diff options
| author | Pauli <pauli@openssl.org> | 2022-01-27 15:05:48 +1100 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2022-01-31 11:46:20 +1100 |
| commit | 1f7c5c56c7365fefd9cff9bea4d3d27346ca44d1 (patch) | |
| tree | 94bb52e8a12b52bca229f0b5a240f496849f0ac4 | |
| parent | cb7e50ba3f250a9c9978a964e98a8c8940833595 (diff) | |
aes: make the no-asm constant time code path not the default
After OMC and OTC discussions, the 95% performance loss resulting from
the constant time code was deemed excessive for something outside of
our security policy.
The option to use the constant time code exists as it was in OpenSSL 1.1.1.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17600)
| -rw-r--r-- | CHANGES.md | 7 | ||||
| -rw-r--r-- | crypto/aes/aes_core.c | 2 |
2 files changed, 8 insertions, 1 deletions
diff --git a/CHANGES.md b/CHANGES.md index 50002e0af6..a7980daaeb 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,6 +30,13 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 3.0.1 and 3.0.2 [xx XXX xxxx] + * Made the AES constant time code for no-asm configurations + optional due to the resulting 95% performance degradation. + The AES constant time code can be enabled, for no assembly + builds, with: ./config no-asm -DOPENSSL_AES_CONST_TIME + + *Paul Dale* + * Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to use empty passphrase strings. diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index 7b9989fd47..d3eaab349f 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -50,7 +50,7 @@ #include <openssl/aes.h> #include "aes_local.h" -#if !defined(OPENSSL_NO_AES_CONST_TIME) && !defined(AES_ASM) +#if defined(OPENSSL_AES_CONST_TIME) && !defined(AES_ASM) # if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) # define U64(C) C##UI64 |