SLFO-pool/openssl-3
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b7d0840dcc
openssl-3/openssl-Revert-Improve-FIPS-RSA-keygen-performance.patch

172 lines
6.3 KiB
Diff
Raw Blame History

Subject: [PATCH] Revert "Improve FIPS RSA keygen performance."
This reverts commit 3431dd4b3ee7933822586aab62972de4d8c0e9e5.
---
crypto/bn/bn_prime.c | 11 --------
crypto/bn/bn_rsa_fips186_4.c | 49 ++++++------------------------------
include/crypto/bn.h | 2 --
3 files changed, 8 insertions(+), 54 deletions(-)
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 79776f1ce5..ddd31a0252 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -252,17 +252,6 @@ int ossl_bn_check_prime(const BIGNUM *w, int checks, BN_CTX *ctx,
return bn_is_prime_int(w, checks, ctx, do_trial_division, cb);
}
-/*
- * Use this only for key generation.
- * It always uses trial division. The number of checks
- * (MR rounds) passed in is used without being clamped to a minimum value.
- */
-int ossl_bn_check_generated_prime(const BIGNUM *w, int checks, BN_CTX *ctx,
- BN_GENCB *cb)
-{
- return bn_is_prime_int(w, checks, ctx, 1, cb);
-}
-
int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb)
{
return ossl_bn_check_prime(p, 0, ctx, 1, cb);
diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c
index e9f0d4038c..8a7b2ecf2f 100644
--- a/crypto/bn/bn_rsa_fips186_4.c
+++ b/crypto/bn/bn_rsa_fips186_4.c
@@ -48,34 +48,6 @@ const BIGNUM ossl_bn_inv_sqrt_2 = {
BN_FLG_STATIC_DATA
};
-/*
- * Refer to FIPS 186-5 Table B.1 for minimum rounds of Miller Rabin
- * required for generation of RSA aux primes (p1, p2, q1 and q2).
- */
-static int bn_rsa_fips186_5_aux_prime_MR_rounds(int nbits)
-{
- if (nbits >= 4096)
- return 44;
- if (nbits >= 3072)
- return 41;
- if (nbits >= 2048)
- return 38;
- return 0; /* Error */
-}
-
-/*
- * Refer to FIPS 186-5 Table B.1 for minimum rounds of Miller Rabin
- * required for generation of RSA primes (p and q)
- */
-static int bn_rsa_fips186_5_prime_MR_rounds(int nbits)
-{
- if (nbits >= 3072)
- return 4;
- if (nbits >= 2048)
- return 5;
- return 0; /* Error */
-}
-
/*
* FIPS 186-5 Table A.1. "Min length of auxiliary primes p1, p2, q1, q2".
* (FIPS 186-5 has an entry for >= 4096 bits).
@@ -125,13 +97,11 @@ static int bn_rsa_fips186_5_aux_prime_max_sum_size_for_prob_primes(int nbits)
* Xp1 The passed in starting point to find a probably prime.
* p1 The returned probable prime (first odd integer >= Xp1)
* ctx A BN_CTX object.
- * rounds The number of Miller Rabin rounds
* cb An optional BIGNUM callback.
* Returns: 1 on success otherwise it returns 0.
*/
static int bn_rsa_fips186_4_find_aux_prob_prime(const BIGNUM *Xp1,
BIGNUM *p1, BN_CTX *ctx,
- int rounds,
BN_GENCB *cb)
{
int ret = 0;
@@ -147,7 +117,7 @@ static int bn_rsa_fips186_4_find_aux_prob_prime(const BIGNUM *Xp1,
i++;
BN_GENCB_call(cb, 0, i);
/* MR test with trial division */
- tmp = ossl_bn_check_generated_prime(p1, rounds, ctx, cb);
+ tmp = BN_check_prime(p1, ctx, cb);
if (tmp > 0)
break;
if (tmp < 0)
@@ -190,7 +160,7 @@ int ossl_bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout,
{
int ret = 0;
BIGNUM *p1i = NULL, *p2i = NULL, *Xp1i = NULL, *Xp2i = NULL;
- int bitlen, rounds;
+ int bitlen;
if (p == NULL || Xpout == NULL)
return 0;
@@ -207,7 +177,6 @@ int ossl_bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout,
bitlen = bn_rsa_fips186_5_aux_prime_min_size(nlen);
if (bitlen == 0)
goto err;
- rounds = bn_rsa_fips186_5_aux_prime_MR_rounds(nlen);
/* (Steps 4.1/5.1): Randomly generate Xp1 if it is not passed in */
if (Xp1 == NULL) {
@@ -225,8 +194,8 @@ int ossl_bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout,
}
/* (Steps 4.2/5.2) - find first auxiliary probable primes */
- if (!bn_rsa_fips186_4_find_aux_prob_prime(Xp1i, p1i, ctx, rounds, cb)
- || !bn_rsa_fips186_4_find_aux_prob_prime(Xp2i, p2i, ctx, rounds, cb))
+ if (!bn_rsa_fips186_4_find_aux_prob_prime(Xp1i, p1i, ctx, cb)
+ || !bn_rsa_fips186_4_find_aux_prob_prime(Xp2i, p2i, ctx, cb))
goto err;
/* (Table B.1) auxiliary prime Max length check */
if ((BN_num_bits(p1i) + BN_num_bits(p2i)) >=
@@ -274,11 +243,11 @@ err:
*/
int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
const BIGNUM *r1, const BIGNUM *r2,
- int nlen, const BIGNUM *e,
- BN_CTX *ctx, BN_GENCB *cb)
+ int nlen, const BIGNUM *e, BN_CTX *ctx,
+ BN_GENCB *cb)
{
int ret = 0;
- int i, imax, rounds;
+ int i, imax;
int bits = nlen >> 1;
BIGNUM *tmp, *R, *r1r2x2, *y1, *r1x2;
BIGNUM *base, *range;
@@ -348,7 +317,6 @@ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
* The number has been updated to 20 * nlen/2 as used in
* FIPS186-5 Appendix B.9 Step 9.
*/
- rounds = bn_rsa_fips186_5_prime_MR_rounds(nlen);
imax = 20 * bits; /* max = 20/2 * nbits */
for (;;) {
if (Xin == NULL) {
@@ -378,9 +346,8 @@ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
if (BN_copy(y1, Y) == NULL
|| !BN_sub_word(y1, 1))
goto err;
-
if (BN_are_coprime(y1, e, ctx)) {
- int rv = ossl_bn_check_generated_prime(Y, rounds, ctx, cb);
+ int rv = BN_check_prime(Y, ctx, cb);
if (rv > 0)
goto end;
diff --git a/include/crypto/bn.h b/include/crypto/bn.h
index 4d11e0e4b1..cf69bea848 100644
--- a/include/crypto/bn.h
+++ b/include/crypto/bn.h
@@ -95,8 +95,6 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
int ossl_bn_miller_rabin_is_prime(const BIGNUM *w, int iterations, BN_CTX *ctx,
BN_GENCB *cb, int enhanced, int *status);
-int ossl_bn_check_generated_prime(const BIGNUM *w, int checks, BN_CTX *ctx,
- BN_GENCB *cb);
const BIGNUM *ossl_bn_get0_small_factors(void);
--
2.44.0
Reference in New Issue View Git Blame Copy Permalink