Skip to content
Permalink
Browse files

deps: upgrade openssl sources to 1.0.2s

PR-URL: #28230
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
  • Loading branch information...
sam-github authored and BethGriggs committed Jun 14, 2019
1 parent 3ee076f commit dc9d645ac42853b7abaf19d60ceaba17d7606aa7
Showing with 569 additions and 38,796 deletions.
  1. +17 −0 deps/openssl/openssl/CHANGES
  2. +1 −0 deps/openssl/openssl/Configure
  3. +2 −2 deps/openssl/openssl/Makefile
  4. +2 −2 deps/openssl/openssl/README
  5. +1 −1 deps/openssl/openssl/apps/CA.pl
  6. +1 −10 deps/openssl/openssl/apps/app_rand.c
  7. +8 −23 deps/openssl/openssl/apps/s_client.c
  8. +1 −0 deps/openssl/openssl/config
  9. +2 −2 deps/openssl/openssl/crypto/dh/dh_pmeth.c
  10. +5 −5 deps/openssl/openssl/crypto/dsa/dsa_pmeth.c
  11. +10 −11 deps/openssl/openssl/crypto/ec/ec2_oct.c
  12. +19 −3 deps/openssl/openssl/crypto/ec/ec_lib.c
  13. +2 −2 deps/openssl/openssl/crypto/ec/ec_mult.c
  14. +8 −3 deps/openssl/openssl/crypto/ec/ecp_nistp521.c
  15. +5 −7 deps/openssl/openssl/crypto/ec/ecp_oct.c
  16. +91 −7 deps/openssl/openssl/crypto/ec/ectest.c
  17. +2 −2 deps/openssl/openssl/crypto/ecdh/ech_ossl.c
  18. +24 −25 deps/openssl/openssl/crypto/err/err.c
  19. +2 −1 deps/openssl/openssl/crypto/err/err.h
  20. +270 −1 deps/openssl/openssl/crypto/opensslconf.h
  21. +3 −3 deps/openssl/openssl/crypto/opensslv.h
  22. +7 −7 deps/openssl/openssl/crypto/perlasm/x86masm.pl
  23. +2 −2 deps/openssl/openssl/crypto/rsa/rsa_eay.c
  24. +23 −23 deps/openssl/openssl/crypto/rsa/rsa_oaep.c
  25. +22 −22 deps/openssl/openssl/crypto/rsa/rsa_pk1.c
  26. +2 −2 deps/openssl/openssl/crypto/rsa/rsa_pmeth.c
  27. +29 −26 deps/openssl/openssl/crypto/rsa/rsa_ssl.c
  28. +4 −4 deps/openssl/openssl/doc/apps/genpkey.pod
  29. +0 −149 deps/openssl/openssl/include/openssl/aes.h
  30. +0 −1,424 deps/openssl/openssl/include/openssl/asn1.h
  31. +0 −579 deps/openssl/openssl/include/openssl/asn1_mac.h
  32. +0 −973 deps/openssl/openssl/include/openssl/asn1t.h
  33. +0 −883 deps/openssl/openssl/include/openssl/bio.h
  34. +0 −130 deps/openssl/openssl/include/openssl/blowfish.h
  35. +0 −1,015 deps/openssl/openssl/include/openssl/bn.h
  36. +0 −125 deps/openssl/openssl/include/openssl/buffer.h
  37. +0 −132 deps/openssl/openssl/include/openssl/camellia.h
  38. +0 −107 deps/openssl/openssl/include/openssl/cast.h
  39. +0 −82 deps/openssl/openssl/include/openssl/cmac.h
  40. +0 −555 deps/openssl/openssl/include/openssl/cms.h
  41. +0 −83 deps/openssl/openssl/include/openssl/comp.h
  42. +0 −268 deps/openssl/openssl/include/openssl/conf.h
  43. +0 −89 deps/openssl/openssl/include/openssl/conf_api.h
  44. +0 −661 deps/openssl/openssl/include/openssl/crypto.h
  45. +0 −257 deps/openssl/openssl/include/openssl/des.h
  46. +0 −497 deps/openssl/openssl/include/openssl/des_old.h
  47. +0 −412 deps/openssl/openssl/include/openssl/dh.h
  48. +0 −335 deps/openssl/openssl/include/openssl/dsa.h
  49. +0 −451 deps/openssl/openssl/include/openssl/dso.h
  50. +0 −272 deps/openssl/openssl/include/openssl/dtls1.h
  51. +0 −328 deps/openssl/openssl/include/openssl/e_os2.h
  52. +0 −26 deps/openssl/openssl/include/openssl/ebcdic.h
  53. +0 −1,282 deps/openssl/openssl/include/openssl/ec.h
  54. +0 −134 deps/openssl/openssl/include/openssl/ecdh.h
  55. +0 −335 deps/openssl/openssl/include/openssl/ecdsa.h
  56. +0 −960 deps/openssl/openssl/include/openssl/engine.h
  57. +0 −390 deps/openssl/openssl/include/openssl/err.h
  58. +0 −1,630 deps/openssl/openssl/include/openssl/evp.h
  59. +0 −109 deps/openssl/openssl/include/openssl/hmac.h
  60. +0 −105 deps/openssl/openssl/include/openssl/idea.h
  61. +0 −240 deps/openssl/openssl/include/openssl/krb5_asn.h
  62. +0 −197 deps/openssl/openssl/include/openssl/kssl.h
  63. +0 −240 deps/openssl/openssl/include/openssl/lhash.h
  64. +0 −119 deps/openssl/openssl/include/openssl/md4.h
  65. +0 −119 deps/openssl/openssl/include/openssl/md5.h
  66. +0 −94 deps/openssl/openssl/include/openssl/mdc2.h
  67. +0 −163 deps/openssl/openssl/include/openssl/modes.h
  68. +0 −4,194 deps/openssl/openssl/include/openssl/obj_mac.h
  69. +0 −1,143 deps/openssl/openssl/include/openssl/objects.h
  70. +0 −637 deps/openssl/openssl/include/openssl/ocsp.h
  71. +0 −1 deps/openssl/openssl/include/openssl/opensslconf.h
  72. +0 −97 deps/openssl/openssl/include/openssl/opensslv.h
  73. +0 −213 deps/openssl/openssl/include/openssl/ossl_typ.h
  74. +0 −618 deps/openssl/openssl/include/openssl/pem.h
  75. +0 −70 deps/openssl/openssl/include/openssl/pem2.h
  76. +0 −342 deps/openssl/openssl/include/openssl/pkcs12.h
  77. +0 −481 deps/openssl/openssl/include/openssl/pkcs7.h
  78. +0 −99 deps/openssl/openssl/include/openssl/pqueue.h
  79. +0 −150 deps/openssl/openssl/include/openssl/rand.h
  80. +0 −103 deps/openssl/openssl/include/openssl/rc2.h
  81. +0 −88 deps/openssl/openssl/include/openssl/rc4.h
  82. +0 −105 deps/openssl/openssl/include/openssl/ripemd.h
  83. +0 −664 deps/openssl/openssl/include/openssl/rsa.h
  84. +0 −2,672 deps/openssl/openssl/include/openssl/safestack.h
  85. +0 −149 deps/openssl/openssl/include/openssl/seed.h
  86. +0 −214 deps/openssl/openssl/include/openssl/sha.h
  87. +0 −179 deps/openssl/openssl/include/openssl/srp.h
  88. +0 −147 deps/openssl/openssl/include/openssl/srtp.h
  89. +0 −3,164 deps/openssl/openssl/include/openssl/ssl.h
  90. +0 −265 deps/openssl/openssl/include/openssl/ssl2.h
  91. +0 −84 deps/openssl/openssl/include/openssl/ssl23.h
  92. +0 −774 deps/openssl/openssl/include/openssl/ssl3.h
  93. +0 −107 deps/openssl/openssl/include/openssl/stack.h
  94. +0 −518 deps/openssl/openssl/include/openssl/symhacks.h
  95. +0 −810 deps/openssl/openssl/include/openssl/tls1.h
  96. +0 −865 deps/openssl/openssl/include/openssl/ts.h
  97. +0 −112 deps/openssl/openssl/include/openssl/txt_db.h
  98. +0 −415 deps/openssl/openssl/include/openssl/ui.h
  99. +0 −88 deps/openssl/openssl/include/openssl/ui_compat.h
  100. +0 −41 deps/openssl/openssl/include/openssl/whrlpool.h
  101. +0 −1,330 deps/openssl/openssl/include/openssl/x509.h
  102. +0 −652 deps/openssl/openssl/include/openssl/x509_vfy.h
  103. +0 −1,055 deps/openssl/openssl/include/openssl/x509v3.h
  104. +1 −1 deps/openssl/openssl/openssl.spec
  105. +1 −1 deps/openssl/openssl/ssl/d1_pkt.c
  106. +1 −1 deps/openssl/openssl/ssl/s3_pkt.c
  107. +1 −1 deps/openssl/openssl/tools/c_rehash
@@ -7,6 +7,23 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.

Changes between 1.0.2r and 1.0.2s [28 May 2019]

*) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
This changes the size when using the genpkey app when no size is given. It
fixes an omission in earlier changes that changed all RSA, DSA and DH
generation apps to use 2048 bits by default.
[Kurt Roeckx]

*) Add FIPS support for Android Arm 64-bit

Support for Android Arm 64-bit was added to the OpenSSL FIPS Object
Module in Version 2.0.10. For some reason, the corresponding target
'android64-aarch64' was missing OpenSSL 1.0.2, whence it could not be
built with FIPS support on Android Arm 64-bit. This omission has been
fixed.
[Matthias St. Pierre]

Changes between 1.0.2q and 1.0.2r [26 Feb 2019]

*) 0-byte record padding oracle
@@ -475,6 +475,7 @@ my %table=(
"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android64-aarch64","gcc:-mandroid -fPIC -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-pie%-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

#### *BSD [do see comment about ${BSDthreads} above!]
"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##

VERSION=1.0.2r
VERSION=1.0.2s
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
@@ -70,7 +70,7 @@ AR= ar $(ARFLAGS) r
RANLIB= /usr/bin/ranlib
RC= windres
NM= nm
PERL= /usr/bin/perl
PERL= /usr/local/bin/perl
TAR= tar
TARFLAGS= --no-recursion
MAKEDEPPROG= gcc
@@ -1,7 +1,7 @@

OpenSSL 1.0.2r 26 Feb 2019
OpenSSL 1.0.2s 28 May 2019

Copyright (c) 1998-2018 The OpenSSL Project
Copyright (c) 1998-2019 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.

@@ -1,4 +1,4 @@
#!/usr/bin/perl
#!/usr/local/bin/perl
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes
@@ -124,16 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
char buffer[200];

#ifdef OPENSSL_SYS_WINDOWS
/*
* allocate 2 to dont_warn not to use RAND_screen() via
* -no_rand_screen option in s_client
*/
if (dont_warn != 2) {
BIO_printf(bio_e, "Loading 'screen' into random state -");
BIO_flush(bio_e);
RAND_screen();
BIO_printf(bio_e, " done\n");
}
RAND_screen();
#endif

if (file == NULL)
@@ -180,13 +180,6 @@ typedef unsigned int u_int;
# include <fcntl.h>
#endif

/* Use Windows API with STD_INPUT_HANDLE when checking for input?
Don't look at OPENSSL_SYS_MSDOS for this, since it is always defined if
OPENSSL_SYS_WINDOWS is defined */
#if defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WINCE) && defined(STD_INPUT_HANDLE)
#define OPENSSL_USE_STD_INPUT_HANDLE
#endif

#undef PROG
#define PROG s_client_main

@@ -236,7 +229,6 @@ static BIO *bio_c_msg = NULL;
static int c_quiet = 0;
static int c_ign_eof = 0;
static int c_brief = 0;
static int c_no_rand_screen = 0;

#ifndef OPENSSL_NO_PSK
/* Default PSK identity and key */
@@ -452,10 +444,6 @@ static void sc_usage(void)
" -keymatexport label - Export keying material using label\n");
BIO_printf(bio_err,
" -keymatexportlen len - Export len bytes of keying material (default 20)\n");
#ifdef OPENSSL_SYS_WINDOWS
BIO_printf(bio_err,
" -no_rand_screen - Do not use RAND_screen() to initialize random state\n");
#endif
}

#ifndef OPENSSL_NO_TLSEXT
@@ -1149,10 +1137,6 @@ int MAIN(int argc, char **argv)
keymatexportlen = atoi(*(++argv));
if (keymatexportlen == 0)
goto bad;
#ifdef OPENSSL_SYS_WINDOWS
} else if (strcmp(*argv, "-no_rand_screen") == 0) {
c_no_rand_screen = 1;
#endif
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badop = 1;
@@ -1269,7 +1253,7 @@ int MAIN(int argc, char **argv)
if (!load_excert(&exc, bio_err))
goto end;

if (!app_RAND_load_file(NULL, bio_err, ++c_no_rand_screen) && inrand == NULL
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status()) {
BIO_printf(bio_err,
"warning, not much extra random data, consider using the -rand option\n");
@@ -1809,16 +1793,17 @@ int MAIN(int argc, char **argv)
tv.tv_usec = 0;
i = select(width, (void *)&readfds, (void *)&writefds,
NULL, &tv);
#if defined(OPENSSL_USE_STD_INPUT_HANDLE)
# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
if (!i && (!_kbhit() || !read_tty))
continue;
# else
if (!i && (!((_kbhit())
|| (WAIT_OBJECT_0 ==
WaitForSingleObject(GetStdHandle
(STD_INPUT_HANDLE),
0)))
|| !read_tty))
continue;
#else
if(!i && (!_kbhit() || !read_tty) ) continue;
# endif
} else
i = select(width, (void *)&readfds, (void *)&writefds,
@@ -2020,12 +2005,12 @@ int MAIN(int argc, char **argv)
}
}
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#if defined(OPENSSL_USE_STD_INPUT_HANDLE)
# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
else if (_kbhit())
# else
else if ((_kbhit())
|| (WAIT_OBJECT_0 ==
WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
#else
else if (_kbhit())
# endif
#elif defined (OPENSSL_SYS_NETWARE)
else if (_kbhit())
@@ -871,6 +871,7 @@ case "$GUESSOS" in
*-*-qnx6) OUT="QNX6" ;;
x86-*-android|i?86-*-android) OUT="android-x86" ;;
armv[7-9]*-*-android) OUT="android-armv7" ;;
aarch64-*-android) OUT="android64-aarch64" ;;
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
esac

@@ -3,7 +3,7 @@
* 2006.
*/
/* ====================================================================
* Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
* Copyright (c) 2006-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -101,7 +101,7 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX));
if (!dctx)
return 0;
dctx->prime_len = 1024;
dctx->prime_len = 2048;
dctx->subprime_len = -1;
dctx->generator = 2;
dctx->use_dsa = 0;
@@ -3,7 +3,7 @@
* 2006.
*/
/* ====================================================================
* Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
* Copyright (c) 2006-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -69,8 +69,8 @@

typedef struct {
/* Parameter gen parameters */
int nbits; /* size of p in bits (default: 1024) */
int qbits; /* size of q in bits (default: 160) */
int nbits; /* size of p in bits (default: 2048) */
int qbits; /* size of q in bits (default: 224) */
const EVP_MD *pmd; /* MD for parameter generation */
/* Keygen callback info */
int gentmp[2];
@@ -84,8 +84,8 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
dctx = OPENSSL_malloc(sizeof(DSA_PKEY_CTX));
if (!dctx)
return 0;
dctx->nbits = 1024;
dctx->qbits = 160;
dctx->nbits = 2048;
dctx->qbits = 224;
dctx->pmd = NULL;
dctx->md = NULL;

@@ -14,7 +14,7 @@
*
*/
/* ====================================================================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -299,7 +299,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
BN_CTX *ctx)
{
point_conversion_form_t form;
int y_bit;
int y_bit, m;
BN_CTX *new_ctx = NULL;
BIGNUM *x, *y, *yxi;
size_t field_len, enc_len;
@@ -332,7 +332,8 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
return EC_POINT_set_to_infinity(group, point);
}

field_len = (EC_GROUP_get_degree(group) + 7) / 8;
m = EC_GROUP_get_degree(group);
field_len = (m + 7) / 8;
enc_len =
(form ==
POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
@@ -357,7 +358,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,

if (!BN_bin2bn(buf + 1, field_len, x))
goto err;
if (BN_ucmp(x, &group->field) >= 0) {
if (BN_num_bits(x) > m) {
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
goto err;
}
@@ -369,7 +370,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
} else {
if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
goto err;
if (BN_ucmp(y, &group->field) >= 0) {
if (BN_num_bits(y) > m) {
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
goto err;
}
@@ -382,16 +383,14 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
}
}

/*
* EC_POINT_set_affine_coordinates_GF2m is responsible for checking that
* the point is on the curve.
*/
if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
goto err;
}

/* test required by X9.62 */
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
}

ret = 1;

err:
@@ -3,7 +3,7 @@
* Originally written by Bodo Moeller for the OpenSSL project.
*/
/* ====================================================================
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -872,7 +872,15 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
return 0;

if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
EC_R_POINT_IS_NOT_ON_CURVE);
return 0;
}
return 1;
}

#ifndef OPENSSL_NO_EC2M
@@ -890,7 +898,15 @@ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
return 0;

if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
EC_R_POINT_IS_NOT_ON_CURVE);
return 0;
}
return 1;
}
#endif

@@ -3,7 +3,7 @@
* Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
*/
/* ====================================================================
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -519,7 +519,7 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
ret = 1;

err:
EC_POINT_free(s);
EC_POINT_clear_free(s);
BN_CTX_end(ctx);
BN_CTX_free(new_ctx);

@@ -356,10 +356,15 @@ static void felem_diff64(felem out, const felem in)
static void felem_diff_128_64(largefelem out, const felem in)
{
/*
* In order to prevent underflow, we add 0 mod p before subtracting.
* In order to prevent underflow, we add 64p mod p (which is equivalent
* to 0 mod p) before subtracting. p is 2^521 - 1, i.e. in binary a 521
* digit number with all bits set to 1. See "The representation of field
* elements" comment above for a description of how limbs are used to
* represent a number. 64p is represented with 8 limbs containing a number
* with 58 bits set and one limb with a number with 57 bits set.
*/
static const limb two63m6 = (((limb) 1) << 62) - (((limb) 1) << 5);
static const limb two63m5 = (((limb) 1) << 62) - (((limb) 1) << 4);
static const limb two63m6 = (((limb) 1) << 63) - (((limb) 1) << 6);
static const limb two63m5 = (((limb) 1) << 63) - (((limb) 1) << 5);

out[0] += two63m6 - in[0];
out[1] += two63m5 - in[1];

0 comments on commit dc9d645

Please sign in to comment.
You can’t perform that action at this time.