<div dir="ltr">1. Please see <a href="https://boringssl.googlesource.com/boringssl/+/75b833cc819a9d189adb0fdd56327bee600ff9e9">https://boringssl.googlesource.com/boringssl/+/75b833cc819a9d189adb0fdd56327bee600ff9e9</a>.<div><br></div><div>I think it would be good for OpenSSL to work with Google to integrate this patch.</div><div><br></div><div>2. Is the `__chkstk` code that was added [1] to `bn_mul_mont` really necessary? I noticed that when BoringSSL integrated the patch to fix the constant-timedness issues in bn_mul_mont, it omitted the __chkstk stuff. Even after reading the code and the comments, it still isn't clear to me how/why it matters.</div><div><br></div><div>[1] <a href="https://github.com/openssl/openssl/commit/adc4f1fc25b2cac90076f1e1695b05b7aeeae501">https://github.com/openssl/openssl/commit/adc4f1fc25b2cac90076f1e1695b05b7aeeae501</a></div><div><br></div><div>Thanks,</div><div>Brian<br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><a href="https://briansmith.org/" target="_blank">https://briansmith.org/</a></div><div><br></div></div></div></div></div></div></div>
</div></div>