boringssl/crypto/cipher
Adam Langley 54a8d7c14f Use Barrett reduction in CBC processing rather than tricks.
Division isn't constant-time on Intel chips so the code was adding a
large multiple of md_size to try and force the operation to always take
the maximum amount of time.

I'm less convinced, these days, that compilers aren't going to get smart
enough to optimise that away so use Barrett reduction instead.

Change-Id: Ib8c514192682a2fcb4b1fb7e7c6dd1301d9888d0
Reviewed-on: https://boringssl-review.googlesource.com/6906
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <alangley@gmail.com>
2016-01-27 22:05:01 +00:00
..
test Fix ChaCha20-Poly1305 tests. 2015-12-16 21:20:49 +00:00
aead_test.cc Point EVP_aead_chacha20_poly1305 at the standardized version. 2015-12-16 21:22:11 +00:00
aead.c Add SSL_get_ivs. 2015-11-04 19:45:28 +00:00
cipher_test.cc Remove stl_compat.h. 2015-11-11 22:19:36 +00:00
cipher.c Add |EVP_rc2_cbc| and implement |EVP_CTRL_SET_RC2_KEY_BITS|. 2015-08-05 21:23:56 +00:00
CMakeLists.txt Add a run_tests target to run all tests. 2015-10-26 20:33:44 +00:00
derive_key.c
e_aes.c Use UINT64_C instead of OPENSSL_U64. 2015-11-16 23:18:00 +00:00
e_chacha20poly1305.c Use |alignas| for alignment. 2016-01-25 23:05:04 +00:00
e_des.c Re-add |EVP_des_ede|, which is ECB. 2015-08-20 21:33:21 +00:00
e_null.c
e_rc2.c Add |EVP_rc2_cbc| and implement |EVP_CTRL_SET_RC2_KEY_BITS|. 2015-08-05 21:23:56 +00:00
e_rc4.c Remove the stitched RC4-MD5 code and use the generic one. 2015-12-16 23:57:42 +00:00
e_ssl3.c Add SSL_get_ivs. 2015-11-04 19:45:28 +00:00
e_tls.c Remove the stitched RC4-MD5 code and use the generic one. 2015-12-16 23:57:42 +00:00
internal.h Add SSL_get_ivs. 2015-11-04 19:45:28 +00:00
tls_cbc.c Use Barrett reduction in CBC processing rather than tricks. 2016-01-27 22:05:01 +00:00