wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

crypto/ec/curve25519.c: remove redundant fe[51]_cswap.

Browse source 
3 least significant bits of the input scalar are explicitly cleared,
hence swap variable has fixed value [of zero] upon exit from the loop.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/5408)
This commit is contained in:
Andy Polyakov 2018-02-19 15:00:59 +01:00
parent 59bf467cca
commit 127d6cf747
1 changed files with 0 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
crypto/ec/curve25519.c
View file

@ -471,8 +471,6 @@ static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
fe51_mul(z3, x1, z2);
fe51_mul(z2, tmp1, tmp0);
}
fe51_cswap(x2, x3, swap);
fe51_cswap(z2, z3, swap);
fe51_invert(z2, z2);
fe51_mul(x2, x2, z2);
@ -4050,8 +4048,6 @@ static void x25519_scalar_mult_generic(uint8_t out[32],
fe_mul(z3, x1, z2);
fe_mul(z2, tmp1, tmp0);
}
fe_cswap(x2, x3, swap);
fe_cswap(z2, z3, swap);
fe_invert(z2, z2);
fe_mul(x2, x2, z2);