summaryrefslogtreecommitdiff
path: root/src/lib/libc
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/bn/bn.h197
-rw-r--r--src/lib/libcrypto/bn/bn_add.c288
-rw-r--r--src/lib/libcrypto/bn/bn_asm.c1368
-rw-r--r--src/lib/libcrypto/bn/bn_blind.c291
-rw-r--r--src/lib/libcrypto/bn/bn_const.c669
-rw-r--r--src/lib/libcrypto/bn/bn_ctx.c315
-rw-r--r--src/lib/libcrypto/bn/bn_depr.c60
-rw-r--r--src/lib/libcrypto/bn/bn_div.c263
-rw-r--r--src/lib/libcrypto/bn/bn_err.c147
-rw-r--r--src/lib/libcrypto/bn/bn_exp.c1146
-rw-r--r--src/lib/libcrypto/bn/bn_exp2.c252
-rw-r--r--src/lib/libcrypto/bn/bn_gcd.c570
-rw-r--r--src/lib/libcrypto/bn/bn_gf2m.c1150
-rw-r--r--src/lib/libcrypto/bn/bn_kron.c82
-rw-r--r--src/lib/libcrypto/bn/bn_lcl.h56
-rw-r--r--src/lib/libcrypto/bn/bn_lib.c942
-rw-r--r--src/lib/libcrypto/bn/bn_mod.c207
-rw-r--r--src/lib/libcrypto/bn/bn_mont.c478
-rw-r--r--src/lib/libcrypto/bn/bn_mpi.c122
-rw-r--r--src/lib/libcrypto/bn/bn_mul.c1306
-rw-r--r--src/lib/libcrypto/bn/bn_prime.c393
-rw-r--r--src/lib/libcrypto/bn/bn_prime.h529
-rw-r--r--src/lib/libcrypto/bn/bn_print.c436
-rw-r--r--src/lib/libcrypto/bn/bn_rand.c208
-rw-r--r--src/lib/libcrypto/bn/bn_recp.c223
-rw-r--r--src/lib/libcrypto/bn/bn_shift.c248
-rw-r--r--src/lib/libcrypto/bn/bn_sqr.c246
-rw-r--r--src/lib/libcrypto/bn/bn_sqrt.c276
-rw-r--r--src/lib/libcrypto/bn/bn_word.c215
-rw-r--r--src/lib/libcrypto/bn/bn_x931p.c68
30 files changed, 6618 insertions, 6133 deletions
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
index 74005ed254..2a73bbbecc 100644
--- a/src/lib/libcrypto/bn/bn.h
+++ b/src/lib/libcrypto/bn/bn.h
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
63 * are met: 63 * are met:
64 * 64 *
65 * 1. Redistributions of source code must retain the above copyright 65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer. 66 * notice, this list of conditions and the following disclaimer.
67 * 67 *
68 * 2. Redistributions in binary form must reproduce the above copyright 68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in 69 * notice, this list of conditions and the following disclaimer in
@@ -111,13 +111,13 @@
111/* ==================================================================== 111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * 113 *
114 * Portions of the attached software ("Contribution") are developed by 114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 * 116 *
117 * The Contribution is licensed pursuant to the Eric Young open source 117 * The Contribution is licensed pursuant to the Eric Young open source
118 * license provided above. 118 * license provided above.
119 * 119 *
120 * The binary polynomial arithmetic software is originally written by 120 * The binary polynomial arithmetic software is originally written by
121 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. 121 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
122 * 122 *
123 */ 123 */
@@ -251,19 +251,17 @@ typedef struct bn_recp_ctx_st BN_RECP_CTX;
251typedef struct bn_gencb_st BN_GENCB; 251typedef struct bn_gencb_st BN_GENCB;
252#endif 252#endif
253 253
254struct bignum_st 254struct bignum_st {
255 {
256 BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ 255 BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
257 int top; /* Index of last used d +1. */ 256 int top; /* Index of last used d +1. */
258 /* The next are internal book keeping for bn_expand. */ 257 /* The next are internal book keeping for bn_expand. */
259 int dmax; /* Size of the d array. */ 258 int dmax; /* Size of the d array. */
260 int neg; /* one if the number is negative */ 259 int neg; /* one if the number is negative */
261 int flags; 260 int flags;
262 }; 261};
263 262
264/* Used for montgomery multiplication */ 263/* Used for montgomery multiplication */
265struct bn_mont_ctx_st 264struct bn_mont_ctx_st {
266 {
267 int ri; /* number of bits in R */ 265 int ri; /* number of bits in R */
268 BIGNUM RR; /* used to convert to montgomery form */ 266 BIGNUM RR; /* used to convert to montgomery form */
269 BIGNUM N; /* The modulus */ 267 BIGNUM N; /* The modulus */
@@ -272,33 +270,30 @@ struct bn_mont_ctx_st
272 BN_ULONG n0[2];/* least significant word(s) of Ni; 270 BN_ULONG n0[2];/* least significant word(s) of Ni;
273 (type changed with 0.9.9, was "BN_ULONG n0;" before) */ 271 (type changed with 0.9.9, was "BN_ULONG n0;" before) */
274 int flags; 272 int flags;
275 }; 273};
276 274
277/* Used for reciprocal division/mod functions 275/* Used for reciprocal division/mod functions
278 * It cannot be shared between threads 276 * It cannot be shared between threads
279 */ 277 */
280struct bn_recp_ctx_st 278struct bn_recp_ctx_st {
281 {
282 BIGNUM N; /* the divisor */ 279 BIGNUM N; /* the divisor */
283 BIGNUM Nr; /* the reciprocal */ 280 BIGNUM Nr; /* the reciprocal */
284 int num_bits; 281 int num_bits;
285 int shift; 282 int shift;
286 int flags; 283 int flags;
287 }; 284};
288 285
289/* Used for slow "generation" functions. */ 286/* Used for slow "generation" functions. */
290struct bn_gencb_st 287struct bn_gencb_st {
291 {
292 unsigned int ver; /* To handle binary (in)compatibility */ 288 unsigned int ver; /* To handle binary (in)compatibility */
293 void *arg; /* callback-specific data */ 289 void *arg; /* callback-specific data */
294 union 290 union {
295 {
296 /* if(ver==1) - handles old style callbacks */ 291 /* if(ver==1) - handles old style callbacks */
297 void (*cb_1)(int, int, void *); 292 void (*cb_1)(int, int, void *);
298 /* if(ver==2) - new callback style */ 293 /* if(ver==2) - new callback style */
299 int (*cb_2)(int, int, BN_GENCB *); 294 int (*cb_2)(int, int, BN_GENCB *);
300 } cb; 295 } cb;
301 }; 296};
302/* Wrapper function to make using BN_GENCB easier, */ 297/* Wrapper function to make using BN_GENCB easier, */
303int BN_GENCB_call(BN_GENCB *cb, int a, int b); 298int BN_GENCB_call(BN_GENCB *cb, int a, int b);
304/* Macro to populate a BN_GENCB structure with an "old"-style callback */ 299/* Macro to populate a BN_GENCB structure with an "old"-style callback */
@@ -368,8 +363,8 @@ void BN_CTX_free(BN_CTX *c);
368void BN_CTX_start(BN_CTX *ctx); 363void BN_CTX_start(BN_CTX *ctx);
369BIGNUM *BN_CTX_get(BN_CTX *ctx); 364BIGNUM *BN_CTX_get(BN_CTX *ctx);
370void BN_CTX_end(BN_CTX *ctx); 365void BN_CTX_end(BN_CTX *ctx);
371int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); 366int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
372int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); 367int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
373int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); 368int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
374int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); 369int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
375int BN_num_bits(const BIGNUM *a); 370int BN_num_bits(const BIGNUM *a);
@@ -379,19 +374,19 @@ void BN_init(BIGNUM *);
379void BN_clear_free(BIGNUM *a); 374void BN_clear_free(BIGNUM *a);
380BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); 375BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
381void BN_swap(BIGNUM *a, BIGNUM *b); 376void BN_swap(BIGNUM *a, BIGNUM *b);
382BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret); 377BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
383int BN_bn2bin(const BIGNUM *a, unsigned char *to); 378int BN_bn2bin(const BIGNUM *a, unsigned char *to);
384BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret); 379BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
385int BN_bn2mpi(const BIGNUM *a, unsigned char *to); 380int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
386int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); 381int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
387int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); 382int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
388int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); 383int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
389int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); 384int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
390int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); 385int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
391int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx); 386int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
392/** BN_set_negative sets sign of a BIGNUM 387/** BN_set_negative sets sign of a BIGNUM
393 * \param b pointer to the BIGNUM object 388 * \param b pointer to the BIGNUM object
394 * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise 389 * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise
395 */ 390 */
396void BN_set_negative(BIGNUM *b, int n); 391void BN_set_negative(BIGNUM *b, int n);
397/** BN_is_negative returns 1 if the BIGNUM is negative 392/** BN_is_negative returns 1 if the BIGNUM is negative
@@ -401,7 +396,7 @@ void BN_set_negative(BIGNUM *b, int n);
401#define BN_is_negative(a) ((a)->neg != 0) 396#define BN_is_negative(a) ((a)->neg != 0)
402 397
403int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, 398int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
404 BN_CTX *ctx); 399 BN_CTX *ctx);
405#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) 400#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
406int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); 401int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
407int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); 402int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
@@ -409,7 +404,7 @@ int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *
409int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); 404int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
410int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); 405int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
411int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 406int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
412 const BIGNUM *m, BN_CTX *ctx); 407 const BIGNUM *m, BN_CTX *ctx);
413int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); 408int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
414int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); 409int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
415int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); 410int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
@@ -429,23 +424,23 @@ void BN_free(BIGNUM *a);
429int BN_is_bit_set(const BIGNUM *a, int n); 424int BN_is_bit_set(const BIGNUM *a, int n);
430int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); 425int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
431int BN_lshift1(BIGNUM *r, const BIGNUM *a); 426int BN_lshift1(BIGNUM *r, const BIGNUM *a);
432int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx); 427int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
433 428
434int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 429int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
435 const BIGNUM *m,BN_CTX *ctx); 430 const BIGNUM *m, BN_CTX *ctx);
436int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 431int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
437 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 432 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
438int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, 433int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
439 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); 434 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
440int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, 435int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
441 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 436 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
442int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, 437int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
443 const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m, 438 const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
444 BN_CTX *ctx,BN_MONT_CTX *m_ctx); 439 BN_CTX *ctx, BN_MONT_CTX *m_ctx);
445int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 440int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
446 const BIGNUM *m,BN_CTX *ctx); 441 const BIGNUM *m, BN_CTX *ctx);
447 442
448int BN_mask_bits(BIGNUM *a,int n); 443int BN_mask_bits(BIGNUM *a, int n);
449#ifndef OPENSSL_NO_FP_API 444#ifndef OPENSSL_NO_FP_API
450int BN_print_fp(FILE *fp, const BIGNUM *a); 445int BN_print_fp(FILE *fp, const BIGNUM *a);
451#endif 446#endif
@@ -467,59 +462,59 @@ char * BN_bn2dec(const BIGNUM *a);
467int BN_hex2bn(BIGNUM **a, const char *str); 462int BN_hex2bn(BIGNUM **a, const char *str);
468int BN_dec2bn(BIGNUM **a, const char *str); 463int BN_dec2bn(BIGNUM **a, const char *str);
469int BN_asc2bn(BIGNUM **a, const char *str); 464int BN_asc2bn(BIGNUM **a, const char *str);
470int BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); 465int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
471int BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */ 466int BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */
472BIGNUM *BN_mod_inverse(BIGNUM *ret, 467BIGNUM *BN_mod_inverse(BIGNUM *ret,
473 const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); 468 const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
474BIGNUM *BN_mod_sqrt(BIGNUM *ret, 469BIGNUM *BN_mod_sqrt(BIGNUM *ret,
475 const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); 470 const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
476 471
477void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); 472void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
478 473
479/* Deprecated versions */ 474/* Deprecated versions */
480#ifndef OPENSSL_NO_DEPRECATED 475#ifndef OPENSSL_NO_DEPRECATED
481BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, 476BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
482 const BIGNUM *add, const BIGNUM *rem, 477 const BIGNUM *add, const BIGNUM *rem,
483 void (*callback)(int,int,void *),void *cb_arg); 478 void (*callback)(int, int, void *), void *cb_arg);
484int BN_is_prime(const BIGNUM *p,int nchecks, 479int BN_is_prime(const BIGNUM *p, int nchecks,
485 void (*callback)(int,int,void *), 480 void (*callback)(int, int, void *),
486 BN_CTX *ctx,void *cb_arg); 481 BN_CTX *ctx, void *cb_arg);
487int BN_is_prime_fasttest(const BIGNUM *p,int nchecks, 482int BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
488 void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, 483 void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg,
489 int do_trial_division); 484 int do_trial_division);
490#endif /* !defined(OPENSSL_NO_DEPRECATED) */ 485#endif /* !defined(OPENSSL_NO_DEPRECATED) */
491 486
492/* Newer versions */ 487/* Newer versions */
493int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add, 488int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
494 const BIGNUM *rem, BN_GENCB *cb); 489 const BIGNUM *rem, BN_GENCB *cb);
495int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb); 490int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
496int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, 491int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
497 int do_trial_division, BN_GENCB *cb); 492 int do_trial_division, BN_GENCB *cb);
498 493
499int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); 494int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
500 495
501int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, 496int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
502 const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2, 497 const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
503 const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb); 498 const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
504int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, 499int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
505 BIGNUM *Xp1, BIGNUM *Xp2, 500 BIGNUM *Xp1, BIGNUM *Xp2,
506 const BIGNUM *Xp, 501 const BIGNUM *Xp,
507 const BIGNUM *e, BN_CTX *ctx, 502 const BIGNUM *e, BN_CTX *ctx,
508 BN_GENCB *cb); 503 BN_GENCB *cb);
509 504
510BN_MONT_CTX *BN_MONT_CTX_new(void ); 505BN_MONT_CTX *BN_MONT_CTX_new(void );
511void BN_MONT_CTX_init(BN_MONT_CTX *ctx); 506void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
512int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, 507int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
513 BN_MONT_CTX *mont, BN_CTX *ctx); 508 BN_MONT_CTX *mont, BN_CTX *ctx);
514#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ 509#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\
515 (r),(a),&((mont)->RR),(mont),(ctx)) 510 (r),(a),&((mont)->RR),(mont),(ctx))
516int BN_from_montgomery(BIGNUM *r,const BIGNUM *a, 511int BN_from_montgomery(BIGNUM *r, const BIGNUM *a,
517 BN_MONT_CTX *mont, BN_CTX *ctx); 512 BN_MONT_CTX *mont, BN_CTX *ctx);
518void BN_MONT_CTX_free(BN_MONT_CTX *mont); 513void BN_MONT_CTX_free(BN_MONT_CTX *mont);
519int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx); 514int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx);
520BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); 515BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
521BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, 516BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
522 const BIGNUM *mod, BN_CTX *ctx); 517 const BIGNUM *mod, BN_CTX *ctx);
523 518
524/* BN_BLINDING flags */ 519/* BN_BLINDING flags */
525#define BN_BLINDING_NO_UPDATE 0x00000001 520#define BN_BLINDING_NO_UPDATE 0x00000001
@@ -527,7 +522,7 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
527 522
528BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); 523BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
529void BN_BLINDING_free(BN_BLINDING *b); 524void BN_BLINDING_free(BN_BLINDING *b);
530int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx); 525int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
531int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); 526int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
532int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); 527int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
533int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); 528int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
@@ -540,30 +535,30 @@ CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
540unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); 535unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
541void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); 536void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
542BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, 537BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
543 const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, 538 const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
544 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 539 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
545 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), 540 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
546 BN_MONT_CTX *m_ctx); 541 BN_MONT_CTX *m_ctx);
547 542
548#ifndef OPENSSL_NO_DEPRECATED 543#ifndef OPENSSL_NO_DEPRECATED
549void BN_set_params(int mul,int high,int low,int mont); 544void BN_set_params(int mul, int high, int low, int mont);
550int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ 545int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
551#endif 546#endif
552 547
553void BN_RECP_CTX_init(BN_RECP_CTX *recp); 548void BN_RECP_CTX_init(BN_RECP_CTX *recp);
554BN_RECP_CTX *BN_RECP_CTX_new(void); 549BN_RECP_CTX *BN_RECP_CTX_new(void);
555void BN_RECP_CTX_free(BN_RECP_CTX *recp); 550void BN_RECP_CTX_free(BN_RECP_CTX *recp);
556int BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx); 551int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx);
557int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, 552int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
558 BN_RECP_CTX *recp,BN_CTX *ctx); 553 BN_RECP_CTX *recp, BN_CTX *ctx);
559int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 554int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
560 const BIGNUM *m, BN_CTX *ctx); 555 const BIGNUM *m, BN_CTX *ctx);
561int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, 556int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
562 BN_RECP_CTX *recp, BN_CTX *ctx); 557 BN_RECP_CTX *recp, BN_CTX *ctx);
563 558
564#ifndef OPENSSL_NO_EC2M 559#ifndef OPENSSL_NO_EC2M
565 560
566/* Functions for arithmetic over binary polynomials represented by BIGNUMs. 561/* Functions for arithmetic over binary polynomials represented by BIGNUMs.
567 * 562 *
568 * The BIGNUM::neg property of BIGNUMs representing binary polynomials is 563 * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
569 * ignored. 564 * ignored.
@@ -575,17 +570,23 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
575int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/ 570int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/
576#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) 571#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
577int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/ 572int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/
578int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 573int
574BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
579 const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */ 575 const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */
580int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 576int
577BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
581 BN_CTX *ctx); /* r = (a * a) mod p */ 578 BN_CTX *ctx); /* r = (a * a) mod p */
582int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, 579int
580BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p,
583 BN_CTX *ctx); /* r = (1 / b) mod p */ 581 BN_CTX *ctx); /* r = (1 / b) mod p */
584int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 582int
583BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
585 const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */ 584 const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */
586int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 585int
586BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
587 const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */ 587 const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */
588int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 588int
589BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
589 BN_CTX *ctx); /* r = sqrt(a) mod p */ 590 BN_CTX *ctx); /* r = sqrt(a) mod p */
590int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 591int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
591 BN_CTX *ctx); /* r^2 + r = a mod p */ 592 BN_CTX *ctx); /* r^2 + r = a mod p */
@@ -596,12 +597,12 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
596 * where m = p[0] > p[1] > ... > p[k] = 0. 597 * where m = p[0] > p[1] > ... > p[k] = 0.
597 */ 598 */
598int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); 599int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
599 /* r = a mod p */ 600/* r = a mod p */
600int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 601int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
601 const int p[], BN_CTX *ctx); /* r = (a * b) mod p */ 602 const int p[], BN_CTX *ctx); /* r = (a * b) mod p */
602int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], 603int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
603 BN_CTX *ctx); /* r = (a * a) mod p */ 604 BN_CTX *ctx); /* r = (a * a) mod p */
604int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], 605int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
605 BN_CTX *ctx); /* r = (1 / b) mod p */ 606 BN_CTX *ctx); /* r = (1 / b) mod p */
606int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 607int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
607 const int p[], BN_CTX *ctx); /* r = (a / b) mod p */ 608 const int p[], BN_CTX *ctx); /* r = (a / b) mod p */
@@ -616,7 +617,7 @@ int BN_GF2m_arr2poly(const int p[], BIGNUM *a);
616 617
617#endif 618#endif
618 619
619/* faster mod functions for the 'NIST primes' 620/* faster mod functions for the 'NIST primes'
620 * 0 <= a < p^2 */ 621 * 0 <= a < p^2 */
621int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); 622int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
622int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); 623int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
@@ -676,7 +677,7 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
676#ifdef BN_DEBUG_RAND 677#ifdef BN_DEBUG_RAND
677/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ 678/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
678#ifndef RAND_pseudo_bytes 679#ifndef RAND_pseudo_bytes
679int RAND_pseudo_bytes(unsigned char *buf,int num); 680int RAND_pseudo_bytes(unsigned char *buf, int num);
680#define BN_DEBUG_TRIX 681#define BN_DEBUG_TRIX
681#endif 682#endif
682#define bn_pollute(a) \ 683#define bn_pollute(a) \
@@ -742,12 +743,12 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
742 bn_pollute(a); \ 743 bn_pollute(a); \
743 } 744 }
744 745
745BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); 746 BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
746BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); 747BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
747void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); 748void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
748BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); 749BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
749BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); 750BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, int num);
750BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); 751BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, int num);
751 752
752/* Primes from RFC 2409 */ 753/* Primes from RFC 2409 */
753BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); 754BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
@@ -761,7 +762,7 @@ BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn);
761BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn); 762BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);
762BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn); 763BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);
763 764
764int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom); 765int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
765 766
766/* BEGIN ERROR CODES */ 767/* BEGIN ERROR CODES */
767/* The following lines are auto generated by the script mkerr.pl. Any changes 768/* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/src/lib/libcrypto/bn/bn_add.c b/src/lib/libcrypto/bn/bn_add.c
index b36615910c..47f7b0df5a 100644
--- a/src/lib/libcrypto/bn/bn_add.c
+++ b/src/lib/libcrypto/bn/bn_add.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -61,8 +61,9 @@
61#include "bn_lcl.h" 61#include "bn_lcl.h"
62 62
63/* r can == a or b */ 63/* r can == a or b */
64int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) 64int
65 { 65BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
66{
66 const BIGNUM *tmp; 67 const BIGNUM *tmp;
67 int a_neg = a->neg, ret; 68 int a_neg = a->neg, ret;
68 69
@@ -74,85 +75,85 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
74 * -a + b b-a 75 * -a + b b-a
75 * -a + -b -(a+b) 76 * -a + -b -(a+b)
76 */ 77 */
77 if (a_neg ^ b->neg) 78 if (a_neg ^ b->neg) {
78 {
79 /* only one is negative */ 79 /* only one is negative */
80 if (a_neg) 80 if (a_neg)
81 { tmp=a; a=b; b=tmp; } 81 { tmp = a;
82 a = b;
83 b = tmp;
84 }
82 85
83 /* we are now a - b */ 86 /* we are now a - b */
84 87
85 if (BN_ucmp(a,b) < 0) 88 if (BN_ucmp(a, b) < 0) {
86 { 89 if (!BN_usub(r, b, a))
87 if (!BN_usub(r,b,a)) return(0); 90 return (0);
88 r->neg=1; 91 r->neg = 1;
89 } 92 } else {
90 else 93 if (!BN_usub(r, a, b))
91 { 94 return (0);
92 if (!BN_usub(r,a,b)) return(0); 95 r->neg = 0;
93 r->neg=0;
94 }
95 return(1);
96 } 96 }
97 return (1);
98 }
97 99
98 ret = BN_uadd(r,a,b); 100 ret = BN_uadd(r, a, b);
99 r->neg = a_neg; 101 r->neg = a_neg;
100 bn_check_top(r); 102 bn_check_top(r);
101 return ret; 103 return ret;
102 } 104}
103 105
104/* unsigned add of b to a */ 106/* unsigned add of b to a */
105int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) 107int
106 { 108BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
107 int max,min,dif; 109{
108 BN_ULONG *ap,*bp,*rp,carry,t1,t2; 110 int max, min, dif;
111 BN_ULONG *ap, *bp, *rp, carry, t1, t2;
109 const BIGNUM *tmp; 112 const BIGNUM *tmp;
110 113
111 bn_check_top(a); 114 bn_check_top(a);
112 bn_check_top(b); 115 bn_check_top(b);
113 116
114 if (a->top < b->top) 117 if (a->top < b->top) {
115 { tmp=a; a=b; b=tmp; } 118 tmp = a;
119 a = b;
120 b = tmp;
121 }
116 max = a->top; 122 max = a->top;
117 min = b->top; 123 min = b->top;
118 dif = max - min; 124 dif = max - min;
119 125
120 if (bn_wexpand(r,max+1) == NULL) 126 if (bn_wexpand(r, max + 1) == NULL)
121 return 0; 127 return 0;
122 128
123 r->top=max; 129 r->top = max;
124
125 130
126 ap=a->d; 131 ap = a->d;
127 bp=b->d; 132 bp = b->d;
128 rp=r->d; 133 rp = r->d;
129 134
130 carry=bn_add_words(rp,ap,bp,min); 135 carry = bn_add_words(rp, ap, bp, min);
131 rp+=min; 136 rp += min;
132 ap+=min; 137 ap += min;
133 bp+=min; 138 bp += min;
134 139
135 if (carry) 140 if (carry) {
136 { 141 while (dif) {
137 while (dif)
138 {
139 dif--; 142 dif--;
140 t1 = *(ap++); 143 t1 = *(ap++);
141 t2 = (t1+1) & BN_MASK2; 144 t2 = (t1 + 1) & BN_MASK2;
142 *(rp++) = t2; 145 *(rp++) = t2;
143 if (t2) 146 if (t2) {
144 { 147 carry = 0;
145 carry=0;
146 break; 148 break;
147 }
148 } 149 }
149 if (carry) 150 }
150 { 151 if (carry) {
151 /* carry != 0 => dif == 0 */ 152 /* carry != 0 => dif == 0 */
152 *rp = 1; 153 *rp = 1;
153 r->top++; 154 r->top++;
154 }
155 } 155 }
156 }
156 if (dif && rp != ap) 157 if (dif && rp != ap)
157 while (dif--) 158 while (dif--)
158 /* copy remaining words if ap != rp */ 159 /* copy remaining words if ap != rp */
@@ -160,14 +161,15 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
160 r->neg = 0; 161 r->neg = 0;
161 bn_check_top(r); 162 bn_check_top(r);
162 return 1; 163 return 1;
163 } 164}
164 165
165/* unsigned subtraction of b from a, a must be larger than b. */ 166/* unsigned subtraction of b from a, a must be larger than b. */
166int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) 167int
167 { 168BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
168 int max,min,dif; 169{
169 register BN_ULONG t1,t2,*ap,*bp,*rp; 170 int max, min, dif;
170 int i,carry; 171 register BN_ULONG t1, t2, *ap, *bp, *rp;
172 int i, carry;
171 173
172 bn_check_top(a); 174 bn_check_top(a);
173 bn_check_top(b); 175 bn_check_top(b);
@@ -177,87 +179,86 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
177 dif = max - min; 179 dif = max - min;
178 180
179 if (dif < 0) /* hmm... should not be happening */ 181 if (dif < 0) /* hmm... should not be happening */
180 { 182 {
181 BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3); 183 BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3);
182 return(0); 184 return (0);
183 } 185 }
184 186
185 if (bn_wexpand(r,max) == NULL) return(0); 187 if (bn_wexpand(r, max) == NULL)
188 return (0);
186 189
187 ap=a->d; 190 ap = a->d;
188 bp=b->d; 191 bp = b->d;
189 rp=r->d; 192 rp = r->d;
190 193
191#if 1 194#if 1
192 carry=0; 195 carry = 0;
193 for (i = min; i != 0; i--) 196 for (i = min; i != 0; i--) {
194 {
195 t1= *(ap++); 197 t1= *(ap++);
196 t2= *(bp++); 198 t2= *(bp++);
197 if (carry) 199 if (carry) {
198 { 200 carry = (t1 <= t2);
199 carry=(t1 <= t2); 201 t1 = (t1 - t2 - 1)&BN_MASK2;
200 t1=(t1-t2-1)&BN_MASK2; 202 } else {
201 } 203 carry = (t1 < t2);
202 else 204 t1 = (t1 - t2)&BN_MASK2;
203 {
204 carry=(t1 < t2);
205 t1=(t1-t2)&BN_MASK2;
206 }
207 *(rp++)=t1&BN_MASK2;
208 } 205 }
206 *(rp++) = t1&BN_MASK2;
207 }
209#else 208#else
210 carry=bn_sub_words(rp,ap,bp,min); 209 carry = bn_sub_words(rp, ap, bp, min);
211 ap+=min; 210 ap += min;
212 bp+=min; 211 bp += min;
213 rp+=min; 212 rp += min;
214#endif 213#endif
215 if (carry) /* subtracted */ 214 if (carry) /* subtracted */
216 { 215 {
217 if (!dif) 216 if (!dif)
218 /* error: a < b */ 217 /* error: a < b */
219 return 0; 218 return 0;
220 while (dif) 219 while (dif) {
221 {
222 dif--; 220 dif--;
223 t1 = *(ap++); 221 t1 = *(ap++);
224 t2 = (t1-1)&BN_MASK2; 222 t2 = (t1 - 1)&BN_MASK2;
225 *(rp++) = t2; 223 *(rp++) = t2;
226 if (t1) 224 if (t1)
227 break; 225 break;
228 }
229 } 226 }
227 }
230#if 0 228#if 0
231 memcpy(rp,ap,sizeof(*rp)*(max-i)); 229 memcpy(rp, ap, sizeof(*rp)*(max - i));
232#else 230#else
233 if (rp != ap) 231 if (rp != ap) {
234 { 232 for (;;) {
235 for (;;) 233 if (!dif--)
236 { 234 break;
237 if (!dif--) break; 235 rp[0] = ap[0];
238 rp[0]=ap[0]; 236 if (!dif--)
239 if (!dif--) break; 237 break;
240 rp[1]=ap[1]; 238 rp[1] = ap[1];
241 if (!dif--) break; 239 if (!dif--)
242 rp[2]=ap[2]; 240 break;
243 if (!dif--) break; 241 rp[2] = ap[2];
244 rp[3]=ap[3]; 242 if (!dif--)
245 rp+=4; 243 break;
246 ap+=4; 244 rp[3] = ap[3];
247 } 245 rp += 4;
246 ap += 4;
248 } 247 }
248 }
249#endif 249#endif
250 250
251 r->top=max; 251 r->top = max;
252 r->neg=0; 252 r->neg = 0;
253 bn_correct_top(r); 253 bn_correct_top(r);
254 return(1); 254 return (1);
255 } 255}
256 256
257int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) 257int
258 { 258BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
259{
259 int max; 260 int max;
260 int add=0,neg=0; 261 int add = 0, neg = 0;
261 const BIGNUM *tmp; 262 const BIGNUM *tmp;
262 263
263 bn_check_top(a); 264 bn_check_top(a);
@@ -268,40 +269,43 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
268 * -a - b -(a+b) 269 * -a - b -(a+b)
269 * -a - -b b-a 270 * -a - -b b-a
270 */ 271 */
271 if (a->neg) 272 if (a->neg) {
272 { 273 if (b->neg) {
273 if (b->neg) 274 tmp = a;
274 { tmp=a; a=b; b=tmp; } 275 a = b;
275 else 276 b = tmp;
276 { add=1; neg=1; } 277 } else {
278 add = 1;
279 neg = 1;
277 } 280 }
278 else 281 } else {
279 { 282 if (b->neg) {
280 if (b->neg) { add=1; neg=0; } 283 add = 1;
284 neg = 0;
281 } 285 }
286 }
282 287
283 if (add) 288 if (add) {
284 { 289 if (!BN_uadd(r, a, b))
285 if (!BN_uadd(r,a,b)) return(0); 290 return (0);
286 r->neg=neg; 291 r->neg = neg;
287 return(1); 292 return (1);
288 } 293 }
289 294
290 /* We are actually doing a - b :-) */ 295 /* We are actually doing a - b :-) */
291 296
292 max=(a->top > b->top)?a->top:b->top; 297 max = (a->top > b->top) ? a->top : b->top;
293 if (bn_wexpand(r,max) == NULL) return(0); 298 if (bn_wexpand(r, max) == NULL)
294 if (BN_ucmp(a,b) < 0) 299 return (0);
295 { 300 if (BN_ucmp(a, b) < 0) {
296 if (!BN_usub(r,b,a)) return(0); 301 if (!BN_usub(r, b, a))
297 r->neg=1; 302 return (0);
298 } 303 r->neg = 1;
299 else 304 } else {
300 { 305 if (!BN_usub(r, a, b))
301 if (!BN_usub(r,a,b)) return(0); 306 return (0);
302 r->neg=0; 307 r->neg = 0;
303 }
304 bn_check_top(r);
305 return(1);
306 } 308 }
307 309 bn_check_top(r);
310 return (1);
311}
diff --git a/src/lib/libcrypto/bn/bn_asm.c b/src/lib/libcrypto/bn/bn_asm.c
index f1a0944089..0eebb9824f 100644
--- a/src/lib/libcrypto/bn/bn_asm.c
+++ b/src/lib/libcrypto/bn/bn_asm.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -68,363 +68,417 @@
68 68
69#if defined(BN_LLONG) || defined(BN_UMULT_HIGH) 69#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
70 70
71BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) 71BN_ULONG
72 { 72bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
73 BN_ULONG c1=0; 73{
74 BN_ULONG c1 = 0;
74 75
75 assert(num >= 0); 76 assert(num >= 0);
76 if (num <= 0) return(c1); 77 if (num <= 0)
78 return (c1);
77 79
78#ifndef OPENSSL_SMALL_FOOTPRINT 80#ifndef OPENSSL_SMALL_FOOTPRINT
79 while (num&~3) 81 while (num & ~3) {
80 { 82 mul_add(rp[0], ap[0], w, c1);
81 mul_add(rp[0],ap[0],w,c1); 83 mul_add(rp[1], ap[1], w, c1);
82 mul_add(rp[1],ap[1],w,c1); 84 mul_add(rp[2], ap[2], w, c1);
83 mul_add(rp[2],ap[2],w,c1); 85 mul_add(rp[3], ap[3], w, c1);
84 mul_add(rp[3],ap[3],w,c1); 86 ap += 4;
85 ap+=4; rp+=4; num-=4; 87 rp += 4;
86 } 88 num -= 4;
89 }
87#endif 90#endif
88 while (num) 91 while (num) {
89 { 92 mul_add(rp[0], ap[0], w, c1);
90 mul_add(rp[0],ap[0],w,c1); 93 ap++;
91 ap++; rp++; num--; 94 rp++;
92 } 95 num--;
93 96 }
94 return(c1);
95 }
96 97
97BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) 98 return (c1);
98 { 99}
99 BN_ULONG c1=0; 100
101BN_ULONG
102bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
103{
104 BN_ULONG c1 = 0;
100 105
101 assert(num >= 0); 106 assert(num >= 0);
102 if (num <= 0) return(c1); 107 if (num <= 0)
108 return (c1);
103 109
104#ifndef OPENSSL_SMALL_FOOTPRINT 110#ifndef OPENSSL_SMALL_FOOTPRINT
105 while (num&~3) 111 while (num & ~3) {
106 { 112 mul(rp[0], ap[0], w, c1);
107 mul(rp[0],ap[0],w,c1); 113 mul(rp[1], ap[1], w, c1);
108 mul(rp[1],ap[1],w,c1); 114 mul(rp[2], ap[2], w, c1);
109 mul(rp[2],ap[2],w,c1); 115 mul(rp[3], ap[3], w, c1);
110 mul(rp[3],ap[3],w,c1); 116 ap += 4;
111 ap+=4; rp+=4; num-=4; 117 rp += 4;
112 } 118 num -= 4;
119 }
113#endif 120#endif
114 while (num) 121 while (num) {
115 { 122 mul(rp[0], ap[0], w, c1);
116 mul(rp[0],ap[0],w,c1); 123 ap++;
117 ap++; rp++; num--; 124 rp++;
118 } 125 num--;
119 return(c1); 126 }
120 } 127 return (c1);
128}
121 129
122void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) 130void
123 { 131bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
132{
124 assert(n >= 0); 133 assert(n >= 0);
125 if (n <= 0) return; 134 if (n <= 0)
135 return;
126 136
127#ifndef OPENSSL_SMALL_FOOTPRINT 137#ifndef OPENSSL_SMALL_FOOTPRINT
128 while (n&~3) 138 while (n & ~3) {
129 { 139 sqr(r[0], r[1], a[0]);
130 sqr(r[0],r[1],a[0]); 140 sqr(r[2], r[3], a[1]);
131 sqr(r[2],r[3],a[1]); 141 sqr(r[4], r[5], a[2]);
132 sqr(r[4],r[5],a[2]); 142 sqr(r[6], r[7], a[3]);
133 sqr(r[6],r[7],a[3]); 143 a += 4;
134 a+=4; r+=8; n-=4; 144 r += 8;
135 } 145 n -= 4;
146 }
136#endif 147#endif
137 while (n) 148 while (n) {
138 { 149 sqr(r[0], r[1], a[0]);
139 sqr(r[0],r[1],a[0]); 150 a++;
140 a++; r+=2; n--; 151 r += 2;
141 } 152 n--;
142 } 153 }
154}
143 155
144#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */ 156#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
145 157
146BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) 158BN_ULONG
147 { 159bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
148 BN_ULONG c=0; 160{
149 BN_ULONG bl,bh; 161 BN_ULONG c = 0;
162 BN_ULONG bl, bh;
150 163
151 assert(num >= 0); 164 assert(num >= 0);
152 if (num <= 0) return((BN_ULONG)0); 165 if (num <= 0)
166 return ((BN_ULONG)0);
153 167
154 bl=LBITS(w); 168 bl = LBITS(w);
155 bh=HBITS(w); 169 bh = HBITS(w);
156 170
157#ifndef OPENSSL_SMALL_FOOTPRINT 171#ifndef OPENSSL_SMALL_FOOTPRINT
158 while (num&~3) 172 while (num & ~3) {
159 { 173 mul_add(rp[0], ap[0], bl, bh, c);
160 mul_add(rp[0],ap[0],bl,bh,c); 174 mul_add(rp[1], ap[1], bl, bh, c);
161 mul_add(rp[1],ap[1],bl,bh,c); 175 mul_add(rp[2], ap[2], bl, bh, c);
162 mul_add(rp[2],ap[2],bl,bh,c); 176 mul_add(rp[3], ap[3], bl, bh, c);
163 mul_add(rp[3],ap[3],bl,bh,c); 177 ap += 4;
164 ap+=4; rp+=4; num-=4; 178 rp += 4;
165 } 179 num -= 4;
180 }
166#endif 181#endif
167 while (num) 182 while (num) {
168 { 183 mul_add(rp[0], ap[0], bl, bh, c);
169 mul_add(rp[0],ap[0],bl,bh,c); 184 ap++;
170 ap++; rp++; num--; 185 rp++;
171 } 186 num--;
172 return(c); 187 }
173 } 188 return (c);
189}
174 190
175BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) 191BN_ULONG
176 { 192bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
177 BN_ULONG carry=0; 193{
178 BN_ULONG bl,bh; 194 BN_ULONG carry = 0;
195 BN_ULONG bl, bh;
179 196
180 assert(num >= 0); 197 assert(num >= 0);
181 if (num <= 0) return((BN_ULONG)0); 198 if (num <= 0)
199 return ((BN_ULONG)0);
182 200
183 bl=LBITS(w); 201 bl = LBITS(w);
184 bh=HBITS(w); 202 bh = HBITS(w);
185 203
186#ifndef OPENSSL_SMALL_FOOTPRINT 204#ifndef OPENSSL_SMALL_FOOTPRINT
187 while (num&~3) 205 while (num & ~3) {
188 { 206 mul(rp[0], ap[0], bl, bh, carry);
189 mul(rp[0],ap[0],bl,bh,carry); 207 mul(rp[1], ap[1], bl, bh, carry);
190 mul(rp[1],ap[1],bl,bh,carry); 208 mul(rp[2], ap[2], bl, bh, carry);
191 mul(rp[2],ap[2],bl,bh,carry); 209 mul(rp[3], ap[3], bl, bh, carry);
192 mul(rp[3],ap[3],bl,bh,carry); 210 ap += 4;
193 ap+=4; rp+=4; num-=4; 211 rp += 4;
194 } 212 num -= 4;
213 }
195#endif 214#endif
196 while (num) 215 while (num) {
197 { 216 mul(rp[0], ap[0], bl, bh, carry);
198 mul(rp[0],ap[0],bl,bh,carry); 217 ap++;
199 ap++; rp++; num--; 218 rp++;
200 } 219 num--;
201 return(carry); 220 }
202 } 221 return (carry);
222}
203 223
204void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) 224void
205 { 225bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
226{
206 assert(n >= 0); 227 assert(n >= 0);
207 if (n <= 0) return; 228 if (n <= 0)
229 return;
208 230
209#ifndef OPENSSL_SMALL_FOOTPRINT 231#ifndef OPENSSL_SMALL_FOOTPRINT
210 while (n&~3) 232 while (n & ~3) {
211 { 233 sqr64(r[0], r[1], a[0]);
212 sqr64(r[0],r[1],a[0]); 234 sqr64(r[2], r[3], a[1]);
213 sqr64(r[2],r[3],a[1]); 235 sqr64(r[4], r[5], a[2]);
214 sqr64(r[4],r[5],a[2]); 236 sqr64(r[6], r[7], a[3]);
215 sqr64(r[6],r[7],a[3]); 237 a += 4;
216 a+=4; r+=8; n-=4; 238 r += 8;
217 } 239 n -= 4;
240 }
218#endif 241#endif
219 while (n) 242 while (n) {
220 { 243 sqr64(r[0], r[1], a[0]);
221 sqr64(r[0],r[1],a[0]); 244 a++;
222 a++; r+=2; n--; 245 r += 2;
223 } 246 n--;
224 } 247 }
248}
225 249
226#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */ 250#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
227 251
228#if defined(BN_LLONG) && defined(BN_DIV2W) 252#if defined(BN_LLONG) && defined(BN_DIV2W)
229 253
230BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) 254BN_ULONG
231 { 255bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
232 return((BN_ULONG)(((((BN_ULLONG)h)<<BN_BITS2)|l)/(BN_ULLONG)d)); 256{
233 } 257 return ((BN_ULONG)(((((BN_ULLONG)h) << BN_BITS2)|l)/(BN_ULLONG)d));
258}
234 259
235#else 260#else
236 261
237/* Divide h,l by d and return the result. */ 262/* Divide h,l by d and return the result. */
238/* I need to test this some more :-( */ 263/* I need to test this some more :-( */
239BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) 264BN_ULONG
240 { 265bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
241 BN_ULONG dh,dl,q,ret=0,th,tl,t; 266{
242 int i,count=2; 267 BN_ULONG dh, dl, q,ret = 0, th, tl, t;
243 268 int i, count = 2;
244 if (d == 0) return(BN_MASK2); 269
245 270 if (d == 0)
246 i=BN_num_bits_word(d); 271 return (BN_MASK2);
247 assert((i == BN_BITS2) || (h <= (BN_ULONG)1<<i)); 272
248 273 i = BN_num_bits_word(d);
249 i=BN_BITS2-i; 274 assert((i == BN_BITS2) || (h <= (BN_ULONG)1 << i));
250 if (h >= d) h-=d; 275
251 276 i = BN_BITS2 - i;
252 if (i) 277 if (h >= d)
253 { 278 h -= d;
254 d<<=i; 279
255 h=(h<<i)|(l>>(BN_BITS2-i)); 280 if (i) {
256 l<<=i; 281 d <<= i;
257 } 282 h = (h << i) | (l >> (BN_BITS2 - i));
258 dh=(d&BN_MASK2h)>>BN_BITS4; 283 l <<= i;
259 dl=(d&BN_MASK2l); 284 }
260 for (;;) 285 dh = (d & BN_MASK2h) >> BN_BITS4;
261 { 286 dl = (d & BN_MASK2l);
262 if ((h>>BN_BITS4) == dh) 287 for (;;) {
263 q=BN_MASK2l; 288 if ((h >> BN_BITS4) == dh)
289 q = BN_MASK2l;
264 else 290 else
265 q=h/dh; 291 q = h / dh;
266 292
267 th=q*dh; 293 th = q * dh;
268 tl=dl*q; 294 tl = dl * q;
269 for (;;) 295 for (;;) {
270 { 296 t = h - th;
271 t=h-th; 297 if ((t & BN_MASK2h) ||
272 if ((t&BN_MASK2h) || 298 ((tl) <= (
273 ((tl) <= ( 299 (t << BN_BITS4) |
274 (t<<BN_BITS4)| 300 ((l & BN_MASK2h) >> BN_BITS4))))
275 ((l&BN_MASK2h)>>BN_BITS4))))
276 break; 301 break;
277 q--; 302 q--;
278 th-=dh; 303 th -= dh;
279 tl-=dl; 304 tl -= dl;
280 } 305 }
281 t=(tl>>BN_BITS4); 306 t = (tl >> BN_BITS4);
282 tl=(tl<<BN_BITS4)&BN_MASK2h; 307 tl = (tl << BN_BITS4) & BN_MASK2h;
283 th+=t; 308 th += t;
284 309
285 if (l < tl) th++; 310 if (l < tl)
286 l-=tl; 311 th++;
287 if (h < th) 312 l -= tl;
288 { 313 if (h < th) {
289 h+=d; 314 h += d;
290 q--; 315 q--;
291 } 316 }
292 h-=th; 317 h -= th;
293 318
294 if (--count == 0) break; 319 if (--count == 0)
320 break;
295 321
296 ret=q<<BN_BITS4; 322 ret = q << BN_BITS4;
297 h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2; 323 h = ((h << BN_BITS4) | (l >> BN_BITS4)) & BN_MASK2;
298 l=(l&BN_MASK2l)<<BN_BITS4; 324 l = (l & BN_MASK2l) << BN_BITS4;
299 }
300 ret|=q;
301 return(ret);
302 } 325 }
326 ret |= q;
327 return (ret);
328}
303#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */ 329#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
304 330
305#ifdef BN_LLONG 331#ifdef BN_LLONG
306BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) 332BN_ULONG
307 { 333bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
308 BN_ULLONG ll=0; 334{
335 BN_ULLONG ll = 0;
309 336
310 assert(n >= 0); 337 assert(n >= 0);
311 if (n <= 0) return((BN_ULONG)0); 338 if (n <= 0)
339 return ((BN_ULONG)0);
312 340
313#ifndef OPENSSL_SMALL_FOOTPRINT 341#ifndef OPENSSL_SMALL_FOOTPRINT
314 while (n&~3) 342 while (n & ~3) {
315 { 343 ll += (BN_ULLONG)a[0] + b[0];
316 ll+=(BN_ULLONG)a[0]+b[0]; 344 r[0] = (BN_ULONG)ll & BN_MASK2;
317 r[0]=(BN_ULONG)ll&BN_MASK2; 345 ll >>= BN_BITS2;
318 ll>>=BN_BITS2; 346 ll += (BN_ULLONG)a[1] + b[1];
319 ll+=(BN_ULLONG)a[1]+b[1]; 347 r[1] = (BN_ULONG)ll & BN_MASK2;
320 r[1]=(BN_ULONG)ll&BN_MASK2; 348 ll >>= BN_BITS2;
321 ll>>=BN_BITS2; 349 ll += (BN_ULLONG)a[2] + b[2];
322 ll+=(BN_ULLONG)a[2]+b[2]; 350 r[2] = (BN_ULONG)ll & BN_MASK2;
323 r[2]=(BN_ULONG)ll&BN_MASK2; 351 ll >>= BN_BITS2;
324 ll>>=BN_BITS2; 352 ll += (BN_ULLONG)a[3] + b[3];
325 ll+=(BN_ULLONG)a[3]+b[3]; 353 r[3] = (BN_ULONG)ll & BN_MASK2;
326 r[3]=(BN_ULONG)ll&BN_MASK2; 354 ll >>= BN_BITS2;
327 ll>>=BN_BITS2; 355 a += 4;
328 a+=4; b+=4; r+=4; n-=4; 356 b += 4;
329 } 357 r += 4;
358 n -= 4;
359 }
330#endif 360#endif
331 while (n) 361 while (n) {
332 { 362 ll += (BN_ULLONG)a[0] + b[0];
333 ll+=(BN_ULLONG)a[0]+b[0]; 363 r[0] = (BN_ULONG)ll & BN_MASK2;
334 r[0]=(BN_ULONG)ll&BN_MASK2; 364 ll >>= BN_BITS2;
335 ll>>=BN_BITS2; 365 a++;
336 a++; b++; r++; n--; 366 b++;
337 } 367 r++;
338 return((BN_ULONG)ll); 368 n--;
339 } 369 }
370 return ((BN_ULONG)ll);
371}
340#else /* !BN_LLONG */ 372#else /* !BN_LLONG */
341BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) 373BN_ULONG
342 { 374bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
343 BN_ULONG c,l,t; 375{
376 BN_ULONG c, l, t;
344 377
345 assert(n >= 0); 378 assert(n >= 0);
346 if (n <= 0) return((BN_ULONG)0); 379 if (n <= 0)
380 return ((BN_ULONG)0);
347 381
348 c=0; 382 c = 0;
349#ifndef OPENSSL_SMALL_FOOTPRINT 383#ifndef OPENSSL_SMALL_FOOTPRINT
350 while (n&~3) 384 while (n & ~3) {
351 { 385 t = a[0];
352 t=a[0]; 386 t = (t + c) & BN_MASK2;
353 t=(t+c)&BN_MASK2; 387 c = (t < c);
354 c=(t < c); 388 l = (t + b[0]) & BN_MASK2;
355 l=(t+b[0])&BN_MASK2; 389 c += (l < t);
356 c+=(l < t); 390 r[0] = l;
357 r[0]=l; 391 t = a[1];
358 t=a[1]; 392 t = (t + c) & BN_MASK2;
359 t=(t+c)&BN_MASK2; 393 c = (t < c);
360 c=(t < c); 394 l = (t + b[1]) & BN_MASK2;
361 l=(t+b[1])&BN_MASK2; 395 c += (l < t);
362 c+=(l < t); 396 r[1] = l;
363 r[1]=l; 397 t = a[2];
364 t=a[2]; 398 t = (t + c) & BN_MASK2;
365 t=(t+c)&BN_MASK2; 399 c = (t < c);
366 c=(t < c); 400 l = (t + b[2]) & BN_MASK2;
367 l=(t+b[2])&BN_MASK2; 401 c += (l < t);
368 c+=(l < t); 402 r[2] = l;
369 r[2]=l; 403 t = a[3];
370 t=a[3]; 404 t = (t + c) & BN_MASK2;
371 t=(t+c)&BN_MASK2; 405 c = (t < c);
372 c=(t < c); 406 l = (t + b[3]) & BN_MASK2;
373 l=(t+b[3])&BN_MASK2; 407 c += (l < t);
374 c+=(l < t); 408 r[3] = l;
375 r[3]=l; 409 a += 4;
376 a+=4; b+=4; r+=4; n-=4; 410 b += 4;
377 } 411 r += 4;
412 n -= 4;
413 }
378#endif 414#endif
379 while(n) 415 while (n) {
380 { 416 t = a[0];
381 t=a[0]; 417 t = (t + c) & BN_MASK2;
382 t=(t+c)&BN_MASK2; 418 c = (t < c);
383 c=(t < c); 419 l = (t + b[0]) & BN_MASK2;
384 l=(t+b[0])&BN_MASK2; 420 c += (l < t);
385 c+=(l < t); 421 r[0] = l;
386 r[0]=l; 422 a++;
387 a++; b++; r++; n--; 423 b++;
388 } 424 r++;
389 return((BN_ULONG)c); 425 n--;
390 } 426 }
427 return ((BN_ULONG)c);
428}
391#endif /* !BN_LLONG */ 429#endif /* !BN_LLONG */
392 430
393BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) 431BN_ULONG
394 { 432bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
395 BN_ULONG t1,t2; 433{
396 int c=0; 434 BN_ULONG t1, t2;
435 int c = 0;
397 436
398 assert(n >= 0); 437 assert(n >= 0);
399 if (n <= 0) return((BN_ULONG)0); 438 if (n <= 0)
439 return ((BN_ULONG)0);
400 440
401#ifndef OPENSSL_SMALL_FOOTPRINT 441#ifndef OPENSSL_SMALL_FOOTPRINT
402 while (n&~3) 442 while (n&~3) {
403 { 443 t1 = a[0];
404 t1=a[0]; t2=b[0]; 444 t2 = b[0];
405 r[0]=(t1-t2-c)&BN_MASK2; 445 r[0] = (t1 - t2 - c) & BN_MASK2;
406 if (t1 != t2) c=(t1 < t2); 446 if (t1 != t2)
407 t1=a[1]; t2=b[1]; 447 c = (t1 < t2);
408 r[1]=(t1-t2-c)&BN_MASK2; 448 t1 = a[1];
409 if (t1 != t2) c=(t1 < t2); 449 t2 = b[1];
410 t1=a[2]; t2=b[2]; 450 r[1] = (t1 - t2 - c) & BN_MASK2;
411 r[2]=(t1-t2-c)&BN_MASK2; 451 if (t1 != t2)
412 if (t1 != t2) c=(t1 < t2); 452 c = (t1 < t2);
413 t1=a[3]; t2=b[3]; 453 t1 = a[2];
414 r[3]=(t1-t2-c)&BN_MASK2; 454 t2 = b[2];
415 if (t1 != t2) c=(t1 < t2); 455 r[2] = (t1 - t2 - c) & BN_MASK2;
416 a+=4; b+=4; r+=4; n-=4; 456 if (t1 != t2)
417 } 457 c = (t1 < t2);
458 t1 = a[3];
459 t2 = b[3];
460 r[3] = (t1 - t2 - c) & BN_MASK2;
461 if (t1 != t2)
462 c = (t1 < t2);
463 a += 4;
464 b += 4;
465 r += 4;
466 n -= 4;
467 }
418#endif 468#endif
419 while (n) 469 while (n) {
420 { 470 t1 = a[0];
421 t1=a[0]; t2=b[0]; 471 t2 = b[0];
422 r[0]=(t1-t2-c)&BN_MASK2; 472 r[0] = (t1 - t2 - c) & BN_MASK2;
423 if (t1 != t2) c=(t1 < t2); 473 if (t1 != t2)
424 a++; b++; r++; n--; 474 c = (t1 < t2);
425 } 475 a++;
426 return(c); 476 b++;
477 r++;
478 n--;
427 } 479 }
480 return (c);
481}
428 482
429#if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT) 483#if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT)
430 484
@@ -554,279 +608,283 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
554 mul_add_c2((a)[i],(a)[j],c0,c1,c2) 608 mul_add_c2((a)[i],(a)[j],c0,c1,c2)
555#endif /* !BN_LLONG */ 609#endif /* !BN_LLONG */
556 610
557void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) 611void
558 { 612bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
613{
559#ifdef BN_LLONG 614#ifdef BN_LLONG
560 BN_ULLONG t; 615 BN_ULLONG t;
561#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH) 616#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
562 BN_ULONG bl,bh; 617 BN_ULONG bl, bh;
563#endif 618#endif
564 BN_ULONG t1,t2; 619 BN_ULONG t1, t2;
565 BN_ULONG c1,c2,c3; 620 BN_ULONG c1, c2, c3;
566 621
567 c1=0; 622 c1 = 0;
568 c2=0; 623 c2 = 0;
569 c3=0; 624 c3 = 0;
570 mul_add_c(a[0],b[0],c1,c2,c3); 625 mul_add_c(a[0], b[0], c1, c2, c3);
571 r[0]=c1; 626 r[0] = c1;
572 c1=0; 627 c1 = 0;
573 mul_add_c(a[0],b[1],c2,c3,c1); 628 mul_add_c(a[0], b[1], c2, c3, c1);
574 mul_add_c(a[1],b[0],c2,c3,c1); 629 mul_add_c(a[1], b[0], c2, c3, c1);
575 r[1]=c2; 630 r[1] = c2;
576 c2=0; 631 c2 = 0;
577 mul_add_c(a[2],b[0],c3,c1,c2); 632 mul_add_c(a[2], b[0], c3, c1, c2);
578 mul_add_c(a[1],b[1],c3,c1,c2); 633 mul_add_c(a[1], b[1], c3, c1, c2);
579 mul_add_c(a[0],b[2],c3,c1,c2); 634 mul_add_c(a[0], b[2], c3, c1, c2);
580 r[2]=c3; 635 r[2] = c3;
581 c3=0; 636 c3 = 0;
582 mul_add_c(a[0],b[3],c1,c2,c3); 637 mul_add_c(a[0], b[3], c1, c2, c3);
583 mul_add_c(a[1],b[2],c1,c2,c3); 638 mul_add_c(a[1], b[2], c1, c2, c3);
584 mul_add_c(a[2],b[1],c1,c2,c3); 639 mul_add_c(a[2], b[1], c1, c2, c3);
585 mul_add_c(a[3],b[0],c1,c2,c3); 640 mul_add_c(a[3], b[0], c1, c2, c3);
586 r[3]=c1; 641 r[3] = c1;
587 c1=0; 642 c1 = 0;
588 mul_add_c(a[4],b[0],c2,c3,c1); 643 mul_add_c(a[4], b[0], c2, c3, c1);
589 mul_add_c(a[3],b[1],c2,c3,c1); 644 mul_add_c(a[3], b[1], c2, c3, c1);
590 mul_add_c(a[2],b[2],c2,c3,c1); 645 mul_add_c(a[2], b[2], c2, c3, c1);
591 mul_add_c(a[1],b[3],c2,c3,c1); 646 mul_add_c(a[1], b[3], c2, c3, c1);
592 mul_add_c(a[0],b[4],c2,c3,c1); 647 mul_add_c(a[0], b[4], c2, c3, c1);
593 r[4]=c2; 648 r[4] = c2;
594 c2=0; 649 c2 = 0;
595 mul_add_c(a[0],b[5],c3,c1,c2); 650 mul_add_c(a[0], b[5], c3, c1, c2);
596 mul_add_c(a[1],b[4],c3,c1,c2); 651 mul_add_c(a[1], b[4], c3, c1, c2);
597 mul_add_c(a[2],b[3],c3,c1,c2); 652 mul_add_c(a[2], b[3], c3, c1, c2);
598 mul_add_c(a[3],b[2],c3,c1,c2); 653 mul_add_c(a[3], b[2], c3, c1, c2);
599 mul_add_c(a[4],b[1],c3,c1,c2); 654 mul_add_c(a[4], b[1], c3, c1, c2);
600 mul_add_c(a[5],b[0],c3,c1,c2); 655 mul_add_c(a[5], b[0], c3, c1, c2);
601 r[5]=c3; 656 r[5] = c3;
602 c3=0; 657 c3 = 0;
603 mul_add_c(a[6],b[0],c1,c2,c3); 658 mul_add_c(a[6], b[0], c1, c2, c3);
604 mul_add_c(a[5],b[1],c1,c2,c3); 659 mul_add_c(a[5], b[1], c1, c2, c3);
605 mul_add_c(a[4],b[2],c1,c2,c3); 660 mul_add_c(a[4], b[2], c1, c2, c3);
606 mul_add_c(a[3],b[3],c1,c2,c3); 661 mul_add_c(a[3], b[3], c1, c2, c3);
607 mul_add_c(a[2],b[4],c1,c2,c3); 662 mul_add_c(a[2], b[4], c1, c2, c3);
608 mul_add_c(a[1],b[5],c1,c2,c3); 663 mul_add_c(a[1], b[5], c1, c2, c3);
609 mul_add_c(a[0],b[6],c1,c2,c3); 664 mul_add_c(a[0], b[6], c1, c2, c3);
610 r[6]=c1; 665 r[6] = c1;
611 c1=0; 666 c1 = 0;
612 mul_add_c(a[0],b[7],c2,c3,c1); 667 mul_add_c(a[0], b[7], c2, c3, c1);
613 mul_add_c(a[1],b[6],c2,c3,c1); 668 mul_add_c(a[1], b[6], c2, c3, c1);
614 mul_add_c(a[2],b[5],c2,c3,c1); 669 mul_add_c(a[2], b[5], c2, c3, c1);
615 mul_add_c(a[3],b[4],c2,c3,c1); 670 mul_add_c(a[3], b[4], c2, c3, c1);
616 mul_add_c(a[4],b[3],c2,c3,c1); 671 mul_add_c(a[4], b[3], c2, c3, c1);
617 mul_add_c(a[5],b[2],c2,c3,c1); 672 mul_add_c(a[5], b[2], c2, c3, c1);
618 mul_add_c(a[6],b[1],c2,c3,c1); 673 mul_add_c(a[6], b[1], c2, c3, c1);
619 mul_add_c(a[7],b[0],c2,c3,c1); 674 mul_add_c(a[7], b[0], c2, c3, c1);
620 r[7]=c2; 675 r[7] = c2;
621 c2=0; 676 c2 = 0;
622 mul_add_c(a[7],b[1],c3,c1,c2); 677 mul_add_c(a[7], b[1], c3, c1, c2);
623 mul_add_c(a[6],b[2],c3,c1,c2); 678 mul_add_c(a[6], b[2], c3, c1, c2);
624 mul_add_c(a[5],b[3],c3,c1,c2); 679 mul_add_c(a[5], b[3], c3, c1, c2);
625 mul_add_c(a[4],b[4],c3,c1,c2); 680 mul_add_c(a[4], b[4], c3, c1, c2);
626 mul_add_c(a[3],b[5],c3,c1,c2); 681 mul_add_c(a[3], b[5], c3, c1, c2);
627 mul_add_c(a[2],b[6],c3,c1,c2); 682 mul_add_c(a[2], b[6], c3, c1, c2);
628 mul_add_c(a[1],b[7],c3,c1,c2); 683 mul_add_c(a[1], b[7], c3, c1, c2);
629 r[8]=c3; 684 r[8] = c3;
630 c3=0; 685 c3 = 0;
631 mul_add_c(a[2],b[7],c1,c2,c3); 686 mul_add_c(a[2], b[7], c1, c2, c3);
632 mul_add_c(a[3],b[6],c1,c2,c3); 687 mul_add_c(a[3], b[6], c1, c2, c3);
633 mul_add_c(a[4],b[5],c1,c2,c3); 688 mul_add_c(a[4], b[5], c1, c2, c3);
634 mul_add_c(a[5],b[4],c1,c2,c3); 689 mul_add_c(a[5], b[4], c1, c2, c3);
635 mul_add_c(a[6],b[3],c1,c2,c3); 690 mul_add_c(a[6], b[3], c1, c2, c3);
636 mul_add_c(a[7],b[2],c1,c2,c3); 691 mul_add_c(a[7], b[2], c1, c2, c3);
637 r[9]=c1; 692 r[9] = c1;
638 c1=0; 693 c1 = 0;
639 mul_add_c(a[7],b[3],c2,c3,c1); 694 mul_add_c(a[7], b[3], c2, c3, c1);
640 mul_add_c(a[6],b[4],c2,c3,c1); 695 mul_add_c(a[6], b[4], c2, c3, c1);
641 mul_add_c(a[5],b[5],c2,c3,c1); 696 mul_add_c(a[5], b[5], c2, c3, c1);
642 mul_add_c(a[4],b[6],c2,c3,c1); 697 mul_add_c(a[4], b[6], c2, c3, c1);
643 mul_add_c(a[3],b[7],c2,c3,c1); 698 mul_add_c(a[3], b[7], c2, c3, c1);
644 r[10]=c2; 699 r[10] = c2;
645 c2=0; 700 c2 = 0;
646 mul_add_c(a[4],b[7],c3,c1,c2); 701 mul_add_c(a[4], b[7], c3, c1, c2);
647 mul_add_c(a[5],b[6],c3,c1,c2); 702 mul_add_c(a[5], b[6], c3, c1, c2);
648 mul_add_c(a[6],b[5],c3,c1,c2); 703 mul_add_c(a[6], b[5], c3, c1, c2);
649 mul_add_c(a[7],b[4],c3,c1,c2); 704 mul_add_c(a[7], b[4], c3, c1, c2);
650 r[11]=c3; 705 r[11] = c3;
651 c3=0; 706 c3 = 0;
652 mul_add_c(a[7],b[5],c1,c2,c3); 707 mul_add_c(a[7], b[5], c1, c2, c3);
653 mul_add_c(a[6],b[6],c1,c2,c3); 708 mul_add_c(a[6], b[6], c1, c2, c3);
654 mul_add_c(a[5],b[7],c1,c2,c3); 709 mul_add_c(a[5], b[7], c1, c2, c3);
655 r[12]=c1; 710 r[12] = c1;
656 c1=0; 711 c1 = 0;
657 mul_add_c(a[6],b[7],c2,c3,c1); 712 mul_add_c(a[6], b[7], c2, c3, c1);
658 mul_add_c(a[7],b[6],c2,c3,c1); 713 mul_add_c(a[7], b[6], c2, c3, c1);
659 r[13]=c2; 714 r[13] = c2;
660 c2=0; 715 c2 = 0;
661 mul_add_c(a[7],b[7],c3,c1,c2); 716 mul_add_c(a[7], b[7], c3, c1, c2);
662 r[14]=c3; 717 r[14] = c3;
663 r[15]=c1; 718 r[15] = c1;
664 } 719}
665 720
666void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) 721void
667 { 722bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
723{
668#ifdef BN_LLONG 724#ifdef BN_LLONG
669 BN_ULLONG t; 725 BN_ULLONG t;
670#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH) 726#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
671 BN_ULONG bl,bh; 727 BN_ULONG bl, bh;
672#endif 728#endif
673 BN_ULONG t1,t2; 729 BN_ULONG t1, t2;
674 BN_ULONG c1,c2,c3; 730 BN_ULONG c1, c2, c3;
675 731
676 c1=0; 732 c1 = 0;
677 c2=0; 733 c2 = 0;
678 c3=0; 734 c3 = 0;
679 mul_add_c(a[0],b[0],c1,c2,c3); 735 mul_add_c(a[0], b[0], c1, c2, c3);
680 r[0]=c1; 736 r[0] = c1;
681 c1=0; 737 c1 = 0;
682 mul_add_c(a[0],b[1],c2,c3,c1); 738 mul_add_c(a[0], b[1], c2, c3, c1);
683 mul_add_c(a[1],b[0],c2,c3,c1); 739 mul_add_c(a[1], b[0], c2, c3, c1);
684 r[1]=c2; 740 r[1] = c2;
685 c2=0; 741 c2 = 0;
686 mul_add_c(a[2],b[0],c3,c1,c2); 742 mul_add_c(a[2], b[0], c3, c1, c2);
687 mul_add_c(a[1],b[1],c3,c1,c2); 743 mul_add_c(a[1], b[1], c3, c1, c2);
688 mul_add_c(a[0],b[2],c3,c1,c2); 744 mul_add_c(a[0], b[2], c3, c1, c2);
689 r[2]=c3; 745 r[2] = c3;
690 c3=0; 746 c3 = 0;
691 mul_add_c(a[0],b[3],c1,c2,c3); 747 mul_add_c(a[0], b[3], c1, c2, c3);
692 mul_add_c(a[1],b[2],c1,c2,c3); 748 mul_add_c(a[1], b[2], c1, c2, c3);
693 mul_add_c(a[2],b[1],c1,c2,c3); 749 mul_add_c(a[2], b[1], c1, c2, c3);
694 mul_add_c(a[3],b[0],c1,c2,c3); 750 mul_add_c(a[3], b[0], c1, c2, c3);
695 r[3]=c1; 751 r[3] = c1;
696 c1=0; 752 c1 = 0;
697 mul_add_c(a[3],b[1],c2,c3,c1); 753 mul_add_c(a[3], b[1], c2, c3, c1);
698 mul_add_c(a[2],b[2],c2,c3,c1); 754 mul_add_c(a[2], b[2], c2, c3, c1);
699 mul_add_c(a[1],b[3],c2,c3,c1); 755 mul_add_c(a[1], b[3], c2, c3, c1);
700 r[4]=c2; 756 r[4] = c2;
701 c2=0; 757 c2 = 0;
702 mul_add_c(a[2],b[3],c3,c1,c2); 758 mul_add_c(a[2], b[3], c3, c1, c2);
703 mul_add_c(a[3],b[2],c3,c1,c2); 759 mul_add_c(a[3], b[2], c3, c1, c2);
704 r[5]=c3; 760 r[5] = c3;
705 c3=0; 761 c3 = 0;
706 mul_add_c(a[3],b[3],c1,c2,c3); 762 mul_add_c(a[3], b[3], c1, c2, c3);
707 r[6]=c1; 763 r[6] = c1;
708 r[7]=c2; 764 r[7] = c2;
709 } 765}
710 766
711void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) 767void
712 { 768bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
769{
713#ifdef BN_LLONG 770#ifdef BN_LLONG
714 BN_ULLONG t,tt; 771 BN_ULLONG t, tt;
715#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH) 772#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
716 BN_ULONG bl,bh; 773 BN_ULONG bl, bh;
717#endif 774#endif
718 BN_ULONG t1,t2; 775 BN_ULONG t1, t2;
719 BN_ULONG c1,c2,c3; 776 BN_ULONG c1, c2, c3;
720 777
721 c1=0; 778 c1 = 0;
722 c2=0; 779 c2 = 0;
723 c3=0; 780 c3 = 0;
724 sqr_add_c(a,0,c1,c2,c3); 781 sqr_add_c(a, 0, c1, c2, c3);
725 r[0]=c1; 782 r[0] = c1;
726 c1=0; 783 c1 = 0;
727 sqr_add_c2(a,1,0,c2,c3,c1); 784 sqr_add_c2(a, 1, 0, c2, c3, c1);
728 r[1]=c2; 785 r[1] = c2;
729 c2=0; 786 c2 = 0;
730 sqr_add_c(a,1,c3,c1,c2); 787 sqr_add_c(a, 1, c3, c1, c2);
731 sqr_add_c2(a,2,0,c3,c1,c2); 788 sqr_add_c2(a, 2, 0, c3, c1, c2);
732 r[2]=c3; 789 r[2] = c3;
733 c3=0; 790 c3 = 0;
734 sqr_add_c2(a,3,0,c1,c2,c3); 791 sqr_add_c2(a, 3, 0, c1, c2, c3);
735 sqr_add_c2(a,2,1,c1,c2,c3); 792 sqr_add_c2(a, 2, 1, c1, c2, c3);
736 r[3]=c1; 793 r[3] = c1;
737 c1=0; 794 c1 = 0;
738 sqr_add_c(a,2,c2,c3,c1); 795 sqr_add_c(a, 2, c2, c3, c1);
739 sqr_add_c2(a,3,1,c2,c3,c1); 796 sqr_add_c2(a, 3, 1, c2, c3, c1);
740 sqr_add_c2(a,4,0,c2,c3,c1); 797 sqr_add_c2(a, 4, 0, c2, c3, c1);
741 r[4]=c2; 798 r[4] = c2;
742 c2=0; 799 c2 = 0;
743 sqr_add_c2(a,5,0,c3,c1,c2); 800 sqr_add_c2(a, 5, 0, c3, c1, c2);
744 sqr_add_c2(a,4,1,c3,c1,c2); 801 sqr_add_c2(a, 4, 1, c3, c1, c2);
745 sqr_add_c2(a,3,2,c3,c1,c2); 802 sqr_add_c2(a, 3, 2, c3, c1, c2);
746 r[5]=c3; 803 r[5] = c3;
747 c3=0; 804 c3 = 0;
748 sqr_add_c(a,3,c1,c2,c3); 805 sqr_add_c(a, 3, c1, c2, c3);
749 sqr_add_c2(a,4,2,c1,c2,c3); 806 sqr_add_c2(a, 4, 2, c1, c2, c3);
750 sqr_add_c2(a,5,1,c1,c2,c3); 807 sqr_add_c2(a, 5, 1, c1, c2, c3);
751 sqr_add_c2(a,6,0,c1,c2,c3); 808 sqr_add_c2(a, 6, 0, c1, c2, c3);
752 r[6]=c1; 809 r[6] = c1;
753 c1=0; 810 c1 = 0;
754 sqr_add_c2(a,7,0,c2,c3,c1); 811 sqr_add_c2(a, 7, 0, c2, c3, c1);
755 sqr_add_c2(a,6,1,c2,c3,c1); 812 sqr_add_c2(a, 6, 1, c2, c3, c1);
756 sqr_add_c2(a,5,2,c2,c3,c1); 813 sqr_add_c2(a, 5, 2, c2, c3, c1);
757 sqr_add_c2(a,4,3,c2,c3,c1); 814 sqr_add_c2(a, 4, 3, c2, c3, c1);
758 r[7]=c2; 815 r[7] = c2;
759 c2=0; 816 c2 = 0;
760 sqr_add_c(a,4,c3,c1,c2); 817 sqr_add_c(a, 4, c3, c1, c2);
761 sqr_add_c2(a,5,3,c3,c1,c2); 818 sqr_add_c2(a, 5, 3, c3, c1, c2);
762 sqr_add_c2(a,6,2,c3,c1,c2); 819 sqr_add_c2(a, 6, 2, c3, c1, c2);
763 sqr_add_c2(a,7,1,c3,c1,c2); 820 sqr_add_c2(a, 7, 1, c3, c1, c2);
764 r[8]=c3; 821 r[8] = c3;
765 c3=0; 822 c3 = 0;
766 sqr_add_c2(a,7,2,c1,c2,c3); 823 sqr_add_c2(a, 7, 2, c1, c2, c3);
767 sqr_add_c2(a,6,3,c1,c2,c3); 824 sqr_add_c2(a, 6, 3, c1, c2, c3);
768 sqr_add_c2(a,5,4,c1,c2,c3); 825 sqr_add_c2(a, 5, 4, c1, c2, c3);
769 r[9]=c1; 826 r[9] = c1;
770 c1=0; 827 c1 = 0;
771 sqr_add_c(a,5,c2,c3,c1); 828 sqr_add_c(a, 5, c2, c3, c1);
772 sqr_add_c2(a,6,4,c2,c3,c1); 829 sqr_add_c2(a, 6, 4, c2, c3, c1);
773 sqr_add_c2(a,7,3,c2,c3,c1); 830 sqr_add_c2(a, 7, 3, c2, c3, c1);
774 r[10]=c2; 831 r[10] = c2;
775 c2=0; 832 c2 = 0;
776 sqr_add_c2(a,7,4,c3,c1,c2); 833 sqr_add_c2(a, 7, 4, c3, c1, c2);
777 sqr_add_c2(a,6,5,c3,c1,c2); 834 sqr_add_c2(a, 6, 5, c3, c1, c2);
778 r[11]=c3; 835 r[11] = c3;
779 c3=0; 836 c3 = 0;
780 sqr_add_c(a,6,c1,c2,c3); 837 sqr_add_c(a, 6, c1, c2, c3);
781 sqr_add_c2(a,7,5,c1,c2,c3); 838 sqr_add_c2(a, 7, 5, c1, c2, c3);
782 r[12]=c1; 839 r[12] = c1;
783 c1=0; 840 c1 = 0;
784 sqr_add_c2(a,7,6,c2,c3,c1); 841 sqr_add_c2(a, 7, 6, c2, c3, c1);
785 r[13]=c2; 842 r[13] = c2;
786 c2=0; 843 c2 = 0;
787 sqr_add_c(a,7,c3,c1,c2); 844 sqr_add_c(a, 7, c3, c1, c2);
788 r[14]=c3; 845 r[14] = c3;
789 r[15]=c1; 846 r[15] = c1;
790 } 847}
791 848
792void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) 849void
793 { 850bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
851{
794#ifdef BN_LLONG 852#ifdef BN_LLONG
795 BN_ULLONG t,tt; 853 BN_ULLONG t, tt;
796#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH) 854#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
797 BN_ULONG bl,bh; 855 BN_ULONG bl, bh;
798#endif 856#endif
799 BN_ULONG t1,t2; 857 BN_ULONG t1, t2;
800 BN_ULONG c1,c2,c3; 858 BN_ULONG c1, c2, c3;
801 859
802 c1=0; 860 c1 = 0;
803 c2=0; 861 c2 = 0;
804 c3=0; 862 c3 = 0;
805 sqr_add_c(a,0,c1,c2,c3); 863 sqr_add_c(a, 0, c1, c2, c3);
806 r[0]=c1; 864 r[0] = c1;
807 c1=0; 865 c1 = 0;
808 sqr_add_c2(a,1,0,c2,c3,c1); 866 sqr_add_c2(a, 1, 0, c2, c3, c1);
809 r[1]=c2; 867 r[1] = c2;
810 c2=0; 868 c2 = 0;
811 sqr_add_c(a,1,c3,c1,c2); 869 sqr_add_c(a, 1, c3, c1, c2);
812 sqr_add_c2(a,2,0,c3,c1,c2); 870 sqr_add_c2(a, 2, 0, c3, c1, c2);
813 r[2]=c3; 871 r[2] = c3;
814 c3=0; 872 c3 = 0;
815 sqr_add_c2(a,3,0,c1,c2,c3); 873 sqr_add_c2(a, 3, 0, c1, c2, c3);
816 sqr_add_c2(a,2,1,c1,c2,c3); 874 sqr_add_c2(a, 2, 1, c1, c2, c3);
817 r[3]=c1; 875 r[3] = c1;
818 c1=0; 876 c1 = 0;
819 sqr_add_c(a,2,c2,c3,c1); 877 sqr_add_c(a, 2, c2, c3, c1);
820 sqr_add_c2(a,3,1,c2,c3,c1); 878 sqr_add_c2(a, 3, 1, c2, c3, c1);
821 r[4]=c2; 879 r[4] = c2;
822 c2=0; 880 c2 = 0;
823 sqr_add_c2(a,3,2,c3,c1,c2); 881 sqr_add_c2(a, 3, 2, c3, c1, c2);
824 r[5]=c3; 882 r[5] = c3;
825 c3=0; 883 c3 = 0;
826 sqr_add_c(a,3,c1,c2,c3); 884 sqr_add_c(a, 3, c1, c2, c3);
827 r[6]=c1; 885 r[6] = c1;
828 r[7]=c2; 886 r[7] = c2;
829 } 887}
830 888
831#ifdef OPENSSL_NO_ASM 889#ifdef OPENSSL_NO_ASM
832#ifdef OPENSSL_BN_ASM_MONT 890#ifdef OPENSSL_BN_ASM_MONT
@@ -844,19 +902,21 @@ void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
844 * versions. Assembler vs. assembler improvement coefficients can 902 * versions. Assembler vs. assembler improvement coefficients can
845 * [and are known to] differ and are to be documented elsewhere. 903 * [and are known to] differ and are to be documented elsewhere.
846 */ 904 */
847int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0p, int num) 905int
848 { 906bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0p, int num)
849 BN_ULONG c0,c1,ml,*tp,n0; 907{
908 BN_ULONG c0, c1, ml, *tp, n0;
850#ifdef mul64 909#ifdef mul64
851 BN_ULONG mh; 910 BN_ULONG mh;
852#endif 911#endif
853 volatile BN_ULONG *vp; 912 volatile BN_ULONG *vp;
854 int i=0,j; 913 int i = 0, j;
855 914
856#if 0 /* template for platform-specific implementation */ 915#if 0 /* template for platform-specific implementation */
857 if (ap==bp) return bn_sqr_mont(rp,ap,np,n0p,num); 916 if (ap == bp)
917 return bn_sqr_mont(rp, ap, np, n0p, num);
858#endif 918#endif
859 vp = tp = alloca((num+2)*sizeof(BN_ULONG)); 919 vp = tp = alloca((num + 2)*sizeof(BN_ULONG));
860 920
861 n0 = *n0p; 921 n0 = *n0p;
862 922
@@ -865,81 +925,80 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_U
865#ifdef mul64 925#ifdef mul64
866 mh = HBITS(ml); 926 mh = HBITS(ml);
867 ml = LBITS(ml); 927 ml = LBITS(ml);
868 for (j=0;j<num;++j) 928 for (j = 0; j < num; ++j)
869 mul(tp[j],ap[j],ml,mh,c0); 929 mul(tp[j], ap[j], ml, mh, c0);
870#else 930#else
871 for (j=0;j<num;++j) 931 for (j = 0; j < num; ++j)
872 mul(tp[j],ap[j],ml,c0); 932 mul(tp[j], ap[j], ml, c0);
873#endif 933#endif
874 934
875 tp[num] = c0; 935 tp[num] = c0;
876 tp[num+1] = 0; 936 tp[num + 1] = 0;
877 goto enter; 937 goto enter;
878 938
879 for(i=0;i<num;i++) 939 for (i = 0; i < num; i++) {
880 {
881 c0 = 0; 940 c0 = 0;
882 ml = bp[i]; 941 ml = bp[i];
883#ifdef mul64 942#ifdef mul64
884 mh = HBITS(ml); 943 mh = HBITS(ml);
885 ml = LBITS(ml); 944 ml = LBITS(ml);
886 for (j=0;j<num;++j) 945 for (j = 0; j < num; ++j)
887 mul_add(tp[j],ap[j],ml,mh,c0); 946 mul_add(tp[j], ap[j], ml, mh, c0);
888#else 947#else
889 for (j=0;j<num;++j) 948 for (j = 0; j < num; ++j)
890 mul_add(tp[j],ap[j],ml,c0); 949 mul_add(tp[j], ap[j], ml, c0);
891#endif 950#endif
892 c1 = (tp[num] + c0)&BN_MASK2; 951 c1 = (tp[num] + c0) & BN_MASK2;
893 tp[num] = c1; 952 tp[num] = c1;
894 tp[num+1] = (c1<c0?1:0); 953 tp[num + 1] = (c1 < c0 ? 1 : 0);
895 enter: 954enter:
896 c1 = tp[0]; 955 c1 = tp[0];
897 ml = (c1*n0)&BN_MASK2; 956 ml = (c1 * n0) & BN_MASK2;
898 c0 = 0; 957 c0 = 0;
899#ifdef mul64 958#ifdef mul64
900 mh = HBITS(ml); 959 mh = HBITS(ml);
901 ml = LBITS(ml); 960 ml = LBITS(ml);
902 mul_add(c1,np[0],ml,mh,c0); 961 mul_add(c1, np[0], ml, mh, c0);
903#else 962#else
904 mul_add(c1,ml,np[0],c0); 963 mul_add(c1, ml, np[0], c0);
905#endif 964#endif
906 for(j=1;j<num;j++) 965 for (j = 1; j < num; j++) {
907 {
908 c1 = tp[j]; 966 c1 = tp[j];
909#ifdef mul64 967#ifdef mul64
910 mul_add(c1,np[j],ml,mh,c0); 968 mul_add(c1, np[j], ml, mh, c0);
911#else 969#else
912 mul_add(c1,ml,np[j],c0); 970 mul_add(c1, ml, np[j], c0);
913#endif 971#endif
914 tp[j-1] = c1&BN_MASK2; 972 tp[j - 1] = c1 & BN_MASK2;
915 }
916 c1 = (tp[num] + c0)&BN_MASK2;
917 tp[num-1] = c1;
918 tp[num] = tp[num+1] + (c1<c0?1:0);
919 } 973 }
974 c1 = (tp[num] + c0) & BN_MASK2;
975 tp[num - 1] = c1;
976 tp[num] = tp[num + 1] + (c1 < c0 ? 1 : 0);
977 }
920 978
921 if (tp[num]!=0 || tp[num-1]>=np[num-1]) 979 if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
922 { 980 c0 = bn_sub_words(rp, tp, np, num);
923 c0 = bn_sub_words(rp,tp,np,num); 981 if (tp[num] != 0 || c0 == 0) {
924 if (tp[num]!=0 || c0==0) 982 for (i = 0; i < num + 2; i++)
925 { 983 vp[i] = 0;
926 for(i=0;i<num+2;i++) vp[i] = 0;
927 return 1; 984 return 1;
928 }
929 } 985 }
930 for(i=0;i<num;i++) rp[i] = tp[i], vp[i] = 0;
931 vp[num] = 0;
932 vp[num+1] = 0;
933 return 1;
934 } 986 }
987 for (i = 0; i < num; i++)
988 rp[i] = tp[i], vp[i] = 0;
989 vp[num] = 0;
990 vp[num + 1] = 0;
991 return 1;
992}
935#else 993#else
936/* 994/*
937 * Return value of 0 indicates that multiplication/convolution was not 995 * Return value of 0 indicates that multiplication/convolution was not
938 * performed to signal the caller to fall down to alternative/original 996 * performed to signal the caller to fall down to alternative/original
939 * code-path. 997 * code-path.
940 */ 998 */
941int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num) 999int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num)
942{ return 0; } 1000 { return 0;
1001}
943#endif /* OPENSSL_BN_ASM_MONT */ 1002#endif /* OPENSSL_BN_ASM_MONT */
944#endif 1003#endif
945 1004
@@ -947,83 +1006,94 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_U
947 1006
948/* hmm... is it faster just to do a multiply? */ 1007/* hmm... is it faster just to do a multiply? */
949#undef bn_sqr_comba4 1008#undef bn_sqr_comba4
950void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) 1009void
951 { 1010bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
1011{
952 BN_ULONG t[8]; 1012 BN_ULONG t[8];
953 bn_sqr_normal(r,a,4,t); 1013 bn_sqr_normal(r, a, 4, t);
954 } 1014}
955 1015
956#undef bn_sqr_comba8 1016#undef bn_sqr_comba8
957void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) 1017void
958 { 1018bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
1019{
959 BN_ULONG t[16]; 1020 BN_ULONG t[16];
960 bn_sqr_normal(r,a,8,t); 1021 bn_sqr_normal(r, a, 8, t);
961 } 1022}
962 1023
963void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) 1024void
964 { 1025bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
965 r[4]=bn_mul_words( &(r[0]),a,4,b[0]); 1026{
966 r[5]=bn_mul_add_words(&(r[1]),a,4,b[1]); 1027 r[4] = bn_mul_words(&(r[0]), a, 4, b[0]);
967 r[6]=bn_mul_add_words(&(r[2]),a,4,b[2]); 1028 r[5] = bn_mul_add_words(&(r[1]), a, 4, b[1]);
968 r[7]=bn_mul_add_words(&(r[3]),a,4,b[3]); 1029 r[6] = bn_mul_add_words(&(r[2]), a, 4, b[2]);
969 } 1030 r[7] = bn_mul_add_words(&(r[3]), a, 4, b[3]);
970 1031}
971void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) 1032
972 { 1033void
973 r[ 8]=bn_mul_words( &(r[0]),a,8,b[0]); 1034bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
974 r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]); 1035{
975 r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]); 1036 r[8] = bn_mul_words(&(r[0]), a, 8, b[0]);
976 r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]); 1037 r[9] = bn_mul_add_words(&(r[1]), a, 8, b[1]);
977 r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]); 1038 r[10] = bn_mul_add_words(&(r[2]), a, 8, b[2]);
978 r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]); 1039 r[11] = bn_mul_add_words(&(r[3]), a, 8, b[3]);
979 r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]); 1040 r[12] = bn_mul_add_words(&(r[4]), a, 8, b[4]);
980 r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]); 1041 r[13] = bn_mul_add_words(&(r[5]), a, 8, b[5]);
981 } 1042 r[14] = bn_mul_add_words(&(r[6]), a, 8, b[6]);
1043 r[15] = bn_mul_add_words(&(r[7]), a, 8, b[7]);
1044}
982 1045
983#ifdef OPENSSL_NO_ASM 1046#ifdef OPENSSL_NO_ASM
984#ifdef OPENSSL_BN_ASM_MONT 1047#ifdef OPENSSL_BN_ASM_MONT
985#include <alloca.h> 1048#include <alloca.h>
986int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0p, int num) 1049int
987 { 1050bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
988 BN_ULONG c0,c1,*tp,n0=*n0p; 1051 const BN_ULONG *np, const BN_ULONG *n0p, int num)
1052{
1053 BN_ULONG c0, c1, *tp, n0 = *n0p;
989 volatile BN_ULONG *vp; 1054 volatile BN_ULONG *vp;
990 int i=0,j; 1055 int i = 0, j;
991 1056
992 vp = tp = alloca((num+2)*sizeof(BN_ULONG)); 1057 vp = tp = alloca((num + 2) * sizeof(BN_ULONG));
993 1058
994 for(i=0;i<=num;i++) tp[i]=0; 1059 for(i = 0; i <= num; i++)
1060 tp[i] = 0;
995 1061
996 for(i=0;i<num;i++) 1062 for (i = 0; i < num; i++) {
997 { 1063 c0 = bn_mul_add_words(tp, ap, num, bp[i]);
998 c0 = bn_mul_add_words(tp,ap,num,bp[i]); 1064 c1 = (tp[num] + c0) & BN_MASK2;
999 c1 = (tp[num] + c0)&BN_MASK2; 1065 tp[num] = c1;
1000 tp[num] = c1; 1066 tp[num + 1] = (c1 < c0 ? 1 : 0);
1001 tp[num+1] = (c1<c0?1:0);
1002 1067
1003 c0 = bn_mul_add_words(tp,np,num,tp[0]*n0); 1068 c0 = bn_mul_add_words(tp, np, num, tp[0] * n0);
1004 c1 = (tp[num] + c0)&BN_MASK2; 1069 c1 = (tp[num] + c0) & BN_MASK2;
1005 tp[num] = c1; 1070 tp[num] = c1;
1006 tp[num+1] += (c1<c0?1:0); 1071 tp[num + 1] += (c1 < c0 ? 1 : 0);
1007 for(j=0;j<=num;j++) tp[j]=tp[j+1]; 1072 for (j = 0; j <= num; j++)
1008 } 1073 tp[j] = tp[j + 1];
1074 }
1009 1075
1010 if (tp[num]!=0 || tp[num-1]>=np[num-1]) 1076 if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
1011 { 1077 c0 = bn_sub_words(rp, tp, np, num);
1012 c0 = bn_sub_words(rp,tp,np,num); 1078 if (tp[num] != 0 || c0 == 0) {
1013 if (tp[num]!=0 || c0==0) 1079 for (i = 0; i < num + 2; i++)
1014 { 1080 vp[i] = 0;
1015 for(i=0;i<num+2;i++) vp[i] = 0;
1016 return 1; 1081 return 1;
1017 }
1018 } 1082 }
1019 for(i=0;i<num;i++) rp[i] = tp[i], vp[i] = 0;
1020 vp[num] = 0;
1021 vp[num+1] = 0;
1022 return 1;
1023 } 1083 }
1084 for (i = 0; i < num; i++)
1085 rp[i] = tp[i], vp[i] = 0;
1086 vp[num] = 0;
1087 vp[num + 1] = 0;
1088 return 1;
1089}
1024#else 1090#else
1025int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num) 1091int
1026{ return 0; } 1092bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
1093 const BN_ULONG *np, const BN_ULONG *n0, int num)
1094{
1095 return 0;
1096}
1027#endif /* OPENSSL_BN_ASM_MONT */ 1097#endif /* OPENSSL_BN_ASM_MONT */
1028#endif 1098#endif
1029 1099
diff --git a/src/lib/libcrypto/bn/bn_blind.c b/src/lib/libcrypto/bn/bn_blind.c
index f424e479d3..7cced4f67f 100644
--- a/src/lib/libcrypto/bn/bn_blind.c
+++ b/src/lib/libcrypto/bn/bn_blind.c
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -58,21 +58,21 @@
58 * This package is an SSL implementation written 58 * This package is an SSL implementation written
59 * by Eric Young (eay@cryptsoft.com). 59 * by Eric Young (eay@cryptsoft.com).
60 * The implementation was written so as to conform with Netscapes SSL. 60 * The implementation was written so as to conform with Netscapes SSL.
61 * 61 *
62 * This library is free for commercial and non-commercial use as long as 62 * This library is free for commercial and non-commercial use as long as
63 * the following conditions are aheared to. The following conditions 63 * the following conditions are aheared to. The following conditions
64 * apply to all code found in this distribution, be it the RC4, RSA, 64 * apply to all code found in this distribution, be it the RC4, RSA,
65 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 65 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
66 * included with this distribution is covered by the same copyright terms 66 * included with this distribution is covered by the same copyright terms
67 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 67 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
68 * 68 *
69 * Copyright remains Eric Young's, and as such any Copyright notices in 69 * Copyright remains Eric Young's, and as such any Copyright notices in
70 * the code are not to be removed. 70 * the code are not to be removed.
71 * If this package is used in a product, Eric Young should be given attribution 71 * If this package is used in a product, Eric Young should be given attribution
72 * as the author of the parts of the library used. 72 * as the author of the parts of the library used.
73 * This can be in the form of a textual message at program startup or 73 * This can be in the form of a textual message at program startup or
74 * in documentation (online or textual) provided with the package. 74 * in documentation (online or textual) provided with the package.
75 * 75 *
76 * Redistribution and use in source and binary forms, with or without 76 * Redistribution and use in source and binary forms, with or without
77 * modification, are permitted provided that the following conditions 77 * modification, are permitted provided that the following conditions
78 * are met: 78 * are met:
@@ -87,10 +87,10 @@
87 * Eric Young (eay@cryptsoft.com)" 87 * Eric Young (eay@cryptsoft.com)"
88 * The word 'cryptographic' can be left out if the rouines from the library 88 * The word 'cryptographic' can be left out if the rouines from the library
89 * being used are not cryptographic related :-). 89 * being used are not cryptographic related :-).
90 * 4. If you include any Windows specific code (or a derivative thereof) from 90 * 4. If you include any Windows specific code (or a derivative thereof) from
91 * the apps directory (application code) you must include an acknowledgement: 91 * the apps directory (application code) you must include an acknowledgement:
92 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 92 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
93 * 93 *
94 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 94 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -102,7 +102,7 @@
102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
104 * SUCH DAMAGE. 104 * SUCH DAMAGE.
105 * 105 *
106 * The licence and distribution terms for any publically available version or 106 * The licence and distribution terms for any publically available version or
107 * derivative of this code cannot be changed. i.e. this code cannot simply be 107 * derivative of this code cannot be changed. i.e. this code cannot simply be
108 * copied and put under another distribution licence 108 * copied and put under another distribution licence
@@ -115,8 +115,7 @@
115 115
116#define BN_BLINDING_COUNTER 32 116#define BN_BLINDING_COUNTER 32
117 117
118struct bn_blinding_st 118struct bn_blinding_st {
119 {
120 BIGNUM *A; 119 BIGNUM *A;
121 BIGNUM *Ai; 120 BIGNUM *Ai;
122 BIGNUM *e; 121 BIGNUM *e;
@@ -130,33 +129,33 @@ struct bn_blinding_st
130 unsigned long flags; 129 unsigned long flags;
131 BN_MONT_CTX *m_ctx; 130 BN_MONT_CTX *m_ctx;
132 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 131 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
133 const BIGNUM *m, BN_CTX *ctx, 132 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
134 BN_MONT_CTX *m_ctx); 133};
135 };
136 134
137BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) 135BN_BLINDING *
138 { 136BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
139 BN_BLINDING *ret=NULL; 137{
138 BN_BLINDING *ret = NULL;
140 139
141 bn_check_top(mod); 140 bn_check_top(mod);
142 141
143 if ((ret=(BN_BLINDING *)malloc(sizeof(BN_BLINDING))) == NULL) 142 if ((ret = (BN_BLINDING *)malloc(sizeof(BN_BLINDING))) == NULL) {
144 { 143 BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
145 BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE); 144 return (NULL);
146 return(NULL); 145 }
147 } 146 memset(ret, 0, sizeof(BN_BLINDING));
148 memset(ret,0,sizeof(BN_BLINDING)); 147 if (A != NULL) {
149 if (A != NULL) 148 if ((ret->A = BN_dup(A)) == NULL)
150 { 149 goto err;
151 if ((ret->A = BN_dup(A)) == NULL) goto err; 150 }
152 } 151 if (Ai != NULL) {
153 if (Ai != NULL) 152 if ((ret->Ai = BN_dup(Ai)) == NULL)
154 { 153 goto err;
155 if ((ret->Ai = BN_dup(Ai)) == NULL) goto err; 154 }
156 }
157 155
158 /* save a copy of mod in the BN_BLINDING structure */ 156 /* save a copy of mod in the BN_BLINDING structure */
159 if ((ret->mod = BN_dup(mod)) == NULL) goto err; 157 if ((ret->mod = BN_dup(mod)) == NULL)
158 goto err;
160 if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) 159 if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
161 BN_set_flags(ret->mod, BN_FLG_CONSTTIME); 160 BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
162 161
@@ -165,149 +164,162 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
165 * that does not need updating before first use. */ 164 * that does not need updating before first use. */
166 ret->counter = -1; 165 ret->counter = -1;
167 CRYPTO_THREADID_current(&ret->tid); 166 CRYPTO_THREADID_current(&ret->tid);
168 return(ret); 167 return (ret);
169err:
170 if (ret != NULL) BN_BLINDING_free(ret);
171 return(NULL);
172 }
173 168
174void BN_BLINDING_free(BN_BLINDING *r) 169err:
175 { 170 if (ret != NULL)
176 if(r == NULL) 171 BN_BLINDING_free(ret);
177 return; 172 return (NULL);
173}
178 174
179 if (r->A != NULL) BN_clear_free(r->A ); 175void
180 if (r->Ai != NULL) BN_clear_free(r->Ai); 176BN_BLINDING_free(BN_BLINDING *r)
181 if (r->e != NULL) BN_clear_free(r->e ); 177{
182 if (r->mod != NULL) BN_clear_free(r->mod); 178 if (r == NULL)
179 return;
180
181 if (r->A != NULL)
182 BN_clear_free(r->A );
183 if (r->Ai != NULL)
184 BN_clear_free(r->Ai);
185 if (r->e != NULL)
186 BN_clear_free(r->e );
187 if (r->mod != NULL)
188 BN_clear_free(r->mod);
183 free(r); 189 free(r);
184 } 190}
185 191
186int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) 192int
187 { 193BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
188 int ret=0; 194{
195 int ret = 0;
189 196
190 if ((b->A == NULL) || (b->Ai == NULL)) 197 if ((b->A == NULL) || (b->Ai == NULL)) {
191 { 198 BNerr(BN_F_BN_BLINDING_UPDATE, BN_R_NOT_INITIALIZED);
192 BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED);
193 goto err; 199 goto err;
194 } 200 }
195 201
196 if (b->counter == -1) 202 if (b->counter == -1)
197 b->counter = 0; 203 b->counter = 0;
198 204
199 if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL && 205 if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
200 !(b->flags & BN_BLINDING_NO_RECREATE)) 206 !(b->flags & BN_BLINDING_NO_RECREATE)) {
201 {
202 /* re-create blinding parameters */ 207 /* re-create blinding parameters */
203 if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL)) 208 if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
204 goto err; 209 goto err;
205 } 210 } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) {
206 else if (!(b->flags & BN_BLINDING_NO_UPDATE)) 211 if (!BN_mod_mul(b->A, b->A, b->A, b->mod, ctx))
207 { 212 goto err;
208 if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err; 213 if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx))
209 if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err; 214 goto err;
210 } 215 }
216
217 ret = 1;
211 218
212 ret=1;
213err: 219err:
214 if (b->counter == BN_BLINDING_COUNTER) 220 if (b->counter == BN_BLINDING_COUNTER)
215 b->counter = 0; 221 b->counter = 0;
216 return(ret); 222 return (ret);
217 } 223}
218 224
219int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) 225int
220 { 226BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
227{
221 return BN_BLINDING_convert_ex(n, NULL, b, ctx); 228 return BN_BLINDING_convert_ex(n, NULL, b, ctx);
222 } 229}
223 230
224int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) 231int
225 { 232BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
233{
226 int ret = 1; 234 int ret = 1;
227 235
228 bn_check_top(n); 236 bn_check_top(n);
229 237
230 if ((b->A == NULL) || (b->Ai == NULL)) 238 if ((b->A == NULL) || (b->Ai == NULL)) {
231 { 239 BNerr(BN_F_BN_BLINDING_CONVERT_EX, BN_R_NOT_INITIALIZED);
232 BNerr(BN_F_BN_BLINDING_CONVERT_EX,BN_R_NOT_INITIALIZED); 240 return (0);
233 return(0); 241 }
234 }
235 242
236 if (b->counter == -1) 243 if (b->counter == -1)
237 /* Fresh blinding, doesn't need updating. */ 244 /* Fresh blinding, doesn't need updating. */
238 b->counter = 0; 245 b->counter = 0;
239 else if (!BN_BLINDING_update(b,ctx)) 246 else if (!BN_BLINDING_update(b, ctx))
240 return(0); 247 return (0);
241 248
242 if (r != NULL) 249 if (r != NULL) {
243 { 250 if (!BN_copy(r, b->Ai))
244 if (!BN_copy(r, b->Ai)) ret=0; 251 ret = 0;
245 } 252 }
253
254 if (!BN_mod_mul(n, n,b->A, b->mod, ctx))
255 ret = 0;
246 256
247 if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0;
248
249 return ret; 257 return ret;
250 } 258}
251 259
252int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) 260int
253 { 261BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
262{
254 return BN_BLINDING_invert_ex(n, NULL, b, ctx); 263 return BN_BLINDING_invert_ex(n, NULL, b, ctx);
255 } 264}
256 265
257int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) 266int
258 { 267BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
268{
259 int ret; 269 int ret;
260 270
261 bn_check_top(n); 271 bn_check_top(n);
262 272
263 if (r != NULL) 273 if (r != NULL)
264 ret = BN_mod_mul(n, n, r, b->mod, ctx); 274 ret = BN_mod_mul(n, n, r, b->mod, ctx);
265 else 275 else {
266 { 276 if (b->Ai == NULL) {
267 if (b->Ai == NULL) 277 BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED);
268 { 278 return (0);
269 BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
270 return(0);
271 }
272 ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
273 } 279 }
280 ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
281 }
274 282
275 bn_check_top(n); 283 bn_check_top(n);
276 return(ret); 284 return (ret);
277 } 285}
278 286
279#ifndef OPENSSL_NO_DEPRECATED 287#ifndef OPENSSL_NO_DEPRECATED
280unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b) 288unsigned long
281 { 289BN_BLINDING_get_thread_id(const BN_BLINDING *b)
290{
282 return b->thread_id; 291 return b->thread_id;
283 } 292}
284 293
285void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n) 294void
286 { 295BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n)
296{
287 b->thread_id = n; 297 b->thread_id = n;
288 } 298}
289#endif 299#endif
290 300
291CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b) 301CRYPTO_THREADID *
292 { 302BN_BLINDING_thread_id(BN_BLINDING *b)
303{
293 return &b->tid; 304 return &b->tid;
294 } 305}
295 306
296unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b) 307unsigned long
297 { 308BN_BLINDING_get_flags(const BN_BLINDING *b)
309{
298 return b->flags; 310 return b->flags;
299 } 311}
300 312
301void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags) 313void
302 { 314BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
315{
303 b->flags = flags; 316 b->flags = flags;
304 } 317}
305 318
306BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, 319BN_BLINDING *
307 const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, 320BN_BLINDING_create_param(BN_BLINDING *b, const BIGNUM *e, BIGNUM *m,
308 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 321 BN_CTX *ctx, int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
309 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), 322 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), BN_MONT_CTX *m_ctx)
310 BN_MONT_CTX *m_ctx)
311{ 323{
312 int retry_counter = 32; 324 int retry_counter = 32;
313 BN_BLINDING *ret = NULL; 325 BN_BLINDING *ret = NULL;
@@ -320,17 +332,16 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
320 if (ret == NULL) 332 if (ret == NULL)
321 goto err; 333 goto err;
322 334
323 if (ret->A == NULL && (ret->A = BN_new()) == NULL) 335 if (ret->A == NULL && (ret->A = BN_new()) == NULL)
324 goto err; 336 goto err;
325 if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL) 337 if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL)
326 goto err; 338 goto err;
327 339
328 if (e != NULL) 340 if (e != NULL) {
329 {
330 if (ret->e != NULL) 341 if (ret->e != NULL)
331 BN_free(ret->e); 342 BN_free(ret->e);
332 ret->e = BN_dup(e); 343 ret->e = BN_dup(e);
333 } 344 }
334 if (ret->e == NULL) 345 if (ret->e == NULL)
335 goto err; 346 goto err;
336 347
@@ -340,46 +351,40 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
340 ret->m_ctx = m_ctx; 351 ret->m_ctx = m_ctx;
341 352
342 do { 353 do {
343 if (!BN_rand_range(ret->A, ret->mod)) goto err; 354 if (!BN_rand_range(ret->A, ret->mod))
344 if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) 355 goto err;
345 { 356 if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) {
346 /* this should almost never happen for good RSA keys */ 357 /* this should almost never happen for good RSA keys */
347 unsigned long error = ERR_peek_last_error(); 358 unsigned long error = ERR_peek_last_error();
348 if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) 359 if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
349 { 360 if (retry_counter-- == 0) {
350 if (retry_counter-- == 0)
351 {
352 BNerr(BN_F_BN_BLINDING_CREATE_PARAM, 361 BNerr(BN_F_BN_BLINDING_CREATE_PARAM,
353 BN_R_TOO_MANY_ITERATIONS); 362 BN_R_TOO_MANY_ITERATIONS);
354 goto err; 363 goto err;
355 } 364 }
356 ERR_clear_error(); 365 ERR_clear_error();
357 } 366 } else
358 else
359 goto err; 367 goto err;
360 } 368 } else
361 else
362 break; 369 break;
363 } while (1); 370 } while (1);
364 371
365 if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) 372 if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) {
366 { 373 if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod,
367 if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) 374 ctx, ret->m_ctx))
368 goto err; 375 goto err;
369 } 376 } else {
370 else
371 {
372 if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)) 377 if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
373 goto err; 378 goto err;
374 } 379 }
375 380
376 return ret; 381 return ret;
382
377err: 383err:
378 if (b == NULL && ret != NULL) 384 if (b == NULL && ret != NULL) {
379 {
380 BN_BLINDING_free(ret); 385 BN_BLINDING_free(ret);
381 ret = NULL; 386 ret = NULL;
382 } 387 }
383 388
384 return ret; 389 return ret;
385} 390}
diff --git a/src/lib/libcrypto/bn/bn_const.c b/src/lib/libcrypto/bn/bn_const.c
index eb60a25b3c..1c8bc9b5df 100644
--- a/src/lib/libcrypto/bn/bn_const.c
+++ b/src/lib/libcrypto/bn/bn_const.c
@@ -11,20 +11,21 @@
11 * RFC2412 specifies a generator of of 22. 11 * RFC2412 specifies a generator of of 22.
12 */ 12 */
13 13
14BIGNUM *get_rfc2409_prime_768(BIGNUM *bn) 14BIGNUM *
15 { 15get_rfc2409_prime_768(BIGNUM *bn)
16 static const unsigned char RFC2409_PRIME_768[]={ 16{
17 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, 17 static const unsigned char RFC2409_PRIME_768[] = {
18 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, 18 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
19 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, 19 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
20 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, 20 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
21 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, 21 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
22 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, 22 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
23 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, 23 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
24 0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 24 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
25 }; 25 0xA6, 0x3A, 0x36, 0x20, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
26 return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn); 26 };
27 } 27 return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn);
28}
28 29
29/* "Second Oakley Default Group" from RFC2409, section 6.2. 30/* "Second Oakley Default Group" from RFC2409, section 6.2.
30 * 31 *
@@ -34,23 +35,24 @@ BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
34 * RFC2412 specifies a generator of 22. 35 * RFC2412 specifies a generator of 22.
35 */ 36 */
36 37
37BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn) 38BIGNUM *
38 { 39get_rfc2409_prime_1024(BIGNUM *bn)
39 static const unsigned char RFC2409_PRIME_1024[]={ 40{
40 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, 41 static const unsigned char RFC2409_PRIME_1024[] = {
41 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, 42 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
42 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, 43 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
43 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, 44 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
44 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, 45 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
45 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, 46 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
46 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, 47 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
47 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, 48 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
48 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, 49 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
49 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81, 50 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
50 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 51 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
51 }; 52 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
52 return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn); 53 };
53 } 54 return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn);
55}
54 56
55/* "1536-bit MODP Group" from RFC3526, Section 2. 57/* "1536-bit MODP Group" from RFC3526, Section 2.
56 * 58 *
@@ -60,28 +62,29 @@ BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
60 * RFC2312 specifies a generator of 22. 62 * RFC2312 specifies a generator of 22.
61 */ 63 */
62 64
63BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn) 65BIGNUM *
64 { 66get_rfc3526_prime_1536(BIGNUM *bn)
65 static const unsigned char RFC3526_PRIME_1536[]={ 67{
66 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, 68 static const unsigned char RFC3526_PRIME_1536[] = {
67 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, 69 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
68 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, 70 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
69 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, 71 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
70 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, 72 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
71 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, 73 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
72 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, 74 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
73 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, 75 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
74 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, 76 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
75 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, 77 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
76 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, 78 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
77 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, 79 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
78 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, 80 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
79 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, 81 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
80 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, 82 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
81 0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 83 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
82 }; 84 0xCA, 0x23, 0x73, 0x27, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
83 return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn); 85 };
84 } 86 return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), bn);
87}
85 88
86/* "2048-bit MODP Group" from RFC3526, Section 3. 89/* "2048-bit MODP Group" from RFC3526, Section 3.
87 * 90 *
@@ -90,34 +93,35 @@ BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
90 * RFC3526 specifies a generator of 2. 93 * RFC3526 specifies a generator of 2.
91 */ 94 */
92 95
93BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn) 96BIGNUM *
94 { 97get_rfc3526_prime_2048(BIGNUM *bn)
95 static const unsigned char RFC3526_PRIME_2048[]={ 98{
96 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, 99 static const unsigned char RFC3526_PRIME_2048[] = {
97 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, 100 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
98 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, 101 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
99 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, 102 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
100 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, 103 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
101 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, 104 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
102 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, 105 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
103 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, 106 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
104 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, 107 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
105 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, 108 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
106 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, 109 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
107 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, 110 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
108 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, 111 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
109 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, 112 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
110 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, 113 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
111 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, 114 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
112 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, 115 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
113 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, 116 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
114 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, 117 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
115 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, 118 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
116 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF, 119 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
117 0xFF,0xFF,0xFF,0xFF, 120 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF,
118 }; 121 0xFF, 0xFF, 0xFF, 0xFF,
119 return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn); 122 };
120 } 123 return BN_bin2bn(RFC3526_PRIME_2048, sizeof(RFC3526_PRIME_2048), bn);
124}
121 125
122/* "3072-bit MODP Group" from RFC3526, Section 4. 126/* "3072-bit MODP Group" from RFC3526, Section 4.
123 * 127 *
@@ -126,44 +130,45 @@ BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
126 * RFC3526 specifies a generator of 2. 130 * RFC3526 specifies a generator of 2.
127 */ 131 */
128 132
129BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn) 133BIGNUM *
130 { 134get_rfc3526_prime_3072(BIGNUM *bn)
131 static const unsigned char RFC3526_PRIME_3072[]={ 135{
132 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, 136 static const unsigned char RFC3526_PRIME_3072[] = {
133 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, 137 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
134 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, 138 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
135 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, 139 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
136 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, 140 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
137 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, 141 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
138 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, 142 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
139 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, 143 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
140 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, 144 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
141 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, 145 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
142 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, 146 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
143 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, 147 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
144 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, 148 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
145 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, 149 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
146 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, 150 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
147 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, 151 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
148 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, 152 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
149 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, 153 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
150 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, 154 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
151 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, 155 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
152 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D, 156 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
153 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64, 157 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
154 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57, 158 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
155 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, 159 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
156 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0, 160 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
157 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B, 161 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
158 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73, 162 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
159 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, 163 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
160 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0, 164 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
161 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31, 165 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
162 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20, 166 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
163 0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 167 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
164 }; 168 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
165 return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn); 169 };
166 } 170 return BN_bin2bn(RFC3526_PRIME_3072, sizeof(RFC3526_PRIME_3072), bn);
171}
167 172
168/* "4096-bit MODP Group" from RFC3526, Section 5. 173/* "4096-bit MODP Group" from RFC3526, Section 5.
169 * 174 *
@@ -172,55 +177,56 @@ BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
172 * RFC3526 specifies a generator of 2. 177 * RFC3526 specifies a generator of 2.
173 */ 178 */
174 179
175BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn) 180BIGNUM *
176 { 181get_rfc3526_prime_4096(BIGNUM *bn)
177 static const unsigned char RFC3526_PRIME_4096[]={ 182{
178 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, 183 static const unsigned char RFC3526_PRIME_4096[] = {
179 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, 184 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
180 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, 185 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
181 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, 186 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
182 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, 187 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
183 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, 188 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
184 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, 189 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
185 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, 190 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
186 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, 191 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
187 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, 192 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
188 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, 193 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
189 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, 194 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
190 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, 195 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
191 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, 196 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
192 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, 197 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
193 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, 198 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
194 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, 199 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
195 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, 200 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
196 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, 201 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
197 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, 202 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
198 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D, 203 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
199 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64, 204 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
200 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57, 205 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
201 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, 206 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
202 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0, 207 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
203 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B, 208 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
204 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73, 209 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
205 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, 210 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
206 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0, 211 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
207 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31, 212 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
208 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20, 213 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
209 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, 214 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
210 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18, 215 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
211 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA, 216 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
212 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB, 217 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
213 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, 218 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
214 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F, 219 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
215 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED, 220 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
216 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76, 221 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
217 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, 222 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
218 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC, 223 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
219 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99, 224 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
220 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 225 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
221 }; 226 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
222 return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn); 227 };
223 } 228 return BN_bin2bn(RFC3526_PRIME_4096, sizeof(RFC3526_PRIME_4096), bn);
229}
224 230
225/* "6144-bit MODP Group" from RFC3526, Section 6. 231/* "6144-bit MODP Group" from RFC3526, Section 6.
226 * 232 *
@@ -229,76 +235,77 @@ BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
229 * RFC3526 specifies a generator of 2. 235 * RFC3526 specifies a generator of 2.
230 */ 236 */
231 237
232BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn) 238BIGNUM *
233 { 239get_rfc3526_prime_6144(BIGNUM *bn)
234 static const unsigned char RFC3526_PRIME_6144[]={ 240{
235 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, 241 static const unsigned char RFC3526_PRIME_6144[] = {
236 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, 242 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
237 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, 243 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
238 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, 244 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
239 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, 245 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
240 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, 246 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
241 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, 247 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
242 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, 248 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
243 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, 249 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
244 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, 250 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
245 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, 251 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
246 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, 252 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
247 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, 253 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
248 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, 254 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
249 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, 255 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
250 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, 256 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
251 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, 257 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
252 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, 258 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
253 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, 259 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
254 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, 260 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
255 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D, 261 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
256 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64, 262 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
257 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57, 263 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
258 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, 264 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
259 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0, 265 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
260 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B, 266 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
261 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73, 267 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
262 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, 268 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
263 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0, 269 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
264 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31, 270 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
265 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20, 271 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
266 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, 272 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
267 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18, 273 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
268 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA, 274 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
269 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB, 275 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
270 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, 276 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
271 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F, 277 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
272 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED, 278 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
273 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76, 279 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
274 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, 280 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
275 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC, 281 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
276 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92, 282 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
277 0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2, 283 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
278 0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD, 284 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2,
279 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F, 285 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
280 0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31, 286 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F,
281 0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB, 287 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
282 0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B, 288 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB,
283 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51, 289 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
284 0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF, 290 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51,
285 0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15, 291 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
286 0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6, 292 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15,
287 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31, 293 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
288 0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3, 294 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31,
289 0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7, 295 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
290 0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA, 296 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7,
291 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2, 297 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
292 0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28, 298 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2,
293 0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D, 299 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
294 0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C, 300 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D,
295 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7, 301 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
296 0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE, 302 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7,
297 0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E, 303 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
298 0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 304 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E,
299 }; 305 0x6D, 0xCC, 0x40, 0x24, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
300 return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn); 306 };
301 } 307 return BN_bin2bn(RFC3526_PRIME_6144, sizeof(RFC3526_PRIME_6144), bn);
308}
302 309
303/* "8192-bit MODP Group" from RFC3526, Section 7. 310/* "8192-bit MODP Group" from RFC3526, Section 7.
304 * 311 *
@@ -307,96 +314,96 @@ BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
307 * RFC3526 specifies a generator of 2. 314 * RFC3526 specifies a generator of 2.
308 */ 315 */
309 316
310BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn) 317BIGNUM *
311 { 318get_rfc3526_prime_8192(BIGNUM *bn)
312 static const unsigned char RFC3526_PRIME_8192[]={ 319{
313 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, 320 static const unsigned char RFC3526_PRIME_8192[] = {
314 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, 321 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
315 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, 322 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
316 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, 323 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
317 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, 324 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
318 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, 325 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
319 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, 326 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
320 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, 327 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
321 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, 328 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
322 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, 329 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
323 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, 330 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
324 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, 331 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
325 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, 332 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
326 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, 333 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
327 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, 334 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
328 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, 335 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
329 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, 336 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
330 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, 337 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
331 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, 338 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
332 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, 339 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
333 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D, 340 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
334 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64, 341 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
335 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57, 342 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
336 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, 343 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
337 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0, 344 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
338 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B, 345 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
339 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73, 346 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
340 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, 347 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
341 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0, 348 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
342 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31, 349 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
343 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20, 350 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
344 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, 351 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
345 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18, 352 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
346 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA, 353 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
347 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB, 354 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
348 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, 355 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
349 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F, 356 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
350 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED, 357 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
351 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76, 358 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
352 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, 359 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
353 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC, 360 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
354 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92, 361 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
355 0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2, 362 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
356 0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD, 363 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2,
357 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F, 364 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
358 0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31, 365 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F,
359 0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB, 366 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
360 0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B, 367 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB,
361 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51, 368 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
362 0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF, 369 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51,
363 0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15, 370 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
364 0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6, 371 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15,
365 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31, 372 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
366 0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3, 373 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31,
367 0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7, 374 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
368 0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA, 375 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7,
369 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2, 376 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
370 0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28, 377 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2,
371 0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D, 378 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
372 0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C, 379 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D,
373 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7, 380 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
374 0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE, 381 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7,
375 0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E, 382 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
376 0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4, 383 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E,
377 0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0, 384 0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4,
378 0x73,0xB9,0x31,0xBA,0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00, 385 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, 0xBE, 0xC4, 0xD0,
379 0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,0x25,0x76,0xF6,0x93, 386 0x73, 0xB9, 0x31, 0xBA, 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00,
380 0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68, 387 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED, 0x25, 0x76, 0xF6, 0x93,
381 0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB, 388 0x6B, 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68,
382 0xE3,0x9D,0x65,0x2D,0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9, 389 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, 0x16, 0xCB,
383 0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,0x13,0xEB,0x57,0xA8, 390 0xE3, 0x9D, 0x65, 0x2D, 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9,
384 0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B, 391 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07, 0x13, 0xEB, 0x57, 0xA8,
385 0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F, 392 0x1A, 0x23, 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B,
386 0xA2,0xC0,0x87,0xE8,0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A, 393 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, 0x7F,
387 0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,0x6D,0x2A,0x13,0xF8, 394 0xA2, 0xC0, 0x87, 0xE8, 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A,
388 0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36, 395 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, 0x6D, 0x2A, 0x13, 0xF8,
389 0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5, 396 0x3F, 0x44, 0xF8, 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36,
390 0x08,0x46,0x85,0x1D,0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1, 397 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5,
391 0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,0xFA,0xF3,0x6B,0xC3, 398 0x08, 0x46, 0x85, 0x1D, 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1,
392 0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92, 399 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, 0xFA, 0xF3, 0x6B, 0xC3,
393 0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E, 400 0x1E, 0xCF, 0xA2, 0x68, 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92,
394 0xD5,0xEE,0x38,0x2B,0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47, 401 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E,
395 0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,0x9E,0x30,0x50,0xE2, 402 0xD5, 0xEE, 0x38, 0x2B, 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47,
396 0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71, 403 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA, 0x9E, 0x30, 0x50, 0xE2,
397 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF, 404 0x76, 0x56, 0x94, 0xDF, 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71,
398 0xFF,0xFF,0xFF,0xFF, 405 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, 0xFF, 0xFF, 0xFF, 0xFF,
399 }; 406 0xFF, 0xFF, 0xFF, 0xFF,
400 return BN_bin2bn(RFC3526_PRIME_8192,sizeof(RFC3526_PRIME_8192),bn); 407 };
401 } 408 return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn);
402 409}
diff --git a/src/lib/libcrypto/bn/bn_ctx.c b/src/lib/libcrypto/bn/bn_ctx.c
index ef67f4781c..7407dade50 100644
--- a/src/lib/libcrypto/bn/bn_ctx.c
+++ b/src/lib/libcrypto/bn/bn_ctx.c
@@ -8,7 +8,7 @@
8 * are met: 8 * are met:
9 * 9 *
10 * 1. Redistributions of source code must retain the above copyright 10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer. 11 * notice, this list of conditions and the following disclaimer.
12 * 12 *
13 * 2. Redistributions in binary form must reproduce the above copyright 13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in 14 * notice, this list of conditions and the following disclaimer in
@@ -88,21 +88,21 @@
88/***********/ 88/***********/
89 89
90/* A bundle of bignums that can be linked with other bundles */ 90/* A bundle of bignums that can be linked with other bundles */
91typedef struct bignum_pool_item 91typedef struct bignum_pool_item {
92 {
93 /* The bignum values */ 92 /* The bignum values */
94 BIGNUM vals[BN_CTX_POOL_SIZE]; 93 BIGNUM vals[BN_CTX_POOL_SIZE];
95 /* Linked-list admin */ 94 /* Linked-list admin */
96 struct bignum_pool_item *prev, *next; 95 struct bignum_pool_item *prev, *next;
97 } BN_POOL_ITEM; 96} BN_POOL_ITEM;
97
98/* A linked-list of bignums grouped in bundles */ 98/* A linked-list of bignums grouped in bundles */
99typedef struct bignum_pool 99typedef struct bignum_pool {
100 {
101 /* Linked-list admin */ 100 /* Linked-list admin */
102 BN_POOL_ITEM *head, *current, *tail; 101 BN_POOL_ITEM *head, *current, *tail;
103 /* Stack depth and allocation size */ 102 /* Stack depth and allocation size */
104 unsigned used, size; 103 unsigned used, size;
105 } BN_POOL; 104} BN_POOL;
105
106static void BN_POOL_init(BN_POOL *); 106static void BN_POOL_init(BN_POOL *);
107static void BN_POOL_finish(BN_POOL *); 107static void BN_POOL_finish(BN_POOL *);
108#ifndef OPENSSL_NO_DEPRECATED 108#ifndef OPENSSL_NO_DEPRECATED
@@ -116,13 +116,13 @@ static void BN_POOL_release(BN_POOL *, unsigned int);
116/************/ 116/************/
117 117
118/* A wrapper to manage the "stack frames" */ 118/* A wrapper to manage the "stack frames" */
119typedef struct bignum_ctx_stack 119typedef struct bignum_ctx_stack {
120 {
121 /* Array of indexes into the bignum stack */ 120 /* Array of indexes into the bignum stack */
122 unsigned int *indexes; 121 unsigned int *indexes;
123 /* Number of stack frames, and the size of the allocated array */ 122 /* Number of stack frames, and the size of the allocated array */
124 unsigned int depth, size; 123 unsigned int depth, size;
125 } BN_STACK; 124} BN_STACK;
125
126static void BN_STACK_init(BN_STACK *); 126static void BN_STACK_init(BN_STACK *);
127static void BN_STACK_finish(BN_STACK *); 127static void BN_STACK_finish(BN_STACK *);
128#ifndef OPENSSL_NO_DEPRECATED 128#ifndef OPENSSL_NO_DEPRECATED
@@ -136,8 +136,7 @@ static unsigned int BN_STACK_pop(BN_STACK *);
136/**********/ 136/**********/
137 137
138/* The opaque BN_CTX type */ 138/* The opaque BN_CTX type */
139struct bignum_ctx 139struct bignum_ctx {
140 {
141 /* The bignum bundles */ 140 /* The bignum bundles */
142 BN_POOL pool; 141 BN_POOL pool;
143 /* The "stack frames", if you will */ 142 /* The "stack frames", if you will */
@@ -148,36 +147,38 @@ struct bignum_ctx
148 int err_stack; 147 int err_stack;
149 /* Block "gets" until an "end" (compatibility behaviour) */ 148 /* Block "gets" until an "end" (compatibility behaviour) */
150 int too_many; 149 int too_many;
151 }; 150};
152 151
153/* Enable this to find BN_CTX bugs */ 152/* Enable this to find BN_CTX bugs */
154#ifdef BN_CTX_DEBUG 153#ifdef BN_CTX_DEBUG
155static const char *ctxdbg_cur = NULL; 154static const char *ctxdbg_cur = NULL;
156static void ctxdbg(BN_CTX *ctx) 155
157 { 156static void
157ctxdbg(BN_CTX *ctx)
158{
158 unsigned int bnidx = 0, fpidx = 0; 159 unsigned int bnidx = 0, fpidx = 0;
159 BN_POOL_ITEM *item = ctx->pool.head; 160 BN_POOL_ITEM *item = ctx->pool.head;
160 BN_STACK *stack = &ctx->stack; 161 BN_STACK *stack = &ctx->stack;
161 fprintf(stderr,"(%08x): ", (unsigned int)ctx); 162
162 while(bnidx < ctx->used) 163 fprintf(stderr, "(%08x): ", (unsigned int)ctx);
163 { 164 while (bnidx < ctx->used) {
164 fprintf(stderr,"%03x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); 165 fprintf(stderr, "%03x ",
165 if(!(bnidx % BN_CTX_POOL_SIZE)) 166 item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
167 if (!(bnidx % BN_CTX_POOL_SIZE))
166 item = item->next; 168 item = item->next;
167 } 169 }
168 fprintf(stderr,"\n"); 170 fprintf(stderr, "\n");
169 bnidx = 0; 171 bnidx = 0;
170 fprintf(stderr," : "); 172 fprintf(stderr, " : ");
171 while(fpidx < stack->depth) 173 while (fpidx < stack->depth) {
172 { 174 while (bnidx++ < stack->indexes[fpidx])
173 while(bnidx++ < stack->indexes[fpidx]) 175 fprintf(stderr, " ");
174 fprintf(stderr," "); 176 fprintf(stderr, "^^^ ");
175 fprintf(stderr,"^^^ ");
176 bnidx++; 177 bnidx++;
177 fpidx++; 178 fpidx++;
178 }
179 fprintf(stderr,"\n");
180 } 179 }
180 fprintf(stderr, "\n");
181}
181#define CTXDBG_ENTRY(str, ctx) do { \ 182#define CTXDBG_ENTRY(str, ctx) do { \
182 ctxdbg_cur = (str); \ 183 ctxdbg_cur = (str); \
183 fprintf(stderr,"Starting %s\n", ctxdbg_cur); \ 184 fprintf(stderr,"Starting %s\n", ctxdbg_cur); \
@@ -197,8 +198,9 @@ static void ctxdbg(BN_CTX *ctx)
197/* This function is an evil legacy and should not be used. This implementation 198/* This function is an evil legacy and should not be used. This implementation
198 * is WYSIWYG, though I've done my best. */ 199 * is WYSIWYG, though I've done my best. */
199#ifndef OPENSSL_NO_DEPRECATED 200#ifndef OPENSSL_NO_DEPRECATED
200void BN_CTX_init(BN_CTX *ctx) 201void
201 { 202BN_CTX_init(BN_CTX *ctx)
203{
202 /* Assume the caller obtained the context via BN_CTX_new() and so is 204 /* Assume the caller obtained the context via BN_CTX_new() and so is
203 * trying to reset it for use. Nothing else makes sense, least of all 205 * trying to reset it for use. Nothing else makes sense, least of all
204 * binary compatibility from a time when they could declare a static 206 * binary compatibility from a time when they could declare a static
@@ -208,17 +210,18 @@ void BN_CTX_init(BN_CTX *ctx)
208 ctx->used = 0; 210 ctx->used = 0;
209 ctx->err_stack = 0; 211 ctx->err_stack = 0;
210 ctx->too_many = 0; 212 ctx->too_many = 0;
211 } 213}
212#endif 214#endif
213 215
214BN_CTX *BN_CTX_new(void) 216BN_CTX *
215 { 217BN_CTX_new(void)
218{
216 BN_CTX *ret = malloc(sizeof(BN_CTX)); 219 BN_CTX *ret = malloc(sizeof(BN_CTX));
217 if(!ret) 220 if (!ret) {
218 { 221 BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE);
219 BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
220 return NULL; 222 return NULL;
221 } 223 }
224
222 /* Initialise the structure */ 225 /* Initialise the structure */
223 BN_POOL_init(&ret->pool); 226 BN_POOL_init(&ret->pool);
224 BN_STACK_init(&ret->stack); 227 BN_STACK_init(&ret->stack);
@@ -226,229 +229,243 @@ BN_CTX *BN_CTX_new(void)
226 ret->err_stack = 0; 229 ret->err_stack = 0;
227 ret->too_many = 0; 230 ret->too_many = 0;
228 return ret; 231 return ret;
229 } 232}
230 233
231void BN_CTX_free(BN_CTX *ctx) 234void
232 { 235BN_CTX_free(BN_CTX *ctx)
236{
233 if (ctx == NULL) 237 if (ctx == NULL)
234 return; 238 return;
235#ifdef BN_CTX_DEBUG 239#ifdef BN_CTX_DEBUG
236 { 240 {
237 BN_POOL_ITEM *pool = ctx->pool.head; 241 BN_POOL_ITEM *pool = ctx->pool.head;
238 fprintf(stderr,"BN_CTX_free, stack-size=%d, pool-bignums=%d\n", 242 fprintf(stderr, "BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
239 ctx->stack.size, ctx->pool.size); 243 ctx->stack.size, ctx->pool.size);
240 fprintf(stderr,"dmaxs: "); 244 fprintf(stderr, "dmaxs: ");
241 while(pool) { 245 while (pool) {
242 unsigned loop = 0; 246 unsigned loop = 0;
243 while(loop < BN_CTX_POOL_SIZE) 247 while (loop < BN_CTX_POOL_SIZE)
244 fprintf(stderr,"%02x ", pool->vals[loop++].dmax); 248 fprintf(stderr, "%02x ",
245 pool = pool->next; 249 pool->vals[loop++].dmax);
246 } 250 pool = pool->next;
247 fprintf(stderr,"\n"); 251 }
252 fprintf(stderr, "\n");
248 } 253 }
249#endif 254#endif
250 BN_STACK_finish(&ctx->stack); 255 BN_STACK_finish(&ctx->stack);
251 BN_POOL_finish(&ctx->pool); 256 BN_POOL_finish(&ctx->pool);
252 free(ctx); 257 free(ctx);
253 } 258}
254 259
255void BN_CTX_start(BN_CTX *ctx) 260void
256 { 261BN_CTX_start(BN_CTX *ctx)
262{
257 CTXDBG_ENTRY("BN_CTX_start", ctx); 263 CTXDBG_ENTRY("BN_CTX_start", ctx);
264
258 /* If we're already overflowing ... */ 265 /* If we're already overflowing ... */
259 if(ctx->err_stack || ctx->too_many) 266 if (ctx->err_stack || ctx->too_many)
260 ctx->err_stack++; 267 ctx->err_stack++;
261 /* (Try to) get a new frame pointer */ 268 /* (Try to) get a new frame pointer */
262 else if(!BN_STACK_push(&ctx->stack, ctx->used)) 269 else if (!BN_STACK_push(&ctx->stack, ctx->used)) {
263 { 270 BNerr(BN_F_BN_CTX_START, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
264 BNerr(BN_F_BN_CTX_START,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
265 ctx->err_stack++; 271 ctx->err_stack++;
266 }
267 CTXDBG_EXIT(ctx);
268 } 272 }
273 CTXDBG_EXIT(ctx);
274}
269 275
270void BN_CTX_end(BN_CTX *ctx) 276void
271 { 277BN_CTX_end(BN_CTX *ctx)
278{
272 CTXDBG_ENTRY("BN_CTX_end", ctx); 279 CTXDBG_ENTRY("BN_CTX_end", ctx);
273 if(ctx->err_stack) 280
281 if (ctx->err_stack)
274 ctx->err_stack--; 282 ctx->err_stack--;
275 else 283 else {
276 {
277 unsigned int fp = BN_STACK_pop(&ctx->stack); 284 unsigned int fp = BN_STACK_pop(&ctx->stack);
278 /* Does this stack frame have anything to release? */ 285 /* Does this stack frame have anything to release? */
279 if(fp < ctx->used) 286 if (fp < ctx->used)
280 BN_POOL_release(&ctx->pool, ctx->used - fp); 287 BN_POOL_release(&ctx->pool, ctx->used - fp);
281 ctx->used = fp; 288 ctx->used = fp;
282 /* Unjam "too_many" in case "get" had failed */ 289 /* Unjam "too_many" in case "get" had failed */
283 ctx->too_many = 0; 290 ctx->too_many = 0;
284 }
285 CTXDBG_EXIT(ctx);
286 } 291 }
292 CTXDBG_EXIT(ctx);
293}
287 294
288BIGNUM *BN_CTX_get(BN_CTX *ctx) 295BIGNUM *
289 { 296BN_CTX_get(BN_CTX *ctx)
297{
290 BIGNUM *ret; 298 BIGNUM *ret;
299
291 CTXDBG_ENTRY("BN_CTX_get", ctx); 300 CTXDBG_ENTRY("BN_CTX_get", ctx);
292 if(ctx->err_stack || ctx->too_many) return NULL; 301
293 if((ret = BN_POOL_get(&ctx->pool)) == NULL) 302 if (ctx->err_stack || ctx->too_many)
294 { 303 return NULL;
304 if ((ret = BN_POOL_get(&ctx->pool)) == NULL) {
295 /* Setting too_many prevents repeated "get" attempts from 305 /* Setting too_many prevents repeated "get" attempts from
296 * cluttering the error stack. */ 306 * cluttering the error stack. */
297 ctx->too_many = 1; 307 ctx->too_many = 1;
298 BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES); 308 BNerr(BN_F_BN_CTX_GET, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
299 return NULL; 309 return NULL;
300 } 310 }
301 /* OK, make sure the returned bignum is "zero" */ 311 /* OK, make sure the returned bignum is "zero" */
302 BN_zero(ret); 312 BN_zero(ret);
303 ctx->used++; 313 ctx->used++;
304 CTXDBG_RET(ctx, ret); 314 CTXDBG_RET(ctx, ret);
305 return ret; 315 return ret;
306 } 316}
307 317
308/************/ 318/************/
309/* BN_STACK */ 319/* BN_STACK */
310/************/ 320/************/
311 321
312static void BN_STACK_init(BN_STACK *st) 322static void
313 { 323BN_STACK_init(BN_STACK *st)
324{
314 st->indexes = NULL; 325 st->indexes = NULL;
315 st->depth = st->size = 0; 326 st->depth = st->size = 0;
316 } 327}
317 328
318static void BN_STACK_finish(BN_STACK *st) 329static void
319 { 330BN_STACK_finish(BN_STACK *st)
320 if(st->size) free(st->indexes); 331{
321 } 332 if (st->size)
333 free(st->indexes);
334}
322 335
323#ifndef OPENSSL_NO_DEPRECATED 336#ifndef OPENSSL_NO_DEPRECATED
324static void BN_STACK_reset(BN_STACK *st) 337static void
325 { 338BN_STACK_reset(BN_STACK *st)
339{
326 st->depth = 0; 340 st->depth = 0;
327 } 341}
328#endif 342#endif
329 343
330static int BN_STACK_push(BN_STACK *st, unsigned int idx) 344static int
331 { 345BN_STACK_push(BN_STACK *st, unsigned int idx)
332 if(st->depth == st->size) 346{
347 if (st->depth == st->size)
333 /* Need to expand */ 348 /* Need to expand */
334 { 349 {
335 unsigned int newsize = (st->size ? 350 unsigned int newsize = (st->size ?
336 (st->size * 3 / 2) : BN_CTX_START_FRAMES); 351 (st->size * 3 / 2) : BN_CTX_START_FRAMES);
337 unsigned int *newitems = malloc(newsize * 352 unsigned int *newitems = malloc(newsize *
338 sizeof(unsigned int)); 353 sizeof(unsigned int));
339 if(!newitems) return 0; 354 if (!newitems)
340 if(st->depth) 355 return 0;
356 if (st->depth)
341 memcpy(newitems, st->indexes, st->depth * 357 memcpy(newitems, st->indexes, st->depth *
342 sizeof(unsigned int)); 358 sizeof(unsigned int));
343 if(st->size) free(st->indexes); 359 if (st->size)
360 free(st->indexes);
344 st->indexes = newitems; 361 st->indexes = newitems;
345 st->size = newsize; 362 st->size = newsize;
346 } 363 }
347 st->indexes[(st->depth)++] = idx; 364 st->indexes[(st->depth)++] = idx;
348 return 1; 365 return 1;
349 } 366}
350 367
351static unsigned int BN_STACK_pop(BN_STACK *st) 368static unsigned int
352 { 369BN_STACK_pop(BN_STACK *st)
370{
353 return st->indexes[--(st->depth)]; 371 return st->indexes[--(st->depth)];
354 } 372}
355 373
356/***********/ 374/***********/
357/* BN_POOL */ 375/* BN_POOL */
358/***********/ 376/***********/
359 377
360static void BN_POOL_init(BN_POOL *p) 378static void
361 { 379BN_POOL_init(BN_POOL *p)
380{
362 p->head = p->current = p->tail = NULL; 381 p->head = p->current = p->tail = NULL;
363 p->used = p->size = 0; 382 p->used = p->size = 0;
364 } 383}
365 384
366static void BN_POOL_finish(BN_POOL *p) 385static void
367 { 386BN_POOL_finish(BN_POOL *p)
368 while(p->head) 387{
369 { 388 while (p->head) {
370 unsigned int loop = 0; 389 unsigned int loop = 0;
371 BIGNUM *bn = p->head->vals; 390 BIGNUM *bn = p->head->vals;
372 while(loop++ < BN_CTX_POOL_SIZE) 391 while (loop++ < BN_CTX_POOL_SIZE) {
373 { 392 if (bn->d)
374 if(bn->d) BN_clear_free(bn); 393 BN_clear_free(bn);
375 bn++; 394 bn++;
376 } 395 }
377 p->current = p->head->next; 396 p->current = p->head->next;
378 free(p->head); 397 free(p->head);
379 p->head = p->current; 398 p->head = p->current;
380 }
381 } 399 }
400}
382 401
383#ifndef OPENSSL_NO_DEPRECATED 402#ifndef OPENSSL_NO_DEPRECATED
384static void BN_POOL_reset(BN_POOL *p) 403static void
385 { 404BN_POOL_reset(BN_POOL *p)
405{
386 BN_POOL_ITEM *item = p->head; 406 BN_POOL_ITEM *item = p->head;
387 while(item) 407 while (item) {
388 {
389 unsigned int loop = 0; 408 unsigned int loop = 0;
390 BIGNUM *bn = item->vals; 409 BIGNUM *bn = item->vals;
391 while(loop++ < BN_CTX_POOL_SIZE) 410 while (loop++ < BN_CTX_POOL_SIZE) {
392 { 411 if (bn->d)
393 if(bn->d) BN_clear(bn); 412 BN_clear(bn);
394 bn++; 413 bn++;
395 }
396 item = item->next;
397 } 414 }
415 item = item->next;
416 }
398 p->current = p->head; 417 p->current = p->head;
399 p->used = 0; 418 p->used = 0;
400 } 419}
401#endif 420#endif
402 421
403static BIGNUM *BN_POOL_get(BN_POOL *p) 422static BIGNUM *
404 { 423BN_POOL_get(BN_POOL *p)
405 if(p->used == p->size) 424{
406 { 425 if (p->used == p->size) {
407 BIGNUM *bn; 426 BIGNUM *bn;
408 unsigned int loop = 0; 427 unsigned int loop = 0;
409 BN_POOL_ITEM *item = malloc(sizeof(BN_POOL_ITEM)); 428 BN_POOL_ITEM *item = malloc(sizeof(BN_POOL_ITEM));
410 if(!item) return NULL; 429 if (!item)
430 return NULL;
411 /* Initialise the structure */ 431 /* Initialise the structure */
412 bn = item->vals; 432 bn = item->vals;
413 while(loop++ < BN_CTX_POOL_SIZE) 433 while (loop++ < BN_CTX_POOL_SIZE)
414 BN_init(bn++); 434 BN_init(bn++);
415 item->prev = p->tail; 435 item->prev = p->tail;
416 item->next = NULL; 436 item->next = NULL;
417 /* Link it in */ 437 /* Link it in */
418 if(!p->head) 438 if (!p->head)
419 p->head = p->current = p->tail = item; 439 p->head = p->current = p->tail = item;
420 else 440 else {
421 {
422 p->tail->next = item; 441 p->tail->next = item;
423 p->tail = item; 442 p->tail = item;
424 p->current = item; 443 p->current = item;
425 } 444 }
426 p->size += BN_CTX_POOL_SIZE; 445 p->size += BN_CTX_POOL_SIZE;
427 p->used++; 446 p->used++;
428 /* Return the first bignum from the new pool */ 447 /* Return the first bignum from the new pool */
429 return item->vals; 448 return item->vals;
430 } 449 }
431 if(!p->used) 450 if (!p->used)
432 p->current = p->head; 451 p->current = p->head;
433 else if((p->used % BN_CTX_POOL_SIZE) == 0) 452 else if ((p->used % BN_CTX_POOL_SIZE) == 0)
434 p->current = p->current->next; 453 p->current = p->current->next;
435 return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE); 454 return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
436 } 455}
437 456
438static void BN_POOL_release(BN_POOL *p, unsigned int num) 457static void
439 { 458BN_POOL_release(BN_POOL *p, unsigned int num)
459{
440 unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE; 460 unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;
461
441 p->used -= num; 462 p->used -= num;
442 while(num--) 463 while (num--) {
443 {
444 bn_check_top(p->current->vals + offset); 464 bn_check_top(p->current->vals + offset);
445 if(!offset) 465 if (!offset) {
446 {
447 offset = BN_CTX_POOL_SIZE - 1; 466 offset = BN_CTX_POOL_SIZE - 1;
448 p->current = p->current->prev; 467 p->current = p->current->prev;
449 } 468 } else
450 else
451 offset--; 469 offset--;
452 }
453 } 470 }
454 471}
diff --git a/src/lib/libcrypto/bn/bn_depr.c b/src/lib/libcrypto/bn/bn_depr.c
index 27535e4fca..e4d7f33967 100644
--- a/src/lib/libcrypto/bn/bn_depr.c
+++ b/src/lib/libcrypto/bn/bn_depr.c
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -62,51 +62,55 @@
62#include "bn_lcl.h" 62#include "bn_lcl.h"
63#include <openssl/rand.h> 63#include <openssl/rand.h>
64 64
65static void *dummy=&dummy; 65static void *dummy = &dummy;
66 66
67#ifndef OPENSSL_NO_DEPRECATED 67#ifndef OPENSSL_NO_DEPRECATED
68BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, 68BIGNUM *
69 const BIGNUM *add, const BIGNUM *rem, 69BN_generate_prime(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
70 void (*callback)(int,int,void *), void *cb_arg) 70 const BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg)
71 { 71{
72 BN_GENCB cb; 72 BN_GENCB cb;
73 BIGNUM *rnd=NULL; 73 BIGNUM *rnd = NULL;
74 int found = 0; 74 int found = 0;
75 75
76 BN_GENCB_set_old(&cb, callback, cb_arg); 76 BN_GENCB_set_old(&cb, callback, cb_arg);
77 77
78 if (ret == NULL) 78 if (ret == NULL) {
79 { 79 if ((rnd = BN_new()) == NULL)
80 if ((rnd=BN_new()) == NULL) goto err; 80 goto err;
81 } 81 } else
82 else 82 rnd = ret;
83 rnd=ret; 83 if (!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
84 if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
85 goto err; 84 goto err;
86 85
87 /* we have a prime :-) */ 86 /* we have a prime :-) */
88 found = 1; 87 found = 1;
88
89err: 89err:
90 if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd); 90 if (!found && (ret == NULL) && (rnd != NULL))
91 return(found ? rnd : NULL); 91 BN_free(rnd);
92 } 92 return (found ? rnd : NULL);
93}
93 94
94int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *), 95int
95 BN_CTX *ctx_passed, void *cb_arg) 96BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int, void *),
96 { 97 BN_CTX *ctx_passed, void *cb_arg)
98{
97 BN_GENCB cb; 99 BN_GENCB cb;
100
98 BN_GENCB_set_old(&cb, callback, cb_arg); 101 BN_GENCB_set_old(&cb, callback, cb_arg);
99 return BN_is_prime_ex(a, checks, ctx_passed, &cb); 102 return BN_is_prime_ex(a, checks, ctx_passed, &cb);
100 } 103}
101 104
102int BN_is_prime_fasttest(const BIGNUM *a, int checks, 105int
103 void (*callback)(int,int,void *), 106BN_is_prime_fasttest(const BIGNUM *a, int checks,
104 BN_CTX *ctx_passed, void *cb_arg, 107 void (*callback)(int, int, void *), BN_CTX *ctx_passed, void *cb_arg,
105 int do_trial_division) 108 int do_trial_division)
106 { 109{
107 BN_GENCB cb; 110 BN_GENCB cb;
111
108 BN_GENCB_set_old(&cb, callback, cb_arg); 112 BN_GENCB_set_old(&cb, callback, cb_arg);
109 return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 113 return BN_is_prime_fasttest_ex(a, checks, ctx_passed,
110 do_trial_division, &cb); 114 do_trial_division, &cb);
111 } 115}
112#endif 116#endif
diff --git a/src/lib/libcrypto/bn/bn_div.c b/src/lib/libcrypto/bn/bn_div.c
index e3e06ac054..04e4a24165 100644
--- a/src/lib/libcrypto/bn/bn_div.c
+++ b/src/lib/libcrypto/bn/bn_div.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -112,132 +112,134 @@
112 * rm->neg == num->neg (unless the remainder is zero) 112 * rm->neg == num->neg (unless the remainder is zero)
113 * If 'dv' or 'rm' is NULL, the respective value is not returned. 113 * If 'dv' or 'rm' is NULL, the respective value is not returned.
114 */ 114 */
115int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, 115int
116 BN_CTX *ctx) 116BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
117 { 117 BN_CTX *ctx)
118 int norm_shift,i,loop; 118{
119 BIGNUM *tmp,wnum,*snum,*sdiv,*res; 119 int norm_shift, i, loop;
120 BN_ULONG *resp,*wnump; 120 BIGNUM *tmp, wnum, *snum, *sdiv, *res;
121 BN_ULONG d0,d1; 121 BN_ULONG *resp, *wnump;
122 int num_n,div_n; 122 BN_ULONG d0, d1;
123 int no_branch=0; 123 int num_n, div_n;
124 int no_branch = 0;
124 125
125 /* Invalid zero-padding would have particularly bad consequences 126 /* Invalid zero-padding would have particularly bad consequences
126 * in the case of 'num', so don't just rely on bn_check_top() for this one 127 * in the case of 'num', so don't just rely on bn_check_top() for this one
127 * (bn_check_top() works only for BN_DEBUG builds) */ 128 * (bn_check_top() works only for BN_DEBUG builds) */
128 if (num->top > 0 && num->d[num->top - 1] == 0) 129 if (num->top > 0 && num->d[num->top - 1] == 0) {
129 { 130 BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED);
130 BNerr(BN_F_BN_DIV,BN_R_NOT_INITIALIZED);
131 return 0; 131 return 0;
132 } 132 }
133 133
134 bn_check_top(num); 134 bn_check_top(num);
135 135
136 if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) 136 if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) ||
137 { 137 (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) {
138 no_branch=1; 138 no_branch = 1;
139 } 139 }
140 140
141 bn_check_top(dv); 141 bn_check_top(dv);
142 bn_check_top(rm); 142 bn_check_top(rm);
143 /* bn_check_top(num); */ /* 'num' has been checked already */ 143 /* bn_check_top(num); */ /* 'num' has been checked already */
144 bn_check_top(divisor); 144 bn_check_top(divisor);
145 145
146 if (BN_is_zero(divisor)) 146 if (BN_is_zero(divisor)) {
147 { 147 BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
148 BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO); 148 return (0);
149 return(0); 149 }
150 }
151 150
152 if (!no_branch && BN_ucmp(num,divisor) < 0) 151 if (!no_branch && BN_ucmp(num, divisor) < 0) {
153 { 152 if (rm != NULL) {
154 if (rm != NULL) 153 if (BN_copy(rm, num) == NULL)
155 { if (BN_copy(rm,num) == NULL) return(0); } 154 return (0);
156 if (dv != NULL) BN_zero(dv);
157 return(1);
158 } 155 }
156 if (dv != NULL)
157 BN_zero(dv);
158 return (1);
159 }
159 160
160 BN_CTX_start(ctx); 161 BN_CTX_start(ctx);
161 tmp=BN_CTX_get(ctx); 162 tmp = BN_CTX_get(ctx);
162 snum=BN_CTX_get(ctx); 163 snum = BN_CTX_get(ctx);
163 sdiv=BN_CTX_get(ctx); 164 sdiv = BN_CTX_get(ctx);
164 if (dv == NULL) 165 if (dv == NULL)
165 res=BN_CTX_get(ctx); 166 res = BN_CTX_get(ctx);
166 else res=dv; 167 else
168 res = dv;
167 if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL) 169 if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL)
168 goto err; 170 goto err;
169 171
170 /* First we normalise the numbers */ 172 /* First we normalise the numbers */
171 norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); 173 norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2);
172 if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err; 174 if (!(BN_lshift(sdiv, divisor, norm_shift)))
173 sdiv->neg=0; 175 goto err;
174 norm_shift+=BN_BITS2; 176 sdiv->neg = 0;
175 if (!(BN_lshift(snum,num,norm_shift))) goto err; 177 norm_shift += BN_BITS2;
176 snum->neg=0; 178 if (!(BN_lshift(snum, num, norm_shift)))
179 goto err;
180 snum->neg = 0;
177 181
178 if (no_branch) 182 if (no_branch) {
179 {
180 /* Since we don't know whether snum is larger than sdiv, 183 /* Since we don't know whether snum is larger than sdiv,
181 * we pad snum with enough zeroes without changing its 184 * we pad snum with enough zeroes without changing its
182 * value. 185 * value.
183 */ 186 */
184 if (snum->top <= sdiv->top+1) 187 if (snum->top <= sdiv->top + 1) {
185 { 188 if (bn_wexpand(snum, sdiv->top + 2) == NULL)
186 if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err; 189 goto err;
187 for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0; 190 for (i = snum->top; i < sdiv->top + 2; i++)
191 snum->d[i] = 0;
188 snum->top = sdiv->top + 2; 192 snum->top = sdiv->top + 2;
189 } 193 } else {
190 else 194 if (bn_wexpand(snum, snum->top + 1) == NULL)
191 { 195 goto err;
192 if (bn_wexpand(snum, snum->top + 1) == NULL) goto err;
193 snum->d[snum->top] = 0; 196 snum->d[snum->top] = 0;
194 snum->top ++; 197 snum->top ++;
195 }
196 } 198 }
199 }
197 200
198 div_n=sdiv->top; 201 div_n = sdiv->top;
199 num_n=snum->top; 202 num_n = snum->top;
200 loop=num_n-div_n; 203 loop = num_n - div_n;
201 /* Lets setup a 'window' into snum 204 /* Lets setup a 'window' into snum
202 * This is the part that corresponds to the current 205 * This is the part that corresponds to the current
203 * 'area' being divided */ 206 * 'area' being divided */
204 wnum.neg = 0; 207 wnum.neg = 0;
205 wnum.d = &(snum->d[loop]); 208 wnum.d = &(snum->d[loop]);
206 wnum.top = div_n; 209 wnum.top = div_n;
207 /* only needed when BN_ucmp messes up the values between top and max */ 210 /* only needed when BN_ucmp messes up the values between top and max */
208 wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ 211 wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */
209 212
210 /* Get the top 2 words of sdiv */ 213 /* Get the top 2 words of sdiv */
211 /* div_n=sdiv->top; */ 214 /* div_n=sdiv->top; */
212 d0=sdiv->d[div_n-1]; 215 d0 = sdiv->d[div_n - 1];
213 d1=(div_n == 1)?0:sdiv->d[div_n-2]; 216 d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2];
214 217
215 /* pointer to the 'top' of snum */ 218 /* pointer to the 'top' of snum */
216 wnump= &(snum->d[num_n-1]); 219 wnump = &(snum->d[num_n - 1]);
217 220
218 /* Setup to 'res' */ 221 /* Setup to 'res' */
219 res->neg= (num->neg^divisor->neg); 222 res->neg = (num->neg ^ divisor->neg);
220 if (!bn_wexpand(res,(loop+1))) goto err; 223 if (!bn_wexpand(res, (loop + 1)))
221 res->top=loop-no_branch; 224 goto err;
222 resp= &(res->d[loop-1]); 225 res->top = loop - no_branch;
226 resp = &(res->d[loop - 1]);
223 227
224 /* space for temp */ 228 /* space for temp */
225 if (!bn_wexpand(tmp,(div_n+1))) goto err; 229 if (!bn_wexpand(tmp, (div_n + 1)))
230 goto err;
226 231
227 if (!no_branch) 232 if (!no_branch) {
228 { 233 if (BN_ucmp(&wnum, sdiv) >= 0) {
229 if (BN_ucmp(&wnum,sdiv) >= 0)
230 {
231 /* If BN_DEBUG_RAND is defined BN_ucmp changes (via 234 /* If BN_DEBUG_RAND is defined BN_ucmp changes (via
232 * bn_pollute) the const bignum arguments => 235 * bn_pollute) the const bignum arguments =>
233 * clean the values between top and max again */ 236 * clean the values between top and max again */
234 bn_clear_top2max(&wnum); 237 bn_clear_top2max(&wnum);
235 bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); 238 bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n);
236 *resp=1; 239 *resp = 1;
237 } 240 } else
238 else
239 res->top--; 241 res->top--;
240 } 242 }
241 243
242 /* if res->top == 0 then clear the neg value otherwise decrease 244 /* if res->top == 0 then clear the neg value otherwise decrease
243 * the resp pointer */ 245 * the resp pointer */
@@ -246,31 +248,30 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
246 else 248 else
247 resp--; 249 resp--;
248 250
249 for (i=0; i<loop-1; i++, wnump--, resp--) 251 for (i = 0; i < loop - 1; i++, wnump--, resp--) {
250 { 252 BN_ULONG q, l0;
251 BN_ULONG q,l0;
252 /* the first part of the loop uses the top two words of 253 /* the first part of the loop uses the top two words of
253 * snum and sdiv to calculate a BN_ULONG q such that 254 * snum and sdiv to calculate a BN_ULONG q such that
254 * | wnum - sdiv * q | < sdiv */ 255 * | wnum - sdiv * q | < sdiv */
255#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM) 256#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
256 BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG); 257 BN_ULONG bn_div_3_words(BN_ULONG*, BN_ULONG, BN_ULONG);
257 q=bn_div_3_words(wnump,d1,d0); 258 q = bn_div_3_words(wnump, d1, d0);
258#else 259#else
259 BN_ULONG n0,n1,rem=0; 260 BN_ULONG n0, n1, rem = 0;
260 261
261 n0=wnump[0]; 262 n0 = wnump[0];
262 n1=wnump[-1]; 263 n1 = wnump[-1];
263 if (n0 == d0) 264 if (n0 == d0)
264 q=BN_MASK2; 265 q = BN_MASK2;
265 else /* n0 < d0 */ 266 else /* n0 < d0 */
266 { 267 {
267#ifdef BN_LLONG 268#ifdef BN_LLONG
268 BN_ULLONG t2; 269 BN_ULLONG t2;
269 270
270#if defined(BN_DIV2W) && !defined(bn_div_words) 271#if defined(BN_DIV2W) && !defined(bn_div_words)
271 q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0); 272 q = (BN_ULONG)(((((BN_ULLONG)n0) << BN_BITS2)|n1)/d0);
272#else 273#else
273 q=bn_div_words(n0,n1,d0); 274 q = bn_div_words(n0, n1, d0);
274#endif 275#endif
275 276
276#ifndef REMAINDER_IS_ALREADY_CALCULATED 277#ifndef REMAINDER_IS_ALREADY_CALCULATED
@@ -278,62 +279,65 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
278 * rem doesn't have to be BN_ULLONG. The least we 279 * rem doesn't have to be BN_ULLONG. The least we
279 * know it's less that d0, isn't it? 280 * know it's less that d0, isn't it?
280 */ 281 */
281 rem=(n1-q*d0)&BN_MASK2; 282 rem = (n1 - q * d0) & BN_MASK2;
282#endif 283#endif
283 t2=(BN_ULLONG)d1*q; 284 t2 = (BN_ULLONG)d1*q;
284 285
285 for (;;) 286 for (;;) {
286 { 287 if (t2 <= ((((BN_ULLONG)rem) << BN_BITS2) |
287 if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2])) 288 wnump[-2]))
288 break; 289 break;
289 q--; 290 q--;
290 rem += d0; 291 rem += d0;
291 if (rem < d0) break; /* don't let rem overflow */ 292 if (rem < d0) break; /* don't let rem overflow */
292 t2 -= d1; 293 t2 -= d1;
293 } 294 }
294#else /* !BN_LLONG */ 295#else /* !BN_LLONG */
295 BN_ULONG t2l,t2h; 296 BN_ULONG t2l, t2h;
296 297
297 q=bn_div_words(n0,n1,d0); 298 q = bn_div_words(n0, n1, d0);
298#ifndef REMAINDER_IS_ALREADY_CALCULATED 299#ifndef REMAINDER_IS_ALREADY_CALCULATED
299 rem=(n1-q*d0)&BN_MASK2; 300 rem = (n1 - q*d0)&BN_MASK2;
300#endif 301#endif
301 302
302#if defined(BN_UMULT_LOHI) 303#if defined(BN_UMULT_LOHI)
303 BN_UMULT_LOHI(t2l,t2h,d1,q); 304 BN_UMULT_LOHI(t2l, t2h, d1, q);
304#elif defined(BN_UMULT_HIGH) 305#elif defined(BN_UMULT_HIGH)
305 t2l = d1 * q; 306 t2l = d1 * q;
306 t2h = BN_UMULT_HIGH(d1,q); 307 t2h = BN_UMULT_HIGH(d1, q);
307#else 308#else
308 { 309 {
309 BN_ULONG ql, qh; 310 BN_ULONG ql, qh;
310 t2l=LBITS(d1); t2h=HBITS(d1); 311 t2l = LBITS(d1);
311 ql =LBITS(q); qh =HBITS(q); 312 t2h = HBITS(d1);
312 mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */ 313 ql = LBITS(q);
314 qh = HBITS(q);
315 mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */
313 } 316 }
314#endif 317#endif
315 318
316 for (;;) 319 for (;;) {
317 {
318 if ((t2h < rem) || 320 if ((t2h < rem) ||
319 ((t2h == rem) && (t2l <= wnump[-2]))) 321 ((t2h == rem) && (t2l <= wnump[-2])))
320 break; 322 break;
321 q--; 323 q--;
322 rem += d0; 324 rem += d0;
323 if (rem < d0) break; /* don't let rem overflow */ 325 if (rem < d0)
324 if (t2l < d1) t2h--; t2l -= d1; 326 break; /* don't let rem overflow */
325 } 327 if (t2l < d1)
326#endif /* !BN_LLONG */ 328 t2h--;
329 t2l -= d1;
327 } 330 }
331#endif /* !BN_LLONG */
332 }
328#endif /* !BN_DIV3W */ 333#endif /* !BN_DIV3W */
329 334
330 l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); 335 l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q);
331 tmp->d[div_n]=l0; 336 tmp->d[div_n] = l0;
332 wnum.d--; 337 wnum.d--;
333 /* ingore top values of the bignums just sub the two 338 /* ingore top values of the bignums just sub the two
334 * BN_ULONG arrays with bn_sub_words */ 339 * BN_ULONG arrays with bn_sub_words */
335 if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1)) 340 if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) {
336 {
337 /* Note: As we have considered only the leading 341 /* Note: As we have considered only the leading
338 * two BN_ULONGs in the calculation of q, sdiv * q 342 * two BN_ULONGs in the calculation of q, sdiv * q
339 * might be greater than wnum (but then (q-1) * sdiv 343 * might be greater than wnum (but then (q-1) * sdiv
@@ -345,27 +349,28 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
345 * that q != 0, but if q == 0 then tmp is 349 * that q != 0, but if q == 0 then tmp is
346 * zero anyway) */ 350 * zero anyway) */
347 (*wnump)++; 351 (*wnump)++;
348 } 352 }
349 /* store part of the result */ 353 /* store part of the result */
350 *resp = q; 354 *resp = q;
351 } 355 }
352 bn_correct_top(snum); 356 bn_correct_top(snum);
353 if (rm != NULL) 357 if (rm != NULL) {
354 {
355 /* Keep a copy of the neg flag in num because if rm==num 358 /* Keep a copy of the neg flag in num because if rm==num
356 * BN_rshift() will overwrite it. 359 * BN_rshift() will overwrite it.
357 */ 360 */
358 int neg = num->neg; 361 int neg = num->neg;
359 BN_rshift(rm,snum,norm_shift); 362 BN_rshift(rm, snum, norm_shift);
360 if (!BN_is_zero(rm)) 363 if (!BN_is_zero(rm))
361 rm->neg = neg; 364 rm->neg = neg;
362 bn_check_top(rm); 365 bn_check_top(rm);
363 } 366 }
364 if (no_branch) bn_correct_top(res); 367 if (no_branch)
368 bn_correct_top(res);
365 BN_CTX_end(ctx); 369 BN_CTX_end(ctx);
366 return(1); 370 return (1);
371
367err: 372err:
368 bn_check_top(rm); 373 bn_check_top(rm);
369 BN_CTX_end(ctx); 374 BN_CTX_end(ctx);
370 return(0); 375 return (0);
371 } 376}
diff --git a/src/lib/libcrypto/bn/bn_err.c b/src/lib/libcrypto/bn/bn_err.c
index cfe2eb94a0..45300e0866 100644
--- a/src/lib/libcrypto/bn/bn_err.c
+++ b/src/lib/libcrypto/bn/bn_err.c
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -68,83 +68,80 @@
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0) 68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason) 69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
70 70
71static ERR_STRING_DATA BN_str_functs[]= 71static ERR_STRING_DATA BN_str_functs[]= {
72 { 72 {ERR_FUNC(BN_F_BNRAND), "BNRAND"},
73{ERR_FUNC(BN_F_BNRAND), "BNRAND"}, 73 {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"},
74{ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"}, 74 {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"},
75{ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"}, 75 {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"},
76{ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"}, 76 {ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"},
77{ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"}, 77 {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"},
78{ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"}, 78 {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"},
79{ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"}, 79 {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"},
80{ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"}, 80 {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"},
81{ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"}, 81 {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
82{ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"}, 82 {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"},
83{ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"}, 83 {ERR_FUNC(BN_F_BN_DIV), "BN_div"},
84{ERR_FUNC(BN_F_BN_DIV), "BN_div"}, 84 {ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"},
85{ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"}, 85 {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"},
86{ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"}, 86 {ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
87{ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, 87 {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"},
88{ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, 88 {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"},
89{ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"}, 89 {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"},
90{ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"}, 90 {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"},
91{ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"}, 91 {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"},
92{ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"}, 92 {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"},
93{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"}, 93 {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
94{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, 94 {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
95{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, 95 {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
96{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, 96 {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
97{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, 97 {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
98{ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, 98 {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
99{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, 99 {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"},
100{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"}, 100 {ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"},
101{ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"}, 101 {ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"},
102{ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"}, 102 {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
103{ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"}, 103 {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"},
104{ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"}, 104 {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
105{ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"}, 105 {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"},
106{ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"}, 106 {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
107{ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"}, 107 {ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
108{ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"}, 108 {ERR_FUNC(BN_F_BN_NEW), "BN_new"},
109{ERR_FUNC(BN_F_BN_NEW), "BN_new"}, 109 {ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
110{ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, 110 {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
111{ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, 111 {ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
112{ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, 112 {0, NULL}
113{0,NULL} 113};
114 };
115 114
116static ERR_STRING_DATA BN_str_reasons[]= 115static ERR_STRING_DATA BN_str_reasons[]= {
117 { 116 {ERR_REASON(BN_R_ARG2_LT_ARG3) , "arg2 lt arg3"},
118{ERR_REASON(BN_R_ARG2_LT_ARG3) ,"arg2 lt arg3"}, 117 {ERR_REASON(BN_R_BAD_RECIPROCAL) , "bad reciprocal"},
119{ERR_REASON(BN_R_BAD_RECIPROCAL) ,"bad reciprocal"}, 118 {ERR_REASON(BN_R_BIGNUM_TOO_LONG) , "bignum too long"},
120{ERR_REASON(BN_R_BIGNUM_TOO_LONG) ,"bignum too long"}, 119 {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"},
121{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS),"called with even modulus"}, 120 {ERR_REASON(BN_R_DIV_BY_ZERO) , "div by zero"},
122{ERR_REASON(BN_R_DIV_BY_ZERO) ,"div by zero"}, 121 {ERR_REASON(BN_R_ENCODING_ERROR) , "encoding error"},
123{ERR_REASON(BN_R_ENCODING_ERROR) ,"encoding error"}, 122 {ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA), "expand on static bignum data"},
124{ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),"expand on static bignum data"}, 123 {ERR_REASON(BN_R_INPUT_NOT_REDUCED) , "input not reduced"},
125{ERR_REASON(BN_R_INPUT_NOT_REDUCED) ,"input not reduced"}, 124 {ERR_REASON(BN_R_INVALID_LENGTH) , "invalid length"},
126{ERR_REASON(BN_R_INVALID_LENGTH) ,"invalid length"}, 125 {ERR_REASON(BN_R_INVALID_RANGE) , "invalid range"},
127{ERR_REASON(BN_R_INVALID_RANGE) ,"invalid range"}, 126 {ERR_REASON(BN_R_NOT_A_SQUARE) , "not a square"},
128{ERR_REASON(BN_R_NOT_A_SQUARE) ,"not a square"}, 127 {ERR_REASON(BN_R_NOT_INITIALIZED) , "not initialized"},
129{ERR_REASON(BN_R_NOT_INITIALIZED) ,"not initialized"}, 128 {ERR_REASON(BN_R_NO_INVERSE) , "no inverse"},
130{ERR_REASON(BN_R_NO_INVERSE) ,"no inverse"}, 129 {ERR_REASON(BN_R_NO_SOLUTION) , "no solution"},
131{ERR_REASON(BN_R_NO_SOLUTION) ,"no solution"}, 130 {ERR_REASON(BN_R_P_IS_NOT_PRIME) , "p is not prime"},
132{ERR_REASON(BN_R_P_IS_NOT_PRIME) ,"p is not prime"}, 131 {ERR_REASON(BN_R_TOO_MANY_ITERATIONS) , "too many iterations"},
133{ERR_REASON(BN_R_TOO_MANY_ITERATIONS) ,"too many iterations"}, 132 {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES), "too many temporary variables"},
134{ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"}, 133 {0, NULL}
135{0,NULL} 134};
136 };
137 135
138#endif 136#endif
139 137
140void ERR_load_BN_strings(void) 138void
141 { 139ERR_load_BN_strings(void)
140{
142#ifndef OPENSSL_NO_ERR 141#ifndef OPENSSL_NO_ERR
143 142 if (ERR_func_error_string(BN_str_functs[0].error) == NULL) {
144 if (ERR_func_error_string(BN_str_functs[0].error) == NULL) 143 ERR_load_strings(0, BN_str_functs);
145 { 144 ERR_load_strings(0, BN_str_reasons);
146 ERR_load_strings(0,BN_str_functs);
147 ERR_load_strings(0,BN_str_reasons);
148 }
149#endif
150 } 145 }
146#endif
147}
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c
index 22ef643c02..0e36e8d7b5 100644
--- a/src/lib/libcrypto/bn/bn_exp.c
+++ b/src/lib/libcrypto/bn/bn_exp.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
63 * are met: 63 * are met:
64 * 64 *
65 * 1. Redistributions of source code must retain the above copyright 65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer. 66 * notice, this list of conditions and the following disclaimer.
67 * 67 *
68 * 2. Redistributions in binary form must reproduce the above copyright 68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in 69 * notice, this list of conditions and the following disclaimer in
@@ -124,17 +124,17 @@
124#define TABLE_SIZE 32 124#define TABLE_SIZE 32
125 125
126/* this one works - simple but works */ 126/* this one works - simple but works */
127int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) 127int
128 { 128BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
129 int i,bits,ret=0; 129{
130 BIGNUM *v,*rr; 130 int i, bits, ret = 0;
131 BIGNUM *v, *rr;
131 132
132 if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) 133 if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
133 {
134 /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ 134 /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
135 BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 135 BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
136 return -1; 136 return -1;
137 } 137 }
138 138
139 BN_CTX_start(ctx); 139 BN_CTX_start(ctx);
140 if ((r == a) || (r == p)) 140 if ((r == a) || (r == p))
@@ -142,35 +142,43 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
142 else 142 else
143 rr = r; 143 rr = r;
144 v = BN_CTX_get(ctx); 144 v = BN_CTX_get(ctx);
145 if (rr == NULL || v == NULL) goto err; 145 if (rr == NULL || v == NULL)
146 goto err;
146 147
147 if (BN_copy(v,a) == NULL) goto err; 148 if (BN_copy(v, a) == NULL)
148 bits=BN_num_bits(p); 149 goto err;
150 bits = BN_num_bits(p);
149 151
150 if (BN_is_odd(p)) 152 if (BN_is_odd(p)) {
151 { if (BN_copy(rr,a) == NULL) goto err; } 153 if (BN_copy(rr, a) == NULL)
152 else { if (!BN_one(rr)) goto err; } 154 goto err;
155 } else {
156 if (!BN_one(rr))
157 goto err;
158 }
153 159
154 for (i=1; i<bits; i++) 160 for (i = 1; i < bits; i++) {
155 { 161 if (!BN_sqr(v, v, ctx))
156 if (!BN_sqr(v,v,ctx)) goto err; 162 goto err;
157 if (BN_is_bit_set(p,i)) 163 if (BN_is_bit_set(p, i)) {
158 { 164 if (!BN_mul(rr, rr, v, ctx))
159 if (!BN_mul(rr,rr,v,ctx)) goto err; 165 goto err;
160 }
161 } 166 }
162 ret=1; 167 }
168 ret = 1;
169
163err: 170err:
164 if (r != rr) BN_copy(r,rr); 171 if (r != rr)
172 BN_copy(r, rr);
165 BN_CTX_end(ctx); 173 BN_CTX_end(ctx);
166 bn_check_top(r); 174 bn_check_top(r);
167 return(ret); 175 return (ret);
168 } 176}
169 177
170 178int
171int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, 179BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
172 BN_CTX *ctx) 180 BN_CTX *ctx)
173 { 181{
174 int ret; 182 int ret;
175 183
176 bn_check_top(a); 184 bn_check_top(a);
@@ -194,7 +202,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
194 * BN_mod_exp_mont 33 .. 40 % [AMD K6-2, Linux, debug configuration] 202 * BN_mod_exp_mont 33 .. 40 % [AMD K6-2, Linux, debug configuration]
195 * 55 .. 77 % [UltraSparc processor, but 203 * 55 .. 77 % [UltraSparc processor, but
196 * debug-solaris-sparcv8-gcc conf.] 204 * debug-solaris-sparcv8-gcc conf.]
197 * 205 *
198 * BN_mod_exp_recp 50 .. 70 % [AMD K6-2, Linux, debug configuration] 206 * BN_mod_exp_recp 50 .. 70 % [AMD K6-2, Linux, debug configuration]
199 * 62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc] 207 * 62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
200 * 208 *
@@ -218,310 +226,305 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
218 * a >= m. eay 07-May-97 */ 226 * a >= m. eay 07-May-97 */
219/* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */ 227/* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
220 228
221 if (BN_is_odd(m)) 229 if (BN_is_odd(m)) {
222 {
223# ifdef MONT_EXP_WORD 230# ifdef MONT_EXP_WORD
224 if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) 231 if (a->top == 1 && !a->neg &&
225 { 232 (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) {
226 BN_ULONG A = a->d[0]; 233 BN_ULONG A = a->d[0];
227 ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL); 234 ret = BN_mod_exp_mont_word(r, A,p, m,ctx, NULL);
228 } 235 } else
229 else
230# endif 236# endif
231 ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL); 237 ret = BN_mod_exp_mont(r, a,p, m,ctx, NULL);
232 } 238 } else
233 else
234#endif 239#endif
235#ifdef RECP_MUL_MOD 240#ifdef RECP_MUL_MOD
236 { ret=BN_mod_exp_recp(r,a,p,m,ctx); } 241 {
242 ret = BN_mod_exp_recp(r, a,p, m, ctx);
243 }
237#else 244#else
238 { ret=BN_mod_exp_simple(r,a,p,m,ctx); } 245 {
246 ret = BN_mod_exp_simple(r, a,p, m, ctx);
247 }
239#endif 248#endif
240 249
241 bn_check_top(r); 250 bn_check_top(r);
242 return(ret); 251 return (ret);
243 } 252}
244 253
245 254int
246int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 255BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
247 const BIGNUM *m, BN_CTX *ctx) 256 BN_CTX *ctx)
248 { 257{
249 int i,j,bits,ret=0,wstart,wend,window,wvalue; 258 int i, j, bits, ret = 0, wstart, wend, window, wvalue;
250 int start=1; 259 int start = 1;
251 BIGNUM *aa; 260 BIGNUM *aa;
252 /* Table of variables obtained from 'ctx' */ 261 /* Table of variables obtained from 'ctx' */
253 BIGNUM *val[TABLE_SIZE]; 262 BIGNUM *val[TABLE_SIZE];
254 BN_RECP_CTX recp; 263 BN_RECP_CTX recp;
255 264
256 if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) 265 if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
257 {
258 /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ 266 /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
259 BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 267 BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
260 return -1; 268 return -1;
261 } 269 }
262 270
263 bits=BN_num_bits(p); 271 bits = BN_num_bits(p);
264 272
265 if (bits == 0) 273 if (bits == 0) {
266 {
267 ret = BN_one(r); 274 ret = BN_one(r);
268 return ret; 275 return ret;
269 } 276 }
270 277
271 BN_CTX_start(ctx); 278 BN_CTX_start(ctx);
272 aa = BN_CTX_get(ctx); 279 aa = BN_CTX_get(ctx);
273 val[0] = BN_CTX_get(ctx); 280 val[0] = BN_CTX_get(ctx);
274 if(!aa || !val[0]) goto err; 281 if (!aa || !val[0])
282 goto err;
275 283
276 BN_RECP_CTX_init(&recp); 284 BN_RECP_CTX_init(&recp);
277 if (m->neg) 285 if (m->neg) {
278 {
279 /* ignore sign of 'm' */ 286 /* ignore sign of 'm' */
280 if (!BN_copy(aa, m)) goto err; 287 if (!BN_copy(aa, m))
288 goto err;
281 aa->neg = 0; 289 aa->neg = 0;
282 if (BN_RECP_CTX_set(&recp,aa,ctx) <= 0) goto err; 290 if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0)
283 } 291 goto err;
284 else 292 } else {
285 { 293 if (BN_RECP_CTX_set(&recp, m, ctx) <= 0)
286 if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err; 294 goto err;
287 } 295 }
288 296
289 if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */ 297 if (!BN_nnmod(val[0], a, m, ctx))
290 if (BN_is_zero(val[0])) 298 goto err; /* 1 */
291 { 299 if (BN_is_zero(val[0])) {
292 BN_zero(r); 300 BN_zero(r);
293 ret = 1; 301 ret = 1;
294 goto err; 302 goto err;
295 } 303 }
296 304
297 window = BN_window_bits_for_exponent_size(bits); 305 window = BN_window_bits_for_exponent_size(bits);
298 if (window > 1) 306 if (window > 1) {
299 { 307 if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx))
300 if (!BN_mod_mul_reciprocal(aa,val[0],val[0],&recp,ctx))
301 goto err; /* 2 */ 308 goto err; /* 2 */
302 j=1<<(window-1); 309 j = 1 << (window - 1);
303 for (i=1; i<j; i++) 310 for (i = 1; i < j; i++) {
304 { 311 if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
305 if(((val[i] = BN_CTX_get(ctx)) == NULL) || 312 !BN_mod_mul_reciprocal(val[i], val[i - 1],
306 !BN_mod_mul_reciprocal(val[i],val[i-1], 313 aa, &recp, ctx))
307 aa,&recp,ctx))
308 goto err; 314 goto err;
309 }
310 } 315 }
311 316 }
312 start=1; /* This is used to avoid multiplication etc
313 * when there is only the value '1' in the
314 * buffer. */
315 wvalue=0; /* The 'value' of the window */
316 wstart=bits-1; /* The top bit of the window */
317 wend=0; /* The bottom bit of the window */
318 317
319 if (!BN_one(r)) goto err; 318 start = 1; /* This is used to avoid multiplication etc
319 * when there is only the value '1' in the
320 * buffer. */
321 wvalue = 0; /* The 'value' of the window */
322 wstart = bits - 1; /* The top bit of the window */
323 wend = 0; /* The bottom bit of the window */
320 324
321 for (;;) 325 if (!BN_one(r))
322 { 326 goto err;
323 if (BN_is_bit_set(p,wstart) == 0) 327
324 { 328 for (;;) {
329 if (BN_is_bit_set(p, wstart) == 0) {
325 if (!start) 330 if (!start)
326 if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx)) 331 if (!BN_mod_mul_reciprocal(r, r,r, &recp, ctx))
327 goto err; 332 goto err;
328 if (wstart == 0) break; 333 if (wstart == 0)
334 break;
329 wstart--; 335 wstart--;
330 continue; 336 continue;
331 } 337 }
332 /* We now have wstart on a 'set' bit, we now need to work out 338 /* We now have wstart on a 'set' bit, we now need to work out
333 * how bit a window to do. To do this we need to scan 339 * how bit a window to do. To do this we need to scan
334 * forward until the last set bit before the end of the 340 * forward until the last set bit before the end of the
335 * window */ 341 * window */
336 j=wstart; 342 j = wstart;
337 wvalue=1; 343 wvalue = 1;
338 wend=0; 344 wend = 0;
339 for (i=1; i<window; i++) 345 for (i = 1; i < window; i++) {
340 { 346 if (wstart - i < 0)
341 if (wstart-i < 0) break; 347 break;
342 if (BN_is_bit_set(p,wstart-i)) 348 if (BN_is_bit_set(p, wstart - i)) {
343 { 349 wvalue <<= (i - wend);
344 wvalue<<=(i-wend); 350 wvalue |= 1;
345 wvalue|=1; 351 wend = i;
346 wend=i;
347 }
348 } 352 }
353 }
349 354
350 /* wend is the size of the current window */ 355 /* wend is the size of the current window */
351 j=wend+1; 356 j = wend + 1;
352 /* add the 'bytes above' */ 357 /* add the 'bytes above' */
353 if (!start) 358 if (!start)
354 for (i=0; i<j; i++) 359 for (i = 0; i < j; i++) {
355 { 360 if (!BN_mod_mul_reciprocal(r, r,r, &recp, ctx))
356 if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
357 goto err; 361 goto err;
358 } 362 }
359 363
360 /* wvalue will be an odd number < 2^window */ 364 /* wvalue will be an odd number < 2^window */
361 if (!BN_mod_mul_reciprocal(r,r,val[wvalue>>1],&recp,ctx)) 365 if (!BN_mod_mul_reciprocal(r, r,val[wvalue >> 1], &recp, ctx))
362 goto err; 366 goto err;
363 367
364 /* move the 'window' down further */ 368 /* move the 'window' down further */
365 wstart-=wend+1; 369 wstart -= wend + 1;
366 wvalue=0; 370 wvalue = 0;
367 start=0; 371 start = 0;
368 if (wstart < 0) break; 372 if (wstart < 0)
369 } 373 break;
370 ret=1; 374 }
375 ret = 1;
376
371err: 377err:
372 BN_CTX_end(ctx); 378 BN_CTX_end(ctx);
373 BN_RECP_CTX_free(&recp); 379 BN_RECP_CTX_free(&recp);
374 bn_check_top(r); 380 bn_check_top(r);
375 return(ret); 381 return (ret);
376 } 382}
377 383
378 384int
379int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, 385BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
380 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) 386 BN_CTX *ctx, BN_MONT_CTX *in_mont)
381 { 387{
382 int i,j,bits,ret=0,wstart,wend,window,wvalue; 388 int i, j, bits, ret = 0, wstart, wend, window, wvalue;
383 int start=1; 389 int start = 1;
384 BIGNUM *d,*r; 390 BIGNUM *d, *r;
385 const BIGNUM *aa; 391 const BIGNUM *aa;
386 /* Table of variables obtained from 'ctx' */ 392 /* Table of variables obtained from 'ctx' */
387 BIGNUM *val[TABLE_SIZE]; 393 BIGNUM *val[TABLE_SIZE];
388 BN_MONT_CTX *mont=NULL; 394 BN_MONT_CTX *mont = NULL;
389 395
390 if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) 396 if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
391 {
392 return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); 397 return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
393 } 398 }
394 399
395 bn_check_top(a); 400 bn_check_top(a);
396 bn_check_top(p); 401 bn_check_top(p);
397 bn_check_top(m); 402 bn_check_top(m);
398 403
399 if (!BN_is_odd(m)) 404 if (!BN_is_odd(m)) {
400 { 405 BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
401 BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); 406 return (0);
402 return(0); 407 }
403 } 408 bits = BN_num_bits(p);
404 bits=BN_num_bits(p); 409 if (bits == 0) {
405 if (bits == 0)
406 {
407 ret = BN_one(rr); 410 ret = BN_one(rr);
408 return ret; 411 return ret;
409 } 412 }
410 413
411 BN_CTX_start(ctx); 414 BN_CTX_start(ctx);
412 d = BN_CTX_get(ctx); 415 d = BN_CTX_get(ctx);
413 r = BN_CTX_get(ctx); 416 r = BN_CTX_get(ctx);
414 val[0] = BN_CTX_get(ctx); 417 val[0] = BN_CTX_get(ctx);
415 if (!d || !r || !val[0]) goto err; 418 if (!d || !r || !val[0])
419 goto err;
416 420
417 /* If this is not done, things will break in the montgomery 421 /* If this is not done, things will break in the montgomery
418 * part */ 422 * part */
419 423
420 if (in_mont != NULL) 424 if (in_mont != NULL)
421 mont=in_mont; 425 mont = in_mont;
422 else 426 else {
423 { 427 if ((mont = BN_MONT_CTX_new()) == NULL)
424 if ((mont=BN_MONT_CTX_new()) == NULL) goto err; 428 goto err;
425 if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; 429 if (!BN_MONT_CTX_set(mont, m, ctx))
426 } 430 goto err;
431 }
427 432
428 if (a->neg || BN_ucmp(a,m) >= 0) 433 if (a->neg || BN_ucmp(a, m) >= 0) {
429 { 434 if (!BN_nnmod(val[0], a,m, ctx))
430 if (!BN_nnmod(val[0],a,m,ctx))
431 goto err; 435 goto err;
432 aa= val[0]; 436 aa = val[0];
433 } 437 } else
434 else 438 aa = a;
435 aa=a; 439 if (BN_is_zero(aa)) {
436 if (BN_is_zero(aa))
437 {
438 BN_zero(rr); 440 BN_zero(rr);
439 ret = 1; 441 ret = 1;
440 goto err; 442 goto err;
441 } 443 }
442 if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */ 444 if (!BN_to_montgomery(val[0], aa, mont, ctx))
445 goto err; /* 1 */
443 446
444 window = BN_window_bits_for_exponent_size(bits); 447 window = BN_window_bits_for_exponent_size(bits);
445 if (window > 1) 448 if (window > 1) {
446 { 449 if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx))
447 if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */ 450 goto err; /* 2 */
448 j=1<<(window-1); 451 j = 1 << (window - 1);
449 for (i=1; i<j; i++) 452 for (i = 1; i < j; i++) {
450 { 453 if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
451 if(((val[i] = BN_CTX_get(ctx)) == NULL) || 454 !BN_mod_mul_montgomery(val[i], val[i - 1],
452 !BN_mod_mul_montgomery(val[i],val[i-1], 455 d, mont, ctx))
453 d,mont,ctx))
454 goto err; 456 goto err;
455 }
456 } 457 }
458 }
457 459
458 start=1; /* This is used to avoid multiplication etc 460 start = 1; /* This is used to avoid multiplication etc
459 * when there is only the value '1' in the 461 * when there is only the value '1' in the
460 * buffer. */ 462 * buffer. */
461 wvalue=0; /* The 'value' of the window */ 463 wvalue = 0; /* The 'value' of the window */
462 wstart=bits-1; /* The top bit of the window */ 464 wstart = bits - 1; /* The top bit of the window */
463 wend=0; /* The bottom bit of the window */ 465 wend = 0; /* The bottom bit of the window */
464 466
465 if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err; 467 if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
466 for (;;) 468 goto err;
467 { 469 for (;;) {
468 if (BN_is_bit_set(p,wstart) == 0) 470 if (BN_is_bit_set(p, wstart) == 0) {
469 { 471 if (!start) {
470 if (!start) 472 if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
471 { 473 goto err;
472 if (!BN_mod_mul_montgomery(r,r,r,mont,ctx)) 474 }
473 goto err; 475 if (wstart == 0)
474 } 476 break;
475 if (wstart == 0) break;
476 wstart--; 477 wstart--;
477 continue; 478 continue;
478 } 479 }
479 /* We now have wstart on a 'set' bit, we now need to work out 480 /* We now have wstart on a 'set' bit, we now need to work out
480 * how bit a window to do. To do this we need to scan 481 * how bit a window to do. To do this we need to scan
481 * forward until the last set bit before the end of the 482 * forward until the last set bit before the end of the
482 * window */ 483 * window */
483 j=wstart; 484 j = wstart;
484 wvalue=1; 485 wvalue = 1;
485 wend=0; 486 wend = 0;
486 for (i=1; i<window; i++) 487 for (i = 1; i < window; i++) {
487 { 488 if (wstart - i < 0)
488 if (wstart-i < 0) break; 489 break;
489 if (BN_is_bit_set(p,wstart-i)) 490 if (BN_is_bit_set(p, wstart - i)) {
490 { 491 wvalue <<= (i - wend);
491 wvalue<<=(i-wend); 492 wvalue |= 1;
492 wvalue|=1; 493 wend = i;
493 wend=i;
494 }
495 } 494 }
495 }
496 496
497 /* wend is the size of the current window */ 497 /* wend is the size of the current window */
498 j=wend+1; 498 j = wend + 1;
499 /* add the 'bytes above' */ 499 /* add the 'bytes above' */
500 if (!start) 500 if (!start)
501 for (i=0; i<j; i++) 501 for (i = 0; i < j; i++) {
502 { 502 if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
503 if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
504 goto err; 503 goto err;
505 } 504 }
506 505
507 /* wvalue will be an odd number < 2^window */ 506 /* wvalue will be an odd number < 2^window */
508 if (!BN_mod_mul_montgomery(r,r,val[wvalue>>1],mont,ctx)) 507 if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx))
509 goto err; 508 goto err;
510 509
511 /* move the 'window' down further */ 510 /* move the 'window' down further */
512 wstart-=wend+1; 511 wstart -= wend + 1;
513 wvalue=0; 512 wvalue = 0;
514 start=0; 513 start = 0;
515 if (wstart < 0) break; 514 if (wstart < 0)
516 } 515 break;
517 if (!BN_from_montgomery(rr,r,mont,ctx)) goto err; 516 }
518 ret=1; 517 if (!BN_from_montgomery(rr, r,mont, ctx))
518 goto err;
519 ret = 1;
520
519err: 521err:
520 if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); 522 if ((in_mont == NULL) && (mont != NULL))
523 BN_MONT_CTX_free(mont);
521 BN_CTX_end(ctx); 524 BN_CTX_end(ctx);
522 bn_check_top(rr); 525 bn_check_top(rr);
523 return(ret); 526 return (ret);
524 } 527}
525 528
526 529
527/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout 530/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout
@@ -529,36 +532,38 @@ err:
529 * as cache lines are concerned. The following functions are used to transfer a BIGNUM 532 * as cache lines are concerned. The following functions are used to transfer a BIGNUM
530 * from/to that table. */ 533 * from/to that table. */
531 534
532static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top, unsigned char *buf, int idx, int width) 535static int
533 { 536MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top, unsigned char *buf,
537 int idx, int width)
538{
534 size_t i, j; 539 size_t i, j;
535 540
536 if (top > b->top) 541 if (top > b->top)
537 top = b->top; /* this works because 'buf' is explicitly zeroed */ 542 top = b->top; /* this works because 'buf' is explicitly zeroed */
538 for (i = 0, j=idx; i < top * sizeof b->d[0]; i++, j+=width) 543 for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
539 {
540 buf[j] = ((unsigned char*)b->d)[i]; 544 buf[j] = ((unsigned char*)b->d)[i];
541 } 545 }
542 546
543 return 1; 547 return 1;
544 } 548}
545 549
546static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width) 550static int
547 { 551MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx,
552 int width)
553{
548 size_t i, j; 554 size_t i, j;
549 555
550 if (bn_wexpand(b, top) == NULL) 556 if (bn_wexpand(b, top) == NULL)
551 return 0; 557 return 0;
552 558
553 for (i=0, j=idx; i < top * sizeof b->d[0]; i++, j+=width) 559 for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
554 {
555 ((unsigned char*)b->d)[i] = buf[j]; 560 ((unsigned char*)b->d)[i] = buf[j];
556 } 561 }
557 562
558 b->top = top; 563 b->top = top;
559 bn_correct_top(b); 564 bn_correct_top(b);
560 return 1; 565 return 1;
561 } 566}
562 567
563/* Given a pointer value, compute the next address that is a cache line multiple. */ 568/* Given a pointer value, compute the next address that is a cache line multiple. */
564#define MOD_EXP_CTIME_ALIGN(x_) \ 569#define MOD_EXP_CTIME_ALIGN(x_) \
@@ -570,17 +575,17 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf
570 * pointed out by Colin Percival, 575 * pointed out by Colin Percival,
571 * http://www.daemonology.net/hyperthreading-considered-harmful/) 576 * http://www.daemonology.net/hyperthreading-considered-harmful/)
572 */ 577 */
573int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, 578int
574 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) 579BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
575 { 580 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
576 int i,bits,ret=0,window,wvalue; 581{
582 int i, bits, ret = 0, window, wvalue;
577 int top; 583 int top;
578 BN_MONT_CTX *mont=NULL; 584 BN_MONT_CTX *mont = NULL;
579
580 int numPowers; 585 int numPowers;
581 unsigned char *powerbufFree=NULL; 586 unsigned char *powerbufFree = NULL;
582 int powerbufLen = 0; 587 int powerbufLen = 0;
583 unsigned char *powerbuf=NULL; 588 unsigned char *powerbuf = NULL;
584 BIGNUM tmp, am; 589 BIGNUM tmp, am;
585 590
586 bn_check_top(a); 591 bn_check_top(a);
@@ -589,17 +594,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
589 594
590 top = m->top; 595 top = m->top;
591 596
592 if (!(m->d[0] & 1)) 597 if (!(m->d[0] & 1)) {
593 { 598 BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,
594 BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,BN_R_CALLED_WITH_EVEN_MODULUS); 599 BN_R_CALLED_WITH_EVEN_MODULUS);
595 return(0); 600 return (0);
596 } 601 }
597 bits=BN_num_bits(p); 602 bits = BN_num_bits(p);
598 if (bits == 0) 603 if (bits == 0) {
599 {
600 ret = BN_one(rr); 604 ret = BN_one(rr);
601 return ret; 605 return ret;
602 } 606 }
603 607
604 BN_CTX_start(ctx); 608 BN_CTX_start(ctx);
605 609
@@ -607,33 +611,37 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
607 * If this is not done, things will break in the montgomery part. 611 * If this is not done, things will break in the montgomery part.
608 */ 612 */
609 if (in_mont != NULL) 613 if (in_mont != NULL)
610 mont=in_mont; 614 mont = in_mont;
611 else 615 else {
612 { 616 if ((mont = BN_MONT_CTX_new()) == NULL)
613 if ((mont=BN_MONT_CTX_new()) == NULL) goto err; 617 goto err;
614 if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; 618 if (!BN_MONT_CTX_set(mont, m, ctx))
615 } 619 goto err;
620 }
616 621
617 /* Get the window size to use with size of p. */ 622 /* Get the window size to use with size of p. */
618 window = BN_window_bits_for_ctime_exponent_size(bits); 623 window = BN_window_bits_for_ctime_exponent_size(bits);
619#if defined(OPENSSL_BN_ASM_MONT5) 624#if defined(OPENSSL_BN_ASM_MONT5)
620 if (window==6 && bits<=1024) window=5; /* ~5% improvement of 2048-bit RSA sign */ 625 if (window == 6 && bits <= 1024)
626 window = 5; /* ~5% improvement of 2048-bit RSA sign */
621#endif 627#endif
622 628
623 /* Allocate a buffer large enough to hold all of the pre-computed 629 /* Allocate a buffer large enough to hold all of the pre-computed
624 * powers of am, am itself and tmp. 630 * powers of am, am itself and tmp.
625 */ 631 */
626 numPowers = 1 << window; 632 numPowers = 1 << window;
627 powerbufLen = sizeof(m->d[0])*(top*numPowers + 633 powerbufLen = sizeof(m->d[0]) * (top * numPowers +
628 ((2*top)>numPowers?(2*top):numPowers)); 634 ((2*top) > numPowers ? (2*top) : numPowers));
629#ifdef alloca 635#ifdef alloca
630 if (powerbufLen < 3072) 636 if (powerbufLen < 3072)
631 powerbufFree = alloca(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH); 637 powerbufFree = alloca(powerbufLen +
638 MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
632 else 639 else
633#endif 640#endif
634 if ((powerbufFree=(unsigned char*)malloc(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL) 641 if ((powerbufFree = (unsigned char*)malloc(powerbufLen +
642 MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
635 goto err; 643 goto err;
636 644
637 powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree); 645 powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
638 memset(powerbuf, 0, powerbufLen); 646 memset(powerbuf, 0, powerbufLen);
639 647
@@ -643,196 +651,213 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
643#endif 651#endif
644 652
645 /* lay down tmp and am right after powers table */ 653 /* lay down tmp and am right after powers table */
646 tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0])*top*numPowers); 654 tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers);
647 am.d = tmp.d + top; 655 am.d = tmp.d + top;
648 tmp.top = am.top = 0; 656 tmp.top = am.top = 0;
649 tmp.dmax = am.dmax = top; 657 tmp.dmax = am.dmax = top;
650 tmp.neg = am.neg = 0; 658 tmp.neg = am.neg = 0;
651 tmp.flags = am.flags = BN_FLG_STATIC_DATA; 659 tmp.flags = am.flags = BN_FLG_STATIC_DATA;
652 660
653 /* prepare a^0 in Montgomery domain */ 661 /* prepare a^0 in Montgomery domain */
654#if 1 662#if 1
655 if (!BN_to_montgomery(&tmp,BN_value_one(),mont,ctx)) goto err; 663 if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx))
664 goto err;
656#else 665#else
657 tmp.d[0] = (0-m->d[0])&BN_MASK2; /* 2^(top*BN_BITS2) - m */ 666 tmp.d[0] = (0 - m - >d[0]) & BN_MASK2; /* 2^(top*BN_BITS2) - m */
658 for (i=1;i<top;i++) 667 for (i = 1; i < top; i++)
659 tmp.d[i] = (~m->d[i])&BN_MASK2; 668 tmp.d[i] = (~m->d[i]) & BN_MASK2;
660 tmp.top = top; 669 tmp.top = top;
661#endif 670#endif
662 671
663 /* prepare a^1 in Montgomery domain */ 672 /* prepare a^1 in Montgomery domain */
664 if (a->neg || BN_ucmp(a,m) >= 0) 673 if (a->neg || BN_ucmp(a, m) >= 0) {
665 { 674 if (!BN_mod(&am, a,m, ctx))
666 if (!BN_mod(&am,a,m,ctx)) goto err; 675 goto err;
667 if (!BN_to_montgomery(&am,&am,mont,ctx)) goto err; 676 if (!BN_to_montgomery(&am, &am, mont, ctx))
668 } 677 goto err;
669 else if (!BN_to_montgomery(&am,a,mont,ctx)) goto err; 678 } else if (!BN_to_montgomery(&am, a,mont, ctx))
679 goto err;
670 680
671#if defined(OPENSSL_BN_ASM_MONT5) 681#if defined(OPENSSL_BN_ASM_MONT5)
672 /* This optimization uses ideas from http://eprint.iacr.org/2011/239, 682 /* This optimization uses ideas from http://eprint.iacr.org/2011/239,
673 * specifically optimization of cache-timing attack countermeasures 683 * specifically optimization of cache-timing attack countermeasures
674 * and pre-computation optimization. */ 684 * and pre-computation optimization. */
675 685
676 /* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as 686 /* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
677 * 512-bit RSA is hardly relevant, we omit it to spare size... */ 687 * 512-bit RSA is hardly relevant, we omit it to spare size... */
678 if (window==5) 688 if (window == 5) {
679 { 689 void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
680 void bn_mul_mont_gather5(BN_ULONG *rp,const BN_ULONG *ap, 690 const void *table, const BN_ULONG *np,
681 const void *table,const BN_ULONG *np, 691 const BN_ULONG *n0, int num, int power);
682 const BN_ULONG *n0,int num,int power); 692 void bn_scatter5(const BN_ULONG *inp, size_t num,
683 void bn_scatter5(const BN_ULONG *inp,size_t num, 693 void *table, size_t power);
684 void *table,size_t power); 694 void bn_gather5(BN_ULONG *out, size_t num,
685 void bn_gather5(BN_ULONG *out,size_t num, 695 void *table, size_t power);
686 void *table,size_t power); 696
687 697 BN_ULONG *np = mont->N.d, *n0 = mont->n0;
688 BN_ULONG *np=mont->N.d, *n0=mont->n0; 698
689 699 /* BN_to_montgomery can contaminate words above .top
690 /* BN_to_montgomery can contaminate words above .top 700 * [in BN_DEBUG[_DEBUG] build]... */
691 * [in BN_DEBUG[_DEBUG] build]... */ 701 for (i = am.top; i < top; i++)
692 for (i=am.top; i<top; i++) am.d[i]=0; 702 am.d[i] = 0;
693 for (i=tmp.top; i<top; i++) tmp.d[i]=0; 703 for (i = tmp.top; i < top; i++)
694 704 tmp.d[i] = 0;
695 bn_scatter5(tmp.d,top,powerbuf,0); 705
696 bn_scatter5(am.d,am.top,powerbuf,1); 706 bn_scatter5(tmp.d, top, powerbuf, 0);
697 bn_mul_mont(tmp.d,am.d,am.d,np,n0,top); 707 bn_scatter5(am.d, am.top, powerbuf, 1);
698 bn_scatter5(tmp.d,top,powerbuf,2); 708 bn_mul_mont(tmp.d, am.d, am.d, np, n0, top);
709 bn_scatter5(tmp.d, top, powerbuf, 2);
699 710
700#if 0 711#if 0
701 for (i=3; i<32; i++) 712 for (i = 3; i < 32; i++) {
702 { 713 /* Calculate a^i = a^(i-1) * a */
703 /* Calculate a^i = a^(i-1) * a */ 714 bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np,
704 bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1); 715 n0, top, i - 1);
705 bn_scatter5(tmp.d,top,powerbuf,i); 716 bn_scatter5(tmp.d, top, powerbuf, i);
706 } 717 }
707#else 718#else
708 /* same as above, but uses squaring for 1/2 of operations */ 719 /* same as above, but uses squaring for 1/2 of operations */
709 for (i=4; i<32; i*=2) 720 for (i = 4; i < 32; i*=2) {
710 { 721 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
711 bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top); 722 bn_scatter5(tmp.d, top, powerbuf, i);
712 bn_scatter5(tmp.d,top,powerbuf,i);
713 } 723 }
714 for (i=3; i<8; i+=2) 724 for (i = 3; i < 8; i += 2) {
715 { 725 int j;
716 int j; 726 bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np,
717 bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1); 727 n0, top, i - 1);
718 bn_scatter5(tmp.d,top,powerbuf,i); 728 bn_scatter5(tmp.d, top, powerbuf, i);
719 for (j=2*i; j<32; j*=2) 729 for (j = 2 * i; j < 32; j *= 2) {
720 { 730 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
721 bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top); 731 bn_scatter5(tmp.d, top, powerbuf, j);
722 bn_scatter5(tmp.d,top,powerbuf,j);
723 } 732 }
724 } 733 }
725 for (; i<16; i+=2) 734 for (; i < 16; i += 2) {
726 { 735 bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np,
727 bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1); 736 n0, top, i - 1);
728 bn_scatter5(tmp.d,top,powerbuf,i); 737 bn_scatter5(tmp.d, top, powerbuf, i);
729 bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top); 738 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
730 bn_scatter5(tmp.d,top,powerbuf,2*i); 739 bn_scatter5(tmp.d, top, powerbuf, 2*i);
731 } 740 }
732 for (; i<32; i+=2) 741 for (; i < 32; i += 2) {
733 { 742 bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np,
734 bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1); 743 n0, top, i - 1);
735 bn_scatter5(tmp.d,top,powerbuf,i); 744 bn_scatter5(tmp.d, top, powerbuf, i);
736 } 745 }
737#endif 746#endif
738 bits--; 747 bits--;
739 for (wvalue=0, i=bits%5; i>=0; i--,bits--) 748 for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--)
740 wvalue = (wvalue<<1)+BN_is_bit_set(p,bits); 749 wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
741 bn_gather5(tmp.d,top,powerbuf,wvalue); 750 bn_gather5(tmp.d, top, powerbuf, wvalue);
742 751
743 /* Scan the exponent one window at a time starting from the most 752 /* Scan the exponent one window at a time starting from the most
744 * significant bits. 753 * significant bits.
745 */ 754 */
746 while (bits >= 0) 755 while (bits >= 0) {
747 { 756 for (wvalue = 0, i = 0; i < 5; i++, bits--)
748 for (wvalue=0, i=0; i<5; i++,bits--) 757 wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
749 wvalue = (wvalue<<1)+BN_is_bit_set(p,bits); 758
750 759 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
751 bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top); 760 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
752 bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top); 761 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
753 bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top); 762 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
754 bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top); 763 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
755 bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top); 764 bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top, wvalue);
756 bn_mul_mont_gather5(tmp.d,tmp.d,powerbuf,np,n0,top,wvalue);
757 } 765 }
758 766
759 tmp.top=top; 767 tmp.top = top;
760 bn_correct_top(&tmp); 768 bn_correct_top(&tmp);
761 } 769 } else
762 else
763#endif 770#endif
764 { 771 {
765 if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, numPowers)) goto err; 772 if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0,
766 if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, numPowers)) goto err; 773 numPowers))
774 goto err;
775 if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1,
776 numPowers))
777 goto err;
767 778
768 /* If the window size is greater than 1, then calculate 779 /* If the window size is greater than 1, then calculate
769 * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) 780 * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)
770 * (even powers could instead be computed as (a^(i/2))^2 781 * (even powers could instead be computed as (a^(i/2))^2
771 * to use the slight performance advantage of sqr over mul). 782 * to use the slight performance advantage of sqr over mul).
772 */ 783 */
773 if (window > 1) 784 if (window > 1) {
774 { 785 if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
775 if (!BN_mod_mul_montgomery(&tmp,&am,&am,mont,ctx)) goto err; 786 goto err;
776 if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2, numPowers)) goto err; 787 if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf,
777 for (i=3; i<numPowers; i++) 788 2, numPowers))
778 {
779 /* Calculate a^i = a^(i-1) * a */
780 if (!BN_mod_mul_montgomery(&tmp,&am,&tmp,mont,ctx))
781 goto err; 789 goto err;
782 if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i, numPowers)) goto err; 790 for (i = 3; i < numPowers; i++) {
791 /* Calculate a^i = a^(i-1) * a */
792 if (!BN_mod_mul_montgomery(&tmp, &am, &tmp,
793 mont, ctx))
794 goto err;
795 if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top,
796 powerbuf, i, numPowers))
797 goto err;
783 } 798 }
784 } 799 }
785 800
786 bits--; 801 bits--;
787 for (wvalue=0, i=bits%window; i>=0; i--,bits--) 802 for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
788 wvalue = (wvalue<<1)+BN_is_bit_set(p,bits); 803 wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
789 if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp,top,powerbuf,wvalue,numPowers)) goto err; 804 if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf,
790 805 wvalue, numPowers))
791 /* Scan the exponent one window at a time starting from the most 806 goto err;
792 * significant bits. 807
793 */ 808 /* Scan the exponent one window at a time starting from the most
794 while (bits >= 0) 809 * significant bits.
795 { 810 */
796 wvalue=0; /* The 'value' of the window */ 811 while (bits >= 0) {
797 812 wvalue = 0; /* The 'value' of the window */
798 /* Scan the window, squaring the result as we go */ 813
799 for (i=0; i<window; i++,bits--) 814 /* Scan the window, squaring the result as we go */
800 { 815 for (i = 0; i < window; i++, bits--) {
801 if (!BN_mod_mul_montgomery(&tmp,&tmp,&tmp,mont,ctx)) goto err; 816 if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp,
802 wvalue = (wvalue<<1)+BN_is_bit_set(p,bits); 817 mont, ctx))
803 } 818 goto err;
804 819 wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
805 /* Fetch the appropriate pre-computed value from the pre-buf */ 820 }
806 if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue, numPowers)) goto err; 821
807 822 /* Fetch the appropriate pre-computed value from the pre-buf */
808 /* Multiply the result into the intermediate result */ 823 if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf,
809 if (!BN_mod_mul_montgomery(&tmp,&tmp,&am,mont,ctx)) goto err; 824 wvalue, numPowers))
810 } 825 goto err;
826
827 /* Multiply the result into the intermediate result */
828 if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx))
829 goto err;
830 }
811 } 831 }
812 832
813 /* Convert the final result from montgomery to standard format */ 833 /* Convert the final result from montgomery to standard format */
814 if (!BN_from_montgomery(rr,&tmp,mont,ctx)) goto err; 834 if (!BN_from_montgomery(rr, &tmp, mont, ctx))
815 ret=1; 835 goto err;
836 ret = 1;
837
816err: 838err:
817 if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); 839 if ((in_mont == NULL) && (mont != NULL))
818 if (powerbuf!=NULL) 840 BN_MONT_CTX_free(mont);
819 { 841 if (powerbuf != NULL) {
820 OPENSSL_cleanse(powerbuf,powerbufLen); 842 OPENSSL_cleanse(powerbuf, powerbufLen);
821 if (powerbufFree) free(powerbufFree); 843 if (powerbufFree)
822 } 844 free(powerbufFree);
823 BN_CTX_end(ctx);
824 return(ret);
825 } 845 }
846 BN_CTX_end(ctx);
847 return (ret);
848}
826 849
827int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, 850int
828 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) 851BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, const BIGNUM *m,
829 { 852 BN_CTX *ctx, BN_MONT_CTX *in_mont)
853{
830 BN_MONT_CTX *mont = NULL; 854 BN_MONT_CTX *mont = NULL;
831 int b, bits, ret=0; 855 int b, bits, ret = 0;
832 int r_is_one; 856 int r_is_one;
833 BN_ULONG w, next_w; 857 BN_ULONG w, next_w;
834 BIGNUM *d, *r, *t; 858 BIGNUM *d, *r, *t;
835 BIGNUM *swap_tmp; 859 BIGNUM *swap_tmp;
860
836#define BN_MOD_MUL_WORD(r, w, m) \ 861#define BN_MOD_MUL_WORD(r, w, m) \
837 (BN_mul_word(r, (w)) && \ 862 (BN_mul_word(r, (w)) && \
838 (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \ 863 (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \
@@ -848,50 +873,48 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
848#define BN_TO_MONTGOMERY_WORD(r, w, mont) \ 873#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
849 (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) 874 (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
850 875
851 if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) 876 if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
852 {
853 /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ 877 /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
854 BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 878 BNerr(BN_F_BN_MOD_EXP_MONT_WORD,
879 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
855 return -1; 880 return -1;
856 } 881 }
857 882
858 bn_check_top(p); 883 bn_check_top(p);
859 bn_check_top(m); 884 bn_check_top(m);
860 885
861 if (!BN_is_odd(m)) 886 if (!BN_is_odd(m)) {
862 { 887 BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS);
863 BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS); 888 return (0);
864 return(0); 889 }
865 }
866 if (m->top == 1) 890 if (m->top == 1)
867 a %= m->d[0]; /* make sure that 'a' is reduced */ 891 a %= m->d[0]; /* make sure that 'a' is reduced */
868 892 bits = BN_num_bits(p);
869 bits = BN_num_bits(p); 893 if (bits == 0) {
870 if (bits == 0)
871 {
872 ret = BN_one(rr); 894 ret = BN_one(rr);
873 return ret; 895 return ret;
874 } 896 }
875 if (a == 0) 897 if (a == 0) {
876 {
877 BN_zero(rr); 898 BN_zero(rr);
878 ret = 1; 899 ret = 1;
879 return ret; 900 return ret;
880 } 901 }
881 902
882 BN_CTX_start(ctx); 903 BN_CTX_start(ctx);
883 d = BN_CTX_get(ctx); 904 d = BN_CTX_get(ctx);
884 r = BN_CTX_get(ctx); 905 r = BN_CTX_get(ctx);
885 t = BN_CTX_get(ctx); 906 t = BN_CTX_get(ctx);
886 if (d == NULL || r == NULL || t == NULL) goto err; 907 if (d == NULL || r == NULL || t == NULL)
908 goto err;
887 909
888 if (in_mont != NULL) 910 if (in_mont != NULL)
889 mont=in_mont; 911 mont = in_mont;
890 else 912 else {
891 { 913 if ((mont = BN_MONT_CTX_new()) == NULL)
892 if ((mont = BN_MONT_CTX_new()) == NULL) goto err; 914 goto err;
893 if (!BN_MONT_CTX_set(mont, m, ctx)) goto err; 915 if (!BN_MONT_CTX_set(mont, m, ctx))
894 } 916 goto err;
917 }
895 918
896 r_is_one = 1; /* except for Montgomery factor */ 919 r_is_one = 1; /* except for Montgomery factor */
897 920
@@ -899,194 +922,189 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
899 922
900 /* The result is accumulated in the product r*w. */ 923 /* The result is accumulated in the product r*w. */
901 w = a; /* bit 'bits-1' of 'p' is always set */ 924 w = a; /* bit 'bits-1' of 'p' is always set */
902 for (b = bits-2; b >= 0; b--) 925 for (b = bits - 2; b >= 0; b--) {
903 {
904 /* First, square r*w. */ 926 /* First, square r*w. */
905 next_w = w*w; 927 next_w = w * w;
906 if ((next_w/w) != w) /* overflow */ 928 if ((next_w / w) != w) /* overflow */
907 { 929 {
908 if (r_is_one) 930 if (r_is_one) {
909 { 931 if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
910 if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; 932 goto err;
911 r_is_one = 0; 933 r_is_one = 0;
912 } 934 } else {
913 else 935 if (!BN_MOD_MUL_WORD(r, w, m))
914 { 936 goto err;
915 if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
916 }
917 next_w = 1;
918 } 937 }
938 next_w = 1;
939 }
919 w = next_w; 940 w = next_w;
920 if (!r_is_one) 941 if (!r_is_one) {
921 { 942 if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
922 if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err; 943 goto err;
923 } 944 }
924 945
925 /* Second, multiply r*w by 'a' if exponent bit is set. */ 946 /* Second, multiply r*w by 'a' if exponent bit is set. */
926 if (BN_is_bit_set(p, b)) 947 if (BN_is_bit_set(p, b)) {
948 next_w = w * a;
949 if ((next_w / a) != w) /* overflow */
927 { 950 {
928 next_w = w*a; 951 if (r_is_one) {
929 if ((next_w/a) != w) /* overflow */ 952 if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
930 { 953 goto err;
931 if (r_is_one)
932 {
933 if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
934 r_is_one = 0; 954 r_is_one = 0;
935 } 955 } else {
936 else 956 if (!BN_MOD_MUL_WORD(r, w, m))
937 { 957 goto err;
938 if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
939 }
940 next_w = a;
941 } 958 }
942 w = next_w; 959 next_w = a;
943 } 960 }
961 w = next_w;
944 } 962 }
963 }
945 964
946 /* Finally, set r:=r*w. */ 965 /* Finally, set r:=r*w. */
947 if (w != 1) 966 if (w != 1) {
948 { 967 if (r_is_one) {
949 if (r_is_one) 968 if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
950 { 969 goto err;
951 if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
952 r_is_one = 0; 970 r_is_one = 0;
953 } 971 } else {
954 else 972 if (!BN_MOD_MUL_WORD(r, w, m))
955 { 973 goto err;
956 if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
957 }
958 } 974 }
975 }
959 976
960 if (r_is_one) /* can happen only if a == 1*/ 977 if (r_is_one) /* can happen only if a == 1*/
961 { 978 {
962 if (!BN_one(rr)) goto err; 979 if (!BN_one(rr))
963 } 980 goto err;
964 else 981 } else {
965 { 982 if (!BN_from_montgomery(rr, r, mont, ctx))
966 if (!BN_from_montgomery(rr, r, mont, ctx)) goto err; 983 goto err;
967 } 984 }
968 ret = 1; 985 ret = 1;
986
969err: 987err:
970 if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); 988 if ((in_mont == NULL) && (mont != NULL))
989 BN_MONT_CTX_free(mont);
971 BN_CTX_end(ctx); 990 BN_CTX_end(ctx);
972 bn_check_top(rr); 991 bn_check_top(rr);
973 return(ret); 992 return (ret);
974 } 993}
975 994
976 995
977/* The old fallback, simple version :-) */ 996/* The old fallback, simple version :-) */
978int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 997int
979 const BIGNUM *m, BN_CTX *ctx) 998BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
980 { 999 BN_CTX *ctx)
981 int i,j,bits,ret=0,wstart,wend,window,wvalue; 1000{
982 int start=1; 1001 int i, j,bits, ret = 0, wstart, wend, window, wvalue;
1002 int start = 1;
983 BIGNUM *d; 1003 BIGNUM *d;
984 /* Table of variables obtained from 'ctx' */ 1004 /* Table of variables obtained from 'ctx' */
985 BIGNUM *val[TABLE_SIZE]; 1005 BIGNUM *val[TABLE_SIZE];
986 1006
987 if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) 1007 if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
988 {
989 /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ 1008 /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
990 BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1009 BNerr(BN_F_BN_MOD_EXP_SIMPLE,
1010 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
991 return -1; 1011 return -1;
992 } 1012 }
993 1013
994 bits=BN_num_bits(p); 1014 bits = BN_num_bits(p);
995 1015
996 if (bits == 0) 1016 if (bits == 0) {
997 {
998 ret = BN_one(r); 1017 ret = BN_one(r);
999 return ret; 1018 return ret;
1000 } 1019 }
1001 1020
1002 BN_CTX_start(ctx); 1021 BN_CTX_start(ctx);
1003 d = BN_CTX_get(ctx); 1022 d = BN_CTX_get(ctx);
1004 val[0] = BN_CTX_get(ctx); 1023 val[0] = BN_CTX_get(ctx);
1005 if(!d || !val[0]) goto err; 1024 if (!d || !val[0])
1025 goto err;
1006 1026
1007 if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */ 1027 if (!BN_nnmod(val[0],a,m,ctx))
1008 if (BN_is_zero(val[0])) 1028 goto err; /* 1 */
1009 { 1029 if (BN_is_zero(val[0])) {
1010 BN_zero(r); 1030 BN_zero(r);
1011 ret = 1; 1031 ret = 1;
1012 goto err; 1032 goto err;
1013 } 1033 }
1014 1034
1015 window = BN_window_bits_for_exponent_size(bits); 1035 window = BN_window_bits_for_exponent_size(bits);
1016 if (window > 1) 1036 if (window > 1) {
1017 { 1037 if (!BN_mod_mul(d, val[0], val[0], m, ctx))
1018 if (!BN_mod_mul(d,val[0],val[0],m,ctx))
1019 goto err; /* 2 */ 1038 goto err; /* 2 */
1020 j=1<<(window-1); 1039 j = 1 << (window - 1);
1021 for (i=1; i<j; i++) 1040 for (i = 1; i < j; i++) {
1022 { 1041 if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
1023 if(((val[i] = BN_CTX_get(ctx)) == NULL) || 1042 !BN_mod_mul(val[i], val[i - 1], d,m, ctx))
1024 !BN_mod_mul(val[i],val[i-1],d,m,ctx))
1025 goto err; 1043 goto err;
1026 }
1027 } 1044 }
1045 }
1028 1046
1029 start=1; /* This is used to avoid multiplication etc 1047 start = 1; /* This is used to avoid multiplication etc
1030 * when there is only the value '1' in the 1048 * when there is only the value '1' in the
1031 * buffer. */ 1049 * buffer. */
1032 wvalue=0; /* The 'value' of the window */ 1050 wvalue = 0; /* The 'value' of the window */
1033 wstart=bits-1; /* The top bit of the window */ 1051 wstart = bits - 1; /* The top bit of the window */
1034 wend=0; /* The bottom bit of the window */ 1052 wend = 0; /* The bottom bit of the window */
1035 1053
1036 if (!BN_one(r)) goto err; 1054 if (!BN_one(r))
1055 goto err;
1037 1056
1038 for (;;) 1057 for (;;) {
1039 { 1058 if (BN_is_bit_set(p, wstart) == 0) {
1040 if (BN_is_bit_set(p,wstart) == 0)
1041 {
1042 if (!start) 1059 if (!start)
1043 if (!BN_mod_mul(r,r,r,m,ctx)) 1060 if (!BN_mod_mul(r, r, r, m, ctx))
1044 goto err; 1061 goto err;
1045 if (wstart == 0) break; 1062 if (wstart == 0)
1063 break;
1046 wstart--; 1064 wstart--;
1047 continue; 1065 continue;
1048 } 1066 }
1049 /* We now have wstart on a 'set' bit, we now need to work out 1067 /* We now have wstart on a 'set' bit, we now need to work out
1050 * how bit a window to do. To do this we need to scan 1068 * how bit a window to do. To do this we need to scan
1051 * forward until the last set bit before the end of the 1069 * forward until the last set bit before the end of the
1052 * window */ 1070 * window */
1053 j=wstart; 1071 j = wstart;
1054 wvalue=1; 1072 wvalue = 1;
1055 wend=0; 1073 wend = 0;
1056 for (i=1; i<window; i++) 1074 for (i = 1; i < window; i++) {
1057 { 1075 if (wstart - i < 0)
1058 if (wstart-i < 0) break; 1076 break;
1059 if (BN_is_bit_set(p,wstart-i)) 1077 if (BN_is_bit_set(p, wstart - i)) {
1060 { 1078 wvalue <<= (i - wend);
1061 wvalue<<=(i-wend); 1079 wvalue |= 1;
1062 wvalue|=1; 1080 wend = i;
1063 wend=i;
1064 }
1065 } 1081 }
1082 }
1066 1083
1067 /* wend is the size of the current window */ 1084 /* wend is the size of the current window */
1068 j=wend+1; 1085 j = wend + 1;
1069 /* add the 'bytes above' */ 1086 /* add the 'bytes above' */
1070 if (!start) 1087 if (!start)
1071 for (i=0; i<j; i++) 1088 for (i = 0; i < j; i++) {
1072 { 1089 if (!BN_mod_mul(r, r, r, m, ctx))
1073 if (!BN_mod_mul(r,r,r,m,ctx))
1074 goto err; 1090 goto err;
1075 } 1091 }
1076 1092
1077 /* wvalue will be an odd number < 2^window */ 1093 /* wvalue will be an odd number < 2^window */
1078 if (!BN_mod_mul(r,r,val[wvalue>>1],m,ctx)) 1094 if (!BN_mod_mul(r, r, val[wvalue >> 1], m, ctx))
1079 goto err; 1095 goto err;
1080 1096
1081 /* move the 'window' down further */ 1097 /* move the 'window' down further */
1082 wstart-=wend+1; 1098 wstart -= wend + 1;
1083 wvalue=0; 1099 wvalue = 0;
1084 start=0; 1100 start = 0;
1085 if (wstart < 0) break; 1101 if (wstart < 0)
1086 } 1102 break;
1087 ret=1; 1103 }
1104 ret = 1;
1105
1088err: 1106err:
1089 BN_CTX_end(ctx); 1107 BN_CTX_end(ctx);
1090 bn_check_top(r); 1108 bn_check_top(r);
1091 return(ret); 1109 return (ret);
1092 } 1110}
diff --git a/src/lib/libcrypto/bn/bn_exp2.c b/src/lib/libcrypto/bn/bn_exp2.c
index bd0c34b91b..d3d3d978bd 100644
--- a/src/lib/libcrypto/bn/bn_exp2.c
+++ b/src/lib/libcrypto/bn/bn_exp2.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
63 * are met: 63 * are met:
64 * 64 *
65 * 1. Redistributions of source code must retain the above copyright 65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer. 66 * notice, this list of conditions and the following disclaimer.
67 * 67 *
68 * 2. Redistributions in binary form must reproduce the above copyright 68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in 69 * notice, this list of conditions and the following disclaimer in
@@ -115,17 +115,18 @@
115 115
116#define TABLE_SIZE 32 116#define TABLE_SIZE 32
117 117
118int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, 118int
119 const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, 119BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
120 BN_CTX *ctx, BN_MONT_CTX *in_mont) 120 const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, BN_CTX *ctx,
121 { 121 BN_MONT_CTX *in_mont)
122 int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2; 122{
123 int r_is_one=1; 123 int i, j, bits, b, bits1, bits2, ret = 0, wpos1, wpos2, window1, window2, wvalue1, wvalue2;
124 BIGNUM *d,*r; 124 int r_is_one = 1;
125 BIGNUM *d, *r;
125 const BIGNUM *a_mod_m; 126 const BIGNUM *a_mod_m;
126 /* Tables of variables obtained from 'ctx' */ 127 /* Tables of variables obtained from 'ctx' */
127 BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE]; 128 BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
128 BN_MONT_CTX *mont=NULL; 129 BN_MONT_CTX *mont = NULL;
129 130
130 bn_check_top(a1); 131 bn_check_top(a1);
131 bn_check_top(p1); 132 bn_check_top(p1);
@@ -133,35 +134,35 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
133 bn_check_top(p2); 134 bn_check_top(p2);
134 bn_check_top(m); 135 bn_check_top(m);
135 136
136 if (!(m->d[0] & 1)) 137 if (!(m->d[0] & 1)) {
137 { 138 BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
138 BNerr(BN_F_BN_MOD_EXP2_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); 139 return (0);
139 return(0); 140 }
140 } 141 bits1 = BN_num_bits(p1);
141 bits1=BN_num_bits(p1); 142 bits2 = BN_num_bits(p2);
142 bits2=BN_num_bits(p2); 143 if ((bits1 == 0) && (bits2 == 0)) {
143 if ((bits1 == 0) && (bits2 == 0))
144 {
145 ret = BN_one(rr); 144 ret = BN_one(rr);
146 return ret; 145 return ret;
147 } 146 }
148 147
149 bits=(bits1 > bits2)?bits1:bits2; 148 bits = (bits1 > bits2) ? bits1 : bits2;
150 149
151 BN_CTX_start(ctx); 150 BN_CTX_start(ctx);
152 d = BN_CTX_get(ctx); 151 d = BN_CTX_get(ctx);
153 r = BN_CTX_get(ctx); 152 r = BN_CTX_get(ctx);
154 val1[0] = BN_CTX_get(ctx); 153 val1[0] = BN_CTX_get(ctx);
155 val2[0] = BN_CTX_get(ctx); 154 val2[0] = BN_CTX_get(ctx);
156 if(!d || !r || !val1[0] || !val2[0]) goto err; 155 if (!d || !r || !val1[0] || !val2[0])
156 goto err;
157 157
158 if (in_mont != NULL) 158 if (in_mont != NULL)
159 mont=in_mont; 159 mont = in_mont;
160 else 160 else {
161 { 161 if ((mont = BN_MONT_CTX_new()) == NULL)
162 if ((mont=BN_MONT_CTX_new()) == NULL) goto err; 162 goto err;
163 if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; 163 if (!BN_MONT_CTX_set(mont, m, ctx))
164 } 164 goto err;
165 }
165 166
166 window1 = BN_window_bits_for_exponent_size(bits1); 167 window1 = BN_window_bits_for_exponent_size(bits1);
167 window2 = BN_window_bits_for_exponent_size(bits2); 168 window2 = BN_window_bits_for_exponent_size(bits2);
@@ -169,144 +170,135 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
169 /* 170 /*
170 * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1) 171 * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1)
171 */ 172 */
172 if (a1->neg || BN_ucmp(a1,m) >= 0) 173 if (a1->neg || BN_ucmp(a1, m) >= 0) {
173 { 174 if (!BN_mod(val1[0], a1, m, ctx))
174 if (!BN_mod(val1[0],a1,m,ctx))
175 goto err; 175 goto err;
176 a_mod_m = val1[0]; 176 a_mod_m = val1[0];
177 } 177 } else
178 else
179 a_mod_m = a1; 178 a_mod_m = a1;
180 if (BN_is_zero(a_mod_m)) 179 if (BN_is_zero(a_mod_m)) {
181 {
182 BN_zero(rr); 180 BN_zero(rr);
183 ret = 1; 181 ret = 1;
184 goto err; 182 goto err;
185 } 183 }
186 184
187 if (!BN_to_montgomery(val1[0],a_mod_m,mont,ctx)) goto err; 185 if (!BN_to_montgomery(val1[0], a_mod_m, mont, ctx))
188 if (window1 > 1) 186 goto err;
189 { 187 if (window1 > 1) {
190 if (!BN_mod_mul_montgomery(d,val1[0],val1[0],mont,ctx)) goto err; 188 if (!BN_mod_mul_montgomery(d, val1[0], val1[0], mont, ctx))
189 goto err;
191 190
192 j=1<<(window1-1); 191 j = 1 << (window1 - 1);
193 for (i=1; i<j; i++) 192 for (i = 1; i < j; i++) {
194 { 193 if (((val1[i] = BN_CTX_get(ctx)) == NULL) ||
195 if(((val1[i] = BN_CTX_get(ctx)) == NULL) || 194 !BN_mod_mul_montgomery(val1[i], val1[i - 1],
196 !BN_mod_mul_montgomery(val1[i],val1[i-1], 195 d, mont, ctx))
197 d,mont,ctx))
198 goto err; 196 goto err;
199 }
200 } 197 }
198 }
201 199
202 200
203 /* 201 /*
204 * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1) 202 * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1)
205 */ 203 */
206 if (a2->neg || BN_ucmp(a2,m) >= 0) 204 if (a2->neg || BN_ucmp(a2, m) >= 0) {
207 { 205 if (!BN_mod(val2[0], a2, m, ctx))
208 if (!BN_mod(val2[0],a2,m,ctx))
209 goto err; 206 goto err;
210 a_mod_m = val2[0]; 207 a_mod_m = val2[0];
211 } 208 } else
212 else
213 a_mod_m = a2; 209 a_mod_m = a2;
214 if (BN_is_zero(a_mod_m)) 210 if (BN_is_zero(a_mod_m)) {
215 {
216 BN_zero(rr); 211 BN_zero(rr);
217 ret = 1; 212 ret = 1;
218 goto err; 213 goto err;
219 } 214 }
220 if (!BN_to_montgomery(val2[0],a_mod_m,mont,ctx)) goto err; 215 if (!BN_to_montgomery(val2[0], a_mod_m, mont, ctx))
221 if (window2 > 1) 216 goto err;
222 { 217 if (window2 > 1) {
223 if (!BN_mod_mul_montgomery(d,val2[0],val2[0],mont,ctx)) goto err; 218 if (!BN_mod_mul_montgomery(d, val2[0], val2[0], mont, ctx))
219 goto err;
224 220
225 j=1<<(window2-1); 221 j = 1 << (window2 - 1);
226 for (i=1; i<j; i++) 222 for (i = 1; i < j; i++) {
227 { 223 if (((val2[i] = BN_CTX_get(ctx)) == NULL) ||
228 if(((val2[i] = BN_CTX_get(ctx)) == NULL) || 224 !BN_mod_mul_montgomery(val2[i], val2[i - 1],
229 !BN_mod_mul_montgomery(val2[i],val2[i-1], 225 d, mont, ctx))
230 d,mont,ctx))
231 goto err; 226 goto err;
232 }
233 } 227 }
228 }
234 229
235 230
236 /* Now compute the power product, using independent windows. */ 231 /* Now compute the power product, using independent windows. */
237 r_is_one=1; 232 r_is_one = 1;
238 wvalue1=0; /* The 'value' of the first window */ 233 wvalue1 = 0; /* The 'value' of the first window */
239 wvalue2=0; /* The 'value' of the second window */ 234 wvalue2 = 0; /* The 'value' of the second window */
240 wpos1=0; /* If wvalue1 > 0, the bottom bit of the first window */ 235 wpos1 = 0; /* If wvalue1 > 0, the bottom bit of the first window */
241 wpos2=0; /* If wvalue2 > 0, the bottom bit of the second window */ 236 wpos2 = 0; /* If wvalue2 > 0, the bottom bit of the second window */
242 237
243 if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err; 238 if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
244 for (b=bits-1; b>=0; b--) 239 goto err;
245 { 240 for (b = bits - 1; b >= 0; b--) {
246 if (!r_is_one) 241 if (!r_is_one) {
247 { 242 if (!BN_mod_mul_montgomery(r, r,r, mont, ctx))
248 if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
249 goto err; 243 goto err;
250 } 244 }
251 245
252 if (!wvalue1) 246 if (!wvalue1)
253 if (BN_is_bit_set(p1, b)) 247 if (BN_is_bit_set(p1, b)) {
254 { 248 /* consider bits b-window1+1 .. b for this window */
255 /* consider bits b-window1+1 .. b for this window */ 249 i = b - window1 + 1;
256 i = b-window1+1; 250 while (!BN_is_bit_set(p1, i)) /* works for i<0 */
257 while (!BN_is_bit_set(p1, i)) /* works for i<0 */ 251 i++;
258 i++; 252 wpos1 = i;
259 wpos1 = i; 253 wvalue1 = 1;
260 wvalue1 = 1; 254 for (i = b - 1; i >= wpos1; i--) {
261 for (i = b-1; i >= wpos1; i--) 255 wvalue1 <<= 1;
262 { 256 if (BN_is_bit_set(p1, i))
263 wvalue1 <<= 1; 257 wvalue1++;
264 if (BN_is_bit_set(p1, i)) 258 }
265 wvalue1++; 259 }
266 } 260
267 }
268
269 if (!wvalue2) 261 if (!wvalue2)
270 if (BN_is_bit_set(p2, b)) 262 if (BN_is_bit_set(p2, b)) {
271 { 263 /* consider bits b-window2+1 .. b for this window */
272 /* consider bits b-window2+1 .. b for this window */ 264 i = b - window2 + 1;
273 i = b-window2+1; 265 while (!BN_is_bit_set(p2, i))
274 while (!BN_is_bit_set(p2, i)) 266 i++;
275 i++; 267 wpos2 = i;
276 wpos2 = i; 268 wvalue2 = 1;
277 wvalue2 = 1; 269 for (i = b - 1; i >= wpos2; i--) {
278 for (i = b-1; i >= wpos2; i--) 270 wvalue2 <<= 1;
279 { 271 if (BN_is_bit_set(p2, i))
280 wvalue2 <<= 1; 272 wvalue2++;
281 if (BN_is_bit_set(p2, i)) 273 }
282 wvalue2++; 274 }
283 }
284 }
285 275
286 if (wvalue1 && b == wpos1) 276 if (wvalue1 && b == wpos1) {
287 {
288 /* wvalue1 is odd and < 2^window1 */ 277 /* wvalue1 is odd and < 2^window1 */
289 if (!BN_mod_mul_montgomery(r,r,val1[wvalue1>>1],mont,ctx)) 278 if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1],
279 mont, ctx))
290 goto err; 280 goto err;
291 wvalue1 = 0; 281 wvalue1 = 0;
292 r_is_one = 0; 282 r_is_one = 0;
293 } 283 }
294 284
295 if (wvalue2 && b == wpos2) 285 if (wvalue2 && b == wpos2) {
296 {
297 /* wvalue2 is odd and < 2^window2 */ 286 /* wvalue2 is odd and < 2^window2 */
298 if (!BN_mod_mul_montgomery(r,r,val2[wvalue2>>1],mont,ctx)) 287 if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1],
288 mont, ctx))
299 goto err; 289 goto err;
300 wvalue2 = 0; 290 wvalue2 = 0;
301 r_is_one = 0; 291 r_is_one = 0;
302 }
303 } 292 }
304 if (!BN_from_montgomery(rr,r,mont,ctx)) 293 }
294 if (!BN_from_montgomery(rr, r,mont, ctx))
305 goto err; 295 goto err;
306 ret=1; 296 ret = 1;
297
307err: 298err:
308 if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); 299 if ((in_mont == NULL) && (mont != NULL))
300 BN_MONT_CTX_free(mont);
309 BN_CTX_end(ctx); 301 BN_CTX_end(ctx);
310 bn_check_top(rr); 302 bn_check_top(rr);
311 return(ret); 303 return (ret);
312 } 304}
diff --git a/src/lib/libcrypto/bn/bn_gcd.c b/src/lib/libcrypto/bn/bn_gcd.c
index a808f53178..18f2812368 100644
--- a/src/lib/libcrypto/bn/bn_gcd.c
+++ b/src/lib/libcrypto/bn/bn_gcd.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
63 * are met: 63 * are met:
64 * 64 *
65 * 1. Redistributions of source code must retain the above copyright 65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer. 66 * notice, this list of conditions and the following disclaimer.
67 * 67 *
68 * 2. Redistributions in binary form must reproduce the above copyright 68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in 69 * notice, this list of conditions and the following disclaimer in
@@ -114,10 +114,11 @@
114 114
115static BIGNUM *euclid(BIGNUM *a, BIGNUM *b); 115static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
116 116
117int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) 117int
118 { 118BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
119 BIGNUM *a,*b,*t; 119{
120 int ret=0; 120 BIGNUM *a, *b, *t;
121 int ret = 0;
121 122
122 bn_check_top(in_a); 123 bn_check_top(in_a);
123 bn_check_top(in_b); 124 bn_check_top(in_b);
@@ -125,98 +126,121 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
125 BN_CTX_start(ctx); 126 BN_CTX_start(ctx);
126 a = BN_CTX_get(ctx); 127 a = BN_CTX_get(ctx);
127 b = BN_CTX_get(ctx); 128 b = BN_CTX_get(ctx);
128 if (a == NULL || b == NULL) goto err; 129 if (a == NULL || b == NULL)
130 goto err;
129 131
130 if (BN_copy(a,in_a) == NULL) goto err; 132 if (BN_copy(a, in_a) == NULL)
131 if (BN_copy(b,in_b) == NULL) goto err; 133 goto err;
134 if (BN_copy(b, in_b) == NULL)
135 goto err;
132 a->neg = 0; 136 a->neg = 0;
133 b->neg = 0; 137 b->neg = 0;
134 138
135 if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; } 139 if (BN_cmp(a, b) < 0) {
136 t=euclid(a,b); 140 t = a;
137 if (t == NULL) goto err; 141 a = b;
142 b = t;
143 }
144 t = euclid(a, b);
145 if (t == NULL)
146 goto err;
147
148 if (BN_copy(r, t) == NULL)
149 goto err;
150 ret = 1;
138 151
139 if (BN_copy(r,t) == NULL) goto err;
140 ret=1;
141err: 152err:
142 BN_CTX_end(ctx); 153 BN_CTX_end(ctx);
143 bn_check_top(r); 154 bn_check_top(r);
144 return(ret); 155 return (ret);
145 } 156}
146 157
147static BIGNUM *euclid(BIGNUM *a, BIGNUM *b) 158static BIGNUM *
148 { 159euclid(BIGNUM *a, BIGNUM *b)
160{
149 BIGNUM *t; 161 BIGNUM *t;
150 int shifts=0; 162 int shifts = 0;
151 163
152 bn_check_top(a); 164 bn_check_top(a);
153 bn_check_top(b); 165 bn_check_top(b);
154 166
155 /* 0 <= b <= a */ 167 /* 0 <= b <= a */
156 while (!BN_is_zero(b)) 168 while (!BN_is_zero(b)) {
157 {
158 /* 0 < b <= a */ 169 /* 0 < b <= a */
159 170
160 if (BN_is_odd(a)) 171 if (BN_is_odd(a)) {
161 { 172 if (BN_is_odd(b)) {
162 if (BN_is_odd(b)) 173 if (!BN_sub(a, a, b))
163 { 174 goto err;
164 if (!BN_sub(a,a,b)) goto err; 175 if (!BN_rshift1(a, a))
165 if (!BN_rshift1(a,a)) goto err; 176 goto err;
166 if (BN_cmp(a,b) < 0) 177 if (BN_cmp(a, b) < 0) {
167 { t=a; a=b; b=t; } 178 t = a;
179 a = b;
180 b = t;
168 } 181 }
182 }
169 else /* a odd - b even */ 183 else /* a odd - b even */
170 { 184 {
171 if (!BN_rshift1(b,b)) goto err; 185 if (!BN_rshift1(b, b))
172 if (BN_cmp(a,b) < 0) 186 goto err;
173 { t=a; a=b; b=t; } 187 if (BN_cmp(a, b) < 0) {
188 t = a;
189 a = b;
190 b = t;
174 } 191 }
175 } 192 }
193 }
176 else /* a is even */ 194 else /* a is even */
177 { 195 {
178 if (BN_is_odd(b)) 196 if (BN_is_odd(b)) {
179 { 197 if (!BN_rshift1(a, a))
180 if (!BN_rshift1(a,a)) goto err; 198 goto err;
181 if (BN_cmp(a,b) < 0) 199 if (BN_cmp(a, b) < 0) {
182 { t=a; a=b; b=t; } 200 t = a;
201 a = b;
202 b = t;
183 } 203 }
204 }
184 else /* a even - b even */ 205 else /* a even - b even */
185 { 206 {
186 if (!BN_rshift1(a,a)) goto err; 207 if (!BN_rshift1(a, a))
187 if (!BN_rshift1(b,b)) goto err; 208 goto err;
209 if (!BN_rshift1(b, b))
210 goto err;
188 shifts++; 211 shifts++;
189 }
190 } 212 }
191 /* 0 <= b <= a */
192 } 213 }
214 /* 0 <= b <= a */
215 }
193 216
194 if (shifts) 217 if (shifts) {
195 { 218 if (!BN_lshift(a, a, shifts))
196 if (!BN_lshift(a,a,shifts)) goto err; 219 goto err;
197 } 220 }
198 bn_check_top(a); 221 bn_check_top(a);
199 return(a); 222 return (a);
223
200err: 224err:
201 return(NULL); 225 return (NULL);
202 } 226}
203 227
204 228
205/* solves ax == 1 (mod n) */ 229/* solves ax == 1 (mod n) */
206static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, 230static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a,
207 const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); 231 const BIGNUM *n, BN_CTX *ctx);
208 232
209BIGNUM *BN_mod_inverse(BIGNUM *in, 233BIGNUM *
210 const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) 234BN_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
211 { 235{
212 BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL; 236 BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
213 BIGNUM *ret=NULL; 237 BIGNUM *ret = NULL;
214 int sign; 238 int sign;
215 239
216 if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) 240 if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) ||
217 { 241 (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) {
218 return BN_mod_inverse_no_branch(in, a, n, ctx); 242 return BN_mod_inverse_no_branch(in, a, n, ctx);
219 } 243 }
220 244
221 bn_check_top(a); 245 bn_check_top(a);
222 bn_check_top(n); 246 bn_check_top(n);
@@ -229,23 +253,27 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
229 M = BN_CTX_get(ctx); 253 M = BN_CTX_get(ctx);
230 Y = BN_CTX_get(ctx); 254 Y = BN_CTX_get(ctx);
231 T = BN_CTX_get(ctx); 255 T = BN_CTX_get(ctx);
232 if (T == NULL) goto err; 256 if (T == NULL)
257 goto err;
233 258
234 if (in == NULL) 259 if (in == NULL)
235 R=BN_new(); 260 R = BN_new();
236 else 261 else
237 R=in; 262 R = in;
238 if (R == NULL) goto err; 263 if (R == NULL)
264 goto err;
239 265
240 BN_one(X); 266 BN_one(X);
241 BN_zero(Y); 267 BN_zero(Y);
242 if (BN_copy(B,a) == NULL) goto err; 268 if (BN_copy(B, a) == NULL)
243 if (BN_copy(A,n) == NULL) goto err; 269 goto err;
270 if (BN_copy(A, n) == NULL)
271 goto err;
244 A->neg = 0; 272 A->neg = 0;
245 if (B->neg || (BN_ucmp(B, A) >= 0)) 273 if (B->neg || (BN_ucmp(B, A) >= 0)) {
246 { 274 if (!BN_nnmod(B, B, A, ctx))
247 if (!BN_nnmod(B, B, A, ctx)) goto err; 275 goto err;
248 } 276 }
249 sign = -1; 277 sign = -1;
250 /* From B = a mod |n|, A = |n| it follows that 278 /* From B = a mod |n|, A = |n| it follows that
251 * 279 *
@@ -254,16 +282,14 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
254 * sign*Y*a == A (mod |n|). 282 * sign*Y*a == A (mod |n|).
255 */ 283 */
256 284
257 if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) 285 if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) {
258 {
259 /* Binary inversion algorithm; requires odd modulus. 286 /* Binary inversion algorithm; requires odd modulus.
260 * This is faster than the general algorithm if the modulus 287 * This is faster than the general algorithm if the modulus
261 * is sufficiently small (about 400 .. 500 bits on 32-bit 288 * is sufficiently small (about 400 .. 500 bits on 32-bit
262 * sytems, but much more on 64-bit systems) */ 289 * sytems, but much more on 64-bit systems) */
263 int shift; 290 int shift;
264 291
265 while (!BN_is_zero(B)) 292 while (!BN_is_zero(B)) {
266 {
267 /* 293 /*
268 * 0 < B < |n|, 294 * 0 < B < |n|,
269 * 0 < A <= |n|, 295 * 0 < A <= |n|,
@@ -276,41 +302,43 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
276 * When we're done, (1) still holds. */ 302 * When we're done, (1) still holds. */
277 shift = 0; 303 shift = 0;
278 while (!BN_is_bit_set(B, shift)) /* note that 0 < B */ 304 while (!BN_is_bit_set(B, shift)) /* note that 0 < B */
279 { 305 {
280 shift++; 306 shift++;
281 307
282 if (BN_is_odd(X)) 308 if (BN_is_odd(X)) {
283 { 309 if (!BN_uadd(X, X, n))
284 if (!BN_uadd(X, X, n)) goto err; 310 goto err;
285 }
286 /* now X is even, so we can easily divide it by two */
287 if (!BN_rshift1(X, X)) goto err;
288 }
289 if (shift > 0)
290 {
291 if (!BN_rshift(B, B, shift)) goto err;
292 } 311 }
312 /* now X is even, so we can easily divide it by two */
313 if (!BN_rshift1(X, X))
314 goto err;
315 }
316 if (shift > 0) {
317 if (!BN_rshift(B, B, shift))
318 goto err;
319 }
293 320
294 321
295 /* Same for A and Y. Afterwards, (2) still holds. */ 322 /* Same for A and Y. Afterwards, (2) still holds. */
296 shift = 0; 323 shift = 0;
297 while (!BN_is_bit_set(A, shift)) /* note that 0 < A */ 324 while (!BN_is_bit_set(A, shift)) /* note that 0 < A */
298 { 325 {
299 shift++; 326 shift++;
300 327
301 if (BN_is_odd(Y)) 328 if (BN_is_odd(Y)) {
302 { 329 if (!BN_uadd(Y, Y, n))
303 if (!BN_uadd(Y, Y, n)) goto err; 330 goto err;
304 }
305 /* now Y is even */
306 if (!BN_rshift1(Y, Y)) goto err;
307 }
308 if (shift > 0)
309 {
310 if (!BN_rshift(A, A, shift)) goto err;
311 } 331 }
332 /* now Y is even */
333 if (!BN_rshift1(Y, Y))
334 goto err;
335 }
336 if (shift > 0) {
337 if (!BN_rshift(A, A, shift))
338 goto err;
339 }
340
312 341
313
314 /* We still have (1) and (2). 342 /* We still have (1) and (2).
315 * Both A and B are odd. 343 * Both A and B are odd.
316 * The following computations ensure that 344 * The following computations ensure that
@@ -322,91 +350,87 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
322 * 350 *
323 * and that either A or B is even in the next iteration. 351 * and that either A or B is even in the next iteration.
324 */ 352 */
325 if (BN_ucmp(B, A) >= 0) 353 if (BN_ucmp(B, A) >= 0) {
326 {
327 /* -sign*(X + Y)*a == B - A (mod |n|) */ 354 /* -sign*(X + Y)*a == B - A (mod |n|) */
328 if (!BN_uadd(X, X, Y)) goto err; 355 if (!BN_uadd(X, X, Y))
356 goto err;
329 /* NB: we could use BN_mod_add_quick(X, X, Y, n), but that 357 /* NB: we could use BN_mod_add_quick(X, X, Y, n), but that
330 * actually makes the algorithm slower */ 358 * actually makes the algorithm slower */
331 if (!BN_usub(B, B, A)) goto err; 359 if (!BN_usub(B, B, A))
332 } 360 goto err;
333 else 361 } else {
334 {
335 /* sign*(X + Y)*a == A - B (mod |n|) */ 362 /* sign*(X + Y)*a == A - B (mod |n|) */
336 if (!BN_uadd(Y, Y, X)) goto err; 363 if (!BN_uadd(Y, Y, X))
364 goto err;
337 /* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */ 365 /* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */
338 if (!BN_usub(A, A, B)) goto err; 366 if (!BN_usub(A, A, B))
339 } 367 goto err;
340 } 368 }
341 } 369 }
342 else 370 } else {
343 {
344 /* general inversion algorithm */ 371 /* general inversion algorithm */
345 372
346 while (!BN_is_zero(B)) 373 while (!BN_is_zero(B)) {
347 {
348 BIGNUM *tmp; 374 BIGNUM *tmp;
349 375
350 /* 376 /*
351 * 0 < B < A, 377 * 0 < B < A,
352 * (*) -sign*X*a == B (mod |n|), 378 * (*) -sign*X*a == B (mod |n|),
353 * sign*Y*a == A (mod |n|) 379 * sign*Y*a == A (mod |n|)
354 */ 380 */
355 381
356 /* (D, M) := (A/B, A%B) ... */ 382 /* (D, M) := (A/B, A%B) ... */
357 if (BN_num_bits(A) == BN_num_bits(B)) 383 if (BN_num_bits(A) == BN_num_bits(B)) {
358 { 384 if (!BN_one(D))
359 if (!BN_one(D)) goto err; 385 goto err;
360 if (!BN_sub(M,A,B)) goto err; 386 if (!BN_sub(M, A, B))
361 } 387 goto err;
362 else if (BN_num_bits(A) == BN_num_bits(B) + 1) 388 } else if (BN_num_bits(A) == BN_num_bits(B) + 1) {
363 {
364 /* A/B is 1, 2, or 3 */ 389 /* A/B is 1, 2, or 3 */
365 if (!BN_lshift1(T,B)) goto err; 390 if (!BN_lshift1(T, B))
366 if (BN_ucmp(A,T) < 0) 391 goto err;
367 { 392 if (BN_ucmp(A, T) < 0) {
368 /* A < 2*B, so D=1 */ 393 /* A < 2*B, so D=1 */
369 if (!BN_one(D)) goto err; 394 if (!BN_one(D))
370 if (!BN_sub(M,A,B)) goto err; 395 goto err;
371 } 396 if (!BN_sub(M, A, B))
372 else 397 goto err;
373 { 398 } else {
374 /* A >= 2*B, so D=2 or D=3 */ 399 /* A >= 2*B, so D=2 or D=3 */
375 if (!BN_sub(M,A,T)) goto err; 400 if (!BN_sub(M, A, T))
401 goto err;
376 if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */ 402 if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */
377 if (BN_ucmp(A,D) < 0) 403 if (BN_ucmp(A, D) < 0) {
378 {
379 /* A < 3*B, so D=2 */ 404 /* A < 3*B, so D=2 */
380 if (!BN_set_word(D,2)) goto err; 405 if (!BN_set_word(D, 2))
406 goto err;
381 /* M (= A - 2*B) already has the correct value */ 407 /* M (= A - 2*B) already has the correct value */
382 } 408 } else {
383 else
384 {
385 /* only D=3 remains */ 409 /* only D=3 remains */
386 if (!BN_set_word(D,3)) goto err; 410 if (!BN_set_word(D, 3))
411 goto err;
387 /* currently M = A - 2*B, but we need M = A - 3*B */ 412 /* currently M = A - 2*B, but we need M = A - 3*B */
388 if (!BN_sub(M,M,B)) goto err; 413 if (!BN_sub(M, M, B))
389 } 414 goto err;
390 } 415 }
391 } 416 }
392 else 417 } else {
393 { 418 if (!BN_div(D, M, A, B, ctx))
394 if (!BN_div(D,M,A,B,ctx)) goto err; 419 goto err;
395 } 420 }
396 421
397 /* Now 422 /* Now
398 * A = D*B + M; 423 * A = D*B + M;
399 * thus we have 424 * thus we have
400 * (**) sign*Y*a == D*B + M (mod |n|). 425 * (**) sign*Y*a == D*B + M (mod |n|).
401 */ 426 */
402 427 tmp = A; /* keep the BIGNUM object, the value does not matter */
403 tmp=A; /* keep the BIGNUM object, the value does not matter */ 428
404
405 /* (A, B) := (B, A mod B) ... */ 429 /* (A, B) := (B, A mod B) ... */
406 A=B; 430 A = B;
407 B=M; 431 B = M;
408 /* ... so we have 0 <= B < A again */ 432 /* ... so we have 0 <= B < A again */
409 433
410 /* Since the former M is now B and the former B is now A, 434 /* Since the former M is now B and the former B is now A,
411 * (**) translates into 435 * (**) translates into
412 * sign*Y*a == D*A + B (mod |n|), 436 * sign*Y*a == D*A + B (mod |n|),
@@ -425,41 +449,38 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
425 * sign*Y*a == A (mod |n|). 449 * sign*Y*a == A (mod |n|).
426 * Note that X and Y stay non-negative all the time. 450 * Note that X and Y stay non-negative all the time.
427 */ 451 */
428 452
429 /* most of the time D is very small, so we can optimize tmp := D*X+Y */ 453 /* most of the time D is very small, so we can optimize tmp := D*X+Y */
430 if (BN_is_one(D)) 454 if (BN_is_one(D)) {
431 { 455 if (!BN_add(tmp, X, Y))
432 if (!BN_add(tmp,X,Y)) goto err; 456 goto err;
433 } 457 } else {
434 else 458 if (BN_is_word(D, 2)) {
435 { 459 if (!BN_lshift1(tmp, X))
436 if (BN_is_word(D,2)) 460 goto err;
437 { 461 } else if (BN_is_word(D, 4)) {
438 if (!BN_lshift1(tmp,X)) goto err; 462 if (!BN_lshift(tmp, X, 2))
439 } 463 goto err;
440 else if (BN_is_word(D,4)) 464 } else if (D->top == 1) {
441 { 465 if (!BN_copy(tmp, X))
442 if (!BN_lshift(tmp,X,2)) goto err; 466 goto err;
443 } 467 if (!BN_mul_word(tmp, D->d[0]))
444 else if (D->top == 1) 468 goto err;
445 { 469 } else {
446 if (!BN_copy(tmp,X)) goto err; 470 if (!BN_mul(tmp, D,X, ctx))
447 if (!BN_mul_word(tmp,D->d[0])) goto err; 471 goto err;
448 }
449 else
450 {
451 if (!BN_mul(tmp,D,X,ctx)) goto err;
452 }
453 if (!BN_add(tmp,tmp,Y)) goto err;
454 } 472 }
455 473 if (!BN_add(tmp, tmp, Y))
456 M=Y; /* keep the BIGNUM object, the value does not matter */ 474 goto err;
457 Y=X;
458 X=tmp;
459 sign = -sign;
460 } 475 }
476
477 M = Y; /* keep the BIGNUM object, the value does not matter */
478 Y = X;
479 X = tmp;
480 sign = -sign;
461 } 481 }
462 482 }
483
463 /* 484 /*
464 * The while loop (Euclid's algorithm) ends when 485 * The while loop (Euclid's algorithm) ends when
465 * A == gcd(a,n); 486 * A == gcd(a,n);
@@ -468,49 +489,47 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
468 * where Y is non-negative. 489 * where Y is non-negative.
469 */ 490 */
470 491
471 if (sign < 0) 492 if (sign < 0) {
472 { 493 if (!BN_sub(Y, n, Y))
473 if (!BN_sub(Y,n,Y)) goto err; 494 goto err;
474 } 495 }
475 /* Now Y*a == A (mod |n|). */ 496 /* Now Y*a == A (mod |n|). */
476
477 497
478 if (BN_is_one(A)) 498 if (BN_is_one(A)) {
479 {
480 /* Y*a == 1 (mod |n|) */ 499 /* Y*a == 1 (mod |n|) */
481 if (!Y->neg && BN_ucmp(Y,n) < 0) 500 if (!Y->neg && BN_ucmp(Y, n) < 0) {
482 { 501 if (!BN_copy(R, Y))
483 if (!BN_copy(R,Y)) goto err; 502 goto err;
484 } 503 } else {
485 else 504 if (!BN_nnmod(R, Y,n, ctx))
486 { 505 goto err;
487 if (!BN_nnmod(R,Y,n,ctx)) goto err;
488 }
489 } 506 }
490 else 507 } else {
491 { 508 BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
492 BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
493 goto err; 509 goto err;
494 } 510 }
495 ret=R; 511 ret = R;
512
496err: 513err:
497 if ((ret == NULL) && (in == NULL)) BN_free(R); 514 if ((ret == NULL) && (in == NULL))
515 BN_free(R);
498 BN_CTX_end(ctx); 516 BN_CTX_end(ctx);
499 bn_check_top(ret); 517 bn_check_top(ret);
500 return(ret); 518 return (ret);
501 } 519}
502 520
503 521
504/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse. 522/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse.
505 * It does not contain branches that may leak sensitive information. 523 * It does not contain branches that may leak sensitive information.
506 */ 524 */
507static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, 525static BIGNUM *
508 const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) 526BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n,
509 { 527 BN_CTX *ctx)
510 BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL; 528{
529 BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
511 BIGNUM local_A, local_B; 530 BIGNUM local_A, local_B;
512 BIGNUM *pA, *pB; 531 BIGNUM *pA, *pB;
513 BIGNUM *ret=NULL; 532 BIGNUM *ret = NULL;
514 int sign; 533 int sign;
515 534
516 bn_check_top(a); 535 bn_check_top(a);
@@ -524,29 +543,33 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
524 M = BN_CTX_get(ctx); 543 M = BN_CTX_get(ctx);
525 Y = BN_CTX_get(ctx); 544 Y = BN_CTX_get(ctx);
526 T = BN_CTX_get(ctx); 545 T = BN_CTX_get(ctx);
527 if (T == NULL) goto err; 546 if (T == NULL)
547 goto err;
528 548
529 if (in == NULL) 549 if (in == NULL)
530 R=BN_new(); 550 R = BN_new();
531 else 551 else
532 R=in; 552 R = in;
533 if (R == NULL) goto err; 553 if (R == NULL)
554 goto err;
534 555
535 BN_one(X); 556 BN_one(X);
536 BN_zero(Y); 557 BN_zero(Y);
537 if (BN_copy(B,a) == NULL) goto err; 558 if (BN_copy(B, a) == NULL)
538 if (BN_copy(A,n) == NULL) goto err; 559 goto err;
560 if (BN_copy(A, n) == NULL)
561 goto err;
539 A->neg = 0; 562 A->neg = 0;
540 563
541 if (B->neg || (BN_ucmp(B, A) >= 0)) 564 if (B->neg || (BN_ucmp(B, A) >= 0)) {
542 {
543 /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, 565 /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
544 * BN_div_no_branch will be called eventually. 566 * BN_div_no_branch will be called eventually.
545 */ 567 */
546 pB = &local_B; 568 pB = &local_B;
547 BN_with_flags(pB, B, BN_FLG_CONSTTIME); 569 BN_with_flags(pB, B, BN_FLG_CONSTTIME);
548 if (!BN_nnmod(B, pB, A, ctx)) goto err; 570 if (!BN_nnmod(B, pB, A, ctx))
549 } 571 goto err;
572 }
550 sign = -1; 573 sign = -1;
551 /* From B = a mod |n|, A = |n| it follows that 574 /* From B = a mod |n|, A = |n| it follows that
552 * 575 *
@@ -555,10 +578,9 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
555 * sign*Y*a == A (mod |n|). 578 * sign*Y*a == A (mod |n|).
556 */ 579 */
557 580
558 while (!BN_is_zero(B)) 581 while (!BN_is_zero(B)) {
559 {
560 BIGNUM *tmp; 582 BIGNUM *tmp;
561 583
562 /* 584 /*
563 * 0 < B < A, 585 * 0 < B < A,
564 * (*) -sign*X*a == B (mod |n|), 586 * (*) -sign*X*a == B (mod |n|),
@@ -569,24 +591,24 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
569 * BN_div_no_branch will be called eventually. 591 * BN_div_no_branch will be called eventually.
570 */ 592 */
571 pA = &local_A; 593 pA = &local_A;
572 BN_with_flags(pA, A, BN_FLG_CONSTTIME); 594 BN_with_flags(pA, A, BN_FLG_CONSTTIME);
573 595
574 /* (D, M) := (A/B, A%B) ... */ 596 /* (D, M) := (A/B, A%B) ... */
575 if (!BN_div(D,M,pA,B,ctx)) goto err; 597 if (!BN_div(D, M, pA, B, ctx))
576 598 goto err;
599
577 /* Now 600 /* Now
578 * A = D*B + M; 601 * A = D*B + M;
579 * thus we have 602 * thus we have
580 * (**) sign*Y*a == D*B + M (mod |n|). 603 * (**) sign*Y*a == D*B + M (mod |n|).
581 */ 604 */
582 605 tmp = A; /* keep the BIGNUM object, the value does not matter */
583 tmp=A; /* keep the BIGNUM object, the value does not matter */ 606
584
585 /* (A, B) := (B, A mod B) ... */ 607 /* (A, B) := (B, A mod B) ... */
586 A=B; 608 A = B;
587 B=M; 609 B = M;
588 /* ... so we have 0 <= B < A again */ 610 /* ... so we have 0 <= B < A again */
589 611
590 /* Since the former M is now B and the former B is now A, 612 /* Since the former M is now B and the former B is now A,
591 * (**) translates into 613 * (**) translates into
592 * sign*Y*a == D*A + B (mod |n|), 614 * sign*Y*a == D*A + B (mod |n|),
@@ -605,16 +627,18 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
605 * sign*Y*a == A (mod |n|). 627 * sign*Y*a == A (mod |n|).
606 * Note that X and Y stay non-negative all the time. 628 * Note that X and Y stay non-negative all the time.
607 */ 629 */
608
609 if (!BN_mul(tmp,D,X,ctx)) goto err;
610 if (!BN_add(tmp,tmp,Y)) goto err;
611 630
612 M=Y; /* keep the BIGNUM object, the value does not matter */ 631 if (!BN_mul(tmp, D, X, ctx))
613 Y=X; 632 goto err;
614 X=tmp; 633 if (!BN_add(tmp, tmp, Y))
634 goto err;
635
636 M = Y; /* keep the BIGNUM object, the value does not matter */
637 Y = X;
638 X = tmp;
615 sign = -sign; 639 sign = -sign;
616 } 640 }
617 641
618 /* 642 /*
619 * The while loop (Euclid's algorithm) ends when 643 * The while loop (Euclid's algorithm) ends when
620 * A == gcd(a,n); 644 * A == gcd(a,n);
@@ -623,33 +647,31 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
623 * where Y is non-negative. 647 * where Y is non-negative.
624 */ 648 */
625 649
626 if (sign < 0) 650 if (sign < 0) {
627 { 651 if (!BN_sub(Y, n, Y))
628 if (!BN_sub(Y,n,Y)) goto err; 652 goto err;
629 } 653 }
630 /* Now Y*a == A (mod |n|). */ 654 /* Now Y*a == A (mod |n|). */
631 655
632 if (BN_is_one(A)) 656 if (BN_is_one(A)) {
633 {
634 /* Y*a == 1 (mod |n|) */ 657 /* Y*a == 1 (mod |n|) */
635 if (!Y->neg && BN_ucmp(Y,n) < 0) 658 if (!Y->neg && BN_ucmp(Y, n) < 0) {
636 { 659 if (!BN_copy(R, Y))
637 if (!BN_copy(R,Y)) goto err; 660 goto err;
638 } 661 } else {
639 else 662 if (!BN_nnmod(R, Y, n, ctx))
640 { 663 goto err;
641 if (!BN_nnmod(R,Y,n,ctx)) goto err;
642 }
643 } 664 }
644 else 665 } else {
645 { 666 BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE);
646 BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH,BN_R_NO_INVERSE);
647 goto err; 667 goto err;
648 } 668 }
649 ret=R; 669 ret = R;
670
650err: 671err:
651 if ((ret == NULL) && (in == NULL)) BN_free(R); 672 if ((ret == NULL) && (in == NULL))
673 BN_free(R);
652 BN_CTX_end(ctx); 674 BN_CTX_end(ctx);
653 bn_check_top(ret); 675 bn_check_top(ret);
654 return(ret); 676 return (ret);
655 } 677}
diff --git a/src/lib/libcrypto/bn/bn_gf2m.c b/src/lib/libcrypto/bn/bn_gf2m.c
index a75c98ac0e..669f8c403e 100644
--- a/src/lib/libcrypto/bn/bn_gf2m.c
+++ b/src/lib/libcrypto/bn/bn_gf2m.c
@@ -42,7 +42,7 @@
42 * are met: 42 * are met:
43 * 43 *
44 * 1. Redistributions of source code must retain the above copyright 44 * 1. Redistributions of source code must retain the above copyright
45 * notice, this list of conditions and the following disclaimer. 45 * notice, this list of conditions and the following disclaimer.
46 * 46 *
47 * 2. Redistributions in binary form must reproduce the above copyright 47 * 2. Redistributions in binary form must reproduce the above copyright
48 * notice, this list of conditions and the following disclaimer in 48 * notice, this list of conditions and the following disclaimer in
@@ -100,8 +100,8 @@
100#define MAX_ITERATIONS 50 100#define MAX_ITERATIONS 50
101 101
102static const BN_ULONG SQR_tb[16] = 102static const BN_ULONG SQR_tb[16] =
103 { 0, 1, 4, 5, 16, 17, 20, 21, 103 { 0, 1, 4, 5, 16, 17, 20, 21,
104 64, 65, 68, 69, 80, 81, 84, 85 }; 10464, 65, 68, 69, 80, 81, 84, 85 };
105/* Platform-specific macros to accelerate squaring. */ 105/* Platform-specific macros to accelerate squaring. */
106#ifdef _LP64 106#ifdef _LP64
107#define SQR1(w) \ 107#define SQR1(w) \
@@ -129,126 +129,225 @@ static const BN_ULONG SQR_tb[16] =
129 * The caller MUST ensure that the variables have the right amount 129 * The caller MUST ensure that the variables have the right amount
130 * of space allocated. 130 * of space allocated.
131 */ 131 */
132static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b) 132static void
133 { 133bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
134{
134#ifndef _LP64 135#ifndef _LP64
135 register BN_ULONG h, l, s; 136 register BN_ULONG h, l, s;
136 BN_ULONG tab[8], top2b = a >> 30; 137 BN_ULONG tab[8], top2b = a >> 30;
137 register BN_ULONG a1, a2, a4; 138 register BN_ULONG a1, a2, a4;
138 139
139 a1 = a & (0x3FFFFFFF); a2 = a1 << 1; a4 = a2 << 1; 140 a1 = a & (0x3FFFFFFF);
140 141 a2 = a1 << 1;
141 tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2; 142 a4 = a2 << 1;
142 tab[4] = a4; tab[5] = a1^a4; tab[6] = a2^a4; tab[7] = a1^a2^a4; 143
143 144 tab[0] = 0;
144 s = tab[b & 0x7]; l = s; 145 tab[1] = a1;
145 s = tab[b >> 3 & 0x7]; l ^= s << 3; h = s >> 29; 146 tab[2] = a2;
146 s = tab[b >> 6 & 0x7]; l ^= s << 6; h ^= s >> 26; 147 tab[3] = a1 ^ a2;
147 s = tab[b >> 9 & 0x7]; l ^= s << 9; h ^= s >> 23; 148 tab[4] = a4;
148 s = tab[b >> 12 & 0x7]; l ^= s << 12; h ^= s >> 20; 149 tab[5] = a1 ^ a4;
149 s = tab[b >> 15 & 0x7]; l ^= s << 15; h ^= s >> 17; 150 tab[6] = a2 ^ a4;
150 s = tab[b >> 18 & 0x7]; l ^= s << 18; h ^= s >> 14; 151 tab[7] = a1 ^ a2 ^ a4;
151 s = tab[b >> 21 & 0x7]; l ^= s << 21; h ^= s >> 11; 152
152 s = tab[b >> 24 & 0x7]; l ^= s << 24; h ^= s >> 8; 153 s = tab[b & 0x7];
153 s = tab[b >> 27 & 0x7]; l ^= s << 27; h ^= s >> 5; 154 l = s;
154 s = tab[b >> 30 ]; l ^= s << 30; h ^= s >> 2; 155 s = tab[b >> 3 & 0x7];
156 l ^= s << 3;
157 h = s >> 29;
158 s = tab[b >> 6 & 0x7];
159 l ^= s << 6;
160 h ^= s >> 26;
161 s = tab[b >> 9 & 0x7];
162 l ^= s << 9;
163 h ^= s >> 23;
164 s = tab[b >> 12 & 0x7];
165 l ^= s << 12;
166 h ^= s >> 20;
167 s = tab[b >> 15 & 0x7];
168 l ^= s << 15;
169 h ^= s >> 17;
170 s = tab[b >> 18 & 0x7];
171 l ^= s << 18;
172 h ^= s >> 14;
173 s = tab[b >> 21 & 0x7];
174 l ^= s << 21;
175 h ^= s >> 11;
176 s = tab[b >> 24 & 0x7];
177 l ^= s << 24;
178 h ^= s >> 8;
179 s = tab[b >> 27 & 0x7];
180 l ^= s << 27;
181 h ^= s >> 5;
182 s = tab[b >> 30];
183 l ^= s << 30;
184 h ^= s >> 2;
155 185
156 /* compensate for the top two bits of a */ 186 /* compensate for the top two bits of a */
187 if (top2b & 01) {
188 l ^= b << 30;
189 h ^= b >> 2;
190 }
191 if (top2b & 02) {
192 l ^= b << 31;
193 h ^= b >> 1;
194 }
157 195
158 if (top2b & 01) { l ^= b << 30; h ^= b >> 2; } 196 *r1 = h;
159 if (top2b & 02) { l ^= b << 31; h ^= b >> 1; } 197 *r0 = l;
160
161 *r1 = h; *r0 = l;
162#else 198#else
163 register BN_ULONG h, l, s; 199 register BN_ULONG h, l, s;
164 BN_ULONG tab[16], top3b = a >> 61; 200 BN_ULONG tab[16], top3b = a >> 61;
165 register BN_ULONG a1, a2, a4, a8; 201 register BN_ULONG a1, a2, a4, a8;
166 202
167 a1 = a & (0x1FFFFFFFFFFFFFFFULL); a2 = a1 << 1; a4 = a2 << 1; a8 = a4 << 1; 203 a1 = a & (0x1FFFFFFFFFFFFFFFULL);
168 204 a2 = a1 << 1;
169 tab[ 0] = 0; tab[ 1] = a1; tab[ 2] = a2; tab[ 3] = a1^a2; 205 a4 = a2 << 1;
170 tab[ 4] = a4; tab[ 5] = a1^a4; tab[ 6] = a2^a4; tab[ 7] = a1^a2^a4; 206 a8 = a4 << 1;
171 tab[ 8] = a8; tab[ 9] = a1^a8; tab[10] = a2^a8; tab[11] = a1^a2^a8; 207
172 tab[12] = a4^a8; tab[13] = a1^a4^a8; tab[14] = a2^a4^a8; tab[15] = a1^a2^a4^a8; 208 tab[0] = 0;
173 209 tab[1] = a1;
174 s = tab[b & 0xF]; l = s; 210 tab[2] = a2;
175 s = tab[b >> 4 & 0xF]; l ^= s << 4; h = s >> 60; 211 tab[3] = a1 ^ a2;
176 s = tab[b >> 8 & 0xF]; l ^= s << 8; h ^= s >> 56; 212 tab[4] = a4;
177 s = tab[b >> 12 & 0xF]; l ^= s << 12; h ^= s >> 52; 213 tab[5] = a1 ^ a4;
178 s = tab[b >> 16 & 0xF]; l ^= s << 16; h ^= s >> 48; 214 tab[6] = a2 ^ a4;
179 s = tab[b >> 20 & 0xF]; l ^= s << 20; h ^= s >> 44; 215 tab[7] = a1 ^ a2 ^ a4;
180 s = tab[b >> 24 & 0xF]; l ^= s << 24; h ^= s >> 40; 216 tab[8] = a8;
181 s = tab[b >> 28 & 0xF]; l ^= s << 28; h ^= s >> 36; 217 tab[9] = a1 ^ a8;
182 s = tab[b >> 32 & 0xF]; l ^= s << 32; h ^= s >> 32; 218 tab[10] = a2 ^ a8;
183 s = tab[b >> 36 & 0xF]; l ^= s << 36; h ^= s >> 28; 219 tab[11] = a1 ^ a2 ^ a8;
184 s = tab[b >> 40 & 0xF]; l ^= s << 40; h ^= s >> 24; 220 tab[12] = a4 ^ a8;
185 s = tab[b >> 44 & 0xF]; l ^= s << 44; h ^= s >> 20; 221 tab[13] = a1 ^ a4 ^ a8;
186 s = tab[b >> 48 & 0xF]; l ^= s << 48; h ^= s >> 16; 222 tab[14] = a2 ^ a4 ^ a8;
187 s = tab[b >> 52 & 0xF]; l ^= s << 52; h ^= s >> 12; 223 tab[15] = a1 ^ a2 ^ a4 ^ a8;
188 s = tab[b >> 56 & 0xF]; l ^= s << 56; h ^= s >> 8; 224
189 s = tab[b >> 60 ]; l ^= s << 60; h ^= s >> 4; 225 s = tab[b & 0xF];
226 l = s;
227 s = tab[b >> 4 & 0xF];
228 l ^= s << 4;
229 h = s >> 60;
230 s = tab[b >> 8 & 0xF];
231 l ^= s << 8;
232 h ^= s >> 56;
233 s = tab[b >> 12 & 0xF];
234 l ^= s << 12;
235 h ^= s >> 52;
236 s = tab[b >> 16 & 0xF];
237 l ^= s << 16;
238 h ^= s >> 48;
239 s = tab[b >> 20 & 0xF];
240 l ^= s << 20;
241 h ^= s >> 44;
242 s = tab[b >> 24 & 0xF];
243 l ^= s << 24;
244 h ^= s >> 40;
245 s = tab[b >> 28 & 0xF];
246 l ^= s << 28;
247 h ^= s >> 36;
248 s = tab[b >> 32 & 0xF];
249 l ^= s << 32;
250 h ^= s >> 32;
251 s = tab[b >> 36 & 0xF];
252 l ^= s << 36;
253 h ^= s >> 28;
254 s = tab[b >> 40 & 0xF];
255 l ^= s << 40;
256 h ^= s >> 24;
257 s = tab[b >> 44 & 0xF];
258 l ^= s << 44;
259 h ^= s >> 20;
260 s = tab[b >> 48 & 0xF];
261 l ^= s << 48;
262 h ^= s >> 16;
263 s = tab[b >> 52 & 0xF];
264 l ^= s << 52;
265 h ^= s >> 12;
266 s = tab[b >> 56 & 0xF];
267 l ^= s << 56;
268 h ^= s >> 8;
269 s = tab[b >> 60];
270 l ^= s << 60;
271 h ^= s >> 4;
190 272
191 /* compensate for the top three bits of a */ 273 /* compensate for the top three bits of a */
274 if (top3b & 01) {
275 l ^= b << 61;
276 h ^= b >> 3;
277 }
278 if (top3b & 02) {
279 l ^= b << 62;
280 h ^= b >> 2;
281 }
282 if (top3b & 04) {
283 l ^= b << 63;
284 h ^= b >> 1;
285 }
192 286
193 if (top3b & 01) { l ^= b << 61; h ^= b >> 3; } 287 *r1 = h;
194 if (top3b & 02) { l ^= b << 62; h ^= b >> 2; } 288 *r0 = l;
195 if (top3b & 04) { l ^= b << 63; h ^= b >> 1; }
196
197 *r1 = h; *r0 = l;
198#endif 289#endif
199 } 290}
200 291
201/* Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1, 292/* Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1,
202 * result is a polynomial r with degree < 4 * BN_BITS2 - 1 293 * result is a polynomial r with degree < 4 * BN_BITS2 - 1
203 * The caller MUST ensure that the variables have the right amount 294 * The caller MUST ensure that the variables have the right amount
204 * of space allocated. 295 * of space allocated.
205 */ 296 */
206static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, const BN_ULONG b1, const BN_ULONG b0) 297static void
207 { 298bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0,
299 const BN_ULONG b1, const BN_ULONG b0)
300{
208 BN_ULONG m1, m0; 301 BN_ULONG m1, m0;
302
209 /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */ 303 /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */
210 bn_GF2m_mul_1x1(r+3, r+2, a1, b1); 304 bn_GF2m_mul_1x1(r + 3, r + 2, a1, b1);
211 bn_GF2m_mul_1x1(r+1, r, a0, b0); 305 bn_GF2m_mul_1x1(r + 1, r, a0, b0);
212 bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1); 306 bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);
213 /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */ 307 /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */
214 r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */ 308 r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */
215 r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */ 309 r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */
216 } 310}
217#else 311#else
218void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1, BN_ULONG b0); 312void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1,
219#endif 313 BN_ULONG b0);
314#endif
220 315
221/* Add polynomials a and b and store result in r; r could be a or b, a and b 316/* Add polynomials a and b and store result in r; r could be a or b, a and b
222 * could be equal; r is the bitwise XOR of a and b. 317 * could be equal; r is the bitwise XOR of a and b.
223 */ 318 */
224int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) 319int
225 { 320BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
321{
226 int i; 322 int i;
227 const BIGNUM *at, *bt; 323 const BIGNUM *at, *bt;
228 324
229 bn_check_top(a); 325 bn_check_top(a);
230 bn_check_top(b); 326 bn_check_top(b);
231 327
232 if (a->top < b->top) { at = b; bt = a; } 328 if (a->top < b->top) {
233 else { at = a; bt = b; } 329 at = b;
330 bt = a;
331 } else {
332 at = a;
333 bt = b;
334 }
234 335
235 if(bn_wexpand(r, at->top) == NULL) 336 if (bn_wexpand(r, at->top) == NULL)
236 return 0; 337 return 0;
237 338
238 for (i = 0; i < bt->top; i++) 339 for (i = 0; i < bt->top; i++) {
239 {
240 r->d[i] = at->d[i] ^ bt->d[i]; 340 r->d[i] = at->d[i] ^ bt->d[i];
241 } 341 }
242 for (; i < at->top; i++) 342 for (; i < at->top; i++) {
243 {
244 r->d[i] = at->d[i]; 343 r->d[i] = at->d[i];
245 } 344 }
246 345
247 r->top = at->top; 346 r->top = at->top;
248 bn_correct_top(r); 347 bn_correct_top(r);
249 348
250 return 1; 349 return 1;
251 } 350}
252 351
253 352
254/* Some functions allow for representation of the irreducible polynomials 353/* Some functions allow for representation of the irreducible polynomials
@@ -259,70 +358,73 @@ int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
259 358
260 359
261/* Performs modular reduction of a and store result in r. r could be a. */ 360/* Performs modular reduction of a and store result in r. r could be a. */
262int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]) 361int
263 { 362BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
363{
264 int j, k; 364 int j, k;
265 int n, dN, d0, d1; 365 int n, dN, d0, d1;
266 BN_ULONG zz, *z; 366 BN_ULONG zz, *z;
267 367
268 bn_check_top(a); 368 bn_check_top(a);
269 369
270 if (!p[0]) 370 if (!p[0]) {
271 {
272 /* reduction mod 1 => return 0 */ 371 /* reduction mod 1 => return 0 */
273 BN_zero(r); 372 BN_zero(r);
274 return 1; 373 return 1;
275 } 374 }
276 375
277 /* Since the algorithm does reduction in the r value, if a != r, copy 376 /* Since the algorithm does reduction in the r value, if a != r, copy
278 * the contents of a into r so we can do reduction in r. 377 * the contents of a into r so we can do reduction in r.
279 */ 378 */
280 if (a != r) 379 if (a != r) {
281 { 380 if (!bn_wexpand(r, a->top))
282 if (!bn_wexpand(r, a->top)) return 0; 381 return 0;
283 for (j = 0; j < a->top; j++) 382 for (j = 0; j < a->top; j++) {
284 {
285 r->d[j] = a->d[j]; 383 r->d[j] = a->d[j];
286 }
287 r->top = a->top;
288 } 384 }
385 r->top = a->top;
386 }
289 z = r->d; 387 z = r->d;
290 388
291 /* start reduction */ 389 /* start reduction */
292 dN = p[0] / BN_BITS2; 390 dN = p[0] / BN_BITS2;
293 for (j = r->top - 1; j > dN;) 391 for (j = r->top - 1; j > dN; ) {
294 {
295 zz = z[j]; 392 zz = z[j];
296 if (z[j] == 0) { j--; continue; } 393 if (z[j] == 0) {
394 j--;
395 continue;
396 }
297 z[j] = 0; 397 z[j] = 0;
298 398
299 for (k = 1; p[k] != 0; k++) 399 for (k = 1; p[k] != 0; k++) {
300 {
301 /* reducing component t^p[k] */ 400 /* reducing component t^p[k] */
302 n = p[0] - p[k]; 401 n = p[0] - p[k];
303 d0 = n % BN_BITS2; d1 = BN_BITS2 - d0; 402 d0 = n % BN_BITS2;
304 n /= BN_BITS2; 403 d1 = BN_BITS2 - d0;
305 z[j-n] ^= (zz>>d0); 404 n /= BN_BITS2;
306 if (d0) z[j-n-1] ^= (zz<<d1); 405 z[j - n] ^= (zz >> d0);
307 } 406 if (d0)
407 z[j - n - 1] ^= (zz << d1);
408 }
308 409
309 /* reducing component t^0 */ 410 /* reducing component t^0 */
310 n = dN; 411 n = dN;
311 d0 = p[0] % BN_BITS2; 412 d0 = p[0] % BN_BITS2;
312 d1 = BN_BITS2 - d0; 413 d1 = BN_BITS2 - d0;
313 z[j-n] ^= (zz >> d0); 414 z[j - n] ^= (zz >> d0);
314 if (d0) z[j-n-1] ^= (zz << d1); 415 if (d0)
315 } 416 z[j - n - 1] ^= (zz << d1);
417 }
316 418
317 /* final round of reduction */ 419 /* final round of reduction */
318 while (j == dN) 420 while (j == dN) {
319 {
320 421
321 d0 = p[0] % BN_BITS2; 422 d0 = p[0] % BN_BITS2;
322 zz = z[dN] >> d0; 423 zz = z[dN] >> d0;
323 if (zz == 0) break; 424 if (zz == 0)
425 break;
324 d1 = BN_BITS2 - d0; 426 d1 = BN_BITS2 - d0;
325 427
326 /* clear up the top d1 bits */ 428 /* clear up the top d1 bits */
327 if (d0) 429 if (d0)
328 z[dN] = (z[dN] << d1) >> d1; 430 z[dN] = (z[dN] << d1) >> d1;
@@ -330,56 +432,58 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
330 z[dN] = 0; 432 z[dN] = 0;
331 z[0] ^= zz; /* reduction t^0 component */ 433 z[0] ^= zz; /* reduction t^0 component */
332 434
333 for (k = 1; p[k] != 0; k++) 435 for (k = 1; p[k] != 0; k++) {
334 {
335 BN_ULONG tmp_ulong; 436 BN_ULONG tmp_ulong;
336 437
337 /* reducing component t^p[k]*/ 438 /* reducing component t^p[k]*/
338 n = p[k] / BN_BITS2; 439 n = p[k] / BN_BITS2;
339 d0 = p[k] % BN_BITS2; 440 d0 = p[k] % BN_BITS2;
340 d1 = BN_BITS2 - d0; 441 d1 = BN_BITS2 - d0;
341 z[n] ^= (zz << d0); 442 z[n] ^= (zz << d0);
342 tmp_ulong = zz >> d1; 443 tmp_ulong = zz >> d1;
343 if (d0 && tmp_ulong) 444 if (d0 && tmp_ulong)
344 z[n+1] ^= tmp_ulong; 445 z[n + 1] ^= tmp_ulong;
345 }
346
347
348 } 446 }
349 447
448
449 }
450
350 bn_correct_top(r); 451 bn_correct_top(r);
351 return 1; 452 return 1;
352 } 453}
353 454
354/* Performs modular reduction of a by p and store result in r. r could be a. 455/* Performs modular reduction of a by p and store result in r. r could be a.
355 * 456 *
356 * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper 457 * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper
357 * function is only provided for convenience; for best performance, use the 458 * function is only provided for convenience; for best performance, use the
358 * BN_GF2m_mod_arr function. 459 * BN_GF2m_mod_arr function.
359 */ 460 */
360int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) 461int
361 { 462BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
463{
362 int ret = 0; 464 int ret = 0;
363 int arr[6]; 465 int arr[6];
466
364 bn_check_top(a); 467 bn_check_top(a);
365 bn_check_top(p); 468 bn_check_top(p);
366 ret = BN_GF2m_poly2arr(p, arr, sizeof(arr)/sizeof(arr[0])); 469 ret = BN_GF2m_poly2arr(p, arr, sizeof(arr) / sizeof(arr[0]));
367 if (!ret || ret > (int)(sizeof(arr)/sizeof(arr[0]))) 470 if (!ret || ret > (int)(sizeof(arr) / sizeof(arr[0]))) {
368 { 471 BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH);
369 BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH);
370 return 0; 472 return 0;
371 } 473 }
372 ret = BN_GF2m_mod_arr(r, a, arr); 474 ret = BN_GF2m_mod_arr(r, a, arr);
373 bn_check_top(r); 475 bn_check_top(r);
374 return ret; 476 return ret;
375 } 477}
376 478
377 479
378/* Compute the product of two polynomials a and b, reduce modulo p, and store 480/* Compute the product of two polynomials a and b, reduce modulo p, and store
379 * the result in r. r could be a or b; a could be b. 481 * the result in r. r could be a or b; a could be b.
380 */ 482 */
381int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[], BN_CTX *ctx) 483int
382 { 484BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[],
485 BN_CTX *ctx)
486{
383 int zlen, i, j, k, ret = 0; 487 int zlen, i, j, k, ret = 0;
384 BIGNUM *s; 488 BIGNUM *s;
385 BN_ULONG x1, x0, y1, y0, zz[4]; 489 BN_ULONG x1, x0, y1, y0, zz[4];
@@ -387,32 +491,33 @@ int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p
387 bn_check_top(a); 491 bn_check_top(a);
388 bn_check_top(b); 492 bn_check_top(b);
389 493
390 if (a == b) 494 if (a == b) {
391 {
392 return BN_GF2m_mod_sqr_arr(r, a, p, ctx); 495 return BN_GF2m_mod_sqr_arr(r, a, p, ctx);
393 } 496 }
394 497
395 BN_CTX_start(ctx); 498 BN_CTX_start(ctx);
396 if ((s = BN_CTX_get(ctx)) == NULL) goto err; 499 if ((s = BN_CTX_get(ctx)) == NULL)
397 500 goto err;
501
398 zlen = a->top + b->top + 4; 502 zlen = a->top + b->top + 4;
399 if (!bn_wexpand(s, zlen)) goto err; 503 if (!bn_wexpand(s, zlen))
504 goto err;
400 s->top = zlen; 505 s->top = zlen;
401 506
402 for (i = 0; i < zlen; i++) s->d[i] = 0; 507 for (i = 0; i < zlen; i++)
508 s->d[i] = 0;
403 509
404 for (j = 0; j < b->top; j += 2) 510 for (j = 0; j < b->top; j += 2) {
405 {
406 y0 = b->d[j]; 511 y0 = b->d[j];
407 y1 = ((j+1) == b->top) ? 0 : b->d[j+1]; 512 y1 = ((j + 1) == b->top) ? 0 : b->d[j + 1];
408 for (i = 0; i < a->top; i += 2) 513 for (i = 0; i < a->top; i += 2) {
409 {
410 x0 = a->d[i]; 514 x0 = a->d[i];
411 x1 = ((i+1) == a->top) ? 0 : a->d[i+1]; 515 x1 = ((i + 1) == a->top) ? 0 : a->d[i + 1];
412 bn_GF2m_mul_2x2(zz, x1, x0, y1, y0); 516 bn_GF2m_mul_2x2(zz, x1, x0, y1, y0);
413 for (k = 0; k < 4; k++) s->d[i+j+k] ^= zz[k]; 517 for (k = 0; k < 4; k++)
414 } 518 s->d[i + j + k] ^= zz[k];
415 } 519 }
520 }
416 521
417 bn_correct_top(s); 522 bn_correct_top(s);
418 if (BN_GF2m_mod_arr(r, s, p)) 523 if (BN_GF2m_mod_arr(r, s, p))
@@ -422,101 +527,114 @@ int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p
422err: 527err:
423 BN_CTX_end(ctx); 528 BN_CTX_end(ctx);
424 return ret; 529 return ret;
425 } 530}
426 531
427/* Compute the product of two polynomials a and b, reduce modulo p, and store 532/* Compute the product of two polynomials a and b, reduce modulo p, and store
428 * the result in r. r could be a or b; a could equal b. 533 * the result in r. r could be a or b; a could equal b.
429 * 534 *
430 * This function calls down to the BN_GF2m_mod_mul_arr implementation; this wrapper 535 * This function calls down to the BN_GF2m_mod_mul_arr implementation; this wrapper
431 * function is only provided for convenience; for best performance, use the 536 * function is only provided for convenience; for best performance, use the
432 * BN_GF2m_mod_mul_arr function. 537 * BN_GF2m_mod_mul_arr function.
433 */ 538 */
434int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx) 539int
435 { 540BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
541 BN_CTX *ctx)
542{
436 int ret = 0; 543 int ret = 0;
437 const int max = BN_num_bits(p) + 1; 544 const int max = BN_num_bits(p) + 1;
438 int *arr=NULL; 545 int *arr = NULL;
546
439 bn_check_top(a); 547 bn_check_top(a);
440 bn_check_top(b); 548 bn_check_top(b);
441 bn_check_top(p); 549 bn_check_top(p);
442 if ((arr = (int *)malloc(sizeof(int) * max)) == NULL) goto err; 550 if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
551 goto err;
443 ret = BN_GF2m_poly2arr(p, arr, max); 552 ret = BN_GF2m_poly2arr(p, arr, max);
444 if (!ret || ret > max) 553 if (!ret || ret > max) {
445 { 554 BNerr(BN_F_BN_GF2M_MOD_MUL, BN_R_INVALID_LENGTH);
446 BNerr(BN_F_BN_GF2M_MOD_MUL,BN_R_INVALID_LENGTH);
447 goto err; 555 goto err;
448 } 556 }
449 ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); 557 ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
450 bn_check_top(r); 558 bn_check_top(r);
559
451err: 560err:
452 if (arr) free(arr); 561 if (arr)
562 free(arr);
453 return ret; 563 return ret;
454 } 564}
455 565
456 566
457/* Square a, reduce the result mod p, and store it in a. r could be a. */ 567/* Square a, reduce the result mod p, and store it in a. r could be a. */
458int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx) 568int
459 { 569BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
570{
460 int i, ret = 0; 571 int i, ret = 0;
461 BIGNUM *s; 572 BIGNUM *s;
462 573
463 bn_check_top(a); 574 bn_check_top(a);
464 BN_CTX_start(ctx); 575 BN_CTX_start(ctx);
465 if ((s = BN_CTX_get(ctx)) == NULL) return 0; 576 if ((s = BN_CTX_get(ctx)) == NULL)
466 if (!bn_wexpand(s, 2 * a->top)) goto err; 577 return 0;
578 if (!bn_wexpand(s, 2 * a->top))
579 goto err;
467 580
468 for (i = a->top - 1; i >= 0; i--) 581 for (i = a->top - 1; i >= 0; i--) {
469 { 582 s->d[2 * i + 1] = SQR1(a->d[i]);
470 s->d[2*i+1] = SQR1(a->d[i]); 583 s->d[2 * i] = SQR0(a->d[i]);
471 s->d[2*i ] = SQR0(a->d[i]); 584 }
472 }
473 585
474 s->top = 2 * a->top; 586 s->top = 2 * a->top;
475 bn_correct_top(s); 587 bn_correct_top(s);
476 if (!BN_GF2m_mod_arr(r, s, p)) goto err; 588 if (!BN_GF2m_mod_arr(r, s, p))
589 goto err;
477 bn_check_top(r); 590 bn_check_top(r);
478 ret = 1; 591 ret = 1;
592
479err: 593err:
480 BN_CTX_end(ctx); 594 BN_CTX_end(ctx);
481 return ret; 595 return ret;
482 } 596}
483 597
484/* Square a, reduce the result mod p, and store it in a. r could be a. 598/* Square a, reduce the result mod p, and store it in a. r could be a.
485 * 599 *
486 * This function calls down to the BN_GF2m_mod_sqr_arr implementation; this wrapper 600 * This function calls down to the BN_GF2m_mod_sqr_arr implementation; this wrapper
487 * function is only provided for convenience; for best performance, use the 601 * function is only provided for convenience; for best performance, use the
488 * BN_GF2m_mod_sqr_arr function. 602 * BN_GF2m_mod_sqr_arr function.
489 */ 603 */
490int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) 604int
491 { 605BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
606{
492 int ret = 0; 607 int ret = 0;
493 const int max = BN_num_bits(p) + 1; 608 const int max = BN_num_bits(p) + 1;
494 int *arr=NULL; 609 int *arr = NULL;
495 610
496 bn_check_top(a); 611 bn_check_top(a);
497 bn_check_top(p); 612 bn_check_top(p);
498 if ((arr = (int *)malloc(sizeof(int) * max)) == NULL) goto err; 613 if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
614 goto err;
499 ret = BN_GF2m_poly2arr(p, arr, max); 615 ret = BN_GF2m_poly2arr(p, arr, max);
500 if (!ret || ret > max) 616 if (!ret || ret > max) {
501 { 617 BNerr(BN_F_BN_GF2M_MOD_SQR, BN_R_INVALID_LENGTH);
502 BNerr(BN_F_BN_GF2M_MOD_SQR,BN_R_INVALID_LENGTH);
503 goto err; 618 goto err;
504 } 619 }
505 ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); 620 ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
506 bn_check_top(r); 621 bn_check_top(r);
622
507err: 623err:
508 if (arr) free(arr); 624 if (arr)
625 free(arr);
509 return ret; 626 return ret;
510 } 627}
511 628
512 629
513/* Invert a, reduce modulo p, and store the result in r. r could be a. 630/* Invert a, reduce modulo p, and store the result in r. r could be a.
514 * Uses Modified Almost Inverse Algorithm (Algorithm 10) from 631 * Uses Modified Almost Inverse Algorithm (Algorithm 10) from
515 * Hankerson, D., Hernandez, J.L., and Menezes, A. "Software Implementation 632 * Hankerson, D., Hernandez, J.L., and Menezes, A. "Software Implementation
516 * of Elliptic Curve Cryptography Over Binary Fields". 633 * of Elliptic Curve Cryptography Over Binary Fields".
517 */ 634 */
518int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) 635int
519 { 636BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
637{
520 BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp; 638 BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp;
521 int ret = 0; 639 int ret = 0;
522 640
@@ -524,161 +642,194 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
524 bn_check_top(p); 642 bn_check_top(p);
525 643
526 BN_CTX_start(ctx); 644 BN_CTX_start(ctx);
527
528 if ((b = BN_CTX_get(ctx))==NULL) goto err;
529 if ((c = BN_CTX_get(ctx))==NULL) goto err;
530 if ((u = BN_CTX_get(ctx))==NULL) goto err;
531 if ((v = BN_CTX_get(ctx))==NULL) goto err;
532 645
533 if (!BN_GF2m_mod(u, a, p)) goto err; 646 if ((b = BN_CTX_get(ctx)) == NULL)
534 if (BN_is_zero(u)) goto err; 647 goto err;
648 if ((c = BN_CTX_get(ctx)) == NULL)
649 goto err;
650 if ((u = BN_CTX_get(ctx)) == NULL)
651 goto err;
652 if ((v = BN_CTX_get(ctx)) == NULL)
653 goto err;
535 654
536 if (!BN_copy(v, p)) goto err; 655 if (!BN_GF2m_mod(u, a, p))
656 goto err;
657 if (BN_is_zero(u))
658 goto err;
659
660 if (!BN_copy(v, p))
661 goto err;
537#if 0 662#if 0
538 if (!BN_one(b)) goto err; 663 if (!BN_one(b))
539 664 goto err;
540 while (1) 665
541 { 666 while (1) {
542 while (!BN_is_odd(u)) 667 while (!BN_is_odd(u)) {
543 { 668 if (BN_is_zero(u))
544 if (BN_is_zero(u)) goto err; 669 goto err;
545 if (!BN_rshift1(u, u)) goto err; 670 if (!BN_rshift1(u, u))
546 if (BN_is_odd(b)) 671 goto err;
547 { 672 if (BN_is_odd(b)) {
548 if (!BN_GF2m_add(b, b, p)) goto err; 673 if (!BN_GF2m_add(b, b, p))
549 } 674 goto err;
550 if (!BN_rshift1(b, b)) goto err;
551 } 675 }
676 if (!BN_rshift1(b, b))
677 goto err;
678 }
552 679
553 if (BN_abs_is_word(u, 1)) break; 680 if (BN_abs_is_word(u, 1))
681 break;
554 682
555 if (BN_num_bits(u) < BN_num_bits(v)) 683 if (BN_num_bits(u) < BN_num_bits(v)) {
556 { 684 tmp = u;
557 tmp = u; u = v; v = tmp; 685 u = v;
558 tmp = b; b = c; c = tmp; 686 v = tmp;
559 } 687 tmp = b;
560 688 b = c;
561 if (!BN_GF2m_add(u, u, v)) goto err; 689 c = tmp;
562 if (!BN_GF2m_add(b, b, c)) goto err;
563 } 690 }
691
692 if (!BN_GF2m_add(u, u, v))
693 goto err;
694 if (!BN_GF2m_add(b, b, c))
695 goto err;
696 }
564#else 697#else
565 { 698 {
566 int i, ubits = BN_num_bits(u), 699 int i, ubits = BN_num_bits(u),
567 vbits = BN_num_bits(v), /* v is copy of p */ 700 vbits = BN_num_bits(v), /* v is copy of p */
568 top = p->top; 701 top = p->top;
569 BN_ULONG *udp,*bdp,*vdp,*cdp; 702 BN_ULONG *udp, *bdp, *vdp, *cdp;
570 703
571 bn_wexpand(u,top); udp = u->d; 704 bn_wexpand(u, top);
572 for (i=u->top;i<top;i++) udp[i] = 0; 705 udp = u->d;
573 u->top = top; 706 for (i = u->top; i < top; i++)
574 bn_wexpand(b,top); bdp = b->d; 707 udp[i] = 0;
575 bdp[0] = 1; 708 u->top = top;
576 for (i=1;i<top;i++) bdp[i] = 0; 709 bn_wexpand(b, top);
577 b->top = top; 710 bdp = b->d;
578 bn_wexpand(c,top); cdp = c->d; 711 bdp[0] = 1;
579 for (i=0;i<top;i++) cdp[i] = 0; 712 for (i = 1; i < top; i++)
580 c->top = top; 713 bdp[i] = 0;
581 vdp = v->d; /* It pays off to "cache" *->d pointers, because 714 b->top = top;
582 * it allows optimizer to be more aggressive. 715 bn_wexpand(c, top);
583 * But we don't have to "cache" p->d, because *p 716 cdp = c->d;
584 * is declared 'const'... */ 717 for (i = 0; i < top; i++)
585 while (1) 718 cdp[i] = 0;
586 { 719 c->top = top;
587 while (ubits && !(udp[0]&1)) 720 vdp = v->d; /* It pays off to "cache" *->d pointers, because
588 { 721 * it allows optimizer to be more aggressive.
589 BN_ULONG u0,u1,b0,b1,mask; 722 * But we don't have to "cache" p->d, because *p
590 723 * is declared 'const'... */
591 u0 = udp[0]; 724 while (1) {
592 b0 = bdp[0]; 725 while (ubits && !(udp[0]&1)) {
593 mask = (BN_ULONG)0-(b0&1); 726 BN_ULONG u0, u1, b0, b1, mask;
594 b0 ^= p->d[0]&mask; 727
595 for (i=0;i<top-1;i++) 728 u0 = udp[0];
596 { 729 b0 = bdp[0];
597 u1 = udp[i+1]; 730 mask = (BN_ULONG)0 - (b0 & 1);
598 udp[i] = ((u0>>1)|(u1<<(BN_BITS2-1)))&BN_MASK2; 731 b0 ^= p->d[0] & mask;
599 u0 = u1; 732 for (i = 0; i < top - 1; i++) {
600 b1 = bdp[i+1]^(p->d[i+1]&mask); 733 u1 = udp[i + 1];
601 bdp[i] = ((b0>>1)|(b1<<(BN_BITS2-1)))&BN_MASK2; 734 udp[i] = ((u0 >> 1) |
602 b0 = b1; 735 (u1 << (BN_BITS2 - 1))) & BN_MASK2;
736 u0 = u1;
737 b1 = bdp[i + 1] ^ (p->d[i + 1] & mask);
738 bdp[i] = ((b0 >> 1) |
739 (b1 << (BN_BITS2 - 1))) & BN_MASK2;
740 b0 = b1;
603 } 741 }
604 udp[i] = u0>>1; 742 udp[i] = u0 >> 1;
605 bdp[i] = b0>>1; 743 bdp[i] = b0 >> 1;
606 ubits--; 744 ubits--;
607 } 745 }
608 746
609 if (ubits<=BN_BITS2 && udp[0]==1) break; 747 if (ubits <= BN_BITS2 && udp[0] == 1)
610 748 break;
611 if (ubits<vbits) 749
612 { 750 if (ubits < vbits) {
613 i = ubits; ubits = vbits; vbits = i; 751 i = ubits;
614 tmp = u; u = v; v = tmp; 752 ubits = vbits;
615 tmp = b; b = c; c = tmp; 753 vbits = i;
616 udp = vdp; vdp = v->d; 754 tmp = u;
617 bdp = cdp; cdp = c->d; 755 u = v;
756 v = tmp;
757 tmp = b;
758 b = c;
759 c = tmp;
760 udp = vdp;
761 vdp = v->d;
762 bdp = cdp;
763 cdp = c->d;
618 } 764 }
619 for(i=0;i<top;i++) 765 for (i = 0; i < top; i++) {
620 { 766 udp[i] ^= vdp[i];
621 udp[i] ^= vdp[i]; 767 bdp[i] ^= cdp[i];
622 bdp[i] ^= cdp[i];
623 } 768 }
624 if (ubits==vbits) 769 if (ubits == vbits) {
625 { 770 BN_ULONG ul;
626 BN_ULONG ul; 771 int utop = (ubits - 1) / BN_BITS2;
627 int utop = (ubits-1)/BN_BITS2;
628 772
629 while ((ul=udp[utop])==0 && utop) utop--; 773 while ((ul = udp[utop]) == 0 && utop)
630 ubits = utop*BN_BITS2 + BN_num_bits_word(ul); 774 utop--;
775 ubits = utop*BN_BITS2 + BN_num_bits_word(ul);
631 } 776 }
632 } 777 }
633 bn_correct_top(b); 778 bn_correct_top(b);
634 } 779 }
635#endif 780#endif
636 781
637 if (!BN_copy(r, b)) goto err; 782 if (!BN_copy(r, b))
783 goto err;
638 bn_check_top(r); 784 bn_check_top(r);
639 ret = 1; 785 ret = 1;
640 786
641err: 787err:
642#ifdef BN_DEBUG /* BN_CTX_end would complain about the expanded form */ 788#ifdef BN_DEBUG /* BN_CTX_end would complain about the expanded form */
643 bn_correct_top(c); 789 bn_correct_top(c);
644 bn_correct_top(u); 790 bn_correct_top(u);
645 bn_correct_top(v); 791 bn_correct_top(v);
646#endif 792#endif
647 BN_CTX_end(ctx); 793 BN_CTX_end(ctx);
648 return ret; 794 return ret;
649 } 795}
650 796
651/* Invert xx, reduce modulo p, and store the result in r. r could be xx. 797/* Invert xx, reduce modulo p, and store the result in r. r could be xx.
652 * 798 *
653 * This function calls down to the BN_GF2m_mod_inv implementation; this wrapper 799 * This function calls down to the BN_GF2m_mod_inv implementation; this wrapper
654 * function is only provided for convenience; for best performance, use the 800 * function is only provided for convenience; for best performance, use the
655 * BN_GF2m_mod_inv function. 801 * BN_GF2m_mod_inv function.
656 */ 802 */
657int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], BN_CTX *ctx) 803int
658 { 804BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], BN_CTX *ctx)
805{
659 BIGNUM *field; 806 BIGNUM *field;
660 int ret = 0; 807 int ret = 0;
661 808
662 bn_check_top(xx); 809 bn_check_top(xx);
663 BN_CTX_start(ctx); 810 BN_CTX_start(ctx);
664 if ((field = BN_CTX_get(ctx)) == NULL) goto err; 811 if ((field = BN_CTX_get(ctx)) == NULL)
665 if (!BN_GF2m_arr2poly(p, field)) goto err; 812 goto err;
666 813 if (!BN_GF2m_arr2poly(p, field))
814 goto err;
815
667 ret = BN_GF2m_mod_inv(r, xx, field, ctx); 816 ret = BN_GF2m_mod_inv(r, xx, field, ctx);
668 bn_check_top(r); 817 bn_check_top(r);
669 818
670err: 819err:
671 BN_CTX_end(ctx); 820 BN_CTX_end(ctx);
672 return ret; 821 return ret;
673 } 822}
674 823
675 824
676#ifndef OPENSSL_SUN_GF2M_DIV 825#ifndef OPENSSL_SUN_GF2M_DIV
677/* Divide y by x, reduce modulo p, and store the result in r. r could be x 826/* Divide y by x, reduce modulo p, and store the result in r. r could be x
678 * or y, x could equal y. 827 * or y, x could equal y.
679 */ 828 */
680int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx) 829int
681 { 830BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p,
831 BN_CTX *ctx)
832{
682 BIGNUM *xinv = NULL; 833 BIGNUM *xinv = NULL;
683 int ret = 0; 834 int ret = 0;
684 835
@@ -688,26 +839,31 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p
688 839
689 BN_CTX_start(ctx); 840 BN_CTX_start(ctx);
690 xinv = BN_CTX_get(ctx); 841 xinv = BN_CTX_get(ctx);
691 if (xinv == NULL) goto err; 842 if (xinv == NULL)
692 843 goto err;
693 if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) goto err; 844
694 if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) goto err; 845 if (!BN_GF2m_mod_inv(xinv, x, p, ctx))
846 goto err;
847 if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx))
848 goto err;
695 bn_check_top(r); 849 bn_check_top(r);
696 ret = 1; 850 ret = 1;
697 851
698err: 852err:
699 BN_CTX_end(ctx); 853 BN_CTX_end(ctx);
700 return ret; 854 return ret;
701 } 855}
702#else 856#else
703/* Divide y by x, reduce modulo p, and store the result in r. r could be x 857/* Divide y by x, reduce modulo p, and store the result in r. r could be x
704 * or y, x could equal y. 858 * or y, x could equal y.
705 * Uses algorithm Modular_Division_GF(2^m) from 859 * Uses algorithm Modular_Division_GF(2^m) from
706 * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to 860 * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to
707 * the Great Divide". 861 * the Great Divide".
708 */ 862 */
709int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx) 863int
710 { 864BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p,
865 BN_CTX *ctx)
866{
711 BIGNUM *a, *b, *u, *v; 867 BIGNUM *a, *b, *u, *v;
712 int ret = 0; 868 int ret = 0;
713 869
@@ -716,72 +872,88 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p
716 bn_check_top(p); 872 bn_check_top(p);
717 873
718 BN_CTX_start(ctx); 874 BN_CTX_start(ctx);
719 875
720 a = BN_CTX_get(ctx); 876 a = BN_CTX_get(ctx);
721 b = BN_CTX_get(ctx); 877 b = BN_CTX_get(ctx);
722 u = BN_CTX_get(ctx); 878 u = BN_CTX_get(ctx);
723 v = BN_CTX_get(ctx); 879 v = BN_CTX_get(ctx);
724 if (v == NULL) goto err; 880 if (v == NULL)
881 goto err;
725 882
726 /* reduce x and y mod p */ 883 /* reduce x and y mod p */
727 if (!BN_GF2m_mod(u, y, p)) goto err; 884 if (!BN_GF2m_mod(u, y, p))
728 if (!BN_GF2m_mod(a, x, p)) goto err; 885 goto err;
729 if (!BN_copy(b, p)) goto err; 886 if (!BN_GF2m_mod(a, x, p))
730 887 goto err;
731 while (!BN_is_odd(a)) 888 if (!BN_copy(b, p))
732 { 889 goto err;
733 if (!BN_rshift1(a, a)) goto err;
734 if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err;
735 if (!BN_rshift1(u, u)) goto err;
736 }
737 890
738 do 891 while (!BN_is_odd(a)) {
739 { 892 if (!BN_rshift1(a, a))
740 if (BN_GF2m_cmp(b, a) > 0) 893 goto err;
741 { 894 if (BN_is_odd(u))
742 if (!BN_GF2m_add(b, b, a)) goto err; 895 if (!BN_GF2m_add(u, u, p))
743 if (!BN_GF2m_add(v, v, u)) goto err; 896 goto err;
744 do 897 if (!BN_rshift1(u, u))
745 { 898 goto err;
746 if (!BN_rshift1(b, b)) goto err; 899 }
747 if (BN_is_odd(v)) if (!BN_GF2m_add(v, v, p)) goto err; 900
748 if (!BN_rshift1(v, v)) goto err; 901 do {
749 } while (!BN_is_odd(b)); 902 if (BN_GF2m_cmp(b, a) > 0) {
750 } 903 if (!BN_GF2m_add(b, b, a))
751 else if (BN_abs_is_word(a, 1)) 904 goto err;
905 if (!BN_GF2m_add(v, v, u))
906 goto err;
907 do {
908 if (!BN_rshift1(b, b))
909 goto err;
910 if (BN_is_odd(v))
911 if (!BN_GF2m_add(v, v, p))
912 goto err;
913 if (!BN_rshift1(v, v))
914 goto err;
915 } while (!BN_is_odd(b));
916 } else if (BN_abs_is_word(a, 1))
752 break; 917 break;
753 else 918 else {
754 { 919 if (!BN_GF2m_add(a, a, b))
755 if (!BN_GF2m_add(a, a, b)) goto err; 920 goto err;
756 if (!BN_GF2m_add(u, u, v)) goto err; 921 if (!BN_GF2m_add(u, u, v))
757 do 922 goto err;
758 { 923 do {
759 if (!BN_rshift1(a, a)) goto err; 924 if (!BN_rshift1(a, a))
760 if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err; 925 goto err;
761 if (!BN_rshift1(u, u)) goto err; 926 if (BN_is_odd(u))
762 } while (!BN_is_odd(a)); 927 if (!BN_GF2m_add(u, u, p))
763 } 928 goto err;
764 } while (1); 929 if (!BN_rshift1(u, u))
930 goto err;
931 } while (!BN_is_odd(a));
932 }
933 } while (1);
765 934
766 if (!BN_copy(r, u)) goto err; 935 if (!BN_copy(r, u))
936 goto err;
767 bn_check_top(r); 937 bn_check_top(r);
768 ret = 1; 938 ret = 1;
769 939
770err: 940err:
771 BN_CTX_end(ctx); 941 BN_CTX_end(ctx);
772 return ret; 942 return ret;
773 } 943}
774#endif 944#endif
775 945
776/* Divide yy by xx, reduce modulo p, and store the result in r. r could be xx 946/* Divide yy by xx, reduce modulo p, and store the result in r. r could be xx
777 * or yy, xx could equal yy. 947 * or yy, xx could equal yy.
778 * 948 *
779 * This function calls down to the BN_GF2m_mod_div implementation; this wrapper 949 * This function calls down to the BN_GF2m_mod_div implementation; this wrapper
780 * function is only provided for convenience; for best performance, use the 950 * function is only provided for convenience; for best performance, use the
781 * BN_GF2m_mod_div function. 951 * BN_GF2m_mod_div function.
782 */ 952 */
783int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const int p[], BN_CTX *ctx) 953int
784 { 954BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx,
955 const int p[], BN_CTX *ctx)
956{
785 BIGNUM *field; 957 BIGNUM *field;
786 int ret = 0; 958 int ret = 0;
787 959
@@ -789,24 +961,28 @@ int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const int
789 bn_check_top(xx); 961 bn_check_top(xx);
790 962
791 BN_CTX_start(ctx); 963 BN_CTX_start(ctx);
792 if ((field = BN_CTX_get(ctx)) == NULL) goto err; 964 if ((field = BN_CTX_get(ctx)) == NULL)
793 if (!BN_GF2m_arr2poly(p, field)) goto err; 965 goto err;
794 966 if (!BN_GF2m_arr2poly(p, field))
967 goto err;
968
795 ret = BN_GF2m_mod_div(r, yy, xx, field, ctx); 969 ret = BN_GF2m_mod_div(r, yy, xx, field, ctx);
796 bn_check_top(r); 970 bn_check_top(r);
797 971
798err: 972err:
799 BN_CTX_end(ctx); 973 BN_CTX_end(ctx);
800 return ret; 974 return ret;
801 } 975}
802 976
803 977
804/* Compute the bth power of a, reduce modulo p, and store 978/* Compute the bth power of a, reduce modulo p, and store
805 * the result in r. r could be a. 979 * the result in r. r could be a.
806 * Uses simple square-and-multiply algorithm A.5.1 from IEEE P1363. 980 * Uses simple square-and-multiply algorithm A.5.1 from IEEE P1363.
807 */ 981 */
808int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[], BN_CTX *ctx) 982int
809 { 983BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[],
984 BN_CTX *ctx)
985{
810 int ret = 0, i, n; 986 int ret = 0, i, n;
811 BIGNUM *u; 987 BIGNUM *u;
812 988
@@ -814,202 +990,230 @@ int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p
814 bn_check_top(b); 990 bn_check_top(b);
815 991
816 if (BN_is_zero(b)) 992 if (BN_is_zero(b))
817 return(BN_one(r)); 993 return (BN_one(r));
818 994
819 if (BN_abs_is_word(b, 1)) 995 if (BN_abs_is_word(b, 1))
820 return (BN_copy(r, a) != NULL); 996 return (BN_copy(r, a) != NULL);
821 997
822 BN_CTX_start(ctx); 998 BN_CTX_start(ctx);
823 if ((u = BN_CTX_get(ctx)) == NULL) goto err; 999 if ((u = BN_CTX_get(ctx)) == NULL)
824 1000 goto err;
825 if (!BN_GF2m_mod_arr(u, a, p)) goto err; 1001
826 1002 if (!BN_GF2m_mod_arr(u, a, p))
1003 goto err;
1004
827 n = BN_num_bits(b) - 1; 1005 n = BN_num_bits(b) - 1;
828 for (i = n - 1; i >= 0; i--) 1006 for (i = n - 1; i >= 0; i--) {
829 { 1007 if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx))
830 if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx)) goto err; 1008 goto err;
831 if (BN_is_bit_set(b, i)) 1009 if (BN_is_bit_set(b, i)) {
832 { 1010 if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx))
833 if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx)) goto err; 1011 goto err;
834 }
835 } 1012 }
836 if (!BN_copy(r, u)) goto err; 1013 }
1014 if (!BN_copy(r, u))
1015 goto err;
837 bn_check_top(r); 1016 bn_check_top(r);
838 ret = 1; 1017 ret = 1;
1018
839err: 1019err:
840 BN_CTX_end(ctx); 1020 BN_CTX_end(ctx);
841 return ret; 1021 return ret;
842 } 1022}
843 1023
844/* Compute the bth power of a, reduce modulo p, and store 1024/* Compute the bth power of a, reduce modulo p, and store
845 * the result in r. r could be a. 1025 * the result in r. r could be a.
846 * 1026 *
847 * This function calls down to the BN_GF2m_mod_exp_arr implementation; this wrapper 1027 * This function calls down to the BN_GF2m_mod_exp_arr implementation; this wrapper
848 * function is only provided for convenience; for best performance, use the 1028 * function is only provided for convenience; for best performance, use the
849 * BN_GF2m_mod_exp_arr function. 1029 * BN_GF2m_mod_exp_arr function.
850 */ 1030 */
851int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx) 1031int
852 { 1032BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
1033 BN_CTX *ctx)
1034{
853 int ret = 0; 1035 int ret = 0;
854 const int max = BN_num_bits(p) + 1; 1036 const int max = BN_num_bits(p) + 1;
855 int *arr=NULL; 1037 int *arr = NULL;
1038
856 bn_check_top(a); 1039 bn_check_top(a);
857 bn_check_top(b); 1040 bn_check_top(b);
858 bn_check_top(p); 1041 bn_check_top(p);
859 if ((arr = (int *)malloc(sizeof(int) * max)) == NULL) goto err; 1042 if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
1043 goto err;
860 ret = BN_GF2m_poly2arr(p, arr, max); 1044 ret = BN_GF2m_poly2arr(p, arr, max);
861 if (!ret || ret > max) 1045 if (!ret || ret > max) {
862 { 1046 BNerr(BN_F_BN_GF2M_MOD_EXP, BN_R_INVALID_LENGTH);
863 BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH);
864 goto err; 1047 goto err;
865 } 1048 }
866 ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); 1049 ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
867 bn_check_top(r); 1050 bn_check_top(r);
1051
868err: 1052err:
869 if (arr) free(arr); 1053 if (arr)
1054 free(arr);
870 return ret; 1055 return ret;
871 } 1056}
872 1057
873/* Compute the square root of a, reduce modulo p, and store 1058/* Compute the square root of a, reduce modulo p, and store
874 * the result in r. r could be a. 1059 * the result in r. r could be a.
875 * Uses exponentiation as in algorithm A.4.1 from IEEE P1363. 1060 * Uses exponentiation as in algorithm A.4.1 from IEEE P1363.
876 */ 1061 */
877int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx) 1062int
878 { 1063BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
1064{
879 int ret = 0; 1065 int ret = 0;
880 BIGNUM *u; 1066 BIGNUM *u;
881 1067
882 bn_check_top(a); 1068 bn_check_top(a);
883 1069
884 if (!p[0]) 1070 if (!p[0]) {
885 {
886 /* reduction mod 1 => return 0 */ 1071 /* reduction mod 1 => return 0 */
887 BN_zero(r); 1072 BN_zero(r);
888 return 1; 1073 return 1;
889 } 1074 }
890 1075
891 BN_CTX_start(ctx); 1076 BN_CTX_start(ctx);
892 if ((u = BN_CTX_get(ctx)) == NULL) goto err; 1077 if ((u = BN_CTX_get(ctx)) == NULL)
893 1078 goto err;
894 if (!BN_set_bit(u, p[0] - 1)) goto err; 1079
1080 if (!BN_set_bit(u, p[0] - 1))
1081 goto err;
895 ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx); 1082 ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);
896 bn_check_top(r); 1083 bn_check_top(r);
897 1084
898err: 1085err:
899 BN_CTX_end(ctx); 1086 BN_CTX_end(ctx);
900 return ret; 1087 return ret;
901 } 1088}
902 1089
903/* Compute the square root of a, reduce modulo p, and store 1090/* Compute the square root of a, reduce modulo p, and store
904 * the result in r. r could be a. 1091 * the result in r. r could be a.
905 * 1092 *
906 * This function calls down to the BN_GF2m_mod_sqrt_arr implementation; this wrapper 1093 * This function calls down to the BN_GF2m_mod_sqrt_arr implementation; this wrapper
907 * function is only provided for convenience; for best performance, use the 1094 * function is only provided for convenience; for best performance, use the
908 * BN_GF2m_mod_sqrt_arr function. 1095 * BN_GF2m_mod_sqrt_arr function.
909 */ 1096 */
910int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) 1097int
911 { 1098BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
1099{
912 int ret = 0; 1100 int ret = 0;
913 const int max = BN_num_bits(p) + 1; 1101 const int max = BN_num_bits(p) + 1;
914 int *arr=NULL; 1102 int *arr = NULL;
915 bn_check_top(a); 1103 bn_check_top(a);
916 bn_check_top(p); 1104 bn_check_top(p);
917 if ((arr = (int *)malloc(sizeof(int) * max)) == NULL) goto err; 1105 if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
1106 goto err;
918 ret = BN_GF2m_poly2arr(p, arr, max); 1107 ret = BN_GF2m_poly2arr(p, arr, max);
919 if (!ret || ret > max) 1108 if (!ret || ret > max) {
920 { 1109 BNerr(BN_F_BN_GF2M_MOD_SQRT, BN_R_INVALID_LENGTH);
921 BNerr(BN_F_BN_GF2M_MOD_SQRT,BN_R_INVALID_LENGTH);
922 goto err; 1110 goto err;
923 } 1111 }
924 ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); 1112 ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
925 bn_check_top(r); 1113 bn_check_top(r);
1114
926err: 1115err:
927 if (arr) free(arr); 1116 if (arr)
1117 free(arr);
928 return ret; 1118 return ret;
929 } 1119}
930 1120
931/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0. 1121/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0.
932 * Uses algorithms A.4.7 and A.4.6 from IEEE P1363. 1122 * Uses algorithms A.4.7 and A.4.6 from IEEE P1363.
933 */ 1123 */
934int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], BN_CTX *ctx) 1124int
935 { 1125BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
1126 BN_CTX *ctx)
1127{
936 int ret = 0, count = 0, j; 1128 int ret = 0, count = 0, j;
937 BIGNUM *a, *z, *rho, *w, *w2, *tmp; 1129 BIGNUM *a, *z, *rho, *w, *w2, *tmp;
938 1130
939 bn_check_top(a_); 1131 bn_check_top(a_);
940 1132
941 if (!p[0]) 1133 if (!p[0]) {
942 {
943 /* reduction mod 1 => return 0 */ 1134 /* reduction mod 1 => return 0 */
944 BN_zero(r); 1135 BN_zero(r);
945 return 1; 1136 return 1;
946 } 1137 }
947 1138
948 BN_CTX_start(ctx); 1139 BN_CTX_start(ctx);
949 a = BN_CTX_get(ctx); 1140 a = BN_CTX_get(ctx);
950 z = BN_CTX_get(ctx); 1141 z = BN_CTX_get(ctx);
951 w = BN_CTX_get(ctx); 1142 w = BN_CTX_get(ctx);
952 if (w == NULL) goto err; 1143 if (w == NULL)
1144 goto err;
953 1145
954 if (!BN_GF2m_mod_arr(a, a_, p)) goto err; 1146 if (!BN_GF2m_mod_arr(a, a_, p))
955 1147 goto err;
956 if (BN_is_zero(a)) 1148
957 { 1149 if (BN_is_zero(a)) {
958 BN_zero(r); 1150 BN_zero(r);
959 ret = 1; 1151 ret = 1;
960 goto err; 1152 goto err;
961 } 1153 }
962 1154
963 if (p[0] & 0x1) /* m is odd */ 1155 if (p[0] & 0x1) /* m is odd */
964 { 1156 {
965 /* compute half-trace of a */ 1157 /* compute half-trace of a */
966 if (!BN_copy(z, a)) goto err; 1158 if (!BN_copy(z, a))
967 for (j = 1; j <= (p[0] - 1) / 2; j++) 1159 goto err;
968 { 1160 for (j = 1; j <= (p[0] - 1) / 2; j++) {
969 if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err; 1161 if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
970 if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err; 1162 goto err;
971 if (!BN_GF2m_add(z, z, a)) goto err; 1163 if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
972 } 1164 goto err;
973 1165 if (!BN_GF2m_add(z, z, a))
1166 goto err;
974 } 1167 }
1168
1169 }
975 else /* m is even */ 1170 else /* m is even */
976 { 1171 {
977 rho = BN_CTX_get(ctx); 1172 rho = BN_CTX_get(ctx);
978 w2 = BN_CTX_get(ctx); 1173 w2 = BN_CTX_get(ctx);
979 tmp = BN_CTX_get(ctx); 1174 tmp = BN_CTX_get(ctx);
980 if (tmp == NULL) goto err; 1175 if (tmp == NULL)
981 do 1176 goto err;
982 { 1177 do {
983 if (!BN_rand(rho, p[0], 0, 0)) goto err; 1178 if (!BN_rand(rho, p[0], 0, 0))
984 if (!BN_GF2m_mod_arr(rho, rho, p)) goto err; 1179 goto err;
1180 if (!BN_GF2m_mod_arr(rho, rho, p))
1181 goto err;
985 BN_zero(z); 1182 BN_zero(z);
986 if (!BN_copy(w, rho)) goto err; 1183 if (!BN_copy(w, rho))
987 for (j = 1; j <= p[0] - 1; j++) 1184 goto err;
988 { 1185 for (j = 1; j <= p[0] - 1; j++) {
989 if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err; 1186 if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
990 if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) goto err; 1187 goto err;
991 if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx)) goto err; 1188 if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx))
992 if (!BN_GF2m_add(z, z, tmp)) goto err; 1189 goto err;
993 if (!BN_GF2m_add(w, w2, rho)) goto err; 1190 if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx))
994 } 1191 goto err;
1192 if (!BN_GF2m_add(z, z, tmp))
1193 goto err;
1194 if (!BN_GF2m_add(w, w2, rho))
1195 goto err;
1196 }
995 count++; 1197 count++;
996 } while (BN_is_zero(w) && (count < MAX_ITERATIONS)); 1198 } while (BN_is_zero(w) && (count < MAX_ITERATIONS));
997 if (BN_is_zero(w)) 1199 if (BN_is_zero(w)) {
998 { 1200 BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR,
999 BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR,BN_R_TOO_MANY_ITERATIONS); 1201 BN_R_TOO_MANY_ITERATIONS);
1000 goto err; 1202 goto err;
1001 }
1002 } 1203 }
1003 1204 }
1004 if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) goto err; 1205
1005 if (!BN_GF2m_add(w, z, w)) goto err; 1206 if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx))
1006 if (BN_GF2m_cmp(w, a)) 1207 goto err;
1007 { 1208 if (!BN_GF2m_add(w, z, w))
1209 goto err;
1210 if (BN_GF2m_cmp(w, a)) {
1008 BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION); 1211 BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION);
1009 goto err; 1212 goto err;
1010 } 1213 }
1011 1214
1012 if (!BN_copy(r, z)) goto err; 1215 if (!BN_copy(r, z))
1216 goto err;
1013 bn_check_top(r); 1217 bn_check_top(r);
1014 1218
1015 ret = 1; 1219 ret = 1;
@@ -1017,66 +1221,68 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], BN_CT
1017err: 1221err:
1018 BN_CTX_end(ctx); 1222 BN_CTX_end(ctx);
1019 return ret; 1223 return ret;
1020 } 1224}
1021 1225
1022/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0. 1226/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0.
1023 * 1227 *
1024 * This function calls down to the BN_GF2m_mod_solve_quad_arr implementation; this wrapper 1228 * This function calls down to the BN_GF2m_mod_solve_quad_arr implementation; this wrapper
1025 * function is only provided for convenience; for best performance, use the 1229 * function is only provided for convenience; for best performance, use the
1026 * BN_GF2m_mod_solve_quad_arr function. 1230 * BN_GF2m_mod_solve_quad_arr function.
1027 */ 1231 */
1028int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) 1232int
1029 { 1233BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
1234{
1030 int ret = 0; 1235 int ret = 0;
1031 const int max = BN_num_bits(p) + 1; 1236 const int max = BN_num_bits(p) + 1;
1032 int *arr=NULL; 1237 int *arr = NULL;
1238
1033 bn_check_top(a); 1239 bn_check_top(a);
1034 bn_check_top(p); 1240 bn_check_top(p);
1035 if ((arr = (int *)malloc(sizeof(int) * 1241 if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
1036 max)) == NULL) goto err; 1242 goto err;
1037 ret = BN_GF2m_poly2arr(p, arr, max); 1243 ret = BN_GF2m_poly2arr(p, arr, max);
1038 if (!ret || ret > max) 1244 if (!ret || ret > max) {
1039 { 1245 BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD, BN_R_INVALID_LENGTH);
1040 BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD,BN_R_INVALID_LENGTH);
1041 goto err; 1246 goto err;
1042 } 1247 }
1043 ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); 1248 ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
1044 bn_check_top(r); 1249 bn_check_top(r);
1250
1045err: 1251err:
1046 if (arr) free(arr); 1252 if (arr)
1253 free(arr);
1047 return ret; 1254 return ret;
1048 } 1255}
1049 1256
1050/* Convert the bit-string representation of a polynomial 1257/* Convert the bit-string representation of a polynomial
1051 * ( \sum_{i=0}^n a_i * x^i) into an array of integers corresponding 1258 * ( \sum_{i=0}^n a_i * x^i) into an array of integers corresponding
1052 * to the bits with non-zero coefficient. Array is terminated with -1. 1259 * to the bits with non-zero coefficient. Array is terminated with -1.
1053 * Up to max elements of the array will be filled. Return value is total 1260 * Up to max elements of the array will be filled. Return value is total
1054 * number of array elements that would be filled if array was large enough. 1261 * number of array elements that would be filled if array was large enough.
1055 */ 1262 */
1056int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max) 1263int
1057 { 1264BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
1265{
1058 int i, j, k = 0; 1266 int i, j, k = 0;
1059 BN_ULONG mask; 1267 BN_ULONG mask;
1060 1268
1061 if (BN_is_zero(a)) 1269 if (BN_is_zero(a))
1062 return 0; 1270 return 0;
1063 1271
1064 for (i = a->top - 1; i >= 0; i--) 1272 for (i = a->top - 1; i >= 0; i--) {
1065 {
1066 if (!a->d[i]) 1273 if (!a->d[i])
1067 /* skip word if a->d[i] == 0 */ 1274 /* skip word if a->d[i] == 0 */
1068 continue; 1275 continue;
1069 mask = BN_TBIT; 1276 mask = BN_TBIT;
1070 for (j = BN_BITS2 - 1; j >= 0; j--) 1277 for (j = BN_BITS2 - 1; j >= 0; j--) {
1071 { 1278 if (a->d[i] & mask) {
1072 if (a->d[i] & mask) 1279 if (k < max)
1073 { 1280 p[k] = BN_BITS2 * i + j;
1074 if (k < max) p[k] = BN_BITS2 * i + j;
1075 k++; 1281 k++;
1076 }
1077 mask >>= 1;
1078 } 1282 }
1283 mask >>= 1;
1079 } 1284 }
1285 }
1080 1286
1081 if (k < max) { 1287 if (k < max) {
1082 p[k] = -1; 1288 p[k] = -1;
@@ -1084,25 +1290,25 @@ int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
1084 } 1290 }
1085 1291
1086 return k; 1292 return k;
1087 } 1293}
1088 1294
1089/* Convert the coefficient array representation of a polynomial to a 1295/* Convert the coefficient array representation of a polynomial to a
1090 * bit-string. The array must be terminated by -1. 1296 * bit-string. The array must be terminated by -1.
1091 */ 1297 */
1092int BN_GF2m_arr2poly(const int p[], BIGNUM *a) 1298int
1093 { 1299BN_GF2m_arr2poly(const int p[], BIGNUM *a)
1300{
1094 int i; 1301 int i;
1095 1302
1096 bn_check_top(a); 1303 bn_check_top(a);
1097 BN_zero(a); 1304 BN_zero(a);
1098 for (i = 0; p[i] != -1; i++) 1305 for (i = 0; p[i] != -1; i++) {
1099 {
1100 if (BN_set_bit(a, p[i]) == 0) 1306 if (BN_set_bit(a, p[i]) == 0)
1101 return 0; 1307 return 0;
1102 } 1308 }
1103 bn_check_top(a); 1309 bn_check_top(a);
1104 1310
1105 return 1; 1311 return 1;
1106 } 1312}
1107 1313
1108#endif 1314#endif
diff --git a/src/lib/libcrypto/bn/bn_kron.c b/src/lib/libcrypto/bn/bn_kron.c
index 740359b752..bcc13b75d4 100644
--- a/src/lib/libcrypto/bn/bn_kron.c
+++ b/src/lib/libcrypto/bn/bn_kron.c
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -60,12 +60,14 @@
60#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0]) 60#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
61 61
62/* Returns -2 for errors because both -1 and 0 are valid results. */ 62/* Returns -2 for errors because both -1 and 0 are valid results. */
63int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) 63int
64 { 64BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
65{
65 int i; 66 int i;
66 int ret = -2; /* avoid 'uninitialized' warning */ 67 int ret = -2; /* avoid 'uninitialized' warning */
67 int err = 0; 68 int err = 0;
68 BIGNUM *A, *B, *tmp; 69 BIGNUM *A, *B, *tmp;
70
69 /* In 'tab', only odd-indexed entries are relevant: 71 /* In 'tab', only odd-indexed entries are relevant:
70 * For any odd BIGNUM n, 72 * For any odd BIGNUM n,
71 * tab[BN_lsw(n) & 7] 73 * tab[BN_lsw(n) & 7]
@@ -80,12 +82,15 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
80 BN_CTX_start(ctx); 82 BN_CTX_start(ctx);
81 A = BN_CTX_get(ctx); 83 A = BN_CTX_get(ctx);
82 B = BN_CTX_get(ctx); 84 B = BN_CTX_get(ctx);
83 if (B == NULL) goto end; 85 if (B == NULL)
84 86 goto end;
87
85 err = !BN_copy(A, a); 88 err = !BN_copy(A, a);
86 if (err) goto end; 89 if (err)
90 goto end;
87 err = !BN_copy(B, b); 91 err = !BN_copy(B, b);
88 if (err) goto end; 92 if (err)
93 goto end;
89 94
90 /* 95 /*
91 * Kronecker symbol, imlemented according to Henri Cohen, 96 * Kronecker symbol, imlemented according to Henri Cohen,
@@ -95,90 +100,87 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
95 100
96 /* Cohen's step 1: */ 101 /* Cohen's step 1: */
97 102
98 if (BN_is_zero(B)) 103 if (BN_is_zero(B)) {
99 {
100 ret = BN_abs_is_word(A, 1); 104 ret = BN_abs_is_word(A, 1);
101 goto end; 105 goto end;
102 } 106 }
103 107
104 /* Cohen's step 2: */ 108 /* Cohen's step 2: */
105 109
106 if (!BN_is_odd(A) && !BN_is_odd(B)) 110 if (!BN_is_odd(A) && !BN_is_odd(B)) {
107 {
108 ret = 0; 111 ret = 0;
109 goto end; 112 goto end;
110 } 113 }
111 114
112 /* now B is non-zero */ 115 /* now B is non-zero */
113 i = 0; 116 i = 0;
114 while (!BN_is_bit_set(B, i)) 117 while (!BN_is_bit_set(B, i))
115 i++; 118 i++;
116 err = !BN_rshift(B, B, i); 119 err = !BN_rshift(B, B, i);
117 if (err) goto end; 120 if (err)
118 if (i & 1) 121 goto end;
119 { 122 if (i & 1) {
120 /* i is odd */ 123 /* i is odd */
121 /* (thus B was even, thus A must be odd!) */ 124 /* (thus B was even, thus A must be odd!) */
122 125
123 /* set 'ret' to $(-1)^{(A^2-1)/8}$ */ 126 /* set 'ret' to $(-1)^{(A^2-1)/8}$ */
124 ret = tab[BN_lsw(A) & 7]; 127 ret = tab[BN_lsw(A) & 7];
125 } 128 } else {
126 else
127 {
128 /* i is even */ 129 /* i is even */
129 ret = 1; 130 ret = 1;
130 } 131 }
131 132
132 if (B->neg) 133 if (B->neg) {
133 {
134 B->neg = 0; 134 B->neg = 0;
135 if (A->neg) 135 if (A->neg)
136 ret = -ret; 136 ret = -ret;
137 } 137 }
138 138
139 /* now B is positive and odd, so what remains to be done is 139 /* now B is positive and odd, so what remains to be done is
140 * to compute the Jacobi symbol (A/B) and multiply it by 'ret' */ 140 * to compute the Jacobi symbol (A/B) and multiply it by 'ret' */
141 141
142 while (1) 142 while (1) {
143 {
144 /* Cohen's step 3: */ 143 /* Cohen's step 3: */
145 144
146 /* B is positive and odd */ 145 /* B is positive and odd */
147 146
148 if (BN_is_zero(A)) 147 if (BN_is_zero(A)) {
149 {
150 ret = BN_is_one(B) ? ret : 0; 148 ret = BN_is_one(B) ? ret : 0;
151 goto end; 149 goto end;
152 } 150 }
153 151
154 /* now A is non-zero */ 152 /* now A is non-zero */
155 i = 0; 153 i = 0;
156 while (!BN_is_bit_set(A, i)) 154 while (!BN_is_bit_set(A, i))
157 i++; 155 i++;
158 err = !BN_rshift(A, A, i); 156 err = !BN_rshift(A, A, i);
159 if (err) goto end; 157 if (err)
160 if (i & 1) 158 goto end;
161 { 159 if (i & 1) {
162 /* i is odd */ 160 /* i is odd */
163 /* multiply 'ret' by $(-1)^{(B^2-1)/8}$ */ 161 /* multiply 'ret' by $(-1)^{(B^2-1)/8}$ */
164 ret = ret * tab[BN_lsw(B) & 7]; 162 ret = ret * tab[BN_lsw(B) & 7];
165 } 163 }
166 164
167 /* Cohen's step 4: */ 165 /* Cohen's step 4: */
168 /* multiply 'ret' by $(-1)^{(A-1)(B-1)/4}$ */ 166 /* multiply 'ret' by $(-1)^{(A-1)(B-1)/4}$ */
169 if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2) 167 if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
170 ret = -ret; 168 ret = -ret;
171 169
172 /* (A, B) := (B mod |A|, |A|) */ 170 /* (A, B) := (B mod |A|, |A|) */
173 err = !BN_nnmod(B, B, A, ctx); 171 err = !BN_nnmod(B, B, A, ctx);
174 if (err) goto end; 172 if (err)
175 tmp = A; A = B; B = tmp; 173 goto end;
174 tmp = A;
175 A = B;
176 B = tmp;
176 tmp->neg = 0; 177 tmp->neg = 0;
177 } 178 }
179
178end: 180end:
179 BN_CTX_end(ctx); 181 BN_CTX_end(ctx);
180 if (err) 182 if (err)
181 return -2; 183 return -2;
182 else 184 else
183 return ret; 185 return ret;
184 } 186}
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h
index c3aa584066..99362ac87e 100644
--- a/src/lib/libcrypto/bn/bn_lcl.h
+++ b/src/lib/libcrypto/bn/bn_lcl.h
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
63 * are met: 63 * are met:
64 * 64 *
65 * 1. Redistributions of source code must retain the above copyright 65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer. 66 * notice, this list of conditions and the following disclaimer.
67 * 67 *
68 * 2. Redistributions in binary form must reproduce the above copyright 68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in 69 * notice, this list of conditions and the following disclaimer in
@@ -163,7 +163,7 @@ extern "C" {
163 * 163 *
164 * To achieve the security goals of BN_mode_exp_mont_consttime, the 164 * To achieve the security goals of BN_mode_exp_mont_consttime, the
165 * maximum size of the window must not exceed 165 * maximum size of the window must not exceed
166 * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH). 166 * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH).
167 * 167 *
168 * Window size thresholds are defined for cache line sizes of 32 and 64, 168 * Window size thresholds are defined for cache line sizes of 32 and 64,
169 * cache line sizes where log_2(32)=5 and log_2(64)=6 respectively. A 169 * cache line sizes where log_2(32)=5 and log_2(64)=6 respectively. A
@@ -450,30 +450,30 @@ extern "C" {
450 } 450 }
451#endif /* !BN_LLONG */ 451#endif /* !BN_LLONG */
452 452
453void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb); 453 void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb);
454void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b); 454void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
455void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b); 455void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
456void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp); 456void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp);
457void bn_sqr_comba8(BN_ULONG *r,const BN_ULONG *a); 457void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a);
458void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a); 458void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a);
459int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n); 459int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n);
460int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, 460int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
461 int cl, int dl); 461 int cl, int dl);
462void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, 462void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
463 int dna,int dnb,BN_ULONG *t); 463 int dna, int dnb, BN_ULONG *t);
464void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, 464void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
465 int n,int tna,int tnb,BN_ULONG *t); 465 int n, int tna, int tnb, BN_ULONG *t);
466void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t); 466void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t);
467void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n); 467void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
468void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, 468void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
469 BN_ULONG *t); 469 BN_ULONG *t);
470void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2, 470void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
471 BN_ULONG *t); 471 BN_ULONG *t);
472BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, 472BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
473 int cl, int dl); 473 int cl, int dl);
474BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, 474BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
475 int cl, int dl); 475 int cl, int dl);
476int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num); 476int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num);
477 477
478#ifdef __cplusplus 478#ifdef __cplusplus
479} 479}
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index 7ae14ee4d0..a3a96662e8 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -67,7 +67,7 @@
67#include "cryptlib.h" 67#include "cryptlib.h"
68#include "bn_lcl.h" 68#include "bn_lcl.h"
69 69
70const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT; 70const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT;
71 71
72/* This stuff appears to be completely unused, so is deprecated */ 72/* This stuff appears to be completely unused, so is deprecated */
73#ifndef OPENSSL_NO_DEPRECATED 73#ifndef OPENSSL_NO_DEPRECATED
@@ -80,150 +80,152 @@ const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;
80 * 7 - 128 == 4096 80 * 7 - 128 == 4096
81 * 8 - 256 == 8192 81 * 8 - 256 == 8192
82 */ 82 */
83static int bn_limit_bits=0; 83static int bn_limit_bits = 0;
84static int bn_limit_num=8; /* (1<<bn_limit_bits) */ 84static int bn_limit_num = 8; /* (1<<bn_limit_bits) */
85static int bn_limit_bits_low=0; 85static int bn_limit_bits_low = 0;
86static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */ 86static int bn_limit_num_low = 8; /* (1<<bn_limit_bits_low) */
87static int bn_limit_bits_high=0; 87static int bn_limit_bits_high = 0;
88static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */ 88static int bn_limit_num_high = 8; /* (1<<bn_limit_bits_high) */
89static int bn_limit_bits_mont=0; 89static int bn_limit_bits_mont = 0;
90static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */ 90static int bn_limit_num_mont = 8; /* (1<<bn_limit_bits_mont) */
91
92void BN_set_params(int mult, int high, int low, int mont)
93 {
94 if (mult >= 0)
95 {
96 if (mult > (int)(sizeof(int)*8)-1)
97 mult=sizeof(int)*8-1;
98 bn_limit_bits=mult;
99 bn_limit_num=1<<mult;
100 }
101 if (high >= 0)
102 {
103 if (high > (int)(sizeof(int)*8)-1)
104 high=sizeof(int)*8-1;
105 bn_limit_bits_high=high;
106 bn_limit_num_high=1<<high;
107 }
108 if (low >= 0)
109 {
110 if (low > (int)(sizeof(int)*8)-1)
111 low=sizeof(int)*8-1;
112 bn_limit_bits_low=low;
113 bn_limit_num_low=1<<low;
114 }
115 if (mont >= 0)
116 {
117 if (mont > (int)(sizeof(int)*8)-1)
118 mont=sizeof(int)*8-1;
119 bn_limit_bits_mont=mont;
120 bn_limit_num_mont=1<<mont;
121 }
122 }
123 91
124int BN_get_params(int which) 92void
125 { 93BN_set_params(int mult, int high, int low, int mont)
126 if (which == 0) return(bn_limit_bits); 94{
127 else if (which == 1) return(bn_limit_bits_high); 95 if (mult >= 0) {
128 else if (which == 2) return(bn_limit_bits_low); 96 if (mult > (int)(sizeof(int) * 8) - 1)
129 else if (which == 3) return(bn_limit_bits_mont); 97 mult = sizeof(int) * 8 - 1;
130 else return(0); 98 bn_limit_bits = mult;
99 bn_limit_num = 1 << mult;
131 } 100 }
101 if (high >= 0) {
102 if (high > (int)(sizeof(int) * 8) - 1)
103 high = sizeof(int) * 8 - 1;
104 bn_limit_bits_high = high;
105 bn_limit_num_high = 1 << high;
106 }
107 if (low >= 0) {
108 if (low > (int)(sizeof(int) * 8) - 1)
109 low = sizeof(int) * 8 - 1;
110 bn_limit_bits_low = low;
111 bn_limit_num_low = 1 << low;
112 }
113 if (mont >= 0) {
114 if (mont > (int)(sizeof(int) * 8) - 1)
115 mont = sizeof(int) * 8 - 1;
116 bn_limit_bits_mont = mont;
117 bn_limit_num_mont = 1 << mont;
118 }
119}
120
121int
122BN_get_params(int which)
123{
124 if (which == 0)
125 return (bn_limit_bits);
126 else if (which == 1)
127 return (bn_limit_bits_high);
128 else if (which == 2)
129 return (bn_limit_bits_low);
130 else if (which == 3)
131 return (bn_limit_bits_mont);
132 else
133 return (0);
134}
132#endif 135#endif
133 136
134const BIGNUM *BN_value_one(void) 137const BIGNUM *
135 { 138BN_value_one(void)
136 static const BN_ULONG data_one=1L; 139{
137 static const BIGNUM const_one={(BN_ULONG *)&data_one,1,1,0,BN_FLG_STATIC_DATA}; 140 static const BN_ULONG data_one = 1L;
141 static const BIGNUM const_one = {
142 (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA
143 };
138 144
139 return(&const_one); 145 return (&const_one);
140 } 146}
141 147
142int BN_num_bits_word(BN_ULONG l) 148int
143 { 149BN_num_bits_word(BN_ULONG l)
144 static const unsigned char bits[256]={ 150{
145 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4, 151 static const unsigned char bits[256] = {
146 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5, 152 0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4,
147 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, 153 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5,
148 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, 154 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
149 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, 155 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
150 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, 156 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
151 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, 157 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
152 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, 158 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
153 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 159 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
154 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 160 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
155 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 161 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
156 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 162 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
157 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 163 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
158 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 164 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
159 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 165 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
160 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 166 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
161 }; 167 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
168 };
162 169
163#ifdef _LP64 170#ifdef _LP64
164 if (l & 0xffffffff00000000L) 171 if (l & 0xffffffff00000000L) {
165 { 172 if (l & 0xffff000000000000L) {
166 if (l & 0xffff000000000000L) 173 if (l & 0xff00000000000000L) {
167 { 174 return (bits[(int)(l >> 56)] + 56);
168 if (l & 0xff00000000000000L) 175 } else
169 { 176 return (bits[(int)(l >> 48)] + 48);
170 return(bits[(int)(l>>56)]+56); 177 } else {
171 } 178 if (l & 0x0000ff0000000000L) {
172 else return(bits[(int)(l>>48)]+48); 179 return (bits[(int)(l >> 40)] + 40);
173 } 180 } else
174 else 181 return (bits[(int)(l >> 32)] + 32);
175 { 182 }
176 if (l & 0x0000ff0000000000L) 183 } else
177 {
178 return(bits[(int)(l>>40)]+40);
179 }
180 else return(bits[(int)(l>>32)]+32);
181 }
182 }
183 else
184#endif 184#endif
185 { 185 {
186 if (l & 0xffff0000L) 186 if (l & 0xffff0000L) {
187 {
188 if (l & 0xff000000L) 187 if (l & 0xff000000L)
189 return(bits[(int)(l>>24L)]+24); 188 return (bits[(int)(l >> 24L)] + 24);
190 else return(bits[(int)(l>>16L)]+16); 189 else
191 } 190 return (bits[(int)(l >> 16L)] + 16);
192 else 191 } else {
193 {
194 if (l & 0xff00L) 192 if (l & 0xff00L)
195 return(bits[(int)(l>>8)]+8); 193 return (bits[(int)(l >> 8)] + 8);
196 else 194 else
197 return(bits[(int)(l )] ); 195 return (bits[(int)(l)]);
198 }
199 } 196 }
200 } 197 }
198}
201 199
202int BN_num_bits(const BIGNUM *a) 200int
203 { 201BN_num_bits(const BIGNUM *a)
202{
204 int i = a->top - 1; 203 int i = a->top - 1;
204
205 bn_check_top(a); 205 bn_check_top(a);
206 206
207 if (BN_is_zero(a)) return 0; 207 if (BN_is_zero(a))
208 return ((i*BN_BITS2) + BN_num_bits_word(a->d[i])); 208 return 0;
209 } 209 return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
210}
210 211
211void BN_clear_free(BIGNUM *a) 212void
212 { 213BN_clear_free(BIGNUM *a)
214{
213 int i; 215 int i;
214 216
215 if (a == NULL) return; 217 if (a == NULL)
218 return;
216 bn_check_top(a); 219 bn_check_top(a);
217 if (a->d != NULL && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) 220 if (a->d != NULL && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) {
218 { 221 OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
219 OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
220 free(a->d); 222 free(a->d);
221 } 223 }
222 i=BN_get_flags(a,BN_FLG_MALLOCED); 224 i = BN_get_flags(a, BN_FLG_MALLOCED);
223 OPENSSL_cleanse(a,sizeof(BIGNUM)); 225 OPENSSL_cleanse(a, sizeof(BIGNUM));
224 if (i) 226 if (i)
225 free(a); 227 free(a);
226 } 228}
227 229
228void 230void
229BN_free(BIGNUM *a) 231BN_free(BIGNUM *a)
@@ -231,63 +233,61 @@ BN_free(BIGNUM *a)
231 BN_clear_free(a); 233 BN_clear_free(a);
232} 234}
233 235
234void BN_init(BIGNUM *a) 236void
235 { 237BN_init(BIGNUM *a)
236 memset(a,0,sizeof(BIGNUM)); 238{
239 memset(a, 0, sizeof(BIGNUM));
237 bn_check_top(a); 240 bn_check_top(a);
238 } 241}
239 242
240BIGNUM *BN_new(void) 243BIGNUM *
241 { 244BN_new(void)
245{
242 BIGNUM *ret; 246 BIGNUM *ret;
243 247
244 if ((ret=(BIGNUM *)malloc(sizeof(BIGNUM))) == NULL) 248 if ((ret = (BIGNUM *)malloc(sizeof(BIGNUM))) == NULL) {
245 { 249 BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
246 BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE); 250 return (NULL);
247 return(NULL);
248 }
249 ret->flags=BN_FLG_MALLOCED;
250 ret->top=0;
251 ret->neg=0;
252 ret->dmax=0;
253 ret->d=NULL;
254 bn_check_top(ret);
255 return(ret);
256 } 251 }
252 ret->flags = BN_FLG_MALLOCED;
253 ret->top = 0;
254 ret->neg = 0;
255 ret->dmax = 0;
256 ret->d = NULL;
257 bn_check_top(ret);
258 return (ret);
259}
257 260
258/* This is used both by bn_expand2() and bn_dup_expand() */ 261/* This is used both by bn_expand2() and bn_dup_expand() */
259/* The caller MUST check that words > b->dmax before calling this */ 262/* The caller MUST check that words > b->dmax before calling this */
260static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) 263static BN_ULONG *
261 { 264bn_expand_internal(const BIGNUM *b, int words)
262 BN_ULONG *A,*a = NULL; 265{
266 BN_ULONG *A, *a = NULL;
263 const BN_ULONG *B; 267 const BN_ULONG *B;
264 int i; 268 int i;
265 269
266 bn_check_top(b); 270 bn_check_top(b);
267 271
268 if (words > (INT_MAX/(4*BN_BITS2))) 272 if (words > (INT_MAX/(4*BN_BITS2))) {
269 { 273 BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
270 BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
271 return NULL; 274 return NULL;
272 } 275 }
273 if (BN_get_flags(b,BN_FLG_STATIC_DATA)) 276 if (BN_get_flags(b, BN_FLG_STATIC_DATA)) {
274 { 277 BNerr(BN_F_BN_EXPAND_INTERNAL,
275 BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); 278 BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
276 return(NULL); 279 return (NULL);
277 } 280 }
278 a=A=(BN_ULONG *)malloc(sizeof(BN_ULONG)*words); 281 a = A = (BN_ULONG *)malloc(sizeof(BN_ULONG)*words);
279 if (A == NULL) 282 if (A == NULL) {
280 { 283 BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
281 BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); 284 return (NULL);
282 return(NULL); 285 }
283 }
284#if 1 286#if 1
285 B=b->d; 287 B = b->d;
286 /* Check if the previous number needs to be copied */ 288 /* Check if the previous number needs to be copied */
287 if (B != NULL) 289 if (B != NULL) {
288 { 290 for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
289 for (i=b->top>>2; i>0; i--,A+=4,B+=4)
290 {
291 /* 291 /*
292 * The fact that the loop is unrolled 292 * The fact that the loop is unrolled
293 * 4-wise is a tribute to Intel. It's 293 * 4-wise is a tribute to Intel. It's
@@ -297,25 +297,33 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
297 * 297 *
298 * <appro@fy.chalmers.se> 298 * <appro@fy.chalmers.se>
299 */ 299 */
300 BN_ULONG a0,a1,a2,a3; 300 BN_ULONG a0, a1, a2, a3;
301 a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; 301 a0 = B[0];
302 A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; 302 a1 = B[1];
303 } 303 a2 = B[2];
304 switch (b->top&3) 304 a3 = B[3];
305 { 305 A[0] = a0;
306 case 3: A[2]=B[2]; 306 A[1] = a1;
307 case 2: A[1]=B[1]; 307 A[2] = a2;
308 case 1: A[0]=B[0]; 308 A[3] = a3;
309 } 309 }
310 switch (b->top & 3) {
311 case 3:
312 A[2] = B[2];
313 case 2:
314 A[1] = B[1];
315 case 1:
316 A[0] = B[0];
310 } 317 }
318 }
311 319
312#else 320#else
313 memset(A,0,sizeof(BN_ULONG)*words); 321 memset(A, 0, sizeof(BN_ULONG) * words);
314 memcpy(A,b->d,sizeof(b->d[0])*b->top); 322 memcpy(A, b->d, sizeof(b->d[0]) * b->top);
315#endif 323#endif
316 324
317 return(a); 325 return (a);
318 } 326}
319 327
320/* This is an internal function that can be used instead of bn_expand2() 328/* This is an internal function that can be used instead of bn_expand2()
321 * when there is a need to copy BIGNUMs instead of only expanding the 329 * when there is a need to copy BIGNUMs instead of only expanding the
@@ -329,8 +337,9 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
329 */ 337 */
330 338
331#ifndef OPENSSL_NO_DEPRECATED 339#ifndef OPENSSL_NO_DEPRECATED
332BIGNUM *bn_dup_expand(const BIGNUM *b, int words) 340BIGNUM *
333 { 341bn_dup_expand(const BIGNUM *b, int words)
342{
334 BIGNUM *r = NULL; 343 BIGNUM *r = NULL;
335 344
336 bn_check_top(b); 345 bn_check_top(b);
@@ -341,37 +350,30 @@ BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
341 * (But bn_dup_expand() is not used anywhere yet.) 350 * (But bn_dup_expand() is not used anywhere yet.)
342 */ 351 */
343 352
344 if (words > b->dmax) 353 if (words > b->dmax) {
345 {
346 BN_ULONG *a = bn_expand_internal(b, words); 354 BN_ULONG *a = bn_expand_internal(b, words);
347 355
348 if (a) 356 if (a) {
349 {
350 r = BN_new(); 357 r = BN_new();
351 if (r) 358 if (r) {
352 {
353 r->top = b->top; 359 r->top = b->top;
354 r->dmax = words; 360 r->dmax = words;
355 r->neg = b->neg; 361 r->neg = b->neg;
356 r->d = a; 362 r->d = a;
357 } 363 } else {
358 else
359 {
360 /* r == NULL, BN_new failure */ 364 /* r == NULL, BN_new failure */
361 free(a); 365 free(a);
362 }
363 } 366 }
367 }
364 /* If a == NULL, there was an error in allocation in 368 /* If a == NULL, there was an error in allocation in
365 bn_expand_internal(), and NULL should be returned */ 369 bn_expand_internal(), and NULL should be returned */
366 } 370 } else {
367 else
368 {
369 r = BN_dup(b); 371 r = BN_dup(b);
370 } 372 }
371 373
372 bn_check_top(r); 374 bn_check_top(r);
373 return r; 375 return r;
374 } 376}
375#endif 377#endif
376 378
377/* This is an internal function that should not be used in applications. 379/* This is an internal function that should not be used in applications.
@@ -380,103 +382,121 @@ BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
380 * It is mostly used by the various BIGNUM routines. If there is an error, 382 * It is mostly used by the various BIGNUM routines. If there is an error,
381 * NULL is returned. If not, 'b' is returned. */ 383 * NULL is returned. If not, 'b' is returned. */
382 384
383BIGNUM *bn_expand2(BIGNUM *b, int words) 385BIGNUM *
384 { 386bn_expand2(BIGNUM *b, int words)
387{
385 bn_check_top(b); 388 bn_check_top(b);
386 389
387 if (words > b->dmax) 390 if (words > b->dmax) {
388 {
389 BN_ULONG *a = bn_expand_internal(b, words); 391 BN_ULONG *a = bn_expand_internal(b, words);
390 if(!a) return NULL; 392 if (!a)
391 if(b->d) { 393 return NULL;
394 if (b->d) {
392 OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0])); 395 OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
393 free(b->d); 396 free(b->d);
394 } 397 }
395 b->d=a; 398 b->d = a;
396 b->dmax=words; 399 b->dmax = words;
397 } 400 }
398 401
399/* None of this should be necessary because of what b->top means! */ 402/* None of this should be necessary because of what b->top means! */
400#if 0 403#if 0
401 /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */ 404 /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */
402 if (b->top < b->dmax) 405 if (b->top < b->dmax) {
403 {
404 int i; 406 int i;
405 BN_ULONG *A = &(b->d[b->top]); 407 BN_ULONG *A = &(b->d[b->top]);
406 for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8) 408 for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) {
407 { 409 A[0] = 0;
408 A[0]=0; A[1]=0; A[2]=0; A[3]=0; 410 A[1] = 0;
409 A[4]=0; A[5]=0; A[6]=0; A[7]=0; 411 A[2] = 0;
410 } 412 A[3] = 0;
411 for (i=(b->dmax - b->top)&7; i>0; i--,A++) 413 A[4] = 0;
412 A[0]=0; 414 A[5] = 0;
415 A[6] = 0;
416 A[7] = 0;
417 }
418 for (i = (b->dmax - b->top)&7; i > 0; i--, A++)
419 A[0] = 0;
413 assert(A == &(b->d[b->dmax])); 420 assert(A == &(b->d[b->dmax]));
414 } 421 }
415#endif 422#endif
416 bn_check_top(b); 423 bn_check_top(b);
417 return b; 424 return b;
418 } 425}
419 426
420BIGNUM *BN_dup(const BIGNUM *a) 427BIGNUM *
421 { 428BN_dup(const BIGNUM *a)
429{
422 BIGNUM *t; 430 BIGNUM *t;
423 431
424 if (a == NULL) return NULL; 432 if (a == NULL)
433 return NULL;
425 bn_check_top(a); 434 bn_check_top(a);
426 435
427 t = BN_new(); 436 t = BN_new();
428 if (t == NULL) return NULL; 437 if (t == NULL)
429 if(!BN_copy(t, a)) 438 return NULL;
430 { 439 if (!BN_copy(t, a)) {
431 BN_free(t); 440 BN_free(t);
432 return NULL; 441 return NULL;
433 } 442 }
434 bn_check_top(t); 443 bn_check_top(t);
435 return t; 444 return t;
436 } 445}
437 446
438BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) 447BIGNUM *
439 { 448BN_copy(BIGNUM *a, const BIGNUM *b)
449{
440 int i; 450 int i;
441 BN_ULONG *A; 451 BN_ULONG *A;
442 const BN_ULONG *B; 452 const BN_ULONG *B;
443 453
444 bn_check_top(b); 454 bn_check_top(b);
445 455
446 if (a == b) return(a); 456 if (a == b)
447 if (bn_wexpand(a,b->top) == NULL) return(NULL); 457 return (a);
458 if (bn_wexpand(a, b->top) == NULL)
459 return (NULL);
448 460
449#if 1 461#if 1
450 A=a->d; 462 A = a->d;
451 B=b->d; 463 B = b->d;
452 for (i=b->top>>2; i>0; i--,A+=4,B+=4) 464 for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
453 { 465 BN_ULONG a0, a1, a2, a3;
454 BN_ULONG a0,a1,a2,a3; 466 a0 = B[0];
455 a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; 467 a1 = B[1];
456 A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; 468 a2 = B[2];
457 } 469 a3 = B[3];
458 switch (b->top&3) 470 A[0] = a0;
459 { 471 A[1] = a1;
460 case 3: A[2]=B[2]; 472 A[2] = a2;
461 case 2: A[1]=B[1]; 473 A[3] = a3;
462 case 1: A[0]=B[0]; 474 }
463 } 475 switch (b->top & 3) {
476 case 3:
477 A[2] = B[2];
478 case 2:
479 A[1] = B[1];
480 case 1:
481 A[0] = B[0];
482 }
464#else 483#else
465 memcpy(a->d,b->d,sizeof(b->d[0])*b->top); 484 memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
466#endif 485#endif
467 486
468 a->top=b->top; 487 a->top = b->top;
469 a->neg=b->neg; 488 a->neg = b->neg;
470 bn_check_top(a); 489 bn_check_top(a);
471 return(a); 490 return (a);
472 } 491}
473 492
474void BN_swap(BIGNUM *a, BIGNUM *b) 493void
475 { 494BN_swap(BIGNUM *a, BIGNUM *b)
495{
476 int flags_old_a, flags_old_b; 496 int flags_old_a, flags_old_b;
477 BN_ULONG *tmp_d; 497 BN_ULONG *tmp_d;
478 int tmp_top, tmp_dmax, tmp_neg; 498 int tmp_top, tmp_dmax, tmp_neg;
479 499
480 bn_check_top(a); 500 bn_check_top(a);
481 bn_check_top(b); 501 bn_check_top(b);
482 502
@@ -487,270 +507,295 @@ void BN_swap(BIGNUM *a, BIGNUM *b)
487 tmp_top = a->top; 507 tmp_top = a->top;
488 tmp_dmax = a->dmax; 508 tmp_dmax = a->dmax;
489 tmp_neg = a->neg; 509 tmp_neg = a->neg;
490 510
491 a->d = b->d; 511 a->d = b->d;
492 a->top = b->top; 512 a->top = b->top;
493 a->dmax = b->dmax; 513 a->dmax = b->dmax;
494 a->neg = b->neg; 514 a->neg = b->neg;
495 515
496 b->d = tmp_d; 516 b->d = tmp_d;
497 b->top = tmp_top; 517 b->top = tmp_top;
498 b->dmax = tmp_dmax; 518 b->dmax = tmp_dmax;
499 b->neg = tmp_neg; 519 b->neg = tmp_neg;
500 520
501 a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); 521 a->flags = (flags_old_a & BN_FLG_MALLOCED) |
502 b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); 522 (flags_old_b & BN_FLG_STATIC_DATA);
523 b->flags = (flags_old_b & BN_FLG_MALLOCED) |
524 (flags_old_a & BN_FLG_STATIC_DATA);
503 bn_check_top(a); 525 bn_check_top(a);
504 bn_check_top(b); 526 bn_check_top(b);
505 } 527}
506 528
507void BN_clear(BIGNUM *a) 529void
508 { 530BN_clear(BIGNUM *a)
531{
509 bn_check_top(a); 532 bn_check_top(a);
510 if (a->d != NULL) 533 if (a->d != NULL)
511 memset(a->d,0,a->dmax*sizeof(a->d[0])); 534 memset(a->d, 0, a->dmax * sizeof(a->d[0]));
512 a->top=0; 535 a->top = 0;
513 a->neg=0; 536 a->neg = 0;
514 } 537}
515 538
516BN_ULONG BN_get_word(const BIGNUM *a) 539BN_ULONG
517 { 540BN_get_word(const BIGNUM *a)
541{
518 if (a->top > 1) 542 if (a->top > 1)
519 return BN_MASK2; 543 return BN_MASK2;
520 else if (a->top == 1) 544 else if (a->top == 1)
521 return a->d[0]; 545 return a->d[0];
522 /* a->top == 0 */ 546 /* a->top == 0 */
523 return 0; 547 return 0;
524 } 548}
525 549
526int BN_set_word(BIGNUM *a, BN_ULONG w) 550int
527 { 551BN_set_word(BIGNUM *a, BN_ULONG w)
552{
528 bn_check_top(a); 553 bn_check_top(a);
529 if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0); 554 if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL)
555 return (0);
530 a->neg = 0; 556 a->neg = 0;
531 a->d[0] = w; 557 a->d[0] = w;
532 a->top = (w ? 1 : 0); 558 a->top = (w ? 1 : 0);
533 bn_check_top(a); 559 bn_check_top(a);
534 return(1); 560 return (1);
535 } 561}
536 562
537BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) 563BIGNUM *
538 { 564BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
539 unsigned int i,m; 565{
566 unsigned int i, m;
540 unsigned int n; 567 unsigned int n;
541 BN_ULONG l; 568 BN_ULONG l;
542 BIGNUM *bn = NULL; 569 BIGNUM *bn = NULL;
543 570
544 if (ret == NULL) 571 if (ret == NULL)
545 ret = bn = BN_new(); 572 ret = bn = BN_new();
546 if (ret == NULL) return(NULL); 573 if (ret == NULL)
574 return (NULL);
547 bn_check_top(ret); 575 bn_check_top(ret);
548 l=0; 576 l = 0;
549 n=len; 577 n = len;
550 if (n == 0) 578 if (n == 0) {
551 { 579 ret->top = 0;
552 ret->top=0; 580 return (ret);
553 return(ret); 581 }
554 } 582 i = ((n - 1) / BN_BYTES) + 1;
555 i=((n-1)/BN_BYTES)+1; 583 m = ((n - 1) % (BN_BYTES));
556 m=((n-1)%(BN_BYTES)); 584 if (bn_wexpand(ret, (int)i) == NULL) {
557 if (bn_wexpand(ret, (int)i) == NULL) 585 if (bn)
558 { 586 BN_free(bn);
559 if (bn) BN_free(bn);
560 return NULL; 587 return NULL;
588 }
589 ret->top = i;
590 ret->neg = 0;
591 while (n--) {
592 l = (l << 8L) | *(s++);
593 if (m-- == 0) {
594 ret->d[--i] = l;
595 l = 0;
596 m = BN_BYTES - 1;
561 } 597 }
562 ret->top=i; 598 }
563 ret->neg=0;
564 while (n--)
565 {
566 l=(l<<8L)| *(s++);
567 if (m-- == 0)
568 {
569 ret->d[--i]=l;
570 l=0;
571 m=BN_BYTES-1;
572 }
573 }
574 /* need to call this due to clear byte at top if avoiding 599 /* need to call this due to clear byte at top if avoiding
575 * having the top bit set (-ve number) */ 600 * having the top bit set (-ve number) */
576 bn_correct_top(ret); 601 bn_correct_top(ret);
577 return(ret); 602 return (ret);
578 } 603}
579 604
580/* ignore negative */ 605/* ignore negative */
581int BN_bn2bin(const BIGNUM *a, unsigned char *to) 606int
582 { 607BN_bn2bin(const BIGNUM *a, unsigned char *to)
583 int n,i; 608{
609 int n, i;
584 BN_ULONG l; 610 BN_ULONG l;
585 611
586 bn_check_top(a); 612 bn_check_top(a);
587 n=i=BN_num_bytes(a); 613 n = i=BN_num_bytes(a);
588 while (i--) 614 while (i--) {
589 { 615 l = a->d[i / BN_BYTES];
590 l=a->d[i/BN_BYTES]; 616 *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
591 *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
592 }
593 return(n);
594 } 617 }
618 return (n);
619}
595 620
596int BN_ucmp(const BIGNUM *a, const BIGNUM *b) 621int
597 { 622BN_ucmp(const BIGNUM *a, const BIGNUM *b)
623{
598 int i; 624 int i;
599 BN_ULONG t1,t2,*ap,*bp; 625 BN_ULONG t1, t2, *ap, *bp;
600 626
601 bn_check_top(a); 627 bn_check_top(a);
602 bn_check_top(b); 628 bn_check_top(b);
603 629
604 i=a->top-b->top; 630 i = a->top - b->top;
605 if (i != 0) return(i); 631 if (i != 0)
606 ap=a->d; 632 return (i);
607 bp=b->d; 633 ap = a->d;
608 for (i=a->top-1; i>=0; i--) 634 bp = b->d;
609 { 635 for (i = a->top - 1; i >= 0; i--) {
610 t1= ap[i]; 636 t1 = ap[i];
611 t2= bp[i]; 637 t2 = bp[i];
612 if (t1 != t2) 638 if (t1 != t2)
613 return((t1 > t2) ? 1 : -1); 639 return ((t1 > t2) ? 1 : -1);
614 }
615 return(0);
616 } 640 }
641 return (0);
642}
617 643
618int BN_cmp(const BIGNUM *a, const BIGNUM *b) 644int
619 { 645BN_cmp(const BIGNUM *a, const BIGNUM *b)
646{
620 int i; 647 int i;
621 int gt,lt; 648 int gt, lt;
622 BN_ULONG t1,t2; 649 BN_ULONG t1, t2;
623 650
624 if ((a == NULL) || (b == NULL)) 651 if ((a == NULL) || (b == NULL)) {
625 {
626 if (a != NULL) 652 if (a != NULL)
627 return(-1); 653 return (-1);
628 else if (b != NULL) 654 else if (b != NULL)
629 return(1); 655 return (1);
630 else 656 else
631 return(0); 657 return (0);
632 } 658 }
633 659
634 bn_check_top(a); 660 bn_check_top(a);
635 bn_check_top(b); 661 bn_check_top(b);
636 662
637 if (a->neg != b->neg) 663 if (a->neg != b->neg) {
638 {
639 if (a->neg) 664 if (a->neg)
640 return(-1); 665 return (-1);
641 else return(1); 666 else
642 } 667 return (1);
643 if (a->neg == 0) 668 }
644 { gt=1; lt= -1; } 669 if (a->neg == 0) {
645 else { gt= -1; lt=1; } 670 gt = 1;
646 671 lt = -1;
647 if (a->top > b->top) return(gt); 672 } else {
648 if (a->top < b->top) return(lt); 673 gt = -1;
649 for (i=a->top-1; i>=0; i--) 674 lt = 1;
650 {
651 t1=a->d[i];
652 t2=b->d[i];
653 if (t1 > t2) return(gt);
654 if (t1 < t2) return(lt);
655 }
656 return(0);
657 } 675 }
658 676
659int BN_set_bit(BIGNUM *a, int n) 677 if (a->top > b->top)
660 { 678 return (gt);
661 int i,j,k; 679 if (a->top < b->top)
680 return (lt);
681 for (i = a->top - 1; i >= 0; i--) {
682 t1 = a->d[i];
683 t2 = b->d[i];
684 if (t1 > t2)
685 return (gt);
686 if (t1 < t2)
687 return (lt);
688 }
689 return (0);
690}
691
692int
693BN_set_bit(BIGNUM *a, int n)
694{
695 int i, j, k;
662 696
663 if (n < 0) 697 if (n < 0)
664 return 0; 698 return 0;
665 699
666 i=n/BN_BITS2; 700 i = n / BN_BITS2;
667 j=n%BN_BITS2; 701 j = n % BN_BITS2;
668 if (a->top <= i) 702 if (a->top <= i) {
669 { 703 if (bn_wexpand(a, i + 1) == NULL)
670 if (bn_wexpand(a,i+1) == NULL) return(0); 704 return (0);
671 for(k=a->top; k<i+1; k++) 705 for (k = a->top; k < i + 1; k++)
672 a->d[k]=0; 706 a->d[k] = 0;
673 a->top=i+1; 707 a->top = i + 1;
674 } 708 }
675 709
676 a->d[i]|=(((BN_ULONG)1)<<j); 710 a->d[i] |= (((BN_ULONG)1) << j);
677 bn_check_top(a); 711 bn_check_top(a);
678 return(1); 712 return (1);
679 } 713}
680 714
681int BN_clear_bit(BIGNUM *a, int n) 715int
682 { 716BN_clear_bit(BIGNUM *a, int n)
683 int i,j; 717{
718 int i, j;
684 719
685 bn_check_top(a); 720 bn_check_top(a);
686 if (n < 0) return 0; 721 if (n < 0)
722 return 0;
687 723
688 i=n/BN_BITS2; 724 i = n / BN_BITS2;
689 j=n%BN_BITS2; 725 j = n % BN_BITS2;
690 if (a->top <= i) return(0); 726 if (a->top <= i)
727 return (0);
691 728
692 a->d[i]&=(~(((BN_ULONG)1)<<j)); 729 a->d[i] &= (~(((BN_ULONG)1) << j));
693 bn_correct_top(a); 730 bn_correct_top(a);
694 return(1); 731 return (1);
695 } 732}
696 733
697int BN_is_bit_set(const BIGNUM *a, int n) 734int
698 { 735BN_is_bit_set(const BIGNUM *a, int n)
699 int i,j; 736{
737 int i, j;
700 738
701 bn_check_top(a); 739 bn_check_top(a);
702 if (n < 0) return 0; 740 if (n < 0)
703 i=n/BN_BITS2; 741 return 0;
704 j=n%BN_BITS2; 742 i = n / BN_BITS2;
705 if (a->top <= i) return 0; 743 j = n % BN_BITS2;
706 return (int)(((a->d[i])>>j)&((BN_ULONG)1)); 744 if (a->top <= i)
707 } 745 return 0;
746 return (int)(((a->d[i]) >> j) & ((BN_ULONG)1));
747}
708 748
709int BN_mask_bits(BIGNUM *a, int n) 749int
710 { 750BN_mask_bits(BIGNUM *a, int n)
711 int b,w; 751{
752 int b, w;
712 753
713 bn_check_top(a); 754 bn_check_top(a);
714 if (n < 0) return 0; 755 if (n < 0)
756 return 0;
715 757
716 w=n/BN_BITS2; 758 w = n / BN_BITS2;
717 b=n%BN_BITS2; 759 b = n % BN_BITS2;
718 if (w >= a->top) return 0; 760 if (w >= a->top)
761 return 0;
719 if (b == 0) 762 if (b == 0)
720 a->top=w; 763 a->top = w;
721 else 764 else {
722 { 765 a->top = w + 1;
723 a->top=w+1; 766 a->d[w] &= ~(BN_MASK2 << b);
724 a->d[w]&= ~(BN_MASK2<<b);
725 }
726 bn_correct_top(a);
727 return(1);
728 } 767 }
768 bn_correct_top(a);
769 return (1);
770}
729 771
730void BN_set_negative(BIGNUM *a, int b) 772void
731 { 773BN_set_negative(BIGNUM *a, int b)
774{
732 if (b && !BN_is_zero(a)) 775 if (b && !BN_is_zero(a))
733 a->neg = 1; 776 a->neg = 1;
734 else 777 else
735 a->neg = 0; 778 a->neg = 0;
736 } 779}
737 780
738int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) 781int
739 { 782bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
783{
740 int i; 784 int i;
741 BN_ULONG aa,bb; 785 BN_ULONG aa, bb;
742 786
743 aa=a[n-1]; 787 aa = a[n - 1];
744 bb=b[n-1]; 788 bb = b[n - 1];
745 if (aa != bb) return((aa > bb)?1:-1); 789 if (aa != bb)
746 for (i=n-2; i>=0; i--) 790 return ((aa > bb) ? 1 : -1);
747 { 791 for (i = n - 2; i >= 0; i--) {
748 aa=a[i]; 792 aa = a[i];
749 bb=b[i]; 793 bb = b[i];
750 if (aa != bb) return((aa > bb)?1:-1); 794 if (aa != bb)
751 } 795 return ((aa > bb) ? 1 : -1);
752 return(0);
753 } 796 }
797 return (0);
798}
754 799
755/* Here follows a specialised variants of bn_cmp_words(). It has the 800/* Here follows a specialised variants of bn_cmp_words(). It has the
756 property of performing the operation on arrays of different sizes. 801 property of performing the operation on arrays of different sizes.
@@ -759,40 +804,38 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
759 delta between the two lengths, calculated as len(a)-len(b). 804 delta between the two lengths, calculated as len(a)-len(b).
760 All lengths are the number of BN_ULONGs... */ 805 All lengths are the number of BN_ULONGs... */
761 806
762int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, 807int
763 int cl, int dl) 808bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl)
764 { 809{
765 int n,i; 810 int n, i;
766 n = cl-1; 811
767 812 n = cl - 1;
768 if (dl < 0) 813
769 { 814 if (dl < 0) {
770 for (i=dl; i<0; i++) 815 for (i = dl; i < 0; i++) {
771 { 816 if (b[n - i] != 0)
772 if (b[n-i] != 0)
773 return -1; /* a < b */ 817 return -1; /* a < b */
774 }
775 } 818 }
776 if (dl > 0) 819 }
777 { 820 if (dl > 0) {
778 for (i=dl; i>0; i--) 821 for (i = dl; i > 0; i--) {
779 { 822 if (a[n + i] != 0)
780 if (a[n+i] != 0)
781 return 1; /* a > b */ 823 return 1; /* a > b */
782 }
783 } 824 }
784 return bn_cmp_words(a,b,cl);
785 } 825 }
826 return bn_cmp_words(a, b, cl);
827}
786 828
787/* 829/*
788 * Constant-time conditional swap of a and b. 830 * Constant-time conditional swap of a and b.
789 * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. 831 * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
790 * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, 832 * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
791 * and that no more than nwords are used by either a or b. 833 * and that no more than nwords are used by either a or b.
792 * a and b cannot be the same number 834 * a and b cannot be the same number
793 */ 835 */
794void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) 836void
795 { 837BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
838{
796 BN_ULONG t; 839 BN_ULONG t;
797 int i; 840 int i;
798 841
@@ -819,7 +862,7 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
819 862
820 switch (nwords) { 863 switch (nwords) {
821 default: 864 default:
822 for (i = 10; i < nwords; i++) 865 for (i = 10; i < nwords; i++)
823 BN_CONSTTIME_SWAP(i); 866 BN_CONSTTIME_SWAP(i);
824 /* Fallthrough */ 867 /* Fallthrough */
825 case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ 868 case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
@@ -831,7 +874,8 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
831 case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ 874 case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
832 case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ 875 case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
833 case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ 876 case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
834 case 1: BN_CONSTTIME_SWAP(0); 877 case 1:
878 BN_CONSTTIME_SWAP(0);
835 } 879 }
836#undef BN_CONSTTIME_SWAP 880#undef BN_CONSTTIME_SWAP
837} 881}
diff --git a/src/lib/libcrypto/bn/bn_mod.c b/src/lib/libcrypto/bn/bn_mod.c
index 6c439402dd..dae388ac84 100644
--- a/src/lib/libcrypto/bn/bn_mod.c
+++ b/src/lib/libcrypto/bn/bn_mod.c
@@ -9,7 +9,7 @@
9 * are met: 9 * are met:
10 * 10 *
11 * 1. Redistributions of source code must retain the above copyright 11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer. 12 * notice, this list of conditions and the following disclaimer.
13 * 13 *
14 * 2. Redistributions in binary form must reproduce the above copyright 14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in 15 * notice, this list of conditions and the following disclaimer in
@@ -60,21 +60,21 @@
60 * This package is an SSL implementation written 60 * This package is an SSL implementation written
61 * by Eric Young (eay@cryptsoft.com). 61 * by Eric Young (eay@cryptsoft.com).
62 * The implementation was written so as to conform with Netscapes SSL. 62 * The implementation was written so as to conform with Netscapes SSL.
63 * 63 *
64 * This library is free for commercial and non-commercial use as long as 64 * This library is free for commercial and non-commercial use as long as
65 * the following conditions are aheared to. The following conditions 65 * the following conditions are aheared to. The following conditions
66 * apply to all code found in this distribution, be it the RC4, RSA, 66 * apply to all code found in this distribution, be it the RC4, RSA,
67 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 67 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
68 * included with this distribution is covered by the same copyright terms 68 * included with this distribution is covered by the same copyright terms
69 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 69 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
70 * 70 *
71 * Copyright remains Eric Young's, and as such any Copyright notices in 71 * Copyright remains Eric Young's, and as such any Copyright notices in
72 * the code are not to be removed. 72 * the code are not to be removed.
73 * If this package is used in a product, Eric Young should be given attribution 73 * If this package is used in a product, Eric Young should be given attribution
74 * as the author of the parts of the library used. 74 * as the author of the parts of the library used.
75 * This can be in the form of a textual message at program startup or 75 * This can be in the form of a textual message at program startup or
76 * in documentation (online or textual) provided with the package. 76 * in documentation (online or textual) provided with the package.
77 * 77 *
78 * Redistribution and use in source and binary forms, with or without 78 * Redistribution and use in source and binary forms, with or without
79 * modification, are permitted provided that the following conditions 79 * modification, are permitted provided that the following conditions
80 * are met: 80 * are met:
@@ -89,10 +89,10 @@
89 * Eric Young (eay@cryptsoft.com)" 89 * Eric Young (eay@cryptsoft.com)"
90 * The word 'cryptographic' can be left out if the rouines from the library 90 * The word 'cryptographic' can be left out if the rouines from the library
91 * being used are not cryptographic related :-). 91 * being used are not cryptographic related :-).
92 * 4. If you include any Windows specific code (or a derivative thereof) from 92 * 4. If you include any Windows specific code (or a derivative thereof) from
93 * the apps directory (application code) you must include an acknowledgement: 93 * the apps directory (application code) you must include an acknowledgement:
94 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 94 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
95 * 95 *
96 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 96 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
97 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 97 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
98 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 98 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -104,7 +104,7 @@
104 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 104 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
105 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 105 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
106 * SUCH DAMAGE. 106 * SUCH DAMAGE.
107 * 107 *
108 * The licence and distribution terms for any publically available version or 108 * The licence and distribution terms for any publically available version or
109 * derivative of this code cannot be changed. i.e. this code cannot simply be 109 * derivative of this code cannot be changed. i.e. this code cannot simply be
110 * copied and put under another distribution licence 110 * copied and put under another distribution licence
@@ -114,13 +114,13 @@
114#include "cryptlib.h" 114#include "cryptlib.h"
115#include "bn_lcl.h" 115#include "bn_lcl.h"
116 116
117 117int
118int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) 118BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
119 { 119{
120 /* like BN_mod, but returns non-negative remainder 120 /* like BN_mod, but returns non-negative remainder
121 * (i.e., 0 <= r < |d| always holds) */ 121 * (i.e., 0 <= r < |d| always holds) */
122 122
123 if (!(BN_mod(r,m,d,ctx))) 123 if (!(BN_mod(r, m,d, ctx)))
124 return 0; 124 return 0;
125 if (!r->neg) 125 if (!r->neg)
126 return 1; 126 return 1;
@@ -128,165 +128,178 @@ int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
128 return (d->neg ? BN_sub : BN_add)(r, r, d); 128 return (d->neg ? BN_sub : BN_add)(r, r, d);
129} 129}
130 130
131 131int
132int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) 132BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
133 { 133 BN_CTX *ctx)
134 if (!BN_add(r, a, b)) return 0; 134{
135 if (!BN_add(r, a, b))
136 return 0;
135 return BN_nnmod(r, r, m, ctx); 137 return BN_nnmod(r, r, m, ctx);
136 } 138}
137
138 139
139/* BN_mod_add variant that may be used if both a and b are non-negative 140/* BN_mod_add variant that may be used if both a and b are non-negative
140 * and less than m */ 141 * and less than m */
141int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) 142int
142 { 143BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
143 if (!BN_uadd(r, a, b)) return 0; 144{
145 if (!BN_uadd(r, a, b))
146 return 0;
144 if (BN_ucmp(r, m) >= 0) 147 if (BN_ucmp(r, m) >= 0)
145 return BN_usub(r, r, m); 148 return BN_usub(r, r, m);
146 return 1; 149 return 1;
147 } 150}
148
149 151
150int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) 152int
151 { 153BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
152 if (!BN_sub(r, a, b)) return 0; 154 BN_CTX *ctx)
155{
156 if (!BN_sub(r, a, b))
157 return 0;
153 return BN_nnmod(r, r, m, ctx); 158 return BN_nnmod(r, r, m, ctx);
154 } 159}
155
156 160
157/* BN_mod_sub variant that may be used if both a and b are non-negative 161/* BN_mod_sub variant that may be used if both a and b are non-negative
158 * and less than m */ 162 * and less than m */
159int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) 163int
160 { 164BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
161 if (!BN_sub(r, a, b)) return 0; 165{
166 if (!BN_sub(r, a, b))
167 return 0;
162 if (r->neg) 168 if (r->neg)
163 return BN_add(r, r, m); 169 return BN_add(r, r, m);
164 return 1; 170 return 1;
165 } 171}
166
167 172
168/* slow but works */ 173/* slow but works */
169int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, 174int
170 BN_CTX *ctx) 175BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
171 { 176 BN_CTX *ctx)
177{
172 BIGNUM *t; 178 BIGNUM *t;
173 int ret=0; 179 int ret = 0;
174 180
175 bn_check_top(a); 181 bn_check_top(a);
176 bn_check_top(b); 182 bn_check_top(b);
177 bn_check_top(m); 183 bn_check_top(m);
178 184
179 BN_CTX_start(ctx); 185 BN_CTX_start(ctx);
180 if ((t = BN_CTX_get(ctx)) == NULL) goto err; 186 if ((t = BN_CTX_get(ctx)) == NULL)
181 if (a == b) 187 goto err;
182 { if (!BN_sqr(t,a,ctx)) goto err; } 188 if (a == b) {
183 else 189 if (!BN_sqr(t, a, ctx))
184 { if (!BN_mul(t,a,b,ctx)) goto err; } 190 goto err;
185 if (!BN_nnmod(r,t,m,ctx)) goto err; 191 } else {
192 if (!BN_mul(t, a,b, ctx))
193 goto err;
194 }
195 if (!BN_nnmod(r, t,m, ctx))
196 goto err;
186 bn_check_top(r); 197 bn_check_top(r);
187 ret=1; 198 ret = 1;
199
188err: 200err:
189 BN_CTX_end(ctx); 201 BN_CTX_end(ctx);
190 return(ret); 202 return (ret);
191 } 203}
192
193 204
194int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) 205int
195 { 206BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
196 if (!BN_sqr(r, a, ctx)) return 0; 207{
208 if (!BN_sqr(r, a, ctx))
209 return 0;
197 /* r->neg == 0, thus we don't need BN_nnmod */ 210 /* r->neg == 0, thus we don't need BN_nnmod */
198 return BN_mod(r, r, m, ctx); 211 return BN_mod(r, r, m, ctx);
199 } 212}
200
201 213
202int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) 214int
203 { 215BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
204 if (!BN_lshift1(r, a)) return 0; 216{
217 if (!BN_lshift1(r, a))
218 return 0;
205 bn_check_top(r); 219 bn_check_top(r);
206 return BN_nnmod(r, r, m, ctx); 220 return BN_nnmod(r, r, m, ctx);
207 } 221}
208
209 222
210/* BN_mod_lshift1 variant that may be used if a is non-negative 223/* BN_mod_lshift1 variant that may be used if a is non-negative
211 * and less than m */ 224 * and less than m */
212int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m) 225int
213 { 226BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
214 if (!BN_lshift1(r, a)) return 0; 227{
228 if (!BN_lshift1(r, a))
229 return 0;
215 bn_check_top(r); 230 bn_check_top(r);
216 if (BN_cmp(r, m) >= 0) 231 if (BN_cmp(r, m) >= 0)
217 return BN_sub(r, r, m); 232 return BN_sub(r, r, m);
218 return 1; 233 return 1;
219 } 234}
220
221 235
222int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx) 236int
223 { 237BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx)
238{
224 BIGNUM *abs_m = NULL; 239 BIGNUM *abs_m = NULL;
225 int ret; 240 int ret;
226 241
227 if (!BN_nnmod(r, a, m, ctx)) return 0; 242 if (!BN_nnmod(r, a, m, ctx))
243 return 0;
228 244
229 if (m->neg) 245 if (m->neg) {
230 {
231 abs_m = BN_dup(m); 246 abs_m = BN_dup(m);
232 if (abs_m == NULL) return 0; 247 if (abs_m == NULL)
248 return 0;
233 abs_m->neg = 0; 249 abs_m->neg = 0;
234 } 250 }
235 251
236 ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); 252 ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
237 bn_check_top(r); 253 bn_check_top(r);
238 254
239 if (abs_m) 255 if (abs_m)
240 BN_free(abs_m); 256 BN_free(abs_m);
241 return ret; 257 return ret;
242 } 258}
243
244 259
245/* BN_mod_lshift variant that may be used if a is non-negative 260/* BN_mod_lshift variant that may be used if a is non-negative
246 * and less than m */ 261 * and less than m */
247int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) 262int
248 { 263BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
249 if (r != a) 264{
250 { 265 if (r != a) {
251 if (BN_copy(r, a) == NULL) return 0; 266 if (BN_copy(r, a) == NULL)
252 } 267 return 0;
268 }
253 269
254 while (n > 0) 270 while (n > 0) {
255 {
256 int max_shift; 271 int max_shift;
257 272
258 /* 0 < r < m */ 273 /* 0 < r < m */
259 max_shift = BN_num_bits(m) - BN_num_bits(r); 274 max_shift = BN_num_bits(m) - BN_num_bits(r);
260 /* max_shift >= 0 */ 275 /* max_shift >= 0 */
261 276
262 if (max_shift < 0) 277 if (max_shift < 0) {
263 {
264 BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED); 278 BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
265 return 0; 279 return 0;
266 } 280 }
267 281
268 if (max_shift > n) 282 if (max_shift > n)
269 max_shift = n; 283 max_shift = n;
270 284
271 if (max_shift) 285 if (max_shift) {
272 { 286 if (!BN_lshift(r, r, max_shift))
273 if (!BN_lshift(r, r, max_shift)) return 0; 287 return 0;
274 n -= max_shift; 288 n -= max_shift;
275 } 289 } else {
276 else 290 if (!BN_lshift1(r, r))
277 { 291 return 0;
278 if (!BN_lshift1(r, r)) return 0;
279 --n; 292 --n;
280 } 293 }
281 294
282 /* BN_num_bits(r) <= BN_num_bits(m) */ 295 /* BN_num_bits(r) <= BN_num_bits(m) */
283 296
284 if (BN_cmp(r, m) >= 0) 297 if (BN_cmp(r, m) >= 0) {
285 { 298 if (!BN_sub(r, r, m))
286 if (!BN_sub(r, r, m)) return 0; 299 return 0;
287 }
288 } 300 }
301 }
289 bn_check_top(r); 302 bn_check_top(r);
290 303
291 return 1; 304 return 1;
292 } 305}
diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c
index 6274a934bb..073dfeffee 100644
--- a/src/lib/libcrypto/bn/bn_mont.c
+++ b/src/lib/libcrypto/bn/bn_mont.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
63 * are met: 63 * are met:
64 * 64 *
65 * 1. Redistributions of source code must retain the above copyright 65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer. 66 * notice, this list of conditions and the following disclaimer.
67 * 67 *
68 * 2. Redistributions in binary form must reproduce the above copyright 68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in 69 * notice, this list of conditions and the following disclaimer in
@@ -126,239 +126,263 @@
126static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); 126static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
127#endif 127#endif
128 128
129int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 129int
130 BN_MONT_CTX *mont, BN_CTX *ctx) 130BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
131 { 131 BN_MONT_CTX *mont, BN_CTX *ctx)
132{
132 BIGNUM *tmp; 133 BIGNUM *tmp;
133 int ret=0; 134 int ret = 0;
134#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) 135#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
135 int num = mont->N.top; 136 int num = mont->N.top;
136 137
137 if (num>1 && a->top==num && b->top==num) 138 if (num > 1 && a->top == num && b->top == num) {
138 { 139 if (bn_wexpand(r, num) == NULL)
139 if (bn_wexpand(r,num) == NULL) return(0); 140 return (0);
140 if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num)) 141 if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
141 {
142 r->neg = a->neg^b->neg; 142 r->neg = a->neg^b->neg;
143 r->top = num; 143 r->top = num;
144 bn_correct_top(r); 144 bn_correct_top(r);
145 return(1); 145 return (1);
146 }
147 } 146 }
147 }
148#endif 148#endif
149 149
150 BN_CTX_start(ctx); 150 BN_CTX_start(ctx);
151 tmp = BN_CTX_get(ctx); 151 tmp = BN_CTX_get(ctx);
152 if (tmp == NULL) goto err; 152 if (tmp == NULL)
153 goto err;
153 154
154 bn_check_top(tmp); 155 bn_check_top(tmp);
155 if (a == b) 156 if (a == b) {
156 { 157 if (!BN_sqr(tmp, a, ctx))
157 if (!BN_sqr(tmp,a,ctx)) goto err; 158 goto err;
158 } 159 } else {
159 else 160 if (!BN_mul(tmp, a,b, ctx))
160 { 161 goto err;
161 if (!BN_mul(tmp,a,b,ctx)) goto err; 162 }
162 }
163 /* reduce from aRR to aR */ 163 /* reduce from aRR to aR */
164#ifdef MONT_WORD 164#ifdef MONT_WORD
165 if (!BN_from_montgomery_word(r,tmp,mont)) goto err; 165 if (!BN_from_montgomery_word(r, tmp, mont))
166 goto err;
166#else 167#else
167 if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; 168 if (!BN_from_montgomery(r, tmp, mont, ctx))
169 goto err;
168#endif 170#endif
169 bn_check_top(r); 171 bn_check_top(r);
170 ret=1; 172 ret = 1;
171err: 173err:
172 BN_CTX_end(ctx); 174 BN_CTX_end(ctx);
173 return(ret); 175 return (ret);
174 } 176}
175 177
176#ifdef MONT_WORD 178#ifdef MONT_WORD
177static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) 179static int
178 { 180BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
181{
179 BIGNUM *n; 182 BIGNUM *n;
180 BN_ULONG *ap,*np,*rp,n0,v,carry; 183 BN_ULONG *ap, *np, *rp, n0, v, carry;
181 int nl,max,i; 184 int nl, max, i;
182 185
183 n= &(mont->N); 186 n = &(mont->N);
184 nl=n->top; 187 nl = n->top;
185 if (nl == 0) { ret->top=0; return(1); } 188 if (nl == 0) {
189 ret->top = 0;
190 return (1);
191 }
186 192
187 max=(2*nl); /* carry is stored separately */ 193 max = (2 * nl); /* carry is stored separately */
188 if (bn_wexpand(r,max) == NULL) return(0); 194 if (bn_wexpand(r, max) == NULL)
195 return (0);
189 196
190 r->neg^=n->neg; 197 r->neg ^= n->neg;
191 np=n->d; 198 np = n->d;
192 rp=r->d; 199 rp = r->d;
193 200
194 /* clear the top words of T */ 201 /* clear the top words of T */
195#if 1 202#if 1
196 for (i=r->top; i<max; i++) /* memset? XXX */ 203 for (i=r->top; i<max; i++) /* memset? XXX */
197 rp[i]=0; 204 rp[i] = 0;
198#else 205#else
199 memset(&(rp[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 206 memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG));
200#endif 207#endif
201 208
202 r->top=max; 209 r->top = max;
203 n0=mont->n0[0]; 210 n0 = mont->n0[0];
204 211
205#ifdef BN_COUNT 212#ifdef BN_COUNT
206 fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl); 213 fprintf(stderr, "word BN_from_montgomery_word %d * %d\n", nl, nl);
207#endif 214#endif
208 for (carry=0, i=0; i<nl; i++, rp++) 215 for (carry = 0, i = 0; i < nl; i++, rp++) {
209 { 216 v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2);
210 v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2); 217 v = (v + carry + rp[nl]) & BN_MASK2;
211 v = (v+carry+rp[nl])&BN_MASK2;
212 carry |= (v != rp[nl]); 218 carry |= (v != rp[nl]);
213 carry &= (v <= rp[nl]); 219 carry &= (v <= rp[nl]);
214 rp[nl]=v; 220 rp[nl] = v;
215 } 221 }
216 222
217 if (bn_wexpand(ret,nl) == NULL) return(0); 223 if (bn_wexpand(ret, nl) == NULL)
218 ret->top=nl; 224 return (0);
219 ret->neg=r->neg; 225 ret->top = nl;
226 ret->neg = r->neg;
220 227
221 rp=ret->d; 228 rp = ret->d;
222 ap=&(r->d[nl]); 229 ap = &(r->d[nl]);
223 230
224#define BRANCH_FREE 1 231#define BRANCH_FREE 1
225#if BRANCH_FREE 232#if BRANCH_FREE
226 { 233 {
227 BN_ULONG *nrp; 234 BN_ULONG *nrp;
228 size_t m; 235 size_t m;
229 236
230 v=bn_sub_words(rp,ap,np,nl)-carry; 237 v = bn_sub_words(rp, ap, np, nl) - carry;
231 /* if subtraction result is real, then 238 /* if subtraction result is real, then
232 * trick unconditional memcpy below to perform in-place 239 * trick unconditional memcpy below to perform in-place
233 * "refresh" instead of actual copy. */ 240 * "refresh" instead of actual copy. */
234 m=(0-(size_t)v); 241 m = (0 - (size_t)v);
235 nrp=(BN_ULONG *)(((uintptr_t)rp&~m)|((uintptr_t)ap&m)); 242 nrp = (BN_ULONG *)(((uintptr_t)rp & ~m)|((uintptr_t)ap & m));
236 243
237 for (i=0,nl-=4; i<nl; i+=4) 244 for (i = 0, nl -= 4; i < nl; i += 4) {
238 { 245 BN_ULONG t1, t2, t3, t4;
239 BN_ULONG t1,t2,t3,t4; 246
240 247 t1 = nrp[i + 0];
241 t1=nrp[i+0]; 248 t2 = nrp[i + 1];
242 t2=nrp[i+1]; 249 t3 = nrp[i + 2];
243 t3=nrp[i+2]; ap[i+0]=0; 250 ap[i + 0] = 0;
244 t4=nrp[i+3]; ap[i+1]=0; 251 t4 = nrp[i + 3];
245 rp[i+0]=t1; ap[i+2]=0; 252 ap[i + 1] = 0;
246 rp[i+1]=t2; ap[i+3]=0; 253 rp[i + 0] = t1;
247 rp[i+2]=t3; 254 ap[i + 2] = 0;
248 rp[i+3]=t4; 255 rp[i + 1] = t2;
256 ap[i + 3] = 0;
257 rp[i + 2] = t3;
258 rp[i + 3] = t4;
249 } 259 }
250 for (nl+=4; i<nl; i++) 260 for (nl += 4; i < nl; i++)
251 rp[i]=nrp[i], ap[i]=0; 261 rp[i] = nrp[i], ap[i] = 0;
252 } 262 }
253#else 263#else
254 if (bn_sub_words (rp,ap,np,nl)-carry) 264 if (bn_sub_words (rp, ap, np, nl) - carry)
255 memcpy(rp,ap,nl*sizeof(BN_ULONG)); 265 memcpy(rp, ap, nl*sizeof(BN_ULONG));
256#endif 266#endif
257 bn_correct_top(r); 267 bn_correct_top(r);
258 bn_correct_top(ret); 268 bn_correct_top(ret);
259 bn_check_top(ret); 269 bn_check_top(ret);
260 270
261 return(1); 271 return (1);
262 } 272}
263#endif /* MONT_WORD */ 273#endif /* MONT_WORD */
264 274
265int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, 275int
266 BN_CTX *ctx) 276BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx)
267 { 277{
268 int retn=0; 278 int retn = 0;
269#ifdef MONT_WORD 279#ifdef MONT_WORD
270 BIGNUM *t; 280 BIGNUM *t;
271 281
272 BN_CTX_start(ctx); 282 BN_CTX_start(ctx);
273 if ((t = BN_CTX_get(ctx)) && BN_copy(t,a)) 283 if ((t = BN_CTX_get(ctx)) && BN_copy(t, a))
274 retn = BN_from_montgomery_word(ret,t,mont); 284 retn = BN_from_montgomery_word(ret, t, mont);
275 BN_CTX_end(ctx); 285 BN_CTX_end(ctx);
276#else /* !MONT_WORD */ 286#else /* !MONT_WORD */
277 BIGNUM *t1,*t2; 287 BIGNUM *t1, *t2;
278 288
279 BN_CTX_start(ctx); 289 BN_CTX_start(ctx);
280 t1 = BN_CTX_get(ctx); 290 t1 = BN_CTX_get(ctx);
281 t2 = BN_CTX_get(ctx); 291 t2 = BN_CTX_get(ctx);
282 if (t1 == NULL || t2 == NULL) goto err; 292 if (t1 == NULL || t2 == NULL)
283 293 goto err;
284 if (!BN_copy(t1,a)) goto err; 294
285 BN_mask_bits(t1,mont->ri); 295 if (!BN_copy(t1, a))
286 296 goto err;
287 if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err; 297 BN_mask_bits(t1, mont->ri);
288 BN_mask_bits(t2,mont->ri); 298
289 299 if (!BN_mul(t2, t1, &mont->Ni, ctx))
290 if (!BN_mul(t1,t2,&mont->N,ctx)) goto err; 300 goto err;
291 if (!BN_add(t2,a,t1)) goto err; 301 BN_mask_bits(t2, mont->ri);
292 if (!BN_rshift(ret,t2,mont->ri)) goto err; 302
293 303 if (!BN_mul(t1, t2, &mont->N, ctx))
294 if (BN_ucmp(ret, &(mont->N)) >= 0) 304 goto err;
295 { 305 if (!BN_add(t2, a, t1))
296 if (!BN_usub(ret,ret,&(mont->N))) goto err; 306 goto err;
297 } 307 if (!BN_rshift(ret, t2, mont->ri))
298 retn=1; 308 goto err;
309
310 if (BN_ucmp(ret, &(mont->N)) >= 0) {
311 if (!BN_usub(ret, ret, &(mont->N)))
312 goto err;
313 }
314 retn = 1;
299 bn_check_top(ret); 315 bn_check_top(ret);
300 err: 316
317err:
301 BN_CTX_end(ctx); 318 BN_CTX_end(ctx);
302#endif /* MONT_WORD */ 319#endif /* MONT_WORD */
303 return(retn); 320 return (retn);
304 } 321}
305 322
306BN_MONT_CTX *BN_MONT_CTX_new(void) 323BN_MONT_CTX *
307 { 324BN_MONT_CTX_new(void)
325{
308 BN_MONT_CTX *ret; 326 BN_MONT_CTX *ret;
309 327
310 if ((ret=(BN_MONT_CTX *)malloc(sizeof(BN_MONT_CTX))) == NULL) 328 if ((ret = (BN_MONT_CTX *)malloc(sizeof(BN_MONT_CTX))) == NULL)
311 return(NULL); 329 return (NULL);
312 330
313 BN_MONT_CTX_init(ret); 331 BN_MONT_CTX_init(ret);
314 ret->flags=BN_FLG_MALLOCED; 332 ret->flags = BN_FLG_MALLOCED;
315 return(ret); 333 return (ret);
316 } 334}
317 335
318void BN_MONT_CTX_init(BN_MONT_CTX *ctx) 336void
319 { 337BN_MONT_CTX_init(BN_MONT_CTX *ctx)
320 ctx->ri=0; 338{
339 ctx->ri = 0;
321 BN_init(&(ctx->RR)); 340 BN_init(&(ctx->RR));
322 BN_init(&(ctx->N)); 341 BN_init(&(ctx->N));
323 BN_init(&(ctx->Ni)); 342 BN_init(&(ctx->Ni));
324 ctx->n0[0] = ctx->n0[1] = 0; 343 ctx->n0[0] = ctx->n0[1] = 0;
325 ctx->flags=0; 344 ctx->flags = 0;
326 } 345}
327 346
328void BN_MONT_CTX_free(BN_MONT_CTX *mont) 347void
329 { 348BN_MONT_CTX_free(BN_MONT_CTX *mont)
330 if(mont == NULL) 349{
331 return; 350 if (mont == NULL)
351 return;
332 352
333 BN_clear_free(&(mont->RR)); 353 BN_clear_free(&(mont->RR));
334 BN_clear_free(&(mont->N)); 354 BN_clear_free(&(mont->N));
335 BN_clear_free(&(mont->Ni)); 355 BN_clear_free(&(mont->Ni));
336 if (mont->flags & BN_FLG_MALLOCED) 356 if (mont->flags & BN_FLG_MALLOCED)
337 free(mont); 357 free(mont);
338 } 358}
339 359
340int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) 360int
341 { 361BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
362{
342 int ret = 0; 363 int ret = 0;
343 BIGNUM *Ri,*R; 364 BIGNUM *Ri, *R;
344 365
345 BN_CTX_start(ctx); 366 BN_CTX_start(ctx);
346 if((Ri = BN_CTX_get(ctx)) == NULL) goto err; 367 if ((Ri = BN_CTX_get(ctx)) == NULL)
347 R= &(mont->RR); /* grab RR as a temp */ 368 goto err;
348 if (!BN_copy(&(mont->N),mod)) goto err; /* Set N */ 369 R = &(mont->RR); /* grab RR as a temp */
370 if (!BN_copy(&(mont->N), mod))
371 goto err; /* Set N */
349 mont->N.neg = 0; 372 mont->N.neg = 0;
350 373
351#ifdef MONT_WORD 374#ifdef MONT_WORD
352 { 375 {
353 BIGNUM tmod; 376 BIGNUM tmod;
354 BN_ULONG buf[2]; 377 BN_ULONG buf[2];
355 378
356 BN_init(&tmod); 379 BN_init(&tmod);
357 tmod.d=buf; 380 tmod.d = buf;
358 tmod.dmax=2; 381 tmod.dmax = 2;
359 tmod.neg=0; 382 tmod.neg = 0;
360 383
361 mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; 384 mont->ri = (BN_num_bits(mod) +
385 (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
362 386
363#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) 387#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
364 /* Only certain BN_BITS2<=32 platforms actually make use of 388 /* Only certain BN_BITS2<=32 platforms actually make use of
@@ -367,128 +391,148 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
367 * files do know which is which. */ 391 * files do know which is which. */
368 392
369 BN_zero(R); 393 BN_zero(R);
370 if (!(BN_set_bit(R,2*BN_BITS2))) goto err; 394 if (!(BN_set_bit(R, 2 * BN_BITS2)))
395 goto err;
371 396
372 tmod.top=0; 397 tmod.top = 0;
373 if ((buf[0] = mod->d[0])) tmod.top=1; 398 if ((buf[0] = mod->d[0]))
374 if ((buf[1] = mod->top>1 ? mod->d[1] : 0)) tmod.top=2; 399 tmod.top = 1;
400 if ((buf[1] = mod->top > 1 ? mod->d[1] : 0))
401 tmod.top = 2;
375 402
376 if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL) 403 if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
377 goto err; 404 goto err;
378 if (!BN_lshift(Ri,Ri,2*BN_BITS2)) goto err; /* R*Ri */ 405 if (!BN_lshift(Ri, Ri, 2 * BN_BITS2))
379 if (!BN_is_zero(Ri)) 406 goto err; /* R*Ri */
380 { 407 if (!BN_is_zero(Ri)) {
381 if (!BN_sub_word(Ri,1)) goto err; 408 if (!BN_sub_word(Ri, 1))
382 } 409 goto err;
410 }
383 else /* if N mod word size == 1 */ 411 else /* if N mod word size == 1 */
384 { 412 {
385 if (bn_expand(Ri,(int)sizeof(BN_ULONG)*2) == NULL) 413 if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL)
386 goto err; 414 goto err;
387 /* Ri-- (mod double word size) */ 415 /* Ri-- (mod double word size) */
388 Ri->neg=0; 416 Ri->neg = 0;
389 Ri->d[0]=BN_MASK2; 417 Ri->d[0] = BN_MASK2;
390 Ri->d[1]=BN_MASK2; 418 Ri->d[1] = BN_MASK2;
391 Ri->top=2; 419 Ri->top = 2;
392 } 420 }
393 if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err; 421 if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
422 goto err;
394 /* Ni = (R*Ri-1)/N, 423 /* Ni = (R*Ri-1)/N,
395 * keep only couple of least significant words: */ 424 * keep only couple of least significant words: */
396 mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; 425 mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
397 mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0; 426 mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
398#else 427#else
399 BN_zero(R); 428 BN_zero(R);
400 if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */ 429 if (!(BN_set_bit(R, BN_BITS2)))
430 goto err; /* R */
401 431
402 buf[0]=mod->d[0]; /* tmod = N mod word size */ 432 buf[0] = mod->d[0]; /* tmod = N mod word size */
403 buf[1]=0; 433 buf[1] = 0;
404 tmod.top = buf[0] != 0 ? 1 : 0; 434 tmod.top = buf[0] != 0 ? 1 : 0;
405 /* Ri = R^-1 mod N*/ 435 /* Ri = R^-1 mod N*/
406 if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL) 436 if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
407 goto err; 437 goto err;
408 if (!BN_lshift(Ri,Ri,BN_BITS2)) goto err; /* R*Ri */ 438 if (!BN_lshift(Ri, Ri, BN_BITS2))
409 if (!BN_is_zero(Ri)) 439 goto err; /* R*Ri */
410 { 440 if (!BN_is_zero(Ri)) {
411 if (!BN_sub_word(Ri,1)) goto err; 441 if (!BN_sub_word(Ri, 1))
412 } 442 goto err;
443 }
413 else /* if N mod word size == 1 */ 444 else /* if N mod word size == 1 */
414 { 445 {
415 if (!BN_set_word(Ri,BN_MASK2)) goto err; /* Ri-- (mod word size) */ 446 if (!BN_set_word(Ri, BN_MASK2))
416 } 447 goto err; /* Ri-- (mod word size) */
417 if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err; 448 }
449 if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
450 goto err;
418 /* Ni = (R*Ri-1)/N, 451 /* Ni = (R*Ri-1)/N,
419 * keep only least significant word: */ 452 * keep only least significant word: */
420 mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; 453 mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
421 mont->n0[1] = 0; 454 mont->n0[1] = 0;
422#endif 455#endif
423 } 456 }
424#else /* !MONT_WORD */ 457#else /* !MONT_WORD */
425 { /* bignum version */ 458 { /* bignum version */
426 mont->ri=BN_num_bits(&mont->N); 459 mont->ri = BN_num_bits(&mont->N);
427 BN_zero(R); 460 BN_zero(R);
428 if (!BN_set_bit(R,mont->ri)) goto err; /* R = 2^ri */ 461 if (!BN_set_bit(R, mont->ri))
429 /* Ri = R^-1 mod N*/ 462 goto err; /* R = 2^ri */
430 if ((BN_mod_inverse(Ri,R,&mont->N,ctx)) == NULL) 463 /* Ri = R^-1 mod N*/
464 if ((BN_mod_inverse(Ri, R, &mont->N, ctx)) == NULL)
431 goto err; 465 goto err;
432 if (!BN_lshift(Ri,Ri,mont->ri)) goto err; /* R*Ri */ 466 if (!BN_lshift(Ri, Ri, mont->ri))
433 if (!BN_sub_word(Ri,1)) goto err; 467 goto err; /* R*Ri */
434 /* Ni = (R*Ri-1) / N */ 468 if (!BN_sub_word(Ri, 1))
435 if (!BN_div(&(mont->Ni),NULL,Ri,&mont->N,ctx)) goto err; 469 goto err;
436 } 470 /* Ni = (R*Ri-1) / N */
471 if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx))
472 goto err;
473 }
437#endif 474#endif
438 475
439 /* setup RR for conversions */ 476 /* setup RR for conversions */
440 BN_zero(&(mont->RR)); 477 BN_zero(&(mont->RR));
441 if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err; 478 if (!BN_set_bit(&(mont->RR), mont->ri*2))
442 if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err; 479 goto err;
480 if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
481 goto err;
443 482
444 ret = 1; 483 ret = 1;
484
445err: 485err:
446 BN_CTX_end(ctx); 486 BN_CTX_end(ctx);
447 return ret; 487 return ret;
448 } 488}
449 489
450BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) 490BN_MONT_CTX *
451 { 491BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
452 if (to == from) return(to); 492{
453 493 if (to == from)
454 if (!BN_copy(&(to->RR),&(from->RR))) return NULL; 494 return (to);
455 if (!BN_copy(&(to->N),&(from->N))) return NULL; 495
456 if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL; 496 if (!BN_copy(&(to->RR), &(from->RR)))
457 to->ri=from->ri; 497 return NULL;
458 to->n0[0]=from->n0[0]; 498 if (!BN_copy(&(to->N), &(from->N)))
459 to->n0[1]=from->n0[1]; 499 return NULL;
460 return(to); 500 if (!BN_copy(&(to->Ni), &(from->Ni)))
461 } 501 return NULL;
462 502 to->ri = from->ri;
463BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, 503 to->n0[0] = from->n0[0];
464 const BIGNUM *mod, BN_CTX *ctx) 504 to->n0[1] = from->n0[1];
465 { 505 return (to);
506}
507
508BN_MONT_CTX *
509BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, const BIGNUM *mod,
510 BN_CTX *ctx)
511{
466 int got_write_lock = 0; 512 int got_write_lock = 0;
467 BN_MONT_CTX *ret; 513 BN_MONT_CTX *ret;
468 514
469 CRYPTO_r_lock(lock); 515 CRYPTO_r_lock(lock);
470 if (!*pmont) 516 if (!*pmont) {
471 {
472 CRYPTO_r_unlock(lock); 517 CRYPTO_r_unlock(lock);
473 CRYPTO_w_lock(lock); 518 CRYPTO_w_lock(lock);
474 got_write_lock = 1; 519 got_write_lock = 1;
475 520
476 if (!*pmont) 521 if (!*pmont) {
477 {
478 ret = BN_MONT_CTX_new(); 522 ret = BN_MONT_CTX_new();
479 if (ret && !BN_MONT_CTX_set(ret, mod, ctx)) 523 if (ret && !BN_MONT_CTX_set(ret, mod, ctx))
480 BN_MONT_CTX_free(ret); 524 BN_MONT_CTX_free(ret);
481 else 525 else
482 *pmont = ret; 526 *pmont = ret;
483 }
484 } 527 }
485 528 }
529
486 ret = *pmont; 530 ret = *pmont;
487 531
488 if (got_write_lock) 532 if (got_write_lock)
489 CRYPTO_w_unlock(lock); 533 CRYPTO_w_unlock(lock);
490 else 534 else
491 CRYPTO_r_unlock(lock); 535 CRYPTO_r_unlock(lock);
492 536
493 return ret; 537 return ret;
494 } 538}
diff --git a/src/lib/libcrypto/bn/bn_mpi.c b/src/lib/libcrypto/bn/bn_mpi.c
index a054d21aed..64974d8ed3 100644
--- a/src/lib/libcrypto/bn/bn_mpi.c
+++ b/src/lib/libcrypto/bn/bn_mpi.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -60,71 +60,71 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "bn_lcl.h" 61#include "bn_lcl.h"
62 62
63int BN_bn2mpi(const BIGNUM *a, unsigned char *d) 63int
64 { 64BN_bn2mpi(const BIGNUM *a, unsigned char *d)
65{
65 int bits; 66 int bits;
66 int num=0; 67 int num = 0;
67 int ext=0; 68 int ext = 0;
68 long l; 69 long l;
69 70
70 bits=BN_num_bits(a); 71 bits = BN_num_bits(a);
71 num=(bits+7)/8; 72 num = (bits + 7) / 8;
72 if (bits > 0) 73 if (bits > 0) {
73 { 74 ext = ((bits & 0x07) == 0);
74 ext=((bits & 0x07) == 0); 75 }
75 }
76 if (d == NULL) 76 if (d == NULL)
77 return(num+4+ext); 77 return (num + 4 + ext);
78 78
79 l=num+ext; 79 l = num + ext;
80 d[0]=(unsigned char)(l>>24)&0xff; 80 d[0] = (unsigned char)(l >> 24) & 0xff;
81 d[1]=(unsigned char)(l>>16)&0xff; 81 d[1] = (unsigned char)(l >> 16) & 0xff;
82 d[2]=(unsigned char)(l>> 8)&0xff; 82 d[2] = (unsigned char)(l >> 8) & 0xff;
83 d[3]=(unsigned char)(l )&0xff; 83 d[3] = (unsigned char)(l) & 0xff;
84 if (ext) d[4]=0; 84 if (ext)
85 num=BN_bn2bin(a,&(d[4+ext])); 85 d[4] = 0;
86 num = BN_bn2bin(a, &(d[4 + ext]));
86 if (a->neg) 87 if (a->neg)
87 d[4]|=0x80; 88 d[4] |= 0x80;
88 return(num+4+ext); 89 return (num + 4 + ext);
89 } 90}
90 91
91BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) 92BIGNUM *
92 { 93BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
94{
93 long len; 95 long len;
94 int neg=0; 96 int neg = 0;
95 97
96 if (n < 4) 98 if (n < 4) {
97 { 99 BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
98 BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH); 100 return (NULL);
99 return(NULL); 101 }
100 } 102 len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) |
101 len=((long)d[0]<<24)|((long)d[1]<<16)|((int)d[2]<<8)|(int)d[3]; 103 (int)d[3];
102 if ((len+4) != n) 104 if ((len + 4) != n) {
103 { 105 BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR);
104 BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR); 106 return (NULL);
105 return(NULL); 107 }
106 }
107 108
108 if (a == NULL) a=BN_new(); 109 if (a == NULL)
109 if (a == NULL) return(NULL); 110 a = BN_new();
111 if (a == NULL)
112 return (NULL);
110 113
111 if (len == 0) 114 if (len == 0) {
112 { 115 a->neg = 0;
113 a->neg=0; 116 a->top = 0;
114 a->top=0; 117 return (a);
115 return(a); 118 }
116 } 119 d += 4;
117 d+=4;
118 if ((*d) & 0x80) 120 if ((*d) & 0x80)
119 neg=1; 121 neg = 1;
120 if (BN_bin2bn(d,(int)len,a) == NULL) 122 if (BN_bin2bn(d, (int)len, a) == NULL)
121 return(NULL); 123 return (NULL);
122 a->neg=neg; 124 a->neg = neg;
123 if (neg) 125 if (neg) {
124 { 126 BN_clear_bit(a, BN_num_bits(a) - 1);
125 BN_clear_bit(a,BN_num_bits(a)-1);
126 }
127 bn_check_top(a);
128 return(a);
129 } 127 }
130 128 bn_check_top(a);
129 return (a);
130}
diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c
index 12e5be80eb..4951153657 100644
--- a/src/lib/libcrypto/bn/bn_mul.c
+++ b/src/lib/libcrypto/bn/bn_mul.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -77,10 +77,10 @@
77 These functions should probably end up in bn_asm.c as soon as there are 77 These functions should probably end up in bn_asm.c as soon as there are
78 assembler counterparts for the systems that use assembler files. */ 78 assembler counterparts for the systems that use assembler files. */
79 79
80BN_ULONG bn_sub_part_words(BN_ULONG *r, 80BN_ULONG
81 const BN_ULONG *a, const BN_ULONG *b, 81bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int cl,
82 int cl, int dl) 82 int dl)
83 { 83{
84 BN_ULONG c, t; 84 BN_ULONG c, t;
85 85
86 assert(cl >= 0); 86 assert(cl >= 0);
@@ -93,121 +93,142 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r,
93 a += cl; 93 a += cl;
94 b += cl; 94 b += cl;
95 95
96 if (dl < 0) 96 if (dl < 0) {
97 {
98#ifdef BN_COUNT 97#ifdef BN_COUNT
99 fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c); 98 fprintf(stderr,
99 " bn_sub_part_words %d + %d (dl < 0, c = %d)\n",
100 cl, dl, c);
100#endif 101#endif
101 for (;;) 102 for (;;) {
102 {
103 t = b[0]; 103 t = b[0];
104 r[0] = (0-t-c)&BN_MASK2; 104 r[0] = (0 - t - c) & BN_MASK2;
105 if (t != 0) c=1; 105 if (t != 0)
106 if (++dl >= 0) break; 106 c = 1;
107 if (++dl >= 0)
108 break;
107 109
108 t = b[1]; 110 t = b[1];
109 r[1] = (0-t-c)&BN_MASK2; 111 r[1] = (0 - t - c) & BN_MASK2;
110 if (t != 0) c=1; 112 if (t != 0)
111 if (++dl >= 0) break; 113 c = 1;
114 if (++dl >= 0)
115 break;
112 116
113 t = b[2]; 117 t = b[2];
114 r[2] = (0-t-c)&BN_MASK2; 118 r[2] = (0 - t - c) & BN_MASK2;
115 if (t != 0) c=1; 119 if (t != 0)
116 if (++dl >= 0) break; 120 c = 1;
121 if (++dl >= 0)
122 break;
117 123
118 t = b[3]; 124 t = b[3];
119 r[3] = (0-t-c)&BN_MASK2; 125 r[3] = (0 - t - c) & BN_MASK2;
120 if (t != 0) c=1; 126 if (t != 0)
121 if (++dl >= 0) break; 127 c = 1;
128 if (++dl >= 0)
129 break;
122 130
123 b += 4; 131 b += 4;
124 r += 4; 132 r += 4;
125 }
126 } 133 }
127 else 134 } else {
128 {
129 int save_dl = dl; 135 int save_dl = dl;
130#ifdef BN_COUNT 136#ifdef BN_COUNT
131 fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, dl, c); 137 fprintf(stderr,
138 " bn_sub_part_words %d + %d (dl > 0, c = %d)\n",
139 cl, dl, c);
132#endif 140#endif
133 while(c) 141 while (c) {
134 {
135 t = a[0]; 142 t = a[0];
136 r[0] = (t-c)&BN_MASK2; 143 r[0] = (t - c) & BN_MASK2;
137 if (t != 0) c=0; 144 if (t != 0)
138 if (--dl <= 0) break; 145 c = 0;
146 if (--dl <= 0)
147 break;
139 148
140 t = a[1]; 149 t = a[1];
141 r[1] = (t-c)&BN_MASK2; 150 r[1] = (t - c) & BN_MASK2;
142 if (t != 0) c=0; 151 if (t != 0)
143 if (--dl <= 0) break; 152 c = 0;
153 if (--dl <= 0)
154 break;
144 155
145 t = a[2]; 156 t = a[2];
146 r[2] = (t-c)&BN_MASK2; 157 r[2] = (t - c) & BN_MASK2;
147 if (t != 0) c=0; 158 if (t != 0)
148 if (--dl <= 0) break; 159 c = 0;
160 if (--dl <= 0)
161 break;
149 162
150 t = a[3]; 163 t = a[3];
151 r[3] = (t-c)&BN_MASK2; 164 r[3] = (t - c) & BN_MASK2;
152 if (t != 0) c=0; 165 if (t != 0)
153 if (--dl <= 0) break; 166 c = 0;
167 if (--dl <= 0)
168 break;
154 169
155 save_dl = dl; 170 save_dl = dl;
156 a += 4; 171 a += 4;
157 r += 4; 172 r += 4;
158 } 173 }
159 if (dl > 0) 174 if (dl > 0) {
160 {
161#ifdef BN_COUNT 175#ifdef BN_COUNT
162 fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); 176 fprintf(stderr,
177 " bn_sub_part_words %d + %d (dl > 0, c == 0)\n",
178 cl, dl);
163#endif 179#endif
164 if (save_dl > dl) 180 if (save_dl > dl) {
165 { 181 switch (save_dl - dl) {
166 switch (save_dl - dl)
167 {
168 case 1: 182 case 1:
169 r[1] = a[1]; 183 r[1] = a[1];
170 if (--dl <= 0) break; 184 if (--dl <= 0)
185 break;
171 case 2: 186 case 2:
172 r[2] = a[2]; 187 r[2] = a[2];
173 if (--dl <= 0) break; 188 if (--dl <= 0)
189 break;
174 case 3: 190 case 3:
175 r[3] = a[3]; 191 r[3] = a[3];
176 if (--dl <= 0) break; 192 if (--dl <= 0)
177 } 193 break;
194 }
178 a += 4; 195 a += 4;
179 r += 4; 196 r += 4;
180 }
181 } 197 }
182 if (dl > 0) 198 }
183 { 199 if (dl > 0) {
184#ifdef BN_COUNT 200#ifdef BN_COUNT
185 fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", cl, dl); 201 fprintf(stderr,
202 " bn_sub_part_words %d + %d (dl > 0, copy)\n",
203 cl, dl);
186#endif 204#endif
187 for(;;) 205 for (;;) {
188 {
189 r[0] = a[0]; 206 r[0] = a[0];
190 if (--dl <= 0) break; 207 if (--dl <= 0)
208 break;
191 r[1] = a[1]; 209 r[1] = a[1];
192 if (--dl <= 0) break; 210 if (--dl <= 0)
211 break;
193 r[2] = a[2]; 212 r[2] = a[2];
194 if (--dl <= 0) break; 213 if (--dl <= 0)
214 break;
195 r[3] = a[3]; 215 r[3] = a[3];
196 if (--dl <= 0) break; 216 if (--dl <= 0)
217 break;
197 218
198 a += 4; 219 a += 4;
199 r += 4; 220 r += 4;
200 }
201 } 221 }
202 } 222 }
203 return c;
204 } 223 }
224 return c;
225}
205#endif 226#endif
206 227
207BN_ULONG bn_add_part_words(BN_ULONG *r, 228BN_ULONG
208 const BN_ULONG *a, const BN_ULONG *b, 229bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int cl,
209 int cl, int dl) 230 int dl)
210 { 231{
211 BN_ULONG c, l, t; 232 BN_ULONG c, l, t;
212 233
213 assert(cl >= 0); 234 assert(cl >= 0);
@@ -220,160 +241,177 @@ BN_ULONG bn_add_part_words(BN_ULONG *r,
220 a += cl; 241 a += cl;
221 b += cl; 242 b += cl;
222 243
223 if (dl < 0) 244 if (dl < 0) {
224 {
225 int save_dl = dl; 245 int save_dl = dl;
226#ifdef BN_COUNT 246#ifdef BN_COUNT
227 fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c); 247 fprintf(stderr,
248 " bn_add_part_words %d + %d (dl < 0, c = %d)\n",
249 cl, dl, c);
228#endif 250#endif
229 while (c) 251 while (c) {
230 { 252 l = (c + b[0]) & BN_MASK2;
231 l=(c+b[0])&BN_MASK2; 253 c = (l < c);
232 c=(l < c); 254 r[0] = l;
233 r[0]=l; 255 if (++dl >= 0)
234 if (++dl >= 0) break; 256 break;
235 257
236 l=(c+b[1])&BN_MASK2; 258 l = (c + b[1]) & BN_MASK2;
237 c=(l < c); 259 c = (l < c);
238 r[1]=l; 260 r[1] = l;
239 if (++dl >= 0) break; 261 if (++dl >= 0)
240 262 break;
241 l=(c+b[2])&BN_MASK2; 263
242 c=(l < c); 264 l = (c + b[2]) & BN_MASK2;
243 r[2]=l; 265 c = (l < c);
244 if (++dl >= 0) break; 266 r[2] = l;
245 267 if (++dl >= 0)
246 l=(c+b[3])&BN_MASK2; 268 break;
247 c=(l < c); 269
248 r[3]=l; 270 l = (c + b[3]) & BN_MASK2;
249 if (++dl >= 0) break; 271 c = (l < c);
272 r[3] = l;
273 if (++dl >= 0)
274 break;
250 275
251 save_dl = dl; 276 save_dl = dl;
252 b+=4; 277 b += 4;
253 r+=4; 278 r += 4;
254 } 279 }
255 if (dl < 0) 280 if (dl < 0) {
256 {
257#ifdef BN_COUNT 281#ifdef BN_COUNT
258 fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", cl, dl); 282 fprintf(stderr,
283 " bn_add_part_words %d + %d (dl < 0, c == 0)\n",
284 cl, dl);
259#endif 285#endif
260 if (save_dl < dl) 286 if (save_dl < dl) {
261 { 287 switch (dl - save_dl) {
262 switch (dl - save_dl)
263 {
264 case 1: 288 case 1:
265 r[1] = b[1]; 289 r[1] = b[1];
266 if (++dl >= 0) break; 290 if (++dl >= 0)
291 break;
267 case 2: 292 case 2:
268 r[2] = b[2]; 293 r[2] = b[2];
269 if (++dl >= 0) break; 294 if (++dl >= 0)
295 break;
270 case 3: 296 case 3:
271 r[3] = b[3]; 297 r[3] = b[3];
272 if (++dl >= 0) break; 298 if (++dl >= 0)
273 } 299 break;
300 }
274 b += 4; 301 b += 4;
275 r += 4; 302 r += 4;
276 }
277 } 303 }
278 if (dl < 0) 304 }
279 { 305 if (dl < 0) {
280#ifdef BN_COUNT 306#ifdef BN_COUNT
281 fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", cl, dl); 307 fprintf(stderr,
308 " bn_add_part_words %d + %d (dl < 0, copy)\n",
309 cl, dl);
282#endif 310#endif
283 for(;;) 311 for (;;) {
284 {
285 r[0] = b[0]; 312 r[0] = b[0];
286 if (++dl >= 0) break; 313 if (++dl >= 0)
314 break;
287 r[1] = b[1]; 315 r[1] = b[1];
288 if (++dl >= 0) break; 316 if (++dl >= 0)
317 break;
289 r[2] = b[2]; 318 r[2] = b[2];
290 if (++dl >= 0) break; 319 if (++dl >= 0)
320 break;
291 r[3] = b[3]; 321 r[3] = b[3];
292 if (++dl >= 0) break; 322 if (++dl >= 0)
323 break;
293 324
294 b += 4; 325 b += 4;
295 r += 4; 326 r += 4;
296 }
297 } 327 }
298 } 328 }
299 else 329 } else {
300 {
301 int save_dl = dl; 330 int save_dl = dl;
302#ifdef BN_COUNT 331#ifdef BN_COUNT
303 fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl); 332 fprintf(stderr,
333 " bn_add_part_words %d + %d (dl > 0)\n", cl, dl);
304#endif 334#endif
305 while (c) 335 while (c) {
306 { 336 t = (a[0] + c) & BN_MASK2;
307 t=(a[0]+c)&BN_MASK2; 337 c = (t < c);
308 c=(t < c); 338 r[0] = t;
309 r[0]=t; 339 if (--dl <= 0)
310 if (--dl <= 0) break; 340 break;
311 341
312 t=(a[1]+c)&BN_MASK2; 342 t = (a[1] + c) & BN_MASK2;
313 c=(t < c); 343 c = (t < c);
314 r[1]=t; 344 r[1] = t;
315 if (--dl <= 0) break; 345 if (--dl <= 0)
316 346 break;
317 t=(a[2]+c)&BN_MASK2; 347
318 c=(t < c); 348 t = (a[2] + c) & BN_MASK2;
319 r[2]=t; 349 c = (t < c);
320 if (--dl <= 0) break; 350 r[2] = t;
321 351 if (--dl <= 0)
322 t=(a[3]+c)&BN_MASK2; 352 break;
323 c=(t < c); 353
324 r[3]=t; 354 t = (a[3] + c) & BN_MASK2;
325 if (--dl <= 0) break; 355 c = (t < c);
356 r[3] = t;
357 if (--dl <= 0)
358 break;
326 359
327 save_dl = dl; 360 save_dl = dl;
328 a+=4; 361 a += 4;
329 r+=4; 362 r += 4;
330 } 363 }
331#ifdef BN_COUNT 364#ifdef BN_COUNT
332 fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); 365 fprintf(stderr,
366 " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
333#endif 367#endif
334 if (dl > 0) 368 if (dl > 0) {
335 { 369 if (save_dl > dl) {
336 if (save_dl > dl) 370 switch (save_dl - dl) {
337 {
338 switch (save_dl - dl)
339 {
340 case 1: 371 case 1:
341 r[1] = a[1]; 372 r[1] = a[1];
342 if (--dl <= 0) break; 373 if (--dl <= 0)
374 break;
343 case 2: 375 case 2:
344 r[2] = a[2]; 376 r[2] = a[2];
345 if (--dl <= 0) break; 377 if (--dl <= 0)
378 break;
346 case 3: 379 case 3:
347 r[3] = a[3]; 380 r[3] = a[3];
348 if (--dl <= 0) break; 381 if (--dl <= 0)
349 } 382 break;
383 }
350 a += 4; 384 a += 4;
351 r += 4; 385 r += 4;
352 }
353 } 386 }
354 if (dl > 0) 387 }
355 { 388 if (dl > 0) {
356#ifdef BN_COUNT 389#ifdef BN_COUNT
357 fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", cl, dl); 390 fprintf(stderr,
391 " bn_add_part_words %d + %d (dl > 0, copy)\n",
392 cl, dl);
358#endif 393#endif
359 for(;;) 394 for (;;) {
360 {
361 r[0] = a[0]; 395 r[0] = a[0];
362 if (--dl <= 0) break; 396 if (--dl <= 0)
397 break;
363 r[1] = a[1]; 398 r[1] = a[1];
364 if (--dl <= 0) break; 399 if (--dl <= 0)
400 break;
365 r[2] = a[2]; 401 r[2] = a[2];
366 if (--dl <= 0) break; 402 if (--dl <= 0)
403 break;
367 r[3] = a[3]; 404 r[3] = a[3];
368 if (--dl <= 0) break; 405 if (--dl <= 0)
406 break;
369 407
370 a += 4; 408 a += 4;
371 r += 4; 409 r += 4;
372 }
373 } 410 }
374 } 411 }
375 return c;
376 } 412 }
413 return c;
414}
377 415
378#ifdef BN_RECURSION 416#ifdef BN_RECURSION
379/* Karatsuba recursive multiplication algorithm 417/* Karatsuba recursive multiplication algorithm
@@ -390,435 +428,406 @@ BN_ULONG bn_add_part_words(BN_ULONG *r,
390 * a[1]*b[1] 428 * a[1]*b[1]
391 */ 429 */
392/* dnX may not be positive, but n2/2+dnX has to be */ 430/* dnX may not be positive, but n2/2+dnX has to be */
393void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, 431void
394 int dna, int dnb, BN_ULONG *t) 432bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, int dna,
395 { 433 int dnb, BN_ULONG *t)
396 int n=n2/2,c1,c2; 434{
397 int tna=n+dna, tnb=n+dnb; 435 int n = n2 / 2, c1, c2;
398 unsigned int neg,zero; 436 int tna = n + dna, tnb = n + dnb;
399 BN_ULONG ln,lo,*p; 437 unsigned int neg, zero;
438 BN_ULONG ln, lo, *p;
400 439
401# ifdef BN_COUNT 440# ifdef BN_COUNT
402 fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb); 441 fprintf(stderr, " bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb);
403# endif 442# endif
404# ifdef BN_MUL_COMBA 443# ifdef BN_MUL_COMBA
405# if 0 444# if 0
406 if (n2 == 4) 445 if (n2 == 4) {
407 { 446 bn_mul_comba4(r, a, b);
408 bn_mul_comba4(r,a,b);
409 return; 447 return;
410 } 448 }
411# endif 449# endif
412 /* Only call bn_mul_comba 8 if n2 == 8 and the 450 /* Only call bn_mul_comba 8 if n2 == 8 and the
413 * two arrays are complete [steve] 451 * two arrays are complete [steve]
414 */ 452 */
415 if (n2 == 8 && dna == 0 && dnb == 0) 453 if (n2 == 8 && dna == 0 && dnb == 0) {
416 { 454 bn_mul_comba8(r, a, b);
417 bn_mul_comba8(r,a,b); 455 return;
418 return; 456 }
419 }
420# endif /* BN_MUL_COMBA */ 457# endif /* BN_MUL_COMBA */
421 /* Else do normal multiply */ 458 /* Else do normal multiply */
422 if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) 459 if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) {
423 { 460 bn_mul_normal(r, a, n2 + dna, b, n2 + dnb);
424 bn_mul_normal(r,a,n2+dna,b,n2+dnb);
425 if ((dna + dnb) < 0) 461 if ((dna + dnb) < 0)
426 memset(&r[2*n2 + dna + dnb], 0, 462 memset(&r[2*n2 + dna + dnb], 0,
427 sizeof(BN_ULONG) * -(dna + dnb)); 463 sizeof(BN_ULONG) * -(dna + dnb));
428 return; 464 return;
429 } 465 }
430 /* r=(a[0]-a[1])*(b[1]-b[0]) */ 466 /* r=(a[0]-a[1])*(b[1]-b[0]) */
431 c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); 467 c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna);
432 c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); 468 c2 = bn_cmp_part_words(&(b[n]), b,tnb, tnb - n);
433 zero=neg=0; 469 zero = neg = 0;
434 switch (c1*3+c2) 470 switch (c1 * 3 + c2) {
435 {
436 case -4: 471 case -4:
437 bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ 472 bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
438 bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ 473 bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
439 break; 474 break;
440 case -3: 475 case -3:
441 zero=1; 476 zero = 1;
442 break; 477 break;
443 case -2: 478 case -2:
444 bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ 479 bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
445 bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */ 480 bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
446 neg=1; 481 neg = 1;
447 break; 482 break;
448 case -1: 483 case -1:
449 case 0: 484 case 0:
450 case 1: 485 case 1:
451 zero=1; 486 zero = 1;
452 break; 487 break;
453 case 2: 488 case 2:
454 bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ 489 bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
455 bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ 490 bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
456 neg=1; 491 neg = 1;
457 break; 492 break;
458 case 3: 493 case 3:
459 zero=1; 494 zero = 1;
460 break; 495 break;
461 case 4: 496 case 4:
462 bn_sub_part_words(t, a, &(a[n]),tna,n-tna); 497 bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
463 bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); 498 bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
464 break; 499 break;
465 } 500 }
466 501
467# ifdef BN_MUL_COMBA 502# ifdef BN_MUL_COMBA
468 if (n == 4 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba4 could take 503 if (n == 4 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba4 could take
469 extra args to do this well */ 504 extra args to do this well */
470 { 505 {
471 if (!zero) 506 if (!zero)
472 bn_mul_comba4(&(t[n2]),t,&(t[n])); 507 bn_mul_comba4(&(t[n2]), t, &(t[n]));
473 else 508 else
474 memset(&(t[n2]),0,8*sizeof(BN_ULONG)); 509 memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG));
475 510
476 bn_mul_comba4(r,a,b); 511 bn_mul_comba4(r, a, b);
477 bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n])); 512 bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n]));
478 } 513 } else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could
479 else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could
480 take extra args to do this 514 take extra args to do this
481 well */ 515 well */
482 { 516 {
483 if (!zero) 517 if (!zero)
484 bn_mul_comba8(&(t[n2]),t,&(t[n])); 518 bn_mul_comba8(&(t[n2]), t, &(t[n]));
485 else 519 else
486 memset(&(t[n2]),0,16*sizeof(BN_ULONG)); 520 memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG));
487 521
488 bn_mul_comba8(r,a,b); 522 bn_mul_comba8(r, a, b);
489 bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n])); 523 bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n]));
490 } 524 } else
491 else
492# endif /* BN_MUL_COMBA */ 525# endif /* BN_MUL_COMBA */
493 { 526 {
494 p= &(t[n2*2]); 527 p = &(t[n2 * 2]);
495 if (!zero) 528 if (!zero)
496 bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p); 529 bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
497 else 530 else
498 memset(&(t[n2]),0,n2*sizeof(BN_ULONG)); 531 memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
499 bn_mul_recursive(r,a,b,n,0,0,p); 532 bn_mul_recursive(r, a, b, n, 0, 0, p);
500 bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p); 533 bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p);
501 } 534 }
502 535
503 /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign 536 /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
504 * r[10] holds (a[0]*b[0]) 537 * r[10] holds (a[0]*b[0])
505 * r[32] holds (b[1]*b[1]) 538 * r[32] holds (b[1]*b[1])
506 */ 539 */
507 540
508 c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); 541 c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
509 542
510 if (neg) /* if t[32] is negative */ 543 if (neg) /* if t[32] is negative */
511 { 544 {
512 c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); 545 c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
513 } 546 } else {
514 else
515 {
516 /* Might have a carry */ 547 /* Might have a carry */
517 c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2)); 548 c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2));
518 } 549 }
519 550
520 /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) 551 /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
521 * r[10] holds (a[0]*b[0]) 552 * r[10] holds (a[0]*b[0])
522 * r[32] holds (b[1]*b[1]) 553 * r[32] holds (b[1]*b[1])
523 * c1 holds the carry bits 554 * c1 holds the carry bits
524 */ 555 */
525 c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2)); 556 c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
526 if (c1) 557 if (c1) {
527 { 558 p = &(r[n + n2]);
528 p= &(r[n+n2]);
529 lo= *p; 559 lo= *p;
530 ln=(lo+c1)&BN_MASK2; 560 ln = (lo + c1) & BN_MASK2;
531 *p=ln; 561 *p = ln;
532 562
533 /* The overflow will stop before we over write 563 /* The overflow will stop before we over write
534 * words we should not overwrite */ 564 * words we should not overwrite */
535 if (ln < (BN_ULONG)c1) 565 if (ln < (BN_ULONG)c1) {
536 { 566 do {
537 do {
538 p++; 567 p++;
539 lo= *p; 568 lo= *p;
540 ln=(lo+1)&BN_MASK2; 569 ln = (lo + 1) & BN_MASK2;
541 *p=ln; 570 *p = ln;
542 } while (ln == 0); 571 } while (ln == 0);
543 }
544 } 572 }
545 } 573 }
574}
546 575
547/* n+tn is the word length 576/* n+tn is the word length
548 * t needs to be n*4 is size, as does r */ 577 * t needs to be n*4 is size, as does r */
549/* tnX may not be negative but less than n */ 578/* tnX may not be negative but less than n */
550void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, 579void
551 int tna, int tnb, BN_ULONG *t) 580bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, int tna,
552 { 581 int tnb, BN_ULONG *t)
553 int i,j,n2=n*2; 582{
554 int c1,c2,neg; 583 int i, j, n2 = n * 2;
555 BN_ULONG ln,lo,*p; 584 int c1, c2, neg;
585 BN_ULONG ln, lo, *p;
556 586
557# ifdef BN_COUNT 587# ifdef BN_COUNT
558 fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n", 588 fprintf(stderr, " bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
559 n, tna, n, tnb); 589 n, tna, n, tnb);
560# endif 590# endif
561 if (n < 8) 591 if (n < 8) {
562 { 592 bn_mul_normal(r, a, n + tna, b, n + tnb);
563 bn_mul_normal(r,a,n+tna,b,n+tnb);
564 return; 593 return;
565 } 594 }
566 595
567 /* r=(a[0]-a[1])*(b[1]-b[0]) */ 596 /* r=(a[0]-a[1])*(b[1]-b[0]) */
568 c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); 597 c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna);
569 c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); 598 c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n);
570 neg=0; 599 neg = 0;
571 switch (c1*3+c2) 600 switch (c1 * 3 + c2) {
572 {
573 case -4: 601 case -4:
574 bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ 602 bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
575 bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ 603 bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
576 break; 604 break;
577 case -3: 605 case -3:
578 /* break; */ 606 /* break; */
579 case -2: 607 case -2:
580 bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ 608 bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
581 bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */ 609 bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
582 neg=1; 610 neg = 1;
583 break; 611 break;
584 case -1: 612 case -1:
585 case 0: 613 case 0:
586 case 1: 614 case 1:
587 /* break; */ 615 /* break; */
588 case 2: 616 case 2:
589 bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ 617 bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
590 bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ 618 bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
591 neg=1; 619 neg = 1;
592 break; 620 break;
593 case 3: 621 case 3:
594 /* break; */ 622 /* break; */
595 case 4: 623 case 4:
596 bn_sub_part_words(t, a, &(a[n]),tna,n-tna); 624 bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
597 bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); 625 bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
598 break; 626 break;
599 } 627 }
600 /* The zero case isn't yet implemented here. The speedup 628 /* The zero case isn't yet implemented here. The speedup
601 would probably be negligible. */ 629 would probably be negligible. */
602# if 0 630# if 0
603 if (n == 4) 631 if (n == 4) {
604 { 632 bn_mul_comba4(&(t[n2]), t, &(t[n]));
605 bn_mul_comba4(&(t[n2]),t,&(t[n])); 633 bn_mul_comba4(r, a, b);
606 bn_mul_comba4(r,a,b); 634 bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn);
607 bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn); 635 memset(&(r[n2 + tn * 2]), 0, sizeof(BN_ULONG) * (n2 - tn * 2));
608 memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2)); 636 } else
609 }
610 else
611# endif 637# endif
612 if (n == 8) 638 if (n == 8) {
613 { 639 bn_mul_comba8(&(t[n2]), t, &(t[n]));
614 bn_mul_comba8(&(t[n2]),t,&(t[n])); 640 bn_mul_comba8(r, a, b);
615 bn_mul_comba8(r,a,b); 641 bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
616 bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb); 642 memset(&(r[n2 + tna + tnb]), 0,
617 memset(&(r[n2+tna+tnb]),0,sizeof(BN_ULONG)*(n2-tna-tnb)); 643 sizeof(BN_ULONG) * (n2 - tna - tnb));
618 } 644 } else {
619 else 645 p = &(t[n2*2]);
620 { 646 bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
621 p= &(t[n2*2]); 647 bn_mul_recursive(r, a, b, n, 0, 0, p);
622 bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p); 648 i = n / 2;
623 bn_mul_recursive(r,a,b,n,0,0,p);
624 i=n/2;
625 /* If there is only a bottom half to the number, 649 /* If there is only a bottom half to the number,
626 * just do it */ 650 * just do it */
627 if (tna > tnb) 651 if (tna > tnb)
628 j = tna - i; 652 j = tna - i;
629 else 653 else
630 j = tnb - i; 654 j = tnb - i;
631 if (j == 0) 655 if (j == 0) {
632 { 656 bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]),
633 bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]), 657 i, tna - i, tnb - i, p);
634 i,tna-i,tnb-i,p); 658 memset(&(r[n2 + i * 2]), 0,
635 memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2)); 659 sizeof(BN_ULONG) * (n2 - i * 2));
636 } 660 }
637 else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */ 661 else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
638 { 662 {
639 bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]), 663 bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]),
640 i,tna-i,tnb-i,p); 664 i, tna - i, tnb - i, p);
641 memset(&(r[n2+tna+tnb]),0, 665 memset(&(r[n2 + tna + tnb]), 0,
642 sizeof(BN_ULONG)*(n2-tna-tnb)); 666 sizeof(BN_ULONG) * (n2 - tna - tnb));
643 } 667 }
644 else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ 668 else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
645 { 669 {
646 memset(&(r[n2]),0,sizeof(BN_ULONG)*n2); 670 memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2);
647 if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL 671 if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL &&
648 && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) 672 tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) {
649 { 673 bn_mul_normal(&(r[n2]), &(a[n]), tna,
650 bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb); 674 &(b[n]), tnb);
651 } 675 } else {
652 else 676 for (;;) {
653 { 677 i /= 2;
654 for (;;)
655 {
656 i/=2;
657 /* these simplified conditions work 678 /* these simplified conditions work
658 * exclusively because difference 679 * exclusively because difference
659 * between tna and tnb is 1 or 0 */ 680 * between tna and tnb is 1 or 0 */
660 if (i < tna || i < tnb) 681 if (i < tna || i < tnb) {
661 {
662 bn_mul_part_recursive(&(r[n2]), 682 bn_mul_part_recursive(&(r[n2]),
663 &(a[n]),&(b[n]), 683 &(a[n]), &(b[n]), i,
664 i,tna-i,tnb-i,p); 684 tna - i, tnb - i, p);
665 break; 685 break;
666 } 686 } else if (i == tna || i == tnb) {
667 else if (i == tna || i == tnb)
668 {
669 bn_mul_recursive(&(r[n2]), 687 bn_mul_recursive(&(r[n2]),
670 &(a[n]),&(b[n]), 688 &(a[n]), &(b[n]), i,
671 i,tna-i,tnb-i,p); 689 tna - i, tnb - i, p);
672 break; 690 break;
673 }
674 } 691 }
675 } 692 }
676 } 693 }
677 } 694 }
695 }
678 696
679 /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign 697 /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
680 * r[10] holds (a[0]*b[0]) 698 * r[10] holds (a[0]*b[0])
681 * r[32] holds (b[1]*b[1]) 699 * r[32] holds (b[1]*b[1])
682 */ 700 */
683 701
684 c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); 702 c1 = (int)(bn_add_words(t, r,&(r[n2]), n2));
685 703
686 if (neg) /* if t[32] is negative */ 704 if (neg) /* if t[32] is negative */
687 { 705 {
688 c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); 706 c1 -= (int)(bn_sub_words(&(t[n2]), t,&(t[n2]), n2));
689 } 707 } else {
690 else
691 {
692 /* Might have a carry */ 708 /* Might have a carry */
693 c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2)); 709 c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2));
694 } 710 }
695 711
696 /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) 712 /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
697 * r[10] holds (a[0]*b[0]) 713 * r[10] holds (a[0]*b[0])
698 * r[32] holds (b[1]*b[1]) 714 * r[32] holds (b[1]*b[1])
699 * c1 holds the carry bits 715 * c1 holds the carry bits
700 */ 716 */
701 c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2)); 717 c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
702 if (c1) 718 if (c1) {
703 { 719 p = &(r[n + n2]);
704 p= &(r[n+n2]);
705 lo= *p; 720 lo= *p;
706 ln=(lo+c1)&BN_MASK2; 721 ln = (lo + c1)&BN_MASK2;
707 *p=ln; 722 *p = ln;
708 723
709 /* The overflow will stop before we over write 724 /* The overflow will stop before we over write
710 * words we should not overwrite */ 725 * words we should not overwrite */
711 if (ln < (BN_ULONG)c1) 726 if (ln < (BN_ULONG)c1) {
712 { 727 do {
713 do {
714 p++; 728 p++;
715 lo= *p; 729 lo= *p;
716 ln=(lo+1)&BN_MASK2; 730 ln = (lo + 1) & BN_MASK2;
717 *p=ln; 731 *p = ln;
718 } while (ln == 0); 732 } while (ln == 0);
719 }
720 } 733 }
721 } 734 }
735}
722 736
723/* a and b must be the same size, which is n2. 737/* a and b must be the same size, which is n2.
724 * r needs to be n2 words and t needs to be n2*2 738 * r needs to be n2 words and t needs to be n2*2
725 */ 739 */
726void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, 740void
727 BN_ULONG *t) 741bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, BN_ULONG *t)
728 { 742{
729 int n=n2/2; 743 int n = n2 / 2;
730 744
731# ifdef BN_COUNT 745# ifdef BN_COUNT
732 fprintf(stderr," bn_mul_low_recursive %d * %d\n",n2,n2); 746 fprintf(stderr, " bn_mul_low_recursive %d * %d\n",n2,n2);
733# endif 747# endif
734 748
735 bn_mul_recursive(r,a,b,n,0,0,&(t[0])); 749 bn_mul_recursive(r, a, b, n, 0, 0, &(t[0]));
736 if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) 750 if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) {
737 { 751 bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2]));
738 bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2])); 752 bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
739 bn_add_words(&(r[n]),&(r[n]),&(t[0]),n); 753 bn_mul_low_recursive(&(t[0]), &(a[n]), &(b[0]), n, &(t[n2]));
740 bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2])); 754 bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
741 bn_add_words(&(r[n]),&(r[n]),&(t[0]),n); 755 } else {
742 } 756 bn_mul_low_normal(&(t[0]), &(a[0]), &(b[n]), n);
743 else 757 bn_mul_low_normal(&(t[n]), &(a[n]), &(b[0]), n);
744 { 758 bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
745 bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n); 759 bn_add_words(&(r[n]), &(r[n]), &(t[n]), n);
746 bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
747 bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
748 bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
749 }
750 } 760 }
761}
751 762
752/* a and b must be the same size, which is n2. 763/* a and b must be the same size, which is n2.
753 * r needs to be n2 words and t needs to be n2*2 764 * r needs to be n2 words and t needs to be n2*2
754 * l is the low words of the output. 765 * l is the low words of the output.
755 * t needs to be n2*3 766 * t needs to be n2*3
756 */ 767 */
757void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, 768void
758 BN_ULONG *t) 769bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
759 { 770 BN_ULONG *t)
760 int i,n; 771{
761 int c1,c2; 772 int i, n;
762 int neg,oneg,zero; 773 int c1, c2;
763 BN_ULONG ll,lc,*lp,*mp; 774 int neg, oneg, zero;
775 BN_ULONG ll, lc, *lp, *mp;
764 776
765# ifdef BN_COUNT 777# ifdef BN_COUNT
766 fprintf(stderr," bn_mul_high %d * %d\n",n2,n2); 778 fprintf(stderr, " bn_mul_high %d * %d\n",n2,n2);
767# endif 779# endif
768 n=n2/2; 780 n = n2 / 2;
769 781
770 /* Calculate (al-ah)*(bh-bl) */ 782 /* Calculate (al-ah)*(bh-bl) */
771 neg=zero=0; 783 neg = zero = 0;
772 c1=bn_cmp_words(&(a[0]),&(a[n]),n); 784 c1 = bn_cmp_words(&(a[0]), &(a[n]), n);
773 c2=bn_cmp_words(&(b[n]),&(b[0]),n); 785 c2 = bn_cmp_words(&(b[n]), &(b[0]), n);
774 switch (c1*3+c2) 786 switch (c1 * 3 + c2) {
775 {
776 case -4: 787 case -4:
777 bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n); 788 bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n);
778 bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n); 789 bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n);
779 break; 790 break;
780 case -3: 791 case -3:
781 zero=1; 792 zero = 1;
782 break; 793 break;
783 case -2: 794 case -2:
784 bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n); 795 bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n);
785 bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n); 796 bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n);
786 neg=1; 797 neg = 1;
787 break; 798 break;
788 case -1: 799 case -1:
789 case 0: 800 case 0:
790 case 1: 801 case 1:
791 zero=1; 802 zero = 1;
792 break; 803 break;
793 case 2: 804 case 2:
794 bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n); 805 bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n);
795 bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n); 806 bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n);
796 neg=1; 807 neg = 1;
797 break; 808 break;
798 case 3: 809 case 3:
799 zero=1; 810 zero = 1;
800 break; 811 break;
801 case 4: 812 case 4:
802 bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n); 813 bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n);
803 bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n); 814 bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n);
804 break; 815 break;
805 } 816 }
806 817
807 oneg=neg; 818 oneg = neg;
808 /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */ 819 /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
809 /* r[10] = (a[1]*b[1]) */ 820 /* r[10] = (a[1]*b[1]) */
810# ifdef BN_MUL_COMBA 821# ifdef BN_MUL_COMBA
811 if (n == 8) 822 if (n == 8) {
812 { 823 bn_mul_comba8(&(t[0]), &(r[0]), &(r[n]));
813 bn_mul_comba8(&(t[0]),&(r[0]),&(r[n])); 824 bn_mul_comba8(r, &(a[n]), &(b[n]));
814 bn_mul_comba8(r,&(a[n]),&(b[n])); 825 } else
815 }
816 else
817# endif 826# endif
818 { 827 {
819 bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,0,0,&(t[n2])); 828 bn_mul_recursive(&(t[0]), &(r[0]), &(r[n]), n, 0, 0, &(t[n2]));
820 bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2])); 829 bn_mul_recursive(r, &(a[n]), &(b[n]), n, 0, 0, &(t[n2]));
821 } 830 }
822 831
823 /* s0 == low(al*bl) 832 /* s0 == low(al*bl)
824 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl) 833 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
@@ -826,36 +835,29 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
826 * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl)) 835 * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
827 * high(al*bl) == s1 - (r[0]+l[0]+t[0]) 836 * high(al*bl) == s1 - (r[0]+l[0]+t[0])
828 */ 837 */
829 if (l != NULL) 838 if (l != NULL) {
830 { 839 lp = &(t[n2 + n]);
831 lp= &(t[n2+n]); 840 c1 = (int)(bn_add_words(lp, &(r[0]), &(l[0]), n));
832 c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n)); 841 } else {
833 } 842 c1 = 0;
834 else 843 lp = &(r[0]);
835 { 844 }
836 c1=0;
837 lp= &(r[0]);
838 }
839 845
840 if (neg) 846 if (neg)
841 neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n)); 847 neg = (int)(bn_sub_words(&(t[n2]), lp, &(t[0]), n));
842 else 848 else {
843 { 849 bn_add_words(&(t[n2]), lp, &(t[0]), n);
844 bn_add_words(&(t[n2]),lp,&(t[0]),n); 850 neg = 0;
845 neg=0; 851 }
846 }
847 852
848 if (l != NULL) 853 if (l != NULL) {
849 { 854 bn_sub_words(&(t[n2 + n]), &(l[n]), &(t[n2]), n);
850 bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n); 855 } else {
851 } 856 lp = &(t[n2 + n]);
852 else 857 mp = &(t[n2]);
853 { 858 for (i = 0; i < n; i++)
854 lp= &(t[n2+n]); 859 lp[i] = ((~mp[i]) + 1) & BN_MASK2;
855 mp= &(t[n2]); 860 }
856 for (i=0; i<n; i++)
857 lp[i]=((~mp[i])+1)&BN_MASK2;
858 }
859 861
860 /* s[0] = low(al*bl) 862 /* s[0] = low(al*bl)
861 * t[3] = high(al*bl) 863 * t[3] = high(al*bl)
@@ -870,297 +872,297 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
870 * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow) 872 * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
871 * R[3]=r[1]+(carry/borrow) 873 * R[3]=r[1]+(carry/borrow)
872 */ 874 */
873 if (l != NULL) 875 if (l != NULL) {
874 { 876 lp = &(t[n2]);
875 lp= &(t[n2]); 877 c1 = (int)(bn_add_words(lp, &(t[n2 + n]), &(l[0]), n));
876 c1= (int)(bn_add_words(lp,&(t[n2+n]),&(l[0]),n)); 878 } else {
877 } 879 lp = &(t[n2 + n]);
878 else 880 c1 = 0;
879 { 881 }
880 lp= &(t[n2+n]); 882 c1 += (int)(bn_add_words(&(t[n2]), lp, &(r[0]), n));
881 c1=0;
882 }
883 c1+=(int)(bn_add_words(&(t[n2]),lp, &(r[0]),n));
884 if (oneg) 883 if (oneg)
885 c1-=(int)(bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n)); 884 c1 -= (int)(bn_sub_words(&(t[n2]), &(t[n2]), &(t[0]), n));
886 else 885 else
887 c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n)); 886 c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), &(t[0]), n));
888 887
889 c2 =(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n)); 888 c2 = (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n2 + n]), n));
890 c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(r[n]),n)); 889 c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(r[n]), n));
891 if (oneg) 890 if (oneg)
892 c2-=(int)(bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n)); 891 c2 -= (int)(bn_sub_words(&(r[0]), &(r[0]), &(t[n]), n));
893 else 892 else
894 c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n]),n)); 893 c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n]), n));
895 894
896 if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */ 895 if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */
897 { 896 {
898 i=0; 897 i = 0;
899 if (c1 > 0) 898 if (c1 > 0) {
900 { 899 lc = c1;
901 lc=c1; 900 do {
902 do { 901 ll = (r[i] + lc) & BN_MASK2;
903 ll=(r[i]+lc)&BN_MASK2; 902 r[i++] = ll;
904 r[i++]=ll; 903 lc = (lc > ll);
905 lc=(lc > ll); 904 } while (lc);
906 } while (lc); 905 } else {
907 } 906 lc = -c1;
908 else 907 do {
909 { 908 ll = r[i];
910 lc= -c1; 909 r[i++] = (ll - lc) & BN_MASK2;
911 do { 910 lc = (lc > ll);
912 ll=r[i]; 911 } while (lc);
913 r[i++]=(ll-lc)&BN_MASK2;
914 lc=(lc > ll);
915 } while (lc);
916 }
917 } 912 }
913 }
918 if (c2 != 0) /* Add starting at r[1] */ 914 if (c2 != 0) /* Add starting at r[1] */
919 { 915 {
920 i=n; 916 i = n;
921 if (c2 > 0) 917 if (c2 > 0) {
922 { 918 lc = c2;
923 lc=c2; 919 do {
924 do { 920 ll = (r[i] + lc) & BN_MASK2;
925 ll=(r[i]+lc)&BN_MASK2; 921 r[i++] = ll;
926 r[i++]=ll; 922 lc = (lc > ll);
927 lc=(lc > ll); 923 } while (lc);
928 } while (lc); 924 } else {
929 } 925 lc = -c2;
930 else 926 do {
931 { 927 ll = r[i];
932 lc= -c2; 928 r[i++] = (ll - lc) & BN_MASK2;
933 do { 929 lc = (lc > ll);
934 ll=r[i]; 930 } while (lc);
935 r[i++]=(ll-lc)&BN_MASK2;
936 lc=(lc > ll);
937 } while (lc);
938 }
939 } 931 }
940 } 932 }
933}
941#endif /* BN_RECURSION */ 934#endif /* BN_RECURSION */
942 935
943int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) 936int
944 { 937BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
945 int ret=0; 938{
946 int top,al,bl; 939 int ret = 0;
940 int top, al, bl;
947 BIGNUM *rr; 941 BIGNUM *rr;
948#if defined(BN_MUL_COMBA) || defined(BN_RECURSION) 942#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
949 int i; 943 int i;
950#endif 944#endif
951#ifdef BN_RECURSION 945#ifdef BN_RECURSION
952 BIGNUM *t=NULL; 946 BIGNUM *t = NULL;
953 int j=0,k; 947 int j = 0, k;
954#endif 948#endif
955 949
956#ifdef BN_COUNT 950#ifdef BN_COUNT
957 fprintf(stderr,"BN_mul %d * %d\n",a->top,b->top); 951 fprintf(stderr, "BN_mul %d * %d\n",a->top,b->top);
958#endif 952#endif
959 953
960 bn_check_top(a); 954 bn_check_top(a);
961 bn_check_top(b); 955 bn_check_top(b);
962 bn_check_top(r); 956 bn_check_top(r);
963 957
964 al=a->top; 958 al = a->top;
965 bl=b->top; 959 bl = b->top;
966 960
967 if ((al == 0) || (bl == 0)) 961 if ((al == 0) || (bl == 0)) {
968 {
969 BN_zero(r); 962 BN_zero(r);
970 return(1); 963 return (1);
971 } 964 }
972 top=al+bl; 965 top = al + bl;
973 966
974 BN_CTX_start(ctx); 967 BN_CTX_start(ctx);
975 if ((r == a) || (r == b)) 968 if ((r == a) || (r == b)) {
976 { 969 if ((rr = BN_CTX_get(ctx)) == NULL)
977 if ((rr = BN_CTX_get(ctx)) == NULL) goto err; 970 goto err;
978 } 971 } else
979 else
980 rr = r; 972 rr = r;
981 rr->neg=a->neg^b->neg; 973 rr->neg = a->neg ^ b->neg;
982 974
983#if defined(BN_MUL_COMBA) || defined(BN_RECURSION) 975#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
984 i = al-bl; 976 i = al - bl;
985#endif 977#endif
986#ifdef BN_MUL_COMBA 978#ifdef BN_MUL_COMBA
987 if (i == 0) 979 if (i == 0) {
988 {
989# if 0 980# if 0
990 if (al == 4) 981 if (al == 4) {
991 { 982 if (bn_wexpand(rr, 8) == NULL)
992 if (bn_wexpand(rr,8) == NULL) goto err; 983 goto err;
993 rr->top=8; 984 rr->top = 8;
994 bn_mul_comba4(rr->d,a->d,b->d); 985 bn_mul_comba4(rr->d, a->d, b->d);
995 goto end; 986 goto end;
996 } 987 }
997# endif 988# endif
998 if (al == 8) 989 if (al == 8) {
999 { 990 if (bn_wexpand(rr, 16) == NULL)
1000 if (bn_wexpand(rr,16) == NULL) goto err; 991 goto err;
1001 rr->top=16; 992 rr->top = 16;
1002 bn_mul_comba8(rr->d,a->d,b->d); 993 bn_mul_comba8(rr->d, a->d, b->d);
1003 goto end; 994 goto end;
1004 }
1005 } 995 }
996 }
1006#endif /* BN_MUL_COMBA */ 997#endif /* BN_MUL_COMBA */
1007#ifdef BN_RECURSION 998#ifdef BN_RECURSION
1008 if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) 999 if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) {
1009 { 1000 if (i >= -1 && i <= 1) {
1010 if (i >= -1 && i <= 1)
1011 {
1012 /* Find out the power of two lower or equal 1001 /* Find out the power of two lower or equal
1013 to the longest of the two numbers */ 1002 to the longest of the two numbers */
1014 if (i >= 0) 1003 if (i >= 0) {
1015 {
1016 j = BN_num_bits_word((BN_ULONG)al); 1004 j = BN_num_bits_word((BN_ULONG)al);
1017 } 1005 }
1018 if (i == -1) 1006 if (i == -1) {
1019 {
1020 j = BN_num_bits_word((BN_ULONG)bl); 1007 j = BN_num_bits_word((BN_ULONG)bl);
1021 } 1008 }
1022 j = 1<<(j-1); 1009 j = 1 << (j - 1);
1023 assert(j <= al || j <= bl); 1010 assert(j <= al || j <= bl);
1024 k = j+j; 1011 k = j + j;
1025 t = BN_CTX_get(ctx); 1012 t = BN_CTX_get(ctx);
1026 if (t == NULL) 1013 if (t == NULL)
1027 goto err; 1014 goto err;
1028 if (al > j || bl > j) 1015 if (al > j || bl > j) {
1029 { 1016 if (bn_wexpand(t, k * 4) == NULL)
1030 if (bn_wexpand(t,k*4) == NULL) goto err; 1017 goto err;
1031 if (bn_wexpand(rr,k*4) == NULL) goto err; 1018 if (bn_wexpand(rr, k * 4) == NULL)
1032 bn_mul_part_recursive(rr->d,a->d,b->d, 1019 goto err;
1033 j,al-j,bl-j,t->d); 1020 bn_mul_part_recursive(rr->d, a->d, b->d,
1034 } 1021 j, al - j, bl - j, t->d);
1022 }
1035 else /* al <= j || bl <= j */ 1023 else /* al <= j || bl <= j */
1036 { 1024 {
1037 if (bn_wexpand(t,k*2) == NULL) goto err; 1025 if (bn_wexpand(t, k * 2) == NULL)
1038 if (bn_wexpand(rr,k*2) == NULL) goto err; 1026 goto err;
1039 bn_mul_recursive(rr->d,a->d,b->d, 1027 if (bn_wexpand(rr, k * 2) == NULL)
1040 j,al-j,bl-j,t->d); 1028 goto err;
1041 } 1029 bn_mul_recursive(rr->d, a->d, b->d,
1042 rr->top=top; 1030 j, al - j, bl - j, t->d);
1043 goto end;
1044 } 1031 }
1032 rr->top = top;
1033 goto end;
1034 }
1045#if 0 1035#if 0
1046 if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA)) 1036 if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) {
1047 {
1048 BIGNUM *tmp_bn = (BIGNUM *)b; 1037 BIGNUM *tmp_bn = (BIGNUM *)b;
1049 if (bn_wexpand(tmp_bn,al) == NULL) goto err; 1038 if (bn_wexpand(tmp_bn, al) == NULL)
1050 tmp_bn->d[bl]=0; 1039 goto err;
1040 tmp_bn->d[bl] = 0;
1051 bl++; 1041 bl++;
1052 i--; 1042 i--;
1053 } 1043 } else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) {
1054 else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
1055 {
1056 BIGNUM *tmp_bn = (BIGNUM *)a; 1044 BIGNUM *tmp_bn = (BIGNUM *)a;
1057 if (bn_wexpand(tmp_bn,bl) == NULL) goto err; 1045 if (bn_wexpand(tmp_bn, bl) == NULL)
1058 tmp_bn->d[al]=0; 1046 goto err;
1047 tmp_bn->d[al] = 0;
1059 al++; 1048 al++;
1060 i++; 1049 i++;
1061 } 1050 }
1062 if (i == 0) 1051 if (i == 0) {
1063 {
1064 /* symmetric and > 4 */ 1052 /* symmetric and > 4 */
1065 /* 16 or larger */ 1053 /* 16 or larger */
1066 j=BN_num_bits_word((BN_ULONG)al); 1054 j = BN_num_bits_word((BN_ULONG)al);
1067 j=1<<(j-1); 1055 j = 1 << (j - 1);
1068 k=j+j; 1056 k = j + j;
1069 t = BN_CTX_get(ctx); 1057 t = BN_CTX_get(ctx);
1070 if (al == j) /* exact multiple */ 1058 if (al == j) /* exact multiple */
1071 { 1059 {
1072 if (bn_wexpand(t,k*2) == NULL) goto err; 1060 if (bn_wexpand(t, k * 2) == NULL)
1073 if (bn_wexpand(rr,k*2) == NULL) goto err; 1061 goto err;
1074 bn_mul_recursive(rr->d,a->d,b->d,al,t->d); 1062 if (bn_wexpand(rr, k * 2) == NULL)
1075 } 1063 goto err;
1076 else 1064 bn_mul_recursive(rr->d, a->d, b->d, al, t->d);
1077 { 1065 } else {
1078 if (bn_wexpand(t,k*4) == NULL) goto err; 1066 if (bn_wexpand(t, k * 4) == NULL)
1079 if (bn_wexpand(rr,k*4) == NULL) goto err; 1067 goto err;
1080 bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d); 1068 if (bn_wexpand(rr, k * 4) == NULL)
1081 } 1069 goto err;
1082 rr->top=top; 1070 bn_mul_part_recursive(rr->d, a->d, b->d,
1083 goto end; 1071 al - j, j, t->d);
1084 } 1072 }
1085#endif 1073 rr->top = top;
1074 goto end;
1086 } 1075 }
1076#endif
1077 }
1087#endif /* BN_RECURSION */ 1078#endif /* BN_RECURSION */
1088 if (bn_wexpand(rr,top) == NULL) goto err; 1079 if (bn_wexpand(rr, top) == NULL)
1089 rr->top=top; 1080 goto err;
1090 bn_mul_normal(rr->d,a->d,al,b->d,bl); 1081 rr->top = top;
1082 bn_mul_normal(rr->d, a->d, al, b->d, bl);
1091 1083
1092#if defined(BN_MUL_COMBA) || defined(BN_RECURSION) 1084#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
1093end: 1085end:
1094#endif 1086#endif
1095 bn_correct_top(rr); 1087 bn_correct_top(rr);
1096 if (r != rr) BN_copy(r,rr); 1088 if (r != rr)
1097 ret=1; 1089 BN_copy(r, rr);
1090 ret = 1;
1098err: 1091err:
1099 bn_check_top(r); 1092 bn_check_top(r);
1100 BN_CTX_end(ctx); 1093 BN_CTX_end(ctx);
1101 return(ret); 1094 return (ret);
1102 } 1095}
1103 1096
1104void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) 1097void
1105 { 1098bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
1099{
1106 BN_ULONG *rr; 1100 BN_ULONG *rr;
1107 1101
1108#ifdef BN_COUNT 1102#ifdef BN_COUNT
1109 fprintf(stderr," bn_mul_normal %d * %d\n",na,nb); 1103 fprintf(stderr, " bn_mul_normal %d * %d\n", na, nb);
1110#endif 1104#endif
1111 1105
1112 if (na < nb) 1106 if (na < nb) {
1113 {
1114 int itmp; 1107 int itmp;
1115 BN_ULONG *ltmp; 1108 BN_ULONG *ltmp;
1116 1109
1117 itmp=na; na=nb; nb=itmp; 1110 itmp = na;
1118 ltmp=a; a=b; b=ltmp; 1111 na = nb;
1112 nb = itmp;
1113 ltmp = a;
1114 a = b;
1115 b = ltmp;
1119 1116
1120 } 1117 }
1121 rr= &(r[na]); 1118 rr = &(r[na]);
1122 if (nb <= 0) 1119 if (nb <= 0) {
1123 { 1120 (void)bn_mul_words(r, a, na, 0);
1124 (void)bn_mul_words(r,a,na,0);
1125 return; 1121 return;
1126 } 1122 } else
1127 else 1123 rr[0] = bn_mul_words(r, a, na, b[0]);
1128 rr[0]=bn_mul_words(r,a,na,b[0]); 1124
1129 1125 for (;;) {
1130 for (;;) 1126 if (--nb <= 0)
1131 { 1127 return;
1132 if (--nb <= 0) return; 1128 rr[1] = bn_mul_add_words(&(r[1]), a, na, b[1]);
1133 rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]); 1129 if (--nb <= 0)
1134 if (--nb <= 0) return; 1130 return;
1135 rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]); 1131 rr[2] = bn_mul_add_words(&(r[2]), a, na, b[2]);
1136 if (--nb <= 0) return; 1132 if (--nb <= 0)
1137 rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]); 1133 return;
1138 if (--nb <= 0) return; 1134 rr[3] = bn_mul_add_words(&(r[3]), a, na, b[3]);
1139 rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]); 1135 if (--nb <= 0)
1140 rr+=4; 1136 return;
1141 r+=4; 1137 rr[4] = bn_mul_add_words(&(r[4]), a, na, b[4]);
1142 b+=4; 1138 rr += 4;
1143 } 1139 r += 4;
1140 b += 4;
1144 } 1141 }
1142}
1145 1143
1146void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) 1144void
1147 { 1145bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
1146{
1148#ifdef BN_COUNT 1147#ifdef BN_COUNT
1149 fprintf(stderr," bn_mul_low_normal %d * %d\n",n,n); 1148 fprintf(stderr, " bn_mul_low_normal %d * %d\n", n, n);
1150#endif 1149#endif
1151 bn_mul_words(r,a,n,b[0]); 1150 bn_mul_words(r, a, n, b[0]);
1152 1151
1153 for (;;) 1152 for (;;) {
1154 { 1153 if (--n <= 0)
1155 if (--n <= 0) return; 1154 return;
1156 bn_mul_add_words(&(r[1]),a,n,b[1]); 1155 bn_mul_add_words(&(r[1]), a, n, b[1]);
1157 if (--n <= 0) return; 1156 if (--n <= 0)
1158 bn_mul_add_words(&(r[2]),a,n,b[2]); 1157 return;
1159 if (--n <= 0) return; 1158 bn_mul_add_words(&(r[2]), a, n, b[2]);
1160 bn_mul_add_words(&(r[3]),a,n,b[3]); 1159 if (--n <= 0)
1161 if (--n <= 0) return; 1160 return;
1162 bn_mul_add_words(&(r[4]),a,n,b[4]); 1161 bn_mul_add_words(&(r[3]), a, n, b[3]);
1163 r+=4; 1162 if (--n <= 0)
1164 b+=4; 1163 return;
1165 } 1164 bn_mul_add_words(&(r[4]), a, n, b[4]);
1165 r += 4;
1166 b += 4;
1166 } 1167 }
1168}
diff --git a/src/lib/libcrypto/bn/bn_prime.c b/src/lib/libcrypto/bn/bn_prime.c
index 7b25979dd1..7d4cab4acd 100644
--- a/src/lib/libcrypto/bn/bn_prime.c
+++ b/src/lib/libcrypto/bn/bn_prime.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
63 * are met: 63 * are met:
64 * 64 *
65 * 1. Redistributions of source code must retain the above copyright 65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer. 66 * notice, this list of conditions and the following disclaimer.
67 * 67 *
68 * 2. Redistributions in binary form must reproduce the above copyright 68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in 69 * notice, this list of conditions and the following disclaimer in
@@ -127,22 +127,23 @@
127#include "bn_prime.h" 127#include "bn_prime.h"
128 128
129static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, 129static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
130 const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont); 130 const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont);
131static int probable_prime(BIGNUM *rnd, int bits); 131static int probable_prime(BIGNUM *rnd, int bits);
132static int probable_prime_dh(BIGNUM *rnd, int bits, 132static int probable_prime_dh(BIGNUM *rnd, int bits,
133 const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); 133 const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
134static int probable_prime_dh_safe(BIGNUM *rnd, int bits, 134static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
135 const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); 135 const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
136 136
137int BN_GENCB_call(BN_GENCB *cb, int a, int b) 137int
138 { 138BN_GENCB_call(BN_GENCB *cb, int a, int b)
139{
139 /* No callback means continue */ 140 /* No callback means continue */
140 if(!cb) return 1; 141 if (!cb)
141 switch(cb->ver) 142 return 1;
142 { 143 switch (cb->ver) {
143 case 1: 144 case 1:
144 /* Deprecated-style callbacks */ 145 /* Deprecated-style callbacks */
145 if(!cb->cb.cb_1) 146 if (!cb->cb.cb_1)
146 return 1; 147 return 1;
147 cb->cb.cb_1(a, b, cb->arg); 148 cb->cb.cb_1(a, b, cb->arg);
148 return 1; 149 return 1;
@@ -151,98 +152,101 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b)
151 return cb->cb.cb_2(a, b, cb); 152 return cb->cb.cb_2(a, b, cb);
152 default: 153 default:
153 break; 154 break;
154 } 155 }
155 /* Unrecognised callback type */ 156 /* Unrecognised callback type */
156 return 0; 157 return 0;
157 } 158}
158 159
159int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, 160int
160 const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb) 161BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
161 { 162 const BIGNUM *rem, BN_GENCB *cb)
163{
162 BIGNUM *t; 164 BIGNUM *t;
163 int found=0; 165 int found = 0;
164 int i,j,c1=0; 166 int i, j, c1 = 0;
165 BN_CTX *ctx; 167 BN_CTX *ctx;
166 int checks = BN_prime_checks_for_size(bits); 168 int checks = BN_prime_checks_for_size(bits);
167 169
168 ctx=BN_CTX_new(); 170 ctx = BN_CTX_new();
169 if (ctx == NULL) goto err; 171 if (ctx == NULL)
172 goto err;
170 BN_CTX_start(ctx); 173 BN_CTX_start(ctx);
171 t = BN_CTX_get(ctx); 174 t = BN_CTX_get(ctx);
172 if(!t) goto err; 175 if (!t)
173loop: 176 goto err;
177loop:
174 /* make a random number and set the top and bottom bits */ 178 /* make a random number and set the top and bottom bits */
175 if (add == NULL) 179 if (add == NULL) {
176 { 180 if (!probable_prime(ret, bits))
177 if (!probable_prime(ret,bits)) goto err; 181 goto err;
178 } 182 } else {
179 else 183 if (safe) {
180 { 184 if (!probable_prime_dh_safe(ret, bits, add, rem, ctx))
181 if (safe) 185 goto err;
182 { 186 } else {
183 if (!probable_prime_dh_safe(ret,bits,add,rem,ctx)) 187 if (!probable_prime_dh(ret, bits, add, rem, ctx))
184 goto err;
185 }
186 else
187 {
188 if (!probable_prime_dh(ret,bits,add,rem,ctx))
189 goto err; 188 goto err;
190 }
191 } 189 }
190 }
192 /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */ 191 /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */
193 if(!BN_GENCB_call(cb, 0, c1++)) 192 if (!BN_GENCB_call(cb, 0, c1++))
194 /* aborted */ 193 /* aborted */
195 goto err; 194 goto err;
196 195
197 if (!safe) 196 if (!safe) {
198 { 197 i = BN_is_prime_fasttest_ex(ret, checks, ctx, 0, cb);
199 i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb); 198 if (i == -1)
200 if (i == -1) goto err; 199 goto err;
201 if (i == 0) goto loop; 200 if (i == 0)
202 } 201 goto loop;
203 else 202 } else {
204 {
205 /* for "safe prime" generation, 203 /* for "safe prime" generation,
206 * check that (p-1)/2 is prime. 204 * check that (p-1)/2 is prime.
207 * Since a prime is odd, We just 205 * Since a prime is odd, We just
208 * need to divide by 2 */ 206 * need to divide by 2 */
209 if (!BN_rshift1(t,ret)) goto err; 207 if (!BN_rshift1(t, ret))
208 goto err;
210 209
211 for (i=0; i<checks; i++) 210 for (i = 0; i < checks; i++) {
212 { 211 j = BN_is_prime_fasttest_ex(ret, 1, ctx, 0, cb);
213 j=BN_is_prime_fasttest_ex(ret,1,ctx,0,cb); 212 if (j == -1)
214 if (j == -1) goto err; 213 goto err;
215 if (j == 0) goto loop; 214 if (j == 0)
215 goto loop;
216 216
217 j=BN_is_prime_fasttest_ex(t,1,ctx,0,cb); 217 j = BN_is_prime_fasttest_ex(t, 1, ctx, 0, cb);
218 if (j == -1) goto err; 218 if (j == -1)
219 if (j == 0) goto loop; 219 goto err;
220 if (j == 0)
221 goto loop;
220 222
221 if(!BN_GENCB_call(cb, 2, c1-1)) 223 if (!BN_GENCB_call(cb, 2, c1 - 1))
222 goto err; 224 goto err;
223 /* We have a safe prime test pass */ 225 /* We have a safe prime test pass */
224 }
225 } 226 }
227 }
226 /* we have a prime :-) */ 228 /* we have a prime :-) */
227 found = 1; 229 found = 1;
230
228err: 231err:
229 if (ctx != NULL) 232 if (ctx != NULL) {
230 {
231 BN_CTX_end(ctx); 233 BN_CTX_end(ctx);
232 BN_CTX_free(ctx); 234 BN_CTX_free(ctx);
233 } 235 }
234 bn_check_top(ret); 236 bn_check_top(ret);
235 return found; 237 return found;
236 } 238}
237 239
238int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb) 240int
239 { 241BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb)
242{
240 return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb); 243 return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);
241 } 244}
242 245
243int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, 246int
244 int do_trial_division, BN_GENCB *cb) 247BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
245 { 248 int do_trial_division, BN_GENCB *cb)
249{
246 int i, j, ret = -1; 250 int i, j, ret = -1;
247 int k; 251 int k;
248 BN_CTX *ctx = NULL; 252 BN_CTX *ctx = NULL;
@@ -252,7 +256,7 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
252 256
253 if (BN_cmp(a, BN_value_one()) <= 0) 257 if (BN_cmp(a, BN_value_one()) <= 0)
254 return 0; 258 return 0;
255 259
256 if (checks == BN_prime_checks) 260 if (checks == BN_prime_checks)
257 checks = BN_prime_checks_for_size(BN_num_bits(a)); 261 checks = BN_prime_checks_for_size(BN_num_bits(a));
258 262
@@ -260,48 +264,45 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
260 if (!BN_is_odd(a)) 264 if (!BN_is_odd(a))
261 /* a is even => a is prime if and only if a == 2 */ 265 /* a is even => a is prime if and only if a == 2 */
262 return BN_is_word(a, 2); 266 return BN_is_word(a, 2);
263 if (do_trial_division) 267 if (do_trial_division) {
264 {
265 for (i = 1; i < NUMPRIMES; i++) 268 for (i = 1; i < NUMPRIMES; i++)
266 if (BN_mod_word(a, primes[i]) == 0) 269 if (BN_mod_word(a, primes[i]) == 0)
267 return 0; 270 return 0;
268 if(!BN_GENCB_call(cb, 1, -1)) 271 if (!BN_GENCB_call(cb, 1, -1))
269 goto err; 272 goto err;
270 } 273 }
271 274
272 if (ctx_passed != NULL) 275 if (ctx_passed != NULL)
273 ctx = ctx_passed; 276 ctx = ctx_passed;
274 else 277 else if ((ctx = BN_CTX_new()) == NULL)
275 if ((ctx=BN_CTX_new()) == NULL) 278 goto err;
276 goto err;
277 BN_CTX_start(ctx); 279 BN_CTX_start(ctx);
278 280
279 /* A := abs(a) */ 281 /* A := abs(a) */
280 if (a->neg) 282 if (a->neg) {
281 {
282 BIGNUM *t; 283 BIGNUM *t;
283 if ((t = BN_CTX_get(ctx)) == NULL) goto err; 284 if ((t = BN_CTX_get(ctx)) == NULL)
285 goto err;
284 BN_copy(t, a); 286 BN_copy(t, a);
285 t->neg = 0; 287 t->neg = 0;
286 A = t; 288 A = t;
287 } 289 } else
288 else
289 A = a; 290 A = a;
290 A1 = BN_CTX_get(ctx); 291 A1 = BN_CTX_get(ctx);
291 A1_odd = BN_CTX_get(ctx); 292 A1_odd = BN_CTX_get(ctx);
292 check = BN_CTX_get(ctx); 293 check = BN_CTX_get(ctx);
293 if (check == NULL) goto err; 294 if (check == NULL)
295 goto err;
294 296
295 /* compute A1 := A - 1 */ 297 /* compute A1 := A - 1 */
296 if (!BN_copy(A1, A)) 298 if (!BN_copy(A1, A))
297 goto err; 299 goto err;
298 if (!BN_sub_word(A1, 1)) 300 if (!BN_sub_word(A1, 1))
299 goto err; 301 goto err;
300 if (BN_is_zero(A1)) 302 if (BN_is_zero(A1)) {
301 {
302 ret = 0; 303 ret = 0;
303 goto err; 304 goto err;
304 } 305 }
305 306
306 /* write A1 as A1_odd * 2^k */ 307 /* write A1 as A1_odd * 2^k */
307 k = 1; 308 k = 1;
@@ -316,9 +317,8 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
316 goto err; 317 goto err;
317 if (!BN_MONT_CTX_set(mont, A, ctx)) 318 if (!BN_MONT_CTX_set(mont, A, ctx))
318 goto err; 319 goto err;
319 320
320 for (i = 0; i < checks; i++) 321 for (i = 0; i < checks; i++) {
321 {
322 if (!BN_pseudo_rand_range(check, A1)) 322 if (!BN_pseudo_rand_range(check, A1))
323 goto err; 323 goto err;
324 if (!BN_add_word(check, 1)) 324 if (!BN_add_word(check, 1))
@@ -326,40 +326,41 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
326 /* now 1 <= check < A */ 326 /* now 1 <= check < A */
327 327
328 j = witness(check, A, A1, A1_odd, k, ctx, mont); 328 j = witness(check, A, A1, A1_odd, k, ctx, mont);
329 if (j == -1) goto err; 329 if (j == -1)
330 if (j)
331 {
332 ret=0;
333 goto err; 330 goto err;
334 } 331 if (j) {
335 if(!BN_GENCB_call(cb, 1, i)) 332 ret = 0;
336 goto err; 333 goto err;
337 } 334 }
338 ret=1; 335 if (!BN_GENCB_call(cb, 1, i))
336 goto err;
337 }
338 ret = 1;
339
339err: 340err:
340 if (ctx != NULL) 341 if (ctx != NULL) {
341 {
342 BN_CTX_end(ctx); 342 BN_CTX_end(ctx);
343 if (ctx_passed == NULL) 343 if (ctx_passed == NULL)
344 BN_CTX_free(ctx); 344 BN_CTX_free(ctx);
345 } 345 }
346 if (mont != NULL) 346 if (mont != NULL)
347 BN_MONT_CTX_free(mont); 347 BN_MONT_CTX_free(mont);
348 348
349 return(ret); 349 return (ret);
350 } 350}
351 351
352static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, 352static int
353 const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont) 353witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, const BIGNUM *a1_odd,
354 { 354 int k, BN_CTX *ctx, BN_MONT_CTX *mont)
355 if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */ 355{
356 if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont))
357 /* w := w^a1_odd mod a */
356 return -1; 358 return -1;
357 if (BN_is_one(w)) 359 if (BN_is_one(w))
358 return 0; /* probably prime */ 360 return 0; /* probably prime */
359 if (BN_cmp(w, a1) == 0) 361 if (BN_cmp(w, a1) == 0)
360 return 0; /* w == -1 (mod a), 'a' is probably prime */ 362 return 0; /* w == -1 (mod a), 'a' is probably prime */
361 while (--k) 363 while (--k) {
362 {
363 if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */ 364 if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */
364 return -1; 365 return -1;
365 if (BN_is_one(w)) 366 if (BN_is_one(w))
@@ -367,128 +368,152 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
367 * have been == -1 (mod 'a') */ 368 * have been == -1 (mod 'a') */
368 if (BN_cmp(w, a1) == 0) 369 if (BN_cmp(w, a1) == 0)
369 return 0; /* w == -1 (mod a), 'a' is probably prime */ 370 return 0; /* w == -1 (mod a), 'a' is probably prime */
370 } 371 }
371 /* If we get here, 'w' is the (a-1)/2-th power of the original 'w', 372 /* If we get here, 'w' is the (a-1)/2-th power of the original 'w',
372 * and it is neither -1 nor +1 -- so 'a' cannot be prime */ 373 * and it is neither -1 nor +1 -- so 'a' cannot be prime */
373 bn_check_top(w); 374 bn_check_top(w);
374 return 1; 375 return 1;
375 } 376}
376 377
377static int probable_prime(BIGNUM *rnd, int bits) 378static int
378 { 379probable_prime(BIGNUM *rnd, int bits)
380{
379 int i; 381 int i;
380 prime_t mods[NUMPRIMES]; 382 prime_t mods[NUMPRIMES];
381 BN_ULONG delta,maxdelta; 383 BN_ULONG delta, maxdelta;
382 384
383again: 385again:
384 if (!BN_rand(rnd,bits,1,1)) return(0); 386 if (!BN_rand(rnd, bits, 1, 1))
387 return (0);
385 /* we now have a random number 'rand' to test. */ 388 /* we now have a random number 'rand' to test. */
386 for (i=1; i<NUMPRIMES; i++) 389 for (i = 1; i < NUMPRIMES; i++)
387 mods[i]=(prime_t)BN_mod_word(rnd,(BN_ULONG)primes[i]); 390 mods[i] = (prime_t)BN_mod_word(rnd, (BN_ULONG)primes[i]);
388 maxdelta=BN_MASK2 - primes[NUMPRIMES-1]; 391 maxdelta = BN_MASK2 - primes[NUMPRIMES - 1];
389 delta=0; 392 delta = 0;
390 loop: for (i=1; i<NUMPRIMES; i++) 393loop:
391 { 394 for (i = 1; i < NUMPRIMES; i++) {
392 /* check that rnd is not a prime and also 395 /* check that rnd is not a prime and also
393 * that gcd(rnd-1,primes) == 1 (except for 2) */ 396 * that gcd(rnd-1,primes) == 1 (except for 2) */
394 if (((mods[i]+delta)%primes[i]) <= 1) 397 if (((mods[i] + delta) % primes[i]) <= 1) {
395 { 398 delta += 2;
396 delta+=2; 399 if (delta > maxdelta)
397 if (delta > maxdelta) goto again; 400 goto again;
398 goto loop; 401 goto loop;
399 }
400 } 402 }
401 if (!BN_add_word(rnd,delta)) return(0);
402 bn_check_top(rnd);
403 return(1);
404 } 403 }
405 404 if (!BN_add_word(rnd, delta))
406static int probable_prime_dh(BIGNUM *rnd, int bits, 405 return (0);
407 const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx) 406 bn_check_top(rnd);
408 { 407 return (1);
409 int i,ret=0; 408}
409
410static int
411probable_prime_dh(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem,
412 BN_CTX *ctx)
413{
414 int i, ret = 0;
410 BIGNUM *t1; 415 BIGNUM *t1;
411 416
412 BN_CTX_start(ctx); 417 BN_CTX_start(ctx);
413 if ((t1 = BN_CTX_get(ctx)) == NULL) goto err; 418 if ((t1 = BN_CTX_get(ctx)) == NULL)
419 goto err;
414 420
415 if (!BN_rand(rnd,bits,0,1)) goto err; 421 if (!BN_rand(rnd, bits, 0, 1))
422 goto err;
416 423
417 /* we need ((rnd-rem) % add) == 0 */ 424 /* we need ((rnd-rem) % add) == 0 */
418 425
419 if (!BN_mod(t1,rnd,add,ctx)) goto err; 426 if (!BN_mod(t1, rnd, add, ctx))
420 if (!BN_sub(rnd,rnd,t1)) goto err; 427 goto err;
421 if (rem == NULL) 428 if (!BN_sub(rnd, rnd, t1))
422 { if (!BN_add_word(rnd,1)) goto err; } 429 goto err;
423 else 430 if (rem == NULL) {
424 { if (!BN_add(rnd,rnd,rem)) goto err; } 431 if (!BN_add_word(rnd, 1))
432 goto err;
433 } else {
434 if (!BN_add(rnd, rnd, rem))
435 goto err;
436 }
425 437
426 /* we now have a random number 'rand' to test. */ 438 /* we now have a random number 'rand' to test. */
427 439
428 loop: for (i=1; i<NUMPRIMES; i++) 440loop:
429 { 441 for (i = 1; i < NUMPRIMES; i++) {
430 /* check that rnd is a prime */ 442 /* check that rnd is a prime */
431 if (BN_mod_word(rnd,(BN_ULONG)primes[i]) <= 1) 443 if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) {
432 { 444 if (!BN_add(rnd, rnd, add))
433 if (!BN_add(rnd,rnd,add)) goto err; 445 goto err;
434 goto loop; 446 goto loop;
435 }
436 } 447 }
437 ret=1; 448 }
449 ret = 1;
450
438err: 451err:
439 BN_CTX_end(ctx); 452 BN_CTX_end(ctx);
440 bn_check_top(rnd); 453 bn_check_top(rnd);
441 return(ret); 454 return (ret);
442 } 455}
443 456
444static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, 457static int
445 const BIGNUM *rem, BN_CTX *ctx) 458probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
446 { 459 const BIGNUM *rem, BN_CTX *ctx)
447 int i,ret=0; 460{
448 BIGNUM *t1,*qadd,*q; 461 int i, ret = 0;
462 BIGNUM *t1, *qadd, *q;
449 463
450 bits--; 464 bits--;
451 BN_CTX_start(ctx); 465 BN_CTX_start(ctx);
452 t1 = BN_CTX_get(ctx); 466 t1 = BN_CTX_get(ctx);
453 q = BN_CTX_get(ctx); 467 q = BN_CTX_get(ctx);
454 qadd = BN_CTX_get(ctx); 468 qadd = BN_CTX_get(ctx);
455 if (qadd == NULL) goto err; 469 if (qadd == NULL)
470 goto err;
471
472 if (!BN_rshift1(qadd, padd))
473 goto err;
456 474
457 if (!BN_rshift1(qadd,padd)) goto err; 475 if (!BN_rand(q, bits, 0, 1))
458 476 goto err;
459 if (!BN_rand(q,bits,0,1)) goto err;
460 477
461 /* we need ((rnd-rem) % add) == 0 */ 478 /* we need ((rnd-rem) % add) == 0 */
462 if (!BN_mod(t1,q,qadd,ctx)) goto err; 479 if (!BN_mod(t1, q,qadd, ctx))
463 if (!BN_sub(q,q,t1)) goto err; 480 goto err;
464 if (rem == NULL) 481 if (!BN_sub(q, q, t1))
465 { if (!BN_add_word(q,1)) goto err; } 482 goto err;
466 else 483 if (rem == NULL) {
467 { 484 if (!BN_add_word(q, 1))
468 if (!BN_rshift1(t1,rem)) goto err; 485 goto err;
469 if (!BN_add(q,q,t1)) goto err; 486 } else {
470 } 487 if (!BN_rshift1(t1, rem))
488 goto err;
489 if (!BN_add(q, q, t1))
490 goto err;
491 }
471 492
472 /* we now have a random number 'rand' to test. */ 493 /* we now have a random number 'rand' to test. */
473 if (!BN_lshift1(p,q)) goto err; 494 if (!BN_lshift1(p, q))
474 if (!BN_add_word(p,1)) goto err; 495 goto err;
496 if (!BN_add_word(p, 1))
497 goto err;
475 498
476 loop: for (i=1; i<NUMPRIMES; i++) 499loop:
477 { 500 for (i = 1; i < NUMPRIMES; i++) {
478 /* check that p and q are prime */ 501 /* check that p and q are prime */
479 /* check that for p and q 502 /* check that for p and q
480 * gcd(p-1,primes) == 1 (except for 2) */ 503 * gcd(p-1,primes) == 1 (except for 2) */
481 if ( (BN_mod_word(p,(BN_ULONG)primes[i]) == 0) || 504 if ((BN_mod_word(p, (BN_ULONG)primes[i]) == 0) ||
482 (BN_mod_word(q,(BN_ULONG)primes[i]) == 0)) 505 (BN_mod_word(q, (BN_ULONG)primes[i]) == 0)) {
483 { 506 if (!BN_add(p, p, padd))
484 if (!BN_add(p,p,padd)) goto err; 507 goto err;
485 if (!BN_add(q,q,qadd)) goto err; 508 if (!BN_add(q, q, qadd))
509 goto err;
486 goto loop; 510 goto loop;
487 }
488 } 511 }
489 ret=1; 512 }
513 ret = 1;
514
490err: 515err:
491 BN_CTX_end(ctx); 516 BN_CTX_end(ctx);
492 bn_check_top(p); 517 bn_check_top(p);
493 return(ret); 518 return (ret);
494 } 519}
diff --git a/src/lib/libcrypto/bn/bn_prime.h b/src/lib/libcrypto/bn/bn_prime.h
index ccdeca5afa..5133d12f01 100644
--- a/src/lib/libcrypto/bn/bn_prime.h
+++ b/src/lib/libcrypto/bn/bn_prime.h
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -58,262 +58,261 @@
58 58
59#define NUMPRIMES 2048 59#define NUMPRIMES 2048
60typedef unsigned short prime_t; 60typedef unsigned short prime_t;
61static const prime_t primes[NUMPRIMES]= 61static const prime_t primes[NUMPRIMES] = {
62 { 62 2, 3, 5, 7, 11, 13, 17, 19,
63 2, 3, 5, 7, 11, 13, 17, 19, 63 23, 29, 31, 37, 41, 43, 47, 53,
64 23, 29, 31, 37, 41, 43, 47, 53, 64 59, 61, 67, 71, 73, 79, 83, 89,
65 59, 61, 67, 71, 73, 79, 83, 89, 65 97, 101, 103, 107, 109, 113, 127, 131,
66 97, 101, 103, 107, 109, 113, 127, 131, 66 137, 139, 149, 151, 157, 163, 167, 173,
67 137, 139, 149, 151, 157, 163, 167, 173, 67 179, 181, 191, 193, 197, 199, 211, 223,
68 179, 181, 191, 193, 197, 199, 211, 223, 68 227, 229, 233, 239, 241, 251, 257, 263,
69 227, 229, 233, 239, 241, 251, 257, 263, 69 269, 271, 277, 281, 283, 293, 307, 311,
70 269, 271, 277, 281, 283, 293, 307, 311, 70 313, 317, 331, 337, 347, 349, 353, 359,
71 313, 317, 331, 337, 347, 349, 353, 359, 71 367, 373, 379, 383, 389, 397, 401, 409,
72 367, 373, 379, 383, 389, 397, 401, 409, 72 419, 421, 431, 433, 439, 443, 449, 457,
73 419, 421, 431, 433, 439, 443, 449, 457, 73 461, 463, 467, 479, 487, 491, 499, 503,
74 461, 463, 467, 479, 487, 491, 499, 503, 74 509, 521, 523, 541, 547, 557, 563, 569,
75 509, 521, 523, 541, 547, 557, 563, 569, 75 571, 577, 587, 593, 599, 601, 607, 613,
76 571, 577, 587, 593, 599, 601, 607, 613, 76 617, 619, 631, 641, 643, 647, 653, 659,
77 617, 619, 631, 641, 643, 647, 653, 659, 77 661, 673, 677, 683, 691, 701, 709, 719,
78 661, 673, 677, 683, 691, 701, 709, 719, 78 727, 733, 739, 743, 751, 757, 761, 769,
79 727, 733, 739, 743, 751, 757, 761, 769, 79 773, 787, 797, 809, 811, 821, 823, 827,
80 773, 787, 797, 809, 811, 821, 823, 827, 80 829, 839, 853, 857, 859, 863, 877, 881,
81 829, 839, 853, 857, 859, 863, 877, 881, 81 883, 887, 907, 911, 919, 929, 937, 941,
82 883, 887, 907, 911, 919, 929, 937, 941, 82 947, 953, 967, 971, 977, 983, 991, 997,
83 947, 953, 967, 971, 977, 983, 991, 997, 83 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049,
84 1009,1013,1019,1021,1031,1033,1039,1049, 84 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097,
85 1051,1061,1063,1069,1087,1091,1093,1097, 85 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163,
86 1103,1109,1117,1123,1129,1151,1153,1163, 86 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223,
87 1171,1181,1187,1193,1201,1213,1217,1223, 87 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283,
88 1229,1231,1237,1249,1259,1277,1279,1283, 88 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321,
89 1289,1291,1297,1301,1303,1307,1319,1321, 89 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423,
90 1327,1361,1367,1373,1381,1399,1409,1423, 90 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459,
91 1427,1429,1433,1439,1447,1451,1453,1459, 91 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511,
92 1471,1481,1483,1487,1489,1493,1499,1511, 92 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571,
93 1523,1531,1543,1549,1553,1559,1567,1571, 93 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619,
94 1579,1583,1597,1601,1607,1609,1613,1619, 94 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693,
95 1621,1627,1637,1657,1663,1667,1669,1693, 95 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747,
96 1697,1699,1709,1721,1723,1733,1741,1747, 96 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811,
97 1753,1759,1777,1783,1787,1789,1801,1811, 97 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877,
98 1823,1831,1847,1861,1867,1871,1873,1877, 98 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949,
99 1879,1889,1901,1907,1913,1931,1933,1949, 99 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003,
100 1951,1973,1979,1987,1993,1997,1999,2003, 100 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069,
101 2011,2017,2027,2029,2039,2053,2063,2069, 101 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129,
102 2081,2083,2087,2089,2099,2111,2113,2129, 102 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203,
103 2131,2137,2141,2143,2153,2161,2179,2203, 103 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267,
104 2207,2213,2221,2237,2239,2243,2251,2267, 104 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311,
105 2269,2273,2281,2287,2293,2297,2309,2311, 105 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377,
106 2333,2339,2341,2347,2351,2357,2371,2377, 106 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423,
107 2381,2383,2389,2393,2399,2411,2417,2423, 107 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503,
108 2437,2441,2447,2459,2467,2473,2477,2503, 108 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579,
109 2521,2531,2539,2543,2549,2551,2557,2579, 109 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657,
110 2591,2593,2609,2617,2621,2633,2647,2657, 110 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693,
111 2659,2663,2671,2677,2683,2687,2689,2693, 111 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741,
112 2699,2707,2711,2713,2719,2729,2731,2741, 112 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801,
113 2749,2753,2767,2777,2789,2791,2797,2801, 113 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861,
114 2803,2819,2833,2837,2843,2851,2857,2861, 114 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939,
115 2879,2887,2897,2903,2909,2917,2927,2939, 115 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011,
116 2953,2957,2963,2969,2971,2999,3001,3011, 116 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079,
117 3019,3023,3037,3041,3049,3061,3067,3079, 117 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167,
118 3083,3089,3109,3119,3121,3137,3163,3167, 118 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221,
119 3169,3181,3187,3191,3203,3209,3217,3221, 119 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301,
120 3229,3251,3253,3257,3259,3271,3299,3301, 120 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347,
121 3307,3313,3319,3323,3329,3331,3343,3347, 121 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413,
122 3359,3361,3371,3373,3389,3391,3407,3413, 122 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491,
123 3433,3449,3457,3461,3463,3467,3469,3491, 123 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541,
124 3499,3511,3517,3527,3529,3533,3539,3541, 124 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607,
125 3547,3557,3559,3571,3581,3583,3593,3607, 125 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671,
126 3613,3617,3623,3631,3637,3643,3659,3671, 126 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727,
127 3673,3677,3691,3697,3701,3709,3719,3727, 127 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797,
128 3733,3739,3761,3767,3769,3779,3793,3797, 128 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863,
129 3803,3821,3823,3833,3847,3851,3853,3863, 129 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923,
130 3877,3881,3889,3907,3911,3917,3919,3923, 130 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003,
131 3929,3931,3943,3947,3967,3989,4001,4003, 131 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057,
132 4007,4013,4019,4021,4027,4049,4051,4057, 132 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129,
133 4073,4079,4091,4093,4099,4111,4127,4129, 133 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211,
134 4133,4139,4153,4157,4159,4177,4201,4211, 134 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259,
135 4217,4219,4229,4231,4241,4243,4253,4259, 135 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337,
136 4261,4271,4273,4283,4289,4297,4327,4337, 136 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409,
137 4339,4349,4357,4363,4373,4391,4397,4409, 137 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481,
138 4421,4423,4441,4447,4451,4457,4463,4481, 138 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547,
139 4483,4493,4507,4513,4517,4519,4523,4547, 139 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621,
140 4549,4561,4567,4583,4591,4597,4603,4621, 140 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673,
141 4637,4639,4643,4649,4651,4657,4663,4673, 141 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751,
142 4679,4691,4703,4721,4723,4729,4733,4751, 142 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813,
143 4759,4783,4787,4789,4793,4799,4801,4813, 143 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909,
144 4817,4831,4861,4871,4877,4889,4903,4909, 144 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967,
145 4919,4931,4933,4937,4943,4951,4957,4967, 145 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011,
146 4969,4973,4987,4993,4999,5003,5009,5011, 146 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087,
147 5021,5023,5039,5051,5059,5077,5081,5087, 147 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167,
148 5099,5101,5107,5113,5119,5147,5153,5167, 148 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233,
149 5171,5179,5189,5197,5209,5227,5231,5233, 149 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309,
150 5237,5261,5273,5279,5281,5297,5303,5309, 150 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399,
151 5323,5333,5347,5351,5381,5387,5393,5399, 151 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443,
152 5407,5413,5417,5419,5431,5437,5441,5443, 152 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507,
153 5449,5471,5477,5479,5483,5501,5503,5507, 153 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573,
154 5519,5521,5527,5531,5557,5563,5569,5573, 154 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653,
155 5581,5591,5623,5639,5641,5647,5651,5653, 155 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711,
156 5657,5659,5669,5683,5689,5693,5701,5711, 156 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791,
157 5717,5737,5741,5743,5749,5779,5783,5791, 157 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849,
158 5801,5807,5813,5821,5827,5839,5843,5849, 158 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897,
159 5851,5857,5861,5867,5869,5879,5881,5897, 159 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007,
160 5903,5923,5927,5939,5953,5981,5987,6007, 160 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073,
161 6011,6029,6037,6043,6047,6053,6067,6073, 161 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133,
162 6079,6089,6091,6101,6113,6121,6131,6133, 162 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211,
163 6143,6151,6163,6173,6197,6199,6203,6211, 163 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271,
164 6217,6221,6229,6247,6257,6263,6269,6271, 164 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329,
165 6277,6287,6299,6301,6311,6317,6323,6329, 165 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379,
166 6337,6343,6353,6359,6361,6367,6373,6379, 166 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473,
167 6389,6397,6421,6427,6449,6451,6469,6473, 167 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563,
168 6481,6491,6521,6529,6547,6551,6553,6563, 168 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637,
169 6569,6571,6577,6581,6599,6607,6619,6637, 169 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701,
170 6653,6659,6661,6673,6679,6689,6691,6701, 170 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779,
171 6703,6709,6719,6733,6737,6761,6763,6779, 171 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833,
172 6781,6791,6793,6803,6823,6827,6829,6833, 172 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907,
173 6841,6857,6863,6869,6871,6883,6899,6907, 173 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971,
174 6911,6917,6947,6949,6959,6961,6967,6971, 174 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027,
175 6977,6983,6991,6997,7001,7013,7019,7027, 175 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121,
176 7039,7043,7057,7069,7079,7103,7109,7121, 176 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207,
177 7127,7129,7151,7159,7177,7187,7193,7207, 177 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253,
178 7211,7213,7219,7229,7237,7243,7247,7253, 178 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349,
179 7283,7297,7307,7309,7321,7331,7333,7349, 179 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457,
180 7351,7369,7393,7411,7417,7433,7451,7457, 180 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517,
181 7459,7477,7481,7487,7489,7499,7507,7517, 181 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561,
182 7523,7529,7537,7541,7547,7549,7559,7561, 182 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621,
183 7573,7577,7583,7589,7591,7603,7607,7621, 183 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691,
184 7639,7643,7649,7669,7673,7681,7687,7691, 184 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757,
185 7699,7703,7717,7723,7727,7741,7753,7757, 185 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853,
186 7759,7789,7793,7817,7823,7829,7841,7853, 186 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919,
187 7867,7873,7877,7879,7883,7901,7907,7919, 187 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009,
188 7927,7933,7937,7949,7951,7963,7993,8009, 188 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087,
189 8011,8017,8039,8053,8059,8069,8081,8087, 189 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161,
190 8089,8093,8101,8111,8117,8123,8147,8161, 190 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231,
191 8167,8171,8179,8191,8209,8219,8221,8231, 191 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291,
192 8233,8237,8243,8263,8269,8273,8287,8291, 192 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369,
193 8293,8297,8311,8317,8329,8353,8363,8369, 193 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443,
194 8377,8387,8389,8419,8423,8429,8431,8443, 194 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537,
195 8447,8461,8467,8501,8513,8521,8527,8537, 195 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609,
196 8539,8543,8563,8573,8581,8597,8599,8609, 196 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677,
197 8623,8627,8629,8641,8647,8663,8669,8677, 197 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731,
198 8681,8689,8693,8699,8707,8713,8719,8731, 198 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803,
199 8737,8741,8747,8753,8761,8779,8783,8803, 199 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861,
200 8807,8819,8821,8831,8837,8839,8849,8861, 200 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941,
201 8863,8867,8887,8893,8923,8929,8933,8941, 201 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011,
202 8951,8963,8969,8971,8999,9001,9007,9011, 202 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091,
203 9013,9029,9041,9043,9049,9059,9067,9091, 203 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161,
204 9103,9109,9127,9133,9137,9151,9157,9161, 204 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227,
205 9173,9181,9187,9199,9203,9209,9221,9227, 205 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311,
206 9239,9241,9257,9277,9281,9283,9293,9311, 206 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377,
207 9319,9323,9337,9341,9343,9349,9371,9377, 207 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433,
208 9391,9397,9403,9413,9419,9421,9431,9433, 208 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491,
209 9437,9439,9461,9463,9467,9473,9479,9491, 209 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587,
210 9497,9511,9521,9533,9539,9547,9551,9587, 210 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649,
211 9601,9613,9619,9623,9629,9631,9643,9649, 211 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733,
212 9661,9677,9679,9689,9697,9719,9721,9733, 212 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791,
213 9739,9743,9749,9767,9769,9781,9787,9791, 213 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857,
214 9803,9811,9817,9829,9833,9839,9851,9857, 214 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929,
215 9859,9871,9883,9887,9901,9907,9923,9929, 215 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037,
216 9931,9941,9949,9967,9973,10007,10009,10037, 216 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099,
217 10039,10061,10067,10069,10079,10091,10093,10099, 217 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163,
218 10103,10111,10133,10139,10141,10151,10159,10163, 218 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247,
219 10169,10177,10181,10193,10211,10223,10243,10247, 219 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303,
220 10253,10259,10267,10271,10273,10289,10301,10303, 220 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369,
221 10313,10321,10331,10333,10337,10343,10357,10369, 221 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459,
222 10391,10399,10427,10429,10433,10453,10457,10459, 222 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531,
223 10463,10477,10487,10499,10501,10513,10529,10531, 223 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627,
224 10559,10567,10589,10597,10601,10607,10613,10627, 224 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691,
225 10631,10639,10651,10657,10663,10667,10687,10691, 225 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771,
226 10709,10711,10723,10729,10733,10739,10753,10771, 226 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859,
227 10781,10789,10799,10831,10837,10847,10853,10859, 227 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937,
228 10861,10867,10883,10889,10891,10903,10909,10937, 228 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003,
229 10939,10949,10957,10973,10979,10987,10993,11003, 229 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087,
230 11027,11047,11057,11059,11069,11071,11083,11087, 230 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161,
231 11093,11113,11117,11119,11131,11149,11159,11161, 231 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251,
232 11171,11173,11177,11197,11213,11239,11243,11251, 232 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317,
233 11257,11261,11273,11279,11287,11299,11311,11317, 233 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399,
234 11321,11329,11351,11353,11369,11383,11393,11399, 234 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483,
235 11411,11423,11437,11443,11447,11467,11471,11483, 235 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551,
236 11489,11491,11497,11503,11519,11527,11549,11551, 236 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657,
237 11579,11587,11593,11597,11617,11621,11633,11657, 237 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731,
238 11677,11681,11689,11699,11701,11717,11719,11731, 238 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813,
239 11743,11777,11779,11783,11789,11801,11807,11813, 239 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887,
240 11821,11827,11831,11833,11839,11863,11867,11887, 240 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941,
241 11897,11903,11909,11923,11927,11933,11939,11941, 241 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011,
242 11953,11959,11969,11971,11981,11987,12007,12011, 242 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101,
243 12037,12041,12043,12049,12071,12073,12097,12101, 243 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161,
244 12107,12109,12113,12119,12143,12149,12157,12161, 244 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251,
245 12163,12197,12203,12211,12227,12239,12241,12251, 245 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323,
246 12253,12263,12269,12277,12281,12289,12301,12323, 246 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401,
247 12329,12343,12347,12373,12377,12379,12391,12401, 247 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473,
248 12409,12413,12421,12433,12437,12451,12457,12473, 248 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527,
249 12479,12487,12491,12497,12503,12511,12517,12527, 249 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589,
250 12539,12541,12547,12553,12569,12577,12583,12589, 250 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653,
251 12601,12611,12613,12619,12637,12641,12647,12653, 251 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739,
252 12659,12671,12689,12697,12703,12713,12721,12739, 252 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821,
253 12743,12757,12763,12781,12791,12799,12809,12821, 253 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907,
254 12823,12829,12841,12853,12889,12893,12899,12907, 254 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967,
255 12911,12917,12919,12923,12941,12953,12959,12967, 255 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033,
256 12973,12979,12983,13001,13003,13007,13009,13033, 256 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109,
257 13037,13043,13049,13063,13093,13099,13103,13109, 257 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177,
258 13121,13127,13147,13151,13159,13163,13171,13177, 258 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259,
259 13183,13187,13217,13219,13229,13241,13249,13259, 259 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337,
260 13267,13291,13297,13309,13313,13327,13331,13337, 260 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421,
261 13339,13367,13381,13397,13399,13411,13417,13421, 261 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499,
262 13441,13451,13457,13463,13469,13477,13487,13499, 262 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597,
263 13513,13523,13537,13553,13567,13577,13591,13597, 263 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681,
264 13613,13619,13627,13633,13649,13669,13679,13681, 264 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723,
265 13687,13691,13693,13697,13709,13711,13721,13723, 265 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799,
266 13729,13751,13757,13759,13763,13781,13789,13799, 266 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879,
267 13807,13829,13831,13841,13859,13873,13877,13879, 267 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933,
268 13883,13901,13903,13907,13913,13921,13931,13933, 268 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033,
269 13963,13967,13997,13999,14009,14011,14029,14033, 269 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143,
270 14051,14057,14071,14081,14083,14087,14107,14143, 270 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221,
271 14149,14153,14159,14173,14177,14197,14207,14221, 271 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323,
272 14243,14249,14251,14281,14293,14303,14321,14323, 272 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407,
273 14327,14341,14347,14369,14387,14389,14401,14407, 273 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461,
274 14411,14419,14423,14431,14437,14447,14449,14461, 274 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549,
275 14479,14489,14503,14519,14533,14537,14543,14549, 275 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627,
276 14551,14557,14561,14563,14591,14593,14621,14627, 276 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699,
277 14629,14633,14639,14653,14657,14669,14683,14699, 277 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753,
278 14713,14717,14723,14731,14737,14741,14747,14753, 278 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821,
279 14759,14767,14771,14779,14783,14797,14813,14821, 279 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887,
280 14827,14831,14843,14851,14867,14869,14879,14887, 280 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957,
281 14891,14897,14923,14929,14939,14947,14951,14957, 281 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073,
282 14969,14983,15013,15017,15031,15053,15061,15073, 282 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137,
283 15077,15083,15091,15101,15107,15121,15131,15137, 283 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217,
284 15139,15149,15161,15173,15187,15193,15199,15217, 284 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277,
285 15227,15233,15241,15259,15263,15269,15271,15277, 285 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331,
286 15287,15289,15299,15307,15313,15319,15329,15331, 286 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401,
287 15349,15359,15361,15373,15377,15383,15391,15401, 287 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473,
288 15413,15427,15439,15443,15451,15461,15467,15473, 288 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569,
289 15493,15497,15511,15527,15541,15551,15559,15569, 289 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643,
290 15581,15583,15601,15607,15619,15629,15641,15643, 290 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727,
291 15647,15649,15661,15667,15671,15679,15683,15727, 291 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773,
292 15731,15733,15737,15739,15749,15761,15767,15773, 292 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859,
293 15787,15791,15797,15803,15809,15817,15823,15859, 293 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919,
294 15877,15881,15887,15889,15901,15907,15913,15919, 294 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007,
295 15923,15937,15959,15971,15973,15991,16001,16007, 295 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087,
296 16033,16057,16061,16063,16067,16069,16073,16087, 296 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183,
297 16091,16097,16103,16111,16127,16139,16141,16183, 297 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249,
298 16187,16189,16193,16217,16223,16229,16231,16249, 298 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349,
299 16253,16267,16273,16301,16319,16333,16339,16349, 299 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427,
300 16361,16363,16369,16381,16411,16417,16421,16427, 300 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493,
301 16433,16447,16451,16453,16477,16481,16487,16493, 301 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603,
302 16519,16529,16547,16553,16561,16567,16573,16603, 302 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661,
303 16607,16619,16631,16633,16649,16651,16657,16661, 303 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747,
304 16673,16691,16693,16699,16703,16729,16741,16747, 304 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843,
305 16759,16763,16787,16811,16823,16829,16831,16843, 305 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927,
306 16871,16879,16883,16889,16901,16903,16921,16927, 306 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993,
307 16931,16937,16943,16963,16979,16981,16987,16993, 307 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053,
308 17011,17021,17027,17029,17033,17041,17047,17053, 308 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159,
309 17077,17093,17099,17107,17117,17123,17137,17159, 309 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231,
310 17167,17183,17189,17191,17203,17207,17209,17231, 310 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327,
311 17239,17257,17291,17293,17299,17317,17321,17327, 311 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389,
312 17333,17341,17351,17359,17377,17383,17387,17389, 312 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467,
313 17393,17401,17417,17419,17431,17443,17449,17467, 313 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519,
314 17471,17477,17483,17489,17491,17497,17509,17519, 314 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599,
315 17539,17551,17569,17573,17579,17581,17597,17599, 315 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683,
316 17609,17623,17627,17657,17659,17669,17681,17683, 316 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783,
317 17707,17713,17729,17737,17747,17749,17761,17783, 317 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863,
318 17789,17791,17807,17827,17837,17839,17851,17863, 318};
319 };
diff --git a/src/lib/libcrypto/bn/bn_print.c b/src/lib/libcrypto/bn/bn_print.c
index 49efbcb9a9..c09c64db25 100644
--- a/src/lib/libcrypto/bn/bn_print.c
+++ b/src/lib/libcrypto/bn/bn_print.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -65,314 +65,328 @@
65static const char Hex[]="0123456789ABCDEF"; 65static const char Hex[]="0123456789ABCDEF";
66 66
67/* Must 'free' the returned data */ 67/* Must 'free' the returned data */
68char *BN_bn2hex(const BIGNUM *a) 68char *
69 { 69BN_bn2hex(const BIGNUM *a)
70 int i,j,v,z=0; 70{
71 int i, j, v, z = 0;
71 char *buf; 72 char *buf;
72 char *p; 73 char *p;
73 74
74 buf=(char *)malloc(a->top*BN_BYTES*2+2); 75 buf = (char *)malloc(a->top * BN_BYTES * 2 + 2);
75 if (buf == NULL) 76 if (buf == NULL) {
76 { 77 BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
77 BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);
78 goto err; 78 goto err;
79 } 79 }
80 p=buf; 80 p = buf;
81 if (a->neg) *(p++)='-'; 81 if (a->neg)
82 if (BN_is_zero(a)) *(p++)='0'; 82 *(p++) = '-';
83 for (i=a->top-1; i >=0; i--) 83 if (BN_is_zero(a))
84 { 84 *(p++) = '0';
85 for (j=BN_BITS2-8; j >= 0; j-=8) 85 for (i = a->top - 1; i >=0; i--) {
86 { 86 for (j = BN_BITS2 - 8; j >= 0; j -= 8) {
87 /* strip leading zeros */ 87 /* strip leading zeros */
88 v=((int)(a->d[i]>>(long)j))&0xff; 88 v = ((int)(a->d[i] >> (long)j)) & 0xff;
89 if (z || (v != 0)) 89 if (z || (v != 0)) {
90 { 90 *(p++) = Hex[v >> 4];
91 *(p++)=Hex[v>>4]; 91 *(p++) = Hex[v & 0x0f];
92 *(p++)=Hex[v&0x0f]; 92 z = 1;
93 z=1;
94 }
95 } 93 }
96 } 94 }
97 *p='\0';
98err:
99 return(buf);
100 } 95 }
96 *p = '\0';
97
98err:
99 return (buf);
100}
101 101
102/* Must 'free' the returned data */ 102/* Must 'free' the returned data */
103char *BN_bn2dec(const BIGNUM *a) 103char *
104 { 104BN_bn2dec(const BIGNUM *a)
105 int i=0,num, ok = 0; 105{
106 char *buf=NULL; 106 int i = 0, num, ok = 0;
107 char *buf = NULL;
107 char *p; 108 char *p;
108 BIGNUM *t=NULL; 109 BIGNUM *t = NULL;
109 BN_ULONG *bn_data=NULL,*lp; 110 BN_ULONG *bn_data = NULL, *lp;
110 111
111 /* get an upper bound for the length of the decimal integer 112 /* get an upper bound for the length of the decimal integer
112 * num <= (BN_num_bits(a) + 1) * log(2) 113 * num <= (BN_num_bits(a) + 1) * log(2)
113 * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) 114 * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error)
114 * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 115 * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
115 */ 116 */
116 i=BN_num_bits(a)*3; 117 i = BN_num_bits(a) * 3;
117 num=(i/10+i/1000+1)+1; 118 num = (i / 10 + i / 1000 + 1) + 1;
118 bn_data=(BN_ULONG *)malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG)); 119 bn_data = (BN_ULONG *)malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG));
119 buf=(char *)malloc(num+3); 120 buf = (char *)malloc(num + 3);
120 if ((buf == NULL) || (bn_data == NULL)) 121 if ((buf == NULL) || (bn_data == NULL)) {
121 { 122 BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
122 BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE); 123 goto err;
124 }
125 if ((t = BN_dup(a)) == NULL)
123 goto err; 126 goto err;
124 }
125 if ((t=BN_dup(a)) == NULL) goto err;
126 127
127#define BUF_REMAIN (num+3 - (size_t)(p - buf)) 128#define BUF_REMAIN (num+3 - (size_t)(p - buf))
128 p=buf; 129 p = buf;
129 lp=bn_data; 130 lp = bn_data;
130 if (BN_is_zero(t)) 131 if (BN_is_zero(t)) {
131 { 132 *(p++) = '0';
132 *(p++)='0'; 133 *(p++) = '\0';
133 *(p++)='\0'; 134 } else {
134 }
135 else
136 {
137 if (BN_is_negative(t)) 135 if (BN_is_negative(t))
138 *p++ = '-'; 136 *p++ = '-';
139 137
140 i=0; 138 i = 0;
141 while (!BN_is_zero(t)) 139 while (!BN_is_zero(t)) {
142 { 140 *lp = BN_div_word(t, BN_DEC_CONV);
143 *lp=BN_div_word(t,BN_DEC_CONV);
144 lp++; 141 lp++;
145 } 142 }
146 lp--; 143 lp--;
147 /* We now have a series of blocks, BN_DEC_NUM chars 144 /* We now have a series of blocks, BN_DEC_NUM chars
148 * in length, where the last one needs truncation. 145 * in length, where the last one needs truncation.
149 * The blocks need to be reversed in order. */ 146 * The blocks need to be reversed in order. */
150 snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp); 147 snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp);
151 while (*p) p++; 148 while (*p)
152 while (lp != bn_data) 149 p++;
153 { 150 while (lp != bn_data) {
154 lp--; 151 lp--;
155 snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp); 152 snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp);
156 while (*p) p++; 153 while (*p)
157 } 154 p++;
158 } 155 }
156 }
159 ok = 1; 157 ok = 1;
158
160err: 159err:
161 if (bn_data != NULL) free(bn_data); 160 if (bn_data != NULL)
162 if (t != NULL) BN_free(t); 161 free(bn_data);
163 if (!ok && buf) 162 if (t != NULL)
164 { 163 BN_free(t);
164 if (!ok && buf) {
165 free(buf); 165 free(buf);
166 buf = NULL; 166 buf = NULL;
167 }
168
169 return(buf);
170 } 167 }
171 168
172int BN_hex2bn(BIGNUM **bn, const char *a) 169 return (buf);
173 { 170}
174 BIGNUM *ret=NULL; 171
175 BN_ULONG l=0; 172int
176 int neg=0,h,m,i,j,k,c; 173BN_hex2bn(BIGNUM **bn, const char *a)
174{
175 BIGNUM *ret = NULL;
176 BN_ULONG l = 0;
177 int neg = 0, h, m, i,j, k, c;
177 int num; 178 int num;
178 179
179 if ((a == NULL) || (*a == '\0')) return(0); 180 if ((a == NULL) || (*a == '\0'))
181 return (0);
180 182
181 if (*a == '-') { neg=1; a++; } 183 if (*a == '-') {
184 neg = 1;
185 a++;
186 }
182 187
183 for (i=0; isxdigit((unsigned char) a[i]); i++) 188 for (i = 0; isxdigit((unsigned char)a[i]); i++)
184 ; 189 ;
185 190
186 num=i+neg; 191 num = i + neg;
187 if (bn == NULL) return(num); 192 if (bn == NULL)
193 return (num);
188 194
189 /* a is the start of the hex digits, and it is 'i' long */ 195 /* a is the start of the hex digits, and it is 'i' long */
190 if (*bn == NULL) 196 if (*bn == NULL) {
191 { 197 if ((ret = BN_new()) == NULL)
192 if ((ret=BN_new()) == NULL) return(0); 198 return (0);
193 } 199 } else {
194 else
195 {
196 ret= *bn; 200 ret= *bn;
197 BN_zero(ret); 201 BN_zero(ret);
198 } 202 }
199 203
200 /* i is the number of hex digests; */ 204 /* i is the number of hex digests; */
201 if (bn_expand(ret,i*4) == NULL) goto err; 205 if (bn_expand(ret, i * 4) == NULL)
202 206 goto err;
203 j=i; /* least significant 'hex' */ 207
204 m=0; 208 j = i; /* least significant 'hex' */
205 h=0; 209 m = 0;
206 while (j > 0) 210 h = 0;
207 { 211 while (j > 0) {
208 m=((BN_BYTES*2) <= j)?(BN_BYTES*2):j; 212 m = ((BN_BYTES*2) <= j) ? (BN_BYTES * 2) : j;
209 l=0; 213 l = 0;
210 for (;;) 214 for (;;) {
211 { 215 c = a[j - m];
212 c=a[j-m]; 216 if ((c >= '0') && (c <= '9'))
213 if ((c >= '0') && (c <= '9')) k=c-'0'; 217 k = c - '0';
214 else if ((c >= 'a') && (c <= 'f')) k=c-'a'+10; 218 else if ((c >= 'a') && (c <= 'f'))
215 else if ((c >= 'A') && (c <= 'F')) k=c-'A'+10; 219 k = c - 'a' + 10;
216 else k=0; /* paranoia */ 220 else if ((c >= 'A') && (c <= 'F'))
217 l=(l<<4)|k; 221 k = c - 'A' + 10;
218 222 else
219 if (--m <= 0) 223 k = 0; /* paranoia */
220 { 224 l = (l << 4) | k;
221 ret->d[h++]=l; 225
226 if (--m <= 0) {
227 ret->d[h++] = l;
222 break; 228 break;
223 }
224 } 229 }
225 j-=(BN_BYTES*2);
226 } 230 }
227 ret->top=h; 231 j -= (BN_BYTES * 2);
232 }
233 ret->top = h;
228 bn_correct_top(ret); 234 bn_correct_top(ret);
229 ret->neg=neg; 235 ret->neg = neg;
230 236
231 *bn=ret; 237 *bn = ret;
232 bn_check_top(ret); 238 bn_check_top(ret);
233 return(num); 239 return (num);
234err:
235 if (*bn == NULL) BN_free(ret);
236 return(0);
237 }
238 240
239int BN_dec2bn(BIGNUM **bn, const char *a) 241err:
240 { 242 if (*bn == NULL)
241 BIGNUM *ret=NULL; 243 BN_free(ret);
242 BN_ULONG l=0; 244 return (0);
243 int neg=0,i,j; 245}
246
247int
248BN_dec2bn(BIGNUM **bn, const char *a)
249{
250 BIGNUM *ret = NULL;
251 BN_ULONG l = 0;
252 int neg = 0, i, j;
244 int num; 253 int num;
245 254
246 if ((a == NULL) || (*a == '\0')) return(0); 255 if ((a == NULL) || (*a == '\0'))
247 if (*a == '-') { neg=1; a++; } 256 return (0);
257 if (*a == '-') {
258 neg = 1;
259 a++;
260 }
248 261
249 for (i=0; isdigit((unsigned char) a[i]); i++) 262 for (i = 0; isdigit((unsigned char)a[i]); i++)
250 ; 263 ;
251 264
252 num=i+neg; 265 num = i + neg;
253 if (bn == NULL) return(num); 266 if (bn == NULL)
267 return (num);
254 268
255 /* a is the start of the digits, and it is 'i' long. 269 /* a is the start of the digits, and it is 'i' long.
256 * We chop it into BN_DEC_NUM digits at a time */ 270 * We chop it into BN_DEC_NUM digits at a time */
257 if (*bn == NULL) 271 if (*bn == NULL) {
258 { 272 if ((ret = BN_new()) == NULL)
259 if ((ret=BN_new()) == NULL) return(0); 273 return (0);
260 } 274 } else {
261 else 275 ret = *bn;
262 {
263 ret= *bn;
264 BN_zero(ret); 276 BN_zero(ret);
265 } 277 }
266 278
267 /* i is the number of digests, a bit of an over expand; */ 279 /* i is the number of digests, a bit of an over expand; */
268 if (bn_expand(ret,i*4) == NULL) goto err; 280 if (bn_expand(ret, i * 4) == NULL)
269 281 goto err;
270 j=BN_DEC_NUM-(i%BN_DEC_NUM); 282
271 if (j == BN_DEC_NUM) j=0; 283 j = BN_DEC_NUM - (i % BN_DEC_NUM);
272 l=0; 284 if (j == BN_DEC_NUM)
273 while (*a) 285 j = 0;
274 { 286 l = 0;
275 l*=10; 287 while (*a) {
276 l+= *a-'0'; 288 l *= 10;
289 l += *a - '0';
277 a++; 290 a++;
278 if (++j == BN_DEC_NUM) 291 if (++j == BN_DEC_NUM) {
279 { 292 BN_mul_word(ret, BN_DEC_CONV);
280 BN_mul_word(ret,BN_DEC_CONV); 293 BN_add_word(ret, l);
281 BN_add_word(ret,l); 294 l = 0;
282 l=0; 295 j = 0;
283 j=0;
284 }
285 } 296 }
286 ret->neg=neg; 297 }
298 ret->neg = neg;
287 299
288 bn_correct_top(ret); 300 bn_correct_top(ret);
289 *bn=ret; 301 *bn = ret;
290 bn_check_top(ret); 302 bn_check_top(ret);
291 return(num); 303 return (num);
304
292err: 305err:
293 if (*bn == NULL) BN_free(ret); 306 if (*bn == NULL)
294 return(0); 307 BN_free(ret);
295 } 308 return (0);
309}
296 310
297int BN_asc2bn(BIGNUM **bn, const char *a) 311int
298 { 312BN_asc2bn(BIGNUM **bn, const char *a)
313{
299 const char *p = a; 314 const char *p = a;
300 if (*p == '-') 315 if (*p == '-')
301 p++; 316 p++;
302 317
303 if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x')) 318 if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x')) {
304 {
305 if (!BN_hex2bn(bn, p + 2)) 319 if (!BN_hex2bn(bn, p + 2))
306 return 0; 320 return 0;
307 } 321 } else {
308 else
309 {
310 if (!BN_dec2bn(bn, p)) 322 if (!BN_dec2bn(bn, p))
311 return 0; 323 return 0;
312 } 324 }
313 if (*a == '-') 325 if (*a == '-')
314 (*bn)->neg = 1; 326 (*bn)->neg = 1;
315 return 1; 327 return 1;
316 } 328}
317 329
318#ifndef OPENSSL_NO_BIO 330#ifndef OPENSSL_NO_BIO
319#ifndef OPENSSL_NO_FP_API 331#ifndef OPENSSL_NO_FP_API
320int BN_print_fp(FILE *fp, const BIGNUM *a) 332int
321 { 333BN_print_fp(FILE *fp, const BIGNUM *a)
334{
322 BIO *b; 335 BIO *b;
323 int ret; 336 int ret;
324 337
325 if ((b=BIO_new(BIO_s_file())) == NULL) 338 if ((b = BIO_new(BIO_s_file())) == NULL)
326 return(0); 339 return (0);
327 BIO_set_fp(b,fp,BIO_NOCLOSE); 340 BIO_set_fp(b, fp, BIO_NOCLOSE);
328 ret=BN_print(b,a); 341 ret = BN_print(b, a);
329 BIO_free(b); 342 BIO_free(b);
330 return(ret); 343 return (ret);
331 } 344}
332#endif 345#endif
333 346
334int BN_print(BIO *bp, const BIGNUM *a) 347int
335 { 348BN_print(BIO *bp, const BIGNUM *a)
336 int i,j,v,z=0; 349{
337 int ret=0; 350 int i, j, v, z = 0;
338 351 int ret = 0;
339 if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end; 352
340 if (BN_is_zero(a) && (BIO_write(bp,"0",1) != 1)) goto end; 353 if ((a->neg) && (BIO_write(bp, "-", 1) != 1))
341 for (i=a->top-1; i >=0; i--) 354 goto end;
342 { 355 if (BN_is_zero(a) && (BIO_write(bp, "0", 1) != 1))
343 for (j=BN_BITS2-4; j >= 0; j-=4) 356 goto end;
344 { 357 for (i = a->top - 1; i >= 0; i--) {
358 for (j = BN_BITS2 - 4; j >= 0; j -= 4) {
345 /* strip leading zeros */ 359 /* strip leading zeros */
346 v=((int)(a->d[i]>>(long)j))&0x0f; 360 v = ((int)(a->d[i] >> (long)j)) & 0x0f;
347 if (z || (v != 0)) 361 if (z || (v != 0)) {
348 { 362 if (BIO_write(bp, &(Hex[v]), 1) != 1)
349 if (BIO_write(bp,&(Hex[v]),1) != 1)
350 goto end; 363 goto end;
351 z=1; 364 z = 1;
352 }
353 } 365 }
354 } 366 }
355 ret=1;
356end:
357 return(ret);
358 } 367 }
368 ret = 1;
369
370end:
371 return (ret);
372}
359#endif 373#endif
360 374
361char *BN_options(void) 375char *
362 { 376BN_options(void)
363 static int init=0; 377{
378 static int init = 0;
364 static char data[16]; 379 static char data[16];
365 380
366 if (!init) 381 if (!init) {
367 {
368 init++; 382 init++;
369#ifdef BN_LLONG 383#ifdef BN_LLONG
370 snprintf(data,sizeof data,"bn(%d,%d)", 384 snprintf(data,sizeof data, "bn(%d,%d)",
371 (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8); 385 (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8);
372#else 386#else
373 snprintf(data,sizeof data,"bn(%d,%d)", 387 snprintf(data,sizeof data, "bn(%d,%d)",
374 (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8); 388 (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8);
375#endif 389#endif
376 }
377 return(data);
378 } 390 }
391 return (data);
392}
diff --git a/src/lib/libcrypto/bn/bn_rand.c b/src/lib/libcrypto/bn/bn_rand.c
index baa62d584c..488b7c6e63 100644
--- a/src/lib/libcrypto/bn/bn_rand.c
+++ b/src/lib/libcrypto/bn/bn_rand.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
63 * are met: 63 * are met:
64 * 64 *
65 * 1. Redistributions of source code must retain the above copyright 65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer. 66 * notice, this list of conditions and the following disclaimer.
67 * 67 *
68 * 2. Redistributions in binary form must reproduce the above copyright 68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in 69 * notice, this list of conditions and the following disclaimer in
@@ -115,126 +115,117 @@
115#include "bn_lcl.h" 115#include "bn_lcl.h"
116#include <openssl/rand.h> 116#include <openssl/rand.h>
117 117
118static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) 118static int
119 { 119bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
120 unsigned char *buf=NULL; 120{
121 int ret=0,bit,bytes,mask; 121 unsigned char *buf = NULL;
122 int ret = 0, bit, bytes, mask;
122 123
123 if (bits == 0) 124 if (bits == 0) {
124 {
125 BN_zero(rnd); 125 BN_zero(rnd);
126 return 1; 126 return 1;
127 } 127 }
128 128
129 bytes=(bits+7)/8; 129 bytes = (bits + 7) / 8;
130 bit=(bits-1)%8; 130 bit = (bits - 1) % 8;
131 mask=0xff<<(bit+1); 131 mask = 0xff << (bit + 1);
132 132
133 buf=(unsigned char *)malloc(bytes); 133 buf = (unsigned char *)malloc(bytes);
134 if (buf == NULL) 134 if (buf == NULL) {
135 { 135 BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE);
136 BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE);
137 goto err; 136 goto err;
138 } 137 }
139 138
140 /* make a random number and set the top and bottom bits */ 139 /* make a random number and set the top and bottom bits */
141 140
142 if (pseudorand) 141 if (pseudorand) {
143 {
144 if (RAND_pseudo_bytes(buf, bytes) == -1) 142 if (RAND_pseudo_bytes(buf, bytes) == -1)
145 goto err; 143 goto err;
146 } 144 } else {
147 else
148 {
149 if (RAND_bytes(buf, bytes) <= 0) 145 if (RAND_bytes(buf, bytes) <= 0)
150 goto err; 146 goto err;
151 } 147 }
152 148
153#if 1 149#if 1
154 if (pseudorand == 2) 150 if (pseudorand == 2) {
155 {
156 /* generate patterns that are more likely to trigger BN 151 /* generate patterns that are more likely to trigger BN
157 library bugs */ 152 library bugs */
158 int i; 153 int i;
159 unsigned char c; 154 unsigned char c;
160 155
161 for (i = 0; i < bytes; i++) 156 for (i = 0; i < bytes; i++) {
162 {
163 RAND_pseudo_bytes(&c, 1); 157 RAND_pseudo_bytes(&c, 1);
164 if (c >= 128 && i > 0) 158 if (c >= 128 && i > 0)
165 buf[i] = buf[i-1]; 159 buf[i] = buf[i - 1];
166 else if (c < 42) 160 else if (c < 42)
167 buf[i] = 0; 161 buf[i] = 0;
168 else if (c < 84) 162 else if (c < 84)
169 buf[i] = 255; 163 buf[i] = 255;
170 }
171 } 164 }
165 }
172#endif 166#endif
173 167
174 if (top != -1) 168 if (top != -1) {
175 { 169 if (top) {
176 if (top) 170 if (bit == 0) {
177 { 171 buf[0] = 1;
178 if (bit == 0) 172 buf[1] |= 0x80;
179 { 173 } else {
180 buf[0]=1; 174 buf[0] |= (3 << (bit - 1));
181 buf[1]|=0x80;
182 }
183 else
184 {
185 buf[0]|=(3<<(bit-1));
186 }
187 }
188 else
189 {
190 buf[0]|=(1<<bit);
191 } 175 }
176 } else {
177 buf[0] |= (1 << bit);
192 } 178 }
179 }
193 buf[0] &= ~mask; 180 buf[0] &= ~mask;
194 if (bottom) /* set bottom bit if requested */ 181 if (bottom) /* set bottom bit if requested */
195 buf[bytes-1]|=1; 182 buf[bytes - 1] |= 1;
196 if (!BN_bin2bn(buf,bytes,rnd)) goto err; 183 if (!BN_bin2bn(buf, bytes, rnd))
197 ret=1; 184 goto err;
185 ret = 1;
186
198err: 187err:
199 if (buf != NULL) 188 if (buf != NULL) {
200 { 189 OPENSSL_cleanse(buf, bytes);
201 OPENSSL_cleanse(buf,bytes);
202 free(buf); 190 free(buf);
203 }
204 bn_check_top(rnd);
205 return(ret);
206 } 191 }
192 bn_check_top(rnd);
193 return (ret);
194}
207 195
208int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) 196int
209 { 197BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
198{
210 return bnrand(0, rnd, bits, top, bottom); 199 return bnrand(0, rnd, bits, top, bottom);
211 } 200}
212 201
213int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) 202int
214 { 203BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
204{
215 return bnrand(1, rnd, bits, top, bottom); 205 return bnrand(1, rnd, bits, top, bottom);
216 } 206}
217 207
218#if 1 208#if 1
219int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) 209int
220 { 210BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
211{
221 return bnrand(2, rnd, bits, top, bottom); 212 return bnrand(2, rnd, bits, top, bottom);
222 } 213}
223#endif 214#endif
224 215
225 216
226/* random number r: 0 <= r < range */ 217/* random number r: 0 <= r < range */
227static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) 218static int
228 { 219bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
220{
229 int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand; 221 int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
230 int n; 222 int n;
231 int count = 100; 223 int count = 100;
232 224
233 if (range->neg || BN_is_zero(range)) 225 if (range->neg || BN_is_zero(range)) {
234 {
235 BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); 226 BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
236 return 0; 227 return 0;
237 } 228 }
238 229
239 n = BN_num_bits(range); /* n > 0 */ 230 n = BN_num_bits(range); /* n > 0 */
240 231
@@ -242,61 +233,58 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
242 233
243 if (n == 1) 234 if (n == 1)
244 BN_zero(r); 235 BN_zero(r);
245 else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) 236 else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
246 {
247 /* range = 100..._2, 237 /* range = 100..._2,
248 * so 3*range (= 11..._2) is exactly one bit longer than range */ 238 * so 3*range (= 11..._2) is exactly one bit longer than range */
249 do 239 do {
250 { 240 if (!bn_rand(r, n + 1, -1, 0))
251 if (!bn_rand(r, n + 1, -1, 0)) return 0; 241 return 0;
252 /* If r < 3*range, use r := r MOD range 242 /* If r < 3*range, use r := r MOD range
253 * (which is either r, r - range, or r - 2*range). 243 * (which is either r, r - range, or r - 2*range).
254 * Otherwise, iterate once more. 244 * Otherwise, iterate once more.
255 * Since 3*range = 11..._2, each iteration succeeds with 245 * Since 3*range = 11..._2, each iteration succeeds with
256 * probability >= .75. */ 246 * probability >= .75. */
257 if (BN_cmp(r ,range) >= 0) 247 if (BN_cmp(r, range) >= 0) {
258 { 248 if (!BN_sub(r, r, range))
259 if (!BN_sub(r, r, range)) return 0; 249 return 0;
260 if (BN_cmp(r, range) >= 0) 250 if (BN_cmp(r, range) >= 0)
261 if (!BN_sub(r, r, range)) return 0; 251 if (!BN_sub(r, r, range))
262 } 252 return 0;
253 }
263 254
264 if (!--count) 255 if (!--count) {
265 { 256 BNerr(BN_F_BN_RAND_RANGE,
266 BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); 257 BN_R_TOO_MANY_ITERATIONS);
267 return 0; 258 return 0;
268 }
269
270 } 259 }
271 while (BN_cmp(r, range) >= 0); 260
272 } 261 } while (BN_cmp(r, range) >= 0);
273 else 262 } else {
274 { 263 do {
275 do
276 {
277 /* range = 11..._2 or range = 101..._2 */ 264 /* range = 11..._2 or range = 101..._2 */
278 if (!bn_rand(r, n, -1, 0)) return 0; 265 if (!bn_rand(r, n, -1, 0))
266 return 0;
279 267
280 if (!--count) 268 if (!--count) {
281 { 269 BNerr(BN_F_BN_RAND_RANGE,
282 BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); 270 BN_R_TOO_MANY_ITERATIONS);
283 return 0; 271 return 0;
284 }
285 } 272 }
286 while (BN_cmp(r, range) >= 0); 273 } while (BN_cmp(r, range) >= 0);
287 } 274 }
288 275
289 bn_check_top(r); 276 bn_check_top(r);
290 return 1; 277 return 1;
291 } 278}
292
293 279
294int BN_rand_range(BIGNUM *r, const BIGNUM *range) 280int
295 { 281BN_rand_range(BIGNUM *r, const BIGNUM *range)
282{
296 return bn_rand_range(0, r, range); 283 return bn_rand_range(0, r, range);
297 } 284}
298 285
299int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) 286int
300 { 287BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
288{
301 return bn_rand_range(1, r, range); 289 return bn_rand_range(1, r, range);
302 } 290}
diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c
index 0f808fca64..31fe4eb897 100644
--- a/src/lib/libcrypto/bn/bn_recp.c
+++ b/src/lib/libcrypto/bn/bn_recp.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -60,99 +60,110 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "bn_lcl.h" 61#include "bn_lcl.h"
62 62
63void BN_RECP_CTX_init(BN_RECP_CTX *recp) 63void
64 { 64BN_RECP_CTX_init(BN_RECP_CTX *recp)
65{
65 BN_init(&(recp->N)); 66 BN_init(&(recp->N));
66 BN_init(&(recp->Nr)); 67 BN_init(&(recp->Nr));
67 recp->num_bits=0; 68 recp->num_bits = 0;
68 recp->flags=0; 69 recp->flags = 0;
69 } 70}
70 71
71BN_RECP_CTX *BN_RECP_CTX_new(void) 72BN_RECP_CTX *
72 { 73BN_RECP_CTX_new(void)
74{
73 BN_RECP_CTX *ret; 75 BN_RECP_CTX *ret;
74 76
75 if ((ret=(BN_RECP_CTX *)malloc(sizeof(BN_RECP_CTX))) == NULL) 77 if ((ret = (BN_RECP_CTX *)malloc(sizeof(BN_RECP_CTX))) == NULL)
76 return(NULL); 78 return (NULL);
77 79
78 BN_RECP_CTX_init(ret); 80 BN_RECP_CTX_init(ret);
79 ret->flags=BN_FLG_MALLOCED; 81 ret->flags = BN_FLG_MALLOCED;
80 return(ret); 82 return (ret);
81 } 83}
82 84
83void BN_RECP_CTX_free(BN_RECP_CTX *recp) 85void
84 { 86BN_RECP_CTX_free(BN_RECP_CTX *recp)
85 if(recp == NULL) 87{
86 return; 88 if (recp == NULL)
89 return;
87 90
88 BN_free(&(recp->N)); 91 BN_free(&(recp->N));
89 BN_free(&(recp->Nr)); 92 BN_free(&(recp->Nr));
90 if (recp->flags & BN_FLG_MALLOCED) 93 if (recp->flags & BN_FLG_MALLOCED)
91 free(recp); 94 free(recp);
92 } 95}
93 96
94int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx) 97int
95 { 98BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
96 if (!BN_copy(&(recp->N),d)) return 0; 99{
100 if (!BN_copy(&(recp->N), d))
101 return 0;
97 BN_zero(&(recp->Nr)); 102 BN_zero(&(recp->Nr));
98 recp->num_bits=BN_num_bits(d); 103 recp->num_bits = BN_num_bits(d);
99 recp->shift=0; 104 recp->shift = 0;
100 return(1); 105 return (1);
101 } 106}
102 107
103int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, 108int
104 BN_RECP_CTX *recp, BN_CTX *ctx) 109BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
105 { 110 BN_RECP_CTX *recp, BN_CTX *ctx)
106 int ret=0; 111{
112 int ret = 0;
107 BIGNUM *a; 113 BIGNUM *a;
108 const BIGNUM *ca; 114 const BIGNUM *ca;
109 115
110 BN_CTX_start(ctx); 116 BN_CTX_start(ctx);
111 if ((a = BN_CTX_get(ctx)) == NULL) goto err; 117 if ((a = BN_CTX_get(ctx)) == NULL)
112 if (y != NULL) 118 goto err;
113 { 119 if (y != NULL) {
114 if (x == y) 120 if (x == y) {
115 { if (!BN_sqr(a,x,ctx)) goto err; } 121 if (!BN_sqr(a, x, ctx))
116 else 122 goto err;
117 { if (!BN_mul(a,x,y,ctx)) goto err; } 123 } else {
118 ca = a; 124 if (!BN_mul(a, x, y, ctx))
125 goto err;
119 } 126 }
120 else 127 ca = a;
121 ca=x; /* Just do the mod */ 128 } else
129 ca = x; /* Just do the mod */
130
131 ret = BN_div_recp(NULL, r, ca, recp, ctx);
122 132
123 ret = BN_div_recp(NULL,r,ca,recp,ctx);
124err: 133err:
125 BN_CTX_end(ctx); 134 BN_CTX_end(ctx);
126 bn_check_top(r); 135 bn_check_top(r);
127 return(ret); 136 return (ret);
128 } 137}
129 138
130int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, 139int
131 BN_RECP_CTX *recp, BN_CTX *ctx) 140BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
132 { 141 BN_CTX *ctx)
133 int i,j,ret=0; 142{
134 BIGNUM *a,*b,*d,*r; 143 int i, j, ret = 0;
144 BIGNUM *a, *b, *d, *r;
135 145
136 BN_CTX_start(ctx); 146 BN_CTX_start(ctx);
137 a=BN_CTX_get(ctx); 147 a = BN_CTX_get(ctx);
138 b=BN_CTX_get(ctx); 148 b = BN_CTX_get(ctx);
139 if (dv != NULL) 149 if (dv != NULL)
140 d=dv; 150 d = dv;
141 else 151 else
142 d=BN_CTX_get(ctx); 152 d = BN_CTX_get(ctx);
143 if (rem != NULL) 153 if (rem != NULL)
144 r=rem; 154 r = rem;
145 else 155 else
146 r=BN_CTX_get(ctx); 156 r = BN_CTX_get(ctx);
147 if (a == NULL || b == NULL || d == NULL || r == NULL) goto err; 157 if (a == NULL || b == NULL || d == NULL || r == NULL)
158 goto err;
148 159
149 if (BN_ucmp(m,&(recp->N)) < 0) 160 if (BN_ucmp(m, &(recp->N)) < 0) {
150 {
151 BN_zero(d); 161 BN_zero(d);
152 if (!BN_copy(r,m)) return 0; 162 if (!BN_copy(r, m))
163 return 0;
153 BN_CTX_end(ctx); 164 BN_CTX_end(ctx);
154 return(1); 165 return (1);
155 } 166 }
156 167
157 /* We want the remainder 168 /* We want the remainder
158 * Given input of ABCDEF / ab 169 * Given input of ABCDEF / ab
@@ -161,74 +172,86 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
161 */ 172 */
162 173
163 /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */ 174 /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
164 i=BN_num_bits(m); 175 i = BN_num_bits(m);
165 j=recp->num_bits<<1; 176 j = recp->num_bits << 1;
166 if (j>i) i=j; 177 if (j > i)
178 i = j;
167 179
168 /* Nr := round(2^i / N) */ 180 /* Nr := round(2^i / N) */
169 if (i != recp->shift) 181 if (i != recp->shift)
170 recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N), 182 recp->shift = BN_reciprocal(&(recp->Nr), &(recp->N), i, ctx); /* BN_reciprocal returns i, or -1 for an error */
171 i,ctx); /* BN_reciprocal returns i, or -1 for an error */ 183 if (recp->shift == -1)
172 if (recp->shift == -1) goto err; 184 goto err;
173 185
174 /* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))| 186 /* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
175 * = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))| 187 * = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
176 * <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)| 188 * <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
177 * = |m/N| 189 * = |m/N|
178 */ 190 */
179 if (!BN_rshift(a,m,recp->num_bits)) goto err; 191 if (!BN_rshift(a, m, recp->num_bits))
180 if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err; 192 goto err;
181 if (!BN_rshift(d,b,i-recp->num_bits)) goto err; 193 if (!BN_mul(b, a,&(recp->Nr), ctx))
182 d->neg=0; 194 goto err;
195 if (!BN_rshift(d, b, i - recp->num_bits))
196 goto err;
197 d->neg = 0;
183 198
184 if (!BN_mul(b,&(recp->N),d,ctx)) goto err; 199 if (!BN_mul(b, &(recp->N), d, ctx))
185 if (!BN_usub(r,m,b)) goto err; 200 goto err;
186 r->neg=0; 201 if (!BN_usub(r, m, b))
202 goto err;
203 r->neg = 0;
187 204
188#if 1 205#if 1
189 j=0; 206 j = 0;
190 while (BN_ucmp(r,&(recp->N)) >= 0) 207 while (BN_ucmp(r, &(recp->N)) >= 0) {
191 { 208 if (j++ > 2) {
192 if (j++ > 2) 209 BNerr(BN_F_BN_DIV_RECP, BN_R_BAD_RECIPROCAL);
193 {
194 BNerr(BN_F_BN_DIV_RECP,BN_R_BAD_RECIPROCAL);
195 goto err; 210 goto err;
196 }
197 if (!BN_usub(r,r,&(recp->N))) goto err;
198 if (!BN_add_word(d,1)) goto err;
199 } 211 }
212 if (!BN_usub(r, r, &(recp->N)))
213 goto err;
214 if (!BN_add_word(d, 1))
215 goto err;
216 }
200#endif 217#endif
201 218
202 r->neg=BN_is_zero(r)?0:m->neg; 219 r->neg = BN_is_zero(r) ? 0 : m->neg;
203 d->neg=m->neg^recp->N.neg; 220 d->neg = m->neg^recp->N.neg;
204 ret=1; 221 ret = 1;
222
205err: 223err:
206 BN_CTX_end(ctx); 224 BN_CTX_end(ctx);
207 bn_check_top(dv); 225 bn_check_top(dv);
208 bn_check_top(rem); 226 bn_check_top(rem);
209 return(ret); 227 return (ret);
210 } 228}
211 229
212/* len is the expected size of the result 230/* len is the expected size of the result
213 * We actually calculate with an extra word of precision, so 231 * We actually calculate with an extra word of precision, so
214 * we can do faster division if the remainder is not required. 232 * we can do faster division if the remainder is not required.
215 */ 233 */
216/* r := 2^len / m */ 234/* r := 2^len / m */
217int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx) 235int
218 { 236BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
219 int ret= -1; 237{
238 int ret = -1;
220 BIGNUM *t; 239 BIGNUM *t;
221 240
222 BN_CTX_start(ctx); 241 BN_CTX_start(ctx);
223 if((t = BN_CTX_get(ctx)) == NULL) goto err; 242 if ((t = BN_CTX_get(ctx)) == NULL)
243 goto err;
224 244
225 if (!BN_set_bit(t,len)) goto err; 245 if (!BN_set_bit(t, len))
246 goto err;
226 247
227 if (!BN_div(r,NULL,t,m,ctx)) goto err; 248 if (!BN_div(r, NULL, t,m, ctx))
249 goto err;
250
251 ret = len;
228 252
229 ret=len;
230err: 253err:
231 bn_check_top(r); 254 bn_check_top(r);
232 BN_CTX_end(ctx); 255 BN_CTX_end(ctx);
233 return(ret); 256 return (ret);
234 } 257}
diff --git a/src/lib/libcrypto/bn/bn_shift.c b/src/lib/libcrypto/bn/bn_shift.c
index a6fca2c424..870a059874 100644
--- a/src/lib/libcrypto/bn/bn_shift.c
+++ b/src/lib/libcrypto/bn/bn_shift.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -60,164 +60,158 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "bn_lcl.h" 61#include "bn_lcl.h"
62 62
63int BN_lshift1(BIGNUM *r, const BIGNUM *a) 63int
64 { 64BN_lshift1(BIGNUM *r, const BIGNUM *a)
65 register BN_ULONG *ap,*rp,t,c; 65{
66 register BN_ULONG *ap, *rp, t, c;
66 int i; 67 int i;
67 68
68 bn_check_top(r); 69 bn_check_top(r);
69 bn_check_top(a); 70 bn_check_top(a);
70 71
71 if (r != a) 72 if (r != a) {
72 { 73 r->neg = a->neg;
73 r->neg=a->neg; 74 if (bn_wexpand(r, a->top + 1) == NULL)
74 if (bn_wexpand(r,a->top+1) == NULL) return(0); 75 return (0);
75 r->top=a->top; 76 r->top = a->top;
76 } 77 } else {
77 else 78 if (bn_wexpand(r, a->top + 1) == NULL)
78 { 79 return (0);
79 if (bn_wexpand(r,a->top+1) == NULL) return(0); 80 }
80 } 81 ap = a->d;
81 ap=a->d; 82 rp = r->d;
82 rp=r->d; 83 c = 0;
83 c=0; 84 for (i = 0; i < a->top; i++) {
84 for (i=0; i<a->top; i++)
85 {
86 t= *(ap++); 85 t= *(ap++);
87 *(rp++)=((t<<1)|c)&BN_MASK2; 86 *(rp++) = ((t << 1) | c) & BN_MASK2;
88 c=(t & BN_TBIT)?1:0; 87 c = (t & BN_TBIT) ? 1 : 0;
89 } 88 }
90 if (c) 89 if (c) {
91 { 90 *rp = 1;
92 *rp=1;
93 r->top++; 91 r->top++;
94 }
95 bn_check_top(r);
96 return(1);
97 } 92 }
93 bn_check_top(r);
94 return (1);
95}
98 96
99int BN_rshift1(BIGNUM *r, const BIGNUM *a) 97int
100 { 98BN_rshift1(BIGNUM *r, const BIGNUM *a)
101 BN_ULONG *ap,*rp,t,c; 99{
102 int i,j; 100 BN_ULONG *ap, *rp, t, c;
101 int i, j;
103 102
104 bn_check_top(r); 103 bn_check_top(r);
105 bn_check_top(a); 104 bn_check_top(a);
106 105
107 if (BN_is_zero(a)) 106 if (BN_is_zero(a)) {
108 {
109 BN_zero(r); 107 BN_zero(r);
110 return(1); 108 return (1);
111 } 109 }
112 i = a->top; 110 i = a->top;
113 ap= a->d; 111 ap = a->d;
114 j = i-(ap[i-1]==1); 112 j = i - (ap[i - 1]==1);
115 if (a != r) 113 if (a != r) {
116 { 114 if (bn_wexpand(r, j) == NULL)
117 if (bn_wexpand(r,j) == NULL) return(0); 115 return (0);
118 r->neg=a->neg; 116 r->neg = a->neg;
119 }
120 rp=r->d;
121 t=ap[--i];
122 c=(t&1)?BN_TBIT:0;
123 if (t>>=1) rp[i]=t;
124 while (i>0)
125 {
126 t=ap[--i];
127 rp[i]=((t>>1)&BN_MASK2)|c;
128 c=(t&1)?BN_TBIT:0;
129 }
130 r->top=j;
131 bn_check_top(r);
132 return(1);
133 } 117 }
118 rp = r->d;
119 t = ap[--i];
120 c = (t & 1) ? BN_TBIT : 0;
121 if (t >>= 1)
122 rp[i] = t;
123 while (i > 0) {
124 t = ap[--i];
125 rp[i] = ((t >> 1) & BN_MASK2) | c;
126 c = (t & 1) ? BN_TBIT : 0;
127 }
128 r->top = j;
129 bn_check_top(r);
130 return (1);
131}
134 132
135int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) 133int
136 { 134BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
137 int i,nw,lb,rb; 135{
138 BN_ULONG *t,*f; 136 int i, nw, lb, rb;
137 BN_ULONG *t, *f;
139 BN_ULONG l; 138 BN_ULONG l;
140 139
141 bn_check_top(r); 140 bn_check_top(r);
142 bn_check_top(a); 141 bn_check_top(a);
143 142
144 r->neg=a->neg; 143 r->neg = a->neg;
145 nw=n/BN_BITS2; 144 nw = n / BN_BITS2;
146 if (bn_wexpand(r,a->top+nw+1) == NULL) return(0); 145 if (bn_wexpand(r, a->top + nw + 1) == NULL)
147 lb=n%BN_BITS2; 146 return (0);
148 rb=BN_BITS2-lb; 147 lb = n % BN_BITS2;
149 f=a->d; 148 rb = BN_BITS2 - lb;
150 t=r->d; 149 f = a->d;
151 t[a->top+nw]=0; 150 t = r->d;
151 t[a->top + nw] = 0;
152 if (lb == 0) 152 if (lb == 0)
153 for (i=a->top-1; i>=0; i--) 153 for (i = a->top - 1; i >= 0; i--)
154 t[nw+i]=f[i]; 154 t[nw + i] = f[i];
155 else 155 else
156 for (i=a->top-1; i>=0; i--) 156 for (i = a->top - 1; i >= 0; i--) {
157 { 157 l = f[i];
158 l=f[i]; 158 t[nw + i + 1] |= (l >> rb) & BN_MASK2;
159 t[nw+i+1]|=(l>>rb)&BN_MASK2; 159 t[nw + i] = (l << lb) & BN_MASK2;
160 t[nw+i]=(l<<lb)&BN_MASK2; 160 }
161 } 161 memset(t, 0, nw * sizeof(t[0]));
162 memset(t,0,nw*sizeof(t[0]));
163/* for (i=0; i<nw; i++) 162/* for (i=0; i<nw; i++)
164 t[i]=0;*/ 163 t[i]=0;*/
165 r->top=a->top+nw+1; 164 r->top = a->top + nw + 1;
166 bn_correct_top(r); 165 bn_correct_top(r);
167 bn_check_top(r); 166 bn_check_top(r);
168 return(1); 167 return (1);
169 } 168}
170 169
171int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) 170int
172 { 171BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
173 int i,j,nw,lb,rb; 172{
174 BN_ULONG *t,*f; 173 int i, j, nw, lb, rb;
175 BN_ULONG l,tmp; 174 BN_ULONG *t, *f;
175 BN_ULONG l, tmp;
176 176
177 bn_check_top(r); 177 bn_check_top(r);
178 bn_check_top(a); 178 bn_check_top(a);
179 179
180 nw=n/BN_BITS2; 180 nw = n / BN_BITS2;
181 rb=n%BN_BITS2; 181 rb = n % BN_BITS2;
182 lb=BN_BITS2-rb; 182 lb = BN_BITS2 - rb;
183 if (nw >= a->top || a->top == 0) 183 if (nw >= a->top || a->top == 0) {
184 {
185 BN_zero(r); 184 BN_zero(r);
186 return(1); 185 return (1);
187 } 186 }
188 i = (BN_num_bits(a)-n+(BN_BITS2-1))/BN_BITS2; 187 i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2;
189 if (r != a) 188 if (r != a) {
190 { 189 r->neg = a->neg;
191 r->neg=a->neg; 190 if (bn_wexpand(r, i) == NULL)
192 if (bn_wexpand(r,i) == NULL) return(0); 191 return (0);
193 } 192 } else {
194 else
195 {
196 if (n == 0) 193 if (n == 0)
197 return 1; /* or the copying loop will go berserk */ 194 return 1; /* or the copying loop will go berserk */
198 } 195 }
199 196
200 f= &(a->d[nw]); 197 f = &(a->d[nw]);
201 t=r->d; 198 t = r->d;
202 j=a->top-nw; 199 j = a->top - nw;
203 r->top=i; 200 r->top = i;
204 201
205 if (rb == 0) 202 if (rb == 0) {
206 { 203 for (i = j; i != 0; i--)
207 for (i=j; i != 0; i--) 204 *(t++) = *(f++);
208 *(t++)= *(f++); 205 } else {
206 l = *(f++);
207 for (i = j - 1; i != 0; i--) {
208 tmp = (l >> rb) & BN_MASK2;
209 l = *(f++);
210 *(t++) = (tmp|(l << lb)) & BN_MASK2;
209 } 211 }
210 else 212 if ((l = (l >> rb) & BN_MASK2))
211 { 213 *(t) = l;
212 l= *(f++);
213 for (i=j-1; i != 0; i--)
214 {
215 tmp =(l>>rb)&BN_MASK2;
216 l= *(f++);
217 *(t++) =(tmp|(l<<lb))&BN_MASK2;
218 }
219 if ((l = (l>>rb)&BN_MASK2)) *(t) = l;
220 }
221 bn_check_top(r);
222 return(1);
223 } 214 }
215 bn_check_top(r);
216 return (1);
217}
diff --git a/src/lib/libcrypto/bn/bn_sqr.c b/src/lib/libcrypto/bn/bn_sqr.c
index 270d0cd348..68ec0a776d 100644
--- a/src/lib/libcrypto/bn/bn_sqr.c
+++ b/src/lib/libcrypto/bn/bn_sqr.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -62,135 +62,130 @@
62 62
63/* r must not be a */ 63/* r must not be a */
64/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */ 64/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */
65int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) 65int
66 { 66BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
67 int max,al; 67{
68 int max, al;
68 int ret = 0; 69 int ret = 0;
69 BIGNUM *tmp,*rr; 70 BIGNUM *tmp, *rr;
70 71
71#ifdef BN_COUNT 72#ifdef BN_COUNT
72 fprintf(stderr,"BN_sqr %d * %d\n",a->top,a->top); 73 fprintf(stderr, "BN_sqr %d * %d\n", a->top, a->top);
73#endif 74#endif
74 bn_check_top(a); 75 bn_check_top(a);
75 76
76 al=a->top; 77 al = a->top;
77 if (al <= 0) 78 if (al <= 0) {
78 { 79 r->top = 0;
79 r->top=0;
80 return 1; 80 return 1;
81 } 81 }
82 82
83 BN_CTX_start(ctx); 83 BN_CTX_start(ctx);
84 rr=(a != r) ? r : BN_CTX_get(ctx); 84 rr = (a != r) ? r : BN_CTX_get(ctx);
85 tmp=BN_CTX_get(ctx); 85 tmp = BN_CTX_get(ctx);
86 if (!rr || !tmp) goto err; 86 if (!rr || !tmp)
87 goto err;
87 88
88 max = 2 * al; /* Non-zero (from above) */ 89 max = 2 * al; /* Non-zero (from above) */
89 if (bn_wexpand(rr,max) == NULL) goto err; 90 if (bn_wexpand(rr, max) == NULL)
91 goto err;
90 92
91 if (al == 4) 93 if (al == 4) {
92 {
93#ifndef BN_SQR_COMBA 94#ifndef BN_SQR_COMBA
94 BN_ULONG t[8]; 95 BN_ULONG t[8];
95 bn_sqr_normal(rr->d,a->d,4,t); 96 bn_sqr_normal(rr->d, a->d, 4, t);
96#else 97#else
97 bn_sqr_comba4(rr->d,a->d); 98 bn_sqr_comba4(rr->d, a->d);
98#endif 99#endif
99 } 100 } else if (al == 8) {
100 else if (al == 8)
101 {
102#ifndef BN_SQR_COMBA 101#ifndef BN_SQR_COMBA
103 BN_ULONG t[16]; 102 BN_ULONG t[16];
104 bn_sqr_normal(rr->d,a->d,8,t); 103 bn_sqr_normal(rr->d, a->d, 8, t);
105#else 104#else
106 bn_sqr_comba8(rr->d,a->d); 105 bn_sqr_comba8(rr->d, a->d);
107#endif 106#endif
108 } 107 } else {
109 else
110 {
111#if defined(BN_RECURSION) 108#if defined(BN_RECURSION)
112 if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) 109 if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) {
113 {
114 BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2]; 110 BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2];
115 bn_sqr_normal(rr->d,a->d,al,t); 111 bn_sqr_normal(rr->d, a->d, al, t);
116 } 112 } else {
117 else 113 int j, k;
118 {
119 int j,k;
120 114
121 j=BN_num_bits_word((BN_ULONG)al); 115 j = BN_num_bits_word((BN_ULONG)al);
122 j=1<<(j-1); 116 j = 1 << (j - 1);
123 k=j+j; 117 k = j + j;
124 if (al == j) 118 if (al == j) {
125 { 119 if (bn_wexpand(tmp, k * 2) == NULL)
126 if (bn_wexpand(tmp,k*2) == NULL) goto err; 120 goto err;
127 bn_sqr_recursive(rr->d,a->d,al,tmp->d); 121 bn_sqr_recursive(rr->d, a->d, al, tmp->d);
128 } 122 } else {
129 else 123 if (bn_wexpand(tmp, max) == NULL)
130 { 124 goto err;
131 if (bn_wexpand(tmp,max) == NULL) goto err; 125 bn_sqr_normal(rr->d, a->d, al, tmp->d);
132 bn_sqr_normal(rr->d,a->d,al,tmp->d);
133 }
134 } 126 }
127 }
135#else 128#else
136 if (bn_wexpand(tmp,max) == NULL) goto err; 129 if (bn_wexpand(tmp, max) == NULL)
137 bn_sqr_normal(rr->d,a->d,al,tmp->d); 130 goto err;
131 bn_sqr_normal(rr->d, a->d, al, tmp->d);
138#endif 132#endif
139 } 133 }
140 134
141 rr->neg=0; 135 rr->neg = 0;
142 /* If the most-significant half of the top word of 'a' is zero, then 136 /* If the most-significant half of the top word of 'a' is zero, then
143 * the square of 'a' will max-1 words. */ 137 * the square of 'a' will max-1 words. */
144 if(a->d[al - 1] == (a->d[al - 1] & BN_MASK2l)) 138 if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
145 rr->top = max - 1; 139 rr->top = max - 1;
146 else 140 else
147 rr->top = max; 141 rr->top = max;
148 if (rr != r) BN_copy(r,rr); 142 if (rr != r)
143 BN_copy(r, rr);
149 ret = 1; 144 ret = 1;
150 err: 145
146err:
151 bn_check_top(rr); 147 bn_check_top(rr);
152 bn_check_top(tmp); 148 bn_check_top(tmp);
153 BN_CTX_end(ctx); 149 BN_CTX_end(ctx);
154 return(ret); 150 return (ret);
155 } 151}
156 152
157/* tmp must have 2*n words */ 153/* tmp must have 2*n words */
158void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp) 154void
159 { 155bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
160 int i,j,max; 156{
157 int i, j, max;
161 const BN_ULONG *ap; 158 const BN_ULONG *ap;
162 BN_ULONG *rp; 159 BN_ULONG *rp;
163 160
164 max=n*2; 161 max = n * 2;
165 ap=a; 162 ap = a;
166 rp=r; 163 rp = r;
167 rp[0]=rp[max-1]=0; 164 rp[0] = rp[max - 1] = 0;
168 rp++; 165 rp++;
169 j=n; 166 j = n;
170 167
171 if (--j > 0) 168 if (--j > 0) {
172 {
173 ap++; 169 ap++;
174 rp[j]=bn_mul_words(rp,ap,j,ap[-1]); 170 rp[j] = bn_mul_words(rp, ap, j, ap[-1]);
175 rp+=2; 171 rp += 2;
176 } 172 }
177 173
178 for (i=n-2; i>0; i--) 174 for (i = n - 2; i > 0; i--) {
179 {
180 j--; 175 j--;
181 ap++; 176 ap++;
182 rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]); 177 rp[j] = bn_mul_add_words(rp, ap, j, ap[-1]);
183 rp+=2; 178 rp += 2;
184 } 179 }
185 180
186 bn_add_words(r,r,r,max); 181 bn_add_words(r, r, r, max);
187 182
188 /* There will not be a carry */ 183 /* There will not be a carry */
189 184
190 bn_sqr_words(tmp,a,n); 185 bn_sqr_words(tmp, a, n);
191 186
192 bn_add_words(r,r,tmp,max); 187 bn_add_words(r, r, tmp, max);
193 } 188}
194 189
195#ifdef BN_RECURSION 190#ifdef BN_RECURSION
196/* r is 2*n words in size, 191/* r is 2*n words in size,
@@ -203,92 +198,87 @@ void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
203 * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) 198 * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
204 * a[1]*b[1] 199 * a[1]*b[1]
205 */ 200 */
206void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) 201void
207 { 202bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
208 int n=n2/2; 203{
209 int zero,c1; 204 int n = n2 / 2;
210 BN_ULONG ln,lo,*p; 205 int zero, c1;
206 BN_ULONG ln, lo, *p;
211 207
212#ifdef BN_COUNT 208#ifdef BN_COUNT
213 fprintf(stderr," bn_sqr_recursive %d * %d\n",n2,n2); 209 fprintf(stderr, " bn_sqr_recursive %d * %d\n", n2, n2);
214#endif 210#endif
215 if (n2 == 4) 211 if (n2 == 4) {
216 {
217#ifndef BN_SQR_COMBA 212#ifndef BN_SQR_COMBA
218 bn_sqr_normal(r,a,4,t); 213 bn_sqr_normal(r, a, 4, t);
219#else 214#else
220 bn_sqr_comba4(r,a); 215 bn_sqr_comba4(r, a);
221#endif 216#endif
222 return; 217 return;
223 } 218 } else if (n2 == 8) {
224 else if (n2 == 8)
225 {
226#ifndef BN_SQR_COMBA 219#ifndef BN_SQR_COMBA
227 bn_sqr_normal(r,a,8,t); 220 bn_sqr_normal(r, a, 8, t);
228#else 221#else
229 bn_sqr_comba8(r,a); 222 bn_sqr_comba8(r, a);
230#endif 223#endif
231 return; 224 return;
232 } 225 }
233 if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) 226 if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) {
234 { 227 bn_sqr_normal(r, a, n2, t);
235 bn_sqr_normal(r,a,n2,t);
236 return; 228 return;
237 } 229 }
238 /* r=(a[0]-a[1])*(a[1]-a[0]) */ 230 /* r=(a[0]-a[1])*(a[1]-a[0]) */
239 c1=bn_cmp_words(a,&(a[n]),n); 231 c1 = bn_cmp_words(a, &(a[n]), n);
240 zero=0; 232 zero = 0;
241 if (c1 > 0) 233 if (c1 > 0)
242 bn_sub_words(t,a,&(a[n]),n); 234 bn_sub_words(t, a, &(a[n]), n);
243 else if (c1 < 0) 235 else if (c1 < 0)
244 bn_sub_words(t,&(a[n]),a,n); 236 bn_sub_words(t, &(a[n]), a, n);
245 else 237 else
246 zero=1; 238 zero = 1;
247 239
248 /* The result will always be negative unless it is zero */ 240 /* The result will always be negative unless it is zero */
249 p= &(t[n2*2]); 241 p = &(t[n2*2]);
250 242
251 if (!zero) 243 if (!zero)
252 bn_sqr_recursive(&(t[n2]),t,n,p); 244 bn_sqr_recursive(&(t[n2]), t, n, p);
253 else 245 else
254 memset(&(t[n2]),0,n2*sizeof(BN_ULONG)); 246 memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
255 bn_sqr_recursive(r,a,n,p); 247 bn_sqr_recursive(r, a, n, p);
256 bn_sqr_recursive(&(r[n2]),&(a[n]),n,p); 248 bn_sqr_recursive(&(r[n2]), &(a[n]), n, p);
257 249
258 /* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero 250 /* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
259 * r[10] holds (a[0]*b[0]) 251 * r[10] holds (a[0]*b[0])
260 * r[32] holds (b[1]*b[1]) 252 * r[32] holds (b[1]*b[1])
261 */ 253 */
262 254
263 c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); 255 c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
264 256
265 /* t[32] is negative */ 257 /* t[32] is negative */
266 c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); 258 c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
267 259
268 /* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1]) 260 /* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
269 * r[10] holds (a[0]*a[0]) 261 * r[10] holds (a[0]*a[0])
270 * r[32] holds (a[1]*a[1]) 262 * r[32] holds (a[1]*a[1])
271 * c1 holds the carry bits 263 * c1 holds the carry bits
272 */ 264 */
273 c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2)); 265 c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
274 if (c1) 266 if (c1) {
275 { 267 p = &(r[n + n2]);
276 p= &(r[n+n2]);
277 lo= *p; 268 lo= *p;
278 ln=(lo+c1)&BN_MASK2; 269 ln = (lo + c1) & BN_MASK2;
279 *p=ln; 270 *p = ln;
280 271
281 /* The overflow will stop before we over write 272 /* The overflow will stop before we over write
282 * words we should not overwrite */ 273 * words we should not overwrite */
283 if (ln < (BN_ULONG)c1) 274 if (ln < (BN_ULONG)c1) {
284 { 275 do {
285 do {
286 p++; 276 p++;
287 lo= *p; 277 lo= *p;
288 ln=(lo+1)&BN_MASK2; 278 ln = (lo + 1) & BN_MASK2;
289 *p=ln; 279 *p = ln;
290 } while (ln == 0); 280 } while (ln == 0);
291 }
292 } 281 }
293 } 282 }
283}
294#endif 284#endif
diff --git a/src/lib/libcrypto/bn/bn_sqrt.c b/src/lib/libcrypto/bn/bn_sqrt.c
index 6beaf9e5e5..89bb067d88 100644
--- a/src/lib/libcrypto/bn/bn_sqrt.c
+++ b/src/lib/libcrypto/bn/bn_sqrt.c
@@ -9,7 +9,7 @@
9 * are met: 9 * are met:
10 * 10 *
11 * 1. Redistributions of source code must retain the above copyright 11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer. 12 * notice, this list of conditions and the following disclaimer.
13 * 13 *
14 * 2. Redistributions in binary form must reproduce the above copyright 14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in 15 * notice, this list of conditions and the following disclaimer in
@@ -59,57 +59,53 @@
59#include "bn_lcl.h" 59#include "bn_lcl.h"
60 60
61 61
62BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) 62BIGNUM *
63BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
63/* Returns 'ret' such that 64/* Returns 'ret' such that
64 * ret^2 == a (mod p), 65 * ret^2 == a (mod p),
65 * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course 66 * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course
66 * in Algebraic Computational Number Theory", algorithm 1.5.1). 67 * in Algebraic Computational Number Theory", algorithm 1.5.1).
67 * 'p' must be prime! 68 * 'p' must be prime!
68 */ 69 */
69 { 70{
70 BIGNUM *ret = in; 71 BIGNUM *ret = in;
71 int err = 1; 72 int err = 1;
72 int r; 73 int r;
73 BIGNUM *A, *b, *q, *t, *x, *y; 74 BIGNUM *A, *b, *q, *t, *x, *y;
74 int e, i, j; 75 int e, i, j;
75 76
76 if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) 77 if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) {
77 { 78 if (BN_abs_is_word(p, 2)) {
78 if (BN_abs_is_word(p, 2))
79 {
80 if (ret == NULL) 79 if (ret == NULL)
81 ret = BN_new(); 80 ret = BN_new();
82 if (ret == NULL) 81 if (ret == NULL)
83 goto end; 82 goto end;
84 if (!BN_set_word(ret, BN_is_bit_set(a, 0))) 83 if (!BN_set_word(ret, BN_is_bit_set(a, 0))) {
85 {
86 if (ret != in) 84 if (ret != in)
87 BN_free(ret); 85 BN_free(ret);
88 return NULL; 86 return NULL;
89 } 87 }
90 bn_check_top(ret); 88 bn_check_top(ret);
91 return ret; 89 return ret;
92 } 90 }
93 91
94 BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); 92 BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
95 return(NULL); 93 return (NULL);
96 } 94 }
97 95
98 if (BN_is_zero(a) || BN_is_one(a)) 96 if (BN_is_zero(a) || BN_is_one(a)) {
99 {
100 if (ret == NULL) 97 if (ret == NULL)
101 ret = BN_new(); 98 ret = BN_new();
102 if (ret == NULL) 99 if (ret == NULL)
103 goto end; 100 goto end;
104 if (!BN_set_word(ret, BN_is_one(a))) 101 if (!BN_set_word(ret, BN_is_one(a))) {
105 {
106 if (ret != in) 102 if (ret != in)
107 BN_free(ret); 103 BN_free(ret);
108 return NULL; 104 return NULL;
109 } 105 }
110 bn_check_top(ret); 106 bn_check_top(ret);
111 return ret; 107 return ret;
112 } 108 }
113 109
114 BN_CTX_start(ctx); 110 BN_CTX_start(ctx);
115 A = BN_CTX_get(ctx); 111 A = BN_CTX_get(ctx);
@@ -118,14 +114,17 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
118 t = BN_CTX_get(ctx); 114 t = BN_CTX_get(ctx);
119 x = BN_CTX_get(ctx); 115 x = BN_CTX_get(ctx);
120 y = BN_CTX_get(ctx); 116 y = BN_CTX_get(ctx);
121 if (y == NULL) goto end; 117 if (y == NULL)
122 118 goto end;
119
123 if (ret == NULL) 120 if (ret == NULL)
124 ret = BN_new(); 121 ret = BN_new();
125 if (ret == NULL) goto end; 122 if (ret == NULL)
123 goto end;
126 124
127 /* A = a mod p */ 125 /* A = a mod p */
128 if (!BN_nnmod(A, a, p, ctx)) goto end; 126 if (!BN_nnmod(A, a, p, ctx))
127 goto end;
129 128
130 /* now write |p| - 1 as 2^e*q where q is odd */ 129 /* now write |p| - 1 as 2^e*q where q is odd */
131 e = 1; 130 e = 1;
@@ -133,8 +132,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
133 e++; 132 e++;
134 /* we'll set q later (if needed) */ 133 /* we'll set q later (if needed) */
135 134
136 if (e == 1) 135 if (e == 1) {
137 {
138 /* The easy case: (|p|-1)/2 is odd, so 2 has an inverse 136 /* The easy case: (|p|-1)/2 is odd, so 2 has an inverse
139 * modulo (|p|-1)/2, and square roots can be computed 137 * modulo (|p|-1)/2, and square roots can be computed
140 * directly by modular exponentiation. 138 * directly by modular exponentiation.
@@ -142,16 +140,18 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
142 * 2 * (|p|+1)/4 == 1 (mod (|p|-1)/2), 140 * 2 * (|p|+1)/4 == 1 (mod (|p|-1)/2),
143 * so we can use exponent (|p|+1)/4, i.e. (|p|-3)/4 + 1. 141 * so we can use exponent (|p|+1)/4, i.e. (|p|-3)/4 + 1.
144 */ 142 */
145 if (!BN_rshift(q, p, 2)) goto end; 143 if (!BN_rshift(q, p, 2))
144 goto end;
146 q->neg = 0; 145 q->neg = 0;
147 if (!BN_add_word(q, 1)) goto end; 146 if (!BN_add_word(q, 1))
148 if (!BN_mod_exp(ret, A, q, p, ctx)) goto end; 147 goto end;
148 if (!BN_mod_exp(ret, A, q, p, ctx))
149 goto end;
149 err = 0; 150 err = 0;
150 goto vrfy; 151 goto vrfy;
151 } 152 }
152 153
153 if (e == 2) 154 if (e == 2) {
154 {
155 /* |p| == 5 (mod 8) 155 /* |p| == 5 (mod 8)
156 * 156 *
157 * In this case 2 is always a non-square since 157 * In this case 2 is always a non-square since
@@ -173,74 +173,81 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
173 * = a*(-i)*i 173 * = a*(-i)*i
174 * = a. 174 * = a.
175 * 175 *
176 * (This is due to A.O.L. Atkin, 176 * (This is due to A.O.L. Atkin,
177 * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>, 177 * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
178 * November 1992.) 178 * November 1992.)
179 */ 179 */
180 180
181 /* t := 2*a */ 181 /* t := 2*a */
182 if (!BN_mod_lshift1_quick(t, A, p)) goto end; 182 if (!BN_mod_lshift1_quick(t, A, p))
183 goto end;
183 184
184 /* b := (2*a)^((|p|-5)/8) */ 185 /* b := (2*a)^((|p|-5)/8) */
185 if (!BN_rshift(q, p, 3)) goto end; 186 if (!BN_rshift(q, p, 3))
187 goto end;
186 q->neg = 0; 188 q->neg = 0;
187 if (!BN_mod_exp(b, t, q, p, ctx)) goto end; 189 if (!BN_mod_exp(b, t, q, p, ctx))
190 goto end;
188 191
189 /* y := b^2 */ 192 /* y := b^2 */
190 if (!BN_mod_sqr(y, b, p, ctx)) goto end; 193 if (!BN_mod_sqr(y, b, p, ctx))
194 goto end;
191 195
192 /* t := (2*a)*b^2 - 1*/ 196 /* t := (2*a)*b^2 - 1*/
193 if (!BN_mod_mul(t, t, y, p, ctx)) goto end; 197 if (!BN_mod_mul(t, t, y, p, ctx))
194 if (!BN_sub_word(t, 1)) goto end; 198 goto end;
199 if (!BN_sub_word(t, 1))
200 goto end;
195 201
196 /* x = a*b*t */ 202 /* x = a*b*t */
197 if (!BN_mod_mul(x, A, b, p, ctx)) goto end; 203 if (!BN_mod_mul(x, A, b, p, ctx))
198 if (!BN_mod_mul(x, x, t, p, ctx)) goto end; 204 goto end;
205 if (!BN_mod_mul(x, x, t, p, ctx))
206 goto end;
199 207
200 if (!BN_copy(ret, x)) goto end; 208 if (!BN_copy(ret, x))
209 goto end;
201 err = 0; 210 err = 0;
202 goto vrfy; 211 goto vrfy;
203 } 212 }
204 213
205 /* e > 2, so we really have to use the Tonelli/Shanks algorithm. 214 /* e > 2, so we really have to use the Tonelli/Shanks algorithm.
206 * First, find some y that is not a square. */ 215 * First, find some y that is not a square. */
207 if (!BN_copy(q, p)) goto end; /* use 'q' as temp */ 216 if (!BN_copy(q, p)) goto end; /* use 'q' as temp */
208 q->neg = 0; 217 q->neg = 0;
209 i = 2; 218 i = 2;
210 do 219 do {
211 {
212 /* For efficiency, try small numbers first; 220 /* For efficiency, try small numbers first;
213 * if this fails, try random numbers. 221 * if this fails, try random numbers.
214 */ 222 */
215 if (i < 22) 223 if (i < 22) {
216 { 224 if (!BN_set_word(y, i))
217 if (!BN_set_word(y, i)) goto end; 225 goto end;
226 } else {
227 if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0))
228 goto end;
229 if (BN_ucmp(y, p) >= 0) {
230 if (!(p->neg ? BN_add : BN_sub)(y, y, p))
231 goto end;
218 } 232 }
219 else
220 {
221 if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) goto end;
222 if (BN_ucmp(y, p) >= 0)
223 {
224 if (!(p->neg ? BN_add : BN_sub)(y, y, p)) goto end;
225 }
226 /* now 0 <= y < |p| */ 233 /* now 0 <= y < |p| */
227 if (BN_is_zero(y)) 234 if (BN_is_zero(y))
228 if (!BN_set_word(y, i)) goto end; 235 if (!BN_set_word(y, i))
229 } 236 goto end;
230 237 }
238
231 r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */ 239 r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
232 if (r < -1) goto end; 240 if (r < -1)
233 if (r == 0) 241 goto end;
234 { 242 if (r == 0) {
235 /* m divides p */ 243 /* m divides p */
236 BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); 244 BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
237 goto end; 245 goto end;
238 }
239 } 246 }
247 }
240 while (r == 1 && ++i < 82); 248 while (r == 1 && ++i < 82);
241 249
242 if (r != -1) 250 if (r != -1) {
243 {
244 /* Many rounds and still no non-square -- this is more likely 251 /* Many rounds and still no non-square -- this is more likely
245 * a bug than just bad luck. 252 * a bug than just bad luck.
246 * Even if p is not prime, we should have found some y 253 * Even if p is not prime, we should have found some y
@@ -248,19 +255,20 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
248 */ 255 */
249 BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS); 256 BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
250 goto end; 257 goto end;
251 } 258 }
252 259
253 /* Here's our actual 'q': */ 260 /* Here's our actual 'q': */
254 if (!BN_rshift(q, q, e)) goto end; 261 if (!BN_rshift(q, q, e))
262 goto end;
255 263
256 /* Now that we have some non-square, we can find an element 264 /* Now that we have some non-square, we can find an element
257 * of order 2^e by computing its q'th power. */ 265 * of order 2^e by computing its q'th power. */
258 if (!BN_mod_exp(y, y, q, p, ctx)) goto end; 266 if (!BN_mod_exp(y, y, q, p, ctx))
259 if (BN_is_one(y)) 267 goto end;
260 { 268 if (BN_is_one(y)) {
261 BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); 269 BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
262 goto end; 270 goto end;
263 } 271 }
264 272
265 /* Now we know that (if p is indeed prime) there is an integer 273 /* Now we know that (if p is indeed prime) there is an integer
266 * k, 0 <= k < 2^e, such that 274 * k, 0 <= k < 2^e, such that
@@ -279,45 +287,45 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
279 * 287 *
280 * so it is the square root that we are looking for. 288 * so it is the square root that we are looking for.
281 */ 289 */
282 290
283 /* t := (q-1)/2 (note that q is odd) */ 291 /* t := (q-1)/2 (note that q is odd) */
284 if (!BN_rshift1(t, q)) goto end; 292 if (!BN_rshift1(t, q))
285 293 goto end;
294
286 /* x := a^((q-1)/2) */ 295 /* x := a^((q-1)/2) */
287 if (BN_is_zero(t)) /* special case: p = 2^e + 1 */ 296 if (BN_is_zero(t)) /* special case: p = 2^e + 1 */
288 { 297 {
289 if (!BN_nnmod(t, A, p, ctx)) goto end; 298 if (!BN_nnmod(t, A, p, ctx))
290 if (BN_is_zero(t)) 299 goto end;
291 { 300 if (BN_is_zero(t)) {
292 /* special case: a == 0 (mod p) */ 301 /* special case: a == 0 (mod p) */
293 BN_zero(ret); 302 BN_zero(ret);
294 err = 0; 303 err = 0;
295 goto end; 304 goto end;
296 } 305 } else if (!BN_one(x))
297 else 306 goto end;
298 if (!BN_one(x)) goto end; 307 } else {
299 } 308 if (!BN_mod_exp(x, A, t, p, ctx))
300 else 309 goto end;
301 { 310 if (BN_is_zero(x)) {
302 if (!BN_mod_exp(x, A, t, p, ctx)) goto end;
303 if (BN_is_zero(x))
304 {
305 /* special case: a == 0 (mod p) */ 311 /* special case: a == 0 (mod p) */
306 BN_zero(ret); 312 BN_zero(ret);
307 err = 0; 313 err = 0;
308 goto end; 314 goto end;
309 }
310 } 315 }
316 }
311 317
312 /* b := a*x^2 (= a^q) */ 318 /* b := a*x^2 (= a^q) */
313 if (!BN_mod_sqr(b, x, p, ctx)) goto end; 319 if (!BN_mod_sqr(b, x, p, ctx))
314 if (!BN_mod_mul(b, b, A, p, ctx)) goto end; 320 goto end;
315 321 if (!BN_mod_mul(b, b, A, p, ctx))
322 goto end;
323
316 /* x := a*x (= a^((q+1)/2)) */ 324 /* x := a*x (= a^((q+1)/2)) */
317 if (!BN_mod_mul(x, x, A, p, ctx)) goto end; 325 if (!BN_mod_mul(x, x, A, p, ctx))
326 goto end;
318 327
319 while (1) 328 while (1) {
320 {
321 /* Now b is a^q * y^k for some even k (0 <= k < 2^E 329 /* Now b is a^q * y^k for some even k (0 <= k < 2^E
322 * where E refers to the original value of e, which we 330 * where E refers to the original value of e, which we
323 * don't keep in a variable), and x is a^((q+1)/2) * y^(k/2). 331 * don't keep in a variable), and x is a^((q+1)/2) * y^(k/2).
@@ -327,67 +335,67 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
327 * b^2^(e-1) = 1. 335 * b^2^(e-1) = 1.
328 */ 336 */
329 337
330 if (BN_is_one(b)) 338 if (BN_is_one(b)) {
331 { 339 if (!BN_copy(ret, x))
332 if (!BN_copy(ret, x)) goto end; 340 goto end;
333 err = 0; 341 err = 0;
334 goto vrfy; 342 goto vrfy;
335 } 343 }
336 344
337 345
338 /* find smallest i such that b^(2^i) = 1 */ 346 /* find smallest i such that b^(2^i) = 1 */
339 i = 1; 347 i = 1;
340 if (!BN_mod_sqr(t, b, p, ctx)) goto end; 348 if (!BN_mod_sqr(t, b, p, ctx))
341 while (!BN_is_one(t)) 349 goto end;
342 { 350 while (!BN_is_one(t)) {
343 i++; 351 i++;
344 if (i == e) 352 if (i == e) {
345 {
346 BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); 353 BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
347 goto end; 354 goto end;
348 }
349 if (!BN_mod_mul(t, t, t, p, ctx)) goto end;
350 } 355 }
351 356 if (!BN_mod_mul(t, t, t, p, ctx))
357 goto end;
358 }
359
352 360
353 /* t := y^2^(e - i - 1) */ 361 /* t := y^2^(e - i - 1) */
354 if (!BN_copy(t, y)) goto end; 362 if (!BN_copy(t, y))
355 for (j = e - i - 1; j > 0; j--) 363 goto end;
356 { 364 for (j = e - i - 1; j > 0; j--) {
357 if (!BN_mod_sqr(t, t, p, ctx)) goto end; 365 if (!BN_mod_sqr(t, t, p, ctx))
358 } 366 goto end;
359 if (!BN_mod_mul(y, t, t, p, ctx)) goto end;
360 if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
361 if (!BN_mod_mul(b, b, y, p, ctx)) goto end;
362 e = i;
363 } 367 }
368 if (!BN_mod_mul(y, t, t, p, ctx))
369 goto end;
370 if (!BN_mod_mul(x, x, t, p, ctx))
371 goto end;
372 if (!BN_mod_mul(b, b, y, p, ctx))
373 goto end;
374 e = i;
375 }
364 376
365 vrfy: 377vrfy:
366 if (!err) 378 if (!err) {
367 {
368 /* verify the result -- the input might have been not a square 379 /* verify the result -- the input might have been not a square
369 * (test added in 0.9.8) */ 380 * (test added in 0.9.8) */
370 381
371 if (!BN_mod_sqr(x, ret, p, ctx)) 382 if (!BN_mod_sqr(x, ret, p, ctx))
372 err = 1; 383 err = 1;
373 384
374 if (!err && 0 != BN_cmp(x, A)) 385 if (!err && 0 != BN_cmp(x, A)) {
375 {
376 BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); 386 BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
377 err = 1; 387 err = 1;
378 }
379 } 388 }
389 }
380 390
381 end: 391end:
382 if (err) 392 if (err) {
383 { 393 if (ret != NULL && ret != in) {
384 if (ret != NULL && ret != in)
385 {
386 BN_clear_free(ret); 394 BN_clear_free(ret);
387 }
388 ret = NULL;
389 } 395 }
396 ret = NULL;
397 }
390 BN_CTX_end(ctx); 398 BN_CTX_end(ctx);
391 bn_check_top(ret); 399 bn_check_top(ret);
392 return ret; 400 return ret;
393 } 401}
diff --git a/src/lib/libcrypto/bn/bn_word.c b/src/lib/libcrypto/bn/bn_word.c
index de83a15b99..cda79cf8b7 100644
--- a/src/lib/libcrypto/bn/bn_word.c
+++ b/src/lib/libcrypto/bn/bn_word.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -60,35 +60,37 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "bn_lcl.h" 61#include "bn_lcl.h"
62 62
63BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) 63BN_ULONG
64 { 64BN_mod_word(const BIGNUM *a, BN_ULONG w)
65{
65#ifndef BN_LLONG 66#ifndef BN_LLONG
66 BN_ULONG ret=0; 67 BN_ULONG ret = 0;
67#else 68#else
68 BN_ULLONG ret=0; 69 BN_ULLONG ret = 0;
69#endif 70#endif
70 int i; 71 int i;
71 72
72 if (w == 0) 73 if (w == 0)
73 return (BN_ULONG)-1; 74 return (BN_ULONG) - 1;
74 75
75 bn_check_top(a); 76 bn_check_top(a);
76 w&=BN_MASK2; 77 w &= BN_MASK2;
77 for (i=a->top-1; i>=0; i--) 78 for (i = a->top - 1; i >= 0; i--) {
78 {
79#ifndef BN_LLONG 79#ifndef BN_LLONG
80 ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%w; 80 ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) &
81 ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%w; 81 BN_MASK2l)) % w;
82 ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w;
82#else 83#else
83 ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])% 84 ret = (BN_ULLONG)(((ret << (BN_ULLONG)BN_BITS2) |
84 (BN_ULLONG)w); 85 a->d[i]) % (BN_ULLONG)w);
85#endif 86#endif
86 }
87 return((BN_ULONG)ret);
88 } 87 }
88 return ((BN_ULONG)ret);
89}
89 90
90BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) 91BN_ULONG
91 { 92BN_div_word(BIGNUM *a, BN_ULONG w)
93{
92 BN_ULONG ret = 0; 94 BN_ULONG ret = 0;
93 int i, j; 95 int i, j;
94 96
@@ -97,7 +99,7 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
97 99
98 if (!w) 100 if (!w)
99 /* actually this an error (division by zero) */ 101 /* actually this an error (division by zero) */
100 return (BN_ULONG)-1; 102 return (BN_ULONG) - 1;
101 if (a->top == 0) 103 if (a->top == 0)
102 return 0; 104 return 0;
103 105
@@ -105,26 +107,26 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
105 j = BN_BITS2 - BN_num_bits_word(w); 107 j = BN_BITS2 - BN_num_bits_word(w);
106 w <<= j; 108 w <<= j;
107 if (!BN_lshift(a, a, j)) 109 if (!BN_lshift(a, a, j))
108 return (BN_ULONG)-1; 110 return (BN_ULONG) - 1;
109 111
110 for (i=a->top-1; i>=0; i--) 112 for (i = a->top - 1; i >= 0; i--) {
111 { 113 BN_ULONG l, d;
112 BN_ULONG l,d; 114
113 115 l = a->d[i];
114 l=a->d[i]; 116 d = bn_div_words(ret, l, w);
115 d=bn_div_words(ret,l,w); 117 ret = (l - ((d*w)&BN_MASK2))&BN_MASK2;
116 ret=(l-((d*w)&BN_MASK2))&BN_MASK2; 118 a->d[i] = d;
117 a->d[i]=d; 119 }
118 } 120 if ((a->top > 0) && (a->d[a->top - 1] == 0))
119 if ((a->top > 0) && (a->d[a->top-1] == 0))
120 a->top--; 121 a->top--;
121 ret >>= j; 122 ret >>= j;
122 bn_check_top(a); 123 bn_check_top(a);
123 return(ret); 124 return (ret);
124 } 125}
125 126
126int BN_add_word(BIGNUM *a, BN_ULONG w) 127int
127 { 128BN_add_word(BIGNUM *a, BN_ULONG w)
129{
128 BN_ULONG l; 130 BN_ULONG l;
129 int i; 131 int i;
130 132
@@ -132,107 +134,100 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
132 w &= BN_MASK2; 134 w &= BN_MASK2;
133 135
134 /* degenerate case: w is zero */ 136 /* degenerate case: w is zero */
135 if (!w) return 1; 137 if (!w)
138 return 1;
136 /* degenerate case: a is zero */ 139 /* degenerate case: a is zero */
137 if(BN_is_zero(a)) return BN_set_word(a, w); 140 if (BN_is_zero(a))
141 return BN_set_word(a, w);
138 /* handle 'a' when negative */ 142 /* handle 'a' when negative */
139 if (a->neg) 143 if (a->neg) {
140 { 144 a->neg = 0;
141 a->neg=0; 145 i = BN_sub_word(a, w);
142 i=BN_sub_word(a,w);
143 if (!BN_is_zero(a)) 146 if (!BN_is_zero(a))
144 a->neg=!(a->neg); 147 a->neg=!(a->neg);
145 return(i); 148 return (i);
146 } 149 }
147 for (i=0;w!=0 && i<a->top;i++) 150 for (i = 0; w != 0 && i < a->top; i++) {
148 { 151 a->d[i] = l = (a->d[i] + w) & BN_MASK2;
149 a->d[i] = l = (a->d[i]+w)&BN_MASK2; 152 w = (w > l) ? 1 : 0;
150 w = (w>l)?1:0; 153 }
151 } 154 if (w && i == a->top) {
152 if (w && i==a->top) 155 if (bn_wexpand(a, a->top + 1) == NULL)
153 { 156 return 0;
154 if (bn_wexpand(a,a->top+1) == NULL) return 0;
155 a->top++; 157 a->top++;
156 a->d[i]=w; 158 a->d[i] = w;
157 }
158 bn_check_top(a);
159 return(1);
160 } 159 }
160 bn_check_top(a);
161 return (1);
162}
161 163
162int BN_sub_word(BIGNUM *a, BN_ULONG w) 164int
163 { 165BN_sub_word(BIGNUM *a, BN_ULONG w)
166{
164 int i; 167 int i;
165 168
166 bn_check_top(a); 169 bn_check_top(a);
167 w &= BN_MASK2; 170 w &= BN_MASK2;
168 171
169 /* degenerate case: w is zero */ 172 /* degenerate case: w is zero */
170 if (!w) return 1; 173 if (!w)
174 return 1;
171 /* degenerate case: a is zero */ 175 /* degenerate case: a is zero */
172 if(BN_is_zero(a)) 176 if (BN_is_zero(a)) {
173 { 177 i = BN_set_word(a, w);
174 i = BN_set_word(a,w);
175 if (i != 0) 178 if (i != 0)
176 BN_set_negative(a, 1); 179 BN_set_negative(a, 1);
177 return i; 180 return i;
178 } 181 }
179 /* handle 'a' when negative */ 182 /* handle 'a' when negative */
180 if (a->neg) 183 if (a->neg) {
181 { 184 a->neg = 0;
182 a->neg=0; 185 i = BN_add_word(a, w);
183 i=BN_add_word(a,w); 186 a->neg = 1;
184 a->neg=1; 187 return (i);
185 return(i); 188 }
186 }
187 189
188 if ((a->top == 1) && (a->d[0] < w)) 190 if ((a->top == 1) && (a->d[0] < w)) {
189 { 191 a->d[0] = w - a->d[0];
190 a->d[0]=w-a->d[0]; 192 a->neg = 1;
191 a->neg=1; 193 return (1);
192 return(1); 194 }
193 } 195 i = 0;
194 i=0; 196 for (;;) {
195 for (;;) 197 if (a->d[i] >= w) {
196 { 198 a->d[i] -= w;
197 if (a->d[i] >= w)
198 {
199 a->d[i]-=w;
200 break; 199 break;
201 } 200 } else {
202 else 201 a->d[i] = (a->d[i] - w) & BN_MASK2;
203 {
204 a->d[i]=(a->d[i]-w)&BN_MASK2;
205 i++; 202 i++;
206 w=1; 203 w = 1;
207 }
208 } 204 }
209 if ((a->d[i] == 0) && (i == (a->top-1))) 205 }
206 if ((a->d[i] == 0) && (i == (a->top - 1)))
210 a->top--; 207 a->top--;
211 bn_check_top(a); 208 bn_check_top(a);
212 return(1); 209 return (1);
213 } 210}
214 211
215int BN_mul_word(BIGNUM *a, BN_ULONG w) 212int
216 { 213BN_mul_word(BIGNUM *a, BN_ULONG w)
214{
217 BN_ULONG ll; 215 BN_ULONG ll;
218 216
219 bn_check_top(a); 217 bn_check_top(a);
220 w&=BN_MASK2; 218 w &= BN_MASK2;
221 if (a->top) 219 if (a->top) {
222 {
223 if (w == 0) 220 if (w == 0)
224 BN_zero(a); 221 BN_zero(a);
225 else 222 else {
226 { 223 ll = bn_mul_words(a->d, a->d, a->top, w);
227 ll=bn_mul_words(a->d,a->d,a->top,w); 224 if (ll) {
228 if (ll) 225 if (bn_wexpand(a, a->top + 1) == NULL)
229 { 226 return (0);
230 if (bn_wexpand(a,a->top+1) == NULL) return(0); 227 a->d[a->top++] = ll;
231 a->d[a->top++]=ll;
232 }
233 } 228 }
234 } 229 }
235 bn_check_top(a);
236 return(1);
237 } 230 }
238 231 bn_check_top(a);
232 return (1);
233}
diff --git a/src/lib/libcrypto/bn/bn_x931p.c b/src/lib/libcrypto/bn/bn_x931p.c
index 04c5c874ec..025f1be51a 100644
--- a/src/lib/libcrypto/bn/bn_x931p.c
+++ b/src/lib/libcrypto/bn/bn_x931p.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -66,16 +66,16 @@
66 * integers. 66 * integers.
67 */ 67 */
68 68
69static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, 69static int
70 BN_GENCB *cb) 70bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb)
71 { 71{
72 int i = 0; 72 int i = 0;
73
73 if (!BN_copy(pi, Xpi)) 74 if (!BN_copy(pi, Xpi))
74 return 0; 75 return 0;
75 if (!BN_is_odd(pi) && !BN_add_word(pi, 1)) 76 if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
76 return 0; 77 return 0;
77 for(;;) 78 for (;;) {
78 {
79 i++; 79 i++;
80 BN_GENCB_call(cb, 0, i); 80 BN_GENCB_call(cb, 0, i);
81 /* NB 27 MR is specificed in X9.31 */ 81 /* NB 27 MR is specificed in X9.31 */
@@ -83,20 +83,21 @@ static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
83 break; 83 break;
84 if (!BN_add_word(pi, 2)) 84 if (!BN_add_word(pi, 2))
85 return 0; 85 return 0;
86 } 86 }
87 BN_GENCB_call(cb, 2, i); 87 BN_GENCB_call(cb, 2, i);
88 return 1; 88 return 1;
89 } 89}
90 90
91/* This is the main X9.31 prime derivation function. From parameters 91/* This is the main X9.31 prime derivation function. From parameters
92 * Xp1, Xp2 and Xp derive the prime p. If the parameters p1 or p2 are 92 * Xp1, Xp2 and Xp derive the prime p. If the parameters p1 or p2 are
93 * not NULL they will be returned too: this is needed for testing. 93 * not NULL they will be returned too: this is needed for testing.
94 */ 94 */
95 95
96int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, 96int
97 const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2, 97BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, const BIGNUM *Xp,
98 const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb) 98 const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
99 { 99 BN_GENCB *cb)
100{
100 int ret = 0; 101 int ret = 0;
101 102
102 BIGNUM *t, *p1p2, *pm1; 103 BIGNUM *t, *p1p2, *pm1;
@@ -157,8 +158,7 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
157 158
158 /* p now equals Yp0 */ 159 /* p now equals Yp0 */
159 160
160 for (;;) 161 for (;;) {
161 {
162 int i = 1; 162 int i = 1;
163 BN_GENCB_call(cb, 0, i++); 163 BN_GENCB_call(cb, 0, i++);
164 if (!BN_copy(pm1, p)) 164 if (!BN_copy(pm1, p))
@@ -169,34 +169,36 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
169 goto err; 169 goto err;
170 if (BN_is_one(t) 170 if (BN_is_one(t)
171 /* X9.31 specifies 8 MR and 1 Lucas test or any prime test 171 /* X9.31 specifies 8 MR and 1 Lucas test or any prime test
172 * offering similar or better guarantees 50 MR is considerably 172 * offering similar or better guarantees 50 MR is considerably
173 * better. 173 * better.
174 */ 174 */
175 && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb)) 175 && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
176 break; 176 break;
177 if (!BN_add(p, p, p1p2)) 177 if (!BN_add(p, p, p1p2))
178 goto err; 178 goto err;
179 } 179 }
180 180
181 BN_GENCB_call(cb, 3, 0); 181 BN_GENCB_call(cb, 3, 0);
182 182
183 ret = 1; 183 ret = 1;
184 184
185 err: 185err:
186 186
187 BN_CTX_end(ctx); 187 BN_CTX_end(ctx);
188 188
189 return ret; 189 return ret;
190 } 190}
191 191
192/* Generate pair of paramters Xp, Xq for X9.31 prime generation. 192/* Generate pair of paramters Xp, Xq for X9.31 prime generation.
193 * Note: nbits paramter is sum of number of bits in both. 193 * Note: nbits paramter is sum of number of bits in both.
194 */ 194 */
195 195
196int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) 196int
197 { 197BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
198{
198 BIGNUM *t; 199 BIGNUM *t;
199 int i; 200 int i;
201
200 /* Number of bits for each prime is of the form 202 /* Number of bits for each prime is of the form
201 * 512+128s for s = 0, 1, ... 203 * 512+128s for s = 0, 1, ...
202 */ 204 */
@@ -213,15 +215,14 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
213 BN_CTX_start(ctx); 215 BN_CTX_start(ctx);
214 t = BN_CTX_get(ctx); 216 t = BN_CTX_get(ctx);
215 217
216 for (i = 0; i < 1000; i++) 218 for (i = 0; i < 1000; i++) {
217 {
218 if (!BN_rand(Xq, nbits, 1, 0)) 219 if (!BN_rand(Xq, nbits, 1, 0))
219 return 0; 220 return 0;
220 /* Check that |Xp - Xq| > 2^(nbits - 100) */ 221 /* Check that |Xp - Xq| > 2^(nbits - 100) */
221 BN_sub(t, Xp, Xq); 222 BN_sub(t, Xp, Xq);
222 if (BN_num_bits(t) > (nbits - 100)) 223 if (BN_num_bits(t) > (nbits - 100))
223 break; 224 break;
224 } 225 }
225 226
226 BN_CTX_end(ctx); 227 BN_CTX_end(ctx);
227 228
@@ -229,8 +230,7 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
229 return 1; 230 return 1;
230 231
231 return 0; 232 return 0;
232 233}
233 }
234 234
235/* Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1 235/* Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1
236 * and Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL 236 * and Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL
@@ -240,12 +240,10 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
240 * are generated using the previous function and supplied as input. 240 * are generated using the previous function and supplied as input.
241 */ 241 */
242 242
243int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, 243int
244 BIGNUM *Xp1, BIGNUM *Xp2, 244BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1,
245 const BIGNUM *Xp, 245 BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)
246 const BIGNUM *e, BN_CTX *ctx, 246{
247 BN_GENCB *cb)
248 {
249 int ret = 0; 247 int ret = 0;
250 248
251 BN_CTX_start(ctx); 249 BN_CTX_start(ctx);
@@ -263,10 +261,8 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
263 261
264 ret = 1; 262 ret = 1;
265 263
266 error: 264error:
267 BN_CTX_end(ctx); 265 BN_CTX_end(ctx);
268 266
269 return ret; 267 return ret;
270 268}
271 }
272
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-26 20:14:48 +0000