diff options
Diffstat (limited to 'src/lib/libcrypto/bn/bn_exp2.c')
| -rw-r--r-- | src/lib/libcrypto/bn/bn_exp2.c | 56 |
1 files changed, 27 insertions, 29 deletions
diff --git a/src/lib/libcrypto/bn/bn_exp2.c b/src/lib/libcrypto/bn/bn_exp2.c index 73ccd58a83..b3f43cec8c 100644 --- a/src/lib/libcrypto/bn/bn_exp2.c +++ b/src/lib/libcrypto/bn/bn_exp2.c | |||
| @@ -120,10 +120,11 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, | |||
| 120 | BN_CTX *ctx, BN_MONT_CTX *in_mont) | 120 | BN_CTX *ctx, BN_MONT_CTX *in_mont) |
| 121 | { | 121 | { |
| 122 | int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2; | 122 | int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2; |
| 123 | int r_is_one=1,ts1=0,ts2=0; | 123 | int r_is_one=1; |
| 124 | BIGNUM *d,*r; | 124 | BIGNUM *d,*r; |
| 125 | const BIGNUM *a_mod_m; | 125 | const BIGNUM *a_mod_m; |
| 126 | BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE]; | 126 | /* Tables of variables obtained from 'ctx' */ |
| 127 | BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE]; | ||
| 127 | BN_MONT_CTX *mont=NULL; | 128 | BN_MONT_CTX *mont=NULL; |
| 128 | 129 | ||
| 129 | bn_check_top(a1); | 130 | bn_check_top(a1); |
| @@ -150,7 +151,9 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, | |||
| 150 | BN_CTX_start(ctx); | 151 | BN_CTX_start(ctx); |
| 151 | d = BN_CTX_get(ctx); | 152 | d = BN_CTX_get(ctx); |
| 152 | r = BN_CTX_get(ctx); | 153 | r = BN_CTX_get(ctx); |
| 153 | if (d == NULL || r == NULL) goto err; | 154 | val1[0] = BN_CTX_get(ctx); |
| 155 | val2[0] = BN_CTX_get(ctx); | ||
| 156 | if(!d || !r || !val1[0] || !val2[0]) goto err; | ||
| 154 | 157 | ||
| 155 | if (in_mont != NULL) | 158 | if (in_mont != NULL) |
| 156 | mont=in_mont; | 159 | mont=in_mont; |
| @@ -166,69 +169,67 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, | |||
| 166 | /* | 169 | /* |
| 167 | * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1) | 170 | * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1) |
| 168 | */ | 171 | */ |
| 169 | BN_init(&val1[0]); | ||
| 170 | ts1=1; | ||
| 171 | if (a1->neg || BN_ucmp(a1,m) >= 0) | 172 | if (a1->neg || BN_ucmp(a1,m) >= 0) |
| 172 | { | 173 | { |
| 173 | if (!BN_mod(&(val1[0]),a1,m,ctx)) | 174 | if (!BN_mod(val1[0],a1,m,ctx)) |
| 174 | goto err; | 175 | goto err; |
| 175 | a_mod_m = &(val1[0]); | 176 | a_mod_m = val1[0]; |
| 176 | } | 177 | } |
| 177 | else | 178 | else |
| 178 | a_mod_m = a1; | 179 | a_mod_m = a1; |
| 179 | if (BN_is_zero(a_mod_m)) | 180 | if (BN_is_zero(a_mod_m)) |
| 180 | { | 181 | { |
| 181 | ret = BN_zero(rr); | 182 | BN_zero(rr); |
| 183 | ret = 1; | ||
| 182 | goto err; | 184 | goto err; |
| 183 | } | 185 | } |
| 184 | 186 | ||
| 185 | if (!BN_to_montgomery(&(val1[0]),a_mod_m,mont,ctx)) goto err; | 187 | if (!BN_to_montgomery(val1[0],a_mod_m,mont,ctx)) goto err; |
| 186 | if (window1 > 1) | 188 | if (window1 > 1) |
| 187 | { | 189 | { |
| 188 | if (!BN_mod_mul_montgomery(d,&(val1[0]),&(val1[0]),mont,ctx)) goto err; | 190 | if (!BN_mod_mul_montgomery(d,val1[0],val1[0],mont,ctx)) goto err; |
| 189 | 191 | ||
| 190 | j=1<<(window1-1); | 192 | j=1<<(window1-1); |
| 191 | for (i=1; i<j; i++) | 193 | for (i=1; i<j; i++) |
| 192 | { | 194 | { |
| 193 | BN_init(&(val1[i])); | 195 | if(((val1[i] = BN_CTX_get(ctx)) == NULL) || |
| 194 | if (!BN_mod_mul_montgomery(&(val1[i]),&(val1[i-1]),d,mont,ctx)) | 196 | !BN_mod_mul_montgomery(val1[i],val1[i-1], |
| 197 | d,mont,ctx)) | ||
| 195 | goto err; | 198 | goto err; |
| 196 | } | 199 | } |
| 197 | ts1=i; | ||
| 198 | } | 200 | } |
| 199 | 201 | ||
| 200 | 202 | ||
| 201 | /* | 203 | /* |
| 202 | * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1) | 204 | * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1) |
| 203 | */ | 205 | */ |
| 204 | BN_init(&val2[0]); | ||
| 205 | ts2=1; | ||
| 206 | if (a2->neg || BN_ucmp(a2,m) >= 0) | 206 | if (a2->neg || BN_ucmp(a2,m) >= 0) |
| 207 | { | 207 | { |
| 208 | if (!BN_mod(&(val2[0]),a2,m,ctx)) | 208 | if (!BN_mod(val2[0],a2,m,ctx)) |
| 209 | goto err; | 209 | goto err; |
| 210 | a_mod_m = &(val2[0]); | 210 | a_mod_m = val2[0]; |
| 211 | } | 211 | } |
| 212 | else | 212 | else |
| 213 | a_mod_m = a2; | 213 | a_mod_m = a2; |
| 214 | if (BN_is_zero(a_mod_m)) | 214 | if (BN_is_zero(a_mod_m)) |
| 215 | { | 215 | { |
| 216 | ret = BN_zero(rr); | 216 | BN_zero(rr); |
| 217 | ret = 1; | ||
| 217 | goto err; | 218 | goto err; |
| 218 | } | 219 | } |
| 219 | if (!BN_to_montgomery(&(val2[0]),a_mod_m,mont,ctx)) goto err; | 220 | if (!BN_to_montgomery(val2[0],a_mod_m,mont,ctx)) goto err; |
| 220 | if (window2 > 1) | 221 | if (window2 > 1) |
| 221 | { | 222 | { |
| 222 | if (!BN_mod_mul_montgomery(d,&(val2[0]),&(val2[0]),mont,ctx)) goto err; | 223 | if (!BN_mod_mul_montgomery(d,val2[0],val2[0],mont,ctx)) goto err; |
| 223 | 224 | ||
| 224 | j=1<<(window2-1); | 225 | j=1<<(window2-1); |
| 225 | for (i=1; i<j; i++) | 226 | for (i=1; i<j; i++) |
| 226 | { | 227 | { |
| 227 | BN_init(&(val2[i])); | 228 | if(((val2[i] = BN_CTX_get(ctx)) == NULL) || |
| 228 | if (!BN_mod_mul_montgomery(&(val2[i]),&(val2[i-1]),d,mont,ctx)) | 229 | !BN_mod_mul_montgomery(val2[i],val2[i-1], |
| 230 | d,mont,ctx)) | ||
| 229 | goto err; | 231 | goto err; |
| 230 | } | 232 | } |
| 231 | ts2=i; | ||
| 232 | } | 233 | } |
| 233 | 234 | ||
| 234 | 235 | ||
| @@ -285,7 +286,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, | |||
| 285 | if (wvalue1 && b == wpos1) | 286 | if (wvalue1 && b == wpos1) |
| 286 | { | 287 | { |
| 287 | /* wvalue1 is odd and < 2^window1 */ | 288 | /* wvalue1 is odd and < 2^window1 */ |
| 288 | if (!BN_mod_mul_montgomery(r,r,&(val1[wvalue1>>1]),mont,ctx)) | 289 | if (!BN_mod_mul_montgomery(r,r,val1[wvalue1>>1],mont,ctx)) |
| 289 | goto err; | 290 | goto err; |
| 290 | wvalue1 = 0; | 291 | wvalue1 = 0; |
| 291 | r_is_one = 0; | 292 | r_is_one = 0; |
| @@ -294,7 +295,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, | |||
| 294 | if (wvalue2 && b == wpos2) | 295 | if (wvalue2 && b == wpos2) |
| 295 | { | 296 | { |
| 296 | /* wvalue2 is odd and < 2^window2 */ | 297 | /* wvalue2 is odd and < 2^window2 */ |
| 297 | if (!BN_mod_mul_montgomery(r,r,&(val2[wvalue2>>1]),mont,ctx)) | 298 | if (!BN_mod_mul_montgomery(r,r,val2[wvalue2>>1],mont,ctx)) |
| 298 | goto err; | 299 | goto err; |
| 299 | wvalue2 = 0; | 300 | wvalue2 = 0; |
| 300 | r_is_one = 0; | 301 | r_is_one = 0; |
| @@ -305,9 +306,6 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, | |||
| 305 | err: | 306 | err: |
| 306 | if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); | 307 | if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); |
| 307 | BN_CTX_end(ctx); | 308 | BN_CTX_end(ctx); |
| 308 | for (i=0; i<ts1; i++) | 309 | bn_check_top(rr); |
| 309 | BN_clear_free(&(val1[i])); | ||
| 310 | for (i=0; i<ts2; i++) | ||
| 311 | BN_clear_free(&(val2[i])); | ||
| 312 | return(ret); | 310 | return(ret); |
| 313 | } | 311 | } |