| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
It is suddenly 5x slower for an unknown reason
https://community.sonarsource.com/t/sonar-analysis-step-suddenly-much-5x-slower-on-travis-ci/4364
Now it either times out or else completely dominates the runtime for Travis,
either is not acceptable.
Leave the framework for using Sonar in CI for now so it is easy to test
if things have improved later. If things are still broken in a month or
two I'll probably just drop support for Sonar.
|
| |
|
|
|
|
|
|
| |
The build is timing out. Use -Os instead of -O3 in an attempt to
speed up the build step, and enable multithreaded analysis as
that step is also quite slow.
|
|
|
|
|
|
|
|
| |
Otherwise some CPUs suffer serious stalls. Using vzeroall on exit
also has the nice effect that we don't have to worry about register
contents leaking.
HT to @noloader for doing the background research on this.
|
| |
|
|
|
|
|
| |
This is still vulnerable to a cache-based side channel since the
multiple chosen leaks the final carry.
|
|\ |
|
| |
| |
| |
| | |
Avoid recalculating significant words which slows down reduction
|
| | |
|
| |
| |
| |
| | |
BigInt has changed size
|
|/ |
|
|\ |
|
| |
| |
| |
| |
| | |
We already assumed the args are < modulus so we can avoid the
call to sig_words. This provides a noticable speedup for ECDSA overall.
|
| | |
|
| | |
|
|/
|
|
|
| |
Only the base provider uses blinding for RSA. So the test should
run exclusively for this provider. Also use base provider explicitly.
|
|
|
|
| |
This is not exhaustive. See GH #1733
|
|
|
|
|
|
|
| |
LibreSSL 2.7 has added parts of the OpenSSL 1.1 API. Remove the
defined(LIBRESSL_VERSION_NUMBER) as it is not necessary anymore.
Switch to the newer API unconditionally, older LibreSSL version are
not supported.
|
| |
|
|
|
|
|
| |
Also include <new> in mem_ops.cpp as apparently that header is
where bad_alloc is defined.
|
|
|
|
| |
See #1726
|
| |
|
|
|
|
|
|
| |
The definition of return value of sig_words() means the integer is
zero iff sig_words() returns zero, so there is no reason to scan
over the data twice.
|
|\ |
|
| |
| |
| |
| |
| |
| | |
Using the same transposition trick used for SSE2 in #1728
On my Skylake desktop about 5-10% faster depending on buffer sizes.
|
|\ \ |
|
| | | |
|
| |/ |
|
|/
|
|
|
| |
It is confusing since its not clear from the name how many
elements it has, and this gives consistency with SIMD_8x32 type.
|
|
|
|
|
|
|
|
|
|
|
| |
This allows supporting SSE2, NEON and AltiVec in a single codebase,
so drop the NEON and SSE2 code.
This new impl avoids having to do shuffles with every round and so
is about 10% faster on Skylake.
Also, fix bugs in both baseline and AVX2 implementations when the
low counter overflowed. The SSE2 and NEON code were also buggy here.
|
| |
|
| |
|
|
|
|
| |
As this paramater is technically a user configurable toggle.
|
|
|
|
| |
This was trying to test for issue in #1723 but was incorrect.
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
which will cause incremental decoding to fail in ffi.
related code(ffi_cipher.cpp):
```cpp
BOTAN_ASSERT(cipher.update_granularity() > cipher.minimum_final_size(), "logic error");
```
|
|/ |
|
|
|
|
|
|
|
| |
Avoid doing the comparison against the largest hard coded prime,
when we know the prime table is 16 bits and we already have to
compute the bitsize of n in order to calculate the required number
of Miller-Rabin iterations.
|
|
|
|
|
|
|
|
|
|
|
| |
In some cases (EAX, GCM, ChaCha20Poly1305) the mode does not
handle this. However previously it handled it incorrectly by producing
incorrect output. Instead reject it with an exception.
Add a test that, if the mode accepts an AD before the nonce, then it
must process the message correctly. This is similar to the existing
test that if the mode accepts an AD before the key is set it must
do the right thing with it.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Fix a bug (bad length field), new APIs, etc
|
| |
|
|
|
|
| |
Fixes GH #1720
|
|
|
|
|
| |
Originally written by Jeffrey Walton for Crypto++, which was in turn
based on my SSE2 ChaCha.
|
|
|
|
|
| |
It is confusing as while the stream cipher state is the input to
the permutation, the stream cipher has an unrelated input (the text).
|
| |
|
| |
|