[openssl-commits] [openssl] master update

Andy Polyakov appro at openssl.org
Sun Jul 22 13:22:36 UTC 2018 

The branch master has been updated
       via  8fc4aeb9521270ac74b29ce7f569939b0b39e685 (commit)
       via  87a75b3e5c04a1696208c279f32d1114b862cfed (commit)
       via  f40e0a342cbca8bb71d0fe3f19e1b4bfd853aff1 (commit)
      from  708c28f2f0598af6bccbeb60fb46086784aed7da (commit)


- Log -----------------------------------------------------------------
commit 8fc4aeb9521270ac74b29ce7f569939b0b39e685
Author: Andy Polyakov <appro at openssl.org>
Date:   Wed Jul 18 15:22:07 2018 +0200

    ec/ecp_nistz256.c: fix ecp_nistz256_set_from_affine.
    
    ecp_nistz256_set_from_affine is called when application attempts to use
    custom generator, i.e. rarely. Even though it was wrong, it didn't
    affect point operations, they were just not as fast as expected.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6738)

commit 87a75b3e5c04a1696208c279f32d1114b862cfed
Author: Andy Polyakov <appro at openssl.org>
Date:   Wed Jul 18 15:14:44 2018 +0200

    ec/asm/ecp_nistz256-{!x86_64}.pl: fix scatter_w7 function.
    
    The ecp_nistz256_scatter_w7 function is called when application
    attempts to use custom generator, i.e. rarely. Even though non-x86_64
    versions were wrong, it didn't affect point operations, they were just
    not as fast as expected.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6738)

commit f40e0a342cbca8bb71d0fe3f19e1b4bfd853aff1
Author: Andy Polyakov <appro at openssl.org>
Date:   Wed Jul 18 15:13:27 2018 +0200

    bn/bn_intern.c: const-ify bn_set_{static}_words.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6738)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/bn_intern.c                 | 10 +++++++---
 crypto/ec/asm/ecp_nistz256-armv4.pl   |  8 ++++----
 crypto/ec/asm/ecp_nistz256-armv8.pl   | 16 ++++++++--------
 crypto/ec/asm/ecp_nistz256-ppc64.pl   | 16 ++++++++--------
 crypto/ec/asm/ecp_nistz256-sparcv9.pl |  8 ++++----
 crypto/ec/asm/ecp_nistz256-x86.pl     |  2 +-
 crypto/ec/ecp_nistz256.c              | 28 ++++++----------------------
 crypto/include/internal/bn_int.h      |  4 ++--
 8 files changed, 40 insertions(+), 52 deletions(-)

diff --git a/crypto/bn/bn_intern.c b/crypto/bn/bn_intern.c
index 2524eb2..faebdc8 100644
--- a/crypto/bn/bn_intern.c
+++ b/crypto/bn/bn_intern.c
@@ -172,16 +172,20 @@ BN_ULONG *bn_get_words(const BIGNUM *a)
     return a->d;
 }
 
-void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size)
+void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size)
 {
-    a->d = words;
+    /*
+     * |const| qualifier omission is compensated by BN_FLG_STATIC_DATA
+     * flag, which effectively means "read-only data".
+     */
+    a->d = (BN_ULONG *)words;
     a->dmax = a->top = size;
     a->neg = 0;
     a->flags |= BN_FLG_STATIC_DATA;
     bn_correct_top(a);
 }
 
-int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words)
+int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words)
 {
     if (bn_wexpand(a, num_words) == NULL) {
         BNerr(BN_F_BN_SET_WORDS, ERR_R_MALLOC_FAILURE);
diff --git a/crypto/ec/asm/ecp_nistz256-armv4.pl b/crypto/ec/asm/ecp_nistz256-armv4.pl
index 84dcb6e..83abbdd 100755
--- a/crypto/ec/asm/ecp_nistz256-armv4.pl
+++ b/crypto/ec/asm/ecp_nistz256-armv4.pl
@@ -894,13 +894,13 @@ ecp_nistz256_scatter_w7:
 .Loop_scatter_w7:
 	ldr	$mask,[$inp],#4
 	subs	$index,$index,#1
-	strb	$mask,[$out,#64*0-1]
+	strb	$mask,[$out,#64*0]
 	mov	$mask,$mask,lsr#8
-	strb	$mask,[$out,#64*1-1]
+	strb	$mask,[$out,#64*1]
 	mov	$mask,$mask,lsr#8
-	strb	$mask,[$out,#64*2-1]
+	strb	$mask,[$out,#64*2]
 	mov	$mask,$mask,lsr#8
-	strb	$mask,[$out,#64*3-1]
+	strb	$mask,[$out,#64*3]
 	add	$out,$out,#64*4
 	bne	.Loop_scatter_w7
 
diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/ec/asm/ecp_nistz256-armv8.pl
index 2705d7c..1361cb3 100644
--- a/crypto/ec/asm/ecp_nistz256-armv8.pl
+++ b/crypto/ec/asm/ecp_nistz256-armv8.pl
@@ -1776,21 +1776,21 @@ ecp_nistz256_scatter_w7:
 	prfm	pstl1strm,[$out,#4096+64*5]
 	prfm	pstl1strm,[$out,#4096+64*6]
 	prfm	pstl1strm,[$out,#4096+64*7]
-	strb	w3,[$out,#64*0-1]
+	strb	w3,[$out,#64*0]
 	lsr	x3,x3,#8
-	strb	w3,[$out,#64*1-1]
+	strb	w3,[$out,#64*1]
 	lsr	x3,x3,#8
-	strb	w3,[$out,#64*2-1]
+	strb	w3,[$out,#64*2]
 	lsr	x3,x3,#8
-	strb	w3,[$out,#64*3-1]
+	strb	w3,[$out,#64*3]
 	lsr	x3,x3,#8
-	strb	w3,[$out,#64*4-1]
+	strb	w3,[$out,#64*4]
 	lsr	x3,x3,#8
-	strb	w3,[$out,#64*5-1]
+	strb	w3,[$out,#64*5]
 	lsr	x3,x3,#8
-	strb	w3,[$out,#64*6-1]
+	strb	w3,[$out,#64*6]
 	lsr	x3,x3,#8
-	strb	w3,[$out,#64*7-1]
+	strb	w3,[$out,#64*7]
 	add	$out,$out,#64*8
 	b.ne	.Loop_scatter_w7
 
diff --git a/crypto/ec/asm/ecp_nistz256-ppc64.pl b/crypto/ec/asm/ecp_nistz256-ppc64.pl
index 0c3c186..116792f 100755
--- a/crypto/ec/asm/ecp_nistz256-ppc64.pl
+++ b/crypto/ec/asm/ecp_nistz256-ppc64.pl
@@ -2297,21 +2297,21 @@ ecp_nistz256_scatter_w7:
 
 .Loop_scatter_w7:
 	ldu	r0,8($inp)
-	stb	r0,64*0-1($out)
+	stb	r0,64*0($out)
 	srdi	r0,r0,8
-	stb	r0,64*1-1($out)
+	stb	r0,64*1($out)
 	srdi	r0,r0,8
-	stb	r0,64*2-1($out)
+	stb	r0,64*2($out)
 	srdi	r0,r0,8
-	stb	r0,64*3-1($out)
+	stb	r0,64*3($out)
 	srdi	r0,r0,8
-	stb	r0,64*4-1($out)
+	stb	r0,64*4($out)
 	srdi	r0,r0,8
-	stb	r0,64*5-1($out)
+	stb	r0,64*5($out)
 	srdi	r0,r0,8
-	stb	r0,64*6-1($out)
+	stb	r0,64*6($out)
 	srdi	r0,r0,8
-	stb	r0,64*7-1($out)
+	stb	r0,64*7($out)
 	addi	$out,$out,64*8
 	bdnz	.Loop_scatter_w7
 
diff --git a/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/crypto/ec/asm/ecp_nistz256-sparcv9.pl
index 9af1fae..59df0f7 100755
--- a/crypto/ec/asm/ecp_nistz256-sparcv9.pl
+++ b/crypto/ec/asm/ecp_nistz256-sparcv9.pl
@@ -1531,13 +1531,13 @@ ecp_nistz256_scatter_w7:
 	ld	[$inp],%l0
 	add	$inp,4,$inp
 	subcc	$index,1,$index
-	stb	%l0,[$out+64*0-1]
+	stb	%l0,[$out+64*0]
 	srl	%l0,8,%l1
-	stb	%l1,[$out+64*1-1]
+	stb	%l1,[$out+64*1]
 	srl	%l0,16,%l2
-	stb	%l2,[$out+64*2-1]
+	stb	%l2,[$out+64*2]
 	srl	%l0,24,%l3
-	stb	%l3,[$out+64*3-1]
+	stb	%l3,[$out+64*3]
 	bne	.Loop_scatter_w7
 	add	$out,64*4,$out
 
diff --git a/crypto/ec/asm/ecp_nistz256-x86.pl b/crypto/ec/asm/ecp_nistz256-x86.pl
index a89a9f9..8fdd76b 100755
--- a/crypto/ec/asm/ecp_nistz256-x86.pl
+++ b/crypto/ec/asm/ecp_nistz256-x86.pl
@@ -1179,7 +1179,7 @@ for ($i=0;$i<7;$i++) {
 	&mov	("esi",&wparam(1));
 	&mov	("ebp",&wparam(2));
 
-	&lea	("edi",&DWP(-1,"edi","ebp"));
+	&lea	("edi",&DWP(0,"edi","ebp"));
 	&mov	("ebp",64/4);
 &set_label("scatter_w7_loop");
 	&mov	("eax",&DWP(0,"esi"));
diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c
index 4b5fc62..54c9ed2 100644
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
@@ -1104,28 +1104,12 @@ __owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *gr
                                                const P256_POINT_AFFINE *in,
                                                BN_CTX *ctx)
 {
-    BIGNUM *x, *y;
-    BN_ULONG d_x[P256_LIMBS], d_y[P256_LIMBS];
     int ret = 0;
 
-    x = BN_new();
-    if (x == NULL)
-        return 0;
-    y = BN_new();
-    if (y == NULL) {
-        BN_free(x);
-        return 0;
-    }
-    memcpy(d_x, in->X, sizeof(d_x));
-    bn_set_static_words(x, d_x, P256_LIMBS);
-
-    memcpy(d_y, in->Y, sizeof(d_y));
-    bn_set_static_words(y, d_y, P256_LIMBS);
-
-    ret = EC_POINT_set_affine_coordinates_GFp(group, out, x, y, ctx);
-
-    BN_free(x);
-    BN_free(y);
+    if ((ret = bn_set_words(out->X, in->X, P256_LIMBS))
+        && (ret = bn_set_words(out->Y, in->Y, P256_LIMBS))
+        && (ret = bn_set_words(out->Z, ONE, P256_LIMBS)))
+        out->Z_is_one = 1;
 
     return ret;
 }
@@ -1181,9 +1165,9 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group,
             if (pre_comp_generator == NULL)
                 goto err;
 
+            ecp_nistz256_gather_w7(&p.a, pre_comp->precomp[0], 1);
             if (!ecp_nistz256_set_from_affine(pre_comp_generator,
-                                              group, pre_comp->precomp[0],
-                                              ctx)) {
+                                              group, &p.a, ctx)) {
                 EC_POINT_free(pre_comp_generator);
                 goto err;
             }
diff --git a/crypto/include/internal/bn_int.h b/crypto/include/internal/bn_int.h
index f7d37d5..f592912 100644
--- a/crypto/include/internal/bn_int.h
+++ b/crypto/include/internal/bn_int.h
@@ -47,7 +47,7 @@ BN_ULONG *bn_get_words(const BIGNUM *a);
  * Set the internal data words in a to point to words which contains size
  * elements. The BN_FLG_STATIC_DATA flag is set
  */
-void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size);
+void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size);
 
 /*
  * Copy words into the BIGNUM |a|, reallocating space as necessary.
@@ -58,7 +58,7 @@ void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size);
  * |num_words| is int because bn_expand2 takes an int. This is an internal
  * function so we simply trust callers not to pass negative values.
  */
-int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words);
+int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words);
 
 /*
  * Some BIGNUM functions assume most significant limb to be non-zero, which

More information about the openssl-commits mailing list