| Index: openssl/crypto/ec/ec2_mult.c
|
| ===================================================================
|
| --- openssl/crypto/ec/ec2_mult.c (revision 105093)
|
| +++ openssl/crypto/ec/ec2_mult.c (working copy)
|
| @@ -76,7 +76,7 @@
|
| * coordinates.
|
| * Uses algorithm Mdouble in appendix of
|
| * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
|
| - * GF(2^m) without precomputation".
|
| + * GF(2^m) without precomputation" (CHES '99, LNCS 1717).
|
| * modified to not require precomputation of c=b^{2^{m-1}}.
|
| */
|
| static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx)
|
| @@ -107,8 +107,8 @@
|
| /* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery
|
| * projective coordinates.
|
| * Uses algorithm Madd in appendix of
|
| - * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over
|
| - * GF(2^m) without precomputation".
|
| + * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
|
| + * GF(2^m) without precomputation" (CHES '99, LNCS 1717).
|
| */
|
| static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1,
|
| const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx)
|
| @@ -140,8 +140,8 @@
|
|
|
| /* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2)
|
| * using Montgomery point multiplication algorithm Mxy() in appendix of
|
| - * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over
|
| - * GF(2^m) without precomputation".
|
| + * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
|
| + * GF(2^m) without precomputation" (CHES '99, LNCS 1717).
|
| * Returns:
|
| * 0 on error
|
| * 1 if return value should be the point at infinity
|
| @@ -209,15 +209,15 @@
|
| /* Computes scalar*point and stores the result in r.
|
| * point can not equal r.
|
| * Uses algorithm 2P of
|
| - * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over
|
| - * GF(2^m) without precomputation".
|
| + * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
|
| + * GF(2^m) without precomputation" (CHES '99, LNCS 1717).
|
| */
|
| static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
|
| const EC_POINT *point, BN_CTX *ctx)
|
| {
|
| BIGNUM *x1, *x2, *z1, *z2;
|
| - int ret = 0, i, j;
|
| - BN_ULONG mask;
|
| + int ret = 0, i;
|
| + BN_ULONG mask,word;
|
|
|
| if (r == point)
|
| {
|
| @@ -251,22 +251,24 @@
|
| if (!BN_GF2m_add(x2, x2, &group->b)) goto err; /* x2 = x^4 + b */
|
|
|
| /* find top most bit and go one past it */
|
| - i = scalar->top - 1; j = BN_BITS2 - 1;
|
| + i = scalar->top - 1;
|
| mask = BN_TBIT;
|
| - while (!(scalar->d[i] & mask)) { mask >>= 1; j--; }
|
| - mask >>= 1; j--;
|
| + word = scalar->d[i];
|
| + while (!(word & mask)) mask >>= 1;
|
| + mask >>= 1;
|
| /* if top most bit was at word break, go to next word */
|
| if (!mask)
|
| {
|
| - i--; j = BN_BITS2 - 1;
|
| + i--;
|
| mask = BN_TBIT;
|
| }
|
|
|
| for (; i >= 0; i--)
|
| {
|
| - for (; j >= 0; j--)
|
| + word = scalar->d[i];
|
| + while (mask)
|
| {
|
| - if (scalar->d[i] & mask)
|
| + if (word & mask)
|
| {
|
| if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
|
| if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
|
| @@ -278,7 +280,6 @@
|
| }
|
| mask >>= 1;
|
| }
|
| - j = BN_BITS2 - 1;
|
| mask = BN_TBIT;
|
| }
|
|
|
| @@ -318,6 +319,7 @@
|
| int ret = 0;
|
| size_t i;
|
| EC_POINT *p=NULL;
|
| + EC_POINT *acc = NULL;
|
|
|
| if (ctx == NULL)
|
| {
|
| @@ -337,15 +339,16 @@
|
| }
|
|
|
| if ((p = EC_POINT_new(group)) == NULL) goto err;
|
| + if ((acc = EC_POINT_new(group)) == NULL) goto err;
|
|
|
| - if (!EC_POINT_set_to_infinity(group, r)) goto err;
|
| + if (!EC_POINT_set_to_infinity(group, acc)) goto err;
|
|
|
| if (scalar)
|
| {
|
| if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err;
|
| - if (BN_is_negative(scalar))
|
| + if (BN_is_negative(scalar))
|
| if (!group->meth->invert(group, p, ctx)) goto err;
|
| - if (!group->meth->add(group, r, r, p, ctx)) goto err;
|
| + if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
|
| }
|
|
|
| for (i = 0; i < num; i++)
|
| @@ -353,13 +356,16 @@
|
| if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err;
|
| if (BN_is_negative(scalars[i]))
|
| if (!group->meth->invert(group, p, ctx)) goto err;
|
| - if (!group->meth->add(group, r, r, p, ctx)) goto err;
|
| + if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
|
| }
|
|
|
| + if (!EC_POINT_copy(r, acc)) goto err;
|
| +
|
| ret = 1;
|
|
|
| err:
|
| if (p) EC_POINT_free(p);
|
| + if (acc) EC_POINT_free(acc);
|
| if (new_ctx != NULL)
|
| BN_CTX_free(new_ctx);
|
| return ret;
|
|
|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/