Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 4 commits
- 7 files changed
- 1 contributor
Commits on Dec 10, 2019
Commits on Jan 28, 2020
Commits on Aug 29, 2021
-
Remove poly1305 *(volatile uint32_t *)&r0 = 0 crap
This was supposed to trick compilers to avoid leaking secret (one-time) key material to stack in poly1305(). The trick indeed worked on few test compilers, but unfortunately generated utter shit with other compilers. However, I refactored and rearranged the poly1305 code a bit in order to make it harder for compiler(s) to generate code that leaks poly1305 otk material via stack memory. Register spilling still happens though, so there is not much we can do fully protect poly1305 one-time keys from stack memory disclosure attacks etc. Nonetheless, this is a minor issue and all C crypto libraries suffer from the same issue. Fortunately, poly1305 keys are one-time only so the impact is low even if the attacker somehow manages to get access to the keys. Basically a compromised poly1305 one-time key would allow message forgery, but not decryption. Switching from random poly1305 one-time keys to deterministic (hash-based) one-time keys would prevent forgery attacks as well.
Commits on May 3, 2023
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v0.30.1...master