97ac45e2f7
RSA key generation currently does the GCD check before the primality test, in hopes of discarding things invalid by other means before running the expensive primality check. However, GCD is about to get a bit more expensive to clear the timing leak, and the trial division part of primality testing is quite fast. Thus, split that portion out via a new bn_is_obviously_composite and call it before GCD. Median of 29 RSA keygens: 0m0.252s -> 0m0.207s (Accuracy beyond 0.1s is questionable.) Bug: 238 Change-Id: I3999771fb73cca16797cab9332d14c4ebeb02046 Reviewed-on: https://boringssl-review.googlesource.com/26366 Reviewed-by: Adam Langley <alangley@gmail.com> |
||
|---|---|---|
| .. | ||
| blinding.c | ||
| internal.h | ||
| padding.c | ||
| rsa_impl.c | ||
| rsa.c | ||