boringssl/crypto/fipsmodule/bn
David Benjamin f6d9f0b58e bn/asm/*-mont.pl: fix memory access pattern in final subtraction.
Montgomery multiplication post-conditions in some of code paths were
formally non-constant time. Cache access pattern was result-neutral,
but a little bit asymmetric, which might have produced a signal [if
processor reordered load and stores at run-time].

(Imported from upstream's 774ff8fed67e19d4f5f0df2f59050f2737abab2a.)

Change-Id: I77443fb79242b77e704c34d69f1de9e3162e9538
Reviewed-on: https://boringssl-review.googlesource.com/27987
Reviewed-by: Adam Langley <agl@google.com>
2018-05-03 23:21:22 +00:00
..
asm bn/asm/*-mont.pl: fix memory access pattern in final subtraction. 2018-05-03 23:21:22 +00:00
add.c Name constant-time functions more consistently. 2018-03-29 23:30:55 +00:00
bn_test_to_fuzzer.go Generate bn_div and bn_mod_exp corpus from bn_tests.txt. 2017-10-27 18:57:48 +00:00
bn_test.cc Require BN_mod_exp_mont* inputs be reduced. 2018-04-24 18:29:29 +00:00
bn_tests.txt Fix bn_mod_exp_mont_small when exponentiating to zero. 2018-04-18 22:13:16 +00:00
bn.c Don't leak |a| in the primality test. 2018-03-28 01:44:31 +00:00
bytes.c Simplify BN_bn2bin_padded. 2018-02-06 02:41:38 +00:00
check_bn_tests.go Add new GCD and related primitives. 2018-03-30 19:53:36 +00:00
cmp.c Make various BIGNUM comparisons constant-time. 2018-03-26 18:53:53 +00:00
ctx.c
div.c Add EC_FELEM for EC_POINTs and related temporaries. 2018-04-25 16:39:58 +00:00
exponentiation.c Require BN_mod_exp_mont* inputs be reduced. 2018-04-24 18:29:29 +00:00
gcd.c Add a constant-time generic modular inverse function. 2018-03-30 19:53:44 +00:00
generic.c Enable __asm__ and uint128_t code in clang-cl. 2017-12-11 22:46:26 +00:00
internal.h Add EC_FELEM for EC_POINTs and related temporaries. 2018-04-25 16:39:58 +00:00
jacobi.c Rename bn->top to bn->width. 2018-02-05 23:44:24 +00:00
montgomery_inv.c Restore the BN_mod codepath for public Montgomery moduli. 2018-04-20 20:50:15 +00:00
montgomery.c Remove return values from bn_*_small. 2018-04-24 15:34:32 +00:00
mul.c Remove return values from bn_*_small. 2018-04-24 15:34:32 +00:00
prime.c Restore the BN_mod codepath for public Montgomery moduli. 2018-04-20 20:50:15 +00:00
random.c Rewrite BN_rand without an extra malloc. 2018-04-02 18:07:12 +00:00
rsaz_exp.c Document RSAZ slightly better. 2018-02-15 18:14:04 +00:00
rsaz_exp.h clang-format RSAZ C code. 2018-02-13 22:30:03 +00:00
shift.c Use bn_rshift_words for the ECDSA bit-shift. 2018-04-02 18:17:39 +00:00
sqrt.c Name constant-time functions more consistently. 2018-03-29 23:30:55 +00:00