kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
b25140c7b6
boringssl/crypto/fipsmodule
History
David Benjamin b25140c7b6 Fix timing leak in BN_from_montgomery_word. 
BN_from_montgomery_word doesn't have a constant memory access pattern.
Replace the pointer trick with constant_time_select_w. There is, of
course, still the bn_correct_top leak pervasive in BIGNUM itself.

I wasn't able to measure a performance on RSA operations before or after
this change, but the benchmarks would vary wildly run to run. But one
would assume the logic here is nothing compared to the actual reduction.

Change-Id: Ide761fde3a091a93679f0a803a287aa5d0d4600d
Reviewed-on: https://boringssl-review.googlesource.com/22904
Reviewed-by: Adam Langley <agl@google.com>
2017-11-20 16:18:09 +00:00
..
aes es/asm/{aes-armv4|bsaes-armv7}.pl: make it work with binutils-2.29. 2017-11-08 16:53:04 +00:00
bn Fix timing leak in BN_from_montgomery_word. 2017-11-20 16:18:09 +00:00
cipher Add more compatibility symbols for Node. 2017-11-03 01:31:50 +00:00
des Explicit fallthrough on switch 2017-09-20 19:58:25 +00:00
digest Switch OPENSSL_VERSION_NUMBER to 1.1.0. 2017-09-29 04:51:27 +00:00
ec Check EC_POINT/EC_GROUP compatibility more accurately. 2017-10-28 08:02:50 +00:00
ecdsa Add ECDSA tests for custom curves. 2017-11-17 12:18:16 +00:00
hmac Switch OPENSSL_VERSION_NUMBER to 1.1.0. 2017-09-29 04:51:27 +00:00
md4 Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
md5 Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
modes Appease UBSan on pointer alignment. 2017-11-10 21:07:03 +00:00
policydocs Update FIPS documentation with pointer to the cert and security policy. 2017-07-20 03:32:08 +00:00
rand Remove CTR_DRBG_STATE alignment marker. 2017-09-18 19:17:52 +00:00
rsa Use a higher iteration limit for RSA key generation at e = 3. 2017-11-03 19:37:31 +00:00
sha Revert assembly changes in "Hide CPU capability symbols in C." 2017-10-30 20:39:57 +00:00
bcm.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
CMakeLists.txt Convert example_mul to GTest. 2017-07-10 19:28:29 +00:00
delocate.h Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
FIPS.md Update FIPS documentation with pointer to the cert and security policy. 2017-07-20 03:32:08 +00:00
intcheck1.png
intcheck2.png Inject FIPS hash without running module. 2017-04-12 23:09:38 +00:00
intcheck3.png
is_fips.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00