Avoid hard-coded linkage of WNAF-based multiplication.

If the application is only using the P-256 implementation in p256-64.c, then the WNAF code would all be dead code. The change reorganizes the code so that all modern toolchains should be able to recognize that fact and eliminate the WNAF-based code when it is unused. Change-Id: I9f94bd934ca7d2292de4c29bb89e17c940c7cd2a Reviewed-on: https://boringssl-review.googlesource.com/6173 Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-07 18:52:05 -10:00 · 2015-10-07 18:52:05 -10:00 · f0523e9f20
commit f0523e9f20
parent 80c5fabc63
7 changed files with 16 additions and 32 deletions
--- a/crypto/ec/ec.c
+++ b/crypto/ec/ec.c
@ -569,12 +569,7 @@ int EC_GROUP_get_degree(const EC_GROUP *group) {
 }

 int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) {
-  if (group->meth->mul == 0) {
-    /* use default */
-    return ec_wNAF_precompute_mult(group, ctx);
-  }
-
-  if (group->meth->precompute_mult != 0) {
+  if (group->meth->precompute_mult != NULL) {
    return group->meth->precompute_mult(group, ctx);
  }

@ -582,16 +577,10 @@ int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) {
 }

 int EC_GROUP_have_precompute_mult(const EC_GROUP *group) {
-  if (group->meth->mul == 0) {
-    /* use default */
-    return ec_wNAF_have_precompute_mult(group);
+  if (group->pre_comp != NULL) {
+    return 1;
  }
-
-  if (group->meth->have_precompute_mult != 0) {
-    return group->meth->have_precompute_mult(group);
-  }
-
-  return 0; /* cannot tell whether precomputation has been performed */
+  return 0;
 }

 EC_POINT *EC_POINT_new(const EC_GROUP *group) {
@ -797,9 +786,15 @@ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
 int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                  size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
                  BN_CTX *ctx) {
-  if (group->meth->mul == 0) {
-    /* use default. Warning, not constant-time. */
-    return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+  size_t i;
+  for (i = 0; i < num; i++) {
+    if (points[i]->meth != r->meth) {
+      break;
+    }
+  }
+  if (i != num) {
+    OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
+    return 0;
  }

  return group->meth->mul(group, r, scalar, num, points, scalars, ctx);
--- a/crypto/ec/ec_montgomery.c
+++ b/crypto/ec/ec_montgomery.c
@ -81,9 +81,8 @@ const EC_METHOD *EC_GFp_mont_method(void) {
                                ec_GFp_mont_group_copy,
                                ec_GFp_mont_group_set_curve,
                                ec_GFp_simple_point_get_affine_coordinates,
-                                0 /* mul */,
-                                0 /* precompute_mult */,
-                                0 /* have_precompute_mult */,
+                                ec_wNAF_mul /* XXX: Not constant time. */,
+                                ec_wNAF_precompute_mult,
                                ec_GFp_mont_field_mul,
                                ec_GFp_mont_field_sqr,
                                ec_GFp_mont_field_encode,
--- a/crypto/ec/internal.h
+++ b/crypto/ec/internal.h
@ -102,8 +102,6 @@ struct ec_method_st {
             size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
             BN_CTX *);
  int (*precompute_mult)(EC_GROUP *group, BN_CTX *);
-  int (*have_precompute_mult)(const EC_GROUP *group);
-

  /* internal functions */

@ -170,7 +168,6 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
                BN_CTX *);
 int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *);
-int ec_wNAF_have_precompute_mult(const EC_GROUP *group);

 /* method functions in simple.c */
 int ec_GFp_simple_group_init(EC_GROUP *);
--- a/crypto/ec/p224-64.c
+++ b/crypto/ec/p224-64.c
@ -1328,7 +1328,6 @@ const EC_METHOD *EC_GFp_nistp224_method(void) {
                                ec_GFp_nistp224_point_get_affine_coordinates,
                                ec_GFp_nistp224_points_mul,
                                0 /* precompute_mult */,
-                                0 /* have_precompute_mult */,
                                ec_GFp_simple_field_mul,
                                ec_GFp_simple_field_sqr,
                                0 /* field_encode */,
--- a/crypto/ec/p256-64.c
+++ b/crypto/ec/p256-64.c
@ -1908,7 +1908,7 @@ const EC_METHOD *EC_GFp_nistp256_method(void) {
      ec_GFp_simple_group_copy, ec_GFp_nistp256_group_set_curve,
      ec_GFp_nistp256_point_get_affine_coordinates,
      ec_GFp_nistp256_points_mul,
-      0 /* precompute_mult */, 0 /* have_precompute_mult */,
+      0 /* precompute_mult */,
      ec_GFp_simple_field_mul, ec_GFp_simple_field_sqr,
      0 /* field_encode */, 0 /* field_decode */, 0 /* field_set_to_one */
  };
--- a/crypto/ec/simple.c
+++ b/crypto/ec/simple.c
@ -85,7 +85,6 @@ const EC_METHOD *EC_GFp_simple_method(void) {
                                ec_GFp_simple_point_get_affine_coordinates,
                                0 /* mul */,
                                0 /* precompute_mult */,
-                                0 /* have_precompute_mult */,
                                ec_GFp_simple_field_mul,
                                ec_GFp_simple_field_sqr,
                                0 /* field_encode */,
--- a/crypto/ec/wnaf.c
+++ b/crypto/ec/wnaf.c
@ -846,8 +846,3 @@ err:
  EC_POINT_free(base);
  return ret;
 }
-
-
-int ec_wNAF_have_precompute_mult(const EC_GROUP *group) {
-  return group->pre_comp != NULL;
-}