diff options
| author | Brian Smith <brian@briansmith.org> | 2016-03-11 05:50:25 +0300 |
|---|---|---|
| committer | David Benjamin <davidben@google.com> | 2016-03-11 22:20:43 +0300 |
| commit | 6603b76f7616fe781ec6dcf3d66c82f29d776697 (patch) | |
| tree | bc71f6a1b696ef9723f76308314f5fc37ab7cefa /crypto/ec | |
| parent | 8542daa22d2cade301dfada99748d872a1f577af (diff) | |
Remove reduction in |ec_GFp_simple_set_Jprojective_coordinates_GFp|.
The (internal) constant-time callers of this function already do a
constant-time reduction before calling. And, nobody should be calling
this function with out-of-range coordinates anyway. So, just require
valid coordinates as input.
Further, this function is rarely called, so don't bother with the
optimization to avoid encoding Montgomery encoding of 1 for the Z
coordinate.
Change-Id: I637ffaf4d39135ca17214915b9a8582ea052eea8
Reviewed-on: https://boringssl-review.googlesource.com/7441
Reviewed-by: David Benjamin <davidben@google.com>
Diffstat (limited to 'crypto/ec')
| -rw-r--r-- | crypto/ec/simple.c | 54 |
1 files changed, 20 insertions, 34 deletions
diff --git a/crypto/ec/simple.c b/crypto/ec/simple.c index 1f353889..4f83110b 100644 --- a/crypto/ec/simple.c +++ b/crypto/ec/simple.c @@ -271,6 +271,22 @@ int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, return 1; } +static int set_Jprojective_coordinate_GFp(const EC_GROUP *group, BIGNUM *out, + const BIGNUM *in, BN_CTX *ctx) { + if (in == NULL) { + return 1; + } + if (BN_is_negative(in) || + BN_cmp(in, &group->field) >= 0) { + OPENSSL_PUT_ERROR(EC, EC_R_COORDINATES_OUT_OF_RANGE); + return 0; + } + if (group->meth->field_encode) { + return group->meth->field_encode(group, out, in, ctx); + } + return BN_copy(out, in) != NULL; +} + int ec_GFp_simple_set_Jprojective_coordinates_GFp( const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx) { @@ -284,40 +300,10 @@ int ec_GFp_simple_set_Jprojective_coordinates_GFp( } } - if (x != NULL) { - if (!BN_nnmod(&point->X, x, &group->field, ctx)) { - goto err; - } - if (group->meth->field_encode && - !group->meth->field_encode(group, &point->X, &point->X, ctx)) { - goto err; - } - } - - if (y != NULL) { - if (!BN_nnmod(&point->Y, y, &group->field, ctx)) { - goto err; - } - if (group->meth->field_encode && - !group->meth->field_encode(group, &point->Y, &point->Y, ctx)) { - goto err; - } - } - - if (z != NULL) { - if (!BN_nnmod(&point->Z, z, &group->field, ctx)) { - goto err; - } - int Z_is_one = BN_is_one(&point->Z); - if (group->meth->field_encode) { - if (Z_is_one) { - if (BN_copy(&point->Z, &group->one) == NULL) { - goto err; - } - } else if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) { - goto err; - } - } + if (!set_Jprojective_coordinate_GFp(group, &point->X, x, ctx) || + !set_Jprojective_coordinate_GFp(group, &point->Y, y, ctx) || + !set_Jprojective_coordinate_GFp(group, &point->Z, z, ctx)) { + goto err; } ret = 1; |