1 files changed, 114 insertions, 0 deletions
diff --git a/src/lib/libcrypto/bn/bn_mod_words.c b/src/lib/libcrypto/bn/bn_mod_words.c
new file mode 100644
index 0000000000..d9aee8701a
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_mod_words.c
@@ -0,0 +1,114 @@
+/*      $OpenBSD: bn_mod_words.c,v 1.3 2025/08/05 15:15:54 jsing Exp $  */
+/*
+ * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include "bn_local.h"
+#include "bn_internal.h"
+/*
+ * bn_mod_add_words() computes r[] = (a[] + b[]) mod m[], where a, b, r and
+ * m are arrays of words with length n (r may be the same as a or b).
+ */
+#ifndef HAVE_BN_MOD_ADD_WORDS
+void
+bn_mod_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+    const BN_ULONG *m, size_t n)
+{
+        BN_ULONG carry, mask;
+        /*
+         * Compute a + b, then compute r - m to determine if r >= m, considering
+         * any carry that resulted from the addition. Finally complete a
+         * conditional subtraction of r - m.
+         */
+        /* XXX - change bn_add_words to use size_t. */
+        carry = bn_add_words(r, a, b, n);
+        mask = ~(carry - bn_sub_words_borrow(r, m, n));
+        bn_sub_words_masked(r, r, m, mask, n);
+}
+#endif
+/*
+ * bn_mod_sub_words() computes r[] = (a[] - b[]) mod m[], where a, b, r and
+ * m are arrays of words with length n (r may be the same as a or b).
+ */
+#ifndef HAVE_BN_MOD_SUB_WORDS
+void
+bn_mod_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+    const BN_ULONG *m, size_t n)
+{
+        BN_ULONG borrow, mask;
+        /*
+         * Compute a - b, then complete a conditional addition of r + m
+         * based on the resulting borrow.
+         */
+        /* XXX - change bn_sub_words to use size_t. */
+        borrow = bn_sub_words(r, a, b, n);
+        mask = (0 - borrow);
+        bn_add_words_masked(r, r, m, mask, n);
+}
+#endif
+/*
+ * bn_mod_mul_words() computes r[] = (a[] * b[]) mod m[], where a, b, r and
+ * m are arrays of words with length n (r may be the same as a or b) in the
+ * Montgomery domain. The result remains in the Montgomery domain.
+ */
+#ifndef HAVE_BN_MOD_MUL_WORDS
+void
+bn_mod_mul_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+    const BN_ULONG *m, BN_ULONG *t, BN_ULONG m0, size_t n)
+{
+        if (n == 4) {
+                bn_mul_comba4(t, a, b);
+                bn_montgomery_reduce_words(r, t, m, m0, n);
+        } else if (n == 6) {
+                bn_mul_comba6(t, a, b);
+                bn_montgomery_reduce_words(r, t, m, m0, n);
+        } else if (n == 8) {
+                bn_mul_comba8(t, a, b);
+                bn_montgomery_reduce_words(r, t, m, m0, n);
+        } else {
+                bn_montgomery_multiply_words(r, a, b, m, t, m0, n);
+        }
+}
+#endif
+/*
+ * bn_mod_sqr_words() computes r[] = (a[] * a[]) mod m[], where a, r and
+ * m are arrays of words with length n (r may be the same as a) in the
+ * Montgomery domain. The result remains in the Montgomery domain.
+ */
+#ifndef HAVE_BN_MOD_SQR_WORDS
+void
+bn_mod_sqr_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *m,
+    BN_ULONG *t, BN_ULONG m0, size_t n)
+{
+        if (n == 4) {
+                bn_sqr_comba4(t, a);
+                bn_montgomery_reduce_words(r, t, m, m0, n);
+        } else if (n == 6) {
+                bn_sqr_comba6(t, a);
+                bn_montgomery_reduce_words(r, t, m, m0, n);
+        } else if (n == 8) {
+                bn_sqr_comba8(t, a);
+                bn_montgomery_reduce_words(r, t, m, m0, n);
+        } else {
+                bn_montgomery_multiply_words(r, a, a, m, t, m0, n);
+        }
+}
+#endif

diff --git a/src/lib/libcrypto/bn/bn_mod_words.c b/src/lib/libcrypto/bn/bn_mod_words.c new file mode 100644 index 0000000000..d9aee8701a --- /dev/null +++ b/src/lib/libcrypto/bn/bn_mod_words.c
@@ -0,0 +1,114 @@
	1	/* $OpenBSD: bn_mod_words.c,v 1.3 2025/08/05 15:15:54 jsing Exp $ */
	2	/*
	3	* Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
	18	#include "bn_local.h"
	19	#include "bn_internal.h"
	20
	21	/*
	22	* bn_mod_add_words() computes r[] = (a[] + b[]) mod m[], where a, b, r and
	23	* m are arrays of words with length n (r may be the same as a or b).
	24	*/
	25	#ifndef HAVE_BN_MOD_ADD_WORDS
	26	void
	27	bn_mod_add_words(BN_ULONG r, const BN_ULONG a, const BN_ULONG *b,
	28	const BN_ULONG *m, size_t n)
	29	{
	30	BN_ULONG carry, mask;
	31
	32	/*
	33	* Compute a + b, then compute r - m to determine if r >= m, considering
	34	* any carry that resulted from the addition. Finally complete a
	35	* conditional subtraction of r - m.
	36	*/
	37	/* XXX - change bn_add_words to use size_t. */
	38	carry = bn_add_words(r, a, b, n);
	39	mask = ~(carry - bn_sub_words_borrow(r, m, n));
	40	bn_sub_words_masked(r, r, m, mask, n);
	41	}
	42	#endif
	43
	44	/*
	45	* bn_mod_sub_words() computes r[] = (a[] - b[]) mod m[], where a, b, r and
	46	* m are arrays of words with length n (r may be the same as a or b).
	47	*/
	48	#ifndef HAVE_BN_MOD_SUB_WORDS
	49	void
	50	bn_mod_sub_words(BN_ULONG r, const BN_ULONG a, const BN_ULONG *b,
	51	const BN_ULONG *m, size_t n)
	52	{
	53	BN_ULONG borrow, mask;
	54
	55	/*
	56	* Compute a - b, then complete a conditional addition of r + m
	57	* based on the resulting borrow.
	58	*/
	59	/* XXX - change bn_sub_words to use size_t. */
	60	borrow = bn_sub_words(r, a, b, n);
	61	mask = (0 - borrow);
	62	bn_add_words_masked(r, r, m, mask, n);
	63	}
	64	#endif
	65
	66	/*
	67	* bn_mod_mul_words() computes r[] = (a[] * b[]) mod m[], where a, b, r and
	68	* m are arrays of words with length n (r may be the same as a or b) in the
	69	* Montgomery domain. The result remains in the Montgomery domain.
	70	*/
	71	#ifndef HAVE_BN_MOD_MUL_WORDS
	72	void
	73	bn_mod_mul_words(BN_ULONG r, const BN_ULONG a, const BN_ULONG *b,
	74	const BN_ULONG m, BN_ULONG t, BN_ULONG m0, size_t n)
	75	{
	76	if (n == 4) {
	77	bn_mul_comba4(t, a, b);
	78	bn_montgomery_reduce_words(r, t, m, m0, n);
	79	} else if (n == 6) {
	80	bn_mul_comba6(t, a, b);
	81	bn_montgomery_reduce_words(r, t, m, m0, n);
	82	} else if (n == 8) {
	83	bn_mul_comba8(t, a, b);
	84	bn_montgomery_reduce_words(r, t, m, m0, n);
	85	} else {
	86	bn_montgomery_multiply_words(r, a, b, m, t, m0, n);
	87	}
	88	}
	89	#endif
	90
	91	/*
	92	* bn_mod_sqr_words() computes r[] = (a[] * a[]) mod m[], where a, r and
	93	* m are arrays of words with length n (r may be the same as a) in the
	94	* Montgomery domain. The result remains in the Montgomery domain.
	95	*/
	96	#ifndef HAVE_BN_MOD_SQR_WORDS
	97	void
	98	bn_mod_sqr_words(BN_ULONG r, const BN_ULONG a, const BN_ULONG *m,
	99	BN_ULONG *t, BN_ULONG m0, size_t n)
	100	{
	101	if (n == 4) {
	102	bn_sqr_comba4(t, a);
	103	bn_montgomery_reduce_words(r, t, m, m0, n);
	104	} else if (n == 6) {
	105	bn_sqr_comba6(t, a);
	106	bn_montgomery_reduce_words(r, t, m, m0, n);
	107	} else if (n == 8) {
	108	bn_sqr_comba8(t, a);
	109	bn_montgomery_reduce_words(r, t, m, m0, n);
	110	} else {
	111	bn_montgomery_multiply_words(r, a, a, m, t, m0, n);
	112	}
	113	}
	114	#endif