projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d6d422e) | patch
crypto/bn/x86_64-mont5.pl: constant-time gather procedure.
authorAndy Polyakov <appro@openssl.org>
Mon, 25 Jan 2016 22:41:01 +0000 (23:41 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 1 Mar 2016 13:34:22 +0000 (13:34 +0000)
commit8fc8f486f7fa098c9fbb6a6ae399e3c6856e0d87
treeb6f93d1b9d5e4b3f4bb27907783449a34ea967d8tree | snapshot
parentd6d422e1ec48fac1c6194ab672e320281a214a32commit | diff
crypto/bn/x86_64-mont5.pl: constant-time gather procedure.

At the same time remove miniscule bias in final subtraction.
Performance penalty varies from platform to platform, and even with
key length. For rsa2048 sign it was observed to be 4% for Sandy
Bridge and 7% on Broadwell.

CVE-2016-0702

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/bn/asm/x86_64-mont.pl diff | blob | history
crypto/bn/asm/x86_64-mont5.pl diff | blob | history
crypto/bn/bn_exp.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.