[openssl-commits] [openssl] master update
Andy Polyakov
appro at openssl.org
Sun Jul 22 13:22:36 UTC 2018
The branch master has been updated
via 8fc4aeb9521270ac74b29ce7f569939b0b39e685 (commit)
via 87a75b3e5c04a1696208c279f32d1114b862cfed (commit)
via f40e0a342cbca8bb71d0fe3f19e1b4bfd853aff1 (commit)
from 708c28f2f0598af6bccbeb60fb46086784aed7da (commit)
- Log -----------------------------------------------------------------
commit 8fc4aeb9521270ac74b29ce7f569939b0b39e685
Author: Andy Polyakov <appro at openssl.org>
Date: Wed Jul 18 15:22:07 2018 +0200
ec/ecp_nistz256.c: fix ecp_nistz256_set_from_affine.
ecp_nistz256_set_from_affine is called when application attempts to use
custom generator, i.e. rarely. Even though it was wrong, it didn't
affect point operations, they were just not as fast as expected.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6738)
commit 87a75b3e5c04a1696208c279f32d1114b862cfed
Author: Andy Polyakov <appro at openssl.org>
Date: Wed Jul 18 15:14:44 2018 +0200
ec/asm/ecp_nistz256-{!x86_64}.pl: fix scatter_w7 function.
The ecp_nistz256_scatter_w7 function is called when application
attempts to use custom generator, i.e. rarely. Even though non-x86_64
versions were wrong, it didn't affect point operations, they were just
not as fast as expected.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6738)
commit f40e0a342cbca8bb71d0fe3f19e1b4bfd853aff1
Author: Andy Polyakov <appro at openssl.org>
Date: Wed Jul 18 15:13:27 2018 +0200
bn/bn_intern.c: const-ify bn_set_{static}_words.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6738)
-----------------------------------------------------------------------
Summary of changes:
crypto/bn/bn_intern.c | 10 +++++++---
crypto/ec/asm/ecp_nistz256-armv4.pl | 8 ++++----
crypto/ec/asm/ecp_nistz256-armv8.pl | 16 ++++++++--------
crypto/ec/asm/ecp_nistz256-ppc64.pl | 16 ++++++++--------
crypto/ec/asm/ecp_nistz256-sparcv9.pl | 8 ++++----
crypto/ec/asm/ecp_nistz256-x86.pl | 2 +-
crypto/ec/ecp_nistz256.c | 28 ++++++----------------------
crypto/include/internal/bn_int.h | 4 ++--
8 files changed, 40 insertions(+), 52 deletions(-)
diff --git a/crypto/bn/bn_intern.c b/crypto/bn/bn_intern.c
index 2524eb2..faebdc8 100644
--- a/crypto/bn/bn_intern.c
+++ b/crypto/bn/bn_intern.c
@@ -172,16 +172,20 @@ BN_ULONG *bn_get_words(const BIGNUM *a)
return a->d;
}
-void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size)
+void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size)
{
- a->d = words;
+ /*
+ * |const| qualifier omission is compensated by BN_FLG_STATIC_DATA
+ * flag, which effectively means "read-only data".
+ */
+ a->d = (BN_ULONG *)words;
a->dmax = a->top = size;
a->neg = 0;
a->flags |= BN_FLG_STATIC_DATA;
bn_correct_top(a);
}
-int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words)
+int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words)
{
if (bn_wexpand(a, num_words) == NULL) {
BNerr(BN_F_BN_SET_WORDS, ERR_R_MALLOC_FAILURE);
diff --git a/crypto/ec/asm/ecp_nistz256-armv4.pl b/crypto/ec/asm/ecp_nistz256-armv4.pl
index 84dcb6e..83abbdd 100755
--- a/crypto/ec/asm/ecp_nistz256-armv4.pl
+++ b/crypto/ec/asm/ecp_nistz256-armv4.pl
@@ -894,13 +894,13 @@ ecp_nistz256_scatter_w7:
.Loop_scatter_w7:
ldr $mask,[$inp],#4
subs $index,$index,#1
- strb $mask,[$out,#64*0-1]
+ strb $mask,[$out,#64*0]
mov $mask,$mask,lsr#8
- strb $mask,[$out,#64*1-1]
+ strb $mask,[$out,#64*1]
mov $mask,$mask,lsr#8
- strb $mask,[$out,#64*2-1]
+ strb $mask,[$out,#64*2]
mov $mask,$mask,lsr#8
- strb $mask,[$out,#64*3-1]
+ strb $mask,[$out,#64*3]
add $out,$out,#64*4
bne .Loop_scatter_w7
diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/ec/asm/ecp_nistz256-armv8.pl
index 2705d7c..1361cb3 100644
--- a/crypto/ec/asm/ecp_nistz256-armv8.pl
+++ b/crypto/ec/asm/ecp_nistz256-armv8.pl
@@ -1776,21 +1776,21 @@ ecp_nistz256_scatter_w7:
prfm pstl1strm,[$out,#4096+64*5]
prfm pstl1strm,[$out,#4096+64*6]
prfm pstl1strm,[$out,#4096+64*7]
- strb w3,[$out,#64*0-1]
+ strb w3,[$out,#64*0]
lsr x3,x3,#8
- strb w3,[$out,#64*1-1]
+ strb w3,[$out,#64*1]
lsr x3,x3,#8
- strb w3,[$out,#64*2-1]
+ strb w3,[$out,#64*2]
lsr x3,x3,#8
- strb w3,[$out,#64*3-1]
+ strb w3,[$out,#64*3]
lsr x3,x3,#8
- strb w3,[$out,#64*4-1]
+ strb w3,[$out,#64*4]
lsr x3,x3,#8
- strb w3,[$out,#64*5-1]
+ strb w3,[$out,#64*5]
lsr x3,x3,#8
- strb w3,[$out,#64*6-1]
+ strb w3,[$out,#64*6]
lsr x3,x3,#8
- strb w3,[$out,#64*7-1]
+ strb w3,[$out,#64*7]
add $out,$out,#64*8
b.ne .Loop_scatter_w7
diff --git a/crypto/ec/asm/ecp_nistz256-ppc64.pl b/crypto/ec/asm/ecp_nistz256-ppc64.pl
index 0c3c186..116792f 100755
--- a/crypto/ec/asm/ecp_nistz256-ppc64.pl
+++ b/crypto/ec/asm/ecp_nistz256-ppc64.pl
@@ -2297,21 +2297,21 @@ ecp_nistz256_scatter_w7:
.Loop_scatter_w7:
ldu r0,8($inp)
- stb r0,64*0-1($out)
+ stb r0,64*0($out)
srdi r0,r0,8
- stb r0,64*1-1($out)
+ stb r0,64*1($out)
srdi r0,r0,8
- stb r0,64*2-1($out)
+ stb r0,64*2($out)
srdi r0,r0,8
- stb r0,64*3-1($out)
+ stb r0,64*3($out)
srdi r0,r0,8
- stb r0,64*4-1($out)
+ stb r0,64*4($out)
srdi r0,r0,8
- stb r0,64*5-1($out)
+ stb r0,64*5($out)
srdi r0,r0,8
- stb r0,64*6-1($out)
+ stb r0,64*6($out)
srdi r0,r0,8
- stb r0,64*7-1($out)
+ stb r0,64*7($out)
addi $out,$out,64*8
bdnz .Loop_scatter_w7
diff --git a/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/crypto/ec/asm/ecp_nistz256-sparcv9.pl
index 9af1fae..59df0f7 100755
--- a/crypto/ec/asm/ecp_nistz256-sparcv9.pl
+++ b/crypto/ec/asm/ecp_nistz256-sparcv9.pl
@@ -1531,13 +1531,13 @@ ecp_nistz256_scatter_w7:
ld [$inp],%l0
add $inp,4,$inp
subcc $index,1,$index
- stb %l0,[$out+64*0-1]
+ stb %l0,[$out+64*0]
srl %l0,8,%l1
- stb %l1,[$out+64*1-1]
+ stb %l1,[$out+64*1]
srl %l0,16,%l2
- stb %l2,[$out+64*2-1]
+ stb %l2,[$out+64*2]
srl %l0,24,%l3
- stb %l3,[$out+64*3-1]
+ stb %l3,[$out+64*3]
bne .Loop_scatter_w7
add $out,64*4,$out
diff --git a/crypto/ec/asm/ecp_nistz256-x86.pl b/crypto/ec/asm/ecp_nistz256-x86.pl
index a89a9f9..8fdd76b 100755
--- a/crypto/ec/asm/ecp_nistz256-x86.pl
+++ b/crypto/ec/asm/ecp_nistz256-x86.pl
@@ -1179,7 +1179,7 @@ for ($i=0;$i<7;$i++) {
&mov ("esi",&wparam(1));
&mov ("ebp",&wparam(2));
- &lea ("edi",&DWP(-1,"edi","ebp"));
+ &lea ("edi",&DWP(0,"edi","ebp"));
&mov ("ebp",64/4);
&set_label("scatter_w7_loop");
&mov ("eax",&DWP(0,"esi"));
diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c
index 4b5fc62..54c9ed2 100644
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
@@ -1104,28 +1104,12 @@ __owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *gr
const P256_POINT_AFFINE *in,
BN_CTX *ctx)
{
- BIGNUM *x, *y;
- BN_ULONG d_x[P256_LIMBS], d_y[P256_LIMBS];
int ret = 0;
- x = BN_new();
- if (x == NULL)
- return 0;
- y = BN_new();
- if (y == NULL) {
- BN_free(x);
- return 0;
- }
- memcpy(d_x, in->X, sizeof(d_x));
- bn_set_static_words(x, d_x, P256_LIMBS);
-
- memcpy(d_y, in->Y, sizeof(d_y));
- bn_set_static_words(y, d_y, P256_LIMBS);
-
- ret = EC_POINT_set_affine_coordinates_GFp(group, out, x, y, ctx);
-
- BN_free(x);
- BN_free(y);
+ if ((ret = bn_set_words(out->X, in->X, P256_LIMBS))
+ && (ret = bn_set_words(out->Y, in->Y, P256_LIMBS))
+ && (ret = bn_set_words(out->Z, ONE, P256_LIMBS)))
+ out->Z_is_one = 1;
return ret;
}
@@ -1181,9 +1165,9 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group,
if (pre_comp_generator == NULL)
goto err;
+ ecp_nistz256_gather_w7(&p.a, pre_comp->precomp[0], 1);
if (!ecp_nistz256_set_from_affine(pre_comp_generator,
- group, pre_comp->precomp[0],
- ctx)) {
+ group, &p.a, ctx)) {
EC_POINT_free(pre_comp_generator);
goto err;
}
diff --git a/crypto/include/internal/bn_int.h b/crypto/include/internal/bn_int.h
index f7d37d5..f592912 100644
--- a/crypto/include/internal/bn_int.h
+++ b/crypto/include/internal/bn_int.h
@@ -47,7 +47,7 @@ BN_ULONG *bn_get_words(const BIGNUM *a);
* Set the internal data words in a to point to words which contains size
* elements. The BN_FLG_STATIC_DATA flag is set
*/
-void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size);
+void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size);
/*
* Copy words into the BIGNUM |a|, reallocating space as necessary.
@@ -58,7 +58,7 @@ void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size);
* |num_words| is int because bn_expand2 takes an int. This is an internal
* function so we simply trust callers not to pass negative values.
*/
-int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words);
+int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words);
/*
* Some BIGNUM functions assume most significant limb to be non-zero, which
More information about the openssl-commits
mailing list