kevin/libsodium
1
Fork 0
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-19 10:05:05 -07:00
Code Releases Wiki Activity

Start introducing optblockers to prevent unwanted conditional jumps

Browse Source
This commit is contained in:
Frank Denis 2024-08-01 14:25:32 +02:00
parent 8c54312a62
commit 92611e300d
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c
View File

@ -321,6 +321,8 @@ slide_vartime(signed char *r, const unsigned char *a)
}
}
static volatile unsigned char optblocker_u8;
int
ge25519_frombytes(ge25519_p3 *h, const unsigned char *s)
{
@ -353,7 +355,7 @@ ge25519_frombytes(ge25519_p3 *h, const unsigned char *s)
fe25519_cmov(h->X, x_sqrtm1, 1 - has_m_root);
fe25519_neg(negx, h->X);
fe25519_cmov(h->X, negx, fe25519_isnegative(h->X) ^ (s[31] >> 7));
fe25519_cmov(h->X, negx, fe25519_isnegative(h->X) ^ (((s[31] >> 5) ^ optblocker_u8) >> 2));
fe25519_mul(h->T, h->X, h->Y);
return (has_m_root | has_p_root) - 1;