Deprecate BigInt::shrink_to_fit

Add const-time annotations to gcd implementation.

5 files changed, 18 insertions, 18 deletions

diff --git a/src/lib/math/bigint/bigint.cpp b/src/lib/math/bigint/bigint.cpp
index 96ca92b35..ad9e5a0da 100644
--- a/src/lib/math/bigint/bigint.cpp
+++ b/src/lib/math/bigint/bigint.cpp
@@ -505,10 +505,8 @@ void BigInt::ct_cond_assign(bool predicate, const BigInt& other)
       this->set_word_at(i, mask.select(o_word, t_word));
       }
 
-   if(sign() != other.sign())
-      {
-      cond_flip_sign(predicate);
-      }
+   const bool different_sign = sign() != other.sign();
+   cond_flip_sign(predicate && different_sign);
    }
 
 #if defined(BOTAN_HAS_VALGRIND)
diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h
index 9fda4ceb0..d04ac045c 100644
--- a/src/lib/math/bigint/bigint.h
+++ b/src/lib/math/bigint/bigint.h
@@ -136,6 +136,8 @@ class BOTAN_PUBLIC_API(2,0) BigInt final
         this->swap(other);
         }
 
+     ~BigInt() { const_time_unpoison(); }
+
      /**
      * Move assignment
      */
@@ -637,7 +639,7 @@ class BOTAN_PUBLIC_API(2,0) BigInt final
      * Resize the vector to the minimum word size to hold the integer, or
      * min_size words, whichever is larger
      */
-     void shrink_to_fit(size_t min_size = 0)
+     void BOTAN_DEPRECATED("Use resize if required") shrink_to_fit(size_t min_size = 0)
         {
         m_data.shrink_to_fit(min_size);
         }
diff --git a/src/lib/math/numbertheory/mod_inv.cpp b/src/lib/math/numbertheory/mod_inv.cpp
index 013b5bdc5..ec3bb33f0 100644
--- a/src/lib/math/numbertheory/mod_inv.cpp
+++ b/src/lib/math/numbertheory/mod_inv.cpp
@@ -127,6 +127,8 @@ BigInt inverse_mod_odd_modulus(const BigInt& n, const BigInt& mod)
    word* a_w = &tmp_mem[3*mod_words];
    word* mp1o2 = &tmp_mem[4*mod_words];
 
+   CT::poison(tmp_mem.data(), tmp_mem.size());
+
    copy_mem(a_w, n.data(), std::min(n.size(), mod_words));
    copy_mem(b_w, mod.data(), std::min(mod.size(), mod_words));
    u_w[0] = 1;
@@ -139,12 +141,10 @@ BigInt inverse_mod_odd_modulus(const BigInt& n, const BigInt& mod)
    word carry = bigint_add2_nc(mp1o2, mod_words, u_w, 1);
    BOTAN_ASSERT_NOMSG(carry == 0);
 
-   CT::poison(tmp_mem.data(), tmp_mem.size());
-
    // Only n.bits() + mod.bits() iterations are required, but avoid leaking the size of n
-   size_t execs = 2 * mod.bits();
+   const size_t execs = 2 * mod.bits();
 
-   while(execs--)
+   for(size_t i = 0; i != execs; ++i)
       {
       const word odd_a = a_w[0] & 1;
 
@@ -241,6 +241,7 @@ BigInt inverse_mod_pow2(const BigInt& a1, size_t k)
       }
 
    X.mask_bits(k);
+   X.const_time_unpoison();
    return X;
    }
 
diff --git a/src/lib/math/numbertheory/monty.cpp b/src/lib/math/numbertheory/monty.cpp
index ef75a587a..ca5eb73df 100644
--- a/src/lib/math/numbertheory/monty.cpp
+++ b/src/lib/math/numbertheory/monty.cpp
@@ -273,13 +273,7 @@ void Montgomery_Int::fix_size()
    if(m_v.sig_words() > p_words)
       throw Internal_Error("Montgomery_Int::fix_size v too large");
 
-   secure_vector<word>& w = m_v.get_word_vector();
-
-   if(w.size() != p_words)
-      {
-      w.resize(p_words);
-      w.shrink_to_fit();
-      }
+   m_v.grow_to(p_words);
    }
 
 bool Montgomery_Int::operator==(const Montgomery_Int& other) const
diff --git a/src/lib/math/numbertheory/numthry.cpp b/src/lib/math/numbertheory/numthry.cpp
index 7c6e398a8..4c2e61533 100644
--- a/src/lib/math/numbertheory/numthry.cpp
+++ b/src/lib/math/numbertheory/numthry.cpp
@@ -75,10 +75,14 @@ BigInt gcd(const BigInt& a, const BigInt& b)
 
    BigInt f = a;
    BigInt g = b;
+   f.const_time_poison();
+   g.const_time_poison();
+
    f.set_sign(BigInt::Positive);
    g.set_sign(BigInt::Positive);
 
    const size_t common2s = std::min(low_zero_bits(f), low_zero_bits(g));
+   CT::unpoison(common2s);
 
    f >>= common2s;
    g >>= common2s;
@@ -92,8 +96,6 @@ BigInt gcd(const BigInt& a, const BigInt& b)
    BigInt newg, t;
    for(size_t i = 0; i != loop_cnt; ++i)
       {
-      g.shrink_to_fit();
-      f.shrink_to_fit();
       sub_abs(newg, f, g);
 
       const bool need_swap = (g.is_odd() && delta > 0);
@@ -111,6 +113,9 @@ BigInt gcd(const BigInt& a, const BigInt& b)
 
    f <<= common2s;
 
+   f.const_time_unpoison();
+   g.const_time_unpoison();
+
    return f;
    }