Added more constant-time code and removed biases in the prime number generation routines.

commit: b99183dfc6540099842232ac8608828358d497cf [log] [tgz]
author: Pascal Junod <pascal@junod.info> Wed Mar 11 16:49:45 2015 +0100
committer: Pascal Junod <pascal@junod.info> Wed Mar 11 16:49:45 2015 +0100
tree: f0eb3fe115a10bbb87eb65500444f925bdbed309
parent: 02ba5785bff3a3723b1db60f68e21296dd36862b [diff] [blame]
diff --git a/library/rsa.c b/library/rsa.c
index 2338264..222cb26 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -761,7 +761,7 @@
     for( i = 0; i < ilen - 2 * hlen - 2; i++ )
     {
         pad_done |= p[i];
-        pad_len += ( pad_done == 0 );
+        pad_len += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
     }
 
     p += pad_len;
@@ -835,8 +835,8 @@
          * (minus one, for the 00 byte) */
         for( i = 0; i < ilen - 3; i++ )
         {
-            pad_done |= ( p[i] == 0 );
-            pad_count += ( pad_done == 0 );
+            pad_done  |= ((p[i] | (unsigned char)-p[i]) >> 7) ^ 1;
+            pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
         }
 
         p += pad_count;
commit	b99183dfc6540099842232ac8608828358d497cf	[log] [tgz]
author	Pascal Junod <pascal@junod.info>	Wed Mar 11 16:49:45 2015 +0100
committer	Pascal Junod <pascal@junod.info>	Wed Mar 11 16:49:45 2015 +0100
tree	f0eb3fe115a10bbb87eb65500444f925bdbed309
parent	02ba5785bff3a3723b1db60f68e21296dd36862b [diff] [blame]