[gnutls-dev] bug in _gnutls_pkcs1_rsa_encrypt
Werner Koch
wk at gnupg.org
Thu Aug 19 09:22:23 CEST 2004
On Wed, 18 Aug 2004 13:58:49 -0700, Robey Pointer said:
> extra k/128 byte(s). The simplicity outweighs the very very small
> chance that you might avoid an extra loop iteration by obsessively
> checking for (and skipping) zeros in the replacement buffer.
The thing is that each call to the random function turns out to be a
real performance hog; asking for a few bytes more in one call is far
cheaper.
The loop does now read:
for(;;) {
int j, k;
byte *pp;
/* count the zero bytes */
for(j=k=0; j < i; j++ )
if( !p[j] )
k++;
if( !k )
break; /* okay: no zero bytes */
k += 3; /* better get some more */ /* <========= */
pp = get_random_bits( k*8, 1, 1);
for(j=0; j < i && k ; j++ )
if( !p[j] && pp[k-1] ) /* <========= */
p[j] = pp[--k];
m_free(pp);
}
Does this look better?
Werner
More information about the Gnutls-devel
mailing list