diff options
| -rw-r--r-- | src/lib/libcrypto/bn/bn_kron.c | 88 |
1 files changed, 44 insertions, 44 deletions
diff --git a/src/lib/libcrypto/bn/bn_kron.c b/src/lib/libcrypto/bn/bn_kron.c index c7bc53535e..774e9cef30 100644 --- a/src/lib/libcrypto/bn/bn_kron.c +++ b/src/lib/libcrypto/bn/bn_kron.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_kron.c,v 1.7 2022/06/20 19:32:35 tb Exp $ */ | 1 | /* $OpenBSD: bn_kron.c,v 1.8 2022/06/20 19:38:25 tb Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -66,36 +66,36 @@ | |||
| 66 | */ | 66 | */ |
| 67 | 67 | ||
| 68 | int | 68 | int |
| 69 | BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | 69 | BN_kronecker(const BIGNUM *A, const BIGNUM *B, BN_CTX *ctx) |
| 70 | { | 70 | { |
| 71 | /* tab[BN_lsw(n) & 7] = (-1)^((n^2 - 1)) / 8) for odd values of n. */ | 71 | /* tab[BN_lsw(n) & 7] = (-1)^((n^2 - 1)) / 8) for odd values of n. */ |
| 72 | static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1}; | 72 | static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1}; |
| 73 | BIGNUM *A, *B, *tmp; | 73 | BIGNUM *a, *b, *tmp; |
| 74 | int k, v; | 74 | int k, v; |
| 75 | int ret = -2; | 75 | int ret = -2; |
| 76 | 76 | ||
| 77 | bn_check_top(a); | 77 | bn_check_top(A); |
| 78 | bn_check_top(b); | 78 | bn_check_top(B); |
| 79 | 79 | ||
| 80 | BN_CTX_start(ctx); | 80 | BN_CTX_start(ctx); |
| 81 | 81 | ||
| 82 | if ((A = BN_CTX_get(ctx)) == NULL) | 82 | if ((a = BN_CTX_get(ctx)) == NULL) |
| 83 | goto end; | 83 | goto end; |
| 84 | if ((B = BN_CTX_get(ctx)) == NULL) | 84 | if ((b = BN_CTX_get(ctx)) == NULL) |
| 85 | goto end; | 85 | goto end; |
| 86 | 86 | ||
| 87 | if (BN_copy(A, a) == NULL) | 87 | if (BN_copy(a, A) == NULL) |
| 88 | goto end; | 88 | goto end; |
| 89 | if (BN_copy(B, b) == NULL) | 89 | if (BN_copy(b, B) == NULL) |
| 90 | goto end; | 90 | goto end; |
| 91 | 91 | ||
| 92 | /* | 92 | /* |
| 93 | * Cohen's step 1: | 93 | * Cohen's step 1: |
| 94 | */ | 94 | */ |
| 95 | 95 | ||
| 96 | /* If B is zero, output 1 if |A| is 1, otherwise output 0. */ | 96 | /* If b is zero, output 1 if |a| is 1, otherwise output 0. */ |
| 97 | if (BN_is_zero(B)) { | 97 | if (BN_is_zero(b)) { |
| 98 | ret = BN_abs_is_word(A, 1); | 98 | ret = BN_abs_is_word(a, 1); |
| 99 | goto end; | 99 | goto end; |
| 100 | } | 100 | } |
| 101 | 101 | ||
| @@ -104,36 +104,36 @@ BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | |||
| 104 | */ | 104 | */ |
| 105 | 105 | ||
| 106 | /* If both are even, they have a factor in common, so output 0. */ | 106 | /* If both are even, they have a factor in common, so output 0. */ |
| 107 | if (!BN_is_odd(A) && !BN_is_odd(B)) { | 107 | if (!BN_is_odd(a) && !BN_is_odd(b)) { |
| 108 | ret = 0; | 108 | ret = 0; |
| 109 | goto end; | 109 | goto end; |
| 110 | } | 110 | } |
| 111 | 111 | ||
| 112 | /* Factorize B = 2^v * u with odd u and replace B with u. */ | 112 | /* Factorize b = 2^v * u with odd u and replace b with u. */ |
| 113 | v = 0; | 113 | v = 0; |
| 114 | while (!BN_is_bit_set(B, v)) | 114 | while (!BN_is_bit_set(b, v)) |
| 115 | v++; | 115 | v++; |
| 116 | if (!BN_rshift(B, B, v)) | 116 | if (!BN_rshift(b, b, v)) |
| 117 | goto end; | 117 | goto end; |
| 118 | 118 | ||
| 119 | /* If v is even set k = 1, otherwise set it to (-1)^((A^2 - 1) / 8). */ | 119 | /* If v is even set k = 1, otherwise set it to (-1)^((a^2 - 1) / 8). */ |
| 120 | k = 1; | 120 | k = 1; |
| 121 | if (v % 2 != 0) | 121 | if (v % 2 != 0) |
| 122 | k = tab[BN_lsw(A) & 7]; | 122 | k = tab[BN_lsw(a) & 7]; |
| 123 | 123 | ||
| 124 | /* | 124 | /* |
| 125 | * If B is negative, replace it with -B and if A is also negative | 125 | * If b is negative, replace it with -b and if a is also negative |
| 126 | * replace k with -k. | 126 | * replace k with -k. |
| 127 | */ | 127 | */ |
| 128 | if (BN_is_negative(B)) { | 128 | if (BN_is_negative(b)) { |
| 129 | BN_set_negative(B, 0); | 129 | BN_set_negative(b, 0); |
| 130 | 130 | ||
| 131 | if (BN_is_negative(A)) | 131 | if (BN_is_negative(a)) |
| 132 | k = -k; | 132 | k = -k; |
| 133 | } | 133 | } |
| 134 | 134 | ||
| 135 | /* | 135 | /* |
| 136 | * Now B is positive and odd, so compute the Jacobi symbol (A/B) | 136 | * Now b is positive and odd, so compute the Jacobi symbol (a/b) |
| 137 | * and multiply it by k. | 137 | * and multiply it by k. |
| 138 | */ | 138 | */ |
| 139 | 139 | ||
| @@ -142,55 +142,55 @@ BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | |||
| 142 | * Cohen's step 3: | 142 | * Cohen's step 3: |
| 143 | */ | 143 | */ |
| 144 | 144 | ||
| 145 | /* B is positive and odd. */ | 145 | /* b is positive and odd. */ |
| 146 | 146 | ||
| 147 | /* If A is zero output k if B is one, otherwise output 0. */ | 147 | /* If a is zero output k if b is one, otherwise output 0. */ |
| 148 | if (BN_is_zero(A)) { | 148 | if (BN_is_zero(a)) { |
| 149 | ret = BN_is_one(B) ? k : 0; | 149 | ret = BN_is_one(b) ? k : 0; |
| 150 | goto end; | 150 | goto end; |
| 151 | } | 151 | } |
| 152 | 152 | ||
| 153 | /* Factorize A = 2^v * u with odd u and replace A with u. */ | 153 | /* Factorize a = 2^v * u with odd u and replace a with u. */ |
| 154 | v = 0; | 154 | v = 0; |
| 155 | while (!BN_is_bit_set(A, v)) | 155 | while (!BN_is_bit_set(a, v)) |
| 156 | v++; | 156 | v++; |
| 157 | if (!BN_rshift(A, A, v)) | 157 | if (!BN_rshift(a, a, v)) |
| 158 | goto end; | 158 | goto end; |
| 159 | 159 | ||
| 160 | /* If v is odd, multiply k with (-1)^((B^2 - 1) / 8). */ | 160 | /* If v is odd, multiply k with (-1)^((b^2 - 1) / 8). */ |
| 161 | if (v % 2 != 0) | 161 | if (v % 2 != 0) |
| 162 | k *= tab[BN_lsw(B) & 7]; | 162 | k *= tab[BN_lsw(b) & 7]; |
| 163 | 163 | ||
| 164 | /* | 164 | /* |
| 165 | * Cohen's step 4: | 165 | * Cohen's step 4: |
| 166 | */ | 166 | */ |
| 167 | 167 | ||
| 168 | /* | 168 | /* |
| 169 | * Apply the reciprocity law: multiply k by (-1)^((A-1)(B-1)/4). | 169 | * Apply the reciprocity law: multiply k by (-1)^((a-1)(b-1)/4). |
| 170 | * | 170 | * |
| 171 | * This expression is -1 if and only if A and B are 3 (mod 4). | 171 | * This expression is -1 if and only if a and b are 3 (mod 4). |
| 172 | * In turn, this is the case if and only if their two's | 172 | * In turn, this is the case if and only if their two's |
| 173 | * complement representations have the second bit set. | 173 | * complement representations have the second bit set. |
| 174 | * A could be negative in the first iteration, B is positive. | 174 | * a could be negative in the first iteration, b is positive. |
| 175 | */ | 175 | */ |
| 176 | if ((BN_is_negative(A) ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2) | 176 | if ((BN_is_negative(a) ? ~BN_lsw(a) : BN_lsw(a)) & BN_lsw(b) & 2) |
| 177 | k = -k; | 177 | k = -k; |
| 178 | 178 | ||
| 179 | /* | 179 | /* |
| 180 | * (A, B) := (B mod |A|, |A|) | 180 | * (a, b) := (b mod |a|, |a|) |
| 181 | * | 181 | * |
| 182 | * Once this is done, we know that 0 < A < B at the start of the | 182 | * Once this is done, we know that 0 < a < b at the start of the |
| 183 | * loop. Since B is strictly decreasing, the loop terminates. | 183 | * loop. Since b is strictly decreasing, the loop terminates. |
| 184 | */ | 184 | */ |
| 185 | 185 | ||
| 186 | if (!BN_nnmod(B, B, A, ctx)) | 186 | if (!BN_nnmod(b, b, a, ctx)) |
| 187 | goto end; | 187 | goto end; |
| 188 | 188 | ||
| 189 | tmp = A; | 189 | tmp = a; |
| 190 | A = B; | 190 | a = b; |
| 191 | B = tmp; | 191 | b = tmp; |
| 192 | 192 | ||
| 193 | BN_set_negative(B, 0); | 193 | BN_set_negative(b, 0); |
| 194 | } | 194 | } |
| 195 | 195 | ||
| 196 | end: | 196 | end: |