From d318803ae5dbd5ed8cb7912967600fcf0bc4e527 Mon Sep 17 00:00:00 2001 From: jsing Date: Thu, 9 Feb 2023 09:16:26 +0000 Subject: [PATCH] Clean up bn_sqr_words() Currently there are two versions of bn_sqr_words(), which call the sqr or sqr64 macro. Replace this with a single version that calls bn_umul_hilo() and remove the various implementations of the sqr macro. The only slight downside is that sqr64 does three multiplications instead of four, given that the second and third terms are identical. However, this is a minimal gain for the amount of duplication and entanglement it introduces. ok tb@ --- lib/libcrypto/bn/bn_local.h | 20 +---------------- lib/libcrypto/bn/bn_sqr.c | 43 ++++++++----------------------------- 2 files changed, 10 insertions(+), 53 deletions(-) diff --git a/lib/libcrypto/bn/bn_local.h b/lib/libcrypto/bn/bn_local.h index 904eaa0f05a..4ea54d23203 100644 --- a/lib/libcrypto/bn/bn_local.h +++ b/lib/libcrypto/bn/bn_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_local.h,v 1.7 2023/02/03 04:47:59 jsing Exp $ */ +/* $OpenBSD: bn_local.h,v 1.8 2023/02/09 09:16:26 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -342,13 +342,6 @@ struct bn_gencb_st { (c)= Hw(t); \ } -#define sqr(r0,r1,a) { \ - BN_ULLONG t; \ - t=(BN_ULLONG)(a)*(a); \ - (r0)=Lw(t); \ - (r1)=Hw(t); \ - } - #elif defined(BN_UMULT_LOHI) #define mul_add(r,a,w,c) { \ BN_ULONG high,low,ret,tmp=(a); \ @@ -371,11 +364,6 @@ struct bn_gencb_st { (r) = ret; \ } -#define sqr(r0,r1,a) { \ - BN_ULONG tmp=(a); \ - BN_UMULT_LOHI(r0,r1,tmp,tmp); \ - } - #elif defined(BN_UMULT_HIGH) #define mul_add(r,a,w,c) { \ BN_ULONG high,low,ret,tmp=(a); \ @@ -400,12 +388,6 @@ struct bn_gencb_st { (r) = ret; \ } -#define sqr(r0,r1,a) { \ - BN_ULONG tmp=(a); \ - (r0) = tmp * tmp; \ - (r1) = BN_UMULT_HIGH(tmp,tmp); \ - } - #else /************************************************************* * No long long type diff --git a/lib/libcrypto/bn/bn_sqr.c b/lib/libcrypto/bn/bn_sqr.c index 74d5eded947..940cdd33bde 100644 --- a/lib/libcrypto/bn/bn_sqr.c +++ b/lib/libcrypto/bn/bn_sqr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_sqr.c,v 1.22 2023/01/23 12:09:06 jsing Exp $ */ +/* $OpenBSD: bn_sqr.c,v 1.23 2023/02/09 09:16:26 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -180,33 +180,9 @@ bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) #endif #ifndef HAVE_BN_SQR_WORDS -#if defined(BN_LLONG) || defined(BN_UMULT_HIGH) -void -bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) -{ - assert(n >= 0); - if (n <= 0) - return; - -#ifndef OPENSSL_SMALL_FOOTPRINT - while (n & ~3) { - sqr(r[0], r[1], a[0]); - sqr(r[2], r[3], a[1]); - sqr(r[4], r[5], a[2]); - sqr(r[6], r[7], a[3]); - a += 4; - r += 8; - n -= 4; - } -#endif - while (n) { - sqr(r[0], r[1], a[0]); - a++; - r += 2; - n--; - } -} -#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */ +/* + * bn_sqr_words() computes (r[i*2+1]:r[i*2]) = a[i] * a[i]. + */ void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) { @@ -216,24 +192,23 @@ bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) #ifndef OPENSSL_SMALL_FOOTPRINT while (n & ~3) { - sqr64(r[0], r[1], a[0]); - sqr64(r[2], r[3], a[1]); - sqr64(r[4], r[5], a[2]); - sqr64(r[6], r[7], a[3]); + bn_umul_hilo(a[0], a[0], &r[1], &r[0]); + bn_umul_hilo(a[1], a[1], &r[3], &r[2]); + bn_umul_hilo(a[2], a[2], &r[5], &r[4]); + bn_umul_hilo(a[3], a[3], &r[7], &r[6]); a += 4; r += 8; n -= 4; } #endif while (n) { - sqr64(r[0], r[1], a[0]); + bn_umul_hilo(a[0], a[0], &r[1], &r[0]); a++; r += 2; n--; } } #endif -#endif /* tmp must have 2*n words */ void -- 2.20.1