| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
This eliminates an issue identified in the paper
"Prime and Prejudice: Primality Testing Under Adversarial Conditions"
by Albrecht, Massimo, Paterson and Somorovsky
where DL_Group::verify_group with strong=false would accept a composite
q with probability 1/4096, which is exactly as the error bound is
documented, but still unfortunate.
|
|
|
|
| |
Improves P-256 a bit
|
|
|
|
| |
Avoids needless allocations for expressions like x - 1 or y <= 4.
|
| |
|
|
|
|
| |
See also GH #986
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Since the point is public all the values are also, so this reduces
pressure on the mlock allocator and may (slightly) help perf through
cache read-ahead.
Downside is cache based side channels are slightly easier (vs the
data being stored in discontigious vectors). But we shouldn't rely
on that in any case. And having it be in an array makes a masked
table lookup easier to arrange.
|
|
|
|
| |
Use the BOTAN_MP_WORD_BITS consistently
|
| |
|
|
|
|
| |
Precompute the multiples of the prime and then subtract directly.
|
|
|
|
|
|
|
|
|
|
| |
OSS-Fuzz 6570 flagged an issue with slow modular exponentation.
It turned out the problem was not in the library version but the
simple square-and-multiply algorithm. Computing g^x % p with all
three integers being dense (high Hamming weight) numbers took about
1.5 seconds on a fast machine with almost all of the time taken
by the Barrett reductions. With these changes, same testcase
now takes only a tiny fraction of a second.
|
|
|
|
| |
Improves ECDSA times by 2-3%
|
| |
|
|
|
|
| |
Makes 4-6% difference for ECDSA
|
|
|
|
| |
No shared state
|
| |
|
|
|
|
|
|
|
| |
Generally speaking reinterpret_cast is sketchy stuff. But the
special case of char*/uint8_t* is both common and safe. By
isolating those, the remaining (likely sketchy) cases are easier
to grep for.
|
| |
|
| |
|
|
|
|
| |
Some help from include-what-you-use
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
|
|
|
| |
Only user-visible change is the removal of get_byte.h
|
|
|
|
| |
Fixes #108
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. src/lib/codec/base64/base64.cpp: :
(round_up<size_t>(input_length, 3) / 3) * 4;
2. src/lib/codec/base64/base64.cpp: :
(round_up<size_t>(input_length, 4) * 3) / 4;
3. src/lib/filters/transform_filter.cpp: return round_up(target_size,
update_granularity);
4. src/lib/math/bigint/bigint.cpp:
m_reg.resize(round_up<size_t>(size, 8));
5. src/lib/math/bigint/bigint.cpp:
m_reg.resize(round_up<size_t>((length / WORD_BYTES) + 1, 8));
6. src/lib/math/numbertheory/mp_numth.cpp: BigInt z(BigInt::Positive,
round_up<size_t>(2*x_sw, 16));
7. src/lib/modes/cbc/cbc.cpp: return round_up(input_length,
cipher().block_size());
8. src/lib/modes/ecb/ecb.cpp: return round_up(input_length,
cipher().block_size());
9. src/lib/modes/xts/xts.cpp: return round_up(input_length,
cipher().block_size());
10. src/lib/pbkdf/pbkdf2/pbkdf2.cpp: const size_t blocks_needed =
round_up(out_len, prf_sz) / prf_sz;
11. src/lib/tls/tls_record.cpp: const size_t buf_size = round_up(
12. src/lib/utils/rounding.h:inline T round_up(T n, T align_to)
1. Reason for change
2. Reason for change
3. first argument cannot be 0 (`target_size = 1024`)
4. Is a bug in the current implementation iff `size = 0`
5. first argument cannot be 0
6. round_up should return 0 if `x_sw = 0`
7. ?
8. ?
9. ?
10. first argument cannot be 0 (`if(out_len == 0) return 0;`)
11. first argument is unlikely to be 0 (`iv_size + msg_length + mac_size
+ (block_size ? 1 : 0)`)
12. Implementation
|
| |
|
|
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|
| |
|
|
|
|
|
| |
Roughly 35-50% faster on my laptop (depending on if mlock is enabled,
the overhead in that allocator is becoming much more of a hotspot).
|
|
|
|
| |
read during swap (in the move constructor)
|
|
|