RFR: 8294248: Use less limbs for P256 in EC implementation [v4]
Xue-Lei Andrew Fan
xuelei at openjdk.org
Sat Dec 3 06:02:15 UTC 2022
On Wed, 30 Nov 2022 19:44:00 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
> > Please add a test that verifies that the worst case calculation still produces correct results. That is:
> >
> > * build a number where the limb values are as high as possible (2^(numLimbs*bitsPerLimb)-1, or something close)
> > * sum that number with itself until numAdds = maxAdds
> > * square the result
> > * compare the result with the same calculations on BigInteger
>
> It makes senses to me. I would like to have an improvement in FieldGen.java instead, so that no illegal params could be set. Let's see if I could make it before integration of this patch.
The FieldGen.java improvement is not a small patch. It's on my plan, but it may be not something right for JDK 20 as the deadline is approaching. I will see if it is possible for JDK 21. Close this PR for now. I will open it again if the FieldGen.java get improved. @djelinski Thank you for your time and extremely helpful feedback.
-------------
PR: https://git.openjdk.org/jdk/pull/10398
More information about the security-dev
mailing list