1 files changed, 178 insertions, 0 deletions

diff --git a/src/lib/libcrypto/bn/bn_add_sub.c b/src/lib/libcrypto/bn/bn_add_sub.c
new file mode 100644
index 0000000000..5c9d5a2b1a
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_add_sub.c
@@ -0,0 +1,178 @@
+/* $OpenBSD: bn_add_sub.c,v 1.1 2025/05/25 04:30:55 jsing Exp $ */
+/*
+ * Copyright (c) 2023,2024,2025 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <openssl/bn.h>
+
+#include "bn_internal.h"
+
+/*
+ * bn_add_words() computes (carry:r[i]) = a[i] + b[i] + carry, where a and b
+ * are both arrays of words. Any carry resulting from the addition is returned.
+ */
+#ifndef HAVE_BN_ADD_WORDS
+BN_ULONG
+bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
+{
+        BN_ULONG carry = 0;
+
+        while (n >= 4) {
+                bn_qwaddqw(a[3], a[2], a[1], a[0], b[3], b[2], b[1], b[0],
+                    carry, &carry, &r[3], &r[2], &r[1], &r[0]);
+                a += 4;
+                b += 4;
+                r += 4;
+                n -= 4;
+        }
+        while (n > 0) {
+                bn_addw_addw(a[0], b[0], carry, &carry, &r[0]);
+                a++;
+                b++;
+                r++;
+                n--;
+        }
+
+        return carry;
+}
+#endif
+
+/*
+ * bn_sub_words() computes (borrow:r[i]) = a[i] - b[i] - borrow, where a and b
+ * are both arrays of words. Any borrow resulting from the subtraction is
+ * returned.
+ */
+#ifndef HAVE_BN_SUB_WORDS
+BN_ULONG
+bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
+{
+        BN_ULONG borrow = 0;
+
+        while (n >= 4) {
+                bn_qwsubqw(a[3], a[2], a[1], a[0], b[3], b[2], b[1], b[0],
+                    borrow, &borrow, &r[3], &r[2], &r[1], &r[0]);
+                a += 4;
+                b += 4;
+                r += 4;
+                n -= 4;
+        }
+        while (n > 0) {
+                bn_subw_subw(a[0], b[0], borrow, &borrow, &r[0]);
+                a++;
+                b++;
+                r++;
+                n--;
+        }
+
+        return borrow;
+}
+#endif
+
+/*
+ * bn_sub_borrow() computes a[i] - b[i], returning the resulting borrow only.
+ */
+#ifndef HAVE_BN_SUB_WORDS_BORROW
+BN_ULONG
+bn_sub_words_borrow(const BN_ULONG *a, const BN_ULONG *b, size_t n)
+{
+        BN_ULONG borrow = 0;
+        BN_ULONG r;
+
+        while (n >= 4) {
+                bn_qwsubqw(a[3], a[2], a[1], a[0], b[3], b[2], b[1], b[0],
+                    borrow, &borrow, &r, &r, &r, &r);
+                a += 4;
+                b += 4;
+                n -= 4;
+        }
+        while (n > 0) {
+                bn_subw_subw(a[0], b[0], borrow, &borrow, &r);
+                a++;
+                b++;
+                n--;
+        }
+
+        return borrow;
+}
+#endif
+
+/*
+ * bn_add_words_masked() computes r[] = a[] + (b[] & mask), where a, b and r are
+ * arrays of words with length n (r may be the same as a or b).
+ */
+#ifndef HAVE_BN_ADD_WORDS_MASKED
+BN_ULONG
+bn_add_words_masked(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+    BN_ULONG mask, size_t n)
+{
+        BN_ULONG carry = 0;
+
+        /* XXX - consider conditional/masked versions of bn_addw_addw/bn_qwaddqw. */
+
+        while (n >= 4) {
+                bn_qwaddqw(a[3], a[2], a[1], a[0], b[3] & mask, b[2] & mask,
+                    b[1] & mask, b[0] & mask, carry, &carry, &r[3], &r[2],
+                    &r[1], &r[0]);
+                a += 4;
+                b += 4;
+                r += 4;
+                n -= 4;
+        }
+        while (n > 0) {
+                bn_addw_addw(a[0], b[0] & mask, carry, &carry, &r[0]);
+                a++;
+                b++;
+                r++;
+                n--;
+        }
+
+        return carry;
+}
+#endif
+
+/*
+ * bn_sub_words_masked() computes r[] = a[] - (b[] & mask), where a, b and r are
+ * arrays of words with length n (r may be the same as a or b).
+ */
+#ifndef HAVE_BN_SUB_WORDS_MASKED
+BN_ULONG
+bn_sub_words_masked(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+    BN_ULONG mask, size_t n)
+{
+        BN_ULONG borrow = 0;
+
+        /* XXX - consider conditional/masked versions of bn_subw_subw/bn_qwsubqw. */
+
+        /* Compute conditional r[i] = a[i] - b[i]. */
+        while (n >= 4) {
+                bn_qwsubqw(a[3], a[2], a[1], a[0], b[3] & mask, b[2] & mask,
+                    b[1] & mask, b[0] & mask, borrow, &borrow, &r[3], &r[2],
+                    &r[1], &r[0]);
+                a += 4;
+                b += 4;
+                r += 4;
+                n -= 4;
+        }
+        while (n > 0) {
+                bn_subw_subw(a[0], b[0] & mask, borrow, &borrow, &r[0]);
+                a++;
+                b++;
+                r++;
+                n--;
+        }
+
+        return borrow;
+}
+#endif