Clean up bn_sqr_words()

Currently there are two versions of bn_sqr_words(), which call the sqr or
sqr64 macro. Replace this with a single version that calls bn_umul_hilo()
and remove the various implementations of the sqr macro. The only slight
downside is that sqr64 does three multiplications instead of four, given
that the second and third terms are identical. However, this is a minimal
gain for the amount of duplication and entanglement it introduces.

ok tb@

diff --git a/lib/libcrypto/bn/bn_local.h b/lib/libcrypto/bn/bn_local.h
index 904eaa0..4ea54d2 100644 (file)
--- a/lib/libcrypto/bn/bn_local.h
+++ b/lib/libcrypto/bn/bn_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_local.h,v 1.7 2023/02/03 04:47:59 jsing Exp $ */
+/* $OpenBSD: bn_local.h,v 1.8 2023/02/09 09:16:26 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -342,13 +342,6 @@ struct bn_gencb_st {
        (c)= Hw(t); \
        }
 
-#define sqr(r0,r1,a) { \
-       BN_ULLONG t; \
-       t=(BN_ULLONG)(a)*(a); \
-       (r0)=Lw(t); \
-       (r1)=Hw(t); \
-       }
-
 #elif defined(BN_UMULT_LOHI)
 #define mul_add(r,a,w,c) {             \
        BN_ULONG high,low,ret,tmp=(a);  \
@@ -371,11 +364,6 @@ struct bn_gencb_st {
        (r) =  ret;                     \
        }
 
-#define sqr(r0,r1,a)   {               \
-       BN_ULONG tmp=(a);               \
-       BN_UMULT_LOHI(r0,r1,tmp,tmp);   \
-       }
-
 #elif defined(BN_UMULT_HIGH)
 #define mul_add(r,a,w,c) {             \
        BN_ULONG high,low,ret,tmp=(a);  \
@@ -400,12 +388,6 @@ struct bn_gencb_st {
        (r) =  ret;                     \
        }
 
-#define sqr(r0,r1,a)   {               \
-       BN_ULONG tmp=(a);               \
-       (r0) = tmp * tmp;               \
-       (r1) = BN_UMULT_HIGH(tmp,tmp);  \
-       }
-
 #else
 /*************************************************************
  * No long long type

diff --git a/lib/libcrypto/bn/bn_sqr.c b/lib/libcrypto/bn/bn_sqr.c
index 74d5ede..940cdd3 100644 (file)
--- a/lib/libcrypto/bn/bn_sqr.c
+++ b/lib/libcrypto/bn/bn_sqr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_sqr.c,v 1.22 2023/01/23 12:09:06 jsing Exp $ */
+/* $OpenBSD: bn_sqr.c,v 1.23 2023/02/09 09:16:26 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -180,33 +180,9 @@ bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
 #endif
 
 #ifndef HAVE_BN_SQR_WORDS
-#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
-void
-bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
-{
-       assert(n >= 0);
-       if (n <= 0)
-               return;
-
-#ifndef OPENSSL_SMALL_FOOTPRINT
-       while (n & ~3) {
-               sqr(r[0], r[1], a[0]);
-               sqr(r[2], r[3], a[1]);
-               sqr(r[4], r[5], a[2]);
-               sqr(r[6], r[7], a[3]);
-               a += 4;
-               r += 8;
-               n -= 4;
-       }
-#endif
-       while (n) {
-               sqr(r[0], r[1], a[0]);
-               a++;
-               r += 2;
-               n--;
-       }
-}
-#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
+/*
+ * bn_sqr_words() computes (r[i*2+1]:r[i*2]) = a[i] * a[i].
+ */
 void
 bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
 {
@@ -216,24 +192,23 @@ bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
 
 #ifndef OPENSSL_SMALL_FOOTPRINT
        while (n & ~3) {
-               sqr64(r[0], r[1], a[0]);
-               sqr64(r[2], r[3], a[1]);
-               sqr64(r[4], r[5], a[2]);
-               sqr64(r[6], r[7], a[3]);
+               bn_umul_hilo(a[0], a[0], &r[1], &r[0]);
+               bn_umul_hilo(a[1], a[1], &r[3], &r[2]);
+               bn_umul_hilo(a[2], a[2], &r[5], &r[4]);
+               bn_umul_hilo(a[3], a[3], &r[7], &r[6]);
                a += 4;
                r += 8;
                n -= 4;
        }
 #endif
        while (n) {
-               sqr64(r[0], r[1], a[0]);
+               bn_umul_hilo(a[0], a[0], &r[1], &r[0]);
                a++;
                r += 2;
                n--;
        }
 }
 #endif
-#endif
 
 /* tmp must have 2*n words */
 void