diff options
| author | Andy Polyakov <appro@openssl.org> | 2018-04-30 22:59:51 +0200 |
|---|---|---|
| committer | Andy Polyakov <appro@openssl.org> | 2018-05-02 21:55:21 +0200 |
| commit | 774ff8fed67e19d4f5f0df2f59050f2737abab2a (patch) | |
| tree | baadef3cf3ed74ba3068742c4dcac359868625e4 /crypto/bn/asm/armv4-mont.pl | |
| parent | apps/speed.c: merge parameters defining EC curves to test ... (diff) | |
| download | openssl-774ff8fed67e19d4f5f0df2f59050f2737abab2a.tar.xz openssl-774ff8fed67e19d4f5f0df2f59050f2737abab2a.zip | |
bn/asm/*-mont.pl: harmonize with BN_from_montgomery_word.
Montgomery multiplication post-conditions in some of code paths were
formally non-constant time. Cache access pattern was result-neutral,
but a little bit asymmetric, which might have produced a signal [if
processor reordered load and stores at run-time].
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6141)
Diffstat (limited to 'crypto/bn/asm/armv4-mont.pl')
| -rw-r--r-- | crypto/bn/asm/armv4-mont.pl | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl index 75a36f62fa..916913702f 100644 --- a/crypto/bn/asm/armv4-mont.pl +++ b/crypto/bn/asm/armv4-mont.pl @@ -262,14 +262,15 @@ bn_mul_mont: mov $tp,sp @ "rewind" $tp sub $rp,$rp,$aj @ "rewind" $rp - and $ap,$tp,$nhi - bic $np,$rp,$nhi - orr $ap,$ap,$np @ ap=borrow?tp:rp - -.Lcopy: ldr $tj,[$ap],#4 @ copy or in-place refresh +.Lcopy: ldr $tj,[$tp] @ conditional copy + ldr $aj,[$rp] str sp,[$tp],#4 @ zap tp - str $tj,[$rp],#4 - cmp $tp,$num +#ifdef __thumb2__ + it cc +#endif + movcc $aj,$tj + str $aj,[$rp],#4 + teq $tp,$num @ preserve carry bne .Lcopy mov sp,$num |