From: Andy Polyakov Date: Mon, 18 Sep 2006 19:13:15 +0000 (+0000) Subject: Improve 386 portability of aes-586.pl. X-Git-Tag: OpenSSL_0_9_8k^2~1141 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=3a8012cbf26a9de010672296f7ca3dc131395172;p=oweals%2Fopenssl.git Improve 386 portability of aes-586.pl. --- diff --git a/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl index 7b75685025..8b27e4c65c 100755 --- a/crypto/aes/asm/aes-586.pl +++ b/crypto/aes/asm/aes-586.pl @@ -117,8 +117,9 @@ # # Version 4.3 implements switch between compact and non-compact block # functions in AES_cbc_encrypt depending on how much data was asked -# to process in one stroke. +# to be processed in one stroke. # +###################################################################### # Timing attacks are classified in two classes: synchronous when # attacker consciously initiates cryptographic operation and collects # timing data of various character afterwards, and asynchronous when @@ -141,7 +142,7 @@ # timing. But note that *if* plain-text was concealed in such way that # input to block function is distributed *uniformly*, then attack # wouldn't apply. Now note that some encryption modes, most notably -# CBC, do masks the plain-text in this exact way [secure cipher output +# CBC, do mask the plain-text in this exact way [secure cipher output # is distributed uniformly]. Yes, one still might find input that # would reveal the information about given key, but if amount of # candidate inputs to be tried is larger than amount of possible key @@ -2459,7 +2460,7 @@ my $mark=&DWP(76+240,"esp"); # copy of aes_key->rounds &pushf (); # kludge, never executed &set_label("slow_enc_tail",16); - &emms (); + &emms () if (!$x86only); &mov ($key eq "edi"? $key:"",$s3); # load out to edi &mov ($s1,16); &sub ($s1,$s2);