int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { #if BN_BITS2 == 64 #define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF #elif BN_BITS2 == 32 #define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF #elif BN_BITS2 == 16 #define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF #elif BN_BITS2 == 8 #define BN_NIST_521_TOP_MASK (BN_ULONG)0x1 #endif int top, ret = 0; BN_ULONG *r_d; BIGNUM *tmp; /* check whether a reduction is necessary */ top = a->top; if (top < BN_NIST_521_TOP || ( top == BN_NIST_521_TOP && (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK))))) return (r == a)? 1 : (BN_copy(r ,a) != NULL); BN_CTX_start(ctx); tmp = BN_CTX_get(ctx); if (!tmp) goto err; if (!bn_wexpand(tmp, BN_NIST_521_TOP)) goto err; nist_cp_bn(tmp->d, a->d, BN_NIST_521_TOP); tmp->top = BN_NIST_521_TOP; tmp->d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; bn_correct_top(tmp); if (!BN_rshift(r, a, 521)) goto err; if (!BN_uadd(r, tmp, r)) goto err; top = r->top; r_d = r->d; if (top == BN_NIST_521_TOP && (r_d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK))) { BN_NIST_ADD_ONE(r_d) r_d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; } bn_correct_top(r); ret = 1; err: BN_CTX_end(ctx); bn_check_top(r); return ret; }
int BN_rshift1(BIGNUM *r, const BIGNUM *a) { BN_ULONG *ap,*rp,t,c; int i; bn_check_top(r); bn_check_top(a); if (BN_is_zero(a)) { BN_zero(r); return(1); } if (a != r) { if (bn_wexpand(r,a->top) == NULL) return(0); r->top=a->top; r->neg=a->neg; } ap=a->d; rp=r->d; c=0; for (i=a->top-1; i>=0; i--) { t=ap[i]; rp[i]=((t>>1)&BN_MASK2)|c; c=(t&1)?BN_TBIT:0; } bn_correct_top(r); bn_check_top(r); return(1); }
static int gmp2bn(mpz_t g, BIGNUM *bn) { if(((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) && (BN_BITS2 == GMP_NUMB_BITS)) { /* The common case */ int s = (g->_mp_size >= 0) ? g->_mp_size : -g->_mp_size; BN_zero(bn); if(bn_expand2 (bn, s) == NULL) return 0; bn->top = s; TINYCLR_SSL_MEMCPY(&bn->d[0], &g->_mp_d[0], s * sizeof(bn->d[0])); bn_correct_top(bn); bn->neg = g->_mp_size >= 0 ? 0 : 1; return 1; } else { int toret; char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10); if(!tmpchar) return 0; mpz_get_str(tmpchar, 16, g); toret = BN_hex2bn(&bn, tmpchar); OPENSSL_free(tmpchar); return toret; } }
/** * public static native boolean litEndInts2bn(int[], int, int, int) * Note: * This procedure directly writes the internal representation of BIGNUMs. * We do so as there is no direct interface based on Little Endian Integer Arrays. * Also note that the same representation is used in the Cordoba Java Implementation of BigIntegers, * whereof certain functionality is still being used. */ static jboolean NativeBN_litEndInts2bn(JNIEnv* env, jclass cls, jintArray arr, int len, jboolean neg, BIGNUM* ret) { if (!oneValidHandle(env, ret)) return FALSE; bn_check_top(ret); if (len > 0) { BN_ULONG* tmpInts; // BN_ULONG is 4 Bytes on this system for sure, i.e. same as jint! tmpInts = (BN_ULONG*)((*env)->GetPrimitiveArrayCritical(env, arr, 0)); if ((tmpInts != NULL) && (bn_wexpand(ret, len) != NULL)) { int i = len; do { i--; ret->d[i] = tmpInts[i]; } while (i > 0); (*env)->ReleasePrimitiveArrayCritical(env, arr, tmpInts, JNI_ABORT); ret->top = len; ret->neg = neg; // need to call this due to clear byte at top if avoiding // having the top bit set (-ve number) // Basically get rid of top zero ints: bn_correct_top(ret); return TRUE; } else { if (tmpInts != NULL) (*env)->ReleasePrimitiveArrayCritical(env, arr, tmpInts, JNI_ABORT); return FALSE; } } else { // (len = 0) means value = 0 and sign will be 0, too. ret->top = 0; return TRUE; } }
/** * public static native boolean litEndInts2bn(int[], int, int, int) * Note: * This procedure directly writes the internal representation of BIGNUMs. * We do so as there is no direct interface based on Little Endian Integer Arrays. * Also note that the same representation is used in the Cordoba Java Implementation of BigIntegers, * whereof certain functionality is still being used. */ static jboolean NativeBN_litEndInts2bn(JNIEnv* env, jclass, jintArray arr, int len, jboolean neg, BIGNUM* ret) { if (!oneValidHandle(env, ret)) return JNI_FALSE; bn_check_top(ret); if (len > 0) { ScopedIntArrayRO scopedArray(env, arr); if (scopedArray.get() == NULL) { return JNI_FALSE; } STATIC_ASSERT(sizeof(BN_ULONG) == sizeof(jint), BN_ULONG_not_32_bit); const BN_ULONG* tmpInts = reinterpret_cast<const BN_ULONG*>(scopedArray.get()); if ((tmpInts != NULL) && (bn_wexpand(ret, len) != NULL)) { int i = len; do { i--; ret->d[i] = tmpInts[i]; } while (i > 0); ret->top = len; ret->neg = neg; // need to call this due to clear byte at top if avoiding // having the top bit set (-ve number) // Basically get rid of top zero ints: bn_correct_top(ret); return JNI_TRUE; } else { return JNI_FALSE; } } else { // (len = 0) means value = 0 and sign will be 0, too. ret->top = 0; return JNI_TRUE; } }
int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) { int i,nw,lb,rb; BN_ULONG *t,*f; BN_ULONG l; bn_check_top(r); bn_check_top(a); r->neg=a->neg; nw=n/BN_BITS2; if (bn_wexpand(r,a->top+nw+1) == NULL) return(0); lb=n%BN_BITS2; rb=BN_BITS2-lb; f=a->d; t=r->d; t[a->top+nw]=0; if (lb == 0) for (i=a->top-1; i>=0; i--) t[nw+i]=f[i]; else for (i=a->top-1; i>=0; i--) { l=f[i]; t[nw+i+1]|=(l>>rb)&BN_MASK2; t[nw+i]=(l<<lb)&BN_MASK2; } memset(t,0,nw*sizeof(t[0])); /* for (i=0; i<nw; i++) t[i]=0;*/ r->top=a->top+nw+1; bn_correct_top(r); bn_check_top(r); return(1); }
int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { int ret = bn_mul_fixed_top(r, a, b, ctx); bn_correct_top(r); bn_check_top(r); return ret; }
int BN_dec2bn(BIGNUM **bn, const char *a) { BIGNUM *ret=NULL; BN_ULONG l=0; int neg=0,i,j; int num; if ((a == NULL) || (*a == '\0')) return(0); if (*a == '-') { neg=1; a++; } for (i=0; isdigit((unsigned char) a[i]); i++) ; num=i+neg; if (bn == NULL) return(num); /* a is the start of the digits, and it is 'i' long. * We chop it into BN_DEC_NUM digits at a time */ if (*bn == NULL) { if ((ret=BN_new()) == NULL) return(0); } else { ret= *bn; BN_zero(ret); } /* i is the number of digests, a bit of an over expand; */ if (bn_expand(ret,i*4) == NULL) goto err; j=BN_DEC_NUM-(i%BN_DEC_NUM); if (j == BN_DEC_NUM) j=0; l=0; while (*a) { l*=10; l+= *a-'0'; a++; if (++j == BN_DEC_NUM) { BN_mul_word(ret,BN_DEC_CONV); BN_add_word(ret,l); l=0; j=0; } } ret->neg=neg; bn_correct_top(ret); *bn=ret; bn_check_top(ret); return(num); err: if (*bn == NULL) BN_free(ret); return(0); }
/* * I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { int ret = bn_sqr_fixed_top(r, a, ctx); bn_correct_top(r); bn_check_top(r); return ret; }
int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx) { int ret = bn_mul_mont_fixed_top(r, a, b, mont, ctx); bn_correct_top(r); bn_check_top(r); return ret; }
int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) { int i,j,nw,lb,rb; BN_ULONG *t,*f; BN_ULONG l,tmp; bn_check_top(r); bn_check_top(a); nw=n/BN_BITS2; rb=n%BN_BITS2; lb=BN_BITS2-rb; if (nw > a->top || a->top == 0) { BN_zero(r); return(1); } if (r != a) { r->neg=a->neg; if (bn_wexpand(r,a->top-nw+1) == NULL) return(0); } else { if (n == 0) return 1; /* or the copying loop will go berserk */ } f= &(a->d[nw]); t=r->d; j=a->top-nw; r->top=j; if (rb == 0) { for (i=j; i != 0; i--) *(t++)= *(f++); } else { l= *(f++); for (i=j-1; i != 0; i--) { tmp =(l>>rb)&BN_MASK2; l= *(f++); *(t++) =(tmp|(l<<lb))&BN_MASK2; } *(t++) =(l>>rb)&BN_MASK2; } bn_correct_top(r); bn_check_top(r); return(1); }
int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx) { int retn = 0; #ifdef MONT_WORD BIGNUM *t; BN_CTX_start(ctx); if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) { retn = bn_from_montgomery_word(ret, t, mont); bn_correct_top(ret); bn_check_top(ret); } BN_CTX_end(ctx); #else /* !MONT_WORD */ BIGNUM *t1, *t2; BN_CTX_start(ctx); t1 = BN_CTX_get(ctx); t2 = BN_CTX_get(ctx); if (t1 == NULL || t2 == NULL) goto err; if (!BN_copy(t1, a)) goto err; BN_mask_bits(t1, mont->ri); if (!BN_mul(t2, t1, &mont->Ni, ctx)) goto err; BN_mask_bits(t2, mont->ri); if (!BN_mul(t1, t2, &mont->N, ctx)) goto err; if (!BN_add(t2, a, t1)) goto err; if (!BN_rshift(ret, t2, mont->ri)) goto err; if (BN_ucmp(ret, &(mont->N)) >= 0) { if (!BN_usub(ret, ret, &(mont->N))) goto err; } retn = 1; bn_check_top(ret); err: BN_CTX_end(ctx); #endif /* MONT_WORD */ return (retn); }
int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BN_MONT_CTX *mont, BN_CTX *ctx) { BIGNUM *tmp; int ret = 0; #if defined(OPENSSL_BN_ASM_MONT) int num = mont->N.top; if (num > 1 && a->top == num && b->top == num) { if (bn_wexpand(r, num) == NULL) { return 0; } if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) { r->neg = a->neg ^ b->neg; r->top = num; bn_correct_top(r); return 1; } } #endif BN_CTX_start(ctx); tmp = BN_CTX_get(ctx); if (tmp == NULL) { goto err; } if (a == b) { if (!BN_sqr(tmp, a, ctx)) { goto err; } } else { if (!BN_mul(tmp, a, b, ctx)) { goto err; } } /* reduce from aRR to aR */ if (!BN_from_montgomery_word(r, tmp, mont)) { goto err; } ret = 1; err: BN_CTX_end(ctx); return ret; }
int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx) { BIGNUM *tmp; int ret = 0; #if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) int num = mont->N.top; if (num > 1 && a->top == num && b->top == num) { if (bn_wexpand(r, num) == NULL) return (0); if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) { r->neg = a->neg^b->neg; r->top = num; bn_correct_top(r); return (1); } } #endif BN_CTX_start(ctx); if ((tmp = BN_CTX_get(ctx)) == NULL) goto err; bn_check_top(tmp); if (a == b) { if (!BN_sqr(tmp, a, ctx)) goto err; } else { if (!BN_mul(tmp, a,b, ctx)) goto err; } /* reduce from aRR to aR */ #ifdef MONT_WORD if (!BN_from_montgomery_word(r, tmp, mont)) goto err; #else if (!BN_from_montgomery(r, tmp, mont, ctx)) goto err; #endif bn_check_top(r); ret = 1; err: BN_CTX_end(ctx); return (ret); }
/** * public static native int putULongInt(int, long, int) */ static jboolean NativeBN_putULongInt(JNIEnv* env, jclass cls, BIGNUM* a, unsigned long long dw, jboolean neg) { if (!oneValidHandle(env, a)) return FALSE; unsigned int hi = dw >> 32; // This shifts without sign extension. int lo = (int)dw; // This truncates implicitely. // cf. litEndInts2bn: bn_check_top(a); if (bn_wexpand(a, 2) != NULL) { a->d[0] = lo; a->d[1] = hi; a->top = 2; a->neg = neg; bn_correct_top(a); return TRUE; } else return FALSE; }
int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BN_MONT_CTX *mont, BN_CTX *ctx) { BIGNUM *tmp; int ret = 0; int num = mont->N.top; /* bn_mul_mont requires at least four limbs, at least for x86. */ if (num >= 4 && a->top == num && b->top == num) { if (bn_wexpand(r, num) == NULL) { return 0; } bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num); r->neg = a->neg ^ b->neg; r->top = num; bn_correct_top(r); return 1; } BN_CTX_start(ctx); tmp = BN_CTX_get(ctx); if (tmp == NULL) { goto err; } if (a == b) { if (!BN_sqr(tmp, a, ctx)) { goto err; } } else { if (!BN_mul(tmp, a, b, ctx)) { goto err; } } /* reduce from aRR to aR */ if (!BN_from_montgomery_word(r, tmp, mont)) { goto err; } ret = 1; err: BN_CTX_end(ctx); return ret; }
extern "C" void Java_java_math_NativeBN_putULongInt(JNIEnv* env, jclass, jlong a0, unsigned long long dw, jboolean neg) { if (!oneValidHandle(env, a0)) return; unsigned int hi = dw >> 32; // This shifts without sign extension. int lo = (int)dw; // This truncates implicitly. // cf. litEndInts2bn: BIGNUM* a = toBigNum(a0); bn_check_top(a); if (bn_wexpand(a, 2) != NULL) { a->d[0] = lo; a->d[1] = hi; a->top = 2; a->neg = neg; bn_correct_top(a); } else { throwExceptionIfNecessary(env); } }
/* unsigned subtraction of b from a, a must be larger than b. */ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { int max, min, dif; BN_ULONG t1, t2, borrow, *rp; const BN_ULONG *ap, *bp; bn_check_top(a); bn_check_top(b); max = a->top; min = b->top; dif = max - min; if (dif < 0) { /* hmm... should not be happening */ BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3); return 0; } if (bn_wexpand(r, max) == NULL) return 0; ap = a->d; bp = b->d; rp = r->d; borrow = bn_sub_words(rp, ap, bp, min); ap += min; rp += min; while (dif) { dif--; t1 = *(ap++); t2 = (t1 - borrow) & BN_MASK2; *(rp++) = t2; borrow &= (t1 == 0); } r->top = max; r->neg = 0; bn_correct_top(r); return 1; }
BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) { unsigned int i,m; unsigned int n; BN_ULONG l; BIGNUM *bn = NULL; if (ret == NULL) ret = bn = BN_new(); if (ret == NULL) return(NULL); bn_check_top(ret); l=0; n=len; if (n == 0) { ret->top=0; return(ret); } i=((n-1)/BN_BYTES)+1; m=((n-1)%(BN_BYTES)); if (bn_wexpand(ret, (int)i) == NULL) { //if (bn) BN_free(bn); return NULL; } ret->top=i; ret->neg=0; while (n--) { l=(l<<8L)| *(s++); if (m-- == 0) { ret->d[--i]=l; l=0; m=BN_BYTES-1; } } bn_correct_top(ret); return(ret); }
static void NativeBN_putULongInt(JNIEnv* env, jclass, jlong a0, jlong java_dw, jboolean neg) { if (!oneValidHandle(env, a0)) return; uint64_t dw = java_dw; // cf. litEndInts2bn: BIGNUM* a = toBigNum(a0); bn_check_top(a); if (bn_wexpand(a, 8/BN_BYTES) != NULL) { #ifdef __LP64__ a->d[0] = dw; #else unsigned int hi = dw >> 32; // This shifts without sign extension. int lo = (int)dw; // This truncates implicitly. a->d[0] = lo; a->d[1] = hi; #endif a->top = 8 / BN_BYTES; a->neg = neg; bn_correct_top(a); } else {
int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { #if BN_BITS2 != 64 int top = a->top, i; int carry = 0; BN_ULONG *r_d, *a_d = a->d; BN_ULONG t_d[BN_NIST_224_TOP], buf[BN_NIST_224_TOP]; i = BN_ucmp(field, a); if (i == 0) { BN_zero(r); return 1; } else if (i > 0) return (r == a)? 1 : (BN_copy(r ,a) != NULL); if (top == BN_NIST_224_TOP) return BN_usub(r, a, field); if (r != a) { if (!bn_wexpand(r, BN_NIST_224_TOP)) return 0; r_d = r->d; nist_cp_bn(r_d, a_d, BN_NIST_224_TOP); } else r_d = a_d; nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP); nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0); if (bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP)) ++carry; nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0); if (bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP)) ++carry; nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7); if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP)) --carry; nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11); if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP)) --carry; if (carry > 0) while (carry) { if (bn_sub_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP)) --carry; } else if (carry < 0) while (carry) { if (bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP)) ++carry; } r->top = BN_NIST_224_TOP; bn_correct_top(r); if (BN_ucmp(r, field) >= 0) { bn_sub_words(r_d, r_d, _nist_p_224, BN_NIST_224_TOP); bn_correct_top(r); } bn_check_top(r); return 1; #else return 0; #endif }
int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { int ret = 0; int top, al, bl; BIGNUM *rr; #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) int i; #endif #ifdef BN_RECURSION BIGNUM *t = NULL; int j = 0, k; #endif bn_check_top(a); bn_check_top(b); bn_check_top(r); al = a->top; bl = b->top; if ((al == 0) || (bl == 0)) { BN_zero(r); return (1); } top = al + bl; BN_CTX_start(ctx); if ((r == a) || (r == b)) { if ((rr = BN_CTX_get(ctx)) == NULL) goto err; } else rr = r; #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) i = al - bl; #endif #ifdef BN_MUL_COMBA if (i == 0) { # if 0 if (al == 4) { if (bn_wexpand(rr, 8) == NULL) goto err; rr->top = 8; bn_mul_comba4(rr->d, a->d, b->d); goto end; } # endif if (al == 8) { if (bn_wexpand(rr, 16) == NULL) goto err; rr->top = 16; bn_mul_comba8(rr->d, a->d, b->d); goto end; } } #endif /* BN_MUL_COMBA */ #ifdef BN_RECURSION if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) { if (i >= -1 && i <= 1) { /* * Find out the power of two lower or equal to the longest of the * two numbers */ if (i >= 0) { j = BN_num_bits_word((BN_ULONG)al); } if (i == -1) { j = BN_num_bits_word((BN_ULONG)bl); } j = 1 << (j - 1); assert(j <= al || j <= bl); k = j + j; t = BN_CTX_get(ctx); if (t == NULL) goto err; if (al > j || bl > j) { if (bn_wexpand(t, k * 4) == NULL) goto err; if (bn_wexpand(rr, k * 4) == NULL) goto err; bn_mul_part_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d); } else { /* al <= j || bl <= j */ if (bn_wexpand(t, k * 2) == NULL) goto err; if (bn_wexpand(rr, k * 2) == NULL) goto err; bn_mul_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d); } rr->top = top; goto end; } # if 0 if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) { BIGNUM *tmp_bn = (BIGNUM *)b; if (bn_wexpand(tmp_bn, al) == NULL) goto err; tmp_bn->d[bl] = 0; bl++; i--; } else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) { BIGNUM *tmp_bn = (BIGNUM *)a; if (bn_wexpand(tmp_bn, bl) == NULL) goto err; tmp_bn->d[al] = 0; al++; i++; } if (i == 0) { /* symmetric and > 4 */ /* 16 or larger */ j = BN_num_bits_word((BN_ULONG)al); j = 1 << (j - 1); k = j + j; t = BN_CTX_get(ctx); if (al == j) { /* exact multiple */ if (bn_wexpand(t, k * 2) == NULL) goto err; if (bn_wexpand(rr, k * 2) == NULL) goto err; bn_mul_recursive(rr->d, a->d, b->d, al, t->d); } else { if (bn_wexpand(t, k * 4) == NULL) goto err; if (bn_wexpand(rr, k * 4) == NULL) goto err; bn_mul_part_recursive(rr->d, a->d, b->d, al - j, j, t->d); } rr->top = top; goto end; } # endif } #endif /* BN_RECURSION */ if (bn_wexpand(rr, top) == NULL) goto err; rr->top = top; bn_mul_normal(rr->d, a->d, al, b->d, bl); #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) end: #endif rr->neg = a->neg ^ b->neg; bn_correct_top(rr); if (r != rr && BN_copy(r, rr) == NULL) goto err; ret = 1; err: bn_check_top(r); BN_CTX_end(ctx); return (ret); }
int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { int top = a->top, i; BN_ULONG carry = 0; register BN_ULONG *r_d, *a_d = a->d; BN_ULONG t_d[BN_NIST_192_TOP], buf[BN_NIST_192_TOP]; i = BN_ucmp(field, a); if (i == 0) { BN_zero(r); return 1; } else if (i > 0) return (r == a) ? 1 : (BN_copy(r ,a) != NULL); if (top == BN_NIST_192_TOP) return BN_usub(r, a, field); if (r != a) { if (!bn_wexpand(r, BN_NIST_192_TOP)) return 0; r_d = r->d; nist_cp_bn(r_d, a_d, BN_NIST_192_TOP); } else r_d = a_d; nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP); #if defined(OPENSSL_SYS_VMS) && defined(__DECC) # pragma message save # pragma message disable BADSUBSCRIPT #endif nist_set_192(t_d, buf, 0, 3, 3); if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP)) ++carry; nist_set_192(t_d, buf, 4, 4, 0); if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP)) ++carry; #if defined(OPENSSL_SYS_VMS) && defined(__DECC) # pragma message restore #endif nist_set_192(t_d, buf, 5, 5, 5) if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP)) ++carry; while (carry) { if (bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP)) --carry; } r->top = BN_NIST_192_TOP; bn_correct_top(r); if (BN_ucmp(r, field) >= 0) { bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP); bn_correct_top(r); } bn_check_top(r); return 1; }
/* BN_div_no_branch is a special version of BN_div. It does not contain * branches that may leak sensitive information. */ static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_CTX *ctx) { int norm_shift,i,loop; BIGNUM *tmp,wnum,*snum,*sdiv,*res; BN_ULONG *resp,*wnump; BN_ULONG d0,d1; int num_n,div_n; bn_check_top(dv); bn_check_top(rm); /* bn_check_top(num); */ /* 'num' has been checked in BN_div() */ bn_check_top(divisor); if (BN_is_zero(divisor)) { BNerr(BN_F_BN_DIV_NO_BRANCH,BN_R_DIV_BY_ZERO); return(0); } BN_CTX_start(ctx); tmp=BN_CTX_get(ctx); snum=BN_CTX_get(ctx); sdiv=BN_CTX_get(ctx); if (dv == NULL) res=BN_CTX_get(ctx); else res=dv; if (sdiv == NULL || res == NULL) goto err; /* First we normalise the numbers */ norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err; sdiv->neg=0; norm_shift+=BN_BITS2; if (!(BN_lshift(snum,num,norm_shift))) goto err; snum->neg=0; /* Since we don't know whether snum is larger than sdiv, * we pad snum with enough zeroes without changing its * value. */ if (snum->top <= sdiv->top+1) { if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err; for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0; snum->top = sdiv->top + 2; } else { if (bn_wexpand(snum, snum->top + 1) == NULL) goto err; snum->d[snum->top] = 0; snum->top ++; } div_n=sdiv->top; num_n=snum->top; loop=num_n-div_n; /* Lets setup a 'window' into snum * This is the part that corresponds to the current * 'area' being divided */ wnum.neg = 0; wnum.d = &(snum->d[loop]); wnum.top = div_n; /* only needed when BN_ucmp messes up the values between top and max */ wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ /* Get the top 2 words of sdiv */ /* div_n=sdiv->top; */ d0=sdiv->d[div_n-1]; d1=(div_n == 1)?0:sdiv->d[div_n-2]; /* pointer to the 'top' of snum */ wnump= &(snum->d[num_n-1]); /* Setup to 'res' */ res->neg= (num->neg^divisor->neg); if (!bn_wexpand(res,(loop+1))) goto err; res->top=loop-1; resp= &(res->d[loop-1]); /* space for temp */ if (!bn_wexpand(tmp,(div_n+1))) goto err; /* if res->top == 0 then clear the neg value otherwise decrease * the resp pointer */ if (res->top == 0) res->neg = 0; else resp--; for (i=0; i<loop-1; i++, wnump--, resp--) { BN_ULONG q,l0; /* the first part of the loop uses the top two words of * snum and sdiv to calculate a BN_ULONG q such that * | wnum - sdiv * q | < sdiv */ #if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM) BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG); q=bn_div_3_words(wnump,d1,d0); #else BN_ULONG n0,n1,rem=0; n0=wnump[0]; n1=wnump[-1]; if (n0 == d0) q=BN_MASK2; else /* n0 < d0 */ { #ifdef BN_LLONG BN_ULLONG t2; #if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words) q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0); #else q=bn_div_words(n0,n1,d0); #ifdef BN_DEBUG_LEVITTE TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ X) -> 0x%08X\n", n0, n1, d0, q); #endif #endif #ifndef REMAINDER_IS_ALREADY_CALCULATED /* * rem doesn't have to be BN_ULLONG. The least we * know it's less that d0, isn't it? */ rem=(n1-q*d0)&BN_MASK2; #endif t2=(BN_ULLONG)d1*q; for (;;) { if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2])) break; q--; rem += d0; if (rem < d0) break; /* don't let rem overflow */ t2 -= d1; } #else /* !BN_LLONG */ BN_ULONG t2l,t2h; q=bn_div_words(n0,n1,d0); #ifdef BN_DEBUG_LEVITTE TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ X) -> 0x%08X\n", n0, n1, d0, q); #endif #ifndef REMAINDER_IS_ALREADY_CALCULATED rem=(n1-q*d0)&BN_MASK2; #endif #if defined(BN_UMULT_LOHI) BN_UMULT_LOHI(t2l,t2h,d1,q); #elif defined(BN_UMULT_HIGH) t2l = d1 * q; t2h = BN_UMULT_HIGH(d1,q); #else { BN_ULONG ql, qh; t2l=LBITS(d1); t2h=HBITS(d1); ql =LBITS(q); qh =HBITS(q); mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */ } #endif for (;;) { if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2]))) break; q--; rem += d0; if (rem < d0) break; /* don't let rem overflow */ if (t2l < d1) t2h--; t2l -= d1; } #endif /* !BN_LLONG */ } #endif /* !BN_DIV3W */ l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); tmp->d[div_n]=l0; wnum.d--; /* ingore top values of the bignums just sub the two * BN_ULONG arrays with bn_sub_words */ if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1)) { /* Note: As we have considered only the leading * two BN_ULONGs in the calculation of q, sdiv * q * might be greater than wnum (but then (q-1) * sdiv * is less or equal than wnum) */ q--; if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) /* we can't have an overflow here (assuming * that q != 0, but if q == 0 then tmp is * zero anyway) */ (*wnump)++; } /* store part of the result */ *resp = q; } bn_correct_top(snum); if (rm != NULL) { /* Keep a copy of the neg flag in num because if rm==num * BN_rshift() will overwrite it. */ int neg = num->neg; BN_rshift(rm,snum,norm_shift); if (!BN_is_zero(rm)) rm->neg = neg; bn_check_top(rm); } bn_correct_top(res); BN_CTX_end(ctx); return(1); err: bn_check_top(rm); BN_CTX_end(ctx); return(0); }
static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) { BIGNUM *n; BN_ULONG *ap, *np, *rp, n0, v, carry; int nl, max, i; n = &(mont->N); nl = n->top; if (nl == 0) { ret->top = 0; return (1); } max = (2 * nl); /* carry is stored separately */ if (bn_wexpand(r, max) == NULL) return (0); r->neg ^= n->neg; np = n->d; rp = r->d; /* clear the top words of T */ #if 1 for (i=r->top; i<max; i++) /* memset? XXX */ rp[i] = 0; #else memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG)); #endif r->top = max; n0 = mont->n0[0]; #ifdef BN_COUNT fprintf(stderr, "word BN_from_montgomery_word %d * %d\n", nl, nl); #endif for (carry = 0, i = 0; i < nl; i++, rp++) { v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2); v = (v + carry + rp[nl]) & BN_MASK2; carry |= (v != rp[nl]); carry &= (v <= rp[nl]); rp[nl] = v; } if (bn_wexpand(ret, nl) == NULL) return (0); ret->top = nl; ret->neg = r->neg; rp = ret->d; ap = &(r->d[nl]); #define BRANCH_FREE 1 #if BRANCH_FREE { BN_ULONG *nrp; size_t m; v = bn_sub_words(rp, ap, np, nl) - carry; /* if subtraction result is real, then * trick unconditional memcpy below to perform in-place * "refresh" instead of actual copy. */ m = (0 - (size_t)v); nrp = (BN_ULONG *)(((uintptr_t)rp & ~m)|((uintptr_t)ap & m)); for (i = 0, nl -= 4; i < nl; i += 4) { BN_ULONG t1, t2, t3, t4; t1 = nrp[i + 0]; t2 = nrp[i + 1]; t3 = nrp[i + 2]; ap[i + 0] = 0; t4 = nrp[i + 3]; ap[i + 1] = 0; rp[i + 0] = t1; ap[i + 2] = 0; rp[i + 1] = t2; ap[i + 3] = 0; rp[i + 2] = t3; rp[i + 3] = t4; } for (nl += 4; i < nl; i++) rp[i] = nrp[i], ap[i] = 0; } #else if (bn_sub_words (rp, ap, np, nl) - carry) memcpy(rp, ap, nl*sizeof(BN_ULONG)); #endif bn_correct_top(r); bn_correct_top(ret); bn_check_top(ret); return (1); }
int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx) { int retn=0; #ifdef MONT_WORD BIGNUM *n,*r; BN_ULONG *ap,*np,*rp,n0,v,*nrp; int al,nl,max,i,x,ri; BN_CTX_start(ctx); if ((r = BN_CTX_get(ctx)) == NULL) goto err; if (!BN_copy(r,a)) goto err; n= &(mont->N); ap=a->d; /* mont->ri is the size of mont->N in bits (rounded up to the word size) */ al=ri=mont->ri/BN_BITS2; nl=n->top; if ((al == 0) || (nl == 0)) { r->top=0; return(1); } max=(nl+al+1); /* allow for overflow (no?) XXX */ if (bn_wexpand(r,max) == NULL) goto err; r->neg=a->neg^n->neg; np=n->d; rp=r->d; nrp= &(r->d[nl]); /* clear the top words of T */ #if 1 for (i=r->top; i<max; i++) /* memset? XXX */ r->d[i]=0; #else memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); #endif r->top=max; n0=mont->n0; #ifdef BN_COUNT fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl); #endif for (i=0; i<nl; i++) { #ifdef __TANDEM { long long t1; long long t2; long long t3; t1 = rp[0] * (n0 & 0177777); t2 = 037777600000l; t2 = n0 & t2; t3 = rp[0] & 0177777; t2 = (t3 * t2) & BN_MASK2; t1 = t1 + t2; v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1); } #else v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2); #endif nrp++; rp++; if (((nrp[-1]+=v)&BN_MASK2) >= v) continue; else { if (((++nrp[0])&BN_MASK2) != 0) continue; if (((++nrp[1])&BN_MASK2) != 0) continue; for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; } } bn_correct_top(r); /* mont->ri will be a multiple of the word size and below code * is kind of BN_rshift(ret,r,mont->ri) equivalent */ if (r->top <= ri) { ret->top=0; retn=1; goto err; } al=r->top-ri; # define BRANCH_FREE 1 # if BRANCH_FREE if (bn_wexpand(ret,ri) == NULL) goto err; x=0-(((al-ri)>>(sizeof(al)*8-1))&1); ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ ret->neg=r->neg; rp=ret->d; ap=&(r->d[ri]); { size_t m1,m2; v=bn_sub_words(rp,ap,np,ri); /* this ----------------^^ works even in al<ri case * thanks to zealous zeroing of top of the vector in the * beginning. */ /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */ /* in other words if subtraction result is real, then * trick unconditional memcpy below to perform in-place * "refresh" instead of actual copy. */ m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */ m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */ m1|=m2; /* (al!=ri) */ m1|=(0-(size_t)v); /* (al!=ri || v) */ m1&=~m2; /* (al!=ri || v) && !al>ri */ nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); } /* 'i<ri' is chosen to eliminate dependency on input data, even * though it results in redundant copy in al<ri case. */ for (i=0,ri-=4; i<ri; i+=4) { BN_ULONG t1,t2,t3,t4; t1=nrp[i+0]; t2=nrp[i+1]; t3=nrp[i+2]; ap[i+0]=0; t4=nrp[i+3]; ap[i+1]=0; rp[i+0]=t1; ap[i+2]=0; rp[i+1]=t2; ap[i+3]=0; rp[i+2]=t3; rp[i+3]=t4; } for (ri+=4; i<ri; i++) rp[i]=nrp[i], ap[i]=0; bn_correct_top(r); bn_correct_top(ret); # else if (bn_wexpand(ret,al) == NULL) goto err; ret->top=al; ret->neg=r->neg; rp=ret->d; ap=&(r->d[ri]); al-=4; for (i=0; i<al; i+=4) { BN_ULONG t1,t2,t3,t4; t1=ap[i+0]; t2=ap[i+1]; t3=ap[i+2]; t4=ap[i+3]; rp[i+0]=t1; rp[i+1]=t2; rp[i+2]=t3; rp[i+3]=t4; } al+=4; for (; i<al; i++) rp[i]=ap[i]; # endif #else /* !MONT_WORD */ BIGNUM *t1,*t2; BN_CTX_start(ctx); t1 = BN_CTX_get(ctx); t2 = BN_CTX_get(ctx); if (t1 == NULL || t2 == NULL) goto err; if (!BN_copy(t1,a)) goto err; BN_mask_bits(t1,mont->ri); if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err; BN_mask_bits(t2,mont->ri); if (!BN_mul(t1,t2,&mont->N,ctx)) goto err; if (!BN_add(t2,a,t1)) goto err; if (!BN_rshift(ret,t2,mont->ri)) goto err; #endif /* MONT_WORD */ #if !defined(BRANCH_FREE) || BRANCH_FREE==0 if (BN_ucmp(ret, &(mont->N)) >= 0) { if (!BN_usub(ret,ret,&(mont->N))) goto err; } #endif retn=1; bn_check_top(ret); err: BN_CTX_end(ctx); return(retn); }
int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { #if BN_BITS2 != 64 int i, top = a->top; int carry = 0; register BN_ULONG *r_d, *a_d = a->d; BN_ULONG t_d[BN_NIST_384_TOP], buf[BN_NIST_384_TOP]; if (!_is_set_384_data) { CRYPTO_w_lock(CRYPTO_LOCK_BN); if (!_is_set_384_data) _init_384_data(); CRYPTO_w_unlock(CRYPTO_LOCK_BN); } i = BN_ucmp(field, a); if (i == 0) { BN_zero(r); return 1; } else if (i > 0) return (r == a)? 1 : (BN_copy(r ,a) != NULL); if (top == BN_NIST_384_TOP) return BN_usub(r, a, field); if (r != a) { if (!bn_wexpand(r, BN_NIST_384_TOP)) return 0; r_d = r->d; nist_cp_bn(r_d, a_d, BN_NIST_384_TOP); } else r_d = a_d; nist_cp_bn_0(buf, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, BN_NIST_384_TOP); /*S1*/ nist_set_256(t_d, buf, 0, 0, 0, 0, 0, 23-4, 22-4, 21-4); /* left shift */ { register BN_ULONG *ap,t,c; ap = t_d; c=0; for (i = BN_NIST_256_TOP; i != 0; --i) { t= *ap; *(ap++)=((t<<1)|c)&BN_MASK2; c=(t & BN_TBIT)?1:0; } } if (bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), t_d, BN_NIST_256_TOP)) ++carry; /*S2 */ if (bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP)) ++carry; /*S3*/ nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21); if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP)) ++carry; /*S4*/ nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0); if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP)) ++carry; /*S5*/ nist_set_256(t_d, buf, 0, 0, 0, 0, 23-4, 22-4, 21-4, 20-4); if (bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), t_d, BN_NIST_256_TOP)) ++carry; /*S6*/ nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20); if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP)) ++carry; /*D1*/ nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23); if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) --carry; /*D2*/ nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0); if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) --carry; /*D3*/ nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0); if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) --carry; if (carry) { if (carry > 0) bn_sub_words(r_d, r_d, _384_data + BN_NIST_384_TOP * --carry, BN_NIST_384_TOP); else { carry = -carry; bn_add_words(r_d, r_d, _384_data + BN_NIST_384_TOP * --carry, BN_NIST_384_TOP); } } r->top = BN_NIST_384_TOP; bn_correct_top(r); if (BN_ucmp(r, field) >= 0) { bn_sub_words(r_d, r_d, _nist_p_384, BN_NIST_384_TOP); bn_correct_top(r); } bn_check_top(r); return 1; #else return 0; #endif }
static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, const BN_MONT_CTX *mont) { BN_ULONG *ap, *np, *rp, n0, v, carry; int nl, max, i; const BIGNUM *n = &mont->N; nl = n->top; if (nl == 0) { ret->top = 0; return 1; } max = (2 * nl); /* carry is stored separately */ if (bn_wexpand(r, max) == NULL) { return 0; } r->neg ^= n->neg; np = n->d; rp = r->d; /* clear the top words of T */ if (max > r->top) { memset(&rp[r->top], 0, (max - r->top) * sizeof(BN_ULONG)); } r->top = max; n0 = mont->n0[0]; for (carry = 0, i = 0; i < nl; i++, rp++) { v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2); v = (v + carry + rp[nl]) & BN_MASK2; carry |= (v != rp[nl]); carry &= (v <= rp[nl]); rp[nl] = v; } if (bn_wexpand(ret, nl) == NULL) { return 0; } ret->top = nl; ret->neg = r->neg; rp = ret->d; ap = &(r->d[nl]); { BN_ULONG *nrp; uintptr_t m; v = bn_sub_words(rp, ap, np, nl) - carry; /* if subtraction result is real, then trick unconditional memcpy below to * perform in-place "refresh" instead of actual copy. */ m = (0u - (uintptr_t)v); nrp = (BN_ULONG *)(((uintptr_t)rp & ~m) | ((uintptr_t)ap & m)); for (i = 0, nl -= 4; i < nl; i += 4) { BN_ULONG t1, t2, t3, t4; t1 = nrp[i + 0]; t2 = nrp[i + 1]; t3 = nrp[i + 2]; ap[i + 0] = 0; t4 = nrp[i + 3]; ap[i + 1] = 0; rp[i + 0] = t1; ap[i + 2] = 0; rp[i + 1] = t2; ap[i + 3] = 0; rp[i + 2] = t3; rp[i + 3] = t4; } for (nl += 4; i < nl; i++) { rp[i] = nrp[i], ap[i] = 0; } } bn_correct_top(r); bn_correct_top(ret); return 1; }
/* unsigned subtraction of b from a, a must be larger than b. */ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { int max,min,dif; register BN_ULONG t1,t2,*ap,*bp,*rp; int i,carry; #if defined(IRIX_CC_BUG) && !defined(LINT) int dummy; #endif bn_check_top(a); bn_check_top(b); max = a->top; min = b->top; dif = max - min; if (dif < 0) /* hmm... should not be happening */ { BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3); return(0); } if (bn_wexpand(r,max) == NULL) return(0); ap=a->d; bp=b->d; rp=r->d; #if 1 carry=0; for (i = min; i != 0; i--) { t1= *(ap++); t2= *(bp++); if (carry) { carry=(t1 <= t2); t1=(t1-t2-1)&BN_MASK2; } else { carry=(t1 < t2); t1=(t1-t2)&BN_MASK2; } #if defined(IRIX_CC_BUG) && !defined(LINT) dummy=t1; #endif *(rp++)=t1&BN_MASK2; } #else carry=bn_sub_words(rp,ap,bp,min); ap+=min; bp+=min; rp+=min; #endif if (carry) /* subtracted */ { if (!dif) /* error: a < b */ return 0; while (dif) { dif--; t1 = *(ap++); t2 = (t1-1)&BN_MASK2; *(rp++) = t2; if (t1) break; } } #if 0 TINYCLR_SSL_MEMCPY(rp,ap,sizeof(*rp)*(max-i)); #else if (rp != ap) { for (;;) { if (!dif--) break; rp[0]=ap[0]; if (!dif--) break; rp[1]=ap[1]; if (!dif--) break; rp[2]=ap[2]; if (!dif--) break; rp[3]=ap[3]; rp+=4; ap+=4; } } #endif r->top=max; r->neg=0; bn_correct_top(r); return(1); }
int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { int ret = 0; int top, al, bl; BIGNUM *rr; int i; BIGNUM *t = NULL; int j = 0, k; al = a->top; bl = b->top; if ((al == 0) || (bl == 0)) { BN_zero(r); return 1; } top = al + bl; BN_CTX_start(ctx); if ((r == a) || (r == b)) { if ((rr = BN_CTX_get(ctx)) == NULL) { goto err; } } else { rr = r; } rr->neg = a->neg ^ b->neg; i = al - bl; if (i == 0) { if (al == 8) { if (bn_wexpand(rr, 16) == NULL) { goto err; } rr->top = 16; bn_mul_comba8(rr->d, a->d, b->d); goto end; } } if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) { if (i >= -1 && i <= 1) { /* Find out the power of two lower or equal to the longest of the two numbers */ if (i >= 0) { j = BN_num_bits_word((BN_ULONG)al); } if (i == -1) { j = BN_num_bits_word((BN_ULONG)bl); } j = 1 << (j - 1); assert(j <= al || j <= bl); k = j + j; t = BN_CTX_get(ctx); if (t == NULL) { goto err; } if (al > j || bl > j) { if (bn_wexpand(t, k * 4) == NULL) { goto err; } if (bn_wexpand(rr, k * 4) == NULL) { goto err; } bn_mul_part_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d); } else { /* al <= j || bl <= j */ if (bn_wexpand(t, k * 2) == NULL) { goto err; } if (bn_wexpand(rr, k * 2) == NULL) { goto err; } bn_mul_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d); } rr->top = top; goto end; } } if (bn_wexpand(rr, top) == NULL) { goto err; } rr->top = top; bn_mul_normal(rr->d, a->d, al, b->d, bl); end: bn_correct_top(rr); if (r != rr) { BN_copy(r, rr); } ret = 1; err: BN_CTX_end(ctx); return ret; }