[openssl-commits] [openssl] master update
Andy Polyakov
appro at openssl.org
Mon Apr 20 12:46:08 UTC 2015
The branch master has been updated
via 4eb504aedf49a4acb55fa0a4fa9942d241ca8230 (commit)
via ace8f54691005da351bdc9cf8a03e94d4a1a7ac8 (commit)
from 2c6343bfa3665f1e574b9f93db185ac28037c095 (commit)
- Log -----------------------------------------------------------------
commit 4eb504aedf49a4acb55fa0a4fa9942d241ca8230
Author: Andy Polyakov <appro at openssl.org>
Date: Fri Mar 13 11:47:24 2015 +0100
crypto/ec/ecp_nistp[224|521].c: fix formatting.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit ace8f54691005da351bdc9cf8a03e94d4a1a7ac8
Author: Andy Polyakov <appro at openssl.org>
Date: Fri Mar 13 11:28:16 2015 +0100
ec/ecp_nistp*.c: fix SEGVs.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/ec/ecp_nistp224.c | 153 +++++++++++++++++------------------------
crypto/ec/ecp_nistp256.c | 20 +++---
crypto/ec/ecp_nistp521.c | 173 +++++++++++++++++++++++++----------------------
3 files changed, 166 insertions(+), 180 deletions(-)
diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c
index 76adc8a..6269cce 100644
--- a/crypto/ec/ecp_nistp224.c
+++ b/crypto/ec/ecp_nistp224.c
@@ -127,84 +127,55 @@ static const felem_bytearray nistp224_curve_params[5] = {
* locations when doing simple scalar multiplies against the base point,
* and then another four locations using the second 16 elements.
*/
-static const felem gmul[2][16][3] = { {{{0, 0, 0, 0},
- {0, 0, 0, 0},
- {0, 0, 0, 0}},
- {{0x3280d6115c1d21, 0xc1d356c2112234,
- 0x7f321390b94a03, 0xb70e0cbd6bb4bf},
- {0xd5819985007e34, 0x75a05a07476444,
- 0xfb4c22dfe6cd43, 0xbd376388b5f723},
- {1, 0, 0, 0}},
- {{0xfd9675666ebbe9, 0xbca7664d40ce5e,
- 0x2242df8d8a2a43, 0x1f49bbb0f99bc5},
- {0x29e0b892dc9c43, 0xece8608436e662,
- 0xdc858f185310d0, 0x9812dd4eb8d321},
- {1, 0, 0, 0}},
- {{0x6d3e678d5d8eb8, 0x559eed1cb362f1,
- 0x16e9a3bbce8a3f, 0xeedcccd8c2a748},
- {0xf19f90ed50266d, 0xabf2b4bf65f9df,
- 0x313865468fafec, 0x5cb379ba910a17},
- {1, 0, 0, 0}},
- {{0x0641966cab26e3, 0x91fb2991fab0a0,
- 0xefec27a4e13a0b, 0x0499aa8a5f8ebe},
- {0x7510407766af5d, 0x84d929610d5450,
- 0x81d77aae82f706, 0x6916f6d4338c5b},
- {1, 0, 0, 0}},
- {{0xea95ac3b1f15c6, 0x086000905e82d4,
- 0xdd323ae4d1c8b1, 0x932b56be7685a3},
- {0x9ef93dea25dbbf, 0x41665960f390f0,
- 0xfdec76dbe2a8a7, 0x523e80f019062a},
- {1, 0, 0, 0}},
- {{0x822fdd26732c73, 0xa01c83531b5d0f,
- 0x363f37347c1ba4, 0xc391b45c84725c},
- {0xbbd5e1b2d6ad24, 0xddfbcde19dfaec,
- 0xc393da7e222a7f, 0x1efb7890ede244},
- {1, 0, 0, 0}},
- {{0x4c9e90ca217da1, 0xd11beca79159bb,
- 0xff8d33c2c98b7c, 0x2610b39409f849},
- {0x44d1352ac64da0, 0xcdbb7b2c46b4fb,
- 0x966c079b753c89, 0xfe67e4e820b112},
- {1, 0, 0, 0}},
- {{0xe28cae2df5312d, 0xc71b61d16f5c6e,
- 0x79b7619a3e7c4c, 0x05c73240899b47},
- {0x9f7f6382c73e3a, 0x18615165c56bda,
- 0x641fab2116fd56, 0x72855882b08394},
- {1, 0, 0, 0}},
- {{0x0469182f161c09, 0x74a98ca8d00fb5,
- 0xb89da93489a3e0, 0x41c98768fb0c1d},
- {0xe5ea05fb32da81, 0x3dce9ffbca6855,
- 0x1cfe2d3fbf59e6, 0x0e5e03408738a7},
- {1, 0, 0, 0}},
- {{0xdab22b2333e87f, 0x4430137a5dd2f6,
- 0xe03ab9f738beb8, 0xcb0c5d0dc34f24},
- {0x764a7df0c8fda5, 0x185ba5c3fa2044,
- 0x9281d688bcbe50, 0xc40331df893881},
- {1, 0, 0, 0}},
- {{0xb89530796f0f60, 0xade92bd26909a3,
- 0x1a0c83fb4884da, 0x1765bf22a5a984},
- {0x772a9ee75db09e, 0x23bc6c67cec16f,
- 0x4c1edba8b14e2f, 0xe2a215d9611369},
- {1, 0, 0, 0}},
- {{0x571e509fb5efb3, 0xade88696410552,
- 0xc8ae85fada74fe, 0x6c7e4be83bbde3},
- {0xff9f51160f4652, 0xb47ce2495a6539,
- 0xa2946c53b582f4, 0x286d2db3ee9a60},
- {1, 0, 0, 0}},
- {{0x40bbd5081a44af, 0x0995183b13926c,
- 0xbcefba6f47f6d0, 0x215619e9cc0057},
- {0x8bc94d3b0df45e, 0xf11c54a3694f6f,
- 0x8631b93cdfe8b5, 0xe7e3f4b0982db9},
- {1, 0, 0, 0}},
- {{0xb17048ab3e1c7b, 0xac38f36ff8a1d8,
- 0x1c29819435d2c6, 0xc813132f4c07e9},
- {0x2891425503b11f, 0x08781030579fea,
- 0xf5426ba5cc9674, 0x1e28ebf18562bc},
- {1, 0, 0, 0}},
- {{0x9f31997cc864eb, 0x06cd91d28b5e4c,
- 0xff17036691a973, 0xf1aef351497c58},
- {0xdd1f2d600564ff, 0xdead073b1402db,
- 0x74a684435bd693, 0xeea7471f962558},
- {1, 0, 0, 0}}},
+static const felem gmul[2][16][3] = {
+{{{0, 0, 0, 0},
+ {0, 0, 0, 0},
+ {0, 0, 0, 0}},
+ {{0x3280d6115c1d21, 0xc1d356c2112234, 0x7f321390b94a03, 0xb70e0cbd6bb4bf},
+ {0xd5819985007e34, 0x75a05a07476444, 0xfb4c22dfe6cd43, 0xbd376388b5f723},
+ {1, 0, 0, 0}},
+ {{0xfd9675666ebbe9, 0xbca7664d40ce5e, 0x2242df8d8a2a43, 0x1f49bbb0f99bc5},
+ {0x29e0b892dc9c43, 0xece8608436e662, 0xdc858f185310d0, 0x9812dd4eb8d321},
+ {1, 0, 0, 0}},
+ {{0x6d3e678d5d8eb8, 0x559eed1cb362f1, 0x16e9a3bbce8a3f, 0xeedcccd8c2a748},
+ {0xf19f90ed50266d, 0xabf2b4bf65f9df, 0x313865468fafec, 0x5cb379ba910a17},
+ {1, 0, 0, 0}},
+ {{0x0641966cab26e3, 0x91fb2991fab0a0, 0xefec27a4e13a0b, 0x0499aa8a5f8ebe},
+ {0x7510407766af5d, 0x84d929610d5450, 0x81d77aae82f706, 0x6916f6d4338c5b},
+ {1, 0, 0, 0}},
+ {{0xea95ac3b1f15c6, 0x086000905e82d4, 0xdd323ae4d1c8b1, 0x932b56be7685a3},
+ {0x9ef93dea25dbbf, 0x41665960f390f0, 0xfdec76dbe2a8a7, 0x523e80f019062a},
+ {1, 0, 0, 0}},
+ {{0x822fdd26732c73, 0xa01c83531b5d0f, 0x363f37347c1ba4, 0xc391b45c84725c},
+ {0xbbd5e1b2d6ad24, 0xddfbcde19dfaec, 0xc393da7e222a7f, 0x1efb7890ede244},
+ {1, 0, 0, 0}},
+ {{0x4c9e90ca217da1, 0xd11beca79159bb, 0xff8d33c2c98b7c, 0x2610b39409f849},
+ {0x44d1352ac64da0, 0xcdbb7b2c46b4fb, 0x966c079b753c89, 0xfe67e4e820b112},
+ {1, 0, 0, 0}},
+ {{0xe28cae2df5312d, 0xc71b61d16f5c6e, 0x79b7619a3e7c4c, 0x05c73240899b47},
+ {0x9f7f6382c73e3a, 0x18615165c56bda, 0x641fab2116fd56, 0x72855882b08394},
+ {1, 0, 0, 0}},
+ {{0x0469182f161c09, 0x74a98ca8d00fb5, 0xb89da93489a3e0, 0x41c98768fb0c1d},
+ {0xe5ea05fb32da81, 0x3dce9ffbca6855, 0x1cfe2d3fbf59e6, 0x0e5e03408738a7},
+ {1, 0, 0, 0}},
+ {{0xdab22b2333e87f, 0x4430137a5dd2f6, 0xe03ab9f738beb8, 0xcb0c5d0dc34f24},
+ {0x764a7df0c8fda5, 0x185ba5c3fa2044, 0x9281d688bcbe50, 0xc40331df893881},
+ {1, 0, 0, 0}},
+ {{0xb89530796f0f60, 0xade92bd26909a3, 0x1a0c83fb4884da, 0x1765bf22a5a984},
+ {0x772a9ee75db09e, 0x23bc6c67cec16f, 0x4c1edba8b14e2f, 0xe2a215d9611369},
+ {1, 0, 0, 0}},
+ {{0x571e509fb5efb3, 0xade88696410552, 0xc8ae85fada74fe, 0x6c7e4be83bbde3},
+ {0xff9f51160f4652, 0xb47ce2495a6539, 0xa2946c53b582f4, 0x286d2db3ee9a60},
+ {1, 0, 0, 0}},
+ {{0x40bbd5081a44af, 0x0995183b13926c, 0xbcefba6f47f6d0, 0x215619e9cc0057},
+ {0x8bc94d3b0df45e, 0xf11c54a3694f6f, 0x8631b93cdfe8b5, 0xe7e3f4b0982db9},
+ {1, 0, 0, 0}},
+ {{0xb17048ab3e1c7b, 0xac38f36ff8a1d8, 0x1c29819435d2c6, 0xc813132f4c07e9},
+ {0x2891425503b11f, 0x08781030579fea, 0xf5426ba5cc9674, 0x1e28ebf18562bc},
+ {1, 0, 0, 0}},
+ {{0x9f31997cc864eb, 0x06cd91d28b5e4c, 0xff17036691a973, 0xf1aef351497c58},
+ {0xdd1f2d600564ff, 0xdead073b1402db, 0x74a684435bd693, 0xeea7471f962558},
+ {1, 0, 0, 0}}},
{{{0, 0, 0, 0},
{0, 0, 0, 0},
{0, 0, 0, 0}},
@@ -544,11 +515,11 @@ static void felem_mul(widefelem out, const felem in1, const felem in2)
out[0] = ((widelimb) in1[0]) * in2[0];
out[1] = ((widelimb) in1[0]) * in2[1] + ((widelimb) in1[1]) * in2[0];
out[2] = ((widelimb) in1[0]) * in2[2] + ((widelimb) in1[1]) * in2[1] +
- ((widelimb) in1[2]) * in2[0];
+ ((widelimb) in1[2]) * in2[0];
out[3] = ((widelimb) in1[0]) * in2[3] + ((widelimb) in1[1]) * in2[2] +
- ((widelimb) in1[2]) * in2[1] + ((widelimb) in1[3]) * in2[0];
+ ((widelimb) in1[2]) * in2[1] + ((widelimb) in1[3]) * in2[0];
out[4] = ((widelimb) in1[1]) * in2[3] + ((widelimb) in1[2]) * in2[2] +
- ((widelimb) in1[3]) * in2[1];
+ ((widelimb) in1[3]) * in2[1];
out[5] = ((widelimb) in1[2]) * in2[3] + ((widelimb) in1[3]) * in2[2];
out[6] = ((widelimb) in1[3]) * in2[3];
}
@@ -1343,8 +1314,8 @@ int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group,
EC_R_POINT_AT_INFINITY);
return 0;
}
- if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) ||
- (!BN_to_felem(z1, &point->Z)))
+ if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) ||
+ (!BN_to_felem(z1, point->Z)))
return 0;
felem_inv(z2, z1);
felem_square(tmp, z2);
@@ -1525,7 +1496,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
* this is an unusual input, and we don't guarantee
* constant-timeness
*/
- if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) {
+ if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) {
ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
goto err;
}
@@ -1534,9 +1505,9 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
num_bytes = BN_bn2bin(p_scalar, tmp);
flip_endian(secrets[i], tmp, num_bytes);
/* precompute multiples */
- if ((!BN_to_felem(x_out, &p->X)) ||
- (!BN_to_felem(y_out, &p->Y)) ||
- (!BN_to_felem(z_out, &p->Z)))
+ if ((!BN_to_felem(x_out, p->X)) ||
+ (!BN_to_felem(y_out, p->Y)) ||
+ (!BN_to_felem(z_out, p->Z)))
goto err;
felem_assign(pre_comp[i][1][0], x_out);
felem_assign(pre_comp[i][1][1], y_out);
@@ -1571,7 +1542,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
* this is an unusual input, and we don't guarantee
* constant-timeness
*/
- if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
+ if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
goto err;
}
@@ -1654,9 +1625,9 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
ret = 1;
goto err;
}
- if ((!BN_to_felem(pre->g_pre_comp[0][1][0], &group->generator->X)) ||
- (!BN_to_felem(pre->g_pre_comp[0][1][1], &group->generator->Y)) ||
- (!BN_to_felem(pre->g_pre_comp[0][1][2], &group->generator->Z)))
+ if ((!BN_to_felem(pre->g_pre_comp[0][1][0], group->generator->X)) ||
+ (!BN_to_felem(pre->g_pre_comp[0][1][1], group->generator->Y)) ||
+ (!BN_to_felem(pre->g_pre_comp[0][1][2], group->generator->Z)))
goto err;
/*
* compute 2^56*G, 2^112*G, 2^168*G for the first table, 2^28*G, 2^84*G,
diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c
index 794520e..b42e96a 100644
--- a/crypto/ec/ecp_nistp256.c
+++ b/crypto/ec/ecp_nistp256.c
@@ -1930,8 +1930,8 @@ int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group,
EC_R_POINT_AT_INFINITY);
return 0;
}
- if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) ||
- (!BN_to_felem(z1, &point->Z)))
+ if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) ||
+ (!BN_to_felem(z1, point->Z)))
return 0;
felem_inv(z2, z1);
felem_square(tmp, z2);
@@ -2114,7 +2114,7 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
* this is an unusual input, and we don't guarantee
* constant-timeness
*/
- if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) {
+ if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) {
ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
goto err;
}
@@ -2123,9 +2123,9 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
num_bytes = BN_bn2bin(p_scalar, tmp);
flip_endian(secrets[i], tmp, num_bytes);
/* precompute multiples */
- if ((!BN_to_felem(x_out, &p->X)) ||
- (!BN_to_felem(y_out, &p->Y)) ||
- (!BN_to_felem(z_out, &p->Z)))
+ if ((!BN_to_felem(x_out, p->X)) ||
+ (!BN_to_felem(y_out, p->Y)) ||
+ (!BN_to_felem(z_out, p->Z)))
goto err;
felem_shrink(pre_comp[i][1][0], x_out);
felem_shrink(pre_comp[i][1][1], y_out);
@@ -2162,7 +2162,7 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
* this is an unusual input, and we don't guarantee
* constant-timeness
*/
- if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
+ if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
goto err;
}
@@ -2246,9 +2246,9 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
ret = 1;
goto err;
}
- if ((!BN_to_felem(x_tmp, &group->generator->X)) ||
- (!BN_to_felem(y_tmp, &group->generator->Y)) ||
- (!BN_to_felem(z_tmp, &group->generator->Z)))
+ if ((!BN_to_felem(x_tmp, group->generator->X)) ||
+ (!BN_to_felem(y_tmp, group->generator->Y)) ||
+ (!BN_to_felem(z_tmp, group->generator->Z)))
goto err;
felem_shrink(pre->g_pre_comp[0][1][0], x_tmp);
felem_shrink(pre->g_pre_comp[0][1][1], y_tmp);
diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c
index 7ceb1bc..2e4a651 100644
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@@ -430,19 +430,19 @@ static void felem_square(largefelem out, const felem in)
out[2] = ((uint128_t) in[0]) * inx2[2] + ((uint128_t) in[1]) * in[1];
out[3] = ((uint128_t) in[0]) * inx2[3] + ((uint128_t) in[1]) * inx2[2];
out[4] = ((uint128_t) in[0]) * inx2[4] +
- ((uint128_t) in[1]) * inx2[3] + ((uint128_t) in[2]) * in[2];
+ ((uint128_t) in[1]) * inx2[3] + ((uint128_t) in[2]) * in[2];
out[5] = ((uint128_t) in[0]) * inx2[5] +
- ((uint128_t) in[1]) * inx2[4] + ((uint128_t) in[2]) * inx2[3];
+ ((uint128_t) in[1]) * inx2[4] + ((uint128_t) in[2]) * inx2[3];
out[6] = ((uint128_t) in[0]) * inx2[6] +
- ((uint128_t) in[1]) * inx2[5] +
- ((uint128_t) in[2]) * inx2[4] + ((uint128_t) in[3]) * in[3];
+ ((uint128_t) in[1]) * inx2[5] +
+ ((uint128_t) in[2]) * inx2[4] + ((uint128_t) in[3]) * in[3];
out[7] = ((uint128_t) in[0]) * inx2[7] +
- ((uint128_t) in[1]) * inx2[6] +
- ((uint128_t) in[2]) * inx2[5] + ((uint128_t) in[3]) * inx2[4];
+ ((uint128_t) in[1]) * inx2[6] +
+ ((uint128_t) in[2]) * inx2[5] + ((uint128_t) in[3]) * inx2[4];
out[8] = ((uint128_t) in[0]) * inx2[8] +
- ((uint128_t) in[1]) * inx2[7] +
- ((uint128_t) in[2]) * inx2[6] +
- ((uint128_t) in[3]) * inx2[5] + ((uint128_t) in[4]) * in[4];
+ ((uint128_t) in[1]) * inx2[7] +
+ ((uint128_t) in[2]) * inx2[6] +
+ ((uint128_t) in[3]) * inx2[5] + ((uint128_t) in[4]) * in[4];
/*
* The remaining limbs fall above 2^521, with the first falling at 2^522.
@@ -455,21 +455,21 @@ static void felem_square(largefelem out, const felem in)
/* 9 */
out[0] += ((uint128_t) in[1]) * inx4[8] +
- ((uint128_t) in[2]) * inx4[7] +
- ((uint128_t) in[3]) * inx4[6] + ((uint128_t) in[4]) * inx4[5];
+ ((uint128_t) in[2]) * inx4[7] +
+ ((uint128_t) in[3]) * inx4[6] + ((uint128_t) in[4]) * inx4[5];
/* 10 */
out[1] += ((uint128_t) in[2]) * inx4[8] +
- ((uint128_t) in[3]) * inx4[7] +
- ((uint128_t) in[4]) * inx4[6] + ((uint128_t) in[5]) * inx2[5];
+ ((uint128_t) in[3]) * inx4[7] +
+ ((uint128_t) in[4]) * inx4[6] + ((uint128_t) in[5]) * inx2[5];
/* 11 */
out[2] += ((uint128_t) in[3]) * inx4[8] +
- ((uint128_t) in[4]) * inx4[7] + ((uint128_t) in[5]) * inx4[6];
+ ((uint128_t) in[4]) * inx4[7] + ((uint128_t) in[5]) * inx4[6];
/* 12 */
out[3] += ((uint128_t) in[4]) * inx4[8] +
- ((uint128_t) in[5]) * inx4[7] + ((uint128_t) in[6]) * inx2[6];
+ ((uint128_t) in[5]) * inx4[7] + ((uint128_t) in[6]) * inx2[6];
/* 13 */
out[4] += ((uint128_t) in[5]) * inx4[8] + ((uint128_t) in[6]) * inx4[7];
@@ -499,87 +499,101 @@ static void felem_mul(largefelem out, const felem in1, const felem in2)
out[0] = ((uint128_t) in1[0]) * in2[0];
- out[1] = ((uint128_t) in1[0]) * in2[1] + ((uint128_t) in1[1]) * in2[0];
+ out[1] = ((uint128_t) in1[0]) * in2[1] +
+ ((uint128_t) in1[1]) * in2[0];
out[2] = ((uint128_t) in1[0]) * in2[2] +
- ((uint128_t) in1[1]) * in2[1] + ((uint128_t) in1[2]) * in2[0];
+ ((uint128_t) in1[1]) * in2[1] +
+ ((uint128_t) in1[2]) * in2[0];
out[3] = ((uint128_t) in1[0]) * in2[3] +
- ((uint128_t) in1[1]) * in2[2] +
- ((uint128_t) in1[2]) * in2[1] + ((uint128_t) in1[3]) * in2[0];
+ ((uint128_t) in1[1]) * in2[2] +
+ ((uint128_t) in1[2]) * in2[1] +
+ ((uint128_t) in1[3]) * in2[0];
out[4] = ((uint128_t) in1[0]) * in2[4] +
- ((uint128_t) in1[1]) * in2[3] +
- ((uint128_t) in1[2]) * in2[2] +
- ((uint128_t) in1[3]) * in2[1] + ((uint128_t) in1[4]) * in2[0];
+ ((uint128_t) in1[1]) * in2[3] +
+ ((uint128_t) in1[2]) * in2[2] +
+ ((uint128_t) in1[3]) * in2[1] +
+ ((uint128_t) in1[4]) * in2[0];
out[5] = ((uint128_t) in1[0]) * in2[5] +
- ((uint128_t) in1[1]) * in2[4] +
- ((uint128_t) in1[2]) * in2[3] +
- ((uint128_t) in1[3]) * in2[2] +
- ((uint128_t) in1[4]) * in2[1] + ((uint128_t) in1[5]) * in2[0];
+ ((uint128_t) in1[1]) * in2[4] +
+ ((uint128_t) in1[2]) * in2[3] +
+ ((uint128_t) in1[3]) * in2[2] +
+ ((uint128_t) in1[4]) * in2[1] +
+ ((uint128_t) in1[5]) * in2[0];
out[6] = ((uint128_t) in1[0]) * in2[6] +
- ((uint128_t) in1[1]) * in2[5] +
- ((uint128_t) in1[2]) * in2[4] +
- ((uint128_t) in1[3]) * in2[3] +
- ((uint128_t) in1[4]) * in2[2] +
- ((uint128_t) in1[5]) * in2[1] + ((uint128_t) in1[6]) * in2[0];
+ ((uint128_t) in1[1]) * in2[5] +
+ ((uint128_t) in1[2]) * in2[4] +
+ ((uint128_t) in1[3]) * in2[3] +
+ ((uint128_t) in1[4]) * in2[2] +
+ ((uint128_t) in1[5]) * in2[1] +
+ ((uint128_t) in1[6]) * in2[0];
out[7] = ((uint128_t) in1[0]) * in2[7] +
- ((uint128_t) in1[1]) * in2[6] +
- ((uint128_t) in1[2]) * in2[5] +
- ((uint128_t) in1[3]) * in2[4] +
- ((uint128_t) in1[4]) * in2[3] +
- ((uint128_t) in1[5]) * in2[2] +
- ((uint128_t) in1[6]) * in2[1] + ((uint128_t) in1[7]) * in2[0];
+ ((uint128_t) in1[1]) * in2[6] +
+ ((uint128_t) in1[2]) * in2[5] +
+ ((uint128_t) in1[3]) * in2[4] +
+ ((uint128_t) in1[4]) * in2[3] +
+ ((uint128_t) in1[5]) * in2[2] +
+ ((uint128_t) in1[6]) * in2[1] +
+ ((uint128_t) in1[7]) * in2[0];
out[8] = ((uint128_t) in1[0]) * in2[8] +
- ((uint128_t) in1[1]) * in2[7] +
- ((uint128_t) in1[2]) * in2[6] +
- ((uint128_t) in1[3]) * in2[5] +
- ((uint128_t) in1[4]) * in2[4] +
- ((uint128_t) in1[5]) * in2[3] +
- ((uint128_t) in1[6]) * in2[2] +
- ((uint128_t) in1[7]) * in2[1] + ((uint128_t) in1[8]) * in2[0];
+ ((uint128_t) in1[1]) * in2[7] +
+ ((uint128_t) in1[2]) * in2[6] +
+ ((uint128_t) in1[3]) * in2[5] +
+ ((uint128_t) in1[4]) * in2[4] +
+ ((uint128_t) in1[5]) * in2[3] +
+ ((uint128_t) in1[6]) * in2[2] +
+ ((uint128_t) in1[7]) * in2[1] +
+ ((uint128_t) in1[8]) * in2[0];
/* See comment in felem_square about the use of in2x2 here */
out[0] += ((uint128_t) in1[1]) * in2x2[8] +
- ((uint128_t) in1[2]) * in2x2[7] +
- ((uint128_t) in1[3]) * in2x2[6] +
- ((uint128_t) in1[4]) * in2x2[5] +
- ((uint128_t) in1[5]) * in2x2[4] +
- ((uint128_t) in1[6]) * in2x2[3] +
- ((uint128_t) in1[7]) * in2x2[2] + ((uint128_t) in1[8]) * in2x2[1];
+ ((uint128_t) in1[2]) * in2x2[7] +
+ ((uint128_t) in1[3]) * in2x2[6] +
+ ((uint128_t) in1[4]) * in2x2[5] +
+ ((uint128_t) in1[5]) * in2x2[4] +
+ ((uint128_t) in1[6]) * in2x2[3] +
+ ((uint128_t) in1[7]) * in2x2[2] +
+ ((uint128_t) in1[8]) * in2x2[1];
out[1] += ((uint128_t) in1[2]) * in2x2[8] +
- ((uint128_t) in1[3]) * in2x2[7] +
- ((uint128_t) in1[4]) * in2x2[6] +
- ((uint128_t) in1[5]) * in2x2[5] +
- ((uint128_t) in1[6]) * in2x2[4] +
- ((uint128_t) in1[7]) * in2x2[3] + ((uint128_t) in1[8]) * in2x2[2];
+ ((uint128_t) in1[3]) * in2x2[7] +
+ ((uint128_t) in1[4]) * in2x2[6] +
+ ((uint128_t) in1[5]) * in2x2[5] +
+ ((uint128_t) in1[6]) * in2x2[4] +
+ ((uint128_t) in1[7]) * in2x2[3] +
+ ((uint128_t) in1[8]) * in2x2[2];
out[2] += ((uint128_t) in1[3]) * in2x2[8] +
- ((uint128_t) in1[4]) * in2x2[7] +
- ((uint128_t) in1[5]) * in2x2[6] +
- ((uint128_t) in1[6]) * in2x2[5] +
- ((uint128_t) in1[7]) * in2x2[4] + ((uint128_t) in1[8]) * in2x2[3];
+ ((uint128_t) in1[4]) * in2x2[7] +
+ ((uint128_t) in1[5]) * in2x2[6] +
+ ((uint128_t) in1[6]) * in2x2[5] +
+ ((uint128_t) in1[7]) * in2x2[4] +
+ ((uint128_t) in1[8]) * in2x2[3];
out[3] += ((uint128_t) in1[4]) * in2x2[8] +
- ((uint128_t) in1[5]) * in2x2[7] +
- ((uint128_t) in1[6]) * in2x2[6] +
- ((uint128_t) in1[7]) * in2x2[5] + ((uint128_t) in1[8]) * in2x2[4];
+ ((uint128_t) in1[5]) * in2x2[7] +
+ ((uint128_t) in1[6]) * in2x2[6] +
+ ((uint128_t) in1[7]) * in2x2[5] +
+ ((uint128_t) in1[8]) * in2x2[4];
out[4] += ((uint128_t) in1[5]) * in2x2[8] +
- ((uint128_t) in1[6]) * in2x2[7] +
- ((uint128_t) in1[7]) * in2x2[6] + ((uint128_t) in1[8]) * in2x2[5];
+ ((uint128_t) in1[6]) * in2x2[7] +
+ ((uint128_t) in1[7]) * in2x2[6] +
+ ((uint128_t) in1[8]) * in2x2[5];
out[5] += ((uint128_t) in1[6]) * in2x2[8] +
- ((uint128_t) in1[7]) * in2x2[7] + ((uint128_t) in1[8]) * in2x2[6];
+ ((uint128_t) in1[7]) * in2x2[7] +
+ ((uint128_t) in1[8]) * in2x2[6];
out[6] += ((uint128_t) in1[7]) * in2x2[8] +
- ((uint128_t) in1[8]) * in2x2[7];
+ ((uint128_t) in1[8]) * in2x2[7];
out[7] += ((uint128_t) in1[8]) * in2x2[8];
}
@@ -1335,9 +1349,10 @@ static void point_add(felem x3, felem y3, felem z3,
* Tables for other points have table[i] = iG for i in 0 .. 16. */
/* gmul is the table of precomputed base points */
-static const felem gmul[16][3] = { {{0, 0, 0, 0, 0, 0, 0, 0, 0},
- {0, 0, 0, 0, 0, 0, 0, 0, 0},
- {0, 0, 0, 0, 0, 0, 0, 0, 0}},
+static const felem gmul[16][3] = {
+{{0, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0, 0, 0}},
{{0x017e7e31c2e5bd66, 0x022cf0615a90a6fe, 0x00127a2ffa8de334,
0x01dfbf9d64a3f877, 0x006b4d3dbaa14b5e, 0x014fed487e0a2bd8,
0x015b4429c6481390, 0x03a73678fb2d988e, 0x00c6858e06b70404},
@@ -1743,8 +1758,8 @@ int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group,
EC_R_POINT_AT_INFINITY);
return 0;
}
- if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) ||
- (!BN_to_felem(z1, &point->Z)))
+ if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) ||
+ (!BN_to_felem(z1, point->Z)))
return 0;
felem_inv(z2, z1);
felem_square(tmp, z2);
@@ -1928,7 +1943,7 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
* this is an unusual input, and we don't guarantee
* constant-timeness
*/
- if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) {
+ if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) {
ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
goto err;
}
@@ -1937,9 +1952,9 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
num_bytes = BN_bn2bin(p_scalar, tmp);
flip_endian(secrets[i], tmp, num_bytes);
/* precompute multiples */
- if ((!BN_to_felem(x_out, &p->X)) ||
- (!BN_to_felem(y_out, &p->Y)) ||
- (!BN_to_felem(z_out, &p->Z)))
+ if ((!BN_to_felem(x_out, p->X)) ||
+ (!BN_to_felem(y_out, p->Y)) ||
+ (!BN_to_felem(z_out, p->Z)))
goto err;
memcpy(pre_comp[i][1][0], x_out, sizeof(felem));
memcpy(pre_comp[i][1][1], y_out, sizeof(felem));
@@ -1974,7 +1989,7 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
* this is an unusual input, and we don't guarantee
* constant-timeness
*/
- if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
+ if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
goto err;
}
@@ -2058,9 +2073,9 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
ret = 1;
goto err;
}
- if ((!BN_to_felem(pre->g_pre_comp[1][0], &group->generator->X)) ||
- (!BN_to_felem(pre->g_pre_comp[1][1], &group->generator->Y)) ||
- (!BN_to_felem(pre->g_pre_comp[1][2], &group->generator->Z)))
+ if ((!BN_to_felem(pre->g_pre_comp[1][0], group->generator->X)) ||
+ (!BN_to_felem(pre->g_pre_comp[1][1], group->generator->Y)) ||
+ (!BN_to_felem(pre->g_pre_comp[1][2], group->generator->Z)))
goto err;
/* compute 2^130*G, 2^260*G, 2^390*G */
for (i = 1; i <= 4; i <<= 1) {
More information about the openssl-commits
mailing list