1 files changed, 18 insertions, 96 deletions
diff --git a/src/lib/libcrypto/bn/bn_gf2m.c b/src/lib/libcrypto/bn/bn_gf2m.c
index 8a4dc20ad9..432a3aa338 100644
--- a/src/lib/libcrypto/bn/bn_gf2m.c
+++ b/src/lib/libcrypto/bn/bn_gf2m.c
@@ -94,8 +94,6 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
-#ifndef OPENSSL_NO_EC2M
 /* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should fail. */
 #define MAX_ITERATIONS 50
@@ -124,7 +122,6 @@ static const BN_ULONG SQR_tb[16] =
    SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]
 #endif
-#if !defined(OPENSSL_BN_ASM_GF2m)
 /* Product of two polynomials a, b each with degree < BN_BITS2 - 1,
 * result is a polynomial r with degree < 2 * BN_BITS - 1
 * The caller MUST ensure that the variables have the right amount
@@ -219,9 +216,7 @@ static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, c
        r[2] ^= m1 ^ r[1] ^ r[3];  /* h0 ^= m1 ^ l1 ^ h1; */
        r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0;  /* l1 ^= l0 ^ h0 ^ m0; */
        }
-#else
-void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1, BN_ULONG b0);
-#endif 
 /* Add polynomials a and b and store result in r; r could be a or b, a and b 
 * could be equal; r is the bitwise XOR of a and b.
@@ -365,17 +360,21 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
 int     BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
        {
        int ret = 0;
-        int arr[6];
+        const int max = BN_num_bits(p) + 1;
+        int *arr=NULL;
        bn_check_top(a);
        bn_check_top(p);
-        ret = BN_GF2m_poly2arr(p, arr, sizeof(arr)/sizeof(arr[0]));
+        if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err;
-        if (!ret || ret > (int)(sizeof(arr)/sizeof(arr[0])))
+        ret = BN_GF2m_poly2arr(p, arr, max);
+        if (!ret || ret > max)
                {
                BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH);
-                return 0;
+                goto err;
                }
        ret = BN_GF2m_mod_arr(r, a, arr);
        bn_check_top(r);
+err:
+        if (arr) OPENSSL_free(arr);
        return ret;
        }
@@ -522,7 +521,7 @@ err:
 */
 int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        {
-        BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp;
+        BIGNUM *b, *c, *u, *v, *tmp;
        int ret = 0;
        bn_check_top(a);
@@ -530,17 +529,17 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        BN_CTX_start(ctx);
        
-        if ((b = BN_CTX_get(ctx))==NULL) goto err;
+        b = BN_CTX_get(ctx);
-        if ((c = BN_CTX_get(ctx))==NULL) goto err;
+        c = BN_CTX_get(ctx);
-        if ((u = BN_CTX_get(ctx))==NULL) goto err;
+        u = BN_CTX_get(ctx);
-        if ((v = BN_CTX_get(ctx))==NULL) goto err;
+        v = BN_CTX_get(ctx);
+        if (v == NULL) goto err;
+        if (!BN_one(b)) goto err;
        if (!BN_GF2m_mod(u, a, p)) goto err;
-        if (BN_is_zero(u)) goto err;
        if (!BN_copy(v, p)) goto err;
-#if 0
-        if (!BN_one(b)) goto err;
+        if (BN_is_zero(u)) goto err;
        while (1)
                {
@@ -566,89 +565,13 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                if (!BN_GF2m_add(u, u, v)) goto err;
                if (!BN_GF2m_add(b, b, c)) goto err;
                }
-#else
-        {
-        int i,  ubits = BN_num_bits(u),
-                vbits = BN_num_bits(v), /* v is copy of p */
-                top = p->top;
-        BN_ULONG *udp,*bdp,*vdp,*cdp;
-        bn_wexpand(u,top);      udp = u->d;
-                                for (i=u->top;i<top;i++) udp[i] = 0;
-                                u->top = top;
-        bn_wexpand(b,top);      bdp = b->d;
-                                bdp[0] = 1;
-                                for (i=1;i<top;i++) bdp[i] = 0;
-                                b->top = top;
-        bn_wexpand(c,top);      cdp = c->d;
-                                for (i=0;i<top;i++) cdp[i] = 0;
-                                c->top = top;
-        vdp = v->d;     /* It pays off to "cache" *->d pointers, because
-                         * it allows optimizer to be more aggressive.
-                         * But we don't have to "cache" p->d, because *p
-                         * is declared 'const'... */
-        while (1)
-                {
-                while (ubits && !(udp[0]&1))
-                        {
-                        BN_ULONG u0,u1,b0,b1,mask;
-                        u0   = udp[0];
-                        b0   = bdp[0];
-                        mask = (BN_ULONG)0-(b0&1);
-                        b0  ^= p->d[0]&mask;
-                        for (i=0;i<top-1;i++)
-                                {
-                                u1 = udp[i+1];
-                                udp[i] = ((u0>>1)|(u1<<(BN_BITS2-1)))&BN_MASK2;
-                                u0 = u1;
-                                b1 = bdp[i+1]^(p->d[i+1]&mask);
-                                bdp[i] = ((b0>>1)|(b1<<(BN_BITS2-1)))&BN_MASK2;
-                                b0 = b1;
-                                }
-                        udp[i] = u0>>1;
-                        bdp[i] = b0>>1;
-                        ubits--;
-                        }
-                if (ubits<=BN_BITS2 && udp[0]==1) break;
-                if (ubits<vbits)
-                        {
-                        i = ubits; ubits = vbits; vbits = i;
-                        tmp = u; u = v; v = tmp;
-                        tmp = b; b = c; c = tmp;
-                        udp = vdp; vdp = v->d;
-                        bdp = cdp; cdp = c->d;
-                        }
-                for(i=0;i<top;i++)
-                        {
-                        udp[i] ^= vdp[i];
-                        bdp[i] ^= cdp[i];
-                        }
-                if (ubits==vbits)
-                        {
-                        BN_ULONG ul;
-                        int utop = (ubits-1)/BN_BITS2;
-                        while ((ul=udp[utop])==0 && utop) utop--;
-                        ubits = utop*BN_BITS2 + BN_num_bits_word(ul);
-                        }
-                }
-        bn_correct_top(b);
-        }
-#endif
        if (!BN_copy(r, b)) goto err;
        bn_check_top(r);
        ret = 1;
 err:
-#ifdef BN_DEBUG /* BN_CTX_end would complain about the expanded form */
-        bn_correct_top(c);
-        bn_correct_top(u);
-        bn_correct_top(v);
-#endif
        BN_CTX_end(ctx);
        return ret;
        }
@@ -1110,4 +1033,3 @@ int BN_GF2m_arr2poly(const int p[], BIGNUM *a)
        return 1;
        }
-#endif

diff --git a/src/lib/libcrypto/bn/bn_gf2m.c b/src/lib/libcrypto/bn/bn_gf2m.c index 8a4dc20ad9..432a3aa338 100644 --- a/src/lib/libcrypto/bn/bn_gf2m.c +++ b/src/lib/libcrypto/bn/bn_gf2m.c
@@ -94,8 +94,6 @@
94	#include "cryptlib.h"	94	#include "cryptlib.h"
95	#include "bn_lcl.h"	95	#include "bn_lcl.h"
96		96
97	#ifndef OPENSSL_NO_EC2M
98
99	/* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should fail. */	97	/* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should fail. */
100	#define MAX_ITERATIONS 50	98	#define MAX_ITERATIONS 50
101		99
@@ -124,7 +122,6 @@ static const BN_ULONG SQR_tb[16] =
124	SQR_tb[(w) >> 4 & 0xF] << 8 \| SQR_tb[(w) & 0xF]	122	SQR_tb[(w) >> 4 & 0xF] << 8 \| SQR_tb[(w) & 0xF]
125	#endif	123	#endif
126		124
127	#if !defined(OPENSSL_BN_ASM_GF2m)
128	/* Product of two polynomials a, b each with degree < BN_BITS2 - 1,	125	/* Product of two polynomials a, b each with degree < BN_BITS2 - 1,
129	* result is a polynomial r with degree < 2 * BN_BITS - 1	126	* result is a polynomial r with degree < 2 * BN_BITS - 1
130	* The caller MUST ensure that the variables have the right amount	127	* The caller MUST ensure that the variables have the right amount
@@ -219,9 +216,7 @@ static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, c
219	r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */	216	r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */
220	r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */	217	r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */
221	}	218	}
222	#else	219
223	void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1, BN_ULONG b0);
224	#endif
225		220
226	/* Add polynomials a and b and store result in r; r could be a or b, a and b	221	/* Add polynomials a and b and store result in r; r could be a or b, a and b
227	* could be equal; r is the bitwise XOR of a and b.	222	* could be equal; r is the bitwise XOR of a and b.
@@ -365,17 +360,21 @@ int BN_GF2m_mod_arr(BIGNUM r, const BIGNUM a, const int p[])
365	int BN_GF2m_mod(BIGNUM r, const BIGNUM a, const BIGNUM *p)	360	int BN_GF2m_mod(BIGNUM r, const BIGNUM a, const BIGNUM *p)
366	{	361	{
367	int ret = 0;	362	int ret = 0;
368	int arr[6];	363	const int max = BN_num_bits(p) + 1;
		364	int *arr=NULL;
369	bn_check_top(a);	365	bn_check_top(a);
370	bn_check_top(p);	366	bn_check_top(p);
371	ret = BN_GF2m_poly2arr(p, arr, sizeof(arr)/sizeof(arr[0]));	367	if ((arr = (int )OPENSSL_malloc(sizeof(int) max)) == NULL) goto err;
372	if (!ret \|\| ret > (int)(sizeof(arr)/sizeof(arr[0])))	368	ret = BN_GF2m_poly2arr(p, arr, max);
		369	if (!ret \|\| ret > max)
373	{	370	{
374	BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH);	371	BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH);
375	return 0;	372	goto err;
376	}	373	}
377	ret = BN_GF2m_mod_arr(r, a, arr);	374	ret = BN_GF2m_mod_arr(r, a, arr);
378	bn_check_top(r);	375	bn_check_top(r);
		376	err:
		377	if (arr) OPENSSL_free(arr);
379	return ret;	378	return ret;
380	}	379	}
381		380
@@ -522,7 +521,7 @@ err:
522	*/	521	*/
523	int BN_GF2m_mod_inv(BIGNUM r, const BIGNUM a, const BIGNUM p, BN_CTX ctx)	522	int BN_GF2m_mod_inv(BIGNUM r, const BIGNUM a, const BIGNUM p, BN_CTX ctx)
524	{	523	{
525	BIGNUM b, c = NULL, u = NULL, v = NULL, *tmp;	524	BIGNUM b, c, u, v, *tmp;
526	int ret = 0;	525	int ret = 0;
527		526
528	bn_check_top(a);	527	bn_check_top(a);
@@ -530,17 +529,17 @@ int BN_GF2m_mod_inv(BIGNUM r, const BIGNUM a, const BIGNUM p, BN_CTX ctx)
530		529
531	BN_CTX_start(ctx);	530	BN_CTX_start(ctx);
532		531
533	if ((b = BN_CTX_get(ctx))==NULL) goto err;	532	b = BN_CTX_get(ctx);
534	if ((c = BN_CTX_get(ctx))==NULL) goto err;	533	c = BN_CTX_get(ctx);
535	if ((u = BN_CTX_get(ctx))==NULL) goto err;	534	u = BN_CTX_get(ctx);
536	if ((v = BN_CTX_get(ctx))==NULL) goto err;	535	v = BN_CTX_get(ctx);
		536	if (v == NULL) goto err;
537		537
		538	if (!BN_one(b)) goto err;
538	if (!BN_GF2m_mod(u, a, p)) goto err;	539	if (!BN_GF2m_mod(u, a, p)) goto err;
539	if (BN_is_zero(u)) goto err;
540
541	if (!BN_copy(v, p)) goto err;	540	if (!BN_copy(v, p)) goto err;
542	#if 0	541
543	if (!BN_one(b)) goto err;	542	if (BN_is_zero(u)) goto err;
544		543
545	while (1)	544	while (1)
546	{	545	{
@@ -566,89 +565,13 @@ int BN_GF2m_mod_inv(BIGNUM r, const BIGNUM a, const BIGNUM p, BN_CTX ctx)
566	if (!BN_GF2m_add(u, u, v)) goto err;	565	if (!BN_GF2m_add(u, u, v)) goto err;
567	if (!BN_GF2m_add(b, b, c)) goto err;	566	if (!BN_GF2m_add(b, b, c)) goto err;
568	}	567	}
569	#else
570	{
571	int i, ubits = BN_num_bits(u),
572	vbits = BN_num_bits(v), /* v is copy of p */
573	top = p->top;
574	BN_ULONG udp,bdp,vdp,cdp;
575
576	bn_wexpand(u,top); udp = u->d;
577	for (i=u->top;i<top;i++) udp[i] = 0;
578	u->top = top;
579	bn_wexpand(b,top); bdp = b->d;
580	bdp[0] = 1;
581	for (i=1;i<top;i++) bdp[i] = 0;
582	b->top = top;
583	bn_wexpand(c,top); cdp = c->d;
584	for (i=0;i<top;i++) cdp[i] = 0;
585	c->top = top;
586	vdp = v->d; /* It pays off to "cache" *->d pointers, because
587	* it allows optimizer to be more aggressive.
588	* But we don't have to "cache" p->d, because *p
589	* is declared 'const'... */
590	while (1)
591	{
592	while (ubits && !(udp[0]&1))
593	{
594	BN_ULONG u0,u1,b0,b1,mask;
595
596	u0 = udp[0];
597	b0 = bdp[0];
598	mask = (BN_ULONG)0-(b0&1);
599	b0 ^= p->d[0]&mask;
600	for (i=0;i<top-1;i++)
601	{
602	u1 = udp[i+1];
603	udp[i] = ((u0>>1)\|(u1<<(BN_BITS2-1)))&BN_MASK2;
604	u0 = u1;
605	b1 = bdp[i+1]^(p->d[i+1]&mask);
606	bdp[i] = ((b0>>1)\|(b1<<(BN_BITS2-1)))&BN_MASK2;
607	b0 = b1;
608	}
609	udp[i] = u0>>1;
610	bdp[i] = b0>>1;
611	ubits--;
612	}
613		568
614	if (ubits<=BN_BITS2 && udp[0]==1) break;
615
616	if (ubits<vbits)
617	{
618	i = ubits; ubits = vbits; vbits = i;
619	tmp = u; u = v; v = tmp;
620	tmp = b; b = c; c = tmp;
621	udp = vdp; vdp = v->d;
622	bdp = cdp; cdp = c->d;
623	}
624	for(i=0;i<top;i++)
625	{
626	udp[i] ^= vdp[i];
627	bdp[i] ^= cdp[i];
628	}
629	if (ubits==vbits)
630	{
631	BN_ULONG ul;
632	int utop = (ubits-1)/BN_BITS2;
633
634	while ((ul=udp[utop])==0 && utop) utop--;
635	ubits = utop*BN_BITS2 + BN_num_bits_word(ul);
636	}
637	}
638	bn_correct_top(b);
639	}
640	#endif
641		569
642	if (!BN_copy(r, b)) goto err;	570	if (!BN_copy(r, b)) goto err;
643	bn_check_top(r);	571	bn_check_top(r);
644	ret = 1;	572	ret = 1;
645		573
646	err:	574	err:
647	#ifdef BN_DEBUG /* BN_CTX_end would complain about the expanded form */
648	bn_correct_top(c);
649	bn_correct_top(u);
650	bn_correct_top(v);
651	#endif
652	BN_CTX_end(ctx);	575	BN_CTX_end(ctx);
653	return ret;	576	return ret;
654	}	577	}
@@ -1110,4 +1033,3 @@ int BN_GF2m_arr2poly(const int p[], BIGNUM *a)
1110	return 1;	1033	return 1;
1111	}	1034	}
1112		1035
1113	#endif