)]}' { "commit": "73df153be8ad53e46e234f79f81e8112cdaadcb1", "tree": "cbc1714650f60e847b84726c0f1d97199bdadb11", "parents": [ "b25140c7b649da3bffc580f21e79e7f14bc83bf3" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Thu Nov 09 09:31:03 2017 -0800" }, "committer": { "name": "Adam Langley", "email": "agl@google.com", "time": "Mon Nov 20 16:18:30 2017 +0000" }, "message": "Make BN_generate_dsa_nonce internally constant-time.\n\nThis rewrites the internals with a \"words\" variant that can avoid\nbn_correct_top. It still ultimately calls bn_correct_top as the calling\nconvention is sadly still BIGNUM, but we can lift that calling\nconvention out incrementally.\n\nPerformance seems to be comparable, if not faster.\n\nBefore:\nDid 85000 ECDSA P-256 signing operations in 5030401us (16897.3 ops/sec)\nDid 34278 ECDSA P-256 verify operations in 5048029us (6790.4 ops/sec)\n\nAfter:\nDid 85000 ECDSA P-256 signing operations in 5021057us (16928.7 ops/sec)\nDid 34086 ECDSA P-256 verify operations in 5010416us (6803.0 ops/sec)\n\nChange-Id: I1159746dfcc00726dc3f28396076a354556e6e7d\nReviewed-on: https://boringssl-review.googlesource.com/23065\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "975264e0a8285ad0f429ce113df253f0e69cff81", "old_mode": 33188, "old_path": "crypto/fipsmodule/bn/bn_test.cc", "new_id": "5725eaae5813bb29698d9274f5f31efa385563e6", "new_mode": 33188, "new_path": "crypto/fipsmodule/bn/bn_test.cc" }, { "type": "modify", "old_id": "78647073baa3f84a0aae8c4a9191d6f660dc4890", "old_mode": 33188, "old_path": "crypto/fipsmodule/bn/cmp.c", "new_id": "acc017ff6fbfc960d73e34410be5b6fee0d81f3f", "new_mode": 33188, "new_path": "crypto/fipsmodule/bn/cmp.c" }, { "type": "modify", "old_id": "acc0ac835df5546ccdc46d2e16851681784aba65", "old_mode": 33188, "old_path": "crypto/fipsmodule/bn/internal.h", "new_id": "57cf7554b05c9fcf7de60441b64e612de92cfd22", "new_mode": 33188, "new_path": "crypto/fipsmodule/bn/internal.h" }, { "type": "modify", "old_id": "2257da0234f79a535bd8b516e06599cb3f65a0bc", "old_mode": 33188, "old_path": "crypto/fipsmodule/bn/random.c", "new_id": "60d1bb023215edd02e4515d001e5717dbe8474c4", "new_mode": 33188, "new_path": "crypto/fipsmodule/bn/random.c" }, { "type": "modify", "old_id": "67f2cb9eb819d20b5ca0e23272d8d3d9a622ed28", "old_mode": 33188, "old_path": "crypto/fipsmodule/rsa/internal.h", "new_id": "0f0c763f57918c97d4a07d24195195ef62a7b565", "new_mode": 33188, "new_path": "crypto/fipsmodule/rsa/internal.h" }, { "type": "modify", "old_id": "adbb69f8863e92e0dd8c38496c56b2488b70ed20", "old_mode": 33188, "old_path": "crypto/fipsmodule/rsa/rsa_impl.c", "new_id": "fb27320e4d9c0d8f74f8f19ff1114b88e2e76309", "new_mode": 33188, "new_path": "crypto/fipsmodule/rsa/rsa_impl.c" }, { "type": "modify", "old_id": "23e8c67cf41481bbbd7334cb693fdf4497f08d54", "old_mode": 33188, "old_path": "crypto/rsa_extra/rsa_test.cc", "new_id": "97b32bfc80bf86794692d5709f8b71855ffbab52", "new_mode": 33188, "new_path": "crypto/rsa_extra/rsa_test.cc" } ] }