aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Fix build on 32-bitJack Lloyd2017-10-261-1/+1
|
* Avoid invalid iterator woesJack Lloyd2017-10-261-8/+18
|
* Blake2b optimizationsJack Lloyd2017-10-263-133/+94
| | | | | Nothing major but does improve perf for large buffers from 910 MB/s to 970 MB/s on Skylake.
* Merge GH #1275 Avoid needless throw/catch during TLS handshakeJack Lloyd2017-10-261-1/+2
|\
| * Added missing include.Frank Schoenmann2017-10-251-0/+1
| |
| * Perform OIDS lookup before to prevent a guaranteed exception in EC_Group.Frank Schoenmann2017-10-251-1/+1
| |
* | Avoid sending OCSP status request on resumption client helloJack Lloyd2017-10-251-2/+0
|/ | | | | | | Causes the connection to break for some servers. Fixes GH #1276 Also avoid setting the same extension twice in the initial connection case. The extensions code dedups it so this wasn't a problem, but confusing.
* Skip ARM32 specific byteswap code, enable MSVC byteswap intrinsicsJack Lloyd2017-10-242-34/+15
| | | | | | | | | | While older versions of GCC did very badly with __builtin_bswap on ARM, I checked GCC 4.8 and it behaves correctly, emitting either rev or else the same optimal sequence as was used in the inline asm (depending on if ARMv7 is enabled or not.) Enable MSVC byteswap intrinsics, which (hopefully) work on all platforms. Drop the x86-32 specific asm for byteswap.
* Convert http:// links to https:// where possibleJack Lloyd2017-10-2417-21/+21
|
* Merge GH #1263 Support FFDHE negotiation in TLSJack Lloyd2017-10-2210-28/+352
|\
| * Remove check for negotiated DH group in TLS clientRené Korthaus2017-10-201-29/+0
| | | | | | | | | | | | | | The server may not support the supported groups extension and choose an arbitrary group. RFC 7919 permits clients to continue if the group is acceptable under local policy, which we do now.
| * Fall back to default group if client does not send any DH groupsRené Korthaus2017-10-202-2/+19
| |
| * Add allowed values for allowed groupsRené Korthaus2017-10-181-3/+13
| |
| * Add supported groups TLS extension (RFC 7919)René Korthaus2017-10-1711-27/+353
| |
* | Merge GH #1271 Deprecate some exception typesJack Lloyd2017-10-221-3/+3
|\ \
| * | deprecate exceptionsDaniel Neus2017-10-211-3/+3
| | |
* | | Merge GH #1270 Support verification of PSS X.509 objectsJack Lloyd2017-10-225-11/+152
|\ \ \ | |/ / |/| |
| * | review changesDaniel Neus2017-10-213-10/+10
| | |
| * | X.509 RSA-PSS verificationDaniel Neus2017-10-205-10/+151
| | |
* | | Fix for 32-bit WindowsJack Lloyd2017-10-201-4/+4
| | | | | | | | | | | | The buffer is not aligned :/
* | | Allow setting CTR width via stringJack Lloyd2017-10-203-6/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | Prohibit very small counter widths (under 4 bytes), since they lead to trivial keystream reuse. Add tests. Fix clone which always returned an object with a block-wide counter.
* | | Remove redundant checkJack Lloyd2017-10-201-3/+0
| | | | | | | | | | | | | | | | | | CBC mode already has this same size check. [ci skip]
* | | Add GHASH using SSSE3Jack Lloyd2017-10-204-2/+105
| | | | | | | | | | | | About 30% faster than scalar on Skylake
* | | Use base CBC modes to implement TLS CBC ciphersuitesJack Lloyd2017-10-193-49/+36
| | | | | | | | | | | | | | | This reduces code and also lets TLS make use of parallel decryption which it was not doing before.
* | | Remove unused variableJack Lloyd2017-10-191-1/+1
| | |
* | | Undeprecate these exceptionsJack Lloyd2017-10-192-5/+7
| | | | | | | | | | | | Cannot figure out how to get MSVC to shut up
* | | Another attempt at silencing MSVC warningJack Lloyd2017-10-192-6/+2
| | |
* | | Appease SonarJack Lloyd2017-10-191-1/+1
| | |
* | | Add a destructor to Policy_ViolationJack Lloyd2017-10-191-3/+4
|/ / | | | | | | | | MSVC produces a deranged warning that the compiler generated destructor is deprecated, try to shut it up.
* | Merge GH #1262 GCM and CTR optimizationsJack Lloyd2017-10-1913-436/+789
|\ \
| * | PMULL optimizationsJack Lloyd2017-10-183-61/+192
| | |
| * | Further optimizations, and split out GHASH reduction codeJack Lloyd2017-10-183-87/+57
| | |
| * | GCM and CTR optimizationsJack Lloyd2017-10-1811-372/+624
| |/ | | | | | | | | | | | | | | | | | | | | In CTR, special case for counter widths of special interest. In GHASH, uses a 4x reduction technique suggested by Intel. Split out GHASH to its own source file and header. With these changes GCM is over twice as fast on Skylake and about 50% faster on Westmere.
* / Use conditional include in demaphore.hSimon Warta2017-10-191-1/+1
|/
* Correct usage of std::aligned_storageJack Lloyd2017-10-151-6/+6
| | | | This ended up allocating 256 KiB!
* Additional final annotationsJack Lloyd2017-10-1519-27/+26
|
* GMAC optimizationJack Lloyd2017-10-152-21/+32
| | | | | Avoid copying inputs needlessly, on Skylake doubles performance (from 1 GB/s -> 2 GB/s)
* Merge GH #1257 Use std::aligned_storage for AES T-tableJack Lloyd2017-10-151-32/+56
|\
| * Use overaligned storage for AES T-TableJack Lloyd2017-10-141-32/+56
| | | | | | | | | | This improves performance by ~ .5 cycle/byte. Also it ensures that our cache reading countermeasure works as expected.
* | Merge GH #1255 Use a single T-table in AESJack Lloyd2017-10-151-127/+78
|\|
| * Reduce AES to using a single T-tableJack Lloyd2017-10-131-127/+78
| | | | | | | | | | | | | | | | | | Should have significantly better cache characteristics, though it would be nice to verify this. It reduces performance somewhat but less than I expected, at least on Skylake. I need to check this across more platforms to make sure t won't hurt too badly.
* | De-inline bodies of exception classesJack Lloyd2017-10-153-67/+133
|/ | | | | | | | | This leads to a rather shocking decrease in binary sizes, especially the static library (~1.5 MB reduction). Saves 60KB in the shared lib. Since throwing or catching an exception is relatively expensive these not being inlined is not a problem in that sense. It had simply not occured to me that it would take up so much extra space in the binary.
* Optimizations for SM4Jack Lloyd2017-10-131-35/+94
| | | | | | | | | Using a larger table helps quite a bit. Using 4 tables (ala AES T-tables) didn't seem to help much at all, it's only slightly faster than a single table with rotations. Continue to use the 8 bit table in the first and last rounds as a countermeasure against cache attacks.
* Accept SHA-1, SHA1, or SHA-160 equallyJack Lloyd2017-10-133-3/+3
| | | | | | Fixes #1235 [ci skip]
* Further GCM optimizationsJack Lloyd2017-10-131-17/+27
| | | | Went from 27 to 20 cycles per byte on Skylake (with clmul disabled)
* Merge GH #1253 GCM optimizationsJack Lloyd2017-10-138-174/+242
|\
| * Optimize GCMJack Lloyd2017-10-138-174/+242
| | | | | | | | | | | | | | | | | | | | By allowing multiple blocks for clmul, slight speedup there though still far behind optimum. Precompute a table of multiples of H, 3-4x faster on systems without clmul (and still no secret indexes). Refactor GMAC to not derive from GHASH
* | Merge GH #1254 Add missing includeJack Lloyd2017-10-131-0/+1
|\ \
| * | Add limits.h header for INT_MAXAlon Bar-Lev2017-10-131-0/+1
| |/ | | | | | | | | Gentoo-Bug: https://bugs.gentoo.org/633468 Signed-off-by: Alon Bar-Lev <[email protected]>
* / Use memcpy trick in 3-arg xor_buf alsoJack Lloyd2017-10-131-23/+17
|/