diff options
Diffstat (limited to 'crypto/bn/bn_exp.c')
| -rw-r--r-- | crypto/bn/bn_exp.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 91d6b6b4bb..c7b62232f3 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -1419,12 +1419,20 @@ int BN_mod_exp_mont_consttime_x2(BIGNUM *rr1, const BIGNUM *a1, const BIGNUM *p1 BN_MONT_CTX *mont2 = NULL; if (ossl_rsaz_avx512ifma_eligible() && - ((a1->top == 16) && (p1->top == 16) && (BN_num_bits(m1) == 1024) && - (a2->top == 16) && (p2->top == 16) && (BN_num_bits(m2) == 1024))) { - - if (bn_wexpand(rr1, 16) == NULL) + (((a1->top == 16) && (p1->top == 16) && (BN_num_bits(m1) == 1024) && + (a2->top == 16) && (p2->top == 16) && (BN_num_bits(m2) == 1024)) || + ((a1->top == 24) && (p1->top == 24) && (BN_num_bits(m1) == 1536) && + (a2->top == 24) && (p2->top == 24) && (BN_num_bits(m2) == 1536)) || + ((a1->top == 32) && (p1->top == 32) && (BN_num_bits(m1) == 2048) && + (a2->top == 32) && (p2->top == 32) && (BN_num_bits(m2) == 2048)))) { + + int topn = a1->top; + /* Modulus bits of |m1| and |m2| are equal */ + int mod_bits = BN_num_bits(m1); + + if (bn_wexpand(rr1, topn) == NULL) goto err; - if (bn_wexpand(rr2, 16) == NULL) + if (bn_wexpand(rr2, topn) == NULL) goto err; /* Ensure that montgomery contexts are initialized */ @@ -1449,14 +1457,14 @@ int BN_mod_exp_mont_consttime_x2(BIGNUM *rr1, const BIGNUM *a1, const BIGNUM *p1 mont1->RR.d, mont1->n0[0], rr2->d, a2->d, p2->d, m2->d, mont2->RR.d, mont2->n0[0], - 1024 /* factor bit size */); + mod_bits); - rr1->top = 16; + rr1->top = topn; rr1->neg = 0; bn_correct_top(rr1); bn_check_top(rr1); - rr2->top = 16; + rr2->top = topn; rr2->neg = 0; bn_correct_top(rr2); bn_check_top(rr2); |