Replace *ring*'s P-256 arithmetic with BoringSSL's P-256 arithmetic.

Use Fiat Crypto for non-x86_64 platforms, like BoringSSL. Continue
using the nistz256 code on Windows, differently from BoringSSL.

Make *ring* more consistent with BoringSSL.

Cargo.toml

@@ -53,19 +53,20 @@ include = [
     "crypto/fipsmodule/bn/internal.h",
     "crypto/fipsmodule/bn/montgomery.c",
     "crypto/fipsmodule/bn/montgomery_inv.c",
-    "crypto/fipsmodule/ec/asm/ecp_nistz256-armv4.pl",
-    "crypto/fipsmodule/ec/asm/ecp_nistz256-armv8.pl",
-    "crypto/fipsmodule/ec/asm/ecp_nistz256-x86.pl",
     "crypto/fipsmodule/ec/asm/p256-x86_64-asm.pl",
     "crypto/fipsmodule/ec/ecp_nistz.c",
     "crypto/fipsmodule/ec/ecp_nistz.h",
-    "crypto/fipsmodule/ec/ecp_nistz256.c",
-    "crypto/fipsmodule/ec/ecp_nistz256.h",
-    "crypto/fipsmodule/ec/ecp_nistz256_table.inl",
     "crypto/fipsmodule/ec/ecp_nistz384.h",
     "crypto/fipsmodule/ec/ecp_nistz384.inl",
     "crypto/fipsmodule/ec/gfp_p256.c",
     "crypto/fipsmodule/ec/gfp_p384.c",
+    "crypto/fipsmodule/ec/p256.c",
+    "crypto/fipsmodule/ec/p256-x86_64-table.h",
+    "crypto/fipsmodule/ec/p256-x86_64.c",
+    "crypto/fipsmodule/ec/p256-x86_64.h",
+    "crypto/fipsmodule/ec/p256_shared.h",
+    "crypto/fipsmodule/ec/p256_table.h",
+    "crypto/fipsmodule/ec/util.h",
     "crypto/fipsmodule/ecdsa/ecdsa_verify_tests.txt",
     "crypto/fipsmodule/modes/asm/aesni-gcm-x86_64.pl",
     "crypto/fipsmodule/modes/asm/ghash-armv4.pl",
@@ -273,8 +274,9 @@ include = [
     "tests/signature_tests.rs",
     "third_party/fiat/curve25519_32.h",
     "third_party/fiat/curve25519_64.h",
+    "third_party/fiat/p256_32.h",
+    "third_party/fiat/p256_64.h",
     "third_party/fiat/LICENSE",
-    "third_party/fiat/make_curve25519_tables.py",
     "third_party/NIST/SHAVS/SHA1LongMsg.rsp",
     "third_party/NIST/SHAVS/SHA1Monte.rsp",
     "third_party/NIST/SHAVS/SHA1ShortMsg.rsp",

build.rs

@@ -46,24 +46,24 @@ const RING_SRCS: &[(&[&str], &str)] = &[
     (&[AARCH64, ARM, X86_64, X86], "crypto/crypto.c"),
     (&[AARCH64, ARM, X86_64, X86], "crypto/curve25519/curve25519.c"),
     (&[AARCH64, ARM, X86_64, X86], "crypto/fipsmodule/ec/ecp_nistz.c"),
-    (&[AARCH64, ARM, X86_64, X86], "crypto/fipsmodule/ec/ecp_nistz256.c"),
     (&[AARCH64, ARM, X86_64, X86], "crypto/fipsmodule/ec/gfp_p256.c"),
     (&[AARCH64, ARM, X86_64, X86], "crypto/fipsmodule/ec/gfp_p384.c"),
+    (&[AARCH64, ARM, X86_64, X86], "crypto/fipsmodule/ec/p256.c"),
 
     (&[X86_64, X86], "crypto/cpu-intel.c"),
 
     (&[X86], "crypto/fipsmodule/aes/asm/aesni-x86.pl"),
     (&[X86], "crypto/fipsmodule/aes/asm/vpaes-x86.pl"),
     (&[X86], "crypto/fipsmodule/bn/asm/x86-mont.pl"),
     (&[X86], "crypto/chacha/asm/chacha-x86.pl"),
-    (&[X86], "crypto/fipsmodule/ec/asm/ecp_nistz256-x86.pl"),
     (&[X86], "crypto/fipsmodule/modes/asm/ghash-x86.pl"),
 
+    (&[X86_64], "crypto/chacha/asm/chacha-x86_64.pl"),
     (&[X86_64], "crypto/fipsmodule/aes/asm/aesni-x86_64.pl"),
     (&[X86_64], "crypto/fipsmodule/aes/asm/vpaes-x86_64.pl"),
     (&[X86_64], "crypto/fipsmodule/bn/asm/x86_64-mont.pl"),
     (&[X86_64], "crypto/fipsmodule/bn/asm/x86_64-mont5.pl"),
-    (&[X86_64], "crypto/chacha/asm/chacha-x86_64.pl"),
+    (&[X86_64], "crypto/fipsmodule/ec/p256-x86_64.c"),
     (&[X86_64], "crypto/fipsmodule/ec/asm/p256-x86_64-asm.pl"),
     (&[X86_64], "crypto/fipsmodule/modes/asm/aesni-gcm-x86_64.pl"),
     (&[X86_64], "crypto/fipsmodule/modes/asm/ghash-x86_64.pl"),
@@ -79,7 +79,6 @@ const RING_SRCS: &[(&[&str], &str)] = &[
     (&[ARM], "crypto/fipsmodule/bn/asm/armv4-mont.pl"),
     (&[ARM], "crypto/chacha/asm/chacha-armv4.pl"),
     (&[ARM], "crypto/curve25519/asm/x25519-asm-arm.S"),
-    (&[ARM], "crypto/fipsmodule/ec/asm/ecp_nistz256-armv4.pl"),
     (&[ARM], "crypto/fipsmodule/modes/asm/ghash-armv4.pl"),
     (&[ARM], "crypto/poly1305/poly1305_arm.c"),
     (&[ARM], "crypto/poly1305/poly1305_arm_asm.S"),
@@ -89,7 +88,6 @@ const RING_SRCS: &[(&[&str], &str)] = &[
     (&[AARCH64], "crypto/fipsmodule/aes/asm/vpaes-armv8.pl"),
     (&[AARCH64], "crypto/fipsmodule/bn/asm/armv8-mont.pl"),
     (&[AARCH64], "crypto/chacha/asm/chacha-armv8.pl"),
-    (&[AARCH64], "crypto/fipsmodule/ec/asm/ecp_nistz256-armv8.pl"),
     (&[AARCH64], "crypto/fipsmodule/modes/asm/ghash-neon-armv8.pl"),
     (&[AARCH64], SHA512_ARMV8),
 ];
@@ -108,11 +106,14 @@ const RING_INCLUDES: &[&str] =
       "crypto/curve25519/curve25519_tables.h",
       "crypto/curve25519/internal.h",
       "crypto/fipsmodule/bn/internal.h",
-      "crypto/fipsmodule/ec/ecp_nistz256_table.inl",
       "crypto/fipsmodule/ec/ecp_nistz384.inl",
       "crypto/fipsmodule/ec/ecp_nistz.h",
       "crypto/fipsmodule/ec/ecp_nistz384.h",
-      "crypto/fipsmodule/ec/ecp_nistz256.h",
+      "crypto/fipsmodule/ec/util.h",
+      "crypto/fipsmodule/ec/p256_shared.h",
+      "crypto/fipsmodule/ec/p256_table.h",
+      "crypto/fipsmodule/ec/p256-x86_64.h",
+      "crypto/fipsmodule/ec/p256-x86_64-table.h",
       "crypto/internal.h",
       "crypto/limbs/limbs.h",
       "crypto/limbs/limbs.inl",
@@ -127,6 +128,8 @@ const RING_INCLUDES: &[&str] =
       "include/GFp/type_check.h",
       "third_party/fiat/curve25519_32.h",
       "third_party/fiat/curve25519_64.h",
+      "third_party/fiat/p256_32.h",
+      "third_party/fiat/p256_64.h",
     ];
 
 #[rustfmt::skip]

crypto/fipsmodule/ec/.gitattributes

@@ -1 +1,2 @@
-ecp_nistz256_table.inl linguist-generated=true
+p256-x86_64-table.h linguist-generated=true
+p256_table.h linguist-generated=true