kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
8d9ee7d1fe
boringssl/crypto/fipsmodule/bn
History
David Benjamin 97ac45e2f7 Change the order of GCD and trial division. 
RSA key generation currently does the GCD check before the primality
test, in hopes of discarding things invalid by other means before
running the expensive primality check.

However, GCD is about to get a bit more expensive to clear the timing
leak, and the trial division part of primality testing is quite fast.
Thus, split that portion out via a new bn_is_obviously_composite and
call it before GCD.

Median of 29 RSA keygens: 0m0.252s -> 0m0.207s
(Accuracy beyond 0.1s is questionable.)

Bug: 238
Change-Id: I3999771fb73cca16797cab9332d14c4ebeb02046
Reviewed-on: https://boringssl-review.googlesource.com/26366
Reviewed-by: Adam Langley <alangley@gmail.com>
2018-03-30 19:53:06 +00:00
..
asm Merge Intel copyright notice into standard 2018-02-12 21:44:27 +00:00
add.c Name constant-time functions more consistently. 2018-03-29 23:30:55 +00:00
bn_test_to_fuzzer.go Generate bn_div and bn_mod_exp corpus from bn_tests.txt. 2017-10-27 18:57:48 +00:00
bn_test.cc Don't leak |a| in the primality test. 2018-03-28 01:44:31 +00:00
bn_tests.txt Use a Barrett reduction variant for trial division. 2018-03-28 01:42:18 +00:00
bn.c Don't leak |a| in the primality test. 2018-03-28 01:44:31 +00:00
bytes.c Simplify BN_bn2bin_padded. 2018-02-06 02:41:38 +00:00
check_bn_tests.go Add some tests for BN_gcd. 2018-03-20 16:08:56 +00:00
cmp.c Make various BIGNUM comparisons constant-time. 2018-03-26 18:53:53 +00:00
ctx.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
div.c Name constant-time functions more consistently. 2018-03-29 23:30:55 +00:00
exponentiation.c Remove some easy bn_set_minimal_width calls. 2018-02-05 23:47:14 +00:00
gcd.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
generic.c Enable __asm__ and uint128_t code in clang-cl. 2017-12-11 22:46:26 +00:00
internal.h Change the order of GCD and trial division. 2018-03-30 19:53:06 +00:00
jacobi.c Rename bn->top to bn->width. 2018-02-05 23:44:24 +00:00
montgomery_inv.c Name constant-time functions more consistently. 2018-03-29 23:30:55 +00:00
montgomery.c Name constant-time functions more consistently. 2018-03-29 23:30:55 +00:00
mul.c Name constant-time functions more consistently. 2018-03-29 23:30:55 +00:00
prime.c Change the order of GCD and trial division. 2018-03-30 19:53:06 +00:00
random.c Blind the range check for finding a Rabin-Miller witness. 2018-03-29 22:02:24 +00:00
rsaz_exp.c Document RSAZ slightly better. 2018-02-15 18:14:04 +00:00
rsaz_exp.h clang-format RSAZ C code. 2018-02-13 22:30:03 +00:00
shift.c Don't leak |a| in the primality test. 2018-03-28 01:44:31 +00:00
sqrt.c Name constant-time functions more consistently. 2018-03-29 23:30:55 +00:00