Matt Caswell
@@ -1094,7 +1094,8 @@ static void smallfelem_inv_contract(smallfelem out, const smallfelem in)
|
|||||||
*
|
*
|
||||||
* Building on top of the field operations we have the operations on the
|
* Building on top of the field operations we have the operations on the
|
||||||
* elliptic curve group itself. Points on the curve are represented in Jacobian
|
* elliptic curve group itself. Points on the curve are represented in Jacobian
|
||||||
* coordinates */
|
* coordinates
|
||||||
|
*/
|
||||||
|
|
||||||
/*-
|
/*-
|
||||||
* point_double calculates 2*(x_in, y_in, z_in)
|
* point_double calculates 2*(x_in, y_in, z_in)
|
||||||
@@ -1103,7 +1104,8 @@ static void smallfelem_inv_contract(smallfelem out, const smallfelem in)
|
|||||||
* http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
|
* http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
|
||||||
*
|
*
|
||||||
* Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed.
|
* Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed.
|
||||||
* while x_out == y_in is not (maybe this works, but it's not tested). */
|
* while x_out == y_in is not (maybe this works, but it's not tested).
|
||||||
|
*/
|
||||||
static void
|
static void
|
||||||
point_double(felem x_out, felem y_out, felem z_out,
|
point_double(felem x_out, felem y_out, felem z_out,
|
||||||
const felem x_in, const felem y_in, const felem z_in)
|
const felem x_in, const felem y_in, const felem z_in)
|
||||||
@@ -1234,7 +1236,8 @@ static void copy_small_conditional(felem out, const smallfelem in, limb mask)
|
|||||||
* This function includes a branch for checking whether the two input points
|
* This function includes a branch for checking whether the two input points
|
||||||
* are equal, (while not equal to the point at infinity). This case never
|
* are equal, (while not equal to the point at infinity). This case never
|
||||||
* happens during single point multiplication, so there is no timing leak for
|
* happens during single point multiplication, so there is no timing leak for
|
||||||
* ECDH or ECDSA signing. */
|
* ECDH or ECDSA signing.
|
||||||
|
*/
|
||||||
static void point_add(felem x3, felem y3, felem z3,
|
static void point_add(felem x3, felem y3, felem z3,
|
||||||
const felem x1, const felem y1, const felem z1,
|
const felem x1, const felem y1, const felem z1,
|
||||||
const int mixed, const smallfelem x2,
|
const int mixed, const smallfelem x2,
|
||||||
|
|||||||
@@ -422,7 +422,8 @@ static void felem_square(largefelem out, const felem in)
|
|||||||
* 2 * in[x] * in[y]
|
* 2 * in[x] * in[y]
|
||||||
* However, rather than do the doubling on the 128 bit result, we
|
* However, rather than do the doubling on the 128 bit result, we
|
||||||
* double one of the inputs to the multiplication by reading from
|
* double one of the inputs to the multiplication by reading from
|
||||||
* |inx2| */
|
* |inx2|
|
||||||
|
*/
|
||||||
|
|
||||||
out[0] = ((uint128_t) in[0]) * in[0];
|
out[0] = ((uint128_t) in[0]) * in[0];
|
||||||
out[1] = ((uint128_t) in[0]) * inx2[1];
|
out[1] = ((uint128_t) in[0]) * inx2[1];
|
||||||
|
|||||||
@@ -754,7 +754,8 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
|
|||||||
*
|
*
|
||||||
* With SHA-1 (the largest hash speced for SSLv3) the hash size
|
* With SHA-1 (the largest hash speced for SSLv3) the hash size
|
||||||
* goes up 4, but npad goes down by 8, resulting in a smaller
|
* goes up 4, but npad goes down by 8, resulting in a smaller
|
||||||
* total size. */
|
* total size.
|
||||||
|
*/
|
||||||
unsigned char header[75];
|
unsigned char header[75];
|
||||||
unsigned j = 0;
|
unsigned j = 0;
|
||||||
memcpy(header + j, mac_sec, md_size);
|
memcpy(header + j, mac_sec, md_size);
|
||||||
|
|||||||
Reference in New Issue
Block a user