diff options
| author | weidai <weidai@57ff6487-cd31-0410-9ec3-f628ee90f5f0> | 2003-02-28 21:28:28 +0000 |
|---|---|---|
| committer | weidai <weidai@57ff6487-cd31-0410-9ec3-f628ee90f5f0> | 2003-02-28 21:28:28 +0000 |
| commit | bcaea22eaffef81d9795a8ade3797065e8ad4a10 (patch) | |
| tree | 874e6bccbe98492a4939f33aeefd46c3f890c75e | |
| parent | b49c924f81e6715a2b4f4542f59974a2fdb3f0a4 (diff) | |
| download | cryptopp-bcaea22eaffef81d9795a8ade3797065e8ad4a10.tar.gz | |
increase resistance against timing attacks
git-svn-id: svn://svn.code.sf.net/p/cryptopp/code/trunk/c5@33 57ff6487-cd31-0410-9ec3-f628ee90f5f0
| -rw-r--r-- | integer.cpp | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/integer.cpp b/integer.cpp index da019a7..35312f6 100644 --- a/integer.cpp +++ b/integer.cpp @@ -2146,11 +2146,11 @@ void MontgomeryReduce(word *R, word *T, const word *X, const word *M, const word { MultiplyBottom(R, T, X, U, N); MultiplyTop(T, T+N, X, R, M, N); - if (Subtract(R, X+N, T, N)) - { - word carry = Add(R, R, M, N); - assert(carry); - } + word borrow = Subtract(T, X+N, T, N); + // defend against timing attack by doing this Add even when not needed + word carry = Add(T+N, T, M, N); + assert(carry || !borrow); + CopyWords(R, T + (borrow ? N : 0), N); } // R[N] --- result = X/(2**(WORD_BITS*N/2)) mod M |