X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fbn%2Fbn_exp.c;h=cfbaf2b66fd10f0c6a9c0831eadc25b81543b953;hp=b17b5694fcb8ac102f62c1759be955bc533b97df;hb=ca48ace5c52feb0082954fff00a44e1914b9e7e9;hpb=0b4bb91db65697ab6d3a0fc05b140887cbce3080

diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index b17b5694fc..cfbaf2b66f 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -128,6 +128,14 @@
 # include <alloca.h>
 #endif
 
+#undef RSAZ_ENABLED
+#if defined(OPENSSL_BN_ASM_MONT) && \
+	(defined(__x86_64) || defined(__x86_64__) || \
+	 defined(_M_AMD64) || defined(_M_X64))
+# include "rsaz_exp.h"
+# define RSAZ_ENABLED
+#endif
+
 #undef SPARC_T4_MONT
 #if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc))
 # include "sparc_arch.h"
@@ -677,6 +685,35 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 		if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
 		}
 
+#ifdef RSAZ_ENABLED
+	/*
+	 * If the size of the operands allow it, perform the optimized
+	 * RSAZ exponentiation. For further information see
+	 * crypto/bn/rsaz_exp.c and accompanying assembly modules.
+	 */
+	if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)
+	    && rsaz_avx2_eligible())
+	    	{
+		if (NULL == bn_wexpand(rr, 16)) goto err;
+		RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d, mont->n0[0]);
+		rr->top = 16;
+		rr->neg = 0;
+		bn_correct_top(rr);
+		ret = 1;
+		goto err;
+		}
+	else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512))
+		{
+		if (NULL == bn_wexpand(rr,8)) goto err;
+		RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d);
+		rr->top = 8;
+		rr->neg = 0;
+		bn_correct_top(rr);
+		ret = 1;
+		goto err;
+		}
+#endif
+
 	/* Get the window size to use with size of p. */
 	window = BN_window_bits_for_ctime_exponent_size(bits);
 #if defined(SPARC_T4_MONT)