1 files changed, 126 insertions, 54 deletions

diff --git a/src/lib/libcrypto/bn/bn_div.c b/src/lib/libcrypto/bn/bn_div.c
index 2263bdc7da..150dd289a5 100644
--- a/src/lib/libcrypto/bn/bn_div.c
+++ b/src/lib/libcrypto/bn/bn_div.c
@@ -57,21 +57,19 @@
  */
 
 #include <stdio.h>
+#include <openssl/bn.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
 /* The old slow way */
 #if 0
-int BN_div(dv, rem, m, d,ctx)
-BIGNUM *dv;
-BIGNUM *rem;
-BIGNUM *m;
-BIGNUM *d;
-BN_CTX *ctx;
+int BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx)
         {
         int i,nm,nd;
         BIGNUM *D;
 
+        bn_check_top(m);
+        bn_check_top(d);
         if (BN_is_zero(d))
                 {
                 BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
@@ -86,9 +84,9 @@ BN_CTX *ctx;
                 return(1);
                 }
 
-        D=ctx->bn[ctx->tos];
-        if (dv == NULL) dv=ctx->bn[ctx->tos+1];
-        if (rem == NULL) rem=ctx->bn[ctx->tos+2];
+        D= &(ctx->bn[ctx->tos]);
+        if (dv == NULL) dv= &(ctx->bn[ctx->tos+1]);
+        if (rem == NULL) rem= &(ctx->bn[ctx->tos+2]);
 
         nd=BN_num_bits(d);
         nm=BN_num_bits(m);
@@ -98,6 +96,7 @@ BN_CTX *ctx;
         /* The next 2 are needed so we can do a dv->d[0]|=1 later
          * since BN_lshift1 will only work once there is a value :-) */
         BN_zero(dv);
+        bn_wexpand(dv,1);
         dv->top=1;
 
         if (!BN_lshift(D,D,nm-nd)) return(0);
@@ -107,7 +106,7 @@ BN_CTX *ctx;
                 if (BN_ucmp(rem,D) >= 0)
                         {
                         dv->d[0]|=1;
-                        bn_qsub(rem,rem,D);
+                        if (!BN_usub(rem,rem,D)) return(0);
                         }
 /* CAN IMPROVE (and have now :=) */
                 if (!BN_rshift1(D,D)) return(0);
@@ -119,12 +118,8 @@ BN_CTX *ctx;
 
 #else
 
-int BN_div(dv, rm, num, divisor,ctx)
-BIGNUM *dv;
-BIGNUM *rm;
-BIGNUM *num;
-BIGNUM *divisor;
-BN_CTX *ctx;
+int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+           BN_CTX *ctx)
         {
         int norm_shift,i,j,loop;
         BIGNUM *tmp,wnum,*snum,*sdiv,*res;
@@ -132,6 +127,9 @@ BN_CTX *ctx;
         BN_ULONG d0,d1;
         int num_n,div_n;
 
+        bn_check_top(num);
+        bn_check_top(divisor);
+
         if (BN_is_zero(divisor))
                 {
                 BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
@@ -146,12 +144,12 @@ BN_CTX *ctx;
                 return(1);
                 }
 
-        tmp=ctx->bn[ctx->tos]; 
+        tmp= &(ctx->bn[ctx->tos]);
         tmp->neg=0;
-        snum=ctx->bn[ctx->tos+1];
-        sdiv=ctx->bn[ctx->tos+2];
+        snum= &(ctx->bn[ctx->tos+1]);
+        sdiv= &(ctx->bn[ctx->tos+2]);
         if (dv == NULL)
-                res=ctx->bn[ctx->tos+3];
+                res= &(ctx->bn[ctx->tos+3]);
         else    res=dv;
 
         /* First we normalise the numbers */
@@ -168,10 +166,10 @@ BN_CTX *ctx;
         /* Lets setup a 'window' into snum
          * This is the part that corresponds to the current
          * 'area' being divided */
+        BN_init(&wnum);
         wnum.d=  &(snum->d[loop]);
         wnum.top= div_n;
-        wnum.max= snum->max; /* a bit of a lie */
-        wnum.neg= 0;
+        wnum.max= snum->max+1; /* a bit of a lie */
 
         /* Get the top 2 words of sdiv */
         /* i=sdiv->top; */
@@ -183,8 +181,8 @@ BN_CTX *ctx;
 
         /* Setup to 'res' */
         res->neg= (num->neg^divisor->neg);
-        res->top=loop;
         if (!bn_wexpand(res,(loop+1))) goto err;
+        res->top=loop;
         resp= &(res->d[loop-1]);
 
         /* space for temp */
@@ -192,7 +190,7 @@ BN_CTX *ctx;
 
         if (BN_ucmp(&wnum,sdiv) >= 0)
                 {
-                bn_qsub(&wnum,&wnum,sdiv);
+                if (!BN_usub(&wnum,&wnum,sdiv)) goto err;
                 *resp=1;
                 res->d[res->top-1]=1;
                 }
@@ -202,56 +200,98 @@ BN_CTX *ctx;
 
         for (i=0; i<loop-1; i++)
                 {
-                BN_ULONG q,n0,n1;
-                BN_ULONG l0;
+                BN_ULONG q,l0;
+#ifdef BN_DIV3W
+                q=bn_div_3_words(wnump,d0,d1);
+#else
+
+#if !defined(NO_ASM) && !defined(PEDANTIC)
+# if defined(__GNUC__) && __GNUC__>=2
+#  if defined(__i386)
+   /*
+    * There were two reasons for implementing this template:
+    * - GNU C generates a call to a function (__udivdi3 to be exact)
+    *   in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
+    *   understand why...);
+    * - divl doesn't only calculate quotient, but also leaves
+    *   remainder in %edx which we can definitely use here:-)
+    *
+    *                                   <appro@fy.chalmers.se>
+    */
+#  define bn_div_words(n0,n1,d0)                \
+        ({  asm volatile (                      \
+                "divl   %4"                     \
+                : "=a"(q), "=d"(rem)            \
+                : "a"(n1), "d"(n0), "g"(d0)     \
+                : "cc");                        \
+            q;                                  \
+        })
+#  define REMINDER_IS_ALREADY_CALCULATED
+#  endif /* __<cpu> */
+# endif /* __GNUC__ */
+#endif /* NO_ASM */
+                BN_ULONG n0,n1,rem=0;
 
-                wnum.d--; wnum.top++;
                 n0=wnump[0];
                 n1=wnump[-1];
                 if (n0 == d0)
                         q=BN_MASK2;
                 else
-                        q=bn_div64(n0,n1,d0);
+#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
+                        q=((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0;
+#else
+                        q=bn_div_words(n0,n1,d0);
+#endif
                 {
 #ifdef BN_LLONG
-                BN_ULLONG t1,t2,rem;
-                t1=((BN_ULLONG)n0<<BN_BITS2)|n1;
+                BN_ULLONG t2;
+
+#ifndef REMINDER_IS_ALREADY_CALCULATED
+                /*
+                 * rem doesn't have to be BN_ULLONG. The least we
+                 * know it's less that d0, isn't it?
+                 */
+                rem=(n1-q*d0)&BN_MASK2;
+#endif
+                t2=(BN_ULLONG)d1*q;
+
                 for (;;)
                         {
-                        t2=(BN_ULLONG)d1*q;
-                        rem=t1-(BN_ULLONG)q*d0;
-                        if ((rem>>BN_BITS2) ||
-                                (t2 <= ((BN_ULLONG)(rem<<BN_BITS2)+wnump[-2])))
+                        if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
                                 break;
                         q--;
+                        rem += d0;
+                        if (rem < d0) break; /* don't let rem overflow */
+                        t2 -= d1;
                         }
 #else
-                BN_ULONG t1l,t1h,t2l,t2h,t3l,t3h,ql,qh,t3t;
-                t1h=n0;
-                t1l=n1;
+                BN_ULONG t2l,t2h,ql,qh;
+
+#ifndef REMINDER_IS_ALREADY_CALCULATED
+                /*
+                 * It's more than enough with the only multiplication.
+                 * See the comment above in BN_LLONG section...
+                 */
+                rem=(n1-q*d0)&BN_MASK2;
+#endif
+                t2l=LBITS(d1); t2h=HBITS(d1);
+                ql =LBITS(q);  qh =HBITS(q);
+                mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
+
                 for (;;)
                         {
-                        t2l=LBITS(d1); t2h=HBITS(d1);
-                        ql =LBITS(q);  qh =HBITS(q);
-                        mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
-
-                        t3t=LBITS(d0); t3h=HBITS(d0);
-                        mul64(t3t,t3h,ql,qh); /* t3=t1-(BN_ULLONG)q*d0; */
-                        t3l=(t1l-t3t)&BN_MASK2;
-                        if (t3l > t1l) t3h++;
-                        t3h=(t1h-t3h)&BN_MASK2;
-
-                        /*if ((t3>>BN_BITS2) ||
-                                (t2 <= ((t3<<BN_BITS2)+wnump[-2])))
-                                break; */
-                        if (t3h) break;
-                        if (t2h < t3l) break;
-                        if ((t2h == t3l) && (t2l <= wnump[-2])) break;
-
+                        if ((t2h < rem) ||
+                                ((t2h == rem) && (t2l <= wnump[-2])))
+                                break;
                         q--;
+                        rem += d0;
+                        if (rem < d0) break; /* don't let rem overflow */
+                        if (t2l < d1) t2h--; t2l -= d1;
                         }
 #endif
                 }
+#endif /* !BN_DIV3W */
+                wnum.d--; wnum.top++;
                 l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
                 tmp->d[div_n]=l0;
                 for (j=div_n+1; j>0; j--)
@@ -284,3 +324,35 @@ err:
         }
 
 #endif
+
+/* rem != m */
+int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+        {
+#if 0 /* The old slow way */
+        int i,nm,nd;
+        BIGNUM *dv;
+
+        if (BN_ucmp(m,d) < 0)
+                return((BN_copy(rem,m) == NULL)?0:1);
+
+        dv= &(ctx->bn[ctx->tos]);
+
+        if (!BN_copy(rem,m)) return(0);
+
+        nm=BN_num_bits(rem);
+        nd=BN_num_bits(d);
+        if (!BN_lshift(dv,d,nm-nd)) return(0);
+        for (i=nm-nd; i>=0; i--)
+                {
+                if (BN_cmp(rem,dv) >= 0)
+                        {
+                        if (!BN_sub(rem,rem,dv)) return(0);
+                        }
+                if (!BN_rshift1(dv,dv)) return(0);
+                }
+        return(1);
+#else
+        return(BN_div(NULL,rem,m,d,ctx));
+#endif
+        }
+