| OLD | NEW |
|---|
| 1 /* crypto/bn/bn_nist.c */ | 1 /* crypto/bn/bn_nist.c */ |
| 2 /* | 2 /* |
| 3 * Written by Nils Larsch for the OpenSSL project | 3 * Written by Nils Larsch for the OpenSSL project |
| 4 */ | 4 */ |
| 5 /* ==================================================================== | 5 /* ==================================================================== |
| 6 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. | 6 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. |
| 7 * | 7 * |
| 8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
| 9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
| 10 * are met: | 10 * are met: |
| (...skipping 336 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 347 int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, | 347 int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, |
| 348 BN_CTX *ctx) | 348 BN_CTX *ctx) |
| 349 { | 349 { |
| 350 int top = a->top, i; | 350 int top = a->top, i; |
| 351 int carry; | 351 int carry; |
| 352 register BN_ULONG *r_d, *a_d = a->d; | 352 register BN_ULONG *r_d, *a_d = a->d; |
| 353 BN_ULONG t_d[BN_NIST_192_TOP], | 353 BN_ULONG t_d[BN_NIST_192_TOP], |
| 354 buf[BN_NIST_192_TOP], | 354 buf[BN_NIST_192_TOP], |
| 355 c_d[BN_NIST_192_TOP], | 355 c_d[BN_NIST_192_TOP], |
| 356 *res; | 356 *res; |
| 357 » size_t mask; | 357 » PTR_SIZE_INT mask; |
| 358 static const BIGNUM _bignum_nist_p_192_sqr = { | 358 static const BIGNUM _bignum_nist_p_192_sqr = { |
| 359 (BN_ULONG *)_nist_p_192_sqr, | 359 (BN_ULONG *)_nist_p_192_sqr, |
| 360 sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]), | 360 sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]), |
| 361 sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]), | 361 sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]), |
| 362 0,BN_FLG_STATIC_DATA }; | 362 0,BN_FLG_STATIC_DATA }; |
| 363 | 363 |
| 364 field = &_bignum_nist_p_192; /* just to make sure */ | 364 field = &_bignum_nist_p_192; /* just to make sure */ |
| 365 | 365 |
| 366 if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_192_sqr)>=0) | 366 if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_192_sqr)>=0) |
| 367 return BN_nnmod(r, a, field, ctx); | 367 return BN_nnmod(r, a, field, ctx); |
| (...skipping 30 matching lines...) Expand all Loading... |
| 398 carry = (int)bn_sub_words(r_d,r_d,_nist_p_192[carry-1],BN_NIST_1
92_TOP); | 398 carry = (int)bn_sub_words(r_d,r_d,_nist_p_192[carry-1],BN_NIST_1
92_TOP); |
| 399 else | 399 else |
| 400 carry = 1; | 400 carry = 1; |
| 401 | 401 |
| 402 /* | 402 /* |
| 403 * we need 'if (carry==0 || result>=modulus) result-=modulus;' | 403 * we need 'if (carry==0 || result>=modulus) result-=modulus;' |
| 404 * as comparison implies subtraction, we can write | 404 * as comparison implies subtraction, we can write |
| 405 * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' | 405 * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' |
| 406 * this is what happens below, but without explicit if:-) a. | 406 * this is what happens below, but without explicit if:-) a. |
| 407 */ | 407 */ |
| 408 » mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); | 408 » mask = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_
TOP); |
| 409 » mask &= 0-(size_t)carry; | 409 » mask &= 0-(PTR_SIZE_INT)carry; |
| 410 » res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); | 410 » res = (BN_ULONG *) |
| 411 » (((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask)); |
| 411 nist_cp_bn(r_d, res, BN_NIST_192_TOP); | 412 nist_cp_bn(r_d, res, BN_NIST_192_TOP); |
| 412 r->top = BN_NIST_192_TOP; | 413 r->top = BN_NIST_192_TOP; |
| 413 bn_correct_top(r); | 414 bn_correct_top(r); |
| 414 | 415 |
| 415 return 1; | 416 return 1; |
| 416 } | 417 } |
| 417 | 418 |
| 418 typedef BN_ULONG (*bn_addsub_f)(BN_ULONG *,const BN_ULONG *,const BN_ULONG *,int
); | 419 typedef BN_ULONG (*bn_addsub_f)(BN_ULONG *,const BN_ULONG *,const BN_ULONG *,int
); |
| 419 | 420 |
| 420 #define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \ | 421 #define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \ |
| (...skipping 10 matching lines...) Expand all Loading... |
| 431 int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, | 432 int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, |
| 432 BN_CTX *ctx) | 433 BN_CTX *ctx) |
| 433 { | 434 { |
| 434 int top = a->top, i; | 435 int top = a->top, i; |
| 435 int carry; | 436 int carry; |
| 436 BN_ULONG *r_d, *a_d = a->d; | 437 BN_ULONG *r_d, *a_d = a->d; |
| 437 BN_ULONG t_d[BN_NIST_224_TOP], | 438 BN_ULONG t_d[BN_NIST_224_TOP], |
| 438 buf[BN_NIST_224_TOP], | 439 buf[BN_NIST_224_TOP], |
| 439 c_d[BN_NIST_224_TOP], | 440 c_d[BN_NIST_224_TOP], |
| 440 *res; | 441 *res; |
| 441 » size_t mask; | 442 » PTR_SIZE_INT mask; |
| 442 » union { bn_addsub_f f; size_t p; } u; | 443 » union { bn_addsub_f f; PTR_SIZE_INT p; } u; |
| 443 static const BIGNUM _bignum_nist_p_224_sqr = { | 444 static const BIGNUM _bignum_nist_p_224_sqr = { |
| 444 (BN_ULONG *)_nist_p_224_sqr, | 445 (BN_ULONG *)_nist_p_224_sqr, |
| 445 sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]), | 446 sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]), |
| 446 sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]), | 447 sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]), |
| 447 0,BN_FLG_STATIC_DATA }; | 448 0,BN_FLG_STATIC_DATA }; |
| 448 | 449 |
| 449 | 450 |
| 450 field = &_bignum_nist_p_224; /* just to make sure */ | 451 field = &_bignum_nist_p_224; /* just to make sure */ |
| 451 | 452 |
| 452 if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_224_sqr)>=0) | 453 if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_224_sqr)>=0) |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 503 } | 504 } |
| 504 else if (carry < 0) | 505 else if (carry < 0) |
| 505 { | 506 { |
| 506 /* it's a bit more comlicated logic in this case. | 507 /* it's a bit more comlicated logic in this case. |
| 507 * if bn_add_words yields no carry, then result | 508 * if bn_add_words yields no carry, then result |
| 508 * has to be adjusted by unconditionally *adding* | 509 * has to be adjusted by unconditionally *adding* |
| 509 * the modulus. but if it does, then result has | 510 * the modulus. but if it does, then result has |
| 510 * to be compared to the modulus and conditionally | 511 * to be compared to the modulus and conditionally |
| 511 * adjusted by *subtracting* the latter. */ | 512 * adjusted by *subtracting* the latter. */ |
| 512 carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_
224_TOP); | 513 carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_
224_TOP); |
| 513 » » mask = 0-(size_t)carry; | 514 » » mask = 0-(PTR_SIZE_INT)carry; |
| 514 » » u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask)
; | 515 » » u.p = ((PTR_SIZE_INT)bn_sub_words&mask) | |
| 516 » » ((PTR_SIZE_INT)bn_add_words&~mask); |
| 515 } | 517 } |
| 516 else | 518 else |
| 517 carry = 1; | 519 carry = 1; |
| 518 | 520 |
| 519 /* otherwise it's effectively same as in BN_nist_mod_192... */ | 521 /* otherwise it's effectively same as in BN_nist_mod_192... */ |
| 520 » mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP); | 522 » mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP); |
| 521 » mask &= 0-(size_t)carry; | 523 » mask &= 0-(PTR_SIZE_INT)carry; |
| 522 » res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); | 524 » res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) | |
| 525 » ((PTR_SIZE_INT)r_d&mask)); |
| 523 nist_cp_bn(r_d, res, BN_NIST_224_TOP); | 526 nist_cp_bn(r_d, res, BN_NIST_224_TOP); |
| 524 r->top = BN_NIST_224_TOP; | 527 r->top = BN_NIST_224_TOP; |
| 525 bn_correct_top(r); | 528 bn_correct_top(r); |
| 526 | 529 |
| 527 return 1; | 530 return 1; |
| 528 } | 531 } |
| 529 | 532 |
| 530 #define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \ | 533 #define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \ |
| 531 { \ | 534 { \ |
| 532 bn_cp_32(to, 0, from, (a8) - 8) \ | 535 bn_cp_32(to, 0, from, (a8) - 8) \ |
| 533 bn_cp_32(to, 1, from, (a7) - 8) \ | 536 bn_cp_32(to, 1, from, (a7) - 8) \ |
| 534 bn_cp_32(to, 2, from, (a6) - 8) \ | 537 bn_cp_32(to, 2, from, (a6) - 8) \ |
| 535 bn_cp_32(to, 3, from, (a5) - 8) \ | 538 bn_cp_32(to, 3, from, (a5) - 8) \ |
| 536 bn_cp_32(to, 4, from, (a4) - 8) \ | 539 bn_cp_32(to, 4, from, (a4) - 8) \ |
| 537 bn_cp_32(to, 5, from, (a3) - 8) \ | 540 bn_cp_32(to, 5, from, (a3) - 8) \ |
| 538 bn_cp_32(to, 6, from, (a2) - 8) \ | 541 bn_cp_32(to, 6, from, (a2) - 8) \ |
| 539 bn_cp_32(to, 7, from, (a1) - 8) \ | 542 bn_cp_32(to, 7, from, (a1) - 8) \ |
| 540 } | 543 } |
| 541 | 544 |
| 542 int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, | 545 int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, |
| 543 BN_CTX *ctx) | 546 BN_CTX *ctx) |
| 544 { | 547 { |
| 545 int i, top = a->top; | 548 int i, top = a->top; |
| 546 int carry = 0; | 549 int carry = 0; |
| 547 register BN_ULONG *a_d = a->d, *r_d; | 550 register BN_ULONG *a_d = a->d, *r_d; |
| 548 BN_ULONG t_d[BN_NIST_256_TOP], | 551 BN_ULONG t_d[BN_NIST_256_TOP], |
| 549 buf[BN_NIST_256_TOP], | 552 buf[BN_NIST_256_TOP], |
| 550 c_d[BN_NIST_256_TOP], | 553 c_d[BN_NIST_256_TOP], |
| 551 *res; | 554 *res; |
| 552 » size_t mask; | 555 » PTR_SIZE_INT mask; |
| 553 » union { bn_addsub_f f; size_t p; } u; | 556 » union { bn_addsub_f f; PTR_SIZE_INT p; } u; |
| 554 static const BIGNUM _bignum_nist_p_256_sqr = { | 557 static const BIGNUM _bignum_nist_p_256_sqr = { |
| 555 (BN_ULONG *)_nist_p_256_sqr, | 558 (BN_ULONG *)_nist_p_256_sqr, |
| 556 sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]), | 559 sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]), |
| 557 sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]), | 560 sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]), |
| 558 0,BN_FLG_STATIC_DATA }; | 561 0,BN_FLG_STATIC_DATA }; |
| 559 | 562 |
| 560 field = &_bignum_nist_p_256; /* just to make sure */ | 563 field = &_bignum_nist_p_256; /* just to make sure */ |
| 561 | 564 |
| 562 if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_256_sqr)>=0) | 565 if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_256_sqr)>=0) |
| 563 return BN_nnmod(r, a, field, ctx); | 566 return BN_nnmod(r, a, field, ctx); |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 622 nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14); | 625 nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14); |
| 623 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); | 626 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); |
| 624 | 627 |
| 625 /* see BN_nist_mod_224 for explanation */ | 628 /* see BN_nist_mod_224 for explanation */ |
| 626 u.f = bn_sub_words; | 629 u.f = bn_sub_words; |
| 627 if (carry > 0) | 630 if (carry > 0) |
| 628 carry = (int)bn_sub_words(r_d,r_d,_nist_p_256[carry-1],BN_NIST_2
56_TOP); | 631 carry = (int)bn_sub_words(r_d,r_d,_nist_p_256[carry-1],BN_NIST_2
56_TOP); |
| 629 else if (carry < 0) | 632 else if (carry < 0) |
| 630 { | 633 { |
| 631 carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_
256_TOP); | 634 carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_
256_TOP); |
| 632 » » mask = 0-(size_t)carry; | 635 » » mask = 0-(PTR_SIZE_INT)carry; |
| 633 » » u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask)
; | 636 » » u.p = ((PTR_SIZE_INT)bn_sub_words&mask) | |
| 637 » » ((PTR_SIZE_INT)bn_add_words&~mask); |
| 634 } | 638 } |
| 635 else | 639 else |
| 636 carry = 1; | 640 carry = 1; |
| 637 | 641 |
| 638 » mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); | 642 » mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); |
| 639 » mask &= 0-(size_t)carry; | 643 » mask &= 0-(PTR_SIZE_INT)carry; |
| 640 » res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); | 644 » res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) | |
| 645 » ((PTR_SIZE_INT)r_d&mask)); |
| 641 nist_cp_bn(r_d, res, BN_NIST_256_TOP); | 646 nist_cp_bn(r_d, res, BN_NIST_256_TOP); |
| 642 r->top = BN_NIST_256_TOP; | 647 r->top = BN_NIST_256_TOP; |
| 643 bn_correct_top(r); | 648 bn_correct_top(r); |
| 644 | 649 |
| 645 return 1; | 650 return 1; |
| 646 } | 651 } |
| 647 | 652 |
| 648 #define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \ | 653 #define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \ |
| 649 { \ | 654 { \ |
| 650 bn_cp_32(to, 0, from, (a12) - 12) \ | 655 bn_cp_32(to, 0, from, (a12) - 12) \ |
| (...skipping 13 matching lines...) Expand all Loading... |
| 664 int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, | 669 int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, |
| 665 BN_CTX *ctx) | 670 BN_CTX *ctx) |
| 666 { | 671 { |
| 667 int i, top = a->top; | 672 int i, top = a->top; |
| 668 int carry = 0; | 673 int carry = 0; |
| 669 register BN_ULONG *r_d, *a_d = a->d; | 674 register BN_ULONG *r_d, *a_d = a->d; |
| 670 BN_ULONG t_d[BN_NIST_384_TOP], | 675 BN_ULONG t_d[BN_NIST_384_TOP], |
| 671 buf[BN_NIST_384_TOP], | 676 buf[BN_NIST_384_TOP], |
| 672 c_d[BN_NIST_384_TOP], | 677 c_d[BN_NIST_384_TOP], |
| 673 *res; | 678 *res; |
| 674 » size_t» mask; | 679 » PTR_SIZE_INT mask; |
| 675 » union { bn_addsub_f f; size_t p; } u; | 680 » union { bn_addsub_f f; PTR_SIZE_INT p; } u; |
| 676 static const BIGNUM _bignum_nist_p_384_sqr = { | 681 static const BIGNUM _bignum_nist_p_384_sqr = { |
| 677 (BN_ULONG *)_nist_p_384_sqr, | 682 (BN_ULONG *)_nist_p_384_sqr, |
| 678 sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]), | 683 sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]), |
| 679 sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]), | 684 sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]), |
| 680 0,BN_FLG_STATIC_DATA }; | 685 0,BN_FLG_STATIC_DATA }; |
| 681 | 686 |
| 682 | 687 |
| 683 field = &_bignum_nist_p_384; /* just to make sure */ | 688 field = &_bignum_nist_p_384; /* just to make sure */ |
| 684 | 689 |
| 685 if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_384_sqr)>=0) | 690 if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_384_sqr)>=0) |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 747 nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0); | 752 nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0); |
| 748 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); | 753 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); |
| 749 | 754 |
| 750 /* see BN_nist_mod_224 for explanation */ | 755 /* see BN_nist_mod_224 for explanation */ |
| 751 u.f = bn_sub_words; | 756 u.f = bn_sub_words; |
| 752 if (carry > 0) | 757 if (carry > 0) |
| 753 carry = (int)bn_sub_words(r_d,r_d,_nist_p_384[carry-1],BN_NIST_3
84_TOP); | 758 carry = (int)bn_sub_words(r_d,r_d,_nist_p_384[carry-1],BN_NIST_3
84_TOP); |
| 754 else if (carry < 0) | 759 else if (carry < 0) |
| 755 { | 760 { |
| 756 carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_
384_TOP); | 761 carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_
384_TOP); |
| 757 » » mask = 0-(size_t)carry; | 762 » » mask = 0-(PTR_SIZE_INT)carry; |
| 758 » » u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask)
; | 763 » » u.p = ((PTR_SIZE_INT)bn_sub_words&mask) | |
| 764 » » ((PTR_SIZE_INT)bn_add_words&~mask); |
| 759 } | 765 } |
| 760 else | 766 else |
| 761 carry = 1; | 767 carry = 1; |
| 762 | 768 |
| 763 » mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP); | 769 » mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP); |
| 764 » mask &= 0-(size_t)carry; | 770 » mask &= 0-(PTR_SIZE_INT)carry; |
| 765 » res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); | 771 » res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) | |
| 772 » ((PTR_SIZE_INT)r_d&mask)); |
| 766 nist_cp_bn(r_d, res, BN_NIST_384_TOP); | 773 nist_cp_bn(r_d, res, BN_NIST_384_TOP); |
| 767 r->top = BN_NIST_384_TOP; | 774 r->top = BN_NIST_384_TOP; |
| 768 bn_correct_top(r); | 775 bn_correct_top(r); |
| 769 | 776 |
| 770 return 1; | 777 return 1; |
| 771 } | 778 } |
| 772 | 779 |
| 773 #define BN_NIST_521_RSHIFT (521%BN_BITS2) | 780 #define BN_NIST_521_RSHIFT (521%BN_BITS2) |
| 774 #define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT) | 781 #define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT) |
| 775 #define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT) | 782 #define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT) |
| 776 | 783 |
| 777 int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, | 784 int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, |
| 778 BN_CTX *ctx) | 785 BN_CTX *ctx) |
| 779 { | 786 { |
| 780 int top = a->top, i; | 787 int top = a->top, i; |
| 781 BN_ULONG *r_d, *a_d = a->d, | 788 BN_ULONG *r_d, *a_d = a->d, |
| 782 t_d[BN_NIST_521_TOP], | 789 t_d[BN_NIST_521_TOP], |
| 783 val,tmp,*res; | 790 val,tmp,*res; |
| 784 » size_t» mask; | 791 » PTR_SIZE_INT mask; |
| 785 static const BIGNUM _bignum_nist_p_521_sqr = { | 792 static const BIGNUM _bignum_nist_p_521_sqr = { |
| 786 (BN_ULONG *)_nist_p_521_sqr, | 793 (BN_ULONG *)_nist_p_521_sqr, |
| 787 sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]), | 794 sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]), |
| 788 sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]), | 795 sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]), |
| 789 0,BN_FLG_STATIC_DATA }; | 796 0,BN_FLG_STATIC_DATA }; |
| 790 | 797 |
| 791 field = &_bignum_nist_p_521; /* just to make sure */ | 798 field = &_bignum_nist_p_521; /* just to make sure */ |
| 792 | 799 |
| 793 if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_521_sqr)>=0) | 800 if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_521_sqr)>=0) |
| 794 return BN_nnmod(r, a, field, ctx); | 801 return BN_nnmod(r, a, field, ctx); |
| (...skipping 24 matching lines...) Expand all Loading... |
| 819 { | 826 { |
| 820 tmp = val>>BN_NIST_521_RSHIFT; | 827 tmp = val>>BN_NIST_521_RSHIFT; |
| 821 val = t_d[i+1]; | 828 val = t_d[i+1]; |
| 822 t_d[i] = (tmp | val<<BN_NIST_521_LSHIFT) & BN_MASK2; | 829 t_d[i] = (tmp | val<<BN_NIST_521_LSHIFT) & BN_MASK2; |
| 823 } | 830 } |
| 824 t_d[i] = val>>BN_NIST_521_RSHIFT; | 831 t_d[i] = val>>BN_NIST_521_RSHIFT; |
| 825 /* lower 521 bits */ | 832 /* lower 521 bits */ |
| 826 r_d[i] &= BN_NIST_521_TOP_MASK; | 833 r_d[i] &= BN_NIST_521_TOP_MASK; |
| 827 | 834 |
| 828 bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP); | 835 bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP); |
| 829 » mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP); | 836 » mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP)
; |
| 830 » res = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask)); | 837 » res = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) | |
| 838 » ((PTR_SIZE_INT)r_d&mask)); |
| 831 nist_cp_bn(r_d,res,BN_NIST_521_TOP); | 839 nist_cp_bn(r_d,res,BN_NIST_521_TOP); |
| 832 r->top = BN_NIST_521_TOP; | 840 r->top = BN_NIST_521_TOP; |
| 833 bn_correct_top(r); | 841 bn_correct_top(r); |
| 834 | 842 |
| 835 return 1; | 843 return 1; |
| 836 } | 844 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/