diff options
| author | tb <> | 2023-04-03 21:43:43 +0000 |
|---|---|---|
| committer | tb <> | 2023-04-03 21:43:43 +0000 |
| commit | 4a09fb09af6652f38afe21ea7ba4d260f701b5de (patch) | |
| tree | d6478a22652fd20d6b5e8107bfdd36e294f762f5 /src | |
| parent | 5a989991770c9827a2928cd8122331b39988e54b (diff) | |
| download | openbsd-4a09fb09af6652f38afe21ea7ba4d260f701b5de.tar.gz openbsd-4a09fb09af6652f38afe21ea7ba4d260f701b5de.tar.bz2 openbsd-4a09fb09af6652f38afe21ea7ba4d260f701b5de.zip | |
Compress euclid() a little
This function is spread out over way too many lines and has too much
repetition. Once this is made a little more compact, it becomes clearer
that this is a somewhat obfuscated version of binary gcd (it is not
constant time therefore cryptographically unsound. It is not used
internally). This will likely go away later.
ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/bn/bn_gcd.c | 77 |
1 files changed, 28 insertions, 49 deletions
diff --git a/src/lib/libcrypto/bn/bn_gcd.c b/src/lib/libcrypto/bn/bn_gcd.c index 905178913c..e741ef37dc 100644 --- a/src/lib/libcrypto/bn/bn_gcd.c +++ b/src/lib/libcrypto/bn/bn_gcd.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_gcd.c,v 1.25 2023/04/01 11:10:55 tb Exp $ */ | 1 | /* $OpenBSD: bn_gcd.c,v 1.26 2023/04/03 21:43:43 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -119,65 +119,44 @@ euclid(BIGNUM *a, BIGNUM *b) | |||
| 119 | BIGNUM *t; | 119 | BIGNUM *t; |
| 120 | int shifts = 0; | 120 | int shifts = 0; |
| 121 | 121 | ||
| 122 | 122 | /* Loop invariant: 0 <= b <= a. */ | |
| 123 | /* 0 <= b <= a */ | ||
| 124 | while (!BN_is_zero(b)) { | 123 | while (!BN_is_zero(b)) { |
| 125 | /* 0 < b <= a */ | 124 | if (BN_is_odd(a) && BN_is_odd(b)) { |
| 126 | 125 | if (!BN_sub(a, a, b)) | |
| 127 | if (BN_is_odd(a)) { | 126 | goto err; |
| 128 | if (BN_is_odd(b)) { | 127 | if (!BN_rshift1(a, a)) |
| 129 | if (!BN_sub(a, a, b)) | 128 | goto err; |
| 130 | goto err; | 129 | } else if (BN_is_odd(a) && !BN_is_odd(b)) { |
| 131 | if (!BN_rshift1(a, a)) | 130 | if (!BN_rshift1(b, b)) |
| 132 | goto err; | 131 | goto err; |
| 133 | if (BN_cmp(a, b) < 0) { | 132 | } else if (!BN_is_odd(a) && BN_is_odd(b)) { |
| 134 | t = a; | 133 | if (!BN_rshift1(a, a)) |
| 135 | a = b; | 134 | goto err; |
| 136 | b = t; | 135 | } else { |
| 137 | } | 136 | if (!BN_rshift1(a, a)) |
| 138 | } | 137 | goto err; |
| 139 | else /* a odd - b even */ | 138 | if (!BN_rshift1(b, b)) |
| 140 | { | 139 | goto err; |
| 141 | if (!BN_rshift1(b, b)) | 140 | shifts++; |
| 142 | goto err; | 141 | continue; |
| 143 | if (BN_cmp(a, b) < 0) { | ||
| 144 | t = a; | ||
| 145 | a = b; | ||
| 146 | b = t; | ||
| 147 | } | ||
| 148 | } | ||
| 149 | } | 142 | } |
| 150 | else /* a is even */ | 143 | |
| 151 | { | 144 | if (BN_cmp(a, b) < 0) { |
| 152 | if (BN_is_odd(b)) { | 145 | t = a; |
| 153 | if (!BN_rshift1(a, a)) | 146 | a = b; |
| 154 | goto err; | 147 | b = t; |
| 155 | if (BN_cmp(a, b) < 0) { | ||
| 156 | t = a; | ||
| 157 | a = b; | ||
| 158 | b = t; | ||
| 159 | } | ||
| 160 | } | ||
| 161 | else /* a even - b even */ | ||
| 162 | { | ||
| 163 | if (!BN_rshift1(a, a)) | ||
| 164 | goto err; | ||
| 165 | if (!BN_rshift1(b, b)) | ||
| 166 | goto err; | ||
| 167 | shifts++; | ||
| 168 | } | ||
| 169 | } | 148 | } |
| 170 | /* 0 <= b <= a */ | ||
| 171 | } | 149 | } |
| 172 | 150 | ||
| 173 | if (shifts) { | 151 | if (shifts) { |
| 174 | if (!BN_lshift(a, a, shifts)) | 152 | if (!BN_lshift(a, a, shifts)) |
| 175 | goto err; | 153 | goto err; |
| 176 | } | 154 | } |
| 177 | return (a); | 155 | |
| 156 | return a; | ||
| 178 | 157 | ||
| 179 | err: | 158 | err: |
| 180 | return (NULL); | 159 | return NULL; |
| 181 | } | 160 | } |
| 182 | 161 | ||
| 183 | int | 162 | int |