| bn_mod.c (302408) | bn_mod.c (337982) |
|---|---|
| 1/* crypto/bn/bn_mod.c */ 2/* 3 * Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> 4 * for the OpenSSL project. 5 */ 6/* ==================================================================== | 1/* crypto/bn/bn_mod.c */ 2/* 3 * Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> 4 * for the OpenSSL project. 5 */ 6/* ==================================================================== |
| 7 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. | 7 * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. |
| 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * --- 128 unchanged lines hidden (view full) --- 144{ 145 if (!BN_add(r, a, b)) 146 return 0; 147 return BN_nnmod(r, r, m, ctx); 148} 149 150/* 151 * BN_mod_add variant that may be used if both a and b are non-negative and | 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * --- 128 unchanged lines hidden (view full) --- 144{ 145 if (!BN_add(r, a, b)) 146 return 0; 147 return BN_nnmod(r, r, m, ctx); 148} 149 150/* 151 * BN_mod_add variant that may be used if both a and b are non-negative and |
| 152 * less than m | 152 * less than m. The original algorithm was 153 * 154 * if (!BN_uadd(r, a, b)) 155 * return 0; 156 * if (BN_ucmp(r, m) >= 0) 157 * return BN_usub(r, r, m); 158 * 159 * which is replaced with addition, subtracting modulus, and conditional 160 * move depending on whether or not subtraction borrowed. |
| 153 */ | 161 */ |
| 154int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 155 const BIGNUM *m) | 162int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 163 const BIGNUM *m) |
| 156{ | 164{ |
| 157 if (!BN_uadd(r, a, b)) | 165 size_t i, ai, bi, mtop = m->top; 166 BN_ULONG storage[1024 / BN_BITS2]; 167 BN_ULONG carry, temp, mask, *rp, *tp = storage; 168 const BN_ULONG *ap, *bp; 169 170 if (bn_wexpand(r, m->top) == NULL) |
| 158 return 0; | 171 return 0; |
| 159 if (BN_ucmp(r, m) >= 0) 160 return BN_usub(r, r, m); | 172 173 if (mtop > sizeof(storage) / sizeof(storage[0]) 174 && (tp = OPENSSL_malloc(mtop * sizeof(BN_ULONG))) == NULL) 175 return 0; 176 177 ap = a->d != NULL ? a->d : tp; 178 bp = b->d != NULL ? b->d : tp; 179 180 for (i = 0, ai = 0, bi = 0, carry = 0; i < mtop;) { 181 mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1)); 182 temp = ((ap[ai] & mask) + carry) & BN_MASK2; 183 carry = (temp < carry); 184 185 mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1)); 186 tp[i] = ((bp[bi] & mask) + temp) & BN_MASK2; 187 carry += (tp[i] < temp); 188 189 i++; 190 ai += (i - a->dmax) >> (8 * sizeof(i) - 1); 191 bi += (i - b->dmax) >> (8 * sizeof(i) - 1); 192 } 193 rp = r->d; 194 carry -= bn_sub_words(rp, tp, m->d, mtop); 195 for (i = 0; i < mtop; i++) { 196 rp[i] = (carry & tp[i]) | (~carry & rp[i]); 197 ((volatile BN_ULONG *)tp)[i] = 0; 198 } 199 r->top = mtop; 200 r->neg = 0; 201 202 if (tp != storage) 203 OPENSSL_free(tp); 204 |
| 161 return 1; 162} 163 | 205 return 1; 206} 207 |
| 208int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 209 const BIGNUM *m) 210{ 211 int ret = bn_mod_add_fixed_top(r, a, b, m); 212 213 if (ret) 214 bn_correct_top(r); 215 216 return ret; 217} 218 |
|
| 164int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, 165 BN_CTX *ctx) 166{ 167 if (!BN_sub(r, a, b)) 168 return 0; 169 return BN_nnmod(r, r, m, ctx); 170} 171 --- 145 unchanged lines hidden --- | 219int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, 220 BN_CTX *ctx) 221{ 222 if (!BN_sub(r, a, b)) 223 return 0; 224 return BN_nnmod(r, r, m, ctx); 225} 226 --- 145 unchanged lines hidden --- |