diff options
| author | slontis <shane.lontis@oracle.com> | 2022-11-02 03:01:34 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2022-11-21 11:17:59 +0100 |
| commit | dd1d7bcb69994d81662e709b0ad838880b943870 (patch) | |
| tree | f24c3ce03aa4d0bd374ce4cba03d0968cd886b9c /include | |
| parent | Design document for the QUIC-TLS integration (diff) | |
| download | openssl-dd1d7bcb69994d81662e709b0ad838880b943870.tar.xz openssl-dd1d7bcb69994d81662e709b0ad838880b943870.zip | |
Improve FIPS RSA keygen performance.
FIPS 186-4 has 5 different algorithms for key generation,
and all of them rely on testing GCD(a,n) == 1 many times.
Cachegrind was showing that during a RSA keygen operation,
the function BN_gcd() was taking a considerable percentage
of the total cycles.
The default provider uses multiprime keygen, which seemed to
be much faster. This is because it uses BN_mod_inverse()
instead.
For a 4096 bit key, the entropy of a key that was taking a
long time to generate was recorded and fed back into subsequent
runs. Roughly 40% of the cycle time was BN_gcd() with most of the
remainder in the prime testing. Changing to use the inverse
resulted in the cycle count being 96% in the prime testing.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19578)
Diffstat (limited to 'include')
| -rw-r--r-- | include/openssl/bn.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 333e201eae..ea706dca7f 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -350,6 +350,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns * -2 for * error */ +int BN_are_coprime(BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); BIGNUM *BN_mod_inverse(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); BIGNUM *BN_mod_sqrt(BIGNUM *ret, |