mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-07-02 03:52:49 -05:00
Make mp_unsafe_mod_integer not be unsafe.
I've moved it from mpunsafe.c into the main mpint.c, and renamed it mp_mod_known_integer, because now it manages to avoid leaking information about the mp_int you give it. It can still potentially leak information about the small _modulus_ integer - hence the word 'known' in the new function name. This won't be a problem in any existing use of the function, because it's used during prime generation to check divisibility by all the small primes, and optionally also check for residue 1 mod the RSA public exponent. But all those values are well known and not secret. This removes one source of side-channel leakage from prime generation.
This commit is contained in:
Simon Tatham
@ -45,13 +45,3 @@ mp_int *mp_unsafe_copy(mp_int *x)
|
||||
mp_copy_into(copy, x);
|
||||
return copy;
|
||||
}
|
||||
|
||||
uint32_t mp_unsafe_mod_integer(mp_int *x, uint32_t modulus)
|
||||
{
|
||||
uint64_t accumulator = 0;
|
||||
for (size_t i = mp_max_bytes(x); i-- > 0 ;) {
|
||||
accumulator = 0x100 * accumulator + mp_get_byte(x, i);
|
||||
accumulator %= modulus;
|
||||
}
|
||||
return accumulator;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user