crypto/ec/curve25519.c: remove redundant fe[51]_cswap.

3 least significant bits of the input scalar are explicitly cleared, hence swap variable has fixed value [of zero] upon exit from the loop. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5408)
author: Andy Polyakov <appro@openssl.org> 2018-02-19 15:00:59 +0100
committer: Andy Polyakov <appro@openssl.org> 2018-02-21 10:12:55 +0100
commit: 127d6cf747652a182636597cbdf4d0d49d2e661a (patch)
tree: ee74206ffe71d2ad493aceb6af73b121c8f24dc1 /crypto
parent: 59bf467ccaff27ab2ffe7243b3a334675fea8ed9 (diff)
1 files changed, 0 insertions, 4 deletions
diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c
index 2c0bd5fcf4..63ec53171c 100644
--- a/crypto/ec/curve25519.c
+++ b/crypto/ec/curve25519.c
@@ -471,8 +471,6 @@ static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
         fe51_mul(z3, x1, z2);
         fe51_mul(z2, tmp1, tmp0);
     }
-    fe51_cswap(x2, x3, swap);
-    fe51_cswap(z2, z3, swap);
 
     fe51_invert(z2, z2);
     fe51_mul(x2, x2, z2);
@@ -4050,8 +4048,6 @@ static void x25519_scalar_mult_generic(uint8_t out[32],
     fe_mul(z3, x1, z2);
     fe_mul(z2, tmp1, tmp0);
   }
-  fe_cswap(x2, x3, swap);
-  fe_cswap(z2, z3, swap);
 
   fe_invert(z2, z2);
   fe_mul(x2, x2, z2);
author	Andy Polyakov <appro@openssl.org>	2018-02-19 15:00:59 +0100
committer	Andy Polyakov <appro@openssl.org>	2018-02-21 10:12:55 +0100
commit	127d6cf747652a182636597cbdf4d0d49d2e661a (patch)
tree	ee74206ffe71d2ad493aceb6af73b121c8f24dc1 /crypto
parent	59bf467ccaff27ab2ffe7243b3a334675fea8ed9 (diff)