Revision f1a552355dca37d96e685bba150659a9714e10bd authored by Matthias J. Kannwischer on 18 December 2023, 02:07:27 UTC, committed by Matthias J. Kannwischer on 18 December 2023, 02:07:27 UTC
This (partially) addresses

The function poly_tomsg from the reference implementation of Kyber
(which was copied into the M4-optimized implementations) would result
in a variable-time udiv instruction operating on secret data when compiled
with gcc using -Os. I tried a couple of versions from gcc 11 to gcc 13,
but did not see any difference.

This commit updates the m4-specific code to use the patch from
Note that the code in PQClean has not yet been updated and hence the
clean implementation within pqm4 is still vulnerable.
1 parent dc26f54
File Mode Size
libopencm3 @ 1f3abd4
mupq @ 4ba92e0
.gitignore -rw-r--r-- 107 bytes
.gitmodules -rw-r--r-- 168 bytes
Makefile -rw-r--r-- 357 bytes -rw-r--r-- 26.1 KB
benchmarks.csv -rw-r--r-- 20.8 KB -rw-r--r-- 31.8 KB -rwxr-xr-x 1.1 KB -rwxr-xr-x 341 bytes -rwxr-xr-x 417 bytes -rw-r--r-- 3.6 KB
requirements.txt -rw-r--r-- 19 bytes -rw-r--r-- 18.3 KB
st_nucleo_l4r5.cfg -rw-r--r-- 225 bytes -rwxr-xr-x 342 bytes -rwxr-xr-x 342 bytes

back to top