Generate 64-bit Curve25519 and P256 code for MSVC

Change-Id: I2218807c6bfe445460a01f6c86712640915e87df
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/57666
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

crypto/curve25519/curve25519.c

@@ -35,11 +35,13 @@
 // Various pre-computed constants.
 #include "./curve25519_tables.h"
 
-#if defined(BORINGSSL_CURVE25519_64BIT)
+#if defined(BORINGSSL_HAS_UINT128)
 #include "../../third_party/fiat/curve25519_64.h"
+#elif defined(OPENSSL_64_BIT)
+#include "../../third_party/fiat/curve25519_64_msvc.h"
 #else
 #include "../../third_party/fiat/curve25519_32.h"
-#endif  // BORINGSSL_CURVE25519_64BIT
+#endif
 
 
 // Low-level intrinsic operations
@@ -64,7 +66,7 @@ static uint64_t load_4(const uint8_t *in) {
 
 // Field operations.
 
-#if defined(BORINGSSL_CURVE25519_64BIT)
+#if defined(OPENSSL_64_BIT)
 
 typedef uint64_t fe_limb_t;
 #define FE_NUM_LIMBS 5
@@ -144,7 +146,7 @@ typedef uint32_t fe_limb_t;
     }                                                                    \
   } while (0)
 
-#endif  // BORINGSSL_CURVE25519_64BIT
+#endif  // OPENSSL_64_BIT
 
 static_assert(sizeof(fe) == sizeof(fe_limb_t) * FE_NUM_LIMBS,
               "fe_limb_t[FE_NUM_LIMBS] is inconsistent with fe");

crypto/curve25519/internal.h

@@ -32,11 +32,7 @@ void x25519_NEON(uint8_t out[32], const uint8_t scalar[32],
                  const uint8_t point[32]);
 #endif
 
-#if defined(BORINGSSL_HAS_UINT128)
-#define BORINGSSL_CURVE25519_64BIT
-#endif
-
-#if defined(BORINGSSL_CURVE25519_64BIT)
+#if defined(OPENSSL_64_BIT)
 // fe means field element. Here the field is \Z/(2^255-19). An element t,
 // entries t[0]...t[4], represents the integer t[0]+2^51 t[1]+2^102 t[2]+2^153
 // t[3]+2^204 t[4].

crypto/curve25519/make_curve25519_tables.py

@@ -110,7 +110,7 @@ def to_base_51(x):
     return ret
 
 def to_literal(x):
-    ret = "{{\n#if defined(BORINGSSL_CURVE25519_64BIT)\n"
+    ret = "{{\n#if defined(OPENSSL_64_BIT)\n"
     ret += ", ".join(map(str, to_base_51(x)))
     ret += "\n#else\n"
     ret += ", ".join(map(str, to_base_25_5(x)))

crypto/fipsmodule/ec/make_tables.go

@@ -151,7 +151,7 @@ func writeP256Table(path string) error {
 // Tables for other points have table[i] = iG for i in 0 .. 16.
 
 // fiat_p256_g_pre_comp is the table of precomputed base points
-#if defined(BORINGSSL_NISTP256_64BIT)
+#if defined(OPENSSL_64_BIT)
 static const fiat_p256_felem fiat_p256_g_pre_comp[2][15][2] = `
 	if _, err := f.WriteString(fileHeader); err != nil {
 		return err

crypto/fipsmodule/ec/p256.c

@@ -31,8 +31,9 @@
 #include "./internal.h"
 
 #if defined(BORINGSSL_HAS_UINT128)
-#define BORINGSSL_NISTP256_64BIT 1
 #include "../../../third_party/fiat/p256_64.h"
+#elif defined(OPENSSL_64_BIT)
+#include "../../../third_party/fiat/p256_64_msvc.h"
 #else
 #include "../../../third_party/fiat/p256_32.h"
 #endif
@@ -40,7 +41,7 @@
 
 // utility functions, handwritten
 
-#if defined(BORINGSSL_NISTP256_64BIT)
+#if defined(OPENSSL_64_BIT)
 #define FIAT_P256_NLIMBS 4
 typedef uint64_t fiat_p256_limb_t;
 typedef uint64_t fiat_p256_felem[FIAT_P256_NLIMBS];
@@ -748,5 +749,3 @@ DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistp256_method) {
       ec_simple_scalar_to_montgomery_inv_vartime;
   out->cmp_x_coordinate = ec_GFp_nistp256_cmp_x_coordinate;
 }
-
-#undef BORINGSSL_NISTP256_64BIT

crypto/fipsmodule/ec/p256_table.h

@@ -50,7 +50,7 @@
 // Tables for other points have table[i] = iG for i in 0 .. 16.
 
 // fiat_p256_g_pre_comp is the table of precomputed base points
-#if defined(BORINGSSL_NISTP256_64BIT)
+#if defined(OPENSSL_64_BIT)
 static const fiat_p256_felem fiat_p256_g_pre_comp[2][15][2] = {
     {{{0x79e730d418a9143c, 0x75ba95fc5fedb601, 0x79fb732b77622510,
        0x18905f76a53755c6},