/*
- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
# include <openssl/err.h>
# include "ec_lcl.h"
-# if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1))
+# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
/* even with gcc, the typedef won't work for 32-bit platforms */
typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit
* platforms */
typedef __int128_t int128_t;
# else
-# error "Need GCC 3.1 or later to define type uint128_t"
+# error "Your compiler doesn't appear to support 128-bit integer types"
# endif
typedef uint8_t u8;
typedef uint32_t u32;
typedef uint64_t u64;
-typedef int64_t s64;
/*
* The underlying field. P256 operates over GF(2^256-2^224+2^192+2^96-1). We
{
felem tmp;
u64 a, b, mask;
- s64 high, low;
+ u64 high, low;
static const u64 kPrime3Test = 0x7fffffff00000001ul; /* 2^63 - 2^32 + 1 */
/* Carry 2->3 */
* In order to make space in tmp[3] for the carry from 2 -> 3, we
* conditionally subtract kPrime if tmp[3] is large enough.
*/
- high = tmp[3] >> 64;
+ high = (u64)(tmp[3] >> 64);
/* As tmp[3] < 2^65, high is either 1 or 0 */
- high <<= 63;
- high >>= 63;
+ high = 0 - high;
/*-
* high is:
* all ones if the high word of tmp[3] is 1
- * all zeros if the high word of tmp[3] if 0 */
- low = tmp[3];
- mask = low >> 63;
+ * all zeros if the high word of tmp[3] if 0
+ */
+ low = (u64)tmp[3];
+ mask = 0 - (low >> 63);
/*-
* mask is:
* all ones if the MSB of low is 1
- * all zeros if the MSB of low if 0 */
+ * all zeros if the MSB of low if 0
+ */
low &= bottom63bits;
low -= kPrime3Test;
/* if low was greater than kPrime3Test then the MSB is zero */
low = ~low;
- low >>= 63;
+ low = 0 - (low >> 63);
/*-
* low is:
* all ones if low was > kPrime3Test
- * all zeros if low was <= kPrime3Test */
+ * all zeros if low was <= kPrime3Test
+ */
mask = (mask & low) | high;
tmp[0] -= mask & kPrime[0];
tmp[1] -= mask & kPrime[1];
equal &= equal << 4;
equal &= equal << 2;
equal &= equal << 1;
- equal = ((s64) equal) >> 63;
+ equal = 0 - (equal >> 63);
all_equal_so_far &= equal;
}
is_zero &= is_zero << 4;
is_zero &= is_zero << 2;
is_zero &= is_zero << 1;
- is_zero = ((s64) is_zero) >> 63;
+ is_zero = 0 - (is_zero >> 63);
is_p = (small[0] ^ kPrime[0]) |
(small[1] ^ kPrime[1]) |
is_p &= is_p << 4;
is_p &= is_p << 2;
is_p &= is_p << 1;
- is_p = ((s64) is_p) >> 63;
+ is_p = 0 - (is_p >> 63);
is_zero |= is_p;
ec_GFp_nist_field_mul,
ec_GFp_nist_field_sqr,
0 /* field_div */ ,
+ ec_GFp_simple_field_inv,
0 /* field_encode */ ,
0 /* field_decode */ ,
0, /* field_set_to_one */
ec_key_simple_generate_public_key,
0, /* keycopy */
0, /* keyfinish */
- ecdh_simple_compute_key
+ ecdh_simple_compute_key,
+ ecdsa_simple_sign_setup,
+ ecdsa_simple_sign_sig,
+ ecdsa_simple_verify_sig,
+ 0, /* field_inverse_mod_ord */
+ 0, /* blind_coordinates */
+ 0, /* ladder_pre */
+ 0, /* ladder_step */
+ 0 /* ladder_post */
};
return &ret;
* FUNCTIONS TO MANAGE PRECOMPUTATION
*/
-static NISTP256_PRE_COMP *nistp256_pre_comp_new()
+static NISTP256_PRE_COMP *nistp256_pre_comp_new(void)
{
NISTP256_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret));
BN_CTX *ctx)
{
int ret = 0;
- BN_CTX *new_ctx = NULL;
BIGNUM *curve_p, *curve_a, *curve_b;
+#ifndef FIPS_MODE
+ BN_CTX *new_ctx = NULL;
if (ctx == NULL)
- if ((ctx = new_ctx = BN_CTX_new()) == NULL)
- return 0;
+ ctx = new_ctx = BN_CTX_new();
+#endif
+ if (ctx == NULL)
+ return 0;
+
BN_CTX_start(ctx);
curve_p = BN_CTX_get(ctx);
curve_a = BN_CTX_get(ctx);
ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
err:
BN_CTX_end(ctx);
+#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
+#endif
return ret;
}
int ret = 0;
int j;
int mixed = 0;
- BN_CTX *new_ctx = NULL;
BIGNUM *x, *y, *z, *tmp_scalar;
felem_bytearray g_secret;
felem_bytearray *secrets = NULL;
const EC_POINT *p = NULL;
const BIGNUM *p_scalar = NULL;
- if (ctx == NULL)
- if ((ctx = new_ctx = BN_CTX_new()) == NULL)
- return 0;
BN_CTX_start(ctx);
x = BN_CTX_get(ctx);
y = BN_CTX_get(ctx);
err:
BN_CTX_end(ctx);
EC_POINT_free(generator);
- BN_CTX_free(new_ctx);
OPENSSL_free(secrets);
OPENSSL_free(pre_comp);
OPENSSL_free(tmp_smallfelems);
int ret = 0;
NISTP256_PRE_COMP *pre = NULL;
int i, j;
- BN_CTX *new_ctx = NULL;
BIGNUM *x, *y;
EC_POINT *generator = NULL;
smallfelem tmp_smallfelems[32];
felem x_tmp, y_tmp, z_tmp;
+#ifndef FIPS_MODE
+ BN_CTX *new_ctx = NULL;
+#endif
/* throw away old precomputation */
EC_pre_comp_free(group);
+
+#ifndef FIPS_MODE
if (ctx == NULL)
- if ((ctx = new_ctx = BN_CTX_new()) == NULL)
- return 0;
+ ctx = new_ctx = BN_CTX_new();
+#endif
+ if (ctx == NULL)
+ return 0;
+
BN_CTX_start(ctx);
x = BN_CTX_get(ctx);
y = BN_CTX_get(ctx);
goto err;
BN_bin2bn(nistp256_curve_params[3], sizeof(felem_bytearray), x);
BN_bin2bn(nistp256_curve_params[4], sizeof(felem_bytearray), y);
- if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx))
+ if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx))
goto err;
if ((pre = nistp256_pre_comp_new()) == NULL)
goto err;
err:
BN_CTX_end(ctx);
EC_POINT_free(generator);
+#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
+#endif
EC_nistp256_pre_comp_free(pre);
return ret;
}