EC_set_half and the 'h' component of struct bn_ec_struct are unnecessary.

The computations for which h was used can be done more efficiently by using BN_rshift1.

EC_set_half and the 'h' component of struct bn_ec_struct are unnecessary.
The computations for which h was used can be done more efficiently by using BN_rshift1.
786e0c24 · Bodo Möller · 794103d2 · 786e0c24 · 786e0c24 · 786e0c24
隐藏空白更改
内联并排

Showing with 20 addition and 41 deletion

crypto/ec/ec.c crypto/ec/ec.c +3 -24

crypto/ec/ec.h crypto/ec/ec.h +1 -2

crypto/ec/ec_point.c crypto/ec/ec_point.c +16 -15

未找到文件。
--- a/crypto/ec/ec.c
+++ b/crypto/ec/ec.c
@@ -27,15 +27,13 @@ EC *EC_new()
 	ret->A = BN_new();
 	ret->B = BN_new();
 	ret->p = BN_new();
-	ret->h = BN_new();
 	ret->is_in_mont = 0;
-	if (ret->A == NULL || ret->B == NULL || ret->p == NULL || ret->h == NULL)
+	if (ret->A == NULL || ret->B == NULL || ret->p == NULL)
 	{
 		if (ret->A != NULL) BN_free(ret->A);
 		if (ret->B != NULL) BN_free(ret->B);
 		if (ret->p != NULL) BN_free(ret->p);
-		if (ret->h != NULL) BN_free(ret->h);
 		free(ret);
 		return(NULL);
 	}
@@ -50,7 +48,6 @@ void EC_clear_free(EC *E)
 	if (E->A != NULL) BN_clear_free(E->A);
 	if (E->B != NULL) BN_clear_free(E->B);
 	if (E->p != NULL) BN_clear_free(E->p);
-	if (E->h != NULL) BN_clear_free(E->h);
 	E->is_in_mont = 0;
 	free(E);
 }
@@ -60,7 +57,7 @@ void EC_clear_free(EC *E)
 int EC_to_montgomery(EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx)
 {
 	assert(E != NULL);
-	assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
+	assert(E->A != NULL && E->B != NULL && E->p != NULL);
 	assert(mont != NULL);
 	assert(mont->p != NULL);
@@ -75,9 +72,6 @@ int EC_to_montgomery(EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx)
 	if (!BN_lshift(E->B, E->B, mont->R_num_bits)) return 0;
 	if (!BN_mod(E->B, E->B, mont->p, ctx)) return 0;
-	if (!BN_lshift(E->h, E->h, mont->R_num_bits)) return 0;
-	if (!BN_mod(E->h, E->h, mont->p, ctx)) return 0;
 	E->is_in_mont = 1;
 	return 1;
@@ -87,7 +81,7 @@ int EC_to_montgomery(EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx)
 int EC_from_montgomery(EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx)
 {
 	assert(E != NULL);
-	assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
+	assert(E->A != NULL && E->B != NULL && E->p != NULL);
 	assert(mont != NULL);
 	assert(mont->p != NULL);
@@ -98,23 +92,8 @@ int EC_from_montgomery(EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx)
 	if (!BN_mont_red(E->A, mont)) return 0;
 	if (!BN_mont_red(E->B, mont)) return 0;
-	if (!BN_mont_red(E->h, mont)) return 0;
 	E->is_in_mont = 0;
 	return 1;
 }
 #endif /* MONTGOMERY */
-int EC_set_half(EC *E)
-/* h <- 1/2 mod p = (p + 1)/2 */
-{
-	assert(E != NULL);
-	assert(E->p != NULL);
-	assert(E->h != NULL);
-	assert(!E->is_in_mont);
-	if (BN_copy(E->h, E->p) == NULL) return 0; 
-	if (!BN_add_word(E->h, 1)) return 0;
-	if (!BN_rshift1(E->h, E->h)) return 0; 
-	return 1;
-}
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
@@ -19,7 +19,7 @@
 typedef struct bn_ec_struct		/* E: y^2 = x^3 + Ax + B  (mod p) */
 {
-	BIGNUM	*A, *B, *p, *h;		/* h = 1/2 mod p = (p + 1)/2 */
+	BIGNUM	*A, *B, *p;
 	int is_in_mont;
 } EC;
@@ -44,7 +44,6 @@ typedef struct bn_ecp_precompute_struct /* Pi[i] = [2i + 1]P	i = 0..2^{r-1} - 1
 EC *EC_new();
 void EC_clear_free(EC *E);
-int EC_set_half(EC *E);
 #ifdef MONTGOMERY
 int EC_to_montgomery(EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx);
 int EC_from_montgomery(EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx);

--- a/crypto/ec/ec_point.c
+++ b/crypto/ec/ec_point.c
@@ -157,7 +157,7 @@ EC_POINT *ECP_generate(BIGNUM *x, BIGNUM *z,EC *E, BN_CTX *ctx)
 	int Pnorm, Pinfty, X0, A0;
 	assert(E != NULL);
-	assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
+	assert(E->A != NULL && E->B != NULL && E->p != NULL);
 	assert(ctx != NULL);
@@ -559,7 +559,7 @@ int ECP_double(EC_POINT *R, EC_POINT *P, EC *E, BN_CTX *ctx)
 	assert(R->X != NULL && R->Y != NULL && R->Z != NULL);
 	assert(E != NULL);
-	assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
+	assert(E->A != NULL && E->B != NULL && E->p != NULL);
 	assert(ctx != NULL);
@@ -664,8 +664,7 @@ int ECP_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_CTX *ctx)
 	assert(R->X != NULL && R->Y != NULL && R->Z != NULL);
 	assert(E != NULL);
-	assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
+	assert(E->A != NULL && E->B != NULL && E->p != NULL);
-	assert(!BN_is_zero(E->h));;
 	assert(ctx != NULL);
@@ -772,9 +771,10 @@ int ECP_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_CTX *ctx)
 	if (!BN_mod_mul(n5, n4, n5, p, ctx)) goto err;
 	if (!BN_mod_mul(n1, n2, n5, p, ctx)) goto err;
 	if (!BN_mod_sub(n0, n0, n1, p, ctx)) goto err;
-	if (!BN_mod_mul(R->Y, n0, E->h, p, ctx)) goto err;	/* Y = (L6 * L9 - L8 * L5^3) / 2 */
+	if (BN_is_odd(n0))
+		if (!BN_add(n0, n0, p)) goto err;
+	/* now  0 <= n0 < 2*p,  and n0 is even */
+	if (!BN_rshift1(R->Y, n0)) goto err;			/* Y = (L6 * L9 - L8 * L5^3) / 2 */
 #ifdef TEST
 	if (!ECP_is_on_ec(R, E, ctx)) return 0;
@@ -849,7 +849,7 @@ int ECP_multiply(EC_POINT *R, BIGNUM *k, ECP_PRECOMPUTE *prec, EC *E, BN_CTX *ct
 	assert(R->X != NULL && R->Y != NULL && R->Z != NULL);
 	assert(E != NULL);
-	assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
+	assert(E->A != NULL && E->B != NULL && E->p != NULL);
 	assert(k != NULL);
 	assert(!k->neg);
@@ -1068,7 +1068,7 @@ int ECP_mont_double(EC_POINT *R, EC_POINT *P, EC *E, BN_MONTGOMERY *mont, BN_CTX
 	assert(R->X != NULL && R->Y != NULL && R->Z != NULL);
 	assert(E != NULL);
-	assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
+	assert(E->A != NULL && E->B != NULL && E->p != NULL);
 	assert(ctx != NULL);
@@ -1153,8 +1153,7 @@ int ECP_mont_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_MONTGOMERY *mo
 	assert(R->X != NULL && R->Y != NULL && R->Z != NULL);
 	assert(E != NULL);
-	assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
+	assert(E->A != NULL && E->B != NULL && E->p != NULL);
-	assert(!BN_is_zero(E->h));;
 	assert(ctx != NULL);
@@ -1252,8 +1251,10 @@ int ECP_mont_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_MONTGOMERY *mo
 	if (!BN_mont_mod_mul(n6, n4, n5, mont)) goto err;
 	if (!BN_mont_mod_mul(n1, n2, n6, mont)) goto err;
 	if (!BN_mod_sub_quick(n0, n0, n1, p)) goto err;
-	if (!BN_mont_mod_mul(R->Y, n0, E->h, mont)) goto err;	/* Y = (L6 * L9 - L8 * L5^3) / 2 */
+	if (BN_is_odd(n0))
+		if (!BN_add(n0, n0, p)) goto err;
+	/* now  0 <= n0 < 2*p,  and n0 is even */
+	if (!BN_rshift1(R->Y, n0)) goto err;				/* Y = (L6 * L9 - L8 * L5^3) / 2 */
 	BN_CTX_end(ctx);
 	return 1;
@@ -1331,7 +1332,7 @@ int ECP_mont_multiply(EC_POINT *R, BIGNUM *k, ECP_PRECOMPUTE *prec, EC *E, BN_MO
 	assert(R->X != NULL && R->Y != NULL && R->Z != NULL);
 	assert(E != NULL);
-	assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
+	assert(E->A != NULL && E->B != NULL && E->p != NULL);
 	assert(k != NULL);
 	assert(!k->neg);
@@ -1421,7 +1422,7 @@ int ECP_mont_multiply2(EC_POINT *R, BIGNUM *k, EC_POINT *P, EC *E, BN_MONTGOMERY
 	assert(P->X != NULL && P->Y != NULL && P->Z != NULL);
 	assert(E != NULL);
-	assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
+	assert(E->A != NULL && E->B != NULL && E->p != NULL);
 	assert(k != NULL);
 	assert(!k->neg);