projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 08ea966) | patch
crypto/bn/x86_64-mont5.pl: constant-time gather procedure.
authorAndy Polyakov <appro@openssl.org>
Mon, 25 Jan 2016 22:41:01 +0000 (23:41 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 1 Mar 2016 11:21:29 +0000 (11:21 +0000)
commit25d14c6c29b53907bf614b9964d43cd98401a7fc
treee033d1f629d52eacbb8b2a44a33518dac6ed8af7tree | snapshot
parent08ea966c01a39e38ef89e8920d53085e4807a43acommit | diff
crypto/bn/x86_64-mont5.pl: constant-time gather procedure.

At the same time remove miniscule bias in final subtraction.
Performance penalty varies from platform to platform, and even with
key length. For rsa2048 sign it was observed to be 4% for Sandy
Bridge and 7% on Broadwell.

CVE-2016-0702

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from master)
crypto/bn/asm/x86_64-mont.pl diff | blob | history
crypto/bn/asm/x86_64-mont5.pl diff | blob | history
crypto/bn/bn_exp.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.