crypto/ec/curve25519.c: remove redundant fe[51]_cswap.

3 least significant bits of the input scalar are explicitly cleared, hence swap variable has fixed value [of zero] upon exit from the loop. Reviewed-by: N Rich Salz <rsalz@openssl.org> Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5408)

crypto/ec/curve25519.c: remove redundant fe[51]_cswap.
3 least significant bits of the input scalar are explicitly cleared, hence swap variable has fixed value [of zero] upon exit from the loop. Reviewed-by: N Rich Salz <rsalz@openssl.org> Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5408)
127d6cf7 · Andy Polyakov · 59bf467c · 127d6cf7
隐藏空白更改
内联并排

Showing with 0 addition and 4 deletion

crypto/ec/curve25519.c crypto/ec/curve25519.c +0 -4

未找到文件。
--- a/crypto/ec/curve25519.c
+++ b/crypto/ec/curve25519.c
@@ -471,8 +471,6 @@ static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
        fe51_mul(z3, x1, z2);
        fe51_mul(z2, tmp1, tmp0);
    }
-    fe51_cswap(x2, x3, swap);
-    fe51_cswap(z2, z3, swap);

    fe51_invert(z2, z2);
    fe51_mul(x2, x2, z2);
@@ -4050,8 +4048,6 @@ static void x25519_scalar_mult_generic(uint8_t out[32],
    fe_mul(z3, x1, z2);
    fe_mul(z2, tmp1, tmp0);
  }
-  fe_cswap(x2, x3, swap);
-  fe_cswap(z2, z3, swap);

  fe_invert(z2, z2);
  fe_mul(x2, x2, z2);