kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
b25140c7b6
boringssl/crypto/fipsmodule/bn
History
David Benjamin b25140c7b6 Fix timing leak in BN_from_montgomery_word. 
BN_from_montgomery_word doesn't have a constant memory access pattern.
Replace the pointer trick with constant_time_select_w. There is, of
course, still the bn_correct_top leak pervasive in BIGNUM itself.

I wasn't able to measure a performance on RSA operations before or after
this change, but the benchmarks would vary wildly run to run. But one
would assume the logic here is nothing compared to the actual reduction.

Change-Id: Ide761fde3a091a93679f0a803a287aa5d0d4600d
Reviewed-on: https://boringssl-review.googlesource.com/22904
Reviewed-by: Adam Langley <agl@google.com>
2017-11-20 16:18:09 +00:00
..
asm Document some BIGNUM internals. 2017-11-10 22:43:13 +00:00
add.c Clear no-op BN_MASK2 masks. 2017-10-27 02:38:45 +00:00
bn_test_to_fuzzer.go Generate bn_div and bn_mod_exp corpus from bn_tests.txt. 2017-10-27 18:57:48 +00:00
bn_test.cc Handle malloc failures better in bn_test.cc. 2017-10-30 18:53:48 +00:00
bn_tests.txt bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal. 2017-11-02 17:07:57 +00:00
bn.c Remove redundant calls to |OPENSSL_cleanse| and |OPENSSL_realloc_clean|. 2017-09-18 19:16:51 +00:00
bytes.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
check_bn_tests.go
cmp.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
ctx.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
div.c Align |BN_div| with its documentation. 2017-11-06 22:55:30 +00:00
exponentiation.c Tidy up BN_mod_exp_mont. 2017-11-10 22:43:54 +00:00
gcd.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
generic.c Document some BIGNUM internals. 2017-11-10 22:43:13 +00:00
internal.h Remove BN_TBIT. 2017-11-10 22:43:37 +00:00
jacobi.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
montgomery_inv.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
montgomery.c Fix timing leak in BN_from_montgomery_word. 2017-11-20 16:18:09 +00:00
mul.c Document some BIGNUM internals. 2017-11-10 22:43:13 +00:00
prime.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
random.c Remove redundant calls to |OPENSSL_cleanse| and |OPENSSL_realloc_clean|. 2017-09-18 19:16:51 +00:00
rsaz_exp.c
rsaz_exp.h
shift.c Remove BN_TBIT. 2017-11-10 22:43:37 +00:00
sqrt.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00