Andy Polyakov <ap...@openssl.org> wrote:
>> 1. Please
>> see 
>> https://boringssl.googlesource.com/boringssl/+/75b833cc819a9d189adb0fdd56327bee600ff9e9.
>>
>> I think it would be good for OpenSSL to work with Google to integrate
>> this patch.
>
> Will be looked into...

Awesome! Besides the functions that Google changed, I think it is also
necessary to change the other implementations of `bn_mul_mont`
(including the C implementation) and also `BN_from_montgomery_word`.

>> 2. Is the `__chkstk` code that was added [1] to `bn_mul_mont` really
>> necessary?
>
> The SEGV that is mentioned in the commit message and commentary was
> actually observed and reported. Well, it's not called SEGV on Windows,
> but equivalent has same devastating effect, i.e. application crash. It
> takes super-long RSA key, longer than you'd normally use, so it's not
> something that a lot of users risk suffering from. But the problem is
> real nevertheless.

Thanks for clarifying this. I agree that it seems like a good thing to do.

This is a very large `alloca` happening in the asm code, which is
probably surprising for people reading the code. Maybe it would be a
good idea to move the alloca out into the calling function so that it
is clear that a *lot* of stack space is being used, potentially.

Cheers,
Brian
-- 
https://briansmith.org/
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to