| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
After the guts of MLKEM_public_key were changed from a union to a struct,
the aligner grew the struct, leaking as many bytes of private key data as
the struct grew (on normal platforms that would be 2).
Ideally this would all be a bit more robust.
CID 621603 621604
ok jsing kenjiro
|
| |
|
|
|
|
|
|
|
|
|
| |
This moves everything not public to mlkem_internal.c
removing the old files and doing some further cleanup
on the way.
With this landed mlkem is out of my stack and can be
changed without breaking my subsequent changes
ok tb@
|
| |
|
|
| |
rides the libcrypto bump
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adapt the tests to use this API.
This does not yet make the symbols public in Symbols.list
which will happen shortly with a bump.
This includes some partial rototilling of the non-public
interfaces which will be shortly continued when the internal
code is deduplicated to not have multiple copies for ML-KEM
768 and ML-KEM 1024 (which is just an artifact of unravelling
the boring C++ code).
ok jsing@, tb@
|
| |
|
|
|
|
|
| |
Initialize the output buffer with MLKEM1024_PUBLIC_KEY_BYTES
instead of MLKEM768_PUBLIC_KEY_BYTES.
ok tb@
|
| |
|
|
|
|
|
|
| |
Even though this should remain internal, make it the same
as the public key marshal function, and make the needed
fallout changes in regress.
ok kenjiro@, tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Even though this should remain internal, make it the same
as the public key marshal function, and make the needed
fallout changes in regress.
This does not yet do the bikeshed of renaming the structure
field in the regress ctx, that will wait until a follow on
to convert 1024 in a similar manner
ok tb@
|
| |
|
|
| |
ok jsing@, joshua@
|
| |
|
|
|
|
|
|
|
| |
- Get rid of CBB/CBS usage in public api
- Make void functions return int that can fail if malloc fails.
Along with some fallout and resulting bikeshedding in the regress tests.
ok jsing@, tb@
|
| |
|
|
|
|
|
| |
This will need reworking (especially deduplicating) anyway, but it doesn't
hurt now.
From Kenjiro Nakayama
|
| | |
|
| |
|
|
|
| |
Reflow the comment to avoid some very unfortunate line wraps. "Note that"
is like "literally" a bunch of generally useless noise and best omitted.
|
| |
|
|
|
|
|
| |
As long as is not quite clear what we want to do about the public API
aspect of MLKEM, keep things internal for now.
discussed with beck and jsing
|
| | |
|
| |
|
|
|
|
|
|
| |
Some versions of Clang compile this to non-constant time
code. The fix is adapted from boring. For full details see:
https://boringssl-review.googlesource.com/c/boringssl/+/74447
ok tb@
|
| |
|
|
|
|
|
| |
This needs more thinking. These are void functions that allocate...
Left an XXX for now.
From Kenjiro Nakayama
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes include conversion from C++, basic KNF, then adaptation to
use our sha3 functions for sha3 and shake instead of the BorinSSL
version. This Adds units tests to run against BoringSSL and NIST test
vectors.
The future public API is the same as Boring's - but is not yet exposed
pending making bytestring.h public (which will happen separately) and
a minor bump
Currently this will just ensure we build and run regress.
ok tb@ to get it into the tree and massage from there.
|
| | |
|
|
|
Changes include conversion from C++, basic KNF, then adaptation to
use our sha3 functions for sha3 and shake instead of the BorinSSL
version. This Adds units tests to run against BoringSSL and NIST test
vectors.
The future public API is the same as Boring's - but is not yet exposed
pending making bytesring.h public (which will happen separately) and
a minor bump
Currently this will just ensure we build and run regress.
ok tb@ to get it into the tree and massage from there.
|
