chiark / gitweb /
Mark Wooding [Sat, 9 Nov 2019 00:41:46 +0000 (00:41 +0000)]
math/t/{mpx,mpmont}: Add some extra tests for flushing out `mul4' bugs.
Mark Wooding [Mon, 4 Nov 2019 11:59:28 +0000 (11:59 +0000)]
math/mpx-mul4-*: Test the `...zc' variants too.
Mark Wooding [Sat, 9 May 2020 13:24:15 +0000 (14:24 +0100)]
math/Makefile.am, symm/Makefile.am: Use `--no-install' on oddball tests.
There are a small number of test programs -- mostly for unsaturated
bignum code built specially to test unusual piece sizes -- and these
should be built with `-no-install' or whataver just like the normal test
programs.
Mark Wooding [Sat, 26 Oct 2019 14:51:22 +0000 (15:51 +0100)]
progs/pixie.c: Don't crash when trying to set an empty passphrase.
Mark Wooding [Sat, 9 May 2020 12:26:13 +0000 (13:26 +0100)]
configure.ac, vars.am: Use host-specific link options for test programs.
It turns out that `libtool' spams an annoying warning message to the
terminal every time you call it with `-no-install' on a Windowsish or
Mac OSish system. Since this is just intended to be an optimization and
developer-convenience feature, wind it down to `-no-fast-install' on the
affected platforms so as not to provoke these really annoying messages.
Mark Wooding [Wed, 6 May 2020 09:16:01 +0000 (10:16 +0100)]
vars.am: Don't build the test programs for installation.
Most importantly, this makes them much easier to attach a debugger to,
because the actual executables are now where you expect, and you don't
have to write ridiculous runes involving `../libtool --mode=execute
...'.
Also, this makes the actual linking step somewhat faster.
Mark Wooding [Thu, 12 Dec 2019 19:12:26 +0000 (19:12 +0000)]
rand/rand.c: Mix the pool key in `rand_gate' and `rand_stretch'.
Back in commit
d6fab4f6ae209afd6799a2974ce2849123965170, I rearranged
the cryptography to use plain SHA256 rather than RIPEMD160-HMAC for
determining the cipher key for churning the generator state.
I also managed to remove all the points at which the key actually
influences the behaviour of the generator!
This was four years ago, and I can't remember exactly why, but my guess
is that the key was previously inserted as part of `rmd160_macinit',
which was replaced by the unheyed `HASH_INIT' function.
Mark Wooding [Fri, 15 Nov 2019 19:37:29 +0000 (19:37 +0000)]
rand/lcrand.c: Swap flags and max so generator not advertised as strong.
Oh, dear. This isn't good.
Even worse, this means that `max' was advertised as zero, so the outputs
have been biased.
Mark Wooding [Wed, 23 Oct 2019 03:10:27 +0000 (04:10 +0100)]
pub/dh-kcdsa.c: Free the correct factor.
Mark Wooding [Thu, 14 Nov 2019 20:17:58 +0000 (20:17 +0000)]
math/limlee.c: Don't leak the factor vector on overall failure.
The `done' function doesn't know whether we succeeded or failed, so it
prepares the factor vector for output regardless. In `limlee', if we
don't have a result, then release the factors.
Mark Wooding [Thu, 14 Nov 2019 19:53:27 +0000 (19:53 +0000)]
math/limlee.c: Handle an abort from `pgen' correctly.
The `llgen' function just tries again if `pgen' reports an abort. This
is entirely contrary to the intend of the `PGEN_ABORT' protocol, so I've
no idea why I thought this was a good idea.
Instead, leave the prime slot null (because adding a return code to the
`pgen' callback breaks the API), and arrange for the caller to notice
and clean up. This is annoyingly because there may be an `mpmul' in
progress.
Mark Wooding [Thu, 14 Nov 2019 19:46:53 +0000 (19:46 +0000)]
math/pgen.c: Don't free the tester if it's not set up.
The problem flow is this:
* The stepper reports a candidate (`p' is `P_STEP', and `proc' returns
`PGEN_TRY').
* We decide to (a) report an event (set `A_EVENT' in `act'), and (b)
initialize the tester (set `p = P_TEST', `proc = test', and `rq =
PGEN_BEGIN'.
* We call the event handler, but it returns `PGEN_ABORT'. We notice
that `p == P_TEST', and set `A_ENDTEST'.
* This causes us to call `test' with `PGEN_DONE'. Alas, the tester
hasn't been initialized, because we haven't actually called it with
`PGEN_BEGIN' yet. Result: segfault.
We can notice this because `rq == PGEN_BEGIN': don't set `A_ENDTEST'
if this is the case.
Mark Wooding [Fri, 18 Oct 2019 21:45:01 +0000 (22:45 +0100)]
math/ec-exp.h: Fix segfault when base point is at infinity.
Mark Wooding [Thu, 21 Nov 2019 17:43:51 +0000 (17:43 +0000)]
key/key-data.c (key_copydata): Fix catastrophic bug.
The fundamental problem is that the key-encoding test has the wrong
sense. The result is that we end up (only) trying to iterate over non-
structured keys, which results in an assertion failure.
Also, switch things around so that we check the encoding type before
checking the flags.
Mark Wooding [Tue, 8 Oct 2019 19:23:01 +0000 (20:23 +0100)]
key/key-data.c (key_split): Fix long-standing reference leak.
Mark Wooding [Sat, 26 Oct 2019 14:38:25 +0000 (15:38 +0100)]
key/key-misc.c (key_bytag): Don't give up because a by-id search fails.
This came to my attention when searching for a key of type `ec' didn't
work because it looks like a hex number. This obviously sucks.
Mark Wooding [Wed, 30 Oct 2019 00:45:11 +0000 (00:45 +0000)]
base/dispatch.c, etc.: Check that `rdrand' works.
When probing for `rdrand', check to make sure that it doesn't just
return the same thing every time, and that it can reasonably well make
progress. We check that up to five 32-bit samples are not all the same,
which will mistakenly mark a working CPU as defective with probability
2^-128.
It seems that some processors will return a constant value from `rdrand'
but set the carry flag to indicate that it's properly random anyway.
See
https://arstechnica.com/gadgets/2019/10/how-a-months-old-amd-microcode-bug-destroyed-my-weekend/
as an example.
Mark Wooding [Tue, 8 Oct 2019 10:44:19 +0000 (11:44 +0100)]
key/key-io.c: Mark `exptime' function `static'.
I think it was always meant to be so. It doesn't have a prefix, and
isn't used anywhere else. Leaking it into the client namespace was just
a mistake.
Mark Wooding [Tue, 8 Oct 2019 10:36:34 +0000 (11:36 +0100)]
key/key-io.c (key_new): Don't leak attribute `sym_table' on error.
This is safe: `insert' doesn't do anything with `k->a'.
Mark Wooding [Tue, 1 Oct 2019 11:54:27 +0000 (12:54 +0100)]
catacomb.pc.in: Update dependency on mLib.
The most recent relevant change appears to be
commit
4d845619c3f21fe19dd7f7b16815281b34de9e33
Author: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 26 May 2018 23:31:00 +0100
codec/url.c: Always encode whitespace characters.
Vertical whitespace is obviously bad, so this is a longstanding bug; but
all whitespace should really be escaped.
which was first released as part of 2.3.0.
Mark Wooding [Sun, 29 Sep 2019 14:58:57 +0000 (15:58 +0100)]
Release 2.4.4.
Mark Wooding [Sat, 28 Sep 2019 00:21:53 +0000 (01:21 +0100)]
debian/: Ship correct symbols files.
Mark Wooding [Sun, 29 Sep 2019 14:56:38 +0000 (15:56 +0100)]
debian/: Bump to Debhelper 10.
Mark Wooding [Sun, 29 Sep 2019 15:39:13 +0000 (16:39 +0100)]
debian/rules: Prefix `dh' options with `-O' to prevent sadness.
Mark Wooding [Thu, 26 Sep 2019 11:09:10 +0000 (12:09 +0100)]
base/dispatch.c: Check for XMM registers after CPUID probe.
`fxsave' isn't universally available, but if CPUID is reporting that XMM
instructions are available, we can definitely use it.
Mark Wooding [Thu, 26 Sep 2019 16:03:46 +0000 (17:03 +0100)]
rand/noise.c: Fix foolish bug in the `getentropy' code.
I've probably never built this before. :-/
Mark Wooding [Sat, 21 Sep 2019 16:44:24 +0000 (17:44 +0100)]
Release 2.4.3.
Mark Wooding [Sat, 21 Sep 2019 17:18:20 +0000 (18:18 +0100)]
debian/control: Don't require `valgrind' on `armel'.
It isn't there. We must manage without.
Mark Wooding [Sat, 10 Nov 2018 13:55:14 +0000 (13:55 +0000)]
progs/perftest.c: Document the `-n' option for `enc' and `hash'.
(cherry picked from commit
6fbaed9534c9c100ed4c2c45c4a5b3e95142c888)
Mark Wooding [Wed, 18 Sep 2019 17:35:34 +0000 (18:35 +0100)]
key/key-misc.c: Fix bogus parentheses in macro.
The old, bogus behaviour was that it would report `KERR_READONLY' if the
keyring was neither open for writing, /nor/ modified. I think this is
relatively benign, but still well deserving of fixing.
Spotted by Clang.
(cherry picked from commit
924c7057076a23e322d40693912633dc546867e9)
Mark Wooding [Wed, 18 Sep 2019 17:24:49 +0000 (18:24 +0100)]
symm/rijndael-arm64-crypto.S: Fix bogus element-to-GP move.
Spotted by Clang's assembler. GAS is obviously too lenient.
(cherry picked from commit
cead42fc5cf5ff8c1c13f123e4c002077b42f6cd)
Mark Wooding [Thu, 15 Aug 2019 17:16:02 +0000 (18:16 +0100)]
symm/chacha.c: Set the correct nonce size for `xchachaNN'.
Oops.
(cherry picked from commit
9acc7e10f1da03be55e3bc2cdcbbd5775253e3d0)
Mark Wooding [Fri, 9 Nov 2018 22:44:40 +0000 (22:44 +0000)]
symm/idea.c: Fix key-size descriptor.
Missing terminator. Oops.
(cherry picked from commit
9c22e9e0d174ee0c1e649464755568fe61c0e949)
Mark Wooding [Sat, 24 Nov 2018 19:06:45 +0000 (19:06 +0000)]
progs/cc-progress.c: Use `fstat' to discover the file size.
And `lseek' to discover the current offset. Annoyingly, Android only
developed `ftello64' and `fseeko64' in API24, so we can't use these (and
it was a pretty grim circumlocution anyway). On the other hand, Android
has had `lseek64' forever, and its `fstat' is natively 64-bit; and
there's no portability benefit to using the other functions because
Windows doesn't have them anyway. (Indeed, `lseek' and `stat' are
ancient Unix, so probably more portable.)
Mark Wooding [Fri, 16 Nov 2018 12:51:39 +0000 (12:51 +0000)]
math/mpx-mul4-amd64-sse2.S: Always collect iteration count as 32 bits.
Some ABIs, at least, don't guarantee to zero-extend arguments, and we
use the counter as an address offset.
Mark Wooding [Fri, 16 Nov 2018 12:49:42 +0000 (12:49 +0000)]
math/mpx-mul4-amd64-sse2.S: Fix stack-argument offset for 64-bit Windows.
I failed to account for either the 160 bytes of saved XMM registers
(because the stupid ABI demands that XMM6--XMM15 be preserved across
calls), or for the daft 32-byte shadow space between the return address
and the stacked arguments.
Mark Wooding [Fri, 16 Nov 2018 12:22:27 +0000 (12:22 +0000)]
symm/salsa20-x86ish-sse2.S: Fix typo in 64-bit Windows code.
Goes to show how often I test on Windows. :-(
Mark Wooding [Fri, 9 Nov 2018 21:46:56 +0000 (21:46 +0000)]
symm/desx.c, symm/desx.h (desx_init): Fix documentation.
The two documentation comments disagreed about the orders of the key
pieces. The implementation had it right: the DES key comes first,
followed by the whitening keys. Fix the header, and a stupid typo.
Mark Wooding [Wed, 31 Oct 2018 13:47:47 +0000 (13:47 +0000)]
symm/t/rijndael256: Add tests for small key sizes.
Commit
388489cbb302cb86ee0fd4927243a24525dfd5ee (released in 2.4.2)
added more round constants so that we give the correct answers for
large-block Rijndael with small keys -- and this works fine for clean
builds. Unfortunately, Catacomb's build system doesn't regenerate
recomputed tables automatically (and that would anyway be a problem for
cross builds), which means that old working trees will still be building
broken code.
Add some tests so that developers notice and hopefully rebuild the
offending tables.
Mark Wooding [Sat, 10 Nov 2018 17:26:43 +0000 (17:26 +0000)]
progs/cc-kem.c (getkem): Parse the `kdf' spec after bulk crypto.
Otherwise the buffer holding the remains of the kemalgspec is clobbered.
Mark Wooding [Tue, 30 Oct 2018 22:05:18 +0000 (22:05 +0000)]
progs/..., symm/...: Fix 32-bit right-shift idiom.
This one has a long and troubled history. Writing
x >> 32
is undefined behaviour if x is only 32 bits wide. On the other hand, if
it's /not/, then this is necessary to get hold of the upper bits.
The obvious escape plan is to write
(x >> 16) >> 16
(the parentheses are unfortunately necessary), but some Microsoft
compilers managed do bungle compiling this: they merged the two shifts
together and then decided that a shift by 32 places was a no-op.
So I wrote
((x&~MASK32) >> 16) >> 16
which stood for many years. Unfortunately this is really wrong too: if
x is wider than 32 bits, that's nice, but MASK32 /isn't/ necessarily, so
~MASK32 is all-bits zero and the high bits of x are just lost.
Fix this by casting MASK32 to the-type-of-x before inverting it.
Ugh.
Mark Wooding [Mon, 13 Aug 2018 20:30:07 +0000 (21:30 +0100)]
progs/catsign.c: Don't gratuitously try to open a temporary file.
The `merry dance' where we open the necessary output files was bungled,
which caused a temporary file to be opened unless an explicit output
file was requested without buffering.
Mark Wooding [Mon, 30 Jul 2018 11:24:04 +0000 (12:24 +0100)]
base/asm-common.h: Fix the description comment at the top of the file.
Mark Wooding [Fri, 22 Jun 2018 09:20:44 +0000 (10:20 +0100)]
Add support for fancy AArch64 assembler code.
It's a fun instruction set, and maybe this will improve my crypto on
Raspberry Pi 3.
Mark Wooding [Fri, 22 Jun 2018 09:21:10 +0000 (10:21 +0100)]
configure.ac: Don't be so picky about identifying ARM variants.
They're all pretty much the same, really. If I had some good way to
identify big-endian ARM targets, I'd try that, but I don't know how to
do that right now.
Mark Wooding [Fri, 22 Jun 2018 09:21:55 +0000 (10:21 +0100)]
symm/salsa20-arm-neon.S: Remove extra copy of the state-layout diagram.
I think this is leftover debris from when I was first figuring out this
layout, but it certainly doesn't belong here.
Mark Wooding [Sat, 23 Jun 2018 03:17:13 +0000 (04:17 +0100)]
symm/rijndael-arm-crypto.S: Use `vmov' rather than `veor' to zero-init.
I think I'd be doing too much x86 coding when I came to do this.
Mark Wooding [Fri, 22 Jun 2018 09:21:32 +0000 (10:21 +0100)]
symm/rijndael-arm-crypto.S: Delete a redundant instruction.
We've already loaded the previous-cycle word by the time we get to `1:'
here, so we don't need to do it again. The pointers don't move, so this
was harmless but pointless.
Mark Wooding [Fri, 22 Jun 2018 11:45:22 +0000 (12:45 +0100)]
math/mpx.c (mpx_lsr): Fix pointer out-of-bounds bug.
If `n' is huge, and `av' is near the top of memory (e.g., in the top
quarter, if we're using 32-bit digits) then `av + n' wraps around, and
is consequently less than `avl', leading to all sorts of unfortunate
behaviour.
Noticed under `qemu-arm' on stretch, but generally applicable.
Mark Wooding [Thu, 14 Jun 2018 10:02:09 +0000 (11:02 +0100)]
build: Configure `pkg-config' correctly for static linking.
Mark Wooding [Tue, 12 Jun 2018 00:16:17 +0000 (01:16 +0100)]
Release 2.4.2.
Mark Wooding [Tue, 12 Jun 2018 00:20:30 +0000 (01:20 +0100)]
debian/control: Add build-depend on valgrind to make `ct-test.c' properly.
It seems wrong to ship the proper package with this stubbed out.
Mark Wooding [Fri, 5 Jan 2018 04:28:56 +0000 (04:28 +0000)]
symm/rijndael-mktab.c: Produce more round constants.
We don't have enough for large blocks and/or small keys. We need 15*8 =
120 words of keys for 256-bit Rijndael, and if we have only a 32-bit key
then we'll need 120 round constants. So generate them all.
Mark Wooding [Fri, 5 Jan 2018 04:27:14 +0000 (04:27 +0000)]
symm/rijndael-mktab.c: Don't hardwire output `rcon' table size.
We output `sizeof(rc)' entries, so that's what we should put in the
array length.
Mark Wooding [Sun, 28 May 2017 18:03:08 +0000 (19:03 +0100)]
symm/sha{,256,512}.c: Fold message-scheduling in with state update.
Previously, I implemented these compression functions in two steps:
first performing the message expansion, and then applying the state
update.
Instead, save temporary space by interleaving the two steps. This also
results in a small performance improvement.
Mark Wooding [Sun, 28 May 2017 08:25:19 +0000 (09:25 +0100)]
math/limlee.c: Fiddle with the large-prime heuristics.
Experimentation shows me that large primes just don't last very long
with the old heuristic. Switch to another one that's more tolerant but
still weeds out no-hopers.
Mark Wooding [Mon, 11 Jun 2018 15:36:33 +0000 (16:36 +0100)]
symm/{chacha,salsa20}.h: Mark the cipher classes as `extern'.
Saved by vague linkage, but this is not good.
Mark Wooding [Mon, 21 May 2018 16:41:57 +0000 (17:41 +0100)]
utils/split-pieces: Introduce unsigned quick fields.
There aren't any in Catacomb at the moment -- and I don't plan to add
any -- but other code uses them so it's useful to be able to work with
them.
Mark Wooding [Mon, 21 May 2018 16:40:29 +0000 (17:40 +0100)]
utils/split-pieces (QfConvert): Split out a subclass.
Subclasses must define a boolean `SIGNEDP', and implement `fmt(n)' to
format an individual piece for output.
The new subclass, `SignedQfConvert', is indeed signed, and formats using
`str'; so, again, nothing has actually changed.
Mark Wooding [Mon, 21 May 2018 16:38:23 +0000 (17:38 +0100)]
utils/split-pieces (QfConvert): Rename to `BaseQfConvert'.
Anyone might thing I was about to subclass it.
Mark Wooding [Mon, 21 May 2018 16:35:55 +0000 (17:35 +0100)]
utils/split-pieces (QfConvert): Construct an instance of the right class.
Of course, `QfConvert' is always the right class at the moment, but it's
the principle of the thing.
Mark Wooding [Sun, 3 Jun 2018 09:30:49 +0000 (10:30 +0100)]
progs/catsign.c; Verify equality of keys more directly.
Rather than comparing the two keys' `id' slots, just compare the
pointers. It's not like we got them from different keyrings or
anything. This makes it clear that we're checking that we really have
the /same/ key, found by two different paths.
Fortunately, this isn't a security problem: the code in `key/key-io.c'
won't allow two keys with the same `id' value to exist in the same
keyring. This change therefore doesn't have any observable effect.
But, seeing as I just had a panic regarding a potential security hole in
`tripe-keys', it's as well to make it clear what's actually going on.
Mark Wooding [Sun, 20 May 2018 23:57:10 +0000 (00:57 +0100)]
configure.ac: Recognize `androideabi' as a thing we can support.
There's no significant difference in calling conventions, so this is
safe.
Mark Wooding [Sat, 19 May 2018 23:46:50 +0000 (00:46 +0100)]
configure.ac: Hack around Termux syslog weirdness.
Termux's <syslog.h> has weird macros to redirect to Android's logcat
machinery, but these need a separate library to be linked in. Notice
this weirdness and cope.
Mark Wooding [Tue, 12 Dec 2017 20:21:39 +0000 (20:21 +0000)]
symm/poly1305.c: Fix daft typo in banner comment.
Mark Wooding [Thu, 19 Oct 2017 23:36:31 +0000 (00:36 +0100)]
utils/split-pieces: Report the correct command-line syntax.
Mark Wooding [Thu, 19 Oct 2017 23:35:57 +0000 (00:35 +0100)]
utils/curve25519.sage: Remove redundant coercion to field k.
Mark Wooding [Thu, 19 Oct 2017 18:35:23 +0000 (19:35 +0100)]
pub/t/x*: Rearrange the Monte-Carlo tests.
* Insert more intermediate values, specifically at every power of 10.
* Rather than calculating the whole thing from scratch each time,
tests other than the first one continue from the previous
state (which I had to calculate the hard way and enter into the
test-vector files). The total iteration count and final results
still match the RFC.
* Split the very slow high-iteration-count tests into a separate file,
where they can be run discretionally without having to edit source
files. Arrange to distribute these new files.
Mark Wooding [Thu, 19 Oct 2017 18:03:55 +0000 (19:03 +0100)]
utils/curve25519.sage: Remove second definition of `A0'.
Mark Wooding [Mon, 2 Oct 2017 12:25:39 +0000 (13:25 +0100)]
pub/ed{25519,448}.c: Double by adding self, rather than multiplying by two.
Saves a reduction pass.
Mark Wooding [Mon, 2 Oct 2017 12:47:24 +0000 (13:47 +0100)]
base/ct-test.in: Don't call Valgrind macros unless we found the headers.
Oops.
Mark Wooding [Sun, 1 Oct 2017 02:01:02 +0000 (03:01 +0100)]
Start verifying that code which should be constant-time really is.
Introduce utilities `ct_poison' and `ct_remedy' to control Valgrind's
uninitialized-data checking, based on Adam Langley's `ctgrind' idea
described in https://www.imperialviolet.org/2010/04/01/ctgrind.html.
Use these in the tests for fancy-bignum algorithms, such as Poly1305 and
X25519.
There's currently no automated machinery for running these tests. This
is a little tricky:
* Some of the tests will need to be skipped because they just take too
long if they run under Valgrind.
* The test programs are actually libtool wrappers, which are bash(1)
scripts. Firstly, this means we get lots of spurious errors about
bash; and secondly, the actual test program doesn't end up being
checked by Valgrind at all.
So it's just manual for now.
Mark Wooding [Sat, 30 Sep 2017 01:43:47 +0000 (02:43 +0100)]
symm/{salsa20,chacha}.c (..._rand): Don't crash if nonce pointer is null.
Oops.
Mark Wooding [Fri, 29 Sep 2017 21:25:32 +0000 (22:25 +0100)]
math/scaf.c, etc.: Only need 3*NPIECE words of scratch space.
The extra one would have been necessary because we're calculating the
high half of a product of two (NPIECE + 1)-piece numbers, but in fact we
only need the low NPIECE pieces of the result.
Fix the commentary and the callers.
Mark Wooding [Fri, 29 Sep 2017 21:11:32 +0000 (22:11 +0100)]
math/scaf.c: Fix trivial typo.
Mark Wooding [Tue, 15 Aug 2017 13:22:03 +0000 (14:22 +0100)]
debian/copyright: Fix dates again.
Hopefully properly this time.
Mark Wooding [Tue, 15 Aug 2017 13:21:47 +0000 (14:21 +0100)]
.mailmap: Add file to fix CVS-ish names in history.
Mark Wooding [Mon, 14 Aug 2017 12:38:06 +0000 (13:38 +0100)]
vars.am: Experimental hack for Emacs `flymake'.
I'm not sure whether this will stay here, but it seems harmless enough.
Mark Wooding [Mon, 14 Aug 2017 12:28:57 +0000 (13:28 +0100)]
Revert "debian: Update for Debhelper 10."
This reverts commit
aef6942f4a28e2d422fc33709a08116f51406fd1.
Mark Wooding [Tue, 8 Aug 2017 22:41:44 +0000 (23:41 +0100)]
rand/noise.c, progs/pixie.c: Don't ignore return codes from setuid(2) etc.
Legitimate warnings, I think, but not worth doing anything complicated
about.
Mark Wooding [Tue, 8 Aug 2017 22:13:51 +0000 (23:13 +0100)]
progs/rspit.c: Cope with large files.
Missed this in my earlier `_FILE_OFFSET_BITS' pass. The calculations
for the progress display and so on are all done in terms of bignums
already, so there's no worries with the arithmetic.
Mark Wooding [Sat, 29 Jul 2017 00:02:46 +0000 (01:02 +0100)]
base/keysz.c: Fix bogus pointer dereference on wide-arg key size lists.
I must have been seriously short on brain that day.
Mark Wooding [Mon, 17 Jul 2017 00:00:16 +0000 (01:00 +0100)]
symm/keccak1600.c (keccak1600_p): Minor layout tweak.
Align the final `keccak1600_round' calls to show the symmetry and
difference better.
Mark Wooding [Fri, 7 Jul 2017 09:53:46 +0000 (10:53 +0100)]
debian/copyright: Fix copyright dates.
Mark Wooding [Thu, 6 Jul 2017 10:15:53 +0000 (11:15 +0100)]
debian: Update for Debhelper 10.
Mark Wooding [Thu, 6 Jul 2017 10:15:05 +0000 (11:15 +0100)]
debian/rules: Capture common options in a makefile variable.
Mark Wooding [Thu, 6 Jul 2017 10:14:05 +0000 (11:14 +0100)]
debian/rules: Add a comment explaining why we do weird test things.
Mark Wooding [Thu, 6 Jul 2017 10:10:33 +0000 (11:10 +0100)]
debian/control: Use ${binary:Version} instead of ${Source-Version}.
Mark Wooding [Thu, 6 Jul 2017 10:09:11 +0000 (11:09 +0100)]
debian/copyright: Convert to machine-readable format.
Mark Wooding [Fri, 14 Jun 2013 19:43:15 +0000 (20:43 +0100)]
debian: Multi-arch support.
Mark Wooding [Wed, 5 Jul 2017 21:09:59 +0000 (22:09 +0100)]
configure.ac: Check for some brain damage from Clang's assembler.
It doesn't understand `.arch' or the `adcd' instruction. I'm damned if
I'm writing `dword ptr' everywhere, so Clang users will have to figure
out some way to use Gas if they want the assembler code.
Mark Wooding [Wed, 5 Jul 2017 21:08:11 +0000 (22:08 +0100)]
configure.ac: Delay checking the assembler until we know the target CPU.
It turns out that assemblers are deficient in target-specific ways, so
we have to figure out what the target is like before we can probe for
the brokenness. Reorder things so that this is possible. No functional
change.
Mark Wooding [Wed, 5 Jul 2017 20:38:41 +0000 (21:38 +0100)]
configure.ac: Abstract out common pattern in CPU/ABI variable defs.
The new combined macro is really ugly, but it's probably better than two
copies of the same thing. No functional change.
Mark Wooding [Wed, 5 Jul 2017 20:32:14 +0000 (21:32 +0100)]
math/mpint.h: Add Clang warning-muffling.
Otherwise the compile is very noisy.
Mark Wooding [Wed, 5 Jul 2017 20:30:20 +0000 (21:30 +0100)]
base/dispatch.c: Fix operand constraints in `setflags'.
It wasn't correct to use `g' here. Clang legitimately used sp-relative
memory locations, which broke really badly because the stack pointer
moves during the code sequence. Force the operands into registers to
avoid this problem.
Mark Wooding [Wed, 5 Jul 2017 20:29:31 +0000 (21:29 +0100)]
math/strongprime.c: Muffle an irritating style warning from Clang.
Mark Wooding [Wed, 5 Jul 2017 20:27:30 +0000 (21:27 +0100)]
progs/catsign.c: Mark the various `choke' functions as `NORETURN'.
If I don't do this, then Clang complains (otherwise correctly) that `y'
might be used uninitialized.
Mark Wooding [Tue, 4 Jul 2017 23:51:36 +0000 (00:51 +0100)]
Merge branch '2.3.x'
* 2.3.x:
symm/hmac-def.h: Fix the NMAC and SSLMAC classes.
Conflicts:
symm/hmac-def.h
Mark Wooding [Tue, 4 Jul 2017 17:53:21 +0000 (18:53 +0100)]
vars.am, math/Makefile.am: Tweak `silent-rules' machinery.
Since Automake 1.11, the advice for setting up custom silent-rules
recipes has changed, so use the new machinery.
Also, I'm no longer mainly working on wheezy, and Automake has made the
operation field two spaces wider while I wasn't looking, so make the
output line up properly.
This means that Catacomb now requires Automake 1.11.2 or later to build
from the Git tree.
Mark Wooding [Tue, 4 Jul 2017 16:54:50 +0000 (17:54 +0100)]
symm/sha3.c: Attach the correct operations to the `shake256' cipher.
Rather embarrassing. Thanks to GCC 6 for pointing out that
`shake256_gcops' was unused.