| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
See GH #2886
|
|
|
|
|
|
|
|
| |
Starting in OpenSSL 3.0, most of the functionality which we need to
implement the OpenSSL provider is deprecated. Rather than reimplement
the whole provider in order to allow it to continue to work in the
future, just remove it. Efforts would be better spent doing more
optimization work rather than chasing OpenSSL's API changes.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Now modules default to internal headers instead of defaulting to public; making
a new public API should be a visible and intentional choice.
Brings the public header count from over 300 to around 150.
Also removes the deprecated tls_blocking interface
|
|
|
|
| |
About 2x faster on Skylake
|
| |
|
|\ |
|
| | |
|
|/
|
|
| |
This is in the hot path for GCM
|
|
|
|
| |
The last 4 bytes are always overwritten in this loop.
|
|
|
|
|
| |
Not complete, just trying to hit the most commonly used APIs plus the
ones that are easy to do.
|
| |
|
|
|
|
| |
Various configurations would fail build or test, fix that.
|
|
|
|
|
| |
We need this for Kyber, which uses 34 byte inputs to XOF when
computing the public matrix.
|
|
|
|
|
|
|
| |
It was only needed for one case which is easily hardcoded. Include
rotate.h in all the source files that actually use rotr/rotl but
implicitly picked it up via loadstor.h -> bswap.h -> rotate.h include
chain.
|
|
|
|
| |
static_casts for the compiler god
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid throwing base Botan::Exception type, as it is difficult to
determine what the error is in that case.
Add Exception::error_code and Exception::error_type which allows
(for error code) more information about the error and (for error type)
allows knowing the error type without requiring a sequence of catches.
See GH #1742
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Otherwise some CPUs suffer serious stalls. Using vzeroall on exit
also has the nice effect that we don't have to worry about register
contents leaking.
HT to @noloader for doing the background research on this.
|
|
|
|
| |
This is not exhaustive. See GH #1733
|
|
|
|
|
|
| |
Using the same transposition trick used for SSE2 in #1728
On my Skylake desktop about 5-10% faster depending on buffer sizes.
|
|
|
|
|
|
|
|
|
|
|
| |
This allows supporting SSE2, NEON and AltiVec in a single codebase,
so drop the NEON and SSE2 code.
This new impl avoids having to do shuffles with every round and so
is about 10% faster on Skylake.
Also, fix bugs in both baseline and AVX2 implementations when the
low counter overflowed. The SSE2 and NEON code were also buggy here.
|
|
|
|
|
| |
Originally written by Jeffrey Walton for Crypto++, which was in turn
based on my SSE2 ChaCha.
|
|
|
|
|
| |
It is confusing as while the stream cipher state is the input to
the permutation, the stream cipher has an unrelated input (the text).
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
We don't need to read each block since we know what is there
Improves CTR perf with AES-NI by 5-6%, also helps GCM
GH #969
|
|
|
|
|
| |
When used with AES-128 on Skylake (AES-NI), improves GCM performance
by 10% on small messages and 5% on 1K messages.
|
|
|
|
|
| |
Avoids the XOR operation. Only implemented for ChaCha20 currently,
everything else defaults to memset-to-zero + xor-cipher
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
If you called set_key, then set_iv, then set_iv again without having
previously reset the key, you would end up with a garbled state buffer
that depended on the value of the first IV.
This only affected 192-bit Salsa nonces, not other sizes.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add a test to detect that.
Add test that stream ciphers throw if they are asked to use
a nonce of a size they don't support.
Remove "In = 00...00" blocks since that's implicit in the stream
cipher tests.
|
| |
|