On Wed, Oct 1, 2014 at 9:40 AM, Andy Polyakov via RT <r...@openssl.org> wrote: > If you can present > coherent argument and consensus is reached, then it would have to be > implemented universally, not only in aesni-x86_64 module.
So, hopefully my cross-posted message convinced you. To summarize the argument briefly: - Library users may be performing a mix of private cryptographic operations and operations controlled by untrusted code. - A large "API" may be exposed to the untrusted code. - It's easier to sanitize secrets from memory and registers when we know they contain secrets than it is to ensure that *no* other functions may leak register contents to untrusted code. - The cost is negligible. (And it's lower for us than library clients: They have no way of knowing what registers have been used, so they would need to do the equivalent of OPENSSL_wipe_cpu.) The reasons for targeting AES-NI first: I was working on another patch (not yet submitted) to that file. The reason for doing this one-file-at-a-time: A single huge patch would likely see little meaningful review (reviewing assembler is fairly tiring even at the scope of a single file). ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
