summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ec/ecp_nistp256.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/ec/ecp_nistp256.c')
-rw-r--r--src/lib/libcrypto/ec/ecp_nistp256.c110
1 files changed, 55 insertions, 55 deletions
diff --git a/src/lib/libcrypto/ec/ecp_nistp256.c b/src/lib/libcrypto/ec/ecp_nistp256.c
index 674143cc3e..57b003aefa 100644
--- a/src/lib/libcrypto/ec/ecp_nistp256.c
+++ b/src/lib/libcrypto/ec/ecp_nistp256.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecp_nistp256.c,v 1.24 2021/04/20 17:28:18 tb Exp $ */ 1/* $OpenBSD: ecp_nistp256.c,v 1.25 2021/04/20 17:38:02 tb Exp $ */
2/* 2/*
3 * Written by Adam Langley (Google) for the OpenSSL project 3 * Written by Adam Langley (Google) for the OpenSSL project
4 */ 4 */
@@ -115,7 +115,7 @@ static const u64 bottom63bits = 0x7ffffffffffffffful;
115 115
116/* bin32_to_felem takes a little-endian byte array and converts it into felem 116/* bin32_to_felem takes a little-endian byte array and converts it into felem
117 * form. This assumes that the CPU is little-endian. */ 117 * form. This assumes that the CPU is little-endian. */
118static void 118static void
119bin32_to_felem(felem out, const u8 in[32]) 119bin32_to_felem(felem out, const u8 in[32])
120{ 120{
121 out[0] = *((u64 *) & in[0]); 121 out[0] = *((u64 *) & in[0]);
@@ -126,7 +126,7 @@ bin32_to_felem(felem out, const u8 in[32])
126 126
127/* smallfelem_to_bin32 takes a smallfelem and serialises into a little endian, 127/* smallfelem_to_bin32 takes a smallfelem and serialises into a little endian,
128 * 32 byte array. This assumes that the CPU is little-endian. */ 128 * 32 byte array. This assumes that the CPU is little-endian. */
129static void 129static void
130smallfelem_to_bin32(u8 out[32], const smallfelem in) 130smallfelem_to_bin32(u8 out[32], const smallfelem in)
131{ 131{
132 *((u64 *) & out[0]) = in[0]; 132 *((u64 *) & out[0]) = in[0];
@@ -136,7 +136,7 @@ smallfelem_to_bin32(u8 out[32], const smallfelem in)
136} 136}
137 137
138/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ 138/* To preserve endianness when using BN_bn2bin and BN_bin2bn */
139static void 139static void
140flip_endian(u8 * out, const u8 * in, unsigned len) 140flip_endian(u8 * out, const u8 * in, unsigned len)
141{ 141{
142 unsigned i; 142 unsigned i;
@@ -145,7 +145,7 @@ flip_endian(u8 * out, const u8 * in, unsigned len)
145} 145}
146 146
147/* BN_to_felem converts an OpenSSL BIGNUM into an felem */ 147/* BN_to_felem converts an OpenSSL BIGNUM into an felem */
148static int 148static int
149BN_to_felem(felem out, const BIGNUM * bn) 149BN_to_felem(felem out, const BIGNUM * bn)
150{ 150{
151 felem_bytearray b_in; 151 felem_bytearray b_in;
@@ -183,7 +183,7 @@ smallfelem_to_BN(BIGNUM * out, const smallfelem in)
183/* Field operations 183/* Field operations
184 * ---------------- */ 184 * ---------------- */
185 185
186static void 186static void
187smallfelem_one(smallfelem out) 187smallfelem_one(smallfelem out)
188{ 188{
189 out[0] = 1; 189 out[0] = 1;
@@ -192,7 +192,7 @@ smallfelem_one(smallfelem out)
192 out[3] = 0; 192 out[3] = 0;
193} 193}
194 194
195static void 195static void
196smallfelem_assign(smallfelem out, const smallfelem in) 196smallfelem_assign(smallfelem out, const smallfelem in)
197{ 197{
198 out[0] = in[0]; 198 out[0] = in[0];
@@ -201,7 +201,7 @@ smallfelem_assign(smallfelem out, const smallfelem in)
201 out[3] = in[3]; 201 out[3] = in[3];
202} 202}
203 203
204static void 204static void
205felem_assign(felem out, const felem in) 205felem_assign(felem out, const felem in)
206{ 206{
207 out[0] = in[0]; 207 out[0] = in[0];
@@ -211,7 +211,7 @@ felem_assign(felem out, const felem in)
211} 211}
212 212
213/* felem_sum sets out = out + in. */ 213/* felem_sum sets out = out + in. */
214static void 214static void
215felem_sum(felem out, const felem in) 215felem_sum(felem out, const felem in)
216{ 216{
217 out[0] += in[0]; 217 out[0] += in[0];
@@ -221,7 +221,7 @@ felem_sum(felem out, const felem in)
221} 221}
222 222
223/* felem_small_sum sets out = out + in. */ 223/* felem_small_sum sets out = out + in. */
224static void 224static void
225felem_small_sum(felem out, const smallfelem in) 225felem_small_sum(felem out, const smallfelem in)
226{ 226{
227 out[0] += in[0]; 227 out[0] += in[0];
@@ -231,7 +231,7 @@ felem_small_sum(felem out, const smallfelem in)
231} 231}
232 232
233/* felem_scalar sets out = out * scalar */ 233/* felem_scalar sets out = out * scalar */
234static void 234static void
235felem_scalar(felem out, const u64 scalar) 235felem_scalar(felem out, const u64 scalar)
236{ 236{
237 out[0] *= scalar; 237 out[0] *= scalar;
@@ -241,7 +241,7 @@ felem_scalar(felem out, const u64 scalar)
241} 241}
242 242
243/* longfelem_scalar sets out = out * scalar */ 243/* longfelem_scalar sets out = out * scalar */
244static void 244static void
245longfelem_scalar(longfelem out, const u64 scalar) 245longfelem_scalar(longfelem out, const u64 scalar)
246{ 246{
247 out[0] *= scalar; 247 out[0] *= scalar;
@@ -265,7 +265,7 @@ static const felem zero105 = {two105m41m9, two105, two105m41p9, two105m41p9};
265 * On exit: 265 * On exit:
266 * out[i] < out[i] + 2^105 266 * out[i] < out[i] + 2^105
267 */ 267 */
268static void 268static void
269smallfelem_neg(felem out, const smallfelem small) 269smallfelem_neg(felem out, const smallfelem small)
270{ 270{
271 /* In order to prevent underflow, we subtract from 0 mod p. */ 271 /* In order to prevent underflow, we subtract from 0 mod p. */
@@ -281,7 +281,7 @@ smallfelem_neg(felem out, const smallfelem small)
281 * On exit: 281 * On exit:
282 * out[i] < out[i] + 2^105 282 * out[i] < out[i] + 2^105
283 */ 283 */
284static void 284static void
285felem_diff(felem out, const felem in) 285felem_diff(felem out, const felem in)
286{ 286{
287 /* In order to prevent underflow, we add 0 mod p before subtracting. */ 287 /* In order to prevent underflow, we add 0 mod p before subtracting. */
@@ -310,7 +310,7 @@ static const felem zero107 = {two107m43m11, two107, two107m43p11, two107m43p11};
310 * On exit: 310 * On exit:
311 * out[i] < out[i] + 2^107 311 * out[i] < out[i] + 2^107
312 */ 312 */
313static void 313static void
314felem_diff_zero107(felem out, const felem in) 314felem_diff_zero107(felem out, const felem in)
315{ 315{
316 /* In order to prevent underflow, we add 0 mod p before subtracting. */ 316 /* In order to prevent underflow, we add 0 mod p before subtracting. */
@@ -331,7 +331,7 @@ felem_diff_zero107(felem out, const felem in)
331 * On exit: 331 * On exit:
332 * out[i] < out[i] + 2^70 + 2^40 332 * out[i] < out[i] + 2^70 + 2^40
333 */ 333 */
334static void 334static void
335longfelem_diff(longfelem out, const longfelem in) 335longfelem_diff(longfelem out, const longfelem in)
336{ 336{
337 static const limb two70m8p6 = (((limb) 1) << 70) - (((limb) 1) << 8) + (((limb) 1) << 6); 337 static const limb two70m8p6 = (((limb) 1) << 70) - (((limb) 1) << 8) + (((limb) 1) << 6);
@@ -377,7 +377,7 @@ static const felem zero110 = {two64m0, two110p32m0, two64m46, two64m32};
377 * On exit: 377 * On exit:
378 * out[i] < 2^64 378 * out[i] < 2^64
379 */ 379 */
380static void 380static void
381felem_shrink(smallfelem out, const felem in) 381felem_shrink(smallfelem out, const felem in)
382{ 382{
383 felem tmp; 383 felem tmp;
@@ -468,7 +468,7 @@ felem_shrink(smallfelem out, const felem in)
468} 468}
469 469
470/* smallfelem_expand converts a smallfelem to an felem */ 470/* smallfelem_expand converts a smallfelem to an felem */
471static void 471static void
472smallfelem_expand(felem out, const smallfelem in) 472smallfelem_expand(felem out, const smallfelem in)
473{ 473{
474 out[0] = in[0]; 474 out[0] = in[0];
@@ -483,7 +483,7 @@ smallfelem_expand(felem out, const smallfelem in)
483 * On exit: 483 * On exit:
484 * out[i] < 7 * 2^64 < 2^67 484 * out[i] < 7 * 2^64 < 2^67
485 */ 485 */
486static void 486static void
487smallfelem_square(longfelem out, const smallfelem small) 487smallfelem_square(longfelem out, const smallfelem small)
488{ 488{
489 limb a; 489 limb a;
@@ -562,7 +562,7 @@ smallfelem_square(longfelem out, const smallfelem small)
562 * On exit: 562 * On exit:
563 * out[i] < 7 * 2^64 < 2^67 563 * out[i] < 7 * 2^64 < 2^67
564 */ 564 */
565static void 565static void
566felem_square(longfelem out, const felem in) 566felem_square(longfelem out, const felem in)
567{ 567{
568 u64 small[4]; 568 u64 small[4];
@@ -577,7 +577,7 @@ felem_square(longfelem out, const felem in)
577 * On exit: 577 * On exit:
578 * out[i] < 7 * 2^64 < 2^67 578 * out[i] < 7 * 2^64 < 2^67
579 */ 579 */
580static void 580static void
581smallfelem_mul(longfelem out, const smallfelem small1, const smallfelem small2) 581smallfelem_mul(longfelem out, const smallfelem small1, const smallfelem small2)
582{ 582{
583 limb a; 583 limb a;
@@ -693,7 +693,7 @@ smallfelem_mul(longfelem out, const smallfelem small1, const smallfelem small2)
693 * On exit: 693 * On exit:
694 * out[i] < 7 * 2^64 < 2^67 694 * out[i] < 7 * 2^64 < 2^67
695 */ 695 */
696static void 696static void
697felem_mul(longfelem out, const felem in1, const felem in2) 697felem_mul(longfelem out, const felem in1, const felem in2)
698{ 698{
699 smallfelem small1, small2; 699 smallfelem small1, small2;
@@ -709,7 +709,7 @@ felem_mul(longfelem out, const felem in1, const felem in2)
709 * On exit: 709 * On exit:
710 * out[i] < 7 * 2^64 < 2^67 710 * out[i] < 7 * 2^64 < 2^67
711 */ 711 */
712static void 712static void
713felem_small_mul(longfelem out, const smallfelem small1, const felem in2) 713felem_small_mul(longfelem out, const smallfelem small1, const felem in2)
714{ 714{
715 smallfelem small2; 715 smallfelem small2;
@@ -736,7 +736,7 @@ static const felem zero100 = {two100m36m4, two100, two100m36p4, two100m36p4};
736 * out[2] <= out[2] + in[7] + 2*in[6] + 2^33*in[7] 736 * out[2] <= out[2] + in[7] + 2*in[6] + 2^33*in[7]
737 * out[3] <= out[3] + 2^32*in[4] + 3*in[7] 737 * out[3] <= out[3] + 2^32*in[4] + 3*in[7]
738 */ 738 */
739static void 739static void
740felem_reduce_(felem out, const longfelem in) 740felem_reduce_(felem out, const longfelem in)
741{ 741{
742 int128_t c; 742 int128_t c;
@@ -779,7 +779,7 @@ felem_reduce_(felem out, const longfelem in)
779 * On exit: 779 * On exit:
780 * out[i] < 2^101 780 * out[i] < 2^101
781 */ 781 */
782static void 782static void
783felem_reduce(felem out, const longfelem in) 783felem_reduce(felem out, const longfelem in)
784{ 784{
785 out[0] = zero100[0] + in[0]; 785 out[0] = zero100[0] + in[0];
@@ -794,7 +794,7 @@ felem_reduce(felem out, const longfelem in)
794 * out[1] > 2^100 - 2^64 - 7*2^96 > 0 out[2] > 2^100 - 2^36 + 2^4 - 794 * out[1] > 2^100 - 2^64 - 7*2^96 > 0 out[2] > 2^100 - 2^36 + 2^4 -
795 * 5*2^64 - 5*2^96 > 0 out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 795 * 5*2^64 - 5*2^96 > 0 out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96
796 * - 3*2^96 > 0 796 * - 3*2^96 > 0
797 * 797 *
798 * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101 out[1] < 2^100 + 798 * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101 out[1] < 2^100 +
799 * 3*2^64 + 5*2^64 + 3*2^97 < 2^101 out[2] < 2^100 + 5*2^64 + 2^64 + 799 * 3*2^64 + 5*2^64 + 3*2^97 < 2^101 out[2] < 2^100 + 5*2^64 + 2^64 +
800 * 3*2^65 + 2^97 < 2^101 out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 < 800 * 3*2^65 + 2^97 < 2^101 out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 <
@@ -808,7 +808,7 @@ felem_reduce(felem out, const longfelem in)
808 * On exit: 808 * On exit:
809 * out[i] < 2^106 809 * out[i] < 2^106
810 */ 810 */
811static void 811static void
812felem_reduce_zero105(felem out, const longfelem in) 812felem_reduce_zero105(felem out, const longfelem in)
813{ 813{
814 out[0] = zero105[0] + in[0]; 814 out[0] = zero105[0] + in[0];
@@ -823,7 +823,7 @@ felem_reduce_zero105(felem out, const longfelem in)
823 * out[1] > 2^105 - 2^71 - 2^103 > 0 out[2] > 2^105 - 2^41 + 2^9 - 823 * out[1] > 2^105 - 2^71 - 2^103 > 0 out[2] > 2^105 - 2^41 + 2^9 -
824 * 2^71 - 2^103 > 0 out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 824 * 2^71 - 2^103 > 0 out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 -
825 * 2^103 > 0 825 * 2^103 > 0
826 * 826 *
827 * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 out[1] < 2^105 + 2^71 + 827 * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 out[1] < 2^105 + 2^71 +
828 * 2^71 + 2^103 < 2^106 out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 828 * 2^71 + 2^103 < 2^106 out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 <
829 * 2^106 out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106 829 * 2^106 out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106
@@ -832,7 +832,7 @@ felem_reduce_zero105(felem out, const longfelem in)
832 832
833/* subtract_u64 sets *result = *result - v and *carry to one if the subtraction 833/* subtract_u64 sets *result = *result - v and *carry to one if the subtraction
834 * underflowed. */ 834 * underflowed. */
835static void 835static void
836subtract_u64(u64 * result, u64 * carry, u64 v) 836subtract_u64(u64 * result, u64 * carry, u64 v)
837{ 837{
838 uint128_t r = *result; 838 uint128_t r = *result;
@@ -845,7 +845,7 @@ subtract_u64(u64 * result, u64 * carry, u64 v)
845 * On entry: 845 * On entry:
846 * in[i] < 2^109 846 * in[i] < 2^109
847 */ 847 */
848static void 848static void
849felem_contract(smallfelem out, const felem in) 849felem_contract(smallfelem out, const felem in)
850{ 850{
851 unsigned i; 851 unsigned i;
@@ -909,7 +909,7 @@ felem_contract(smallfelem out, const felem in)
909 subtract_u64(&out[3], &carry, result & kPrime[3]); 909 subtract_u64(&out[3], &carry, result & kPrime[3]);
910} 910}
911 911
912static void 912static void
913smallfelem_square_contract(smallfelem out, const smallfelem in) 913smallfelem_square_contract(smallfelem out, const smallfelem in)
914{ 914{
915 longfelem longtmp; 915 longfelem longtmp;
@@ -920,7 +920,7 @@ smallfelem_square_contract(smallfelem out, const smallfelem in)
920 felem_contract(out, tmp); 920 felem_contract(out, tmp);
921} 921}
922 922
923static void 923static void
924smallfelem_mul_contract(smallfelem out, const smallfelem in1, const smallfelem in2) 924smallfelem_mul_contract(smallfelem out, const smallfelem in1, const smallfelem in2)
925{ 925{
926 longfelem longtmp; 926 longfelem longtmp;
@@ -936,7 +936,7 @@ smallfelem_mul_contract(smallfelem out, const smallfelem in1, const smallfelem i
936 * On entry: 936 * On entry:
937 * small[i] < 2^64 937 * small[i] < 2^64
938 */ 938 */
939static limb 939static limb
940smallfelem_is_zero(const smallfelem small) 940smallfelem_is_zero(const smallfelem small)
941{ 941{
942 limb result; 942 limb result;
@@ -972,7 +972,7 @@ smallfelem_is_zero(const smallfelem small)
972 return result; 972 return result;
973} 973}
974 974
975static int 975static int
976smallfelem_is_zero_int(const smallfelem small) 976smallfelem_is_zero_int(const smallfelem small)
977{ 977{
978 return (int) (smallfelem_is_zero(small) & ((limb) 1)); 978 return (int) (smallfelem_is_zero(small) & ((limb) 1));
@@ -985,7 +985,7 @@ smallfelem_is_zero_int(const smallfelem small)
985 * a^{p-1} = 1 (mod p) 985 * a^{p-1} = 1 (mod p)
986 * a^{p-2} = a^{-1} (mod p) 986 * a^{p-2} = a^{-1} (mod p)
987 */ 987 */
988static void 988static void
989felem_inv(felem out, const felem in) 989felem_inv(felem out, const felem in)
990{ 990{
991 felem ftmp, ftmp2; 991 felem ftmp, ftmp2;
@@ -1080,7 +1080,7 @@ felem_inv(felem out, const felem in)
1080 felem_reduce(out, tmp); /* 2^256 - 2^224 + 2^192 + 2^96 - 3 */ 1080 felem_reduce(out, tmp); /* 2^256 - 2^224 + 2^192 + 2^96 - 3 */
1081} 1081}
1082 1082
1083static void 1083static void
1084smallfelem_inv_contract(smallfelem out, const smallfelem in) 1084smallfelem_inv_contract(smallfelem out, const smallfelem in)
1085{ 1085{
1086 felem tmp; 1086 felem tmp;
@@ -1233,7 +1233,7 @@ copy_small_conditional(felem out, const smallfelem in, limb mask)
1233 * are equal, (while not equal to the point at infinity). This case never 1233 * are equal, (while not equal to the point at infinity). This case never
1234 * happens during single point multiplication, so there is no timing leak for 1234 * happens during single point multiplication, so there is no timing leak for
1235 * ECDH or ECDSA signing. */ 1235 * ECDH or ECDSA signing. */
1236static void 1236static void
1237point_add(felem x3, felem y3, felem z3, 1237point_add(felem x3, felem y3, felem z3,
1238 const felem x1, const felem y1, const felem z1, 1238 const felem x1, const felem y1, const felem z1,
1239 const int mixed, const smallfelem x2, const smallfelem y2, const smallfelem z2) 1239 const int mixed, const smallfelem x2, const smallfelem y2, const smallfelem z2)
@@ -1393,7 +1393,7 @@ point_add(felem x3, felem y3, felem z3,
1393 1393
1394/* point_add_small is the same as point_add, except that it operates on 1394/* point_add_small is the same as point_add, except that it operates on
1395 * smallfelems */ 1395 * smallfelems */
1396static void 1396static void
1397point_add_small(smallfelem x3, smallfelem y3, smallfelem z3, 1397point_add_small(smallfelem x3, smallfelem y3, smallfelem z3,
1398 smallfelem x1, smallfelem y1, smallfelem z1, 1398 smallfelem x1, smallfelem y1, smallfelem z1,
1399 smallfelem x2, smallfelem y2, smallfelem z2) 1399 smallfelem x2, smallfelem y2, smallfelem z2)
@@ -1545,7 +1545,7 @@ static const smallfelem gmul[2][16][3] =
1545 1545
1546/* select_point selects the |idx|th point from a precomputation table and 1546/* select_point selects the |idx|th point from a precomputation table and
1547 * copies it to out. */ 1547 * copies it to out. */
1548static void 1548static void
1549select_point(const u64 idx, unsigned int size, const smallfelem pre_comp[16][3], smallfelem out[3]) 1549select_point(const u64 idx, unsigned int size, const smallfelem pre_comp[16][3], smallfelem out[3])
1550{ 1550{
1551 unsigned i, j; 1551 unsigned i, j;
@@ -1566,7 +1566,7 @@ select_point(const u64 idx, unsigned int size, const smallfelem pre_comp[16][3],
1566} 1566}
1567 1567
1568/* get_bit returns the |i|th bit in |in| */ 1568/* get_bit returns the |i|th bit in |in| */
1569static char 1569static char
1570get_bit(const felem_bytearray in, int i) 1570get_bit(const felem_bytearray in, int i)
1571{ 1571{
1572 if ((i < 0) || (i >= 256)) 1572 if ((i < 0) || (i >= 256))
@@ -1579,7 +1579,7 @@ get_bit(const felem_bytearray in, int i)
1579 * the scalars in scalars[]. If g_scalar is non-NULL, we also add this multiple 1579 * the scalars in scalars[]. If g_scalar is non-NULL, we also add this multiple
1580 * of the generator, using certain (large) precomputed multiples in g_pre_comp. 1580 * of the generator, using certain (large) precomputed multiples in g_pre_comp.
1581 * Output point (X, Y, Z) is stored in x_out, y_out, z_out */ 1581 * Output point (X, Y, Z) is stored in x_out, y_out, z_out */
1582static void 1582static void
1583batch_mul(felem x_out, felem y_out, felem z_out, 1583batch_mul(felem x_out, felem y_out, felem z_out,
1584 const felem_bytearray scalars[], const unsigned num_points, const u8 * g_scalar, 1584 const felem_bytearray scalars[], const unsigned num_points, const u8 * g_scalar,
1585 const int mixed, const smallfelem pre_comp[][17][3], const smallfelem g_pre_comp[2][16][3]) 1585 const int mixed, const smallfelem pre_comp[][17][3], const smallfelem g_pre_comp[2][16][3])
@@ -1698,20 +1698,20 @@ EC_GFp_nistp256_method(void)
1698 .group_get_curve = ec_GFp_simple_group_get_curve, 1698 .group_get_curve = ec_GFp_simple_group_get_curve,
1699 .group_get_degree = ec_GFp_simple_group_get_degree, 1699 .group_get_degree = ec_GFp_simple_group_get_degree,
1700 .group_check_discriminant = 1700 .group_check_discriminant =
1701 ec_GFp_simple_group_check_discriminant, 1701 ec_GFp_simple_group_check_discriminant,
1702 .point_init = ec_GFp_simple_point_init, 1702 .point_init = ec_GFp_simple_point_init,
1703 .point_finish = ec_GFp_simple_point_finish, 1703 .point_finish = ec_GFp_simple_point_finish,
1704 .point_clear_finish = ec_GFp_simple_point_clear_finish, 1704 .point_clear_finish = ec_GFp_simple_point_clear_finish,
1705 .point_copy = ec_GFp_simple_point_copy, 1705 .point_copy = ec_GFp_simple_point_copy,
1706 .point_set_to_infinity = ec_GFp_simple_point_set_to_infinity, 1706 .point_set_to_infinity = ec_GFp_simple_point_set_to_infinity,
1707 .point_set_Jprojective_coordinates = 1707 .point_set_Jprojective_coordinates =
1708 ec_GFp_simple_set_Jprojective_coordinates, 1708 ec_GFp_simple_set_Jprojective_coordinates,
1709 .point_get_Jprojective_coordinates = 1709 .point_get_Jprojective_coordinates =
1710 ec_GFp_simple_get_Jprojective_coordinates, 1710 ec_GFp_simple_get_Jprojective_coordinates,
1711 .point_set_affine_coordinates = 1711 .point_set_affine_coordinates =
1712 ec_GFp_simple_point_set_affine_coordinates, 1712 ec_GFp_simple_point_set_affine_coordinates,
1713 .point_get_affine_coordinates = 1713 .point_get_affine_coordinates =
1714 ec_GFp_nistp256_point_get_affine_coordinates, 1714 ec_GFp_nistp256_point_get_affine_coordinates,
1715 .add = ec_GFp_simple_add, 1715 .add = ec_GFp_simple_add,
1716 .dbl = ec_GFp_simple_dbl, 1716 .dbl = ec_GFp_simple_dbl,
1717 .invert = ec_GFp_simple_invert, 1717 .invert = ec_GFp_simple_invert,
@@ -1760,7 +1760,7 @@ nistp256_pre_comp_dup(void *src_)
1760 return src_; 1760 return src_;
1761} 1761}
1762 1762
1763static void 1763static void
1764nistp256_pre_comp_free(void *pre_) 1764nistp256_pre_comp_free(void *pre_)
1765{ 1765{
1766 int i; 1766 int i;
@@ -1776,7 +1776,7 @@ nistp256_pre_comp_free(void *pre_)
1776 free(pre); 1776 free(pre);
1777} 1777}
1778 1778
1779static void 1779static void
1780nistp256_pre_comp_clear_free(void *pre_) 1780nistp256_pre_comp_clear_free(void *pre_)
1781{ 1781{
1782 int i; 1782 int i;
@@ -1796,7 +1796,7 @@ nistp256_pre_comp_clear_free(void *pre_)
1796/* OPENSSL EC_METHOD FUNCTIONS 1796/* OPENSSL EC_METHOD FUNCTIONS
1797 */ 1797 */
1798 1798
1799int 1799int
1800ec_GFp_nistp256_group_init(EC_GROUP * group) 1800ec_GFp_nistp256_group_init(EC_GROUP * group)
1801{ 1801{
1802 int ret; 1802 int ret;
@@ -1805,7 +1805,7 @@ ec_GFp_nistp256_group_init(EC_GROUP * group)
1805 return ret; 1805 return ret;
1806} 1806}
1807 1807
1808int 1808int
1809ec_GFp_nistp256_group_set_curve(EC_GROUP * group, const BIGNUM * p, 1809ec_GFp_nistp256_group_set_curve(EC_GROUP * group, const BIGNUM * p,
1810 const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx) 1810 const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx)
1811{ 1811{
@@ -1839,7 +1839,7 @@ ec_GFp_nistp256_group_set_curve(EC_GROUP * group, const BIGNUM * p,
1839 1839
1840/* Takes the Jacobian coordinates (X, Y, Z) of a point and returns 1840/* Takes the Jacobian coordinates (X, Y, Z) of a point and returns
1841 * (X', Y') = (X/Z^2, Y/Z^3) */ 1841 * (X', Y') = (X/Z^2, Y/Z^3) */
1842int 1842int
1843ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP * group, 1843ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP * group,
1844 const EC_POINT * point, BIGNUM * x, BIGNUM * y, BN_CTX * ctx) 1844 const EC_POINT * point, BIGNUM * x, BIGNUM * y, BN_CTX * ctx)
1845{ 1845{
@@ -1880,7 +1880,7 @@ ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP * group,
1880 return 1; 1880 return 1;
1881} 1881}
1882 1882
1883static void 1883static void
1884make_points_affine(size_t num, smallfelem points[ /* num */ ][3], smallfelem tmp_smallfelems[ /* num+1 */ ]) 1884make_points_affine(size_t num, smallfelem points[ /* num */ ][3], smallfelem tmp_smallfelems[ /* num+1 */ ])
1885{ 1885{
1886 /* 1886 /*
@@ -1903,7 +1903,7 @@ make_points_affine(size_t num, smallfelem points[ /* num */ ][3], smallfelem tmp
1903 1903
1904/* Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL values 1904/* Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL values
1905 * Result is stored in r (r can equal one of the inputs). */ 1905 * Result is stored in r (r can equal one of the inputs). */
1906int 1906int
1907ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r, 1907ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r,
1908 const BIGNUM * scalar, size_t num, const EC_POINT * points[], 1908 const BIGNUM * scalar, size_t num, const EC_POINT * points[],
1909 const BIGNUM * scalars[], BN_CTX * ctx) 1909 const BIGNUM * scalars[], BN_CTX * ctx)
@@ -2101,7 +2101,7 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r,
2101 return ret; 2101 return ret;
2102} 2102}
2103 2103
2104int 2104int
2105ec_GFp_nistp256_precompute_mult(EC_GROUP * group, BN_CTX * ctx) 2105ec_GFp_nistp256_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
2106{ 2106{
2107 int ret = 0; 2107 int ret = 0;
@@ -2222,7 +2222,7 @@ ec_GFp_nistp256_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
2222 return ret; 2222 return ret;
2223} 2223}
2224 2224
2225int 2225int
2226ec_GFp_nistp256_have_precompute_mult(const EC_GROUP * group) 2226ec_GFp_nistp256_have_precompute_mult(const EC_GROUP * group)
2227{ 2227{
2228 if (EC_EX_DATA_get_data(group->extra_data, nistp256_pre_comp_dup, 2228 if (EC_EX_DATA_get_data(group->extra_data, nistp256_pre_comp_dup,
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-25 20:05:01 +0000