feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Constant time changes

Browse Source 
GCM: make borrow constant time.
AES-GCM decrypt: compare at end and constant time.
Random: array_add touchs all elements every time.
RSA-OAEP: look for padding byte in constant time (look at every byte in
array).
SP
 - reduce conditional use (make them bit ops)
 - Fix point adds to not use double when adding infinity to infinity
 - Implement signed div as __divi3 is not constant time.
 - Move check sof input variables to API.
This commit is contained in:
Sean Parkinson
2022-05-04 17:02:45 +10:00
parent e87ded85b4
commit 189c9ab234
10 changed files with 2080 additions and 4490 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
wolfcrypt/src/aes.c
View File

@ -4578,14 +4578,14 @@ static WC_INLINE void RIGHTSHIFTX(byte* x)
{
int i;
int carryIn = 0;
int borrow = x[15] & 0x01;
byte borrow = (0x00 - (x[15] & 0x01)) & 0xE1;
for (i = 0; i < AES_BLOCK_SIZE; i++) {
int carryOut = x[i] & 0x01;
x[i] = (x[i] >> 1) | (carryIn ? 0x80 : 0);
int carryOut = (x[i] & 0x01) << 7;
x[i] = (x[i] >> 1) | carryIn;
carryIn = carryOut;
}
if (borrow) x[0] ^= 0xE1;
x[0] ^= borrow;
}
#endif /* defined(GCM_SMALL) || defined(GCM_TABLE) || defined(GCM_TABLE_4BIT) */
@ -8153,6 +8153,7 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
ALIGN32 byte scratch[AES_BLOCK_SIZE];
ALIGN32 byte Tprime[AES_BLOCK_SIZE];
ALIGN32 byte EKY0[AES_BLOCK_SIZE];
sword32 res;
if (ivSz == GCM_NONCE_MID_SZ) {
/* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
@ -8187,9 +8188,6 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
aes->aadLen = authInSz;
}
#endif
if (ConstantCompare(authTag, Tprime, authTagSz) != 0) {
return AES_GCM_AUTH_E;
}
#if defined(WOLFSSL_PIC32MZ_CRYPT)
if (blocks) {
@ -8248,6 +8246,11 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
XMEMCPY(p, scratch, partial);
}
/* ConstantCompare returns XOR of bytes. */
res = ConstantCompare(authTag, Tprime, authTagSz);
res = (0 - res) >> 31;
ret = (ret & ~res) | (res & AES_GCM_AUTH_E);
return ret;
}

2
wolfcrypt/src/random.c
View File

@ -598,7 +598,7 @@ static WC_INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen
dIdx--;
}
for (; carry != 0 && dIdx >= 0; dIdx--) {
for (; dIdx >= 0; dIdx--) {
carry += (word16)d[dIdx];
d[dIdx] = (byte)carry;
carry >>= 8;

10
wolfcrypt/src/rsa.c
View File

@ -1515,6 +1515,8 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
byte h[WC_MAX_DIGEST_SIZE]; /* max digest size */
byte* tmp;
word32 idx;
word32 i;
word32 inc;
/* no label is allowed, but catch if no label provided and length > 0 */
if (optLabel == NULL && labelLen > 0) {
@ -1561,7 +1563,13 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
/* advance idx to index of PS and msg separator, account for PS size of 0*/
idx = hLen + 1 + hLen;
while (idx < pkcsBlockLen-1 && pkcsBlock[idx] == 0) {idx++;}
/* Don't reveal length of message: look at every byte. */
inc = 1;
for (i = hLen + 1 + hLen; i < pkcsBlockLen - 1; i++) {
/* Looking for non-zero byte. */
inc &= 1 - (((word32)0 - pkcsBlock[i]) >> 31);
idx += inc;
}
/* create hash of label for comparison with hash sent */
if ((ret = wc_Hash(hType, optLabel, labelLen, h, hLen)) != 0) {

149
wolfcrypt/src/sp_arm32.c
View File

@ -4542,10 +4542,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -4697,10 +4694,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -6986,10 +6980,7 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -7132,10 +7123,7 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -7722,6 +7710,12 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
else if (mp_iseven(mm)) {
err = MP_VAL;
}
else if (mp_iseven(pm)) {
err = MP_VAL;
}
else if (mp_iseven(qm)) {
err = MP_VAL;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
@ -8329,7 +8323,7 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -14993,10 +14987,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -15148,10 +15139,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -18269,10 +18257,7 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -18415,10 +18400,7 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -19061,6 +19043,12 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
else if (mp_iseven(mm)) {
err = MP_VAL;
}
else if (mp_iseven(pm)) {
err = MP_VAL;
}
else if (mp_iseven(qm)) {
err = MP_VAL;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
@ -19860,7 +19848,7 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -25972,10 +25960,7 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -26118,10 +26103,7 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -26820,6 +26802,12 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
else if (mp_iseven(mm)) {
err = MP_VAL;
}
else if (mp_iseven(pm)) {
err = MP_VAL;
}
else if (mp_iseven(qm)) {
err = MP_VAL;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
@ -27811,7 +27799,7 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -31201,8 +31189,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
sp_256_mont_reduce_8(r->x, p256_mod, p256_mp_mod);
/* Reduce x to less than modulus */
n = sp_256_cmp_8(r->x, p256_mod);
sp_256_cond_sub_8(r->x, r->x, p256_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_256_cond_sub_8(r->x, r->x, p256_mod, ~(n >> 31));
sp_256_norm_8(r->x);
/* y /= z^3 */
@ -31211,8 +31198,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
sp_256_mont_reduce_8(r->y, p256_mod, p256_mp_mod);
/* Reduce y to less than modulus */
n = sp_256_cmp_8(r->y, p256_mod);
sp_256_cond_sub_8(r->y, r->y, p256_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_256_cond_sub_8(r->y, r->y, p256_mod, ~(n >> 31));
sp_256_norm_8(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -31850,7 +31836,8 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
/* Check double */
(void)sp_256_sub_8(ctx->t1, p256_mod, q->y);
sp_256_norm_8(ctx->t1);
if ((sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
(sp_256_cmp_equal_8(p->y, q->y) | sp_256_cmp_equal_8(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -32018,7 +32005,8 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
/* Check double */
(void)sp_256_sub_8(t1, p256_mod, q->y);
sp_256_norm_8(t1);
if ((sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
(sp_256_cmp_equal_8(p->y, q->y) | sp_256_cmp_equal_8(p->y, t1))) != 0) {
sp_256_proj_point_dbl_8(r, p, t);
}
@ -32051,7 +32039,8 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
sp_256_mont_sub_8(t2, t2, t1, p256_mod);
/* R = S2 - S1 */
sp_256_mont_sub_8(t4, t4, t3, p256_mod);
if (sp_256_iszero_8(t2) & sp_256_iszero_8(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_256_iszero_8(t2) & sp_256_iszero_8(t4) & maskt) {
sp_256_proj_point_dbl_8(r, p, t);
}
else {
@ -32493,7 +32482,8 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r, const sp_point_256* p,
/* Check double */
(void)sp_256_sub_8(t1, p256_mod, q->y);
sp_256_norm_8(t1);
if ((sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
(sp_256_cmp_equal_8(p->y, q->y) | sp_256_cmp_equal_8(p->y, t1))) != 0) {
sp_256_proj_point_dbl_8(r, p, t);
}
@ -40347,8 +40337,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
sp_384_mont_reduce_12(r->x, p384_mod, p384_mp_mod);
/* Reduce x to less than modulus */
n = sp_384_cmp_12(r->x, p384_mod);
sp_384_cond_sub_12(r->x, r->x, p384_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_384_cond_sub_12(r->x, r->x, p384_mod, ~(n >> 31));
sp_384_norm_12(r->x);
/* y /= z^3 */
@ -40357,8 +40346,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
sp_384_mont_reduce_12(r->y, p384_mod, p384_mp_mod);
/* Reduce y to less than modulus */
n = sp_384_cmp_12(r->y, p384_mod);
sp_384_cond_sub_12(r->y, r->y, p384_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_384_cond_sub_12(r->y, r->y, p384_mod, ~(n >> 31));
sp_384_norm_12(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -40886,7 +40874,8 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
/* Check double */
(void)sp_384_sub_12(ctx->t1, p384_mod, q->y);
sp_384_norm_12(ctx->t1);
if ((sp_384_cmp_equal_12(p->x, q->x) & sp_384_cmp_equal_12(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_384_cmp_equal_12(p->x, q->x) & sp_384_cmp_equal_12(p->z, q->z) &
(sp_384_cmp_equal_12(p->y, q->y) | sp_384_cmp_equal_12(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -41054,7 +41043,8 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
/* Check double */
(void)sp_384_sub_12(t1, p384_mod, q->y);
sp_384_norm_12(t1);
if ((sp_384_cmp_equal_12(p->x, q->x) & sp_384_cmp_equal_12(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_384_cmp_equal_12(p->x, q->x) & sp_384_cmp_equal_12(p->z, q->z) &
(sp_384_cmp_equal_12(p->y, q->y) | sp_384_cmp_equal_12(p->y, t1))) != 0) {
sp_384_proj_point_dbl_12(r, p, t);
}
@ -41087,7 +41077,8 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
sp_384_mont_sub_12(t2, t2, t1, p384_mod);
/* R = S2 - S1 */
sp_384_mont_sub_12(t4, t4, t3, p384_mod);
if (sp_384_iszero_12(t2) & sp_384_iszero_12(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_384_iszero_12(t2) & sp_384_iszero_12(t4) & maskt) {
sp_384_proj_point_dbl_12(r, p, t);
}
else {
@ -41553,7 +41544,8 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r, const sp_point_384* p,
/* Check double */
(void)sp_384_sub_12(t1, p384_mod, q->y);
sp_384_norm_12(t1);
if ((sp_384_cmp_equal_12(p->x, q->x) & sp_384_cmp_equal_12(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_384_cmp_equal_12(p->x, q->x) & sp_384_cmp_equal_12(p->z, q->z) &
(sp_384_cmp_equal_12(p->y, q->y) | sp_384_cmp_equal_12(p->y, t1))) != 0) {
sp_384_proj_point_dbl_12(r, p, t);
}
@ -51424,8 +51416,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
sp_521_mont_reduce_17(r->x, p521_mod, p521_mp_mod);
/* Reduce x to less than modulus */
n = sp_521_cmp_17(r->x, p521_mod);
sp_521_cond_sub_17(r->x, r->x, p521_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_521_cond_sub_17(r->x, r->x, p521_mod, ~(n >> 31));
sp_521_norm_17(r->x);
/* y /= z^3 */
@ -51434,8 +51425,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
sp_521_mont_reduce_17(r->y, p521_mod, p521_mp_mod);
/* Reduce y to less than modulus */
n = sp_521_cmp_17(r->y, p521_mod);
sp_521_cond_sub_17(r->y, r->y, p521_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_521_cond_sub_17(r->y, r->y, p521_mod, ~(n >> 31));
sp_521_norm_17(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -52307,7 +52297,8 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
/* Check double */
(void)sp_521_sub_17(ctx->t1, p521_mod, q->y);
sp_521_norm_17(ctx->t1);
if ((sp_521_cmp_equal_17(p->x, q->x) & sp_521_cmp_equal_17(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_521_cmp_equal_17(p->x, q->x) & sp_521_cmp_equal_17(p->z, q->z) &
(sp_521_cmp_equal_17(p->y, q->y) | sp_521_cmp_equal_17(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -52475,7 +52466,8 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
/* Check double */
(void)sp_521_sub_17(t1, p521_mod, q->y);
sp_521_norm_17(t1);
if ((sp_521_cmp_equal_17(p->x, q->x) & sp_521_cmp_equal_17(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_521_cmp_equal_17(p->x, q->x) & sp_521_cmp_equal_17(p->z, q->z) &
(sp_521_cmp_equal_17(p->y, q->y) | sp_521_cmp_equal_17(p->y, t1))) != 0) {
sp_521_proj_point_dbl_17(r, p, t);
}
@ -52508,7 +52500,8 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
sp_521_mont_sub_17(t2, t2, t1, p521_mod);
/* R = S2 - S1 */
sp_521_mont_sub_17(t4, t4, t3, p521_mod);
if (sp_521_iszero_17(t2) & sp_521_iszero_17(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_521_iszero_17(t2) & sp_521_iszero_17(t4) & maskt) {
sp_521_proj_point_dbl_17(r, p, t);
}
else {
@ -53008,7 +53001,8 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r, const sp_point_521* p,
/* Check double */
(void)sp_521_sub_17(t1, p521_mod, q->y);
sp_521_norm_17(t1);
if ((sp_521_cmp_equal_17(p->x, q->x) & sp_521_cmp_equal_17(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_521_cmp_equal_17(p->x, q->x) & sp_521_cmp_equal_17(p->z, q->z) &
(sp_521_cmp_equal_17(p->y, q->y) | sp_521_cmp_equal_17(p->y, t1))) != 0) {
sp_521_proj_point_dbl_17(r, p, t);
}
@ -64519,8 +64513,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
sp_1024_mont_reduce_32(r->x, p1024_mod, p1024_mp_mod);
/* Reduce x to less than modulus */
n = sp_1024_cmp_32(r->x, p1024_mod);
sp_1024_cond_sub_32(r->x, r->x, p1024_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_1024_cond_sub_32(r->x, r->x, p1024_mod, ~(n >> 31));
sp_1024_norm_32(r->x);
/* y /= z^3 */
@ -64529,8 +64522,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
sp_1024_mont_reduce_32(r->y, p1024_mod, p1024_mp_mod);
/* Reduce y to less than modulus */
n = sp_1024_cmp_32(r->y, p1024_mod);
sp_1024_cond_sub_32(r->y, r->y, p1024_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_1024_cond_sub_32(r->y, r->y, p1024_mod, ~(n >> 31));
sp_1024_norm_32(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -66089,7 +66081,8 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
/* Check double */
(void)sp_1024_sub_32(ctx->t1, p1024_mod, q->y);
sp_1024_norm_32(ctx->t1);
if ((sp_1024_cmp_equal_32(p->x, q->x) & sp_1024_cmp_equal_32(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_1024_cmp_equal_32(p->x, q->x) & sp_1024_cmp_equal_32(p->z, q->z) &
(sp_1024_cmp_equal_32(p->y, q->y) | sp_1024_cmp_equal_32(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -66257,7 +66250,8 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
/* Check double */
(void)sp_1024_mont_sub_32(t1, p1024_mod, q->y, p1024_mod);
sp_1024_norm_32(t1);
if ((sp_1024_cmp_equal_32(p->x, q->x) & sp_1024_cmp_equal_32(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_1024_cmp_equal_32(p->x, q->x) & sp_1024_cmp_equal_32(p->z, q->z) &
(sp_1024_cmp_equal_32(p->y, q->y) | sp_1024_cmp_equal_32(p->y, t1))) != 0) {
sp_1024_proj_point_dbl_32(r, p, t);
}
@ -66290,7 +66284,8 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
sp_1024_mont_sub_32(t2, t2, t1, p1024_mod);
/* R = S2 - S1 */
sp_1024_mont_sub_32(t4, t4, t3, p1024_mod);
if (sp_1024_iszero_32(t2) & sp_1024_iszero_32(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_1024_iszero_32(t2) & sp_1024_iszero_32(t4) & maskt) {
sp_1024_proj_point_dbl_32(r, p, t);
}
else {
@ -66620,7 +66615,8 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r, const sp_point_1024*
/* Check double */
(void)sp_1024_mont_sub_32(t1, p1024_mod, q->y, p1024_mod);
sp_1024_norm_32(t1);
if ((sp_1024_cmp_equal_32(p->x, q->x) & sp_1024_cmp_equal_32(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_1024_cmp_equal_32(p->x, q->x) & sp_1024_cmp_equal_32(p->z, q->z) &
(sp_1024_cmp_equal_32(p->y, q->y) | sp_1024_cmp_equal_32(p->y, t1))) != 0) {
sp_1024_proj_point_dbl_32(r, p, t);
}
@ -74782,8 +74778,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
sp_1024_mont_add_32(t1, t1, point->x, p1024_mod);
n = sp_1024_cmp_32(t1, p1024_mod);
sp_1024_cond_sub_32(t1, t1, p1024_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_1024_cond_sub_32(t1, t1, p1024_mod, ~(n >> 31));
sp_1024_norm_32(t1);
if (!sp_1024_iszero_32(t1)) {
err = MP_VAL;

149
wolfcrypt/src/sp_arm64.c
View File

@ -3995,10 +3995,7 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -4150,10 +4147,7 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -5599,10 +5593,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -5771,10 +5762,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -6271,6 +6259,12 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
else if (mp_iseven(mm)) {
err = MP_VAL;
}
else if (mp_iseven(pm)) {
err = MP_VAL;
}
else if (mp_iseven(qm)) {
err = MP_VAL;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
@ -6688,7 +6682,7 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -13138,10 +13132,7 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -13293,10 +13284,7 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -15134,10 +15122,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -15280,10 +15265,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -15730,6 +15712,12 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
else if (mp_iseven(mm)) {
err = MP_VAL;
}
else if (mp_iseven(pm)) {
err = MP_VAL;
}
else if (mp_iseven(qm)) {
err = MP_VAL;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
@ -16243,7 +16231,7 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -20195,10 +20183,7 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -20341,10 +20326,7 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -20791,6 +20773,12 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
else if (mp_iseven(mm)) {
err = MP_VAL;
}
else if (mp_iseven(pm)) {
err = MP_VAL;
}
else if (mp_iseven(qm)) {
err = MP_VAL;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
@ -21400,7 +21388,7 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -23067,8 +23055,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p,
sp_256_mont_reduce_4(r->x, p256_mod, p256_mp_mod);
/* Reduce x to less than modulus */
n = sp_256_cmp_4(r->x, p256_mod);
sp_256_cond_sub_4(r->x, r->x, p256_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_256_cond_sub_4(r->x, r->x, p256_mod, ~(n >> 63));
sp_256_norm_4(r->x);
/* y /= z^3 */
@ -23077,8 +23064,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p,
sp_256_mont_reduce_4(r->y, p256_mod, p256_mp_mod);
/* Reduce y to less than modulus */
n = sp_256_cmp_4(r->y, p256_mod);
sp_256_cond_sub_4(r->y, r->y, p256_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_256_cond_sub_4(r->y, r->y, p256_mod, ~(n >> 63));
sp_256_norm_4(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -23730,7 +23716,8 @@ static int sp_256_proj_point_add_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
/* Check double */
(void)sp_256_sub_4(ctx->t1, p256_mod, q->y);
sp_256_norm_4(ctx->t1);
if ((sp_256_cmp_equal_4(p->x, q->x) & sp_256_cmp_equal_4(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_256_cmp_equal_4(p->x, q->x) & sp_256_cmp_equal_4(p->z, q->z) &
(sp_256_cmp_equal_4(p->y, q->y) | sp_256_cmp_equal_4(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -23898,7 +23885,8 @@ static void sp_256_proj_point_add_4(sp_point_256* r,
/* Check double */
(void)sp_256_sub_4(t1, p256_mod, q->y);
sp_256_norm_4(t1);
if ((sp_256_cmp_equal_4(p->x, q->x) & sp_256_cmp_equal_4(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_256_cmp_equal_4(p->x, q->x) & sp_256_cmp_equal_4(p->z, q->z) &
(sp_256_cmp_equal_4(p->y, q->y) | sp_256_cmp_equal_4(p->y, t1))) != 0) {
sp_256_proj_point_dbl_4(r, p, t);
}
@ -23931,7 +23919,8 @@ static void sp_256_proj_point_add_4(sp_point_256* r,
sp_256_mont_sub_4(t2, t2, t1, p256_mod);
/* R = S2 - S1 */
sp_256_mont_sub_4(t4, t4, t3, p256_mod);
if (sp_256_iszero_4(t2) & sp_256_iszero_4(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_256_iszero_4(t2) & sp_256_iszero_4(t4) & maskt) {
sp_256_proj_point_dbl_4(r, p, t);
}
else {
@ -24408,7 +24397,8 @@ static void sp_256_proj_point_add_qz1_4(sp_point_256* r, const sp_point_256* p,
/* Check double */
(void)sp_256_sub_4(t1, p256_mod, q->y);
sp_256_norm_4(t1);
if ((sp_256_cmp_equal_4(p->x, q->x) & sp_256_cmp_equal_4(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_256_cmp_equal_4(p->x, q->x) & sp_256_cmp_equal_4(p->z, q->z) &
(sp_256_cmp_equal_4(p->y, q->y) | sp_256_cmp_equal_4(p->y, t1))) != 0) {
sp_256_proj_point_dbl_4(r, p, t);
}
@ -43180,8 +43170,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p,
sp_384_mont_reduce_6(r->x, p384_mod, p384_mp_mod);
/* Reduce x to less than modulus */
n = sp_384_cmp_6(r->x, p384_mod);
sp_384_cond_sub_6(r->x, r->x, p384_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_384_cond_sub_6(r->x, r->x, p384_mod, ~(n >> 63));
sp_384_norm_6(r->x);
/* y /= z^3 */
@ -43190,8 +43179,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p,
sp_384_mont_reduce_6(r->y, p384_mod, p384_mp_mod);
/* Reduce y to less than modulus */
n = sp_384_cmp_6(r->y, p384_mod);
sp_384_cond_sub_6(r->y, r->y, p384_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_384_cond_sub_6(r->y, r->y, p384_mod, ~(n >> 63));
sp_384_norm_6(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -43752,7 +43740,8 @@ static int sp_384_proj_point_add_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
/* Check double */
(void)sp_384_sub_6(ctx->t1, p384_mod, q->y);
sp_384_norm_6(ctx->t1);
if ((sp_384_cmp_equal_6(p->x, q->x) & sp_384_cmp_equal_6(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_384_cmp_equal_6(p->x, q->x) & sp_384_cmp_equal_6(p->z, q->z) &
(sp_384_cmp_equal_6(p->y, q->y) | sp_384_cmp_equal_6(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -43920,7 +43909,8 @@ static void sp_384_proj_point_add_6(sp_point_384* r,
/* Check double */
(void)sp_384_sub_6(t1, p384_mod, q->y);
sp_384_norm_6(t1);
if ((sp_384_cmp_equal_6(p->x, q->x) & sp_384_cmp_equal_6(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_384_cmp_equal_6(p->x, q->x) & sp_384_cmp_equal_6(p->z, q->z) &
(sp_384_cmp_equal_6(p->y, q->y) | sp_384_cmp_equal_6(p->y, t1))) != 0) {
sp_384_proj_point_dbl_6(r, p, t);
}
@ -43953,7 +43943,8 @@ static void sp_384_proj_point_add_6(sp_point_384* r,
sp_384_mont_sub_6(t2, t2, t1, p384_mod);
/* R = S2 - S1 */
sp_384_mont_sub_6(t4, t4, t3, p384_mod);
if (sp_384_iszero_6(t2) & sp_384_iszero_6(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_384_iszero_6(t2) & sp_384_iszero_6(t4) & maskt) {
sp_384_proj_point_dbl_6(r, p, t);
}
else {
@ -44446,7 +44437,8 @@ static void sp_384_proj_point_add_qz1_6(sp_point_384* r, const sp_point_384* p,
/* Check double */
(void)sp_384_sub_6(t1, p384_mod, q->y);
sp_384_norm_6(t1);
if ((sp_384_cmp_equal_6(p->x, q->x) & sp_384_cmp_equal_6(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_384_cmp_equal_6(p->x, q->x) & sp_384_cmp_equal_6(p->z, q->z) &
(sp_384_cmp_equal_6(p->y, q->y) | sp_384_cmp_equal_6(p->y, t1))) != 0) {
sp_384_proj_point_dbl_6(r, p, t);
}
@ -71120,8 +71112,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
sp_521_mont_reduce_9(r->x, p521_mod, p521_mp_mod);
/* Reduce x to less than modulus */
n = sp_521_cmp_9(r->x, p521_mod);
sp_521_cond_sub_9(r->x, r->x, p521_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 63));
sp_521_norm_9(r->x);
/* y /= z^3 */
@ -71130,8 +71121,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
sp_521_mont_reduce_9(r->y, p521_mod, p521_mp_mod);
/* Reduce y to less than modulus */
n = sp_521_cmp_9(r->y, p521_mod);
sp_521_cond_sub_9(r->y, r->y, p521_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_521_cond_sub_9(r->y, r->y, p521_mod, ~(n >> 63));
sp_521_norm_9(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -71862,7 +71852,8 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
/* Check double */
(void)sp_521_sub_9(ctx->t1, p521_mod, q->y);
sp_521_norm_9(ctx->t1);
if ((sp_521_cmp_equal_9(p->x, q->x) & sp_521_cmp_equal_9(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_521_cmp_equal_9(p->x, q->x) & sp_521_cmp_equal_9(p->z, q->z) &
(sp_521_cmp_equal_9(p->y, q->y) | sp_521_cmp_equal_9(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -72030,7 +72021,8 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
/* Check double */
(void)sp_521_sub_9(t1, p521_mod, q->y);
sp_521_norm_9(t1);
if ((sp_521_cmp_equal_9(p->x, q->x) & sp_521_cmp_equal_9(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_521_cmp_equal_9(p->x, q->x) & sp_521_cmp_equal_9(p->z, q->z) &
(sp_521_cmp_equal_9(p->y, q->y) | sp_521_cmp_equal_9(p->y, t1))) != 0) {
sp_521_proj_point_dbl_9(r, p, t);
}
@ -72063,7 +72055,8 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
sp_521_mont_sub_9(t2, t2, t1, p521_mod);
/* R = S2 - S1 */
sp_521_mont_sub_9(t4, t4, t3, p521_mod);
if (sp_521_iszero_9(t2) & sp_521_iszero_9(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_521_iszero_9(t2) & sp_521_iszero_9(t4) & maskt) {
sp_521_proj_point_dbl_9(r, p, t);
}
else {
@ -72574,7 +72567,8 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r, const sp_point_521* p,
/* Check double */
(void)sp_521_sub_9(t1, p521_mod, q->y);
sp_521_norm_9(t1);
if ((sp_521_cmp_equal_9(p->x, q->x) & sp_521_cmp_equal_9(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_521_cmp_equal_9(p->x, q->x) & sp_521_cmp_equal_9(p->z, q->z) &
(sp_521_cmp_equal_9(p->y, q->y) | sp_521_cmp_equal_9(p->y, t1))) != 0) {
sp_521_proj_point_dbl_9(r, p, t);
}
@ -114629,8 +114623,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p,
sp_1024_mont_reduce_16(r->x, p1024_mod, p1024_mp_mod);
/* Reduce x to less than modulus */
n = sp_1024_cmp_16(r->x, p1024_mod);
sp_1024_cond_sub_16(r->x, r->x, p1024_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_1024_cond_sub_16(r->x, r->x, p1024_mod, ~(n >> 63));
sp_1024_norm_16(r->x);
/* y /= z^3 */
@ -114639,8 +114632,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p,
sp_1024_mont_reduce_16(r->y, p1024_mod, p1024_mp_mod);
/* Reduce y to less than modulus */
n = sp_1024_cmp_16(r->y, p1024_mod);
sp_1024_cond_sub_16(r->y, r->y, p1024_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_1024_cond_sub_16(r->y, r->y, p1024_mod, ~(n >> 63));
sp_1024_norm_16(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -115765,7 +115757,8 @@ static int sp_1024_proj_point_add_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
/* Check double */
(void)sp_1024_sub_16(ctx->t1, p1024_mod, q->y);
sp_1024_norm_16(ctx->t1);
if ((sp_1024_cmp_equal_16(p->x, q->x) & sp_1024_cmp_equal_16(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_1024_cmp_equal_16(p->x, q->x) & sp_1024_cmp_equal_16(p->z, q->z) &
(sp_1024_cmp_equal_16(p->y, q->y) | sp_1024_cmp_equal_16(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -115933,7 +115926,8 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r,
/* Check double */
(void)sp_1024_mont_sub_16(t1, p1024_mod, q->y, p1024_mod);
sp_1024_norm_16(t1);
if ((sp_1024_cmp_equal_16(p->x, q->x) & sp_1024_cmp_equal_16(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_1024_cmp_equal_16(p->x, q->x) & sp_1024_cmp_equal_16(p->z, q->z) &
(sp_1024_cmp_equal_16(p->y, q->y) | sp_1024_cmp_equal_16(p->y, t1))) != 0) {
sp_1024_proj_point_dbl_16(r, p, t);
}
@ -115966,7 +115960,8 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r,
sp_1024_mont_sub_16(t2, t2, t1, p1024_mod);
/* R = S2 - S1 */
sp_1024_mont_sub_16(t4, t4, t3, p1024_mod);
if (sp_1024_iszero_16(t2) & sp_1024_iszero_16(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_1024_iszero_16(t2) & sp_1024_iszero_16(t4) & maskt) {
sp_1024_proj_point_dbl_16(r, p, t);
}
else {
@ -116416,7 +116411,8 @@ static void sp_1024_proj_point_add_qz1_16(sp_point_1024* r, const sp_point_1024*
/* Check double */
(void)sp_1024_mont_sub_16(t1, p1024_mod, q->y, p1024_mod);
sp_1024_norm_16(t1);
if ((sp_1024_cmp_equal_16(p->x, q->x) & sp_1024_cmp_equal_16(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_1024_cmp_equal_16(p->x, q->x) & sp_1024_cmp_equal_16(p->z, q->z) &
(sp_1024_cmp_equal_16(p->y, q->y) | sp_1024_cmp_equal_16(p->y, t1))) != 0) {
sp_1024_proj_point_dbl_16(r, p, t);
}
@ -123807,8 +123803,7 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point,
sp_1024_mont_add_16(t1, t1, point->x, p1024_mod);
n = sp_1024_cmp_16(t1, p1024_mod);
sp_1024_cond_sub_16(t1, t1, p1024_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_1024_cond_sub_16(t1, t1, p1024_mod, ~(n >> 63));
sp_1024_norm_16(t1);
if (!sp_1024_iszero_16(t1)) {
err = MP_VAL;

149
wolfcrypt/src/sp_armthumb.c
View File

@ -23882,10 +23882,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -24037,10 +24034,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -27346,10 +27340,7 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -27492,10 +27483,7 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -27975,6 +27963,12 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
else if (mp_iseven(mm)) {
err = MP_VAL;
}
else if (mp_iseven(pm)) {
err = MP_VAL;
}
else if (mp_iseven(qm)) {
err = MP_VAL;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
@ -29780,7 +29774,7 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -75092,10 +75086,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -75247,10 +75238,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -79387,10 +79375,7 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -79533,10 +79518,7 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -80016,6 +79998,12 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
else if (mp_iseven(mm)) {
err = MP_VAL;
}
else if (mp_iseven(pm)) {
err = MP_VAL;
}
else if (mp_iseven(qm)) {
err = MP_VAL;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
@ -82619,7 +82607,7 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -91801,10 +91789,7 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -91947,10 +91932,7 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -92435,6 +92417,12 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
else if (mp_iseven(mm)) {
err = MP_VAL;
}
else if (mp_iseven(pm)) {
err = MP_VAL;
}
else if (mp_iseven(qm)) {
err = MP_VAL;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
@ -95826,7 +95814,7 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -98642,8 +98630,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
sp_256_mont_reduce_8(r->x, p256_mod, p256_mp_mod);
/* Reduce x to less than modulus */
n = sp_256_cmp_8(r->x, p256_mod);
sp_256_cond_sub_8(r->x, r->x, p256_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_256_cond_sub_8(r->x, r->x, p256_mod, ~(n >> 31));
sp_256_norm_8(r->x);
/* y /= z^3 */
@ -98652,8 +98639,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
sp_256_mont_reduce_8(r->y, p256_mod, p256_mp_mod);
/* Reduce y to less than modulus */
n = sp_256_cmp_8(r->y, p256_mod);
sp_256_cond_sub_8(r->y, r->y, p256_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_256_cond_sub_8(r->y, r->y, p256_mod, ~(n >> 31));
sp_256_norm_8(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -100090,7 +100076,8 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
/* Check double */
(void)sp_256_sub_8(ctx->t1, p256_mod, q->y);
sp_256_norm_8(ctx->t1);
if ((sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
(sp_256_cmp_equal_8(p->y, q->y) | sp_256_cmp_equal_8(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -100258,7 +100245,8 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
/* Check double */
(void)sp_256_sub_8(t1, p256_mod, q->y);
sp_256_norm_8(t1);
if ((sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
(sp_256_cmp_equal_8(p->y, q->y) | sp_256_cmp_equal_8(p->y, t1))) != 0) {
sp_256_proj_point_dbl_8(r, p, t);
}
@ -100291,7 +100279,8 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
sp_256_mont_sub_8(t2, t2, t1, p256_mod);
/* R = S2 - S1 */
sp_256_mont_sub_8(t4, t4, t3, p256_mod);
if (sp_256_iszero_8(t2) & sp_256_iszero_8(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_256_iszero_8(t2) & sp_256_iszero_8(t4) & maskt) {
sp_256_proj_point_dbl_8(r, p, t);
}
else {
@ -100733,7 +100722,8 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r, const sp_point_256* p,
/* Check double */
(void)sp_256_sub_8(t1, p256_mod, q->y);
sp_256_norm_8(t1);
if ((sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
(sp_256_cmp_equal_8(p->y, q->y) | sp_256_cmp_equal_8(p->y, t1))) != 0) {
sp_256_proj_point_dbl_8(r, p, t);
}
@ -109790,8 +109780,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
sp_384_mont_reduce_12(r->x, p384_mod, p384_mp_mod);
/* Reduce x to less than modulus */
n = sp_384_cmp_12(r->x, p384_mod);
sp_384_cond_sub_12(r->x, r->x, p384_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_384_cond_sub_12(r->x, r->x, p384_mod, ~(n >> 31));
sp_384_norm_12(r->x);
/* y /= z^3 */
@ -109800,8 +109789,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
sp_384_mont_reduce_12(r->y, p384_mod, p384_mp_mod);
/* Reduce y to less than modulus */
n = sp_384_cmp_12(r->y, p384_mod);
sp_384_cond_sub_12(r->y, r->y, p384_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_384_cond_sub_12(r->y, r->y, p384_mod, ~(n >> 31));
sp_384_norm_12(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -110471,7 +110459,8 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
/* Check double */
(void)sp_384_sub_12(ctx->t1, p384_mod, q->y);
sp_384_norm_12(ctx->t1);
if ((sp_384_cmp_equal_12(p->x, q->x) & sp_384_cmp_equal_12(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_384_cmp_equal_12(p->x, q->x) & sp_384_cmp_equal_12(p->z, q->z) &
(sp_384_cmp_equal_12(p->y, q->y) | sp_384_cmp_equal_12(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -110639,7 +110628,8 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
/* Check double */
(void)sp_384_sub_12(t1, p384_mod, q->y);
sp_384_norm_12(t1);
if ((sp_384_cmp_equal_12(p->x, q->x) & sp_384_cmp_equal_12(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_384_cmp_equal_12(p->x, q->x) & sp_384_cmp_equal_12(p->z, q->z) &
(sp_384_cmp_equal_12(p->y, q->y) | sp_384_cmp_equal_12(p->y, t1))) != 0) {
sp_384_proj_point_dbl_12(r, p, t);
}
@ -110672,7 +110662,8 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
sp_384_mont_sub_12(t2, t2, t1, p384_mod);
/* R = S2 - S1 */
sp_384_mont_sub_12(t4, t4, t3, p384_mod);
if (sp_384_iszero_12(t2) & sp_384_iszero_12(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_384_iszero_12(t2) & sp_384_iszero_12(t4) & maskt) {
sp_384_proj_point_dbl_12(r, p, t);
}
else {
@ -111138,7 +111129,8 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r, const sp_point_384* p,
/* Check double */
(void)sp_384_sub_12(t1, p384_mod, q->y);
sp_384_norm_12(t1);
if ((sp_384_cmp_equal_12(p->x, q->x) & sp_384_cmp_equal_12(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_384_cmp_equal_12(p->x, q->x) & sp_384_cmp_equal_12(p->z, q->z) &
(sp_384_cmp_equal_12(p->y, q->y) | sp_384_cmp_equal_12(p->y, t1))) != 0) {
sp_384_proj_point_dbl_12(r, p, t);
}
@ -121832,8 +121824,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
sp_521_mont_reduce_17(r->x, p521_mod, p521_mp_mod);
/* Reduce x to less than modulus */
n = sp_521_cmp_17(r->x, p521_mod);
sp_521_cond_sub_17(r->x, r->x, p521_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_521_cond_sub_17(r->x, r->x, p521_mod, ~(n >> 31));
sp_521_norm_17(r->x);
/* y /= z^3 */
@ -121842,8 +121833,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
sp_521_mont_reduce_17(r->y, p521_mod, p521_mp_mod);
/* Reduce y to less than modulus */
n = sp_521_cmp_17(r->y, p521_mod);
sp_521_cond_sub_17(r->y, r->y, p521_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_521_cond_sub_17(r->y, r->y, p521_mod, ~(n >> 31));
sp_521_norm_17(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -124015,7 +124005,8 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
/* Check double */
(void)sp_521_sub_17(ctx->t1, p521_mod, q->y);
sp_521_norm_17(ctx->t1);
if ((sp_521_cmp_equal_17(p->x, q->x) & sp_521_cmp_equal_17(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_521_cmp_equal_17(p->x, q->x) & sp_521_cmp_equal_17(p->z, q->z) &
(sp_521_cmp_equal_17(p->y, q->y) | sp_521_cmp_equal_17(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -124183,7 +124174,8 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
/* Check double */
(void)sp_521_sub_17(t1, p521_mod, q->y);
sp_521_norm_17(t1);
if ((sp_521_cmp_equal_17(p->x, q->x) & sp_521_cmp_equal_17(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_521_cmp_equal_17(p->x, q->x) & sp_521_cmp_equal_17(p->z, q->z) &
(sp_521_cmp_equal_17(p->y, q->y) | sp_521_cmp_equal_17(p->y, t1))) != 0) {
sp_521_proj_point_dbl_17(r, p, t);
}
@ -124216,7 +124208,8 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
sp_521_mont_sub_17(t2, t2, t1, p521_mod);
/* R = S2 - S1 */
sp_521_mont_sub_17(t4, t4, t3, p521_mod);
if (sp_521_iszero_17(t2) & sp_521_iszero_17(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_521_iszero_17(t2) & sp_521_iszero_17(t4) & maskt) {
sp_521_proj_point_dbl_17(r, p, t);
}
else {
@ -124716,7 +124709,8 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r, const sp_point_521* p,
/* Check double */
(void)sp_521_sub_17(t1, p521_mod, q->y);
sp_521_norm_17(t1);
if ((sp_521_cmp_equal_17(p->x, q->x) & sp_521_cmp_equal_17(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_521_cmp_equal_17(p->x, q->x) & sp_521_cmp_equal_17(p->z, q->z) &
(sp_521_cmp_equal_17(p->y, q->y) | sp_521_cmp_equal_17(p->y, t1))) != 0) {
sp_521_proj_point_dbl_17(r, p, t);
}
@ -202259,8 +202253,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
sp_1024_mont_reduce_32(r->x, p1024_mod, p1024_mp_mod);
/* Reduce x to less than modulus */
n = sp_1024_cmp_32(r->x, p1024_mod);
sp_1024_cond_sub_32(r->x, r->x, p1024_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_1024_cond_sub_32(r->x, r->x, p1024_mod, ~(n >> 31));
sp_1024_norm_32(r->x);
/* y /= z^3 */
@ -202269,8 +202262,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
sp_1024_mont_reduce_32(r->y, p1024_mod, p1024_mp_mod);
/* Reduce y to less than modulus */
n = sp_1024_cmp_32(r->y, p1024_mod);
sp_1024_cond_sub_32(r->y, r->y, p1024_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_1024_cond_sub_32(r->y, r->y, p1024_mod, ~(n >> 31));
sp_1024_norm_32(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -208620,7 +208612,8 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
/* Check double */
(void)sp_1024_sub_32(ctx->t1, p1024_mod, q->y);
sp_1024_norm_32(ctx->t1);
if ((sp_1024_cmp_equal_32(p->x, q->x) & sp_1024_cmp_equal_32(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_1024_cmp_equal_32(p->x, q->x) & sp_1024_cmp_equal_32(p->z, q->z) &
(sp_1024_cmp_equal_32(p->y, q->y) | sp_1024_cmp_equal_32(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -208788,7 +208781,8 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
/* Check double */
(void)sp_1024_mont_sub_32(t1, p1024_mod, q->y, p1024_mod);
sp_1024_norm_32(t1);
if ((sp_1024_cmp_equal_32(p->x, q->x) & sp_1024_cmp_equal_32(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_1024_cmp_equal_32(p->x, q->x) & sp_1024_cmp_equal_32(p->z, q->z) &
(sp_1024_cmp_equal_32(p->y, q->y) | sp_1024_cmp_equal_32(p->y, t1))) != 0) {
sp_1024_proj_point_dbl_32(r, p, t);
}
@ -208821,7 +208815,8 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
sp_1024_mont_sub_32(t2, t2, t1, p1024_mod);
/* R = S2 - S1 */
sp_1024_mont_sub_32(t4, t4, t3, p1024_mod);
if (sp_1024_iszero_32(t2) & sp_1024_iszero_32(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_1024_iszero_32(t2) & sp_1024_iszero_32(t4) & maskt) {
sp_1024_proj_point_dbl_32(r, p, t);
}
else {
@ -209151,7 +209146,8 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r, const sp_point_1024*
/* Check double */
(void)sp_1024_mont_sub_32(t1, p1024_mod, q->y, p1024_mod);
sp_1024_norm_32(t1);
if ((sp_1024_cmp_equal_32(p->x, q->x) & sp_1024_cmp_equal_32(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_1024_cmp_equal_32(p->x, q->x) & sp_1024_cmp_equal_32(p->z, q->z) &
(sp_1024_cmp_equal_32(p->y, q->y) | sp_1024_cmp_equal_32(p->y, t1))) != 0) {
sp_1024_proj_point_dbl_32(r, p, t);
}
@ -217313,8 +217309,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
sp_1024_mont_add_32(t1, t1, point->x, p1024_mod);
n = sp_1024_cmp_32(t1, p1024_mod);
sp_1024_cond_sub_32(t1, t1, p1024_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_1024_cond_sub_32(t1, t1, p1024_mod, ~(n >> 31));
sp_1024_norm_32(t1);
if (!sp_1024_iszero_32(t1)) {
err = MP_VAL;

2465
wolfcrypt/src/sp_c32.c
View File

File diff suppressed because it is too large Load Diff

3245
wolfcrypt/src/sp_c64.c
View File

File diff suppressed because it is too large Load Diff

149
wolfcrypt/src/sp_cortexm.c
View File

@ -3433,10 +3433,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -3588,10 +3585,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -4426,10 +4420,7 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -4572,10 +4563,7 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -5027,6 +5015,12 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
else if (mp_iseven(mm)) {
err = MP_VAL;
}
else if (mp_iseven(pm)) {
err = MP_VAL;
}
else if (mp_iseven(qm)) {
err = MP_VAL;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
@ -5644,7 +5638,7 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -8951,10 +8945,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -9106,10 +9097,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -10028,10 +10016,7 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -10174,10 +10159,7 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -10629,6 +10611,12 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
else if (mp_iseven(mm)) {
err = MP_VAL;
}
else if (mp_iseven(pm)) {
err = MP_VAL;
}
else if (mp_iseven(qm)) {
err = MP_VAL;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
@ -11442,7 +11430,7 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -13805,10 +13793,7 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -13951,10 +13936,7 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -14407,6 +14389,12 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
else if (mp_iseven(mm)) {
err = MP_VAL;
}
else if (mp_iseven(pm)) {
err = MP_VAL;
}
else if (mp_iseven(qm)) {
err = MP_VAL;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
@ -15416,7 +15404,7 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
byte y;
int err = MP_OKAY;
if ((m[0] & 1) == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -18740,8 +18728,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
sp_256_mont_reduce_8(r->x, p256_mod, p256_mp_mod);
/* Reduce x to less than modulus */
n = sp_256_cmp_8(r->x, p256_mod);
sp_256_cond_sub_8(r->x, r->x, p256_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_256_cond_sub_8(r->x, r->x, p256_mod, ~(n >> 31));
sp_256_norm_8(r->x);
/* y /= z^3 */
@ -18750,8 +18737,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
sp_256_mont_reduce_8(r->y, p256_mod, p256_mp_mod);
/* Reduce y to less than modulus */
n = sp_256_cmp_8(r->y, p256_mod);
sp_256_cond_sub_8(r->y, r->y, p256_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_256_cond_sub_8(r->y, r->y, p256_mod, ~(n >> 31));
sp_256_norm_8(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -19406,7 +19392,8 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
/* Check double */
(void)sp_256_sub_8(ctx->t1, p256_mod, q->y);
sp_256_norm_8(ctx->t1);
if ((sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
(sp_256_cmp_equal_8(p->y, q->y) | sp_256_cmp_equal_8(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -19574,7 +19561,8 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
/* Check double */
(void)sp_256_sub_8(t1, p256_mod, q->y);
sp_256_norm_8(t1);
if ((sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
(sp_256_cmp_equal_8(p->y, q->y) | sp_256_cmp_equal_8(p->y, t1))) != 0) {
sp_256_proj_point_dbl_8(r, p, t);
}
@ -19607,7 +19595,8 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
sp_256_mont_sub_8(t2, t2, t1, p256_mod);
/* R = S2 - S1 */
sp_256_mont_sub_8(t4, t4, t3, p256_mod);
if (sp_256_iszero_8(t2) & sp_256_iszero_8(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_256_iszero_8(t2) & sp_256_iszero_8(t4) & maskt) {
sp_256_proj_point_dbl_8(r, p, t);
}
else {
@ -20049,7 +20038,8 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r, const sp_point_256* p,
/* Check double */
(void)sp_256_sub_8(t1, p256_mod, q->y);
sp_256_norm_8(t1);
if ((sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
(sp_256_cmp_equal_8(p->y, q->y) | sp_256_cmp_equal_8(p->y, t1))) != 0) {
sp_256_proj_point_dbl_8(r, p, t);
}
@ -26035,8 +26025,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
sp_384_mont_reduce_12(r->x, p384_mod, p384_mp_mod);
/* Reduce x to less than modulus */
n = sp_384_cmp_12(r->x, p384_mod);
sp_384_cond_sub_12(r->x, r->x, p384_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_384_cond_sub_12(r->x, r->x, p384_mod, ~(n >> 31));
sp_384_norm_12(r->x);
/* y /= z^3 */
@ -26045,8 +26034,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
sp_384_mont_reduce_12(r->y, p384_mod, p384_mp_mod);
/* Reduce y to less than modulus */
n = sp_384_cmp_12(r->y, p384_mod);
sp_384_cond_sub_12(r->y, r->y, p384_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_384_cond_sub_12(r->y, r->y, p384_mod, ~(n >> 31));
sp_384_norm_12(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -26511,7 +26499,8 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
/* Check double */
(void)sp_384_sub_12(ctx->t1, p384_mod, q->y);
sp_384_norm_12(ctx->t1);
if ((sp_384_cmp_equal_12(p->x, q->x) & sp_384_cmp_equal_12(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_384_cmp_equal_12(p->x, q->x) & sp_384_cmp_equal_12(p->z, q->z) &
(sp_384_cmp_equal_12(p->y, q->y) | sp_384_cmp_equal_12(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -26679,7 +26668,8 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
/* Check double */
(void)sp_384_sub_12(t1, p384_mod, q->y);
sp_384_norm_12(t1);
if ((sp_384_cmp_equal_12(p->x, q->x) & sp_384_cmp_equal_12(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_384_cmp_equal_12(p->x, q->x) & sp_384_cmp_equal_12(p->z, q->z) &
(sp_384_cmp_equal_12(p->y, q->y) | sp_384_cmp_equal_12(p->y, t1))) != 0) {
sp_384_proj_point_dbl_12(r, p, t);
}
@ -26712,7 +26702,8 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
sp_384_mont_sub_12(t2, t2, t1, p384_mod);
/* R = S2 - S1 */
sp_384_mont_sub_12(t4, t4, t3, p384_mod);
if (sp_384_iszero_12(t2) & sp_384_iszero_12(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_384_iszero_12(t2) & sp_384_iszero_12(t4) & maskt) {
sp_384_proj_point_dbl_12(r, p, t);
}
else {
@ -27178,7 +27169,8 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r, const sp_point_384* p,
/* Check double */
(void)sp_384_sub_12(t1, p384_mod, q->y);
sp_384_norm_12(t1);
if ((sp_384_cmp_equal_12(p->x, q->x) & sp_384_cmp_equal_12(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_384_cmp_equal_12(p->x, q->x) & sp_384_cmp_equal_12(p->z, q->z) &
(sp_384_cmp_equal_12(p->y, q->y) | sp_384_cmp_equal_12(p->y, t1))) != 0) {
sp_384_proj_point_dbl_12(r, p, t);
}
@ -33403,8 +33395,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
sp_521_mont_reduce_17(r->x, p521_mod, p521_mp_mod);
/* Reduce x to less than modulus */
n = sp_521_cmp_17(r->x, p521_mod);
sp_521_cond_sub_17(r->x, r->x, p521_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_521_cond_sub_17(r->x, r->x, p521_mod, ~(n >> 31));
sp_521_norm_17(r->x);
/* y /= z^3 */
@ -33413,8 +33404,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
sp_521_mont_reduce_17(r->y, p521_mod, p521_mp_mod);
/* Reduce y to less than modulus */
n = sp_521_cmp_17(r->y, p521_mod);
sp_521_cond_sub_17(r->y, r->y, p521_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_521_cond_sub_17(r->y, r->y, p521_mod, ~(n >> 31));
sp_521_norm_17(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -34204,7 +34194,8 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
/* Check double */
(void)sp_521_sub_17(ctx->t1, p521_mod, q->y);
sp_521_norm_17(ctx->t1);
if ((sp_521_cmp_equal_17(p->x, q->x) & sp_521_cmp_equal_17(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_521_cmp_equal_17(p->x, q->x) & sp_521_cmp_equal_17(p->z, q->z) &
(sp_521_cmp_equal_17(p->y, q->y) | sp_521_cmp_equal_17(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -34372,7 +34363,8 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
/* Check double */
(void)sp_521_sub_17(t1, p521_mod, q->y);
sp_521_norm_17(t1);
if ((sp_521_cmp_equal_17(p->x, q->x) & sp_521_cmp_equal_17(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_521_cmp_equal_17(p->x, q->x) & sp_521_cmp_equal_17(p->z, q->z) &
(sp_521_cmp_equal_17(p->y, q->y) | sp_521_cmp_equal_17(p->y, t1))) != 0) {
sp_521_proj_point_dbl_17(r, p, t);
}
@ -34405,7 +34397,8 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
sp_521_mont_sub_17(t2, t2, t1, p521_mod);
/* R = S2 - S1 */
sp_521_mont_sub_17(t4, t4, t3, p521_mod);
if (sp_521_iszero_17(t2) & sp_521_iszero_17(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_521_iszero_17(t2) & sp_521_iszero_17(t4) & maskt) {
sp_521_proj_point_dbl_17(r, p, t);
}
else {
@ -34905,7 +34898,8 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r, const sp_point_521* p,
/* Check double */
(void)sp_521_sub_17(t1, p521_mod, q->y);
sp_521_norm_17(t1);
if ((sp_521_cmp_equal_17(p->x, q->x) & sp_521_cmp_equal_17(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_521_cmp_equal_17(p->x, q->x) & sp_521_cmp_equal_17(p->z, q->z) &
(sp_521_cmp_equal_17(p->y, q->y) | sp_521_cmp_equal_17(p->y, t1))) != 0) {
sp_521_proj_point_dbl_17(r, p, t);
}
@ -42772,8 +42766,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
sp_1024_mont_reduce_32(r->x, p1024_mod, p1024_mp_mod);
/* Reduce x to less than modulus */
n = sp_1024_cmp_32(r->x, p1024_mod);
sp_1024_cond_sub_32(r->x, r->x, p1024_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_1024_cond_sub_32(r->x, r->x, p1024_mod, ~(n >> 31));
sp_1024_norm_32(r->x);
/* y /= z^3 */
@ -42782,8 +42775,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
sp_1024_mont_reduce_32(r->y, p1024_mod, p1024_mp_mod);
/* Reduce y to less than modulus */
n = sp_1024_cmp_32(r->y, p1024_mod);
sp_1024_cond_sub_32(r->y, r->y, p1024_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_1024_cond_sub_32(r->y, r->y, p1024_mod, ~(n >> 31));
sp_1024_norm_32(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -44212,7 +44204,8 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
/* Check double */
(void)sp_1024_sub_32(ctx->t1, p1024_mod, q->y);
sp_1024_norm_32(ctx->t1);
if ((sp_1024_cmp_equal_32(p->x, q->x) & sp_1024_cmp_equal_32(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_1024_cmp_equal_32(p->x, q->x) & sp_1024_cmp_equal_32(p->z, q->z) &
(sp_1024_cmp_equal_32(p->y, q->y) | sp_1024_cmp_equal_32(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -44380,7 +44373,8 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
/* Check double */
(void)sp_1024_mont_sub_32(t1, p1024_mod, q->y, p1024_mod);
sp_1024_norm_32(t1);
if ((sp_1024_cmp_equal_32(p->x, q->x) & sp_1024_cmp_equal_32(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_1024_cmp_equal_32(p->x, q->x) & sp_1024_cmp_equal_32(p->z, q->z) &
(sp_1024_cmp_equal_32(p->y, q->y) | sp_1024_cmp_equal_32(p->y, t1))) != 0) {
sp_1024_proj_point_dbl_32(r, p, t);
}
@ -44413,7 +44407,8 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
sp_1024_mont_sub_32(t2, t2, t1, p1024_mod);
/* R = S2 - S1 */
sp_1024_mont_sub_32(t4, t4, t3, p1024_mod);
if (sp_1024_iszero_32(t2) & sp_1024_iszero_32(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_1024_iszero_32(t2) & sp_1024_iszero_32(t4) & maskt) {
sp_1024_proj_point_dbl_32(r, p, t);
}
else {
@ -44743,7 +44738,8 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r, const sp_point_1024*
/* Check double */
(void)sp_1024_mont_sub_32(t1, p1024_mod, q->y, p1024_mod);
sp_1024_norm_32(t1);
if ((sp_1024_cmp_equal_32(p->x, q->x) & sp_1024_cmp_equal_32(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_1024_cmp_equal_32(p->x, q->x) & sp_1024_cmp_equal_32(p->z, q->z) &
(sp_1024_cmp_equal_32(p->y, q->y) | sp_1024_cmp_equal_32(p->y, t1))) != 0) {
sp_1024_proj_point_dbl_32(r, p, t);
}
@ -52905,8 +52901,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
sp_1024_mont_add_32(t1, t1, point->x, p1024_mod);
n = sp_1024_cmp_32(t1, p1024_mod);
sp_1024_cond_sub_32(t1, t1, p1024_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_1024_cond_sub_32(t1, t1, p1024_mod, ~(n >> 31));
sp_1024_norm_32(t1);
if (!sp_1024_iszero_32(t1)) {
err = MP_VAL;

227
wolfcrypt/src/sp_x86_64.c
View File

@ -491,10 +491,7 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e,
ASSERT_SAVED_VECTOR_REGISTERS();
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -723,10 +720,7 @@ static int sp_2048_mod_exp_avx2_16(sp_digit* r, const sp_digit* a, const sp_digi
ASSERT_SAVED_VECTOR_REGISTERS();
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -1216,10 +1210,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
ASSERT_SAVED_VECTOR_REGISTERS();
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -1483,10 +1474,7 @@ static int sp_2048_mod_exp_avx2_32(sp_digit* r, const sp_digit* a, const sp_digi
ASSERT_SAVED_VECTOR_REGISTERS();
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -2041,6 +2029,12 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
else if (mp_iseven(mm)) {
err = MP_VAL;
}
else if (mp_iseven(pm)) {
err = MP_VAL;
}
else if (mp_iseven(qm)) {
err = MP_VAL;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
@ -2330,7 +2324,7 @@ static int sp_2048_mod_exp_2_avx2_32(sp_digit* r, const sp_digit* e, int bits,
ASSERT_SAVED_VECTOR_REGISTERS();
if ((m[0] & 1) == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -2469,7 +2463,7 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits,
ASSERT_SAVED_VECTOR_REGISTERS();
if ((m[0] & 1) == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -3211,10 +3205,7 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e,
ASSERT_SAVED_VECTOR_REGISTERS();
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -3443,10 +3434,7 @@ static int sp_3072_mod_exp_avx2_24(sp_digit* r, const sp_digit* a, const sp_digi
ASSERT_SAVED_VECTOR_REGISTERS();
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -3936,10 +3924,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
ASSERT_SAVED_VECTOR_REGISTERS();
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -4151,10 +4136,7 @@ static int sp_3072_mod_exp_avx2_48(sp_digit* r, const sp_digit* a, const sp_digi
ASSERT_SAVED_VECTOR_REGISTERS();
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -4657,6 +4639,12 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
else if (mp_iseven(mm)) {
err = MP_VAL;
}
else if (mp_iseven(pm)) {
err = MP_VAL;
}
else if (mp_iseven(qm)) {
err = MP_VAL;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
@ -4946,7 +4934,7 @@ static int sp_3072_mod_exp_2_avx2_48(sp_digit* r, const sp_digit* e, int bits,
ASSERT_SAVED_VECTOR_REGISTERS();
if ((m[0] & 1) == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -5085,7 +5073,7 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits,
ASSERT_SAVED_VECTOR_REGISTERS();
if ((m[0] & 1) == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -5898,10 +5886,7 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
ASSERT_SAVED_VECTOR_REGISTERS();
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -6113,10 +6098,7 @@ static int sp_4096_mod_exp_avx2_64(sp_digit* r, const sp_digit* a, const sp_digi
ASSERT_SAVED_VECTOR_REGISTERS();
if ((m[0] & 1) == 0) {
err = MP_VAL;
}
else if (bits == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -6619,6 +6601,12 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
else if (mp_iseven(mm)) {
err = MP_VAL;
}
else if (mp_iseven(pm)) {
err = MP_VAL;
}
else if (mp_iseven(qm)) {
err = MP_VAL;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
@ -6908,7 +6896,7 @@ static int sp_4096_mod_exp_2_avx2_64(sp_digit* r, const sp_digit* e, int bits,
ASSERT_SAVED_VECTOR_REGISTERS();
if ((m[0] & 1) == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -7047,7 +7035,7 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
ASSERT_SAVED_VECTOR_REGISTERS();
if ((m[0] & 1) == 0) {
if (bits == 0) {
err = MP_VAL;
}
@ -7755,8 +7743,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p,
sp_256_mont_reduce_4(r->x, p256_mod, p256_mp_mod);
/* Reduce x to less than modulus */
n = sp_256_cmp_4(r->x, p256_mod);
sp_256_cond_sub_4(r->x, r->x, p256_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_256_cond_sub_4(r->x, r->x, p256_mod, ~(n >> 63));
sp_256_norm_4(r->x);
/* y /= z^3 */
@ -7765,8 +7752,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p,
sp_256_mont_reduce_4(r->y, p256_mod, p256_mp_mod);
/* Reduce y to less than modulus */
n = sp_256_cmp_4(r->y, p256_mod);
sp_256_cond_sub_4(r->y, r->y, p256_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_256_cond_sub_4(r->y, r->y, p256_mod, ~(n >> 63));
sp_256_norm_4(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -8149,7 +8135,8 @@ static int sp_256_proj_point_add_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
/* Check double */
(void)sp_256_sub_4(ctx->t1, p256_mod, q->y);
sp_256_norm_4(ctx->t1);
if ((sp_256_cmp_equal_4(p->x, q->x) & sp_256_cmp_equal_4(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_256_cmp_equal_4(p->x, q->x) & sp_256_cmp_equal_4(p->z, q->z) &
(sp_256_cmp_equal_4(p->y, q->y) | sp_256_cmp_equal_4(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -8317,7 +8304,8 @@ static void sp_256_proj_point_add_4(sp_point_256* r,
/* Check double */
(void)sp_256_sub_4(t1, p256_mod, q->y);
sp_256_norm_4(t1);
if ((sp_256_cmp_equal_4(p->x, q->x) & sp_256_cmp_equal_4(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_256_cmp_equal_4(p->x, q->x) & sp_256_cmp_equal_4(p->z, q->z) &
(sp_256_cmp_equal_4(p->y, q->y) | sp_256_cmp_equal_4(p->y, t1))) != 0) {
sp_256_proj_point_dbl_4(r, p, t);
}
@ -8350,7 +8338,8 @@ static void sp_256_proj_point_add_4(sp_point_256* r,
sp_256_mont_sub_4(t2, t2, t1, p256_mod);
/* R = S2 - S1 */
sp_256_mont_sub_4(t4, t4, t3, p256_mod);
if (sp_256_iszero_4(t2) & sp_256_iszero_4(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_256_iszero_4(t2) & sp_256_iszero_4(t4) & maskt) {
sp_256_proj_point_dbl_4(r, p, t);
}
else {
@ -8876,8 +8865,7 @@ static void sp_256_map_avx2_4(sp_point_256* r, const sp_point_256* p,
sp_256_mont_reduce_avx2_4(r->x, p256_mod, p256_mp_mod);
/* Reduce x to less than modulus */
n = sp_256_cmp_4(r->x, p256_mod);
sp_256_cond_sub_4(r->x, r->x, p256_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_256_cond_sub_4(r->x, r->x, p256_mod, ~(n >> 63));
sp_256_norm_4(r->x);
/* y /= z^3 */
@ -8886,8 +8874,7 @@ static void sp_256_map_avx2_4(sp_point_256* r, const sp_point_256* p,
sp_256_mont_reduce_avx2_4(r->y, p256_mod, p256_mp_mod);
/* Reduce y to less than modulus */
n = sp_256_cmp_4(r->y, p256_mod);
sp_256_cond_sub_avx2_4(r->y, r->y, p256_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_256_cond_sub_avx2_4(r->y, r->y, p256_mod, ~(n >> 63));
sp_256_norm_4(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -9246,7 +9233,8 @@ static int sp_256_proj_point_add_avx2_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r
/* Check double */
(void)sp_256_sub_avx2_4(ctx->t1, p256_mod, q->y);
sp_256_norm_avx2_4(ctx->t1);
if ((sp_256_cmp_equal_avx2_4(p->x, q->x) & sp_256_cmp_equal_avx2_4(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_256_cmp_equal_avx2_4(p->x, q->x) & sp_256_cmp_equal_avx2_4(p->z, q->z) &
(sp_256_cmp_equal_avx2_4(p->y, q->y) | sp_256_cmp_equal_avx2_4(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -9414,7 +9402,8 @@ static void sp_256_proj_point_add_avx2_4(sp_point_256* r,
/* Check double */
(void)sp_256_sub_4(t1, p256_mod, q->y);
sp_256_norm_4(t1);
if ((sp_256_cmp_equal_4(p->x, q->x) & sp_256_cmp_equal_4(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_256_cmp_equal_4(p->x, q->x) & sp_256_cmp_equal_4(p->z, q->z) &
(sp_256_cmp_equal_4(p->y, q->y) | sp_256_cmp_equal_4(p->y, t1))) != 0) {
sp_256_proj_point_dbl_avx2_4(r, p, t);
}
@ -9447,7 +9436,8 @@ static void sp_256_proj_point_add_avx2_4(sp_point_256* r,
sp_256_mont_sub_avx2_4(t2, t2, t1, p256_mod);
/* R = S2 - S1 */
sp_256_mont_sub_avx2_4(t4, t4, t3, p256_mod);
if (sp_256_iszero_4(t2) & sp_256_iszero_4(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_256_iszero_4(t2) & sp_256_iszero_4(t4) & maskt) {
sp_256_proj_point_dbl_avx2_4(r, p, t);
}
else {
@ -9811,7 +9801,8 @@ static void sp_256_proj_point_add_qz1_4(sp_point_256* r, const sp_point_256* p,
/* Check double */
(void)sp_256_sub_4(t1, p256_mod, q->y);
sp_256_norm_4(t1);
if ((sp_256_cmp_equal_4(p->x, q->x) & sp_256_cmp_equal_4(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_256_cmp_equal_4(p->x, q->x) & sp_256_cmp_equal_4(p->z, q->z) &
(sp_256_cmp_equal_4(p->y, q->y) | sp_256_cmp_equal_4(p->y, t1))) != 0) {
sp_256_proj_point_dbl_4(r, p, t);
}
@ -10270,7 +10261,8 @@ static void sp_256_proj_point_add_qz1_avx2_4(sp_point_256* r, const sp_point_256
/* Check double */
(void)sp_256_sub_4(t1, p256_mod, q->y);
sp_256_norm_4(t1);
if ((sp_256_cmp_equal_4(p->x, q->x) & sp_256_cmp_equal_4(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_256_cmp_equal_4(p->x, q->x) & sp_256_cmp_equal_4(p->z, q->z) &
(sp_256_cmp_equal_4(p->y, q->y) | sp_256_cmp_equal_4(p->y, t1))) != 0) {
sp_256_proj_point_dbl_avx2_4(r, p, t);
}
@ -26499,8 +26491,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p,
sp_384_mont_reduce_6(r->x, p384_mod, p384_mp_mod);
/* Reduce x to less than modulus */
n = sp_384_cmp_6(r->x, p384_mod);
sp_384_cond_sub_6(r->x, r->x, p384_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_384_cond_sub_6(r->x, r->x, p384_mod, ~(n >> 63));
sp_384_norm_6(r->x);
/* y /= z^3 */
@ -26509,8 +26500,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p,
sp_384_mont_reduce_6(r->y, p384_mod, p384_mp_mod);
/* Reduce y to less than modulus */
n = sp_384_cmp_6(r->y, p384_mod);
sp_384_cond_sub_6(r->y, r->y, p384_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_384_cond_sub_6(r->y, r->y, p384_mod, ~(n >> 63));
sp_384_norm_6(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -26897,7 +26887,8 @@ static int sp_384_proj_point_add_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
/* Check double */
(void)sp_384_sub_6(ctx->t1, p384_mod, q->y);
sp_384_norm_6(ctx->t1);
if ((sp_384_cmp_equal_6(p->x, q->x) & sp_384_cmp_equal_6(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_384_cmp_equal_6(p->x, q->x) & sp_384_cmp_equal_6(p->z, q->z) &
(sp_384_cmp_equal_6(p->y, q->y) | sp_384_cmp_equal_6(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -27065,7 +27056,8 @@ static void sp_384_proj_point_add_6(sp_point_384* r,
/* Check double */
(void)sp_384_sub_6(t1, p384_mod, q->y);
sp_384_norm_6(t1);
if ((sp_384_cmp_equal_6(p->x, q->x) & sp_384_cmp_equal_6(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_384_cmp_equal_6(p->x, q->x) & sp_384_cmp_equal_6(p->z, q->z) &
(sp_384_cmp_equal_6(p->y, q->y) | sp_384_cmp_equal_6(p->y, t1))) != 0) {
sp_384_proj_point_dbl_6(r, p, t);
}
@ -27098,7 +27090,8 @@ static void sp_384_proj_point_add_6(sp_point_384* r,
sp_384_mont_sub_6(t2, t2, t1, p384_mod);
/* R = S2 - S1 */
sp_384_mont_sub_6(t4, t4, t3, p384_mod);
if (sp_384_iszero_6(t2) & sp_384_iszero_6(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_384_iszero_6(t2) & sp_384_iszero_6(t4) & maskt) {
sp_384_proj_point_dbl_6(r, p, t);
}
else {
@ -27676,8 +27669,7 @@ static void sp_384_map_avx2_6(sp_point_384* r, const sp_point_384* p,
sp_384_mont_reduce_avx2_6(r->x, p384_mod, p384_mp_mod);
/* Reduce x to less than modulus */
n = sp_384_cmp_6(r->x, p384_mod);
sp_384_cond_sub_6(r->x, r->x, p384_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_384_cond_sub_6(r->x, r->x, p384_mod, ~(n >> 63));
sp_384_norm_6(r->x);
/* y /= z^3 */
@ -27686,8 +27678,7 @@ static void sp_384_map_avx2_6(sp_point_384* r, const sp_point_384* p,
sp_384_mont_reduce_avx2_6(r->y, p384_mod, p384_mp_mod);
/* Reduce y to less than modulus */
n = sp_384_cmp_6(r->y, p384_mod);
sp_384_cond_sub_avx2_6(r->y, r->y, p384_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_384_cond_sub_avx2_6(r->y, r->y, p384_mod, ~(n >> 63));
sp_384_norm_6(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -28050,7 +28041,8 @@ static int sp_384_proj_point_add_avx2_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r
/* Check double */
(void)sp_384_sub_avx2_6(ctx->t1, p384_mod, q->y);
sp_384_norm_avx2_6(ctx->t1);
if ((sp_384_cmp_equal_avx2_6(p->x, q->x) & sp_384_cmp_equal_avx2_6(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_384_cmp_equal_avx2_6(p->x, q->x) & sp_384_cmp_equal_avx2_6(p->z, q->z) &
(sp_384_cmp_equal_avx2_6(p->y, q->y) | sp_384_cmp_equal_avx2_6(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -28218,7 +28210,8 @@ static void sp_384_proj_point_add_avx2_6(sp_point_384* r,
/* Check double */
(void)sp_384_sub_6(t1, p384_mod, q->y);
sp_384_norm_6(t1);
if ((sp_384_cmp_equal_6(p->x, q->x) & sp_384_cmp_equal_6(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_384_cmp_equal_6(p->x, q->x) & sp_384_cmp_equal_6(p->z, q->z) &
(sp_384_cmp_equal_6(p->y, q->y) | sp_384_cmp_equal_6(p->y, t1))) != 0) {
sp_384_proj_point_dbl_avx2_6(r, p, t);
}
@ -28251,7 +28244,8 @@ static void sp_384_proj_point_add_avx2_6(sp_point_384* r,
sp_384_mont_sub_avx2_6(t2, t2, t1, p384_mod);
/* R = S2 - S1 */
sp_384_mont_sub_avx2_6(t4, t4, t3, p384_mod);
if (sp_384_iszero_6(t2) & sp_384_iszero_6(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_384_iszero_6(t2) & sp_384_iszero_6(t4) & maskt) {
sp_384_proj_point_dbl_avx2_6(r, p, t);
}
else {
@ -28619,7 +28613,8 @@ static void sp_384_proj_point_add_qz1_6(sp_point_384* r, const sp_point_384* p,
/* Check double */
(void)sp_384_sub_6(t1, p384_mod, q->y);
sp_384_norm_6(t1);
if ((sp_384_cmp_equal_6(p->x, q->x) & sp_384_cmp_equal_6(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_384_cmp_equal_6(p->x, q->x) & sp_384_cmp_equal_6(p->z, q->z) &
(sp_384_cmp_equal_6(p->y, q->y) | sp_384_cmp_equal_6(p->y, t1))) != 0) {
sp_384_proj_point_dbl_6(r, p, t);
}
@ -29079,7 +29074,8 @@ static void sp_384_proj_point_add_qz1_avx2_6(sp_point_384* r, const sp_point_384
/* Check double */
(void)sp_384_sub_6(t1, p384_mod, q->y);
sp_384_norm_6(t1);
if ((sp_384_cmp_equal_6(p->x, q->x) & sp_384_cmp_equal_6(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_384_cmp_equal_6(p->x, q->x) & sp_384_cmp_equal_6(p->z, q->z) &
(sp_384_cmp_equal_6(p->y, q->y) | sp_384_cmp_equal_6(p->y, t1))) != 0) {
sp_384_proj_point_dbl_avx2_6(r, p, t);
}
@ -51011,8 +51007,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
sp_521_mont_reduce_9(r->x, p521_mod, p521_mp_mod);
/* Reduce x to less than modulus */
n = sp_521_cmp_9(r->x, p521_mod);
sp_521_cond_sub_9(r->x, r->x, p521_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 63));
sp_521_norm_9(r->x);
/* y /= z^3 */
@ -51021,8 +51016,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
sp_521_mont_reduce_9(r->y, p521_mod, p521_mp_mod);
/* Reduce y to less than modulus */
n = sp_521_cmp_9(r->y, p521_mod);
sp_521_cond_sub_9(r->y, r->y, p521_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_521_cond_sub_9(r->y, r->y, p521_mod, ~(n >> 63));
sp_521_norm_9(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -51411,7 +51405,8 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
/* Check double */
(void)sp_521_sub_9(ctx->t1, p521_mod, q->y);
sp_521_norm_9(ctx->t1);
if ((sp_521_cmp_equal_9(p->x, q->x) & sp_521_cmp_equal_9(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_521_cmp_equal_9(p->x, q->x) & sp_521_cmp_equal_9(p->z, q->z) &
(sp_521_cmp_equal_9(p->y, q->y) | sp_521_cmp_equal_9(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -51579,7 +51574,8 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
/* Check double */
(void)sp_521_sub_9(t1, p521_mod, q->y);
sp_521_norm_9(t1);
if ((sp_521_cmp_equal_9(p->x, q->x) & sp_521_cmp_equal_9(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_521_cmp_equal_9(p->x, q->x) & sp_521_cmp_equal_9(p->z, q->z) &
(sp_521_cmp_equal_9(p->y, q->y) | sp_521_cmp_equal_9(p->y, t1))) != 0) {
sp_521_proj_point_dbl_9(r, p, t);
}
@ -51612,7 +51608,8 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
sp_521_mont_sub_9(t2, t2, t1, p521_mod);
/* R = S2 - S1 */
sp_521_mont_sub_9(t4, t4, t3, p521_mod);
if (sp_521_iszero_9(t2) & sp_521_iszero_9(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_521_iszero_9(t2) & sp_521_iszero_9(t4) & maskt) {
sp_521_proj_point_dbl_9(r, p, t);
}
else {
@ -52155,8 +52152,7 @@ static void sp_521_map_avx2_9(sp_point_521* r, const sp_point_521* p,
sp_521_mont_reduce_avx2_9(r->x, p521_mod, p521_mp_mod);
/* Reduce x to less than modulus */
n = sp_521_cmp_9(r->x, p521_mod);
sp_521_cond_sub_9(r->x, r->x, p521_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 63));
sp_521_norm_9(r->x);
/* y /= z^3 */
@ -52165,8 +52161,7 @@ static void sp_521_map_avx2_9(sp_point_521* r, const sp_point_521* p,
sp_521_mont_reduce_avx2_9(r->y, p521_mod, p521_mp_mod);
/* Reduce y to less than modulus */
n = sp_521_cmp_9(r->y, p521_mod);
sp_521_cond_sub_avx2_9(r->y, r->y, p521_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_521_cond_sub_avx2_9(r->y, r->y, p521_mod, ~(n >> 63));
sp_521_norm_9(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -52529,7 +52524,8 @@ static int sp_521_proj_point_add_avx2_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r
/* Check double */
(void)sp_521_sub_avx2_9(ctx->t1, p521_mod, q->y);
sp_521_norm_avx2_9(ctx->t1);
if ((sp_521_cmp_equal_avx2_9(p->x, q->x) & sp_521_cmp_equal_avx2_9(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_521_cmp_equal_avx2_9(p->x, q->x) & sp_521_cmp_equal_avx2_9(p->z, q->z) &
(sp_521_cmp_equal_avx2_9(p->y, q->y) | sp_521_cmp_equal_avx2_9(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -52697,7 +52693,8 @@ static void sp_521_proj_point_add_avx2_9(sp_point_521* r,
/* Check double */
(void)sp_521_sub_9(t1, p521_mod, q->y);
sp_521_norm_9(t1);
if ((sp_521_cmp_equal_9(p->x, q->x) & sp_521_cmp_equal_9(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_521_cmp_equal_9(p->x, q->x) & sp_521_cmp_equal_9(p->z, q->z) &
(sp_521_cmp_equal_9(p->y, q->y) | sp_521_cmp_equal_9(p->y, t1))) != 0) {
sp_521_proj_point_dbl_avx2_9(r, p, t);
}
@ -52730,7 +52727,8 @@ static void sp_521_proj_point_add_avx2_9(sp_point_521* r,
sp_521_mont_sub_avx2_9(t2, t2, t1, p521_mod);
/* R = S2 - S1 */
sp_521_mont_sub_avx2_9(t4, t4, t3, p521_mod);
if (sp_521_iszero_9(t2) & sp_521_iszero_9(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_521_iszero_9(t2) & sp_521_iszero_9(t4) & maskt) {
sp_521_proj_point_dbl_avx2_9(r, p, t);
}
else {
@ -53098,7 +53096,8 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r, const sp_point_521* p,
/* Check double */
(void)sp_521_sub_9(t1, p521_mod, q->y);
sp_521_norm_9(t1);
if ((sp_521_cmp_equal_9(p->x, q->x) & sp_521_cmp_equal_9(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_521_cmp_equal_9(p->x, q->x) & sp_521_cmp_equal_9(p->z, q->z) &
(sp_521_cmp_equal_9(p->y, q->y) | sp_521_cmp_equal_9(p->y, t1))) != 0) {
sp_521_proj_point_dbl_9(r, p, t);
}
@ -53558,7 +53557,8 @@ static void sp_521_proj_point_add_qz1_avx2_9(sp_point_521* r, const sp_point_521
/* Check double */
(void)sp_521_sub_9(t1, p521_mod, q->y);
sp_521_norm_9(t1);
if ((sp_521_cmp_equal_9(p->x, q->x) & sp_521_cmp_equal_9(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_521_cmp_equal_9(p->x, q->x) & sp_521_cmp_equal_9(p->z, q->z) &
(sp_521_cmp_equal_9(p->y, q->y) | sp_521_cmp_equal_9(p->y, t1))) != 0) {
sp_521_proj_point_dbl_avx2_9(r, p, t);
}
@ -91834,8 +91834,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p,
sp_1024_mont_reduce_16(r->x, p1024_mod, p1024_mp_mod);
/* Reduce x to less than modulus */
n = sp_1024_cmp_16(r->x, p1024_mod);
sp_1024_cond_sub_16(r->x, r->x, p1024_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_1024_cond_sub_16(r->x, r->x, p1024_mod, ~(n >> 63));
sp_1024_norm_16(r->x);
/* y /= z^3 */
@ -91844,8 +91843,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p,
sp_1024_mont_reduce_16(r->y, p1024_mod, p1024_mp_mod);
/* Reduce y to less than modulus */
n = sp_1024_cmp_16(r->y, p1024_mod);
sp_1024_cond_sub_16(r->y, r->y, p1024_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_1024_cond_sub_16(r->y, r->y, p1024_mod, ~(n >> 63));
sp_1024_norm_16(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -92238,7 +92236,8 @@ static int sp_1024_proj_point_add_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
/* Check double */
(void)sp_1024_sub_16(ctx->t1, p1024_mod, q->y);
sp_1024_norm_16(ctx->t1);
if ((sp_1024_cmp_equal_16(p->x, q->x) & sp_1024_cmp_equal_16(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_1024_cmp_equal_16(p->x, q->x) & sp_1024_cmp_equal_16(p->z, q->z) &
(sp_1024_cmp_equal_16(p->y, q->y) | sp_1024_cmp_equal_16(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -92406,7 +92405,8 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r,
/* Check double */
(void)sp_1024_mont_sub_16(t1, p1024_mod, q->y, p1024_mod);
sp_1024_norm_16(t1);
if ((sp_1024_cmp_equal_16(p->x, q->x) & sp_1024_cmp_equal_16(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_1024_cmp_equal_16(p->x, q->x) & sp_1024_cmp_equal_16(p->z, q->z) &
(sp_1024_cmp_equal_16(p->y, q->y) | sp_1024_cmp_equal_16(p->y, t1))) != 0) {
sp_1024_proj_point_dbl_16(r, p, t);
}
@ -92439,7 +92439,8 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r,
sp_1024_mont_sub_16(t2, t2, t1, p1024_mod);
/* R = S2 - S1 */
sp_1024_mont_sub_16(t4, t4, t3, p1024_mod);
if (sp_1024_iszero_16(t2) & sp_1024_iszero_16(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_1024_iszero_16(t2) & sp_1024_iszero_16(t4) & maskt) {
sp_1024_proj_point_dbl_16(r, p, t);
}
else {
@ -92955,8 +92956,7 @@ static void sp_1024_map_avx2_16(sp_point_1024* r, const sp_point_1024* p,
sp_1024_mont_reduce_avx2_16(r->x, p1024_mod, p1024_mp_mod);
/* Reduce x to less than modulus */
n = sp_1024_cmp_16(r->x, p1024_mod);
sp_1024_cond_sub_16(r->x, r->x, p1024_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_1024_cond_sub_16(r->x, r->x, p1024_mod, ~(n >> 63));
sp_1024_norm_16(r->x);
/* y /= z^3 */
@ -92965,8 +92965,7 @@ static void sp_1024_map_avx2_16(sp_point_1024* r, const sp_point_1024* p,
sp_1024_mont_reduce_avx2_16(r->y, p1024_mod, p1024_mp_mod);
/* Reduce y to less than modulus */
n = sp_1024_cmp_16(r->y, p1024_mod);
sp_1024_cond_sub_avx2_16(r->y, r->y, p1024_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_1024_cond_sub_avx2_16(r->y, r->y, p1024_mod, ~(n >> 63));
sp_1024_norm_16(r->y);
XMEMSET(r->z, 0, sizeof(r->z) / 2);
@ -93329,7 +93328,8 @@ static int sp_1024_proj_point_add_avx2_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024
/* Check double */
(void)sp_1024_sub_avx2_16(ctx->t1, p1024_mod, q->y);
sp_1024_norm_avx2_16(ctx->t1);
if ((sp_1024_cmp_equal_avx2_16(p->x, q->x) & sp_1024_cmp_equal_avx2_16(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_1024_cmp_equal_avx2_16(p->x, q->x) & sp_1024_cmp_equal_avx2_16(p->z, q->z) &
(sp_1024_cmp_equal_avx2_16(p->y, q->y) | sp_1024_cmp_equal_avx2_16(p->y, ctx->t1))) != 0)
{
XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
@ -93497,7 +93497,8 @@ static void sp_1024_proj_point_add_avx2_16(sp_point_1024* r,
/* Check double */
(void)sp_1024_mont_sub_avx2_16(t1, p1024_mod, q->y, p1024_mod);
sp_1024_norm_16(t1);
if ((sp_1024_cmp_equal_16(p->x, q->x) & sp_1024_cmp_equal_16(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_1024_cmp_equal_16(p->x, q->x) & sp_1024_cmp_equal_16(p->z, q->z) &
(sp_1024_cmp_equal_16(p->y, q->y) | sp_1024_cmp_equal_16(p->y, t1))) != 0) {
sp_1024_proj_point_dbl_avx2_16(r, p, t);
}
@ -93530,7 +93531,8 @@ static void sp_1024_proj_point_add_avx2_16(sp_point_1024* r,
sp_1024_mont_sub_avx2_16(t2, t2, t1, p1024_mod);
/* R = S2 - S1 */
sp_1024_mont_sub_avx2_16(t4, t4, t3, p1024_mod);
if (sp_1024_iszero_16(t2) & sp_1024_iszero_16(t4) & maskt) {
if (~p->infinity & ~q->infinity &
sp_1024_iszero_16(t2) & sp_1024_iszero_16(t4) & maskt) {
sp_1024_proj_point_dbl_avx2_16(r, p, t);
}
else {
@ -93902,7 +93904,8 @@ static void sp_1024_proj_point_add_qz1_16(sp_point_1024* r, const sp_point_1024*
/* Check double */
(void)sp_1024_mont_sub_16(t1, p1024_mod, q->y, p1024_mod);
sp_1024_norm_16(t1);
if ((sp_1024_cmp_equal_16(p->x, q->x) & sp_1024_cmp_equal_16(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_1024_cmp_equal_16(p->x, q->x) & sp_1024_cmp_equal_16(p->z, q->z) &
(sp_1024_cmp_equal_16(p->y, q->y) | sp_1024_cmp_equal_16(p->y, t1))) != 0) {
sp_1024_proj_point_dbl_16(r, p, t);
}
@ -94343,7 +94346,8 @@ static void sp_1024_proj_point_add_qz1_avx2_16(sp_point_1024* r, const sp_point_
/* Check double */
(void)sp_1024_mont_sub_avx2_16(t1, p1024_mod, q->y, p1024_mod);
sp_1024_norm_16(t1);
if ((sp_1024_cmp_equal_16(p->x, q->x) & sp_1024_cmp_equal_16(p->z, q->z) &
if ((~p->infinity & ~q->infinity &
sp_1024_cmp_equal_16(p->x, q->x) & sp_1024_cmp_equal_16(p->z, q->z) &
(sp_1024_cmp_equal_16(p->y, q->y) | sp_1024_cmp_equal_16(p->y, t1))) != 0) {
sp_1024_proj_point_dbl_avx2_16(r, p, t);
}
@ -103359,8 +103363,7 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point,
sp_1024_mont_add_16(t1, t1, point->x, p1024_mod);
n = sp_1024_cmp_16(t1, p1024_mod);
sp_1024_cond_sub_16(t1, t1, p1024_mod, 0 - ((n >= 0) ?
(sp_digit)1 : (sp_digit)0));
sp_1024_cond_sub_16(t1, t1, p1024_mod, ~(n >> 63));
sp_1024_norm_16(t1);
if (!sp_1024_iszero_16(t1)) {
err = MP_VAL;