From f01fb5dc0e9d2227a20fe33f7bf76c2160ecf9c9 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 25 Mar 2016 14:34:03 -1000 Subject: [PATCH] Avoid minor waste in |ec_GFp_nistp256_point_get_affine_coordinates|. Avoid calculating the affine Y coordinate when the caller didn't ask for it, as occurs, for example, in ECDH. For symmetry and clarity, avoid calculating the affine X coordinate in the hypothetical case where the caller only asked for the Y coordinate. Change-Id: I69f5993fa0dfac8b010c38e695b136cefc277fed Reviewed-on: https://boringssl-review.googlesource.com/7590 Reviewed-by: David Benjamin --- crypto/ec/p256-64.c | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/crypto/ec/p256-64.c b/crypto/ec/p256-64.c index 70c06084..84b65979 100644 --- a/crypto/ec/p256-64.c +++ b/crypto/ec/p256-64.c @@ -1561,22 +1561,29 @@ static int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, felem_inv(z2, z1); felem_square(tmp, z2); felem_reduce(z1, tmp); - felem_mul(tmp, x_in, z1); - felem_reduce(x_in, tmp); - felem_contract(x_out, x_in); - if (x != NULL && !smallfelem_to_BN(x, x_out)) { - OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); - return 0; + + if (x != NULL) { + felem_mul(tmp, x_in, z1); + felem_reduce(x_in, tmp); + felem_contract(x_out, x_in); + if (!smallfelem_to_BN(x, x_out)) { + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); + return 0; + } } - felem_mul(tmp, z1, z2); - felem_reduce(z1, tmp); - felem_mul(tmp, y_in, z1); - felem_reduce(y_in, tmp); - felem_contract(y_out, y_in); - if (y != NULL && !smallfelem_to_BN(y, y_out)) { - OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); - return 0; + + if (y != NULL) { + felem_mul(tmp, z1, z2); + felem_reduce(z1, tmp); + felem_mul(tmp, y_in, z1); + felem_reduce(y_in, tmp); + felem_contract(y_out, y_in); + if (!smallfelem_to_BN(y, y_out)) { + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); + return 0; + } } + return 1; }