mbedtls/library
Gilles Peskine 8f6726623a Remove a secret-dependent branch in Montgomery multiplication
In mpi_montmul, an auxiliary function for modular
exponentiation (mbedtls_mpi_mod_exp) that performs Montgomery
multiplication, the last step is a conditional subtraction to force
the result into the correct range. The current implementation uses a
branch and therefore may leak information about secret data to an
adversary who can observe what branch is taken through a side channel.

Avoid this potential leak by always doing the same subtraction and
doing a contant-trace conditional assignment to set the result.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-09 11:31:30 +02:00
..
.gitignore
aes.c Zeroize local AES variables before exiting the function 2019-11-12 03:34:03 -05:00
aesni.c
arc4.c
aria.c Implement parameter validation for ARIA module 2018-12-19 12:51:00 +00:00
asn1parse.c
asn1write.c Fix ASN1 bitstring writing 2019-02-11 21:13:33 +00:00
base64.c
bignum.c Remove a secret-dependent branch in Montgomery multiplication 2020-06-09 11:31:30 +02:00
blowfish.c Implement parameter validation for Blowfish module 2018-12-19 12:52:59 +00:00
camellia.c Minor improvements to Camellia module and documentation 2018-12-19 13:42:05 +00:00
ccm.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
certs.c Update certificates to expire in 2029 2019-07-10 18:35:10 +03:00
chacha20.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
chachapoly.c
cipher_wrap.c
cipher.c Remove redundant block_size validity check 2020-01-27 15:16:16 +01:00
cmac.c
CMakeLists.txt Bump version to Mbed TLS 2.16.6 2020-04-08 17:17:27 +01:00
ctr_drbg.c Merge remote-tracking branch 'origin/mbedtls-2.16' into mbedtls-2.16-restricted 2020-01-15 16:59:41 +00:00
debug.c Merge remote-tracking branch 'origin/pr/1818' into mbedtls-2.16 2019-03-05 16:28:18 +00:00
des.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
dhm.c Allow DHM self test to run without MBEDTLS_PEM_PARSE_C 2019-05-30 10:58:12 +01:00
ecdh.c Fix mbedtls_ecdh_get_params with new ECDH context 2019-02-22 12:51:51 +01:00
ecdsa.c Fix incrementing pointer instead of value 2020-01-24 12:35:47 +01:00
ecjpake.c Fix handling of md failure 2019-07-08 15:44:18 +02:00
ecp_curves.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
ecp.c Fix leakage of projective coordinates in ECC 2020-04-01 11:02:18 +02:00
entropy_poll.c
entropy.c
error.c Fix #2370, minor typos and spelling mistakes 2019-02-18 14:50:57 +00:00
gcm.c Improve parameter validation in mbedtls_gcm_free() 2018-12-19 17:32:19 +01:00
havege.c Prevent building the HAVEGE module on platforms where it doesn't work 2019-06-17 15:12:51 +02:00
hkdf.c
hmac_drbg.c HMAC_DRBG: support set_entropy_len() before seed() 2019-10-23 18:00:03 +02:00
Makefile Fix #2370, minor typos and spelling mistakes 2019-02-18 14:50:57 +00:00
md2.c
md4.c Add more missing parentheses around macro parameters 2019-04-24 10:52:53 +02:00
md5.c Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
md_wrap.c
md.c
memory_buffer_alloc.c
net_sockets.c net_sockets: Fix typo in net_would_block() 2019-06-20 16:33:02 +01:00
nist_kw.c Remove faulty cipher_finish calls from nist_kw 2018-12-20 12:15:40 +01:00
oid.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
padlock.c
pem.c
pk_wrap.c
pk.c Merge remote-tracking branch 'public/pr/1721' into development-restricted 2018-12-20 12:37:13 +00:00
pkcs5.c
pkcs11.c
pkcs12.c
pkparse.c Fix pkparse bug wrt MBEDTLS_RSA_ALT 2020-02-18 10:49:06 +01:00
pkwrite.c Merge remote-tracking branch 'upstream-restricted/pr/503' into mbedtls-2.16-restricted 2019-08-14 16:39:24 +02:00
platform_util.c Check for zero length and NULL buffer pointer 2019-09-04 11:19:38 +01:00
platform.c
poly1305.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
ripemd160.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
rsa_internal.c
rsa.c Parse RSA parameters DP, DQ and QP from PKCS1 private keys 2020-01-29 13:09:55 -05:00
sha1.c Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
sha256.c Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
sha512.c Add more missing parentheses around macro parameters 2019-04-24 10:52:53 +02:00
ssl_cache.c
ssl_ciphersuites.c Reduce priority of 3DES ciphersuites 2019-03-01 10:29:13 +01:00
ssl_cli.c Parse HelloVerifyRequest: avoid buffer overread at the start 2019-11-21 14:09:49 +01:00
ssl_cookie.c
ssl_srv.c Fix #2370, minor typos and spelling mistakes 2019-02-18 14:50:57 +00:00
ssl_ticket.c
ssl_tls.c Improve debug logging of client hard reconnect 2020-03-31 12:32:38 +02:00
threading.c
timing.c timing: Remove redundant include file 2019-06-20 16:33:02 +01:00
version_features.c Move MBEDTLS_CTR_DRBG_USE_128_BIT_KEY to the correct section 2019-10-04 11:21:25 +02:00
version.c
x509_create.c
x509_crl.c Always return a high-level error code from X.509 module 2019-06-04 14:01:10 +01:00
x509_crt.c Guard from undefined behaviour in case of an INT_MAX max_pathlen 2020-04-17 11:29:20 +02:00
x509_csr.c
x509.c Correct comment on the configuration option in x509.c 2020-03-28 00:35:49 +00:00
x509write_crt.c Change size of preallocated buffer for pk_sign() calls 2019-06-06 13:13:26 +02:00
x509write_csr.c Add missing return code check on call to mbedtls_md() 2020-01-22 18:59:37 +01:00
xtea.c