kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
40e4ecb793
boringssl/crypto/fipsmodule/rsa
History
David Benjamin 73df153be8 Make BN_generate_dsa_nonce internally constant-time. 
This rewrites the internals with a "words" variant that can avoid
bn_correct_top. It still ultimately calls bn_correct_top as the calling
convention is sadly still BIGNUM, but we can lift that calling
convention out incrementally.

Performance seems to be comparable, if not faster.

Before:
Did 85000 ECDSA P-256 signing operations in 5030401us (16897.3 ops/sec)
Did 34278 ECDSA P-256 verify operations in 5048029us (6790.4 ops/sec)

After:
Did 85000 ECDSA P-256 signing operations in 5021057us (16928.7 ops/sec)
Did 34086 ECDSA P-256 verify operations in 5010416us (6803.0 ops/sec)

Change-Id: I1159746dfcc00726dc3f28396076a354556e6e7d
Reviewed-on: https://boringssl-review.googlesource.com/23065
Reviewed-by: Adam Langley <agl@google.com>
2017-11-20 16:18:30 +00:00
..
blinding.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
internal.h Make BN_generate_dsa_nonce internally constant-time. 2017-11-20 16:18:30 +00:00
padding.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
rsa_impl.c Make BN_generate_dsa_nonce internally constant-time. 2017-11-20 16:18:30 +00:00
rsa.c Switch OPENSSL_VERSION_NUMBER to 1.1.0. 2017-09-29 04:51:27 +00:00