Merge pull request #3209 from aurel32/fix-ecp_double_add_mxz

Fix wrong modulo call in ecp_double_add_mxz
2024-11-26 12:15:41 +01:00 · 2020-04-24 09:28:17 +02:00 · 2020-04-24 09:28:17 +02:00 · b1c8e41ae3
commit b1c8e41ae3
parent 494f6cb823 66deb38d64
2 changed files with 5 additions and 1 deletions
--- a/ChangeLog.d/fix-ecp_double_add_mxz.txt
+++ b/ChangeLog.d/fix-ecp_double_add_mxz.txt
@ -0,0 +1,4 @@
+Changes
+   * Fix minor performance issue in operations on Curve25519 caused by using a
+     suboptimal modular reduction in one place. Found and fix contributed by
+     Aurelien Jarno in #3209.
--- a/library/ecp.c
+++ b/library/ecp.c
@ -2332,7 +2332,7 @@ static int ecp_double_add_mxz( const mbedtls_ecp_group *grp,
    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &D,    &Q->X,   &Q->Z ) );
    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &DA,   &D,      &A    ) );
    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &CB,   &C,      &B    ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &S->X, &DA,     &CB   ) ); MOD_MUL( S->X );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &S->X, &DA,     &CB   ) );
    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->X, &S->X,   &S->X ) );
    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S->Z, &DA,     &CB   ) );
    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, &S->Z,   &S->Z ) );