boringssl

History

David Benjamin a44dae7fd3 Add a constant-time generic modular inverse function. This uses the full binary GCD algorithm, where all four of A, B, C, and D must be retained. (BN_mod_inverse_odd implements the odd number version which only needs A and C.) It is patterned after the version in the Handbook of Applied Cryptography, but tweaked so the coefficients are non-negative and bounded. Median of 29 RSA keygens: 0m0.225s -> 0m0.220s (Accuracy beyond 0.1s is questionable.) Bug: 238 Change-Id: I6dc13524ea7c8ac1072592857880ddf141d87526 Reviewed-on: https://boringssl-review.googlesource.com/26370 Reviewed-by: Adam Langley <alangley@gmail.com>		2018-03-30 19:53:44 +00:00
..
asm
add.c	Name constant-time functions more consistently.	2018-03-29 23:30:55 +00:00
bn_test_to_fuzzer.go
bn_test.cc	Add a constant-time generic modular inverse function.	2018-03-30 19:53:44 +00:00
bn_tests.txt	Add new GCD and related primitives.	2018-03-30 19:53:36 +00:00
bn.c	Don't leak \|a\| in the primality test.	2018-03-28 01:44:31 +00:00
bytes.c
check_bn_tests.go	Add new GCD and related primitives.	2018-03-30 19:53:36 +00:00
cmp.c
ctx.c
div.c	Add new GCD and related primitives.	2018-03-30 19:53:36 +00:00
exponentiation.c
gcd.c	Add a constant-time generic modular inverse function.	2018-03-30 19:53:44 +00:00
generic.c
internal.h	Add a constant-time generic modular inverse function.	2018-03-30 19:53:44 +00:00
jacobi.c
montgomery_inv.c	Name constant-time functions more consistently.	2018-03-29 23:30:55 +00:00
montgomery.c	Name constant-time functions more consistently.	2018-03-29 23:30:55 +00:00
mul.c	Compute p - q in constant time.	2018-03-30 19:53:28 +00:00
prime.c	Change the order of GCD and trial division.	2018-03-30 19:53:06 +00:00
random.c	Blind the range check for finding a Rabin-Miller witness.	2018-03-29 22:02:24 +00:00
rsaz_exp.c
rsaz_exp.h
shift.c	Add new GCD and related primitives.	2018-03-30 19:53:36 +00:00
sqrt.c	Name constant-time functions more consistently.	2018-03-29 23:30:55 +00:00