summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* README: Convert to Markdown and add end-of-life noticeHEADmasterDarsey Litzenberger2022-01-241-14/+32
|
* Doc/pycrypt.rst: reStructuredText formatting fixesDarsey Litzenberger2022-01-241-5/+5
|
* LEGAL: Add old revisions of CodeSubmissionRequirements archived from ↵Darsey Litzenberger2022-01-244-7/+170
| | | | www.dlitz.net
* Name change + .mailmapDarsey Litzenberger2022-01-244-10/+18
|
* tools/create-pythons.sh: Set CONCURRENCY_LEVEL automaticallyDarsey Litzenberger2022-01-221-1/+1
|
* Increase attempts for recovering RSA (p,q) from (n,e,d)stageWouter Bolsterlee2014-06-232-2/+2
| | | | | | | | | | | | | | | Bump the maximum number of iterations to recover (p,q) given (n,e,d) to increase the chance that the algorithm succeeds. The algorithm used is a probabilistic one with a 1/2 chance of finding the right value in each iteration, so it's likely that only a few iterations are needed. However, in some extreme cases this may still fail. Bumping the maximum number allow the algorithm to correctly find the right values for these cases. This changes bumps the number of iterations from 50 to 500 (the value 'a' is increased by 2 in each step), and hence reduces the chance of failure from 2**-50 to 2**-500. Note that this change does *not* result in a performance degradation.
* Realign V tables dynamicallyLegrandin2014-06-221-15/+32
|
* Make Cipher.galois module privateLegrandin2014-06-223-15/+15
|
* Update configure script from configure.acDwayne Litzenberger2014-06-221-0/+38
|
* Make GHASH more robust against timing attacks.Legrandin2014-06-224-195/+105
| | | | | | | | | | | | | | | | | | | | | In order to speed up as much as possible the GHASH, the current implementation expands the 16 byte hash key (H) into a table of 64 KBytes. However, that is sensitive to cache-based timing attacks. If we assume that access to data inside the same cache line is constant-time (likely), fitting a table item into a cache line may help against the attacks. This patch reduce the pre-computed table from 64K to 4K and aligns every item to a 32 byte boundary (since most modern CPUs have cache line of that size or larger). This patch will reduce the overall performance. This patch also reverts commit 965871a727 ("GCM mode: Optimize key setup for GCM mode") since I actually got conflicting benchmark results.
* Add side-channel countermeasures to DSA.Legrandin2014-06-223-14/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | This patch strenghten the DSA signing code against side-channel attacks. The DSA signing formulae: r = (g^{k} mod p) mod q s = k^{-1} * (H(m) + r*x) mod q becomes: b = random in [1..q) r = (g^{k} mod p) mod q s = (b * k)^{-1} * (b*H(m) + r*(b*x)) mod q In this way we avoid that the secret (x) gets multiplied by a random factor (r) which is immediately disclosed to an attacker (which we assume can both collect (r) and also monitor the side-channel produced by the multiplication). See also attack DSA_2 in: "Minimum Requirements for Evaluating Side-Channel Attack Resistance of RSA, DSA and Diffie-Hellman Key Exchange Implementations", BSI
* Extended fix for the RSA boundary checkLegrandin2014-06-223-1/+17
|
* Fix speedtest run for ECB modes.Richard Mitchell2014-06-221-0/+2
|
* Remove a few custom exception types.Legrandin2014-06-225-90/+84
| | | | | | | | | | | The following custom exceptions are replaced with ValueError: * Crypto.Util.PaddingError * Crypto.PublicKey.KeyFormatError The custom Crypto.Util.asn1.NoDerElementError is now private to the module. Some white spaces have been removed.
* tox.ini: We don't support pypy; tox no longer supports Python 2.5; add commentDwayne Litzenberger2014-06-221-1/+4
|
* Add support for toxMarc Abramowitz2014-06-222-0/+13
|
* Fix tobytes() broken by previous commit.Dwayne Litzenberger2014-06-221-16/+9
| | | | Python 2.1 str objects don't have a .decode() method.
* Get rid of catch-all exceptions. LP#1178485.Richard Mitchell2014-06-222-3/+3
|
* Upgrade libtomcrypt 1.16 -> 1.17 (LP#1264130)Dwayne Litzenberger2014-06-2212-311/+375
|\ | | | | | | | | | | | | | | This should fix a FreeBSD build issue: https://bugs.launchpad.net/pycrypto/+bug/1264130 Thanks to Richard Mitchell <richard.j.mitchell@gmail.com> for suggesting how to fix this.
| * PyCrypto customizations: Declare things static so that we don't leak symbolsDwayne Litzenberger2014-06-222-28/+28
| |
| * Pristine files from libtomcrypt-1.17Dwayne Litzenberger2014-06-2214-0/+6010
| | | | | | | | | | | | | | | | | | Original tarball downloaded from: http://libtom.org/files/crypt-1.17.tar.bz2 http://libtom.org/files/crypt-1.17.tar.bz2.sig SHA256 sums: e33b47d77a495091c8703175a25c8228aff043140b2554c08a3c3cd71f79d116 *crypt-1.17.tar.bz2 8f52ddfb17656f7a2e510d92a26c8b33e0c1f431af7febd9cf1298a77b5fd932 *crypt-1.17.tar.bz2.sig libtomcrypt-1.17/LICENSE says: LibTomCrypt is public domain. As should all quality software be. Tom St Denis
* DES3: Move "Two-key 3DES" support into DES.c instead of customizing ↵Dwayne Litzenberger2014-06-222-14/+20
| | | | tomcrypt_des.c
* Clearer wording on Linux installation dependencies. One doesn't just require ↵Richard Mitchell2014-06-221-7/+6
| | | | them if the build fails with a specific error. LP:1270996.
* Workaround missing bit_AES definesSebastian Ramacher2014-06-221-0/+13
| | | | | | | clang provides the same constant as bit_AESNI in some versions, and doesn't provide it at all in others. Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
* Fix compilation with clang-3.3Sebastian Ramacher2014-06-221-8/+9
| | | | | | clang-3.3 is stricter regarding the second argument of _mm_shuffle_epi32. Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
* Remove 16-year-old .bzrignore fileDwayne Litzenberger2014-06-221-4/+0
|
* Bugs are now tracked on GitHubDwayne Litzenberger2014-06-221-2/+2
|
* Update .travis.yml to test against most Python versions we support (Linux only)Dwayne Litzenberger2014-06-221-9/+53
|
* Fix tests when running under "python -OO" (PYTHONOPTIMIZE set to 1 or 2)Dwayne Litzenberger2014-06-224-5/+24
|
* Fix BytesWarning when running with "python3 -bb"Dwayne Litzenberger2014-06-221-1/+1
|
* Travis CI config file.Lucas Garron2014-06-221-0/+11
|
* Merge branch 'fix-aesni-aligned-malloc'Dwayne Litzenberger2014-02-221-1/+5
|\
| * AESNI: Fix order of alignment & size args in _aligned_mallocDwayne Litzenberger2014-02-221-1/+5
| |
* | Fix tools/create-pythons.sh building Python on Linux 3.x or later ↵Dwayne Litzenberger2014-02-221-0/+39
| | | | | | | | (sys.platform should be "linux2", not "linux3")
* | Oops. Actually build Python 3.4.0rc1 in tools/create-pythons.shDwayne Litzenberger2014-02-221-1/+2
| |
* | Add Python 3.4.0rc1 to tools/create-pythons.shDwayne Litzenberger2014-02-221-1/+4
| |
* | Regenerate autoconf filesDwayne Litzenberger2014-02-223-5/+524
|/
* Clean up AESNI aligned malloc() wrappersDwayne Litzenberger2014-02-221-33/+22
| | | | | | | - Set errno properly when using posix_memalign - Rename to aligned_malloc_wrapper / aligned_free_wrapper - Use a single set of #if blocks, to avoid the possibility of mismatching them.
* Merge pull request #62 (Fixes AESNI alignment bug)Dwayne Litzenberger2014-02-229-17/+108
|\
| * Prefer C11's aligned_alloc if it is availableSebastian Ramacher2014-02-221-4/+4
| | | | | | | | Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
| * Check return value of posix_memalignSebastian Ramacher2014-02-221-1/+3
| | | | | | | | Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
| * Add wrapper for freeSebastian Ramacher2014-02-221-6/+19
| | | | | | | | | | | | | | For _aligned_malloc calling free is illegal. We need to use_aligned_free instead. Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
| * Add a wrapper for posix_memalign and friendsSebastian Ramacher2013-10-281-17/+22
| | | | | | | | | | | | This also fixes the order of arguments passed to _aligned_malloc. Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
| * Make sure that ek and dk are aligned at 16 byte boundariesSebastian Ramacher2013-10-283-4/+49
| | | | | | | | | | | | | | | | ek and dk are used as operands in instructions that require 16 byte alignment. Thanks to Greg Price for finding this issue. Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
| * Add block_finalize to clean up block_state from ALGdeallocSebastian Ramacher2013-10-287-0/+26
| | | | | | | | | | | | This is the counterpart to block_init which is called from ALGnew. Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
| * Be more consistent with spaces and tabsSebastian Ramacher2013-10-281-13/+13
| | | | | | | | Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
* | Fix handle_fastmath_import_error (broken due to incorrect path in the ↵Dwayne Litzenberger2014-02-221-10/+11
| | | | | | | | | | | | previous commit) Tested on py21-py33 by force-uninstalling libgmp10 after building.
* | Refactor 3 places handling fastmath ImportErrorMarc Abramowitz2014-02-224-30/+18
| | | | | | | | | | so that they call `Crypto.SelfTest.st_common.handle_fastmath_import_error`, thereby eliminiating duplicate code.
* | Use different method for getting ext_suffixMarc Abramowitz2014-02-223-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | ``` ext_suffix = get_config_var("EXT_SUFFIX") or get_config_var("SO") ``` because `get_config_var("SO")` returns None in Python 3.4.0a4 because the "SO" variable is deprecated and "EXT_SUFFIX" is the new way to get this information (see: http://bugs.python.org/issue19555) This fixes `TypeError: Can't convert 'NoneType' object to str implicitly` errors when running the tests on Python 3.4.0a4.
* | Fix typo in error stringDwayne Litzenberger2014-02-221-1/+1
| |
View Lorry Controller Status