
|
| |
|
