Results & Findings of USENIX Security 2023 Paper:

CacheQL: Quantifying and Localizing Cache Side-Channel Vulnerabilities in Production Software

1. Distribution of Quantified Leaks

In this section, we present some quantification results of CacheQL, which depict how the leaked bits are distributed among most vulnerable functions in OpenSSL, MbedTLS, and Libgcrypt.

Distribution of top 10 vulnerable functions in OpenSSL (with blinding enabled).

Distribution of top 10 vulnerable functions in MbedTLS (with blinding enabled).

Distribution of top 10 vulnerable functions in Libgcrypt (with blinding enabled for 1.9.4 and RSA-CRT for 1.6.1).

2. Identified Vulnerabilities

We present the full list of localized vulnerable functions in this section.

Given the large number of vulnerable points, we only exclusively lists vulnerable case, that is, we do not list the cases where a function leaks secrets in its callees.

Vulnerable functions are categorized as the following types:

a. Leaking secrets in the Pre-processing stage.

b. Leaking secrets in the Decryption stage.

c. Leaking leading zeros.

d. Leaking secrets via explicit information flow.

e. Leaking secrets via implicit information flow.

OpenSSL 3.0.0

BN_bin2bn: a, c, d

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_lib.c#L446

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_lib.c#L449

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_lib.c#L465

bn_div_fixed_top: b, c, d

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_div.c#L306

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_div.c#L324

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_div.c#L339

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_div.c#L355

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_div.c#L375

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_div.c#L436

int_bn_mod_inverse: b, c, d, e

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_gcd.c#L294

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_gcd.c#L314

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_gcd.c#L331

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_gcd.c#L331

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_gcd.c#L331

BN_num_bits: b, c, d

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_lib.c#L193

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_lib.c#L196

bn_mul_fixed_top: b, c, d, e

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mul.c#L527

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mul.c#L546

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mul.c#L554

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mul.c#L565

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mul.c#L582

BN_set_word: b, c, d

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_lib.c#L423

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_lib.c#L427

BN_uadd: b, c, d

ahttps://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_add.c#L85

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_add.c#L109

BN_mod_exp_mont_consttime: b, c, d

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L622

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L742

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L745

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L823

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L825

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L864

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L928

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L930

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L936

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L992

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L993

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L1003

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L1066

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L1106

BN_mod_exp_mont: b, c, d, e

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L320

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L381

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L386

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L415

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L426

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L432

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L436

bn_expand2: a, b, c, d

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_lib.c#L304

bn_wexpand: a, b, c, d

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_lib.c#L1020

EVP_DecodeUpdate: a

leaking via lookup table conv_ascii2bin, which may have different names in different versions.

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/evp/encode.c#L332

EVP_DecodeBlock: a

leaking via lookup table conv_ascii2bin, which may have different names in different versions.

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/evp/encode.c#L461

BN_MONT_CTX_set_locked, BN_MONT_CTX_set:

incorrect constant-time implementation; also mentioned by DATA in its Appx. A

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mont.c#L451

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mont.c#L275

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mont.c#L379

ASN1_get_object: a

called by many ASN1 related functions (e.g., asn1_d2i_ex_primitive, asn1_item_embed_d2i, asn1_template_noexp_d2i, ASN1_item_d2i_ex)

similar results are also reported by DATA.

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/asn1/asn1_lib.c#L67

bn_c2i: a, c

calls BN_bin2bn

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/asn1/x_bignum.c#L123

bn_check_top: b

called by many BIGNUM related function.

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_local.h#L187

BN_secure_new calls BN_new which further calls bn_check_top.

bn_mul_mont_fixed_top: b, c, d

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mont.c#L45

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mont.c#L57

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mont.c#L66

bn_lshift_fixed_top: b, c, d

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_shift.c#L130

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_shift.c#L129

bn_rshift_fixed_top: b, c, d

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_shift.c#L204

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_shift.c#L209

bn_mul_normal: a, b, c, d, e

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mul.c#L626

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mul.c#L638

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mul.c#L639

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mul.c#L645

bn_from_montgomery_word: b, c, d

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mont.c#L97

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mont.c#L111

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mont.c#L113

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mont.c#L125

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mont.c#L130

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mont.c#L153

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mont.c#L154

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_mont.c#L155

BN_copy: a, b, c, d

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_lib.c#L344

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_lib.c#L349

BN_uadd: b, c, d

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_add.c#L85

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_add.c#L109

BN_add: b, c, d

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_add.c#L21

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_add.c#L26

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_add.c#L29

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_add.c#L32

BN_sub: b, c, d

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_add.c#L154

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_add.c#L162

BN_set_bit: b, c, d

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_lib.c#L693

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_lib.c#L694

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_lib.c#L696

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_lib.c#L702

bn_mul_add_words: b, c, d, e

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L23

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L28

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L29

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L30

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L31

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L37

bn_mul_words: b, c, d, e

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L52

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L57

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L58

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L59

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L60

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L67

bn_add_words: b, c, d, e

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L278

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L283

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L284

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L286

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L287

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L289

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L290

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L292

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L293

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L302

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L303

bn_sqr_words: b, c, d, e

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L78

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L83

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L84

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L85

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L86

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L93

bn_sub_words: b, c, d, e

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L378

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L383

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L384

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L385

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L386

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L388

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L389

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L390

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L391

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L393

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L394

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L395

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L396

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L398

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L399

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L400

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L401

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L410

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L411

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L412

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_asm.c#L413

MOD_EXP_CTIME_COPY_FROM_PREBUF: b, c, d

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L533

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L541

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L555

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_exp.c#L566

BN_is_bit_set: b, c, d

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_lib.c#L730

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_lib.c#L734

https://github.com/openssl/openssl/blob/openssl-3.0.0/crypto/bn/bn_lib.c#L736

bn_sqr8x_mont: b, c

assembly code; possibly induced by leading zeros in BIGNUM according to developers' responses.

bn_mulx4x_mont: b, c

assembly code; possibly induced by leading zeros in BIGNUM according to developers' responses.

bn_sqrx8x_internal: b, c

assembly code; possibly induced by leading zeros in BIGNUM according to developers' responses.

OpenSSL 0.9.7c

BN_div: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_div.c#L236

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_div.c#L237

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_div.c#L255

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_div.c#L263

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_div.c#L303

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_div.c#L337

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_div.c#L350

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_div.c#L351

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_div.c#L352

BN_mod_exp_mont: b, c, d, e

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_exp.c#L418

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_exp.c#L455

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_exp.c#L458

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_exp.c#L477

bn_sqr_recursive: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_sqr.c#L235

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_sqr.c#L237

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_sqr.c#L245

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_sqr.c#L268

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_sqr.c#L277

BN_mod_inverse: b, c, d, e

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_gcd.c#L279

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_gcd.c#L298

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_gcd.c#L315

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_gcd.c#L347

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_gcd.c#L352

BN_lshift: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L137

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L139

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L140

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L142

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L144

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L145

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L146

BN_rshift: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L188

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L189

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L193

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L194

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L197

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L198

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L200

BN_lshift1: b, c, d, e

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L68

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L81

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L83

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L84

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L87

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L85

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L89

BN_rshift1: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L105

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L114

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L116

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L117

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_shift.c#L118

BN_set_bit: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L723

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L726

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L727

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L731

BN_from_montgomery: b, c, d, e

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mont.c#L134

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mont.c#L135

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mont.c#L153

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mont.c#L156

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mont.c#L162

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mont.c#L166

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mont.c#L170

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mont.c#L171

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mont.c#L172

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mont.c#L185

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mont.c#L191 (r->top ==> for (; ; ) ==> all memory access within this for loop are secret dependent)

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mont.c#L205

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mont.c#L206

BN_mul: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mul.c#L683

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mul.c#L692

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mul.c#L704

bn_mul_recursive: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mul.c#L111

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mul.c#L147

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mul.c#L157

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mul.c#L169

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mul.c#L200

BN_sqr: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_sqr.c#L124

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_sqr.c#L143

BN_nnmod: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mod.c#L137

bn_mul_normal:

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mul.c#L768

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mul.c#L769

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mul.c#L770

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mul.c#L771

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mul.c#L772

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mul.c#L773

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mul.c#L774

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mul.c#L775

BN_sub: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_add.c#L274

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_add.c#L286

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_add.c#L295

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_add.c#L297

BN_num_bits: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L253

BN_num_bits_word: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L186

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L188

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L194

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L196

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L208

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L210

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L216

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L218

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L229

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L230

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L237

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L240

bn_mul_comba8 (leaks secret in mul_acc_c, which is inlined): b, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L498

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L499

BN_add: b, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_add.c#L77

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_add.c#L85

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_add.c#L99

bn_expand_internal: a, b, d, e

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L339

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L351

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L352

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L354

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L370

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L372

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L373

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L375

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L376

BN_mod_mul_montgomery: b, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_mont.c#L83

BN_uadd: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_add.c#L117

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_add.c#L139

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_add.c#L141

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_add.c#L144

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_add.c#L145

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_add.c#L151

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_add.c#L153

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_add.c#L157

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_add.c#L160

bn_expand2: a, b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L444

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L450

asn1_check_tlen: a

variable i is propagated by input string.

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/asn1/tasn_dec.c#L934

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/asn1/tasn_dec.c#L953

BN_MONT_CTX_set, ASN1 related, EVP related, BN_new related, bn_check_top are similar with OpenSSL 3.0.0

BN_usub: b, c, d

similar to BN_uadd

BN_bin2bn: a, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L623

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L626

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L628

BN_set_word: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L584

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L585

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L597

BN_copy: a, b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L492

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L498

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L511

bn_sqr_comba8 (bn_sqr_normal inlined): b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_sqr.c#L161

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_sqr.c#L165

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_sqr.c#L168

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_sqr.c#L172

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_sqr.c#L176

bn_mul_words: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L103

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L105

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L106

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L107

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L108

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L111

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L113

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L114

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L115

BN_sub_word: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L395

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L396

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L397

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L398

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L400

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L401

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L402

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L403

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L405

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L406

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L407

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L408

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L410

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L411

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L412

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L413

BN_ucmp: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L663

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L666

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L668

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L669

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L670

bn_add_words: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L308

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L309

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L311

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L313

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L314

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L316

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L318

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L319

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L321

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L323

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L324

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L326

BN_is_bit_set: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L755

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L756

bn_mul_add_words: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L78

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L80

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L81

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L82

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L83

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L86

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L88

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L89

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_asm.c#L90

bn_cmp_words: b, c, d

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L784

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L785

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L787

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L788

https://github.com/openssl/openssl/blob/OpenSSL_0_9_7c/crypto/bn/bn_lib.c#L789

MbedTLS 3.0.0

mbedtls_mpi_copy: a, b, c, d

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L224

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L226

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L234

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L235

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L241

mbedtls_mpi_read_binary: a, c, d

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L989

mbedtls_rsa_complete: a, c, d

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/rsa.c#L254

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/rsa.c#L255

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/rsa.c#L256

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/rsa.c#L257

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/rsa.c#L258

pk_parse_key_pkcs1_der: a, c, d

leaks secrets in asn1_get_nonzero_mpi, mbedtls_rsa_import, mbedtls_mpi_copy

mbedtls_base64_decode: a, c, d

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/base64.c

mbedtls_mpi_cmp_int: a, b, c, d

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1359

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1360

mbedtls_mpi_div_mpi: b, c, d

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1952

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1954

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1959

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1961

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1962

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1965

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1969

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1970

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1973

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1976

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1979

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1980

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1983

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1985

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1986

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1989

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1994

mbedtls_mpi_exp_mod: b, c, d

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2336

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2414

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2415

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2420

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2422

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2423

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2479

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2497

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2503

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2504

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2512

mbedtls_mpi_sub_abs: b, c, d

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1472

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1473

mpi_montmul: b, c, d

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2176

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2178

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2183

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2184

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2189

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2202

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2203

mbedtls_mpi_safe_cond_assign: b, c, d

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L367

mbedtls_mpi_get_bit: b, d

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L456

mbedtls_mpi_shift_l: b, d

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1102

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1110

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1112

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1113

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1115

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1116

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1122

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1124

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1126

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1127

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1128

mbedtls_mpi_shift_r: b, d

similar to mbedtls_mpi_shift_l

mbedtls_mpi_sub_mpi: b, d

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1561

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1563

mbedtls_mpi_mul_int: b, d

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1771

mbedtls_mpi_mod_mpi: b, d

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2057

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L2060

mbedtls_mpi_cmp_mpi: b, d

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1223

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1224

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1227

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1228

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1240

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1242

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1243

mpi_mul_hlp: b, c, d

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1653

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1660

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1667

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1682

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1693

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1703

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1705

mpi_sub_hlp: b, c, d

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1451

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1453

https://github.com/ARMmbed/mbedtls/blob/v3.0.0/library/bignum.c#L1454

MbedTLS 2.15.0

The implementation of MbedTLS 3.0.0 does not change too much compared with 2.15.0. Their vulnerabilities are very similar.

mbedtls_mpi_div_mpi

mpi_montmul

mbedtls_mpi_exp_mod

mbedtls_mpi_mul_mpi

mbedtls_mpi_shift_r

mbedtls_mpi_shift_l

mbedtls_mpi_read_binary

mbedtls_mpi_sub_abs

mbedtls_mpi_copy

mbedtls_mpi_sub_mpi

mbedtls_mpi_mod_mpi

mbedtls_mpi_cmp_mpi

mbedtls_mpi_cmp_int

mbedtls_mpi_sub_int

mbedtls_mpi_inv_mod

mbedtls_mpi_add_abs

mbedtls_mpi_add_mpi

Libgcrypt 1.9.4

_gcry_mpi_powm: b, c, d

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-pow.c#L491

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-pow.c#L567

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-pow.c#L569

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-pow.c#L575

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-pow.c#L576

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-pow.c#L577

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-pow.c#L610

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-pow.c#L617

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-pow.c#L620

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-pow.c#L641

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-pow.c#L645

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-pow.c#L667

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-pow.c#L675

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-pow.c#L679

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-pow.c#L682

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-pow.c#L702

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-pow.c#L721

mul_n: b, c, d

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L136

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L138

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L170

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L178

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L214

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L219

_gcry_mpih_mul: b, c, d, e

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L493

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L494

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L503

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L508

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L509

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L510

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L512

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L518

do_vsexp_sscan: a, d

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/src/sexp.c#L1311

_gcry_mpih_mul_karatsuba_case: b, c, d

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L400

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L418

_gcry_sexp_find_token: a, d

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/src/sexp.c#L456

_gcry_mpih_divrem: b, c, d

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L213

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L225

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L233

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L234

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L237

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L238

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L256

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L261

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L270

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L279

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L282

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L292

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L297

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L301

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L315

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L316

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L317

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L319

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L320

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L322

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L327

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L332

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L334

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L337

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L342

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L350

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L353

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L356

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L368

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L373

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-div.c#L374

_gcry_mpi_set_cond: b, c, d

(similar to _gcry_mpi_swap_cond and _gcry_mpi_abs_cond)

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpiutil.c#L532

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpiutil.c#L534

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpiutil.c#L535

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpiutil.c#L536

mul_n_basecase: b, c, d

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L83

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L84

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L93

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L98

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L99

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L100

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L102

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpih-mul.c#L108

_gcry_sexp_nth_string: a, d

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/src/sexp.c#L720

_gcry_mpih_cmp: b, c, d

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-inline.h#L145

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-inline.h#L146

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-inline.h#L147

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-inline.h#L148

https://github.com/gpg/libgcrypt/blob/LIBGCRYPT-1.9-BRANCH/mpi/mpi-inline.h#L157

_gcry_mpih_add_n: b, c, d

_gcry_mpih_sub_n: b, c ,d

Libgcrypt 1.6.1

Results of Libgcrypt 1.6.1 are similar to Libgcrypt 1.9.4

Libjpeg 2.1.2

jsimd_idct_islow_avx2: SDA, SCB

jpeg_fill_bit_buffer: SDA, SCB

jsimd_ycc_extbgrx_convert_avx2: SDA

jsimd_idct_islow: SDA, SCB

decode_mcu: SDA, SCB

jpeg_huff_decode: SDA, SCB

jsimd_h2v2_fancy_upsample_avx2: SDA

Consistent with our paper, SDA and SCB denote secret-dependent data access and control branch, respectively.

Google Sites

Report abuse