Loading crypto/ec/ecp_nistz256.c +12 −12 Original line number Diff line number Diff line Loading @@ -553,14 +553,14 @@ static int ecp_nistz256_bignum_to_field_elem(BN_ULONG out[P256_LIMBS], } /* r = sum(scalar[i]*point[i]) */ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, static int ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r, const BIGNUM **scalar, const EC_POINT **point, size_t num, BN_CTX *ctx) { size_t i; int j; int j, ret = 0; unsigned int idx; unsigned char (*p_str)[33] = NULL; const unsigned int window_size = 5; Loading Loading @@ -719,6 +719,7 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, ecp_nistz256_point_add(r, r, &temp[0]); } ret = 1; err: if (table_storage) OPENSSL_free(table_storage); Loading @@ -726,6 +727,7 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, OPENSSL_free(p_str); if (scalars) OPENSSL_free(scalars); return ret; } /* Coordinates of G, for which we have precomputed tables */ Loading Loading @@ -1134,6 +1136,8 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group, const EC_PRE_COMP *pre_comp = NULL; const EC_POINT *generator = NULL; BN_CTX *new_ctx = NULL; const BIGNUM **new_scalars = NULL; const EC_POINT **new_points = NULL; unsigned int idx = 0; const unsigned int window_size = 7; const unsigned int mask = (1 << (window_size + 1)) - 1; Loading Loading @@ -1298,9 +1302,6 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group, * Without a precomputed table for the generator, it has to be * handled like a normal point. */ const BIGNUM **new_scalars; const EC_POINT **new_points; new_scalars = OPENSSL_malloc((num + 1) * sizeof(BIGNUM *)); if (!new_scalars) { ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE); Loading @@ -1309,7 +1310,6 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group, new_points = OPENSSL_malloc((num + 1) * sizeof(EC_POINT *)); if (!new_points) { OPENSSL_free(new_scalars); ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE); goto err; } Loading @@ -1329,17 +1329,13 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group, if (p_is_infinity) out = &p.p; ecp_nistz256_windowed_mul(group, out, scalars, points, num, ctx); if (!ecp_nistz256_windowed_mul(group, out, scalars, points, num, ctx)) goto err; if (!p_is_infinity) ecp_nistz256_point_add(&p.p, &p.p, out); } if (no_precomp_for_generator) { OPENSSL_free(points); OPENSSL_free(scalars); } /* Not constant-time, but we're only operating on the public output. */ if (!bn_set_words(r->X, p.p.X, P256_LIMBS) || !bn_set_words(r->Y, p.p.Y, P256_LIMBS) || Loading @@ -1354,6 +1350,10 @@ err: if (ctx) BN_CTX_end(ctx); BN_CTX_free(new_ctx); if (new_points) OPENSSL_free(new_points); if (new_scalars) OPENSSL_free(new_scalars); return ret; } Loading Loading
crypto/ec/ecp_nistz256.c +12 −12 Original line number Diff line number Diff line Loading @@ -553,14 +553,14 @@ static int ecp_nistz256_bignum_to_field_elem(BN_ULONG out[P256_LIMBS], } /* r = sum(scalar[i]*point[i]) */ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, static int ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r, const BIGNUM **scalar, const EC_POINT **point, size_t num, BN_CTX *ctx) { size_t i; int j; int j, ret = 0; unsigned int idx; unsigned char (*p_str)[33] = NULL; const unsigned int window_size = 5; Loading Loading @@ -719,6 +719,7 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, ecp_nistz256_point_add(r, r, &temp[0]); } ret = 1; err: if (table_storage) OPENSSL_free(table_storage); Loading @@ -726,6 +727,7 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, OPENSSL_free(p_str); if (scalars) OPENSSL_free(scalars); return ret; } /* Coordinates of G, for which we have precomputed tables */ Loading Loading @@ -1134,6 +1136,8 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group, const EC_PRE_COMP *pre_comp = NULL; const EC_POINT *generator = NULL; BN_CTX *new_ctx = NULL; const BIGNUM **new_scalars = NULL; const EC_POINT **new_points = NULL; unsigned int idx = 0; const unsigned int window_size = 7; const unsigned int mask = (1 << (window_size + 1)) - 1; Loading Loading @@ -1298,9 +1302,6 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group, * Without a precomputed table for the generator, it has to be * handled like a normal point. */ const BIGNUM **new_scalars; const EC_POINT **new_points; new_scalars = OPENSSL_malloc((num + 1) * sizeof(BIGNUM *)); if (!new_scalars) { ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE); Loading @@ -1309,7 +1310,6 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group, new_points = OPENSSL_malloc((num + 1) * sizeof(EC_POINT *)); if (!new_points) { OPENSSL_free(new_scalars); ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE); goto err; } Loading @@ -1329,17 +1329,13 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group, if (p_is_infinity) out = &p.p; ecp_nistz256_windowed_mul(group, out, scalars, points, num, ctx); if (!ecp_nistz256_windowed_mul(group, out, scalars, points, num, ctx)) goto err; if (!p_is_infinity) ecp_nistz256_point_add(&p.p, &p.p, out); } if (no_precomp_for_generator) { OPENSSL_free(points); OPENSSL_free(scalars); } /* Not constant-time, but we're only operating on the public output. */ if (!bn_set_words(r->X, p.p.X, P256_LIMBS) || !bn_set_words(r->Y, p.p.Y, P256_LIMBS) || Loading @@ -1354,6 +1350,10 @@ err: if (ctx) BN_CTX_end(ctx); BN_CTX_free(new_ctx); if (new_points) OPENSSL_free(new_points); if (new_scalars) OPENSSL_free(new_scalars); return ret; } Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>