RFR: 8333583: Crypto-XDH.generateSecret regression after JDK-8329538 [v3]
Volodymyr Paprotski
duke at openjdk.org
Mon Jun 17 20:30:16 UTC 2024
On Mon, 17 Jun 2024 19:22:01 GMT, Vladimir Kozlov <kvn at openjdk.org> wrote:
> Looking on `MontgomeryIntegerPolynomialP256.java` the code in `multImpl() + reducePositive()` is similar to original `mult()` except new additional code at the end of `multImpl()`.
Yep, I split the original java mult() into multImpl() and reducePositive().
> Now you intrinsify only `multImpl()`. Looks like `reducePositive()`is not included into intrinsic and will be normally JIT compiled (hopeful inlined when JIT compiling `mult()`. Then what do you mean in above statement?
> Also you did not change assembler for intrinsic but you changed corresponding Java code (`multImpl()`). How it works?
The intrinsic used to return 1 (i.e. numAdds = 1), which would let the next operation decide if it needed to do the reduction or skip it. Now reducePositive() reduction always happens after the intrinsic (when it could had been skipped before).
-------------
PR Comment: https://git.openjdk.org/jdk/pull/19728#issuecomment-2174364189
More information about the security-dev
mailing list