[openssl/openssl] 1136c4: Improve FIPS RSA keygen performance.

Shane noreply at github.com
Mon Nov 21 10:22:57 UTC 2022


  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: 1136c4dc39150a89754827285787b0dd48562e0a
      https://github.com/openssl/openssl/commit/1136c4dc39150a89754827285787b0dd48562e0a
  Author: slontis <shane.lontis at oracle.com>
  Date:   2022-11-21 (Mon, 21 Nov 2022)

  Changed paths:
    M crypto/bn/bn_gcd.c
    M crypto/bn/bn_rsa_fips186_4.c
    M doc/man3/BN_cmp.pod
    M include/openssl/bn.h
    M test/bntest.c
    M util/libcrypto.num

  Log Message:
  -----------
  Improve FIPS RSA keygen performance.

FIPS 186-4 has 5 different algorithms for key generation,
and all of them rely on testing GCD(a,n) == 1 many times.

Cachegrind was showing that during a RSA keygen operation,
the function BN_gcd() was taking a considerable percentage
of the total cycles.

The default provider uses multiprime keygen, which seemed to
be much faster. This is because it uses BN_mod_inverse()
instead.

For a 4096 bit key, the entropy of a key that was taking a
long time to generate was recorded and fed back into subsequent
runs. Roughly 40% of the cycle time was BN_gcd() with most of the
remainder in the prime testing. Changing to use the inverse
resulted in the cycle count being 96% in the prime testing.

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19578)

(cherry picked from commit dd1d7bcb69994d81662e709b0ad838880b943870)




More information about the openssl-commits mailing list