From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 8 Jul 2024 16:01:34 +0000 (+0200)
Subject: Optimization of ossl_ec_key_public_check()
X-Git-Tag: openssl-3.4.0-alpha1~339
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b916940752e4de5922553b1cf482687dfc653f7a;p=thirdparty%2Fopenssl.git

Optimization of ossl_ec_key_public_check()

We can do just the quick check if cofactor == 1 as the
fact that the point is on the curve already implies
that order * point = infinity.

Fixes #21833

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24816)
---

diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 9bc4e032c55..b9a12bbf180 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -563,10 +563,16 @@ int ossl_ec_key_public_check(const EC_KEY *eckey, BN_CTX *ctx)
     int ret = 0;
     EC_POINT *point = NULL;
     const BIGNUM *order = NULL;
+    const BIGNUM *cofactor = EC_GROUP_get0_cofactor(eckey->group);
 
     if (!ossl_ec_key_public_check_quick(eckey, ctx))
         return 0;
 
+    if (cofactor != NULL && BN_is_one(cofactor)) {
+        /* Skip the unnecessary expensive computation for curves with cofactor of 1. */
+        return 1;
+    }
+
     point = EC_POINT_new(eckey->group);
     if (point == NULL)
         return 0;