From: tb Date: Thu, 24 Nov 2022 16:34:13 +0000 (+0000) Subject: Simplify y_bit handling in compressed coordinates X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=1877f4c78ed7f69ec32c466546a6b3a07622d685;p=openbsd Simplify y_bit handling in compressed coordinates If y_bit is set for a zero y, something is wrong and we can error directly. No need to run the non-trivial BN_kronecker() to check if BN_mod_sqrt() lied or not, only to set a more specific error code. ok jsing --- diff --git a/lib/libcrypto/ec/ecp_oct.c b/lib/libcrypto/ec/ecp_oct.c index 7c29e7e6128..5e3484e2bcf 100644 --- a/lib/libcrypto/ec/ecp_oct.c +++ b/lib/libcrypto/ec/ecp_oct.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_oct.c,v 1.16 2022/11/19 07:29:29 tb Exp $ */ +/* $OpenBSD: ecp_oct.c,v 1.17 2022/11/24 16:34:13 tb Exp $ */ /* Includes code written by Lenka Fibikova * for the OpenSSL project. * Includes code written by Bodo Moeller for the OpenSSL project. @@ -162,20 +162,7 @@ ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, } if (y_bit != BN_is_odd(y)) { if (BN_is_zero(y)) { - int kron; - - kron = BN_kronecker(x, &group->field, ctx); - if (kron == -2) - goto err; - - if (kron == 1) - ECerror(EC_R_INVALID_COMPRESSION_BIT); - else - /* - * BN_mod_sqrt() should have cought this - * error (not a square) - */ - ECerror(EC_R_INVALID_COMPRESSED_POINT); + ECerror(EC_R_INVALID_COMPRESSION_BIT); goto err; } if (!BN_usub(y, &group->field, y))