* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
- * Portions of the attached software ("Contribution") are developed by
+ * Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the Eric Young open source
* license provided above.
*
- * The binary polynomial arithmetic software is originally written by
+ * The binary polynomial arithmetic software is originally written by
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
*
*/
typedef struct bn_gencb_st BN_GENCB;
#endif
-struct bignum_st
- {
+struct bignum_st {
BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
int top; /* Index of last used d +1. */
/* The next are internal book keeping for bn_expand. */
int dmax; /* Size of the d array. */
int neg; /* one if the number is negative */
int flags;
- };
+};
/* Used for montgomery multiplication */
-struct bn_mont_ctx_st
- {
+struct bn_mont_ctx_st {
int ri; /* number of bits in R */
BIGNUM RR; /* used to convert to montgomery form */
BIGNUM N; /* The modulus */
BN_ULONG n0[2];/* least significant word(s) of Ni;
(type changed with 0.9.9, was "BN_ULONG n0;" before) */
int flags;
- };
+};
/* Used for reciprocal division/mod functions
* It cannot be shared between threads
*/
-struct bn_recp_ctx_st
- {
+struct bn_recp_ctx_st {
BIGNUM N; /* the divisor */
BIGNUM Nr; /* the reciprocal */
int num_bits;
int shift;
int flags;
- };
+};
/* Used for slow "generation" functions. */
-struct bn_gencb_st
- {
+struct bn_gencb_st {
unsigned int ver; /* To handle binary (in)compatibility */
void *arg; /* callback-specific data */
- union
- {
+ union {
/* if(ver==1) - handles old style callbacks */
void (*cb_1)(int, int, void *);
/* if(ver==2) - new callback style */
int (*cb_2)(int, int, BN_GENCB *);
- } cb;
- };
+ } cb;
+};
/* Wrapper function to make using BN_GENCB easier, */
int BN_GENCB_call(BN_GENCB *cb, int a, int b);
/* Macro to populate a BN_GENCB structure with an "old"-style callback */
void BN_CTX_start(BN_CTX *ctx);
BIGNUM *BN_CTX_get(BN_CTX *ctx);
void BN_CTX_end(BN_CTX *ctx);
-int BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
-int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
int BN_num_bits(const BIGNUM *a);
void BN_clear_free(BIGNUM *a);
BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
void BN_swap(BIGNUM *a, BIGNUM *b);
-BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret);
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
int BN_bn2bin(const BIGNUM *a, unsigned char *to);
-BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret);
+BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
/** BN_set_negative sets sign of a BIGNUM
* \param b pointer to the BIGNUM object
- * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise
+ * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise
*/
void BN_set_negative(BIGNUM *b, int n);
/** BN_is_negative returns 1 if the BIGNUM is negative
#define BN_is_negative(a) ((a)->neg != 0)
int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
- BN_CTX *ctx);
+ BN_CTX *ctx);
#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- const BIGNUM *m, BN_CTX *ctx);
+ const BIGNUM *m, BN_CTX *ctx);
int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
int BN_is_bit_set(const BIGNUM *a, int n);
int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
int BN_lshift1(BIGNUM *r, const BIGNUM *a);
-int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx);
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m,BN_CTX *ctx);
+ const BIGNUM *m, BN_CTX *ctx);
int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
- const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m,
- BN_CTX *ctx,BN_MONT_CTX *m_ctx);
+ const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m,BN_CTX *ctx);
+ const BIGNUM *m, BN_CTX *ctx);
-int BN_mask_bits(BIGNUM *a,int n);
+int BN_mask_bits(BIGNUM *a, int n);
#ifndef OPENSSL_NO_FP_API
int BN_print_fp(FILE *fp, const BIGNUM *a);
#endif
int BN_hex2bn(BIGNUM **a, const char *str);
int BN_dec2bn(BIGNUM **a, const char *str);
int BN_asc2bn(BIGNUM **a, const char *str);
-int BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx);
+int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
int BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */
BIGNUM *BN_mod_inverse(BIGNUM *ret,
- const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
BIGNUM *BN_mod_sqrt(BIGNUM *ret,
- const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
/* Deprecated versions */
#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
- const BIGNUM *add, const BIGNUM *rem,
- void (*callback)(int,int,void *),void *cb_arg);
-int BN_is_prime(const BIGNUM *p,int nchecks,
- void (*callback)(int,int,void *),
- BN_CTX *ctx,void *cb_arg);
-int BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
- void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
- int do_trial_division);
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+ const BIGNUM *add, const BIGNUM *rem,
+ void (*callback)(int, int, void *), void *cb_arg);
+int BN_is_prime(const BIGNUM *p, int nchecks,
+ void (*callback)(int, int, void *),
+ BN_CTX *ctx, void *cb_arg);
+int BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
+ void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg,
+ int do_trial_division);
#endif /* !defined(OPENSSL_NO_DEPRECATED) */
/* Newer versions */
-int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add,
- const BIGNUM *rem, BN_GENCB *cb);
-int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
-int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
- int do_trial_division, BN_GENCB *cb);
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+ const BIGNUM *rem, BN_GENCB *cb);
+int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
+int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
+ int do_trial_division, BN_GENCB *cb);
int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
- const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
- const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
+ const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
+ const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
- BIGNUM *Xp1, BIGNUM *Xp2,
- const BIGNUM *Xp,
- const BIGNUM *e, BN_CTX *ctx,
- BN_GENCB *cb);
+ BIGNUM *Xp1, BIGNUM *Xp2,
+ const BIGNUM *Xp,
+ const BIGNUM *e, BN_CTX *ctx,
+ BN_GENCB *cb);
BN_MONT_CTX *BN_MONT_CTX_new(void );
void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
-int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
- BN_MONT_CTX *mont, BN_CTX *ctx);
+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ BN_MONT_CTX *mont, BN_CTX *ctx);
#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\
(r),(a),&((mont)->RR),(mont),(ctx))
-int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
- BN_MONT_CTX *mont, BN_CTX *ctx);
+int BN_from_montgomery(BIGNUM *r, const BIGNUM *a,
+ BN_MONT_CTX *mont, BN_CTX *ctx);
void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx);
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
- const BIGNUM *mod, BN_CTX *ctx);
+ const BIGNUM *mod, BN_CTX *ctx);
/* BN_BLINDING flags */
#define BN_BLINDING_NO_UPDATE 0x00000001
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
void BN_BLINDING_free(BN_BLINDING *b);
-int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
- const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
- BN_MONT_CTX *m_ctx);
+ const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+ int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
+ BN_MONT_CTX *m_ctx);
#ifndef OPENSSL_NO_DEPRECATED
-void BN_set_params(int mul,int high,int low,int mont);
+void BN_set_params(int mul, int high, int low, int mont);
int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
#endif
void BN_RECP_CTX_init(BN_RECP_CTX *recp);
BN_RECP_CTX *BN_RECP_CTX_new(void);
void BN_RECP_CTX_free(BN_RECP_CTX *recp);
-int BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx);
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx);
int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
- BN_RECP_CTX *recp,BN_CTX *ctx);
+ BN_RECP_CTX *recp, BN_CTX *ctx);
int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
+ const BIGNUM *m, BN_CTX *ctx);
int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
- BN_RECP_CTX *recp, BN_CTX *ctx);
+ BN_RECP_CTX *recp, BN_CTX *ctx);
#ifndef OPENSSL_NO_EC2M
-/* Functions for arithmetic over binary polynomials represented by BIGNUMs.
+/* Functions for arithmetic over binary polynomials represented by BIGNUMs.
*
* The BIGNUM::neg property of BIGNUMs representing binary polynomials is
* ignored.
int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/
#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/
-int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+int
+BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */
-int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+int
+BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BN_CTX *ctx); /* r = (a * a) mod p */
-int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p,
+int
+BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p,
BN_CTX *ctx); /* r = (1 / b) mod p */
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+int
+BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */
-int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+int
+BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */
-int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+int
+BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BN_CTX *ctx); /* r = sqrt(a) mod p */
int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BN_CTX *ctx); /* r^2 + r = a mod p */
* where m = p[0] > p[1] > ... > p[k] = 0.
*/
int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
- /* r = a mod p */
-int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+/* r = a mod p */
+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const int p[], BN_CTX *ctx); /* r = (a * b) mod p */
-int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
BN_CTX *ctx); /* r = (a * a) mod p */
-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
BN_CTX *ctx); /* r = (1 / b) mod p */
int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const int p[], BN_CTX *ctx); /* r = (a / b) mod p */
#endif
-/* faster mod functions for the 'NIST primes'
+/* faster mod functions for the 'NIST primes'
* 0 <= a < p^2 */
int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
#ifdef BN_DEBUG_RAND
/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
#ifndef RAND_pseudo_bytes
-int RAND_pseudo_bytes(unsigned char *buf,int num);
+int RAND_pseudo_bytes(unsigned char *buf, int num);
#define BN_DEBUG_TRIX
#endif
#define bn_pollute(a) \
bn_pollute(a); \
}
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
-BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
-BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, int num);
+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, int num);
/* Primes from RFC 2409 */
BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);
BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);
-int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#include "bn_lcl.h"
/* r can == a or b */
-int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
- {
+int
+BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
const BIGNUM *tmp;
int a_neg = a->neg, ret;
* -a + b b-a
* -a + -b -(a+b)
*/
- if (a_neg ^ b->neg)
- {
+ if (a_neg ^ b->neg) {
/* only one is negative */
if (a_neg)
- { tmp=a; a=b; b=tmp; }
+ { tmp = a;
+ a = b;
+ b = tmp;
+ }
/* we are now a - b */
- if (BN_ucmp(a,b) < 0)
- {
- if (!BN_usub(r,b,a)) return(0);
- r->neg=1;
- }
- else
- {
- if (!BN_usub(r,a,b)) return(0);
- r->neg=0;
- }
- return(1);
+ if (BN_ucmp(a, b) < 0) {
+ if (!BN_usub(r, b, a))
+ return (0);
+ r->neg = 1;
+ } else {
+ if (!BN_usub(r, a, b))
+ return (0);
+ r->neg = 0;
}
+ return (1);
+ }
- ret = BN_uadd(r,a,b);
+ ret = BN_uadd(r, a, b);
r->neg = a_neg;
bn_check_top(r);
return ret;
- }
+}
/* unsigned add of b to a */
-int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
- {
- int max,min,dif;
- BN_ULONG *ap,*bp,*rp,carry,t1,t2;
+int
+BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+ int max, min, dif;
+ BN_ULONG *ap, *bp, *rp, carry, t1, t2;
const BIGNUM *tmp;
bn_check_top(a);
bn_check_top(b);
- if (a->top < b->top)
- { tmp=a; a=b; b=tmp; }
+ if (a->top < b->top) {
+ tmp = a;
+ a = b;
+ b = tmp;
+ }
max = a->top;
min = b->top;
dif = max - min;
- if (bn_wexpand(r,max+1) == NULL)
+ if (bn_wexpand(r, max + 1) == NULL)
return 0;
- r->top=max;
-
+ r->top = max;
- ap=a->d;
- bp=b->d;
- rp=r->d;
+ ap = a->d;
+ bp = b->d;
+ rp = r->d;
- carry=bn_add_words(rp,ap,bp,min);
- rp+=min;
- ap+=min;
- bp+=min;
+ carry = bn_add_words(rp, ap, bp, min);
+ rp += min;
+ ap += min;
+ bp += min;
- if (carry)
- {
- while (dif)
- {
+ if (carry) {
+ while (dif) {
dif--;
t1 = *(ap++);
- t2 = (t1+1) & BN_MASK2;
+ t2 = (t1 + 1) & BN_MASK2;
*(rp++) = t2;
- if (t2)
- {
- carry=0;
+ if (t2) {
+ carry = 0;
break;
- }
}
- if (carry)
- {
+ }
+ if (carry) {
/* carry != 0 => dif == 0 */
*rp = 1;
r->top++;
- }
}
+ }
if (dif && rp != ap)
while (dif--)
/* copy remaining words if ap != rp */
r->neg = 0;
bn_check_top(r);
return 1;
- }
+}
/* unsigned subtraction of b from a, a must be larger than b. */
-int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
- {
- int max,min,dif;
- register BN_ULONG t1,t2,*ap,*bp,*rp;
- int i,carry;
+int
+BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+ int max, min, dif;
+ register BN_ULONG t1, t2, *ap, *bp, *rp;
+ int i, carry;
bn_check_top(a);
bn_check_top(b);
dif = max - min;
if (dif < 0) /* hmm... should not be happening */
- {
- BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3);
- return(0);
- }
+ {
+ BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3);
+ return (0);
+ }
- if (bn_wexpand(r,max) == NULL) return(0);
+ if (bn_wexpand(r, max) == NULL)
+ return (0);
- ap=a->d;
- bp=b->d;
- rp=r->d;
+ ap = a->d;
+ bp = b->d;
+ rp = r->d;
#if 1
- carry=0;
- for (i = min; i != 0; i--)
- {
+ carry = 0;
+ for (i = min; i != 0; i--) {
t1= *(ap++);
t2= *(bp++);
- if (carry)
- {
- carry=(t1 <= t2);
- t1=(t1-t2-1)&BN_MASK2;
- }
- else
- {
- carry=(t1 < t2);
- t1=(t1-t2)&BN_MASK2;
- }
- *(rp++)=t1&BN_MASK2;
+ if (carry) {
+ carry = (t1 <= t2);
+ t1 = (t1 - t2 - 1)&BN_MASK2;
+ } else {
+ carry = (t1 < t2);
+ t1 = (t1 - t2)&BN_MASK2;
}
+ *(rp++) = t1&BN_MASK2;
+ }
#else
- carry=bn_sub_words(rp,ap,bp,min);
- ap+=min;
- bp+=min;
- rp+=min;
+ carry = bn_sub_words(rp, ap, bp, min);
+ ap += min;
+ bp += min;
+ rp += min;
#endif
if (carry) /* subtracted */
- {
+ {
if (!dif)
/* error: a < b */
return 0;
- while (dif)
- {
+ while (dif) {
dif--;
t1 = *(ap++);
- t2 = (t1-1)&BN_MASK2;
+ t2 = (t1 - 1)&BN_MASK2;
*(rp++) = t2;
if (t1)
break;
- }
}
+ }
#if 0
- memcpy(rp,ap,sizeof(*rp)*(max-i));
+ memcpy(rp, ap, sizeof(*rp)*(max - i));
#else
- if (rp != ap)
- {
- for (;;)
- {
- if (!dif--) break;
- rp[0]=ap[0];
- if (!dif--) break;
- rp[1]=ap[1];
- if (!dif--) break;
- rp[2]=ap[2];
- if (!dif--) break;
- rp[3]=ap[3];
- rp+=4;
- ap+=4;
- }
+ if (rp != ap) {
+ for (;;) {
+ if (!dif--)
+ break;
+ rp[0] = ap[0];
+ if (!dif--)
+ break;
+ rp[1] = ap[1];
+ if (!dif--)
+ break;
+ rp[2] = ap[2];
+ if (!dif--)
+ break;
+ rp[3] = ap[3];
+ rp += 4;
+ ap += 4;
}
+ }
#endif
- r->top=max;
- r->neg=0;
+ r->top = max;
+ r->neg = 0;
bn_correct_top(r);
- return(1);
- }
+ return (1);
+}
-int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
- {
+int
+BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
int max;
- int add=0,neg=0;
+ int add = 0, neg = 0;
const BIGNUM *tmp;
bn_check_top(a);
* -a - b -(a+b)
* -a - -b b-a
*/
- if (a->neg)
- {
- if (b->neg)
- { tmp=a; a=b; b=tmp; }
- else
- { add=1; neg=1; }
+ if (a->neg) {
+ if (b->neg) {
+ tmp = a;
+ a = b;
+ b = tmp;
+ } else {
+ add = 1;
+ neg = 1;
}
- else
- {
- if (b->neg) { add=1; neg=0; }
+ } else {
+ if (b->neg) {
+ add = 1;
+ neg = 0;
}
+ }
- if (add)
- {
- if (!BN_uadd(r,a,b)) return(0);
- r->neg=neg;
- return(1);
- }
+ if (add) {
+ if (!BN_uadd(r, a, b))
+ return (0);
+ r->neg = neg;
+ return (1);
+ }
/* We are actually doing a - b :-) */
- max=(a->top > b->top)?a->top:b->top;
- if (bn_wexpand(r,max) == NULL) return(0);
- if (BN_ucmp(a,b) < 0)
- {
- if (!BN_usub(r,b,a)) return(0);
- r->neg=1;
- }
- else
- {
- if (!BN_usub(r,a,b)) return(0);
- r->neg=0;
- }
- bn_check_top(r);
- return(1);
+ max = (a->top > b->top) ? a->top : b->top;
+ if (bn_wexpand(r, max) == NULL)
+ return (0);
+ if (BN_ucmp(a, b) < 0) {
+ if (!BN_usub(r, b, a))
+ return (0);
+ r->neg = 1;
+ } else {
+ if (!BN_usub(r, a, b))
+ return (0);
+ r->neg = 0;
}
-
+ bn_check_top(r);
+ return (1);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
- {
- BN_ULONG c1=0;
+BN_ULONG
+bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+ BN_ULONG c1 = 0;
assert(num >= 0);
- if (num <= 0) return(c1);
+ if (num <= 0)
+ return (c1);
#ifndef OPENSSL_SMALL_FOOTPRINT
- while (num&~3)
- {
- mul_add(rp[0],ap[0],w,c1);
- mul_add(rp[1],ap[1],w,c1);
- mul_add(rp[2],ap[2],w,c1);
- mul_add(rp[3],ap[3],w,c1);
- ap+=4; rp+=4; num-=4;
- }
+ while (num & ~3) {
+ mul_add(rp[0], ap[0], w, c1);
+ mul_add(rp[1], ap[1], w, c1);
+ mul_add(rp[2], ap[2], w, c1);
+ mul_add(rp[3], ap[3], w, c1);
+ ap += 4;
+ rp += 4;
+ num -= 4;
+ }
#endif
- while (num)
- {
- mul_add(rp[0],ap[0],w,c1);
- ap++; rp++; num--;
- }
-
- return(c1);
- }
+ while (num) {
+ mul_add(rp[0], ap[0], w, c1);
+ ap++;
+ rp++;
+ num--;
+ }
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
- {
- BN_ULONG c1=0;
+ return (c1);
+}
+
+BN_ULONG
+bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+ BN_ULONG c1 = 0;
assert(num >= 0);
- if (num <= 0) return(c1);
+ if (num <= 0)
+ return (c1);
#ifndef OPENSSL_SMALL_FOOTPRINT
- while (num&~3)
- {
- mul(rp[0],ap[0],w,c1);
- mul(rp[1],ap[1],w,c1);
- mul(rp[2],ap[2],w,c1);
- mul(rp[3],ap[3],w,c1);
- ap+=4; rp+=4; num-=4;
- }
+ while (num & ~3) {
+ mul(rp[0], ap[0], w, c1);
+ mul(rp[1], ap[1], w, c1);
+ mul(rp[2], ap[2], w, c1);
+ mul(rp[3], ap[3], w, c1);
+ ap += 4;
+ rp += 4;
+ num -= 4;
+ }
#endif
- while (num)
- {
- mul(rp[0],ap[0],w,c1);
- ap++; rp++; num--;
- }
- return(c1);
- }
+ while (num) {
+ mul(rp[0], ap[0], w, c1);
+ ap++;
+ rp++;
+ num--;
+ }
+ return (c1);
+}
-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
- {
+void
+bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+{
assert(n >= 0);
- if (n <= 0) return;
+ if (n <= 0)
+ return;
#ifndef OPENSSL_SMALL_FOOTPRINT
- while (n&~3)
- {
- sqr(r[0],r[1],a[0]);
- sqr(r[2],r[3],a[1]);
- sqr(r[4],r[5],a[2]);
- sqr(r[6],r[7],a[3]);
- a+=4; r+=8; n-=4;
- }
+ while (n & ~3) {
+ sqr(r[0], r[1], a[0]);
+ sqr(r[2], r[3], a[1]);
+ sqr(r[4], r[5], a[2]);
+ sqr(r[6], r[7], a[3]);
+ a += 4;
+ r += 8;
+ n -= 4;
+ }
#endif
- while (n)
- {
- sqr(r[0],r[1],a[0]);
- a++; r+=2; n--;
- }
+ while (n) {
+ sqr(r[0], r[1], a[0]);
+ a++;
+ r += 2;
+ n--;
}
+}
#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
- {
- BN_ULONG c=0;
- BN_ULONG bl,bh;
+BN_ULONG
+bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+ BN_ULONG c = 0;
+ BN_ULONG bl, bh;
assert(num >= 0);
- if (num <= 0) return((BN_ULONG)0);
+ if (num <= 0)
+ return ((BN_ULONG)0);
- bl=LBITS(w);
- bh=HBITS(w);
+ bl = LBITS(w);
+ bh = HBITS(w);
#ifndef OPENSSL_SMALL_FOOTPRINT
- while (num&~3)
- {
- mul_add(rp[0],ap[0],bl,bh,c);
- mul_add(rp[1],ap[1],bl,bh,c);
- mul_add(rp[2],ap[2],bl,bh,c);
- mul_add(rp[3],ap[3],bl,bh,c);
- ap+=4; rp+=4; num-=4;
- }
+ while (num & ~3) {
+ mul_add(rp[0], ap[0], bl, bh, c);
+ mul_add(rp[1], ap[1], bl, bh, c);
+ mul_add(rp[2], ap[2], bl, bh, c);
+ mul_add(rp[3], ap[3], bl, bh, c);
+ ap += 4;
+ rp += 4;
+ num -= 4;
+ }
#endif
- while (num)
- {
- mul_add(rp[0],ap[0],bl,bh,c);
- ap++; rp++; num--;
- }
- return(c);
- }
+ while (num) {
+ mul_add(rp[0], ap[0], bl, bh, c);
+ ap++;
+ rp++;
+ num--;
+ }
+ return (c);
+}
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
- {
- BN_ULONG carry=0;
- BN_ULONG bl,bh;
+BN_ULONG
+bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+ BN_ULONG carry = 0;
+ BN_ULONG bl, bh;
assert(num >= 0);
- if (num <= 0) return((BN_ULONG)0);
+ if (num <= 0)
+ return ((BN_ULONG)0);
- bl=LBITS(w);
- bh=HBITS(w);
+ bl = LBITS(w);
+ bh = HBITS(w);
#ifndef OPENSSL_SMALL_FOOTPRINT
- while (num&~3)
- {
- mul(rp[0],ap[0],bl,bh,carry);
- mul(rp[1],ap[1],bl,bh,carry);
- mul(rp[2],ap[2],bl,bh,carry);
- mul(rp[3],ap[3],bl,bh,carry);
- ap+=4; rp+=4; num-=4;
- }
+ while (num & ~3) {
+ mul(rp[0], ap[0], bl, bh, carry);
+ mul(rp[1], ap[1], bl, bh, carry);
+ mul(rp[2], ap[2], bl, bh, carry);
+ mul(rp[3], ap[3], bl, bh, carry);
+ ap += 4;
+ rp += 4;
+ num -= 4;
+ }
#endif
- while (num)
- {
- mul(rp[0],ap[0],bl,bh,carry);
- ap++; rp++; num--;
- }
- return(carry);
- }
+ while (num) {
+ mul(rp[0], ap[0], bl, bh, carry);
+ ap++;
+ rp++;
+ num--;
+ }
+ return (carry);
+}
-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
- {
+void
+bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+{
assert(n >= 0);
- if (n <= 0) return;
+ if (n <= 0)
+ return;
#ifndef OPENSSL_SMALL_FOOTPRINT
- while (n&~3)
- {
- sqr64(r[0],r[1],a[0]);
- sqr64(r[2],r[3],a[1]);
- sqr64(r[4],r[5],a[2]);
- sqr64(r[6],r[7],a[3]);
- a+=4; r+=8; n-=4;
- }
+ while (n & ~3) {
+ sqr64(r[0], r[1], a[0]);
+ sqr64(r[2], r[3], a[1]);
+ sqr64(r[4], r[5], a[2]);
+ sqr64(r[6], r[7], a[3]);
+ a += 4;
+ r += 8;
+ n -= 4;
+ }
#endif
- while (n)
- {
- sqr64(r[0],r[1],a[0]);
- a++; r+=2; n--;
- }
+ while (n) {
+ sqr64(r[0], r[1], a[0]);
+ a++;
+ r += 2;
+ n--;
}
+}
#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
#if defined(BN_LLONG) && defined(BN_DIV2W)
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
- {
- return((BN_ULONG)(((((BN_ULLONG)h)<<BN_BITS2)|l)/(BN_ULLONG)d));
- }
+BN_ULONG
+bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{
+ return ((BN_ULONG)(((((BN_ULLONG)h) << BN_BITS2)|l)/(BN_ULLONG)d));
+}
#else
/* Divide h,l by d and return the result. */
/* I need to test this some more :-( */
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
- {
- BN_ULONG dh,dl,q,ret=0,th,tl,t;
- int i,count=2;
-
- if (d == 0) return(BN_MASK2);
-
- i=BN_num_bits_word(d);
- assert((i == BN_BITS2) || (h <= (BN_ULONG)1<<i));
-
- i=BN_BITS2-i;
- if (h >= d) h-=d;
-
- if (i)
- {
- d<<=i;
- h=(h<<i)|(l>>(BN_BITS2-i));
- l<<=i;
- }
- dh=(d&BN_MASK2h)>>BN_BITS4;
- dl=(d&BN_MASK2l);
- for (;;)
- {
- if ((h>>BN_BITS4) == dh)
- q=BN_MASK2l;
+BN_ULONG
+bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{
+ BN_ULONG dh, dl, q,ret = 0, th, tl, t;
+ int i, count = 2;
+
+ if (d == 0)
+ return (BN_MASK2);
+
+ i = BN_num_bits_word(d);
+ assert((i == BN_BITS2) || (h <= (BN_ULONG)1 << i));
+
+ i = BN_BITS2 - i;
+ if (h >= d)
+ h -= d;
+
+ if (i) {
+ d <<= i;
+ h = (h << i) | (l >> (BN_BITS2 - i));
+ l <<= i;
+ }
+ dh = (d & BN_MASK2h) >> BN_BITS4;
+ dl = (d & BN_MASK2l);
+ for (;;) {
+ if ((h >> BN_BITS4) == dh)
+ q = BN_MASK2l;
else
- q=h/dh;
-
- th=q*dh;
- tl=dl*q;
- for (;;)
- {
- t=h-th;
- if ((t&BN_MASK2h) ||
- ((tl) <= (
- (t<<BN_BITS4)|
- ((l&BN_MASK2h)>>BN_BITS4))))
+ q = h / dh;
+
+ th = q * dh;
+ tl = dl * q;
+ for (;;) {
+ t = h - th;
+ if ((t & BN_MASK2h) ||
+ ((tl) <= (
+ (t << BN_BITS4) |
+ ((l & BN_MASK2h) >> BN_BITS4))))
break;
q--;
- th-=dh;
- tl-=dl;
- }
- t=(tl>>BN_BITS4);
- tl=(tl<<BN_BITS4)&BN_MASK2h;
- th+=t;
-
- if (l < tl) th++;
- l-=tl;
- if (h < th)
- {
- h+=d;
+ th -= dh;
+ tl -= dl;
+ }
+ t = (tl >> BN_BITS4);
+ tl = (tl << BN_BITS4) & BN_MASK2h;
+ th += t;
+
+ if (l < tl)
+ th++;
+ l -= tl;
+ if (h < th) {
+ h += d;
q--;
- }
- h-=th;
+ }
+ h -= th;
- if (--count == 0) break;
+ if (--count == 0)
+ break;
- ret=q<<BN_BITS4;
- h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2;
- l=(l&BN_MASK2l)<<BN_BITS4;
- }
- ret|=q;
- return(ret);
+ ret = q << BN_BITS4;
+ h = ((h << BN_BITS4) | (l >> BN_BITS4)) & BN_MASK2;
+ l = (l & BN_MASK2l) << BN_BITS4;
}
+ ret |= q;
+ return (ret);
+}
#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
#ifdef BN_LLONG
-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
- {
- BN_ULLONG ll=0;
+BN_ULONG
+bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
+{
+ BN_ULLONG ll = 0;
assert(n >= 0);
- if (n <= 0) return((BN_ULONG)0);
+ if (n <= 0)
+ return ((BN_ULONG)0);
#ifndef OPENSSL_SMALL_FOOTPRINT
- while (n&~3)
- {
- ll+=(BN_ULLONG)a[0]+b[0];
- r[0]=(BN_ULONG)ll&BN_MASK2;
- ll>>=BN_BITS2;
- ll+=(BN_ULLONG)a[1]+b[1];
- r[1]=(BN_ULONG)ll&BN_MASK2;
- ll>>=BN_BITS2;
- ll+=(BN_ULLONG)a[2]+b[2];
- r[2]=(BN_ULONG)ll&BN_MASK2;
- ll>>=BN_BITS2;
- ll+=(BN_ULLONG)a[3]+b[3];
- r[3]=(BN_ULONG)ll&BN_MASK2;
- ll>>=BN_BITS2;
- a+=4; b+=4; r+=4; n-=4;
- }
+ while (n & ~3) {
+ ll += (BN_ULLONG)a[0] + b[0];
+ r[0] = (BN_ULONG)ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ ll += (BN_ULLONG)a[1] + b[1];
+ r[1] = (BN_ULONG)ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ ll += (BN_ULLONG)a[2] + b[2];
+ r[2] = (BN_ULONG)ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ ll += (BN_ULLONG)a[3] + b[3];
+ r[3] = (BN_ULONG)ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ a += 4;
+ b += 4;
+ r += 4;
+ n -= 4;
+ }
#endif
- while (n)
- {
- ll+=(BN_ULLONG)a[0]+b[0];
- r[0]=(BN_ULONG)ll&BN_MASK2;
- ll>>=BN_BITS2;
- a++; b++; r++; n--;
- }
- return((BN_ULONG)ll);
+ while (n) {
+ ll += (BN_ULLONG)a[0] + b[0];
+ r[0] = (BN_ULONG)ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ a++;
+ b++;
+ r++;
+ n--;
}
+ return ((BN_ULONG)ll);
+}
#else /* !BN_LLONG */
-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
- {
- BN_ULONG c,l,t;
+BN_ULONG
+bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
+{
+ BN_ULONG c, l, t;
assert(n >= 0);
- if (n <= 0) return((BN_ULONG)0);
+ if (n <= 0)
+ return ((BN_ULONG)0);
- c=0;
+ c = 0;
#ifndef OPENSSL_SMALL_FOOTPRINT
- while (n&~3)
- {
- t=a[0];
- t=(t+c)&BN_MASK2;
- c=(t < c);
- l=(t+b[0])&BN_MASK2;
- c+=(l < t);
- r[0]=l;
- t=a[1];
- t=(t+c)&BN_MASK2;
- c=(t < c);
- l=(t+b[1])&BN_MASK2;
- c+=(l < t);
- r[1]=l;
- t=a[2];
- t=(t+c)&BN_MASK2;
- c=(t < c);
- l=(t+b[2])&BN_MASK2;
- c+=(l < t);
- r[2]=l;
- t=a[3];
- t=(t+c)&BN_MASK2;
- c=(t < c);
- l=(t+b[3])&BN_MASK2;
- c+=(l < t);
- r[3]=l;
- a+=4; b+=4; r+=4; n-=4;
- }
+ while (n & ~3) {
+ t = a[0];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[0]) & BN_MASK2;
+ c += (l < t);
+ r[0] = l;
+ t = a[1];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[1]) & BN_MASK2;
+ c += (l < t);
+ r[1] = l;
+ t = a[2];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[2]) & BN_MASK2;
+ c += (l < t);
+ r[2] = l;
+ t = a[3];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[3]) & BN_MASK2;
+ c += (l < t);
+ r[3] = l;
+ a += 4;
+ b += 4;
+ r += 4;
+ n -= 4;
+ }
#endif
- while(n)
- {
- t=a[0];
- t=(t+c)&BN_MASK2;
- c=(t < c);
- l=(t+b[0])&BN_MASK2;
- c+=(l < t);
- r[0]=l;
- a++; b++; r++; n--;
- }
- return((BN_ULONG)c);
+ while (n) {
+ t = a[0];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[0]) & BN_MASK2;
+ c += (l < t);
+ r[0] = l;
+ a++;
+ b++;
+ r++;
+ n--;
}
+ return ((BN_ULONG)c);
+}
#endif /* !BN_LLONG */
-BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
- {
- BN_ULONG t1,t2;
- int c=0;
+BN_ULONG
+bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
+{
+ BN_ULONG t1, t2;
+ int c = 0;
assert(n >= 0);
- if (n <= 0) return((BN_ULONG)0);
+ if (n <= 0)
+ return ((BN_ULONG)0);
#ifndef OPENSSL_SMALL_FOOTPRINT
- while (n&~3)
- {
- t1=a[0]; t2=b[0];
- r[0]=(t1-t2-c)&BN_MASK2;
- if (t1 != t2) c=(t1 < t2);
- t1=a[1]; t2=b[1];
- r[1]=(t1-t2-c)&BN_MASK2;
- if (t1 != t2) c=(t1 < t2);
- t1=a[2]; t2=b[2];
- r[2]=(t1-t2-c)&BN_MASK2;
- if (t1 != t2) c=(t1 < t2);
- t1=a[3]; t2=b[3];
- r[3]=(t1-t2-c)&BN_MASK2;
- if (t1 != t2) c=(t1 < t2);
- a+=4; b+=4; r+=4; n-=4;
- }
+ while (n&~3) {
+ t1 = a[0];
+ t2 = b[0];
+ r[0] = (t1 - t2 - c) & BN_MASK2;
+ if (t1 != t2)
+ c = (t1 < t2);
+ t1 = a[1];
+ t2 = b[1];
+ r[1] = (t1 - t2 - c) & BN_MASK2;
+ if (t1 != t2)
+ c = (t1 < t2);
+ t1 = a[2];
+ t2 = b[2];
+ r[2] = (t1 - t2 - c) & BN_MASK2;
+ if (t1 != t2)
+ c = (t1 < t2);
+ t1 = a[3];
+ t2 = b[3];
+ r[3] = (t1 - t2 - c) & BN_MASK2;
+ if (t1 != t2)
+ c = (t1 < t2);
+ a += 4;
+ b += 4;
+ r += 4;
+ n -= 4;
+ }
#endif
- while (n)
- {
- t1=a[0]; t2=b[0];
- r[0]=(t1-t2-c)&BN_MASK2;
- if (t1 != t2) c=(t1 < t2);
- a++; b++; r++; n--;
- }
- return(c);
+ while (n) {
+ t1 = a[0];
+ t2 = b[0];
+ r[0] = (t1 - t2 - c) & BN_MASK2;
+ if (t1 != t2)
+ c = (t1 < t2);
+ a++;
+ b++;
+ r++;
+ n--;
}
+ return (c);
+}
#if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT)
mul_add_c2((a)[i],(a)[j],c0,c1,c2)
#endif /* !BN_LLONG */
-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
- {
+void
+bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
#ifdef BN_LLONG
BN_ULLONG t;
#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
- BN_ULONG bl,bh;
+ BN_ULONG bl, bh;
#endif
- BN_ULONG t1,t2;
- BN_ULONG c1,c2,c3;
-
- c1=0;
- c2=0;
- c3=0;
- mul_add_c(a[0],b[0],c1,c2,c3);
- r[0]=c1;
- c1=0;
- mul_add_c(a[0],b[1],c2,c3,c1);
- mul_add_c(a[1],b[0],c2,c3,c1);
- r[1]=c2;
- c2=0;
- mul_add_c(a[2],b[0],c3,c1,c2);
- mul_add_c(a[1],b[1],c3,c1,c2);
- mul_add_c(a[0],b[2],c3,c1,c2);
- r[2]=c3;
- c3=0;
- mul_add_c(a[0],b[3],c1,c2,c3);
- mul_add_c(a[1],b[2],c1,c2,c3);
- mul_add_c(a[2],b[1],c1,c2,c3);
- mul_add_c(a[3],b[0],c1,c2,c3);
- r[3]=c1;
- c1=0;
- mul_add_c(a[4],b[0],c2,c3,c1);
- mul_add_c(a[3],b[1],c2,c3,c1);
- mul_add_c(a[2],b[2],c2,c3,c1);
- mul_add_c(a[1],b[3],c2,c3,c1);
- mul_add_c(a[0],b[4],c2,c3,c1);
- r[4]=c2;
- c2=0;
- mul_add_c(a[0],b[5],c3,c1,c2);
- mul_add_c(a[1],b[4],c3,c1,c2);
- mul_add_c(a[2],b[3],c3,c1,c2);
- mul_add_c(a[3],b[2],c3,c1,c2);
- mul_add_c(a[4],b[1],c3,c1,c2);
- mul_add_c(a[5],b[0],c3,c1,c2);
- r[5]=c3;
- c3=0;
- mul_add_c(a[6],b[0],c1,c2,c3);
- mul_add_c(a[5],b[1],c1,c2,c3);
- mul_add_c(a[4],b[2],c1,c2,c3);
- mul_add_c(a[3],b[3],c1,c2,c3);
- mul_add_c(a[2],b[4],c1,c2,c3);
- mul_add_c(a[1],b[5],c1,c2,c3);
- mul_add_c(a[0],b[6],c1,c2,c3);
- r[6]=c1;
- c1=0;
- mul_add_c(a[0],b[7],c2,c3,c1);
- mul_add_c(a[1],b[6],c2,c3,c1);
- mul_add_c(a[2],b[5],c2,c3,c1);
- mul_add_c(a[3],b[4],c2,c3,c1);
- mul_add_c(a[4],b[3],c2,c3,c1);
- mul_add_c(a[5],b[2],c2,c3,c1);
- mul_add_c(a[6],b[1],c2,c3,c1);
- mul_add_c(a[7],b[0],c2,c3,c1);
- r[7]=c2;
- c2=0;
- mul_add_c(a[7],b[1],c3,c1,c2);
- mul_add_c(a[6],b[2],c3,c1,c2);
- mul_add_c(a[5],b[3],c3,c1,c2);
- mul_add_c(a[4],b[4],c3,c1,c2);
- mul_add_c(a[3],b[5],c3,c1,c2);
- mul_add_c(a[2],b[6],c3,c1,c2);
- mul_add_c(a[1],b[7],c3,c1,c2);
- r[8]=c3;
- c3=0;
- mul_add_c(a[2],b[7],c1,c2,c3);
- mul_add_c(a[3],b[6],c1,c2,c3);
- mul_add_c(a[4],b[5],c1,c2,c3);
- mul_add_c(a[5],b[4],c1,c2,c3);
- mul_add_c(a[6],b[3],c1,c2,c3);
- mul_add_c(a[7],b[2],c1,c2,c3);
- r[9]=c1;
- c1=0;
- mul_add_c(a[7],b[3],c2,c3,c1);
- mul_add_c(a[6],b[4],c2,c3,c1);
- mul_add_c(a[5],b[5],c2,c3,c1);
- mul_add_c(a[4],b[6],c2,c3,c1);
- mul_add_c(a[3],b[7],c2,c3,c1);
- r[10]=c2;
- c2=0;
- mul_add_c(a[4],b[7],c3,c1,c2);
- mul_add_c(a[5],b[6],c3,c1,c2);
- mul_add_c(a[6],b[5],c3,c1,c2);
- mul_add_c(a[7],b[4],c3,c1,c2);
- r[11]=c3;
- c3=0;
- mul_add_c(a[7],b[5],c1,c2,c3);
- mul_add_c(a[6],b[6],c1,c2,c3);
- mul_add_c(a[5],b[7],c1,c2,c3);
- r[12]=c1;
- c1=0;
- mul_add_c(a[6],b[7],c2,c3,c1);
- mul_add_c(a[7],b[6],c2,c3,c1);
- r[13]=c2;
- c2=0;
- mul_add_c(a[7],b[7],c3,c1,c2);
- r[14]=c3;
- r[15]=c1;
- }
-
-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
- {
+ BN_ULONG t1, t2;
+ BN_ULONG c1, c2, c3;
+
+ c1 = 0;
+ c2 = 0;
+ c3 = 0;
+ mul_add_c(a[0], b[0], c1, c2, c3);
+ r[0] = c1;
+ c1 = 0;
+ mul_add_c(a[0], b[1], c2, c3, c1);
+ mul_add_c(a[1], b[0], c2, c3, c1);
+ r[1] = c2;
+ c2 = 0;
+ mul_add_c(a[2], b[0], c3, c1, c2);
+ mul_add_c(a[1], b[1], c3, c1, c2);
+ mul_add_c(a[0], b[2], c3, c1, c2);
+ r[2] = c3;
+ c3 = 0;
+ mul_add_c(a[0], b[3], c1, c2, c3);
+ mul_add_c(a[1], b[2], c1, c2, c3);
+ mul_add_c(a[2], b[1], c1, c2, c3);
+ mul_add_c(a[3], b[0], c1, c2, c3);
+ r[3] = c1;
+ c1 = 0;
+ mul_add_c(a[4], b[0], c2, c3, c1);
+ mul_add_c(a[3], b[1], c2, c3, c1);
+ mul_add_c(a[2], b[2], c2, c3, c1);
+ mul_add_c(a[1], b[3], c2, c3, c1);
+ mul_add_c(a[0], b[4], c2, c3, c1);
+ r[4] = c2;
+ c2 = 0;
+ mul_add_c(a[0], b[5], c3, c1, c2);
+ mul_add_c(a[1], b[4], c3, c1, c2);
+ mul_add_c(a[2], b[3], c3, c1, c2);
+ mul_add_c(a[3], b[2], c3, c1, c2);
+ mul_add_c(a[4], b[1], c3, c1, c2);
+ mul_add_c(a[5], b[0], c3, c1, c2);
+ r[5] = c3;
+ c3 = 0;
+ mul_add_c(a[6], b[0], c1, c2, c3);
+ mul_add_c(a[5], b[1], c1, c2, c3);
+ mul_add_c(a[4], b[2], c1, c2, c3);
+ mul_add_c(a[3], b[3], c1, c2, c3);
+ mul_add_c(a[2], b[4], c1, c2, c3);
+ mul_add_c(a[1], b[5], c1, c2, c3);
+ mul_add_c(a[0], b[6], c1, c2, c3);
+ r[6] = c1;
+ c1 = 0;
+ mul_add_c(a[0], b[7], c2, c3, c1);
+ mul_add_c(a[1], b[6], c2, c3, c1);
+ mul_add_c(a[2], b[5], c2, c3, c1);
+ mul_add_c(a[3], b[4], c2, c3, c1);
+ mul_add_c(a[4], b[3], c2, c3, c1);
+ mul_add_c(a[5], b[2], c2, c3, c1);
+ mul_add_c(a[6], b[1], c2, c3, c1);
+ mul_add_c(a[7], b[0], c2, c3, c1);
+ r[7] = c2;
+ c2 = 0;
+ mul_add_c(a[7], b[1], c3, c1, c2);
+ mul_add_c(a[6], b[2], c3, c1, c2);
+ mul_add_c(a[5], b[3], c3, c1, c2);
+ mul_add_c(a[4], b[4], c3, c1, c2);
+ mul_add_c(a[3], b[5], c3, c1, c2);
+ mul_add_c(a[2], b[6], c3, c1, c2);
+ mul_add_c(a[1], b[7], c3, c1, c2);
+ r[8] = c3;
+ c3 = 0;
+ mul_add_c(a[2], b[7], c1, c2, c3);
+ mul_add_c(a[3], b[6], c1, c2, c3);
+ mul_add_c(a[4], b[5], c1, c2, c3);
+ mul_add_c(a[5], b[4], c1, c2, c3);
+ mul_add_c(a[6], b[3], c1, c2, c3);
+ mul_add_c(a[7], b[2], c1, c2, c3);
+ r[9] = c1;
+ c1 = 0;
+ mul_add_c(a[7], b[3], c2, c3, c1);
+ mul_add_c(a[6], b[4], c2, c3, c1);
+ mul_add_c(a[5], b[5], c2, c3, c1);
+ mul_add_c(a[4], b[6], c2, c3, c1);
+ mul_add_c(a[3], b[7], c2, c3, c1);
+ r[10] = c2;
+ c2 = 0;
+ mul_add_c(a[4], b[7], c3, c1, c2);
+ mul_add_c(a[5], b[6], c3, c1, c2);
+ mul_add_c(a[6], b[5], c3, c1, c2);
+ mul_add_c(a[7], b[4], c3, c1, c2);
+ r[11] = c3;
+ c3 = 0;
+ mul_add_c(a[7], b[5], c1, c2, c3);
+ mul_add_c(a[6], b[6], c1, c2, c3);
+ mul_add_c(a[5], b[7], c1, c2, c3);
+ r[12] = c1;
+ c1 = 0;
+ mul_add_c(a[6], b[7], c2, c3, c1);
+ mul_add_c(a[7], b[6], c2, c3, c1);
+ r[13] = c2;
+ c2 = 0;
+ mul_add_c(a[7], b[7], c3, c1, c2);
+ r[14] = c3;
+ r[15] = c1;
+}
+
+void
+bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
#ifdef BN_LLONG
BN_ULLONG t;
#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
- BN_ULONG bl,bh;
+ BN_ULONG bl, bh;
#endif
- BN_ULONG t1,t2;
- BN_ULONG c1,c2,c3;
-
- c1=0;
- c2=0;
- c3=0;
- mul_add_c(a[0],b[0],c1,c2,c3);
- r[0]=c1;
- c1=0;
- mul_add_c(a[0],b[1],c2,c3,c1);
- mul_add_c(a[1],b[0],c2,c3,c1);
- r[1]=c2;
- c2=0;
- mul_add_c(a[2],b[0],c3,c1,c2);
- mul_add_c(a[1],b[1],c3,c1,c2);
- mul_add_c(a[0],b[2],c3,c1,c2);
- r[2]=c3;
- c3=0;
- mul_add_c(a[0],b[3],c1,c2,c3);
- mul_add_c(a[1],b[2],c1,c2,c3);
- mul_add_c(a[2],b[1],c1,c2,c3);
- mul_add_c(a[3],b[0],c1,c2,c3);
- r[3]=c1;
- c1=0;
- mul_add_c(a[3],b[1],c2,c3,c1);
- mul_add_c(a[2],b[2],c2,c3,c1);
- mul_add_c(a[1],b[3],c2,c3,c1);
- r[4]=c2;
- c2=0;
- mul_add_c(a[2],b[3],c3,c1,c2);
- mul_add_c(a[3],b[2],c3,c1,c2);
- r[5]=c3;
- c3=0;
- mul_add_c(a[3],b[3],c1,c2,c3);
- r[6]=c1;
- r[7]=c2;
- }
-
-void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
- {
+ BN_ULONG t1, t2;
+ BN_ULONG c1, c2, c3;
+
+ c1 = 0;
+ c2 = 0;
+ c3 = 0;
+ mul_add_c(a[0], b[0], c1, c2, c3);
+ r[0] = c1;
+ c1 = 0;
+ mul_add_c(a[0], b[1], c2, c3, c1);
+ mul_add_c(a[1], b[0], c2, c3, c1);
+ r[1] = c2;
+ c2 = 0;
+ mul_add_c(a[2], b[0], c3, c1, c2);
+ mul_add_c(a[1], b[1], c3, c1, c2);
+ mul_add_c(a[0], b[2], c3, c1, c2);
+ r[2] = c3;
+ c3 = 0;
+ mul_add_c(a[0], b[3], c1, c2, c3);
+ mul_add_c(a[1], b[2], c1, c2, c3);
+ mul_add_c(a[2], b[1], c1, c2, c3);
+ mul_add_c(a[3], b[0], c1, c2, c3);
+ r[3] = c1;
+ c1 = 0;
+ mul_add_c(a[3], b[1], c2, c3, c1);
+ mul_add_c(a[2], b[2], c2, c3, c1);
+ mul_add_c(a[1], b[3], c2, c3, c1);
+ r[4] = c2;
+ c2 = 0;
+ mul_add_c(a[2], b[3], c3, c1, c2);
+ mul_add_c(a[3], b[2], c3, c1, c2);
+ r[5] = c3;
+ c3 = 0;
+ mul_add_c(a[3], b[3], c1, c2, c3);
+ r[6] = c1;
+ r[7] = c2;
+}
+
+void
+bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+{
#ifdef BN_LLONG
- BN_ULLONG t,tt;
+ BN_ULLONG t, tt;
#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
- BN_ULONG bl,bh;
+ BN_ULONG bl, bh;
#endif
- BN_ULONG t1,t2;
- BN_ULONG c1,c2,c3;
-
- c1=0;
- c2=0;
- c3=0;
- sqr_add_c(a,0,c1,c2,c3);
- r[0]=c1;
- c1=0;
- sqr_add_c2(a,1,0,c2,c3,c1);
- r[1]=c2;
- c2=0;
- sqr_add_c(a,1,c3,c1,c2);
- sqr_add_c2(a,2,0,c3,c1,c2);
- r[2]=c3;
- c3=0;
- sqr_add_c2(a,3,0,c1,c2,c3);
- sqr_add_c2(a,2,1,c1,c2,c3);
- r[3]=c1;
- c1=0;
- sqr_add_c(a,2,c2,c3,c1);
- sqr_add_c2(a,3,1,c2,c3,c1);
- sqr_add_c2(a,4,0,c2,c3,c1);
- r[4]=c2;
- c2=0;
- sqr_add_c2(a,5,0,c3,c1,c2);
- sqr_add_c2(a,4,1,c3,c1,c2);
- sqr_add_c2(a,3,2,c3,c1,c2);
- r[5]=c3;
- c3=0;
- sqr_add_c(a,3,c1,c2,c3);
- sqr_add_c2(a,4,2,c1,c2,c3);
- sqr_add_c2(a,5,1,c1,c2,c3);
- sqr_add_c2(a,6,0,c1,c2,c3);
- r[6]=c1;
- c1=0;
- sqr_add_c2(a,7,0,c2,c3,c1);
- sqr_add_c2(a,6,1,c2,c3,c1);
- sqr_add_c2(a,5,2,c2,c3,c1);
- sqr_add_c2(a,4,3,c2,c3,c1);
- r[7]=c2;
- c2=0;
- sqr_add_c(a,4,c3,c1,c2);
- sqr_add_c2(a,5,3,c3,c1,c2);
- sqr_add_c2(a,6,2,c3,c1,c2);
- sqr_add_c2(a,7,1,c3,c1,c2);
- r[8]=c3;
- c3=0;
- sqr_add_c2(a,7,2,c1,c2,c3);
- sqr_add_c2(a,6,3,c1,c2,c3);
- sqr_add_c2(a,5,4,c1,c2,c3);
- r[9]=c1;
- c1=0;
- sqr_add_c(a,5,c2,c3,c1);
- sqr_add_c2(a,6,4,c2,c3,c1);
- sqr_add_c2(a,7,3,c2,c3,c1);
- r[10]=c2;
- c2=0;
- sqr_add_c2(a,7,4,c3,c1,c2);
- sqr_add_c2(a,6,5,c3,c1,c2);
- r[11]=c3;
- c3=0;
- sqr_add_c(a,6,c1,c2,c3);
- sqr_add_c2(a,7,5,c1,c2,c3);
- r[12]=c1;
- c1=0;
- sqr_add_c2(a,7,6,c2,c3,c1);
- r[13]=c2;
- c2=0;
- sqr_add_c(a,7,c3,c1,c2);
- r[14]=c3;
- r[15]=c1;
- }
-
-void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
- {
+ BN_ULONG t1, t2;
+ BN_ULONG c1, c2, c3;
+
+ c1 = 0;
+ c2 = 0;
+ c3 = 0;
+ sqr_add_c(a, 0, c1, c2, c3);
+ r[0] = c1;
+ c1 = 0;
+ sqr_add_c2(a, 1, 0, c2, c3, c1);
+ r[1] = c2;
+ c2 = 0;
+ sqr_add_c(a, 1, c3, c1, c2);
+ sqr_add_c2(a, 2, 0, c3, c1, c2);
+ r[2] = c3;
+ c3 = 0;
+ sqr_add_c2(a, 3, 0, c1, c2, c3);
+ sqr_add_c2(a, 2, 1, c1, c2, c3);
+ r[3] = c1;
+ c1 = 0;
+ sqr_add_c(a, 2, c2, c3, c1);
+ sqr_add_c2(a, 3, 1, c2, c3, c1);
+ sqr_add_c2(a, 4, 0, c2, c3, c1);
+ r[4] = c2;
+ c2 = 0;
+ sqr_add_c2(a, 5, 0, c3, c1, c2);
+ sqr_add_c2(a, 4, 1, c3, c1, c2);
+ sqr_add_c2(a, 3, 2, c3, c1, c2);
+ r[5] = c3;
+ c3 = 0;
+ sqr_add_c(a, 3, c1, c2, c3);
+ sqr_add_c2(a, 4, 2, c1, c2, c3);
+ sqr_add_c2(a, 5, 1, c1, c2, c3);
+ sqr_add_c2(a, 6, 0, c1, c2, c3);
+ r[6] = c1;
+ c1 = 0;
+ sqr_add_c2(a, 7, 0, c2, c3, c1);
+ sqr_add_c2(a, 6, 1, c2, c3, c1);
+ sqr_add_c2(a, 5, 2, c2, c3, c1);
+ sqr_add_c2(a, 4, 3, c2, c3, c1);
+ r[7] = c2;
+ c2 = 0;
+ sqr_add_c(a, 4, c3, c1, c2);
+ sqr_add_c2(a, 5, 3, c3, c1, c2);
+ sqr_add_c2(a, 6, 2, c3, c1, c2);
+ sqr_add_c2(a, 7, 1, c3, c1, c2);
+ r[8] = c3;
+ c3 = 0;
+ sqr_add_c2(a, 7, 2, c1, c2, c3);
+ sqr_add_c2(a, 6, 3, c1, c2, c3);
+ sqr_add_c2(a, 5, 4, c1, c2, c3);
+ r[9] = c1;
+ c1 = 0;
+ sqr_add_c(a, 5, c2, c3, c1);
+ sqr_add_c2(a, 6, 4, c2, c3, c1);
+ sqr_add_c2(a, 7, 3, c2, c3, c1);
+ r[10] = c2;
+ c2 = 0;
+ sqr_add_c2(a, 7, 4, c3, c1, c2);
+ sqr_add_c2(a, 6, 5, c3, c1, c2);
+ r[11] = c3;
+ c3 = 0;
+ sqr_add_c(a, 6, c1, c2, c3);
+ sqr_add_c2(a, 7, 5, c1, c2, c3);
+ r[12] = c1;
+ c1 = 0;
+ sqr_add_c2(a, 7, 6, c2, c3, c1);
+ r[13] = c2;
+ c2 = 0;
+ sqr_add_c(a, 7, c3, c1, c2);
+ r[14] = c3;
+ r[15] = c1;
+}
+
+void
+bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+{
#ifdef BN_LLONG
- BN_ULLONG t,tt;
+ BN_ULLONG t, tt;
#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
- BN_ULONG bl,bh;
+ BN_ULONG bl, bh;
#endif
- BN_ULONG t1,t2;
- BN_ULONG c1,c2,c3;
-
- c1=0;
- c2=0;
- c3=0;
- sqr_add_c(a,0,c1,c2,c3);
- r[0]=c1;
- c1=0;
- sqr_add_c2(a,1,0,c2,c3,c1);
- r[1]=c2;
- c2=0;
- sqr_add_c(a,1,c3,c1,c2);
- sqr_add_c2(a,2,0,c3,c1,c2);
- r[2]=c3;
- c3=0;
- sqr_add_c2(a,3,0,c1,c2,c3);
- sqr_add_c2(a,2,1,c1,c2,c3);
- r[3]=c1;
- c1=0;
- sqr_add_c(a,2,c2,c3,c1);
- sqr_add_c2(a,3,1,c2,c3,c1);
- r[4]=c2;
- c2=0;
- sqr_add_c2(a,3,2,c3,c1,c2);
- r[5]=c3;
- c3=0;
- sqr_add_c(a,3,c1,c2,c3);
- r[6]=c1;
- r[7]=c2;
- }
+ BN_ULONG t1, t2;
+ BN_ULONG c1, c2, c3;
+
+ c1 = 0;
+ c2 = 0;
+ c3 = 0;
+ sqr_add_c(a, 0, c1, c2, c3);
+ r[0] = c1;
+ c1 = 0;
+ sqr_add_c2(a, 1, 0, c2, c3, c1);
+ r[1] = c2;
+ c2 = 0;
+ sqr_add_c(a, 1, c3, c1, c2);
+ sqr_add_c2(a, 2, 0, c3, c1, c2);
+ r[2] = c3;
+ c3 = 0;
+ sqr_add_c2(a, 3, 0, c1, c2, c3);
+ sqr_add_c2(a, 2, 1, c1, c2, c3);
+ r[3] = c1;
+ c1 = 0;
+ sqr_add_c(a, 2, c2, c3, c1);
+ sqr_add_c2(a, 3, 1, c2, c3, c1);
+ r[4] = c2;
+ c2 = 0;
+ sqr_add_c2(a, 3, 2, c3, c1, c2);
+ r[5] = c3;
+ c3 = 0;
+ sqr_add_c(a, 3, c1, c2, c3);
+ r[6] = c1;
+ r[7] = c2;
+}
#ifdef OPENSSL_NO_ASM
#ifdef OPENSSL_BN_ASM_MONT
* versions. Assembler vs. assembler improvement coefficients can
* [and are known to] differ and are to be documented elsewhere.
*/
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0p, int num)
- {
- BN_ULONG c0,c1,ml,*tp,n0;
+int
+bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0p, int num)
+{
+ BN_ULONG c0, c1, ml, *tp, n0;
#ifdef mul64
BN_ULONG mh;
#endif
volatile BN_ULONG *vp;
- int i=0,j;
+ int i = 0, j;
#if 0 /* template for platform-specific implementation */
- if (ap==bp) return bn_sqr_mont(rp,ap,np,n0p,num);
+ if (ap == bp)
+ return bn_sqr_mont(rp, ap, np, n0p, num);
#endif
- vp = tp = alloca((num+2)*sizeof(BN_ULONG));
+ vp = tp = alloca((num + 2)*sizeof(BN_ULONG));
n0 = *n0p;
#ifdef mul64
mh = HBITS(ml);
ml = LBITS(ml);
- for (j=0;j<num;++j)
- mul(tp[j],ap[j],ml,mh,c0);
+ for (j = 0; j < num; ++j)
+ mul(tp[j], ap[j], ml, mh, c0);
#else
- for (j=0;j<num;++j)
- mul(tp[j],ap[j],ml,c0);
+ for (j = 0; j < num; ++j)
+ mul(tp[j], ap[j], ml, c0);
#endif
- tp[num] = c0;
- tp[num+1] = 0;
+ tp[num] = c0;
+ tp[num + 1] = 0;
goto enter;
- for(i=0;i<num;i++)
- {
+ for (i = 0; i < num; i++) {
c0 = 0;
ml = bp[i];
#ifdef mul64
mh = HBITS(ml);
ml = LBITS(ml);
- for (j=0;j<num;++j)
- mul_add(tp[j],ap[j],ml,mh,c0);
+ for (j = 0; j < num; ++j)
+ mul_add(tp[j], ap[j], ml, mh, c0);
#else
- for (j=0;j<num;++j)
- mul_add(tp[j],ap[j],ml,c0);
+ for (j = 0; j < num; ++j)
+ mul_add(tp[j], ap[j], ml, c0);
#endif
- c1 = (tp[num] + c0)&BN_MASK2;
- tp[num] = c1;
- tp[num+1] = (c1<c0?1:0);
- enter:
- c1 = tp[0];
- ml = (c1*n0)&BN_MASK2;
+ c1 = (tp[num] + c0) & BN_MASK2;
+ tp[num] = c1;
+ tp[num + 1] = (c1 < c0 ? 1 : 0);
+enter:
+ c1 = tp[0];
+ ml = (c1 * n0) & BN_MASK2;
c0 = 0;
#ifdef mul64
mh = HBITS(ml);
ml = LBITS(ml);
- mul_add(c1,np[0],ml,mh,c0);
+ mul_add(c1, np[0], ml, mh, c0);
#else
- mul_add(c1,ml,np[0],c0);
+ mul_add(c1, ml, np[0], c0);
#endif
- for(j=1;j<num;j++)
- {
+ for (j = 1; j < num; j++) {
c1 = tp[j];
#ifdef mul64
- mul_add(c1,np[j],ml,mh,c0);
+ mul_add(c1, np[j], ml, mh, c0);
#else
- mul_add(c1,ml,np[j],c0);
+ mul_add(c1, ml, np[j], c0);
#endif
- tp[j-1] = c1&BN_MASK2;
- }
- c1 = (tp[num] + c0)&BN_MASK2;
- tp[num-1] = c1;
- tp[num] = tp[num+1] + (c1<c0?1:0);
+ tp[j - 1] = c1 & BN_MASK2;
}
+ c1 = (tp[num] + c0) & BN_MASK2;
+ tp[num - 1] = c1;
+ tp[num] = tp[num + 1] + (c1 < c0 ? 1 : 0);
+ }
- if (tp[num]!=0 || tp[num-1]>=np[num-1])
- {
- c0 = bn_sub_words(rp,tp,np,num);
- if (tp[num]!=0 || c0==0)
- {
- for(i=0;i<num+2;i++) vp[i] = 0;
+ if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
+ c0 = bn_sub_words(rp, tp, np, num);
+ if (tp[num] != 0 || c0 == 0) {
+ for (i = 0; i < num + 2; i++)
+ vp[i] = 0;
return 1;
- }
}
- for(i=0;i<num;i++) rp[i] = tp[i], vp[i] = 0;
- vp[num] = 0;
- vp[num+1] = 0;
- return 1;
}
+ for (i = 0; i < num; i++)
+ rp[i] = tp[i], vp[i] = 0;
+ vp[num] = 0;
+ vp[num + 1] = 0;
+ return 1;
+}
#else
/*
* Return value of 0 indicates that multiplication/convolution was not
* performed to signal the caller to fall down to alternative/original
* code-path.
*/
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
-{ return 0; }
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num)
+ { return 0;
+}
#endif /* OPENSSL_BN_ASM_MONT */
#endif
/* hmm... is it faster just to do a multiply? */
#undef bn_sqr_comba4
-void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
- {
+void
+bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+{
BN_ULONG t[8];
- bn_sqr_normal(r,a,4,t);
- }
+ bn_sqr_normal(r, a, 4, t);
+}
#undef bn_sqr_comba8
-void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
- {
+void
+bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+{
BN_ULONG t[16];
- bn_sqr_normal(r,a,8,t);
- }
-
-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
- {
- r[4]=bn_mul_words( &(r[0]),a,4,b[0]);
- r[5]=bn_mul_add_words(&(r[1]),a,4,b[1]);
- r[6]=bn_mul_add_words(&(r[2]),a,4,b[2]);
- r[7]=bn_mul_add_words(&(r[3]),a,4,b[3]);
- }
-
-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
- {
- r[ 8]=bn_mul_words( &(r[0]),a,8,b[0]);
- r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
- r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);
- r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);
- r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);
- r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);
- r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);
- r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
- }
+ bn_sqr_normal(r, a, 8, t);
+}
+
+void
+bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+ r[4] = bn_mul_words(&(r[0]), a, 4, b[0]);
+ r[5] = bn_mul_add_words(&(r[1]), a, 4, b[1]);
+ r[6] = bn_mul_add_words(&(r[2]), a, 4, b[2]);
+ r[7] = bn_mul_add_words(&(r[3]), a, 4, b[3]);
+}
+
+void
+bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+ r[8] = bn_mul_words(&(r[0]), a, 8, b[0]);
+ r[9] = bn_mul_add_words(&(r[1]), a, 8, b[1]);
+ r[10] = bn_mul_add_words(&(r[2]), a, 8, b[2]);
+ r[11] = bn_mul_add_words(&(r[3]), a, 8, b[3]);
+ r[12] = bn_mul_add_words(&(r[4]), a, 8, b[4]);
+ r[13] = bn_mul_add_words(&(r[5]), a, 8, b[5]);
+ r[14] = bn_mul_add_words(&(r[6]), a, 8, b[6]);
+ r[15] = bn_mul_add_words(&(r[7]), a, 8, b[7]);
+}
#ifdef OPENSSL_NO_ASM
#ifdef OPENSSL_BN_ASM_MONT
#include <alloca.h>
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0p, int num)
- {
- BN_ULONG c0,c1,*tp,n0=*n0p;
+int
+bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ const BN_ULONG *np, const BN_ULONG *n0p, int num)
+{
+ BN_ULONG c0, c1, *tp, n0 = *n0p;
volatile BN_ULONG *vp;
- int i=0,j;
+ int i = 0, j;
- vp = tp = alloca((num+2)*sizeof(BN_ULONG));
+ vp = tp = alloca((num + 2) * sizeof(BN_ULONG));
- for(i=0;i<=num;i++) tp[i]=0;
+ for(i = 0; i <= num; i++)
+ tp[i] = 0;
- for(i=0;i<num;i++)
- {
- c0 = bn_mul_add_words(tp,ap,num,bp[i]);
- c1 = (tp[num] + c0)&BN_MASK2;
- tp[num] = c1;
- tp[num+1] = (c1<c0?1:0);
+ for (i = 0; i < num; i++) {
+ c0 = bn_mul_add_words(tp, ap, num, bp[i]);
+ c1 = (tp[num] + c0) & BN_MASK2;
+ tp[num] = c1;
+ tp[num + 1] = (c1 < c0 ? 1 : 0);
- c0 = bn_mul_add_words(tp,np,num,tp[0]*n0);
- c1 = (tp[num] + c0)&BN_MASK2;
- tp[num] = c1;
- tp[num+1] += (c1<c0?1:0);
- for(j=0;j<=num;j++) tp[j]=tp[j+1];
- }
+ c0 = bn_mul_add_words(tp, np, num, tp[0] * n0);
+ c1 = (tp[num] + c0) & BN_MASK2;
+ tp[num] = c1;
+ tp[num + 1] += (c1 < c0 ? 1 : 0);
+ for (j = 0; j <= num; j++)
+ tp[j] = tp[j + 1];
+ }
- if (tp[num]!=0 || tp[num-1]>=np[num-1])
- {
- c0 = bn_sub_words(rp,tp,np,num);
- if (tp[num]!=0 || c0==0)
- {
- for(i=0;i<num+2;i++) vp[i] = 0;
+ if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
+ c0 = bn_sub_words(rp, tp, np, num);
+ if (tp[num] != 0 || c0 == 0) {
+ for (i = 0; i < num + 2; i++)
+ vp[i] = 0;
return 1;
- }
}
- for(i=0;i<num;i++) rp[i] = tp[i], vp[i] = 0;
- vp[num] = 0;
- vp[num+1] = 0;
- return 1;
}
+ for (i = 0; i < num; i++)
+ rp[i] = tp[i], vp[i] = 0;
+ vp[num] = 0;
+ vp[num + 1] = 0;
+ return 1;
+}
#else
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
-{ return 0; }
+int
+bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ const BN_ULONG *np, const BN_ULONG *n0, int num)
+{
+ return 0;
+}
#endif /* OPENSSL_BN_ASM_MONT */
#endif
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#define BN_BLINDING_COUNTER 32
-struct bn_blinding_st
- {
+struct bn_blinding_st {
BIGNUM *A;
BIGNUM *Ai;
BIGNUM *e;
unsigned long flags;
BN_MONT_CTX *m_ctx;
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
- };
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+};
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
- {
- BN_BLINDING *ret=NULL;
+BN_BLINDING *
+BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
+{
+ BN_BLINDING *ret = NULL;
bn_check_top(mod);
- if ((ret=(BN_BLINDING *)malloc(sizeof(BN_BLINDING))) == NULL)
- {
- BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- memset(ret,0,sizeof(BN_BLINDING));
- if (A != NULL)
- {
- if ((ret->A = BN_dup(A)) == NULL) goto err;
- }
- if (Ai != NULL)
- {
- if ((ret->Ai = BN_dup(Ai)) == NULL) goto err;
- }
+ if ((ret = (BN_BLINDING *)malloc(sizeof(BN_BLINDING))) == NULL) {
+ BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ memset(ret, 0, sizeof(BN_BLINDING));
+ if (A != NULL) {
+ if ((ret->A = BN_dup(A)) == NULL)
+ goto err;
+ }
+ if (Ai != NULL) {
+ if ((ret->Ai = BN_dup(Ai)) == NULL)
+ goto err;
+ }
/* save a copy of mod in the BN_BLINDING structure */
- if ((ret->mod = BN_dup(mod)) == NULL) goto err;
+ if ((ret->mod = BN_dup(mod)) == NULL)
+ goto err;
if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
* that does not need updating before first use. */
ret->counter = -1;
CRYPTO_THREADID_current(&ret->tid);
- return(ret);
-err:
- if (ret != NULL) BN_BLINDING_free(ret);
- return(NULL);
- }
+ return (ret);
-void BN_BLINDING_free(BN_BLINDING *r)
- {
- if(r == NULL)
- return;
+err:
+ if (ret != NULL)
+ BN_BLINDING_free(ret);
+ return (NULL);
+}
- if (r->A != NULL) BN_clear_free(r->A );
- if (r->Ai != NULL) BN_clear_free(r->Ai);
- if (r->e != NULL) BN_clear_free(r->e );
- if (r->mod != NULL) BN_clear_free(r->mod);
+void
+BN_BLINDING_free(BN_BLINDING *r)
+{
+ if (r == NULL)
+ return;
+
+ if (r->A != NULL)
+ BN_clear_free(r->A );
+ if (r->Ai != NULL)
+ BN_clear_free(r->Ai);
+ if (r->e != NULL)
+ BN_clear_free(r->e );
+ if (r->mod != NULL)
+ BN_clear_free(r->mod);
free(r);
- }
+}
-int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
- {
- int ret=0;
+int
+BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
+{
+ int ret = 0;
- if ((b->A == NULL) || (b->Ai == NULL))
- {
- BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED);
+ if ((b->A == NULL) || (b->Ai == NULL)) {
+ BNerr(BN_F_BN_BLINDING_UPDATE, BN_R_NOT_INITIALIZED);
goto err;
- }
+ }
if (b->counter == -1)
b->counter = 0;
if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
- !(b->flags & BN_BLINDING_NO_RECREATE))
- {
+ !(b->flags & BN_BLINDING_NO_RECREATE)) {
/* re-create blinding parameters */
if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
goto err;
- }
- else if (!(b->flags & BN_BLINDING_NO_UPDATE))
- {
- if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err;
- if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err;
- }
+ } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) {
+ if (!BN_mod_mul(b->A, b->A, b->A, b->mod, ctx))
+ goto err;
+ if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx))
+ goto err;
+ }
+
+ ret = 1;
- ret=1;
err:
if (b->counter == BN_BLINDING_COUNTER)
b->counter = 0;
- return(ret);
- }
+ return (ret);
+}
-int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
- {
+int
+BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
+{
return BN_BLINDING_convert_ex(n, NULL, b, ctx);
- }
+}
-int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
- {
+int
+BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
+{
int ret = 1;
bn_check_top(n);
- if ((b->A == NULL) || (b->Ai == NULL))
- {
- BNerr(BN_F_BN_BLINDING_CONVERT_EX,BN_R_NOT_INITIALIZED);
- return(0);
- }
+ if ((b->A == NULL) || (b->Ai == NULL)) {
+ BNerr(BN_F_BN_BLINDING_CONVERT_EX, BN_R_NOT_INITIALIZED);
+ return (0);
+ }
if (b->counter == -1)
/* Fresh blinding, doesn't need updating. */
b->counter = 0;
- else if (!BN_BLINDING_update(b,ctx))
- return(0);
+ else if (!BN_BLINDING_update(b, ctx))
+ return (0);
- if (r != NULL)
- {
- if (!BN_copy(r, b->Ai)) ret=0;
- }
+ if (r != NULL) {
+ if (!BN_copy(r, b->Ai))
+ ret = 0;
+ }
+
+ if (!BN_mod_mul(n, n,b->A, b->mod, ctx))
+ ret = 0;
- if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0;
-
return ret;
- }
+}
-int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
- {
+int
+BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
+{
return BN_BLINDING_invert_ex(n, NULL, b, ctx);
- }
+}
-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
- {
+int
+BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
+{
int ret;
bn_check_top(n);
if (r != NULL)
ret = BN_mod_mul(n, n, r, b->mod, ctx);
- else
- {
- if (b->Ai == NULL)
- {
- BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
- return(0);
- }
- ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
+ else {
+ if (b->Ai == NULL) {
+ BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED);
+ return (0);
}
+ ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
+ }
bn_check_top(n);
- return(ret);
- }
+ return (ret);
+}
#ifndef OPENSSL_NO_DEPRECATED
-unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b)
- {
+unsigned long
+BN_BLINDING_get_thread_id(const BN_BLINDING *b)
+{
return b->thread_id;
- }
+}
-void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n)
- {
+void
+BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n)
+{
b->thread_id = n;
- }
+}
#endif
-CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b)
- {
+CRYPTO_THREADID *
+BN_BLINDING_thread_id(BN_BLINDING *b)
+{
return &b->tid;
- }
+}
-unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b)
- {
+unsigned long
+BN_BLINDING_get_flags(const BN_BLINDING *b)
+{
return b->flags;
- }
+}
-void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
- {
+void
+BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
+{
b->flags = flags;
- }
+}
-BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
- const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
- BN_MONT_CTX *m_ctx)
+BN_BLINDING *
+BN_BLINDING_create_param(BN_BLINDING *b, const BIGNUM *e, BIGNUM *m,
+ BN_CTX *ctx, int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), BN_MONT_CTX *m_ctx)
{
int retry_counter = 32;
BN_BLINDING *ret = NULL;
if (ret == NULL)
goto err;
- if (ret->A == NULL && (ret->A = BN_new()) == NULL)
+ if (ret->A == NULL && (ret->A = BN_new()) == NULL)
goto err;
- if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL)
+ if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL)
goto err;
- if (e != NULL)
- {
+ if (e != NULL) {
if (ret->e != NULL)
BN_free(ret->e);
ret->e = BN_dup(e);
- }
+ }
if (ret->e == NULL)
goto err;
ret->m_ctx = m_ctx;
do {
- if (!BN_rand_range(ret->A, ret->mod)) goto err;
- if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL)
- {
+ if (!BN_rand_range(ret->A, ret->mod))
+ goto err;
+ if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) {
/* this should almost never happen for good RSA keys */
unsigned long error = ERR_peek_last_error();
- if (ERR_GET_REASON(error) == BN_R_NO_INVERSE)
- {
- if (retry_counter-- == 0)
- {
+ if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+ if (retry_counter-- == 0) {
BNerr(BN_F_BN_BLINDING_CREATE_PARAM,
- BN_R_TOO_MANY_ITERATIONS);
+ BN_R_TOO_MANY_ITERATIONS);
goto err;
}
ERR_clear_error();
- }
- else
+ } else
goto err;
- }
- else
+ } else
break;
} while (1);
- if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL)
- {
- if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
+ if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) {
+ if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod,
+ ctx, ret->m_ctx))
goto err;
- }
- else
- {
+ } else {
if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
goto err;
- }
+ }
return ret;
+
err:
- if (b == NULL && ret != NULL)
- {
+ if (b == NULL && ret != NULL) {
BN_BLINDING_free(ret);
ret = NULL;
- }
+ }
return ret;
}
* RFC2412 specifies a generator of of 22.
*/
-BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
- {
- static const unsigned char RFC2409_PRIME_768[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn);
- }
+BIGNUM *
+get_rfc2409_prime_768(BIGNUM *bn)
+{
+ static const unsigned char RFC2409_PRIME_768[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x3A, 0x36, 0x20, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn);
+}
/* "Second Oakley Default Group" from RFC2409, section 6.2.
*
* RFC2412 specifies a generator of 22.
*/
-BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
- {
- static const unsigned char RFC2409_PRIME_1024[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn);
- }
+BIGNUM *
+get_rfc2409_prime_1024(BIGNUM *bn)
+{
+ static const unsigned char RFC2409_PRIME_1024[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn);
+}
/* "1536-bit MODP Group" from RFC3526, Section 2.
*
* RFC2312 specifies a generator of 22.
*/
-BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
- {
- static const unsigned char RFC3526_PRIME_1536[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
- 0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn);
- }
+BIGNUM *
+get_rfc3526_prime_1536(BIGNUM *bn)
+{
+ static const unsigned char RFC3526_PRIME_1536[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x23, 0x73, 0x27, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), bn);
+}
/* "2048-bit MODP Group" from RFC3526, Section 3.
*
* RFC3526 specifies a generator of 2.
*/
-BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
- {
- static const unsigned char RFC3526_PRIME_2048[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn);
- }
+BIGNUM *
+get_rfc3526_prime_2048(BIGNUM *bn)
+{
+ static const unsigned char RFC3526_PRIME_2048[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_2048, sizeof(RFC3526_PRIME_2048), bn);
+}
/* "3072-bit MODP Group" from RFC3526, Section 4.
*
* RFC3526 specifies a generator of 2.
*/
-BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
- {
- static const unsigned char RFC3526_PRIME_3072[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
- 0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn);
- }
+BIGNUM *
+get_rfc3526_prime_3072(BIGNUM *bn)
+{
+ static const unsigned char RFC3526_PRIME_3072[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+ 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_3072, sizeof(RFC3526_PRIME_3072), bn);
+}
/* "4096-bit MODP Group" from RFC3526, Section 5.
*
* RFC3526 specifies a generator of 2.
*/
-BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
- {
- static const unsigned char RFC3526_PRIME_4096[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
- 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
- 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
- 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
- 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
- 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
- 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
- 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
- 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn);
- }
+BIGNUM *
+get_rfc3526_prime_4096(BIGNUM *bn)
+{
+ static const unsigned char RFC3526_PRIME_4096[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
+ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
+ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
+ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
+ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
+ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_4096, sizeof(RFC3526_PRIME_4096), bn);
+}
/* "6144-bit MODP Group" from RFC3526, Section 6.
*
* RFC3526 specifies a generator of 2.
*/
-BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
- {
- static const unsigned char RFC3526_PRIME_6144[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
- 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
- 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
- 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
- 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
- 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
- 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
- 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
- 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
- 0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
- 0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
- 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
- 0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
- 0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
- 0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
- 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
- 0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
- 0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
- 0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
- 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
- 0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
- 0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
- 0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
- 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
- 0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
- 0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
- 0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
- 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
- 0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
- 0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
- 0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn);
- }
+BIGNUM *
+get_rfc3526_prime_6144(BIGNUM *bn)
+{
+ static const unsigned char RFC3526_PRIME_6144[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
+ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
+ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
+ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
+ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
+ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
+ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2,
+ 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
+ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F,
+ 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
+ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB,
+ 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
+ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51,
+ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
+ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15,
+ 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
+ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31,
+ 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
+ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7,
+ 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
+ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2,
+ 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
+ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D,
+ 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
+ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7,
+ 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
+ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E,
+ 0x6D, 0xCC, 0x40, 0x24, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_6144, sizeof(RFC3526_PRIME_6144), bn);
+}
/* "8192-bit MODP Group" from RFC3526, Section 7.
*
* RFC3526 specifies a generator of 2.
*/
-BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn)
- {
- static const unsigned char RFC3526_PRIME_8192[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
- 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
- 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
- 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
- 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
- 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
- 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
- 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
- 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
- 0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
- 0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
- 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
- 0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
- 0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
- 0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
- 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
- 0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
- 0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
- 0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
- 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
- 0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
- 0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
- 0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
- 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
- 0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
- 0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
- 0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
- 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
- 0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
- 0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
- 0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
- 0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,
- 0x73,0xB9,0x31,0xBA,0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,
- 0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,0x25,0x76,0xF6,0x93,
- 0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
- 0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,
- 0xE3,0x9D,0x65,0x2D,0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,
- 0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,0x13,0xEB,0x57,0xA8,
- 0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
- 0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,
- 0xA2,0xC0,0x87,0xE8,0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,
- 0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,0x6D,0x2A,0x13,0xF8,
- 0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
- 0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,
- 0x08,0x46,0x85,0x1D,0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,
- 0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,0xFA,0xF3,0x6B,0xC3,
- 0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
- 0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,
- 0xD5,0xEE,0x38,0x2B,0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,
- 0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,0x9E,0x30,0x50,0xE2,
- 0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
- 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_8192,sizeof(RFC3526_PRIME_8192),bn);
- }
-
+BIGNUM *
+get_rfc3526_prime_8192(BIGNUM *bn)
+{
+ static const unsigned char RFC3526_PRIME_8192[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
+ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
+ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
+ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
+ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
+ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
+ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2,
+ 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
+ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F,
+ 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
+ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB,
+ 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
+ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51,
+ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
+ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15,
+ 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
+ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31,
+ 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
+ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7,
+ 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
+ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2,
+ 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
+ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D,
+ 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
+ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7,
+ 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
+ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E,
+ 0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4,
+ 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, 0xBE, 0xC4, 0xD0,
+ 0x73, 0xB9, 0x31, 0xBA, 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00,
+ 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED, 0x25, 0x76, 0xF6, 0x93,
+ 0x6B, 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68,
+ 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, 0x16, 0xCB,
+ 0xE3, 0x9D, 0x65, 0x2D, 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9,
+ 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07, 0x13, 0xEB, 0x57, 0xA8,
+ 0x1A, 0x23, 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B,
+ 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, 0x7F,
+ 0xA2, 0xC0, 0x87, 0xE8, 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A,
+ 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, 0x6D, 0x2A, 0x13, 0xF8,
+ 0x3F, 0x44, 0xF8, 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36,
+ 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5,
+ 0x08, 0x46, 0x85, 0x1D, 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1,
+ 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, 0xFA, 0xF3, 0x6B, 0xC3,
+ 0x1E, 0xCF, 0xA2, 0x68, 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92,
+ 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E,
+ 0xD5, 0xEE, 0x38, 0x2B, 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47,
+ 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA, 0x9E, 0x30, 0x50, 0xE2,
+ 0x76, 0x56, 0x94, 0xDF, 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71,
+ 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn);
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
/***********/
/* A bundle of bignums that can be linked with other bundles */
-typedef struct bignum_pool_item
- {
+typedef struct bignum_pool_item {
/* The bignum values */
BIGNUM vals[BN_CTX_POOL_SIZE];
/* Linked-list admin */
struct bignum_pool_item *prev, *next;
- } BN_POOL_ITEM;
+} BN_POOL_ITEM;
+
/* A linked-list of bignums grouped in bundles */
-typedef struct bignum_pool
- {
+typedef struct bignum_pool {
/* Linked-list admin */
BN_POOL_ITEM *head, *current, *tail;
/* Stack depth and allocation size */
unsigned used, size;
- } BN_POOL;
+} BN_POOL;
+
static void BN_POOL_init(BN_POOL *);
static void BN_POOL_finish(BN_POOL *);
#ifndef OPENSSL_NO_DEPRECATED
/************/
/* A wrapper to manage the "stack frames" */
-typedef struct bignum_ctx_stack
- {
+typedef struct bignum_ctx_stack {
/* Array of indexes into the bignum stack */
unsigned int *indexes;
/* Number of stack frames, and the size of the allocated array */
unsigned int depth, size;
- } BN_STACK;
+} BN_STACK;
+
static void BN_STACK_init(BN_STACK *);
static void BN_STACK_finish(BN_STACK *);
#ifndef OPENSSL_NO_DEPRECATED
/**********/
/* The opaque BN_CTX type */
-struct bignum_ctx
- {
+struct bignum_ctx {
/* The bignum bundles */
BN_POOL pool;
/* The "stack frames", if you will */
int err_stack;
/* Block "gets" until an "end" (compatibility behaviour) */
int too_many;
- };
+};
/* Enable this to find BN_CTX bugs */
#ifdef BN_CTX_DEBUG
static const char *ctxdbg_cur = NULL;
-static void ctxdbg(BN_CTX *ctx)
- {
+
+static void
+ctxdbg(BN_CTX *ctx)
+{
unsigned int bnidx = 0, fpidx = 0;
BN_POOL_ITEM *item = ctx->pool.head;
BN_STACK *stack = &ctx->stack;
- fprintf(stderr,"(%08x): ", (unsigned int)ctx);
- while(bnidx < ctx->used)
- {
- fprintf(stderr,"%03x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
- if(!(bnidx % BN_CTX_POOL_SIZE))
+
+ fprintf(stderr, "(%08x): ", (unsigned int)ctx);
+ while (bnidx < ctx->used) {
+ fprintf(stderr, "%03x ",
+ item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
+ if (!(bnidx % BN_CTX_POOL_SIZE))
item = item->next;
- }
- fprintf(stderr,"\n");
+ }
+ fprintf(stderr, "\n");
bnidx = 0;
- fprintf(stderr," : ");
- while(fpidx < stack->depth)
- {
- while(bnidx++ < stack->indexes[fpidx])
- fprintf(stderr," ");
- fprintf(stderr,"^^^ ");
+ fprintf(stderr, " : ");
+ while (fpidx < stack->depth) {
+ while (bnidx++ < stack->indexes[fpidx])
+ fprintf(stderr, " ");
+ fprintf(stderr, "^^^ ");
bnidx++;
fpidx++;
- }
- fprintf(stderr,"\n");
}
+ fprintf(stderr, "\n");
+}
#define CTXDBG_ENTRY(str, ctx) do { \
ctxdbg_cur = (str); \
fprintf(stderr,"Starting %s\n", ctxdbg_cur); \
/* This function is an evil legacy and should not be used. This implementation
* is WYSIWYG, though I've done my best. */
#ifndef OPENSSL_NO_DEPRECATED
-void BN_CTX_init(BN_CTX *ctx)
- {
+void
+BN_CTX_init(BN_CTX *ctx)
+{
/* Assume the caller obtained the context via BN_CTX_new() and so is
* trying to reset it for use. Nothing else makes sense, least of all
* binary compatibility from a time when they could declare a static
ctx->used = 0;
ctx->err_stack = 0;
ctx->too_many = 0;
- }
+}
#endif
-BN_CTX *BN_CTX_new(void)
- {
+BN_CTX *
+BN_CTX_new(void)
+{
BN_CTX *ret = malloc(sizeof(BN_CTX));
- if(!ret)
- {
- BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
+ if (!ret) {
+ BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
- }
+ }
+
/* Initialise the structure */
BN_POOL_init(&ret->pool);
BN_STACK_init(&ret->stack);
ret->err_stack = 0;
ret->too_many = 0;
return ret;
- }
+}
-void BN_CTX_free(BN_CTX *ctx)
- {
+void
+BN_CTX_free(BN_CTX *ctx)
+{
if (ctx == NULL)
return;
#ifdef BN_CTX_DEBUG
{
- BN_POOL_ITEM *pool = ctx->pool.head;
- fprintf(stderr,"BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
- ctx->stack.size, ctx->pool.size);
- fprintf(stderr,"dmaxs: ");
- while(pool) {
- unsigned loop = 0;
- while(loop < BN_CTX_POOL_SIZE)
- fprintf(stderr,"%02x ", pool->vals[loop++].dmax);
- pool = pool->next;
- }
- fprintf(stderr,"\n");
+ BN_POOL_ITEM *pool = ctx->pool.head;
+ fprintf(stderr, "BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
+ ctx->stack.size, ctx->pool.size);
+ fprintf(stderr, "dmaxs: ");
+ while (pool) {
+ unsigned loop = 0;
+ while (loop < BN_CTX_POOL_SIZE)
+ fprintf(stderr, "%02x ",
+ pool->vals[loop++].dmax);
+ pool = pool->next;
+ }
+ fprintf(stderr, "\n");
}
#endif
BN_STACK_finish(&ctx->stack);
BN_POOL_finish(&ctx->pool);
free(ctx);
- }
+}
-void BN_CTX_start(BN_CTX *ctx)
- {
+void
+BN_CTX_start(BN_CTX *ctx)
+{
CTXDBG_ENTRY("BN_CTX_start", ctx);
+
/* If we're already overflowing ... */
- if(ctx->err_stack || ctx->too_many)
+ if (ctx->err_stack || ctx->too_many)
ctx->err_stack++;
/* (Try to) get a new frame pointer */
- else if(!BN_STACK_push(&ctx->stack, ctx->used))
- {
- BNerr(BN_F_BN_CTX_START,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+ else if (!BN_STACK_push(&ctx->stack, ctx->used)) {
+ BNerr(BN_F_BN_CTX_START, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
ctx->err_stack++;
- }
- CTXDBG_EXIT(ctx);
}
+ CTXDBG_EXIT(ctx);
+}
-void BN_CTX_end(BN_CTX *ctx)
- {
+void
+BN_CTX_end(BN_CTX *ctx)
+{
CTXDBG_ENTRY("BN_CTX_end", ctx);
- if(ctx->err_stack)
+
+ if (ctx->err_stack)
ctx->err_stack--;
- else
- {
+ else {
unsigned int fp = BN_STACK_pop(&ctx->stack);
/* Does this stack frame have anything to release? */
- if(fp < ctx->used)
+ if (fp < ctx->used)
BN_POOL_release(&ctx->pool, ctx->used - fp);
ctx->used = fp;
/* Unjam "too_many" in case "get" had failed */
ctx->too_many = 0;
- }
- CTXDBG_EXIT(ctx);
}
+ CTXDBG_EXIT(ctx);
+}
-BIGNUM *BN_CTX_get(BN_CTX *ctx)
- {
+BIGNUM *
+BN_CTX_get(BN_CTX *ctx)
+{
BIGNUM *ret;
+
CTXDBG_ENTRY("BN_CTX_get", ctx);
- if(ctx->err_stack || ctx->too_many) return NULL;
- if((ret = BN_POOL_get(&ctx->pool)) == NULL)
- {
+
+ if (ctx->err_stack || ctx->too_many)
+ return NULL;
+ if ((ret = BN_POOL_get(&ctx->pool)) == NULL) {
/* Setting too_many prevents repeated "get" attempts from
* cluttering the error stack. */
ctx->too_many = 1;
- BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+ BNerr(BN_F_BN_CTX_GET, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
return NULL;
- }
+ }
/* OK, make sure the returned bignum is "zero" */
BN_zero(ret);
ctx->used++;
CTXDBG_RET(ctx, ret);
return ret;
- }
+}
/************/
/* BN_STACK */
/************/
-static void BN_STACK_init(BN_STACK *st)
- {
+static void
+BN_STACK_init(BN_STACK *st)
+{
st->indexes = NULL;
st->depth = st->size = 0;
- }
+}
-static void BN_STACK_finish(BN_STACK *st)
- {
- if(st->size) free(st->indexes);
- }
+static void
+BN_STACK_finish(BN_STACK *st)
+{
+ if (st->size)
+ free(st->indexes);
+}
#ifndef OPENSSL_NO_DEPRECATED
-static void BN_STACK_reset(BN_STACK *st)
- {
+static void
+BN_STACK_reset(BN_STACK *st)
+{
st->depth = 0;
- }
+}
#endif
-static int BN_STACK_push(BN_STACK *st, unsigned int idx)
- {
- if(st->depth == st->size)
+static int
+BN_STACK_push(BN_STACK *st, unsigned int idx)
+{
+ if (st->depth == st->size)
/* Need to expand */
- {
+ {
unsigned int newsize = (st->size ?
- (st->size * 3 / 2) : BN_CTX_START_FRAMES);
+ (st->size * 3 / 2) : BN_CTX_START_FRAMES);
unsigned int *newitems = malloc(newsize *
- sizeof(unsigned int));
- if(!newitems) return 0;
- if(st->depth)
+ sizeof(unsigned int));
+ if (!newitems)
+ return 0;
+ if (st->depth)
memcpy(newitems, st->indexes, st->depth *
- sizeof(unsigned int));
- if(st->size) free(st->indexes);
+ sizeof(unsigned int));
+ if (st->size)
+ free(st->indexes);
st->indexes = newitems;
st->size = newsize;
- }
+ }
st->indexes[(st->depth)++] = idx;
return 1;
- }
+}
-static unsigned int BN_STACK_pop(BN_STACK *st)
- {
+static unsigned int
+BN_STACK_pop(BN_STACK *st)
+{
return st->indexes[--(st->depth)];
- }
+}
/***********/
/* BN_POOL */
/***********/
-static void BN_POOL_init(BN_POOL *p)
- {
+static void
+BN_POOL_init(BN_POOL *p)
+{
p->head = p->current = p->tail = NULL;
p->used = p->size = 0;
- }
+}
-static void BN_POOL_finish(BN_POOL *p)
- {
- while(p->head)
- {
+static void
+BN_POOL_finish(BN_POOL *p)
+{
+ while (p->head) {
unsigned int loop = 0;
BIGNUM *bn = p->head->vals;
- while(loop++ < BN_CTX_POOL_SIZE)
- {
- if(bn->d) BN_clear_free(bn);
+ while (loop++ < BN_CTX_POOL_SIZE) {
+ if (bn->d)
+ BN_clear_free(bn);
bn++;
- }
+ }
p->current = p->head->next;
free(p->head);
p->head = p->current;
- }
}
+}
#ifndef OPENSSL_NO_DEPRECATED
-static void BN_POOL_reset(BN_POOL *p)
- {
+static void
+BN_POOL_reset(BN_POOL *p)
+{
BN_POOL_ITEM *item = p->head;
- while(item)
- {
+ while (item) {
unsigned int loop = 0;
BIGNUM *bn = item->vals;
- while(loop++ < BN_CTX_POOL_SIZE)
- {
- if(bn->d) BN_clear(bn);
+ while (loop++ < BN_CTX_POOL_SIZE) {
+ if (bn->d)
+ BN_clear(bn);
bn++;
- }
- item = item->next;
}
+ item = item->next;
+ }
p->current = p->head;
p->used = 0;
- }
+}
#endif
-static BIGNUM *BN_POOL_get(BN_POOL *p)
- {
- if(p->used == p->size)
- {
+static BIGNUM *
+BN_POOL_get(BN_POOL *p)
+{
+ if (p->used == p->size) {
BIGNUM *bn;
unsigned int loop = 0;
BN_POOL_ITEM *item = malloc(sizeof(BN_POOL_ITEM));
- if(!item) return NULL;
+ if (!item)
+ return NULL;
/* Initialise the structure */
bn = item->vals;
- while(loop++ < BN_CTX_POOL_SIZE)
+ while (loop++ < BN_CTX_POOL_SIZE)
BN_init(bn++);
item->prev = p->tail;
item->next = NULL;
/* Link it in */
- if(!p->head)
+ if (!p->head)
p->head = p->current = p->tail = item;
- else
- {
+ else {
p->tail->next = item;
p->tail = item;
p->current = item;
- }
+ }
p->size += BN_CTX_POOL_SIZE;
p->used++;
/* Return the first bignum from the new pool */
return item->vals;
- }
- if(!p->used)
+ }
+ if (!p->used)
p->current = p->head;
- else if((p->used % BN_CTX_POOL_SIZE) == 0)
+ else if ((p->used % BN_CTX_POOL_SIZE) == 0)
p->current = p->current->next;
return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
- }
+}
-static void BN_POOL_release(BN_POOL *p, unsigned int num)
- {
+static void
+BN_POOL_release(BN_POOL *p, unsigned int num)
+{
unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;
+
p->used -= num;
- while(num--)
- {
+ while (num--) {
bn_check_top(p->current->vals + offset);
- if(!offset)
- {
+ if (!offset) {
offset = BN_CTX_POOL_SIZE - 1;
p->current = p->current->prev;
- }
- else
+ } else
offset--;
- }
}
-
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#include "bn_lcl.h"
#include <openssl/rand.h>
-static void *dummy=&dummy;
+static void *dummy = &dummy;
#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
- const BIGNUM *add, const BIGNUM *rem,
- void (*callback)(int,int,void *), void *cb_arg)
- {
+BIGNUM *
+BN_generate_prime(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+ const BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg)
+{
BN_GENCB cb;
- BIGNUM *rnd=NULL;
+ BIGNUM *rnd = NULL;
int found = 0;
BN_GENCB_set_old(&cb, callback, cb_arg);
- if (ret == NULL)
- {
- if ((rnd=BN_new()) == NULL) goto err;
- }
- else
- rnd=ret;
- if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
+ if (ret == NULL) {
+ if ((rnd = BN_new()) == NULL)
+ goto err;
+ } else
+ rnd = ret;
+ if (!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
goto err;
/* we have a prime :-) */
found = 1;
+
err:
- if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd);
- return(found ? rnd : NULL);
- }
+ if (!found && (ret == NULL) && (rnd != NULL))
+ BN_free(rnd);
+ return (found ? rnd : NULL);
+}
-int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *),
- BN_CTX *ctx_passed, void *cb_arg)
- {
+int
+BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int, void *),
+ BN_CTX *ctx_passed, void *cb_arg)
+{
BN_GENCB cb;
+
BN_GENCB_set_old(&cb, callback, cb_arg);
return BN_is_prime_ex(a, checks, ctx_passed, &cb);
- }
+}
-int BN_is_prime_fasttest(const BIGNUM *a, int checks,
- void (*callback)(int,int,void *),
- BN_CTX *ctx_passed, void *cb_arg,
- int do_trial_division)
- {
+int
+BN_is_prime_fasttest(const BIGNUM *a, int checks,
+ void (*callback)(int, int, void *), BN_CTX *ctx_passed, void *cb_arg,
+ int do_trial_division)
+{
BN_GENCB cb;
+
BN_GENCB_set_old(&cb, callback, cb_arg);
return BN_is_prime_fasttest_ex(a, checks, ctx_passed,
- do_trial_division, &cb);
- }
+ do_trial_division, &cb);
+}
#endif
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* rm->neg == num->neg (unless the remainder is zero)
* If 'dv' or 'rm' is NULL, the respective value is not returned.
*/
-int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
- BN_CTX *ctx)
- {
- int norm_shift,i,loop;
- BIGNUM *tmp,wnum,*snum,*sdiv,*res;
- BN_ULONG *resp,*wnump;
- BN_ULONG d0,d1;
- int num_n,div_n;
- int no_branch=0;
+int
+BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+ BN_CTX *ctx)
+{
+ int norm_shift, i, loop;
+ BIGNUM *tmp, wnum, *snum, *sdiv, *res;
+ BN_ULONG *resp, *wnump;
+ BN_ULONG d0, d1;
+ int num_n, div_n;
+ int no_branch = 0;
/* Invalid zero-padding would have particularly bad consequences
* in the case of 'num', so don't just rely on bn_check_top() for this one
* (bn_check_top() works only for BN_DEBUG builds) */
- if (num->top > 0 && num->d[num->top - 1] == 0)
- {
- BNerr(BN_F_BN_DIV,BN_R_NOT_INITIALIZED);
+ if (num->top > 0 && num->d[num->top - 1] == 0) {
+ BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED);
return 0;
- }
+ }
bn_check_top(num);
- if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0))
- {
- no_branch=1;
- }
+ if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) ||
+ (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) {
+ no_branch = 1;
+ }
bn_check_top(dv);
bn_check_top(rm);
/* bn_check_top(num); */ /* 'num' has been checked already */
bn_check_top(divisor);
- if (BN_is_zero(divisor))
- {
- BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
- return(0);
- }
+ if (BN_is_zero(divisor)) {
+ BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
+ return (0);
+ }
- if (!no_branch && BN_ucmp(num,divisor) < 0)
- {
- if (rm != NULL)
- { if (BN_copy(rm,num) == NULL) return(0); }
- if (dv != NULL) BN_zero(dv);
- return(1);
+ if (!no_branch && BN_ucmp(num, divisor) < 0) {
+ if (rm != NULL) {
+ if (BN_copy(rm, num) == NULL)
+ return (0);
}
+ if (dv != NULL)
+ BN_zero(dv);
+ return (1);
+ }
BN_CTX_start(ctx);
- tmp=BN_CTX_get(ctx);
- snum=BN_CTX_get(ctx);
- sdiv=BN_CTX_get(ctx);
+ tmp = BN_CTX_get(ctx);
+ snum = BN_CTX_get(ctx);
+ sdiv = BN_CTX_get(ctx);
if (dv == NULL)
- res=BN_CTX_get(ctx);
- else res=dv;
+ res = BN_CTX_get(ctx);
+ else
+ res = dv;
if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL)
goto err;
/* First we normalise the numbers */
- norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
- if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
- sdiv->neg=0;
- norm_shift+=BN_BITS2;
- if (!(BN_lshift(snum,num,norm_shift))) goto err;
- snum->neg=0;
+ norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2);
+ if (!(BN_lshift(sdiv, divisor, norm_shift)))
+ goto err;
+ sdiv->neg = 0;
+ norm_shift += BN_BITS2;
+ if (!(BN_lshift(snum, num, norm_shift)))
+ goto err;
+ snum->neg = 0;
- if (no_branch)
- {
+ if (no_branch) {
/* Since we don't know whether snum is larger than sdiv,
* we pad snum with enough zeroes without changing its
- * value.
+ * value.
*/
- if (snum->top <= sdiv->top+1)
- {
- if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err;
- for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0;
+ if (snum->top <= sdiv->top + 1) {
+ if (bn_wexpand(snum, sdiv->top + 2) == NULL)
+ goto err;
+ for (i = snum->top; i < sdiv->top + 2; i++)
+ snum->d[i] = 0;
snum->top = sdiv->top + 2;
- }
- else
- {
- if (bn_wexpand(snum, snum->top + 1) == NULL) goto err;
+ } else {
+ if (bn_wexpand(snum, snum->top + 1) == NULL)
+ goto err;
snum->d[snum->top] = 0;
snum->top ++;
- }
}
+ }
- div_n=sdiv->top;
- num_n=snum->top;
- loop=num_n-div_n;
+ div_n = sdiv->top;
+ num_n = snum->top;
+ loop = num_n - div_n;
/* Lets setup a 'window' into snum
* This is the part that corresponds to the current
* 'area' being divided */
- wnum.neg = 0;
- wnum.d = &(snum->d[loop]);
- wnum.top = div_n;
+ wnum.neg = 0;
+ wnum.d = &(snum->d[loop]);
+ wnum.top = div_n;
/* only needed when BN_ucmp messes up the values between top and max */
wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */
/* Get the top 2 words of sdiv */
/* div_n=sdiv->top; */
- d0=sdiv->d[div_n-1];
- d1=(div_n == 1)?0:sdiv->d[div_n-2];
+ d0 = sdiv->d[div_n - 1];
+ d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2];
/* pointer to the 'top' of snum */
- wnump= &(snum->d[num_n-1]);
+ wnump = &(snum->d[num_n - 1]);
/* Setup to 'res' */
- res->neg= (num->neg^divisor->neg);
- if (!bn_wexpand(res,(loop+1))) goto err;
- res->top=loop-no_branch;
- resp= &(res->d[loop-1]);
+ res->neg = (num->neg ^ divisor->neg);
+ if (!bn_wexpand(res, (loop + 1)))
+ goto err;
+ res->top = loop - no_branch;
+ resp = &(res->d[loop - 1]);
/* space for temp */
- if (!bn_wexpand(tmp,(div_n+1))) goto err;
+ if (!bn_wexpand(tmp, (div_n + 1)))
+ goto err;
- if (!no_branch)
- {
- if (BN_ucmp(&wnum,sdiv) >= 0)
- {
+ if (!no_branch) {
+ if (BN_ucmp(&wnum, sdiv) >= 0) {
/* If BN_DEBUG_RAND is defined BN_ucmp changes (via
* bn_pollute) the const bignum arguments =>
* clean the values between top and max again */
bn_clear_top2max(&wnum);
bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n);
- *resp=1;
- }
- else
+ *resp = 1;
+ } else
res->top--;
- }
+ }
/* if res->top == 0 then clear the neg value otherwise decrease
* the resp pointer */
else
resp--;
- for (i=0; i<loop-1; i++, wnump--, resp--)
- {
- BN_ULONG q,l0;
+ for (i = 0; i < loop - 1; i++, wnump--, resp--) {
+ BN_ULONG q, l0;
/* the first part of the loop uses the top two words of
* snum and sdiv to calculate a BN_ULONG q such that
* | wnum - sdiv * q | < sdiv */
#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
- BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
- q=bn_div_3_words(wnump,d1,d0);
+ BN_ULONG bn_div_3_words(BN_ULONG*, BN_ULONG, BN_ULONG);
+ q = bn_div_3_words(wnump, d1, d0);
#else
- BN_ULONG n0,n1,rem=0;
+ BN_ULONG n0, n1, rem = 0;
- n0=wnump[0];
- n1=wnump[-1];
+ n0 = wnump[0];
+ n1 = wnump[-1];
if (n0 == d0)
- q=BN_MASK2;
+ q = BN_MASK2;
else /* n0 < d0 */
- {
+ {
#ifdef BN_LLONG
BN_ULLONG t2;
#if defined(BN_DIV2W) && !defined(bn_div_words)
- q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
+ q = (BN_ULONG)(((((BN_ULLONG)n0) << BN_BITS2)|n1)/d0);
#else
- q=bn_div_words(n0,n1,d0);
+ q = bn_div_words(n0, n1, d0);
#endif
#ifndef REMAINDER_IS_ALREADY_CALCULATED
* rem doesn't have to be BN_ULLONG. The least we
* know it's less that d0, isn't it?
*/
- rem=(n1-q*d0)&BN_MASK2;
+ rem = (n1 - q * d0) & BN_MASK2;
#endif
- t2=(BN_ULLONG)d1*q;
+ t2 = (BN_ULLONG)d1*q;
- for (;;)
- {
- if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
+ for (;;) {
+ if (t2 <= ((((BN_ULLONG)rem) << BN_BITS2) |
+ wnump[-2]))
break;
q--;
rem += d0;
if (rem < d0) break; /* don't let rem overflow */
- t2 -= d1;
- }
+ t2 -= d1;
+ }
#else /* !BN_LLONG */
- BN_ULONG t2l,t2h;
+ BN_ULONG t2l, t2h;
- q=bn_div_words(n0,n1,d0);
+ q = bn_div_words(n0, n1, d0);
#ifndef REMAINDER_IS_ALREADY_CALCULATED
- rem=(n1-q*d0)&BN_MASK2;
+ rem = (n1 - q*d0)&BN_MASK2;
#endif
#if defined(BN_UMULT_LOHI)
- BN_UMULT_LOHI(t2l,t2h,d1,q);
+ BN_UMULT_LOHI(t2l, t2h, d1, q);
#elif defined(BN_UMULT_HIGH)
t2l = d1 * q;
- t2h = BN_UMULT_HIGH(d1,q);
+ t2h = BN_UMULT_HIGH(d1, q);
#else
{
- BN_ULONG ql, qh;
- t2l=LBITS(d1); t2h=HBITS(d1);
- ql =LBITS(q); qh =HBITS(q);
- mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
+ BN_ULONG ql, qh;
+ t2l = LBITS(d1);
+ t2h = HBITS(d1);
+ ql = LBITS(q);
+ qh = HBITS(q);
+ mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */
}
#endif
- for (;;)
- {
+ for (;;) {
if ((t2h < rem) ||
- ((t2h == rem) && (t2l <= wnump[-2])))
+ ((t2h == rem) && (t2l <= wnump[-2])))
break;
q--;
rem += d0;
- if (rem < d0) break; /* don't let rem overflow */
- if (t2l < d1) t2h--; t2l -= d1;
- }
-#endif /* !BN_LLONG */
+ if (rem < d0)
+ break; /* don't let rem overflow */
+ if (t2l < d1)
+ t2h--;
+ t2l -= d1;
}
+#endif /* !BN_LLONG */
+ }
#endif /* !BN_DIV3W */
- l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
- tmp->d[div_n]=l0;
+ l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q);
+ tmp->d[div_n] = l0;
wnum.d--;
- /* ingore top values of the bignums just sub the two
+ /* ingore top values of the bignums just sub the two
* BN_ULONG arrays with bn_sub_words */
- if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1))
- {
+ if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) {
/* Note: As we have considered only the leading
* two BN_ULONGs in the calculation of q, sdiv * q
* might be greater than wnum (but then (q-1) * sdiv
* that q != 0, but if q == 0 then tmp is
* zero anyway) */
(*wnump)++;
- }
+ }
/* store part of the result */
*resp = q;
- }
+ }
bn_correct_top(snum);
- if (rm != NULL)
- {
+ if (rm != NULL) {
/* Keep a copy of the neg flag in num because if rm==num
* BN_rshift() will overwrite it.
*/
int neg = num->neg;
- BN_rshift(rm,snum,norm_shift);
+ BN_rshift(rm, snum, norm_shift);
if (!BN_is_zero(rm))
rm->neg = neg;
bn_check_top(rm);
- }
- if (no_branch) bn_correct_top(res);
+ }
+ if (no_branch)
+ bn_correct_top(res);
BN_CTX_end(ctx);
- return(1);
+ return (1);
+
err:
bn_check_top(rm);
BN_CTX_end(ctx);
- return(0);
- }
+ return (0);
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
-static ERR_STRING_DATA BN_str_functs[]=
- {
-{ERR_FUNC(BN_F_BNRAND), "BNRAND"},
-{ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"},
-{ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"},
-{ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"},
-{ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"},
-{ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"},
-{ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"},
-{ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"},
-{ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"},
-{ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
-{ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"},
-{ERR_FUNC(BN_F_BN_DIV), "BN_div"},
-{ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"},
-{ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"},
-{ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
-{ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"},
-{ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
-{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"},
-{ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
-{ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"},
-{ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
-{ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"},
-{ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
-{ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
-{ERR_FUNC(BN_F_BN_NEW), "BN_new"},
-{ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
-{ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
-{ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
-{0,NULL}
- };
+static ERR_STRING_DATA BN_str_functs[]= {
+ {ERR_FUNC(BN_F_BNRAND), "BNRAND"},
+ {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"},
+ {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"},
+ {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"},
+ {ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"},
+ {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"},
+ {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"},
+ {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"},
+ {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"},
+ {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
+ {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"},
+ {ERR_FUNC(BN_F_BN_DIV), "BN_div"},
+ {ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"},
+ {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"},
+ {ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
+ {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"},
+ {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
+ {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
+ {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
+ {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
+ {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"},
+ {ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"},
+ {ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"},
+ {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
+ {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"},
+ {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
+ {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"},
+ {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
+ {ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
+ {ERR_FUNC(BN_F_BN_NEW), "BN_new"},
+ {ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
+ {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
+ {ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
+ {0, NULL}
+};
-static ERR_STRING_DATA BN_str_reasons[]=
- {
-{ERR_REASON(BN_R_ARG2_LT_ARG3) ,"arg2 lt arg3"},
-{ERR_REASON(BN_R_BAD_RECIPROCAL) ,"bad reciprocal"},
-{ERR_REASON(BN_R_BIGNUM_TOO_LONG) ,"bignum too long"},
-{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS),"called with even modulus"},
-{ERR_REASON(BN_R_DIV_BY_ZERO) ,"div by zero"},
-{ERR_REASON(BN_R_ENCODING_ERROR) ,"encoding error"},
-{ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),"expand on static bignum data"},
-{ERR_REASON(BN_R_INPUT_NOT_REDUCED) ,"input not reduced"},
-{ERR_REASON(BN_R_INVALID_LENGTH) ,"invalid length"},
-{ERR_REASON(BN_R_INVALID_RANGE) ,"invalid range"},
-{ERR_REASON(BN_R_NOT_A_SQUARE) ,"not a square"},
-{ERR_REASON(BN_R_NOT_INITIALIZED) ,"not initialized"},
-{ERR_REASON(BN_R_NO_INVERSE) ,"no inverse"},
-{ERR_REASON(BN_R_NO_SOLUTION) ,"no solution"},
-{ERR_REASON(BN_R_P_IS_NOT_PRIME) ,"p is not prime"},
-{ERR_REASON(BN_R_TOO_MANY_ITERATIONS) ,"too many iterations"},
-{ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"},
-{0,NULL}
- };
+static ERR_STRING_DATA BN_str_reasons[]= {
+ {ERR_REASON(BN_R_ARG2_LT_ARG3) , "arg2 lt arg3"},
+ {ERR_REASON(BN_R_BAD_RECIPROCAL) , "bad reciprocal"},
+ {ERR_REASON(BN_R_BIGNUM_TOO_LONG) , "bignum too long"},
+ {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"},
+ {ERR_REASON(BN_R_DIV_BY_ZERO) , "div by zero"},
+ {ERR_REASON(BN_R_ENCODING_ERROR) , "encoding error"},
+ {ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA), "expand on static bignum data"},
+ {ERR_REASON(BN_R_INPUT_NOT_REDUCED) , "input not reduced"},
+ {ERR_REASON(BN_R_INVALID_LENGTH) , "invalid length"},
+ {ERR_REASON(BN_R_INVALID_RANGE) , "invalid range"},
+ {ERR_REASON(BN_R_NOT_A_SQUARE) , "not a square"},
+ {ERR_REASON(BN_R_NOT_INITIALIZED) , "not initialized"},
+ {ERR_REASON(BN_R_NO_INVERSE) , "no inverse"},
+ {ERR_REASON(BN_R_NO_SOLUTION) , "no solution"},
+ {ERR_REASON(BN_R_P_IS_NOT_PRIME) , "p is not prime"},
+ {ERR_REASON(BN_R_TOO_MANY_ITERATIONS) , "too many iterations"},
+ {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES), "too many temporary variables"},
+ {0, NULL}
+};
#endif
-void ERR_load_BN_strings(void)
- {
+void
+ERR_load_BN_strings(void)
+{
#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(BN_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,BN_str_functs);
- ERR_load_strings(0,BN_str_reasons);
- }
-#endif
+ if (ERR_func_error_string(BN_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, BN_str_functs);
+ ERR_load_strings(0, BN_str_reasons);
}
+#endif
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#define TABLE_SIZE 32
/* this one works - simple but works */
-int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
- {
- int i,bits,ret=0;
- BIGNUM *v,*rr;
+int
+BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+ int i, bits, ret = 0;
+ BIGNUM *v, *rr;
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
- {
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
- BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;
- }
+ }
BN_CTX_start(ctx);
if ((r == a) || (r == p))
else
rr = r;
v = BN_CTX_get(ctx);
- if (rr == NULL || v == NULL) goto err;
+ if (rr == NULL || v == NULL)
+ goto err;
- if (BN_copy(v,a) == NULL) goto err;
- bits=BN_num_bits(p);
+ if (BN_copy(v, a) == NULL)
+ goto err;
+ bits = BN_num_bits(p);
- if (BN_is_odd(p))
- { if (BN_copy(rr,a) == NULL) goto err; }
- else { if (!BN_one(rr)) goto err; }
+ if (BN_is_odd(p)) {
+ if (BN_copy(rr, a) == NULL)
+ goto err;
+ } else {
+ if (!BN_one(rr))
+ goto err;
+ }
- for (i=1; i<bits; i++)
- {
- if (!BN_sqr(v,v,ctx)) goto err;
- if (BN_is_bit_set(p,i))
- {
- if (!BN_mul(rr,rr,v,ctx)) goto err;
- }
+ for (i = 1; i < bits; i++) {
+ if (!BN_sqr(v, v, ctx))
+ goto err;
+ if (BN_is_bit_set(p, i)) {
+ if (!BN_mul(rr, rr, v, ctx))
+ goto err;
}
- ret=1;
+ }
+ ret = 1;
+
err:
- if (r != rr) BN_copy(r,rr);
+ if (r != rr)
+ BN_copy(r, rr);
BN_CTX_end(ctx);
bn_check_top(r);
- return(ret);
- }
+ return (ret);
+}
-
-int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
- BN_CTX *ctx)
- {
+int
+BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx)
+{
int ret;
bn_check_top(a);
* BN_mod_exp_mont 33 .. 40 % [AMD K6-2, Linux, debug configuration]
* 55 .. 77 % [UltraSparc processor, but
* debug-solaris-sparcv8-gcc conf.]
- *
+ *
* BN_mod_exp_recp 50 .. 70 % [AMD K6-2, Linux, debug configuration]
* 62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
*
* a >= m. eay 07-May-97 */
/* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
- if (BN_is_odd(m))
- {
+ if (BN_is_odd(m)) {
# ifdef MONT_EXP_WORD
- if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0))
- {
+ if (a->top == 1 && !a->neg &&
+ (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) {
BN_ULONG A = a->d[0];
- ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);
- }
- else
+ ret = BN_mod_exp_mont_word(r, A,p, m,ctx, NULL);
+ } else
# endif
- ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL);
- }
- else
+ ret = BN_mod_exp_mont(r, a,p, m,ctx, NULL);
+ } else
#endif
#ifdef RECP_MUL_MOD
- { ret=BN_mod_exp_recp(r,a,p,m,ctx); }
+ {
+ ret = BN_mod_exp_recp(r, a,p, m, ctx);
+ }
#else
- { ret=BN_mod_exp_simple(r,a,p,m,ctx); }
+ {
+ ret = BN_mod_exp_simple(r, a,p, m, ctx);
+ }
#endif
bn_check_top(r);
- return(ret);
- }
-
-
-int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- int i,j,bits,ret=0,wstart,wend,window,wvalue;
- int start=1;
+ return (ret);
+}
+
+int
+BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx)
+{
+ int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+ int start = 1;
BIGNUM *aa;
/* Table of variables obtained from 'ctx' */
BIGNUM *val[TABLE_SIZE];
BN_RECP_CTX recp;
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
- {
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
- BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;
- }
+ }
- bits=BN_num_bits(p);
+ bits = BN_num_bits(p);
- if (bits == 0)
- {
+ if (bits == 0) {
ret = BN_one(r);
return ret;
- }
+ }
BN_CTX_start(ctx);
aa = BN_CTX_get(ctx);
val[0] = BN_CTX_get(ctx);
- if(!aa || !val[0]) goto err;
+ if (!aa || !val[0])
+ goto err;
BN_RECP_CTX_init(&recp);
- if (m->neg)
- {
+ if (m->neg) {
/* ignore sign of 'm' */
- if (!BN_copy(aa, m)) goto err;
+ if (!BN_copy(aa, m))
+ goto err;
aa->neg = 0;
- if (BN_RECP_CTX_set(&recp,aa,ctx) <= 0) goto err;
- }
- else
- {
- if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;
- }
+ if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0)
+ goto err;
+ } else {
+ if (BN_RECP_CTX_set(&recp, m, ctx) <= 0)
+ goto err;
+ }
- if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */
- if (BN_is_zero(val[0]))
- {
+ if (!BN_nnmod(val[0], a, m, ctx))
+ goto err; /* 1 */
+ if (BN_is_zero(val[0])) {
BN_zero(r);
ret = 1;
goto err;
- }
+ }
window = BN_window_bits_for_exponent_size(bits);
- if (window > 1)
- {
- if (!BN_mod_mul_reciprocal(aa,val[0],val[0],&recp,ctx))
+ if (window > 1) {
+ if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx))
goto err; /* 2 */
- j=1<<(window-1);
- for (i=1; i<j; i++)
- {
- if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul_reciprocal(val[i],val[i-1],
- aa,&recp,ctx))
+ j = 1 << (window - 1);
+ for (i = 1; i < j; i++) {
+ if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul_reciprocal(val[i], val[i - 1],
+ aa, &recp, ctx))
goto err;
- }
}
-
- start=1; /* This is used to avoid multiplication etc
- * when there is only the value '1' in the
- * buffer. */
- wvalue=0; /* The 'value' of the window */
- wstart=bits-1; /* The top bit of the window */
- wend=0; /* The bottom bit of the window */
+ }
- if (!BN_one(r)) goto err;
+ start = 1; /* This is used to avoid multiplication etc
+ * when there is only the value '1' in the
+ * buffer. */
+ wvalue = 0; /* The 'value' of the window */
+ wstart = bits - 1; /* The top bit of the window */
+ wend = 0; /* The bottom bit of the window */
- for (;;)
- {
- if (BN_is_bit_set(p,wstart) == 0)
- {
+ if (!BN_one(r))
+ goto err;
+
+ for (;;) {
+ if (BN_is_bit_set(p, wstart) == 0) {
if (!start)
- if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
- goto err;
- if (wstart == 0) break;
+ if (!BN_mod_mul_reciprocal(r, r,r, &recp, ctx))
+ goto err;
+ if (wstart == 0)
+ break;
wstart--;
continue;
- }
+ }
/* We now have wstart on a 'set' bit, we now need to work out
* how bit a window to do. To do this we need to scan
* forward until the last set bit before the end of the
* window */
- j=wstart;
- wvalue=1;
- wend=0;
- for (i=1; i<window; i++)
- {
- if (wstart-i < 0) break;
- if (BN_is_bit_set(p,wstart-i))
- {
- wvalue<<=(i-wend);
- wvalue|=1;
- wend=i;
- }
+ j = wstart;
+ wvalue = 1;
+ wend = 0;
+ for (i = 1; i < window; i++) {
+ if (wstart - i < 0)
+ break;
+ if (BN_is_bit_set(p, wstart - i)) {
+ wvalue <<= (i - wend);
+ wvalue |= 1;
+ wend = i;
}
+ }
/* wend is the size of the current window */
- j=wend+1;
+ j = wend + 1;
/* add the 'bytes above' */
if (!start)
- for (i=0; i<j; i++)
- {
- if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
+ for (i = 0; i < j; i++) {
+ if (!BN_mod_mul_reciprocal(r, r,r, &recp, ctx))
goto err;
- }
-
+ }
+
/* wvalue will be an odd number < 2^window */
- if (!BN_mod_mul_reciprocal(r,r,val[wvalue>>1],&recp,ctx))
+ if (!BN_mod_mul_reciprocal(r, r,val[wvalue >> 1], &recp, ctx))
goto err;
/* move the 'window' down further */
- wstart-=wend+1;
- wvalue=0;
- start=0;
- if (wstart < 0) break;
- }
- ret=1;
+ wstart -= wend + 1;
+ wvalue = 0;
+ start = 0;
+ if (wstart < 0)
+ break;
+ }
+ ret = 1;
+
err:
BN_CTX_end(ctx);
BN_RECP_CTX_free(&recp);
bn_check_top(r);
- return(ret);
- }
-
-
-int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- int i,j,bits,ret=0,wstart,wend,window,wvalue;
- int start=1;
- BIGNUM *d,*r;
+ return (ret);
+}
+
+int
+BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+ int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+ int start = 1;
+ BIGNUM *d, *r;
const BIGNUM *aa;
/* Table of variables obtained from 'ctx' */
BIGNUM *val[TABLE_SIZE];
- BN_MONT_CTX *mont=NULL;
+ BN_MONT_CTX *mont = NULL;
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
- {
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
- }
+ }
bn_check_top(a);
bn_check_top(p);
bn_check_top(m);
- if (!BN_is_odd(m))
- {
- BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
- return(0);
- }
- bits=BN_num_bits(p);
- if (bits == 0)
- {
+ if (!BN_is_odd(m)) {
+ BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
+ return (0);
+ }
+ bits = BN_num_bits(p);
+ if (bits == 0) {
ret = BN_one(rr);
return ret;
- }
+ }
BN_CTX_start(ctx);
d = BN_CTX_get(ctx);
r = BN_CTX_get(ctx);
val[0] = BN_CTX_get(ctx);
- if (!d || !r || !val[0]) goto err;
+ if (!d || !r || !val[0])
+ goto err;
/* If this is not done, things will break in the montgomery
* part */
if (in_mont != NULL)
- mont=in_mont;
- else
- {
- if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
- if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
- }
+ mont = in_mont;
+ else {
+ if ((mont = BN_MONT_CTX_new()) == NULL)
+ goto err;
+ if (!BN_MONT_CTX_set(mont, m, ctx))
+ goto err;
+ }
- if (a->neg || BN_ucmp(a,m) >= 0)
- {
- if (!BN_nnmod(val[0],a,m,ctx))
+ if (a->neg || BN_ucmp(a, m) >= 0) {
+ if (!BN_nnmod(val[0], a,m, ctx))
goto err;
- aa= val[0];
- }
- else
- aa=a;
- if (BN_is_zero(aa))
- {
+ aa = val[0];
+ } else
+ aa = a;
+ if (BN_is_zero(aa)) {
BN_zero(rr);
ret = 1;
goto err;
- }
- if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */
+ }
+ if (!BN_to_montgomery(val[0], aa, mont, ctx))
+ goto err; /* 1 */
window = BN_window_bits_for_exponent_size(bits);
- if (window > 1)
- {
- if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */
- j=1<<(window-1);
- for (i=1; i<j; i++)
- {
- if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul_montgomery(val[i],val[i-1],
- d,mont,ctx))
+ if (window > 1) {
+ if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx))
+ goto err; /* 2 */
+ j = 1 << (window - 1);
+ for (i = 1; i < j; i++) {
+ if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul_montgomery(val[i], val[i - 1],
+ d, mont, ctx))
goto err;
- }
}
+ }
- start=1; /* This is used to avoid multiplication etc
- * when there is only the value '1' in the
- * buffer. */
- wvalue=0; /* The 'value' of the window */
- wstart=bits-1; /* The top bit of the window */
- wend=0; /* The bottom bit of the window */
+ start = 1; /* This is used to avoid multiplication etc
+ * when there is only the value '1' in the
+ * buffer. */
+ wvalue = 0; /* The 'value' of the window */
+ wstart = bits - 1; /* The top bit of the window */
+ wend = 0; /* The bottom bit of the window */
- if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
- for (;;)
- {
- if (BN_is_bit_set(p,wstart) == 0)
- {
- if (!start)
- {
- if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
- goto err;
- }
- if (wstart == 0) break;
+ if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+ goto err;
+ for (;;) {
+ if (BN_is_bit_set(p, wstart) == 0) {
+ if (!start) {
+ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+ goto err;
+ }
+ if (wstart == 0)
+ break;
wstart--;
continue;
- }
+ }
/* We now have wstart on a 'set' bit, we now need to work out
* how bit a window to do. To do this we need to scan
* forward until the last set bit before the end of the
* window */
- j=wstart;
- wvalue=1;
- wend=0;
- for (i=1; i<window; i++)
- {
- if (wstart-i < 0) break;
- if (BN_is_bit_set(p,wstart-i))
- {
- wvalue<<=(i-wend);
- wvalue|=1;
- wend=i;
- }
+ j = wstart;
+ wvalue = 1;
+ wend = 0;
+ for (i = 1; i < window; i++) {
+ if (wstart - i < 0)
+ break;
+ if (BN_is_bit_set(p, wstart - i)) {
+ wvalue <<= (i - wend);
+ wvalue |= 1;
+ wend = i;
}
+ }
/* wend is the size of the current window */
- j=wend+1;
+ j = wend + 1;
/* add the 'bytes above' */
if (!start)
- for (i=0; i<j; i++)
- {
- if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
+ for (i = 0; i < j; i++) {
+ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
goto err;
- }
-
+ }
+
/* wvalue will be an odd number < 2^window */
- if (!BN_mod_mul_montgomery(r,r,val[wvalue>>1],mont,ctx))
+ if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx))
goto err;
/* move the 'window' down further */
- wstart-=wend+1;
- wvalue=0;
- start=0;
- if (wstart < 0) break;
- }
- if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
- ret=1;
+ wstart -= wend + 1;
+ wvalue = 0;
+ start = 0;
+ if (wstart < 0)
+ break;
+ }
+ if (!BN_from_montgomery(rr, r,mont, ctx))
+ goto err;
+ ret = 1;
+
err:
- if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+ if ((in_mont == NULL) && (mont != NULL))
+ BN_MONT_CTX_free(mont);
BN_CTX_end(ctx);
bn_check_top(rr);
- return(ret);
- }
+ return (ret);
+}
/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout
* as cache lines are concerned. The following functions are used to transfer a BIGNUM
* from/to that table. */
-static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top, unsigned char *buf, int idx, int width)
- {
+static int
+MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top, unsigned char *buf,
+ int idx, int width)
+{
size_t i, j;
if (top > b->top)
top = b->top; /* this works because 'buf' is explicitly zeroed */
- for (i = 0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
- {
+ for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
buf[j] = ((unsigned char*)b->d)[i];
- }
+ }
return 1;
- }
+}
-static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
- {
+static int
+MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx,
+ int width)
+{
size_t i, j;
if (bn_wexpand(b, top) == NULL)
return 0;
- for (i=0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
- {
+ for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
((unsigned char*)b->d)[i] = buf[j];
- }
+ }
b->top = top;
bn_correct_top(b);
return 1;
- }
+}
/* Given a pointer value, compute the next address that is a cache line multiple. */
#define MOD_EXP_CTIME_ALIGN(x_) \
* pointed out by Colin Percival,
* http://www.daemonology.net/hyperthreading-considered-harmful/)
*/
-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- int i,bits,ret=0,window,wvalue;
+int
+BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+ int i, bits, ret = 0, window, wvalue;
int top;
- BN_MONT_CTX *mont=NULL;
-
+ BN_MONT_CTX *mont = NULL;
int numPowers;
- unsigned char *powerbufFree=NULL;
+ unsigned char *powerbufFree = NULL;
int powerbufLen = 0;
- unsigned char *powerbuf=NULL;
+ unsigned char *powerbuf = NULL;
BIGNUM tmp, am;
bn_check_top(a);
top = m->top;
- if (!(m->d[0] & 1))
- {
- BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,BN_R_CALLED_WITH_EVEN_MODULUS);
- return(0);
- }
- bits=BN_num_bits(p);
- if (bits == 0)
- {
+ if (!(m->d[0] & 1)) {
+ BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,
+ BN_R_CALLED_WITH_EVEN_MODULUS);
+ return (0);
+ }
+ bits = BN_num_bits(p);
+ if (bits == 0) {
ret = BN_one(rr);
return ret;
- }
+ }
BN_CTX_start(ctx);
* If this is not done, things will break in the montgomery part.
*/
if (in_mont != NULL)
- mont=in_mont;
- else
- {
- if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
- if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
- }
+ mont = in_mont;
+ else {
+ if ((mont = BN_MONT_CTX_new()) == NULL)
+ goto err;
+ if (!BN_MONT_CTX_set(mont, m, ctx))
+ goto err;
+ }
/* Get the window size to use with size of p. */
window = BN_window_bits_for_ctime_exponent_size(bits);
#if defined(OPENSSL_BN_ASM_MONT5)
- if (window==6 && bits<=1024) window=5; /* ~5% improvement of 2048-bit RSA sign */
+ if (window == 6 && bits <= 1024)
+ window = 5; /* ~5% improvement of 2048-bit RSA sign */
#endif
/* Allocate a buffer large enough to hold all of the pre-computed
* powers of am, am itself and tmp.
*/
numPowers = 1 << window;
- powerbufLen = sizeof(m->d[0])*(top*numPowers +
- ((2*top)>numPowers?(2*top):numPowers));
+ powerbufLen = sizeof(m->d[0]) * (top * numPowers +
+ ((2*top) > numPowers ? (2*top) : numPowers));
#ifdef alloca
if (powerbufLen < 3072)
- powerbufFree = alloca(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
+ powerbufFree = alloca(powerbufLen +
+ MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
else
#endif
- if ((powerbufFree=(unsigned char*)malloc(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
+ if ((powerbufFree = (unsigned char*)malloc(powerbufLen +
+ MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
goto err;
-
+
powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
memset(powerbuf, 0, powerbufLen);
#endif
/* lay down tmp and am right after powers table */
- tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0])*top*numPowers);
- am.d = tmp.d + top;
- tmp.top = am.top = 0;
- tmp.dmax = am.dmax = top;
- tmp.neg = am.neg = 0;
+ tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers);
+ am.d = tmp.d + top;
+ tmp.top = am.top = 0;
+ tmp.dmax = am.dmax = top;
+ tmp.neg = am.neg = 0;
tmp.flags = am.flags = BN_FLG_STATIC_DATA;
/* prepare a^0 in Montgomery domain */
#if 1
- if (!BN_to_montgomery(&tmp,BN_value_one(),mont,ctx)) goto err;
+ if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx))
+ goto err;
#else
- tmp.d[0] = (0-m->d[0])&BN_MASK2; /* 2^(top*BN_BITS2) - m */
- for (i=1;i<top;i++)
- tmp.d[i] = (~m->d[i])&BN_MASK2;
+ tmp.d[0] = (0 - m - >d[0]) & BN_MASK2; /* 2^(top*BN_BITS2) - m */
+ for (i = 1; i < top; i++)
+ tmp.d[i] = (~m->d[i]) & BN_MASK2;
tmp.top = top;
#endif
/* prepare a^1 in Montgomery domain */
- if (a->neg || BN_ucmp(a,m) >= 0)
- {
- if (!BN_mod(&am,a,m,ctx)) goto err;
- if (!BN_to_montgomery(&am,&am,mont,ctx)) goto err;
- }
- else if (!BN_to_montgomery(&am,a,mont,ctx)) goto err;
+ if (a->neg || BN_ucmp(a, m) >= 0) {
+ if (!BN_mod(&am, a,m, ctx))
+ goto err;
+ if (!BN_to_montgomery(&am, &am, mont, ctx))
+ goto err;
+ } else if (!BN_to_montgomery(&am, a,mont, ctx))
+ goto err;
#if defined(OPENSSL_BN_ASM_MONT5)
- /* This optimization uses ideas from http://eprint.iacr.org/2011/239,
- * specifically optimization of cache-timing attack countermeasures
- * and pre-computation optimization. */
-
- /* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
- * 512-bit RSA is hardly relevant, we omit it to spare size... */
- if (window==5)
- {
- void bn_mul_mont_gather5(BN_ULONG *rp,const BN_ULONG *ap,
- const void *table,const BN_ULONG *np,
- const BN_ULONG *n0,int num,int power);
- void bn_scatter5(const BN_ULONG *inp,size_t num,
- void *table,size_t power);
- void bn_gather5(BN_ULONG *out,size_t num,
- void *table,size_t power);
-
- BN_ULONG *np=mont->N.d, *n0=mont->n0;
-
- /* BN_to_montgomery can contaminate words above .top
- * [in BN_DEBUG[_DEBUG] build]... */
- for (i=am.top; i<top; i++) am.d[i]=0;
- for (i=tmp.top; i<top; i++) tmp.d[i]=0;
-
- bn_scatter5(tmp.d,top,powerbuf,0);
- bn_scatter5(am.d,am.top,powerbuf,1);
- bn_mul_mont(tmp.d,am.d,am.d,np,n0,top);
- bn_scatter5(tmp.d,top,powerbuf,2);
+ /* This optimization uses ideas from http://eprint.iacr.org/2011/239,
+ * specifically optimization of cache-timing attack countermeasures
+ * and pre-computation optimization. */
+
+ /* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
+ * 512-bit RSA is hardly relevant, we omit it to spare size... */
+ if (window == 5) {
+ void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
+ const void *table, const BN_ULONG *np,
+ const BN_ULONG *n0, int num, int power);
+ void bn_scatter5(const BN_ULONG *inp, size_t num,
+ void *table, size_t power);
+ void bn_gather5(BN_ULONG *out, size_t num,
+ void *table, size_t power);
+
+ BN_ULONG *np = mont->N.d, *n0 = mont->n0;
+
+ /* BN_to_montgomery can contaminate words above .top
+ * [in BN_DEBUG[_DEBUG] build]... */
+ for (i = am.top; i < top; i++)
+ am.d[i] = 0;
+ for (i = tmp.top; i < top; i++)
+ tmp.d[i] = 0;
+
+ bn_scatter5(tmp.d, top, powerbuf, 0);
+ bn_scatter5(am.d, am.top, powerbuf, 1);
+ bn_mul_mont(tmp.d, am.d, am.d, np, n0, top);
+ bn_scatter5(tmp.d, top, powerbuf, 2);
#if 0
- for (i=3; i<32; i++)
- {
- /* Calculate a^i = a^(i-1) * a */
- bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1);
- bn_scatter5(tmp.d,top,powerbuf,i);
+ for (i = 3; i < 32; i++) {
+ /* Calculate a^i = a^(i-1) * a */
+ bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np,
+ n0, top, i - 1);
+ bn_scatter5(tmp.d, top, powerbuf, i);
}
#else
- /* same as above, but uses squaring for 1/2 of operations */
- for (i=4; i<32; i*=2)
- {
- bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
- bn_scatter5(tmp.d,top,powerbuf,i);
+ /* same as above, but uses squaring for 1/2 of operations */
+ for (i = 4; i < 32; i*=2) {
+ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+ bn_scatter5(tmp.d, top, powerbuf, i);
}
- for (i=3; i<8; i+=2)
- {
- int j;
- bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1);
- bn_scatter5(tmp.d,top,powerbuf,i);
- for (j=2*i; j<32; j*=2)
- {
- bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
- bn_scatter5(tmp.d,top,powerbuf,j);
+ for (i = 3; i < 8; i += 2) {
+ int j;
+ bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np,
+ n0, top, i - 1);
+ bn_scatter5(tmp.d, top, powerbuf, i);
+ for (j = 2 * i; j < 32; j *= 2) {
+ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+ bn_scatter5(tmp.d, top, powerbuf, j);
}
}
- for (; i<16; i+=2)
- {
- bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1);
- bn_scatter5(tmp.d,top,powerbuf,i);
- bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
- bn_scatter5(tmp.d,top,powerbuf,2*i);
+ for (; i < 16; i += 2) {
+ bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np,
+ n0, top, i - 1);
+ bn_scatter5(tmp.d, top, powerbuf, i);
+ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+ bn_scatter5(tmp.d, top, powerbuf, 2*i);
}
- for (; i<32; i+=2)
- {
- bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1);
- bn_scatter5(tmp.d,top,powerbuf,i);
+ for (; i < 32; i += 2) {
+ bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np,
+ n0, top, i - 1);
+ bn_scatter5(tmp.d, top, powerbuf, i);
}
#endif
- bits--;
- for (wvalue=0, i=bits%5; i>=0; i--,bits--)
- wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
- bn_gather5(tmp.d,top,powerbuf,wvalue);
+ bits--;
+ for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--)
+ wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+ bn_gather5(tmp.d, top, powerbuf, wvalue);
- /* Scan the exponent one window at a time starting from the most
- * significant bits.
- */
- while (bits >= 0)
- {
- for (wvalue=0, i=0; i<5; i++,bits--)
- wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
-
- bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
- bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
- bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
- bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
- bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
- bn_mul_mont_gather5(tmp.d,tmp.d,powerbuf,np,n0,top,wvalue);
+ /* Scan the exponent one window at a time starting from the most
+ * significant bits.
+ */
+ while (bits >= 0) {
+ for (wvalue = 0, i = 0; i < 5; i++, bits--)
+ wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+
+ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+ bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top, wvalue);
}
- tmp.top=top;
- bn_correct_top(&tmp);
- }
- else
+ tmp.top = top;
+ bn_correct_top(&tmp);
+ } else
#endif
{
- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, numPowers)) goto err;
- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, numPowers)) goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0,
+ numPowers))
+ goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1,
+ numPowers))
+ goto err;
- /* If the window size is greater than 1, then calculate
- * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)
- * (even powers could instead be computed as (a^(i/2))^2
- * to use the slight performance advantage of sqr over mul).
- */
- if (window > 1)
- {
- if (!BN_mod_mul_montgomery(&tmp,&am,&am,mont,ctx)) goto err;
- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2, numPowers)) goto err;
- for (i=3; i<numPowers; i++)
- {
- /* Calculate a^i = a^(i-1) * a */
- if (!BN_mod_mul_montgomery(&tmp,&am,&tmp,mont,ctx))
+ /* If the window size is greater than 1, then calculate
+ * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)
+ * (even powers could instead be computed as (a^(i/2))^2
+ * to use the slight performance advantage of sqr over mul).
+ */
+ if (window > 1) {
+ if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
+ goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf,
+ 2, numPowers))
goto err;
- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i, numPowers)) goto err;
+ for (i = 3; i < numPowers; i++) {
+ /* Calculate a^i = a^(i-1) * a */
+ if (!BN_mod_mul_montgomery(&tmp, &am, &tmp,
+ mont, ctx))
+ goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top,
+ powerbuf, i, numPowers))
+ goto err;
}
}
- bits--;
- for (wvalue=0, i=bits%window; i>=0; i--,bits--)
- wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
- if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp,top,powerbuf,wvalue,numPowers)) goto err;
-
- /* Scan the exponent one window at a time starting from the most
- * significant bits.
- */
- while (bits >= 0)
- {
- wvalue=0; /* The 'value' of the window */
-
- /* Scan the window, squaring the result as we go */
- for (i=0; i<window; i++,bits--)
- {
- if (!BN_mod_mul_montgomery(&tmp,&tmp,&tmp,mont,ctx)) goto err;
- wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
- }
-
- /* Fetch the appropriate pre-computed value from the pre-buf */
- if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue, numPowers)) goto err;
-
- /* Multiply the result into the intermediate result */
- if (!BN_mod_mul_montgomery(&tmp,&tmp,&am,mont,ctx)) goto err;
- }
+ bits--;
+ for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
+ wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+ if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf,
+ wvalue, numPowers))
+ goto err;
+
+ /* Scan the exponent one window at a time starting from the most
+ * significant bits.
+ */
+ while (bits >= 0) {
+ wvalue = 0; /* The 'value' of the window */
+
+ /* Scan the window, squaring the result as we go */
+ for (i = 0; i < window; i++, bits--) {
+ if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp,
+ mont, ctx))
+ goto err;
+ wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+ }
+
+ /* Fetch the appropriate pre-computed value from the pre-buf */
+ if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf,
+ wvalue, numPowers))
+ goto err;
+
+ /* Multiply the result into the intermediate result */
+ if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx))
+ goto err;
+ }
}
- /* Convert the final result from montgomery to standard format */
- if (!BN_from_montgomery(rr,&tmp,mont,ctx)) goto err;
- ret=1;
+ /* Convert the final result from montgomery to standard format */
+ if (!BN_from_montgomery(rr, &tmp, mont, ctx))
+ goto err;
+ ret = 1;
+
err:
- if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
- if (powerbuf!=NULL)
- {
- OPENSSL_cleanse(powerbuf,powerbufLen);
- if (powerbufFree) free(powerbufFree);
- }
- BN_CTX_end(ctx);
- return(ret);
+ if ((in_mont == NULL) && (mont != NULL))
+ BN_MONT_CTX_free(mont);
+ if (powerbuf != NULL) {
+ OPENSSL_cleanse(powerbuf, powerbufLen);
+ if (powerbufFree)
+ free(powerbufFree);
}
+ BN_CTX_end(ctx);
+ return (ret);
+}
-int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
+int
+BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
BN_MONT_CTX *mont = NULL;
- int b, bits, ret=0;
+ int b, bits, ret = 0;
int r_is_one;
BN_ULONG w, next_w;
BIGNUM *d, *r, *t;
BIGNUM *swap_tmp;
+
#define BN_MOD_MUL_WORD(r, w, m) \
(BN_mul_word(r, (w)) && \
(/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \
#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
(BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
- {
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
- BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ BNerr(BN_F_BN_MOD_EXP_MONT_WORD,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;
- }
+ }
bn_check_top(p);
bn_check_top(m);
- if (!BN_is_odd(m))
- {
- BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS);
- return(0);
- }
+ if (!BN_is_odd(m)) {
+ BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS);
+ return (0);
+ }
if (m->top == 1)
a %= m->d[0]; /* make sure that 'a' is reduced */
-
- bits = BN_num_bits(p);
- if (bits == 0)
- {
+ bits = BN_num_bits(p);
+ if (bits == 0) {
ret = BN_one(rr);
return ret;
- }
- if (a == 0)
- {
+ }
+ if (a == 0) {
BN_zero(rr);
ret = 1;
return ret;
- }
+ }
BN_CTX_start(ctx);
d = BN_CTX_get(ctx);
r = BN_CTX_get(ctx);
t = BN_CTX_get(ctx);
- if (d == NULL || r == NULL || t == NULL) goto err;
+ if (d == NULL || r == NULL || t == NULL)
+ goto err;
if (in_mont != NULL)
- mont=in_mont;
- else
- {
- if ((mont = BN_MONT_CTX_new()) == NULL) goto err;
- if (!BN_MONT_CTX_set(mont, m, ctx)) goto err;
- }
+ mont = in_mont;
+ else {
+ if ((mont = BN_MONT_CTX_new()) == NULL)
+ goto err;
+ if (!BN_MONT_CTX_set(mont, m, ctx))
+ goto err;
+ }
r_is_one = 1; /* except for Montgomery factor */
/* The result is accumulated in the product r*w. */
w = a; /* bit 'bits-1' of 'p' is always set */
- for (b = bits-2; b >= 0; b--)
- {
+ for (b = bits - 2; b >= 0; b--) {
/* First, square r*w. */
- next_w = w*w;
- if ((next_w/w) != w) /* overflow */
- {
- if (r_is_one)
- {
- if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+ next_w = w * w;
+ if ((next_w / w) != w) /* overflow */
+ {
+ if (r_is_one) {
+ if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+ goto err;
r_is_one = 0;
- }
- else
- {
- if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
- }
- next_w = 1;
+ } else {
+ if (!BN_MOD_MUL_WORD(r, w, m))
+ goto err;
}
+ next_w = 1;
+ }
w = next_w;
- if (!r_is_one)
- {
- if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err;
- }
+ if (!r_is_one) {
+ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+ goto err;
+ }
/* Second, multiply r*w by 'a' if exponent bit is set. */
- if (BN_is_bit_set(p, b))
+ if (BN_is_bit_set(p, b)) {
+ next_w = w * a;
+ if ((next_w / a) != w) /* overflow */
{
- next_w = w*a;
- if ((next_w/a) != w) /* overflow */
- {
- if (r_is_one)
- {
- if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+ if (r_is_one) {
+ if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+ goto err;
r_is_one = 0;
- }
- else
- {
- if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
- }
- next_w = a;
+ } else {
+ if (!BN_MOD_MUL_WORD(r, w, m))
+ goto err;
}
- w = next_w;
+ next_w = a;
}
+ w = next_w;
}
+ }
/* Finally, set r:=r*w. */
- if (w != 1)
- {
- if (r_is_one)
- {
- if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+ if (w != 1) {
+ if (r_is_one) {
+ if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+ goto err;
r_is_one = 0;
- }
- else
- {
- if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
- }
+ } else {
+ if (!BN_MOD_MUL_WORD(r, w, m))
+ goto err;
}
+ }
if (r_is_one) /* can happen only if a == 1*/
- {
- if (!BN_one(rr)) goto err;
- }
- else
- {
- if (!BN_from_montgomery(rr, r, mont, ctx)) goto err;
- }
+ {
+ if (!BN_one(rr))
+ goto err;
+ } else {
+ if (!BN_from_montgomery(rr, r, mont, ctx))
+ goto err;
+ }
ret = 1;
+
err:
- if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+ if ((in_mont == NULL) && (mont != NULL))
+ BN_MONT_CTX_free(mont);
BN_CTX_end(ctx);
bn_check_top(rr);
- return(ret);
- }
+ return (ret);
+}
/* The old fallback, simple version :-) */
-int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- int i,j,bits,ret=0,wstart,wend,window,wvalue;
- int start=1;
+int
+BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx)
+{
+ int i, j,bits, ret = 0, wstart, wend, window, wvalue;
+ int start = 1;
BIGNUM *d;
/* Table of variables obtained from 'ctx' */
BIGNUM *val[TABLE_SIZE];
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
- {
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
- BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ BNerr(BN_F_BN_MOD_EXP_SIMPLE,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;
- }
+ }
- bits=BN_num_bits(p);
+ bits = BN_num_bits(p);
- if (bits == 0)
- {
+ if (bits == 0) {
ret = BN_one(r);
return ret;
- }
+ }
BN_CTX_start(ctx);
d = BN_CTX_get(ctx);
val[0] = BN_CTX_get(ctx);
- if(!d || !val[0]) goto err;
+ if (!d || !val[0])
+ goto err;
- if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */
- if (BN_is_zero(val[0]))
- {
+ if (!BN_nnmod(val[0],a,m,ctx))
+ goto err; /* 1 */
+ if (BN_is_zero(val[0])) {
BN_zero(r);
ret = 1;
goto err;
- }
+ }
window = BN_window_bits_for_exponent_size(bits);
- if (window > 1)
- {
- if (!BN_mod_mul(d,val[0],val[0],m,ctx))
+ if (window > 1) {
+ if (!BN_mod_mul(d, val[0], val[0], m, ctx))
goto err; /* 2 */
- j=1<<(window-1);
- for (i=1; i<j; i++)
- {
- if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul(val[i],val[i-1],d,m,ctx))
+ j = 1 << (window - 1);
+ for (i = 1; i < j; i++) {
+ if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul(val[i], val[i - 1], d,m, ctx))
goto err;
- }
}
+ }
- start=1; /* This is used to avoid multiplication etc
- * when there is only the value '1' in the
- * buffer. */
- wvalue=0; /* The 'value' of the window */
- wstart=bits-1; /* The top bit of the window */
- wend=0; /* The bottom bit of the window */
+ start = 1; /* This is used to avoid multiplication etc
+ * when there is only the value '1' in the
+ * buffer. */
+ wvalue = 0; /* The 'value' of the window */
+ wstart = bits - 1; /* The top bit of the window */
+ wend = 0; /* The bottom bit of the window */
- if (!BN_one(r)) goto err;
+ if (!BN_one(r))
+ goto err;
- for (;;)
- {
- if (BN_is_bit_set(p,wstart) == 0)
- {
+ for (;;) {
+ if (BN_is_bit_set(p, wstart) == 0) {
if (!start)
- if (!BN_mod_mul(r,r,r,m,ctx))
- goto err;
- if (wstart == 0) break;
+ if (!BN_mod_mul(r, r, r, m, ctx))
+ goto err;
+ if (wstart == 0)
+ break;
wstart--;
continue;
- }
+ }
/* We now have wstart on a 'set' bit, we now need to work out
* how bit a window to do. To do this we need to scan
* forward until the last set bit before the end of the
* window */
- j=wstart;
- wvalue=1;
- wend=0;
- for (i=1; i<window; i++)
- {
- if (wstart-i < 0) break;
- if (BN_is_bit_set(p,wstart-i))
- {
- wvalue<<=(i-wend);
- wvalue|=1;
- wend=i;
- }
+ j = wstart;
+ wvalue = 1;
+ wend = 0;
+ for (i = 1; i < window; i++) {
+ if (wstart - i < 0)
+ break;
+ if (BN_is_bit_set(p, wstart - i)) {
+ wvalue <<= (i - wend);
+ wvalue |= 1;
+ wend = i;
}
+ }
/* wend is the size of the current window */
- j=wend+1;
+ j = wend + 1;
/* add the 'bytes above' */
if (!start)
- for (i=0; i<j; i++)
- {
- if (!BN_mod_mul(r,r,r,m,ctx))
+ for (i = 0; i < j; i++) {
+ if (!BN_mod_mul(r, r, r, m, ctx))
goto err;
- }
-
+ }
+
/* wvalue will be an odd number < 2^window */
- if (!BN_mod_mul(r,r,val[wvalue>>1],m,ctx))
+ if (!BN_mod_mul(r, r, val[wvalue >> 1], m, ctx))
goto err;
/* move the 'window' down further */
- wstart-=wend+1;
- wvalue=0;
- start=0;
- if (wstart < 0) break;
- }
- ret=1;
+ wstart -= wend + 1;
+ wvalue = 0;
+ start = 0;
+ if (wstart < 0)
+ break;
+ }
+ ret = 1;
+
err:
BN_CTX_end(ctx);
bn_check_top(r);
- return(ret);
- }
+ return (ret);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#define TABLE_SIZE 32
-int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
- const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2;
- int r_is_one=1;
- BIGNUM *d,*r;
+int
+BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
+ const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont)
+{
+ int i, j, bits, b, bits1, bits2, ret = 0, wpos1, wpos2, window1, window2, wvalue1, wvalue2;
+ int r_is_one = 1;
+ BIGNUM *d, *r;
const BIGNUM *a_mod_m;
/* Tables of variables obtained from 'ctx' */
BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
- BN_MONT_CTX *mont=NULL;
+ BN_MONT_CTX *mont = NULL;
bn_check_top(a1);
bn_check_top(p1);
bn_check_top(p2);
bn_check_top(m);
- if (!(m->d[0] & 1))
- {
- BNerr(BN_F_BN_MOD_EXP2_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
- return(0);
- }
- bits1=BN_num_bits(p1);
- bits2=BN_num_bits(p2);
- if ((bits1 == 0) && (bits2 == 0))
- {
+ if (!(m->d[0] & 1)) {
+ BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
+ return (0);
+ }
+ bits1 = BN_num_bits(p1);
+ bits2 = BN_num_bits(p2);
+ if ((bits1 == 0) && (bits2 == 0)) {
ret = BN_one(rr);
return ret;
- }
-
- bits=(bits1 > bits2)?bits1:bits2;
+ }
+
+ bits = (bits1 > bits2) ? bits1 : bits2;
BN_CTX_start(ctx);
d = BN_CTX_get(ctx);
r = BN_CTX_get(ctx);
val1[0] = BN_CTX_get(ctx);
val2[0] = BN_CTX_get(ctx);
- if(!d || !r || !val1[0] || !val2[0]) goto err;
+ if (!d || !r || !val1[0] || !val2[0])
+ goto err;
if (in_mont != NULL)
- mont=in_mont;
- else
- {
- if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
- if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
- }
+ mont = in_mont;
+ else {
+ if ((mont = BN_MONT_CTX_new()) == NULL)
+ goto err;
+ if (!BN_MONT_CTX_set(mont, m, ctx))
+ goto err;
+ }
window1 = BN_window_bits_for_exponent_size(bits1);
window2 = BN_window_bits_for_exponent_size(bits2);
/*
* Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1)
*/
- if (a1->neg || BN_ucmp(a1,m) >= 0)
- {
- if (!BN_mod(val1[0],a1,m,ctx))
+ if (a1->neg || BN_ucmp(a1, m) >= 0) {
+ if (!BN_mod(val1[0], a1, m, ctx))
goto err;
a_mod_m = val1[0];
- }
- else
+ } else
a_mod_m = a1;
- if (BN_is_zero(a_mod_m))
- {
+ if (BN_is_zero(a_mod_m)) {
BN_zero(rr);
ret = 1;
goto err;
- }
+ }
- if (!BN_to_montgomery(val1[0],a_mod_m,mont,ctx)) goto err;
- if (window1 > 1)
- {
- if (!BN_mod_mul_montgomery(d,val1[0],val1[0],mont,ctx)) goto err;
+ if (!BN_to_montgomery(val1[0], a_mod_m, mont, ctx))
+ goto err;
+ if (window1 > 1) {
+ if (!BN_mod_mul_montgomery(d, val1[0], val1[0], mont, ctx))
+ goto err;
- j=1<<(window1-1);
- for (i=1; i<j; i++)
- {
- if(((val1[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul_montgomery(val1[i],val1[i-1],
- d,mont,ctx))
+ j = 1 << (window1 - 1);
+ for (i = 1; i < j; i++) {
+ if (((val1[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul_montgomery(val1[i], val1[i - 1],
+ d, mont, ctx))
goto err;
- }
}
+ }
/*
* Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1)
*/
- if (a2->neg || BN_ucmp(a2,m) >= 0)
- {
- if (!BN_mod(val2[0],a2,m,ctx))
+ if (a2->neg || BN_ucmp(a2, m) >= 0) {
+ if (!BN_mod(val2[0], a2, m, ctx))
goto err;
a_mod_m = val2[0];
- }
- else
+ } else
a_mod_m = a2;
- if (BN_is_zero(a_mod_m))
- {
+ if (BN_is_zero(a_mod_m)) {
BN_zero(rr);
ret = 1;
goto err;
- }
- if (!BN_to_montgomery(val2[0],a_mod_m,mont,ctx)) goto err;
- if (window2 > 1)
- {
- if (!BN_mod_mul_montgomery(d,val2[0],val2[0],mont,ctx)) goto err;
+ }
+ if (!BN_to_montgomery(val2[0], a_mod_m, mont, ctx))
+ goto err;
+ if (window2 > 1) {
+ if (!BN_mod_mul_montgomery(d, val2[0], val2[0], mont, ctx))
+ goto err;
- j=1<<(window2-1);
- for (i=1; i<j; i++)
- {
- if(((val2[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul_montgomery(val2[i],val2[i-1],
- d,mont,ctx))
+ j = 1 << (window2 - 1);
+ for (i = 1; i < j; i++) {
+ if (((val2[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul_montgomery(val2[i], val2[i - 1],
+ d, mont, ctx))
goto err;
- }
}
+ }
/* Now compute the power product, using independent windows. */
- r_is_one=1;
- wvalue1=0; /* The 'value' of the first window */
- wvalue2=0; /* The 'value' of the second window */
- wpos1=0; /* If wvalue1 > 0, the bottom bit of the first window */
- wpos2=0; /* If wvalue2 > 0, the bottom bit of the second window */
+ r_is_one = 1;
+ wvalue1 = 0; /* The 'value' of the first window */
+ wvalue2 = 0; /* The 'value' of the second window */
+ wpos1 = 0; /* If wvalue1 > 0, the bottom bit of the first window */
+ wpos2 = 0; /* If wvalue2 > 0, the bottom bit of the second window */
- if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
- for (b=bits-1; b>=0; b--)
- {
- if (!r_is_one)
- {
- if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
+ if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+ goto err;
+ for (b = bits - 1; b >= 0; b--) {
+ if (!r_is_one) {
+ if (!BN_mod_mul_montgomery(r, r,r, mont, ctx))
goto err;
- }
-
+ }
+
if (!wvalue1)
- if (BN_is_bit_set(p1, b))
- {
- /* consider bits b-window1+1 .. b for this window */
- i = b-window1+1;
- while (!BN_is_bit_set(p1, i)) /* works for i<0 */
- i++;
- wpos1 = i;
- wvalue1 = 1;
- for (i = b-1; i >= wpos1; i--)
- {
- wvalue1 <<= 1;
- if (BN_is_bit_set(p1, i))
- wvalue1++;
- }
- }
-
+ if (BN_is_bit_set(p1, b)) {
+ /* consider bits b-window1+1 .. b for this window */
+ i = b - window1 + 1;
+ while (!BN_is_bit_set(p1, i)) /* works for i<0 */
+ i++;
+ wpos1 = i;
+ wvalue1 = 1;
+ for (i = b - 1; i >= wpos1; i--) {
+ wvalue1 <<= 1;
+ if (BN_is_bit_set(p1, i))
+ wvalue1++;
+ }
+ }
+
if (!wvalue2)
- if (BN_is_bit_set(p2, b))
- {
- /* consider bits b-window2+1 .. b for this window */
- i = b-window2+1;
- while (!BN_is_bit_set(p2, i))
- i++;
- wpos2 = i;
- wvalue2 = 1;
- for (i = b-1; i >= wpos2; i--)
- {
- wvalue2 <<= 1;
- if (BN_is_bit_set(p2, i))
- wvalue2++;
- }
- }
+ if (BN_is_bit_set(p2, b)) {
+ /* consider bits b-window2+1 .. b for this window */
+ i = b - window2 + 1;
+ while (!BN_is_bit_set(p2, i))
+ i++;
+ wpos2 = i;
+ wvalue2 = 1;
+ for (i = b - 1; i >= wpos2; i--) {
+ wvalue2 <<= 1;
+ if (BN_is_bit_set(p2, i))
+ wvalue2++;
+ }
+ }
- if (wvalue1 && b == wpos1)
- {
+ if (wvalue1 && b == wpos1) {
/* wvalue1 is odd and < 2^window1 */
- if (!BN_mod_mul_montgomery(r,r,val1[wvalue1>>1],mont,ctx))
+ if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1],
+ mont, ctx))
goto err;
wvalue1 = 0;
r_is_one = 0;
- }
-
- if (wvalue2 && b == wpos2)
- {
+ }
+
+ if (wvalue2 && b == wpos2) {
/* wvalue2 is odd and < 2^window2 */
- if (!BN_mod_mul_montgomery(r,r,val2[wvalue2>>1],mont,ctx))
+ if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1],
+ mont, ctx))
goto err;
wvalue2 = 0;
r_is_one = 0;
- }
}
- if (!BN_from_montgomery(rr,r,mont,ctx))
+ }
+ if (!BN_from_montgomery(rr, r,mont, ctx))
goto err;
- ret=1;
+ ret = 1;
+
err:
- if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+ if ((in_mont == NULL) && (mont != NULL))
+ BN_MONT_CTX_free(mont);
BN_CTX_end(ctx);
bn_check_top(rr);
- return(ret);
- }
+ return (ret);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
-int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
- {
- BIGNUM *a,*b,*t;
- int ret=0;
+int
+BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
+{
+ BIGNUM *a, *b, *t;
+ int ret = 0;
bn_check_top(in_a);
bn_check_top(in_b);
BN_CTX_start(ctx);
a = BN_CTX_get(ctx);
b = BN_CTX_get(ctx);
- if (a == NULL || b == NULL) goto err;
+ if (a == NULL || b == NULL)
+ goto err;
- if (BN_copy(a,in_a) == NULL) goto err;
- if (BN_copy(b,in_b) == NULL) goto err;
+ if (BN_copy(a, in_a) == NULL)
+ goto err;
+ if (BN_copy(b, in_b) == NULL)
+ goto err;
a->neg = 0;
b->neg = 0;
- if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; }
- t=euclid(a,b);
- if (t == NULL) goto err;
+ if (BN_cmp(a, b) < 0) {
+ t = a;
+ a = b;
+ b = t;
+ }
+ t = euclid(a, b);
+ if (t == NULL)
+ goto err;
+
+ if (BN_copy(r, t) == NULL)
+ goto err;
+ ret = 1;
- if (BN_copy(r,t) == NULL) goto err;
- ret=1;
err:
BN_CTX_end(ctx);
bn_check_top(r);
- return(ret);
- }
+ return (ret);
+}
-static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
- {
+static BIGNUM *
+euclid(BIGNUM *a, BIGNUM *b)
+{
BIGNUM *t;
- int shifts=0;
+ int shifts = 0;
bn_check_top(a);
bn_check_top(b);
/* 0 <= b <= a */
- while (!BN_is_zero(b))
- {
+ while (!BN_is_zero(b)) {
/* 0 < b <= a */
- if (BN_is_odd(a))
- {
- if (BN_is_odd(b))
- {
- if (!BN_sub(a,a,b)) goto err;
- if (!BN_rshift1(a,a)) goto err;
- if (BN_cmp(a,b) < 0)
- { t=a; a=b; b=t; }
+ if (BN_is_odd(a)) {
+ if (BN_is_odd(b)) {
+ if (!BN_sub(a, a, b))
+ goto err;
+ if (!BN_rshift1(a, a))
+ goto err;
+ if (BN_cmp(a, b) < 0) {
+ t = a;
+ a = b;
+ b = t;
}
+ }
else /* a odd - b even */
- {
- if (!BN_rshift1(b,b)) goto err;
- if (BN_cmp(a,b) < 0)
- { t=a; a=b; b=t; }
+ {
+ if (!BN_rshift1(b, b))
+ goto err;
+ if (BN_cmp(a, b) < 0) {
+ t = a;
+ a = b;
+ b = t;
}
}
+ }
else /* a is even */
- {
- if (BN_is_odd(b))
- {
- if (!BN_rshift1(a,a)) goto err;
- if (BN_cmp(a,b) < 0)
- { t=a; a=b; b=t; }
+ {
+ if (BN_is_odd(b)) {
+ if (!BN_rshift1(a, a))
+ goto err;
+ if (BN_cmp(a, b) < 0) {
+ t = a;
+ a = b;
+ b = t;
}
+ }
else /* a even - b even */
- {
- if (!BN_rshift1(a,a)) goto err;
- if (!BN_rshift1(b,b)) goto err;
+ {
+ if (!BN_rshift1(a, a))
+ goto err;
+ if (!BN_rshift1(b, b))
+ goto err;
shifts++;
- }
}
- /* 0 <= b <= a */
}
+ /* 0 <= b <= a */
+ }
- if (shifts)
- {
- if (!BN_lshift(a,a,shifts)) goto err;
- }
+ if (shifts) {
+ if (!BN_lshift(a, a, shifts))
+ goto err;
+ }
bn_check_top(a);
- return(a);
+ return (a);
+
err:
- return(NULL);
- }
+ return (NULL);
+}
/* solves ax == 1 (mod n) */
-static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
-
-BIGNUM *BN_mod_inverse(BIGNUM *in,
- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
- {
- BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
- BIGNUM *ret=NULL;
+static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a,
+ const BIGNUM *n, BN_CTX *ctx);
+
+BIGNUM *
+BN_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
+{
+ BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
+ BIGNUM *ret = NULL;
int sign;
- if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0))
- {
+ if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) ||
+ (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) {
return BN_mod_inverse_no_branch(in, a, n, ctx);
- }
+ }
bn_check_top(a);
bn_check_top(n);
M = BN_CTX_get(ctx);
Y = BN_CTX_get(ctx);
T = BN_CTX_get(ctx);
- if (T == NULL) goto err;
+ if (T == NULL)
+ goto err;
if (in == NULL)
- R=BN_new();
+ R = BN_new();
else
- R=in;
- if (R == NULL) goto err;
+ R = in;
+ if (R == NULL)
+ goto err;
BN_one(X);
BN_zero(Y);
- if (BN_copy(B,a) == NULL) goto err;
- if (BN_copy(A,n) == NULL) goto err;
+ if (BN_copy(B, a) == NULL)
+ goto err;
+ if (BN_copy(A, n) == NULL)
+ goto err;
A->neg = 0;
- if (B->neg || (BN_ucmp(B, A) >= 0))
- {
- if (!BN_nnmod(B, B, A, ctx)) goto err;
- }
+ if (B->neg || (BN_ucmp(B, A) >= 0)) {
+ if (!BN_nnmod(B, B, A, ctx))
+ goto err;
+ }
sign = -1;
/* From B = a mod |n|, A = |n| it follows that
*
* sign*Y*a == A (mod |n|).
*/
- if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048)))
- {
+ if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) {
/* Binary inversion algorithm; requires odd modulus.
* This is faster than the general algorithm if the modulus
* is sufficiently small (about 400 .. 500 bits on 32-bit
* sytems, but much more on 64-bit systems) */
int shift;
-
- while (!BN_is_zero(B))
- {
+
+ while (!BN_is_zero(B)) {
/*
* 0 < B < |n|,
* 0 < A <= |n|,
* When we're done, (1) still holds. */
shift = 0;
while (!BN_is_bit_set(B, shift)) /* note that 0 < B */
- {
+ {
shift++;
-
- if (BN_is_odd(X))
- {
- if (!BN_uadd(X, X, n)) goto err;
- }
- /* now X is even, so we can easily divide it by two */
- if (!BN_rshift1(X, X)) goto err;
- }
- if (shift > 0)
- {
- if (!BN_rshift(B, B, shift)) goto err;
+
+ if (BN_is_odd(X)) {
+ if (!BN_uadd(X, X, n))
+ goto err;
}
+ /* now X is even, so we can easily divide it by two */
+ if (!BN_rshift1(X, X))
+ goto err;
+ }
+ if (shift > 0) {
+ if (!BN_rshift(B, B, shift))
+ goto err;
+ }
/* Same for A and Y. Afterwards, (2) still holds. */
shift = 0;
while (!BN_is_bit_set(A, shift)) /* note that 0 < A */
- {
+ {
shift++;
-
- if (BN_is_odd(Y))
- {
- if (!BN_uadd(Y, Y, n)) goto err;
- }
- /* now Y is even */
- if (!BN_rshift1(Y, Y)) goto err;
- }
- if (shift > 0)
- {
- if (!BN_rshift(A, A, shift)) goto err;
+
+ if (BN_is_odd(Y)) {
+ if (!BN_uadd(Y, Y, n))
+ goto err;
}
+ /* now Y is even */
+ if (!BN_rshift1(Y, Y))
+ goto err;
+ }
+ if (shift > 0) {
+ if (!BN_rshift(A, A, shift))
+ goto err;
+ }
+
-
/* We still have (1) and (2).
* Both A and B are odd.
* The following computations ensure that
*
* and that either A or B is even in the next iteration.
*/
- if (BN_ucmp(B, A) >= 0)
- {
+ if (BN_ucmp(B, A) >= 0) {
/* -sign*(X + Y)*a == B - A (mod |n|) */
- if (!BN_uadd(X, X, Y)) goto err;
+ if (!BN_uadd(X, X, Y))
+ goto err;
/* NB: we could use BN_mod_add_quick(X, X, Y, n), but that
* actually makes the algorithm slower */
- if (!BN_usub(B, B, A)) goto err;
- }
- else
- {
+ if (!BN_usub(B, B, A))
+ goto err;
+ } else {
/* sign*(X + Y)*a == A - B (mod |n|) */
- if (!BN_uadd(Y, Y, X)) goto err;
+ if (!BN_uadd(Y, Y, X))
+ goto err;
/* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */
- if (!BN_usub(A, A, B)) goto err;
- }
+ if (!BN_usub(A, A, B))
+ goto err;
}
}
- else
- {
+ } else {
/* general inversion algorithm */
- while (!BN_is_zero(B))
- {
+ while (!BN_is_zero(B)) {
BIGNUM *tmp;
-
+
/*
* 0 < B < A,
* (*) -sign*X*a == B (mod |n|),
* sign*Y*a == A (mod |n|)
*/
-
+
/* (D, M) := (A/B, A%B) ... */
- if (BN_num_bits(A) == BN_num_bits(B))
- {
- if (!BN_one(D)) goto err;
- if (!BN_sub(M,A,B)) goto err;
- }
- else if (BN_num_bits(A) == BN_num_bits(B) + 1)
- {
+ if (BN_num_bits(A) == BN_num_bits(B)) {
+ if (!BN_one(D))
+ goto err;
+ if (!BN_sub(M, A, B))
+ goto err;
+ } else if (BN_num_bits(A) == BN_num_bits(B) + 1) {
/* A/B is 1, 2, or 3 */
- if (!BN_lshift1(T,B)) goto err;
- if (BN_ucmp(A,T) < 0)
- {
+ if (!BN_lshift1(T, B))
+ goto err;
+ if (BN_ucmp(A, T) < 0) {
/* A < 2*B, so D=1 */
- if (!BN_one(D)) goto err;
- if (!BN_sub(M,A,B)) goto err;
- }
- else
- {
+ if (!BN_one(D))
+ goto err;
+ if (!BN_sub(M, A, B))
+ goto err;
+ } else {
/* A >= 2*B, so D=2 or D=3 */
- if (!BN_sub(M,A,T)) goto err;
+ if (!BN_sub(M, A, T))
+ goto err;
if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */
- if (BN_ucmp(A,D) < 0)
- {
+ if (BN_ucmp(A, D) < 0) {
/* A < 3*B, so D=2 */
- if (!BN_set_word(D,2)) goto err;
+ if (!BN_set_word(D, 2))
+ goto err;
/* M (= A - 2*B) already has the correct value */
- }
- else
- {
+ } else {
/* only D=3 remains */
- if (!BN_set_word(D,3)) goto err;
+ if (!BN_set_word(D, 3))
+ goto err;
/* currently M = A - 2*B, but we need M = A - 3*B */
- if (!BN_sub(M,M,B)) goto err;
- }
+ if (!BN_sub(M, M, B))
+ goto err;
}
}
- else
- {
- if (!BN_div(D,M,A,B,ctx)) goto err;
- }
-
+ } else {
+ if (!BN_div(D, M, A, B, ctx))
+ goto err;
+ }
+
/* Now
* A = D*B + M;
* thus we have
* (**) sign*Y*a == D*B + M (mod |n|).
*/
-
- tmp=A; /* keep the BIGNUM object, the value does not matter */
-
+ tmp = A; /* keep the BIGNUM object, the value does not matter */
+
/* (A, B) := (B, A mod B) ... */
- A=B;
- B=M;
+ A = B;
+ B = M;
/* ... so we have 0 <= B < A again */
-
+
/* Since the former M is now B and the former B is now A,
* (**) translates into
* sign*Y*a == D*A + B (mod |n|),
* sign*Y*a == A (mod |n|).
* Note that X and Y stay non-negative all the time.
*/
-
+
/* most of the time D is very small, so we can optimize tmp := D*X+Y */
- if (BN_is_one(D))
- {
- if (!BN_add(tmp,X,Y)) goto err;
- }
- else
- {
- if (BN_is_word(D,2))
- {
- if (!BN_lshift1(tmp,X)) goto err;
- }
- else if (BN_is_word(D,4))
- {
- if (!BN_lshift(tmp,X,2)) goto err;
- }
- else if (D->top == 1)
- {
- if (!BN_copy(tmp,X)) goto err;
- if (!BN_mul_word(tmp,D->d[0])) goto err;
- }
- else
- {
- if (!BN_mul(tmp,D,X,ctx)) goto err;
- }
- if (!BN_add(tmp,tmp,Y)) goto err;
+ if (BN_is_one(D)) {
+ if (!BN_add(tmp, X, Y))
+ goto err;
+ } else {
+ if (BN_is_word(D, 2)) {
+ if (!BN_lshift1(tmp, X))
+ goto err;
+ } else if (BN_is_word(D, 4)) {
+ if (!BN_lshift(tmp, X, 2))
+ goto err;
+ } else if (D->top == 1) {
+ if (!BN_copy(tmp, X))
+ goto err;
+ if (!BN_mul_word(tmp, D->d[0]))
+ goto err;
+ } else {
+ if (!BN_mul(tmp, D,X, ctx))
+ goto err;
}
-
- M=Y; /* keep the BIGNUM object, the value does not matter */
- Y=X;
- X=tmp;
- sign = -sign;
+ if (!BN_add(tmp, tmp, Y))
+ goto err;
}
+
+ M = Y; /* keep the BIGNUM object, the value does not matter */
+ Y = X;
+ X = tmp;
+ sign = -sign;
}
-
+ }
+
/*
* The while loop (Euclid's algorithm) ends when
* A == gcd(a,n);
* where Y is non-negative.
*/
- if (sign < 0)
- {
- if (!BN_sub(Y,n,Y)) goto err;
- }
+ if (sign < 0) {
+ if (!BN_sub(Y, n, Y))
+ goto err;
+ }
/* Now Y*a == A (mod |n|). */
-
- if (BN_is_one(A))
- {
+ if (BN_is_one(A)) {
/* Y*a == 1 (mod |n|) */
- if (!Y->neg && BN_ucmp(Y,n) < 0)
- {
- if (!BN_copy(R,Y)) goto err;
- }
- else
- {
- if (!BN_nnmod(R,Y,n,ctx)) goto err;
- }
+ if (!Y->neg && BN_ucmp(Y, n) < 0) {
+ if (!BN_copy(R, Y))
+ goto err;
+ } else {
+ if (!BN_nnmod(R, Y,n, ctx))
+ goto err;
}
- else
- {
- BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
+ } else {
+ BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
goto err;
- }
- ret=R;
+ }
+ ret = R;
+
err:
- if ((ret == NULL) && (in == NULL)) BN_free(R);
+ if ((ret == NULL) && (in == NULL))
+ BN_free(R);
BN_CTX_end(ctx);
bn_check_top(ret);
- return(ret);
- }
+ return (ret);
+}
-/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse.
+/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse.
* It does not contain branches that may leak sensitive information.
*/
-static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
- {
- BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
+static BIGNUM *
+BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n,
+ BN_CTX *ctx)
+{
+ BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
BIGNUM local_A, local_B;
BIGNUM *pA, *pB;
- BIGNUM *ret=NULL;
+ BIGNUM *ret = NULL;
int sign;
bn_check_top(a);
M = BN_CTX_get(ctx);
Y = BN_CTX_get(ctx);
T = BN_CTX_get(ctx);
- if (T == NULL) goto err;
+ if (T == NULL)
+ goto err;
if (in == NULL)
- R=BN_new();
+ R = BN_new();
else
- R=in;
- if (R == NULL) goto err;
+ R = in;
+ if (R == NULL)
+ goto err;
BN_one(X);
BN_zero(Y);
- if (BN_copy(B,a) == NULL) goto err;
- if (BN_copy(A,n) == NULL) goto err;
+ if (BN_copy(B, a) == NULL)
+ goto err;
+ if (BN_copy(A, n) == NULL)
+ goto err;
A->neg = 0;
- if (B->neg || (BN_ucmp(B, A) >= 0))
- {
+ if (B->neg || (BN_ucmp(B, A) >= 0)) {
/* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
* BN_div_no_branch will be called eventually.
*/
pB = &local_B;
- BN_with_flags(pB, B, BN_FLG_CONSTTIME);
- if (!BN_nnmod(B, pB, A, ctx)) goto err;
- }
+ BN_with_flags(pB, B, BN_FLG_CONSTTIME);
+ if (!BN_nnmod(B, pB, A, ctx))
+ goto err;
+ }
sign = -1;
/* From B = a mod |n|, A = |n| it follows that
*
* sign*Y*a == A (mod |n|).
*/
- while (!BN_is_zero(B))
- {
+ while (!BN_is_zero(B)) {
BIGNUM *tmp;
-
+
/*
* 0 < B < A,
* (*) -sign*X*a == B (mod |n|),
* BN_div_no_branch will be called eventually.
*/
pA = &local_A;
- BN_with_flags(pA, A, BN_FLG_CONSTTIME);
-
- /* (D, M) := (A/B, A%B) ... */
- if (!BN_div(D,M,pA,B,ctx)) goto err;
-
+ BN_with_flags(pA, A, BN_FLG_CONSTTIME);
+
+ /* (D, M) := (A/B, A%B) ... */
+ if (!BN_div(D, M, pA, B, ctx))
+ goto err;
+
/* Now
* A = D*B + M;
* thus we have
* (**) sign*Y*a == D*B + M (mod |n|).
*/
-
- tmp=A; /* keep the BIGNUM object, the value does not matter */
-
+ tmp = A; /* keep the BIGNUM object, the value does not matter */
+
/* (A, B) := (B, A mod B) ... */
- A=B;
- B=M;
+ A = B;
+ B = M;
/* ... so we have 0 <= B < A again */
-
+
/* Since the former M is now B and the former B is now A,
* (**) translates into
* sign*Y*a == D*A + B (mod |n|),
* sign*Y*a == A (mod |n|).
* Note that X and Y stay non-negative all the time.
*/
-
- if (!BN_mul(tmp,D,X,ctx)) goto err;
- if (!BN_add(tmp,tmp,Y)) goto err;
- M=Y; /* keep the BIGNUM object, the value does not matter */
- Y=X;
- X=tmp;
+ if (!BN_mul(tmp, D, X, ctx))
+ goto err;
+ if (!BN_add(tmp, tmp, Y))
+ goto err;
+
+ M = Y; /* keep the BIGNUM object, the value does not matter */
+ Y = X;
+ X = tmp;
sign = -sign;
- }
-
+ }
+
/*
* The while loop (Euclid's algorithm) ends when
* A == gcd(a,n);
* where Y is non-negative.
*/
- if (sign < 0)
- {
- if (!BN_sub(Y,n,Y)) goto err;
- }
+ if (sign < 0) {
+ if (!BN_sub(Y, n, Y))
+ goto err;
+ }
/* Now Y*a == A (mod |n|). */
- if (BN_is_one(A))
- {
+ if (BN_is_one(A)) {
/* Y*a == 1 (mod |n|) */
- if (!Y->neg && BN_ucmp(Y,n) < 0)
- {
- if (!BN_copy(R,Y)) goto err;
- }
- else
- {
- if (!BN_nnmod(R,Y,n,ctx)) goto err;
- }
+ if (!Y->neg && BN_ucmp(Y, n) < 0) {
+ if (!BN_copy(R, Y))
+ goto err;
+ } else {
+ if (!BN_nnmod(R, Y, n, ctx))
+ goto err;
}
- else
- {
- BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH,BN_R_NO_INVERSE);
+ } else {
+ BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE);
goto err;
- }
- ret=R;
+ }
+ ret = R;
+
err:
- if ((ret == NULL) && (in == NULL)) BN_free(R);
+ if ((ret == NULL) && (in == NULL))
+ BN_free(R);
BN_CTX_end(ctx);
bn_check_top(ret);
- return(ret);
- }
+ return (ret);
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#define MAX_ITERATIONS 50
static const BN_ULONG SQR_tb[16] =
- { 0, 1, 4, 5, 16, 17, 20, 21,
- 64, 65, 68, 69, 80, 81, 84, 85 };
+ { 0, 1, 4, 5, 16, 17, 20, 21,
+64, 65, 68, 69, 80, 81, 84, 85 };
/* Platform-specific macros to accelerate squaring. */
#ifdef _LP64
#define SQR1(w) \
* The caller MUST ensure that the variables have the right amount
* of space allocated.
*/
-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
- {
+static void
+bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
+{
#ifndef _LP64
register BN_ULONG h, l, s;
- BN_ULONG tab[8], top2b = a >> 30;
+ BN_ULONG tab[8], top2b = a >> 30;
register BN_ULONG a1, a2, a4;
- a1 = a & (0x3FFFFFFF); a2 = a1 << 1; a4 = a2 << 1;
-
- tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2;
- tab[4] = a4; tab[5] = a1^a4; tab[6] = a2^a4; tab[7] = a1^a2^a4;
-
- s = tab[b & 0x7]; l = s;
- s = tab[b >> 3 & 0x7]; l ^= s << 3; h = s >> 29;
- s = tab[b >> 6 & 0x7]; l ^= s << 6; h ^= s >> 26;
- s = tab[b >> 9 & 0x7]; l ^= s << 9; h ^= s >> 23;
- s = tab[b >> 12 & 0x7]; l ^= s << 12; h ^= s >> 20;
- s = tab[b >> 15 & 0x7]; l ^= s << 15; h ^= s >> 17;
- s = tab[b >> 18 & 0x7]; l ^= s << 18; h ^= s >> 14;
- s = tab[b >> 21 & 0x7]; l ^= s << 21; h ^= s >> 11;
- s = tab[b >> 24 & 0x7]; l ^= s << 24; h ^= s >> 8;
- s = tab[b >> 27 & 0x7]; l ^= s << 27; h ^= s >> 5;
- s = tab[b >> 30 ]; l ^= s << 30; h ^= s >> 2;
+ a1 = a & (0x3FFFFFFF);
+ a2 = a1 << 1;
+ a4 = a2 << 1;
+
+ tab[0] = 0;
+ tab[1] = a1;
+ tab[2] = a2;
+ tab[3] = a1 ^ a2;
+ tab[4] = a4;
+ tab[5] = a1 ^ a4;
+ tab[6] = a2 ^ a4;
+ tab[7] = a1 ^ a2 ^ a4;
+
+ s = tab[b & 0x7];
+ l = s;
+ s = tab[b >> 3 & 0x7];
+ l ^= s << 3;
+ h = s >> 29;
+ s = tab[b >> 6 & 0x7];
+ l ^= s << 6;
+ h ^= s >> 26;
+ s = tab[b >> 9 & 0x7];
+ l ^= s << 9;
+ h ^= s >> 23;
+ s = tab[b >> 12 & 0x7];
+ l ^= s << 12;
+ h ^= s >> 20;
+ s = tab[b >> 15 & 0x7];
+ l ^= s << 15;
+ h ^= s >> 17;
+ s = tab[b >> 18 & 0x7];
+ l ^= s << 18;
+ h ^= s >> 14;
+ s = tab[b >> 21 & 0x7];
+ l ^= s << 21;
+ h ^= s >> 11;
+ s = tab[b >> 24 & 0x7];
+ l ^= s << 24;
+ h ^= s >> 8;
+ s = tab[b >> 27 & 0x7];
+ l ^= s << 27;
+ h ^= s >> 5;
+ s = tab[b >> 30];
+ l ^= s << 30;
+ h ^= s >> 2;
/* compensate for the top two bits of a */
+ if (top2b & 01) {
+ l ^= b << 30;
+ h ^= b >> 2;
+ }
+ if (top2b & 02) {
+ l ^= b << 31;
+ h ^= b >> 1;
+ }
- if (top2b & 01) { l ^= b << 30; h ^= b >> 2; }
- if (top2b & 02) { l ^= b << 31; h ^= b >> 1; }
-
- *r1 = h; *r0 = l;
+ *r1 = h;
+ *r0 = l;
#else
register BN_ULONG h, l, s;
BN_ULONG tab[16], top3b = a >> 61;
register BN_ULONG a1, a2, a4, a8;
- a1 = a & (0x1FFFFFFFFFFFFFFFULL); a2 = a1 << 1; a4 = a2 << 1; a8 = a4 << 1;
-
- tab[ 0] = 0; tab[ 1] = a1; tab[ 2] = a2; tab[ 3] = a1^a2;
- tab[ 4] = a4; tab[ 5] = a1^a4; tab[ 6] = a2^a4; tab[ 7] = a1^a2^a4;
- tab[ 8] = a8; tab[ 9] = a1^a8; tab[10] = a2^a8; tab[11] = a1^a2^a8;
- tab[12] = a4^a8; tab[13] = a1^a4^a8; tab[14] = a2^a4^a8; tab[15] = a1^a2^a4^a8;
-
- s = tab[b & 0xF]; l = s;
- s = tab[b >> 4 & 0xF]; l ^= s << 4; h = s >> 60;
- s = tab[b >> 8 & 0xF]; l ^= s << 8; h ^= s >> 56;
- s = tab[b >> 12 & 0xF]; l ^= s << 12; h ^= s >> 52;
- s = tab[b >> 16 & 0xF]; l ^= s << 16; h ^= s >> 48;
- s = tab[b >> 20 & 0xF]; l ^= s << 20; h ^= s >> 44;
- s = tab[b >> 24 & 0xF]; l ^= s << 24; h ^= s >> 40;
- s = tab[b >> 28 & 0xF]; l ^= s << 28; h ^= s >> 36;
- s = tab[b >> 32 & 0xF]; l ^= s << 32; h ^= s >> 32;
- s = tab[b >> 36 & 0xF]; l ^= s << 36; h ^= s >> 28;
- s = tab[b >> 40 & 0xF]; l ^= s << 40; h ^= s >> 24;
- s = tab[b >> 44 & 0xF]; l ^= s << 44; h ^= s >> 20;
- s = tab[b >> 48 & 0xF]; l ^= s << 48; h ^= s >> 16;
- s = tab[b >> 52 & 0xF]; l ^= s << 52; h ^= s >> 12;
- s = tab[b >> 56 & 0xF]; l ^= s << 56; h ^= s >> 8;
- s = tab[b >> 60 ]; l ^= s << 60; h ^= s >> 4;
+ a1 = a & (0x1FFFFFFFFFFFFFFFULL);
+ a2 = a1 << 1;
+ a4 = a2 << 1;
+ a8 = a4 << 1;
+
+ tab[0] = 0;
+ tab[1] = a1;
+ tab[2] = a2;
+ tab[3] = a1 ^ a2;
+ tab[4] = a4;
+ tab[5] = a1 ^ a4;
+ tab[6] = a2 ^ a4;
+ tab[7] = a1 ^ a2 ^ a4;
+ tab[8] = a8;
+ tab[9] = a1 ^ a8;
+ tab[10] = a2 ^ a8;
+ tab[11] = a1 ^ a2 ^ a8;
+ tab[12] = a4 ^ a8;
+ tab[13] = a1 ^ a4 ^ a8;
+ tab[14] = a2 ^ a4 ^ a8;
+ tab[15] = a1 ^ a2 ^ a4 ^ a8;
+
+ s = tab[b & 0xF];
+ l = s;
+ s = tab[b >> 4 & 0xF];
+ l ^= s << 4;
+ h = s >> 60;
+ s = tab[b >> 8 & 0xF];
+ l ^= s << 8;
+ h ^= s >> 56;
+ s = tab[b >> 12 & 0xF];
+ l ^= s << 12;
+ h ^= s >> 52;
+ s = tab[b >> 16 & 0xF];
+ l ^= s << 16;
+ h ^= s >> 48;
+ s = tab[b >> 20 & 0xF];
+ l ^= s << 20;
+ h ^= s >> 44;
+ s = tab[b >> 24 & 0xF];
+ l ^= s << 24;
+ h ^= s >> 40;
+ s = tab[b >> 28 & 0xF];
+ l ^= s << 28;
+ h ^= s >> 36;
+ s = tab[b >> 32 & 0xF];
+ l ^= s << 32;
+ h ^= s >> 32;
+ s = tab[b >> 36 & 0xF];
+ l ^= s << 36;
+ h ^= s >> 28;
+ s = tab[b >> 40 & 0xF];
+ l ^= s << 40;
+ h ^= s >> 24;
+ s = tab[b >> 44 & 0xF];
+ l ^= s << 44;
+ h ^= s >> 20;
+ s = tab[b >> 48 & 0xF];
+ l ^= s << 48;
+ h ^= s >> 16;
+ s = tab[b >> 52 & 0xF];
+ l ^= s << 52;
+ h ^= s >> 12;
+ s = tab[b >> 56 & 0xF];
+ l ^= s << 56;
+ h ^= s >> 8;
+ s = tab[b >> 60];
+ l ^= s << 60;
+ h ^= s >> 4;
/* compensate for the top three bits of a */
+ if (top3b & 01) {
+ l ^= b << 61;
+ h ^= b >> 3;
+ }
+ if (top3b & 02) {
+ l ^= b << 62;
+ h ^= b >> 2;
+ }
+ if (top3b & 04) {
+ l ^= b << 63;
+ h ^= b >> 1;
+ }
- if (top3b & 01) { l ^= b << 61; h ^= b >> 3; }
- if (top3b & 02) { l ^= b << 62; h ^= b >> 2; }
- if (top3b & 04) { l ^= b << 63; h ^= b >> 1; }
-
- *r1 = h; *r0 = l;
+ *r1 = h;
+ *r0 = l;
#endif
- }
+}
/* Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1,
* result is a polynomial r with degree < 4 * BN_BITS2 - 1
* The caller MUST ensure that the variables have the right amount
* of space allocated.
*/
-static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, const BN_ULONG b1, const BN_ULONG b0)
- {
+static void
+bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0,
+ const BN_ULONG b1, const BN_ULONG b0)
+{
BN_ULONG m1, m0;
+
/* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */
- bn_GF2m_mul_1x1(r+3, r+2, a1, b1);
- bn_GF2m_mul_1x1(r+1, r, a0, b0);
+ bn_GF2m_mul_1x1(r + 3, r + 2, a1, b1);
+ bn_GF2m_mul_1x1(r + 1, r, a0, b0);
bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);
/* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */
r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */
r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */
- }
+}
#else
-void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1, BN_ULONG b0);
-#endif
+void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1,
+ BN_ULONG b0);
+#endif
-/* Add polynomials a and b and store result in r; r could be a or b, a and b
+/* Add polynomials a and b and store result in r; r could be a or b, a and b
* could be equal; r is the bitwise XOR of a and b.
*/
-int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
- {
+int
+BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
int i;
const BIGNUM *at, *bt;
bn_check_top(a);
bn_check_top(b);
- if (a->top < b->top) { at = b; bt = a; }
- else { at = a; bt = b; }
+ if (a->top < b->top) {
+ at = b;
+ bt = a;
+ } else {
+ at = a;
+ bt = b;
+ }
- if(bn_wexpand(r, at->top) == NULL)
+ if (bn_wexpand(r, at->top) == NULL)
return 0;
- for (i = 0; i < bt->top; i++)
- {
+ for (i = 0; i < bt->top; i++) {
r->d[i] = at->d[i] ^ bt->d[i];
- }
- for (; i < at->top; i++)
- {
+ }
+ for (; i < at->top; i++) {
r->d[i] = at->d[i];
- }
-
+ }
+
r->top = at->top;
bn_correct_top(r);
-
+
return 1;
- }
+}
/* Some functions allow for representation of the irreducible polynomials
/* Performs modular reduction of a and store result in r. r could be a. */
-int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
- {
+int
+BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
+{
int j, k;
int n, dN, d0, d1;
BN_ULONG zz, *z;
bn_check_top(a);
- if (!p[0])
- {
+ if (!p[0]) {
/* reduction mod 1 => return 0 */
BN_zero(r);
return 1;
- }
+ }
/* Since the algorithm does reduction in the r value, if a != r, copy
- * the contents of a into r so we can do reduction in r.
+ * the contents of a into r so we can do reduction in r.
*/
- if (a != r)
- {
- if (!bn_wexpand(r, a->top)) return 0;
- for (j = 0; j < a->top; j++)
- {
+ if (a != r) {
+ if (!bn_wexpand(r, a->top))
+ return 0;
+ for (j = 0; j < a->top; j++) {
r->d[j] = a->d[j];
- }
- r->top = a->top;
}
+ r->top = a->top;
+ }
z = r->d;
/* start reduction */
- dN = p[0] / BN_BITS2;
- for (j = r->top - 1; j > dN;)
- {
+ dN = p[0] / BN_BITS2;
+ for (j = r->top - 1; j > dN; ) {
zz = z[j];
- if (z[j] == 0) { j--; continue; }
+ if (z[j] == 0) {
+ j--;
+ continue;
+ }
z[j] = 0;
- for (k = 1; p[k] != 0; k++)
- {
+ for (k = 1; p[k] != 0; k++) {
/* reducing component t^p[k] */
n = p[0] - p[k];
- d0 = n % BN_BITS2; d1 = BN_BITS2 - d0;
- n /= BN_BITS2;
- z[j-n] ^= (zz>>d0);
- if (d0) z[j-n-1] ^= (zz<<d1);
- }
+ d0 = n % BN_BITS2;
+ d1 = BN_BITS2 - d0;
+ n /= BN_BITS2;
+ z[j - n] ^= (zz >> d0);
+ if (d0)
+ z[j - n - 1] ^= (zz << d1);
+ }
/* reducing component t^0 */
- n = dN;
+ n = dN;
d0 = p[0] % BN_BITS2;
d1 = BN_BITS2 - d0;
- z[j-n] ^= (zz >> d0);
- if (d0) z[j-n-1] ^= (zz << d1);
- }
+ z[j - n] ^= (zz >> d0);
+ if (d0)
+ z[j - n - 1] ^= (zz << d1);
+ }
/* final round of reduction */
- while (j == dN)
- {
+ while (j == dN) {
d0 = p[0] % BN_BITS2;
zz = z[dN] >> d0;
- if (zz == 0) break;
+ if (zz == 0)
+ break;
d1 = BN_BITS2 - d0;
-
+
/* clear up the top d1 bits */
if (d0)
z[dN] = (z[dN] << d1) >> d1;
z[dN] = 0;
z[0] ^= zz; /* reduction t^0 component */
- for (k = 1; p[k] != 0; k++)
- {
+ for (k = 1; p[k] != 0; k++) {
BN_ULONG tmp_ulong;
/* reducing component t^p[k]*/
- n = p[k] / BN_BITS2;
+ n = p[k] / BN_BITS2;
d0 = p[k] % BN_BITS2;
d1 = BN_BITS2 - d0;
z[n] ^= (zz << d0);
tmp_ulong = zz >> d1;
- if (d0 && tmp_ulong)
- z[n+1] ^= tmp_ulong;
- }
-
-
+ if (d0 && tmp_ulong)
+ z[n + 1] ^= tmp_ulong;
}
+
+ }
+
bn_correct_top(r);
return 1;
- }
+}
/* Performs modular reduction of a by p and store result in r. r could be a.
*
* This function calls down to the BN_GF2m_mod_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
+ * function is only provided for convenience; for best performance, use the
* BN_GF2m_mod_arr function.
*/
-int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
- {
+int
+BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
+{
int ret = 0;
int arr[6];
+
bn_check_top(a);
bn_check_top(p);
- ret = BN_GF2m_poly2arr(p, arr, sizeof(arr)/sizeof(arr[0]));
- if (!ret || ret > (int)(sizeof(arr)/sizeof(arr[0])))
- {
- BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH);
+ ret = BN_GF2m_poly2arr(p, arr, sizeof(arr) / sizeof(arr[0]));
+ if (!ret || ret > (int)(sizeof(arr) / sizeof(arr[0]))) {
+ BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH);
return 0;
- }
+ }
ret = BN_GF2m_mod_arr(r, a, arr);
bn_check_top(r);
return ret;
- }
+}
/* Compute the product of two polynomials a and b, reduce modulo p, and store
* the result in r. r could be a or b; a could be b.
*/
-int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[], BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[],
+ BN_CTX *ctx)
+{
int zlen, i, j, k, ret = 0;
BIGNUM *s;
BN_ULONG x1, x0, y1, y0, zz[4];
bn_check_top(a);
bn_check_top(b);
- if (a == b)
- {
+ if (a == b) {
return BN_GF2m_mod_sqr_arr(r, a, p, ctx);
- }
+ }
BN_CTX_start(ctx);
- if ((s = BN_CTX_get(ctx)) == NULL) goto err;
-
+ if ((s = BN_CTX_get(ctx)) == NULL)
+ goto err;
+
zlen = a->top + b->top + 4;
- if (!bn_wexpand(s, zlen)) goto err;
+ if (!bn_wexpand(s, zlen))
+ goto err;
s->top = zlen;
- for (i = 0; i < zlen; i++) s->d[i] = 0;
+ for (i = 0; i < zlen; i++)
+ s->d[i] = 0;
- for (j = 0; j < b->top; j += 2)
- {
+ for (j = 0; j < b->top; j += 2) {
y0 = b->d[j];
- y1 = ((j+1) == b->top) ? 0 : b->d[j+1];
- for (i = 0; i < a->top; i += 2)
- {
+ y1 = ((j + 1) == b->top) ? 0 : b->d[j + 1];
+ for (i = 0; i < a->top; i += 2) {
x0 = a->d[i];
- x1 = ((i+1) == a->top) ? 0 : a->d[i+1];
+ x1 = ((i + 1) == a->top) ? 0 : a->d[i + 1];
bn_GF2m_mul_2x2(zz, x1, x0, y1, y0);
- for (k = 0; k < 4; k++) s->d[i+j+k] ^= zz[k];
- }
+ for (k = 0; k < 4; k++)
+ s->d[i + j + k] ^= zz[k];
}
+ }
bn_correct_top(s);
if (BN_GF2m_mod_arr(r, s, p))
err:
BN_CTX_end(ctx);
return ret;
- }
+}
/* Compute the product of two polynomials a and b, reduce modulo p, and store
* the result in r. r could be a or b; a could equal b.
*
* This function calls down to the BN_GF2m_mod_mul_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
+ * function is only provided for convenience; for best performance, use the
* BN_GF2m_mod_mul_arr function.
*/
-int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
+ BN_CTX *ctx)
+{
int ret = 0;
const int max = BN_num_bits(p) + 1;
- int *arr=NULL;
+ int *arr = NULL;
+
bn_check_top(a);
bn_check_top(b);
bn_check_top(p);
- if ((arr = (int *)malloc(sizeof(int) * max)) == NULL) goto err;
+ if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+ goto err;
ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max)
- {
- BNerr(BN_F_BN_GF2M_MOD_MUL,BN_R_INVALID_LENGTH);
+ if (!ret || ret > max) {
+ BNerr(BN_F_BN_GF2M_MOD_MUL, BN_R_INVALID_LENGTH);
goto err;
- }
+ }
ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
bn_check_top(r);
+
err:
- if (arr) free(arr);
+ if (arr)
+ free(arr);
return ret;
- }
+}
/* Square a, reduce the result mod p, and store it in a. r could be a. */
-int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
+{
int i, ret = 0;
BIGNUM *s;
bn_check_top(a);
BN_CTX_start(ctx);
- if ((s = BN_CTX_get(ctx)) == NULL) return 0;
- if (!bn_wexpand(s, 2 * a->top)) goto err;
+ if ((s = BN_CTX_get(ctx)) == NULL)
+ return 0;
+ if (!bn_wexpand(s, 2 * a->top))
+ goto err;
- for (i = a->top - 1; i >= 0; i--)
- {
- s->d[2*i+1] = SQR1(a->d[i]);
- s->d[2*i ] = SQR0(a->d[i]);
- }
+ for (i = a->top - 1; i >= 0; i--) {
+ s->d[2 * i + 1] = SQR1(a->d[i]);
+ s->d[2 * i] = SQR0(a->d[i]);
+ }
s->top = 2 * a->top;
bn_correct_top(s);
- if (!BN_GF2m_mod_arr(r, s, p)) goto err;
+ if (!BN_GF2m_mod_arr(r, s, p))
+ goto err;
bn_check_top(r);
ret = 1;
+
err:
BN_CTX_end(ctx);
return ret;
- }
+}
/* Square a, reduce the result mod p, and store it in a. r could be a.
*
* This function calls down to the BN_GF2m_mod_sqr_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
+ * function is only provided for convenience; for best performance, use the
* BN_GF2m_mod_sqr_arr function.
*/
-int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
int ret = 0;
const int max = BN_num_bits(p) + 1;
- int *arr=NULL;
+ int *arr = NULL;
bn_check_top(a);
bn_check_top(p);
- if ((arr = (int *)malloc(sizeof(int) * max)) == NULL) goto err;
+ if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+ goto err;
ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max)
- {
- BNerr(BN_F_BN_GF2M_MOD_SQR,BN_R_INVALID_LENGTH);
+ if (!ret || ret > max) {
+ BNerr(BN_F_BN_GF2M_MOD_SQR, BN_R_INVALID_LENGTH);
goto err;
- }
+ }
ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
bn_check_top(r);
+
err:
- if (arr) free(arr);
+ if (arr)
+ free(arr);
return ret;
- }
+}
-/* Invert a, reduce modulo p, and store the result in r. r could be a.
+/* Invert a, reduce modulo p, and store the result in r. r could be a.
* Uses Modified Almost Inverse Algorithm (Algorithm 10) from
* Hankerson, D., Hernandez, J.L., and Menezes, A. "Software Implementation
* of Elliptic Curve Cryptography Over Binary Fields".
*/
-int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp;
int ret = 0;
bn_check_top(p);
BN_CTX_start(ctx);
-
- if ((b = BN_CTX_get(ctx))==NULL) goto err;
- if ((c = BN_CTX_get(ctx))==NULL) goto err;
- if ((u = BN_CTX_get(ctx))==NULL) goto err;
- if ((v = BN_CTX_get(ctx))==NULL) goto err;
- if (!BN_GF2m_mod(u, a, p)) goto err;
- if (BN_is_zero(u)) goto err;
+ if ((b = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ if ((c = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ if ((u = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ if ((v = BN_CTX_get(ctx)) == NULL)
+ goto err;
- if (!BN_copy(v, p)) goto err;
+ if (!BN_GF2m_mod(u, a, p))
+ goto err;
+ if (BN_is_zero(u))
+ goto err;
+
+ if (!BN_copy(v, p))
+ goto err;
#if 0
- if (!BN_one(b)) goto err;
-
- while (1)
- {
- while (!BN_is_odd(u))
- {
- if (BN_is_zero(u)) goto err;
- if (!BN_rshift1(u, u)) goto err;
- if (BN_is_odd(b))
- {
- if (!BN_GF2m_add(b, b, p)) goto err;
- }
- if (!BN_rshift1(b, b)) goto err;
+ if (!BN_one(b))
+ goto err;
+
+ while (1) {
+ while (!BN_is_odd(u)) {
+ if (BN_is_zero(u))
+ goto err;
+ if (!BN_rshift1(u, u))
+ goto err;
+ if (BN_is_odd(b)) {
+ if (!BN_GF2m_add(b, b, p))
+ goto err;
}
+ if (!BN_rshift1(b, b))
+ goto err;
+ }
- if (BN_abs_is_word(u, 1)) break;
+ if (BN_abs_is_word(u, 1))
+ break;
- if (BN_num_bits(u) < BN_num_bits(v))
- {
- tmp = u; u = v; v = tmp;
- tmp = b; b = c; c = tmp;
- }
-
- if (!BN_GF2m_add(u, u, v)) goto err;
- if (!BN_GF2m_add(b, b, c)) goto err;
+ if (BN_num_bits(u) < BN_num_bits(v)) {
+ tmp = u;
+ u = v;
+ v = tmp;
+ tmp = b;
+ b = c;
+ c = tmp;
}
+
+ if (!BN_GF2m_add(u, u, v))
+ goto err;
+ if (!BN_GF2m_add(b, b, c))
+ goto err;
+ }
#else
{
- int i, ubits = BN_num_bits(u),
+ int i, ubits = BN_num_bits(u),
vbits = BN_num_bits(v), /* v is copy of p */
top = p->top;
- BN_ULONG *udp,*bdp,*vdp,*cdp;
-
- bn_wexpand(u,top); udp = u->d;
- for (i=u->top;i<top;i++) udp[i] = 0;
- u->top = top;
- bn_wexpand(b,top); bdp = b->d;
- bdp[0] = 1;
- for (i=1;i<top;i++) bdp[i] = 0;
- b->top = top;
- bn_wexpand(c,top); cdp = c->d;
- for (i=0;i<top;i++) cdp[i] = 0;
- c->top = top;
- vdp = v->d; /* It pays off to "cache" *->d pointers, because
- * it allows optimizer to be more aggressive.
- * But we don't have to "cache" p->d, because *p
- * is declared 'const'... */
- while (1)
- {
- while (ubits && !(udp[0]&1))
- {
- BN_ULONG u0,u1,b0,b1,mask;
-
- u0 = udp[0];
- b0 = bdp[0];
- mask = (BN_ULONG)0-(b0&1);
- b0 ^= p->d[0]&mask;
- for (i=0;i<top-1;i++)
- {
- u1 = udp[i+1];
- udp[i] = ((u0>>1)|(u1<<(BN_BITS2-1)))&BN_MASK2;
- u0 = u1;
- b1 = bdp[i+1]^(p->d[i+1]&mask);
- bdp[i] = ((b0>>1)|(b1<<(BN_BITS2-1)))&BN_MASK2;
- b0 = b1;
+ BN_ULONG *udp, *bdp, *vdp, *cdp;
+
+ bn_wexpand(u, top);
+ udp = u->d;
+ for (i = u->top; i < top; i++)
+ udp[i] = 0;
+ u->top = top;
+ bn_wexpand(b, top);
+ bdp = b->d;
+ bdp[0] = 1;
+ for (i = 1; i < top; i++)
+ bdp[i] = 0;
+ b->top = top;
+ bn_wexpand(c, top);
+ cdp = c->d;
+ for (i = 0; i < top; i++)
+ cdp[i] = 0;
+ c->top = top;
+ vdp = v->d; /* It pays off to "cache" *->d pointers, because
+ * it allows optimizer to be more aggressive.
+ * But we don't have to "cache" p->d, because *p
+ * is declared 'const'... */
+ while (1) {
+ while (ubits && !(udp[0]&1)) {
+ BN_ULONG u0, u1, b0, b1, mask;
+
+ u0 = udp[0];
+ b0 = bdp[0];
+ mask = (BN_ULONG)0 - (b0 & 1);
+ b0 ^= p->d[0] & mask;
+ for (i = 0; i < top - 1; i++) {
+ u1 = udp[i + 1];
+ udp[i] = ((u0 >> 1) |
+ (u1 << (BN_BITS2 - 1))) & BN_MASK2;
+ u0 = u1;
+ b1 = bdp[i + 1] ^ (p->d[i + 1] & mask);
+ bdp[i] = ((b0 >> 1) |
+ (b1 << (BN_BITS2 - 1))) & BN_MASK2;
+ b0 = b1;
}
- udp[i] = u0>>1;
- bdp[i] = b0>>1;
- ubits--;
+ udp[i] = u0 >> 1;
+ bdp[i] = b0 >> 1;
+ ubits--;
}
- if (ubits<=BN_BITS2 && udp[0]==1) break;
-
- if (ubits<vbits)
- {
- i = ubits; ubits = vbits; vbits = i;
- tmp = u; u = v; v = tmp;
- tmp = b; b = c; c = tmp;
- udp = vdp; vdp = v->d;
- bdp = cdp; cdp = c->d;
+ if (ubits <= BN_BITS2 && udp[0] == 1)
+ break;
+
+ if (ubits < vbits) {
+ i = ubits;
+ ubits = vbits;
+ vbits = i;
+ tmp = u;
+ u = v;
+ v = tmp;
+ tmp = b;
+ b = c;
+ c = tmp;
+ udp = vdp;
+ vdp = v->d;
+ bdp = cdp;
+ cdp = c->d;
}
- for(i=0;i<top;i++)
- {
- udp[i] ^= vdp[i];
- bdp[i] ^= cdp[i];
+ for (i = 0; i < top; i++) {
+ udp[i] ^= vdp[i];
+ bdp[i] ^= cdp[i];
}
- if (ubits==vbits)
- {
- BN_ULONG ul;
- int utop = (ubits-1)/BN_BITS2;
+ if (ubits == vbits) {
+ BN_ULONG ul;
+ int utop = (ubits - 1) / BN_BITS2;
- while ((ul=udp[utop])==0 && utop) utop--;
- ubits = utop*BN_BITS2 + BN_num_bits_word(ul);
+ while ((ul = udp[utop]) == 0 && utop)
+ utop--;
+ ubits = utop*BN_BITS2 + BN_num_bits_word(ul);
}
}
- bn_correct_top(b);
+ bn_correct_top(b);
}
#endif
- if (!BN_copy(r, b)) goto err;
+ if (!BN_copy(r, b))
+ goto err;
bn_check_top(r);
ret = 1;
err:
#ifdef BN_DEBUG /* BN_CTX_end would complain about the expanded form */
- bn_correct_top(c);
- bn_correct_top(u);
- bn_correct_top(v);
+ bn_correct_top(c);
+ bn_correct_top(u);
+ bn_correct_top(v);
#endif
- BN_CTX_end(ctx);
+ BN_CTX_end(ctx);
return ret;
- }
+}
-/* Invert xx, reduce modulo p, and store the result in r. r could be xx.
+/* Invert xx, reduce modulo p, and store the result in r. r could be xx.
*
* This function calls down to the BN_GF2m_mod_inv implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
+ * function is only provided for convenience; for best performance, use the
* BN_GF2m_mod_inv function.
*/
-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], BN_CTX *ctx)
+{
BIGNUM *field;
int ret = 0;
bn_check_top(xx);
BN_CTX_start(ctx);
- if ((field = BN_CTX_get(ctx)) == NULL) goto err;
- if (!BN_GF2m_arr2poly(p, field)) goto err;
-
+ if ((field = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ if (!BN_GF2m_arr2poly(p, field))
+ goto err;
+
ret = BN_GF2m_mod_inv(r, xx, field, ctx);
bn_check_top(r);
err:
BN_CTX_end(ctx);
return ret;
- }
+}
#ifndef OPENSSL_SUN_GF2M_DIV
-/* Divide y by x, reduce modulo p, and store the result in r. r could be x
+/* Divide y by x, reduce modulo p, and store the result in r. r could be x
* or y, x could equal y.
*/
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p,
+ BN_CTX *ctx)
+{
BIGNUM *xinv = NULL;
int ret = 0;
BN_CTX_start(ctx);
xinv = BN_CTX_get(ctx);
- if (xinv == NULL) goto err;
-
- if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) goto err;
- if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) goto err;
+ if (xinv == NULL)
+ goto err;
+
+ if (!BN_GF2m_mod_inv(xinv, x, p, ctx))
+ goto err;
+ if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx))
+ goto err;
bn_check_top(r);
ret = 1;
err:
BN_CTX_end(ctx);
return ret;
- }
+}
#else
-/* Divide y by x, reduce modulo p, and store the result in r. r could be x
+/* Divide y by x, reduce modulo p, and store the result in r. r could be x
* or y, x could equal y.
- * Uses algorithm Modular_Division_GF(2^m) from
- * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to
+ * Uses algorithm Modular_Division_GF(2^m) from
+ * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to
* the Great Divide".
*/
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p,
+ BN_CTX *ctx)
+{
BIGNUM *a, *b, *u, *v;
int ret = 0;
bn_check_top(p);
BN_CTX_start(ctx);
-
+
a = BN_CTX_get(ctx);
b = BN_CTX_get(ctx);
u = BN_CTX_get(ctx);
v = BN_CTX_get(ctx);
- if (v == NULL) goto err;
+ if (v == NULL)
+ goto err;
/* reduce x and y mod p */
- if (!BN_GF2m_mod(u, y, p)) goto err;
- if (!BN_GF2m_mod(a, x, p)) goto err;
- if (!BN_copy(b, p)) goto err;
-
- while (!BN_is_odd(a))
- {
- if (!BN_rshift1(a, a)) goto err;
- if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err;
- if (!BN_rshift1(u, u)) goto err;
- }
+ if (!BN_GF2m_mod(u, y, p))
+ goto err;
+ if (!BN_GF2m_mod(a, x, p))
+ goto err;
+ if (!BN_copy(b, p))
+ goto err;
- do
- {
- if (BN_GF2m_cmp(b, a) > 0)
- {
- if (!BN_GF2m_add(b, b, a)) goto err;
- if (!BN_GF2m_add(v, v, u)) goto err;
- do
- {
- if (!BN_rshift1(b, b)) goto err;
- if (BN_is_odd(v)) if (!BN_GF2m_add(v, v, p)) goto err;
- if (!BN_rshift1(v, v)) goto err;
- } while (!BN_is_odd(b));
- }
- else if (BN_abs_is_word(a, 1))
+ while (!BN_is_odd(a)) {
+ if (!BN_rshift1(a, a))
+ goto err;
+ if (BN_is_odd(u))
+ if (!BN_GF2m_add(u, u, p))
+ goto err;
+ if (!BN_rshift1(u, u))
+ goto err;
+ }
+
+ do {
+ if (BN_GF2m_cmp(b, a) > 0) {
+ if (!BN_GF2m_add(b, b, a))
+ goto err;
+ if (!BN_GF2m_add(v, v, u))
+ goto err;
+ do {
+ if (!BN_rshift1(b, b))
+ goto err;
+ if (BN_is_odd(v))
+ if (!BN_GF2m_add(v, v, p))
+ goto err;
+ if (!BN_rshift1(v, v))
+ goto err;
+ } while (!BN_is_odd(b));
+ } else if (BN_abs_is_word(a, 1))
break;
- else
- {
- if (!BN_GF2m_add(a, a, b)) goto err;
- if (!BN_GF2m_add(u, u, v)) goto err;
- do
- {
- if (!BN_rshift1(a, a)) goto err;
- if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err;
- if (!BN_rshift1(u, u)) goto err;
- } while (!BN_is_odd(a));
- }
- } while (1);
+ else {
+ if (!BN_GF2m_add(a, a, b))
+ goto err;
+ if (!BN_GF2m_add(u, u, v))
+ goto err;
+ do {
+ if (!BN_rshift1(a, a))
+ goto err;
+ if (BN_is_odd(u))
+ if (!BN_GF2m_add(u, u, p))
+ goto err;
+ if (!BN_rshift1(u, u))
+ goto err;
+ } while (!BN_is_odd(a));
+ }
+ } while (1);
- if (!BN_copy(r, u)) goto err;
+ if (!BN_copy(r, u))
+ goto err;
bn_check_top(r);
ret = 1;
err:
- BN_CTX_end(ctx);
+ BN_CTX_end(ctx);
return ret;
- }
+}
#endif
-/* Divide yy by xx, reduce modulo p, and store the result in r. r could be xx
+/* Divide yy by xx, reduce modulo p, and store the result in r. r could be xx
* or yy, xx could equal yy.
*
* This function calls down to the BN_GF2m_mod_div implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
+ * function is only provided for convenience; for best performance, use the
* BN_GF2m_mod_div function.
*/
-int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const int p[], BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx,
+ const int p[], BN_CTX *ctx)
+{
BIGNUM *field;
int ret = 0;
bn_check_top(xx);
BN_CTX_start(ctx);
- if ((field = BN_CTX_get(ctx)) == NULL) goto err;
- if (!BN_GF2m_arr2poly(p, field)) goto err;
-
+ if ((field = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ if (!BN_GF2m_arr2poly(p, field))
+ goto err;
+
ret = BN_GF2m_mod_div(r, yy, xx, field, ctx);
bn_check_top(r);
err:
BN_CTX_end(ctx);
return ret;
- }
+}
/* Compute the bth power of a, reduce modulo p, and store
* the result in r. r could be a.
* Uses simple square-and-multiply algorithm A.5.1 from IEEE P1363.
*/
-int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[], BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[],
+ BN_CTX *ctx)
+{
int ret = 0, i, n;
BIGNUM *u;
bn_check_top(b);
if (BN_is_zero(b))
- return(BN_one(r));
+ return (BN_one(r));
if (BN_abs_is_word(b, 1))
return (BN_copy(r, a) != NULL);
BN_CTX_start(ctx);
- if ((u = BN_CTX_get(ctx)) == NULL) goto err;
-
- if (!BN_GF2m_mod_arr(u, a, p)) goto err;
-
+ if ((u = BN_CTX_get(ctx)) == NULL)
+ goto err;
+
+ if (!BN_GF2m_mod_arr(u, a, p))
+ goto err;
+
n = BN_num_bits(b) - 1;
- for (i = n - 1; i >= 0; i--)
- {
- if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx)) goto err;
- if (BN_is_bit_set(b, i))
- {
- if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx)) goto err;
- }
+ for (i = n - 1; i >= 0; i--) {
+ if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx))
+ goto err;
+ if (BN_is_bit_set(b, i)) {
+ if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx))
+ goto err;
}
- if (!BN_copy(r, u)) goto err;
+ }
+ if (!BN_copy(r, u))
+ goto err;
bn_check_top(r);
ret = 1;
+
err:
BN_CTX_end(ctx);
return ret;
- }
+}
/* Compute the bth power of a, reduce modulo p, and store
* the result in r. r could be a.
*
* This function calls down to the BN_GF2m_mod_exp_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
+ * function is only provided for convenience; for best performance, use the
* BN_GF2m_mod_exp_arr function.
*/
-int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
+ BN_CTX *ctx)
+{
int ret = 0;
const int max = BN_num_bits(p) + 1;
- int *arr=NULL;
+ int *arr = NULL;
+
bn_check_top(a);
bn_check_top(b);
bn_check_top(p);
- if ((arr = (int *)malloc(sizeof(int) * max)) == NULL) goto err;
+ if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+ goto err;
ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max)
- {
- BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH);
+ if (!ret || ret > max) {
+ BNerr(BN_F_BN_GF2M_MOD_EXP, BN_R_INVALID_LENGTH);
goto err;
- }
+ }
ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
bn_check_top(r);
+
err:
- if (arr) free(arr);
+ if (arr)
+ free(arr);
return ret;
- }
+}
/* Compute the square root of a, reduce modulo p, and store
* the result in r. r could be a.
* Uses exponentiation as in algorithm A.4.1 from IEEE P1363.
*/
-int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
+{
int ret = 0;
BIGNUM *u;
bn_check_top(a);
- if (!p[0])
- {
+ if (!p[0]) {
/* reduction mod 1 => return 0 */
BN_zero(r);
return 1;
- }
+ }
BN_CTX_start(ctx);
- if ((u = BN_CTX_get(ctx)) == NULL) goto err;
-
- if (!BN_set_bit(u, p[0] - 1)) goto err;
+ if ((u = BN_CTX_get(ctx)) == NULL)
+ goto err;
+
+ if (!BN_set_bit(u, p[0] - 1))
+ goto err;
ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);
bn_check_top(r);
err:
BN_CTX_end(ctx);
return ret;
- }
+}
/* Compute the square root of a, reduce modulo p, and store
* the result in r. r could be a.
*
* This function calls down to the BN_GF2m_mod_sqrt_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
+ * function is only provided for convenience; for best performance, use the
* BN_GF2m_mod_sqrt_arr function.
*/
-int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
int ret = 0;
const int max = BN_num_bits(p) + 1;
- int *arr=NULL;
+ int *arr = NULL;
bn_check_top(a);
bn_check_top(p);
- if ((arr = (int *)malloc(sizeof(int) * max)) == NULL) goto err;
+ if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+ goto err;
ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max)
- {
- BNerr(BN_F_BN_GF2M_MOD_SQRT,BN_R_INVALID_LENGTH);
+ if (!ret || ret > max) {
+ BNerr(BN_F_BN_GF2M_MOD_SQRT, BN_R_INVALID_LENGTH);
goto err;
- }
+ }
ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
bn_check_top(r);
+
err:
- if (arr) free(arr);
+ if (arr)
+ free(arr);
return ret;
- }
+}
/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0.
* Uses algorithms A.4.7 and A.4.6 from IEEE P1363.
*/
-int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
+ BN_CTX *ctx)
+{
int ret = 0, count = 0, j;
BIGNUM *a, *z, *rho, *w, *w2, *tmp;
bn_check_top(a_);
- if (!p[0])
- {
+ if (!p[0]) {
/* reduction mod 1 => return 0 */
BN_zero(r);
return 1;
- }
+ }
BN_CTX_start(ctx);
a = BN_CTX_get(ctx);
z = BN_CTX_get(ctx);
w = BN_CTX_get(ctx);
- if (w == NULL) goto err;
+ if (w == NULL)
+ goto err;
- if (!BN_GF2m_mod_arr(a, a_, p)) goto err;
-
- if (BN_is_zero(a))
- {
+ if (!BN_GF2m_mod_arr(a, a_, p))
+ goto err;
+
+ if (BN_is_zero(a)) {
BN_zero(r);
ret = 1;
goto err;
- }
+ }
if (p[0] & 0x1) /* m is odd */
- {
+ {
/* compute half-trace of a */
- if (!BN_copy(z, a)) goto err;
- for (j = 1; j <= (p[0] - 1) / 2; j++)
- {
- if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
- if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
- if (!BN_GF2m_add(z, z, a)) goto err;
- }
-
+ if (!BN_copy(z, a))
+ goto err;
+ for (j = 1; j <= (p[0] - 1) / 2; j++) {
+ if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+ goto err;
+ if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+ goto err;
+ if (!BN_GF2m_add(z, z, a))
+ goto err;
}
+
+ }
else /* m is even */
- {
+ {
rho = BN_CTX_get(ctx);
w2 = BN_CTX_get(ctx);
tmp = BN_CTX_get(ctx);
- if (tmp == NULL) goto err;
- do
- {
- if (!BN_rand(rho, p[0], 0, 0)) goto err;
- if (!BN_GF2m_mod_arr(rho, rho, p)) goto err;
+ if (tmp == NULL)
+ goto err;
+ do {
+ if (!BN_rand(rho, p[0], 0, 0))
+ goto err;
+ if (!BN_GF2m_mod_arr(rho, rho, p))
+ goto err;
BN_zero(z);
- if (!BN_copy(w, rho)) goto err;
- for (j = 1; j <= p[0] - 1; j++)
- {
- if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
- if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) goto err;
- if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx)) goto err;
- if (!BN_GF2m_add(z, z, tmp)) goto err;
- if (!BN_GF2m_add(w, w2, rho)) goto err;
- }
+ if (!BN_copy(w, rho))
+ goto err;
+ for (j = 1; j <= p[0] - 1; j++) {
+ if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+ goto err;
+ if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx))
+ goto err;
+ if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx))
+ goto err;
+ if (!BN_GF2m_add(z, z, tmp))
+ goto err;
+ if (!BN_GF2m_add(w, w2, rho))
+ goto err;
+ }
count++;
- } while (BN_is_zero(w) && (count < MAX_ITERATIONS));
- if (BN_is_zero(w))
- {
- BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR,BN_R_TOO_MANY_ITERATIONS);
+ } while (BN_is_zero(w) && (count < MAX_ITERATIONS));
+ if (BN_is_zero(w)) {
+ BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR,
+ BN_R_TOO_MANY_ITERATIONS);
goto err;
- }
}
-
- if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) goto err;
- if (!BN_GF2m_add(w, z, w)) goto err;
- if (BN_GF2m_cmp(w, a))
- {
+ }
+
+ if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx))
+ goto err;
+ if (!BN_GF2m_add(w, z, w))
+ goto err;
+ if (BN_GF2m_cmp(w, a)) {
BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION);
goto err;
- }
+ }
- if (!BN_copy(r, z)) goto err;
+ if (!BN_copy(r, z))
+ goto err;
bn_check_top(r);
ret = 1;
err:
BN_CTX_end(ctx);
return ret;
- }
+}
/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0.
*
* This function calls down to the BN_GF2m_mod_solve_quad_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
+ * function is only provided for convenience; for best performance, use the
* BN_GF2m_mod_solve_quad_arr function.
*/
-int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
int ret = 0;
const int max = BN_num_bits(p) + 1;
- int *arr=NULL;
+ int *arr = NULL;
+
bn_check_top(a);
bn_check_top(p);
- if ((arr = (int *)malloc(sizeof(int) *
- max)) == NULL) goto err;
+ if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+ goto err;
ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max)
- {
- BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD,BN_R_INVALID_LENGTH);
+ if (!ret || ret > max) {
+ BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD, BN_R_INVALID_LENGTH);
goto err;
- }
+ }
ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
bn_check_top(r);
+
err:
- if (arr) free(arr);
+ if (arr)
+ free(arr);
return ret;
- }
+}
/* Convert the bit-string representation of a polynomial
- * ( \sum_{i=0}^n a_i * x^i) into an array of integers corresponding
+ * ( \sum_{i=0}^n a_i * x^i) into an array of integers corresponding
* to the bits with non-zero coefficient. Array is terminated with -1.
* Up to max elements of the array will be filled. Return value is total
* number of array elements that would be filled if array was large enough.
*/
-int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
- {
+int
+BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
+{
int i, j, k = 0;
BN_ULONG mask;
if (BN_is_zero(a))
return 0;
- for (i = a->top - 1; i >= 0; i--)
- {
+ for (i = a->top - 1; i >= 0; i--) {
if (!a->d[i])
/* skip word if a->d[i] == 0 */
continue;
mask = BN_TBIT;
- for (j = BN_BITS2 - 1; j >= 0; j--)
- {
- if (a->d[i] & mask)
- {
- if (k < max) p[k] = BN_BITS2 * i + j;
+ for (j = BN_BITS2 - 1; j >= 0; j--) {
+ if (a->d[i] & mask) {
+ if (k < max)
+ p[k] = BN_BITS2 * i + j;
k++;
- }
- mask >>= 1;
}
+ mask >>= 1;
}
+ }
if (k < max) {
p[k] = -1;
}
return k;
- }
+}
-/* Convert the coefficient array representation of a polynomial to a
+/* Convert the coefficient array representation of a polynomial to a
* bit-string. The array must be terminated by -1.
*/
-int BN_GF2m_arr2poly(const int p[], BIGNUM *a)
- {
+int
+BN_GF2m_arr2poly(const int p[], BIGNUM *a)
+{
int i;
bn_check_top(a);
BN_zero(a);
- for (i = 0; p[i] != -1; i++)
- {
+ for (i = 0; p[i] != -1; i++) {
if (BN_set_bit(a, p[i]) == 0)
return 0;
- }
+ }
bn_check_top(a);
return 1;
- }
+}
#endif
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
/* Returns -2 for errors because both -1 and 0 are valid results. */
-int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
- {
+int
+BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
int i;
int ret = -2; /* avoid 'uninitialized' warning */
int err = 0;
BIGNUM *A, *B, *tmp;
+
/* In 'tab', only odd-indexed entries are relevant:
* For any odd BIGNUM n,
* tab[BN_lsw(n) & 7]
BN_CTX_start(ctx);
A = BN_CTX_get(ctx);
B = BN_CTX_get(ctx);
- if (B == NULL) goto end;
-
+ if (B == NULL)
+ goto end;
+
err = !BN_copy(A, a);
- if (err) goto end;
+ if (err)
+ goto end;
err = !BN_copy(B, b);
- if (err) goto end;
+ if (err)
+ goto end;
/*
* Kronecker symbol, imlemented according to Henri Cohen,
/* Cohen's step 1: */
- if (BN_is_zero(B))
- {
+ if (BN_is_zero(B)) {
ret = BN_abs_is_word(A, 1);
goto end;
- }
-
+ }
+
/* Cohen's step 2: */
- if (!BN_is_odd(A) && !BN_is_odd(B))
- {
+ if (!BN_is_odd(A) && !BN_is_odd(B)) {
ret = 0;
goto end;
- }
+ }
/* now B is non-zero */
i = 0;
while (!BN_is_bit_set(B, i))
i++;
err = !BN_rshift(B, B, i);
- if (err) goto end;
- if (i & 1)
- {
+ if (err)
+ goto end;
+ if (i & 1) {
/* i is odd */
/* (thus B was even, thus A must be odd!) */
/* set 'ret' to $(-1)^{(A^2-1)/8}$ */
ret = tab[BN_lsw(A) & 7];
- }
- else
- {
+ } else {
/* i is even */
ret = 1;
- }
-
- if (B->neg)
- {
+ }
+
+ if (B->neg) {
B->neg = 0;
if (A->neg)
ret = -ret;
- }
+ }
/* now B is positive and odd, so what remains to be done is
* to compute the Jacobi symbol (A/B) and multiply it by 'ret' */
- while (1)
- {
+ while (1) {
/* Cohen's step 3: */
/* B is positive and odd */
- if (BN_is_zero(A))
- {
+ if (BN_is_zero(A)) {
ret = BN_is_one(B) ? ret : 0;
goto end;
- }
+ }
/* now A is non-zero */
i = 0;
while (!BN_is_bit_set(A, i))
i++;
err = !BN_rshift(A, A, i);
- if (err) goto end;
- if (i & 1)
- {
+ if (err)
+ goto end;
+ if (i & 1) {
/* i is odd */
/* multiply 'ret' by $(-1)^{(B^2-1)/8}$ */
ret = ret * tab[BN_lsw(B) & 7];
- }
-
+ }
+
/* Cohen's step 4: */
/* multiply 'ret' by $(-1)^{(A-1)(B-1)/4}$ */
if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
ret = -ret;
-
+
/* (A, B) := (B mod |A|, |A|) */
err = !BN_nnmod(B, B, A, ctx);
- if (err) goto end;
- tmp = A; A = B; B = tmp;
+ if (err)
+ goto end;
+ tmp = A;
+ A = B;
+ B = tmp;
tmp->neg = 0;
- }
+ }
+
end:
BN_CTX_end(ctx);
if (err)
return -2;
else
return ret;
- }
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
*
* To achieve the security goals of BN_mode_exp_mont_consttime, the
* maximum size of the window must not exceed
- * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH).
+ * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH).
*
* Window size thresholds are defined for cache line sizes of 32 and 64,
* cache line sizes where log_2(32)=5 and log_2(64)=6 respectively. A
}
#endif /* !BN_LLONG */
-void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
-void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
-void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
+ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb);
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp);
-void bn_sqr_comba8(BN_ULONG *r,const BN_ULONG *a);
-void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a);
-int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n);
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a);
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a);
+int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n);
int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl);
-void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
- int dna,int dnb,BN_ULONG *t);
-void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,
- int n,int tna,int tnb,BN_ULONG *t);
-void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
-void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
-void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
- BN_ULONG *t);
-void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
- BN_ULONG *t);
+ int cl, int dl);
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+ int dna, int dnb, BN_ULONG *t);
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+ int n, int tna, int tnb, BN_ULONG *t);
+void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t);
+void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
+void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+ BN_ULONG *t);
+void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
+ BN_ULONG *t);
BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl);
+ int cl, int dl);
BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl);
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);
+ int cl, int dl);
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num);
#ifdef __cplusplus
}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#include "cryptlib.h"
#include "bn_lcl.h"
-const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;
+const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT;
/* This stuff appears to be completely unused, so is deprecated */
#ifndef OPENSSL_NO_DEPRECATED
* 7 - 128 == 4096
* 8 - 256 == 8192
*/
-static int bn_limit_bits=0;
-static int bn_limit_num=8; /* (1<<bn_limit_bits) */
-static int bn_limit_bits_low=0;
-static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
-static int bn_limit_bits_high=0;
-static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
-static int bn_limit_bits_mont=0;
-static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
-
-void BN_set_params(int mult, int high, int low, int mont)
- {
- if (mult >= 0)
- {
- if (mult > (int)(sizeof(int)*8)-1)
- mult=sizeof(int)*8-1;
- bn_limit_bits=mult;
- bn_limit_num=1<<mult;
- }
- if (high >= 0)
- {
- if (high > (int)(sizeof(int)*8)-1)
- high=sizeof(int)*8-1;
- bn_limit_bits_high=high;
- bn_limit_num_high=1<<high;
- }
- if (low >= 0)
- {
- if (low > (int)(sizeof(int)*8)-1)
- low=sizeof(int)*8-1;
- bn_limit_bits_low=low;
- bn_limit_num_low=1<<low;
- }
- if (mont >= 0)
- {
- if (mont > (int)(sizeof(int)*8)-1)
- mont=sizeof(int)*8-1;
- bn_limit_bits_mont=mont;
- bn_limit_num_mont=1<<mont;
- }
- }
+static int bn_limit_bits = 0;
+static int bn_limit_num = 8; /* (1<<bn_limit_bits) */
+static int bn_limit_bits_low = 0;
+static int bn_limit_num_low = 8; /* (1<<bn_limit_bits_low) */
+static int bn_limit_bits_high = 0;
+static int bn_limit_num_high = 8; /* (1<<bn_limit_bits_high) */
+static int bn_limit_bits_mont = 0;
+static int bn_limit_num_mont = 8; /* (1<<bn_limit_bits_mont) */
-int BN_get_params(int which)
- {
- if (which == 0) return(bn_limit_bits);
- else if (which == 1) return(bn_limit_bits_high);
- else if (which == 2) return(bn_limit_bits_low);
- else if (which == 3) return(bn_limit_bits_mont);
- else return(0);
+void
+BN_set_params(int mult, int high, int low, int mont)
+{
+ if (mult >= 0) {
+ if (mult > (int)(sizeof(int) * 8) - 1)
+ mult = sizeof(int) * 8 - 1;
+ bn_limit_bits = mult;
+ bn_limit_num = 1 << mult;
}
+ if (high >= 0) {
+ if (high > (int)(sizeof(int) * 8) - 1)
+ high = sizeof(int) * 8 - 1;
+ bn_limit_bits_high = high;
+ bn_limit_num_high = 1 << high;
+ }
+ if (low >= 0) {
+ if (low > (int)(sizeof(int) * 8) - 1)
+ low = sizeof(int) * 8 - 1;
+ bn_limit_bits_low = low;
+ bn_limit_num_low = 1 << low;
+ }
+ if (mont >= 0) {
+ if (mont > (int)(sizeof(int) * 8) - 1)
+ mont = sizeof(int) * 8 - 1;
+ bn_limit_bits_mont = mont;
+ bn_limit_num_mont = 1 << mont;
+ }
+}
+
+int
+BN_get_params(int which)
+{
+ if (which == 0)
+ return (bn_limit_bits);
+ else if (which == 1)
+ return (bn_limit_bits_high);
+ else if (which == 2)
+ return (bn_limit_bits_low);
+ else if (which == 3)
+ return (bn_limit_bits_mont);
+ else
+ return (0);
+}
#endif
-const BIGNUM *BN_value_one(void)
- {
- static const BN_ULONG data_one=1L;
- static const BIGNUM const_one={(BN_ULONG *)&data_one,1,1,0,BN_FLG_STATIC_DATA};
+const BIGNUM *
+BN_value_one(void)
+{
+ static const BN_ULONG data_one = 1L;
+ static const BIGNUM const_one = {
+ (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA
+ };
- return(&const_one);
- }
+ return (&const_one);
+}
-int BN_num_bits_word(BN_ULONG l)
- {
- static const unsigned char bits[256]={
- 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
- 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
- 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
- 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- };
+int
+BN_num_bits_word(BN_ULONG l)
+{
+ static const unsigned char bits[256] = {
+ 0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4,
+ 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5,
+ 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
+ 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ };
#ifdef _LP64
- if (l & 0xffffffff00000000L)
- {
- if (l & 0xffff000000000000L)
- {
- if (l & 0xff00000000000000L)
- {
- return(bits[(int)(l>>56)]+56);
- }
- else return(bits[(int)(l>>48)]+48);
- }
- else
- {
- if (l & 0x0000ff0000000000L)
- {
- return(bits[(int)(l>>40)]+40);
- }
- else return(bits[(int)(l>>32)]+32);
- }
- }
- else
+ if (l & 0xffffffff00000000L) {
+ if (l & 0xffff000000000000L) {
+ if (l & 0xff00000000000000L) {
+ return (bits[(int)(l >> 56)] + 56);
+ } else
+ return (bits[(int)(l >> 48)] + 48);
+ } else {
+ if (l & 0x0000ff0000000000L) {
+ return (bits[(int)(l >> 40)] + 40);
+ } else
+ return (bits[(int)(l >> 32)] + 32);
+ }
+ } else
#endif
- {
- if (l & 0xffff0000L)
- {
+ {
+ if (l & 0xffff0000L) {
if (l & 0xff000000L)
- return(bits[(int)(l>>24L)]+24);
- else return(bits[(int)(l>>16L)]+16);
- }
- else
- {
+ return (bits[(int)(l >> 24L)] + 24);
+ else
+ return (bits[(int)(l >> 16L)] + 16);
+ } else {
if (l & 0xff00L)
- return(bits[(int)(l>>8)]+8);
- else
- return(bits[(int)(l )] );
- }
+ return (bits[(int)(l >> 8)] + 8);
+ else
+ return (bits[(int)(l)]);
}
}
+}
-int BN_num_bits(const BIGNUM *a)
- {
+int
+BN_num_bits(const BIGNUM *a)
+{
int i = a->top - 1;
+
bn_check_top(a);
- if (BN_is_zero(a)) return 0;
- return ((i*BN_BITS2) + BN_num_bits_word(a->d[i]));
- }
+ if (BN_is_zero(a))
+ return 0;
+ return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
+}
-void BN_clear_free(BIGNUM *a)
- {
+void
+BN_clear_free(BIGNUM *a)
+{
int i;
- if (a == NULL) return;
+ if (a == NULL)
+ return;
bn_check_top(a);
- if (a->d != NULL && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
- {
- OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
+ if (a->d != NULL && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) {
+ OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
free(a->d);
- }
- i=BN_get_flags(a,BN_FLG_MALLOCED);
- OPENSSL_cleanse(a,sizeof(BIGNUM));
+ }
+ i = BN_get_flags(a, BN_FLG_MALLOCED);
+ OPENSSL_cleanse(a, sizeof(BIGNUM));
if (i)
free(a);
- }
+}
void
BN_free(BIGNUM *a)
BN_clear_free(a);
}
-void BN_init(BIGNUM *a)
- {
- memset(a,0,sizeof(BIGNUM));
+void
+BN_init(BIGNUM *a)
+{
+ memset(a, 0, sizeof(BIGNUM));
bn_check_top(a);
- }
+}
-BIGNUM *BN_new(void)
- {
+BIGNUM *
+BN_new(void)
+{
BIGNUM *ret;
- if ((ret=(BIGNUM *)malloc(sizeof(BIGNUM))) == NULL)
- {
- BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- ret->flags=BN_FLG_MALLOCED;
- ret->top=0;
- ret->neg=0;
- ret->dmax=0;
- ret->d=NULL;
- bn_check_top(ret);
- return(ret);
+ if ((ret = (BIGNUM *)malloc(sizeof(BIGNUM))) == NULL) {
+ BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
}
+ ret->flags = BN_FLG_MALLOCED;
+ ret->top = 0;
+ ret->neg = 0;
+ ret->dmax = 0;
+ ret->d = NULL;
+ bn_check_top(ret);
+ return (ret);
+}
/* This is used both by bn_expand2() and bn_dup_expand() */
/* The caller MUST check that words > b->dmax before calling this */
-static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
- {
- BN_ULONG *A,*a = NULL;
+static BN_ULONG *
+bn_expand_internal(const BIGNUM *b, int words)
+{
+ BN_ULONG *A, *a = NULL;
const BN_ULONG *B;
int i;
bn_check_top(b);
- if (words > (INT_MAX/(4*BN_BITS2)))
- {
- BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
+ if (words > (INT_MAX/(4*BN_BITS2))) {
+ BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
return NULL;
- }
- if (BN_get_flags(b,BN_FLG_STATIC_DATA))
- {
- BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
- return(NULL);
- }
- a=A=(BN_ULONG *)malloc(sizeof(BN_ULONG)*words);
- if (A == NULL)
- {
- BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
+ }
+ if (BN_get_flags(b, BN_FLG_STATIC_DATA)) {
+ BNerr(BN_F_BN_EXPAND_INTERNAL,
+ BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
+ return (NULL);
+ }
+ a = A = (BN_ULONG *)malloc(sizeof(BN_ULONG)*words);
+ if (A == NULL) {
+ BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
#if 1
- B=b->d;
+ B = b->d;
/* Check if the previous number needs to be copied */
- if (B != NULL)
- {
- for (i=b->top>>2; i>0; i--,A+=4,B+=4)
- {
+ if (B != NULL) {
+ for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
/*
* The fact that the loop is unrolled
* 4-wise is a tribute to Intel. It's
*
* <appro@fy.chalmers.se>
*/
- BN_ULONG a0,a1,a2,a3;
- a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
- A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
- }
- switch (b->top&3)
- {
- case 3: A[2]=B[2];
- case 2: A[1]=B[1];
- case 1: A[0]=B[0];
- }
+ BN_ULONG a0, a1, a2, a3;
+ a0 = B[0];
+ a1 = B[1];
+ a2 = B[2];
+ a3 = B[3];
+ A[0] = a0;
+ A[1] = a1;
+ A[2] = a2;
+ A[3] = a3;
+ }
+ switch (b->top & 3) {
+ case 3:
+ A[2] = B[2];
+ case 2:
+ A[1] = B[1];
+ case 1:
+ A[0] = B[0];
}
+ }
#else
- memset(A,0,sizeof(BN_ULONG)*words);
- memcpy(A,b->d,sizeof(b->d[0])*b->top);
+ memset(A, 0, sizeof(BN_ULONG) * words);
+ memcpy(A, b->d, sizeof(b->d[0]) * b->top);
#endif
-
- return(a);
- }
+
+ return (a);
+}
/* This is an internal function that can be used instead of bn_expand2()
* when there is a need to copy BIGNUMs instead of only expanding the
*/
#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
- {
+BIGNUM *
+bn_dup_expand(const BIGNUM *b, int words)
+{
BIGNUM *r = NULL;
bn_check_top(b);
* (But bn_dup_expand() is not used anywhere yet.)
*/
- if (words > b->dmax)
- {
+ if (words > b->dmax) {
BN_ULONG *a = bn_expand_internal(b, words);
- if (a)
- {
+ if (a) {
r = BN_new();
- if (r)
- {
+ if (r) {
r->top = b->top;
r->dmax = words;
r->neg = b->neg;
r->d = a;
- }
- else
- {
+ } else {
/* r == NULL, BN_new failure */
free(a);
- }
}
+ }
/* If a == NULL, there was an error in allocation in
bn_expand_internal(), and NULL should be returned */
- }
- else
- {
+ } else {
r = BN_dup(b);
- }
+ }
bn_check_top(r);
return r;
- }
+}
#endif
/* This is an internal function that should not be used in applications.
* It is mostly used by the various BIGNUM routines. If there is an error,
* NULL is returned. If not, 'b' is returned. */
-BIGNUM *bn_expand2(BIGNUM *b, int words)
- {
+BIGNUM *
+bn_expand2(BIGNUM *b, int words)
+{
bn_check_top(b);
- if (words > b->dmax)
- {
+ if (words > b->dmax) {
BN_ULONG *a = bn_expand_internal(b, words);
- if(!a) return NULL;
- if(b->d) {
+ if (!a)
+ return NULL;
+ if (b->d) {
OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
free(b->d);
}
- b->d=a;
- b->dmax=words;
- }
+ b->d = a;
+ b->dmax = words;
+ }
/* None of this should be necessary because of what b->top means! */
#if 0
/* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */
- if (b->top < b->dmax)
- {
+ if (b->top < b->dmax) {
int i;
BN_ULONG *A = &(b->d[b->top]);
- for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
- {
- A[0]=0; A[1]=0; A[2]=0; A[3]=0;
- A[4]=0; A[5]=0; A[6]=0; A[7]=0;
- }
- for (i=(b->dmax - b->top)&7; i>0; i--,A++)
- A[0]=0;
+ for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) {
+ A[0] = 0;
+ A[1] = 0;
+ A[2] = 0;
+ A[3] = 0;
+ A[4] = 0;
+ A[5] = 0;
+ A[6] = 0;
+ A[7] = 0;
+ }
+ for (i = (b->dmax - b->top)&7; i > 0; i--, A++)
+ A[0] = 0;
assert(A == &(b->d[b->dmax]));
- }
+ }
#endif
bn_check_top(b);
return b;
- }
+}
-BIGNUM *BN_dup(const BIGNUM *a)
- {
+BIGNUM *
+BN_dup(const BIGNUM *a)
+{
BIGNUM *t;
- if (a == NULL) return NULL;
+ if (a == NULL)
+ return NULL;
bn_check_top(a);
t = BN_new();
- if (t == NULL) return NULL;
- if(!BN_copy(t, a))
- {
+ if (t == NULL)
+ return NULL;
+ if (!BN_copy(t, a)) {
BN_free(t);
return NULL;
- }
+ }
bn_check_top(t);
return t;
- }
+}
-BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
- {
+BIGNUM *
+BN_copy(BIGNUM *a, const BIGNUM *b)
+{
int i;
BN_ULONG *A;
const BN_ULONG *B;
bn_check_top(b);
- if (a == b) return(a);
- if (bn_wexpand(a,b->top) == NULL) return(NULL);
+ if (a == b)
+ return (a);
+ if (bn_wexpand(a, b->top) == NULL)
+ return (NULL);
#if 1
- A=a->d;
- B=b->d;
- for (i=b->top>>2; i>0; i--,A+=4,B+=4)
- {
- BN_ULONG a0,a1,a2,a3;
- a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
- A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
- }
- switch (b->top&3)
- {
- case 3: A[2]=B[2];
- case 2: A[1]=B[1];
- case 1: A[0]=B[0];
- }
+ A = a->d;
+ B = b->d;
+ for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
+ BN_ULONG a0, a1, a2, a3;
+ a0 = B[0];
+ a1 = B[1];
+ a2 = B[2];
+ a3 = B[3];
+ A[0] = a0;
+ A[1] = a1;
+ A[2] = a2;
+ A[3] = a3;
+ }
+ switch (b->top & 3) {
+ case 3:
+ A[2] = B[2];
+ case 2:
+ A[1] = B[1];
+ case 1:
+ A[0] = B[0];
+ }
#else
- memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
+ memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
#endif
- a->top=b->top;
- a->neg=b->neg;
+ a->top = b->top;
+ a->neg = b->neg;
bn_check_top(a);
- return(a);
- }
+ return (a);
+}
-void BN_swap(BIGNUM *a, BIGNUM *b)
- {
+void
+BN_swap(BIGNUM *a, BIGNUM *b)
+{
int flags_old_a, flags_old_b;
BN_ULONG *tmp_d;
int tmp_top, tmp_dmax, tmp_neg;
-
+
bn_check_top(a);
bn_check_top(b);
tmp_top = a->top;
tmp_dmax = a->dmax;
tmp_neg = a->neg;
-
+
a->d = b->d;
a->top = b->top;
a->dmax = b->dmax;
a->neg = b->neg;
-
+
b->d = tmp_d;
b->top = tmp_top;
b->dmax = tmp_dmax;
b->neg = tmp_neg;
-
- a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
- b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
+
+ a->flags = (flags_old_a & BN_FLG_MALLOCED) |
+ (flags_old_b & BN_FLG_STATIC_DATA);
+ b->flags = (flags_old_b & BN_FLG_MALLOCED) |
+ (flags_old_a & BN_FLG_STATIC_DATA);
bn_check_top(a);
bn_check_top(b);
- }
+}
-void BN_clear(BIGNUM *a)
- {
+void
+BN_clear(BIGNUM *a)
+{
bn_check_top(a);
if (a->d != NULL)
- memset(a->d,0,a->dmax*sizeof(a->d[0]));
- a->top=0;
- a->neg=0;
- }
+ memset(a->d, 0, a->dmax * sizeof(a->d[0]));
+ a->top = 0;
+ a->neg = 0;
+}
-BN_ULONG BN_get_word(const BIGNUM *a)
- {
+BN_ULONG
+BN_get_word(const BIGNUM *a)
+{
if (a->top > 1)
return BN_MASK2;
else if (a->top == 1)
return a->d[0];
/* a->top == 0 */
return 0;
- }
+}
-int BN_set_word(BIGNUM *a, BN_ULONG w)
- {
+int
+BN_set_word(BIGNUM *a, BN_ULONG w)
+{
bn_check_top(a);
- if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0);
+ if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL)
+ return (0);
a->neg = 0;
a->d[0] = w;
a->top = (w ? 1 : 0);
bn_check_top(a);
- return(1);
- }
+ return (1);
+}
-BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
- {
- unsigned int i,m;
+BIGNUM *
+BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
+{
+ unsigned int i, m;
unsigned int n;
BN_ULONG l;
- BIGNUM *bn = NULL;
+ BIGNUM *bn = NULL;
if (ret == NULL)
ret = bn = BN_new();
- if (ret == NULL) return(NULL);
+ if (ret == NULL)
+ return (NULL);
bn_check_top(ret);
- l=0;
- n=len;
- if (n == 0)
- {
- ret->top=0;
- return(ret);
- }
- i=((n-1)/BN_BYTES)+1;
- m=((n-1)%(BN_BYTES));
- if (bn_wexpand(ret, (int)i) == NULL)
- {
- if (bn) BN_free(bn);
+ l = 0;
+ n = len;
+ if (n == 0) {
+ ret->top = 0;
+ return (ret);
+ }
+ i = ((n - 1) / BN_BYTES) + 1;
+ m = ((n - 1) % (BN_BYTES));
+ if (bn_wexpand(ret, (int)i) == NULL) {
+ if (bn)
+ BN_free(bn);
return NULL;
+ }
+ ret->top = i;
+ ret->neg = 0;
+ while (n--) {
+ l = (l << 8L) | *(s++);
+ if (m-- == 0) {
+ ret->d[--i] = l;
+ l = 0;
+ m = BN_BYTES - 1;
}
- ret->top=i;
- ret->neg=0;
- while (n--)
- {
- l=(l<<8L)| *(s++);
- if (m-- == 0)
- {
- ret->d[--i]=l;
- l=0;
- m=BN_BYTES-1;
- }
- }
+ }
/* need to call this due to clear byte at top if avoiding
* having the top bit set (-ve number) */
bn_correct_top(ret);
- return(ret);
- }
+ return (ret);
+}
/* ignore negative */
-int BN_bn2bin(const BIGNUM *a, unsigned char *to)
- {
- int n,i;
+int
+BN_bn2bin(const BIGNUM *a, unsigned char *to)
+{
+ int n, i;
BN_ULONG l;
bn_check_top(a);
- n=i=BN_num_bytes(a);
- while (i--)
- {
- l=a->d[i/BN_BYTES];
- *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
- }
- return(n);
+ n = i=BN_num_bytes(a);
+ while (i--) {
+ l = a->d[i / BN_BYTES];
+ *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
}
+ return (n);
+}
-int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
- {
+int
+BN_ucmp(const BIGNUM *a, const BIGNUM *b)
+{
int i;
- BN_ULONG t1,t2,*ap,*bp;
+ BN_ULONG t1, t2, *ap, *bp;
bn_check_top(a);
bn_check_top(b);
- i=a->top-b->top;
- if (i != 0) return(i);
- ap=a->d;
- bp=b->d;
- for (i=a->top-1; i>=0; i--)
- {
- t1= ap[i];
- t2= bp[i];
+ i = a->top - b->top;
+ if (i != 0)
+ return (i);
+ ap = a->d;
+ bp = b->d;
+ for (i = a->top - 1; i >= 0; i--) {
+ t1 = ap[i];
+ t2 = bp[i];
if (t1 != t2)
- return((t1 > t2) ? 1 : -1);
- }
- return(0);
+ return ((t1 > t2) ? 1 : -1);
}
+ return (0);
+}
-int BN_cmp(const BIGNUM *a, const BIGNUM *b)
- {
+int
+BN_cmp(const BIGNUM *a, const BIGNUM *b)
+{
int i;
- int gt,lt;
- BN_ULONG t1,t2;
+ int gt, lt;
+ BN_ULONG t1, t2;
- if ((a == NULL) || (b == NULL))
- {
+ if ((a == NULL) || (b == NULL)) {
if (a != NULL)
- return(-1);
+ return (-1);
else if (b != NULL)
- return(1);
+ return (1);
else
- return(0);
- }
+ return (0);
+ }
bn_check_top(a);
bn_check_top(b);
- if (a->neg != b->neg)
- {
+ if (a->neg != b->neg) {
if (a->neg)
- return(-1);
- else return(1);
- }
- if (a->neg == 0)
- { gt=1; lt= -1; }
- else { gt= -1; lt=1; }
-
- if (a->top > b->top) return(gt);
- if (a->top < b->top) return(lt);
- for (i=a->top-1; i>=0; i--)
- {
- t1=a->d[i];
- t2=b->d[i];
- if (t1 > t2) return(gt);
- if (t1 < t2) return(lt);
- }
- return(0);
+ return (-1);
+ else
+ return (1);
+ }
+ if (a->neg == 0) {
+ gt = 1;
+ lt = -1;
+ } else {
+ gt = -1;
+ lt = 1;
}
-int BN_set_bit(BIGNUM *a, int n)
- {
- int i,j,k;
+ if (a->top > b->top)
+ return (gt);
+ if (a->top < b->top)
+ return (lt);
+ for (i = a->top - 1; i >= 0; i--) {
+ t1 = a->d[i];
+ t2 = b->d[i];
+ if (t1 > t2)
+ return (gt);
+ if (t1 < t2)
+ return (lt);
+ }
+ return (0);
+}
+
+int
+BN_set_bit(BIGNUM *a, int n)
+{
+ int i, j, k;
if (n < 0)
return 0;
- i=n/BN_BITS2;
- j=n%BN_BITS2;
- if (a->top <= i)
- {
- if (bn_wexpand(a,i+1) == NULL) return(0);
- for(k=a->top; k<i+1; k++)
- a->d[k]=0;
- a->top=i+1;
- }
+ i = n / BN_BITS2;
+ j = n % BN_BITS2;
+ if (a->top <= i) {
+ if (bn_wexpand(a, i + 1) == NULL)
+ return (0);
+ for (k = a->top; k < i + 1; k++)
+ a->d[k] = 0;
+ a->top = i + 1;
+ }
- a->d[i]|=(((BN_ULONG)1)<<j);
+ a->d[i] |= (((BN_ULONG)1) << j);
bn_check_top(a);
- return(1);
- }
+ return (1);
+}
-int BN_clear_bit(BIGNUM *a, int n)
- {
- int i,j;
+int
+BN_clear_bit(BIGNUM *a, int n)
+{
+ int i, j;
bn_check_top(a);
- if (n < 0) return 0;
+ if (n < 0)
+ return 0;
- i=n/BN_BITS2;
- j=n%BN_BITS2;
- if (a->top <= i) return(0);
+ i = n / BN_BITS2;
+ j = n % BN_BITS2;
+ if (a->top <= i)
+ return (0);
- a->d[i]&=(~(((BN_ULONG)1)<<j));
+ a->d[i] &= (~(((BN_ULONG)1) << j));
bn_correct_top(a);
- return(1);
- }
+ return (1);
+}
-int BN_is_bit_set(const BIGNUM *a, int n)
- {
- int i,j;
+int
+BN_is_bit_set(const BIGNUM *a, int n)
+{
+ int i, j;
bn_check_top(a);
- if (n < 0) return 0;
- i=n/BN_BITS2;
- j=n%BN_BITS2;
- if (a->top <= i) return 0;
- return (int)(((a->d[i])>>j)&((BN_ULONG)1));
- }
+ if (n < 0)
+ return 0;
+ i = n / BN_BITS2;
+ j = n % BN_BITS2;
+ if (a->top <= i)
+ return 0;
+ return (int)(((a->d[i]) >> j) & ((BN_ULONG)1));
+}
-int BN_mask_bits(BIGNUM *a, int n)
- {
- int b,w;
+int
+BN_mask_bits(BIGNUM *a, int n)
+{
+ int b, w;
bn_check_top(a);
- if (n < 0) return 0;
+ if (n < 0)
+ return 0;
- w=n/BN_BITS2;
- b=n%BN_BITS2;
- if (w >= a->top) return 0;
+ w = n / BN_BITS2;
+ b = n % BN_BITS2;
+ if (w >= a->top)
+ return 0;
if (b == 0)
- a->top=w;
- else
- {
- a->top=w+1;
- a->d[w]&= ~(BN_MASK2<<b);
- }
- bn_correct_top(a);
- return(1);
+ a->top = w;
+ else {
+ a->top = w + 1;
+ a->d[w] &= ~(BN_MASK2 << b);
}
+ bn_correct_top(a);
+ return (1);
+}
-void BN_set_negative(BIGNUM *a, int b)
- {
+void
+BN_set_negative(BIGNUM *a, int b)
+{
if (b && !BN_is_zero(a))
a->neg = 1;
else
a->neg = 0;
- }
+}
-int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
- {
+int
+bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
+{
int i;
- BN_ULONG aa,bb;
-
- aa=a[n-1];
- bb=b[n-1];
- if (aa != bb) return((aa > bb)?1:-1);
- for (i=n-2; i>=0; i--)
- {
- aa=a[i];
- bb=b[i];
- if (aa != bb) return((aa > bb)?1:-1);
- }
- return(0);
+ BN_ULONG aa, bb;
+
+ aa = a[n - 1];
+ bb = b[n - 1];
+ if (aa != bb)
+ return ((aa > bb) ? 1 : -1);
+ for (i = n - 2; i >= 0; i--) {
+ aa = a[i];
+ bb = b[i];
+ if (aa != bb)
+ return ((aa > bb) ? 1 : -1);
}
+ return (0);
+}
/* Here follows a specialised variants of bn_cmp_words(). It has the
property of performing the operation on arrays of different sizes.
delta between the two lengths, calculated as len(a)-len(b).
All lengths are the number of BN_ULONGs... */
-int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl)
- {
- int n,i;
- n = cl-1;
-
- if (dl < 0)
- {
- for (i=dl; i<0; i++)
- {
- if (b[n-i] != 0)
+int
+bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl)
+{
+ int n, i;
+
+ n = cl - 1;
+
+ if (dl < 0) {
+ for (i = dl; i < 0; i++) {
+ if (b[n - i] != 0)
return -1; /* a < b */
- }
}
- if (dl > 0)
- {
- for (i=dl; i>0; i--)
- {
- if (a[n+i] != 0)
+ }
+ if (dl > 0) {
+ for (i = dl; i > 0; i--) {
+ if (a[n + i] != 0)
return 1; /* a > b */
- }
}
- return bn_cmp_words(a,b,cl);
}
+ return bn_cmp_words(a, b, cl);
+}
-/*
- * Constant-time conditional swap of a and b.
+/*
+ * Constant-time conditional swap of a and b.
* a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
* nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
* and that no more than nwords are used by either a or b.
* a and b cannot be the same number
*/
-void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
- {
+void
+BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+{
BN_ULONG t;
int i;
switch (nwords) {
default:
- for (i = 10; i < nwords; i++)
+ for (i = 10; i < nwords; i++)
BN_CONSTTIME_SWAP(i);
/* Fallthrough */
case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
- case 1: BN_CONSTTIME_SWAP(0);
+ case 1:
+ BN_CONSTTIME_SWAP(0);
}
#undef BN_CONSTTIME_SWAP
}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#include "cryptlib.h"
#include "bn_lcl.h"
-
-int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
- {
+int
+BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+{
/* like BN_mod, but returns non-negative remainder
* (i.e., 0 <= r < |d| always holds) */
- if (!(BN_mod(r,m,d,ctx)))
+ if (!(BN_mod(r, m,d, ctx)))
return 0;
if (!r->neg)
return 1;
return (d->neg ? BN_sub : BN_add)(r, r, d);
}
-
-int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
- {
- if (!BN_add(r, a, b)) return 0;
+int
+BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx)
+{
+ if (!BN_add(r, a, b))
+ return 0;
return BN_nnmod(r, r, m, ctx);
- }
-
+}
/* BN_mod_add variant that may be used if both a and b are non-negative
* and less than m */
-int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
- {
- if (!BN_uadd(r, a, b)) return 0;
+int
+BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
+{
+ if (!BN_uadd(r, a, b))
+ return 0;
if (BN_ucmp(r, m) >= 0)
return BN_usub(r, r, m);
return 1;
- }
-
+}
-int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
- {
- if (!BN_sub(r, a, b)) return 0;
+int
+BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx)
+{
+ if (!BN_sub(r, a, b))
+ return 0;
return BN_nnmod(r, r, m, ctx);
- }
-
+}
/* BN_mod_sub variant that may be used if both a and b are non-negative
* and less than m */
-int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
- {
- if (!BN_sub(r, a, b)) return 0;
+int
+BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
+{
+ if (!BN_sub(r, a, b))
+ return 0;
if (r->neg)
return BN_add(r, r, m);
return 1;
- }
-
+}
/* slow but works */
-int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
- BN_CTX *ctx)
- {
+int
+BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx)
+{
BIGNUM *t;
- int ret=0;
+ int ret = 0;
bn_check_top(a);
bn_check_top(b);
bn_check_top(m);
BN_CTX_start(ctx);
- if ((t = BN_CTX_get(ctx)) == NULL) goto err;
- if (a == b)
- { if (!BN_sqr(t,a,ctx)) goto err; }
- else
- { if (!BN_mul(t,a,b,ctx)) goto err; }
- if (!BN_nnmod(r,t,m,ctx)) goto err;
+ if ((t = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ if (a == b) {
+ if (!BN_sqr(t, a, ctx))
+ goto err;
+ } else {
+ if (!BN_mul(t, a,b, ctx))
+ goto err;
+ }
+ if (!BN_nnmod(r, t,m, ctx))
+ goto err;
bn_check_top(r);
- ret=1;
+ ret = 1;
+
err:
BN_CTX_end(ctx);
- return(ret);
- }
-
+ return (ret);
+}
-int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
- {
- if (!BN_sqr(r, a, ctx)) return 0;
+int
+BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+{
+ if (!BN_sqr(r, a, ctx))
+ return 0;
/* r->neg == 0, thus we don't need BN_nnmod */
return BN_mod(r, r, m, ctx);
- }
-
+}
-int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
- {
- if (!BN_lshift1(r, a)) return 0;
+int
+BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+{
+ if (!BN_lshift1(r, a))
+ return 0;
bn_check_top(r);
return BN_nnmod(r, r, m, ctx);
- }
-
+}
/* BN_mod_lshift1 variant that may be used if a is non-negative
* and less than m */
-int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
- {
- if (!BN_lshift1(r, a)) return 0;
+int
+BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
+{
+ if (!BN_lshift1(r, a))
+ return 0;
bn_check_top(r);
if (BN_cmp(r, m) >= 0)
return BN_sub(r, r, m);
return 1;
- }
-
+}
-int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx)
- {
+int
+BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx)
+{
BIGNUM *abs_m = NULL;
int ret;
- if (!BN_nnmod(r, a, m, ctx)) return 0;
+ if (!BN_nnmod(r, a, m, ctx))
+ return 0;
- if (m->neg)
- {
+ if (m->neg) {
abs_m = BN_dup(m);
- if (abs_m == NULL) return 0;
+ if (abs_m == NULL)
+ return 0;
abs_m->neg = 0;
- }
-
+ }
+
ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
bn_check_top(r);
if (abs_m)
BN_free(abs_m);
return ret;
- }
-
+}
/* BN_mod_lshift variant that may be used if a is non-negative
* and less than m */
-int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
- {
- if (r != a)
- {
- if (BN_copy(r, a) == NULL) return 0;
- }
+int
+BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
+{
+ if (r != a) {
+ if (BN_copy(r, a) == NULL)
+ return 0;
+ }
- while (n > 0)
- {
+ while (n > 0) {
int max_shift;
-
+
/* 0 < r < m */
max_shift = BN_num_bits(m) - BN_num_bits(r);
/* max_shift >= 0 */
- if (max_shift < 0)
- {
+ if (max_shift < 0) {
BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
return 0;
- }
+ }
if (max_shift > n)
max_shift = n;
- if (max_shift)
- {
- if (!BN_lshift(r, r, max_shift)) return 0;
+ if (max_shift) {
+ if (!BN_lshift(r, r, max_shift))
+ return 0;
n -= max_shift;
- }
- else
- {
- if (!BN_lshift1(r, r)) return 0;
+ } else {
+ if (!BN_lshift1(r, r))
+ return 0;
--n;
- }
+ }
/* BN_num_bits(r) <= BN_num_bits(m) */
- if (BN_cmp(r, m) >= 0)
- {
- if (!BN_sub(r, r, m)) return 0;
- }
+ if (BN_cmp(r, m) >= 0) {
+ if (!BN_sub(r, r, m))
+ return 0;
}
+ }
bn_check_top(r);
-
+
return 1;
- }
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
#endif
-int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- BN_MONT_CTX *mont, BN_CTX *ctx)
- {
+int
+BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ BN_MONT_CTX *mont, BN_CTX *ctx)
+{
BIGNUM *tmp;
- int ret=0;
+ int ret = 0;
#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
int num = mont->N.top;
- if (num>1 && a->top==num && b->top==num)
- {
- if (bn_wexpand(r,num) == NULL) return(0);
- if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num))
- {
+ if (num > 1 && a->top == num && b->top == num) {
+ if (bn_wexpand(r, num) == NULL)
+ return (0);
+ if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
r->neg = a->neg^b->neg;
r->top = num;
bn_correct_top(r);
- return(1);
- }
+ return (1);
}
+ }
#endif
BN_CTX_start(ctx);
tmp = BN_CTX_get(ctx);
- if (tmp == NULL) goto err;
+ if (tmp == NULL)
+ goto err;
bn_check_top(tmp);
- if (a == b)
- {
- if (!BN_sqr(tmp,a,ctx)) goto err;
- }
- else
- {
- if (!BN_mul(tmp,a,b,ctx)) goto err;
- }
+ if (a == b) {
+ if (!BN_sqr(tmp, a, ctx))
+ goto err;
+ } else {
+ if (!BN_mul(tmp, a,b, ctx))
+ goto err;
+ }
/* reduce from aRR to aR */
#ifdef MONT_WORD
- if (!BN_from_montgomery_word(r,tmp,mont)) goto err;
+ if (!BN_from_montgomery_word(r, tmp, mont))
+ goto err;
#else
- if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
+ if (!BN_from_montgomery(r, tmp, mont, ctx))
+ goto err;
#endif
bn_check_top(r);
- ret=1;
+ ret = 1;
err:
BN_CTX_end(ctx);
- return(ret);
- }
+ return (ret);
+}
#ifdef MONT_WORD
-static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
- {
+static int
+BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
+{
BIGNUM *n;
- BN_ULONG *ap,*np,*rp,n0,v,carry;
- int nl,max,i;
-
- n= &(mont->N);
- nl=n->top;
- if (nl == 0) { ret->top=0; return(1); }
+ BN_ULONG *ap, *np, *rp, n0, v, carry;
+ int nl, max, i;
+
+ n = &(mont->N);
+ nl = n->top;
+ if (nl == 0) {
+ ret->top = 0;
+ return (1);
+ }
- max=(2*nl); /* carry is stored separately */
- if (bn_wexpand(r,max) == NULL) return(0);
+ max = (2 * nl); /* carry is stored separately */
+ if (bn_wexpand(r, max) == NULL)
+ return (0);
- r->neg^=n->neg;
- np=n->d;
- rp=r->d;
+ r->neg ^= n->neg;
+ np = n->d;
+ rp = r->d;
/* clear the top words of T */
#if 1
for (i=r->top; i<max; i++) /* memset? XXX */
- rp[i]=0;
+ rp[i] = 0;
#else
- memset(&(rp[r->top]),0,(max-r->top)*sizeof(BN_ULONG));
+ memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG));
#endif
- r->top=max;
- n0=mont->n0[0];
+ r->top = max;
+ n0 = mont->n0[0];
#ifdef BN_COUNT
- fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl);
+ fprintf(stderr, "word BN_from_montgomery_word %d * %d\n", nl, nl);
#endif
- for (carry=0, i=0; i<nl; i++, rp++)
- {
- v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
- v = (v+carry+rp[nl])&BN_MASK2;
+ for (carry = 0, i = 0; i < nl; i++, rp++) {
+ v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2);
+ v = (v + carry + rp[nl]) & BN_MASK2;
carry |= (v != rp[nl]);
carry &= (v <= rp[nl]);
- rp[nl]=v;
- }
+ rp[nl] = v;
+ }
- if (bn_wexpand(ret,nl) == NULL) return(0);
- ret->top=nl;
- ret->neg=r->neg;
+ if (bn_wexpand(ret, nl) == NULL)
+ return (0);
+ ret->top = nl;
+ ret->neg = r->neg;
- rp=ret->d;
- ap=&(r->d[nl]);
+ rp = ret->d;
+ ap = &(r->d[nl]);
#define BRANCH_FREE 1
#if BRANCH_FREE
{
- BN_ULONG *nrp;
- size_t m;
-
- v=bn_sub_words(rp,ap,np,nl)-carry;
- /* if subtraction result is real, then
- * trick unconditional memcpy below to perform in-place
- * "refresh" instead of actual copy. */
- m=(0-(size_t)v);
- nrp=(BN_ULONG *)(((uintptr_t)rp&~m)|((uintptr_t)ap&m));
-
- for (i=0,nl-=4; i<nl; i+=4)
- {
- BN_ULONG t1,t2,t3,t4;
-
- t1=nrp[i+0];
- t2=nrp[i+1];
- t3=nrp[i+2]; ap[i+0]=0;
- t4=nrp[i+3]; ap[i+1]=0;
- rp[i+0]=t1; ap[i+2]=0;
- rp[i+1]=t2; ap[i+3]=0;
- rp[i+2]=t3;
- rp[i+3]=t4;
+ BN_ULONG *nrp;
+ size_t m;
+
+ v = bn_sub_words(rp, ap, np, nl) - carry;
+ /* if subtraction result is real, then
+ * trick unconditional memcpy below to perform in-place
+ * "refresh" instead of actual copy. */
+ m = (0 - (size_t)v);
+ nrp = (BN_ULONG *)(((uintptr_t)rp & ~m)|((uintptr_t)ap & m));
+
+ for (i = 0, nl -= 4; i < nl; i += 4) {
+ BN_ULONG t1, t2, t3, t4;
+
+ t1 = nrp[i + 0];
+ t2 = nrp[i + 1];
+ t3 = nrp[i + 2];
+ ap[i + 0] = 0;
+ t4 = nrp[i + 3];
+ ap[i + 1] = 0;
+ rp[i + 0] = t1;
+ ap[i + 2] = 0;
+ rp[i + 1] = t2;
+ ap[i + 3] = 0;
+ rp[i + 2] = t3;
+ rp[i + 3] = t4;
}
- for (nl+=4; i<nl; i++)
- rp[i]=nrp[i], ap[i]=0;
+ for (nl += 4; i < nl; i++)
+ rp[i] = nrp[i], ap[i] = 0;
}
#else
- if (bn_sub_words (rp,ap,np,nl)-carry)
- memcpy(rp,ap,nl*sizeof(BN_ULONG));
+ if (bn_sub_words (rp, ap, np, nl) - carry)
+ memcpy(rp, ap, nl*sizeof(BN_ULONG));
#endif
bn_correct_top(r);
bn_correct_top(ret);
bn_check_top(ret);
- return(1);
- }
+ return (1);
+}
#endif /* MONT_WORD */
-int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
- BN_CTX *ctx)
- {
- int retn=0;
+int
+BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx)
+{
+ int retn = 0;
#ifdef MONT_WORD
BIGNUM *t;
BN_CTX_start(ctx);
- if ((t = BN_CTX_get(ctx)) && BN_copy(t,a))
- retn = BN_from_montgomery_word(ret,t,mont);
+ if ((t = BN_CTX_get(ctx)) && BN_copy(t, a))
+ retn = BN_from_montgomery_word(ret, t, mont);
BN_CTX_end(ctx);
#else /* !MONT_WORD */
- BIGNUM *t1,*t2;
+ BIGNUM *t1, *t2;
BN_CTX_start(ctx);
t1 = BN_CTX_get(ctx);
t2 = BN_CTX_get(ctx);
- if (t1 == NULL || t2 == NULL) goto err;
-
- if (!BN_copy(t1,a)) goto err;
- BN_mask_bits(t1,mont->ri);
-
- if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err;
- BN_mask_bits(t2,mont->ri);
-
- if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
- if (!BN_add(t2,a,t1)) goto err;
- if (!BN_rshift(ret,t2,mont->ri)) goto err;
-
- if (BN_ucmp(ret, &(mont->N)) >= 0)
- {
- if (!BN_usub(ret,ret,&(mont->N))) goto err;
- }
- retn=1;
+ if (t1 == NULL || t2 == NULL)
+ goto err;
+
+ if (!BN_copy(t1, a))
+ goto err;
+ BN_mask_bits(t1, mont->ri);
+
+ if (!BN_mul(t2, t1, &mont->Ni, ctx))
+ goto err;
+ BN_mask_bits(t2, mont->ri);
+
+ if (!BN_mul(t1, t2, &mont->N, ctx))
+ goto err;
+ if (!BN_add(t2, a, t1))
+ goto err;
+ if (!BN_rshift(ret, t2, mont->ri))
+ goto err;
+
+ if (BN_ucmp(ret, &(mont->N)) >= 0) {
+ if (!BN_usub(ret, ret, &(mont->N)))
+ goto err;
+ }
+ retn = 1;
bn_check_top(ret);
- err:
+
+err:
BN_CTX_end(ctx);
#endif /* MONT_WORD */
- return(retn);
- }
+ return (retn);
+}
-BN_MONT_CTX *BN_MONT_CTX_new(void)
- {
+BN_MONT_CTX *
+BN_MONT_CTX_new(void)
+{
BN_MONT_CTX *ret;
- if ((ret=(BN_MONT_CTX *)malloc(sizeof(BN_MONT_CTX))) == NULL)
- return(NULL);
+ if ((ret = (BN_MONT_CTX *)malloc(sizeof(BN_MONT_CTX))) == NULL)
+ return (NULL);
BN_MONT_CTX_init(ret);
- ret->flags=BN_FLG_MALLOCED;
- return(ret);
- }
-
-void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
- {
- ctx->ri=0;
+ ret->flags = BN_FLG_MALLOCED;
+ return (ret);
+}
+
+void
+BN_MONT_CTX_init(BN_MONT_CTX *ctx)
+{
+ ctx->ri = 0;
BN_init(&(ctx->RR));
BN_init(&(ctx->N));
BN_init(&(ctx->Ni));
ctx->n0[0] = ctx->n0[1] = 0;
- ctx->flags=0;
- }
+ ctx->flags = 0;
+}
-void BN_MONT_CTX_free(BN_MONT_CTX *mont)
- {
- if(mont == NULL)
- return;
+void
+BN_MONT_CTX_free(BN_MONT_CTX *mont)
+{
+ if (mont == NULL)
+ return;
BN_clear_free(&(mont->RR));
BN_clear_free(&(mont->N));
BN_clear_free(&(mont->Ni));
if (mont->flags & BN_FLG_MALLOCED)
free(mont);
- }
+}
-int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
- {
+int
+BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
+{
int ret = 0;
- BIGNUM *Ri,*R;
+ BIGNUM *Ri, *R;
BN_CTX_start(ctx);
- if((Ri = BN_CTX_get(ctx)) == NULL) goto err;
- R= &(mont->RR); /* grab RR as a temp */
- if (!BN_copy(&(mont->N),mod)) goto err; /* Set N */
+ if ((Ri = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ R = &(mont->RR); /* grab RR as a temp */
+ if (!BN_copy(&(mont->N), mod))
+ goto err; /* Set N */
mont->N.neg = 0;
#ifdef MONT_WORD
- {
+ {
BIGNUM tmod;
BN_ULONG buf[2];
BN_init(&tmod);
- tmod.d=buf;
- tmod.dmax=2;
- tmod.neg=0;
+ tmod.d = buf;
+ tmod.dmax = 2;
+ tmod.neg = 0;
- mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
+ mont->ri = (BN_num_bits(mod) +
+ (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
/* Only certain BN_BITS2<=32 platforms actually make use of
* files do know which is which. */
BN_zero(R);
- if (!(BN_set_bit(R,2*BN_BITS2))) goto err;
+ if (!(BN_set_bit(R, 2 * BN_BITS2)))
+ goto err;
- tmod.top=0;
- if ((buf[0] = mod->d[0])) tmod.top=1;
- if ((buf[1] = mod->top>1 ? mod->d[1] : 0)) tmod.top=2;
+ tmod.top = 0;
+ if ((buf[0] = mod->d[0]))
+ tmod.top = 1;
+ if ((buf[1] = mod->top > 1 ? mod->d[1] : 0))
+ tmod.top = 2;
- if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
+ if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
goto err;
- if (!BN_lshift(Ri,Ri,2*BN_BITS2)) goto err; /* R*Ri */
- if (!BN_is_zero(Ri))
- {
- if (!BN_sub_word(Ri,1)) goto err;
- }
+ if (!BN_lshift(Ri, Ri, 2 * BN_BITS2))
+ goto err; /* R*Ri */
+ if (!BN_is_zero(Ri)) {
+ if (!BN_sub_word(Ri, 1))
+ goto err;
+ }
else /* if N mod word size == 1 */
- {
- if (bn_expand(Ri,(int)sizeof(BN_ULONG)*2) == NULL)
+ {
+ if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL)
goto err;
/* Ri-- (mod double word size) */
- Ri->neg=0;
- Ri->d[0]=BN_MASK2;
- Ri->d[1]=BN_MASK2;
- Ri->top=2;
- }
- if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
+ Ri->neg = 0;
+ Ri->d[0] = BN_MASK2;
+ Ri->d[1] = BN_MASK2;
+ Ri->top = 2;
+ }
+ if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
+ goto err;
/* Ni = (R*Ri-1)/N,
* keep only couple of least significant words: */
mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
#else
BN_zero(R);
- if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */
+ if (!(BN_set_bit(R, BN_BITS2)))
+ goto err; /* R */
- buf[0]=mod->d[0]; /* tmod = N mod word size */
- buf[1]=0;
+ buf[0] = mod->d[0]; /* tmod = N mod word size */
+ buf[1] = 0;
tmod.top = buf[0] != 0 ? 1 : 0;
- /* Ri = R^-1 mod N*/
- if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
+ /* Ri = R^-1 mod N*/
+ if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
goto err;
- if (!BN_lshift(Ri,Ri,BN_BITS2)) goto err; /* R*Ri */
- if (!BN_is_zero(Ri))
- {
- if (!BN_sub_word(Ri,1)) goto err;
- }
+ if (!BN_lshift(Ri, Ri, BN_BITS2))
+ goto err; /* R*Ri */
+ if (!BN_is_zero(Ri)) {
+ if (!BN_sub_word(Ri, 1))
+ goto err;
+ }
else /* if N mod word size == 1 */
- {
- if (!BN_set_word(Ri,BN_MASK2)) goto err; /* Ri-- (mod word size) */
- }
- if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
+ {
+ if (!BN_set_word(Ri, BN_MASK2))
+ goto err; /* Ri-- (mod word size) */
+ }
+ if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
+ goto err;
/* Ni = (R*Ri-1)/N,
* keep only least significant word: */
mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
mont->n0[1] = 0;
#endif
- }
+ }
#else /* !MONT_WORD */
- { /* bignum version */
- mont->ri=BN_num_bits(&mont->N);
+ { /* bignum version */
+ mont->ri = BN_num_bits(&mont->N);
BN_zero(R);
- if (!BN_set_bit(R,mont->ri)) goto err; /* R = 2^ri */
- /* Ri = R^-1 mod N*/
- if ((BN_mod_inverse(Ri,R,&mont->N,ctx)) == NULL)
+ if (!BN_set_bit(R, mont->ri))
+ goto err; /* R = 2^ri */
+ /* Ri = R^-1 mod N*/
+ if ((BN_mod_inverse(Ri, R, &mont->N, ctx)) == NULL)
goto err;
- if (!BN_lshift(Ri,Ri,mont->ri)) goto err; /* R*Ri */
- if (!BN_sub_word(Ri,1)) goto err;
- /* Ni = (R*Ri-1) / N */
- if (!BN_div(&(mont->Ni),NULL,Ri,&mont->N,ctx)) goto err;
- }
+ if (!BN_lshift(Ri, Ri, mont->ri))
+ goto err; /* R*Ri */
+ if (!BN_sub_word(Ri, 1))
+ goto err;
+ /* Ni = (R*Ri-1) / N */
+ if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx))
+ goto err;
+ }
#endif
/* setup RR for conversions */
BN_zero(&(mont->RR));
- if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err;
- if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err;
+ if (!BN_set_bit(&(mont->RR), mont->ri*2))
+ goto err;
+ if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
+ goto err;
ret = 1;
+
err:
BN_CTX_end(ctx);
return ret;
- }
-
-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
- {
- if (to == from) return(to);
-
- if (!BN_copy(&(to->RR),&(from->RR))) return NULL;
- if (!BN_copy(&(to->N),&(from->N))) return NULL;
- if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL;
- to->ri=from->ri;
- to->n0[0]=from->n0[0];
- to->n0[1]=from->n0[1];
- return(to);
- }
-
-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
- const BIGNUM *mod, BN_CTX *ctx)
- {
+}
+
+BN_MONT_CTX *
+BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
+{
+ if (to == from)
+ return (to);
+
+ if (!BN_copy(&(to->RR), &(from->RR)))
+ return NULL;
+ if (!BN_copy(&(to->N), &(from->N)))
+ return NULL;
+ if (!BN_copy(&(to->Ni), &(from->Ni)))
+ return NULL;
+ to->ri = from->ri;
+ to->n0[0] = from->n0[0];
+ to->n0[1] = from->n0[1];
+ return (to);
+}
+
+BN_MONT_CTX *
+BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, const BIGNUM *mod,
+ BN_CTX *ctx)
+{
int got_write_lock = 0;
BN_MONT_CTX *ret;
CRYPTO_r_lock(lock);
- if (!*pmont)
- {
+ if (!*pmont) {
CRYPTO_r_unlock(lock);
CRYPTO_w_lock(lock);
got_write_lock = 1;
- if (!*pmont)
- {
+ if (!*pmont) {
ret = BN_MONT_CTX_new();
if (ret && !BN_MONT_CTX_set(ret, mod, ctx))
BN_MONT_CTX_free(ret);
else
*pmont = ret;
- }
}
-
+ }
+
ret = *pmont;
-
+
if (got_write_lock)
CRYPTO_w_unlock(lock);
else
CRYPTO_r_unlock(lock);
-
+
return ret;
- }
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#include "cryptlib.h"
#include "bn_lcl.h"
-int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
- {
+int
+BN_bn2mpi(const BIGNUM *a, unsigned char *d)
+{
int bits;
- int num=0;
- int ext=0;
+ int num = 0;
+ int ext = 0;
long l;
- bits=BN_num_bits(a);
- num=(bits+7)/8;
- if (bits > 0)
- {
- ext=((bits & 0x07) == 0);
- }
+ bits = BN_num_bits(a);
+ num = (bits + 7) / 8;
+ if (bits > 0) {
+ ext = ((bits & 0x07) == 0);
+ }
if (d == NULL)
- return(num+4+ext);
+ return (num + 4 + ext);
- l=num+ext;
- d[0]=(unsigned char)(l>>24)&0xff;
- d[1]=(unsigned char)(l>>16)&0xff;
- d[2]=(unsigned char)(l>> 8)&0xff;
- d[3]=(unsigned char)(l )&0xff;
- if (ext) d[4]=0;
- num=BN_bn2bin(a,&(d[4+ext]));
+ l = num + ext;
+ d[0] = (unsigned char)(l >> 24) & 0xff;
+ d[1] = (unsigned char)(l >> 16) & 0xff;
+ d[2] = (unsigned char)(l >> 8) & 0xff;
+ d[3] = (unsigned char)(l) & 0xff;
+ if (ext)
+ d[4] = 0;
+ num = BN_bn2bin(a, &(d[4 + ext]));
if (a->neg)
- d[4]|=0x80;
- return(num+4+ext);
- }
+ d[4] |= 0x80;
+ return (num + 4 + ext);
+}
-BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
- {
+BIGNUM *
+BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
+{
long len;
- int neg=0;
+ int neg = 0;
- if (n < 4)
- {
- BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH);
- return(NULL);
- }
- len=((long)d[0]<<24)|((long)d[1]<<16)|((int)d[2]<<8)|(int)d[3];
- if ((len+4) != n)
- {
- BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR);
- return(NULL);
- }
+ if (n < 4) {
+ BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
+ return (NULL);
+ }
+ len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) |
+ (int)d[3];
+ if ((len + 4) != n) {
+ BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR);
+ return (NULL);
+ }
- if (a == NULL) a=BN_new();
- if (a == NULL) return(NULL);
+ if (a == NULL)
+ a = BN_new();
+ if (a == NULL)
+ return (NULL);
- if (len == 0)
- {
- a->neg=0;
- a->top=0;
- return(a);
- }
- d+=4;
+ if (len == 0) {
+ a->neg = 0;
+ a->top = 0;
+ return (a);
+ }
+ d += 4;
if ((*d) & 0x80)
- neg=1;
- if (BN_bin2bn(d,(int)len,a) == NULL)
- return(NULL);
- a->neg=neg;
- if (neg)
- {
- BN_clear_bit(a,BN_num_bits(a)-1);
- }
- bn_check_top(a);
- return(a);
+ neg = 1;
+ if (BN_bin2bn(d, (int)len, a) == NULL)
+ return (NULL);
+ a->neg = neg;
+ if (neg) {
+ BN_clear_bit(a, BN_num_bits(a) - 1);
}
-
+ bn_check_top(a);
+ return (a);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
These functions should probably end up in bn_asm.c as soon as there are
assembler counterparts for the systems that use assembler files. */
-BN_ULONG bn_sub_part_words(BN_ULONG *r,
- const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl)
- {
+BN_ULONG
+bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int cl,
+ int dl)
+{
BN_ULONG c, t;
assert(cl >= 0);
a += cl;
b += cl;
- if (dl < 0)
- {
+ if (dl < 0) {
#ifdef BN_COUNT
- fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c);
+ fprintf(stderr,
+ " bn_sub_part_words %d + %d (dl < 0, c = %d)\n",
+ cl, dl, c);
#endif
- for (;;)
- {
+ for (;;) {
t = b[0];
- r[0] = (0-t-c)&BN_MASK2;
- if (t != 0) c=1;
- if (++dl >= 0) break;
+ r[0] = (0 - t - c) & BN_MASK2;
+ if (t != 0)
+ c = 1;
+ if (++dl >= 0)
+ break;
t = b[1];
- r[1] = (0-t-c)&BN_MASK2;
- if (t != 0) c=1;
- if (++dl >= 0) break;
+ r[1] = (0 - t - c) & BN_MASK2;
+ if (t != 0)
+ c = 1;
+ if (++dl >= 0)
+ break;
t = b[2];
- r[2] = (0-t-c)&BN_MASK2;
- if (t != 0) c=1;
- if (++dl >= 0) break;
+ r[2] = (0 - t - c) & BN_MASK2;
+ if (t != 0)
+ c = 1;
+ if (++dl >= 0)
+ break;
t = b[3];
- r[3] = (0-t-c)&BN_MASK2;
- if (t != 0) c=1;
- if (++dl >= 0) break;
+ r[3] = (0 - t - c) & BN_MASK2;
+ if (t != 0)
+ c = 1;
+ if (++dl >= 0)
+ break;
b += 4;
r += 4;
- }
}
- else
- {
+ } else {
int save_dl = dl;
#ifdef BN_COUNT
- fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, dl, c);
+ fprintf(stderr,
+ " bn_sub_part_words %d + %d (dl > 0, c = %d)\n",
+ cl, dl, c);
#endif
- while(c)
- {
+ while (c) {
t = a[0];
- r[0] = (t-c)&BN_MASK2;
- if (t != 0) c=0;
- if (--dl <= 0) break;
+ r[0] = (t - c) & BN_MASK2;
+ if (t != 0)
+ c = 0;
+ if (--dl <= 0)
+ break;
t = a[1];
- r[1] = (t-c)&BN_MASK2;
- if (t != 0) c=0;
- if (--dl <= 0) break;
+ r[1] = (t - c) & BN_MASK2;
+ if (t != 0)
+ c = 0;
+ if (--dl <= 0)
+ break;
t = a[2];
- r[2] = (t-c)&BN_MASK2;
- if (t != 0) c=0;
- if (--dl <= 0) break;
+ r[2] = (t - c) & BN_MASK2;
+ if (t != 0)
+ c = 0;
+ if (--dl <= 0)
+ break;
t = a[3];
- r[3] = (t-c)&BN_MASK2;
- if (t != 0) c=0;
- if (--dl <= 0) break;
+ r[3] = (t - c) & BN_MASK2;
+ if (t != 0)
+ c = 0;
+ if (--dl <= 0)
+ break;
save_dl = dl;
a += 4;
r += 4;
- }
- if (dl > 0)
- {
+ }
+ if (dl > 0) {
#ifdef BN_COUNT
- fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
+ fprintf(stderr,
+ " bn_sub_part_words %d + %d (dl > 0, c == 0)\n",
+ cl, dl);
#endif
- if (save_dl > dl)
- {
- switch (save_dl - dl)
- {
+ if (save_dl > dl) {
+ switch (save_dl - dl) {
case 1:
r[1] = a[1];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
case 2:
r[2] = a[2];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
case 3:
r[3] = a[3];
- if (--dl <= 0) break;
- }
+ if (--dl <= 0)
+ break;
+ }
a += 4;
r += 4;
- }
}
- if (dl > 0)
- {
+ }
+ if (dl > 0) {
#ifdef BN_COUNT
- fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", cl, dl);
+ fprintf(stderr,
+ " bn_sub_part_words %d + %d (dl > 0, copy)\n",
+ cl, dl);
#endif
- for(;;)
- {
+ for (;;) {
r[0] = a[0];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
r[1] = a[1];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
r[2] = a[2];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
r[3] = a[3];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
a += 4;
r += 4;
- }
}
}
- return c;
}
+ return c;
+}
#endif
-BN_ULONG bn_add_part_words(BN_ULONG *r,
- const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl)
- {
+BN_ULONG
+bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int cl,
+ int dl)
+{
BN_ULONG c, l, t;
assert(cl >= 0);
a += cl;
b += cl;
- if (dl < 0)
- {
+ if (dl < 0) {
int save_dl = dl;
#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c);
+ fprintf(stderr,
+ " bn_add_part_words %d + %d (dl < 0, c = %d)\n",
+ cl, dl, c);
#endif
- while (c)
- {
- l=(c+b[0])&BN_MASK2;
- c=(l < c);
- r[0]=l;
- if (++dl >= 0) break;
-
- l=(c+b[1])&BN_MASK2;
- c=(l < c);
- r[1]=l;
- if (++dl >= 0) break;
-
- l=(c+b[2])&BN_MASK2;
- c=(l < c);
- r[2]=l;
- if (++dl >= 0) break;
-
- l=(c+b[3])&BN_MASK2;
- c=(l < c);
- r[3]=l;
- if (++dl >= 0) break;
+ while (c) {
+ l = (c + b[0]) & BN_MASK2;
+ c = (l < c);
+ r[0] = l;
+ if (++dl >= 0)
+ break;
+
+ l = (c + b[1]) & BN_MASK2;
+ c = (l < c);
+ r[1] = l;
+ if (++dl >= 0)
+ break;
+
+ l = (c + b[2]) & BN_MASK2;
+ c = (l < c);
+ r[2] = l;
+ if (++dl >= 0)
+ break;
+
+ l = (c + b[3]) & BN_MASK2;
+ c = (l < c);
+ r[3] = l;
+ if (++dl >= 0)
+ break;
save_dl = dl;
- b+=4;
- r+=4;
- }
- if (dl < 0)
- {
+ b += 4;
+ r += 4;
+ }
+ if (dl < 0) {
#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", cl, dl);
+ fprintf(stderr,
+ " bn_add_part_words %d + %d (dl < 0, c == 0)\n",
+ cl, dl);
#endif
- if (save_dl < dl)
- {
- switch (dl - save_dl)
- {
+ if (save_dl < dl) {
+ switch (dl - save_dl) {
case 1:
r[1] = b[1];
- if (++dl >= 0) break;
+ if (++dl >= 0)
+ break;
case 2:
r[2] = b[2];
- if (++dl >= 0) break;
+ if (++dl >= 0)
+ break;
case 3:
r[3] = b[3];
- if (++dl >= 0) break;
- }
+ if (++dl >= 0)
+ break;
+ }
b += 4;
r += 4;
- }
}
- if (dl < 0)
- {
+ }
+ if (dl < 0) {
#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", cl, dl);
+ fprintf(stderr,
+ " bn_add_part_words %d + %d (dl < 0, copy)\n",
+ cl, dl);
#endif
- for(;;)
- {
+ for (;;) {
r[0] = b[0];
- if (++dl >= 0) break;
+ if (++dl >= 0)
+ break;
r[1] = b[1];
- if (++dl >= 0) break;
+ if (++dl >= 0)
+ break;
r[2] = b[2];
- if (++dl >= 0) break;
+ if (++dl >= 0)
+ break;
r[3] = b[3];
- if (++dl >= 0) break;
+ if (++dl >= 0)
+ break;
b += 4;
r += 4;
- }
}
}
- else
- {
+ } else {
int save_dl = dl;
#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl);
+ fprintf(stderr,
+ " bn_add_part_words %d + %d (dl > 0)\n", cl, dl);
#endif
- while (c)
- {
- t=(a[0]+c)&BN_MASK2;
- c=(t < c);
- r[0]=t;
- if (--dl <= 0) break;
-
- t=(a[1]+c)&BN_MASK2;
- c=(t < c);
- r[1]=t;
- if (--dl <= 0) break;
-
- t=(a[2]+c)&BN_MASK2;
- c=(t < c);
- r[2]=t;
- if (--dl <= 0) break;
-
- t=(a[3]+c)&BN_MASK2;
- c=(t < c);
- r[3]=t;
- if (--dl <= 0) break;
+ while (c) {
+ t = (a[0] + c) & BN_MASK2;
+ c = (t < c);
+ r[0] = t;
+ if (--dl <= 0)
+ break;
+
+ t = (a[1] + c) & BN_MASK2;
+ c = (t < c);
+ r[1] = t;
+ if (--dl <= 0)
+ break;
+
+ t = (a[2] + c) & BN_MASK2;
+ c = (t < c);
+ r[2] = t;
+ if (--dl <= 0)
+ break;
+
+ t = (a[3] + c) & BN_MASK2;
+ c = (t < c);
+ r[3] = t;
+ if (--dl <= 0)
+ break;
save_dl = dl;
- a+=4;
- r+=4;
- }
+ a += 4;
+ r += 4;
+ }
#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
+ fprintf(stderr,
+ " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
#endif
- if (dl > 0)
- {
- if (save_dl > dl)
- {
- switch (save_dl - dl)
- {
+ if (dl > 0) {
+ if (save_dl > dl) {
+ switch (save_dl - dl) {
case 1:
r[1] = a[1];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
case 2:
r[2] = a[2];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
case 3:
r[3] = a[3];
- if (--dl <= 0) break;
- }
+ if (--dl <= 0)
+ break;
+ }
a += 4;
r += 4;
- }
}
- if (dl > 0)
- {
+ }
+ if (dl > 0) {
#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", cl, dl);
+ fprintf(stderr,
+ " bn_add_part_words %d + %d (dl > 0, copy)\n",
+ cl, dl);
#endif
- for(;;)
- {
+ for (;;) {
r[0] = a[0];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
r[1] = a[1];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
r[2] = a[2];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
r[3] = a[3];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
a += 4;
r += 4;
- }
}
}
- return c;
}
+ return c;
+}
#ifdef BN_RECURSION
/* Karatsuba recursive multiplication algorithm
* a[1]*b[1]
*/
/* dnX may not be positive, but n2/2+dnX has to be */
-void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
- int dna, int dnb, BN_ULONG *t)
- {
- int n=n2/2,c1,c2;
- int tna=n+dna, tnb=n+dnb;
- unsigned int neg,zero;
- BN_ULONG ln,lo,*p;
+void
+bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, int dna,
+ int dnb, BN_ULONG *t)
+{
+ int n = n2 / 2, c1, c2;
+ int tna = n + dna, tnb = n + dnb;
+ unsigned int neg, zero;
+ BN_ULONG ln, lo, *p;
# ifdef BN_COUNT
- fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb);
+ fprintf(stderr, " bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb);
# endif
# ifdef BN_MUL_COMBA
# if 0
- if (n2 == 4)
- {
- bn_mul_comba4(r,a,b);
+ if (n2 == 4) {
+ bn_mul_comba4(r, a, b);
return;
- }
+ }
# endif
/* Only call bn_mul_comba 8 if n2 == 8 and the
* two arrays are complete [steve]
*/
- if (n2 == 8 && dna == 0 && dnb == 0)
- {
- bn_mul_comba8(r,a,b);
- return;
- }
+ if (n2 == 8 && dna == 0 && dnb == 0) {
+ bn_mul_comba8(r, a, b);
+ return;
+ }
# endif /* BN_MUL_COMBA */
/* Else do normal multiply */
- if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
- {
- bn_mul_normal(r,a,n2+dna,b,n2+dnb);
+ if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) {
+ bn_mul_normal(r, a, n2 + dna, b, n2 + dnb);
if ((dna + dnb) < 0)
memset(&r[2*n2 + dna + dnb], 0,
- sizeof(BN_ULONG) * -(dna + dnb));
+ sizeof(BN_ULONG) * -(dna + dnb));
return;
- }
+ }
/* r=(a[0]-a[1])*(b[1]-b[0]) */
- c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
- c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
- zero=neg=0;
- switch (c1*3+c2)
- {
+ c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna);
+ c2 = bn_cmp_part_words(&(b[n]), b,tnb, tnb - n);
+ zero = neg = 0;
+ switch (c1 * 3 + c2) {
case -4:
- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
+ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
break;
case -3:
- zero=1;
+ zero = 1;
break;
case -2:
- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */
- neg=1;
+ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
+ neg = 1;
break;
case -1:
case 0:
case 1:
- zero=1;
+ zero = 1;
break;
case 2:
- bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */
- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
- neg=1;
+ bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
+ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+ neg = 1;
break;
case 3:
- zero=1;
+ zero = 1;
break;
case 4:
- bn_sub_part_words(t, a, &(a[n]),tna,n-tna);
- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n);
+ bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
+ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
break;
- }
+ }
# ifdef BN_MUL_COMBA
if (n == 4 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba4 could take
extra args to do this well */
- {
+ {
if (!zero)
- bn_mul_comba4(&(t[n2]),t,&(t[n]));
+ bn_mul_comba4(&(t[n2]), t, &(t[n]));
else
- memset(&(t[n2]),0,8*sizeof(BN_ULONG));
-
- bn_mul_comba4(r,a,b);
- bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n]));
- }
- else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could
+ memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG));
+
+ bn_mul_comba4(r, a, b);
+ bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n]));
+ } else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could
take extra args to do this
well */
- {
+ {
if (!zero)
- bn_mul_comba8(&(t[n2]),t,&(t[n]));
+ bn_mul_comba8(&(t[n2]), t, &(t[n]));
else
- memset(&(t[n2]),0,16*sizeof(BN_ULONG));
-
- bn_mul_comba8(r,a,b);
- bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
- }
- else
+ memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG));
+
+ bn_mul_comba8(r, a, b);
+ bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n]));
+ } else
# endif /* BN_MUL_COMBA */
- {
- p= &(t[n2*2]);
+ {
+ p = &(t[n2 * 2]);
if (!zero)
- bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p);
+ bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
else
- memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
- bn_mul_recursive(r,a,b,n,0,0,p);
- bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p);
- }
+ memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
+ bn_mul_recursive(r, a, b, n, 0, 0, p);
+ bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p);
+ }
/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
* r[10] holds (a[0]*b[0])
* r[32] holds (b[1]*b[1])
*/
- c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+ c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
if (neg) /* if t[32] is negative */
- {
- c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
- }
- else
- {
+ {
+ c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
+ } else {
/* Might have a carry */
- c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
- }
+ c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2));
+ }
/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
* r[10] holds (a[0]*b[0])
* r[32] holds (b[1]*b[1])
* c1 holds the carry bits
*/
- c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
- if (c1)
- {
- p= &(r[n+n2]);
+ c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+ if (c1) {
+ p = &(r[n + n2]);
lo= *p;
- ln=(lo+c1)&BN_MASK2;
- *p=ln;
+ ln = (lo + c1) & BN_MASK2;
+ *p = ln;
/* The overflow will stop before we over write
* words we should not overwrite */
- if (ln < (BN_ULONG)c1)
- {
- do {
+ if (ln < (BN_ULONG)c1) {
+ do {
p++;
lo= *p;
- ln=(lo+1)&BN_MASK2;
- *p=ln;
- } while (ln == 0);
- }
+ ln = (lo + 1) & BN_MASK2;
+ *p = ln;
+ } while (ln == 0);
}
}
+}
/* n+tn is the word length
* t needs to be n*4 is size, as does r */
/* tnX may not be negative but less than n */
-void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
- int tna, int tnb, BN_ULONG *t)
- {
- int i,j,n2=n*2;
- int c1,c2,neg;
- BN_ULONG ln,lo,*p;
+void
+bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, int tna,
+ int tnb, BN_ULONG *t)
+{
+ int i, j, n2 = n * 2;
+ int c1, c2, neg;
+ BN_ULONG ln, lo, *p;
# ifdef BN_COUNT
- fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
- n, tna, n, tnb);
+ fprintf(stderr, " bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
+ n, tna, n, tnb);
# endif
- if (n < 8)
- {
- bn_mul_normal(r,a,n+tna,b,n+tnb);
+ if (n < 8) {
+ bn_mul_normal(r, a, n + tna, b, n + tnb);
return;
- }
+ }
/* r=(a[0]-a[1])*(b[1]-b[0]) */
- c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
- c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
- neg=0;
- switch (c1*3+c2)
- {
+ c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna);
+ c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n);
+ neg = 0;
+ switch (c1 * 3 + c2) {
case -4:
- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
+ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
break;
case -3:
/* break; */
case -2:
- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */
- neg=1;
+ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
+ neg = 1;
break;
case -1:
case 0:
case 1:
/* break; */
case 2:
- bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */
- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
- neg=1;
+ bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
+ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+ neg = 1;
break;
case 3:
/* break; */
case 4:
- bn_sub_part_words(t, a, &(a[n]),tna,n-tna);
- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n);
+ bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
+ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
break;
- }
+ }
/* The zero case isn't yet implemented here. The speedup
would probably be negligible. */
# if 0
- if (n == 4)
- {
- bn_mul_comba4(&(t[n2]),t,&(t[n]));
- bn_mul_comba4(r,a,b);
- bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
- memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
- }
- else
+ if (n == 4) {
+ bn_mul_comba4(&(t[n2]), t, &(t[n]));
+ bn_mul_comba4(r, a, b);
+ bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn);
+ memset(&(r[n2 + tn * 2]), 0, sizeof(BN_ULONG) * (n2 - tn * 2));
+ } else
# endif
- if (n == 8)
- {
- bn_mul_comba8(&(t[n2]),t,&(t[n]));
- bn_mul_comba8(r,a,b);
- bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb);
- memset(&(r[n2+tna+tnb]),0,sizeof(BN_ULONG)*(n2-tna-tnb));
- }
- else
- {
- p= &(t[n2*2]);
- bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p);
- bn_mul_recursive(r,a,b,n,0,0,p);
- i=n/2;
+ if (n == 8) {
+ bn_mul_comba8(&(t[n2]), t, &(t[n]));
+ bn_mul_comba8(r, a, b);
+ bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
+ memset(&(r[n2 + tna + tnb]), 0,
+ sizeof(BN_ULONG) * (n2 - tna - tnb));
+ } else {
+ p = &(t[n2*2]);
+ bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
+ bn_mul_recursive(r, a, b, n, 0, 0, p);
+ i = n / 2;
/* If there is only a bottom half to the number,
* just do it */
if (tna > tnb)
j = tna - i;
else
j = tnb - i;
- if (j == 0)
- {
- bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),
- i,tna-i,tnb-i,p);
- memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
- }
+ if (j == 0) {
+ bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]),
+ i, tna - i, tnb - i, p);
+ memset(&(r[n2 + i * 2]), 0,
+ sizeof(BN_ULONG) * (n2 - i * 2));
+ }
else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
- {
- bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
- i,tna-i,tnb-i,p);
- memset(&(r[n2+tna+tnb]),0,
- sizeof(BN_ULONG)*(n2-tna-tnb));
- }
+ {
+ bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]),
+ i, tna - i, tnb - i, p);
+ memset(&(r[n2 + tna + tnb]), 0,
+ sizeof(BN_ULONG) * (n2 - tna - tnb));
+ }
else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
- {
- memset(&(r[n2]),0,sizeof(BN_ULONG)*n2);
- if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL
- && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL)
- {
- bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb);
- }
- else
- {
- for (;;)
- {
- i/=2;
+ {
+ memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2);
+ if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL &&
+ tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) {
+ bn_mul_normal(&(r[n2]), &(a[n]), tna,
+ &(b[n]), tnb);
+ } else {
+ for (;;) {
+ i /= 2;
/* these simplified conditions work
* exclusively because difference
* between tna and tnb is 1 or 0 */
- if (i < tna || i < tnb)
- {
+ if (i < tna || i < tnb) {
bn_mul_part_recursive(&(r[n2]),
- &(a[n]),&(b[n]),
- i,tna-i,tnb-i,p);
+ &(a[n]), &(b[n]), i,
+ tna - i, tnb - i, p);
break;
- }
- else if (i == tna || i == tnb)
- {
+ } else if (i == tna || i == tnb) {
bn_mul_recursive(&(r[n2]),
- &(a[n]),&(b[n]),
- i,tna-i,tnb-i,p);
+ &(a[n]), &(b[n]), i,
+ tna - i, tnb - i, p);
break;
- }
}
}
}
}
+ }
/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
* r[10] holds (a[0]*b[0])
* r[32] holds (b[1]*b[1])
*/
- c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+ c1 = (int)(bn_add_words(t, r,&(r[n2]), n2));
if (neg) /* if t[32] is negative */
- {
- c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
- }
- else
- {
+ {
+ c1 -= (int)(bn_sub_words(&(t[n2]), t,&(t[n2]), n2));
+ } else {
/* Might have a carry */
- c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
- }
+ c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2));
+ }
/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
* r[10] holds (a[0]*b[0])
* r[32] holds (b[1]*b[1])
* c1 holds the carry bits
*/
- c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
- if (c1)
- {
- p= &(r[n+n2]);
+ c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+ if (c1) {
+ p = &(r[n + n2]);
lo= *p;
- ln=(lo+c1)&BN_MASK2;
- *p=ln;
+ ln = (lo + c1)&BN_MASK2;
+ *p = ln;
/* The overflow will stop before we over write
* words we should not overwrite */
- if (ln < (BN_ULONG)c1)
- {
- do {
+ if (ln < (BN_ULONG)c1) {
+ do {
p++;
lo= *p;
- ln=(lo+1)&BN_MASK2;
- *p=ln;
- } while (ln == 0);
- }
+ ln = (lo + 1) & BN_MASK2;
+ *p = ln;
+ } while (ln == 0);
}
}
+}
/* a and b must be the same size, which is n2.
* r needs to be n2 words and t needs to be n2*2
*/
-void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
- BN_ULONG *t)
- {
- int n=n2/2;
+void
+bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, BN_ULONG *t)
+{
+ int n = n2 / 2;
# ifdef BN_COUNT
- fprintf(stderr," bn_mul_low_recursive %d * %d\n",n2,n2);
+ fprintf(stderr, " bn_mul_low_recursive %d * %d\n",n2,n2);
# endif
- bn_mul_recursive(r,a,b,n,0,0,&(t[0]));
- if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
- {
- bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
- bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
- bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));
- bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
- }
- else
- {
- bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);
- bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
- bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
- bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
- }
+ bn_mul_recursive(r, a, b, n, 0, 0, &(t[0]));
+ if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) {
+ bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2]));
+ bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+ bn_mul_low_recursive(&(t[0]), &(a[n]), &(b[0]), n, &(t[n2]));
+ bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+ } else {
+ bn_mul_low_normal(&(t[0]), &(a[0]), &(b[n]), n);
+ bn_mul_low_normal(&(t[n]), &(a[n]), &(b[0]), n);
+ bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+ bn_add_words(&(r[n]), &(r[n]), &(t[n]), n);
}
+}
/* a and b must be the same size, which is n2.
* r needs to be n2 words and t needs to be n2*2
* l is the low words of the output.
* t needs to be n2*3
*/
-void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
- BN_ULONG *t)
- {
- int i,n;
- int c1,c2;
- int neg,oneg,zero;
- BN_ULONG ll,lc,*lp,*mp;
+void
+bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
+ BN_ULONG *t)
+{
+ int i, n;
+ int c1, c2;
+ int neg, oneg, zero;
+ BN_ULONG ll, lc, *lp, *mp;
# ifdef BN_COUNT
- fprintf(stderr," bn_mul_high %d * %d\n",n2,n2);
+ fprintf(stderr, " bn_mul_high %d * %d\n",n2,n2);
# endif
- n=n2/2;
+ n = n2 / 2;
/* Calculate (al-ah)*(bh-bl) */
- neg=zero=0;
- c1=bn_cmp_words(&(a[0]),&(a[n]),n);
- c2=bn_cmp_words(&(b[n]),&(b[0]),n);
- switch (c1*3+c2)
- {
+ neg = zero = 0;
+ c1 = bn_cmp_words(&(a[0]), &(a[n]), n);
+ c2 = bn_cmp_words(&(b[n]), &(b[0]), n);
+ switch (c1 * 3 + c2) {
case -4:
- bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
- bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
+ bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n);
+ bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n);
break;
case -3:
- zero=1;
+ zero = 1;
break;
case -2:
- bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
- bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
- neg=1;
+ bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n);
+ bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n);
+ neg = 1;
break;
case -1:
case 0:
case 1:
- zero=1;
+ zero = 1;
break;
case 2:
- bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
- bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
- neg=1;
+ bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n);
+ bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n);
+ neg = 1;
break;
case 3:
- zero=1;
+ zero = 1;
break;
case 4:
- bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
- bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
+ bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n);
+ bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n);
break;
- }
-
- oneg=neg;
+ }
+
+ oneg = neg;
/* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
/* r[10] = (a[1]*b[1]) */
# ifdef BN_MUL_COMBA
- if (n == 8)
- {
- bn_mul_comba8(&(t[0]),&(r[0]),&(r[n]));
- bn_mul_comba8(r,&(a[n]),&(b[n]));
- }
- else
+ if (n == 8) {
+ bn_mul_comba8(&(t[0]), &(r[0]), &(r[n]));
+ bn_mul_comba8(r, &(a[n]), &(b[n]));
+ } else
# endif
- {
- bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,0,0,&(t[n2]));
- bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2]));
- }
+ {
+ bn_mul_recursive(&(t[0]), &(r[0]), &(r[n]), n, 0, 0, &(t[n2]));
+ bn_mul_recursive(r, &(a[n]), &(b[n]), n, 0, 0, &(t[n2]));
+ }
/* s0 == low(al*bl)
* s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
* high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
* high(al*bl) == s1 - (r[0]+l[0]+t[0])
*/
- if (l != NULL)
- {
- lp= &(t[n2+n]);
- c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n));
- }
- else
- {
- c1=0;
- lp= &(r[0]);
- }
+ if (l != NULL) {
+ lp = &(t[n2 + n]);
+ c1 = (int)(bn_add_words(lp, &(r[0]), &(l[0]), n));
+ } else {
+ c1 = 0;
+ lp = &(r[0]);
+ }
if (neg)
- neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n));
- else
- {
- bn_add_words(&(t[n2]),lp,&(t[0]),n);
- neg=0;
- }
+ neg = (int)(bn_sub_words(&(t[n2]), lp, &(t[0]), n));
+ else {
+ bn_add_words(&(t[n2]), lp, &(t[0]), n);
+ neg = 0;
+ }
- if (l != NULL)
- {
- bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);
- }
- else
- {
- lp= &(t[n2+n]);
- mp= &(t[n2]);
- for (i=0; i<n; i++)
- lp[i]=((~mp[i])+1)&BN_MASK2;
- }
+ if (l != NULL) {
+ bn_sub_words(&(t[n2 + n]), &(l[n]), &(t[n2]), n);
+ } else {
+ lp = &(t[n2 + n]);
+ mp = &(t[n2]);
+ for (i = 0; i < n; i++)
+ lp[i] = ((~mp[i]) + 1) & BN_MASK2;
+ }
/* s[0] = low(al*bl)
* t[3] = high(al*bl)
* R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
* R[3]=r[1]+(carry/borrow)
*/
- if (l != NULL)
- {
- lp= &(t[n2]);
- c1= (int)(bn_add_words(lp,&(t[n2+n]),&(l[0]),n));
- }
- else
- {
- lp= &(t[n2+n]);
- c1=0;
- }
- c1+=(int)(bn_add_words(&(t[n2]),lp, &(r[0]),n));
+ if (l != NULL) {
+ lp = &(t[n2]);
+ c1 = (int)(bn_add_words(lp, &(t[n2 + n]), &(l[0]), n));
+ } else {
+ lp = &(t[n2 + n]);
+ c1 = 0;
+ }
+ c1 += (int)(bn_add_words(&(t[n2]), lp, &(r[0]), n));
if (oneg)
- c1-=(int)(bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n));
+ c1 -= (int)(bn_sub_words(&(t[n2]), &(t[n2]), &(t[0]), n));
else
- c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n));
+ c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), &(t[0]), n));
- c2 =(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n));
- c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(r[n]),n));
+ c2 = (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n2 + n]), n));
+ c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(r[n]), n));
if (oneg)
- c2-=(int)(bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n));
+ c2 -= (int)(bn_sub_words(&(r[0]), &(r[0]), &(t[n]), n));
else
- c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n]),n));
-
+ c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n]), n));
+
if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */
- {
- i=0;
- if (c1 > 0)
- {
- lc=c1;
- do {
- ll=(r[i]+lc)&BN_MASK2;
- r[i++]=ll;
- lc=(lc > ll);
- } while (lc);
- }
- else
- {
- lc= -c1;
- do {
- ll=r[i];
- r[i++]=(ll-lc)&BN_MASK2;
- lc=(lc > ll);
- } while (lc);
- }
+ {
+ i = 0;
+ if (c1 > 0) {
+ lc = c1;
+ do {
+ ll = (r[i] + lc) & BN_MASK2;
+ r[i++] = ll;
+ lc = (lc > ll);
+ } while (lc);
+ } else {
+ lc = -c1;
+ do {
+ ll = r[i];
+ r[i++] = (ll - lc) & BN_MASK2;
+ lc = (lc > ll);
+ } while (lc);
}
+ }
if (c2 != 0) /* Add starting at r[1] */
- {
- i=n;
- if (c2 > 0)
- {
- lc=c2;
- do {
- ll=(r[i]+lc)&BN_MASK2;
- r[i++]=ll;
- lc=(lc > ll);
- } while (lc);
- }
- else
- {
- lc= -c2;
- do {
- ll=r[i];
- r[i++]=(ll-lc)&BN_MASK2;
- lc=(lc > ll);
- } while (lc);
- }
+ {
+ i = n;
+ if (c2 > 0) {
+ lc = c2;
+ do {
+ ll = (r[i] + lc) & BN_MASK2;
+ r[i++] = ll;
+ lc = (lc > ll);
+ } while (lc);
+ } else {
+ lc = -c2;
+ do {
+ ll = r[i];
+ r[i++] = (ll - lc) & BN_MASK2;
+ lc = (lc > ll);
+ } while (lc);
}
}
+}
#endif /* BN_RECURSION */
-int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
- {
- int ret=0;
- int top,al,bl;
+int
+BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+ int ret = 0;
+ int top, al, bl;
BIGNUM *rr;
#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
int i;
#endif
#ifdef BN_RECURSION
- BIGNUM *t=NULL;
- int j=0,k;
+ BIGNUM *t = NULL;
+ int j = 0, k;
#endif
#ifdef BN_COUNT
- fprintf(stderr,"BN_mul %d * %d\n",a->top,b->top);
+ fprintf(stderr, "BN_mul %d * %d\n",a->top,b->top);
#endif
bn_check_top(a);
bn_check_top(b);
bn_check_top(r);
- al=a->top;
- bl=b->top;
+ al = a->top;
+ bl = b->top;
- if ((al == 0) || (bl == 0))
- {
+ if ((al == 0) || (bl == 0)) {
BN_zero(r);
- return(1);
- }
- top=al+bl;
+ return (1);
+ }
+ top = al + bl;
BN_CTX_start(ctx);
- if ((r == a) || (r == b))
- {
- if ((rr = BN_CTX_get(ctx)) == NULL) goto err;
- }
- else
+ if ((r == a) || (r == b)) {
+ if ((rr = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ } else
rr = r;
- rr->neg=a->neg^b->neg;
+ rr->neg = a->neg ^ b->neg;
#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
- i = al-bl;
+ i = al - bl;
#endif
#ifdef BN_MUL_COMBA
- if (i == 0)
- {
+ if (i == 0) {
# if 0
- if (al == 4)
- {
- if (bn_wexpand(rr,8) == NULL) goto err;
- rr->top=8;
- bn_mul_comba4(rr->d,a->d,b->d);
+ if (al == 4) {
+ if (bn_wexpand(rr, 8) == NULL)
+ goto err;
+ rr->top = 8;
+ bn_mul_comba4(rr->d, a->d, b->d);
goto end;
- }
+ }
# endif
- if (al == 8)
- {
- if (bn_wexpand(rr,16) == NULL) goto err;
- rr->top=16;
- bn_mul_comba8(rr->d,a->d,b->d);
+ if (al == 8) {
+ if (bn_wexpand(rr, 16) == NULL)
+ goto err;
+ rr->top = 16;
+ bn_mul_comba8(rr->d, a->d, b->d);
goto end;
- }
}
+ }
#endif /* BN_MUL_COMBA */
#ifdef BN_RECURSION
- if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL))
- {
- if (i >= -1 && i <= 1)
- {
+ if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) {
+ if (i >= -1 && i <= 1) {
/* Find out the power of two lower or equal
to the longest of the two numbers */
- if (i >= 0)
- {
+ if (i >= 0) {
j = BN_num_bits_word((BN_ULONG)al);
- }
- if (i == -1)
- {
+ }
+ if (i == -1) {
j = BN_num_bits_word((BN_ULONG)bl);
- }
- j = 1<<(j-1);
+ }
+ j = 1 << (j - 1);
assert(j <= al || j <= bl);
- k = j+j;
+ k = j + j;
t = BN_CTX_get(ctx);
if (t == NULL)
goto err;
- if (al > j || bl > j)
- {
- if (bn_wexpand(t,k*4) == NULL) goto err;
- if (bn_wexpand(rr,k*4) == NULL) goto err;
- bn_mul_part_recursive(rr->d,a->d,b->d,
- j,al-j,bl-j,t->d);
- }
+ if (al > j || bl > j) {
+ if (bn_wexpand(t, k * 4) == NULL)
+ goto err;
+ if (bn_wexpand(rr, k * 4) == NULL)
+ goto err;
+ bn_mul_part_recursive(rr->d, a->d, b->d,
+ j, al - j, bl - j, t->d);
+ }
else /* al <= j || bl <= j */
- {
- if (bn_wexpand(t,k*2) == NULL) goto err;
- if (bn_wexpand(rr,k*2) == NULL) goto err;
- bn_mul_recursive(rr->d,a->d,b->d,
- j,al-j,bl-j,t->d);
- }
- rr->top=top;
- goto end;
+ {
+ if (bn_wexpand(t, k * 2) == NULL)
+ goto err;
+ if (bn_wexpand(rr, k * 2) == NULL)
+ goto err;
+ bn_mul_recursive(rr->d, a->d, b->d,
+ j, al - j, bl - j, t->d);
}
+ rr->top = top;
+ goto end;
+ }
#if 0
- if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
- {
+ if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) {
BIGNUM *tmp_bn = (BIGNUM *)b;
- if (bn_wexpand(tmp_bn,al) == NULL) goto err;
- tmp_bn->d[bl]=0;
+ if (bn_wexpand(tmp_bn, al) == NULL)
+ goto err;
+ tmp_bn->d[bl] = 0;
bl++;
i--;
- }
- else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
- {
+ } else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) {
BIGNUM *tmp_bn = (BIGNUM *)a;
- if (bn_wexpand(tmp_bn,bl) == NULL) goto err;
- tmp_bn->d[al]=0;
+ if (bn_wexpand(tmp_bn, bl) == NULL)
+ goto err;
+ tmp_bn->d[al] = 0;
al++;
i++;
- }
- if (i == 0)
- {
+ }
+ if (i == 0) {
/* symmetric and > 4 */
/* 16 or larger */
- j=BN_num_bits_word((BN_ULONG)al);
- j=1<<(j-1);
- k=j+j;
+ j = BN_num_bits_word((BN_ULONG)al);
+ j = 1 << (j - 1);
+ k = j + j;
t = BN_CTX_get(ctx);
if (al == j) /* exact multiple */
- {
- if (bn_wexpand(t,k*2) == NULL) goto err;
- if (bn_wexpand(rr,k*2) == NULL) goto err;
- bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
- }
- else
- {
- if (bn_wexpand(t,k*4) == NULL) goto err;
- if (bn_wexpand(rr,k*4) == NULL) goto err;
- bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
- }
- rr->top=top;
- goto end;
+ {
+ if (bn_wexpand(t, k * 2) == NULL)
+ goto err;
+ if (bn_wexpand(rr, k * 2) == NULL)
+ goto err;
+ bn_mul_recursive(rr->d, a->d, b->d, al, t->d);
+ } else {
+ if (bn_wexpand(t, k * 4) == NULL)
+ goto err;
+ if (bn_wexpand(rr, k * 4) == NULL)
+ goto err;
+ bn_mul_part_recursive(rr->d, a->d, b->d,
+ al - j, j, t->d);
}
-#endif
+ rr->top = top;
+ goto end;
}
+#endif
+ }
#endif /* BN_RECURSION */
- if (bn_wexpand(rr,top) == NULL) goto err;
- rr->top=top;
- bn_mul_normal(rr->d,a->d,al,b->d,bl);
+ if (bn_wexpand(rr, top) == NULL)
+ goto err;
+ rr->top = top;
+ bn_mul_normal(rr->d, a->d, al, b->d, bl);
#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
end:
#endif
bn_correct_top(rr);
- if (r != rr) BN_copy(r,rr);
- ret=1;
+ if (r != rr)
+ BN_copy(r, rr);
+ ret = 1;
err:
bn_check_top(r);
BN_CTX_end(ctx);
- return(ret);
- }
+ return (ret);
+}
-void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
- {
+void
+bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
+{
BN_ULONG *rr;
#ifdef BN_COUNT
- fprintf(stderr," bn_mul_normal %d * %d\n",na,nb);
+ fprintf(stderr, " bn_mul_normal %d * %d\n", na, nb);
#endif
- if (na < nb)
- {
+ if (na < nb) {
int itmp;
BN_ULONG *ltmp;
- itmp=na; na=nb; nb=itmp;
- ltmp=a; a=b; b=ltmp;
+ itmp = na;
+ na = nb;
+ nb = itmp;
+ ltmp = a;
+ a = b;
+ b = ltmp;
- }
- rr= &(r[na]);
- if (nb <= 0)
- {
- (void)bn_mul_words(r,a,na,0);
+ }
+ rr = &(r[na]);
+ if (nb <= 0) {
+ (void)bn_mul_words(r, a, na, 0);
return;
- }
- else
- rr[0]=bn_mul_words(r,a,na,b[0]);
-
- for (;;)
- {
- if (--nb <= 0) return;
- rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
- if (--nb <= 0) return;
- rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
- if (--nb <= 0) return;
- rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
- if (--nb <= 0) return;
- rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
- rr+=4;
- r+=4;
- b+=4;
- }
+ } else
+ rr[0] = bn_mul_words(r, a, na, b[0]);
+
+ for (;;) {
+ if (--nb <= 0)
+ return;
+ rr[1] = bn_mul_add_words(&(r[1]), a, na, b[1]);
+ if (--nb <= 0)
+ return;
+ rr[2] = bn_mul_add_words(&(r[2]), a, na, b[2]);
+ if (--nb <= 0)
+ return;
+ rr[3] = bn_mul_add_words(&(r[3]), a, na, b[3]);
+ if (--nb <= 0)
+ return;
+ rr[4] = bn_mul_add_words(&(r[4]), a, na, b[4]);
+ rr += 4;
+ r += 4;
+ b += 4;
}
+}
-void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
- {
+void
+bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+{
#ifdef BN_COUNT
- fprintf(stderr," bn_mul_low_normal %d * %d\n",n,n);
+ fprintf(stderr, " bn_mul_low_normal %d * %d\n", n, n);
#endif
- bn_mul_words(r,a,n,b[0]);
-
- for (;;)
- {
- if (--n <= 0) return;
- bn_mul_add_words(&(r[1]),a,n,b[1]);
- if (--n <= 0) return;
- bn_mul_add_words(&(r[2]),a,n,b[2]);
- if (--n <= 0) return;
- bn_mul_add_words(&(r[3]),a,n,b[3]);
- if (--n <= 0) return;
- bn_mul_add_words(&(r[4]),a,n,b[4]);
- r+=4;
- b+=4;
- }
+ bn_mul_words(r, a, n, b[0]);
+
+ for (;;) {
+ if (--n <= 0)
+ return;
+ bn_mul_add_words(&(r[1]), a, n, b[1]);
+ if (--n <= 0)
+ return;
+ bn_mul_add_words(&(r[2]), a, n, b[2]);
+ if (--n <= 0)
+ return;
+ bn_mul_add_words(&(r[3]), a, n, b[3]);
+ if (--n <= 0)
+ return;
+ bn_mul_add_words(&(r[4]), a, n, b[4]);
+ r += 4;
+ b += 4;
}
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#include "bn_prime.h"
static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
- const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont);
+ const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont);
static int probable_prime(BIGNUM *rnd, int bits);
static int probable_prime_dh(BIGNUM *rnd, int bits,
- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
+ const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
+ const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
-int BN_GENCB_call(BN_GENCB *cb, int a, int b)
- {
+int
+BN_GENCB_call(BN_GENCB *cb, int a, int b)
+{
/* No callback means continue */
- if(!cb) return 1;
- switch(cb->ver)
- {
+ if (!cb)
+ return 1;
+ switch (cb->ver) {
case 1:
/* Deprecated-style callbacks */
- if(!cb->cb.cb_1)
+ if (!cb->cb.cb_1)
return 1;
cb->cb.cb_1(a, b, cb->arg);
return 1;
return cb->cb.cb_2(a, b, cb);
default:
break;
- }
+ }
/* Unrecognised callback type */
return 0;
- }
+}
-int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
- const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
- {
+int
+BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+ const BIGNUM *rem, BN_GENCB *cb)
+{
BIGNUM *t;
- int found=0;
- int i,j,c1=0;
+ int found = 0;
+ int i, j, c1 = 0;
BN_CTX *ctx;
int checks = BN_prime_checks_for_size(bits);
- ctx=BN_CTX_new();
- if (ctx == NULL) goto err;
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
BN_CTX_start(ctx);
t = BN_CTX_get(ctx);
- if(!t) goto err;
-loop:
+ if (!t)
+ goto err;
+loop:
/* make a random number and set the top and bottom bits */
- if (add == NULL)
- {
- if (!probable_prime(ret,bits)) goto err;
- }
- else
- {
- if (safe)
- {
- if (!probable_prime_dh_safe(ret,bits,add,rem,ctx))
- goto err;
- }
- else
- {
- if (!probable_prime_dh(ret,bits,add,rem,ctx))
+ if (add == NULL) {
+ if (!probable_prime(ret, bits))
+ goto err;
+ } else {
+ if (safe) {
+ if (!probable_prime_dh_safe(ret, bits, add, rem, ctx))
+ goto err;
+ } else {
+ if (!probable_prime_dh(ret, bits, add, rem, ctx))
goto err;
- }
}
+ }
/* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */
- if(!BN_GENCB_call(cb, 0, c1++))
+ if (!BN_GENCB_call(cb, 0, c1++))
/* aborted */
goto err;
- if (!safe)
- {
- i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb);
- if (i == -1) goto err;
- if (i == 0) goto loop;
- }
- else
- {
+ if (!safe) {
+ i = BN_is_prime_fasttest_ex(ret, checks, ctx, 0, cb);
+ if (i == -1)
+ goto err;
+ if (i == 0)
+ goto loop;
+ } else {
/* for "safe prime" generation,
* check that (p-1)/2 is prime.
* Since a prime is odd, We just
* need to divide by 2 */
- if (!BN_rshift1(t,ret)) goto err;
+ if (!BN_rshift1(t, ret))
+ goto err;
- for (i=0; i<checks; i++)
- {
- j=BN_is_prime_fasttest_ex(ret,1,ctx,0,cb);
- if (j == -1) goto err;
- if (j == 0) goto loop;
+ for (i = 0; i < checks; i++) {
+ j = BN_is_prime_fasttest_ex(ret, 1, ctx, 0, cb);
+ if (j == -1)
+ goto err;
+ if (j == 0)
+ goto loop;
- j=BN_is_prime_fasttest_ex(t,1,ctx,0,cb);
- if (j == -1) goto err;
- if (j == 0) goto loop;
+ j = BN_is_prime_fasttest_ex(t, 1, ctx, 0, cb);
+ if (j == -1)
+ goto err;
+ if (j == 0)
+ goto loop;
- if(!BN_GENCB_call(cb, 2, c1-1))
+ if (!BN_GENCB_call(cb, 2, c1 - 1))
goto err;
/* We have a safe prime test pass */
- }
}
+ }
/* we have a prime :-) */
found = 1;
+
err:
- if (ctx != NULL)
- {
+ if (ctx != NULL) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
- }
+ }
bn_check_top(ret);
return found;
- }
+}
-int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb)
- {
+int
+BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb)
+{
return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);
- }
+}
-int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
- int do_trial_division, BN_GENCB *cb)
- {
+int
+BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
+ int do_trial_division, BN_GENCB *cb)
+{
int i, j, ret = -1;
int k;
BN_CTX *ctx = NULL;
if (BN_cmp(a, BN_value_one()) <= 0)
return 0;
-
+
if (checks == BN_prime_checks)
checks = BN_prime_checks_for_size(BN_num_bits(a));
if (!BN_is_odd(a))
/* a is even => a is prime if and only if a == 2 */
return BN_is_word(a, 2);
- if (do_trial_division)
- {
+ if (do_trial_division) {
for (i = 1; i < NUMPRIMES; i++)
- if (BN_mod_word(a, primes[i]) == 0)
+ if (BN_mod_word(a, primes[i]) == 0)
return 0;
- if(!BN_GENCB_call(cb, 1, -1))
+ if (!BN_GENCB_call(cb, 1, -1))
goto err;
- }
+ }
if (ctx_passed != NULL)
ctx = ctx_passed;
- else
- if ((ctx=BN_CTX_new()) == NULL)
- goto err;
+ else if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
BN_CTX_start(ctx);
/* A := abs(a) */
- if (a->neg)
- {
+ if (a->neg) {
BIGNUM *t;
- if ((t = BN_CTX_get(ctx)) == NULL) goto err;
+ if ((t = BN_CTX_get(ctx)) == NULL)
+ goto err;
BN_copy(t, a);
t->neg = 0;
A = t;
- }
- else
+ } else
A = a;
A1 = BN_CTX_get(ctx);
A1_odd = BN_CTX_get(ctx);
check = BN_CTX_get(ctx);
- if (check == NULL) goto err;
+ if (check == NULL)
+ goto err;
/* compute A1 := A - 1 */
if (!BN_copy(A1, A))
goto err;
if (!BN_sub_word(A1, 1))
goto err;
- if (BN_is_zero(A1))
- {
+ if (BN_is_zero(A1)) {
ret = 0;
goto err;
- }
+ }
/* write A1 as A1_odd * 2^k */
k = 1;
goto err;
if (!BN_MONT_CTX_set(mont, A, ctx))
goto err;
-
- for (i = 0; i < checks; i++)
- {
+
+ for (i = 0; i < checks; i++) {
if (!BN_pseudo_rand_range(check, A1))
goto err;
if (!BN_add_word(check, 1))
/* now 1 <= check < A */
j = witness(check, A, A1, A1_odd, k, ctx, mont);
- if (j == -1) goto err;
- if (j)
- {
- ret=0;
+ if (j == -1)
goto err;
- }
- if(!BN_GENCB_call(cb, 1, i))
+ if (j) {
+ ret = 0;
goto err;
}
- ret=1;
+ if (!BN_GENCB_call(cb, 1, i))
+ goto err;
+ }
+ ret = 1;
+
err:
- if (ctx != NULL)
- {
+ if (ctx != NULL) {
BN_CTX_end(ctx);
if (ctx_passed == NULL)
BN_CTX_free(ctx);
- }
+ }
if (mont != NULL)
BN_MONT_CTX_free(mont);
- return(ret);
- }
+ return (ret);
+}
-static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
- const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont)
- {
- if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */
+static int
+witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, const BIGNUM *a1_odd,
+ int k, BN_CTX *ctx, BN_MONT_CTX *mont)
+{
+ if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont))
+ /* w := w^a1_odd mod a */
return -1;
if (BN_is_one(w))
return 0; /* probably prime */
if (BN_cmp(w, a1) == 0)
return 0; /* w == -1 (mod a), 'a' is probably prime */
- while (--k)
- {
+ while (--k) {
if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */
return -1;
if (BN_is_one(w))
* have been == -1 (mod 'a') */
if (BN_cmp(w, a1) == 0)
return 0; /* w == -1 (mod a), 'a' is probably prime */
- }
+ }
/* If we get here, 'w' is the (a-1)/2-th power of the original 'w',
* and it is neither -1 nor +1 -- so 'a' cannot be prime */
bn_check_top(w);
return 1;
- }
+}
-static int probable_prime(BIGNUM *rnd, int bits)
- {
+static int
+probable_prime(BIGNUM *rnd, int bits)
+{
int i;
prime_t mods[NUMPRIMES];
- BN_ULONG delta,maxdelta;
+ BN_ULONG delta, maxdelta;
again:
- if (!BN_rand(rnd,bits,1,1)) return(0);
+ if (!BN_rand(rnd, bits, 1, 1))
+ return (0);
/* we now have a random number 'rand' to test. */
- for (i=1; i<NUMPRIMES; i++)
- mods[i]=(prime_t)BN_mod_word(rnd,(BN_ULONG)primes[i]);
- maxdelta=BN_MASK2 - primes[NUMPRIMES-1];
- delta=0;
- loop: for (i=1; i<NUMPRIMES; i++)
- {
+ for (i = 1; i < NUMPRIMES; i++)
+ mods[i] = (prime_t)BN_mod_word(rnd, (BN_ULONG)primes[i]);
+ maxdelta = BN_MASK2 - primes[NUMPRIMES - 1];
+ delta = 0;
+loop:
+ for (i = 1; i < NUMPRIMES; i++) {
/* check that rnd is not a prime and also
* that gcd(rnd-1,primes) == 1 (except for 2) */
- if (((mods[i]+delta)%primes[i]) <= 1)
- {
- delta+=2;
- if (delta > maxdelta) goto again;
+ if (((mods[i] + delta) % primes[i]) <= 1) {
+ delta += 2;
+ if (delta > maxdelta)
+ goto again;
goto loop;
- }
}
- if (!BN_add_word(rnd,delta)) return(0);
- bn_check_top(rnd);
- return(1);
}
-
-static int probable_prime_dh(BIGNUM *rnd, int bits,
- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx)
- {
- int i,ret=0;
+ if (!BN_add_word(rnd, delta))
+ return (0);
+ bn_check_top(rnd);
+ return (1);
+}
+
+static int
+probable_prime_dh(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem,
+ BN_CTX *ctx)
+{
+ int i, ret = 0;
BIGNUM *t1;
BN_CTX_start(ctx);
- if ((t1 = BN_CTX_get(ctx)) == NULL) goto err;
+ if ((t1 = BN_CTX_get(ctx)) == NULL)
+ goto err;
- if (!BN_rand(rnd,bits,0,1)) goto err;
+ if (!BN_rand(rnd, bits, 0, 1))
+ goto err;
/* we need ((rnd-rem) % add) == 0 */
- if (!BN_mod(t1,rnd,add,ctx)) goto err;
- if (!BN_sub(rnd,rnd,t1)) goto err;
- if (rem == NULL)
- { if (!BN_add_word(rnd,1)) goto err; }
- else
- { if (!BN_add(rnd,rnd,rem)) goto err; }
+ if (!BN_mod(t1, rnd, add, ctx))
+ goto err;
+ if (!BN_sub(rnd, rnd, t1))
+ goto err;
+ if (rem == NULL) {
+ if (!BN_add_word(rnd, 1))
+ goto err;
+ } else {
+ if (!BN_add(rnd, rnd, rem))
+ goto err;
+ }
/* we now have a random number 'rand' to test. */
- loop: for (i=1; i<NUMPRIMES; i++)
- {
+loop:
+ for (i = 1; i < NUMPRIMES; i++) {
/* check that rnd is a prime */
- if (BN_mod_word(rnd,(BN_ULONG)primes[i]) <= 1)
- {
- if (!BN_add(rnd,rnd,add)) goto err;
+ if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) {
+ if (!BN_add(rnd, rnd, add))
+ goto err;
goto loop;
- }
}
- ret=1;
+ }
+ ret = 1;
+
err:
BN_CTX_end(ctx);
bn_check_top(rnd);
- return(ret);
- }
+ return (ret);
+}
-static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
- const BIGNUM *rem, BN_CTX *ctx)
- {
- int i,ret=0;
- BIGNUM *t1,*qadd,*q;
+static int
+probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
+ const BIGNUM *rem, BN_CTX *ctx)
+{
+ int i, ret = 0;
+ BIGNUM *t1, *qadd, *q;
bits--;
BN_CTX_start(ctx);
t1 = BN_CTX_get(ctx);
q = BN_CTX_get(ctx);
qadd = BN_CTX_get(ctx);
- if (qadd == NULL) goto err;
+ if (qadd == NULL)
+ goto err;
+
+ if (!BN_rshift1(qadd, padd))
+ goto err;
- if (!BN_rshift1(qadd,padd)) goto err;
-
- if (!BN_rand(q,bits,0,1)) goto err;
+ if (!BN_rand(q, bits, 0, 1))
+ goto err;
/* we need ((rnd-rem) % add) == 0 */
- if (!BN_mod(t1,q,qadd,ctx)) goto err;
- if (!BN_sub(q,q,t1)) goto err;
- if (rem == NULL)
- { if (!BN_add_word(q,1)) goto err; }
- else
- {
- if (!BN_rshift1(t1,rem)) goto err;
- if (!BN_add(q,q,t1)) goto err;
- }
+ if (!BN_mod(t1, q,qadd, ctx))
+ goto err;
+ if (!BN_sub(q, q, t1))
+ goto err;
+ if (rem == NULL) {
+ if (!BN_add_word(q, 1))
+ goto err;
+ } else {
+ if (!BN_rshift1(t1, rem))
+ goto err;
+ if (!BN_add(q, q, t1))
+ goto err;
+ }
/* we now have a random number 'rand' to test. */
- if (!BN_lshift1(p,q)) goto err;
- if (!BN_add_word(p,1)) goto err;
+ if (!BN_lshift1(p, q))
+ goto err;
+ if (!BN_add_word(p, 1))
+ goto err;
- loop: for (i=1; i<NUMPRIMES; i++)
- {
+loop:
+ for (i = 1; i < NUMPRIMES; i++) {
/* check that p and q are prime */
/* check that for p and q
* gcd(p-1,primes) == 1 (except for 2) */
- if ( (BN_mod_word(p,(BN_ULONG)primes[i]) == 0) ||
- (BN_mod_word(q,(BN_ULONG)primes[i]) == 0))
- {
- if (!BN_add(p,p,padd)) goto err;
- if (!BN_add(q,q,qadd)) goto err;
+ if ((BN_mod_word(p, (BN_ULONG)primes[i]) == 0) ||
+ (BN_mod_word(q, (BN_ULONG)primes[i]) == 0)) {
+ if (!BN_add(p, p, padd))
+ goto err;
+ if (!BN_add(q, q, qadd))
+ goto err;
goto loop;
- }
}
- ret=1;
+ }
+ ret = 1;
+
err:
BN_CTX_end(ctx);
bn_check_top(p);
- return(ret);
- }
+ return (ret);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#define NUMPRIMES 2048
typedef unsigned short prime_t;
-static const prime_t primes[NUMPRIMES]=
- {
- 2, 3, 5, 7, 11, 13, 17, 19,
- 23, 29, 31, 37, 41, 43, 47, 53,
- 59, 61, 67, 71, 73, 79, 83, 89,
- 97, 101, 103, 107, 109, 113, 127, 131,
- 137, 139, 149, 151, 157, 163, 167, 173,
- 179, 181, 191, 193, 197, 199, 211, 223,
- 227, 229, 233, 239, 241, 251, 257, 263,
- 269, 271, 277, 281, 283, 293, 307, 311,
- 313, 317, 331, 337, 347, 349, 353, 359,
- 367, 373, 379, 383, 389, 397, 401, 409,
- 419, 421, 431, 433, 439, 443, 449, 457,
- 461, 463, 467, 479, 487, 491, 499, 503,
- 509, 521, 523, 541, 547, 557, 563, 569,
- 571, 577, 587, 593, 599, 601, 607, 613,
- 617, 619, 631, 641, 643, 647, 653, 659,
- 661, 673, 677, 683, 691, 701, 709, 719,
- 727, 733, 739, 743, 751, 757, 761, 769,
- 773, 787, 797, 809, 811, 821, 823, 827,
- 829, 839, 853, 857, 859, 863, 877, 881,
- 883, 887, 907, 911, 919, 929, 937, 941,
- 947, 953, 967, 971, 977, 983, 991, 997,
- 1009,1013,1019,1021,1031,1033,1039,1049,
- 1051,1061,1063,1069,1087,1091,1093,1097,
- 1103,1109,1117,1123,1129,1151,1153,1163,
- 1171,1181,1187,1193,1201,1213,1217,1223,
- 1229,1231,1237,1249,1259,1277,1279,1283,
- 1289,1291,1297,1301,1303,1307,1319,1321,
- 1327,1361,1367,1373,1381,1399,1409,1423,
- 1427,1429,1433,1439,1447,1451,1453,1459,
- 1471,1481,1483,1487,1489,1493,1499,1511,
- 1523,1531,1543,1549,1553,1559,1567,1571,
- 1579,1583,1597,1601,1607,1609,1613,1619,
- 1621,1627,1637,1657,1663,1667,1669,1693,
- 1697,1699,1709,1721,1723,1733,1741,1747,
- 1753,1759,1777,1783,1787,1789,1801,1811,
- 1823,1831,1847,1861,1867,1871,1873,1877,
- 1879,1889,1901,1907,1913,1931,1933,1949,
- 1951,1973,1979,1987,1993,1997,1999,2003,
- 2011,2017,2027,2029,2039,2053,2063,2069,
- 2081,2083,2087,2089,2099,2111,2113,2129,
- 2131,2137,2141,2143,2153,2161,2179,2203,
- 2207,2213,2221,2237,2239,2243,2251,2267,
- 2269,2273,2281,2287,2293,2297,2309,2311,
- 2333,2339,2341,2347,2351,2357,2371,2377,
- 2381,2383,2389,2393,2399,2411,2417,2423,
- 2437,2441,2447,2459,2467,2473,2477,2503,
- 2521,2531,2539,2543,2549,2551,2557,2579,
- 2591,2593,2609,2617,2621,2633,2647,2657,
- 2659,2663,2671,2677,2683,2687,2689,2693,
- 2699,2707,2711,2713,2719,2729,2731,2741,
- 2749,2753,2767,2777,2789,2791,2797,2801,
- 2803,2819,2833,2837,2843,2851,2857,2861,
- 2879,2887,2897,2903,2909,2917,2927,2939,
- 2953,2957,2963,2969,2971,2999,3001,3011,
- 3019,3023,3037,3041,3049,3061,3067,3079,
- 3083,3089,3109,3119,3121,3137,3163,3167,
- 3169,3181,3187,3191,3203,3209,3217,3221,
- 3229,3251,3253,3257,3259,3271,3299,3301,
- 3307,3313,3319,3323,3329,3331,3343,3347,
- 3359,3361,3371,3373,3389,3391,3407,3413,
- 3433,3449,3457,3461,3463,3467,3469,3491,
- 3499,3511,3517,3527,3529,3533,3539,3541,
- 3547,3557,3559,3571,3581,3583,3593,3607,
- 3613,3617,3623,3631,3637,3643,3659,3671,
- 3673,3677,3691,3697,3701,3709,3719,3727,
- 3733,3739,3761,3767,3769,3779,3793,3797,
- 3803,3821,3823,3833,3847,3851,3853,3863,
- 3877,3881,3889,3907,3911,3917,3919,3923,
- 3929,3931,3943,3947,3967,3989,4001,4003,
- 4007,4013,4019,4021,4027,4049,4051,4057,
- 4073,4079,4091,4093,4099,4111,4127,4129,
- 4133,4139,4153,4157,4159,4177,4201,4211,
- 4217,4219,4229,4231,4241,4243,4253,4259,
- 4261,4271,4273,4283,4289,4297,4327,4337,
- 4339,4349,4357,4363,4373,4391,4397,4409,
- 4421,4423,4441,4447,4451,4457,4463,4481,
- 4483,4493,4507,4513,4517,4519,4523,4547,
- 4549,4561,4567,4583,4591,4597,4603,4621,
- 4637,4639,4643,4649,4651,4657,4663,4673,
- 4679,4691,4703,4721,4723,4729,4733,4751,
- 4759,4783,4787,4789,4793,4799,4801,4813,
- 4817,4831,4861,4871,4877,4889,4903,4909,
- 4919,4931,4933,4937,4943,4951,4957,4967,
- 4969,4973,4987,4993,4999,5003,5009,5011,
- 5021,5023,5039,5051,5059,5077,5081,5087,
- 5099,5101,5107,5113,5119,5147,5153,5167,
- 5171,5179,5189,5197,5209,5227,5231,5233,
- 5237,5261,5273,5279,5281,5297,5303,5309,
- 5323,5333,5347,5351,5381,5387,5393,5399,
- 5407,5413,5417,5419,5431,5437,5441,5443,
- 5449,5471,5477,5479,5483,5501,5503,5507,
- 5519,5521,5527,5531,5557,5563,5569,5573,
- 5581,5591,5623,5639,5641,5647,5651,5653,
- 5657,5659,5669,5683,5689,5693,5701,5711,
- 5717,5737,5741,5743,5749,5779,5783,5791,
- 5801,5807,5813,5821,5827,5839,5843,5849,
- 5851,5857,5861,5867,5869,5879,5881,5897,
- 5903,5923,5927,5939,5953,5981,5987,6007,
- 6011,6029,6037,6043,6047,6053,6067,6073,
- 6079,6089,6091,6101,6113,6121,6131,6133,
- 6143,6151,6163,6173,6197,6199,6203,6211,
- 6217,6221,6229,6247,6257,6263,6269,6271,
- 6277,6287,6299,6301,6311,6317,6323,6329,
- 6337,6343,6353,6359,6361,6367,6373,6379,
- 6389,6397,6421,6427,6449,6451,6469,6473,
- 6481,6491,6521,6529,6547,6551,6553,6563,
- 6569,6571,6577,6581,6599,6607,6619,6637,
- 6653,6659,6661,6673,6679,6689,6691,6701,
- 6703,6709,6719,6733,6737,6761,6763,6779,
- 6781,6791,6793,6803,6823,6827,6829,6833,
- 6841,6857,6863,6869,6871,6883,6899,6907,
- 6911,6917,6947,6949,6959,6961,6967,6971,
- 6977,6983,6991,6997,7001,7013,7019,7027,
- 7039,7043,7057,7069,7079,7103,7109,7121,
- 7127,7129,7151,7159,7177,7187,7193,7207,
- 7211,7213,7219,7229,7237,7243,7247,7253,
- 7283,7297,7307,7309,7321,7331,7333,7349,
- 7351,7369,7393,7411,7417,7433,7451,7457,
- 7459,7477,7481,7487,7489,7499,7507,7517,
- 7523,7529,7537,7541,7547,7549,7559,7561,
- 7573,7577,7583,7589,7591,7603,7607,7621,
- 7639,7643,7649,7669,7673,7681,7687,7691,
- 7699,7703,7717,7723,7727,7741,7753,7757,
- 7759,7789,7793,7817,7823,7829,7841,7853,
- 7867,7873,7877,7879,7883,7901,7907,7919,
- 7927,7933,7937,7949,7951,7963,7993,8009,
- 8011,8017,8039,8053,8059,8069,8081,8087,
- 8089,8093,8101,8111,8117,8123,8147,8161,
- 8167,8171,8179,8191,8209,8219,8221,8231,
- 8233,8237,8243,8263,8269,8273,8287,8291,
- 8293,8297,8311,8317,8329,8353,8363,8369,
- 8377,8387,8389,8419,8423,8429,8431,8443,
- 8447,8461,8467,8501,8513,8521,8527,8537,
- 8539,8543,8563,8573,8581,8597,8599,8609,
- 8623,8627,8629,8641,8647,8663,8669,8677,
- 8681,8689,8693,8699,8707,8713,8719,8731,
- 8737,8741,8747,8753,8761,8779,8783,8803,
- 8807,8819,8821,8831,8837,8839,8849,8861,
- 8863,8867,8887,8893,8923,8929,8933,8941,
- 8951,8963,8969,8971,8999,9001,9007,9011,
- 9013,9029,9041,9043,9049,9059,9067,9091,
- 9103,9109,9127,9133,9137,9151,9157,9161,
- 9173,9181,9187,9199,9203,9209,9221,9227,
- 9239,9241,9257,9277,9281,9283,9293,9311,
- 9319,9323,9337,9341,9343,9349,9371,9377,
- 9391,9397,9403,9413,9419,9421,9431,9433,
- 9437,9439,9461,9463,9467,9473,9479,9491,
- 9497,9511,9521,9533,9539,9547,9551,9587,
- 9601,9613,9619,9623,9629,9631,9643,9649,
- 9661,9677,9679,9689,9697,9719,9721,9733,
- 9739,9743,9749,9767,9769,9781,9787,9791,
- 9803,9811,9817,9829,9833,9839,9851,9857,
- 9859,9871,9883,9887,9901,9907,9923,9929,
- 9931,9941,9949,9967,9973,10007,10009,10037,
- 10039,10061,10067,10069,10079,10091,10093,10099,
- 10103,10111,10133,10139,10141,10151,10159,10163,
- 10169,10177,10181,10193,10211,10223,10243,10247,
- 10253,10259,10267,10271,10273,10289,10301,10303,
- 10313,10321,10331,10333,10337,10343,10357,10369,
- 10391,10399,10427,10429,10433,10453,10457,10459,
- 10463,10477,10487,10499,10501,10513,10529,10531,
- 10559,10567,10589,10597,10601,10607,10613,10627,
- 10631,10639,10651,10657,10663,10667,10687,10691,
- 10709,10711,10723,10729,10733,10739,10753,10771,
- 10781,10789,10799,10831,10837,10847,10853,10859,
- 10861,10867,10883,10889,10891,10903,10909,10937,
- 10939,10949,10957,10973,10979,10987,10993,11003,
- 11027,11047,11057,11059,11069,11071,11083,11087,
- 11093,11113,11117,11119,11131,11149,11159,11161,
- 11171,11173,11177,11197,11213,11239,11243,11251,
- 11257,11261,11273,11279,11287,11299,11311,11317,
- 11321,11329,11351,11353,11369,11383,11393,11399,
- 11411,11423,11437,11443,11447,11467,11471,11483,
- 11489,11491,11497,11503,11519,11527,11549,11551,
- 11579,11587,11593,11597,11617,11621,11633,11657,
- 11677,11681,11689,11699,11701,11717,11719,11731,
- 11743,11777,11779,11783,11789,11801,11807,11813,
- 11821,11827,11831,11833,11839,11863,11867,11887,
- 11897,11903,11909,11923,11927,11933,11939,11941,
- 11953,11959,11969,11971,11981,11987,12007,12011,
- 12037,12041,12043,12049,12071,12073,12097,12101,
- 12107,12109,12113,12119,12143,12149,12157,12161,
- 12163,12197,12203,12211,12227,12239,12241,12251,
- 12253,12263,12269,12277,12281,12289,12301,12323,
- 12329,12343,12347,12373,12377,12379,12391,12401,
- 12409,12413,12421,12433,12437,12451,12457,12473,
- 12479,12487,12491,12497,12503,12511,12517,12527,
- 12539,12541,12547,12553,12569,12577,12583,12589,
- 12601,12611,12613,12619,12637,12641,12647,12653,
- 12659,12671,12689,12697,12703,12713,12721,12739,
- 12743,12757,12763,12781,12791,12799,12809,12821,
- 12823,12829,12841,12853,12889,12893,12899,12907,
- 12911,12917,12919,12923,12941,12953,12959,12967,
- 12973,12979,12983,13001,13003,13007,13009,13033,
- 13037,13043,13049,13063,13093,13099,13103,13109,
- 13121,13127,13147,13151,13159,13163,13171,13177,
- 13183,13187,13217,13219,13229,13241,13249,13259,
- 13267,13291,13297,13309,13313,13327,13331,13337,
- 13339,13367,13381,13397,13399,13411,13417,13421,
- 13441,13451,13457,13463,13469,13477,13487,13499,
- 13513,13523,13537,13553,13567,13577,13591,13597,
- 13613,13619,13627,13633,13649,13669,13679,13681,
- 13687,13691,13693,13697,13709,13711,13721,13723,
- 13729,13751,13757,13759,13763,13781,13789,13799,
- 13807,13829,13831,13841,13859,13873,13877,13879,
- 13883,13901,13903,13907,13913,13921,13931,13933,
- 13963,13967,13997,13999,14009,14011,14029,14033,
- 14051,14057,14071,14081,14083,14087,14107,14143,
- 14149,14153,14159,14173,14177,14197,14207,14221,
- 14243,14249,14251,14281,14293,14303,14321,14323,
- 14327,14341,14347,14369,14387,14389,14401,14407,
- 14411,14419,14423,14431,14437,14447,14449,14461,
- 14479,14489,14503,14519,14533,14537,14543,14549,
- 14551,14557,14561,14563,14591,14593,14621,14627,
- 14629,14633,14639,14653,14657,14669,14683,14699,
- 14713,14717,14723,14731,14737,14741,14747,14753,
- 14759,14767,14771,14779,14783,14797,14813,14821,
- 14827,14831,14843,14851,14867,14869,14879,14887,
- 14891,14897,14923,14929,14939,14947,14951,14957,
- 14969,14983,15013,15017,15031,15053,15061,15073,
- 15077,15083,15091,15101,15107,15121,15131,15137,
- 15139,15149,15161,15173,15187,15193,15199,15217,
- 15227,15233,15241,15259,15263,15269,15271,15277,
- 15287,15289,15299,15307,15313,15319,15329,15331,
- 15349,15359,15361,15373,15377,15383,15391,15401,
- 15413,15427,15439,15443,15451,15461,15467,15473,
- 15493,15497,15511,15527,15541,15551,15559,15569,
- 15581,15583,15601,15607,15619,15629,15641,15643,
- 15647,15649,15661,15667,15671,15679,15683,15727,
- 15731,15733,15737,15739,15749,15761,15767,15773,
- 15787,15791,15797,15803,15809,15817,15823,15859,
- 15877,15881,15887,15889,15901,15907,15913,15919,
- 15923,15937,15959,15971,15973,15991,16001,16007,
- 16033,16057,16061,16063,16067,16069,16073,16087,
- 16091,16097,16103,16111,16127,16139,16141,16183,
- 16187,16189,16193,16217,16223,16229,16231,16249,
- 16253,16267,16273,16301,16319,16333,16339,16349,
- 16361,16363,16369,16381,16411,16417,16421,16427,
- 16433,16447,16451,16453,16477,16481,16487,16493,
- 16519,16529,16547,16553,16561,16567,16573,16603,
- 16607,16619,16631,16633,16649,16651,16657,16661,
- 16673,16691,16693,16699,16703,16729,16741,16747,
- 16759,16763,16787,16811,16823,16829,16831,16843,
- 16871,16879,16883,16889,16901,16903,16921,16927,
- 16931,16937,16943,16963,16979,16981,16987,16993,
- 17011,17021,17027,17029,17033,17041,17047,17053,
- 17077,17093,17099,17107,17117,17123,17137,17159,
- 17167,17183,17189,17191,17203,17207,17209,17231,
- 17239,17257,17291,17293,17299,17317,17321,17327,
- 17333,17341,17351,17359,17377,17383,17387,17389,
- 17393,17401,17417,17419,17431,17443,17449,17467,
- 17471,17477,17483,17489,17491,17497,17509,17519,
- 17539,17551,17569,17573,17579,17581,17597,17599,
- 17609,17623,17627,17657,17659,17669,17681,17683,
- 17707,17713,17729,17737,17747,17749,17761,17783,
- 17789,17791,17807,17827,17837,17839,17851,17863,
- };
+static const prime_t primes[NUMPRIMES] = {
+ 2, 3, 5, 7, 11, 13, 17, 19,
+ 23, 29, 31, 37, 41, 43, 47, 53,
+ 59, 61, 67, 71, 73, 79, 83, 89,
+ 97, 101, 103, 107, 109, 113, 127, 131,
+ 137, 139, 149, 151, 157, 163, 167, 173,
+ 179, 181, 191, 193, 197, 199, 211, 223,
+ 227, 229, 233, 239, 241, 251, 257, 263,
+ 269, 271, 277, 281, 283, 293, 307, 311,
+ 313, 317, 331, 337, 347, 349, 353, 359,
+ 367, 373, 379, 383, 389, 397, 401, 409,
+ 419, 421, 431, 433, 439, 443, 449, 457,
+ 461, 463, 467, 479, 487, 491, 499, 503,
+ 509, 521, 523, 541, 547, 557, 563, 569,
+ 571, 577, 587, 593, 599, 601, 607, 613,
+ 617, 619, 631, 641, 643, 647, 653, 659,
+ 661, 673, 677, 683, 691, 701, 709, 719,
+ 727, 733, 739, 743, 751, 757, 761, 769,
+ 773, 787, 797, 809, 811, 821, 823, 827,
+ 829, 839, 853, 857, 859, 863, 877, 881,
+ 883, 887, 907, 911, 919, 929, 937, 941,
+ 947, 953, 967, 971, 977, 983, 991, 997,
+ 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049,
+ 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097,
+ 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163,
+ 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223,
+ 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283,
+ 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321,
+ 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423,
+ 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459,
+ 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511,
+ 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571,
+ 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619,
+ 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693,
+ 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747,
+ 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811,
+ 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877,
+ 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949,
+ 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003,
+ 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069,
+ 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129,
+ 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203,
+ 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267,
+ 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311,
+ 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377,
+ 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423,
+ 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503,
+ 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579,
+ 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657,
+ 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693,
+ 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741,
+ 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801,
+ 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861,
+ 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939,
+ 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011,
+ 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079,
+ 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167,
+ 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221,
+ 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301,
+ 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347,
+ 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413,
+ 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491,
+ 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541,
+ 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607,
+ 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671,
+ 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727,
+ 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797,
+ 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863,
+ 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923,
+ 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003,
+ 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057,
+ 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129,
+ 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211,
+ 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259,
+ 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337,
+ 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409,
+ 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481,
+ 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547,
+ 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621,
+ 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673,
+ 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751,
+ 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813,
+ 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909,
+ 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967,
+ 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011,
+ 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087,
+ 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167,
+ 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233,
+ 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309,
+ 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399,
+ 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443,
+ 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507,
+ 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573,
+ 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653,
+ 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711,
+ 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791,
+ 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849,
+ 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897,
+ 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007,
+ 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073,
+ 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133,
+ 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211,
+ 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271,
+ 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329,
+ 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379,
+ 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473,
+ 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563,
+ 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637,
+ 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701,
+ 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779,
+ 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833,
+ 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907,
+ 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971,
+ 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027,
+ 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121,
+ 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207,
+ 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253,
+ 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349,
+ 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457,
+ 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517,
+ 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561,
+ 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621,
+ 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691,
+ 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757,
+ 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853,
+ 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919,
+ 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009,
+ 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087,
+ 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161,
+ 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231,
+ 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291,
+ 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369,
+ 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443,
+ 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537,
+ 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609,
+ 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677,
+ 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731,
+ 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803,
+ 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861,
+ 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941,
+ 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011,
+ 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091,
+ 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161,
+ 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227,
+ 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311,
+ 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377,
+ 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433,
+ 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491,
+ 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587,
+ 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649,
+ 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733,
+ 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791,
+ 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857,
+ 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929,
+ 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037,
+ 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099,
+ 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163,
+ 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247,
+ 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303,
+ 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369,
+ 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459,
+ 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531,
+ 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627,
+ 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691,
+ 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771,
+ 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859,
+ 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937,
+ 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003,
+ 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087,
+ 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161,
+ 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251,
+ 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317,
+ 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399,
+ 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483,
+ 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551,
+ 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657,
+ 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731,
+ 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813,
+ 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887,
+ 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941,
+ 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011,
+ 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101,
+ 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161,
+ 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251,
+ 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323,
+ 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401,
+ 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473,
+ 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527,
+ 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589,
+ 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653,
+ 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739,
+ 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821,
+ 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907,
+ 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967,
+ 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033,
+ 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109,
+ 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177,
+ 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259,
+ 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337,
+ 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421,
+ 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499,
+ 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597,
+ 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681,
+ 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723,
+ 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799,
+ 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879,
+ 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933,
+ 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033,
+ 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143,
+ 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221,
+ 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323,
+ 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407,
+ 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461,
+ 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549,
+ 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627,
+ 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699,
+ 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753,
+ 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821,
+ 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887,
+ 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957,
+ 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073,
+ 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137,
+ 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217,
+ 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277,
+ 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331,
+ 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401,
+ 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473,
+ 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569,
+ 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643,
+ 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727,
+ 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773,
+ 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859,
+ 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919,
+ 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007,
+ 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087,
+ 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183,
+ 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249,
+ 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349,
+ 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427,
+ 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493,
+ 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603,
+ 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661,
+ 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747,
+ 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843,
+ 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927,
+ 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993,
+ 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053,
+ 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159,
+ 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231,
+ 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327,
+ 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389,
+ 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467,
+ 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519,
+ 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599,
+ 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683,
+ 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783,
+ 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863,
+};
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
static const char Hex[]="0123456789ABCDEF";
/* Must 'free' the returned data */
-char *BN_bn2hex(const BIGNUM *a)
- {
- int i,j,v,z=0;
+char *
+BN_bn2hex(const BIGNUM *a)
+{
+ int i, j, v, z = 0;
char *buf;
char *p;
- buf=(char *)malloc(a->top*BN_BYTES*2+2);
- if (buf == NULL)
- {
- BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);
+ buf = (char *)malloc(a->top * BN_BYTES * 2 + 2);
+ if (buf == NULL) {
+ BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
goto err;
- }
- p=buf;
- if (a->neg) *(p++)='-';
- if (BN_is_zero(a)) *(p++)='0';
- for (i=a->top-1; i >=0; i--)
- {
- for (j=BN_BITS2-8; j >= 0; j-=8)
- {
+ }
+ p = buf;
+ if (a->neg)
+ *(p++) = '-';
+ if (BN_is_zero(a))
+ *(p++) = '0';
+ for (i = a->top - 1; i >=0; i--) {
+ for (j = BN_BITS2 - 8; j >= 0; j -= 8) {
/* strip leading zeros */
- v=((int)(a->d[i]>>(long)j))&0xff;
- if (z || (v != 0))
- {
- *(p++)=Hex[v>>4];
- *(p++)=Hex[v&0x0f];
- z=1;
- }
+ v = ((int)(a->d[i] >> (long)j)) & 0xff;
+ if (z || (v != 0)) {
+ *(p++) = Hex[v >> 4];
+ *(p++) = Hex[v & 0x0f];
+ z = 1;
}
}
- *p='\0';
-err:
- return(buf);
}
+ *p = '\0';
+
+err:
+ return (buf);
+}
/* Must 'free' the returned data */
-char *BN_bn2dec(const BIGNUM *a)
- {
- int i=0,num, ok = 0;
- char *buf=NULL;
+char *
+BN_bn2dec(const BIGNUM *a)
+{
+ int i = 0, num, ok = 0;
+ char *buf = NULL;
char *p;
- BIGNUM *t=NULL;
- BN_ULONG *bn_data=NULL,*lp;
+ BIGNUM *t = NULL;
+ BN_ULONG *bn_data = NULL, *lp;
/* get an upper bound for the length of the decimal integer
* num <= (BN_num_bits(a) + 1) * log(2)
* <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error)
- * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
+ * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
*/
- i=BN_num_bits(a)*3;
- num=(i/10+i/1000+1)+1;
- bn_data=(BN_ULONG *)malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));
- buf=(char *)malloc(num+3);
- if ((buf == NULL) || (bn_data == NULL))
- {
- BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE);
+ i = BN_num_bits(a) * 3;
+ num = (i / 10 + i / 1000 + 1) + 1;
+ bn_data = (BN_ULONG *)malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG));
+ buf = (char *)malloc(num + 3);
+ if ((buf == NULL) || (bn_data == NULL)) {
+ BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if ((t = BN_dup(a)) == NULL)
goto err;
- }
- if ((t=BN_dup(a)) == NULL) goto err;
#define BUF_REMAIN (num+3 - (size_t)(p - buf))
- p=buf;
- lp=bn_data;
- if (BN_is_zero(t))
- {
- *(p++)='0';
- *(p++)='\0';
- }
- else
- {
+ p = buf;
+ lp = bn_data;
+ if (BN_is_zero(t)) {
+ *(p++) = '0';
+ *(p++) = '\0';
+ } else {
if (BN_is_negative(t))
*p++ = '-';
- i=0;
- while (!BN_is_zero(t))
- {
- *lp=BN_div_word(t,BN_DEC_CONV);
+ i = 0;
+ while (!BN_is_zero(t)) {
+ *lp = BN_div_word(t, BN_DEC_CONV);
lp++;
- }
+ }
lp--;
/* We now have a series of blocks, BN_DEC_NUM chars
* in length, where the last one needs truncation.
* The blocks need to be reversed in order. */
- snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
- while (*p) p++;
- while (lp != bn_data)
- {
+ snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp);
+ while (*p)
+ p++;
+ while (lp != bn_data) {
lp--;
- snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
- while (*p) p++;
- }
+ snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp);
+ while (*p)
+ p++;
}
+ }
ok = 1;
+
err:
- if (bn_data != NULL) free(bn_data);
- if (t != NULL) BN_free(t);
- if (!ok && buf)
- {
+ if (bn_data != NULL)
+ free(bn_data);
+ if (t != NULL)
+ BN_free(t);
+ if (!ok && buf) {
free(buf);
buf = NULL;
- }
-
- return(buf);
}
-int BN_hex2bn(BIGNUM **bn, const char *a)
- {
- BIGNUM *ret=NULL;
- BN_ULONG l=0;
- int neg=0,h,m,i,j,k,c;
+ return (buf);
+}
+
+int
+BN_hex2bn(BIGNUM **bn, const char *a)
+{
+ BIGNUM *ret = NULL;
+ BN_ULONG l = 0;
+ int neg = 0, h, m, i,j, k, c;
int num;
- if ((a == NULL) || (*a == '\0')) return(0);
+ if ((a == NULL) || (*a == '\0'))
+ return (0);
- if (*a == '-') { neg=1; a++; }
+ if (*a == '-') {
+ neg = 1;
+ a++;
+ }
- for (i=0; isxdigit((unsigned char) a[i]); i++)
+ for (i = 0; isxdigit((unsigned char)a[i]); i++)
;
- num=i+neg;
- if (bn == NULL) return(num);
+ num = i + neg;
+ if (bn == NULL)
+ return (num);
/* a is the start of the hex digits, and it is 'i' long */
- if (*bn == NULL)
- {
- if ((ret=BN_new()) == NULL) return(0);
- }
- else
- {
+ if (*bn == NULL) {
+ if ((ret = BN_new()) == NULL)
+ return (0);
+ } else {
ret= *bn;
BN_zero(ret);
- }
+ }
/* i is the number of hex digests; */
- if (bn_expand(ret,i*4) == NULL) goto err;
-
- j=i; /* least significant 'hex' */
- m=0;
- h=0;
- while (j > 0)
- {
- m=((BN_BYTES*2) <= j)?(BN_BYTES*2):j;
- l=0;
- for (;;)
- {
- c=a[j-m];
- if ((c >= '0') && (c <= '9')) k=c-'0';
- else if ((c >= 'a') && (c <= 'f')) k=c-'a'+10;
- else if ((c >= 'A') && (c <= 'F')) k=c-'A'+10;
- else k=0; /* paranoia */
- l=(l<<4)|k;
-
- if (--m <= 0)
- {
- ret->d[h++]=l;
+ if (bn_expand(ret, i * 4) == NULL)
+ goto err;
+
+ j = i; /* least significant 'hex' */
+ m = 0;
+ h = 0;
+ while (j > 0) {
+ m = ((BN_BYTES*2) <= j) ? (BN_BYTES * 2) : j;
+ l = 0;
+ for (;;) {
+ c = a[j - m];
+ if ((c >= '0') && (c <= '9'))
+ k = c - '0';
+ else if ((c >= 'a') && (c <= 'f'))
+ k = c - 'a' + 10;
+ else if ((c >= 'A') && (c <= 'F'))
+ k = c - 'A' + 10;
+ else
+ k = 0; /* paranoia */
+ l = (l << 4) | k;
+
+ if (--m <= 0) {
+ ret->d[h++] = l;
break;
- }
}
- j-=(BN_BYTES*2);
}
- ret->top=h;
+ j -= (BN_BYTES * 2);
+ }
+ ret->top = h;
bn_correct_top(ret);
- ret->neg=neg;
+ ret->neg = neg;
- *bn=ret;
+ *bn = ret;
bn_check_top(ret);
- return(num);
-err:
- if (*bn == NULL) BN_free(ret);
- return(0);
- }
+ return (num);
-int BN_dec2bn(BIGNUM **bn, const char *a)
- {
- BIGNUM *ret=NULL;
- BN_ULONG l=0;
- int neg=0,i,j;
+err:
+ if (*bn == NULL)
+ BN_free(ret);
+ return (0);
+}
+
+int
+BN_dec2bn(BIGNUM **bn, const char *a)
+{
+ BIGNUM *ret = NULL;
+ BN_ULONG l = 0;
+ int neg = 0, i, j;
int num;
- if ((a == NULL) || (*a == '\0')) return(0);
- if (*a == '-') { neg=1; a++; }
+ if ((a == NULL) || (*a == '\0'))
+ return (0);
+ if (*a == '-') {
+ neg = 1;
+ a++;
+ }
- for (i=0; isdigit((unsigned char) a[i]); i++)
+ for (i = 0; isdigit((unsigned char)a[i]); i++)
;
- num=i+neg;
- if (bn == NULL) return(num);
+ num = i + neg;
+ if (bn == NULL)
+ return (num);
/* a is the start of the digits, and it is 'i' long.
* We chop it into BN_DEC_NUM digits at a time */
- if (*bn == NULL)
- {
- if ((ret=BN_new()) == NULL) return(0);
- }
- else
- {
- ret= *bn;
+ if (*bn == NULL) {
+ if ((ret = BN_new()) == NULL)
+ return (0);
+ } else {
+ ret = *bn;
BN_zero(ret);
- }
+ }
/* i is the number of digests, a bit of an over expand; */
- if (bn_expand(ret,i*4) == NULL) goto err;
-
- j=BN_DEC_NUM-(i%BN_DEC_NUM);
- if (j == BN_DEC_NUM) j=0;
- l=0;
- while (*a)
- {
- l*=10;
- l+= *a-'0';
+ if (bn_expand(ret, i * 4) == NULL)
+ goto err;
+
+ j = BN_DEC_NUM - (i % BN_DEC_NUM);
+ if (j == BN_DEC_NUM)
+ j = 0;
+ l = 0;
+ while (*a) {
+ l *= 10;
+ l += *a - '0';
a++;
- if (++j == BN_DEC_NUM)
- {
- BN_mul_word(ret,BN_DEC_CONV);
- BN_add_word(ret,l);
- l=0;
- j=0;
- }
+ if (++j == BN_DEC_NUM) {
+ BN_mul_word(ret, BN_DEC_CONV);
+ BN_add_word(ret, l);
+ l = 0;
+ j = 0;
}
- ret->neg=neg;
+ }
+ ret->neg = neg;
bn_correct_top(ret);
- *bn=ret;
+ *bn = ret;
bn_check_top(ret);
- return(num);
+ return (num);
+
err:
- if (*bn == NULL) BN_free(ret);
- return(0);
- }
+ if (*bn == NULL)
+ BN_free(ret);
+ return (0);
+}
-int BN_asc2bn(BIGNUM **bn, const char *a)
- {
+int
+BN_asc2bn(BIGNUM **bn, const char *a)
+{
const char *p = a;
if (*p == '-')
p++;
- if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x'))
- {
+ if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x')) {
if (!BN_hex2bn(bn, p + 2))
return 0;
- }
- else
- {
+ } else {
if (!BN_dec2bn(bn, p))
return 0;
- }
+ }
if (*a == '-')
(*bn)->neg = 1;
return 1;
- }
+}
#ifndef OPENSSL_NO_BIO
#ifndef OPENSSL_NO_FP_API
-int BN_print_fp(FILE *fp, const BIGNUM *a)
- {
+int
+BN_print_fp(FILE *fp, const BIGNUM *a)
+{
BIO *b;
int ret;
- if ((b=BIO_new(BIO_s_file())) == NULL)
- return(0);
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=BN_print(b,a);
+ if ((b = BIO_new(BIO_s_file())) == NULL)
+ return (0);
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = BN_print(b, a);
BIO_free(b);
- return(ret);
- }
+ return (ret);
+}
#endif
-int BN_print(BIO *bp, const BIGNUM *a)
- {
- int i,j,v,z=0;
- int ret=0;
-
- if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end;
- if (BN_is_zero(a) && (BIO_write(bp,"0",1) != 1)) goto end;
- for (i=a->top-1; i >=0; i--)
- {
- for (j=BN_BITS2-4; j >= 0; j-=4)
- {
+int
+BN_print(BIO *bp, const BIGNUM *a)
+{
+ int i, j, v, z = 0;
+ int ret = 0;
+
+ if ((a->neg) && (BIO_write(bp, "-", 1) != 1))
+ goto end;
+ if (BN_is_zero(a) && (BIO_write(bp, "0", 1) != 1))
+ goto end;
+ for (i = a->top - 1; i >= 0; i--) {
+ for (j = BN_BITS2 - 4; j >= 0; j -= 4) {
/* strip leading zeros */
- v=((int)(a->d[i]>>(long)j))&0x0f;
- if (z || (v != 0))
- {
- if (BIO_write(bp,&(Hex[v]),1) != 1)
+ v = ((int)(a->d[i] >> (long)j)) & 0x0f;
+ if (z || (v != 0)) {
+ if (BIO_write(bp, &(Hex[v]), 1) != 1)
goto end;
- z=1;
- }
+ z = 1;
}
}
- ret=1;
-end:
- return(ret);
}
+ ret = 1;
+
+end:
+ return (ret);
+}
#endif
-char *BN_options(void)
- {
- static int init=0;
+char *
+BN_options(void)
+{
+ static int init = 0;
static char data[16];
- if (!init)
- {
+ if (!init) {
init++;
#ifdef BN_LLONG
- snprintf(data,sizeof data,"bn(%d,%d)",
- (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
+ snprintf(data,sizeof data, "bn(%d,%d)",
+ (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8);
#else
- snprintf(data,sizeof data,"bn(%d,%d)",
- (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
+ snprintf(data,sizeof data, "bn(%d,%d)",
+ (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8);
#endif
- }
- return(data);
}
+ return (data);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#include "bn_lcl.h"
#include <openssl/rand.h>
-static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
- {
- unsigned char *buf=NULL;
- int ret=0,bit,bytes,mask;
+static int
+bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
+{
+ unsigned char *buf = NULL;
+ int ret = 0, bit, bytes, mask;
- if (bits == 0)
- {
+ if (bits == 0) {
BN_zero(rnd);
return 1;
- }
+ }
- bytes=(bits+7)/8;
- bit=(bits-1)%8;
- mask=0xff<<(bit+1);
+ bytes = (bits + 7) / 8;
+ bit = (bits - 1) % 8;
+ mask = 0xff << (bit + 1);
- buf=(unsigned char *)malloc(bytes);
- if (buf == NULL)
- {
- BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE);
+ buf = (unsigned char *)malloc(bytes);
+ if (buf == NULL) {
+ BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE);
goto err;
- }
+ }
/* make a random number and set the top and bottom bits */
- if (pseudorand)
- {
+ if (pseudorand) {
if (RAND_pseudo_bytes(buf, bytes) == -1)
goto err;
- }
- else
- {
+ } else {
if (RAND_bytes(buf, bytes) <= 0)
goto err;
- }
+ }
#if 1
- if (pseudorand == 2)
- {
+ if (pseudorand == 2) {
/* generate patterns that are more likely to trigger BN
library bugs */
int i;
unsigned char c;
- for (i = 0; i < bytes; i++)
- {
+ for (i = 0; i < bytes; i++) {
RAND_pseudo_bytes(&c, 1);
if (c >= 128 && i > 0)
- buf[i] = buf[i-1];
+ buf[i] = buf[i - 1];
else if (c < 42)
buf[i] = 0;
else if (c < 84)
buf[i] = 255;
- }
}
+ }
#endif
- if (top != -1)
- {
- if (top)
- {
- if (bit == 0)
- {
- buf[0]=1;
- buf[1]|=0x80;
- }
- else
- {
- buf[0]|=(3<<(bit-1));
- }
- }
- else
- {
- buf[0]|=(1<<bit);
+ if (top != -1) {
+ if (top) {
+ if (bit == 0) {
+ buf[0] = 1;
+ buf[1] |= 0x80;
+ } else {
+ buf[0] |= (3 << (bit - 1));
}
+ } else {
+ buf[0] |= (1 << bit);
}
+ }
buf[0] &= ~mask;
if (bottom) /* set bottom bit if requested */
- buf[bytes-1]|=1;
- if (!BN_bin2bn(buf,bytes,rnd)) goto err;
- ret=1;
+ buf[bytes - 1] |= 1;
+ if (!BN_bin2bn(buf, bytes, rnd))
+ goto err;
+ ret = 1;
+
err:
- if (buf != NULL)
- {
- OPENSSL_cleanse(buf,bytes);
+ if (buf != NULL) {
+ OPENSSL_cleanse(buf, bytes);
free(buf);
- }
- bn_check_top(rnd);
- return(ret);
}
+ bn_check_top(rnd);
+ return (ret);
+}
-int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
- {
+int
+BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
return bnrand(0, rnd, bits, top, bottom);
- }
+}
-int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
- {
+int
+BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
return bnrand(1, rnd, bits, top, bottom);
- }
+}
#if 1
-int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
- {
+int
+BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
return bnrand(2, rnd, bits, top, bottom);
- }
+}
#endif
/* random number r: 0 <= r < range */
-static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
- {
+static int
+bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
+{
int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
int n;
int count = 100;
- if (range->neg || BN_is_zero(range))
- {
+ if (range->neg || BN_is_zero(range)) {
BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
return 0;
- }
+ }
n = BN_num_bits(range); /* n > 0 */
if (n == 1)
BN_zero(r);
- else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
- {
+ else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
/* range = 100..._2,
* so 3*range (= 11..._2) is exactly one bit longer than range */
- do
- {
- if (!bn_rand(r, n + 1, -1, 0)) return 0;
+ do {
+ if (!bn_rand(r, n + 1, -1, 0))
+ return 0;
/* If r < 3*range, use r := r MOD range
* (which is either r, r - range, or r - 2*range).
* Otherwise, iterate once more.
* Since 3*range = 11..._2, each iteration succeeds with
* probability >= .75. */
- if (BN_cmp(r ,range) >= 0)
- {
- if (!BN_sub(r, r, range)) return 0;
+ if (BN_cmp(r, range) >= 0) {
+ if (!BN_sub(r, r, range))
+ return 0;
if (BN_cmp(r, range) >= 0)
- if (!BN_sub(r, r, range)) return 0;
- }
+ if (!BN_sub(r, r, range))
+ return 0;
+ }
- if (!--count)
- {
- BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+ if (!--count) {
+ BNerr(BN_F_BN_RAND_RANGE,
+ BN_R_TOO_MANY_ITERATIONS);
return 0;
- }
-
}
- while (BN_cmp(r, range) >= 0);
- }
- else
- {
- do
- {
+
+ } while (BN_cmp(r, range) >= 0);
+ } else {
+ do {
/* range = 11..._2 or range = 101..._2 */
- if (!bn_rand(r, n, -1, 0)) return 0;
+ if (!bn_rand(r, n, -1, 0))
+ return 0;
- if (!--count)
- {
- BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+ if (!--count) {
+ BNerr(BN_F_BN_RAND_RANGE,
+ BN_R_TOO_MANY_ITERATIONS);
return 0;
- }
}
- while (BN_cmp(r, range) >= 0);
- }
+ } while (BN_cmp(r, range) >= 0);
+ }
bn_check_top(r);
return 1;
- }
-
+}
-int BN_rand_range(BIGNUM *r, const BIGNUM *range)
- {
+int
+BN_rand_range(BIGNUM *r, const BIGNUM *range)
+{
return bn_rand_range(0, r, range);
- }
+}
-int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
- {
+int
+BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
+{
return bn_rand_range(1, r, range);
- }
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#include "cryptlib.h"
#include "bn_lcl.h"
-void BN_RECP_CTX_init(BN_RECP_CTX *recp)
- {
+void
+BN_RECP_CTX_init(BN_RECP_CTX *recp)
+{
BN_init(&(recp->N));
BN_init(&(recp->Nr));
- recp->num_bits=0;
- recp->flags=0;
- }
+ recp->num_bits = 0;
+ recp->flags = 0;
+}
-BN_RECP_CTX *BN_RECP_CTX_new(void)
- {
+BN_RECP_CTX *
+BN_RECP_CTX_new(void)
+{
BN_RECP_CTX *ret;
- if ((ret=(BN_RECP_CTX *)malloc(sizeof(BN_RECP_CTX))) == NULL)
- return(NULL);
+ if ((ret = (BN_RECP_CTX *)malloc(sizeof(BN_RECP_CTX))) == NULL)
+ return (NULL);
BN_RECP_CTX_init(ret);
- ret->flags=BN_FLG_MALLOCED;
- return(ret);
- }
+ ret->flags = BN_FLG_MALLOCED;
+ return (ret);
+}
-void BN_RECP_CTX_free(BN_RECP_CTX *recp)
- {
- if(recp == NULL)
- return;
+void
+BN_RECP_CTX_free(BN_RECP_CTX *recp)
+{
+ if (recp == NULL)
+ return;
BN_free(&(recp->N));
BN_free(&(recp->Nr));
if (recp->flags & BN_FLG_MALLOCED)
free(recp);
- }
+}
-int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
- {
- if (!BN_copy(&(recp->N),d)) return 0;
+int
+BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
+{
+ if (!BN_copy(&(recp->N), d))
+ return 0;
BN_zero(&(recp->Nr));
- recp->num_bits=BN_num_bits(d);
- recp->shift=0;
- return(1);
- }
+ recp->num_bits = BN_num_bits(d);
+ recp->shift = 0;
+ return (1);
+}
-int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
- BN_RECP_CTX *recp, BN_CTX *ctx)
- {
- int ret=0;
+int
+BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+ BN_RECP_CTX *recp, BN_CTX *ctx)
+{
+ int ret = 0;
BIGNUM *a;
const BIGNUM *ca;
BN_CTX_start(ctx);
- if ((a = BN_CTX_get(ctx)) == NULL) goto err;
- if (y != NULL)
- {
- if (x == y)
- { if (!BN_sqr(a,x,ctx)) goto err; }
- else
- { if (!BN_mul(a,x,y,ctx)) goto err; }
- ca = a;
+ if ((a = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ if (y != NULL) {
+ if (x == y) {
+ if (!BN_sqr(a, x, ctx))
+ goto err;
+ } else {
+ if (!BN_mul(a, x, y, ctx))
+ goto err;
}
- else
- ca=x; /* Just do the mod */
+ ca = a;
+ } else
+ ca = x; /* Just do the mod */
+
+ ret = BN_div_recp(NULL, r, ca, recp, ctx);
- ret = BN_div_recp(NULL,r,ca,recp,ctx);
err:
BN_CTX_end(ctx);
bn_check_top(r);
- return(ret);
- }
+ return (ret);
+}
-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
- BN_RECP_CTX *recp, BN_CTX *ctx)
- {
- int i,j,ret=0;
- BIGNUM *a,*b,*d,*r;
+int
+BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
+ BN_CTX *ctx)
+{
+ int i, j, ret = 0;
+ BIGNUM *a, *b, *d, *r;
BN_CTX_start(ctx);
- a=BN_CTX_get(ctx);
- b=BN_CTX_get(ctx);
+ a = BN_CTX_get(ctx);
+ b = BN_CTX_get(ctx);
if (dv != NULL)
- d=dv;
+ d = dv;
else
- d=BN_CTX_get(ctx);
+ d = BN_CTX_get(ctx);
if (rem != NULL)
- r=rem;
+ r = rem;
else
- r=BN_CTX_get(ctx);
- if (a == NULL || b == NULL || d == NULL || r == NULL) goto err;
+ r = BN_CTX_get(ctx);
+ if (a == NULL || b == NULL || d == NULL || r == NULL)
+ goto err;
- if (BN_ucmp(m,&(recp->N)) < 0)
- {
+ if (BN_ucmp(m, &(recp->N)) < 0) {
BN_zero(d);
- if (!BN_copy(r,m)) return 0;
+ if (!BN_copy(r, m))
+ return 0;
BN_CTX_end(ctx);
- return(1);
- }
+ return (1);
+ }
/* We want the remainder
* Given input of ABCDEF / ab
*/
/* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
- i=BN_num_bits(m);
- j=recp->num_bits<<1;
- if (j>i) i=j;
+ i = BN_num_bits(m);
+ j = recp->num_bits << 1;
+ if (j > i)
+ i = j;
/* Nr := round(2^i / N) */
if (i != recp->shift)
- recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N),
- i,ctx); /* BN_reciprocal returns i, or -1 for an error */
- if (recp->shift == -1) goto err;
+ recp->shift = BN_reciprocal(&(recp->Nr), &(recp->N), i, ctx); /* BN_reciprocal returns i, or -1 for an error */
+ if (recp->shift == -1)
+ goto err;
/* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
* = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
* <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
* = |m/N|
*/
- if (!BN_rshift(a,m,recp->num_bits)) goto err;
- if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err;
- if (!BN_rshift(d,b,i-recp->num_bits)) goto err;
- d->neg=0;
+ if (!BN_rshift(a, m, recp->num_bits))
+ goto err;
+ if (!BN_mul(b, a,&(recp->Nr), ctx))
+ goto err;
+ if (!BN_rshift(d, b, i - recp->num_bits))
+ goto err;
+ d->neg = 0;
- if (!BN_mul(b,&(recp->N),d,ctx)) goto err;
- if (!BN_usub(r,m,b)) goto err;
- r->neg=0;
+ if (!BN_mul(b, &(recp->N), d, ctx))
+ goto err;
+ if (!BN_usub(r, m, b))
+ goto err;
+ r->neg = 0;
#if 1
- j=0;
- while (BN_ucmp(r,&(recp->N)) >= 0)
- {
- if (j++ > 2)
- {
- BNerr(BN_F_BN_DIV_RECP,BN_R_BAD_RECIPROCAL);
+ j = 0;
+ while (BN_ucmp(r, &(recp->N)) >= 0) {
+ if (j++ > 2) {
+ BNerr(BN_F_BN_DIV_RECP, BN_R_BAD_RECIPROCAL);
goto err;
- }
- if (!BN_usub(r,r,&(recp->N))) goto err;
- if (!BN_add_word(d,1)) goto err;
}
+ if (!BN_usub(r, r, &(recp->N)))
+ goto err;
+ if (!BN_add_word(d, 1))
+ goto err;
+ }
#endif
- r->neg=BN_is_zero(r)?0:m->neg;
- d->neg=m->neg^recp->N.neg;
- ret=1;
+ r->neg = BN_is_zero(r) ? 0 : m->neg;
+ d->neg = m->neg^recp->N.neg;
+ ret = 1;
+
err:
BN_CTX_end(ctx);
bn_check_top(dv);
bn_check_top(rem);
- return(ret);
- }
+ return (ret);
+}
/* len is the expected size of the result
* We actually calculate with an extra word of precision, so
* we can do faster division if the remainder is not required.
*/
/* r := 2^len / m */
-int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
- {
- int ret= -1;
+int
+BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
+{
+ int ret = -1;
BIGNUM *t;
BN_CTX_start(ctx);
- if((t = BN_CTX_get(ctx)) == NULL) goto err;
+ if ((t = BN_CTX_get(ctx)) == NULL)
+ goto err;
- if (!BN_set_bit(t,len)) goto err;
+ if (!BN_set_bit(t, len))
+ goto err;
- if (!BN_div(r,NULL,t,m,ctx)) goto err;
+ if (!BN_div(r, NULL, t,m, ctx))
+ goto err;
+
+ ret = len;
- ret=len;
err:
bn_check_top(r);
BN_CTX_end(ctx);
- return(ret);
- }
+ return (ret);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#include "cryptlib.h"
#include "bn_lcl.h"
-int BN_lshift1(BIGNUM *r, const BIGNUM *a)
- {
- register BN_ULONG *ap,*rp,t,c;
+int
+BN_lshift1(BIGNUM *r, const BIGNUM *a)
+{
+ register BN_ULONG *ap, *rp, t, c;
int i;
bn_check_top(r);
bn_check_top(a);
- if (r != a)
- {
- r->neg=a->neg;
- if (bn_wexpand(r,a->top+1) == NULL) return(0);
- r->top=a->top;
- }
- else
- {
- if (bn_wexpand(r,a->top+1) == NULL) return(0);
- }
- ap=a->d;
- rp=r->d;
- c=0;
- for (i=0; i<a->top; i++)
- {
+ if (r != a) {
+ r->neg = a->neg;
+ if (bn_wexpand(r, a->top + 1) == NULL)
+ return (0);
+ r->top = a->top;
+ } else {
+ if (bn_wexpand(r, a->top + 1) == NULL)
+ return (0);
+ }
+ ap = a->d;
+ rp = r->d;
+ c = 0;
+ for (i = 0; i < a->top; i++) {
t= *(ap++);
- *(rp++)=((t<<1)|c)&BN_MASK2;
- c=(t & BN_TBIT)?1:0;
- }
- if (c)
- {
- *rp=1;
+ *(rp++) = ((t << 1) | c) & BN_MASK2;
+ c = (t & BN_TBIT) ? 1 : 0;
+ }
+ if (c) {
+ *rp = 1;
r->top++;
- }
- bn_check_top(r);
- return(1);
}
+ bn_check_top(r);
+ return (1);
+}
-int BN_rshift1(BIGNUM *r, const BIGNUM *a)
- {
- BN_ULONG *ap,*rp,t,c;
- int i,j;
+int
+BN_rshift1(BIGNUM *r, const BIGNUM *a)
+{
+ BN_ULONG *ap, *rp, t, c;
+ int i, j;
bn_check_top(r);
bn_check_top(a);
- if (BN_is_zero(a))
- {
+ if (BN_is_zero(a)) {
BN_zero(r);
- return(1);
- }
+ return (1);
+ }
i = a->top;
- ap= a->d;
- j = i-(ap[i-1]==1);
- if (a != r)
- {
- if (bn_wexpand(r,j) == NULL) return(0);
- r->neg=a->neg;
- }
- rp=r->d;
- t=ap[--i];
- c=(t&1)?BN_TBIT:0;
- if (t>>=1) rp[i]=t;
- while (i>0)
- {
- t=ap[--i];
- rp[i]=((t>>1)&BN_MASK2)|c;
- c=(t&1)?BN_TBIT:0;
- }
- r->top=j;
- bn_check_top(r);
- return(1);
+ ap = a->d;
+ j = i - (ap[i - 1]==1);
+ if (a != r) {
+ if (bn_wexpand(r, j) == NULL)
+ return (0);
+ r->neg = a->neg;
}
+ rp = r->d;
+ t = ap[--i];
+ c = (t & 1) ? BN_TBIT : 0;
+ if (t >>= 1)
+ rp[i] = t;
+ while (i > 0) {
+ t = ap[--i];
+ rp[i] = ((t >> 1) & BN_MASK2) | c;
+ c = (t & 1) ? BN_TBIT : 0;
+ }
+ r->top = j;
+ bn_check_top(r);
+ return (1);
+}
-int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
- {
- int i,nw,lb,rb;
- BN_ULONG *t,*f;
+int
+BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
+{
+ int i, nw, lb, rb;
+ BN_ULONG *t, *f;
BN_ULONG l;
bn_check_top(r);
bn_check_top(a);
- r->neg=a->neg;
- nw=n/BN_BITS2;
- if (bn_wexpand(r,a->top+nw+1) == NULL) return(0);
- lb=n%BN_BITS2;
- rb=BN_BITS2-lb;
- f=a->d;
- t=r->d;
- t[a->top+nw]=0;
+ r->neg = a->neg;
+ nw = n / BN_BITS2;
+ if (bn_wexpand(r, a->top + nw + 1) == NULL)
+ return (0);
+ lb = n % BN_BITS2;
+ rb = BN_BITS2 - lb;
+ f = a->d;
+ t = r->d;
+ t[a->top + nw] = 0;
if (lb == 0)
- for (i=a->top-1; i>=0; i--)
- t[nw+i]=f[i];
+ for (i = a->top - 1; i >= 0; i--)
+ t[nw + i] = f[i];
else
- for (i=a->top-1; i>=0; i--)
- {
- l=f[i];
- t[nw+i+1]|=(l>>rb)&BN_MASK2;
- t[nw+i]=(l<<lb)&BN_MASK2;
- }
- memset(t,0,nw*sizeof(t[0]));
+ for (i = a->top - 1; i >= 0; i--) {
+ l = f[i];
+ t[nw + i + 1] |= (l >> rb) & BN_MASK2;
+ t[nw + i] = (l << lb) & BN_MASK2;
+ }
+ memset(t, 0, nw * sizeof(t[0]));
/* for (i=0; i<nw; i++)
t[i]=0;*/
- r->top=a->top+nw+1;
+ r->top = a->top + nw + 1;
bn_correct_top(r);
bn_check_top(r);
- return(1);
- }
+ return (1);
+}
-int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
- {
- int i,j,nw,lb,rb;
- BN_ULONG *t,*f;
- BN_ULONG l,tmp;
+int
+BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
+{
+ int i, j, nw, lb, rb;
+ BN_ULONG *t, *f;
+ BN_ULONG l, tmp;
bn_check_top(r);
bn_check_top(a);
- nw=n/BN_BITS2;
- rb=n%BN_BITS2;
- lb=BN_BITS2-rb;
- if (nw >= a->top || a->top == 0)
- {
+ nw = n / BN_BITS2;
+ rb = n % BN_BITS2;
+ lb = BN_BITS2 - rb;
+ if (nw >= a->top || a->top == 0) {
BN_zero(r);
- return(1);
- }
- i = (BN_num_bits(a)-n+(BN_BITS2-1))/BN_BITS2;
- if (r != a)
- {
- r->neg=a->neg;
- if (bn_wexpand(r,i) == NULL) return(0);
- }
- else
- {
+ return (1);
+ }
+ i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2;
+ if (r != a) {
+ r->neg = a->neg;
+ if (bn_wexpand(r, i) == NULL)
+ return (0);
+ } else {
if (n == 0)
return 1; /* or the copying loop will go berserk */
- }
+ }
- f= &(a->d[nw]);
- t=r->d;
- j=a->top-nw;
- r->top=i;
+ f = &(a->d[nw]);
+ t = r->d;
+ j = a->top - nw;
+ r->top = i;
- if (rb == 0)
- {
- for (i=j; i != 0; i--)
- *(t++)= *(f++);
+ if (rb == 0) {
+ for (i = j; i != 0; i--)
+ *(t++) = *(f++);
+ } else {
+ l = *(f++);
+ for (i = j - 1; i != 0; i--) {
+ tmp = (l >> rb) & BN_MASK2;
+ l = *(f++);
+ *(t++) = (tmp|(l << lb)) & BN_MASK2;
}
- else
- {
- l= *(f++);
- for (i=j-1; i != 0; i--)
- {
- tmp =(l>>rb)&BN_MASK2;
- l= *(f++);
- *(t++) =(tmp|(l<<lb))&BN_MASK2;
- }
- if ((l = (l>>rb)&BN_MASK2)) *(t) = l;
- }
- bn_check_top(r);
- return(1);
+ if ((l = (l >> rb) & BN_MASK2))
+ *(t) = l;
}
+ bn_check_top(r);
+ return (1);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
/* r must not be a */
/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */
-int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
- {
- int max,al;
+int
+BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+{
+ int max, al;
int ret = 0;
- BIGNUM *tmp,*rr;
+ BIGNUM *tmp, *rr;
#ifdef BN_COUNT
- fprintf(stderr,"BN_sqr %d * %d\n",a->top,a->top);
+ fprintf(stderr, "BN_sqr %d * %d\n", a->top, a->top);
#endif
bn_check_top(a);
- al=a->top;
- if (al <= 0)
- {
- r->top=0;
+ al = a->top;
+ if (al <= 0) {
+ r->top = 0;
return 1;
- }
+ }
BN_CTX_start(ctx);
- rr=(a != r) ? r : BN_CTX_get(ctx);
- tmp=BN_CTX_get(ctx);
- if (!rr || !tmp) goto err;
+ rr = (a != r) ? r : BN_CTX_get(ctx);
+ tmp = BN_CTX_get(ctx);
+ if (!rr || !tmp)
+ goto err;
max = 2 * al; /* Non-zero (from above) */
- if (bn_wexpand(rr,max) == NULL) goto err;
+ if (bn_wexpand(rr, max) == NULL)
+ goto err;
- if (al == 4)
- {
+ if (al == 4) {
#ifndef BN_SQR_COMBA
BN_ULONG t[8];
- bn_sqr_normal(rr->d,a->d,4,t);
+ bn_sqr_normal(rr->d, a->d, 4, t);
#else
- bn_sqr_comba4(rr->d,a->d);
+ bn_sqr_comba4(rr->d, a->d);
#endif
- }
- else if (al == 8)
- {
+ } else if (al == 8) {
#ifndef BN_SQR_COMBA
BN_ULONG t[16];
- bn_sqr_normal(rr->d,a->d,8,t);
+ bn_sqr_normal(rr->d, a->d, 8, t);
#else
- bn_sqr_comba8(rr->d,a->d);
+ bn_sqr_comba8(rr->d, a->d);
#endif
- }
- else
- {
+ } else {
#if defined(BN_RECURSION)
- if (al < BN_SQR_RECURSIVE_SIZE_NORMAL)
- {
+ if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) {
BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2];
- bn_sqr_normal(rr->d,a->d,al,t);
- }
- else
- {
- int j,k;
+ bn_sqr_normal(rr->d, a->d, al, t);
+ } else {
+ int j, k;
- j=BN_num_bits_word((BN_ULONG)al);
- j=1<<(j-1);
- k=j+j;
- if (al == j)
- {
- if (bn_wexpand(tmp,k*2) == NULL) goto err;
- bn_sqr_recursive(rr->d,a->d,al,tmp->d);
- }
- else
- {
- if (bn_wexpand(tmp,max) == NULL) goto err;
- bn_sqr_normal(rr->d,a->d,al,tmp->d);
- }
+ j = BN_num_bits_word((BN_ULONG)al);
+ j = 1 << (j - 1);
+ k = j + j;
+ if (al == j) {
+ if (bn_wexpand(tmp, k * 2) == NULL)
+ goto err;
+ bn_sqr_recursive(rr->d, a->d, al, tmp->d);
+ } else {
+ if (bn_wexpand(tmp, max) == NULL)
+ goto err;
+ bn_sqr_normal(rr->d, a->d, al, tmp->d);
}
+ }
#else
- if (bn_wexpand(tmp,max) == NULL) goto err;
- bn_sqr_normal(rr->d,a->d,al,tmp->d);
+ if (bn_wexpand(tmp, max) == NULL)
+ goto err;
+ bn_sqr_normal(rr->d, a->d, al, tmp->d);
#endif
- }
+ }
- rr->neg=0;
+ rr->neg = 0;
/* If the most-significant half of the top word of 'a' is zero, then
* the square of 'a' will max-1 words. */
- if(a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
+ if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
rr->top = max - 1;
else
rr->top = max;
- if (rr != r) BN_copy(r,rr);
+ if (rr != r)
+ BN_copy(r, rr);
ret = 1;
- err:
+
+err:
bn_check_top(rr);
bn_check_top(tmp);
BN_CTX_end(ctx);
- return(ret);
- }
+ return (ret);
+}
/* tmp must have 2*n words */
-void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
- {
- int i,j,max;
+void
+bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
+{
+ int i, j, max;
const BN_ULONG *ap;
BN_ULONG *rp;
- max=n*2;
- ap=a;
- rp=r;
- rp[0]=rp[max-1]=0;
+ max = n * 2;
+ ap = a;
+ rp = r;
+ rp[0] = rp[max - 1] = 0;
rp++;
- j=n;
+ j = n;
- if (--j > 0)
- {
+ if (--j > 0) {
ap++;
- rp[j]=bn_mul_words(rp,ap,j,ap[-1]);
- rp+=2;
- }
+ rp[j] = bn_mul_words(rp, ap, j, ap[-1]);
+ rp += 2;
+ }
- for (i=n-2; i>0; i--)
- {
+ for (i = n - 2; i > 0; i--) {
j--;
ap++;
- rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]);
- rp+=2;
- }
+ rp[j] = bn_mul_add_words(rp, ap, j, ap[-1]);
+ rp += 2;
+ }
- bn_add_words(r,r,r,max);
+ bn_add_words(r, r, r, max);
/* There will not be a carry */
- bn_sqr_words(tmp,a,n);
+ bn_sqr_words(tmp, a, n);
- bn_add_words(r,r,tmp,max);
- }
+ bn_add_words(r, r, tmp, max);
+}
#ifdef BN_RECURSION
/* r is 2*n words in size,
* a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
* a[1]*b[1]
*/
-void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
- {
- int n=n2/2;
- int zero,c1;
- BN_ULONG ln,lo,*p;
+void
+bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
+{
+ int n = n2 / 2;
+ int zero, c1;
+ BN_ULONG ln, lo, *p;
#ifdef BN_COUNT
- fprintf(stderr," bn_sqr_recursive %d * %d\n",n2,n2);
+ fprintf(stderr, " bn_sqr_recursive %d * %d\n", n2, n2);
#endif
- if (n2 == 4)
- {
+ if (n2 == 4) {
#ifndef BN_SQR_COMBA
- bn_sqr_normal(r,a,4,t);
+ bn_sqr_normal(r, a, 4, t);
#else
- bn_sqr_comba4(r,a);
+ bn_sqr_comba4(r, a);
#endif
return;
- }
- else if (n2 == 8)
- {
+ } else if (n2 == 8) {
#ifndef BN_SQR_COMBA
- bn_sqr_normal(r,a,8,t);
+ bn_sqr_normal(r, a, 8, t);
#else
- bn_sqr_comba8(r,a);
+ bn_sqr_comba8(r, a);
#endif
return;
- }
- if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL)
- {
- bn_sqr_normal(r,a,n2,t);
+ }
+ if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) {
+ bn_sqr_normal(r, a, n2, t);
return;
- }
+ }
/* r=(a[0]-a[1])*(a[1]-a[0]) */
- c1=bn_cmp_words(a,&(a[n]),n);
- zero=0;
+ c1 = bn_cmp_words(a, &(a[n]), n);
+ zero = 0;
if (c1 > 0)
- bn_sub_words(t,a,&(a[n]),n);
+ bn_sub_words(t, a, &(a[n]), n);
else if (c1 < 0)
- bn_sub_words(t,&(a[n]),a,n);
+ bn_sub_words(t, &(a[n]), a, n);
else
- zero=1;
+ zero = 1;
/* The result will always be negative unless it is zero */
- p= &(t[n2*2]);
+ p = &(t[n2*2]);
if (!zero)
- bn_sqr_recursive(&(t[n2]),t,n,p);
+ bn_sqr_recursive(&(t[n2]), t, n, p);
else
- memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
- bn_sqr_recursive(r,a,n,p);
- bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
+ memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
+ bn_sqr_recursive(r, a, n, p);
+ bn_sqr_recursive(&(r[n2]), &(a[n]), n, p);
/* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
* r[10] holds (a[0]*b[0])
* r[32] holds (b[1]*b[1])
*/
- c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+ c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
/* t[32] is negative */
- c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
+ c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
/* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
* r[10] holds (a[0]*a[0])
* r[32] holds (a[1]*a[1])
* c1 holds the carry bits
*/
- c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
- if (c1)
- {
- p= &(r[n+n2]);
+ c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+ if (c1) {
+ p = &(r[n + n2]);
lo= *p;
- ln=(lo+c1)&BN_MASK2;
- *p=ln;
+ ln = (lo + c1) & BN_MASK2;
+ *p = ln;
/* The overflow will stop before we over write
* words we should not overwrite */
- if (ln < (BN_ULONG)c1)
- {
- do {
+ if (ln < (BN_ULONG)c1) {
+ do {
p++;
lo= *p;
- ln=(lo+1)&BN_MASK2;
- *p=ln;
- } while (ln == 0);
- }
+ ln = (lo + 1) & BN_MASK2;
+ *p = ln;
+ } while (ln == 0);
}
}
+}
#endif
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#include "bn_lcl.h"
-BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+BIGNUM *
+BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
/* Returns 'ret' such that
* ret^2 == a (mod p),
* using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course
* in Algebraic Computational Number Theory", algorithm 1.5.1).
* 'p' must be prime!
*/
- {
+{
BIGNUM *ret = in;
int err = 1;
int r;
BIGNUM *A, *b, *q, *t, *x, *y;
int e, i, j;
-
- if (!BN_is_odd(p) || BN_abs_is_word(p, 1))
- {
- if (BN_abs_is_word(p, 2))
- {
+
+ if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) {
+ if (BN_abs_is_word(p, 2)) {
if (ret == NULL)
ret = BN_new();
if (ret == NULL)
goto end;
- if (!BN_set_word(ret, BN_is_bit_set(a, 0)))
- {
+ if (!BN_set_word(ret, BN_is_bit_set(a, 0))) {
if (ret != in)
BN_free(ret);
return NULL;
- }
+ }
bn_check_top(ret);
return ret;
- }
+ }
BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
- return(NULL);
- }
+ return (NULL);
+ }
- if (BN_is_zero(a) || BN_is_one(a))
- {
+ if (BN_is_zero(a) || BN_is_one(a)) {
if (ret == NULL)
ret = BN_new();
if (ret == NULL)
goto end;
- if (!BN_set_word(ret, BN_is_one(a)))
- {
+ if (!BN_set_word(ret, BN_is_one(a))) {
if (ret != in)
BN_free(ret);
return NULL;
- }
+ }
bn_check_top(ret);
return ret;
- }
+ }
BN_CTX_start(ctx);
A = BN_CTX_get(ctx);
t = BN_CTX_get(ctx);
x = BN_CTX_get(ctx);
y = BN_CTX_get(ctx);
- if (y == NULL) goto end;
-
+ if (y == NULL)
+ goto end;
+
if (ret == NULL)
ret = BN_new();
- if (ret == NULL) goto end;
+ if (ret == NULL)
+ goto end;
/* A = a mod p */
- if (!BN_nnmod(A, a, p, ctx)) goto end;
+ if (!BN_nnmod(A, a, p, ctx))
+ goto end;
/* now write |p| - 1 as 2^e*q where q is odd */
e = 1;
e++;
/* we'll set q later (if needed) */
- if (e == 1)
- {
+ if (e == 1) {
/* The easy case: (|p|-1)/2 is odd, so 2 has an inverse
* modulo (|p|-1)/2, and square roots can be computed
* directly by modular exponentiation.
* 2 * (|p|+1)/4 == 1 (mod (|p|-1)/2),
* so we can use exponent (|p|+1)/4, i.e. (|p|-3)/4 + 1.
*/
- if (!BN_rshift(q, p, 2)) goto end;
+ if (!BN_rshift(q, p, 2))
+ goto end;
q->neg = 0;
- if (!BN_add_word(q, 1)) goto end;
- if (!BN_mod_exp(ret, A, q, p, ctx)) goto end;
+ if (!BN_add_word(q, 1))
+ goto end;
+ if (!BN_mod_exp(ret, A, q, p, ctx))
+ goto end;
err = 0;
goto vrfy;
- }
-
- if (e == 2)
- {
+ }
+
+ if (e == 2) {
/* |p| == 5 (mod 8)
*
* In this case 2 is always a non-square since
* = a*(-i)*i
* = a.
*
- * (This is due to A.O.L. Atkin,
+ * (This is due to A.O.L. Atkin,
* <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
* November 1992.)
*/
/* t := 2*a */
- if (!BN_mod_lshift1_quick(t, A, p)) goto end;
+ if (!BN_mod_lshift1_quick(t, A, p))
+ goto end;
/* b := (2*a)^((|p|-5)/8) */
- if (!BN_rshift(q, p, 3)) goto end;
+ if (!BN_rshift(q, p, 3))
+ goto end;
q->neg = 0;
- if (!BN_mod_exp(b, t, q, p, ctx)) goto end;
+ if (!BN_mod_exp(b, t, q, p, ctx))
+ goto end;
/* y := b^2 */
- if (!BN_mod_sqr(y, b, p, ctx)) goto end;
+ if (!BN_mod_sqr(y, b, p, ctx))
+ goto end;
/* t := (2*a)*b^2 - 1*/
- if (!BN_mod_mul(t, t, y, p, ctx)) goto end;
- if (!BN_sub_word(t, 1)) goto end;
+ if (!BN_mod_mul(t, t, y, p, ctx))
+ goto end;
+ if (!BN_sub_word(t, 1))
+ goto end;
/* x = a*b*t */
- if (!BN_mod_mul(x, A, b, p, ctx)) goto end;
- if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
+ if (!BN_mod_mul(x, A, b, p, ctx))
+ goto end;
+ if (!BN_mod_mul(x, x, t, p, ctx))
+ goto end;
- if (!BN_copy(ret, x)) goto end;
+ if (!BN_copy(ret, x))
+ goto end;
err = 0;
goto vrfy;
- }
-
+ }
+
/* e > 2, so we really have to use the Tonelli/Shanks algorithm.
* First, find some y that is not a square. */
if (!BN_copy(q, p)) goto end; /* use 'q' as temp */
- q->neg = 0;
+ q->neg = 0;
i = 2;
- do
- {
+ do {
/* For efficiency, try small numbers first;
* if this fails, try random numbers.
*/
- if (i < 22)
- {
- if (!BN_set_word(y, i)) goto end;
+ if (i < 22) {
+ if (!BN_set_word(y, i))
+ goto end;
+ } else {
+ if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0))
+ goto end;
+ if (BN_ucmp(y, p) >= 0) {
+ if (!(p->neg ? BN_add : BN_sub)(y, y, p))
+ goto end;
}
- else
- {
- if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) goto end;
- if (BN_ucmp(y, p) >= 0)
- {
- if (!(p->neg ? BN_add : BN_sub)(y, y, p)) goto end;
- }
/* now 0 <= y < |p| */
if (BN_is_zero(y))
- if (!BN_set_word(y, i)) goto end;
- }
-
+ if (!BN_set_word(y, i))
+ goto end;
+ }
+
r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
- if (r < -1) goto end;
- if (r == 0)
- {
+ if (r < -1)
+ goto end;
+ if (r == 0) {
/* m divides p */
BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
goto end;
- }
}
+ }
while (r == 1 && ++i < 82);
-
- if (r != -1)
- {
+
+ if (r != -1) {
/* Many rounds and still no non-square -- this is more likely
* a bug than just bad luck.
* Even if p is not prime, we should have found some y
*/
BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
goto end;
- }
+ }
/* Here's our actual 'q': */
- if (!BN_rshift(q, q, e)) goto end;
+ if (!BN_rshift(q, q, e))
+ goto end;
/* Now that we have some non-square, we can find an element
* of order 2^e by computing its q'th power. */
- if (!BN_mod_exp(y, y, q, p, ctx)) goto end;
- if (BN_is_one(y))
- {
+ if (!BN_mod_exp(y, y, q, p, ctx))
+ goto end;
+ if (BN_is_one(y)) {
BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
goto end;
- }
+ }
/* Now we know that (if p is indeed prime) there is an integer
* k, 0 <= k < 2^e, such that
*
* so it is the square root that we are looking for.
*/
-
+
/* t := (q-1)/2 (note that q is odd) */
- if (!BN_rshift1(t, q)) goto end;
-
+ if (!BN_rshift1(t, q))
+ goto end;
+
/* x := a^((q-1)/2) */
if (BN_is_zero(t)) /* special case: p = 2^e + 1 */
- {
- if (!BN_nnmod(t, A, p, ctx)) goto end;
- if (BN_is_zero(t))
- {
+ {
+ if (!BN_nnmod(t, A, p, ctx))
+ goto end;
+ if (BN_is_zero(t)) {
/* special case: a == 0 (mod p) */
BN_zero(ret);
err = 0;
goto end;
- }
- else
- if (!BN_one(x)) goto end;
- }
- else
- {
- if (!BN_mod_exp(x, A, t, p, ctx)) goto end;
- if (BN_is_zero(x))
- {
+ } else if (!BN_one(x))
+ goto end;
+ } else {
+ if (!BN_mod_exp(x, A, t, p, ctx))
+ goto end;
+ if (BN_is_zero(x)) {
/* special case: a == 0 (mod p) */
BN_zero(ret);
err = 0;
goto end;
- }
}
+ }
/* b := a*x^2 (= a^q) */
- if (!BN_mod_sqr(b, x, p, ctx)) goto end;
- if (!BN_mod_mul(b, b, A, p, ctx)) goto end;
-
+ if (!BN_mod_sqr(b, x, p, ctx))
+ goto end;
+ if (!BN_mod_mul(b, b, A, p, ctx))
+ goto end;
+
/* x := a*x (= a^((q+1)/2)) */
- if (!BN_mod_mul(x, x, A, p, ctx)) goto end;
+ if (!BN_mod_mul(x, x, A, p, ctx))
+ goto end;
- while (1)
- {
+ while (1) {
/* Now b is a^q * y^k for some even k (0 <= k < 2^E
* where E refers to the original value of e, which we
* don't keep in a variable), and x is a^((q+1)/2) * y^(k/2).
* b^2^(e-1) = 1.
*/
- if (BN_is_one(b))
- {
- if (!BN_copy(ret, x)) goto end;
+ if (BN_is_one(b)) {
+ if (!BN_copy(ret, x))
+ goto end;
err = 0;
goto vrfy;
- }
+ }
/* find smallest i such that b^(2^i) = 1 */
i = 1;
- if (!BN_mod_sqr(t, b, p, ctx)) goto end;
- while (!BN_is_one(t))
- {
+ if (!BN_mod_sqr(t, b, p, ctx))
+ goto end;
+ while (!BN_is_one(t)) {
i++;
- if (i == e)
- {
+ if (i == e) {
BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
goto end;
- }
- if (!BN_mod_mul(t, t, t, p, ctx)) goto end;
}
-
+ if (!BN_mod_mul(t, t, t, p, ctx))
+ goto end;
+ }
+
/* t := y^2^(e - i - 1) */
- if (!BN_copy(t, y)) goto end;
- for (j = e - i - 1; j > 0; j--)
- {
- if (!BN_mod_sqr(t, t, p, ctx)) goto end;
- }
- if (!BN_mod_mul(y, t, t, p, ctx)) goto end;
- if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
- if (!BN_mod_mul(b, b, y, p, ctx)) goto end;
- e = i;
+ if (!BN_copy(t, y))
+ goto end;
+ for (j = e - i - 1; j > 0; j--) {
+ if (!BN_mod_sqr(t, t, p, ctx))
+ goto end;
}
+ if (!BN_mod_mul(y, t, t, p, ctx))
+ goto end;
+ if (!BN_mod_mul(x, x, t, p, ctx))
+ goto end;
+ if (!BN_mod_mul(b, b, y, p, ctx))
+ goto end;
+ e = i;
+ }
- vrfy:
- if (!err)
- {
+vrfy:
+ if (!err) {
/* verify the result -- the input might have been not a square
* (test added in 0.9.8) */
-
+
if (!BN_mod_sqr(x, ret, p, ctx))
err = 1;
-
- if (!err && 0 != BN_cmp(x, A))
- {
+
+ if (!err && 0 != BN_cmp(x, A)) {
BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
err = 1;
- }
}
+ }
- end:
- if (err)
- {
- if (ret != NULL && ret != in)
- {
+end:
+ if (err) {
+ if (ret != NULL && ret != in) {
BN_clear_free(ret);
- }
- ret = NULL;
}
+ ret = NULL;
+ }
BN_CTX_end(ctx);
bn_check_top(ret);
return ret;
- }
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#include "cryptlib.h"
#include "bn_lcl.h"
-BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
- {
+BN_ULONG
+BN_mod_word(const BIGNUM *a, BN_ULONG w)
+{
#ifndef BN_LLONG
- BN_ULONG ret=0;
+ BN_ULONG ret = 0;
#else
- BN_ULLONG ret=0;
+ BN_ULLONG ret = 0;
#endif
int i;
if (w == 0)
- return (BN_ULONG)-1;
+ return (BN_ULONG) - 1;
bn_check_top(a);
- w&=BN_MASK2;
- for (i=a->top-1; i>=0; i--)
- {
+ w &= BN_MASK2;
+ for (i = a->top - 1; i >= 0; i--) {
#ifndef BN_LLONG
- ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%w;
- ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%w;
+ ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) &
+ BN_MASK2l)) % w;
+ ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w;
#else
- ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])%
- (BN_ULLONG)w);
+ ret = (BN_ULLONG)(((ret << (BN_ULLONG)BN_BITS2) |
+ a->d[i]) % (BN_ULLONG)w);
#endif
- }
- return((BN_ULONG)ret);
}
+ return ((BN_ULONG)ret);
+}
-BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
- {
+BN_ULONG
+BN_div_word(BIGNUM *a, BN_ULONG w)
+{
BN_ULONG ret = 0;
int i, j;
if (!w)
/* actually this an error (division by zero) */
- return (BN_ULONG)-1;
+ return (BN_ULONG) - 1;
if (a->top == 0)
return 0;
j = BN_BITS2 - BN_num_bits_word(w);
w <<= j;
if (!BN_lshift(a, a, j))
- return (BN_ULONG)-1;
-
- for (i=a->top-1; i>=0; i--)
- {
- BN_ULONG l,d;
-
- l=a->d[i];
- d=bn_div_words(ret,l,w);
- ret=(l-((d*w)&BN_MASK2))&BN_MASK2;
- a->d[i]=d;
- }
- if ((a->top > 0) && (a->d[a->top-1] == 0))
+ return (BN_ULONG) - 1;
+
+ for (i = a->top - 1; i >= 0; i--) {
+ BN_ULONG l, d;
+
+ l = a->d[i];
+ d = bn_div_words(ret, l, w);
+ ret = (l - ((d*w)&BN_MASK2))&BN_MASK2;
+ a->d[i] = d;
+ }
+ if ((a->top > 0) && (a->d[a->top - 1] == 0))
a->top--;
ret >>= j;
bn_check_top(a);
- return(ret);
- }
+ return (ret);
+}
-int BN_add_word(BIGNUM *a, BN_ULONG w)
- {
+int
+BN_add_word(BIGNUM *a, BN_ULONG w)
+{
BN_ULONG l;
int i;
w &= BN_MASK2;
/* degenerate case: w is zero */
- if (!w) return 1;
+ if (!w)
+ return 1;
/* degenerate case: a is zero */
- if(BN_is_zero(a)) return BN_set_word(a, w);
+ if (BN_is_zero(a))
+ return BN_set_word(a, w);
/* handle 'a' when negative */
- if (a->neg)
- {
- a->neg=0;
- i=BN_sub_word(a,w);
+ if (a->neg) {
+ a->neg = 0;
+ i = BN_sub_word(a, w);
if (!BN_is_zero(a))
a->neg=!(a->neg);
- return(i);
- }
- for (i=0;w!=0 && i<a->top;i++)
- {
- a->d[i] = l = (a->d[i]+w)&BN_MASK2;
- w = (w>l)?1:0;
- }
- if (w && i==a->top)
- {
- if (bn_wexpand(a,a->top+1) == NULL) return 0;
+ return (i);
+ }
+ for (i = 0; w != 0 && i < a->top; i++) {
+ a->d[i] = l = (a->d[i] + w) & BN_MASK2;
+ w = (w > l) ? 1 : 0;
+ }
+ if (w && i == a->top) {
+ if (bn_wexpand(a, a->top + 1) == NULL)
+ return 0;
a->top++;
- a->d[i]=w;
- }
- bn_check_top(a);
- return(1);
+ a->d[i] = w;
}
+ bn_check_top(a);
+ return (1);
+}
-int BN_sub_word(BIGNUM *a, BN_ULONG w)
- {
+int
+BN_sub_word(BIGNUM *a, BN_ULONG w)
+{
int i;
bn_check_top(a);
w &= BN_MASK2;
/* degenerate case: w is zero */
- if (!w) return 1;
+ if (!w)
+ return 1;
/* degenerate case: a is zero */
- if(BN_is_zero(a))
- {
- i = BN_set_word(a,w);
+ if (BN_is_zero(a)) {
+ i = BN_set_word(a, w);
if (i != 0)
BN_set_negative(a, 1);
return i;
- }
+ }
/* handle 'a' when negative */
- if (a->neg)
- {
- a->neg=0;
- i=BN_add_word(a,w);
- a->neg=1;
- return(i);
- }
+ if (a->neg) {
+ a->neg = 0;
+ i = BN_add_word(a, w);
+ a->neg = 1;
+ return (i);
+ }
- if ((a->top == 1) && (a->d[0] < w))
- {
- a->d[0]=w-a->d[0];
- a->neg=1;
- return(1);
- }
- i=0;
- for (;;)
- {
- if (a->d[i] >= w)
- {
- a->d[i]-=w;
+ if ((a->top == 1) && (a->d[0] < w)) {
+ a->d[0] = w - a->d[0];
+ a->neg = 1;
+ return (1);
+ }
+ i = 0;
+ for (;;) {
+ if (a->d[i] >= w) {
+ a->d[i] -= w;
break;
- }
- else
- {
- a->d[i]=(a->d[i]-w)&BN_MASK2;
+ } else {
+ a->d[i] = (a->d[i] - w) & BN_MASK2;
i++;
- w=1;
- }
+ w = 1;
}
- if ((a->d[i] == 0) && (i == (a->top-1)))
+ }
+ if ((a->d[i] == 0) && (i == (a->top - 1)))
a->top--;
bn_check_top(a);
- return(1);
- }
+ return (1);
+}
-int BN_mul_word(BIGNUM *a, BN_ULONG w)
- {
+int
+BN_mul_word(BIGNUM *a, BN_ULONG w)
+{
BN_ULONG ll;
bn_check_top(a);
- w&=BN_MASK2;
- if (a->top)
- {
+ w &= BN_MASK2;
+ if (a->top) {
if (w == 0)
BN_zero(a);
- else
- {
- ll=bn_mul_words(a->d,a->d,a->top,w);
- if (ll)
- {
- if (bn_wexpand(a,a->top+1) == NULL) return(0);
- a->d[a->top++]=ll;
- }
+ else {
+ ll = bn_mul_words(a->d, a->d, a->top, w);
+ if (ll) {
+ if (bn_wexpand(a, a->top + 1) == NULL)
+ return (0);
+ a->d[a->top++] = ll;
}
}
- bn_check_top(a);
- return(1);
}
-
+ bn_check_top(a);
+ return (1);
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* integers.
*/
-static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
- BN_GENCB *cb)
- {
+static int
+bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb)
+{
int i = 0;
+
if (!BN_copy(pi, Xpi))
return 0;
if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
return 0;
- for(;;)
- {
+ for (;;) {
i++;
BN_GENCB_call(cb, 0, i);
/* NB 27 MR is specificed in X9.31 */
break;
if (!BN_add_word(pi, 2))
return 0;
- }
+ }
BN_GENCB_call(cb, 2, i);
return 1;
- }
+}
/* This is the main X9.31 prime derivation function. From parameters
* Xp1, Xp2 and Xp derive the prime p. If the parameters p1 or p2 are
* not NULL they will be returned too: this is needed for testing.
*/
-int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
- const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
- const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)
- {
+int
+BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, const BIGNUM *Xp,
+ const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
+ BN_GENCB *cb)
+{
int ret = 0;
BIGNUM *t, *p1p2, *pm1;
/* p now equals Yp0 */
- for (;;)
- {
+ for (;;) {
int i = 1;
BN_GENCB_call(cb, 0, i++);
if (!BN_copy(pm1, p))
goto err;
if (BN_is_one(t)
/* X9.31 specifies 8 MR and 1 Lucas test or any prime test
- * offering similar or better guarantees 50 MR is considerably
+ * offering similar or better guarantees 50 MR is considerably
* better.
*/
- && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
+ && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
break;
if (!BN_add(p, p, p1p2))
goto err;
- }
+ }
BN_GENCB_call(cb, 3, 0);
ret = 1;
- err:
+err:
BN_CTX_end(ctx);
return ret;
- }
+}
/* Generate pair of paramters Xp, Xq for X9.31 prime generation.
* Note: nbits paramter is sum of number of bits in both.
*/
-int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
- {
+int
+BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
+{
BIGNUM *t;
int i;
+
/* Number of bits for each prime is of the form
* 512+128s for s = 0, 1, ...
*/
BN_CTX_start(ctx);
t = BN_CTX_get(ctx);
- for (i = 0; i < 1000; i++)
- {
+ for (i = 0; i < 1000; i++) {
if (!BN_rand(Xq, nbits, 1, 0))
return 0;
/* Check that |Xp - Xq| > 2^(nbits - 100) */
BN_sub(t, Xp, Xq);
if (BN_num_bits(t) > (nbits - 100))
break;
- }
+ }
BN_CTX_end(ctx);
return 1;
return 0;
-
- }
+}
/* Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1
* and Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL
* are generated using the previous function and supplied as input.
*/
-int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
- BIGNUM *Xp1, BIGNUM *Xp2,
- const BIGNUM *Xp,
- const BIGNUM *e, BN_CTX *ctx,
- BN_GENCB *cb)
- {
+int
+BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1,
+ BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)
+{
int ret = 0;
BN_CTX_start(ctx);
ret = 1;
- error:
+error:
BN_CTX_end(ctx);
return ret;
-
- }
-
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
- * Portions of the attached software ("Contribution") are developed by
+ * Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the Eric Young open source
* license provided above.
*
- * The binary polynomial arithmetic software is originally written by
+ * The binary polynomial arithmetic software is originally written by
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
*
*/
typedef struct bn_gencb_st BN_GENCB;
#endif
-struct bignum_st
- {
+struct bignum_st {
BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
int top; /* Index of last used d +1. */
/* The next are internal book keeping for bn_expand. */
int dmax; /* Size of the d array. */
int neg; /* one if the number is negative */
int flags;
- };
+};
/* Used for montgomery multiplication */
-struct bn_mont_ctx_st
- {
+struct bn_mont_ctx_st {
int ri; /* number of bits in R */
BIGNUM RR; /* used to convert to montgomery form */
BIGNUM N; /* The modulus */
BN_ULONG n0[2];/* least significant word(s) of Ni;
(type changed with 0.9.9, was "BN_ULONG n0;" before) */
int flags;
- };
+};
/* Used for reciprocal division/mod functions
* It cannot be shared between threads
*/
-struct bn_recp_ctx_st
- {
+struct bn_recp_ctx_st {
BIGNUM N; /* the divisor */
BIGNUM Nr; /* the reciprocal */
int num_bits;
int shift;
int flags;
- };
+};
/* Used for slow "generation" functions. */
-struct bn_gencb_st
- {
+struct bn_gencb_st {
unsigned int ver; /* To handle binary (in)compatibility */
void *arg; /* callback-specific data */
- union
- {
+ union {
/* if(ver==1) - handles old style callbacks */
void (*cb_1)(int, int, void *);
/* if(ver==2) - new callback style */
int (*cb_2)(int, int, BN_GENCB *);
- } cb;
- };
+ } cb;
+};
/* Wrapper function to make using BN_GENCB easier, */
int BN_GENCB_call(BN_GENCB *cb, int a, int b);
/* Macro to populate a BN_GENCB structure with an "old"-style callback */
void BN_CTX_start(BN_CTX *ctx);
BIGNUM *BN_CTX_get(BN_CTX *ctx);
void BN_CTX_end(BN_CTX *ctx);
-int BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
-int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
int BN_num_bits(const BIGNUM *a);
void BN_clear_free(BIGNUM *a);
BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
void BN_swap(BIGNUM *a, BIGNUM *b);
-BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret);
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
int BN_bn2bin(const BIGNUM *a, unsigned char *to);
-BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret);
+BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
/** BN_set_negative sets sign of a BIGNUM
* \param b pointer to the BIGNUM object
- * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise
+ * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise
*/
void BN_set_negative(BIGNUM *b, int n);
/** BN_is_negative returns 1 if the BIGNUM is negative
#define BN_is_negative(a) ((a)->neg != 0)
int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
- BN_CTX *ctx);
+ BN_CTX *ctx);
#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- const BIGNUM *m, BN_CTX *ctx);
+ const BIGNUM *m, BN_CTX *ctx);
int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
int BN_is_bit_set(const BIGNUM *a, int n);
int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
int BN_lshift1(BIGNUM *r, const BIGNUM *a);
-int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx);
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m,BN_CTX *ctx);
+ const BIGNUM *m, BN_CTX *ctx);
int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
- const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m,
- BN_CTX *ctx,BN_MONT_CTX *m_ctx);
+ const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m,BN_CTX *ctx);
+ const BIGNUM *m, BN_CTX *ctx);
-int BN_mask_bits(BIGNUM *a,int n);
+int BN_mask_bits(BIGNUM *a, int n);
#ifndef OPENSSL_NO_FP_API
int BN_print_fp(FILE *fp, const BIGNUM *a);
#endif
int BN_hex2bn(BIGNUM **a, const char *str);
int BN_dec2bn(BIGNUM **a, const char *str);
int BN_asc2bn(BIGNUM **a, const char *str);
-int BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx);
+int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
int BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */
BIGNUM *BN_mod_inverse(BIGNUM *ret,
- const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
BIGNUM *BN_mod_sqrt(BIGNUM *ret,
- const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
/* Deprecated versions */
#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
- const BIGNUM *add, const BIGNUM *rem,
- void (*callback)(int,int,void *),void *cb_arg);
-int BN_is_prime(const BIGNUM *p,int nchecks,
- void (*callback)(int,int,void *),
- BN_CTX *ctx,void *cb_arg);
-int BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
- void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
- int do_trial_division);
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+ const BIGNUM *add, const BIGNUM *rem,
+ void (*callback)(int, int, void *), void *cb_arg);
+int BN_is_prime(const BIGNUM *p, int nchecks,
+ void (*callback)(int, int, void *),
+ BN_CTX *ctx, void *cb_arg);
+int BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
+ void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg,
+ int do_trial_division);
#endif /* !defined(OPENSSL_NO_DEPRECATED) */
/* Newer versions */
-int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add,
- const BIGNUM *rem, BN_GENCB *cb);
-int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
-int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
- int do_trial_division, BN_GENCB *cb);
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+ const BIGNUM *rem, BN_GENCB *cb);
+int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
+int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
+ int do_trial_division, BN_GENCB *cb);
int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
- const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
- const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
+ const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
+ const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
- BIGNUM *Xp1, BIGNUM *Xp2,
- const BIGNUM *Xp,
- const BIGNUM *e, BN_CTX *ctx,
- BN_GENCB *cb);
+ BIGNUM *Xp1, BIGNUM *Xp2,
+ const BIGNUM *Xp,
+ const BIGNUM *e, BN_CTX *ctx,
+ BN_GENCB *cb);
BN_MONT_CTX *BN_MONT_CTX_new(void );
void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
-int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
- BN_MONT_CTX *mont, BN_CTX *ctx);
+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ BN_MONT_CTX *mont, BN_CTX *ctx);
#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\
(r),(a),&((mont)->RR),(mont),(ctx))
-int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
- BN_MONT_CTX *mont, BN_CTX *ctx);
+int BN_from_montgomery(BIGNUM *r, const BIGNUM *a,
+ BN_MONT_CTX *mont, BN_CTX *ctx);
void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx);
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
- const BIGNUM *mod, BN_CTX *ctx);
+ const BIGNUM *mod, BN_CTX *ctx);
/* BN_BLINDING flags */
#define BN_BLINDING_NO_UPDATE 0x00000001
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
void BN_BLINDING_free(BN_BLINDING *b);
-int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
- const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
- BN_MONT_CTX *m_ctx);
+ const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+ int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
+ BN_MONT_CTX *m_ctx);
#ifndef OPENSSL_NO_DEPRECATED
-void BN_set_params(int mul,int high,int low,int mont);
+void BN_set_params(int mul, int high, int low, int mont);
int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
#endif
void BN_RECP_CTX_init(BN_RECP_CTX *recp);
BN_RECP_CTX *BN_RECP_CTX_new(void);
void BN_RECP_CTX_free(BN_RECP_CTX *recp);
-int BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx);
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx);
int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
- BN_RECP_CTX *recp,BN_CTX *ctx);
+ BN_RECP_CTX *recp, BN_CTX *ctx);
int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
+ const BIGNUM *m, BN_CTX *ctx);
int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
- BN_RECP_CTX *recp, BN_CTX *ctx);
+ BN_RECP_CTX *recp, BN_CTX *ctx);
#ifndef OPENSSL_NO_EC2M
-/* Functions for arithmetic over binary polynomials represented by BIGNUMs.
+/* Functions for arithmetic over binary polynomials represented by BIGNUMs.
*
* The BIGNUM::neg property of BIGNUMs representing binary polynomials is
* ignored.
int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/
#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/
-int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+int
+BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */
-int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+int
+BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BN_CTX *ctx); /* r = (a * a) mod p */
-int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p,
+int
+BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p,
BN_CTX *ctx); /* r = (1 / b) mod p */
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+int
+BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */
-int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+int
+BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */
-int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+int
+BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BN_CTX *ctx); /* r = sqrt(a) mod p */
int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BN_CTX *ctx); /* r^2 + r = a mod p */
* where m = p[0] > p[1] > ... > p[k] = 0.
*/
int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
- /* r = a mod p */
-int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+/* r = a mod p */
+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const int p[], BN_CTX *ctx); /* r = (a * b) mod p */
-int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
BN_CTX *ctx); /* r = (a * a) mod p */
-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
BN_CTX *ctx); /* r = (1 / b) mod p */
int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const int p[], BN_CTX *ctx); /* r = (a / b) mod p */
#endif
-/* faster mod functions for the 'NIST primes'
+/* faster mod functions for the 'NIST primes'
* 0 <= a < p^2 */
int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
#ifdef BN_DEBUG_RAND
/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
#ifndef RAND_pseudo_bytes
-int RAND_pseudo_bytes(unsigned char *buf,int num);
+int RAND_pseudo_bytes(unsigned char *buf, int num);
#define BN_DEBUG_TRIX
#endif
#define bn_pollute(a) \
bn_pollute(a); \
}
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
-BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
-BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, int num);
+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, int num);
/* Primes from RFC 2409 */
BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);
BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);
-int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#include "bn_lcl.h"
/* r can == a or b */
-int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
- {
+int
+BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
const BIGNUM *tmp;
int a_neg = a->neg, ret;
* -a + b b-a
* -a + -b -(a+b)
*/
- if (a_neg ^ b->neg)
- {
+ if (a_neg ^ b->neg) {
/* only one is negative */
if (a_neg)
- { tmp=a; a=b; b=tmp; }
+ { tmp = a;
+ a = b;
+ b = tmp;
+ }
/* we are now a - b */
- if (BN_ucmp(a,b) < 0)
- {
- if (!BN_usub(r,b,a)) return(0);
- r->neg=1;
- }
- else
- {
- if (!BN_usub(r,a,b)) return(0);
- r->neg=0;
- }
- return(1);
+ if (BN_ucmp(a, b) < 0) {
+ if (!BN_usub(r, b, a))
+ return (0);
+ r->neg = 1;
+ } else {
+ if (!BN_usub(r, a, b))
+ return (0);
+ r->neg = 0;
}
+ return (1);
+ }
- ret = BN_uadd(r,a,b);
+ ret = BN_uadd(r, a, b);
r->neg = a_neg;
bn_check_top(r);
return ret;
- }
+}
/* unsigned add of b to a */
-int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
- {
- int max,min,dif;
- BN_ULONG *ap,*bp,*rp,carry,t1,t2;
+int
+BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+ int max, min, dif;
+ BN_ULONG *ap, *bp, *rp, carry, t1, t2;
const BIGNUM *tmp;
bn_check_top(a);
bn_check_top(b);
- if (a->top < b->top)
- { tmp=a; a=b; b=tmp; }
+ if (a->top < b->top) {
+ tmp = a;
+ a = b;
+ b = tmp;
+ }
max = a->top;
min = b->top;
dif = max - min;
- if (bn_wexpand(r,max+1) == NULL)
+ if (bn_wexpand(r, max + 1) == NULL)
return 0;
- r->top=max;
-
+ r->top = max;
- ap=a->d;
- bp=b->d;
- rp=r->d;
+ ap = a->d;
+ bp = b->d;
+ rp = r->d;
- carry=bn_add_words(rp,ap,bp,min);
- rp+=min;
- ap+=min;
- bp+=min;
+ carry = bn_add_words(rp, ap, bp, min);
+ rp += min;
+ ap += min;
+ bp += min;
- if (carry)
- {
- while (dif)
- {
+ if (carry) {
+ while (dif) {
dif--;
t1 = *(ap++);
- t2 = (t1+1) & BN_MASK2;
+ t2 = (t1 + 1) & BN_MASK2;
*(rp++) = t2;
- if (t2)
- {
- carry=0;
+ if (t2) {
+ carry = 0;
break;
- }
}
- if (carry)
- {
+ }
+ if (carry) {
/* carry != 0 => dif == 0 */
*rp = 1;
r->top++;
- }
}
+ }
if (dif && rp != ap)
while (dif--)
/* copy remaining words if ap != rp */
r->neg = 0;
bn_check_top(r);
return 1;
- }
+}
/* unsigned subtraction of b from a, a must be larger than b. */
-int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
- {
- int max,min,dif;
- register BN_ULONG t1,t2,*ap,*bp,*rp;
- int i,carry;
+int
+BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+ int max, min, dif;
+ register BN_ULONG t1, t2, *ap, *bp, *rp;
+ int i, carry;
bn_check_top(a);
bn_check_top(b);
dif = max - min;
if (dif < 0) /* hmm... should not be happening */
- {
- BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3);
- return(0);
- }
+ {
+ BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3);
+ return (0);
+ }
- if (bn_wexpand(r,max) == NULL) return(0);
+ if (bn_wexpand(r, max) == NULL)
+ return (0);
- ap=a->d;
- bp=b->d;
- rp=r->d;
+ ap = a->d;
+ bp = b->d;
+ rp = r->d;
#if 1
- carry=0;
- for (i = min; i != 0; i--)
- {
+ carry = 0;
+ for (i = min; i != 0; i--) {
t1= *(ap++);
t2= *(bp++);
- if (carry)
- {
- carry=(t1 <= t2);
- t1=(t1-t2-1)&BN_MASK2;
- }
- else
- {
- carry=(t1 < t2);
- t1=(t1-t2)&BN_MASK2;
- }
- *(rp++)=t1&BN_MASK2;
+ if (carry) {
+ carry = (t1 <= t2);
+ t1 = (t1 - t2 - 1)&BN_MASK2;
+ } else {
+ carry = (t1 < t2);
+ t1 = (t1 - t2)&BN_MASK2;
}
+ *(rp++) = t1&BN_MASK2;
+ }
#else
- carry=bn_sub_words(rp,ap,bp,min);
- ap+=min;
- bp+=min;
- rp+=min;
+ carry = bn_sub_words(rp, ap, bp, min);
+ ap += min;
+ bp += min;
+ rp += min;
#endif
if (carry) /* subtracted */
- {
+ {
if (!dif)
/* error: a < b */
return 0;
- while (dif)
- {
+ while (dif) {
dif--;
t1 = *(ap++);
- t2 = (t1-1)&BN_MASK2;
+ t2 = (t1 - 1)&BN_MASK2;
*(rp++) = t2;
if (t1)
break;
- }
}
+ }
#if 0
- memcpy(rp,ap,sizeof(*rp)*(max-i));
+ memcpy(rp, ap, sizeof(*rp)*(max - i));
#else
- if (rp != ap)
- {
- for (;;)
- {
- if (!dif--) break;
- rp[0]=ap[0];
- if (!dif--) break;
- rp[1]=ap[1];
- if (!dif--) break;
- rp[2]=ap[2];
- if (!dif--) break;
- rp[3]=ap[3];
- rp+=4;
- ap+=4;
- }
+ if (rp != ap) {
+ for (;;) {
+ if (!dif--)
+ break;
+ rp[0] = ap[0];
+ if (!dif--)
+ break;
+ rp[1] = ap[1];
+ if (!dif--)
+ break;
+ rp[2] = ap[2];
+ if (!dif--)
+ break;
+ rp[3] = ap[3];
+ rp += 4;
+ ap += 4;
}
+ }
#endif
- r->top=max;
- r->neg=0;
+ r->top = max;
+ r->neg = 0;
bn_correct_top(r);
- return(1);
- }
+ return (1);
+}
-int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
- {
+int
+BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
int max;
- int add=0,neg=0;
+ int add = 0, neg = 0;
const BIGNUM *tmp;
bn_check_top(a);
* -a - b -(a+b)
* -a - -b b-a
*/
- if (a->neg)
- {
- if (b->neg)
- { tmp=a; a=b; b=tmp; }
- else
- { add=1; neg=1; }
+ if (a->neg) {
+ if (b->neg) {
+ tmp = a;
+ a = b;
+ b = tmp;
+ } else {
+ add = 1;
+ neg = 1;
}
- else
- {
- if (b->neg) { add=1; neg=0; }
+ } else {
+ if (b->neg) {
+ add = 1;
+ neg = 0;
}
+ }
- if (add)
- {
- if (!BN_uadd(r,a,b)) return(0);
- r->neg=neg;
- return(1);
- }
+ if (add) {
+ if (!BN_uadd(r, a, b))
+ return (0);
+ r->neg = neg;
+ return (1);
+ }
/* We are actually doing a - b :-) */
- max=(a->top > b->top)?a->top:b->top;
- if (bn_wexpand(r,max) == NULL) return(0);
- if (BN_ucmp(a,b) < 0)
- {
- if (!BN_usub(r,b,a)) return(0);
- r->neg=1;
- }
- else
- {
- if (!BN_usub(r,a,b)) return(0);
- r->neg=0;
- }
- bn_check_top(r);
- return(1);
+ max = (a->top > b->top) ? a->top : b->top;
+ if (bn_wexpand(r, max) == NULL)
+ return (0);
+ if (BN_ucmp(a, b) < 0) {
+ if (!BN_usub(r, b, a))
+ return (0);
+ r->neg = 1;
+ } else {
+ if (!BN_usub(r, a, b))
+ return (0);
+ r->neg = 0;
}
-
+ bn_check_top(r);
+ return (1);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
- {
- BN_ULONG c1=0;
+BN_ULONG
+bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+ BN_ULONG c1 = 0;
assert(num >= 0);
- if (num <= 0) return(c1);
+ if (num <= 0)
+ return (c1);
#ifndef OPENSSL_SMALL_FOOTPRINT
- while (num&~3)
- {
- mul_add(rp[0],ap[0],w,c1);
- mul_add(rp[1],ap[1],w,c1);
- mul_add(rp[2],ap[2],w,c1);
- mul_add(rp[3],ap[3],w,c1);
- ap+=4; rp+=4; num-=4;
- }
+ while (num & ~3) {
+ mul_add(rp[0], ap[0], w, c1);
+ mul_add(rp[1], ap[1], w, c1);
+ mul_add(rp[2], ap[2], w, c1);
+ mul_add(rp[3], ap[3], w, c1);
+ ap += 4;
+ rp += 4;
+ num -= 4;
+ }
#endif
- while (num)
- {
- mul_add(rp[0],ap[0],w,c1);
- ap++; rp++; num--;
- }
-
- return(c1);
- }
+ while (num) {
+ mul_add(rp[0], ap[0], w, c1);
+ ap++;
+ rp++;
+ num--;
+ }
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
- {
- BN_ULONG c1=0;
+ return (c1);
+}
+
+BN_ULONG
+bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+ BN_ULONG c1 = 0;
assert(num >= 0);
- if (num <= 0) return(c1);
+ if (num <= 0)
+ return (c1);
#ifndef OPENSSL_SMALL_FOOTPRINT
- while (num&~3)
- {
- mul(rp[0],ap[0],w,c1);
- mul(rp[1],ap[1],w,c1);
- mul(rp[2],ap[2],w,c1);
- mul(rp[3],ap[3],w,c1);
- ap+=4; rp+=4; num-=4;
- }
+ while (num & ~3) {
+ mul(rp[0], ap[0], w, c1);
+ mul(rp[1], ap[1], w, c1);
+ mul(rp[2], ap[2], w, c1);
+ mul(rp[3], ap[3], w, c1);
+ ap += 4;
+ rp += 4;
+ num -= 4;
+ }
#endif
- while (num)
- {
- mul(rp[0],ap[0],w,c1);
- ap++; rp++; num--;
- }
- return(c1);
- }
+ while (num) {
+ mul(rp[0], ap[0], w, c1);
+ ap++;
+ rp++;
+ num--;
+ }
+ return (c1);
+}
-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
- {
+void
+bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+{
assert(n >= 0);
- if (n <= 0) return;
+ if (n <= 0)
+ return;
#ifndef OPENSSL_SMALL_FOOTPRINT
- while (n&~3)
- {
- sqr(r[0],r[1],a[0]);
- sqr(r[2],r[3],a[1]);
- sqr(r[4],r[5],a[2]);
- sqr(r[6],r[7],a[3]);
- a+=4; r+=8; n-=4;
- }
+ while (n & ~3) {
+ sqr(r[0], r[1], a[0]);
+ sqr(r[2], r[3], a[1]);
+ sqr(r[4], r[5], a[2]);
+ sqr(r[6], r[7], a[3]);
+ a += 4;
+ r += 8;
+ n -= 4;
+ }
#endif
- while (n)
- {
- sqr(r[0],r[1],a[0]);
- a++; r+=2; n--;
- }
+ while (n) {
+ sqr(r[0], r[1], a[0]);
+ a++;
+ r += 2;
+ n--;
}
+}
#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
- {
- BN_ULONG c=0;
- BN_ULONG bl,bh;
+BN_ULONG
+bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+ BN_ULONG c = 0;
+ BN_ULONG bl, bh;
assert(num >= 0);
- if (num <= 0) return((BN_ULONG)0);
+ if (num <= 0)
+ return ((BN_ULONG)0);
- bl=LBITS(w);
- bh=HBITS(w);
+ bl = LBITS(w);
+ bh = HBITS(w);
#ifndef OPENSSL_SMALL_FOOTPRINT
- while (num&~3)
- {
- mul_add(rp[0],ap[0],bl,bh,c);
- mul_add(rp[1],ap[1],bl,bh,c);
- mul_add(rp[2],ap[2],bl,bh,c);
- mul_add(rp[3],ap[3],bl,bh,c);
- ap+=4; rp+=4; num-=4;
- }
+ while (num & ~3) {
+ mul_add(rp[0], ap[0], bl, bh, c);
+ mul_add(rp[1], ap[1], bl, bh, c);
+ mul_add(rp[2], ap[2], bl, bh, c);
+ mul_add(rp[3], ap[3], bl, bh, c);
+ ap += 4;
+ rp += 4;
+ num -= 4;
+ }
#endif
- while (num)
- {
- mul_add(rp[0],ap[0],bl,bh,c);
- ap++; rp++; num--;
- }
- return(c);
- }
+ while (num) {
+ mul_add(rp[0], ap[0], bl, bh, c);
+ ap++;
+ rp++;
+ num--;
+ }
+ return (c);
+}
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
- {
- BN_ULONG carry=0;
- BN_ULONG bl,bh;
+BN_ULONG
+bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+ BN_ULONG carry = 0;
+ BN_ULONG bl, bh;
assert(num >= 0);
- if (num <= 0) return((BN_ULONG)0);
+ if (num <= 0)
+ return ((BN_ULONG)0);
- bl=LBITS(w);
- bh=HBITS(w);
+ bl = LBITS(w);
+ bh = HBITS(w);
#ifndef OPENSSL_SMALL_FOOTPRINT
- while (num&~3)
- {
- mul(rp[0],ap[0],bl,bh,carry);
- mul(rp[1],ap[1],bl,bh,carry);
- mul(rp[2],ap[2],bl,bh,carry);
- mul(rp[3],ap[3],bl,bh,carry);
- ap+=4; rp+=4; num-=4;
- }
+ while (num & ~3) {
+ mul(rp[0], ap[0], bl, bh, carry);
+ mul(rp[1], ap[1], bl, bh, carry);
+ mul(rp[2], ap[2], bl, bh, carry);
+ mul(rp[3], ap[3], bl, bh, carry);
+ ap += 4;
+ rp += 4;
+ num -= 4;
+ }
#endif
- while (num)
- {
- mul(rp[0],ap[0],bl,bh,carry);
- ap++; rp++; num--;
- }
- return(carry);
- }
+ while (num) {
+ mul(rp[0], ap[0], bl, bh, carry);
+ ap++;
+ rp++;
+ num--;
+ }
+ return (carry);
+}
-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
- {
+void
+bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+{
assert(n >= 0);
- if (n <= 0) return;
+ if (n <= 0)
+ return;
#ifndef OPENSSL_SMALL_FOOTPRINT
- while (n&~3)
- {
- sqr64(r[0],r[1],a[0]);
- sqr64(r[2],r[3],a[1]);
- sqr64(r[4],r[5],a[2]);
- sqr64(r[6],r[7],a[3]);
- a+=4; r+=8; n-=4;
- }
+ while (n & ~3) {
+ sqr64(r[0], r[1], a[0]);
+ sqr64(r[2], r[3], a[1]);
+ sqr64(r[4], r[5], a[2]);
+ sqr64(r[6], r[7], a[3]);
+ a += 4;
+ r += 8;
+ n -= 4;
+ }
#endif
- while (n)
- {
- sqr64(r[0],r[1],a[0]);
- a++; r+=2; n--;
- }
+ while (n) {
+ sqr64(r[0], r[1], a[0]);
+ a++;
+ r += 2;
+ n--;
}
+}
#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
#if defined(BN_LLONG) && defined(BN_DIV2W)
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
- {
- return((BN_ULONG)(((((BN_ULLONG)h)<<BN_BITS2)|l)/(BN_ULLONG)d));
- }
+BN_ULONG
+bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{
+ return ((BN_ULONG)(((((BN_ULLONG)h) << BN_BITS2)|l)/(BN_ULLONG)d));
+}
#else
/* Divide h,l by d and return the result. */
/* I need to test this some more :-( */
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
- {
- BN_ULONG dh,dl,q,ret=0,th,tl,t;
- int i,count=2;
-
- if (d == 0) return(BN_MASK2);
-
- i=BN_num_bits_word(d);
- assert((i == BN_BITS2) || (h <= (BN_ULONG)1<<i));
-
- i=BN_BITS2-i;
- if (h >= d) h-=d;
-
- if (i)
- {
- d<<=i;
- h=(h<<i)|(l>>(BN_BITS2-i));
- l<<=i;
- }
- dh=(d&BN_MASK2h)>>BN_BITS4;
- dl=(d&BN_MASK2l);
- for (;;)
- {
- if ((h>>BN_BITS4) == dh)
- q=BN_MASK2l;
+BN_ULONG
+bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{
+ BN_ULONG dh, dl, q,ret = 0, th, tl, t;
+ int i, count = 2;
+
+ if (d == 0)
+ return (BN_MASK2);
+
+ i = BN_num_bits_word(d);
+ assert((i == BN_BITS2) || (h <= (BN_ULONG)1 << i));
+
+ i = BN_BITS2 - i;
+ if (h >= d)
+ h -= d;
+
+ if (i) {
+ d <<= i;
+ h = (h << i) | (l >> (BN_BITS2 - i));
+ l <<= i;
+ }
+ dh = (d & BN_MASK2h) >> BN_BITS4;
+ dl = (d & BN_MASK2l);
+ for (;;) {
+ if ((h >> BN_BITS4) == dh)
+ q = BN_MASK2l;
else
- q=h/dh;
-
- th=q*dh;
- tl=dl*q;
- for (;;)
- {
- t=h-th;
- if ((t&BN_MASK2h) ||
- ((tl) <= (
- (t<<BN_BITS4)|
- ((l&BN_MASK2h)>>BN_BITS4))))
+ q = h / dh;
+
+ th = q * dh;
+ tl = dl * q;
+ for (;;) {
+ t = h - th;
+ if ((t & BN_MASK2h) ||
+ ((tl) <= (
+ (t << BN_BITS4) |
+ ((l & BN_MASK2h) >> BN_BITS4))))
break;
q--;
- th-=dh;
- tl-=dl;
- }
- t=(tl>>BN_BITS4);
- tl=(tl<<BN_BITS4)&BN_MASK2h;
- th+=t;
-
- if (l < tl) th++;
- l-=tl;
- if (h < th)
- {
- h+=d;
+ th -= dh;
+ tl -= dl;
+ }
+ t = (tl >> BN_BITS4);
+ tl = (tl << BN_BITS4) & BN_MASK2h;
+ th += t;
+
+ if (l < tl)
+ th++;
+ l -= tl;
+ if (h < th) {
+ h += d;
q--;
- }
- h-=th;
+ }
+ h -= th;
- if (--count == 0) break;
+ if (--count == 0)
+ break;
- ret=q<<BN_BITS4;
- h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2;
- l=(l&BN_MASK2l)<<BN_BITS4;
- }
- ret|=q;
- return(ret);
+ ret = q << BN_BITS4;
+ h = ((h << BN_BITS4) | (l >> BN_BITS4)) & BN_MASK2;
+ l = (l & BN_MASK2l) << BN_BITS4;
}
+ ret |= q;
+ return (ret);
+}
#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
#ifdef BN_LLONG
-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
- {
- BN_ULLONG ll=0;
+BN_ULONG
+bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
+{
+ BN_ULLONG ll = 0;
assert(n >= 0);
- if (n <= 0) return((BN_ULONG)0);
+ if (n <= 0)
+ return ((BN_ULONG)0);
#ifndef OPENSSL_SMALL_FOOTPRINT
- while (n&~3)
- {
- ll+=(BN_ULLONG)a[0]+b[0];
- r[0]=(BN_ULONG)ll&BN_MASK2;
- ll>>=BN_BITS2;
- ll+=(BN_ULLONG)a[1]+b[1];
- r[1]=(BN_ULONG)ll&BN_MASK2;
- ll>>=BN_BITS2;
- ll+=(BN_ULLONG)a[2]+b[2];
- r[2]=(BN_ULONG)ll&BN_MASK2;
- ll>>=BN_BITS2;
- ll+=(BN_ULLONG)a[3]+b[3];
- r[3]=(BN_ULONG)ll&BN_MASK2;
- ll>>=BN_BITS2;
- a+=4; b+=4; r+=4; n-=4;
- }
+ while (n & ~3) {
+ ll += (BN_ULLONG)a[0] + b[0];
+ r[0] = (BN_ULONG)ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ ll += (BN_ULLONG)a[1] + b[1];
+ r[1] = (BN_ULONG)ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ ll += (BN_ULLONG)a[2] + b[2];
+ r[2] = (BN_ULONG)ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ ll += (BN_ULLONG)a[3] + b[3];
+ r[3] = (BN_ULONG)ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ a += 4;
+ b += 4;
+ r += 4;
+ n -= 4;
+ }
#endif
- while (n)
- {
- ll+=(BN_ULLONG)a[0]+b[0];
- r[0]=(BN_ULONG)ll&BN_MASK2;
- ll>>=BN_BITS2;
- a++; b++; r++; n--;
- }
- return((BN_ULONG)ll);
+ while (n) {
+ ll += (BN_ULLONG)a[0] + b[0];
+ r[0] = (BN_ULONG)ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ a++;
+ b++;
+ r++;
+ n--;
}
+ return ((BN_ULONG)ll);
+}
#else /* !BN_LLONG */
-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
- {
- BN_ULONG c,l,t;
+BN_ULONG
+bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
+{
+ BN_ULONG c, l, t;
assert(n >= 0);
- if (n <= 0) return((BN_ULONG)0);
+ if (n <= 0)
+ return ((BN_ULONG)0);
- c=0;
+ c = 0;
#ifndef OPENSSL_SMALL_FOOTPRINT
- while (n&~3)
- {
- t=a[0];
- t=(t+c)&BN_MASK2;
- c=(t < c);
- l=(t+b[0])&BN_MASK2;
- c+=(l < t);
- r[0]=l;
- t=a[1];
- t=(t+c)&BN_MASK2;
- c=(t < c);
- l=(t+b[1])&BN_MASK2;
- c+=(l < t);
- r[1]=l;
- t=a[2];
- t=(t+c)&BN_MASK2;
- c=(t < c);
- l=(t+b[2])&BN_MASK2;
- c+=(l < t);
- r[2]=l;
- t=a[3];
- t=(t+c)&BN_MASK2;
- c=(t < c);
- l=(t+b[3])&BN_MASK2;
- c+=(l < t);
- r[3]=l;
- a+=4; b+=4; r+=4; n-=4;
- }
+ while (n & ~3) {
+ t = a[0];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[0]) & BN_MASK2;
+ c += (l < t);
+ r[0] = l;
+ t = a[1];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[1]) & BN_MASK2;
+ c += (l < t);
+ r[1] = l;
+ t = a[2];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[2]) & BN_MASK2;
+ c += (l < t);
+ r[2] = l;
+ t = a[3];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[3]) & BN_MASK2;
+ c += (l < t);
+ r[3] = l;
+ a += 4;
+ b += 4;
+ r += 4;
+ n -= 4;
+ }
#endif
- while(n)
- {
- t=a[0];
- t=(t+c)&BN_MASK2;
- c=(t < c);
- l=(t+b[0])&BN_MASK2;
- c+=(l < t);
- r[0]=l;
- a++; b++; r++; n--;
- }
- return((BN_ULONG)c);
+ while (n) {
+ t = a[0];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[0]) & BN_MASK2;
+ c += (l < t);
+ r[0] = l;
+ a++;
+ b++;
+ r++;
+ n--;
}
+ return ((BN_ULONG)c);
+}
#endif /* !BN_LLONG */
-BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
- {
- BN_ULONG t1,t2;
- int c=0;
+BN_ULONG
+bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
+{
+ BN_ULONG t1, t2;
+ int c = 0;
assert(n >= 0);
- if (n <= 0) return((BN_ULONG)0);
+ if (n <= 0)
+ return ((BN_ULONG)0);
#ifndef OPENSSL_SMALL_FOOTPRINT
- while (n&~3)
- {
- t1=a[0]; t2=b[0];
- r[0]=(t1-t2-c)&BN_MASK2;
- if (t1 != t2) c=(t1 < t2);
- t1=a[1]; t2=b[1];
- r[1]=(t1-t2-c)&BN_MASK2;
- if (t1 != t2) c=(t1 < t2);
- t1=a[2]; t2=b[2];
- r[2]=(t1-t2-c)&BN_MASK2;
- if (t1 != t2) c=(t1 < t2);
- t1=a[3]; t2=b[3];
- r[3]=(t1-t2-c)&BN_MASK2;
- if (t1 != t2) c=(t1 < t2);
- a+=4; b+=4; r+=4; n-=4;
- }
+ while (n&~3) {
+ t1 = a[0];
+ t2 = b[0];
+ r[0] = (t1 - t2 - c) & BN_MASK2;
+ if (t1 != t2)
+ c = (t1 < t2);
+ t1 = a[1];
+ t2 = b[1];
+ r[1] = (t1 - t2 - c) & BN_MASK2;
+ if (t1 != t2)
+ c = (t1 < t2);
+ t1 = a[2];
+ t2 = b[2];
+ r[2] = (t1 - t2 - c) & BN_MASK2;
+ if (t1 != t2)
+ c = (t1 < t2);
+ t1 = a[3];
+ t2 = b[3];
+ r[3] = (t1 - t2 - c) & BN_MASK2;
+ if (t1 != t2)
+ c = (t1 < t2);
+ a += 4;
+ b += 4;
+ r += 4;
+ n -= 4;
+ }
#endif
- while (n)
- {
- t1=a[0]; t2=b[0];
- r[0]=(t1-t2-c)&BN_MASK2;
- if (t1 != t2) c=(t1 < t2);
- a++; b++; r++; n--;
- }
- return(c);
+ while (n) {
+ t1 = a[0];
+ t2 = b[0];
+ r[0] = (t1 - t2 - c) & BN_MASK2;
+ if (t1 != t2)
+ c = (t1 < t2);
+ a++;
+ b++;
+ r++;
+ n--;
}
+ return (c);
+}
#if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT)
mul_add_c2((a)[i],(a)[j],c0,c1,c2)
#endif /* !BN_LLONG */
-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
- {
+void
+bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
#ifdef BN_LLONG
BN_ULLONG t;
#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
- BN_ULONG bl,bh;
+ BN_ULONG bl, bh;
#endif
- BN_ULONG t1,t2;
- BN_ULONG c1,c2,c3;
-
- c1=0;
- c2=0;
- c3=0;
- mul_add_c(a[0],b[0],c1,c2,c3);
- r[0]=c1;
- c1=0;
- mul_add_c(a[0],b[1],c2,c3,c1);
- mul_add_c(a[1],b[0],c2,c3,c1);
- r[1]=c2;
- c2=0;
- mul_add_c(a[2],b[0],c3,c1,c2);
- mul_add_c(a[1],b[1],c3,c1,c2);
- mul_add_c(a[0],b[2],c3,c1,c2);
- r[2]=c3;
- c3=0;
- mul_add_c(a[0],b[3],c1,c2,c3);
- mul_add_c(a[1],b[2],c1,c2,c3);
- mul_add_c(a[2],b[1],c1,c2,c3);
- mul_add_c(a[3],b[0],c1,c2,c3);
- r[3]=c1;
- c1=0;
- mul_add_c(a[4],b[0],c2,c3,c1);
- mul_add_c(a[3],b[1],c2,c3,c1);
- mul_add_c(a[2],b[2],c2,c3,c1);
- mul_add_c(a[1],b[3],c2,c3,c1);
- mul_add_c(a[0],b[4],c2,c3,c1);
- r[4]=c2;
- c2=0;
- mul_add_c(a[0],b[5],c3,c1,c2);
- mul_add_c(a[1],b[4],c3,c1,c2);
- mul_add_c(a[2],b[3],c3,c1,c2);
- mul_add_c(a[3],b[2],c3,c1,c2);
- mul_add_c(a[4],b[1],c3,c1,c2);
- mul_add_c(a[5],b[0],c3,c1,c2);
- r[5]=c3;
- c3=0;
- mul_add_c(a[6],b[0],c1,c2,c3);
- mul_add_c(a[5],b[1],c1,c2,c3);
- mul_add_c(a[4],b[2],c1,c2,c3);
- mul_add_c(a[3],b[3],c1,c2,c3);
- mul_add_c(a[2],b[4],c1,c2,c3);
- mul_add_c(a[1],b[5],c1,c2,c3);
- mul_add_c(a[0],b[6],c1,c2,c3);
- r[6]=c1;
- c1=0;
- mul_add_c(a[0],b[7],c2,c3,c1);
- mul_add_c(a[1],b[6],c2,c3,c1);
- mul_add_c(a[2],b[5],c2,c3,c1);
- mul_add_c(a[3],b[4],c2,c3,c1);
- mul_add_c(a[4],b[3],c2,c3,c1);
- mul_add_c(a[5],b[2],c2,c3,c1);
- mul_add_c(a[6],b[1],c2,c3,c1);
- mul_add_c(a[7],b[0],c2,c3,c1);
- r[7]=c2;
- c2=0;
- mul_add_c(a[7],b[1],c3,c1,c2);
- mul_add_c(a[6],b[2],c3,c1,c2);
- mul_add_c(a[5],b[3],c3,c1,c2);
- mul_add_c(a[4],b[4],c3,c1,c2);
- mul_add_c(a[3],b[5],c3,c1,c2);
- mul_add_c(a[2],b[6],c3,c1,c2);
- mul_add_c(a[1],b[7],c3,c1,c2);
- r[8]=c3;
- c3=0;
- mul_add_c(a[2],b[7],c1,c2,c3);
- mul_add_c(a[3],b[6],c1,c2,c3);
- mul_add_c(a[4],b[5],c1,c2,c3);
- mul_add_c(a[5],b[4],c1,c2,c3);
- mul_add_c(a[6],b[3],c1,c2,c3);
- mul_add_c(a[7],b[2],c1,c2,c3);
- r[9]=c1;
- c1=0;
- mul_add_c(a[7],b[3],c2,c3,c1);
- mul_add_c(a[6],b[4],c2,c3,c1);
- mul_add_c(a[5],b[5],c2,c3,c1);
- mul_add_c(a[4],b[6],c2,c3,c1);
- mul_add_c(a[3],b[7],c2,c3,c1);
- r[10]=c2;
- c2=0;
- mul_add_c(a[4],b[7],c3,c1,c2);
- mul_add_c(a[5],b[6],c3,c1,c2);
- mul_add_c(a[6],b[5],c3,c1,c2);
- mul_add_c(a[7],b[4],c3,c1,c2);
- r[11]=c3;
- c3=0;
- mul_add_c(a[7],b[5],c1,c2,c3);
- mul_add_c(a[6],b[6],c1,c2,c3);
- mul_add_c(a[5],b[7],c1,c2,c3);
- r[12]=c1;
- c1=0;
- mul_add_c(a[6],b[7],c2,c3,c1);
- mul_add_c(a[7],b[6],c2,c3,c1);
- r[13]=c2;
- c2=0;
- mul_add_c(a[7],b[7],c3,c1,c2);
- r[14]=c3;
- r[15]=c1;
- }
-
-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
- {
+ BN_ULONG t1, t2;
+ BN_ULONG c1, c2, c3;
+
+ c1 = 0;
+ c2 = 0;
+ c3 = 0;
+ mul_add_c(a[0], b[0], c1, c2, c3);
+ r[0] = c1;
+ c1 = 0;
+ mul_add_c(a[0], b[1], c2, c3, c1);
+ mul_add_c(a[1], b[0], c2, c3, c1);
+ r[1] = c2;
+ c2 = 0;
+ mul_add_c(a[2], b[0], c3, c1, c2);
+ mul_add_c(a[1], b[1], c3, c1, c2);
+ mul_add_c(a[0], b[2], c3, c1, c2);
+ r[2] = c3;
+ c3 = 0;
+ mul_add_c(a[0], b[3], c1, c2, c3);
+ mul_add_c(a[1], b[2], c1, c2, c3);
+ mul_add_c(a[2], b[1], c1, c2, c3);
+ mul_add_c(a[3], b[0], c1, c2, c3);
+ r[3] = c1;
+ c1 = 0;
+ mul_add_c(a[4], b[0], c2, c3, c1);
+ mul_add_c(a[3], b[1], c2, c3, c1);
+ mul_add_c(a[2], b[2], c2, c3, c1);
+ mul_add_c(a[1], b[3], c2, c3, c1);
+ mul_add_c(a[0], b[4], c2, c3, c1);
+ r[4] = c2;
+ c2 = 0;
+ mul_add_c(a[0], b[5], c3, c1, c2);
+ mul_add_c(a[1], b[4], c3, c1, c2);
+ mul_add_c(a[2], b[3], c3, c1, c2);
+ mul_add_c(a[3], b[2], c3, c1, c2);
+ mul_add_c(a[4], b[1], c3, c1, c2);
+ mul_add_c(a[5], b[0], c3, c1, c2);
+ r[5] = c3;
+ c3 = 0;
+ mul_add_c(a[6], b[0], c1, c2, c3);
+ mul_add_c(a[5], b[1], c1, c2, c3);
+ mul_add_c(a[4], b[2], c1, c2, c3);
+ mul_add_c(a[3], b[3], c1, c2, c3);
+ mul_add_c(a[2], b[4], c1, c2, c3);
+ mul_add_c(a[1], b[5], c1, c2, c3);
+ mul_add_c(a[0], b[6], c1, c2, c3);
+ r[6] = c1;
+ c1 = 0;
+ mul_add_c(a[0], b[7], c2, c3, c1);
+ mul_add_c(a[1], b[6], c2, c3, c1);
+ mul_add_c(a[2], b[5], c2, c3, c1);
+ mul_add_c(a[3], b[4], c2, c3, c1);
+ mul_add_c(a[4], b[3], c2, c3, c1);
+ mul_add_c(a[5], b[2], c2, c3, c1);
+ mul_add_c(a[6], b[1], c2, c3, c1);
+ mul_add_c(a[7], b[0], c2, c3, c1);
+ r[7] = c2;
+ c2 = 0;
+ mul_add_c(a[7], b[1], c3, c1, c2);
+ mul_add_c(a[6], b[2], c3, c1, c2);
+ mul_add_c(a[5], b[3], c3, c1, c2);
+ mul_add_c(a[4], b[4], c3, c1, c2);
+ mul_add_c(a[3], b[5], c3, c1, c2);
+ mul_add_c(a[2], b[6], c3, c1, c2);
+ mul_add_c(a[1], b[7], c3, c1, c2);
+ r[8] = c3;
+ c3 = 0;
+ mul_add_c(a[2], b[7], c1, c2, c3);
+ mul_add_c(a[3], b[6], c1, c2, c3);
+ mul_add_c(a[4], b[5], c1, c2, c3);
+ mul_add_c(a[5], b[4], c1, c2, c3);
+ mul_add_c(a[6], b[3], c1, c2, c3);
+ mul_add_c(a[7], b[2], c1, c2, c3);
+ r[9] = c1;
+ c1 = 0;
+ mul_add_c(a[7], b[3], c2, c3, c1);
+ mul_add_c(a[6], b[4], c2, c3, c1);
+ mul_add_c(a[5], b[5], c2, c3, c1);
+ mul_add_c(a[4], b[6], c2, c3, c1);
+ mul_add_c(a[3], b[7], c2, c3, c1);
+ r[10] = c2;
+ c2 = 0;
+ mul_add_c(a[4], b[7], c3, c1, c2);
+ mul_add_c(a[5], b[6], c3, c1, c2);
+ mul_add_c(a[6], b[5], c3, c1, c2);
+ mul_add_c(a[7], b[4], c3, c1, c2);
+ r[11] = c3;
+ c3 = 0;
+ mul_add_c(a[7], b[5], c1, c2, c3);
+ mul_add_c(a[6], b[6], c1, c2, c3);
+ mul_add_c(a[5], b[7], c1, c2, c3);
+ r[12] = c1;
+ c1 = 0;
+ mul_add_c(a[6], b[7], c2, c3, c1);
+ mul_add_c(a[7], b[6], c2, c3, c1);
+ r[13] = c2;
+ c2 = 0;
+ mul_add_c(a[7], b[7], c3, c1, c2);
+ r[14] = c3;
+ r[15] = c1;
+}
+
+void
+bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
#ifdef BN_LLONG
BN_ULLONG t;
#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
- BN_ULONG bl,bh;
+ BN_ULONG bl, bh;
#endif
- BN_ULONG t1,t2;
- BN_ULONG c1,c2,c3;
-
- c1=0;
- c2=0;
- c3=0;
- mul_add_c(a[0],b[0],c1,c2,c3);
- r[0]=c1;
- c1=0;
- mul_add_c(a[0],b[1],c2,c3,c1);
- mul_add_c(a[1],b[0],c2,c3,c1);
- r[1]=c2;
- c2=0;
- mul_add_c(a[2],b[0],c3,c1,c2);
- mul_add_c(a[1],b[1],c3,c1,c2);
- mul_add_c(a[0],b[2],c3,c1,c2);
- r[2]=c3;
- c3=0;
- mul_add_c(a[0],b[3],c1,c2,c3);
- mul_add_c(a[1],b[2],c1,c2,c3);
- mul_add_c(a[2],b[1],c1,c2,c3);
- mul_add_c(a[3],b[0],c1,c2,c3);
- r[3]=c1;
- c1=0;
- mul_add_c(a[3],b[1],c2,c3,c1);
- mul_add_c(a[2],b[2],c2,c3,c1);
- mul_add_c(a[1],b[3],c2,c3,c1);
- r[4]=c2;
- c2=0;
- mul_add_c(a[2],b[3],c3,c1,c2);
- mul_add_c(a[3],b[2],c3,c1,c2);
- r[5]=c3;
- c3=0;
- mul_add_c(a[3],b[3],c1,c2,c3);
- r[6]=c1;
- r[7]=c2;
- }
-
-void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
- {
+ BN_ULONG t1, t2;
+ BN_ULONG c1, c2, c3;
+
+ c1 = 0;
+ c2 = 0;
+ c3 = 0;
+ mul_add_c(a[0], b[0], c1, c2, c3);
+ r[0] = c1;
+ c1 = 0;
+ mul_add_c(a[0], b[1], c2, c3, c1);
+ mul_add_c(a[1], b[0], c2, c3, c1);
+ r[1] = c2;
+ c2 = 0;
+ mul_add_c(a[2], b[0], c3, c1, c2);
+ mul_add_c(a[1], b[1], c3, c1, c2);
+ mul_add_c(a[0], b[2], c3, c1, c2);
+ r[2] = c3;
+ c3 = 0;
+ mul_add_c(a[0], b[3], c1, c2, c3);
+ mul_add_c(a[1], b[2], c1, c2, c3);
+ mul_add_c(a[2], b[1], c1, c2, c3);
+ mul_add_c(a[3], b[0], c1, c2, c3);
+ r[3] = c1;
+ c1 = 0;
+ mul_add_c(a[3], b[1], c2, c3, c1);
+ mul_add_c(a[2], b[2], c2, c3, c1);
+ mul_add_c(a[1], b[3], c2, c3, c1);
+ r[4] = c2;
+ c2 = 0;
+ mul_add_c(a[2], b[3], c3, c1, c2);
+ mul_add_c(a[3], b[2], c3, c1, c2);
+ r[5] = c3;
+ c3 = 0;
+ mul_add_c(a[3], b[3], c1, c2, c3);
+ r[6] = c1;
+ r[7] = c2;
+}
+
+void
+bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+{
#ifdef BN_LLONG
- BN_ULLONG t,tt;
+ BN_ULLONG t, tt;
#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
- BN_ULONG bl,bh;
+ BN_ULONG bl, bh;
#endif
- BN_ULONG t1,t2;
- BN_ULONG c1,c2,c3;
-
- c1=0;
- c2=0;
- c3=0;
- sqr_add_c(a,0,c1,c2,c3);
- r[0]=c1;
- c1=0;
- sqr_add_c2(a,1,0,c2,c3,c1);
- r[1]=c2;
- c2=0;
- sqr_add_c(a,1,c3,c1,c2);
- sqr_add_c2(a,2,0,c3,c1,c2);
- r[2]=c3;
- c3=0;
- sqr_add_c2(a,3,0,c1,c2,c3);
- sqr_add_c2(a,2,1,c1,c2,c3);
- r[3]=c1;
- c1=0;
- sqr_add_c(a,2,c2,c3,c1);
- sqr_add_c2(a,3,1,c2,c3,c1);
- sqr_add_c2(a,4,0,c2,c3,c1);
- r[4]=c2;
- c2=0;
- sqr_add_c2(a,5,0,c3,c1,c2);
- sqr_add_c2(a,4,1,c3,c1,c2);
- sqr_add_c2(a,3,2,c3,c1,c2);
- r[5]=c3;
- c3=0;
- sqr_add_c(a,3,c1,c2,c3);
- sqr_add_c2(a,4,2,c1,c2,c3);
- sqr_add_c2(a,5,1,c1,c2,c3);
- sqr_add_c2(a,6,0,c1,c2,c3);
- r[6]=c1;
- c1=0;
- sqr_add_c2(a,7,0,c2,c3,c1);
- sqr_add_c2(a,6,1,c2,c3,c1);
- sqr_add_c2(a,5,2,c2,c3,c1);
- sqr_add_c2(a,4,3,c2,c3,c1);
- r[7]=c2;
- c2=0;
- sqr_add_c(a,4,c3,c1,c2);
- sqr_add_c2(a,5,3,c3,c1,c2);
- sqr_add_c2(a,6,2,c3,c1,c2);
- sqr_add_c2(a,7,1,c3,c1,c2);
- r[8]=c3;
- c3=0;
- sqr_add_c2(a,7,2,c1,c2,c3);
- sqr_add_c2(a,6,3,c1,c2,c3);
- sqr_add_c2(a,5,4,c1,c2,c3);
- r[9]=c1;
- c1=0;
- sqr_add_c(a,5,c2,c3,c1);
- sqr_add_c2(a,6,4,c2,c3,c1);
- sqr_add_c2(a,7,3,c2,c3,c1);
- r[10]=c2;
- c2=0;
- sqr_add_c2(a,7,4,c3,c1,c2);
- sqr_add_c2(a,6,5,c3,c1,c2);
- r[11]=c3;
- c3=0;
- sqr_add_c(a,6,c1,c2,c3);
- sqr_add_c2(a,7,5,c1,c2,c3);
- r[12]=c1;
- c1=0;
- sqr_add_c2(a,7,6,c2,c3,c1);
- r[13]=c2;
- c2=0;
- sqr_add_c(a,7,c3,c1,c2);
- r[14]=c3;
- r[15]=c1;
- }
-
-void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
- {
+ BN_ULONG t1, t2;
+ BN_ULONG c1, c2, c3;
+
+ c1 = 0;
+ c2 = 0;
+ c3 = 0;
+ sqr_add_c(a, 0, c1, c2, c3);
+ r[0] = c1;
+ c1 = 0;
+ sqr_add_c2(a, 1, 0, c2, c3, c1);
+ r[1] = c2;
+ c2 = 0;
+ sqr_add_c(a, 1, c3, c1, c2);
+ sqr_add_c2(a, 2, 0, c3, c1, c2);
+ r[2] = c3;
+ c3 = 0;
+ sqr_add_c2(a, 3, 0, c1, c2, c3);
+ sqr_add_c2(a, 2, 1, c1, c2, c3);
+ r[3] = c1;
+ c1 = 0;
+ sqr_add_c(a, 2, c2, c3, c1);
+ sqr_add_c2(a, 3, 1, c2, c3, c1);
+ sqr_add_c2(a, 4, 0, c2, c3, c1);
+ r[4] = c2;
+ c2 = 0;
+ sqr_add_c2(a, 5, 0, c3, c1, c2);
+ sqr_add_c2(a, 4, 1, c3, c1, c2);
+ sqr_add_c2(a, 3, 2, c3, c1, c2);
+ r[5] = c3;
+ c3 = 0;
+ sqr_add_c(a, 3, c1, c2, c3);
+ sqr_add_c2(a, 4, 2, c1, c2, c3);
+ sqr_add_c2(a, 5, 1, c1, c2, c3);
+ sqr_add_c2(a, 6, 0, c1, c2, c3);
+ r[6] = c1;
+ c1 = 0;
+ sqr_add_c2(a, 7, 0, c2, c3, c1);
+ sqr_add_c2(a, 6, 1, c2, c3, c1);
+ sqr_add_c2(a, 5, 2, c2, c3, c1);
+ sqr_add_c2(a, 4, 3, c2, c3, c1);
+ r[7] = c2;
+ c2 = 0;
+ sqr_add_c(a, 4, c3, c1, c2);
+ sqr_add_c2(a, 5, 3, c3, c1, c2);
+ sqr_add_c2(a, 6, 2, c3, c1, c2);
+ sqr_add_c2(a, 7, 1, c3, c1, c2);
+ r[8] = c3;
+ c3 = 0;
+ sqr_add_c2(a, 7, 2, c1, c2, c3);
+ sqr_add_c2(a, 6, 3, c1, c2, c3);
+ sqr_add_c2(a, 5, 4, c1, c2, c3);
+ r[9] = c1;
+ c1 = 0;
+ sqr_add_c(a, 5, c2, c3, c1);
+ sqr_add_c2(a, 6, 4, c2, c3, c1);
+ sqr_add_c2(a, 7, 3, c2, c3, c1);
+ r[10] = c2;
+ c2 = 0;
+ sqr_add_c2(a, 7, 4, c3, c1, c2);
+ sqr_add_c2(a, 6, 5, c3, c1, c2);
+ r[11] = c3;
+ c3 = 0;
+ sqr_add_c(a, 6, c1, c2, c3);
+ sqr_add_c2(a, 7, 5, c1, c2, c3);
+ r[12] = c1;
+ c1 = 0;
+ sqr_add_c2(a, 7, 6, c2, c3, c1);
+ r[13] = c2;
+ c2 = 0;
+ sqr_add_c(a, 7, c3, c1, c2);
+ r[14] = c3;
+ r[15] = c1;
+}
+
+void
+bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+{
#ifdef BN_LLONG
- BN_ULLONG t,tt;
+ BN_ULLONG t, tt;
#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
- BN_ULONG bl,bh;
+ BN_ULONG bl, bh;
#endif
- BN_ULONG t1,t2;
- BN_ULONG c1,c2,c3;
-
- c1=0;
- c2=0;
- c3=0;
- sqr_add_c(a,0,c1,c2,c3);
- r[0]=c1;
- c1=0;
- sqr_add_c2(a,1,0,c2,c3,c1);
- r[1]=c2;
- c2=0;
- sqr_add_c(a,1,c3,c1,c2);
- sqr_add_c2(a,2,0,c3,c1,c2);
- r[2]=c3;
- c3=0;
- sqr_add_c2(a,3,0,c1,c2,c3);
- sqr_add_c2(a,2,1,c1,c2,c3);
- r[3]=c1;
- c1=0;
- sqr_add_c(a,2,c2,c3,c1);
- sqr_add_c2(a,3,1,c2,c3,c1);
- r[4]=c2;
- c2=0;
- sqr_add_c2(a,3,2,c3,c1,c2);
- r[5]=c3;
- c3=0;
- sqr_add_c(a,3,c1,c2,c3);
- r[6]=c1;
- r[7]=c2;
- }
+ BN_ULONG t1, t2;
+ BN_ULONG c1, c2, c3;
+
+ c1 = 0;
+ c2 = 0;
+ c3 = 0;
+ sqr_add_c(a, 0, c1, c2, c3);
+ r[0] = c1;
+ c1 = 0;
+ sqr_add_c2(a, 1, 0, c2, c3, c1);
+ r[1] = c2;
+ c2 = 0;
+ sqr_add_c(a, 1, c3, c1, c2);
+ sqr_add_c2(a, 2, 0, c3, c1, c2);
+ r[2] = c3;
+ c3 = 0;
+ sqr_add_c2(a, 3, 0, c1, c2, c3);
+ sqr_add_c2(a, 2, 1, c1, c2, c3);
+ r[3] = c1;
+ c1 = 0;
+ sqr_add_c(a, 2, c2, c3, c1);
+ sqr_add_c2(a, 3, 1, c2, c3, c1);
+ r[4] = c2;
+ c2 = 0;
+ sqr_add_c2(a, 3, 2, c3, c1, c2);
+ r[5] = c3;
+ c3 = 0;
+ sqr_add_c(a, 3, c1, c2, c3);
+ r[6] = c1;
+ r[7] = c2;
+}
#ifdef OPENSSL_NO_ASM
#ifdef OPENSSL_BN_ASM_MONT
* versions. Assembler vs. assembler improvement coefficients can
* [and are known to] differ and are to be documented elsewhere.
*/
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0p, int num)
- {
- BN_ULONG c0,c1,ml,*tp,n0;
+int
+bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0p, int num)
+{
+ BN_ULONG c0, c1, ml, *tp, n0;
#ifdef mul64
BN_ULONG mh;
#endif
volatile BN_ULONG *vp;
- int i=0,j;
+ int i = 0, j;
#if 0 /* template for platform-specific implementation */
- if (ap==bp) return bn_sqr_mont(rp,ap,np,n0p,num);
+ if (ap == bp)
+ return bn_sqr_mont(rp, ap, np, n0p, num);
#endif
- vp = tp = alloca((num+2)*sizeof(BN_ULONG));
+ vp = tp = alloca((num + 2)*sizeof(BN_ULONG));
n0 = *n0p;
#ifdef mul64
mh = HBITS(ml);
ml = LBITS(ml);
- for (j=0;j<num;++j)
- mul(tp[j],ap[j],ml,mh,c0);
+ for (j = 0; j < num; ++j)
+ mul(tp[j], ap[j], ml, mh, c0);
#else
- for (j=0;j<num;++j)
- mul(tp[j],ap[j],ml,c0);
+ for (j = 0; j < num; ++j)
+ mul(tp[j], ap[j], ml, c0);
#endif
- tp[num] = c0;
- tp[num+1] = 0;
+ tp[num] = c0;
+ tp[num + 1] = 0;
goto enter;
- for(i=0;i<num;i++)
- {
+ for (i = 0; i < num; i++) {
c0 = 0;
ml = bp[i];
#ifdef mul64
mh = HBITS(ml);
ml = LBITS(ml);
- for (j=0;j<num;++j)
- mul_add(tp[j],ap[j],ml,mh,c0);
+ for (j = 0; j < num; ++j)
+ mul_add(tp[j], ap[j], ml, mh, c0);
#else
- for (j=0;j<num;++j)
- mul_add(tp[j],ap[j],ml,c0);
+ for (j = 0; j < num; ++j)
+ mul_add(tp[j], ap[j], ml, c0);
#endif
- c1 = (tp[num] + c0)&BN_MASK2;
- tp[num] = c1;
- tp[num+1] = (c1<c0?1:0);
- enter:
- c1 = tp[0];
- ml = (c1*n0)&BN_MASK2;
+ c1 = (tp[num] + c0) & BN_MASK2;
+ tp[num] = c1;
+ tp[num + 1] = (c1 < c0 ? 1 : 0);
+enter:
+ c1 = tp[0];
+ ml = (c1 * n0) & BN_MASK2;
c0 = 0;
#ifdef mul64
mh = HBITS(ml);
ml = LBITS(ml);
- mul_add(c1,np[0],ml,mh,c0);
+ mul_add(c1, np[0], ml, mh, c0);
#else
- mul_add(c1,ml,np[0],c0);
+ mul_add(c1, ml, np[0], c0);
#endif
- for(j=1;j<num;j++)
- {
+ for (j = 1; j < num; j++) {
c1 = tp[j];
#ifdef mul64
- mul_add(c1,np[j],ml,mh,c0);
+ mul_add(c1, np[j], ml, mh, c0);
#else
- mul_add(c1,ml,np[j],c0);
+ mul_add(c1, ml, np[j], c0);
#endif
- tp[j-1] = c1&BN_MASK2;
- }
- c1 = (tp[num] + c0)&BN_MASK2;
- tp[num-1] = c1;
- tp[num] = tp[num+1] + (c1<c0?1:0);
+ tp[j - 1] = c1 & BN_MASK2;
}
+ c1 = (tp[num] + c0) & BN_MASK2;
+ tp[num - 1] = c1;
+ tp[num] = tp[num + 1] + (c1 < c0 ? 1 : 0);
+ }
- if (tp[num]!=0 || tp[num-1]>=np[num-1])
- {
- c0 = bn_sub_words(rp,tp,np,num);
- if (tp[num]!=0 || c0==0)
- {
- for(i=0;i<num+2;i++) vp[i] = 0;
+ if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
+ c0 = bn_sub_words(rp, tp, np, num);
+ if (tp[num] != 0 || c0 == 0) {
+ for (i = 0; i < num + 2; i++)
+ vp[i] = 0;
return 1;
- }
}
- for(i=0;i<num;i++) rp[i] = tp[i], vp[i] = 0;
- vp[num] = 0;
- vp[num+1] = 0;
- return 1;
}
+ for (i = 0; i < num; i++)
+ rp[i] = tp[i], vp[i] = 0;
+ vp[num] = 0;
+ vp[num + 1] = 0;
+ return 1;
+}
#else
/*
* Return value of 0 indicates that multiplication/convolution was not
* performed to signal the caller to fall down to alternative/original
* code-path.
*/
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
-{ return 0; }
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num)
+ { return 0;
+}
#endif /* OPENSSL_BN_ASM_MONT */
#endif
/* hmm... is it faster just to do a multiply? */
#undef bn_sqr_comba4
-void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
- {
+void
+bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+{
BN_ULONG t[8];
- bn_sqr_normal(r,a,4,t);
- }
+ bn_sqr_normal(r, a, 4, t);
+}
#undef bn_sqr_comba8
-void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
- {
+void
+bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+{
BN_ULONG t[16];
- bn_sqr_normal(r,a,8,t);
- }
-
-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
- {
- r[4]=bn_mul_words( &(r[0]),a,4,b[0]);
- r[5]=bn_mul_add_words(&(r[1]),a,4,b[1]);
- r[6]=bn_mul_add_words(&(r[2]),a,4,b[2]);
- r[7]=bn_mul_add_words(&(r[3]),a,4,b[3]);
- }
-
-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
- {
- r[ 8]=bn_mul_words( &(r[0]),a,8,b[0]);
- r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
- r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);
- r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);
- r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);
- r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);
- r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);
- r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
- }
+ bn_sqr_normal(r, a, 8, t);
+}
+
+void
+bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+ r[4] = bn_mul_words(&(r[0]), a, 4, b[0]);
+ r[5] = bn_mul_add_words(&(r[1]), a, 4, b[1]);
+ r[6] = bn_mul_add_words(&(r[2]), a, 4, b[2]);
+ r[7] = bn_mul_add_words(&(r[3]), a, 4, b[3]);
+}
+
+void
+bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+ r[8] = bn_mul_words(&(r[0]), a, 8, b[0]);
+ r[9] = bn_mul_add_words(&(r[1]), a, 8, b[1]);
+ r[10] = bn_mul_add_words(&(r[2]), a, 8, b[2]);
+ r[11] = bn_mul_add_words(&(r[3]), a, 8, b[3]);
+ r[12] = bn_mul_add_words(&(r[4]), a, 8, b[4]);
+ r[13] = bn_mul_add_words(&(r[5]), a, 8, b[5]);
+ r[14] = bn_mul_add_words(&(r[6]), a, 8, b[6]);
+ r[15] = bn_mul_add_words(&(r[7]), a, 8, b[7]);
+}
#ifdef OPENSSL_NO_ASM
#ifdef OPENSSL_BN_ASM_MONT
#include <alloca.h>
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0p, int num)
- {
- BN_ULONG c0,c1,*tp,n0=*n0p;
+int
+bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ const BN_ULONG *np, const BN_ULONG *n0p, int num)
+{
+ BN_ULONG c0, c1, *tp, n0 = *n0p;
volatile BN_ULONG *vp;
- int i=0,j;
+ int i = 0, j;
- vp = tp = alloca((num+2)*sizeof(BN_ULONG));
+ vp = tp = alloca((num + 2) * sizeof(BN_ULONG));
- for(i=0;i<=num;i++) tp[i]=0;
+ for(i = 0; i <= num; i++)
+ tp[i] = 0;
- for(i=0;i<num;i++)
- {
- c0 = bn_mul_add_words(tp,ap,num,bp[i]);
- c1 = (tp[num] + c0)&BN_MASK2;
- tp[num] = c1;
- tp[num+1] = (c1<c0?1:0);
+ for (i = 0; i < num; i++) {
+ c0 = bn_mul_add_words(tp, ap, num, bp[i]);
+ c1 = (tp[num] + c0) & BN_MASK2;
+ tp[num] = c1;
+ tp[num + 1] = (c1 < c0 ? 1 : 0);
- c0 = bn_mul_add_words(tp,np,num,tp[0]*n0);
- c1 = (tp[num] + c0)&BN_MASK2;
- tp[num] = c1;
- tp[num+1] += (c1<c0?1:0);
- for(j=0;j<=num;j++) tp[j]=tp[j+1];
- }
+ c0 = bn_mul_add_words(tp, np, num, tp[0] * n0);
+ c1 = (tp[num] + c0) & BN_MASK2;
+ tp[num] = c1;
+ tp[num + 1] += (c1 < c0 ? 1 : 0);
+ for (j = 0; j <= num; j++)
+ tp[j] = tp[j + 1];
+ }
- if (tp[num]!=0 || tp[num-1]>=np[num-1])
- {
- c0 = bn_sub_words(rp,tp,np,num);
- if (tp[num]!=0 || c0==0)
- {
- for(i=0;i<num+2;i++) vp[i] = 0;
+ if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
+ c0 = bn_sub_words(rp, tp, np, num);
+ if (tp[num] != 0 || c0 == 0) {
+ for (i = 0; i < num + 2; i++)
+ vp[i] = 0;
return 1;
- }
}
- for(i=0;i<num;i++) rp[i] = tp[i], vp[i] = 0;
- vp[num] = 0;
- vp[num+1] = 0;
- return 1;
}
+ for (i = 0; i < num; i++)
+ rp[i] = tp[i], vp[i] = 0;
+ vp[num] = 0;
+ vp[num + 1] = 0;
+ return 1;
+}
#else
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
-{ return 0; }
+int
+bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ const BN_ULONG *np, const BN_ULONG *n0, int num)
+{
+ return 0;
+}
#endif /* OPENSSL_BN_ASM_MONT */
#endif
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#define BN_BLINDING_COUNTER 32
-struct bn_blinding_st
- {
+struct bn_blinding_st {
BIGNUM *A;
BIGNUM *Ai;
BIGNUM *e;
unsigned long flags;
BN_MONT_CTX *m_ctx;
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
- };
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+};
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
- {
- BN_BLINDING *ret=NULL;
+BN_BLINDING *
+BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
+{
+ BN_BLINDING *ret = NULL;
bn_check_top(mod);
- if ((ret=(BN_BLINDING *)malloc(sizeof(BN_BLINDING))) == NULL)
- {
- BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- memset(ret,0,sizeof(BN_BLINDING));
- if (A != NULL)
- {
- if ((ret->A = BN_dup(A)) == NULL) goto err;
- }
- if (Ai != NULL)
- {
- if ((ret->Ai = BN_dup(Ai)) == NULL) goto err;
- }
+ if ((ret = (BN_BLINDING *)malloc(sizeof(BN_BLINDING))) == NULL) {
+ BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ memset(ret, 0, sizeof(BN_BLINDING));
+ if (A != NULL) {
+ if ((ret->A = BN_dup(A)) == NULL)
+ goto err;
+ }
+ if (Ai != NULL) {
+ if ((ret->Ai = BN_dup(Ai)) == NULL)
+ goto err;
+ }
/* save a copy of mod in the BN_BLINDING structure */
- if ((ret->mod = BN_dup(mod)) == NULL) goto err;
+ if ((ret->mod = BN_dup(mod)) == NULL)
+ goto err;
if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
* that does not need updating before first use. */
ret->counter = -1;
CRYPTO_THREADID_current(&ret->tid);
- return(ret);
-err:
- if (ret != NULL) BN_BLINDING_free(ret);
- return(NULL);
- }
+ return (ret);
-void BN_BLINDING_free(BN_BLINDING *r)
- {
- if(r == NULL)
- return;
+err:
+ if (ret != NULL)
+ BN_BLINDING_free(ret);
+ return (NULL);
+}
- if (r->A != NULL) BN_clear_free(r->A );
- if (r->Ai != NULL) BN_clear_free(r->Ai);
- if (r->e != NULL) BN_clear_free(r->e );
- if (r->mod != NULL) BN_clear_free(r->mod);
+void
+BN_BLINDING_free(BN_BLINDING *r)
+{
+ if (r == NULL)
+ return;
+
+ if (r->A != NULL)
+ BN_clear_free(r->A );
+ if (r->Ai != NULL)
+ BN_clear_free(r->Ai);
+ if (r->e != NULL)
+ BN_clear_free(r->e );
+ if (r->mod != NULL)
+ BN_clear_free(r->mod);
free(r);
- }
+}
-int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
- {
- int ret=0;
+int
+BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
+{
+ int ret = 0;
- if ((b->A == NULL) || (b->Ai == NULL))
- {
- BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED);
+ if ((b->A == NULL) || (b->Ai == NULL)) {
+ BNerr(BN_F_BN_BLINDING_UPDATE, BN_R_NOT_INITIALIZED);
goto err;
- }
+ }
if (b->counter == -1)
b->counter = 0;
if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
- !(b->flags & BN_BLINDING_NO_RECREATE))
- {
+ !(b->flags & BN_BLINDING_NO_RECREATE)) {
/* re-create blinding parameters */
if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
goto err;
- }
- else if (!(b->flags & BN_BLINDING_NO_UPDATE))
- {
- if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err;
- if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err;
- }
+ } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) {
+ if (!BN_mod_mul(b->A, b->A, b->A, b->mod, ctx))
+ goto err;
+ if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx))
+ goto err;
+ }
+
+ ret = 1;
- ret=1;
err:
if (b->counter == BN_BLINDING_COUNTER)
b->counter = 0;
- return(ret);
- }
+ return (ret);
+}
-int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
- {
+int
+BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
+{
return BN_BLINDING_convert_ex(n, NULL, b, ctx);
- }
+}
-int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
- {
+int
+BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
+{
int ret = 1;
bn_check_top(n);
- if ((b->A == NULL) || (b->Ai == NULL))
- {
- BNerr(BN_F_BN_BLINDING_CONVERT_EX,BN_R_NOT_INITIALIZED);
- return(0);
- }
+ if ((b->A == NULL) || (b->Ai == NULL)) {
+ BNerr(BN_F_BN_BLINDING_CONVERT_EX, BN_R_NOT_INITIALIZED);
+ return (0);
+ }
if (b->counter == -1)
/* Fresh blinding, doesn't need updating. */
b->counter = 0;
- else if (!BN_BLINDING_update(b,ctx))
- return(0);
+ else if (!BN_BLINDING_update(b, ctx))
+ return (0);
- if (r != NULL)
- {
- if (!BN_copy(r, b->Ai)) ret=0;
- }
+ if (r != NULL) {
+ if (!BN_copy(r, b->Ai))
+ ret = 0;
+ }
+
+ if (!BN_mod_mul(n, n,b->A, b->mod, ctx))
+ ret = 0;
- if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0;
-
return ret;
- }
+}
-int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
- {
+int
+BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
+{
return BN_BLINDING_invert_ex(n, NULL, b, ctx);
- }
+}
-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
- {
+int
+BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
+{
int ret;
bn_check_top(n);
if (r != NULL)
ret = BN_mod_mul(n, n, r, b->mod, ctx);
- else
- {
- if (b->Ai == NULL)
- {
- BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
- return(0);
- }
- ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
+ else {
+ if (b->Ai == NULL) {
+ BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED);
+ return (0);
}
+ ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
+ }
bn_check_top(n);
- return(ret);
- }
+ return (ret);
+}
#ifndef OPENSSL_NO_DEPRECATED
-unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b)
- {
+unsigned long
+BN_BLINDING_get_thread_id(const BN_BLINDING *b)
+{
return b->thread_id;
- }
+}
-void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n)
- {
+void
+BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n)
+{
b->thread_id = n;
- }
+}
#endif
-CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b)
- {
+CRYPTO_THREADID *
+BN_BLINDING_thread_id(BN_BLINDING *b)
+{
return &b->tid;
- }
+}
-unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b)
- {
+unsigned long
+BN_BLINDING_get_flags(const BN_BLINDING *b)
+{
return b->flags;
- }
+}
-void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
- {
+void
+BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
+{
b->flags = flags;
- }
+}
-BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
- const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
- BN_MONT_CTX *m_ctx)
+BN_BLINDING *
+BN_BLINDING_create_param(BN_BLINDING *b, const BIGNUM *e, BIGNUM *m,
+ BN_CTX *ctx, int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), BN_MONT_CTX *m_ctx)
{
int retry_counter = 32;
BN_BLINDING *ret = NULL;
if (ret == NULL)
goto err;
- if (ret->A == NULL && (ret->A = BN_new()) == NULL)
+ if (ret->A == NULL && (ret->A = BN_new()) == NULL)
goto err;
- if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL)
+ if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL)
goto err;
- if (e != NULL)
- {
+ if (e != NULL) {
if (ret->e != NULL)
BN_free(ret->e);
ret->e = BN_dup(e);
- }
+ }
if (ret->e == NULL)
goto err;
ret->m_ctx = m_ctx;
do {
- if (!BN_rand_range(ret->A, ret->mod)) goto err;
- if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL)
- {
+ if (!BN_rand_range(ret->A, ret->mod))
+ goto err;
+ if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) {
/* this should almost never happen for good RSA keys */
unsigned long error = ERR_peek_last_error();
- if (ERR_GET_REASON(error) == BN_R_NO_INVERSE)
- {
- if (retry_counter-- == 0)
- {
+ if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+ if (retry_counter-- == 0) {
BNerr(BN_F_BN_BLINDING_CREATE_PARAM,
- BN_R_TOO_MANY_ITERATIONS);
+ BN_R_TOO_MANY_ITERATIONS);
goto err;
}
ERR_clear_error();
- }
- else
+ } else
goto err;
- }
- else
+ } else
break;
} while (1);
- if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL)
- {
- if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
+ if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) {
+ if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod,
+ ctx, ret->m_ctx))
goto err;
- }
- else
- {
+ } else {
if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
goto err;
- }
+ }
return ret;
+
err:
- if (b == NULL && ret != NULL)
- {
+ if (b == NULL && ret != NULL) {
BN_BLINDING_free(ret);
ret = NULL;
- }
+ }
return ret;
}
* RFC2412 specifies a generator of of 22.
*/
-BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
- {
- static const unsigned char RFC2409_PRIME_768[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn);
- }
+BIGNUM *
+get_rfc2409_prime_768(BIGNUM *bn)
+{
+ static const unsigned char RFC2409_PRIME_768[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x3A, 0x36, 0x20, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn);
+}
/* "Second Oakley Default Group" from RFC2409, section 6.2.
*
* RFC2412 specifies a generator of 22.
*/
-BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
- {
- static const unsigned char RFC2409_PRIME_1024[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn);
- }
+BIGNUM *
+get_rfc2409_prime_1024(BIGNUM *bn)
+{
+ static const unsigned char RFC2409_PRIME_1024[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn);
+}
/* "1536-bit MODP Group" from RFC3526, Section 2.
*
* RFC2312 specifies a generator of 22.
*/
-BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
- {
- static const unsigned char RFC3526_PRIME_1536[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
- 0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn);
- }
+BIGNUM *
+get_rfc3526_prime_1536(BIGNUM *bn)
+{
+ static const unsigned char RFC3526_PRIME_1536[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x23, 0x73, 0x27, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), bn);
+}
/* "2048-bit MODP Group" from RFC3526, Section 3.
*
* RFC3526 specifies a generator of 2.
*/
-BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
- {
- static const unsigned char RFC3526_PRIME_2048[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn);
- }
+BIGNUM *
+get_rfc3526_prime_2048(BIGNUM *bn)
+{
+ static const unsigned char RFC3526_PRIME_2048[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_2048, sizeof(RFC3526_PRIME_2048), bn);
+}
/* "3072-bit MODP Group" from RFC3526, Section 4.
*
* RFC3526 specifies a generator of 2.
*/
-BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
- {
- static const unsigned char RFC3526_PRIME_3072[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
- 0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn);
- }
+BIGNUM *
+get_rfc3526_prime_3072(BIGNUM *bn)
+{
+ static const unsigned char RFC3526_PRIME_3072[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+ 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_3072, sizeof(RFC3526_PRIME_3072), bn);
+}
/* "4096-bit MODP Group" from RFC3526, Section 5.
*
* RFC3526 specifies a generator of 2.
*/
-BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
- {
- static const unsigned char RFC3526_PRIME_4096[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
- 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
- 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
- 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
- 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
- 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
- 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
- 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
- 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn);
- }
+BIGNUM *
+get_rfc3526_prime_4096(BIGNUM *bn)
+{
+ static const unsigned char RFC3526_PRIME_4096[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
+ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
+ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
+ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
+ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
+ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_4096, sizeof(RFC3526_PRIME_4096), bn);
+}
/* "6144-bit MODP Group" from RFC3526, Section 6.
*
* RFC3526 specifies a generator of 2.
*/
-BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
- {
- static const unsigned char RFC3526_PRIME_6144[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
- 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
- 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
- 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
- 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
- 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
- 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
- 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
- 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
- 0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
- 0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
- 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
- 0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
- 0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
- 0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
- 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
- 0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
- 0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
- 0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
- 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
- 0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
- 0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
- 0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
- 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
- 0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
- 0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
- 0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
- 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
- 0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
- 0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
- 0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn);
- }
+BIGNUM *
+get_rfc3526_prime_6144(BIGNUM *bn)
+{
+ static const unsigned char RFC3526_PRIME_6144[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
+ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
+ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
+ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
+ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
+ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
+ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2,
+ 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
+ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F,
+ 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
+ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB,
+ 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
+ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51,
+ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
+ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15,
+ 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
+ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31,
+ 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
+ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7,
+ 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
+ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2,
+ 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
+ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D,
+ 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
+ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7,
+ 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
+ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E,
+ 0x6D, 0xCC, 0x40, 0x24, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_6144, sizeof(RFC3526_PRIME_6144), bn);
+}
/* "8192-bit MODP Group" from RFC3526, Section 7.
*
* RFC3526 specifies a generator of 2.
*/
-BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn)
- {
- static const unsigned char RFC3526_PRIME_8192[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
- 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
- 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
- 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
- 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
- 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
- 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
- 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
- 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
- 0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
- 0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
- 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
- 0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
- 0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
- 0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
- 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
- 0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
- 0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
- 0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
- 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
- 0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
- 0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
- 0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
- 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
- 0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
- 0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
- 0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
- 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
- 0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
- 0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
- 0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
- 0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,
- 0x73,0xB9,0x31,0xBA,0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,
- 0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,0x25,0x76,0xF6,0x93,
- 0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
- 0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,
- 0xE3,0x9D,0x65,0x2D,0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,
- 0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,0x13,0xEB,0x57,0xA8,
- 0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
- 0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,
- 0xA2,0xC0,0x87,0xE8,0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,
- 0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,0x6D,0x2A,0x13,0xF8,
- 0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
- 0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,
- 0x08,0x46,0x85,0x1D,0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,
- 0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,0xFA,0xF3,0x6B,0xC3,
- 0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
- 0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,
- 0xD5,0xEE,0x38,0x2B,0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,
- 0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,0x9E,0x30,0x50,0xE2,
- 0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
- 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_8192,sizeof(RFC3526_PRIME_8192),bn);
- }
-
+BIGNUM *
+get_rfc3526_prime_8192(BIGNUM *bn)
+{
+ static const unsigned char RFC3526_PRIME_8192[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
+ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
+ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
+ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
+ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
+ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
+ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2,
+ 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
+ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F,
+ 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
+ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB,
+ 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
+ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51,
+ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
+ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15,
+ 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
+ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31,
+ 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
+ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7,
+ 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
+ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2,
+ 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
+ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D,
+ 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
+ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7,
+ 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
+ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E,
+ 0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4,
+ 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, 0xBE, 0xC4, 0xD0,
+ 0x73, 0xB9, 0x31, 0xBA, 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00,
+ 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED, 0x25, 0x76, 0xF6, 0x93,
+ 0x6B, 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68,
+ 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, 0x16, 0xCB,
+ 0xE3, 0x9D, 0x65, 0x2D, 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9,
+ 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07, 0x13, 0xEB, 0x57, 0xA8,
+ 0x1A, 0x23, 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B,
+ 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, 0x7F,
+ 0xA2, 0xC0, 0x87, 0xE8, 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A,
+ 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, 0x6D, 0x2A, 0x13, 0xF8,
+ 0x3F, 0x44, 0xF8, 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36,
+ 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5,
+ 0x08, 0x46, 0x85, 0x1D, 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1,
+ 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, 0xFA, 0xF3, 0x6B, 0xC3,
+ 0x1E, 0xCF, 0xA2, 0x68, 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92,
+ 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E,
+ 0xD5, 0xEE, 0x38, 0x2B, 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47,
+ 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA, 0x9E, 0x30, 0x50, 0xE2,
+ 0x76, 0x56, 0x94, 0xDF, 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71,
+ 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn);
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
/***********/
/* A bundle of bignums that can be linked with other bundles */
-typedef struct bignum_pool_item
- {
+typedef struct bignum_pool_item {
/* The bignum values */
BIGNUM vals[BN_CTX_POOL_SIZE];
/* Linked-list admin */
struct bignum_pool_item *prev, *next;
- } BN_POOL_ITEM;
+} BN_POOL_ITEM;
+
/* A linked-list of bignums grouped in bundles */
-typedef struct bignum_pool
- {
+typedef struct bignum_pool {
/* Linked-list admin */
BN_POOL_ITEM *head, *current, *tail;
/* Stack depth and allocation size */
unsigned used, size;
- } BN_POOL;
+} BN_POOL;
+
static void BN_POOL_init(BN_POOL *);
static void BN_POOL_finish(BN_POOL *);
#ifndef OPENSSL_NO_DEPRECATED
/************/
/* A wrapper to manage the "stack frames" */
-typedef struct bignum_ctx_stack
- {
+typedef struct bignum_ctx_stack {
/* Array of indexes into the bignum stack */
unsigned int *indexes;
/* Number of stack frames, and the size of the allocated array */
unsigned int depth, size;
- } BN_STACK;
+} BN_STACK;
+
static void BN_STACK_init(BN_STACK *);
static void BN_STACK_finish(BN_STACK *);
#ifndef OPENSSL_NO_DEPRECATED
/**********/
/* The opaque BN_CTX type */
-struct bignum_ctx
- {
+struct bignum_ctx {
/* The bignum bundles */
BN_POOL pool;
/* The "stack frames", if you will */
int err_stack;
/* Block "gets" until an "end" (compatibility behaviour) */
int too_many;
- };
+};
/* Enable this to find BN_CTX bugs */
#ifdef BN_CTX_DEBUG
static const char *ctxdbg_cur = NULL;
-static void ctxdbg(BN_CTX *ctx)
- {
+
+static void
+ctxdbg(BN_CTX *ctx)
+{
unsigned int bnidx = 0, fpidx = 0;
BN_POOL_ITEM *item = ctx->pool.head;
BN_STACK *stack = &ctx->stack;
- fprintf(stderr,"(%08x): ", (unsigned int)ctx);
- while(bnidx < ctx->used)
- {
- fprintf(stderr,"%03x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
- if(!(bnidx % BN_CTX_POOL_SIZE))
+
+ fprintf(stderr, "(%08x): ", (unsigned int)ctx);
+ while (bnidx < ctx->used) {
+ fprintf(stderr, "%03x ",
+ item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
+ if (!(bnidx % BN_CTX_POOL_SIZE))
item = item->next;
- }
- fprintf(stderr,"\n");
+ }
+ fprintf(stderr, "\n");
bnidx = 0;
- fprintf(stderr," : ");
- while(fpidx < stack->depth)
- {
- while(bnidx++ < stack->indexes[fpidx])
- fprintf(stderr," ");
- fprintf(stderr,"^^^ ");
+ fprintf(stderr, " : ");
+ while (fpidx < stack->depth) {
+ while (bnidx++ < stack->indexes[fpidx])
+ fprintf(stderr, " ");
+ fprintf(stderr, "^^^ ");
bnidx++;
fpidx++;
- }
- fprintf(stderr,"\n");
}
+ fprintf(stderr, "\n");
+}
#define CTXDBG_ENTRY(str, ctx) do { \
ctxdbg_cur = (str); \
fprintf(stderr,"Starting %s\n", ctxdbg_cur); \
/* This function is an evil legacy and should not be used. This implementation
* is WYSIWYG, though I've done my best. */
#ifndef OPENSSL_NO_DEPRECATED
-void BN_CTX_init(BN_CTX *ctx)
- {
+void
+BN_CTX_init(BN_CTX *ctx)
+{
/* Assume the caller obtained the context via BN_CTX_new() and so is
* trying to reset it for use. Nothing else makes sense, least of all
* binary compatibility from a time when they could declare a static
ctx->used = 0;
ctx->err_stack = 0;
ctx->too_many = 0;
- }
+}
#endif
-BN_CTX *BN_CTX_new(void)
- {
+BN_CTX *
+BN_CTX_new(void)
+{
BN_CTX *ret = malloc(sizeof(BN_CTX));
- if(!ret)
- {
- BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
+ if (!ret) {
+ BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
- }
+ }
+
/* Initialise the structure */
BN_POOL_init(&ret->pool);
BN_STACK_init(&ret->stack);
ret->err_stack = 0;
ret->too_many = 0;
return ret;
- }
+}
-void BN_CTX_free(BN_CTX *ctx)
- {
+void
+BN_CTX_free(BN_CTX *ctx)
+{
if (ctx == NULL)
return;
#ifdef BN_CTX_DEBUG
{
- BN_POOL_ITEM *pool = ctx->pool.head;
- fprintf(stderr,"BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
- ctx->stack.size, ctx->pool.size);
- fprintf(stderr,"dmaxs: ");
- while(pool) {
- unsigned loop = 0;
- while(loop < BN_CTX_POOL_SIZE)
- fprintf(stderr,"%02x ", pool->vals[loop++].dmax);
- pool = pool->next;
- }
- fprintf(stderr,"\n");
+ BN_POOL_ITEM *pool = ctx->pool.head;
+ fprintf(stderr, "BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
+ ctx->stack.size, ctx->pool.size);
+ fprintf(stderr, "dmaxs: ");
+ while (pool) {
+ unsigned loop = 0;
+ while (loop < BN_CTX_POOL_SIZE)
+ fprintf(stderr, "%02x ",
+ pool->vals[loop++].dmax);
+ pool = pool->next;
+ }
+ fprintf(stderr, "\n");
}
#endif
BN_STACK_finish(&ctx->stack);
BN_POOL_finish(&ctx->pool);
free(ctx);
- }
+}
-void BN_CTX_start(BN_CTX *ctx)
- {
+void
+BN_CTX_start(BN_CTX *ctx)
+{
CTXDBG_ENTRY("BN_CTX_start", ctx);
+
/* If we're already overflowing ... */
- if(ctx->err_stack || ctx->too_many)
+ if (ctx->err_stack || ctx->too_many)
ctx->err_stack++;
/* (Try to) get a new frame pointer */
- else if(!BN_STACK_push(&ctx->stack, ctx->used))
- {
- BNerr(BN_F_BN_CTX_START,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+ else if (!BN_STACK_push(&ctx->stack, ctx->used)) {
+ BNerr(BN_F_BN_CTX_START, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
ctx->err_stack++;
- }
- CTXDBG_EXIT(ctx);
}
+ CTXDBG_EXIT(ctx);
+}
-void BN_CTX_end(BN_CTX *ctx)
- {
+void
+BN_CTX_end(BN_CTX *ctx)
+{
CTXDBG_ENTRY("BN_CTX_end", ctx);
- if(ctx->err_stack)
+
+ if (ctx->err_stack)
ctx->err_stack--;
- else
- {
+ else {
unsigned int fp = BN_STACK_pop(&ctx->stack);
/* Does this stack frame have anything to release? */
- if(fp < ctx->used)
+ if (fp < ctx->used)
BN_POOL_release(&ctx->pool, ctx->used - fp);
ctx->used = fp;
/* Unjam "too_many" in case "get" had failed */
ctx->too_many = 0;
- }
- CTXDBG_EXIT(ctx);
}
+ CTXDBG_EXIT(ctx);
+}
-BIGNUM *BN_CTX_get(BN_CTX *ctx)
- {
+BIGNUM *
+BN_CTX_get(BN_CTX *ctx)
+{
BIGNUM *ret;
+
CTXDBG_ENTRY("BN_CTX_get", ctx);
- if(ctx->err_stack || ctx->too_many) return NULL;
- if((ret = BN_POOL_get(&ctx->pool)) == NULL)
- {
+
+ if (ctx->err_stack || ctx->too_many)
+ return NULL;
+ if ((ret = BN_POOL_get(&ctx->pool)) == NULL) {
/* Setting too_many prevents repeated "get" attempts from
* cluttering the error stack. */
ctx->too_many = 1;
- BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+ BNerr(BN_F_BN_CTX_GET, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
return NULL;
- }
+ }
/* OK, make sure the returned bignum is "zero" */
BN_zero(ret);
ctx->used++;
CTXDBG_RET(ctx, ret);
return ret;
- }
+}
/************/
/* BN_STACK */
/************/
-static void BN_STACK_init(BN_STACK *st)
- {
+static void
+BN_STACK_init(BN_STACK *st)
+{
st->indexes = NULL;
st->depth = st->size = 0;
- }
+}
-static void BN_STACK_finish(BN_STACK *st)
- {
- if(st->size) free(st->indexes);
- }
+static void
+BN_STACK_finish(BN_STACK *st)
+{
+ if (st->size)
+ free(st->indexes);
+}
#ifndef OPENSSL_NO_DEPRECATED
-static void BN_STACK_reset(BN_STACK *st)
- {
+static void
+BN_STACK_reset(BN_STACK *st)
+{
st->depth = 0;
- }
+}
#endif
-static int BN_STACK_push(BN_STACK *st, unsigned int idx)
- {
- if(st->depth == st->size)
+static int
+BN_STACK_push(BN_STACK *st, unsigned int idx)
+{
+ if (st->depth == st->size)
/* Need to expand */
- {
+ {
unsigned int newsize = (st->size ?
- (st->size * 3 / 2) : BN_CTX_START_FRAMES);
+ (st->size * 3 / 2) : BN_CTX_START_FRAMES);
unsigned int *newitems = malloc(newsize *
- sizeof(unsigned int));
- if(!newitems) return 0;
- if(st->depth)
+ sizeof(unsigned int));
+ if (!newitems)
+ return 0;
+ if (st->depth)
memcpy(newitems, st->indexes, st->depth *
- sizeof(unsigned int));
- if(st->size) free(st->indexes);
+ sizeof(unsigned int));
+ if (st->size)
+ free(st->indexes);
st->indexes = newitems;
st->size = newsize;
- }
+ }
st->indexes[(st->depth)++] = idx;
return 1;
- }
+}
-static unsigned int BN_STACK_pop(BN_STACK *st)
- {
+static unsigned int
+BN_STACK_pop(BN_STACK *st)
+{
return st->indexes[--(st->depth)];
- }
+}
/***********/
/* BN_POOL */
/***********/
-static void BN_POOL_init(BN_POOL *p)
- {
+static void
+BN_POOL_init(BN_POOL *p)
+{
p->head = p->current = p->tail = NULL;
p->used = p->size = 0;
- }
+}
-static void BN_POOL_finish(BN_POOL *p)
- {
- while(p->head)
- {
+static void
+BN_POOL_finish(BN_POOL *p)
+{
+ while (p->head) {
unsigned int loop = 0;
BIGNUM *bn = p->head->vals;
- while(loop++ < BN_CTX_POOL_SIZE)
- {
- if(bn->d) BN_clear_free(bn);
+ while (loop++ < BN_CTX_POOL_SIZE) {
+ if (bn->d)
+ BN_clear_free(bn);
bn++;
- }
+ }
p->current = p->head->next;
free(p->head);
p->head = p->current;
- }
}
+}
#ifndef OPENSSL_NO_DEPRECATED
-static void BN_POOL_reset(BN_POOL *p)
- {
+static void
+BN_POOL_reset(BN_POOL *p)
+{
BN_POOL_ITEM *item = p->head;
- while(item)
- {
+ while (item) {
unsigned int loop = 0;
BIGNUM *bn = item->vals;
- while(loop++ < BN_CTX_POOL_SIZE)
- {
- if(bn->d) BN_clear(bn);
+ while (loop++ < BN_CTX_POOL_SIZE) {
+ if (bn->d)
+ BN_clear(bn);
bn++;
- }
- item = item->next;
}
+ item = item->next;
+ }
p->current = p->head;
p->used = 0;
- }
+}
#endif
-static BIGNUM *BN_POOL_get(BN_POOL *p)
- {
- if(p->used == p->size)
- {
+static BIGNUM *
+BN_POOL_get(BN_POOL *p)
+{
+ if (p->used == p->size) {
BIGNUM *bn;
unsigned int loop = 0;
BN_POOL_ITEM *item = malloc(sizeof(BN_POOL_ITEM));
- if(!item) return NULL;
+ if (!item)
+ return NULL;
/* Initialise the structure */
bn = item->vals;
- while(loop++ < BN_CTX_POOL_SIZE)
+ while (loop++ < BN_CTX_POOL_SIZE)
BN_init(bn++);
item->prev = p->tail;
item->next = NULL;
/* Link it in */
- if(!p->head)
+ if (!p->head)
p->head = p->current = p->tail = item;
- else
- {
+ else {
p->tail->next = item;
p->tail = item;
p->current = item;
- }
+ }
p->size += BN_CTX_POOL_SIZE;
p->used++;
/* Return the first bignum from the new pool */
return item->vals;
- }
- if(!p->used)
+ }
+ if (!p->used)
p->current = p->head;
- else if((p->used % BN_CTX_POOL_SIZE) == 0)
+ else if ((p->used % BN_CTX_POOL_SIZE) == 0)
p->current = p->current->next;
return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
- }
+}
-static void BN_POOL_release(BN_POOL *p, unsigned int num)
- {
+static void
+BN_POOL_release(BN_POOL *p, unsigned int num)
+{
unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;
+
p->used -= num;
- while(num--)
- {
+ while (num--) {
bn_check_top(p->current->vals + offset);
- if(!offset)
- {
+ if (!offset) {
offset = BN_CTX_POOL_SIZE - 1;
p->current = p->current->prev;
- }
- else
+ } else
offset--;
- }
}
-
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#include "bn_lcl.h"
#include <openssl/rand.h>
-static void *dummy=&dummy;
+static void *dummy = &dummy;
#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
- const BIGNUM *add, const BIGNUM *rem,
- void (*callback)(int,int,void *), void *cb_arg)
- {
+BIGNUM *
+BN_generate_prime(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+ const BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg)
+{
BN_GENCB cb;
- BIGNUM *rnd=NULL;
+ BIGNUM *rnd = NULL;
int found = 0;
BN_GENCB_set_old(&cb, callback, cb_arg);
- if (ret == NULL)
- {
- if ((rnd=BN_new()) == NULL) goto err;
- }
- else
- rnd=ret;
- if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
+ if (ret == NULL) {
+ if ((rnd = BN_new()) == NULL)
+ goto err;
+ } else
+ rnd = ret;
+ if (!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
goto err;
/* we have a prime :-) */
found = 1;
+
err:
- if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd);
- return(found ? rnd : NULL);
- }
+ if (!found && (ret == NULL) && (rnd != NULL))
+ BN_free(rnd);
+ return (found ? rnd : NULL);
+}
-int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *),
- BN_CTX *ctx_passed, void *cb_arg)
- {
+int
+BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int, void *),
+ BN_CTX *ctx_passed, void *cb_arg)
+{
BN_GENCB cb;
+
BN_GENCB_set_old(&cb, callback, cb_arg);
return BN_is_prime_ex(a, checks, ctx_passed, &cb);
- }
+}
-int BN_is_prime_fasttest(const BIGNUM *a, int checks,
- void (*callback)(int,int,void *),
- BN_CTX *ctx_passed, void *cb_arg,
- int do_trial_division)
- {
+int
+BN_is_prime_fasttest(const BIGNUM *a, int checks,
+ void (*callback)(int, int, void *), BN_CTX *ctx_passed, void *cb_arg,
+ int do_trial_division)
+{
BN_GENCB cb;
+
BN_GENCB_set_old(&cb, callback, cb_arg);
return BN_is_prime_fasttest_ex(a, checks, ctx_passed,
- do_trial_division, &cb);
- }
+ do_trial_division, &cb);
+}
#endif
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* rm->neg == num->neg (unless the remainder is zero)
* If 'dv' or 'rm' is NULL, the respective value is not returned.
*/
-int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
- BN_CTX *ctx)
- {
- int norm_shift,i,loop;
- BIGNUM *tmp,wnum,*snum,*sdiv,*res;
- BN_ULONG *resp,*wnump;
- BN_ULONG d0,d1;
- int num_n,div_n;
- int no_branch=0;
+int
+BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+ BN_CTX *ctx)
+{
+ int norm_shift, i, loop;
+ BIGNUM *tmp, wnum, *snum, *sdiv, *res;
+ BN_ULONG *resp, *wnump;
+ BN_ULONG d0, d1;
+ int num_n, div_n;
+ int no_branch = 0;
/* Invalid zero-padding would have particularly bad consequences
* in the case of 'num', so don't just rely on bn_check_top() for this one
* (bn_check_top() works only for BN_DEBUG builds) */
- if (num->top > 0 && num->d[num->top - 1] == 0)
- {
- BNerr(BN_F_BN_DIV,BN_R_NOT_INITIALIZED);
+ if (num->top > 0 && num->d[num->top - 1] == 0) {
+ BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED);
return 0;
- }
+ }
bn_check_top(num);
- if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0))
- {
- no_branch=1;
- }
+ if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) ||
+ (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) {
+ no_branch = 1;
+ }
bn_check_top(dv);
bn_check_top(rm);
/* bn_check_top(num); */ /* 'num' has been checked already */
bn_check_top(divisor);
- if (BN_is_zero(divisor))
- {
- BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
- return(0);
- }
+ if (BN_is_zero(divisor)) {
+ BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
+ return (0);
+ }
- if (!no_branch && BN_ucmp(num,divisor) < 0)
- {
- if (rm != NULL)
- { if (BN_copy(rm,num) == NULL) return(0); }
- if (dv != NULL) BN_zero(dv);
- return(1);
+ if (!no_branch && BN_ucmp(num, divisor) < 0) {
+ if (rm != NULL) {
+ if (BN_copy(rm, num) == NULL)
+ return (0);
}
+ if (dv != NULL)
+ BN_zero(dv);
+ return (1);
+ }
BN_CTX_start(ctx);
- tmp=BN_CTX_get(ctx);
- snum=BN_CTX_get(ctx);
- sdiv=BN_CTX_get(ctx);
+ tmp = BN_CTX_get(ctx);
+ snum = BN_CTX_get(ctx);
+ sdiv = BN_CTX_get(ctx);
if (dv == NULL)
- res=BN_CTX_get(ctx);
- else res=dv;
+ res = BN_CTX_get(ctx);
+ else
+ res = dv;
if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL)
goto err;
/* First we normalise the numbers */
- norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
- if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
- sdiv->neg=0;
- norm_shift+=BN_BITS2;
- if (!(BN_lshift(snum,num,norm_shift))) goto err;
- snum->neg=0;
+ norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2);
+ if (!(BN_lshift(sdiv, divisor, norm_shift)))
+ goto err;
+ sdiv->neg = 0;
+ norm_shift += BN_BITS2;
+ if (!(BN_lshift(snum, num, norm_shift)))
+ goto err;
+ snum->neg = 0;
- if (no_branch)
- {
+ if (no_branch) {
/* Since we don't know whether snum is larger than sdiv,
* we pad snum with enough zeroes without changing its
- * value.
+ * value.
*/
- if (snum->top <= sdiv->top+1)
- {
- if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err;
- for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0;
+ if (snum->top <= sdiv->top + 1) {
+ if (bn_wexpand(snum, sdiv->top + 2) == NULL)
+ goto err;
+ for (i = snum->top; i < sdiv->top + 2; i++)
+ snum->d[i] = 0;
snum->top = sdiv->top + 2;
- }
- else
- {
- if (bn_wexpand(snum, snum->top + 1) == NULL) goto err;
+ } else {
+ if (bn_wexpand(snum, snum->top + 1) == NULL)
+ goto err;
snum->d[snum->top] = 0;
snum->top ++;
- }
}
+ }
- div_n=sdiv->top;
- num_n=snum->top;
- loop=num_n-div_n;
+ div_n = sdiv->top;
+ num_n = snum->top;
+ loop = num_n - div_n;
/* Lets setup a 'window' into snum
* This is the part that corresponds to the current
* 'area' being divided */
- wnum.neg = 0;
- wnum.d = &(snum->d[loop]);
- wnum.top = div_n;
+ wnum.neg = 0;
+ wnum.d = &(snum->d[loop]);
+ wnum.top = div_n;
/* only needed when BN_ucmp messes up the values between top and max */
wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */
/* Get the top 2 words of sdiv */
/* div_n=sdiv->top; */
- d0=sdiv->d[div_n-1];
- d1=(div_n == 1)?0:sdiv->d[div_n-2];
+ d0 = sdiv->d[div_n - 1];
+ d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2];
/* pointer to the 'top' of snum */
- wnump= &(snum->d[num_n-1]);
+ wnump = &(snum->d[num_n - 1]);
/* Setup to 'res' */
- res->neg= (num->neg^divisor->neg);
- if (!bn_wexpand(res,(loop+1))) goto err;
- res->top=loop-no_branch;
- resp= &(res->d[loop-1]);
+ res->neg = (num->neg ^ divisor->neg);
+ if (!bn_wexpand(res, (loop + 1)))
+ goto err;
+ res->top = loop - no_branch;
+ resp = &(res->d[loop - 1]);
/* space for temp */
- if (!bn_wexpand(tmp,(div_n+1))) goto err;
+ if (!bn_wexpand(tmp, (div_n + 1)))
+ goto err;
- if (!no_branch)
- {
- if (BN_ucmp(&wnum,sdiv) >= 0)
- {
+ if (!no_branch) {
+ if (BN_ucmp(&wnum, sdiv) >= 0) {
/* If BN_DEBUG_RAND is defined BN_ucmp changes (via
* bn_pollute) the const bignum arguments =>
* clean the values between top and max again */
bn_clear_top2max(&wnum);
bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n);
- *resp=1;
- }
- else
+ *resp = 1;
+ } else
res->top--;
- }
+ }
/* if res->top == 0 then clear the neg value otherwise decrease
* the resp pointer */
else
resp--;
- for (i=0; i<loop-1; i++, wnump--, resp--)
- {
- BN_ULONG q,l0;
+ for (i = 0; i < loop - 1; i++, wnump--, resp--) {
+ BN_ULONG q, l0;
/* the first part of the loop uses the top two words of
* snum and sdiv to calculate a BN_ULONG q such that
* | wnum - sdiv * q | < sdiv */
#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
- BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
- q=bn_div_3_words(wnump,d1,d0);
+ BN_ULONG bn_div_3_words(BN_ULONG*, BN_ULONG, BN_ULONG);
+ q = bn_div_3_words(wnump, d1, d0);
#else
- BN_ULONG n0,n1,rem=0;
+ BN_ULONG n0, n1, rem = 0;
- n0=wnump[0];
- n1=wnump[-1];
+ n0 = wnump[0];
+ n1 = wnump[-1];
if (n0 == d0)
- q=BN_MASK2;
+ q = BN_MASK2;
else /* n0 < d0 */
- {
+ {
#ifdef BN_LLONG
BN_ULLONG t2;
#if defined(BN_DIV2W) && !defined(bn_div_words)
- q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
+ q = (BN_ULONG)(((((BN_ULLONG)n0) << BN_BITS2)|n1)/d0);
#else
- q=bn_div_words(n0,n1,d0);
+ q = bn_div_words(n0, n1, d0);
#endif
#ifndef REMAINDER_IS_ALREADY_CALCULATED
* rem doesn't have to be BN_ULLONG. The least we
* know it's less that d0, isn't it?
*/
- rem=(n1-q*d0)&BN_MASK2;
+ rem = (n1 - q * d0) & BN_MASK2;
#endif
- t2=(BN_ULLONG)d1*q;
+ t2 = (BN_ULLONG)d1*q;
- for (;;)
- {
- if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
+ for (;;) {
+ if (t2 <= ((((BN_ULLONG)rem) << BN_BITS2) |
+ wnump[-2]))
break;
q--;
rem += d0;
if (rem < d0) break; /* don't let rem overflow */
- t2 -= d1;
- }
+ t2 -= d1;
+ }
#else /* !BN_LLONG */
- BN_ULONG t2l,t2h;
+ BN_ULONG t2l, t2h;
- q=bn_div_words(n0,n1,d0);
+ q = bn_div_words(n0, n1, d0);
#ifndef REMAINDER_IS_ALREADY_CALCULATED
- rem=(n1-q*d0)&BN_MASK2;
+ rem = (n1 - q*d0)&BN_MASK2;
#endif
#if defined(BN_UMULT_LOHI)
- BN_UMULT_LOHI(t2l,t2h,d1,q);
+ BN_UMULT_LOHI(t2l, t2h, d1, q);
#elif defined(BN_UMULT_HIGH)
t2l = d1 * q;
- t2h = BN_UMULT_HIGH(d1,q);
+ t2h = BN_UMULT_HIGH(d1, q);
#else
{
- BN_ULONG ql, qh;
- t2l=LBITS(d1); t2h=HBITS(d1);
- ql =LBITS(q); qh =HBITS(q);
- mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
+ BN_ULONG ql, qh;
+ t2l = LBITS(d1);
+ t2h = HBITS(d1);
+ ql = LBITS(q);
+ qh = HBITS(q);
+ mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */
}
#endif
- for (;;)
- {
+ for (;;) {
if ((t2h < rem) ||
- ((t2h == rem) && (t2l <= wnump[-2])))
+ ((t2h == rem) && (t2l <= wnump[-2])))
break;
q--;
rem += d0;
- if (rem < d0) break; /* don't let rem overflow */
- if (t2l < d1) t2h--; t2l -= d1;
- }
-#endif /* !BN_LLONG */
+ if (rem < d0)
+ break; /* don't let rem overflow */
+ if (t2l < d1)
+ t2h--;
+ t2l -= d1;
}
+#endif /* !BN_LLONG */
+ }
#endif /* !BN_DIV3W */
- l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
- tmp->d[div_n]=l0;
+ l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q);
+ tmp->d[div_n] = l0;
wnum.d--;
- /* ingore top values of the bignums just sub the two
+ /* ingore top values of the bignums just sub the two
* BN_ULONG arrays with bn_sub_words */
- if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1))
- {
+ if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) {
/* Note: As we have considered only the leading
* two BN_ULONGs in the calculation of q, sdiv * q
* might be greater than wnum (but then (q-1) * sdiv
* that q != 0, but if q == 0 then tmp is
* zero anyway) */
(*wnump)++;
- }
+ }
/* store part of the result */
*resp = q;
- }
+ }
bn_correct_top(snum);
- if (rm != NULL)
- {
+ if (rm != NULL) {
/* Keep a copy of the neg flag in num because if rm==num
* BN_rshift() will overwrite it.
*/
int neg = num->neg;
- BN_rshift(rm,snum,norm_shift);
+ BN_rshift(rm, snum, norm_shift);
if (!BN_is_zero(rm))
rm->neg = neg;
bn_check_top(rm);
- }
- if (no_branch) bn_correct_top(res);
+ }
+ if (no_branch)
+ bn_correct_top(res);
BN_CTX_end(ctx);
- return(1);
+ return (1);
+
err:
bn_check_top(rm);
BN_CTX_end(ctx);
- return(0);
- }
+ return (0);
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
-static ERR_STRING_DATA BN_str_functs[]=
- {
-{ERR_FUNC(BN_F_BNRAND), "BNRAND"},
-{ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"},
-{ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"},
-{ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"},
-{ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"},
-{ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"},
-{ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"},
-{ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"},
-{ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"},
-{ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
-{ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"},
-{ERR_FUNC(BN_F_BN_DIV), "BN_div"},
-{ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"},
-{ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"},
-{ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
-{ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"},
-{ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
-{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"},
-{ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
-{ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"},
-{ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
-{ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"},
-{ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
-{ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
-{ERR_FUNC(BN_F_BN_NEW), "BN_new"},
-{ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
-{ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
-{ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
-{0,NULL}
- };
+static ERR_STRING_DATA BN_str_functs[]= {
+ {ERR_FUNC(BN_F_BNRAND), "BNRAND"},
+ {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"},
+ {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"},
+ {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"},
+ {ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"},
+ {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"},
+ {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"},
+ {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"},
+ {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"},
+ {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
+ {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"},
+ {ERR_FUNC(BN_F_BN_DIV), "BN_div"},
+ {ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"},
+ {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"},
+ {ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
+ {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"},
+ {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
+ {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
+ {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
+ {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
+ {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"},
+ {ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"},
+ {ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"},
+ {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
+ {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"},
+ {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
+ {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"},
+ {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
+ {ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
+ {ERR_FUNC(BN_F_BN_NEW), "BN_new"},
+ {ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
+ {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
+ {ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
+ {0, NULL}
+};
-static ERR_STRING_DATA BN_str_reasons[]=
- {
-{ERR_REASON(BN_R_ARG2_LT_ARG3) ,"arg2 lt arg3"},
-{ERR_REASON(BN_R_BAD_RECIPROCAL) ,"bad reciprocal"},
-{ERR_REASON(BN_R_BIGNUM_TOO_LONG) ,"bignum too long"},
-{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS),"called with even modulus"},
-{ERR_REASON(BN_R_DIV_BY_ZERO) ,"div by zero"},
-{ERR_REASON(BN_R_ENCODING_ERROR) ,"encoding error"},
-{ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),"expand on static bignum data"},
-{ERR_REASON(BN_R_INPUT_NOT_REDUCED) ,"input not reduced"},
-{ERR_REASON(BN_R_INVALID_LENGTH) ,"invalid length"},
-{ERR_REASON(BN_R_INVALID_RANGE) ,"invalid range"},
-{ERR_REASON(BN_R_NOT_A_SQUARE) ,"not a square"},
-{ERR_REASON(BN_R_NOT_INITIALIZED) ,"not initialized"},
-{ERR_REASON(BN_R_NO_INVERSE) ,"no inverse"},
-{ERR_REASON(BN_R_NO_SOLUTION) ,"no solution"},
-{ERR_REASON(BN_R_P_IS_NOT_PRIME) ,"p is not prime"},
-{ERR_REASON(BN_R_TOO_MANY_ITERATIONS) ,"too many iterations"},
-{ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"},
-{0,NULL}
- };
+static ERR_STRING_DATA BN_str_reasons[]= {
+ {ERR_REASON(BN_R_ARG2_LT_ARG3) , "arg2 lt arg3"},
+ {ERR_REASON(BN_R_BAD_RECIPROCAL) , "bad reciprocal"},
+ {ERR_REASON(BN_R_BIGNUM_TOO_LONG) , "bignum too long"},
+ {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"},
+ {ERR_REASON(BN_R_DIV_BY_ZERO) , "div by zero"},
+ {ERR_REASON(BN_R_ENCODING_ERROR) , "encoding error"},
+ {ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA), "expand on static bignum data"},
+ {ERR_REASON(BN_R_INPUT_NOT_REDUCED) , "input not reduced"},
+ {ERR_REASON(BN_R_INVALID_LENGTH) , "invalid length"},
+ {ERR_REASON(BN_R_INVALID_RANGE) , "invalid range"},
+ {ERR_REASON(BN_R_NOT_A_SQUARE) , "not a square"},
+ {ERR_REASON(BN_R_NOT_INITIALIZED) , "not initialized"},
+ {ERR_REASON(BN_R_NO_INVERSE) , "no inverse"},
+ {ERR_REASON(BN_R_NO_SOLUTION) , "no solution"},
+ {ERR_REASON(BN_R_P_IS_NOT_PRIME) , "p is not prime"},
+ {ERR_REASON(BN_R_TOO_MANY_ITERATIONS) , "too many iterations"},
+ {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES), "too many temporary variables"},
+ {0, NULL}
+};
#endif
-void ERR_load_BN_strings(void)
- {
+void
+ERR_load_BN_strings(void)
+{
#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(BN_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,BN_str_functs);
- ERR_load_strings(0,BN_str_reasons);
- }
-#endif
+ if (ERR_func_error_string(BN_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, BN_str_functs);
+ ERR_load_strings(0, BN_str_reasons);
}
+#endif
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#define TABLE_SIZE 32
/* this one works - simple but works */
-int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
- {
- int i,bits,ret=0;
- BIGNUM *v,*rr;
+int
+BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+ int i, bits, ret = 0;
+ BIGNUM *v, *rr;
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
- {
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
- BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;
- }
+ }
BN_CTX_start(ctx);
if ((r == a) || (r == p))
else
rr = r;
v = BN_CTX_get(ctx);
- if (rr == NULL || v == NULL) goto err;
+ if (rr == NULL || v == NULL)
+ goto err;
- if (BN_copy(v,a) == NULL) goto err;
- bits=BN_num_bits(p);
+ if (BN_copy(v, a) == NULL)
+ goto err;
+ bits = BN_num_bits(p);
- if (BN_is_odd(p))
- { if (BN_copy(rr,a) == NULL) goto err; }
- else { if (!BN_one(rr)) goto err; }
+ if (BN_is_odd(p)) {
+ if (BN_copy(rr, a) == NULL)
+ goto err;
+ } else {
+ if (!BN_one(rr))
+ goto err;
+ }
- for (i=1; i<bits; i++)
- {
- if (!BN_sqr(v,v,ctx)) goto err;
- if (BN_is_bit_set(p,i))
- {
- if (!BN_mul(rr,rr,v,ctx)) goto err;
- }
+ for (i = 1; i < bits; i++) {
+ if (!BN_sqr(v, v, ctx))
+ goto err;
+ if (BN_is_bit_set(p, i)) {
+ if (!BN_mul(rr, rr, v, ctx))
+ goto err;
}
- ret=1;
+ }
+ ret = 1;
+
err:
- if (r != rr) BN_copy(r,rr);
+ if (r != rr)
+ BN_copy(r, rr);
BN_CTX_end(ctx);
bn_check_top(r);
- return(ret);
- }
+ return (ret);
+}
-
-int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
- BN_CTX *ctx)
- {
+int
+BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx)
+{
int ret;
bn_check_top(a);
* BN_mod_exp_mont 33 .. 40 % [AMD K6-2, Linux, debug configuration]
* 55 .. 77 % [UltraSparc processor, but
* debug-solaris-sparcv8-gcc conf.]
- *
+ *
* BN_mod_exp_recp 50 .. 70 % [AMD K6-2, Linux, debug configuration]
* 62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
*
* a >= m. eay 07-May-97 */
/* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
- if (BN_is_odd(m))
- {
+ if (BN_is_odd(m)) {
# ifdef MONT_EXP_WORD
- if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0))
- {
+ if (a->top == 1 && !a->neg &&
+ (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) {
BN_ULONG A = a->d[0];
- ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);
- }
- else
+ ret = BN_mod_exp_mont_word(r, A,p, m,ctx, NULL);
+ } else
# endif
- ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL);
- }
- else
+ ret = BN_mod_exp_mont(r, a,p, m,ctx, NULL);
+ } else
#endif
#ifdef RECP_MUL_MOD
- { ret=BN_mod_exp_recp(r,a,p,m,ctx); }
+ {
+ ret = BN_mod_exp_recp(r, a,p, m, ctx);
+ }
#else
- { ret=BN_mod_exp_simple(r,a,p,m,ctx); }
+ {
+ ret = BN_mod_exp_simple(r, a,p, m, ctx);
+ }
#endif
bn_check_top(r);
- return(ret);
- }
-
-
-int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- int i,j,bits,ret=0,wstart,wend,window,wvalue;
- int start=1;
+ return (ret);
+}
+
+int
+BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx)
+{
+ int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+ int start = 1;
BIGNUM *aa;
/* Table of variables obtained from 'ctx' */
BIGNUM *val[TABLE_SIZE];
BN_RECP_CTX recp;
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
- {
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
- BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;
- }
+ }
- bits=BN_num_bits(p);
+ bits = BN_num_bits(p);
- if (bits == 0)
- {
+ if (bits == 0) {
ret = BN_one(r);
return ret;
- }
+ }
BN_CTX_start(ctx);
aa = BN_CTX_get(ctx);
val[0] = BN_CTX_get(ctx);
- if(!aa || !val[0]) goto err;
+ if (!aa || !val[0])
+ goto err;
BN_RECP_CTX_init(&recp);
- if (m->neg)
- {
+ if (m->neg) {
/* ignore sign of 'm' */
- if (!BN_copy(aa, m)) goto err;
+ if (!BN_copy(aa, m))
+ goto err;
aa->neg = 0;
- if (BN_RECP_CTX_set(&recp,aa,ctx) <= 0) goto err;
- }
- else
- {
- if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;
- }
+ if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0)
+ goto err;
+ } else {
+ if (BN_RECP_CTX_set(&recp, m, ctx) <= 0)
+ goto err;
+ }
- if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */
- if (BN_is_zero(val[0]))
- {
+ if (!BN_nnmod(val[0], a, m, ctx))
+ goto err; /* 1 */
+ if (BN_is_zero(val[0])) {
BN_zero(r);
ret = 1;
goto err;
- }
+ }
window = BN_window_bits_for_exponent_size(bits);
- if (window > 1)
- {
- if (!BN_mod_mul_reciprocal(aa,val[0],val[0],&recp,ctx))
+ if (window > 1) {
+ if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx))
goto err; /* 2 */
- j=1<<(window-1);
- for (i=1; i<j; i++)
- {
- if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul_reciprocal(val[i],val[i-1],
- aa,&recp,ctx))
+ j = 1 << (window - 1);
+ for (i = 1; i < j; i++) {
+ if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul_reciprocal(val[i], val[i - 1],
+ aa, &recp, ctx))
goto err;
- }
}
-
- start=1; /* This is used to avoid multiplication etc
- * when there is only the value '1' in the
- * buffer. */
- wvalue=0; /* The 'value' of the window */
- wstart=bits-1; /* The top bit of the window */
- wend=0; /* The bottom bit of the window */
+ }
- if (!BN_one(r)) goto err;
+ start = 1; /* This is used to avoid multiplication etc
+ * when there is only the value '1' in the
+ * buffer. */
+ wvalue = 0; /* The 'value' of the window */
+ wstart = bits - 1; /* The top bit of the window */
+ wend = 0; /* The bottom bit of the window */
- for (;;)
- {
- if (BN_is_bit_set(p,wstart) == 0)
- {
+ if (!BN_one(r))
+ goto err;
+
+ for (;;) {
+ if (BN_is_bit_set(p, wstart) == 0) {
if (!start)
- if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
- goto err;
- if (wstart == 0) break;
+ if (!BN_mod_mul_reciprocal(r, r,r, &recp, ctx))
+ goto err;
+ if (wstart == 0)
+ break;
wstart--;
continue;
- }
+ }
/* We now have wstart on a 'set' bit, we now need to work out
* how bit a window to do. To do this we need to scan
* forward until the last set bit before the end of the
* window */
- j=wstart;
- wvalue=1;
- wend=0;
- for (i=1; i<window; i++)
- {
- if (wstart-i < 0) break;
- if (BN_is_bit_set(p,wstart-i))
- {
- wvalue<<=(i-wend);
- wvalue|=1;
- wend=i;
- }
+ j = wstart;
+ wvalue = 1;
+ wend = 0;
+ for (i = 1; i < window; i++) {
+ if (wstart - i < 0)
+ break;
+ if (BN_is_bit_set(p, wstart - i)) {
+ wvalue <<= (i - wend);
+ wvalue |= 1;
+ wend = i;
}
+ }
/* wend is the size of the current window */
- j=wend+1;
+ j = wend + 1;
/* add the 'bytes above' */
if (!start)
- for (i=0; i<j; i++)
- {
- if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
+ for (i = 0; i < j; i++) {
+ if (!BN_mod_mul_reciprocal(r, r,r, &recp, ctx))
goto err;
- }
-
+ }
+
/* wvalue will be an odd number < 2^window */
- if (!BN_mod_mul_reciprocal(r,r,val[wvalue>>1],&recp,ctx))
+ if (!BN_mod_mul_reciprocal(r, r,val[wvalue >> 1], &recp, ctx))
goto err;
/* move the 'window' down further */
- wstart-=wend+1;
- wvalue=0;
- start=0;
- if (wstart < 0) break;
- }
- ret=1;
+ wstart -= wend + 1;
+ wvalue = 0;
+ start = 0;
+ if (wstart < 0)
+ break;
+ }
+ ret = 1;
+
err:
BN_CTX_end(ctx);
BN_RECP_CTX_free(&recp);
bn_check_top(r);
- return(ret);
- }
-
-
-int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- int i,j,bits,ret=0,wstart,wend,window,wvalue;
- int start=1;
- BIGNUM *d,*r;
+ return (ret);
+}
+
+int
+BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+ int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+ int start = 1;
+ BIGNUM *d, *r;
const BIGNUM *aa;
/* Table of variables obtained from 'ctx' */
BIGNUM *val[TABLE_SIZE];
- BN_MONT_CTX *mont=NULL;
+ BN_MONT_CTX *mont = NULL;
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
- {
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
- }
+ }
bn_check_top(a);
bn_check_top(p);
bn_check_top(m);
- if (!BN_is_odd(m))
- {
- BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
- return(0);
- }
- bits=BN_num_bits(p);
- if (bits == 0)
- {
+ if (!BN_is_odd(m)) {
+ BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
+ return (0);
+ }
+ bits = BN_num_bits(p);
+ if (bits == 0) {
ret = BN_one(rr);
return ret;
- }
+ }
BN_CTX_start(ctx);
d = BN_CTX_get(ctx);
r = BN_CTX_get(ctx);
val[0] = BN_CTX_get(ctx);
- if (!d || !r || !val[0]) goto err;
+ if (!d || !r || !val[0])
+ goto err;
/* If this is not done, things will break in the montgomery
* part */
if (in_mont != NULL)
- mont=in_mont;
- else
- {
- if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
- if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
- }
+ mont = in_mont;
+ else {
+ if ((mont = BN_MONT_CTX_new()) == NULL)
+ goto err;
+ if (!BN_MONT_CTX_set(mont, m, ctx))
+ goto err;
+ }
- if (a->neg || BN_ucmp(a,m) >= 0)
- {
- if (!BN_nnmod(val[0],a,m,ctx))
+ if (a->neg || BN_ucmp(a, m) >= 0) {
+ if (!BN_nnmod(val[0], a,m, ctx))
goto err;
- aa= val[0];
- }
- else
- aa=a;
- if (BN_is_zero(aa))
- {
+ aa = val[0];
+ } else
+ aa = a;
+ if (BN_is_zero(aa)) {
BN_zero(rr);
ret = 1;
goto err;
- }
- if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */
+ }
+ if (!BN_to_montgomery(val[0], aa, mont, ctx))
+ goto err; /* 1 */
window = BN_window_bits_for_exponent_size(bits);
- if (window > 1)
- {
- if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */
- j=1<<(window-1);
- for (i=1; i<j; i++)
- {
- if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul_montgomery(val[i],val[i-1],
- d,mont,ctx))
+ if (window > 1) {
+ if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx))
+ goto err; /* 2 */
+ j = 1 << (window - 1);
+ for (i = 1; i < j; i++) {
+ if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul_montgomery(val[i], val[i - 1],
+ d, mont, ctx))
goto err;
- }
}
+ }
- start=1; /* This is used to avoid multiplication etc
- * when there is only the value '1' in the
- * buffer. */
- wvalue=0; /* The 'value' of the window */
- wstart=bits-1; /* The top bit of the window */
- wend=0; /* The bottom bit of the window */
+ start = 1; /* This is used to avoid multiplication etc
+ * when there is only the value '1' in the
+ * buffer. */
+ wvalue = 0; /* The 'value' of the window */
+ wstart = bits - 1; /* The top bit of the window */
+ wend = 0; /* The bottom bit of the window */
- if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
- for (;;)
- {
- if (BN_is_bit_set(p,wstart) == 0)
- {
- if (!start)
- {
- if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
- goto err;
- }
- if (wstart == 0) break;
+ if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+ goto err;
+ for (;;) {
+ if (BN_is_bit_set(p, wstart) == 0) {
+ if (!start) {
+ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+ goto err;
+ }
+ if (wstart == 0)
+ break;
wstart--;
continue;
- }
+ }
/* We now have wstart on a 'set' bit, we now need to work out
* how bit a window to do. To do this we need to scan
* forward until the last set bit before the end of the
* window */
- j=wstart;
- wvalue=1;
- wend=0;
- for (i=1; i<window; i++)
- {
- if (wstart-i < 0) break;
- if (BN_is_bit_set(p,wstart-i))
- {
- wvalue<<=(i-wend);
- wvalue|=1;
- wend=i;
- }
+ j = wstart;
+ wvalue = 1;
+ wend = 0;
+ for (i = 1; i < window; i++) {
+ if (wstart - i < 0)
+ break;
+ if (BN_is_bit_set(p, wstart - i)) {
+ wvalue <<= (i - wend);
+ wvalue |= 1;
+ wend = i;
}
+ }
/* wend is the size of the current window */
- j=wend+1;
+ j = wend + 1;
/* add the 'bytes above' */
if (!start)
- for (i=0; i<j; i++)
- {
- if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
+ for (i = 0; i < j; i++) {
+ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
goto err;
- }
-
+ }
+
/* wvalue will be an odd number < 2^window */
- if (!BN_mod_mul_montgomery(r,r,val[wvalue>>1],mont,ctx))
+ if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx))
goto err;
/* move the 'window' down further */
- wstart-=wend+1;
- wvalue=0;
- start=0;
- if (wstart < 0) break;
- }
- if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
- ret=1;
+ wstart -= wend + 1;
+ wvalue = 0;
+ start = 0;
+ if (wstart < 0)
+ break;
+ }
+ if (!BN_from_montgomery(rr, r,mont, ctx))
+ goto err;
+ ret = 1;
+
err:
- if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+ if ((in_mont == NULL) && (mont != NULL))
+ BN_MONT_CTX_free(mont);
BN_CTX_end(ctx);
bn_check_top(rr);
- return(ret);
- }
+ return (ret);
+}
/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout
* as cache lines are concerned. The following functions are used to transfer a BIGNUM
* from/to that table. */
-static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top, unsigned char *buf, int idx, int width)
- {
+static int
+MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top, unsigned char *buf,
+ int idx, int width)
+{
size_t i, j;
if (top > b->top)
top = b->top; /* this works because 'buf' is explicitly zeroed */
- for (i = 0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
- {
+ for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
buf[j] = ((unsigned char*)b->d)[i];
- }
+ }
return 1;
- }
+}
-static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
- {
+static int
+MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx,
+ int width)
+{
size_t i, j;
if (bn_wexpand(b, top) == NULL)
return 0;
- for (i=0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
- {
+ for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
((unsigned char*)b->d)[i] = buf[j];
- }
+ }
b->top = top;
bn_correct_top(b);
return 1;
- }
+}
/* Given a pointer value, compute the next address that is a cache line multiple. */
#define MOD_EXP_CTIME_ALIGN(x_) \
* pointed out by Colin Percival,
* http://www.daemonology.net/hyperthreading-considered-harmful/)
*/
-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- int i,bits,ret=0,window,wvalue;
+int
+BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+ int i, bits, ret = 0, window, wvalue;
int top;
- BN_MONT_CTX *mont=NULL;
-
+ BN_MONT_CTX *mont = NULL;
int numPowers;
- unsigned char *powerbufFree=NULL;
+ unsigned char *powerbufFree = NULL;
int powerbufLen = 0;
- unsigned char *powerbuf=NULL;
+ unsigned char *powerbuf = NULL;
BIGNUM tmp, am;
bn_check_top(a);
top = m->top;
- if (!(m->d[0] & 1))
- {
- BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,BN_R_CALLED_WITH_EVEN_MODULUS);
- return(0);
- }
- bits=BN_num_bits(p);
- if (bits == 0)
- {
+ if (!(m->d[0] & 1)) {
+ BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,
+ BN_R_CALLED_WITH_EVEN_MODULUS);
+ return (0);
+ }
+ bits = BN_num_bits(p);
+ if (bits == 0) {
ret = BN_one(rr);
return ret;
- }
+ }
BN_CTX_start(ctx);
* If this is not done, things will break in the montgomery part.
*/
if (in_mont != NULL)
- mont=in_mont;
- else
- {
- if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
- if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
- }
+ mont = in_mont;
+ else {
+ if ((mont = BN_MONT_CTX_new()) == NULL)
+ goto err;
+ if (!BN_MONT_CTX_set(mont, m, ctx))
+ goto err;
+ }
/* Get the window size to use with size of p. */
window = BN_window_bits_for_ctime_exponent_size(bits);
#if defined(OPENSSL_BN_ASM_MONT5)
- if (window==6 && bits<=1024) window=5; /* ~5% improvement of 2048-bit RSA sign */
+ if (window == 6 && bits <= 1024)
+ window = 5; /* ~5% improvement of 2048-bit RSA sign */
#endif
/* Allocate a buffer large enough to hold all of the pre-computed
* powers of am, am itself and tmp.
*/
numPowers = 1 << window;
- powerbufLen = sizeof(m->d[0])*(top*numPowers +
- ((2*top)>numPowers?(2*top):numPowers));
+ powerbufLen = sizeof(m->d[0]) * (top * numPowers +
+ ((2*top) > numPowers ? (2*top) : numPowers));
#ifdef alloca
if (powerbufLen < 3072)
- powerbufFree = alloca(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
+ powerbufFree = alloca(powerbufLen +
+ MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
else
#endif
- if ((powerbufFree=(unsigned char*)malloc(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
+ if ((powerbufFree = (unsigned char*)malloc(powerbufLen +
+ MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
goto err;
-
+
powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
memset(powerbuf, 0, powerbufLen);
#endif
/* lay down tmp and am right after powers table */
- tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0])*top*numPowers);
- am.d = tmp.d + top;
- tmp.top = am.top = 0;
- tmp.dmax = am.dmax = top;
- tmp.neg = am.neg = 0;
+ tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers);
+ am.d = tmp.d + top;
+ tmp.top = am.top = 0;
+ tmp.dmax = am.dmax = top;
+ tmp.neg = am.neg = 0;
tmp.flags = am.flags = BN_FLG_STATIC_DATA;
/* prepare a^0 in Montgomery domain */
#if 1
- if (!BN_to_montgomery(&tmp,BN_value_one(),mont,ctx)) goto err;
+ if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx))
+ goto err;
#else
- tmp.d[0] = (0-m->d[0])&BN_MASK2; /* 2^(top*BN_BITS2) - m */
- for (i=1;i<top;i++)
- tmp.d[i] = (~m->d[i])&BN_MASK2;
+ tmp.d[0] = (0 - m - >d[0]) & BN_MASK2; /* 2^(top*BN_BITS2) - m */
+ for (i = 1; i < top; i++)
+ tmp.d[i] = (~m->d[i]) & BN_MASK2;
tmp.top = top;
#endif
/* prepare a^1 in Montgomery domain */
- if (a->neg || BN_ucmp(a,m) >= 0)
- {
- if (!BN_mod(&am,a,m,ctx)) goto err;
- if (!BN_to_montgomery(&am,&am,mont,ctx)) goto err;
- }
- else if (!BN_to_montgomery(&am,a,mont,ctx)) goto err;
+ if (a->neg || BN_ucmp(a, m) >= 0) {
+ if (!BN_mod(&am, a,m, ctx))
+ goto err;
+ if (!BN_to_montgomery(&am, &am, mont, ctx))
+ goto err;
+ } else if (!BN_to_montgomery(&am, a,mont, ctx))
+ goto err;
#if defined(OPENSSL_BN_ASM_MONT5)
- /* This optimization uses ideas from http://eprint.iacr.org/2011/239,
- * specifically optimization of cache-timing attack countermeasures
- * and pre-computation optimization. */
-
- /* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
- * 512-bit RSA is hardly relevant, we omit it to spare size... */
- if (window==5)
- {
- void bn_mul_mont_gather5(BN_ULONG *rp,const BN_ULONG *ap,
- const void *table,const BN_ULONG *np,
- const BN_ULONG *n0,int num,int power);
- void bn_scatter5(const BN_ULONG *inp,size_t num,
- void *table,size_t power);
- void bn_gather5(BN_ULONG *out,size_t num,
- void *table,size_t power);
-
- BN_ULONG *np=mont->N.d, *n0=mont->n0;
-
- /* BN_to_montgomery can contaminate words above .top
- * [in BN_DEBUG[_DEBUG] build]... */
- for (i=am.top; i<top; i++) am.d[i]=0;
- for (i=tmp.top; i<top; i++) tmp.d[i]=0;
-
- bn_scatter5(tmp.d,top,powerbuf,0);
- bn_scatter5(am.d,am.top,powerbuf,1);
- bn_mul_mont(tmp.d,am.d,am.d,np,n0,top);
- bn_scatter5(tmp.d,top,powerbuf,2);
+ /* This optimization uses ideas from http://eprint.iacr.org/2011/239,
+ * specifically optimization of cache-timing attack countermeasures
+ * and pre-computation optimization. */
+
+ /* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
+ * 512-bit RSA is hardly relevant, we omit it to spare size... */
+ if (window == 5) {
+ void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
+ const void *table, const BN_ULONG *np,
+ const BN_ULONG *n0, int num, int power);
+ void bn_scatter5(const BN_ULONG *inp, size_t num,
+ void *table, size_t power);
+ void bn_gather5(BN_ULONG *out, size_t num,
+ void *table, size_t power);
+
+ BN_ULONG *np = mont->N.d, *n0 = mont->n0;
+
+ /* BN_to_montgomery can contaminate words above .top
+ * [in BN_DEBUG[_DEBUG] build]... */
+ for (i = am.top; i < top; i++)
+ am.d[i] = 0;
+ for (i = tmp.top; i < top; i++)
+ tmp.d[i] = 0;
+
+ bn_scatter5(tmp.d, top, powerbuf, 0);
+ bn_scatter5(am.d, am.top, powerbuf, 1);
+ bn_mul_mont(tmp.d, am.d, am.d, np, n0, top);
+ bn_scatter5(tmp.d, top, powerbuf, 2);
#if 0
- for (i=3; i<32; i++)
- {
- /* Calculate a^i = a^(i-1) * a */
- bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1);
- bn_scatter5(tmp.d,top,powerbuf,i);
+ for (i = 3; i < 32; i++) {
+ /* Calculate a^i = a^(i-1) * a */
+ bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np,
+ n0, top, i - 1);
+ bn_scatter5(tmp.d, top, powerbuf, i);
}
#else
- /* same as above, but uses squaring for 1/2 of operations */
- for (i=4; i<32; i*=2)
- {
- bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
- bn_scatter5(tmp.d,top,powerbuf,i);
+ /* same as above, but uses squaring for 1/2 of operations */
+ for (i = 4; i < 32; i*=2) {
+ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+ bn_scatter5(tmp.d, top, powerbuf, i);
}
- for (i=3; i<8; i+=2)
- {
- int j;
- bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1);
- bn_scatter5(tmp.d,top,powerbuf,i);
- for (j=2*i; j<32; j*=2)
- {
- bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
- bn_scatter5(tmp.d,top,powerbuf,j);
+ for (i = 3; i < 8; i += 2) {
+ int j;
+ bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np,
+ n0, top, i - 1);
+ bn_scatter5(tmp.d, top, powerbuf, i);
+ for (j = 2 * i; j < 32; j *= 2) {
+ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+ bn_scatter5(tmp.d, top, powerbuf, j);
}
}
- for (; i<16; i+=2)
- {
- bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1);
- bn_scatter5(tmp.d,top,powerbuf,i);
- bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
- bn_scatter5(tmp.d,top,powerbuf,2*i);
+ for (; i < 16; i += 2) {
+ bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np,
+ n0, top, i - 1);
+ bn_scatter5(tmp.d, top, powerbuf, i);
+ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+ bn_scatter5(tmp.d, top, powerbuf, 2*i);
}
- for (; i<32; i+=2)
- {
- bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1);
- bn_scatter5(tmp.d,top,powerbuf,i);
+ for (; i < 32; i += 2) {
+ bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np,
+ n0, top, i - 1);
+ bn_scatter5(tmp.d, top, powerbuf, i);
}
#endif
- bits--;
- for (wvalue=0, i=bits%5; i>=0; i--,bits--)
- wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
- bn_gather5(tmp.d,top,powerbuf,wvalue);
+ bits--;
+ for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--)
+ wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+ bn_gather5(tmp.d, top, powerbuf, wvalue);
- /* Scan the exponent one window at a time starting from the most
- * significant bits.
- */
- while (bits >= 0)
- {
- for (wvalue=0, i=0; i<5; i++,bits--)
- wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
-
- bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
- bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
- bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
- bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
- bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
- bn_mul_mont_gather5(tmp.d,tmp.d,powerbuf,np,n0,top,wvalue);
+ /* Scan the exponent one window at a time starting from the most
+ * significant bits.
+ */
+ while (bits >= 0) {
+ for (wvalue = 0, i = 0; i < 5; i++, bits--)
+ wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+
+ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+ bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top, wvalue);
}
- tmp.top=top;
- bn_correct_top(&tmp);
- }
- else
+ tmp.top = top;
+ bn_correct_top(&tmp);
+ } else
#endif
{
- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, numPowers)) goto err;
- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, numPowers)) goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0,
+ numPowers))
+ goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1,
+ numPowers))
+ goto err;
- /* If the window size is greater than 1, then calculate
- * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)
- * (even powers could instead be computed as (a^(i/2))^2
- * to use the slight performance advantage of sqr over mul).
- */
- if (window > 1)
- {
- if (!BN_mod_mul_montgomery(&tmp,&am,&am,mont,ctx)) goto err;
- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2, numPowers)) goto err;
- for (i=3; i<numPowers; i++)
- {
- /* Calculate a^i = a^(i-1) * a */
- if (!BN_mod_mul_montgomery(&tmp,&am,&tmp,mont,ctx))
+ /* If the window size is greater than 1, then calculate
+ * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)
+ * (even powers could instead be computed as (a^(i/2))^2
+ * to use the slight performance advantage of sqr over mul).
+ */
+ if (window > 1) {
+ if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
+ goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf,
+ 2, numPowers))
goto err;
- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i, numPowers)) goto err;
+ for (i = 3; i < numPowers; i++) {
+ /* Calculate a^i = a^(i-1) * a */
+ if (!BN_mod_mul_montgomery(&tmp, &am, &tmp,
+ mont, ctx))
+ goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top,
+ powerbuf, i, numPowers))
+ goto err;
}
}
- bits--;
- for (wvalue=0, i=bits%window; i>=0; i--,bits--)
- wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
- if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp,top,powerbuf,wvalue,numPowers)) goto err;
-
- /* Scan the exponent one window at a time starting from the most
- * significant bits.
- */
- while (bits >= 0)
- {
- wvalue=0; /* The 'value' of the window */
-
- /* Scan the window, squaring the result as we go */
- for (i=0; i<window; i++,bits--)
- {
- if (!BN_mod_mul_montgomery(&tmp,&tmp,&tmp,mont,ctx)) goto err;
- wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
- }
-
- /* Fetch the appropriate pre-computed value from the pre-buf */
- if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue, numPowers)) goto err;
-
- /* Multiply the result into the intermediate result */
- if (!BN_mod_mul_montgomery(&tmp,&tmp,&am,mont,ctx)) goto err;
- }
+ bits--;
+ for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
+ wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+ if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf,
+ wvalue, numPowers))
+ goto err;
+
+ /* Scan the exponent one window at a time starting from the most
+ * significant bits.
+ */
+ while (bits >= 0) {
+ wvalue = 0; /* The 'value' of the window */
+
+ /* Scan the window, squaring the result as we go */
+ for (i = 0; i < window; i++, bits--) {
+ if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp,
+ mont, ctx))
+ goto err;
+ wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+ }
+
+ /* Fetch the appropriate pre-computed value from the pre-buf */
+ if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf,
+ wvalue, numPowers))
+ goto err;
+
+ /* Multiply the result into the intermediate result */
+ if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx))
+ goto err;
+ }
}
- /* Convert the final result from montgomery to standard format */
- if (!BN_from_montgomery(rr,&tmp,mont,ctx)) goto err;
- ret=1;
+ /* Convert the final result from montgomery to standard format */
+ if (!BN_from_montgomery(rr, &tmp, mont, ctx))
+ goto err;
+ ret = 1;
+
err:
- if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
- if (powerbuf!=NULL)
- {
- OPENSSL_cleanse(powerbuf,powerbufLen);
- if (powerbufFree) free(powerbufFree);
- }
- BN_CTX_end(ctx);
- return(ret);
+ if ((in_mont == NULL) && (mont != NULL))
+ BN_MONT_CTX_free(mont);
+ if (powerbuf != NULL) {
+ OPENSSL_cleanse(powerbuf, powerbufLen);
+ if (powerbufFree)
+ free(powerbufFree);
}
+ BN_CTX_end(ctx);
+ return (ret);
+}
-int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
+int
+BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
BN_MONT_CTX *mont = NULL;
- int b, bits, ret=0;
+ int b, bits, ret = 0;
int r_is_one;
BN_ULONG w, next_w;
BIGNUM *d, *r, *t;
BIGNUM *swap_tmp;
+
#define BN_MOD_MUL_WORD(r, w, m) \
(BN_mul_word(r, (w)) && \
(/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \
#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
(BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
- {
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
- BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ BNerr(BN_F_BN_MOD_EXP_MONT_WORD,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;
- }
+ }
bn_check_top(p);
bn_check_top(m);
- if (!BN_is_odd(m))
- {
- BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS);
- return(0);
- }
+ if (!BN_is_odd(m)) {
+ BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS);
+ return (0);
+ }
if (m->top == 1)
a %= m->d[0]; /* make sure that 'a' is reduced */
-
- bits = BN_num_bits(p);
- if (bits == 0)
- {
+ bits = BN_num_bits(p);
+ if (bits == 0) {
ret = BN_one(rr);
return ret;
- }
- if (a == 0)
- {
+ }
+ if (a == 0) {
BN_zero(rr);
ret = 1;
return ret;
- }
+ }
BN_CTX_start(ctx);
d = BN_CTX_get(ctx);
r = BN_CTX_get(ctx);
t = BN_CTX_get(ctx);
- if (d == NULL || r == NULL || t == NULL) goto err;
+ if (d == NULL || r == NULL || t == NULL)
+ goto err;
if (in_mont != NULL)
- mont=in_mont;
- else
- {
- if ((mont = BN_MONT_CTX_new()) == NULL) goto err;
- if (!BN_MONT_CTX_set(mont, m, ctx)) goto err;
- }
+ mont = in_mont;
+ else {
+ if ((mont = BN_MONT_CTX_new()) == NULL)
+ goto err;
+ if (!BN_MONT_CTX_set(mont, m, ctx))
+ goto err;
+ }
r_is_one = 1; /* except for Montgomery factor */
/* The result is accumulated in the product r*w. */
w = a; /* bit 'bits-1' of 'p' is always set */
- for (b = bits-2; b >= 0; b--)
- {
+ for (b = bits - 2; b >= 0; b--) {
/* First, square r*w. */
- next_w = w*w;
- if ((next_w/w) != w) /* overflow */
- {
- if (r_is_one)
- {
- if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+ next_w = w * w;
+ if ((next_w / w) != w) /* overflow */
+ {
+ if (r_is_one) {
+ if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+ goto err;
r_is_one = 0;
- }
- else
- {
- if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
- }
- next_w = 1;
+ } else {
+ if (!BN_MOD_MUL_WORD(r, w, m))
+ goto err;
}
+ next_w = 1;
+ }
w = next_w;
- if (!r_is_one)
- {
- if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err;
- }
+ if (!r_is_one) {
+ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+ goto err;
+ }
/* Second, multiply r*w by 'a' if exponent bit is set. */
- if (BN_is_bit_set(p, b))
+ if (BN_is_bit_set(p, b)) {
+ next_w = w * a;
+ if ((next_w / a) != w) /* overflow */
{
- next_w = w*a;
- if ((next_w/a) != w) /* overflow */
- {
- if (r_is_one)
- {
- if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+ if (r_is_one) {
+ if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+ goto err;
r_is_one = 0;
- }
- else
- {
- if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
- }
- next_w = a;
+ } else {
+ if (!BN_MOD_MUL_WORD(r, w, m))
+ goto err;
}
- w = next_w;
+ next_w = a;
}
+ w = next_w;
}
+ }
/* Finally, set r:=r*w. */
- if (w != 1)
- {
- if (r_is_one)
- {
- if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+ if (w != 1) {
+ if (r_is_one) {
+ if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+ goto err;
r_is_one = 0;
- }
- else
- {
- if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
- }
+ } else {
+ if (!BN_MOD_MUL_WORD(r, w, m))
+ goto err;
}
+ }
if (r_is_one) /* can happen only if a == 1*/
- {
- if (!BN_one(rr)) goto err;
- }
- else
- {
- if (!BN_from_montgomery(rr, r, mont, ctx)) goto err;
- }
+ {
+ if (!BN_one(rr))
+ goto err;
+ } else {
+ if (!BN_from_montgomery(rr, r, mont, ctx))
+ goto err;
+ }
ret = 1;
+
err:
- if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+ if ((in_mont == NULL) && (mont != NULL))
+ BN_MONT_CTX_free(mont);
BN_CTX_end(ctx);
bn_check_top(rr);
- return(ret);
- }
+ return (ret);
+}
/* The old fallback, simple version :-) */
-int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- int i,j,bits,ret=0,wstart,wend,window,wvalue;
- int start=1;
+int
+BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx)
+{
+ int i, j,bits, ret = 0, wstart, wend, window, wvalue;
+ int start = 1;
BIGNUM *d;
/* Table of variables obtained from 'ctx' */
BIGNUM *val[TABLE_SIZE];
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
- {
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
- BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ BNerr(BN_F_BN_MOD_EXP_SIMPLE,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;
- }
+ }
- bits=BN_num_bits(p);
+ bits = BN_num_bits(p);
- if (bits == 0)
- {
+ if (bits == 0) {
ret = BN_one(r);
return ret;
- }
+ }
BN_CTX_start(ctx);
d = BN_CTX_get(ctx);
val[0] = BN_CTX_get(ctx);
- if(!d || !val[0]) goto err;
+ if (!d || !val[0])
+ goto err;
- if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */
- if (BN_is_zero(val[0]))
- {
+ if (!BN_nnmod(val[0],a,m,ctx))
+ goto err; /* 1 */
+ if (BN_is_zero(val[0])) {
BN_zero(r);
ret = 1;
goto err;
- }
+ }
window = BN_window_bits_for_exponent_size(bits);
- if (window > 1)
- {
- if (!BN_mod_mul(d,val[0],val[0],m,ctx))
+ if (window > 1) {
+ if (!BN_mod_mul(d, val[0], val[0], m, ctx))
goto err; /* 2 */
- j=1<<(window-1);
- for (i=1; i<j; i++)
- {
- if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul(val[i],val[i-1],d,m,ctx))
+ j = 1 << (window - 1);
+ for (i = 1; i < j; i++) {
+ if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul(val[i], val[i - 1], d,m, ctx))
goto err;
- }
}
+ }
- start=1; /* This is used to avoid multiplication etc
- * when there is only the value '1' in the
- * buffer. */
- wvalue=0; /* The 'value' of the window */
- wstart=bits-1; /* The top bit of the window */
- wend=0; /* The bottom bit of the window */
+ start = 1; /* This is used to avoid multiplication etc
+ * when there is only the value '1' in the
+ * buffer. */
+ wvalue = 0; /* The 'value' of the window */
+ wstart = bits - 1; /* The top bit of the window */
+ wend = 0; /* The bottom bit of the window */
- if (!BN_one(r)) goto err;
+ if (!BN_one(r))
+ goto err;
- for (;;)
- {
- if (BN_is_bit_set(p,wstart) == 0)
- {
+ for (;;) {
+ if (BN_is_bit_set(p, wstart) == 0) {
if (!start)
- if (!BN_mod_mul(r,r,r,m,ctx))
- goto err;
- if (wstart == 0) break;
+ if (!BN_mod_mul(r, r, r, m, ctx))
+ goto err;
+ if (wstart == 0)
+ break;
wstart--;
continue;
- }
+ }
/* We now have wstart on a 'set' bit, we now need to work out
* how bit a window to do. To do this we need to scan
* forward until the last set bit before the end of the
* window */
- j=wstart;
- wvalue=1;
- wend=0;
- for (i=1; i<window; i++)
- {
- if (wstart-i < 0) break;
- if (BN_is_bit_set(p,wstart-i))
- {
- wvalue<<=(i-wend);
- wvalue|=1;
- wend=i;
- }
+ j = wstart;
+ wvalue = 1;
+ wend = 0;
+ for (i = 1; i < window; i++) {
+ if (wstart - i < 0)
+ break;
+ if (BN_is_bit_set(p, wstart - i)) {
+ wvalue <<= (i - wend);
+ wvalue |= 1;
+ wend = i;
}
+ }
/* wend is the size of the current window */
- j=wend+1;
+ j = wend + 1;
/* add the 'bytes above' */
if (!start)
- for (i=0; i<j; i++)
- {
- if (!BN_mod_mul(r,r,r,m,ctx))
+ for (i = 0; i < j; i++) {
+ if (!BN_mod_mul(r, r, r, m, ctx))
goto err;
- }
-
+ }
+
/* wvalue will be an odd number < 2^window */
- if (!BN_mod_mul(r,r,val[wvalue>>1],m,ctx))
+ if (!BN_mod_mul(r, r, val[wvalue >> 1], m, ctx))
goto err;
/* move the 'window' down further */
- wstart-=wend+1;
- wvalue=0;
- start=0;
- if (wstart < 0) break;
- }
- ret=1;
+ wstart -= wend + 1;
+ wvalue = 0;
+ start = 0;
+ if (wstart < 0)
+ break;
+ }
+ ret = 1;
+
err:
BN_CTX_end(ctx);
bn_check_top(r);
- return(ret);
- }
+ return (ret);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#define TABLE_SIZE 32
-int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
- const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2;
- int r_is_one=1;
- BIGNUM *d,*r;
+int
+BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
+ const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont)
+{
+ int i, j, bits, b, bits1, bits2, ret = 0, wpos1, wpos2, window1, window2, wvalue1, wvalue2;
+ int r_is_one = 1;
+ BIGNUM *d, *r;
const BIGNUM *a_mod_m;
/* Tables of variables obtained from 'ctx' */
BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
- BN_MONT_CTX *mont=NULL;
+ BN_MONT_CTX *mont = NULL;
bn_check_top(a1);
bn_check_top(p1);
bn_check_top(p2);
bn_check_top(m);
- if (!(m->d[0] & 1))
- {
- BNerr(BN_F_BN_MOD_EXP2_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
- return(0);
- }
- bits1=BN_num_bits(p1);
- bits2=BN_num_bits(p2);
- if ((bits1 == 0) && (bits2 == 0))
- {
+ if (!(m->d[0] & 1)) {
+ BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
+ return (0);
+ }
+ bits1 = BN_num_bits(p1);
+ bits2 = BN_num_bits(p2);
+ if ((bits1 == 0) && (bits2 == 0)) {
ret = BN_one(rr);
return ret;
- }
-
- bits=(bits1 > bits2)?bits1:bits2;
+ }
+
+ bits = (bits1 > bits2) ? bits1 : bits2;
BN_CTX_start(ctx);
d = BN_CTX_get(ctx);
r = BN_CTX_get(ctx);
val1[0] = BN_CTX_get(ctx);
val2[0] = BN_CTX_get(ctx);
- if(!d || !r || !val1[0] || !val2[0]) goto err;
+ if (!d || !r || !val1[0] || !val2[0])
+ goto err;
if (in_mont != NULL)
- mont=in_mont;
- else
- {
- if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
- if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
- }
+ mont = in_mont;
+ else {
+ if ((mont = BN_MONT_CTX_new()) == NULL)
+ goto err;
+ if (!BN_MONT_CTX_set(mont, m, ctx))
+ goto err;
+ }
window1 = BN_window_bits_for_exponent_size(bits1);
window2 = BN_window_bits_for_exponent_size(bits2);
/*
* Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1)
*/
- if (a1->neg || BN_ucmp(a1,m) >= 0)
- {
- if (!BN_mod(val1[0],a1,m,ctx))
+ if (a1->neg || BN_ucmp(a1, m) >= 0) {
+ if (!BN_mod(val1[0], a1, m, ctx))
goto err;
a_mod_m = val1[0];
- }
- else
+ } else
a_mod_m = a1;
- if (BN_is_zero(a_mod_m))
- {
+ if (BN_is_zero(a_mod_m)) {
BN_zero(rr);
ret = 1;
goto err;
- }
+ }
- if (!BN_to_montgomery(val1[0],a_mod_m,mont,ctx)) goto err;
- if (window1 > 1)
- {
- if (!BN_mod_mul_montgomery(d,val1[0],val1[0],mont,ctx)) goto err;
+ if (!BN_to_montgomery(val1[0], a_mod_m, mont, ctx))
+ goto err;
+ if (window1 > 1) {
+ if (!BN_mod_mul_montgomery(d, val1[0], val1[0], mont, ctx))
+ goto err;
- j=1<<(window1-1);
- for (i=1; i<j; i++)
- {
- if(((val1[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul_montgomery(val1[i],val1[i-1],
- d,mont,ctx))
+ j = 1 << (window1 - 1);
+ for (i = 1; i < j; i++) {
+ if (((val1[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul_montgomery(val1[i], val1[i - 1],
+ d, mont, ctx))
goto err;
- }
}
+ }
/*
* Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1)
*/
- if (a2->neg || BN_ucmp(a2,m) >= 0)
- {
- if (!BN_mod(val2[0],a2,m,ctx))
+ if (a2->neg || BN_ucmp(a2, m) >= 0) {
+ if (!BN_mod(val2[0], a2, m, ctx))
goto err;
a_mod_m = val2[0];
- }
- else
+ } else
a_mod_m = a2;
- if (BN_is_zero(a_mod_m))
- {
+ if (BN_is_zero(a_mod_m)) {
BN_zero(rr);
ret = 1;
goto err;
- }
- if (!BN_to_montgomery(val2[0],a_mod_m,mont,ctx)) goto err;
- if (window2 > 1)
- {
- if (!BN_mod_mul_montgomery(d,val2[0],val2[0],mont,ctx)) goto err;
+ }
+ if (!BN_to_montgomery(val2[0], a_mod_m, mont, ctx))
+ goto err;
+ if (window2 > 1) {
+ if (!BN_mod_mul_montgomery(d, val2[0], val2[0], mont, ctx))
+ goto err;
- j=1<<(window2-1);
- for (i=1; i<j; i++)
- {
- if(((val2[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul_montgomery(val2[i],val2[i-1],
- d,mont,ctx))
+ j = 1 << (window2 - 1);
+ for (i = 1; i < j; i++) {
+ if (((val2[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul_montgomery(val2[i], val2[i - 1],
+ d, mont, ctx))
goto err;
- }
}
+ }
/* Now compute the power product, using independent windows. */
- r_is_one=1;
- wvalue1=0; /* The 'value' of the first window */
- wvalue2=0; /* The 'value' of the second window */
- wpos1=0; /* If wvalue1 > 0, the bottom bit of the first window */
- wpos2=0; /* If wvalue2 > 0, the bottom bit of the second window */
+ r_is_one = 1;
+ wvalue1 = 0; /* The 'value' of the first window */
+ wvalue2 = 0; /* The 'value' of the second window */
+ wpos1 = 0; /* If wvalue1 > 0, the bottom bit of the first window */
+ wpos2 = 0; /* If wvalue2 > 0, the bottom bit of the second window */
- if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
- for (b=bits-1; b>=0; b--)
- {
- if (!r_is_one)
- {
- if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
+ if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+ goto err;
+ for (b = bits - 1; b >= 0; b--) {
+ if (!r_is_one) {
+ if (!BN_mod_mul_montgomery(r, r,r, mont, ctx))
goto err;
- }
-
+ }
+
if (!wvalue1)
- if (BN_is_bit_set(p1, b))
- {
- /* consider bits b-window1+1 .. b for this window */
- i = b-window1+1;
- while (!BN_is_bit_set(p1, i)) /* works for i<0 */
- i++;
- wpos1 = i;
- wvalue1 = 1;
- for (i = b-1; i >= wpos1; i--)
- {
- wvalue1 <<= 1;
- if (BN_is_bit_set(p1, i))
- wvalue1++;
- }
- }
-
+ if (BN_is_bit_set(p1, b)) {
+ /* consider bits b-window1+1 .. b for this window */
+ i = b - window1 + 1;
+ while (!BN_is_bit_set(p1, i)) /* works for i<0 */
+ i++;
+ wpos1 = i;
+ wvalue1 = 1;
+ for (i = b - 1; i >= wpos1; i--) {
+ wvalue1 <<= 1;
+ if (BN_is_bit_set(p1, i))
+ wvalue1++;
+ }
+ }
+
if (!wvalue2)
- if (BN_is_bit_set(p2, b))
- {
- /* consider bits b-window2+1 .. b for this window */
- i = b-window2+1;
- while (!BN_is_bit_set(p2, i))
- i++;
- wpos2 = i;
- wvalue2 = 1;
- for (i = b-1; i >= wpos2; i--)
- {
- wvalue2 <<= 1;
- if (BN_is_bit_set(p2, i))
- wvalue2++;
- }
- }
+ if (BN_is_bit_set(p2, b)) {
+ /* consider bits b-window2+1 .. b for this window */
+ i = b - window2 + 1;
+ while (!BN_is_bit_set(p2, i))
+ i++;
+ wpos2 = i;
+ wvalue2 = 1;
+ for (i = b - 1; i >= wpos2; i--) {
+ wvalue2 <<= 1;
+ if (BN_is_bit_set(p2, i))
+ wvalue2++;
+ }
+ }
- if (wvalue1 && b == wpos1)
- {
+ if (wvalue1 && b == wpos1) {
/* wvalue1 is odd and < 2^window1 */
- if (!BN_mod_mul_montgomery(r,r,val1[wvalue1>>1],mont,ctx))
+ if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1],
+ mont, ctx))
goto err;
wvalue1 = 0;
r_is_one = 0;
- }
-
- if (wvalue2 && b == wpos2)
- {
+ }
+
+ if (wvalue2 && b == wpos2) {
/* wvalue2 is odd and < 2^window2 */
- if (!BN_mod_mul_montgomery(r,r,val2[wvalue2>>1],mont,ctx))
+ if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1],
+ mont, ctx))
goto err;
wvalue2 = 0;
r_is_one = 0;
- }
}
- if (!BN_from_montgomery(rr,r,mont,ctx))
+ }
+ if (!BN_from_montgomery(rr, r,mont, ctx))
goto err;
- ret=1;
+ ret = 1;
+
err:
- if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+ if ((in_mont == NULL) && (mont != NULL))
+ BN_MONT_CTX_free(mont);
BN_CTX_end(ctx);
bn_check_top(rr);
- return(ret);
- }
+ return (ret);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
-int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
- {
- BIGNUM *a,*b,*t;
- int ret=0;
+int
+BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
+{
+ BIGNUM *a, *b, *t;
+ int ret = 0;
bn_check_top(in_a);
bn_check_top(in_b);
BN_CTX_start(ctx);
a = BN_CTX_get(ctx);
b = BN_CTX_get(ctx);
- if (a == NULL || b == NULL) goto err;
+ if (a == NULL || b == NULL)
+ goto err;
- if (BN_copy(a,in_a) == NULL) goto err;
- if (BN_copy(b,in_b) == NULL) goto err;
+ if (BN_copy(a, in_a) == NULL)
+ goto err;
+ if (BN_copy(b, in_b) == NULL)
+ goto err;
a->neg = 0;
b->neg = 0;
- if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; }
- t=euclid(a,b);
- if (t == NULL) goto err;
+ if (BN_cmp(a, b) < 0) {
+ t = a;
+ a = b;
+ b = t;
+ }
+ t = euclid(a, b);
+ if (t == NULL)
+ goto err;
+
+ if (BN_copy(r, t) == NULL)
+ goto err;
+ ret = 1;
- if (BN_copy(r,t) == NULL) goto err;
- ret=1;
err:
BN_CTX_end(ctx);
bn_check_top(r);
- return(ret);
- }
+ return (ret);
+}
-static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
- {
+static BIGNUM *
+euclid(BIGNUM *a, BIGNUM *b)
+{
BIGNUM *t;
- int shifts=0;
+ int shifts = 0;
bn_check_top(a);
bn_check_top(b);
/* 0 <= b <= a */
- while (!BN_is_zero(b))
- {
+ while (!BN_is_zero(b)) {
/* 0 < b <= a */
- if (BN_is_odd(a))
- {
- if (BN_is_odd(b))
- {
- if (!BN_sub(a,a,b)) goto err;
- if (!BN_rshift1(a,a)) goto err;
- if (BN_cmp(a,b) < 0)
- { t=a; a=b; b=t; }
+ if (BN_is_odd(a)) {
+ if (BN_is_odd(b)) {
+ if (!BN_sub(a, a, b))
+ goto err;
+ if (!BN_rshift1(a, a))
+ goto err;
+ if (BN_cmp(a, b) < 0) {
+ t = a;
+ a = b;
+ b = t;
}
+ }
else /* a odd - b even */
- {
- if (!BN_rshift1(b,b)) goto err;
- if (BN_cmp(a,b) < 0)
- { t=a; a=b; b=t; }
+ {
+ if (!BN_rshift1(b, b))
+ goto err;
+ if (BN_cmp(a, b) < 0) {
+ t = a;
+ a = b;
+ b = t;
}
}
+ }
else /* a is even */
- {
- if (BN_is_odd(b))
- {
- if (!BN_rshift1(a,a)) goto err;
- if (BN_cmp(a,b) < 0)
- { t=a; a=b; b=t; }
+ {
+ if (BN_is_odd(b)) {
+ if (!BN_rshift1(a, a))
+ goto err;
+ if (BN_cmp(a, b) < 0) {
+ t = a;
+ a = b;
+ b = t;
}
+ }
else /* a even - b even */
- {
- if (!BN_rshift1(a,a)) goto err;
- if (!BN_rshift1(b,b)) goto err;
+ {
+ if (!BN_rshift1(a, a))
+ goto err;
+ if (!BN_rshift1(b, b))
+ goto err;
shifts++;
- }
}
- /* 0 <= b <= a */
}
+ /* 0 <= b <= a */
+ }
- if (shifts)
- {
- if (!BN_lshift(a,a,shifts)) goto err;
- }
+ if (shifts) {
+ if (!BN_lshift(a, a, shifts))
+ goto err;
+ }
bn_check_top(a);
- return(a);
+ return (a);
+
err:
- return(NULL);
- }
+ return (NULL);
+}
/* solves ax == 1 (mod n) */
-static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
-
-BIGNUM *BN_mod_inverse(BIGNUM *in,
- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
- {
- BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
- BIGNUM *ret=NULL;
+static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a,
+ const BIGNUM *n, BN_CTX *ctx);
+
+BIGNUM *
+BN_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
+{
+ BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
+ BIGNUM *ret = NULL;
int sign;
- if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0))
- {
+ if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) ||
+ (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) {
return BN_mod_inverse_no_branch(in, a, n, ctx);
- }
+ }
bn_check_top(a);
bn_check_top(n);
M = BN_CTX_get(ctx);
Y = BN_CTX_get(ctx);
T = BN_CTX_get(ctx);
- if (T == NULL) goto err;
+ if (T == NULL)
+ goto err;
if (in == NULL)
- R=BN_new();
+ R = BN_new();
else
- R=in;
- if (R == NULL) goto err;
+ R = in;
+ if (R == NULL)
+ goto err;
BN_one(X);
BN_zero(Y);
- if (BN_copy(B,a) == NULL) goto err;
- if (BN_copy(A,n) == NULL) goto err;
+ if (BN_copy(B, a) == NULL)
+ goto err;
+ if (BN_copy(A, n) == NULL)
+ goto err;
A->neg = 0;
- if (B->neg || (BN_ucmp(B, A) >= 0))
- {
- if (!BN_nnmod(B, B, A, ctx)) goto err;
- }
+ if (B->neg || (BN_ucmp(B, A) >= 0)) {
+ if (!BN_nnmod(B, B, A, ctx))
+ goto err;
+ }
sign = -1;
/* From B = a mod |n|, A = |n| it follows that
*
* sign*Y*a == A (mod |n|).
*/
- if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048)))
- {
+ if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) {
/* Binary inversion algorithm; requires odd modulus.
* This is faster than the general algorithm if the modulus
* is sufficiently small (about 400 .. 500 bits on 32-bit
* sytems, but much more on 64-bit systems) */
int shift;
-
- while (!BN_is_zero(B))
- {
+
+ while (!BN_is_zero(B)) {
/*
* 0 < B < |n|,
* 0 < A <= |n|,
* When we're done, (1) still holds. */
shift = 0;
while (!BN_is_bit_set(B, shift)) /* note that 0 < B */
- {
+ {
shift++;
-
- if (BN_is_odd(X))
- {
- if (!BN_uadd(X, X, n)) goto err;
- }
- /* now X is even, so we can easily divide it by two */
- if (!BN_rshift1(X, X)) goto err;
- }
- if (shift > 0)
- {
- if (!BN_rshift(B, B, shift)) goto err;
+
+ if (BN_is_odd(X)) {
+ if (!BN_uadd(X, X, n))
+ goto err;
}
+ /* now X is even, so we can easily divide it by two */
+ if (!BN_rshift1(X, X))
+ goto err;
+ }
+ if (shift > 0) {
+ if (!BN_rshift(B, B, shift))
+ goto err;
+ }
/* Same for A and Y. Afterwards, (2) still holds. */
shift = 0;
while (!BN_is_bit_set(A, shift)) /* note that 0 < A */
- {
+ {
shift++;
-
- if (BN_is_odd(Y))
- {
- if (!BN_uadd(Y, Y, n)) goto err;
- }
- /* now Y is even */
- if (!BN_rshift1(Y, Y)) goto err;
- }
- if (shift > 0)
- {
- if (!BN_rshift(A, A, shift)) goto err;
+
+ if (BN_is_odd(Y)) {
+ if (!BN_uadd(Y, Y, n))
+ goto err;
}
+ /* now Y is even */
+ if (!BN_rshift1(Y, Y))
+ goto err;
+ }
+ if (shift > 0) {
+ if (!BN_rshift(A, A, shift))
+ goto err;
+ }
+
-
/* We still have (1) and (2).
* Both A and B are odd.
* The following computations ensure that
*
* and that either A or B is even in the next iteration.
*/
- if (BN_ucmp(B, A) >= 0)
- {
+ if (BN_ucmp(B, A) >= 0) {
/* -sign*(X + Y)*a == B - A (mod |n|) */
- if (!BN_uadd(X, X, Y)) goto err;
+ if (!BN_uadd(X, X, Y))
+ goto err;
/* NB: we could use BN_mod_add_quick(X, X, Y, n), but that
* actually makes the algorithm slower */
- if (!BN_usub(B, B, A)) goto err;
- }
- else
- {
+ if (!BN_usub(B, B, A))
+ goto err;
+ } else {
/* sign*(X + Y)*a == A - B (mod |n|) */
- if (!BN_uadd(Y, Y, X)) goto err;
+ if (!BN_uadd(Y, Y, X))
+ goto err;
/* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */
- if (!BN_usub(A, A, B)) goto err;
- }
+ if (!BN_usub(A, A, B))
+ goto err;
}
}
- else
- {
+ } else {
/* general inversion algorithm */
- while (!BN_is_zero(B))
- {
+ while (!BN_is_zero(B)) {
BIGNUM *tmp;
-
+
/*
* 0 < B < A,
* (*) -sign*X*a == B (mod |n|),
* sign*Y*a == A (mod |n|)
*/
-
+
/* (D, M) := (A/B, A%B) ... */
- if (BN_num_bits(A) == BN_num_bits(B))
- {
- if (!BN_one(D)) goto err;
- if (!BN_sub(M,A,B)) goto err;
- }
- else if (BN_num_bits(A) == BN_num_bits(B) + 1)
- {
+ if (BN_num_bits(A) == BN_num_bits(B)) {
+ if (!BN_one(D))
+ goto err;
+ if (!BN_sub(M, A, B))
+ goto err;
+ } else if (BN_num_bits(A) == BN_num_bits(B) + 1) {
/* A/B is 1, 2, or 3 */
- if (!BN_lshift1(T,B)) goto err;
- if (BN_ucmp(A,T) < 0)
- {
+ if (!BN_lshift1(T, B))
+ goto err;
+ if (BN_ucmp(A, T) < 0) {
/* A < 2*B, so D=1 */
- if (!BN_one(D)) goto err;
- if (!BN_sub(M,A,B)) goto err;
- }
- else
- {
+ if (!BN_one(D))
+ goto err;
+ if (!BN_sub(M, A, B))
+ goto err;
+ } else {
/* A >= 2*B, so D=2 or D=3 */
- if (!BN_sub(M,A,T)) goto err;
+ if (!BN_sub(M, A, T))
+ goto err;
if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */
- if (BN_ucmp(A,D) < 0)
- {
+ if (BN_ucmp(A, D) < 0) {
/* A < 3*B, so D=2 */
- if (!BN_set_word(D,2)) goto err;
+ if (!BN_set_word(D, 2))
+ goto err;
/* M (= A - 2*B) already has the correct value */
- }
- else
- {
+ } else {
/* only D=3 remains */
- if (!BN_set_word(D,3)) goto err;
+ if (!BN_set_word(D, 3))
+ goto err;
/* currently M = A - 2*B, but we need M = A - 3*B */
- if (!BN_sub(M,M,B)) goto err;
- }
+ if (!BN_sub(M, M, B))
+ goto err;
}
}
- else
- {
- if (!BN_div(D,M,A,B,ctx)) goto err;
- }
-
+ } else {
+ if (!BN_div(D, M, A, B, ctx))
+ goto err;
+ }
+
/* Now
* A = D*B + M;
* thus we have
* (**) sign*Y*a == D*B + M (mod |n|).
*/
-
- tmp=A; /* keep the BIGNUM object, the value does not matter */
-
+ tmp = A; /* keep the BIGNUM object, the value does not matter */
+
/* (A, B) := (B, A mod B) ... */
- A=B;
- B=M;
+ A = B;
+ B = M;
/* ... so we have 0 <= B < A again */
-
+
/* Since the former M is now B and the former B is now A,
* (**) translates into
* sign*Y*a == D*A + B (mod |n|),
* sign*Y*a == A (mod |n|).
* Note that X and Y stay non-negative all the time.
*/
-
+
/* most of the time D is very small, so we can optimize tmp := D*X+Y */
- if (BN_is_one(D))
- {
- if (!BN_add(tmp,X,Y)) goto err;
- }
- else
- {
- if (BN_is_word(D,2))
- {
- if (!BN_lshift1(tmp,X)) goto err;
- }
- else if (BN_is_word(D,4))
- {
- if (!BN_lshift(tmp,X,2)) goto err;
- }
- else if (D->top == 1)
- {
- if (!BN_copy(tmp,X)) goto err;
- if (!BN_mul_word(tmp,D->d[0])) goto err;
- }
- else
- {
- if (!BN_mul(tmp,D,X,ctx)) goto err;
- }
- if (!BN_add(tmp,tmp,Y)) goto err;
+ if (BN_is_one(D)) {
+ if (!BN_add(tmp, X, Y))
+ goto err;
+ } else {
+ if (BN_is_word(D, 2)) {
+ if (!BN_lshift1(tmp, X))
+ goto err;
+ } else if (BN_is_word(D, 4)) {
+ if (!BN_lshift(tmp, X, 2))
+ goto err;
+ } else if (D->top == 1) {
+ if (!BN_copy(tmp, X))
+ goto err;
+ if (!BN_mul_word(tmp, D->d[0]))
+ goto err;
+ } else {
+ if (!BN_mul(tmp, D,X, ctx))
+ goto err;
}
-
- M=Y; /* keep the BIGNUM object, the value does not matter */
- Y=X;
- X=tmp;
- sign = -sign;
+ if (!BN_add(tmp, tmp, Y))
+ goto err;
}
+
+ M = Y; /* keep the BIGNUM object, the value does not matter */
+ Y = X;
+ X = tmp;
+ sign = -sign;
}
-
+ }
+
/*
* The while loop (Euclid's algorithm) ends when
* A == gcd(a,n);
* where Y is non-negative.
*/
- if (sign < 0)
- {
- if (!BN_sub(Y,n,Y)) goto err;
- }
+ if (sign < 0) {
+ if (!BN_sub(Y, n, Y))
+ goto err;
+ }
/* Now Y*a == A (mod |n|). */
-
- if (BN_is_one(A))
- {
+ if (BN_is_one(A)) {
/* Y*a == 1 (mod |n|) */
- if (!Y->neg && BN_ucmp(Y,n) < 0)
- {
- if (!BN_copy(R,Y)) goto err;
- }
- else
- {
- if (!BN_nnmod(R,Y,n,ctx)) goto err;
- }
+ if (!Y->neg && BN_ucmp(Y, n) < 0) {
+ if (!BN_copy(R, Y))
+ goto err;
+ } else {
+ if (!BN_nnmod(R, Y,n, ctx))
+ goto err;
}
- else
- {
- BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
+ } else {
+ BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
goto err;
- }
- ret=R;
+ }
+ ret = R;
+
err:
- if ((ret == NULL) && (in == NULL)) BN_free(R);
+ if ((ret == NULL) && (in == NULL))
+ BN_free(R);
BN_CTX_end(ctx);
bn_check_top(ret);
- return(ret);
- }
+ return (ret);
+}
-/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse.
+/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse.
* It does not contain branches that may leak sensitive information.
*/
-static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
- {
- BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
+static BIGNUM *
+BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n,
+ BN_CTX *ctx)
+{
+ BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
BIGNUM local_A, local_B;
BIGNUM *pA, *pB;
- BIGNUM *ret=NULL;
+ BIGNUM *ret = NULL;
int sign;
bn_check_top(a);
M = BN_CTX_get(ctx);
Y = BN_CTX_get(ctx);
T = BN_CTX_get(ctx);
- if (T == NULL) goto err;
+ if (T == NULL)
+ goto err;
if (in == NULL)
- R=BN_new();
+ R = BN_new();
else
- R=in;
- if (R == NULL) goto err;
+ R = in;
+ if (R == NULL)
+ goto err;
BN_one(X);
BN_zero(Y);
- if (BN_copy(B,a) == NULL) goto err;
- if (BN_copy(A,n) == NULL) goto err;
+ if (BN_copy(B, a) == NULL)
+ goto err;
+ if (BN_copy(A, n) == NULL)
+ goto err;
A->neg = 0;
- if (B->neg || (BN_ucmp(B, A) >= 0))
- {
+ if (B->neg || (BN_ucmp(B, A) >= 0)) {
/* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
* BN_div_no_branch will be called eventually.
*/
pB = &local_B;
- BN_with_flags(pB, B, BN_FLG_CONSTTIME);
- if (!BN_nnmod(B, pB, A, ctx)) goto err;
- }
+ BN_with_flags(pB, B, BN_FLG_CONSTTIME);
+ if (!BN_nnmod(B, pB, A, ctx))
+ goto err;
+ }
sign = -1;
/* From B = a mod |n|, A = |n| it follows that
*
* sign*Y*a == A (mod |n|).
*/
- while (!BN_is_zero(B))
- {
+ while (!BN_is_zero(B)) {
BIGNUM *tmp;
-
+
/*
* 0 < B < A,
* (*) -sign*X*a == B (mod |n|),
* BN_div_no_branch will be called eventually.
*/
pA = &local_A;
- BN_with_flags(pA, A, BN_FLG_CONSTTIME);
-
- /* (D, M) := (A/B, A%B) ... */
- if (!BN_div(D,M,pA,B,ctx)) goto err;
-
+ BN_with_flags(pA, A, BN_FLG_CONSTTIME);
+
+ /* (D, M) := (A/B, A%B) ... */
+ if (!BN_div(D, M, pA, B, ctx))
+ goto err;
+
/* Now
* A = D*B + M;
* thus we have
* (**) sign*Y*a == D*B + M (mod |n|).
*/
-
- tmp=A; /* keep the BIGNUM object, the value does not matter */
-
+ tmp = A; /* keep the BIGNUM object, the value does not matter */
+
/* (A, B) := (B, A mod B) ... */
- A=B;
- B=M;
+ A = B;
+ B = M;
/* ... so we have 0 <= B < A again */
-
+
/* Since the former M is now B and the former B is now A,
* (**) translates into
* sign*Y*a == D*A + B (mod |n|),
* sign*Y*a == A (mod |n|).
* Note that X and Y stay non-negative all the time.
*/
-
- if (!BN_mul(tmp,D,X,ctx)) goto err;
- if (!BN_add(tmp,tmp,Y)) goto err;
- M=Y; /* keep the BIGNUM object, the value does not matter */
- Y=X;
- X=tmp;
+ if (!BN_mul(tmp, D, X, ctx))
+ goto err;
+ if (!BN_add(tmp, tmp, Y))
+ goto err;
+
+ M = Y; /* keep the BIGNUM object, the value does not matter */
+ Y = X;
+ X = tmp;
sign = -sign;
- }
-
+ }
+
/*
* The while loop (Euclid's algorithm) ends when
* A == gcd(a,n);
* where Y is non-negative.
*/
- if (sign < 0)
- {
- if (!BN_sub(Y,n,Y)) goto err;
- }
+ if (sign < 0) {
+ if (!BN_sub(Y, n, Y))
+ goto err;
+ }
/* Now Y*a == A (mod |n|). */
- if (BN_is_one(A))
- {
+ if (BN_is_one(A)) {
/* Y*a == 1 (mod |n|) */
- if (!Y->neg && BN_ucmp(Y,n) < 0)
- {
- if (!BN_copy(R,Y)) goto err;
- }
- else
- {
- if (!BN_nnmod(R,Y,n,ctx)) goto err;
- }
+ if (!Y->neg && BN_ucmp(Y, n) < 0) {
+ if (!BN_copy(R, Y))
+ goto err;
+ } else {
+ if (!BN_nnmod(R, Y, n, ctx))
+ goto err;
}
- else
- {
- BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH,BN_R_NO_INVERSE);
+ } else {
+ BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE);
goto err;
- }
- ret=R;
+ }
+ ret = R;
+
err:
- if ((ret == NULL) && (in == NULL)) BN_free(R);
+ if ((ret == NULL) && (in == NULL))
+ BN_free(R);
BN_CTX_end(ctx);
bn_check_top(ret);
- return(ret);
- }
+ return (ret);
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#define MAX_ITERATIONS 50
static const BN_ULONG SQR_tb[16] =
- { 0, 1, 4, 5, 16, 17, 20, 21,
- 64, 65, 68, 69, 80, 81, 84, 85 };
+ { 0, 1, 4, 5, 16, 17, 20, 21,
+64, 65, 68, 69, 80, 81, 84, 85 };
/* Platform-specific macros to accelerate squaring. */
#ifdef _LP64
#define SQR1(w) \
* The caller MUST ensure that the variables have the right amount
* of space allocated.
*/
-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
- {
+static void
+bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
+{
#ifndef _LP64
register BN_ULONG h, l, s;
- BN_ULONG tab[8], top2b = a >> 30;
+ BN_ULONG tab[8], top2b = a >> 30;
register BN_ULONG a1, a2, a4;
- a1 = a & (0x3FFFFFFF); a2 = a1 << 1; a4 = a2 << 1;
-
- tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2;
- tab[4] = a4; tab[5] = a1^a4; tab[6] = a2^a4; tab[7] = a1^a2^a4;
-
- s = tab[b & 0x7]; l = s;
- s = tab[b >> 3 & 0x7]; l ^= s << 3; h = s >> 29;
- s = tab[b >> 6 & 0x7]; l ^= s << 6; h ^= s >> 26;
- s = tab[b >> 9 & 0x7]; l ^= s << 9; h ^= s >> 23;
- s = tab[b >> 12 & 0x7]; l ^= s << 12; h ^= s >> 20;
- s = tab[b >> 15 & 0x7]; l ^= s << 15; h ^= s >> 17;
- s = tab[b >> 18 & 0x7]; l ^= s << 18; h ^= s >> 14;
- s = tab[b >> 21 & 0x7]; l ^= s << 21; h ^= s >> 11;
- s = tab[b >> 24 & 0x7]; l ^= s << 24; h ^= s >> 8;
- s = tab[b >> 27 & 0x7]; l ^= s << 27; h ^= s >> 5;
- s = tab[b >> 30 ]; l ^= s << 30; h ^= s >> 2;
+ a1 = a & (0x3FFFFFFF);
+ a2 = a1 << 1;
+ a4 = a2 << 1;
+
+ tab[0] = 0;
+ tab[1] = a1;
+ tab[2] = a2;
+ tab[3] = a1 ^ a2;
+ tab[4] = a4;
+ tab[5] = a1 ^ a4;
+ tab[6] = a2 ^ a4;
+ tab[7] = a1 ^ a2 ^ a4;
+
+ s = tab[b & 0x7];
+ l = s;
+ s = tab[b >> 3 & 0x7];
+ l ^= s << 3;
+ h = s >> 29;
+ s = tab[b >> 6 & 0x7];
+ l ^= s << 6;
+ h ^= s >> 26;
+ s = tab[b >> 9 & 0x7];
+ l ^= s << 9;
+ h ^= s >> 23;
+ s = tab[b >> 12 & 0x7];
+ l ^= s << 12;
+ h ^= s >> 20;
+ s = tab[b >> 15 & 0x7];
+ l ^= s << 15;
+ h ^= s >> 17;
+ s = tab[b >> 18 & 0x7];
+ l ^= s << 18;
+ h ^= s >> 14;
+ s = tab[b >> 21 & 0x7];
+ l ^= s << 21;
+ h ^= s >> 11;
+ s = tab[b >> 24 & 0x7];
+ l ^= s << 24;
+ h ^= s >> 8;
+ s = tab[b >> 27 & 0x7];
+ l ^= s << 27;
+ h ^= s >> 5;
+ s = tab[b >> 30];
+ l ^= s << 30;
+ h ^= s >> 2;
/* compensate for the top two bits of a */
+ if (top2b & 01) {
+ l ^= b << 30;
+ h ^= b >> 2;
+ }
+ if (top2b & 02) {
+ l ^= b << 31;
+ h ^= b >> 1;
+ }
- if (top2b & 01) { l ^= b << 30; h ^= b >> 2; }
- if (top2b & 02) { l ^= b << 31; h ^= b >> 1; }
-
- *r1 = h; *r0 = l;
+ *r1 = h;
+ *r0 = l;
#else
register BN_ULONG h, l, s;
BN_ULONG tab[16], top3b = a >> 61;
register BN_ULONG a1, a2, a4, a8;
- a1 = a & (0x1FFFFFFFFFFFFFFFULL); a2 = a1 << 1; a4 = a2 << 1; a8 = a4 << 1;
-
- tab[ 0] = 0; tab[ 1] = a1; tab[ 2] = a2; tab[ 3] = a1^a2;
- tab[ 4] = a4; tab[ 5] = a1^a4; tab[ 6] = a2^a4; tab[ 7] = a1^a2^a4;
- tab[ 8] = a8; tab[ 9] = a1^a8; tab[10] = a2^a8; tab[11] = a1^a2^a8;
- tab[12] = a4^a8; tab[13] = a1^a4^a8; tab[14] = a2^a4^a8; tab[15] = a1^a2^a4^a8;
-
- s = tab[b & 0xF]; l = s;
- s = tab[b >> 4 & 0xF]; l ^= s << 4; h = s >> 60;
- s = tab[b >> 8 & 0xF]; l ^= s << 8; h ^= s >> 56;
- s = tab[b >> 12 & 0xF]; l ^= s << 12; h ^= s >> 52;
- s = tab[b >> 16 & 0xF]; l ^= s << 16; h ^= s >> 48;
- s = tab[b >> 20 & 0xF]; l ^= s << 20; h ^= s >> 44;
- s = tab[b >> 24 & 0xF]; l ^= s << 24; h ^= s >> 40;
- s = tab[b >> 28 & 0xF]; l ^= s << 28; h ^= s >> 36;
- s = tab[b >> 32 & 0xF]; l ^= s << 32; h ^= s >> 32;
- s = tab[b >> 36 & 0xF]; l ^= s << 36; h ^= s >> 28;
- s = tab[b >> 40 & 0xF]; l ^= s << 40; h ^= s >> 24;
- s = tab[b >> 44 & 0xF]; l ^= s << 44; h ^= s >> 20;
- s = tab[b >> 48 & 0xF]; l ^= s << 48; h ^= s >> 16;
- s = tab[b >> 52 & 0xF]; l ^= s << 52; h ^= s >> 12;
- s = tab[b >> 56 & 0xF]; l ^= s << 56; h ^= s >> 8;
- s = tab[b >> 60 ]; l ^= s << 60; h ^= s >> 4;
+ a1 = a & (0x1FFFFFFFFFFFFFFFULL);
+ a2 = a1 << 1;
+ a4 = a2 << 1;
+ a8 = a4 << 1;
+
+ tab[0] = 0;
+ tab[1] = a1;
+ tab[2] = a2;
+ tab[3] = a1 ^ a2;
+ tab[4] = a4;
+ tab[5] = a1 ^ a4;
+ tab[6] = a2 ^ a4;
+ tab[7] = a1 ^ a2 ^ a4;
+ tab[8] = a8;
+ tab[9] = a1 ^ a8;
+ tab[10] = a2 ^ a8;
+ tab[11] = a1 ^ a2 ^ a8;
+ tab[12] = a4 ^ a8;
+ tab[13] = a1 ^ a4 ^ a8;
+ tab[14] = a2 ^ a4 ^ a8;
+ tab[15] = a1 ^ a2 ^ a4 ^ a8;
+
+ s = tab[b & 0xF];
+ l = s;
+ s = tab[b >> 4 & 0xF];
+ l ^= s << 4;
+ h = s >> 60;
+ s = tab[b >> 8 & 0xF];
+ l ^= s << 8;
+ h ^= s >> 56;
+ s = tab[b >> 12 & 0xF];
+ l ^= s << 12;
+ h ^= s >> 52;
+ s = tab[b >> 16 & 0xF];
+ l ^= s << 16;
+ h ^= s >> 48;
+ s = tab[b >> 20 & 0xF];
+ l ^= s << 20;
+ h ^= s >> 44;
+ s = tab[b >> 24 & 0xF];
+ l ^= s << 24;
+ h ^= s >> 40;
+ s = tab[b >> 28 & 0xF];
+ l ^= s << 28;
+ h ^= s >> 36;
+ s = tab[b >> 32 & 0xF];
+ l ^= s << 32;
+ h ^= s >> 32;
+ s = tab[b >> 36 & 0xF];
+ l ^= s << 36;
+ h ^= s >> 28;
+ s = tab[b >> 40 & 0xF];
+ l ^= s << 40;
+ h ^= s >> 24;
+ s = tab[b >> 44 & 0xF];
+ l ^= s << 44;
+ h ^= s >> 20;
+ s = tab[b >> 48 & 0xF];
+ l ^= s << 48;
+ h ^= s >> 16;
+ s = tab[b >> 52 & 0xF];
+ l ^= s << 52;
+ h ^= s >> 12;
+ s = tab[b >> 56 & 0xF];
+ l ^= s << 56;
+ h ^= s >> 8;
+ s = tab[b >> 60];
+ l ^= s << 60;
+ h ^= s >> 4;
/* compensate for the top three bits of a */
+ if (top3b & 01) {
+ l ^= b << 61;
+ h ^= b >> 3;
+ }
+ if (top3b & 02) {
+ l ^= b << 62;
+ h ^= b >> 2;
+ }
+ if (top3b & 04) {
+ l ^= b << 63;
+ h ^= b >> 1;
+ }
- if (top3b & 01) { l ^= b << 61; h ^= b >> 3; }
- if (top3b & 02) { l ^= b << 62; h ^= b >> 2; }
- if (top3b & 04) { l ^= b << 63; h ^= b >> 1; }
-
- *r1 = h; *r0 = l;
+ *r1 = h;
+ *r0 = l;
#endif
- }
+}
/* Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1,
* result is a polynomial r with degree < 4 * BN_BITS2 - 1
* The caller MUST ensure that the variables have the right amount
* of space allocated.
*/
-static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, const BN_ULONG b1, const BN_ULONG b0)
- {
+static void
+bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0,
+ const BN_ULONG b1, const BN_ULONG b0)
+{
BN_ULONG m1, m0;
+
/* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */
- bn_GF2m_mul_1x1(r+3, r+2, a1, b1);
- bn_GF2m_mul_1x1(r+1, r, a0, b0);
+ bn_GF2m_mul_1x1(r + 3, r + 2, a1, b1);
+ bn_GF2m_mul_1x1(r + 1, r, a0, b0);
bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);
/* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */
r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */
r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */
- }
+}
#else
-void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1, BN_ULONG b0);
-#endif
+void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1,
+ BN_ULONG b0);
+#endif
-/* Add polynomials a and b and store result in r; r could be a or b, a and b
+/* Add polynomials a and b and store result in r; r could be a or b, a and b
* could be equal; r is the bitwise XOR of a and b.
*/
-int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
- {
+int
+BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
int i;
const BIGNUM *at, *bt;
bn_check_top(a);
bn_check_top(b);
- if (a->top < b->top) { at = b; bt = a; }
- else { at = a; bt = b; }
+ if (a->top < b->top) {
+ at = b;
+ bt = a;
+ } else {
+ at = a;
+ bt = b;
+ }
- if(bn_wexpand(r, at->top) == NULL)
+ if (bn_wexpand(r, at->top) == NULL)
return 0;
- for (i = 0; i < bt->top; i++)
- {
+ for (i = 0; i < bt->top; i++) {
r->d[i] = at->d[i] ^ bt->d[i];
- }
- for (; i < at->top; i++)
- {
+ }
+ for (; i < at->top; i++) {
r->d[i] = at->d[i];
- }
-
+ }
+
r->top = at->top;
bn_correct_top(r);
-
+
return 1;
- }
+}
/* Some functions allow for representation of the irreducible polynomials
/* Performs modular reduction of a and store result in r. r could be a. */
-int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
- {
+int
+BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
+{
int j, k;
int n, dN, d0, d1;
BN_ULONG zz, *z;
bn_check_top(a);
- if (!p[0])
- {
+ if (!p[0]) {
/* reduction mod 1 => return 0 */
BN_zero(r);
return 1;
- }
+ }
/* Since the algorithm does reduction in the r value, if a != r, copy
- * the contents of a into r so we can do reduction in r.
+ * the contents of a into r so we can do reduction in r.
*/
- if (a != r)
- {
- if (!bn_wexpand(r, a->top)) return 0;
- for (j = 0; j < a->top; j++)
- {
+ if (a != r) {
+ if (!bn_wexpand(r, a->top))
+ return 0;
+ for (j = 0; j < a->top; j++) {
r->d[j] = a->d[j];
- }
- r->top = a->top;
}
+ r->top = a->top;
+ }
z = r->d;
/* start reduction */
- dN = p[0] / BN_BITS2;
- for (j = r->top - 1; j > dN;)
- {
+ dN = p[0] / BN_BITS2;
+ for (j = r->top - 1; j > dN; ) {
zz = z[j];
- if (z[j] == 0) { j--; continue; }
+ if (z[j] == 0) {
+ j--;
+ continue;
+ }
z[j] = 0;
- for (k = 1; p[k] != 0; k++)
- {
+ for (k = 1; p[k] != 0; k++) {
/* reducing component t^p[k] */
n = p[0] - p[k];
- d0 = n % BN_BITS2; d1 = BN_BITS2 - d0;
- n /= BN_BITS2;
- z[j-n] ^= (zz>>d0);
- if (d0) z[j-n-1] ^= (zz<<d1);
- }
+ d0 = n % BN_BITS2;
+ d1 = BN_BITS2 - d0;
+ n /= BN_BITS2;
+ z[j - n] ^= (zz >> d0);
+ if (d0)
+ z[j - n - 1] ^= (zz << d1);
+ }
/* reducing component t^0 */
- n = dN;
+ n = dN;
d0 = p[0] % BN_BITS2;
d1 = BN_BITS2 - d0;
- z[j-n] ^= (zz >> d0);
- if (d0) z[j-n-1] ^= (zz << d1);
- }
+ z[j - n] ^= (zz >> d0);
+ if (d0)
+ z[j - n - 1] ^= (zz << d1);
+ }
/* final round of reduction */
- while (j == dN)
- {
+ while (j == dN) {
d0 = p[0] % BN_BITS2;
zz = z[dN] >> d0;
- if (zz == 0) break;
+ if (zz == 0)
+ break;
d1 = BN_BITS2 - d0;
-
+
/* clear up the top d1 bits */
if (d0)
z[dN] = (z[dN] << d1) >> d1;
z[dN] = 0;
z[0] ^= zz; /* reduction t^0 component */
- for (k = 1; p[k] != 0; k++)
- {
+ for (k = 1; p[k] != 0; k++) {
BN_ULONG tmp_ulong;
/* reducing component t^p[k]*/
- n = p[k] / BN_BITS2;
+ n = p[k] / BN_BITS2;
d0 = p[k] % BN_BITS2;
d1 = BN_BITS2 - d0;
z[n] ^= (zz << d0);
tmp_ulong = zz >> d1;
- if (d0 && tmp_ulong)
- z[n+1] ^= tmp_ulong;
- }
-
-
+ if (d0 && tmp_ulong)
+ z[n + 1] ^= tmp_ulong;
}
+
+ }
+
bn_correct_top(r);
return 1;
- }
+}
/* Performs modular reduction of a by p and store result in r. r could be a.
*
* This function calls down to the BN_GF2m_mod_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
+ * function is only provided for convenience; for best performance, use the
* BN_GF2m_mod_arr function.
*/
-int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
- {
+int
+BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
+{
int ret = 0;
int arr[6];
+
bn_check_top(a);
bn_check_top(p);
- ret = BN_GF2m_poly2arr(p, arr, sizeof(arr)/sizeof(arr[0]));
- if (!ret || ret > (int)(sizeof(arr)/sizeof(arr[0])))
- {
- BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH);
+ ret = BN_GF2m_poly2arr(p, arr, sizeof(arr) / sizeof(arr[0]));
+ if (!ret || ret > (int)(sizeof(arr) / sizeof(arr[0]))) {
+ BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH);
return 0;
- }
+ }
ret = BN_GF2m_mod_arr(r, a, arr);
bn_check_top(r);
return ret;
- }
+}
/* Compute the product of two polynomials a and b, reduce modulo p, and store
* the result in r. r could be a or b; a could be b.
*/
-int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[], BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[],
+ BN_CTX *ctx)
+{
int zlen, i, j, k, ret = 0;
BIGNUM *s;
BN_ULONG x1, x0, y1, y0, zz[4];
bn_check_top(a);
bn_check_top(b);
- if (a == b)
- {
+ if (a == b) {
return BN_GF2m_mod_sqr_arr(r, a, p, ctx);
- }
+ }
BN_CTX_start(ctx);
- if ((s = BN_CTX_get(ctx)) == NULL) goto err;
-
+ if ((s = BN_CTX_get(ctx)) == NULL)
+ goto err;
+
zlen = a->top + b->top + 4;
- if (!bn_wexpand(s, zlen)) goto err;
+ if (!bn_wexpand(s, zlen))
+ goto err;
s->top = zlen;
- for (i = 0; i < zlen; i++) s->d[i] = 0;
+ for (i = 0; i < zlen; i++)
+ s->d[i] = 0;
- for (j = 0; j < b->top; j += 2)
- {
+ for (j = 0; j < b->top; j += 2) {
y0 = b->d[j];
- y1 = ((j+1) == b->top) ? 0 : b->d[j+1];
- for (i = 0; i < a->top; i += 2)
- {
+ y1 = ((j + 1) == b->top) ? 0 : b->d[j + 1];
+ for (i = 0; i < a->top; i += 2) {
x0 = a->d[i];
- x1 = ((i+1) == a->top) ? 0 : a->d[i+1];
+ x1 = ((i + 1) == a->top) ? 0 : a->d[i + 1];
bn_GF2m_mul_2x2(zz, x1, x0, y1, y0);
- for (k = 0; k < 4; k++) s->d[i+j+k] ^= zz[k];
- }
+ for (k = 0; k < 4; k++)
+ s->d[i + j + k] ^= zz[k];
}
+ }
bn_correct_top(s);
if (BN_GF2m_mod_arr(r, s, p))
err:
BN_CTX_end(ctx);
return ret;
- }
+}
/* Compute the product of two polynomials a and b, reduce modulo p, and store
* the result in r. r could be a or b; a could equal b.
*
* This function calls down to the BN_GF2m_mod_mul_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
+ * function is only provided for convenience; for best performance, use the
* BN_GF2m_mod_mul_arr function.
*/
-int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
+ BN_CTX *ctx)
+{
int ret = 0;
const int max = BN_num_bits(p) + 1;
- int *arr=NULL;
+ int *arr = NULL;
+
bn_check_top(a);
bn_check_top(b);
bn_check_top(p);
- if ((arr = (int *)malloc(sizeof(int) * max)) == NULL) goto err;
+ if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+ goto err;
ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max)
- {
- BNerr(BN_F_BN_GF2M_MOD_MUL,BN_R_INVALID_LENGTH);
+ if (!ret || ret > max) {
+ BNerr(BN_F_BN_GF2M_MOD_MUL, BN_R_INVALID_LENGTH);
goto err;
- }
+ }
ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
bn_check_top(r);
+
err:
- if (arr) free(arr);
+ if (arr)
+ free(arr);
return ret;
- }
+}
/* Square a, reduce the result mod p, and store it in a. r could be a. */
-int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
+{
int i, ret = 0;
BIGNUM *s;
bn_check_top(a);
BN_CTX_start(ctx);
- if ((s = BN_CTX_get(ctx)) == NULL) return 0;
- if (!bn_wexpand(s, 2 * a->top)) goto err;
+ if ((s = BN_CTX_get(ctx)) == NULL)
+ return 0;
+ if (!bn_wexpand(s, 2 * a->top))
+ goto err;
- for (i = a->top - 1; i >= 0; i--)
- {
- s->d[2*i+1] = SQR1(a->d[i]);
- s->d[2*i ] = SQR0(a->d[i]);
- }
+ for (i = a->top - 1; i >= 0; i--) {
+ s->d[2 * i + 1] = SQR1(a->d[i]);
+ s->d[2 * i] = SQR0(a->d[i]);
+ }
s->top = 2 * a->top;
bn_correct_top(s);
- if (!BN_GF2m_mod_arr(r, s, p)) goto err;
+ if (!BN_GF2m_mod_arr(r, s, p))
+ goto err;
bn_check_top(r);
ret = 1;
+
err:
BN_CTX_end(ctx);
return ret;
- }
+}
/* Square a, reduce the result mod p, and store it in a. r could be a.
*
* This function calls down to the BN_GF2m_mod_sqr_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
+ * function is only provided for convenience; for best performance, use the
* BN_GF2m_mod_sqr_arr function.
*/
-int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
int ret = 0;
const int max = BN_num_bits(p) + 1;
- int *arr=NULL;
+ int *arr = NULL;
bn_check_top(a);
bn_check_top(p);
- if ((arr = (int *)malloc(sizeof(int) * max)) == NULL) goto err;
+ if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+ goto err;
ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max)
- {
- BNerr(BN_F_BN_GF2M_MOD_SQR,BN_R_INVALID_LENGTH);
+ if (!ret || ret > max) {
+ BNerr(BN_F_BN_GF2M_MOD_SQR, BN_R_INVALID_LENGTH);
goto err;
- }
+ }
ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
bn_check_top(r);
+
err:
- if (arr) free(arr);
+ if (arr)
+ free(arr);
return ret;
- }
+}
-/* Invert a, reduce modulo p, and store the result in r. r could be a.
+/* Invert a, reduce modulo p, and store the result in r. r could be a.
* Uses Modified Almost Inverse Algorithm (Algorithm 10) from
* Hankerson, D., Hernandez, J.L., and Menezes, A. "Software Implementation
* of Elliptic Curve Cryptography Over Binary Fields".
*/
-int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp;
int ret = 0;
bn_check_top(p);
BN_CTX_start(ctx);
-
- if ((b = BN_CTX_get(ctx))==NULL) goto err;
- if ((c = BN_CTX_get(ctx))==NULL) goto err;
- if ((u = BN_CTX_get(ctx))==NULL) goto err;
- if ((v = BN_CTX_get(ctx))==NULL) goto err;
- if (!BN_GF2m_mod(u, a, p)) goto err;
- if (BN_is_zero(u)) goto err;
+ if ((b = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ if ((c = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ if ((u = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ if ((v = BN_CTX_get(ctx)) == NULL)
+ goto err;
- if (!BN_copy(v, p)) goto err;
+ if (!BN_GF2m_mod(u, a, p))
+ goto err;
+ if (BN_is_zero(u))
+ goto err;
+
+ if (!BN_copy(v, p))
+ goto err;
#if 0
- if (!BN_one(b)) goto err;
-
- while (1)
- {
- while (!BN_is_odd(u))
- {
- if (BN_is_zero(u)) goto err;
- if (!BN_rshift1(u, u)) goto err;
- if (BN_is_odd(b))
- {
- if (!BN_GF2m_add(b, b, p)) goto err;
- }
- if (!BN_rshift1(b, b)) goto err;
+ if (!BN_one(b))
+ goto err;
+
+ while (1) {
+ while (!BN_is_odd(u)) {
+ if (BN_is_zero(u))
+ goto err;
+ if (!BN_rshift1(u, u))
+ goto err;
+ if (BN_is_odd(b)) {
+ if (!BN_GF2m_add(b, b, p))
+ goto err;
}
+ if (!BN_rshift1(b, b))
+ goto err;
+ }
- if (BN_abs_is_word(u, 1)) break;
+ if (BN_abs_is_word(u, 1))
+ break;
- if (BN_num_bits(u) < BN_num_bits(v))
- {
- tmp = u; u = v; v = tmp;
- tmp = b; b = c; c = tmp;
- }
-
- if (!BN_GF2m_add(u, u, v)) goto err;
- if (!BN_GF2m_add(b, b, c)) goto err;
+ if (BN_num_bits(u) < BN_num_bits(v)) {
+ tmp = u;
+ u = v;
+ v = tmp;
+ tmp = b;
+ b = c;
+ c = tmp;
}
+
+ if (!BN_GF2m_add(u, u, v))
+ goto err;
+ if (!BN_GF2m_add(b, b, c))
+ goto err;
+ }
#else
{
- int i, ubits = BN_num_bits(u),
+ int i, ubits = BN_num_bits(u),
vbits = BN_num_bits(v), /* v is copy of p */
top = p->top;
- BN_ULONG *udp,*bdp,*vdp,*cdp;
-
- bn_wexpand(u,top); udp = u->d;
- for (i=u->top;i<top;i++) udp[i] = 0;
- u->top = top;
- bn_wexpand(b,top); bdp = b->d;
- bdp[0] = 1;
- for (i=1;i<top;i++) bdp[i] = 0;
- b->top = top;
- bn_wexpand(c,top); cdp = c->d;
- for (i=0;i<top;i++) cdp[i] = 0;
- c->top = top;
- vdp = v->d; /* It pays off to "cache" *->d pointers, because
- * it allows optimizer to be more aggressive.
- * But we don't have to "cache" p->d, because *p
- * is declared 'const'... */
- while (1)
- {
- while (ubits && !(udp[0]&1))
- {
- BN_ULONG u0,u1,b0,b1,mask;
-
- u0 = udp[0];
- b0 = bdp[0];
- mask = (BN_ULONG)0-(b0&1);
- b0 ^= p->d[0]&mask;
- for (i=0;i<top-1;i++)
- {
- u1 = udp[i+1];
- udp[i] = ((u0>>1)|(u1<<(BN_BITS2-1)))&BN_MASK2;
- u0 = u1;
- b1 = bdp[i+1]^(p->d[i+1]&mask);
- bdp[i] = ((b0>>1)|(b1<<(BN_BITS2-1)))&BN_MASK2;
- b0 = b1;
+ BN_ULONG *udp, *bdp, *vdp, *cdp;
+
+ bn_wexpand(u, top);
+ udp = u->d;
+ for (i = u->top; i < top; i++)
+ udp[i] = 0;
+ u->top = top;
+ bn_wexpand(b, top);
+ bdp = b->d;
+ bdp[0] = 1;
+ for (i = 1; i < top; i++)
+ bdp[i] = 0;
+ b->top = top;
+ bn_wexpand(c, top);
+ cdp = c->d;
+ for (i = 0; i < top; i++)
+ cdp[i] = 0;
+ c->top = top;
+ vdp = v->d; /* It pays off to "cache" *->d pointers, because
+ * it allows optimizer to be more aggressive.
+ * But we don't have to "cache" p->d, because *p
+ * is declared 'const'... */
+ while (1) {
+ while (ubits && !(udp[0]&1)) {
+ BN_ULONG u0, u1, b0, b1, mask;
+
+ u0 = udp[0];
+ b0 = bdp[0];
+ mask = (BN_ULONG)0 - (b0 & 1);
+ b0 ^= p->d[0] & mask;
+ for (i = 0; i < top - 1; i++) {
+ u1 = udp[i + 1];
+ udp[i] = ((u0 >> 1) |
+ (u1 << (BN_BITS2 - 1))) & BN_MASK2;
+ u0 = u1;
+ b1 = bdp[i + 1] ^ (p->d[i + 1] & mask);
+ bdp[i] = ((b0 >> 1) |
+ (b1 << (BN_BITS2 - 1))) & BN_MASK2;
+ b0 = b1;
}
- udp[i] = u0>>1;
- bdp[i] = b0>>1;
- ubits--;
+ udp[i] = u0 >> 1;
+ bdp[i] = b0 >> 1;
+ ubits--;
}
- if (ubits<=BN_BITS2 && udp[0]==1) break;
-
- if (ubits<vbits)
- {
- i = ubits; ubits = vbits; vbits = i;
- tmp = u; u = v; v = tmp;
- tmp = b; b = c; c = tmp;
- udp = vdp; vdp = v->d;
- bdp = cdp; cdp = c->d;
+ if (ubits <= BN_BITS2 && udp[0] == 1)
+ break;
+
+ if (ubits < vbits) {
+ i = ubits;
+ ubits = vbits;
+ vbits = i;
+ tmp = u;
+ u = v;
+ v = tmp;
+ tmp = b;
+ b = c;
+ c = tmp;
+ udp = vdp;
+ vdp = v->d;
+ bdp = cdp;
+ cdp = c->d;
}
- for(i=0;i<top;i++)
- {
- udp[i] ^= vdp[i];
- bdp[i] ^= cdp[i];
+ for (i = 0; i < top; i++) {
+ udp[i] ^= vdp[i];
+ bdp[i] ^= cdp[i];
}
- if (ubits==vbits)
- {
- BN_ULONG ul;
- int utop = (ubits-1)/BN_BITS2;
+ if (ubits == vbits) {
+ BN_ULONG ul;
+ int utop = (ubits - 1) / BN_BITS2;
- while ((ul=udp[utop])==0 && utop) utop--;
- ubits = utop*BN_BITS2 + BN_num_bits_word(ul);
+ while ((ul = udp[utop]) == 0 && utop)
+ utop--;
+ ubits = utop*BN_BITS2 + BN_num_bits_word(ul);
}
}
- bn_correct_top(b);
+ bn_correct_top(b);
}
#endif
- if (!BN_copy(r, b)) goto err;
+ if (!BN_copy(r, b))
+ goto err;
bn_check_top(r);
ret = 1;
err:
#ifdef BN_DEBUG /* BN_CTX_end would complain about the expanded form */
- bn_correct_top(c);
- bn_correct_top(u);
- bn_correct_top(v);
+ bn_correct_top(c);
+ bn_correct_top(u);
+ bn_correct_top(v);
#endif
- BN_CTX_end(ctx);
+ BN_CTX_end(ctx);
return ret;
- }
+}
-/* Invert xx, reduce modulo p, and store the result in r. r could be xx.
+/* Invert xx, reduce modulo p, and store the result in r. r could be xx.
*
* This function calls down to the BN_GF2m_mod_inv implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
+ * function is only provided for convenience; for best performance, use the
* BN_GF2m_mod_inv function.
*/
-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], BN_CTX *ctx)
+{
BIGNUM *field;
int ret = 0;
bn_check_top(xx);
BN_CTX_start(ctx);
- if ((field = BN_CTX_get(ctx)) == NULL) goto err;
- if (!BN_GF2m_arr2poly(p, field)) goto err;
-
+ if ((field = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ if (!BN_GF2m_arr2poly(p, field))
+ goto err;
+
ret = BN_GF2m_mod_inv(r, xx, field, ctx);
bn_check_top(r);
err:
BN_CTX_end(ctx);
return ret;
- }
+}
#ifndef OPENSSL_SUN_GF2M_DIV
-/* Divide y by x, reduce modulo p, and store the result in r. r could be x
+/* Divide y by x, reduce modulo p, and store the result in r. r could be x
* or y, x could equal y.
*/
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p,
+ BN_CTX *ctx)
+{
BIGNUM *xinv = NULL;
int ret = 0;
BN_CTX_start(ctx);
xinv = BN_CTX_get(ctx);
- if (xinv == NULL) goto err;
-
- if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) goto err;
- if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) goto err;
+ if (xinv == NULL)
+ goto err;
+
+ if (!BN_GF2m_mod_inv(xinv, x, p, ctx))
+ goto err;
+ if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx))
+ goto err;
bn_check_top(r);
ret = 1;
err:
BN_CTX_end(ctx);
return ret;
- }
+}
#else
-/* Divide y by x, reduce modulo p, and store the result in r. r could be x
+/* Divide y by x, reduce modulo p, and store the result in r. r could be x
* or y, x could equal y.
- * Uses algorithm Modular_Division_GF(2^m) from
- * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to
+ * Uses algorithm Modular_Division_GF(2^m) from
+ * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to
* the Great Divide".
*/
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p,
+ BN_CTX *ctx)
+{
BIGNUM *a, *b, *u, *v;
int ret = 0;
bn_check_top(p);
BN_CTX_start(ctx);
-
+
a = BN_CTX_get(ctx);
b = BN_CTX_get(ctx);
u = BN_CTX_get(ctx);
v = BN_CTX_get(ctx);
- if (v == NULL) goto err;
+ if (v == NULL)
+ goto err;
/* reduce x and y mod p */
- if (!BN_GF2m_mod(u, y, p)) goto err;
- if (!BN_GF2m_mod(a, x, p)) goto err;
- if (!BN_copy(b, p)) goto err;
-
- while (!BN_is_odd(a))
- {
- if (!BN_rshift1(a, a)) goto err;
- if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err;
- if (!BN_rshift1(u, u)) goto err;
- }
+ if (!BN_GF2m_mod(u, y, p))
+ goto err;
+ if (!BN_GF2m_mod(a, x, p))
+ goto err;
+ if (!BN_copy(b, p))
+ goto err;
- do
- {
- if (BN_GF2m_cmp(b, a) > 0)
- {
- if (!BN_GF2m_add(b, b, a)) goto err;
- if (!BN_GF2m_add(v, v, u)) goto err;
- do
- {
- if (!BN_rshift1(b, b)) goto err;
- if (BN_is_odd(v)) if (!BN_GF2m_add(v, v, p)) goto err;
- if (!BN_rshift1(v, v)) goto err;
- } while (!BN_is_odd(b));
- }
- else if (BN_abs_is_word(a, 1))
+ while (!BN_is_odd(a)) {
+ if (!BN_rshift1(a, a))
+ goto err;
+ if (BN_is_odd(u))
+ if (!BN_GF2m_add(u, u, p))
+ goto err;
+ if (!BN_rshift1(u, u))
+ goto err;
+ }
+
+ do {
+ if (BN_GF2m_cmp(b, a) > 0) {
+ if (!BN_GF2m_add(b, b, a))
+ goto err;
+ if (!BN_GF2m_add(v, v, u))
+ goto err;
+ do {
+ if (!BN_rshift1(b, b))
+ goto err;
+ if (BN_is_odd(v))
+ if (!BN_GF2m_add(v, v, p))
+ goto err;
+ if (!BN_rshift1(v, v))
+ goto err;
+ } while (!BN_is_odd(b));
+ } else if (BN_abs_is_word(a, 1))
break;
- else
- {
- if (!BN_GF2m_add(a, a, b)) goto err;
- if (!BN_GF2m_add(u, u, v)) goto err;
- do
- {
- if (!BN_rshift1(a, a)) goto err;
- if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err;
- if (!BN_rshift1(u, u)) goto err;
- } while (!BN_is_odd(a));
- }
- } while (1);
+ else {
+ if (!BN_GF2m_add(a, a, b))
+ goto err;
+ if (!BN_GF2m_add(u, u, v))
+ goto err;
+ do {
+ if (!BN_rshift1(a, a))
+ goto err;
+ if (BN_is_odd(u))
+ if (!BN_GF2m_add(u, u, p))
+ goto err;
+ if (!BN_rshift1(u, u))
+ goto err;
+ } while (!BN_is_odd(a));
+ }
+ } while (1);
- if (!BN_copy(r, u)) goto err;
+ if (!BN_copy(r, u))
+ goto err;
bn_check_top(r);
ret = 1;
err:
- BN_CTX_end(ctx);
+ BN_CTX_end(ctx);
return ret;
- }
+}
#endif
-/* Divide yy by xx, reduce modulo p, and store the result in r. r could be xx
+/* Divide yy by xx, reduce modulo p, and store the result in r. r could be xx
* or yy, xx could equal yy.
*
* This function calls down to the BN_GF2m_mod_div implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
+ * function is only provided for convenience; for best performance, use the
* BN_GF2m_mod_div function.
*/
-int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const int p[], BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx,
+ const int p[], BN_CTX *ctx)
+{
BIGNUM *field;
int ret = 0;
bn_check_top(xx);
BN_CTX_start(ctx);
- if ((field = BN_CTX_get(ctx)) == NULL) goto err;
- if (!BN_GF2m_arr2poly(p, field)) goto err;
-
+ if ((field = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ if (!BN_GF2m_arr2poly(p, field))
+ goto err;
+
ret = BN_GF2m_mod_div(r, yy, xx, field, ctx);
bn_check_top(r);
err:
BN_CTX_end(ctx);
return ret;
- }
+}
/* Compute the bth power of a, reduce modulo p, and store
* the result in r. r could be a.
* Uses simple square-and-multiply algorithm A.5.1 from IEEE P1363.
*/
-int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[], BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[],
+ BN_CTX *ctx)
+{
int ret = 0, i, n;
BIGNUM *u;
bn_check_top(b);
if (BN_is_zero(b))
- return(BN_one(r));
+ return (BN_one(r));
if (BN_abs_is_word(b, 1))
return (BN_copy(r, a) != NULL);
BN_CTX_start(ctx);
- if ((u = BN_CTX_get(ctx)) == NULL) goto err;
-
- if (!BN_GF2m_mod_arr(u, a, p)) goto err;
-
+ if ((u = BN_CTX_get(ctx)) == NULL)
+ goto err;
+
+ if (!BN_GF2m_mod_arr(u, a, p))
+ goto err;
+
n = BN_num_bits(b) - 1;
- for (i = n - 1; i >= 0; i--)
- {
- if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx)) goto err;
- if (BN_is_bit_set(b, i))
- {
- if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx)) goto err;
- }
+ for (i = n - 1; i >= 0; i--) {
+ if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx))
+ goto err;
+ if (BN_is_bit_set(b, i)) {
+ if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx))
+ goto err;
}
- if (!BN_copy(r, u)) goto err;
+ }
+ if (!BN_copy(r, u))
+ goto err;
bn_check_top(r);
ret = 1;
+
err:
BN_CTX_end(ctx);
return ret;
- }
+}
/* Compute the bth power of a, reduce modulo p, and store
* the result in r. r could be a.
*
* This function calls down to the BN_GF2m_mod_exp_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
+ * function is only provided for convenience; for best performance, use the
* BN_GF2m_mod_exp_arr function.
*/
-int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
+ BN_CTX *ctx)
+{
int ret = 0;
const int max = BN_num_bits(p) + 1;
- int *arr=NULL;
+ int *arr = NULL;
+
bn_check_top(a);
bn_check_top(b);
bn_check_top(p);
- if ((arr = (int *)malloc(sizeof(int) * max)) == NULL) goto err;
+ if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+ goto err;
ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max)
- {
- BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH);
+ if (!ret || ret > max) {
+ BNerr(BN_F_BN_GF2M_MOD_EXP, BN_R_INVALID_LENGTH);
goto err;
- }
+ }
ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
bn_check_top(r);
+
err:
- if (arr) free(arr);
+ if (arr)
+ free(arr);
return ret;
- }
+}
/* Compute the square root of a, reduce modulo p, and store
* the result in r. r could be a.
* Uses exponentiation as in algorithm A.4.1 from IEEE P1363.
*/
-int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
+{
int ret = 0;
BIGNUM *u;
bn_check_top(a);
- if (!p[0])
- {
+ if (!p[0]) {
/* reduction mod 1 => return 0 */
BN_zero(r);
return 1;
- }
+ }
BN_CTX_start(ctx);
- if ((u = BN_CTX_get(ctx)) == NULL) goto err;
-
- if (!BN_set_bit(u, p[0] - 1)) goto err;
+ if ((u = BN_CTX_get(ctx)) == NULL)
+ goto err;
+
+ if (!BN_set_bit(u, p[0] - 1))
+ goto err;
ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);
bn_check_top(r);
err:
BN_CTX_end(ctx);
return ret;
- }
+}
/* Compute the square root of a, reduce modulo p, and store
* the result in r. r could be a.
*
* This function calls down to the BN_GF2m_mod_sqrt_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
+ * function is only provided for convenience; for best performance, use the
* BN_GF2m_mod_sqrt_arr function.
*/
-int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
int ret = 0;
const int max = BN_num_bits(p) + 1;
- int *arr=NULL;
+ int *arr = NULL;
bn_check_top(a);
bn_check_top(p);
- if ((arr = (int *)malloc(sizeof(int) * max)) == NULL) goto err;
+ if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+ goto err;
ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max)
- {
- BNerr(BN_F_BN_GF2M_MOD_SQRT,BN_R_INVALID_LENGTH);
+ if (!ret || ret > max) {
+ BNerr(BN_F_BN_GF2M_MOD_SQRT, BN_R_INVALID_LENGTH);
goto err;
- }
+ }
ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
bn_check_top(r);
+
err:
- if (arr) free(arr);
+ if (arr)
+ free(arr);
return ret;
- }
+}
/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0.
* Uses algorithms A.4.7 and A.4.6 from IEEE P1363.
*/
-int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
+ BN_CTX *ctx)
+{
int ret = 0, count = 0, j;
BIGNUM *a, *z, *rho, *w, *w2, *tmp;
bn_check_top(a_);
- if (!p[0])
- {
+ if (!p[0]) {
/* reduction mod 1 => return 0 */
BN_zero(r);
return 1;
- }
+ }
BN_CTX_start(ctx);
a = BN_CTX_get(ctx);
z = BN_CTX_get(ctx);
w = BN_CTX_get(ctx);
- if (w == NULL) goto err;
+ if (w == NULL)
+ goto err;
- if (!BN_GF2m_mod_arr(a, a_, p)) goto err;
-
- if (BN_is_zero(a))
- {
+ if (!BN_GF2m_mod_arr(a, a_, p))
+ goto err;
+
+ if (BN_is_zero(a)) {
BN_zero(r);
ret = 1;
goto err;
- }
+ }
if (p[0] & 0x1) /* m is odd */
- {
+ {
/* compute half-trace of a */
- if (!BN_copy(z, a)) goto err;
- for (j = 1; j <= (p[0] - 1) / 2; j++)
- {
- if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
- if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
- if (!BN_GF2m_add(z, z, a)) goto err;
- }
-
+ if (!BN_copy(z, a))
+ goto err;
+ for (j = 1; j <= (p[0] - 1) / 2; j++) {
+ if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+ goto err;
+ if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+ goto err;
+ if (!BN_GF2m_add(z, z, a))
+ goto err;
}
+
+ }
else /* m is even */
- {
+ {
rho = BN_CTX_get(ctx);
w2 = BN_CTX_get(ctx);
tmp = BN_CTX_get(ctx);
- if (tmp == NULL) goto err;
- do
- {
- if (!BN_rand(rho, p[0], 0, 0)) goto err;
- if (!BN_GF2m_mod_arr(rho, rho, p)) goto err;
+ if (tmp == NULL)
+ goto err;
+ do {
+ if (!BN_rand(rho, p[0], 0, 0))
+ goto err;
+ if (!BN_GF2m_mod_arr(rho, rho, p))
+ goto err;
BN_zero(z);
- if (!BN_copy(w, rho)) goto err;
- for (j = 1; j <= p[0] - 1; j++)
- {
- if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
- if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) goto err;
- if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx)) goto err;
- if (!BN_GF2m_add(z, z, tmp)) goto err;
- if (!BN_GF2m_add(w, w2, rho)) goto err;
- }
+ if (!BN_copy(w, rho))
+ goto err;
+ for (j = 1; j <= p[0] - 1; j++) {
+ if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+ goto err;
+ if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx))
+ goto err;
+ if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx))
+ goto err;
+ if (!BN_GF2m_add(z, z, tmp))
+ goto err;
+ if (!BN_GF2m_add(w, w2, rho))
+ goto err;
+ }
count++;
- } while (BN_is_zero(w) && (count < MAX_ITERATIONS));
- if (BN_is_zero(w))
- {
- BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR,BN_R_TOO_MANY_ITERATIONS);
+ } while (BN_is_zero(w) && (count < MAX_ITERATIONS));
+ if (BN_is_zero(w)) {
+ BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR,
+ BN_R_TOO_MANY_ITERATIONS);
goto err;
- }
}
-
- if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) goto err;
- if (!BN_GF2m_add(w, z, w)) goto err;
- if (BN_GF2m_cmp(w, a))
- {
+ }
+
+ if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx))
+ goto err;
+ if (!BN_GF2m_add(w, z, w))
+ goto err;
+ if (BN_GF2m_cmp(w, a)) {
BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION);
goto err;
- }
+ }
- if (!BN_copy(r, z)) goto err;
+ if (!BN_copy(r, z))
+ goto err;
bn_check_top(r);
ret = 1;
err:
BN_CTX_end(ctx);
return ret;
- }
+}
/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0.
*
* This function calls down to the BN_GF2m_mod_solve_quad_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
+ * function is only provided for convenience; for best performance, use the
* BN_GF2m_mod_solve_quad_arr function.
*/
-int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
- {
+int
+BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
int ret = 0;
const int max = BN_num_bits(p) + 1;
- int *arr=NULL;
+ int *arr = NULL;
+
bn_check_top(a);
bn_check_top(p);
- if ((arr = (int *)malloc(sizeof(int) *
- max)) == NULL) goto err;
+ if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+ goto err;
ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max)
- {
- BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD,BN_R_INVALID_LENGTH);
+ if (!ret || ret > max) {
+ BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD, BN_R_INVALID_LENGTH);
goto err;
- }
+ }
ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
bn_check_top(r);
+
err:
- if (arr) free(arr);
+ if (arr)
+ free(arr);
return ret;
- }
+}
/* Convert the bit-string representation of a polynomial
- * ( \sum_{i=0}^n a_i * x^i) into an array of integers corresponding
+ * ( \sum_{i=0}^n a_i * x^i) into an array of integers corresponding
* to the bits with non-zero coefficient. Array is terminated with -1.
* Up to max elements of the array will be filled. Return value is total
* number of array elements that would be filled if array was large enough.
*/
-int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
- {
+int
+BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
+{
int i, j, k = 0;
BN_ULONG mask;
if (BN_is_zero(a))
return 0;
- for (i = a->top - 1; i >= 0; i--)
- {
+ for (i = a->top - 1; i >= 0; i--) {
if (!a->d[i])
/* skip word if a->d[i] == 0 */
continue;
mask = BN_TBIT;
- for (j = BN_BITS2 - 1; j >= 0; j--)
- {
- if (a->d[i] & mask)
- {
- if (k < max) p[k] = BN_BITS2 * i + j;
+ for (j = BN_BITS2 - 1; j >= 0; j--) {
+ if (a->d[i] & mask) {
+ if (k < max)
+ p[k] = BN_BITS2 * i + j;
k++;
- }
- mask >>= 1;
}
+ mask >>= 1;
}
+ }
if (k < max) {
p[k] = -1;
}
return k;
- }
+}
-/* Convert the coefficient array representation of a polynomial to a
+/* Convert the coefficient array representation of a polynomial to a
* bit-string. The array must be terminated by -1.
*/
-int BN_GF2m_arr2poly(const int p[], BIGNUM *a)
- {
+int
+BN_GF2m_arr2poly(const int p[], BIGNUM *a)
+{
int i;
bn_check_top(a);
BN_zero(a);
- for (i = 0; p[i] != -1; i++)
- {
+ for (i = 0; p[i] != -1; i++) {
if (BN_set_bit(a, p[i]) == 0)
return 0;
- }
+ }
bn_check_top(a);
return 1;
- }
+}
#endif
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
/* Returns -2 for errors because both -1 and 0 are valid results. */
-int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
- {
+int
+BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
int i;
int ret = -2; /* avoid 'uninitialized' warning */
int err = 0;
BIGNUM *A, *B, *tmp;
+
/* In 'tab', only odd-indexed entries are relevant:
* For any odd BIGNUM n,
* tab[BN_lsw(n) & 7]
BN_CTX_start(ctx);
A = BN_CTX_get(ctx);
B = BN_CTX_get(ctx);
- if (B == NULL) goto end;
-
+ if (B == NULL)
+ goto end;
+
err = !BN_copy(A, a);
- if (err) goto end;
+ if (err)
+ goto end;
err = !BN_copy(B, b);
- if (err) goto end;
+ if (err)
+ goto end;
/*
* Kronecker symbol, imlemented according to Henri Cohen,
/* Cohen's step 1: */
- if (BN_is_zero(B))
- {
+ if (BN_is_zero(B)) {
ret = BN_abs_is_word(A, 1);
goto end;
- }
-
+ }
+
/* Cohen's step 2: */
- if (!BN_is_odd(A) && !BN_is_odd(B))
- {
+ if (!BN_is_odd(A) && !BN_is_odd(B)) {
ret = 0;
goto end;
- }
+ }
/* now B is non-zero */
i = 0;
while (!BN_is_bit_set(B, i))
i++;
err = !BN_rshift(B, B, i);
- if (err) goto end;
- if (i & 1)
- {
+ if (err)
+ goto end;
+ if (i & 1) {
/* i is odd */
/* (thus B was even, thus A must be odd!) */
/* set 'ret' to $(-1)^{(A^2-1)/8}$ */
ret = tab[BN_lsw(A) & 7];
- }
- else
- {
+ } else {
/* i is even */
ret = 1;
- }
-
- if (B->neg)
- {
+ }
+
+ if (B->neg) {
B->neg = 0;
if (A->neg)
ret = -ret;
- }
+ }
/* now B is positive and odd, so what remains to be done is
* to compute the Jacobi symbol (A/B) and multiply it by 'ret' */
- while (1)
- {
+ while (1) {
/* Cohen's step 3: */
/* B is positive and odd */
- if (BN_is_zero(A))
- {
+ if (BN_is_zero(A)) {
ret = BN_is_one(B) ? ret : 0;
goto end;
- }
+ }
/* now A is non-zero */
i = 0;
while (!BN_is_bit_set(A, i))
i++;
err = !BN_rshift(A, A, i);
- if (err) goto end;
- if (i & 1)
- {
+ if (err)
+ goto end;
+ if (i & 1) {
/* i is odd */
/* multiply 'ret' by $(-1)^{(B^2-1)/8}$ */
ret = ret * tab[BN_lsw(B) & 7];
- }
-
+ }
+
/* Cohen's step 4: */
/* multiply 'ret' by $(-1)^{(A-1)(B-1)/4}$ */
if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
ret = -ret;
-
+
/* (A, B) := (B mod |A|, |A|) */
err = !BN_nnmod(B, B, A, ctx);
- if (err) goto end;
- tmp = A; A = B; B = tmp;
+ if (err)
+ goto end;
+ tmp = A;
+ A = B;
+ B = tmp;
tmp->neg = 0;
- }
+ }
+
end:
BN_CTX_end(ctx);
if (err)
return -2;
else
return ret;
- }
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
*
* To achieve the security goals of BN_mode_exp_mont_consttime, the
* maximum size of the window must not exceed
- * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH).
+ * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH).
*
* Window size thresholds are defined for cache line sizes of 32 and 64,
* cache line sizes where log_2(32)=5 and log_2(64)=6 respectively. A
}
#endif /* !BN_LLONG */
-void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
-void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
-void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
+ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb);
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp);
-void bn_sqr_comba8(BN_ULONG *r,const BN_ULONG *a);
-void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a);
-int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n);
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a);
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a);
+int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n);
int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl);
-void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
- int dna,int dnb,BN_ULONG *t);
-void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,
- int n,int tna,int tnb,BN_ULONG *t);
-void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
-void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
-void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
- BN_ULONG *t);
-void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
- BN_ULONG *t);
+ int cl, int dl);
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+ int dna, int dnb, BN_ULONG *t);
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+ int n, int tna, int tnb, BN_ULONG *t);
+void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t);
+void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
+void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+ BN_ULONG *t);
+void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
+ BN_ULONG *t);
BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl);
+ int cl, int dl);
BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl);
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);
+ int cl, int dl);
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num);
#ifdef __cplusplus
}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#include "cryptlib.h"
#include "bn_lcl.h"
-const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;
+const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT;
/* This stuff appears to be completely unused, so is deprecated */
#ifndef OPENSSL_NO_DEPRECATED
* 7 - 128 == 4096
* 8 - 256 == 8192
*/
-static int bn_limit_bits=0;
-static int bn_limit_num=8; /* (1<<bn_limit_bits) */
-static int bn_limit_bits_low=0;
-static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
-static int bn_limit_bits_high=0;
-static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
-static int bn_limit_bits_mont=0;
-static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
-
-void BN_set_params(int mult, int high, int low, int mont)
- {
- if (mult >= 0)
- {
- if (mult > (int)(sizeof(int)*8)-1)
- mult=sizeof(int)*8-1;
- bn_limit_bits=mult;
- bn_limit_num=1<<mult;
- }
- if (high >= 0)
- {
- if (high > (int)(sizeof(int)*8)-1)
- high=sizeof(int)*8-1;
- bn_limit_bits_high=high;
- bn_limit_num_high=1<<high;
- }
- if (low >= 0)
- {
- if (low > (int)(sizeof(int)*8)-1)
- low=sizeof(int)*8-1;
- bn_limit_bits_low=low;
- bn_limit_num_low=1<<low;
- }
- if (mont >= 0)
- {
- if (mont > (int)(sizeof(int)*8)-1)
- mont=sizeof(int)*8-1;
- bn_limit_bits_mont=mont;
- bn_limit_num_mont=1<<mont;
- }
- }
+static int bn_limit_bits = 0;
+static int bn_limit_num = 8; /* (1<<bn_limit_bits) */
+static int bn_limit_bits_low = 0;
+static int bn_limit_num_low = 8; /* (1<<bn_limit_bits_low) */
+static int bn_limit_bits_high = 0;
+static int bn_limit_num_high = 8; /* (1<<bn_limit_bits_high) */
+static int bn_limit_bits_mont = 0;
+static int bn_limit_num_mont = 8; /* (1<<bn_limit_bits_mont) */
-int BN_get_params(int which)
- {
- if (which == 0) return(bn_limit_bits);
- else if (which == 1) return(bn_limit_bits_high);
- else if (which == 2) return(bn_limit_bits_low);
- else if (which == 3) return(bn_limit_bits_mont);
- else return(0);
+void
+BN_set_params(int mult, int high, int low, int mont)
+{
+ if (mult >= 0) {
+ if (mult > (int)(sizeof(int) * 8) - 1)
+ mult = sizeof(int) * 8 - 1;
+ bn_limit_bits = mult;
+ bn_limit_num = 1 << mult;
}
+ if (high >= 0) {
+ if (high > (int)(sizeof(int) * 8) - 1)
+ high = sizeof(int) * 8 - 1;
+ bn_limit_bits_high = high;
+ bn_limit_num_high = 1 << high;
+ }
+ if (low >= 0) {
+ if (low > (int)(sizeof(int) * 8) - 1)
+ low = sizeof(int) * 8 - 1;
+ bn_limit_bits_low = low;
+ bn_limit_num_low = 1 << low;
+ }
+ if (mont >= 0) {
+ if (mont > (int)(sizeof(int) * 8) - 1)
+ mont = sizeof(int) * 8 - 1;
+ bn_limit_bits_mont = mont;
+ bn_limit_num_mont = 1 << mont;
+ }
+}
+
+int
+BN_get_params(int which)
+{
+ if (which == 0)
+ return (bn_limit_bits);
+ else if (which == 1)
+ return (bn_limit_bits_high);
+ else if (which == 2)
+ return (bn_limit_bits_low);
+ else if (which == 3)
+ return (bn_limit_bits_mont);
+ else
+ return (0);
+}
#endif
-const BIGNUM *BN_value_one(void)
- {
- static const BN_ULONG data_one=1L;
- static const BIGNUM const_one={(BN_ULONG *)&data_one,1,1,0,BN_FLG_STATIC_DATA};
+const BIGNUM *
+BN_value_one(void)
+{
+ static const BN_ULONG data_one = 1L;
+ static const BIGNUM const_one = {
+ (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA
+ };
- return(&const_one);
- }
+ return (&const_one);
+}
-int BN_num_bits_word(BN_ULONG l)
- {
- static const unsigned char bits[256]={
- 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
- 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
- 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
- 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- };
+int
+BN_num_bits_word(BN_ULONG l)
+{
+ static const unsigned char bits[256] = {
+ 0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4,
+ 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5,
+ 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
+ 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ };
#ifdef _LP64
- if (l & 0xffffffff00000000L)
- {
- if (l & 0xffff000000000000L)
- {
- if (l & 0xff00000000000000L)
- {
- return(bits[(int)(l>>56)]+56);
- }
- else return(bits[(int)(l>>48)]+48);
- }
- else
- {
- if (l & 0x0000ff0000000000L)
- {
- return(bits[(int)(l>>40)]+40);
- }
- else return(bits[(int)(l>>32)]+32);
- }
- }
- else
+ if (l & 0xffffffff00000000L) {
+ if (l & 0xffff000000000000L) {
+ if (l & 0xff00000000000000L) {
+ return (bits[(int)(l >> 56)] + 56);
+ } else
+ return (bits[(int)(l >> 48)] + 48);
+ } else {
+ if (l & 0x0000ff0000000000L) {
+ return (bits[(int)(l >> 40)] + 40);
+ } else
+ return (bits[(int)(l >> 32)] + 32);
+ }
+ } else
#endif
- {
- if (l & 0xffff0000L)
- {
+ {
+ if (l & 0xffff0000L) {
if (l & 0xff000000L)
- return(bits[(int)(l>>24L)]+24);
- else return(bits[(int)(l>>16L)]+16);
- }
- else
- {
+ return (bits[(int)(l >> 24L)] + 24);
+ else
+ return (bits[(int)(l >> 16L)] + 16);
+ } else {
if (l & 0xff00L)
- return(bits[(int)(l>>8)]+8);
- else
- return(bits[(int)(l )] );
- }
+ return (bits[(int)(l >> 8)] + 8);
+ else
+ return (bits[(int)(l)]);
}
}
+}
-int BN_num_bits(const BIGNUM *a)
- {
+int
+BN_num_bits(const BIGNUM *a)
+{
int i = a->top - 1;
+
bn_check_top(a);
- if (BN_is_zero(a)) return 0;
- return ((i*BN_BITS2) + BN_num_bits_word(a->d[i]));
- }
+ if (BN_is_zero(a))
+ return 0;
+ return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
+}
-void BN_clear_free(BIGNUM *a)
- {
+void
+BN_clear_free(BIGNUM *a)
+{
int i;
- if (a == NULL) return;
+ if (a == NULL)
+ return;
bn_check_top(a);
- if (a->d != NULL && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
- {
- OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
+ if (a->d != NULL && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) {
+ OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
free(a->d);
- }
- i=BN_get_flags(a,BN_FLG_MALLOCED);
- OPENSSL_cleanse(a,sizeof(BIGNUM));
+ }
+ i = BN_get_flags(a, BN_FLG_MALLOCED);
+ OPENSSL_cleanse(a, sizeof(BIGNUM));
if (i)
free(a);
- }
+}
void
BN_free(BIGNUM *a)
BN_clear_free(a);
}
-void BN_init(BIGNUM *a)
- {
- memset(a,0,sizeof(BIGNUM));
+void
+BN_init(BIGNUM *a)
+{
+ memset(a, 0, sizeof(BIGNUM));
bn_check_top(a);
- }
+}
-BIGNUM *BN_new(void)
- {
+BIGNUM *
+BN_new(void)
+{
BIGNUM *ret;
- if ((ret=(BIGNUM *)malloc(sizeof(BIGNUM))) == NULL)
- {
- BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- ret->flags=BN_FLG_MALLOCED;
- ret->top=0;
- ret->neg=0;
- ret->dmax=0;
- ret->d=NULL;
- bn_check_top(ret);
- return(ret);
+ if ((ret = (BIGNUM *)malloc(sizeof(BIGNUM))) == NULL) {
+ BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
}
+ ret->flags = BN_FLG_MALLOCED;
+ ret->top = 0;
+ ret->neg = 0;
+ ret->dmax = 0;
+ ret->d = NULL;
+ bn_check_top(ret);
+ return (ret);
+}
/* This is used both by bn_expand2() and bn_dup_expand() */
/* The caller MUST check that words > b->dmax before calling this */
-static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
- {
- BN_ULONG *A,*a = NULL;
+static BN_ULONG *
+bn_expand_internal(const BIGNUM *b, int words)
+{
+ BN_ULONG *A, *a = NULL;
const BN_ULONG *B;
int i;
bn_check_top(b);
- if (words > (INT_MAX/(4*BN_BITS2)))
- {
- BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
+ if (words > (INT_MAX/(4*BN_BITS2))) {
+ BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
return NULL;
- }
- if (BN_get_flags(b,BN_FLG_STATIC_DATA))
- {
- BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
- return(NULL);
- }
- a=A=(BN_ULONG *)malloc(sizeof(BN_ULONG)*words);
- if (A == NULL)
- {
- BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
+ }
+ if (BN_get_flags(b, BN_FLG_STATIC_DATA)) {
+ BNerr(BN_F_BN_EXPAND_INTERNAL,
+ BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
+ return (NULL);
+ }
+ a = A = (BN_ULONG *)malloc(sizeof(BN_ULONG)*words);
+ if (A == NULL) {
+ BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
#if 1
- B=b->d;
+ B = b->d;
/* Check if the previous number needs to be copied */
- if (B != NULL)
- {
- for (i=b->top>>2; i>0; i--,A+=4,B+=4)
- {
+ if (B != NULL) {
+ for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
/*
* The fact that the loop is unrolled
* 4-wise is a tribute to Intel. It's
*
* <appro@fy.chalmers.se>
*/
- BN_ULONG a0,a1,a2,a3;
- a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
- A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
- }
- switch (b->top&3)
- {
- case 3: A[2]=B[2];
- case 2: A[1]=B[1];
- case 1: A[0]=B[0];
- }
+ BN_ULONG a0, a1, a2, a3;
+ a0 = B[0];
+ a1 = B[1];
+ a2 = B[2];
+ a3 = B[3];
+ A[0] = a0;
+ A[1] = a1;
+ A[2] = a2;
+ A[3] = a3;
+ }
+ switch (b->top & 3) {
+ case 3:
+ A[2] = B[2];
+ case 2:
+ A[1] = B[1];
+ case 1:
+ A[0] = B[0];
}
+ }
#else
- memset(A,0,sizeof(BN_ULONG)*words);
- memcpy(A,b->d,sizeof(b->d[0])*b->top);
+ memset(A, 0, sizeof(BN_ULONG) * words);
+ memcpy(A, b->d, sizeof(b->d[0]) * b->top);
#endif
-
- return(a);
- }
+
+ return (a);
+}
/* This is an internal function that can be used instead of bn_expand2()
* when there is a need to copy BIGNUMs instead of only expanding the
*/
#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
- {
+BIGNUM *
+bn_dup_expand(const BIGNUM *b, int words)
+{
BIGNUM *r = NULL;
bn_check_top(b);
* (But bn_dup_expand() is not used anywhere yet.)
*/
- if (words > b->dmax)
- {
+ if (words > b->dmax) {
BN_ULONG *a = bn_expand_internal(b, words);
- if (a)
- {
+ if (a) {
r = BN_new();
- if (r)
- {
+ if (r) {
r->top = b->top;
r->dmax = words;
r->neg = b->neg;
r->d = a;
- }
- else
- {
+ } else {
/* r == NULL, BN_new failure */
free(a);
- }
}
+ }
/* If a == NULL, there was an error in allocation in
bn_expand_internal(), and NULL should be returned */
- }
- else
- {
+ } else {
r = BN_dup(b);
- }
+ }
bn_check_top(r);
return r;
- }
+}
#endif
/* This is an internal function that should not be used in applications.
* It is mostly used by the various BIGNUM routines. If there is an error,
* NULL is returned. If not, 'b' is returned. */
-BIGNUM *bn_expand2(BIGNUM *b, int words)
- {
+BIGNUM *
+bn_expand2(BIGNUM *b, int words)
+{
bn_check_top(b);
- if (words > b->dmax)
- {
+ if (words > b->dmax) {
BN_ULONG *a = bn_expand_internal(b, words);
- if(!a) return NULL;
- if(b->d) {
+ if (!a)
+ return NULL;
+ if (b->d) {
OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
free(b->d);
}
- b->d=a;
- b->dmax=words;
- }
+ b->d = a;
+ b->dmax = words;
+ }
/* None of this should be necessary because of what b->top means! */
#if 0
/* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */
- if (b->top < b->dmax)
- {
+ if (b->top < b->dmax) {
int i;
BN_ULONG *A = &(b->d[b->top]);
- for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
- {
- A[0]=0; A[1]=0; A[2]=0; A[3]=0;
- A[4]=0; A[5]=0; A[6]=0; A[7]=0;
- }
- for (i=(b->dmax - b->top)&7; i>0; i--,A++)
- A[0]=0;
+ for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) {
+ A[0] = 0;
+ A[1] = 0;
+ A[2] = 0;
+ A[3] = 0;
+ A[4] = 0;
+ A[5] = 0;
+ A[6] = 0;
+ A[7] = 0;
+ }
+ for (i = (b->dmax - b->top)&7; i > 0; i--, A++)
+ A[0] = 0;
assert(A == &(b->d[b->dmax]));
- }
+ }
#endif
bn_check_top(b);
return b;
- }
+}
-BIGNUM *BN_dup(const BIGNUM *a)
- {
+BIGNUM *
+BN_dup(const BIGNUM *a)
+{
BIGNUM *t;
- if (a == NULL) return NULL;
+ if (a == NULL)
+ return NULL;
bn_check_top(a);
t = BN_new();
- if (t == NULL) return NULL;
- if(!BN_copy(t, a))
- {
+ if (t == NULL)
+ return NULL;
+ if (!BN_copy(t, a)) {
BN_free(t);
return NULL;
- }
+ }
bn_check_top(t);
return t;
- }
+}
-BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
- {
+BIGNUM *
+BN_copy(BIGNUM *a, const BIGNUM *b)
+{
int i;
BN_ULONG *A;
const BN_ULONG *B;
bn_check_top(b);
- if (a == b) return(a);
- if (bn_wexpand(a,b->top) == NULL) return(NULL);
+ if (a == b)
+ return (a);
+ if (bn_wexpand(a, b->top) == NULL)
+ return (NULL);
#if 1
- A=a->d;
- B=b->d;
- for (i=b->top>>2; i>0; i--,A+=4,B+=4)
- {
- BN_ULONG a0,a1,a2,a3;
- a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
- A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
- }
- switch (b->top&3)
- {
- case 3: A[2]=B[2];
- case 2: A[1]=B[1];
- case 1: A[0]=B[0];
- }
+ A = a->d;
+ B = b->d;
+ for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
+ BN_ULONG a0, a1, a2, a3;
+ a0 = B[0];
+ a1 = B[1];
+ a2 = B[2];
+ a3 = B[3];
+ A[0] = a0;
+ A[1] = a1;
+ A[2] = a2;
+ A[3] = a3;
+ }
+ switch (b->top & 3) {
+ case 3:
+ A[2] = B[2];
+ case 2:
+ A[1] = B[1];
+ case 1:
+ A[0] = B[0];
+ }
#else
- memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
+ memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
#endif
- a->top=b->top;
- a->neg=b->neg;
+ a->top = b->top;
+ a->neg = b->neg;
bn_check_top(a);
- return(a);
- }
+ return (a);
+}
-void BN_swap(BIGNUM *a, BIGNUM *b)
- {
+void
+BN_swap(BIGNUM *a, BIGNUM *b)
+{
int flags_old_a, flags_old_b;
BN_ULONG *tmp_d;
int tmp_top, tmp_dmax, tmp_neg;
-
+
bn_check_top(a);
bn_check_top(b);
tmp_top = a->top;
tmp_dmax = a->dmax;
tmp_neg = a->neg;
-
+
a->d = b->d;
a->top = b->top;
a->dmax = b->dmax;
a->neg = b->neg;
-
+
b->d = tmp_d;
b->top = tmp_top;
b->dmax = tmp_dmax;
b->neg = tmp_neg;
-
- a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
- b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
+
+ a->flags = (flags_old_a & BN_FLG_MALLOCED) |
+ (flags_old_b & BN_FLG_STATIC_DATA);
+ b->flags = (flags_old_b & BN_FLG_MALLOCED) |
+ (flags_old_a & BN_FLG_STATIC_DATA);
bn_check_top(a);
bn_check_top(b);
- }
+}
-void BN_clear(BIGNUM *a)
- {
+void
+BN_clear(BIGNUM *a)
+{
bn_check_top(a);
if (a->d != NULL)
- memset(a->d,0,a->dmax*sizeof(a->d[0]));
- a->top=0;
- a->neg=0;
- }
+ memset(a->d, 0, a->dmax * sizeof(a->d[0]));
+ a->top = 0;
+ a->neg = 0;
+}
-BN_ULONG BN_get_word(const BIGNUM *a)
- {
+BN_ULONG
+BN_get_word(const BIGNUM *a)
+{
if (a->top > 1)
return BN_MASK2;
else if (a->top == 1)
return a->d[0];
/* a->top == 0 */
return 0;
- }
+}
-int BN_set_word(BIGNUM *a, BN_ULONG w)
- {
+int
+BN_set_word(BIGNUM *a, BN_ULONG w)
+{
bn_check_top(a);
- if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0);
+ if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL)
+ return (0);
a->neg = 0;
a->d[0] = w;
a->top = (w ? 1 : 0);
bn_check_top(a);
- return(1);
- }
+ return (1);
+}
-BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
- {
- unsigned int i,m;
+BIGNUM *
+BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
+{
+ unsigned int i, m;
unsigned int n;
BN_ULONG l;
- BIGNUM *bn = NULL;
+ BIGNUM *bn = NULL;
if (ret == NULL)
ret = bn = BN_new();
- if (ret == NULL) return(NULL);
+ if (ret == NULL)
+ return (NULL);
bn_check_top(ret);
- l=0;
- n=len;
- if (n == 0)
- {
- ret->top=0;
- return(ret);
- }
- i=((n-1)/BN_BYTES)+1;
- m=((n-1)%(BN_BYTES));
- if (bn_wexpand(ret, (int)i) == NULL)
- {
- if (bn) BN_free(bn);
+ l = 0;
+ n = len;
+ if (n == 0) {
+ ret->top = 0;
+ return (ret);
+ }
+ i = ((n - 1) / BN_BYTES) + 1;
+ m = ((n - 1) % (BN_BYTES));
+ if (bn_wexpand(ret, (int)i) == NULL) {
+ if (bn)
+ BN_free(bn);
return NULL;
+ }
+ ret->top = i;
+ ret->neg = 0;
+ while (n--) {
+ l = (l << 8L) | *(s++);
+ if (m-- == 0) {
+ ret->d[--i] = l;
+ l = 0;
+ m = BN_BYTES - 1;
}
- ret->top=i;
- ret->neg=0;
- while (n--)
- {
- l=(l<<8L)| *(s++);
- if (m-- == 0)
- {
- ret->d[--i]=l;
- l=0;
- m=BN_BYTES-1;
- }
- }
+ }
/* need to call this due to clear byte at top if avoiding
* having the top bit set (-ve number) */
bn_correct_top(ret);
- return(ret);
- }
+ return (ret);
+}
/* ignore negative */
-int BN_bn2bin(const BIGNUM *a, unsigned char *to)
- {
- int n,i;
+int
+BN_bn2bin(const BIGNUM *a, unsigned char *to)
+{
+ int n, i;
BN_ULONG l;
bn_check_top(a);
- n=i=BN_num_bytes(a);
- while (i--)
- {
- l=a->d[i/BN_BYTES];
- *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
- }
- return(n);
+ n = i=BN_num_bytes(a);
+ while (i--) {
+ l = a->d[i / BN_BYTES];
+ *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
}
+ return (n);
+}
-int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
- {
+int
+BN_ucmp(const BIGNUM *a, const BIGNUM *b)
+{
int i;
- BN_ULONG t1,t2,*ap,*bp;
+ BN_ULONG t1, t2, *ap, *bp;
bn_check_top(a);
bn_check_top(b);
- i=a->top-b->top;
- if (i != 0) return(i);
- ap=a->d;
- bp=b->d;
- for (i=a->top-1; i>=0; i--)
- {
- t1= ap[i];
- t2= bp[i];
+ i = a->top - b->top;
+ if (i != 0)
+ return (i);
+ ap = a->d;
+ bp = b->d;
+ for (i = a->top - 1; i >= 0; i--) {
+ t1 = ap[i];
+ t2 = bp[i];
if (t1 != t2)
- return((t1 > t2) ? 1 : -1);
- }
- return(0);
+ return ((t1 > t2) ? 1 : -1);
}
+ return (0);
+}
-int BN_cmp(const BIGNUM *a, const BIGNUM *b)
- {
+int
+BN_cmp(const BIGNUM *a, const BIGNUM *b)
+{
int i;
- int gt,lt;
- BN_ULONG t1,t2;
+ int gt, lt;
+ BN_ULONG t1, t2;
- if ((a == NULL) || (b == NULL))
- {
+ if ((a == NULL) || (b == NULL)) {
if (a != NULL)
- return(-1);
+ return (-1);
else if (b != NULL)
- return(1);
+ return (1);
else
- return(0);
- }
+ return (0);
+ }
bn_check_top(a);
bn_check_top(b);
- if (a->neg != b->neg)
- {
+ if (a->neg != b->neg) {
if (a->neg)
- return(-1);
- else return(1);
- }
- if (a->neg == 0)
- { gt=1; lt= -1; }
- else { gt= -1; lt=1; }
-
- if (a->top > b->top) return(gt);
- if (a->top < b->top) return(lt);
- for (i=a->top-1; i>=0; i--)
- {
- t1=a->d[i];
- t2=b->d[i];
- if (t1 > t2) return(gt);
- if (t1 < t2) return(lt);
- }
- return(0);
+ return (-1);
+ else
+ return (1);
+ }
+ if (a->neg == 0) {
+ gt = 1;
+ lt = -1;
+ } else {
+ gt = -1;
+ lt = 1;
}
-int BN_set_bit(BIGNUM *a, int n)
- {
- int i,j,k;
+ if (a->top > b->top)
+ return (gt);
+ if (a->top < b->top)
+ return (lt);
+ for (i = a->top - 1; i >= 0; i--) {
+ t1 = a->d[i];
+ t2 = b->d[i];
+ if (t1 > t2)
+ return (gt);
+ if (t1 < t2)
+ return (lt);
+ }
+ return (0);
+}
+
+int
+BN_set_bit(BIGNUM *a, int n)
+{
+ int i, j, k;
if (n < 0)
return 0;
- i=n/BN_BITS2;
- j=n%BN_BITS2;
- if (a->top <= i)
- {
- if (bn_wexpand(a,i+1) == NULL) return(0);
- for(k=a->top; k<i+1; k++)
- a->d[k]=0;
- a->top=i+1;
- }
+ i = n / BN_BITS2;
+ j = n % BN_BITS2;
+ if (a->top <= i) {
+ if (bn_wexpand(a, i + 1) == NULL)
+ return (0);
+ for (k = a->top; k < i + 1; k++)
+ a->d[k] = 0;
+ a->top = i + 1;
+ }
- a->d[i]|=(((BN_ULONG)1)<<j);
+ a->d[i] |= (((BN_ULONG)1) << j);
bn_check_top(a);
- return(1);
- }
+ return (1);
+}
-int BN_clear_bit(BIGNUM *a, int n)
- {
- int i,j;
+int
+BN_clear_bit(BIGNUM *a, int n)
+{
+ int i, j;
bn_check_top(a);
- if (n < 0) return 0;
+ if (n < 0)
+ return 0;
- i=n/BN_BITS2;
- j=n%BN_BITS2;
- if (a->top <= i) return(0);
+ i = n / BN_BITS2;
+ j = n % BN_BITS2;
+ if (a->top <= i)
+ return (0);
- a->d[i]&=(~(((BN_ULONG)1)<<j));
+ a->d[i] &= (~(((BN_ULONG)1) << j));
bn_correct_top(a);
- return(1);
- }
+ return (1);
+}
-int BN_is_bit_set(const BIGNUM *a, int n)
- {
- int i,j;
+int
+BN_is_bit_set(const BIGNUM *a, int n)
+{
+ int i, j;
bn_check_top(a);
- if (n < 0) return 0;
- i=n/BN_BITS2;
- j=n%BN_BITS2;
- if (a->top <= i) return 0;
- return (int)(((a->d[i])>>j)&((BN_ULONG)1));
- }
+ if (n < 0)
+ return 0;
+ i = n / BN_BITS2;
+ j = n % BN_BITS2;
+ if (a->top <= i)
+ return 0;
+ return (int)(((a->d[i]) >> j) & ((BN_ULONG)1));
+}
-int BN_mask_bits(BIGNUM *a, int n)
- {
- int b,w;
+int
+BN_mask_bits(BIGNUM *a, int n)
+{
+ int b, w;
bn_check_top(a);
- if (n < 0) return 0;
+ if (n < 0)
+ return 0;
- w=n/BN_BITS2;
- b=n%BN_BITS2;
- if (w >= a->top) return 0;
+ w = n / BN_BITS2;
+ b = n % BN_BITS2;
+ if (w >= a->top)
+ return 0;
if (b == 0)
- a->top=w;
- else
- {
- a->top=w+1;
- a->d[w]&= ~(BN_MASK2<<b);
- }
- bn_correct_top(a);
- return(1);
+ a->top = w;
+ else {
+ a->top = w + 1;
+ a->d[w] &= ~(BN_MASK2 << b);
}
+ bn_correct_top(a);
+ return (1);
+}
-void BN_set_negative(BIGNUM *a, int b)
- {
+void
+BN_set_negative(BIGNUM *a, int b)
+{
if (b && !BN_is_zero(a))
a->neg = 1;
else
a->neg = 0;
- }
+}
-int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
- {
+int
+bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
+{
int i;
- BN_ULONG aa,bb;
-
- aa=a[n-1];
- bb=b[n-1];
- if (aa != bb) return((aa > bb)?1:-1);
- for (i=n-2; i>=0; i--)
- {
- aa=a[i];
- bb=b[i];
- if (aa != bb) return((aa > bb)?1:-1);
- }
- return(0);
+ BN_ULONG aa, bb;
+
+ aa = a[n - 1];
+ bb = b[n - 1];
+ if (aa != bb)
+ return ((aa > bb) ? 1 : -1);
+ for (i = n - 2; i >= 0; i--) {
+ aa = a[i];
+ bb = b[i];
+ if (aa != bb)
+ return ((aa > bb) ? 1 : -1);
}
+ return (0);
+}
/* Here follows a specialised variants of bn_cmp_words(). It has the
property of performing the operation on arrays of different sizes.
delta between the two lengths, calculated as len(a)-len(b).
All lengths are the number of BN_ULONGs... */
-int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl)
- {
- int n,i;
- n = cl-1;
-
- if (dl < 0)
- {
- for (i=dl; i<0; i++)
- {
- if (b[n-i] != 0)
+int
+bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl)
+{
+ int n, i;
+
+ n = cl - 1;
+
+ if (dl < 0) {
+ for (i = dl; i < 0; i++) {
+ if (b[n - i] != 0)
return -1; /* a < b */
- }
}
- if (dl > 0)
- {
- for (i=dl; i>0; i--)
- {
- if (a[n+i] != 0)
+ }
+ if (dl > 0) {
+ for (i = dl; i > 0; i--) {
+ if (a[n + i] != 0)
return 1; /* a > b */
- }
}
- return bn_cmp_words(a,b,cl);
}
+ return bn_cmp_words(a, b, cl);
+}
-/*
- * Constant-time conditional swap of a and b.
+/*
+ * Constant-time conditional swap of a and b.
* a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
* nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
* and that no more than nwords are used by either a or b.
* a and b cannot be the same number
*/
-void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
- {
+void
+BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+{
BN_ULONG t;
int i;
switch (nwords) {
default:
- for (i = 10; i < nwords; i++)
+ for (i = 10; i < nwords; i++)
BN_CONSTTIME_SWAP(i);
/* Fallthrough */
case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
- case 1: BN_CONSTTIME_SWAP(0);
+ case 1:
+ BN_CONSTTIME_SWAP(0);
}
#undef BN_CONSTTIME_SWAP
}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#include "cryptlib.h"
#include "bn_lcl.h"
-
-int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
- {
+int
+BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+{
/* like BN_mod, but returns non-negative remainder
* (i.e., 0 <= r < |d| always holds) */
- if (!(BN_mod(r,m,d,ctx)))
+ if (!(BN_mod(r, m,d, ctx)))
return 0;
if (!r->neg)
return 1;
return (d->neg ? BN_sub : BN_add)(r, r, d);
}
-
-int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
- {
- if (!BN_add(r, a, b)) return 0;
+int
+BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx)
+{
+ if (!BN_add(r, a, b))
+ return 0;
return BN_nnmod(r, r, m, ctx);
- }
-
+}
/* BN_mod_add variant that may be used if both a and b are non-negative
* and less than m */
-int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
- {
- if (!BN_uadd(r, a, b)) return 0;
+int
+BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
+{
+ if (!BN_uadd(r, a, b))
+ return 0;
if (BN_ucmp(r, m) >= 0)
return BN_usub(r, r, m);
return 1;
- }
-
+}
-int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
- {
- if (!BN_sub(r, a, b)) return 0;
+int
+BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx)
+{
+ if (!BN_sub(r, a, b))
+ return 0;
return BN_nnmod(r, r, m, ctx);
- }
-
+}
/* BN_mod_sub variant that may be used if both a and b are non-negative
* and less than m */
-int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
- {
- if (!BN_sub(r, a, b)) return 0;
+int
+BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
+{
+ if (!BN_sub(r, a, b))
+ return 0;
if (r->neg)
return BN_add(r, r, m);
return 1;
- }
-
+}
/* slow but works */
-int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
- BN_CTX *ctx)
- {
+int
+BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx)
+{
BIGNUM *t;
- int ret=0;
+ int ret = 0;
bn_check_top(a);
bn_check_top(b);
bn_check_top(m);
BN_CTX_start(ctx);
- if ((t = BN_CTX_get(ctx)) == NULL) goto err;
- if (a == b)
- { if (!BN_sqr(t,a,ctx)) goto err; }
- else
- { if (!BN_mul(t,a,b,ctx)) goto err; }
- if (!BN_nnmod(r,t,m,ctx)) goto err;
+ if ((t = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ if (a == b) {
+ if (!BN_sqr(t, a, ctx))
+ goto err;
+ } else {
+ if (!BN_mul(t, a,b, ctx))
+ goto err;
+ }
+ if (!BN_nnmod(r, t,m, ctx))
+ goto err;
bn_check_top(r);
- ret=1;
+ ret = 1;
+
err:
BN_CTX_end(ctx);
- return(ret);
- }
-
+ return (ret);
+}
-int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
- {
- if (!BN_sqr(r, a, ctx)) return 0;
+int
+BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+{
+ if (!BN_sqr(r, a, ctx))
+ return 0;
/* r->neg == 0, thus we don't need BN_nnmod */
return BN_mod(r, r, m, ctx);
- }
-
+}
-int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
- {
- if (!BN_lshift1(r, a)) return 0;
+int
+BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+{
+ if (!BN_lshift1(r, a))
+ return 0;
bn_check_top(r);
return BN_nnmod(r, r, m, ctx);
- }
-
+}
/* BN_mod_lshift1 variant that may be used if a is non-negative
* and less than m */
-int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
- {
- if (!BN_lshift1(r, a)) return 0;
+int
+BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
+{
+ if (!BN_lshift1(r, a))
+ return 0;
bn_check_top(r);
if (BN_cmp(r, m) >= 0)
return BN_sub(r, r, m);
return 1;
- }
-
+}
-int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx)
- {
+int
+BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx)
+{
BIGNUM *abs_m = NULL;
int ret;
- if (!BN_nnmod(r, a, m, ctx)) return 0;
+ if (!BN_nnmod(r, a, m, ctx))
+ return 0;
- if (m->neg)
- {
+ if (m->neg) {
abs_m = BN_dup(m);
- if (abs_m == NULL) return 0;
+ if (abs_m == NULL)
+ return 0;
abs_m->neg = 0;
- }
-
+ }
+
ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
bn_check_top(r);
if (abs_m)
BN_free(abs_m);
return ret;
- }
-
+}
/* BN_mod_lshift variant that may be used if a is non-negative
* and less than m */
-int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
- {
- if (r != a)
- {
- if (BN_copy(r, a) == NULL) return 0;
- }
+int
+BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
+{
+ if (r != a) {
+ if (BN_copy(r, a) == NULL)
+ return 0;
+ }
- while (n > 0)
- {
+ while (n > 0) {
int max_shift;
-
+
/* 0 < r < m */
max_shift = BN_num_bits(m) - BN_num_bits(r);
/* max_shift >= 0 */
- if (max_shift < 0)
- {
+ if (max_shift < 0) {
BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
return 0;
- }
+ }
if (max_shift > n)
max_shift = n;
- if (max_shift)
- {
- if (!BN_lshift(r, r, max_shift)) return 0;
+ if (max_shift) {
+ if (!BN_lshift(r, r, max_shift))
+ return 0;
n -= max_shift;
- }
- else
- {
- if (!BN_lshift1(r, r)) return 0;
+ } else {
+ if (!BN_lshift1(r, r))
+ return 0;
--n;
- }
+ }
/* BN_num_bits(r) <= BN_num_bits(m) */
- if (BN_cmp(r, m) >= 0)
- {
- if (!BN_sub(r, r, m)) return 0;
- }
+ if (BN_cmp(r, m) >= 0) {
+ if (!BN_sub(r, r, m))
+ return 0;
}
+ }
bn_check_top(r);
-
+
return 1;
- }
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
#endif
-int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- BN_MONT_CTX *mont, BN_CTX *ctx)
- {
+int
+BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ BN_MONT_CTX *mont, BN_CTX *ctx)
+{
BIGNUM *tmp;
- int ret=0;
+ int ret = 0;
#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
int num = mont->N.top;
- if (num>1 && a->top==num && b->top==num)
- {
- if (bn_wexpand(r,num) == NULL) return(0);
- if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num))
- {
+ if (num > 1 && a->top == num && b->top == num) {
+ if (bn_wexpand(r, num) == NULL)
+ return (0);
+ if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
r->neg = a->neg^b->neg;
r->top = num;
bn_correct_top(r);
- return(1);
- }
+ return (1);
}
+ }
#endif
BN_CTX_start(ctx);
tmp = BN_CTX_get(ctx);
- if (tmp == NULL) goto err;
+ if (tmp == NULL)
+ goto err;
bn_check_top(tmp);
- if (a == b)
- {
- if (!BN_sqr(tmp,a,ctx)) goto err;
- }
- else
- {
- if (!BN_mul(tmp,a,b,ctx)) goto err;
- }
+ if (a == b) {
+ if (!BN_sqr(tmp, a, ctx))
+ goto err;
+ } else {
+ if (!BN_mul(tmp, a,b, ctx))
+ goto err;
+ }
/* reduce from aRR to aR */
#ifdef MONT_WORD
- if (!BN_from_montgomery_word(r,tmp,mont)) goto err;
+ if (!BN_from_montgomery_word(r, tmp, mont))
+ goto err;
#else
- if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
+ if (!BN_from_montgomery(r, tmp, mont, ctx))
+ goto err;
#endif
bn_check_top(r);
- ret=1;
+ ret = 1;
err:
BN_CTX_end(ctx);
- return(ret);
- }
+ return (ret);
+}
#ifdef MONT_WORD
-static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
- {
+static int
+BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
+{
BIGNUM *n;
- BN_ULONG *ap,*np,*rp,n0,v,carry;
- int nl,max,i;
-
- n= &(mont->N);
- nl=n->top;
- if (nl == 0) { ret->top=0; return(1); }
+ BN_ULONG *ap, *np, *rp, n0, v, carry;
+ int nl, max, i;
+
+ n = &(mont->N);
+ nl = n->top;
+ if (nl == 0) {
+ ret->top = 0;
+ return (1);
+ }
- max=(2*nl); /* carry is stored separately */
- if (bn_wexpand(r,max) == NULL) return(0);
+ max = (2 * nl); /* carry is stored separately */
+ if (bn_wexpand(r, max) == NULL)
+ return (0);
- r->neg^=n->neg;
- np=n->d;
- rp=r->d;
+ r->neg ^= n->neg;
+ np = n->d;
+ rp = r->d;
/* clear the top words of T */
#if 1
for (i=r->top; i<max; i++) /* memset? XXX */
- rp[i]=0;
+ rp[i] = 0;
#else
- memset(&(rp[r->top]),0,(max-r->top)*sizeof(BN_ULONG));
+ memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG));
#endif
- r->top=max;
- n0=mont->n0[0];
+ r->top = max;
+ n0 = mont->n0[0];
#ifdef BN_COUNT
- fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl);
+ fprintf(stderr, "word BN_from_montgomery_word %d * %d\n", nl, nl);
#endif
- for (carry=0, i=0; i<nl; i++, rp++)
- {
- v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
- v = (v+carry+rp[nl])&BN_MASK2;
+ for (carry = 0, i = 0; i < nl; i++, rp++) {
+ v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2);
+ v = (v + carry + rp[nl]) & BN_MASK2;
carry |= (v != rp[nl]);
carry &= (v <= rp[nl]);
- rp[nl]=v;
- }
+ rp[nl] = v;
+ }
- if (bn_wexpand(ret,nl) == NULL) return(0);
- ret->top=nl;
- ret->neg=r->neg;
+ if (bn_wexpand(ret, nl) == NULL)
+ return (0);
+ ret->top = nl;
+ ret->neg = r->neg;
- rp=ret->d;
- ap=&(r->d[nl]);
+ rp = ret->d;
+ ap = &(r->d[nl]);
#define BRANCH_FREE 1
#if BRANCH_FREE
{
- BN_ULONG *nrp;
- size_t m;
-
- v=bn_sub_words(rp,ap,np,nl)-carry;
- /* if subtraction result is real, then
- * trick unconditional memcpy below to perform in-place
- * "refresh" instead of actual copy. */
- m=(0-(size_t)v);
- nrp=(BN_ULONG *)(((uintptr_t)rp&~m)|((uintptr_t)ap&m));
-
- for (i=0,nl-=4; i<nl; i+=4)
- {
- BN_ULONG t1,t2,t3,t4;
-
- t1=nrp[i+0];
- t2=nrp[i+1];
- t3=nrp[i+2]; ap[i+0]=0;
- t4=nrp[i+3]; ap[i+1]=0;
- rp[i+0]=t1; ap[i+2]=0;
- rp[i+1]=t2; ap[i+3]=0;
- rp[i+2]=t3;
- rp[i+3]=t4;
+ BN_ULONG *nrp;
+ size_t m;
+
+ v = bn_sub_words(rp, ap, np, nl) - carry;
+ /* if subtraction result is real, then
+ * trick unconditional memcpy below to perform in-place
+ * "refresh" instead of actual copy. */
+ m = (0 - (size_t)v);
+ nrp = (BN_ULONG *)(((uintptr_t)rp & ~m)|((uintptr_t)ap & m));
+
+ for (i = 0, nl -= 4; i < nl; i += 4) {
+ BN_ULONG t1, t2, t3, t4;
+
+ t1 = nrp[i + 0];
+ t2 = nrp[i + 1];
+ t3 = nrp[i + 2];
+ ap[i + 0] = 0;
+ t4 = nrp[i + 3];
+ ap[i + 1] = 0;
+ rp[i + 0] = t1;
+ ap[i + 2] = 0;
+ rp[i + 1] = t2;
+ ap[i + 3] = 0;
+ rp[i + 2] = t3;
+ rp[i + 3] = t4;
}
- for (nl+=4; i<nl; i++)
- rp[i]=nrp[i], ap[i]=0;
+ for (nl += 4; i < nl; i++)
+ rp[i] = nrp[i], ap[i] = 0;
}
#else
- if (bn_sub_words (rp,ap,np,nl)-carry)
- memcpy(rp,ap,nl*sizeof(BN_ULONG));
+ if (bn_sub_words (rp, ap, np, nl) - carry)
+ memcpy(rp, ap, nl*sizeof(BN_ULONG));
#endif
bn_correct_top(r);
bn_correct_top(ret);
bn_check_top(ret);
- return(1);
- }
+ return (1);
+}
#endif /* MONT_WORD */
-int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
- BN_CTX *ctx)
- {
- int retn=0;
+int
+BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx)
+{
+ int retn = 0;
#ifdef MONT_WORD
BIGNUM *t;
BN_CTX_start(ctx);
- if ((t = BN_CTX_get(ctx)) && BN_copy(t,a))
- retn = BN_from_montgomery_word(ret,t,mont);
+ if ((t = BN_CTX_get(ctx)) && BN_copy(t, a))
+ retn = BN_from_montgomery_word(ret, t, mont);
BN_CTX_end(ctx);
#else /* !MONT_WORD */
- BIGNUM *t1,*t2;
+ BIGNUM *t1, *t2;
BN_CTX_start(ctx);
t1 = BN_CTX_get(ctx);
t2 = BN_CTX_get(ctx);
- if (t1 == NULL || t2 == NULL) goto err;
-
- if (!BN_copy(t1,a)) goto err;
- BN_mask_bits(t1,mont->ri);
-
- if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err;
- BN_mask_bits(t2,mont->ri);
-
- if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
- if (!BN_add(t2,a,t1)) goto err;
- if (!BN_rshift(ret,t2,mont->ri)) goto err;
-
- if (BN_ucmp(ret, &(mont->N)) >= 0)
- {
- if (!BN_usub(ret,ret,&(mont->N))) goto err;
- }
- retn=1;
+ if (t1 == NULL || t2 == NULL)
+ goto err;
+
+ if (!BN_copy(t1, a))
+ goto err;
+ BN_mask_bits(t1, mont->ri);
+
+ if (!BN_mul(t2, t1, &mont->Ni, ctx))
+ goto err;
+ BN_mask_bits(t2, mont->ri);
+
+ if (!BN_mul(t1, t2, &mont->N, ctx))
+ goto err;
+ if (!BN_add(t2, a, t1))
+ goto err;
+ if (!BN_rshift(ret, t2, mont->ri))
+ goto err;
+
+ if (BN_ucmp(ret, &(mont->N)) >= 0) {
+ if (!BN_usub(ret, ret, &(mont->N)))
+ goto err;
+ }
+ retn = 1;
bn_check_top(ret);
- err:
+
+err:
BN_CTX_end(ctx);
#endif /* MONT_WORD */
- return(retn);
- }
+ return (retn);
+}
-BN_MONT_CTX *BN_MONT_CTX_new(void)
- {
+BN_MONT_CTX *
+BN_MONT_CTX_new(void)
+{
BN_MONT_CTX *ret;
- if ((ret=(BN_MONT_CTX *)malloc(sizeof(BN_MONT_CTX))) == NULL)
- return(NULL);
+ if ((ret = (BN_MONT_CTX *)malloc(sizeof(BN_MONT_CTX))) == NULL)
+ return (NULL);
BN_MONT_CTX_init(ret);
- ret->flags=BN_FLG_MALLOCED;
- return(ret);
- }
-
-void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
- {
- ctx->ri=0;
+ ret->flags = BN_FLG_MALLOCED;
+ return (ret);
+}
+
+void
+BN_MONT_CTX_init(BN_MONT_CTX *ctx)
+{
+ ctx->ri = 0;
BN_init(&(ctx->RR));
BN_init(&(ctx->N));
BN_init(&(ctx->Ni));
ctx->n0[0] = ctx->n0[1] = 0;
- ctx->flags=0;
- }
+ ctx->flags = 0;
+}
-void BN_MONT_CTX_free(BN_MONT_CTX *mont)
- {
- if(mont == NULL)
- return;
+void
+BN_MONT_CTX_free(BN_MONT_CTX *mont)
+{
+ if (mont == NULL)
+ return;
BN_clear_free(&(mont->RR));
BN_clear_free(&(mont->N));
BN_clear_free(&(mont->Ni));
if (mont->flags & BN_FLG_MALLOCED)
free(mont);
- }
+}
-int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
- {
+int
+BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
+{
int ret = 0;
- BIGNUM *Ri,*R;
+ BIGNUM *Ri, *R;
BN_CTX_start(ctx);
- if((Ri = BN_CTX_get(ctx)) == NULL) goto err;
- R= &(mont->RR); /* grab RR as a temp */
- if (!BN_copy(&(mont->N),mod)) goto err; /* Set N */
+ if ((Ri = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ R = &(mont->RR); /* grab RR as a temp */
+ if (!BN_copy(&(mont->N), mod))
+ goto err; /* Set N */
mont->N.neg = 0;
#ifdef MONT_WORD
- {
+ {
BIGNUM tmod;
BN_ULONG buf[2];
BN_init(&tmod);
- tmod.d=buf;
- tmod.dmax=2;
- tmod.neg=0;
+ tmod.d = buf;
+ tmod.dmax = 2;
+ tmod.neg = 0;
- mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
+ mont->ri = (BN_num_bits(mod) +
+ (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
/* Only certain BN_BITS2<=32 platforms actually make use of
* files do know which is which. */
BN_zero(R);
- if (!(BN_set_bit(R,2*BN_BITS2))) goto err;
+ if (!(BN_set_bit(R, 2 * BN_BITS2)))
+ goto err;
- tmod.top=0;
- if ((buf[0] = mod->d[0])) tmod.top=1;
- if ((buf[1] = mod->top>1 ? mod->d[1] : 0)) tmod.top=2;
+ tmod.top = 0;
+ if ((buf[0] = mod->d[0]))
+ tmod.top = 1;
+ if ((buf[1] = mod->top > 1 ? mod->d[1] : 0))
+ tmod.top = 2;
- if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
+ if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
goto err;
- if (!BN_lshift(Ri,Ri,2*BN_BITS2)) goto err; /* R*Ri */
- if (!BN_is_zero(Ri))
- {
- if (!BN_sub_word(Ri,1)) goto err;
- }
+ if (!BN_lshift(Ri, Ri, 2 * BN_BITS2))
+ goto err; /* R*Ri */
+ if (!BN_is_zero(Ri)) {
+ if (!BN_sub_word(Ri, 1))
+ goto err;
+ }
else /* if N mod word size == 1 */
- {
- if (bn_expand(Ri,(int)sizeof(BN_ULONG)*2) == NULL)
+ {
+ if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL)
goto err;
/* Ri-- (mod double word size) */
- Ri->neg=0;
- Ri->d[0]=BN_MASK2;
- Ri->d[1]=BN_MASK2;
- Ri->top=2;
- }
- if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
+ Ri->neg = 0;
+ Ri->d[0] = BN_MASK2;
+ Ri->d[1] = BN_MASK2;
+ Ri->top = 2;
+ }
+ if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
+ goto err;
/* Ni = (R*Ri-1)/N,
* keep only couple of least significant words: */
mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
#else
BN_zero(R);
- if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */
+ if (!(BN_set_bit(R, BN_BITS2)))
+ goto err; /* R */
- buf[0]=mod->d[0]; /* tmod = N mod word size */
- buf[1]=0;
+ buf[0] = mod->d[0]; /* tmod = N mod word size */
+ buf[1] = 0;
tmod.top = buf[0] != 0 ? 1 : 0;
- /* Ri = R^-1 mod N*/
- if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
+ /* Ri = R^-1 mod N*/
+ if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
goto err;
- if (!BN_lshift(Ri,Ri,BN_BITS2)) goto err; /* R*Ri */
- if (!BN_is_zero(Ri))
- {
- if (!BN_sub_word(Ri,1)) goto err;
- }
+ if (!BN_lshift(Ri, Ri, BN_BITS2))
+ goto err; /* R*Ri */
+ if (!BN_is_zero(Ri)) {
+ if (!BN_sub_word(Ri, 1))
+ goto err;
+ }
else /* if N mod word size == 1 */
- {
- if (!BN_set_word(Ri,BN_MASK2)) goto err; /* Ri-- (mod word size) */
- }
- if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
+ {
+ if (!BN_set_word(Ri, BN_MASK2))
+ goto err; /* Ri-- (mod word size) */
+ }
+ if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
+ goto err;
/* Ni = (R*Ri-1)/N,
* keep only least significant word: */
mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
mont->n0[1] = 0;
#endif
- }
+ }
#else /* !MONT_WORD */
- { /* bignum version */
- mont->ri=BN_num_bits(&mont->N);
+ { /* bignum version */
+ mont->ri = BN_num_bits(&mont->N);
BN_zero(R);
- if (!BN_set_bit(R,mont->ri)) goto err; /* R = 2^ri */
- /* Ri = R^-1 mod N*/
- if ((BN_mod_inverse(Ri,R,&mont->N,ctx)) == NULL)
+ if (!BN_set_bit(R, mont->ri))
+ goto err; /* R = 2^ri */
+ /* Ri = R^-1 mod N*/
+ if ((BN_mod_inverse(Ri, R, &mont->N, ctx)) == NULL)
goto err;
- if (!BN_lshift(Ri,Ri,mont->ri)) goto err; /* R*Ri */
- if (!BN_sub_word(Ri,1)) goto err;
- /* Ni = (R*Ri-1) / N */
- if (!BN_div(&(mont->Ni),NULL,Ri,&mont->N,ctx)) goto err;
- }
+ if (!BN_lshift(Ri, Ri, mont->ri))
+ goto err; /* R*Ri */
+ if (!BN_sub_word(Ri, 1))
+ goto err;
+ /* Ni = (R*Ri-1) / N */
+ if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx))
+ goto err;
+ }
#endif
/* setup RR for conversions */
BN_zero(&(mont->RR));
- if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err;
- if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err;
+ if (!BN_set_bit(&(mont->RR), mont->ri*2))
+ goto err;
+ if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
+ goto err;
ret = 1;
+
err:
BN_CTX_end(ctx);
return ret;
- }
-
-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
- {
- if (to == from) return(to);
-
- if (!BN_copy(&(to->RR),&(from->RR))) return NULL;
- if (!BN_copy(&(to->N),&(from->N))) return NULL;
- if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL;
- to->ri=from->ri;
- to->n0[0]=from->n0[0];
- to->n0[1]=from->n0[1];
- return(to);
- }
-
-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
- const BIGNUM *mod, BN_CTX *ctx)
- {
+}
+
+BN_MONT_CTX *
+BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
+{
+ if (to == from)
+ return (to);
+
+ if (!BN_copy(&(to->RR), &(from->RR)))
+ return NULL;
+ if (!BN_copy(&(to->N), &(from->N)))
+ return NULL;
+ if (!BN_copy(&(to->Ni), &(from->Ni)))
+ return NULL;
+ to->ri = from->ri;
+ to->n0[0] = from->n0[0];
+ to->n0[1] = from->n0[1];
+ return (to);
+}
+
+BN_MONT_CTX *
+BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, const BIGNUM *mod,
+ BN_CTX *ctx)
+{
int got_write_lock = 0;
BN_MONT_CTX *ret;
CRYPTO_r_lock(lock);
- if (!*pmont)
- {
+ if (!*pmont) {
CRYPTO_r_unlock(lock);
CRYPTO_w_lock(lock);
got_write_lock = 1;
- if (!*pmont)
- {
+ if (!*pmont) {
ret = BN_MONT_CTX_new();
if (ret && !BN_MONT_CTX_set(ret, mod, ctx))
BN_MONT_CTX_free(ret);
else
*pmont = ret;
- }
}
-
+ }
+
ret = *pmont;
-
+
if (got_write_lock)
CRYPTO_w_unlock(lock);
else
CRYPTO_r_unlock(lock);
-
+
return ret;
- }
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#include "cryptlib.h"
#include "bn_lcl.h"
-int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
- {
+int
+BN_bn2mpi(const BIGNUM *a, unsigned char *d)
+{
int bits;
- int num=0;
- int ext=0;
+ int num = 0;
+ int ext = 0;
long l;
- bits=BN_num_bits(a);
- num=(bits+7)/8;
- if (bits > 0)
- {
- ext=((bits & 0x07) == 0);
- }
+ bits = BN_num_bits(a);
+ num = (bits + 7) / 8;
+ if (bits > 0) {
+ ext = ((bits & 0x07) == 0);
+ }
if (d == NULL)
- return(num+4+ext);
+ return (num + 4 + ext);
- l=num+ext;
- d[0]=(unsigned char)(l>>24)&0xff;
- d[1]=(unsigned char)(l>>16)&0xff;
- d[2]=(unsigned char)(l>> 8)&0xff;
- d[3]=(unsigned char)(l )&0xff;
- if (ext) d[4]=0;
- num=BN_bn2bin(a,&(d[4+ext]));
+ l = num + ext;
+ d[0] = (unsigned char)(l >> 24) & 0xff;
+ d[1] = (unsigned char)(l >> 16) & 0xff;
+ d[2] = (unsigned char)(l >> 8) & 0xff;
+ d[3] = (unsigned char)(l) & 0xff;
+ if (ext)
+ d[4] = 0;
+ num = BN_bn2bin(a, &(d[4 + ext]));
if (a->neg)
- d[4]|=0x80;
- return(num+4+ext);
- }
+ d[4] |= 0x80;
+ return (num + 4 + ext);
+}
-BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
- {
+BIGNUM *
+BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
+{
long len;
- int neg=0;
+ int neg = 0;
- if (n < 4)
- {
- BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH);
- return(NULL);
- }
- len=((long)d[0]<<24)|((long)d[1]<<16)|((int)d[2]<<8)|(int)d[3];
- if ((len+4) != n)
- {
- BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR);
- return(NULL);
- }
+ if (n < 4) {
+ BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
+ return (NULL);
+ }
+ len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) |
+ (int)d[3];
+ if ((len + 4) != n) {
+ BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR);
+ return (NULL);
+ }
- if (a == NULL) a=BN_new();
- if (a == NULL) return(NULL);
+ if (a == NULL)
+ a = BN_new();
+ if (a == NULL)
+ return (NULL);
- if (len == 0)
- {
- a->neg=0;
- a->top=0;
- return(a);
- }
- d+=4;
+ if (len == 0) {
+ a->neg = 0;
+ a->top = 0;
+ return (a);
+ }
+ d += 4;
if ((*d) & 0x80)
- neg=1;
- if (BN_bin2bn(d,(int)len,a) == NULL)
- return(NULL);
- a->neg=neg;
- if (neg)
- {
- BN_clear_bit(a,BN_num_bits(a)-1);
- }
- bn_check_top(a);
- return(a);
+ neg = 1;
+ if (BN_bin2bn(d, (int)len, a) == NULL)
+ return (NULL);
+ a->neg = neg;
+ if (neg) {
+ BN_clear_bit(a, BN_num_bits(a) - 1);
}
-
+ bn_check_top(a);
+ return (a);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
These functions should probably end up in bn_asm.c as soon as there are
assembler counterparts for the systems that use assembler files. */
-BN_ULONG bn_sub_part_words(BN_ULONG *r,
- const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl)
- {
+BN_ULONG
+bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int cl,
+ int dl)
+{
BN_ULONG c, t;
assert(cl >= 0);
a += cl;
b += cl;
- if (dl < 0)
- {
+ if (dl < 0) {
#ifdef BN_COUNT
- fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c);
+ fprintf(stderr,
+ " bn_sub_part_words %d + %d (dl < 0, c = %d)\n",
+ cl, dl, c);
#endif
- for (;;)
- {
+ for (;;) {
t = b[0];
- r[0] = (0-t-c)&BN_MASK2;
- if (t != 0) c=1;
- if (++dl >= 0) break;
+ r[0] = (0 - t - c) & BN_MASK2;
+ if (t != 0)
+ c = 1;
+ if (++dl >= 0)
+ break;
t = b[1];
- r[1] = (0-t-c)&BN_MASK2;
- if (t != 0) c=1;
- if (++dl >= 0) break;
+ r[1] = (0 - t - c) & BN_MASK2;
+ if (t != 0)
+ c = 1;
+ if (++dl >= 0)
+ break;
t = b[2];
- r[2] = (0-t-c)&BN_MASK2;
- if (t != 0) c=1;
- if (++dl >= 0) break;
+ r[2] = (0 - t - c) & BN_MASK2;
+ if (t != 0)
+ c = 1;
+ if (++dl >= 0)
+ break;
t = b[3];
- r[3] = (0-t-c)&BN_MASK2;
- if (t != 0) c=1;
- if (++dl >= 0) break;
+ r[3] = (0 - t - c) & BN_MASK2;
+ if (t != 0)
+ c = 1;
+ if (++dl >= 0)
+ break;
b += 4;
r += 4;
- }
}
- else
- {
+ } else {
int save_dl = dl;
#ifdef BN_COUNT
- fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, dl, c);
+ fprintf(stderr,
+ " bn_sub_part_words %d + %d (dl > 0, c = %d)\n",
+ cl, dl, c);
#endif
- while(c)
- {
+ while (c) {
t = a[0];
- r[0] = (t-c)&BN_MASK2;
- if (t != 0) c=0;
- if (--dl <= 0) break;
+ r[0] = (t - c) & BN_MASK2;
+ if (t != 0)
+ c = 0;
+ if (--dl <= 0)
+ break;
t = a[1];
- r[1] = (t-c)&BN_MASK2;
- if (t != 0) c=0;
- if (--dl <= 0) break;
+ r[1] = (t - c) & BN_MASK2;
+ if (t != 0)
+ c = 0;
+ if (--dl <= 0)
+ break;
t = a[2];
- r[2] = (t-c)&BN_MASK2;
- if (t != 0) c=0;
- if (--dl <= 0) break;
+ r[2] = (t - c) & BN_MASK2;
+ if (t != 0)
+ c = 0;
+ if (--dl <= 0)
+ break;
t = a[3];
- r[3] = (t-c)&BN_MASK2;
- if (t != 0) c=0;
- if (--dl <= 0) break;
+ r[3] = (t - c) & BN_MASK2;
+ if (t != 0)
+ c = 0;
+ if (--dl <= 0)
+ break;
save_dl = dl;
a += 4;
r += 4;
- }
- if (dl > 0)
- {
+ }
+ if (dl > 0) {
#ifdef BN_COUNT
- fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
+ fprintf(stderr,
+ " bn_sub_part_words %d + %d (dl > 0, c == 0)\n",
+ cl, dl);
#endif
- if (save_dl > dl)
- {
- switch (save_dl - dl)
- {
+ if (save_dl > dl) {
+ switch (save_dl - dl) {
case 1:
r[1] = a[1];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
case 2:
r[2] = a[2];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
case 3:
r[3] = a[3];
- if (--dl <= 0) break;
- }
+ if (--dl <= 0)
+ break;
+ }
a += 4;
r += 4;
- }
}
- if (dl > 0)
- {
+ }
+ if (dl > 0) {
#ifdef BN_COUNT
- fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", cl, dl);
+ fprintf(stderr,
+ " bn_sub_part_words %d + %d (dl > 0, copy)\n",
+ cl, dl);
#endif
- for(;;)
- {
+ for (;;) {
r[0] = a[0];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
r[1] = a[1];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
r[2] = a[2];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
r[3] = a[3];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
a += 4;
r += 4;
- }
}
}
- return c;
}
+ return c;
+}
#endif
-BN_ULONG bn_add_part_words(BN_ULONG *r,
- const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl)
- {
+BN_ULONG
+bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int cl,
+ int dl)
+{
BN_ULONG c, l, t;
assert(cl >= 0);
a += cl;
b += cl;
- if (dl < 0)
- {
+ if (dl < 0) {
int save_dl = dl;
#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c);
+ fprintf(stderr,
+ " bn_add_part_words %d + %d (dl < 0, c = %d)\n",
+ cl, dl, c);
#endif
- while (c)
- {
- l=(c+b[0])&BN_MASK2;
- c=(l < c);
- r[0]=l;
- if (++dl >= 0) break;
-
- l=(c+b[1])&BN_MASK2;
- c=(l < c);
- r[1]=l;
- if (++dl >= 0) break;
-
- l=(c+b[2])&BN_MASK2;
- c=(l < c);
- r[2]=l;
- if (++dl >= 0) break;
-
- l=(c+b[3])&BN_MASK2;
- c=(l < c);
- r[3]=l;
- if (++dl >= 0) break;
+ while (c) {
+ l = (c + b[0]) & BN_MASK2;
+ c = (l < c);
+ r[0] = l;
+ if (++dl >= 0)
+ break;
+
+ l = (c + b[1]) & BN_MASK2;
+ c = (l < c);
+ r[1] = l;
+ if (++dl >= 0)
+ break;
+
+ l = (c + b[2]) & BN_MASK2;
+ c = (l < c);
+ r[2] = l;
+ if (++dl >= 0)
+ break;
+
+ l = (c + b[3]) & BN_MASK2;
+ c = (l < c);
+ r[3] = l;
+ if (++dl >= 0)
+ break;
save_dl = dl;
- b+=4;
- r+=4;
- }
- if (dl < 0)
- {
+ b += 4;
+ r += 4;
+ }
+ if (dl < 0) {
#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", cl, dl);
+ fprintf(stderr,
+ " bn_add_part_words %d + %d (dl < 0, c == 0)\n",
+ cl, dl);
#endif
- if (save_dl < dl)
- {
- switch (dl - save_dl)
- {
+ if (save_dl < dl) {
+ switch (dl - save_dl) {
case 1:
r[1] = b[1];
- if (++dl >= 0) break;
+ if (++dl >= 0)
+ break;
case 2:
r[2] = b[2];
- if (++dl >= 0) break;
+ if (++dl >= 0)
+ break;
case 3:
r[3] = b[3];
- if (++dl >= 0) break;
- }
+ if (++dl >= 0)
+ break;
+ }
b += 4;
r += 4;
- }
}
- if (dl < 0)
- {
+ }
+ if (dl < 0) {
#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", cl, dl);
+ fprintf(stderr,
+ " bn_add_part_words %d + %d (dl < 0, copy)\n",
+ cl, dl);
#endif
- for(;;)
- {
+ for (;;) {
r[0] = b[0];
- if (++dl >= 0) break;
+ if (++dl >= 0)
+ break;
r[1] = b[1];
- if (++dl >= 0) break;
+ if (++dl >= 0)
+ break;
r[2] = b[2];
- if (++dl >= 0) break;
+ if (++dl >= 0)
+ break;
r[3] = b[3];
- if (++dl >= 0) break;
+ if (++dl >= 0)
+ break;
b += 4;
r += 4;
- }
}
}
- else
- {
+ } else {
int save_dl = dl;
#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl);
+ fprintf(stderr,
+ " bn_add_part_words %d + %d (dl > 0)\n", cl, dl);
#endif
- while (c)
- {
- t=(a[0]+c)&BN_MASK2;
- c=(t < c);
- r[0]=t;
- if (--dl <= 0) break;
-
- t=(a[1]+c)&BN_MASK2;
- c=(t < c);
- r[1]=t;
- if (--dl <= 0) break;
-
- t=(a[2]+c)&BN_MASK2;
- c=(t < c);
- r[2]=t;
- if (--dl <= 0) break;
-
- t=(a[3]+c)&BN_MASK2;
- c=(t < c);
- r[3]=t;
- if (--dl <= 0) break;
+ while (c) {
+ t = (a[0] + c) & BN_MASK2;
+ c = (t < c);
+ r[0] = t;
+ if (--dl <= 0)
+ break;
+
+ t = (a[1] + c) & BN_MASK2;
+ c = (t < c);
+ r[1] = t;
+ if (--dl <= 0)
+ break;
+
+ t = (a[2] + c) & BN_MASK2;
+ c = (t < c);
+ r[2] = t;
+ if (--dl <= 0)
+ break;
+
+ t = (a[3] + c) & BN_MASK2;
+ c = (t < c);
+ r[3] = t;
+ if (--dl <= 0)
+ break;
save_dl = dl;
- a+=4;
- r+=4;
- }
+ a += 4;
+ r += 4;
+ }
#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
+ fprintf(stderr,
+ " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
#endif
- if (dl > 0)
- {
- if (save_dl > dl)
- {
- switch (save_dl - dl)
- {
+ if (dl > 0) {
+ if (save_dl > dl) {
+ switch (save_dl - dl) {
case 1:
r[1] = a[1];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
case 2:
r[2] = a[2];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
case 3:
r[3] = a[3];
- if (--dl <= 0) break;
- }
+ if (--dl <= 0)
+ break;
+ }
a += 4;
r += 4;
- }
}
- if (dl > 0)
- {
+ }
+ if (dl > 0) {
#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", cl, dl);
+ fprintf(stderr,
+ " bn_add_part_words %d + %d (dl > 0, copy)\n",
+ cl, dl);
#endif
- for(;;)
- {
+ for (;;) {
r[0] = a[0];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
r[1] = a[1];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
r[2] = a[2];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
r[3] = a[3];
- if (--dl <= 0) break;
+ if (--dl <= 0)
+ break;
a += 4;
r += 4;
- }
}
}
- return c;
}
+ return c;
+}
#ifdef BN_RECURSION
/* Karatsuba recursive multiplication algorithm
* a[1]*b[1]
*/
/* dnX may not be positive, but n2/2+dnX has to be */
-void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
- int dna, int dnb, BN_ULONG *t)
- {
- int n=n2/2,c1,c2;
- int tna=n+dna, tnb=n+dnb;
- unsigned int neg,zero;
- BN_ULONG ln,lo,*p;
+void
+bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, int dna,
+ int dnb, BN_ULONG *t)
+{
+ int n = n2 / 2, c1, c2;
+ int tna = n + dna, tnb = n + dnb;
+ unsigned int neg, zero;
+ BN_ULONG ln, lo, *p;
# ifdef BN_COUNT
- fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb);
+ fprintf(stderr, " bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb);
# endif
# ifdef BN_MUL_COMBA
# if 0
- if (n2 == 4)
- {
- bn_mul_comba4(r,a,b);
+ if (n2 == 4) {
+ bn_mul_comba4(r, a, b);
return;
- }
+ }
# endif
/* Only call bn_mul_comba 8 if n2 == 8 and the
* two arrays are complete [steve]
*/
- if (n2 == 8 && dna == 0 && dnb == 0)
- {
- bn_mul_comba8(r,a,b);
- return;
- }
+ if (n2 == 8 && dna == 0 && dnb == 0) {
+ bn_mul_comba8(r, a, b);
+ return;
+ }
# endif /* BN_MUL_COMBA */
/* Else do normal multiply */
- if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
- {
- bn_mul_normal(r,a,n2+dna,b,n2+dnb);
+ if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) {
+ bn_mul_normal(r, a, n2 + dna, b, n2 + dnb);
if ((dna + dnb) < 0)
memset(&r[2*n2 + dna + dnb], 0,
- sizeof(BN_ULONG) * -(dna + dnb));
+ sizeof(BN_ULONG) * -(dna + dnb));
return;
- }
+ }
/* r=(a[0]-a[1])*(b[1]-b[0]) */
- c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
- c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
- zero=neg=0;
- switch (c1*3+c2)
- {
+ c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna);
+ c2 = bn_cmp_part_words(&(b[n]), b,tnb, tnb - n);
+ zero = neg = 0;
+ switch (c1 * 3 + c2) {
case -4:
- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
+ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
break;
case -3:
- zero=1;
+ zero = 1;
break;
case -2:
- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */
- neg=1;
+ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
+ neg = 1;
break;
case -1:
case 0:
case 1:
- zero=1;
+ zero = 1;
break;
case 2:
- bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */
- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
- neg=1;
+ bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
+ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+ neg = 1;
break;
case 3:
- zero=1;
+ zero = 1;
break;
case 4:
- bn_sub_part_words(t, a, &(a[n]),tna,n-tna);
- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n);
+ bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
+ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
break;
- }
+ }
# ifdef BN_MUL_COMBA
if (n == 4 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba4 could take
extra args to do this well */
- {
+ {
if (!zero)
- bn_mul_comba4(&(t[n2]),t,&(t[n]));
+ bn_mul_comba4(&(t[n2]), t, &(t[n]));
else
- memset(&(t[n2]),0,8*sizeof(BN_ULONG));
-
- bn_mul_comba4(r,a,b);
- bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n]));
- }
- else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could
+ memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG));
+
+ bn_mul_comba4(r, a, b);
+ bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n]));
+ } else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could
take extra args to do this
well */
- {
+ {
if (!zero)
- bn_mul_comba8(&(t[n2]),t,&(t[n]));
+ bn_mul_comba8(&(t[n2]), t, &(t[n]));
else
- memset(&(t[n2]),0,16*sizeof(BN_ULONG));
-
- bn_mul_comba8(r,a,b);
- bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
- }
- else
+ memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG));
+
+ bn_mul_comba8(r, a, b);
+ bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n]));
+ } else
# endif /* BN_MUL_COMBA */
- {
- p= &(t[n2*2]);
+ {
+ p = &(t[n2 * 2]);
if (!zero)
- bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p);
+ bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
else
- memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
- bn_mul_recursive(r,a,b,n,0,0,p);
- bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p);
- }
+ memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
+ bn_mul_recursive(r, a, b, n, 0, 0, p);
+ bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p);
+ }
/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
* r[10] holds (a[0]*b[0])
* r[32] holds (b[1]*b[1])
*/
- c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+ c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
if (neg) /* if t[32] is negative */
- {
- c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
- }
- else
- {
+ {
+ c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
+ } else {
/* Might have a carry */
- c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
- }
+ c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2));
+ }
/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
* r[10] holds (a[0]*b[0])
* r[32] holds (b[1]*b[1])
* c1 holds the carry bits
*/
- c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
- if (c1)
- {
- p= &(r[n+n2]);
+ c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+ if (c1) {
+ p = &(r[n + n2]);
lo= *p;
- ln=(lo+c1)&BN_MASK2;
- *p=ln;
+ ln = (lo + c1) & BN_MASK2;
+ *p = ln;
/* The overflow will stop before we over write
* words we should not overwrite */
- if (ln < (BN_ULONG)c1)
- {
- do {
+ if (ln < (BN_ULONG)c1) {
+ do {
p++;
lo= *p;
- ln=(lo+1)&BN_MASK2;
- *p=ln;
- } while (ln == 0);
- }
+ ln = (lo + 1) & BN_MASK2;
+ *p = ln;
+ } while (ln == 0);
}
}
+}
/* n+tn is the word length
* t needs to be n*4 is size, as does r */
/* tnX may not be negative but less than n */
-void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
- int tna, int tnb, BN_ULONG *t)
- {
- int i,j,n2=n*2;
- int c1,c2,neg;
- BN_ULONG ln,lo,*p;
+void
+bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, int tna,
+ int tnb, BN_ULONG *t)
+{
+ int i, j, n2 = n * 2;
+ int c1, c2, neg;
+ BN_ULONG ln, lo, *p;
# ifdef BN_COUNT
- fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
- n, tna, n, tnb);
+ fprintf(stderr, " bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
+ n, tna, n, tnb);
# endif
- if (n < 8)
- {
- bn_mul_normal(r,a,n+tna,b,n+tnb);
+ if (n < 8) {
+ bn_mul_normal(r, a, n + tna, b, n + tnb);
return;
- }
+ }
/* r=(a[0]-a[1])*(b[1]-b[0]) */
- c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
- c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
- neg=0;
- switch (c1*3+c2)
- {
+ c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna);
+ c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n);
+ neg = 0;
+ switch (c1 * 3 + c2) {
case -4:
- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
+ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
break;
case -3:
/* break; */
case -2:
- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */
- neg=1;
+ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
+ neg = 1;
break;
case -1:
case 0:
case 1:
/* break; */
case 2:
- bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */
- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
- neg=1;
+ bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
+ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+ neg = 1;
break;
case 3:
/* break; */
case 4:
- bn_sub_part_words(t, a, &(a[n]),tna,n-tna);
- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n);
+ bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
+ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
break;
- }
+ }
/* The zero case isn't yet implemented here. The speedup
would probably be negligible. */
# if 0
- if (n == 4)
- {
- bn_mul_comba4(&(t[n2]),t,&(t[n]));
- bn_mul_comba4(r,a,b);
- bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
- memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
- }
- else
+ if (n == 4) {
+ bn_mul_comba4(&(t[n2]), t, &(t[n]));
+ bn_mul_comba4(r, a, b);
+ bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn);
+ memset(&(r[n2 + tn * 2]), 0, sizeof(BN_ULONG) * (n2 - tn * 2));
+ } else
# endif
- if (n == 8)
- {
- bn_mul_comba8(&(t[n2]),t,&(t[n]));
- bn_mul_comba8(r,a,b);
- bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb);
- memset(&(r[n2+tna+tnb]),0,sizeof(BN_ULONG)*(n2-tna-tnb));
- }
- else
- {
- p= &(t[n2*2]);
- bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p);
- bn_mul_recursive(r,a,b,n,0,0,p);
- i=n/2;
+ if (n == 8) {
+ bn_mul_comba8(&(t[n2]), t, &(t[n]));
+ bn_mul_comba8(r, a, b);
+ bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
+ memset(&(r[n2 + tna + tnb]), 0,
+ sizeof(BN_ULONG) * (n2 - tna - tnb));
+ } else {
+ p = &(t[n2*2]);
+ bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
+ bn_mul_recursive(r, a, b, n, 0, 0, p);
+ i = n / 2;
/* If there is only a bottom half to the number,
* just do it */
if (tna > tnb)
j = tna - i;
else
j = tnb - i;
- if (j == 0)
- {
- bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),
- i,tna-i,tnb-i,p);
- memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
- }
+ if (j == 0) {
+ bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]),
+ i, tna - i, tnb - i, p);
+ memset(&(r[n2 + i * 2]), 0,
+ sizeof(BN_ULONG) * (n2 - i * 2));
+ }
else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
- {
- bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
- i,tna-i,tnb-i,p);
- memset(&(r[n2+tna+tnb]),0,
- sizeof(BN_ULONG)*(n2-tna-tnb));
- }
+ {
+ bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]),
+ i, tna - i, tnb - i, p);
+ memset(&(r[n2 + tna + tnb]), 0,
+ sizeof(BN_ULONG) * (n2 - tna - tnb));
+ }
else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
- {
- memset(&(r[n2]),0,sizeof(BN_ULONG)*n2);
- if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL
- && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL)
- {
- bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb);
- }
- else
- {
- for (;;)
- {
- i/=2;
+ {
+ memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2);
+ if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL &&
+ tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) {
+ bn_mul_normal(&(r[n2]), &(a[n]), tna,
+ &(b[n]), tnb);
+ } else {
+ for (;;) {
+ i /= 2;
/* these simplified conditions work
* exclusively because difference
* between tna and tnb is 1 or 0 */
- if (i < tna || i < tnb)
- {
+ if (i < tna || i < tnb) {
bn_mul_part_recursive(&(r[n2]),
- &(a[n]),&(b[n]),
- i,tna-i,tnb-i,p);
+ &(a[n]), &(b[n]), i,
+ tna - i, tnb - i, p);
break;
- }
- else if (i == tna || i == tnb)
- {
+ } else if (i == tna || i == tnb) {
bn_mul_recursive(&(r[n2]),
- &(a[n]),&(b[n]),
- i,tna-i,tnb-i,p);
+ &(a[n]), &(b[n]), i,
+ tna - i, tnb - i, p);
break;
- }
}
}
}
}
+ }
/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
* r[10] holds (a[0]*b[0])
* r[32] holds (b[1]*b[1])
*/
- c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+ c1 = (int)(bn_add_words(t, r,&(r[n2]), n2));
if (neg) /* if t[32] is negative */
- {
- c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
- }
- else
- {
+ {
+ c1 -= (int)(bn_sub_words(&(t[n2]), t,&(t[n2]), n2));
+ } else {
/* Might have a carry */
- c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
- }
+ c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2));
+ }
/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
* r[10] holds (a[0]*b[0])
* r[32] holds (b[1]*b[1])
* c1 holds the carry bits
*/
- c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
- if (c1)
- {
- p= &(r[n+n2]);
+ c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+ if (c1) {
+ p = &(r[n + n2]);
lo= *p;
- ln=(lo+c1)&BN_MASK2;
- *p=ln;
+ ln = (lo + c1)&BN_MASK2;
+ *p = ln;
/* The overflow will stop before we over write
* words we should not overwrite */
- if (ln < (BN_ULONG)c1)
- {
- do {
+ if (ln < (BN_ULONG)c1) {
+ do {
p++;
lo= *p;
- ln=(lo+1)&BN_MASK2;
- *p=ln;
- } while (ln == 0);
- }
+ ln = (lo + 1) & BN_MASK2;
+ *p = ln;
+ } while (ln == 0);
}
}
+}
/* a and b must be the same size, which is n2.
* r needs to be n2 words and t needs to be n2*2
*/
-void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
- BN_ULONG *t)
- {
- int n=n2/2;
+void
+bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, BN_ULONG *t)
+{
+ int n = n2 / 2;
# ifdef BN_COUNT
- fprintf(stderr," bn_mul_low_recursive %d * %d\n",n2,n2);
+ fprintf(stderr, " bn_mul_low_recursive %d * %d\n",n2,n2);
# endif
- bn_mul_recursive(r,a,b,n,0,0,&(t[0]));
- if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
- {
- bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
- bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
- bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));
- bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
- }
- else
- {
- bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);
- bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
- bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
- bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
- }
+ bn_mul_recursive(r, a, b, n, 0, 0, &(t[0]));
+ if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) {
+ bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2]));
+ bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+ bn_mul_low_recursive(&(t[0]), &(a[n]), &(b[0]), n, &(t[n2]));
+ bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+ } else {
+ bn_mul_low_normal(&(t[0]), &(a[0]), &(b[n]), n);
+ bn_mul_low_normal(&(t[n]), &(a[n]), &(b[0]), n);
+ bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+ bn_add_words(&(r[n]), &(r[n]), &(t[n]), n);
}
+}
/* a and b must be the same size, which is n2.
* r needs to be n2 words and t needs to be n2*2
* l is the low words of the output.
* t needs to be n2*3
*/
-void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
- BN_ULONG *t)
- {
- int i,n;
- int c1,c2;
- int neg,oneg,zero;
- BN_ULONG ll,lc,*lp,*mp;
+void
+bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
+ BN_ULONG *t)
+{
+ int i, n;
+ int c1, c2;
+ int neg, oneg, zero;
+ BN_ULONG ll, lc, *lp, *mp;
# ifdef BN_COUNT
- fprintf(stderr," bn_mul_high %d * %d\n",n2,n2);
+ fprintf(stderr, " bn_mul_high %d * %d\n",n2,n2);
# endif
- n=n2/2;
+ n = n2 / 2;
/* Calculate (al-ah)*(bh-bl) */
- neg=zero=0;
- c1=bn_cmp_words(&(a[0]),&(a[n]),n);
- c2=bn_cmp_words(&(b[n]),&(b[0]),n);
- switch (c1*3+c2)
- {
+ neg = zero = 0;
+ c1 = bn_cmp_words(&(a[0]), &(a[n]), n);
+ c2 = bn_cmp_words(&(b[n]), &(b[0]), n);
+ switch (c1 * 3 + c2) {
case -4:
- bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
- bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
+ bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n);
+ bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n);
break;
case -3:
- zero=1;
+ zero = 1;
break;
case -2:
- bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
- bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
- neg=1;
+ bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n);
+ bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n);
+ neg = 1;
break;
case -1:
case 0:
case 1:
- zero=1;
+ zero = 1;
break;
case 2:
- bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
- bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
- neg=1;
+ bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n);
+ bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n);
+ neg = 1;
break;
case 3:
- zero=1;
+ zero = 1;
break;
case 4:
- bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
- bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
+ bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n);
+ bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n);
break;
- }
-
- oneg=neg;
+ }
+
+ oneg = neg;
/* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
/* r[10] = (a[1]*b[1]) */
# ifdef BN_MUL_COMBA
- if (n == 8)
- {
- bn_mul_comba8(&(t[0]),&(r[0]),&(r[n]));
- bn_mul_comba8(r,&(a[n]),&(b[n]));
- }
- else
+ if (n == 8) {
+ bn_mul_comba8(&(t[0]), &(r[0]), &(r[n]));
+ bn_mul_comba8(r, &(a[n]), &(b[n]));
+ } else
# endif
- {
- bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,0,0,&(t[n2]));
- bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2]));
- }
+ {
+ bn_mul_recursive(&(t[0]), &(r[0]), &(r[n]), n, 0, 0, &(t[n2]));
+ bn_mul_recursive(r, &(a[n]), &(b[n]), n, 0, 0, &(t[n2]));
+ }
/* s0 == low(al*bl)
* s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
* high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
* high(al*bl) == s1 - (r[0]+l[0]+t[0])
*/
- if (l != NULL)
- {
- lp= &(t[n2+n]);
- c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n));
- }
- else
- {
- c1=0;
- lp= &(r[0]);
- }
+ if (l != NULL) {
+ lp = &(t[n2 + n]);
+ c1 = (int)(bn_add_words(lp, &(r[0]), &(l[0]), n));
+ } else {
+ c1 = 0;
+ lp = &(r[0]);
+ }
if (neg)
- neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n));
- else
- {
- bn_add_words(&(t[n2]),lp,&(t[0]),n);
- neg=0;
- }
+ neg = (int)(bn_sub_words(&(t[n2]), lp, &(t[0]), n));
+ else {
+ bn_add_words(&(t[n2]), lp, &(t[0]), n);
+ neg = 0;
+ }
- if (l != NULL)
- {
- bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);
- }
- else
- {
- lp= &(t[n2+n]);
- mp= &(t[n2]);
- for (i=0; i<n; i++)
- lp[i]=((~mp[i])+1)&BN_MASK2;
- }
+ if (l != NULL) {
+ bn_sub_words(&(t[n2 + n]), &(l[n]), &(t[n2]), n);
+ } else {
+ lp = &(t[n2 + n]);
+ mp = &(t[n2]);
+ for (i = 0; i < n; i++)
+ lp[i] = ((~mp[i]) + 1) & BN_MASK2;
+ }
/* s[0] = low(al*bl)
* t[3] = high(al*bl)
* R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
* R[3]=r[1]+(carry/borrow)
*/
- if (l != NULL)
- {
- lp= &(t[n2]);
- c1= (int)(bn_add_words(lp,&(t[n2+n]),&(l[0]),n));
- }
- else
- {
- lp= &(t[n2+n]);
- c1=0;
- }
- c1+=(int)(bn_add_words(&(t[n2]),lp, &(r[0]),n));
+ if (l != NULL) {
+ lp = &(t[n2]);
+ c1 = (int)(bn_add_words(lp, &(t[n2 + n]), &(l[0]), n));
+ } else {
+ lp = &(t[n2 + n]);
+ c1 = 0;
+ }
+ c1 += (int)(bn_add_words(&(t[n2]), lp, &(r[0]), n));
if (oneg)
- c1-=(int)(bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n));
+ c1 -= (int)(bn_sub_words(&(t[n2]), &(t[n2]), &(t[0]), n));
else
- c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n));
+ c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), &(t[0]), n));
- c2 =(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n));
- c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(r[n]),n));
+ c2 = (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n2 + n]), n));
+ c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(r[n]), n));
if (oneg)
- c2-=(int)(bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n));
+ c2 -= (int)(bn_sub_words(&(r[0]), &(r[0]), &(t[n]), n));
else
- c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n]),n));
-
+ c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n]), n));
+
if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */
- {
- i=0;
- if (c1 > 0)
- {
- lc=c1;
- do {
- ll=(r[i]+lc)&BN_MASK2;
- r[i++]=ll;
- lc=(lc > ll);
- } while (lc);
- }
- else
- {
- lc= -c1;
- do {
- ll=r[i];
- r[i++]=(ll-lc)&BN_MASK2;
- lc=(lc > ll);
- } while (lc);
- }
+ {
+ i = 0;
+ if (c1 > 0) {
+ lc = c1;
+ do {
+ ll = (r[i] + lc) & BN_MASK2;
+ r[i++] = ll;
+ lc = (lc > ll);
+ } while (lc);
+ } else {
+ lc = -c1;
+ do {
+ ll = r[i];
+ r[i++] = (ll - lc) & BN_MASK2;
+ lc = (lc > ll);
+ } while (lc);
}
+ }
if (c2 != 0) /* Add starting at r[1] */
- {
- i=n;
- if (c2 > 0)
- {
- lc=c2;
- do {
- ll=(r[i]+lc)&BN_MASK2;
- r[i++]=ll;
- lc=(lc > ll);
- } while (lc);
- }
- else
- {
- lc= -c2;
- do {
- ll=r[i];
- r[i++]=(ll-lc)&BN_MASK2;
- lc=(lc > ll);
- } while (lc);
- }
+ {
+ i = n;
+ if (c2 > 0) {
+ lc = c2;
+ do {
+ ll = (r[i] + lc) & BN_MASK2;
+ r[i++] = ll;
+ lc = (lc > ll);
+ } while (lc);
+ } else {
+ lc = -c2;
+ do {
+ ll = r[i];
+ r[i++] = (ll - lc) & BN_MASK2;
+ lc = (lc > ll);
+ } while (lc);
}
}
+}
#endif /* BN_RECURSION */
-int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
- {
- int ret=0;
- int top,al,bl;
+int
+BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+ int ret = 0;
+ int top, al, bl;
BIGNUM *rr;
#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
int i;
#endif
#ifdef BN_RECURSION
- BIGNUM *t=NULL;
- int j=0,k;
+ BIGNUM *t = NULL;
+ int j = 0, k;
#endif
#ifdef BN_COUNT
- fprintf(stderr,"BN_mul %d * %d\n",a->top,b->top);
+ fprintf(stderr, "BN_mul %d * %d\n",a->top,b->top);
#endif
bn_check_top(a);
bn_check_top(b);
bn_check_top(r);
- al=a->top;
- bl=b->top;
+ al = a->top;
+ bl = b->top;
- if ((al == 0) || (bl == 0))
- {
+ if ((al == 0) || (bl == 0)) {
BN_zero(r);
- return(1);
- }
- top=al+bl;
+ return (1);
+ }
+ top = al + bl;
BN_CTX_start(ctx);
- if ((r == a) || (r == b))
- {
- if ((rr = BN_CTX_get(ctx)) == NULL) goto err;
- }
- else
+ if ((r == a) || (r == b)) {
+ if ((rr = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ } else
rr = r;
- rr->neg=a->neg^b->neg;
+ rr->neg = a->neg ^ b->neg;
#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
- i = al-bl;
+ i = al - bl;
#endif
#ifdef BN_MUL_COMBA
- if (i == 0)
- {
+ if (i == 0) {
# if 0
- if (al == 4)
- {
- if (bn_wexpand(rr,8) == NULL) goto err;
- rr->top=8;
- bn_mul_comba4(rr->d,a->d,b->d);
+ if (al == 4) {
+ if (bn_wexpand(rr, 8) == NULL)
+ goto err;
+ rr->top = 8;
+ bn_mul_comba4(rr->d, a->d, b->d);
goto end;
- }
+ }
# endif
- if (al == 8)
- {
- if (bn_wexpand(rr,16) == NULL) goto err;
- rr->top=16;
- bn_mul_comba8(rr->d,a->d,b->d);
+ if (al == 8) {
+ if (bn_wexpand(rr, 16) == NULL)
+ goto err;
+ rr->top = 16;
+ bn_mul_comba8(rr->d, a->d, b->d);
goto end;
- }
}
+ }
#endif /* BN_MUL_COMBA */
#ifdef BN_RECURSION
- if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL))
- {
- if (i >= -1 && i <= 1)
- {
+ if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) {
+ if (i >= -1 && i <= 1) {
/* Find out the power of two lower or equal
to the longest of the two numbers */
- if (i >= 0)
- {
+ if (i >= 0) {
j = BN_num_bits_word((BN_ULONG)al);
- }
- if (i == -1)
- {
+ }
+ if (i == -1) {
j = BN_num_bits_word((BN_ULONG)bl);
- }
- j = 1<<(j-1);
+ }
+ j = 1 << (j - 1);
assert(j <= al || j <= bl);
- k = j+j;
+ k = j + j;
t = BN_CTX_get(ctx);
if (t == NULL)
goto err;
- if (al > j || bl > j)
- {
- if (bn_wexpand(t,k*4) == NULL) goto err;
- if (bn_wexpand(rr,k*4) == NULL) goto err;
- bn_mul_part_recursive(rr->d,a->d,b->d,
- j,al-j,bl-j,t->d);
- }
+ if (al > j || bl > j) {
+ if (bn_wexpand(t, k * 4) == NULL)
+ goto err;
+ if (bn_wexpand(rr, k * 4) == NULL)
+ goto err;
+ bn_mul_part_recursive(rr->d, a->d, b->d,
+ j, al - j, bl - j, t->d);
+ }
else /* al <= j || bl <= j */
- {
- if (bn_wexpand(t,k*2) == NULL) goto err;
- if (bn_wexpand(rr,k*2) == NULL) goto err;
- bn_mul_recursive(rr->d,a->d,b->d,
- j,al-j,bl-j,t->d);
- }
- rr->top=top;
- goto end;
+ {
+ if (bn_wexpand(t, k * 2) == NULL)
+ goto err;
+ if (bn_wexpand(rr, k * 2) == NULL)
+ goto err;
+ bn_mul_recursive(rr->d, a->d, b->d,
+ j, al - j, bl - j, t->d);
}
+ rr->top = top;
+ goto end;
+ }
#if 0
- if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
- {
+ if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) {
BIGNUM *tmp_bn = (BIGNUM *)b;
- if (bn_wexpand(tmp_bn,al) == NULL) goto err;
- tmp_bn->d[bl]=0;
+ if (bn_wexpand(tmp_bn, al) == NULL)
+ goto err;
+ tmp_bn->d[bl] = 0;
bl++;
i--;
- }
- else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
- {
+ } else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) {
BIGNUM *tmp_bn = (BIGNUM *)a;
- if (bn_wexpand(tmp_bn,bl) == NULL) goto err;
- tmp_bn->d[al]=0;
+ if (bn_wexpand(tmp_bn, bl) == NULL)
+ goto err;
+ tmp_bn->d[al] = 0;
al++;
i++;
- }
- if (i == 0)
- {
+ }
+ if (i == 0) {
/* symmetric and > 4 */
/* 16 or larger */
- j=BN_num_bits_word((BN_ULONG)al);
- j=1<<(j-1);
- k=j+j;
+ j = BN_num_bits_word((BN_ULONG)al);
+ j = 1 << (j - 1);
+ k = j + j;
t = BN_CTX_get(ctx);
if (al == j) /* exact multiple */
- {
- if (bn_wexpand(t,k*2) == NULL) goto err;
- if (bn_wexpand(rr,k*2) == NULL) goto err;
- bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
- }
- else
- {
- if (bn_wexpand(t,k*4) == NULL) goto err;
- if (bn_wexpand(rr,k*4) == NULL) goto err;
- bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
- }
- rr->top=top;
- goto end;
+ {
+ if (bn_wexpand(t, k * 2) == NULL)
+ goto err;
+ if (bn_wexpand(rr, k * 2) == NULL)
+ goto err;
+ bn_mul_recursive(rr->d, a->d, b->d, al, t->d);
+ } else {
+ if (bn_wexpand(t, k * 4) == NULL)
+ goto err;
+ if (bn_wexpand(rr, k * 4) == NULL)
+ goto err;
+ bn_mul_part_recursive(rr->d, a->d, b->d,
+ al - j, j, t->d);
}
-#endif
+ rr->top = top;
+ goto end;
}
+#endif
+ }
#endif /* BN_RECURSION */
- if (bn_wexpand(rr,top) == NULL) goto err;
- rr->top=top;
- bn_mul_normal(rr->d,a->d,al,b->d,bl);
+ if (bn_wexpand(rr, top) == NULL)
+ goto err;
+ rr->top = top;
+ bn_mul_normal(rr->d, a->d, al, b->d, bl);
#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
end:
#endif
bn_correct_top(rr);
- if (r != rr) BN_copy(r,rr);
- ret=1;
+ if (r != rr)
+ BN_copy(r, rr);
+ ret = 1;
err:
bn_check_top(r);
BN_CTX_end(ctx);
- return(ret);
- }
+ return (ret);
+}
-void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
- {
+void
+bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
+{
BN_ULONG *rr;
#ifdef BN_COUNT
- fprintf(stderr," bn_mul_normal %d * %d\n",na,nb);
+ fprintf(stderr, " bn_mul_normal %d * %d\n", na, nb);
#endif
- if (na < nb)
- {
+ if (na < nb) {
int itmp;
BN_ULONG *ltmp;
- itmp=na; na=nb; nb=itmp;
- ltmp=a; a=b; b=ltmp;
+ itmp = na;
+ na = nb;
+ nb = itmp;
+ ltmp = a;
+ a = b;
+ b = ltmp;
- }
- rr= &(r[na]);
- if (nb <= 0)
- {
- (void)bn_mul_words(r,a,na,0);
+ }
+ rr = &(r[na]);
+ if (nb <= 0) {
+ (void)bn_mul_words(r, a, na, 0);
return;
- }
- else
- rr[0]=bn_mul_words(r,a,na,b[0]);
-
- for (;;)
- {
- if (--nb <= 0) return;
- rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
- if (--nb <= 0) return;
- rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
- if (--nb <= 0) return;
- rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
- if (--nb <= 0) return;
- rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
- rr+=4;
- r+=4;
- b+=4;
- }
+ } else
+ rr[0] = bn_mul_words(r, a, na, b[0]);
+
+ for (;;) {
+ if (--nb <= 0)
+ return;
+ rr[1] = bn_mul_add_words(&(r[1]), a, na, b[1]);
+ if (--nb <= 0)
+ return;
+ rr[2] = bn_mul_add_words(&(r[2]), a, na, b[2]);
+ if (--nb <= 0)
+ return;
+ rr[3] = bn_mul_add_words(&(r[3]), a, na, b[3]);
+ if (--nb <= 0)
+ return;
+ rr[4] = bn_mul_add_words(&(r[4]), a, na, b[4]);
+ rr += 4;
+ r += 4;
+ b += 4;
}
+}
-void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
- {
+void
+bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+{
#ifdef BN_COUNT
- fprintf(stderr," bn_mul_low_normal %d * %d\n",n,n);
+ fprintf(stderr, " bn_mul_low_normal %d * %d\n", n, n);
#endif
- bn_mul_words(r,a,n,b[0]);
-
- for (;;)
- {
- if (--n <= 0) return;
- bn_mul_add_words(&(r[1]),a,n,b[1]);
- if (--n <= 0) return;
- bn_mul_add_words(&(r[2]),a,n,b[2]);
- if (--n <= 0) return;
- bn_mul_add_words(&(r[3]),a,n,b[3]);
- if (--n <= 0) return;
- bn_mul_add_words(&(r[4]),a,n,b[4]);
- r+=4;
- b+=4;
- }
+ bn_mul_words(r, a, n, b[0]);
+
+ for (;;) {
+ if (--n <= 0)
+ return;
+ bn_mul_add_words(&(r[1]), a, n, b[1]);
+ if (--n <= 0)
+ return;
+ bn_mul_add_words(&(r[2]), a, n, b[2]);
+ if (--n <= 0)
+ return;
+ bn_mul_add_words(&(r[3]), a, n, b[3]);
+ if (--n <= 0)
+ return;
+ bn_mul_add_words(&(r[4]), a, n, b[4]);
+ r += 4;
+ b += 4;
}
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#include "bn_prime.h"
static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
- const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont);
+ const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont);
static int probable_prime(BIGNUM *rnd, int bits);
static int probable_prime_dh(BIGNUM *rnd, int bits,
- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
+ const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
+ const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
-int BN_GENCB_call(BN_GENCB *cb, int a, int b)
- {
+int
+BN_GENCB_call(BN_GENCB *cb, int a, int b)
+{
/* No callback means continue */
- if(!cb) return 1;
- switch(cb->ver)
- {
+ if (!cb)
+ return 1;
+ switch (cb->ver) {
case 1:
/* Deprecated-style callbacks */
- if(!cb->cb.cb_1)
+ if (!cb->cb.cb_1)
return 1;
cb->cb.cb_1(a, b, cb->arg);
return 1;
return cb->cb.cb_2(a, b, cb);
default:
break;
- }
+ }
/* Unrecognised callback type */
return 0;
- }
+}
-int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
- const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
- {
+int
+BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+ const BIGNUM *rem, BN_GENCB *cb)
+{
BIGNUM *t;
- int found=0;
- int i,j,c1=0;
+ int found = 0;
+ int i, j, c1 = 0;
BN_CTX *ctx;
int checks = BN_prime_checks_for_size(bits);
- ctx=BN_CTX_new();
- if (ctx == NULL) goto err;
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
BN_CTX_start(ctx);
t = BN_CTX_get(ctx);
- if(!t) goto err;
-loop:
+ if (!t)
+ goto err;
+loop:
/* make a random number and set the top and bottom bits */
- if (add == NULL)
- {
- if (!probable_prime(ret,bits)) goto err;
- }
- else
- {
- if (safe)
- {
- if (!probable_prime_dh_safe(ret,bits,add,rem,ctx))
- goto err;
- }
- else
- {
- if (!probable_prime_dh(ret,bits,add,rem,ctx))
+ if (add == NULL) {
+ if (!probable_prime(ret, bits))
+ goto err;
+ } else {
+ if (safe) {
+ if (!probable_prime_dh_safe(ret, bits, add, rem, ctx))
+ goto err;
+ } else {
+ if (!probable_prime_dh(ret, bits, add, rem, ctx))
goto err;
- }
}
+ }
/* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */
- if(!BN_GENCB_call(cb, 0, c1++))
+ if (!BN_GENCB_call(cb, 0, c1++))
/* aborted */
goto err;
- if (!safe)
- {
- i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb);
- if (i == -1) goto err;
- if (i == 0) goto loop;
- }
- else
- {
+ if (!safe) {
+ i = BN_is_prime_fasttest_ex(ret, checks, ctx, 0, cb);
+ if (i == -1)
+ goto err;
+ if (i == 0)
+ goto loop;
+ } else {
/* for "safe prime" generation,
* check that (p-1)/2 is prime.
* Since a prime is odd, We just
* need to divide by 2 */
- if (!BN_rshift1(t,ret)) goto err;
+ if (!BN_rshift1(t, ret))
+ goto err;
- for (i=0; i<checks; i++)
- {
- j=BN_is_prime_fasttest_ex(ret,1,ctx,0,cb);
- if (j == -1) goto err;
- if (j == 0) goto loop;
+ for (i = 0; i < checks; i++) {
+ j = BN_is_prime_fasttest_ex(ret, 1, ctx, 0, cb);
+ if (j == -1)
+ goto err;
+ if (j == 0)
+ goto loop;
- j=BN_is_prime_fasttest_ex(t,1,ctx,0,cb);
- if (j == -1) goto err;
- if (j == 0) goto loop;
+ j = BN_is_prime_fasttest_ex(t, 1, ctx, 0, cb);
+ if (j == -1)
+ goto err;
+ if (j == 0)
+ goto loop;
- if(!BN_GENCB_call(cb, 2, c1-1))
+ if (!BN_GENCB_call(cb, 2, c1 - 1))
goto err;
/* We have a safe prime test pass */
- }
}
+ }
/* we have a prime :-) */
found = 1;
+
err:
- if (ctx != NULL)
- {
+ if (ctx != NULL) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
- }
+ }
bn_check_top(ret);
return found;
- }
+}
-int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb)
- {
+int
+BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb)
+{
return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);
- }
+}
-int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
- int do_trial_division, BN_GENCB *cb)
- {
+int
+BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
+ int do_trial_division, BN_GENCB *cb)
+{
int i, j, ret = -1;
int k;
BN_CTX *ctx = NULL;
if (BN_cmp(a, BN_value_one()) <= 0)
return 0;
-
+
if (checks == BN_prime_checks)
checks = BN_prime_checks_for_size(BN_num_bits(a));
if (!BN_is_odd(a))
/* a is even => a is prime if and only if a == 2 */
return BN_is_word(a, 2);
- if (do_trial_division)
- {
+ if (do_trial_division) {
for (i = 1; i < NUMPRIMES; i++)
- if (BN_mod_word(a, primes[i]) == 0)
+ if (BN_mod_word(a, primes[i]) == 0)
return 0;
- if(!BN_GENCB_call(cb, 1, -1))
+ if (!BN_GENCB_call(cb, 1, -1))
goto err;
- }
+ }
if (ctx_passed != NULL)
ctx = ctx_passed;
- else
- if ((ctx=BN_CTX_new()) == NULL)
- goto err;
+ else if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
BN_CTX_start(ctx);
/* A := abs(a) */
- if (a->neg)
- {
+ if (a->neg) {
BIGNUM *t;
- if ((t = BN_CTX_get(ctx)) == NULL) goto err;
+ if ((t = BN_CTX_get(ctx)) == NULL)
+ goto err;
BN_copy(t, a);
t->neg = 0;
A = t;
- }
- else
+ } else
A = a;
A1 = BN_CTX_get(ctx);
A1_odd = BN_CTX_get(ctx);
check = BN_CTX_get(ctx);
- if (check == NULL) goto err;
+ if (check == NULL)
+ goto err;
/* compute A1 := A - 1 */
if (!BN_copy(A1, A))
goto err;
if (!BN_sub_word(A1, 1))
goto err;
- if (BN_is_zero(A1))
- {
+ if (BN_is_zero(A1)) {
ret = 0;
goto err;
- }
+ }
/* write A1 as A1_odd * 2^k */
k = 1;
goto err;
if (!BN_MONT_CTX_set(mont, A, ctx))
goto err;
-
- for (i = 0; i < checks; i++)
- {
+
+ for (i = 0; i < checks; i++) {
if (!BN_pseudo_rand_range(check, A1))
goto err;
if (!BN_add_word(check, 1))
/* now 1 <= check < A */
j = witness(check, A, A1, A1_odd, k, ctx, mont);
- if (j == -1) goto err;
- if (j)
- {
- ret=0;
+ if (j == -1)
goto err;
- }
- if(!BN_GENCB_call(cb, 1, i))
+ if (j) {
+ ret = 0;
goto err;
}
- ret=1;
+ if (!BN_GENCB_call(cb, 1, i))
+ goto err;
+ }
+ ret = 1;
+
err:
- if (ctx != NULL)
- {
+ if (ctx != NULL) {
BN_CTX_end(ctx);
if (ctx_passed == NULL)
BN_CTX_free(ctx);
- }
+ }
if (mont != NULL)
BN_MONT_CTX_free(mont);
- return(ret);
- }
+ return (ret);
+}
-static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
- const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont)
- {
- if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */
+static int
+witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, const BIGNUM *a1_odd,
+ int k, BN_CTX *ctx, BN_MONT_CTX *mont)
+{
+ if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont))
+ /* w := w^a1_odd mod a */
return -1;
if (BN_is_one(w))
return 0; /* probably prime */
if (BN_cmp(w, a1) == 0)
return 0; /* w == -1 (mod a), 'a' is probably prime */
- while (--k)
- {
+ while (--k) {
if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */
return -1;
if (BN_is_one(w))
* have been == -1 (mod 'a') */
if (BN_cmp(w, a1) == 0)
return 0; /* w == -1 (mod a), 'a' is probably prime */
- }
+ }
/* If we get here, 'w' is the (a-1)/2-th power of the original 'w',
* and it is neither -1 nor +1 -- so 'a' cannot be prime */
bn_check_top(w);
return 1;
- }
+}
-static int probable_prime(BIGNUM *rnd, int bits)
- {
+static int
+probable_prime(BIGNUM *rnd, int bits)
+{
int i;
prime_t mods[NUMPRIMES];
- BN_ULONG delta,maxdelta;
+ BN_ULONG delta, maxdelta;
again:
- if (!BN_rand(rnd,bits,1,1)) return(0);
+ if (!BN_rand(rnd, bits, 1, 1))
+ return (0);
/* we now have a random number 'rand' to test. */
- for (i=1; i<NUMPRIMES; i++)
- mods[i]=(prime_t)BN_mod_word(rnd,(BN_ULONG)primes[i]);
- maxdelta=BN_MASK2 - primes[NUMPRIMES-1];
- delta=0;
- loop: for (i=1; i<NUMPRIMES; i++)
- {
+ for (i = 1; i < NUMPRIMES; i++)
+ mods[i] = (prime_t)BN_mod_word(rnd, (BN_ULONG)primes[i]);
+ maxdelta = BN_MASK2 - primes[NUMPRIMES - 1];
+ delta = 0;
+loop:
+ for (i = 1; i < NUMPRIMES; i++) {
/* check that rnd is not a prime and also
* that gcd(rnd-1,primes) == 1 (except for 2) */
- if (((mods[i]+delta)%primes[i]) <= 1)
- {
- delta+=2;
- if (delta > maxdelta) goto again;
+ if (((mods[i] + delta) % primes[i]) <= 1) {
+ delta += 2;
+ if (delta > maxdelta)
+ goto again;
goto loop;
- }
}
- if (!BN_add_word(rnd,delta)) return(0);
- bn_check_top(rnd);
- return(1);
}
-
-static int probable_prime_dh(BIGNUM *rnd, int bits,
- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx)
- {
- int i,ret=0;
+ if (!BN_add_word(rnd, delta))
+ return (0);
+ bn_check_top(rnd);
+ return (1);
+}
+
+static int
+probable_prime_dh(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem,
+ BN_CTX *ctx)
+{
+ int i, ret = 0;
BIGNUM *t1;
BN_CTX_start(ctx);
- if ((t1 = BN_CTX_get(ctx)) == NULL) goto err;
+ if ((t1 = BN_CTX_get(ctx)) == NULL)
+ goto err;
- if (!BN_rand(rnd,bits,0,1)) goto err;
+ if (!BN_rand(rnd, bits, 0, 1))
+ goto err;
/* we need ((rnd-rem) % add) == 0 */
- if (!BN_mod(t1,rnd,add,ctx)) goto err;
- if (!BN_sub(rnd,rnd,t1)) goto err;
- if (rem == NULL)
- { if (!BN_add_word(rnd,1)) goto err; }
- else
- { if (!BN_add(rnd,rnd,rem)) goto err; }
+ if (!BN_mod(t1, rnd, add, ctx))
+ goto err;
+ if (!BN_sub(rnd, rnd, t1))
+ goto err;
+ if (rem == NULL) {
+ if (!BN_add_word(rnd, 1))
+ goto err;
+ } else {
+ if (!BN_add(rnd, rnd, rem))
+ goto err;
+ }
/* we now have a random number 'rand' to test. */
- loop: for (i=1; i<NUMPRIMES; i++)
- {
+loop:
+ for (i = 1; i < NUMPRIMES; i++) {
/* check that rnd is a prime */
- if (BN_mod_word(rnd,(BN_ULONG)primes[i]) <= 1)
- {
- if (!BN_add(rnd,rnd,add)) goto err;
+ if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) {
+ if (!BN_add(rnd, rnd, add))
+ goto err;
goto loop;
- }
}
- ret=1;
+ }
+ ret = 1;
+
err:
BN_CTX_end(ctx);
bn_check_top(rnd);
- return(ret);
- }
+ return (ret);
+}
-static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
- const BIGNUM *rem, BN_CTX *ctx)
- {
- int i,ret=0;
- BIGNUM *t1,*qadd,*q;
+static int
+probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
+ const BIGNUM *rem, BN_CTX *ctx)
+{
+ int i, ret = 0;
+ BIGNUM *t1, *qadd, *q;
bits--;
BN_CTX_start(ctx);
t1 = BN_CTX_get(ctx);
q = BN_CTX_get(ctx);
qadd = BN_CTX_get(ctx);
- if (qadd == NULL) goto err;
+ if (qadd == NULL)
+ goto err;
+
+ if (!BN_rshift1(qadd, padd))
+ goto err;
- if (!BN_rshift1(qadd,padd)) goto err;
-
- if (!BN_rand(q,bits,0,1)) goto err;
+ if (!BN_rand(q, bits, 0, 1))
+ goto err;
/* we need ((rnd-rem) % add) == 0 */
- if (!BN_mod(t1,q,qadd,ctx)) goto err;
- if (!BN_sub(q,q,t1)) goto err;
- if (rem == NULL)
- { if (!BN_add_word(q,1)) goto err; }
- else
- {
- if (!BN_rshift1(t1,rem)) goto err;
- if (!BN_add(q,q,t1)) goto err;
- }
+ if (!BN_mod(t1, q,qadd, ctx))
+ goto err;
+ if (!BN_sub(q, q, t1))
+ goto err;
+ if (rem == NULL) {
+ if (!BN_add_word(q, 1))
+ goto err;
+ } else {
+ if (!BN_rshift1(t1, rem))
+ goto err;
+ if (!BN_add(q, q, t1))
+ goto err;
+ }
/* we now have a random number 'rand' to test. */
- if (!BN_lshift1(p,q)) goto err;
- if (!BN_add_word(p,1)) goto err;
+ if (!BN_lshift1(p, q))
+ goto err;
+ if (!BN_add_word(p, 1))
+ goto err;
- loop: for (i=1; i<NUMPRIMES; i++)
- {
+loop:
+ for (i = 1; i < NUMPRIMES; i++) {
/* check that p and q are prime */
/* check that for p and q
* gcd(p-1,primes) == 1 (except for 2) */
- if ( (BN_mod_word(p,(BN_ULONG)primes[i]) == 0) ||
- (BN_mod_word(q,(BN_ULONG)primes[i]) == 0))
- {
- if (!BN_add(p,p,padd)) goto err;
- if (!BN_add(q,q,qadd)) goto err;
+ if ((BN_mod_word(p, (BN_ULONG)primes[i]) == 0) ||
+ (BN_mod_word(q, (BN_ULONG)primes[i]) == 0)) {
+ if (!BN_add(p, p, padd))
+ goto err;
+ if (!BN_add(q, q, qadd))
+ goto err;
goto loop;
- }
}
- ret=1;
+ }
+ ret = 1;
+
err:
BN_CTX_end(ctx);
bn_check_top(p);
- return(ret);
- }
+ return (ret);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#define NUMPRIMES 2048
typedef unsigned short prime_t;
-static const prime_t primes[NUMPRIMES]=
- {
- 2, 3, 5, 7, 11, 13, 17, 19,
- 23, 29, 31, 37, 41, 43, 47, 53,
- 59, 61, 67, 71, 73, 79, 83, 89,
- 97, 101, 103, 107, 109, 113, 127, 131,
- 137, 139, 149, 151, 157, 163, 167, 173,
- 179, 181, 191, 193, 197, 199, 211, 223,
- 227, 229, 233, 239, 241, 251, 257, 263,
- 269, 271, 277, 281, 283, 293, 307, 311,
- 313, 317, 331, 337, 347, 349, 353, 359,
- 367, 373, 379, 383, 389, 397, 401, 409,
- 419, 421, 431, 433, 439, 443, 449, 457,
- 461, 463, 467, 479, 487, 491, 499, 503,
- 509, 521, 523, 541, 547, 557, 563, 569,
- 571, 577, 587, 593, 599, 601, 607, 613,
- 617, 619, 631, 641, 643, 647, 653, 659,
- 661, 673, 677, 683, 691, 701, 709, 719,
- 727, 733, 739, 743, 751, 757, 761, 769,
- 773, 787, 797, 809, 811, 821, 823, 827,
- 829, 839, 853, 857, 859, 863, 877, 881,
- 883, 887, 907, 911, 919, 929, 937, 941,
- 947, 953, 967, 971, 977, 983, 991, 997,
- 1009,1013,1019,1021,1031,1033,1039,1049,
- 1051,1061,1063,1069,1087,1091,1093,1097,
- 1103,1109,1117,1123,1129,1151,1153,1163,
- 1171,1181,1187,1193,1201,1213,1217,1223,
- 1229,1231,1237,1249,1259,1277,1279,1283,
- 1289,1291,1297,1301,1303,1307,1319,1321,
- 1327,1361,1367,1373,1381,1399,1409,1423,
- 1427,1429,1433,1439,1447,1451,1453,1459,
- 1471,1481,1483,1487,1489,1493,1499,1511,
- 1523,1531,1543,1549,1553,1559,1567,1571,
- 1579,1583,1597,1601,1607,1609,1613,1619,
- 1621,1627,1637,1657,1663,1667,1669,1693,
- 1697,1699,1709,1721,1723,1733,1741,1747,
- 1753,1759,1777,1783,1787,1789,1801,1811,
- 1823,1831,1847,1861,1867,1871,1873,1877,
- 1879,1889,1901,1907,1913,1931,1933,1949,
- 1951,1973,1979,1987,1993,1997,1999,2003,
- 2011,2017,2027,2029,2039,2053,2063,2069,
- 2081,2083,2087,2089,2099,2111,2113,2129,
- 2131,2137,2141,2143,2153,2161,2179,2203,
- 2207,2213,2221,2237,2239,2243,2251,2267,
- 2269,2273,2281,2287,2293,2297,2309,2311,
- 2333,2339,2341,2347,2351,2357,2371,2377,
- 2381,2383,2389,2393,2399,2411,2417,2423,
- 2437,2441,2447,2459,2467,2473,2477,2503,
- 2521,2531,2539,2543,2549,2551,2557,2579,
- 2591,2593,2609,2617,2621,2633,2647,2657,
- 2659,2663,2671,2677,2683,2687,2689,2693,
- 2699,2707,2711,2713,2719,2729,2731,2741,
- 2749,2753,2767,2777,2789,2791,2797,2801,
- 2803,2819,2833,2837,2843,2851,2857,2861,
- 2879,2887,2897,2903,2909,2917,2927,2939,
- 2953,2957,2963,2969,2971,2999,3001,3011,
- 3019,3023,3037,3041,3049,3061,3067,3079,
- 3083,3089,3109,3119,3121,3137,3163,3167,
- 3169,3181,3187,3191,3203,3209,3217,3221,
- 3229,3251,3253,3257,3259,3271,3299,3301,
- 3307,3313,3319,3323,3329,3331,3343,3347,
- 3359,3361,3371,3373,3389,3391,3407,3413,
- 3433,3449,3457,3461,3463,3467,3469,3491,
- 3499,3511,3517,3527,3529,3533,3539,3541,
- 3547,3557,3559,3571,3581,3583,3593,3607,
- 3613,3617,3623,3631,3637,3643,3659,3671,
- 3673,3677,3691,3697,3701,3709,3719,3727,
- 3733,3739,3761,3767,3769,3779,3793,3797,
- 3803,3821,3823,3833,3847,3851,3853,3863,
- 3877,3881,3889,3907,3911,3917,3919,3923,
- 3929,3931,3943,3947,3967,3989,4001,4003,
- 4007,4013,4019,4021,4027,4049,4051,4057,
- 4073,4079,4091,4093,4099,4111,4127,4129,
- 4133,4139,4153,4157,4159,4177,4201,4211,
- 4217,4219,4229,4231,4241,4243,4253,4259,
- 4261,4271,4273,4283,4289,4297,4327,4337,
- 4339,4349,4357,4363,4373,4391,4397,4409,
- 4421,4423,4441,4447,4451,4457,4463,4481,
- 4483,4493,4507,4513,4517,4519,4523,4547,
- 4549,4561,4567,4583,4591,4597,4603,4621,
- 4637,4639,4643,4649,4651,4657,4663,4673,
- 4679,4691,4703,4721,4723,4729,4733,4751,
- 4759,4783,4787,4789,4793,4799,4801,4813,
- 4817,4831,4861,4871,4877,4889,4903,4909,
- 4919,4931,4933,4937,4943,4951,4957,4967,
- 4969,4973,4987,4993,4999,5003,5009,5011,
- 5021,5023,5039,5051,5059,5077,5081,5087,
- 5099,5101,5107,5113,5119,5147,5153,5167,
- 5171,5179,5189,5197,5209,5227,5231,5233,
- 5237,5261,5273,5279,5281,5297,5303,5309,
- 5323,5333,5347,5351,5381,5387,5393,5399,
- 5407,5413,5417,5419,5431,5437,5441,5443,
- 5449,5471,5477,5479,5483,5501,5503,5507,
- 5519,5521,5527,5531,5557,5563,5569,5573,
- 5581,5591,5623,5639,5641,5647,5651,5653,
- 5657,5659,5669,5683,5689,5693,5701,5711,
- 5717,5737,5741,5743,5749,5779,5783,5791,
- 5801,5807,5813,5821,5827,5839,5843,5849,
- 5851,5857,5861,5867,5869,5879,5881,5897,
- 5903,5923,5927,5939,5953,5981,5987,6007,
- 6011,6029,6037,6043,6047,6053,6067,6073,
- 6079,6089,6091,6101,6113,6121,6131,6133,
- 6143,6151,6163,6173,6197,6199,6203,6211,
- 6217,6221,6229,6247,6257,6263,6269,6271,
- 6277,6287,6299,6301,6311,6317,6323,6329,
- 6337,6343,6353,6359,6361,6367,6373,6379,
- 6389,6397,6421,6427,6449,6451,6469,6473,
- 6481,6491,6521,6529,6547,6551,6553,6563,
- 6569,6571,6577,6581,6599,6607,6619,6637,
- 6653,6659,6661,6673,6679,6689,6691,6701,
- 6703,6709,6719,6733,6737,6761,6763,6779,
- 6781,6791,6793,6803,6823,6827,6829,6833,
- 6841,6857,6863,6869,6871,6883,6899,6907,
- 6911,6917,6947,6949,6959,6961,6967,6971,
- 6977,6983,6991,6997,7001,7013,7019,7027,
- 7039,7043,7057,7069,7079,7103,7109,7121,
- 7127,7129,7151,7159,7177,7187,7193,7207,
- 7211,7213,7219,7229,7237,7243,7247,7253,
- 7283,7297,7307,7309,7321,7331,7333,7349,
- 7351,7369,7393,7411,7417,7433,7451,7457,
- 7459,7477,7481,7487,7489,7499,7507,7517,
- 7523,7529,7537,7541,7547,7549,7559,7561,
- 7573,7577,7583,7589,7591,7603,7607,7621,
- 7639,7643,7649,7669,7673,7681,7687,7691,
- 7699,7703,7717,7723,7727,7741,7753,7757,
- 7759,7789,7793,7817,7823,7829,7841,7853,
- 7867,7873,7877,7879,7883,7901,7907,7919,
- 7927,7933,7937,7949,7951,7963,7993,8009,
- 8011,8017,8039,8053,8059,8069,8081,8087,
- 8089,8093,8101,8111,8117,8123,8147,8161,
- 8167,8171,8179,8191,8209,8219,8221,8231,
- 8233,8237,8243,8263,8269,8273,8287,8291,
- 8293,8297,8311,8317,8329,8353,8363,8369,
- 8377,8387,8389,8419,8423,8429,8431,8443,
- 8447,8461,8467,8501,8513,8521,8527,8537,
- 8539,8543,8563,8573,8581,8597,8599,8609,
- 8623,8627,8629,8641,8647,8663,8669,8677,
- 8681,8689,8693,8699,8707,8713,8719,8731,
- 8737,8741,8747,8753,8761,8779,8783,8803,
- 8807,8819,8821,8831,8837,8839,8849,8861,
- 8863,8867,8887,8893,8923,8929,8933,8941,
- 8951,8963,8969,8971,8999,9001,9007,9011,
- 9013,9029,9041,9043,9049,9059,9067,9091,
- 9103,9109,9127,9133,9137,9151,9157,9161,
- 9173,9181,9187,9199,9203,9209,9221,9227,
- 9239,9241,9257,9277,9281,9283,9293,9311,
- 9319,9323,9337,9341,9343,9349,9371,9377,
- 9391,9397,9403,9413,9419,9421,9431,9433,
- 9437,9439,9461,9463,9467,9473,9479,9491,
- 9497,9511,9521,9533,9539,9547,9551,9587,
- 9601,9613,9619,9623,9629,9631,9643,9649,
- 9661,9677,9679,9689,9697,9719,9721,9733,
- 9739,9743,9749,9767,9769,9781,9787,9791,
- 9803,9811,9817,9829,9833,9839,9851,9857,
- 9859,9871,9883,9887,9901,9907,9923,9929,
- 9931,9941,9949,9967,9973,10007,10009,10037,
- 10039,10061,10067,10069,10079,10091,10093,10099,
- 10103,10111,10133,10139,10141,10151,10159,10163,
- 10169,10177,10181,10193,10211,10223,10243,10247,
- 10253,10259,10267,10271,10273,10289,10301,10303,
- 10313,10321,10331,10333,10337,10343,10357,10369,
- 10391,10399,10427,10429,10433,10453,10457,10459,
- 10463,10477,10487,10499,10501,10513,10529,10531,
- 10559,10567,10589,10597,10601,10607,10613,10627,
- 10631,10639,10651,10657,10663,10667,10687,10691,
- 10709,10711,10723,10729,10733,10739,10753,10771,
- 10781,10789,10799,10831,10837,10847,10853,10859,
- 10861,10867,10883,10889,10891,10903,10909,10937,
- 10939,10949,10957,10973,10979,10987,10993,11003,
- 11027,11047,11057,11059,11069,11071,11083,11087,
- 11093,11113,11117,11119,11131,11149,11159,11161,
- 11171,11173,11177,11197,11213,11239,11243,11251,
- 11257,11261,11273,11279,11287,11299,11311,11317,
- 11321,11329,11351,11353,11369,11383,11393,11399,
- 11411,11423,11437,11443,11447,11467,11471,11483,
- 11489,11491,11497,11503,11519,11527,11549,11551,
- 11579,11587,11593,11597,11617,11621,11633,11657,
- 11677,11681,11689,11699,11701,11717,11719,11731,
- 11743,11777,11779,11783,11789,11801,11807,11813,
- 11821,11827,11831,11833,11839,11863,11867,11887,
- 11897,11903,11909,11923,11927,11933,11939,11941,
- 11953,11959,11969,11971,11981,11987,12007,12011,
- 12037,12041,12043,12049,12071,12073,12097,12101,
- 12107,12109,12113,12119,12143,12149,12157,12161,
- 12163,12197,12203,12211,12227,12239,12241,12251,
- 12253,12263,12269,12277,12281,12289,12301,12323,
- 12329,12343,12347,12373,12377,12379,12391,12401,
- 12409,12413,12421,12433,12437,12451,12457,12473,
- 12479,12487,12491,12497,12503,12511,12517,12527,
- 12539,12541,12547,12553,12569,12577,12583,12589,
- 12601,12611,12613,12619,12637,12641,12647,12653,
- 12659,12671,12689,12697,12703,12713,12721,12739,
- 12743,12757,12763,12781,12791,12799,12809,12821,
- 12823,12829,12841,12853,12889,12893,12899,12907,
- 12911,12917,12919,12923,12941,12953,12959,12967,
- 12973,12979,12983,13001,13003,13007,13009,13033,
- 13037,13043,13049,13063,13093,13099,13103,13109,
- 13121,13127,13147,13151,13159,13163,13171,13177,
- 13183,13187,13217,13219,13229,13241,13249,13259,
- 13267,13291,13297,13309,13313,13327,13331,13337,
- 13339,13367,13381,13397,13399,13411,13417,13421,
- 13441,13451,13457,13463,13469,13477,13487,13499,
- 13513,13523,13537,13553,13567,13577,13591,13597,
- 13613,13619,13627,13633,13649,13669,13679,13681,
- 13687,13691,13693,13697,13709,13711,13721,13723,
- 13729,13751,13757,13759,13763,13781,13789,13799,
- 13807,13829,13831,13841,13859,13873,13877,13879,
- 13883,13901,13903,13907,13913,13921,13931,13933,
- 13963,13967,13997,13999,14009,14011,14029,14033,
- 14051,14057,14071,14081,14083,14087,14107,14143,
- 14149,14153,14159,14173,14177,14197,14207,14221,
- 14243,14249,14251,14281,14293,14303,14321,14323,
- 14327,14341,14347,14369,14387,14389,14401,14407,
- 14411,14419,14423,14431,14437,14447,14449,14461,
- 14479,14489,14503,14519,14533,14537,14543,14549,
- 14551,14557,14561,14563,14591,14593,14621,14627,
- 14629,14633,14639,14653,14657,14669,14683,14699,
- 14713,14717,14723,14731,14737,14741,14747,14753,
- 14759,14767,14771,14779,14783,14797,14813,14821,
- 14827,14831,14843,14851,14867,14869,14879,14887,
- 14891,14897,14923,14929,14939,14947,14951,14957,
- 14969,14983,15013,15017,15031,15053,15061,15073,
- 15077,15083,15091,15101,15107,15121,15131,15137,
- 15139,15149,15161,15173,15187,15193,15199,15217,
- 15227,15233,15241,15259,15263,15269,15271,15277,
- 15287,15289,15299,15307,15313,15319,15329,15331,
- 15349,15359,15361,15373,15377,15383,15391,15401,
- 15413,15427,15439,15443,15451,15461,15467,15473,
- 15493,15497,15511,15527,15541,15551,15559,15569,
- 15581,15583,15601,15607,15619,15629,15641,15643,
- 15647,15649,15661,15667,15671,15679,15683,15727,
- 15731,15733,15737,15739,15749,15761,15767,15773,
- 15787,15791,15797,15803,15809,15817,15823,15859,
- 15877,15881,15887,15889,15901,15907,15913,15919,
- 15923,15937,15959,15971,15973,15991,16001,16007,
- 16033,16057,16061,16063,16067,16069,16073,16087,
- 16091,16097,16103,16111,16127,16139,16141,16183,
- 16187,16189,16193,16217,16223,16229,16231,16249,
- 16253,16267,16273,16301,16319,16333,16339,16349,
- 16361,16363,16369,16381,16411,16417,16421,16427,
- 16433,16447,16451,16453,16477,16481,16487,16493,
- 16519,16529,16547,16553,16561,16567,16573,16603,
- 16607,16619,16631,16633,16649,16651,16657,16661,
- 16673,16691,16693,16699,16703,16729,16741,16747,
- 16759,16763,16787,16811,16823,16829,16831,16843,
- 16871,16879,16883,16889,16901,16903,16921,16927,
- 16931,16937,16943,16963,16979,16981,16987,16993,
- 17011,17021,17027,17029,17033,17041,17047,17053,
- 17077,17093,17099,17107,17117,17123,17137,17159,
- 17167,17183,17189,17191,17203,17207,17209,17231,
- 17239,17257,17291,17293,17299,17317,17321,17327,
- 17333,17341,17351,17359,17377,17383,17387,17389,
- 17393,17401,17417,17419,17431,17443,17449,17467,
- 17471,17477,17483,17489,17491,17497,17509,17519,
- 17539,17551,17569,17573,17579,17581,17597,17599,
- 17609,17623,17627,17657,17659,17669,17681,17683,
- 17707,17713,17729,17737,17747,17749,17761,17783,
- 17789,17791,17807,17827,17837,17839,17851,17863,
- };
+static const prime_t primes[NUMPRIMES] = {
+ 2, 3, 5, 7, 11, 13, 17, 19,
+ 23, 29, 31, 37, 41, 43, 47, 53,
+ 59, 61, 67, 71, 73, 79, 83, 89,
+ 97, 101, 103, 107, 109, 113, 127, 131,
+ 137, 139, 149, 151, 157, 163, 167, 173,
+ 179, 181, 191, 193, 197, 199, 211, 223,
+ 227, 229, 233, 239, 241, 251, 257, 263,
+ 269, 271, 277, 281, 283, 293, 307, 311,
+ 313, 317, 331, 337, 347, 349, 353, 359,
+ 367, 373, 379, 383, 389, 397, 401, 409,
+ 419, 421, 431, 433, 439, 443, 449, 457,
+ 461, 463, 467, 479, 487, 491, 499, 503,
+ 509, 521, 523, 541, 547, 557, 563, 569,
+ 571, 577, 587, 593, 599, 601, 607, 613,
+ 617, 619, 631, 641, 643, 647, 653, 659,
+ 661, 673, 677, 683, 691, 701, 709, 719,
+ 727, 733, 739, 743, 751, 757, 761, 769,
+ 773, 787, 797, 809, 811, 821, 823, 827,
+ 829, 839, 853, 857, 859, 863, 877, 881,
+ 883, 887, 907, 911, 919, 929, 937, 941,
+ 947, 953, 967, 971, 977, 983, 991, 997,
+ 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049,
+ 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097,
+ 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163,
+ 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223,
+ 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283,
+ 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321,
+ 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423,
+ 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459,
+ 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511,
+ 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571,
+ 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619,
+ 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693,
+ 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747,
+ 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811,
+ 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877,
+ 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949,
+ 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003,
+ 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069,
+ 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129,
+ 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203,
+ 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267,
+ 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311,
+ 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377,
+ 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423,
+ 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503,
+ 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579,
+ 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657,
+ 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693,
+ 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741,
+ 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801,
+ 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861,
+ 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939,
+ 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011,
+ 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079,
+ 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167,
+ 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221,
+ 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301,
+ 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347,
+ 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413,
+ 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491,
+ 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541,
+ 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607,
+ 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671,
+ 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727,
+ 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797,
+ 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863,
+ 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923,
+ 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003,
+ 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057,
+ 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129,
+ 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211,
+ 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259,
+ 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337,
+ 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409,
+ 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481,
+ 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547,
+ 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621,
+ 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673,
+ 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751,
+ 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813,
+ 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909,
+ 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967,
+ 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011,
+ 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087,
+ 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167,
+ 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233,
+ 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309,
+ 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399,
+ 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443,
+ 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507,
+ 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573,
+ 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653,
+ 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711,
+ 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791,
+ 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849,
+ 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897,
+ 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007,
+ 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073,
+ 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133,
+ 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211,
+ 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271,
+ 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329,
+ 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379,
+ 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473,
+ 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563,
+ 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637,
+ 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701,
+ 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779,
+ 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833,
+ 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907,
+ 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971,
+ 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027,
+ 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121,
+ 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207,
+ 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253,
+ 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349,
+ 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457,
+ 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517,
+ 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561,
+ 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621,
+ 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691,
+ 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757,
+ 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853,
+ 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919,
+ 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009,
+ 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087,
+ 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161,
+ 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231,
+ 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291,
+ 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369,
+ 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443,
+ 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537,
+ 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609,
+ 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677,
+ 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731,
+ 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803,
+ 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861,
+ 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941,
+ 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011,
+ 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091,
+ 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161,
+ 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227,
+ 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311,
+ 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377,
+ 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433,
+ 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491,
+ 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587,
+ 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649,
+ 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733,
+ 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791,
+ 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857,
+ 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929,
+ 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037,
+ 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099,
+ 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163,
+ 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247,
+ 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303,
+ 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369,
+ 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459,
+ 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531,
+ 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627,
+ 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691,
+ 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771,
+ 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859,
+ 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937,
+ 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003,
+ 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087,
+ 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161,
+ 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251,
+ 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317,
+ 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399,
+ 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483,
+ 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551,
+ 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657,
+ 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731,
+ 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813,
+ 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887,
+ 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941,
+ 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011,
+ 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101,
+ 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161,
+ 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251,
+ 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323,
+ 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401,
+ 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473,
+ 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527,
+ 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589,
+ 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653,
+ 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739,
+ 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821,
+ 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907,
+ 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967,
+ 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033,
+ 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109,
+ 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177,
+ 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259,
+ 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337,
+ 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421,
+ 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499,
+ 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597,
+ 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681,
+ 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723,
+ 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799,
+ 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879,
+ 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933,
+ 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033,
+ 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143,
+ 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221,
+ 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323,
+ 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407,
+ 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461,
+ 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549,
+ 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627,
+ 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699,
+ 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753,
+ 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821,
+ 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887,
+ 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957,
+ 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073,
+ 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137,
+ 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217,
+ 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277,
+ 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331,
+ 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401,
+ 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473,
+ 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569,
+ 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643,
+ 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727,
+ 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773,
+ 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859,
+ 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919,
+ 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007,
+ 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087,
+ 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183,
+ 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249,
+ 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349,
+ 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427,
+ 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493,
+ 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603,
+ 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661,
+ 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747,
+ 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843,
+ 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927,
+ 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993,
+ 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053,
+ 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159,
+ 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231,
+ 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327,
+ 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389,
+ 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467,
+ 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519,
+ 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599,
+ 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683,
+ 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783,
+ 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863,
+};
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
static const char Hex[]="0123456789ABCDEF";
/* Must 'free' the returned data */
-char *BN_bn2hex(const BIGNUM *a)
- {
- int i,j,v,z=0;
+char *
+BN_bn2hex(const BIGNUM *a)
+{
+ int i, j, v, z = 0;
char *buf;
char *p;
- buf=(char *)malloc(a->top*BN_BYTES*2+2);
- if (buf == NULL)
- {
- BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);
+ buf = (char *)malloc(a->top * BN_BYTES * 2 + 2);
+ if (buf == NULL) {
+ BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
goto err;
- }
- p=buf;
- if (a->neg) *(p++)='-';
- if (BN_is_zero(a)) *(p++)='0';
- for (i=a->top-1; i >=0; i--)
- {
- for (j=BN_BITS2-8; j >= 0; j-=8)
- {
+ }
+ p = buf;
+ if (a->neg)
+ *(p++) = '-';
+ if (BN_is_zero(a))
+ *(p++) = '0';
+ for (i = a->top - 1; i >=0; i--) {
+ for (j = BN_BITS2 - 8; j >= 0; j -= 8) {
/* strip leading zeros */
- v=((int)(a->d[i]>>(long)j))&0xff;
- if (z || (v != 0))
- {
- *(p++)=Hex[v>>4];
- *(p++)=Hex[v&0x0f];
- z=1;
- }
+ v = ((int)(a->d[i] >> (long)j)) & 0xff;
+ if (z || (v != 0)) {
+ *(p++) = Hex[v >> 4];
+ *(p++) = Hex[v & 0x0f];
+ z = 1;
}
}
- *p='\0';
-err:
- return(buf);
}
+ *p = '\0';
+
+err:
+ return (buf);
+}
/* Must 'free' the returned data */
-char *BN_bn2dec(const BIGNUM *a)
- {
- int i=0,num, ok = 0;
- char *buf=NULL;
+char *
+BN_bn2dec(const BIGNUM *a)
+{
+ int i = 0, num, ok = 0;
+ char *buf = NULL;
char *p;
- BIGNUM *t=NULL;
- BN_ULONG *bn_data=NULL,*lp;
+ BIGNUM *t = NULL;
+ BN_ULONG *bn_data = NULL, *lp;
/* get an upper bound for the length of the decimal integer
* num <= (BN_num_bits(a) + 1) * log(2)
* <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error)
- * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
+ * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
*/
- i=BN_num_bits(a)*3;
- num=(i/10+i/1000+1)+1;
- bn_data=(BN_ULONG *)malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));
- buf=(char *)malloc(num+3);
- if ((buf == NULL) || (bn_data == NULL))
- {
- BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE);
+ i = BN_num_bits(a) * 3;
+ num = (i / 10 + i / 1000 + 1) + 1;
+ bn_data = (BN_ULONG *)malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG));
+ buf = (char *)malloc(num + 3);
+ if ((buf == NULL) || (bn_data == NULL)) {
+ BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if ((t = BN_dup(a)) == NULL)
goto err;
- }
- if ((t=BN_dup(a)) == NULL) goto err;
#define BUF_REMAIN (num+3 - (size_t)(p - buf))
- p=buf;
- lp=bn_data;
- if (BN_is_zero(t))
- {
- *(p++)='0';
- *(p++)='\0';
- }
- else
- {
+ p = buf;
+ lp = bn_data;
+ if (BN_is_zero(t)) {
+ *(p++) = '0';
+ *(p++) = '\0';
+ } else {
if (BN_is_negative(t))
*p++ = '-';
- i=0;
- while (!BN_is_zero(t))
- {
- *lp=BN_div_word(t,BN_DEC_CONV);
+ i = 0;
+ while (!BN_is_zero(t)) {
+ *lp = BN_div_word(t, BN_DEC_CONV);
lp++;
- }
+ }
lp--;
/* We now have a series of blocks, BN_DEC_NUM chars
* in length, where the last one needs truncation.
* The blocks need to be reversed in order. */
- snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
- while (*p) p++;
- while (lp != bn_data)
- {
+ snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp);
+ while (*p)
+ p++;
+ while (lp != bn_data) {
lp--;
- snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
- while (*p) p++;
- }
+ snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp);
+ while (*p)
+ p++;
}
+ }
ok = 1;
+
err:
- if (bn_data != NULL) free(bn_data);
- if (t != NULL) BN_free(t);
- if (!ok && buf)
- {
+ if (bn_data != NULL)
+ free(bn_data);
+ if (t != NULL)
+ BN_free(t);
+ if (!ok && buf) {
free(buf);
buf = NULL;
- }
-
- return(buf);
}
-int BN_hex2bn(BIGNUM **bn, const char *a)
- {
- BIGNUM *ret=NULL;
- BN_ULONG l=0;
- int neg=0,h,m,i,j,k,c;
+ return (buf);
+}
+
+int
+BN_hex2bn(BIGNUM **bn, const char *a)
+{
+ BIGNUM *ret = NULL;
+ BN_ULONG l = 0;
+ int neg = 0, h, m, i,j, k, c;
int num;
- if ((a == NULL) || (*a == '\0')) return(0);
+ if ((a == NULL) || (*a == '\0'))
+ return (0);
- if (*a == '-') { neg=1; a++; }
+ if (*a == '-') {
+ neg = 1;
+ a++;
+ }
- for (i=0; isxdigit((unsigned char) a[i]); i++)
+ for (i = 0; isxdigit((unsigned char)a[i]); i++)
;
- num=i+neg;
- if (bn == NULL) return(num);
+ num = i + neg;
+ if (bn == NULL)
+ return (num);
/* a is the start of the hex digits, and it is 'i' long */
- if (*bn == NULL)
- {
- if ((ret=BN_new()) == NULL) return(0);
- }
- else
- {
+ if (*bn == NULL) {
+ if ((ret = BN_new()) == NULL)
+ return (0);
+ } else {
ret= *bn;
BN_zero(ret);
- }
+ }
/* i is the number of hex digests; */
- if (bn_expand(ret,i*4) == NULL) goto err;
-
- j=i; /* least significant 'hex' */
- m=0;
- h=0;
- while (j > 0)
- {
- m=((BN_BYTES*2) <= j)?(BN_BYTES*2):j;
- l=0;
- for (;;)
- {
- c=a[j-m];
- if ((c >= '0') && (c <= '9')) k=c-'0';
- else if ((c >= 'a') && (c <= 'f')) k=c-'a'+10;
- else if ((c >= 'A') && (c <= 'F')) k=c-'A'+10;
- else k=0; /* paranoia */
- l=(l<<4)|k;
-
- if (--m <= 0)
- {
- ret->d[h++]=l;
+ if (bn_expand(ret, i * 4) == NULL)
+ goto err;
+
+ j = i; /* least significant 'hex' */
+ m = 0;
+ h = 0;
+ while (j > 0) {
+ m = ((BN_BYTES*2) <= j) ? (BN_BYTES * 2) : j;
+ l = 0;
+ for (;;) {
+ c = a[j - m];
+ if ((c >= '0') && (c <= '9'))
+ k = c - '0';
+ else if ((c >= 'a') && (c <= 'f'))
+ k = c - 'a' + 10;
+ else if ((c >= 'A') && (c <= 'F'))
+ k = c - 'A' + 10;
+ else
+ k = 0; /* paranoia */
+ l = (l << 4) | k;
+
+ if (--m <= 0) {
+ ret->d[h++] = l;
break;
- }
}
- j-=(BN_BYTES*2);
}
- ret->top=h;
+ j -= (BN_BYTES * 2);
+ }
+ ret->top = h;
bn_correct_top(ret);
- ret->neg=neg;
+ ret->neg = neg;
- *bn=ret;
+ *bn = ret;
bn_check_top(ret);
- return(num);
-err:
- if (*bn == NULL) BN_free(ret);
- return(0);
- }
+ return (num);
-int BN_dec2bn(BIGNUM **bn, const char *a)
- {
- BIGNUM *ret=NULL;
- BN_ULONG l=0;
- int neg=0,i,j;
+err:
+ if (*bn == NULL)
+ BN_free(ret);
+ return (0);
+}
+
+int
+BN_dec2bn(BIGNUM **bn, const char *a)
+{
+ BIGNUM *ret = NULL;
+ BN_ULONG l = 0;
+ int neg = 0, i, j;
int num;
- if ((a == NULL) || (*a == '\0')) return(0);
- if (*a == '-') { neg=1; a++; }
+ if ((a == NULL) || (*a == '\0'))
+ return (0);
+ if (*a == '-') {
+ neg = 1;
+ a++;
+ }
- for (i=0; isdigit((unsigned char) a[i]); i++)
+ for (i = 0; isdigit((unsigned char)a[i]); i++)
;
- num=i+neg;
- if (bn == NULL) return(num);
+ num = i + neg;
+ if (bn == NULL)
+ return (num);
/* a is the start of the digits, and it is 'i' long.
* We chop it into BN_DEC_NUM digits at a time */
- if (*bn == NULL)
- {
- if ((ret=BN_new()) == NULL) return(0);
- }
- else
- {
- ret= *bn;
+ if (*bn == NULL) {
+ if ((ret = BN_new()) == NULL)
+ return (0);
+ } else {
+ ret = *bn;
BN_zero(ret);
- }
+ }
/* i is the number of digests, a bit of an over expand; */
- if (bn_expand(ret,i*4) == NULL) goto err;
-
- j=BN_DEC_NUM-(i%BN_DEC_NUM);
- if (j == BN_DEC_NUM) j=0;
- l=0;
- while (*a)
- {
- l*=10;
- l+= *a-'0';
+ if (bn_expand(ret, i * 4) == NULL)
+ goto err;
+
+ j = BN_DEC_NUM - (i % BN_DEC_NUM);
+ if (j == BN_DEC_NUM)
+ j = 0;
+ l = 0;
+ while (*a) {
+ l *= 10;
+ l += *a - '0';
a++;
- if (++j == BN_DEC_NUM)
- {
- BN_mul_word(ret,BN_DEC_CONV);
- BN_add_word(ret,l);
- l=0;
- j=0;
- }
+ if (++j == BN_DEC_NUM) {
+ BN_mul_word(ret, BN_DEC_CONV);
+ BN_add_word(ret, l);
+ l = 0;
+ j = 0;
}
- ret->neg=neg;
+ }
+ ret->neg = neg;
bn_correct_top(ret);
- *bn=ret;
+ *bn = ret;
bn_check_top(ret);
- return(num);
+ return (num);
+
err:
- if (*bn == NULL) BN_free(ret);
- return(0);
- }
+ if (*bn == NULL)
+ BN_free(ret);
+ return (0);
+}
-int BN_asc2bn(BIGNUM **bn, const char *a)
- {
+int
+BN_asc2bn(BIGNUM **bn, const char *a)
+{
const char *p = a;
if (*p == '-')
p++;
- if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x'))
- {
+ if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x')) {
if (!BN_hex2bn(bn, p + 2))
return 0;
- }
- else
- {
+ } else {
if (!BN_dec2bn(bn, p))
return 0;
- }
+ }
if (*a == '-')
(*bn)->neg = 1;
return 1;
- }
+}
#ifndef OPENSSL_NO_BIO
#ifndef OPENSSL_NO_FP_API
-int BN_print_fp(FILE *fp, const BIGNUM *a)
- {
+int
+BN_print_fp(FILE *fp, const BIGNUM *a)
+{
BIO *b;
int ret;
- if ((b=BIO_new(BIO_s_file())) == NULL)
- return(0);
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=BN_print(b,a);
+ if ((b = BIO_new(BIO_s_file())) == NULL)
+ return (0);
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = BN_print(b, a);
BIO_free(b);
- return(ret);
- }
+ return (ret);
+}
#endif
-int BN_print(BIO *bp, const BIGNUM *a)
- {
- int i,j,v,z=0;
- int ret=0;
-
- if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end;
- if (BN_is_zero(a) && (BIO_write(bp,"0",1) != 1)) goto end;
- for (i=a->top-1; i >=0; i--)
- {
- for (j=BN_BITS2-4; j >= 0; j-=4)
- {
+int
+BN_print(BIO *bp, const BIGNUM *a)
+{
+ int i, j, v, z = 0;
+ int ret = 0;
+
+ if ((a->neg) && (BIO_write(bp, "-", 1) != 1))
+ goto end;
+ if (BN_is_zero(a) && (BIO_write(bp, "0", 1) != 1))
+ goto end;
+ for (i = a->top - 1; i >= 0; i--) {
+ for (j = BN_BITS2 - 4; j >= 0; j -= 4) {
/* strip leading zeros */
- v=((int)(a->d[i]>>(long)j))&0x0f;
- if (z || (v != 0))
- {
- if (BIO_write(bp,&(Hex[v]),1) != 1)
+ v = ((int)(a->d[i] >> (long)j)) & 0x0f;
+ if (z || (v != 0)) {
+ if (BIO_write(bp, &(Hex[v]), 1) != 1)
goto end;
- z=1;
- }
+ z = 1;
}
}
- ret=1;
-end:
- return(ret);
}
+ ret = 1;
+
+end:
+ return (ret);
+}
#endif
-char *BN_options(void)
- {
- static int init=0;
+char *
+BN_options(void)
+{
+ static int init = 0;
static char data[16];
- if (!init)
- {
+ if (!init) {
init++;
#ifdef BN_LLONG
- snprintf(data,sizeof data,"bn(%d,%d)",
- (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
+ snprintf(data,sizeof data, "bn(%d,%d)",
+ (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8);
#else
- snprintf(data,sizeof data,"bn(%d,%d)",
- (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
+ snprintf(data,sizeof data, "bn(%d,%d)",
+ (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8);
#endif
- }
- return(data);
}
+ return (data);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#include "bn_lcl.h"
#include <openssl/rand.h>
-static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
- {
- unsigned char *buf=NULL;
- int ret=0,bit,bytes,mask;
+static int
+bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
+{
+ unsigned char *buf = NULL;
+ int ret = 0, bit, bytes, mask;
- if (bits == 0)
- {
+ if (bits == 0) {
BN_zero(rnd);
return 1;
- }
+ }
- bytes=(bits+7)/8;
- bit=(bits-1)%8;
- mask=0xff<<(bit+1);
+ bytes = (bits + 7) / 8;
+ bit = (bits - 1) % 8;
+ mask = 0xff << (bit + 1);
- buf=(unsigned char *)malloc(bytes);
- if (buf == NULL)
- {
- BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE);
+ buf = (unsigned char *)malloc(bytes);
+ if (buf == NULL) {
+ BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE);
goto err;
- }
+ }
/* make a random number and set the top and bottom bits */
- if (pseudorand)
- {
+ if (pseudorand) {
if (RAND_pseudo_bytes(buf, bytes) == -1)
goto err;
- }
- else
- {
+ } else {
if (RAND_bytes(buf, bytes) <= 0)
goto err;
- }
+ }
#if 1
- if (pseudorand == 2)
- {
+ if (pseudorand == 2) {
/* generate patterns that are more likely to trigger BN
library bugs */
int i;
unsigned char c;
- for (i = 0; i < bytes; i++)
- {
+ for (i = 0; i < bytes; i++) {
RAND_pseudo_bytes(&c, 1);
if (c >= 128 && i > 0)
- buf[i] = buf[i-1];
+ buf[i] = buf[i - 1];
else if (c < 42)
buf[i] = 0;
else if (c < 84)
buf[i] = 255;
- }
}
+ }
#endif
- if (top != -1)
- {
- if (top)
- {
- if (bit == 0)
- {
- buf[0]=1;
- buf[1]|=0x80;
- }
- else
- {
- buf[0]|=(3<<(bit-1));
- }
- }
- else
- {
- buf[0]|=(1<<bit);
+ if (top != -1) {
+ if (top) {
+ if (bit == 0) {
+ buf[0] = 1;
+ buf[1] |= 0x80;
+ } else {
+ buf[0] |= (3 << (bit - 1));
}
+ } else {
+ buf[0] |= (1 << bit);
}
+ }
buf[0] &= ~mask;
if (bottom) /* set bottom bit if requested */
- buf[bytes-1]|=1;
- if (!BN_bin2bn(buf,bytes,rnd)) goto err;
- ret=1;
+ buf[bytes - 1] |= 1;
+ if (!BN_bin2bn(buf, bytes, rnd))
+ goto err;
+ ret = 1;
+
err:
- if (buf != NULL)
- {
- OPENSSL_cleanse(buf,bytes);
+ if (buf != NULL) {
+ OPENSSL_cleanse(buf, bytes);
free(buf);
- }
- bn_check_top(rnd);
- return(ret);
}
+ bn_check_top(rnd);
+ return (ret);
+}
-int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
- {
+int
+BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
return bnrand(0, rnd, bits, top, bottom);
- }
+}
-int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
- {
+int
+BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
return bnrand(1, rnd, bits, top, bottom);
- }
+}
#if 1
-int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
- {
+int
+BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
return bnrand(2, rnd, bits, top, bottom);
- }
+}
#endif
/* random number r: 0 <= r < range */
-static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
- {
+static int
+bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
+{
int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
int n;
int count = 100;
- if (range->neg || BN_is_zero(range))
- {
+ if (range->neg || BN_is_zero(range)) {
BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
return 0;
- }
+ }
n = BN_num_bits(range); /* n > 0 */
if (n == 1)
BN_zero(r);
- else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
- {
+ else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
/* range = 100..._2,
* so 3*range (= 11..._2) is exactly one bit longer than range */
- do
- {
- if (!bn_rand(r, n + 1, -1, 0)) return 0;
+ do {
+ if (!bn_rand(r, n + 1, -1, 0))
+ return 0;
/* If r < 3*range, use r := r MOD range
* (which is either r, r - range, or r - 2*range).
* Otherwise, iterate once more.
* Since 3*range = 11..._2, each iteration succeeds with
* probability >= .75. */
- if (BN_cmp(r ,range) >= 0)
- {
- if (!BN_sub(r, r, range)) return 0;
+ if (BN_cmp(r, range) >= 0) {
+ if (!BN_sub(r, r, range))
+ return 0;
if (BN_cmp(r, range) >= 0)
- if (!BN_sub(r, r, range)) return 0;
- }
+ if (!BN_sub(r, r, range))
+ return 0;
+ }
- if (!--count)
- {
- BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+ if (!--count) {
+ BNerr(BN_F_BN_RAND_RANGE,
+ BN_R_TOO_MANY_ITERATIONS);
return 0;
- }
-
}
- while (BN_cmp(r, range) >= 0);
- }
- else
- {
- do
- {
+
+ } while (BN_cmp(r, range) >= 0);
+ } else {
+ do {
/* range = 11..._2 or range = 101..._2 */
- if (!bn_rand(r, n, -1, 0)) return 0;
+ if (!bn_rand(r, n, -1, 0))
+ return 0;
- if (!--count)
- {
- BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+ if (!--count) {
+ BNerr(BN_F_BN_RAND_RANGE,
+ BN_R_TOO_MANY_ITERATIONS);
return 0;
- }
}
- while (BN_cmp(r, range) >= 0);
- }
+ } while (BN_cmp(r, range) >= 0);
+ }
bn_check_top(r);
return 1;
- }
-
+}
-int BN_rand_range(BIGNUM *r, const BIGNUM *range)
- {
+int
+BN_rand_range(BIGNUM *r, const BIGNUM *range)
+{
return bn_rand_range(0, r, range);
- }
+}
-int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
- {
+int
+BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
+{
return bn_rand_range(1, r, range);
- }
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#include "cryptlib.h"
#include "bn_lcl.h"
-void BN_RECP_CTX_init(BN_RECP_CTX *recp)
- {
+void
+BN_RECP_CTX_init(BN_RECP_CTX *recp)
+{
BN_init(&(recp->N));
BN_init(&(recp->Nr));
- recp->num_bits=0;
- recp->flags=0;
- }
+ recp->num_bits = 0;
+ recp->flags = 0;
+}
-BN_RECP_CTX *BN_RECP_CTX_new(void)
- {
+BN_RECP_CTX *
+BN_RECP_CTX_new(void)
+{
BN_RECP_CTX *ret;
- if ((ret=(BN_RECP_CTX *)malloc(sizeof(BN_RECP_CTX))) == NULL)
- return(NULL);
+ if ((ret = (BN_RECP_CTX *)malloc(sizeof(BN_RECP_CTX))) == NULL)
+ return (NULL);
BN_RECP_CTX_init(ret);
- ret->flags=BN_FLG_MALLOCED;
- return(ret);
- }
+ ret->flags = BN_FLG_MALLOCED;
+ return (ret);
+}
-void BN_RECP_CTX_free(BN_RECP_CTX *recp)
- {
- if(recp == NULL)
- return;
+void
+BN_RECP_CTX_free(BN_RECP_CTX *recp)
+{
+ if (recp == NULL)
+ return;
BN_free(&(recp->N));
BN_free(&(recp->Nr));
if (recp->flags & BN_FLG_MALLOCED)
free(recp);
- }
+}
-int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
- {
- if (!BN_copy(&(recp->N),d)) return 0;
+int
+BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
+{
+ if (!BN_copy(&(recp->N), d))
+ return 0;
BN_zero(&(recp->Nr));
- recp->num_bits=BN_num_bits(d);
- recp->shift=0;
- return(1);
- }
+ recp->num_bits = BN_num_bits(d);
+ recp->shift = 0;
+ return (1);
+}
-int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
- BN_RECP_CTX *recp, BN_CTX *ctx)
- {
- int ret=0;
+int
+BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+ BN_RECP_CTX *recp, BN_CTX *ctx)
+{
+ int ret = 0;
BIGNUM *a;
const BIGNUM *ca;
BN_CTX_start(ctx);
- if ((a = BN_CTX_get(ctx)) == NULL) goto err;
- if (y != NULL)
- {
- if (x == y)
- { if (!BN_sqr(a,x,ctx)) goto err; }
- else
- { if (!BN_mul(a,x,y,ctx)) goto err; }
- ca = a;
+ if ((a = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ if (y != NULL) {
+ if (x == y) {
+ if (!BN_sqr(a, x, ctx))
+ goto err;
+ } else {
+ if (!BN_mul(a, x, y, ctx))
+ goto err;
}
- else
- ca=x; /* Just do the mod */
+ ca = a;
+ } else
+ ca = x; /* Just do the mod */
+
+ ret = BN_div_recp(NULL, r, ca, recp, ctx);
- ret = BN_div_recp(NULL,r,ca,recp,ctx);
err:
BN_CTX_end(ctx);
bn_check_top(r);
- return(ret);
- }
+ return (ret);
+}
-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
- BN_RECP_CTX *recp, BN_CTX *ctx)
- {
- int i,j,ret=0;
- BIGNUM *a,*b,*d,*r;
+int
+BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
+ BN_CTX *ctx)
+{
+ int i, j, ret = 0;
+ BIGNUM *a, *b, *d, *r;
BN_CTX_start(ctx);
- a=BN_CTX_get(ctx);
- b=BN_CTX_get(ctx);
+ a = BN_CTX_get(ctx);
+ b = BN_CTX_get(ctx);
if (dv != NULL)
- d=dv;
+ d = dv;
else
- d=BN_CTX_get(ctx);
+ d = BN_CTX_get(ctx);
if (rem != NULL)
- r=rem;
+ r = rem;
else
- r=BN_CTX_get(ctx);
- if (a == NULL || b == NULL || d == NULL || r == NULL) goto err;
+ r = BN_CTX_get(ctx);
+ if (a == NULL || b == NULL || d == NULL || r == NULL)
+ goto err;
- if (BN_ucmp(m,&(recp->N)) < 0)
- {
+ if (BN_ucmp(m, &(recp->N)) < 0) {
BN_zero(d);
- if (!BN_copy(r,m)) return 0;
+ if (!BN_copy(r, m))
+ return 0;
BN_CTX_end(ctx);
- return(1);
- }
+ return (1);
+ }
/* We want the remainder
* Given input of ABCDEF / ab
*/
/* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
- i=BN_num_bits(m);
- j=recp->num_bits<<1;
- if (j>i) i=j;
+ i = BN_num_bits(m);
+ j = recp->num_bits << 1;
+ if (j > i)
+ i = j;
/* Nr := round(2^i / N) */
if (i != recp->shift)
- recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N),
- i,ctx); /* BN_reciprocal returns i, or -1 for an error */
- if (recp->shift == -1) goto err;
+ recp->shift = BN_reciprocal(&(recp->Nr), &(recp->N), i, ctx); /* BN_reciprocal returns i, or -1 for an error */
+ if (recp->shift == -1)
+ goto err;
/* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
* = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
* <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
* = |m/N|
*/
- if (!BN_rshift(a,m,recp->num_bits)) goto err;
- if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err;
- if (!BN_rshift(d,b,i-recp->num_bits)) goto err;
- d->neg=0;
+ if (!BN_rshift(a, m, recp->num_bits))
+ goto err;
+ if (!BN_mul(b, a,&(recp->Nr), ctx))
+ goto err;
+ if (!BN_rshift(d, b, i - recp->num_bits))
+ goto err;
+ d->neg = 0;
- if (!BN_mul(b,&(recp->N),d,ctx)) goto err;
- if (!BN_usub(r,m,b)) goto err;
- r->neg=0;
+ if (!BN_mul(b, &(recp->N), d, ctx))
+ goto err;
+ if (!BN_usub(r, m, b))
+ goto err;
+ r->neg = 0;
#if 1
- j=0;
- while (BN_ucmp(r,&(recp->N)) >= 0)
- {
- if (j++ > 2)
- {
- BNerr(BN_F_BN_DIV_RECP,BN_R_BAD_RECIPROCAL);
+ j = 0;
+ while (BN_ucmp(r, &(recp->N)) >= 0) {
+ if (j++ > 2) {
+ BNerr(BN_F_BN_DIV_RECP, BN_R_BAD_RECIPROCAL);
goto err;
- }
- if (!BN_usub(r,r,&(recp->N))) goto err;
- if (!BN_add_word(d,1)) goto err;
}
+ if (!BN_usub(r, r, &(recp->N)))
+ goto err;
+ if (!BN_add_word(d, 1))
+ goto err;
+ }
#endif
- r->neg=BN_is_zero(r)?0:m->neg;
- d->neg=m->neg^recp->N.neg;
- ret=1;
+ r->neg = BN_is_zero(r) ? 0 : m->neg;
+ d->neg = m->neg^recp->N.neg;
+ ret = 1;
+
err:
BN_CTX_end(ctx);
bn_check_top(dv);
bn_check_top(rem);
- return(ret);
- }
+ return (ret);
+}
/* len is the expected size of the result
* We actually calculate with an extra word of precision, so
* we can do faster division if the remainder is not required.
*/
/* r := 2^len / m */
-int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
- {
- int ret= -1;
+int
+BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
+{
+ int ret = -1;
BIGNUM *t;
BN_CTX_start(ctx);
- if((t = BN_CTX_get(ctx)) == NULL) goto err;
+ if ((t = BN_CTX_get(ctx)) == NULL)
+ goto err;
- if (!BN_set_bit(t,len)) goto err;
+ if (!BN_set_bit(t, len))
+ goto err;
- if (!BN_div(r,NULL,t,m,ctx)) goto err;
+ if (!BN_div(r, NULL, t,m, ctx))
+ goto err;
+
+ ret = len;
- ret=len;
err:
bn_check_top(r);
BN_CTX_end(ctx);
- return(ret);
- }
+ return (ret);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#include "cryptlib.h"
#include "bn_lcl.h"
-int BN_lshift1(BIGNUM *r, const BIGNUM *a)
- {
- register BN_ULONG *ap,*rp,t,c;
+int
+BN_lshift1(BIGNUM *r, const BIGNUM *a)
+{
+ register BN_ULONG *ap, *rp, t, c;
int i;
bn_check_top(r);
bn_check_top(a);
- if (r != a)
- {
- r->neg=a->neg;
- if (bn_wexpand(r,a->top+1) == NULL) return(0);
- r->top=a->top;
- }
- else
- {
- if (bn_wexpand(r,a->top+1) == NULL) return(0);
- }
- ap=a->d;
- rp=r->d;
- c=0;
- for (i=0; i<a->top; i++)
- {
+ if (r != a) {
+ r->neg = a->neg;
+ if (bn_wexpand(r, a->top + 1) == NULL)
+ return (0);
+ r->top = a->top;
+ } else {
+ if (bn_wexpand(r, a->top + 1) == NULL)
+ return (0);
+ }
+ ap = a->d;
+ rp = r->d;
+ c = 0;
+ for (i = 0; i < a->top; i++) {
t= *(ap++);
- *(rp++)=((t<<1)|c)&BN_MASK2;
- c=(t & BN_TBIT)?1:0;
- }
- if (c)
- {
- *rp=1;
+ *(rp++) = ((t << 1) | c) & BN_MASK2;
+ c = (t & BN_TBIT) ? 1 : 0;
+ }
+ if (c) {
+ *rp = 1;
r->top++;
- }
- bn_check_top(r);
- return(1);
}
+ bn_check_top(r);
+ return (1);
+}
-int BN_rshift1(BIGNUM *r, const BIGNUM *a)
- {
- BN_ULONG *ap,*rp,t,c;
- int i,j;
+int
+BN_rshift1(BIGNUM *r, const BIGNUM *a)
+{
+ BN_ULONG *ap, *rp, t, c;
+ int i, j;
bn_check_top(r);
bn_check_top(a);
- if (BN_is_zero(a))
- {
+ if (BN_is_zero(a)) {
BN_zero(r);
- return(1);
- }
+ return (1);
+ }
i = a->top;
- ap= a->d;
- j = i-(ap[i-1]==1);
- if (a != r)
- {
- if (bn_wexpand(r,j) == NULL) return(0);
- r->neg=a->neg;
- }
- rp=r->d;
- t=ap[--i];
- c=(t&1)?BN_TBIT:0;
- if (t>>=1) rp[i]=t;
- while (i>0)
- {
- t=ap[--i];
- rp[i]=((t>>1)&BN_MASK2)|c;
- c=(t&1)?BN_TBIT:0;
- }
- r->top=j;
- bn_check_top(r);
- return(1);
+ ap = a->d;
+ j = i - (ap[i - 1]==1);
+ if (a != r) {
+ if (bn_wexpand(r, j) == NULL)
+ return (0);
+ r->neg = a->neg;
}
+ rp = r->d;
+ t = ap[--i];
+ c = (t & 1) ? BN_TBIT : 0;
+ if (t >>= 1)
+ rp[i] = t;
+ while (i > 0) {
+ t = ap[--i];
+ rp[i] = ((t >> 1) & BN_MASK2) | c;
+ c = (t & 1) ? BN_TBIT : 0;
+ }
+ r->top = j;
+ bn_check_top(r);
+ return (1);
+}
-int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
- {
- int i,nw,lb,rb;
- BN_ULONG *t,*f;
+int
+BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
+{
+ int i, nw, lb, rb;
+ BN_ULONG *t, *f;
BN_ULONG l;
bn_check_top(r);
bn_check_top(a);
- r->neg=a->neg;
- nw=n/BN_BITS2;
- if (bn_wexpand(r,a->top+nw+1) == NULL) return(0);
- lb=n%BN_BITS2;
- rb=BN_BITS2-lb;
- f=a->d;
- t=r->d;
- t[a->top+nw]=0;
+ r->neg = a->neg;
+ nw = n / BN_BITS2;
+ if (bn_wexpand(r, a->top + nw + 1) == NULL)
+ return (0);
+ lb = n % BN_BITS2;
+ rb = BN_BITS2 - lb;
+ f = a->d;
+ t = r->d;
+ t[a->top + nw] = 0;
if (lb == 0)
- for (i=a->top-1; i>=0; i--)
- t[nw+i]=f[i];
+ for (i = a->top - 1; i >= 0; i--)
+ t[nw + i] = f[i];
else
- for (i=a->top-1; i>=0; i--)
- {
- l=f[i];
- t[nw+i+1]|=(l>>rb)&BN_MASK2;
- t[nw+i]=(l<<lb)&BN_MASK2;
- }
- memset(t,0,nw*sizeof(t[0]));
+ for (i = a->top - 1; i >= 0; i--) {
+ l = f[i];
+ t[nw + i + 1] |= (l >> rb) & BN_MASK2;
+ t[nw + i] = (l << lb) & BN_MASK2;
+ }
+ memset(t, 0, nw * sizeof(t[0]));
/* for (i=0; i<nw; i++)
t[i]=0;*/
- r->top=a->top+nw+1;
+ r->top = a->top + nw + 1;
bn_correct_top(r);
bn_check_top(r);
- return(1);
- }
+ return (1);
+}
-int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
- {
- int i,j,nw,lb,rb;
- BN_ULONG *t,*f;
- BN_ULONG l,tmp;
+int
+BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
+{
+ int i, j, nw, lb, rb;
+ BN_ULONG *t, *f;
+ BN_ULONG l, tmp;
bn_check_top(r);
bn_check_top(a);
- nw=n/BN_BITS2;
- rb=n%BN_BITS2;
- lb=BN_BITS2-rb;
- if (nw >= a->top || a->top == 0)
- {
+ nw = n / BN_BITS2;
+ rb = n % BN_BITS2;
+ lb = BN_BITS2 - rb;
+ if (nw >= a->top || a->top == 0) {
BN_zero(r);
- return(1);
- }
- i = (BN_num_bits(a)-n+(BN_BITS2-1))/BN_BITS2;
- if (r != a)
- {
- r->neg=a->neg;
- if (bn_wexpand(r,i) == NULL) return(0);
- }
- else
- {
+ return (1);
+ }
+ i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2;
+ if (r != a) {
+ r->neg = a->neg;
+ if (bn_wexpand(r, i) == NULL)
+ return (0);
+ } else {
if (n == 0)
return 1; /* or the copying loop will go berserk */
- }
+ }
- f= &(a->d[nw]);
- t=r->d;
- j=a->top-nw;
- r->top=i;
+ f = &(a->d[nw]);
+ t = r->d;
+ j = a->top - nw;
+ r->top = i;
- if (rb == 0)
- {
- for (i=j; i != 0; i--)
- *(t++)= *(f++);
+ if (rb == 0) {
+ for (i = j; i != 0; i--)
+ *(t++) = *(f++);
+ } else {
+ l = *(f++);
+ for (i = j - 1; i != 0; i--) {
+ tmp = (l >> rb) & BN_MASK2;
+ l = *(f++);
+ *(t++) = (tmp|(l << lb)) & BN_MASK2;
}
- else
- {
- l= *(f++);
- for (i=j-1; i != 0; i--)
- {
- tmp =(l>>rb)&BN_MASK2;
- l= *(f++);
- *(t++) =(tmp|(l<<lb))&BN_MASK2;
- }
- if ((l = (l>>rb)&BN_MASK2)) *(t) = l;
- }
- bn_check_top(r);
- return(1);
+ if ((l = (l >> rb) & BN_MASK2))
+ *(t) = l;
}
+ bn_check_top(r);
+ return (1);
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
/* r must not be a */
/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */
-int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
- {
- int max,al;
+int
+BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+{
+ int max, al;
int ret = 0;
- BIGNUM *tmp,*rr;
+ BIGNUM *tmp, *rr;
#ifdef BN_COUNT
- fprintf(stderr,"BN_sqr %d * %d\n",a->top,a->top);
+ fprintf(stderr, "BN_sqr %d * %d\n", a->top, a->top);
#endif
bn_check_top(a);
- al=a->top;
- if (al <= 0)
- {
- r->top=0;
+ al = a->top;
+ if (al <= 0) {
+ r->top = 0;
return 1;
- }
+ }
BN_CTX_start(ctx);
- rr=(a != r) ? r : BN_CTX_get(ctx);
- tmp=BN_CTX_get(ctx);
- if (!rr || !tmp) goto err;
+ rr = (a != r) ? r : BN_CTX_get(ctx);
+ tmp = BN_CTX_get(ctx);
+ if (!rr || !tmp)
+ goto err;
max = 2 * al; /* Non-zero (from above) */
- if (bn_wexpand(rr,max) == NULL) goto err;
+ if (bn_wexpand(rr, max) == NULL)
+ goto err;
- if (al == 4)
- {
+ if (al == 4) {
#ifndef BN_SQR_COMBA
BN_ULONG t[8];
- bn_sqr_normal(rr->d,a->d,4,t);
+ bn_sqr_normal(rr->d, a->d, 4, t);
#else
- bn_sqr_comba4(rr->d,a->d);
+ bn_sqr_comba4(rr->d, a->d);
#endif
- }
- else if (al == 8)
- {
+ } else if (al == 8) {
#ifndef BN_SQR_COMBA
BN_ULONG t[16];
- bn_sqr_normal(rr->d,a->d,8,t);
+ bn_sqr_normal(rr->d, a->d, 8, t);
#else
- bn_sqr_comba8(rr->d,a->d);
+ bn_sqr_comba8(rr->d, a->d);
#endif
- }
- else
- {
+ } else {
#if defined(BN_RECURSION)
- if (al < BN_SQR_RECURSIVE_SIZE_NORMAL)
- {
+ if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) {
BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2];
- bn_sqr_normal(rr->d,a->d,al,t);
- }
- else
- {
- int j,k;
+ bn_sqr_normal(rr->d, a->d, al, t);
+ } else {
+ int j, k;
- j=BN_num_bits_word((BN_ULONG)al);
- j=1<<(j-1);
- k=j+j;
- if (al == j)
- {
- if (bn_wexpand(tmp,k*2) == NULL) goto err;
- bn_sqr_recursive(rr->d,a->d,al,tmp->d);
- }
- else
- {
- if (bn_wexpand(tmp,max) == NULL) goto err;
- bn_sqr_normal(rr->d,a->d,al,tmp->d);
- }
+ j = BN_num_bits_word((BN_ULONG)al);
+ j = 1 << (j - 1);
+ k = j + j;
+ if (al == j) {
+ if (bn_wexpand(tmp, k * 2) == NULL)
+ goto err;
+ bn_sqr_recursive(rr->d, a->d, al, tmp->d);
+ } else {
+ if (bn_wexpand(tmp, max) == NULL)
+ goto err;
+ bn_sqr_normal(rr->d, a->d, al, tmp->d);
}
+ }
#else
- if (bn_wexpand(tmp,max) == NULL) goto err;
- bn_sqr_normal(rr->d,a->d,al,tmp->d);
+ if (bn_wexpand(tmp, max) == NULL)
+ goto err;
+ bn_sqr_normal(rr->d, a->d, al, tmp->d);
#endif
- }
+ }
- rr->neg=0;
+ rr->neg = 0;
/* If the most-significant half of the top word of 'a' is zero, then
* the square of 'a' will max-1 words. */
- if(a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
+ if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
rr->top = max - 1;
else
rr->top = max;
- if (rr != r) BN_copy(r,rr);
+ if (rr != r)
+ BN_copy(r, rr);
ret = 1;
- err:
+
+err:
bn_check_top(rr);
bn_check_top(tmp);
BN_CTX_end(ctx);
- return(ret);
- }
+ return (ret);
+}
/* tmp must have 2*n words */
-void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
- {
- int i,j,max;
+void
+bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
+{
+ int i, j, max;
const BN_ULONG *ap;
BN_ULONG *rp;
- max=n*2;
- ap=a;
- rp=r;
- rp[0]=rp[max-1]=0;
+ max = n * 2;
+ ap = a;
+ rp = r;
+ rp[0] = rp[max - 1] = 0;
rp++;
- j=n;
+ j = n;
- if (--j > 0)
- {
+ if (--j > 0) {
ap++;
- rp[j]=bn_mul_words(rp,ap,j,ap[-1]);
- rp+=2;
- }
+ rp[j] = bn_mul_words(rp, ap, j, ap[-1]);
+ rp += 2;
+ }
- for (i=n-2; i>0; i--)
- {
+ for (i = n - 2; i > 0; i--) {
j--;
ap++;
- rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]);
- rp+=2;
- }
+ rp[j] = bn_mul_add_words(rp, ap, j, ap[-1]);
+ rp += 2;
+ }
- bn_add_words(r,r,r,max);
+ bn_add_words(r, r, r, max);
/* There will not be a carry */
- bn_sqr_words(tmp,a,n);
+ bn_sqr_words(tmp, a, n);
- bn_add_words(r,r,tmp,max);
- }
+ bn_add_words(r, r, tmp, max);
+}
#ifdef BN_RECURSION
/* r is 2*n words in size,
* a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
* a[1]*b[1]
*/
-void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
- {
- int n=n2/2;
- int zero,c1;
- BN_ULONG ln,lo,*p;
+void
+bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
+{
+ int n = n2 / 2;
+ int zero, c1;
+ BN_ULONG ln, lo, *p;
#ifdef BN_COUNT
- fprintf(stderr," bn_sqr_recursive %d * %d\n",n2,n2);
+ fprintf(stderr, " bn_sqr_recursive %d * %d\n", n2, n2);
#endif
- if (n2 == 4)
- {
+ if (n2 == 4) {
#ifndef BN_SQR_COMBA
- bn_sqr_normal(r,a,4,t);
+ bn_sqr_normal(r, a, 4, t);
#else
- bn_sqr_comba4(r,a);
+ bn_sqr_comba4(r, a);
#endif
return;
- }
- else if (n2 == 8)
- {
+ } else if (n2 == 8) {
#ifndef BN_SQR_COMBA
- bn_sqr_normal(r,a,8,t);
+ bn_sqr_normal(r, a, 8, t);
#else
- bn_sqr_comba8(r,a);
+ bn_sqr_comba8(r, a);
#endif
return;
- }
- if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL)
- {
- bn_sqr_normal(r,a,n2,t);
+ }
+ if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) {
+ bn_sqr_normal(r, a, n2, t);
return;
- }
+ }
/* r=(a[0]-a[1])*(a[1]-a[0]) */
- c1=bn_cmp_words(a,&(a[n]),n);
- zero=0;
+ c1 = bn_cmp_words(a, &(a[n]), n);
+ zero = 0;
if (c1 > 0)
- bn_sub_words(t,a,&(a[n]),n);
+ bn_sub_words(t, a, &(a[n]), n);
else if (c1 < 0)
- bn_sub_words(t,&(a[n]),a,n);
+ bn_sub_words(t, &(a[n]), a, n);
else
- zero=1;
+ zero = 1;
/* The result will always be negative unless it is zero */
- p= &(t[n2*2]);
+ p = &(t[n2*2]);
if (!zero)
- bn_sqr_recursive(&(t[n2]),t,n,p);
+ bn_sqr_recursive(&(t[n2]), t, n, p);
else
- memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
- bn_sqr_recursive(r,a,n,p);
- bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
+ memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
+ bn_sqr_recursive(r, a, n, p);
+ bn_sqr_recursive(&(r[n2]), &(a[n]), n, p);
/* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
* r[10] holds (a[0]*b[0])
* r[32] holds (b[1]*b[1])
*/
- c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+ c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
/* t[32] is negative */
- c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
+ c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
/* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
* r[10] holds (a[0]*a[0])
* r[32] holds (a[1]*a[1])
* c1 holds the carry bits
*/
- c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
- if (c1)
- {
- p= &(r[n+n2]);
+ c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+ if (c1) {
+ p = &(r[n + n2]);
lo= *p;
- ln=(lo+c1)&BN_MASK2;
- *p=ln;
+ ln = (lo + c1) & BN_MASK2;
+ *p = ln;
/* The overflow will stop before we over write
* words we should not overwrite */
- if (ln < (BN_ULONG)c1)
- {
- do {
+ if (ln < (BN_ULONG)c1) {
+ do {
p++;
lo= *p;
- ln=(lo+1)&BN_MASK2;
- *p=ln;
- } while (ln == 0);
- }
+ ln = (lo + 1) & BN_MASK2;
+ *p = ln;
+ } while (ln == 0);
}
}
+}
#endif
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#include "bn_lcl.h"
-BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+BIGNUM *
+BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
/* Returns 'ret' such that
* ret^2 == a (mod p),
* using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course
* in Algebraic Computational Number Theory", algorithm 1.5.1).
* 'p' must be prime!
*/
- {
+{
BIGNUM *ret = in;
int err = 1;
int r;
BIGNUM *A, *b, *q, *t, *x, *y;
int e, i, j;
-
- if (!BN_is_odd(p) || BN_abs_is_word(p, 1))
- {
- if (BN_abs_is_word(p, 2))
- {
+
+ if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) {
+ if (BN_abs_is_word(p, 2)) {
if (ret == NULL)
ret = BN_new();
if (ret == NULL)
goto end;
- if (!BN_set_word(ret, BN_is_bit_set(a, 0)))
- {
+ if (!BN_set_word(ret, BN_is_bit_set(a, 0))) {
if (ret != in)
BN_free(ret);
return NULL;
- }
+ }
bn_check_top(ret);
return ret;
- }
+ }
BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
- return(NULL);
- }
+ return (NULL);
+ }
- if (BN_is_zero(a) || BN_is_one(a))
- {
+ if (BN_is_zero(a) || BN_is_one(a)) {
if (ret == NULL)
ret = BN_new();
if (ret == NULL)
goto end;
- if (!BN_set_word(ret, BN_is_one(a)))
- {
+ if (!BN_set_word(ret, BN_is_one(a))) {
if (ret != in)
BN_free(ret);
return NULL;
- }
+ }
bn_check_top(ret);
return ret;
- }
+ }
BN_CTX_start(ctx);
A = BN_CTX_get(ctx);
t = BN_CTX_get(ctx);
x = BN_CTX_get(ctx);
y = BN_CTX_get(ctx);
- if (y == NULL) goto end;
-
+ if (y == NULL)
+ goto end;
+
if (ret == NULL)
ret = BN_new();
- if (ret == NULL) goto end;
+ if (ret == NULL)
+ goto end;
/* A = a mod p */
- if (!BN_nnmod(A, a, p, ctx)) goto end;
+ if (!BN_nnmod(A, a, p, ctx))
+ goto end;
/* now write |p| - 1 as 2^e*q where q is odd */
e = 1;
e++;
/* we'll set q later (if needed) */
- if (e == 1)
- {
+ if (e == 1) {
/* The easy case: (|p|-1)/2 is odd, so 2 has an inverse
* modulo (|p|-1)/2, and square roots can be computed
* directly by modular exponentiation.
* 2 * (|p|+1)/4 == 1 (mod (|p|-1)/2),
* so we can use exponent (|p|+1)/4, i.e. (|p|-3)/4 + 1.
*/
- if (!BN_rshift(q, p, 2)) goto end;
+ if (!BN_rshift(q, p, 2))
+ goto end;
q->neg = 0;
- if (!BN_add_word(q, 1)) goto end;
- if (!BN_mod_exp(ret, A, q, p, ctx)) goto end;
+ if (!BN_add_word(q, 1))
+ goto end;
+ if (!BN_mod_exp(ret, A, q, p, ctx))
+ goto end;
err = 0;
goto vrfy;
- }
-
- if (e == 2)
- {
+ }
+
+ if (e == 2) {
/* |p| == 5 (mod 8)
*
* In this case 2 is always a non-square since
* = a*(-i)*i
* = a.
*
- * (This is due to A.O.L. Atkin,
+ * (This is due to A.O.L. Atkin,
* <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
* November 1992.)
*/
/* t := 2*a */
- if (!BN_mod_lshift1_quick(t, A, p)) goto end;
+ if (!BN_mod_lshift1_quick(t, A, p))
+ goto end;
/* b := (2*a)^((|p|-5)/8) */
- if (!BN_rshift(q, p, 3)) goto end;
+ if (!BN_rshift(q, p, 3))
+ goto end;
q->neg = 0;
- if (!BN_mod_exp(b, t, q, p, ctx)) goto end;
+ if (!BN_mod_exp(b, t, q, p, ctx))
+ goto end;
/* y := b^2 */
- if (!BN_mod_sqr(y, b, p, ctx)) goto end;
+ if (!BN_mod_sqr(y, b, p, ctx))
+ goto end;
/* t := (2*a)*b^2 - 1*/
- if (!BN_mod_mul(t, t, y, p, ctx)) goto end;
- if (!BN_sub_word(t, 1)) goto end;
+ if (!BN_mod_mul(t, t, y, p, ctx))
+ goto end;
+ if (!BN_sub_word(t, 1))
+ goto end;
/* x = a*b*t */
- if (!BN_mod_mul(x, A, b, p, ctx)) goto end;
- if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
+ if (!BN_mod_mul(x, A, b, p, ctx))
+ goto end;
+ if (!BN_mod_mul(x, x, t, p, ctx))
+ goto end;
- if (!BN_copy(ret, x)) goto end;
+ if (!BN_copy(ret, x))
+ goto end;
err = 0;
goto vrfy;
- }
-
+ }
+
/* e > 2, so we really have to use the Tonelli/Shanks algorithm.
* First, find some y that is not a square. */
if (!BN_copy(q, p)) goto end; /* use 'q' as temp */
- q->neg = 0;
+ q->neg = 0;
i = 2;
- do
- {
+ do {
/* For efficiency, try small numbers first;
* if this fails, try random numbers.
*/
- if (i < 22)
- {
- if (!BN_set_word(y, i)) goto end;
+ if (i < 22) {
+ if (!BN_set_word(y, i))
+ goto end;
+ } else {
+ if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0))
+ goto end;
+ if (BN_ucmp(y, p) >= 0) {
+ if (!(p->neg ? BN_add : BN_sub)(y, y, p))
+ goto end;
}
- else
- {
- if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) goto end;
- if (BN_ucmp(y, p) >= 0)
- {
- if (!(p->neg ? BN_add : BN_sub)(y, y, p)) goto end;
- }
/* now 0 <= y < |p| */
if (BN_is_zero(y))
- if (!BN_set_word(y, i)) goto end;
- }
-
+ if (!BN_set_word(y, i))
+ goto end;
+ }
+
r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
- if (r < -1) goto end;
- if (r == 0)
- {
+ if (r < -1)
+ goto end;
+ if (r == 0) {
/* m divides p */
BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
goto end;
- }
}
+ }
while (r == 1 && ++i < 82);
-
- if (r != -1)
- {
+
+ if (r != -1) {
/* Many rounds and still no non-square -- this is more likely
* a bug than just bad luck.
* Even if p is not prime, we should have found some y
*/
BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
goto end;
- }
+ }
/* Here's our actual 'q': */
- if (!BN_rshift(q, q, e)) goto end;
+ if (!BN_rshift(q, q, e))
+ goto end;
/* Now that we have some non-square, we can find an element
* of order 2^e by computing its q'th power. */
- if (!BN_mod_exp(y, y, q, p, ctx)) goto end;
- if (BN_is_one(y))
- {
+ if (!BN_mod_exp(y, y, q, p, ctx))
+ goto end;
+ if (BN_is_one(y)) {
BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
goto end;
- }
+ }
/* Now we know that (if p is indeed prime) there is an integer
* k, 0 <= k < 2^e, such that
*
* so it is the square root that we are looking for.
*/
-
+
/* t := (q-1)/2 (note that q is odd) */
- if (!BN_rshift1(t, q)) goto end;
-
+ if (!BN_rshift1(t, q))
+ goto end;
+
/* x := a^((q-1)/2) */
if (BN_is_zero(t)) /* special case: p = 2^e + 1 */
- {
- if (!BN_nnmod(t, A, p, ctx)) goto end;
- if (BN_is_zero(t))
- {
+ {
+ if (!BN_nnmod(t, A, p, ctx))
+ goto end;
+ if (BN_is_zero(t)) {
/* special case: a == 0 (mod p) */
BN_zero(ret);
err = 0;
goto end;
- }
- else
- if (!BN_one(x)) goto end;
- }
- else
- {
- if (!BN_mod_exp(x, A, t, p, ctx)) goto end;
- if (BN_is_zero(x))
- {
+ } else if (!BN_one(x))
+ goto end;
+ } else {
+ if (!BN_mod_exp(x, A, t, p, ctx))
+ goto end;
+ if (BN_is_zero(x)) {
/* special case: a == 0 (mod p) */
BN_zero(ret);
err = 0;
goto end;
- }
}
+ }
/* b := a*x^2 (= a^q) */
- if (!BN_mod_sqr(b, x, p, ctx)) goto end;
- if (!BN_mod_mul(b, b, A, p, ctx)) goto end;
-
+ if (!BN_mod_sqr(b, x, p, ctx))
+ goto end;
+ if (!BN_mod_mul(b, b, A, p, ctx))
+ goto end;
+
/* x := a*x (= a^((q+1)/2)) */
- if (!BN_mod_mul(x, x, A, p, ctx)) goto end;
+ if (!BN_mod_mul(x, x, A, p, ctx))
+ goto end;
- while (1)
- {
+ while (1) {
/* Now b is a^q * y^k for some even k (0 <= k < 2^E
* where E refers to the original value of e, which we
* don't keep in a variable), and x is a^((q+1)/2) * y^(k/2).
* b^2^(e-1) = 1.
*/
- if (BN_is_one(b))
- {
- if (!BN_copy(ret, x)) goto end;
+ if (BN_is_one(b)) {
+ if (!BN_copy(ret, x))
+ goto end;
err = 0;
goto vrfy;
- }
+ }
/* find smallest i such that b^(2^i) = 1 */
i = 1;
- if (!BN_mod_sqr(t, b, p, ctx)) goto end;
- while (!BN_is_one(t))
- {
+ if (!BN_mod_sqr(t, b, p, ctx))
+ goto end;
+ while (!BN_is_one(t)) {
i++;
- if (i == e)
- {
+ if (i == e) {
BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
goto end;
- }
- if (!BN_mod_mul(t, t, t, p, ctx)) goto end;
}
-
+ if (!BN_mod_mul(t, t, t, p, ctx))
+ goto end;
+ }
+
/* t := y^2^(e - i - 1) */
- if (!BN_copy(t, y)) goto end;
- for (j = e - i - 1; j > 0; j--)
- {
- if (!BN_mod_sqr(t, t, p, ctx)) goto end;
- }
- if (!BN_mod_mul(y, t, t, p, ctx)) goto end;
- if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
- if (!BN_mod_mul(b, b, y, p, ctx)) goto end;
- e = i;
+ if (!BN_copy(t, y))
+ goto end;
+ for (j = e - i - 1; j > 0; j--) {
+ if (!BN_mod_sqr(t, t, p, ctx))
+ goto end;
}
+ if (!BN_mod_mul(y, t, t, p, ctx))
+ goto end;
+ if (!BN_mod_mul(x, x, t, p, ctx))
+ goto end;
+ if (!BN_mod_mul(b, b, y, p, ctx))
+ goto end;
+ e = i;
+ }
- vrfy:
- if (!err)
- {
+vrfy:
+ if (!err) {
/* verify the result -- the input might have been not a square
* (test added in 0.9.8) */
-
+
if (!BN_mod_sqr(x, ret, p, ctx))
err = 1;
-
- if (!err && 0 != BN_cmp(x, A))
- {
+
+ if (!err && 0 != BN_cmp(x, A)) {
BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
err = 1;
- }
}
+ }
- end:
- if (err)
- {
- if (ret != NULL && ret != in)
- {
+end:
+ if (err) {
+ if (ret != NULL && ret != in) {
BN_clear_free(ret);
- }
- ret = NULL;
}
+ ret = NULL;
+ }
BN_CTX_end(ctx);
bn_check_top(ret);
return ret;
- }
+}
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
#include "cryptlib.h"
#include "bn_lcl.h"
-BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
- {
+BN_ULONG
+BN_mod_word(const BIGNUM *a, BN_ULONG w)
+{
#ifndef BN_LLONG
- BN_ULONG ret=0;
+ BN_ULONG ret = 0;
#else
- BN_ULLONG ret=0;
+ BN_ULLONG ret = 0;
#endif
int i;
if (w == 0)
- return (BN_ULONG)-1;
+ return (BN_ULONG) - 1;
bn_check_top(a);
- w&=BN_MASK2;
- for (i=a->top-1; i>=0; i--)
- {
+ w &= BN_MASK2;
+ for (i = a->top - 1; i >= 0; i--) {
#ifndef BN_LLONG
- ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%w;
- ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%w;
+ ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) &
+ BN_MASK2l)) % w;
+ ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w;
#else
- ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])%
- (BN_ULLONG)w);
+ ret = (BN_ULLONG)(((ret << (BN_ULLONG)BN_BITS2) |
+ a->d[i]) % (BN_ULLONG)w);
#endif
- }
- return((BN_ULONG)ret);
}
+ return ((BN_ULONG)ret);
+}
-BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
- {
+BN_ULONG
+BN_div_word(BIGNUM *a, BN_ULONG w)
+{
BN_ULONG ret = 0;
int i, j;
if (!w)
/* actually this an error (division by zero) */
- return (BN_ULONG)-1;
+ return (BN_ULONG) - 1;
if (a->top == 0)
return 0;
j = BN_BITS2 - BN_num_bits_word(w);
w <<= j;
if (!BN_lshift(a, a, j))
- return (BN_ULONG)-1;
-
- for (i=a->top-1; i>=0; i--)
- {
- BN_ULONG l,d;
-
- l=a->d[i];
- d=bn_div_words(ret,l,w);
- ret=(l-((d*w)&BN_MASK2))&BN_MASK2;
- a->d[i]=d;
- }
- if ((a->top > 0) && (a->d[a->top-1] == 0))
+ return (BN_ULONG) - 1;
+
+ for (i = a->top - 1; i >= 0; i--) {
+ BN_ULONG l, d;
+
+ l = a->d[i];
+ d = bn_div_words(ret, l, w);
+ ret = (l - ((d*w)&BN_MASK2))&BN_MASK2;
+ a->d[i] = d;
+ }
+ if ((a->top > 0) && (a->d[a->top - 1] == 0))
a->top--;
ret >>= j;
bn_check_top(a);
- return(ret);
- }
+ return (ret);
+}
-int BN_add_word(BIGNUM *a, BN_ULONG w)
- {
+int
+BN_add_word(BIGNUM *a, BN_ULONG w)
+{
BN_ULONG l;
int i;
w &= BN_MASK2;
/* degenerate case: w is zero */
- if (!w) return 1;
+ if (!w)
+ return 1;
/* degenerate case: a is zero */
- if(BN_is_zero(a)) return BN_set_word(a, w);
+ if (BN_is_zero(a))
+ return BN_set_word(a, w);
/* handle 'a' when negative */
- if (a->neg)
- {
- a->neg=0;
- i=BN_sub_word(a,w);
+ if (a->neg) {
+ a->neg = 0;
+ i = BN_sub_word(a, w);
if (!BN_is_zero(a))
a->neg=!(a->neg);
- return(i);
- }
- for (i=0;w!=0 && i<a->top;i++)
- {
- a->d[i] = l = (a->d[i]+w)&BN_MASK2;
- w = (w>l)?1:0;
- }
- if (w && i==a->top)
- {
- if (bn_wexpand(a,a->top+1) == NULL) return 0;
+ return (i);
+ }
+ for (i = 0; w != 0 && i < a->top; i++) {
+ a->d[i] = l = (a->d[i] + w) & BN_MASK2;
+ w = (w > l) ? 1 : 0;
+ }
+ if (w && i == a->top) {
+ if (bn_wexpand(a, a->top + 1) == NULL)
+ return 0;
a->top++;
- a->d[i]=w;
- }
- bn_check_top(a);
- return(1);
+ a->d[i] = w;
}
+ bn_check_top(a);
+ return (1);
+}
-int BN_sub_word(BIGNUM *a, BN_ULONG w)
- {
+int
+BN_sub_word(BIGNUM *a, BN_ULONG w)
+{
int i;
bn_check_top(a);
w &= BN_MASK2;
/* degenerate case: w is zero */
- if (!w) return 1;
+ if (!w)
+ return 1;
/* degenerate case: a is zero */
- if(BN_is_zero(a))
- {
- i = BN_set_word(a,w);
+ if (BN_is_zero(a)) {
+ i = BN_set_word(a, w);
if (i != 0)
BN_set_negative(a, 1);
return i;
- }
+ }
/* handle 'a' when negative */
- if (a->neg)
- {
- a->neg=0;
- i=BN_add_word(a,w);
- a->neg=1;
- return(i);
- }
+ if (a->neg) {
+ a->neg = 0;
+ i = BN_add_word(a, w);
+ a->neg = 1;
+ return (i);
+ }
- if ((a->top == 1) && (a->d[0] < w))
- {
- a->d[0]=w-a->d[0];
- a->neg=1;
- return(1);
- }
- i=0;
- for (;;)
- {
- if (a->d[i] >= w)
- {
- a->d[i]-=w;
+ if ((a->top == 1) && (a->d[0] < w)) {
+ a->d[0] = w - a->d[0];
+ a->neg = 1;
+ return (1);
+ }
+ i = 0;
+ for (;;) {
+ if (a->d[i] >= w) {
+ a->d[i] -= w;
break;
- }
- else
- {
- a->d[i]=(a->d[i]-w)&BN_MASK2;
+ } else {
+ a->d[i] = (a->d[i] - w) & BN_MASK2;
i++;
- w=1;
- }
+ w = 1;
}
- if ((a->d[i] == 0) && (i == (a->top-1)))
+ }
+ if ((a->d[i] == 0) && (i == (a->top - 1)))
a->top--;
bn_check_top(a);
- return(1);
- }
+ return (1);
+}
-int BN_mul_word(BIGNUM *a, BN_ULONG w)
- {
+int
+BN_mul_word(BIGNUM *a, BN_ULONG w)
+{
BN_ULONG ll;
bn_check_top(a);
- w&=BN_MASK2;
- if (a->top)
- {
+ w &= BN_MASK2;
+ if (a->top) {
if (w == 0)
BN_zero(a);
- else
- {
- ll=bn_mul_words(a->d,a->d,a->top,w);
- if (ll)
- {
- if (bn_wexpand(a,a->top+1) == NULL) return(0);
- a->d[a->top++]=ll;
- }
+ else {
+ ll = bn_mul_words(a->d, a->d, a->top, w);
+ if (ll) {
+ if (bn_wexpand(a, a->top + 1) == NULL)
+ return (0);
+ a->d[a->top++] = ll;
}
}
- bn_check_top(a);
- return(1);
}
-
+ bn_check_top(a);
+ return (1);
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* integers.
*/
-static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
- BN_GENCB *cb)
- {
+static int
+bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb)
+{
int i = 0;
+
if (!BN_copy(pi, Xpi))
return 0;
if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
return 0;
- for(;;)
- {
+ for (;;) {
i++;
BN_GENCB_call(cb, 0, i);
/* NB 27 MR is specificed in X9.31 */
break;
if (!BN_add_word(pi, 2))
return 0;
- }
+ }
BN_GENCB_call(cb, 2, i);
return 1;
- }
+}
/* This is the main X9.31 prime derivation function. From parameters
* Xp1, Xp2 and Xp derive the prime p. If the parameters p1 or p2 are
* not NULL they will be returned too: this is needed for testing.
*/
-int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
- const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
- const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)
- {
+int
+BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, const BIGNUM *Xp,
+ const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
+ BN_GENCB *cb)
+{
int ret = 0;
BIGNUM *t, *p1p2, *pm1;
/* p now equals Yp0 */
- for (;;)
- {
+ for (;;) {
int i = 1;
BN_GENCB_call(cb, 0, i++);
if (!BN_copy(pm1, p))
goto err;
if (BN_is_one(t)
/* X9.31 specifies 8 MR and 1 Lucas test or any prime test
- * offering similar or better guarantees 50 MR is considerably
+ * offering similar or better guarantees 50 MR is considerably
* better.
*/
- && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
+ && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
break;
if (!BN_add(p, p, p1p2))
goto err;
- }
+ }
BN_GENCB_call(cb, 3, 0);
ret = 1;
- err:
+err:
BN_CTX_end(ctx);
return ret;
- }
+}
/* Generate pair of paramters Xp, Xq for X9.31 prime generation.
* Note: nbits paramter is sum of number of bits in both.
*/
-int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
- {
+int
+BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
+{
BIGNUM *t;
int i;
+
/* Number of bits for each prime is of the form
* 512+128s for s = 0, 1, ...
*/
BN_CTX_start(ctx);
t = BN_CTX_get(ctx);
- for (i = 0; i < 1000; i++)
- {
+ for (i = 0; i < 1000; i++) {
if (!BN_rand(Xq, nbits, 1, 0))
return 0;
/* Check that |Xp - Xq| > 2^(nbits - 100) */
BN_sub(t, Xp, Xq);
if (BN_num_bits(t) > (nbits - 100))
break;
- }
+ }
BN_CTX_end(ctx);
return 1;
return 0;
-
- }
+}
/* Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1
* and Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL
* are generated using the previous function and supplied as input.
*/
-int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
- BIGNUM *Xp1, BIGNUM *Xp2,
- const BIGNUM *Xp,
- const BIGNUM *e, BN_CTX *ctx,
- BN_GENCB *cb)
- {
+int
+BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1,
+ BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)
+{
int ret = 0;
BN_CTX_start(ctx);
ret = 1;
- error:
+error:
BN_CTX_end(ctx);
return ret;
-
- }
-
+}
projects / openbsd / commitdiff