aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/math
Commit message (Collapse)AuthorAgeFilesLines
* Avoid using <iostream> header within the libraryJack Lloyd2017-09-021-1/+2
| | | | We only need <istream> + <ostream> here
* Support a negative base in power_modJack Lloyd2017-09-021-3/+16
| | | | Closes #1168
* Fix various MSVC warningsJack Lloyd2017-08-312-2/+2
| | | | Based on VC2017 output
* Fix issue signing an ECDSA hash of all-zeros (GH #1143)Jack Lloyd2017-08-071-1/+1
| | | | | The tests were generated by Botan but I was able to verify the resulting signatures using Golang's ecdsa module.
* Fix warnings from clangs -Wdocumentation flagJack Lloyd2017-07-282-5/+5
|
* Fix description of coprime parameter to random_prime() [ci skip]René Korthaus2017-04-051-1/+1
| | | | Found during a review by BSI
* Content:Tomasz Frydrych2017-04-034-7/+11
| | | | | | | | | * fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations) * `default` specifier instead of `{}` in some places(probably all) * removal of unreachable code (for example `return` after `throw`) * removal of compilation unit only visible, but not used functions * fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT` * removed not needed semicolons
* Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-024-5/+13
|
* BOTAN_TARGET_COMPILER_IS -> BOTAN_BUILD_COMPILER_ISDaniel Neus2017-03-151-1/+1
|
* Converge on a single side channel silent ec mp alg: randomizedNever2017-02-221-48/+2
| | | | | Montgomery ladder with order.bits()/2 bit scalar blinding and point randomization
* increase miller-rabin iterations for dsa primes (FIPS-186-4)Never2017-02-131-2/+2
|
* Remove unused iostream includeJack Lloyd2017-01-201-1/+0
| | | | [ci skip]
* Tiny code simplificationJack Lloyd2016-12-301-3/+1
|
* Speed up DSA param gen testJack Lloyd2016-12-262-8/+14
| | | | Record counter value in test data, and start the search from there.
* Remove nested anon namespaceJack Lloyd2016-12-231-4/+0
|
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-1824-216/+216
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Remove debug codeJack Lloyd2016-12-141-1/+1
|
* Fix exponentiation bug, related fixesJack Lloyd2016-12-147-34/+79
| | | | | | | | | | | | | | | GH #754 exposed a bug in the non-Montgomery exponentiation case. It turned out then when the fixed window was picked to any value > 1, the result would be incorrect due to an off by one. This is the one line fix in powm_fw.cpp Also fix a bug in bigint_mul which caused incorrect results, because the output BigInt was not being zeroed out before use. This is only exposed in rare cases, found (somewhat indirectly) in OSS-Fuzz #287. Add more modular exponentiation tests, which would have caught these issues earlier.
* In ressol, prohibit a >= pJack Lloyd2016-12-111-3/+5
| | | | Technically defined, but should never be seen in practical crypto context.
* Remove <source> block from info.txt filesJack Lloyd2016-12-082-17/+0
| | | | | | Kind of a vestigial thing from an earlier iteration of the module design, and never useful to specify anymore since taking all the cpp files is what you want exactly 100% of the time.
* Fix DSA parameter generation to use the correct loop bound.Jack Lloyd2016-11-031-5/+3
| | | | | | | | 4096 is the value from FIPS 186-2, FIPS 186-3 uses 4*pbits which is the obvious extension of the FIPS 186-2 scheme to larger parameter sizes. Pointed out by @neverhub Removes support for 512 and 768 bit DSA groups because WTF no.
* Fix doxygen warnings [ci skip]René Korthaus2016-10-191-2/+0
|
* Merge GH #567/GH #457 TLS refactoring and Callbacks interfaceJack Lloyd2016-08-318-105/+65
|\
| * Reduction of code complexity in MP & ECC classes.Matthias Gierlings2016-06-198-105/+65
| | | | | | | | | | | | - reduced number of parameters in various methods - introduced structures and renamed variables to improve code readability.
* | Fix leading zero bytes in DSA, ECDSA, ECGDSA and ECKCDSA signaturesRené Korthaus2016-08-172-0/+20
| |
* | Merge asm into single mp_madd.h and mp_asmi.h filesJack Lloyd2016-07-2116-1545/+1084
|/ | | | | | | Avoids some cut and paste, also removes the need for special logic in configure.py for handling mp module specially. Merge SIMD classes into a single type SIMD_4x32
* Add explicit static_cast operations to eliminate implicit cast compiler ↵Dan Brown2016-04-273-3/+3
| | | | warnings.
* Add ECGDSARené Korthaus2016-04-192-0/+25
|
* Use rejection sampling in BigInt::random_integerJack Lloyd2016-03-161-10/+8
| | | | Avoids the test vector contortions in RSA-KEM
* Fix off by one in ressolJack Lloyd2016-03-151-1/+1
| | | | | Could attempt to allocate (size_t)-1 words with predicably bad_alloc results.
* Remaining cppcheck fixes that are not covered by GH #444Daniel Neus2016-03-052-9/+11
|
* cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-053-5/+5
| | | | explicit.
* For odd moduli use a input-independent modular inverse algorithm.Jack Lloyd2016-02-204-56/+218
| | | | Also adds a (not const time) implementation of almost Montgomery reduction.
* Add tests and timings for inverse_modJack Lloyd2016-02-202-5/+13
|
* Fix remaining Wshadow warnings and enable on gcc and clangRené Korthaus2016-02-182-4/+7
|
* Add constant time conditional swap, add, sub for bigint wordsJack Lloyd2016-02-172-1/+102
| | | | | | | | | Not optimized and relies on asm support for const time word_add/word_sub instructions. Fix a bug introduced in 46e9a89 - unpoison needs to call the valgrind API with the pointer rather than the reference. Caused values not to be unpoisoned.
* Fix two bugs in 1.11.27 which caused test failures.1.11.28Jack Lloyd2016-02-012-4/+1
| | | | | | | | | | | | | The check on each individual size in curve_mul is too strict since we rely on redc(x*1) during the on the curve computation. Fix an off by one in ressol which caused it to occasionally reject valid values. Updating version 1.11.28 since existing 1.11.27 tag already pushed :( Fix an off-by-one in ressol which would cause it to occasionly give up too early.
* Fix heap overflow in ECC point multiplicationJack Lloyd2016-02-014-4/+24
| | | | | | | | | | | | | | If affine coordinates larger than the prime modulus were given, a later multiplication could overflow the size of an allocated output buffer, which was sized based on the size of the prime. This will cause an overflow into either the system heap or if the mlock/mmap pool allocator is in use, then into the adjacent key material stored in the pool. Reported by Alex Gaynor who found it with AFL Also fix a one word overwrite in P-521 reduction. Found with AFL
* Fix (nearly) infinite loop in RESSOL (modular square root).Jack Lloyd2016-02-011-8/+12
| | | | | | | It first computed the first i for q**(2**i) == 1, then checked that i was smaller than s. Given a composite modulus (for which the algorithm does not work), the loop might do a very large amount of work before returning the failure.
* Add final attribute to many classesJack Lloyd2016-01-101-6/+6
| | | | | | | In some cases this can offer better optimization, via devirtualization. And it lets the user know the class is not intended for derivation. Some discussion in GH #402
* Mass-prefix member vars with m_René Korthaus2016-01-085-49/+49
|
* Fix PointGFp multiplication bugJack Lloyd2016-01-031-18/+0
| | | | | | There was a special case for small scalars which managed to forget that the integer 3 also fits into two bits. Found by adding a new set of ECC point mul tests for the NIST curves.
* Prettify mp_comba a bitJack Lloyd2016-01-011-44/+44
| | | | | | Aligning the calls makes it easier to read the index travel Add a date to the generated output file
* Remove mp_mulop.cppJack Lloyd2015-12-256-93/+42
| | | | | | It had two functions, both only called from one place (mp_karat.cpp). Both multiple and square ops were O(n**2), so drop square and just call mul in mp_karat.cpp for either case
* Remove unused word8_muladd from MSVC x86-32 asmJack Lloyd2015-12-191-84/+0
| | | | GH #363
* Missing addsJack Lloyd2015-12-111-2/+2
|
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-114-5/+5
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Remove bogus code from generic mp_madd header, noticed on PPC build.Jack Lloyd2015-11-231-3/+4
| | | | Also fix a few cast and zero-as-nullptr warnings in the AltiVec header
* Remove mul128.h header from public viewJack Lloyd2015-11-162-13/+21
| | | | | | | | | | | | | | | The only reason mul128.h was included in mp_types.h was for the definition of dword. But dword is only needed by the generic version of mp_madd, which is an internal header. So move both the inclusion of the header and the dword definition to there. Previously mul128.h was very public (mp_types.h to bigint.h to rsa.h, for example) and use of __int128 causes problems in pedantic mode. So additionally, prefer using the TI attribute version since GCC does not complain about that. Clang's -Wpedantic does not seem to care about it either way. GH #330
* Remove call to abort on a zero point in PointGFp::get_affine_{x,y}Jack Lloyd2015-11-131-4/+0
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-19 04:27:59 +0000