-
Notifications
You must be signed in to change notification settings - Fork 121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
P-384/521 fallback to small implementation when OPENSSL_SMALL is set #984
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the size of libcrypto before/after this cahnge? Have you checked that EC_GFp_nistp521_method/EC_GFp_nistp384_method are not in the final library when SMALL is set?
good point, I actually didn't guard the implementation in The |
@@ -130,12 +130,19 @@ TEST(ECDHTest, TestVectors) { | |||
}); | |||
} | |||
|
|||
static int has_uint128_and_not_small() { | |||
// Returns 1 if the curve defined by |nid| is using Montgomery representation |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The comment in
aws-lc/crypto/ecdh_extra/ecdh_test.cc
Lines 180 to 185 in adea0db
// The following call converts the point to Montgomery form for P-256/384. | |
// For P-224, when the functions from simple.c are used, i.e. when | |
// group->meth = EC_GFp_nistp224_method, the coordinate representation | |
// is not changed. This is determined based on compile flags in ec.c | |
// that are also used below in has_uint128_and_not_small(). | |
// For P-521, the plain non-Motgomery representation is always used. |
// The following call converts the point to Montgomery form for P-256/384.
// For P-224, when the functions from simple.c are used, i.e. when
// group->meth = EC_GFp_nistp224_method, the coordinate representation
// is not changed. This is determined based on compilation flags in ec.c
// that are duplicated below in is_curve_using_mont_felem_impl().
// For P-521, the plain non-Motgomery representation is always used also except for
// the flag used in the same function.
Or feel free to edit it to make it clearer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed.
static int has_uint128_and_not_small() { | ||
// Returns 1 if the curve defined by |nid| is using Montgomery representation | ||
// for field elements (based on the build configuration). Returns 0 otherwise. | ||
static int is_curve_using_mont_felem_impl(int nid) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same comment on
aws-lc/crypto/fipsmodule/ec/ec_test.cc
Lines 1891 to 1896 in adea0db
// The following call converts the point to Montgomery form for P-256/384. | |
// For P-224, when the functions from simple.c are used, i.e. when | |
// group->meth = EC_GFp_nistp224_method, the coordinate representation | |
// is not changed. This is determined based on compile flags in ec.c | |
// that are also used below in has_uint128_and_not_small(). | |
// For P-521, the plain non-Motgomery representation is always used. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed.
crypto/fipsmodule/ec/p384.c
Outdated
@@ -30,7 +32,7 @@ | |||
// #define p384_felem_add(out, in0, in1) bignum_add_p384(out, in0, in1) | |||
// when s2n-bignum is used. | |||
// | |||
#if !defined(OPENSSL_NO_ASM) && \ | |||
#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_SMALL) && \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this check now a duplicate?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, removed it.
Co-authored-by: Nevine Ebeid <66388554+nebeid@users.noreply.github.com>
Co-authored-by: Nevine Ebeid <66388554+nebeid@users.noreply.github.com>
Issues:
N/A
Description of changes:
We should use the generic
EC_GFp_mont_method
for P-384/521 when OPENSSL_SMALL flag is defined.Call-outs:
Point out areas that need special attention or support during the review process. Discuss architecture or design changes.
Testing:
How is this change tested (unit tests, fuzz tests, etc.)? Are there any testing steps to be verified by the reviewer?
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and
the ISC license.