[openssl-dev] Removing gcm128_context->H for non-1-bit builds
Brian Smith
brian at briansmith.org
Sat Jun 11 19:54:39 UTC 2016
Andy Polyakov <appro at openssl.org> wrote:
> In other words we *are* talking about super-custom code with very
> special needs. As already mentioned, it would be next to impossible to
> justify customization of OpenSSL to accommodate overly specific
> requirements. And given above description it shouldn't be actually
> needed, not even previously posted patch facilitating omission of H
> should be required. I mean given knowledge about cases when H is not
> used, you can omit it from your compressed state and leave it zeroed on
> stack, right? *Or* [given that memory is seemingly at premium] you can
> choose to preserve H in your private structure, omit Htable[!] and
> initialize the latter in on-stack structure on per-call basis, per call
> to *your* super-custom subroutine that is.
Yes. Or, one could even through away everything in the GCM context and
restart everything from the raw key, which would make it more like the
Poly1305 code.
> But in case you choose to omit H, here is "manifest".
Thanks! That is very helpful.
Cheers,
Brian
More information about the openssl-dev
mailing list