kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ec3cb3adbc
boringssl/crypto/bn
History
Brian Smith ec3cb3adbc Add |BN_mod_inverse_blinded| and use it in RSA blinding. 
Yo dawg I herd you like blinding so I put inversion blinding in your
RSA blinding so you can randomly mask your random mask.

This improves upon the current situation where we pretend that
|BN_mod_inverse_no_branch| is constant-time, and it avoids the need to
exert a lot of effort to make a actually-constant-time modular
inversion function just for RSA blinding.

Note that if the random number generator weren't working correctly then
the blinding of the inversion wouldn't be very effective, but in that
case the RSA blinding itself would probably be completely busted, so
we're not really losing anything by relying on blinding to blind the
blinding.

Change-Id: I771100f0ad8ed3c24e80dd859ec22463ef2a194f
Reviewed-on: https://boringssl-review.googlesource.com/8923
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-07-29 18:30:34 +00:00
..
asm Switch perlasm calling convention. 2016-06-27 21:59:26 +00:00
add.c Switch unrolled loop in BN_usub with memcpy. 2015-12-16 17:38:48 +00:00
bn_asn1.c Rename the BIGNUM ASN.1 functions. 2016-01-27 22:37:44 +00:00
bn_test.cc Add a test for BN_cmp_word. 2016-07-29 16:39:04 +00:00
bn_tests.txt Add tests for |BN_mod_inverse| with modulus 1. 2016-07-28 18:07:03 +00:00
bn.c Set |bn->neg| to zero in |bn_set_words|. 2016-03-11 19:21:11 +00:00
check_bn_tests.go Add tests for |BN_mod_inverse| with modulus 1. 2016-07-28 18:07:03 +00:00
CMakeLists.txt Add AArch64 Montgomery assembly. 2015-11-10 19:13:46 +00:00
cmp.c Add BN_rand_range_ex and use internally. 2016-07-29 16:09:26 +00:00
convert.c Fix memory leak on error in BN_mpi2bn. 2016-04-29 16:20:14 +00:00
ctx.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
div.c Fix BN_mod_word bug. 2016-06-09 19:05:31 +00:00
exponentiation.c Remove unuseful comments in |BN_mod_exp|. 2016-05-13 19:10:47 +00:00
gcd.c Add |BN_mod_inverse_blinded| and use it in RSA blinding. 2016-07-29 18:30:34 +00:00
generic.c Move |bn_div_words| to crypto/bn/div.c and make it static. 2016-02-25 16:16:14 +00:00
internal.h Wrap MSVC-only warning pragmas in a macro. 2016-06-09 21:29:36 +00:00
kronecker.c
montgomery.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
mul.c Make local functions static. 2016-03-20 16:37:58 +00:00
prime.c Handle BN_mod_word failures. 2016-06-23 21:25:18 +00:00
random.c Add BN_rand_range_ex and use internally. 2016-07-29 16:09:26 +00:00
rsaz_exp.c Use |alignas| for alignment. 2016-01-25 23:05:04 +00:00
rsaz_exp.h Fix license on rsaz_exp.h. 2015-07-27 22:21:11 +00:00
shift.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
sqrt.c Document that BN_mod_sqrt assumes p is a prime. 2016-07-06 23:15:41 +00:00