diff options
author | Bodo Möller <bodo@openssl.org> | 2005-05-16 01:43:31 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2005-05-16 01:43:31 +0000 |
commit | 46a643763de6d8e39ecf6f76fa79b4d04885aa59 (patch) | |
tree | e1f3cfc98bddba797b5300977dbf3223f008fc4a /crypto/dh/dh.h | |
parent | 92c44685724c0d993ea8920577680f3c0a1d79c8 (diff) | |
download | openssl-46a643763de6d8e39ecf6f76fa79b4d04885aa59.tar.gz |
Implement fixed-window exponentiation to mitigate hyper-threading
timing attacks.
BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
Diffstat (limited to 'crypto/dh/dh.h')
-rw-r--r-- | crypto/dh/dh.h | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index da44778b58..d1559fd4f8 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -73,7 +73,14 @@ #include <openssl/bn.h> #endif -#define DH_FLAG_CACHE_MONT_P 0x01 +#define DH_FLAG_CACHE_MONT_P 0x01 +#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ #ifdef __cplusplus extern "C" { |