commit | 7ab49bf0af78e4b068822f8cd8b4f0fa6bbb4bc0 | [log] [tgz] |
---|---|---|
author | David Benjamin <davidben@google.com> | Tue Nov 15 16:32:26 2022 -0500 |
committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | Sun Nov 27 17:10:30 2022 +0000 |
tree | 5155cf1bb5b3c9273f97acbbfe9d5e57df36a0b6 | |
parent | a880d2ac8261adca474f8682c5fe4420717e8d08 [diff] |
Fix comments now BN_mod_exp_mont_consttime is not cache-line-sensitive BN_mod_exp_mont_consttime originally assumed accesses within a cache line were indistinguishable and indexed into a cache line with secret values. As a result, it required all of its tables, etc., to be cache-line-aligned. Nowadays, the standard constant time memory model is to assume the whole address leaks and not make these assumptions. In particular, CacheBleed (CVE-2016-0702) showed this assumption was false and which cache bank you accessed as leaked. OpenSSL's fix for the assembly (mont5 and rsaz) appears to match the standard constant-time model. However, its fix to the C code narrowed the assumption to cache banks, so the alignment was still necessary. After https://boringssl-review.googlesource.com/c/boringssl/+/33268, we dropped this and use the standard model. All together, it should mean we no longer make assumptions about cache lines. Update all the comments and variable names accordingly. Change-Id: I7bcb828eb2751a0167c3a3c8242b1b3971efc708 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55227 Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: David Benjamin <davidben@google.com>
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.
BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.
Project links:
There are other files in this directory which might be helpful: