summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/bn
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/bn')
-rw-r--r--src/lib/libcrypto/bn/asm/alpha-mont.pl36
-rw-r--r--src/lib/libcrypto/bn/asm/s390x-mont.pl4
-rwxr-xr-xsrc/lib/libcrypto/bn/asm/s390x.S86
-rw-r--r--src/lib/libcrypto/bn/bn.h18
-rw-r--r--src/lib/libcrypto/bn/bn_exp2.c3
-rw-r--r--src/lib/libcrypto/bn/bn_gf2m.c1
-rw-r--r--src/lib/libcrypto/bn/bn_mont.c2
-rw-r--r--src/lib/libcrypto/bn/bn_mul.c9
-rw-r--r--src/lib/libcrypto/bn/bn_nist.c64
9 files changed, 125 insertions, 98 deletions
diff --git a/src/lib/libcrypto/bn/asm/alpha-mont.pl b/src/lib/libcrypto/bn/asm/alpha-mont.pl
index f7e0ca1646..03596e2014 100644
--- a/src/lib/libcrypto/bn/asm/alpha-mont.pl
+++ b/src/lib/libcrypto/bn/asm/alpha-mont.pl
@@ -41,8 +41,12 @@ $j="s4";
41$m1="s5"; 41$m1="s5";
42 42
43$code=<<___; 43$code=<<___;
44#ifdef __linux__
45#include <asm/regdef.h>
46#else
44#include <asm.h> 47#include <asm.h>
45#include <regdef.h> 48#include <regdef.h>
49#endif
46 50
47.text 51.text
48 52
@@ -76,7 +80,7 @@ bn_mul_mont:
76 ldq $aj,8($ap) 80 ldq $aj,8($ap)
77 subq sp,AT,sp 81 subq sp,AT,sp
78 ldq $bi,0($bp) # bp[0] 82 ldq $bi,0($bp) # bp[0]
79 mov -4096,AT 83 lda AT,-4096(zero) # mov -4096,AT
80 ldq $n0,0($n0) 84 ldq $n0,0($n0)
81 and sp,AT,sp 85 and sp,AT,sp
82 86
@@ -106,9 +110,9 @@ bn_mul_mont:
106.align 4 110.align 4
107.L1st: 111.L1st:
108 .set noreorder 112 .set noreorder
109 ldq $aj,($aj) 113 ldq $aj,0($aj)
110 addl $j,1,$j 114 addl $j,1,$j
111 ldq $nj,($nj) 115 ldq $nj,0($nj)
112 lda $tp,8($tp) 116 lda $tp,8($tp)
113 117
114 addq $alo,$hi0,$lo0 118 addq $alo,$hi0,$lo0
@@ -159,12 +163,12 @@ bn_mul_mont:
159.align 4 163.align 4
160.Louter: 164.Louter:
161 s8addq $i,$bp,$bi 165 s8addq $i,$bp,$bi
162 ldq $hi0,($ap) 166 ldq $hi0,0($ap)
163 ldq $aj,8($ap) 167 ldq $aj,8($ap)
164 ldq $bi,($bi) 168 ldq $bi,0($bi)
165 ldq $hi1,($np) 169 ldq $hi1,0($np)
166 ldq $nj,8($np) 170 ldq $nj,8($np)
167 ldq $tj,(sp) 171 ldq $tj,0(sp)
168 172
169 mulq $hi0,$bi,$lo0 173 mulq $hi0,$bi,$lo0
170 umulh $hi0,$bi,$hi0 174 umulh $hi0,$bi,$hi0
@@ -195,10 +199,10 @@ bn_mul_mont:
195 .set noreorder 199 .set noreorder
196 ldq $tj,8($tp) #L0 200 ldq $tj,8($tp) #L0
197 nop #U1 201 nop #U1
198 ldq $aj,($aj) #L1 202 ldq $aj,0($aj) #L1
199 s8addq $j,$np,$nj #U0 203 s8addq $j,$np,$nj #U0
200 204
201 ldq $nj,($nj) #L0 205 ldq $nj,0($nj) #L0
202 nop #U1 206 nop #U1
203 addq $alo,$hi0,$lo0 #L1 207 addq $alo,$hi0,$lo0 #L1
204 lda $tp,8($tp) 208 lda $tp,8($tp)
@@ -247,7 +251,7 @@ bn_mul_mont:
247 addq $hi1,v0,$hi1 251 addq $hi1,v0,$hi1
248 252
249 addq $hi1,$hi0,$lo1 253 addq $hi1,$hi0,$lo1
250 stq $j,($tp) 254 stq $j,0($tp)
251 cmpult $lo1,$hi0,$hi1 255 cmpult $lo1,$hi0,$hi1
252 addq $lo1,$tj,$lo1 256 addq $lo1,$tj,$lo1
253 cmpult $lo1,$tj,AT 257 cmpult $lo1,$tj,AT
@@ -265,8 +269,8 @@ bn_mul_mont:
265 mov 0,$hi0 # clear borrow bit 269 mov 0,$hi0 # clear borrow bit
266 270
267.align 4 271.align 4
268.Lsub: ldq $lo0,($tp) 272.Lsub: ldq $lo0,0($tp)
269 ldq $lo1,($np) 273 ldq $lo1,0($np)
270 lda $tp,8($tp) 274 lda $tp,8($tp)
271 lda $np,8($np) 275 lda $np,8($np)
272 subq $lo0,$lo1,$lo1 # tp[i]-np[i] 276 subq $lo0,$lo1,$lo1 # tp[i]-np[i]
@@ -274,7 +278,7 @@ bn_mul_mont:
274 subq $lo1,$hi0,$lo0 278 subq $lo1,$hi0,$lo0
275 cmpult $lo1,$lo0,$hi0 279 cmpult $lo1,$lo0,$hi0
276 or $hi0,AT,$hi0 280 or $hi0,AT,$hi0
277 stq $lo0,($rp) 281 stq $lo0,0($rp)
278 cmpult $tp,$tj,v0 282 cmpult $tp,$tj,v0
279 lda $rp,8($rp) 283 lda $rp,8($rp)
280 bne v0,.Lsub 284 bne v0,.Lsub
@@ -288,7 +292,7 @@ bn_mul_mont:
288 bis $bp,$ap,$ap # ap=borrow?tp:rp 292 bis $bp,$ap,$ap # ap=borrow?tp:rp
289 293
290.align 4 294.align 4
291.Lcopy: ldq $aj,($ap) # copy or in-place refresh 295.Lcopy: ldq $aj,0($ap) # copy or in-place refresh
292 lda $tp,8($tp) 296 lda $tp,8($tp)
293 lda $rp,8($rp) 297 lda $rp,8($rp)
294 lda $ap,8($ap) 298 lda $ap,8($ap)
@@ -309,8 +313,8 @@ bn_mul_mont:
309 lda sp,48(sp) 313 lda sp,48(sp)
310 ret (ra) 314 ret (ra)
311.end bn_mul_mont 315.end bn_mul_mont
312.rdata 316.ascii "Montgomery Multiplication for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
313.asciiz "Montgomery Multiplication for Alpha, CRYPTOGAMS by <appro\@openssl.org>" 317.align 2
314___ 318___
315 319
316print $code; 320print $code;
diff --git a/src/lib/libcrypto/bn/asm/s390x-mont.pl b/src/lib/libcrypto/bn/asm/s390x-mont.pl
index d23251033b..f61246f5b6 100644
--- a/src/lib/libcrypto/bn/asm/s390x-mont.pl
+++ b/src/lib/libcrypto/bn/asm/s390x-mont.pl
@@ -69,8 +69,8 @@ bn_mul_mont:
69 cghi $num,16 # 69 cghi $num,16 #
70 lghi %r2,0 # 70 lghi %r2,0 #
71 blr %r14 # if($num<16) return 0; 71 blr %r14 # if($num<16) return 0;
72 cghi $num,128 # 72 cghi $num,96 #
73 bhr %r14 # if($num>128) return 0; 73 bhr %r14 # if($num>96) return 0;
74 74
75 stmg %r3,%r15,24($sp) 75 stmg %r3,%r15,24($sp)
76 76
diff --git a/src/lib/libcrypto/bn/asm/s390x.S b/src/lib/libcrypto/bn/asm/s390x.S
index 8f45f5d513..43fcb79bc0 100755
--- a/src/lib/libcrypto/bn/asm/s390x.S
+++ b/src/lib/libcrypto/bn/asm/s390x.S
@@ -1,4 +1,4 @@
1.ident "s390x.S, version 1.0" 1.ident "s390x.S, version 1.1"
2// ==================================================================== 2// ====================================================================
3// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL 3// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
4// project. 4// project.
@@ -24,67 +24,67 @@ bn_mul_add_words:
24 bler %r14 // if (len<=0) return 0; 24 bler %r14 // if (len<=0) return 0;
25 25
26 stmg %r6,%r10,48(%r15) 26 stmg %r6,%r10,48(%r15)
27 lghi %r10,3
27 lghi %r8,0 // carry = 0 28 lghi %r8,0 // carry = 0
28 srag %r10,%r4,2 // cnt=len/4 29 nr %r10,%r4 // len%4
29 jz .Loop1_madd 30 sra %r4,2 // cnt=len/4
31 jz .Loop1_madd // carry is incidentally cleared if branch taken
32 algr zero,zero // clear carry
30 33
31.Loop4_madd: 34.Loop4_madd:
32 lg %r7,0(%r2,%r3) // ap[i] 35 lg %r7,0(%r2,%r3) // ap[i]
33 mlgr %r6,%r5 // *=w 36 mlgr %r6,%r5 // *=w
34 algr %r7,%r8 // +=carry 37 alcgr %r7,%r8 // +=carry
35 alcgr %r6,zero 38 alcgr %r6,zero
36 alg %r7,0(%r2,%r1) // +=rp[i] 39 alg %r7,0(%r2,%r1) // +=rp[i]
37 alcgr %r6,zero
38 stg %r7,0(%r2,%r1) // rp[i]= 40 stg %r7,0(%r2,%r1) // rp[i]=
39 41
40 lg %r9,8(%r2,%r3) 42 lg %r9,8(%r2,%r3)
41 mlgr %r8,%r5 43 mlgr %r8,%r5
42 algr %r9,%r6 44 alcgr %r9,%r6
43 alcgr %r8,zero 45 alcgr %r8,zero
44 alg %r9,8(%r2,%r1) 46 alg %r9,8(%r2,%r1)
45 alcgr %r8,zero
46 stg %r9,8(%r2,%r1) 47 stg %r9,8(%r2,%r1)
47 48
48 lg %r7,16(%r2,%r3) 49 lg %r7,16(%r2,%r3)
49 mlgr %r6,%r5 50 mlgr %r6,%r5
50 algr %r7,%r8 51 alcgr %r7,%r8
51 alcgr %r6,zero 52 alcgr %r6,zero
52 alg %r7,16(%r2,%r1) 53 alg %r7,16(%r2,%r1)
53 alcgr %r6,zero
54 stg %r7,16(%r2,%r1) 54 stg %r7,16(%r2,%r1)
55 55
56 lg %r9,24(%r2,%r3) 56 lg %r9,24(%r2,%r3)
57 mlgr %r8,%r5 57 mlgr %r8,%r5
58 algr %r9,%r6 58 alcgr %r9,%r6
59 alcgr %r8,zero 59 alcgr %r8,zero
60 alg %r9,24(%r2,%r1) 60 alg %r9,24(%r2,%r1)
61 alcgr %r8,zero
62 stg %r9,24(%r2,%r1) 61 stg %r9,24(%r2,%r1)
63 62
64 la %r2,32(%r2) // i+=4 63 la %r2,32(%r2) // i+=4
65 brct %r10,.Loop4_madd 64 brct %r4,.Loop4_madd
66 65
67 lghi %r10,3 66 la %r10,1(%r10) // see if len%4 is zero ...
68 nr %r4,%r10 // cnt=len%4 67 brct %r10,.Loop1_madd // without touching condition code:-)
69 jz .Lend_madd 68
69.Lend_madd:
70 alcgr %r8,zero // collect carry bit
71 lgr %r2,%r8
72 lmg %r6,%r10,48(%r15)
73 br %r14
70 74
71.Loop1_madd: 75.Loop1_madd:
72 lg %r7,0(%r2,%r3) // ap[i] 76 lg %r7,0(%r2,%r3) // ap[i]
73 mlgr %r6,%r5 // *=w 77 mlgr %r6,%r5 // *=w
74 algr %r7,%r8 // +=carry 78 alcgr %r7,%r8 // +=carry
75 alcgr %r6,zero 79 alcgr %r6,zero
76 alg %r7,0(%r2,%r1) // +=rp[i] 80 alg %r7,0(%r2,%r1) // +=rp[i]
77 alcgr %r6,zero
78 stg %r7,0(%r2,%r1) // rp[i]= 81 stg %r7,0(%r2,%r1) // rp[i]=
79 82
80 lgr %r8,%r6 83 lgr %r8,%r6
81 la %r2,8(%r2) // i++ 84 la %r2,8(%r2) // i++
82 brct %r4,.Loop1_madd 85 brct %r10,.Loop1_madd
83 86
84.Lend_madd: 87 j .Lend_madd
85 lgr %r2,%r8
86 lmg %r6,%r10,48(%r15)
87 br %r14
88.size bn_mul_add_words,.-bn_mul_add_words 88.size bn_mul_add_words,.-bn_mul_add_words
89 89
90// BN_ULONG bn_mul_words(BN_ULONG *r2,BN_ULONG *r3,int r4,BN_ULONG r5); 90// BN_ULONG bn_mul_words(BN_ULONG *r2,BN_ULONG *r3,int r4,BN_ULONG r5);
@@ -99,57 +99,57 @@ bn_mul_words:
99 bler %r14 // if (len<=0) return 0; 99 bler %r14 // if (len<=0) return 0;
100 100
101 stmg %r6,%r10,48(%r15) 101 stmg %r6,%r10,48(%r15)
102 lghi %r10,3
102 lghi %r8,0 // carry = 0 103 lghi %r8,0 // carry = 0
103 srag %r10,%r4,2 // cnt=len/4 104 nr %r10,%r4 // len%4
104 jz .Loop1_mul 105 sra %r4,2 // cnt=len/4
106 jz .Loop1_mul // carry is incidentally cleared if branch taken
107 algr zero,zero // clear carry
105 108
106.Loop4_mul: 109.Loop4_mul:
107 lg %r7,0(%r2,%r3) // ap[i] 110 lg %r7,0(%r2,%r3) // ap[i]
108 mlgr %r6,%r5 // *=w 111 mlgr %r6,%r5 // *=w
109 algr %r7,%r8 // +=carry 112 alcgr %r7,%r8 // +=carry
110 alcgr %r6,zero
111 stg %r7,0(%r2,%r1) // rp[i]= 113 stg %r7,0(%r2,%r1) // rp[i]=
112 114
113 lg %r9,8(%r2,%r3) 115 lg %r9,8(%r2,%r3)
114 mlgr %r8,%r5 116 mlgr %r8,%r5
115 algr %r9,%r6 117 alcgr %r9,%r6
116 alcgr %r8,zero
117 stg %r9,8(%r2,%r1) 118 stg %r9,8(%r2,%r1)
118 119
119 lg %r7,16(%r2,%r3) 120 lg %r7,16(%r2,%r3)
120 mlgr %r6,%r5 121 mlgr %r6,%r5
121 algr %r7,%r8 122 alcgr %r7,%r8
122 alcgr %r6,zero
123 stg %r7,16(%r2,%r1) 123 stg %r7,16(%r2,%r1)
124 124
125 lg %r9,24(%r2,%r3) 125 lg %r9,24(%r2,%r3)
126 mlgr %r8,%r5 126 mlgr %r8,%r5
127 algr %r9,%r6 127 alcgr %r9,%r6
128 alcgr %r8,zero
129 stg %r9,24(%r2,%r1) 128 stg %r9,24(%r2,%r1)
130 129
131 la %r2,32(%r2) // i+=4 130 la %r2,32(%r2) // i+=4
132 brct %r10,.Loop4_mul 131 brct %r4,.Loop4_mul
133 132
134 lghi %r10,3 133 la %r10,1(%r10) // see if len%4 is zero ...
135 nr %r4,%r10 // cnt=len%4 134 brct %r10,.Loop1_mul // without touching condition code:-)
136 jz .Lend_mul 135
136.Lend_mul:
137 alcgr %r8,zero // collect carry bit
138 lgr %r2,%r8
139 lmg %r6,%r10,48(%r15)
140 br %r14
137 141
138.Loop1_mul: 142.Loop1_mul:
139 lg %r7,0(%r2,%r3) // ap[i] 143 lg %r7,0(%r2,%r3) // ap[i]
140 mlgr %r6,%r5 // *=w 144 mlgr %r6,%r5 // *=w
141 algr %r7,%r8 // +=carry 145 alcgr %r7,%r8 // +=carry
142 alcgr %r6,zero
143 stg %r7,0(%r2,%r1) // rp[i]= 146 stg %r7,0(%r2,%r1) // rp[i]=
144 147
145 lgr %r8,%r6 148 lgr %r8,%r6
146 la %r2,8(%r2) // i++ 149 la %r2,8(%r2) // i++
147 brct %r4,.Loop1_mul 150 brct %r10,.Loop1_mul
148 151
149.Lend_mul: 152 j .Lend_mul
150 lgr %r2,%r8
151 lmg %r6,%r10,48(%r15)
152 br %r14
153.size bn_mul_words,.-bn_mul_words 153.size bn_mul_words,.-bn_mul_words
154 154
155// void bn_sqr_words(BN_ULONG *r2,BN_ULONG *r2,int r4) 155// void bn_sqr_words(BN_ULONG *r2,BN_ULONG *r2,int r4)
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
index e484b7fc11..a0bc47837d 100644
--- a/src/lib/libcrypto/bn/bn.h
+++ b/src/lib/libcrypto/bn/bn.h
@@ -253,6 +253,24 @@ extern "C" {
253#define BN_HEX_FMT2 "%08X" 253#define BN_HEX_FMT2 "%08X"
254#endif 254#endif
255 255
256/* 2011-02-22 SMS.
257 * In various places, a size_t variable or a type cast to size_t was
258 * used to perform integer-only operations on pointers. This failed on
259 * VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t is
260 * still only 32 bits. What's needed in these cases is an integer type
261 * with the same size as a pointer, which size_t is not certain to be.
262 * The only fix here is VMS-specific.
263 */
264#if defined(OPENSSL_SYS_VMS)
265# if __INITIAL_POINTER_SIZE == 64
266# define PTR_SIZE_INT long long
267# else /* __INITIAL_POINTER_SIZE == 64 */
268# define PTR_SIZE_INT int
269# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
270#else /* defined(OPENSSL_SYS_VMS) */
271# define PTR_SIZE_INT size_t
272#endif /* defined(OPENSSL_SYS_VMS) [else] */
273
256#define BN_DEFAULT_BITS 1280 274#define BN_DEFAULT_BITS 1280
257 275
258#define BN_FLG_MALLOCED 0x01 276#define BN_FLG_MALLOCED 0x01
diff --git a/src/lib/libcrypto/bn/bn_exp2.c b/src/lib/libcrypto/bn/bn_exp2.c
index b3f43cec8c..bd0c34b91b 100644
--- a/src/lib/libcrypto/bn/bn_exp2.c
+++ b/src/lib/libcrypto/bn/bn_exp2.c
@@ -301,7 +301,8 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
301 r_is_one = 0; 301 r_is_one = 0;
302 } 302 }
303 } 303 }
304 BN_from_montgomery(rr,r,mont,ctx); 304 if (!BN_from_montgomery(rr,r,mont,ctx))
305 goto err;
305 ret=1; 306 ret=1;
306err: 307err:
307 if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); 308 if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
diff --git a/src/lib/libcrypto/bn/bn_gf2m.c b/src/lib/libcrypto/bn/bn_gf2m.c
index 527b0fa15b..432a3aa338 100644
--- a/src/lib/libcrypto/bn/bn_gf2m.c
+++ b/src/lib/libcrypto/bn/bn_gf2m.c
@@ -545,6 +545,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
545 { 545 {
546 while (!BN_is_odd(u)) 546 while (!BN_is_odd(u))
547 { 547 {
548 if (BN_is_zero(u)) goto err;
548 if (!BN_rshift1(u, u)) goto err; 549 if (!BN_rshift1(u, u)) goto err;
549 if (BN_is_odd(b)) 550 if (BN_is_odd(b))
550 { 551 {
diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c
index 7224637ab3..1a866880f5 100644
--- a/src/lib/libcrypto/bn/bn_mont.c
+++ b/src/lib/libcrypto/bn/bn_mont.c
@@ -277,7 +277,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
277 m1|=m2; /* (al!=ri) */ 277 m1|=m2; /* (al!=ri) */
278 m1|=(0-(size_t)v); /* (al!=ri || v) */ 278 m1|=(0-(size_t)v); /* (al!=ri || v) */
279 m1&=~m2; /* (al!=ri || v) && !al>ri */ 279 m1&=~m2; /* (al!=ri || v) && !al>ri */
280 nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); 280 nrp=(BN_ULONG *)(((PTR_SIZE_INT)rp&~m1)|((PTR_SIZE_INT)ap&m1));
281 } 281 }
282 282
283 /* 'i<ri' is chosen to eliminate dependency on input data, even 283 /* 'i<ri' is chosen to eliminate dependency on input data, even
diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c
index a0e9ec3b46..12e5be80eb 100644
--- a/src/lib/libcrypto/bn/bn_mul.c
+++ b/src/lib/libcrypto/bn/bn_mul.c
@@ -551,7 +551,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
551 int tna, int tnb, BN_ULONG *t) 551 int tna, int tnb, BN_ULONG *t)
552 { 552 {
553 int i,j,n2=n*2; 553 int i,j,n2=n*2;
554 int c1,c2,neg,zero; 554 int c1,c2,neg;
555 BN_ULONG ln,lo,*p; 555 BN_ULONG ln,lo,*p;
556 556
557# ifdef BN_COUNT 557# ifdef BN_COUNT
@@ -567,7 +567,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
567 /* r=(a[0]-a[1])*(b[1]-b[0]) */ 567 /* r=(a[0]-a[1])*(b[1]-b[0]) */
568 c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); 568 c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
569 c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); 569 c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
570 zero=neg=0; 570 neg=0;
571 switch (c1*3+c2) 571 switch (c1*3+c2)
572 { 572 {
573 case -4: 573 case -4:
@@ -575,7 +575,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
575 bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ 575 bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
576 break; 576 break;
577 case -3: 577 case -3:
578 zero=1;
579 /* break; */ 578 /* break; */
580 case -2: 579 case -2:
581 bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ 580 bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
@@ -585,7 +584,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
585 case -1: 584 case -1:
586 case 0: 585 case 0:
587 case 1: 586 case 1:
588 zero=1;
589 /* break; */ 587 /* break; */
590 case 2: 588 case 2:
591 bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ 589 bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */
@@ -593,7 +591,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
593 neg=1; 591 neg=1;
594 break; 592 break;
595 case 3: 593 case 3:
596 zero=1;
597 /* break; */ 594 /* break; */
598 case 4: 595 case 4:
599 bn_sub_part_words(t, a, &(a[n]),tna,n-tna); 596 bn_sub_part_words(t, a, &(a[n]),tna,n-tna);
@@ -1012,7 +1009,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
1012 { 1009 {
1013 if (i >= -1 && i <= 1) 1010 if (i >= -1 && i <= 1)
1014 { 1011 {
1015 int sav_j =0;
1016 /* Find out the power of two lower or equal 1012 /* Find out the power of two lower or equal
1017 to the longest of the two numbers */ 1013 to the longest of the two numbers */
1018 if (i >= 0) 1014 if (i >= 0)
@@ -1023,7 +1019,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
1023 { 1019 {
1024 j = BN_num_bits_word((BN_ULONG)bl); 1020 j = BN_num_bits_word((BN_ULONG)bl);
1025 } 1021 }
1026 sav_j = j;
1027 j = 1<<(j-1); 1022 j = 1<<(j-1);
1028 assert(j <= al || j <= bl); 1023 assert(j <= al || j <= bl);
1029 k = j+j; 1024 k = j+j;
diff --git a/src/lib/libcrypto/bn/bn_nist.c b/src/lib/libcrypto/bn/bn_nist.c
index 2ca5b01391..c6de032696 100644
--- a/src/lib/libcrypto/bn/bn_nist.c
+++ b/src/lib/libcrypto/bn/bn_nist.c
@@ -354,7 +354,7 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
354 buf[BN_NIST_192_TOP], 354 buf[BN_NIST_192_TOP],
355 c_d[BN_NIST_192_TOP], 355 c_d[BN_NIST_192_TOP],
356 *res; 356 *res;
357 size_t mask; 357 PTR_SIZE_INT mask;
358 static const BIGNUM _bignum_nist_p_192_sqr = { 358 static const BIGNUM _bignum_nist_p_192_sqr = {
359 (BN_ULONG *)_nist_p_192_sqr, 359 (BN_ULONG *)_nist_p_192_sqr,
360 sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]), 360 sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]),
@@ -405,9 +405,10 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
405 * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' 405 * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
406 * this is what happens below, but without explicit if:-) a. 406 * this is what happens below, but without explicit if:-) a.
407 */ 407 */
408 mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); 408 mask = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
409 mask &= 0-(size_t)carry; 409 mask &= 0-(PTR_SIZE_INT)carry;
410 res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); 410 res = (BN_ULONG *)
411 (((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask));
411 nist_cp_bn(r_d, res, BN_NIST_192_TOP); 412 nist_cp_bn(r_d, res, BN_NIST_192_TOP);
412 r->top = BN_NIST_192_TOP; 413 r->top = BN_NIST_192_TOP;
413 bn_correct_top(r); 414 bn_correct_top(r);
@@ -438,8 +439,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
438 buf[BN_NIST_224_TOP], 439 buf[BN_NIST_224_TOP],
439 c_d[BN_NIST_224_TOP], 440 c_d[BN_NIST_224_TOP],
440 *res; 441 *res;
441 size_t mask; 442 PTR_SIZE_INT mask;
442 union { bn_addsub_f f; size_t p; } u; 443 union { bn_addsub_f f; PTR_SIZE_INT p; } u;
443 static const BIGNUM _bignum_nist_p_224_sqr = { 444 static const BIGNUM _bignum_nist_p_224_sqr = {
444 (BN_ULONG *)_nist_p_224_sqr, 445 (BN_ULONG *)_nist_p_224_sqr,
445 sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]), 446 sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]),
@@ -510,16 +511,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
510 * to be compared to the modulus and conditionally 511 * to be compared to the modulus and conditionally
511 * adjusted by *subtracting* the latter. */ 512 * adjusted by *subtracting* the latter. */
512 carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP); 513 carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP);
513 mask = 0-(size_t)carry; 514 mask = 0-(PTR_SIZE_INT)carry;
514 u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); 515 u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
516 ((PTR_SIZE_INT)bn_add_words&~mask);
515 } 517 }
516 else 518 else
517 carry = 1; 519 carry = 1;
518 520
519 /* otherwise it's effectively same as in BN_nist_mod_192... */ 521 /* otherwise it's effectively same as in BN_nist_mod_192... */
520 mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP); 522 mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
521 mask &= 0-(size_t)carry; 523 mask &= 0-(PTR_SIZE_INT)carry;
522 res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); 524 res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
525 ((PTR_SIZE_INT)r_d&mask));
523 nist_cp_bn(r_d, res, BN_NIST_224_TOP); 526 nist_cp_bn(r_d, res, BN_NIST_224_TOP);
524 r->top = BN_NIST_224_TOP; 527 r->top = BN_NIST_224_TOP;
525 bn_correct_top(r); 528 bn_correct_top(r);
@@ -549,8 +552,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
549 buf[BN_NIST_256_TOP], 552 buf[BN_NIST_256_TOP],
550 c_d[BN_NIST_256_TOP], 553 c_d[BN_NIST_256_TOP],
551 *res; 554 *res;
552 size_t mask; 555 PTR_SIZE_INT mask;
553 union { bn_addsub_f f; size_t p; } u; 556 union { bn_addsub_f f; PTR_SIZE_INT p; } u;
554 static const BIGNUM _bignum_nist_p_256_sqr = { 557 static const BIGNUM _bignum_nist_p_256_sqr = {
555 (BN_ULONG *)_nist_p_256_sqr, 558 (BN_ULONG *)_nist_p_256_sqr,
556 sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]), 559 sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]),
@@ -629,15 +632,17 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
629 else if (carry < 0) 632 else if (carry < 0)
630 { 633 {
631 carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP); 634 carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP);
632 mask = 0-(size_t)carry; 635 mask = 0-(PTR_SIZE_INT)carry;
633 u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); 636 u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
637 ((PTR_SIZE_INT)bn_add_words&~mask);
634 } 638 }
635 else 639 else
636 carry = 1; 640 carry = 1;
637 641
638 mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); 642 mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
639 mask &= 0-(size_t)carry; 643 mask &= 0-(PTR_SIZE_INT)carry;
640 res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); 644 res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
645 ((PTR_SIZE_INT)r_d&mask));
641 nist_cp_bn(r_d, res, BN_NIST_256_TOP); 646 nist_cp_bn(r_d, res, BN_NIST_256_TOP);
642 r->top = BN_NIST_256_TOP; 647 r->top = BN_NIST_256_TOP;
643 bn_correct_top(r); 648 bn_correct_top(r);
@@ -671,8 +676,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
671 buf[BN_NIST_384_TOP], 676 buf[BN_NIST_384_TOP],
672 c_d[BN_NIST_384_TOP], 677 c_d[BN_NIST_384_TOP],
673 *res; 678 *res;
674 size_t mask; 679 PTR_SIZE_INT mask;
675 union { bn_addsub_f f; size_t p; } u; 680 union { bn_addsub_f f; PTR_SIZE_INT p; } u;
676 static const BIGNUM _bignum_nist_p_384_sqr = { 681 static const BIGNUM _bignum_nist_p_384_sqr = {
677 (BN_ULONG *)_nist_p_384_sqr, 682 (BN_ULONG *)_nist_p_384_sqr,
678 sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]), 683 sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]),
@@ -754,15 +759,17 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
754 else if (carry < 0) 759 else if (carry < 0)
755 { 760 {
756 carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP); 761 carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP);
757 mask = 0-(size_t)carry; 762 mask = 0-(PTR_SIZE_INT)carry;
758 u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); 763 u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
764 ((PTR_SIZE_INT)bn_add_words&~mask);
759 } 765 }
760 else 766 else
761 carry = 1; 767 carry = 1;
762 768
763 mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP); 769 mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
764 mask &= 0-(size_t)carry; 770 mask &= 0-(PTR_SIZE_INT)carry;
765 res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); 771 res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
772 ((PTR_SIZE_INT)r_d&mask));
766 nist_cp_bn(r_d, res, BN_NIST_384_TOP); 773 nist_cp_bn(r_d, res, BN_NIST_384_TOP);
767 r->top = BN_NIST_384_TOP; 774 r->top = BN_NIST_384_TOP;
768 bn_correct_top(r); 775 bn_correct_top(r);
@@ -781,7 +788,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
781 BN_ULONG *r_d, *a_d = a->d, 788 BN_ULONG *r_d, *a_d = a->d,
782 t_d[BN_NIST_521_TOP], 789 t_d[BN_NIST_521_TOP],
783 val,tmp,*res; 790 val,tmp,*res;
784 size_t mask; 791 PTR_SIZE_INT mask;
785 static const BIGNUM _bignum_nist_p_521_sqr = { 792 static const BIGNUM _bignum_nist_p_521_sqr = {
786 (BN_ULONG *)_nist_p_521_sqr, 793 (BN_ULONG *)_nist_p_521_sqr,
787 sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]), 794 sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]),
@@ -826,8 +833,9 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
826 r_d[i] &= BN_NIST_521_TOP_MASK; 833 r_d[i] &= BN_NIST_521_TOP_MASK;
827 834
828 bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP); 835 bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
829 mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP); 836 mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
830 res = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask)); 837 res = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) |
838 ((PTR_SIZE_INT)r_d&mask));
831 nist_cp_bn(r_d,res,BN_NIST_521_TOP); 839 nist_cp_bn(r_d,res,BN_NIST_521_TOP);
832 r->top = BN_NIST_521_TOP; 840 r->top = BN_NIST_521_TOP;
833 bn_correct_top(r); 841 bn_correct_top(r);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 01:05:44 +0000