| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to speed up as much as possible the GHASH,
the current implementation expands the 16 byte hash key
(H) into a table of 64 KBytes. However, that is sensitive
to cache-based timing attacks.
If we assume that access to data inside the same cache line
is constant-time (likely), fitting a table item into a cache
line may help against the attacks.
This patch reduce the pre-computed table from 64K to 4K
and aligns every item to a 32 byte boundary (since most modern
CPUs have cache line of that size or larger).
This patch will reduce the overall performance.
This patch also reverts commit 965871a727 ("GCM mode:
Optimize key setup for GCM mode") since I actually
got conflicting benchmark results.
|
| |
|
|
|
|
|
|
| |
ek and dk are used as operands in instructions that require 16 byte alignment.
Thanks to Greg Price for finding this issue.
Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
|
| |
|
|
| |
Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
|
| | |
|
| |
|
|
|
| |
This should fix compilation on HP-UX 11.31. Thanks Adam Woodbeck for
reporting this.
|
| | |
|
| |
|
|
|
|
|
| |
Hopefully this means we'll break on fewer platforms.
Also, remove some of the extra optimization flags (e.g. -O3
-fomit-frame-pointer), which don't really do much.
|
| |
|
|
| |
them using args.
|
| | |
|
|
|
(libgmp 5 or later)
|
