Update pq branch 01 24 23 - merge main #770
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add readme file for KEM primitive explaining how to use the API.
Kyber specification might change before the final standardization. So we label the current one with an "R3" suffix to denote that it corresponds to the NIST PQC project Round-3 specification.
Some services are dealing with RSA keys that have been inappropriately generated -- the private exponent |d| is greater than the modulus |n|. Until such keys are eradicated, we _temporarily_ add a way to relax the requirements for checking RSA keys such that the condition |d < n| can be skipped. This "relaxed" behavior has to be explicitly enabled by the user by calling `allow_rsa_keys_d_gt_n()`. The default behavior is still to check if `d < n` and fail if not true.
Zeroise private random data immediately after use. This is just good secret value hygiene.
…s#755) 1. `notrack jmp *%rax` was failing, because there were no commas between the `InstructionArg`. 2. `.long 1f - 0f` was failing because `delocate.go` was incorrectly recognizing `1f` as an offset, when it should be a `LocalLabelRef`. Our `Offset` rule was too lax and recognized all number references as "offsets", regardless of what was appended at the end. I've added `![[A-Z]` to the end of the `Offset` rule to reject any additional charactors. 3. `gcc-8` The gcc-8 assembler will attempt to optimize function pointers used in multiple places under a `.data.rel.ro.local` section, but `delocate.go` does not have the ability to handle `.data` sections. It’s unclear why this is specific to only gcc-8, but we speculate that this was unwanted behavior and was removed in subsequent versions of the gcc compiler. We get around this by defining `pkey_pss_init` as two separate functions for signing and verifying.
dkostic
approved these changes
Jan 24, 2023
andrewhop
approved these changes
Jan 24, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issues:
Merge main to fix formal verification changes made and resulting failing CI.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and
the ISC license.