QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-05-07 06:59:41 +00:00
Code Issues Projects Releases Wiki Activity

Add value_barriers in constant time select functions

Browse Source 
The barriers prevent the compiler from narrowing down the
possible value range of the mask and ~mask in the select
statements, which avoids the recognition of the select
and turning it into a conditional load or branch.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9418)
This commit is contained in:
Bernd Edlinger 2019-06-21 21:26:19 +02:00
parent 69ae4153af
commit 92a2f01ea4
1 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
include/internal/constant_time_locl.h
View File

@ -158,11 +158,29 @@ static ossl_inline unsigned char constant_time_eq_int_8(int a, int b)
return constant_time_eq_8((unsigned)(a), (unsigned)(b)); return constant_time_eq_8((unsigned)(a), (unsigned)(b));
} }
/*
* Returns the value unmodified, but avoids optimizations.
* The barriers prevent the compiler from narrowing down the
* possible value range of the mask and ~mask in the select
* statements, which avoids the recognition of the select
* and turning it into a conditional load or branch.
*/
static ossl_inline unsigned int value_barrier(unsigned int a)
{
#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
unsigned int r;
__asm__("" : "=r"(r) : "0"(a));
#else
volatile unsigned int r = a;
#endif
return r;
}
static ossl_inline unsigned int constant_time_select(unsigned int mask, static ossl_inline unsigned int constant_time_select(unsigned int mask,
unsigned int a, unsigned int a,
unsigned int b) unsigned int b)
{ {
return (mask & a) | (~mask & b); return (value_barrier(mask) & a) | (value_barrier(~mask) & b);
} }
static ossl_inline unsigned char constant_time_select_8(unsigned char mask, static ossl_inline unsigned char constant_time_select_8(unsigned char mask,