kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
6 Commits 12 Branches 0 Tags 38 MiB
C 43.1%
C++ 23.5%
Go 13.6%
Raku 10.8%
Perl 4%
Other 4.9%
75b833cc81
Go to file
Adam Langley 75b833cc81 OpenSSL: make final reduction in Montgomery multiplication constant-time. 
(The issue was reported by Shay Gueron.)

The final reduction in Montgomery multiplication computes if (X >= m) then X =
X - m else X = X

In OpenSSL, this was done by computing T = X - m,  doing a constant-time
selection of the *addresses* of X and T, and loading from the resulting
address. But this is not cache-neutral.

This patch changes the behaviour by loading both X and T into registers, and
doing a constant-time selection of the *values*.

TODO(fork): only some of the fixes from the original patch still apply to
the 1.0.2 code.
2014-06-20 13:17:33 -07:00
crypto OpenSSL: make final reduction in Montgomery multiplication constant-time. 2014-06-20 13:17:33 -07:00
doc Inital import. 2014-06-20 13:17:32 -07:00
include/openssl Inital import. 2014-06-20 13:17:32 -07:00
ssl Add support for asynchronous session lookup. 2014-06-20 13:17:32 -07:00
tool Inital import. 2014-06-20 13:17:32 -07:00
util Inital import. 2014-06-20 13:17:32 -07:00
.clang-format Inital import. 2014-06-20 13:17:32 -07:00
.gitignore Inital import. 2014-06-20 13:17:32 -07:00
BUGS Inital import. 2014-06-20 13:17:32 -07:00
BUILDING Inital import. 2014-06-20 13:17:32 -07:00
CMakeLists.txt Inital import. 2014-06-20 13:17:32 -07:00