Skip to content
Snippets Groups Projects
Select Git revision
  • remove-initial-step
  • ki-plugin
  • current-oidc
  • main default protected
  • use-alternative-implib
  • use-win-curl
  • add-ci
  • oidc-support
  • experimental-curve448
  • branch-0.61
  • branch-0.56
  • branch-0.53
  • branch-0.55
  • zlib-dll
  • ben-mac-port
  • 0.76
  • 0.75
  • 0.74
  • 0.73
  • 0.72
  • 0.71
  • 0.70
  • 0.69
  • 0.68
  • 0.67
  • 0.66
  • 0.65
  • 0.64_aes_ni
  • 0.64
  • 0.63
  • 0.62
  • 0.61
  • 0.60
  • 0.59
  • 0.58
35 results
Blame Permalink
  • Simon Tatham's avatar
    dec79cf1
    Start a file of 'unsafe' mp_int functions. · dec79cf1
    Simon Tatham authored 
    Unlike the ones in mpint.c proper, these are not intended to respect
the constant-time guarantees. They're going to be the kind of thing
you use in key generation, which is too random to be constant-time in
any case.

I've arranged several precautions to try to make sure these functions
don't accidentally get linked into the main SSH application, only into
key generators:

 - declare them in a separate header with "unsafe" in the name

 - put "unsafe" in the name of every actual function

 - don't even link the mpunsafe.c translation unit into PuTTY proper

 - in fact, define global symbols of the same name in that file and
   the SSH client code, so that there will be a link failure if we
   ever try to do it by accident

The initial contents of the new source file consist of the subroutine
mp_mod_short() that previously lived in sshprime.c (and was not in
mpint.c proper precisely because it was unsafe). While I'm here, I've
turned it into mp_unsafe_mod_integer() and let it take a modulus of up
to 32 bits instead of 16.

Also added some obviously useful functions to shrink an mpint to the
smallest physical size that can hold the contained number (rather like
bn_restore_invariant in the old Bignum system), which I expect to be
using shortly.
    dec79cf1
    History
    Start a file of 'unsafe' mp_int functions.
    Simon Tatham authored 
    Unlike the ones in mpint.c proper, these are not intended to respect
the constant-time guarantees. They're going to be the kind of thing
you use in key generation, which is too random to be constant-time in
any case.

I've arranged several precautions to try to make sure these functions
don't accidentally get linked into the main SSH application, only into
key generators:

 - declare them in a separate header with "unsafe" in the name

 - put "unsafe" in the name of every actual function

 - don't even link the mpunsafe.c translation unit into PuTTY proper

 - in fact, define global symbols of the same name in that file and
   the SSH client code, so that there will be a link failure if we
   ever try to do it by accident

The initial contents of the new source file consist of the subroutine
mp_mod_short() that previously lived in sshprime.c (and was not in
mpint.c proper precisely because it was unsafe). While I'm here, I've
turned it into mp_unsafe_mod_integer() and let it take a modulus of up
to 32 bits instead of 16.

Also added some obviously useful functions to shrink an mpint to the
smallest physical size that can hold the contained number (rather like
bn_restore_invariant in the old Bignum system), which I expect to be
using shortly.

A HIFIS Service | Privacy | Imprint | Support | Documentation | Changelog