aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/ec
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2018-03-27 17:03:01 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2018-03-27 17:03:01 +0000
commit02be298e504b8554caca6dc85af450e1ea44d19d (patch)
treeb4870fcd2c2663fedd44997d4bb5ad13dcd50293 /crypto/ec
parent4f94f84d8491a2455678402b5c7c92e692a272bc (diff)
downloadsrc-02be298e504b8554caca6dc85af450e1ea44d19d.tar.gz
src-02be298e504b8554caca6dc85af450e1ea44d19d.zip
Import OpenSSL 1.0.2o.vendor/openssl/1.0.2o
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=331625 svn path=/vendor-crypto/openssl/1.0.2o/; revision=331626; tag=vendor/openssl/1.0.2o
Diffstat (limited to 'crypto/ec')
-rw-r--r--crypto/ec/ec_lib.c10
-rw-r--r--crypto/ec/ec_mult.c16
-rw-r--r--crypto/ec/ecp_nistp224.c15
-rw-r--r--crypto/ec/ecp_nistp256.c41
-rw-r--r--crypto/ec/ecp_nistp521.c17
-rw-r--r--crypto/ec/ecp_nistz256.c2
-rw-r--r--crypto/ec/ecp_smpl.c2
-rw-r--r--crypto/ec/ectest.c14
8 files changed, 58 insertions, 59 deletions
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 3ffa112cc306..3241aa51d9f4 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -85,7 +85,7 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
return NULL;
}
- ret = OPENSSL_malloc(sizeof *ret);
+ ret = OPENSSL_malloc(sizeof(*ret));
if (ret == NULL) {
ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
@@ -164,7 +164,7 @@ void EC_GROUP_clear_free(EC_GROUP *group)
OPENSSL_free(group->seed);
}
- OPENSSL_cleanse(group, sizeof *group);
+ OPENSSL_cleanse(group, sizeof(*group));
OPENSSL_free(group);
}
@@ -575,7 +575,7 @@ int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data,
/* no explicit entry needed */
return 1;
- d = OPENSSL_malloc(sizeof *d);
+ d = OPENSSL_malloc(sizeof(*d));
if (d == NULL)
return 0;
@@ -712,7 +712,7 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group)
return NULL;
}
- ret = OPENSSL_malloc(sizeof *ret);
+ ret = OPENSSL_malloc(sizeof(*ret));
if (ret == NULL) {
ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
@@ -747,7 +747,7 @@ void EC_POINT_clear_free(EC_POINT *point)
point->meth->point_clear_finish(point);
else if (point->meth->point_finish != 0)
point->meth->point_finish(point);
- OPENSSL_cleanse(point, sizeof *point);
+ OPENSSL_cleanse(point, sizeof(*point));
OPENSSL_free(point);
}
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index 24ca67a6ef1e..2231f9957ef6 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -169,11 +169,11 @@ static void ec_pre_comp_clear_free(void *pre_)
for (p = pre->points; *p != NULL; p++) {
EC_POINT_clear_free(*p);
- OPENSSL_cleanse(p, sizeof *p);
+ OPENSSL_cleanse(p, sizeof(*p));
}
OPENSSL_free(pre->points);
}
- OPENSSL_cleanse(pre, sizeof *pre);
+ OPENSSL_cleanse(pre, sizeof(*pre));
OPENSSL_free(pre);
}
@@ -430,11 +430,11 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
totalnum = num + numblocks;
- wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]);
- wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);
- wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space
- * for pivot */
- val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
+ wsize = OPENSSL_malloc(totalnum * sizeof(wsize[0]));
+ wNAF_len = OPENSSL_malloc(totalnum * sizeof(wNAF_len[0]));
+ /* include space for pivot */
+ wNAF = OPENSSL_malloc((totalnum + 1) * sizeof(wNAF[0]));
+ val_sub = OPENSSL_malloc(totalnum * sizeof(val_sub[0]));
/* Ensure wNAF is initialised in case we end up going to err */
if (wNAF)
@@ -580,7 +580,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
* 'val_sub[i]' is a pointer to the subarray for the i-th point, or to a
* subarray of 'pre_comp->points' if we already have precomputation.
*/
- val = OPENSSL_malloc((num_val + 1) * sizeof val[0]);
+ val = OPENSSL_malloc((num_val + 1) * sizeof(val[0]));
if (val == NULL) {
ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
goto err;
diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c
index fcd754e44881..121f587b58b6 100644
--- a/crypto/ec/ecp_nistp224.c
+++ b/crypto/ec/ecp_nistp224.c
@@ -48,7 +48,6 @@ typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit
typedef uint8_t u8;
typedef uint64_t u64;
-typedef int64_t s64;
/******************************************************************************/
/*-
@@ -351,9 +350,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn)
unsigned num_bytes;
/* BN_bn2bin eats leading zeroes */
- memset(b_out, 0, sizeof b_out);
+ memset(b_out, 0, sizeof(b_out));
num_bytes = BN_num_bytes(bn);
- if (num_bytes > sizeof b_out) {
+ if (num_bytes > sizeof(b_out)) {
ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
return 0;
}
@@ -372,8 +371,8 @@ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in)
{
felem_bytearray b_in, b_out;
felem_to_bin28(b_in, in);
- flip_endian(b_out, b_in, sizeof b_out);
- return BN_bin2bn(b_out, sizeof b_out, out);
+ flip_endian(b_out, b_in, sizeof(b_out));
+ return BN_bin2bn(b_out, sizeof(b_out), out);
}
/******************************************************************************/
@@ -1234,7 +1233,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
static NISTP224_PRE_COMP *nistp224_pre_comp_new()
{
NISTP224_PRE_COMP *ret = NULL;
- ret = (NISTP224_PRE_COMP *) OPENSSL_malloc(sizeof *ret);
+ ret = (NISTP224_PRE_COMP *) OPENSSL_malloc(sizeof(*ret));
if (!ret) {
ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
return ret;
@@ -1281,7 +1280,7 @@ static void nistp224_pre_comp_clear_free(void *pre_)
if (i > 0)
return;
- OPENSSL_cleanse(pre, sizeof *pre);
+ OPENSSL_cleanse(pre, sizeof(*pre));
OPENSSL_free(pre);
}
@@ -1568,7 +1567,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
/* the scalar for the generator */
if ((scalar != NULL) && (have_pre_comp)) {
- memset(g_secret, 0, sizeof g_secret);
+ memset(g_secret, 0, sizeof(g_secret));
/* reduce scalar to 0 <= scalar < 2^224 */
if ((BN_num_bits(scalar) > 224) || (BN_is_negative(scalar))) {
/*
diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c
index 1272966fff84..378f0bae0857 100644
--- a/crypto/ec/ecp_nistp256.c
+++ b/crypto/ec/ecp_nistp256.c
@@ -51,7 +51,6 @@ typedef __int128_t int128_t;
typedef uint8_t u8;
typedef uint32_t u32;
typedef uint64_t u64;
-typedef int64_t s64;
/*
* The underlying field. P256 operates over GF(2^256-2^224+2^192+2^96-1). We
@@ -161,9 +160,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn)
unsigned num_bytes;
/* BN_bn2bin eats leading zeroes */
- memset(b_out, 0, sizeof b_out);
+ memset(b_out, 0, sizeof(b_out));
num_bytes = BN_num_bytes(bn);
- if (num_bytes > sizeof b_out) {
+ if (num_bytes > sizeof(b_out)) {
ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
return 0;
}
@@ -182,8 +181,8 @@ static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in)
{
felem_bytearray b_in, b_out;
smallfelem_to_bin32(b_in, in);
- flip_endian(b_out, b_in, sizeof b_out);
- return BN_bin2bn(b_out, sizeof b_out, out);
+ flip_endian(b_out, b_in, sizeof(b_out));
+ return BN_bin2bn(b_out, sizeof(b_out), out);
}
/*-
@@ -392,7 +391,7 @@ static void felem_shrink(smallfelem out, const felem in)
{
felem tmp;
u64 a, b, mask;
- s64 high, low;
+ u64 high, low;
static const u64 kPrime3Test = 0x7fffffff00000001ul; /* 2^63 - 2^32 + 1 */
/* Carry 2->3 */
@@ -433,29 +432,31 @@ static void felem_shrink(smallfelem out, const felem in)
* In order to make space in tmp[3] for the carry from 2 -> 3, we
* conditionally subtract kPrime if tmp[3] is large enough.
*/
- high = tmp[3] >> 64;
+ high = (u64)(tmp[3] >> 64);
/* As tmp[3] < 2^65, high is either 1 or 0 */
- high <<= 63;
- high >>= 63;
+ high = 0 - high;
/*-
* high is:
* all ones if the high word of tmp[3] is 1
- * all zeros if the high word of tmp[3] if 0 */
- low = tmp[3];
- mask = low >> 63;
+ * all zeros if the high word of tmp[3] if 0
+ */
+ low = (u64)tmp[3];
+ mask = 0 - (low >> 63);
/*-
* mask is:
* all ones if the MSB of low is 1
- * all zeros if the MSB of low if 0 */
+ * all zeros if the MSB of low if 0
+ */
low &= bottom63bits;
low -= kPrime3Test;
/* if low was greater than kPrime3Test then the MSB is zero */
low = ~low;
- low >>= 63;
+ low = 0 - (low >> 63);
/*-
* low is:
* all ones if low was > kPrime3Test
- * all zeros if low was <= kPrime3Test */
+ * all zeros if low was <= kPrime3Test
+ */
mask = (mask & low) | high;
tmp[0] -= mask & kPrime[0];
tmp[1] -= mask & kPrime[1];
@@ -889,7 +890,7 @@ static void felem_contract(smallfelem out, const felem in)
equal &= equal << 4;
equal &= equal << 2;
equal &= equal << 1;
- equal = ((s64) equal) >> 63;
+ equal = 0 - (equal >> 63);
all_equal_so_far &= equal;
}
@@ -956,7 +957,7 @@ static limb smallfelem_is_zero(const smallfelem small)
is_zero &= is_zero << 4;
is_zero &= is_zero << 2;
is_zero &= is_zero << 1;
- is_zero = ((s64) is_zero) >> 63;
+ is_zero = 0 - (is_zero >> 63);
is_p = (small[0] ^ kPrime[0]) |
(small[1] ^ kPrime[1]) |
@@ -968,7 +969,7 @@ static limb smallfelem_is_zero(const smallfelem small)
is_p &= is_p << 4;
is_p &= is_p << 2;
is_p &= is_p << 1;
- is_p = ((s64) is_p) >> 63;
+ is_p = 0 - (is_p >> 63);
is_zero |= is_p;
@@ -1820,7 +1821,7 @@ const EC_METHOD *EC_GFp_nistp256_method(void)
static NISTP256_PRE_COMP *nistp256_pre_comp_new()
{
NISTP256_PRE_COMP *ret = NULL;
- ret = (NISTP256_PRE_COMP *) OPENSSL_malloc(sizeof *ret);
+ ret = (NISTP256_PRE_COMP *) OPENSSL_malloc(sizeof(*ret));
if (!ret) {
ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
return ret;
@@ -1867,7 +1868,7 @@ static void nistp256_pre_comp_clear_free(void *pre_)
if (i > 0)
return;
- OPENSSL_cleanse(pre, sizeof *pre);
+ OPENSSL_cleanse(pre, sizeof(*pre));
OPENSSL_free(pre);
}
diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c
index a1dc9946fd17..90989c5a0769 100644
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@@ -49,7 +49,6 @@ typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit
typedef uint8_t u8;
typedef uint64_t u64;
-typedef int64_t s64;
/*
* The underlying field. P521 operates over GF(2^521-1). We can serialise an
@@ -185,9 +184,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn)
unsigned num_bytes;
/* BN_bn2bin eats leading zeroes */
- memset(b_out, 0, sizeof b_out);
+ memset(b_out, 0, sizeof(b_out));
num_bytes = BN_num_bytes(bn);
- if (num_bytes > sizeof b_out) {
+ if (num_bytes > sizeof(b_out)) {
ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
return 0;
}
@@ -206,8 +205,8 @@ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in)
{
felem_bytearray b_in, b_out;
felem_to_bin66(b_in, in);
- flip_endian(b_out, b_in, sizeof b_out);
- return BN_bin2bn(b_out, sizeof b_out, out);
+ flip_endian(b_out, b_in, sizeof(b_out));
+ return BN_bin2bn(b_out, sizeof(b_out), out);
}
/*-
@@ -852,7 +851,7 @@ static limb felem_is_zero(const felem in)
* We know that ftmp[i] < 2^63, therefore the only way that the top bit
* can be set is if is_zero was 0 before the decrement.
*/
- is_zero = ((s64) is_zero) >> 63;
+ is_zero = 0 - (is_zero >> 63);
is_p = ftmp[0] ^ kPrime[0];
is_p |= ftmp[1] ^ kPrime[1];
@@ -865,7 +864,7 @@ static limb felem_is_zero(const felem in)
is_p |= ftmp[8] ^ kPrime[8];
is_p--;
- is_p = ((s64) is_p) >> 63;
+ is_p = 0 - (is_p >> 63);
is_zero |= is_p;
return is_zero;
@@ -936,7 +935,7 @@ static void felem_contract(felem out, const felem in)
is_p &= is_p << 4;
is_p &= is_p << 2;
is_p &= is_p << 1;
- is_p = ((s64) is_p) >> 63;
+ is_p = 0 - (is_p >> 63);
is_p = ~is_p;
/* is_p is 0 iff |out| == 2^521-1 and all ones otherwise */
@@ -962,7 +961,7 @@ static void felem_contract(felem out, const felem in)
is_greater |= is_greater << 4;
is_greater |= is_greater << 2;
is_greater |= is_greater << 1;
- is_greater = ((s64) is_greater) >> 63;
+ is_greater = 0 - (is_greater >> 63);
out[0] -= kPrime[0] & is_greater;
out[1] -= kPrime[1] & is_greater;
diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c
index 99b8d613c833..9a53a39a25b9 100644
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
@@ -1504,7 +1504,7 @@ static void ecp_nistz256_pre_comp_clear_free(void *pre_)
32 * sizeof(unsigned char) * (1 << pre->w) * 2 * 37);
OPENSSL_free(pre->precomp_storage);
}
- OPENSSL_cleanse(pre, sizeof *pre);
+ OPENSSL_cleanse(pre, sizeof(*pre));
OPENSSL_free(pre);
}
diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c
index 2b848216d78c..e94a7d49368d 100644
--- a/crypto/ec/ecp_smpl.c
+++ b/crypto/ec/ecp_smpl.c
@@ -1270,7 +1270,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
if (tmp == NULL || tmp_Z == NULL)
goto err;
- prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]);
+ prod_Z = OPENSSL_malloc(num * sizeof(prod_Z[0]));
if (prod_Z == NULL)
goto err;
for (i = 0; i < num; i++) {
diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c
index 40a1f003259f..5e1ef5093383 100644
--- a/crypto/ec/ectest.c
+++ b/crypto/ec/ectest.c
@@ -469,7 +469,7 @@ static void prime_field_tests(void)
len =
EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
- sizeof buf, ctx);
+ sizeof(buf), ctx);
if (len == 0)
ABORT;
if (!EC_POINT_oct2point(group, P, buf, len, ctx))
@@ -482,7 +482,7 @@ static void prime_field_tests(void)
len =
EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf,
- sizeof buf, ctx);
+ sizeof(buf), ctx);
if (len == 0)
ABORT;
if (!EC_POINT_oct2point(group, P, buf, len, ctx))
@@ -494,7 +494,7 @@ static void prime_field_tests(void)
fprintf(stdout, "%02X", buf[i]);
len =
- EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf,
+ EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf),
ctx);
if (len == 0)
ABORT;
@@ -1206,7 +1206,7 @@ static void char2_field_tests(void)
# ifdef OPENSSL_EC_BIN_PT_COMP
len =
EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
- sizeof buf, ctx);
+ sizeof(buf), ctx);
if (len == 0)
ABORT;
if (!EC_POINT_oct2point(group, P, buf, len, ctx))
@@ -1220,7 +1220,7 @@ static void char2_field_tests(void)
len =
EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf,
- sizeof buf, ctx);
+ sizeof(buf), ctx);
if (len == 0)
ABORT;
if (!EC_POINT_oct2point(group, P, buf, len, ctx))
@@ -1234,7 +1234,7 @@ static void char2_field_tests(void)
/* Change test based on whether binary point compression is enabled or not. */
# ifdef OPENSSL_EC_BIN_PT_COMP
len =
- EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf,
+ EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf),
ctx);
if (len == 0)
ABORT;
@@ -1844,7 +1844,7 @@ int main(int argc, char *argv[])
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
ERR_load_crypto_strings();
- RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
+ RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */
prime_field_tests();
puts("");