b529253bea
This imports upstream's scrypt implementation, though it's been heavily revised. I lost track of words vs. blocks vs. bigger blocks too many times in the original code and introduced a typedef for the fixed-width Salsa20 blocks. The downside is going from bytes to blocks is a bit trickier, so I took advantage of our little-endian assumption. This also adds an missing check for N < 2^32. Upstream's code is making this assumption in Integerify. I'll send that change back upstream. I've also removed the weird edge case where a NULL out_key parameter means to validate N/r/p against max_mem and nothing else. That's just in there to get a different error code out of their PKCS#12 code. Performance-wise, the cleanup appears to be the same (up to what little precision I was able to get here), but an optimization to use bitwise AND rather than modulus makes us measurably faster. Though scrypt isn't a fast operation to begin with, so hopefully it isn't anyone's bottleneck. This CL does not route scrypt up to the PKCS#12 code, though we could write our own version of that if we need to later. BUG=chromium:731993 Change-Id: Ib2f43344017ed37b6bafd85a2c2b103d695020b8 Reviewed-on: https://boringssl-review.googlesource.com/17084 Reviewed-by: Adam Langley <agl@google.com> |
||
---|---|---|
.. | ||
args.cc | ||
ciphers.cc | ||
client.cc | ||
CMakeLists.txt | ||
const.cc | ||
digest.cc | ||
file.cc | ||
generate_ed25519.cc | ||
genrsa.cc | ||
internal.h | ||
pkcs12.cc | ||
rand.cc | ||
server.cc | ||
sign.cc | ||
speed.cc | ||
tool.cc | ||
transport_common.cc | ||
transport_common.h |