On Thu, 9 Oct 2014, Christian Weisgerber wrote: > John-Mark Gurney: > > > I also have an implementation of ghash that does a 4 bit lookup table > > version with the table split between cache lines in p4 at: > > https://p4db.freebsd.org/fileViewer.cgi?FSPC=//depot/projects/opencrypto/sys/opencrypto/gfmult.c&REV=4 > > > > This also has a version with does 4 blocks at a time getting a > > further speed up... > > FWIW, I did a quick & dirty merge of this into the OpenBSD tree and > the speed of my test (net6501-50, tcpbench -u over esp aes-128-gmac) > almost doubled.
isn't this likely to make it more likely to be subject to timing attacks? -d
