Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge BoringSSL through 0f2c55cb748651833af247bbed43e. #1648

Merged
merged 16 commits into from
Sep 21, 2023
Merged

Merge BoringSSL through 0f2c55cb748651833af247bbed43e. #1648

Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
41eb890
Rearrange the C11 vs MSVC check.
davidben Jun 12, 2022
955ef79
Rewrite SSL_add_file_cert_subjects_to_stack
davidben Jun 13, 2022
1500ad0
Define STACK_OF(OPENSSL_STRING) more straight-forwardly.
davidben Jun 13, 2022
652464e
Validate ASN.1 times according to RFC 5280
Jun 16, 2022
1f51cfc
Fix duplicate declarations
davidben Jun 16, 2022
aa5f601
Add fixed key generation for Trust Token.
dvorak42 Jun 14, 2022
260a10c
clang-format remaining directories.
davidben Jun 16, 2022
c0b87a0
Re-run clang-format with InsertBraces.
davidben Jun 16, 2022
4635048
Run convert_comments.go on the recently-converted files
davidben Jun 16, 2022
520ad64
Post-clang-format fixups.
davidben Jun 22, 2022
56eeb20
Remove unnecessary parens on return.
davidben Jun 22, 2022
267997d
Set is_first and is_last correctly with ASN1_STRFLGS_UTF8_CONVERT.
davidben Jun 23, 2022
e3ebb9e
Don't use a union in Ed25519 EVP_PKEYs.
davidben Jun 20, 2022
0f2c55c
Remove p256_point_union_t.
davidben Jun 20, 2022
7cf6516
Ignore BoringSSL `41eb890..e3ebb9e'.
briansmith Sep 19, 2023
f812f37
Merge commit '0f2c55cb748651833af247bbed43e' into b/merge-boringssl-9.
briansmith Sep 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 21 additions & 23 deletions crypto/fipsmodule/ec/p256-nistz.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,11 +210,6 @@ static void ecp_nistz256_windowed_mul(P256_POINT *r,
ecp_nistz256_point_add(r, r, &h);
}

typedef union {
P256_POINT p;
P256_POINT_AFFINE a;
} p256_point_union_t;

static crypto_word calc_first_wvalue(size_t *index, const uint8_t p_str[33]) {
static const size_t kWindowSize = 7;
static const crypto_word kMask = (1 << (7 /* kWindowSize */ + 1)) - 1;
Expand Down Expand Up @@ -249,41 +244,44 @@ void p256_point_mul(P256_POINT *r, const Limb p_scalar[P256_LIMBS],
}

void p256_point_mul_base(P256_POINT *r, const Limb scalar[P256_LIMBS]) {
alignas(32) p256_point_union_t t, p;

P256_SCALAR_BYTES p_str;
p256_scalar_bytes_from_limbs(p_str, scalar);

// First window
size_t index = 0;
crypto_word wvalue = calc_first_wvalue(&index, p_str);

ecp_nistz256_select_w7(&p.a, ecp_nistz256_precomputed[0], (int)(wvalue >> 1));
ecp_nistz256_neg(p.p.Z, p.p.Y);
copy_conditional(p.p.Y, p.p.Z, wvalue & 1);
alignas(32) P256_POINT_AFFINE t;
alignas(32) P256_POINT p;
ecp_nistz256_select_w7(&t, ecp_nistz256_precomputed[0], (int)(wvalue >> 1));
ecp_nistz256_neg(p.Z, t.Y);
copy_conditional(t.Y, p.Z, wvalue & 1);

// Convert |p| from affine to Jacobian coordinates. We set Z to zero if |p|
// is infinity and |ONE| otherwise. |p| was computed from the table, so it
// Convert |t| from affine to Jacobian coordinates. We set Z to zero if |t|
// is infinity and |ONE| otherwise. |t| was computed from the table, so it
// is infinity iff |wvalue >> 1| is zero.
OPENSSL_memset(p.p.Z, 0, sizeof(p.p.Z));
copy_conditional(p.p.Z, ONE, is_not_zero(wvalue >> 1));
limbs_copy(p.X, t.X, P256_LIMBS);
limbs_copy(p.Y, t.Y, P256_LIMBS);
limbs_zero(p.Z, P256_LIMBS);
copy_conditional(p.Z, ONE, is_not_zero(wvalue >> 1));

for (int i = 1; i < 37; i++) {
wvalue = calc_wvalue(&index, p_str);

ecp_nistz256_select_w7(&t.a, ecp_nistz256_precomputed[i], (int)(wvalue >> 1));
ecp_nistz256_select_w7(&t, ecp_nistz256_precomputed[i], (int)(wvalue >> 1));

ecp_nistz256_neg(t.p.Z, t.a.Y);
copy_conditional(t.a.Y, t.p.Z, wvalue & 1);
alignas(32) BN_ULONG neg_Y[P256_LIMBS];
ecp_nistz256_neg(neg_Y, t.Y);
copy_conditional(t.Y, neg_Y, wvalue & 1);

// Note |ecp_nistz256_point_add_affine| does not work if |p.p| and |t.a|
// are the same non-infinity point.
ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a);
// Note |ecp_nistz256_point_add_affine| does not work if |p| and |t| are the
// same non-infinity point.
ecp_nistz256_point_add_affine(&p, &p, &t);
}

limbs_copy(r->X, p.p.X, P256_LIMBS);
limbs_copy(r->Y, p.p.Y, P256_LIMBS);
limbs_copy(r->Z, p.p.Z, P256_LIMBS);
limbs_copy(r->X, p.X, P256_LIMBS);
limbs_copy(r->Y, p.Y, P256_LIMBS);
limbs_copy(r->Z, p.Z, P256_LIMBS);
}

#endif /* defined(OPENSSL_USE_NISTZ256) */
Loading