Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
e0d6132b
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
e0d6132b
编写于
10月 19, 2011
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fix warnings.
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
上级
e3fed9f4
变更
12
显示空白变更内容
内联
并排
Showing
12 changed file
with
187 addition
and
101 deletion
+187
-101
CHANGES
CHANGES
+5
-4
Configure
Configure
+3
-3
TABLE
TABLE
+90
-24
crypto/ec/ec.h
crypto/ec/ec.h
+1
-1
crypto/ec/ec_curve.c
crypto/ec/ec_curve.c
+4
-3
crypto/ec/ec_lcl.h
crypto/ec/ec_lcl.h
+1
-1
crypto/ec/ecp_nistp224.c
crypto/ec/ecp_nistp224.c
+10
-7
crypto/ec/ecp_nistp256.c
crypto/ec/ecp_nistp256.c
+34
-26
crypto/ec/ecp_nistp521.c
crypto/ec/ecp_nistp521.c
+25
-22
crypto/ec/ecp_nistputil.c
crypto/ec/ecp_nistputil.c
+2
-1
crypto/ec/ectest.c
crypto/ec/ectest.c
+9
-6
util/mkdef.pl
util/mkdef.pl
+3
-3
未找到文件。
CHANGES
浏览文件 @
e0d6132b
...
...
@@ -235,11 +235,12 @@
*) Add optional 64-bit optimized implementations of elliptic curves NIST-P224,
NIST-P256, NIST-P521, with constant-time single point multiplication on
typical inputs. Compiler support for the nonstandard type __uint128_t is
required to use this. Code made available under Apache License version 2.0.
required to use this (present in gcc 4.4 and later, for 64-bit builds).
Code made available under Apache License version 2.0.
To include this in your build of OpenSSL, use -DEC_NISTP_64_GCC_128 on
the Configure (or config) command line, and run "make depend" (or "make
update"). This enables the following EC_METHODs:
Specify "enable-ec_nistp_64_gcc_128" on the Configure (or config) command
line to include this in your build of OpenSSL, and run "make depend" (or
"make
update"). This enables the following EC_METHODs:
EC_GFp_nistp224_method()
EC_GFp_nistp256_method()
...
...
Configure
浏览文件 @
e0d6132b
...
...
@@ -173,7 +173,7 @@ my %table=(
"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-bodo", "gcc:
-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}
",
"debug-bodo", "gcc:
$gcc_devteam_warn -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64
",
"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
...
...
@@ -701,7 +701,7 @@ my $fips=0;
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
"ec-nistp224-64-gcc-
128" => "default",
"ec_nistp_64_gcc_
128" => "default",
"gmp" => "default",
"jpake" => "experimental",
"md2" => "default",
...
...
@@ -731,7 +731,7 @@ if (!-d "ssl")
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
my $default_depflags = " -DOPENSSL_NO_EC_NISTP
224
_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE";
my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE";
# Explicit "no-..." options will be collected in %disabled along with the defaults.
# To remove something from %disabled, use "enable-foo" (unless it's experimental).
...
...
TABLE
浏览文件 @
e0d6132b
...
...
@@ -1883,36 +1883,36 @@ $multilib =
*** debug-bodo
$cc = gcc
$cflags = -
DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion
$cflags = -
Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags =
$bn_ops =
BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
$cpuid_obj = x86cpuid.o
$bn_obj =
bn-586.o co-586.o x86-mont.o x86-gf2m
.o
$des_obj =
des-586.o crypt586.o
$aes_obj = aes-
586.o vpaes-x86.o aesni-x86
.o
$bf_obj =
bf-586.o
$md5_obj = md5-
586
.o
$sha1_obj = sha1-
586.o sha256-586.o sha512-586
.o
$cast_obj =
cast-586.o
$rc4_obj = rc4-
586
.o
$rmd160_obj =
rmd-586.o
$rc5_obj =
rc5-586.o
$wp_obj = wp
_block.o wp-mmx
.o
$cmll_obj = cmll-x86.o
$modes_obj = ghash-x86.o
$engines_obj = e_padlock-x86.o
$lflags =
-ldl
$bn_ops =
SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
$cpuid_obj = x86
_64
cpuid.o
$bn_obj =
x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64
.o
$des_obj =
$aes_obj = aes-
x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64
.o
$bf_obj =
$md5_obj = md5-
x86_64
.o
$sha1_obj = sha1-
x86_64.o sha256-x86_64.o sha512-x86_64
.o
$cast_obj =
$rc4_obj = rc4-
x86_64.o rc4-md5-x86_64
.o
$rmd160_obj =
$rc5_obj =
$wp_obj = wp
-x86_64
.o
$cmll_obj = cmll-x86
_64.o cmll_misc
.o
$modes_obj = ghash-x86
_64
.o
$engines_obj = e_padlock-x86
_64
.o
$perlasm_scheme = elf
$dso_scheme =
$shared_target=
$shared_cflag =
$shared_ldflag =
$shared_extension =
$dso_scheme =
dlfcn
$shared_target=
linux-shared
$shared_cflag =
-fPIC
$shared_ldflag =
-m64
$shared_extension =
.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$arflags =
$multilib =
$multilib =
64
*** debug-darwin-i386-cc
$cc = cc
...
...
@@ -5841,6 +5841,39 @@ $ranlib =
$arflags =
$multilib =
*** vxworks-mips
$cc = ccmips
$cflags = -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE="$(WIND_BASE)/target/lib/h/config/vsbConfig.h" -DB_ENDIAN -DCPU=MIPS32 -G 0 -mips2 -EB -Wl,-EB -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I$(WIND_BASE)/target/h -I$(WIND_BASE)/target/h/wrn/coreip
$unistd =
$thread_cflag =
$sys_id = VXWORKS
$lflags = -r
$bn_ops =
$cpuid_obj =
$bn_obj =
$des_obj =
$aes_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$wp_obj =
$cmll_obj =
$modes_obj =
$engines_obj =
$perlasm_scheme = void
$dso_scheme =
$shared_target=
$shared_cflag =
$shared_ldflag =
$shared_extension =
$ranlib = ranlibmips
$arflags =
$multilib =
*** vxworks-mipsle
$cc = ccmips
$cflags = -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I$(WIND_BASE)/target/h
...
...
@@ -6071,3 +6104,36 @@ $shared_extension =
$ranlib =
$arflags =
$multilib =
*** vxworks-simlinux
$cc = ccpentium
$cflags = -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE="$(WIND_BASE)/target/lib/h/config/vsbConfig.h" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I$(WIND_BASE)/target/h -I$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK
$unistd =
$thread_cflag =
$sys_id = VXWORKS
$lflags = -r
$bn_ops =
$cpuid_obj =
$bn_obj =
$des_obj =
$aes_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$wp_obj =
$cmll_obj =
$modes_obj =
$engines_obj =
$perlasm_scheme = void
$dso_scheme =
$shared_target=
$shared_cflag =
$shared_ldflag =
$shared_extension =
$ranlib = ranlibpentium
$arflags =
$multilib =
crypto/ec/ec.h
浏览文件 @
e0d6132b
...
...
@@ -151,7 +151,7 @@ const EC_METHOD *EC_GFp_mont_method(void);
*/
const
EC_METHOD
*
EC_GFp_nist_method
(
void
);
#if
def
EC_NISTP_64_GCC_128
#if
ndef OPENSSL_NO_
EC_NISTP_64_GCC_128
#ifndef OPENSSL_SYS_WIN32
/** Returns 64-bit optimized methods for nistp224
* \return EC_METHOD object
...
...
crypto/ec/ec_curve.c
浏览文件 @
e0d6132b
...
...
@@ -74,6 +74,7 @@
#include "ec_lcl.h"
#include <openssl/err.h>
#include <openssl/obj_mac.h>
#include <openssl/opensslconf.h>
typedef
struct
{
int
field_type
,
/* either NID_X9_62_prime_field or
...
...
@@ -1903,7 +1904,7 @@ static const ec_list_element curve_list[] = {
/* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
{
NID_secp192k1
,
&
_EC_SECG_PRIME_192K1
.
h
,
0
,
"SECG curve over a 192 bit prime field"
},
{
NID_secp224k1
,
&
_EC_SECG_PRIME_224K1
.
h
,
0
,
"SECG curve over a 224 bit prime field"
},
#if
def
EC_NISTP_64_GCC_128
#if
ndef OPENSSL_NO_
EC_NISTP_64_GCC_128
{
NID_secp224r1
,
&
_EC_NIST_PRIME_224
.
h
,
EC_GFp_nistp224_method
,
"NIST/SECG curve over a 224 bit prime field"
},
#else
{
NID_secp224r1
,
&
_EC_NIST_PRIME_224
.
h
,
0
,
"NIST/SECG curve over a 224 bit prime field"
},
...
...
@@ -1911,7 +1912,7 @@ static const ec_list_element curve_list[] = {
{
NID_secp256k1
,
&
_EC_SECG_PRIME_256K1
.
h
,
0
,
"SECG curve over a 256 bit prime field"
},
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
{
NID_secp384r1
,
&
_EC_NIST_PRIME_384
.
h
,
0
,
"NIST/SECG curve over a 384 bit prime field"
},
#if
def
EC_NISTP_64_GCC_128
#if
ndef OPENSSL_NO_
EC_NISTP_64_GCC_128
{
NID_secp521r1
,
&
_EC_NIST_PRIME_521
.
h
,
EC_GFp_nistp521_method
,
"NIST/SECG curve over a 521 bit prime field"
},
#else
{
NID_secp521r1
,
&
_EC_NIST_PRIME_521
.
h
,
0
,
"NIST/SECG curve over a 521 bit prime field"
},
...
...
@@ -1923,7 +1924,7 @@ static const ec_list_element curve_list[] = {
{
NID_X9_62_prime239v1
,
&
_EC_X9_62_PRIME_239V1
.
h
,
0
,
"X9.62 curve over a 239 bit prime field"
},
{
NID_X9_62_prime239v2
,
&
_EC_X9_62_PRIME_239V2
.
h
,
0
,
"X9.62 curve over a 239 bit prime field"
},
{
NID_X9_62_prime239v3
,
&
_EC_X9_62_PRIME_239V3
.
h
,
0
,
"X9.62 curve over a 239 bit prime field"
},
#if
def
EC_NISTP_64_GCC_128
#if
ndef OPENSSL_NO_
EC_NISTP_64_GCC_128
{
NID_X9_62_prime256v1
,
&
_EC_X9_62_PRIME_256V1
.
h
,
EC_GFp_nistp256_method
,
"X9.62/SECG curve over a 256 bit prime field"
},
#else
{
NID_X9_62_prime256v1
,
&
_EC_X9_62_PRIME_256V1
.
h
,
0
,
"X9.62/SECG curve over a 256 bit prime field"
},
...
...
crypto/ec/ec_lcl.h
浏览文件 @
e0d6132b
...
...
@@ -398,13 +398,13 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
int
ec_GF2m_precompute_mult
(
EC_GROUP
*
group
,
BN_CTX
*
ctx
);
int
ec_GF2m_have_precompute_mult
(
const
EC_GROUP
*
group
);
#ifdef EC_NISTP_64_GCC_128
/* method functions in ec2_mult.c */
int
ec_GF2m_simple_mul
(
const
EC_GROUP
*
group
,
EC_POINT
*
r
,
const
BIGNUM
*
scalar
,
size_t
num
,
const
EC_POINT
*
points
[],
const
BIGNUM
*
scalars
[],
BN_CTX
*
);
int
ec_GF2m_precompute_mult
(
EC_GROUP
*
group
,
BN_CTX
*
ctx
);
int
ec_GF2m_have_precompute_mult
(
const
EC_GROUP
*
group
);
#ifndef OPENSSL_EC_NISTP_64_GCC_128
/* method functions in ecp_nistp224.c */
int
ec_GFp_nistp224_group_init
(
EC_GROUP
*
group
);
int
ec_GFp_nistp224_group_set_curve
(
EC_GROUP
*
group
,
const
BIGNUM
*
p
,
const
BIGNUM
*
a
,
const
BIGNUM
*
n
,
BN_CTX
*
);
...
...
crypto/ec/ecp_nistp224.c
浏览文件 @
e0d6132b
...
...
@@ -24,7 +24,10 @@
* Inspired by Daniel J. Bernstein's public domain nistp224 implementation
* and Adam Langley's public domain 64-bit C implementation of curve25519
*/
#ifdef EC_NISTP_64_GCC_128
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
#include <stdint.h>
#include <string.h>
#include <openssl/err.h>
...
...
@@ -1000,9 +1003,9 @@ static void point_add(felem x3, felem y3, felem z3,
felem_assign
(
z3
,
z_out
);
}
/* select_point selects the |i
nde
x|th point from a precomputation table and
/* select_point selects the |i
d
x|th point from a precomputation table and
* copies it to out. */
static
void
select_point
(
const
u64
i
nde
x
,
unsigned
int
size
,
const
felem
pre_comp
[
/*size*/
][
3
],
felem
out
[
3
])
static
void
select_point
(
const
u64
i
d
x
,
unsigned
int
size
,
const
felem
pre_comp
[
/*size*/
][
3
],
felem
out
[
3
])
{
unsigned
i
,
j
;
limb
*
outlimbs
=
&
out
[
0
][
0
];
...
...
@@ -1011,7 +1014,7 @@ static void select_point(const u64 index, unsigned int size, const felem pre_com
for
(
i
=
0
;
i
<
size
;
i
++
)
{
const
limb
*
inlimbs
=
&
pre_comp
[
i
][
0
][
0
];
u64
mask
=
i
^
i
nde
x
;
u64
mask
=
i
^
i
d
x
;
mask
|=
mask
>>
4
;
mask
|=
mask
>>
2
;
mask
|=
mask
>>
1
;
...
...
crypto/ec/ecp_nistp256.c
浏览文件 @
e0d6132b
...
...
@@ -26,7 +26,8 @@
* work which got its smarts from Daniel J. Bernstein's work on the same.
*/
#ifdef EC_NISTP_64_GCC_128
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
#include <stdint.h>
#include <string.h>
...
...
@@ -363,6 +364,10 @@ static const felem zero110 = { two64m0, two110p32m0, two64m46, two64m32 };
static
void
felem_shrink
(
smallfelem
out
,
const
felem
in
)
{
felem
tmp
;
u64
a
,
b
,
mask
;
s64
high
,
low
;
static
const
u64
kPrime3Test
=
0x7fffffff00000001ul
;
/* 2^63 - 2^32 + 1 */
/* Carry 2->3 */
tmp
[
3
]
=
zero110
[
3
]
+
in
[
3
]
+
((
u64
)
(
in
[
2
]
>>
64
));
/* tmp[3] < 2^110 */
...
...
@@ -375,13 +380,13 @@ static void felem_shrink(smallfelem out, const felem in)
/* We perform two partial reductions where we eliminate the
* high-word of tmp[3]. We don't update the other words till the end.
*/
u64
a
=
tmp
[
3
]
>>
64
;
/* a < 2^46 */
a
=
tmp
[
3
]
>>
64
;
/* a < 2^46 */
tmp
[
3
]
=
(
u64
)
tmp
[
3
];
tmp
[
3
]
-=
a
;
tmp
[
3
]
+=
((
limb
)
a
)
<<
32
;
/* tmp[3] < 2^79 */
u64
b
=
a
;
b
=
a
;
a
=
tmp
[
3
]
>>
64
;
/* a < 2^15 */
b
+=
a
;
/* b < 2^46 + 2^15 < 2^47 */
tmp
[
3
]
=
(
u64
)
tmp
[
3
];
...
...
@@ -396,16 +401,15 @@ static void felem_shrink(smallfelem out, const felem in)
/* In order to make space in tmp[3] for the carry from 2 -> 3, we
* conditionally subtract kPrime if tmp[3] is large enough. */
static
const
u64
kPrime3Test
=
0x7fffffff00000001ul
;
/* 2^63 - 2^32 + 1 */
s64
high
=
tmp
[
3
]
>>
64
;
high
=
tmp
[
3
]
>>
64
;
/* As tmp[3] < 2^65, high is either 1 or 0 */
high
<<=
63
;
high
>>=
63
;
/* high is:
* all ones if the high word of tmp[3] is 1
* all zeros if the high word of tmp[3] if 0 */
s64
low
=
tmp
[
3
];
u64
mask
=
low
>>
63
;
low
=
tmp
[
3
];
mask
=
low
>>
63
;
/* mask is:
* all ones if the MSB of low is 1
* all zeros if the MSB of low if 0 */
...
...
@@ -815,7 +819,9 @@ static void felem_contract(smallfelem out, const felem in)
* compare each u64, from most-significant to least significant. For
* each one, if all words so far have been equal (m is all ones) then a
* non-equal result is the answer. Otherwise we continue. */
for
(
i
=
3
;
i
<
4
;
i
--
)
{
for
(
i
=
3
;
i
<
4
;
i
--
)
{
u64
equal
;
uint128_t
a
=
((
uint128_t
)
kPrime
[
i
])
-
out
[
i
];
/* if out[i] > kPrime[i] then a will underflow and the high
* 64-bits will all be set. */
...
...
@@ -823,7 +829,7 @@ static void felem_contract(smallfelem out, const felem in)
/* if kPrime[i] == out[i] then |equal| will be all zeros and
* the decrement will make it all ones. */
u64
equal
=
kPrime
[
i
]
^
out
[
i
];
equal
=
kPrime
[
i
]
^
out
[
i
];
equal
--
;
equal
&=
equal
<<
32
;
equal
&=
equal
<<
16
;
...
...
@@ -884,6 +890,7 @@ static void smallfelem_mul_contract(smallfelem out, const smallfelem in1, const
static
limb
smallfelem_is_zero
(
const
smallfelem
small
)
{
limb
result
;
u64
is_p
;
u64
is_zero
=
small
[
0
]
|
small
[
1
]
|
small
[
2
]
|
small
[
3
];
is_zero
--
;
...
...
@@ -895,7 +902,7 @@ static limb smallfelem_is_zero(const smallfelem small)
is_zero
&=
is_zero
<<
1
;
is_zero
=
((
s64
)
is_zero
)
>>
63
;
u64
is_p
=
(
small
[
0
]
^
kPrime
[
0
])
|
is_p
=
(
small
[
0
]
^
kPrime
[
0
])
|
(
small
[
1
]
^
kPrime
[
1
])
|
(
small
[
2
]
^
kPrime
[
2
])
|
(
small
[
3
]
^
kPrime
[
3
]);
...
...
@@ -1457,9 +1464,9 @@ static const smallfelem gmul[2][16][3] =
{
0x501e82885bc98cda
,
0x41ef80e5d046ac04
,
0x557d9f49461210fb
,
0x4ab5b6b2b8753f81
},
{
1
,
0
,
0
,
0
}}}};
/* select_point selects the |i
nde
x|th point from a precomputation table and
/* select_point selects the |i
d
x|th point from a precomputation table and
* copies it to out. */
static
void
select_point
(
const
u64
i
nde
x
,
unsigned
int
size
,
const
smallfelem
pre_comp
[
16
][
3
],
smallfelem
out
[
3
])
static
void
select_point
(
const
u64
i
d
x
,
unsigned
int
size
,
const
smallfelem
pre_comp
[
16
][
3
],
smallfelem
out
[
3
])
{
unsigned
i
,
j
;
u64
*
outlimbs
=
&
out
[
0
][
0
];
...
...
@@ -1468,7 +1475,7 @@ static void select_point(const u64 index, unsigned int size, const smallfelem pr
for
(
i
=
0
;
i
<
size
;
i
++
)
{
const
u64
*
inlimbs
=
(
u64
*
)
&
pre_comp
[
i
][
0
][
0
];
u64
mask
=
i
^
i
nde
x
;
u64
mask
=
i
^
i
d
x
;
mask
|=
mask
>>
4
;
mask
|=
mask
>>
2
;
mask
|=
mask
>>
1
;
...
...
@@ -1784,7 +1791,8 @@ int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group,
felem_contract
(
y_out
,
y_in
);
if
(
y
!=
NULL
)
{
if
(
!
smallfelem_to_BN
(
y
,
y_out
))
{
if
(
!
smallfelem_to_BN
(
y
,
y_out
))
{
ECerr
(
EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES
,
ERR_R_BN_LIB
);
return
0
;
...
...
@@ -1793,7 +1801,7 @@ int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group,
return
1
;
}
static
void
make_points_affine
(
size_t
num
,
smallfelem
points
[
num
][
3
],
smallfelem
tmp_smallfelems
[
num
+
1
])
static
void
make_points_affine
(
size_t
num
,
smallfelem
points
[
/* num */
][
3
],
smallfelem
tmp_smallfelems
[
/* num+1 */
])
{
/* Runs in constant time, unless an input is the point at infinity
* (which normally shouldn't happen). */
...
...
crypto/ec/ecp_nistp521.c
浏览文件 @
e0d6132b
...
...
@@ -26,7 +26,8 @@
* work which got its smarts from Daniel J. Bernstein's work on the same.
*/
#ifdef EC_NISTP_64_GCC_128
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
#include <stdint.h>
#include <string.h>
...
...
@@ -339,7 +340,7 @@ static void felem_diff64(felem out, const felem in)
*/
static
void
felem_diff_128_64
(
largefelem
out
,
const
felem
in
)
{
/
/ In order to prevent underflow, we add 0 mod p before subtracting.
/
* In order to prevent underflow, we add 0 mod p before subtracting. */
static
const
limb
two63m6
=
(((
limb
)
1
)
<<
62
)
-
(((
limb
)
1
)
<<
5
);
static
const
limb
two63m5
=
(((
limb
)
1
)
<<
62
)
-
(((
limb
)
1
)
<<
4
);
...
...
@@ -362,7 +363,7 @@ static void felem_diff_128_64(largefelem out, const felem in)
*/
static
void
felem_diff128
(
largefelem
out
,
const
largefelem
in
)
{
/
/ In order to prevent underflow, we add 0 mod p before subtracting.
/
* In order to prevent underflow, we add 0 mod p before subtracting. */
static
const
uint128_t
two127m70
=
(((
uint128_t
)
1
)
<<
127
)
-
(((
uint128_t
)
1
)
<<
70
);
static
const
uint128_t
two127m69
=
(((
uint128_t
)
1
)
<<
127
)
-
(((
uint128_t
)
1
)
<<
69
);
...
...
@@ -431,40 +432,40 @@ static void felem_square(largefelem out, const felem in)
* the inputs to the multiplication. If we want to double for both this
* reason, and the reason above, then we end up multiplying by four. */
/
/ 9
/
* 9 */
out
[
0
]
+=
((
uint128_t
)
in
[
1
])
*
inx4
[
8
]
+
((
uint128_t
)
in
[
2
])
*
inx4
[
7
]
+
((
uint128_t
)
in
[
3
])
*
inx4
[
6
]
+
((
uint128_t
)
in
[
4
])
*
inx4
[
5
];
/
/ 10
/
* 10 */
out
[
1
]
+=
((
uint128_t
)
in
[
2
])
*
inx4
[
8
]
+
((
uint128_t
)
in
[
3
])
*
inx4
[
7
]
+
((
uint128_t
)
in
[
4
])
*
inx4
[
6
]
+
((
uint128_t
)
in
[
5
])
*
inx2
[
5
];
/
/ 11
/
* 11 */
out
[
2
]
+=
((
uint128_t
)
in
[
3
])
*
inx4
[
8
]
+
((
uint128_t
)
in
[
4
])
*
inx4
[
7
]
+
((
uint128_t
)
in
[
5
])
*
inx4
[
6
];
/
/ 12
/
* 12 */
out
[
3
]
+=
((
uint128_t
)
in
[
4
])
*
inx4
[
8
]
+
((
uint128_t
)
in
[
5
])
*
inx4
[
7
]
+
((
uint128_t
)
in
[
6
])
*
inx2
[
6
];
/
/ 13
/
* 13 */
out
[
4
]
+=
((
uint128_t
)
in
[
5
])
*
inx4
[
8
]
+
((
uint128_t
)
in
[
6
])
*
inx4
[
7
];
/
/ 14
/
* 14 */
out
[
5
]
+=
((
uint128_t
)
in
[
6
])
*
inx4
[
8
]
+
((
uint128_t
)
in
[
7
])
*
inx2
[
7
];
/
/ 15
/
* 15 */
out
[
6
]
+=
((
uint128_t
)
in
[
7
])
*
inx4
[
8
];
/
/ 16
/
* 16 */
out
[
7
]
+=
((
uint128_t
)
in
[
8
])
*
inx2
[
8
];
}
...
...
@@ -591,6 +592,8 @@ static const limb bottom52bits = 0xfffffffffffff;
*/
static
void
felem_reduce
(
felem
out
,
const
largefelem
in
)
{
u64
overflow1
,
overflow2
;
out
[
0
]
=
((
limb
)
in
[
0
])
&
bottom58bits
;
out
[
1
]
=
((
limb
)
in
[
1
])
&
bottom58bits
;
out
[
2
]
=
((
limb
)
in
[
2
])
&
bottom58bits
;
...
...
@@ -637,11 +640,11 @@ static void felem_reduce(felem out, const largefelem in)
out
[
8
]
+=
(((
limb
)
(
in
[
7
]
>>
64
))
&
bottom52bits
)
<<
6
;
/* out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12
* < 2^59 + 2^13 */
u64
overflow1
=
((
limb
)
(
in
[
7
]
>>
64
))
>>
52
;
overflow1
=
((
limb
)
(
in
[
7
]
>>
64
))
>>
52
;
overflow1
+=
((
limb
)
in
[
8
])
>>
58
;
overflow1
+=
(((
limb
)
(
in
[
8
]
>>
64
))
&
bottom52bits
)
<<
6
;
u64
overflow2
=
((
limb
)
(
in
[
8
]
>>
64
))
>>
52
;
overflow2
=
((
limb
)
(
in
[
8
]
>>
64
))
>>
52
;
overflow1
<<=
1
;
/* overflow1 < 2^13 + 2^7 + 2^59 */
overflow2
<<=
1
;
/* overflow2 < 2^13 */
...
...
@@ -800,8 +803,8 @@ static limb felem_is_zero(const felem in)
is_zero
|=
ftmp
[
8
];
is_zero
--
;
/
/
We know that ftmp[i] < 2^63, therefore the only way that the top bit
// can be set is if is_zero was 0 before the decrement.
/
*
We know that ftmp[i] < 2^63, therefore the only way that the top bit
* can be set is if is_zero was 0 before the decrement. */
is_zero
=
((
s64
)
is_zero
)
>>
63
;
is_p
=
ftmp
[
0
]
^
kPrime
[
0
];
...
...
@@ -1341,9 +1344,9 @@ static const felem gmul[16][3] =
0x0154536a0c6e966a
,
0x037964d1286ee9fe
,
0x0199bcd90e125055
},
{
1
,
0
,
0
,
0
,
0
,
0
,
0
,
0
,
0
}}};
/* select_point selects the |i
nde
x|th point from a precomputation table and
/* select_point selects the |i
d
x|th point from a precomputation table and
* copies it to out. */
static
void
select_point
(
const
limb
i
ndex
,
unsigned
int
size
,
const
felem
pre_comp
[
size
][
3
],
static
void
select_point
(
const
limb
i
dx
,
unsigned
int
size
,
const
felem
pre_comp
[
/* size */
][
3
],
felem
out
[
3
])
{
unsigned
i
,
j
;
...
...
@@ -1353,7 +1356,7 @@ static void select_point(const limb index, unsigned int size, const felem pre_co
for
(
i
=
0
;
i
<
size
;
i
++
)
{
const
limb
*
inlimbs
=
&
pre_comp
[
i
][
0
][
0
];
limb
mask
=
i
^
i
nde
x
;
limb
mask
=
i
^
i
d
x
;
mask
|=
mask
>>
4
;
mask
|=
mask
>>
2
;
mask
|=
mask
>>
1
;
...
...
@@ -1663,7 +1666,7 @@ int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group,
return
1
;
}
static
void
make_points_affine
(
size_t
num
,
felem
points
[
num
][
3
],
felem
tmp_felems
[
num
+
1
])
static
void
make_points_affine
(
size_t
num
,
felem
points
[
/* num */
][
3
],
felem
tmp_felems
[
/* num+1 */
])
{
/* Runs in constant time, unless an input is the point at infinity
* (which normally shouldn't happen). */
...
...
crypto/ec/ecp_nistputil.c
浏览文件 @
e0d6132b
...
...
@@ -18,7 +18,8 @@
* limitations under the License.
*/
#ifdef EC_NISTP_64_GCC_128
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
/*
* Common utility functions for ecp_nistp224.c, ecp_nistp256.c, ecp_nistp521.c.
...
...
crypto/ec/ectest.c
浏览文件 @
e0d6132b
...
...
@@ -94,6 +94,7 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur
#include <openssl/objects.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
#include <openssl/opensslconf.h>
#if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12)
/* suppress "too big too optimize" warning */
...
...
@@ -1270,7 +1271,7 @@ static void internal_curve_test(void)
return
;
}
#if
def
EC_NISTP_64_GCC_128
#if
ndef OPENSSL_NO_
EC_NISTP_64_GCC_128
/* nistp_test_params contains magic numbers for testing our optimized
* implementations of several NIST curves with characteristic > 3. */
struct
nistp_test_params
...
...
@@ -1331,16 +1332,18 @@ static const struct nistp_test_params nistp_tests_params[] =
void
nistp_single_test
(
const
struct
nistp_test_params
*
test
)
{
fprintf
(
stdout
,
"
\n
NIST curve P-%d (optimised implementation):
\n
"
,
test
->
degree
)
;
BN_CTX
*
ctx
;
BIGNUM
*
p
,
*
a
,
*
b
,
*
x
,
*
y
,
*
n
,
*
m
,
*
order
;
EC_GROUP
*
NISTP
;
EC_POINT
*
G
,
*
P
,
*
Q
,
*
Q_CHECK
;
fprintf
(
stdout
,
"
\n
NIST curve P-%d (optimised implementation):
\n
"
,
test
->
degree
);
ctx
=
BN_CTX_new
();
p
=
BN_new
();
a
=
BN_new
();
b
=
BN_new
();
x
=
BN_new
();
y
=
BN_new
();
m
=
BN_new
();
n
=
BN_new
();
order
=
BN_new
();
BN_CTX
*
ctx
=
BN_CTX_new
();
EC_GROUP
*
NISTP
;
EC_POINT
*
G
,
*
P
,
*
Q
,
*
Q_CHECK
;
NISTP
=
EC_GROUP_new
(
test
->
meth
());
if
(
!
NISTP
)
ABORT
;
...
...
@@ -1467,7 +1470,7 @@ int main(int argc, char *argv[])
#ifndef OPENSSL_NO_EC2M
char2_field_tests
();
#endif
#if
def
EC_NISTP_64_GCC_128
#if
ndef OPENSSL_NO_
EC_NISTP_64_GCC_128
nistp_tests
();
#endif
/* test the internal curves */
...
...
util/mkdef.pl
浏览文件 @
e0d6132b
...
...
@@ -87,8 +87,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"
SHA256
",
"
SHA512
",
"
RIPEMD
",
"
MDC2
",
"
WHIRLPOOL
",
"
RSA
",
"
DSA
",
"
DH
",
"
EC
",
"
ECDH
",
"
ECDSA
",
"
EC2M
",
"
HMAC
",
"
AES
",
"
CAMELLIA
",
"
SEED
",
"
GOST
",
# EC
P_NISTP224
"
EC_NISTP
224
_64_GCC_128
",
# EC
_NISTP_64_GCC_128
"
EC_NISTP_64_GCC_128
",
# Envelope "algorithms"
"
EVP
",
"
X509
",
"
ASN1_TYPEDEFS
",
# Helper "algorithms"
...
...
@@ -1189,7 +1189,7 @@ sub is_valid
if
(
$keyword
eq
"
TLSEXT
"
&&
$no_tlsext
)
{
return
0
;
}
if
(
$keyword
eq
"
PSK
"
&&
$no_psk
)
{
return
0
;
}
if
(
$keyword
eq
"
CMS
"
&&
$no_cms
)
{
return
0
;
}
if
(
$keyword
eq
"
EC_NISTP
224
_64_GCC_128
"
&&
$no_nistp_gcc
)
if
(
$keyword
eq
"
EC_NISTP_64_GCC_128
"
&&
$no_nistp_gcc
)
{
return
0
;
}
if
(
$keyword
eq
"
EC2M
"
&&
$no_ec2m
)
{
return
0
;
}
if
(
$keyword
eq
"
NEXTPROTONEG
"
&&
$no_nextprotoneg
)
{
return
0
;
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录