projects / BearSSL / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Added optimised implementation of P-256 that uses 32->64 multiplications (MUL31).
[BearSSL] / src / int / i15_core.c
diff --git a/src/int/i15_core.c b/src/int/i15_core.c
index 5ae3b31..a33469a 100644 (file)
--- a/src/int/i15_core.c
+++ b/src/int/i15_core.c
@@ -263,7 +263,8 @@ br_i15_montymul(uint16_t *d, const uint16_t *x, const uint16_t *y,
                uint32_t f, xu, r, zh;
 
                xu = x[u + 1];
                uint32_t f, xu, r, zh;
 
                xu = x[u + 1];
-               f = MUL15(d[1] + MUL15(x[u + 1], y[1]), m0i) & 0x7FFF;
+               f = MUL15((d[1] + MUL15(x[u + 1], y[1])) & 0x7FFF, m0i)
+                       & 0x7FFF;
 
                r = 0;
                for (v = 0; v < len4; v += 4) {
 
                r = 0;
                for (v = 0; v < len4; v += 4) {
@@ -297,7 +298,7 @@ br_i15_montymul(uint16_t *d, const uint16_t *x, const uint16_t *y,
 
                zh = dh + r;
                d[len] = zh & 0x7FFF;
 
                zh = dh + r;
                d[len] = zh & 0x7FFF;
-               dh = zh >> 31;
+               dh = zh >> 15;
        }
 
        /*
        }
 
        /*
The BearSSL library and tools.