Skip to content
Commit 25d14c6c authored by Andy Polyakov's avatar Andy Polyakov Committed by Matt Caswell
Browse files

crypto/bn/x86_64-mont5.pl: constant-time gather procedure.



At the same time remove miniscule bias in final subtraction.
Performance penalty varies from platform to platform, and even with
key length. For rsa2048 sign it was observed to be 4% for Sandy
Bridge and 7% on Broadwell.

CVE-2016-0702

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(cherry picked from master)
parent 08ea966c
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment