| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Mostly things that shouldn't be used (like almost Montgomery inverse,
which isn't even constant time) or are very much just for internals
(like the word-wise Montgomery inverse computation used for reduction).
Make variable time division explicit; leaves plain divide as a call
but it forwards to ct_divide now. All callers within the library are
now explicitly consttime or vartime.
Add a shortcut for modulus by one word - this hits quite often
especially in the ECC code
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Unfortunately Barrett reductions API allows negative inputs
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Originally wrote it for div-by-word but that ends up requiring a dword
type which we don't always have. And uint8_t covers the most important
cases of n = 10 and n = 58 (whenever I get around to writing base58).
We could portably support up to div-by-uint32, but I don't think we need it.
Nicely for n = 10, this is actually faster than the variable time division.
|
| |/
|
|
| |
This is still leaky, but better than nothing.
|
| |
|
|
|
|
|
|
| |
It is stupid and slow (~50-100x slower than variable time version) but
still useful for protecting critical algorithms.
Not currently used, waiting for OSS-Fuzz to test it for a while before
we commit to it.
|
| |
|
|
| |
Use the BOTAN_MP_WORD_BITS consistently
|
| |
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
| |
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|
| |
|
