summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/bn/bn_nist.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/bn/bn_nist.c')
-rw-r--r--src/lib/libcrypto/bn/bn_nist.c338
1 files changed, 40 insertions, 298 deletions
diff --git a/src/lib/libcrypto/bn/bn_nist.c b/src/lib/libcrypto/bn/bn_nist.c
index 43caee4770..c6de032696 100644
--- a/src/lib/libcrypto/bn/bn_nist.c
+++ b/src/lib/libcrypto/bn/bn_nist.c
@@ -319,13 +319,6 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
319 :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l))) 319 :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l)))
320#define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0)); 320#define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0));
321#define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n) 321#define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n)
322# if defined(L_ENDIAN)
323# if defined(__arch64__)
324# define NIST_INT64 long
325# else
326# define NIST_INT64 long long
327# endif
328# endif
329#else 322#else
330#define bn_cp_64(to, n, from, m) \ 323#define bn_cp_64(to, n, from, m) \
331 { \ 324 { \
@@ -337,15 +330,13 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
337 bn_32_set_0(to, (n)*2); \ 330 bn_32_set_0(to, (n)*2); \
338 bn_32_set_0(to, (n)*2+1); \ 331 bn_32_set_0(to, (n)*2+1); \
339 } 332 }
333#if BN_BITS2 == 32
340#define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; 334#define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0;
341#define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; 335#define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0;
342# if defined(_WIN32) && !defined(__GNUC__) 336#endif
343# define NIST_INT64 __int64
344# elif defined(BN_LLONG)
345# define NIST_INT64 long long
346# endif
347#endif /* BN_BITS2 != 64 */ 337#endif /* BN_BITS2 != 64 */
348 338
339
349#define nist_set_192(to, from, a1, a2, a3) \ 340#define nist_set_192(to, from, a1, a2, a3) \
350 { \ 341 { \
351 bn_cp_64(to, 0, from, (a3) - 3) \ 342 bn_cp_64(to, 0, from, (a3) - 3) \
@@ -359,11 +350,9 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
359 int top = a->top, i; 350 int top = a->top, i;
360 int carry; 351 int carry;
361 register BN_ULONG *r_d, *a_d = a->d; 352 register BN_ULONG *r_d, *a_d = a->d;
362 union { 353 BN_ULONG t_d[BN_NIST_192_TOP],
363 BN_ULONG bn[BN_NIST_192_TOP]; 354 buf[BN_NIST_192_TOP],
364 unsigned int ui[BN_NIST_192_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)]; 355 c_d[BN_NIST_192_TOP],
365 } buf;
366 BN_ULONG c_d[BN_NIST_192_TOP],
367 *res; 356 *res;
368 PTR_SIZE_INT mask; 357 PTR_SIZE_INT mask;
369 static const BIGNUM _bignum_nist_p_192_sqr = { 358 static const BIGNUM _bignum_nist_p_192_sqr = {
@@ -396,48 +385,15 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
396 else 385 else
397 r_d = a_d; 386 r_d = a_d;
398 387
399 nist_cp_bn_0(buf.bn, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP); 388 nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP);
400
401#if defined(NIST_INT64)
402 {
403 NIST_INT64 acc; /* accumulator */
404 unsigned int *rp=(unsigned int *)r_d;
405 const unsigned int *bp=(const unsigned int *)buf.ui;
406
407 acc = rp[0]; acc += bp[3*2-6];
408 acc += bp[5*2-6]; rp[0] = (unsigned int)acc; acc >>= 32;
409
410 acc += rp[1]; acc += bp[3*2-5];
411 acc += bp[5*2-5]; rp[1] = (unsigned int)acc; acc >>= 32;
412 389
413 acc += rp[2]; acc += bp[3*2-6]; 390 nist_set_192(t_d, buf, 0, 3, 3);
414 acc += bp[4*2-6];
415 acc += bp[5*2-6]; rp[2] = (unsigned int)acc; acc >>= 32;
416
417 acc += rp[3]; acc += bp[3*2-5];
418 acc += bp[4*2-5];
419 acc += bp[5*2-5]; rp[3] = (unsigned int)acc; acc >>= 32;
420
421 acc += rp[4]; acc += bp[4*2-6];
422 acc += bp[5*2-6]; rp[4] = (unsigned int)acc; acc >>= 32;
423
424 acc += rp[5]; acc += bp[4*2-5];
425 acc += bp[5*2-5]; rp[5] = (unsigned int)acc;
426
427 carry = (int)(acc>>32);
428 }
429#else
430 {
431 BN_ULONG t_d[BN_NIST_192_TOP];
432
433 nist_set_192(t_d, buf.bn, 0, 3, 3);
434 carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); 391 carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
435 nist_set_192(t_d, buf.bn, 4, 4, 0); 392 nist_set_192(t_d, buf, 4, 4, 0);
436 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); 393 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
437 nist_set_192(t_d, buf.bn, 5, 5, 5) 394 nist_set_192(t_d, buf, 5, 5, 5)
438 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); 395 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
439 } 396
440#endif
441 if (carry > 0) 397 if (carry > 0)
442 carry = (int)bn_sub_words(r_d,r_d,_nist_p_192[carry-1],BN_NIST_192_TOP); 398 carry = (int)bn_sub_words(r_d,r_d,_nist_p_192[carry-1],BN_NIST_192_TOP);
443 else 399 else
@@ -479,7 +435,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
479 int top = a->top, i; 435 int top = a->top, i;
480 int carry; 436 int carry;
481 BN_ULONG *r_d, *a_d = a->d; 437 BN_ULONG *r_d, *a_d = a->d;
482 BN_ULONG buf[BN_NIST_224_TOP], 438 BN_ULONG t_d[BN_NIST_224_TOP],
439 buf[BN_NIST_224_TOP],
483 c_d[BN_NIST_224_TOP], 440 c_d[BN_NIST_224_TOP],
484 *res; 441 *res;
485 PTR_SIZE_INT mask; 442 PTR_SIZE_INT mask;
@@ -517,54 +474,14 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
517 474
518#if BN_BITS2==64 475#if BN_BITS2==64
519 /* copy upper 256 bits of 448 bit number ... */ 476 /* copy upper 256 bits of 448 bit number ... */
520 nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP); 477 nist_cp_bn_0(t_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP);
521 /* ... and right shift by 32 to obtain upper 224 bits */ 478 /* ... and right shift by 32 to obtain upper 224 bits */
522 nist_set_224(buf, c_d, 14, 13, 12, 11, 10, 9, 8); 479 nist_set_224(buf, t_d, 14, 13, 12, 11, 10, 9, 8);
523 /* truncate lower part to 224 bits too */ 480 /* truncate lower part to 224 bits too */
524 r_d[BN_NIST_224_TOP-1] &= BN_MASK2l; 481 r_d[BN_NIST_224_TOP-1] &= BN_MASK2l;
525#else 482#else
526 nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP); 483 nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
527#endif 484#endif
528
529#if defined(NIST_INT64) && BN_BITS2!=64
530 {
531 NIST_INT64 acc; /* accumulator */
532 unsigned int *rp=(unsigned int *)r_d;
533 const unsigned int *bp=(const unsigned int *)buf;
534
535 acc = rp[0]; acc -= bp[7-7];
536 acc -= bp[11-7]; rp[0] = (unsigned int)acc; acc >>= 32;
537
538 acc += rp[1]; acc -= bp[8-7];
539 acc -= bp[12-7]; rp[1] = (unsigned int)acc; acc >>= 32;
540
541 acc += rp[2]; acc -= bp[9-7];
542 acc -= bp[13-7]; rp[2] = (unsigned int)acc; acc >>= 32;
543
544 acc += rp[3]; acc += bp[7-7];
545 acc += bp[11-7];
546 acc -= bp[10-7]; rp[3] = (unsigned int)acc; acc>>= 32;
547
548 acc += rp[4]; acc += bp[8-7];
549 acc += bp[12-7];
550 acc -= bp[11-7]; rp[4] = (unsigned int)acc; acc >>= 32;
551
552 acc += rp[5]; acc += bp[9-7];
553 acc += bp[13-7];
554 acc -= bp[12-7]; rp[5] = (unsigned int)acc; acc >>= 32;
555
556 acc += rp[6]; acc += bp[10-7];
557 acc -= bp[13-7]; rp[6] = (unsigned int)acc;
558
559 carry = (int)(acc>>32);
560# if BN_BITS2==64
561 rp[7] = carry;
562# endif
563 }
564#else
565 {
566 BN_ULONG t_d[BN_NIST_224_TOP];
567
568 nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0); 485 nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0);
569 carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); 486 carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
570 nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0); 487 nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0);
@@ -577,8 +494,6 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
577#if BN_BITS2==64 494#if BN_BITS2==64
578 carry = (int)(r_d[BN_NIST_224_TOP-1]>>32); 495 carry = (int)(r_d[BN_NIST_224_TOP-1]>>32);
579#endif 496#endif
580 }
581#endif
582 u.f = bn_sub_words; 497 u.f = bn_sub_words;
583 if (carry > 0) 498 if (carry > 0)
584 { 499 {
@@ -633,11 +548,9 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
633 int i, top = a->top; 548 int i, top = a->top;
634 int carry = 0; 549 int carry = 0;
635 register BN_ULONG *a_d = a->d, *r_d; 550 register BN_ULONG *a_d = a->d, *r_d;
636 union { 551 BN_ULONG t_d[BN_NIST_256_TOP],
637 BN_ULONG bn[BN_NIST_256_TOP]; 552 buf[BN_NIST_256_TOP],
638 unsigned int ui[BN_NIST_256_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)]; 553 c_d[BN_NIST_256_TOP],
639 } buf;
640 BN_ULONG c_d[BN_NIST_256_TOP],
641 *res; 554 *res;
642 PTR_SIZE_INT mask; 555 PTR_SIZE_INT mask;
643 union { bn_addsub_f f; PTR_SIZE_INT p; } u; 556 union { bn_addsub_f f; PTR_SIZE_INT p; } u;
@@ -671,87 +584,12 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
671 else 584 else
672 r_d = a_d; 585 r_d = a_d;
673 586
674 nist_cp_bn_0(buf.bn, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, BN_NIST_256_TOP); 587 nist_cp_bn_0(buf, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, BN_NIST_256_TOP);
675
676#if defined(NIST_INT64)
677 {
678 NIST_INT64 acc; /* accumulator */
679 unsigned int *rp=(unsigned int *)r_d;
680 const unsigned int *bp=(const unsigned int *)buf.ui;
681
682 acc = rp[0]; acc += bp[8-8];
683 acc += bp[9-8];
684 acc -= bp[11-8];
685 acc -= bp[12-8];
686 acc -= bp[13-8];
687 acc -= bp[14-8]; rp[0] = (unsigned int)acc; acc >>= 32;
688
689 acc += rp[1]; acc += bp[9-8];
690 acc += bp[10-8];
691 acc -= bp[12-8];
692 acc -= bp[13-8];
693 acc -= bp[14-8];
694 acc -= bp[15-8]; rp[1] = (unsigned int)acc; acc >>= 32;
695
696 acc += rp[2]; acc += bp[10-8];
697 acc += bp[11-8];
698 acc -= bp[13-8];
699 acc -= bp[14-8];
700 acc -= bp[15-8]; rp[2] = (unsigned int)acc; acc >>= 32;
701
702 acc += rp[3]; acc += bp[11-8];
703 acc += bp[11-8];
704 acc += bp[12-8];
705 acc += bp[12-8];
706 acc += bp[13-8];
707 acc -= bp[15-8];
708 acc -= bp[8-8];
709 acc -= bp[9-8]; rp[3] = (unsigned int)acc; acc >>= 32;
710
711 acc += rp[4]; acc += bp[12-8];
712 acc += bp[12-8];
713 acc += bp[13-8];
714 acc += bp[13-8];
715 acc += bp[14-8];
716 acc -= bp[9-8];
717 acc -= bp[10-8]; rp[4] = (unsigned int)acc; acc >>= 32;
718
719 acc += rp[5]; acc += bp[13-8];
720 acc += bp[13-8];
721 acc += bp[14-8];
722 acc += bp[14-8];
723 acc += bp[15-8];
724 acc -= bp[10-8];
725 acc -= bp[11-8]; rp[5] = (unsigned int)acc; acc >>= 32;
726
727 acc += rp[6]; acc += bp[14-8];
728 acc += bp[14-8];
729 acc += bp[15-8];
730 acc += bp[15-8];
731 acc += bp[14-8];
732 acc += bp[13-8];
733 acc -= bp[8-8];
734 acc -= bp[9-8]; rp[6] = (unsigned int)acc; acc >>= 32;
735
736 acc += rp[7]; acc += bp[15-8];
737 acc += bp[15-8];
738 acc += bp[15-8];
739 acc += bp[8 -8];
740 acc -= bp[10-8];
741 acc -= bp[11-8];
742 acc -= bp[12-8];
743 acc -= bp[13-8]; rp[7] = (unsigned int)acc;
744
745 carry = (int)(acc>>32);
746 }
747#else
748 {
749 BN_ULONG t_d[BN_NIST_256_TOP];
750 588
751 /*S1*/ 589 /*S1*/
752 nist_set_256(t_d, buf.bn, 15, 14, 13, 12, 11, 0, 0, 0); 590 nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0);
753 /*S2*/ 591 /*S2*/
754 nist_set_256(c_d, buf.bn, 0, 15, 14, 13, 12, 0, 0, 0); 592 nist_set_256(c_d, buf, 0, 15, 14, 13, 12, 0, 0, 0);
755 carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); 593 carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP);
756 /* left shift */ 594 /* left shift */
757 { 595 {
@@ -769,26 +607,24 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
769 } 607 }
770 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); 608 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
771 /*S3*/ 609 /*S3*/
772 nist_set_256(t_d, buf.bn, 15, 14, 0, 0, 0, 10, 9, 8); 610 nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8);
773 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); 611 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
774 /*S4*/ 612 /*S4*/
775 nist_set_256(t_d, buf.bn, 8, 13, 15, 14, 13, 11, 10, 9); 613 nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9);
776 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); 614 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
777 /*D1*/ 615 /*D1*/
778 nist_set_256(t_d, buf.bn, 10, 8, 0, 0, 0, 13, 12, 11); 616 nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11);
779 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); 617 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
780 /*D2*/ 618 /*D2*/
781 nist_set_256(t_d, buf.bn, 11, 9, 0, 0, 15, 14, 13, 12); 619 nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12);
782 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); 620 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
783 /*D3*/ 621 /*D3*/
784 nist_set_256(t_d, buf.bn, 12, 0, 10, 9, 8, 15, 14, 13); 622 nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13);
785 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); 623 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
786 /*D4*/ 624 /*D4*/
787 nist_set_256(t_d, buf.bn, 13, 0, 11, 10, 9, 0, 15, 14); 625 nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14);
788 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); 626 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
789 627
790 }
791#endif
792 /* see BN_nist_mod_224 for explanation */ 628 /* see BN_nist_mod_224 for explanation */
793 u.f = bn_sub_words; 629 u.f = bn_sub_words;
794 if (carry > 0) 630 if (carry > 0)
@@ -836,11 +672,9 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
836 int i, top = a->top; 672 int i, top = a->top;
837 int carry = 0; 673 int carry = 0;
838 register BN_ULONG *r_d, *a_d = a->d; 674 register BN_ULONG *r_d, *a_d = a->d;
839 union { 675 BN_ULONG t_d[BN_NIST_384_TOP],
840 BN_ULONG bn[BN_NIST_384_TOP]; 676 buf[BN_NIST_384_TOP],
841 unsigned int ui[BN_NIST_384_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)]; 677 c_d[BN_NIST_384_TOP],
842 } buf;
843 BN_ULONG c_d[BN_NIST_384_TOP],
844 *res; 678 *res;
845 PTR_SIZE_INT mask; 679 PTR_SIZE_INT mask;
846 union { bn_addsub_f f; PTR_SIZE_INT p; } u; 680 union { bn_addsub_f f; PTR_SIZE_INT p; } u;
@@ -875,100 +709,10 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
875 else 709 else
876 r_d = a_d; 710 r_d = a_d;
877 711
878 nist_cp_bn_0(buf.bn, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, BN_NIST_384_TOP); 712 nist_cp_bn_0(buf, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, BN_NIST_384_TOP);
879
880#if defined(NIST_INT64)
881 {
882 NIST_INT64 acc; /* accumulator */
883 unsigned int *rp=(unsigned int *)r_d;
884 const unsigned int *bp=(const unsigned int *)buf.ui;
885
886 acc = rp[0]; acc += bp[12-12];
887 acc += bp[21-12];
888 acc += bp[20-12];
889 acc -= bp[23-12]; rp[0] = (unsigned int)acc; acc >>= 32;
890
891 acc += rp[1]; acc += bp[13-12];
892 acc += bp[22-12];
893 acc += bp[23-12];
894 acc -= bp[12-12];
895 acc -= bp[20-12]; rp[1] = (unsigned int)acc; acc >>= 32;
896
897 acc += rp[2]; acc += bp[14-12];
898 acc += bp[23-12];
899 acc -= bp[13-12];
900 acc -= bp[21-12]; rp[2] = (unsigned int)acc; acc >>= 32;
901
902 acc += rp[3]; acc += bp[15-12];
903 acc += bp[12-12];
904 acc += bp[20-12];
905 acc += bp[21-12];
906 acc -= bp[14-12];
907 acc -= bp[22-12];
908 acc -= bp[23-12]; rp[3] = (unsigned int)acc; acc >>= 32;
909
910 acc += rp[4]; acc += bp[21-12];
911 acc += bp[21-12];
912 acc += bp[16-12];
913 acc += bp[13-12];
914 acc += bp[12-12];
915 acc += bp[20-12];
916 acc += bp[22-12];
917 acc -= bp[15-12];
918 acc -= bp[23-12];
919 acc -= bp[23-12]; rp[4] = (unsigned int)acc; acc >>= 32;
920
921 acc += rp[5]; acc += bp[22-12];
922 acc += bp[22-12];
923 acc += bp[17-12];
924 acc += bp[14-12];
925 acc += bp[13-12];
926 acc += bp[21-12];
927 acc += bp[23-12];
928 acc -= bp[16-12]; rp[5] = (unsigned int)acc; acc >>= 32;
929
930 acc += rp[6]; acc += bp[23-12];
931 acc += bp[23-12];
932 acc += bp[18-12];
933 acc += bp[15-12];
934 acc += bp[14-12];
935 acc += bp[22-12];
936 acc -= bp[17-12]; rp[6] = (unsigned int)acc; acc >>= 32;
937
938 acc += rp[7]; acc += bp[19-12];
939 acc += bp[16-12];
940 acc += bp[15-12];
941 acc += bp[23-12];
942 acc -= bp[18-12]; rp[7] = (unsigned int)acc; acc >>= 32;
943
944 acc += rp[8]; acc += bp[20-12];
945 acc += bp[17-12];
946 acc += bp[16-12];
947 acc -= bp[19-12]; rp[8] = (unsigned int)acc; acc >>= 32;
948
949 acc += rp[9]; acc += bp[21-12];
950 acc += bp[18-12];
951 acc += bp[17-12];
952 acc -= bp[20-12]; rp[9] = (unsigned int)acc; acc >>= 32;
953
954 acc += rp[10]; acc += bp[22-12];
955 acc += bp[19-12];
956 acc += bp[18-12];
957 acc -= bp[21-12]; rp[10] = (unsigned int)acc; acc >>= 32;
958
959 acc += rp[11]; acc += bp[23-12];
960 acc += bp[20-12];
961 acc += bp[19-12];
962 acc -= bp[22-12]; rp[11] = (unsigned int)acc;
963
964 carry = (int)(acc>>32);
965 }
966#else
967 {
968 BN_ULONG t_d[BN_NIST_384_TOP];
969 713
970 /*S1*/ 714 /*S1*/
971 nist_set_256(t_d, buf.bn, 0, 0, 0, 0, 0, 23-4, 22-4, 21-4); 715 nist_set_256(t_d, buf, 0, 0, 0, 0, 0, 23-4, 22-4, 21-4);
972 /* left shift */ 716 /* left shift */
973 { 717 {
974 register BN_ULONG *ap,t,c; 718 register BN_ULONG *ap,t,c;
@@ -985,31 +729,29 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
985 carry = (int)bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), 729 carry = (int)bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2),
986 t_d, BN_NIST_256_TOP); 730 t_d, BN_NIST_256_TOP);
987 /*S2 */ 731 /*S2 */
988 carry += (int)bn_add_words(r_d, r_d, buf.bn, BN_NIST_384_TOP); 732 carry += (int)bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP);
989 /*S3*/ 733 /*S3*/
990 nist_set_384(t_d,buf.bn,20,19,18,17,16,15,14,13,12,23,22,21); 734 nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21);
991 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); 735 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
992 /*S4*/ 736 /*S4*/
993 nist_set_384(t_d,buf.bn,19,18,17,16,15,14,13,12,20,0,23,0); 737 nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0);
994 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); 738 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
995 /*S5*/ 739 /*S5*/
996 nist_set_384(t_d, buf.bn,0,0,0,0,23,22,21,20,0,0,0,0); 740 nist_set_384(t_d, buf,0,0,0,0,23,22,21,20,0,0,0,0);
997 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); 741 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
998 /*S6*/ 742 /*S6*/
999 nist_set_384(t_d,buf.bn,0,0,0,0,0,0,23,22,21,0,0,20); 743 nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20);
1000 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); 744 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
1001 /*D1*/ 745 /*D1*/
1002 nist_set_384(t_d,buf.bn,22,21,20,19,18,17,16,15,14,13,12,23); 746 nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23);
1003 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); 747 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
1004 /*D2*/ 748 /*D2*/
1005 nist_set_384(t_d,buf.bn,0,0,0,0,0,0,0,23,22,21,20,0); 749 nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0);
1006 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); 750 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
1007 /*D3*/ 751 /*D3*/
1008 nist_set_384(t_d,buf.bn,0,0,0,0,0,0,0,23,23,0,0,0); 752 nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0);
1009 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); 753 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
1010 754
1011 }
1012#endif
1013 /* see BN_nist_mod_224 for explanation */ 755 /* see BN_nist_mod_224 for explanation */
1014 u.f = bn_sub_words; 756 u.f = bn_sub_words;
1015 if (carry > 0) 757 if (carry > 0)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-08 17:22:04 +0000