)]}' { "commit": "48b1f45203f64e2c273736ef2deaef7bb0fa7095", "tree": "3dfe043d91d48b9c8f8f71221807ef5f727b8c48", "parents": [ "a71d28876b4afd400ba4bbd997b3db72bcd3405c" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Wed Mar 12 13:44:53 2025 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Sat Mar 15 09:52:07 2025 -0700" }, "message": "Decrease BN_MONTGOMERY_MAX_WORDS to 16384 bits\n\nI\u0027m not sure where I got the original value (I think it was when I was\ntrying to set a limit for all of BIGNUM) but 8 KiB is still a fairly\nlarge stack allocation. I also missed that some of the bn_mul_mont\nimplementations seem to alloca 2 * num words, so that\u0027s actually 16 KiB\nof stack used.\n\nWe only support up to 16384-bit RSA, so we only need BN_MONT_CTX to work\nwith that. Lower the limit accordingly. Ideally we\u0027d get down to 8192\n(see crbug.com/402677800).\n\nWhile we have to allow giant BIGNUMs for some non-cryptography callers,\nthis means that Montgomery reduction and all the cryptography code can\nassume one integer fits in 2 KiB (lowering the RSA limit could bring us\ndown to 1 KiB). I\u0027m hoping this is small enough that all our Montgomery\nmultiplication codepaths can just stack-allocate their temporaries. (We\nalready believe it\u0027s small enough for bn_mul_mont, just other codepaths\nstill allocate.) That should remove the main load-bearing use of BN_CTX.\n\nUpdate-Note: BN_MONT_CTX now only works for 16834-bit moduli or lower.\nThis has no impact on cryptographic primitives supported by BoringSSL,\nwhich were already capped at that size.\n\nBug: 42290433, 402677800\nChange-Id: Iaaf8ba34eabeb3b90f4219e0faa5b74c4b1de4b8\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/77507\nReviewed-by: Bob Beck \u003cbbe@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "958be9301254c7de6d9da8586bc0255c1165db80", "old_mode": 33188, "old_path": "crypto/dsa/dsa.cc", "new_id": "c9566b1d7660c74ef2ed959675318931b26710a9", "new_mode": 33188, "new_path": "crypto/dsa/dsa.cc" }, { "type": "modify", "old_id": "6ce2cc7f30197a150ff2ba5aadf9c5d9f8df4de9", "old_mode": 33188, "old_path": "crypto/fipsmodule/bn/internal.h", "new_id": "9e14fed68ced4b22d59ed638f3471f40a476917b", "new_mode": 33188, "new_path": "crypto/fipsmodule/bn/internal.h" }, { "type": "modify", "old_id": "19beb31f88798332c2175c4c83ad1910a2236210", "old_mode": 33188, "old_path": "crypto/fipsmodule/dh/check.cc.inc", "new_id": "c15b8588d7f46650f4b7f1b13aac4bae47f25978", "new_mode": 33188, "new_path": "crypto/fipsmodule/dh/check.cc.inc" }, { "type": "modify", "old_id": "79e2789c33e3439d8c7777a7ab45b6937c639d32", "old_mode": 33188, "old_path": "crypto/fipsmodule/rsa/rsa_impl.cc.inc", "new_id": "5aad8e9937649599fa17113ae16bc3075cd0a49d", "new_mode": 33188, "new_path": "crypto/fipsmodule/rsa/rsa_impl.cc.inc" }, { "type": "modify", "old_id": "f090927497f4c525693b67e272673de245fede64", "old_mode": 33188, "old_path": "include/openssl/rsa.h", "new_id": "21ef6c15465487daaf527d94bf4576fd20516027", "new_mode": 33188, "new_path": "include/openssl/rsa.h" } ] }