boringssl/crypto
Adam Langley 75b833cc81 OpenSSL: make final reduction in Montgomery multiplication constant-time.
(The issue was reported by Shay Gueron.)

The final reduction in Montgomery multiplication computes if (X >= m) then X =
X - m else X = X

In OpenSSL, this was done by computing T = X - m,  doing a constant-time
selection of the *addresses* of X and T, and loading from the resulting
address. But this is not cache-neutral.

This patch changes the behaviour by loading both X and T into registers, and
doing a constant-time selection of the *values*.

TODO(fork): only some of the fixes from the original patch still apply to
the 1.0.2 code.
2014-06-20 13:17:33 -07:00
..
aes Inital import. 2014-06-20 13:17:32 -07:00
asn1 Inital import. 2014-06-20 13:17:32 -07:00
base64 Inital import. 2014-06-20 13:17:32 -07:00
bio Inital import. 2014-06-20 13:17:32 -07:00
bn OpenSSL: make final reduction in Montgomery multiplication constant-time. 2014-06-20 13:17:33 -07:00
buf Inital import. 2014-06-20 13:17:32 -07:00
bytestring Inital import. 2014-06-20 13:17:32 -07:00
cipher Inital import. 2014-06-20 13:17:32 -07:00
comp Inital import. 2014-06-20 13:17:32 -07:00
conf Inital import. 2014-06-20 13:17:32 -07:00
des Inital import. 2014-06-20 13:17:32 -07:00
dh Inital import. 2014-06-20 13:17:32 -07:00
digest Inital import. 2014-06-20 13:17:32 -07:00
dsa Inital import. 2014-06-20 13:17:32 -07:00
ec Inital import. 2014-06-20 13:17:32 -07:00
ecdh Inital import. 2014-06-20 13:17:32 -07:00
ecdsa Inital import. 2014-06-20 13:17:32 -07:00
engine Inital import. 2014-06-20 13:17:32 -07:00
err Inital import. 2014-06-20 13:17:32 -07:00
evp Inital import. 2014-06-20 13:17:32 -07:00
hmac Inital import. 2014-06-20 13:17:32 -07:00
lhash Inital import. 2014-06-20 13:17:32 -07:00
md5 Inital import. 2014-06-20 13:17:32 -07:00
modes Inital import. 2014-06-20 13:17:32 -07:00
obj Inital import. 2014-06-20 13:17:32 -07:00
pem Inital import. 2014-06-20 13:17:32 -07:00
perlasm Inital import. 2014-06-20 13:17:32 -07:00
pkcs8 Inital import. 2014-06-20 13:17:32 -07:00
rand Inital import. 2014-06-20 13:17:32 -07:00
rc4 GOT-relative lookups in RC4 code. 2014-06-20 13:17:32 -07:00
rsa Inital import. 2014-06-20 13:17:32 -07:00
sha Inital import. 2014-06-20 13:17:32 -07:00
stack Inital import. 2014-06-20 13:17:32 -07:00
x509 Inital import. 2014-06-20 13:17:32 -07:00
x509v3 Inital import. 2014-06-20 13:17:32 -07:00
arm_arch.h Inital import. 2014-06-20 13:17:32 -07:00
base.h Inital import. 2014-06-20 13:17:32 -07:00
CMakeLists.txt Inital import. 2014-06-20 13:17:32 -07:00
cpu-arm.c Inital import. 2014-06-20 13:17:32 -07:00
cpu-intel.c Inital import. 2014-06-20 13:17:32 -07:00
cpu-x86_64-asm.pl Inital import. 2014-06-20 13:17:32 -07:00
cpu-x86-asm.pl Inital import. 2014-06-20 13:17:32 -07:00
cpu.h Inital import. 2014-06-20 13:17:32 -07:00
crypto_error.c Inital import. 2014-06-20 13:17:32 -07:00
crypto_error.h Inital import. 2014-06-20 13:17:32 -07:00
directory_posix.c Inital import. 2014-06-20 13:17:32 -07:00
directory_win.c Inital import. 2014-06-20 13:17:32 -07:00
directory.h Inital import. 2014-06-20 13:17:32 -07:00
ex_data_impl.c Inital import. 2014-06-20 13:17:32 -07:00
ex_data.c Inital import. 2014-06-20 13:17:32 -07:00
ex_data.h Inital import. 2014-06-20 13:17:32 -07:00
header_removed.h Inital import. 2014-06-20 13:17:32 -07:00
internal.h Inital import. 2014-06-20 13:17:32 -07:00
mem_clear.c Inital import. 2014-06-20 13:17:32 -07:00
mem.c Inital import. 2014-06-20 13:17:32 -07:00
mem.h Inital import. 2014-06-20 13:17:32 -07:00
thread.c Inital import. 2014-06-20 13:17:32 -07:00
thread.h Inital import. 2014-06-20 13:17:32 -07:00
time_support.c Inital import. 2014-06-20 13:17:32 -07:00
time_support.h Inital import. 2014-06-20 13:17:32 -07:00
type_check.h Inital import. 2014-06-20 13:17:32 -07:00