RFR(L): 8069539: RSA acceleration

Florian Weimer fweimer at redhat.com
Mon Mar 23 13:59:46 UTC 2015

On 03/20/2015 11:45 PM, Viswanathan, Sandhya wrote:
> Hi Florian,
> My thoughts on this are as follows:
> BigInteger.squareToLen is a private method and not a public method. 
> The length calculation code in Java version of this method does not have the overflow check and the intrinsic follows the Java code. 
> private static final int[] squareToLen(int[] x, int len, int[] z) {
>         ...
>         int zlen = len << 1;
>         if (z == null || z.length < zlen)
>             z = new int[zlen];
>         ...
>   }

The difference is that the Java code will still perform the bounds
checks on each array access, I think, so even if zlen turns out negative
(and thus no reallocation happens), damage from out-of-bounds accesses
will be non-existent.

> Also the underlying array in BigInteger cannot be greater than MAX_MAG_LENGTH which is defined as:
> private static final int MAX_MAG_LENGTH = Integer.MAX_VALUE / Integer.SIZE + 1; // (1 << 26)
> So zlen calculation cannot overflow as int array x and its length len is coming from a BigInteger array.

Maybe can you add this as a comment to the intrinsic?  I think this
would be a useful addition, especially if at some point in the future,
someone else uses your code as a template to implement their own intrinsic.

> Similarly mulAdd is a package private method and its inputs are allocated or verified at call sites.

Same here.

Florian Weimer / Red Hat Product Security

More information about the hotspot-compiler-dev mailing list