Dave Rodgman 
							
						 
					 
					
						
						
							
						
						1cfc43c77b 
					 
					
						
						
							
							Rename mbedtls_ct_bool_xor to mbedtls_ct_bool_ne  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-09-19 18:39:33 +01:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						b69239c604 
					 
					
						
						
							
							Improve docs in mbedtls_mpi_lt_mpi_ct  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-08-29 09:42:14 +01:00 
						 
				 
			
				
					
						
							
							
								Tom Cosgrove 
							
						 
					 
					
						
						
							
						
						3d2d599d3e 
					 
					
						
						
							
							Merge pull request  #7996  from gilles-peskine-arm/small_primes-gaps  
						
						... 
						
						
						
						Reduce the size of the small primes table used by primality testing 
						
						
					 
					
						2023-08-22 12:48:56 +00:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						30b0378008 
					 
					
						
						
							
							Fix off-by-one error  
						
						... 
						
						
						
						The value of p after adding the last entry in the gap table is not used.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-08-22 11:06:47 +02:00 
						 
				 
			
				
					
						
							
							
								Tom Cosgrove 
							
						 
					 
					
						
						
							
						
						31b2d7414d 
					 
					
						
						
							
							Merge pull request  #8053  from gilles-peskine-arm/mpi_exp_mod-remove_initial_copy  
						
						... 
						
						
						
						mbedtls_mpi_exp_mod: remove spurious copy of the output variable 
						
						
					 
					
						2023-08-21 15:50:28 +00:00 
						 
				 
			
				
					
						
							
							
								Tom Cosgrove 
							
						 
					 
					
						
						
							
						
						d29648026b 
					 
					
						
						
							
							Merge pull request  #8017  from ivq/unchecked_return  
						
						... 
						
						
						
						Fix a few unchecked return values 
						
						
					 
					
						2023-08-21 13:02:53 +00:00 
						 
				 
			
				
					
						
							
							
								Chien Wong 
							
						 
					 
					
						
						
							
						
						2e3858f5eb 
					 
					
						
						
							
							Undo a change  
						
						... 
						
						
						
						Signed-off-by: Chien Wong <m@xv97.com > 
						
						
					 
					
						2023-08-11 18:16:06 +08:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						54da1a69a2 
					 
					
						
						
							
							Merge pull request  #7578  from daverodgman/safer-ct5  
						
						... 
						
						
						
						Improve constant-time interface 
						
						
					 
					
						2023-08-10 16:57:39 +00:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						e6cb45e68e 
					 
					
						
						
							
							mbedtls_mpi_exp_mod: remove spurious copy of the output variable  
						
						... 
						
						
						
						Clear some confusion between `X` as the output variable and "X" as a name
given to the accumulator. Previous iterations of the code used the variable
`X` as the accumulator, but now that the accumulator is `W[x_index]`, some
of the comments didn't make sense.
Remove the copy of the initial value of `X` into `W[x_index]`, which was
meaningless: the initial value of an output variable should not, and did
not, matter. `W[x_index]` is later overridden unconditionally to take the
value `RR`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-08-10 15:59:28 +02:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						98ddc01a7c 
					 
					
						
						
							
							Rename ...if0 to ...else_0  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-08-10 12:11:31 +01:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						b7825ceb3e 
					 
					
						
						
							
							Rename uint->bool operators to reflect input types  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-08-10 11:58:18 +01:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						b2bc1712a5 
					 
					
						
						
							
							Reduce the size of the small primes table used by primality testing  
						
						... 
						
						
						
						Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-08-10 12:16:02 +02:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						960eca997d 
					 
					
						
						
							
							code style  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-08-09 20:43:18 +01:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						ebcd78561c 
					 
					
						
						
							
							Remove redundant code in mbedtls_mpi_cmp_abs  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-08-09 18:57:22 +01:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						fa703e38a2 
					 
					
						
						
							
							Use __builtin_ctz to count trailing zeros  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-08-09 18:56:07 +01:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						f3df105b37 
					 
					
						
						
							
							Generate smaller code for picking a sign value  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-08-09 18:55:41 +01:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						c98f8d996a 
					 
					
						
						
							
							Merge branch 'development' into safer-ct5  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-08-07 11:47:35 +01:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						1d4d944e19 
					 
					
						
						
							
							Merge pull request  #7933  from tom-cosgrove-arm/add-mbedtls_zeroize_and_free  
						
						... 
						
						
						
						Provide and use internal function mbedtls_zeroize_and_free() 
						
						
					 
					
						2023-08-03 12:56:21 +00:00 
						 
				 
			
				
					
						
							
							
								Chien Wong 
							
						 
					 
					
						
						
							
						
						e2caf4161b 
					 
					
						
						
							
							Fix a few unchecked value issue  
						
						... 
						
						
						
						Signed-off-by: Chien Wong <m@xv97.com > 
						
						
					 
					
						2023-08-01 22:41:17 +08:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						1f39f037bf 
					 
					
						
						
							
							Improve variable name in mbedtls_mpi_lt_mpi_ct  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-08-01 09:19:16 +01:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						32d726033b 
					 
					
						
						
							
							Improve comments in mbedtls_mpi_lt_mpi_ct  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-07-31 12:43:23 +01:00 
						 
				 
			
				
					
						
							
							
								Tom Cosgrove 
							
						 
					 
					
						
						
							
						
						bc345e8685 
					 
					
						
						
							
							Protect macro parameter expansion with parentheses  
						
						... 
						
						
						
						Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com > 
						
						
					 
					
						2023-07-25 15:17:39 +01:00 
						 
				 
			
				
					
						
							
							
								Tom Cosgrove 
							
						 
					 
					
						
						
							
						
						350226f636 
					 
					
						
						
							
							Use a macro for mbedtls_mpi_zeroize_and_free()  
						
						... 
						
						
						
						Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com > 
						
						
					 
					
						2023-07-25 15:10:14 +01:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						8e8e6b9be3 
					 
					
						
						
							
							Merge pull request  #7934  from AgathiyanB/move-declarations-to-top  
						
						... 
						
						
						
						Move declarations to top of functions 
						
						
					 
					
						2023-07-19 15:25:27 +01:00 
						 
				 
			
				
					
						
							
							
								Tom Cosgrove 
							
						 
					 
					
						
						
							
						
						46259f670f 
					 
					
						
						
							
							Internal function mbedtls_mpi_zeroize() can be mbedtls_mpi_zeroize_and_free()  
						
						... 
						
						
						
						Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com > 
						
						
					 
					
						2023-07-18 16:44:14 +01:00 
						 
				 
			
				
					
						
							
							
								Agathiyan Bragadeesh 
							
						 
					 
					
						
						
							
						
						c99840ae1f 
					 
					
						
						
							
							Move declarations in mbedtls_mpi_add_abs to top  
						
						... 
						
						
						
						Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com > 
						
						
					 
					
						2023-07-17 12:21:06 +01:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						053022fe24 
					 
					
						
						
							
							Reduce the size of mbedtls_mpi  
						
						... 
						
						
						
						Reduce the size of mbedtls_mpi from 3 words to 2 on most architectures.
This also reduces the code size significantly in bignum.o and ecp_curves.o,
with negligible variations in other modules.
This removes the ability to set MBEDTLS_MPI_MAX_LIMBS to a value >=65536,
but we don't support customizing this value anyway (it's always 10000).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-06-29 19:33:44 +02:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						2c76484005 
					 
					
						
						
							
							Fix non-opaque use of mbedtls_ct_condition_t  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-05-26 12:42:48 +01:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						2b4486a014 
					 
					
						
						
							
							Rename mbedtls_ct_uint_if_new to mbedtls_ct_uint_if  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-05-26 12:42:48 +01:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						cf06acac32 
					 
					
						
						
							
							Use new CT interface in mbedtls_mpi_safe_cond_swap  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-05-26 12:42:48 +01:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						ee54faf1cd 
					 
					
						
						
							
							Update mpi_select to use new CT interface  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-05-26 12:42:48 +01:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						1a7a5626ec 
					 
					
						
						
							
							Update mbedtls_mpi_lt_mpi_ct to new interface  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-05-26 12:42:48 +01:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						589ccb8aaa 
					 
					
						
						
							
							Update mbedtls_mpi_safe_cond_(assign|swap) part 2  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-05-26 12:42:48 +01:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						cd2e38b906 
					 
					
						
						
							
							Update mbedtls_mpi_safe_cond_(assign|swap) to use new CT interface  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-05-26 12:42:48 +01:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						7d4f019810 
					 
					
						
						
							
							Move some bignum functions out of constant_time module  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-05-26 12:42:48 +01:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						68ef1d6ee6 
					 
					
						
						
							
							Remove DIY SIZE_MAX definitions  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-05-18 20:49:03 +01:00 
						 
				 
			
				
					
						
							
							
								Minos Galanakis 
							
						 
					 
					
						
						
							
						
						0144b35f7d 
					 
					
						
						
							
							bignum: Updated mbedtls_mpi_shift_l to use the core method.  
						
						... 
						
						
						
						Signed-off-by: Minos Galanakis <minos.galanakis@arm.com > 
						
						
					 
					
						2023-05-16 17:16:26 +01:00 
						 
				 
			
				
					
						
							
							
								Tom Cosgrove 
							
						 
					 
					
						
						
							
						
						6af26f3838 
					 
					
						
						
							
							Tidy up, remove MPI_CORE(), apply the naming convention, and use the new mbedtls_mpi_core_mul()  
						
						... 
						
						
						
						Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com > 
						
						
					 
					
						2023-03-31 16:16:00 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Elliott 
							
						 
					 
					
						
						
							
						
						1748de160a 
					 
					
						
						
							
							Fix IAR Warnings  
						
						... 
						
						
						
						IAR was warning that conditional execution could bypass initialisation of
variables, although those same variables were not used uninitialised.
Signed-off-by: Paul Elliott <paul.elliott@arm.com > 
						
						
					 
					
						2023-02-13 15:35:35 +00:00 
						 
				 
			
				
					
						
							
							
								Aaron M. Ucko 
							
						 
					 
					
						
						
							
						
						af67d2c1cf 
					 
					
						
						
							
							mbedtls_mpi_sub_abs: Skip memcpy when redundant ( #6701 ).  
						
						... 
						
						
						
						In some contexts, the output pointer may equal the first input
pointer, in which case copying is not only superfluous but results in
"Source and destination overlap in memcpy" errors from Valgrind (as I
observed in the context of ecp_double_jac) and a diagnostic message
from TrustInSoft Analyzer (as Pascal Cuoq reported in the context of
other ECP functions called by cert-app with a suitable certificate).
Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov > 
						
						
					 
					
						2023-01-17 11:52:22 -05:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						449bd8303e 
					 
					
						
						
							
							Switch to the new code style  
						
						... 
						
						
						
						Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-01-11 14:50:10 +01:00 
						 
				 
			
				
					
						
							
							
								Glenn Strauss 
							
						 
					 
					
						
						
							
						
						14db51224e 
					 
					
						
						
							
							Fix IAR warning  
						
						... 
						
						
						
						Signed-off-by: Dave Rodgman <dave.rodgman@arm.com > 
						
						
					 
					
						2023-01-06 14:20:14 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						5bf8629b2c 
					 
					
						
						
							
							Merge pull request  #6303  from gilles-peskine-arm/bignum-core-random  
						
						... 
						
						
						
						Bignum: Implement mbedtls_mpi_core_random 
						
						
					 
					
						2022-12-16 09:58:07 +01:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						6b7ce968d2 
					 
					
						
						
							
							Clarify some comments  
						
						... 
						
						
						
						Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2022-12-15 15:04:33 +01:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						acbb6dc364 
					 
					
						
						
							
							Merge remote-tracking branch 'origin/development' into merge-dev  
						
						
						
						
					 
					
						2022-12-05 10:59:23 +00:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						70375b2028 
					 
					
						
						
							
							Move mbedtls_mpi_core_random to the proper source file  
						
						... 
						
						
						
						Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2022-12-01 23:46:26 +01:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						78cf3bbf22 
					 
					
						
						
							
							Bignum core: break mbedtls_mpi_core_random out of mbedtls_mpi_random  
						
						... 
						
						
						
						Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2022-12-01 23:45:45 +01:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						26be89b3f6 
					 
					
						
						
							
							Bignum core: random: prepare to break out the core function  
						
						... 
						
						
						
						Shuffle things around a bit inside mbedtls_mpi_random() in preparation for
breaking out mbedtls_mpi_core_random().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2022-12-01 23:06:43 +01:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						8a32a75aa2 
					 
					
						
						
							
							mbedtls_mpi_random: avoid local allocation  
						
						... 
						
						
						
						Rewrite the minimum bound comparison to avoid a local allocation. This costs
a bit of code size, but saves RAM. This is in preparation for moving the
bulk of the function to the bignum_core module where allocation is not
permitted.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2022-12-01 23:06:43 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						660b396e41 
					 
					
						
						
							
							Merge pull request  #975  from yanesca/issue-946  
						
						... 
						
						
						
						Fix RSA side channel 
						
						
					 
					
						2022-11-23 10:30:35 +01:00