Adjust BN_mod_inverse algorithm selection according to experiments on

Ultra-Sparcs (both 32-bit and 64-bit compilations)

diff --git a/CHANGES b/CHANGES
index 2437b197eb4c9ef528ae7cf4b928d5d968407d2f..bdf42ab3467aa5fec157f1a8047379234b494247 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,9 +6,12 @@
 
   *) Implement binary inversion algorithm for BN_mod_inverse in addition
      to the algorithm using long divison.  The binary algorithm can be
-     used only if the modulus is odd.  It is faster only for relatively
-     small moduli (roughly 20% for 128-bit moduli, roughly 5% for 256-bit
-     moduli), so we use it only for moduli up to 400 bits.
+     used only if the modulus is odd.  On 32-bit systems, it is faster
+     only for relatively small moduli (roughly 20-30% for 128-bit moduli,
+     roughly 5-15% for 256-bit moduli), so we use it only for moduli
+     up to 450 bits.  In 64-bit environments, the binary algorithm
+     appears to be advantageous for much longer moduli; here we use it
+     for moduli up to 2048 bits.
      [Bodo Moeller]
 
   *) Change bctest again: '-x' expressions are not available in all

diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
index 7496dbc3bd83b753dd12f4e52854c5bf6c27668b..7649f63fd22ab2562d7cfe384fc39b5e379eeb2b 100644 (file)
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -244,11 +244,12 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
         *      sign*Y*a  ==  A   (mod |n|).
         */
 
-       if (BN_is_odd(n) && (BN_num_bits(n) <= 400))
+       if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048)))
                {
                /* Binary inversion algorithm; requires odd modulus.
                 * This is faster than the general algorithm if the modulus
-                * is sufficiently small. */
+                * is sufficiently small (about 400 .. 500 bits on 32-bit
+                * sytems, but much more on 64-bit systems) */
                int shift;
                
                while (!BN_is_zero(B))