]> Git Repo - secp256k1.git/commit
projects / secp256k1.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 34a67c7) | patch
Adds a declassify operation to aid constant-time analysis.
authorGregory Maxwell <[email protected]>
Sat, 11 Jan 2020 13:31:50 +0000 (13:31 +0000)
committerGregory Maxwell <[email protected]>
Thu, 20 Feb 2020 17:27:26 +0000 (17:27 +0000)
commit7b50483ad789081ba158799e5b94330f62932607
tree6a7d869823dd54972240730ea50275aac47495d3tree | snapshot
parent34a67c773b0871e5797c7ab506d004e80911f120commit | diff
Adds a declassify operation to aid constant-time analysis.

ECDSA signing has a retry loop for the exceptionally unlikely case
 that S==0.  S is not a secret at this point and this case is so
 rare that it will never be observed but branching on it will trip
 up tools analysing if the code is constant time with respect to
 secrets.

Derandomized ECDSA can also loop on k being zero or overflowing,
 and while k is a secret these cases are too rare (1:2^255) to
 ever observe and are also of no concern.

This adds a function for marking memory as no-longer-secret and
 sets it up for use with the valgrind memcheck constant-time
 test.
.travis.yml diff | blob | blame | history
Makefile.am diff | blob | blame | history
configure.ac diff | blob | blame | history
include/secp256k1.h diff | blob | blame | history
src/secp256k1.c diff | blob | blame | history
Empty description
This page took 0.024643 seconds and 4 git commands to generate.