Sun Jul 19 15:33:08 2020 UTC ()
Expand on importance of not using fpu for crypto if there's no fpu.


(riastradh)
diff -r1.17 -r1.18 src/crypto/external/bsd/openssl/dist/crypto/ppccap.c

cvs diff -r1.17 -r1.18 src/crypto/external/bsd/openssl/dist/crypto/ppccap.c (expand / switch to context diff)
--- src/crypto/external/bsd/openssl/dist/crypto/ppccap.c 2020/07/15 08:14:41 1.17
+++ src/crypto/external/bsd/openssl/dist/crypto/ppccap.c 2020/07/19 15:33:08 1.18
@@ -374,8 +374,11 @@
     size_t len = sizeof(val);
 
     /*
-     * If machdep.fpu_present == 0, FPU is absent and emulated by software.
-     * Avoid using it for better performance.
+     * If machdep.fpu_present == 0, FPU is absent and emulated by
+     * software.  In that case, using FPU instructions hurts rather
+     * than helps performance, and the software is unlikely to run in
+     * constant time so it would expose us to timing side channel
+     * attacks.  So don't do it!
      */
     error = sysctlbyname("machdep.fpu_present", &val, &len, NULL, 0);
     if (error != 0 || (error == 0 && val != 0))