Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix some MSVC warnings in CT::Mask | Jack Lloyd | 2018-12-04 | 1 | -2/+2 |
| | |||||
* | Reporting for fuzz test timing | Jack Lloyd | 2018-12-04 | 1 | -4/+9 |
| | | | | Also use 2x core count as this spends a lot of time on IO | ||||
* | Remove testing branch | Jack Lloyd | 2018-12-04 | 1 | -1/+0 |
| | |||||
* | Merge GH #1767 Switch Travis builds to Xenial | Jack Lloyd | 2018-12-04 | 12 | -99/+82 |
|\ | |||||
| * | Pylint fixes | Jack Lloyd | 2018-12-03 | 5 | -7/+6 |
| | | |||||
| * | Update Travis build to use Xenial | Jack Lloyd | 2018-12-03 | 3 | -84/+56 |
| | | | | | | | | | | | | | | | | | | Drops Mingw i686 build as it runs into a problem I could not debug, when unit_tls.cpp is compiled with -O2 it crashes with a useless backtrace. If compiled with -g or with lower optimizations it is ok. Replaced with Mingw x86-64. Add mips64 build. | ||||
| * | Do multiple jobs for pylint analysis | Jack Lloyd | 2018-12-03 | 1 | -2/+2 |
| | | |||||
| * | Fix a FFI test when threads are disabled | Jack Lloyd | 2018-12-03 | 1 | -1/+9 |
| | | |||||
| * | Avoid parallel build with Sphinx before 1.4 | Jack Lloyd | 2018-12-03 | 1 | -1/+1 |
| | | | | | | | | As Ubuntu 16.04 has v1.3 and it crashes when you use -j | ||||
| * | Fix a memory leak in OpenSSL ECDH | Jack Lloyd | 2018-12-03 | 1 | -3/+5 |
| | | |||||
| * | Add PVR identifer for POWER9 | Jack Lloyd | 2018-12-03 | 1 | -1/+3 |
| | | | | | | | | According to qemu-ppc64le -cpu help output | ||||
* | | Merge GH #1765 Avoid some conditional branches in binary extended Euclidean ↵ | Jack Lloyd | 2018-12-03 | 3 | -12/+62 |
|\ \ | |/ |/| | | | algorithm | ||||
| * | Make binary extended Euclidean algorithm less branchy | Jack Lloyd | 2018-12-03 | 3 | -12/+62 |
| | | | | | | | | This is still leaky, but much less than before. | ||||
* | | Fix Sphinx errors | Jack Lloyd | 2018-12-03 | 2 | -1/+2 |
| | | |||||
* | | Fix bug in TLS CBC unpadding | Jack Lloyd | 2018-12-03 | 2 | -1/+7 |
|/ | | | | | | Regression introduced in 007314c5 Found by OSS-Fuzz (bug id 11693) | ||||
* | Extend ct_modulo to handle negative inputs | Jack Lloyd | 2018-12-03 | 1 | -8/+17 |
| | | | | Unfortunately Barrett reductions API allows negative inputs | ||||
* | Use const time reductions in Barrett and LCM computations | Jack Lloyd | 2018-12-03 | 3 | -4/+23 |
| | |||||
* | Use ct_modulo in format preserving encryption | Jack Lloyd | 2018-12-03 | 1 | -2/+2 |
| | |||||
* | Use ct_modulo during RSA key generation | Jack Lloyd | 2018-12-03 | 1 | -6/+7 |
| | |||||
* | Fix shift operator | Jack Lloyd | 2018-12-03 | 1 | -1/+1 |
| | | | | This would continually reallocate to larger sizes which is bad news. | ||||
* | Add ct_modulo and BigInt::ct_cond_swap | Jack Lloyd | 2018-12-03 | 4 | -7/+62 |
| | |||||
* | Merge GH #1759 Add constant time divide by uint8_t | Jack Lloyd | 2018-12-03 | 7 | -12/+146 |
|\ | |||||
| * | Add a constant time divide variant for dividing by uint8_t | Jack Lloyd | 2018-12-02 | 7 | -12/+146 |
| | | | | | | | | | | | | | | | | | | Originally wrote it for div-by-word but that ends up requiring a dword type which we don't always have. And uint8_t covers the most important cases of n = 10 and n = 58 (whenever I get around to writing base58). We could portably support up to div-by-uint32, but I don't think we need it. Nicely for n = 10, this is actually faster than the variable time division. | ||||
* | | Merge GH #1758 Remove some conditional branches from variable time division | Jack Lloyd | 2018-12-03 | 1 | -53/+46 |
|\ \ | |/ |/| | |||||
| * | Make variable time division less branchy | Jack Lloyd | 2018-12-02 | 1 | -53/+46 |
| | | | | | | | | This is still leaky, but better than nothing. | ||||
* | | Merge GH #1757 Add a constant time division algorithm | Jack Lloyd | 2018-12-02 | 9 | -16/+145 |
|\| | |||||
| * | Add a const-time division algorithm | Jack Lloyd | 2018-12-02 | 9 | -16/+145 |
| | | | | | | | | | | | | | | | | It is stupid and slow (~50-100x slower than variable time version) but still useful for protecting critical algorithms. Not currently used, waiting for OSS-Fuzz to test it for a while before we commit to it. | ||||
* | | Merge GH #1756 Support getting passphrase from the console | Jack Lloyd | 2018-12-02 | 11 | -48/+186 |
|\ \ | |/ |/| | |||||
| * | Avoid macro conflict when including termios in amalgamation | Jack Lloyd | 2018-12-02 | 1 | -0/+1 |
| | | |||||
| * | Support getting a passphrase from most of the cli tools | Jack Lloyd | 2018-12-01 | 9 | -23/+46 |
| | | |||||
| * | Add Win32 support for echo suppression | Jack Lloyd | 2018-12-01 | 1 | -3/+47 |
| | | | | | | | | Tested with MinGW cross compiler and Wine. | ||||
| * | Promote echo suppression of terminal to Botan::OS | Jack Lloyd | 2018-12-01 | 3 | -26/+96 |
| | | |||||
* | | Fix a bug in bigint_sub_abs | Jack Lloyd | 2018-12-02 | 2 | -0/+10 |
| | | | | | | | | | | | | | | If one of the values had leading zero words, this could end up calling bigint_sub with x_size < y_size. OSS-Fuzz 11664 and 11656 | ||||
* | | One variable per line | Jack Lloyd | 2018-12-02 | 1 | -1/+2 |
| | | |||||
* | | Better debugging output when a test fails | Jack Lloyd | 2018-12-02 | 1 | -7/+15 |
|/ | | | | Printing the output key makes it easier to find the offending test. | ||||
* | Correct a bug in BigInt::operator%(word) | Jack Lloyd | 2018-12-01 | 4 | -23/+43 |
| | | | | | | If reducing a negative number modulo a power of 2, an incorrect result would be returned. This only affected the versions taking a single word as the modulo. | ||||
* | No need to check x when checking if a point is at infinity | Jack Lloyd | 2018-12-01 | 1 | -2/+1 |
| | | | | I'm not sure why this was here. | ||||
* | Unroll mod_sub for 6 words also, helps P-384 quite a bit | Jack Lloyd | 2018-12-01 | 1 | -0/+2 |
| | |||||
* | Avoid conditional operations in P-521 reduction | Jack Lloyd | 2018-12-01 | 1 | -30/+31 |
| | |||||
* | Add BigInt::mod_mul | Jack Lloyd | 2018-12-01 | 9 | -56/+104 |
| | |||||
* | Simplify BigInt addition and subtraction | Jack Lloyd | 2018-11-30 | 6 | -187/+175 |
| | | | | | Addition already has to handle negative numbers so make it do double duty for subtraction. | ||||
* | Fix a bug in OneAndZeros unpadding | Jack Lloyd | 2018-11-30 | 4 | -24/+54 |
| | | | | | | | Introduced in b13c0cc8590199d, it could only trigger if the block size was more than 256 bytes. In that case an invalid padding could be accepted. OSS-Fuzz 11608 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11608) | ||||
* | Fix debug asserts, and add it to CI | Jack Lloyd | 2018-11-29 | 2 | -2/+4 |
| | |||||
* | Add CT::Mask type | Jack Lloyd | 2018-11-28 | 20 | -317/+519 |
| | |||||
* | Fix typo [ci skip] | Jack Lloyd | 2018-11-27 | 1 | -1/+1 |
| | |||||
* | Need to ensure minimum size here | Jack Lloyd | 2018-11-27 | 1 | -0/+1 |
| | | | | Previously handled by the early exit | ||||
* | Optimizations for NIST reduction | Jack Lloyd | 2018-11-26 | 1 | -22/+20 |
| | | | | Also avoid an early exit in P-521 | ||||
* | Make more BigInt functions const-time | Jack Lloyd | 2018-11-26 | 7 | -135/+328 |
| | | | | In particular comparisons, calc sig words, and mod_sub are const time now. | ||||
* | Merge GH #1744 Make exception throws easier to debug | Jack Lloyd | 2018-11-23 | 81 | -359/+655 |
|\ | |||||
| * | Make exceptions easier to translate to error codes | Jack Lloyd | 2018-11-23 | 81 | -359/+655 |
| | | | | | | | | | | | | | | | | | | | | | | Avoid throwing base Botan::Exception type, as it is difficult to determine what the error is in that case. Add Exception::error_code and Exception::error_type which allows (for error code) more information about the error and (for error type) allows knowing the error type without requiring a sequence of catches. See GH #1742 |