Loading crypto/ec/ecp_nistz256.c +82 −78 Original line number Diff line number Diff line Loading @@ -307,17 +307,17 @@ static void ecp_nistz256_point_add(P256_POINT * r, /* We encode infinity as (0,0), which is not on the curve, * so it is OK. */ in1infty = in1_x[0] | in1_x[1] | in1_x[2] | in1_x[3] | in1_y[0] | in1_y[1] | in1_y[2] | in1_y[3]; in1infty = (in1_x[0] | in1_x[1] | in1_x[2] | in1_x[3] | in1_y[0] | in1_y[1] | in1_y[2] | in1_y[3]); if (P256_LIMBS == 8) in1infty |= in1_x[4] | in1_x[5] | in1_x[6] | in1_x[7] | in1_y[4] | in1_y[5] | in1_y[6] | in1_y[7]; in1infty |= (in1_x[4] | in1_x[5] | in1_x[6] | in1_x[7] | in1_y[4] | in1_y[5] | in1_y[6] | in1_y[7]); in2infty = in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] | in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]; in2infty = (in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] | in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]); if (P256_LIMBS == 8) in2infty |= in2_x[4] | in2_x[5] | in2_x[6] | in2_x[7] | in2_y[4] | in2_y[5] | in2_y[6] | in2_y[7]; in2infty |= (in2_x[4] | in2_x[5] | in2_x[6] | in2_x[7] | in2_y[4] | in2_y[5] | in2_y[6] | in2_y[7]); in1infty = is_zero(in1infty); in2infty = is_zero(in2infty); Loading Loading @@ -406,17 +406,17 @@ static void ecp_nistz256_point_add_affine(P256_POINT * r, /* In affine representation we encode infty as (0,0), * which is not on the curve, so it is OK */ in1infty = in1_x[0] | in1_x[1] | in1_x[2] | in1_x[3] | in1_y[0] | in1_y[1] | in1_y[2] | in1_y[3]; in1infty = (in1_x[0] | in1_x[1] | in1_x[2] | in1_x[3] | in1_y[0] | in1_y[1] | in1_y[2] | in1_y[3]); if (P256_LIMBS == 8) in1infty |= in1_x[4] | in1_x[5] | in1_x[6] | in1_x[7] | in1_y[4] | in1_y[5] | in1_y[6] | in1_y[7]; in1infty |= (in1_x[4] | in1_x[5] | in1_x[6] | in1_x[7] | in1_y[4] | in1_y[5] | in1_y[6] | in1_y[7]); in2infty = in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] | in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]; in2infty = (in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] | in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]); if (P256_LIMBS == 8) in2infty |= in2_x[4] | in2_x[5] | in2_x[6] | in2_x[7] | in2_y[4] | in2_y[5] | in2_y[6] | in2_y[7]; in2infty |= (in2_x[4] | in2_x[5] | in2_x[6] | in2_x[7] | in2_y[4] | in2_y[5] | in2_y[6] | in2_y[7]); in1infty = is_zero(in1infty); in2infty = is_zero(in2infty); Loading Loading @@ -613,7 +613,8 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP * group, if (!ecp_nistz256_bignum_to_field_elem(temp[0].X, point[i]->X) || !ecp_nistz256_bignum_to_field_elem(temp[0].Y, point[i]->Y) || !ecp_nistz256_bignum_to_field_elem(temp[0].Z, point[i]->Z)) { ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, EC_R_COORDINATES_OUT_OF_RANGE); ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, EC_R_COORDINATES_OUT_OF_RANGE); goto err; } Loading Loading @@ -878,8 +879,9 @@ err: # undef ECP_NISTZ256_AVX2 # else /* Constant time access, loading four values, from four consecutive tables */ void ecp_nistz256_avx2_multi_gather_w7(void *result, const void *in, int index0, int index1, int index2, int index3); void ecp_nistz256_avx2_multi_gather_w7(void *result, const void *in, int index0, int index1, int index2, int index3); void ecp_nistz256_avx2_transpose_convert(void *RESULTx4, const void *in); void ecp_nistz256_avx2_convert_transpose_back(void *result, const void *Ax4); void ecp_nistz256_avx2_point_add_affine_x4(void *RESULTx4, const void *Ax4, Loading Loading @@ -910,8 +912,7 @@ static void booth_recode_w7(unsigned char *sign, * significantly speeding up point multiplication for a fixed value. */ static void ecp_nistz256_avx2_mul_g(P256_POINT *r, unsigned char p_str[33], const P256_POINT_AFFINE(*preComputedTable)[64]) const P256_POINT_AFFINE(*preComputedTable)[64]) { const unsigned int window_size = 7; const unsigned int mask = (1 << (window_size + 1)) - 1; Loading Loading @@ -1085,8 +1086,10 @@ static int ecp_nistz256_set_from_affine(EC_POINT * out, const EC_GROUP * group, ret = EC_POINT_set_affine_coordinates_GFp(group, out, x, y, ctx); if(x) BN_free(x); if(y) BN_free(y); if (x) BN_free(x); if (y) BN_free(y); return ret; } Loading Loading @@ -1226,7 +1229,8 @@ static int ecp_nistz256_points_mul(const EC_GROUP * group, wvalue = _booth_recode_w7(wvalue); ecp_nistz256_gather_w7(&p.a, preComputedTable[0], wvalue >> 1); ecp_nistz256_gather_w7(&p.a, preComputedTable[0], wvalue >> 1); ecp_nistz256_neg(p.p.Z, p.p.Y); copy_conditional(p.p.Y, p.p.Z, wvalue & 1); Loading Loading
crypto/ec/ecp_nistz256.c +82 −78 Original line number Diff line number Diff line Loading @@ -307,17 +307,17 @@ static void ecp_nistz256_point_add(P256_POINT * r, /* We encode infinity as (0,0), which is not on the curve, * so it is OK. */ in1infty = in1_x[0] | in1_x[1] | in1_x[2] | in1_x[3] | in1_y[0] | in1_y[1] | in1_y[2] | in1_y[3]; in1infty = (in1_x[0] | in1_x[1] | in1_x[2] | in1_x[3] | in1_y[0] | in1_y[1] | in1_y[2] | in1_y[3]); if (P256_LIMBS == 8) in1infty |= in1_x[4] | in1_x[5] | in1_x[6] | in1_x[7] | in1_y[4] | in1_y[5] | in1_y[6] | in1_y[7]; in1infty |= (in1_x[4] | in1_x[5] | in1_x[6] | in1_x[7] | in1_y[4] | in1_y[5] | in1_y[6] | in1_y[7]); in2infty = in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] | in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]; in2infty = (in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] | in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]); if (P256_LIMBS == 8) in2infty |= in2_x[4] | in2_x[5] | in2_x[6] | in2_x[7] | in2_y[4] | in2_y[5] | in2_y[6] | in2_y[7]; in2infty |= (in2_x[4] | in2_x[5] | in2_x[6] | in2_x[7] | in2_y[4] | in2_y[5] | in2_y[6] | in2_y[7]); in1infty = is_zero(in1infty); in2infty = is_zero(in2infty); Loading Loading @@ -406,17 +406,17 @@ static void ecp_nistz256_point_add_affine(P256_POINT * r, /* In affine representation we encode infty as (0,0), * which is not on the curve, so it is OK */ in1infty = in1_x[0] | in1_x[1] | in1_x[2] | in1_x[3] | in1_y[0] | in1_y[1] | in1_y[2] | in1_y[3]; in1infty = (in1_x[0] | in1_x[1] | in1_x[2] | in1_x[3] | in1_y[0] | in1_y[1] | in1_y[2] | in1_y[3]); if (P256_LIMBS == 8) in1infty |= in1_x[4] | in1_x[5] | in1_x[6] | in1_x[7] | in1_y[4] | in1_y[5] | in1_y[6] | in1_y[7]; in1infty |= (in1_x[4] | in1_x[5] | in1_x[6] | in1_x[7] | in1_y[4] | in1_y[5] | in1_y[6] | in1_y[7]); in2infty = in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] | in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]; in2infty = (in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] | in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]); if (P256_LIMBS == 8) in2infty |= in2_x[4] | in2_x[5] | in2_x[6] | in2_x[7] | in2_y[4] | in2_y[5] | in2_y[6] | in2_y[7]; in2infty |= (in2_x[4] | in2_x[5] | in2_x[6] | in2_x[7] | in2_y[4] | in2_y[5] | in2_y[6] | in2_y[7]); in1infty = is_zero(in1infty); in2infty = is_zero(in2infty); Loading Loading @@ -613,7 +613,8 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP * group, if (!ecp_nistz256_bignum_to_field_elem(temp[0].X, point[i]->X) || !ecp_nistz256_bignum_to_field_elem(temp[0].Y, point[i]->Y) || !ecp_nistz256_bignum_to_field_elem(temp[0].Z, point[i]->Z)) { ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, EC_R_COORDINATES_OUT_OF_RANGE); ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, EC_R_COORDINATES_OUT_OF_RANGE); goto err; } Loading Loading @@ -878,8 +879,9 @@ err: # undef ECP_NISTZ256_AVX2 # else /* Constant time access, loading four values, from four consecutive tables */ void ecp_nistz256_avx2_multi_gather_w7(void *result, const void *in, int index0, int index1, int index2, int index3); void ecp_nistz256_avx2_multi_gather_w7(void *result, const void *in, int index0, int index1, int index2, int index3); void ecp_nistz256_avx2_transpose_convert(void *RESULTx4, const void *in); void ecp_nistz256_avx2_convert_transpose_back(void *result, const void *Ax4); void ecp_nistz256_avx2_point_add_affine_x4(void *RESULTx4, const void *Ax4, Loading Loading @@ -910,8 +912,7 @@ static void booth_recode_w7(unsigned char *sign, * significantly speeding up point multiplication for a fixed value. */ static void ecp_nistz256_avx2_mul_g(P256_POINT *r, unsigned char p_str[33], const P256_POINT_AFFINE(*preComputedTable)[64]) const P256_POINT_AFFINE(*preComputedTable)[64]) { const unsigned int window_size = 7; const unsigned int mask = (1 << (window_size + 1)) - 1; Loading Loading @@ -1085,8 +1086,10 @@ static int ecp_nistz256_set_from_affine(EC_POINT * out, const EC_GROUP * group, ret = EC_POINT_set_affine_coordinates_GFp(group, out, x, y, ctx); if(x) BN_free(x); if(y) BN_free(y); if (x) BN_free(x); if (y) BN_free(y); return ret; } Loading Loading @@ -1226,7 +1229,8 @@ static int ecp_nistz256_points_mul(const EC_GROUP * group, wvalue = _booth_recode_w7(wvalue); ecp_nistz256_gather_w7(&p.a, preComputedTable[0], wvalue >> 1); ecp_nistz256_gather_w7(&p.a, preComputedTable[0], wvalue >> 1); ecp_nistz256_neg(p.p.Z, p.p.Y); copy_conditional(p.p.Y, p.p.Z, wvalue & 1); Loading
Tim Hudson <tjh@openssl.org>Tim Hudson <tjh@openssl.org>