Loading crypto/ec/ecp_nistp224.c +10 −10 Original line number Diff line number Diff line Loading @@ -1343,8 +1343,8 @@ int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group, EC_R_POINT_AT_INFINITY); return 0; } if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) || (!BN_to_felem(z1, &point->Z))) if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) || (!BN_to_felem(z1, point->Z))) return 0; felem_inv(z2, z1); felem_square(tmp, z2); Loading Loading @@ -1525,7 +1525,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, * this is an unusual input, and we don't guarantee * constant-timeness */ if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) { ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); goto err; } Loading @@ -1534,9 +1534,9 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, num_bytes = BN_bn2bin(p_scalar, tmp); flip_endian(secrets[i], tmp, num_bytes); /* precompute multiples */ if ((!BN_to_felem(x_out, &p->X)) || (!BN_to_felem(y_out, &p->Y)) || (!BN_to_felem(z_out, &p->Z))) if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || (!BN_to_felem(z_out, p->Z))) goto err; felem_assign(pre_comp[i][1][0], x_out); felem_assign(pre_comp[i][1][1], y_out); Loading Loading @@ -1571,7 +1571,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, * this is an unusual input, and we don't guarantee * constant-timeness */ if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) { if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) { ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); goto err; } Loading Loading @@ -1654,9 +1654,9 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx) ret = 1; goto err; } if ((!BN_to_felem(pre->g_pre_comp[0][1][0], &group->generator->X)) || (!BN_to_felem(pre->g_pre_comp[0][1][1], &group->generator->Y)) || (!BN_to_felem(pre->g_pre_comp[0][1][2], &group->generator->Z))) if ((!BN_to_felem(pre->g_pre_comp[0][1][0], group->generator->X)) || (!BN_to_felem(pre->g_pre_comp[0][1][1], group->generator->Y)) || (!BN_to_felem(pre->g_pre_comp[0][1][2], group->generator->Z))) goto err; /* * compute 2^56*G, 2^112*G, 2^168*G for the first table, 2^28*G, 2^84*G, Loading crypto/ec/ecp_nistp256.c +10 −10 Original line number Diff line number Diff line Loading @@ -1930,8 +1930,8 @@ int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, EC_R_POINT_AT_INFINITY); return 0; } if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) || (!BN_to_felem(z1, &point->Z))) if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) || (!BN_to_felem(z1, point->Z))) return 0; felem_inv(z2, z1); felem_square(tmp, z2); Loading Loading @@ -2114,7 +2114,7 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, * this is an unusual input, and we don't guarantee * constant-timeness */ if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) { ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); goto err; } Loading @@ -2123,9 +2123,9 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, num_bytes = BN_bn2bin(p_scalar, tmp); flip_endian(secrets[i], tmp, num_bytes); /* precompute multiples */ if ((!BN_to_felem(x_out, &p->X)) || (!BN_to_felem(y_out, &p->Y)) || (!BN_to_felem(z_out, &p->Z))) if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || (!BN_to_felem(z_out, p->Z))) goto err; felem_shrink(pre_comp[i][1][0], x_out); felem_shrink(pre_comp[i][1][1], y_out); Loading Loading @@ -2162,7 +2162,7 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, * this is an unusual input, and we don't guarantee * constant-timeness */ if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) { if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) { ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); goto err; } Loading Loading @@ -2246,9 +2246,9 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx) ret = 1; goto err; } if ((!BN_to_felem(x_tmp, &group->generator->X)) || (!BN_to_felem(y_tmp, &group->generator->Y)) || (!BN_to_felem(z_tmp, &group->generator->Z))) if ((!BN_to_felem(x_tmp, group->generator->X)) || (!BN_to_felem(y_tmp, group->generator->Y)) || (!BN_to_felem(z_tmp, group->generator->Z))) goto err; felem_shrink(pre->g_pre_comp[0][1][0], x_tmp); felem_shrink(pre->g_pre_comp[0][1][1], y_tmp); Loading crypto/ec/ecp_nistp521.c +10 −10 Original line number Diff line number Diff line Loading @@ -1743,8 +1743,8 @@ int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group, EC_R_POINT_AT_INFINITY); return 0; } if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) || (!BN_to_felem(z1, &point->Z))) if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) || (!BN_to_felem(z1, point->Z))) return 0; felem_inv(z2, z1); felem_square(tmp, z2); Loading Loading @@ -1928,7 +1928,7 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, * this is an unusual input, and we don't guarantee * constant-timeness */ if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) { ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); goto err; } Loading @@ -1937,9 +1937,9 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, num_bytes = BN_bn2bin(p_scalar, tmp); flip_endian(secrets[i], tmp, num_bytes); /* precompute multiples */ if ((!BN_to_felem(x_out, &p->X)) || (!BN_to_felem(y_out, &p->Y)) || (!BN_to_felem(z_out, &p->Z))) if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || (!BN_to_felem(z_out, p->Z))) goto err; memcpy(pre_comp[i][1][0], x_out, sizeof(felem)); memcpy(pre_comp[i][1][1], y_out, sizeof(felem)); Loading Loading @@ -1974,7 +1974,7 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, * this is an unusual input, and we don't guarantee * constant-timeness */ if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) { if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) { ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); goto err; } Loading Loading @@ -2058,9 +2058,9 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx) ret = 1; goto err; } if ((!BN_to_felem(pre->g_pre_comp[1][0], &group->generator->X)) || (!BN_to_felem(pre->g_pre_comp[1][1], &group->generator->Y)) || (!BN_to_felem(pre->g_pre_comp[1][2], &group->generator->Z))) if ((!BN_to_felem(pre->g_pre_comp[1][0], group->generator->X)) || (!BN_to_felem(pre->g_pre_comp[1][1], group->generator->Y)) || (!BN_to_felem(pre->g_pre_comp[1][2], group->generator->Z))) goto err; /* compute 2^130*G, 2^260*G, 2^390*G */ for (i = 1; i <= 4; i <<= 1) { Loading Loading
crypto/ec/ecp_nistp224.c +10 −10 Original line number Diff line number Diff line Loading @@ -1343,8 +1343,8 @@ int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group, EC_R_POINT_AT_INFINITY); return 0; } if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) || (!BN_to_felem(z1, &point->Z))) if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) || (!BN_to_felem(z1, point->Z))) return 0; felem_inv(z2, z1); felem_square(tmp, z2); Loading Loading @@ -1525,7 +1525,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, * this is an unusual input, and we don't guarantee * constant-timeness */ if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) { ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); goto err; } Loading @@ -1534,9 +1534,9 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, num_bytes = BN_bn2bin(p_scalar, tmp); flip_endian(secrets[i], tmp, num_bytes); /* precompute multiples */ if ((!BN_to_felem(x_out, &p->X)) || (!BN_to_felem(y_out, &p->Y)) || (!BN_to_felem(z_out, &p->Z))) if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || (!BN_to_felem(z_out, p->Z))) goto err; felem_assign(pre_comp[i][1][0], x_out); felem_assign(pre_comp[i][1][1], y_out); Loading Loading @@ -1571,7 +1571,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, * this is an unusual input, and we don't guarantee * constant-timeness */ if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) { if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) { ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); goto err; } Loading Loading @@ -1654,9 +1654,9 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx) ret = 1; goto err; } if ((!BN_to_felem(pre->g_pre_comp[0][1][0], &group->generator->X)) || (!BN_to_felem(pre->g_pre_comp[0][1][1], &group->generator->Y)) || (!BN_to_felem(pre->g_pre_comp[0][1][2], &group->generator->Z))) if ((!BN_to_felem(pre->g_pre_comp[0][1][0], group->generator->X)) || (!BN_to_felem(pre->g_pre_comp[0][1][1], group->generator->Y)) || (!BN_to_felem(pre->g_pre_comp[0][1][2], group->generator->Z))) goto err; /* * compute 2^56*G, 2^112*G, 2^168*G for the first table, 2^28*G, 2^84*G, Loading
crypto/ec/ecp_nistp256.c +10 −10 Original line number Diff line number Diff line Loading @@ -1930,8 +1930,8 @@ int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, EC_R_POINT_AT_INFINITY); return 0; } if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) || (!BN_to_felem(z1, &point->Z))) if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) || (!BN_to_felem(z1, point->Z))) return 0; felem_inv(z2, z1); felem_square(tmp, z2); Loading Loading @@ -2114,7 +2114,7 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, * this is an unusual input, and we don't guarantee * constant-timeness */ if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) { ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); goto err; } Loading @@ -2123,9 +2123,9 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, num_bytes = BN_bn2bin(p_scalar, tmp); flip_endian(secrets[i], tmp, num_bytes); /* precompute multiples */ if ((!BN_to_felem(x_out, &p->X)) || (!BN_to_felem(y_out, &p->Y)) || (!BN_to_felem(z_out, &p->Z))) if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || (!BN_to_felem(z_out, p->Z))) goto err; felem_shrink(pre_comp[i][1][0], x_out); felem_shrink(pre_comp[i][1][1], y_out); Loading Loading @@ -2162,7 +2162,7 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, * this is an unusual input, and we don't guarantee * constant-timeness */ if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) { if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) { ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); goto err; } Loading Loading @@ -2246,9 +2246,9 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx) ret = 1; goto err; } if ((!BN_to_felem(x_tmp, &group->generator->X)) || (!BN_to_felem(y_tmp, &group->generator->Y)) || (!BN_to_felem(z_tmp, &group->generator->Z))) if ((!BN_to_felem(x_tmp, group->generator->X)) || (!BN_to_felem(y_tmp, group->generator->Y)) || (!BN_to_felem(z_tmp, group->generator->Z))) goto err; felem_shrink(pre->g_pre_comp[0][1][0], x_tmp); felem_shrink(pre->g_pre_comp[0][1][1], y_tmp); Loading
crypto/ec/ecp_nistp521.c +10 −10 Original line number Diff line number Diff line Loading @@ -1743,8 +1743,8 @@ int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group, EC_R_POINT_AT_INFINITY); return 0; } if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) || (!BN_to_felem(z1, &point->Z))) if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) || (!BN_to_felem(z1, point->Z))) return 0; felem_inv(z2, z1); felem_square(tmp, z2); Loading Loading @@ -1928,7 +1928,7 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, * this is an unusual input, and we don't guarantee * constant-timeness */ if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) { ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); goto err; } Loading @@ -1937,9 +1937,9 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, num_bytes = BN_bn2bin(p_scalar, tmp); flip_endian(secrets[i], tmp, num_bytes); /* precompute multiples */ if ((!BN_to_felem(x_out, &p->X)) || (!BN_to_felem(y_out, &p->Y)) || (!BN_to_felem(z_out, &p->Z))) if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || (!BN_to_felem(z_out, p->Z))) goto err; memcpy(pre_comp[i][1][0], x_out, sizeof(felem)); memcpy(pre_comp[i][1][1], y_out, sizeof(felem)); Loading Loading @@ -1974,7 +1974,7 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, * this is an unusual input, and we don't guarantee * constant-timeness */ if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) { if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) { ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); goto err; } Loading Loading @@ -2058,9 +2058,9 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx) ret = 1; goto err; } if ((!BN_to_felem(pre->g_pre_comp[1][0], &group->generator->X)) || (!BN_to_felem(pre->g_pre_comp[1][1], &group->generator->Y)) || (!BN_to_felem(pre->g_pre_comp[1][2], &group->generator->Z))) if ((!BN_to_felem(pre->g_pre_comp[1][0], group->generator->X)) || (!BN_to_felem(pre->g_pre_comp[1][1], group->generator->Y)) || (!BN_to_felem(pre->g_pre_comp[1][2], group->generator->Z))) goto err; /* compute 2^130*G, 2^260*G, 2^390*G */ for (i = 1; i <= 4; i <<= 1) { Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>