diff options
author | Andy Polyakov <appro@openssl.org> | 2006-08-31 21:15:38 +0000 |
---|---|---|
committer | Andy Polyakov <appro@openssl.org> | 2006-08-31 21:15:38 +0000 |
commit | 2b8a5406f9e14379b1445ba48251967074f29978 (patch) | |
tree | 63c509809722da18e0f514a84d1155108daae3cd /crypto | |
parent | 2f35ae90fe6a7320c495a9f54ce0744f2a6928b7 (diff) |
Fix bug in aes-586.pl.
Diffstat (limited to 'crypto')
-rwxr-xr-x | crypto/aes/asm/aes-586.pl | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl index 4401cee9e3..7b75685025 100755 --- a/crypto/aes/asm/aes-586.pl +++ b/crypto/aes/asm/aes-586.pl @@ -120,7 +120,7 @@ # to process in one stroke. # # Timing attacks are classified in two classes: synchronous when -# attacker consciously initiates cryptographic operation and collect +# attacker consciously initiates cryptographic operation and collects # timing data of various character afterwards, and asynchronous when # malicious code is executed on same CPU simultaneously with AES, # instruments itself and performs statistical analysis of this data. @@ -144,7 +144,7 @@ # CBC, do masks the plain-text in this exact way [secure cipher output # is distributed uniformly]. Yes, one still might find input that # would reveal the information about given key, but if amount of -# candidate inputs to be tried is larger than amount possible key +# candidate inputs to be tried is larger than amount of possible key # combinations then attack becomes infeasible. This is why revised # AES_cbc_encrypt "dares" to switch to larger S-box when larger chunk # of data is to be processed in one stroke. The current size limit of @@ -2595,7 +2595,6 @@ my $mark=&DWP(76+240,"esp"); # copy of aes_key->rounds &mov ($acc,$_inp); # load inp &lea ($acc,&DWP(16,$acc)); # advance inp &mov ($_inp,$acc); # save inp - &mov ($_len,$s2); # save len &jnz (&label("slow_dec_loop_x86")); &mov ("esp",$_esp); &popf (); |