aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Fix some MSVC warnings in CT::MaskJack Lloyd2018-12-041-2/+2
|
* Reporting for fuzz test timingJack Lloyd2018-12-041-4/+9
| | | | Also use 2x core count as this spends a lot of time on IO
* Remove testing branchJack Lloyd2018-12-041-1/+0
|
* Merge GH #1767 Switch Travis builds to XenialJack Lloyd2018-12-0412-99/+82
|\
| * Pylint fixesJack Lloyd2018-12-035-7/+6
| |
| * Update Travis build to use XenialJack Lloyd2018-12-033-84/+56
| | | | | | | | | | | | | | | | | | Drops Mingw i686 build as it runs into a problem I could not debug, when unit_tls.cpp is compiled with -O2 it crashes with a useless backtrace. If compiled with -g or with lower optimizations it is ok. Replaced with Mingw x86-64. Add mips64 build.
| * Do multiple jobs for pylint analysisJack Lloyd2018-12-031-2/+2
| |
| * Fix a FFI test when threads are disabledJack Lloyd2018-12-031-1/+9
| |
| * Avoid parallel build with Sphinx before 1.4Jack Lloyd2018-12-031-1/+1
| | | | | | | | As Ubuntu 16.04 has v1.3 and it crashes when you use -j
| * Fix a memory leak in OpenSSL ECDHJack Lloyd2018-12-031-3/+5
| |
| * Add PVR identifer for POWER9Jack Lloyd2018-12-031-1/+3
| | | | | | | | According to qemu-ppc64le -cpu help output
* | Merge GH #1765 Avoid some conditional branches in binary extended Euclidean ↵Jack Lloyd2018-12-033-12/+62
|\ \ | |/ |/| | | algorithm
| * Make binary extended Euclidean algorithm less branchyJack Lloyd2018-12-033-12/+62
| | | | | | | | This is still leaky, but much less than before.
* | Fix Sphinx errorsJack Lloyd2018-12-032-1/+2
| |
* | Fix bug in TLS CBC unpaddingJack Lloyd2018-12-032-1/+7
|/ | | | | | Regression introduced in 007314c5 Found by OSS-Fuzz (bug id 11693)
* Extend ct_modulo to handle negative inputsJack Lloyd2018-12-031-8/+17
| | | | Unfortunately Barrett reductions API allows negative inputs
* Use const time reductions in Barrett and LCM computationsJack Lloyd2018-12-033-4/+23
|
* Use ct_modulo in format preserving encryptionJack Lloyd2018-12-031-2/+2
|
* Use ct_modulo during RSA key generationJack Lloyd2018-12-031-6/+7
|
* Fix shift operatorJack Lloyd2018-12-031-1/+1
| | | | This would continually reallocate to larger sizes which is bad news.
* Add ct_modulo and BigInt::ct_cond_swapJack Lloyd2018-12-034-7/+62
|
* Merge GH #1759 Add constant time divide by uint8_tJack Lloyd2018-12-037-12/+146
|\
| * Add a constant time divide variant for dividing by uint8_tJack Lloyd2018-12-027-12/+146
| | | | | | | | | | | | | | | | | | Originally wrote it for div-by-word but that ends up requiring a dword type which we don't always have. And uint8_t covers the most important cases of n = 10 and n = 58 (whenever I get around to writing base58). We could portably support up to div-by-uint32, but I don't think we need it. Nicely for n = 10, this is actually faster than the variable time division.
* | Merge GH #1758 Remove some conditional branches from variable time divisionJack Lloyd2018-12-031-53/+46
|\ \ | |/ |/|
| * Make variable time division less branchyJack Lloyd2018-12-021-53/+46
| | | | | | | | This is still leaky, but better than nothing.
* | Merge GH #1757 Add a constant time division algorithmJack Lloyd2018-12-029-16/+145
|\|
| * Add a const-time division algorithmJack Lloyd2018-12-029-16/+145
| | | | | | | | | | | | | | | | It is stupid and slow (~50-100x slower than variable time version) but still useful for protecting critical algorithms. Not currently used, waiting for OSS-Fuzz to test it for a while before we commit to it.
* | Merge GH #1756 Support getting passphrase from the consoleJack Lloyd2018-12-0211-48/+186
|\ \ | |/ |/|
| * Avoid macro conflict when including termios in amalgamationJack Lloyd2018-12-021-0/+1
| |
| * Support getting a passphrase from most of the cli toolsJack Lloyd2018-12-019-23/+46
| |
| * Add Win32 support for echo suppressionJack Lloyd2018-12-011-3/+47
| | | | | | | | Tested with MinGW cross compiler and Wine.
| * Promote echo suppression of terminal to Botan::OSJack Lloyd2018-12-013-26/+96
| |
* | Fix a bug in bigint_sub_absJack Lloyd2018-12-022-0/+10
| | | | | | | | | | | | | | If one of the values had leading zero words, this could end up calling bigint_sub with x_size < y_size. OSS-Fuzz 11664 and 11656
* | One variable per lineJack Lloyd2018-12-021-1/+2
| |
* | Better debugging output when a test failsJack Lloyd2018-12-021-7/+15
|/ | | | Printing the output key makes it easier to find the offending test.
* Correct a bug in BigInt::operator%(word)Jack Lloyd2018-12-014-23/+43
| | | | | | If reducing a negative number modulo a power of 2, an incorrect result would be returned. This only affected the versions taking a single word as the modulo.
* No need to check x when checking if a point is at infinityJack Lloyd2018-12-011-2/+1
| | | | I'm not sure why this was here.
* Unroll mod_sub for 6 words also, helps P-384 quite a bitJack Lloyd2018-12-011-0/+2
|
* Avoid conditional operations in P-521 reductionJack Lloyd2018-12-011-30/+31
|
* Add BigInt::mod_mulJack Lloyd2018-12-019-56/+104
|
* Simplify BigInt addition and subtractionJack Lloyd2018-11-306-187/+175
| | | | | Addition already has to handle negative numbers so make it do double duty for subtraction.
* Fix a bug in OneAndZeros unpaddingJack Lloyd2018-11-304-24/+54
| | | | | | | Introduced in b13c0cc8590199d, it could only trigger if the block size was more than 256 bytes. In that case an invalid padding could be accepted. OSS-Fuzz 11608 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11608)
* Fix debug asserts, and add it to CIJack Lloyd2018-11-292-2/+4
|
* Add CT::Mask typeJack Lloyd2018-11-2820-317/+519
|
* Fix typo [ci skip]Jack Lloyd2018-11-271-1/+1
|
* Need to ensure minimum size hereJack Lloyd2018-11-271-0/+1
| | | | Previously handled by the early exit
* Optimizations for NIST reductionJack Lloyd2018-11-261-22/+20
| | | | Also avoid an early exit in P-521
* Make more BigInt functions const-timeJack Lloyd2018-11-267-135/+328
| | | | In particular comparisons, calc sig words, and mod_sub are const time now.
* Merge GH #1744 Make exception throws easier to debugJack Lloyd2018-11-2381-359/+655
|\
| * Make exceptions easier to translate to error codesJack Lloyd2018-11-2381-359/+655
| | | | | | | | | | | | | | | | | | | | | | Avoid throwing base Botan::Exception type, as it is difficult to determine what the error is in that case. Add Exception::error_code and Exception::error_type which allows (for error code) more information about the error and (for error type) allows knowing the error type without requiring a sequence of catches. See GH #1742