From 67e47f29c6d666ba5275d0d4133bfca18ada1da6 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Fri, 17 Feb 2023 05:30:20 +0000
Subject: [PATCH] Remove now unused tangle of mul*/sqr* and BN_UMULT_* macros.

No, I'm not trying to overwhelm you... however, we really no longer need
this clutter.

ok tb@
---
 lib/libcrypto/bn/bn_local.h | 252 +-----------------------------------
 1 file changed, 1 insertion(+), 251 deletions(-)

diff --git a/lib/libcrypto/bn/bn_local.h b/lib/libcrypto/bn/bn_local.h
index 51582f98330..6d308218e7c 100644
--- a/lib/libcrypto/bn/bn_local.h
+++ b/lib/libcrypto/bn/bn_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_local.h,v 1.10 2023/02/16 11:13:05 jsing Exp $ */
+/* $OpenBSD: bn_local.h,v 1.11 2023/02/17 05:30:20 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -241,256 +241,6 @@ struct bn_gencb_st {
 #define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL	(32) /* 32 */
 #define BN_MONT_CTX_SET_SIZE_WORD		(64) /* 32 */
 
-#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-/*
- * BN_UMULT_HIGH section.
- *
- * No, I'm not trying to overwhelm you when stating that the
- * product of N-bit numbers is 2*N bits wide:-) No, I don't expect
- * you to be impressed when I say that if the compiler doesn't
- * support 2*N integer type, then you have to replace every N*N
- * multiplication with 4 (N/2)*(N/2) accompanied by some shifts
- * and additions which unavoidably results in severe performance
- * penalties. Of course provided that the hardware is capable of
- * producing 2*N result... That's when you normally start
- * considering assembler implementation. However! It should be
- * pointed out that some CPUs (most notably Alpha, PowerPC and
- * upcoming IA-64 family:-) provide *separate* instruction
- * calculating the upper half of the product placing the result
- * into a general purpose register. Now *if* the compiler supports
- * inline assembler, then it's not impossible to implement the
- * "bignum" routines (and have the compiler optimize 'em)
- * exhibiting "native" performance in C. That's what BN_UMULT_HIGH
- * macro is about:-)
- *
- *					<appro@fy.chalmers.se>
- */
-# if defined(__alpha)
-#  if defined(__GNUC__) && __GNUC__>=2
-#   define BN_UMULT_HIGH(a,b)	({	\
-	BN_ULONG ret;		\
-	asm ("umulh	%1,%2,%0"	\
-	     : "=r"(ret)		\
-	     : "r"(a), "r"(b));		\
-	ret;			})
-#  endif	/* compiler */
-# elif defined(_ARCH_PPC) && defined(_LP64)
-#  if defined(__GNUC__) && __GNUC__>=2
-#   define BN_UMULT_HIGH(a,b)	({	\
-	BN_ULONG ret;		\
-	asm ("mulhdu	%0,%1,%2"	\
-	     : "=r"(ret)		\
-	     : "r"(a), "r"(b));		\
-	ret;			})
-#  endif	/* compiler */
-# elif defined(__x86_64) || defined(__x86_64__)
-#  if defined(__GNUC__) && __GNUC__>=2
-#   define BN_UMULT_HIGH(a,b)	({	\
-	BN_ULONG ret,discard;	\
-	asm ("mulq	%3"		\
-	     : "=a"(discard),"=d"(ret)	\
-	     : "a"(a), "g"(b)		\
-	     : "cc");			\
-	ret;			})
-#   define BN_UMULT_LOHI(low,high,a,b)	\
-	asm ("mulq	%3"		\
-		: "=a"(low),"=d"(high)	\
-		: "a"(a),"g"(b)		\
-		: "cc");
-#  endif
-# elif defined(__mips) && defined(_LP64)
-#  if defined(__GNUC__) && __GNUC__>=2
-#   if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4) /* "h" constraint is no more since 4.4 */
-#     define BN_UMULT_HIGH(a,b)		 (((__uint128_t)(a)*(b))>>64)
-#     define BN_UMULT_LOHI(low,high,a,b) ({	\
-	__uint128_t ret=(__uint128_t)(a)*(b);	\
-	(high)=ret>>64; (low)=ret;	 })
-#   else
-#     define BN_UMULT_HIGH(a,b)	({	\
-	BN_ULONG ret;		\
-	asm ("dmultu	%1,%2"		\
-	     : "=h"(ret)		\
-	     : "r"(a), "r"(b) : "l");	\
-	ret;			})
-#     define BN_UMULT_LOHI(low,high,a,b)\
-	asm ("dmultu	%2,%3"		\
-	     : "=l"(low),"=h"(high)	\
-	     : "r"(a), "r"(b));
-#    endif
-#  endif
-# endif		/* cpu */
-#endif		/* OPENSSL_NO_ASM */
-
-/*************************************************************
- * Using the long long type
- */
-#define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
-#define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
-
-#ifndef BN_LLONG
-/*************************************************************
- * No long long type
- */
-
-#define LBITS(a)	((a)&BN_MASK2l)
-#define HBITS(a)	(((a)>>BN_BITS4)&BN_MASK2l)
-#define	L2HBITS(a)	(((a)<<BN_BITS4)&BN_MASK2)
-
-#define mul64(l,h,bl,bh) \
-	{ \
-	BN_ULONG m,m1,lt,ht; \
- \
-	lt=l; \
-	ht=h; \
-	m =(bh)*(lt); \
-	lt=(bl)*(lt); \
-	m1=(bl)*(ht); \
-	ht =(bh)*(ht); \
-	m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS((BN_ULONG)1); \
-	ht+=HBITS(m); \
-	m1=L2HBITS(m); \
-	lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \
-	(l)=lt; \
-	(h)=ht; \
-	}
-
-#define sqr64(lo,ho,in) \
-	{ \
-	BN_ULONG l,h,m; \
- \
-	h=(in); \
-	l=LBITS(h); \
-	h=HBITS(h); \
-	m =(l)*(h); \
-	l*=l; \
-	h*=h; \
-	h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
-	m =(m&BN_MASK2l)<<(BN_BITS4+1); \
-	l=(l+m)&BN_MASK2; if (l < m) h++; \
-	(lo)=l; \
-	(ho)=h; \
-	}
-
-#endif /* !BN_LLONG */
-
-/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
-/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
-/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
-
-#ifdef BN_LLONG
-/*
- * Keep in mind that additions to multiplication result can not
- * overflow, because its high half cannot be all-ones.
- */
-
-#define mul_add_c2(a,b,c0,c1,c2)	do {	\
-	BN_ULONG hi;				\
-	BN_ULLONG t = (BN_ULLONG)(a)*(b);	\
-	BN_ULLONG tt = t+c0;	/* no carry */	\
-	c0 = (BN_ULONG)Lw(tt);			\
-	hi = (BN_ULONG)Hw(tt);			\
-	c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++;	\
-	t += c0;		/* no carry */	\
-	c0 = (BN_ULONG)Lw(t);			\
-	hi = (BN_ULONG)Hw(t);			\
-	c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++;	\
-	} while(0)
-
-#define sqr_add_c(a,i,c0,c1,c2)		do {	\
-	BN_ULONG hi;				\
-	BN_ULLONG t = (BN_ULLONG)a[i]*a[i];	\
-	t += c0;		/* no carry */	\
-	c0 = (BN_ULONG)Lw(t);			\
-	hi = (BN_ULONG)Hw(t);			\
-	c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++;	\
-	} while(0)
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-#elif defined(BN_UMULT_LOHI)
-/*
- * Keep in mind that additions to hi can not overflow, because
- * the high word of a multiplication result cannot be all-ones.
- */
-
-#define mul_add_c2(a,b,c0,c1,c2)	do {	\
-	BN_ULONG ta = (a), tb = (b);		\
-	BN_ULONG lo, hi, tt;			\
-	BN_UMULT_LOHI(lo,hi,ta,tb);		\
-	c0 += lo; tt = hi+((c0<lo)?1:0);	\
-	c1 += tt; c2 += (c1<tt)?1:0;		\
-	c0 += lo; hi += (c0<lo)?1:0;		\
-	c1 += hi; c2 += (c1<hi)?1:0;		\
-	} while(0)
-
-#define sqr_add_c(a,i,c0,c1,c2)		do {	\
-	BN_ULONG ta = (a)[i];			\
-	BN_ULONG lo, hi;			\
-	BN_UMULT_LOHI(lo,hi,ta,ta);		\
-	c0 += lo; hi += (c0<lo)?1:0;		\
-	c1 += hi; c2 += (c1<hi)?1:0;		\
-	} while(0)
-
-#define sqr_add_c2(a,i,j,c0,c1,c2)	\
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-#elif defined(BN_UMULT_HIGH)
-/*
- * Keep in mind that additions to hi can not overflow, because
- * the high word of a multiplication result cannot be all-ones.
- */
-
-#define mul_add_c2(a,b,c0,c1,c2)	do {	\
-	BN_ULONG ta = (a), tb = (b), tt;	\
-	BN_ULONG lo = ta * tb;			\
-	BN_ULONG hi = BN_UMULT_HIGH(ta,tb);	\
-	c0 += lo; tt = hi + ((c0<lo)?1:0);	\
-	c1 += tt; c2 += (c1<tt)?1:0;		\
-	c0 += lo; hi += (c0<lo)?1:0;		\
-	c1 += hi; c2 += (c1<hi)?1:0;		\
-	} while(0)
-
-#define sqr_add_c(a,i,c0,c1,c2)		do {	\
-	BN_ULONG ta = (a)[i];			\
-	BN_ULONG lo = ta * ta;			\
-	BN_ULONG hi = BN_UMULT_HIGH(ta,ta);	\
-	c0 += lo; hi += (c0<lo)?1:0;		\
-	c1 += hi; c2 += (c1<hi)?1:0;		\
-	} while(0)
-
-#define sqr_add_c2(a,i,j,c0,c1,c2)	\
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-#else /* !BN_LLONG */
-/*
- * Keep in mind that additions to hi can not overflow, because
- * the high word of a multiplication result cannot be all-ones.
- */
-
-#define mul_add_c2(a,b,c0,c1,c2)	do {	\
-	BN_ULONG tt;				\
-	BN_ULONG lo = LBITS(a), hi = HBITS(a);	\
-	BN_ULONG bl = LBITS(b), bh = HBITS(b);	\
-	mul64(lo,hi,bl,bh);			\
-	tt = hi;				\
-	c0 = (c0+lo)&BN_MASK2; if (c0<lo) tt++;	\
-	c1 = (c1+tt)&BN_MASK2; if (c1<tt) c2++;	\
-	c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++;	\
-	c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++;	\
-	} while(0)
-
-#define sqr_add_c(a,i,c0,c1,c2)		do {	\
-	BN_ULONG lo, hi;			\
-	sqr64(lo,hi,(a)[i]);			\
-	c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++;	\
-	c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++;	\
-	} while(0)
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-#endif /* !BN_LLONG */
-
 /* The least significant word of a BIGNUM. */
 #define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
 
-- 
2.20.1