mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 00:05:36 +01:00
Avoid superflous randomization with restartable
Checking the budget only after the randomization is done means sometimes we were randomizing first, then noticing we ran out of budget, return, come back and randomize again before we finally normalize. While this is fine from a correctness and security perspective, it's a minor inefficiency, and can also be disconcerting while debugging, so we might as well avoid it. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
c7295f5416
commit
18b0b3c4b5
@ -2073,6 +2073,7 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp,
|
|||||||
rs_ctx->rsm->state = ecp_rsm_final_norm;
|
rs_ctx->rsm->state = ecp_rsm_final_norm;
|
||||||
|
|
||||||
final_norm:
|
final_norm:
|
||||||
|
MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV );
|
||||||
#endif
|
#endif
|
||||||
/*
|
/*
|
||||||
* Knowledge of the jacobian coordinates may leak the last few bits of the
|
* Knowledge of the jacobian coordinates may leak the last few bits of the
|
||||||
@ -2090,7 +2091,6 @@ final_norm:
|
|||||||
#endif
|
#endif
|
||||||
MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) );
|
MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) );
|
||||||
|
|
||||||
MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV );
|
|
||||||
MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) );
|
MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||||
|
Loading…
Reference in New Issue
Block a user