diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2024-11-21 14:36:04 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2024-11-21 14:36:04 +0000 |
| commit | 4ebe6fe8797a464862dc725e65479aee9c00fdca (patch) | |
| tree | 18903ea3ad02d3425221914837ef1cf9ba128d8e /lib | |
| parent | bc0ea56755b433cc317811dafdb1047e5b4bd503 (diff) | |
All the EC_POINT_* API has a fast path for the point at infinity. So we're
not gaining more than a few cycles by making this terrible mess even more
terrible than it already is by avoding calls ot it (it's also incorrect as
it is since we don't know that the point is no longer at infinity when it
is unset). Simplify and add a comment explaining what this mess is doing.
ok jsing
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libcrypto/ec/ec_mult.c | 45 |
1 files changed, 20 insertions, 25 deletions
diff --git a/lib/libcrypto/ec/ec_mult.c b/lib/libcrypto/ec/ec_mult.c index 9015a5a6498..e336cf0fac1 100644 --- a/lib/libcrypto/ec/ec_mult.c +++ b/lib/libcrypto/ec/ec_mult.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_mult.c,v 1.35 2024/11/16 15:32:08 tb Exp $ */ +/* $OpenBSD: ec_mult.c,v 1.36 2024/11/21 14:36:03 tb Exp $ */ /* * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. */ @@ -233,7 +233,6 @@ ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *m, size_t i, j; int k; int r_is_inverted = 0; - int r_is_at_infinity = 1; size_t *wsize = NULL; /* individual window sizes */ signed char **wNAF = NULL; /* individual wNAFs */ size_t *wNAF_len = NULL; @@ -356,13 +355,21 @@ ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *m, if (!EC_POINTs_make_affine(group, num_val, val, ctx)) goto err; - r_is_at_infinity = 1; + /* + * Set r to the neutral element. Scan through the wNAF representations + * of m and n, starting at the most significant digit. Double r and for + * each wNAF digit of m add the digit times the point, and for each + * wNAF digit of n add the digit times the generator, adjusting the + * signs as appropriate. + */ + + if (!EC_POINT_set_to_infinity(group, r)) + goto err; for (k = max_len - 1; k >= 0; k--) { - if (!r_is_at_infinity) { - if (!EC_POINT_dbl(group, r, r, ctx)) - goto err; - } + if (!EC_POINT_dbl(group, r, r, ctx)) + goto err; + for (i = 0; i < totalnum; i++) { if (wNAF_len[i] > (size_t) k) { int digit = wNAF[i][k]; @@ -375,34 +382,22 @@ ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *m, digit = -digit; if (is_neg != r_is_inverted) { - if (!r_is_at_infinity) { - if (!EC_POINT_invert(group, r, ctx)) - goto err; - } + if (!EC_POINT_invert(group, r, ctx)) + goto err; r_is_inverted = !r_is_inverted; } /* digit > 0 */ - if (r_is_at_infinity) { - if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) - goto err; - r_is_at_infinity = 0; - } else { - if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) - goto err; - } + if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) + goto err; } } } } - if (r_is_at_infinity) { - if (!EC_POINT_set_to_infinity(group, r)) + if (r_is_inverted) { + if (!EC_POINT_invert(group, r, ctx)) goto err; - } else { - if (r_is_inverted) - if (!EC_POINT_invert(group, r, ctx)) - goto err; } ret = 1; |