summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/bn
diff options
context:
space:
mode:
authorbeck <>2000-03-19 11:13:58 +0000
committerbeck <>2000-03-19 11:13:58 +0000
commit796d609550df3a33fc11468741c5d2f6d3df4c11 (patch)
tree6c6d539061caa20372dad0ac4ddb1dfae2fbe7fe /src/lib/libcrypto/bn
parent5be3114c1fd7e0dfea1e38d3abb4cbba75244419 (diff)
downloadopenbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.gz
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.bz2
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.zip
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
Diffstat (limited to 'src/lib/libcrypto/bn')
-rw-r--r--src/lib/libcrypto/bn/Makefile.ssl104
-rw-r--r--src/lib/libcrypto/bn/asm/README9
-rw-r--r--src/lib/libcrypto/bn/asm/alpha.s2415
-rw-r--r--src/lib/libcrypto/bn/asm/mips3.s143
-rw-r--r--src/lib/libcrypto/bn/bn.h135
-rw-r--r--src/lib/libcrypto/bn/bn_add.c4
-rw-r--r--src/lib/libcrypto/bn/bn_asm.c145
-rw-r--r--src/lib/libcrypto/bn/bn_comba.c345
-rw-r--r--src/lib/libcrypto/bn/bn_ctx.c144
-rw-r--r--src/lib/libcrypto/bn/bn_div.c206
-rw-r--r--src/lib/libcrypto/bn/bn_err.c2
-rw-r--r--src/lib/libcrypto/bn/bn_exp.c238
-rw-r--r--src/lib/libcrypto/bn/bn_exp2.c14
-rw-r--r--src/lib/libcrypto/bn/bn_gcd.c28
-rw-r--r--src/lib/libcrypto/bn/bn_lcl.h125
-rw-r--r--src/lib/libcrypto/bn/bn_lib.c60
-rw-r--r--src/lib/libcrypto/bn/bn_mont.c313
-rw-r--r--src/lib/libcrypto/bn/bn_mul.c247
-rw-r--r--src/lib/libcrypto/bn/bn_opts.c324
-rw-r--r--src/lib/libcrypto/bn/bn_prime.c378
-rw-r--r--src/lib/libcrypto/bn/bn_prime.h4
-rw-r--r--src/lib/libcrypto/bn/bn_prime.pl69
-rw-r--r--src/lib/libcrypto/bn/bn_print.c23
-rw-r--r--src/lib/libcrypto/bn/bn_rand.c25
-rw-r--r--src/lib/libcrypto/bn/bn_recp.c43
-rw-r--r--src/lib/libcrypto/bn/bn_sqr.c25
-rw-r--r--src/lib/libcrypto/bn/bn_word.c2
-rw-r--r--src/lib/libcrypto/bn/bnspeed.c2
-rw-r--r--src/lib/libcrypto/bn/bntest.c239
-rw-r--r--src/lib/libcrypto/bn/comba.pl285
-rw-r--r--src/lib/libcrypto/bn/d.c72
-rw-r--r--src/lib/libcrypto/bn/divtest.c41
-rw-r--r--src/lib/libcrypto/bn/exp.c2
-rw-r--r--src/lib/libcrypto/bn/expspeed.c2
-rw-r--r--src/lib/libcrypto/bn/exptest.c15
-rw-r--r--src/lib/libcrypto/bn/new23
-rw-r--r--src/lib/libcrypto/bn/old/b_sqr.c199
-rw-r--r--src/lib/libcrypto/bn/old/bn_com.c90
-rw-r--r--src/lib/libcrypto/bn/old/bn_high.c135
-rw-r--r--src/lib/libcrypto/bn/old/bn_ka.c567
-rw-r--r--src/lib/libcrypto/bn/old/bn_low.c194
-rw-r--r--src/lib/libcrypto/bn/old/bn_m.c139
-rw-r--r--src/lib/libcrypto/bn/old/bn_mul.c.works219
-rw-r--r--src/lib/libcrypto/bn/old/bn_wmul.c173
-rw-r--r--src/lib/libcrypto/bn/old/build3
-rw-r--r--src/lib/libcrypto/bn/old/info22
-rw-r--r--src/lib/libcrypto/bn/old/test.works205
-rw-r--r--src/lib/libcrypto/bn/test.c241
48 files changed, 3591 insertions, 4847 deletions
diff --git a/src/lib/libcrypto/bn/Makefile.ssl b/src/lib/libcrypto/bn/Makefile.ssl
index cf77869fab..fa23a43fa0 100644
--- a/src/lib/libcrypto/bn/Makefile.ssl
+++ b/src/lib/libcrypto/bn/Makefile.ssl
@@ -20,6 +20,13 @@ BN_ASM= bn_asm.o
20#BN_ASM= bn86-elf.o 20#BN_ASM= bn86-elf.o
21 21
22CFLAGS= $(INCLUDES) $(CFLAG) 22CFLAGS= $(INCLUDES) $(CFLAG)
23
24# We let the C compiler driver to take care of .s files. This is done in
25# order to be excused from maintaining a separate set of architecture
26# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
27# gcc, then the driver will automatically translate it to -xarch=v8plus
28# and pass it down to assembler.
29AS=$(CC) -c
23ASFLAGS=$(CFLAGS) 30ASFLAGS=$(CFLAGS)
24 31
25GENERAL=Makefile 32GENERAL=Makefile
@@ -27,12 +34,12 @@ TEST=bntest.c exptest.c
27APPS= 34APPS=
28 35
29LIB=$(TOP)/libcrypto.a 36LIB=$(TOP)/libcrypto.a
30LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mul.c \ 37LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \
31 bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ 38 bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
32 bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c bn_recp.c bn_mont.c \ 39 bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c bn_recp.c bn_mont.c \
33 bn_mpi.c bn_exp2.c 40 bn_mpi.c bn_exp2.c
34 41
35LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_mul.o \ 42LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o \
36 bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \ 43 bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
37 bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) bn_recp.o bn_mont.o \ 44 bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) bn_recp.o bn_mont.o \
38 bn_mpi.o bn_exp2.o 45 bn_mpi.o bn_exp2.o
@@ -49,12 +56,14 @@ top:
49 56
50all: lib 57all: lib
51 58
52knuth: bn_knuth.c 59bn_prime.h: bn_prime.pl
53 cc -pg -I.. -I../../include bn_knuth.c -o knuth $(LIB) #../../../libefence.a 60 $(PERL) bn_prime.pl >bn_prime.h
54 61
55knuth.fast: bn_knuth.c 62divtest: divtest.c ../../libcrypto.a
56 cc -pg -fast -I.. -I../../include bn_knuth.c -o knuth $(LIB) #../../../libefence.a 63 cc -I../../include divtest.c -o divtest ../../libcrypto.a
57 64
65bnbug: bnbug.c ../../libcrypto.a top
66 cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a
58 67
59lib: $(LIBOBJ) 68lib: $(LIBOBJ)
60 $(AR) $(LIB) $(LIBOBJ) 69 $(AR) $(LIB) $(LIBOBJ)
@@ -113,13 +122,6 @@ asm/sparcv8plus-gcc27.o: asm/sparcv8plus.S
113 $(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \ 122 $(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \
114 /usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o 123 /usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o
115 124
116# MIPS 64 bit assember
117asm/mips3.o: asm/mips3.s
118
119# MIPS 32 bit assember
120asm/mips1.o: asm/mips1.s
121 /usr/bin/as -O2 -o asm/mips1.o asm/mips1.s
122
123files: 125files:
124 $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO 126 $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
125 127
@@ -168,109 +170,117 @@ bn_add.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
168bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 170bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
169bn_add.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 171bn_add.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
170bn_add.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 172bn_add.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
171bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h 173bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
172bn_add.o: ../cryptlib.h bn_lcl.h 174bn_add.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
173bn_asm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 175bn_asm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
174bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 176bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
175bn_asm.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 177bn_asm.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
176bn_asm.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 178bn_asm.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
177bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h 179bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
178bn_asm.o: ../cryptlib.h bn_lcl.h 180bn_asm.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
179bn_blind.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 181bn_blind.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
180bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 182bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
181bn_blind.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 183bn_blind.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
182bn_blind.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 184bn_blind.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
183bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h 185bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
184bn_blind.o: ../cryptlib.h bn_lcl.h 186bn_blind.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
187bn_ctx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
188bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
189bn_ctx.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
190bn_ctx.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
191bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
192bn_ctx.o: ../../include/openssl/stack.h ../cryptlib.h
185bn_div.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 193bn_div.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
186bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 194bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
187bn_div.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 195bn_div.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
188bn_div.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 196bn_div.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
189bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h 197bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
190bn_div.o: ../cryptlib.h bn_lcl.h 198bn_div.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
191bn_err.o: ../../include/openssl/bn.h ../../include/openssl/err.h 199bn_err.o: ../../include/openssl/bn.h ../../include/openssl/err.h
192bn_err.o: ../../include/openssl/opensslconf.h 200bn_err.o: ../../include/openssl/opensslconf.h
193bn_exp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 201bn_exp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
194bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 202bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
195bn_exp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 203bn_exp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
196bn_exp.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 204bn_exp.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
197bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h 205bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
198bn_exp.o: ../cryptlib.h bn_lcl.h 206bn_exp.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
199bn_exp2.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 207bn_exp2.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
200bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 208bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
201bn_exp2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 209bn_exp2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
202bn_exp2.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 210bn_exp2.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
203bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h 211bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
204bn_exp2.o: ../cryptlib.h bn_lcl.h 212bn_exp2.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
205bn_gcd.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 213bn_gcd.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
206bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 214bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
207bn_gcd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 215bn_gcd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
208bn_gcd.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 216bn_gcd.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
209bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h 217bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
210bn_gcd.o: ../cryptlib.h bn_lcl.h 218bn_gcd.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
211bn_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 219bn_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
212bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 220bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
213bn_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 221bn_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
214bn_lib.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 222bn_lib.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
215bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h 223bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
216bn_lib.o: ../cryptlib.h bn_lcl.h 224bn_lib.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
217bn_mont.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 225bn_mont.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
218bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 226bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
219bn_mont.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 227bn_mont.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
220bn_mont.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 228bn_mont.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
221bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h 229bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
222bn_mont.o: ../cryptlib.h bn_lcl.h 230bn_mont.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
223bn_mpi.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 231bn_mpi.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
224bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 232bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
225bn_mpi.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 233bn_mpi.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
226bn_mpi.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 234bn_mpi.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
227bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h 235bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
228bn_mpi.o: ../cryptlib.h bn_lcl.h 236bn_mpi.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
229bn_mul.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 237bn_mul.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
230bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 238bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
231bn_mul.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 239bn_mul.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
232bn_mul.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 240bn_mul.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
233bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h 241bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
234bn_mul.o: ../cryptlib.h bn_lcl.h 242bn_mul.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
235bn_prime.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 243bn_prime.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
236bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 244bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
237bn_prime.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 245bn_prime.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
238bn_prime.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 246bn_prime.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
239bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h 247bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
240bn_prime.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h bn_prime.h 248bn_prime.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
249bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.h
241bn_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 250bn_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
242bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 251bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
243bn_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 252bn_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
244bn_print.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 253bn_print.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
245bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h 254bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
246bn_print.o: ../cryptlib.h bn_lcl.h 255bn_print.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
247bn_rand.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 256bn_rand.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
248bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 257bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
249bn_rand.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 258bn_rand.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
250bn_rand.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 259bn_rand.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
251bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h 260bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
252bn_rand.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h 261bn_rand.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
262bn_rand.o: ../cryptlib.h bn_lcl.h
253bn_recp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 263bn_recp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
254bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 264bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
255bn_recp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 265bn_recp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
256bn_recp.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 266bn_recp.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
257bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h 267bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
258bn_recp.o: ../cryptlib.h bn_lcl.h 268bn_recp.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
259bn_shift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 269bn_shift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
260bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 270bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
261bn_shift.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 271bn_shift.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
262bn_shift.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 272bn_shift.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
263bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h 273bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
264bn_shift.o: ../cryptlib.h bn_lcl.h 274bn_shift.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
265bn_sqr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 275bn_sqr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
266bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 276bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
267bn_sqr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 277bn_sqr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
268bn_sqr.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 278bn_sqr.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
269bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h 279bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
270bn_sqr.o: ../cryptlib.h bn_lcl.h 280bn_sqr.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
271bn_word.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 281bn_word.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
272bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 282bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
273bn_word.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 283bn_word.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
274bn_word.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 284bn_word.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
275bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h 285bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
276bn_word.o: ../cryptlib.h bn_lcl.h 286bn_word.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
diff --git a/src/lib/libcrypto/bn/asm/README b/src/lib/libcrypto/bn/asm/README
index d93fbff77f..86bf64cfc2 100644
--- a/src/lib/libcrypto/bn/asm/README
+++ b/src/lib/libcrypto/bn/asm/README
@@ -1,5 +1,5 @@
1All assember in this directory are just version of the file 1All assember in this directory are just version of the file
2crypto/bn/bn_mulw.c. 2crypto/bn/bn_asm.c.
3 3
4Quite a few of these files are just the assember output from gcc since on 4Quite a few of these files are just the assember output from gcc since on
5quite a few machines they are 2 times faster than the system compiler. 5quite a few machines they are 2 times faster than the system compiler.
@@ -15,13 +15,6 @@ On the 2 alpha C compilers I had access to, it was not possible to do
15were 64 bits). So the hand assember gives access to the 128 bit result and 15were 64 bits). So the hand assember gives access to the 128 bit result and
16a 2 times speedup :-). 16a 2 times speedup :-).
17 17
18The x86xxxx.obj files are the assembled version of x86xxxx.asm files.
19I had such a hard time finding a macro assember for Microsoft, I decided to
20include the object file to save others the hassle :-).
21
22I have also included uu encoded versions of the .obj incase they get
23trashed.
24
25There are 2 versions of assember for the HP PA-RISC. 18There are 2 versions of assember for the HP PA-RISC.
26pa-risc.s is the origional one which works fine. 19pa-risc.s is the origional one which works fine.
27pa-risc2.s is a new version that often generates warnings but if the 20pa-risc2.s is a new version that often generates warnings but if the
diff --git a/src/lib/libcrypto/bn/asm/alpha.s b/src/lib/libcrypto/bn/asm/alpha.s
index a351694ca2..555ff0b92d 100644
--- a/src/lib/libcrypto/bn/asm/alpha.s
+++ b/src/lib/libcrypto/bn/asm/alpha.s
@@ -694,567 +694,1868 @@ bn_mul_comba8:
694bn_mul_comba8..ng: 694bn_mul_comba8..ng:
695 .frame $30,0,$26,0 695 .frame $30,0,$26,0
696 .prologue 0 696 .prologue 0
697 697 ldq $1, 0($17)
698 subq $30, 16, $30 698 ldq $2, 0($18)
699 ldq $0, 0($17) 699 zapnot $1, 15, $7
700 srl $2, 32, $8
701 mulq $8, $7, $22
702 srl $1, 32, $6
703 zapnot $2, 15, $5
704 mulq $5, $6, $4
705 mulq $7, $5, $24
706 addq $22, $4, $22
707 cmpult $22, $4, $1
708 mulq $6, $8, $3
709 beq $1, $173
710 bis $31, 1, $1
711 sll $1, 32, $1
712 addq $3, $1, $3
713$173:
714 sll $22, 32, $4
715 addq $24, $4, $24
716 stq $24, 0($16)
717 ldq $2, 0($17)
718 ldq $1, 8($18)
719 zapnot $2, 15, $7
720 srl $1, 32, $8
721 mulq $8, $7, $25
722 zapnot $1, 15, $5
723 mulq $7, $5, $0
724 srl $2, 32, $6
725 mulq $5, $6, $23
726 mulq $6, $8, $6
727 srl $22, 32, $1
728 cmpult $24, $4, $2
729 addq $3, $1, $3
730 addq $2, $3, $22
731 addq $25, $23, $25
732 cmpult $25, $23, $1
733 bis $31, 1, $2
734 beq $1, $177
735 sll $2, 32, $1
736 addq $6, $1, $6
737$177:
738 sll $25, 32, $23
700 ldq $1, 0($18) 739 ldq $1, 0($18)
701 stq $9, 0($30) 740 addq $0, $23, $0
702 stq $10, 8($30) 741 bis $0, $0, $7
703 ldq $2, 8($17) 742 ldq $3, 8($17)
704 ldq $3, 8($18) 743 addq $22, $7, $22
705 ldq $4, 16($17) 744 srl $1, 32, $8
706 ldq $5, 16($18) 745 cmpult $22, $7, $4
707 ldq $6, 24($17) 746 zapnot $3, 15, $7
708 ldq $7, 24($18) 747 mulq $8, $7, $28
709 ldq $8, 8($17) 748 zapnot $1, 15, $5
710 ldq $22, 8($18) 749 mulq $7, $5, $21
711 ldq $23, 8($17) 750 srl $25, 32, $1
712 ldq $24, 8($18) 751 cmpult $0, $23, $2
713 ldq $25, 8($17) 752 addq $6, $1, $6
714 ldq $27, 8($18) 753 addq $2, $6, $6
715 ldq $28, 8($17) 754 addq $4, $6, $24
716 ldq $21, 8($18) 755 srl $3, 32, $6
717 bis $31, $31, $9 756 mulq $5, $6, $2
718 mulq $0, $1, $20 757 mulq $6, $8, $6
719 umulh $0, $1, $19 758 addq $28, $2, $28
720 stq $20, 0($16) 759 cmpult $28, $2, $1
721 bis $31, $31, $20 760 bis $31, 1, $2
722 mulq $0, $3, $10 761 beq $1, $181
723 umulh $0, $3, $17 762 sll $2, 32, $1
724 addq $19, $10, $19 763 addq $6, $1, $6
725 cmpult $19, $10, $18 764$181:
726 addq $18, $17, $17 765 sll $28, 32, $2
727 addq $9, $17, $9 766 addq $21, $2, $21
728 cmpult $9, $17, $10 767 bis $21, $21, $7
729 addq $20, $10, $20 768 addq $22, $7, $22
730 mulq $2, $1, $18 769 stq $22, 8($16)
731 umulh $2, $1, $17 770 ldq $3, 16($17)
732 addq $19, $18, $19 771 ldq $1, 0($18)
733 cmpult $19, $18, $10 772 cmpult $22, $7, $4
734 addq $10, $17, $17 773 zapnot $3, 15, $7
735 addq $9, $17, $9 774 srl $1, 32, $8
736 cmpult $9, $17, $18 775 mulq $8, $7, $22
737 addq $20, $18, $20 776 zapnot $1, 15, $5
738 stq $19, 8($16) 777 mulq $7, $5, $20
739 bis $31, $31, $19 778 srl $28, 32, $1
740 mulq $0, $5, $10 779 cmpult $21, $2, $2
741 umulh $0, $5, $17 780 addq $6, $1, $6
742 addq $9, $10, $9 781 addq $2, $6, $6
743 cmpult $9, $10, $18 782 addq $4, $6, $6
744 addq $18, $17, $17 783 addq $24, $6, $24
745 addq $20, $17, $20 784 cmpult $24, $6, $23
746 cmpult $20, $17, $10 785 srl $3, 32, $6
747 addq $19, $10, $19 786 mulq $5, $6, $2
748 mulq $2, $3, $18 787 mulq $6, $8, $6
749 umulh $2, $3, $17 788 addq $22, $2, $22
750 addq $9, $18, $9 789 cmpult $22, $2, $1
751 cmpult $9, $18, $10 790 bis $31, 1, $2
752 addq $10, $17, $17 791 beq $1, $185
753 addq $20, $17, $20 792 sll $2, 32, $1
754 cmpult $20, $17, $18 793 addq $6, $1, $6
755 addq $19, $18, $19 794$185:
756 mulq $4, $1, $10 795 sll $22, 32, $2
757 umulh $4, $1, $17 796 ldq $1, 8($18)
758 addq $9, $10, $9
759 cmpult $9, $10, $18
760 addq $18, $17, $17
761 addq $20, $17, $20
762 cmpult $20, $17, $10
763 addq $19, $10, $19
764 stq $9, 16($16)
765 bis $31, $31, $9
766 mulq $0, $7, $18
767 umulh $0, $7, $17
768 addq $20, $18, $20
769 cmpult $20, $18, $10
770 addq $10, $17, $17
771 addq $19, $17, $19
772 cmpult $19, $17, $18
773 addq $9, $18, $9
774 mulq $2, $5, $10
775 umulh $2, $5, $17
776 addq $20, $10, $20
777 cmpult $20, $10, $18
778 addq $18, $17, $17
779 addq $19, $17, $19
780 cmpult $19, $17, $10
781 addq $9, $10, $9
782 mulq $4, $3, $18
783 umulh $4, $3, $17
784 addq $20, $18, $20
785 cmpult $20, $18, $10
786 addq $10, $17, $17
787 addq $19, $17, $19
788 cmpult $19, $17, $18
789 addq $9, $18, $9
790 mulq $6, $1, $10
791 umulh $6, $1, $17
792 addq $20, $10, $20
793 cmpult $20, $10, $18
794 addq $18, $17, $17
795 addq $19, $17, $19
796 cmpult $19, $17, $10
797 addq $9, $10, $9
798 stq $20, 24($16)
799 bis $31, $31, $20
800 mulq $0, $22, $18
801 umulh $0, $22, $17
802 addq $19, $18, $19
803 cmpult $19, $18, $10
804 addq $10, $17, $17
805 addq $9, $17, $9
806 cmpult $9, $17, $18
807 addq $20, $18, $20
808 mulq $2, $7, $10
809 umulh $2, $7, $17
810 addq $19, $10, $19
811 cmpult $19, $10, $18
812 addq $18, $17, $17
813 addq $9, $17, $9
814 cmpult $9, $17, $10
815 addq $20, $10, $20
816 mulq $4, $5, $18
817 umulh $4, $5, $17
818 addq $19, $18, $19
819 cmpult $19, $18, $10
820 addq $10, $17, $17
821 addq $9, $17, $9
822 cmpult $9, $17, $18
823 addq $20, $18, $20
824 mulq $6, $3, $10
825 umulh $6, $3, $17
826 addq $19, $10, $19
827 cmpult $19, $10, $18
828 addq $18, $17, $17
829 addq $9, $17, $9
830 cmpult $9, $17, $10
831 addq $20, $10, $20
832 mulq $8, $1, $18
833 umulh $8, $1, $17
834 addq $19, $18, $19
835 cmpult $19, $18, $10
836 addq $10, $17, $17
837 addq $9, $17, $9
838 cmpult $9, $17, $18
839 addq $20, $18, $20
840 stq $19, 32($16)
841 bis $31, $31, $19
842 mulq $0, $24, $10
843 umulh $0, $24, $17
844 addq $9, $10, $9
845 cmpult $9, $10, $18
846 addq $18, $17, $17
847 addq $20, $17, $20
848 cmpult $20, $17, $10
849 addq $19, $10, $19
850 mulq $2, $22, $18
851 umulh $2, $22, $17
852 addq $9, $18, $9
853 cmpult $9, $18, $10
854 addq $10, $17, $17
855 addq $20, $17, $20
856 cmpult $20, $17, $18
857 addq $19, $18, $19
858 mulq $4, $7, $10
859 umulh $4, $7, $17
860 addq $9, $10, $9
861 cmpult $9, $10, $18
862 addq $18, $17, $17
863 addq $20, $17, $20
864 cmpult $20, $17, $10
865 addq $19, $10, $19
866 mulq $6, $5, $18
867 umulh $6, $5, $17
868 addq $9, $18, $9
869 cmpult $9, $18, $10
870 addq $10, $17, $17
871 addq $20, $17, $20
872 cmpult $20, $17, $18
873 addq $19, $18, $19
874 mulq $8, $3, $10
875 umulh $8, $3, $17
876 addq $9, $10, $9
877 cmpult $9, $10, $18
878 addq $18, $17, $17
879 addq $20, $17, $20
880 cmpult $20, $17, $10
881 addq $19, $10, $19
882 mulq $23, $1, $18
883 umulh $23, $1, $17
884 addq $9, $18, $9
885 cmpult $9, $18, $10
886 addq $10, $17, $17
887 addq $20, $17, $20
888 cmpult $20, $17, $18
889 addq $19, $18, $19
890 stq $9, 40($16)
891 bis $31, $31, $9
892 mulq $0, $27, $10
893 umulh $0, $27, $17
894 addq $20, $10, $20
895 cmpult $20, $10, $18
896 addq $18, $17, $17
897 addq $19, $17, $19
898 cmpult $19, $17, $10
899 addq $9, $10, $9
900 mulq $2, $24, $18
901 umulh $2, $24, $17
902 addq $20, $18, $20
903 cmpult $20, $18, $10
904 addq $10, $17, $17
905 addq $19, $17, $19
906 cmpult $19, $17, $18
907 addq $9, $18, $9
908 mulq $4, $22, $10
909 umulh $4, $22, $17
910 addq $20, $10, $20
911 cmpult $20, $10, $18
912 addq $18, $17, $17
913 addq $19, $17, $19
914 cmpult $19, $17, $10
915 addq $9, $10, $9
916 mulq $6, $7, $18
917 umulh $6, $7, $17
918 addq $20, $18, $20
919 cmpult $20, $18, $10
920 addq $10, $17, $17
921 addq $19, $17, $19
922 cmpult $19, $17, $18
923 addq $9, $18, $9
924 mulq $8, $5, $10
925 umulh $8, $5, $17
926 addq $20, $10, $20
927 cmpult $20, $10, $18
928 addq $18, $17, $17
929 addq $19, $17, $19
930 cmpult $19, $17, $10
931 addq $9, $10, $9
932 mulq $23, $3, $18
933 umulh $23, $3, $17
934 addq $20, $18, $20
935 cmpult $20, $18, $10
936 addq $10, $17, $17
937 addq $19, $17, $19
938 cmpult $19, $17, $18
939 addq $9, $18, $9
940 mulq $25, $1, $10
941 umulh $25, $1, $17
942 addq $20, $10, $20
943 cmpult $20, $10, $18
944 addq $18, $17, $17
945 addq $19, $17, $19
946 cmpult $19, $17, $10
947 addq $9, $10, $9
948 stq $20, 48($16)
949 bis $31, $31, $20
950 mulq $0, $21, $18
951 umulh $0, $21, $17
952 addq $19, $18, $19
953 cmpult $19, $18, $10
954 addq $10, $17, $17
955 addq $9, $17, $9
956 cmpult $9, $17, $18
957 addq $20, $18, $20
958 mulq $2, $27, $10
959 umulh $2, $27, $17
960 addq $19, $10, $19
961 cmpult $19, $10, $18
962 addq $18, $17, $17
963 addq $9, $17, $9
964 cmpult $9, $17, $0
965 addq $20, $0, $20
966 mulq $4, $24, $10
967 umulh $4, $24, $18
968 addq $19, $10, $19
969 cmpult $19, $10, $17
970 addq $17, $18, $18
971 addq $9, $18, $9
972 cmpult $9, $18, $0
973 addq $20, $0, $20
974 mulq $6, $22, $10
975 umulh $6, $22, $17
976 addq $19, $10, $19
977 cmpult $19, $10, $18
978 addq $18, $17, $17
979 addq $9, $17, $9
980 cmpult $9, $17, $0
981 addq $20, $0, $20
982 mulq $8, $7, $10
983 umulh $8, $7, $18
984 addq $19, $10, $19
985 cmpult $19, $10, $17
986 addq $17, $18, $18
987 addq $9, $18, $9
988 cmpult $9, $18, $0
989 addq $20, $0, $20
990 mulq $23, $5, $10
991 umulh $23, $5, $17
992 addq $19, $10, $19
993 cmpult $19, $10, $18
994 addq $18, $17, $17
995 addq $9, $17, $9
996 cmpult $9, $17, $0
997 addq $20, $0, $20
998 mulq $25, $3, $10
999 umulh $25, $3, $18
1000 addq $19, $10, $19
1001 cmpult $19, $10, $17
1002 addq $17, $18, $18
1003 addq $9, $18, $9
1004 cmpult $9, $18, $0
1005 addq $20, $0, $20
1006 mulq $28, $1, $10
1007 umulh $28, $1, $17
1008 addq $19, $10, $19
1009 cmpult $19, $10, $18
1010 addq $18, $17, $17
1011 addq $9, $17, $9
1012 cmpult $9, $17, $0
1013 addq $20, $0, $20
1014 stq $19, 56($16)
1015 bis $31, $31, $19
1016 mulq $2, $21, $10
1017 umulh $2, $21, $18
1018 addq $9, $10, $9
1019 cmpult $9, $10, $17
1020 addq $17, $18, $18
1021 addq $20, $18, $20
1022 cmpult $20, $18, $0
1023 addq $19, $0, $19
1024 mulq $4, $27, $1
1025 umulh $4, $27, $10
1026 addq $9, $1, $9
1027 cmpult $9, $1, $17
1028 addq $17, $10, $10
1029 addq $20, $10, $20
1030 cmpult $20, $10, $18
1031 addq $19, $18, $19
1032 mulq $6, $24, $0
1033 umulh $6, $24, $2
1034 addq $9, $0, $9
1035 cmpult $9, $0, $1
1036 addq $1, $2, $2
1037 addq $20, $2, $20
1038 cmpult $20, $2, $17
1039 addq $19, $17, $19
1040 mulq $8, $22, $10
1041 umulh $8, $22, $18
1042 addq $9, $10, $9
1043 cmpult $9, $10, $0
1044 addq $0, $18, $18
1045 addq $20, $18, $20
1046 cmpult $20, $18, $1
1047 addq $19, $1, $19
1048 mulq $23, $7, $2
1049 umulh $23, $7, $17
1050 addq $9, $2, $9
1051 cmpult $9, $2, $10
1052 addq $10, $17, $17
1053 addq $20, $17, $20
1054 cmpult $20, $17, $0
1055 addq $19, $0, $19
1056 mulq $25, $5, $18
1057 umulh $25, $5, $1
1058 addq $9, $18, $9
1059 cmpult $9, $18, $2
1060 addq $2, $1, $1
1061 addq $20, $1, $20
1062 cmpult $20, $1, $10
1063 addq $19, $10, $19
1064 mulq $28, $3, $17
1065 umulh $28, $3, $0
1066 addq $9, $17, $9
1067 cmpult $9, $17, $18
1068 addq $18, $0, $0
1069 addq $20, $0, $20
1070 cmpult $20, $0, $2
1071 addq $19, $2, $19
1072 stq $9, 64($16)
1073 bis $31, $31, $9
1074 mulq $4, $21, $1
1075 umulh $4, $21, $10
1076 addq $20, $1, $20
1077 cmpult $20, $1, $17
1078 addq $17, $10, $10
1079 addq $19, $10, $19
1080 cmpult $19, $10, $18
1081 addq $9, $18, $9
1082 mulq $6, $27, $0
1083 umulh $6, $27, $2
1084 addq $20, $0, $20
1085 cmpult $20, $0, $3
1086 addq $3, $2, $2
1087 addq $19, $2, $19
1088 cmpult $19, $2, $1
1089 addq $9, $1, $9
1090 mulq $8, $24, $17
1091 umulh $8, $24, $10
1092 addq $20, $17, $20
1093 cmpult $20, $17, $18
1094 addq $18, $10, $10
1095 addq $19, $10, $19
1096 cmpult $19, $10, $4
1097 addq $9, $4, $9
1098 mulq $23, $22, $0
1099 umulh $23, $22, $3
1100 addq $20, $0, $20
1101 cmpult $20, $0, $2
1102 addq $2, $3, $3
1103 addq $19, $3, $19
1104 cmpult $19, $3, $1
1105 addq $9, $1, $9
1106 mulq $25, $7, $17
1107 umulh $25, $7, $18
1108 addq $20, $17, $20
1109 cmpult $20, $17, $10
1110 addq $10, $18, $18
1111 addq $19, $18, $19
1112 cmpult $19, $18, $4
1113 addq $9, $4, $9
1114 mulq $28, $5, $0
1115 umulh $28, $5, $2
1116 addq $20, $0, $20
1117 cmpult $20, $0, $3
1118 addq $3, $2, $2
1119 addq $19, $2, $19
1120 cmpult $19, $2, $1
1121 addq $9, $1, $9
1122 stq $20, 72($16)
1123 bis $31, $31, $20
1124 mulq $6, $21, $17
1125 umulh $6, $21, $10
1126 addq $19, $17, $19
1127 cmpult $19, $17, $18
1128 addq $18, $10, $10
1129 addq $9, $10, $9
1130 cmpult $9, $10, $4
1131 addq $20, $4, $20
1132 mulq $8, $27, $0
1133 umulh $8, $27, $3
1134 addq $19, $0, $19
1135 cmpult $19, $0, $2
1136 addq $2, $3, $3
1137 addq $9, $3, $9
1138 cmpult $9, $3, $1
1139 addq $20, $1, $20
1140 mulq $23, $24, $5
1141 umulh $23, $24, $17
1142 addq $19, $5, $19
1143 cmpult $19, $5, $18
1144 addq $18, $17, $17
1145 addq $9, $17, $9
1146 cmpult $9, $17, $10
1147 addq $20, $10, $20
1148 mulq $25, $22, $4
1149 umulh $25, $22, $6
1150 addq $19, $4, $19
1151 cmpult $19, $4, $0
1152 addq $0, $6, $6
1153 addq $9, $6, $9
1154 cmpult $9, $6, $2
1155 addq $20, $2, $20
1156 mulq $28, $7, $3
1157 umulh $28, $7, $1
1158 addq $19, $3, $19
1159 cmpult $19, $3, $5
1160 addq $5, $1, $1
1161 addq $9, $1, $9
1162 cmpult $9, $1, $18
1163 addq $20, $18, $20
1164 stq $19, 80($16)
1165 bis $31, $31, $19
1166 mulq $8, $21, $17
1167 umulh $8, $21, $10
1168 addq $9, $17, $9
1169 cmpult $9, $17, $4
1170 addq $4, $10, $10
1171 addq $20, $10, $20
1172 cmpult $20, $10, $0
1173 addq $19, $0, $19
1174 mulq $23, $27, $6
1175 umulh $23, $27, $2
1176 addq $9, $6, $9
1177 cmpult $9, $6, $3
1178 addq $3, $2, $2
1179 addq $20, $2, $20 797 addq $20, $2, $20
1180 cmpult $20, $2, $5 798 bis $20, $20, $7
1181 addq $19, $5, $19 799 ldq $4, 8($17)
1182 mulq $25, $24, $1 800 addq $24, $7, $24
1183 umulh $25, $24, $18 801 srl $1, 32, $8
1184 addq $9, $1, $9 802 cmpult $24, $7, $3
1185 cmpult $9, $1, $7 803 zapnot $4, 15, $7
1186 addq $7, $18, $18 804 mulq $8, $7, $25
1187 addq $20, $18, $20 805 zapnot $1, 15, $5
1188 cmpult $20, $18, $17 806 mulq $7, $5, $0
1189 addq $19, $17, $19 807 srl $22, 32, $1
1190 mulq $28, $22, $4 808 cmpult $20, $2, $2
1191 umulh $28, $22, $10 809 addq $6, $1, $6
1192 addq $9, $4, $9 810 addq $2, $6, $6
1193 cmpult $9, $4, $0 811 addq $3, $6, $6
1194 addq $0, $10, $10 812 addq $23, $6, $23
1195 addq $20, $10, $20 813 cmpult $23, $6, $22
1196 cmpult $20, $10, $8 814 srl $4, 32, $6
1197 addq $19, $8, $19 815 mulq $5, $6, $5
1198 stq $9, 88($16) 816 bis $31, 1, $21
1199 bis $31, $31, $9 817 addq $25, $5, $25
1200 mulq $23, $21, $6 818 cmpult $25, $5, $1
1201 umulh $23, $21, $3 819 mulq $6, $8, $6
1202 addq $20, $6, $20 820 beq $1, $189
1203 cmpult $20, $6, $2 821 sll $21, 32, $1
1204 addq $2, $3, $3 822 addq $6, $1, $6
1205 addq $19, $3, $19 823$189:
1206 cmpult $19, $3, $5 824 sll $25, 32, $5
1207 addq $9, $5, $9 825 ldq $2, 16($18)
1208 mulq $25, $27, $1 826 addq $0, $5, $0
1209 umulh $25, $27, $7 827 bis $0, $0, $7
1210 addq $20, $1, $20 828 ldq $4, 0($17)
1211 cmpult $20, $1, $18 829 addq $24, $7, $24
1212 addq $18, $7, $7 830 srl $2, 32, $8
1213 addq $19, $7, $19 831 cmpult $24, $7, $3
1214 cmpult $19, $7, $17 832 zapnot $4, 15, $7
1215 addq $9, $17, $9 833 mulq $8, $7, $28
1216 mulq $28, $24, $4 834 srl $25, 32, $1
1217 umulh $28, $24, $0 835 addq $6, $1, $6
1218 addq $20, $4, $20 836 cmpult $0, $5, $1
1219 cmpult $20, $4, $10 837 zapnot $2, 15, $5
1220 addq $10, $0, $0 838 addq $1, $6, $6
1221 addq $19, $0, $19 839 addq $3, $6, $6
1222 cmpult $19, $0, $8 840 addq $23, $6, $23
1223 addq $9, $8, $9 841 cmpult $23, $6, $1
1224 stq $20, 96($16) 842 srl $4, 32, $6
1225 bis $31, $31, $20 843 mulq $5, $6, $25
1226 mulq $25, $21, $22 844 mulq $7, $5, $2
1227 umulh $25, $21, $6 845 addq $1, $22, $22
1228 addq $19, $22, $19 846 addq $28, $25, $28
1229 cmpult $19, $22, $2 847 cmpult $28, $25, $1
848 mulq $6, $8, $6
849 beq $1, $193
850 sll $21, 32, $1
851 addq $6, $1, $6
852$193:
853 sll $28, 32, $25
854 addq $2, $25, $2
855 bis $2, $2, $7
856 addq $24, $7, $24
857 stq $24, 16($16)
858 ldq $4, 0($17)
859 ldq $5, 24($18)
860 cmpult $24, $7, $3
861 zapnot $4, 15, $7
862 srl $5, 32, $8
863 mulq $8, $7, $0
864 srl $28, 32, $1
865 cmpult $2, $25, $2
866 addq $6, $1, $6
867 addq $2, $6, $6
868 addq $3, $6, $6
869 addq $23, $6, $23
870 cmpult $23, $6, $1
871 srl $4, 32, $6
872 zapnot $5, 15, $5
873 mulq $5, $6, $24
874 mulq $7, $5, $2
875 addq $1, $22, $22
876 addq $0, $24, $0
877 cmpult $0, $24, $1
878 mulq $6, $8, $6
879 beq $1, $197
880 sll $21, 32, $1
881 addq $6, $1, $6
882$197:
883 sll $0, 32, $24
884 ldq $1, 16($18)
885 addq $2, $24, $2
886 bis $2, $2, $7
887 ldq $4, 8($17)
888 addq $23, $7, $23
889 srl $1, 32, $8
890 cmpult $23, $7, $3
891 zapnot $4, 15, $7
892 mulq $8, $7, $25
893 zapnot $1, 15, $5
894 mulq $7, $5, $21
895 srl $0, 32, $1
896 cmpult $2, $24, $2
897 addq $6, $1, $6
898 addq $2, $6, $6
899 addq $3, $6, $6
900 addq $22, $6, $22
901 cmpult $22, $6, $24
902 srl $4, 32, $6
903 mulq $5, $6, $5
904 bis $31, 1, $20
905 addq $25, $5, $25
906 cmpult $25, $5, $1
907 mulq $6, $8, $6
908 beq $1, $201
909 sll $20, 32, $1
910 addq $6, $1, $6
911$201:
912 sll $25, 32, $5
913 ldq $2, 8($18)
914 addq $21, $5, $21
915 bis $21, $21, $7
916 ldq $4, 16($17)
917 addq $23, $7, $23
918 srl $2, 32, $8
919 cmpult $23, $7, $3
920 zapnot $4, 15, $7
921 mulq $8, $7, $28
922 srl $25, 32, $1
923 addq $6, $1, $6
924 cmpult $21, $5, $1
925 zapnot $2, 15, $5
926 addq $1, $6, $6
927 addq $3, $6, $6
928 addq $22, $6, $22
929 cmpult $22, $6, $1
930 srl $4, 32, $6
931 mulq $5, $6, $25
932 mulq $7, $5, $5
933 addq $1, $24, $24
934 addq $28, $25, $28
935 cmpult $28, $25, $1
936 mulq $6, $8, $6
937 beq $1, $205
938 sll $20, 32, $1
939 addq $6, $1, $6
940$205:
941 sll $28, 32, $25
942 ldq $2, 0($18)
943 addq $5, $25, $5
944 bis $5, $5, $7
945 ldq $4, 24($17)
946 addq $23, $7, $23
947 srl $2, 32, $8
948 cmpult $23, $7, $3
949 zapnot $4, 15, $7
950 mulq $8, $7, $0
951 srl $28, 32, $1
952 addq $6, $1, $6
953 cmpult $5, $25, $1
954 zapnot $2, 15, $5
955 addq $1, $6, $6
956 addq $3, $6, $6
957 addq $22, $6, $22
958 cmpult $22, $6, $1
959 srl $4, 32, $6
960 mulq $5, $6, $25
961 mulq $7, $5, $2
962 addq $1, $24, $24
963 addq $0, $25, $0
964 cmpult $0, $25, $1
965 mulq $6, $8, $6
966 beq $1, $209
967 sll $20, 32, $1
968 addq $6, $1, $6
969$209:
970 sll $0, 32, $25
971 addq $2, $25, $2
972 bis $2, $2, $7
973 addq $23, $7, $23
974 stq $23, 24($16)
975 ldq $4, 32($17)
976 ldq $5, 0($18)
977 cmpult $23, $7, $3
978 zapnot $4, 15, $7
979 srl $5, 32, $8
980 mulq $8, $7, $28
981 srl $0, 32, $1
982 cmpult $2, $25, $2
983 addq $6, $1, $6
984 addq $2, $6, $6
985 addq $3, $6, $6
986 addq $22, $6, $22
987 cmpult $22, $6, $1
988 srl $4, 32, $6
989 zapnot $5, 15, $5
990 mulq $5, $6, $23
991 mulq $7, $5, $2
992 addq $1, $24, $24
993 addq $28, $23, $28
994 cmpult $28, $23, $1
995 mulq $6, $8, $6
996 beq $1, $213
997 sll $20, 32, $1
998 addq $6, $1, $6
999$213:
1000 sll $28, 32, $23
1001 ldq $1, 8($18)
1002 addq $2, $23, $2
1003 bis $2, $2, $7
1004 ldq $4, 24($17)
1005 addq $22, $7, $22
1006 srl $1, 32, $8
1007 cmpult $22, $7, $3
1008 zapnot $4, 15, $7
1009 mulq $8, $7, $25
1010 zapnot $1, 15, $5
1011 mulq $7, $5, $0
1012 srl $28, 32, $1
1013 cmpult $2, $23, $2
1014 addq $6, $1, $6
1230 addq $2, $6, $6 1015 addq $2, $6, $6
1231 addq $9, $6, $9 1016 addq $3, $6, $6
1232 cmpult $9, $6, $3 1017 addq $24, $6, $24
1233 addq $20, $3, $20 1018 cmpult $24, $6, $23
1234 mulq $28, $27, $5 1019 srl $4, 32, $6
1235 umulh $28, $27, $23 1020 mulq $5, $6, $5
1236 addq $19, $5, $19 1021 bis $31, 1, $21
1237 cmpult $19, $5, $1 1022 addq $25, $5, $25
1023 cmpult $25, $5, $1
1024 mulq $6, $8, $6
1025 beq $1, $217
1026 sll $21, 32, $1
1027 addq $6, $1, $6
1028$217:
1029 sll $25, 32, $5
1030 ldq $2, 16($18)
1031 addq $0, $5, $0
1032 bis $0, $0, $7
1033 ldq $4, 16($17)
1034 addq $22, $7, $22
1035 srl $2, 32, $8
1036 cmpult $22, $7, $3
1037 zapnot $4, 15, $7
1038 mulq $8, $7, $28
1039 srl $25, 32, $1
1040 addq $6, $1, $6
1041 cmpult $0, $5, $1
1042 zapnot $2, 15, $5
1043 addq $1, $6, $6
1044 addq $3, $6, $6
1045 addq $24, $6, $24
1046 cmpult $24, $6, $1
1047 srl $4, 32, $6
1048 mulq $5, $6, $25
1049 mulq $7, $5, $5
1238 addq $1, $23, $23 1050 addq $1, $23, $23
1239 addq $9, $23, $9 1051 addq $28, $25, $28
1240 cmpult $9, $23, $18 1052 cmpult $28, $25, $1
1241 addq $20, $18, $20 1053 mulq $6, $8, $6
1242 stq $19, 104($16) 1054 beq $1, $221
1243 bis $31, $31, $19 1055 sll $21, 32, $1
1244 mulq $28, $21, $7 1056 addq $6, $1, $6
1245 umulh $28, $21, $17 1057$221:
1246 addq $9, $7, $9 1058 sll $28, 32, $25
1247 cmpult $9, $7, $4 1059 ldq $2, 24($18)
1248 addq $4, $17, $17 1060 addq $5, $25, $5
1249 addq $20, $17, $20 1061 bis $5, $5, $7
1250 cmpult $20, $17, $10 1062 ldq $4, 8($17)
1251 addq $19, $10, $19 1063 addq $22, $7, $22
1252 stq $9, 112($16) 1064 srl $2, 32, $8
1253 stq $20, 120($16) 1065 cmpult $22, $7, $3
1254 ldq $9, 0($30) 1066 zapnot $4, 15, $7
1255 ldq $10, 8($30) 1067 mulq $8, $7, $0
1256 addq $30, 16, $30 1068 srl $28, 32, $1
1257 ret $31,($26),1 1069 addq $6, $1, $6
1070 cmpult $5, $25, $1
1071 zapnot $2, 15, $5
1072 addq $1, $6, $6
1073 addq $3, $6, $6
1074 addq $24, $6, $24
1075 cmpult $24, $6, $1
1076 srl $4, 32, $6
1077 mulq $5, $6, $25
1078 mulq $7, $5, $5
1079 addq $1, $23, $23
1080 addq $0, $25, $0
1081 cmpult $0, $25, $1
1082 mulq $6, $8, $6
1083 beq $1, $225
1084 sll $21, 32, $1
1085 addq $6, $1, $6
1086$225:
1087 sll $0, 32, $25
1088 ldq $2, 32($18)
1089 addq $5, $25, $5
1090 bis $5, $5, $7
1091 ldq $4, 0($17)
1092 addq $22, $7, $22
1093 srl $2, 32, $8
1094 cmpult $22, $7, $3
1095 zapnot $4, 15, $7
1096 mulq $8, $7, $28
1097 srl $0, 32, $1
1098 addq $6, $1, $6
1099 cmpult $5, $25, $1
1100 zapnot $2, 15, $5
1101 addq $1, $6, $6
1102 addq $3, $6, $6
1103 addq $24, $6, $24
1104 cmpult $24, $6, $1
1105 srl $4, 32, $6
1106 mulq $5, $6, $25
1107 mulq $7, $5, $2
1108 addq $1, $23, $23
1109 addq $28, $25, $28
1110 cmpult $28, $25, $1
1111 mulq $6, $8, $6
1112 beq $1, $229
1113 sll $21, 32, $1
1114 addq $6, $1, $6
1115$229:
1116 sll $28, 32, $25
1117 addq $2, $25, $2
1118 bis $2, $2, $7
1119 addq $22, $7, $22
1120 stq $22, 32($16)
1121 ldq $4, 0($17)
1122 ldq $5, 40($18)
1123 cmpult $22, $7, $3
1124 zapnot $4, 15, $7
1125 srl $5, 32, $8
1126 mulq $8, $7, $0
1127 srl $28, 32, $1
1128 cmpult $2, $25, $2
1129 addq $6, $1, $6
1130 addq $2, $6, $6
1131 addq $3, $6, $6
1132 addq $24, $6, $24
1133 cmpult $24, $6, $1
1134 srl $4, 32, $6
1135 zapnot $5, 15, $5
1136 mulq $5, $6, $22
1137 mulq $7, $5, $2
1138 addq $1, $23, $23
1139 addq $0, $22, $0
1140 cmpult $0, $22, $1
1141 mulq $6, $8, $6
1142 beq $1, $233
1143 sll $21, 32, $1
1144 addq $6, $1, $6
1145$233:
1146 sll $0, 32, $22
1147 ldq $1, 32($18)
1148 addq $2, $22, $2
1149 bis $2, $2, $7
1150 ldq $4, 8($17)
1151 addq $24, $7, $24
1152 srl $1, 32, $8
1153 cmpult $24, $7, $3
1154 zapnot $4, 15, $7
1155 mulq $8, $7, $25
1156 zapnot $1, 15, $5
1157 mulq $7, $5, $21
1158 srl $0, 32, $1
1159 cmpult $2, $22, $2
1160 addq $6, $1, $6
1161 addq $2, $6, $6
1162 addq $3, $6, $6
1163 addq $23, $6, $23
1164 cmpult $23, $6, $22
1165 srl $4, 32, $6
1166 mulq $5, $6, $5
1167 bis $31, 1, $20
1168 addq $25, $5, $25
1169 cmpult $25, $5, $1
1170 mulq $6, $8, $6
1171 beq $1, $237
1172 sll $20, 32, $1
1173 addq $6, $1, $6
1174$237:
1175 sll $25, 32, $5
1176 ldq $2, 24($18)
1177 addq $21, $5, $21
1178 bis $21, $21, $7
1179 ldq $4, 16($17)
1180 addq $24, $7, $24
1181 srl $2, 32, $8
1182 cmpult $24, $7, $3
1183 zapnot $4, 15, $7
1184 mulq $8, $7, $28
1185 srl $25, 32, $1
1186 addq $6, $1, $6
1187 cmpult $21, $5, $1
1188 zapnot $2, 15, $5
1189 addq $1, $6, $6
1190 addq $3, $6, $6
1191 addq $23, $6, $23
1192 cmpult $23, $6, $1
1193 srl $4, 32, $6
1194 mulq $5, $6, $25
1195 mulq $7, $5, $5
1196 addq $1, $22, $22
1197 addq $28, $25, $28
1198 cmpult $28, $25, $1
1199 mulq $6, $8, $6
1200 beq $1, $241
1201 sll $20, 32, $1
1202 addq $6, $1, $6
1203$241:
1204 sll $28, 32, $25
1205 ldq $2, 16($18)
1206 addq $5, $25, $5
1207 bis $5, $5, $7
1208 ldq $4, 24($17)
1209 addq $24, $7, $24
1210 srl $2, 32, $8
1211 cmpult $24, $7, $3
1212 zapnot $4, 15, $7
1213 mulq $8, $7, $0
1214 srl $28, 32, $1
1215 addq $6, $1, $6
1216 cmpult $5, $25, $1
1217 zapnot $2, 15, $5
1218 addq $1, $6, $6
1219 addq $3, $6, $6
1220 addq $23, $6, $23
1221 cmpult $23, $6, $1
1222 srl $4, 32, $6
1223 mulq $5, $6, $25
1224 mulq $7, $5, $5
1225 addq $1, $22, $22
1226 addq $0, $25, $0
1227 cmpult $0, $25, $1
1228 mulq $6, $8, $6
1229 beq $1, $245
1230 sll $20, 32, $1
1231 addq $6, $1, $6
1232$245:
1233 sll $0, 32, $25
1234 ldq $2, 8($18)
1235 addq $5, $25, $5
1236 bis $5, $5, $7
1237 ldq $4, 32($17)
1238 addq $24, $7, $24
1239 srl $2, 32, $8
1240 cmpult $24, $7, $3
1241 zapnot $4, 15, $7
1242 mulq $8, $7, $28
1243 srl $0, 32, $1
1244 addq $6, $1, $6
1245 cmpult $5, $25, $1
1246 zapnot $2, 15, $5
1247 addq $1, $6, $6
1248 addq $3, $6, $6
1249 addq $23, $6, $23
1250 cmpult $23, $6, $1
1251 srl $4, 32, $6
1252 mulq $5, $6, $25
1253 mulq $7, $5, $5
1254 addq $1, $22, $22
1255 addq $28, $25, $28
1256 cmpult $28, $25, $1
1257 mulq $6, $8, $6
1258 beq $1, $249
1259 sll $20, 32, $1
1260 addq $6, $1, $6
1261$249:
1262 sll $28, 32, $25
1263 ldq $2, 0($18)
1264 addq $5, $25, $5
1265 bis $5, $5, $7
1266 ldq $4, 40($17)
1267 addq $24, $7, $24
1268 srl $2, 32, $8
1269 cmpult $24, $7, $3
1270 zapnot $4, 15, $7
1271 mulq $8, $7, $0
1272 srl $28, 32, $1
1273 addq $6, $1, $6
1274 cmpult $5, $25, $1
1275 zapnot $2, 15, $5
1276 addq $1, $6, $6
1277 addq $3, $6, $6
1278 addq $23, $6, $23
1279 cmpult $23, $6, $1
1280 srl $4, 32, $6
1281 mulq $5, $6, $25
1282 mulq $7, $5, $2
1283 addq $1, $22, $22
1284 addq $0, $25, $0
1285 cmpult $0, $25, $1
1286 mulq $6, $8, $6
1287 beq $1, $253
1288 sll $20, 32, $1
1289 addq $6, $1, $6
1290$253:
1291 sll $0, 32, $25
1292 addq $2, $25, $2
1293 bis $2, $2, $7
1294 addq $24, $7, $24
1295 stq $24, 40($16)
1296 ldq $4, 48($17)
1297 ldq $5, 0($18)
1298 cmpult $24, $7, $3
1299 zapnot $4, 15, $7
1300 srl $5, 32, $8
1301 mulq $8, $7, $28
1302 srl $0, 32, $1
1303 cmpult $2, $25, $2
1304 addq $6, $1, $6
1305 addq $2, $6, $6
1306 addq $3, $6, $6
1307 addq $23, $6, $23
1308 cmpult $23, $6, $1
1309 srl $4, 32, $6
1310 zapnot $5, 15, $5
1311 mulq $5, $6, $24
1312 mulq $7, $5, $2
1313 addq $1, $22, $22
1314 addq $28, $24, $28
1315 cmpult $28, $24, $1
1316 mulq $6, $8, $6
1317 beq $1, $257
1318 sll $20, 32, $1
1319 addq $6, $1, $6
1320$257:
1321 sll $28, 32, $24
1322 ldq $1, 8($18)
1323 addq $2, $24, $2
1324 bis $2, $2, $7
1325 ldq $4, 40($17)
1326 addq $23, $7, $23
1327 srl $1, 32, $8
1328 cmpult $23, $7, $3
1329 zapnot $4, 15, $7
1330 mulq $8, $7, $25
1331 zapnot $1, 15, $5
1332 mulq $7, $5, $0
1333 srl $28, 32, $1
1334 cmpult $2, $24, $2
1335 addq $6, $1, $6
1336 addq $2, $6, $6
1337 addq $3, $6, $6
1338 addq $22, $6, $22
1339 cmpult $22, $6, $24
1340 srl $4, 32, $6
1341 mulq $5, $6, $5
1342 bis $31, 1, $21
1343 addq $25, $5, $25
1344 cmpult $25, $5, $1
1345 mulq $6, $8, $6
1346 beq $1, $261
1347 sll $21, 32, $1
1348 addq $6, $1, $6
1349$261:
1350 sll $25, 32, $5
1351 ldq $2, 16($18)
1352 addq $0, $5, $0
1353 bis $0, $0, $7
1354 ldq $4, 32($17)
1355 addq $23, $7, $23
1356 srl $2, 32, $8
1357 cmpult $23, $7, $3
1358 zapnot $4, 15, $7
1359 mulq $8, $7, $28
1360 srl $25, 32, $1
1361 addq $6, $1, $6
1362 cmpult $0, $5, $1
1363 zapnot $2, 15, $5
1364 addq $1, $6, $6
1365 addq $3, $6, $6
1366 addq $22, $6, $22
1367 cmpult $22, $6, $1
1368 srl $4, 32, $6
1369 mulq $5, $6, $25
1370 mulq $7, $5, $5
1371 addq $1, $24, $24
1372 addq $28, $25, $28
1373 cmpult $28, $25, $1
1374 mulq $6, $8, $6
1375 beq $1, $265
1376 sll $21, 32, $1
1377 addq $6, $1, $6
1378$265:
1379 sll $28, 32, $25
1380 ldq $2, 24($18)
1381 addq $5, $25, $5
1382 bis $5, $5, $7
1383 ldq $4, 24($17)
1384 addq $23, $7, $23
1385 srl $2, 32, $8
1386 cmpult $23, $7, $3
1387 zapnot $4, 15, $7
1388 mulq $8, $7, $0
1389 srl $28, 32, $1
1390 addq $6, $1, $6
1391 cmpult $5, $25, $1
1392 zapnot $2, 15, $5
1393 addq $1, $6, $6
1394 addq $3, $6, $6
1395 addq $22, $6, $22
1396 cmpult $22, $6, $1
1397 srl $4, 32, $6
1398 mulq $5, $6, $25
1399 mulq $7, $5, $5
1400 addq $1, $24, $24
1401 addq $0, $25, $0
1402 cmpult $0, $25, $1
1403 mulq $6, $8, $6
1404 beq $1, $269
1405 sll $21, 32, $1
1406 addq $6, $1, $6
1407$269:
1408 sll $0, 32, $25
1409 ldq $2, 32($18)
1410 addq $5, $25, $5
1411 bis $5, $5, $7
1412 ldq $4, 16($17)
1413 addq $23, $7, $23
1414 srl $2, 32, $8
1415 cmpult $23, $7, $3
1416 zapnot $4, 15, $7
1417 mulq $8, $7, $28
1418 srl $0, 32, $1
1419 addq $6, $1, $6
1420 cmpult $5, $25, $1
1421 zapnot $2, 15, $5
1422 addq $1, $6, $6
1423 addq $3, $6, $6
1424 addq $22, $6, $22
1425 cmpult $22, $6, $1
1426 srl $4, 32, $6
1427 mulq $5, $6, $25
1428 mulq $7, $5, $5
1429 addq $1, $24, $24
1430 addq $28, $25, $28
1431 cmpult $28, $25, $1
1432 mulq $6, $8, $6
1433 beq $1, $273
1434 sll $21, 32, $1
1435 addq $6, $1, $6
1436$273:
1437 sll $28, 32, $25
1438 ldq $2, 40($18)
1439 addq $5, $25, $5
1440 bis $5, $5, $7
1441 ldq $4, 8($17)
1442 addq $23, $7, $23
1443 srl $2, 32, $8
1444 cmpult $23, $7, $3
1445 zapnot $4, 15, $7
1446 mulq $8, $7, $0
1447 srl $28, 32, $1
1448 addq $6, $1, $6
1449 cmpult $5, $25, $1
1450 zapnot $2, 15, $5
1451 addq $1, $6, $6
1452 addq $3, $6, $6
1453 addq $22, $6, $22
1454 cmpult $22, $6, $1
1455 srl $4, 32, $6
1456 mulq $5, $6, $25
1457 mulq $7, $5, $5
1458 addq $1, $24, $24
1459 addq $0, $25, $0
1460 cmpult $0, $25, $1
1461 mulq $6, $8, $6
1462 beq $1, $277
1463 sll $21, 32, $1
1464 addq $6, $1, $6
1465$277:
1466 sll $0, 32, $25
1467 ldq $2, 48($18)
1468 addq $5, $25, $5
1469 bis $5, $5, $7
1470 ldq $4, 0($17)
1471 addq $23, $7, $23
1472 srl $2, 32, $8
1473 cmpult $23, $7, $3
1474 zapnot $4, 15, $7
1475 mulq $8, $7, $28
1476 srl $0, 32, $1
1477 addq $6, $1, $6
1478 cmpult $5, $25, $1
1479 zapnot $2, 15, $5
1480 addq $1, $6, $6
1481 addq $3, $6, $6
1482 addq $22, $6, $22
1483 cmpult $22, $6, $1
1484 srl $4, 32, $6
1485 mulq $5, $6, $25
1486 mulq $7, $5, $2
1487 addq $1, $24, $24
1488 addq $28, $25, $28
1489 cmpult $28, $25, $1
1490 mulq $6, $8, $6
1491 beq $1, $281
1492 sll $21, 32, $1
1493 addq $6, $1, $6
1494$281:
1495 sll $28, 32, $25
1496 addq $2, $25, $2
1497 bis $2, $2, $7
1498 addq $23, $7, $23
1499 stq $23, 48($16)
1500 ldq $4, 0($17)
1501 ldq $5, 56($18)
1502 cmpult $23, $7, $3
1503 zapnot $4, 15, $7
1504 srl $5, 32, $8
1505 mulq $8, $7, $0
1506 srl $28, 32, $1
1507 cmpult $2, $25, $2
1508 addq $6, $1, $6
1509 addq $2, $6, $6
1510 addq $3, $6, $6
1511 addq $22, $6, $22
1512 cmpult $22, $6, $1
1513 srl $4, 32, $6
1514 zapnot $5, 15, $5
1515 mulq $5, $6, $23
1516 mulq $7, $5, $2
1517 addq $1, $24, $24
1518 addq $0, $23, $0
1519 cmpult $0, $23, $1
1520 mulq $6, $8, $6
1521 beq $1, $285
1522 sll $21, 32, $1
1523 addq $6, $1, $6
1524$285:
1525 sll $0, 32, $23
1526 ldq $1, 48($18)
1527 addq $2, $23, $2
1528 bis $2, $2, $7
1529 ldq $4, 8($17)
1530 addq $22, $7, $22
1531 srl $1, 32, $8
1532 cmpult $22, $7, $3
1533 zapnot $4, 15, $7
1534 mulq $8, $7, $25
1535 zapnot $1, 15, $5
1536 mulq $7, $5, $21
1537 srl $0, 32, $1
1538 cmpult $2, $23, $2
1539 addq $6, $1, $6
1540 addq $2, $6, $6
1541 addq $3, $6, $6
1542 addq $24, $6, $24
1543 cmpult $24, $6, $23
1544 srl $4, 32, $6
1545 mulq $5, $6, $5
1546 bis $31, 1, $20
1547 addq $25, $5, $25
1548 cmpult $25, $5, $1
1549 mulq $6, $8, $6
1550 beq $1, $289
1551 sll $20, 32, $1
1552 addq $6, $1, $6
1553$289:
1554 sll $25, 32, $5
1555 ldq $2, 40($18)
1556 addq $21, $5, $21
1557 bis $21, $21, $7
1558 ldq $4, 16($17)
1559 addq $22, $7, $22
1560 srl $2, 32, $8
1561 cmpult $22, $7, $3
1562 zapnot $4, 15, $7
1563 mulq $8, $7, $28
1564 srl $25, 32, $1
1565 addq $6, $1, $6
1566 cmpult $21, $5, $1
1567 zapnot $2, 15, $5
1568 addq $1, $6, $6
1569 addq $3, $6, $6
1570 addq $24, $6, $24
1571 cmpult $24, $6, $1
1572 srl $4, 32, $6
1573 mulq $5, $6, $25
1574 mulq $7, $5, $5
1575 addq $1, $23, $23
1576 addq $28, $25, $28
1577 cmpult $28, $25, $1
1578 mulq $6, $8, $6
1579 beq $1, $293
1580 sll $20, 32, $1
1581 addq $6, $1, $6
1582$293:
1583 sll $28, 32, $25
1584 ldq $2, 32($18)
1585 addq $5, $25, $5
1586 bis $5, $5, $7
1587 ldq $4, 24($17)
1588 addq $22, $7, $22
1589 srl $2, 32, $8
1590 cmpult $22, $7, $3
1591 zapnot $4, 15, $7
1592 mulq $8, $7, $0
1593 srl $28, 32, $1
1594 addq $6, $1, $6
1595 cmpult $5, $25, $1
1596 zapnot $2, 15, $5
1597 addq $1, $6, $6
1598 addq $3, $6, $6
1599 addq $24, $6, $24
1600 cmpult $24, $6, $1
1601 srl $4, 32, $6
1602 mulq $5, $6, $25
1603 mulq $7, $5, $5
1604 addq $1, $23, $23
1605 addq $0, $25, $0
1606 cmpult $0, $25, $1
1607 mulq $6, $8, $6
1608 beq $1, $297
1609 sll $20, 32, $1
1610 addq $6, $1, $6
1611$297:
1612 sll $0, 32, $25
1613 ldq $2, 24($18)
1614 addq $5, $25, $5
1615 bis $5, $5, $7
1616 ldq $4, 32($17)
1617 addq $22, $7, $22
1618 srl $2, 32, $8
1619 cmpult $22, $7, $3
1620 zapnot $4, 15, $7
1621 mulq $8, $7, $28
1622 srl $0, 32, $1
1623 addq $6, $1, $6
1624 cmpult $5, $25, $1
1625 zapnot $2, 15, $5
1626 addq $1, $6, $6
1627 addq $3, $6, $6
1628 addq $24, $6, $24
1629 cmpult $24, $6, $1
1630 srl $4, 32, $6
1631 mulq $5, $6, $25
1632 mulq $7, $5, $5
1633 addq $1, $23, $23
1634 addq $28, $25, $28
1635 cmpult $28, $25, $1
1636 mulq $6, $8, $6
1637 beq $1, $301
1638 sll $20, 32, $1
1639 addq $6, $1, $6
1640$301:
1641 sll $28, 32, $25
1642 ldq $2, 16($18)
1643 addq $5, $25, $5
1644 bis $5, $5, $7
1645 ldq $4, 40($17)
1646 addq $22, $7, $22
1647 srl $2, 32, $8
1648 cmpult $22, $7, $3
1649 zapnot $4, 15, $7
1650 mulq $8, $7, $0
1651 srl $28, 32, $1
1652 addq $6, $1, $6
1653 cmpult $5, $25, $1
1654 zapnot $2, 15, $5
1655 addq $1, $6, $6
1656 addq $3, $6, $6
1657 addq $24, $6, $24
1658 cmpult $24, $6, $1
1659 srl $4, 32, $6
1660 mulq $5, $6, $25
1661 mulq $7, $5, $5
1662 addq $1, $23, $23
1663 addq $0, $25, $0
1664 cmpult $0, $25, $1
1665 mulq $6, $8, $6
1666 beq $1, $305
1667 sll $20, 32, $1
1668 addq $6, $1, $6
1669$305:
1670 sll $0, 32, $25
1671 ldq $2, 8($18)
1672 addq $5, $25, $5
1673 bis $5, $5, $7
1674 ldq $4, 48($17)
1675 addq $22, $7, $22
1676 srl $2, 32, $8
1677 cmpult $22, $7, $3
1678 zapnot $4, 15, $7
1679 mulq $8, $7, $28
1680 srl $0, 32, $1
1681 addq $6, $1, $6
1682 cmpult $5, $25, $1
1683 zapnot $2, 15, $5
1684 addq $1, $6, $6
1685 addq $3, $6, $6
1686 addq $24, $6, $24
1687 cmpult $24, $6, $1
1688 srl $4, 32, $6
1689 mulq $5, $6, $25
1690 mulq $7, $5, $5
1691 addq $1, $23, $23
1692 addq $28, $25, $28
1693 cmpult $28, $25, $1
1694 mulq $6, $8, $6
1695 beq $1, $309
1696 sll $20, 32, $1
1697 addq $6, $1, $6
1698$309:
1699 sll $28, 32, $25
1700 ldq $2, 0($18)
1701 addq $5, $25, $5
1702 bis $5, $5, $7
1703 ldq $4, 56($17)
1704 addq $22, $7, $22
1705 srl $2, 32, $8
1706 cmpult $22, $7, $3
1707 zapnot $4, 15, $7
1708 mulq $8, $7, $0
1709 srl $28, 32, $1
1710 addq $6, $1, $6
1711 cmpult $5, $25, $1
1712 zapnot $2, 15, $5
1713 addq $1, $6, $6
1714 addq $3, $6, $6
1715 addq $24, $6, $24
1716 cmpult $24, $6, $1
1717 srl $4, 32, $6
1718 mulq $5, $6, $25
1719 mulq $7, $5, $2
1720 addq $1, $23, $23
1721 addq $0, $25, $0
1722 cmpult $0, $25, $1
1723 mulq $6, $8, $6
1724 beq $1, $313
1725 sll $20, 32, $1
1726 addq $6, $1, $6
1727$313:
1728 sll $0, 32, $25
1729 addq $2, $25, $2
1730 bis $2, $2, $7
1731 addq $22, $7, $22
1732 stq $22, 56($16)
1733 ldq $4, 56($17)
1734 ldq $5, 8($18)
1735 cmpult $22, $7, $3
1736 zapnot $4, 15, $7
1737 srl $5, 32, $8
1738 mulq $8, $7, $28
1739 srl $0, 32, $1
1740 cmpult $2, $25, $2
1741 addq $6, $1, $6
1742 addq $2, $6, $6
1743 addq $3, $6, $6
1744 addq $24, $6, $24
1745 cmpult $24, $6, $1
1746 srl $4, 32, $6
1747 zapnot $5, 15, $5
1748 mulq $5, $6, $22
1749 mulq $7, $5, $2
1750 addq $1, $23, $23
1751 addq $28, $22, $28
1752 cmpult $28, $22, $1
1753 mulq $6, $8, $6
1754 beq $1, $317
1755 sll $20, 32, $1
1756 addq $6, $1, $6
1757$317:
1758 sll $28, 32, $22
1759 ldq $1, 16($18)
1760 addq $2, $22, $2
1761 bis $2, $2, $7
1762 ldq $4, 48($17)
1763 addq $24, $7, $24
1764 srl $1, 32, $8
1765 cmpult $24, $7, $3
1766 zapnot $4, 15, $7
1767 mulq $8, $7, $25
1768 zapnot $1, 15, $5
1769 mulq $7, $5, $0
1770 srl $28, 32, $1
1771 cmpult $2, $22, $2
1772 addq $6, $1, $6
1773 addq $2, $6, $6
1774 addq $3, $6, $6
1775 addq $23, $6, $23
1776 cmpult $23, $6, $22
1777 srl $4, 32, $6
1778 mulq $5, $6, $5
1779 bis $31, 1, $21
1780 addq $25, $5, $25
1781 cmpult $25, $5, $1
1782 mulq $6, $8, $6
1783 beq $1, $321
1784 sll $21, 32, $1
1785 addq $6, $1, $6
1786$321:
1787 sll $25, 32, $5
1788 ldq $2, 24($18)
1789 addq $0, $5, $0
1790 bis $0, $0, $7
1791 ldq $4, 40($17)
1792 addq $24, $7, $24
1793 srl $2, 32, $8
1794 cmpult $24, $7, $3
1795 zapnot $4, 15, $7
1796 mulq $8, $7, $28
1797 srl $25, 32, $1
1798 addq $6, $1, $6
1799 cmpult $0, $5, $1
1800 zapnot $2, 15, $5
1801 addq $1, $6, $6
1802 addq $3, $6, $6
1803 addq $23, $6, $23
1804 cmpult $23, $6, $1
1805 srl $4, 32, $6
1806 mulq $5, $6, $25
1807 mulq $7, $5, $5
1808 addq $1, $22, $22
1809 addq $28, $25, $28
1810 cmpult $28, $25, $1
1811 mulq $6, $8, $6
1812 beq $1, $325
1813 sll $21, 32, $1
1814 addq $6, $1, $6
1815$325:
1816 sll $28, 32, $25
1817 ldq $2, 32($18)
1818 addq $5, $25, $5
1819 bis $5, $5, $7
1820 ldq $4, 32($17)
1821 addq $24, $7, $24
1822 srl $2, 32, $8
1823 cmpult $24, $7, $3
1824 zapnot $4, 15, $7
1825 mulq $8, $7, $0
1826 srl $28, 32, $1
1827 addq $6, $1, $6
1828 cmpult $5, $25, $1
1829 zapnot $2, 15, $5
1830 addq $1, $6, $6
1831 addq $3, $6, $6
1832 addq $23, $6, $23
1833 cmpult $23, $6, $1
1834 srl $4, 32, $6
1835 mulq $5, $6, $25
1836 mulq $7, $5, $5
1837 addq $1, $22, $22
1838 addq $0, $25, $0
1839 cmpult $0, $25, $1
1840 mulq $6, $8, $6
1841 beq $1, $329
1842 sll $21, 32, $1
1843 addq $6, $1, $6
1844$329:
1845 sll $0, 32, $25
1846 ldq $2, 40($18)
1847 addq $5, $25, $5
1848 bis $5, $5, $7
1849 ldq $4, 24($17)
1850 addq $24, $7, $24
1851 srl $2, 32, $8
1852 cmpult $24, $7, $3
1853 zapnot $4, 15, $7
1854 mulq $8, $7, $28
1855 srl $0, 32, $1
1856 addq $6, $1, $6
1857 cmpult $5, $25, $1
1858 zapnot $2, 15, $5
1859 addq $1, $6, $6
1860 addq $3, $6, $6
1861 addq $23, $6, $23
1862 cmpult $23, $6, $1
1863 srl $4, 32, $6
1864 mulq $5, $6, $25
1865 mulq $7, $5, $5
1866 addq $1, $22, $22
1867 addq $28, $25, $28
1868 cmpult $28, $25, $1
1869 mulq $6, $8, $6
1870 beq $1, $333
1871 sll $21, 32, $1
1872 addq $6, $1, $6
1873$333:
1874 sll $28, 32, $25
1875 ldq $2, 48($18)
1876 addq $5, $25, $5
1877 bis $5, $5, $7
1878 ldq $4, 16($17)
1879 addq $24, $7, $24
1880 srl $2, 32, $8
1881 cmpult $24, $7, $3
1882 zapnot $4, 15, $7
1883 mulq $8, $7, $0
1884 srl $28, 32, $1
1885 addq $6, $1, $6
1886 cmpult $5, $25, $1
1887 zapnot $2, 15, $5
1888 addq $1, $6, $6
1889 addq $3, $6, $6
1890 addq $23, $6, $23
1891 cmpult $23, $6, $1
1892 srl $4, 32, $6
1893 mulq $5, $6, $25
1894 mulq $7, $5, $5
1895 addq $1, $22, $22
1896 addq $0, $25, $0
1897 cmpult $0, $25, $1
1898 mulq $6, $8, $6
1899 beq $1, $337
1900 sll $21, 32, $1
1901 addq $6, $1, $6
1902$337:
1903 sll $0, 32, $25
1904 ldq $2, 56($18)
1905 addq $5, $25, $5
1906 bis $5, $5, $7
1907 ldq $4, 8($17)
1908 addq $24, $7, $24
1909 srl $2, 32, $8
1910 cmpult $24, $7, $3
1911 zapnot $4, 15, $7
1912 mulq $8, $7, $28
1913 srl $0, 32, $1
1914 addq $6, $1, $6
1915 cmpult $5, $25, $1
1916 zapnot $2, 15, $5
1917 addq $1, $6, $6
1918 addq $3, $6, $6
1919 addq $23, $6, $23
1920 cmpult $23, $6, $1
1921 srl $4, 32, $6
1922 mulq $5, $6, $25
1923 mulq $7, $5, $2
1924 addq $1, $22, $22
1925 addq $28, $25, $28
1926 cmpult $28, $25, $1
1927 mulq $6, $8, $6
1928 beq $1, $341
1929 sll $21, 32, $1
1930 addq $6, $1, $6
1931$341:
1932 sll $28, 32, $25
1933 addq $2, $25, $2
1934 bis $2, $2, $7
1935 addq $24, $7, $24
1936 stq $24, 64($16)
1937 ldq $4, 16($17)
1938 ldq $5, 56($18)
1939 cmpult $24, $7, $3
1940 zapnot $4, 15, $7
1941 srl $5, 32, $8
1942 mulq $8, $7, $0
1943 srl $28, 32, $1
1944 cmpult $2, $25, $2
1945 addq $6, $1, $6
1946 addq $2, $6, $6
1947 addq $3, $6, $6
1948 addq $23, $6, $23
1949 cmpult $23, $6, $1
1950 srl $4, 32, $6
1951 zapnot $5, 15, $5
1952 mulq $5, $6, $24
1953 mulq $7, $5, $2
1954 addq $1, $22, $22
1955 addq $0, $24, $0
1956 cmpult $0, $24, $1
1957 mulq $6, $8, $6
1958 beq $1, $345
1959 sll $21, 32, $1
1960 addq $6, $1, $6
1961$345:
1962 sll $0, 32, $24
1963 ldq $1, 48($18)
1964 addq $2, $24, $2
1965 bis $2, $2, $7
1966 ldq $4, 24($17)
1967 addq $23, $7, $23
1968 srl $1, 32, $8
1969 cmpult $23, $7, $3
1970 zapnot $4, 15, $7
1971 mulq $8, $7, $25
1972 zapnot $1, 15, $5
1973 mulq $7, $5, $21
1974 srl $0, 32, $1
1975 cmpult $2, $24, $2
1976 addq $6, $1, $6
1977 addq $2, $6, $6
1978 addq $3, $6, $6
1979 addq $22, $6, $22
1980 cmpult $22, $6, $24
1981 srl $4, 32, $6
1982 mulq $5, $6, $5
1983 bis $31, 1, $20
1984 addq $25, $5, $25
1985 cmpult $25, $5, $1
1986 mulq $6, $8, $6
1987 beq $1, $349
1988 sll $20, 32, $1
1989 addq $6, $1, $6
1990$349:
1991 sll $25, 32, $5
1992 ldq $2, 40($18)
1993 addq $21, $5, $21
1994 bis $21, $21, $7
1995 ldq $4, 32($17)
1996 addq $23, $7, $23
1997 srl $2, 32, $8
1998 cmpult $23, $7, $3
1999 zapnot $4, 15, $7
2000 mulq $8, $7, $28
2001 srl $25, 32, $1
2002 addq $6, $1, $6
2003 cmpult $21, $5, $1
2004 zapnot $2, 15, $5
2005 addq $1, $6, $6
2006 addq $3, $6, $6
2007 addq $22, $6, $22
2008 cmpult $22, $6, $1
2009 srl $4, 32, $6
2010 mulq $5, $6, $25
2011 mulq $7, $5, $5
2012 addq $1, $24, $24
2013 addq $28, $25, $28
2014 cmpult $28, $25, $1
2015 mulq $6, $8, $6
2016 beq $1, $353
2017 sll $20, 32, $1
2018 addq $6, $1, $6
2019$353:
2020 sll $28, 32, $25
2021 ldq $2, 32($18)
2022 addq $5, $25, $5
2023 bis $5, $5, $7
2024 ldq $4, 40($17)
2025 addq $23, $7, $23
2026 srl $2, 32, $8
2027 cmpult $23, $7, $3
2028 zapnot $4, 15, $7
2029 mulq $8, $7, $0
2030 srl $28, 32, $1
2031 addq $6, $1, $6
2032 cmpult $5, $25, $1
2033 zapnot $2, 15, $5
2034 addq $1, $6, $6
2035 addq $3, $6, $6
2036 addq $22, $6, $22
2037 cmpult $22, $6, $1
2038 srl $4, 32, $6
2039 mulq $5, $6, $25
2040 mulq $7, $5, $5
2041 addq $1, $24, $24
2042 addq $0, $25, $0
2043 cmpult $0, $25, $1
2044 mulq $6, $8, $6
2045 beq $1, $357
2046 sll $20, 32, $1
2047 addq $6, $1, $6
2048$357:
2049 sll $0, 32, $25
2050 ldq $2, 24($18)
2051 addq $5, $25, $5
2052 bis $5, $5, $7
2053 ldq $4, 48($17)
2054 addq $23, $7, $23
2055 srl $2, 32, $8
2056 cmpult $23, $7, $3
2057 zapnot $4, 15, $7
2058 mulq $8, $7, $28
2059 srl $0, 32, $1
2060 addq $6, $1, $6
2061 cmpult $5, $25, $1
2062 zapnot $2, 15, $5
2063 addq $1, $6, $6
2064 addq $3, $6, $6
2065 addq $22, $6, $22
2066 cmpult $22, $6, $1
2067 srl $4, 32, $6
2068 mulq $5, $6, $25
2069 mulq $7, $5, $5
2070 addq $1, $24, $24
2071 addq $28, $25, $28
2072 cmpult $28, $25, $1
2073 mulq $6, $8, $6
2074 beq $1, $361
2075 sll $20, 32, $1
2076 addq $6, $1, $6
2077$361:
2078 sll $28, 32, $25
2079 ldq $2, 16($18)
2080 addq $5, $25, $5
2081 bis $5, $5, $7
2082 ldq $4, 56($17)
2083 addq $23, $7, $23
2084 srl $2, 32, $8
2085 cmpult $23, $7, $3
2086 zapnot $4, 15, $7
2087 mulq $8, $7, $0
2088 srl $28, 32, $1
2089 addq $6, $1, $6
2090 cmpult $5, $25, $1
2091 zapnot $2, 15, $5
2092 addq $1, $6, $6
2093 addq $3, $6, $6
2094 addq $22, $6, $22
2095 cmpult $22, $6, $1
2096 srl $4, 32, $6
2097 mulq $5, $6, $25
2098 mulq $7, $5, $2
2099 addq $1, $24, $24
2100 addq $0, $25, $0
2101 cmpult $0, $25, $1
2102 mulq $6, $8, $6
2103 beq $1, $365
2104 sll $20, 32, $1
2105 addq $6, $1, $6
2106$365:
2107 sll $0, 32, $25
2108 addq $2, $25, $2
2109 bis $2, $2, $7
2110 addq $23, $7, $23
2111 stq $23, 72($16)
2112 ldq $4, 56($17)
2113 ldq $5, 24($18)
2114 cmpult $23, $7, $3
2115 zapnot $4, 15, $7
2116 srl $5, 32, $8
2117 mulq $8, $7, $28
2118 srl $0, 32, $1
2119 cmpult $2, $25, $2
2120 addq $6, $1, $6
2121 addq $2, $6, $6
2122 addq $3, $6, $6
2123 addq $22, $6, $22
2124 cmpult $22, $6, $1
2125 srl $4, 32, $6
2126 zapnot $5, 15, $5
2127 mulq $5, $6, $23
2128 mulq $7, $5, $2
2129 addq $1, $24, $24
2130 addq $28, $23, $28
2131 cmpult $28, $23, $1
2132 mulq $6, $8, $6
2133 beq $1, $369
2134 sll $20, 32, $1
2135 addq $6, $1, $6
2136$369:
2137 sll $28, 32, $23
2138 ldq $1, 32($18)
2139 addq $2, $23, $2
2140 bis $2, $2, $7
2141 ldq $4, 48($17)
2142 addq $22, $7, $22
2143 srl $1, 32, $8
2144 cmpult $22, $7, $3
2145 zapnot $4, 15, $7
2146 mulq $8, $7, $25
2147 zapnot $1, 15, $5
2148 mulq $7, $5, $0
2149 srl $28, 32, $1
2150 cmpult $2, $23, $2
2151 addq $6, $1, $6
2152 addq $2, $6, $6
2153 addq $3, $6, $6
2154 addq $24, $6, $24
2155 cmpult $24, $6, $23
2156 srl $4, 32, $6
2157 mulq $5, $6, $5
2158 bis $31, 1, $21
2159 addq $25, $5, $25
2160 cmpult $25, $5, $1
2161 mulq $6, $8, $6
2162 beq $1, $373
2163 sll $21, 32, $1
2164 addq $6, $1, $6
2165$373:
2166 sll $25, 32, $5
2167 ldq $2, 40($18)
2168 addq $0, $5, $0
2169 bis $0, $0, $7
2170 ldq $4, 40($17)
2171 addq $22, $7, $22
2172 srl $2, 32, $8
2173 cmpult $22, $7, $3
2174 zapnot $4, 15, $7
2175 mulq $8, $7, $28
2176 srl $25, 32, $1
2177 addq $6, $1, $6
2178 cmpult $0, $5, $1
2179 zapnot $2, 15, $5
2180 addq $1, $6, $6
2181 addq $3, $6, $6
2182 addq $24, $6, $24
2183 cmpult $24, $6, $1
2184 srl $4, 32, $6
2185 mulq $5, $6, $25
2186 mulq $7, $5, $5
2187 addq $1, $23, $23
2188 addq $28, $25, $28
2189 cmpult $28, $25, $1
2190 mulq $6, $8, $6
2191 beq $1, $377
2192 sll $21, 32, $1
2193 addq $6, $1, $6
2194$377:
2195 sll $28, 32, $25
2196 ldq $2, 48($18)
2197 addq $5, $25, $5
2198 bis $5, $5, $7
2199 ldq $4, 32($17)
2200 addq $22, $7, $22
2201 srl $2, 32, $8
2202 cmpult $22, $7, $3
2203 zapnot $4, 15, $7
2204 mulq $8, $7, $0
2205 srl $28, 32, $1
2206 addq $6, $1, $6
2207 cmpult $5, $25, $1
2208 zapnot $2, 15, $5
2209 addq $1, $6, $6
2210 addq $3, $6, $6
2211 addq $24, $6, $24
2212 cmpult $24, $6, $1
2213 srl $4, 32, $6
2214 mulq $5, $6, $25
2215 mulq $7, $5, $5
2216 addq $1, $23, $23
2217 addq $0, $25, $0
2218 cmpult $0, $25, $1
2219 mulq $6, $8, $6
2220 beq $1, $381
2221 sll $21, 32, $1
2222 addq $6, $1, $6
2223$381:
2224 sll $0, 32, $25
2225 ldq $2, 56($18)
2226 addq $5, $25, $5
2227 bis $5, $5, $7
2228 ldq $4, 24($17)
2229 addq $22, $7, $22
2230 srl $2, 32, $8
2231 cmpult $22, $7, $3
2232 zapnot $4, 15, $7
2233 mulq $8, $7, $28
2234 srl $0, 32, $1
2235 addq $6, $1, $6
2236 cmpult $5, $25, $1
2237 zapnot $2, 15, $5
2238 addq $1, $6, $6
2239 addq $3, $6, $6
2240 addq $24, $6, $24
2241 cmpult $24, $6, $1
2242 srl $4, 32, $6
2243 mulq $5, $6, $25
2244 mulq $7, $5, $2
2245 addq $1, $23, $23
2246 addq $28, $25, $28
2247 cmpult $28, $25, $1
2248 mulq $6, $8, $6
2249 beq $1, $385
2250 sll $21, 32, $1
2251 addq $6, $1, $6
2252$385:
2253 sll $28, 32, $25
2254 addq $2, $25, $2
2255 bis $2, $2, $7
2256 addq $22, $7, $22
2257 stq $22, 80($16)
2258 ldq $4, 32($17)
2259 ldq $5, 56($18)
2260 cmpult $22, $7, $3
2261 zapnot $4, 15, $7
2262 srl $5, 32, $8
2263 mulq $8, $7, $0
2264 srl $28, 32, $1
2265 cmpult $2, $25, $2
2266 addq $6, $1, $6
2267 addq $2, $6, $6
2268 addq $3, $6, $6
2269 addq $24, $6, $24
2270 cmpult $24, $6, $1
2271 srl $4, 32, $6
2272 zapnot $5, 15, $5
2273 mulq $5, $6, $22
2274 mulq $7, $5, $2
2275 addq $1, $23, $23
2276 addq $0, $22, $0
2277 cmpult $0, $22, $1
2278 mulq $6, $8, $6
2279 beq $1, $389
2280 sll $21, 32, $1
2281 addq $6, $1, $6
2282$389:
2283 sll $0, 32, $22
2284 ldq $1, 48($18)
2285 addq $2, $22, $2
2286 bis $2, $2, $7
2287 ldq $4, 40($17)
2288 addq $24, $7, $24
2289 srl $1, 32, $8
2290 cmpult $24, $7, $3
2291 zapnot $4, 15, $7
2292 mulq $8, $7, $25
2293 zapnot $1, 15, $5
2294 mulq $7, $5, $21
2295 srl $0, 32, $1
2296 cmpult $2, $22, $2
2297 addq $6, $1, $6
2298 addq $2, $6, $6
2299 addq $3, $6, $6
2300 addq $23, $6, $23
2301 cmpult $23, $6, $22
2302 srl $4, 32, $6
2303 mulq $5, $6, $5
2304 bis $31, 1, $20
2305 addq $25, $5, $25
2306 cmpult $25, $5, $1
2307 mulq $6, $8, $6
2308 beq $1, $393
2309 sll $20, 32, $1
2310 addq $6, $1, $6
2311$393:
2312 sll $25, 32, $5
2313 ldq $2, 40($18)
2314 addq $21, $5, $21
2315 bis $21, $21, $7
2316 ldq $4, 48($17)
2317 addq $24, $7, $24
2318 srl $2, 32, $8
2319 cmpult $24, $7, $3
2320 zapnot $4, 15, $7
2321 mulq $8, $7, $28
2322 srl $25, 32, $1
2323 addq $6, $1, $6
2324 cmpult $21, $5, $1
2325 zapnot $2, 15, $5
2326 addq $1, $6, $6
2327 addq $3, $6, $6
2328 addq $23, $6, $23
2329 cmpult $23, $6, $1
2330 srl $4, 32, $6
2331 mulq $5, $6, $25
2332 mulq $7, $5, $5
2333 addq $1, $22, $22
2334 addq $28, $25, $28
2335 cmpult $28, $25, $1
2336 mulq $6, $8, $6
2337 beq $1, $397
2338 sll $20, 32, $1
2339 addq $6, $1, $6
2340$397:
2341 sll $28, 32, $25
2342 ldq $2, 32($18)
2343 addq $5, $25, $5
2344 bis $5, $5, $7
2345 ldq $4, 56($17)
2346 addq $24, $7, $24
2347 srl $2, 32, $8
2348 cmpult $24, $7, $3
2349 zapnot $4, 15, $7
2350 mulq $8, $7, $21
2351 srl $28, 32, $1
2352 addq $6, $1, $6
2353 cmpult $5, $25, $1
2354 zapnot $2, 15, $5
2355 addq $1, $6, $6
2356 addq $3, $6, $6
2357 addq $23, $6, $23
2358 cmpult $23, $6, $1
2359 srl $4, 32, $6
2360 mulq $5, $6, $25
2361 mulq $7, $5, $2
2362 addq $1, $22, $22
2363 addq $21, $25, $21
2364 cmpult $21, $25, $1
2365 mulq $6, $8, $6
2366 beq $1, $401
2367 sll $20, 32, $1
2368 addq $6, $1, $6
2369$401:
2370 sll $21, 32, $25
2371 addq $2, $25, $2
2372 bis $2, $2, $7
2373 addq $24, $7, $24
2374 stq $24, 88($16)
2375 ldq $4, 56($17)
2376 ldq $5, 40($18)
2377 cmpult $24, $7, $3
2378 zapnot $4, 15, $7
2379 srl $5, 32, $8
2380 mulq $8, $7, $0
2381 srl $21, 32, $1
2382 cmpult $2, $25, $2
2383 addq $6, $1, $6
2384 addq $2, $6, $6
2385 addq $3, $6, $6
2386 addq $23, $6, $23
2387 cmpult $23, $6, $1
2388 srl $4, 32, $6
2389 zapnot $5, 15, $5
2390 mulq $5, $6, $24
2391 mulq $7, $5, $5
2392 addq $1, $22, $22
2393 addq $0, $24, $0
2394 cmpult $0, $24, $1
2395 mulq $6, $8, $6
2396 beq $1, $405
2397 sll $20, 32, $1
2398 addq $6, $1, $6
2399$405:
2400 sll $0, 32, $24
2401 ldq $2, 48($18)
2402 addq $5, $24, $5
2403 bis $5, $5, $7
2404 ldq $4, 48($17)
2405 addq $23, $7, $23
2406 srl $2, 32, $8
2407 cmpult $23, $7, $3
2408 zapnot $4, 15, $7
2409 mulq $8, $7, $28
2410 srl $0, 32, $1
2411 addq $6, $1, $6
2412 cmpult $5, $24, $1
2413 zapnot $2, 15, $5
2414 addq $1, $6, $6
2415 addq $3, $6, $6
2416 addq $22, $6, $22
2417 cmpult $22, $6, $24
2418 srl $4, 32, $6
2419 mulq $5, $6, $25
2420 mulq $7, $5, $5
2421 addq $28, $25, $28
2422 cmpult $28, $25, $1
2423 mulq $6, $8, $6
2424 beq $1, $409
2425 sll $20, 32, $1
2426 addq $6, $1, $6
2427$409:
2428 sll $28, 32, $25
2429 ldq $2, 56($18)
2430 addq $5, $25, $5
2431 bis $5, $5, $7
2432 ldq $4, 40($17)
2433 addq $23, $7, $23
2434 srl $2, 32, $8
2435 cmpult $23, $7, $3
2436 zapnot $4, 15, $7
2437 mulq $8, $7, $0
2438 srl $28, 32, $1
2439 addq $6, $1, $6
2440 cmpult $5, $25, $1
2441 zapnot $2, 15, $5
2442 addq $1, $6, $6
2443 addq $3, $6, $6
2444 addq $22, $6, $22
2445 cmpult $22, $6, $1
2446 srl $4, 32, $6
2447 mulq $5, $6, $25
2448 mulq $7, $5, $2
2449 addq $1, $24, $24
2450 addq $0, $25, $0
2451 cmpult $0, $25, $1
2452 mulq $6, $8, $6
2453 beq $1, $413
2454 sll $20, 32, $1
2455 addq $6, $1, $6
2456$413:
2457 sll $0, 32, $25
2458 addq $2, $25, $2
2459 bis $2, $2, $7
2460 addq $23, $7, $23
2461 stq $23, 96($16)
2462 ldq $4, 48($17)
2463 ldq $5, 56($18)
2464 cmpult $23, $7, $3
2465 zapnot $4, 15, $7
2466 srl $5, 32, $8
2467 mulq $8, $7, $28
2468 srl $0, 32, $1
2469 cmpult $2, $25, $2
2470 addq $6, $1, $6
2471 addq $2, $6, $6
2472 addq $3, $6, $6
2473 addq $22, $6, $22
2474 cmpult $22, $6, $1
2475 srl $4, 32, $6
2476 zapnot $5, 15, $5
2477 mulq $5, $6, $23
2478 mulq $7, $5, $5
2479 addq $1, $24, $24
2480 addq $28, $23, $28
2481 cmpult $28, $23, $1
2482 mulq $6, $8, $6
2483 beq $1, $417
2484 sll $20, 32, $1
2485 addq $6, $1, $6
2486$417:
2487 sll $28, 32, $23
2488 ldq $2, 48($18)
2489 addq $5, $23, $5
2490 bis $5, $5, $7
2491 ldq $4, 56($17)
2492 addq $22, $7, $22
2493 srl $2, 32, $8
2494 cmpult $22, $7, $3
2495 zapnot $4, 15, $7
2496 mulq $8, $7, $0
2497 srl $28, 32, $1
2498 addq $6, $1, $6
2499 cmpult $5, $23, $1
2500 zapnot $2, 15, $5
2501 addq $1, $6, $6
2502 addq $3, $6, $6
2503 addq $24, $6, $24
2504 cmpult $24, $6, $23
2505 srl $4, 32, $6
2506 mulq $5, $6, $25
2507 mulq $7, $5, $2
2508 addq $0, $25, $0
2509 cmpult $0, $25, $1
2510 mulq $6, $8, $6
2511 beq $1, $421
2512 sll $20, 32, $1
2513 addq $6, $1, $6
2514$421:
2515 sll $0, 32, $25
2516 addq $2, $25, $2
2517 bis $2, $2, $7
2518 addq $22, $7, $22
2519 stq $22, 104($16)
2520 ldq $4, 56($17)
2521 ldq $5, 56($18)
2522 cmpult $22, $7, $3
2523 zapnot $4, 15, $7
2524 srl $5, 32, $8
2525 mulq $8, $7, $28
2526 srl $0, 32, $1
2527 cmpult $2, $25, $2
2528 addq $6, $1, $6
2529 addq $2, $6, $6
2530 addq $3, $6, $6
2531 addq $24, $6, $24
2532 cmpult $24, $6, $1
2533 srl $4, 32, $6
2534 zapnot $5, 15, $5
2535 mulq $5, $6, $22
2536 mulq $7, $5, $2
2537 addq $1, $23, $23
2538 addq $28, $22, $28
2539 cmpult $28, $22, $1
2540 mulq $6, $8, $3
2541 beq $1, $425
2542 sll $20, 32, $1
2543 addq $3, $1, $3
2544$425:
2545 sll $28, 32, $22
2546 srl $28, 32, $1
2547 addq $2, $22, $2
2548 addq $3, $1, $3
2549 bis $2, $2, $7
2550 addq $24, $7, $24
2551 cmpult $7, $22, $1
2552 cmpult $24, $7, $2
2553 addq $1, $3, $6
2554 addq $2, $6, $6
2555 stq $24, 112($16)
2556 addq $23, $6, $23
2557 stq $23, 120($16)
2558 ret $31, ($26), 1
1258 .end bn_mul_comba8 2559 .end bn_mul_comba8
1259 .text 2560 .text
1260 .align 3 2561 .align 3
diff --git a/src/lib/libcrypto/bn/asm/mips3.s b/src/lib/libcrypto/bn/asm/mips3.s
index 191345d920..2df4dcd4b0 100644
--- a/src/lib/libcrypto/bn/asm/mips3.s
+++ b/src/lib/libcrypto/bn/asm/mips3.s
@@ -395,32 +395,32 @@ LEAF(bn_add_words)
395 395
396.L_bn_add_words_loop: 396.L_bn_add_words_loop:
397 ld ta0,0(a2) 397 ld ta0,0(a2)
398 subu a3,4
398 ld t1,8(a1) 399 ld t1,8(a1)
399 ld ta1,8(a2) 400 and AT,a3,MINUS4
400 ld t2,16(a1) 401 ld t2,16(a1)
401 ld ta2,16(a2) 402 PTR_ADD a2,32
402 ld t3,24(a1) 403 ld t3,24(a1)
403 ld ta3,24(a2) 404 PTR_ADD a0,32
405 ld ta1,-24(a2)
406 PTR_ADD a1,32
407 ld ta2,-16(a2)
408 ld ta3,-8(a2)
404 daddu ta0,t0 409 daddu ta0,t0
405 subu a3,4
406 sltu t8,ta0,t0 410 sltu t8,ta0,t0
407 daddu t0,ta0,v0 411 daddu t0,ta0,v0
408 PTR_ADD a0,32
409 sltu v0,t0,ta0 412 sltu v0,t0,ta0
410 sd t0,-32(a0) 413 sd t0,-32(a0)
411 daddu v0,t8 414 daddu v0,t8
412 415
413 daddu ta1,t1 416 daddu ta1,t1
414 PTR_ADD a1,32
415 sltu t9,ta1,t1 417 sltu t9,ta1,t1
416 daddu t1,ta1,v0 418 daddu t1,ta1,v0
417 PTR_ADD a2,32
418 sltu v0,t1,ta1 419 sltu v0,t1,ta1
419 sd t1,-24(a0) 420 sd t1,-24(a0)
420 daddu v0,t9 421 daddu v0,t9
421 422
422 daddu ta2,t2 423 daddu ta2,t2
423 and AT,a3,MINUS4
424 sltu t8,ta2,t2 424 sltu t8,ta2,t2
425 daddu t2,ta2,v0 425 daddu t2,ta2,v0
426 sltu v0,t2,ta2 426 sltu v0,t2,ta2
@@ -495,25 +495,26 @@ LEAF(bn_sub_words)
495 495
496.L_bn_sub_words_loop: 496.L_bn_sub_words_loop:
497 ld ta0,0(a2) 497 ld ta0,0(a2)
498 subu a3,4
498 ld t1,8(a1) 499 ld t1,8(a1)
499 ld ta1,8(a2) 500 and AT,a3,MINUS4
500 ld t2,16(a1) 501 ld t2,16(a1)
501 ld ta2,16(a2) 502 PTR_ADD a2,32
502 ld t3,24(a1) 503 ld t3,24(a1)
503 ld ta3,24(a2) 504 PTR_ADD a0,32
505 ld ta1,-24(a2)
506 PTR_ADD a1,32
507 ld ta2,-16(a2)
508 ld ta3,-8(a2)
504 sltu t8,t0,ta0 509 sltu t8,t0,ta0
505 dsubu t0,ta0 510 dsubu t0,ta0
506 subu a3,4
507 dsubu ta0,t0,v0 511 dsubu ta0,t0,v0
508 and AT,a3,MINUS4 512 sd ta0,-32(a0)
509 sd ta0,0(a0)
510 MOVNZ (t0,v0,t8) 513 MOVNZ (t0,v0,t8)
511 514
512 sltu t9,t1,ta1 515 sltu t9,t1,ta1
513 dsubu t1,ta1 516 dsubu t1,ta1
514 PTR_ADD a0,32
515 dsubu ta1,t1,v0 517 dsubu ta1,t1,v0
516 PTR_ADD a1,32
517 sd ta1,-24(a0) 518 sd ta1,-24(a0)
518 MOVNZ (t1,v0,t9) 519 MOVNZ (t1,v0,t9)
519 520
@@ -521,7 +522,6 @@ LEAF(bn_sub_words)
521 sltu t8,t2,ta2 522 sltu t8,t2,ta2
522 dsubu t2,ta2 523 dsubu t2,ta2
523 dsubu ta2,t2,v0 524 dsubu ta2,t2,v0
524 PTR_ADD a2,32
525 sd ta2,-16(a0) 525 sd ta2,-16(a0)
526 MOVNZ (t2,v0,t8) 526 MOVNZ (t2,v0,t8)
527 527
@@ -574,6 +574,51 @@ END(bn_sub_words)
574 574
575#undef MINUS4 575#undef MINUS4
576 576
577.align 5
578LEAF(bn_div_3_words)
579 .set reorder
580 move a3,a0 /* we know that bn_div_words doesn't
581 * touch a3, ta2, ta3 and preserves a2
582 * so that we can save two arguments
583 * and return address in registers
584 * instead of stack:-)
585 */
586 ld a0,(a3)
587 move ta2,a1
588 ld a1,-8(a3)
589 move ta3,ra
590 move v1,zero
591 li v0,-1
592 beq a0,a2,.L_bn_div_3_words_skip_div
593 bal bn_div_words
594 move ra,ta3
595.L_bn_div_3_words_skip_div:
596 dmultu ta2,v0
597 ld t2,-16(a3)
598 move ta0,zero
599 mfhi t1
600 mflo t0
601 sltu t8,t1,v1
602.L_bn_div_3_words_inner_loop:
603 bnez t8,.L_bn_div_3_words_inner_loop_done
604 sgeu AT,t2,t0
605 seq t9,t1,v1
606 and AT,t9
607 sltu t3,t0,ta2
608 daddu v1,a2
609 dsubu t1,t3
610 dsubu t0,ta2
611 sltu t8,t1,v1
612 sltu ta0,v1,a2
613 or t8,ta0
614 .set noreorder
615 beqzl AT,.L_bn_div_3_words_inner_loop
616 dsubu v0,1
617 .set reorder
618.L_bn_div_3_words_inner_loop_done:
619 jr ra
620END(bn_div_3_words)
621
577.align 5 622.align 5
578LEAF(bn_div_words) 623LEAF(bn_div_words)
579 .set noreorder 624 .set noreorder
@@ -633,16 +678,16 @@ LEAF(bn_div_words)
633 seq t8,HH,t1 678 seq t8,HH,t1
634 sltu AT,HH,t1 679 sltu AT,HH,t1
635 and t2,t8 680 and t2,t8
681 sltu v0,t0,a2
636 or AT,t2 682 or AT,t2
637 .set noreorder 683 .set noreorder
638 beqz AT,.L_bn_div_words_inner_loop1_done 684 beqz AT,.L_bn_div_words_inner_loop1_done
639 sltu t2,t0,a2 685 dsubu t1,v0
640 .set reorder
641 dsubu QT,1
642 dsubu t0,a2 686 dsubu t0,a2
643 dsubu t1,t2
644 b .L_bn_div_words_inner_loop1 687 b .L_bn_div_words_inner_loop1
645.L_bn_div_words_inner_loop1_done: 688 dsubu QT,1
689 .set reorder
690.L_bn_div_words_inner_loop1_done:
646 691
647 dsll a1,32 692 dsll a1,32
648 dsubu a0,t3,t0 693 dsubu a0,t3,t0
@@ -655,6 +700,7 @@ LEAF(bn_div_words)
655 ddivu zero,a0,DH 700 ddivu zero,a0,DH
656 mflo QT 701 mflo QT
657.L_bn_div_words_skip_div2: 702.L_bn_div_words_skip_div2:
703#undef DH
658 dmultu a2,QT 704 dmultu a2,QT
659 dsll t3,a0,32 705 dsll t3,a0,32
660 dsrl AT,a1,32 706 dsrl AT,a1,32
@@ -666,69 +712,26 @@ LEAF(bn_div_words)
666 seq t8,HH,t1 712 seq t8,HH,t1
667 sltu AT,HH,t1 713 sltu AT,HH,t1
668 and t2,t8 714 and t2,t8
715 sltu v1,t0,a2
669 or AT,t2 716 or AT,t2
670 .set noreorder 717 .set noreorder
671 beqz AT,.L_bn_div_words_inner_loop2_done 718 beqz AT,.L_bn_div_words_inner_loop2_done
672 sltu t2,t0,a2 719 dsubu t1,v1
673 .set reorder
674 dsubu QT,1
675 dsubu t0,a2 720 dsubu t0,a2
676 dsubu t1,t2
677 b .L_bn_div_words_inner_loop2 721 b .L_bn_div_words_inner_loop2
722 dsubu QT,1
723 .set reorder
678.L_bn_div_words_inner_loop2_done: 724.L_bn_div_words_inner_loop2_done:
725#undef HH
679 726
680 dsubu a0,t3,t0 727 dsubu a0,t3,t0
681 or v0,QT 728 or v0,QT
682 dsrl v1,a0,t9 /* v1 contains remainder if anybody wants it */ 729 dsrl v1,a0,t9 /* v1 contains remainder if anybody wants it */
683 dsrl a2,t9 /* restore a2 */ 730 dsrl a2,t9 /* restore a2 */
684 jr ra 731 jr ra
685#undef HH
686#undef DH
687#undef QT 732#undef QT
688END(bn_div_words) 733END(bn_div_words)
689 734
690.align 5
691LEAF(bn_div_3_words)
692 .set reorder
693 move a3,a0 /* we know that bn_div_words doesn't
694 * touch a3, ta2, ta3 and preserves a2
695 * so that we can save two arguments
696 * and return address in registers
697 * instead of stack:-)
698 */
699 ld a0,(a3)
700 move ta2,a2
701 move a2,a1
702 ld a1,-8(a3)
703 move ta3,ra
704 move v1,zero
705 li v0,-1
706 beq a0,a2,.L_bn_div_3_words_skip_div
707 jal bn_div_words
708 move ra,ta3
709.L_bn_div_3_words_skip_div:
710 dmultu ta2,v0
711 ld t2,-16(a3)
712 mflo t0
713 mfhi t1
714.L_bn_div_3_words_inner_loop:
715 sgeu AT,t2,t0
716 seq t9,t1,v1
717 sltu t8,t1,v1
718 and AT,t9
719 or AT,t8
720 bnez AT,.L_bn_div_3_words_inner_loop_done
721 daddu v1,a2
722 sltu t3,t0,ta2
723 sltu AT,v1,a2
724 dsubu v0,1
725 dsubu t0,ta2
726 dsubu t1,t3
727 beqz AT,.L_bn_div_3_words_inner_loop
728.L_bn_div_3_words_inner_loop_done:
729 jr ra
730END(bn_div_3_words)
731
732#define a_0 t0 735#define a_0 t0
733#define a_1 t1 736#define a_1 t1
734#define a_2 t2 737#define a_2 t2
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
index f935e1ca79..d8822610df 100644
--- a/src/lib/libcrypto/bn/bn.h
+++ b/src/lib/libcrypto/bn/bn.h
@@ -83,12 +83,12 @@ extern "C" {
83 * The reason for this flag is that when the particular C compiler 83 * The reason for this flag is that when the particular C compiler
84 * library routine is used, and the library is linked with a different 84 * library routine is used, and the library is linked with a different
85 * compiler, the library is missing. This mostly happens when the 85 * compiler, the library is missing. This mostly happens when the
86 * library is built with gcc and then linked using nornal cc. This would 86 * library is built with gcc and then linked using normal cc. This would
87 * be a common occurance because gcc normally produces code that is 87 * be a common occurrence because gcc normally produces code that is
88 * 2 times faster than system compilers for the big number stuff. 88 * 2 times faster than system compilers for the big number stuff.
89 * For machines with only one compiler (or shared libraries), this should 89 * For machines with only one compiler (or shared libraries), this should
90 * be on. Again this in only really a problem on machines 90 * be on. Again this in only really a problem on machines
91 * using "long long's", are 32bit, and are not using my assember code. */ 91 * using "long long's", are 32bit, and are not using my assembler code. */
92#if defined(MSDOS) || defined(WINDOWS) || defined(linux) 92#if defined(MSDOS) || defined(WINDOWS) || defined(linux)
93#define BN_DIV2W 93#define BN_DIV2W
94#endif 94#endif
@@ -118,8 +118,8 @@ extern "C" {
118 118
119/* This is where the long long data type is 64 bits, but long is 32. 119/* This is where the long long data type is 64 bits, but long is 32.
120 * For machines where there are 64bit registers, this is the mode to use. 120 * For machines where there are 64bit registers, this is the mode to use.
121 * IRIX, on R4000 and above should use this mode, along with the relevent 121 * IRIX, on R4000 and above should use this mode, along with the relevant
122 * assember code :-). Do NOT define BN_LLONG. 122 * assembler code :-). Do NOT define BN_LLONG.
123 */ 123 */
124#ifdef SIXTY_FOUR_BIT 124#ifdef SIXTY_FOUR_BIT
125#undef BN_LLONG 125#undef BN_LLONG
@@ -240,11 +240,15 @@ typedef struct bignum_st
240 240
241/* Used for temp variables */ 241/* Used for temp variables */
242#define BN_CTX_NUM 12 242#define BN_CTX_NUM 12
243#define BN_CTX_NUM_POS 12
243typedef struct bignum_ctx 244typedef struct bignum_ctx
244 { 245 {
245 int tos; 246 int tos;
246 BIGNUM bn[BN_CTX_NUM+1]; 247 BIGNUM bn[BN_CTX_NUM];
247 int flags; 248 int flags;
249 int depth;
250 int pos[BN_CTX_NUM_POS];
251 int too_many;
248 } BN_CTX; 252 } BN_CTX;
249 253
250typedef struct bn_blinding_st 254typedef struct bn_blinding_st
@@ -257,16 +261,15 @@ typedef struct bn_blinding_st
257 261
258/* Used for montgomery multiplication */ 262/* Used for montgomery multiplication */
259typedef struct bn_mont_ctx_st 263typedef struct bn_mont_ctx_st
260 { 264 {
261 int use_word; /* 0 for word form, 1 for long form */ 265 int ri; /* number of bits in R */
262 int ri; /* number of bits in R */ 266 BIGNUM RR; /* used to convert to montgomery form */
263 BIGNUM RR; /* used to convert to montgomery form */ 267 BIGNUM N; /* The modulus */
264 BIGNUM N; /* The modulus */ 268 BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1
265 BIGNUM Ni; /* The inverse of N */ 269 * (Ni is only stored for bignum algorithm) */
266 BN_ULONG n0; /* word form of inverse, normally only one of 270 BN_ULONG n0; /* least significant word of Ni */
267 * Ni or n0 is defined */
268 int flags; 271 int flags;
269 } BN_MONT_CTX; 272 } BN_MONT_CTX;
270 273
271/* Used for reciprocal division/mod functions 274/* Used for reciprocal division/mod functions
272 * It cannot be shared between threads 275 * It cannot be shared between threads
@@ -283,7 +286,26 @@ typedef struct bn_recp_ctx_st
283#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ 286#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\
284 r,a,&((mont)->RR),(mont),ctx) 287 r,a,&((mont)->RR),(mont),ctx)
285 288
286#define BN_prime_checks (5) 289#define BN_prime_checks 0 /* default: select number of iterations
290 based on the size of the number */
291
292/* number of Miller-Rabin iterations for an error rate of less than 2^-80
293 * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook
294 * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
295 * original paper: Damgaard, Landrock, Pomerance: Average case error estimates
296 * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */
297#define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \
298 (b) >= 850 ? 3 : \
299 (b) >= 650 ? 4 : \
300 (b) >= 550 ? 5 : \
301 (b) >= 450 ? 6 : \
302 (b) >= 400 ? 7 : \
303 (b) >= 350 ? 8 : \
304 (b) >= 300 ? 9 : \
305 (b) >= 250 ? 12 : \
306 (b) >= 200 ? 15 : \
307 (b) >= 150 ? 18 : \
308 /* b >= 100 */ 27)
287 309
288#define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) 310#define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
289#define BN_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) 311#define BN_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w)))
@@ -296,26 +318,16 @@ typedef struct bn_recp_ctx_st
296/*#define BN_ascii2bn(a) BN_hex2bn(a) */ 318/*#define BN_ascii2bn(a) BN_hex2bn(a) */
297/*#define BN_bn2ascii(a) BN_bn2hex(a) */ 319/*#define BN_bn2ascii(a) BN_bn2hex(a) */
298 320
299#define bn_expand(n,b) ((((((b+BN_BITS2-1))/BN_BITS2)) <= (n)->max)?\
300 (n):bn_expand2((n),(b)/BN_BITS2+1))
301#define bn_wexpand(n,b) (((b) <= (n)->max)?(n):bn_expand2((n),(b)))
302
303#define bn_fix_top(a) \
304 { \
305 BN_ULONG *ftl; \
306 if ((a)->top > 0) \
307 { \
308 for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
309 if (*(ftl--)) break; \
310 } \
311 }
312
313BIGNUM *BN_value_one(void); 321BIGNUM *BN_value_one(void);
314char * BN_options(void); 322char * BN_options(void);
315BN_CTX *BN_CTX_new(void); 323BN_CTX *BN_CTX_new(void);
316void BN_CTX_init(BN_CTX *c); 324void BN_CTX_init(BN_CTX *c);
317void BN_CTX_free(BN_CTX *c); 325void BN_CTX_free(BN_CTX *c);
326void BN_CTX_start(BN_CTX *ctx);
327BIGNUM *BN_CTX_get(BN_CTX *ctx);
328void BN_CTX_end(BN_CTX *ctx);
318int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); 329int BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
330int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
319int BN_num_bits(const BIGNUM *a); 331int BN_num_bits(const BIGNUM *a);
320int BN_num_bits_word(BN_ULONG); 332int BN_num_bits_word(BN_ULONG);
321BIGNUM *BN_new(void); 333BIGNUM *BN_new(void);
@@ -329,13 +341,13 @@ int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
329int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); 341int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
330int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); 342int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
331int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); 343int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
332int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b); 344int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
333int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); 345int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
334int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, 346int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
335 BN_CTX *ctx); 347 BN_CTX *ctx);
336int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b,BN_CTX *ctx); 348int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
337int BN_sqr(BIGNUM *r, BIGNUM *a,BN_CTX *ctx); 349int BN_sqr(BIGNUM *r, BIGNUM *a,BN_CTX *ctx);
338BN_ULONG BN_mod_word(BIGNUM *a, BN_ULONG w); 350BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
339BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); 351BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
340int BN_mul_word(BIGNUM *a, BN_ULONG w); 352int BN_mul_word(BIGNUM *a, BN_ULONG w);
341int BN_add_word(BIGNUM *a, BN_ULONG w); 353int BN_add_word(BIGNUM *a, BN_ULONG w);
@@ -358,19 +370,18 @@ int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p,
358 BIGNUM *m,BN_CTX *ctx); 370 BIGNUM *m,BN_CTX *ctx);
359int BN_mask_bits(BIGNUM *a,int n); 371int BN_mask_bits(BIGNUM *a,int n);
360int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); 372int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
361#ifndef WIN16 373#ifndef NO_FP_API
362int BN_print_fp(FILE *fp, BIGNUM *a); 374int BN_print_fp(FILE *fp, const BIGNUM *a);
363#endif 375#endif
364#ifdef HEADER_BIO_H 376#ifdef HEADER_BIO_H
365int BN_print(BIO *fp, const BIGNUM *a); 377int BN_print(BIO *fp, const BIGNUM *a);
366#else 378#else
367int BN_print(char *fp, const BIGNUM *a); 379int BN_print(void *fp, const BIGNUM *a);
368#endif 380#endif
369int BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx); 381int BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx);
370int BN_rshift(BIGNUM *r, BIGNUM *a, int n); 382int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
371int BN_rshift1(BIGNUM *r, BIGNUM *a); 383int BN_rshift1(BIGNUM *r, BIGNUM *a);
372void BN_clear(BIGNUM *a); 384void BN_clear(BIGNUM *a);
373BIGNUM *bn_expand2(BIGNUM *b, int bits);
374BIGNUM *BN_dup(const BIGNUM *a); 385BIGNUM *BN_dup(const BIGNUM *a);
375int BN_ucmp(const BIGNUM *a, const BIGNUM *b); 386int BN_ucmp(const BIGNUM *a, const BIGNUM *b);
376int BN_set_bit(BIGNUM *a, int n); 387int BN_set_bit(BIGNUM *a, int n);
@@ -381,19 +392,16 @@ int BN_hex2bn(BIGNUM **a, const char *str);
381int BN_dec2bn(BIGNUM **a, const char *str); 392int BN_dec2bn(BIGNUM **a, const char *str);
382int BN_gcd(BIGNUM *r,BIGNUM *in_a,BIGNUM *in_b,BN_CTX *ctx); 393int BN_gcd(BIGNUM *r,BIGNUM *in_a,BIGNUM *in_b,BN_CTX *ctx);
383BIGNUM *BN_mod_inverse(BIGNUM *ret,BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); 394BIGNUM *BN_mod_inverse(BIGNUM *ret,BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
384BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int strong,BIGNUM *add, 395BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,BIGNUM *add,
385 BIGNUM *rem,void (*callback)(int,int,void *),void *cb_arg); 396 BIGNUM *rem,void (*callback)(int,int,void *),void *cb_arg);
386int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int,void *), 397int BN_is_prime(const BIGNUM *p,int nchecks,
398 void (*callback)(int,int,void *),
387 BN_CTX *ctx,void *cb_arg); 399 BN_CTX *ctx,void *cb_arg);
400int BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
401 void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
402 int do_trial_division);
388void ERR_load_BN_strings(void ); 403void ERR_load_BN_strings(void );
389 404
390BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
391BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
392void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
393BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
394BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
395BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
396
397BN_MONT_CTX *BN_MONT_CTX_new(void ); 405BN_MONT_CTX *BN_MONT_CTX_new(void );
398void BN_MONT_CTX_init(BN_MONT_CTX *ctx); 406void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
399int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont, 407int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont,
@@ -423,6 +431,39 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
423int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, 431int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m,
424 BN_RECP_CTX *recp, BN_CTX *ctx); 432 BN_RECP_CTX *recp, BN_CTX *ctx);
425 433
434/* library internal functions */
435
436#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->max)?\
437 (a):bn_expand2((a),(bits)/BN_BITS2+1))
438#define bn_wexpand(a,words) (((words) <= (a)->max)?(a):bn_expand2((a),(words)))
439BIGNUM *bn_expand2(BIGNUM *a, int words);
440
441#define bn_fix_top(a) \
442 { \
443 BN_ULONG *ftl; \
444 if ((a)->top > 0) \
445 { \
446 for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
447 if (*(ftl--)) break; \
448 } \
449 }
450
451BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
452BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
453void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
454BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
455BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
456BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
457
458#ifdef BN_DEBUG
459 void bn_dump1(FILE *o, const char *a, BN_ULONG *b,int n);
460# define bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \
461 fprintf(stderr,"\n");}
462# define bn_dump(a,n) bn_dump1(stderr,#a,a,n);
463#else
464# define bn_print(a)
465# define bn_dump(a,b)
466#endif
426 467
427/* BEGIN ERROR CODES */ 468/* BEGIN ERROR CODES */
428/* The following lines are auto generated by the script mkerr.pl. Any changes 469/* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -438,6 +479,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m,
438#define BN_F_BN_BLINDING_UPDATE 103 479#define BN_F_BN_BLINDING_UPDATE 103
439#define BN_F_BN_BN2DEC 104 480#define BN_F_BN_BN2DEC 104
440#define BN_F_BN_BN2HEX 105 481#define BN_F_BN_BN2HEX 105
482#define BN_F_BN_CTX_GET 116
441#define BN_F_BN_CTX_NEW 106 483#define BN_F_BN_CTX_NEW 106
442#define BN_F_BN_DIV 107 484#define BN_F_BN_DIV 107
443#define BN_F_BN_EXPAND2 108 485#define BN_F_BN_EXPAND2 108
@@ -459,6 +501,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m,
459#define BN_R_INVALID_LENGTH 106 501#define BN_R_INVALID_LENGTH 106
460#define BN_R_NOT_INITIALIZED 107 502#define BN_R_NOT_INITIALIZED 107
461#define BN_R_NO_INVERSE 108 503#define BN_R_NO_INVERSE 108
504#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109
462 505
463#ifdef __cplusplus 506#ifdef __cplusplus
464} 507}
diff --git a/src/lib/libcrypto/bn/bn_add.c b/src/lib/libcrypto/bn/bn_add.c
index c5ab066c9e..5d24691233 100644
--- a/src/lib/libcrypto/bn/bn_add.c
+++ b/src/lib/libcrypto/bn/bn_add.c
@@ -61,9 +61,9 @@
61#include "bn_lcl.h" 61#include "bn_lcl.h"
62 62
63/* r can == a or b */ 63/* r can == a or b */
64int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b) 64int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
65 { 65 {
66 BIGNUM *tmp; 66 const BIGNUM *tmp;
67 67
68 bn_check_top(a); 68 bn_check_top(a);
69 bn_check_top(b); 69 bn_check_top(b);
diff --git a/src/lib/libcrypto/bn/bn_asm.c b/src/lib/libcrypto/bn/bn_asm.c
index 4d3da16a0c..3329cc18e6 100644
--- a/src/lib/libcrypto/bn/bn_asm.c
+++ b/src/lib/libcrypto/bn/bn_asm.c
@@ -56,31 +56,38 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef BN_DEBUG
60# undef NDEBUG /* avoid conflicting definitions */
61# define NDEBUG
62#endif
63
59#include <stdio.h> 64#include <stdio.h>
65#include <assert.h>
60#include "cryptlib.h" 66#include "cryptlib.h"
61#include "bn_lcl.h" 67#include "bn_lcl.h"
62 68
63#ifdef BN_LLONG 69#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
64 70
65BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) 71BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
66 { 72 {
67 BN_ULONG c1=0; 73 BN_ULONG c1=0;
68 74
69 bn_check_num(num); 75 assert(num >= 0);
70 if (num <= 0) return(c1); 76 if (num <= 0) return(c1);
71 77
72 for (;;) 78 while (num&~3)
73 { 79 {
74 mul_add(rp[0],ap[0],w,c1); 80 mul_add(rp[0],ap[0],w,c1);
75 if (--num == 0) break;
76 mul_add(rp[1],ap[1],w,c1); 81 mul_add(rp[1],ap[1],w,c1);
77 if (--num == 0) break;
78 mul_add(rp[2],ap[2],w,c1); 82 mul_add(rp[2],ap[2],w,c1);
79 if (--num == 0) break;
80 mul_add(rp[3],ap[3],w,c1); 83 mul_add(rp[3],ap[3],w,c1);
81 if (--num == 0) break; 84 ap+=4; rp+=4; num-=4;
82 ap+=4; 85 }
83 rp+=4; 86 if (num)
87 {
88 mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;
89 mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;
90 mul_add(rp[2],ap[2],w,c1); return c1;
84 } 91 }
85 92
86 return(c1); 93 return(c1);
@@ -90,63 +97,54 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
90 { 97 {
91 BN_ULONG c1=0; 98 BN_ULONG c1=0;
92 99
93 bn_check_num(num); 100 assert(num >= 0);
94 if (num <= 0) return(c1); 101 if (num <= 0) return(c1);
95 102
96 /* for (;;) */ 103 while (num&~3)
97 while (1) /* circumvent egcs-1.1.2 bug */
98 { 104 {
99 mul(rp[0],ap[0],w,c1); 105 mul(rp[0],ap[0],w,c1);
100 if (--num == 0) break;
101 mul(rp[1],ap[1],w,c1); 106 mul(rp[1],ap[1],w,c1);
102 if (--num == 0) break;
103 mul(rp[2],ap[2],w,c1); 107 mul(rp[2],ap[2],w,c1);
104 if (--num == 0) break;
105 mul(rp[3],ap[3],w,c1); 108 mul(rp[3],ap[3],w,c1);
106 if (--num == 0) break; 109 ap+=4; rp+=4; num-=4;
107 ap+=4; 110 }
108 rp+=4; 111 if (num)
112 {
113 mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;
114 mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;
115 mul(rp[2],ap[2],w,c1);
109 } 116 }
110 return(c1); 117 return(c1);
111 } 118 }
112 119
113void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n) 120void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
114 { 121 {
115 bn_check_num(n); 122 assert(n >= 0);
116 if (n <= 0) return; 123 if (n <= 0) return;
117 for (;;) 124 while (n&~3)
118 { 125 {
119 BN_ULLONG t; 126 sqr(r[0],r[1],a[0]);
120 127 sqr(r[2],r[3],a[1]);
121 t=(BN_ULLONG)(a[0])*(a[0]); 128 sqr(r[4],r[5],a[2]);
122 r[0]=Lw(t); r[1]=Hw(t); 129 sqr(r[6],r[7],a[3]);
123 if (--n == 0) break; 130 a+=4; r+=8; n-=4;
124 131 }
125 t=(BN_ULLONG)(a[1])*(a[1]); 132 if (n)
126 r[2]=Lw(t); r[3]=Hw(t); 133 {
127 if (--n == 0) break; 134 sqr(r[0],r[1],a[0]); if (--n == 0) return;
128 135 sqr(r[2],r[3],a[1]); if (--n == 0) return;
129 t=(BN_ULLONG)(a[2])*(a[2]); 136 sqr(r[4],r[5],a[2]);
130 r[4]=Lw(t); r[5]=Hw(t);
131 if (--n == 0) break;
132
133 t=(BN_ULLONG)(a[3])*(a[3]);
134 r[6]=Lw(t); r[7]=Hw(t);
135 if (--n == 0) break;
136
137 a+=4;
138 r+=8;
139 } 137 }
140 } 138 }
141 139
142#else 140#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
143 141
144BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) 142BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
145 { 143 {
146 BN_ULONG c=0; 144 BN_ULONG c=0;
147 BN_ULONG bl,bh; 145 BN_ULONG bl,bh;
148 146
149 bn_check_num(num); 147 assert(num >= 0);
150 if (num <= 0) return((BN_ULONG)0); 148 if (num <= 0) return((BN_ULONG)0);
151 149
152 bl=LBITS(w); 150 bl=LBITS(w);
@@ -173,7 +171,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
173 BN_ULONG carry=0; 171 BN_ULONG carry=0;
174 BN_ULONG bl,bh; 172 BN_ULONG bl,bh;
175 173
176 bn_check_num(num); 174 assert(num >= 0);
177 if (num <= 0) return((BN_ULONG)0); 175 if (num <= 0) return((BN_ULONG)0);
178 176
179 bl=LBITS(w); 177 bl=LBITS(w);
@@ -197,7 +195,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
197 195
198void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n) 196void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
199 { 197 {
200 bn_check_num(n); 198 assert(n >= 0);
201 if (n <= 0) return; 199 if (n <= 0) return;
202 for (;;) 200 for (;;)
203 { 201 {
@@ -218,7 +216,7 @@ void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
218 } 216 }
219 } 217 }
220 218
221#endif 219#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
222 220
223#if defined(BN_LLONG) && defined(BN_DIV2W) 221#if defined(BN_LLONG) && defined(BN_DIV2W)
224 222
@@ -300,14 +298,14 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
300 ret|=q; 298 ret|=q;
301 return(ret); 299 return(ret);
302 } 300 }
303#endif 301#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
304 302
305#ifdef BN_LLONG 303#ifdef BN_LLONG
306BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) 304BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
307 { 305 {
308 BN_ULLONG ll=0; 306 BN_ULLONG ll=0;
309 307
310 bn_check_num(n); 308 assert(n >= 0);
311 if (n <= 0) return((BN_ULONG)0); 309 if (n <= 0) return((BN_ULONG)0);
312 310
313 for (;;) 311 for (;;)
@@ -338,12 +336,12 @@ BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
338 } 336 }
339 return((BN_ULONG)ll); 337 return((BN_ULONG)ll);
340 } 338 }
341#else 339#else /* !BN_LLONG */
342BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) 340BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
343 { 341 {
344 BN_ULONG c,l,t; 342 BN_ULONG c,l,t;
345 343
346 bn_check_num(n); 344 assert(n >= 0);
347 if (n <= 0) return((BN_ULONG)0); 345 if (n <= 0) return((BN_ULONG)0);
348 346
349 c=0; 347 c=0;
@@ -387,14 +385,14 @@ BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
387 } 385 }
388 return((BN_ULONG)c); 386 return((BN_ULONG)c);
389 } 387 }
390#endif 388#endif /* !BN_LLONG */
391 389
392BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) 390BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
393 { 391 {
394 BN_ULONG t1,t2; 392 BN_ULONG t1,t2;
395 int c=0; 393 int c=0;
396 394
397 bn_check_num(n); 395 assert(n >= 0);
398 if (n <= 0) return((BN_ULONG)0); 396 if (n <= 0) return((BN_ULONG)0);
399 397
400 for (;;) 398 for (;;)
@@ -433,6 +431,11 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
433#undef bn_sqr_comba8 431#undef bn_sqr_comba8
434#undef bn_sqr_comba4 432#undef bn_sqr_comba4
435 433
434/* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */
435/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
436/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
437/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
438
436#ifdef BN_LLONG 439#ifdef BN_LLONG
437#define mul_add_c(a,b,c0,c1,c2) \ 440#define mul_add_c(a,b,c0,c1,c2) \
438 t=(BN_ULLONG)a*b; \ 441 t=(BN_ULLONG)a*b; \
@@ -460,7 +463,39 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
460 463
461#define sqr_add_c2(a,i,j,c0,c1,c2) \ 464#define sqr_add_c2(a,i,j,c0,c1,c2) \
462 mul_add_c2((a)[i],(a)[j],c0,c1,c2) 465 mul_add_c2((a)[i],(a)[j],c0,c1,c2)
463#else 466
467#elif defined(BN_UMULT_HIGH)
468
469#define mul_add_c(a,b,c0,c1,c2) { \
470 BN_ULONG ta=(a),tb=(b); \
471 t1 = ta * tb; \
472 t2 = BN_UMULT_HIGH(ta,tb); \
473 c0 += t1; t2 += (c0<t1)?1:0; \
474 c1 += t2; c2 += (c1<t2)?1:0; \
475 }
476
477#define mul_add_c2(a,b,c0,c1,c2) { \
478 BN_ULONG ta=(a),tb=(b),t0; \
479 t1 = BN_UMULT_HIGH(ta,tb); \
480 t0 = ta * tb; \
481 t2 = t1+t1; c2 += (t2<t1)?1:0; \
482 t1 = t0+t0; t2 += (t1<t0)?1:0; \
483 c0 += t1; t2 += (c0<t1)?1:0; \
484 c1 += t2; c2 += (c1<t2)?1:0; \
485 }
486
487#define sqr_add_c(a,i,c0,c1,c2) { \
488 BN_ULONG ta=(a)[i]; \
489 t1 = ta * ta; \
490 t2 = BN_UMULT_HIGH(ta,ta); \
491 c0 += t1; t2 += (c0<t1)?1:0; \
492 c1 += t2; c2 += (c1<t2)?1:0; \
493 }
494
495#define sqr_add_c2(a,i,j,c0,c1,c2) \
496 mul_add_c2((a)[i],(a)[j],c0,c1,c2)
497
498#else /* !BN_LLONG */
464#define mul_add_c(a,b,c0,c1,c2) \ 499#define mul_add_c(a,b,c0,c1,c2) \
465 t1=LBITS(a); t2=HBITS(a); \ 500 t1=LBITS(a); t2=HBITS(a); \
466 bl=LBITS(b); bh=HBITS(b); \ 501 bl=LBITS(b); bh=HBITS(b); \
@@ -487,7 +522,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
487 522
488#define sqr_add_c2(a,i,j,c0,c1,c2) \ 523#define sqr_add_c2(a,i,j,c0,c1,c2) \
489 mul_add_c2((a)[i],(a)[j],c0,c1,c2) 524 mul_add_c2((a)[i],(a)[j],c0,c1,c2)
490#endif 525#endif /* !BN_LLONG */
491 526
492void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) 527void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
493 { 528 {
@@ -762,7 +797,7 @@ void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
762 r[6]=c1; 797 r[6]=c1;
763 r[7]=c2; 798 r[7]=c2;
764 } 799 }
765#else 800#else /* !BN_MUL_COMBA */
766 801
767/* hmm... is it faster just to do a multiply? */ 802/* hmm... is it faster just to do a multiply? */
768#undef bn_sqr_comba4 803#undef bn_sqr_comba4
@@ -799,4 +834,4 @@ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
799 r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]); 834 r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
800 } 835 }
801 836
802#endif /* BN_COMBA */ 837#endif /* !BN_MUL_COMBA */
diff --git a/src/lib/libcrypto/bn/bn_comba.c b/src/lib/libcrypto/bn/bn_comba.c
index 7ad09b4a6d..e69de29bb2 100644
--- a/src/lib/libcrypto/bn/bn_comba.c
+++ b/src/lib/libcrypto/bn/bn_comba.c
@@ -1,345 +0,0 @@
1/* crypto/bn/bn_comba.c */
2#include <stdio.h>
3#include "bn_lcl.h"
4/* Auto generated from crypto/bn/comba.pl
5 */
6
7#undef bn_mul_comba8
8#undef bn_mul_comba4
9#undef bn_sqr_comba8
10#undef bn_sqr_comba4
11
12#ifdef BN_LLONG
13#define mul_add_c(a,b,c0,c1,c2) \
14 t=(BN_ULLONG)a*b; \
15 t1=(BN_ULONG)Lw(t); \
16 t2=(BN_ULONG)Hw(t); \
17 c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
18 c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
19
20#define mul_add_c2(a,b,c0,c1,c2) \
21 t=(BN_ULLONG)a*b; \
22 tt=(t+t)&BN_MASK; \
23 if (tt < t) c2++; \
24 t1=(BN_ULONG)Lw(tt); \
25 t2=(BN_ULONG)Hw(tt); \
26 c0=(c0+t1)&BN_MASK2; \
27 if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
28 c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
29
30#define sqr_add_c(a,i,c0,c1,c2) \
31 t=(BN_ULLONG)a[i]*a[i]; \
32 t1=(BN_ULONG)Lw(t); \
33 t2=(BN_ULONG)Hw(t); \
34 c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
35 c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
36
37#define sqr_add_c2(a,i,j,c0,c1,c2) \
38 mul_add_c2((a)[i],(a)[j],c0,c1,c2)
39#else
40#define mul_add_c(a,b,c0,c1,c2) \
41 t1=LBITS(a); t2=HBITS(a); \
42 bl=LBITS(b); bh=HBITS(b); \
43 mul64(t1,t2,bl,bh); \
44 c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
45 c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
46
47#define mul_add_c2(a,b,c0,c1,c2) \
48 t1=LBITS(a); t2=HBITS(a); \
49 bl=LBITS(b); bh=HBITS(b); \
50 mul64(t1,t2,bl,bh); \
51 if (t2 & BN_TBIT) c2++; \
52 t2=(t2+t2)&BN_MASK2; \
53 if (t1 & BN_TBIT) t2++; \
54 t1=(t1+t1)&BN_MASK2; \
55 c0=(c0+t1)&BN_MASK2; \
56 if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
57 c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
58
59#define sqr_add_c(a,i,c0,c1,c2) \
60 sqr64(t1,t2,(a)[i]); \
61 c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
62 c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
63
64#define sqr_add_c2(a,i,j,c0,c1,c2) \
65 mul_add_c2((a)[i],(a)[j],c0,c1,c2)
66#endif
67
68void bn_mul_comba88(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
69void bn_mul_comba44(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
70void bn_sqr_comba88(BN_ULONG *r,BN_ULONG *a);
71void bn_sqr_comba44(BN_ULONG *r,BN_ULONG *a);
72
73void bn_mul_comba88(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
74 {
75#ifdef BN_LLONG
76 BN_ULLONG t;
77#else
78 BN_ULONG bl,bh;
79#endif
80 BN_ULONG t1,t2;
81 BN_ULONG c1,c2,c3;
82
83 c1=0;
84 c2=0;
85 c3=0;
86 mul_add_c(a[0],b[0],c1,c2,c3);
87 r[0]=c1;
88 c1=0;
89 mul_add_c(a[0],b[1],c2,c3,c1);
90 mul_add_c(a[1],b[0],c2,c3,c1);
91 r[1]=c2;
92 c2=0;
93 mul_add_c(a[2],b[0],c3,c1,c2);
94 mul_add_c(a[1],b[1],c3,c1,c2);
95 mul_add_c(a[0],b[2],c3,c1,c2);
96 r[2]=c3;
97 c3=0;
98 mul_add_c(a[0],b[3],c1,c2,c3);
99 mul_add_c(a[1],b[2],c1,c2,c3);
100 mul_add_c(a[2],b[1],c1,c2,c3);
101 mul_add_c(a[3],b[0],c1,c2,c3);
102 r[3]=c1;
103 c1=0;
104 mul_add_c(a[4],b[0],c2,c3,c1);
105 mul_add_c(a[3],b[1],c2,c3,c1);
106 mul_add_c(a[2],b[2],c2,c3,c1);
107 mul_add_c(a[1],b[3],c2,c3,c1);
108 mul_add_c(a[0],b[4],c2,c3,c1);
109 r[4]=c2;
110 c2=0;
111 mul_add_c(a[0],b[5],c3,c1,c2);
112 mul_add_c(a[1],b[4],c3,c1,c2);
113 mul_add_c(a[2],b[3],c3,c1,c2);
114 mul_add_c(a[3],b[2],c3,c1,c2);
115 mul_add_c(a[4],b[1],c3,c1,c2);
116 mul_add_c(a[5],b[0],c3,c1,c2);
117 r[5]=c3;
118 c3=0;
119 mul_add_c(a[6],b[0],c1,c2,c3);
120 mul_add_c(a[5],b[1],c1,c2,c3);
121 mul_add_c(a[4],b[2],c1,c2,c3);
122 mul_add_c(a[3],b[3],c1,c2,c3);
123 mul_add_c(a[2],b[4],c1,c2,c3);
124 mul_add_c(a[1],b[5],c1,c2,c3);
125 mul_add_c(a[0],b[6],c1,c2,c3);
126 r[6]=c1;
127 c1=0;
128 mul_add_c(a[0],b[7],c2,c3,c1);
129 mul_add_c(a[1],b[6],c2,c3,c1);
130 mul_add_c(a[2],b[5],c2,c3,c1);
131 mul_add_c(a[3],b[4],c2,c3,c1);
132 mul_add_c(a[4],b[3],c2,c3,c1);
133 mul_add_c(a[5],b[2],c2,c3,c1);
134 mul_add_c(a[6],b[1],c2,c3,c1);
135 mul_add_c(a[7],b[0],c2,c3,c1);
136 r[7]=c2;
137 c2=0;
138 mul_add_c(a[7],b[1],c3,c1,c2);
139 mul_add_c(a[6],b[2],c3,c1,c2);
140 mul_add_c(a[5],b[3],c3,c1,c2);
141 mul_add_c(a[4],b[4],c3,c1,c2);
142 mul_add_c(a[3],b[5],c3,c1,c2);
143 mul_add_c(a[2],b[6],c3,c1,c2);
144 mul_add_c(a[1],b[7],c3,c1,c2);
145 r[8]=c3;
146 c3=0;
147 mul_add_c(a[2],b[7],c1,c2,c3);
148 mul_add_c(a[3],b[6],c1,c2,c3);
149 mul_add_c(a[4],b[5],c1,c2,c3);
150 mul_add_c(a[5],b[4],c1,c2,c3);
151 mul_add_c(a[6],b[3],c1,c2,c3);
152 mul_add_c(a[7],b[2],c1,c2,c3);
153 r[9]=c1;
154 c1=0;
155 mul_add_c(a[7],b[3],c2,c3,c1);
156 mul_add_c(a[6],b[4],c2,c3,c1);
157 mul_add_c(a[5],b[5],c2,c3,c1);
158 mul_add_c(a[4],b[6],c2,c3,c1);
159 mul_add_c(a[3],b[7],c2,c3,c1);
160 r[10]=c2;
161 c2=0;
162 mul_add_c(a[4],b[7],c3,c1,c2);
163 mul_add_c(a[5],b[6],c3,c1,c2);
164 mul_add_c(a[6],b[5],c3,c1,c2);
165 mul_add_c(a[7],b[4],c3,c1,c2);
166 r[11]=c3;
167 c3=0;
168 mul_add_c(a[7],b[5],c1,c2,c3);
169 mul_add_c(a[6],b[6],c1,c2,c3);
170 mul_add_c(a[5],b[7],c1,c2,c3);
171 r[12]=c1;
172 c1=0;
173 mul_add_c(a[6],b[7],c2,c3,c1);
174 mul_add_c(a[7],b[6],c2,c3,c1);
175 r[13]=c2;
176 c2=0;
177 mul_add_c(a[7],b[7],c3,c1,c2);
178 r[14]=c3;
179 r[15]=c1;
180 }
181
182void bn_mul_comba44(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
183 {
184#ifdef BN_LLONG
185 BN_ULLONG t;
186#else
187 BN_ULONG bl,bh;
188#endif
189 BN_ULONG t1,t2;
190 BN_ULONG c1,c2,c3;
191
192 c1=0;
193 c2=0;
194 c3=0;
195 mul_add_c(a[0],b[0],c1,c2,c3);
196 r[0]=c1;
197 c1=0;
198 mul_add_c(a[0],b[1],c2,c3,c1);
199 mul_add_c(a[1],b[0],c2,c3,c1);
200 r[1]=c2;
201 c2=0;
202 mul_add_c(a[2],b[0],c3,c1,c2);
203 mul_add_c(a[1],b[1],c3,c1,c2);
204 mul_add_c(a[0],b[2],c3,c1,c2);
205 r[2]=c3;
206 c3=0;
207 mul_add_c(a[0],b[3],c1,c2,c3);
208 mul_add_c(a[1],b[2],c1,c2,c3);
209 mul_add_c(a[2],b[1],c1,c2,c3);
210 mul_add_c(a[3],b[0],c1,c2,c3);
211 r[3]=c1;
212 c1=0;
213 mul_add_c(a[3],b[1],c2,c3,c1);
214 mul_add_c(a[2],b[2],c2,c3,c1);
215 mul_add_c(a[1],b[3],c2,c3,c1);
216 r[4]=c2;
217 c2=0;
218 mul_add_c(a[2],b[3],c3,c1,c2);
219 mul_add_c(a[3],b[2],c3,c1,c2);
220 r[5]=c3;
221 c3=0;
222 mul_add_c(a[3],b[3],c1,c2,c3);
223 r[6]=c1;
224 r[7]=c2;
225 }
226
227void bn_sqr_comba88(BN_ULONG *r, BN_ULONG *a)
228 {
229#ifdef BN_LLONG
230 BN_ULLONG t,tt;
231#else
232 BN_ULONG bl,bh;
233#endif
234 BN_ULONG t1,t2;
235 BN_ULONG c1,c2,c3;
236
237 c1=0;
238 c2=0;
239 c3=0;
240 sqr_add_c(a,0,c1,c2,c3);
241 r[0]=c1;
242 c1=0;
243 sqr_add_c2(a,1,0,c2,c3,c1);
244 r[1]=c2;
245 c2=0;
246 sqr_add_c(a,1,c3,c1,c2);
247 sqr_add_c2(a,2,0,c3,c1,c2);
248 r[2]=c3;
249 c3=0;
250 sqr_add_c2(a,3,0,c1,c2,c3);
251 sqr_add_c2(a,2,1,c1,c2,c3);
252 r[3]=c1;
253 c1=0;
254 sqr_add_c(a,2,c2,c3,c1);
255 sqr_add_c2(a,3,1,c2,c3,c1);
256 sqr_add_c2(a,4,0,c2,c3,c1);
257 r[4]=c2;
258 c2=0;
259 sqr_add_c2(a,5,0,c3,c1,c2);
260 sqr_add_c2(a,4,1,c3,c1,c2);
261 sqr_add_c2(a,3,2,c3,c1,c2);
262 r[5]=c3;
263 c3=0;
264 sqr_add_c(a,3,c1,c2,c3);
265 sqr_add_c2(a,4,2,c1,c2,c3);
266 sqr_add_c2(a,5,1,c1,c2,c3);
267 sqr_add_c2(a,6,0,c1,c2,c3);
268 r[6]=c1;
269 c1=0;
270 sqr_add_c2(a,7,0,c2,c3,c1);
271 sqr_add_c2(a,6,1,c2,c3,c1);
272 sqr_add_c2(a,5,2,c2,c3,c1);
273 sqr_add_c2(a,4,3,c2,c3,c1);
274 r[7]=c2;
275 c2=0;
276 sqr_add_c(a,4,c3,c1,c2);
277 sqr_add_c2(a,5,3,c3,c1,c2);
278 sqr_add_c2(a,6,2,c3,c1,c2);
279 sqr_add_c2(a,7,1,c3,c1,c2);
280 r[8]=c3;
281 c3=0;
282 sqr_add_c2(a,7,2,c1,c2,c3);
283 sqr_add_c2(a,6,3,c1,c2,c3);
284 sqr_add_c2(a,5,4,c1,c2,c3);
285 r[9]=c1;
286 c1=0;
287 sqr_add_c(a,5,c2,c3,c1);
288 sqr_add_c2(a,6,4,c2,c3,c1);
289 sqr_add_c2(a,7,3,c2,c3,c1);
290 r[10]=c2;
291 c2=0;
292 sqr_add_c2(a,7,4,c3,c1,c2);
293 sqr_add_c2(a,6,5,c3,c1,c2);
294 r[11]=c3;
295 c3=0;
296 sqr_add_c(a,6,c1,c2,c3);
297 sqr_add_c2(a,7,5,c1,c2,c3);
298 r[12]=c1;
299 c1=0;
300 sqr_add_c2(a,7,6,c2,c3,c1);
301 r[13]=c2;
302 c2=0;
303 sqr_add_c(a,7,c3,c1,c2);
304 r[14]=c3;
305 r[15]=c1;
306 }
307
308void bn_sqr_comba44(BN_ULONG *r, BN_ULONG *a)
309 {
310#ifdef BN_LLONG
311 BN_ULLONG t,tt;
312#else
313 BN_ULONG bl,bh;
314#endif
315 BN_ULONG t1,t2;
316 BN_ULONG c1,c2,c3;
317
318 c1=0;
319 c2=0;
320 c3=0;
321 sqr_add_c(a,0,c1,c2,c3);
322 r[0]=c1;
323 c1=0;
324 sqr_add_c2(a,1,0,c2,c3,c1);
325 r[1]=c2;
326 c2=0;
327 sqr_add_c(a,1,c3,c1,c2);
328 sqr_add_c2(a,2,0,c3,c1,c2);
329 r[2]=c3;
330 c3=0;
331 sqr_add_c2(a,3,0,c1,c2,c3);
332 sqr_add_c2(a,2,1,c1,c2,c3);
333 r[3]=c1;
334 c1=0;
335 sqr_add_c(a,2,c2,c3,c1);
336 sqr_add_c2(a,3,1,c2,c3,c1);
337 r[4]=c2;
338 c2=0;
339 sqr_add_c2(a,3,2,c3,c1,c2);
340 r[5]=c3;
341 c3=0;
342 sqr_add_c(a,3,c1,c2,c3);
343 r[6]=c1;
344 r[7]=c2;
345 }
diff --git a/src/lib/libcrypto/bn/bn_ctx.c b/src/lib/libcrypto/bn/bn_ctx.c
new file mode 100644
index 0000000000..46132fd180
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_ctx.c
@@ -0,0 +1,144 @@
1/* crypto/bn/bn_ctx.c */
2/* Written by Ulf Moeller for the OpenSSL project. */
3/* ====================================================================
4 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 *
51 * This product includes cryptographic software written by Eric Young
52 * (eay@cryptsoft.com). This product includes software written by Tim
53 * Hudson (tjh@cryptsoft.com).
54 *
55 */
56
57#ifndef BN_CTX_DEBUG
58# undef NDEBUG /* avoid conflicting definitions */
59# define NDEBUG
60#endif
61
62#include <stdio.h>
63#include <assert.h>
64#include "cryptlib.h"
65#include <openssl/bn.h>
66
67
68BN_CTX *BN_CTX_new(void)
69 {
70 BN_CTX *ret;
71
72 ret=(BN_CTX *)Malloc(sizeof(BN_CTX));
73 if (ret == NULL)
74 {
75 BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
76 return(NULL);
77 }
78
79 BN_CTX_init(ret);
80 ret->flags=BN_FLG_MALLOCED;
81 return(ret);
82 }
83
84void BN_CTX_init(BN_CTX *ctx)
85 {
86 int i;
87 ctx->tos = 0;
88 ctx->flags = 0;
89 ctx->depth = 0;
90 ctx->too_many = 0;
91 for (i = 0; i < BN_CTX_NUM; i++)
92 BN_init(&(ctx->bn[i]));
93 }
94
95void BN_CTX_free(BN_CTX *ctx)
96 {
97 int i;
98
99 if (ctx == NULL) return;
100 assert(ctx->depth == 0);
101
102 for (i=0; i < BN_CTX_NUM; i++)
103 BN_clear_free(&(ctx->bn[i]));
104 if (ctx->flags & BN_FLG_MALLOCED)
105 Free(ctx);
106 }
107
108void BN_CTX_start(BN_CTX *ctx)
109 {
110 if (ctx->depth < BN_CTX_NUM_POS)
111 ctx->pos[ctx->depth] = ctx->tos;
112 ctx->depth++;
113 }
114
115BIGNUM *BN_CTX_get(BN_CTX *ctx)
116 {
117 if (ctx->depth > BN_CTX_NUM_POS || ctx->tos >= BN_CTX_NUM)
118 {
119 if (!ctx->too_many)
120 {
121 BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
122 /* disable error code until BN_CTX_end is called: */
123 ctx->too_many = 1;
124 }
125 return NULL;
126 }
127 return (&(ctx->bn[ctx->tos++]));
128 }
129
130void BN_CTX_end(BN_CTX *ctx)
131 {
132 if (ctx == NULL) return;
133 assert(ctx->depth > 0);
134 if (ctx->depth == 0)
135 /* should never happen, but we can tolerate it if not in
136 * debug mode (could be a 'goto err' in the calling function
137 * before BN_CTX_start was reached) */
138 BN_CTX_start(ctx);
139
140 ctx->too_many = 0;
141 ctx->depth--;
142 if (ctx->depth < BN_CTX_NUM_POS)
143 ctx->tos = ctx->pos[ctx->depth];
144 }
diff --git a/src/lib/libcrypto/bn/bn_div.c b/src/lib/libcrypto/bn/bn_div.c
index 150dd289a5..07af1d3b44 100644
--- a/src/lib/libcrypto/bn/bn_div.c
+++ b/src/lib/libcrypto/bn/bn_div.c
@@ -63,9 +63,11 @@
63 63
64/* The old slow way */ 64/* The old slow way */
65#if 0 65#if 0
66int BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx) 66int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
67 BN_CTX *ctx)
67 { 68 {
68 int i,nm,nd; 69 int i,nm,nd;
70 int ret = 0;
69 BIGNUM *D; 71 BIGNUM *D;
70 72
71 bn_check_top(m); 73 bn_check_top(m);
@@ -84,14 +86,17 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx)
84 return(1); 86 return(1);
85 } 87 }
86 88
87 D= &(ctx->bn[ctx->tos]); 89 BN_CTX_start(ctx);
88 if (dv == NULL) dv= &(ctx->bn[ctx->tos+1]); 90 D = BN_CTX_get(ctx);
89 if (rem == NULL) rem= &(ctx->bn[ctx->tos+2]); 91 if (dv == NULL) dv = BN_CTX_get(ctx);
92 if (rem == NULL) rem = BN_CTX_get(ctx);
93 if (D == NULL || dv == NULL || rem == NULL)
94 goto end;
90 95
91 nd=BN_num_bits(d); 96 nd=BN_num_bits(d);
92 nm=BN_num_bits(m); 97 nm=BN_num_bits(m);
93 if (BN_copy(D,d) == NULL) return(0); 98 if (BN_copy(D,d) == NULL) goto end;
94 if (BN_copy(rem,m) == NULL) return(0); 99 if (BN_copy(rem,m) == NULL) goto end;
95 100
96 /* The next 2 are needed so we can do a dv->d[0]|=1 later 101 /* The next 2 are needed so we can do a dv->d[0]|=1 later
97 * since BN_lshift1 will only work once there is a value :-) */ 102 * since BN_lshift1 will only work once there is a value :-) */
@@ -99,25 +104,54 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx)
99 bn_wexpand(dv,1); 104 bn_wexpand(dv,1);
100 dv->top=1; 105 dv->top=1;
101 106
102 if (!BN_lshift(D,D,nm-nd)) return(0); 107 if (!BN_lshift(D,D,nm-nd)) goto end;
103 for (i=nm-nd; i>=0; i--) 108 for (i=nm-nd; i>=0; i--)
104 { 109 {
105 if (!BN_lshift1(dv,dv)) return(0); 110 if (!BN_lshift1(dv,dv)) goto end;
106 if (BN_ucmp(rem,D) >= 0) 111 if (BN_ucmp(rem,D) >= 0)
107 { 112 {
108 dv->d[0]|=1; 113 dv->d[0]|=1;
109 if (!BN_usub(rem,rem,D)) return(0); 114 if (!BN_usub(rem,rem,D)) goto end;
110 } 115 }
111/* CAN IMPROVE (and have now :=) */ 116/* CAN IMPROVE (and have now :=) */
112 if (!BN_rshift1(D,D)) return(0); 117 if (!BN_rshift1(D,D)) goto end;
113 } 118 }
114 rem->neg=BN_is_zero(rem)?0:m->neg; 119 rem->neg=BN_is_zero(rem)?0:m->neg;
115 dv->neg=m->neg^d->neg; 120 dv->neg=m->neg^d->neg;
116 return(1); 121 ret = 1;
122 end:
123 BN_CTX_end(ctx);
124 return(ret);
117 } 125 }
118 126
119#else 127#else
120 128
129#if !defined(NO_ASM) && !defined(NO_INLINE_ASM) && !defined(PEDANTIC) && !defined(BN_DIV3W)
130# if defined(__GNUC__) && __GNUC__>=2
131# if defined(__i386)
132 /*
133 * There were two reasons for implementing this template:
134 * - GNU C generates a call to a function (__udivdi3 to be exact)
135 * in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
136 * understand why...);
137 * - divl doesn't only calculate quotient, but also leaves
138 * remainder in %edx which we can definitely use here:-)
139 *
140 * <appro@fy.chalmers.se>
141 */
142# define bn_div_words(n0,n1,d0) \
143 ({ asm volatile ( \
144 "divl %4" \
145 : "=a"(q), "=d"(rem) \
146 : "a"(n1), "d"(n0), "g"(d0) \
147 : "cc"); \
148 q; \
149 })
150# define REMAINDER_IS_ALREADY_CALCULATED
151# endif /* __<cpu> */
152# endif /* __GNUC__ */
153#endif /* NO_ASM */
154
121int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, 155int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
122 BN_CTX *ctx) 156 BN_CTX *ctx)
123 { 157 {
@@ -144,13 +178,15 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
144 return(1); 178 return(1);
145 } 179 }
146 180
147 tmp= &(ctx->bn[ctx->tos]); 181 BN_CTX_start(ctx);
182 tmp=BN_CTX_get(ctx);
148 tmp->neg=0; 183 tmp->neg=0;
149 snum= &(ctx->bn[ctx->tos+1]); 184 snum=BN_CTX_get(ctx);
150 sdiv= &(ctx->bn[ctx->tos+2]); 185 sdiv=BN_CTX_get(ctx);
151 if (dv == NULL) 186 if (dv == NULL)
152 res= &(ctx->bn[ctx->tos+3]); 187 res=BN_CTX_get(ctx);
153 else res=dv; 188 else res=dv;
189 if (res == NULL) goto err;
154 190
155 /* First we normalise the numbers */ 191 /* First we normalise the numbers */
156 norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); 192 norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
@@ -202,97 +238,76 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
202 { 238 {
203 BN_ULONG q,l0; 239 BN_ULONG q,l0;
204#ifdef BN_DIV3W 240#ifdef BN_DIV3W
205 q=bn_div_3_words(wnump,d0,d1); 241 q=bn_div_3_words(wnump,d1,d0);
206#else 242#else
207
208#if !defined(NO_ASM) && !defined(PEDANTIC)
209# if defined(__GNUC__) && __GNUC__>=2
210# if defined(__i386)
211 /*
212 * There were two reasons for implementing this template:
213 * - GNU C generates a call to a function (__udivdi3 to be exact)
214 * in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
215 * understand why...);
216 * - divl doesn't only calculate quotient, but also leaves
217 * remainder in %edx which we can definitely use here:-)
218 *
219 * <appro@fy.chalmers.se>
220 */
221# define bn_div_words(n0,n1,d0) \
222 ({ asm volatile ( \
223 "divl %4" \
224 : "=a"(q), "=d"(rem) \
225 : "a"(n1), "d"(n0), "g"(d0) \
226 : "cc"); \
227 q; \
228 })
229# define REMINDER_IS_ALREADY_CALCULATED
230# endif /* __<cpu> */
231# endif /* __GNUC__ */
232#endif /* NO_ASM */
233 BN_ULONG n0,n1,rem=0; 243 BN_ULONG n0,n1,rem=0;
234 244
235 n0=wnump[0]; 245 n0=wnump[0];
236 n1=wnump[-1]; 246 n1=wnump[-1];
237 if (n0 == d0) 247 if (n0 == d0)
238 q=BN_MASK2; 248 q=BN_MASK2;
239 else 249 else /* n0 < d0 */
250 {
251#ifdef BN_LLONG
252 BN_ULLONG t2;
253
240#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words) 254#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
241 q=((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0; 255 q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
242#else 256#else
243 q=bn_div_words(n0,n1,d0); 257 q=bn_div_words(n0,n1,d0);
244#endif 258#endif
245 { 259
246#ifdef BN_LLONG 260#ifndef REMAINDER_IS_ALREADY_CALCULATED
247 BN_ULLONG t2; 261 /*
248 262 * rem doesn't have to be BN_ULLONG. The least we
249#ifndef REMINDER_IS_ALREADY_CALCULATED 263 * know it's less that d0, isn't it?
250 /* 264 */
251 * rem doesn't have to be BN_ULLONG. The least we 265 rem=(n1-q*d0)&BN_MASK2;
252 * know it's less that d0, isn't it?
253 */
254 rem=(n1-q*d0)&BN_MASK2;
255#endif 266#endif
256 t2=(BN_ULLONG)d1*q; 267 t2=(BN_ULLONG)d1*q;
268
269 for (;;)
270 {
271 if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
272 break;
273 q--;
274 rem += d0;
275 if (rem < d0) break; /* don't let rem overflow */
276 t2 -= d1;
277 }
278#else /* !BN_LLONG */
279 BN_ULONG t2l,t2h,ql,qh;
257 280
258 for (;;) 281 q=bn_div_words(n0,n1,d0);
259 { 282#ifndef REMAINDER_IS_ALREADY_CALCULATED
260 if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2])) 283 rem=(n1-q*d0)&BN_MASK2;
261 break; 284#endif
262 q--; 285
263 rem += d0; 286#ifdef BN_UMULT_HIGH
264 if (rem < d0) break; /* don't let rem overflow */ 287 t2l = d1 * q;
265 t2 -= d1; 288 t2h = BN_UMULT_HIGH(d1,q);
266 }
267#else 289#else
268 BN_ULONG t2l,t2h,ql,qh; 290 t2l=LBITS(d1); t2h=HBITS(d1);
269 291 ql =LBITS(q); qh =HBITS(q);
270#ifndef REMINDER_IS_ALREADY_CALCULATED 292 mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
271 /*
272 * It's more than enough with the only multiplication.
273 * See the comment above in BN_LLONG section...
274 */
275 rem=(n1-q*d0)&BN_MASK2;
276#endif 293#endif
277 t2l=LBITS(d1); t2h=HBITS(d1);
278 ql =LBITS(q); qh =HBITS(q);
279 mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
280 294
281 for (;;) 295 for (;;)
282 { 296 {
283 if ((t2h < rem) || 297 if ((t2h < rem) ||
284 ((t2h == rem) && (t2l <= wnump[-2]))) 298 ((t2h == rem) && (t2l <= wnump[-2])))
285 break; 299 break;
286 q--; 300 q--;
287 rem += d0; 301 rem += d0;
288 if (rem < d0) break; /* don't let rem overflow */ 302 if (rem < d0) break; /* don't let rem overflow */
289 if (t2l < d1) t2h--; t2l -= d1; 303 if (t2l < d1) t2h--; t2l -= d1;
304 }
305#endif /* !BN_LLONG */
290 } 306 }
291#endif
292 }
293#endif /* !BN_DIV3W */ 307#endif /* !BN_DIV3W */
294 wnum.d--; wnum.top++; 308
295 l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); 309 l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
310 wnum.d--; wnum.top++;
296 tmp->d[div_n]=l0; 311 tmp->d[div_n]=l0;
297 for (j=div_n+1; j>0; j--) 312 for (j=div_n+1; j>0; j--)
298 if (tmp->d[j-1]) break; 313 if (tmp->d[j-1]) break;
@@ -318,8 +333,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
318 BN_rshift(rm,snum,norm_shift); 333 BN_rshift(rm,snum,norm_shift);
319 rm->neg=num->neg; 334 rm->neg=num->neg;
320 } 335 }
336 BN_CTX_end(ctx);
321 return(1); 337 return(1);
322err: 338err:
339 BN_CTX_end(ctx);
323 return(0); 340 return(0);
324 } 341 }
325 342
@@ -335,22 +352,27 @@ int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
335 if (BN_ucmp(m,d) < 0) 352 if (BN_ucmp(m,d) < 0)
336 return((BN_copy(rem,m) == NULL)?0:1); 353 return((BN_copy(rem,m) == NULL)?0:1);
337 354
338 dv= &(ctx->bn[ctx->tos]); 355 BN_CTX_start(ctx);
356 dv=BN_CTX_get(ctx);
339 357
340 if (!BN_copy(rem,m)) return(0); 358 if (!BN_copy(rem,m)) goto err;
341 359
342 nm=BN_num_bits(rem); 360 nm=BN_num_bits(rem);
343 nd=BN_num_bits(d); 361 nd=BN_num_bits(d);
344 if (!BN_lshift(dv,d,nm-nd)) return(0); 362 if (!BN_lshift(dv,d,nm-nd)) goto err;
345 for (i=nm-nd; i>=0; i--) 363 for (i=nm-nd; i>=0; i--)
346 { 364 {
347 if (BN_cmp(rem,dv) >= 0) 365 if (BN_cmp(rem,dv) >= 0)
348 { 366 {
349 if (!BN_sub(rem,rem,dv)) return(0); 367 if (!BN_sub(rem,rem,dv)) goto err;
350 } 368 }
351 if (!BN_rshift1(dv,dv)) return(0); 369 if (!BN_rshift1(dv,dv)) goto err;
352 } 370 }
371 BN_CTX_end(ctx);
353 return(1); 372 return(1);
373 err:
374 BN_CTX_end(ctx);
375 return(0);
354#else 376#else
355 return(BN_div(NULL,rem,m,d,ctx)); 377 return(BN_div(NULL,rem,m,d,ctx));
356#endif 378#endif
diff --git a/src/lib/libcrypto/bn/bn_err.c b/src/lib/libcrypto/bn/bn_err.c
index 73e80774e5..f3b9497dca 100644
--- a/src/lib/libcrypto/bn/bn_err.c
+++ b/src/lib/libcrypto/bn/bn_err.c
@@ -71,6 +71,7 @@ static ERR_STRING_DATA BN_str_functs[]=
71{ERR_PACK(0,BN_F_BN_BLINDING_UPDATE,0), "BN_BLINDING_update"}, 71{ERR_PACK(0,BN_F_BN_BLINDING_UPDATE,0), "BN_BLINDING_update"},
72{ERR_PACK(0,BN_F_BN_BN2DEC,0), "BN_bn2dec"}, 72{ERR_PACK(0,BN_F_BN_BN2DEC,0), "BN_bn2dec"},
73{ERR_PACK(0,BN_F_BN_BN2HEX,0), "BN_bn2hex"}, 73{ERR_PACK(0,BN_F_BN_BN2HEX,0), "BN_bn2hex"},
74{ERR_PACK(0,BN_F_BN_CTX_GET,0), "BN_CTX_get"},
74{ERR_PACK(0,BN_F_BN_CTX_NEW,0), "BN_CTX_new"}, 75{ERR_PACK(0,BN_F_BN_CTX_NEW,0), "BN_CTX_new"},
75{ERR_PACK(0,BN_F_BN_DIV,0), "BN_div"}, 76{ERR_PACK(0,BN_F_BN_DIV,0), "BN_div"},
76{ERR_PACK(0,BN_F_BN_EXPAND2,0), "bn_expand2"}, 77{ERR_PACK(0,BN_F_BN_EXPAND2,0), "bn_expand2"},
@@ -95,6 +96,7 @@ static ERR_STRING_DATA BN_str_reasons[]=
95{BN_R_INVALID_LENGTH ,"invalid length"}, 96{BN_R_INVALID_LENGTH ,"invalid length"},
96{BN_R_NOT_INITIALIZED ,"not initialized"}, 97{BN_R_NOT_INITIALIZED ,"not initialized"},
97{BN_R_NO_INVERSE ,"no inverse"}, 98{BN_R_NO_INVERSE ,"no inverse"},
99{BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"},
98{0,NULL} 100{0,NULL}
99 }; 101 };
100 102
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c
index 2df1614ada..0c11601675 100644
--- a/src/lib/libcrypto/bn/bn_exp.c
+++ b/src/lib/libcrypto/bn/bn_exp.c
@@ -59,6 +59,12 @@
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "bn_lcl.h" 61#include "bn_lcl.h"
62#ifdef ATALLA
63# include <alloca.h>
64# include <atasi.h>
65# include <assert.h>
66# include <dlfcn.h>
67#endif
62 68
63#define TABLE_SIZE 16 69#define TABLE_SIZE 16
64 70
@@ -72,7 +78,8 @@ int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
72 bn_check_top(b); 78 bn_check_top(b);
73 bn_check_top(m); 79 bn_check_top(m);
74 80
75 t= &(ctx->bn[ctx->tos++]); 81 BN_CTX_start(ctx);
82 if ((t = BN_CTX_get(ctx)) == NULL) goto err;
76 if (a == b) 83 if (a == b)
77 { if (!BN_sqr(t,a,ctx)) goto err; } 84 { if (!BN_sqr(t,a,ctx)) goto err; }
78 else 85 else
@@ -80,7 +87,7 @@ int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
80 if (!BN_mod(ret,t,m,ctx)) goto err; 87 if (!BN_mod(ret,t,m,ctx)) goto err;
81 r=1; 88 r=1;
82err: 89err:
83 ctx->tos--; 90 BN_CTX_end(ctx);
84 return(r); 91 return(r);
85 } 92 }
86 93
@@ -91,8 +98,10 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m, BN_CTX *ctx)
91 int i,bits,ret=0; 98 int i,bits,ret=0;
92 BIGNUM *v,*tmp; 99 BIGNUM *v,*tmp;
93 100
94 v= &(ctx->bn[ctx->tos++]); 101 BN_CTX_start(ctx);
95 tmp= &(ctx->bn[ctx->tos++]); 102 v = BN_CTX_get(ctx);
103 tmp = BN_CTX_get(ctx);
104 if (v == NULL || tmp == NULL) goto err;
96 105
97 if (BN_copy(v,a) == NULL) goto err; 106 if (BN_copy(v,a) == NULL) goto err;
98 bits=BN_num_bits(p); 107 bits=BN_num_bits(p);
@@ -113,7 +122,7 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m, BN_CTX *ctx)
113 } 122 }
114 ret=1; 123 ret=1;
115err: 124err:
116 ctx->tos-=2; 125 BN_CTX_end(ctx);
117 return(ret); 126 return(ret);
118 } 127 }
119 128
@@ -122,15 +131,15 @@ err:
122/* this one works - simple but works */ 131/* this one works - simple but works */
123int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx) 132int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx)
124 { 133 {
125 int i,bits,ret=0,tos; 134 int i,bits,ret=0;
126 BIGNUM *v,*rr; 135 BIGNUM *v,*rr;
127 136
128 tos=ctx->tos; 137 BN_CTX_start(ctx);
129 v= &(ctx->bn[ctx->tos++]);
130 if ((r == a) || (r == p)) 138 if ((r == a) || (r == p))
131 rr= &(ctx->bn[ctx->tos++]); 139 rr = BN_CTX_get(ctx);
132 else 140 else
133 rr=r; 141 rr = r;
142 if ((v = BN_CTX_get(ctx)) == NULL) goto err;
134 143
135 if (BN_copy(v,a) == NULL) goto err; 144 if (BN_copy(v,a) == NULL) goto err;
136 bits=BN_num_bits(p); 145 bits=BN_num_bits(p);
@@ -149,11 +158,178 @@ int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx)
149 } 158 }
150 ret=1; 159 ret=1;
151err: 160err:
152 ctx->tos=tos;
153 if (r != rr) BN_copy(r,rr); 161 if (r != rr) BN_copy(r,rr);
162 BN_CTX_end(ctx);
154 return(ret); 163 return(ret);
155 } 164 }
156 165
166#ifdef ATALLA
167
168/*
169 * This routine will dynamically check for the existance of an Atalla AXL-200
170 * SSL accelerator module. If one is found, the variable
171 * asi_accelerator_present is set to 1 and the function pointers
172 * ptr_ASI_xxxxxx above will be initialized to corresponding ASI API calls.
173 */
174typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
175 unsigned int *ret_buf);
176typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
177typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
178 unsigned char *output,
179 unsigned char *input,
180 unsigned int modulus_len);
181
182static tfnASI_GetHardwareConfig *ptr_ASI_GetHardwareConfig;
183static tfnASI_RSAPrivateKeyOpFn *ptr_ASI_RSAPrivateKeyOpFn;
184static tfnASI_GetPerformanceStatistics *ptr_ASI_GetPerformanceStatistics;
185static int asi_accelerator_present;
186static int tried_atalla;
187
188void atalla_initialize_accelerator_handle(void)
189 {
190 void *dl_handle;
191 int status;
192 unsigned int config_buf[1024];
193 static int tested;
194
195 if(tested)
196 return;
197
198 tested=1;
199
200 bzero((void *)config_buf, 1024);
201
202 /*
203 * Check to see if the library is present on the system
204 */
205 dl_handle = dlopen("atasi.so", RTLD_NOW);
206 if (dl_handle == (void *) NULL)
207 {
208/* printf("atasi.so library is not present on the system\n");
209 printf("No HW acceleration available\n");*/
210 return;
211 }
212
213 /*
214 * The library is present. Now we'll check to insure that the
215 * LDM is up and running. First we'll get the address of the
216 * function in the atasi library that we need to see if the
217 * LDM is operating.
218 */
219
220 ptr_ASI_GetHardwareConfig =
221 (tfnASI_GetHardwareConfig *)dlsym(dl_handle,"ASI_GetHardwareConfig");
222
223 if (ptr_ASI_GetHardwareConfig)
224 {
225 /*
226 * We found the call, now we'll get our config
227 * status. If we get a non 0 result, the LDM is not
228 * running and we cannot use the Atalla ASI *
229 * library.
230 */
231 status = (*ptr_ASI_GetHardwareConfig)(0L, config_buf);
232 if (status != 0)
233 {
234 printf("atasi.so library is present but not initialized\n");
235 printf("No HW acceleration available\n");
236 return;
237 }
238 }
239 else
240 {
241/* printf("We found the library, but not the function. Very Strange!\n");*/
242 return ;
243 }
244
245 /*
246 * It looks like we have acceleration capabilities. Load up the
247 * pointers to our ASI API calls.
248 */
249 ptr_ASI_RSAPrivateKeyOpFn=
250 (tfnASI_RSAPrivateKeyOpFn *)dlsym(dl_handle, "ASI_RSAPrivateKeyOpFn");
251 if (ptr_ASI_RSAPrivateKeyOpFn == NULL)
252 {
253/* printf("We found the library, but no RSA function. Very Strange!\n");*/
254 return;
255 }
256
257 ptr_ASI_GetPerformanceStatistics =
258 (tfnASI_GetPerformanceStatistics *)dlsym(dl_handle, "ASI_GetPerformanceStatistics");
259 if (ptr_ASI_GetPerformanceStatistics == NULL)
260 {
261/* printf("We found the library, but no stat function. Very Strange!\n");*/
262 return;
263 }
264
265 /*
266 * Indicate that acceleration is available
267 */
268 asi_accelerator_present = 1;
269
270/* printf("This system has acceleration!\n");*/
271
272 return;
273 }
274
275/* make sure this only gets called once when bn_mod_exp calls bn_mod_exp_mont */
276int BN_mod_exp_atalla(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m)
277 {
278 unsigned char *abin;
279 unsigned char *pbin;
280 unsigned char *mbin;
281 unsigned char *rbin;
282 int an,pn,mn,ret;
283 RSAPrivateKey keydata;
284
285 atalla_initialize_accelerator_handle();
286 if(!asi_accelerator_present)
287 return 0;
288
289
290/* We should be able to run without size testing */
291# define ASIZE 128
292 an=BN_num_bytes(a);
293 pn=BN_num_bytes(p);
294 mn=BN_num_bytes(m);
295
296 if(an <= ASIZE && pn <= ASIZE && mn <= ASIZE)
297 {
298 int size=mn;
299
300 assert(an <= mn);
301 abin=alloca(size);
302 memset(abin,'\0',mn);
303 BN_bn2bin(a,abin+size-an);
304
305 pbin=alloca(pn);
306 BN_bn2bin(p,pbin);
307
308 mbin=alloca(size);
309 memset(mbin,'\0',mn);
310 BN_bn2bin(m,mbin+size-mn);
311
312 rbin=alloca(size);
313
314 memset(&keydata,'\0',sizeof keydata);
315 keydata.privateExponent.data=pbin;
316 keydata.privateExponent.len=pn;
317 keydata.modulus.data=mbin;
318 keydata.modulus.len=size;
319
320 ret=(*ptr_ASI_RSAPrivateKeyOpFn)(&keydata,rbin,abin,keydata.modulus.len);
321/*fprintf(stderr,"!%s\n",BN_bn2hex(a));*/
322 if(!ret)
323 {
324 BN_bin2bn(rbin,keydata.modulus.len,r);
325/*fprintf(stderr,"?%s\n",BN_bn2hex(r));*/
326 return 1;
327 }
328 }
329 return 0;
330 }
331#endif /* def ATALLA */
332
157int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, 333int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
158 BN_CTX *ctx) 334 BN_CTX *ctx)
159 { 335 {
@@ -163,6 +339,13 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
163 bn_check_top(p); 339 bn_check_top(p);
164 bn_check_top(m); 340 bn_check_top(m);
165 341
342#ifdef ATALLA
343 if(BN_mod_exp_atalla(r,a,p,m))
344 return 1;
345/* If it fails, try the other methods (but don't try atalla again) */
346 tried_atalla=1;
347#endif
348
166#ifdef MONT_MUL_MOD 349#ifdef MONT_MUL_MOD
167 /* I have finally been able to take out this pre-condition of 350 /* I have finally been able to take out this pre-condition of
168 * the top bit being set. It was caused by an error in BN_div 351 * the top bit being set. It was caused by an error in BN_div
@@ -180,6 +363,10 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
180 { ret=BN_mod_exp_simple(r,a,p,m,ctx); } 363 { ret=BN_mod_exp_simple(r,a,p,m,ctx); }
181#endif 364#endif
182 365
366#ifdef ATALLA
367 tried_atalla=0;
368#endif
369
183 return(ret); 370 return(ret);
184 } 371 }
185 372
@@ -193,7 +380,6 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
193 BIGNUM val[TABLE_SIZE]; 380 BIGNUM val[TABLE_SIZE];
194 BN_RECP_CTX recp; 381 BN_RECP_CTX recp;
195 382
196 aa= &(ctx->bn[ctx->tos++]);
197 bits=BN_num_bits(p); 383 bits=BN_num_bits(p);
198 384
199 if (bits == 0) 385 if (bits == 0)
@@ -201,6 +387,10 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
201 BN_one(r); 387 BN_one(r);
202 return(1); 388 return(1);
203 } 389 }
390
391 BN_CTX_start(ctx);
392 if ((aa = BN_CTX_get(ctx)) == NULL) goto err;
393
204 BN_RECP_CTX_init(&recp); 394 BN_RECP_CTX_init(&recp);
205 if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err; 395 if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;
206 396
@@ -289,7 +479,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
289 } 479 }
290 ret=1; 480 ret=1;
291err: 481err:
292 ctx->tos--; 482 BN_CTX_end(ctx);
293 for (i=0; i<ts; i++) 483 for (i=0; i<ts; i++)
294 BN_clear_free(&(val[i])); 484 BN_clear_free(&(val[i]));
295 BN_RECP_CTX_free(&recp); 485 BN_RECP_CTX_free(&recp);
@@ -312,19 +502,27 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
312 bn_check_top(p); 502 bn_check_top(p);
313 bn_check_top(m); 503 bn_check_top(m);
314 504
505#ifdef ATALLA
506 if(!tried_atalla && BN_mod_exp_atalla(rr,a,p,m))
507 return 1;
508/* If it fails, try the other methods */
509#endif
510
315 if (!(m->d[0] & 1)) 511 if (!(m->d[0] & 1))
316 { 512 {
317 BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); 513 BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
318 return(0); 514 return(0);
319 } 515 }
320 d= &(ctx->bn[ctx->tos++]);
321 r= &(ctx->bn[ctx->tos++]);
322 bits=BN_num_bits(p); 516 bits=BN_num_bits(p);
323 if (bits == 0) 517 if (bits == 0)
324 { 518 {
325 BN_one(r); 519 BN_one(rr);
326 return(1); 520 return(1);
327 } 521 }
522 BN_CTX_start(ctx);
523 d = BN_CTX_get(ctx);
524 r = BN_CTX_get(ctx);
525 if (d == NULL || r == NULL) goto err;
328 526
329 /* If this is not done, things will break in the montgomery 527 /* If this is not done, things will break in the montgomery
330 * part */ 528 * part */
@@ -432,7 +630,7 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
432 ret=1; 630 ret=1;
433err: 631err:
434 if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); 632 if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
435 ctx->tos-=2; 633 BN_CTX_end(ctx);
436 for (i=0; i<ts; i++) 634 for (i=0; i<ts; i++)
437 BN_clear_free(&(val[i])); 635 BN_clear_free(&(val[i]));
438 return(ret); 636 return(ret);
@@ -448,7 +646,6 @@ int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
448 BIGNUM *d; 646 BIGNUM *d;
449 BIGNUM val[TABLE_SIZE]; 647 BIGNUM val[TABLE_SIZE];
450 648
451 d= &(ctx->bn[ctx->tos++]);
452 bits=BN_num_bits(p); 649 bits=BN_num_bits(p);
453 650
454 if (bits == 0) 651 if (bits == 0)
@@ -457,6 +654,9 @@ int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
457 return(1); 654 return(1);
458 } 655 }
459 656
657 BN_CTX_start(ctx);
658 if ((d = BN_CTX_get(ctx)) == NULL) goto err;
659
460 BN_init(&(val[0])); 660 BN_init(&(val[0]));
461 ts=1; 661 ts=1;
462 if (!BN_mod(&(val[0]),a,m,ctx)) goto err; /* 1 */ 662 if (!BN_mod(&(val[0]),a,m,ctx)) goto err; /* 1 */
@@ -541,7 +741,7 @@ int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
541 } 741 }
542 ret=1; 742 ret=1;
543err: 743err:
544 ctx->tos--; 744 BN_CTX_end(ctx);
545 for (i=0; i<ts; i++) 745 for (i=0; i<ts; i++)
546 BN_clear_free(&(val[i])); 746 BN_clear_free(&(val[i]));
547 return(ret); 747 return(ret);
diff --git a/src/lib/libcrypto/bn/bn_exp2.c b/src/lib/libcrypto/bn/bn_exp2.c
index 1132d53365..4f4e9e3299 100644
--- a/src/lib/libcrypto/bn/bn_exp2.c
+++ b/src/lib/libcrypto/bn/bn_exp2.c
@@ -9,7 +9,7 @@
9 * bits=1 75.4% 79.4% 9 * bits=1 75.4% 79.4%
10 * bits=2 61.2% 62.4% 10 * bits=2 61.2% 62.4%
11 * bits=3 61.3% 59.3% 11 * bits=3 61.3% 59.3%
12 * The lack of speed improvment is also a function of the pre-calculation 12 * The lack of speed improvement is also a function of the pre-calculation
13 * which could be removed. 13 * which could be removed.
14 */ 14 */
15#define EXP2_TABLE_BITS 2 /* 1 2 3 4 5 */ 15#define EXP2_TABLE_BITS 2 /* 1 2 3 4 5 */
@@ -35,15 +35,19 @@ int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
35 BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); 35 BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
36 return(0); 36 return(0);
37 } 37 }
38 d= &(ctx->bn[ctx->tos++]);
39 r= &(ctx->bn[ctx->tos++]);
40 bits1=BN_num_bits(p1); 38 bits1=BN_num_bits(p1);
41 bits2=BN_num_bits(p2); 39 bits2=BN_num_bits(p2);
42 if ((bits1 == 0) && (bits2 == 0)) 40 if ((bits1 == 0) && (bits2 == 0))
43 { 41 {
44 BN_one(r); 42 BN_one(rr);
45 return(1); 43 return(1);
46 } 44 }
45
46 BN_CTX_start(ctx);
47 d = BN_CTX_get(ctx);
48 r = BN_CTX_get(ctx);
49 if (d == NULL || r == NULL) goto err;
50
47 bits=(bits1 > bits2)?bits1:bits2; 51 bits=(bits1 > bits2)?bits1:bits2;
48 52
49 /* If this is not done, things will break in the montgomery 53 /* If this is not done, things will break in the montgomery
@@ -183,7 +187,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
183 ret=1; 187 ret=1;
184err: 188err:
185 if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); 189 if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
186 ctx->tos-=2; 190 BN_CTX_end(ctx);
187 for (i=0; i<ts; i++) 191 for (i=0; i<ts; i++)
188 { 192 {
189 for (j=0; j<ts; j++) 193 for (j=0; j<ts; j++)
diff --git a/src/lib/libcrypto/bn/bn_gcd.c b/src/lib/libcrypto/bn/bn_gcd.c
index 64a76f4498..398207196b 100644
--- a/src/lib/libcrypto/bn/bn_gcd.c
+++ b/src/lib/libcrypto/bn/bn_gcd.c
@@ -61,6 +61,7 @@
61#include "bn_lcl.h" 61#include "bn_lcl.h"
62 62
63static BIGNUM *euclid(BIGNUM *a, BIGNUM *b); 63static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
64
64int BN_gcd(BIGNUM *r, BIGNUM *in_a, BIGNUM *in_b, BN_CTX *ctx) 65int BN_gcd(BIGNUM *r, BIGNUM *in_a, BIGNUM *in_b, BN_CTX *ctx)
65 { 66 {
66 BIGNUM *a,*b,*t; 67 BIGNUM *a,*b,*t;
@@ -69,8 +70,10 @@ int BN_gcd(BIGNUM *r, BIGNUM *in_a, BIGNUM *in_b, BN_CTX *ctx)
69 bn_check_top(in_a); 70 bn_check_top(in_a);
70 bn_check_top(in_b); 71 bn_check_top(in_b);
71 72
72 a= &(ctx->bn[ctx->tos]); 73 BN_CTX_start(ctx);
73 b= &(ctx->bn[ctx->tos+1]); 74 a = BN_CTX_get(ctx);
75 b = BN_CTX_get(ctx);
76 if (a == NULL || b == NULL) goto err;
74 77
75 if (BN_copy(a,in_a) == NULL) goto err; 78 if (BN_copy(a,in_a) == NULL) goto err;
76 if (BN_copy(b,in_b) == NULL) goto err; 79 if (BN_copy(b,in_b) == NULL) goto err;
@@ -82,6 +85,7 @@ int BN_gcd(BIGNUM *r, BIGNUM *in_a, BIGNUM *in_b, BN_CTX *ctx)
82 if (BN_copy(r,t) == NULL) goto err; 85 if (BN_copy(r,t) == NULL) goto err;
83 ret=1; 86 ret=1;
84err: 87err:
88 BN_CTX_end(ctx);
85 return(ret); 89 return(ret);
86 } 90 }
87 91
@@ -142,20 +146,22 @@ err:
142/* solves ax == 1 (mod n) */ 146/* solves ax == 1 (mod n) */
143BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) 147BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
144 { 148 {
145 BIGNUM *A,*B,*X,*Y,*M,*D,*R; 149 BIGNUM *A,*B,*X,*Y,*M,*D,*R=NULL;
146 BIGNUM *T,*ret=NULL; 150 BIGNUM *T,*ret=NULL;
147 int sign; 151 int sign;
148 152
149 bn_check_top(a); 153 bn_check_top(a);
150 bn_check_top(n); 154 bn_check_top(n);
151 155
152 A= &(ctx->bn[ctx->tos]); 156 BN_CTX_start(ctx);
153 B= &(ctx->bn[ctx->tos+1]); 157 A = BN_CTX_get(ctx);
154 X= &(ctx->bn[ctx->tos+2]); 158 B = BN_CTX_get(ctx);
155 D= &(ctx->bn[ctx->tos+3]); 159 X = BN_CTX_get(ctx);
156 M= &(ctx->bn[ctx->tos+4]); 160 D = BN_CTX_get(ctx);
157 Y= &(ctx->bn[ctx->tos+5]); 161 M = BN_CTX_get(ctx);
158 ctx->tos+=6; 162 Y = BN_CTX_get(ctx);
163 if (Y == NULL) goto err;
164
159 if (in == NULL) 165 if (in == NULL)
160 R=BN_new(); 166 R=BN_new();
161 else 167 else
@@ -198,7 +204,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
198 ret=R; 204 ret=R;
199err: 205err:
200 if ((ret == NULL) && (in == NULL)) BN_free(R); 206 if ((ret == NULL) && (in == NULL)) BN_free(R);
201 ctx->tos-=6; 207 BN_CTX_end(ctx);
202 return(ret); 208 return(ret);
203 } 209 }
204 210
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h
index 85a372695b..e36ccbc4c2 100644
--- a/src/lib/libcrypto/bn/bn_lcl.h
+++ b/src/lib/libcrypto/bn/bn_lcl.h
@@ -73,18 +73,53 @@ extern "C" {
73#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32) /* 32 */ 73#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32) /* 32 */
74#define BN_MONT_CTX_SET_SIZE_WORD (64) /* 32 */ 74#define BN_MONT_CTX_SET_SIZE_WORD (64) /* 32 */
75 75
76#if 0 76#if !defined(NO_ASM) && !defined(NO_INLINE_ASM) && !defined(PEDANTIC)
77#ifndef BN_MUL_COMBA 77/*
78/* #define bn_mul_comba8(r,a,b) bn_mul_normal(r,a,8,b,8) */ 78 * BN_UMULT_HIGH section.
79/* #define bn_mul_comba4(r,a,b) bn_mul_normal(r,a,4,b,4) */ 79 *
80#endif 80 * No, I'm not trying to overwhelm you when stating that the
81 81 * product of N-bit numbers is 2*N bits wide:-) No, I don't expect
82#ifndef BN_SQR_COMBA 82 * you to be impressed when I say that if the compiler doesn't
83/* This is probably faster than using the C code - I need to check */ 83 * support 2*N integer type, then you have to replace every N*N
84#define bn_sqr_comba8(r,a) bn_mul_normal(r,a,8,a,8) 84 * multiplication with 4 (N/2)*(N/2) accompanied by some shifts
85#define bn_sqr_comba4(r,a) bn_mul_normal(r,a,4,a,4) 85 * and additions which unavoidably results in severe performance
86#endif 86 * penalties. Of course provided that the hardware is capable of
87#endif 87 * producing 2*N result... That's when you normally start
88 * considering assembler implementation. However! It should be
89 * pointed out that some CPUs (most notably Alpha, PowerPC and
90 * upcoming IA-64 family:-) provide *separate* instruction
91 * calculating the upper half of the product placing the result
92 * into a general purpose register. Now *if* the compiler supports
93 * inline assembler, then it's not impossible to implement the
94 * "bignum" routines (and have the compiler optimize 'em)
95 * exhibiting "native" performance in C. That's what BN_UMULT_HIGH
96 * macro is about:-)
97 *
98 * <appro@fy.chalmers.se>
99 */
100# if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
101# if defined(__DECC)
102# include <c_asm.h>
103# define BN_UMULT_HIGH(a,b) (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b))
104# elif defined(__GNUC__)
105# define BN_UMULT_HIGH(a,b) ({ \
106 register BN_ULONG ret; \
107 asm ("umulh %1,%2,%0" \
108 : "=r"(ret) \
109 : "r"(a), "r"(b)); \
110 ret; })
111# endif /* compiler */
112# elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG)
113# if defined(__GNUC__)
114# define BN_UMULT_HIGH(a,b) ({ \
115 register BN_ULONG ret; \
116 asm ("mulhdu %0,%1,%2" \
117 : "=r"(ret) \
118 : "r"(a), "r"(b)); \
119 ret; })
120# endif /* compiler */
121# endif /* cpu */
122#endif /* NO_ASM */
88 123
89/************************************************************* 124/*************************************************************
90 * Using the long long type 125 * Using the long long type
@@ -92,15 +127,12 @@ extern "C" {
92#define Lw(t) (((BN_ULONG)(t))&BN_MASK2) 127#define Lw(t) (((BN_ULONG)(t))&BN_MASK2)
93#define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) 128#define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
94 129
95/* These are used for internal error checking and are not normally used */ 130/* This is used for internal error checking and is not normally used */
96#ifdef BN_DEBUG 131#ifdef BN_DEBUG
97#define bn_check_top(a) \ 132# include <assert.h>
98 { if (((a)->top < 0) || ((a)->top > (a)->max)) \ 133# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->max);
99 { char *nullp=NULL; *nullp='z'; } }
100#define bn_check_num(a) if ((a) < 0) { char *nullp=NULL; *nullp='z'; }
101#else 134#else
102#define bn_check_top(a) 135# define bn_check_top(a)
103#define bn_check_num(a)
104#endif 136#endif
105 137
106/* This macro is to add extra stuff for development checking */ 138/* This macro is to add extra stuff for development checking */
@@ -134,8 +166,6 @@ extern "C" {
134 bn_set_max(r); \ 166 bn_set_max(r); \
135 } 167 }
136 168
137/* #define bn_expand(n,b) ((((b)/BN_BITS2) <= (n)->max)?(n):bn_expand2((n),(b))) */
138
139#ifdef BN_LLONG 169#ifdef BN_LLONG
140#define mul_add(r,a,w,c) { \ 170#define mul_add(r,a,w,c) { \
141 BN_ULLONG t; \ 171 BN_ULLONG t; \
@@ -151,6 +181,43 @@ extern "C" {
151 (c)= Hw(t); \ 181 (c)= Hw(t); \
152 } 182 }
153 183
184#define sqr(r0,r1,a) { \
185 BN_ULLONG t; \
186 t=(BN_ULLONG)(a)*(a); \
187 (r0)=Lw(t); \
188 (r1)=Hw(t); \
189 }
190
191#elif defined(BN_UMULT_HIGH)
192#define mul_add(r,a,w,c) { \
193 BN_ULONG high,low,ret,tmp=(a); \
194 ret = (r); \
195 high= BN_UMULT_HIGH(w,tmp); \
196 ret += (c); \
197 low = (w) * tmp; \
198 (c) = (ret<(c))?1:0; \
199 (c) += high; \
200 ret += low; \
201 (c) += (ret<low)?1:0; \
202 (r) = ret; \
203 }
204
205#define mul(r,a,w,c) { \
206 BN_ULONG high,low,ret,ta=(a); \
207 low = (w) * ta; \
208 high= BN_UMULT_HIGH(w,ta); \
209 ret = low + (c); \
210 (c) = high; \
211 (c) += (ret<low)?1:0; \
212 (r) = ret; \
213 }
214
215#define sqr(r0,r1,a) { \
216 BN_ULONG tmp=(a); \
217 (r0) = tmp * tmp; \
218 (r1) = BN_UMULT_HIGH(tmp,tmp); \
219 }
220
154#else 221#else
155/************************************************************* 222/*************************************************************
156 * No long long type 223 * No long long type
@@ -228,21 +295,7 @@ extern "C" {
228 (c)=h&BN_MASK2; \ 295 (c)=h&BN_MASK2; \
229 (r)=l&BN_MASK2; \ 296 (r)=l&BN_MASK2; \
230 } 297 }
231 298#endif /* !BN_LLONG */
232#endif
233
234OPENSSL_EXTERN int bn_limit_bits;
235OPENSSL_EXTERN int bn_limit_num; /* (1<<bn_limit_bits) */
236/* Recursive 'low' limit */
237OPENSSL_EXTERN int bn_limit_bits_low;
238OPENSSL_EXTERN int bn_limit_num_low; /* (1<<bn_limit_bits_low) */
239/* Do modified 'high' part calculation' */
240OPENSSL_EXTERN int bn_limit_bits_high;
241OPENSSL_EXTERN int bn_limit_num_high; /* (1<<bn_limit_bits_high) */
242OPENSSL_EXTERN int bn_limit_bits_mont;
243OPENSSL_EXTERN int bn_limit_num_mont; /* (1<<bn_limit_bits_mont) */
244
245BIGNUM *bn_expand2(BIGNUM *b, int bits);
246 299
247void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb); 300void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
248void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b); 301void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index 5d62d88e8b..0e6b12d9c3 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -71,14 +71,14 @@ const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT;
71 * 7 - 128 == 4096 71 * 7 - 128 == 4096
72 * 8 - 256 == 8192 72 * 8 - 256 == 8192
73 */ 73 */
74OPENSSL_GLOBAL int bn_limit_bits=0; 74static int bn_limit_bits=0;
75OPENSSL_GLOBAL int bn_limit_num=8; /* (1<<bn_limit_bits) */ 75static int bn_limit_num=8; /* (1<<bn_limit_bits) */
76OPENSSL_GLOBAL int bn_limit_bits_low=0; 76static int bn_limit_bits_low=0;
77OPENSSL_GLOBAL int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */ 77static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
78OPENSSL_GLOBAL int bn_limit_bits_high=0; 78static int bn_limit_bits_high=0;
79OPENSSL_GLOBAL int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */ 79static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
80OPENSSL_GLOBAL int bn_limit_bits_mont=0; 80static int bn_limit_bits_mont=0;
81OPENSSL_GLOBAL int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */ 81static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
82 82
83void BN_set_params(int mult, int high, int low, int mont) 83void BN_set_params(int mult, int high, int low, int mont)
84 { 84 {
@@ -304,42 +304,10 @@ BIGNUM *BN_new(void)
304 return(ret); 304 return(ret);
305 } 305 }
306 306
307 307/* This is an internal function that should not be used in applications.
308BN_CTX *BN_CTX_new(void) 308 * It ensures that 'b' has enough room for a 'words' word number number.
309 { 309 * It is mostly used by the various BIGNUM routines. If there is an error,
310 BN_CTX *ret; 310 * NULL is returned. If not, 'b' is returned. */
311
312 ret=(BN_CTX *)Malloc(sizeof(BN_CTX));
313 if (ret == NULL)
314 {
315 BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
316 return(NULL);
317 }
318
319 BN_CTX_init(ret);
320 ret->flags=BN_FLG_MALLOCED;
321 return(ret);
322 }
323
324void BN_CTX_init(BN_CTX *ctx)
325 {
326 memset(ctx,0,sizeof(BN_CTX));
327 ctx->tos=0;
328 ctx->flags=0;
329 }
330
331void BN_CTX_free(BN_CTX *c)
332 {
333 int i;
334
335 if(c == NULL)
336 return;
337
338 for (i=0; i<BN_CTX_NUM; i++)
339 BN_clear_free(&(c->bn[i]));
340 if (c->flags & BN_FLG_MALLOCED)
341 Free(c);
342 }
343 311
344BIGNUM *bn_expand2(BIGNUM *b, int words) 312BIGNUM *bn_expand2(BIGNUM *b, int words)
345 { 313 {
@@ -389,7 +357,7 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
389 * if A and B happen to share same cache line such code is going to 357 * if A and B happen to share same cache line such code is going to
390 * cause severe cache trashing. Both factors have severe impact on 358 * cause severe cache trashing. Both factors have severe impact on
391 * performance of modern CPUs and this is the reason why this 359 * performance of modern CPUs and this is the reason why this
392 * particulare piece of code is #ifdefed away and replaced by more 360 * particular piece of code is #ifdefed away and replaced by more
393 * "friendly" version found in #else section below. This comment 361 * "friendly" version found in #else section below. This comment
394 * also applies to BN_copy function. 362 * also applies to BN_copy function.
395 * 363 *
@@ -420,7 +388,7 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
420 A[0]=B[0]; 388 A[0]=B[0];
421 case 0: 389 case 0:
422 /* I need the 'case 0' entry for utrix cc. 390 /* I need the 'case 0' entry for utrix cc.
423 * If the optimiser is turned on, it does the 391 * If the optimizer is turned on, it does the
424 * switch table by doing 392 * switch table by doing
425 * a=top&7 393 * a=top&7
426 * a--; 394 * a--;
diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c
index ee0f410c22..7bb0b91223 100644
--- a/src/lib/libcrypto/bn/bn_mont.c
+++ b/src/lib/libcrypto/bn/bn_mont.c
@@ -57,25 +57,27 @@
57 */ 57 */
58 58
59/* 59/*
60 * Details about Montgomery multiplication algorithms can be found at: 60 * Details about Montgomery multiplication algorithms can be found at
61 * http://www.ece.orst.edu/ISL/Publications.html 61 * http://security.ece.orst.edu/publications.html, e.g.
62 * http://www.ece.orst.edu/ISL/Koc/papers/j37acmon.pdf 62 * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and
63 * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
63 */ 64 */
64 65
65#include <stdio.h> 66#include <stdio.h>
66#include "cryptlib.h" 67#include "cryptlib.h"
67#include "bn_lcl.h" 68#include "bn_lcl.h"
68 69
69#define MONT_WORD 70#define MONT_WORD /* use the faster word-based algorithm */
70 71
71int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, 72int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
72 BN_MONT_CTX *mont, BN_CTX *ctx) 73 BN_MONT_CTX *mont, BN_CTX *ctx)
73 { 74 {
74 BIGNUM *tmp,*tmp2; 75 BIGNUM *tmp,*tmp2;
75 76
76 tmp= &(ctx->bn[ctx->tos]); 77 BN_CTX_start(ctx);
77 tmp2= &(ctx->bn[ctx->tos]); 78 tmp = BN_CTX_get(ctx);
78 ctx->tos+=2; 79 tmp2 = BN_CTX_get(ctx);
80 if (tmp == NULL || tmp2 == NULL) goto err;
79 81
80 bn_check_top(tmp); 82 bn_check_top(tmp);
81 bn_check_top(tmp2); 83 bn_check_top(tmp2);
@@ -99,7 +101,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
99 } 101 }
100 /* reduce from aRR to aR */ 102 /* reduce from aRR to aR */
101 if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; 103 if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
102 ctx->tos-=2; 104 BN_CTX_end(ctx);
103 return(1); 105 return(1);
104err: 106err:
105 return(0); 107 return(0);
@@ -108,160 +110,123 @@ err:
108int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont, 110int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont,
109 BN_CTX *ctx) 111 BN_CTX *ctx)
110 { 112 {
111#ifdef BN_RECURSION_MONT 113 int retn=0;
112 if (mont->use_word)
113#endif
114 {
115 BIGNUM *n,*r;
116 BN_ULONG *ap,*np,*rp,n0,v,*nrp;
117 int al,nl,max,i,x,ri;
118 int retn=0;
119 114
120 r= &(ctx->bn[ctx->tos]); 115#ifdef MONT_WORD
116 BIGNUM *n,*r;
117 BN_ULONG *ap,*np,*rp,n0,v,*nrp;
118 int al,nl,max,i,x,ri;
121 119
122 if (!BN_copy(r,a)) goto err1; 120 BN_CTX_start(ctx);
123 n= &(mont->N); 121 if ((r = BN_CTX_get(ctx)) == NULL) goto err;
124 122
125 ap=a->d; 123 if (!BN_copy(r,a)) goto err;
126 /* mont->ri is the size of mont->N in bits/words */ 124 n= &(mont->N);
127 al=ri=mont->ri/BN_BITS2;
128 125
129 nl=n->top; 126 ap=a->d;
130 if ((al == 0) || (nl == 0)) { r->top=0; return(1); } 127 /* mont->ri is the size of mont->N in bits (rounded up
128 to the word size) */
129 al=ri=mont->ri/BN_BITS2;
130
131 nl=n->top;
132 if ((al == 0) || (nl == 0)) { r->top=0; return(1); }
131 133
132 max=(nl+al+1); /* allow for overflow (no?) XXX */ 134 max=(nl+al+1); /* allow for overflow (no?) XXX */
133 if (bn_wexpand(r,max) == NULL) goto err1; 135 if (bn_wexpand(r,max) == NULL) goto err;
134 if (bn_wexpand(ret,max) == NULL) goto err1; 136 if (bn_wexpand(ret,max) == NULL) goto err;
135 137
136 r->neg=a->neg^n->neg; 138 r->neg=a->neg^n->neg;
137 np=n->d; 139 np=n->d;
138 rp=r->d; 140 rp=r->d;
139 nrp= &(r->d[nl]); 141 nrp= &(r->d[nl]);
140 142
141 /* clear the top words of T */ 143 /* clear the top words of T */
142#if 1 144#if 1
143 for (i=r->top; i<max; i++) /* memset? XXX */ 145 for (i=r->top; i<max; i++) /* memset? XXX */
144 r->d[i]=0; 146 r->d[i]=0;
145#else 147#else
146 memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 148 memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG));
147#endif 149#endif
148 150
149 r->top=max; 151 r->top=max;
150 n0=mont->n0; 152 n0=mont->n0;
151 153
152#ifdef BN_COUNT 154#ifdef BN_COUNT
153printf("word BN_from_montgomery %d * %d\n",nl,nl); 155 printf("word BN_from_montgomery %d * %d\n",nl,nl);
154#endif 156#endif
155 for (i=0; i<nl; i++) 157 for (i=0; i<nl; i++)
156 { 158 {
157 v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2); 159 v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
158 nrp++; 160 nrp++;
159 rp++; 161 rp++;
160 if (((nrp[-1]+=v)&BN_MASK2) >= v) 162 if (((nrp[-1]+=v)&BN_MASK2) >= v)
161 continue; 163 continue;
162 else
163 {
164 if (((++nrp[0])&BN_MASK2) != 0) continue;
165 if (((++nrp[1])&BN_MASK2) != 0) continue;
166 for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
167 }
168 }
169 bn_fix_top(r);
170
171 /* mont->ri will be a multiple of the word size */
172#if 0
173 BN_rshift(ret,r,mont->ri);
174#else
175 x=ri;
176 rp=ret->d;
177 ap= &(r->d[x]);
178 if (r->top < x)
179 al=0;
180 else 164 else
181 al=r->top-x;
182 ret->top=al;
183 al-=4;
184 for (i=0; i<al; i+=4)
185 { 165 {
186 BN_ULONG t1,t2,t3,t4; 166 if (((++nrp[0])&BN_MASK2) != 0) continue;
187 167 if (((++nrp[1])&BN_MASK2) != 0) continue;
188 t1=ap[i+0]; 168 for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
189 t2=ap[i+1];
190 t3=ap[i+2];
191 t4=ap[i+3];
192 rp[i+0]=t1;
193 rp[i+1]=t2;
194 rp[i+2]=t3;
195 rp[i+3]=t4;
196 } 169 }
197 al+=4;
198 for (; i<al; i++)
199 rp[i]=ap[i];
200#endif
201
202 if (BN_ucmp(ret, &(mont->N)) >= 0)
203 {
204 BN_usub(ret,ret,&(mont->N)); /* XXX */
205 }
206 retn=1;
207err1:
208 return(retn);
209 } 170 }
210#ifdef BN_RECURSION_MONT 171 bn_fix_top(r);
211 else /* bignum version */ 172
173 /* mont->ri will be a multiple of the word size */
174#if 0
175 BN_rshift(ret,r,mont->ri);
176#else
177 x=ri;
178 rp=ret->d;
179 ap= &(r->d[x]);
180 if (r->top < x)
181 al=0;
182 else
183 al=r->top-x;
184 ret->top=al;
185 al-=4;
186 for (i=0; i<al; i+=4)
212 { 187 {
213 BIGNUM *t1,*t2,*t3; 188 BN_ULONG t1,t2,t3,t4;
214 int j,i; 189
215 190 t1=ap[i+0];
216#ifdef BN_COUNT 191 t2=ap[i+1];
217printf("number BN_from_montgomery\n"); 192 t3=ap[i+2];
218#endif 193 t4=ap[i+3];
219 194 rp[i+0]=t1;
220 t1= &(ctx->bn[ctx->tos]); 195 rp[i+1]=t2;
221 t2= &(ctx->bn[ctx->tos+1]); 196 rp[i+2]=t3;
222 t3= &(ctx->bn[ctx->tos+2]); 197 rp[i+3]=t4;
223
224 i=mont->Ni.top;
225 bn_wexpand(ret,i); /* perhaps only i*2 */
226 bn_wexpand(t1,i*4); /* perhaps only i*2 */
227 bn_wexpand(t2,i*2); /* perhaps only i */
228
229 bn_mul_low_recursive(t2->d,a->d,mont->Ni.d,i,t1->d);
230
231 BN_zero(t3);
232 BN_set_bit(t3,mont->N.top*BN_BITS2);
233 bn_sub_words(t3->d,t3->d,a->d,i);
234 bn_mul_high(ret->d,t2->d,mont->N.d,t3->d,i,t1->d);
235
236 /* hmm... if a is between i and 2*i, things are bad */
237 if (a->top > i)
238 {
239 j=(int)(bn_add_words(ret->d,ret->d,&(a->d[i]),i));
240 if (j) /* overflow */
241 bn_sub_words(ret->d,ret->d,mont->N.d,i);
242 }
243 ret->top=i;
244 bn_fix_top(ret);
245 if (a->d[0])
246 BN_add_word(ret,1); /* Always? */
247 else /* Very very rare */
248 {
249 for (i=1; i<mont->N.top-1; i++)
250 {
251 if (a->d[i])
252 {
253 BN_add_word(ret,1); /* Always? */
254 break;
255 }
256 }
257 }
258
259 if (BN_ucmp(ret,&(mont->N)) >= 0)
260 BN_usub(ret,ret,&(mont->N));
261
262 return(1);
263 } 198 }
199 al+=4;
200 for (; i<al; i++)
201 rp[i]=ap[i];
264#endif 202#endif
203#else /* !MONT_WORD */
204 BIGNUM *t1,*t2;
205
206 BN_CTX_start(ctx);
207 t1 = BN_CTX_get(ctx);
208 t2 = BN_CTX_get(ctx);
209 if (t1 == NULL || t2 == NULL) goto err;
210
211 if (!BN_copy(t1,a)) goto err;
212 BN_mask_bits(t1,mont->ri);
213
214 if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err;
215 BN_mask_bits(t2,mont->ri);
216
217 if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
218 if (!BN_add(t2,a,t1)) goto err;
219 BN_rshift(ret,t2,mont->ri);
220#endif /* MONT_WORD */
221
222 if (BN_ucmp(ret, &(mont->N)) >= 0)
223 {
224 BN_usub(ret,ret,&(mont->N));
225 }
226 retn=1;
227 err:
228 BN_CTX_end(ctx);
229 return(retn);
265 } 230 }
266 231
267BN_MONT_CTX *BN_MONT_CTX_new(void) 232BN_MONT_CTX *BN_MONT_CTX_new(void)
@@ -278,7 +243,6 @@ BN_MONT_CTX *BN_MONT_CTX_new(void)
278 243
279void BN_MONT_CTX_init(BN_MONT_CTX *ctx) 244void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
280 { 245 {
281 ctx->use_word=0;
282 ctx->ri=0; 246 ctx->ri=0;
283 BN_init(&(ctx->RR)); 247 BN_init(&(ctx->RR));
284 BN_init(&(ctx->N)); 248 BN_init(&(ctx->N));
@@ -306,85 +270,53 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
306 R= &(mont->RR); /* grab RR as a temp */ 270 R= &(mont->RR); /* grab RR as a temp */
307 BN_copy(&(mont->N),mod); /* Set N */ 271 BN_copy(&(mont->N),mod); /* Set N */
308 272
309#ifdef BN_RECURSION_MONT 273#ifdef MONT_WORD
310 if (mont->N.top < BN_MONT_CTX_SET_SIZE_WORD)
311#endif
312 { 274 {
313 BIGNUM tmod; 275 BIGNUM tmod;
314 BN_ULONG buf[2]; 276 BN_ULONG buf[2];
315 277
316 mont->use_word=1;
317
318 mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; 278 mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
319 BN_zero(R); 279 BN_zero(R);
320 BN_set_bit(R,BN_BITS2); 280 BN_set_bit(R,BN_BITS2); /* R */
321 /* I was bad, this modification of a passed variable was
322 * breaking the multithreaded stuff :-(
323 * z=mod->top;
324 * mod->top=1; */
325 281
326 buf[0]=mod->d[0]; 282 buf[0]=mod->d[0]; /* tmod = N mod word size */
327 buf[1]=0; 283 buf[1]=0;
328 tmod.d=buf; 284 tmod.d=buf;
329 tmod.top=1; 285 tmod.top=1;
330 tmod.max=mod->max; 286 tmod.max=2;
331 tmod.neg=mod->neg; 287 tmod.neg=mod->neg;
332 288 /* Ri = R^-1 mod N*/
333 if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL) 289 if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL)
334 goto err; 290 goto err;
335 BN_lshift(&Ri,&Ri,BN_BITS2); /* R*Ri */ 291 BN_lshift(&Ri,&Ri,BN_BITS2); /* R*Ri */
336 if (!BN_is_zero(&Ri)) 292 if (!BN_is_zero(&Ri))
337 {
338#if 1
339 BN_sub_word(&Ri,1); 293 BN_sub_word(&Ri,1);
340#else 294 else /* if N mod word size == 1 */
341 BN_usub(&Ri,&Ri,BN_value_one()); /* R*Ri - 1 */ 295 BN_set_word(&Ri,BN_MASK2); /* Ri-- (mod word size) */
342#endif 296 BN_div(&Ri,NULL,&Ri,&tmod,ctx); /* Ni = (R*Ri-1)/N,
343 } 297 * keep only least significant word: */
344 else
345 {
346 /* This is not common..., 1 in BN_MASK2,
347 * It happens when buf[0] was == 1. So for 8 bit,
348 * this is 1/256, 16bit, 1 in 2^16 etc.
349 */
350 BN_set_word(&Ri,BN_MASK2);
351 }
352 BN_div(&Ri,NULL,&Ri,&tmod,ctx);
353 mont->n0=Ri.d[0]; 298 mont->n0=Ri.d[0];
354 BN_free(&Ri); 299 BN_free(&Ri);
355 /* mod->top=z; */
356 } 300 }
357#ifdef BN_RECURSION_MONT 301#else /* !MONT_WORD */
358 else 302 { /* bignum version */
359 { 303 mont->ri=BN_num_bits(mod);
360 mont->use_word=0;
361 mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
362#if 1
363 BN_zero(R); 304 BN_zero(R);
364 BN_set_bit(R,mont->ri); 305 BN_set_bit(R,mont->ri); /* R = 2^ri */
365#else 306 /* Ri = R^-1 mod N*/
366 BN_lshift(R,BN_value_one(),mont->ri); /* R */
367#endif
368 if ((BN_mod_inverse(&Ri,R,mod,ctx)) == NULL) 307 if ((BN_mod_inverse(&Ri,R,mod,ctx)) == NULL)
369 goto err; 308 goto err;
370 BN_lshift(&Ri,&Ri,mont->ri); /* R*Ri */ 309 BN_lshift(&Ri,&Ri,mont->ri); /* R*Ri */
371#if 1
372 BN_sub_word(&Ri,1); 310 BN_sub_word(&Ri,1);
373#else 311 /* Ni = (R*Ri-1) / N */
374 BN_usub(&Ri,&Ri,BN_value_one()); /* R*Ri - 1 */
375#endif
376 BN_div(&(mont->Ni),NULL,&Ri,mod,ctx); 312 BN_div(&(mont->Ni),NULL,&Ri,mod,ctx);
377 BN_free(&Ri); 313 BN_free(&Ri);
378 } 314 }
379#endif 315#endif
380 316
381 /* setup RR for conversions */ 317 /* setup RR for conversions */
382#if 1
383 BN_zero(&(mont->RR)); 318 BN_zero(&(mont->RR));
384 BN_set_bit(&(mont->RR),mont->ri*2); 319 BN_set_bit(&(mont->RR),mont->ri*2);
385#else
386 BN_lshift(mont->RR,BN_value_one(),mont->ri*2);
387#endif
388 BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx); 320 BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx);
389 321
390 return(1); 322 return(1);
@@ -399,7 +331,6 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
399 BN_copy(&(to->RR),&(from->RR)); 331 BN_copy(&(to->RR),&(from->RR));
400 BN_copy(&(to->N),&(from->N)); 332 BN_copy(&(to->N),&(from->N));
401 BN_copy(&(to->Ni),&(from->Ni)); 333 BN_copy(&(to->Ni),&(from->Ni));
402 to->use_word=from->use_word;
403 to->ri=from->ri; 334 to->ri=from->ri;
404 to->n0=from->n0; 335 to->n0=from->n0;
405 return(to); 336 return(to);
diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c
index 38c47f3d1f..eb007e19e9 100644
--- a/src/lib/libcrypto/bn/bn_mul.c
+++ b/src/lib/libcrypto/bn/bn_mul.c
@@ -66,7 +66,7 @@
66 * n2 must be a power of 2. 66 * n2 must be a power of 2.
67 * We multiply and return the result. 67 * We multiply and return the result.
68 * t must be 2*n2 words in size 68 * t must be 2*n2 words in size
69 * We calulate 69 * We calculate
70 * a[0]*b[0] 70 * a[0]*b[0]
71 * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) 71 * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
72 * a[1]*b[1] 72 * a[1]*b[1]
@@ -78,21 +78,23 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
78 unsigned int neg,zero; 78 unsigned int neg,zero;
79 BN_ULONG ln,lo,*p; 79 BN_ULONG ln,lo,*p;
80 80
81#ifdef BN_COUNT 81# ifdef BN_COUNT
82printf(" bn_mul_recursive %d * %d\n",n2,n2); 82 printf(" bn_mul_recursive %d * %d\n",n2,n2);
83#endif 83# endif
84#ifdef BN_MUL_COMBA 84# ifdef BN_MUL_COMBA
85/* if (n2 == 4) 85# if 0
86 if (n2 == 4)
86 { 87 {
87 bn_mul_comba4(r,a,b); 88 bn_mul_comba4(r,a,b);
88 return; 89 return;
89 } 90 }
90 else */ if (n2 == 8) 91# endif
92 if (n2 == 8)
91 { 93 {
92 bn_mul_comba8(r,a,b); 94 bn_mul_comba8(r,a,b);
93 return; 95 return;
94 } 96 }
95#endif 97# endif /* BN_MUL_COMBA */
96 if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) 98 if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
97 { 99 {
98 /* This should not happen */ 100 /* This should not happen */
@@ -136,7 +138,7 @@ printf(" bn_mul_recursive %d * %d\n",n2,n2);
136 break; 138 break;
137 } 139 }
138 140
139#ifdef BN_MUL_COMBA 141# ifdef BN_MUL_COMBA
140 if (n == 4) 142 if (n == 4)
141 { 143 {
142 if (!zero) 144 if (!zero)
@@ -158,7 +160,7 @@ printf(" bn_mul_recursive %d * %d\n",n2,n2);
158 bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n])); 160 bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
159 } 161 }
160 else 162 else
161#endif 163# endif /* BN_MUL_COMBA */
162 { 164 {
163 p= &(t[n2*2]); 165 p= &(t[n2*2]);
164 if (!zero) 166 if (!zero)
@@ -219,12 +221,12 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
219 int n, BN_ULONG *t) 221 int n, BN_ULONG *t)
220 { 222 {
221 int i,j,n2=n*2; 223 int i,j,n2=n*2;
222 unsigned int c1; 224 unsigned int c1,c2,neg,zero;
223 BN_ULONG ln,lo,*p; 225 BN_ULONG ln,lo,*p;
224 226
225#ifdef BN_COUNT 227# ifdef BN_COUNT
226printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n); 228 printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
227#endif 229# endif
228 if (n < 8) 230 if (n < 8)
229 { 231 {
230 i=tn+n; 232 i=tn+n;
@@ -233,17 +235,54 @@ printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
233 } 235 }
234 236
235 /* r=(a[0]-a[1])*(b[1]-b[0]) */ 237 /* r=(a[0]-a[1])*(b[1]-b[0]) */
236 bn_sub_words(t, a, &(a[n]),n); /* + */ 238 c1=bn_cmp_words(a,&(a[n]),n);
237 bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ 239 c2=bn_cmp_words(&(b[n]),b,n);
238 240 zero=neg=0;
239/* if (n == 4) 241 switch (c1*3+c2)
242 {
243 case -4:
244 bn_sub_words(t, &(a[n]),a, n); /* - */
245 bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */
246 break;
247 case -3:
248 zero=1;
249 /* break; */
250 case -2:
251 bn_sub_words(t, &(a[n]),a, n); /* - */
252 bn_sub_words(&(t[n]),&(b[n]),b, n); /* + */
253 neg=1;
254 break;
255 case -1:
256 case 0:
257 case 1:
258 zero=1;
259 /* break; */
260 case 2:
261 bn_sub_words(t, a, &(a[n]),n); /* + */
262 bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */
263 neg=1;
264 break;
265 case 3:
266 zero=1;
267 /* break; */
268 case 4:
269 bn_sub_words(t, a, &(a[n]),n);
270 bn_sub_words(&(t[n]),&(b[n]),b, n);
271 break;
272 }
273 /* The zero case isn't yet implemented here. The speedup
274 would probably be negligible. */
275# if 0
276 if (n == 4)
240 { 277 {
241 bn_mul_comba4(&(t[n2]),t,&(t[n])); 278 bn_mul_comba4(&(t[n2]),t,&(t[n]));
242 bn_mul_comba4(r,a,b); 279 bn_mul_comba4(r,a,b);
243 bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn); 280 bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
244 memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2)); 281 memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
245 } 282 }
246 else */ if (n == 8) 283 else
284# endif
285 if (n == 8)
247 { 286 {
248 bn_mul_comba8(&(t[n2]),t,&(t[n])); 287 bn_mul_comba8(&(t[n2]),t,&(t[n]));
249 bn_mul_comba8(r,a,b); 288 bn_mul_comba8(r,a,b);
@@ -308,7 +347,16 @@ printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
308 */ 347 */
309 348
310 c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); 349 c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
311 c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); 350
351 if (neg) /* if t[32] is negative */
352 {
353 c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
354 }
355 else
356 {
357 /* Might have a carry */
358 c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
359 }
312 360
313 /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) 361 /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
314 * r[10] holds (a[0]*b[0]) 362 * r[10] holds (a[0]*b[0])
@@ -345,9 +393,9 @@ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
345 { 393 {
346 int n=n2/2; 394 int n=n2/2;
347 395
348#ifdef BN_COUNT 396# ifdef BN_COUNT
349printf(" bn_mul_low_recursive %d * %d\n",n2,n2); 397 printf(" bn_mul_low_recursive %d * %d\n",n2,n2);
350#endif 398# endif
351 399
352 bn_mul_recursive(r,a,b,n,&(t[0])); 400 bn_mul_recursive(r,a,b,n,&(t[0]));
353 if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) 401 if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
@@ -379,9 +427,9 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
379 int neg,oneg,zero; 427 int neg,oneg,zero;
380 BN_ULONG ll,lc,*lp,*mp; 428 BN_ULONG ll,lc,*lp,*mp;
381 429
382#ifdef BN_COUNT 430# ifdef BN_COUNT
383printf(" bn_mul_high %d * %d\n",n2,n2); 431 printf(" bn_mul_high %d * %d\n",n2,n2);
384#endif 432# endif
385 n=n2/2; 433 n=n2/2;
386 434
387 /* Calculate (al-ah)*(bh-bl) */ 435 /* Calculate (al-ah)*(bh-bl) */
@@ -424,14 +472,14 @@ printf(" bn_mul_high %d * %d\n",n2,n2);
424 oneg=neg; 472 oneg=neg;
425 /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */ 473 /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
426 /* r[10] = (a[1]*b[1]) */ 474 /* r[10] = (a[1]*b[1]) */
427#ifdef BN_MUL_COMBA 475# ifdef BN_MUL_COMBA
428 if (n == 8) 476 if (n == 8)
429 { 477 {
430 bn_mul_comba8(&(t[0]),&(r[0]),&(r[n])); 478 bn_mul_comba8(&(t[0]),&(r[0]),&(r[n]));
431 bn_mul_comba8(r,&(a[n]),&(b[n])); 479 bn_mul_comba8(r,&(a[n]),&(b[n]));
432 } 480 }
433 else 481 else
434#endif 482# endif
435 { 483 {
436 bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2])); 484 bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2]));
437 bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2])); 485 bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2]));
@@ -555,19 +603,23 @@ printf(" bn_mul_high %d * %d\n",n2,n2);
555 } 603 }
556 } 604 }
557 } 605 }
558#endif 606#endif /* BN_RECURSION */
559 607
560int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) 608int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
561 { 609 {
562 int top,al,bl; 610 int top,al,bl;
563 BIGNUM *rr; 611 BIGNUM *rr;
612 int ret = 0;
613#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
614 int i;
615#endif
564#ifdef BN_RECURSION 616#ifdef BN_RECURSION
565 BIGNUM *t; 617 BIGNUM *t;
566 int i,j,k; 618 int j,k;
567#endif 619#endif
568 620
569#ifdef BN_COUNT 621#ifdef BN_COUNT
570printf("BN_mul %d * %d\n",a->top,b->top); 622 printf("BN_mul %d * %d\n",a->top,b->top);
571#endif 623#endif
572 624
573 bn_check_top(a); 625 bn_check_top(a);
@@ -585,115 +637,99 @@ printf("BN_mul %d * %d\n",a->top,b->top);
585 } 637 }
586 top=al+bl; 638 top=al+bl;
587 639
640 BN_CTX_start(ctx);
588 if ((r == a) || (r == b)) 641 if ((r == a) || (r == b))
589 rr= &(ctx->bn[ctx->tos+1]); 642 {
643 if ((rr = BN_CTX_get(ctx)) == NULL) goto err;
644 }
590 else 645 else
591 rr=r; 646 rr = r;
592 647
593#if defined(BN_MUL_COMBA) || defined(BN_RECURSION) 648#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
594 if (al == bl) 649 i = al-bl;
650#endif
651#ifdef BN_MUL_COMBA
652 if (i == 0)
595 { 653 {
596# ifdef BN_MUL_COMBA 654# if 0
597/* if (al == 4) 655 if (al == 4)
598 { 656 {
599 if (bn_wexpand(rr,8) == NULL) return(0); 657 if (bn_wexpand(rr,8) == NULL) goto err;
600 rr->top=8; 658 rr->top=8;
601 bn_mul_comba4(rr->d,a->d,b->d); 659 bn_mul_comba4(rr->d,a->d,b->d);
602 goto end; 660 goto end;
603 } 661 }
604 else */ if (al == 8) 662# endif
663 if (al == 8)
605 { 664 {
606 if (bn_wexpand(rr,16) == NULL) return(0); 665 if (bn_wexpand(rr,16) == NULL) goto err;
607 rr->top=16; 666 rr->top=16;
608 bn_mul_comba8(rr->d,a->d,b->d); 667 bn_mul_comba8(rr->d,a->d,b->d);
609 goto end; 668 goto end;
610 } 669 }
611 else
612# endif
613#ifdef BN_RECURSION
614 if (al < BN_MULL_SIZE_NORMAL)
615#endif
616 {
617 if (bn_wexpand(rr,top) == NULL) return(0);
618 rr->top=top;
619 bn_mul_normal(rr->d,a->d,al,b->d,bl);
620 goto end;
621 }
622# ifdef BN_RECURSION
623 goto symetric;
624# endif
625 } 670 }
626#endif 671#endif /* BN_MUL_COMBA */
627#ifdef BN_RECURSION 672#ifdef BN_RECURSION
628 else if ((al < BN_MULL_SIZE_NORMAL) || (bl < BN_MULL_SIZE_NORMAL)) 673 if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL))
629 { 674 {
630 if (bn_wexpand(rr,top) == NULL) return(0); 675 if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
631 rr->top=top;
632 bn_mul_normal(rr->d,a->d,al,b->d,bl);
633 goto end;
634 }
635 else
636 {
637 i=(al-bl);
638 if ((i == 1) && !BN_get_flags(b,BN_FLG_STATIC_DATA))
639 { 676 {
640 bn_wexpand(b,al); 677 bn_wexpand(b,al);
641 b->d[bl]=0; 678 b->d[bl]=0;
642 bl++; 679 bl++;
643 goto symetric; 680 i--;
644 } 681 }
645 else if ((i == -1) && !BN_get_flags(a,BN_FLG_STATIC_DATA)) 682 else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
646 { 683 {
647 bn_wexpand(a,bl); 684 bn_wexpand(a,bl);
648 a->d[al]=0; 685 a->d[al]=0;
649 al++; 686 al++;
650 goto symetric; 687 i++;
688 }
689 if (i == 0)
690 {
691 /* symmetric and > 4 */
692 /* 16 or larger */
693 j=BN_num_bits_word((BN_ULONG)al);
694 j=1<<(j-1);
695 k=j+j;
696 t = BN_CTX_get(ctx);
697 if (al == j) /* exact multiple */
698 {
699 bn_wexpand(t,k*2);
700 bn_wexpand(rr,k*2);
701 bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
702 }
703 else
704 {
705 bn_wexpand(a,k);
706 bn_wexpand(b,k);
707 bn_wexpand(t,k*4);
708 bn_wexpand(rr,k*4);
709 for (i=a->top; i<k; i++)
710 a->d[i]=0;
711 for (i=b->top; i<k; i++)
712 b->d[i]=0;
713 bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
714 }
715 rr->top=top;
716 goto end;
651 } 717 }
652 } 718 }
653#endif 719#endif /* BN_RECURSION */
654 720 if (bn_wexpand(rr,top) == NULL) goto err;
655 /* asymetric and >= 4 */
656 if (bn_wexpand(rr,top) == NULL) return(0);
657 rr->top=top; 721 rr->top=top;
658 bn_mul_normal(rr->d,a->d,al,b->d,bl); 722 bn_mul_normal(rr->d,a->d,al,b->d,bl);
659 723
660#ifdef BN_RECURSION
661 if (0)
662 {
663symetric:
664 /* symetric and > 4 */
665 /* 16 or larger */
666 j=BN_num_bits_word((BN_ULONG)al);
667 j=1<<(j-1);
668 k=j+j;
669 t= &(ctx->bn[ctx->tos]);
670 if (al == j) /* exact multiple */
671 {
672 bn_wexpand(t,k*2);
673 bn_wexpand(rr,k*2);
674 bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
675 }
676 else
677 {
678 bn_wexpand(a,k);
679 bn_wexpand(b,k);
680 bn_wexpand(t,k*4);
681 bn_wexpand(rr,k*4);
682 for (i=a->top; i<k; i++)
683 a->d[i]=0;
684 for (i=b->top; i<k; i++)
685 b->d[i]=0;
686 bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
687 }
688 rr->top=top;
689 }
690#endif
691#if defined(BN_MUL_COMBA) || defined(BN_RECURSION) 724#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
692end: 725end:
693#endif 726#endif
694 bn_fix_top(rr); 727 bn_fix_top(rr);
695 if (r != rr) BN_copy(r,rr); 728 if (r != rr) BN_copy(r,rr);
696 return(1); 729 ret=1;
730err:
731 BN_CTX_end(ctx);
732 return(ret);
697 } 733 }
698 734
699void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) 735void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
@@ -701,7 +737,7 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
701 BN_ULONG *rr; 737 BN_ULONG *rr;
702 738
703#ifdef BN_COUNT 739#ifdef BN_COUNT
704printf(" bn_mul_normal %d * %d\n",na,nb); 740 printf(" bn_mul_normal %d * %d\n",na,nb);
705#endif 741#endif
706 742
707 if (na < nb) 743 if (na < nb)
@@ -735,7 +771,7 @@ printf(" bn_mul_normal %d * %d\n",na,nb);
735void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) 771void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
736 { 772 {
737#ifdef BN_COUNT 773#ifdef BN_COUNT
738printf(" bn_mul_low_normal %d * %d\n",n,n); 774 printf(" bn_mul_low_normal %d * %d\n",n,n);
739#endif 775#endif
740 bn_mul_words(r,a,n,b[0]); 776 bn_mul_words(r,a,n,b[0]);
741 777
@@ -753,4 +789,3 @@ printf(" bn_mul_low_normal %d * %d\n",n,n);
753 b+=4; 789 b+=4;
754 } 790 }
755 } 791 }
756
diff --git a/src/lib/libcrypto/bn/bn_opts.c b/src/lib/libcrypto/bn/bn_opts.c
index 381be529b2..e69de29bb2 100644
--- a/src/lib/libcrypto/bn/bn_opts.c
+++ b/src/lib/libcrypto/bn/bn_opts.c
@@ -1,324 +0,0 @@
1/* crypto/bn/expspeed.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* most of this code has been pilfered from my libdes speed.c program */
60
61#include <stdio.h>
62#include <stdlib.h>
63#include <signal.h>
64#include <string.h>
65#include <openssl/crypto.h>
66#include <openssl/tmdiff.h>
67#include <openssl/bn.h>
68#include <openssl/err.h>
69
70#define DEFAULT_SIZE 512
71#define DEFAULT_TIME 3
72
73int verbose=1;
74
75typedef struct parms_st
76 {
77 char *name;
78 void (*func)();
79 BIGNUM r;
80 BIGNUM a;
81 BIGNUM b;
82 BIGNUM c;
83 BIGNUM low;
84 BN_CTX *ctx;
85 BN_MONT_CTX *mont;
86 int w;
87 } PARMS;
88
89void do_mul_exp(int num,PARMS *p);
90void do_mul(int num,PARMS *p);
91void do_sqr(int num,PARMS *p);
92void do_mul_low(int num,PARMS *p);
93void do_mul_high(int num,PARMS *p);
94void do_from_montgomery(int num,PARMS *p);
95int time_it(int sec, PARMS *p);
96void do_it(int sec, PARMS *p);
97
98#define P_EXP 1
99#define P_MUL 2
100#define P_SQR 3
101#define P_MULL 4
102#define P_MULH 5
103#define P_MRED 6
104
105int main(int argc, char **argv)
106 {
107 PARMS p;
108 BN_MONT_CTX *mont;
109 int size=0,num;
110 char *name;
111 int type=P_EXP;
112
113 mont=BN_MONT_CTX_new();
114 p.mont=NULL;
115 p.ctx=BN_CTX_new();
116 BN_init(&p.r);
117 BN_init(&p.a);
118 BN_init(&p.b);
119 BN_init(&p.c);
120 BN_init(&p.low);
121 p.w=0;
122
123 for (;;)
124 {
125 if (argc > 1)
126 {
127 if (argv[1][0] == '-')
128 {
129 switch(argv[1][1])
130 {
131 case 'e': type=P_EXP; break;
132 case 'm': type=P_MUL; break;
133 case 's': type=P_SQR; break;
134 case 'l': type=P_MULL; break;
135 case 'h': type=P_MULH; break;
136 case 'r': type=P_MRED; break;
137 default:
138 fprintf(stderr,"options: -[emslhr]\n");
139 exit(1);
140 }
141 }
142 else
143 {
144 size=atoi(argv[1]);
145 }
146 argc--;
147 argv++;
148 }
149 else
150 break;
151 }
152 if (size == 0)
153 size=DEFAULT_SIZE;
154
155 printf("bit size:%5d\n",size);
156
157 BN_rand(&p.a,size,1,0);
158 BN_rand(&p.b,size,1,0);
159 BN_rand(&p.c,size,1,1);
160 BN_mod(&p.a,&p.a,&p.c,p.ctx);
161 BN_mod(&p.b,&p.b,&p.c,p.ctx);
162 p.w=(p.a.top+1)/2;
163
164 BN_mul(&p.low,&p.a,&p.b,p.ctx);
165 p.low.top=p.a.top;
166
167 switch(type)
168 {
169 case P_EXP:
170 p.name="r=a^b%c";
171 p.func=do_mul_exp;
172 p.mont=mont;
173 break;
174 case P_MUL:
175 p.name="r=a*b";
176 p.func=do_mul;
177 break;
178 case P_SQR:
179 p.name="r=a*a";
180 p.func=do_sqr;
181 break;
182 case P_MULL:
183 p.name="r=low(a*b)";
184 p.func=do_mul_low;
185 break;
186 case P_MULH:
187 p.name="r=high(a*b)";
188 p.func=do_mul_high;
189 break;
190 case P_MRED:
191 p.name="r=montgomery_reduction(a)";
192 p.func=do_from_montgomery;
193 p.mont=mont;
194 break;
195 default:
196 fprintf(stderr,"options: -[emslhr]\n");
197 exit(1);
198 }
199
200 num=time_it(DEFAULT_TIME,&p);
201 do_it(num,&p);
202 }
203
204void do_it(int num, PARMS *p)
205 {
206 char *start,*end;
207 int i,j,number;
208 double d;
209
210 start=ms_time_new();
211 end=ms_time_new();
212
213 number=BN_num_bits_word((BN_ULONG)BN_num_bits(&(p->c)))-
214 BN_num_bits_word(BN_BITS2)+2;
215 for (i=number-1; i >=0; i--)
216 {
217 if (i == 1) continue;
218 BN_set_params(i,i,i,1);
219 if (p->mont != NULL)
220 BN_MONT_CTX_set(p->mont,&(p->c),p->ctx);
221
222 printf("Timing %5d (%2d bit) %2d %2d %2d %2d :",
223 (1<<i)*BN_BITS2,i,
224 BN_get_params(0),
225 BN_get_params(1),
226 BN_get_params(2),
227 BN_get_params(3));
228 fflush(stdout);
229
230 ms_time_get(start);
231 p->func(num,p);
232 ms_time_get(end);
233 d=ms_time_diff(start,end);
234 printf("%6.6f sec, or %d in %.4f seconds\n",
235 (double)d/num,num,d);
236 }
237 }
238
239int time_it(int sec, PARMS *p)
240 {
241 char *start,*end;
242 int i,j;
243 double d;
244
245 if (p->mont != NULL)
246 BN_MONT_CTX_set(p->mont,&(p->c),p->ctx);
247
248 start=ms_time_new();
249 end=ms_time_new();
250
251 i=1;
252 for (;;)
253 {
254 if (verbose)
255 printf("timing %s for %d interations\n",p->name,i);
256
257 ms_time_get(start);
258 p->func(i,p);
259 ms_time_get(end);
260 d=ms_time_diff(start,end);
261
262 if (d < 0.01) i*=100;
263 else if (d < 0.1 ) i*=10;
264 else if (d > (double)sec) break;
265 else
266 {
267 i=(int)(1.0*i*sec/d);
268 break;
269 }
270 }
271 if (verbose)
272 printf("using %d interations\n",i);
273 return(i);
274 }
275
276void do_mul_exp(int num, PARMS *p)
277 {
278 int i;
279
280 for (i=0; i<num; i++)
281 BN_mod_exp_mont(&(p->r),&(p->a),&(p->b),&(p->c),
282 p->ctx,p->mont);
283 }
284
285void do_mul(int num, PARMS *p)
286 {
287 int i;
288
289 for (i=0; i<num; i++)
290 BN_mul(&(p->r),&(p->a),&(p->b),p->ctx);
291 }
292
293void do_sqr(int num, PARMS *p)
294 {
295 int i;
296
297 for (i=0; i<num; i++)
298 BN_sqr(&(p->r),&(p->a),p->ctx);
299 }
300
301void do_mul_low(int num, PARMS *p)
302 {
303 int i;
304
305 for (i=0; i<num; i++)
306 BN_mul_low(&(p->r),&(p->a),&(p->b),p->w,p->ctx);
307 }
308
309void do_mul_high(int num, PARMS *p)
310 {
311 int i;
312
313 for (i=0; i<num; i++)
314 BN_mul_low(&(p->r),&(p->a),&(p->b),&(p->low),p->w,p->ctx);
315 }
316
317void do_from_montgomery(int num, PARMS *p)
318 {
319 int i;
320
321 for (i=0; i<num; i++)
322 BN_from_montgomery(&(p->r),&(p->a),p->mont,p->ctx);
323 }
324
diff --git a/src/lib/libcrypto/bn/bn_prime.c b/src/lib/libcrypto/bn/bn_prime.c
index 6fa0f9be1e..a5f01b92eb 100644
--- a/src/lib/libcrypto/bn/bn_prime.c
+++ b/src/lib/libcrypto/bn/bn_prime.c
@@ -55,6 +55,59 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
58 111
59#include <stdio.h> 112#include <stdio.h>
60#include <time.h> 113#include <time.h>
@@ -62,26 +115,29 @@
62#include "bn_lcl.h" 115#include "bn_lcl.h"
63#include <openssl/rand.h> 116#include <openssl/rand.h>
64 117
65/* The quick seive algorithm approach to weeding out primes is 118/* The quick sieve algorithm approach to weeding out primes is
66 * Philip Zimmermann's, as implemented in PGP. I have had a read of 119 * Philip Zimmermann's, as implemented in PGP. I have had a read of
67 * his comments and implemented my own version. 120 * his comments and implemented my own version.
68 */ 121 */
69#include "bn_prime.h" 122#include "bn_prime.h"
70 123
71static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx,BN_CTX *ctx2, 124static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
72 BN_MONT_CTX *mont); 125 const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont);
73static int probable_prime(BIGNUM *rnd, int bits); 126static int probable_prime(BIGNUM *rnd, int bits);
74static int probable_prime_dh(BIGNUM *rnd, int bits, 127static int probable_prime_dh(BIGNUM *rnd, int bits,
75 BIGNUM *add, BIGNUM *rem, BN_CTX *ctx); 128 BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
76static int probable_prime_dh_strong(BIGNUM *rnd, int bits, 129static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
77 BIGNUM *add, BIGNUM *rem, BN_CTX *ctx); 130 BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
78BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int strong, BIGNUM *add, 131
132BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, BIGNUM *add,
79 BIGNUM *rem, void (*callback)(int,int,void *), void *cb_arg) 133 BIGNUM *rem, void (*callback)(int,int,void *), void *cb_arg)
80 { 134 {
81 BIGNUM *rnd=NULL; 135 BIGNUM *rnd=NULL;
82 BIGNUM t; 136 BIGNUM t;
137 int found=0;
83 int i,j,c1=0; 138 int i,j,c1=0;
84 BN_CTX *ctx; 139 BN_CTX *ctx;
140 int checks = BN_prime_checks_for_size(bits);
85 141
86 ctx=BN_CTX_new(); 142 ctx=BN_CTX_new();
87 if (ctx == NULL) goto err; 143 if (ctx == NULL) goto err;
@@ -100,9 +156,9 @@ loop:
100 } 156 }
101 else 157 else
102 { 158 {
103 if (strong) 159 if (safe)
104 { 160 {
105 if (!probable_prime_dh_strong(rnd,bits,add,rem,ctx)) 161 if (!probable_prime_dh_safe(rnd,bits,add,rem,ctx))
106 goto err; 162 goto err;
107 } 163 }
108 else 164 else
@@ -114,160 +170,185 @@ loop:
114 /* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */ 170 /* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */
115 if (callback != NULL) callback(0,c1++,cb_arg); 171 if (callback != NULL) callback(0,c1++,cb_arg);
116 172
117 if (!strong) 173 if (!safe)
118 { 174 {
119 i=BN_is_prime(rnd,BN_prime_checks,callback,ctx,cb_arg); 175 i=BN_is_prime_fasttest(rnd,checks,callback,ctx,cb_arg,0);
120 if (i == -1) goto err; 176 if (i == -1) goto err;
121 if (i == 0) goto loop; 177 if (i == 0) goto loop;
122 } 178 }
123 else 179 else
124 { 180 {
125 /* for a strong prime generation, 181 /* for "safe prime" generation,
126 * check that (p-1)/2 is prime. 182 * check that (p-1)/2 is prime.
127 * Since a prime is odd, We just 183 * Since a prime is odd, We just
128 * need to divide by 2 */ 184 * need to divide by 2 */
129 if (!BN_rshift1(&t,rnd)) goto err; 185 if (!BN_rshift1(&t,rnd)) goto err;
130 186
131 for (i=0; i<BN_prime_checks; i++) 187 for (i=0; i<checks; i++)
132 { 188 {
133 j=BN_is_prime(rnd,1,callback,ctx,cb_arg); 189 j=BN_is_prime_fasttest(rnd,1,callback,ctx,cb_arg,0);
134 if (j == -1) goto err; 190 if (j == -1) goto err;
135 if (j == 0) goto loop; 191 if (j == 0) goto loop;
136 192
137 j=BN_is_prime(&t,1,callback,ctx,cb_arg); 193 j=BN_is_prime_fasttest(&t,1,callback,ctx,cb_arg,0);
138 if (j == -1) goto err; 194 if (j == -1) goto err;
139 if (j == 0) goto loop; 195 if (j == 0) goto loop;
140 196
141 if (callback != NULL) callback(2,c1-1,cb_arg); 197 if (callback != NULL) callback(2,c1-1,cb_arg);
142 /* We have a strong prime test pass */ 198 /* We have a safe prime test pass */
143 } 199 }
144 } 200 }
145 /* we have a prime :-) */ 201 /* we have a prime :-) */
146 ret=rnd; 202 found = 1;
147err: 203err:
148 if ((ret == NULL) && (rnd != NULL)) BN_free(rnd); 204 if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd);
149 BN_free(&t); 205 BN_free(&t);
150 if (ctx != NULL) BN_CTX_free(ctx); 206 if (ctx != NULL) BN_CTX_free(ctx);
151 return(ret); 207 return(found ? rnd : NULL);
152 } 208 }
153 209
154int BN_is_prime(BIGNUM *a, int checks, void (*callback)(int,int,void *), 210int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *),
155 BN_CTX *ctx_passed, void *cb_arg) 211 BN_CTX *ctx_passed, void *cb_arg)
156 { 212 {
157 int i,j,c2=0,ret= -1; 213 return BN_is_prime_fasttest(a, checks, callback, ctx_passed, cb_arg, 0);
158 BIGNUM *check; 214 }
159 BN_CTX *ctx=NULL,*ctx2=NULL;
160 BN_MONT_CTX *mont=NULL;
161 215
216int BN_is_prime_fasttest(const BIGNUM *a, int checks,
217 void (*callback)(int,int,void *),
218 BN_CTX *ctx_passed, void *cb_arg,
219 int do_trial_division)
220 {
221 int i, j, ret = -1;
222 int k;
223 BN_CTX *ctx = NULL;
224 BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
225 BN_MONT_CTX *mont = NULL;
226 const BIGNUM *A = NULL;
227
228 if (checks == BN_prime_checks)
229 checks = BN_prime_checks_for_size(BN_num_bits(a));
230
231 /* first look for small factors */
162 if (!BN_is_odd(a)) 232 if (!BN_is_odd(a))
163 return(0); 233 return(0);
234 if (do_trial_division)
235 {
236 for (i = 1; i < NUMPRIMES; i++)
237 if (BN_mod_word(a, primes[i]) == 0)
238 return 0;
239 if (callback != NULL) callback(1, -1, cb_arg);
240 }
241
164 if (ctx_passed != NULL) 242 if (ctx_passed != NULL)
165 ctx=ctx_passed; 243 ctx = ctx_passed;
166 else 244 else
167 if ((ctx=BN_CTX_new()) == NULL) goto err; 245 if ((ctx=BN_CTX_new()) == NULL)
168 246 goto err;
169 if ((ctx2=BN_CTX_new()) == NULL) goto err; 247 BN_CTX_start(ctx);
170 if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
171
172 check= &(ctx->bn[ctx->tos++]);
173 248
174 /* Setup the montgomery structure */ 249 /* A := abs(a) */
175 if (!BN_MONT_CTX_set(mont,a,ctx2)) goto err; 250 if (a->neg)
251 {
252 BIGNUM *t;
253 if ((t = BN_CTX_get(ctx)) == NULL) goto err;
254 BN_copy(t, a);
255 t->neg = 0;
256 A = t;
257 }
258 else
259 A = a;
260 A1 = BN_CTX_get(ctx);
261 A1_odd = BN_CTX_get(ctx);
262 check = BN_CTX_get(ctx);
263 if (check == NULL) goto err;
264
265 /* compute A1 := A - 1 */
266 if (!BN_copy(A1, A))
267 goto err;
268 if (!BN_sub_word(A1, 1))
269 goto err;
270 if (BN_is_zero(A1))
271 {
272 ret = 0;
273 goto err;
274 }
176 275
177 for (i=0; i<checks; i++) 276 /* write A1 as A1_odd * 2^k */
277 k = 1;
278 while (!BN_is_bit_set(A1, k))
279 k++;
280 if (!BN_rshift(A1_odd, A1, k))
281 goto err;
282
283 /* Montgomery setup for computations mod A */
284 mont = BN_MONT_CTX_new();
285 if (mont == NULL)
286 goto err;
287 if (!BN_MONT_CTX_set(mont, A, ctx))
288 goto err;
289
290 for (i = 0; i < checks; i++)
178 { 291 {
179 if (!BN_rand(check,BN_num_bits(a)-1,0,0)) goto err; 292 if (!BN_pseudo_rand(check, BN_num_bits(A1), 0, 0))
180 j=witness(check,a,ctx,ctx2,mont); 293 goto err;
294 if (BN_cmp(check, A1) >= 0)
295 if (!BN_sub(check, check, A1))
296 goto err;
297 if (!BN_add_word(check, 1))
298 goto err;
299 /* now 1 <= check < A */
300
301 j = witness(check, A, A1, A1_odd, k, ctx, mont);
181 if (j == -1) goto err; 302 if (j == -1) goto err;
182 if (j) 303 if (j)
183 { 304 {
184 ret=0; 305 ret=0;
185 goto err; 306 goto err;
186 } 307 }
187 if (callback != NULL) callback(1,c2++,cb_arg); 308 if (callback != NULL) callback(1,i,cb_arg);
188 } 309 }
189 ret=1; 310 ret=1;
190err: 311err:
191 ctx->tos--; 312 if (ctx != NULL)
192 if ((ctx_passed == NULL) && (ctx != NULL)) 313 {
193 BN_CTX_free(ctx); 314 BN_CTX_end(ctx);
194 if (ctx2 != NULL) 315 if (ctx_passed == NULL)
195 BN_CTX_free(ctx2); 316 BN_CTX_free(ctx);
196 if (mont != NULL) BN_MONT_CTX_free(mont); 317 }
197 318 if (mont != NULL)
319 BN_MONT_CTX_free(mont);
320
198 return(ret); 321 return(ret);
199 } 322 }
200 323
201#define RECP_MUL_MOD 324static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
202 325 const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont)
203static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx, BN_CTX *ctx2,
204 BN_MONT_CTX *mont)
205 { 326 {
206 int k,i,ret= -1,good; 327 if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */
207 BIGNUM *d,*dd,*tmp,*d1,*d2,*n1; 328 return -1;
208 BIGNUM *mont_one,*mont_n1,*mont_a; 329 if (BN_is_one(w))
209 330 return 0; /* probably prime */
210 d1= &(ctx->bn[ctx->tos]); 331 if (BN_cmp(w, a1) == 0)
211 d2= &(ctx->bn[ctx->tos+1]); 332 return 0; /* w == -1 (mod a), 'a' is probably prime */
212 n1= &(ctx->bn[ctx->tos+2]); 333 while (--k)
213 ctx->tos+=3;
214
215 mont_one= &(ctx2->bn[ctx2->tos]);
216 mont_n1= &(ctx2->bn[ctx2->tos+1]);
217 mont_a= &(ctx2->bn[ctx2->tos+2]);
218 ctx2->tos+=3;
219
220 d=d1;
221 dd=d2;
222 if (!BN_one(d)) goto err;
223 if (!BN_sub(n1,n,d)) goto err; /* n1=n-1; */
224 k=BN_num_bits(n1);
225
226 if (!BN_to_montgomery(mont_one,BN_value_one(),mont,ctx2)) goto err;
227 if (!BN_to_montgomery(mont_n1,n1,mont,ctx2)) goto err;
228 if (!BN_to_montgomery(mont_a,a,mont,ctx2)) goto err;
229
230 BN_copy(d,mont_one);
231 for (i=k-1; i>=0; i--)
232 { 334 {
233 if ( (BN_cmp(d,mont_one) != 0) && 335 if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */
234 (BN_cmp(d,mont_n1) != 0)) 336 return -1;
235 good=1; 337 if (BN_is_one(w))
236 else 338 return 1; /* 'a' is composite, otherwise a previous 'w' would
237 good=0; 339 * have been == -1 (mod 'a') */
238 340 if (BN_cmp(w, a1) == 0)
239 BN_mod_mul_montgomery(dd,d,d,mont,ctx2); 341 return 0; /* w == -1 (mod a), 'a' is probably prime */
240
241 if (good && (BN_cmp(dd,mont_one) == 0))
242 {
243 ret=1;
244 goto err;
245 }
246 if (BN_is_bit_set(n1,i))
247 {
248 BN_mod_mul_montgomery(d,dd,mont_a,mont,ctx2);
249 }
250 else
251 {
252 tmp=d;
253 d=dd;
254 dd=tmp;
255 }
256 } 342 }
257 if (BN_cmp(d,mont_one) == 0) 343 /* If we get here, 'w' is the (a-1)/2-th power of the original 'w',
258 i=0; 344 * and it is neither -1 nor +1 -- so 'a' cannot be prime */
259 else i=1; 345 return 1;
260 ret=i;
261err:
262 ctx->tos-=3;
263 ctx2->tos-=3;
264 return(ret);
265 } 346 }
266 347
267static int probable_prime(BIGNUM *rnd, int bits) 348static int probable_prime(BIGNUM *rnd, int bits)
268 { 349 {
269 int i; 350 int i;
270 MS_STATIC BN_ULONG mods[NUMPRIMES]; 351 BN_ULONG mods[NUMPRIMES];
271 BN_ULONG delta,d; 352 BN_ULONG delta,d;
272 353
273again: 354again:
@@ -285,7 +366,7 @@ again:
285 d=delta; 366 d=delta;
286 delta+=2; 367 delta+=2;
287 /* perhaps need to check for overflow of 368 /* perhaps need to check for overflow of
288 * delta (but delta can be upto 2^32) 369 * delta (but delta can be up to 2^32)
289 * 21-May-98 eay - added overflow check */ 370 * 21-May-98 eay - added overflow check */
290 if (delta < d) goto again; 371 if (delta < d) goto again;
291 goto loop; 372 goto loop;
@@ -301,7 +382,8 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, BIGNUM *add, BIGNUM *rem,
301 int i,ret=0; 382 int i,ret=0;
302 BIGNUM *t1; 383 BIGNUM *t1;
303 384
304 t1= &(ctx->bn[ctx->tos++]); 385 BN_CTX_start(ctx);
386 if ((t1 = BN_CTX_get(ctx)) == NULL) goto err;
305 387
306 if (!BN_rand(rnd,bits,0,1)) goto err; 388 if (!BN_rand(rnd,bits,0,1)) goto err;
307 389
@@ -327,20 +409,22 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, BIGNUM *add, BIGNUM *rem,
327 } 409 }
328 ret=1; 410 ret=1;
329err: 411err:
330 ctx->tos--; 412 BN_CTX_end(ctx);
331 return(ret); 413 return(ret);
332 } 414 }
333 415
334static int probable_prime_dh_strong(BIGNUM *p, int bits, BIGNUM *padd, 416static int probable_prime_dh_safe(BIGNUM *p, int bits, BIGNUM *padd,
335 BIGNUM *rem, BN_CTX *ctx) 417 BIGNUM *rem, BN_CTX *ctx)
336 { 418 {
337 int i,ret=0; 419 int i,ret=0;
338 BIGNUM *t1,*qadd=NULL,*q=NULL; 420 BIGNUM *t1,*qadd,*q;
339 421
340 bits--; 422 bits--;
341 t1= &(ctx->bn[ctx->tos++]); 423 BN_CTX_start(ctx);
342 q= &(ctx->bn[ctx->tos++]); 424 t1 = BN_CTX_get(ctx);
343 qadd= &(ctx->bn[ctx->tos++]); 425 q = BN_CTX_get(ctx);
426 qadd = BN_CTX_get(ctx);
427 if (qadd == NULL) goto err;
344 428
345 if (!BN_rshift1(qadd,padd)) goto err; 429 if (!BN_rshift1(qadd,padd)) goto err;
346 430
@@ -376,72 +460,6 @@ static int probable_prime_dh_strong(BIGNUM *p, int bits, BIGNUM *padd,
376 } 460 }
377 ret=1; 461 ret=1;
378err: 462err:
379 ctx->tos-=3; 463 BN_CTX_end(ctx);
380 return(ret);
381 }
382
383#if 0
384static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx)
385 {
386 int k,i,nb,ret= -1;
387 BIGNUM *d,*dd,*tmp;
388 BIGNUM *d1,*d2,*x,*n1,*inv;
389
390 d1= &(ctx->bn[ctx->tos]);
391 d2= &(ctx->bn[ctx->tos+1]);
392 x= &(ctx->bn[ctx->tos+2]);
393 n1= &(ctx->bn[ctx->tos+3]);
394 inv=&(ctx->bn[ctx->tos+4]);
395 ctx->tos+=5;
396
397 d=d1;
398 dd=d2;
399 if (!BN_one(d)) goto err;
400 if (!BN_sub(n1,n,d)) goto err; /* n1=n-1; */
401 k=BN_num_bits(n1);
402
403 /* i=BN_num_bits(n); */
404#ifdef RECP_MUL_MOD
405 nb=BN_reciprocal(inv,n,ctx); /**/
406 if (nb == -1) goto err;
407#endif
408
409 for (i=k-1; i>=0; i--)
410 {
411 if (BN_copy(x,d) == NULL) goto err;
412#ifndef RECP_MUL_MOD
413 if (!BN_mod_mul(dd,d,d,n,ctx)) goto err;
414#else
415 if (!BN_mod_mul_reciprocal(dd,d,d,n,inv,nb,ctx)) goto err;
416#endif
417 if ( BN_is_one(dd) &&
418 !BN_is_one(x) &&
419 (BN_cmp(x,n1) != 0))
420 {
421 ret=1;
422 goto err;
423 }
424 if (BN_is_bit_set(n1,i))
425 {
426#ifndef RECP_MUL_MOD
427 if (!BN_mod_mul(d,dd,a,n,ctx)) goto err;
428#else
429 if (!BN_mod_mul_reciprocal(d,dd,a,n,inv,nb,ctx)) goto err;
430#endif
431 }
432 else
433 {
434 tmp=d;
435 d=dd;
436 dd=tmp;
437 }
438 }
439 if (BN_is_one(d))
440 i=0;
441 else i=1;
442 ret=i;
443err:
444 ctx->tos-=5;
445 return(ret); 464 return(ret);
446 } 465 }
447#endif
diff --git a/src/lib/libcrypto/bn/bn_prime.h b/src/lib/libcrypto/bn/bn_prime.h
index 6fce0210cd..b7cf9a9bfe 100644
--- a/src/lib/libcrypto/bn/bn_prime.h
+++ b/src/lib/libcrypto/bn/bn_prime.h
@@ -1,4 +1,4 @@
1/* crypto/bn/bn_prime.h */ 1/* Auto generated by bn_prime.pl */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -61,7 +61,7 @@
61#else 61#else
62#define NUMPRIMES 54 62#define NUMPRIMES 54
63#endif 63#endif
64static unsigned int primes[NUMPRIMES]= 64static const unsigned int primes[NUMPRIMES]=
65 { 65 {
66 2, 3, 5, 7, 11, 13, 17, 19, 66 2, 3, 5, 7, 11, 13, 17, 19,
67 23, 29, 31, 37, 41, 43, 47, 53, 67 23, 29, 31, 37, 41, 43, 47, 53,
diff --git a/src/lib/libcrypto/bn/bn_prime.pl b/src/lib/libcrypto/bn/bn_prime.pl
index 979385a334..9fc3765486 100644
--- a/src/lib/libcrypto/bn/bn_prime.pl
+++ b/src/lib/libcrypto/bn/bn_prime.pl
@@ -18,13 +18,74 @@ loop: while ($#primes < $num-1)
18 push(@primes,$p); 18 push(@primes,$p);
19 } 19 }
20 20
21print <<"EOF"; 21# print <<"EOF";
22# /* Auto generated by bn_prime.pl */
23# /* Copyright (C) 1995-1997 Eric Young (eay\@mincom.oz.au).
24# * All rights reserved.
25# * Copyright remains Eric Young's, and as such any Copyright notices in
26# * the code are not to be removed.
27# * See the COPYRIGHT file in the SSLeay distribution for more details.
28# */
29#
30# EOF
31
32print <<\EOF;
22/* Auto generated by bn_prime.pl */ 33/* Auto generated by bn_prime.pl */
23/* Copyright (C) 1995-1997 Eric Young (eay\@mincom.oz.au). 34/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
24 * All rights reserved. 35 * All rights reserved.
36 *
37 * This package is an SSL implementation written
38 * by Eric Young (eay@cryptsoft.com).
39 * The implementation was written so as to conform with Netscapes SSL.
40 *
41 * This library is free for commercial and non-commercial use as long as
42 * the following conditions are aheared to. The following conditions
43 * apply to all code found in this distribution, be it the RC4, RSA,
44 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
45 * included with this distribution is covered by the same copyright terms
46 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
47 *
25 * Copyright remains Eric Young's, and as such any Copyright notices in 48 * Copyright remains Eric Young's, and as such any Copyright notices in
26 * the code are not to be removed. 49 * the code are not to be removed.
27 * See the COPYRIGHT file in the SSLeay distribution for more details. 50 * If this package is used in a product, Eric Young should be given attribution
51 * as the author of the parts of the library used.
52 * This can be in the form of a textual message at program startup or
53 * in documentation (online or textual) provided with the package.
54 *
55 * Redistribution and use in source and binary forms, with or without
56 * modification, are permitted provided that the following conditions
57 * are met:
58 * 1. Redistributions of source code must retain the copyright
59 * notice, this list of conditions and the following disclaimer.
60 * 2. Redistributions in binary form must reproduce the above copyright
61 * notice, this list of conditions and the following disclaimer in the
62 * documentation and/or other materials provided with the distribution.
63 * 3. All advertising materials mentioning features or use of this software
64 * must display the following acknowledgement:
65 * "This product includes cryptographic software written by
66 * Eric Young (eay@cryptsoft.com)"
67 * The word 'cryptographic' can be left out if the rouines from the library
68 * being used are not cryptographic related :-).
69 * 4. If you include any Windows specific code (or a derivative thereof) from
70 * the apps directory (application code) you must include an acknowledgement:
71 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
72 *
73 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
74 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
75 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
76 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
77 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
78 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
79 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
80 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
81 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
82 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
83 * SUCH DAMAGE.
84 *
85 * The licence and distribution terms for any publically available version or
86 * derivative of this code cannot be changed. i.e. this code cannot simply be
87 * copied and put under another distribution licence
88 * [including the GNU Public Licence.]
28 */ 89 */
29 90
30EOF 91EOF
@@ -43,7 +104,7 @@ printf "#define NUMPRIMES %d\n",$num;
43printf "#else\n"; 104printf "#else\n";
44printf "#define NUMPRIMES %d\n",$eight; 105printf "#define NUMPRIMES %d\n",$eight;
45printf "#endif\n"; 106printf "#endif\n";
46print "static unsigned int primes[NUMPRIMES]=\n\t{\n\t"; 107print "static const unsigned int primes[NUMPRIMES]=\n\t{\n\t";
47$init=0; 108$init=0;
48for ($i=0; $i <= $#primes; $i++) 109for ($i=0; $i <= $#primes; $i++)
49 { 110 {
diff --git a/src/lib/libcrypto/bn/bn_print.c b/src/lib/libcrypto/bn/bn_print.c
index 2f5ab2617b..782a96e7e0 100644
--- a/src/lib/libcrypto/bn/bn_print.c
+++ b/src/lib/libcrypto/bn/bn_print.c
@@ -137,7 +137,7 @@ char *BN_bn2dec(const BIGNUM *a)
137 } 137 }
138 lp--; 138 lp--;
139 /* We now have a series of blocks, BN_DEC_NUM chars 139 /* We now have a series of blocks, BN_DEC_NUM chars
140 * in length, where the last one needs trucation. 140 * in length, where the last one needs truncation.
141 * The blocks need to be reversed in order. */ 141 * The blocks need to be reversed in order. */
142 sprintf(p,BN_DEC_FMT1,*lp); 142 sprintf(p,BN_DEC_FMT1,*lp);
143 while (*p) p++; 143 while (*p) p++;
@@ -171,7 +171,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
171 num=i+neg; 171 num=i+neg;
172 if (bn == NULL) return(num); 172 if (bn == NULL) return(num);
173 173
174 /* a is the start of the hex digets, and it is 'i' long */ 174 /* a is the start of the hex digits, and it is 'i' long */
175 if (*bn == NULL) 175 if (*bn == NULL)
176 { 176 {
177 if ((ret=BN_new()) == NULL) return(0); 177 if ((ret=BN_new()) == NULL) return(0);
@@ -185,7 +185,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
185 /* i is the number of hex digests; */ 185 /* i is the number of hex digests; */
186 if (bn_expand(ret,i*4) == NULL) goto err; 186 if (bn_expand(ret,i*4) == NULL) goto err;
187 187
188 j=i; /* least significate 'hex' */ 188 j=i; /* least significant 'hex' */
189 m=0; 189 m=0;
190 h=0; 190 h=0;
191 while (j > 0) 191 while (j > 0)
@@ -236,8 +236,8 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
236 num=i+neg; 236 num=i+neg;
237 if (bn == NULL) return(num); 237 if (bn == NULL) return(num);
238 238
239 /* a is the start of the digets, and it is 'i' long. 239 /* a is the start of the digits, and it is 'i' long.
240 * We chop it into BN_DEC_NUM digets at a time */ 240 * We chop it into BN_DEC_NUM digits at a time */
241 if (*bn == NULL) 241 if (*bn == NULL)
242 { 242 {
243 if ((ret=BN_new()) == NULL) return(0); 243 if ((ret=BN_new()) == NULL) return(0);
@@ -278,9 +278,8 @@ err:
278 } 278 }
279 279
280#ifndef NO_BIO 280#ifndef NO_BIO
281
282#ifndef NO_FP_API 281#ifndef NO_FP_API
283int BN_print_fp(FILE *fp, BIGNUM *a) 282int BN_print_fp(FILE *fp, const BIGNUM *a)
284 { 283 {
285 BIO *b; 284 BIO *b;
286 int ret; 285 int ret;
@@ -319,5 +318,15 @@ int BN_print(BIO *bp, const BIGNUM *a)
319end: 318end:
320 return(ret); 319 return(ret);
321 } 320 }
321#endif
322 322
323#ifdef BN_DEBUG
324void bn_dump1(FILE *o, const char *a, BN_ULONG *b,int n)
325 {
326 int i;
327 fprintf(o, "%s=", a);
328 for (i=n-1;i>=0;i--)
329 fprintf(o, "%08lX", b[i]); /* assumes 32-bit BN_ULONG */
330 fprintf(o, "\n");
331 }
323#endif 332#endif
diff --git a/src/lib/libcrypto/bn/bn_rand.c b/src/lib/libcrypto/bn/bn_rand.c
index 91b8e34ae6..943712c15b 100644
--- a/src/lib/libcrypto/bn/bn_rand.c
+++ b/src/lib/libcrypto/bn/bn_rand.c
@@ -62,7 +62,7 @@
62#include "bn_lcl.h" 62#include "bn_lcl.h"
63#include <openssl/rand.h> 63#include <openssl/rand.h>
64 64
65int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) 65static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
66 { 66 {
67 unsigned char *buf=NULL; 67 unsigned char *buf=NULL;
68 int ret=0,bit,bytes,mask; 68 int ret=0,bit,bytes,mask;
@@ -81,9 +81,19 @@ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
81 81
82 /* make a random number and set the top and bottom bits */ 82 /* make a random number and set the top and bottom bits */
83 time(&tim); 83 time(&tim);
84 RAND_seed(&tim,sizeof(tim)); 84 RAND_add(&tim,sizeof(tim),0);
85
86 if (pseudorand)
87 {
88 if (RAND_pseudo_bytes(buf, bytes) == -1)
89 goto err;
90 }
91 else
92 {
93 if (RAND_bytes(buf, bytes) <= 0)
94 goto err;
95 }
85 96
86 RAND_bytes(buf,(int)bytes);
87 if (top) 97 if (top)
88 { 98 {
89 if (bit == 0) 99 if (bit == 0)
@@ -115,3 +125,12 @@ err:
115 return(ret); 125 return(ret);
116 } 126 }
117 127
128int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
129 {
130 return bnrand(0, rnd, bits, top, bottom);
131 }
132
133int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
134 {
135 return bnrand(1, rnd, bits, top, bottom);
136 }
diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c
index c1b0e230ea..a8796bd0aa 100644
--- a/src/lib/libcrypto/bn/bn_recp.c
+++ b/src/lib/libcrypto/bn/bn_recp.c
@@ -106,7 +106,8 @@ int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BN_RECP_CTX *recp,
106 int ret=0; 106 int ret=0;
107 BIGNUM *a; 107 BIGNUM *a;
108 108
109 a= &(ctx->bn[ctx->tos++]); 109 BN_CTX_start(ctx);
110 if ((a = BN_CTX_get(ctx)) == NULL) goto err;
110 if (y != NULL) 111 if (y != NULL)
111 { 112 {
112 if (x == y) 113 if (x == y)
@@ -120,33 +121,34 @@ int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BN_RECP_CTX *recp,
120 BN_div_recp(NULL,r,a,recp,ctx); 121 BN_div_recp(NULL,r,a,recp,ctx);
121 ret=1; 122 ret=1;
122err: 123err:
123 ctx->tos--; 124 BN_CTX_end(ctx);
124 return(ret); 125 return(ret);
125 } 126 }
126 127
127int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BN_RECP_CTX *recp, 128int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BN_RECP_CTX *recp,
128 BN_CTX *ctx) 129 BN_CTX *ctx)
129 { 130 {
130 int i,j,tos,ret=0,ex; 131 int i,j,ret=0;
131 BIGNUM *a,*b,*d,*r; 132 BIGNUM *a,*b,*d,*r;
132 133
133 tos=ctx->tos; 134 BN_CTX_start(ctx);
134 a= &(ctx->bn[ctx->tos++]); 135 a=BN_CTX_get(ctx);
135 b= &(ctx->bn[ctx->tos++]); 136 b=BN_CTX_get(ctx);
136 if (dv != NULL) 137 if (dv != NULL)
137 d=dv; 138 d=dv;
138 else 139 else
139 d= &(ctx->bn[ctx->tos++]); 140 d=BN_CTX_get(ctx);
140 if (rem != NULL) 141 if (rem != NULL)
141 r=rem; 142 r=rem;
142 else 143 else
143 r= &(ctx->bn[ctx->tos++]); 144 r=BN_CTX_get(ctx);
145 if (a == NULL || b == NULL || d == NULL || r == NULL) goto err;
144 146
145 if (BN_ucmp(m,&(recp->N)) < 0) 147 if (BN_ucmp(m,&(recp->N)) < 0)
146 { 148 {
147 BN_zero(d); 149 BN_zero(d);
148 BN_copy(r,m); 150 BN_copy(r,m);
149 ctx->tos=tos; 151 BN_CTX_end(ctx);
150 return(1); 152 return(1);
151 } 153 }
152 154
@@ -157,33 +159,24 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BN_RECP_CTX *recp,
157 */ 159 */
158 i=BN_num_bits(m); 160 i=BN_num_bits(m);
159 161
160 j=recp->num_bits*2; 162 j=recp->num_bits<<1;
161 if (j > i) 163 if (j>i) i=j;
162 { 164 j>>=1;
163 i=j;
164 ex=0;
165 }
166 else
167 {
168 ex=(i-j)/2;
169 }
170
171 j=i/2;
172 165
173 if (i != recp->shift) 166 if (i != recp->shift)
174 recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N), 167 recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N),
175 i,ctx); 168 i,ctx);
176 169
177 if (!BN_rshift(a,m,j-ex)) goto err; 170 if (!BN_rshift(a,m,j)) goto err;
178 if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err; 171 if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err;
179 if (!BN_rshift(d,b,j+ex)) goto err; 172 if (!BN_rshift(d,b,i-j)) goto err;
180 d->neg=0; 173 d->neg=0;
181 if (!BN_mul(b,&(recp->N),d,ctx)) goto err; 174 if (!BN_mul(b,&(recp->N),d,ctx)) goto err;
182 if (!BN_usub(r,m,b)) goto err; 175 if (!BN_usub(r,m,b)) goto err;
183 r->neg=0; 176 r->neg=0;
184 177
185 j=0;
186#if 1 178#if 1
179 j=0;
187 while (BN_ucmp(r,&(recp->N)) >= 0) 180 while (BN_ucmp(r,&(recp->N)) >= 0)
188 { 181 {
189 if (j++ > 2) 182 if (j++ > 2)
@@ -200,7 +193,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BN_RECP_CTX *recp,
200 d->neg=m->neg^recp->N.neg; 193 d->neg=m->neg^recp->N.neg;
201 ret=1; 194 ret=1;
202err: 195err:
203 ctx->tos=tos; 196 BN_CTX_end(ctx);
204 return(ret); 197 return(ret);
205 } 198 }
206 199
diff --git a/src/lib/libcrypto/bn/bn_sqr.c b/src/lib/libcrypto/bn/bn_sqr.c
index 12cce4d7ce..fe00c5f69a 100644
--- a/src/lib/libcrypto/bn/bn_sqr.c
+++ b/src/lib/libcrypto/bn/bn_sqr.c
@@ -65,14 +65,13 @@
65int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx) 65int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx)
66 { 66 {
67 int max,al; 67 int max,al;
68 int ret = 0;
68 BIGNUM *tmp,*rr; 69 BIGNUM *tmp,*rr;
69 70
70#ifdef BN_COUNT 71#ifdef BN_COUNT
71printf("BN_sqr %d * %d\n",a->top,a->top); 72printf("BN_sqr %d * %d\n",a->top,a->top);
72#endif 73#endif
73 bn_check_top(a); 74 bn_check_top(a);
74 tmp= &(ctx->bn[ctx->tos]);
75 rr=(a != r)?r: (&ctx->bn[ctx->tos+1]);
76 75
77 al=a->top; 76 al=a->top;
78 if (al <= 0) 77 if (al <= 0)
@@ -81,8 +80,13 @@ printf("BN_sqr %d * %d\n",a->top,a->top);
81 return(1); 80 return(1);
82 } 81 }
83 82
83 BN_CTX_start(ctx);
84 rr=(a != r) ? r : BN_CTX_get(ctx);
85 tmp=BN_CTX_get(ctx);
86 if (tmp == NULL) goto err;
87
84 max=(al+al); 88 max=(al+al);
85 if (bn_wexpand(rr,max+1) == NULL) return(0); 89 if (bn_wexpand(rr,max+1) == NULL) goto err;
86 90
87 r->neg=0; 91 r->neg=0;
88 if (al == 4) 92 if (al == 4)
@@ -120,18 +124,18 @@ printf("BN_sqr %d * %d\n",a->top,a->top);
120 k=j+j; 124 k=j+j;
121 if (al == j) 125 if (al == j)
122 { 126 {
123 if (bn_wexpand(a,k*2) == NULL) return(0); 127 if (bn_wexpand(a,k*2) == NULL) goto err;
124 if (bn_wexpand(tmp,k*2) == NULL) return(0); 128 if (bn_wexpand(tmp,k*2) == NULL) goto err;
125 bn_sqr_recursive(rr->d,a->d,al,tmp->d); 129 bn_sqr_recursive(rr->d,a->d,al,tmp->d);
126 } 130 }
127 else 131 else
128 { 132 {
129 if (bn_wexpand(tmp,max) == NULL) return(0); 133 if (bn_wexpand(tmp,max) == NULL) goto err;
130 bn_sqr_normal(rr->d,a->d,al,tmp->d); 134 bn_sqr_normal(rr->d,a->d,al,tmp->d);
131 } 135 }
132 } 136 }
133#else 137#else
134 if (bn_wexpand(tmp,max) == NULL) return(0); 138 if (bn_wexpand(tmp,max) == NULL) goto err;
135 bn_sqr_normal(rr->d,a->d,al,tmp->d); 139 bn_sqr_normal(rr->d,a->d,al,tmp->d);
136#endif 140#endif
137 } 141 }
@@ -139,7 +143,10 @@ printf("BN_sqr %d * %d\n",a->top,a->top);
139 rr->top=max; 143 rr->top=max;
140 if ((max > 0) && (rr->d[max-1] == 0)) rr->top--; 144 if ((max > 0) && (rr->d[max-1] == 0)) rr->top--;
141 if (rr != r) BN_copy(r,rr); 145 if (rr != r) BN_copy(r,rr);
142 return(1); 146 ret = 1;
147 err:
148 BN_CTX_end(ctx);
149 return(ret);
143 } 150 }
144 151
145/* tmp must have 2*n words */ 152/* tmp must have 2*n words */
@@ -185,7 +192,7 @@ void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp)
185 * n must be a power of 2. 192 * n must be a power of 2.
186 * We multiply and return the result. 193 * We multiply and return the result.
187 * t must be 2*n words in size 194 * t must be 2*n words in size
188 * We calulate 195 * We calculate
189 * a[0]*b[0] 196 * a[0]*b[0]
190 * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) 197 * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
191 * a[1]*b[1] 198 * a[1]*b[1]
diff --git a/src/lib/libcrypto/bn/bn_word.c b/src/lib/libcrypto/bn/bn_word.c
index c0cfbc6797..73157a7d43 100644
--- a/src/lib/libcrypto/bn/bn_word.c
+++ b/src/lib/libcrypto/bn/bn_word.c
@@ -60,7 +60,7 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "bn_lcl.h" 61#include "bn_lcl.h"
62 62
63BN_ULONG BN_mod_word(BIGNUM *a, BN_ULONG w) 63BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
64 { 64 {
65#ifndef BN_LLONG 65#ifndef BN_LLONG
66 BN_ULONG ret=0; 66 BN_ULONG ret=0;
diff --git a/src/lib/libcrypto/bn/bnspeed.c b/src/lib/libcrypto/bn/bnspeed.c
index 0922aa3e16..20fc7e08ff 100644
--- a/src/lib/libcrypto/bn/bnspeed.c
+++ b/src/lib/libcrypto/bn/bnspeed.c
@@ -1,3 +1,5 @@
1/* unused */
2
1/* crypto/bn/bnspeed.c */ 3/* crypto/bn/bnspeed.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 4/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 5 * All rights reserved.
diff --git a/src/lib/libcrypto/bn/bntest.c b/src/lib/libcrypto/bn/bntest.c
index df4b81f5b2..41c22f5954 100644
--- a/src/lib/libcrypto/bn/bntest.c
+++ b/src/lib/libcrypto/bn/bntest.c
@@ -72,6 +72,10 @@
72#include "../bio/bss_file.c" 72#include "../bio/bss_file.c"
73#endif 73#endif
74 74
75const int num0 = 100; /* number of tests */
76const int num1 = 50; /* additional tests for some functions */
77const int num2 = 5; /* number of tests for slow functions */
78
75int test_add(BIO *bp); 79int test_add(BIO *bp);
76int test_sub(BIO *bp); 80int test_sub(BIO *bp);
77int test_lshift1(BIO *bp); 81int test_lshift1(BIO *bp);
@@ -95,15 +99,33 @@ static int results=0;
95#include "bss_file.c" 99#include "bss_file.c"
96#endif 100#endif
97 101
98static unsigned char lst1[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9" 102static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
99"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0"; 103"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
100 104
105static const char rnd_seed[] = "string to make the random number generator think it has entropy";
106
107static void message(BIO *out, char *m)
108 {
109 fprintf(stderr, "test %s\n", m);
110#if defined(linux) || defined(__FreeBSD__) /* can we use GNU bc features? */
111 BIO_puts(out, "print \"test ");
112 BIO_puts(out, m);
113 BIO_puts(out, "\\n\"\n");
114#endif
115 }
116
101int main(int argc, char *argv[]) 117int main(int argc, char *argv[])
102 { 118 {
103 BN_CTX *ctx; 119 BN_CTX *ctx;
104 BIO *out; 120 BIO *out;
105 char *outfile=NULL; 121 char *outfile=NULL;
106 122
123 results = 0;
124
125 RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
126 * even check its return value
127 * (which we should) */
128
107 argc--; 129 argc--;
108 argv++; 130 argv++;
109 while (argc >= 1) 131 while (argc >= 1)
@@ -141,78 +163,81 @@ int main(int argc, char *argv[])
141 if (!results) 163 if (!results)
142 BIO_puts(out,"obase=16\nibase=16\n"); 164 BIO_puts(out,"obase=16\nibase=16\n");
143 165
144 fprintf(stderr,"test BN_add\n"); 166 message(out,"BN_add");
145 if (!test_add(out)) goto err; 167 if (!test_add(out)) goto err;
146 fflush(stdout); 168 BIO_flush(out);
147 169
148 fprintf(stderr,"test BN_sub\n"); 170 message(out,"BN_sub");
149 if (!test_sub(out)) goto err; 171 if (!test_sub(out)) goto err;
150 fflush(stdout); 172 BIO_flush(out);
151 173
152 fprintf(stderr,"test BN_lshift1\n"); 174 message(out,"BN_lshift1");
153 if (!test_lshift1(out)) goto err; 175 if (!test_lshift1(out)) goto err;
154 fflush(stdout); 176 BIO_flush(out);
155 177
156 fprintf(stderr,"test BN_lshift (fixed)\n"); 178 message(out,"BN_lshift (fixed)");
157 if (!test_lshift(out,ctx,BN_bin2bn(lst1,sizeof(lst1)-1,NULL))) 179 if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
158 goto err; 180 goto err;
159 fflush(stdout); 181 BIO_flush(out);
160 182
161 fprintf(stderr,"test BN_lshift\n"); 183 message(out,"BN_lshift");
162 if (!test_lshift(out,ctx,NULL)) goto err; 184 if (!test_lshift(out,ctx,NULL)) goto err;
163 fflush(stdout); 185 BIO_flush(out);
164 186
165 fprintf(stderr,"test BN_rshift1\n"); 187 message(out,"BN_rshift1");
166 if (!test_rshift1(out)) goto err; 188 if (!test_rshift1(out)) goto err;
167 fflush(stdout); 189 BIO_flush(out);
168 190
169 fprintf(stderr,"test BN_rshift\n"); 191 message(out,"BN_rshift");
170 if (!test_rshift(out,ctx)) goto err; 192 if (!test_rshift(out,ctx)) goto err;
171 fflush(stdout); 193 BIO_flush(out);
172 194
173 fprintf(stderr,"test BN_sqr\n"); 195 message(out,"BN_sqr");
174 if (!test_sqr(out,ctx)) goto err; 196 if (!test_sqr(out,ctx)) goto err;
175 fflush(stdout); 197 BIO_flush(out);
176 198
177 fprintf(stderr,"test BN_mul\n"); 199 message(out,"BN_mul");
178 if (!test_mul(out)) goto err; 200 if (!test_mul(out)) goto err;
179 fflush(stdout); 201 BIO_flush(out);
180 202
181 fprintf(stderr,"test BN_div\n"); 203 message(out,"BN_div");
182 if (!test_div(out,ctx)) goto err; 204 if (!test_div(out,ctx)) goto err;
183 fflush(stdout); 205 BIO_flush(out);
184 206
185 fprintf(stderr,"test BN_div_recp\n"); 207 message(out,"BN_div_recp");
186 if (!test_div_recp(out,ctx)) goto err; 208 if (!test_div_recp(out,ctx)) goto err;
187 fflush(stdout); 209 BIO_flush(out);
188 210
189 fprintf(stderr,"test BN_mod\n"); 211 message(out,"BN_mod");
190 if (!test_mod(out,ctx)) goto err; 212 if (!test_mod(out,ctx)) goto err;
191 fflush(stdout); 213 BIO_flush(out);
192 214
193 fprintf(stderr,"test BN_mod_mul\n"); 215 message(out,"BN_mod_mul");
194 if (!test_mod_mul(out,ctx)) goto err; 216 if (!test_mod_mul(out,ctx)) goto err;
195 fflush(stdout); 217 BIO_flush(out);
196 218
197/* 219 message(out,"BN_mont");
198 fprintf(stderr,"test BN_mont\n");
199 if (!test_mont(out,ctx)) goto err; 220 if (!test_mont(out,ctx)) goto err;
200 fflush(stdout); 221 BIO_flush(out);
201*/ 222
202 fprintf(stderr,"test BN_mod_exp\n"); 223 message(out,"BN_mod_exp");
203 if (!test_mod_exp(out,ctx)) goto err; 224 if (!test_mod_exp(out,ctx)) goto err;
204 fflush(stdout); 225 BIO_flush(out);
205 226
206 fprintf(stderr,"test BN_exp\n"); 227 message(out,"BN_exp");
207 if (!test_exp(out,ctx)) goto err; 228 if (!test_exp(out,ctx)) goto err;
208 fflush(stdout); 229 BIO_flush(out);
230
231 BN_CTX_free(ctx);
232 BIO_free(out);
209 233
210/**/ 234/**/
211 exit(0); 235 exit(0);
212err: 236err:
213 BIO_puts(out,"1\n"); /* make sure bc fails if we are piping to it */ 237 BIO_puts(out,"1\n"); /* make sure bc fails if we are piping to it */
238 BIO_flush(out);
214 ERR_load_crypto_strings(); 239 ERR_load_crypto_strings();
215 ERR_print_errors(out); 240 ERR_print_errors_fp(stderr);
216 exit(1); 241 exit(1);
217 return(1); 242 return(1);
218 } 243 }
@@ -228,7 +253,7 @@ int test_add(BIO *bp)
228 BN_init(&c); 253 BN_init(&c);
229 254
230 BN_rand(&a,512,0,0); 255 BN_rand(&a,512,0,0);
231 for (i=0; i<100; i++) 256 for (i=0; i<num0; i++)
232 { 257 {
233 BN_rand(&b,450+i,0,0); 258 BN_rand(&b,450+i,0,0);
234 a.neg=rand_neg(); 259 a.neg=rand_neg();
@@ -255,7 +280,7 @@ int test_add(BIO *bp)
255 BN_add(&c,&c,&a); 280 BN_add(&c,&c,&a);
256 if(!BN_is_zero(&c)) 281 if(!BN_is_zero(&c))
257 { 282 {
258 BIO_puts(bp,"Add test failed!\n"); 283 fprintf(stderr,"Add test failed!\n");
259 return 0; 284 return 0;
260 } 285 }
261 } 286 }
@@ -275,12 +300,21 @@ int test_sub(BIO *bp)
275 BN_init(&b); 300 BN_init(&b);
276 BN_init(&c); 301 BN_init(&c);
277 302
278 BN_rand(&a,512,0,0); 303 for (i=0; i<num0+num1; i++)
279 for (i=0; i<100; i++)
280 { 304 {
281 BN_rand(&b,400+i,0,0); 305 if (i < num1)
282 a.neg=rand_neg(); 306 {
283 b.neg=rand_neg(); 307 BN_rand(&a,512,0,0);
308 BN_copy(&b,&a);
309 if (BN_set_bit(&a,i)==0) return(0);
310 BN_add_word(&b,i);
311 }
312 else
313 {
314 BN_rand(&b,400+i-num1,0,0);
315 a.neg=rand_neg();
316 b.neg=rand_neg();
317 }
284 if (bp == NULL) 318 if (bp == NULL)
285 for (j=0; j<10000; j++) 319 for (j=0; j<10000; j++)
286 BN_sub(&c,&a,&b); 320 BN_sub(&c,&a,&b);
@@ -301,7 +335,7 @@ int test_sub(BIO *bp)
301 BN_sub(&c,&c,&a); 335 BN_sub(&c,&c,&a);
302 if(!BN_is_zero(&c)) 336 if(!BN_is_zero(&c))
303 { 337 {
304 BIO_puts(bp,"Subtract test failed!\n"); 338 fprintf(stderr,"Subtract test failed!\n");
305 return 0; 339 return 0;
306 } 340 }
307 } 341 }
@@ -323,10 +357,17 @@ int test_div(BIO *bp, BN_CTX *ctx)
323 BN_init(&d); 357 BN_init(&d);
324 BN_init(&e); 358 BN_init(&e);
325 359
326 BN_rand(&a,400,0,0); 360 for (i=0; i<num0+num1; i++)
327 for (i=0; i<100; i++)
328 { 361 {
329 BN_rand(&b,50+i,0,0); 362 if (i < num1)
363 {
364 BN_rand(&a,400,0,0);
365 BN_copy(&b,&a);
366 BN_lshift(&a,&a,i);
367 BN_add_word(&a,i);
368 }
369 else
370 BN_rand(&b,50+3*(i-num1),0,0);
330 a.neg=rand_neg(); 371 a.neg=rand_neg();
331 b.neg=rand_neg(); 372 b.neg=rand_neg();
332 if (bp == NULL) 373 if (bp == NULL)
@@ -360,7 +401,7 @@ int test_div(BIO *bp, BN_CTX *ctx)
360 BN_sub(&d,&d,&a); 401 BN_sub(&d,&d,&a);
361 if(!BN_is_zero(&d)) 402 if(!BN_is_zero(&d))
362 { 403 {
363 BIO_puts(bp,"Division test failed!\n"); 404 fprintf(stderr,"Division test failed!\n");
364 return 0; 405 return 0;
365 } 406 }
366 } 407 }
@@ -386,10 +427,17 @@ int test_div_recp(BIO *bp, BN_CTX *ctx)
386 BN_init(&d); 427 BN_init(&d);
387 BN_init(&e); 428 BN_init(&e);
388 429
389 BN_rand(&a,400,0,0); 430 for (i=0; i<num0+num1; i++)
390 for (i=0; i<100; i++)
391 { 431 {
392 BN_rand(&b,50+i,0,0); 432 if (i < num1)
433 {
434 BN_rand(&a,400,0,0);
435 BN_copy(&b,&a);
436 BN_lshift(&a,&a,i);
437 BN_add_word(&a,i);
438 }
439 else
440 BN_rand(&b,50+3*(i-num1),0,0);
393 a.neg=rand_neg(); 441 a.neg=rand_neg();
394 b.neg=rand_neg(); 442 b.neg=rand_neg();
395 BN_RECP_CTX_set(&recp,&b,ctx); 443 BN_RECP_CTX_set(&recp,&b,ctx);
@@ -424,7 +472,12 @@ int test_div_recp(BIO *bp, BN_CTX *ctx)
424 BN_sub(&d,&d,&a); 472 BN_sub(&d,&d,&a);
425 if(!BN_is_zero(&d)) 473 if(!BN_is_zero(&d))
426 { 474 {
427 BIO_puts(bp,"Reciprocal division test failed!\n"); 475 fprintf(stderr,"Reciprocal division test failed!\n");
476 fprintf(stderr,"a=");
477 BN_print_fp(stderr,&a);
478 fprintf(stderr,"\nb=");
479 BN_print_fp(stderr,&b);
480 fprintf(stderr,"\n");
428 return 0; 481 return 0;
429 } 482 }
430 } 483 }
@@ -451,11 +504,15 @@ int test_mul(BIO *bp)
451 BN_init(&d); 504 BN_init(&d);
452 BN_init(&e); 505 BN_init(&e);
453 506
454 BN_rand(&a,200,0,0); 507 for (i=0; i<num0+num1; i++)
455 for (i=0; i<100; i++)
456 { 508 {
457 BN_rand(&b,250+i,0,0); 509 if (i <= num1)
458 BN_rand(&b,200,0,0); 510 {
511 BN_rand(&a,100,0,0);
512 BN_rand(&b,100,0,0);
513 }
514 else
515 BN_rand(&b,i-num1,0,0);
459 a.neg=rand_neg(); 516 a.neg=rand_neg();
460 b.neg=rand_neg(); 517 b.neg=rand_neg();
461 if (bp == NULL) 518 if (bp == NULL)
@@ -478,7 +535,7 @@ int test_mul(BIO *bp)
478 BN_sub(&d,&d,&b); 535 BN_sub(&d,&d,&b);
479 if(!BN_is_zero(&d) || !BN_is_zero(&e)) 536 if(!BN_is_zero(&d) || !BN_is_zero(&e))
480 { 537 {
481 BIO_puts(bp,"Multiplication test failed!\n"); 538 fprintf(stderr,"Multiplication test failed!\n");
482 return 0; 539 return 0;
483 } 540 }
484 } 541 }
@@ -502,7 +559,7 @@ int test_sqr(BIO *bp, BN_CTX *ctx)
502 BN_init(&d); 559 BN_init(&d);
503 BN_init(&e); 560 BN_init(&e);
504 561
505 for (i=0; i<40; i++) 562 for (i=0; i<num0; i++)
506 { 563 {
507 BN_rand(&a,40+i*10,0,0); 564 BN_rand(&a,40+i*10,0,0);
508 a.neg=rand_neg(); 565 a.neg=rand_neg();
@@ -526,7 +583,7 @@ int test_sqr(BIO *bp, BN_CTX *ctx)
526 BN_sub(&d,&d,&a); 583 BN_sub(&d,&d,&a);
527 if(!BN_is_zero(&d) || !BN_is_zero(&e)) 584 if(!BN_is_zero(&d) || !BN_is_zero(&e))
528 { 585 {
529 BIO_puts(bp,"Square test failed!\n"); 586 fprintf(stderr,"Square test failed!\n");
530 return 0; 587 return 0;
531 } 588 }
532 } 589 }
@@ -557,9 +614,13 @@ int test_mont(BIO *bp, BN_CTX *ctx)
557 614
558 BN_rand(&a,100,0,0); /**/ 615 BN_rand(&a,100,0,0); /**/
559 BN_rand(&b,100,0,0); /**/ 616 BN_rand(&b,100,0,0); /**/
560 for (i=0; i<10; i++) 617 for (i=0; i<num2; i++)
561 { 618 {
562 BN_rand(&n,(100%BN_BITS2+1)*BN_BITS2*i*BN_BITS2,0,1); /**/ 619 int bits = (200*(i+1))/num2;
620
621 if (bits == 0)
622 continue;
623 BN_rand(&n,bits,0,1);
563 BN_MONT_CTX_set(mont,&n,ctx); 624 BN_MONT_CTX_set(mont,&n,ctx);
564 625
565 BN_to_montgomery(&A,&a,mont,ctx); 626 BN_to_montgomery(&A,&a,mont,ctx);
@@ -594,7 +655,7 @@ BN_num_bits(mont->N));
594 BN_sub(&d,&d,&A); 655 BN_sub(&d,&d,&A);
595 if(!BN_is_zero(&d)) 656 if(!BN_is_zero(&d))
596 { 657 {
597 BIO_puts(bp,"Montgomery multiplication test failed!\n"); 658 fprintf(stderr,"Montgomery multiplication test failed!\n");
598 return 0; 659 return 0;
599 } 660 }
600 } 661 }
@@ -622,7 +683,7 @@ int test_mod(BIO *bp, BN_CTX *ctx)
622 e=BN_new(); 683 e=BN_new();
623 684
624 BN_rand(a,1024,0,0); /**/ 685 BN_rand(a,1024,0,0); /**/
625 for (i=0; i<20; i++) 686 for (i=0; i<num0; i++)
626 { 687 {
627 BN_rand(b,450+i*10,0,0); /**/ 688 BN_rand(b,450+i*10,0,0); /**/
628 a->neg=rand_neg(); 689 a->neg=rand_neg();
@@ -647,7 +708,7 @@ int test_mod(BIO *bp, BN_CTX *ctx)
647 BN_sub(e,e,c); 708 BN_sub(e,e,c);
648 if(!BN_is_zero(e)) 709 if(!BN_is_zero(e))
649 { 710 {
650 BIO_puts(bp,"Modulo test failed!\n"); 711 fprintf(stderr,"Modulo test failed!\n");
651 return 0; 712 return 0;
652 } 713 }
653 } 714 }
@@ -671,10 +732,10 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
671 e=BN_new(); 732 e=BN_new();
672 733
673 BN_rand(c,1024,0,0); /**/ 734 BN_rand(c,1024,0,0); /**/
674 for (i=0; i<10; i++) 735 for (i=0; i<num0; i++)
675 { 736 {
676 BN_rand(a,475+i*10,0,0); /**/ 737 BN_rand(a,475+i*10,0,0); /**/
677 BN_rand(b,425+i*10,0,0); /**/ 738 BN_rand(b,425+i*11,0,0); /**/
678 a->neg=rand_neg(); 739 a->neg=rand_neg();
679 b->neg=rand_neg(); 740 b->neg=rand_neg();
680 /* if (bp == NULL) 741 /* if (bp == NULL)
@@ -709,7 +770,7 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
709 BN_div(a,b,d,c,ctx); 770 BN_div(a,b,d,c,ctx);
710 if(!BN_is_zero(b)) 771 if(!BN_is_zero(b))
711 { 772 {
712 BIO_puts(bp,"Modulo multiply test failed!\n"); 773 fprintf(stderr,"Modulo multiply test failed!\n");
713 return 0; 774 return 0;
714 } 775 }
715 } 776 }
@@ -733,7 +794,7 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
733 e=BN_new(); 794 e=BN_new();
734 795
735 BN_rand(c,30,0,1); /* must be odd for montgomery */ 796 BN_rand(c,30,0,1); /* must be odd for montgomery */
736 for (i=0; i<6; i++) 797 for (i=0; i<num2; i++)
737 { 798 {
738 BN_rand(a,20+i*5,0,0); /**/ 799 BN_rand(a,20+i*5,0,0); /**/
739 BN_rand(b,2+i,0,0); /**/ 800 BN_rand(b,2+i,0,0); /**/
@@ -760,7 +821,7 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
760 BN_div(a,b,e,c,ctx); 821 BN_div(a,b,e,c,ctx);
761 if(!BN_is_zero(b)) 822 if(!BN_is_zero(b))
762 { 823 {
763 BIO_puts(bp,"Modulo exponentiation test failed!\n"); 824 fprintf(stderr,"Modulo exponentiation test failed!\n");
764 return 0; 825 return 0;
765 } 826 }
766 } 827 }
@@ -784,7 +845,7 @@ int test_exp(BIO *bp, BN_CTX *ctx)
784 one=BN_new(); 845 one=BN_new();
785 BN_one(one); 846 BN_one(one);
786 847
787 for (i=0; i<6; i++) 848 for (i=0; i<num2; i++)
788 { 849 {
789 BN_rand(a,20+i*5,0,0); /**/ 850 BN_rand(a,20+i*5,0,0); /**/
790 BN_rand(b,2+i,0,0); /**/ 851 BN_rand(b,2+i,0,0); /**/
@@ -810,7 +871,7 @@ int test_exp(BIO *bp, BN_CTX *ctx)
810 BN_sub(e,e,d); 871 BN_sub(e,e,d);
811 if(!BN_is_zero(e)) 872 if(!BN_is_zero(e))
812 { 873 {
813 BIO_puts(bp,"Exponentiation test failed!\n"); 874 fprintf(stderr,"Exponentiation test failed!\n");
814 return 0; 875 return 0;
815 } 876 }
816 } 877 }
@@ -840,7 +901,7 @@ int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
840 BN_rand(a,200,0,0); /**/ 901 BN_rand(a,200,0,0); /**/
841 a->neg=rand_neg(); 902 a->neg=rand_neg();
842 } 903 }
843 for (i=0; i<70; i++) 904 for (i=0; i<num0; i++)
844 { 905 {
845 BN_lshift(b,a,i+1); 906 BN_lshift(b,a,i+1);
846 BN_add(c,c,c); 907 BN_add(c,c,c);
@@ -860,16 +921,16 @@ int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
860 BN_sub(d,d,b); 921 BN_sub(d,d,b);
861 if(!BN_is_zero(d)) 922 if(!BN_is_zero(d))
862 { 923 {
863 BIO_puts(bp,"Left shift test failed!\n"); 924 fprintf(stderr,"Left shift test failed!\n");
864 BIO_puts(bp,"a="); 925 fprintf(stderr,"a=");
865 BN_print(bp,a); 926 BN_print_fp(stderr,a);
866 BIO_puts(bp,"\nb="); 927 fprintf(stderr,"\nb=");
867 BN_print(bp,b); 928 BN_print_fp(stderr,b);
868 BIO_puts(bp,"\nc="); 929 fprintf(stderr,"\nc=");
869 BN_print(bp,c); 930 BN_print_fp(stderr,c);
870 BIO_puts(bp,"\nd="); 931 fprintf(stderr,"\nd=");
871 BN_print(bp,d); 932 BN_print_fp(stderr,d);
872 BIO_puts(bp,"\n"); 933 fprintf(stderr,"\n");
873 return 0; 934 return 0;
874 } 935 }
875 } 936 }
@@ -891,7 +952,7 @@ int test_lshift1(BIO *bp)
891 952
892 BN_rand(a,200,0,0); /**/ 953 BN_rand(a,200,0,0); /**/
893 a->neg=rand_neg(); 954 a->neg=rand_neg();
894 for (i=0; i<70; i++) 955 for (i=0; i<num0; i++)
895 { 956 {
896 BN_lshift1(b,a); 957 BN_lshift1(b,a);
897 if (bp != NULL) 958 if (bp != NULL)
@@ -909,7 +970,7 @@ int test_lshift1(BIO *bp)
909 BN_sub(a,b,c); 970 BN_sub(a,b,c);
910 if(!BN_is_zero(a)) 971 if(!BN_is_zero(a))
911 { 972 {
912 BIO_puts(bp,"Left shift one test failed!\n"); 973 fprintf(stderr,"Left shift one test failed!\n");
913 return 0; 974 return 0;
914 } 975 }
915 976
@@ -935,7 +996,7 @@ int test_rshift(BIO *bp,BN_CTX *ctx)
935 996
936 BN_rand(a,200,0,0); /**/ 997 BN_rand(a,200,0,0); /**/
937 a->neg=rand_neg(); 998 a->neg=rand_neg();
938 for (i=0; i<70; i++) 999 for (i=0; i<num0; i++)
939 { 1000 {
940 BN_rshift(b,a,i+1); 1001 BN_rshift(b,a,i+1);
941 BN_add(c,c,c); 1002 BN_add(c,c,c);
@@ -955,7 +1016,7 @@ int test_rshift(BIO *bp,BN_CTX *ctx)
955 BN_sub(d,d,b); 1016 BN_sub(d,d,b);
956 if(!BN_is_zero(d)) 1017 if(!BN_is_zero(d))
957 { 1018 {
958 BIO_puts(bp,"Right shift test failed!\n"); 1019 fprintf(stderr,"Right shift test failed!\n");
959 return 0; 1020 return 0;
960 } 1021 }
961 } 1022 }
@@ -978,7 +1039,7 @@ int test_rshift1(BIO *bp)
978 1039
979 BN_rand(a,200,0,0); /**/ 1040 BN_rand(a,200,0,0); /**/
980 a->neg=rand_neg(); 1041 a->neg=rand_neg();
981 for (i=0; i<70; i++) 1042 for (i=0; i<num0; i++)
982 { 1043 {
983 BN_rshift1(b,a); 1044 BN_rshift1(b,a);
984 if (bp != NULL) 1045 if (bp != NULL)
@@ -996,7 +1057,7 @@ int test_rshift1(BIO *bp)
996 BN_sub(c,c,b); 1057 BN_sub(c,c,b);
997 if(!BN_is_zero(c) && !BN_is_one(c)) 1058 if(!BN_is_zero(c) && !BN_is_one(c))
998 { 1059 {
999 BIO_puts(bp,"Right shift one test failed!\n"); 1060 fprintf(stderr,"Right shift one test failed!\n");
1000 return 0; 1061 return 0;
1001 } 1062 }
1002 BN_copy(a,b); 1063 BN_copy(a,b);
diff --git a/src/lib/libcrypto/bn/comba.pl b/src/lib/libcrypto/bn/comba.pl
index 211a8b45c7..e69de29bb2 100644
--- a/src/lib/libcrypto/bn/comba.pl
+++ b/src/lib/libcrypto/bn/comba.pl
@@ -1,285 +0,0 @@
1#!/usr/local/bin/perl
2
3$num=8;
4$num2=8/2;
5
6print <<"EOF";
7/* crypto/bn/bn_comba.c */
8#include <stdio.h>
9#include "bn_lcl.h"
10/* Auto generated from crypto/bn/comba.pl
11 */
12
13#undef bn_mul_comba8
14#undef bn_mul_comba4
15#undef bn_sqr_comba8
16#undef bn_sqr_comba4
17
18#ifdef BN_LLONG
19#define mul_add_c(a,b,c0,c1,c2) \\
20 t=(BN_ULLONG)a*b; \\
21 t1=(BN_ULONG)Lw(t); \\
22 t2=(BN_ULONG)Hw(t); \\
23 c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
24 c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
25
26#define mul_add_c2(a,b,c0,c1,c2) \\
27 t=(BN_ULLONG)a*b; \\
28 tt=(t+t)&BN_MASK; \\
29 if (tt < t) c2++; \\
30 t1=(BN_ULONG)Lw(tt); \\
31 t2=(BN_ULONG)Hw(tt); \\
32 c0=(c0+t1)&BN_MASK2; \\
33 if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \\
34 c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
35
36#define sqr_add_c(a,i,c0,c1,c2) \\
37 t=(BN_ULLONG)a[i]*a[i]; \\
38 t1=(BN_ULONG)Lw(t); \\
39 t2=(BN_ULONG)Hw(t); \\
40 c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
41 c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
42
43#define sqr_add_c2(a,i,j,c0,c1,c2) \\
44 mul_add_c2((a)[i],(a)[j],c0,c1,c2)
45#else
46#define mul_add_c(a,b,c0,c1,c2) \\
47 t1=LBITS(a); t2=HBITS(a); \\
48 bl=LBITS(b); bh=HBITS(b); \\
49 mul64(t1,t2,bl,bh); \\
50 c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
51 c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
52
53#define mul_add_c2(a,b,c0,c1,c2) \\
54 t1=LBITS(a); t2=HBITS(a); \\
55 bl=LBITS(b); bh=HBITS(b); \\
56 mul64(t1,t2,bl,bh); \\
57 if (t2 & BN_TBIT) c2++; \\
58 t2=(t2+t2)&BN_MASK2; \\
59 if (t1 & BN_TBIT) t2++; \\
60 t1=(t1+t1)&BN_MASK2; \\
61 c0=(c0+t1)&BN_MASK2; \\
62 if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \\
63 c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
64
65#define sqr_add_c(a,i,c0,c1,c2) \\
66 sqr64(t1,t2,(a)[i]); \\
67 c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
68 c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
69
70#define sqr_add_c2(a,i,j,c0,c1,c2) \\
71 mul_add_c2((a)[i],(a)[j],c0,c1,c2)
72#endif
73
74void bn_mul_comba${num}(r,a,b)
75BN_ULONG *r,*a,*b;
76 {
77#ifdef BN_LLONG
78 BN_ULLONG t;
79#else
80 BN_ULONG bl,bh;
81#endif
82 BN_ULONG t1,t2;
83 BN_ULONG c1,c2,c3;
84
85EOF
86$ret=&combas_mul("r","a","b",$num,"c1","c2","c3");
87printf <<"EOF";
88 }
89
90void bn_mul_comba${num2}(r,a,b)
91BN_ULONG *r,*a,*b;
92 {
93#ifdef BN_LLONG
94 BN_ULLONG t;
95#else
96 BN_ULONG bl,bh;
97#endif
98 BN_ULONG t1,t2;
99 BN_ULONG c1,c2,c3;
100
101EOF
102$ret=&combas_mul("r","a","b",$num2,"c1","c2","c3");
103printf <<"EOF";
104 }
105
106void bn_sqr_comba${num}(r,a)
107BN_ULONG *r,*a;
108 {
109#ifdef BN_LLONG
110 BN_ULLONG t,tt;
111#else
112 BN_ULONG bl,bh;
113#endif
114 BN_ULONG t1,t2;
115 BN_ULONG c1,c2,c3;
116
117EOF
118$ret=&combas_sqr("r","a",$num,"c1","c2","c3");
119printf <<"EOF";
120 }
121
122void bn_sqr_comba${num2}(r,a)
123BN_ULONG *r,*a;
124 {
125#ifdef BN_LLONG
126 BN_ULLONG t,tt;
127#else
128 BN_ULONG bl,bh;
129#endif
130 BN_ULONG t1,t2;
131 BN_ULONG c1,c2,c3;
132
133EOF
134$ret=&combas_sqr("r","a",$num2,"c1","c2","c3");
135printf <<"EOF";
136 }
137EOF
138
139sub bn_str
140 {
141 local($var,$val)=@_;
142 print "\t$var=$val;\n";
143 }
144
145sub bn_ary
146 {
147 local($var,$idx)=@_;
148 return("${var}[$idx]");
149 }
150
151sub bn_clr
152 {
153 local($var)=@_;
154
155 print "\t$var=0;\n";
156 }
157
158sub bn_mad
159 {
160 local($a,$b,$c0,$c1,$c2,$num)=@_;
161
162 if ($num == 2)
163 { printf("\tmul_add_c2($a,$b,$c0,$c1,$c2);\n"); }
164 else
165 { printf("\tmul_add_c($a,$b,$c0,$c1,$c2);\n"); }
166 }
167
168sub bn_sad
169 {
170 local($a,$i,$j,$c0,$c1,$c2,$num)=@_;
171
172 if ($num == 2)
173 { printf("\tsqr_add_c2($a,$i,$j,$c0,$c1,$c2);\n"); }
174 else
175 { printf("\tsqr_add_c($a,$i,$c0,$c1,$c2);\n"); }
176 }
177
178sub combas_mul
179 {
180 local($r,$a,$b,$num,$c0,$c1,$c2)=@_;
181 local($i,$as,$ae,$bs,$be,$ai,$bi);
182 local($tot,$end);
183
184 $as=0;
185 $ae=0;
186 $bs=0;
187 $be=0;
188 $tot=$num+$num-1;
189 &bn_clr($c0);
190 &bn_clr($c1);
191 for ($i=0; $i<$tot; $i++)
192 {
193 $ai=$as;
194 $bi=$bs;
195 $end=$be+1;
196 @numa=@numb=();
197
198#print "($as $ae) ($bs $be) $bs -> $end [$i $num]\n";
199 for ($j=$bs; $j<$end; $j++)
200 {
201 push(@numa,$ai);
202 push(@numb,$bi);
203 $ai--;
204 $bi++;
205 }
206
207 if ($i & 1)
208 {
209 @numa=reverse(@numa);
210 @numb=reverse(@numb);
211 }
212
213 &bn_clr($c2);
214 for ($j=0; $j<=$#numa; $j++)
215 {
216 &bn_mad(&bn_ary($a,$numa[$j]),
217 &bn_ary($b,$numb[$j]),$c0,$c1,$c2,1);
218 }
219 &bn_str(&bn_ary($r,$i),$c0);
220 ($c0,$c1,$c2)=($c1,$c2,$c0);
221
222 $as++ if ($i < ($num-1));
223 $ae++ if ($i >= ($num-1));
224
225 $bs++ if ($i >= ($num-1));
226 $be++ if ($i < ($num-1));
227 }
228 &bn_str(&bn_ary($r,$i),$c0);
229 }
230
231sub combas_sqr
232 {
233 local($r,$a,$num,$c0,$c1,$c2)=@_;
234 local($i,$as,$ae,$bs,$be,$ai,$bi);
235 local($b,$tot,$end,$half);
236
237 $b=$a;
238 $as=0;
239 $ae=0;
240 $bs=0;
241 $be=0;
242 $tot=$num+$num-1;
243 &bn_clr($c0);
244 &bn_clr($c1);
245 for ($i=0; $i<$tot; $i++)
246 {
247 $ai=$as;
248 $bi=$bs;
249 $end=$be+1;
250 @numa=@numb=();
251
252#print "($as $ae) ($bs $be) $bs -> $end [$i $num]\n";
253 for ($j=$bs; $j<$end; $j++)
254 {
255 push(@numa,$ai);
256 push(@numb,$bi);
257 $ai--;
258 $bi++;
259 last if ($ai < $bi);
260 }
261 if (!($i & 1))
262 {
263 @numa=reverse(@numa);
264 @numb=reverse(@numb);
265 }
266
267 &bn_clr($c2);
268 for ($j=0; $j <= $#numa; $j++)
269 {
270 if ($numa[$j] == $numb[$j])
271 {&bn_sad($a,$numa[$j],$numb[$j],$c0,$c1,$c2,1);}
272 else
273 {&bn_sad($a,$numa[$j],$numb[$j],$c0,$c1,$c2,2);}
274 }
275 &bn_str(&bn_ary($r,$i),$c0);
276 ($c0,$c1,$c2)=($c1,$c2,$c0);
277
278 $as++ if ($i < ($num-1));
279 $ae++ if ($i >= ($num-1));
280
281 $bs++ if ($i >= ($num-1));
282 $be++ if ($i < ($num-1));
283 }
284 &bn_str(&bn_ary($r,$i),$c0);
285 }
diff --git a/src/lib/libcrypto/bn/d.c b/src/lib/libcrypto/bn/d.c
index ced2291b25..e69de29bb2 100644
--- a/src/lib/libcrypto/bn/d.c
+++ b/src/lib/libcrypto/bn/d.c
@@ -1,72 +0,0 @@
1#include <stdio.h>
2#include <openssl/bio.h>
3#include "bn_lcl.h"
4
5#define SIZE_A (100*4+4)
6#define SIZE_B (13*4)
7
8main(argc,argv)
9int argc;
10char *argv[];
11 {
12 BN_CTX ctx;
13 BN_RECP_CTX recp;
14 BIGNUM a,b,dd,d,r,rr,t,l;
15 int i;
16
17 MemCheck_start();
18 MemCheck_on();
19 BN_CTX_init(&ctx);
20 BN_RECP_CTX_init(&recp);
21
22 BN_init(&r);
23 BN_init(&rr);
24 BN_init(&d);
25 BN_init(&dd);
26 BN_init(&a);
27 BN_init(&b);
28
29 {
30 BN_rand(&a,SIZE_A,0,0);
31 BN_rand(&b,SIZE_B,0,0);
32
33 a.neg=1;
34 BN_RECP_CTX_set(&recp,&b,&ctx);
35
36 BN_print_fp(stdout,&a); printf(" a\n");
37 BN_print_fp(stdout,&b); printf(" b\n");
38
39 BN_print_fp(stdout,&recp.N); printf(" N\n");
40 BN_print_fp(stdout,&recp.Nr); printf(" Nr num_bits=%d\n",recp.num_bits);
41
42 BN_div_recp(&r,&d,&a,&recp,&ctx);
43
44for (i=0; i<300; i++)
45 BN_div(&rr,&dd,&a,&b,&ctx);
46
47 BN_print_fp(stdout,&r); printf(" div recp\n");
48 BN_print_fp(stdout,&rr); printf(" div\n");
49 BN_print_fp(stdout,&d); printf(" rem recp\n");
50 BN_print_fp(stdout,&dd); printf(" rem\n");
51 }
52 BN_CTX_free(&ctx);
53 BN_RECP_CTX_free(&recp);
54
55 BN_free(&r);
56 BN_free(&rr);
57 BN_free(&d);
58 BN_free(&dd);
59 BN_free(&a);
60 BN_free(&b);
61
62 {
63 BIO *out;
64
65 if ((out=BIO_new(BIO_s_file())) != NULL)
66 BIO_set_fp(out,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
67
68 CRYPTO_mem_leaks(out);
69 BIO_free(out);
70 }
71
72 }
diff --git a/src/lib/libcrypto/bn/divtest.c b/src/lib/libcrypto/bn/divtest.c
new file mode 100644
index 0000000000..13ba86e3c4
--- /dev/null
+++ b/src/lib/libcrypto/bn/divtest.c
@@ -0,0 +1,41 @@
1#include <openssl/bn.h>
2#include <openssl/rand.h>
3
4static int rand(n)
5{
6 unsigned char x[2];
7 RAND_pseudo_bytes(x,2);
8 return (x[0] + 2*x[1]);
9}
10
11static void bug(char *m, BIGNUM *a, BIGNUM *b)
12{
13 printf("%s!\na=",m);
14 BN_print_fp(stdout, a);
15 printf("\nb=");
16 BN_print_fp(stdout, b);
17 printf("\n");
18 fflush(stdout);
19}
20
21main()
22{
23 BIGNUM *a=BN_new(), *b=BN_new(), *c=BN_new(), *d=BN_new(),
24 *C=BN_new(), *D=BN_new();
25 BN_RECP_CTX *recp=BN_RECP_CTX_new();
26 BN_CTX *ctx=BN_CTX_new();
27
28 for(;;) {
29 BN_pseudo_rand(a,rand(),0,0);
30 BN_pseudo_rand(b,rand(),0,0);
31 if (BN_is_zero(b)) continue;
32
33 BN_RECP_CTX_set(recp,b,ctx);
34 if (BN_div(C,D,a,b,ctx) != 1)
35 bug("BN_div failed",a,b);
36 if (BN_div_recp(c,d,a,recp,ctx) != 1)
37 bug("BN_div_recp failed",a,b);
38 else if (BN_cmp(c,C) != 0 || BN_cmp(c,C) != 0)
39 bug("mismatch",a,b);
40 }
41}
diff --git a/src/lib/libcrypto/bn/exp.c b/src/lib/libcrypto/bn/exp.c
index ec443459d8..4865b0ef74 100644
--- a/src/lib/libcrypto/bn/exp.c
+++ b/src/lib/libcrypto/bn/exp.c
@@ -1,3 +1,5 @@
1/* unused */
2
1#include <stdio.h> 3#include <stdio.h>
2#include <openssl/tmdiff.h> 4#include <openssl/tmdiff.h>
3#include "bn_lcl.h" 5#include "bn_lcl.h"
diff --git a/src/lib/libcrypto/bn/expspeed.c b/src/lib/libcrypto/bn/expspeed.c
index 3656d5bb4c..2044ab9bff 100644
--- a/src/lib/libcrypto/bn/expspeed.c
+++ b/src/lib/libcrypto/bn/expspeed.c
@@ -1,3 +1,5 @@
1/* unused */
2
1/* crypto/bn/expspeed.c */ 3/* crypto/bn/expspeed.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 4/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 5 * All rights reserved.
diff --git a/src/lib/libcrypto/bn/exptest.c b/src/lib/libcrypto/bn/exptest.c
index 9e4ae91d20..3e86f2ea0e 100644
--- a/src/lib/libcrypto/bn/exptest.c
+++ b/src/lib/libcrypto/bn/exptest.c
@@ -69,6 +69,8 @@
69 69
70#define NUM_BITS (BN_BITS*2) 70#define NUM_BITS (BN_BITS*2)
71 71
72static const char rnd_seed[] = "string to make the random number generator think it has entropy";
73
72int main(int argc, char *argv[]) 74int main(int argc, char *argv[])
73 { 75 {
74 BN_CTX *ctx; 76 BN_CTX *ctx;
@@ -77,6 +79,10 @@ int main(int argc, char *argv[])
77 unsigned char c; 79 unsigned char c;
78 BIGNUM *r_mont,*r_recp,*r_simple,*a,*b,*m; 80 BIGNUM *r_mont,*r_recp,*r_simple,*a,*b,*m;
79 81
82 RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
83 * even check its return value
84 * (which we should) */
85
80 ERR_load_BN_strings(); 86 ERR_load_BN_strings();
81 87
82 ctx=BN_CTX_new(); 88 ctx=BN_CTX_new();
@@ -160,7 +166,16 @@ int main(int argc, char *argv[])
160 exit(1); 166 exit(1);
161 } 167 }
162 } 168 }
169 BN_free(r_mont);
170 BN_free(r_recp);
171 BN_free(r_simple);
172 BN_free(a);
173 BN_free(b);
174 BN_free(m);
175 BN_CTX_free(ctx);
176 ERR_remove_state(0);
163 CRYPTO_mem_leaks(out); 177 CRYPTO_mem_leaks(out);
178 BIO_free(out);
164 printf(" done\n"); 179 printf(" done\n");
165 exit(0); 180 exit(0);
166err: 181err:
diff --git a/src/lib/libcrypto/bn/new b/src/lib/libcrypto/bn/new
index 285d506f19..e69de29bb2 100644
--- a/src/lib/libcrypto/bn/new
+++ b/src/lib/libcrypto/bn/new
@@ -1,23 +0,0 @@
1void BN_RECP_CTX_init(BN_RECP_CTX *recp);
2BN_RECP_CTX *BN_RECP_CTX_new();
3void BN_RECP_CTX_free(BN_RECP_CTX *recp);
4int BN_RECP_CTX_set(BN_RECP_CTX *recp,BIGNUM *div,BN_CTX *ctx);
5
6int BN_mod_exp_recp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
7 BN_RECP_CTX *recp,BN_CTX *ctx);
8
9int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d,
10 BN_RECP_CTX *recp, BN_CTX *ctx);
11int BN_mod_recp(BIGNUM *rem, BIGNUM *m, BIGNUM *d,
12 BN_RECP_CTX *recp, BN_CTX *ctx);
13int BN_mod_mul_recp(BIGNUM *ret,BIGNUM *a,BIGNUM *b,BIGNUM *m
14
15int BN_mod_exp_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *p,
16 BN_MONT_CTX *m_ctx,BN_CTX *ctx);
17int BN_mod_exp2_montgomery(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2,
18 BIGNUM *p2,BN_MONT_CTX *m_ctx,BN_CTX *ctx);
19
20
21bn_div64 -> bn_div_words
22
23
diff --git a/src/lib/libcrypto/bn/old/b_sqr.c b/src/lib/libcrypto/bn/old/b_sqr.c
index 715cb1c8ab..e69de29bb2 100644
--- a/src/lib/libcrypto/bn/old/b_sqr.c
+++ b/src/lib/libcrypto/bn/old/b_sqr.c
@@ -1,199 +0,0 @@
1/* crypto/bn/bn_mul.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include "bn_lcl.h"
62
63static int bn_mm(BIGNUM *m,BIGNUM *A,BIGNUM *B, BIGNUM *sk,BN_CTX *ctx);
64
65/* r must be different to a and b */
66/* int BN_mmul(r, a, b) */
67int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b)
68 {
69 BN_ULONG *ap,*bp,*rp;
70 BIGNUM *sk;
71 int i,n,ret;
72 int max,al,bl;
73 BN_CTX ctx;
74
75 bn_check_top(a);
76 bn_check_top(b);
77
78 al=a->top;
79 bl=b->top;
80 if ((al == 0) || (bl == 0))
81 {
82 r->top=0;
83 return(1);
84 }
85#ifdef BN_MUL_DEBUG
86printf("BN_mul(%d,%d)\n",a->top,b->top);
87#endif
88
89 if ( (bn_limit_bits > 0) &&
90 (bl > bn_limit_num) && (al > bn_limit_num))
91 {
92 n=(BN_num_bits_word(al|bl)-bn_limit_bits);
93 n*=2;
94 sk=(BIGNUM *)Malloc(sizeof(BIGNUM)*n);
95 memset(sk,0,sizeof(BIGNUM)*n);
96 memset(&ctx,0,sizeof(ctx));
97
98 ret=bn_mm(r,a,b,&(sk[0]),&ctx);
99 for (i=0; i<n; i+=2)
100 {
101 BN_clear_free(&sk[i]);
102 BN_clear_free(&sk[i+1]);
103 }
104 Free(sk);
105 return(ret);
106 }
107
108 max=(al+bl);
109 if (bn_wexpand(r,max) == NULL) return(0);
110 r->top=max;
111 r->neg=a->neg^b->neg;
112 ap=a->d;
113 bp=b->d;
114 rp=r->d;
115
116 rp[al]=bn_mul_words(rp,ap,al,*(bp++));
117 rp++;
118 for (i=1; i<bl; i++)
119 {
120 rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
121 rp++;
122 }
123 if ((max > 0) && (r->d[max-1] == 0)) r->top--;
124 return(1);
125 }
126
127
128#define ahal (sk[0])
129#define blbh (sk[1])
130
131/* r must be different to a and b */
132int bn_mm(BIGNUM *m, BIGNUM *A, BIGNUM *B, BIGNUM *sk, BN_CTX *ctx)
133 {
134 int n,num,sqr=0;
135 int an,bn;
136 BIGNUM ah,al,bh,bl;
137
138 an=A->top;
139 bn=B->top;
140#ifdef BN_MUL_DEBUG
141printf("bn_mm(%d,%d)\n",A->top,B->top);
142#endif
143
144 if (A == B) sqr=1;
145 num=(an>bn)?an:bn;
146 n=(num+1)/2;
147 /* Are going to now chop things into 'num' word chunks. */
148
149 BN_init(&ah);
150 BN_init(&al);
151 BN_init(&bh);
152 BN_init(&bl);
153
154 bn_set_low (&al,A,n);
155 bn_set_high(&ah,A,n);
156 bn_set_low (&bl,B,n);
157 bn_set_high(&bh,B,n);
158
159 BN_sub(&ahal,&ah,&al);
160 BN_sub(&blbh,&bl,&bh);
161
162 if (num <= (bn_limit_num+bn_limit_num))
163 {
164 BN_mul(m,&ahal,&blbh);
165 if (sqr)
166 {
167 BN_sqr(&ahal,&al,ctx);
168 BN_sqr(&blbh,&ah,ctx);
169 }
170 else
171 {
172 BN_mul(&ahal,&al,&bl);
173 BN_mul(&blbh,&ah,&bh);
174 }
175 }
176 else
177 {
178 bn_mm(m,&ahal,&blbh,&(sk[2]),ctx);
179 bn_mm(&ahal,&al,&bl,&(sk[2]),ctx);
180 bn_mm(&blbh,&ah,&bh,&(sk[2]),ctx);
181 }
182
183 BN_add(m,m,&ahal);
184 BN_add(m,m,&blbh);
185
186 BN_lshift(m,m,n*BN_BITS2);
187 BN_lshift(&blbh,&blbh,n*BN_BITS2*2);
188
189 BN_add(m,m,&ahal);
190 BN_add(m,m,&blbh);
191
192 m->neg=A->neg^B->neg;
193 return(1);
194 }
195#undef ahal (sk[0])
196#undef blbh (sk[1])
197
198#include "bn_low.c"
199#include "bn_high.c"
diff --git a/src/lib/libcrypto/bn/old/bn_com.c b/src/lib/libcrypto/bn/old/bn_com.c
index 7666b2304c..e69de29bb2 100644
--- a/src/lib/libcrypto/bn/old/bn_com.c
+++ b/src/lib/libcrypto/bn/old/bn_com.c
@@ -1,90 +0,0 @@
1/* crypto/bn/bn_mulw.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include "bn_lcl.h"
62
63#ifdef BN_LLONG
64
65ab
6612
67 a2 b2
68a1 b1
69
70abc
71123
72 a3 b3 c3
73 a2 b2 c2
74a1 b1 c1
75
76abcd
771234
78 a4 b4 c4 d4
79 a3 b3 c3 d3
80 a2 b2 c2 d2
81a1 b1 c1 d1
82
83abcde
8401234
85 a5 b5 c5 d5 e5
86 a4 b4 c4 d4 e4
87 a3 b3 c3 d3 e3
88 a2 b2 c2 d2 e2
89 a1 b1 c1 d1 e1
90a0 b0 c0 d0 e0
diff --git a/src/lib/libcrypto/bn/old/bn_high.c b/src/lib/libcrypto/bn/old/bn_high.c
index 763bcb605b..e69de29bb2 100644
--- a/src/lib/libcrypto/bn/old/bn_high.c
+++ b/src/lib/libcrypto/bn/old/bn_high.c
@@ -1,135 +0,0 @@
1#include <stdio.h>
2#include "cryptlib.h"
3#include "bn_lcl.h"
4
5#undef BN_MUL_HIGH_DEBUG
6
7#ifdef BN_MUL_HIGH_DEBUG
8#define debug_BN_print(a,b,c) BN_print_fp(a,b); printf(c);
9#else
10#define debug_BN_print(a,b,c)
11#endif
12
13int BN_mul_high(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *low, int words);
14
15#undef t1
16#undef t2
17
18int BN_mul_high(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *low, int words)
19 {
20 int w2,borrow=0,full=0;
21 BIGNUM t1,t2,t3,h,ah,al,bh,bl,m,s0,s1;
22 BN_ULONG ul1,ul2;
23
24 BN_mul(r,a,b);
25 BN_rshift(r,r,words*BN_BITS2);
26 return(1);
27
28 w2=(words+1)/2;
29
30#ifdef BN_MUL_HIGH_DEBUG
31fprintf(stdout,"words=%d w2=%d\n",words,w2);
32#endif
33debug_BN_print(stdout,a," a\n");
34debug_BN_print(stdout,b," b\n");
35debug_BN_print(stdout,low," low\n");
36 BN_init(&al); BN_init(&ah);
37 BN_init(&bl); BN_init(&bh);
38 BN_init(&t1); BN_init(&t2); BN_init(&t3);
39 BN_init(&s0); BN_init(&s1);
40 BN_init(&h); BN_init(&m);
41
42 bn_set_low (&al,a,w2);
43 bn_set_high(&ah,a,w2);
44 bn_set_low (&bl,b,w2);
45 bn_set_high(&bh,b,w2);
46
47 bn_set_low(&s0,low,w2);
48 bn_set_high(&s1,low,w2);
49
50debug_BN_print(stdout,&al," al\n");
51debug_BN_print(stdout,&ah," ah\n");
52debug_BN_print(stdout,&bl," bl\n");
53debug_BN_print(stdout,&bh," bh\n");
54debug_BN_print(stdout,&s0," s0\n");
55debug_BN_print(stdout,&s1," s1\n");
56
57 /* Calculate (al-ah)*(bh-bl) */
58 BN_sub(&t1,&al,&ah);
59 BN_sub(&t2,&bh,&bl);
60 BN_mul(&m,&t1,&t2);
61
62 /* Calculate ah*bh */
63 BN_mul(&h,&ah,&bh);
64
65 /* s0 == low(al*bl)
66 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
67 * We know s0 and s1 so the only unknown is high(al*bl)
68 * high(al*bl) == s1 - low(ah*bh+(al-ah)*(bh-bl)+s0)
69 */
70 BN_add(&m,&m,&h);
71 BN_add(&t2,&m,&s0);
72
73debug_BN_print(stdout,&t2," middle value\n");
74
75 /* Quick and dirty mask off of high words */
76 if (w2 < t2.top) t2.top=w2;
77#if 0
78 bn_set_low(&t3,&t2,w2);
79#endif
80
81debug_BN_print(stdout,&t2," low middle value\n");
82 BN_sub(&t1,&s1,&t2);
83
84 if (t1.neg)
85 {
86debug_BN_print(stdout,&t1," before\n");
87 BN_zero(&t2);
88 BN_set_bit(&t2,w2*BN_BITS2);
89 BN_add(&t1,&t2,&t1);
90 /* BN_mask_bits(&t1,w2*BN_BITS2); */
91 /* if (words < t1.top) t1.top=words; */
92debug_BN_print(stdout,&t1," after\n");
93 borrow=1;
94 }
95
96/* XXXXX SPEED THIS UP */
97 /* al*bl == high(al*bl)<<words+s0 */
98 BN_lshift(&t1,&t1,w2*BN_BITS2);
99 BN_add(&t1,&t1,&s0);
100 if (w2*2 < t1.top) t1.top=w2*2; /* This should not happen? */
101
102 /* We now have
103 * al*bl - t1
104 * (al-ah)*(bh-bl)+ah*bh - m
105 * ah*bh - h
106 */
107#if 0
108 BN_add(&m,&m,&t1);
109debug_BN_print(stdout,&t1," s10\n");
110debug_BN_print(stdout,&m," s21\n");
111debug_BN_print(stdout,&h," s32\n");
112 BN_lshift(&m,&m,w2*BN_BITS2);
113 BN_lshift(&h,&h,w2*2*BN_BITS2);
114 BN_add(r,&m,&t1);
115 BN_add(r,r,&h);
116 BN_rshift(r,r,w2*2*BN_BITS2);
117#else
118 BN_add(&m,&m,&t1); /* Do a cmp then +1 if needed? */
119 bn_set_high(&t3,&t1,w2);
120 BN_add(&m,&m,&t3);
121 bn_set_high(&t3,&m,w2);
122 BN_add(r,&h,&t3);
123#endif
124
125#ifdef BN_MUL_HIGH_DEBUG
126printf("carry=%d\n",borrow);
127#endif
128debug_BN_print(stdout,r," ret\n");
129 BN_free(&t1); BN_free(&t2);
130 BN_free(&m); BN_free(&h);
131 return(1);
132 }
133
134
135
diff --git a/src/lib/libcrypto/bn/old/bn_ka.c b/src/lib/libcrypto/bn/old/bn_ka.c
index 378c94dc5a..e69de29bb2 100644
--- a/src/lib/libcrypto/bn/old/bn_ka.c
+++ b/src/lib/libcrypto/bn/old/bn_ka.c
@@ -1,567 +0,0 @@
1#include <stdio.h>
2#include <stdlib.h>
3#include <strings.h>
4#include "bn_lcl.h"
5
6/* r is 2*n2 words in size,
7 * a and b are both n2 words in size.
8 * n2 must be a power of 2.
9 * We multiply and return the result.
10 * t must be 2*n2 words in size
11 * We calulate
12 * a[0]*b[0]
13 * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
14 * a[1]*b[1]
15 */
16void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
17 BN_ULONG *t)
18 {
19 int n=n2/2;
20 int neg,zero,c1,c2;
21 BN_ULONG ln,lo,*p;
22
23#ifdef BN_COUNT
24printf(" bn_mul_recursive %d * %d\n",n2,n2);
25#endif
26 if (n2 <= 8)
27 {
28 if (n2 == 8)
29 bn_mul_comba8(r,a,b);
30 else
31 bn_mul_normal(r,a,n2,b,n2);
32 return;
33 }
34
35 if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
36 {
37 /* This should not happen */
38 /*abort(); */
39 bn_mul_normal(r,a,n2,b,n2);
40 return;
41 }
42 /* r=(a[0]-a[1])*(b[1]-b[0]) */
43 c1=bn_cmp_words(a,&(a[n]),n);
44 c2=bn_cmp_words(&(b[n]),b,n);
45 zero=neg=0;
46 switch (c1*3+c2)
47 {
48 case -4:
49 bn_sub_words(t, &(a[n]),a, n); /* - */
50 bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */
51 break;
52 case -3:
53 zero=1;
54 break;
55 case -2:
56 bn_sub_words(t, &(a[n]),a, n); /* - */
57 bn_sub_words(&(t[n]),&(b[n]),b, n); /* + */
58 neg=1;
59 break;
60 case -1:
61 case 0:
62 case 1:
63 zero=1;
64 break;
65 case 2:
66 bn_sub_words(t, a, &(a[n]),n); /* + */
67 bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */
68 neg=1;
69 break;
70 case 3:
71 zero=1;
72 break;
73 case 4:
74 bn_sub_words(t, a, &(a[n]),n);
75 bn_sub_words(&(t[n]),&(b[n]),b, n);
76 break;
77 }
78
79 if (n == 8)
80 {
81 if (!zero)
82 bn_mul_comba8(&(t[n2]),t,&(t[n]));
83 else
84 memset(&(t[n2]),0,8*sizeof(BN_ULONG));
85
86 bn_mul_comba8(r,a,b);
87 bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
88 }
89 else
90 {
91 p= &(t[n2*2]);
92 if (!zero)
93 bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
94 else
95 memset(&(t[n2]),0,n*sizeof(BN_ULONG));
96 bn_mul_recursive(r,a,b,n,p);
97 bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p);
98 }
99
100 /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
101 * r[10] holds (a[0]*b[0])
102 * r[32] holds (b[1]*b[1])
103 */
104
105 c1=bn_add_words(t,r,&(r[n2]),n2);
106
107 if (neg) /* if t[32] is negative */
108 {
109 c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
110 }
111 else
112 {
113 /* Might have a carry */
114 c1+=bn_add_words(&(t[n2]),&(t[n2]),t,n2);
115 }
116
117 /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
118 * r[10] holds (a[0]*b[0])
119 * r[32] holds (b[1]*b[1])
120 * c1 holds the carry bits
121 */
122 c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
123 if (c1)
124 {
125 p= &(r[n+n2]);
126 lo= *p;
127 ln=(lo+c1)&BN_MASK2;
128 *p=ln;
129
130 /* The overflow will stop before we over write
131 * words we should not overwrite */
132 if (ln < c1)
133 {
134 do {
135 p++;
136 lo= *p;
137 ln=(lo+1)&BN_MASK2;
138 *p=ln;
139 } while (ln == 0);
140 }
141 }
142 }
143
144/* n+tn is the word length
145 * t needs to be n*4 is size, as does r */
146void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
147 int n, BN_ULONG *t)
148 {
149 int n2=n*2,i,j;
150 int c1;
151 BN_ULONG ln,lo,*p;
152
153#ifdef BN_COUNT
154printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
155#endif
156 if (n < 8)
157 {
158 i=tn+n;
159 bn_mul_normal(r,a,i,b,i);
160 return;
161 }
162
163 /* r=(a[0]-a[1])*(b[1]-b[0]) */
164 bn_sub_words(t, a, &(a[n]),n); /* + */
165 bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */
166
167 if (n == 8)
168 {
169 bn_mul_comba8(&(t[n2]),t,&(t[n]));
170 bn_mul_comba8(r,a,b);
171 bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
172 memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
173 }
174 else
175 {
176 p= &(t[n2*2]);
177 bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
178 bn_mul_recursive(r,a,b,n,p);
179 i=n/2;
180 /* If there is only a bottom half to the number,
181 * just do it */
182 j=tn-i;
183 if (j == 0)
184 {
185 bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p);
186 memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
187 }
188 else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
189 {
190 bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
191 j,i,p);
192 memset(&(r[n2+tn*2]),0,
193 sizeof(BN_ULONG)*(n2-tn*2));
194 }
195 else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
196 {
197 memset(&(r[n2]),0,sizeof(BN_ULONG)*(tn*2));
198 for (;;)
199 {
200 i/=2;
201 if (i < tn)
202 {
203 bn_mul_part_recursive(&(r[n2]),
204 &(a[n]),&(b[n]),
205 tn-i,i,p);
206 break;
207 }
208 else if (i == tn)
209 {
210 bn_mul_recursive(&(r[n2]),
211 &(a[n]),&(b[n]),
212 i,p);
213 break;
214 }
215 }
216 }
217 }
218
219 /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
220 * r[10] holds (a[0]*b[0])
221 * r[32] holds (b[1]*b[1])
222 */
223
224 c1=bn_add_words(t,r,&(r[n2]),n2);
225 c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
226
227 /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
228 * r[10] holds (a[0]*b[0])
229 * r[32] holds (b[1]*b[1])
230 * c1 holds the carry bits
231 */
232 c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
233 if (c1)
234 {
235 p= &(r[n+n2]);
236 lo= *p;
237 ln=(lo+c1)&BN_MASK2;
238 *p=ln;
239
240 /* The overflow will stop before we over write
241 * words we should not overwrite */
242 if (ln < c1)
243 {
244 do {
245 p++;
246 lo= *p;
247 ln=(lo+1)&BN_MASK2;
248 *p=ln;
249 } while (ln == 0);
250 }
251 }
252 }
253
254/* r is 2*n words in size,
255 * a and b are both n words in size.
256 * n must be a power of 2.
257 * We multiply and return the result.
258 * t must be 2*n words in size
259 * We calulate
260 * a[0]*b[0]
261 * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
262 * a[1]*b[1]
263 */
264void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *t)
265 {
266 int n=n2/2;
267 int zero,c1;
268 BN_ULONG ln,lo,*p;
269
270#ifdef BN_COUNT
271printf(" bn_sqr_recursive %d * %d\n",n2,n2);
272#endif
273 if (n2 == 4)
274 {
275 bn_sqr_comba4(r,a);
276 return;
277 }
278 else if (n2 == 8)
279 {
280 bn_sqr_comba8(r,a);
281 return;
282 }
283 if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL)
284 {
285 bn_sqr_normal(r,a,n2,t);
286 return;
287 abort();
288 }
289 /* r=(a[0]-a[1])*(a[1]-a[0]) */
290 c1=bn_cmp_words(a,&(a[n]),n);
291 zero=0;
292 if (c1 > 0)
293 bn_sub_words(t,a,&(a[n]),n);
294 else if (c1 < 0)
295 bn_sub_words(t,&(a[n]),a,n);
296 else
297 zero=1;
298
299 /* The result will always be negative unless it is zero */
300
301 if (n == 8)
302 {
303 if (!zero)
304 bn_sqr_comba8(&(t[n2]),t);
305 else
306 memset(&(t[n2]),0,8*sizeof(BN_ULONG));
307
308 bn_sqr_comba8(r,a);
309 bn_sqr_comba8(&(r[n2]),&(a[n]));
310 }
311 else
312 {
313 p= &(t[n2*2]);
314 if (!zero)
315 bn_sqr_recursive(&(t[n2]),t,n,p);
316 else
317 memset(&(t[n2]),0,n*sizeof(BN_ULONG));
318 bn_sqr_recursive(r,a,n,p);
319 bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
320 }
321
322 /* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
323 * r[10] holds (a[0]*b[0])
324 * r[32] holds (b[1]*b[1])
325 */
326
327 c1=bn_add_words(t,r,&(r[n2]),n2);
328
329 /* t[32] is negative */
330 c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
331
332 /* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
333 * r[10] holds (a[0]*a[0])
334 * r[32] holds (a[1]*a[1])
335 * c1 holds the carry bits
336 */
337 c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
338 if (c1)
339 {
340 p= &(r[n+n2]);
341 lo= *p;
342 ln=(lo+c1)&BN_MASK2;
343 *p=ln;
344
345 /* The overflow will stop before we over write
346 * words we should not overwrite */
347 if (ln < c1)
348 {
349 do {
350 p++;
351 lo= *p;
352 ln=(lo+1)&BN_MASK2;
353 *p=ln;
354 } while (ln == 0);
355 }
356 }
357 }
358
359#if 1
360/* a and b must be the same size, which is n2.
361 * r needs to be n2 words and t needs to be n2*2
362 */
363void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
364 BN_ULONG *t)
365 {
366 int n=n2/2;
367
368#ifdef BN_COUNT
369printf(" bn_mul_low_recursive %d * %d\n",n2,n2);
370#endif
371
372 bn_mul_recursive(r,a,b,n,&(t[0]));
373 if (n > BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
374 {
375 bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
376 bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
377 bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));
378 bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
379 }
380 else
381 {
382 bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);
383 bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
384 bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
385 bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
386 }
387 }
388
389/* a and b must be the same size, which is n2.
390 * r needs to be n2 words and t needs to be n2*2
391 * l is the low words of the output.
392 * t needs to be n2*3
393 */
394void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
395 BN_ULONG *t)
396 {
397 int j,i,n,c1,c2;
398 int neg,oneg,zero;
399 BN_ULONG ll,lc,*lp,*mp;
400
401#ifdef BN_COUNT
402printf(" bn_mul_high %d * %d\n",n2,n2);
403#endif
404 n=(n2+1)/2;
405
406 /* Calculate (al-ah)*(bh-bl) */
407 neg=zero=0;
408 c1=bn_cmp_words(&(a[0]),&(a[n]),n);
409 c2=bn_cmp_words(&(b[n]),&(b[0]),n);
410 switch (c1*3+c2)
411 {
412 case -4:
413 bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
414 bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
415 break;
416 case -3:
417 zero=1;
418 break;
419 case -2:
420 bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
421 bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
422 neg=1;
423 break;
424 case -1:
425 case 0:
426 case 1:
427 zero=1;
428 break;
429 case 2:
430 bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
431 bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
432 neg=1;
433 break;
434 case 3:
435 zero=1;
436 break;
437 case 4:
438 bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
439 bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
440 break;
441 }
442
443 oneg=neg;
444 /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
445 bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2]));
446 /* r[10] = (a[1]*b[1]) */
447 bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2]));
448
449 /* s0 == low(al*bl)
450 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
451 * We know s0 and s1 so the only unknown is high(al*bl)
452 * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
453 * high(al*bl) == s1 - (r[0]+l[0]+t[0])
454 */
455 if (l != NULL)
456 {
457 lp= &(t[n2+n]);
458 c1=bn_add_words(lp,&(r[0]),&(l[0]),n);
459 }
460 else
461 {
462 c1=0;
463 lp= &(r[0]);
464 }
465
466 if (neg)
467 neg=bn_sub_words(&(t[n2]),lp,&(t[0]),n);
468 else
469 {
470 bn_add_words(&(t[n2]),lp,&(t[0]),n);
471 neg=0;
472 }
473
474 if (l != NULL)
475 {
476 bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);
477 }
478 else
479 {
480 lp= &(t[n2+n]);
481 mp= &(t[n2]);
482 for (i=0; i<n; i++)
483 lp[i]=((~mp[i])+1)&BN_MASK2;
484 }
485
486 /* s[0] = low(al*bl)
487 * t[3] = high(al*bl)
488 * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
489 * r[10] = (a[1]*b[1])
490 */
491 /* R[10] = al*bl
492 * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
493 * R[32] = ah*bh
494 */
495 /* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
496 * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
497 * R[3]=r[1]+(carry/borrow)
498 */
499 if (l != NULL)
500 {
501 lp= &(t[n2]);
502 c1= bn_add_words(lp,&(t[n2+n]),&(l[0]),n);
503 }
504 else
505 {
506 lp= &(t[n2+n]);
507 c1=0;
508 }
509 c1+=bn_add_words(&(t[n2]),lp, &(r[0]),n);
510 if (oneg)
511 c1-=bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n);
512 else
513 c1+=bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n);
514
515 c2 =bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n);
516 c2+=bn_add_words(&(r[0]),&(r[0]),&(r[n]),n);
517 if (oneg)
518 c2-=bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n);
519 else
520 c2+=bn_add_words(&(r[0]),&(r[0]),&(t[n]),n);
521
522 if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */
523 {
524 i=0;
525 if (c1 > 0)
526 {
527 lc=c1;
528 do {
529 ll=(r[i]+lc)&BN_MASK2;
530 r[i++]=ll;
531 lc=(lc > ll);
532 } while (lc);
533 }
534 else
535 {
536 lc= -c1;
537 do {
538 ll=r[i];
539 r[i++]=(ll-lc)&BN_MASK2;
540 lc=(lc > ll);
541 } while (lc);
542 }
543 }
544 if (c2 != 0) /* Add starting at r[1] */
545 {
546 i=n;
547 if (c2 > 0)
548 {
549 lc=c2;
550 do {
551 ll=(r[i]+lc)&BN_MASK2;
552 r[i++]=ll;
553 lc=(lc > ll);
554 } while (lc);
555 }
556 else
557 {
558 lc= -c2;
559 do {
560 ll=r[i];
561 r[i++]=(ll-lc)&BN_MASK2;
562 lc=(lc > ll);
563 } while (lc);
564 }
565 }
566 }
567#endif
diff --git a/src/lib/libcrypto/bn/old/bn_low.c b/src/lib/libcrypto/bn/old/bn_low.c
index cbc406751c..e69de29bb2 100644
--- a/src/lib/libcrypto/bn/old/bn_low.c
+++ b/src/lib/libcrypto/bn/old/bn_low.c
@@ -1,194 +0,0 @@
1/* crypto/bn/bn_mul.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include "bn_lcl.h"
62
63static int bn_mm_low(BIGNUM *m,BIGNUM *A,BIGNUM *B, int num,
64 BIGNUM *sk,BN_CTX *ctx);
65int BN_mul_low(BIGNUM *r, BIGNUM *a, BIGNUM *b,int words);
66
67/* r must be different to a and b */
68int BN_mul_low(BIGNUM *r, BIGNUM *a, BIGNUM *b, int num)
69 {
70 BN_ULONG *ap,*bp,*rp;
71 BIGNUM *sk;
72 int j,i,n,ret;
73 int max,al,bl;
74 BN_CTX ctx;
75
76 bn_check_top(a);
77 bn_check_top(b);
78
79#ifdef BN_MUL_DEBUG
80printf("BN_mul_low(%d,%d,%d)\n",a->top,b->top,num);
81#endif
82
83 al=a->top;
84 bl=b->top;
85 if ((al == 0) || (bl == 0))
86 {
87 r->top=0;
88 return(1);
89 }
90
91 if ((bn_limit_bits_low > 0) && (num > bn_limit_num_low))
92 {
93 n=BN_num_bits_word(num*2)-bn_limit_bits_low;
94 n*=2;
95 sk=(BIGNUM *)Malloc(sizeof(BIGNUM)*n);
96 memset(sk,0,sizeof(BIGNUM)*n);
97 memset(&ctx,0,sizeof(ctx));
98
99 ret=bn_mm_low(r,a,b,num,&(sk[0]),&ctx);
100 for (i=0; i<n; i+=2)
101 {
102 BN_clear_free(&sk[i]);
103 BN_clear_free(&sk[i+1]);
104 }
105 Free(sk);
106 return(ret);
107 }
108
109 max=(al+bl);
110 if (bn_wexpand(r,max) == NULL) return(0);
111 r->neg=a->neg^b->neg;
112 ap=a->d;
113 bp=b->d;
114 rp=r->d;
115 r->top=(max > num)?num:max;
116
117 rp[al]=bn_mul_words(rp,ap,al,*(bp++));
118 rp++;
119 j=bl;
120 for (i=1; i<j; i++)
121 {
122 if (al >= num--)
123 {
124 al--;
125 if (al <= 0) break;
126 }
127 rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
128 rp++;
129 }
130
131 while ((r->top > 0) && (r->d[r->top-1] == 0))
132 r->top--;
133 return(1);
134 }
135
136
137#define t1 (sk[0])
138#define t2 (sk[1])
139
140/* r must be different to a and b */
141int bn_mm_low(BIGNUM *m, BIGNUM *A, BIGNUM *B, int num, BIGNUM *sk,
142 BN_CTX *ctx)
143 {
144 int n; /* ,sqr=0; */
145 int an,bn;
146 BIGNUM ah,al,bh,bl;
147
148 bn_wexpand(m,num+3);
149 an=A->top;
150 bn=B->top;
151
152#ifdef BN_MUL_DEBUG
153printf("bn_mm_low(%d,%d,%d)\n",A->top,B->top,num);
154#endif
155
156 n=(num+1)/2;
157
158 BN_init(&ah); BN_init(&al); BN_init(&bh); BN_init(&bl);
159
160 bn_set_low( &al,A,n);
161 bn_set_high(&ah,A,n);
162 bn_set_low( &bl,B,n);
163 bn_set_high(&bh,B,n);
164
165 if (num <= (bn_limit_num_low+bn_limit_num_low))
166 {
167 BN_mul(m,&al,&bl);
168 BN_mul_low(&t1,&al,&bh,n);
169 BN_mul_low(&t2,&ah,&bl,n);
170 }
171 else
172 {
173 bn_mm(m ,&al,&bl,&(sk[2]),ctx);
174 bn_mm_low(&t1,&al,&bh,n,&(sk[2]),ctx);
175 bn_mm_low(&t2,&ah,&bl,n,&(sk[2]),ctx);
176 }
177
178 BN_add(&t1,&t1,&t2);
179
180 /* We will now do an evil hack instead of
181 * BN_lshift(&t1,&t1,n*BN_BITS2);
182 * BN_add(m,m,&t1);
183 * BN_mask_bits(m,num*BN_BITS2);
184 */
185 bn_set_high(&ah,m,n); ah.max=num+2;
186 BN_add(&ah,&ah,&t1);
187 m->top=num;
188
189 m->neg=A->neg^B->neg;
190 return(1);
191 }
192
193#undef t1 (sk[0])
194#undef t2 (sk[1])
diff --git a/src/lib/libcrypto/bn/old/bn_m.c b/src/lib/libcrypto/bn/old/bn_m.c
index 522beb02bc..e69de29bb2 100644
--- a/src/lib/libcrypto/bn/old/bn_m.c
+++ b/src/lib/libcrypto/bn/old/bn_m.c
@@ -1,139 +0,0 @@
1/* crypto/bn/bn_m.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60/*#include "cryptlib.h"*/
61#include "bn_lcl.h"
62
63#define limit_bits 5 /* 2^5, or 32 words */
64#define limit_num (1<<limit_bits)
65
66int BN_m(BIGNUM *r, BIGNUM *a, BIGNUM *b)
67 {
68 BIGNUM *sk;
69 int i,n;
70
71 n=(BN_num_bits_word(a->top|b->top)-limit_bits);
72 n*=2;
73 sk=(BIGNUM *)malloc(sizeof(BIGNUM)*n);
74 for (i=0; i<n; i++)
75 BN_init(&(sk[i]));
76
77 return(BN_mm(r,a,b,&(sk[0])));
78 }
79
80#define ahal (sk[0])
81#define blbh (sk[1])
82
83/* r must be different to a and b */
84int BN_mm(BIGNUM *m, BIGNUM *A, BIGNUM *B, BIGNUM *sk)
85 {
86 int i,num,anum,bnum;
87 int an,bn;
88 BIGNUM ah,al,bh,bl;
89
90 an=A->top;
91 bn=B->top;
92 if ((an <= limit_num) || (bn <= limit_num))
93 {
94 return(BN_mul(m,A,B));
95 }
96
97 anum=(an>bn)?an:bn;
98 num=(anum)/2;
99
100 /* Are going to now chop things into 'num' word chunks. */
101 bnum=num*BN_BITS2;
102
103 BN_init(&ahal);
104 BN_init(&blbh);
105 BN_init(&ah);
106 BN_init(&al);
107 BN_init(&bh);
108 BN_init(&bl);
109
110 al.top=num;
111 al.d=A->d;
112 ah.top=A->top-num;
113 ah.d= &(A->d[num]);
114
115 bl.top=num;
116 bl.d=B->d;
117 bh.top=B->top-num;
118 bh.d= &(B->d[num]);
119
120 BN_sub(&ahal,&ah,&al);
121 BN_sub(&blbh,&bl,&bh);
122
123 BN_mm(m,&ahal,&blbh,&(sk[2]));
124 BN_mm(&ahal,&al,&bl,&(sk[2]));
125 BN_mm(&blbh,&ah,&bh,&(sk[2]));
126
127 BN_add(m,m,&ahal);
128 BN_add(m,m,&blbh);
129
130 BN_lshift(m,m,bnum);
131 BN_add(m,m,&ahal);
132
133 BN_lshift(&blbh,&blbh,bnum*2);
134 BN_add(m,m,&blbh);
135
136 m->neg=A->neg^B->neg;
137 return(1);
138 }
139
diff --git a/src/lib/libcrypto/bn/old/bn_mul.c.works b/src/lib/libcrypto/bn/old/bn_mul.c.works
index 6d565d44a2..e69de29bb2 100644
--- a/src/lib/libcrypto/bn/old/bn_mul.c.works
+++ b/src/lib/libcrypto/bn/old/bn_mul.c.works
@@ -1,219 +0,0 @@
1/* crypto/bn/bn_mul.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include "bn_lcl.h"
62
63int bn_mm(BIGNUM *m,BIGNUM *A,BIGNUM *B, BIGNUM *sk,BN_CTX *ctx);
64
65/* r must be different to a and b */
66int BN_mul(r, a, b)
67BIGNUM *r;
68BIGNUM *a;
69BIGNUM *b;
70 {
71 BN_ULONG *ap,*bp,*rp;
72 BIGNUM *sk;
73 int i,n,ret;
74 int max,al,bl;
75 BN_CTX ctx;
76
77 bn_check_top(a);
78 bn_check_top(b);
79
80 al=a->top;
81 bl=b->top;
82 if ((al == 0) || (bl == 0))
83 {
84 r->top=0;
85 return(1);
86 }
87#ifdef BN_MUL_DEBUG
88printf("BN_mul(%d,%d)\n",a->top,b->top);
89#endif
90
91#ifdef BN_RECURSION
92 if ( (bn_limit_bits > 0) &&
93 (bl > bn_limit_num) && (al > bn_limit_num))
94 {
95 n=(BN_num_bits_word(al|bl)-bn_limit_bits);
96 n*=2;
97 sk=(BIGNUM *)Malloc(sizeof(BIGNUM)*n);
98 memset(sk,0,sizeof(BIGNUM)*n);
99 memset(&ctx,0,sizeof(ctx));
100
101 ret=bn_mm(r,a,b,&(sk[0]),&ctx);
102 for (i=0; i<n; i+=2)
103 {
104 BN_clear_free(&sk[i]);
105 BN_clear_free(&sk[i+1]);
106 }
107 Free(sk);
108 return(ret);
109 }
110#endif
111
112 max=(al+bl);
113 if (bn_wexpand(r,max) == NULL) return(0);
114 r->top=max;
115 r->neg=a->neg^b->neg;
116 ap=a->d;
117 bp=b->d;
118 rp=r->d;
119
120#ifdef BN_RECURSION
121 if ((al == bl) && (al == 8))
122 {
123 bn_mul_comba8(rp,ap,bp);
124 }
125 else
126#endif
127 {
128 rp[al]=bn_mul_words(rp,ap,al,*(bp++));
129 rp++;
130 for (i=1; i<bl; i++)
131 {
132 rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
133 rp++;
134 }
135 }
136 if ((max > 0) && (r->d[max-1] == 0)) r->top--;
137 return(1);
138 }
139
140#ifdef BN_RECURSION
141
142#define ahal (sk[0])
143#define blbh (sk[1])
144
145/* r must be different to a and b */
146int bn_mm(m, A, B, sk,ctx)
147BIGNUM *m,*A,*B;
148BIGNUM *sk;
149BN_CTX *ctx;
150 {
151 int n,num,sqr=0;
152 int an,bn;
153 BIGNUM ah,al,bh,bl;
154
155 an=A->top;
156 bn=B->top;
157#ifdef BN_MUL_DEBUG
158printf("bn_mm(%d,%d)\n",A->top,B->top);
159#endif
160
161 if (A == B) sqr=1;
162 num=(an>bn)?an:bn;
163 n=(num+1)/2;
164 /* Are going to now chop things into 'num' word chunks. */
165
166 BN_init(&ah);
167 BN_init(&al);
168 BN_init(&bh);
169 BN_init(&bl);
170
171 bn_set_low (&al,A,n);
172 bn_set_high(&ah,A,n);
173 bn_set_low (&bl,B,n);
174 bn_set_high(&bh,B,n);
175
176 BN_sub(&ahal,&ah,&al);
177 BN_sub(&blbh,&bl,&bh);
178
179 if (num <= (bn_limit_num+bn_limit_num))
180 {
181 BN_mul(m,&ahal,&blbh);
182 if (sqr)
183 {
184 BN_sqr(&ahal,&al,ctx);
185 BN_sqr(&blbh,&ah,ctx);
186 }
187 else
188 {
189 BN_mul(&ahal,&al,&bl);
190 BN_mul(&blbh,&ah,&bh);
191 }
192 }
193 else
194 {
195 bn_mm(m,&ahal,&blbh,&(sk[2]),ctx);
196 bn_mm(&ahal,&al,&bl,&(sk[2]),ctx);
197 bn_mm(&blbh,&ah,&bh,&(sk[2]),ctx);
198 }
199
200 BN_add(m,m,&ahal);
201 BN_add(m,m,&blbh);
202
203 BN_lshift(m,m,n*BN_BITS2);
204 BN_lshift(&blbh,&blbh,n*BN_BITS2*2);
205
206 BN_add(m,m,&ahal);
207 BN_add(m,m,&blbh);
208
209 m->neg=A->neg^B->neg;
210 return(1);
211 }
212#undef ahal (sk[0])
213#undef blbh (sk[1])
214
215#include "bn_low.c"
216#include "bn_high.c"
217#include "f.c"
218
219#endif
diff --git a/src/lib/libcrypto/bn/old/bn_wmul.c b/src/lib/libcrypto/bn/old/bn_wmul.c
index a467b2f17a..e69de29bb2 100644
--- a/src/lib/libcrypto/bn/old/bn_wmul.c
+++ b/src/lib/libcrypto/bn/old/bn_wmul.c
@@ -1,173 +0,0 @@
1#include <stdio.h>
2#include "bn_lcl.h"
3
4#if 1
5
6int bn_mull(BIGNUM *r,BIGNUM *a,BIGNUM *b, BN_CTX *ctx);
7
8int bn_mull(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
9 {
10 int top,i,j,k,al,bl;
11 BIGNUM *t;
12
13#ifdef BN_COUNT
14printf("bn_mull %d * %d\n",a->top,b->top);
15#endif
16
17 bn_check_top(a);
18 bn_check_top(b);
19 bn_check_top(r);
20
21 al=a->top;
22 bl=b->top;
23 r->neg=a->neg^b->neg;
24
25 top=al+bl;
26 if ((al < 4) || (bl < 4))
27 {
28 if (bn_wexpand(r,top) == NULL) return(0);
29 r->top=top;
30 bn_mul_normal(r->d,a->d,al,b->d,bl);
31 goto end;
32 }
33 else if (al == bl) /* A good start, they are the same size */
34 goto symetric;
35 else
36 {
37 i=(al-bl);
38 if ((i == 1) && !BN_get_flags(b,BN_FLG_STATIC_DATA))
39 {
40 bn_wexpand(b,al);
41 b->d[bl]=0;
42 bl++;
43 goto symetric;
44 }
45 else if ((i == -1) && !BN_get_flags(a,BN_FLG_STATIC_DATA))
46 {
47 bn_wexpand(a,bl);
48 a->d[al]=0;
49 al++;
50 goto symetric;
51 }
52 }
53
54 /* asymetric and >= 4 */
55 if (bn_wexpand(r,top) == NULL) return(0);
56 r->top=top;
57 bn_mul_normal(r->d,a->d,al,b->d,bl);
58
59 if (0)
60 {
61 /* symetric and > 4 */
62symetric:
63 if (al == 4)
64 {
65 if (bn_wexpand(r,al*2) == NULL) return(0);
66 r->top=top;
67 bn_mul_comba4(r->d,a->d,b->d);
68 goto end;
69 }
70 if (al == 8)
71 {
72 if (bn_wexpand(r,al*2) == NULL) return(0);
73 r->top=top;
74 bn_mul_comba8(r->d,a->d,b->d);
75 goto end;
76 }
77 if (al <= BN_MULL_NORMAL_SIZE)
78 {
79 if (bn_wexpand(r,al*2) == NULL) return(0);
80 r->top=top;
81 bn_mul_normal(r->d,a->d,al,b->d,bl);
82 goto end;
83 }
84 /* 16 or larger */
85 j=BN_num_bits_word((BN_ULONG)al);
86 j=1<<(j-1);
87 k=j+j;
88 t= &(ctx->bn[ctx->tos]);
89 if (al == j) /* exact multiple */
90 {
91 bn_wexpand(t,k*2);
92 bn_wexpand(r,k*2);
93 bn_mul_recursive(r->d,a->d,b->d,al,t->d);
94 }
95 else
96 {
97 bn_wexpand(a,k);
98 bn_wexpand(b,k);
99 bn_wexpand(t,k*4);
100 bn_wexpand(r,k*4);
101 for (i=a->top; i<k; i++)
102 a->d[i]=0;
103 for (i=b->top; i<k; i++)
104 b->d[i]=0;
105 bn_mul_part_recursive(r->d,a->d,b->d,al-j,j,t->d);
106 }
107 r->top=top;
108 }
109end:
110 bn_fix_top(r);
111 return(1);
112 }
113#endif
114
115void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
116 {
117 BN_ULONG *rr;
118
119#ifdef BN_COUNT
120printf(" bn_mul_normal %d * %d\n",na,nb);
121#endif
122
123 if (na < nb)
124 {
125 int itmp;
126 BN_ULONG *ltmp;
127
128 itmp=na; na=nb; nb=itmp;
129 ltmp=a; a=b; b=ltmp;
130
131 }
132 rr= &(r[na]);
133 rr[0]=bn_mul_words(r,a,na,b[0]);
134
135 for (;;)
136 {
137 if (--nb <= 0) return;
138 rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
139 if (--nb <= 0) return;
140 rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
141 if (--nb <= 0) return;
142 rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
143 if (--nb <= 0) return;
144 rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
145 rr+=4;
146 r+=4;
147 b+=4;
148 }
149 }
150
151#if 1
152void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
153 {
154#ifdef BN_COUNT
155printf(" bn_mul_low_normal %d * %d\n",n,n);
156#endif
157 bn_mul_words(r,a,n,b[0]);
158
159 for (;;)
160 {
161 if (--n <= 0) return;
162 bn_mul_add_words(&(r[1]),a,n,b[1]);
163 if (--n <= 0) return;
164 bn_mul_add_words(&(r[2]),a,n,b[2]);
165 if (--n <= 0) return;
166 bn_mul_add_words(&(r[3]),a,n,b[3]);
167 if (--n <= 0) return;
168 bn_mul_add_words(&(r[4]),a,n,b[4]);
169 r+=4;
170 b+=4;
171 }
172 }
173#endif
diff --git a/src/lib/libcrypto/bn/old/build b/src/lib/libcrypto/bn/old/build
index 8cd99e5f17..e69de29bb2 100644
--- a/src/lib/libcrypto/bn/old/build
+++ b/src/lib/libcrypto/bn/old/build
@@ -1,3 +0,0 @@
1#!/bin/sh -x
2
3gcc -g -I../../include test.c -L../.. -lcrypto
diff --git a/src/lib/libcrypto/bn/old/info b/src/lib/libcrypto/bn/old/info
index 5ac99c3b23..e69de29bb2 100644
--- a/src/lib/libcrypto/bn/old/info
+++ b/src/lib/libcrypto/bn/old/info
@@ -1,22 +0,0 @@
1Given A1A0 * B1B0 == S3S2S1S0
2
3S0= low(A0*B0)
4S1= low( (A1-A0)*(B0-B1)) +low( A1*B1) +high(A0*B0)
5S2= high((A1-A0)*(B0-B1)) +high(A1*B1) +low( A1*B1)
6S3= high(A1*B1);
7
8Assume we know S1 and S0, and can calulate A1*B1 and high((A1-A0)*(B0-B1))
9
10k0= S0 == low(A0*B0)
11k1= S1
12k2= low( A1*B1)
13k3= high(A1*B1)
14k4= high((A1-A0)*(B0-B1))
15
16k1= low((A1-A0)*(B0-B1)) +k2 +high(A0*B0)
17S2= k4 +k3 +k2
18S3= k3
19
20S1-k2= low((A1-A0)*(B0-B1)) +high(A0*B0)
21
22We potentially have a carry or a borrow from S1
diff --git a/src/lib/libcrypto/bn/old/test.works b/src/lib/libcrypto/bn/old/test.works
index 127c7b415d..e69de29bb2 100644
--- a/src/lib/libcrypto/bn/old/test.works
+++ b/src/lib/libcrypto/bn/old/test.works
@@ -1,205 +0,0 @@
1#include <stdio.h>
2#include "cryptlib.h"
3#include "bn_lcl.h"
4
5#define SIZE 128
6
7#define BN_MONT_CTX_set bn_mcs
8#define BN_from_montgomery bn_fm
9#define BN_mod_mul_montgomery bn_mmm
10#undef BN_to_montgomery
11#define BN_to_montgomery(r,a,mont,ctx) bn_mmm(\
12 r,a,(mont)->RR,(mont),ctx)
13
14main()
15 {
16 BIGNUM prime,a,b,r,A,B,R;
17 BN_MONT_CTX *mont;
18 BN_CTX *ctx;
19 int i;
20
21 ctx=BN_CTX_new();
22 BN_init(&prime);
23 BN_init(&a); BN_init(&b); BN_init(&r);
24 BN_init(&A); BN_init(&B); BN_init(&R);
25
26 BN_generate_prime(&prime,SIZE,0,NULL,NULL,NULL,NULL);
27 BN_rand(&A,SIZE,1,0);
28 BN_rand(&B,SIZE,1,0);
29 BN_mod(&A,&A,&prime,ctx);
30 BN_mod(&B,&B,&prime,ctx);
31
32 mont=BN_MONT_CTX_new();
33 BN_MONT_CTX_set(mont,&prime,ctx);
34
35 BN_to_montgomery(&a,&A,mont,ctx);
36 BN_to_montgomery(&b,&B,mont,ctx);
37
38 BN_mul(&r,&a,&b);
39 BN_print_fp(stdout,&r); printf("\n");
40 BN_from_montgomery(&r,&r,mont,ctx);
41 BN_print_fp(stdout,&r); printf("\n");
42 BN_from_montgomery(&r,&r,mont,ctx);
43 BN_print_fp(stdout,&r); printf("\n");
44
45 BN_mod_mul(&R,&A,&B,&prime,ctx);
46
47 BN_print_fp(stdout,&a); printf("\n");
48 BN_print_fp(stdout,&b); printf("\n");
49 BN_print_fp(stdout,&prime); printf("\n");
50 BN_print_fp(stdout,&r); printf("\n\n");
51
52 BN_print_fp(stdout,&A); printf("\n");
53 BN_print_fp(stdout,&B); printf("\n");
54 BN_print_fp(stdout,&prime); printf("\n");
55 BN_print_fp(stdout,&R); printf("\n\n");
56
57 BN_mul(&r,&a,&b);
58 BN_print_fp(stdout,&r); printf(" <- BA*DC\n");
59 BN_copy(&A,&r);
60 i=SIZE/2;
61 BN_mask_bits(&A,i*2);
62// BN_print_fp(stdout,&A); printf(" <- low(BA*DC)\n");
63 bn_do_lower(&r,&a,&b,&A,i);
64// BN_print_fp(stdout,&r); printf(" <- low(BA*DC)\n");
65 }
66
67int bn_mul_low(r,a,b,low,i)
68BIGNUM *r,*a,*b,*low;
69int i;
70 {
71 int w;
72 BIGNUM Kh,Km,t1,t2,h,ah,al,bh,bl,l,m,s0,s1;
73
74 BN_init(&Kh); BN_init(&Km); BN_init(&t1); BN_init(&t2); BN_init(&l);
75 BN_init(&ah); BN_init(&al); BN_init(&bh); BN_init(&bl); BN_init(&h);
76 BN_init(&m); BN_init(&s0); BN_init(&s1);
77
78 BN_copy(&al,a); BN_mask_bits(&al,i); BN_rshift(&ah,a,i);
79 BN_copy(&bl,b); BN_mask_bits(&bl,i); BN_rshift(&bh,b,i);
80
81
82 BN_sub(&t1,&al,&ah);
83 BN_sub(&t2,&bh,&bl);
84 BN_mul(&m,&t1,&t2);
85 BN_mul(&h,&ah,&bh);
86
87 BN_copy(&s0,low); BN_mask_bits(&s0,i);
88 BN_rshift(&s1,low,i);
89
90 BN_add(&t1,&h,&m);
91 BN_add(&t1,&t1,&s0);
92
93 BN_copy(&t2,&t1); BN_mask_bits(&t2,i);
94 BN_sub(&t1,&s1,&t2);
95 BN_lshift(&t1,&t1,i);
96 BN_add(&t1,&t1,&s0);
97 if (t1.neg)
98 {
99 BN_lshift(&t2,BN_value_one(),i*2);
100 BN_add(&t1,&t2,&t1);
101 BN_mask_bits(&t1,i*2);
102 }
103
104 BN_free(&Kh); BN_free(&Km); BN_free(&t1); BN_free(&t2);
105 BN_free(&ah); BN_free(&al); BN_free(&bh); BN_free(&bl);
106 }
107
108int BN_mod_mul_montgomery(r,a,b,mont,ctx)
109BIGNUM *r,*a,*b;
110BN_MONT_CTX *mont;
111BN_CTX *ctx;
112 {
113 BIGNUM *tmp;
114
115 tmp= &(ctx->bn[ctx->tos++]);
116
117 if (a == b)
118 {
119 if (!BN_sqr(tmp,a,ctx)) goto err;
120 }
121 else
122 {
123 if (!BN_mul(tmp,a,b)) goto err;
124 }
125 /* reduce from aRR to aR */
126 if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
127 ctx->tos--;
128 return(1);
129err:
130 return(0);
131 }
132
133int BN_from_montgomery(r,a,mont,ctx)
134BIGNUM *r;
135BIGNUM *a;
136BN_MONT_CTX *mont;
137BN_CTX *ctx;
138 {
139 BIGNUM z1;
140 BIGNUM *t1,*t2;
141 BN_ULONG *ap,*bp,*rp;
142 int j,i,bl,al;
143
144 BN_init(&z1);
145 t1= &(ctx->bn[ctx->tos]);
146 t2= &(ctx->bn[ctx->tos+1]);
147
148 if (!BN_copy(t1,a)) goto err;
149 /* can cheat */
150 BN_mask_bits(t1,mont->ri);
151 if (!BN_mul(t2,t1,mont->Ni)) goto err;
152 BN_mask_bits(t2,mont->ri);
153
154 if (!BN_mul(t1,t2,mont->N)) goto err;
155 if (!BN_add(t2,t1,a)) goto err;
156
157 /* At this point, t2 has the bottom ri bits set to zero.
158 * This means that the bottom ri bits == the 1^ri minus the bottom
159 * ri bits of a.
160 * This means that only the bits above 'ri' in a need to be added,
161 * and XXXXXXXXXXXXXXXXXXXXXXXX
162 */
163BN_print_fp(stdout,t2); printf("\n");
164 BN_rshift(r,t2,mont->ri);
165
166 if (BN_ucmp(r,mont->N) >= 0)
167 bn_qsub(r,r,mont->N);
168
169 return(1);
170err:
171 return(0);
172 }
173
174int BN_MONT_CTX_set(mont,mod,ctx)
175BN_MONT_CTX *mont;
176BIGNUM *mod;
177BN_CTX *ctx;
178 {
179 BIGNUM *Ri=NULL,*R=NULL;
180
181 if (mont->RR == NULL) mont->RR=BN_new();
182 if (mont->N == NULL) mont->N=BN_new();
183
184 R=mont->RR; /* grab RR as a temp */
185 BN_copy(mont->N,mod); /* Set N */
186
187 mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
188 BN_lshift(R,BN_value_one(),mont->ri); /* R */
189 if ((Ri=BN_mod_inverse(NULL,R,mod,ctx)) == NULL) goto err;/* Ri */
190 BN_lshift(Ri,Ri,mont->ri); /* R*Ri */
191 bn_qsub(Ri,Ri,BN_value_one()); /* R*Ri - 1 */
192 BN_div(Ri,NULL,Ri,mod,ctx);
193 if (mont->Ni != NULL) BN_free(mont->Ni);
194 mont->Ni=Ri; /* Ni=(R*Ri-1)/N */
195
196 /* setup RR for conversions */
197 BN_lshift(mont->RR,BN_value_one(),mont->ri*2);
198 BN_mod(mont->RR,mont->RR,mont->N,ctx);
199
200 return(1);
201err:
202 return(0);
203 }
204
205
diff --git a/src/lib/libcrypto/bn/test.c b/src/lib/libcrypto/bn/test.c
index a048b9f878..e69de29bb2 100644
--- a/src/lib/libcrypto/bn/test.c
+++ b/src/lib/libcrypto/bn/test.c
@@ -1,241 +0,0 @@
1#include <stdio.h>
2#include "cryptlib.h"
3#include "bn_lcl.h"
4
5#define SIZE 32
6
7#define BN_MONT_CTX_set bn_mcs
8#define BN_from_montgomery bn_fm
9#define BN_mod_mul_montgomery bn_mmm
10#undef BN_to_montgomery
11#define BN_to_montgomery(r,a,mont,ctx) bn_mmm(\
12 r,a,(mont)->RR,(mont),ctx)
13
14main()
15 {
16 BIGNUM prime,a,b,r,A,B,R;
17 BN_MONT_CTX *mont;
18 BN_CTX *ctx;
19 int i;
20
21 ctx=BN_CTX_new();
22 BN_init(&prime);
23 BN_init(&a); BN_init(&b); BN_init(&r);
24 BN_init(&A); BN_init(&B); BN_init(&R);
25
26 BN_generate_prime(&prime,SIZE,0,NULL,NULL,NULL,NULL);
27 BN_rand(&A,SIZE,1,0);
28 BN_rand(&B,SIZE,1,0);
29 BN_mod(&A,&A,&prime,ctx);
30 BN_mod(&B,&B,&prime,ctx);
31
32 i=A.top;
33 BN_mul(&R,&A,&B,ctx);
34 BN_mask_bits(&R,i*BN_BITS2);
35
36
37 BN_print_fp(stdout,&A); printf(" <- a\n");
38 BN_print_fp(stdout,&B); printf(" <- b\n");
39 BN_mul_high(&r,&A,&B,&R,i);
40 BN_print_fp(stdout,&r); printf(" <- high(BA*DC)\n");
41
42 BN_mask_bits(&A,i*32);
43 BN_mask_bits(&B,i*32);
44
45 BN_mul(&R,&A,&B);
46 BN_rshift(&R,&R,i*32);
47 BN_print_fp(stdout,&R); printf(" <- norm BA*DC\n");
48 BN_sub(&R,&R,&r);
49 BN_print_fp(stdout,&R); printf(" <- diff\n");
50 }
51
52#if 0
53int bn_mul_high(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *low, int words)
54 {
55 int i;
56 BIGNUM t1,t2,t3,h,ah,al,bh,bl,m,s0,s1;
57
58 BN_init(&al); BN_init(&ah);
59 BN_init(&bl); BN_init(&bh);
60 BN_init(&t1); BN_init(&t2); BN_init(&t3);
61 BN_init(&s0); BN_init(&s1);
62 BN_init(&h); BN_init(&m);
63
64 i=a->top;
65 if (i >= words)
66 {
67 al.top=words;
68 ah.top=a->top-words;
69 ah.d= &(a->d[ah.top]);
70 }
71 else
72 al.top=i;
73 al.d=a->d;
74
75 i=b->top;
76 if (i >= words)
77 {
78 bl.top=words;
79 bh.top=i-words;
80 bh.d= &(b->d[bh.top]);
81 }
82 else
83 bl.top=i;
84 bl.d=b->d;
85
86 i=low->top;
87 if (i >= words)
88 {
89 s0.top=words;
90 s1.top=i-words;
91 s1.d= &(low->d[s1.top]);
92 }
93 else
94 s0.top=i;
95 s0.d=low->d;
96
97al.max=al.top; ah.max=ah.top;
98bl.max=bl.top; bh.max=bh.top;
99s0.max=bl.top; s1.max=bh.top;
100
101 /* Calculate (al-ah)*(bh-bl) */
102 BN_sub(&t1,&al,&ah);
103 BN_sub(&t2,&bh,&bl);
104 BN_mul(&m,&t1,&t2);
105
106 /* Calculate ah*bh */
107 BN_mul(&h,&ah,&bh);
108
109 /* s0 == low(al*bl)
110 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
111 * We know s0 and s1 so the only unknown is high(al*bl)
112 * high(al*bl) == s1 - low(ah*bh+(al-ah)*(bh-bl)+s0)
113 */
114 BN_add(&m,&m,&h);
115 BN_add(&t2,&m,&s0);
116 /* Quick and dirty mask off of high words */
117 t3.d=t2.d;
118 t3.top=(t2.top > words)?words:t2.top;
119 t3.neg=t2.neg;
120t3.max=t3.top;
121/* BN_print_fp(stdout,&s1); printf(" s1\n"); */
122/* BN_print_fp(stdout,&t2); printf(" middle value\n"); */
123/* BN_print_fp(stdout,&t3); printf(" low middle value\n"); */
124 BN_sub(&t1,&s1,&t3);
125
126 if (t1.neg)
127 {
128/*printf("neg fixup\n"); BN_print_fp(stdout,&t1); printf(" before\n"); */
129 BN_lshift(&t2,BN_value_one(),words*32);
130 BN_add(&t1,&t2,&t1);
131 BN_mask_bits(&t1,words*32);
132/* BN_print_fp(stdout,&t1); printf(" after\n"); */
133 }
134 /* al*bl == high(al*bl)<<words+s0 */
135 BN_lshift(&t1,&t1,words*32);
136 BN_add(&t1,&t1,&s0);
137
138 /* We now have
139 * al*bl - t1
140 * (al-ah)*(bh-bl)+ah*bh - m
141 * ah*bh - h
142 */
143 BN_copy(r,&t1);
144 BN_mask_bits(r,words*32*2);
145
146 /*BN_lshift(&m,&m,words*/
147
148 BN_free(&t1); BN_free(&t2);
149 BN_free(&m); BN_free(&h);
150 }
151
152int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_MONT_CTX *mont,
153 BN_CTX *ctx)
154 {
155 BIGNUM *tmp;
156
157 tmp= &(ctx->bn[ctx->tos++]);
158
159 if (a == b)
160 {
161 if (!BN_sqr(tmp,a,ctx)) goto err;
162 }
163 else
164 {
165 if (!BN_mul(tmp,a,b)) goto err;
166 }
167 /* reduce from aRR to aR */
168 if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
169 ctx->tos--;
170 return(1);
171err:
172 return(0);
173 }
174
175int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx)
176 {
177 BIGNUM z1;
178 BIGNUM *t1,*t2;
179 BN_ULONG *ap,*bp,*rp;
180 int j,i,bl,al;
181
182 BN_init(&z1);
183 t1= &(ctx->bn[ctx->tos]);
184 t2= &(ctx->bn[ctx->tos+1]);
185
186 if (!BN_copy(t1,a)) goto err;
187 /* can cheat */
188 BN_mask_bits(t1,mont->ri);
189 if (!BN_mul(t2,t1,mont->Ni)) goto err;
190 BN_mask_bits(t2,mont->ri);
191
192 if (!BN_mul(t1,t2,mont->N)) goto err;
193 if (!BN_add(t2,t1,a)) goto err;
194
195 /* At this point, t2 has the bottom ri bits set to zero.
196 * This means that the bottom ri bits == the 1^ri minus the bottom
197 * ri bits of a.
198 * This means that only the bits above 'ri' in a need to be added,
199 * and XXXXXXXXXXXXXXXXXXXXXXXX
200 */
201BN_print_fp(stdout,t2); printf("\n");
202 BN_rshift(r,t2,mont->ri);
203
204 if (BN_ucmp(r,mont->N) >= 0)
205 BN_usub(r,r,mont->N);
206
207 return(1);
208err:
209 return(0);
210 }
211
212int BN_MONT_CTX_set(BN_MONT_CTX *mont, BIGNUM *mod, BN_CTX *ctx)
213 {
214 BIGNUM *Ri=NULL,*R=NULL;
215
216 if (mont->RR == NULL) mont->RR=BN_new();
217 if (mont->N == NULL) mont->N=BN_new();
218
219 R=mont->RR; /* grab RR as a temp */
220 BN_copy(mont->N,mod); /* Set N */
221
222 mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
223 BN_lshift(R,BN_value_one(),mont->ri); /* R */
224 if ((Ri=BN_mod_inverse(NULL,R,mod,ctx)) == NULL) goto err;/* Ri */
225 BN_lshift(Ri,Ri,mont->ri); /* R*Ri */
226 BN_usub(Ri,Ri,BN_value_one()); /* R*Ri - 1 */
227 BN_div(Ri,NULL,Ri,mod,ctx);
228 if (mont->Ni != NULL) BN_free(mont->Ni);
229 mont->Ni=Ri; /* Ni=(R*Ri-1)/N */
230
231 /* setup RR for conversions */
232 BN_lshift(mont->RR,BN_value_one(),mont->ri*2);
233 BN_mod(mont->RR,mont->RR,mont->N,ctx);
234
235 return(1);
236err:
237 return(0);
238 }
239
240
241#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 13:08:11 +0000