Andy Polyakov <ap...@openssl.org> wrote: > In other words we *are* talking about super-custom code with very > special needs. As already mentioned, it would be next to impossible to > justify customization of OpenSSL to accommodate overly specific > requirements. And given above description it shouldn't be actually > needed, not even previously posted patch facilitating omission of H > should be required. I mean given knowledge about cases when H is not > used, you can omit it from your compressed state and leave it zeroed on > stack, right? *Or* [given that memory is seemingly at premium] you can > choose to preserve H in your private structure, omit Htable[!] and > initialize the latter in on-stack structure on per-call basis, per call > to *your* super-custom subroutine that is.
Yes. Or, one could even through away everything in the GCM context and restart everything from the raw key, which would make it more like the Poly1305 code. > But in case you choose to omit H, here is "manifest". Thanks! That is very helpful. Cheers, Brian -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
