1 files changed, 0 insertions, 802 deletions
diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c
deleted file mode 100644
index 3ae3822bc2..0000000000
--- a/src/lib/libcrypto/bn/bn_mul.c
+++ /dev/null
@@ -1,802 +0,0 @@
-/* crypto/bn/bn_mul.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-#ifdef BN_RECURSION
-/* Karatsuba recursive multiplication algorithm
- * (cf. Knuth, The Art of Computer Programming, Vol. 2) */
-/* r is 2*n2 words in size,
- * a and b are both n2 words in size.
- * n2 must be a power of 2.
- * We multiply and return the result.
- * t must be 2*n2 words in size
- * We calculate
- * a[0]*b[0]
- * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
- * a[1]*b[1]
- */
-void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-             BN_ULONG *t)
-        {
-        int n=n2/2,c1,c2;
-        unsigned int neg,zero;
-        BN_ULONG ln,lo,*p;
-# ifdef BN_COUNT
-        printf(" bn_mul_recursive %d * %d\n",n2,n2);
-# endif
-# ifdef BN_MUL_COMBA
-#  if 0
-        if (n2 == 4)
-                {
-                bn_mul_comba4(r,a,b);
-                return;
-                }
-#  endif
-        if (n2 == 8)
-                {
-                bn_mul_comba8(r,a,b);
-                return; 
-                }
-# endif /* BN_MUL_COMBA */
-        if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
-                {
-                /* This should not happen */
-                bn_mul_normal(r,a,n2,b,n2);
-                return;
-                }
-        /* r=(a[0]-a[1])*(b[1]-b[0]) */
-        c1=bn_cmp_words(a,&(a[n]),n);
-        c2=bn_cmp_words(&(b[n]),b,n);
-        zero=neg=0;
-        switch (c1*3+c2)
-                {
-        case -4:
-                bn_sub_words(t,      &(a[n]),a,      n); /* - */
-                bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
-                break;
-        case -3:
-                zero=1;
-                break;
-        case -2:
-                bn_sub_words(t,      &(a[n]),a,      n); /* - */
-                bn_sub_words(&(t[n]),&(b[n]),b,      n); /* + */
-                neg=1;
-                break;
-        case -1:
-        case 0:
-        case 1:
-                zero=1;
-                break;
-        case 2:
-                bn_sub_words(t,      a,      &(a[n]),n); /* + */
-                bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
-                neg=1;
-                break;
-        case 3:
-                zero=1;
-                break;
-        case 4:
-                bn_sub_words(t,      a,      &(a[n]),n);
-                bn_sub_words(&(t[n]),&(b[n]),b,      n);
-                break;
-                }
-# ifdef BN_MUL_COMBA
-        if (n == 4)
-                {
-                if (!zero)
-                        bn_mul_comba4(&(t[n2]),t,&(t[n]));
-                else
-                        memset(&(t[n2]),0,8*sizeof(BN_ULONG));
-                
-                bn_mul_comba4(r,a,b);
-                bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n]));
-                }
-        else if (n == 8)
-                {
-                if (!zero)
-                        bn_mul_comba8(&(t[n2]),t,&(t[n]));
-                else
-                        memset(&(t[n2]),0,16*sizeof(BN_ULONG));
-                
-                bn_mul_comba8(r,a,b);
-                bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
-                }
-        else
-# endif /* BN_MUL_COMBA */
-                {
-                p= &(t[n2*2]);
-                if (!zero)
-                        bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
-                else
-                        memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
-                bn_mul_recursive(r,a,b,n,p);
-                bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p);
-                }
-        /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
-         * r[10] holds (a[0]*b[0])
-         * r[32] holds (b[1]*b[1])
-         */
-        c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
-        if (neg) /* if t[32] is negative */
-                {
-                c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
-                }
-        else
-                {
-                /* Might have a carry */
-                c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
-                }
-        /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
-         * r[10] holds (a[0]*b[0])
-         * r[32] holds (b[1]*b[1])
-         * c1 holds the carry bits
-         */
-        c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
-        if (c1)
-                {
-                p= &(r[n+n2]);
-                lo= *p;
-                ln=(lo+c1)&BN_MASK2;
-                *p=ln;
-                /* The overflow will stop before we over write
-                 * words we should not overwrite */
-                if (ln < (BN_ULONG)c1)
-                        {
-                        do      {
-                                p++;
-                                lo= *p;
-                                ln=(lo+1)&BN_MASK2;
-                                *p=ln;
-                                } while (ln == 0);
-                        }
-                }
-        }
-/* n+tn is the word length
- * t needs to be n*4 is size, as does r */
-void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
-             int n, BN_ULONG *t)
-        {
-        int i,j,n2=n*2;
-        int c1,c2,neg,zero;
-        BN_ULONG ln,lo,*p;
-# ifdef BN_COUNT
-        printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
-# endif
-        if (n < 8)
-                {
-                i=tn+n;
-                bn_mul_normal(r,a,i,b,i);
-                return;
-                }
-        /* r=(a[0]-a[1])*(b[1]-b[0]) */
-        c1=bn_cmp_words(a,&(a[n]),n);
-        c2=bn_cmp_words(&(b[n]),b,n);
-        zero=neg=0;
-        switch (c1*3+c2)
-                {
-        case -4:
-                bn_sub_words(t,      &(a[n]),a,      n); /* - */
-                bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
-                break;
-        case -3:
-                zero=1;
-                /* break; */
-        case -2:
-                bn_sub_words(t,      &(a[n]),a,      n); /* - */
-                bn_sub_words(&(t[n]),&(b[n]),b,      n); /* + */
-                neg=1;
-                break;
-        case -1:
-        case 0:
-        case 1:
-                zero=1;
-                /* break; */
-        case 2:
-                bn_sub_words(t,      a,      &(a[n]),n); /* + */
-                bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
-                neg=1;
-                break;
-        case 3:
-                zero=1;
-                /* break; */
-        case 4:
-                bn_sub_words(t,      a,      &(a[n]),n);
-                bn_sub_words(&(t[n]),&(b[n]),b,      n);
-                break;
-                }
-                /* The zero case isn't yet implemented here. The speedup
-                   would probably be negligible. */
-# if 0
-        if (n == 4)
-                {
-                bn_mul_comba4(&(t[n2]),t,&(t[n]));
-                bn_mul_comba4(r,a,b);
-                bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
-                memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
-                }
-        else
-# endif
-        if (n == 8)
-                {
-                bn_mul_comba8(&(t[n2]),t,&(t[n]));
-                bn_mul_comba8(r,a,b);
-                bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
-                memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
-                }
-        else
-                {
-                p= &(t[n2*2]);
-                bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
-                bn_mul_recursive(r,a,b,n,p);
-                i=n/2;
-                /* If there is only a bottom half to the number,
-                 * just do it */
-                j=tn-i;
-                if (j == 0)
-                        {
-                        bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p);
-                        memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
-                        }
-                else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
-                                {
-                                bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
-                                        j,i,p);
-                                memset(&(r[n2+tn*2]),0,
-                                        sizeof(BN_ULONG)*(n2-tn*2));
-                                }
-                else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
-                        {
-                        memset(&(r[n2]),0,sizeof(BN_ULONG)*n2);
-                        if (tn < BN_MUL_RECURSIVE_SIZE_NORMAL)
-                                {
-                                bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
-                                }
-                        else
-                                {
-                                for (;;)
-                                        {
-                                        i/=2;
-                                        if (i < tn)
-                                                {
-                                                bn_mul_part_recursive(&(r[n2]),
-                                                        &(a[n]),&(b[n]),
-                                                        tn-i,i,p);
-                                                break;
-                                                }
-                                        else if (i == tn)
-                                                {
-                                                bn_mul_recursive(&(r[n2]),
-                                                        &(a[n]),&(b[n]),
-                                                        i,p);
-                                                break;
-                                                }
-                                        }
-                                }
-                        }
-                }
-        /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
-         * r[10] holds (a[0]*b[0])
-         * r[32] holds (b[1]*b[1])
-         */
-        c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
-        if (neg) /* if t[32] is negative */
-                {
-                c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
-                }
-        else
-                {
-                /* Might have a carry */
-                c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
-                }
-        /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
-         * r[10] holds (a[0]*b[0])
-         * r[32] holds (b[1]*b[1])
-         * c1 holds the carry bits
-         */
-        c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
-        if (c1)
-                {
-                p= &(r[n+n2]);
-                lo= *p;
-                ln=(lo+c1)&BN_MASK2;
-                *p=ln;
-                /* The overflow will stop before we over write
-                 * words we should not overwrite */
-                if (ln < (BN_ULONG)c1)
-                        {
-                        do      {
-                                p++;
-                                lo= *p;
-                                ln=(lo+1)&BN_MASK2;
-                                *p=ln;
-                                } while (ln == 0);
-                        }
-                }
-        }
-/* a and b must be the same size, which is n2.
- * r needs to be n2 words and t needs to be n2*2
- */
-void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-             BN_ULONG *t)
-        {
-        int n=n2/2;
-# ifdef BN_COUNT
-        printf(" bn_mul_low_recursive %d * %d\n",n2,n2);
-# endif
-        bn_mul_recursive(r,a,b,n,&(t[0]));
-        if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
-                {
-                bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
-                bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
-                bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));
-                bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
-                }
-        else
-                {
-                bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);
-                bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
-                bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
-                bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
-                }
-        }
-/* a and b must be the same size, which is n2.
- * r needs to be n2 words and t needs to be n2*2
- * l is the low words of the output.
- * t needs to be n2*3
- */
-void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
-             BN_ULONG *t)
-        {
-        int i,n;
-        int c1,c2;
-        int neg,oneg,zero;
-        BN_ULONG ll,lc,*lp,*mp;
-# ifdef BN_COUNT
-        printf(" bn_mul_high %d * %d\n",n2,n2);
-# endif
-        n=n2/2;
-        /* Calculate (al-ah)*(bh-bl) */
-        neg=zero=0;
-        c1=bn_cmp_words(&(a[0]),&(a[n]),n);
-        c2=bn_cmp_words(&(b[n]),&(b[0]),n);
-        switch (c1*3+c2)
-                {
-        case -4:
-                bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
-                bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
-                break;
-        case -3:
-                zero=1;
-                break;
-        case -2:
-                bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
-                bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
-                neg=1;
-                break;
-        case -1:
-        case 0:
-        case 1:
-                zero=1;
-                break;
-        case 2:
-                bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
-                bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
-                neg=1;
-                break;
-        case 3:
-                zero=1;
-                break;
-        case 4:
-                bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
-                bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
-                break;
-                }
-                
-        oneg=neg;
-        /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
-        /* r[10] = (a[1]*b[1]) */
-# ifdef BN_MUL_COMBA
-        if (n == 8)
-                {
-                bn_mul_comba8(&(t[0]),&(r[0]),&(r[n]));
-                bn_mul_comba8(r,&(a[n]),&(b[n]));
-                }
-        else
-# endif
-                {
-                bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2]));
-                bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2]));
-                }
-        /* s0 == low(al*bl)
-         * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
-         * We know s0 and s1 so the only unknown is high(al*bl)
-         * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
-         * high(al*bl) == s1 - (r[0]+l[0]+t[0])
-         */
-        if (l != NULL)
-                {
-                lp= &(t[n2+n]);
-                c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n));
-                }
-        else
-                {
-                c1=0;
-                lp= &(r[0]);
-                }
-        if (neg)
-                neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n));
-        else
-                {
-                bn_add_words(&(t[n2]),lp,&(t[0]),n);
-                neg=0;
-                }
-        if (l != NULL)
-                {
-                bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);
-                }
-        else
-                {
-                lp= &(t[n2+n]);
-                mp= &(t[n2]);
-                for (i=0; i<n; i++)
-                        lp[i]=((~mp[i])+1)&BN_MASK2;
-                }
-        /* s[0] = low(al*bl)
-         * t[3] = high(al*bl)
-         * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
-         * r[10] = (a[1]*b[1])
-         */
-        /* R[10] = al*bl
-         * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
-         * R[32] = ah*bh
-         */
-        /* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
-         * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
-         * R[3]=r[1]+(carry/borrow)
-         */
-        if (l != NULL)
-                {
-                lp= &(t[n2]);
-                c1= (int)(bn_add_words(lp,&(t[n2+n]),&(l[0]),n));
-                }
-        else
-                {
-                lp= &(t[n2+n]);
-                c1=0;
-                }
-        c1+=(int)(bn_add_words(&(t[n2]),lp,  &(r[0]),n));
-        if (oneg)
-                c1-=(int)(bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n));
-        else
-                c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n));
-        c2 =(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n));
-        c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(r[n]),n));
-        if (oneg)
-                c2-=(int)(bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n));
-        else
-                c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n]),n));
-        
-        if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */
-                {
-                i=0;
-                if (c1 > 0)
-                        {
-                        lc=c1;
-                        do      {
-                                ll=(r[i]+lc)&BN_MASK2;
-                                r[i++]=ll;
-                                lc=(lc > ll);
-                                } while (lc);
-                        }
-                else
-                        {
-                        lc= -c1;
-                        do      {
-                                ll=r[i];
-                                r[i++]=(ll-lc)&BN_MASK2;
-                                lc=(lc > ll);
-                                } while (lc);
-                        }
-                }
-        if (c2 != 0) /* Add starting at r[1] */
-                {
-                i=n;
-                if (c2 > 0)
-                        {
-                        lc=c2;
-                        do      {
-                                ll=(r[i]+lc)&BN_MASK2;
-                                r[i++]=ll;
-                                lc=(lc > ll);
-                                } while (lc);
-                        }
-                else
-                        {
-                        lc= -c2;
-                        do      {
-                                ll=r[i];
-                                r[i++]=(ll-lc)&BN_MASK2;
-                                lc=(lc > ll);
-                                } while (lc);
-                        }
-                }
-        }
-#endif /* BN_RECURSION */
-int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-        {
-        int top,al,bl;
-        BIGNUM *rr;
-        int ret = 0;
-#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
-        int i;
-#endif
-#ifdef BN_RECURSION
-        BIGNUM *t;
-        int j,k;
-#endif
-#ifdef BN_COUNT
-        printf("BN_mul %d * %d\n",a->top,b->top);
-#endif
-        bn_check_top(a);
-        bn_check_top(b);
-        bn_check_top(r);
-        al=a->top;
-        bl=b->top;
-        if ((al == 0) || (bl == 0))
-                {
-                if (!BN_zero(r)) goto err;
-                return(1);
-                }
-        top=al+bl;
-        BN_CTX_start(ctx);
-        if ((r == a) || (r == b))
-                {
-                if ((rr = BN_CTX_get(ctx)) == NULL) goto err;
-                }
-        else
-                rr = r;
-        rr->neg=a->neg^b->neg;
-#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
-        i = al-bl;
-#endif
-#ifdef BN_MUL_COMBA
-        if (i == 0)
-                {
-# if 0
-                if (al == 4)
-                        {
-                        if (bn_wexpand(rr,8) == NULL) goto err;
-                        rr->top=8;
-                        bn_mul_comba4(rr->d,a->d,b->d);
-                        goto end;
-                        }
-# endif
-                if (al == 8)
-                        {
-                        if (bn_wexpand(rr,16) == NULL) goto err;
-                        rr->top=16;
-                        bn_mul_comba8(rr->d,a->d,b->d);
-                        goto end;
-                        }
-                }
-#endif /* BN_MUL_COMBA */
-#ifdef BN_RECURSION
-        if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL))
-                {
-                if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA) && bl<b->dmax)
-                        {
-#if 0   /* tribute to const-ification, bl<b->dmax above covers for this */
-                        if (bn_wexpand(b,al) == NULL) goto err;
-#endif
-                        b->d[bl]=0;
-                        bl++;
-                        i--;
-                        }
-                else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA) && al<a->dmax)
-                        {
-#if 0   /* tribute to const-ification, al<a->dmax above covers for this */
-                        if (bn_wexpand(a,bl) == NULL) goto err;
-#endif
-                        a->d[al]=0;
-                        al++;
-                        i++;
-                        }
-                if (i == 0)
-                        {
-                        /* symmetric and > 4 */
-                        /* 16 or larger */
-                        j=BN_num_bits_word((BN_ULONG)al);
-                        j=1<<(j-1);
-                        k=j+j;
-                        t = BN_CTX_get(ctx);
-                        if (al == j) /* exact multiple */
-                                {
-                                if (bn_wexpand(t,k*2) == NULL) goto err;
-                                if (bn_wexpand(rr,k*2) == NULL) goto err;
-                                bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
-                                rr->top=top;
-                                goto end;
-                                }
-#if 0   /* tribute to const-ification, rsa/dsa performance is not affected */
-                        else
-                                {
-                                if (bn_wexpand(a,k) == NULL ) goto err;
-                                if (bn_wexpand(b,k) == NULL ) goto err;
-                                if (bn_wexpand(t,k*4) == NULL ) goto err;
-                                if (bn_wexpand(rr,k*4) == NULL ) goto err;
-                                for (i=a->top; i<k; i++)
-                                        a->d[i]=0;
-                                for (i=b->top; i<k; i++)
-                                        b->d[i]=0;
-                                bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
-                                }
-                        rr->top=top;
-                        goto end;
-#endif
-                        }
-                }
-#endif /* BN_RECURSION */
-        if (bn_wexpand(rr,top) == NULL) goto err;
-        rr->top=top;
-        bn_mul_normal(rr->d,a->d,al,b->d,bl);
-#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
-end:
-#endif
-        bn_fix_top(rr);
-        if (r != rr) BN_copy(r,rr);
-        ret=1;
-err:
-        BN_CTX_end(ctx);
-        return(ret);
-        }
-void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
-        {
-        BN_ULONG *rr;
-#ifdef BN_COUNT
-        printf(" bn_mul_normal %d * %d\n",na,nb);
-#endif
-        if (na < nb)
-                {
-                int itmp;
-                BN_ULONG *ltmp;
-                itmp=na; na=nb; nb=itmp;
-                ltmp=a;   a=b;   b=ltmp;
-                }
-        rr= &(r[na]);
-        rr[0]=bn_mul_words(r,a,na,b[0]);
-        for (;;)
-                {
-                if (--nb <= 0) return;
-                rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
-                if (--nb <= 0) return;
-                rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
-                if (--nb <= 0) return;
-                rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
-                if (--nb <= 0) return;
-                rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
-                rr+=4;
-                r+=4;
-                b+=4;
-                }
-        }
-void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-        {
-#ifdef BN_COUNT
-        printf(" bn_mul_low_normal %d * %d\n",n,n);
-#endif
-        bn_mul_words(r,a,n,b[0]);
-        for (;;)
-                {
-                if (--n <= 0) return;
-                bn_mul_add_words(&(r[1]),a,n,b[1]);
-                if (--n <= 0) return;
-                bn_mul_add_words(&(r[2]),a,n,b[2]);
-                if (--n <= 0) return;
-                bn_mul_add_words(&(r[3]),a,n,b[3]);
-                if (--n <= 0) return;
-                bn_mul_add_words(&(r[4]),a,n,b[4]);
-                r+=4;
-                b+=4;
-                }
-        }

diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c deleted file mode 100644 index 3ae3822bc2..0000000000 --- a/src/lib/libcrypto/bn/bn_mul.c +++ /dev/null
@@ -1,802 +0,0 @@
1	/* crypto/bn/bn_mul.c */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58
59	#include <stdio.h>
60	#include "cryptlib.h"
61	#include "bn_lcl.h"
62
63	#ifdef BN_RECURSION
64	/* Karatsuba recursive multiplication algorithm
65	* (cf. Knuth, The Art of Computer Programming, Vol. 2) */
66
67	/* r is 2*n2 words in size,
68	* a and b are both n2 words in size.
69	* n2 must be a power of 2.
70	* We multiply and return the result.
71	* t must be 2*n2 words in size
72	* We calculate
73	* a[0]*b[0]
74	* a[0]b[0]+a[1]b[1]+(a[0]-a[1])*(b[1]-b[0])
75	* a[1]*b[1]
76	*/
77	void bn_mul_recursive(BN_ULONG r, BN_ULONG a, BN_ULONG *b, int n2,
78	BN_ULONG *t)
79	{
80	int n=n2/2,c1,c2;
81	unsigned int neg,zero;
82	BN_ULONG ln,lo,*p;
83
84	# ifdef BN_COUNT
85	printf(" bn_mul_recursive %d * %d\n",n2,n2);
86	# endif
87	# ifdef BN_MUL_COMBA
88	# if 0
89	if (n2 == 4)
90	{
91	bn_mul_comba4(r,a,b);
92	return;
93	}
94	# endif
95	if (n2 == 8)
96	{
97	bn_mul_comba8(r,a,b);
98	return;
99	}
100	# endif /* BN_MUL_COMBA */
101	if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
102	{
103	/* This should not happen */
104	bn_mul_normal(r,a,n2,b,n2);
105	return;
106	}
107	/* r=(a[0]-a[1])(b[1]-b[0]) /
108	c1=bn_cmp_words(a,&(a[n]),n);
109	c2=bn_cmp_words(&(b[n]),b,n);
110	zero=neg=0;
111	switch (c1*3+c2)
112	{
113	case -4:
114	bn_sub_words(t, &(a[n]),a, n); /* - */
115	bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */
116	break;
117	case -3:
118	zero=1;
119	break;
120	case -2:
121	bn_sub_words(t, &(a[n]),a, n); /* - */
122	bn_sub_words(&(t[n]),&(b[n]),b, n); /* + */
123	neg=1;
124	break;
125	case -1:
126	case 0:
127	case 1:
128	zero=1;
129	break;
130	case 2:
131	bn_sub_words(t, a, &(a[n]),n); /* + */
132	bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */
133	neg=1;
134	break;
135	case 3:
136	zero=1;
137	break;
138	case 4:
139	bn_sub_words(t, a, &(a[n]),n);
140	bn_sub_words(&(t[n]),&(b[n]),b, n);
141	break;
142	}
143
144	# ifdef BN_MUL_COMBA
145	if (n == 4)
146	{
147	if (!zero)
148	bn_mul_comba4(&(t[n2]),t,&(t[n]));
149	else
150	memset(&(t[n2]),0,8*sizeof(BN_ULONG));
151
152	bn_mul_comba4(r,a,b);
153	bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n]));
154	}
155	else if (n == 8)
156	{
157	if (!zero)
158	bn_mul_comba8(&(t[n2]),t,&(t[n]));
159	else
160	memset(&(t[n2]),0,16*sizeof(BN_ULONG));
161
162	bn_mul_comba8(r,a,b);
163	bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
164	}
165	else
166	# endif /* BN_MUL_COMBA */
167	{
168	p= &(t[n2*2]);
169	if (!zero)
170	bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
171	else
172	memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
173	bn_mul_recursive(r,a,b,n,p);
174	bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p);
175	}
176
177	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
178	* r[10] holds (a[0]*b[0])
179	* r[32] holds (b[1]*b[1])
180	*/
181
182	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
183
184	if (neg) /* if t[32] is negative */
185	{
186	c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
187	}
188	else
189	{
190	/* Might have a carry */
191	c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
192	}
193
194	/* t[32] holds (a[0]-a[1])(b[1]-b[0])+(a[0]b[0])+(a[1]*b[1])
195	* r[10] holds (a[0]*b[0])
196	* r[32] holds (b[1]*b[1])
197	* c1 holds the carry bits
198	*/
199	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
200	if (c1)
201	{
202	p= &(r[n+n2]);
203	lo= *p;
204	ln=(lo+c1)&BN_MASK2;
205	*p=ln;
206
207	/* The overflow will stop before we over write
208	* words we should not overwrite */
209	if (ln < (BN_ULONG)c1)
210	{
211	do {
212	p++;
213	lo= *p;
214	ln=(lo+1)&BN_MASK2;
215	*p=ln;
216	} while (ln == 0);
217	}
218	}
219	}
220
221	/* n+tn is the word length
222	* t needs to be n4 is size, as does r /
223	void bn_mul_part_recursive(BN_ULONG r, BN_ULONG a, BN_ULONG *b, int tn,
224	int n, BN_ULONG *t)
225	{
226	int i,j,n2=n*2;
227	int c1,c2,neg,zero;
228	BN_ULONG ln,lo,*p;
229
230	# ifdef BN_COUNT
231	printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
232	# endif
233	if (n < 8)
234	{
235	i=tn+n;
236	bn_mul_normal(r,a,i,b,i);
237	return;
238	}
239
240	/* r=(a[0]-a[1])(b[1]-b[0]) /
241	c1=bn_cmp_words(a,&(a[n]),n);
242	c2=bn_cmp_words(&(b[n]),b,n);
243	zero=neg=0;
244	switch (c1*3+c2)
245	{
246	case -4:
247	bn_sub_words(t, &(a[n]),a, n); /* - */
248	bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */
249	break;
250	case -3:
251	zero=1;
252	/* break; */
253	case -2:
254	bn_sub_words(t, &(a[n]),a, n); /* - */
255	bn_sub_words(&(t[n]),&(b[n]),b, n); /* + */
256	neg=1;
257	break;
258	case -1:
259	case 0:
260	case 1:
261	zero=1;
262	/* break; */
263	case 2:
264	bn_sub_words(t, a, &(a[n]),n); /* + */
265	bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */
266	neg=1;
267	break;
268	case 3:
269	zero=1;
270	/* break; */
271	case 4:
272	bn_sub_words(t, a, &(a[n]),n);
273	bn_sub_words(&(t[n]),&(b[n]),b, n);
274	break;
275	}
276	/* The zero case isn't yet implemented here. The speedup
277	would probably be negligible. */
278	# if 0
279	if (n == 4)
280	{
281	bn_mul_comba4(&(t[n2]),t,&(t[n]));
282	bn_mul_comba4(r,a,b);
283	bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
284	memset(&(r[n2+tn2]),0,sizeof(BN_ULONG)(n2-tn*2));
285	}
286	else
287	# endif
288	if (n == 8)
289	{
290	bn_mul_comba8(&(t[n2]),t,&(t[n]));
291	bn_mul_comba8(r,a,b);
292	bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
293	memset(&(r[n2+tn2]),0,sizeof(BN_ULONG)(n2-tn*2));
294	}
295	else
296	{
297	p= &(t[n2*2]);
298	bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
299	bn_mul_recursive(r,a,b,n,p);
300	i=n/2;
301	/* If there is only a bottom half to the number,
302	* just do it */
303	j=tn-i;
304	if (j == 0)
305	{
306	bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p);
307	memset(&(r[n2+i2]),0,sizeof(BN_ULONG)(n2-i*2));
308	}
309	else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
310	{
311	bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
312	j,i,p);
313	memset(&(r[n2+tn*2]),0,
314	sizeof(BN_ULONG)(n2-tn2));
315	}
316	else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
317	{
318	memset(&(r[n2]),0,sizeof(BN_ULONG)*n2);
319	if (tn < BN_MUL_RECURSIVE_SIZE_NORMAL)
320	{
321	bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
322	}
323	else
324	{
325	for (;;)
326	{
327	i/=2;
328	if (i < tn)
329	{
330	bn_mul_part_recursive(&(r[n2]),
331	&(a[n]),&(b[n]),
332	tn-i,i,p);
333	break;
334	}
335	else if (i == tn)
336	{
337	bn_mul_recursive(&(r[n2]),
338	&(a[n]),&(b[n]),
339	i,p);
340	break;
341	}
342	}
343	}
344	}
345	}
346
347	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
348	* r[10] holds (a[0]*b[0])
349	* r[32] holds (b[1]*b[1])
350	*/
351
352	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
353
354	if (neg) /* if t[32] is negative */
355	{
356	c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
357	}
358	else
359	{
360	/* Might have a carry */
361	c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
362	}
363
364	/* t[32] holds (a[0]-a[1])(b[1]-b[0])+(a[0]b[0])+(a[1]*b[1])
365	* r[10] holds (a[0]*b[0])
366	* r[32] holds (b[1]*b[1])
367	* c1 holds the carry bits
368	*/
369	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
370	if (c1)
371	{
372	p= &(r[n+n2]);
373	lo= *p;
374	ln=(lo+c1)&BN_MASK2;
375	*p=ln;
376
377	/* The overflow will stop before we over write
378	* words we should not overwrite */
379	if (ln < (BN_ULONG)c1)
380	{
381	do {
382	p++;
383	lo= *p;
384	ln=(lo+1)&BN_MASK2;
385	*p=ln;
386	} while (ln == 0);
387	}
388	}
389	}
390
391	/* a and b must be the same size, which is n2.
392	* r needs to be n2 words and t needs to be n2*2
393	*/
394	void bn_mul_low_recursive(BN_ULONG r, BN_ULONG a, BN_ULONG *b, int n2,
395	BN_ULONG *t)
396	{
397	int n=n2/2;
398
399	# ifdef BN_COUNT
400	printf(" bn_mul_low_recursive %d * %d\n",n2,n2);
401	# endif
402
403	bn_mul_recursive(r,a,b,n,&(t[0]));
404	if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
405	{
406	bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
407	bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
408	bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));
409	bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
410	}
411	else
412	{
413	bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);
414	bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
415	bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
416	bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
417	}
418	}
419
420	/* a and b must be the same size, which is n2.
421	* r needs to be n2 words and t needs to be n2*2
422	* l is the low words of the output.
423	* t needs to be n2*3
424	*/
425	void bn_mul_high(BN_ULONG r, BN_ULONG a, BN_ULONG b, BN_ULONG l, int n2,
426	BN_ULONG *t)
427	{
428	int i,n;
429	int c1,c2;
430	int neg,oneg,zero;
431	BN_ULONG ll,lc,lp,mp;
432
433	# ifdef BN_COUNT
434	printf(" bn_mul_high %d * %d\n",n2,n2);
435	# endif
436	n=n2/2;
437
438	/* Calculate (al-ah)(bh-bl) /
439	neg=zero=0;
440	c1=bn_cmp_words(&(a[0]),&(a[n]),n);
441	c2=bn_cmp_words(&(b[n]),&(b[0]),n);
442	switch (c1*3+c2)
443	{
444	case -4:
445	bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
446	bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
447	break;
448	case -3:
449	zero=1;
450	break;
451	case -2:
452	bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
453	bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
454	neg=1;
455	break;
456	case -1:
457	case 0:
458	case 1:
459	zero=1;
460	break;
461	case 2:
462	bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
463	bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
464	neg=1;
465	break;
466	case 3:
467	zero=1;
468	break;
469	case 4:
470	bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
471	bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
472	break;
473	}
474
475	oneg=neg;
476	/* t[10] = (a[0]-a[1])(b[1]-b[0]) /
477	/* r[10] = (a[1]b[1]) /
478	# ifdef BN_MUL_COMBA
479	if (n == 8)
480	{
481	bn_mul_comba8(&(t[0]),&(r[0]),&(r[n]));
482	bn_mul_comba8(r,&(a[n]),&(b[n]));
483	}
484	else
485	# endif
486	{
487	bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2]));
488	bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2]));
489	}
490
491	/* s0 == low(al*bl)
492	* s1 == low(ahbh)+low((al-ah)(bh-bl))+low(albl)+high(albl)
493	* We know s0 and s1 so the only unknown is high(al*bl)
494	* high(albl) == s1 - low(ahbh+s0+(al-ah)*(bh-bl))
495	* high(al*bl) == s1 - (r[0]+l[0]+t[0])
496	*/
497	if (l != NULL)
498	{
499	lp= &(t[n2+n]);
500	c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n));
501	}
502	else
503	{
504	c1=0;
505	lp= &(r[0]);
506	}
507
508	if (neg)
509	neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n));
510	else
511	{
512	bn_add_words(&(t[n2]),lp,&(t[0]),n);
513	neg=0;
514	}
515
516	if (l != NULL)
517	{
518	bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);
519	}
520	else
521	{
522	lp= &(t[n2+n]);
523	mp= &(t[n2]);
524	for (i=0; i<n; i++)
525	lp[i]=((~mp[i])+1)&BN_MASK2;
526	}
527
528	/* s[0] = low(al*bl)
529	* t[3] = high(al*bl)
530	* t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
531	* r[10] = (a[1]*b[1])
532	*/
533	/* R[10] = al*bl
534	* R[21] = albl + ahbh + (a[0]-a[1])*(b[1]-b[0])
535	* R[32] = ah*bh
536	*/
537	/* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
538	* R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
539	* R[3]=r[1]+(carry/borrow)
540	*/
541	if (l != NULL)
542	{
543	lp= &(t[n2]);
544	c1= (int)(bn_add_words(lp,&(t[n2+n]),&(l[0]),n));
545	}
546	else
547	{
548	lp= &(t[n2+n]);
549	c1=0;
550	}
551	c1+=(int)(bn_add_words(&(t[n2]),lp, &(r[0]),n));
552	if (oneg)
553	c1-=(int)(bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n));
554	else
555	c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n));
556
557	c2 =(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n));
558	c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(r[n]),n));
559	if (oneg)
560	c2-=(int)(bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n));
561	else
562	c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n]),n));
563
564	if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */
565	{
566	i=0;
567	if (c1 > 0)
568	{
569	lc=c1;
570	do {
571	ll=(r[i]+lc)&BN_MASK2;
572	r[i++]=ll;
573	lc=(lc > ll);
574	} while (lc);
575	}
576	else
577	{
578	lc= -c1;
579	do {
580	ll=r[i];
581	r[i++]=(ll-lc)&BN_MASK2;
582	lc=(lc > ll);
583	} while (lc);
584	}
585	}
586	if (c2 != 0) /* Add starting at r[1] */
587	{
588	i=n;
589	if (c2 > 0)
590	{
591	lc=c2;
592	do {
593	ll=(r[i]+lc)&BN_MASK2;
594	r[i++]=ll;
595	lc=(lc > ll);
596	} while (lc);
597	}
598	else
599	{
600	lc= -c2;
601	do {
602	ll=r[i];
603	r[i++]=(ll-lc)&BN_MASK2;
604	lc=(lc > ll);
605	} while (lc);
606	}
607	}
608	}
609	#endif /* BN_RECURSION */
610
611	int BN_mul(BIGNUM r, const BIGNUM a, const BIGNUM b, BN_CTX ctx)
612	{
613	int top,al,bl;
614	BIGNUM *rr;
615	int ret = 0;
616	#if defined(BN_MUL_COMBA) \|\| defined(BN_RECURSION)
617	int i;
618	#endif
619	#ifdef BN_RECURSION
620	BIGNUM *t;
621	int j,k;
622	#endif
623
624	#ifdef BN_COUNT
625	printf("BN_mul %d * %d\n",a->top,b->top);
626	#endif
627
628	bn_check_top(a);
629	bn_check_top(b);
630	bn_check_top(r);
631
632	al=a->top;
633	bl=b->top;
634
635	if ((al == 0) \|\| (bl == 0))
636	{
637	if (!BN_zero(r)) goto err;
638	return(1);
639	}
640	top=al+bl;
641
642	BN_CTX_start(ctx);
643	if ((r == a) \|\| (r == b))
644	{
645	if ((rr = BN_CTX_get(ctx)) == NULL) goto err;
646	}
647	else
648	rr = r;
649	rr->neg=a->neg^b->neg;
650
651	#if defined(BN_MUL_COMBA) \|\| defined(BN_RECURSION)
652	i = al-bl;
653	#endif
654	#ifdef BN_MUL_COMBA
655	if (i == 0)
656	{
657	# if 0
658	if (al == 4)
659	{
660	if (bn_wexpand(rr,8) == NULL) goto err;
661	rr->top=8;
662	bn_mul_comba4(rr->d,a->d,b->d);
663	goto end;
664	}
665	# endif
666	if (al == 8)
667	{
668	if (bn_wexpand(rr,16) == NULL) goto err;
669	rr->top=16;
670	bn_mul_comba8(rr->d,a->d,b->d);
671	goto end;
672	}
673	}
674	#endif /* BN_MUL_COMBA */
675	#ifdef BN_RECURSION
676	if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL))
677	{
678	if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA) && bl<b->dmax)
679	{
680	#if 0 /* tribute to const-ification, bl<b->dmax above covers for this */
681	if (bn_wexpand(b,al) == NULL) goto err;
682	#endif
683	b->d[bl]=0;
684	bl++;
685	i--;
686	}
687	else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA) && al<a->dmax)
688	{
689	#if 0 /* tribute to const-ification, al<a->dmax above covers for this */
690	if (bn_wexpand(a,bl) == NULL) goto err;
691	#endif
692	a->d[al]=0;
693	al++;
694	i++;
695	}
696	if (i == 0)
697	{
698	/* symmetric and > 4 */
699	/* 16 or larger */
700	j=BN_num_bits_word((BN_ULONG)al);
701	j=1<<(j-1);
702	k=j+j;
703	t = BN_CTX_get(ctx);
704	if (al == j) /* exact multiple */
705	{
706	if (bn_wexpand(t,k*2) == NULL) goto err;
707	if (bn_wexpand(rr,k*2) == NULL) goto err;
708	bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
709	rr->top=top;
710	goto end;
711	}
712	#if 0 /* tribute to const-ification, rsa/dsa performance is not affected */
713	else
714	{
715	if (bn_wexpand(a,k) == NULL ) goto err;
716	if (bn_wexpand(b,k) == NULL ) goto err;
717	if (bn_wexpand(t,k*4) == NULL ) goto err;
718	if (bn_wexpand(rr,k*4) == NULL ) goto err;
719	for (i=a->top; i<k; i++)
720	a->d[i]=0;
721	for (i=b->top; i<k; i++)
722	b->d[i]=0;
723	bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
724	}
725	rr->top=top;
726	goto end;
727	#endif
728	}
729	}
730	#endif /* BN_RECURSION */
731	if (bn_wexpand(rr,top) == NULL) goto err;
732	rr->top=top;
733	bn_mul_normal(rr->d,a->d,al,b->d,bl);
734
735	#if defined(BN_MUL_COMBA) \|\| defined(BN_RECURSION)
736	end:
737	#endif
738	bn_fix_top(rr);
739	if (r != rr) BN_copy(r,rr);
740	ret=1;
741	err:
742	BN_CTX_end(ctx);
743	return(ret);
744	}
745
746	void bn_mul_normal(BN_ULONG r, BN_ULONG a, int na, BN_ULONG *b, int nb)
747	{
748	BN_ULONG *rr;
749
750	#ifdef BN_COUNT
751	printf(" bn_mul_normal %d * %d\n",na,nb);
752	#endif
753
754	if (na < nb)
755	{
756	int itmp;
757	BN_ULONG *ltmp;
758
759	itmp=na; na=nb; nb=itmp;
760	ltmp=a; a=b; b=ltmp;
761
762	}
763	rr= &(r[na]);
764	rr[0]=bn_mul_words(r,a,na,b[0]);
765
766	for (;;)
767	{
768	if (--nb <= 0) return;
769	rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
770	if (--nb <= 0) return;
771	rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
772	if (--nb <= 0) return;
773	rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
774	if (--nb <= 0) return;
775	rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
776	rr+=4;
777	r+=4;
778	b+=4;
779	}
780	}
781
782	void bn_mul_low_normal(BN_ULONG r, BN_ULONG a, BN_ULONG *b, int n)
783	{
784	#ifdef BN_COUNT
785	printf(" bn_mul_low_normal %d * %d\n",n,n);
786	#endif
787	bn_mul_words(r,a,n,b[0]);
788
789	for (;;)
790	{
791	if (--n <= 0) return;
792	bn_mul_add_words(&(r[1]),a,n,b[1]);
793	if (--n <= 0) return;
794	bn_mul_add_words(&(r[2]),a,n,b[2]);
795	if (--n <= 0) return;
796	bn_mul_add_words(&(r[3]),a,n,b[3]);
797	if (--n <= 0) return;
798	bn_mul_add_words(&(r[4]),a,n,b[4]);
799	r+=4;
800	b+=4;
801	}
802	}