- User Since
- Mar 27 2017, 4:48 PM (349 w, 3 d)
Nov 4 2023
Oct 23 2023
Yes, int8_t/int16_t/int32_t/uint8_t/uint16_t/uint32_t should not be used. There is size-specific integer types defined in src/types.h which can be used instead (byte/u16/u32). This header does not yet have signed integer types, but those can be added (for example, s8/s16/s32).
Oct 17 2023
Oct 15 2023
- There's many functions that use buffers on stack. Do those contain secrets? Should those buffers be wiped before returning from function (with wipememory())? For example, "mlkem_check_secret_key" has two buffers "shared_secret_1" and "shared_secret_2" which are not wiped.
- mlkem.c: mlkem_check_secret_key: "memcmp" is used to compare shared secrets. Should this use constant time comparison instead?
- mlkem-common.c: _gcry_mlkem_mlkem_shake256_rkprf:
- _gcry_md_hash_buffers_extract can be used here instead of _gcry_md_open&write&extract&close.
- mlkem-symmetric.c: _gcry_mlkem_shake256_prf:
- _gcry_md_hash_buffers_extract can be used here instead of _gcry_md_open&write&extract&close. Temporary buffer usage can be avoided by passing input buffers through two IOV to _gcry_md_hash_buffers_extract.
Few comments on the patches.
Sep 30 2023
Sep 15 2023
Just started wondering how much of this slow down is because of MingW libc not having very well optimized memcpy/memmove/memchr/strlen/etc. Is there profiling tools like 'perf' on Linux that could be used for Windows builds?
Aug 20 2023
Jul 17 2023
Jul 13 2023
Problem with SHA-256 on x86-64 is that it took long time for Intel to introduce SHA acceleration (SHA1 & SHA256) to their main CPU products.
Jun 26 2023
Jun 4 2023
Apr 25 2023
Apr 23 2023
Here's fix for mode specific setkey clearing error code:
Apr 21 2023
Apr 20 2023
About error code. You need to use gcry_err_code(error_code) to get the GPG_ERR_WEAK_KEY value.
Apr 17 2023
I'll add documentation about GCRYCTL_SET_ALLOW_WEAK_KEY which was missing from be original commit.
tests/basic now actually fail because setkey not returning GPG_ERR_WEAK_KEY for weak keys with GCRYCTL_SET_ALLOW_WEAK_KEY.
That's right. With GCRYCTL_SET_ALLOW_WEAK_KEY, setkey still returns GPG_ERR_WEAK_KEY when weak key is detected. However, cipher handle can still be used as if setkey succeeded.
Apr 3 2023
Mar 30 2023
Here's mirroring script that is in place currently: