mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
c48c32807f
openssl/include
History
slontis dd1d7bcb69 Improve FIPS RSA keygen performance. 
FIPS 186-4 has 5 different algorithms for key generation,
and all of them rely on testing GCD(a,n) == 1 many times.

Cachegrind was showing that during a RSA keygen operation,
the function BN_gcd() was taking a considerable percentage
of the total cycles.

The default provider uses multiprime keygen, which seemed to
be much faster. This is because it uses BN_mod_inverse()
instead.

For a 4096 bit key, the entropy of a key that was taking a
long time to generate was recorded and fed back into subsequent
runs. Roughly 40% of the cycle time was BN_gcd() with most of the
remainder in the prime testing. Changing to use the inverse
resulted in the cycle count being 96% in the prime testing.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19578)
2022-11-21 11:17:59 +01:00
..
crypto Propagate selection all the way on key export 2022-11-15 12:04:12 +01:00
internal Ensure that SIZE_MAX is defined where OSSL_SSIZE_MAX is used. 2022-11-16 08:15:40 +01:00
openssl Improve FIPS RSA keygen performance. 2022-11-21 11:17:59 +01:00