Google Git
Sign in
boringssl/boringssl.git/d879e299366895d7d80d83cfbbe05bc6a09e2a27^!/.
commit
d879e299366895d7d80d83cfbbe05bc6a09e2a27
[log]
author
Brian Smith <brian@briansmith.org>
Tue Mar 22 17:30:42 2016 -1000
committer
David Benjamin <davidben@google.com>
Thu Mar 31 19:35:33 2016 +0000
tree
92c02ea98a698155c6748aaf8930fee58b2b8151
parent
bfefc27c2bb4af62e09569e36b018d60da98a680 [diff]
Further optimize Montgomery math in RSA blinding.

Change-Id: I830c6115ce2515a7b9d1dcb153c4cd8928fb978f
Reviewed-on: https://boringssl-review.googlesource.com/7591
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/crypto/rsa/blinding.c b/crypto/rsa/blinding.c
index db03d56..776839e 100644
--- a/crypto/rsa/blinding.c
+++ b/crypto/rsa/blinding.c

@@ -247,8 +247,15 @@
       return 0;
     }
 
+    /* |BN_from_montgomery| + |BN_mod_inverse_no_branch| is equivalent to, but
+     * more efficient than, |BN_mod_inverse_no_branch| + |BN_to_montgomery|. */
+    if (!BN_from_montgomery(b->Ai, b->A, mont, ctx)) {
+      OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
+      return 0;
+    }
+
     int no_inverse;
-    if (BN_mod_inverse_ex(b->Ai, &no_inverse, b->A, &mont_N_consttime, ctx) ==
+    if (BN_mod_inverse_ex(b->Ai, &no_inverse, b->Ai, &mont_N_consttime, ctx) ==
         NULL) {
       /* this should almost never happen for good RSA keys */
       if (no_inverse) {
@@ -271,8 +278,7 @@
     return 0;
   }
 
-  if (!BN_to_montgomery(b->A, b->A, mont, ctx) ||
-      !BN_to_montgomery(b->Ai, b->Ai, mont, ctx)) {
+  if (!BN_to_montgomery(b->A, b->A, mont, ctx)) {
     OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
     return 0;
   }