1 files changed, 122 insertions, 130 deletions
diff --git a/src/lib/libcrypto/bn/bn_exp2.c b/src/lib/libcrypto/bn/bn_exp2.c
index bd0c34b91b..d3d3d978bd 100644
--- a/src/lib/libcrypto/bn/bn_exp2.c
+++ b/src/lib/libcrypto/bn/bn_exp2.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -115,17 +115,18 @@
 #define TABLE_SIZE      32
-int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
+int
-        const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
-        BN_CTX *ctx, BN_MONT_CTX *in_mont)
+    const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, BN_CTX *ctx,
-        {
+    BN_MONT_CTX *in_mont)
-        int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2;
+{
-        int r_is_one=1;
+        int i, j, bits, b, bits1, bits2, ret = 0, wpos1, wpos2, window1, window2, wvalue1, wvalue2;
-        BIGNUM *d,*r;
+        int r_is_one = 1;
+        BIGNUM *d, *r;
        const BIGNUM *a_mod_m;
        /* Tables of variables obtained from 'ctx' */
        BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
-        BN_MONT_CTX *mont=NULL;
+        BN_MONT_CTX *mont = NULL;
        bn_check_top(a1);
        bn_check_top(p1);
@@ -133,35 +134,35 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
        bn_check_top(p2);
        bn_check_top(m);
-        if (!(m->d[0] & 1))
+        if (!(m->d[0] & 1)) {
-                {
+                BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
-                BNerr(BN_F_BN_MOD_EXP2_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
+                return (0);
-                return(0);
+        }
-                }
+        bits1 = BN_num_bits(p1);
-        bits1=BN_num_bits(p1);
+        bits2 = BN_num_bits(p2);
-        bits2=BN_num_bits(p2);
+        if ((bits1 == 0) && (bits2 == 0)) {
-        if ((bits1 == 0) && (bits2 == 0))
-                {
                ret = BN_one(rr);
                return ret;
-                }
+        }
-        
-        bits=(bits1 > bits2)?bits1:bits2;
+        bits = (bits1 > bits2) ? bits1 : bits2;
        BN_CTX_start(ctx);
        d = BN_CTX_get(ctx);
        r = BN_CTX_get(ctx);
        val1[0] = BN_CTX_get(ctx);
        val2[0] = BN_CTX_get(ctx);
-        if(!d || !r || !val1[0] || !val2[0]) goto err;
+        if (!d || !r || !val1[0] || !val2[0])
+                goto err;
        if (in_mont != NULL)
-                mont=in_mont;
+                mont = in_mont;
-        else
+        else {
-                {
+                if ((mont = BN_MONT_CTX_new()) == NULL)
-                if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+                        goto err;
-                if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
+                if (!BN_MONT_CTX_set(mont, m, ctx))
-                }
+                        goto err;
+        }
        window1 = BN_window_bits_for_exponent_size(bits1);
        window2 = BN_window_bits_for_exponent_size(bits2);
@@ -169,144 +170,135 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
        /*
         * Build table for a1:   val1[i] := a1^(2*i + 1) mod m  for i = 0 .. 2^(window1-1)
         */
-        if (a1->neg || BN_ucmp(a1,m) >= 0)
+        if (a1->neg || BN_ucmp(a1, m) >= 0) {
-                {
+                if (!BN_mod(val1[0], a1, m, ctx))
-                if (!BN_mod(val1[0],a1,m,ctx))
                        goto err;
                a_mod_m = val1[0];
-                }
+        } else
-        else
                a_mod_m = a1;
-        if (BN_is_zero(a_mod_m))
+        if (BN_is_zero(a_mod_m)) {
-                {
                BN_zero(rr);
                ret = 1;
                goto err;
-                }
+        }
-        if (!BN_to_montgomery(val1[0],a_mod_m,mont,ctx)) goto err;
+        if (!BN_to_montgomery(val1[0], a_mod_m, mont, ctx))
-        if (window1 > 1)
+                goto err;
-                {
+        if (window1 > 1) {
-                if (!BN_mod_mul_montgomery(d,val1[0],val1[0],mont,ctx)) goto err;
+                if (!BN_mod_mul_montgomery(d, val1[0], val1[0], mont, ctx))
+                        goto err;
-                j=1<<(window1-1);
+                j = 1 << (window1 - 1);
-                for (i=1; i<j; i++)
+                for (i = 1; i < j; i++) {
-                        {
+                        if (((val1[i] = BN_CTX_get(ctx)) == NULL) ||
-                        if(((val1[i] = BN_CTX_get(ctx)) == NULL) ||
+                            !BN_mod_mul_montgomery(val1[i], val1[i - 1],
-                                        !BN_mod_mul_montgomery(val1[i],val1[i-1],
+                            d, mont, ctx))
-                                                d,mont,ctx))
                                goto err;
-                        }
                }
+        }
        /*
         * Build table for a2:   val2[i] := a2^(2*i + 1) mod m  for i = 0 .. 2^(window2-1)
         */
-        if (a2->neg || BN_ucmp(a2,m) >= 0)
+        if (a2->neg || BN_ucmp(a2, m) >= 0) {
-                {
+                if (!BN_mod(val2[0], a2, m, ctx))
-                if (!BN_mod(val2[0],a2,m,ctx))
                        goto err;
                a_mod_m = val2[0];
-                }
+        } else
-        else
                a_mod_m = a2;
-        if (BN_is_zero(a_mod_m))
+        if (BN_is_zero(a_mod_m)) {
-                {
                BN_zero(rr);
                ret = 1;
                goto err;
-                }
+        }
-        if (!BN_to_montgomery(val2[0],a_mod_m,mont,ctx)) goto err;
+        if (!BN_to_montgomery(val2[0], a_mod_m, mont, ctx))
-        if (window2 > 1)
+                goto err;
-                {
+        if (window2 > 1) {
-                if (!BN_mod_mul_montgomery(d,val2[0],val2[0],mont,ctx)) goto err;
+                if (!BN_mod_mul_montgomery(d, val2[0], val2[0], mont, ctx))
+                        goto err;
-                j=1<<(window2-1);
+                j = 1 << (window2 - 1);
-                for (i=1; i<j; i++)
+                for (i = 1; i < j; i++) {
-                        {
+                        if (((val2[i] = BN_CTX_get(ctx)) == NULL) ||
-                        if(((val2[i] = BN_CTX_get(ctx)) == NULL) ||
+                            !BN_mod_mul_montgomery(val2[i], val2[i - 1],
-                                        !BN_mod_mul_montgomery(val2[i],val2[i-1],
+                            d, mont, ctx))
-                                                d,mont,ctx))
                                goto err;
-                        }
                }
+        }
        /* Now compute the power product, using independent windows. */
-        r_is_one=1;
+        r_is_one = 1;
-        wvalue1=0;  /* The 'value' of the first window */
+        wvalue1 = 0;  /* The 'value' of the first window */
-        wvalue2=0;  /* The 'value' of the second window */
+        wvalue2 = 0;  /* The 'value' of the second window */
-        wpos1=0;    /* If wvalue1 > 0, the bottom bit of the first window */
+        wpos1 = 0;    /* If wvalue1 > 0, the bottom bit of the first window */
-        wpos2=0;    /* If wvalue2 > 0, the bottom bit of the second window */
+        wpos2 = 0;    /* If wvalue2 > 0, the bottom bit of the second window */
-        if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
+        if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
-        for (b=bits-1; b>=0; b--)
+                goto err;
-                {
+        for (b = bits - 1; b >= 0; b--) {
-                if (!r_is_one)
+                if (!r_is_one) {
-                        {
+                        if (!BN_mod_mul_montgomery(r, r,r, mont, ctx))
-                        if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
                                goto err;
-                        }
+                }
-                
                if (!wvalue1)
-                        if (BN_is_bit_set(p1, b))
+                        if (BN_is_bit_set(p1, b)) {
-                                {
+                        /* consider bits b-window1+1 .. b for this window */
-                                /* consider bits b-window1+1 .. b for this window */
+                        i = b - window1 + 1;
-                                i = b-window1+1;
+                        while (!BN_is_bit_set(p1, i)) /* works for i<0 */
-                                while (!BN_is_bit_set(p1, i)) /* works for i<0 */
+                                i++;
-                                        i++;
+                        wpos1 = i;
-                                wpos1 = i;
+                        wvalue1 = 1;
-                                wvalue1 = 1;
+                        for (i = b - 1; i >= wpos1; i--) {
-                                for (i = b-1; i >= wpos1; i--)
+                                wvalue1 <<= 1;
-                                        {
+                                if (BN_is_bit_set(p1, i))
-                                        wvalue1 <<= 1;
+                                        wvalue1++;
-                                        if (BN_is_bit_set(p1, i))
+                        }
-                                                wvalue1++;
+                }
-                                        }
-                                }
-                
                if (!wvalue2)
-                        if (BN_is_bit_set(p2, b))
+                        if (BN_is_bit_set(p2, b)) {
-                                {
+                        /* consider bits b-window2+1 .. b for this window */
-                                /* consider bits b-window2+1 .. b for this window */
+                        i = b - window2 + 1;
-                                i = b-window2+1;
+                        while (!BN_is_bit_set(p2, i))
-                                while (!BN_is_bit_set(p2, i))
+                                i++;
-                                        i++;
+                        wpos2 = i;
-                                wpos2 = i;
+                        wvalue2 = 1;
-                                wvalue2 = 1;
+                        for (i = b - 1; i >= wpos2; i--) {
-                                for (i = b-1; i >= wpos2; i--)
+                                wvalue2 <<= 1;
-                                        {
+                                if (BN_is_bit_set(p2, i))
-                                        wvalue2 <<= 1;
+                                        wvalue2++;
-                                        if (BN_is_bit_set(p2, i))
+                        }
-                                                wvalue2++;
+                }
-                                        }
-                                }
-                if (wvalue1 && b == wpos1)
+                if (wvalue1 && b == wpos1) {
-                        {
                        /* wvalue1 is odd and < 2^window1 */
-                        if (!BN_mod_mul_montgomery(r,r,val1[wvalue1>>1],mont,ctx))
+                        if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1],
+                            mont, ctx))
                                goto err;
                        wvalue1 = 0;
                        r_is_one = 0;
-                        }
+                }
-                
-                if (wvalue2 && b == wpos2)
+                if (wvalue2 && b == wpos2) {
-                        {
                        /* wvalue2 is odd and < 2^window2 */
-                        if (!BN_mod_mul_montgomery(r,r,val2[wvalue2>>1],mont,ctx))
+                        if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1],
+                            mont, ctx))
                                goto err;
                        wvalue2 = 0;
                        r_is_one = 0;
-                        }
                }
-        if (!BN_from_montgomery(rr,r,mont,ctx))
+        }
+        if (!BN_from_montgomery(rr, r,mont, ctx))
                goto err;
-        ret=1;
+        ret = 1;
 err:
-        if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+        if ((in_mont == NULL) && (mont != NULL))
+                BN_MONT_CTX_free(mont);
        BN_CTX_end(ctx);
        bn_check_top(rr);
-        return(ret);
+        return (ret);
-        }
+}

diff --git a/src/lib/libcrypto/bn/bn_exp2.c b/src/lib/libcrypto/bn/bn_exp2.c index bd0c34b91b..d3d3d978bd 100644 --- a/src/lib/libcrypto/bn/bn_exp2.c +++ b/src/lib/libcrypto/bn/bn_exp2.c
@@ -5,21 +5,21 @@
5	* This package is an SSL implementation written	5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).	6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.	7	* The implementation was written so as to conform with Netscapes SSL.
8	*	8	*
9	* This library is free for commercial and non-commercial use as long as	9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions	10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,	11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms	13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*	15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in	16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.	17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution	18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.	19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or	20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.	21	* in documentation (online or textual) provided with the package.
22	*	22	*
23	* Redistribution and use in source and binary forms, with or without	23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions	24	* modification, are permitted provided that the following conditions
25	* are met:	25	* are met:
@@ -34,10 +34,10 @@
34	* Eric Young (eay@cryptsoft.com)"	34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library	35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).	36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from	37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:	38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*	40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.	51	* SUCH DAMAGE.
52	*	52	*
53	* The licence and distribution terms for any publically available version or	53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence	55	* copied and put under another distribution licence
@@ -63,7 +63,7 @@
63	* are met:	63	* are met:
64	*	64	*
65	* 1. Redistributions of source code must retain the above copyright	65	* 1. Redistributions of source code must retain the above copyright
66	* notice, this list of conditions and the following disclaimer.	66	* notice, this list of conditions and the following disclaimer.
67	*	67	*
68	* 2. Redistributions in binary form must reproduce the above copyright	68	* 2. Redistributions in binary form must reproduce the above copyright
69	* notice, this list of conditions and the following disclaimer in	69	* notice, this list of conditions and the following disclaimer in
@@ -115,17 +115,18 @@
115		115
116	#define TABLE_SIZE 32	116	#define TABLE_SIZE 32
117		117
118	int BN_mod_exp2_mont(BIGNUM rr, const BIGNUM a1, const BIGNUM *p1,	118	int
119	const BIGNUM a2, const BIGNUM p2, const BIGNUM *m,	119	BN_mod_exp2_mont(BIGNUM rr, const BIGNUM a1, const BIGNUM *p1,
120	BN_CTX ctx, BN_MONT_CTX in_mont)	120	const BIGNUM a2, const BIGNUM p2, const BIGNUM m, BN_CTX ctx,
121	{	121	BN_MONT_CTX *in_mont)
122	int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2;	122	{
123	int r_is_one=1;	123	int i, j, bits, b, bits1, bits2, ret = 0, wpos1, wpos2, window1, window2, wvalue1, wvalue2;
124	BIGNUM d,r;	124	int r_is_one = 1;
		125	BIGNUM d, r;
125	const BIGNUM *a_mod_m;	126	const BIGNUM *a_mod_m;
126	/* Tables of variables obtained from 'ctx' */	127	/* Tables of variables obtained from 'ctx' */
127	BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE];	128	BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE];
128	BN_MONT_CTX *mont=NULL;	129	BN_MONT_CTX *mont = NULL;
129		130
130	bn_check_top(a1);	131	bn_check_top(a1);
131	bn_check_top(p1);	132	bn_check_top(p1);
@@ -133,35 +134,35 @@ int BN_mod_exp2_mont(BIGNUM rr, const BIGNUM a1, const BIGNUM *p1,
133	bn_check_top(p2);	134	bn_check_top(p2);
134	bn_check_top(m);	135	bn_check_top(m);
135		136
136	if (!(m->d[0] & 1))	137	if (!(m->d[0] & 1)) {
137	{	138	BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
138	BNerr(BN_F_BN_MOD_EXP2_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);	139	return (0);
139	return(0);	140	}
140	}	141	bits1 = BN_num_bits(p1);
141	bits1=BN_num_bits(p1);	142	bits2 = BN_num_bits(p2);
142	bits2=BN_num_bits(p2);	143	if ((bits1 == 0) && (bits2 == 0)) {
143	if ((bits1 == 0) && (bits2 == 0))
144	{
145	ret = BN_one(rr);	144	ret = BN_one(rr);
146	return ret;	145	return ret;
147	}	146	}
148		147
149	bits=(bits1 > bits2)?bits1:bits2;	148	bits = (bits1 > bits2) ? bits1 : bits2;
150		149
151	BN_CTX_start(ctx);	150	BN_CTX_start(ctx);
152	d = BN_CTX_get(ctx);	151	d = BN_CTX_get(ctx);
153	r = BN_CTX_get(ctx);	152	r = BN_CTX_get(ctx);
154	val1[0] = BN_CTX_get(ctx);	153	val1[0] = BN_CTX_get(ctx);
155	val2[0] = BN_CTX_get(ctx);	154	val2[0] = BN_CTX_get(ctx);
156	if(!d \|\| !r \|\| !val1[0] \|\| !val2[0]) goto err;	155	if (!d \|\| !r \|\| !val1[0] \|\| !val2[0])
		156	goto err;
157		157
158	if (in_mont != NULL)	158	if (in_mont != NULL)
159	mont=in_mont;	159	mont = in_mont;
160	else	160	else {
161	{	161	if ((mont = BN_MONT_CTX_new()) == NULL)
162	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;	162	goto err;
163	if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;	163	if (!BN_MONT_CTX_set(mont, m, ctx))
164	}	164	goto err;
		165	}
165		166
166	window1 = BN_window_bits_for_exponent_size(bits1);	167	window1 = BN_window_bits_for_exponent_size(bits1);
167	window2 = BN_window_bits_for_exponent_size(bits2);	168	window2 = BN_window_bits_for_exponent_size(bits2);
@@ -169,144 +170,135 @@ int BN_mod_exp2_mont(BIGNUM rr, const BIGNUM a1, const BIGNUM *p1,
169	/*	170	/*
170	* Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1)	171	* Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1)
171	*/	172	*/
172	if (a1->neg \|\| BN_ucmp(a1,m) >= 0)	173	if (a1->neg \|\| BN_ucmp(a1, m) >= 0) {
173	{	174	if (!BN_mod(val1[0], a1, m, ctx))
174	if (!BN_mod(val1[0],a1,m,ctx))
175	goto err;	175	goto err;
176	a_mod_m = val1[0];	176	a_mod_m = val1[0];
177	}	177	} else
178	else
179	a_mod_m = a1;	178	a_mod_m = a1;
180	if (BN_is_zero(a_mod_m))	179	if (BN_is_zero(a_mod_m)) {
181	{
182	BN_zero(rr);	180	BN_zero(rr);
183	ret = 1;	181	ret = 1;
184	goto err;	182	goto err;
185	}	183	}
186		184
187	if (!BN_to_montgomery(val1[0],a_mod_m,mont,ctx)) goto err;	185	if (!BN_to_montgomery(val1[0], a_mod_m, mont, ctx))
188	if (window1 > 1)	186	goto err;
189	{	187	if (window1 > 1) {
190	if (!BN_mod_mul_montgomery(d,val1[0],val1[0],mont,ctx)) goto err;	188	if (!BN_mod_mul_montgomery(d, val1[0], val1[0], mont, ctx))
		189	goto err;
191		190
192	j=1<<(window1-1);	191	j = 1 << (window1 - 1);
193	for (i=1; i<j; i++)	192	for (i = 1; i < j; i++) {
194	{	193	if (((val1[i] = BN_CTX_get(ctx)) == NULL) \|\|
195	if(((val1[i] = BN_CTX_get(ctx)) == NULL) \|\|	194	!BN_mod_mul_montgomery(val1[i], val1[i - 1],
196	!BN_mod_mul_montgomery(val1[i],val1[i-1],	195	d, mont, ctx))
197	d,mont,ctx))
198	goto err;	196	goto err;
199	}
200	}	197	}
		198	}
201		199
202		200
203	/*	201	/*
204	* Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1)	202	* Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1)
205	*/	203	*/
206	if (a2->neg \|\| BN_ucmp(a2,m) >= 0)	204	if (a2->neg \|\| BN_ucmp(a2, m) >= 0) {
207	{	205	if (!BN_mod(val2[0], a2, m, ctx))
208	if (!BN_mod(val2[0],a2,m,ctx))
209	goto err;	206	goto err;
210	a_mod_m = val2[0];	207	a_mod_m = val2[0];
211	}	208	} else
212	else
213	a_mod_m = a2;	209	a_mod_m = a2;
214	if (BN_is_zero(a_mod_m))	210	if (BN_is_zero(a_mod_m)) {
215	{
216	BN_zero(rr);	211	BN_zero(rr);
217	ret = 1;	212	ret = 1;
218	goto err;	213	goto err;
219	}	214	}
220	if (!BN_to_montgomery(val2[0],a_mod_m,mont,ctx)) goto err;	215	if (!BN_to_montgomery(val2[0], a_mod_m, mont, ctx))
221	if (window2 > 1)	216	goto err;
222	{	217	if (window2 > 1) {
223	if (!BN_mod_mul_montgomery(d,val2[0],val2[0],mont,ctx)) goto err;	218	if (!BN_mod_mul_montgomery(d, val2[0], val2[0], mont, ctx))
		219	goto err;
224		220
225	j=1<<(window2-1);	221	j = 1 << (window2 - 1);
226	for (i=1; i<j; i++)	222	for (i = 1; i < j; i++) {
227	{	223	if (((val2[i] = BN_CTX_get(ctx)) == NULL) \|\|
228	if(((val2[i] = BN_CTX_get(ctx)) == NULL) \|\|	224	!BN_mod_mul_montgomery(val2[i], val2[i - 1],
229	!BN_mod_mul_montgomery(val2[i],val2[i-1],	225	d, mont, ctx))
230	d,mont,ctx))
231	goto err;	226	goto err;
232	}
233	}	227	}
		228	}
234		229
235		230
236	/* Now compute the power product, using independent windows. */	231	/* Now compute the power product, using independent windows. */
237	r_is_one=1;	232	r_is_one = 1;
238	wvalue1=0; /* The 'value' of the first window */	233	wvalue1 = 0; /* The 'value' of the first window */
239	wvalue2=0; /* The 'value' of the second window */	234	wvalue2 = 0; /* The 'value' of the second window */
240	wpos1=0; /* If wvalue1 > 0, the bottom bit of the first window */	235	wpos1 = 0; /* If wvalue1 > 0, the bottom bit of the first window */
241	wpos2=0; /* If wvalue2 > 0, the bottom bit of the second window */	236	wpos2 = 0; /* If wvalue2 > 0, the bottom bit of the second window */
242		237
243	if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;	238	if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
244	for (b=bits-1; b>=0; b--)	239	goto err;
245	{	240	for (b = bits - 1; b >= 0; b--) {
246	if (!r_is_one)	241	if (!r_is_one) {
247	{	242	if (!BN_mod_mul_montgomery(r, r,r, mont, ctx))
248	if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
249	goto err;	243	goto err;
250	}	244	}
251		245
252	if (!wvalue1)	246	if (!wvalue1)
253	if (BN_is_bit_set(p1, b))	247	if (BN_is_bit_set(p1, b)) {
254	{	248	/* consider bits b-window1+1 .. b for this window */
255	/* consider bits b-window1+1 .. b for this window */	249	i = b - window1 + 1;
256	i = b-window1+1;	250	while (!BN_is_bit_set(p1, i)) /* works for i<0 */
257	while (!BN_is_bit_set(p1, i)) /* works for i<0 */	251	i++;
258	i++;	252	wpos1 = i;
259	wpos1 = i;	253	wvalue1 = 1;
260	wvalue1 = 1;	254	for (i = b - 1; i >= wpos1; i--) {
261	for (i = b-1; i >= wpos1; i--)	255	wvalue1 <<= 1;
262	{	256	if (BN_is_bit_set(p1, i))
263	wvalue1 <<= 1;	257	wvalue1++;
264	if (BN_is_bit_set(p1, i))	258	}
265	wvalue1++;	259	}
266	}	260
267	}
268
269	if (!wvalue2)	261	if (!wvalue2)
270	if (BN_is_bit_set(p2, b))	262	if (BN_is_bit_set(p2, b)) {
271	{	263	/* consider bits b-window2+1 .. b for this window */
272	/* consider bits b-window2+1 .. b for this window */	264	i = b - window2 + 1;
273	i = b-window2+1;	265	while (!BN_is_bit_set(p2, i))
274	while (!BN_is_bit_set(p2, i))	266	i++;
275	i++;	267	wpos2 = i;
276	wpos2 = i;	268	wvalue2 = 1;
277	wvalue2 = 1;	269	for (i = b - 1; i >= wpos2; i--) {
278	for (i = b-1; i >= wpos2; i--)	270	wvalue2 <<= 1;
279	{	271	if (BN_is_bit_set(p2, i))
280	wvalue2 <<= 1;	272	wvalue2++;
281	if (BN_is_bit_set(p2, i))	273	}
282	wvalue2++;	274	}
283	}
284	}
285		275
286	if (wvalue1 && b == wpos1)	276	if (wvalue1 && b == wpos1) {
287	{
288	/* wvalue1 is odd and < 2^window1 */	277	/* wvalue1 is odd and < 2^window1 */
289	if (!BN_mod_mul_montgomery(r,r,val1[wvalue1>>1],mont,ctx))	278	if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1],
		279	mont, ctx))
290	goto err;	280	goto err;
291	wvalue1 = 0;	281	wvalue1 = 0;
292	r_is_one = 0;	282	r_is_one = 0;
293	}	283	}
294		284
295	if (wvalue2 && b == wpos2)	285	if (wvalue2 && b == wpos2) {
296	{
297	/* wvalue2 is odd and < 2^window2 */	286	/* wvalue2 is odd and < 2^window2 */
298	if (!BN_mod_mul_montgomery(r,r,val2[wvalue2>>1],mont,ctx))	287	if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1],
		288	mont, ctx))
299	goto err;	289	goto err;
300	wvalue2 = 0;	290	wvalue2 = 0;
301	r_is_one = 0;	291	r_is_one = 0;
302	}
303	}	292	}
304	if (!BN_from_montgomery(rr,r,mont,ctx))	293	}
		294	if (!BN_from_montgomery(rr, r,mont, ctx))
305	goto err;	295	goto err;
306	ret=1;	296	ret = 1;
		297
307	err:	298	err:
308	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);	299	if ((in_mont == NULL) && (mont != NULL))
		300	BN_MONT_CTX_free(mont);
309	BN_CTX_end(ctx);	301	BN_CTX_end(ctx);
310	bn_check_top(rr);	302	bn_check_top(rr);
311	return(ret);	303	return (ret);
312	}	304	}