mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-07-10 07:43:48 -05:00
Make mp_unsafe_mod_integer not be unsafe.
I've moved it from mpunsafe.c into the main mpint.c, and renamed it mp_mod_known_integer, because now it manages to avoid leaking information about the mp_int you give it. It can still potentially leak information about the small _modulus_ integer - hence the word 'known' in the new function name. This won't be a problem in any existing use of the function, because it's used during prime generation to check divisibility by all the small primes, and optionally also check for residue 1 mod the RSA public exponent. But all those values are well known and not secret. This removes one source of side-channel leakage from prime generation.
This commit is contained in:
Simon Tatham
6
mpint.h
6
mpint.h
@ -257,6 +257,12 @@ void mp_divmod_into(mp_int *n, mp_int *d, mp_int *q, mp_int *r);
|
||||
mp_int *mp_div(mp_int *n, mp_int *d);
|
||||
mp_int *mp_mod(mp_int *x, mp_int *modulus);
|
||||
|
||||
/*
|
||||
* Compute the residue of x mod m, where m is a small integer. x is
|
||||
* kept secret, but m is not.
|
||||
*/
|
||||
uint32_t mp_mod_known_integer(mp_int *x, uint32_t m);
|
||||
|
||||
/*
|
||||
* Integer nth root. mp_nthroot returns the largest integer x such
|
||||
* that x^n <= y, and if 'remainder' is non-NULL then it fills it with
|
||||
|
||||
Reference in New Issue
Block a user