Use bn_mod_inverse_odd for RSA/inversion blinding.
The main RSA public modulus size of concern is 2048 bits. bn_mod_inverse_odd is already used for public moduli of 2048 bits and smaller on 64-bit platforms, so for 64-bit it is a no-op. For 32-bit x86, this seems to slightly decrease the speed of RSA signing, but not by a lot, and plus we don't care about RSA signing performance much on 32-bit platforms. It's better to have all platforms using the same algorithms. Change-Id: I869dbfc98994e36a04a535c1fe63b14a902a4f13 Reviewed-on: https://boringssl-review.googlesource.com/9102 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
parent
f9bdcc1108
commit
4cfdf41789
@ -670,7 +670,7 @@ int BN_mod_inverse_blinded(BIGNUM *out, int *out_no_inverse, const BIGNUM *a,
|
|||||||
|
|
||||||
if (!BN_rand_range_ex(&blinding_factor, 1, &mont->N) ||
|
if (!BN_rand_range_ex(&blinding_factor, 1, &mont->N) ||
|
||||||
!BN_mod_mul_montgomery(out, &blinding_factor, a, mont, ctx) ||
|
!BN_mod_mul_montgomery(out, &blinding_factor, a, mont, ctx) ||
|
||||||
!bn_mod_inverse_ex(out, out_no_inverse, out, &mont->N, ctx) ||
|
!bn_mod_inverse_odd(out, out_no_inverse, out, &mont->N, ctx) ||
|
||||||
!BN_mod_mul_montgomery(out, &blinding_factor, out, mont, ctx)) {
|
!BN_mod_mul_montgomery(out, &blinding_factor, out, mont, ctx)) {
|
||||||
OPENSSL_PUT_ERROR(BN, ERR_R_BN_LIB);
|
OPENSSL_PUT_ERROR(BN, ERR_R_BN_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
|
Loading…
Reference in New Issue
Block a user