diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2023-07-26 17:15:26 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2023-07-26 17:15:26 +0000 |
| commit | 785da0ca16203156cf5f80ea75c8fe0fdcb0c10e (patch) | |
| tree | 8fb4ac076be9d572bf82babfe578ebd39cdd4827 /lib/libcrypto/ec | |
| parent | 3ef4e854c3c9cde679e38a92f587e46bdf8a88a9 (diff) | |
Tweak EC_GROUP_check_discriminant()
Make the logic and control flow a bit more explicit and use a single
extra variable for computing the discriminant. Call it discriminant,
not tmp, tmp_1 or tmp_2.
ok jsing
Diffstat (limited to 'lib/libcrypto/ec')
| -rw-r--r-- | lib/libcrypto/ec/ecp_smpl.c | 56 |
1 files changed, 28 insertions, 28 deletions
diff --git a/lib/libcrypto/ec/ecp_smpl.c b/lib/libcrypto/ec/ecp_smpl.c index f591fa02675..de1f9a3472a 100644 --- a/lib/libcrypto/ec/ecp_smpl.c +++ b/lib/libcrypto/ec/ecp_smpl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_smpl.c,v 1.54 2023/07/26 12:26:48 tb Exp $ */ +/* $OpenBSD: ecp_smpl.c,v 1.55 2023/07/26 17:15:25 tb Exp $ */ /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> * for the OpenSSL project. * Includes code written by Bodo Moeller for the OpenSSL project. @@ -222,7 +222,7 @@ ec_GFp_simple_group_get_degree(const EC_GROUP *group) int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) { - BIGNUM *p, *a, *b, *tmp_1, *tmp_2; + BIGNUM *p, *a, *b, *discriminant; int ret = 0; BN_CTX_start(ctx); @@ -233,41 +233,41 @@ ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) goto err; if ((b = BN_CTX_get(ctx)) == NULL) goto err; - if ((tmp_1 = BN_CTX_get(ctx)) == NULL) - goto err; - if ((tmp_2 = BN_CTX_get(ctx)) == NULL) + if ((discriminant = BN_CTX_get(ctx)) == NULL) goto err; if (!EC_GROUP_get_curve(group, p, a, b, ctx)) goto err; /* - * check the discriminant: y^2 = x^3 + a*x + b is an elliptic curve - * <=> 4*a^3 + 27*b^2 != 0 (mod p) 0 =< a, b < p + * Check that the discriminant 4a^3 + 27b^2 is non-zero modulo p. */ - if (BN_is_zero(a)) { - if (BN_is_zero(b)) - goto err; - } else if (!BN_is_zero(b)) { - if (!BN_mod_sqr(tmp_1, a, p, ctx)) - goto err; - if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) - goto err; - if (!BN_lshift(tmp_1, tmp_2, 2)) - goto err; - /* tmp_1 = 4*a^3 */ - if (!BN_mod_sqr(tmp_2, b, p, ctx)) - goto err; - if (!BN_mul_word(tmp_2, 27)) - goto err; - /* tmp_2 = 27*b^2 */ + if (BN_is_zero(a) && BN_is_zero(b)) + goto err; + if (BN_is_zero(a) || BN_is_zero(b)) + goto done; - if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) - goto err; - if (BN_is_zero(a)) - goto err; - } + /* Compute the discriminant: first 4a^3, then 27b^2, then their sum. */ + if (!BN_mod_sqr(discriminant, a, p, ctx)) + goto err; + if (!BN_mod_mul(discriminant, discriminant, a, p, ctx)) + goto err; + if (!BN_lshift(discriminant, discriminant, 2)) + goto err; + + if (!BN_mod_sqr(b, b, p, ctx)) + goto err; + if (!BN_mul_word(b, 27)) + goto err; + + if (!BN_mod_add(discriminant, discriminant, b, p, ctx)) + goto err; + + if (BN_is_zero(discriminant)) + goto err; + + done: ret = 1; err: |