| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Not optimized and relies on asm support for const time word_add/word_sub
instructions.
Fix a bug introduced in 46e9a89 - unpoison needs to call the valgrind
API with the pointer rather than the reference. Caused values not to
be unpoisoned.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If affine coordinates larger than the prime modulus were given,
a later multiplication could overflow the size of an allocated
output buffer, which was sized based on the size of the prime.
This will cause an overflow into either the system heap or if the
mlock/mmap pool allocator is in use, then into the adjacent key
material stored in the pool.
Reported by Alex Gaynor who found it with AFL
Also fix a one word overwrite in P-521 reduction. Found with AFL
|
|
|
|
|
|
| |
Aligning the calls makes it easier to read the index travel
Add a date to the generated output file
|
|
|
|
|
|
| |
It had two functions, both only called from one place (mp_karat.cpp).
Both multiple and square ops were O(n**2), so drop square and just
call mul in mp_karat.cpp for either case
|
|
|
|
| |
GH #363
|
| |
|
|
|
|
|
|
|
|
| |
As the alternatives are unfortunate for applications trying to catch
all library errors, and it seems deriving from std::runtime_error
causes problems with MSVC DLLs (GH #340)
Effectively reverts 2837e915d82e43
|
|
|
|
| |
Also fix a few cast and zero-as-nullptr warnings in the AltiVec header
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The only reason mul128.h was included in mp_types.h was for the
definition of dword. But dword is only needed by the generic version
of mp_madd, which is an internal header. So move both the inclusion
of the header and the dword definition to there.
Previously mul128.h was very public (mp_types.h to bigint.h to rsa.h,
for example) and use of __int128 causes problems in pedantic mode. So
additionally, prefer using the TI attribute version since GCC does not
complain about that. Clang's -Wpedantic does not seem to care about it
either way.
GH #330
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was already close, but the carry loop would break early and
selecting which value to copy out was indexed on the borrow bit. Have
the carry loop run through, and add a const-time conditional copy
operation and use that to copy the output.
Convert ct_utils to CT namespace. Templatize the utils, which I was
hesitant to do initially but is pretty useful when dealing with
arbitrary word sizes.
Remove the poison macros, replace with inline funcs which reads
cleaner at the call site.
|
|
|
|
|
|
|
|
|
|
| |
C functions must not throw but Botan::bigint_divop throws (MSVC: warning
C4297: 'Botan::bigint_divop' : function assumed not to throw an
exception but does)
* Move bigint_mul -> Botan::bigint_sqr
* Move bigint_sqr -> Botan::bigint_sqr
* Variable in unnamed namespace supersedes "static" keyword
|
| |
|
|
|
|
|
|
|
| |
Uninitialized variables, missing divide by zero checks, missing
virtual destructor, etc. Only thing serious is bug in TLS maximum
fragment decoder; missing breaks in switch statement meant receiver
would treat any negotiated max frament as 4k limit.
|
|
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|
| |
|
|
|
|
|
| |
Roughly 35-50% faster on my laptop (depending on if mlock is enabled,
the overhead in that allocator is becoming much more of a hotspot).
|
| |
|
| |
|
|
|