Implement fixed-window exponentiation to mitigate hyper-threading

timing attacks. BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for RSA/DSA/DH private key computations unless RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/ DH_FLAG_NO_EXP_CONSTTIME is set. Submitted by: Matthew D Wood Reviewed by: Bodo Moeller
author: Bodo Möller <bodo@openssl.org> 2005-05-16 01:43:31 +0000
committer: Bodo Möller <bodo@openssl.org> 2005-05-16 01:43:31 +0000
commit: 46a643763de6d8e39ecf6f76fa79b4d04885aa59 (patch)
tree: e1f3cfc98bddba797b5300977dbf3223f008fc4a /crypto/dh/dh.h
parent: 92c44685724c0d993ea8920577680f3c0a1d79c8 (diff)
download: openssl-46a643763de6d8e39ecf6f76fa79b4d04885aa59.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index da44778b58..d1559fd4f8 100644
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -73,7 +73,14 @@
 #include <openssl/bn.h>
 #endif
 	
-#define DH_FLAG_CACHE_MONT_P	0x01
+#define DH_FLAG_CACHE_MONT_P     0x01
+#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
+                                       * implementation now uses constant time
+                                       * modular exponentiation for secret exponents
+                                       * by default. This flag causes the
+                                       * faster variable sliding window method to
+                                       * be used for all exponents.
+                                       */
 
 #ifdef  __cplusplus
 extern "C" {
author	Bodo Möller <bodo@openssl.org>	2005-05-16 01:43:31 +0000
committer	Bodo Möller <bodo@openssl.org>	2005-05-16 01:43:31 +0000
commit	46a643763de6d8e39ecf6f76fa79b4d04885aa59 (patch)
tree	e1f3cfc98bddba797b5300977dbf3223f008fc4a /crypto/dh/dh.h
parent	92c44685724c0d993ea8920577680f3c0a1d79c8 (diff)
download	openssl-46a643763de6d8e39ecf6f76fa79b4d04885aa59.tar.gz