| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
The poisons don't stack so the unpoison hid conditional jumps
we want to find.
|
| | |
|
| |
|
|
| |
Speedup of 10 to 30% depending on algo
|
| | |
|
| |
|
|
|
|
| |
Improves performance on "odd" sized DH/RSA (eg 1536, 3072, 6144)
where otherwise the Karatsuba operation bottoms out with 24-word
operands which ended up in the basecase multiply.
|
| | |
|
| |
|
|
| |
And set us up for eventually having this be completely const time.
|
| | |
|
| |
|
|
|
|
|
| |
The constraints were invalid as they missed the clobber of a/d
registers. This caused miscompilation when using GCC -fno-plt option.
GH #1524
|
| | |
|
| |
|
|
|
|
| |
Just a simple adaption of the n^2 multiply algorithm, so no
performance impact. However makes the difference between
squaring and multiply easier to see when profiling.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Results in 10-20% improvement for DH and RSA, 5% for ECC curves
that use Montgomery form.
|
| |
|
|
| |
Increases perf of larger DH by 5-8%
|
| | |
|
| | |
|
| |
|
|
| |
Use the BOTAN_MP_WORD_BITS consistently
|
| | |
|
| |
|
|
| |
Makes it less likely compiler will use add-with-carry op
|
| |
|
|
|
|
|
|
| |
MSan requires compile time information about memory writes,
so the inline asm writing to z is not seen. So OSS-Fuzz thinks
the value is being used uninitialized.
OSS-Fuzz 6626
|
| | |
|
| |
|
|
|
|
|
| |
Since the Karatsuba functions assume z_size >= 2*N
The size chooser functions should handle this already by not returning
a value that is too large, but good to be sure.
|
| | |
|
| |
|
|
|
|
| |
These functions made assumptions about the workspace size available,
which if incorrect would cause memory corruption. Since the length is
always available at the caller, just provide it and avoid problems.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
First, correct a bug in the sieve code. It would break early if
a value did not match up with the sieve. However in that case,
the sieve values would be out of sync with the value of p, and
would be returning effectively random results. This caused
prime generation to be slower than it should be, both because the
sieve was incorrectly rejecting values that were not multiples of
any small prime and was allowing values that were multiples of
small primes to move on to the Miller-Rabin test.
In the sieve, also sieve so that 2*q+1 is also not a multiple of
the small primes. This speeds up safe prime generation.
GH #1411
|
| |
|
|
| |
Only needed in one source file here.
|
| |
|
|
| |
Sonar
|
| | |
|
| | |
|
| |
|
|
|
|
| |
ISO C++ reserves names with double underscores in them
Closes #512
|
| |
|
|
|
|
| |
Results in FPE being about 5x faster
See #494
|
| |
|
|
|
| |
Defined in build.h, all equal to BOTAN_DLL so ties into existing
system for exporting symbols.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GH #754 exposed a bug in the non-Montgomery exponentiation case.
It turned out then when the fixed window was picked to any value
> 1, the result would be incorrect due to an off by one. This is
the one line fix in powm_fw.cpp
Also fix a bug in bigint_mul which caused incorrect results,
because the output BigInt was not being zeroed out before use. This
is only exposed in rare cases, found (somewhat indirectly) in
OSS-Fuzz #287.
Add more modular exponentiation tests, which would have caught
these issues earlier.
|
| |
|
|
|
|
| |
Kind of a vestigial thing from an earlier iteration of the module
design, and never useful to specify anymore since taking all the cpp
files is what you want exactly 100% of the time.
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
- reduced number of parameters in various methods
- introduced structures and renamed variables to improve code
readability.
|
| |/
|
|
|
|
|
| |
Avoids some cut and paste, also removes the need for special logic in
configure.py for handling mp module specially.
Merge SIMD classes into a single type SIMD_4x32
|
| |
|
|
| |
Also adds a (not const time) implementation of almost Montgomery reduction.
|
| |
|
|
|
|
|
|
|
| |
Not optimized and relies on asm support for const time word_add/word_sub
instructions.
Fix a bug introduced in 46e9a89 - unpoison needs to call the valgrind
API with the pointer rather than the reference. Caused values not to
be unpoisoned.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If affine coordinates larger than the prime modulus were given,
a later multiplication could overflow the size of an allocated
output buffer, which was sized based on the size of the prime.
This will cause an overflow into either the system heap or if the
mlock/mmap pool allocator is in use, then into the adjacent key
material stored in the pool.
Reported by Alex Gaynor who found it with AFL
Also fix a one word overwrite in P-521 reduction. Found with AFL
|
| |
|
|
|
|
| |
Aligning the calls makes it easier to read the index travel
Add a date to the generated output file
|
| |
|
|
|
|
| |
It had two functions, both only called from one place (mp_karat.cpp).
Both multiple and square ops were O(n**2), so drop square and just
call mul in mp_karat.cpp for either case
|
