summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/bn/bn_mont.c68
1 files changed, 48 insertions, 20 deletions
diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c
index 5dcd548f85..d2ca4404f9 100644
--- a/src/lib/libcrypto/bn/bn_mont.c
+++ b/src/lib/libcrypto/bn/bn_mont.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_mont.c,v 1.48 2023/03/07 06:05:06 jsing Exp $ */ 1/* $OpenBSD: bn_mont.c,v 1.49 2023/03/07 06:15:09 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -305,28 +305,13 @@ BN_MONT_CTX_set_locked(BN_MONT_CTX **pmctx, int lock, const BIGNUM *mod,
305 305
306static int bn_montgomery_reduce(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mctx); 306static int bn_montgomery_reduce(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mctx);
307 307
308int 308static int
309BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 309bn_mod_mul_montgomery_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
310 BN_MONT_CTX *mctx, BN_CTX *ctx) 310 BN_MONT_CTX *mctx, BN_CTX *ctx)
311{ 311{
312 BIGNUM *tmp; 312 BIGNUM *tmp;
313 int ret = 0; 313 int ret = 0;
314 314
315#if defined(OPENSSL_BN_ASM_MONT)
316 int num = mctx->N.top;
317
318 if (num > 1 && a->top == num && b->top == num) {
319 if (!bn_wexpand(r, num))
320 return (0);
321 if (bn_mul_mont(r->d, a->d, b->d, mctx->N.d, mctx->n0, num)) {
322 r->top = num;
323 bn_correct_top(r);
324 BN_set_negative(r, a->neg ^ b->neg);
325 return (1);
326 }
327 }
328#endif
329
330 BN_CTX_start(ctx); 315 BN_CTX_start(ctx);
331 316
332 if ((tmp = BN_CTX_get(ctx)) == NULL) 317 if ((tmp = BN_CTX_get(ctx)) == NULL)
@@ -351,11 +336,54 @@ BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
351 return ret; 336 return ret;
352} 337}
353 338
339#ifndef OPENSSL_BN_ASM_MONT
340int
341bn_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
342 BN_MONT_CTX *mctx, BN_CTX *ctx)
343{
344 return bn_mod_mul_montgomery_simple(r, a, b, mctx, ctx);
345}
346#else
347
348int
349bn_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
350 BN_MONT_CTX *mctx, BN_CTX *ctx)
351{
352 if (mctx->N.top <= 1 || a->top != mctx->N.top || b->top != mctx->N.top)
353 return bn_mod_mul_montgomery_simple(r, a, b, mctx, ctx);
354
355 if (!bn_wexpand(r, mctx->N.top))
356 return 0;
357
358 /*
359 * Legacy bn_mul_mont() can indicate that we should "fallback" to
360 * another implementation.
361 */
362 if (!bn_mul_mont(r->d, a->d, b->d, mctx->N.d, mctx->n0, mctx->N.top))
363 return bn_mod_mul_montgomery_simple(r, a, b, mctx, ctx);
364
365 r->top = mctx->N.top;
366 bn_correct_top(r);
367
368 BN_set_negative(r, a->neg ^ b->neg);
369
370 return (1);
371}
372#endif
373
374int
375BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
376 BN_MONT_CTX *mctx, BN_CTX *ctx)
377{
378 /* Compute r = aR * bR * R^-1 mod N = abR mod N */
379 return bn_mod_mul_montgomery(r, a, b, mctx, ctx);
380}
381
354int 382int
355BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx) 383BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mctx, BN_CTX *ctx)
356{ 384{
357 /* Compute r = a * R * R * R^-1 mod N = aR mod N */ 385 /* Compute r = a * R * R * R^-1 mod N = aR mod N */
358 return BN_mod_mul_montgomery(r, a, &mont->RR, mont, ctx); 386 return bn_mod_mul_montgomery(r, a, &mctx->RR, mctx, ctx);
359} 387}
360 388
361/* 389/*
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-01 15:37:57 +0000