* mpi/mpiutil.c (_gcry_mpi_set_cond, _gcry_mpi_swap_cond): Use
_gcry_ct_vzero and _gcry_ct_vone.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
mpi/mpiutil.c | 17 +++++++----------
1 file changed, 7 insertions(+), 10 deletions(-)
diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c
index d5a1b8a8..f7506718 100644
--- a/mpi/mpiutil.c
+++ b/mpi/mpiutil.c
@@ -27,6 +27,7 @@
#include "g10lib.h"
#include "mpi-internal.h"
#include "mod-source-info.h"
+#include "const-time.h"
#if SIZEOF_UNSIGNED_INT == 2
@@ -46,12 +47,6 @@
/* Constants allocated right away at startup. */
static gcry_mpi_t constants[MPI_NUMBER_OF_CONSTANTS];
-/* These variables are used to generate masks from conditional operation
- * flag parameters. Use of volatile prevents compiler optimizations from
- * converting AND-masking to conditional branches. */
-static volatile mpi_limb_t vzero = 0;
-static volatile mpi_limb_t vone = 1;
-
const char *
_gcry_mpi_get_hw_config (void)
@@ -513,10 +508,11 @@ _gcry_mpi_set (gcry_mpi_t w, gcry_mpi_t u)
gcry_mpi_t
_gcry_mpi_set_cond (gcry_mpi_t w, const gcry_mpi_t u, unsigned long set)
{
+ /* Note: dual mask with AND/OR used for EM leakage mitigation */
+ mpi_limb_t mask1 = _gcry_ct_vzero - set;
+ mpi_limb_t mask2 = set - _gcry_ct_vone;
mpi_size_t i;
mpi_size_t nlimbs = u->alloced;
- mpi_limb_t mask1 = vzero - set;
- mpi_limb_t mask2 = set - vone;
mpi_limb_t xu;
mpi_limb_t xw;
mpi_limb_t *uu = u->d;
@@ -614,10 +610,11 @@ _gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b)
void
_gcry_mpi_swap_cond (gcry_mpi_t a, gcry_mpi_t b, unsigned long swap)
{
+ /* Note: dual mask with AND/OR used for EM leakage mitigation */
+ mpi_limb_t mask1 = _gcry_ct_vzero - swap;
+ mpi_limb_t mask2 = swap - _gcry_ct_vone;
mpi_size_t i;
mpi_size_t nlimbs;
- mpi_limb_t mask1 = vzero - swap;
- mpi_limb_t mask2 = swap - vone;
mpi_limb_t *ua = a->d;
mpi_limb_t *ub = b->d;
mpi_limb_t xa;
--
2.40.1
_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gcrypt-devel
_gcry_ct_vzero and _gcry_ct_vone.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
mpi/mpiutil.c | 17 +++++++----------
1 file changed, 7 insertions(+), 10 deletions(-)
diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c
index d5a1b8a8..f7506718 100644
--- a/mpi/mpiutil.c
+++ b/mpi/mpiutil.c
@@ -27,6 +27,7 @@
#include "g10lib.h"
#include "mpi-internal.h"
#include "mod-source-info.h"
+#include "const-time.h"
#if SIZEOF_UNSIGNED_INT == 2
@@ -46,12 +47,6 @@
/* Constants allocated right away at startup. */
static gcry_mpi_t constants[MPI_NUMBER_OF_CONSTANTS];
-/* These variables are used to generate masks from conditional operation
- * flag parameters. Use of volatile prevents compiler optimizations from
- * converting AND-masking to conditional branches. */
-static volatile mpi_limb_t vzero = 0;
-static volatile mpi_limb_t vone = 1;
-
const char *
_gcry_mpi_get_hw_config (void)
@@ -513,10 +508,11 @@ _gcry_mpi_set (gcry_mpi_t w, gcry_mpi_t u)
gcry_mpi_t
_gcry_mpi_set_cond (gcry_mpi_t w, const gcry_mpi_t u, unsigned long set)
{
+ /* Note: dual mask with AND/OR used for EM leakage mitigation */
+ mpi_limb_t mask1 = _gcry_ct_vzero - set;
+ mpi_limb_t mask2 = set - _gcry_ct_vone;
mpi_size_t i;
mpi_size_t nlimbs = u->alloced;
- mpi_limb_t mask1 = vzero - set;
- mpi_limb_t mask2 = set - vone;
mpi_limb_t xu;
mpi_limb_t xw;
mpi_limb_t *uu = u->d;
@@ -614,10 +610,11 @@ _gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b)
void
_gcry_mpi_swap_cond (gcry_mpi_t a, gcry_mpi_t b, unsigned long swap)
{
+ /* Note: dual mask with AND/OR used for EM leakage mitigation */
+ mpi_limb_t mask1 = _gcry_ct_vzero - swap;
+ mpi_limb_t mask2 = swap - _gcry_ct_vone;
mpi_size_t i;
mpi_size_t nlimbs;
- mpi_limb_t mask1 = vzero - swap;
- mpi_limb_t mask2 = swap - vone;
mpi_limb_t *ua = a->d;
mpi_limb_t *ub = b->d;
mpi_limb_t xa;
--
2.40.1
_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gcrypt-devel