Changeset View
Changeset View
Standalone View
Standalone View
crypto/bn/bn_nist.c
/* | /* | ||||
* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. | * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. | ||||
* | * | ||||
* Licensed under the Apache License 2.0 (the "License"). You may not use | * Licensed under the Apache License 2.0 (the "License"). You may not use | ||||
* this file except in compliance with the License. You can obtain a copy | * this file except in compliance with the License. You can obtain a copy | ||||
Context not available. | |||||
sizeof(unsigned int)]; | sizeof(unsigned int)]; | ||||
} buf; | } buf; | ||||
BN_ULONG c_d[BN_NIST_192_TOP], *res; | BN_ULONG c_d[BN_NIST_192_TOP], *res; | ||||
PTR_SIZE_INT mask; | |||||
static const BIGNUM ossl_bignum_nist_p_192_sqr = { | static const BIGNUM ossl_bignum_nist_p_192_sqr = { | ||||
(BN_ULONG *)_nist_p_192_sqr, | (BN_ULONG *)_nist_p_192_sqr, | ||||
OSSL_NELEM(_nist_p_192_sqr), | OSSL_NELEM(_nist_p_192_sqr), | ||||
Context not available. | |||||
* 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' | * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' | ||||
* this is what happens below, but without explicit if:-) a. | * this is what happens below, but without explicit if:-) a. | ||||
*/ | */ | ||||
mask = | res = (bn_sub_words(c_d, r_d, _nist_p_192[0], BN_NIST_192_TOP) && carry) | ||||
0 - (PTR_SIZE_INT) bn_sub_words(c_d, r_d, _nist_p_192[0], | ? r_d | ||||
BN_NIST_192_TOP); | : c_d; | ||||
mask &= 0 - (PTR_SIZE_INT) carry; | |||||
res = c_d; | |||||
res = (BN_ULONG *) | |||||
(((PTR_SIZE_INT) res & ~mask) | ((PTR_SIZE_INT) r_d & mask)); | |||||
nist_cp_bn(r_d, res, BN_NIST_192_TOP); | nist_cp_bn(r_d, res, BN_NIST_192_TOP); | ||||
r->top = BN_NIST_192_TOP; | r->top = BN_NIST_192_TOP; | ||||
bn_correct_top(r); | bn_correct_top(r); | ||||
Context not available. | |||||
sizeof(unsigned int)]; | sizeof(unsigned int)]; | ||||
} buf; | } buf; | ||||
BN_ULONG c_d[BN_NIST_224_TOP], *res; | BN_ULONG c_d[BN_NIST_224_TOP], *res; | ||||
PTR_SIZE_INT mask; | bn_addsub_f adjust; | ||||
union { | |||||
bn_addsub_f f; | |||||
PTR_SIZE_INT p; | |||||
} u; | |||||
static const BIGNUM ossl_bignum_nist_p_224_sqr = { | static const BIGNUM ossl_bignum_nist_p_224_sqr = { | ||||
(BN_ULONG *)_nist_p_224_sqr, | (BN_ULONG *)_nist_p_224_sqr, | ||||
OSSL_NELEM(_nist_p_224_sqr), | OSSL_NELEM(_nist_p_224_sqr), | ||||
Context not available. | |||||
# endif | # endif | ||||
} | } | ||||
#endif | #endif | ||||
u.f = bn_sub_words; | adjust = bn_sub_words; | ||||
if (carry > 0) { | if (carry > 0) { | ||||
carry = | carry = | ||||
(int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1], | (int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1], | ||||
Context not available. | |||||
carry = | carry = | ||||
(int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1], | (int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1], | ||||
BN_NIST_224_TOP); | BN_NIST_224_TOP); | ||||
mask = 0 - (PTR_SIZE_INT) carry; | adjust = carry ? bn_sub_words : bn_add_words; | ||||
u.p = ((PTR_SIZE_INT) bn_sub_words & mask) | | |||||
((PTR_SIZE_INT) bn_add_words & ~mask); | |||||
} else | } else | ||||
carry = 1; | carry = 1; | ||||
/* otherwise it's effectively same as in BN_nist_mod_192... */ | /* otherwise it's effectively same as in BN_nist_mod_192... */ | ||||
mask = | res = ((*adjust) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP) && carry) | ||||
0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP); | ? r_d | ||||
mask &= 0 - (PTR_SIZE_INT) carry; | : c_d; | ||||
res = c_d; | |||||
res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) | | |||||
((PTR_SIZE_INT) r_d & mask)); | |||||
nist_cp_bn(r_d, res, BN_NIST_224_TOP); | nist_cp_bn(r_d, res, BN_NIST_224_TOP); | ||||
r->top = BN_NIST_224_TOP; | r->top = BN_NIST_224_TOP; | ||||
bn_correct_top(r); | bn_correct_top(r); | ||||
Context not available. | |||||
sizeof(unsigned int)]; | sizeof(unsigned int)]; | ||||
} buf; | } buf; | ||||
BN_ULONG c_d[BN_NIST_256_TOP], *res; | BN_ULONG c_d[BN_NIST_256_TOP], *res; | ||||
PTR_SIZE_INT mask; | bn_addsub_f adjust; | ||||
union { | |||||
bn_addsub_f f; | |||||
PTR_SIZE_INT p; | |||||
} u; | |||||
static const BIGNUM ossl_bignum_nist_p_256_sqr = { | static const BIGNUM ossl_bignum_nist_p_256_sqr = { | ||||
(BN_ULONG *)_nist_p_256_sqr, | (BN_ULONG *)_nist_p_256_sqr, | ||||
OSSL_NELEM(_nist_p_256_sqr), | OSSL_NELEM(_nist_p_256_sqr), | ||||
Context not available. | |||||
} | } | ||||
#endif | #endif | ||||
/* see BN_nist_mod_224 for explanation */ | /* see BN_nist_mod_224 for explanation */ | ||||
u.f = bn_sub_words; | adjust = bn_sub_words; | ||||
if (carry > 0) | if (carry > 0) | ||||
carry = | carry = | ||||
(int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1], | (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1], | ||||
Context not available. | |||||
carry = | carry = | ||||
(int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1], | (int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1], | ||||
BN_NIST_256_TOP); | BN_NIST_256_TOP); | ||||
mask = 0 - (PTR_SIZE_INT) carry; | adjust = carry ? bn_sub_words : bn_add_words; | ||||
u.p = ((PTR_SIZE_INT) bn_sub_words & mask) | | |||||
((PTR_SIZE_INT) bn_add_words & ~mask); | |||||
} else | } else | ||||
carry = 1; | carry = 1; | ||||
mask = | res = ((*adjust) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP) && carry) | ||||
0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP); | ? r_d | ||||
mask &= 0 - (PTR_SIZE_INT) carry; | : c_d; | ||||
res = c_d; | |||||
res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) | | |||||
((PTR_SIZE_INT) r_d & mask)); | |||||
nist_cp_bn(r_d, res, BN_NIST_256_TOP); | nist_cp_bn(r_d, res, BN_NIST_256_TOP); | ||||
r->top = BN_NIST_256_TOP; | r->top = BN_NIST_256_TOP; | ||||
bn_correct_top(r); | bn_correct_top(r); | ||||
Context not available. | |||||
sizeof(unsigned int)]; | sizeof(unsigned int)]; | ||||
} buf; | } buf; | ||||
BN_ULONG c_d[BN_NIST_384_TOP], *res; | BN_ULONG c_d[BN_NIST_384_TOP], *res; | ||||
PTR_SIZE_INT mask; | bn_addsub_f adjust; | ||||
union { | |||||
bn_addsub_f f; | |||||
PTR_SIZE_INT p; | |||||
} u; | |||||
static const BIGNUM ossl_bignum_nist_p_384_sqr = { | static const BIGNUM ossl_bignum_nist_p_384_sqr = { | ||||
(BN_ULONG *)_nist_p_384_sqr, | (BN_ULONG *)_nist_p_384_sqr, | ||||
OSSL_NELEM(_nist_p_384_sqr), | OSSL_NELEM(_nist_p_384_sqr), | ||||
Context not available. | |||||
} | } | ||||
#endif | #endif | ||||
/* see BN_nist_mod_224 for explanation */ | /* see BN_nist_mod_224 for explanation */ | ||||
u.f = bn_sub_words; | adjust = bn_sub_words; | ||||
if (carry > 0) | if (carry > 0) | ||||
carry = | carry = | ||||
(int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1], | (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1], | ||||
Context not available. | |||||
carry = | carry = | ||||
(int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1], | (int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1], | ||||
BN_NIST_384_TOP); | BN_NIST_384_TOP); | ||||
mask = 0 - (PTR_SIZE_INT) carry; | adjust = carry ? bn_sub_words : bn_add_words; | ||||
u.p = ((PTR_SIZE_INT) bn_sub_words & mask) | | |||||
((PTR_SIZE_INT) bn_add_words & ~mask); | |||||
} else | } else | ||||
carry = 1; | carry = 1; | ||||
mask = | res = ((*adjust) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP) && carry) | ||||
0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP); | ? r_d | ||||
mask &= 0 - (PTR_SIZE_INT) carry; | : c_d; | ||||
res = c_d; | |||||
res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) | | |||||
((PTR_SIZE_INT) r_d & mask)); | |||||
nist_cp_bn(r_d, res, BN_NIST_384_TOP); | nist_cp_bn(r_d, res, BN_NIST_384_TOP); | ||||
r->top = BN_NIST_384_TOP; | r->top = BN_NIST_384_TOP; | ||||
bn_correct_top(r); | bn_correct_top(r); | ||||
Context not available. | |||||
{ | { | ||||
int top = a->top, i; | int top = a->top, i; | ||||
BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res; | BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res; | ||||
PTR_SIZE_INT mask; | |||||
static const BIGNUM ossl_bignum_nist_p_521_sqr = { | static const BIGNUM ossl_bignum_nist_p_521_sqr = { | ||||
(BN_ULONG *)_nist_p_521_sqr, | (BN_ULONG *)_nist_p_521_sqr, | ||||
OSSL_NELEM(_nist_p_521_sqr), | OSSL_NELEM(_nist_p_521_sqr), | ||||
Context not available. | |||||
r_d[i] &= BN_NIST_521_TOP_MASK; | r_d[i] &= BN_NIST_521_TOP_MASK; | ||||
bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP); | bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP); | ||||
mask = | res = bn_sub_words(t_d, r_d, _nist_p_521, | ||||
0 - (PTR_SIZE_INT) bn_sub_words(t_d, r_d, _nist_p_521, | BN_NIST_521_TOP) | ||||
BN_NIST_521_TOP); | ? r_d | ||||
res = t_d; | : t_d; | ||||
res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) | | |||||
((PTR_SIZE_INT) r_d & mask)); | |||||
nist_cp_bn(r_d, res, BN_NIST_521_TOP); | nist_cp_bn(r_d, res, BN_NIST_521_TOP); | ||||
r->top = BN_NIST_521_TOP; | r->top = BN_NIST_521_TOP; | ||||
bn_correct_top(r); | bn_correct_top(r); | ||||
Context not available. |