[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Andy Polyakov appro at openssl.org
Sun Jul 22 13:25:10 UTC 2018


The branch OpenSSL_1_1_0-stable has been updated
       via  eff1c8a2d8c625b36e6ed33bd49ac09f37f1bf22 (commit)
       via  5c2bac9289e97b47dc1fd1603efe09d3e10ce9cb (commit)
       via  08a1d30e6051afc78780f92e80b9809ba1bdaac3 (commit)
      from  1ef7cb279ccb69f5c3adde8aa961b72c05094237 (commit)


- Log -----------------------------------------------------------------
commit eff1c8a2d8c625b36e6ed33bd49ac09f37f1bf22
Author: Andy Polyakov <appro at openssl.org>
Date:   Wed Jul 18 15:22:07 2018 +0200

    ec/ecp_nistz256.c: fix ecp_nistz256_set_from_affine.
    
    ecp_nistz256_set_from_affine is called when application attempts to use
    custom generator, i.e. rarely. Even though it was wrong, it didn't
    affect point operations, they were just not as fast as expected.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6738)
    
    (cherry picked from commit 8fc4aeb9521270ac74b29ce7f569939b0b39e685)

commit 5c2bac9289e97b47dc1fd1603efe09d3e10ce9cb
Author: Andy Polyakov <appro at openssl.org>
Date:   Wed Jul 18 15:14:44 2018 +0200

    ec/asm/ecp_nistz256-{!x86_64}.pl: fix scatter_w7 function.
    
    The ecp_nistz256_scatter_w7 function is called when application
    attempts to use custom generator, i.e. rarely. Even though non-x86_64
    versions were wrong, it didn't affect point operations, they were just
    not as fast as expected.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6738)
    
    (cherry picked from commit 87a75b3e5c04a1696208c279f32d1114b862cfed)

commit 08a1d30e6051afc78780f92e80b9809ba1bdaac3
Author: Andy Polyakov <appro at openssl.org>
Date:   Wed Jul 18 15:13:27 2018 +0200

    bn/bn_intern.c: const-ify bn_set_{static}_words.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6738)
    
    (cherry picked from commit f40e0a342cbca8bb71d0fe3f19e1b4bfd853aff1)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/bn_intern.c                 | 10 +++++++---
 crypto/ec/asm/ecp_nistz256-armv4.pl   |  8 ++++----
 crypto/ec/asm/ecp_nistz256-armv8.pl   | 16 ++++++++--------
 crypto/ec/asm/ecp_nistz256-sparcv9.pl |  8 ++++----
 crypto/ec/asm/ecp_nistz256-x86.pl     |  2 +-
 crypto/ec/ecp_nistz256.c              | 28 ++++++----------------------
 crypto/include/internal/bn_int.h      |  4 ++--
 7 files changed, 32 insertions(+), 44 deletions(-)

diff --git a/crypto/bn/bn_intern.c b/crypto/bn/bn_intern.c
index 2c97064..92f1cb7 100644
--- a/crypto/bn/bn_intern.c
+++ b/crypto/bn/bn_intern.c
@@ -177,16 +177,20 @@ BN_ULONG *bn_get_words(const BIGNUM *a)
     return a->d;
 }
 
-void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size)
+void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size)
 {
-    a->d = words;
+    /*
+     * |const| qualifier omission is compensated by BN_FLG_STATIC_DATA
+     * flag, which effectively means "read-only data".
+     */
+    a->d = (BN_ULONG *)words;
     a->dmax = a->top = size;
     a->neg = 0;
     a->flags |= BN_FLG_STATIC_DATA;
     bn_correct_top(a);
 }
 
-int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words)
+int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words)
 {
     if (bn_wexpand(a, num_words) == NULL) {
         BNerr(BN_F_BN_SET_WORDS, ERR_R_MALLOC_FAILURE);
diff --git a/crypto/ec/asm/ecp_nistz256-armv4.pl b/crypto/ec/asm/ecp_nistz256-armv4.pl
index 39d4cb9..4b58135 100755
--- a/crypto/ec/asm/ecp_nistz256-armv4.pl
+++ b/crypto/ec/asm/ecp_nistz256-armv4.pl
@@ -894,13 +894,13 @@ ecp_nistz256_scatter_w7:
 .Loop_scatter_w7:
 	ldr	$mask,[$inp],#4
 	subs	$index,$index,#1
-	strb	$mask,[$out,#64*0-1]
+	strb	$mask,[$out,#64*0]
 	mov	$mask,$mask,lsr#8
-	strb	$mask,[$out,#64*1-1]
+	strb	$mask,[$out,#64*1]
 	mov	$mask,$mask,lsr#8
-	strb	$mask,[$out,#64*2-1]
+	strb	$mask,[$out,#64*2]
 	mov	$mask,$mask,lsr#8
-	strb	$mask,[$out,#64*3-1]
+	strb	$mask,[$out,#64*3]
 	add	$out,$out,#64*4
 	bne	.Loop_scatter_w7
 
diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/ec/asm/ecp_nistz256-armv8.pl
index cdc9161..a726cc3 100644
--- a/crypto/ec/asm/ecp_nistz256-armv8.pl
+++ b/crypto/ec/asm/ecp_nistz256-armv8.pl
@@ -1477,21 +1477,21 @@ ecp_nistz256_scatter_w7:
 	prfm	pstl1strm,[$out,#4096+64*5]
 	prfm	pstl1strm,[$out,#4096+64*6]
 	prfm	pstl1strm,[$out,#4096+64*7]
-	strb	w3,[$out,#64*0-1]
+	strb	w3,[$out,#64*0]
 	lsr	x3,x3,#8
-	strb	w3,[$out,#64*1-1]
+	strb	w3,[$out,#64*1]
 	lsr	x3,x3,#8
-	strb	w3,[$out,#64*2-1]
+	strb	w3,[$out,#64*2]
 	lsr	x3,x3,#8
-	strb	w3,[$out,#64*3-1]
+	strb	w3,[$out,#64*3]
 	lsr	x3,x3,#8
-	strb	w3,[$out,#64*4-1]
+	strb	w3,[$out,#64*4]
 	lsr	x3,x3,#8
-	strb	w3,[$out,#64*5-1]
+	strb	w3,[$out,#64*5]
 	lsr	x3,x3,#8
-	strb	w3,[$out,#64*6-1]
+	strb	w3,[$out,#64*6]
 	lsr	x3,x3,#8
-	strb	w3,[$out,#64*7-1]
+	strb	w3,[$out,#64*7]
 	add	$out,$out,#64*8
 	b.ne	.Loop_scatter_w7
 
diff --git a/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/crypto/ec/asm/ecp_nistz256-sparcv9.pl
index 97201cb..8bad859 100755
--- a/crypto/ec/asm/ecp_nistz256-sparcv9.pl
+++ b/crypto/ec/asm/ecp_nistz256-sparcv9.pl
@@ -1531,13 +1531,13 @@ ecp_nistz256_scatter_w7:
 	ld	[$inp],%l0
 	add	$inp,4,$inp
 	subcc	$index,1,$index
-	stb	%l0,[$out+64*0-1]
+	stb	%l0,[$out+64*0]
 	srl	%l0,8,%l1
-	stb	%l1,[$out+64*1-1]
+	stb	%l1,[$out+64*1]
 	srl	%l0,16,%l2
-	stb	%l2,[$out+64*2-1]
+	stb	%l2,[$out+64*2]
 	srl	%l0,24,%l3
-	stb	%l3,[$out+64*3-1]
+	stb	%l3,[$out+64*3]
 	bne	.Loop_scatter_w7
 	add	$out,64*4,$out
 
diff --git a/crypto/ec/asm/ecp_nistz256-x86.pl b/crypto/ec/asm/ecp_nistz256-x86.pl
index 1d9e006..4fa27fc 100755
--- a/crypto/ec/asm/ecp_nistz256-x86.pl
+++ b/crypto/ec/asm/ecp_nistz256-x86.pl
@@ -1179,7 +1179,7 @@ for ($i=0;$i<7;$i++) {
 	&mov	("esi",&wparam(1));
 	&mov	("ebp",&wparam(2));
 
-	&lea	("edi",&DWP(-1,"edi","ebp"));
+	&lea	("edi",&DWP(0,"edi","ebp"));
 	&mov	("ebp",64/4);
 &set_label("scatter_w7_loop");
 	&mov	("eax",&DWP(0,"esi"));
diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c
index 153f390..0dbcfc2 100644
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
@@ -1110,28 +1110,12 @@ __owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *gr
                                                const P256_POINT_AFFINE *in,
                                                BN_CTX *ctx)
 {
-    BIGNUM *x, *y;
-    BN_ULONG d_x[P256_LIMBS], d_y[P256_LIMBS];
     int ret = 0;
 
-    x = BN_new();
-    if (x == NULL)
-        return 0;
-    y = BN_new();
-    if (y == NULL) {
-        BN_free(x);
-        return 0;
-    }
-    memcpy(d_x, in->X, sizeof(d_x));
-    bn_set_static_words(x, d_x, P256_LIMBS);
-
-    memcpy(d_y, in->Y, sizeof(d_y));
-    bn_set_static_words(y, d_y, P256_LIMBS);
-
-    ret = EC_POINT_set_affine_coordinates_GFp(group, out, x, y, ctx);
-
-    BN_free(x);
-    BN_free(y);
+    if ((ret = bn_set_words(out->X, in->X, P256_LIMBS))
+        && (ret = bn_set_words(out->Y, in->Y, P256_LIMBS))
+        && (ret = bn_set_words(out->Z, ONE, P256_LIMBS)))
+        out->Z_is_one = 1;
 
     return ret;
 }
@@ -1210,9 +1194,9 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group,
             if (pre_comp_generator == NULL)
                 goto err;
 
+            ecp_nistz256_gather_w7(&p.a, pre_comp->precomp[0], 1);
             if (!ecp_nistz256_set_from_affine(pre_comp_generator,
-                                              group, pre_comp->precomp[0],
-                                              ctx)) {
+                                              group, &p.a, ctx)) {
                 EC_POINT_free(pre_comp_generator);
                 goto err;
             }
diff --git a/crypto/include/internal/bn_int.h b/crypto/include/internal/bn_int.h
index 9c984ba..4e0c9a4 100644
--- a/crypto/include/internal/bn_int.h
+++ b/crypto/include/internal/bn_int.h
@@ -53,7 +53,7 @@ BN_ULONG *bn_get_words(const BIGNUM *a);
  * Set the internal data words in a to point to words which contains size
  * elements. The BN_FLG_STATIC_DATA flag is set
  */
-void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size);
+void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size);
 
 /*
  * Copy words into the BIGNUM |a|, reallocating space as necessary.
@@ -64,7 +64,7 @@ void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size);
  * |num_words| is int because bn_expand2 takes an int. This is an internal
  * function so we simply trust callers not to pass negative values.
  */
-int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words);
+int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words);
 
 size_t bn_sizeof_BIGNUM(void);
 


More information about the openssl-commits mailing list