Add more value barriers to avoid compiler induced side channels #4395
Commits on Oct 20, 2024
-
Add more value barriers to avoid compiler induced side channels
The paper https://arxiv.org/pdf/2410.13489 claims that on specific architectures Clang and GCC may introduce jumps here. The donna128 issues only affect 32-bit processors, which explains why we would not see it in the x86-64 valgrind runs. The GHASH leak would seem to be generic but the authors only observed it on RISC-V.
-
Add CT::value_barrier to donna conditional swap logic
No indications that Clang is currently converting this to conditional jumps, but this construct seems prone to such problems.
-
Avoid another problematic construct in GHASH
There has been no indication that any compiler is converting this code to assembly that uses conditional jumps, but it has the style of code that would be vulnerable to Clang's range analysis optimizations.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.