aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/libs/openssl/crypto/ec/ecp_nistp224.c
diff options
context:
space:
mode:
authortpashkin <tpashkin@yandex-team.ru>2022-02-10 16:46:42 +0300
committerDaniil Cherednik <dcherednik@yandex-team.ru>2022-02-10 16:46:42 +0300
commit656921707c02b816d730f31c1fdc1d615adbfe00 (patch)
tree49e222ea1c5804306084bb3ae065bb702625360f /contrib/libs/openssl/crypto/ec/ecp_nistp224.c
parent5475379a04e37df30085bd1724f1c57e3f40996f (diff)
downloadydb-656921707c02b816d730f31c1fdc1d615adbfe00.tar.gz
Restoring authorship annotation for <tpashkin@yandex-team.ru>. Commit 2 of 2.
Diffstat (limited to 'contrib/libs/openssl/crypto/ec/ecp_nistp224.c')
-rw-r--r--contrib/libs/openssl/crypto/ec/ecp_nistp224.c66
1 files changed, 33 insertions, 33 deletions
diff --git a/contrib/libs/openssl/crypto/ec/ecp_nistp224.c b/contrib/libs/openssl/crypto/ec/ecp_nistp224.c
index 578f616da6..6f7d66c8be 100644
--- a/contrib/libs/openssl/crypto/ec/ecp_nistp224.c
+++ b/contrib/libs/openssl/crypto/ec/ecp_nistp224.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -38,7 +38,7 @@ NON_EMPTY_TRANSLATION_UNIT
# include <stdint.h>
# include <string.h>
# include <openssl/err.h>
-# include "ec_local.h"
+# include "ec_local.h"
# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
/* even with gcc, the typedef won't work for 32-bit platforms */
@@ -908,7 +908,7 @@ static void point_add(felem x3, felem y3, felem z3,
felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, x_out, y_out, z_out;
widefelem tmp, tmp2;
limb z1_is_zero, z2_is_zero, x_equal, y_equal;
- limb points_equal;
+ limb points_equal;
if (!mixed) {
/* ftmp2 = z2^2 */
@@ -965,41 +965,41 @@ static void point_add(felem x3, felem y3, felem z3,
felem_reduce(ftmp, tmp);
/*
- * The formulae are incorrect if the points are equal, in affine coordinates
- * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this
- * happens.
- *
- * We use bitwise operations to avoid potential side-channels introduced by
- * the short-circuiting behaviour of boolean operators.
+ * The formulae are incorrect if the points are equal, in affine coordinates
+ * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this
+ * happens.
+ *
+ * We use bitwise operations to avoid potential side-channels introduced by
+ * the short-circuiting behaviour of boolean operators.
*/
x_equal = felem_is_zero(ftmp);
y_equal = felem_is_zero(ftmp3);
- /*
- * The special case of either point being the point at infinity (z1 and/or
- * z2 are zero), is handled separately later on in this function, so we
- * avoid jumping to point_double here in those special cases.
- */
+ /*
+ * The special case of either point being the point at infinity (z1 and/or
+ * z2 are zero), is handled separately later on in this function, so we
+ * avoid jumping to point_double here in those special cases.
+ */
z1_is_zero = felem_is_zero(z1);
z2_is_zero = felem_is_zero(z2);
-
- /*
- * Compared to `ecp_nistp256.c` and `ecp_nistp521.c`, in this
- * specific implementation `felem_is_zero()` returns truth as `0x1`
- * (rather than `0xff..ff`).
- *
- * This implies that `~true` in this implementation becomes
- * `0xff..fe` (rather than `0x0`): for this reason, to be used in
- * the if expression, we mask out only the last bit in the next
- * line.
- */
- points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero)) & 1;
-
- if (points_equal) {
- /*
- * This is obviously not constant-time but, as mentioned before, this
- * case never happens during single point multiplication, so there is no
- * timing leak for ECDH or ECDSA signing.
- */
+
+ /*
+ * Compared to `ecp_nistp256.c` and `ecp_nistp521.c`, in this
+ * specific implementation `felem_is_zero()` returns truth as `0x1`
+ * (rather than `0xff..ff`).
+ *
+ * This implies that `~true` in this implementation becomes
+ * `0xff..fe` (rather than `0x0`): for this reason, to be used in
+ * the if expression, we mask out only the last bit in the next
+ * line.
+ */
+ points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero)) & 1;
+
+ if (points_equal) {
+ /*
+ * This is obviously not constant-time but, as mentioned before, this
+ * case never happens during single point multiplication, so there is no
+ * timing leak for ECDH or ECDSA signing.
+ */
point_double(x3, y3, z3, x1, y1, z1);
return;
}