EC_set_half and the 'h' component of struct bn_ec_struct are unnecessary.

The computations for which h was used can be done more efficiently
by using BN_rshift1.

diff --git a/crypto/ec/ec.c b/crypto/ec/ec.c
index df54b47c0bd65154420d37f4fb6658c2e8dfb1dd..c7a1bb013cada2f09db24cf477edd703dd1318cb 100644 (file)
--- a/crypto/ec/ec.c
+++ b/crypto/ec/ec.c
@@ -27,15 +27,13 @@ EC *EC_new()
        ret->A = BN_new();
        ret->B = BN_new();
        ret->p = BN_new();
-       ret->h = BN_new();
        ret->is_in_mont = 0;
 
-       if (ret->A == NULL || ret->B == NULL || ret->p == NULL || ret->h == NULL)
+       if (ret->A == NULL || ret->B == NULL || ret->p == NULL)
        {
                if (ret->A != NULL) BN_free(ret->A);
                if (ret->B != NULL) BN_free(ret->B);
                if (ret->p != NULL) BN_free(ret->p);
-               if (ret->h != NULL) BN_free(ret->h);
                free(ret);
                return(NULL);
        }
@@ -50,7 +48,6 @@ void EC_clear_free(EC *E)
        if (E->A != NULL) BN_clear_free(E->A);
        if (E->B != NULL) BN_clear_free(E->B);
        if (E->p != NULL) BN_clear_free(E->p);
-       if (E->h != NULL) BN_clear_free(E->h);
        E->is_in_mont = 0;
        free(E);
 }
@@ -60,7 +57,7 @@ void EC_clear_free(EC *E)
 int EC_to_montgomery(EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx)
 {
        assert(E != NULL);
-       assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
+       assert(E->A != NULL && E->B != NULL && E->p != NULL);
 
        assert(mont != NULL);
        assert(mont->p != NULL);
@@ -75,9 +72,6 @@ int EC_to_montgomery(EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx)
        if (!BN_lshift(E->B, E->B, mont->R_num_bits)) return 0;
        if (!BN_mod(E->B, E->B, mont->p, ctx)) return 0;
 
-       if (!BN_lshift(E->h, E->h, mont->R_num_bits)) return 0;
-       if (!BN_mod(E->h, E->h, mont->p, ctx)) return 0;
-
        E->is_in_mont = 1;
        return 1;
 
@@ -87,7 +81,7 @@ int EC_to_montgomery(EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx)
 int EC_from_montgomery(EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx)
 {
        assert(E != NULL);
-       assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
+       assert(E->A != NULL && E->B != NULL && E->p != NULL);
 
        assert(mont != NULL);
        assert(mont->p != NULL);
@@ -98,23 +92,8 @@ int EC_from_montgomery(EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx)
 
        if (!BN_mont_red(E->A, mont)) return 0;
        if (!BN_mont_red(E->B, mont)) return 0;
-       if (!BN_mont_red(E->h, mont)) return 0;
 
        E->is_in_mont = 0;
        return 1;
 }
 #endif /* MONTGOMERY */
-
-int EC_set_half(EC *E)
-/* h <- 1/2 mod p = (p + 1)/2 */
-{
-       assert(E != NULL);
-       assert(E->p != NULL);
-       assert(E->h != NULL);
-       assert(!E->is_in_mont);
-
-       if (BN_copy(E->h, E->p) == NULL) return 0; 
-       if (!BN_add_word(E->h, 1)) return 0;
-       if (!BN_rshift1(E->h, E->h)) return 0; 
-       return 1;
-}

diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h
index dd7a4b892f90fbeeee0f16bfebbff36c34278100..eb1ce0c494d6a7c5dc93e5979c30966b6fcc594b 100644 (file)
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
@@ -19,7 +19,7 @@
 
 typedef struct bn_ec_struct            /* E: y^2 = x^3 + Ax + B  (mod p) */
 {
-       BIGNUM  *A, *B, *p, *h;         /* h = 1/2 mod p = (p + 1)/2 */
+       BIGNUM  *A, *B, *p;
        int is_in_mont;
 } EC;
 
@@ -44,7 +44,6 @@ typedef struct bn_ecp_precompute_struct /* Pi[i] = [2i + 1]P  i = 0..2^{r-1} - 1
 
 EC *EC_new();
 void EC_clear_free(EC *E);
-int EC_set_half(EC *E);
 #ifdef MONTGOMERY
 int EC_to_montgomery(EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx);
 int EC_from_montgomery(EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx);

diff --git a/crypto/ec/ec_point.c b/crypto/ec/ec_point.c
index 5dd2da3b1133aa84dc30390b2b2aa4e6c94dff44..11c4aac332eae6a9579715648054493a99bf4aa9 100644 (file)
--- a/crypto/ec/ec_point.c
+++ b/crypto/ec/ec_point.c
@@ -157,7 +157,7 @@ EC_POINT *ECP_generate(BIGNUM *x, BIGNUM *z,EC *E, BN_CTX *ctx)
        int Pnorm, Pinfty, X0, A0;
 
        assert(E != NULL);
-       assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
+       assert(E->A != NULL && E->B != NULL && E->p != NULL);
 
        assert(ctx != NULL);
 
@@ -559,7 +559,7 @@ int ECP_double(EC_POINT *R, EC_POINT *P, EC *E, BN_CTX *ctx)
        assert(R->X != NULL && R->Y != NULL && R->Z != NULL);
 
        assert(E != NULL);
-       assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
+       assert(E->A != NULL && E->B != NULL && E->p != NULL);
 
        assert(ctx != NULL);
 
@@ -664,8 +664,7 @@ int ECP_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_CTX *ctx)
        assert(R->X != NULL && R->Y != NULL && R->Z != NULL);
 
        assert(E != NULL);
-       assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
-       assert(!BN_is_zero(E->h));;
+       assert(E->A != NULL && E->B != NULL && E->p != NULL);
 
        assert(ctx != NULL);
 
@@ -772,9 +771,10 @@ int ECP_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_CTX *ctx)
        if (!BN_mod_mul(n5, n4, n5, p, ctx)) goto err;
        if (!BN_mod_mul(n1, n2, n5, p, ctx)) goto err;
        if (!BN_mod_sub(n0, n0, n1, p, ctx)) goto err;
-       if (!BN_mod_mul(R->Y, n0, E->h, p, ctx)) goto err;      /* Y = (L6 * L9 - L8 * L5^3) / 2 */
-
-
+       if (BN_is_odd(n0))
+               if (!BN_add(n0, n0, p)) goto err;
+       /* now  0 <= n0 < 2*p,  and n0 is even */
+       if (!BN_rshift1(R->Y, n0)) goto err;                    /* Y = (L6 * L9 - L8 * L5^3) / 2 */
 
 #ifdef TEST
        if (!ECP_is_on_ec(R, E, ctx)) return 0;
@@ -849,7 +849,7 @@ int ECP_multiply(EC_POINT *R, BIGNUM *k, ECP_PRECOMPUTE *prec, EC *E, BN_CTX *ct
        assert(R->X != NULL && R->Y != NULL && R->Z != NULL);
 
        assert(E != NULL);
-       assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
+       assert(E->A != NULL && E->B != NULL && E->p != NULL);
 
        assert(k != NULL);
        assert(!k->neg);
@@ -1068,7 +1068,7 @@ int ECP_mont_double(EC_POINT *R, EC_POINT *P, EC *E, BN_MONTGOMERY *mont, BN_CTX
        assert(R->X != NULL && R->Y != NULL && R->Z != NULL);
 
        assert(E != NULL);
-       assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
+       assert(E->A != NULL && E->B != NULL && E->p != NULL);
 
        assert(ctx != NULL);
        
@@ -1153,8 +1153,7 @@ int ECP_mont_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_MONTGOMERY *mo
        assert(R->X != NULL && R->Y != NULL && R->Z != NULL);
 
        assert(E != NULL);
-       assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
-       assert(!BN_is_zero(E->h));;
+       assert(E->A != NULL && E->B != NULL && E->p != NULL);
 
        assert(ctx != NULL);
 
@@ -1252,8 +1251,10 @@ int ECP_mont_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_MONTGOMERY *mo
        if (!BN_mont_mod_mul(n6, n4, n5, mont)) goto err;
        if (!BN_mont_mod_mul(n1, n2, n6, mont)) goto err;
        if (!BN_mod_sub_quick(n0, n0, n1, p)) goto err;
-       if (!BN_mont_mod_mul(R->Y, n0, E->h, mont)) goto err;   /* Y = (L6 * L9 - L8 * L5^3) / 2 */
-
+       if (BN_is_odd(n0))
+               if (!BN_add(n0, n0, p)) goto err;
+       /* now  0 <= n0 < 2*p,  and n0 is even */
+       if (!BN_rshift1(R->Y, n0)) goto err;                            /* Y = (L6 * L9 - L8 * L5^3) / 2 */
 
        BN_CTX_end(ctx);
        return 1;
@@ -1331,7 +1332,7 @@ int ECP_mont_multiply(EC_POINT *R, BIGNUM *k, ECP_PRECOMPUTE *prec, EC *E, BN_MO
        assert(R->X != NULL && R->Y != NULL && R->Z != NULL);
 
        assert(E != NULL);
-       assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
+       assert(E->A != NULL && E->B != NULL && E->p != NULL);
 
        assert(k != NULL);
        assert(!k->neg);
@@ -1421,7 +1422,7 @@ int ECP_mont_multiply2(EC_POINT *R, BIGNUM *k, EC_POINT *P, EC *E, BN_MONTGOMERY
        assert(P->X != NULL && P->Y != NULL && P->Z != NULL);
 
        assert(E != NULL);
-       assert(E->A != NULL && E->B != NULL && E->p != NULL && E->h != NULL);
+       assert(E->A != NULL && E->B != NULL && E->p != NULL);
 
        assert(k != NULL);
        assert(!k->neg);