1 files changed, 39 insertions, 0 deletions
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h
index 253e195e23..a84998f2bd 100644
--- a/src/lib/libcrypto/bn/bn_lcl.h
+++ b/src/lib/libcrypto/bn/bn_lcl.h
@@ -177,6 +177,45 @@ struct bignum_ctx
+/* BN_mod_exp_mont_conttime is based on the assumption that the
+ * L1 data cache line width of the target processor is at least
+ * the following value.
+ */
+#define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH      ( 64 )
+#define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK       (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1)
+/* Window sizes optimized for fixed window size modular exponentiation
+ * algorithm (BN_mod_exp_mont_consttime).
+ *
+ * To achieve the security goals of BN_mode_exp_mont_consttime, the
+ * maximum size of the window must not exceed
+ * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH). 
+ *
+ * Window size thresholds are defined for cache line sizes of 32 and 64,
+ * cache line sizes where log_2(32)=5 and log_2(64)=6 respectively. A
+ * window size of 7 should only be used on processors that have a 128
+ * byte or greater cache line size.
+ */
+#if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64
+#  define BN_window_bits_for_ctime_exponent_size(b) \
+                ((b) > 937 ? 6 : \
+                 (b) > 306 ? 5 : \
+                 (b) >  89 ? 4 : \
+                 (b) >  22 ? 3 : 1)
+#  define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE    (6)
+#elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32
+#  define BN_window_bits_for_ctime_exponent_size(b) \
+                ((b) > 306 ? 5 : \
+                 (b) >  89 ? 4 : \
+                 (b) >  22 ? 3 : 1)
+#  define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE    (5)
+#endif
 /* Pentium pro 16,16,16,32,64 */
 /* Alpha       16,16,16,16.64 */
 #define BN_MULL_SIZE_NORMAL                     (16) /* 32 */

diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h index 253e195e23..a84998f2bd 100644 --- a/src/lib/libcrypto/bn/bn_lcl.h +++ b/src/lib/libcrypto/bn/bn_lcl.h
@@ -177,6 +177,45 @@ struct bignum_ctx
177		177
178		178
179		179
		180	/* BN_mod_exp_mont_conttime is based on the assumption that the
		181	* L1 data cache line width of the target processor is at least
		182	* the following value.
		183	*/
		184	#define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 )
		185	#define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1)
		186
		187	/* Window sizes optimized for fixed window size modular exponentiation
		188	* algorithm (BN_mod_exp_mont_consttime).
		189	*
		190	* To achieve the security goals of BN_mode_exp_mont_consttime, the
		191	* maximum size of the window must not exceed
		192	* log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH).
		193	*
		194	* Window size thresholds are defined for cache line sizes of 32 and 64,
		195	* cache line sizes where log_2(32)=5 and log_2(64)=6 respectively. A
		196	* window size of 7 should only be used on processors that have a 128
		197	* byte or greater cache line size.
		198	*/
		199	#if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64
		200
		201	# define BN_window_bits_for_ctime_exponent_size(b) \
		202	((b) > 937 ? 6 : \
		203	(b) > 306 ? 5 : \
		204	(b) > 89 ? 4 : \
		205	(b) > 22 ? 3 : 1)
		206	# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6)
		207
		208	#elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32
		209
		210	# define BN_window_bits_for_ctime_exponent_size(b) \
		211	((b) > 306 ? 5 : \
		212	(b) > 89 ? 4 : \
		213	(b) > 22 ? 3 : 1)
		214	# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5)
		215
		216	#endif
		217
		218
180	/* Pentium pro 16,16,16,32,64 */	219	/* Pentium pro 16,16,16,32,64 */
181	/* Alpha 16,16,16,16.64 */	220	/* Alpha 16,16,16,16.64 */
182	#define BN_MULL_SIZE_NORMAL (16) /* 32 */	221	#define BN_MULL_SIZE_NORMAL (16) /* 32 */