From 384aa245ef989460783ead8f4af8783d630ef688 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Mon, 10 Jan 2022 16:30:52 +0200
Subject: [PATCH] OpenSSL: Speed up crypto_ec_point_compute_y_sqr()

Optimize the calculation by computing (x^2 + a) first to get rid of one
separate multiplication by x.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/crypto/crypto_openssl.c | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index ef669c408..f8bb7b8e8 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -1942,29 +1942,23 @@ struct crypto_bignum *
 crypto_ec_point_compute_y_sqr(struct crypto_ec *e,
 			      const struct crypto_bignum *x)
 {
-	BIGNUM *tmp, *tmp2, *y_sqr = NULL;
+	BIGNUM *tmp;
 
 	if (TEST_FAIL())
 		return NULL;
 
 	tmp = BN_new();
-	tmp2 = BN_new();
 
-	/* y^2 = x^3 + ax + b */
-	if (tmp && tmp2 &&
+	/* y^2 = x^3 + ax + b = (x^2 + a)x + b */
+	if (tmp &&
 	    BN_mod_sqr(tmp, (const BIGNUM *) x, e->prime, e->bnctx) &&
+	    BN_mod_add_quick(tmp, e->a, tmp, e->prime) &&
 	    BN_mod_mul(tmp, tmp, (const BIGNUM *) x, e->prime, e->bnctx) &&
-	    BN_mod_mul(tmp2, e->a, (const BIGNUM *) x, e->prime, e->bnctx) &&
-	    BN_mod_add_quick(tmp2, tmp2, tmp, e->prime) &&
-	    BN_mod_add_quick(tmp2, tmp2, e->b, e->prime)) {
-		y_sqr = tmp2;
-		tmp2 = NULL;
-	}
+	    BN_mod_add_quick(tmp, tmp, e->b, e->prime))
+		return (struct crypto_bignum *) tmp;
 
 	BN_clear_free(tmp);
-	BN_clear_free(tmp2);
-
-	return (struct crypto_bignum *) y_sqr;
+	return NULL;
 }