![Please Enable Javascript]()
{"schema":"libjg2-1",
"vpath":"/git/",
"avatar":"/git/avatar/",
"alang":"",
"gen_ut":1755029006,
"reponame":"openssl",
"desc":"OpenSSL",
"owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl",
"f":3,
"items": [
{"schema":"libjg2-1",
"cid":"4215a973ba033124ef2c0e84ceb188db",
"commit": {"type":"commit",
"time": 1472031888,
"time_ofs": 60,
"oid_tree": { "oid": "d71ad6dc4ecb36f7c14474fac059d1a112f7de1c", "alias": []},
"oid":{ "oid": "b62b2454fadfccaf5e055a1810d72174c2633b8f", "alias": []},
"msg": "ec/asm/ecp_nistz256-x86_64.pl: addition to perform stricter reduction.",
"sig_commit": { "git_time": { "time": 1472031888, "offset": 60 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" },
"sig_author": { "git_time": { "time": 1471723461, "offset": 120 }, "name": "Andy Polyakov", "email": "appro@openssl.org", "md5": "50bd64fa2a792cbbf679fa16213a3b2a" }},
"body": "ec/asm/ecp_nistz256-x86_64.pl: addition to perform stricter reduction.\n\nAddition was not preserving inputs' property of being fully reduced.\n\nThanks to Brian Smith for reporting this.\n\nReviewed-by: Rich Salz \u003crsalz@openssl.org\u003e\n"
,
"diff": "diff --git a/crypto/ec/asm/ecp_nistz256-x86_64.pl b/crypto/ec/asm/ecp_nistz256-x86_64.pl\nindex cce92b9..cc7b976 100755\n--- a/crypto/ec/asm/ecp_nistz256-x86_64.pl\n+++ b/crypto/ec/asm/ecp_nistz256-x86_64.pl\n@@ -135,6 +135,7 @@ ecp_nistz256_mul_by_2:\n \tpush\t%r13\n \n \tmov\t8*0($a_ptr), $a0\n+\txor\t$t4,$t4\n \tmov\t8*1($a_ptr), $a1\n \tadd\t$a0, $a0\t\t# a0:a3+a0:a3\n \tmov\t8*2($a_ptr), $a2\n@@ -145,7 +146,7 @@ ecp_nistz256_mul_by_2:\n \tadc\t$a2, $a2\n \tadc\t$a3, $a3\n \t mov\t$a1, $t1\n-\tsbb\t$t4, $t4\n+\tadc\t\u005c$0, $t4\n \n \tsub\t8*0($a_ptr), $a0\n \t mov\t$a2, $t2\n@@ -153,14 +154,14 @@ ecp_nistz256_mul_by_2:\n \tsbb\t8*2($a_ptr), $a2\n \t mov\t$a3, $t3\n \tsbb\t8*3($a_ptr), $a3\n-\ttest\t$t4, $t4\n+\tsbb\t\u005c$0, $t4\n \n-\tcmovz\t$t0, $a0\n-\tcmovz\t$t1, $a1\n+\tcmovb\t$t0, $a0\n+\tcmovb\t$t1, $a1\n \tmov\t$a0, 8*0($r_ptr)\n-\tcmovz\t$t2, $a2\n+\tcmovb\t$t2, $a2\n \tmov\t$a1, 8*1($r_ptr)\n-\tcmovz\t$t3, $a3\n+\tcmovb\t$t3, $a3\n \tmov\t$a2, 8*2($r_ptr)\n \tmov\t$a3, 8*3($r_ptr)\n \n@@ -257,12 +258,12 @@ ecp_nistz256_mul_by_3:\n \tsbb\t\u005c$0, $a2\n \t mov\t$a3, $t3\n \tsbb\t.Lpoly+8*3(%rip), $a3\n-\ttest\t$t4, $t4\n+\tsbb\t\u005c$0, $t4\n \n-\tcmovz\t$t0, $a0\n-\tcmovz\t$t1, $a1\n-\tcmovz\t$t2, $a2\n-\tcmovz\t$t3, $a3\n+\tcmovb\t$t0, $a0\n+\tcmovb\t$t1, $a1\n+\tcmovb\t$t2, $a2\n+\tcmovb\t$t3, $a3\n \n \txor\t$t4, $t4\n \tadd\t8*0($a_ptr), $a0\t# a0:a3+\u003da_ptr[0:3]\n@@ -279,14 +280,14 @@ ecp_nistz256_mul_by_3:\n \tsbb\t\u005c$0, $a2\n \t mov\t$a3, $t3\n \tsbb\t.Lpoly+8*3(%rip), $a3\n-\ttest\t$t4, $t4\n+\tsbb\t\u005c$0, $t4\n \n-\tcmovz\t$t0, $a0\n-\tcmovz\t$t1, $a1\n+\tcmovb\t$t0, $a0\n+\tcmovb\t$t1, $a1\n \tmov\t$a0, 8*0($r_ptr)\n-\tcmovz\t$t2, $a2\n+\tcmovb\t$t2, $a2\n \tmov\t$a1, 8*1($r_ptr)\n-\tcmovz\t$t3, $a3\n+\tcmovb\t$t3, $a3\n \tmov\t$a2, 8*2($r_ptr)\n \tmov\t$a3, 8*3($r_ptr)\n \n@@ -325,14 +326,14 @@ ecp_nistz256_add:\n \tsbb\t8*2($a_ptr), $a2\n \t mov\t$a3, $t3\n \tsbb\t8*3($a_ptr), $a3\n-\ttest\t$t4, $t4\n+\tsbb\t\u005c$0, $t4\n \n-\tcmovz\t$t0, $a0\n-\tcmovz\t$t1, $a1\n+\tcmovb\t$t0, $a0\n+\tcmovb\t$t1, $a1\n \tmov\t$a0, 8*0($r_ptr)\n-\tcmovz\t$t2, $a2\n+\tcmovb\t$t2, $a2\n \tmov\t$a1, 8*1($r_ptr)\n-\tcmovz\t$t3, $a3\n+\tcmovb\t$t3, $a3\n \tmov\t$a2, 8*2($r_ptr)\n \tmov\t$a3, 8*3($r_ptr)\n \n@@ -1890,13 +1891,14 @@ $code.\u003d\u003c\u003c___;\n .type\t__ecp_nistz256_add_toq,\u005c@abi-omnipotent\n .align\t32\n __ecp_nistz256_add_toq:\n+\txor\t$t4,$t4\n \tadd\t8*0($b_ptr), $a0\n \tadc\t8*1($b_ptr), $a1\n \t mov\t$a0, $t0\n \tadc\t8*2($b_ptr), $a2\n \tadc\t8*3($b_ptr), $a3\n \t mov\t$a1, $t1\n-\tsbb\t$t4, $t4\n+\tadc\t\u005c$0, $t4\n \n \tsub\t\u005c$-1, $a0\n \t mov\t$a2, $t2\n@@ -1904,14 +1906,14 @@ __ecp_nistz256_add_toq:\n \tsbb\t\u005c$0, $a2\n \t mov\t$a3, $t3\n \tsbb\t$poly3, $a3\n-\ttest\t$t4, $t4\n+\tsbb\t\u005c$0, $t4\n \n-\tcmovz\t$t0, $a0\n-\tcmovz\t$t1, $a1\n+\tcmovb\t$t0, $a0\n+\tcmovb\t$t1, $a1\n \tmov\t$a0, 8*0($r_ptr)\n-\tcmovz\t$t2, $a2\n+\tcmovb\t$t2, $a2\n \tmov\t$a1, 8*1($r_ptr)\n-\tcmovz\t$t3, $a3\n+\tcmovb\t$t3, $a3\n \tmov\t$a2, 8*2($r_ptr)\n \tmov\t$a3, 8*3($r_ptr)\n \n@@ -1979,13 +1981,14 @@ __ecp_nistz256_subq:\n .type\t__ecp_nistz256_mul_by_2q,\u005c@abi-omnipotent\n .align\t32\n __ecp_nistz256_mul_by_2q:\n+\txor\t$t4, $t4\n \tadd\t$a0, $a0\t\t# a0:a3+a0:a3\n \tadc\t$a1, $a1\n \t mov\t$a0, $t0\n \tadc\t$a2, $a2\n \tadc\t$a3, $a3\n \t mov\t$a1, $t1\n-\tsbb\t$t4, $t4\n+\tadc\t\u005c$0, $t4\n \n \tsub\t\u005c$-1, $a0\n \t mov\t$a2, $t2\n@@ -1993,14 +1996,14 @@ __ecp_nistz256_mul_by_2q:\n \tsbb\t\u005c$0, $a2\n \t mov\t$a3, $t3\n \tsbb\t$poly3, $a3\n-\ttest\t$t4, $t4\n+\tsbb\t\u005c$0, $t4\n \n-\tcmovz\t$t0, $a0\n-\tcmovz\t$t1, $a1\n+\tcmovb\t$t0, $a0\n+\tcmovb\t$t1, $a1\n \tmov\t$a0, 8*0($r_ptr)\n-\tcmovz\t$t2, $a2\n+\tcmovb\t$t2, $a2\n \tmov\t$a1, 8*1($r_ptr)\n-\tcmovz\t$t3, $a3\n+\tcmovb\t$t3, $a3\n \tmov\t$a2, 8*2($r_ptr)\n \tmov\t$a3, 8*3($r_ptr)\n \n@@ -2455,6 +2458,7 @@ $code.\u003d\u003c\u003c___;\n \t#lea\t$Hsqr(%rsp), $r_ptr\t# 2*U1*H^2\n \t#call\t__ecp_nistz256_mul_by_2\t# ecp_nistz256_mul_by_2(Hsqr, U2);\n \n+\txor\t$t4, $t4\n \tadd\t$acc0, $acc0\t\t# a0:a3+a0:a3\n \tlea\t$Rsqr(%rsp), $a_ptr\n \tadc\t$acc1, $acc1\n@@ -2462,7 +2466,7 @@ $code.\u003d\u003c\u003c___;\n \tadc\t$acc2, $acc2\n \tadc\t$acc3, $acc3\n \t mov\t$acc1, $t1\n-\tsbb\t$t4, $t4\n+\tadc\t\u005c$0, $t4\n \n \tsub\t\u005c$-1, $acc0\n \t mov\t$acc2, $t2\n@@ -2470,15 +2474,15 @@ $code.\u003d\u003c\u003c___;\n \tsbb\t\u005c$0, $acc2\n \t mov\t$acc3, $t3\n \tsbb\t$poly3, $acc3\n-\ttest\t$t4, $t4\n+\tsbb\t\u005c$0, $t4\n \n-\tcmovz\t$t0, $acc0\n+\tcmovb\t$t0, $acc0\n \tmov\t8*0($a_ptr), $t0\n-\tcmovz\t$t1, $acc1\n+\tcmovb\t$t1, $acc1\n \tmov\t8*1($a_ptr), $t1\n-\tcmovz\t$t2, $acc2\n+\tcmovb\t$t2, $acc2\n \tmov\t8*2($a_ptr), $t2\n-\tcmovz\t$t3, $acc3\n+\tcmovb\t$t3, $acc3\n \tmov\t8*3($a_ptr), $t3\n \n \tcall\t__ecp_nistz256_sub$x\t\t# p256_sub(res_x, Rsqr, Hsqr);\n@@ -2760,6 +2764,7 @@ $code.\u003d\u003c\u003c___;\n \t#lea\t$Hsqr(%rsp), $r_ptr\t# 2*U1*H^2\n \t#call\t__ecp_nistz256_mul_by_2\t# ecp_nistz256_mul_by_2(Hsqr, U2);\n \n+\txor\t$t4, $t4\n \tadd\t$acc0, $acc0\t\t# a0:a3+a0:a3\n \tlea\t$Rsqr(%rsp), $a_ptr\n \tadc\t$acc1, $acc1\n@@ -2767,7 +2772,7 @@ $code.\u003d\u003c\u003c___;\n \tadc\t$acc2, $acc2\n \tadc\t$acc3, $acc3\n \t mov\t$acc1, $t1\n-\tsbb\t$t4, $t4\n+\tadc\t\u005c$0, $t4\n \n \tsub\t\u005c$-1, $acc0\n \t mov\t$acc2, $t2\n@@ -2775,15 +2780,15 @@ $code.\u003d\u003c\u003c___;\n \tsbb\t\u005c$0, $acc2\n \t mov\t$acc3, $t3\n \tsbb\t$poly3, $acc3\n-\ttest\t$t4, $t4\n+\tsbb\t\u005c$0, $t4\n \n-\tcmovz\t$t0, $acc0\n+\tcmovb\t$t0, $acc0\n \tmov\t8*0($a_ptr), $t0\n-\tcmovz\t$t1, $acc1\n+\tcmovb\t$t1, $acc1\n \tmov\t8*1($a_ptr), $t1\n-\tcmovz\t$t2, $acc2\n+\tcmovb\t$t2, $acc2\n \tmov\t8*2($a_ptr), $t2\n-\tcmovz\t$t3, $acc3\n+\tcmovb\t$t3, $acc3\n \tmov\t8*3($a_ptr), $t3\n \n \tcall\t__ecp_nistz256_sub$x\t\t# p256_sub(res_x, Rsqr, Hsqr);\n@@ -2935,14 +2940,14 @@ __ecp_nistz256_add_tox:\n \tsbb\t\u005c$0, $a2\n \t mov\t$a3, $t3\n \tsbb\t$poly3, $a3\n+\tsbb\t\u005c$0, $t4\n \n-\tbt\t\u005c$0, $t4\n-\tcmovnc\t$t0, $a0\n-\tcmovnc\t$t1, $a1\n+\tcmovb\t$t0, $a0\n+\tcmovb\t$t1, $a1\n \tmov\t$a0, 8*0($r_ptr)\n-\tcmovnc\t$t2, $a2\n+\tcmovb\t$t2, $a2\n \tmov\t$a1, 8*1($r_ptr)\n-\tcmovnc\t$t3, $a3\n+\tcmovb\t$t3, $a3\n \tmov\t$a2, 8*2($r_ptr)\n \tmov\t$a3, 8*3($r_ptr)\n \n@@ -3030,14 +3035,14 @@ __ecp_nistz256_mul_by_2x:\n \tsbb\t\u005c$0, $a2\n \t mov\t$a3, $t3\n \tsbb\t$poly3, $a3\n+\tsbb\t\u005c$0, $t4\n \n-\tbt\t\u005c$0, $t4\n-\tcmovnc\t$t0, $a0\n-\tcmovnc\t$t1, $a1\n+\tcmovb\t$t0, $a0\n+\tcmovb\t$t1, $a1\n \tmov\t$a0, 8*0($r_ptr)\n-\tcmovnc\t$t2, $a2\n+\tcmovb\t$t2, $a2\n \tmov\t$a1, 8*1($r_ptr)\n-\tcmovnc\t$t3, $a3\n+\tcmovb\t$t3, $a3\n \tmov\t$a2, 8*2($r_ptr)\n \tmov\t$a3, 8*3($r_ptr)\n \ndiff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c\nindex d2fabe5..564a889 100644\n--- a/crypto/ec/ecp_nistz256.c\n+++ b/crypto/ec/ecp_nistz256.c\n@@ -89,19 +89,36 @@ struct nistz256_pre_comp_st {\n };\n \n /* Functions implemented in assembly */\n+/*\n+ * Most of below mentioned functions *preserve* the property of inputs\n+ * being fully reduced, i.e. being in [0, modulus) range. Simply put if\n+ * inputs are fully reduced, then output is too. Note that reverse is\n+ * not true, in sense that given partially reduced inputs output can be\n+ * either, not unlikely reduced. And \u0022most\u0022 in first sentence refers to\n+ * the fact that given the calculations flow one can tolerate that\n+ * addition, 1st function below, produces partially reduced result *if*\n+ * multiplications by 2 and 3, which customarily use addition, fully\n+ * reduce it. This effectively gives two options: a) addition produces\n+ * fully reduced result [as long as inputs are, just like remaining\n+ * functions]; b) addition is allowed to produce partially reduced\n+ * result, but multiplications by 2 and 3 perform additional reduction\n+ * step. Choice between the two can be platform-specific, but it was a)\n+ * in all cases so far...\n+ */\n+/* Modular add: res \u003d a+b mod P */\n+void ecp_nistz256_add(BN_ULONG res[P256_LIMBS],\n+ const BN_ULONG a[P256_LIMBS],\n+ const BN_ULONG b[P256_LIMBS]);\n /* Modular mul by 2: res \u003d 2*a mod P */\n void ecp_nistz256_mul_by_2(BN_ULONG res[P256_LIMBS],\n const BN_ULONG a[P256_LIMBS]);\n-/* Modular div by 2: res \u003d a/2 mod P */\n-void ecp_nistz256_div_by_2(BN_ULONG res[P256_LIMBS],\n- const BN_ULONG a[P256_LIMBS]);\n /* Modular mul by 3: res \u003d 3*a mod P */\n void ecp_nistz256_mul_by_3(BN_ULONG res[P256_LIMBS],\n const BN_ULONG a[P256_LIMBS]);\n-/* Modular add: res \u003d a+b mod P */\n-void ecp_nistz256_add(BN_ULONG res[P256_LIMBS],\n- const BN_ULONG a[P256_LIMBS],\n- const BN_ULONG b[P256_LIMBS]);\n+\n+/* Modular div by 2: res \u003d a/2 mod P */\n+void ecp_nistz256_div_by_2(BN_ULONG res[P256_LIMBS],\n+ const BN_ULONG a[P256_LIMBS]);\n /* Modular sub: res \u003d a-b mod P */\n void ecp_nistz256_sub(BN_ULONG res[P256_LIMBS],\n const BN_ULONG a[P256_LIMBS],\n","s":{"c":1755029006,"u": 16539}}
],"g": 18656,"chitpc": 0,"ehitpc": 0,"indexed":0
,
"ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}