commit 3f3358ac150465fafffaf1c51c2928dd2b2018a9
author Brian Smith <brian@briansmith.org> Fri Mar 25 14:29:52 2016 -1000
committer David Benjamin <davidben@google.com> Wed Apr 20 22:58:36 2016 +0000
tree 32fcec52ea525503a78ec2d24786908654c23d6e
parent a7aa2bb8f86f9891bba9d05544e2b9796b2da864

Save one call to |ecp_nistz256_from_mont| in |ecp_nistz256_get_affine|.

Change-Id: I38faa5c4e9101c100614ebadf421bde0a05af360
Reviewed-on: https://boringssl-review.googlesource.com/7589
Reviewed-by: David Benjamin <davidben@google.com>

crypto/ec/p256-x86_64.c

diff --git a/crypto/ec/p256-x86_64.c b/crypto/ec/p256-x86_64.c
index b11e37f..e1afec4 100644
--- a/crypto/ec/p256-x86_64.c
+++ b/crypto/ec/p256-x86_64.c
@@ -519,32 +519,32 @@
   ecp_nistz256_mod_inverse(z_inv3, point_z);
   ecp_nistz256_sqr_mont(z_inv2, z_inv3);
 
-  if (x != NULL) {
-    BN_ULONG x_aff[P256_LIMBS];
+  /* Instead of using |ecp_nistz256_from_mont| to convert the |x| coordinate
+   * and then calling |ecp_nistz256_from_mont| again to convert the |y|
+   * coordinate below, convert the common factor |z_inv2| once now, saving one
+   * reduction. */
+  ecp_nistz256_from_mont(z_inv2, z_inv2);
 
-    ecp_nistz256_mul_mont(x_aff, z_inv2, point_x);
+  if (x != NULL) {
     if (bn_wexpand(x, P256_LIMBS) == NULL) {
       OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
       return 0;
     }
     x->top = P256_LIMBS;
     x->neg = 0;
-    ecp_nistz256_from_mont(x->d, x_aff);
+    ecp_nistz256_mul_mont(x->d, z_inv2, point_x);
     bn_correct_top(x);
   }
 
   if (y != NULL) {
-    BN_ULONG y_aff[P256_LIMBS];
-
     ecp_nistz256_mul_mont(z_inv3, z_inv3, z_inv2);
-    ecp_nistz256_mul_mont(y_aff, z_inv3, point_y);
     if (bn_wexpand(y, P256_LIMBS) == NULL) {
       OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
       return 0;
     }
     y->top = P256_LIMBS;
     y->neg = 0;
-    ecp_nistz256_from_mont(y->d, y_aff);
+    ecp_nistz256_mul_mont(y->d, z_inv3, point_y);
     bn_correct_top(y);
   }