diff options
| author | tb <> | 2024-11-23 07:28:57 +0000 |
|---|---|---|
| committer | tb <> | 2024-11-23 07:28:57 +0000 |
| commit | 73c530b2be0c7fa5339689b03437a1961065e117 (patch) | |
| tree | 90254bec2ec995e71703ee6165f6f50ce978b7d4 /src | |
| parent | 4787a29394447314961ded43341dc5753d61eb08 (diff) | |
| download | openbsd-73c530b2be0c7fa5339689b03437a1961065e117.tar.gz openbsd-73c530b2be0c7fa5339689b03437a1961065e117.tar.bz2 openbsd-73c530b2be0c7fa5339689b03437a1961065e117.zip | |
Ditch the wNAF modification
This is another micro optimization that introduces needless complications
for the sake of saving a few cycles. Specifically, by ditching the rule
defining the wNAF representation (at most one of w+1 consecutive digits
is non-zero) for the topmost digits, one can sometimes save a few digits
at the cost of crazy loop conditions and other weirdness. That's not worth
it.
ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/ec/ec_mult.c | 15 |
1 files changed, 5 insertions, 10 deletions
diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c index 205e04032f..b7a9e346cf 100644 --- a/src/lib/libcrypto/ec/ec_mult.c +++ b/src/lib/libcrypto/ec/ec_mult.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ec_mult.c,v 1.47 2024/11/22 17:27:05 tb Exp $ */ | 1 | /* $OpenBSD: ec_mult.c,v 1.48 2024/11/23 07:28:57 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. | 3 | * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. |
| 4 | */ | 4 | */ |
| @@ -89,7 +89,8 @@ ec_window_bits(const BIGNUM *bn) | |||
| 89 | } | 89 | } |
| 90 | 90 | ||
| 91 | /* | 91 | /* |
| 92 | * Modified width-(w+1) non-adjacent form of bn. | 92 | * Width-(w+1) non-adjacent form of bn = \sum_j n_j 2^j, with odd n_j, |
| 93 | * where at most one of any (w+1) consecutive digits is non-zero. | ||
| 93 | */ | 94 | */ |
| 94 | 95 | ||
| 95 | static int | 96 | static int |
| @@ -98,7 +99,7 @@ ec_compute_wNAF(const BIGNUM *bn, signed char **out_wNAF, size_t *out_wNAF_len, | |||
| 98 | { | 99 | { |
| 99 | signed char *wNAF = NULL; | 100 | signed char *wNAF = NULL; |
| 100 | size_t wNAF_len = 1, len = 1; | 101 | size_t wNAF_len = 1, len = 1; |
| 101 | int digit, bit, next, mask, sign, wbits, window; | 102 | int digit, bit, next, sign, wbits, window; |
| 102 | size_t i; | 103 | size_t i; |
| 103 | int ret = 0; | 104 | int ret = 0; |
| 104 | 105 | ||
| @@ -124,8 +125,6 @@ ec_compute_wNAF(const BIGNUM *bn, signed char **out_wNAF, size_t *out_wNAF_len, | |||
| 124 | 125 | ||
| 125 | bit = 1 << wbits; | 126 | bit = 1 << wbits; |
| 126 | next = bit << 1; | 127 | next = bit << 1; |
| 127 | mask = next - 1; | ||
| 128 | |||
| 129 | 128 | ||
| 130 | /* Extract the wbits + 1 lowest bits from bn into window. */ | 129 | /* Extract the wbits + 1 lowest bits from bn into window. */ |
| 131 | window = 0; | 130 | window = 0; |
| @@ -147,12 +146,8 @@ ec_compute_wNAF(const BIGNUM *bn, signed char **out_wNAF, size_t *out_wNAF_len, | |||
| 147 | */ | 146 | */ |
| 148 | if ((window & 1) != 0) { | 147 | if ((window & 1) != 0) { |
| 149 | digit = window; | 148 | digit = window; |
| 150 | if ((window & bit) != 0) { | 149 | if ((window & bit) != 0) |
| 151 | digit = window - next; | 150 | digit = window - next; |
| 152 | |||
| 153 | if (i + wbits + 1 >= wNAF_len) | ||
| 154 | digit = window & (mask >> 1); | ||
| 155 | } | ||
| 156 | window -= digit; | 151 | window -= digit; |
| 157 | } | 152 | } |
| 158 | 153 | ||