Use bn_mod_inverse_odd for RSA/inversion blinding.

The main RSA public modulus size of concern is 2048 bits. bn_mod_inverse_odd is already used for public moduli of 2048 bits and smaller on 64-bit platforms, so for 64-bit it is a no-op. For 32-bit x86, this seems to slightly decrease the speed of RSA signing, but not by a lot, and plus we don't care about RSA signing performance much on 32-bit platforms. It's better to have all platforms using the same algorithms. Change-Id: I869dbfc98994e36a04a535c1fe63b14a902a4f13 Reviewed-on: https://boringssl-review.googlesource.com/9102 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-08-02 15:04:03 -10:00 · 2016-08-02 15:04:03 -10:00 · 4cfdf41789
commit 4cfdf41789
parent f9bdcc1108
1 changed files with 1 additions and 1 deletions
--- a/crypto/bn/gcd.c
+++ b/crypto/bn/gcd.c
@ -670,7 +670,7 @@ int BN_mod_inverse_blinded(BIGNUM *out, int *out_no_inverse, const BIGNUM *a,

  if (!BN_rand_range_ex(&blinding_factor, 1, &mont->N) ||
      !BN_mod_mul_montgomery(out, &blinding_factor, a, mont, ctx) ||
-      !bn_mod_inverse_ex(out, out_no_inverse, out, &mont->N, ctx) ||
+      !bn_mod_inverse_odd(out, out_no_inverse, out, &mont->N, ctx) ||
      !BN_mod_mul_montgomery(out, &blinding_factor, out, mont, ctx)) {
    OPENSSL_PUT_ERROR(BN, ERR_R_BN_LIB);
    goto err;