From 27947123c9f17deac005b2afd265e38903349918 Mon Sep 17 00:00:00 2001
From: Amitay Isaacs <amitay@ozlabs.org>
Date: Tue, 19 Jan 2021 14:14:25 +1100
Subject: curve448: Integrate 64-bit reference implementation

Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
---
 crypto/ec/build.info                | 8 +++++++-
 crypto/ec/curve448/arch_64/f_impl.c | 2 +-
 crypto/ec/curve448/field.h          | 9 +++++++--
 crypto/ec/curve448/word.h           | 7 ++++++-
 4 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/crypto/ec/build.info b/crypto/ec/build.info
index f6d8283649..e4c8cf6d82 100644
--- a/crypto/ec/build.info
+++ b/crypto/ec/build.info
@@ -48,10 +48,16 @@ $COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
         ec2_smpl.c ec_deprecated.c \
         ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c \
         ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \
-        curve448/arch_32/f_impl.c curve448/f_generic.c curve448/scalar.c \
+        curve448/f_generic.c curve448/scalar.c \
         curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \
         $ECASM ec_backend.c ecx_backend.c ecdh_kdf.c
 
+IF[{- $config{'use_int128'} eq "1" -}]
+  $COMMON=$COMMON curve448/arch_64/f_impl.c
+ELSE
+  $COMMON=$COMMON curve448/arch_32/f_impl.c
+ENDIF
+
 IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}]
   $COMMON=$COMMON ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c
 ENDIF
diff --git a/crypto/ec/curve448/arch_64/f_impl.c b/crypto/ec/curve448/arch_64/f_impl.c
index 955f723419..2b428cd686 100644
--- a/crypto/ec/curve448/arch_64/f_impl.c
+++ b/crypto/ec/curve448/arch_64/f_impl.c
@@ -10,7 +10,7 @@
  * Originally written by Mike Hamburg
  */
 
-#include "field.h"
+#include "../field.h"
 
 void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs)
 {
diff --git a/crypto/ec/curve448/field.h b/crypto/ec/curve448/field.h
index 71349e45a1..4f69c0bdd8 100644
--- a/crypto/ec/curve448/field.h
+++ b/crypto/ec/curve448/field.h
@@ -66,10 +66,15 @@ void gf_serialize(uint8_t *serial, const gf x, int with_highbit);
 mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit,
                       uint8_t hi_nmask);
 
-# include "arch_32/f_impl.h"    /* Bring in the inline implementations */
 
 # define LIMBPERM(i) (i)
-# define LIMB_MASK(i) (((1)<<LIMB_PLACE_VALUE(i))-1)
+# if (ARCH_WORD_BITS == 32)
+#  include "arch_32/f_impl.h"    /* Bring in the inline implementations */
+#  define LIMB_MASK(i) (((1)<<LIMB_PLACE_VALUE(i))-1)
+# elif (ARCH_WORD_BITS == 64)
+#  include "arch_64/f_impl.h"    /* Bring in the inline implementations */
+#  define LIMB_MASK(i) (((1ULL)<<LIMB_PLACE_VALUE(i))-1)
+# endif
 
 static const gf ZERO = {{{0}}}, ONE = {{{1}}};
 
diff --git a/crypto/ec/curve448/word.h b/crypto/ec/curve448/word.h
index 06555cf329..f94f086fa9 100644
--- a/crypto/ec/curve448/word.h
+++ b/crypto/ec/curve448/word.h
@@ -17,9 +17,14 @@
 # include <assert.h>
 # include <stdlib.h>
 # include <openssl/e_os2.h>
-# include "arch_32/arch_intrinsics.h"
 # include "curve448utils.h"
 
+# ifdef INT128_MAX
+#  include "arch_64/arch_intrinsics.h"
+# else
+#  include "arch_32/arch_intrinsics.h"
+# endif
+
 # if (ARCH_WORD_BITS == 64)
 typedef uint64_t word_t, mask_t;
 typedef uint128_t dword_t;
-- 
cgit v1.2.3