kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Adjust comment on potential R^3 optimization.

Browse Source 
It's doable, but a bit of effort due to the different radix.

Change-Id: Ibfa15c31bb37de930f155ee6d19551a2b6437073
Reviewed-on: https://boringssl-review.googlesource.com/25944
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
This commit is contained in:
David Benjamin 2018-02-13 15:43:46 -05:00 committed by CQ bot account: commit-bot@chromium.org
parent 862e0d2e1b
commit 10443f5a6e
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crypto/fipsmodule/rsa/rsa_impl.c
View File

@ -798,7 +798,10 @@ static int mod_montgomery(BIGNUM *r, const BIGNUM *I, const BIGNUM *p,
// By precomputing R^3 mod p (normally |BN_MONT_CTX| only uses R^2 mod p) and // By precomputing R^3 mod p (normally |BN_MONT_CTX| only uses R^2 mod p) and
// adjusting the API for |BN_mod_exp_mont_consttime|, we could instead compute // adjusting the API for |BN_mod_exp_mont_consttime|, we could instead compute
// I * R mod p here and save a reduction per prime. But this would require // I * R mod p here and save a reduction per prime. But this would require
// changing the RSAZ code and may not be worth it. // changing the RSAZ code and may not be worth it. Note that the RSAZ code
// uses a different radix, so it uses R' = 2^1044. There we'd actually want
// R^2 * R', and would futher benefit from a precomputed R'^2. It currently
// converts |mont_p->RR| to R'^2.
return 1; return 1;
} }