Use bn_mod_inverse_odd for RSA/inversion blinding.

The main RSA public modulus size of concern is 2048 bits.
bn_mod_inverse_odd is already used for public moduli of 2048 bits and
smaller on 64-bit platforms, so for 64-bit it is a no-op. For 32-bit
x86, this seems to slightly decrease the speed of RSA signing, but not
by a lot, and plus we don't care about RSA signing performance much on
32-bit platforms. It's better to have all platforms using the same
algorithms.

Change-Id: I869dbfc98994e36a04a535c1fe63b14a902a4f13
Reviewed-on: https://boringssl-review.googlesource.com/9102
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
Brian Smith 2016-08-02 15:04:03 -10:00 committed by CQ bot account: commit-bot@chromium.org
parent f9bdcc1108
commit 4cfdf41789

View File

@ -670,7 +670,7 @@ int BN_mod_inverse_blinded(BIGNUM *out, int *out_no_inverse, const BIGNUM *a,
if (!BN_rand_range_ex(&blinding_factor, 1, &mont->N) || if (!BN_rand_range_ex(&blinding_factor, 1, &mont->N) ||
!BN_mod_mul_montgomery(out, &blinding_factor, a, mont, ctx) || !BN_mod_mul_montgomery(out, &blinding_factor, a, mont, ctx) ||
!bn_mod_inverse_ex(out, out_no_inverse, out, &mont->N, ctx) || !bn_mod_inverse_odd(out, out_no_inverse, out, &mont->N, ctx) ||
!BN_mod_mul_montgomery(out, &blinding_factor, out, mont, ctx)) { !BN_mod_mul_montgomery(out, &blinding_factor, out, mont, ctx)) {
OPENSSL_PUT_ERROR(BN, ERR_R_BN_LIB); OPENSSL_PUT_ERROR(BN, ERR_R_BN_LIB);
goto err; goto err;