| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Addition already has to handle negative numbers so make it do
double duty for subtraction.
|
| |
|
|
|
|
|
| |
Introduced in b13c0cc8590199d, it could only trigger if the block size
was more than 256 bytes. In that case an invalid padding could be accepted.
OSS-Fuzz 11608 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11608)
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Previously handled by the early exit
|
| |
|
|
| |
Also avoid an early exit in P-521
|
| |
|
|
| |
In particular comparisons, calc sig words, and mod_sub are const time now.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Avoid throwing base Botan::Exception type, as it is difficult to
determine what the error is in that case.
Add Exception::error_code and Exception::error_type which allows
(for error code) more information about the error and (for error type)
allows knowing the error type without requiring a sequence of catches.
See GH #1742
|
| | |
| |
| |
| |
| | |
For some compilers this may make the difference between compiling
using bitmasks as intendeded, and compiling with a conditional jump.
|
| |/ |
|
| | |
|
| |
|
|
| |
Closes #1746
|
| |
|
|
| |
Closes #1747
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| | |
Wraps memcpy in the cases where we really are doing a type conversion
using memcpy
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Prefer using wrappers in mem_utils for this.
Current exception is where memcpy is being used to convert between
two different types, since copy_mem requires input and output
pointers have the same type. There should be a new function to
handle conversion-via-memcpy operation.
|
| | | |
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It is suddenly 5x slower for an unknown reason
https://community.sonarsource.com/t/sonar-analysis-step-suddenly-much-5x-slower-on-travis-ci/4364
Now it either times out or else completely dominates the runtime for Travis,
either is not acceptable.
Leave the framework for using Sonar in CI for now so it is easy to test
if things have improved later. If things are still broken in a month or
two I'll probably just drop support for Sonar.
|
| | |
|
| |
|
|
|
|
| |
The build is timing out. Use -Os instead of -O3 in an attempt to
speed up the build step, and enable multithreaded analysis as
that step is also quite slow.
|
| |
|
|
|
|
|
|
| |
Otherwise some CPUs suffer serious stalls. Using vzeroall on exit
also has the nice effect that we don't have to worry about register
contents leaking.
HT to @noloader for doing the background research on this.
|
| | |
|
| |
|
|
|
| |
This is still vulnerable to a cache-based side channel since the
multiple chosen leaks the final carry.
|
| |\ |
|
| | |
| |
| |
| | |
Avoid recalculating significant words which slows down reduction
|
| | | |
|
| | |
| |
| |
| | |
BigInt has changed size
|
| |/ |
|
| |\ |
|
| | |
| |
| |
| |
| | |
We already assumed the args are < modulus so we can avoid the
call to sig_words. This provides a noticable speedup for ECDSA overall.
|
| | | |
|
| | | |
|
| |/
|
|
|
| |
Only the base provider uses blinding for RSA. So the test should
run exclusively for this provider. Also use base provider explicitly.
|
| |
|
|
| |
This is not exhaustive. See GH #1733
|
| |
|
|
|
|
|
| |
LibreSSL 2.7 has added parts of the OpenSSL 1.1 API. Remove the
defined(LIBRESSL_VERSION_NUMBER) as it is not necessary anymore.
Switch to the newer API unconditionally, older LibreSSL version are
not supported.
|
| | |
|
| |
|
|
|
| |
Also include <new> in mem_ops.cpp as apparently that header is
where bad_alloc is defined.
|
| |
|
|
| |
See #1726
|
| | |
|
| |
|
|
|
|
| |
The definition of return value of sig_words() means the integer is
zero iff sig_words() returns zero, so there is no reason to scan
over the data twice.
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
Using the same transposition trick used for SSE2 in #1728
On my Skylake desktop about 5-10% faster depending on buffer sizes.
|
| |\ \ |
|
| | | | |
|
