#include <string.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include "internal/bn_int.h"
#include "ec_lcl.h"
typedef P256_POINT_AFFINE PRECOMP256_ROW[64];
/* structure for precomputed multiples of the generator */
-typedef struct ec_pre_comp_st {
+struct nistz256_pre_comp_st {
const EC_GROUP *group; /* Parent EC_GROUP object */
size_t w; /* Window size */
/*
PRECOMP256_ROW *precomp;
void *precomp_storage;
int references;
-} EC_PRE_COMP;
+};
/* Functions implemented in assembly */
/* Modular mul by 2: res = 2*a mod P */
TOBN(0xffffffff, 0xffffffff), TOBN(0x00000000, 0xfffffffe)
};
-static void *ecp_nistz256_pre_comp_dup(void *);
-static void ecp_nistz256_pre_comp_free(void *);
-static void ecp_nistz256_pre_comp_clear_free(void *);
-static EC_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group);
+static NISTZ256_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group);
/* Precomputed tables for the default generator */
extern const PRECOMP256_ROW ecp_nistz256_precomputed[37];
{
in |= (0 - in);
in = ~in;
- in &= BN_MASK2;
in >>= BN_BITS2 - 1;
return in;
}
* ecp_nistz256_bignum_to_field_elem copies the contents of |in| to |out| and
* returns one if it fits. Otherwise it returns zero.
*/
-static int ecp_nistz256_bignum_to_field_elem(BN_ULONG out[P256_LIMBS],
- const BIGNUM *in)
+__owur static int ecp_nistz256_bignum_to_field_elem(BN_ULONG out[P256_LIMBS],
+ const BIGNUM *in)
{
return bn_copy_words(out, in, P256_LIMBS);
}
/* r = sum(scalar[i]*point[i]) */
-static int ecp_nistz256_windowed_mul(const EC_GROUP *group,
- P256_POINT *r,
- const BIGNUM **scalar,
- const EC_POINT **point,
- size_t num, BN_CTX *ctx)
+__owur static int ecp_nistz256_windowed_mul(const EC_GROUP *group,
+ P256_POINT *r,
+ const BIGNUM **scalar,
+ const EC_POINT **point,
+ size_t num, BN_CTX *ctx)
{
size_t i;
int j, ret = 0;
ret = 1;
err:
- if (table_storage)
- OPENSSL_free(table_storage);
- if (p_str)
- OPENSSL_free(p_str);
- if (scalars)
- OPENSSL_free(scalars);
+ OPENSSL_free(table_storage);
+ OPENSSL_free(p_str);
+ OPENSSL_free(scalars);
return ret;
}
is_one(bn_get_words(generator->Z));
}
-static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
+__owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
{
/*
* We precompute a table for a Booth encoded exponent (wNAF) based
BIGNUM *order;
EC_POINT *P = NULL, *T = NULL;
const EC_POINT *generator;
- EC_PRE_COMP *pre_comp;
+ NISTZ256_PRE_COMP *pre_comp;
BN_CTX *new_ctx = NULL;
int i, j, k, ret = 0;
size_t w;
PRECOMP256_ROW *preComputedTable = NULL;
unsigned char *precomp_storage = NULL;
- /* if there is an old EC_PRE_COMP object, throw it away */
- EC_EX_DATA_free_data(&group->extra_data, ecp_nistz256_pre_comp_dup,
- ecp_nistz256_pre_comp_free,
- ecp_nistz256_pre_comp_clear_free);
-
+ /* if there is an old NISTZ256_PRE_COMP object, throw it away */
+ EC_pre_comp_free(group);
generator = EC_GROUP_get0_generator(group);
if (generator == NULL) {
ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, EC_R_UNDEFINED_GENERATOR);
for (j = 0; j < 37; j++) {
P256_POINT_AFFINE temp;
/*
- * It would be faster to use ec_GFp_simple_points_make_affine and
+ * It would be faster to use EC_POINTs_make_affine and
* make multiple points affine at the same time.
*/
- ec_GFp_simple_make_affine(group, P, ctx);
- ecp_nistz256_bignum_to_field_elem(temp.X, P->X);
- ecp_nistz256_bignum_to_field_elem(temp.Y, P->Y);
+ if (!EC_POINT_make_affine(group, P, ctx))
+ goto err;
+ if (!ecp_nistz256_bignum_to_field_elem(temp.X, P->X) ||
+ !ecp_nistz256_bignum_to_field_elem(temp.Y, P->Y)) {
+ ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE,
+ EC_R_COORDINATES_OUT_OF_RANGE);
+ goto err;
+ }
ecp_nistz256_scatter_w7(preComputedTable[j], &temp, k);
- for (i = 0; i < 7; i++)
- ec_GFp_simple_dbl(group, P, P, ctx);
+ for (i = 0; i < 7; i++) {
+ if (!EC_POINT_dbl(group, P, P, ctx))
+ goto err;
+ }
}
- ec_GFp_simple_add(group, T, T, generator, ctx);
+ if (!EC_POINT_add(group, T, T, generator, ctx))
+ goto err;
}
pre_comp->group = group;
pre_comp->w = w;
pre_comp->precomp = preComputedTable;
pre_comp->precomp_storage = precomp_storage;
-
precomp_storage = NULL;
-
- if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp,
- ecp_nistz256_pre_comp_dup,
- ecp_nistz256_pre_comp_free,
- ecp_nistz256_pre_comp_clear_free)) {
- goto err;
- }
-
+ SETPRECOMP(group, nistz256, pre_comp);
pre_comp = NULL;
-
ret = 1;
err:
BN_CTX_end(ctx);
BN_CTX_free(new_ctx);
- ecp_nistz256_pre_comp_free(pre_comp);
- if (precomp_storage)
- OPENSSL_free(precomp_storage);
+ EC_nistz256_pre_comp_free(pre_comp);
+ OPENSSL_free(precomp_storage);
EC_POINT_free(P);
EC_POINT_free(T);
return ret;
# endif
#endif
-static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group,
- const P256_POINT_AFFINE *in,
- BN_CTX *ctx)
+__owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group,
+ const P256_POINT_AFFINE *in,
+ BN_CTX *ctx)
{
BIGNUM *x, *y;
BN_ULONG d_x[P256_LIMBS], d_y[P256_LIMBS];
int ret = 0;
x = BN_new();
- if (!x)
+ if (x == NULL)
return 0;
y = BN_new();
- if (!y) {
+ if (y == NULL) {
BN_free(x);
return 0;
}
ret = EC_POINT_set_affine_coordinates_GFp(group, out, x, y, ctx);
- if (x)
- BN_free(x);
- if (y)
- BN_free(y);
+ BN_free(x);
+ BN_free(y);
return ret;
}
/* r = scalar*G + sum(scalars[i]*points[i]) */
-static int ecp_nistz256_points_mul(const EC_GROUP *group,
- EC_POINT *r,
- const BIGNUM *scalar,
- size_t num,
- const EC_POINT *points[],
- const BIGNUM *scalars[], BN_CTX *ctx)
+__owur static int ecp_nistz256_points_mul(const EC_GROUP *group,
+ EC_POINT *r,
+ const BIGNUM *scalar,
+ size_t num,
+ const EC_POINT *points[],
+ const BIGNUM *scalars[], BN_CTX *ctx)
{
int i = 0, ret = 0, no_precomp_for_generator = 0, p_is_infinity = 0;
size_t j;
unsigned char p_str[33] = { 0 };
const PRECOMP256_ROW *preComputedTable = NULL;
- const EC_PRE_COMP *pre_comp = NULL;
+ const NISTZ256_PRE_COMP *pre_comp = NULL;
const EC_POINT *generator = NULL;
BN_CTX *new_ctx = NULL;
const BIGNUM **new_scalars = NULL;
}
/* look if we can use precomputed multiples of generator */
- pre_comp =
- EC_EX_DATA_get_data(group->extra_data, ecp_nistz256_pre_comp_dup,
- ecp_nistz256_pre_comp_free,
- ecp_nistz256_pre_comp_clear_free);
+ pre_comp = group->pre_comp.nistz256;
if (pre_comp) {
/*
* handled like a normal point.
*/
new_scalars = OPENSSL_malloc((num + 1) * sizeof(BIGNUM *));
- if (!new_scalars) {
+ if (new_scalars == NULL) {
ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
goto err;
}
new_points = OPENSSL_malloc((num + 1) * sizeof(EC_POINT *));
- if (!new_points) {
+ if (new_points == NULL) {
ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
goto err;
}
if (ctx)
BN_CTX_end(ctx);
BN_CTX_free(new_ctx);
- if (new_points)
- OPENSSL_free(new_points);
- if (new_scalars)
- OPENSSL_free(new_scalars);
+ OPENSSL_free(new_points);
+ OPENSSL_free(new_scalars);
return ret;
}
-static int ecp_nistz256_get_affine(const EC_GROUP *group,
- const EC_POINT *point,
- BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
+__owur static int ecp_nistz256_get_affine(const EC_GROUP *group,
+ const EC_POINT *point,
+ BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
{
BN_ULONG z_inv2[P256_LIMBS];
BN_ULONG z_inv3[P256_LIMBS];
return 1;
}
-static EC_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group)
+static NISTZ256_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group)
{
- EC_PRE_COMP *ret = NULL;
+ NISTZ256_PRE_COMP *ret = NULL;
if (!group)
return NULL;
- ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP));
+ ret = OPENSSL_zalloc(sizeof(*ret));
- if (!ret) {
+ if (ret == NULL) {
ECerr(EC_F_ECP_NISTZ256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
return ret;
}
return ret;
}
-static void *ecp_nistz256_pre_comp_dup(void *src_)
+NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *p)
{
- EC_PRE_COMP *src = src_;
-
- /* no need to actually copy, these objects never change! */
- CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP);
-
- return src_;
+ if (p != NULL)
+ CRYPTO_add(&p->references, 1, CRYPTO_LOCK_EC_PRE_COMP);
+ return p;
}
-static void ecp_nistz256_pre_comp_free(void *pre_)
+void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *pre)
{
- int i;
- EC_PRE_COMP *pre = pre_;
-
- if (!pre)
+ if (pre == NULL
+ || CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP) > 0)
return;
-
- i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
- if (i > 0)
- return;
-
- if (pre->precomp_storage)
- OPENSSL_free(pre->precomp_storage);
-
+ OPENSSL_free(pre->precomp_storage);
OPENSSL_free(pre);
}
-static void ecp_nistz256_pre_comp_clear_free(void *pre_)
-{
- int i;
- EC_PRE_COMP *pre = pre_;
-
- if (!pre)
- return;
-
- i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
- if (i > 0)
- return;
-
- if (pre->precomp_storage) {
- OPENSSL_cleanse(pre->precomp,
- 32 * sizeof(unsigned char) * (1 << pre->w) * 2 * 37);
- OPENSSL_free(pre->precomp_storage);
- }
- OPENSSL_cleanse(pre, sizeof *pre);
- OPENSSL_free(pre);
-}
static int ecp_nistz256_window_have_precompute_mult(const EC_GROUP *group)
{
/* There is a hard-coded table for the default generator. */
const EC_POINT *generator = EC_GROUP_get0_generator(group);
+
if (generator != NULL && ecp_nistz256_is_affine_G(generator)) {
/* There is a hard-coded table for the default generator. */
return 1;
}
- return EC_EX_DATA_get_data(group->extra_data, ecp_nistz256_pre_comp_dup,
- ecp_nistz256_pre_comp_free,
- ecp_nistz256_pre_comp_clear_free) != NULL;
+ return HAVEPRECOMP(group, nistz256);
}
const EC_METHOD *EC_GFp_nistz256_method(void)
projects / openssl.git / blobdiff