Coverage Report

Created: 2026-02-07 06:16

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/BearSSL/src/inner.h
Line
Count
Source
1
/*
2
 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3
 *
4
 * Permission is hereby granted, free of charge, to any person obtaining 
5
 * a copy of this software and associated documentation files (the
6
 * "Software"), to deal in the Software without restriction, including
7
 * without limitation the rights to use, copy, modify, merge, publish,
8
 * distribute, sublicense, and/or sell copies of the Software, and to
9
 * permit persons to whom the Software is furnished to do so, subject to
10
 * the following conditions:
11
 *
12
 * The above copyright notice and this permission notice shall be 
13
 * included in all copies or substantial portions of the Software.
14
 *
15
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 
16
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 
18
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19
 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20
 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22
 * SOFTWARE.
23
 */
24
25
#ifndef INNER_H__
26
#define INNER_H__
27
28
#include <string.h>
29
#include <limits.h>
30
31
#include "config.h"
32
#include "bearssl.h"
33
34
/*
35
 * On MSVC, disable the warning about applying unary minus on an
36
 * unsigned type: it is standard, we do it all the time, and for
37
 * good reasons.
38
 */
39
#if _MSC_VER
40
#pragma warning( disable : 4146 )
41
#endif
42
43
/*
44
 * Maximum size for a RSA modulus (in bits). Allocated stack buffers
45
 * depend on that size, so this value should be kept small. Currently,
46
 * 2048-bit RSA keys offer adequate security, and should still do so for
47
 * the next few decades; however, a number of widespread PKI have
48
 * already set their root keys to RSA-4096, so we should be able to
49
 * process such keys.
50
 *
51
 * This value MUST be a multiple of 64. This value MUST NOT exceed 47666
52
 * (some computations in RSA key generation rely on the factor size being
53
 * no more than 23833 bits). RSA key sizes beyond 3072 bits don't make a
54
 * lot of sense anyway.
55
 */
56
#define BR_MAX_RSA_SIZE   4096
57
58
/*
59
 * Minimum size for a RSA modulus (in bits); this value is used only to
60
 * filter out invalid parameters for key pair generation. Normally,
61
 * applications should not use RSA keys smaller than 2048 bits; but some
62
 * specific cases might need shorter keys, for legacy or research
63
 * purposes.
64
 */
65
#define BR_MIN_RSA_SIZE   512
66
67
/*
68
 * Maximum size for a RSA factor (in bits). This is for RSA private-key
69
 * operations. Default is to support factors up to a bit more than half
70
 * the maximum modulus size.
71
 *
72
 * This value MUST be a multiple of 32.
73
 */
74
#define BR_MAX_RSA_FACTOR   ((BR_MAX_RSA_SIZE + 64) >> 1)
75
76
/*
77
 * Maximum size for an EC curve (modulus or order), in bits. Size of
78
 * stack buffers depends on that parameter. This size MUST be a multiple
79
 * of 8 (so that decoding an integer with that many bytes does not
80
 * overflow).
81
 */
82
14.8M
#define BR_MAX_EC_SIZE   528
83
84
/*
85
 * Some macros to recognize the current architecture. Right now, we are
86
 * interested into automatically recognizing architecture with efficient
87
 * 64-bit types so that we may automatically use implementations that
88
 * use 64-bit registers in that case. Future versions may detect, e.g.,
89
 * availability of SSE2 intrinsics.
90
 *
91
 * If 'unsigned long' is a 64-bit type, then we assume that 64-bit types
92
 * are efficient. Otherwise, we rely on macros that depend on compiler,
93
 * OS and architecture. In any case, failure to detect the architecture
94
 * as 64-bit means that the 32-bit code will be used, and that code
95
 * works also on 64-bit architectures (the 64-bit code may simply be
96
 * more efficient).
97
 *
98
 * The test on 'unsigned long' should already catch most cases, the one
99
 * notable exception being Windows code where 'unsigned long' is kept to
100
 * 32-bit for compatibility with all the legacy code that liberally uses
101
 * the 'DWORD' type for 32-bit values.
102
 *
103
 * Macro names are taken from: http://nadeausoftware.com/articles/2012/02/c_c_tip_how_detect_processor_type_using_compiler_predefined_macros
104
 */
105
#ifndef BR_64
106
#if ((ULONG_MAX >> 31) >> 31) == 3
107
#define BR_64   1
108
#elif defined(__ia64) || defined(__itanium__) || defined(_M_IA64)
109
#define BR_64   1
110
#elif defined(__powerpc64__) || defined(__ppc64__) || defined(__PPC64__) \
111
  || defined(__64BIT__) || defined(_LP64) || defined(__LP64__)
112
#define BR_64   1
113
#elif defined(__sparc64__)
114
#define BR_64   1
115
#elif defined(__x86_64__) || defined(_M_X64)
116
#define BR_64   1
117
#elif defined(__aarch64__) || defined(_M_ARM64)
118
#define BR_64   1
119
#elif defined(__mips64)
120
#define BR_64   1
121
#endif
122
#endif
123
124
/*
125
 * Set BR_LOMUL on platforms where it makes sense.
126
 */
127
#ifndef BR_LOMUL
128
#if BR_ARMEL_CORTEXM_GCC
129
#define BR_LOMUL   1
130
#endif
131
#endif
132
133
/*
134
 * Architecture detection.
135
 */
136
#ifndef BR_i386
137
#if __i386__ || _M_IX86
138
#define BR_i386   1
139
#endif
140
#endif
141
142
#ifndef BR_amd64
143
#if __x86_64__ || _M_X64
144
#define BR_amd64   1
145
#endif
146
#endif
147
148
/*
149
 * Compiler brand and version.
150
 *
151
 * Implementations that use intrinsics need to detect the compiler type
152
 * and version because some specific actions may be needed to activate
153
 * the corresponding opcodes, both for header inclusion, and when using
154
 * them in a function.
155
 *
156
 * BR_GCC, BR_CLANG and BR_MSC will be set to 1 for, respectively, GCC,
157
 * Clang and MS Visual C. For each of them, sub-macros will be defined
158
 * for versions; each sub-macro is set whenever the compiler version is
159
 * at least as recent as the one corresponding to the macro.
160
 */
161
162
/*
163
 * GCC thresholds are on versions 4.4 to 4.9 and 5.0.
164
 */
165
#ifndef BR_GCC
166
#if __GNUC__ && !__clang__
167
#define BR_GCC   1
168
169
#if __GNUC__ > 4
170
#define BR_GCC_5_0   1
171
#elif __GNUC__ == 4 && __GNUC_MINOR__ >= 9
172
#define BR_GCC_4_9   1
173
#elif __GNUC__ == 4 && __GNUC_MINOR__ >= 8
174
#define BR_GCC_4_8   1
175
#elif __GNUC__ == 4 && __GNUC_MINOR__ >= 7
176
#define BR_GCC_4_7   1
177
#elif __GNUC__ == 4 && __GNUC_MINOR__ >= 6
178
#define BR_GCC_4_6   1
179
#elif __GNUC__ == 4 && __GNUC_MINOR__ >= 5
180
#define BR_GCC_4_5   1
181
#elif __GNUC__ == 4 && __GNUC_MINOR__ >= 4
182
#define BR_GCC_4_4   1
183
#endif
184
185
#if BR_GCC_5_0
186
#define BR_GCC_4_9   1
187
#endif
188
#if BR_GCC_4_9
189
#define BR_GCC_4_8   1
190
#endif
191
#if BR_GCC_4_8
192
#define BR_GCC_4_7   1
193
#endif
194
#if BR_GCC_4_7
195
#define BR_GCC_4_6   1
196
#endif
197
#if BR_GCC_4_6
198
#define BR_GCC_4_5   1
199
#endif
200
#if BR_GCC_4_5
201
#define BR_GCC_4_4   1
202
#endif
203
204
#endif
205
#endif
206
207
/*
208
 * Clang thresholds are on versions 3.7.0 and 3.8.0.
209
 */
210
#ifndef BR_CLANG
211
#if __clang__
212
#define BR_CLANG   1
213
214
#if __clang_major__ > 3 || (__clang_major__ == 3 && __clang_minor__ >= 8)
215
#define BR_CLANG_3_8   1
216
#elif __clang_major__ == 3 && __clang_minor__ >= 7
217
#define BR_CLANG_3_7   1
218
#endif
219
220
#if BR_CLANG_3_8
221
#define BR_CLANG_3_7   1
222
#endif
223
224
#endif
225
#endif
226
227
/*
228
 * MS Visual C thresholds are on Visual Studio 2005 to 2015.
229
 */
230
#ifndef BR_MSC
231
#if _MSC_VER
232
#define BR_MSC   1
233
234
#if _MSC_VER >= 1900
235
#define BR_MSC_2015   1
236
#elif _MSC_VER >= 1800
237
#define BR_MSC_2013   1
238
#elif _MSC_VER >= 1700
239
#define BR_MSC_2012   1
240
#elif _MSC_VER >= 1600
241
#define BR_MSC_2010   1
242
#elif _MSC_VER >= 1500
243
#define BR_MSC_2008   1
244
#elif _MSC_VER >= 1400
245
#define BR_MSC_2005   1
246
#endif
247
248
#if BR_MSC_2015
249
#define BR_MSC_2013   1
250
#endif
251
#if BR_MSC_2013
252
#define BR_MSC_2012   1
253
#endif
254
#if BR_MSC_2012
255
#define BR_MSC_2010   1
256
#endif
257
#if BR_MSC_2010
258
#define BR_MSC_2008   1
259
#endif
260
#if BR_MSC_2008
261
#define BR_MSC_2005   1
262
#endif
263
264
#endif
265
#endif
266
267
/*
268
 * GCC 4.4+ and Clang 3.7+ allow tagging specific functions with a
269
 * 'target' attribute that activates support for specific opcodes.
270
 */
271
#if BR_GCC_4_4 || BR_CLANG_3_7
272
#define BR_TARGET(x)   __attribute__((target(x)))
273
#else
274
#define BR_TARGET(x)
275
#endif
276
277
/*
278
 * AES-NI intrinsics are available on x86 (32-bit and 64-bit) with
279
 * GCC 4.8+, Clang 3.7+ and MSC 2012+.
280
 */
281
#ifndef BR_AES_X86NI
282
#if (BR_i386 || BR_amd64) && (BR_GCC_4_8 || BR_CLANG_3_7 || BR_MSC_2012)
283
#define BR_AES_X86NI   1
284
#endif
285
#endif
286
287
/*
288
 * SSE2 intrinsics are available on x86 (32-bit and 64-bit) with
289
 * GCC 4.4+, Clang 3.7+ and MSC 2005+.
290
 */
291
#ifndef BR_SSE2
292
#if (BR_i386 || BR_amd64) && (BR_GCC_4_4 || BR_CLANG_3_7 || BR_MSC_2005)
293
#define BR_SSE2   1
294
#endif
295
#endif
296
297
/*
298
 * RDRAND intrinsics are available on x86 (32-bit and 64-bit) with
299
 * GCC 4.6+, Clang 3.7+ and MSC 2012+.
300
 */
301
#ifndef BR_RDRAND
302
#if (BR_i386 || BR_amd64) && (BR_GCC_4_6 || BR_CLANG_3_7 || BR_MSC_2012)
303
#define BR_RDRAND   1
304
#endif
305
#endif
306
307
/*
308
 * Determine type of OS for random number generation. Macro names and
309
 * values are documented on:
310
 *    https://sourceforge.net/p/predef/wiki/OperatingSystems/
311
 *
312
 * Win32's CryptGenRandom() should be available on Windows systems.
313
 *
314
 * /dev/urandom should work on all Unix-like systems (including macOS X).
315
 *
316
 * getentropy() is present on Linux (Glibc 2.25+), FreeBSD (12.0+) and
317
 * OpenBSD (5.6+). For OpenBSD, there does not seem to be easy to use
318
 * macros to test the minimum version, so we just assume that it is
319
 * recent enough (last version without getentropy() has gone out of
320
 * support in May 2015).
321
 *
322
 * Ideally we should use getentropy() on macOS (10.12+) too, but I don't
323
 * know how to test the exact OS version with preprocessor macros.
324
 *
325
 * TODO: enrich the list of detected system.
326
 */
327
328
#ifndef BR_USE_URANDOM
329
#if defined _AIX \
330
  || defined __ANDROID__ \
331
  || defined __FreeBSD__ \
332
  || defined __NetBSD__ \
333
  || defined __OpenBSD__ \
334
  || defined __DragonFly__ \
335
  || defined __linux__ \
336
  || (defined __sun && (defined __SVR4 || defined __svr4__)) \
337
  || (defined __APPLE__ && defined __MACH__)
338
#define BR_USE_URANDOM   1
339
#endif
340
#endif
341
342
#ifndef BR_USE_GETENTROPY
343
#if (defined __linux__ \
344
  && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 25))) \
345
  || (defined __FreeBSD__ && __FreeBSD__ >= 12) \
346
  || defined __OpenBSD__
347
#define BR_USE_GETENTROPY   1
348
#endif
349
#endif
350
351
#ifndef BR_USE_WIN32_RAND
352
#if defined _WIN32 || defined _WIN64
353
#define BR_USE_WIN32_RAND   1
354
#endif
355
#endif
356
357
/*
358
 * POWER8 crypto support. We rely on compiler macros for the
359
 * architecture, since we do not have a reliable, simple way to detect
360
 * the required support at runtime (we could try running an opcode, and
361
 * trapping the exception or signal on illegal instruction, but this
362
 * induces some non-trivial OS dependencies that we would prefer to
363
 * avoid if possible).
364
 */
365
#ifndef BR_POWER8
366
#if __GNUC__ && ((_ARCH_PWR8 || _ARCH_PPC) && __CRYPTO__)
367
#define BR_POWER8   1
368
#endif
369
#endif
370
371
/*
372
 * Detect endinanness on POWER8.
373
 */
374
#if BR_POWER8
375
#if defined BR_POWER8_LE
376
#undef BR_POWER8_BE
377
#if BR_POWER8_LE
378
#define BR_POWER8_BE   0
379
#else
380
#define BR_POWER8_BE   1
381
#endif
382
#elif defined BR_POWER8_BE
383
#undef BR_POWER8_LE
384
#if BR_POWER8_BE
385
#define BR_POWER8_LE   0
386
#else
387
#define BR_POWER8_LE   1
388
#endif
389
#else
390
#if __LITTLE_ENDIAN__
391
#define BR_POWER8_LE   1
392
#define BR_POWER8_BE   0
393
#else
394
#define BR_POWER8_LE   0
395
#define BR_POWER8_BE   1
396
#endif
397
#endif
398
#endif
399
400
/*
401
 * Detect support for 128-bit integers.
402
 */
403
#if !defined BR_INT128 && !defined BR_UMUL128
404
#ifdef __SIZEOF_INT128__
405
#define BR_INT128    1
406
#elif _M_X64
407
#define BR_UMUL128   1
408
#endif
409
#endif
410
411
/*
412
 * Detect support for unaligned accesses with known endianness.
413
 *
414
 *  x86 (both 32-bit and 64-bit) is little-endian and allows unaligned
415
 *  accesses.
416
 *
417
 *  POWER/PowerPC allows unaligned accesses when big-endian. POWER8 and
418
 *  later also allow unaligned accesses when little-endian.
419
 */
420
#if !defined BR_LE_UNALIGNED && !defined BR_BE_UNALIGNED
421
422
#if __i386 || __i386__ || __x86_64__ || _M_IX86 || _M_X64
423
#define BR_LE_UNALIGNED   1
424
#elif BR_POWER8_BE
425
#define BR_BE_UNALIGNED   1
426
#elif BR_POWER8_LE
427
#define BR_LE_UNALIGNED   1
428
#elif (__powerpc__ || __powerpc64__ || _M_PPC || _ARCH_PPC || _ARCH_PPC64) \
429
  && __BIG_ENDIAN__
430
#define BR_BE_UNALIGNED   1
431
#endif
432
433
#endif
434
435
/*
436
 * Detect support for an OS-provided time source.
437
 */
438
439
#ifndef BR_USE_UNIX_TIME
440
#if defined __unix__ || defined __linux__ \
441
  || defined _POSIX_SOURCE || defined _POSIX_C_SOURCE \
442
  || (defined __APPLE__ && defined __MACH__)
443
#define BR_USE_UNIX_TIME   1
444
#endif
445
#endif
446
447
#ifndef BR_USE_WIN32_TIME
448
#if defined _WIN32 || defined _WIN64
449
#define BR_USE_WIN32_TIME   1
450
#endif
451
#endif
452
453
/* ==================================================================== */
454
/*
455
 * Encoding/decoding functions.
456
 *
457
 * 32-bit and 64-bit decoding, both little-endian and big-endian, is
458
 * implemented with the inline functions below.
459
 *
460
 * When allowed by some compile-time options (autodetected or provided),
461
 * optimised code is used, to perform direct memory access when the
462
 * underlying architecture supports it, both for endianness and
463
 * alignment. This, however, may trigger strict aliasing issues; the
464
 * code below uses unions to perform (supposedly) safe type punning.
465
 * Since the C aliasing rules are relatively complex and were amended,
466
 * or at least re-explained with different phrasing, in all successive
467
 * versions of the C standard, it is always a bit risky to bet that any
468
 * specific version of a C compiler got it right, for some notion of
469
 * "right".
470
 */
471
472
typedef union {
473
  uint16_t u;
474
  unsigned char b[sizeof(uint16_t)];
475
} br_union_u16;
476
477
typedef union {
478
  uint32_t u;
479
  unsigned char b[sizeof(uint32_t)];
480
} br_union_u32;
481
482
typedef union {
483
  uint64_t u;
484
  unsigned char b[sizeof(uint64_t)];
485
} br_union_u64;
486
487
static inline void
488
br_enc16le(void *dst, unsigned x)
489
0
{
490
0
#if BR_LE_UNALIGNED
491
0
  ((br_union_u16 *)dst)->u = x;
492
0
#else
493
0
  unsigned char *buf;
494
0
495
0
  buf = dst;
496
0
  buf[0] = (unsigned char)x;
497
0
  buf[1] = (unsigned char)(x >> 8);
498
0
#endif
499
0
}
Unexecuted instantiation: poly1305_ctmul.c:br_enc16le
Unexecuted instantiation: chacha20_sse2.c:br_enc16le
Unexecuted instantiation: chacha20_ct.c:br_enc16le
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_enc16le
Unexecuted instantiation: aes_x86ni.c:br_enc16le
Unexecuted instantiation: aes_small_ctrcbc.c:br_enc16le
Unexecuted instantiation: aes_ct_ctrcbc.c:br_enc16le
Unexecuted instantiation: aes_ct_ctr.c:br_enc16le
Unexecuted instantiation: aes_ct64_ctrcbc.c:br_enc16le
Unexecuted instantiation: aes_ct64.c:br_enc16le
Unexecuted instantiation: aes_ct.c:br_enc16le
Unexecuted instantiation: aes_common.c:br_enc16le
Unexecuted instantiation: aes_big_ctrcbc.c:br_enc16le
Unexecuted instantiation: prf_md5sha1.c:br_enc16le
Unexecuted instantiation: prf.c:br_enc16le
Unexecuted instantiation: sysrng.c:br_enc16le
Unexecuted instantiation: hmac_drbg.c:br_enc16le
Unexecuted instantiation: hmac.c:br_enc16le
Unexecuted instantiation: shake.c:br_enc16le
Unexecuted instantiation: hkdf.c:br_enc16le
Unexecuted instantiation: sha2small.c:br_enc16le
Unexecuted instantiation: sha2big.c:br_enc16le
Unexecuted instantiation: sha1.c:br_enc16le
Unexecuted instantiation: md5sha1.c:br_enc16le
Unexecuted instantiation: md5.c:br_enc16le
Unexecuted instantiation: ghash_ctmul32.c:br_enc16le
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_enc16le
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_enc16le
Unexecuted instantiation: ecdsa_i31_bits.c:br_enc16le
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_enc16le
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_enc16le
Unexecuted instantiation: ecdsa_i15_bits.c:br_enc16le
Unexecuted instantiation: ec_secp521r1.c:br_enc16le
Unexecuted instantiation: ec_secp384r1.c:br_enc16le
Unexecuted instantiation: ec_secp256r1.c:br_enc16le
Unexecuted instantiation: ec_pubkey.c:br_enc16le
Unexecuted instantiation: ec_prime_i31.c:br_enc16le
Unexecuted instantiation: ec_prime_i15.c:br_enc16le
Unexecuted instantiation: ec_p256_m64.c:br_enc16le
Unexecuted instantiation: ec_p256_m62.c:br_enc16le
Unexecuted instantiation: ec_p256_m31.c:br_enc16le
Unexecuted instantiation: ec_p256_m15.c:br_enc16le
Unexecuted instantiation: ec_keygen.c:br_enc16le
Unexecuted instantiation: ec_default.c:br_enc16le
Unexecuted instantiation: ec_c25519_m64.c:br_enc16le
Unexecuted instantiation: ec_c25519_m62.c:br_enc16le
Unexecuted instantiation: ec_c25519_m31.c:br_enc16le
Unexecuted instantiation: ec_c25519_m15.c:br_enc16le
Unexecuted instantiation: ec_c25519_i31.c:br_enc16le
Unexecuted instantiation: ec_c25519_i15.c:br_enc16le
Unexecuted instantiation: ec_all_m31.c:br_enc16le
Unexecuted instantiation: enc64be.c:br_enc16le
Unexecuted instantiation: enc32le.c:br_enc16le
Unexecuted instantiation: enc32be.c:br_enc16le
Unexecuted instantiation: dec64be.c:br_enc16le
Unexecuted instantiation: dec32le.c:br_enc16le
Unexecuted instantiation: dec32be.c:br_enc16le
Unexecuted instantiation: ccopy.c:br_enc16le
Unexecuted instantiation: gcm.c:br_enc16le
Unexecuted instantiation: ccm.c:br_enc16le
Unexecuted instantiation: aes_small_enc.c:br_enc16le
Unexecuted instantiation: aes_ct_enc.c:br_enc16le
Unexecuted instantiation: aes_ct64_enc.c:br_enc16le
Unexecuted instantiation: aes_big_enc.c:br_enc16le
Unexecuted instantiation: i31_sub.c:br_enc16le
Unexecuted instantiation: i31_rshift.c:br_enc16le
Unexecuted instantiation: i31_ninv31.c:br_enc16le
Unexecuted instantiation: i31_montmul.c:br_enc16le
Unexecuted instantiation: i31_modpow.c:br_enc16le
Unexecuted instantiation: i31_iszero.c:br_enc16le
Unexecuted instantiation: i31_fmont.c:br_enc16le
Unexecuted instantiation: i31_encode.c:br_enc16le
Unexecuted instantiation: i31_decode.c:br_enc16le
Unexecuted instantiation: i31_decmod.c:br_enc16le
Unexecuted instantiation: i31_bitlen.c:br_enc16le
Unexecuted instantiation: i31_add.c:br_enc16le
Unexecuted instantiation: i15_sub.c:br_enc16le
Unexecuted instantiation: i15_rshift.c:br_enc16le
Unexecuted instantiation: i15_ninv15.c:br_enc16le
Unexecuted instantiation: i15_montmul.c:br_enc16le
Unexecuted instantiation: i15_modpow.c:br_enc16le
Unexecuted instantiation: i15_iszero.c:br_enc16le
Unexecuted instantiation: i15_fmont.c:br_enc16le
Unexecuted instantiation: i15_encode.c:br_enc16le
Unexecuted instantiation: i15_decode.c:br_enc16le
Unexecuted instantiation: i15_decmod.c:br_enc16le
Unexecuted instantiation: i15_bitlen.c:br_enc16le
Unexecuted instantiation: i15_add.c:br_enc16le
Unexecuted instantiation: i31_tmont.c:br_enc16le
Unexecuted instantiation: i31_muladd.c:br_enc16le
Unexecuted instantiation: i15_tmont.c:br_enc16le
Unexecuted instantiation: i15_muladd.c:br_enc16le
Unexecuted instantiation: i32_div32.c:br_enc16le
500
501
static inline void
502
br_enc16be(void *dst, unsigned x)
503
479
{
504
#if BR_BE_UNALIGNED
505
  ((br_union_u16 *)dst)->u = x;
506
#else
507
479
  unsigned char *buf;
508
509
479
  buf = dst;
510
479
  buf[0] = (unsigned char)(x >> 8);
511
479
  buf[1] = (unsigned char)x;
512
479
#endif
513
479
}
Unexecuted instantiation: poly1305_ctmul.c:br_enc16be
Unexecuted instantiation: chacha20_sse2.c:br_enc16be
Unexecuted instantiation: chacha20_ct.c:br_enc16be
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_enc16be
Unexecuted instantiation: aes_x86ni.c:br_enc16be
Unexecuted instantiation: aes_small_ctrcbc.c:br_enc16be
Unexecuted instantiation: aes_ct_ctrcbc.c:br_enc16be
Unexecuted instantiation: aes_ct_ctr.c:br_enc16be
Unexecuted instantiation: aes_ct64_ctrcbc.c:br_enc16be
Unexecuted instantiation: aes_ct64.c:br_enc16be
Unexecuted instantiation: aes_ct.c:br_enc16be
Unexecuted instantiation: aes_common.c:br_enc16be
Unexecuted instantiation: aes_big_ctrcbc.c:br_enc16be
Unexecuted instantiation: prf_md5sha1.c:br_enc16be
Unexecuted instantiation: prf.c:br_enc16be
Unexecuted instantiation: sysrng.c:br_enc16be
Unexecuted instantiation: hmac_drbg.c:br_enc16be
Unexecuted instantiation: hmac.c:br_enc16be
Unexecuted instantiation: shake.c:br_enc16be
Unexecuted instantiation: hkdf.c:br_enc16be
Unexecuted instantiation: sha2small.c:br_enc16be
Unexecuted instantiation: sha2big.c:br_enc16be
Unexecuted instantiation: sha1.c:br_enc16be
Unexecuted instantiation: md5sha1.c:br_enc16be
Unexecuted instantiation: md5.c:br_enc16be
Unexecuted instantiation: ghash_ctmul32.c:br_enc16be
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_enc16be
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_enc16be
Unexecuted instantiation: ecdsa_i31_bits.c:br_enc16be
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_enc16be
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_enc16be
Unexecuted instantiation: ecdsa_i15_bits.c:br_enc16be
Unexecuted instantiation: ec_secp521r1.c:br_enc16be
Unexecuted instantiation: ec_secp384r1.c:br_enc16be
Unexecuted instantiation: ec_secp256r1.c:br_enc16be
Unexecuted instantiation: ec_pubkey.c:br_enc16be
Unexecuted instantiation: ec_prime_i31.c:br_enc16be
Unexecuted instantiation: ec_prime_i15.c:br_enc16be
Unexecuted instantiation: ec_p256_m64.c:br_enc16be
Unexecuted instantiation: ec_p256_m62.c:br_enc16be
Unexecuted instantiation: ec_p256_m31.c:br_enc16be
Unexecuted instantiation: ec_p256_m15.c:br_enc16be
Unexecuted instantiation: ec_keygen.c:br_enc16be
Unexecuted instantiation: ec_default.c:br_enc16be
Unexecuted instantiation: ec_c25519_m64.c:br_enc16be
Unexecuted instantiation: ec_c25519_m62.c:br_enc16be
Unexecuted instantiation: ec_c25519_m31.c:br_enc16be
Unexecuted instantiation: ec_c25519_m15.c:br_enc16be
Unexecuted instantiation: ec_c25519_i31.c:br_enc16be
Unexecuted instantiation: ec_c25519_i15.c:br_enc16be
Unexecuted instantiation: ec_all_m31.c:br_enc16be
Unexecuted instantiation: enc64be.c:br_enc16be
Unexecuted instantiation: enc32le.c:br_enc16be
Unexecuted instantiation: enc32be.c:br_enc16be
Unexecuted instantiation: dec64be.c:br_enc16be
Unexecuted instantiation: dec32le.c:br_enc16be
Unexecuted instantiation: dec32be.c:br_enc16be
Unexecuted instantiation: ccopy.c:br_enc16be
Unexecuted instantiation: gcm.c:br_enc16be
ccm.c:br_enc16be
Line
Count
Source
503
479
{
504
#if BR_BE_UNALIGNED
505
  ((br_union_u16 *)dst)->u = x;
506
#else
507
479
  unsigned char *buf;
508
509
479
  buf = dst;
510
479
  buf[0] = (unsigned char)(x >> 8);
511
479
  buf[1] = (unsigned char)x;
512
479
#endif
513
479
}
Unexecuted instantiation: aes_small_enc.c:br_enc16be
Unexecuted instantiation: aes_ct_enc.c:br_enc16be
Unexecuted instantiation: aes_ct64_enc.c:br_enc16be
Unexecuted instantiation: aes_big_enc.c:br_enc16be
Unexecuted instantiation: i31_sub.c:br_enc16be
Unexecuted instantiation: i31_rshift.c:br_enc16be
Unexecuted instantiation: i31_ninv31.c:br_enc16be
Unexecuted instantiation: i31_montmul.c:br_enc16be
Unexecuted instantiation: i31_modpow.c:br_enc16be
Unexecuted instantiation: i31_iszero.c:br_enc16be
Unexecuted instantiation: i31_fmont.c:br_enc16be
Unexecuted instantiation: i31_encode.c:br_enc16be
Unexecuted instantiation: i31_decode.c:br_enc16be
Unexecuted instantiation: i31_decmod.c:br_enc16be
Unexecuted instantiation: i31_bitlen.c:br_enc16be
Unexecuted instantiation: i31_add.c:br_enc16be
Unexecuted instantiation: i15_sub.c:br_enc16be
Unexecuted instantiation: i15_rshift.c:br_enc16be
Unexecuted instantiation: i15_ninv15.c:br_enc16be
Unexecuted instantiation: i15_montmul.c:br_enc16be
Unexecuted instantiation: i15_modpow.c:br_enc16be
Unexecuted instantiation: i15_iszero.c:br_enc16be
Unexecuted instantiation: i15_fmont.c:br_enc16be
Unexecuted instantiation: i15_encode.c:br_enc16be
Unexecuted instantiation: i15_decode.c:br_enc16be
Unexecuted instantiation: i15_decmod.c:br_enc16be
Unexecuted instantiation: i15_bitlen.c:br_enc16be
Unexecuted instantiation: i15_add.c:br_enc16be
Unexecuted instantiation: i31_tmont.c:br_enc16be
Unexecuted instantiation: i31_muladd.c:br_enc16be
Unexecuted instantiation: i15_tmont.c:br_enc16be
Unexecuted instantiation: i15_muladd.c:br_enc16be
Unexecuted instantiation: i32_div32.c:br_enc16be
514
515
static inline unsigned
516
br_dec16le(const void *src)
517
0
{
518
0
#if BR_LE_UNALIGNED
519
0
  return ((const br_union_u16 *)src)->u;
520
0
#else
521
0
  const unsigned char *buf;
522
0
523
0
  buf = src;
524
0
  return (unsigned)buf[0] | ((unsigned)buf[1] << 8);
525
0
#endif
526
0
}
Unexecuted instantiation: poly1305_ctmul.c:br_dec16le
Unexecuted instantiation: chacha20_sse2.c:br_dec16le
Unexecuted instantiation: chacha20_ct.c:br_dec16le
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_dec16le
Unexecuted instantiation: aes_x86ni.c:br_dec16le
Unexecuted instantiation: aes_small_ctrcbc.c:br_dec16le
Unexecuted instantiation: aes_ct_ctrcbc.c:br_dec16le
Unexecuted instantiation: aes_ct_ctr.c:br_dec16le
Unexecuted instantiation: aes_ct64_ctrcbc.c:br_dec16le
Unexecuted instantiation: aes_ct64.c:br_dec16le
Unexecuted instantiation: aes_ct.c:br_dec16le
Unexecuted instantiation: aes_common.c:br_dec16le
Unexecuted instantiation: aes_big_ctrcbc.c:br_dec16le
Unexecuted instantiation: prf_md5sha1.c:br_dec16le
Unexecuted instantiation: prf.c:br_dec16le
Unexecuted instantiation: sysrng.c:br_dec16le
Unexecuted instantiation: hmac_drbg.c:br_dec16le
Unexecuted instantiation: hmac.c:br_dec16le
Unexecuted instantiation: shake.c:br_dec16le
Unexecuted instantiation: hkdf.c:br_dec16le
Unexecuted instantiation: sha2small.c:br_dec16le
Unexecuted instantiation: sha2big.c:br_dec16le
Unexecuted instantiation: sha1.c:br_dec16le
Unexecuted instantiation: md5sha1.c:br_dec16le
Unexecuted instantiation: md5.c:br_dec16le
Unexecuted instantiation: ghash_ctmul32.c:br_dec16le
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_dec16le
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_dec16le
Unexecuted instantiation: ecdsa_i31_bits.c:br_dec16le
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_dec16le
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_dec16le
Unexecuted instantiation: ecdsa_i15_bits.c:br_dec16le
Unexecuted instantiation: ec_secp521r1.c:br_dec16le
Unexecuted instantiation: ec_secp384r1.c:br_dec16le
Unexecuted instantiation: ec_secp256r1.c:br_dec16le
Unexecuted instantiation: ec_pubkey.c:br_dec16le
Unexecuted instantiation: ec_prime_i31.c:br_dec16le
Unexecuted instantiation: ec_prime_i15.c:br_dec16le
Unexecuted instantiation: ec_p256_m64.c:br_dec16le
Unexecuted instantiation: ec_p256_m62.c:br_dec16le
Unexecuted instantiation: ec_p256_m31.c:br_dec16le
Unexecuted instantiation: ec_p256_m15.c:br_dec16le
Unexecuted instantiation: ec_keygen.c:br_dec16le
Unexecuted instantiation: ec_default.c:br_dec16le
Unexecuted instantiation: ec_c25519_m64.c:br_dec16le
Unexecuted instantiation: ec_c25519_m62.c:br_dec16le
Unexecuted instantiation: ec_c25519_m31.c:br_dec16le
Unexecuted instantiation: ec_c25519_m15.c:br_dec16le
Unexecuted instantiation: ec_c25519_i31.c:br_dec16le
Unexecuted instantiation: ec_c25519_i15.c:br_dec16le
Unexecuted instantiation: ec_all_m31.c:br_dec16le
Unexecuted instantiation: enc64be.c:br_dec16le
Unexecuted instantiation: enc32le.c:br_dec16le
Unexecuted instantiation: enc32be.c:br_dec16le
Unexecuted instantiation: dec64be.c:br_dec16le
Unexecuted instantiation: dec32le.c:br_dec16le
Unexecuted instantiation: dec32be.c:br_dec16le
Unexecuted instantiation: ccopy.c:br_dec16le
Unexecuted instantiation: gcm.c:br_dec16le
Unexecuted instantiation: ccm.c:br_dec16le
Unexecuted instantiation: aes_small_enc.c:br_dec16le
Unexecuted instantiation: aes_ct_enc.c:br_dec16le
Unexecuted instantiation: aes_ct64_enc.c:br_dec16le
Unexecuted instantiation: aes_big_enc.c:br_dec16le
Unexecuted instantiation: i31_sub.c:br_dec16le
Unexecuted instantiation: i31_rshift.c:br_dec16le
Unexecuted instantiation: i31_ninv31.c:br_dec16le
Unexecuted instantiation: i31_montmul.c:br_dec16le
Unexecuted instantiation: i31_modpow.c:br_dec16le
Unexecuted instantiation: i31_iszero.c:br_dec16le
Unexecuted instantiation: i31_fmont.c:br_dec16le
Unexecuted instantiation: i31_encode.c:br_dec16le
Unexecuted instantiation: i31_decode.c:br_dec16le
Unexecuted instantiation: i31_decmod.c:br_dec16le
Unexecuted instantiation: i31_bitlen.c:br_dec16le
Unexecuted instantiation: i31_add.c:br_dec16le
Unexecuted instantiation: i15_sub.c:br_dec16le
Unexecuted instantiation: i15_rshift.c:br_dec16le
Unexecuted instantiation: i15_ninv15.c:br_dec16le
Unexecuted instantiation: i15_montmul.c:br_dec16le
Unexecuted instantiation: i15_modpow.c:br_dec16le
Unexecuted instantiation: i15_iszero.c:br_dec16le
Unexecuted instantiation: i15_fmont.c:br_dec16le
Unexecuted instantiation: i15_encode.c:br_dec16le
Unexecuted instantiation: i15_decode.c:br_dec16le
Unexecuted instantiation: i15_decmod.c:br_dec16le
Unexecuted instantiation: i15_bitlen.c:br_dec16le
Unexecuted instantiation: i15_add.c:br_dec16le
Unexecuted instantiation: i31_tmont.c:br_dec16le
Unexecuted instantiation: i31_muladd.c:br_dec16le
Unexecuted instantiation: i15_tmont.c:br_dec16le
Unexecuted instantiation: i15_muladd.c:br_dec16le
Unexecuted instantiation: i32_div32.c:br_dec16le
527
528
static inline unsigned
529
br_dec16be(const void *src)
530
0
{
531
0
#if BR_BE_UNALIGNED
532
0
  return ((const br_union_u16 *)src)->u;
533
0
#else
534
0
  const unsigned char *buf;
535
0
536
0
  buf = src;
537
0
  return ((unsigned)buf[0] << 8) | (unsigned)buf[1];
538
0
#endif
539
0
}
Unexecuted instantiation: poly1305_ctmul.c:br_dec16be
Unexecuted instantiation: chacha20_sse2.c:br_dec16be
Unexecuted instantiation: chacha20_ct.c:br_dec16be
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_dec16be
Unexecuted instantiation: aes_x86ni.c:br_dec16be
Unexecuted instantiation: aes_small_ctrcbc.c:br_dec16be
Unexecuted instantiation: aes_ct_ctrcbc.c:br_dec16be
Unexecuted instantiation: aes_ct_ctr.c:br_dec16be
Unexecuted instantiation: aes_ct64_ctrcbc.c:br_dec16be
Unexecuted instantiation: aes_ct64.c:br_dec16be
Unexecuted instantiation: aes_ct.c:br_dec16be
Unexecuted instantiation: aes_common.c:br_dec16be
Unexecuted instantiation: aes_big_ctrcbc.c:br_dec16be
Unexecuted instantiation: prf_md5sha1.c:br_dec16be
Unexecuted instantiation: prf.c:br_dec16be
Unexecuted instantiation: sysrng.c:br_dec16be
Unexecuted instantiation: hmac_drbg.c:br_dec16be
Unexecuted instantiation: hmac.c:br_dec16be
Unexecuted instantiation: shake.c:br_dec16be
Unexecuted instantiation: hkdf.c:br_dec16be
Unexecuted instantiation: sha2small.c:br_dec16be
Unexecuted instantiation: sha2big.c:br_dec16be
Unexecuted instantiation: sha1.c:br_dec16be
Unexecuted instantiation: md5sha1.c:br_dec16be
Unexecuted instantiation: md5.c:br_dec16be
Unexecuted instantiation: ghash_ctmul32.c:br_dec16be
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_dec16be
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_dec16be
Unexecuted instantiation: ecdsa_i31_bits.c:br_dec16be
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_dec16be
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_dec16be
Unexecuted instantiation: ecdsa_i15_bits.c:br_dec16be
Unexecuted instantiation: ec_secp521r1.c:br_dec16be
Unexecuted instantiation: ec_secp384r1.c:br_dec16be
Unexecuted instantiation: ec_secp256r1.c:br_dec16be
Unexecuted instantiation: ec_pubkey.c:br_dec16be
Unexecuted instantiation: ec_prime_i31.c:br_dec16be
Unexecuted instantiation: ec_prime_i15.c:br_dec16be
Unexecuted instantiation: ec_p256_m64.c:br_dec16be
Unexecuted instantiation: ec_p256_m62.c:br_dec16be
Unexecuted instantiation: ec_p256_m31.c:br_dec16be
Unexecuted instantiation: ec_p256_m15.c:br_dec16be
Unexecuted instantiation: ec_keygen.c:br_dec16be
Unexecuted instantiation: ec_default.c:br_dec16be
Unexecuted instantiation: ec_c25519_m64.c:br_dec16be
Unexecuted instantiation: ec_c25519_m62.c:br_dec16be
Unexecuted instantiation: ec_c25519_m31.c:br_dec16be
Unexecuted instantiation: ec_c25519_m15.c:br_dec16be
Unexecuted instantiation: ec_c25519_i31.c:br_dec16be
Unexecuted instantiation: ec_c25519_i15.c:br_dec16be
Unexecuted instantiation: ec_all_m31.c:br_dec16be
Unexecuted instantiation: enc64be.c:br_dec16be
Unexecuted instantiation: enc32le.c:br_dec16be
Unexecuted instantiation: enc32be.c:br_dec16be
Unexecuted instantiation: dec64be.c:br_dec16be
Unexecuted instantiation: dec32le.c:br_dec16be
Unexecuted instantiation: dec32be.c:br_dec16be
Unexecuted instantiation: ccopy.c:br_dec16be
Unexecuted instantiation: gcm.c:br_dec16be
Unexecuted instantiation: ccm.c:br_dec16be
Unexecuted instantiation: aes_small_enc.c:br_dec16be
Unexecuted instantiation: aes_ct_enc.c:br_dec16be
Unexecuted instantiation: aes_ct64_enc.c:br_dec16be
Unexecuted instantiation: aes_big_enc.c:br_dec16be
Unexecuted instantiation: i31_sub.c:br_dec16be
Unexecuted instantiation: i31_rshift.c:br_dec16be
Unexecuted instantiation: i31_ninv31.c:br_dec16be
Unexecuted instantiation: i31_montmul.c:br_dec16be
Unexecuted instantiation: i31_modpow.c:br_dec16be
Unexecuted instantiation: i31_iszero.c:br_dec16be
Unexecuted instantiation: i31_fmont.c:br_dec16be
Unexecuted instantiation: i31_encode.c:br_dec16be
Unexecuted instantiation: i31_decode.c:br_dec16be
Unexecuted instantiation: i31_decmod.c:br_dec16be
Unexecuted instantiation: i31_bitlen.c:br_dec16be
Unexecuted instantiation: i31_add.c:br_dec16be
Unexecuted instantiation: i15_sub.c:br_dec16be
Unexecuted instantiation: i15_rshift.c:br_dec16be
Unexecuted instantiation: i15_ninv15.c:br_dec16be
Unexecuted instantiation: i15_montmul.c:br_dec16be
Unexecuted instantiation: i15_modpow.c:br_dec16be
Unexecuted instantiation: i15_iszero.c:br_dec16be
Unexecuted instantiation: i15_fmont.c:br_dec16be
Unexecuted instantiation: i15_encode.c:br_dec16be
Unexecuted instantiation: i15_decode.c:br_dec16be
Unexecuted instantiation: i15_decmod.c:br_dec16be
Unexecuted instantiation: i15_bitlen.c:br_dec16be
Unexecuted instantiation: i15_add.c:br_dec16be
Unexecuted instantiation: i31_tmont.c:br_dec16be
Unexecuted instantiation: i31_muladd.c:br_dec16be
Unexecuted instantiation: i15_tmont.c:br_dec16be
Unexecuted instantiation: i15_muladd.c:br_dec16be
Unexecuted instantiation: i32_div32.c:br_dec16be
540
541
static inline void
542
br_enc32le(void *dst, uint32_t x)
543
701k
{
544
701k
#if BR_LE_UNALIGNED
545
701k
  ((br_union_u32 *)dst)->u = x;
546
#else
547
  unsigned char *buf;
548
549
  buf = dst;
550
  buf[0] = (unsigned char)x;
551
  buf[1] = (unsigned char)(x >> 8);
552
  buf[2] = (unsigned char)(x >> 16);
553
  buf[3] = (unsigned char)(x >> 24);
554
#endif
555
701k
}
poly1305_ctmul.c:br_enc32le
Line
Count
Source
543
2.84k
{
544
2.84k
#if BR_LE_UNALIGNED
545
2.84k
  ((br_union_u32 *)dst)->u = x;
546
#else
547
  unsigned char *buf;
548
549
  buf = dst;
550
  buf[0] = (unsigned char)x;
551
  buf[1] = (unsigned char)(x >> 8);
552
  buf[2] = (unsigned char)(x >> 16);
553
  buf[3] = (unsigned char)(x >> 24);
554
#endif
555
2.84k
}
Unexecuted instantiation: chacha20_sse2.c:br_enc32le
chacha20_ct.c:br_enc32le
Line
Count
Source
543
138k
{
544
138k
#if BR_LE_UNALIGNED
545
138k
  ((br_union_u32 *)dst)->u = x;
546
#else
547
  unsigned char *buf;
548
549
  buf = dst;
550
  buf[0] = (unsigned char)x;
551
  buf[1] = (unsigned char)(x >> 8);
552
  buf[2] = (unsigned char)(x >> 16);
553
  buf[3] = (unsigned char)(x >> 24);
554
#endif
555
138k
}
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_enc32le
Unexecuted instantiation: aes_x86ni.c:br_enc32le
Unexecuted instantiation: aes_small_ctrcbc.c:br_enc32le
aes_ct_ctrcbc.c:br_enc32le
Line
Count
Source
543
18.0k
{
544
18.0k
#if BR_LE_UNALIGNED
545
18.0k
  ((br_union_u32 *)dst)->u = x;
546
#else
547
  unsigned char *buf;
548
549
  buf = dst;
550
  buf[0] = (unsigned char)x;
551
  buf[1] = (unsigned char)(x >> 8);
552
  buf[2] = (unsigned char)(x >> 16);
553
  buf[3] = (unsigned char)(x >> 24);
554
#endif
555
18.0k
}
aes_ct_ctr.c:br_enc32le
Line
Count
Source
543
256k
{
544
256k
#if BR_LE_UNALIGNED
545
256k
  ((br_union_u32 *)dst)->u = x;
546
#else
547
  unsigned char *buf;
548
549
  buf = dst;
550
  buf[0] = (unsigned char)x;
551
  buf[1] = (unsigned char)(x >> 8);
552
  buf[2] = (unsigned char)(x >> 16);
553
  buf[3] = (unsigned char)(x >> 24);
554
#endif
555
256k
}
aes_ct64_ctrcbc.c:br_enc32le
Line
Count
Source
543
43.9k
{
544
43.9k
#if BR_LE_UNALIGNED
545
43.9k
  ((br_union_u32 *)dst)->u = x;
546
#else
547
  unsigned char *buf;
548
549
  buf = dst;
550
  buf[0] = (unsigned char)x;
551
  buf[1] = (unsigned char)(x >> 8);
552
  buf[2] = (unsigned char)(x >> 16);
553
  buf[3] = (unsigned char)(x >> 24);
554
#endif
555
43.9k
}
Unexecuted instantiation: aes_ct64.c:br_enc32le
Unexecuted instantiation: aes_ct.c:br_enc32le
Unexecuted instantiation: aes_common.c:br_enc32le
Unexecuted instantiation: aes_big_ctrcbc.c:br_enc32le
Unexecuted instantiation: prf_md5sha1.c:br_enc32le
Unexecuted instantiation: prf.c:br_enc32le
sysrng.c:br_enc32le
Line
Count
Source
543
16
{
544
16
#if BR_LE_UNALIGNED
545
16
  ((br_union_u32 *)dst)->u = x;
546
#else
547
  unsigned char *buf;
548
549
  buf = dst;
550
  buf[0] = (unsigned char)x;
551
  buf[1] = (unsigned char)(x >> 8);
552
  buf[2] = (unsigned char)(x >> 16);
553
  buf[3] = (unsigned char)(x >> 24);
554
#endif
555
16
}
Unexecuted instantiation: hmac_drbg.c:br_enc32le
Unexecuted instantiation: hmac.c:br_enc32le
Unexecuted instantiation: shake.c:br_enc32le
Unexecuted instantiation: hkdf.c:br_enc32le
Unexecuted instantiation: sha2small.c:br_enc32le
Unexecuted instantiation: sha2big.c:br_enc32le
Unexecuted instantiation: sha1.c:br_enc32le
Unexecuted instantiation: md5sha1.c:br_enc32le
Unexecuted instantiation: md5.c:br_enc32le
Unexecuted instantiation: ghash_ctmul32.c:br_enc32le
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_enc32le
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_enc32le
Unexecuted instantiation: ecdsa_i31_bits.c:br_enc32le
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_enc32le
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_enc32le
Unexecuted instantiation: ecdsa_i15_bits.c:br_enc32le
Unexecuted instantiation: ec_secp521r1.c:br_enc32le
Unexecuted instantiation: ec_secp384r1.c:br_enc32le
Unexecuted instantiation: ec_secp256r1.c:br_enc32le
Unexecuted instantiation: ec_pubkey.c:br_enc32le
Unexecuted instantiation: ec_prime_i31.c:br_enc32le
Unexecuted instantiation: ec_prime_i15.c:br_enc32le
Unexecuted instantiation: ec_p256_m64.c:br_enc32le
Unexecuted instantiation: ec_p256_m62.c:br_enc32le
Unexecuted instantiation: ec_p256_m31.c:br_enc32le
Unexecuted instantiation: ec_p256_m15.c:br_enc32le
Unexecuted instantiation: ec_keygen.c:br_enc32le
Unexecuted instantiation: ec_default.c:br_enc32le
Unexecuted instantiation: ec_c25519_m64.c:br_enc32le
Unexecuted instantiation: ec_c25519_m62.c:br_enc32le
Unexecuted instantiation: ec_c25519_m31.c:br_enc32le
Unexecuted instantiation: ec_c25519_m15.c:br_enc32le
Unexecuted instantiation: ec_c25519_i31.c:br_enc32le
Unexecuted instantiation: ec_c25519_i15.c:br_enc32le
Unexecuted instantiation: ec_all_m31.c:br_enc32le
Unexecuted instantiation: enc64be.c:br_enc32le
enc32le.c:br_enc32le
Line
Count
Source
543
241k
{
544
241k
#if BR_LE_UNALIGNED
545
241k
  ((br_union_u32 *)dst)->u = x;
546
#else
547
  unsigned char *buf;
548
549
  buf = dst;
550
  buf[0] = (unsigned char)x;
551
  buf[1] = (unsigned char)(x >> 8);
552
  buf[2] = (unsigned char)(x >> 16);
553
  buf[3] = (unsigned char)(x >> 24);
554
#endif
555
241k
}
Unexecuted instantiation: enc32be.c:br_enc32le
Unexecuted instantiation: dec64be.c:br_enc32le
Unexecuted instantiation: dec32le.c:br_enc32le
Unexecuted instantiation: dec32be.c:br_enc32le
Unexecuted instantiation: ccopy.c:br_enc32le
Unexecuted instantiation: gcm.c:br_enc32le
Unexecuted instantiation: ccm.c:br_enc32le
Unexecuted instantiation: aes_small_enc.c:br_enc32le
Unexecuted instantiation: aes_ct_enc.c:br_enc32le
Unexecuted instantiation: aes_ct64_enc.c:br_enc32le
Unexecuted instantiation: aes_big_enc.c:br_enc32le
Unexecuted instantiation: i31_sub.c:br_enc32le
Unexecuted instantiation: i31_rshift.c:br_enc32le
Unexecuted instantiation: i31_ninv31.c:br_enc32le
Unexecuted instantiation: i31_montmul.c:br_enc32le
Unexecuted instantiation: i31_modpow.c:br_enc32le
Unexecuted instantiation: i31_iszero.c:br_enc32le
Unexecuted instantiation: i31_fmont.c:br_enc32le
Unexecuted instantiation: i31_encode.c:br_enc32le
Unexecuted instantiation: i31_decode.c:br_enc32le
Unexecuted instantiation: i31_decmod.c:br_enc32le
Unexecuted instantiation: i31_bitlen.c:br_enc32le
Unexecuted instantiation: i31_add.c:br_enc32le
Unexecuted instantiation: i15_sub.c:br_enc32le
Unexecuted instantiation: i15_rshift.c:br_enc32le
Unexecuted instantiation: i15_ninv15.c:br_enc32le
Unexecuted instantiation: i15_montmul.c:br_enc32le
Unexecuted instantiation: i15_modpow.c:br_enc32le
Unexecuted instantiation: i15_iszero.c:br_enc32le
Unexecuted instantiation: i15_fmont.c:br_enc32le
Unexecuted instantiation: i15_encode.c:br_enc32le
Unexecuted instantiation: i15_decode.c:br_enc32le
Unexecuted instantiation: i15_decmod.c:br_enc32le
Unexecuted instantiation: i15_bitlen.c:br_enc32le
Unexecuted instantiation: i15_add.c:br_enc32le
Unexecuted instantiation: i31_tmont.c:br_enc32le
Unexecuted instantiation: i31_muladd.c:br_enc32le
Unexecuted instantiation: i15_tmont.c:br_enc32le
Unexecuted instantiation: i15_muladd.c:br_enc32le
Unexecuted instantiation: i32_div32.c:br_enc32le
556
557
static inline void
558
br_enc32be(void *dst, uint32_t x)
559
2.77M
{
560
#if BR_BE_UNALIGNED
561
  ((br_union_u32 *)dst)->u = x;
562
#else
563
2.77M
  unsigned char *buf;
564
565
2.77M
  buf = dst;
566
2.77M
  buf[0] = (unsigned char)(x >> 24);
567
2.77M
  buf[1] = (unsigned char)(x >> 16);
568
2.77M
  buf[2] = (unsigned char)(x >> 8);
569
2.77M
  buf[3] = (unsigned char)x;
570
2.77M
#endif
571
2.77M
}
Unexecuted instantiation: poly1305_ctmul.c:br_enc32be
Unexecuted instantiation: chacha20_sse2.c:br_enc32be
Unexecuted instantiation: chacha20_ct.c:br_enc32be
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_enc32be
Unexecuted instantiation: aes_x86ni.c:br_enc32be
aes_small_ctrcbc.c:br_enc32be
Line
Count
Source
559
11.0k
{
560
#if BR_BE_UNALIGNED
561
  ((br_union_u32 *)dst)->u = x;
562
#else
563
11.0k
  unsigned char *buf;
564
565
11.0k
  buf = dst;
566
11.0k
  buf[0] = (unsigned char)(x >> 24);
567
11.0k
  buf[1] = (unsigned char)(x >> 16);
568
11.0k
  buf[2] = (unsigned char)(x >> 8);
569
11.0k
  buf[3] = (unsigned char)x;
570
11.0k
#endif
571
11.0k
}
aes_ct_ctrcbc.c:br_enc32be
Line
Count
Source
559
6.90k
{
560
#if BR_BE_UNALIGNED
561
  ((br_union_u32 *)dst)->u = x;
562
#else
563
6.90k
  unsigned char *buf;
564
565
6.90k
  buf = dst;
566
6.90k
  buf[0] = (unsigned char)(x >> 24);
567
6.90k
  buf[1] = (unsigned char)(x >> 16);
568
6.90k
  buf[2] = (unsigned char)(x >> 8);
569
6.90k
  buf[3] = (unsigned char)x;
570
6.90k
#endif
571
6.90k
}
Unexecuted instantiation: aes_ct_ctr.c:br_enc32be
aes_ct64_ctrcbc.c:br_enc32be
Line
Count
Source
559
18.7k
{
560
#if BR_BE_UNALIGNED
561
  ((br_union_u32 *)dst)->u = x;
562
#else
563
18.7k
  unsigned char *buf;
564
565
18.7k
  buf = dst;
566
18.7k
  buf[0] = (unsigned char)(x >> 24);
567
18.7k
  buf[1] = (unsigned char)(x >> 16);
568
18.7k
  buf[2] = (unsigned char)(x >> 8);
569
18.7k
  buf[3] = (unsigned char)x;
570
18.7k
#endif
571
18.7k
}
Unexecuted instantiation: aes_ct64.c:br_enc32be
Unexecuted instantiation: aes_ct.c:br_enc32be
Unexecuted instantiation: aes_common.c:br_enc32be
aes_big_ctrcbc.c:br_enc32be
Line
Count
Source
559
179k
{
560
#if BR_BE_UNALIGNED
561
  ((br_union_u32 *)dst)->u = x;
562
#else
563
179k
  unsigned char *buf;
564
565
179k
  buf = dst;
566
179k
  buf[0] = (unsigned char)(x >> 24);
567
179k
  buf[1] = (unsigned char)(x >> 16);
568
179k
  buf[2] = (unsigned char)(x >> 8);
569
179k
  buf[3] = (unsigned char)x;
570
179k
#endif
571
179k
}
Unexecuted instantiation: prf_md5sha1.c:br_enc32be
Unexecuted instantiation: prf.c:br_enc32be
Unexecuted instantiation: sysrng.c:br_enc32be
Unexecuted instantiation: hmac_drbg.c:br_enc32be
Unexecuted instantiation: hmac.c:br_enc32be
Unexecuted instantiation: shake.c:br_enc32be
Unexecuted instantiation: hkdf.c:br_enc32be
sha2small.c:br_enc32be
Line
Count
Source
559
113k
{
560
#if BR_BE_UNALIGNED
561
  ((br_union_u32 *)dst)->u = x;
562
#else
563
113k
  unsigned char *buf;
564
565
113k
  buf = dst;
566
113k
  buf[0] = (unsigned char)(x >> 24);
567
113k
  buf[1] = (unsigned char)(x >> 16);
568
113k
  buf[2] = (unsigned char)(x >> 8);
569
113k
  buf[3] = (unsigned char)x;
570
113k
#endif
571
113k
}
sha2big.c:br_enc32be
Line
Count
Source
559
192k
{
560
#if BR_BE_UNALIGNED
561
  ((br_union_u32 *)dst)->u = x;
562
#else
563
192k
  unsigned char *buf;
564
565
192k
  buf = dst;
566
192k
  buf[0] = (unsigned char)(x >> 24);
567
192k
  buf[1] = (unsigned char)(x >> 16);
568
192k
  buf[2] = (unsigned char)(x >> 8);
569
192k
  buf[3] = (unsigned char)x;
570
192k
#endif
571
192k
}
sha1.c:br_enc32be
Line
Count
Source
559
80.5k
{
560
#if BR_BE_UNALIGNED
561
  ((br_union_u32 *)dst)->u = x;
562
#else
563
80.5k
  unsigned char *buf;
564
565
80.5k
  buf = dst;
566
80.5k
  buf[0] = (unsigned char)(x >> 24);
567
80.5k
  buf[1] = (unsigned char)(x >> 16);
568
80.5k
  buf[2] = (unsigned char)(x >> 8);
569
80.5k
  buf[3] = (unsigned char)x;
570
80.5k
#endif
571
80.5k
}
md5sha1.c:br_enc32be
Line
Count
Source
559
46.6k
{
560
#if BR_BE_UNALIGNED
561
  ((br_union_u32 *)dst)->u = x;
562
#else
563
46.6k
  unsigned char *buf;
564
565
46.6k
  buf = dst;
566
46.6k
  buf[0] = (unsigned char)(x >> 24);
567
46.6k
  buf[1] = (unsigned char)(x >> 16);
568
46.6k
  buf[2] = (unsigned char)(x >> 8);
569
46.6k
  buf[3] = (unsigned char)x;
570
46.6k
#endif
571
46.6k
}
Unexecuted instantiation: md5.c:br_enc32be
ghash_ctmul32.c:br_enc32be
Line
Count
Source
559
66.6k
{
560
#if BR_BE_UNALIGNED
561
  ((br_union_u32 *)dst)->u = x;
562
#else
563
66.6k
  unsigned char *buf;
564
565
66.6k
  buf = dst;
566
66.6k
  buf[0] = (unsigned char)(x >> 24);
567
66.6k
  buf[1] = (unsigned char)(x >> 16);
568
66.6k
  buf[2] = (unsigned char)(x >> 8);
569
66.6k
  buf[3] = (unsigned char)x;
570
66.6k
#endif
571
66.6k
}
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_enc32be
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_enc32be
Unexecuted instantiation: ecdsa_i31_bits.c:br_enc32be
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_enc32be
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_enc32be
Unexecuted instantiation: ecdsa_i15_bits.c:br_enc32be
Unexecuted instantiation: ec_secp521r1.c:br_enc32be
Unexecuted instantiation: ec_secp384r1.c:br_enc32be
Unexecuted instantiation: ec_secp256r1.c:br_enc32be
Unexecuted instantiation: ec_pubkey.c:br_enc32be
Unexecuted instantiation: ec_prime_i31.c:br_enc32be
Unexecuted instantiation: ec_prime_i15.c:br_enc32be
ec_p256_m64.c:br_enc32be
Line
Count
Source
559
13.5k
{
560
#if BR_BE_UNALIGNED
561
  ((br_union_u32 *)dst)->u = x;
562
#else
563
13.5k
  unsigned char *buf;
564
565
13.5k
  buf = dst;
566
13.5k
  buf[0] = (unsigned char)(x >> 24);
567
13.5k
  buf[1] = (unsigned char)(x >> 16);
568
13.5k
  buf[2] = (unsigned char)(x >> 8);
569
13.5k
  buf[3] = (unsigned char)x;
570
13.5k
#endif
571
13.5k
}
ec_p256_m62.c:br_enc32be
Line
Count
Source
559
1.31k
{
560
#if BR_BE_UNALIGNED
561
  ((br_union_u32 *)dst)->u = x;
562
#else
563
1.31k
  unsigned char *buf;
564
565
1.31k
  buf = dst;
566
1.31k
  buf[0] = (unsigned char)(x >> 24);
567
1.31k
  buf[1] = (unsigned char)(x >> 16);
568
1.31k
  buf[2] = (unsigned char)(x >> 8);
569
1.31k
  buf[3] = (unsigned char)x;
570
1.31k
#endif
571
1.31k
}
Unexecuted instantiation: ec_p256_m31.c:br_enc32be
Unexecuted instantiation: ec_p256_m15.c:br_enc32be
Unexecuted instantiation: ec_keygen.c:br_enc32be
Unexecuted instantiation: ec_default.c:br_enc32be
Unexecuted instantiation: ec_c25519_m64.c:br_enc32be
Unexecuted instantiation: ec_c25519_m62.c:br_enc32be
Unexecuted instantiation: ec_c25519_m31.c:br_enc32be
Unexecuted instantiation: ec_c25519_m15.c:br_enc32be
Unexecuted instantiation: ec_c25519_i31.c:br_enc32be
Unexecuted instantiation: ec_c25519_i15.c:br_enc32be
Unexecuted instantiation: ec_all_m31.c:br_enc32be
enc64be.c:br_enc32be
Line
Count
Source
559
721k
{
560
#if BR_BE_UNALIGNED
561
  ((br_union_u32 *)dst)->u = x;
562
#else
563
721k
  unsigned char *buf;
564
565
721k
  buf = dst;
566
721k
  buf[0] = (unsigned char)(x >> 24);
567
721k
  buf[1] = (unsigned char)(x >> 16);
568
721k
  buf[2] = (unsigned char)(x >> 8);
569
721k
  buf[3] = (unsigned char)x;
570
721k
#endif
571
721k
}
Unexecuted instantiation: enc32le.c:br_enc32be
enc32be.c:br_enc32be
Line
Count
Source
559
829k
{
560
#if BR_BE_UNALIGNED
561
  ((br_union_u32 *)dst)->u = x;
562
#else
563
829k
  unsigned char *buf;
564
565
829k
  buf = dst;
566
829k
  buf[0] = (unsigned char)(x >> 24);
567
829k
  buf[1] = (unsigned char)(x >> 16);
568
829k
  buf[2] = (unsigned char)(x >> 8);
569
829k
  buf[3] = (unsigned char)x;
570
829k
#endif
571
829k
}
Unexecuted instantiation: dec64be.c:br_enc32be
Unexecuted instantiation: dec32le.c:br_enc32be
Unexecuted instantiation: dec32be.c:br_enc32be
Unexecuted instantiation: ccopy.c:br_enc32be
gcm.c:br_enc32be
Line
Count
Source
559
5.47k
{
560
#if BR_BE_UNALIGNED
561
  ((br_union_u32 *)dst)->u = x;
562
#else
563
5.47k
  unsigned char *buf;
564
565
5.47k
  buf = dst;
566
5.47k
  buf[0] = (unsigned char)(x >> 24);
567
5.47k
  buf[1] = (unsigned char)(x >> 16);
568
5.47k
  buf[2] = (unsigned char)(x >> 8);
569
5.47k
  buf[3] = (unsigned char)x;
570
5.47k
#endif
571
5.47k
}
Unexecuted instantiation: ccm.c:br_enc32be
Unexecuted instantiation: aes_small_enc.c:br_enc32be
Unexecuted instantiation: aes_ct_enc.c:br_enc32be
Unexecuted instantiation: aes_ct64_enc.c:br_enc32be
aes_big_enc.c:br_enc32be
Line
Count
Source
559
323k
{
560
#if BR_BE_UNALIGNED
561
  ((br_union_u32 *)dst)->u = x;
562
#else
563
323k
  unsigned char *buf;
564
565
323k
  buf = dst;
566
323k
  buf[0] = (unsigned char)(x >> 24);
567
323k
  buf[1] = (unsigned char)(x >> 16);
568
323k
  buf[2] = (unsigned char)(x >> 8);
569
323k
  buf[3] = (unsigned char)x;
570
323k
#endif
571
323k
}
Unexecuted instantiation: i31_sub.c:br_enc32be
Unexecuted instantiation: i31_rshift.c:br_enc32be
Unexecuted instantiation: i31_ninv31.c:br_enc32be
Unexecuted instantiation: i31_montmul.c:br_enc32be
Unexecuted instantiation: i31_modpow.c:br_enc32be
Unexecuted instantiation: i31_iszero.c:br_enc32be
Unexecuted instantiation: i31_fmont.c:br_enc32be
i31_encode.c:br_enc32be
Line
Count
Source
559
160k
{
560
#if BR_BE_UNALIGNED
561
  ((br_union_u32 *)dst)->u = x;
562
#else
563
160k
  unsigned char *buf;
564
565
160k
  buf = dst;
566
160k
  buf[0] = (unsigned char)(x >> 24);
567
160k
  buf[1] = (unsigned char)(x >> 16);
568
160k
  buf[2] = (unsigned char)(x >> 8);
569
160k
  buf[3] = (unsigned char)x;
570
160k
#endif
571
160k
}
Unexecuted instantiation: i31_decode.c:br_enc32be
Unexecuted instantiation: i31_decmod.c:br_enc32be
Unexecuted instantiation: i31_bitlen.c:br_enc32be
Unexecuted instantiation: i31_add.c:br_enc32be
Unexecuted instantiation: i15_sub.c:br_enc32be
Unexecuted instantiation: i15_rshift.c:br_enc32be
Unexecuted instantiation: i15_ninv15.c:br_enc32be
Unexecuted instantiation: i15_montmul.c:br_enc32be
Unexecuted instantiation: i15_modpow.c:br_enc32be
Unexecuted instantiation: i15_iszero.c:br_enc32be
Unexecuted instantiation: i15_fmont.c:br_enc32be
Unexecuted instantiation: i15_encode.c:br_enc32be
Unexecuted instantiation: i15_decode.c:br_enc32be
Unexecuted instantiation: i15_decmod.c:br_enc32be
Unexecuted instantiation: i15_bitlen.c:br_enc32be
Unexecuted instantiation: i15_add.c:br_enc32be
Unexecuted instantiation: i31_tmont.c:br_enc32be
Unexecuted instantiation: i31_muladd.c:br_enc32be
Unexecuted instantiation: i15_tmont.c:br_enc32be
Unexecuted instantiation: i15_muladd.c:br_enc32be
Unexecuted instantiation: i32_div32.c:br_enc32be
572
573
static inline uint32_t
574
br_dec32le(const void *src)
575
3.43M
{
576
3.43M
#if BR_LE_UNALIGNED
577
3.43M
  return ((const br_union_u32 *)src)->u;
578
#else
579
  const unsigned char *buf;
580
581
  buf = src;
582
  return (uint32_t)buf[0]
583
    | ((uint32_t)buf[1] << 8)
584
    | ((uint32_t)buf[2] << 16)
585
    | ((uint32_t)buf[3] << 24);
586
#endif
587
3.43M
}
poly1305_ctmul.c:br_dec32le
Line
Count
Source
575
85.0k
{
576
85.0k
#if BR_LE_UNALIGNED
577
85.0k
  return ((const br_union_u32 *)src)->u;
578
#else
579
  const unsigned char *buf;
580
581
  buf = src;
582
  return (uint32_t)buf[0]
583
    | ((uint32_t)buf[1] << 8)
584
    | ((uint32_t)buf[2] << 16)
585
    | ((uint32_t)buf[3] << 24);
586
#endif
587
85.0k
}
Unexecuted instantiation: chacha20_sse2.c:br_dec32le
chacha20_ct.c:br_dec32le
Line
Count
Source
575
16.2k
{
576
16.2k
#if BR_LE_UNALIGNED
577
16.2k
  return ((const br_union_u32 *)src)->u;
578
#else
579
  const unsigned char *buf;
580
581
  buf = src;
582
  return (uint32_t)buf[0]
583
    | ((uint32_t)buf[1] << 8)
584
    | ((uint32_t)buf[2] << 16)
585
    | ((uint32_t)buf[3] << 24);
586
#endif
587
16.2k
}
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_dec32le
Unexecuted instantiation: aes_x86ni.c:br_dec32le
Unexecuted instantiation: aes_small_ctrcbc.c:br_dec32le
aes_ct_ctrcbc.c:br_dec32le
Line
Count
Source
575
17.1k
{
576
17.1k
#if BR_LE_UNALIGNED
577
17.1k
  return ((const br_union_u32 *)src)->u;
578
#else
579
  const unsigned char *buf;
580
581
  buf = src;
582
  return (uint32_t)buf[0]
583
    | ((uint32_t)buf[1] << 8)
584
    | ((uint32_t)buf[2] << 16)
585
    | ((uint32_t)buf[3] << 24);
586
#endif
587
17.1k
}
aes_ct_ctr.c:br_dec32le
Line
Count
Source
575
44.1k
{
576
44.1k
#if BR_LE_UNALIGNED
577
44.1k
  return ((const br_union_u32 *)src)->u;
578
#else
579
  const unsigned char *buf;
580
581
  buf = src;
582
  return (uint32_t)buf[0]
583
    | ((uint32_t)buf[1] << 8)
584
    | ((uint32_t)buf[2] << 16)
585
    | ((uint32_t)buf[3] << 24);
586
#endif
587
44.1k
}
aes_ct64_ctrcbc.c:br_dec32le
Line
Count
Source
575
50.1k
{
576
50.1k
#if BR_LE_UNALIGNED
577
50.1k
  return ((const br_union_u32 *)src)->u;
578
#else
579
  const unsigned char *buf;
580
581
  buf = src;
582
  return (uint32_t)buf[0]
583
    | ((uint32_t)buf[1] << 8)
584
    | ((uint32_t)buf[2] << 16)
585
    | ((uint32_t)buf[3] << 24);
586
#endif
587
50.1k
}
Unexecuted instantiation: aes_ct64.c:br_dec32le
aes_ct.c:br_dec32le
Line
Count
Source
575
9.54k
{
576
9.54k
#if BR_LE_UNALIGNED
577
9.54k
  return ((const br_union_u32 *)src)->u;
578
#else
579
  const unsigned char *buf;
580
581
  buf = src;
582
  return (uint32_t)buf[0]
583
    | ((uint32_t)buf[1] << 8)
584
    | ((uint32_t)buf[2] << 16)
585
    | ((uint32_t)buf[3] << 24);
586
#endif
587
9.54k
}
Unexecuted instantiation: aes_common.c:br_dec32le
Unexecuted instantiation: aes_big_ctrcbc.c:br_dec32le
Unexecuted instantiation: prf_md5sha1.c:br_dec32le
Unexecuted instantiation: prf.c:br_dec32le
Unexecuted instantiation: sysrng.c:br_dec32le
Unexecuted instantiation: hmac_drbg.c:br_dec32le
Unexecuted instantiation: hmac.c:br_dec32le
Unexecuted instantiation: shake.c:br_dec32le
Unexecuted instantiation: hkdf.c:br_dec32le
Unexecuted instantiation: sha2small.c:br_dec32le
Unexecuted instantiation: sha2big.c:br_dec32le
Unexecuted instantiation: sha1.c:br_dec32le
Unexecuted instantiation: md5sha1.c:br_dec32le
Unexecuted instantiation: md5.c:br_dec32le
Unexecuted instantiation: ghash_ctmul32.c:br_dec32le
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_dec32le
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_dec32le
Unexecuted instantiation: ecdsa_i31_bits.c:br_dec32le
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_dec32le
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_dec32le
Unexecuted instantiation: ecdsa_i15_bits.c:br_dec32le
Unexecuted instantiation: ec_secp521r1.c:br_dec32le
Unexecuted instantiation: ec_secp384r1.c:br_dec32le
Unexecuted instantiation: ec_secp256r1.c:br_dec32le
Unexecuted instantiation: ec_pubkey.c:br_dec32le
Unexecuted instantiation: ec_prime_i31.c:br_dec32le
Unexecuted instantiation: ec_prime_i15.c:br_dec32le
Unexecuted instantiation: ec_p256_m64.c:br_dec32le
Unexecuted instantiation: ec_p256_m62.c:br_dec32le
Unexecuted instantiation: ec_p256_m31.c:br_dec32le
Unexecuted instantiation: ec_p256_m15.c:br_dec32le
Unexecuted instantiation: ec_keygen.c:br_dec32le
Unexecuted instantiation: ec_default.c:br_dec32le
Unexecuted instantiation: ec_c25519_m64.c:br_dec32le
Unexecuted instantiation: ec_c25519_m62.c:br_dec32le
Unexecuted instantiation: ec_c25519_m31.c:br_dec32le
Unexecuted instantiation: ec_c25519_m15.c:br_dec32le
Unexecuted instantiation: ec_c25519_i31.c:br_dec32le
Unexecuted instantiation: ec_c25519_i15.c:br_dec32le
Unexecuted instantiation: ec_all_m31.c:br_dec32le
Unexecuted instantiation: enc64be.c:br_dec32le
Unexecuted instantiation: enc32le.c:br_dec32le
Unexecuted instantiation: enc32be.c:br_dec32le
Unexecuted instantiation: dec64be.c:br_dec32le
dec32le.c:br_dec32le
Line
Count
Source
575
3.21M
{
576
3.21M
#if BR_LE_UNALIGNED
577
3.21M
  return ((const br_union_u32 *)src)->u;
578
#else
579
  const unsigned char *buf;
580
581
  buf = src;
582
  return (uint32_t)buf[0]
583
    | ((uint32_t)buf[1] << 8)
584
    | ((uint32_t)buf[2] << 16)
585
    | ((uint32_t)buf[3] << 24);
586
#endif
587
3.21M
}
Unexecuted instantiation: dec32be.c:br_dec32le
Unexecuted instantiation: ccopy.c:br_dec32le
Unexecuted instantiation: gcm.c:br_dec32le
Unexecuted instantiation: ccm.c:br_dec32le
Unexecuted instantiation: aes_small_enc.c:br_dec32le
Unexecuted instantiation: aes_ct_enc.c:br_dec32le
Unexecuted instantiation: aes_ct64_enc.c:br_dec32le
Unexecuted instantiation: aes_big_enc.c:br_dec32le
Unexecuted instantiation: i31_sub.c:br_dec32le
Unexecuted instantiation: i31_rshift.c:br_dec32le
Unexecuted instantiation: i31_ninv31.c:br_dec32le
Unexecuted instantiation: i31_montmul.c:br_dec32le
Unexecuted instantiation: i31_modpow.c:br_dec32le
Unexecuted instantiation: i31_iszero.c:br_dec32le
Unexecuted instantiation: i31_fmont.c:br_dec32le
Unexecuted instantiation: i31_encode.c:br_dec32le
Unexecuted instantiation: i31_decode.c:br_dec32le
Unexecuted instantiation: i31_decmod.c:br_dec32le
Unexecuted instantiation: i31_bitlen.c:br_dec32le
Unexecuted instantiation: i31_add.c:br_dec32le
Unexecuted instantiation: i15_sub.c:br_dec32le
Unexecuted instantiation: i15_rshift.c:br_dec32le
Unexecuted instantiation: i15_ninv15.c:br_dec32le
Unexecuted instantiation: i15_montmul.c:br_dec32le
Unexecuted instantiation: i15_modpow.c:br_dec32le
Unexecuted instantiation: i15_iszero.c:br_dec32le
Unexecuted instantiation: i15_fmont.c:br_dec32le
Unexecuted instantiation: i15_encode.c:br_dec32le
Unexecuted instantiation: i15_decode.c:br_dec32le
Unexecuted instantiation: i15_decmod.c:br_dec32le
Unexecuted instantiation: i15_bitlen.c:br_dec32le
Unexecuted instantiation: i15_add.c:br_dec32le
Unexecuted instantiation: i31_tmont.c:br_dec32le
Unexecuted instantiation: i31_muladd.c:br_dec32le
Unexecuted instantiation: i15_tmont.c:br_dec32le
Unexecuted instantiation: i15_muladd.c:br_dec32le
Unexecuted instantiation: i32_div32.c:br_dec32le
588
589
static inline uint32_t
590
br_dec32be(const void *src)
591
28.9M
{
592
#if BR_BE_UNALIGNED
593
  return ((const br_union_u32 *)src)->u;
594
#else
595
28.9M
  const unsigned char *buf;
596
597
28.9M
  buf = src;
598
28.9M
  return ((uint32_t)buf[0] << 24)
599
28.9M
    | ((uint32_t)buf[1] << 16)
600
28.9M
    | ((uint32_t)buf[2] << 8)
601
28.9M
    | (uint32_t)buf[3];
602
28.9M
#endif
603
28.9M
}
Unexecuted instantiation: poly1305_ctmul.c:br_dec32be
Unexecuted instantiation: chacha20_sse2.c:br_dec32be
Unexecuted instantiation: chacha20_ct.c:br_dec32be
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_dec32be
Unexecuted instantiation: aes_x86ni.c:br_dec32be
aes_small_ctrcbc.c:br_dec32be
Line
Count
Source
591
4.18k
{
592
#if BR_BE_UNALIGNED
593
  return ((const br_union_u32 *)src)->u;
594
#else
595
4.18k
  const unsigned char *buf;
596
597
4.18k
  buf = src;
598
4.18k
  return ((uint32_t)buf[0] << 24)
599
4.18k
    | ((uint32_t)buf[1] << 16)
600
4.18k
    | ((uint32_t)buf[2] << 8)
601
4.18k
    | (uint32_t)buf[3];
602
4.18k
#endif
603
4.18k
}
aes_ct_ctrcbc.c:br_dec32be
Line
Count
Source
591
6.90k
{
592
#if BR_BE_UNALIGNED
593
  return ((const br_union_u32 *)src)->u;
594
#else
595
6.90k
  const unsigned char *buf;
596
597
6.90k
  buf = src;
598
6.90k
  return ((uint32_t)buf[0] << 24)
599
6.90k
    | ((uint32_t)buf[1] << 16)
600
6.90k
    | ((uint32_t)buf[2] << 8)
601
6.90k
    | (uint32_t)buf[3];
602
6.90k
#endif
603
6.90k
}
Unexecuted instantiation: aes_ct_ctr.c:br_dec32be
aes_ct64_ctrcbc.c:br_dec32be
Line
Count
Source
591
18.7k
{
592
#if BR_BE_UNALIGNED
593
  return ((const br_union_u32 *)src)->u;
594
#else
595
18.7k
  const unsigned char *buf;
596
597
18.7k
  buf = src;
598
18.7k
  return ((uint32_t)buf[0] << 24)
599
18.7k
    | ((uint32_t)buf[1] << 16)
600
18.7k
    | ((uint32_t)buf[2] << 8)
601
18.7k
    | (uint32_t)buf[3];
602
18.7k
#endif
603
18.7k
}
Unexecuted instantiation: aes_ct64.c:br_dec32be
Unexecuted instantiation: aes_ct.c:br_dec32be
aes_common.c:br_dec32be
Line
Count
Source
591
11.9k
{
592
#if BR_BE_UNALIGNED
593
  return ((const br_union_u32 *)src)->u;
594
#else
595
11.9k
  const unsigned char *buf;
596
597
11.9k
  buf = src;
598
11.9k
  return ((uint32_t)buf[0] << 24)
599
11.9k
    | ((uint32_t)buf[1] << 16)
600
11.9k
    | ((uint32_t)buf[2] << 8)
601
11.9k
    | (uint32_t)buf[3];
602
11.9k
#endif
603
11.9k
}
aes_big_ctrcbc.c:br_dec32be
Line
Count
Source
591
42.4k
{
592
#if BR_BE_UNALIGNED
593
  return ((const br_union_u32 *)src)->u;
594
#else
595
42.4k
  const unsigned char *buf;
596
597
42.4k
  buf = src;
598
42.4k
  return ((uint32_t)buf[0] << 24)
599
42.4k
    | ((uint32_t)buf[1] << 16)
600
42.4k
    | ((uint32_t)buf[2] << 8)
601
42.4k
    | (uint32_t)buf[3];
602
42.4k
#endif
603
42.4k
}
Unexecuted instantiation: prf_md5sha1.c:br_dec32be
Unexecuted instantiation: prf.c:br_dec32be
Unexecuted instantiation: sysrng.c:br_dec32be
Unexecuted instantiation: hmac_drbg.c:br_dec32be
Unexecuted instantiation: hmac.c:br_dec32be
Unexecuted instantiation: shake.c:br_dec32be
Unexecuted instantiation: hkdf.c:br_dec32be
Unexecuted instantiation: sha2small.c:br_dec32be
Unexecuted instantiation: sha2big.c:br_dec32be
Unexecuted instantiation: sha1.c:br_dec32be
Unexecuted instantiation: md5sha1.c:br_dec32be
Unexecuted instantiation: md5.c:br_dec32be
ghash_ctmul32.c:br_dec32be
Line
Count
Source
591
495k
{
592
#if BR_BE_UNALIGNED
593
  return ((const br_union_u32 *)src)->u;
594
#else
595
495k
  const unsigned char *buf;
596
597
495k
  buf = src;
598
495k
  return ((uint32_t)buf[0] << 24)
599
495k
    | ((uint32_t)buf[1] << 16)
600
495k
    | ((uint32_t)buf[2] << 8)
601
495k
    | (uint32_t)buf[3];
602
495k
#endif
603
495k
}
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_dec32be
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_dec32be
Unexecuted instantiation: ecdsa_i31_bits.c:br_dec32be
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_dec32be
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_dec32be
Unexecuted instantiation: ecdsa_i15_bits.c:br_dec32be
Unexecuted instantiation: ec_secp521r1.c:br_dec32be
Unexecuted instantiation: ec_secp384r1.c:br_dec32be
Unexecuted instantiation: ec_secp256r1.c:br_dec32be
Unexecuted instantiation: ec_pubkey.c:br_dec32be
Unexecuted instantiation: ec_prime_i31.c:br_dec32be
Unexecuted instantiation: ec_prime_i15.c:br_dec32be
ec_p256_m64.c:br_dec32be
Line
Count
Source
591
6.09k
{
592
#if BR_BE_UNALIGNED
593
  return ((const br_union_u32 *)src)->u;
594
#else
595
6.09k
  const unsigned char *buf;
596
597
6.09k
  buf = src;
598
6.09k
  return ((uint32_t)buf[0] << 24)
599
6.09k
    | ((uint32_t)buf[1] << 16)
600
6.09k
    | ((uint32_t)buf[2] << 8)
601
6.09k
    | (uint32_t)buf[3];
602
6.09k
#endif
603
6.09k
}
ec_p256_m62.c:br_dec32be
Line
Count
Source
591
672
{
592
#if BR_BE_UNALIGNED
593
  return ((const br_union_u32 *)src)->u;
594
#else
595
672
  const unsigned char *buf;
596
597
672
  buf = src;
598
672
  return ((uint32_t)buf[0] << 24)
599
672
    | ((uint32_t)buf[1] << 16)
600
672
    | ((uint32_t)buf[2] << 8)
601
672
    | (uint32_t)buf[3];
602
672
#endif
603
672
}
Unexecuted instantiation: ec_p256_m31.c:br_dec32be
Unexecuted instantiation: ec_p256_m15.c:br_dec32be
Unexecuted instantiation: ec_keygen.c:br_dec32be
Unexecuted instantiation: ec_default.c:br_dec32be
Unexecuted instantiation: ec_c25519_m64.c:br_dec32be
Unexecuted instantiation: ec_c25519_m62.c:br_dec32be
Unexecuted instantiation: ec_c25519_m31.c:br_dec32be
Unexecuted instantiation: ec_c25519_m15.c:br_dec32be
Unexecuted instantiation: ec_c25519_i31.c:br_dec32be
Unexecuted instantiation: ec_c25519_i15.c:br_dec32be
Unexecuted instantiation: ec_all_m31.c:br_dec32be
Unexecuted instantiation: enc64be.c:br_dec32be
Unexecuted instantiation: enc32le.c:br_dec32be
Unexecuted instantiation: enc32be.c:br_dec32be
dec64be.c:br_dec32be
Line
Count
Source
591
12.0M
{
592
#if BR_BE_UNALIGNED
593
  return ((const br_union_u32 *)src)->u;
594
#else
595
12.0M
  const unsigned char *buf;
596
597
12.0M
  buf = src;
598
12.0M
  return ((uint32_t)buf[0] << 24)
599
12.0M
    | ((uint32_t)buf[1] << 16)
600
12.0M
    | ((uint32_t)buf[2] << 8)
601
12.0M
    | (uint32_t)buf[3];
602
12.0M
#endif
603
12.0M
}
Unexecuted instantiation: dec32le.c:br_dec32be
dec32be.c:br_dec32be
Line
Count
Source
591
16.0M
{
592
#if BR_BE_UNALIGNED
593
  return ((const br_union_u32 *)src)->u;
594
#else
595
16.0M
  const unsigned char *buf;
596
597
16.0M
  buf = src;
598
16.0M
  return ((uint32_t)buf[0] << 24)
599
16.0M
    | ((uint32_t)buf[1] << 16)
600
16.0M
    | ((uint32_t)buf[2] << 8)
601
16.0M
    | (uint32_t)buf[3];
602
16.0M
#endif
603
16.0M
}
Unexecuted instantiation: ccopy.c:br_dec32be
gcm.c:br_dec32be
Line
Count
Source
591
1.42k
{
592
#if BR_BE_UNALIGNED
593
  return ((const br_union_u32 *)src)->u;
594
#else
595
1.42k
  const unsigned char *buf;
596
597
1.42k
  buf = src;
598
1.42k
  return ((uint32_t)buf[0] << 24)
599
1.42k
    | ((uint32_t)buf[1] << 16)
600
1.42k
    | ((uint32_t)buf[2] << 8)
601
1.42k
    | (uint32_t)buf[3];
602
1.42k
#endif
603
1.42k
}
Unexecuted instantiation: ccm.c:br_dec32be
Unexecuted instantiation: aes_small_enc.c:br_dec32be
Unexecuted instantiation: aes_ct_enc.c:br_dec32be
Unexecuted instantiation: aes_ct64_enc.c:br_dec32be
aes_big_enc.c:br_dec32be
Line
Count
Source
591
323k
{
592
#if BR_BE_UNALIGNED
593
  return ((const br_union_u32 *)src)->u;
594
#else
595
323k
  const unsigned char *buf;
596
597
323k
  buf = src;
598
323k
  return ((uint32_t)buf[0] << 24)
599
323k
    | ((uint32_t)buf[1] << 16)
600
323k
    | ((uint32_t)buf[2] << 8)
601
323k
    | (uint32_t)buf[3];
602
323k
#endif
603
323k
}
Unexecuted instantiation: i31_sub.c:br_dec32be
Unexecuted instantiation: i31_rshift.c:br_dec32be
Unexecuted instantiation: i31_ninv31.c:br_dec32be
Unexecuted instantiation: i31_montmul.c:br_dec32be
Unexecuted instantiation: i31_modpow.c:br_dec32be
Unexecuted instantiation: i31_iszero.c:br_dec32be
Unexecuted instantiation: i31_fmont.c:br_dec32be
Unexecuted instantiation: i31_encode.c:br_dec32be
Unexecuted instantiation: i31_decode.c:br_dec32be
Unexecuted instantiation: i31_decmod.c:br_dec32be
Unexecuted instantiation: i31_bitlen.c:br_dec32be
Unexecuted instantiation: i31_add.c:br_dec32be
Unexecuted instantiation: i15_sub.c:br_dec32be
Unexecuted instantiation: i15_rshift.c:br_dec32be
Unexecuted instantiation: i15_ninv15.c:br_dec32be
Unexecuted instantiation: i15_montmul.c:br_dec32be
Unexecuted instantiation: i15_modpow.c:br_dec32be
Unexecuted instantiation: i15_iszero.c:br_dec32be
Unexecuted instantiation: i15_fmont.c:br_dec32be
Unexecuted instantiation: i15_encode.c:br_dec32be
Unexecuted instantiation: i15_decode.c:br_dec32be
Unexecuted instantiation: i15_decmod.c:br_dec32be
Unexecuted instantiation: i15_bitlen.c:br_dec32be
Unexecuted instantiation: i15_add.c:br_dec32be
Unexecuted instantiation: i31_tmont.c:br_dec32be
Unexecuted instantiation: i31_muladd.c:br_dec32be
Unexecuted instantiation: i15_tmont.c:br_dec32be
Unexecuted instantiation: i15_muladd.c:br_dec32be
Unexecuted instantiation: i32_div32.c:br_dec32be
604
605
static inline void
606
br_enc64le(void *dst, uint64_t x)
607
63.8k
{
608
63.8k
#if BR_LE_UNALIGNED
609
63.8k
  ((br_union_u64 *)dst)->u = x;
610
#else
611
  unsigned char *buf;
612
613
  buf = dst;
614
  br_enc32le(buf, (uint32_t)x);
615
  br_enc32le(buf + 4, (uint32_t)(x >> 32));
616
#endif
617
63.8k
}
poly1305_ctmul.c:br_enc64le
Line
Count
Source
607
1.42k
{
608
1.42k
#if BR_LE_UNALIGNED
609
1.42k
  ((br_union_u64 *)dst)->u = x;
610
#else
611
  unsigned char *buf;
612
613
  buf = dst;
614
  br_enc32le(buf, (uint32_t)x);
615
  br_enc32le(buf + 4, (uint32_t)(x >> 32));
616
#endif
617
1.42k
}
Unexecuted instantiation: chacha20_sse2.c:br_enc64le
Unexecuted instantiation: chacha20_ct.c:br_enc64le
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_enc64le
Unexecuted instantiation: aes_x86ni.c:br_enc64le
Unexecuted instantiation: aes_small_ctrcbc.c:br_enc64le
Unexecuted instantiation: aes_ct_ctrcbc.c:br_enc64le
Unexecuted instantiation: aes_ct_ctr.c:br_enc64le
Unexecuted instantiation: aes_ct64_ctrcbc.c:br_enc64le
Unexecuted instantiation: aes_ct64.c:br_enc64le
Unexecuted instantiation: aes_ct.c:br_enc64le
Unexecuted instantiation: aes_common.c:br_enc64le
Unexecuted instantiation: aes_big_ctrcbc.c:br_enc64le
Unexecuted instantiation: prf_md5sha1.c:br_enc64le
Unexecuted instantiation: prf.c:br_enc64le
Unexecuted instantiation: sysrng.c:br_enc64le
Unexecuted instantiation: hmac_drbg.c:br_enc64le
Unexecuted instantiation: hmac.c:br_enc64le
shake.c:br_enc64le
Line
Count
Source
607
7.55k
{
608
7.55k
#if BR_LE_UNALIGNED
609
7.55k
  ((br_union_u64 *)dst)->u = x;
610
#else
611
  unsigned char *buf;
612
613
  buf = dst;
614
  br_enc32le(buf, (uint32_t)x);
615
  br_enc32le(buf + 4, (uint32_t)(x >> 32));
616
#endif
617
7.55k
}
Unexecuted instantiation: hkdf.c:br_enc64le
Unexecuted instantiation: sha2small.c:br_enc64le
Unexecuted instantiation: sha2big.c:br_enc64le
Unexecuted instantiation: sha1.c:br_enc64le
md5sha1.c:br_enc64le
Line
Count
Source
607
23.3k
{
608
23.3k
#if BR_LE_UNALIGNED
609
23.3k
  ((br_union_u64 *)dst)->u = x;
610
#else
611
  unsigned char *buf;
612
613
  buf = dst;
614
  br_enc32le(buf, (uint32_t)x);
615
  br_enc32le(buf + 4, (uint32_t)(x >> 32));
616
#endif
617
23.3k
}
md5.c:br_enc64le
Line
Count
Source
607
30.3k
{
608
30.3k
#if BR_LE_UNALIGNED
609
30.3k
  ((br_union_u64 *)dst)->u = x;
610
#else
611
  unsigned char *buf;
612
613
  buf = dst;
614
  br_enc32le(buf, (uint32_t)x);
615
  br_enc32le(buf + 4, (uint32_t)(x >> 32));
616
#endif
617
30.3k
}
Unexecuted instantiation: ghash_ctmul32.c:br_enc64le
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_enc64le
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_enc64le
Unexecuted instantiation: ecdsa_i31_bits.c:br_enc64le
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_enc64le
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_enc64le
Unexecuted instantiation: ecdsa_i15_bits.c:br_enc64le
Unexecuted instantiation: ec_secp521r1.c:br_enc64le
Unexecuted instantiation: ec_secp384r1.c:br_enc64le
Unexecuted instantiation: ec_secp256r1.c:br_enc64le
Unexecuted instantiation: ec_pubkey.c:br_enc64le
Unexecuted instantiation: ec_prime_i31.c:br_enc64le
Unexecuted instantiation: ec_prime_i15.c:br_enc64le
Unexecuted instantiation: ec_p256_m64.c:br_enc64le
Unexecuted instantiation: ec_p256_m62.c:br_enc64le
Unexecuted instantiation: ec_p256_m31.c:br_enc64le
Unexecuted instantiation: ec_p256_m15.c:br_enc64le
Unexecuted instantiation: ec_keygen.c:br_enc64le
Unexecuted instantiation: ec_default.c:br_enc64le
ec_c25519_m64.c:br_enc64le
Line
Count
Source
607
1.14k
{
608
1.14k
#if BR_LE_UNALIGNED
609
1.14k
  ((br_union_u64 *)dst)->u = x;
610
#else
611
  unsigned char *buf;
612
613
  buf = dst;
614
  br_enc32le(buf, (uint32_t)x);
615
  br_enc32le(buf + 4, (uint32_t)(x >> 32));
616
#endif
617
1.14k
}
ec_c25519_m62.c:br_enc64le
Line
Count
Source
607
56
{
608
56
#if BR_LE_UNALIGNED
609
56
  ((br_union_u64 *)dst)->u = x;
610
#else
611
  unsigned char *buf;
612
613
  buf = dst;
614
  br_enc32le(buf, (uint32_t)x);
615
  br_enc32le(buf + 4, (uint32_t)(x >> 32));
616
#endif
617
56
}
Unexecuted instantiation: ec_c25519_m31.c:br_enc64le
Unexecuted instantiation: ec_c25519_m15.c:br_enc64le
Unexecuted instantiation: ec_c25519_i31.c:br_enc64le
Unexecuted instantiation: ec_c25519_i15.c:br_enc64le
Unexecuted instantiation: ec_all_m31.c:br_enc64le
Unexecuted instantiation: enc64be.c:br_enc64le
Unexecuted instantiation: enc32le.c:br_enc64le
Unexecuted instantiation: enc32be.c:br_enc64le
Unexecuted instantiation: dec64be.c:br_enc64le
Unexecuted instantiation: dec32le.c:br_enc64le
Unexecuted instantiation: dec32be.c:br_enc64le
Unexecuted instantiation: ccopy.c:br_enc64le
Unexecuted instantiation: gcm.c:br_enc64le
Unexecuted instantiation: ccm.c:br_enc64le
Unexecuted instantiation: aes_small_enc.c:br_enc64le
Unexecuted instantiation: aes_ct_enc.c:br_enc64le
Unexecuted instantiation: aes_ct64_enc.c:br_enc64le
Unexecuted instantiation: aes_big_enc.c:br_enc64le
Unexecuted instantiation: i31_sub.c:br_enc64le
Unexecuted instantiation: i31_rshift.c:br_enc64le
Unexecuted instantiation: i31_ninv31.c:br_enc64le
Unexecuted instantiation: i31_montmul.c:br_enc64le
Unexecuted instantiation: i31_modpow.c:br_enc64le
Unexecuted instantiation: i31_iszero.c:br_enc64le
Unexecuted instantiation: i31_fmont.c:br_enc64le
Unexecuted instantiation: i31_encode.c:br_enc64le
Unexecuted instantiation: i31_decode.c:br_enc64le
Unexecuted instantiation: i31_decmod.c:br_enc64le
Unexecuted instantiation: i31_bitlen.c:br_enc64le
Unexecuted instantiation: i31_add.c:br_enc64le
Unexecuted instantiation: i15_sub.c:br_enc64le
Unexecuted instantiation: i15_rshift.c:br_enc64le
Unexecuted instantiation: i15_ninv15.c:br_enc64le
Unexecuted instantiation: i15_montmul.c:br_enc64le
Unexecuted instantiation: i15_modpow.c:br_enc64le
Unexecuted instantiation: i15_iszero.c:br_enc64le
Unexecuted instantiation: i15_fmont.c:br_enc64le
Unexecuted instantiation: i15_encode.c:br_enc64le
Unexecuted instantiation: i15_decode.c:br_enc64le
Unexecuted instantiation: i15_decmod.c:br_enc64le
Unexecuted instantiation: i15_bitlen.c:br_enc64le
Unexecuted instantiation: i15_add.c:br_enc64le
Unexecuted instantiation: i31_tmont.c:br_enc64le
Unexecuted instantiation: i31_muladd.c:br_enc64le
Unexecuted instantiation: i15_tmont.c:br_enc64le
Unexecuted instantiation: i15_muladd.c:br_enc64le
Unexecuted instantiation: i32_div32.c:br_enc64le
618
619
static inline void
620
br_enc64be(void *dst, uint64_t x)
621
587k
{
622
#if BR_BE_UNALIGNED
623
  ((br_union_u64 *)dst)->u = x;
624
#else
625
587k
  unsigned char *buf;
626
627
587k
  buf = dst;
628
587k
  br_enc32be(buf, (uint32_t)(x >> 32));
629
587k
  br_enc32be(buf + 4, (uint32_t)x);
630
587k
#endif
631
587k
}
Unexecuted instantiation: poly1305_ctmul.c:br_enc64be
Unexecuted instantiation: chacha20_sse2.c:br_enc64be
Unexecuted instantiation: chacha20_ct.c:br_enc64be
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_enc64be
Unexecuted instantiation: aes_x86ni.c:br_enc64be
Unexecuted instantiation: aes_small_ctrcbc.c:br_enc64be
Unexecuted instantiation: aes_ct_ctrcbc.c:br_enc64be
Unexecuted instantiation: aes_ct_ctr.c:br_enc64be
Unexecuted instantiation: aes_ct64_ctrcbc.c:br_enc64be
Unexecuted instantiation: aes_ct64.c:br_enc64be
Unexecuted instantiation: aes_ct.c:br_enc64be
Unexecuted instantiation: aes_common.c:br_enc64be
Unexecuted instantiation: aes_big_ctrcbc.c:br_enc64be
Unexecuted instantiation: prf_md5sha1.c:br_enc64be
Unexecuted instantiation: prf.c:br_enc64be
Unexecuted instantiation: sysrng.c:br_enc64be
Unexecuted instantiation: hmac_drbg.c:br_enc64be
Unexecuted instantiation: hmac.c:br_enc64be
Unexecuted instantiation: shake.c:br_enc64be
Unexecuted instantiation: hkdf.c:br_enc64be
sha2small.c:br_enc64be
Line
Count
Source
621
56.5k
{
622
#if BR_BE_UNALIGNED
623
  ((br_union_u64 *)dst)->u = x;
624
#else
625
56.5k
  unsigned char *buf;
626
627
56.5k
  buf = dst;
628
56.5k
  br_enc32be(buf, (uint32_t)(x >> 32));
629
56.5k
  br_enc32be(buf + 4, (uint32_t)x);
630
56.5k
#endif
631
56.5k
}
sha2big.c:br_enc64be
Line
Count
Source
621
96.0k
{
622
#if BR_BE_UNALIGNED
623
  ((br_union_u64 *)dst)->u = x;
624
#else
625
96.0k
  unsigned char *buf;
626
627
96.0k
  buf = dst;
628
96.0k
  br_enc32be(buf, (uint32_t)(x >> 32));
629
96.0k
  br_enc32be(buf + 4, (uint32_t)x);
630
96.0k
#endif
631
96.0k
}
sha1.c:br_enc64be
Line
Count
Source
621
40.2k
{
622
#if BR_BE_UNALIGNED
623
  ((br_union_u64 *)dst)->u = x;
624
#else
625
40.2k
  unsigned char *buf;
626
627
40.2k
  buf = dst;
628
40.2k
  br_enc32be(buf, (uint32_t)(x >> 32));
629
40.2k
  br_enc32be(buf + 4, (uint32_t)x);
630
40.2k
#endif
631
40.2k
}
md5sha1.c:br_enc64be
Line
Count
Source
621
23.3k
{
622
#if BR_BE_UNALIGNED
623
  ((br_union_u64 *)dst)->u = x;
624
#else
625
23.3k
  unsigned char *buf;
626
627
23.3k
  buf = dst;
628
23.3k
  br_enc32be(buf, (uint32_t)(x >> 32));
629
23.3k
  br_enc32be(buf + 4, (uint32_t)x);
630
23.3k
#endif
631
23.3k
}
Unexecuted instantiation: md5.c:br_enc64be
Unexecuted instantiation: ghash_ctmul32.c:br_enc64be
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_enc64be
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_enc64be
Unexecuted instantiation: ecdsa_i31_bits.c:br_enc64be
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_enc64be
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_enc64be
Unexecuted instantiation: ecdsa_i15_bits.c:br_enc64be
Unexecuted instantiation: ec_secp521r1.c:br_enc64be
Unexecuted instantiation: ec_secp384r1.c:br_enc64be
Unexecuted instantiation: ec_secp256r1.c:br_enc64be
Unexecuted instantiation: ec_pubkey.c:br_enc64be
Unexecuted instantiation: ec_prime_i31.c:br_enc64be
Unexecuted instantiation: ec_prime_i15.c:br_enc64be
ec_p256_m64.c:br_enc64be
Line
Count
Source
621
6.77k
{
622
#if BR_BE_UNALIGNED
623
  ((br_union_u64 *)dst)->u = x;
624
#else
625
6.77k
  unsigned char *buf;
626
627
6.77k
  buf = dst;
628
6.77k
  br_enc32be(buf, (uint32_t)(x >> 32));
629
6.77k
  br_enc32be(buf + 4, (uint32_t)x);
630
6.77k
#endif
631
6.77k
}
ec_p256_m62.c:br_enc64be
Line
Count
Source
621
656
{
622
#if BR_BE_UNALIGNED
623
  ((br_union_u64 *)dst)->u = x;
624
#else
625
656
  unsigned char *buf;
626
627
656
  buf = dst;
628
656
  br_enc32be(buf, (uint32_t)(x >> 32));
629
656
  br_enc32be(buf + 4, (uint32_t)x);
630
656
#endif
631
656
}
Unexecuted instantiation: ec_p256_m31.c:br_enc64be
Unexecuted instantiation: ec_p256_m15.c:br_enc64be
Unexecuted instantiation: ec_keygen.c:br_enc64be
Unexecuted instantiation: ec_default.c:br_enc64be
Unexecuted instantiation: ec_c25519_m64.c:br_enc64be
Unexecuted instantiation: ec_c25519_m62.c:br_enc64be
Unexecuted instantiation: ec_c25519_m31.c:br_enc64be
Unexecuted instantiation: ec_c25519_m15.c:br_enc64be
Unexecuted instantiation: ec_c25519_i31.c:br_enc64be
Unexecuted instantiation: ec_c25519_i15.c:br_enc64be
Unexecuted instantiation: ec_all_m31.c:br_enc64be
enc64be.c:br_enc64be
Line
Count
Source
621
360k
{
622
#if BR_BE_UNALIGNED
623
  ((br_union_u64 *)dst)->u = x;
624
#else
625
360k
  unsigned char *buf;
626
627
360k
  buf = dst;
628
360k
  br_enc32be(buf, (uint32_t)(x >> 32));
629
360k
  br_enc32be(buf + 4, (uint32_t)x);
630
360k
#endif
631
360k
}
Unexecuted instantiation: enc32le.c:br_enc64be
Unexecuted instantiation: enc32be.c:br_enc64be
Unexecuted instantiation: dec64be.c:br_enc64be
Unexecuted instantiation: dec32le.c:br_enc64be
Unexecuted instantiation: dec32be.c:br_enc64be
Unexecuted instantiation: ccopy.c:br_enc64be
gcm.c:br_enc64be
Line
Count
Source
621
2.73k
{
622
#if BR_BE_UNALIGNED
623
  ((br_union_u64 *)dst)->u = x;
624
#else
625
2.73k
  unsigned char *buf;
626
627
2.73k
  buf = dst;
628
2.73k
  br_enc32be(buf, (uint32_t)(x >> 32));
629
2.73k
  br_enc32be(buf + 4, (uint32_t)x);
630
2.73k
#endif
631
2.73k
}
Unexecuted instantiation: ccm.c:br_enc64be
Unexecuted instantiation: aes_small_enc.c:br_enc64be
Unexecuted instantiation: aes_ct_enc.c:br_enc64be
Unexecuted instantiation: aes_ct64_enc.c:br_enc64be
Unexecuted instantiation: aes_big_enc.c:br_enc64be
Unexecuted instantiation: i31_sub.c:br_enc64be
Unexecuted instantiation: i31_rshift.c:br_enc64be
Unexecuted instantiation: i31_ninv31.c:br_enc64be
Unexecuted instantiation: i31_montmul.c:br_enc64be
Unexecuted instantiation: i31_modpow.c:br_enc64be
Unexecuted instantiation: i31_iszero.c:br_enc64be
Unexecuted instantiation: i31_fmont.c:br_enc64be
Unexecuted instantiation: i31_encode.c:br_enc64be
Unexecuted instantiation: i31_decode.c:br_enc64be
Unexecuted instantiation: i31_decmod.c:br_enc64be
Unexecuted instantiation: i31_bitlen.c:br_enc64be
Unexecuted instantiation: i31_add.c:br_enc64be
Unexecuted instantiation: i15_sub.c:br_enc64be
Unexecuted instantiation: i15_rshift.c:br_enc64be
Unexecuted instantiation: i15_ninv15.c:br_enc64be
Unexecuted instantiation: i15_montmul.c:br_enc64be
Unexecuted instantiation: i15_modpow.c:br_enc64be
Unexecuted instantiation: i15_iszero.c:br_enc64be
Unexecuted instantiation: i15_fmont.c:br_enc64be
Unexecuted instantiation: i15_encode.c:br_enc64be
Unexecuted instantiation: i15_decode.c:br_enc64be
Unexecuted instantiation: i15_decmod.c:br_enc64be
Unexecuted instantiation: i15_bitlen.c:br_enc64be
Unexecuted instantiation: i15_add.c:br_enc64be
Unexecuted instantiation: i31_tmont.c:br_enc64be
Unexecuted instantiation: i31_muladd.c:br_enc64be
Unexecuted instantiation: i15_tmont.c:br_enc64be
Unexecuted instantiation: i15_muladd.c:br_enc64be
Unexecuted instantiation: i32_div32.c:br_enc64be
632
633
static inline uint64_t
634
br_dec64le(const void *src)
635
766k
{
636
766k
#if BR_LE_UNALIGNED
637
766k
  return ((const br_union_u64 *)src)->u;
638
#else
639
  const unsigned char *buf;
640
641
  buf = src;
642
  return (uint64_t)br_dec32le(buf)
643
    | ((uint64_t)br_dec32le(buf + 4) << 32);
644
#endif
645
766k
}
Unexecuted instantiation: poly1305_ctmul.c:br_dec64le
Unexecuted instantiation: chacha20_sse2.c:br_dec64le
Unexecuted instantiation: chacha20_ct.c:br_dec64le
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_dec64le
Unexecuted instantiation: aes_x86ni.c:br_dec64le
Unexecuted instantiation: aes_small_ctrcbc.c:br_dec64le
Unexecuted instantiation: aes_ct_ctrcbc.c:br_dec64le
Unexecuted instantiation: aes_ct_ctr.c:br_dec64le
Unexecuted instantiation: aes_ct64_ctrcbc.c:br_dec64le
Unexecuted instantiation: aes_ct64.c:br_dec64le
Unexecuted instantiation: aes_ct.c:br_dec64le
Unexecuted instantiation: aes_common.c:br_dec64le
Unexecuted instantiation: aes_big_ctrcbc.c:br_dec64le
Unexecuted instantiation: prf_md5sha1.c:br_dec64le
Unexecuted instantiation: prf.c:br_dec64le
Unexecuted instantiation: sysrng.c:br_dec64le
Unexecuted instantiation: hmac_drbg.c:br_dec64le
Unexecuted instantiation: hmac.c:br_dec64le
shake.c:br_dec64le
Line
Count
Source
635
765k
{
636
765k
#if BR_LE_UNALIGNED
637
765k
  return ((const br_union_u64 *)src)->u;
638
#else
639
  const unsigned char *buf;
640
641
  buf = src;
642
  return (uint64_t)br_dec32le(buf)
643
    | ((uint64_t)br_dec32le(buf + 4) << 32);
644
#endif
645
765k
}
Unexecuted instantiation: hkdf.c:br_dec64le
Unexecuted instantiation: sha2small.c:br_dec64le
Unexecuted instantiation: sha2big.c:br_dec64le
Unexecuted instantiation: sha1.c:br_dec64le
Unexecuted instantiation: md5sha1.c:br_dec64le
Unexecuted instantiation: md5.c:br_dec64le
Unexecuted instantiation: ghash_ctmul32.c:br_dec64le
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_dec64le
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_dec64le
Unexecuted instantiation: ecdsa_i31_bits.c:br_dec64le
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_dec64le
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_dec64le
Unexecuted instantiation: ecdsa_i15_bits.c:br_dec64le
Unexecuted instantiation: ec_secp521r1.c:br_dec64le
Unexecuted instantiation: ec_secp384r1.c:br_dec64le
Unexecuted instantiation: ec_secp256r1.c:br_dec64le
Unexecuted instantiation: ec_pubkey.c:br_dec64le
Unexecuted instantiation: ec_prime_i31.c:br_dec64le
Unexecuted instantiation: ec_prime_i15.c:br_dec64le
Unexecuted instantiation: ec_p256_m64.c:br_dec64le
Unexecuted instantiation: ec_p256_m62.c:br_dec64le
Unexecuted instantiation: ec_p256_m31.c:br_dec64le
Unexecuted instantiation: ec_p256_m15.c:br_dec64le
Unexecuted instantiation: ec_keygen.c:br_dec64le
Unexecuted instantiation: ec_default.c:br_dec64le
ec_c25519_m64.c:br_dec64le
Line
Count
Source
635
1.14k
{
636
1.14k
#if BR_LE_UNALIGNED
637
1.14k
  return ((const br_union_u64 *)src)->u;
638
#else
639
  const unsigned char *buf;
640
641
  buf = src;
642
  return (uint64_t)br_dec32le(buf)
643
    | ((uint64_t)br_dec32le(buf + 4) << 32);
644
#endif
645
1.14k
}
ec_c25519_m62.c:br_dec64le
Line
Count
Source
635
70
{
636
70
#if BR_LE_UNALIGNED
637
70
  return ((const br_union_u64 *)src)->u;
638
#else
639
  const unsigned char *buf;
640
641
  buf = src;
642
  return (uint64_t)br_dec32le(buf)
643
    | ((uint64_t)br_dec32le(buf + 4) << 32);
644
#endif
645
70
}
Unexecuted instantiation: ec_c25519_m31.c:br_dec64le
Unexecuted instantiation: ec_c25519_m15.c:br_dec64le
Unexecuted instantiation: ec_c25519_i31.c:br_dec64le
Unexecuted instantiation: ec_c25519_i15.c:br_dec64le
Unexecuted instantiation: ec_all_m31.c:br_dec64le
Unexecuted instantiation: enc64be.c:br_dec64le
Unexecuted instantiation: enc32le.c:br_dec64le
Unexecuted instantiation: enc32be.c:br_dec64le
Unexecuted instantiation: dec64be.c:br_dec64le
Unexecuted instantiation: dec32le.c:br_dec64le
Unexecuted instantiation: dec32be.c:br_dec64le
Unexecuted instantiation: ccopy.c:br_dec64le
Unexecuted instantiation: gcm.c:br_dec64le
Unexecuted instantiation: ccm.c:br_dec64le
Unexecuted instantiation: aes_small_enc.c:br_dec64le
Unexecuted instantiation: aes_ct_enc.c:br_dec64le
Unexecuted instantiation: aes_ct64_enc.c:br_dec64le
Unexecuted instantiation: aes_big_enc.c:br_dec64le
Unexecuted instantiation: i31_sub.c:br_dec64le
Unexecuted instantiation: i31_rshift.c:br_dec64le
Unexecuted instantiation: i31_ninv31.c:br_dec64le
Unexecuted instantiation: i31_montmul.c:br_dec64le
Unexecuted instantiation: i31_modpow.c:br_dec64le
Unexecuted instantiation: i31_iszero.c:br_dec64le
Unexecuted instantiation: i31_fmont.c:br_dec64le
Unexecuted instantiation: i31_encode.c:br_dec64le
Unexecuted instantiation: i31_decode.c:br_dec64le
Unexecuted instantiation: i31_decmod.c:br_dec64le
Unexecuted instantiation: i31_bitlen.c:br_dec64le
Unexecuted instantiation: i31_add.c:br_dec64le
Unexecuted instantiation: i15_sub.c:br_dec64le
Unexecuted instantiation: i15_rshift.c:br_dec64le
Unexecuted instantiation: i15_ninv15.c:br_dec64le
Unexecuted instantiation: i15_montmul.c:br_dec64le
Unexecuted instantiation: i15_modpow.c:br_dec64le
Unexecuted instantiation: i15_iszero.c:br_dec64le
Unexecuted instantiation: i15_fmont.c:br_dec64le
Unexecuted instantiation: i15_encode.c:br_dec64le
Unexecuted instantiation: i15_decode.c:br_dec64le
Unexecuted instantiation: i15_decmod.c:br_dec64le
Unexecuted instantiation: i15_bitlen.c:br_dec64le
Unexecuted instantiation: i15_add.c:br_dec64le
Unexecuted instantiation: i31_tmont.c:br_dec64le
Unexecuted instantiation: i31_muladd.c:br_dec64le
Unexecuted instantiation: i15_tmont.c:br_dec64le
Unexecuted instantiation: i15_muladd.c:br_dec64le
Unexecuted instantiation: i32_div32.c:br_dec64le
646
647
static inline uint64_t
648
br_dec64be(const void *src)
649
6.04M
{
650
#if BR_BE_UNALIGNED
651
  return ((const br_union_u64 *)src)->u;
652
#else
653
6.04M
  const unsigned char *buf;
654
655
6.04M
  buf = src;
656
6.04M
  return ((uint64_t)br_dec32be(buf) << 32)
657
6.04M
    | (uint64_t)br_dec32be(buf + 4);
658
6.04M
#endif
659
6.04M
}
Unexecuted instantiation: poly1305_ctmul.c:br_dec64be
Unexecuted instantiation: chacha20_sse2.c:br_dec64be
Unexecuted instantiation: chacha20_ct.c:br_dec64be
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_dec64be
Unexecuted instantiation: aes_x86ni.c:br_dec64be
Unexecuted instantiation: aes_small_ctrcbc.c:br_dec64be
Unexecuted instantiation: aes_ct_ctrcbc.c:br_dec64be
Unexecuted instantiation: aes_ct_ctr.c:br_dec64be
Unexecuted instantiation: aes_ct64_ctrcbc.c:br_dec64be
Unexecuted instantiation: aes_ct64.c:br_dec64be
Unexecuted instantiation: aes_ct.c:br_dec64be
Unexecuted instantiation: aes_common.c:br_dec64be
Unexecuted instantiation: aes_big_ctrcbc.c:br_dec64be
Unexecuted instantiation: prf_md5sha1.c:br_dec64be
Unexecuted instantiation: prf.c:br_dec64be
Unexecuted instantiation: sysrng.c:br_dec64be
Unexecuted instantiation: hmac_drbg.c:br_dec64be
Unexecuted instantiation: hmac.c:br_dec64be
Unexecuted instantiation: shake.c:br_dec64be
Unexecuted instantiation: hkdf.c:br_dec64be
Unexecuted instantiation: sha2small.c:br_dec64be
Unexecuted instantiation: sha2big.c:br_dec64be
Unexecuted instantiation: sha1.c:br_dec64be
Unexecuted instantiation: md5sha1.c:br_dec64be
Unexecuted instantiation: md5.c:br_dec64be
Unexecuted instantiation: ghash_ctmul32.c:br_dec64be
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_dec64be
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_dec64be
Unexecuted instantiation: ecdsa_i31_bits.c:br_dec64be
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_dec64be
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_dec64be
Unexecuted instantiation: ecdsa_i15_bits.c:br_dec64be
Unexecuted instantiation: ec_secp521r1.c:br_dec64be
Unexecuted instantiation: ec_secp384r1.c:br_dec64be
Unexecuted instantiation: ec_secp256r1.c:br_dec64be
Unexecuted instantiation: ec_pubkey.c:br_dec64be
Unexecuted instantiation: ec_prime_i31.c:br_dec64be
Unexecuted instantiation: ec_prime_i15.c:br_dec64be
ec_p256_m64.c:br_dec64be
Line
Count
Source
649
3.04k
{
650
#if BR_BE_UNALIGNED
651
  return ((const br_union_u64 *)src)->u;
652
#else
653
3.04k
  const unsigned char *buf;
654
655
3.04k
  buf = src;
656
3.04k
  return ((uint64_t)br_dec32be(buf) << 32)
657
3.04k
    | (uint64_t)br_dec32be(buf + 4);
658
3.04k
#endif
659
3.04k
}
ec_p256_m62.c:br_dec64be
Line
Count
Source
649
336
{
650
#if BR_BE_UNALIGNED
651
  return ((const br_union_u64 *)src)->u;
652
#else
653
336
  const unsigned char *buf;
654
655
336
  buf = src;
656
336
  return ((uint64_t)br_dec32be(buf) << 32)
657
336
    | (uint64_t)br_dec32be(buf + 4);
658
336
#endif
659
336
}
Unexecuted instantiation: ec_p256_m31.c:br_dec64be
Unexecuted instantiation: ec_p256_m15.c:br_dec64be
Unexecuted instantiation: ec_keygen.c:br_dec64be
Unexecuted instantiation: ec_default.c:br_dec64be
Unexecuted instantiation: ec_c25519_m64.c:br_dec64be
Unexecuted instantiation: ec_c25519_m62.c:br_dec64be
Unexecuted instantiation: ec_c25519_m31.c:br_dec64be
Unexecuted instantiation: ec_c25519_m15.c:br_dec64be
Unexecuted instantiation: ec_c25519_i31.c:br_dec64be
Unexecuted instantiation: ec_c25519_i15.c:br_dec64be
Unexecuted instantiation: ec_all_m31.c:br_dec64be
Unexecuted instantiation: enc64be.c:br_dec64be
Unexecuted instantiation: enc32le.c:br_dec64be
Unexecuted instantiation: enc32be.c:br_dec64be
dec64be.c:br_dec64be
Line
Count
Source
649
6.03M
{
650
#if BR_BE_UNALIGNED
651
  return ((const br_union_u64 *)src)->u;
652
#else
653
6.03M
  const unsigned char *buf;
654
655
6.03M
  buf = src;
656
6.03M
  return ((uint64_t)br_dec32be(buf) << 32)
657
6.03M
    | (uint64_t)br_dec32be(buf + 4);
658
6.03M
#endif
659
6.03M
}
Unexecuted instantiation: dec32le.c:br_dec64be
Unexecuted instantiation: dec32be.c:br_dec64be
Unexecuted instantiation: ccopy.c:br_dec64be
Unexecuted instantiation: gcm.c:br_dec64be
Unexecuted instantiation: ccm.c:br_dec64be
Unexecuted instantiation: aes_small_enc.c:br_dec64be
Unexecuted instantiation: aes_ct_enc.c:br_dec64be
Unexecuted instantiation: aes_ct64_enc.c:br_dec64be
Unexecuted instantiation: aes_big_enc.c:br_dec64be
Unexecuted instantiation: i31_sub.c:br_dec64be
Unexecuted instantiation: i31_rshift.c:br_dec64be
Unexecuted instantiation: i31_ninv31.c:br_dec64be
Unexecuted instantiation: i31_montmul.c:br_dec64be
Unexecuted instantiation: i31_modpow.c:br_dec64be
Unexecuted instantiation: i31_iszero.c:br_dec64be
Unexecuted instantiation: i31_fmont.c:br_dec64be
Unexecuted instantiation: i31_encode.c:br_dec64be
Unexecuted instantiation: i31_decode.c:br_dec64be
Unexecuted instantiation: i31_decmod.c:br_dec64be
Unexecuted instantiation: i31_bitlen.c:br_dec64be
Unexecuted instantiation: i31_add.c:br_dec64be
Unexecuted instantiation: i15_sub.c:br_dec64be
Unexecuted instantiation: i15_rshift.c:br_dec64be
Unexecuted instantiation: i15_ninv15.c:br_dec64be
Unexecuted instantiation: i15_montmul.c:br_dec64be
Unexecuted instantiation: i15_modpow.c:br_dec64be
Unexecuted instantiation: i15_iszero.c:br_dec64be
Unexecuted instantiation: i15_fmont.c:br_dec64be
Unexecuted instantiation: i15_encode.c:br_dec64be
Unexecuted instantiation: i15_decode.c:br_dec64be
Unexecuted instantiation: i15_decmod.c:br_dec64be
Unexecuted instantiation: i15_bitlen.c:br_dec64be
Unexecuted instantiation: i15_add.c:br_dec64be
Unexecuted instantiation: i31_tmont.c:br_dec64be
Unexecuted instantiation: i31_muladd.c:br_dec64be
Unexecuted instantiation: i15_tmont.c:br_dec64be
Unexecuted instantiation: i15_muladd.c:br_dec64be
Unexecuted instantiation: i32_div32.c:br_dec64be
660
661
/*
662
 * Range decoding and encoding (for several successive values).
663
 */
664
void br_range_dec16le(uint16_t *v, size_t num, const void *src);
665
void br_range_dec16be(uint16_t *v, size_t num, const void *src);
666
void br_range_enc16le(void *dst, const uint16_t *v, size_t num);
667
void br_range_enc16be(void *dst, const uint16_t *v, size_t num);
668
669
void br_range_dec32le(uint32_t *v, size_t num, const void *src);
670
void br_range_dec32be(uint32_t *v, size_t num, const void *src);
671
void br_range_enc32le(void *dst, const uint32_t *v, size_t num);
672
void br_range_enc32be(void *dst, const uint32_t *v, size_t num);
673
674
void br_range_dec64le(uint64_t *v, size_t num, const void *src);
675
void br_range_dec64be(uint64_t *v, size_t num, const void *src);
676
void br_range_enc64le(void *dst, const uint64_t *v, size_t num);
677
void br_range_enc64be(void *dst, const uint64_t *v, size_t num);
678
679
/*
680
 * Byte-swap a 32-bit integer.
681
 */
682
static inline uint32_t
683
br_swap32(uint32_t x)
684
100k
{
685
100k
  x = ((x & (uint32_t)0x00FF00FF) << 8)
686
100k
    | ((x >> 8) & (uint32_t)0x00FF00FF);
687
100k
  return (x << 16) | (x >> 16);
688
100k
}
Unexecuted instantiation: poly1305_ctmul.c:br_swap32
Unexecuted instantiation: chacha20_sse2.c:br_swap32
Unexecuted instantiation: chacha20_ct.c:br_swap32
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_swap32
Unexecuted instantiation: aes_x86ni.c:br_swap32
Unexecuted instantiation: aes_small_ctrcbc.c:br_swap32
aes_ct_ctrcbc.c:br_swap32
Line
Count
Source
684
9.31k
{
685
9.31k
  x = ((x & (uint32_t)0x00FF00FF) << 8)
686
9.31k
    | ((x >> 8) & (uint32_t)0x00FF00FF);
687
9.31k
  return (x << 16) | (x >> 16);
688
9.31k
}
aes_ct_ctr.c:br_swap32
Line
Count
Source
684
64.0k
{
685
64.0k
  x = ((x & (uint32_t)0x00FF00FF) << 8)
686
64.0k
    | ((x >> 8) & (uint32_t)0x00FF00FF);
687
64.0k
  return (x << 16) | (x >> 16);
688
64.0k
}
aes_ct64_ctrcbc.c:br_swap32
Line
Count
Source
684
27.0k
{
685
27.0k
  x = ((x & (uint32_t)0x00FF00FF) << 8)
686
27.0k
    | ((x >> 8) & (uint32_t)0x00FF00FF);
687
27.0k
  return (x << 16) | (x >> 16);
688
27.0k
}
Unexecuted instantiation: aes_ct64.c:br_swap32
Unexecuted instantiation: aes_ct.c:br_swap32
Unexecuted instantiation: aes_common.c:br_swap32
Unexecuted instantiation: aes_big_ctrcbc.c:br_swap32
Unexecuted instantiation: prf_md5sha1.c:br_swap32
Unexecuted instantiation: prf.c:br_swap32
Unexecuted instantiation: sysrng.c:br_swap32
Unexecuted instantiation: hmac_drbg.c:br_swap32
Unexecuted instantiation: hmac.c:br_swap32
Unexecuted instantiation: shake.c:br_swap32
Unexecuted instantiation: hkdf.c:br_swap32
Unexecuted instantiation: sha2small.c:br_swap32
Unexecuted instantiation: sha2big.c:br_swap32
Unexecuted instantiation: sha1.c:br_swap32
Unexecuted instantiation: md5sha1.c:br_swap32
Unexecuted instantiation: md5.c:br_swap32
Unexecuted instantiation: ghash_ctmul32.c:br_swap32
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_swap32
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_swap32
Unexecuted instantiation: ecdsa_i31_bits.c:br_swap32
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_swap32
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_swap32
Unexecuted instantiation: ecdsa_i15_bits.c:br_swap32
Unexecuted instantiation: ec_secp521r1.c:br_swap32
Unexecuted instantiation: ec_secp384r1.c:br_swap32
Unexecuted instantiation: ec_secp256r1.c:br_swap32
Unexecuted instantiation: ec_pubkey.c:br_swap32
Unexecuted instantiation: ec_prime_i31.c:br_swap32
Unexecuted instantiation: ec_prime_i15.c:br_swap32
Unexecuted instantiation: ec_p256_m64.c:br_swap32
Unexecuted instantiation: ec_p256_m62.c:br_swap32
Unexecuted instantiation: ec_p256_m31.c:br_swap32
Unexecuted instantiation: ec_p256_m15.c:br_swap32
Unexecuted instantiation: ec_keygen.c:br_swap32
Unexecuted instantiation: ec_default.c:br_swap32
Unexecuted instantiation: ec_c25519_m64.c:br_swap32
Unexecuted instantiation: ec_c25519_m62.c:br_swap32
Unexecuted instantiation: ec_c25519_m31.c:br_swap32
Unexecuted instantiation: ec_c25519_m15.c:br_swap32
Unexecuted instantiation: ec_c25519_i31.c:br_swap32
Unexecuted instantiation: ec_c25519_i15.c:br_swap32
Unexecuted instantiation: ec_all_m31.c:br_swap32
Unexecuted instantiation: enc64be.c:br_swap32
Unexecuted instantiation: enc32le.c:br_swap32
Unexecuted instantiation: enc32be.c:br_swap32
Unexecuted instantiation: dec64be.c:br_swap32
Unexecuted instantiation: dec32le.c:br_swap32
Unexecuted instantiation: dec32be.c:br_swap32
Unexecuted instantiation: ccopy.c:br_swap32
Unexecuted instantiation: gcm.c:br_swap32
Unexecuted instantiation: ccm.c:br_swap32
Unexecuted instantiation: aes_small_enc.c:br_swap32
Unexecuted instantiation: aes_ct_enc.c:br_swap32
Unexecuted instantiation: aes_ct64_enc.c:br_swap32
Unexecuted instantiation: aes_big_enc.c:br_swap32
Unexecuted instantiation: i31_sub.c:br_swap32
Unexecuted instantiation: i31_rshift.c:br_swap32
Unexecuted instantiation: i31_ninv31.c:br_swap32
Unexecuted instantiation: i31_montmul.c:br_swap32
Unexecuted instantiation: i31_modpow.c:br_swap32
Unexecuted instantiation: i31_iszero.c:br_swap32
Unexecuted instantiation: i31_fmont.c:br_swap32
Unexecuted instantiation: i31_encode.c:br_swap32
Unexecuted instantiation: i31_decode.c:br_swap32
Unexecuted instantiation: i31_decmod.c:br_swap32
Unexecuted instantiation: i31_bitlen.c:br_swap32
Unexecuted instantiation: i31_add.c:br_swap32
Unexecuted instantiation: i15_sub.c:br_swap32
Unexecuted instantiation: i15_rshift.c:br_swap32
Unexecuted instantiation: i15_ninv15.c:br_swap32
Unexecuted instantiation: i15_montmul.c:br_swap32
Unexecuted instantiation: i15_modpow.c:br_swap32
Unexecuted instantiation: i15_iszero.c:br_swap32
Unexecuted instantiation: i15_fmont.c:br_swap32
Unexecuted instantiation: i15_encode.c:br_swap32
Unexecuted instantiation: i15_decode.c:br_swap32
Unexecuted instantiation: i15_decmod.c:br_swap32
Unexecuted instantiation: i15_bitlen.c:br_swap32
Unexecuted instantiation: i15_add.c:br_swap32
Unexecuted instantiation: i31_tmont.c:br_swap32
Unexecuted instantiation: i31_muladd.c:br_swap32
Unexecuted instantiation: i15_tmont.c:br_swap32
Unexecuted instantiation: i15_muladd.c:br_swap32
Unexecuted instantiation: i32_div32.c:br_swap32
689
690
/* ==================================================================== */
691
/*
692
 * Support code for hash functions.
693
 */
694
695
/*
696
 * IV for MD5, SHA-1, SHA-224 and SHA-256.
697
 */
698
extern const uint32_t br_md5_IV[];
699
extern const uint32_t br_sha1_IV[];
700
extern const uint32_t br_sha224_IV[];
701
extern const uint32_t br_sha256_IV[];
702
703
/*
704
 * Round functions for MD5, SHA-1, SHA-224 and SHA-256 (SHA-224 and
705
 * SHA-256 use the same round function).
706
 */
707
void br_md5_round(const unsigned char *buf, uint32_t *val);
708
void br_sha1_round(const unsigned char *buf, uint32_t *val);
709
void br_sha2small_round(const unsigned char *buf, uint32_t *val);
710
711
/*
712
 * The core function for the TLS PRF. It computes
713
 * P_hash(secret, label + seed), and XORs the result into the dst buffer.
714
 */
715
void br_tls_phash(void *dst, size_t len,
716
  const br_hash_class *dig,
717
  const void *secret, size_t secret_len, const char *label,
718
  size_t seed_num, const br_tls_prf_seed_chunk *seed);
719
720
/*
721
 * Copy all configured hash implementations from a multihash context
722
 * to another.
723
 */
724
static inline void
725
br_multihash_copyimpl(br_multihash_context *dst,
726
  const br_multihash_context *src)
727
0
{
728
0
  memcpy((void *)dst->impl, src->impl, sizeof src->impl);
729
0
}
Unexecuted instantiation: poly1305_ctmul.c:br_multihash_copyimpl
Unexecuted instantiation: chacha20_sse2.c:br_multihash_copyimpl
Unexecuted instantiation: chacha20_ct.c:br_multihash_copyimpl
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_multihash_copyimpl
Unexecuted instantiation: aes_x86ni.c:br_multihash_copyimpl
Unexecuted instantiation: aes_small_ctrcbc.c:br_multihash_copyimpl
Unexecuted instantiation: aes_ct_ctrcbc.c:br_multihash_copyimpl
Unexecuted instantiation: aes_ct_ctr.c:br_multihash_copyimpl
Unexecuted instantiation: aes_ct64_ctrcbc.c:br_multihash_copyimpl
Unexecuted instantiation: aes_ct64.c:br_multihash_copyimpl
Unexecuted instantiation: aes_ct.c:br_multihash_copyimpl
Unexecuted instantiation: aes_common.c:br_multihash_copyimpl
Unexecuted instantiation: aes_big_ctrcbc.c:br_multihash_copyimpl
Unexecuted instantiation: prf_md5sha1.c:br_multihash_copyimpl
Unexecuted instantiation: prf.c:br_multihash_copyimpl
Unexecuted instantiation: sysrng.c:br_multihash_copyimpl
Unexecuted instantiation: hmac_drbg.c:br_multihash_copyimpl
Unexecuted instantiation: hmac.c:br_multihash_copyimpl
Unexecuted instantiation: shake.c:br_multihash_copyimpl
Unexecuted instantiation: hkdf.c:br_multihash_copyimpl
Unexecuted instantiation: sha2small.c:br_multihash_copyimpl
Unexecuted instantiation: sha2big.c:br_multihash_copyimpl
Unexecuted instantiation: sha1.c:br_multihash_copyimpl
Unexecuted instantiation: md5sha1.c:br_multihash_copyimpl
Unexecuted instantiation: md5.c:br_multihash_copyimpl
Unexecuted instantiation: ghash_ctmul32.c:br_multihash_copyimpl
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_multihash_copyimpl
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_multihash_copyimpl
Unexecuted instantiation: ecdsa_i31_bits.c:br_multihash_copyimpl
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_multihash_copyimpl
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_multihash_copyimpl
Unexecuted instantiation: ecdsa_i15_bits.c:br_multihash_copyimpl
Unexecuted instantiation: ec_secp521r1.c:br_multihash_copyimpl
Unexecuted instantiation: ec_secp384r1.c:br_multihash_copyimpl
Unexecuted instantiation: ec_secp256r1.c:br_multihash_copyimpl
Unexecuted instantiation: ec_pubkey.c:br_multihash_copyimpl
Unexecuted instantiation: ec_prime_i31.c:br_multihash_copyimpl
Unexecuted instantiation: ec_prime_i15.c:br_multihash_copyimpl
Unexecuted instantiation: ec_p256_m64.c:br_multihash_copyimpl
Unexecuted instantiation: ec_p256_m62.c:br_multihash_copyimpl
Unexecuted instantiation: ec_p256_m31.c:br_multihash_copyimpl
Unexecuted instantiation: ec_p256_m15.c:br_multihash_copyimpl
Unexecuted instantiation: ec_keygen.c:br_multihash_copyimpl
Unexecuted instantiation: ec_default.c:br_multihash_copyimpl
Unexecuted instantiation: ec_c25519_m64.c:br_multihash_copyimpl
Unexecuted instantiation: ec_c25519_m62.c:br_multihash_copyimpl
Unexecuted instantiation: ec_c25519_m31.c:br_multihash_copyimpl
Unexecuted instantiation: ec_c25519_m15.c:br_multihash_copyimpl
Unexecuted instantiation: ec_c25519_i31.c:br_multihash_copyimpl
Unexecuted instantiation: ec_c25519_i15.c:br_multihash_copyimpl
Unexecuted instantiation: ec_all_m31.c:br_multihash_copyimpl
Unexecuted instantiation: enc64be.c:br_multihash_copyimpl
Unexecuted instantiation: enc32le.c:br_multihash_copyimpl
Unexecuted instantiation: enc32be.c:br_multihash_copyimpl
Unexecuted instantiation: dec64be.c:br_multihash_copyimpl
Unexecuted instantiation: dec32le.c:br_multihash_copyimpl
Unexecuted instantiation: dec32be.c:br_multihash_copyimpl
Unexecuted instantiation: ccopy.c:br_multihash_copyimpl
Unexecuted instantiation: gcm.c:br_multihash_copyimpl
Unexecuted instantiation: ccm.c:br_multihash_copyimpl
Unexecuted instantiation: aes_small_enc.c:br_multihash_copyimpl
Unexecuted instantiation: aes_ct_enc.c:br_multihash_copyimpl
Unexecuted instantiation: aes_ct64_enc.c:br_multihash_copyimpl
Unexecuted instantiation: aes_big_enc.c:br_multihash_copyimpl
Unexecuted instantiation: i31_sub.c:br_multihash_copyimpl
Unexecuted instantiation: i31_rshift.c:br_multihash_copyimpl
Unexecuted instantiation: i31_ninv31.c:br_multihash_copyimpl
Unexecuted instantiation: i31_montmul.c:br_multihash_copyimpl
Unexecuted instantiation: i31_modpow.c:br_multihash_copyimpl
Unexecuted instantiation: i31_iszero.c:br_multihash_copyimpl
Unexecuted instantiation: i31_fmont.c:br_multihash_copyimpl
Unexecuted instantiation: i31_encode.c:br_multihash_copyimpl
Unexecuted instantiation: i31_decode.c:br_multihash_copyimpl
Unexecuted instantiation: i31_decmod.c:br_multihash_copyimpl
Unexecuted instantiation: i31_bitlen.c:br_multihash_copyimpl
Unexecuted instantiation: i31_add.c:br_multihash_copyimpl
Unexecuted instantiation: i15_sub.c:br_multihash_copyimpl
Unexecuted instantiation: i15_rshift.c:br_multihash_copyimpl
Unexecuted instantiation: i15_ninv15.c:br_multihash_copyimpl
Unexecuted instantiation: i15_montmul.c:br_multihash_copyimpl
Unexecuted instantiation: i15_modpow.c:br_multihash_copyimpl
Unexecuted instantiation: i15_iszero.c:br_multihash_copyimpl
Unexecuted instantiation: i15_fmont.c:br_multihash_copyimpl
Unexecuted instantiation: i15_encode.c:br_multihash_copyimpl
Unexecuted instantiation: i15_decode.c:br_multihash_copyimpl
Unexecuted instantiation: i15_decmod.c:br_multihash_copyimpl
Unexecuted instantiation: i15_bitlen.c:br_multihash_copyimpl
Unexecuted instantiation: i15_add.c:br_multihash_copyimpl
Unexecuted instantiation: i31_tmont.c:br_multihash_copyimpl
Unexecuted instantiation: i31_muladd.c:br_multihash_copyimpl
Unexecuted instantiation: i15_tmont.c:br_multihash_copyimpl
Unexecuted instantiation: i15_muladd.c:br_multihash_copyimpl
Unexecuted instantiation: i32_div32.c:br_multihash_copyimpl
730
731
/* ==================================================================== */
732
/*
733
 * Constant-time primitives. These functions manipulate 32-bit values in
734
 * order to provide constant-time comparisons and multiplexers.
735
 *
736
 * Boolean values (the "ctl" bits) MUST have value 0 or 1.
737
 *
738
 * Implementation notes:
739
 * =====================
740
 *
741
 * The uintN_t types are unsigned and with width exactly N bits; the C
742
 * standard guarantees that computations are performed modulo 2^N, and
743
 * there can be no overflow. Negation (unary '-') works on unsigned types
744
 * as well.
745
 *
746
 * The intN_t types are guaranteed to have width exactly N bits, with no
747
 * padding bit, and using two's complement representation. Casting
748
 * intN_t to uintN_t really is conversion modulo 2^N. Beware that intN_t
749
 * types, being signed, trigger implementation-defined behaviour on
750
 * overflow (including raising some signal): with GCC, while modular
751
 * arithmetics are usually applied, the optimizer may assume that
752
 * overflows don't occur (unless the -fwrapv command-line option is
753
 * added); Clang has the additional -ftrapv option to explicitly trap on
754
 * integer overflow or underflow.
755
 */
756
757
/*
758
 * Negate a boolean.
759
 */
760
static inline uint32_t
761
NOT(uint32_t ctl)
762
56.6M
{
763
56.6M
  return ctl ^ 1;
764
56.6M
}
poly1305_ctmul.c:NOT
Line
Count
Source
762
2.84k
{
763
2.84k
  return ctl ^ 1;
764
2.84k
}
Unexecuted instantiation: chacha20_sse2.c:NOT
Unexecuted instantiation: chacha20_ct.c:NOT
Unexecuted instantiation: aes_x86ni_ctrcbc.c:NOT
Unexecuted instantiation: aes_x86ni.c:NOT
Unexecuted instantiation: aes_small_ctrcbc.c:NOT
Unexecuted instantiation: aes_ct_ctrcbc.c:NOT
Unexecuted instantiation: aes_ct_ctr.c:NOT
Unexecuted instantiation: aes_ct64_ctrcbc.c:NOT
Unexecuted instantiation: aes_ct64.c:NOT
Unexecuted instantiation: aes_ct.c:NOT
Unexecuted instantiation: aes_common.c:NOT
Unexecuted instantiation: aes_big_ctrcbc.c:NOT
Unexecuted instantiation: prf_md5sha1.c:NOT
Unexecuted instantiation: prf.c:NOT
Unexecuted instantiation: sysrng.c:NOT
Unexecuted instantiation: hmac_drbg.c:NOT
Unexecuted instantiation: hmac.c:NOT
Unexecuted instantiation: shake.c:NOT
Unexecuted instantiation: hkdf.c:NOT
Unexecuted instantiation: sha2small.c:NOT
Unexecuted instantiation: sha2big.c:NOT
Unexecuted instantiation: sha1.c:NOT
Unexecuted instantiation: md5sha1.c:NOT
Unexecuted instantiation: md5.c:NOT
Unexecuted instantiation: ghash_ctmul32.c:NOT
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:NOT
Unexecuted instantiation: ecdsa_i31_sign_raw.c:NOT
Unexecuted instantiation: ecdsa_i31_bits.c:NOT
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:NOT
Unexecuted instantiation: ecdsa_i15_sign_raw.c:NOT
Unexecuted instantiation: ecdsa_i15_bits.c:NOT
Unexecuted instantiation: ec_secp521r1.c:NOT
Unexecuted instantiation: ec_secp384r1.c:NOT
Unexecuted instantiation: ec_secp256r1.c:NOT
Unexecuted instantiation: ec_pubkey.c:NOT
ec_prime_i31.c:NOT
Line
Count
Source
762
11.0M
{
763
11.0M
  return ctl ^ 1;
764
11.0M
}
ec_prime_i15.c:NOT
Line
Count
Source
762
2.75M
{
763
2.75M
  return ctl ^ 1;
764
2.75M
}
ec_p256_m64.c:NOT
Line
Count
Source
762
1.46M
{
763
1.46M
  return ctl ^ 1;
764
1.46M
}
ec_p256_m62.c:NOT
Line
Count
Source
762
145k
{
763
145k
  return ctl ^ 1;
764
145k
}
ec_p256_m31.c:NOT
Line
Count
Source
762
147k
{
763
147k
  return ctl ^ 1;
764
147k
}
ec_p256_m15.c:NOT
Line
Count
Source
762
246k
{
763
246k
  return ctl ^ 1;
764
246k
}
Unexecuted instantiation: ec_keygen.c:NOT
Unexecuted instantiation: ec_default.c:NOT
Unexecuted instantiation: ec_c25519_m64.c:NOT
Unexecuted instantiation: ec_c25519_m62.c:NOT
Unexecuted instantiation: ec_c25519_m31.c:NOT
Unexecuted instantiation: ec_c25519_m15.c:NOT
ec_c25519_i31.c:NOT
Line
Count
Source
762
16.3k
{
763
16.3k
  return ctl ^ 1;
764
16.3k
}
ec_c25519_i15.c:NOT
Line
Count
Source
762
13.2k
{
763
13.2k
  return ctl ^ 1;
764
13.2k
}
Unexecuted instantiation: ec_all_m31.c:NOT
Unexecuted instantiation: enc64be.c:NOT
Unexecuted instantiation: enc32le.c:NOT
Unexecuted instantiation: enc32be.c:NOT
Unexecuted instantiation: dec64be.c:NOT
Unexecuted instantiation: dec32le.c:NOT
Unexecuted instantiation: dec32be.c:NOT
Unexecuted instantiation: ccopy.c:NOT
Unexecuted instantiation: gcm.c:NOT
Unexecuted instantiation: ccm.c:NOT
Unexecuted instantiation: aes_small_enc.c:NOT
Unexecuted instantiation: aes_ct_enc.c:NOT
Unexecuted instantiation: aes_ct64_enc.c:NOT
Unexecuted instantiation: aes_big_enc.c:NOT
Unexecuted instantiation: i31_sub.c:NOT
Unexecuted instantiation: i31_rshift.c:NOT
Unexecuted instantiation: i31_ninv31.c:NOT
i31_montmul.c:NOT
Line
Count
Source
762
29.0M
{
763
29.0M
  return ctl ^ 1;
764
29.0M
}
Unexecuted instantiation: i31_modpow.c:NOT
Unexecuted instantiation: i31_iszero.c:NOT
i31_fmont.c:NOT
Line
Count
Source
762
2.74k
{
763
2.74k
  return ctl ^ 1;
764
2.74k
}
Unexecuted instantiation: i31_encode.c:NOT
Unexecuted instantiation: i31_decode.c:NOT
i31_decmod.c:NOT
Line
Count
Source
762
153k
{
763
153k
  return ctl ^ 1;
764
153k
}
i31_bitlen.c:NOT
Line
Count
Source
762
71.8k
{
763
71.8k
  return ctl ^ 1;
764
71.8k
}
Unexecuted instantiation: i31_add.c:NOT
Unexecuted instantiation: i15_sub.c:NOT
Unexecuted instantiation: i15_rshift.c:NOT
Unexecuted instantiation: i15_ninv15.c:NOT
i15_montmul.c:NOT
Line
Count
Source
762
7.15M
{
763
7.15M
  return ctl ^ 1;
764
7.15M
}
Unexecuted instantiation: i15_modpow.c:NOT
Unexecuted instantiation: i15_iszero.c:NOT
i15_fmont.c:NOT
Line
Count
Source
762
494
{
763
494
  return ctl ^ 1;
764
494
}
Unexecuted instantiation: i15_encode.c:NOT
Unexecuted instantiation: i15_decode.c:NOT
i15_decmod.c:NOT
Line
Count
Source
762
67.1k
{
763
67.1k
  return ctl ^ 1;
764
67.1k
}
i15_bitlen.c:NOT
Line
Count
Source
762
24.4k
{
763
24.4k
  return ctl ^ 1;
764
24.4k
}
Unexecuted instantiation: i15_add.c:NOT
Unexecuted instantiation: i31_tmont.c:NOT
i31_muladd.c:NOT
Line
Count
Source
762
994k
{
763
994k
  return ctl ^ 1;
764
994k
}
Unexecuted instantiation: i15_tmont.c:NOT
i15_muladd.c:NOT
Line
Count
Source
762
1.31M
{
763
1.31M
  return ctl ^ 1;
764
1.31M
}
i32_div32.c:NOT
Line
Count
Source
762
1.96M
{
763
1.96M
  return ctl ^ 1;
764
1.96M
}
765
766
/*
767
 * Multiplexer: returns x if ctl == 1, y if ctl == 0.
768
 */
769
static inline uint32_t
770
MUX(uint32_t ctl, uint32_t x, uint32_t y)
771
3.68G
{
772
3.68G
  return y ^ (-ctl & (x ^ y));
773
3.68G
}
poly1305_ctmul.c:MUX
Line
Count
Source
771
3.56k
{
772
3.56k
  return y ^ (-ctl & (x ^ y));
773
3.56k
}
Unexecuted instantiation: chacha20_sse2.c:MUX
Unexecuted instantiation: chacha20_ct.c:MUX
Unexecuted instantiation: aes_x86ni_ctrcbc.c:MUX
Unexecuted instantiation: aes_x86ni.c:MUX
Unexecuted instantiation: aes_small_ctrcbc.c:MUX
Unexecuted instantiation: aes_ct_ctrcbc.c:MUX
Unexecuted instantiation: aes_ct_ctr.c:MUX
Unexecuted instantiation: aes_ct64_ctrcbc.c:MUX
Unexecuted instantiation: aes_ct64.c:MUX
Unexecuted instantiation: aes_ct.c:MUX
Unexecuted instantiation: aes_common.c:MUX
Unexecuted instantiation: aes_big_ctrcbc.c:MUX
Unexecuted instantiation: prf_md5sha1.c:MUX
Unexecuted instantiation: prf.c:MUX
Unexecuted instantiation: sysrng.c:MUX
Unexecuted instantiation: hmac_drbg.c:MUX
Unexecuted instantiation: hmac.c:MUX
Unexecuted instantiation: shake.c:MUX
Unexecuted instantiation: hkdf.c:MUX
Unexecuted instantiation: sha2small.c:MUX
Unexecuted instantiation: sha2big.c:MUX
Unexecuted instantiation: sha1.c:MUX
Unexecuted instantiation: md5sha1.c:MUX
Unexecuted instantiation: md5.c:MUX
Unexecuted instantiation: ghash_ctmul32.c:MUX
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:MUX
Unexecuted instantiation: ecdsa_i31_sign_raw.c:MUX
Unexecuted instantiation: ecdsa_i31_bits.c:MUX
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:MUX
Unexecuted instantiation: ecdsa_i15_sign_raw.c:MUX
Unexecuted instantiation: ecdsa_i15_bits.c:MUX
Unexecuted instantiation: ec_secp521r1.c:MUX
Unexecuted instantiation: ec_secp384r1.c:MUX
Unexecuted instantiation: ec_secp256r1.c:MUX
Unexecuted instantiation: ec_pubkey.c:MUX
Unexecuted instantiation: ec_prime_i31.c:MUX
Unexecuted instantiation: ec_prime_i15.c:MUX
Unexecuted instantiation: ec_p256_m64.c:MUX
Unexecuted instantiation: ec_p256_m62.c:MUX
Unexecuted instantiation: ec_p256_m31.c:MUX
Unexecuted instantiation: ec_p256_m15.c:MUX
Unexecuted instantiation: ec_keygen.c:MUX
Unexecuted instantiation: ec_default.c:MUX
Unexecuted instantiation: ec_c25519_m64.c:MUX
Unexecuted instantiation: ec_c25519_m62.c:MUX
Unexecuted instantiation: ec_c25519_m31.c:MUX
Unexecuted instantiation: ec_c25519_m15.c:MUX
Unexecuted instantiation: ec_c25519_i31.c:MUX
Unexecuted instantiation: ec_c25519_i15.c:MUX
Unexecuted instantiation: ec_all_m31.c:MUX
Unexecuted instantiation: enc64be.c:MUX
Unexecuted instantiation: enc32le.c:MUX
Unexecuted instantiation: enc32be.c:MUX
Unexecuted instantiation: dec64be.c:MUX
Unexecuted instantiation: dec32le.c:MUX
Unexecuted instantiation: dec32be.c:MUX
ccopy.c:MUX
Line
Count
Source
771
1.06G
{
772
1.06G
  return y ^ (-ctl & (x ^ y));
773
1.06G
}
Unexecuted instantiation: gcm.c:MUX
Unexecuted instantiation: ccm.c:MUX
Unexecuted instantiation: aes_small_enc.c:MUX
Unexecuted instantiation: aes_ct_enc.c:MUX
Unexecuted instantiation: aes_ct64_enc.c:MUX
Unexecuted instantiation: aes_big_enc.c:MUX
i31_sub.c:MUX
Line
Count
Source
771
1.40G
{
772
1.40G
  return y ^ (-ctl & (x ^ y));
773
1.40G
}
Unexecuted instantiation: i31_rshift.c:MUX
i31_ninv31.c:MUX
Line
Count
Source
771
1.90k
{
772
1.90k
  return y ^ (-ctl & (x ^ y));
773
1.90k
}
Unexecuted instantiation: i31_montmul.c:MUX
Unexecuted instantiation: i31_modpow.c:MUX
Unexecuted instantiation: i31_iszero.c:MUX
Unexecuted instantiation: i31_fmont.c:MUX
Unexecuted instantiation: i31_encode.c:MUX
Unexecuted instantiation: i31_decode.c:MUX
i31_decmod.c:MUX
Line
Count
Source
771
153k
{
772
153k
  return y ^ (-ctl & (x ^ y));
773
153k
}
i31_bitlen.c:MUX
Line
Count
Source
771
168k
{
772
168k
  return y ^ (-ctl & (x ^ y));
773
168k
}
i31_add.c:MUX
Line
Count
Source
771
376M
{
772
376M
  return y ^ (-ctl & (x ^ y));
773
376M
}
i15_sub.c:MUX
Line
Count
Source
771
658M
{
772
658M
  return y ^ (-ctl & (x ^ y));
773
658M
}
Unexecuted instantiation: i15_rshift.c:MUX
i15_ninv15.c:MUX
Line
Count
Source
771
274
{
772
274
  return y ^ (-ctl & (x ^ y));
773
274
}
Unexecuted instantiation: i15_montmul.c:MUX
Unexecuted instantiation: i15_modpow.c:MUX
Unexecuted instantiation: i15_iszero.c:MUX
Unexecuted instantiation: i15_fmont.c:MUX
Unexecuted instantiation: i15_encode.c:MUX
Unexecuted instantiation: i15_decode.c:MUX
i15_decmod.c:MUX
Line
Count
Source
771
67.1k
{
772
67.1k
  return y ^ (-ctl & (x ^ y));
773
67.1k
}
i15_bitlen.c:MUX
Line
Count
Source
771
52.5k
{
772
52.5k
  return y ^ (-ctl & (x ^ y));
773
52.5k
}
i15_add.c:MUX
Line
Count
Source
771
176M
{
772
176M
  return y ^ (-ctl & (x ^ y));
773
176M
}
Unexecuted instantiation: i31_tmont.c:MUX
i31_muladd.c:MUX
Line
Count
Source
771
994k
{
772
994k
  return y ^ (-ctl & (x ^ y));
773
994k
}
Unexecuted instantiation: i15_tmont.c:MUX
i15_muladd.c:MUX
Line
Count
Source
771
851k
{
772
851k
  return y ^ (-ctl & (x ^ y));
773
851k
}
i32_div32.c:MUX
Line
Count
Source
771
3.80M
{
772
3.80M
  return y ^ (-ctl & (x ^ y));
773
3.80M
}
774
775
/*
776
 * Equality check: returns 1 if x == y, 0 otherwise.
777
 */
778
static inline uint32_t
779
EQ(uint32_t x, uint32_t y)
780
6.19M
{
781
6.19M
  uint32_t q;
782
783
6.19M
  q = x ^ y;
784
6.19M
  return NOT((q | -q) >> 31);
785
6.19M
}
poly1305_ctmul.c:EQ
Line
Count
Source
780
2.84k
{
781
2.84k
  uint32_t q;
782
783
2.84k
  q = x ^ y;
784
2.84k
  return NOT((q | -q) >> 31);
785
2.84k
}
Unexecuted instantiation: chacha20_sse2.c:EQ
Unexecuted instantiation: chacha20_ct.c:EQ
Unexecuted instantiation: aes_x86ni_ctrcbc.c:EQ
Unexecuted instantiation: aes_x86ni.c:EQ
Unexecuted instantiation: aes_small_ctrcbc.c:EQ
Unexecuted instantiation: aes_ct_ctrcbc.c:EQ
Unexecuted instantiation: aes_ct_ctr.c:EQ
Unexecuted instantiation: aes_ct64_ctrcbc.c:EQ
Unexecuted instantiation: aes_ct64.c:EQ
Unexecuted instantiation: aes_ct.c:EQ
Unexecuted instantiation: aes_common.c:EQ
Unexecuted instantiation: aes_big_ctrcbc.c:EQ
Unexecuted instantiation: prf_md5sha1.c:EQ
Unexecuted instantiation: prf.c:EQ
Unexecuted instantiation: sysrng.c:EQ
Unexecuted instantiation: hmac_drbg.c:EQ
Unexecuted instantiation: hmac.c:EQ
Unexecuted instantiation: shake.c:EQ
Unexecuted instantiation: hkdf.c:EQ
Unexecuted instantiation: sha2small.c:EQ
Unexecuted instantiation: sha2big.c:EQ
Unexecuted instantiation: sha1.c:EQ
Unexecuted instantiation: md5sha1.c:EQ
Unexecuted instantiation: md5.c:EQ
Unexecuted instantiation: ghash_ctmul32.c:EQ
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:EQ
Unexecuted instantiation: ecdsa_i31_sign_raw.c:EQ
Unexecuted instantiation: ecdsa_i31_bits.c:EQ
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:EQ
Unexecuted instantiation: ecdsa_i15_sign_raw.c:EQ
Unexecuted instantiation: ecdsa_i15_bits.c:EQ
Unexecuted instantiation: ec_secp521r1.c:EQ
Unexecuted instantiation: ec_secp384r1.c:EQ
Unexecuted instantiation: ec_secp256r1.c:EQ
Unexecuted instantiation: ec_pubkey.c:EQ
ec_prime_i31.c:EQ
Line
Count
Source
780
1.58M
{
781
1.58M
  uint32_t q;
782
783
1.58M
  q = x ^ y;
784
1.58M
  return NOT((q | -q) >> 31);
785
1.58M
}
ec_prime_i15.c:EQ
Line
Count
Source
780
392k
{
781
392k
  uint32_t q;
782
783
392k
  q = x ^ y;
784
392k
  return NOT((q | -q) >> 31);
785
392k
}
ec_p256_m64.c:EQ
Line
Count
Source
780
1.46M
{
781
1.46M
  uint32_t q;
782
783
1.46M
  q = x ^ y;
784
1.46M
  return NOT((q | -q) >> 31);
785
1.46M
}
ec_p256_m62.c:EQ
Line
Count
Source
780
145k
{
781
145k
  uint32_t q;
782
783
145k
  q = x ^ y;
784
145k
  return NOT((q | -q) >> 31);
785
145k
}
ec_p256_m31.c:EQ
Line
Count
Source
780
147k
{
781
147k
  uint32_t q;
782
783
147k
  q = x ^ y;
784
147k
  return NOT((q | -q) >> 31);
785
147k
}
ec_p256_m15.c:EQ
Line
Count
Source
780
246k
{
781
246k
  uint32_t q;
782
783
246k
  q = x ^ y;
784
246k
  return NOT((q | -q) >> 31);
785
246k
}
Unexecuted instantiation: ec_keygen.c:EQ
Unexecuted instantiation: ec_default.c:EQ
Unexecuted instantiation: ec_c25519_m64.c:EQ
Unexecuted instantiation: ec_c25519_m62.c:EQ
Unexecuted instantiation: ec_c25519_m31.c:EQ
Unexecuted instantiation: ec_c25519_m15.c:EQ
Unexecuted instantiation: ec_c25519_i31.c:EQ
Unexecuted instantiation: ec_c25519_i15.c:EQ
Unexecuted instantiation: ec_all_m31.c:EQ
Unexecuted instantiation: enc64be.c:EQ
Unexecuted instantiation: enc32le.c:EQ
Unexecuted instantiation: enc32be.c:EQ
Unexecuted instantiation: dec64be.c:EQ
Unexecuted instantiation: dec32le.c:EQ
Unexecuted instantiation: dec32be.c:EQ
Unexecuted instantiation: ccopy.c:EQ
Unexecuted instantiation: gcm.c:EQ
Unexecuted instantiation: ccm.c:EQ
Unexecuted instantiation: aes_small_enc.c:EQ
Unexecuted instantiation: aes_ct_enc.c:EQ
Unexecuted instantiation: aes_ct64_enc.c:EQ
Unexecuted instantiation: aes_big_enc.c:EQ
Unexecuted instantiation: i31_sub.c:EQ
Unexecuted instantiation: i31_rshift.c:EQ
Unexecuted instantiation: i31_ninv31.c:EQ
Unexecuted instantiation: i31_montmul.c:EQ
Unexecuted instantiation: i31_modpow.c:EQ
Unexecuted instantiation: i31_iszero.c:EQ
Unexecuted instantiation: i31_fmont.c:EQ
Unexecuted instantiation: i31_encode.c:EQ
Unexecuted instantiation: i31_decode.c:EQ
i31_decmod.c:EQ
Line
Count
Source
780
153k
{
781
153k
  uint32_t q;
782
783
153k
  q = x ^ y;
784
153k
  return NOT((q | -q) >> 31);
785
153k
}
i31_bitlen.c:EQ
Line
Count
Source
780
71.8k
{
781
71.8k
  uint32_t q;
782
783
71.8k
  q = x ^ y;
784
71.8k
  return NOT((q | -q) >> 31);
785
71.8k
}
Unexecuted instantiation: i31_add.c:EQ
Unexecuted instantiation: i15_sub.c:EQ
Unexecuted instantiation: i15_rshift.c:EQ
Unexecuted instantiation: i15_ninv15.c:EQ
Unexecuted instantiation: i15_montmul.c:EQ
Unexecuted instantiation: i15_modpow.c:EQ
Unexecuted instantiation: i15_iszero.c:EQ
Unexecuted instantiation: i15_fmont.c:EQ
Unexecuted instantiation: i15_encode.c:EQ
Unexecuted instantiation: i15_decode.c:EQ
i15_decmod.c:EQ
Line
Count
Source
780
67.1k
{
781
67.1k
  uint32_t q;
782
783
67.1k
  q = x ^ y;
784
67.1k
  return NOT((q | -q) >> 31);
785
67.1k
}
i15_bitlen.c:EQ
Line
Count
Source
780
24.4k
{
781
24.4k
  uint32_t q;
782
783
24.4k
  q = x ^ y;
784
24.4k
  return NOT((q | -q) >> 31);
785
24.4k
}
Unexecuted instantiation: i15_add.c:EQ
Unexecuted instantiation: i31_tmont.c:EQ
i31_muladd.c:EQ
Line
Count
Source
780
994k
{
781
994k
  uint32_t q;
782
783
994k
  q = x ^ y;
784
994k
  return NOT((q | -q) >> 31);
785
994k
}
Unexecuted instantiation: i15_tmont.c:EQ
i15_muladd.c:EQ
Line
Count
Source
780
851k
{
781
851k
  uint32_t q;
782
783
851k
  q = x ^ y;
784
851k
  return NOT((q | -q) >> 31);
785
851k
}
i32_div32.c:EQ
Line
Count
Source
780
59.5k
{
781
59.5k
  uint32_t q;
782
783
59.5k
  q = x ^ y;
784
59.5k
  return NOT((q | -q) >> 31);
785
59.5k
}
786
787
/*
788
 * Inequality check: returns 1 if x != y, 0 otherwise.
789
 */
790
static inline uint32_t
791
NEQ(uint32_t x, uint32_t y)
792
37.3M
{
793
37.3M
  uint32_t q;
794
795
37.3M
  q = x ^ y;
796
37.3M
  return (q | -q) >> 31;
797
37.3M
}
Unexecuted instantiation: poly1305_ctmul.c:NEQ
Unexecuted instantiation: chacha20_sse2.c:NEQ
Unexecuted instantiation: chacha20_ct.c:NEQ
Unexecuted instantiation: aes_x86ni_ctrcbc.c:NEQ
Unexecuted instantiation: aes_x86ni.c:NEQ
Unexecuted instantiation: aes_small_ctrcbc.c:NEQ
Unexecuted instantiation: aes_ct_ctrcbc.c:NEQ
Unexecuted instantiation: aes_ct_ctr.c:NEQ
Unexecuted instantiation: aes_ct64_ctrcbc.c:NEQ
Unexecuted instantiation: aes_ct64.c:NEQ
Unexecuted instantiation: aes_ct.c:NEQ
Unexecuted instantiation: aes_common.c:NEQ
Unexecuted instantiation: aes_big_ctrcbc.c:NEQ
Unexecuted instantiation: prf_md5sha1.c:NEQ
Unexecuted instantiation: prf.c:NEQ
Unexecuted instantiation: sysrng.c:NEQ
Unexecuted instantiation: hmac_drbg.c:NEQ
Unexecuted instantiation: hmac.c:NEQ
Unexecuted instantiation: shake.c:NEQ
Unexecuted instantiation: hkdf.c:NEQ
Unexecuted instantiation: sha2small.c:NEQ
Unexecuted instantiation: sha2big.c:NEQ
Unexecuted instantiation: sha1.c:NEQ
Unexecuted instantiation: md5sha1.c:NEQ
Unexecuted instantiation: md5.c:NEQ
Unexecuted instantiation: ghash_ctmul32.c:NEQ
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:NEQ
Unexecuted instantiation: ecdsa_i31_sign_raw.c:NEQ
Unexecuted instantiation: ecdsa_i31_bits.c:NEQ
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:NEQ
Unexecuted instantiation: ecdsa_i15_sign_raw.c:NEQ
Unexecuted instantiation: ecdsa_i15_bits.c:NEQ
Unexecuted instantiation: ec_secp521r1.c:NEQ
Unexecuted instantiation: ec_secp384r1.c:NEQ
Unexecuted instantiation: ec_secp256r1.c:NEQ
Unexecuted instantiation: ec_pubkey.c:NEQ
ec_prime_i31.c:NEQ
Line
Count
Source
792
788k
{
793
788k
  uint32_t q;
794
795
788k
  q = x ^ y;
796
788k
  return (q | -q) >> 31;
797
788k
}
ec_prime_i15.c:NEQ
Line
Count
Source
792
195k
{
793
195k
  uint32_t q;
794
795
195k
  q = x ^ y;
796
195k
  return (q | -q) >> 31;
797
195k
}
ec_p256_m64.c:NEQ
Line
Count
Source
792
98.1k
{
793
98.1k
  uint32_t q;
794
795
98.1k
  q = x ^ y;
796
98.1k
  return (q | -q) >> 31;
797
98.1k
}
ec_p256_m62.c:NEQ
Line
Count
Source
792
9.77k
{
793
9.77k
  uint32_t q;
794
795
9.77k
  q = x ^ y;
796
9.77k
  return (q | -q) >> 31;
797
9.77k
}
ec_p256_m31.c:NEQ
Line
Count
Source
792
13.9k
{
793
13.9k
  uint32_t q;
794
795
13.9k
  q = x ^ y;
796
13.9k
  return (q | -q) >> 31;
797
13.9k
}
ec_p256_m15.c:NEQ
Line
Count
Source
792
24.0k
{
793
24.0k
  uint32_t q;
794
795
24.0k
  q = x ^ y;
796
24.0k
  return (q | -q) >> 31;
797
24.0k
}
Unexecuted instantiation: ec_keygen.c:NEQ
Unexecuted instantiation: ec_default.c:NEQ
Unexecuted instantiation: ec_c25519_m64.c:NEQ
Unexecuted instantiation: ec_c25519_m62.c:NEQ
Unexecuted instantiation: ec_c25519_m31.c:NEQ
Unexecuted instantiation: ec_c25519_m15.c:NEQ
Unexecuted instantiation: ec_c25519_i31.c:NEQ
Unexecuted instantiation: ec_c25519_i15.c:NEQ
Unexecuted instantiation: ec_all_m31.c:NEQ
Unexecuted instantiation: enc64be.c:NEQ
Unexecuted instantiation: enc32le.c:NEQ
Unexecuted instantiation: enc32be.c:NEQ
Unexecuted instantiation: dec64be.c:NEQ
Unexecuted instantiation: dec32le.c:NEQ
Unexecuted instantiation: dec32be.c:NEQ
Unexecuted instantiation: ccopy.c:NEQ
Unexecuted instantiation: gcm.c:NEQ
Unexecuted instantiation: ccm.c:NEQ
Unexecuted instantiation: aes_small_enc.c:NEQ
Unexecuted instantiation: aes_ct_enc.c:NEQ
Unexecuted instantiation: aes_ct64_enc.c:NEQ
Unexecuted instantiation: aes_big_enc.c:NEQ
Unexecuted instantiation: i31_sub.c:NEQ
Unexecuted instantiation: i31_rshift.c:NEQ
Unexecuted instantiation: i31_ninv31.c:NEQ
i31_montmul.c:NEQ
Line
Count
Source
792
29.0M
{
793
29.0M
  uint32_t q;
794
795
29.0M
  q = x ^ y;
796
29.0M
  return (q | -q) >> 31;
797
29.0M
}
Unexecuted instantiation: i31_modpow.c:NEQ
Unexecuted instantiation: i31_iszero.c:NEQ
Unexecuted instantiation: i31_fmont.c:NEQ
Unexecuted instantiation: i31_encode.c:NEQ
Unexecuted instantiation: i31_decode.c:NEQ
Unexecuted instantiation: i31_decmod.c:NEQ
i31_bitlen.c:NEQ
Line
Count
Source
792
6.06k
{
793
6.06k
  uint32_t q;
794
795
6.06k
  q = x ^ y;
796
6.06k
  return (q | -q) >> 31;
797
6.06k
}
Unexecuted instantiation: i31_add.c:NEQ
Unexecuted instantiation: i15_sub.c:NEQ
Unexecuted instantiation: i15_rshift.c:NEQ
Unexecuted instantiation: i15_ninv15.c:NEQ
i15_montmul.c:NEQ
Line
Count
Source
792
7.15M
{
793
7.15M
  uint32_t q;
794
795
7.15M
  q = x ^ y;
796
7.15M
  return (q | -q) >> 31;
797
7.15M
}
Unexecuted instantiation: i15_modpow.c:NEQ
Unexecuted instantiation: i15_iszero.c:NEQ
Unexecuted instantiation: i15_fmont.c:NEQ
Unexecuted instantiation: i15_encode.c:NEQ
Unexecuted instantiation: i15_decode.c:NEQ
Unexecuted instantiation: i15_decmod.c:NEQ
i15_bitlen.c:NEQ
Line
Count
Source
792
908
{
793
908
  uint32_t q;
794
795
908
  q = x ^ y;
796
908
  return (q | -q) >> 31;
797
908
}
Unexecuted instantiation: i15_add.c:NEQ
Unexecuted instantiation: i31_tmont.c:NEQ
Unexecuted instantiation: i31_muladd.c:NEQ
Unexecuted instantiation: i15_tmont.c:NEQ
Unexecuted instantiation: i15_muladd.c:NEQ
Unexecuted instantiation: i32_div32.c:NEQ
798
799
/*
800
 * Comparison: returns 1 if x > y, 0 otherwise.
801
 */
802
static inline uint32_t
803
GT(uint32_t x, uint32_t y)
804
4.67M
{
805
  /*
806
   * If both x < 2^31 and x < 2^31, then y-x will have its high
807
   * bit set if x > y, cleared otherwise.
808
   *
809
   * If either x >= 2^31 or y >= 2^31 (but not both), then the
810
   * result is the high bit of x.
811
   *
812
   * If both x >= 2^31 and y >= 2^31, then we can virtually
813
   * subtract 2^31 from both, and we are back to the first case.
814
   * Since (y-2^31)-(x-2^31) = y-x, the subtraction is already
815
   * fine.
816
   */
817
4.67M
  uint32_t z;
818
819
4.67M
  z = y - x;
820
4.67M
  return (z ^ ((x ^ y) & (x ^ z))) >> 31;
821
4.67M
}
poly1305_ctmul.c:GT
Line
Count
Source
804
712
{
805
  /*
806
   * If both x < 2^31 and x < 2^31, then y-x will have its high
807
   * bit set if x > y, cleared otherwise.
808
   *
809
   * If either x >= 2^31 or y >= 2^31 (but not both), then the
810
   * result is the high bit of x.
811
   *
812
   * If both x >= 2^31 and y >= 2^31, then we can virtually
813
   * subtract 2^31 from both, and we are back to the first case.
814
   * Since (y-2^31)-(x-2^31) = y-x, the subtraction is already
815
   * fine.
816
   */
817
712
  uint32_t z;
818
819
712
  z = y - x;
820
712
  return (z ^ ((x ^ y) & (x ^ z))) >> 31;
821
712
}
Unexecuted instantiation: chacha20_sse2.c:GT
Unexecuted instantiation: chacha20_ct.c:GT
Unexecuted instantiation: aes_x86ni_ctrcbc.c:GT
Unexecuted instantiation: aes_x86ni.c:GT
Unexecuted instantiation: aes_small_ctrcbc.c:GT
Unexecuted instantiation: aes_ct_ctrcbc.c:GT
Unexecuted instantiation: aes_ct_ctr.c:GT
Unexecuted instantiation: aes_ct64_ctrcbc.c:GT
Unexecuted instantiation: aes_ct64.c:GT
Unexecuted instantiation: aes_ct.c:GT
Unexecuted instantiation: aes_common.c:GT
Unexecuted instantiation: aes_big_ctrcbc.c:GT
Unexecuted instantiation: prf_md5sha1.c:GT
Unexecuted instantiation: prf.c:GT
Unexecuted instantiation: sysrng.c:GT
Unexecuted instantiation: hmac_drbg.c:GT
Unexecuted instantiation: hmac.c:GT
Unexecuted instantiation: shake.c:GT
Unexecuted instantiation: hkdf.c:GT
Unexecuted instantiation: sha2small.c:GT
Unexecuted instantiation: sha2big.c:GT
Unexecuted instantiation: sha1.c:GT
Unexecuted instantiation: md5sha1.c:GT
Unexecuted instantiation: md5.c:GT
Unexecuted instantiation: ghash_ctmul32.c:GT
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:GT
Unexecuted instantiation: ecdsa_i31_sign_raw.c:GT
Unexecuted instantiation: ecdsa_i31_bits.c:GT
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:GT
Unexecuted instantiation: ecdsa_i15_sign_raw.c:GT
Unexecuted instantiation: ecdsa_i15_bits.c:GT
Unexecuted instantiation: ec_secp521r1.c:GT
Unexecuted instantiation: ec_secp384r1.c:GT
Unexecuted instantiation: ec_secp256r1.c:GT
Unexecuted instantiation: ec_pubkey.c:GT
Unexecuted instantiation: ec_prime_i31.c:GT
Unexecuted instantiation: ec_prime_i15.c:GT
Unexecuted instantiation: ec_p256_m64.c:GT
Unexecuted instantiation: ec_p256_m62.c:GT
Unexecuted instantiation: ec_p256_m31.c:GT
Unexecuted instantiation: ec_p256_m15.c:GT
Unexecuted instantiation: ec_keygen.c:GT
Unexecuted instantiation: ec_default.c:GT
Unexecuted instantiation: ec_c25519_m64.c:GT
Unexecuted instantiation: ec_c25519_m62.c:GT
Unexecuted instantiation: ec_c25519_m31.c:GT
Unexecuted instantiation: ec_c25519_m15.c:GT
Unexecuted instantiation: ec_c25519_i31.c:GT
Unexecuted instantiation: ec_c25519_i15.c:GT
Unexecuted instantiation: ec_all_m31.c:GT
Unexecuted instantiation: enc64be.c:GT
Unexecuted instantiation: enc32le.c:GT
Unexecuted instantiation: enc32be.c:GT
Unexecuted instantiation: dec64be.c:GT
Unexecuted instantiation: dec32le.c:GT
Unexecuted instantiation: dec32be.c:GT
Unexecuted instantiation: ccopy.c:GT
Unexecuted instantiation: gcm.c:GT
Unexecuted instantiation: ccm.c:GT
Unexecuted instantiation: aes_small_enc.c:GT
Unexecuted instantiation: aes_ct_enc.c:GT
Unexecuted instantiation: aes_ct64_enc.c:GT
Unexecuted instantiation: aes_big_enc.c:GT
Unexecuted instantiation: i31_sub.c:GT
Unexecuted instantiation: i31_rshift.c:GT
Unexecuted instantiation: i31_ninv31.c:GT
Unexecuted instantiation: i31_montmul.c:GT
Unexecuted instantiation: i31_modpow.c:GT
Unexecuted instantiation: i31_iszero.c:GT
Unexecuted instantiation: i31_fmont.c:GT
Unexecuted instantiation: i31_encode.c:GT
Unexecuted instantiation: i31_decode.c:GT
i31_decmod.c:GT
Line
Count
Source
804
282k
{
805
  /*
806
   * If both x < 2^31 and x < 2^31, then y-x will have its high
807
   * bit set if x > y, cleared otherwise.
808
   *
809
   * If either x >= 2^31 or y >= 2^31 (but not both), then the
810
   * result is the high bit of x.
811
   *
812
   * If both x >= 2^31 and y >= 2^31, then we can virtually
813
   * subtract 2^31 from both, and we are back to the first case.
814
   * Since (y-2^31)-(x-2^31) = y-x, the subtraction is already
815
   * fine.
816
   */
817
282k
  uint32_t z;
818
819
282k
  z = y - x;
820
282k
  return (z ^ ((x ^ y) & (x ^ z))) >> 31;
821
282k
}
i31_bitlen.c:GT
Line
Count
Source
804
30.3k
{
805
  /*
806
   * If both x < 2^31 and x < 2^31, then y-x will have its high
807
   * bit set if x > y, cleared otherwise.
808
   *
809
   * If either x >= 2^31 or y >= 2^31 (but not both), then the
810
   * result is the high bit of x.
811
   *
812
   * If both x >= 2^31 and y >= 2^31, then we can virtually
813
   * subtract 2^31 from both, and we are back to the first case.
814
   * Since (y-2^31)-(x-2^31) = y-x, the subtraction is already
815
   * fine.
816
   */
817
30.3k
  uint32_t z;
818
819
30.3k
  z = y - x;
820
30.3k
  return (z ^ ((x ^ y) & (x ^ z))) >> 31;
821
30.3k
}
Unexecuted instantiation: i31_add.c:GT
Unexecuted instantiation: i15_sub.c:GT
Unexecuted instantiation: i15_rshift.c:GT
Unexecuted instantiation: i15_ninv15.c:GT
Unexecuted instantiation: i15_montmul.c:GT
Unexecuted instantiation: i15_modpow.c:GT
Unexecuted instantiation: i15_iszero.c:GT
Unexecuted instantiation: i15_fmont.c:GT
Unexecuted instantiation: i15_encode.c:GT
Unexecuted instantiation: i15_decode.c:GT
i15_decmod.c:GT
Line
Count
Source
804
118k
{
805
  /*
806
   * If both x < 2^31 and x < 2^31, then y-x will have its high
807
   * bit set if x > y, cleared otherwise.
808
   *
809
   * If either x >= 2^31 or y >= 2^31 (but not both), then the
810
   * result is the high bit of x.
811
   *
812
   * If both x >= 2^31 and y >= 2^31, then we can virtually
813
   * subtract 2^31 from both, and we are back to the first case.
814
   * Since (y-2^31)-(x-2^31) = y-x, the subtraction is already
815
   * fine.
816
   */
817
118k
  uint32_t z;
818
819
118k
  z = y - x;
820
118k
  return (z ^ ((x ^ y) & (x ^ z))) >> 31;
821
118k
}
i15_bitlen.c:GT
Line
Count
Source
804
4.54k
{
805
  /*
806
   * If both x < 2^31 and x < 2^31, then y-x will have its high
807
   * bit set if x > y, cleared otherwise.
808
   *
809
   * If either x >= 2^31 or y >= 2^31 (but not both), then the
810
   * result is the high bit of x.
811
   *
812
   * If both x >= 2^31 and y >= 2^31, then we can virtually
813
   * subtract 2^31 from both, and we are back to the first case.
814
   * Since (y-2^31)-(x-2^31) = y-x, the subtraction is already
815
   * fine.
816
   */
817
4.54k
  uint32_t z;
818
819
4.54k
  z = y - x;
820
4.54k
  return (z ^ ((x ^ y) & (x ^ z))) >> 31;
821
4.54k
}
Unexecuted instantiation: i15_add.c:GT
Unexecuted instantiation: i31_tmont.c:GT
i31_muladd.c:GT
Line
Count
Source
804
994k
{
805
  /*
806
   * If both x < 2^31 and x < 2^31, then y-x will have its high
807
   * bit set if x > y, cleared otherwise.
808
   *
809
   * If either x >= 2^31 or y >= 2^31 (but not both), then the
810
   * result is the high bit of x.
811
   *
812
   * If both x >= 2^31 and y >= 2^31, then we can virtually
813
   * subtract 2^31 from both, and we are back to the first case.
814
   * Since (y-2^31)-(x-2^31) = y-x, the subtraction is already
815
   * fine.
816
   */
817
994k
  uint32_t z;
818
819
994k
  z = y - x;
820
994k
  return (z ^ ((x ^ y) & (x ^ z))) >> 31;
821
994k
}
Unexecuted instantiation: i15_tmont.c:GT
i15_muladd.c:GT
Line
Count
Source
804
1.34M
{
805
  /*
806
   * If both x < 2^31 and x < 2^31, then y-x will have its high
807
   * bit set if x > y, cleared otherwise.
808
   *
809
   * If either x >= 2^31 or y >= 2^31 (but not both), then the
810
   * result is the high bit of x.
811
   *
812
   * If both x >= 2^31 and y >= 2^31, then we can virtually
813
   * subtract 2^31 from both, and we are back to the first case.
814
   * Since (y-2^31)-(x-2^31) = y-x, the subtraction is already
815
   * fine.
816
   */
817
1.34M
  uint32_t z;
818
819
1.34M
  z = y - x;
820
1.34M
  return (z ^ ((x ^ y) & (x ^ z))) >> 31;
821
1.34M
}
i32_div32.c:GT
Line
Count
Source
804
1.90M
{
805
  /*
806
   * If both x < 2^31 and x < 2^31, then y-x will have its high
807
   * bit set if x > y, cleared otherwise.
808
   *
809
   * If either x >= 2^31 or y >= 2^31 (but not both), then the
810
   * result is the high bit of x.
811
   *
812
   * If both x >= 2^31 and y >= 2^31, then we can virtually
813
   * subtract 2^31 from both, and we are back to the first case.
814
   * Since (y-2^31)-(x-2^31) = y-x, the subtraction is already
815
   * fine.
816
   */
817
1.90M
  uint32_t z;
818
819
1.90M
  z = y - x;
820
1.90M
  return (z ^ ((x ^ y) & (x ^ z))) >> 31;
821
1.90M
}
822
823
/*
824
 * Other comparisons (greater-or-equal, lower-than, lower-or-equal).
825
 */
826
1.90M
#define GE(x, y)   NOT(GT(y, x))
827
86.8k
#define LT(x, y)   GT(y, x)
828
465k
#define LE(x, y)   NOT(GT(x, y))
829
830
/*
831
 * General comparison: returned value is -1, 0 or 1, depending on
832
 * whether x is lower than, equal to, or greater than y.
833
 */
834
static inline int32_t
835
CMP(uint32_t x, uint32_t y)
836
200k
{
837
200k
  return (int32_t)GT(x, y) | -(int32_t)GT(y, x);
838
200k
}
Unexecuted instantiation: poly1305_ctmul.c:CMP
Unexecuted instantiation: chacha20_sse2.c:CMP
Unexecuted instantiation: chacha20_ct.c:CMP
Unexecuted instantiation: aes_x86ni_ctrcbc.c:CMP
Unexecuted instantiation: aes_x86ni.c:CMP
Unexecuted instantiation: aes_small_ctrcbc.c:CMP
Unexecuted instantiation: aes_ct_ctrcbc.c:CMP
Unexecuted instantiation: aes_ct_ctr.c:CMP
Unexecuted instantiation: aes_ct64_ctrcbc.c:CMP
Unexecuted instantiation: aes_ct64.c:CMP
Unexecuted instantiation: aes_ct.c:CMP
Unexecuted instantiation: aes_common.c:CMP
Unexecuted instantiation: aes_big_ctrcbc.c:CMP
Unexecuted instantiation: prf_md5sha1.c:CMP
Unexecuted instantiation: prf.c:CMP
Unexecuted instantiation: sysrng.c:CMP
Unexecuted instantiation: hmac_drbg.c:CMP
Unexecuted instantiation: hmac.c:CMP
Unexecuted instantiation: shake.c:CMP
Unexecuted instantiation: hkdf.c:CMP
Unexecuted instantiation: sha2small.c:CMP
Unexecuted instantiation: sha2big.c:CMP
Unexecuted instantiation: sha1.c:CMP
Unexecuted instantiation: md5sha1.c:CMP
Unexecuted instantiation: md5.c:CMP
Unexecuted instantiation: ghash_ctmul32.c:CMP
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:CMP
Unexecuted instantiation: ecdsa_i31_sign_raw.c:CMP
Unexecuted instantiation: ecdsa_i31_bits.c:CMP
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:CMP
Unexecuted instantiation: ecdsa_i15_sign_raw.c:CMP
Unexecuted instantiation: ecdsa_i15_bits.c:CMP
Unexecuted instantiation: ec_secp521r1.c:CMP
Unexecuted instantiation: ec_secp384r1.c:CMP
Unexecuted instantiation: ec_secp256r1.c:CMP
Unexecuted instantiation: ec_pubkey.c:CMP
Unexecuted instantiation: ec_prime_i31.c:CMP
Unexecuted instantiation: ec_prime_i15.c:CMP
Unexecuted instantiation: ec_p256_m64.c:CMP
Unexecuted instantiation: ec_p256_m62.c:CMP
Unexecuted instantiation: ec_p256_m31.c:CMP
Unexecuted instantiation: ec_p256_m15.c:CMP
Unexecuted instantiation: ec_keygen.c:CMP
Unexecuted instantiation: ec_default.c:CMP
Unexecuted instantiation: ec_c25519_m64.c:CMP
Unexecuted instantiation: ec_c25519_m62.c:CMP
Unexecuted instantiation: ec_c25519_m31.c:CMP
Unexecuted instantiation: ec_c25519_m15.c:CMP
Unexecuted instantiation: ec_c25519_i31.c:CMP
Unexecuted instantiation: ec_c25519_i15.c:CMP
Unexecuted instantiation: ec_all_m31.c:CMP
Unexecuted instantiation: enc64be.c:CMP
Unexecuted instantiation: enc32le.c:CMP
Unexecuted instantiation: enc32be.c:CMP
Unexecuted instantiation: dec64be.c:CMP
Unexecuted instantiation: dec32le.c:CMP
Unexecuted instantiation: dec32be.c:CMP
Unexecuted instantiation: ccopy.c:CMP
Unexecuted instantiation: gcm.c:CMP
Unexecuted instantiation: ccm.c:CMP
Unexecuted instantiation: aes_small_enc.c:CMP
Unexecuted instantiation: aes_ct_enc.c:CMP
Unexecuted instantiation: aes_ct64_enc.c:CMP
Unexecuted instantiation: aes_big_enc.c:CMP
Unexecuted instantiation: i31_sub.c:CMP
Unexecuted instantiation: i31_rshift.c:CMP
Unexecuted instantiation: i31_ninv31.c:CMP
Unexecuted instantiation: i31_montmul.c:CMP
Unexecuted instantiation: i31_modpow.c:CMP
Unexecuted instantiation: i31_iszero.c:CMP
Unexecuted instantiation: i31_fmont.c:CMP
Unexecuted instantiation: i31_encode.c:CMP
Unexecuted instantiation: i31_decode.c:CMP
i31_decmod.c:CMP
Line
Count
Source
836
141k
{
837
141k
  return (int32_t)GT(x, y) | -(int32_t)GT(y, x);
838
141k
}
Unexecuted instantiation: i31_bitlen.c:CMP
Unexecuted instantiation: i31_add.c:CMP
Unexecuted instantiation: i15_sub.c:CMP
Unexecuted instantiation: i15_rshift.c:CMP
Unexecuted instantiation: i15_ninv15.c:CMP
Unexecuted instantiation: i15_montmul.c:CMP
Unexecuted instantiation: i15_modpow.c:CMP
Unexecuted instantiation: i15_iszero.c:CMP
Unexecuted instantiation: i15_fmont.c:CMP
Unexecuted instantiation: i15_encode.c:CMP
Unexecuted instantiation: i15_decode.c:CMP
i15_decmod.c:CMP
Line
Count
Source
836
59.1k
{
837
59.1k
  return (int32_t)GT(x, y) | -(int32_t)GT(y, x);
838
59.1k
}
Unexecuted instantiation: i15_bitlen.c:CMP
Unexecuted instantiation: i15_add.c:CMP
Unexecuted instantiation: i31_tmont.c:CMP
Unexecuted instantiation: i31_muladd.c:CMP
Unexecuted instantiation: i15_tmont.c:CMP
Unexecuted instantiation: i15_muladd.c:CMP
Unexecuted instantiation: i32_div32.c:CMP
839
840
/*
841
 * Returns 1 if x == 0, 0 otherwise. Take care that the operand is signed.
842
 */
843
static inline uint32_t
844
EQ0(int32_t x)
845
1.99k
{
846
1.99k
  uint32_t q;
847
848
1.99k
  q = (uint32_t)x;
849
1.99k
  return ~(q | -q) >> 31;
850
1.99k
}
Unexecuted instantiation: poly1305_ctmul.c:EQ0
Unexecuted instantiation: chacha20_sse2.c:EQ0
Unexecuted instantiation: chacha20_ct.c:EQ0
Unexecuted instantiation: aes_x86ni_ctrcbc.c:EQ0
Unexecuted instantiation: aes_x86ni.c:EQ0
Unexecuted instantiation: aes_small_ctrcbc.c:EQ0
Unexecuted instantiation: aes_ct_ctrcbc.c:EQ0
Unexecuted instantiation: aes_ct_ctr.c:EQ0
Unexecuted instantiation: aes_ct64_ctrcbc.c:EQ0
Unexecuted instantiation: aes_ct64.c:EQ0
Unexecuted instantiation: aes_ct.c:EQ0
Unexecuted instantiation: aes_common.c:EQ0
Unexecuted instantiation: aes_big_ctrcbc.c:EQ0
Unexecuted instantiation: prf_md5sha1.c:EQ0
Unexecuted instantiation: prf.c:EQ0
Unexecuted instantiation: sysrng.c:EQ0
Unexecuted instantiation: hmac_drbg.c:EQ0
Unexecuted instantiation: hmac.c:EQ0
Unexecuted instantiation: shake.c:EQ0
Unexecuted instantiation: hkdf.c:EQ0
Unexecuted instantiation: sha2small.c:EQ0
Unexecuted instantiation: sha2big.c:EQ0
Unexecuted instantiation: sha1.c:EQ0
Unexecuted instantiation: md5sha1.c:EQ0
Unexecuted instantiation: md5.c:EQ0
Unexecuted instantiation: ghash_ctmul32.c:EQ0
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:EQ0
Unexecuted instantiation: ecdsa_i31_sign_raw.c:EQ0
Unexecuted instantiation: ecdsa_i31_bits.c:EQ0
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:EQ0
Unexecuted instantiation: ecdsa_i15_sign_raw.c:EQ0
Unexecuted instantiation: ecdsa_i15_bits.c:EQ0
Unexecuted instantiation: ec_secp521r1.c:EQ0
Unexecuted instantiation: ec_secp384r1.c:EQ0
Unexecuted instantiation: ec_secp256r1.c:EQ0
Unexecuted instantiation: ec_pubkey.c:EQ0
Unexecuted instantiation: ec_prime_i31.c:EQ0
Unexecuted instantiation: ec_prime_i15.c:EQ0
Unexecuted instantiation: ec_p256_m64.c:EQ0
Unexecuted instantiation: ec_p256_m62.c:EQ0
Unexecuted instantiation: ec_p256_m31.c:EQ0
Unexecuted instantiation: ec_p256_m15.c:EQ0
Unexecuted instantiation: ec_keygen.c:EQ0
Unexecuted instantiation: ec_default.c:EQ0
Unexecuted instantiation: ec_c25519_m64.c:EQ0
Unexecuted instantiation: ec_c25519_m62.c:EQ0
Unexecuted instantiation: ec_c25519_m31.c:EQ0
Unexecuted instantiation: ec_c25519_m15.c:EQ0
Unexecuted instantiation: ec_c25519_i31.c:EQ0
Unexecuted instantiation: ec_c25519_i15.c:EQ0
Unexecuted instantiation: ec_all_m31.c:EQ0
Unexecuted instantiation: enc64be.c:EQ0
Unexecuted instantiation: enc32le.c:EQ0
Unexecuted instantiation: enc32be.c:EQ0
Unexecuted instantiation: dec64be.c:EQ0
Unexecuted instantiation: dec32le.c:EQ0
Unexecuted instantiation: dec32be.c:EQ0
Unexecuted instantiation: ccopy.c:EQ0
gcm.c:EQ0
Line
Count
Source
845
348
{
846
348
  uint32_t q;
847
848
348
  q = (uint32_t)x;
849
348
  return ~(q | -q) >> 31;
850
348
}
ccm.c:EQ0
Line
Count
Source
845
1.65k
{
846
1.65k
  uint32_t q;
847
848
1.65k
  q = (uint32_t)x;
849
1.65k
  return ~(q | -q) >> 31;
850
1.65k
}
Unexecuted instantiation: aes_small_enc.c:EQ0
Unexecuted instantiation: aes_ct_enc.c:EQ0
Unexecuted instantiation: aes_ct64_enc.c:EQ0
Unexecuted instantiation: aes_big_enc.c:EQ0
Unexecuted instantiation: i31_sub.c:EQ0
Unexecuted instantiation: i31_rshift.c:EQ0
Unexecuted instantiation: i31_ninv31.c:EQ0
Unexecuted instantiation: i31_montmul.c:EQ0
Unexecuted instantiation: i31_modpow.c:EQ0
Unexecuted instantiation: i31_iszero.c:EQ0
Unexecuted instantiation: i31_fmont.c:EQ0
Unexecuted instantiation: i31_encode.c:EQ0
Unexecuted instantiation: i31_decode.c:EQ0
Unexecuted instantiation: i31_decmod.c:EQ0
Unexecuted instantiation: i31_bitlen.c:EQ0
Unexecuted instantiation: i31_add.c:EQ0
Unexecuted instantiation: i15_sub.c:EQ0
Unexecuted instantiation: i15_rshift.c:EQ0
Unexecuted instantiation: i15_ninv15.c:EQ0
Unexecuted instantiation: i15_montmul.c:EQ0
Unexecuted instantiation: i15_modpow.c:EQ0
Unexecuted instantiation: i15_iszero.c:EQ0
Unexecuted instantiation: i15_fmont.c:EQ0
Unexecuted instantiation: i15_encode.c:EQ0
Unexecuted instantiation: i15_decode.c:EQ0
Unexecuted instantiation: i15_decmod.c:EQ0
Unexecuted instantiation: i15_bitlen.c:EQ0
Unexecuted instantiation: i15_add.c:EQ0
Unexecuted instantiation: i31_tmont.c:EQ0
Unexecuted instantiation: i31_muladd.c:EQ0
Unexecuted instantiation: i15_tmont.c:EQ0
Unexecuted instantiation: i15_muladd.c:EQ0
Unexecuted instantiation: i32_div32.c:EQ0
851
852
/*
853
 * Returns 1 if x > 0, 0 otherwise. Take care that the operand is signed.
854
 */
855
static inline uint32_t
856
GT0(int32_t x)
857
0
{
858
0
  /*
859
0
   * High bit of -x is 0 if x == 0, but 1 if x > 0.
860
0
   */
861
0
  uint32_t q;
862
0
863
0
  q = (uint32_t)x;
864
0
  return (~q & -q) >> 31;
865
0
}
Unexecuted instantiation: poly1305_ctmul.c:GT0
Unexecuted instantiation: chacha20_sse2.c:GT0
Unexecuted instantiation: chacha20_ct.c:GT0
Unexecuted instantiation: aes_x86ni_ctrcbc.c:GT0
Unexecuted instantiation: aes_x86ni.c:GT0
Unexecuted instantiation: aes_small_ctrcbc.c:GT0
Unexecuted instantiation: aes_ct_ctrcbc.c:GT0
Unexecuted instantiation: aes_ct_ctr.c:GT0
Unexecuted instantiation: aes_ct64_ctrcbc.c:GT0
Unexecuted instantiation: aes_ct64.c:GT0
Unexecuted instantiation: aes_ct.c:GT0
Unexecuted instantiation: aes_common.c:GT0
Unexecuted instantiation: aes_big_ctrcbc.c:GT0
Unexecuted instantiation: prf_md5sha1.c:GT0
Unexecuted instantiation: prf.c:GT0
Unexecuted instantiation: sysrng.c:GT0
Unexecuted instantiation: hmac_drbg.c:GT0
Unexecuted instantiation: hmac.c:GT0
Unexecuted instantiation: shake.c:GT0
Unexecuted instantiation: hkdf.c:GT0
Unexecuted instantiation: sha2small.c:GT0
Unexecuted instantiation: sha2big.c:GT0
Unexecuted instantiation: sha1.c:GT0
Unexecuted instantiation: md5sha1.c:GT0
Unexecuted instantiation: md5.c:GT0
Unexecuted instantiation: ghash_ctmul32.c:GT0
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:GT0
Unexecuted instantiation: ecdsa_i31_sign_raw.c:GT0
Unexecuted instantiation: ecdsa_i31_bits.c:GT0
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:GT0
Unexecuted instantiation: ecdsa_i15_sign_raw.c:GT0
Unexecuted instantiation: ecdsa_i15_bits.c:GT0
Unexecuted instantiation: ec_secp521r1.c:GT0
Unexecuted instantiation: ec_secp384r1.c:GT0
Unexecuted instantiation: ec_secp256r1.c:GT0
Unexecuted instantiation: ec_pubkey.c:GT0
Unexecuted instantiation: ec_prime_i31.c:GT0
Unexecuted instantiation: ec_prime_i15.c:GT0
Unexecuted instantiation: ec_p256_m64.c:GT0
Unexecuted instantiation: ec_p256_m62.c:GT0
Unexecuted instantiation: ec_p256_m31.c:GT0
Unexecuted instantiation: ec_p256_m15.c:GT0
Unexecuted instantiation: ec_keygen.c:GT0
Unexecuted instantiation: ec_default.c:GT0
Unexecuted instantiation: ec_c25519_m64.c:GT0
Unexecuted instantiation: ec_c25519_m62.c:GT0
Unexecuted instantiation: ec_c25519_m31.c:GT0
Unexecuted instantiation: ec_c25519_m15.c:GT0
Unexecuted instantiation: ec_c25519_i31.c:GT0
Unexecuted instantiation: ec_c25519_i15.c:GT0
Unexecuted instantiation: ec_all_m31.c:GT0
Unexecuted instantiation: enc64be.c:GT0
Unexecuted instantiation: enc32le.c:GT0
Unexecuted instantiation: enc32be.c:GT0
Unexecuted instantiation: dec64be.c:GT0
Unexecuted instantiation: dec32le.c:GT0
Unexecuted instantiation: dec32be.c:GT0
Unexecuted instantiation: ccopy.c:GT0
Unexecuted instantiation: gcm.c:GT0
Unexecuted instantiation: ccm.c:GT0
Unexecuted instantiation: aes_small_enc.c:GT0
Unexecuted instantiation: aes_ct_enc.c:GT0
Unexecuted instantiation: aes_ct64_enc.c:GT0
Unexecuted instantiation: aes_big_enc.c:GT0
Unexecuted instantiation: i31_sub.c:GT0
Unexecuted instantiation: i31_rshift.c:GT0
Unexecuted instantiation: i31_ninv31.c:GT0
Unexecuted instantiation: i31_montmul.c:GT0
Unexecuted instantiation: i31_modpow.c:GT0
Unexecuted instantiation: i31_iszero.c:GT0
Unexecuted instantiation: i31_fmont.c:GT0
Unexecuted instantiation: i31_encode.c:GT0
Unexecuted instantiation: i31_decode.c:GT0
Unexecuted instantiation: i31_decmod.c:GT0
Unexecuted instantiation: i31_bitlen.c:GT0
Unexecuted instantiation: i31_add.c:GT0
Unexecuted instantiation: i15_sub.c:GT0
Unexecuted instantiation: i15_rshift.c:GT0
Unexecuted instantiation: i15_ninv15.c:GT0
Unexecuted instantiation: i15_montmul.c:GT0
Unexecuted instantiation: i15_modpow.c:GT0
Unexecuted instantiation: i15_iszero.c:GT0
Unexecuted instantiation: i15_fmont.c:GT0
Unexecuted instantiation: i15_encode.c:GT0
Unexecuted instantiation: i15_decode.c:GT0
Unexecuted instantiation: i15_decmod.c:GT0
Unexecuted instantiation: i15_bitlen.c:GT0
Unexecuted instantiation: i15_add.c:GT0
Unexecuted instantiation: i31_tmont.c:GT0
Unexecuted instantiation: i31_muladd.c:GT0
Unexecuted instantiation: i15_tmont.c:GT0
Unexecuted instantiation: i15_muladd.c:GT0
Unexecuted instantiation: i32_div32.c:GT0
866
867
/*
868
 * Returns 1 if x >= 0, 0 otherwise. Take care that the operand is signed.
869
 */
870
static inline uint32_t
871
GE0(int32_t x)
872
0
{
873
0
  return ~(uint32_t)x >> 31;
874
0
}
Unexecuted instantiation: poly1305_ctmul.c:GE0
Unexecuted instantiation: chacha20_sse2.c:GE0
Unexecuted instantiation: chacha20_ct.c:GE0
Unexecuted instantiation: aes_x86ni_ctrcbc.c:GE0
Unexecuted instantiation: aes_x86ni.c:GE0
Unexecuted instantiation: aes_small_ctrcbc.c:GE0
Unexecuted instantiation: aes_ct_ctrcbc.c:GE0
Unexecuted instantiation: aes_ct_ctr.c:GE0
Unexecuted instantiation: aes_ct64_ctrcbc.c:GE0
Unexecuted instantiation: aes_ct64.c:GE0
Unexecuted instantiation: aes_ct.c:GE0
Unexecuted instantiation: aes_common.c:GE0
Unexecuted instantiation: aes_big_ctrcbc.c:GE0
Unexecuted instantiation: prf_md5sha1.c:GE0
Unexecuted instantiation: prf.c:GE0
Unexecuted instantiation: sysrng.c:GE0
Unexecuted instantiation: hmac_drbg.c:GE0
Unexecuted instantiation: hmac.c:GE0
Unexecuted instantiation: shake.c:GE0
Unexecuted instantiation: hkdf.c:GE0
Unexecuted instantiation: sha2small.c:GE0
Unexecuted instantiation: sha2big.c:GE0
Unexecuted instantiation: sha1.c:GE0
Unexecuted instantiation: md5sha1.c:GE0
Unexecuted instantiation: md5.c:GE0
Unexecuted instantiation: ghash_ctmul32.c:GE0
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:GE0
Unexecuted instantiation: ecdsa_i31_sign_raw.c:GE0
Unexecuted instantiation: ecdsa_i31_bits.c:GE0
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:GE0
Unexecuted instantiation: ecdsa_i15_sign_raw.c:GE0
Unexecuted instantiation: ecdsa_i15_bits.c:GE0
Unexecuted instantiation: ec_secp521r1.c:GE0
Unexecuted instantiation: ec_secp384r1.c:GE0
Unexecuted instantiation: ec_secp256r1.c:GE0
Unexecuted instantiation: ec_pubkey.c:GE0
Unexecuted instantiation: ec_prime_i31.c:GE0
Unexecuted instantiation: ec_prime_i15.c:GE0
Unexecuted instantiation: ec_p256_m64.c:GE0
Unexecuted instantiation: ec_p256_m62.c:GE0
Unexecuted instantiation: ec_p256_m31.c:GE0
Unexecuted instantiation: ec_p256_m15.c:GE0
Unexecuted instantiation: ec_keygen.c:GE0
Unexecuted instantiation: ec_default.c:GE0
Unexecuted instantiation: ec_c25519_m64.c:GE0
Unexecuted instantiation: ec_c25519_m62.c:GE0
Unexecuted instantiation: ec_c25519_m31.c:GE0
Unexecuted instantiation: ec_c25519_m15.c:GE0
Unexecuted instantiation: ec_c25519_i31.c:GE0
Unexecuted instantiation: ec_c25519_i15.c:GE0
Unexecuted instantiation: ec_all_m31.c:GE0
Unexecuted instantiation: enc64be.c:GE0
Unexecuted instantiation: enc32le.c:GE0
Unexecuted instantiation: enc32be.c:GE0
Unexecuted instantiation: dec64be.c:GE0
Unexecuted instantiation: dec32le.c:GE0
Unexecuted instantiation: dec32be.c:GE0
Unexecuted instantiation: ccopy.c:GE0
Unexecuted instantiation: gcm.c:GE0
Unexecuted instantiation: ccm.c:GE0
Unexecuted instantiation: aes_small_enc.c:GE0
Unexecuted instantiation: aes_ct_enc.c:GE0
Unexecuted instantiation: aes_ct64_enc.c:GE0
Unexecuted instantiation: aes_big_enc.c:GE0
Unexecuted instantiation: i31_sub.c:GE0
Unexecuted instantiation: i31_rshift.c:GE0
Unexecuted instantiation: i31_ninv31.c:GE0
Unexecuted instantiation: i31_montmul.c:GE0
Unexecuted instantiation: i31_modpow.c:GE0
Unexecuted instantiation: i31_iszero.c:GE0
Unexecuted instantiation: i31_fmont.c:GE0
Unexecuted instantiation: i31_encode.c:GE0
Unexecuted instantiation: i31_decode.c:GE0
Unexecuted instantiation: i31_decmod.c:GE0
Unexecuted instantiation: i31_bitlen.c:GE0
Unexecuted instantiation: i31_add.c:GE0
Unexecuted instantiation: i15_sub.c:GE0
Unexecuted instantiation: i15_rshift.c:GE0
Unexecuted instantiation: i15_ninv15.c:GE0
Unexecuted instantiation: i15_montmul.c:GE0
Unexecuted instantiation: i15_modpow.c:GE0
Unexecuted instantiation: i15_iszero.c:GE0
Unexecuted instantiation: i15_fmont.c:GE0
Unexecuted instantiation: i15_encode.c:GE0
Unexecuted instantiation: i15_decode.c:GE0
Unexecuted instantiation: i15_decmod.c:GE0
Unexecuted instantiation: i15_bitlen.c:GE0
Unexecuted instantiation: i15_add.c:GE0
Unexecuted instantiation: i31_tmont.c:GE0
Unexecuted instantiation: i31_muladd.c:GE0
Unexecuted instantiation: i15_tmont.c:GE0
Unexecuted instantiation: i15_muladd.c:GE0
Unexecuted instantiation: i32_div32.c:GE0
875
876
/*
877
 * Returns 1 if x < 0, 0 otherwise. Take care that the operand is signed.
878
 */
879
static inline uint32_t
880
LT0(int32_t x)
881
0
{
882
0
  return (uint32_t)x >> 31;
883
0
}
Unexecuted instantiation: poly1305_ctmul.c:LT0
Unexecuted instantiation: chacha20_sse2.c:LT0
Unexecuted instantiation: chacha20_ct.c:LT0
Unexecuted instantiation: aes_x86ni_ctrcbc.c:LT0
Unexecuted instantiation: aes_x86ni.c:LT0
Unexecuted instantiation: aes_small_ctrcbc.c:LT0
Unexecuted instantiation: aes_ct_ctrcbc.c:LT0
Unexecuted instantiation: aes_ct_ctr.c:LT0
Unexecuted instantiation: aes_ct64_ctrcbc.c:LT0
Unexecuted instantiation: aes_ct64.c:LT0
Unexecuted instantiation: aes_ct.c:LT0
Unexecuted instantiation: aes_common.c:LT0
Unexecuted instantiation: aes_big_ctrcbc.c:LT0
Unexecuted instantiation: prf_md5sha1.c:LT0
Unexecuted instantiation: prf.c:LT0
Unexecuted instantiation: sysrng.c:LT0
Unexecuted instantiation: hmac_drbg.c:LT0
Unexecuted instantiation: hmac.c:LT0
Unexecuted instantiation: shake.c:LT0
Unexecuted instantiation: hkdf.c:LT0
Unexecuted instantiation: sha2small.c:LT0
Unexecuted instantiation: sha2big.c:LT0
Unexecuted instantiation: sha1.c:LT0
Unexecuted instantiation: md5sha1.c:LT0
Unexecuted instantiation: md5.c:LT0
Unexecuted instantiation: ghash_ctmul32.c:LT0
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:LT0
Unexecuted instantiation: ecdsa_i31_sign_raw.c:LT0
Unexecuted instantiation: ecdsa_i31_bits.c:LT0
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:LT0
Unexecuted instantiation: ecdsa_i15_sign_raw.c:LT0
Unexecuted instantiation: ecdsa_i15_bits.c:LT0
Unexecuted instantiation: ec_secp521r1.c:LT0
Unexecuted instantiation: ec_secp384r1.c:LT0
Unexecuted instantiation: ec_secp256r1.c:LT0
Unexecuted instantiation: ec_pubkey.c:LT0
Unexecuted instantiation: ec_prime_i31.c:LT0
Unexecuted instantiation: ec_prime_i15.c:LT0
Unexecuted instantiation: ec_p256_m64.c:LT0
Unexecuted instantiation: ec_p256_m62.c:LT0
Unexecuted instantiation: ec_p256_m31.c:LT0
Unexecuted instantiation: ec_p256_m15.c:LT0
Unexecuted instantiation: ec_keygen.c:LT0
Unexecuted instantiation: ec_default.c:LT0
Unexecuted instantiation: ec_c25519_m64.c:LT0
Unexecuted instantiation: ec_c25519_m62.c:LT0
Unexecuted instantiation: ec_c25519_m31.c:LT0
Unexecuted instantiation: ec_c25519_m15.c:LT0
Unexecuted instantiation: ec_c25519_i31.c:LT0
Unexecuted instantiation: ec_c25519_i15.c:LT0
Unexecuted instantiation: ec_all_m31.c:LT0
Unexecuted instantiation: enc64be.c:LT0
Unexecuted instantiation: enc32le.c:LT0
Unexecuted instantiation: enc32be.c:LT0
Unexecuted instantiation: dec64be.c:LT0
Unexecuted instantiation: dec32le.c:LT0
Unexecuted instantiation: dec32be.c:LT0
Unexecuted instantiation: ccopy.c:LT0
Unexecuted instantiation: gcm.c:LT0
Unexecuted instantiation: ccm.c:LT0
Unexecuted instantiation: aes_small_enc.c:LT0
Unexecuted instantiation: aes_ct_enc.c:LT0
Unexecuted instantiation: aes_ct64_enc.c:LT0
Unexecuted instantiation: aes_big_enc.c:LT0
Unexecuted instantiation: i31_sub.c:LT0
Unexecuted instantiation: i31_rshift.c:LT0
Unexecuted instantiation: i31_ninv31.c:LT0
Unexecuted instantiation: i31_montmul.c:LT0
Unexecuted instantiation: i31_modpow.c:LT0
Unexecuted instantiation: i31_iszero.c:LT0
Unexecuted instantiation: i31_fmont.c:LT0
Unexecuted instantiation: i31_encode.c:LT0
Unexecuted instantiation: i31_decode.c:LT0
Unexecuted instantiation: i31_decmod.c:LT0
Unexecuted instantiation: i31_bitlen.c:LT0
Unexecuted instantiation: i31_add.c:LT0
Unexecuted instantiation: i15_sub.c:LT0
Unexecuted instantiation: i15_rshift.c:LT0
Unexecuted instantiation: i15_ninv15.c:LT0
Unexecuted instantiation: i15_montmul.c:LT0
Unexecuted instantiation: i15_modpow.c:LT0
Unexecuted instantiation: i15_iszero.c:LT0
Unexecuted instantiation: i15_fmont.c:LT0
Unexecuted instantiation: i15_encode.c:LT0
Unexecuted instantiation: i15_decode.c:LT0
Unexecuted instantiation: i15_decmod.c:LT0
Unexecuted instantiation: i15_bitlen.c:LT0
Unexecuted instantiation: i15_add.c:LT0
Unexecuted instantiation: i31_tmont.c:LT0
Unexecuted instantiation: i31_muladd.c:LT0
Unexecuted instantiation: i15_tmont.c:LT0
Unexecuted instantiation: i15_muladd.c:LT0
Unexecuted instantiation: i32_div32.c:LT0
884
885
/*
886
 * Returns 1 if x <= 0, 0 otherwise. Take care that the operand is signed.
887
 */
888
static inline uint32_t
889
LE0(int32_t x)
890
0
{
891
0
  uint32_t q;
892
0
893
0
  /*
894
0
   * ~-x has its high bit set if and only if -x is nonnegative (as
895
0
   * a signed int), i.e. x is in the -(2^31-1) to 0 range. We must
896
0
   * do an OR with x itself to account for x = -2^31.
897
0
   */
898
0
  q = (uint32_t)x;
899
0
  return (q | ~-q) >> 31;
900
0
}
Unexecuted instantiation: poly1305_ctmul.c:LE0
Unexecuted instantiation: chacha20_sse2.c:LE0
Unexecuted instantiation: chacha20_ct.c:LE0
Unexecuted instantiation: aes_x86ni_ctrcbc.c:LE0
Unexecuted instantiation: aes_x86ni.c:LE0
Unexecuted instantiation: aes_small_ctrcbc.c:LE0
Unexecuted instantiation: aes_ct_ctrcbc.c:LE0
Unexecuted instantiation: aes_ct_ctr.c:LE0
Unexecuted instantiation: aes_ct64_ctrcbc.c:LE0
Unexecuted instantiation: aes_ct64.c:LE0
Unexecuted instantiation: aes_ct.c:LE0
Unexecuted instantiation: aes_common.c:LE0
Unexecuted instantiation: aes_big_ctrcbc.c:LE0
Unexecuted instantiation: prf_md5sha1.c:LE0
Unexecuted instantiation: prf.c:LE0
Unexecuted instantiation: sysrng.c:LE0
Unexecuted instantiation: hmac_drbg.c:LE0
Unexecuted instantiation: hmac.c:LE0
Unexecuted instantiation: shake.c:LE0
Unexecuted instantiation: hkdf.c:LE0
Unexecuted instantiation: sha2small.c:LE0
Unexecuted instantiation: sha2big.c:LE0
Unexecuted instantiation: sha1.c:LE0
Unexecuted instantiation: md5sha1.c:LE0
Unexecuted instantiation: md5.c:LE0
Unexecuted instantiation: ghash_ctmul32.c:LE0
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:LE0
Unexecuted instantiation: ecdsa_i31_sign_raw.c:LE0
Unexecuted instantiation: ecdsa_i31_bits.c:LE0
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:LE0
Unexecuted instantiation: ecdsa_i15_sign_raw.c:LE0
Unexecuted instantiation: ecdsa_i15_bits.c:LE0
Unexecuted instantiation: ec_secp521r1.c:LE0
Unexecuted instantiation: ec_secp384r1.c:LE0
Unexecuted instantiation: ec_secp256r1.c:LE0
Unexecuted instantiation: ec_pubkey.c:LE0
Unexecuted instantiation: ec_prime_i31.c:LE0
Unexecuted instantiation: ec_prime_i15.c:LE0
Unexecuted instantiation: ec_p256_m64.c:LE0
Unexecuted instantiation: ec_p256_m62.c:LE0
Unexecuted instantiation: ec_p256_m31.c:LE0
Unexecuted instantiation: ec_p256_m15.c:LE0
Unexecuted instantiation: ec_keygen.c:LE0
Unexecuted instantiation: ec_default.c:LE0
Unexecuted instantiation: ec_c25519_m64.c:LE0
Unexecuted instantiation: ec_c25519_m62.c:LE0
Unexecuted instantiation: ec_c25519_m31.c:LE0
Unexecuted instantiation: ec_c25519_m15.c:LE0
Unexecuted instantiation: ec_c25519_i31.c:LE0
Unexecuted instantiation: ec_c25519_i15.c:LE0
Unexecuted instantiation: ec_all_m31.c:LE0
Unexecuted instantiation: enc64be.c:LE0
Unexecuted instantiation: enc32le.c:LE0
Unexecuted instantiation: enc32be.c:LE0
Unexecuted instantiation: dec64be.c:LE0
Unexecuted instantiation: dec32le.c:LE0
Unexecuted instantiation: dec32be.c:LE0
Unexecuted instantiation: ccopy.c:LE0
Unexecuted instantiation: gcm.c:LE0
Unexecuted instantiation: ccm.c:LE0
Unexecuted instantiation: aes_small_enc.c:LE0
Unexecuted instantiation: aes_ct_enc.c:LE0
Unexecuted instantiation: aes_ct64_enc.c:LE0
Unexecuted instantiation: aes_big_enc.c:LE0
Unexecuted instantiation: i31_sub.c:LE0
Unexecuted instantiation: i31_rshift.c:LE0
Unexecuted instantiation: i31_ninv31.c:LE0
Unexecuted instantiation: i31_montmul.c:LE0
Unexecuted instantiation: i31_modpow.c:LE0
Unexecuted instantiation: i31_iszero.c:LE0
Unexecuted instantiation: i31_fmont.c:LE0
Unexecuted instantiation: i31_encode.c:LE0
Unexecuted instantiation: i31_decode.c:LE0
Unexecuted instantiation: i31_decmod.c:LE0
Unexecuted instantiation: i31_bitlen.c:LE0
Unexecuted instantiation: i31_add.c:LE0
Unexecuted instantiation: i15_sub.c:LE0
Unexecuted instantiation: i15_rshift.c:LE0
Unexecuted instantiation: i15_ninv15.c:LE0
Unexecuted instantiation: i15_montmul.c:LE0
Unexecuted instantiation: i15_modpow.c:LE0
Unexecuted instantiation: i15_iszero.c:LE0
Unexecuted instantiation: i15_fmont.c:LE0
Unexecuted instantiation: i15_encode.c:LE0
Unexecuted instantiation: i15_decode.c:LE0
Unexecuted instantiation: i15_decmod.c:LE0
Unexecuted instantiation: i15_bitlen.c:LE0
Unexecuted instantiation: i15_add.c:LE0
Unexecuted instantiation: i31_tmont.c:LE0
Unexecuted instantiation: i31_muladd.c:LE0
Unexecuted instantiation: i15_tmont.c:LE0
Unexecuted instantiation: i15_muladd.c:LE0
Unexecuted instantiation: i32_div32.c:LE0
901
902
/*
903
 * Conditional copy: src[] is copied into dst[] if and only if ctl is 1.
904
 * dst[] and src[] may overlap completely (but not partially).
905
 */
906
void br_ccopy(uint32_t ctl, void *dst, const void *src, size_t len);
907
908
6.39M
#define CCOPY   br_ccopy
909
910
/*
911
 * Compute the bit length of a 32-bit integer. Returned value is between 0
912
 * and 32 (inclusive).
913
 */
914
static inline uint32_t
915
BIT_LENGTH(uint32_t x)
916
6.97k
{
917
6.97k
  uint32_t k, c;
918
919
6.97k
  k = NEQ(x, 0);
920
6.97k
  c = GT(x, 0xFFFF); x = MUX(c, x >> 16, x); k += c << 4;
921
6.97k
  c = GT(x, 0x00FF); x = MUX(c, x >>  8, x); k += c << 3;
922
6.97k
  c = GT(x, 0x000F); x = MUX(c, x >>  4, x); k += c << 2;
923
6.97k
  c = GT(x, 0x0003); x = MUX(c, x >>  2, x); k += c << 1;
924
6.97k
  k += GT(x, 0x0001);
925
6.97k
  return k;
926
6.97k
}
Unexecuted instantiation: poly1305_ctmul.c:BIT_LENGTH
Unexecuted instantiation: chacha20_sse2.c:BIT_LENGTH
Unexecuted instantiation: chacha20_ct.c:BIT_LENGTH
Unexecuted instantiation: aes_x86ni_ctrcbc.c:BIT_LENGTH
Unexecuted instantiation: aes_x86ni.c:BIT_LENGTH
Unexecuted instantiation: aes_small_ctrcbc.c:BIT_LENGTH
Unexecuted instantiation: aes_ct_ctrcbc.c:BIT_LENGTH
Unexecuted instantiation: aes_ct_ctr.c:BIT_LENGTH
Unexecuted instantiation: aes_ct64_ctrcbc.c:BIT_LENGTH
Unexecuted instantiation: aes_ct64.c:BIT_LENGTH
Unexecuted instantiation: aes_ct.c:BIT_LENGTH
Unexecuted instantiation: aes_common.c:BIT_LENGTH
Unexecuted instantiation: aes_big_ctrcbc.c:BIT_LENGTH
Unexecuted instantiation: prf_md5sha1.c:BIT_LENGTH
Unexecuted instantiation: prf.c:BIT_LENGTH
Unexecuted instantiation: sysrng.c:BIT_LENGTH
Unexecuted instantiation: hmac_drbg.c:BIT_LENGTH
Unexecuted instantiation: hmac.c:BIT_LENGTH
Unexecuted instantiation: shake.c:BIT_LENGTH
Unexecuted instantiation: hkdf.c:BIT_LENGTH
Unexecuted instantiation: sha2small.c:BIT_LENGTH
Unexecuted instantiation: sha2big.c:BIT_LENGTH
Unexecuted instantiation: sha1.c:BIT_LENGTH
Unexecuted instantiation: md5sha1.c:BIT_LENGTH
Unexecuted instantiation: md5.c:BIT_LENGTH
Unexecuted instantiation: ghash_ctmul32.c:BIT_LENGTH
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:BIT_LENGTH
Unexecuted instantiation: ecdsa_i31_sign_raw.c:BIT_LENGTH
Unexecuted instantiation: ecdsa_i31_bits.c:BIT_LENGTH
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:BIT_LENGTH
Unexecuted instantiation: ecdsa_i15_sign_raw.c:BIT_LENGTH
Unexecuted instantiation: ecdsa_i15_bits.c:BIT_LENGTH
Unexecuted instantiation: ec_secp521r1.c:BIT_LENGTH
Unexecuted instantiation: ec_secp384r1.c:BIT_LENGTH
Unexecuted instantiation: ec_secp256r1.c:BIT_LENGTH
Unexecuted instantiation: ec_pubkey.c:BIT_LENGTH
Unexecuted instantiation: ec_prime_i31.c:BIT_LENGTH
Unexecuted instantiation: ec_prime_i15.c:BIT_LENGTH
Unexecuted instantiation: ec_p256_m64.c:BIT_LENGTH
Unexecuted instantiation: ec_p256_m62.c:BIT_LENGTH
Unexecuted instantiation: ec_p256_m31.c:BIT_LENGTH
Unexecuted instantiation: ec_p256_m15.c:BIT_LENGTH
Unexecuted instantiation: ec_keygen.c:BIT_LENGTH
Unexecuted instantiation: ec_default.c:BIT_LENGTH
Unexecuted instantiation: ec_c25519_m64.c:BIT_LENGTH
Unexecuted instantiation: ec_c25519_m62.c:BIT_LENGTH
Unexecuted instantiation: ec_c25519_m31.c:BIT_LENGTH
Unexecuted instantiation: ec_c25519_m15.c:BIT_LENGTH
Unexecuted instantiation: ec_c25519_i31.c:BIT_LENGTH
Unexecuted instantiation: ec_c25519_i15.c:BIT_LENGTH
Unexecuted instantiation: ec_all_m31.c:BIT_LENGTH
Unexecuted instantiation: enc64be.c:BIT_LENGTH
Unexecuted instantiation: enc32le.c:BIT_LENGTH
Unexecuted instantiation: enc32be.c:BIT_LENGTH
Unexecuted instantiation: dec64be.c:BIT_LENGTH
Unexecuted instantiation: dec32le.c:BIT_LENGTH
Unexecuted instantiation: dec32be.c:BIT_LENGTH
Unexecuted instantiation: ccopy.c:BIT_LENGTH
Unexecuted instantiation: gcm.c:BIT_LENGTH
Unexecuted instantiation: ccm.c:BIT_LENGTH
Unexecuted instantiation: aes_small_enc.c:BIT_LENGTH
Unexecuted instantiation: aes_ct_enc.c:BIT_LENGTH
Unexecuted instantiation: aes_ct64_enc.c:BIT_LENGTH
Unexecuted instantiation: aes_big_enc.c:BIT_LENGTH
Unexecuted instantiation: i31_sub.c:BIT_LENGTH
Unexecuted instantiation: i31_rshift.c:BIT_LENGTH
Unexecuted instantiation: i31_ninv31.c:BIT_LENGTH
Unexecuted instantiation: i31_montmul.c:BIT_LENGTH
Unexecuted instantiation: i31_modpow.c:BIT_LENGTH
Unexecuted instantiation: i31_iszero.c:BIT_LENGTH
Unexecuted instantiation: i31_fmont.c:BIT_LENGTH
Unexecuted instantiation: i31_encode.c:BIT_LENGTH
Unexecuted instantiation: i31_decode.c:BIT_LENGTH
Unexecuted instantiation: i31_decmod.c:BIT_LENGTH
i31_bitlen.c:BIT_LENGTH
Line
Count
Source
916
6.06k
{
917
6.06k
  uint32_t k, c;
918
919
6.06k
  k = NEQ(x, 0);
920
6.06k
  c = GT(x, 0xFFFF); x = MUX(c, x >> 16, x); k += c << 4;
921
6.06k
  c = GT(x, 0x00FF); x = MUX(c, x >>  8, x); k += c << 3;
922
6.06k
  c = GT(x, 0x000F); x = MUX(c, x >>  4, x); k += c << 2;
923
6.06k
  c = GT(x, 0x0003); x = MUX(c, x >>  2, x); k += c << 1;
924
6.06k
  k += GT(x, 0x0001);
925
6.06k
  return k;
926
6.06k
}
Unexecuted instantiation: i31_add.c:BIT_LENGTH
Unexecuted instantiation: i15_sub.c:BIT_LENGTH
Unexecuted instantiation: i15_rshift.c:BIT_LENGTH
Unexecuted instantiation: i15_ninv15.c:BIT_LENGTH
Unexecuted instantiation: i15_montmul.c:BIT_LENGTH
Unexecuted instantiation: i15_modpow.c:BIT_LENGTH
Unexecuted instantiation: i15_iszero.c:BIT_LENGTH
Unexecuted instantiation: i15_fmont.c:BIT_LENGTH
Unexecuted instantiation: i15_encode.c:BIT_LENGTH
Unexecuted instantiation: i15_decode.c:BIT_LENGTH
Unexecuted instantiation: i15_decmod.c:BIT_LENGTH
i15_bitlen.c:BIT_LENGTH
Line
Count
Source
916
908
{
917
908
  uint32_t k, c;
918
919
908
  k = NEQ(x, 0);
920
908
  c = GT(x, 0xFFFF); x = MUX(c, x >> 16, x); k += c << 4;
921
908
  c = GT(x, 0x00FF); x = MUX(c, x >>  8, x); k += c << 3;
922
908
  c = GT(x, 0x000F); x = MUX(c, x >>  4, x); k += c << 2;
923
908
  c = GT(x, 0x0003); x = MUX(c, x >>  2, x); k += c << 1;
924
908
  k += GT(x, 0x0001);
925
908
  return k;
926
908
}
Unexecuted instantiation: i15_add.c:BIT_LENGTH
Unexecuted instantiation: i31_tmont.c:BIT_LENGTH
Unexecuted instantiation: i31_muladd.c:BIT_LENGTH
Unexecuted instantiation: i15_tmont.c:BIT_LENGTH
Unexecuted instantiation: i15_muladd.c:BIT_LENGTH
Unexecuted instantiation: i32_div32.c:BIT_LENGTH
927
928
/*
929
 * Compute the minimum of x and y.
930
 */
931
static inline uint32_t
932
MIN(uint32_t x, uint32_t y)
933
0
{
934
0
  return MUX(GT(x, y), y, x);
935
0
}
Unexecuted instantiation: poly1305_ctmul.c:MIN
Unexecuted instantiation: chacha20_sse2.c:MIN
Unexecuted instantiation: chacha20_ct.c:MIN
Unexecuted instantiation: aes_x86ni_ctrcbc.c:MIN
Unexecuted instantiation: aes_x86ni.c:MIN
Unexecuted instantiation: aes_small_ctrcbc.c:MIN
Unexecuted instantiation: aes_ct_ctrcbc.c:MIN
Unexecuted instantiation: aes_ct_ctr.c:MIN
Unexecuted instantiation: aes_ct64_ctrcbc.c:MIN
Unexecuted instantiation: aes_ct64.c:MIN
Unexecuted instantiation: aes_ct.c:MIN
Unexecuted instantiation: aes_common.c:MIN
Unexecuted instantiation: aes_big_ctrcbc.c:MIN
Unexecuted instantiation: prf_md5sha1.c:MIN
Unexecuted instantiation: prf.c:MIN
Unexecuted instantiation: sysrng.c:MIN
Unexecuted instantiation: hmac_drbg.c:MIN
Unexecuted instantiation: hmac.c:MIN
Unexecuted instantiation: shake.c:MIN
Unexecuted instantiation: hkdf.c:MIN
Unexecuted instantiation: sha2small.c:MIN
Unexecuted instantiation: sha2big.c:MIN
Unexecuted instantiation: sha1.c:MIN
Unexecuted instantiation: md5sha1.c:MIN
Unexecuted instantiation: md5.c:MIN
Unexecuted instantiation: ghash_ctmul32.c:MIN
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:MIN
Unexecuted instantiation: ecdsa_i31_sign_raw.c:MIN
Unexecuted instantiation: ecdsa_i31_bits.c:MIN
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:MIN
Unexecuted instantiation: ecdsa_i15_sign_raw.c:MIN
Unexecuted instantiation: ecdsa_i15_bits.c:MIN
Unexecuted instantiation: ec_secp521r1.c:MIN
Unexecuted instantiation: ec_secp384r1.c:MIN
Unexecuted instantiation: ec_secp256r1.c:MIN
Unexecuted instantiation: ec_pubkey.c:MIN
Unexecuted instantiation: ec_prime_i31.c:MIN
Unexecuted instantiation: ec_prime_i15.c:MIN
Unexecuted instantiation: ec_p256_m64.c:MIN
Unexecuted instantiation: ec_p256_m62.c:MIN
Unexecuted instantiation: ec_p256_m31.c:MIN
Unexecuted instantiation: ec_p256_m15.c:MIN
Unexecuted instantiation: ec_keygen.c:MIN
Unexecuted instantiation: ec_default.c:MIN
Unexecuted instantiation: ec_c25519_m64.c:MIN
Unexecuted instantiation: ec_c25519_m62.c:MIN
Unexecuted instantiation: ec_c25519_m31.c:MIN
Unexecuted instantiation: ec_c25519_m15.c:MIN
Unexecuted instantiation: ec_c25519_i31.c:MIN
Unexecuted instantiation: ec_c25519_i15.c:MIN
Unexecuted instantiation: ec_all_m31.c:MIN
Unexecuted instantiation: enc64be.c:MIN
Unexecuted instantiation: enc32le.c:MIN
Unexecuted instantiation: enc32be.c:MIN
Unexecuted instantiation: dec64be.c:MIN
Unexecuted instantiation: dec32le.c:MIN
Unexecuted instantiation: dec32be.c:MIN
Unexecuted instantiation: ccopy.c:MIN
Unexecuted instantiation: gcm.c:MIN
Unexecuted instantiation: ccm.c:MIN
Unexecuted instantiation: aes_small_enc.c:MIN
Unexecuted instantiation: aes_ct_enc.c:MIN
Unexecuted instantiation: aes_ct64_enc.c:MIN
Unexecuted instantiation: aes_big_enc.c:MIN
Unexecuted instantiation: i31_sub.c:MIN
Unexecuted instantiation: i31_rshift.c:MIN
Unexecuted instantiation: i31_ninv31.c:MIN
Unexecuted instantiation: i31_montmul.c:MIN
Unexecuted instantiation: i31_modpow.c:MIN
Unexecuted instantiation: i31_iszero.c:MIN
Unexecuted instantiation: i31_fmont.c:MIN
Unexecuted instantiation: i31_encode.c:MIN
Unexecuted instantiation: i31_decode.c:MIN
Unexecuted instantiation: i31_decmod.c:MIN
Unexecuted instantiation: i31_bitlen.c:MIN
Unexecuted instantiation: i31_add.c:MIN
Unexecuted instantiation: i15_sub.c:MIN
Unexecuted instantiation: i15_rshift.c:MIN
Unexecuted instantiation: i15_ninv15.c:MIN
Unexecuted instantiation: i15_montmul.c:MIN
Unexecuted instantiation: i15_modpow.c:MIN
Unexecuted instantiation: i15_iszero.c:MIN
Unexecuted instantiation: i15_fmont.c:MIN
Unexecuted instantiation: i15_encode.c:MIN
Unexecuted instantiation: i15_decode.c:MIN
Unexecuted instantiation: i15_decmod.c:MIN
Unexecuted instantiation: i15_bitlen.c:MIN
Unexecuted instantiation: i15_add.c:MIN
Unexecuted instantiation: i31_tmont.c:MIN
Unexecuted instantiation: i31_muladd.c:MIN
Unexecuted instantiation: i15_tmont.c:MIN
Unexecuted instantiation: i15_muladd.c:MIN
Unexecuted instantiation: i32_div32.c:MIN
936
937
/*
938
 * Compute the maximum of x and y.
939
 */
940
static inline uint32_t
941
MAX(uint32_t x, uint32_t y)
942
0
{
943
0
  return MUX(GT(x, y), x, y);
944
0
}
Unexecuted instantiation: poly1305_ctmul.c:MAX
Unexecuted instantiation: chacha20_sse2.c:MAX
Unexecuted instantiation: chacha20_ct.c:MAX
Unexecuted instantiation: aes_x86ni_ctrcbc.c:MAX
Unexecuted instantiation: aes_x86ni.c:MAX
Unexecuted instantiation: aes_small_ctrcbc.c:MAX
Unexecuted instantiation: aes_ct_ctrcbc.c:MAX
Unexecuted instantiation: aes_ct_ctr.c:MAX
Unexecuted instantiation: aes_ct64_ctrcbc.c:MAX
Unexecuted instantiation: aes_ct64.c:MAX
Unexecuted instantiation: aes_ct.c:MAX
Unexecuted instantiation: aes_common.c:MAX
Unexecuted instantiation: aes_big_ctrcbc.c:MAX
Unexecuted instantiation: prf_md5sha1.c:MAX
Unexecuted instantiation: prf.c:MAX
Unexecuted instantiation: sysrng.c:MAX
Unexecuted instantiation: hmac_drbg.c:MAX
Unexecuted instantiation: hmac.c:MAX
Unexecuted instantiation: shake.c:MAX
Unexecuted instantiation: hkdf.c:MAX
Unexecuted instantiation: sha2small.c:MAX
Unexecuted instantiation: sha2big.c:MAX
Unexecuted instantiation: sha1.c:MAX
Unexecuted instantiation: md5sha1.c:MAX
Unexecuted instantiation: md5.c:MAX
Unexecuted instantiation: ghash_ctmul32.c:MAX
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:MAX
Unexecuted instantiation: ecdsa_i31_sign_raw.c:MAX
Unexecuted instantiation: ecdsa_i31_bits.c:MAX
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:MAX
Unexecuted instantiation: ecdsa_i15_sign_raw.c:MAX
Unexecuted instantiation: ecdsa_i15_bits.c:MAX
Unexecuted instantiation: ec_secp521r1.c:MAX
Unexecuted instantiation: ec_secp384r1.c:MAX
Unexecuted instantiation: ec_secp256r1.c:MAX
Unexecuted instantiation: ec_pubkey.c:MAX
Unexecuted instantiation: ec_prime_i31.c:MAX
Unexecuted instantiation: ec_prime_i15.c:MAX
Unexecuted instantiation: ec_p256_m64.c:MAX
Unexecuted instantiation: ec_p256_m62.c:MAX
Unexecuted instantiation: ec_p256_m31.c:MAX
Unexecuted instantiation: ec_p256_m15.c:MAX
Unexecuted instantiation: ec_keygen.c:MAX
Unexecuted instantiation: ec_default.c:MAX
Unexecuted instantiation: ec_c25519_m64.c:MAX
Unexecuted instantiation: ec_c25519_m62.c:MAX
Unexecuted instantiation: ec_c25519_m31.c:MAX
Unexecuted instantiation: ec_c25519_m15.c:MAX
Unexecuted instantiation: ec_c25519_i31.c:MAX
Unexecuted instantiation: ec_c25519_i15.c:MAX
Unexecuted instantiation: ec_all_m31.c:MAX
Unexecuted instantiation: enc64be.c:MAX
Unexecuted instantiation: enc32le.c:MAX
Unexecuted instantiation: enc32be.c:MAX
Unexecuted instantiation: dec64be.c:MAX
Unexecuted instantiation: dec32le.c:MAX
Unexecuted instantiation: dec32be.c:MAX
Unexecuted instantiation: ccopy.c:MAX
Unexecuted instantiation: gcm.c:MAX
Unexecuted instantiation: ccm.c:MAX
Unexecuted instantiation: aes_small_enc.c:MAX
Unexecuted instantiation: aes_ct_enc.c:MAX
Unexecuted instantiation: aes_ct64_enc.c:MAX
Unexecuted instantiation: aes_big_enc.c:MAX
Unexecuted instantiation: i31_sub.c:MAX
Unexecuted instantiation: i31_rshift.c:MAX
Unexecuted instantiation: i31_ninv31.c:MAX
Unexecuted instantiation: i31_montmul.c:MAX
Unexecuted instantiation: i31_modpow.c:MAX
Unexecuted instantiation: i31_iszero.c:MAX
Unexecuted instantiation: i31_fmont.c:MAX
Unexecuted instantiation: i31_encode.c:MAX
Unexecuted instantiation: i31_decode.c:MAX
Unexecuted instantiation: i31_decmod.c:MAX
Unexecuted instantiation: i31_bitlen.c:MAX
Unexecuted instantiation: i31_add.c:MAX
Unexecuted instantiation: i15_sub.c:MAX
Unexecuted instantiation: i15_rshift.c:MAX
Unexecuted instantiation: i15_ninv15.c:MAX
Unexecuted instantiation: i15_montmul.c:MAX
Unexecuted instantiation: i15_modpow.c:MAX
Unexecuted instantiation: i15_iszero.c:MAX
Unexecuted instantiation: i15_fmont.c:MAX
Unexecuted instantiation: i15_encode.c:MAX
Unexecuted instantiation: i15_decode.c:MAX
Unexecuted instantiation: i15_decmod.c:MAX
Unexecuted instantiation: i15_bitlen.c:MAX
Unexecuted instantiation: i15_add.c:MAX
Unexecuted instantiation: i31_tmont.c:MAX
Unexecuted instantiation: i31_muladd.c:MAX
Unexecuted instantiation: i15_tmont.c:MAX
Unexecuted instantiation: i15_muladd.c:MAX
Unexecuted instantiation: i32_div32.c:MAX
945
946
/*
947
 * Multiply two 32-bit integers, with a 64-bit result. This default
948
 * implementation assumes that the basic multiplication operator
949
 * yields constant-time code.
950
 */
951
#define MUL(x, y)   ((uint64_t)(x) * (uint64_t)(y))
952
953
#if BR_CT_MUL31
954
955
/*
956
 * Alternate implementation of MUL31, that will be constant-time on some
957
 * (old) platforms where the default MUL31 is not. Unfortunately, it is
958
 * also substantially slower, and yields larger code, on more modern
959
 * platforms, which is why it is deactivated by default.
960
 *
961
 * MUL31_lo() must do some extra work because on some platforms, the
962
 * _signed_ multiplication may return early if the top bits are 1.
963
 * Simply truncating (casting) the output of MUL31() would not be
964
 * sufficient, because the compiler may notice that we keep only the low
965
 * word, and then replace automatically the unsigned multiplication with
966
 * a signed multiplication opcode.
967
 */
968
#define MUL31(x, y)   ((uint64_t)((x) | (uint32_t)0x80000000) \
969
                       * (uint64_t)((y) | (uint32_t)0x80000000) \
970
                       - ((uint64_t)(x) << 31) - ((uint64_t)(y) << 31) \
971
                       - ((uint64_t)1 << 62))
972
static inline uint32_t
973
MUL31_lo(uint32_t x, uint32_t y)
974
{
975
  uint32_t xl, xh;
976
  uint32_t yl, yh;
977
978
  xl = (x & 0xFFFF) | (uint32_t)0x80000000;
979
  xh = (x >> 16) | (uint32_t)0x80000000;
980
  yl = (y & 0xFFFF) | (uint32_t)0x80000000;
981
  yh = (y >> 16) | (uint32_t)0x80000000;
982
  return (xl * yl + ((xl * yh + xh * yl) << 16)) & (uint32_t)0x7FFFFFFF;
983
}
984
985
#else
986
987
/*
988
 * Multiply two 31-bit integers, with a 62-bit result. This default
989
 * implementation assumes that the basic multiplication operator
990
 * yields constant-time code.
991
 * The MUL31_lo() macro returns only the low 31 bits of the product.
992
 */
993
13.7G
#define MUL31(x, y)     ((uint64_t)(x) * (uint64_t)(y))
994
441M
#define MUL31_lo(x, y)  (((uint32_t)(x) * (uint32_t)(y)) & (uint32_t)0x7FFFFFFF)
995
996
#endif
997
998
/*
999
 * Multiply two words together; the sum of the lengths of the two
1000
 * operands must not exceed 31 (for instance, one operand may use 16
1001
 * bits if the other fits on 15). If BR_CT_MUL15 is non-zero, then the
1002
 * macro will contain some extra operations that help in making the
1003
 * operation constant-time on some platforms, where the basic 32-bit
1004
 * multiplication is not constant-time.
1005
 */
1006
#if BR_CT_MUL15
1007
#define MUL15(x, y)   (((uint32_t)(x) | (uint32_t)0x80000000) \
1008
                       * ((uint32_t)(y) | (uint32_t)0x80000000) \
1009
           & (uint32_t)0x7FFFFFFF)
1010
#else
1011
13.1G
#define MUL15(x, y)   ((uint32_t)(x) * (uint32_t)(y))
1012
#endif
1013
1014
/*
1015
 * Arithmetic right shift (sign bit is copied). What happens when
1016
 * right-shifting a negative value is _implementation-defined_, so it
1017
 * does not trigger undefined behaviour, but it is still up to each
1018
 * compiler to define (and document) what it does. Most/all compilers
1019
 * will do an arithmetic shift, the sign bit being used to fill the
1020
 * holes; this is a native operation on the underlying CPU, and it would
1021
 * make little sense for the compiler to do otherwise. GCC explicitly
1022
 * documents that it follows that convention.
1023
 *
1024
 * Still, if BR_NO_ARITH_SHIFT is defined (and non-zero), then an
1025
 * alternate version will be used, that does not rely on such
1026
 * implementation-defined behaviour. Unfortunately, it is also slower
1027
 * and yields bigger code, which is why it is deactivated by default.
1028
 */
1029
#if BR_NO_ARITH_SHIFT
1030
#define ARSH(x, n)   (((uint32_t)(x) >> (n)) \
1031
                      | ((-((uint32_t)(x) >> 31)) << (32 - (n))))
1032
#else
1033
#define ARSH(x, n)   ((*(int32_t *)&(x)) >> (n))
1034
#endif
1035
1036
/*
1037
 * Constant-time division. The dividend hi:lo is divided by the
1038
 * divisor d; the quotient is returned and the remainder is written
1039
 * in *r. If hi == d, then the quotient does not fit on 32 bits;
1040
 * returned value is thus truncated. If hi > d, returned values are
1041
 * indeterminate.
1042
 */
1043
uint32_t br_divrem(uint32_t hi, uint32_t lo, uint32_t d, uint32_t *r);
1044
1045
/*
1046
 * Wrapper for br_divrem(); the remainder is returned, and the quotient
1047
 * is discarded.
1048
 */
1049
static inline uint32_t
1050
br_rem(uint32_t hi, uint32_t lo, uint32_t d)
1051
0
{
1052
0
  uint32_t r;
1053
1054
0
  br_divrem(hi, lo, d, &r);
1055
0
  return r;
1056
0
}
Unexecuted instantiation: poly1305_ctmul.c:br_rem
Unexecuted instantiation: chacha20_sse2.c:br_rem
Unexecuted instantiation: chacha20_ct.c:br_rem
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_rem
Unexecuted instantiation: aes_x86ni.c:br_rem
Unexecuted instantiation: aes_small_ctrcbc.c:br_rem
Unexecuted instantiation: aes_ct_ctrcbc.c:br_rem
Unexecuted instantiation: aes_ct_ctr.c:br_rem
Unexecuted instantiation: aes_ct64_ctrcbc.c:br_rem
Unexecuted instantiation: aes_ct64.c:br_rem
Unexecuted instantiation: aes_ct.c:br_rem
Unexecuted instantiation: aes_common.c:br_rem
Unexecuted instantiation: aes_big_ctrcbc.c:br_rem
Unexecuted instantiation: prf_md5sha1.c:br_rem
Unexecuted instantiation: prf.c:br_rem
Unexecuted instantiation: sysrng.c:br_rem
Unexecuted instantiation: hmac_drbg.c:br_rem
Unexecuted instantiation: hmac.c:br_rem
Unexecuted instantiation: shake.c:br_rem
Unexecuted instantiation: hkdf.c:br_rem
Unexecuted instantiation: sha2small.c:br_rem
Unexecuted instantiation: sha2big.c:br_rem
Unexecuted instantiation: sha1.c:br_rem
Unexecuted instantiation: md5sha1.c:br_rem
Unexecuted instantiation: md5.c:br_rem
Unexecuted instantiation: ghash_ctmul32.c:br_rem
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_rem
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_rem
Unexecuted instantiation: ecdsa_i31_bits.c:br_rem
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_rem
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_rem
Unexecuted instantiation: ecdsa_i15_bits.c:br_rem
Unexecuted instantiation: ec_secp521r1.c:br_rem
Unexecuted instantiation: ec_secp384r1.c:br_rem
Unexecuted instantiation: ec_secp256r1.c:br_rem
Unexecuted instantiation: ec_pubkey.c:br_rem
Unexecuted instantiation: ec_prime_i31.c:br_rem
Unexecuted instantiation: ec_prime_i15.c:br_rem
Unexecuted instantiation: ec_p256_m64.c:br_rem
Unexecuted instantiation: ec_p256_m62.c:br_rem
Unexecuted instantiation: ec_p256_m31.c:br_rem
Unexecuted instantiation: ec_p256_m15.c:br_rem
Unexecuted instantiation: ec_keygen.c:br_rem
Unexecuted instantiation: ec_default.c:br_rem
Unexecuted instantiation: ec_c25519_m64.c:br_rem
Unexecuted instantiation: ec_c25519_m62.c:br_rem
Unexecuted instantiation: ec_c25519_m31.c:br_rem
Unexecuted instantiation: ec_c25519_m15.c:br_rem
Unexecuted instantiation: ec_c25519_i31.c:br_rem
Unexecuted instantiation: ec_c25519_i15.c:br_rem
Unexecuted instantiation: ec_all_m31.c:br_rem
Unexecuted instantiation: enc64be.c:br_rem
Unexecuted instantiation: enc32le.c:br_rem
Unexecuted instantiation: enc32be.c:br_rem
Unexecuted instantiation: dec64be.c:br_rem
Unexecuted instantiation: dec32le.c:br_rem
Unexecuted instantiation: dec32be.c:br_rem
Unexecuted instantiation: ccopy.c:br_rem
Unexecuted instantiation: gcm.c:br_rem
Unexecuted instantiation: ccm.c:br_rem
Unexecuted instantiation: aes_small_enc.c:br_rem
Unexecuted instantiation: aes_ct_enc.c:br_rem
Unexecuted instantiation: aes_ct64_enc.c:br_rem
Unexecuted instantiation: aes_big_enc.c:br_rem
Unexecuted instantiation: i31_sub.c:br_rem
Unexecuted instantiation: i31_rshift.c:br_rem
Unexecuted instantiation: i31_ninv31.c:br_rem
Unexecuted instantiation: i31_montmul.c:br_rem
Unexecuted instantiation: i31_modpow.c:br_rem
Unexecuted instantiation: i31_iszero.c:br_rem
Unexecuted instantiation: i31_fmont.c:br_rem
Unexecuted instantiation: i31_encode.c:br_rem
Unexecuted instantiation: i31_decode.c:br_rem
Unexecuted instantiation: i31_decmod.c:br_rem
Unexecuted instantiation: i31_bitlen.c:br_rem
Unexecuted instantiation: i31_add.c:br_rem
Unexecuted instantiation: i15_sub.c:br_rem
Unexecuted instantiation: i15_rshift.c:br_rem
Unexecuted instantiation: i15_ninv15.c:br_rem
Unexecuted instantiation: i15_montmul.c:br_rem
Unexecuted instantiation: i15_modpow.c:br_rem
Unexecuted instantiation: i15_iszero.c:br_rem
Unexecuted instantiation: i15_fmont.c:br_rem
Unexecuted instantiation: i15_encode.c:br_rem
Unexecuted instantiation: i15_decode.c:br_rem
Unexecuted instantiation: i15_decmod.c:br_rem
Unexecuted instantiation: i15_bitlen.c:br_rem
Unexecuted instantiation: i15_add.c:br_rem
Unexecuted instantiation: i31_tmont.c:br_rem
Unexecuted instantiation: i31_muladd.c:br_rem
Unexecuted instantiation: i15_tmont.c:br_rem
Unexecuted instantiation: i15_muladd.c:br_rem
Unexecuted instantiation: i32_div32.c:br_rem
1057
1058
/*
1059
 * Wrapper for br_divrem(); the quotient is returned, and the remainder
1060
 * is discarded.
1061
 */
1062
static inline uint32_t
1063
br_div(uint32_t hi, uint32_t lo, uint32_t d)
1064
59.5k
{
1065
59.5k
  uint32_t r;
1066
1067
59.5k
  return br_divrem(hi, lo, d, &r);
1068
59.5k
}
Unexecuted instantiation: poly1305_ctmul.c:br_div
Unexecuted instantiation: chacha20_sse2.c:br_div
Unexecuted instantiation: chacha20_ct.c:br_div
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_div
Unexecuted instantiation: aes_x86ni.c:br_div
Unexecuted instantiation: aes_small_ctrcbc.c:br_div
Unexecuted instantiation: aes_ct_ctrcbc.c:br_div
Unexecuted instantiation: aes_ct_ctr.c:br_div
Unexecuted instantiation: aes_ct64_ctrcbc.c:br_div
Unexecuted instantiation: aes_ct64.c:br_div
Unexecuted instantiation: aes_ct.c:br_div
Unexecuted instantiation: aes_common.c:br_div
Unexecuted instantiation: aes_big_ctrcbc.c:br_div
Unexecuted instantiation: prf_md5sha1.c:br_div
Unexecuted instantiation: prf.c:br_div
Unexecuted instantiation: sysrng.c:br_div
Unexecuted instantiation: hmac_drbg.c:br_div
Unexecuted instantiation: hmac.c:br_div
Unexecuted instantiation: shake.c:br_div
Unexecuted instantiation: hkdf.c:br_div
Unexecuted instantiation: sha2small.c:br_div
Unexecuted instantiation: sha2big.c:br_div
Unexecuted instantiation: sha1.c:br_div
Unexecuted instantiation: md5sha1.c:br_div
Unexecuted instantiation: md5.c:br_div
Unexecuted instantiation: ghash_ctmul32.c:br_div
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_div
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_div
Unexecuted instantiation: ecdsa_i31_bits.c:br_div
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_div
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_div
Unexecuted instantiation: ecdsa_i15_bits.c:br_div
Unexecuted instantiation: ec_secp521r1.c:br_div
Unexecuted instantiation: ec_secp384r1.c:br_div
Unexecuted instantiation: ec_secp256r1.c:br_div
Unexecuted instantiation: ec_pubkey.c:br_div
Unexecuted instantiation: ec_prime_i31.c:br_div
Unexecuted instantiation: ec_prime_i15.c:br_div
Unexecuted instantiation: ec_p256_m64.c:br_div
Unexecuted instantiation: ec_p256_m62.c:br_div
Unexecuted instantiation: ec_p256_m31.c:br_div
Unexecuted instantiation: ec_p256_m15.c:br_div
Unexecuted instantiation: ec_keygen.c:br_div
Unexecuted instantiation: ec_default.c:br_div
Unexecuted instantiation: ec_c25519_m64.c:br_div
Unexecuted instantiation: ec_c25519_m62.c:br_div
Unexecuted instantiation: ec_c25519_m31.c:br_div
Unexecuted instantiation: ec_c25519_m15.c:br_div
Unexecuted instantiation: ec_c25519_i31.c:br_div
Unexecuted instantiation: ec_c25519_i15.c:br_div
Unexecuted instantiation: ec_all_m31.c:br_div
Unexecuted instantiation: enc64be.c:br_div
Unexecuted instantiation: enc32le.c:br_div
Unexecuted instantiation: enc32be.c:br_div
Unexecuted instantiation: dec64be.c:br_div
Unexecuted instantiation: dec32le.c:br_div
Unexecuted instantiation: dec32be.c:br_div
Unexecuted instantiation: ccopy.c:br_div
Unexecuted instantiation: gcm.c:br_div
Unexecuted instantiation: ccm.c:br_div
Unexecuted instantiation: aes_small_enc.c:br_div
Unexecuted instantiation: aes_ct_enc.c:br_div
Unexecuted instantiation: aes_ct64_enc.c:br_div
Unexecuted instantiation: aes_big_enc.c:br_div
Unexecuted instantiation: i31_sub.c:br_div
Unexecuted instantiation: i31_rshift.c:br_div
Unexecuted instantiation: i31_ninv31.c:br_div
Unexecuted instantiation: i31_montmul.c:br_div
Unexecuted instantiation: i31_modpow.c:br_div
Unexecuted instantiation: i31_iszero.c:br_div
Unexecuted instantiation: i31_fmont.c:br_div
Unexecuted instantiation: i31_encode.c:br_div
Unexecuted instantiation: i31_decode.c:br_div
Unexecuted instantiation: i31_decmod.c:br_div
Unexecuted instantiation: i31_bitlen.c:br_div
Unexecuted instantiation: i31_add.c:br_div
Unexecuted instantiation: i15_sub.c:br_div
Unexecuted instantiation: i15_rshift.c:br_div
Unexecuted instantiation: i15_ninv15.c:br_div
Unexecuted instantiation: i15_montmul.c:br_div
Unexecuted instantiation: i15_modpow.c:br_div
Unexecuted instantiation: i15_iszero.c:br_div
Unexecuted instantiation: i15_fmont.c:br_div
Unexecuted instantiation: i15_encode.c:br_div
Unexecuted instantiation: i15_decode.c:br_div
Unexecuted instantiation: i15_decmod.c:br_div
Unexecuted instantiation: i15_bitlen.c:br_div
Unexecuted instantiation: i15_add.c:br_div
Unexecuted instantiation: i31_tmont.c:br_div
i31_muladd.c:br_div
Line
Count
Source
1064
59.5k
{
1065
59.5k
  uint32_t r;
1066
1067
59.5k
  return br_divrem(hi, lo, d, &r);
1068
59.5k
}
Unexecuted instantiation: i15_tmont.c:br_div
Unexecuted instantiation: i15_muladd.c:br_div
Unexecuted instantiation: i32_div32.c:br_div
1069
1070
/* ==================================================================== */
1071
1072
/*
1073
 * Integers 'i32'
1074
 * --------------
1075
 *
1076
 * The 'i32' functions implement computations on big integers using
1077
 * an internal representation as an array of 32-bit integers. For
1078
 * an array x[]:
1079
 *  -- x[0] contains the "announced bit length" of the integer
1080
 *  -- x[1], x[2]... contain the value in little-endian order (x[1]
1081
 *     contains the least significant 32 bits)
1082
 *
1083
 * Multiplications rely on the elementary 32x32->64 multiplication.
1084
 *
1085
 * The announced bit length specifies the number of bits that are
1086
 * significant in the subsequent 32-bit words. Unused bits in the
1087
 * last (most significant) word are set to 0; subsequent words are
1088
 * uninitialized and need not exist at all.
1089
 *
1090
 * The execution time and memory access patterns of all computations
1091
 * depend on the announced bit length, but not on the actual word
1092
 * values. For modular integers, the announced bit length of any integer
1093
 * modulo n is equal to the actual bit length of n; thus, computations
1094
 * on modular integers are "constant-time" (only the modulus length may
1095
 * leak).
1096
 */
1097
1098
/*
1099
 * Compute the actual bit length of an integer. The argument x should
1100
 * point to the first (least significant) value word of the integer.
1101
 * The len 'xlen' contains the number of 32-bit words to access.
1102
 *
1103
 * CT: value or length of x does not leak.
1104
 */
1105
uint32_t br_i32_bit_length(uint32_t *x, size_t xlen);
1106
1107
/*
1108
 * Decode an integer from its big-endian unsigned representation. The
1109
 * "true" bit length of the integer is computed, but all words of x[]
1110
 * corresponding to the full 'len' bytes of the source are set.
1111
 *
1112
 * CT: value or length of x does not leak.
1113
 */
1114
void br_i32_decode(uint32_t *x, const void *src, size_t len);
1115
1116
/*
1117
 * Decode an integer from its big-endian unsigned representation. The
1118
 * integer MUST be lower than m[]; the announced bit length written in
1119
 * x[] will be equal to that of m[]. All 'len' bytes from the source are
1120
 * read.
1121
 *
1122
 * Returned value is 1 if the decode value fits within the modulus, 0
1123
 * otherwise. In the latter case, the x[] buffer will be set to 0 (but
1124
 * still with the announced bit length of m[]).
1125
 *
1126
 * CT: value or length of x does not leak. Memory access pattern depends
1127
 * only of 'len' and the announced bit length of m. Whether x fits or
1128
 * not does not leak either.
1129
 */
1130
uint32_t br_i32_decode_mod(uint32_t *x,
1131
  const void *src, size_t len, const uint32_t *m);
1132
1133
/*
1134
 * Reduce an integer (a[]) modulo another (m[]). The result is written
1135
 * in x[] and its announced bit length is set to be equal to that of m[].
1136
 *
1137
 * x[] MUST be distinct from a[] and m[].
1138
 *
1139
 * CT: only announced bit lengths leak, not values of x, a or m.
1140
 */
1141
void br_i32_reduce(uint32_t *x, const uint32_t *a, const uint32_t *m);
1142
1143
/*
1144
 * Decode an integer from its big-endian unsigned representation, and
1145
 * reduce it modulo the provided modulus m[]. The announced bit length
1146
 * of the result is set to be equal to that of the modulus.
1147
 *
1148
 * x[] MUST be distinct from m[].
1149
 */
1150
void br_i32_decode_reduce(uint32_t *x,
1151
  const void *src, size_t len, const uint32_t *m);
1152
1153
/*
1154
 * Encode an integer into its big-endian unsigned representation. The
1155
 * output length in bytes is provided (parameter 'len'); if the length
1156
 * is too short then the integer is appropriately truncated; if it is
1157
 * too long then the extra bytes are set to 0.
1158
 */
1159
void br_i32_encode(void *dst, size_t len, const uint32_t *x);
1160
1161
/*
1162
 * Multiply x[] by 2^32 and then add integer z, modulo m[]. This
1163
 * function assumes that x[] and m[] have the same announced bit
1164
 * length, and the announced bit length of m[] matches its true
1165
 * bit length.
1166
 *
1167
 * x[] and m[] MUST be distinct arrays.
1168
 *
1169
 * CT: only the common announced bit length of x and m leaks, not
1170
 * the values of x, z or m.
1171
 */
1172
void br_i32_muladd_small(uint32_t *x, uint32_t z, const uint32_t *m);
1173
1174
/*
1175
 * Extract one word from an integer. The offset is counted in bits.
1176
 * The word MUST entirely fit within the word elements corresponding
1177
 * to the announced bit length of a[].
1178
 */
1179
static inline uint32_t
1180
br_i32_word(const uint32_t *a, uint32_t off)
1181
0
{
1182
0
  size_t u;
1183
0
  unsigned j;
1184
0
1185
0
  u = (size_t)(off >> 5) + 1;
1186
0
  j = (unsigned)off & 31;
1187
0
  if (j == 0) {
1188
0
    return a[u];
1189
0
  } else {
1190
0
    return (a[u] >> j) | (a[u + 1] << (32 - j));
1191
0
  }
1192
0
}
Unexecuted instantiation: poly1305_ctmul.c:br_i32_word
Unexecuted instantiation: chacha20_sse2.c:br_i32_word
Unexecuted instantiation: chacha20_ct.c:br_i32_word
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_i32_word
Unexecuted instantiation: aes_x86ni.c:br_i32_word
Unexecuted instantiation: aes_small_ctrcbc.c:br_i32_word
Unexecuted instantiation: aes_ct_ctrcbc.c:br_i32_word
Unexecuted instantiation: aes_ct_ctr.c:br_i32_word
Unexecuted instantiation: aes_ct64_ctrcbc.c:br_i32_word
Unexecuted instantiation: aes_ct64.c:br_i32_word
Unexecuted instantiation: aes_ct.c:br_i32_word
Unexecuted instantiation: aes_common.c:br_i32_word
Unexecuted instantiation: aes_big_ctrcbc.c:br_i32_word
Unexecuted instantiation: prf_md5sha1.c:br_i32_word
Unexecuted instantiation: prf.c:br_i32_word
Unexecuted instantiation: sysrng.c:br_i32_word
Unexecuted instantiation: hmac_drbg.c:br_i32_word
Unexecuted instantiation: hmac.c:br_i32_word
Unexecuted instantiation: shake.c:br_i32_word
Unexecuted instantiation: hkdf.c:br_i32_word
Unexecuted instantiation: sha2small.c:br_i32_word
Unexecuted instantiation: sha2big.c:br_i32_word
Unexecuted instantiation: sha1.c:br_i32_word
Unexecuted instantiation: md5sha1.c:br_i32_word
Unexecuted instantiation: md5.c:br_i32_word
Unexecuted instantiation: ghash_ctmul32.c:br_i32_word
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_i32_word
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_i32_word
Unexecuted instantiation: ecdsa_i31_bits.c:br_i32_word
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_i32_word
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_i32_word
Unexecuted instantiation: ecdsa_i15_bits.c:br_i32_word
Unexecuted instantiation: ec_secp521r1.c:br_i32_word
Unexecuted instantiation: ec_secp384r1.c:br_i32_word
Unexecuted instantiation: ec_secp256r1.c:br_i32_word
Unexecuted instantiation: ec_pubkey.c:br_i32_word
Unexecuted instantiation: ec_prime_i31.c:br_i32_word
Unexecuted instantiation: ec_prime_i15.c:br_i32_word
Unexecuted instantiation: ec_p256_m64.c:br_i32_word
Unexecuted instantiation: ec_p256_m62.c:br_i32_word
Unexecuted instantiation: ec_p256_m31.c:br_i32_word
Unexecuted instantiation: ec_p256_m15.c:br_i32_word
Unexecuted instantiation: ec_keygen.c:br_i32_word
Unexecuted instantiation: ec_default.c:br_i32_word
Unexecuted instantiation: ec_c25519_m64.c:br_i32_word
Unexecuted instantiation: ec_c25519_m62.c:br_i32_word
Unexecuted instantiation: ec_c25519_m31.c:br_i32_word
Unexecuted instantiation: ec_c25519_m15.c:br_i32_word
Unexecuted instantiation: ec_c25519_i31.c:br_i32_word
Unexecuted instantiation: ec_c25519_i15.c:br_i32_word
Unexecuted instantiation: ec_all_m31.c:br_i32_word
Unexecuted instantiation: enc64be.c:br_i32_word
Unexecuted instantiation: enc32le.c:br_i32_word
Unexecuted instantiation: enc32be.c:br_i32_word
Unexecuted instantiation: dec64be.c:br_i32_word
Unexecuted instantiation: dec32le.c:br_i32_word
Unexecuted instantiation: dec32be.c:br_i32_word
Unexecuted instantiation: ccopy.c:br_i32_word
Unexecuted instantiation: gcm.c:br_i32_word
Unexecuted instantiation: ccm.c:br_i32_word
Unexecuted instantiation: aes_small_enc.c:br_i32_word
Unexecuted instantiation: aes_ct_enc.c:br_i32_word
Unexecuted instantiation: aes_ct64_enc.c:br_i32_word
Unexecuted instantiation: aes_big_enc.c:br_i32_word
Unexecuted instantiation: i31_sub.c:br_i32_word
Unexecuted instantiation: i31_rshift.c:br_i32_word
Unexecuted instantiation: i31_ninv31.c:br_i32_word
Unexecuted instantiation: i31_montmul.c:br_i32_word
Unexecuted instantiation: i31_modpow.c:br_i32_word
Unexecuted instantiation: i31_iszero.c:br_i32_word
Unexecuted instantiation: i31_fmont.c:br_i32_word
Unexecuted instantiation: i31_encode.c:br_i32_word
Unexecuted instantiation: i31_decode.c:br_i32_word
Unexecuted instantiation: i31_decmod.c:br_i32_word
Unexecuted instantiation: i31_bitlen.c:br_i32_word
Unexecuted instantiation: i31_add.c:br_i32_word
Unexecuted instantiation: i15_sub.c:br_i32_word
Unexecuted instantiation: i15_rshift.c:br_i32_word
Unexecuted instantiation: i15_ninv15.c:br_i32_word
Unexecuted instantiation: i15_montmul.c:br_i32_word
Unexecuted instantiation: i15_modpow.c:br_i32_word
Unexecuted instantiation: i15_iszero.c:br_i32_word
Unexecuted instantiation: i15_fmont.c:br_i32_word
Unexecuted instantiation: i15_encode.c:br_i32_word
Unexecuted instantiation: i15_decode.c:br_i32_word
Unexecuted instantiation: i15_decmod.c:br_i32_word
Unexecuted instantiation: i15_bitlen.c:br_i32_word
Unexecuted instantiation: i15_add.c:br_i32_word
Unexecuted instantiation: i31_tmont.c:br_i32_word
Unexecuted instantiation: i31_muladd.c:br_i32_word
Unexecuted instantiation: i15_tmont.c:br_i32_word
Unexecuted instantiation: i15_muladd.c:br_i32_word
Unexecuted instantiation: i32_div32.c:br_i32_word
1193
1194
/*
1195
 * Test whether an integer is zero.
1196
 */
1197
uint32_t br_i32_iszero(const uint32_t *x);
1198
1199
/*
1200
 * Add b[] to a[] and return the carry (0 or 1). If ctl is 0, then a[]
1201
 * is unmodified, but the carry is still computed and returned. The
1202
 * arrays a[] and b[] MUST have the same announced bit length.
1203
 *
1204
 * a[] and b[] MAY be the same array, but partial overlap is not allowed.
1205
 */
1206
uint32_t br_i32_add(uint32_t *a, const uint32_t *b, uint32_t ctl);
1207
1208
/*
1209
 * Subtract b[] from a[] and return the carry (0 or 1). If ctl is 0,
1210
 * then a[] is unmodified, but the carry is still computed and returned.
1211
 * The arrays a[] and b[] MUST have the same announced bit length.
1212
 *
1213
 * a[] and b[] MAY be the same array, but partial overlap is not allowed.
1214
 */
1215
uint32_t br_i32_sub(uint32_t *a, const uint32_t *b, uint32_t ctl);
1216
1217
/*
1218
 * Compute d+a*b, result in d. The initial announced bit length of d[]
1219
 * MUST match that of a[]. The d[] array MUST be large enough to
1220
 * accommodate the full result, plus (possibly) an extra word. The
1221
 * resulting announced bit length of d[] will be the sum of the announced
1222
 * bit lengths of a[] and b[] (therefore, it may be larger than the actual
1223
 * bit length of the numerical result).
1224
 *
1225
 * a[] and b[] may be the same array. d[] must be disjoint from both a[]
1226
 * and b[].
1227
 */
1228
void br_i32_mulacc(uint32_t *d, const uint32_t *a, const uint32_t *b);
1229
1230
/*
1231
 * Zeroize an integer. The announced bit length is set to the provided
1232
 * value, and the corresponding words are set to 0.
1233
 */
1234
static inline void
1235
br_i32_zero(uint32_t *x, uint32_t bit_len)
1236
0
{
1237
0
  *x ++ = bit_len;
1238
0
  memset(x, 0, ((bit_len + 31) >> 5) * sizeof *x);
1239
0
}
Unexecuted instantiation: poly1305_ctmul.c:br_i32_zero
Unexecuted instantiation: chacha20_sse2.c:br_i32_zero
Unexecuted instantiation: chacha20_ct.c:br_i32_zero
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_i32_zero
Unexecuted instantiation: aes_x86ni.c:br_i32_zero
Unexecuted instantiation: aes_small_ctrcbc.c:br_i32_zero
Unexecuted instantiation: aes_ct_ctrcbc.c:br_i32_zero
Unexecuted instantiation: aes_ct_ctr.c:br_i32_zero
Unexecuted instantiation: aes_ct64_ctrcbc.c:br_i32_zero
Unexecuted instantiation: aes_ct64.c:br_i32_zero
Unexecuted instantiation: aes_ct.c:br_i32_zero
Unexecuted instantiation: aes_common.c:br_i32_zero
Unexecuted instantiation: aes_big_ctrcbc.c:br_i32_zero
Unexecuted instantiation: prf_md5sha1.c:br_i32_zero
Unexecuted instantiation: prf.c:br_i32_zero
Unexecuted instantiation: sysrng.c:br_i32_zero
Unexecuted instantiation: hmac_drbg.c:br_i32_zero
Unexecuted instantiation: hmac.c:br_i32_zero
Unexecuted instantiation: shake.c:br_i32_zero
Unexecuted instantiation: hkdf.c:br_i32_zero
Unexecuted instantiation: sha2small.c:br_i32_zero
Unexecuted instantiation: sha2big.c:br_i32_zero
Unexecuted instantiation: sha1.c:br_i32_zero
Unexecuted instantiation: md5sha1.c:br_i32_zero
Unexecuted instantiation: md5.c:br_i32_zero
Unexecuted instantiation: ghash_ctmul32.c:br_i32_zero
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_i32_zero
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_i32_zero
Unexecuted instantiation: ecdsa_i31_bits.c:br_i32_zero
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_i32_zero
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_i32_zero
Unexecuted instantiation: ecdsa_i15_bits.c:br_i32_zero
Unexecuted instantiation: ec_secp521r1.c:br_i32_zero
Unexecuted instantiation: ec_secp384r1.c:br_i32_zero
Unexecuted instantiation: ec_secp256r1.c:br_i32_zero
Unexecuted instantiation: ec_pubkey.c:br_i32_zero
Unexecuted instantiation: ec_prime_i31.c:br_i32_zero
Unexecuted instantiation: ec_prime_i15.c:br_i32_zero
Unexecuted instantiation: ec_p256_m64.c:br_i32_zero
Unexecuted instantiation: ec_p256_m62.c:br_i32_zero
Unexecuted instantiation: ec_p256_m31.c:br_i32_zero
Unexecuted instantiation: ec_p256_m15.c:br_i32_zero
Unexecuted instantiation: ec_keygen.c:br_i32_zero
Unexecuted instantiation: ec_default.c:br_i32_zero
Unexecuted instantiation: ec_c25519_m64.c:br_i32_zero
Unexecuted instantiation: ec_c25519_m62.c:br_i32_zero
Unexecuted instantiation: ec_c25519_m31.c:br_i32_zero
Unexecuted instantiation: ec_c25519_m15.c:br_i32_zero
Unexecuted instantiation: ec_c25519_i31.c:br_i32_zero
Unexecuted instantiation: ec_c25519_i15.c:br_i32_zero
Unexecuted instantiation: ec_all_m31.c:br_i32_zero
Unexecuted instantiation: enc64be.c:br_i32_zero
Unexecuted instantiation: enc32le.c:br_i32_zero
Unexecuted instantiation: enc32be.c:br_i32_zero
Unexecuted instantiation: dec64be.c:br_i32_zero
Unexecuted instantiation: dec32le.c:br_i32_zero
Unexecuted instantiation: dec32be.c:br_i32_zero
Unexecuted instantiation: ccopy.c:br_i32_zero
Unexecuted instantiation: gcm.c:br_i32_zero
Unexecuted instantiation: ccm.c:br_i32_zero
Unexecuted instantiation: aes_small_enc.c:br_i32_zero
Unexecuted instantiation: aes_ct_enc.c:br_i32_zero
Unexecuted instantiation: aes_ct64_enc.c:br_i32_zero
Unexecuted instantiation: aes_big_enc.c:br_i32_zero
Unexecuted instantiation: i31_sub.c:br_i32_zero
Unexecuted instantiation: i31_rshift.c:br_i32_zero
Unexecuted instantiation: i31_ninv31.c:br_i32_zero
Unexecuted instantiation: i31_montmul.c:br_i32_zero
Unexecuted instantiation: i31_modpow.c:br_i32_zero
Unexecuted instantiation: i31_iszero.c:br_i32_zero
Unexecuted instantiation: i31_fmont.c:br_i32_zero
Unexecuted instantiation: i31_encode.c:br_i32_zero
Unexecuted instantiation: i31_decode.c:br_i32_zero
Unexecuted instantiation: i31_decmod.c:br_i32_zero
Unexecuted instantiation: i31_bitlen.c:br_i32_zero
Unexecuted instantiation: i31_add.c:br_i32_zero
Unexecuted instantiation: i15_sub.c:br_i32_zero
Unexecuted instantiation: i15_rshift.c:br_i32_zero
Unexecuted instantiation: i15_ninv15.c:br_i32_zero
Unexecuted instantiation: i15_montmul.c:br_i32_zero
Unexecuted instantiation: i15_modpow.c:br_i32_zero
Unexecuted instantiation: i15_iszero.c:br_i32_zero
Unexecuted instantiation: i15_fmont.c:br_i32_zero
Unexecuted instantiation: i15_encode.c:br_i32_zero
Unexecuted instantiation: i15_decode.c:br_i32_zero
Unexecuted instantiation: i15_decmod.c:br_i32_zero
Unexecuted instantiation: i15_bitlen.c:br_i32_zero
Unexecuted instantiation: i15_add.c:br_i32_zero
Unexecuted instantiation: i31_tmont.c:br_i32_zero
Unexecuted instantiation: i31_muladd.c:br_i32_zero
Unexecuted instantiation: i15_tmont.c:br_i32_zero
Unexecuted instantiation: i15_muladd.c:br_i32_zero
Unexecuted instantiation: i32_div32.c:br_i32_zero
1240
1241
/*
1242
 * Compute -(1/x) mod 2^32. If x is even, then this function returns 0.
1243
 */
1244
uint32_t br_i32_ninv32(uint32_t x);
1245
1246
/*
1247
 * Convert a modular integer to Montgomery representation. The integer x[]
1248
 * MUST be lower than m[], but with the same announced bit length.
1249
 */
1250
void br_i32_to_monty(uint32_t *x, const uint32_t *m);
1251
1252
/*
1253
 * Convert a modular integer back from Montgomery representation. The
1254
 * integer x[] MUST be lower than m[], but with the same announced bit
1255
 * length. The "m0i" parameter is equal to -(1/m0) mod 2^32, where m0 is
1256
 * the least significant value word of m[] (this works only if m[] is
1257
 * an odd integer).
1258
 */
1259
void br_i32_from_monty(uint32_t *x, const uint32_t *m, uint32_t m0i);
1260
1261
/*
1262
 * Compute a modular Montgomery multiplication. d[] is filled with the
1263
 * value of x*y/R modulo m[] (where R is the Montgomery factor). The
1264
 * array d[] MUST be distinct from x[], y[] and m[]. x[] and y[] MUST be
1265
 * numerically lower than m[]. x[] and y[] MAY be the same array. The
1266
 * "m0i" parameter is equal to -(1/m0) mod 2^32, where m0 is the least
1267
 * significant value word of m[] (this works only if m[] is an odd
1268
 * integer).
1269
 */
1270
void br_i32_montymul(uint32_t *d, const uint32_t *x, const uint32_t *y,
1271
  const uint32_t *m, uint32_t m0i);
1272
1273
/*
1274
 * Compute a modular exponentiation. x[] MUST be an integer modulo m[]
1275
 * (same announced bit length, lower value). m[] MUST be odd. The
1276
 * exponent is in big-endian unsigned notation, over 'elen' bytes. The
1277
 * "m0i" parameter is equal to -(1/m0) mod 2^32, where m0 is the least
1278
 * significant value word of m[] (this works only if m[] is an odd
1279
 * integer). The t1[] and t2[] parameters must be temporary arrays,
1280
 * each large enough to accommodate an integer with the same size as m[].
1281
 */
1282
void br_i32_modpow(uint32_t *x, const unsigned char *e, size_t elen,
1283
  const uint32_t *m, uint32_t m0i, uint32_t *t1, uint32_t *t2);
1284
1285
/* ==================================================================== */
1286
1287
/*
1288
 * Integers 'i31'
1289
 * --------------
1290
 *
1291
 * The 'i31' functions implement computations on big integers using
1292
 * an internal representation as an array of 32-bit integers. For
1293
 * an array x[]:
1294
 *  -- x[0] encodes the array length and the "announced bit length"
1295
 *     of the integer: namely, if the announced bit length is k,
1296
 *     then x[0] = ((k / 31) << 5) + (k % 31).
1297
 *  -- x[1], x[2]... contain the value in little-endian order, 31
1298
 *     bits per word (x[1] contains the least significant 31 bits).
1299
 *     The upper bit of each word is 0.
1300
 *
1301
 * Multiplications rely on the elementary 32x32->64 multiplication.
1302
 *
1303
 * The announced bit length specifies the number of bits that are
1304
 * significant in the subsequent 32-bit words. Unused bits in the
1305
 * last (most significant) word are set to 0; subsequent words are
1306
 * uninitialized and need not exist at all.
1307
 *
1308
 * The execution time and memory access patterns of all computations
1309
 * depend on the announced bit length, but not on the actual word
1310
 * values. For modular integers, the announced bit length of any integer
1311
 * modulo n is equal to the actual bit length of n; thus, computations
1312
 * on modular integers are "constant-time" (only the modulus length may
1313
 * leak).
1314
 */
1315
1316
/*
1317
 * Test whether an integer is zero.
1318
 */
1319
uint32_t br_i31_iszero(const uint32_t *x);
1320
1321
/*
1322
 * Add b[] to a[] and return the carry (0 or 1). If ctl is 0, then a[]
1323
 * is unmodified, but the carry is still computed and returned. The
1324
 * arrays a[] and b[] MUST have the same announced bit length.
1325
 *
1326
 * a[] and b[] MAY be the same array, but partial overlap is not allowed.
1327
 */
1328
uint32_t br_i31_add(uint32_t *a, const uint32_t *b, uint32_t ctl);
1329
1330
/*
1331
 * Subtract b[] from a[] and return the carry (0 or 1). If ctl is 0,
1332
 * then a[] is unmodified, but the carry is still computed and returned.
1333
 * The arrays a[] and b[] MUST have the same announced bit length.
1334
 *
1335
 * a[] and b[] MAY be the same array, but partial overlap is not allowed.
1336
 */
1337
uint32_t br_i31_sub(uint32_t *a, const uint32_t *b, uint32_t ctl);
1338
1339
/*
1340
 * Compute the ENCODED actual bit length of an integer. The argument x
1341
 * should point to the first (least significant) value word of the
1342
 * integer. The len 'xlen' contains the number of 32-bit words to
1343
 * access. The upper bit of each value word MUST be 0.
1344
 * Returned value is ((k / 31) << 5) + (k % 31) if the bit length is k.
1345
 *
1346
 * CT: value or length of x does not leak.
1347
 */
1348
uint32_t br_i31_bit_length(uint32_t *x, size_t xlen);
1349
1350
/*
1351
 * Decode an integer from its big-endian unsigned representation. The
1352
 * "true" bit length of the integer is computed and set in the encoded
1353
 * announced bit length (x[0]), but all words of x[] corresponding to
1354
 * the full 'len' bytes of the source are set.
1355
 *
1356
 * CT: value or length of x does not leak.
1357
 */
1358
void br_i31_decode(uint32_t *x, const void *src, size_t len);
1359
1360
/*
1361
 * Decode an integer from its big-endian unsigned representation. The
1362
 * integer MUST be lower than m[]; the (encoded) announced bit length
1363
 * written in x[] will be equal to that of m[]. All 'len' bytes from the
1364
 * source are read.
1365
 *
1366
 * Returned value is 1 if the decode value fits within the modulus, 0
1367
 * otherwise. In the latter case, the x[] buffer will be set to 0 (but
1368
 * still with the announced bit length of m[]).
1369
 *
1370
 * CT: value or length of x does not leak. Memory access pattern depends
1371
 * only of 'len' and the announced bit length of m. Whether x fits or
1372
 * not does not leak either.
1373
 */
1374
uint32_t br_i31_decode_mod(uint32_t *x,
1375
  const void *src, size_t len, const uint32_t *m);
1376
1377
/*
1378
 * Zeroize an integer. The announced bit length is set to the provided
1379
 * value, and the corresponding words are set to 0. The ENCODED bit length
1380
 * is expected here.
1381
 */
1382
static inline void
1383
br_i31_zero(uint32_t *x, uint32_t bit_len)
1384
29.0M
{
1385
29.0M
  *x ++ = bit_len;
1386
29.0M
  memset(x, 0, ((bit_len + 31) >> 5) * sizeof *x);
1387
29.0M
}
Unexecuted instantiation: poly1305_ctmul.c:br_i31_zero
Unexecuted instantiation: chacha20_sse2.c:br_i31_zero
Unexecuted instantiation: chacha20_ct.c:br_i31_zero
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_i31_zero
Unexecuted instantiation: aes_x86ni.c:br_i31_zero
Unexecuted instantiation: aes_small_ctrcbc.c:br_i31_zero
Unexecuted instantiation: aes_ct_ctrcbc.c:br_i31_zero
Unexecuted instantiation: aes_ct_ctr.c:br_i31_zero
Unexecuted instantiation: aes_ct64_ctrcbc.c:br_i31_zero
Unexecuted instantiation: aes_ct64.c:br_i31_zero
Unexecuted instantiation: aes_ct.c:br_i31_zero
Unexecuted instantiation: aes_common.c:br_i31_zero
Unexecuted instantiation: aes_big_ctrcbc.c:br_i31_zero
Unexecuted instantiation: prf_md5sha1.c:br_i31_zero
Unexecuted instantiation: prf.c:br_i31_zero
Unexecuted instantiation: sysrng.c:br_i31_zero
Unexecuted instantiation: hmac_drbg.c:br_i31_zero
Unexecuted instantiation: hmac.c:br_i31_zero
Unexecuted instantiation: shake.c:br_i31_zero
Unexecuted instantiation: hkdf.c:br_i31_zero
Unexecuted instantiation: sha2small.c:br_i31_zero
Unexecuted instantiation: sha2big.c:br_i31_zero
Unexecuted instantiation: sha1.c:br_i31_zero
Unexecuted instantiation: md5sha1.c:br_i31_zero
Unexecuted instantiation: md5.c:br_i31_zero
Unexecuted instantiation: ghash_ctmul32.c:br_i31_zero
ecdsa_i31_vrfy_raw.c:br_i31_zero
Line
Count
Source
1384
1.41k
{
1385
1.41k
  *x ++ = bit_len;
1386
1.41k
  memset(x, 0, ((bit_len + 31) >> 5) * sizeof *x);
1387
1.41k
}
ecdsa_i31_sign_raw.c:br_i31_zero
Line
Count
Source
1384
442
{
1385
442
  *x ++ = bit_len;
1386
442
  memset(x, 0, ((bit_len + 31) >> 5) * sizeof *x);
1387
442
}
ecdsa_i31_bits.c:br_i31_zero
Line
Count
Source
1384
2.30k
{
1385
2.30k
  *x ++ = bit_len;
1386
2.30k
  memset(x, 0, ((bit_len + 31) >> 5) * sizeof *x);
1387
2.30k
}
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_i31_zero
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_i31_zero
Unexecuted instantiation: ecdsa_i15_bits.c:br_i31_zero
Unexecuted instantiation: ec_secp521r1.c:br_i31_zero
Unexecuted instantiation: ec_secp384r1.c:br_i31_zero
Unexecuted instantiation: ec_secp256r1.c:br_i31_zero
Unexecuted instantiation: ec_pubkey.c:br_i31_zero
Unexecuted instantiation: ec_prime_i31.c:br_i31_zero
Unexecuted instantiation: ec_prime_i15.c:br_i31_zero
Unexecuted instantiation: ec_p256_m64.c:br_i31_zero
Unexecuted instantiation: ec_p256_m62.c:br_i31_zero
Unexecuted instantiation: ec_p256_m31.c:br_i31_zero
Unexecuted instantiation: ec_p256_m15.c:br_i31_zero
Unexecuted instantiation: ec_keygen.c:br_i31_zero
Unexecuted instantiation: ec_default.c:br_i31_zero
Unexecuted instantiation: ec_c25519_m64.c:br_i31_zero
Unexecuted instantiation: ec_c25519_m62.c:br_i31_zero
Unexecuted instantiation: ec_c25519_m31.c:br_i31_zero
Unexecuted instantiation: ec_c25519_m15.c:br_i31_zero
ec_c25519_i31.c:br_i31_zero
Line
Count
Source
1384
48
{
1385
48
  *x ++ = bit_len;
1386
48
  memset(x, 0, ((bit_len + 31) >> 5) * sizeof *x);
1387
48
}
Unexecuted instantiation: ec_c25519_i15.c:br_i31_zero
Unexecuted instantiation: ec_all_m31.c:br_i31_zero
Unexecuted instantiation: enc64be.c:br_i31_zero
Unexecuted instantiation: enc32le.c:br_i31_zero
Unexecuted instantiation: enc32be.c:br_i31_zero
Unexecuted instantiation: dec64be.c:br_i31_zero
Unexecuted instantiation: dec32le.c:br_i31_zero
Unexecuted instantiation: dec32be.c:br_i31_zero
Unexecuted instantiation: ccopy.c:br_i31_zero
Unexecuted instantiation: gcm.c:br_i31_zero
Unexecuted instantiation: ccm.c:br_i31_zero
Unexecuted instantiation: aes_small_enc.c:br_i31_zero
Unexecuted instantiation: aes_ct_enc.c:br_i31_zero
Unexecuted instantiation: aes_ct64_enc.c:br_i31_zero
Unexecuted instantiation: aes_big_enc.c:br_i31_zero
Unexecuted instantiation: i31_sub.c:br_i31_zero
Unexecuted instantiation: i31_rshift.c:br_i31_zero
Unexecuted instantiation: i31_ninv31.c:br_i31_zero
i31_montmul.c:br_i31_zero
Line
Count
Source
1384
29.0M
{
1385
29.0M
  *x ++ = bit_len;
1386
29.0M
  memset(x, 0, ((bit_len + 31) >> 5) * sizeof *x);
1387
29.0M
}
i31_modpow.c:br_i31_zero
Line
Count
Source
1384
4.21k
{
1385
4.21k
  *x ++ = bit_len;
1386
4.21k
  memset(x, 0, ((bit_len + 31) >> 5) * sizeof *x);
1387
4.21k
}
Unexecuted instantiation: i31_iszero.c:br_i31_zero
Unexecuted instantiation: i31_fmont.c:br_i31_zero
Unexecuted instantiation: i31_encode.c:br_i31_zero
Unexecuted instantiation: i31_decode.c:br_i31_zero
Unexecuted instantiation: i31_decmod.c:br_i31_zero
Unexecuted instantiation: i31_bitlen.c:br_i31_zero
Unexecuted instantiation: i31_add.c:br_i31_zero
Unexecuted instantiation: i15_sub.c:br_i31_zero
Unexecuted instantiation: i15_rshift.c:br_i31_zero
Unexecuted instantiation: i15_ninv15.c:br_i31_zero
Unexecuted instantiation: i15_montmul.c:br_i31_zero
Unexecuted instantiation: i15_modpow.c:br_i31_zero
Unexecuted instantiation: i15_iszero.c:br_i31_zero
Unexecuted instantiation: i15_fmont.c:br_i31_zero
Unexecuted instantiation: i15_encode.c:br_i31_zero
Unexecuted instantiation: i15_decode.c:br_i31_zero
Unexecuted instantiation: i15_decmod.c:br_i31_zero
Unexecuted instantiation: i15_bitlen.c:br_i31_zero
Unexecuted instantiation: i15_add.c:br_i31_zero
Unexecuted instantiation: i31_tmont.c:br_i31_zero
Unexecuted instantiation: i31_muladd.c:br_i31_zero
Unexecuted instantiation: i15_tmont.c:br_i31_zero
Unexecuted instantiation: i15_muladd.c:br_i31_zero
Unexecuted instantiation: i32_div32.c:br_i31_zero
1388
1389
/*
1390
 * Right-shift an integer. The shift amount must be lower than 31
1391
 * bits.
1392
 */
1393
void br_i31_rshift(uint32_t *x, int count);
1394
1395
/*
1396
 * Reduce an integer (a[]) modulo another (m[]). The result is written
1397
 * in x[] and its announced bit length is set to be equal to that of m[].
1398
 *
1399
 * x[] MUST be distinct from a[] and m[].
1400
 *
1401
 * CT: only announced bit lengths leak, not values of x, a or m.
1402
 */
1403
void br_i31_reduce(uint32_t *x, const uint32_t *a, const uint32_t *m);
1404
1405
/*
1406
 * Decode an integer from its big-endian unsigned representation, and
1407
 * reduce it modulo the provided modulus m[]. The announced bit length
1408
 * of the result is set to be equal to that of the modulus.
1409
 *
1410
 * x[] MUST be distinct from m[].
1411
 */
1412
void br_i31_decode_reduce(uint32_t *x,
1413
  const void *src, size_t len, const uint32_t *m);
1414
1415
/*
1416
 * Multiply x[] by 2^31 and then add integer z, modulo m[]. This
1417
 * function assumes that x[] and m[] have the same announced bit
1418
 * length, the announced bit length of m[] matches its true
1419
 * bit length.
1420
 *
1421
 * x[] and m[] MUST be distinct arrays. z MUST fit in 31 bits (upper
1422
 * bit set to 0).
1423
 *
1424
 * CT: only the common announced bit length of x and m leaks, not
1425
 * the values of x, z or m.
1426
 */
1427
void br_i31_muladd_small(uint32_t *x, uint32_t z, const uint32_t *m);
1428
1429
/*
1430
 * Encode an integer into its big-endian unsigned representation. The
1431
 * output length in bytes is provided (parameter 'len'); if the length
1432
 * is too short then the integer is appropriately truncated; if it is
1433
 * too long then the extra bytes are set to 0.
1434
 */
1435
void br_i31_encode(void *dst, size_t len, const uint32_t *x);
1436
1437
/*
1438
 * Compute -(1/x) mod 2^31. If x is even, then this function returns 0.
1439
 */
1440
uint32_t br_i31_ninv31(uint32_t x);
1441
1442
/*
1443
 * Compute a modular Montgomery multiplication. d[] is filled with the
1444
 * value of x*y/R modulo m[] (where R is the Montgomery factor). The
1445
 * array d[] MUST be distinct from x[], y[] and m[]. x[] and y[] MUST be
1446
 * numerically lower than m[]. x[] and y[] MAY be the same array. The
1447
 * "m0i" parameter is equal to -(1/m0) mod 2^31, where m0 is the least
1448
 * significant value word of m[] (this works only if m[] is an odd
1449
 * integer).
1450
 */
1451
void br_i31_montymul(uint32_t *d, const uint32_t *x, const uint32_t *y,
1452
  const uint32_t *m, uint32_t m0i);
1453
1454
/*
1455
 * Convert a modular integer to Montgomery representation. The integer x[]
1456
 * MUST be lower than m[], but with the same announced bit length.
1457
 */
1458
void br_i31_to_monty(uint32_t *x, const uint32_t *m);
1459
1460
/*
1461
 * Convert a modular integer back from Montgomery representation. The
1462
 * integer x[] MUST be lower than m[], but with the same announced bit
1463
 * length. The "m0i" parameter is equal to -(1/m0) mod 2^32, where m0 is
1464
 * the least significant value word of m[] (this works only if m[] is
1465
 * an odd integer).
1466
 */
1467
void br_i31_from_monty(uint32_t *x, const uint32_t *m, uint32_t m0i);
1468
1469
/*
1470
 * Compute a modular exponentiation. x[] MUST be an integer modulo m[]
1471
 * (same announced bit length, lower value). m[] MUST be odd. The
1472
 * exponent is in big-endian unsigned notation, over 'elen' bytes. The
1473
 * "m0i" parameter is equal to -(1/m0) mod 2^31, where m0 is the least
1474
 * significant value word of m[] (this works only if m[] is an odd
1475
 * integer). The t1[] and t2[] parameters must be temporary arrays,
1476
 * each large enough to accommodate an integer with the same size as m[].
1477
 */
1478
void br_i31_modpow(uint32_t *x, const unsigned char *e, size_t elen,
1479
  const uint32_t *m, uint32_t m0i, uint32_t *t1, uint32_t *t2);
1480
1481
/*
1482
 * Compute a modular exponentiation. x[] MUST be an integer modulo m[]
1483
 * (same announced bit length, lower value). m[] MUST be odd. The
1484
 * exponent is in big-endian unsigned notation, over 'elen' bytes. The
1485
 * "m0i" parameter is equal to -(1/m0) mod 2^31, where m0 is the least
1486
 * significant value word of m[] (this works only if m[] is an odd
1487
 * integer). The tmp[] array is used for temporaries, and has size
1488
 * 'twlen' words; it must be large enough to accommodate at least two
1489
 * temporary values with the same size as m[] (including the leading
1490
 * "bit length" word). If there is room for more temporaries, then this
1491
 * function may use the extra room for window-based optimisation,
1492
 * resulting in faster computations.
1493
 *
1494
 * Returned value is 1 on success, 0 on error. An error is reported if
1495
 * the provided tmp[] array is too short.
1496
 */
1497
uint32_t br_i31_modpow_opt(uint32_t *x, const unsigned char *e, size_t elen,
1498
  const uint32_t *m, uint32_t m0i, uint32_t *tmp, size_t twlen);
1499
1500
/*
1501
 * Compute d+a*b, result in d. The initial announced bit length of d[]
1502
 * MUST match that of a[]. The d[] array MUST be large enough to
1503
 * accommodate the full result, plus (possibly) an extra word. The
1504
 * resulting announced bit length of d[] will be the sum of the announced
1505
 * bit lengths of a[] and b[] (therefore, it may be larger than the actual
1506
 * bit length of the numerical result).
1507
 *
1508
 * a[] and b[] may be the same array. d[] must be disjoint from both a[]
1509
 * and b[].
1510
 */
1511
void br_i31_mulacc(uint32_t *d, const uint32_t *a, const uint32_t *b);
1512
1513
/*
1514
 * Compute x/y mod m, result in x. Values x and y must be between 0 and
1515
 * m-1, and have the same announced bit length as m. Modulus m must be
1516
 * odd. The "m0i" parameter is equal to -1/m mod 2^31. The array 't'
1517
 * must point to a temporary area that can hold at least three integers
1518
 * of the size of m.
1519
 *
1520
 * m may not overlap x and y. x and y may overlap each other (this can
1521
 * be useful to test whether a value is invertible modulo m). t must be
1522
 * disjoint from all other arrays.
1523
 *
1524
 * Returned value is 1 on success, 0 otherwise. Success is attained if
1525
 * y is invertible modulo m.
1526
 */
1527
uint32_t br_i31_moddiv(uint32_t *x, const uint32_t *y,
1528
  const uint32_t *m, uint32_t m0i, uint32_t *t);
1529
1530
/* ==================================================================== */
1531
1532
/*
1533
 * FIXME: document "i15" functions.
1534
 */
1535
1536
static inline void
1537
br_i15_zero(uint16_t *x, uint16_t bit_len)
1538
7.15M
{
1539
7.15M
  *x ++ = bit_len;
1540
7.15M
  memset(x, 0, ((bit_len + 15) >> 4) * sizeof *x);
1541
7.15M
}
Unexecuted instantiation: poly1305_ctmul.c:br_i15_zero
Unexecuted instantiation: chacha20_sse2.c:br_i15_zero
Unexecuted instantiation: chacha20_ct.c:br_i15_zero
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_i15_zero
Unexecuted instantiation: aes_x86ni.c:br_i15_zero
Unexecuted instantiation: aes_small_ctrcbc.c:br_i15_zero
Unexecuted instantiation: aes_ct_ctrcbc.c:br_i15_zero
Unexecuted instantiation: aes_ct_ctr.c:br_i15_zero
Unexecuted instantiation: aes_ct64_ctrcbc.c:br_i15_zero
Unexecuted instantiation: aes_ct64.c:br_i15_zero
Unexecuted instantiation: aes_ct.c:br_i15_zero
Unexecuted instantiation: aes_common.c:br_i15_zero
Unexecuted instantiation: aes_big_ctrcbc.c:br_i15_zero
Unexecuted instantiation: prf_md5sha1.c:br_i15_zero
Unexecuted instantiation: prf.c:br_i15_zero
Unexecuted instantiation: sysrng.c:br_i15_zero
Unexecuted instantiation: hmac_drbg.c:br_i15_zero
Unexecuted instantiation: hmac.c:br_i15_zero
Unexecuted instantiation: shake.c:br_i15_zero
Unexecuted instantiation: hkdf.c:br_i15_zero
Unexecuted instantiation: sha2small.c:br_i15_zero
Unexecuted instantiation: sha2big.c:br_i15_zero
Unexecuted instantiation: sha1.c:br_i15_zero
Unexecuted instantiation: md5sha1.c:br_i15_zero
Unexecuted instantiation: md5.c:br_i15_zero
Unexecuted instantiation: ghash_ctmul32.c:br_i15_zero
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_i15_zero
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_i15_zero
Unexecuted instantiation: ecdsa_i31_bits.c:br_i15_zero
ecdsa_i15_vrfy_raw.c:br_i15_zero
Line
Count
Source
1538
140
{
1539
140
  *x ++ = bit_len;
1540
140
  memset(x, 0, ((bit_len + 15) >> 4) * sizeof *x);
1541
140
}
ecdsa_i15_sign_raw.c:br_i15_zero
Line
Count
Source
1538
118
{
1539
118
  *x ++ = bit_len;
1540
118
  memset(x, 0, ((bit_len + 15) >> 4) * sizeof *x);
1541
118
}
ecdsa_i15_bits.c:br_i15_zero
Line
Count
Source
1538
376
{
1539
376
  *x ++ = bit_len;
1540
376
  memset(x, 0, ((bit_len + 15) >> 4) * sizeof *x);
1541
376
}
Unexecuted instantiation: ec_secp521r1.c:br_i15_zero
Unexecuted instantiation: ec_secp384r1.c:br_i15_zero
Unexecuted instantiation: ec_secp256r1.c:br_i15_zero
Unexecuted instantiation: ec_pubkey.c:br_i15_zero
Unexecuted instantiation: ec_prime_i31.c:br_i15_zero
Unexecuted instantiation: ec_prime_i15.c:br_i15_zero
Unexecuted instantiation: ec_p256_m64.c:br_i15_zero
Unexecuted instantiation: ec_p256_m62.c:br_i15_zero
Unexecuted instantiation: ec_p256_m31.c:br_i15_zero
Unexecuted instantiation: ec_p256_m15.c:br_i15_zero
Unexecuted instantiation: ec_keygen.c:br_i15_zero
Unexecuted instantiation: ec_default.c:br_i15_zero
Unexecuted instantiation: ec_c25519_m64.c:br_i15_zero
Unexecuted instantiation: ec_c25519_m62.c:br_i15_zero
Unexecuted instantiation: ec_c25519_m31.c:br_i15_zero
Unexecuted instantiation: ec_c25519_m15.c:br_i15_zero
Unexecuted instantiation: ec_c25519_i31.c:br_i15_zero
ec_c25519_i15.c:br_i15_zero
Line
Count
Source
1538
39
{
1539
39
  *x ++ = bit_len;
1540
39
  memset(x, 0, ((bit_len + 15) >> 4) * sizeof *x);
1541
39
}
Unexecuted instantiation: ec_all_m31.c:br_i15_zero
Unexecuted instantiation: enc64be.c:br_i15_zero
Unexecuted instantiation: enc32le.c:br_i15_zero
Unexecuted instantiation: enc32be.c:br_i15_zero
Unexecuted instantiation: dec64be.c:br_i15_zero
Unexecuted instantiation: dec32le.c:br_i15_zero
Unexecuted instantiation: dec32be.c:br_i15_zero
Unexecuted instantiation: ccopy.c:br_i15_zero
Unexecuted instantiation: gcm.c:br_i15_zero
Unexecuted instantiation: ccm.c:br_i15_zero
Unexecuted instantiation: aes_small_enc.c:br_i15_zero
Unexecuted instantiation: aes_ct_enc.c:br_i15_zero
Unexecuted instantiation: aes_ct64_enc.c:br_i15_zero
Unexecuted instantiation: aes_big_enc.c:br_i15_zero
Unexecuted instantiation: i31_sub.c:br_i15_zero
Unexecuted instantiation: i31_rshift.c:br_i15_zero
Unexecuted instantiation: i31_ninv31.c:br_i15_zero
Unexecuted instantiation: i31_montmul.c:br_i15_zero
Unexecuted instantiation: i31_modpow.c:br_i15_zero
Unexecuted instantiation: i31_iszero.c:br_i15_zero
Unexecuted instantiation: i31_fmont.c:br_i15_zero
Unexecuted instantiation: i31_encode.c:br_i15_zero
Unexecuted instantiation: i31_decode.c:br_i15_zero
Unexecuted instantiation: i31_decmod.c:br_i15_zero
Unexecuted instantiation: i31_bitlen.c:br_i15_zero
Unexecuted instantiation: i31_add.c:br_i15_zero
Unexecuted instantiation: i15_sub.c:br_i15_zero
Unexecuted instantiation: i15_rshift.c:br_i15_zero
Unexecuted instantiation: i15_ninv15.c:br_i15_zero
i15_montmul.c:br_i15_zero
Line
Count
Source
1538
7.15M
{
1539
7.15M
  *x ++ = bit_len;
1540
7.15M
  memset(x, 0, ((bit_len + 15) >> 4) * sizeof *x);
1541
7.15M
}
i15_modpow.c:br_i15_zero
Line
Count
Source
1538
964
{
1539
964
  *x ++ = bit_len;
1540
964
  memset(x, 0, ((bit_len + 15) >> 4) * sizeof *x);
1541
964
}
Unexecuted instantiation: i15_iszero.c:br_i15_zero
Unexecuted instantiation: i15_fmont.c:br_i15_zero
Unexecuted instantiation: i15_encode.c:br_i15_zero
Unexecuted instantiation: i15_decode.c:br_i15_zero
Unexecuted instantiation: i15_decmod.c:br_i15_zero
Unexecuted instantiation: i15_bitlen.c:br_i15_zero
Unexecuted instantiation: i15_add.c:br_i15_zero
Unexecuted instantiation: i31_tmont.c:br_i15_zero
Unexecuted instantiation: i31_muladd.c:br_i15_zero
Unexecuted instantiation: i15_tmont.c:br_i15_zero
Unexecuted instantiation: i15_muladd.c:br_i15_zero
Unexecuted instantiation: i32_div32.c:br_i15_zero
1542
1543
uint32_t br_i15_iszero(const uint16_t *x);
1544
1545
uint16_t br_i15_ninv15(uint16_t x);
1546
1547
uint32_t br_i15_add(uint16_t *a, const uint16_t *b, uint32_t ctl);
1548
1549
uint32_t br_i15_sub(uint16_t *a, const uint16_t *b, uint32_t ctl);
1550
1551
void br_i15_muladd_small(uint16_t *x, uint16_t z, const uint16_t *m);
1552
1553
void br_i15_montymul(uint16_t *d, const uint16_t *x, const uint16_t *y,
1554
  const uint16_t *m, uint16_t m0i);
1555
1556
void br_i15_to_monty(uint16_t *x, const uint16_t *m);
1557
1558
void br_i15_modpow(uint16_t *x, const unsigned char *e, size_t elen,
1559
  const uint16_t *m, uint16_t m0i, uint16_t *t1, uint16_t *t2);
1560
1561
uint32_t br_i15_modpow_opt(uint16_t *x, const unsigned char *e, size_t elen,
1562
  const uint16_t *m, uint16_t m0i, uint16_t *tmp, size_t twlen);
1563
1564
void br_i15_encode(void *dst, size_t len, const uint16_t *x);
1565
1566
uint32_t br_i15_decode_mod(uint16_t *x,
1567
  const void *src, size_t len, const uint16_t *m);
1568
1569
void br_i15_rshift(uint16_t *x, int count);
1570
1571
uint32_t br_i15_bit_length(uint16_t *x, size_t xlen);
1572
1573
void br_i15_decode(uint16_t *x, const void *src, size_t len);
1574
1575
void br_i15_from_monty(uint16_t *x, const uint16_t *m, uint16_t m0i);
1576
1577
void br_i15_decode_reduce(uint16_t *x,
1578
  const void *src, size_t len, const uint16_t *m);
1579
1580
void br_i15_reduce(uint16_t *x, const uint16_t *a, const uint16_t *m);
1581
1582
void br_i15_mulacc(uint16_t *d, const uint16_t *a, const uint16_t *b);
1583
1584
uint32_t br_i15_moddiv(uint16_t *x, const uint16_t *y,
1585
  const uint16_t *m, uint16_t m0i, uint16_t *t);
1586
1587
/*
1588
 * Variant of br_i31_modpow_opt() that internally uses 64x64->128
1589
 * multiplications. It expects the same parameters as br_i31_modpow_opt(),
1590
 * except that the temporaries should be 64-bit integers, not 32-bit
1591
 * integers.
1592
 */
1593
uint32_t br_i62_modpow_opt(uint32_t *x31, const unsigned char *e, size_t elen,
1594
  const uint32_t *m31, uint32_t m0i31, uint64_t *tmp, size_t twlen);
1595
1596
/*
1597
 * Type for a function with the same API as br_i31_modpow_opt() (some
1598
 * implementations of this type may have stricter alignment requirements
1599
 * on the temporaries).
1600
 */
1601
typedef uint32_t (*br_i31_modpow_opt_type)(uint32_t *x,
1602
  const unsigned char *e, size_t elen,
1603
  const uint32_t *m, uint32_t m0i, uint32_t *tmp, size_t twlen);
1604
1605
/*
1606
 * Wrapper for br_i62_modpow_opt() that uses the same type as
1607
 * br_i31_modpow_opt(); however, it requires its 'tmp' argument to the
1608
 * 64-bit aligned.
1609
 */
1610
uint32_t br_i62_modpow_opt_as_i31(uint32_t *x,
1611
  const unsigned char *e, size_t elen,
1612
  const uint32_t *m, uint32_t m0i, uint32_t *tmp, size_t twlen);
1613
1614
/* ==================================================================== */
1615
1616
static inline size_t
1617
br_digest_size(const br_hash_class *digest_class)
1618
198k
{
1619
198k
  return (size_t)(digest_class->desc >> BR_HASHDESC_OUT_OFF)
1620
198k
    & BR_HASHDESC_OUT_MASK;
1621
198k
}
Unexecuted instantiation: poly1305_ctmul.c:br_digest_size
Unexecuted instantiation: chacha20_sse2.c:br_digest_size
Unexecuted instantiation: chacha20_ct.c:br_digest_size
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_digest_size
Unexecuted instantiation: aes_x86ni.c:br_digest_size
Unexecuted instantiation: aes_small_ctrcbc.c:br_digest_size
Unexecuted instantiation: aes_ct_ctrcbc.c:br_digest_size
Unexecuted instantiation: aes_ct_ctr.c:br_digest_size
Unexecuted instantiation: aes_ct64_ctrcbc.c:br_digest_size
Unexecuted instantiation: aes_ct64.c:br_digest_size
Unexecuted instantiation: aes_ct.c:br_digest_size
Unexecuted instantiation: aes_common.c:br_digest_size
Unexecuted instantiation: aes_big_ctrcbc.c:br_digest_size
Unexecuted instantiation: prf_md5sha1.c:br_digest_size
prf.c:br_digest_size
Line
Count
Source
1618
352
{
1619
352
  return (size_t)(digest_class->desc >> BR_HASHDESC_OUT_OFF)
1620
352
    & BR_HASHDESC_OUT_MASK;
1621
352
}
Unexecuted instantiation: sysrng.c:br_digest_size
hmac_drbg.c:br_digest_size
Line
Count
Source
1618
2.66k
{
1619
2.66k
  return (size_t)(digest_class->desc >> BR_HASHDESC_OUT_OFF)
1620
2.66k
    & BR_HASHDESC_OUT_MASK;
1621
2.66k
}
hmac.c:br_digest_size
Line
Count
Source
1618
195k
{
1619
195k
  return (size_t)(digest_class->desc >> BR_HASHDESC_OUT_OFF)
1620
195k
    & BR_HASHDESC_OUT_MASK;
1621
195k
}
Unexecuted instantiation: shake.c:br_digest_size
Unexecuted instantiation: hkdf.c:br_digest_size
Unexecuted instantiation: sha2small.c:br_digest_size
Unexecuted instantiation: sha2big.c:br_digest_size
Unexecuted instantiation: sha1.c:br_digest_size
Unexecuted instantiation: md5sha1.c:br_digest_size
Unexecuted instantiation: md5.c:br_digest_size
Unexecuted instantiation: ghash_ctmul32.c:br_digest_size
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_digest_size
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_digest_size
Unexecuted instantiation: ecdsa_i31_bits.c:br_digest_size
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_digest_size
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_digest_size
Unexecuted instantiation: ecdsa_i15_bits.c:br_digest_size
Unexecuted instantiation: ec_secp521r1.c:br_digest_size
Unexecuted instantiation: ec_secp384r1.c:br_digest_size
Unexecuted instantiation: ec_secp256r1.c:br_digest_size
Unexecuted instantiation: ec_pubkey.c:br_digest_size
Unexecuted instantiation: ec_prime_i31.c:br_digest_size
Unexecuted instantiation: ec_prime_i15.c:br_digest_size
Unexecuted instantiation: ec_p256_m64.c:br_digest_size
Unexecuted instantiation: ec_p256_m62.c:br_digest_size
Unexecuted instantiation: ec_p256_m31.c:br_digest_size
Unexecuted instantiation: ec_p256_m15.c:br_digest_size
Unexecuted instantiation: ec_keygen.c:br_digest_size
Unexecuted instantiation: ec_default.c:br_digest_size
Unexecuted instantiation: ec_c25519_m64.c:br_digest_size
Unexecuted instantiation: ec_c25519_m62.c:br_digest_size
Unexecuted instantiation: ec_c25519_m31.c:br_digest_size
Unexecuted instantiation: ec_c25519_m15.c:br_digest_size
Unexecuted instantiation: ec_c25519_i31.c:br_digest_size
Unexecuted instantiation: ec_c25519_i15.c:br_digest_size
Unexecuted instantiation: ec_all_m31.c:br_digest_size
Unexecuted instantiation: enc64be.c:br_digest_size
Unexecuted instantiation: enc32le.c:br_digest_size
Unexecuted instantiation: enc32be.c:br_digest_size
Unexecuted instantiation: dec64be.c:br_digest_size
Unexecuted instantiation: dec32le.c:br_digest_size
Unexecuted instantiation: dec32be.c:br_digest_size
Unexecuted instantiation: ccopy.c:br_digest_size
Unexecuted instantiation: gcm.c:br_digest_size
Unexecuted instantiation: ccm.c:br_digest_size
Unexecuted instantiation: aes_small_enc.c:br_digest_size
Unexecuted instantiation: aes_ct_enc.c:br_digest_size
Unexecuted instantiation: aes_ct64_enc.c:br_digest_size
Unexecuted instantiation: aes_big_enc.c:br_digest_size
Unexecuted instantiation: i31_sub.c:br_digest_size
Unexecuted instantiation: i31_rshift.c:br_digest_size
Unexecuted instantiation: i31_ninv31.c:br_digest_size
Unexecuted instantiation: i31_montmul.c:br_digest_size
Unexecuted instantiation: i31_modpow.c:br_digest_size
Unexecuted instantiation: i31_iszero.c:br_digest_size
Unexecuted instantiation: i31_fmont.c:br_digest_size
Unexecuted instantiation: i31_encode.c:br_digest_size
Unexecuted instantiation: i31_decode.c:br_digest_size
Unexecuted instantiation: i31_decmod.c:br_digest_size
Unexecuted instantiation: i31_bitlen.c:br_digest_size
Unexecuted instantiation: i31_add.c:br_digest_size
Unexecuted instantiation: i15_sub.c:br_digest_size
Unexecuted instantiation: i15_rshift.c:br_digest_size
Unexecuted instantiation: i15_ninv15.c:br_digest_size
Unexecuted instantiation: i15_montmul.c:br_digest_size
Unexecuted instantiation: i15_modpow.c:br_digest_size
Unexecuted instantiation: i15_iszero.c:br_digest_size
Unexecuted instantiation: i15_fmont.c:br_digest_size
Unexecuted instantiation: i15_encode.c:br_digest_size
Unexecuted instantiation: i15_decode.c:br_digest_size
Unexecuted instantiation: i15_decmod.c:br_digest_size
Unexecuted instantiation: i15_bitlen.c:br_digest_size
Unexecuted instantiation: i15_add.c:br_digest_size
Unexecuted instantiation: i31_tmont.c:br_digest_size
Unexecuted instantiation: i31_muladd.c:br_digest_size
Unexecuted instantiation: i15_tmont.c:br_digest_size
Unexecuted instantiation: i15_muladd.c:br_digest_size
Unexecuted instantiation: i32_div32.c:br_digest_size
1622
1623
/*
1624
 * Get the output size (in bytes) of a hash function.
1625
 */
1626
size_t br_digest_size_by_ID(int digest_id);
1627
1628
/*
1629
 * Get the OID (encoded OBJECT IDENTIFIER value, without tag and length)
1630
 * for a hash function. If digest_id is not a supported digest identifier
1631
 * (in particular if it is equal to 0, i.e. br_md5sha1_ID), then NULL is
1632
 * returned and *len is set to 0.
1633
 */
1634
const unsigned char *br_digest_OID(int digest_id, size_t *len);
1635
1636
/* ==================================================================== */
1637
/*
1638
 * DES support functions.
1639
 */
1640
1641
/*
1642
 * Apply DES Initial Permutation.
1643
 */
1644
void br_des_do_IP(uint32_t *xl, uint32_t *xr);
1645
1646
/*
1647
 * Apply DES Final Permutation (inverse of IP).
1648
 */
1649
void br_des_do_invIP(uint32_t *xl, uint32_t *xr);
1650
1651
/*
1652
 * Key schedule unit: for a DES key (8 bytes), compute 16 subkeys. Each
1653
 * subkey is two 28-bit words represented as two 32-bit words; the PC-2
1654
 * bit extration is NOT applied.
1655
 */
1656
void br_des_keysched_unit(uint32_t *skey, const void *key);
1657
1658
/*
1659
 * Reversal of 16 DES sub-keys (for decryption).
1660
 */
1661
void br_des_rev_skey(uint32_t *skey);
1662
1663
/*
1664
 * DES/3DES key schedule for 'des_tab' (encryption direction). Returned
1665
 * value is the number of rounds.
1666
 */
1667
unsigned br_des_tab_keysched(uint32_t *skey, const void *key, size_t key_len);
1668
1669
/*
1670
 * DES/3DES key schedule for 'des_ct' (encryption direction). Returned
1671
 * value is the number of rounds.
1672
 */
1673
unsigned br_des_ct_keysched(uint32_t *skey, const void *key, size_t key_len);
1674
1675
/*
1676
 * DES/3DES subkey decompression (from the compressed bitsliced subkeys).
1677
 */
1678
void br_des_ct_skey_expand(uint32_t *sk_exp,
1679
  unsigned num_rounds, const uint32_t *skey);
1680
1681
/*
1682
 * DES/3DES block encryption/decryption ('des_tab').
1683
 */
1684
void br_des_tab_process_block(unsigned num_rounds,
1685
  const uint32_t *skey, void *block);
1686
1687
/*
1688
 * DES/3DES block encryption/decryption ('des_ct').
1689
 */
1690
void br_des_ct_process_block(unsigned num_rounds,
1691
  const uint32_t *skey, void *block);
1692
1693
/* ==================================================================== */
1694
/*
1695
 * AES support functions.
1696
 */
1697
1698
/*
1699
 * The AES S-box (256-byte table).
1700
 */
1701
extern const unsigned char br_aes_S[];
1702
1703
/*
1704
 * AES key schedule. skey[] is filled with n+1 128-bit subkeys, where n
1705
 * is the number of rounds (10 to 14, depending on key size). The number
1706
 * of rounds is returned. If the key size is invalid (not 16, 24 or 32),
1707
 * then 0 is returned.
1708
 *
1709
 * This implementation uses a 256-byte table and is NOT constant-time.
1710
 */
1711
unsigned br_aes_keysched(uint32_t *skey, const void *key, size_t key_len);
1712
1713
/*
1714
 * AES key schedule for decryption ('aes_big' implementation).
1715
 */
1716
unsigned br_aes_big_keysched_inv(uint32_t *skey,
1717
  const void *key, size_t key_len);
1718
1719
/*
1720
 * AES block encryption with the 'aes_big' implementation (fast, but
1721
 * not constant-time). This function encrypts a single block "in place".
1722
 */
1723
void br_aes_big_encrypt(unsigned num_rounds, const uint32_t *skey, void *data);
1724
1725
/*
1726
 * AES block decryption with the 'aes_big' implementation (fast, but
1727
 * not constant-time). This function decrypts a single block "in place".
1728
 */
1729
void br_aes_big_decrypt(unsigned num_rounds, const uint32_t *skey, void *data);
1730
1731
/*
1732
 * AES block encryption with the 'aes_small' implementation (small, but
1733
 * slow and not constant-time). This function encrypts a single block
1734
 * "in place".
1735
 */
1736
void br_aes_small_encrypt(unsigned num_rounds,
1737
  const uint32_t *skey, void *data);
1738
1739
/*
1740
 * AES block decryption with the 'aes_small' implementation (small, but
1741
 * slow and not constant-time). This function decrypts a single block
1742
 * "in place".
1743
 */
1744
void br_aes_small_decrypt(unsigned num_rounds,
1745
  const uint32_t *skey, void *data);
1746
1747
/*
1748
 * The constant-time implementation is "bitsliced": the 128-bit state is
1749
 * split over eight 32-bit words q* in the following way:
1750
 *
1751
 * -- Input block consists in 16 bytes:
1752
 *    a00 a10 a20 a30 a01 a11 a21 a31 a02 a12 a22 a32 a03 a13 a23 a33
1753
 * In the terminology of FIPS 197, this is a 4x4 matrix which is read
1754
 * column by column.
1755
 *
1756
 * -- Each byte is split into eight bits which are distributed over the
1757
 * eight words, at the same rank. Thus, for a byte x at rank k, bit 0
1758
 * (least significant) of x will be at rank k in q0 (if that bit is b,
1759
 * then it contributes "b << k" to the value of q0), bit 1 of x will be
1760
 * at rank k in q1, and so on.
1761
 *
1762
 * -- Ranks given to bits are in "row order" and are either all even, or
1763
 * all odd. Two independent AES states are thus interleaved, one using
1764
 * the even ranks, the other the odd ranks. Row order means:
1765
 *    a00 a01 a02 a03 a10 a11 a12 a13 a20 a21 a22 a23 a30 a31 a32 a33
1766
 *
1767
 * Converting input bytes from two AES blocks to bitslice representation
1768
 * is done in the following way:
1769
 * -- Decode first block into the four words q0 q2 q4 q6, in that order,
1770
 * using little-endian convention.
1771
 * -- Decode second block into the four words q1 q3 q5 q7, in that order,
1772
 * using little-endian convention.
1773
 * -- Call br_aes_ct_ortho().
1774
 *
1775
 * Converting back to bytes is done by using the reverse operations. Note
1776
 * that br_aes_ct_ortho() is its own inverse.
1777
 */
1778
1779
/*
1780
 * Perform bytewise orthogonalization of eight 32-bit words. Bytes
1781
 * of q0..q7 are spread over all words: for a byte x that occurs
1782
 * at rank i in q[j] (byte x uses bits 8*i to 8*i+7 in q[j]), the bit
1783
 * of rank k in x (0 <= k <= 7) goes to q[k] at rank 8*i+j.
1784
 *
1785
 * This operation is an involution.
1786
 */
1787
void br_aes_ct_ortho(uint32_t *q);
1788
1789
/*
1790
 * The AES S-box, as a bitsliced constant-time version. The input array
1791
 * consists in eight 32-bit words; 32 S-box instances are computed in
1792
 * parallel. Bits 0 to 7 of each S-box input (bit 0 is least significant)
1793
 * are spread over the words 0 to 7, at the same rank.
1794
 */
1795
void br_aes_ct_bitslice_Sbox(uint32_t *q);
1796
1797
/*
1798
 * Like br_aes_bitslice_Sbox(), but for the inverse S-box.
1799
 */
1800
void br_aes_ct_bitslice_invSbox(uint32_t *q);
1801
1802
/*
1803
 * Compute AES encryption on bitsliced data. Since input is stored on
1804
 * eight 32-bit words, two block encryptions are actually performed
1805
 * in parallel.
1806
 */
1807
void br_aes_ct_bitslice_encrypt(unsigned num_rounds,
1808
  const uint32_t *skey, uint32_t *q);
1809
1810
/*
1811
 * Compute AES decryption on bitsliced data. Since input is stored on
1812
 * eight 32-bit words, two block decryptions are actually performed
1813
 * in parallel.
1814
 */
1815
void br_aes_ct_bitslice_decrypt(unsigned num_rounds,
1816
  const uint32_t *skey, uint32_t *q);
1817
1818
/*
1819
 * AES key schedule, constant-time version. skey[] is filled with n+1
1820
 * 128-bit subkeys, where n is the number of rounds (10 to 14, depending
1821
 * on key size). The number of rounds is returned. If the key size is
1822
 * invalid (not 16, 24 or 32), then 0 is returned.
1823
 */
1824
unsigned br_aes_ct_keysched(uint32_t *comp_skey,
1825
  const void *key, size_t key_len);
1826
1827
/*
1828
 * Expand AES subkeys as produced by br_aes_ct_keysched(), into
1829
 * a larger array suitable for br_aes_ct_bitslice_encrypt() and
1830
 * br_aes_ct_bitslice_decrypt().
1831
 */
1832
void br_aes_ct_skey_expand(uint32_t *skey,
1833
  unsigned num_rounds, const uint32_t *comp_skey);
1834
1835
/*
1836
 * For the ct64 implementation, the same bitslicing technique is used,
1837
 * but four instances are interleaved. First instance uses bits 0, 4,
1838
 * 8, 12,... of each word; second instance uses bits 1, 5, 9, 13,...
1839
 * and so on.
1840
 */
1841
1842
/*
1843
 * Perform bytewise orthogonalization of eight 64-bit words. Bytes
1844
 * of q0..q7 are spread over all words: for a byte x that occurs
1845
 * at rank i in q[j] (byte x uses bits 8*i to 8*i+7 in q[j]), the bit
1846
 * of rank k in x (0 <= k <= 7) goes to q[k] at rank 8*i+j.
1847
 *
1848
 * This operation is an involution.
1849
 */
1850
void br_aes_ct64_ortho(uint64_t *q);
1851
1852
/*
1853
 * Interleave bytes for an AES input block. If input bytes are
1854
 * denoted 0123456789ABCDEF, and have been decoded with little-endian
1855
 * convention (w[0] contains 0123, with '3' being most significant;
1856
 * w[1] contains 4567, and so on), then output word q0 will be
1857
 * set to 08192A3B (again little-endian convention) and q1 will
1858
 * be set to 4C5D6E7F.
1859
 */
1860
void br_aes_ct64_interleave_in(uint64_t *q0, uint64_t *q1, const uint32_t *w);
1861
1862
/*
1863
 * Perform the opposite of br_aes_ct64_interleave_in().
1864
 */
1865
void br_aes_ct64_interleave_out(uint32_t *w, uint64_t q0, uint64_t q1);
1866
1867
/*
1868
 * The AES S-box, as a bitsliced constant-time version. The input array
1869
 * consists in eight 64-bit words; 64 S-box instances are computed in
1870
 * parallel. Bits 0 to 7 of each S-box input (bit 0 is least significant)
1871
 * are spread over the words 0 to 7, at the same rank.
1872
 */
1873
void br_aes_ct64_bitslice_Sbox(uint64_t *q);
1874
1875
/*
1876
 * Like br_aes_bitslice_Sbox(), but for the inverse S-box.
1877
 */
1878
void br_aes_ct64_bitslice_invSbox(uint64_t *q);
1879
1880
/*
1881
 * Compute AES encryption on bitsliced data. Since input is stored on
1882
 * eight 64-bit words, four block encryptions are actually performed
1883
 * in parallel.
1884
 */
1885
void br_aes_ct64_bitslice_encrypt(unsigned num_rounds,
1886
  const uint64_t *skey, uint64_t *q);
1887
1888
/*
1889
 * Compute AES decryption on bitsliced data. Since input is stored on
1890
 * eight 64-bit words, four block decryptions are actually performed
1891
 * in parallel.
1892
 */
1893
void br_aes_ct64_bitslice_decrypt(unsigned num_rounds,
1894
  const uint64_t *skey, uint64_t *q);
1895
1896
/*
1897
 * AES key schedule, constant-time version. skey[] is filled with n+1
1898
 * 128-bit subkeys, where n is the number of rounds (10 to 14, depending
1899
 * on key size). The number of rounds is returned. If the key size is
1900
 * invalid (not 16, 24 or 32), then 0 is returned.
1901
 */
1902
unsigned br_aes_ct64_keysched(uint64_t *comp_skey,
1903
  const void *key, size_t key_len);
1904
1905
/*
1906
 * Expand AES subkeys as produced by br_aes_ct64_keysched(), into
1907
 * a larger array suitable for br_aes_ct64_bitslice_encrypt() and
1908
 * br_aes_ct64_bitslice_decrypt().
1909
 */
1910
void br_aes_ct64_skey_expand(uint64_t *skey,
1911
  unsigned num_rounds, const uint64_t *comp_skey);
1912
1913
/*
1914
 * Test support for AES-NI opcodes.
1915
 */
1916
int br_aes_x86ni_supported(void);
1917
1918
/*
1919
 * AES key schedule, using x86 AES-NI instructions. This yields the
1920
 * subkeys in the encryption direction. Number of rounds is returned.
1921
 * Key size MUST be 16, 24 or 32 bytes; otherwise, 0 is returned.
1922
 */
1923
unsigned br_aes_x86ni_keysched_enc(unsigned char *skni,
1924
  const void *key, size_t len);
1925
1926
/*
1927
 * AES key schedule, using x86 AES-NI instructions. This yields the
1928
 * subkeys in the decryption direction. Number of rounds is returned.
1929
 * Key size MUST be 16, 24 or 32 bytes; otherwise, 0 is returned.
1930
 */
1931
unsigned br_aes_x86ni_keysched_dec(unsigned char *skni,
1932
  const void *key, size_t len);
1933
1934
/*
1935
 * Test support for AES POWER8 opcodes.
1936
 */
1937
int br_aes_pwr8_supported(void);
1938
1939
/*
1940
 * AES key schedule, using POWER8 instructions. This yields the
1941
 * subkeys in the encryption direction. Number of rounds is returned.
1942
 * Key size MUST be 16, 24 or 32 bytes; otherwise, 0 is returned.
1943
 */
1944
unsigned br_aes_pwr8_keysched(unsigned char *skni,
1945
  const void *key, size_t len);
1946
1947
/* ==================================================================== */
1948
/*
1949
 * RSA.
1950
 */
1951
1952
/*
1953
 * Apply proper PKCS#1 v1.5 padding (for signatures). 'hash_oid' is
1954
 * the encoded hash function OID, or NULL.
1955
 */
1956
uint32_t br_rsa_pkcs1_sig_pad(const unsigned char *hash_oid,
1957
  const unsigned char *hash, size_t hash_len,
1958
  uint32_t n_bitlen, unsigned char *x);
1959
1960
/*
1961
 * Check PKCS#1 v1.5 padding (for signatures). 'hash_oid' is the encoded
1962
 * hash function OID, or NULL. The provided 'sig' value is _after_ the
1963
 * modular exponentiation, i.e. it should be the padded hash. On
1964
 * success, the hashed message is extracted.
1965
 */
1966
uint32_t br_rsa_pkcs1_sig_unpad(const unsigned char *sig, size_t sig_len,
1967
  const unsigned char *hash_oid, size_t hash_len,
1968
  unsigned char *hash_out);
1969
1970
/*
1971
 * Apply proper PSS padding. The 'x' buffer is output only: it
1972
 * receives the value that is to be exponentiated.
1973
 */
1974
uint32_t br_rsa_pss_sig_pad(const br_prng_class **rng,
1975
  const br_hash_class *hf_data, const br_hash_class *hf_mgf1,
1976
  const unsigned char *hash, size_t salt_len,
1977
  uint32_t n_bitlen, unsigned char *x);
1978
1979
/*
1980
 * Check PSS padding. The provided value is the one _after_
1981
 * the modular exponentiation; it is modified by this function.
1982
 * This function infers the signature length from the public key
1983
 * size, i.e. it assumes that this has already been verified (as
1984
 * part of the exponentiation).
1985
 */
1986
uint32_t br_rsa_pss_sig_unpad(
1987
  const br_hash_class *hf_data, const br_hash_class *hf_mgf1,
1988
  const unsigned char *hash, size_t salt_len,
1989
  const br_rsa_public_key *pk, unsigned char *x);
1990
1991
/*
1992
 * Apply OAEP padding. Returned value is the actual padded string length,
1993
 * or zero on error.
1994
 */
1995
size_t br_rsa_oaep_pad(const br_prng_class **rnd, const br_hash_class *dig,
1996
  const void *label, size_t label_len, const br_rsa_public_key *pk,
1997
  void *dst, size_t dst_nax_len, const void *src, size_t src_len);
1998
1999
/*
2000
 * Unravel and check OAEP padding. If the padding is correct, then 1 is
2001
 * returned, '*len' is adjusted to the length of the message, and the
2002
 * data is moved to the start of the 'data' buffer. If the padding is
2003
 * incorrect, then 0 is returned and '*len' is untouched. Either way,
2004
 * the complete buffer contents are altered.
2005
 */
2006
uint32_t br_rsa_oaep_unpad(const br_hash_class *dig,
2007
  const void *label, size_t label_len, void *data, size_t *len);
2008
2009
/*
2010
 * Compute MGF1 for a given seed, and XOR the output into the provided
2011
 * buffer.
2012
 */
2013
void br_mgf1_xor(void *data, size_t len,
2014
  const br_hash_class *dig, const void *seed, size_t seed_len);
2015
2016
/*
2017
 * Inner function for RSA key generation; used by the "i31" and "i62"
2018
 * implementations.
2019
 */
2020
uint32_t br_rsa_i31_keygen_inner(const br_prng_class **rng,
2021
  br_rsa_private_key *sk, void *kbuf_priv,
2022
  br_rsa_public_key *pk, void *kbuf_pub,
2023
  unsigned size, uint32_t pubexp, br_i31_modpow_opt_type mp31);
2024
2025
/* ==================================================================== */
2026
/*
2027
 * Elliptic curves.
2028
 */
2029
2030
/*
2031
 * Type for generic EC parameters: curve order (unsigned big-endian
2032
 * encoding) and encoded conventional generator.
2033
 */
2034
typedef struct {
2035
  int curve;
2036
  const unsigned char *order;
2037
  size_t order_len;
2038
  const unsigned char *generator;
2039
  size_t generator_len;
2040
} br_ec_curve_def;
2041
2042
extern const br_ec_curve_def br_secp256r1;
2043
extern const br_ec_curve_def br_secp384r1;
2044
extern const br_ec_curve_def br_secp521r1;
2045
2046
/*
2047
 * For Curve25519, the advertised "order" really is 2^255-1, since the
2048
 * point multipliction function really works over arbitrary 255-bit
2049
 * scalars. This value is only meant as a hint for ECDH key generation;
2050
 * only ECDSA uses the exact curve order, and ECDSA is not used with
2051
 * that specific curve.
2052
 */
2053
extern const br_ec_curve_def br_curve25519;
2054
2055
/*
2056
 * Decode some bytes as an i31 integer, with truncation (corresponding
2057
 * to the 'bits2int' operation in RFC 6979). The target ENCODED bit
2058
 * length is provided as last parameter. The resulting value will have
2059
 * this declared bit length, and consists the big-endian unsigned decoding
2060
 * of exactly that many bits in the source (capped at the source length).
2061
 */
2062
void br_ecdsa_i31_bits2int(uint32_t *x,
2063
  const void *src, size_t len, uint32_t ebitlen);
2064
2065
/*
2066
 * Decode some bytes as an i15 integer, with truncation (corresponding
2067
 * to the 'bits2int' operation in RFC 6979). The target ENCODED bit
2068
 * length is provided as last parameter. The resulting value will have
2069
 * this declared bit length, and consists the big-endian unsigned decoding
2070
 * of exactly that many bits in the source (capped at the source length).
2071
 */
2072
void br_ecdsa_i15_bits2int(uint16_t *x,
2073
  const void *src, size_t len, uint32_t ebitlen);
2074
2075
/* ==================================================================== */
2076
/*
2077
 * ASN.1 support functions.
2078
 */
2079
2080
/*
2081
 * A br_asn1_uint structure contains encoding information about an
2082
 * INTEGER nonnegative value: pointer to the integer contents (unsigned
2083
 * big-endian representation), length of the integer contents,
2084
 * and length of the encoded value. The data shall have minimal length:
2085
 *  - If the integer value is zero, then 'len' must be zero.
2086
 *  - If the integer value is not zero, then data[0] must be non-zero.
2087
 *
2088
 * Under these conditions, 'asn1len' is necessarily equal to either len
2089
 * or len+1.
2090
 */
2091
typedef struct {
2092
  const unsigned char *data;
2093
  size_t len;
2094
  size_t asn1len;
2095
} br_asn1_uint;
2096
2097
/*
2098
 * Given an encoded integer (unsigned big-endian, with possible leading
2099
 * bytes of value 0), returned the "prepared INTEGER" structure.
2100
 */
2101
br_asn1_uint br_asn1_uint_prepare(const void *xdata, size_t xlen);
2102
2103
/*
2104
 * Encode an ASN.1 length. The length of the encoded length is returned.
2105
 * If 'dest' is NULL, then no encoding is performed, but the length of
2106
 * the encoded length is still computed and returned.
2107
 */
2108
size_t br_asn1_encode_length(void *dest, size_t len);
2109
2110
/*
2111
 * Convenient macro for computing lengths of lengths.
2112
 */
2113
#define len_of_len(len)   br_asn1_encode_length(NULL, len)
2114
2115
/*
2116
 * Encode a (prepared) ASN.1 INTEGER. The encoded length is returned.
2117
 * If 'dest' is NULL, then no encoding is performed, but the length of
2118
 * the encoded integer is still computed and returned.
2119
 */
2120
size_t br_asn1_encode_uint(void *dest, br_asn1_uint pp);
2121
2122
/*
2123
 * Get the OID that identifies an elliptic curve. Returned value is
2124
 * the DER-encoded OID, with the length (always one byte) but without
2125
 * the tag. Thus, the first byte of the returned buffer contains the
2126
 * number of subsequent bytes in the value. If the curve is not
2127
 * recognised, NULL is returned.
2128
 */
2129
const unsigned char *br_get_curve_OID(int curve);
2130
2131
/*
2132
 * Inner function for EC private key encoding. This is equivalent to
2133
 * the API function br_encode_ec_raw_der(), except for an extra
2134
 * parameter: if 'include_curve_oid' is zero, then the curve OID is
2135
 * _not_ included in the output blob (this is for PKCS#8 support).
2136
 */
2137
size_t br_encode_ec_raw_der_inner(void *dest,
2138
  const br_ec_private_key *sk, const br_ec_public_key *pk,
2139
  int include_curve_oid);
2140
2141
/* ==================================================================== */
2142
/*
2143
 * SSL/TLS support functions.
2144
 */
2145
2146
/*
2147
 * Record types.
2148
 */
2149
#define BR_SSL_CHANGE_CIPHER_SPEC    20
2150
#define BR_SSL_ALERT                 21
2151
#define BR_SSL_HANDSHAKE             22
2152
#define BR_SSL_APPLICATION_DATA      23
2153
2154
/*
2155
 * Handshake message types.
2156
 */
2157
#define BR_SSL_HELLO_REQUEST          0
2158
#define BR_SSL_CLIENT_HELLO           1
2159
#define BR_SSL_SERVER_HELLO           2
2160
#define BR_SSL_CERTIFICATE           11
2161
#define BR_SSL_SERVER_KEY_EXCHANGE   12
2162
#define BR_SSL_CERTIFICATE_REQUEST   13
2163
#define BR_SSL_SERVER_HELLO_DONE     14
2164
#define BR_SSL_CERTIFICATE_VERIFY    15
2165
#define BR_SSL_CLIENT_KEY_EXCHANGE   16
2166
#define BR_SSL_FINISHED              20
2167
2168
/*
2169
 * Alert levels.
2170
 */
2171
#define BR_LEVEL_WARNING   1
2172
#define BR_LEVEL_FATAL     2
2173
2174
/*
2175
 * Low-level I/O state.
2176
 */
2177
#define BR_IO_FAILED   0
2178
#define BR_IO_IN       1
2179
#define BR_IO_OUT      2
2180
#define BR_IO_INOUT    3
2181
2182
/*
2183
 * Mark a SSL engine as failed. The provided error code is recorded if
2184
 * the engine was not already marked as failed. If 'err' is 0, then the
2185
 * engine is marked as closed (without error).
2186
 */
2187
void br_ssl_engine_fail(br_ssl_engine_context *cc, int err);
2188
2189
/*
2190
 * Test whether the engine is closed (normally or as a failure).
2191
 */
2192
static inline int
2193
br_ssl_engine_closed(const br_ssl_engine_context *cc)
2194
0
{
2195
0
  return cc->iomode == BR_IO_FAILED;
2196
0
}
Unexecuted instantiation: poly1305_ctmul.c:br_ssl_engine_closed
Unexecuted instantiation: chacha20_sse2.c:br_ssl_engine_closed
Unexecuted instantiation: chacha20_ct.c:br_ssl_engine_closed
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_ssl_engine_closed
Unexecuted instantiation: aes_x86ni.c:br_ssl_engine_closed
Unexecuted instantiation: aes_small_ctrcbc.c:br_ssl_engine_closed
Unexecuted instantiation: aes_ct_ctrcbc.c:br_ssl_engine_closed
Unexecuted instantiation: aes_ct_ctr.c:br_ssl_engine_closed
Unexecuted instantiation: aes_ct64_ctrcbc.c:br_ssl_engine_closed
Unexecuted instantiation: aes_ct64.c:br_ssl_engine_closed
Unexecuted instantiation: aes_ct.c:br_ssl_engine_closed
Unexecuted instantiation: aes_common.c:br_ssl_engine_closed
Unexecuted instantiation: aes_big_ctrcbc.c:br_ssl_engine_closed
Unexecuted instantiation: prf_md5sha1.c:br_ssl_engine_closed
Unexecuted instantiation: prf.c:br_ssl_engine_closed
Unexecuted instantiation: sysrng.c:br_ssl_engine_closed
Unexecuted instantiation: hmac_drbg.c:br_ssl_engine_closed
Unexecuted instantiation: hmac.c:br_ssl_engine_closed
Unexecuted instantiation: shake.c:br_ssl_engine_closed
Unexecuted instantiation: hkdf.c:br_ssl_engine_closed
Unexecuted instantiation: sha2small.c:br_ssl_engine_closed
Unexecuted instantiation: sha2big.c:br_ssl_engine_closed
Unexecuted instantiation: sha1.c:br_ssl_engine_closed
Unexecuted instantiation: md5sha1.c:br_ssl_engine_closed
Unexecuted instantiation: md5.c:br_ssl_engine_closed
Unexecuted instantiation: ghash_ctmul32.c:br_ssl_engine_closed
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_ssl_engine_closed
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_ssl_engine_closed
Unexecuted instantiation: ecdsa_i31_bits.c:br_ssl_engine_closed
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_ssl_engine_closed
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_ssl_engine_closed
Unexecuted instantiation: ecdsa_i15_bits.c:br_ssl_engine_closed
Unexecuted instantiation: ec_secp521r1.c:br_ssl_engine_closed
Unexecuted instantiation: ec_secp384r1.c:br_ssl_engine_closed
Unexecuted instantiation: ec_secp256r1.c:br_ssl_engine_closed
Unexecuted instantiation: ec_pubkey.c:br_ssl_engine_closed
Unexecuted instantiation: ec_prime_i31.c:br_ssl_engine_closed
Unexecuted instantiation: ec_prime_i15.c:br_ssl_engine_closed
Unexecuted instantiation: ec_p256_m64.c:br_ssl_engine_closed
Unexecuted instantiation: ec_p256_m62.c:br_ssl_engine_closed
Unexecuted instantiation: ec_p256_m31.c:br_ssl_engine_closed
Unexecuted instantiation: ec_p256_m15.c:br_ssl_engine_closed
Unexecuted instantiation: ec_keygen.c:br_ssl_engine_closed
Unexecuted instantiation: ec_default.c:br_ssl_engine_closed
Unexecuted instantiation: ec_c25519_m64.c:br_ssl_engine_closed
Unexecuted instantiation: ec_c25519_m62.c:br_ssl_engine_closed
Unexecuted instantiation: ec_c25519_m31.c:br_ssl_engine_closed
Unexecuted instantiation: ec_c25519_m15.c:br_ssl_engine_closed
Unexecuted instantiation: ec_c25519_i31.c:br_ssl_engine_closed
Unexecuted instantiation: ec_c25519_i15.c:br_ssl_engine_closed
Unexecuted instantiation: ec_all_m31.c:br_ssl_engine_closed
Unexecuted instantiation: enc64be.c:br_ssl_engine_closed
Unexecuted instantiation: enc32le.c:br_ssl_engine_closed
Unexecuted instantiation: enc32be.c:br_ssl_engine_closed
Unexecuted instantiation: dec64be.c:br_ssl_engine_closed
Unexecuted instantiation: dec32le.c:br_ssl_engine_closed
Unexecuted instantiation: dec32be.c:br_ssl_engine_closed
Unexecuted instantiation: ccopy.c:br_ssl_engine_closed
Unexecuted instantiation: gcm.c:br_ssl_engine_closed
Unexecuted instantiation: ccm.c:br_ssl_engine_closed
Unexecuted instantiation: aes_small_enc.c:br_ssl_engine_closed
Unexecuted instantiation: aes_ct_enc.c:br_ssl_engine_closed
Unexecuted instantiation: aes_ct64_enc.c:br_ssl_engine_closed
Unexecuted instantiation: aes_big_enc.c:br_ssl_engine_closed
Unexecuted instantiation: i31_sub.c:br_ssl_engine_closed
Unexecuted instantiation: i31_rshift.c:br_ssl_engine_closed
Unexecuted instantiation: i31_ninv31.c:br_ssl_engine_closed
Unexecuted instantiation: i31_montmul.c:br_ssl_engine_closed
Unexecuted instantiation: i31_modpow.c:br_ssl_engine_closed
Unexecuted instantiation: i31_iszero.c:br_ssl_engine_closed
Unexecuted instantiation: i31_fmont.c:br_ssl_engine_closed
Unexecuted instantiation: i31_encode.c:br_ssl_engine_closed
Unexecuted instantiation: i31_decode.c:br_ssl_engine_closed
Unexecuted instantiation: i31_decmod.c:br_ssl_engine_closed
Unexecuted instantiation: i31_bitlen.c:br_ssl_engine_closed
Unexecuted instantiation: i31_add.c:br_ssl_engine_closed
Unexecuted instantiation: i15_sub.c:br_ssl_engine_closed
Unexecuted instantiation: i15_rshift.c:br_ssl_engine_closed
Unexecuted instantiation: i15_ninv15.c:br_ssl_engine_closed
Unexecuted instantiation: i15_montmul.c:br_ssl_engine_closed
Unexecuted instantiation: i15_modpow.c:br_ssl_engine_closed
Unexecuted instantiation: i15_iszero.c:br_ssl_engine_closed
Unexecuted instantiation: i15_fmont.c:br_ssl_engine_closed
Unexecuted instantiation: i15_encode.c:br_ssl_engine_closed
Unexecuted instantiation: i15_decode.c:br_ssl_engine_closed
Unexecuted instantiation: i15_decmod.c:br_ssl_engine_closed
Unexecuted instantiation: i15_bitlen.c:br_ssl_engine_closed
Unexecuted instantiation: i15_add.c:br_ssl_engine_closed
Unexecuted instantiation: i31_tmont.c:br_ssl_engine_closed
Unexecuted instantiation: i31_muladd.c:br_ssl_engine_closed
Unexecuted instantiation: i15_tmont.c:br_ssl_engine_closed
Unexecuted instantiation: i15_muladd.c:br_ssl_engine_closed
Unexecuted instantiation: i32_div32.c:br_ssl_engine_closed
2197
2198
/*
2199
 * Configure a new maximum fragment length. If possible, the maximum
2200
 * length for outgoing records is immediately adjusted (if there are
2201
 * not already too many buffered bytes for that).
2202
 */
2203
void br_ssl_engine_new_max_frag_len(
2204
  br_ssl_engine_context *rc, unsigned max_frag_len);
2205
2206
/*
2207
 * Test whether the current incoming record has been fully received
2208
 * or not. This functions returns 0 only if a complete record header
2209
 * has been received, but some of the (possibly encrypted) payload
2210
 * has not yet been obtained.
2211
 */
2212
int br_ssl_engine_recvrec_finished(const br_ssl_engine_context *rc);
2213
2214
/*
2215
 * Flush the current record (if not empty). This is meant to be called
2216
 * from the handshake processor only.
2217
 */
2218
void br_ssl_engine_flush_record(br_ssl_engine_context *cc);
2219
2220
/*
2221
 * Test whether there is some accumulated payload to send.
2222
 */
2223
static inline int
2224
br_ssl_engine_has_pld_to_send(const br_ssl_engine_context *rc)
2225
0
{
2226
0
  return rc->oxa != rc->oxb && rc->oxa != rc->oxc;
2227
0
}
Unexecuted instantiation: poly1305_ctmul.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: chacha20_sse2.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: chacha20_ct.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: aes_x86ni.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: aes_small_ctrcbc.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: aes_ct_ctrcbc.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: aes_ct_ctr.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: aes_ct64_ctrcbc.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: aes_ct64.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: aes_ct.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: aes_common.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: aes_big_ctrcbc.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: prf_md5sha1.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: prf.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: sysrng.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: hmac_drbg.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: hmac.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: shake.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: hkdf.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: sha2small.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: sha2big.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: sha1.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: md5sha1.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: md5.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ghash_ctmul32.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ecdsa_i31_bits.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ecdsa_i15_bits.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_secp521r1.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_secp384r1.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_secp256r1.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_pubkey.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_prime_i31.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_prime_i15.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_p256_m64.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_p256_m62.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_p256_m31.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_p256_m15.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_keygen.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_default.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_c25519_m64.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_c25519_m62.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_c25519_m31.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_c25519_m15.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_c25519_i31.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_c25519_i15.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ec_all_m31.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: enc64be.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: enc32le.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: enc32be.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: dec64be.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: dec32le.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: dec32be.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ccopy.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: gcm.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: ccm.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: aes_small_enc.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: aes_ct_enc.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: aes_ct64_enc.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: aes_big_enc.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i31_sub.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i31_rshift.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i31_ninv31.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i31_montmul.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i31_modpow.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i31_iszero.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i31_fmont.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i31_encode.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i31_decode.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i31_decmod.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i31_bitlen.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i31_add.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i15_sub.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i15_rshift.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i15_ninv15.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i15_montmul.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i15_modpow.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i15_iszero.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i15_fmont.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i15_encode.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i15_decode.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i15_decmod.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i15_bitlen.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i15_add.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i31_tmont.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i31_muladd.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i15_tmont.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i15_muladd.c:br_ssl_engine_has_pld_to_send
Unexecuted instantiation: i32_div32.c:br_ssl_engine_has_pld_to_send
2228
2229
/*
2230
 * Initialize RNG in engine. Returned value is 1 on success, 0 on error.
2231
 * This function will try to use the OS-provided RNG, if available. If
2232
 * there is no OS-provided RNG, or if it failed, and no entropy was
2233
 * injected by the caller, then a failure will be reported. On error,
2234
 * the context error code is set.
2235
 */
2236
int br_ssl_engine_init_rand(br_ssl_engine_context *cc);
2237
2238
/*
2239
 * Reset the handshake-related parts of the engine.
2240
 */
2241
void br_ssl_engine_hs_reset(br_ssl_engine_context *cc,
2242
  void (*hsinit)(void *), void (*hsrun)(void *));
2243
2244
/*
2245
 * Get the PRF to use for this context, for the provided PRF hash
2246
 * function ID.
2247
 */
2248
br_tls_prf_impl br_ssl_engine_get_PRF(br_ssl_engine_context *cc, int prf_id);
2249
2250
/*
2251
 * Consume the provided pre-master secret and compute the corresponding
2252
 * master secret. The 'prf_id' is the ID of the hash function to use
2253
 * with the TLS 1.2 PRF (ignored if the version is TLS 1.0 or 1.1).
2254
 */
2255
void br_ssl_engine_compute_master(br_ssl_engine_context *cc,
2256
  int prf_id, const void *pms, size_t len);
2257
2258
/*
2259
 * Switch to CBC decryption for incoming records.
2260
 *    cc               the engine context
2261
 *    is_client        non-zero for a client, zero for a server
2262
 *    prf_id           id of hash function for PRF (ignored if not TLS 1.2+)
2263
 *    mac_id           id of hash function for HMAC
2264
 *    bc_impl          block cipher implementation (CBC decryption)
2265
 *    cipher_key_len   block cipher key length (in bytes)
2266
 */
2267
void br_ssl_engine_switch_cbc_in(br_ssl_engine_context *cc,
2268
  int is_client, int prf_id, int mac_id,
2269
  const br_block_cbcdec_class *bc_impl, size_t cipher_key_len);
2270
2271
/*
2272
 * Switch to CBC encryption for outgoing records.
2273
 *    cc               the engine context
2274
 *    is_client        non-zero for a client, zero for a server
2275
 *    prf_id           id of hash function for PRF (ignored if not TLS 1.2+)
2276
 *    mac_id           id of hash function for HMAC
2277
 *    bc_impl          block cipher implementation (CBC encryption)
2278
 *    cipher_key_len   block cipher key length (in bytes)
2279
 */
2280
void br_ssl_engine_switch_cbc_out(br_ssl_engine_context *cc,
2281
  int is_client, int prf_id, int mac_id,
2282
  const br_block_cbcenc_class *bc_impl, size_t cipher_key_len);
2283
2284
/*
2285
 * Switch to GCM decryption for incoming records.
2286
 *    cc               the engine context
2287
 *    is_client        non-zero for a client, zero for a server
2288
 *    prf_id           id of hash function for PRF
2289
 *    bc_impl          block cipher implementation (CTR)
2290
 *    cipher_key_len   block cipher key length (in bytes)
2291
 */
2292
void br_ssl_engine_switch_gcm_in(br_ssl_engine_context *cc,
2293
  int is_client, int prf_id,
2294
  const br_block_ctr_class *bc_impl, size_t cipher_key_len);
2295
2296
/*
2297
 * Switch to GCM encryption for outgoing records.
2298
 *    cc               the engine context
2299
 *    is_client        non-zero for a client, zero for a server
2300
 *    prf_id           id of hash function for PRF
2301
 *    bc_impl          block cipher implementation (CTR)
2302
 *    cipher_key_len   block cipher key length (in bytes)
2303
 */
2304
void br_ssl_engine_switch_gcm_out(br_ssl_engine_context *cc,
2305
  int is_client, int prf_id,
2306
  const br_block_ctr_class *bc_impl, size_t cipher_key_len);
2307
2308
/*
2309
 * Switch to ChaCha20+Poly1305 decryption for incoming records.
2310
 *    cc               the engine context
2311
 *    is_client        non-zero for a client, zero for a server
2312
 *    prf_id           id of hash function for PRF
2313
 */
2314
void br_ssl_engine_switch_chapol_in(br_ssl_engine_context *cc,
2315
  int is_client, int prf_id);
2316
2317
/*
2318
 * Switch to ChaCha20+Poly1305 encryption for outgoing records.
2319
 *    cc               the engine context
2320
 *    is_client        non-zero for a client, zero for a server
2321
 *    prf_id           id of hash function for PRF
2322
 */
2323
void br_ssl_engine_switch_chapol_out(br_ssl_engine_context *cc,
2324
  int is_client, int prf_id);
2325
2326
/*
2327
 * Switch to CCM decryption for incoming records.
2328
 *    cc               the engine context
2329
 *    is_client        non-zero for a client, zero for a server
2330
 *    prf_id           id of hash function for PRF
2331
 *    bc_impl          block cipher implementation (CTR+CBC)
2332
 *    cipher_key_len   block cipher key length (in bytes)
2333
 *    tag_len          tag length (in bytes)
2334
 */
2335
void br_ssl_engine_switch_ccm_in(br_ssl_engine_context *cc,
2336
  int is_client, int prf_id,
2337
  const br_block_ctrcbc_class *bc_impl,
2338
  size_t cipher_key_len, size_t tag_len);
2339
2340
/*
2341
 * Switch to GCM encryption for outgoing records.
2342
 *    cc               the engine context
2343
 *    is_client        non-zero for a client, zero for a server
2344
 *    prf_id           id of hash function for PRF
2345
 *    bc_impl          block cipher implementation (CTR+CBC)
2346
 *    cipher_key_len   block cipher key length (in bytes)
2347
 *    tag_len          tag length (in bytes)
2348
 */
2349
void br_ssl_engine_switch_ccm_out(br_ssl_engine_context *cc,
2350
  int is_client, int prf_id,
2351
  const br_block_ctrcbc_class *bc_impl,
2352
  size_t cipher_key_len, size_t tag_len);
2353
2354
/*
2355
 * Calls to T0-generated code.
2356
 */
2357
void br_ssl_hs_client_init_main(void *ctx);
2358
void br_ssl_hs_client_run(void *ctx);
2359
void br_ssl_hs_server_init_main(void *ctx);
2360
void br_ssl_hs_server_run(void *ctx);
2361
2362
/*
2363
 * Get the hash function to use for signatures, given a bit mask of
2364
 * supported hash functions. This implements a strict choice order
2365
 * (namely SHA-256, SHA-384, SHA-512, SHA-224, SHA-1). If the mask
2366
 * does not document support of any of these hash functions, then this
2367
 * functions returns 0.
2368
 */
2369
int br_ssl_choose_hash(unsigned bf);
2370
2371
/* ==================================================================== */
2372
2373
/*
2374
 * PowerPC / POWER assembly stuff. The special BR_POWER_ASM_MACROS macro
2375
 * must be defined before including this file; this is done by source
2376
 * files that use some inline assembly for PowerPC / POWER machines.
2377
 */
2378
2379
#if BR_POWER_ASM_MACROS
2380
2381
#define lxvw4x(xt, ra, rb)        lxvw4x_(xt, ra, rb)
2382
#define stxvw4x(xt, ra, rb)       stxvw4x_(xt, ra, rb)
2383
2384
#define bdnz(foo)                 bdnz_(foo)
2385
#define bdz(foo)                  bdz_(foo)
2386
#define beq(foo)                  beq_(foo)
2387
2388
#define li(rx, value)             li_(rx, value)
2389
#define addi(rx, ra, imm)         addi_(rx, ra, imm)
2390
#define cmpldi(rx, imm)           cmpldi_(rx, imm)
2391
#define mtctr(rx)                 mtctr_(rx)
2392
#define vspltb(vrt, vrb, uim)     vspltb_(vrt, vrb, uim)
2393
#define vspltw(vrt, vrb, uim)     vspltw_(vrt, vrb, uim)
2394
#define vspltisb(vrt, imm)        vspltisb_(vrt, imm)
2395
#define vspltisw(vrt, imm)        vspltisw_(vrt, imm)
2396
#define vrlw(vrt, vra, vrb)       vrlw_(vrt, vra, vrb)
2397
#define vsbox(vrt, vra)           vsbox_(vrt, vra)
2398
#define vxor(vrt, vra, vrb)       vxor_(vrt, vra, vrb)
2399
#define vand(vrt, vra, vrb)       vand_(vrt, vra, vrb)
2400
#define vsro(vrt, vra, vrb)       vsro_(vrt, vra, vrb)
2401
#define vsl(vrt, vra, vrb)        vsl_(vrt, vra, vrb)
2402
#define vsldoi(vt, va, vb, sh)    vsldoi_(vt, va, vb, sh)
2403
#define vsr(vrt, vra, vrb)        vsr_(vrt, vra, vrb)
2404
#define vaddcuw(vrt, vra, vrb)    vaddcuw_(vrt, vra, vrb)
2405
#define vadduwm(vrt, vra, vrb)    vadduwm_(vrt, vra, vrb)
2406
#define vsububm(vrt, vra, vrb)    vsububm_(vrt, vra, vrb)
2407
#define vsubuwm(vrt, vra, vrb)    vsubuwm_(vrt, vra, vrb)
2408
#define vsrw(vrt, vra, vrb)       vsrw_(vrt, vra, vrb)
2409
#define vcipher(vt, va, vb)       vcipher_(vt, va, vb)
2410
#define vcipherlast(vt, va, vb)   vcipherlast_(vt, va, vb)
2411
#define vncipher(vt, va, vb)      vncipher_(vt, va, vb)
2412
#define vncipherlast(vt, va, vb)  vncipherlast_(vt, va, vb)
2413
#define vperm(vt, va, vb, vc)     vperm_(vt, va, vb, vc)
2414
#define vpmsumd(vt, va, vb)       vpmsumd_(vt, va, vb)
2415
#define xxpermdi(vt, va, vb, d)   xxpermdi_(vt, va, vb, d)
2416
2417
#define lxvw4x_(xt, ra, rb)       "\tlxvw4x\t" #xt "," #ra "," #rb "\n"
2418
#define stxvw4x_(xt, ra, rb)      "\tstxvw4x\t" #xt "," #ra "," #rb "\n"
2419
2420
#define label(foo)                #foo "%=:\n"
2421
#define bdnz_(foo)                "\tbdnz\t" #foo "%=\n"
2422
#define bdz_(foo)                 "\tbdz\t" #foo "%=\n"
2423
#define beq_(foo)                 "\tbeq\t" #foo "%=\n"
2424
2425
#define li_(rx, value)            "\tli\t" #rx "," #value "\n"
2426
#define addi_(rx, ra, imm)        "\taddi\t" #rx "," #ra "," #imm "\n"
2427
#define cmpldi_(rx, imm)          "\tcmpldi\t" #rx "," #imm "\n"
2428
#define mtctr_(rx)                "\tmtctr\t" #rx "\n"
2429
#define vspltb_(vrt, vrb, uim)    "\tvspltb\t" #vrt "," #vrb "," #uim "\n"
2430
#define vspltw_(vrt, vrb, uim)    "\tvspltw\t" #vrt "," #vrb "," #uim "\n"
2431
#define vspltisb_(vrt, imm)       "\tvspltisb\t" #vrt "," #imm "\n"
2432
#define vspltisw_(vrt, imm)       "\tvspltisw\t" #vrt "," #imm "\n"
2433
#define vrlw_(vrt, vra, vrb)      "\tvrlw\t" #vrt "," #vra "," #vrb "\n"
2434
#define vsbox_(vrt, vra)          "\tvsbox\t" #vrt "," #vra "\n"
2435
#define vxor_(vrt, vra, vrb)      "\tvxor\t" #vrt "," #vra "," #vrb "\n"
2436
#define vand_(vrt, vra, vrb)      "\tvand\t" #vrt "," #vra "," #vrb "\n"
2437
#define vsro_(vrt, vra, vrb)      "\tvsro\t" #vrt "," #vra "," #vrb "\n"
2438
#define vsl_(vrt, vra, vrb)       "\tvsl\t" #vrt "," #vra "," #vrb "\n"
2439
#define vsldoi_(vt, va, vb, sh)   "\tvsldoi\t" #vt "," #va "," #vb "," #sh "\n"
2440
#define vsr_(vrt, vra, vrb)       "\tvsr\t" #vrt "," #vra "," #vrb "\n"
2441
#define vaddcuw_(vrt, vra, vrb)   "\tvaddcuw\t" #vrt "," #vra "," #vrb "\n"
2442
#define vadduwm_(vrt, vra, vrb)   "\tvadduwm\t" #vrt "," #vra "," #vrb "\n"
2443
#define vsububm_(vrt, vra, vrb)   "\tvsububm\t" #vrt "," #vra "," #vrb "\n"
2444
#define vsubuwm_(vrt, vra, vrb)   "\tvsubuwm\t" #vrt "," #vra "," #vrb "\n"
2445
#define vsrw_(vrt, vra, vrb)      "\tvsrw\t" #vrt "," #vra "," #vrb "\n"
2446
#define vcipher_(vt, va, vb)      "\tvcipher\t" #vt "," #va "," #vb "\n"
2447
#define vcipherlast_(vt, va, vb)  "\tvcipherlast\t" #vt "," #va "," #vb "\n"
2448
#define vncipher_(vt, va, vb)     "\tvncipher\t" #vt "," #va "," #vb "\n"
2449
#define vncipherlast_(vt, va, vb) "\tvncipherlast\t" #vt "," #va "," #vb "\n"
2450
#define vperm_(vt, va, vb, vc)    "\tvperm\t" #vt "," #va "," #vb "," #vc "\n"
2451
#define vpmsumd_(vt, va, vb)      "\tvpmsumd\t" #vt "," #va "," #vb "\n"
2452
#define xxpermdi_(vt, va, vb, d)  "\txxpermdi\t" #vt "," #va "," #vb "," #d "\n"
2453
2454
#endif
2455
2456
/* ==================================================================== */
2457
/*
2458
 * Special "activate intrinsics" code, needed for some compiler versions.
2459
 * This is defined at the end of this file, so that it won't impact any
2460
 * of the inline functions defined previously; and it is controlled by
2461
 * a specific macro defined in the caller code.
2462
 *
2463
 * Calling code conventions:
2464
 *
2465
 *  - Caller must define BR_ENABLE_INTRINSICS before including "inner.h".
2466
 *  - Functions that use intrinsics must be enclosed in an "enabled"
2467
 *    region (between BR_TARGETS_X86_UP and BR_TARGETS_X86_DOWN).
2468
 *  - Functions that use intrinsics must be tagged with the appropriate
2469
 *    BR_TARGET().
2470
 */
2471
2472
#if BR_ENABLE_INTRINSICS && (BR_GCC_4_4 || BR_CLANG_3_7 || BR_MSC_2005)
2473
2474
/*
2475
 * x86 intrinsics (both 32-bit and 64-bit).
2476
 */
2477
#if BR_i386 || BR_amd64
2478
2479
/*
2480
 * On GCC before version 5.0, we need to use the pragma to enable the
2481
 * target options globally, because the 'target' function attribute
2482
 * appears to be unreliable. Before 4.6 we must also avoid the
2483
 * push_options / pop_options mechanism, because it tends to trigger
2484
 * some internal compiler errors.
2485
 */
2486
#if BR_GCC && !BR_GCC_5_0
2487
#if BR_GCC_4_6
2488
#define BR_TARGETS_X86_UP \
2489
  _Pragma("GCC push_options") \
2490
  _Pragma("GCC target(\"sse2,ssse3,sse4.1,aes,pclmul,rdrnd\")")
2491
#define BR_TARGETS_X86_DOWN \
2492
  _Pragma("GCC pop_options")
2493
#else
2494
#define BR_TARGETS_X86_UP \
2495
  _Pragma("GCC target(\"sse2,ssse3,sse4.1,aes,pclmul\")")
2496
#define BR_TARGETS_X86_DOWN
2497
#endif
2498
#pragma GCC diagnostic ignored "-Wpsabi"
2499
#endif
2500
2501
#if BR_CLANG && !BR_CLANG_3_8
2502
#undef __SSE2__
2503
#undef __SSE3__
2504
#undef __SSSE3__
2505
#undef __SSE4_1__
2506
#undef __AES__
2507
#undef __PCLMUL__
2508
#undef __RDRND__
2509
#define __SSE2__     1
2510
#define __SSE3__     1
2511
#define __SSSE3__    1
2512
#define __SSE4_1__   1
2513
#define __AES__      1
2514
#define __PCLMUL__   1
2515
#define __RDRND__    1
2516
#endif
2517
2518
#ifndef BR_TARGETS_X86_UP
2519
#define BR_TARGETS_X86_UP
2520
#endif
2521
#ifndef BR_TARGETS_X86_DOWN
2522
#define BR_TARGETS_X86_DOWN
2523
#endif
2524
2525
#if BR_GCC || BR_CLANG
2526
BR_TARGETS_X86_UP
2527
#include <x86intrin.h>
2528
#include <cpuid.h>
2529
#define br_bswap32   __builtin_bswap32
2530
BR_TARGETS_X86_DOWN
2531
#endif
2532
2533
#if BR_MSC
2534
#include <stdlib.h>
2535
#include <intrin.h>
2536
#include <immintrin.h>
2537
#define br_bswap32   _byteswap_ulong
2538
#endif
2539
2540
static inline int
2541
br_cpuid(uint32_t mask_eax, uint32_t mask_ebx,
2542
  uint32_t mask_ecx, uint32_t mask_edx)
2543
236
{
2544
236
#if BR_GCC || BR_CLANG
2545
236
  unsigned eax, ebx, ecx, edx;
2546
2547
236
  if (__get_cpuid(1, &eax, &ebx, &ecx, &edx)) {
2548
236
    if ((eax & mask_eax) == mask_eax
2549
236
      && (ebx & mask_ebx) == mask_ebx
2550
236
      && (ecx & mask_ecx) == mask_ecx
2551
236
      && (edx & mask_edx) == mask_edx)
2552
236
    {
2553
236
      return 1;
2554
236
    }
2555
236
  }
2556
#elif BR_MSC
2557
  int info[4];
2558
2559
  __cpuid(info, 1);
2560
  if (((uint32_t)info[0] & mask_eax) == mask_eax
2561
    && ((uint32_t)info[1] & mask_ebx) == mask_ebx
2562
    && ((uint32_t)info[2] & mask_ecx) == mask_ecx
2563
    && ((uint32_t)info[3] & mask_edx) == mask_edx)
2564
  {
2565
    return 1;
2566
  }
2567
#endif
2568
0
  return 0;
2569
236
}
Unexecuted instantiation: chacha20_sse2.c:br_cpuid
Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_cpuid
aes_x86ni.c:br_cpuid
Line
Count
Source
2543
234
{
2544
234
#if BR_GCC || BR_CLANG
2545
234
  unsigned eax, ebx, ecx, edx;
2546
2547
234
  if (__get_cpuid(1, &eax, &ebx, &ecx, &edx)) {
2548
234
    if ((eax & mask_eax) == mask_eax
2549
234
      && (ebx & mask_ebx) == mask_ebx
2550
234
      && (ecx & mask_ecx) == mask_ecx
2551
234
      && (edx & mask_edx) == mask_edx)
2552
234
    {
2553
234
      return 1;
2554
234
    }
2555
234
  }
2556
#elif BR_MSC
2557
  int info[4];
2558
2559
  __cpuid(info, 1);
2560
  if (((uint32_t)info[0] & mask_eax) == mask_eax
2561
    && ((uint32_t)info[1] & mask_ebx) == mask_ebx
2562
    && ((uint32_t)info[2] & mask_ecx) == mask_ecx
2563
    && ((uint32_t)info[3] & mask_edx) == mask_edx)
2564
  {
2565
    return 1;
2566
  }
2567
#endif
2568
0
  return 0;
2569
234
}
sysrng.c:br_cpuid
Line
Count
Source
2543
2
{
2544
2
#if BR_GCC || BR_CLANG
2545
2
  unsigned eax, ebx, ecx, edx;
2546
2547
2
  if (__get_cpuid(1, &eax, &ebx, &ecx, &edx)) {
2548
2
    if ((eax & mask_eax) == mask_eax
2549
2
      && (ebx & mask_ebx) == mask_ebx
2550
2
      && (ecx & mask_ecx) == mask_ecx
2551
2
      && (edx & mask_edx) == mask_edx)
2552
2
    {
2553
2
      return 1;
2554
2
    }
2555
2
  }
2556
#elif BR_MSC
2557
  int info[4];
2558
2559
  __cpuid(info, 1);
2560
  if (((uint32_t)info[0] & mask_eax) == mask_eax
2561
    && ((uint32_t)info[1] & mask_ebx) == mask_ebx
2562
    && ((uint32_t)info[2] & mask_ecx) == mask_ecx
2563
    && ((uint32_t)info[3] & mask_edx) == mask_edx)
2564
  {
2565
    return 1;
2566
  }
2567
#endif
2568
0
  return 0;
2569
2
}
2570
2571
#endif
2572
2573
#endif
2574
2575
/* ==================================================================== */
2576
2577
#endif