1. 24 Oct, 2017 1 commit
  2. 23 Oct, 2017 1 commit
  3. 19 Oct, 2017 1 commit
  4. 13 Oct, 2017 1 commit
  5. 11 Oct, 2017 1 commit
    • Matt Caswell's avatar
      Ensure we test all parameters for BN_FLG_CONSTTIME · 86ccadf5
      Matt Caswell authored
      
      
      RSA_setup_blinding() calls BN_BLINDING_create_param() which later calls
      BN_mod_exp() as follows:
      
      BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)
      
      ret->mod will have BN_FLG_CONSTTIME set, but ret->e does not. In
      BN_mod_exp() we only test the third param for the existence of this flag.
      We should test all the inputs.
      
      Thanks to Samuel Weiser (samuel.weiser@iaik.tugraz.at) for reporting this
      issue.
      
      This typically only happens once at key load, so this is unlikely to be
      exploitable in any real scenario.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/4477)
      
      (cherry picked from commit e913d11f)
      86ccadf5
  6. 03 Oct, 2017 4 commits
  7. 02 Oct, 2017 1 commit
  8. 29 Sep, 2017 3 commits
  9. 27 Sep, 2017 2 commits
  10. 26 Sep, 2017 1 commit
  11. 19 Sep, 2017 1 commit
  12. 11 Sep, 2017 1 commit
  13. 07 Sep, 2017 1 commit
  14. 28 Aug, 2017 1 commit
  15. 25 Aug, 2017 1 commit
  16. 24 Aug, 2017 1 commit
  17. 23 Aug, 2017 2 commits
  18. 22 Aug, 2017 1 commit
  19. 18 Aug, 2017 3 commits
  20. 17 Aug, 2017 1 commit
  21. 15 Aug, 2017 1 commit
  22. 09 Aug, 2017 1 commit
  23. 07 Aug, 2017 2 commits
  24. 04 Aug, 2017 1 commit
  25. 31 Jul, 2017 1 commit
  26. 29 Jul, 2017 1 commit
  27. 28 Jul, 2017 1 commit
  28. 27 Jul, 2017 2 commits
  29. 25 Jul, 2017 1 commit
    • Andy Polyakov's avatar
      x86_64 assembly pack: "optimize" for Knights Landing. · 777cf0fb
      Andy Polyakov authored
      "Optimize" is in quotes because it's rather a "salvage operation"
      for now. Idea is to identify processor capability flags that
      drive Knights Landing to suboptimial code paths and mask them.
      Two flags were identified, XSAVE and ADCX/ADOX. Former affects
      choice of AES-NI code path specific for Silvermont (Knights Landing
      is of Silvermont "ancestry"). And 64-bit ADCX/ADOX instructions are
      effectively mishandled at decode time. In both cases we are looking
      at ~2x improvement.
      
      Hardware used for benchmarking courtesy of Atos, experiments run by
      Romain Dolbeau <romain.dolbeau@atos.net>. Kudos!
      
      This is minimalistic backpoint of 64d92d74
      
      
      
      Thanks to David Benjamin for spotting typo in Knights Landing detection!
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/4006)
      
      (cherry picked from commit 738a9dd5)
      777cf0fb