From: Andy Polyakov <[email protected]> Date: Sat, 20 Oct 2012 11:33:08 +0200
>> Secondarily, since we can end up having to retry (deep window spill on >> 32-bit and register ECC errors on 32-bit and 64-bit) > > I'm thinking about letting be the check after *every* montsqr, issuing > multiple montsqr back to back and only then check for retry > condition. One can do it only for inputs shorter than specific > length. What do you think? This gets to the issue of outputs aliasing an input. One annoying aspect of all of this is that we need to use a temporary on-stack location for the result until we know we don't have to do a retry. Otherwise we might corrupt one of the inputs. Really, the thing to do is to put the whole RSA/DSA/etc. path into a specially written T4 code block. That way we won't have to deal with details such as the fact that the words in the openssl bignum layout are transposed to what the T4 engine wants in the registers, etc. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
