fast reduction for NIST curves

[openssl.git] / crypto / ec / ec_cvt.c

diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c
index 01453a283c711e88c92c2e14edaed455d577383b..20782569a9faddf1332869e3e624b60ab379c3c4 100644 (file)
--- a/crypto/ec/ec_cvt.c
+++ b/crypto/ec/ec_cvt.c
@@ -1,4 +1,7 @@
 /* crypto/ec/ec_cvt.c */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -79,6 +82,7 @@
  *
  */
 
+#include <openssl/err.h>
 #include "ec_lcl.h"
 
 
@@ -86,11 +90,8 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM
        {
        const EC_METHOD *meth;
        EC_GROUP *ret;
-       
-       /* Finally, this will use EC_GFp_nist_method if 'p' is a special
-        * prime with optimized modular arithmetics (for NIST curves)
-        */
-       meth = EC_GFp_mont_method();
+
+       meth = EC_GFp_nist_method();
        
        ret = EC_GROUP_new(meth);
        if (ret == NULL)
@@ -98,8 +99,21 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM
 
        if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
                {
+               /* remove the last error code form the error queue */
+               ERR_get_error();
+               /* try the normal mont method */
                EC_GROUP_clear_free(ret);
-               return NULL;
+               meth = EC_GFp_mont_method();
+
+               ret = EC_GROUP_new(meth);
+               if (ret == NULL)
+                       return NULL;
+
+               if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
+                       {
+                       EC_GROUP_clear_free(ret);
+                       return NULL;
+                       }
                }
 
        return ret;