kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
34a2c5e476
boringssl/crypto/fipsmodule/rsa
History
David Benjamin 3b3e12d81e Simplify BN_bn2bin_padded. 
There is no more need for the "constant-time" reading beyond bn->top. We
can write the bytes out naively because RSA computations no longer call
bn_correct_top/bn_set_minimal_width.

Specifically, the final computation is a BN_mod_mul_montgomery to remove
the blinding, and that keeps the sizes correct.

Bug: 237
Change-Id: I6e90d81c323b644e179d899f411479ea16deab98
Reviewed-on: https://boringssl-review.googlesource.com/25324
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2018-02-06 02:41:38 +00:00
..
blinding.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
internal.h Make BN_generate_dsa_nonce internally constant-time. 2017-11-20 16:18:30 +00:00
padding.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
rsa_impl.c Simplify BN_bn2bin_padded. 2018-02-06 02:41:38 +00:00
rsa.c Make the rest of RSA CRT constant-time. 2018-02-06 02:40:34 +00:00