OpenSSL: Speed up crypto_ec_point_compute_y_sqr()

Optimize the calculation by computing (x^2 + a) first to get rid of one
separate multiplication by x.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index ef669c40847436a82dc3af79f2153028cc09fa10..f8bb7b8e88de2acb2041c612e66a5198a326a949 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -1942,29 +1942,23 @@ struct crypto_bignum *
 crypto_ec_point_compute_y_sqr(struct crypto_ec *e,
                              const struct crypto_bignum *x)
 {
-       BIGNUM *tmp, *tmp2, *y_sqr = NULL;
+       BIGNUM *tmp;
 
        if (TEST_FAIL())
                return NULL;
 
        tmp = BN_new();
-       tmp2 = BN_new();
 
-       /* y^2 = x^3 + ax + b */
-       if (tmp && tmp2 &&
+       /* y^2 = x^3 + ax + b = (x^2 + a)x + b */
+       if (tmp &&
            BN_mod_sqr(tmp, (const BIGNUM *) x, e->prime, e->bnctx) &&
+           BN_mod_add_quick(tmp, e->a, tmp, e->prime) &&
            BN_mod_mul(tmp, tmp, (const BIGNUM *) x, e->prime, e->bnctx) &&
-           BN_mod_mul(tmp2, e->a, (const BIGNUM *) x, e->prime, e->bnctx) &&
-           BN_mod_add_quick(tmp2, tmp2, tmp, e->prime) &&
-           BN_mod_add_quick(tmp2, tmp2, e->b, e->prime)) {
-               y_sqr = tmp2;
-               tmp2 = NULL;
-       }
+           BN_mod_add_quick(tmp, tmp, e->b, e->prime))
+               return (struct crypto_bignum *) tmp;
 
        BN_clear_free(tmp);
-       BN_clear_free(tmp2);
-
-       return (struct crypto_bignum *) y_sqr;
+       return NULL;
 }