diff options
| author | Legrandin <helderijs@gmail.com> | 2014-03-23 18:46:55 +0100 |
|---|---|---|
| committer | Dwayne Litzenberger <dlitz@dlitz.net> | 2014-06-22 23:38:31 -0700 |
| commit | 947b554d85012cf35185ded38ef3484de010d2cf (patch) | |
| tree | 8f1d16cc5a980d59dd7fadb70c1886009219ce5a /configure.ac | |
| parent | 0782d68840d0ebf850516e606e398b8a5396eb64 (diff) | |
| download | pycrypto-947b554d85012cf35185ded38ef3484de010d2cf.tar.gz | |
Make GHASH more robust against timing attacks.
In order to speed up as much as possible the GHASH,
the current implementation expands the 16 byte hash key
(H) into a table of 64 KBytes. However, that is sensitive
to cache-based timing attacks.
If we assume that access to data inside the same cache line
is constant-time (likely), fitting a table item into a cache
line may help against the attacks.
This patch reduce the pre-computed table from 64K to 4K
and aligns every item to a 32 byte boundary (since most modern
CPUs have cache line of that size or larger).
This patch will reduce the overall performance.
This patch also reverts commit 965871a727 ("GCM mode:
Optimize key setup for GCM mode") since I actually
got conflicting benchmark results.
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 5f22d00..3bba18d 100644 --- a/configure.ac +++ b/configure.ac @@ -99,6 +99,7 @@ AC_TYPE_UINT16_T AC_TYPE_UINT32_T AC_TYPE_UINT64_T AC_TYPE_UINT8_T +AC_TYPE_UINTPTR_T # Checks for library functions. AC_FUNC_MALLOC |