kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
e97fb48fbe
boringssl/crypto
History
Brian Smith ec3cb3adbc Add |BN_mod_inverse_blinded| and use it in RSA blinding. 
Yo dawg I herd you like blinding so I put inversion blinding in your
RSA blinding so you can randomly mask your random mask.

This improves upon the current situation where we pretend that
|BN_mod_inverse_no_branch| is constant-time, and it avoids the need to
exert a lot of effort to make a actually-constant-time modular
inversion function just for RSA blinding.

Note that if the random number generator weren't working correctly then
the blinding of the inversion wouldn't be very effective, but in that
case the RSA blinding itself would probably be completely busted, so
we're not really losing anything by relying on blinding to blind the
blinding.

Change-Id: I771100f0ad8ed3c24e80dd859ec22463ef2a194f
Reviewed-on: https://boringssl-review.googlesource.com/8923
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-07-29 18:30:34 +00:00
..
aes Import (unreachable) bsaes-armv7.pl XTS fixes. 2016-07-26 19:47:12 +00:00
asn1 Always check that the value returned by asn1_do_adb() is non-NULL. 2016-07-26 22:41:51 +00:00
base64 Replace base64 decoding. 2016-05-26 17:59:10 +00:00
bio Inline bio_set. 2016-07-25 18:44:46 +00:00
bn Add |BN_mod_inverse_blinded| and use it in RSA blinding. 2016-07-29 18:30:34 +00:00
buf Add BUF_MEM_reserve. 2016-05-18 19:09:06 +00:00
bytestring Check for overflow in CBB_add_u24. 2016-07-26 15:19:41 +00:00
chacha Switch perlasm calling convention. 2016-06-27 21:59:26 +00:00
cipher Revert "Move C++ helpers into |bssl| namespace." 2016-07-12 08:09:33 -07:00
cmac Revert "Move C++ helpers into |bssl| namespace." 2016-07-12 08:09:33 -07:00
conf Add missing internal includes. 2016-03-20 16:38:54 +00:00
curve25519 Revert "Move C++ helpers into |bssl| namespace." 2016-07-12 08:09:33 -07:00
des
dh Add BN_rand_range_ex and use internally. 2016-07-29 16:09:26 +00:00
digest Revert "Move C++ helpers into |bssl| namespace." 2016-07-12 08:09:33 -07:00
dsa Add BN_rand_range_ex and use internally. 2016-07-29 16:09:26 +00:00
ec Add BN_rand_range_ex and use internally. 2016-07-29 16:09:26 +00:00
ecdh
ecdsa Add BN_rand_range_ex and use internally. 2016-07-29 16:09:26 +00:00
engine
err Add TLS 1.3 1-RTT. 2016-07-18 09:54:46 +00:00
evp Change |EVP_PKEY_up_ref| to return int. 2016-07-12 17:55:41 +00:00
hkdf Const-correct HKDF_expand. 2016-07-16 07:55:19 +00:00
hmac Revert "Move C++ helpers into |bssl| namespace." 2016-07-12 08:09:33 -07:00
lhash Use non-deprecated methods on windows. 2016-05-19 20:30:50 +00:00
md4 Revert md_len removal from SHA256_CTX and SHA512_CTX. 2016-04-27 19:01:23 +00:00
md5 Switch perlasm calling convention. 2016-06-27 21:59:26 +00:00
modes Switch perlasm calling convention. 2016-06-27 21:59:26 +00:00
newhope Revert "Move C++ helpers into |bssl| namespace." 2016-07-12 08:09:33 -07:00
obj Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
pem Reject inappropriate private key encryption ciphers. 2016-05-03 16:30:08 +00:00
perlasm Sync x86 perlasm drivers with upstream master. 2016-06-27 22:00:51 +00:00
pkcs8 Revert "Move C++ helpers into |bssl| namespace." 2016-07-12 08:09:33 -07:00
poly1305 Revert "Move C++ helpers into |bssl| namespace." 2016-07-12 08:09:33 -07:00
rand Define RAND_cleanup in one place only 2016-07-11 17:02:45 +00:00
rc4 Switch perlasm calling convention. 2016-06-27 21:59:26 +00:00
rsa Add |BN_mod_inverse_blinded| and use it in RSA blinding. 2016-07-29 18:30:34 +00:00
sha Fix the comments for |SHA[256|384|512]_Transform|. 2016-07-28 21:49:48 +00:00
stack Fix stack macro const-ness. 2016-05-13 18:24:57 +00:00
test Revert "Move C++ helpers into |bssl| namespace." 2016-07-12 08:09:33 -07:00
x509 Remove OPENSSL_ALLOW_PROXY_CERTS. 2016-07-26 22:49:52 +00:00
x509v3 Fix an error path leak in do_ext_nconf() 2016-07-26 19:11:01 +00:00
CMakeLists.txt Switch perlasm calling convention. 2016-06-27 21:59:26 +00:00
constant_time_test.c
cpu-aarch64-linux.c Rewrite ARM feature detection. 2016-03-26 04:54:44 +00:00
cpu-arm-linux.c Make CRYPTO_is_NEON_capable aware of the buggy CPU. 2016-04-28 16:42:21 +00:00
cpu-arm.c Rewrite ARM feature detection. 2016-03-26 04:54:44 +00:00
cpu-intel.c Wrap MSVC-only warning pragmas in a macro. 2016-06-09 21:29:36 +00:00
crypto.c Add no-op function ENGINE_register_all_complete. 2016-07-12 17:54:41 +00:00
ex_data.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
internal.h Remove compatibility 'inline' define. 2016-06-27 22:16:03 +00:00
mem.c Breaking news: 1998 has come and gone. 2016-07-11 23:51:47 +00:00
refcount_c11.c
refcount_lock.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
refcount_test.c
thread_none.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
thread_pthread.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
thread_test.c Wrap MSVC-only warning pragmas in a macro. 2016-06-09 21:29:36 +00:00
thread_win.c Wrap MSVC-only warning pragmas in a macro. 2016-06-09 21:29:36 +00:00
thread.c Remove a bunch of unnecessary includes. 2016-06-28 20:31:14 +00:00
time_support.c Remove some mingw support cruft. 2016-01-25 23:05:45 +00:00