Import libgcrypt 1.5.3.
This commit is contained in:
Vladimir Serbinenko
parent
c12936c5d1
commit
d1307d873a
72 changed files with 11732 additions and 2916 deletions
|
|
@ -1,6 +1,7 @@
|
|||
/* mpi-pow.c - MPI functions for exponentiation
|
||||
* Copyright (C) 1994, 1996, 1998, 2000, 2002
|
||||
* 2003 Free Software Foundation, Inc.
|
||||
* 2013 g10 Code GmbH
|
||||
*
|
||||
* This file is part of Libgcrypt.
|
||||
*
|
||||
|
|
@ -81,9 +82,14 @@ gcry_mpi_powm (gcry_mpi_t res,
|
|||
if (!esize)
|
||||
{
|
||||
/* Exponent is zero, result is 1 mod MOD, i.e., 1 or 0 depending
|
||||
on if MOD equals 1. */
|
||||
rp[0] = 1;
|
||||
on if MOD equals 1. */
|
||||
res->nlimbs = (msize == 1 && mod->d[0] == 1) ? 0 : 1;
|
||||
if (res->nlimbs)
|
||||
{
|
||||
RESIZE_IF_NEEDED (res, 1);
|
||||
rp = res->d;
|
||||
rp[0] = 1;
|
||||
}
|
||||
res->sign = 0;
|
||||
goto leave;
|
||||
}
|
||||
|
|
@ -230,7 +236,13 @@ gcry_mpi_powm (gcry_mpi_t res,
|
|||
tp = rp; rp = xp; xp = tp;
|
||||
rsize = xsize;
|
||||
|
||||
if ( (mpi_limb_signed_t)e < 0 )
|
||||
/* To mitigate the Yarom/Falkner flush+reload cache
|
||||
* side-channel attack on the RSA secret exponent, we do
|
||||
* the multiplication regardless of the value of the
|
||||
* high-bit of E. But to avoid this performance penalty
|
||||
* we do it only if the exponent has been stored in secure
|
||||
* memory and we can thus assume it is a secret exponent. */
|
||||
if (esec || (mpi_limb_signed_t)e < 0)
|
||||
{
|
||||
/*mpih_mul( xp, rp, rsize, bp, bsize );*/
|
||||
if( bsize < KARATSUBA_THRESHOLD )
|
||||
|
|
@ -245,7 +257,9 @@ gcry_mpi_powm (gcry_mpi_t res,
|
|||
_gcry_mpih_divrem(xp + msize, 0, xp, xsize, mp, msize);
|
||||
xsize = msize;
|
||||
}
|
||||
|
||||
}
|
||||
if ( (mpi_limb_signed_t)e < 0 )
|
||||
{
|
||||
tp = rp; rp = xp; xp = tp;
|
||||
rsize = xsize;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue