kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove r_is_inverted logic.

Browse Source 
This appears to be pointless. Before, we would have a 50% chance of
doing an inversion at each non-zero bit but the first
(r_is_at_infinity), plus a 50% chance of doing an inversion at the end.
Now we would have a 50% chance of doing an inversion at each non-zero
bit. That's the same number of coin flips.

Change-Id: I8158fd48601cb041188826d4f68ac1a31a6fbbbc
Reviewed-on: https://boringssl-review.googlesource.com/25146
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2018-01-20 09:36:51 -05:00 committed by CQ bot account: commit-bot@chromium.org
parent 2d77d4084a
commit 338eeb0c4f
1 changed files with 12 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
crypto/fipsmodule/ec/wnaf.c
View File

@ -232,8 +232,6 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r,
size_t total_num = 0; size_t total_num = 0;
size_t i, j; size_t i, j;
int k; int k;
int r_is_inverted = 0;
int r_is_at_infinity = 1;
int8_t **wNAF = NULL; // individual wNAFs int8_t **wNAF = NULL; // individual wNAFs
size_t *wNAF_len = NULL; size_t *wNAF_len = NULL;
size_t max_len = 0; size_t max_len = 0;
@ -377,7 +375,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r,
} }
#endif #endif
r_is_at_infinity = 1; int r_is_at_infinity = 1;
for (k = max_len - 1; k >= 0; k--) { for (k = max_len - 1; k >= 0; k--) {
if (!r_is_at_infinity && !EC_POINT_dbl(group, r, r, ctx)) { if (!r_is_at_infinity && !EC_POINT_dbl(group, r, r, ctx)) {
@ -387,31 +385,26 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r,
for (i = 0; i < total_num; i++) { for (i = 0; i < total_num; i++) {
if (wNAF_len[i] > (size_t)k) { if (wNAF_len[i] > (size_t)k) {
int digit = wNAF[i][k]; int digit = wNAF[i][k];
int is_neg;
if (digit) { if (digit) {
is_neg = digit < 0; const EC_POINT *tmp2;
if (digit < 0) {
if (is_neg) {
digit = -digit; digit = -digit;
} if (!EC_POINT_copy(tmp, val_sub[i][digit >> 1]) ||
!EC_POINT_invert(group, tmp, ctx)) {
if (is_neg != r_is_inverted) {
if (!r_is_at_infinity && !EC_POINT_invert(group, r, ctx)) {
goto err; goto err;
} }
r_is_inverted = !r_is_inverted; tmp2 = tmp;
} else {
tmp2 = val_sub[i][digit >> 1];
} }
// digit > 0
if (r_is_at_infinity) { if (r_is_at_infinity) {
if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) { if (!EC_POINT_copy(r, tmp2)) {
goto err; goto err;
} }
r_is_at_infinity = 0; r_is_at_infinity = 0;
} else { } else {
if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) { if (!EC_POINT_add(group, r, r, tmp2, ctx)) {
goto err; goto err;
} }
} }
@ -420,11 +413,8 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r,
} }
} }
if (r_is_at_infinity) { if (r_is_at_infinity &&
if (!EC_POINT_set_to_infinity(group, r)) { !EC_POINT_set_to_infinity(group, r)) {
goto err;
}
} else if (r_is_inverted && !EC_POINT_invert(group, r, ctx)) {
goto err; goto err;
} }