diff options
Diffstat (limited to 'thirdparty/openssl/crypto/bn')
42 files changed, 0 insertions, 23877 deletions
diff --git a/thirdparty/openssl/crypto/bn/asm/README b/thirdparty/openssl/crypto/bn/asm/README deleted file mode 100644 index b0f3a68a06..0000000000 --- a/thirdparty/openssl/crypto/bn/asm/README +++ /dev/null @@ -1,27 +0,0 @@ -<OBSOLETE> - -All assember in this directory are just version of the file -crypto/bn/bn_asm.c. - -Quite a few of these files are just the assember output from gcc since on -quite a few machines they are 2 times faster than the system compiler. - -For the x86, I have hand written assember because of the bad job all -compilers seem to do on it. This normally gives a 2 time speed up in the RSA -routines. - -For the DEC alpha, I also hand wrote the assember (except the division which -is just the output from the C compiler pasted on the end of the file). -On the 2 alpha C compilers I had access to, it was not possible to do -64b x 64b -> 128b calculations (both long and the long long data types -were 64 bits). So the hand assember gives access to the 128 bit result and -a 2 times speedup :-). - -There are 3 versions of assember for the HP PA-RISC. - -pa-risc.s is the origional one which works fine and generated using gcc :-) - -pa-risc2W.s and pa-risc2.s are 64 and 32-bit PA-RISC 2.0 implementations -by Chris Ruemmler from HP (with some help from the HP C compiler). - -</OBSOLETE> diff --git a/thirdparty/openssl/crypto/bn/asm/vms.mar b/thirdparty/openssl/crypto/bn/asm/vms.mar deleted file mode 100644 index aefab15cdb..0000000000 --- a/thirdparty/openssl/crypto/bn/asm/vms.mar +++ /dev/null @@ -1,6440 +0,0 @@ - .title vax_bn_mul_add_words unsigned multiply & add, 32*32+32+32=>64 -; -; w.j.m. 15-jan-1999 -; -; it's magic ... -; -; ULONG bn_mul_add_words(ULONG r[],ULONG a[],int n,ULONG w) { -; ULONG c = 0; -; int i; -; for(i = 0; i < n; i++) <c,r[i]> := r[i] + c + a[i] * w ; -; return c; -; } - -r=4 ;(AP) -a=8 ;(AP) -n=12 ;(AP) n by value (input) -w=16 ;(AP) w by value (input) - - - .psect code,nowrt - -.entry bn_mul_add_words,^m<r2,r3,r4,r5,r6> - - moval @r(ap),r2 - moval @a(ap),r3 - movl n(ap),r4 ; assumed >0 by C code - movl w(ap),r5 - clrl r6 ; c - -0$: - emul r5,(r3),(r2),r0 ; w, a[], r[] considered signed - - ; fixup for "negative" r[] - tstl (r2) - bgeq 10$ - incl r1 -10$: - - ; add in c - addl2 r6,r0 - adwc #0,r1 - - ; combined fixup for "negative" w, a[] - tstl r5 - bgeq 20$ - addl2 (r3),r1 -20$: - tstl (r3) - bgeq 30$ - addl2 r5,r1 -30$: - - movl r0,(r2)+ ; store lo result in r[] & advance - addl #4,r3 ; advance a[] - movl r1,r6 ; store hi result => c - - sobgtr r4,0$ - - movl r6,r0 ; return c - ret - - .title vax_bn_mul_words unsigned multiply & add, 32*32+32=>64 -; -; w.j.m. 15-jan-1999 -; -; it's magic ... -; -; ULONG bn_mul_words(ULONG r[],ULONG a[],int n,ULONG w) { -; ULONG c = 0; -; int i; -; for(i = 0; i < num; i++) <c,r[i]> := a[i] * w + c ; -; return(c); -; } - -r=4 ;(AP) -a=8 ;(AP) -n=12 ;(AP) n by value (input) -w=16 ;(AP) w by value (input) - - - .psect code,nowrt - -.entry bn_mul_words,^m<r2,r3,r4,r5,r6> - - moval @r(ap),r2 ; r2 -> r[] - moval @a(ap),r3 ; r3 -> a[] - movl n(ap),r4 ; r4 = loop count (assumed >0 by C code) - movl w(ap),r5 ; r5 = w - clrl r6 ; r6 = c - -0$: - ; <r1,r0> := w * a[] + c - emul r5,(r3),r6,r0 ; w, a[], c considered signed - - ; fixup for "negative" c - tstl r6 ; c - bgeq 10$ - incl r1 -10$: - - ; combined fixup for "negative" w, a[] - tstl r5 ; w - bgeq 20$ - addl2 (r3),r1 ; a[] -20$: - tstl (r3) ; a[] - bgeq 30$ - addl2 r5,r1 ; w -30$: - - movl r0,(r2)+ ; store lo result in r[] & advance - addl #4,r3 ; advance a[] - movl r1,r6 ; store hi result => c - - sobgtr r4,0$ - - movl r6,r0 ; return c - ret - - .title vax_bn_sqr_words unsigned square, 32*32=>64 -; -; w.j.m. 15-jan-1999 -; -; it's magic ... -; -; void bn_sqr_words(ULONG r[],ULONG a[],int n) { -; int i; -; for(i = 0; i < n; i++) <r[2*i+1],r[2*i]> := a[i] * a[i] ; -; } - -r=4 ;(AP) -a=8 ;(AP) -n=12 ;(AP) n by value (input) - - - .psect code,nowrt - -.entry bn_sqr_words,^m<r2,r3,r4,r5> - - moval @r(ap),r2 ; r2 -> r[] - moval @a(ap),r3 ; r3 -> a[] - movl n(ap),r4 ; r4 = n (assumed >0 by C code) - -0$: - movl (r3)+,r5 ; r5 = a[] & advance - - ; <r1,r0> := a[] * a[] - emul r5,r5,#0,r0 ; a[] considered signed - - ; fixup for "negative" a[] - tstl r5 ; a[] - bgeq 30$ - addl2 r5,r1 ; a[] - addl2 r5,r1 ; a[] -30$: - - movl r0,(r2)+ ; store lo result in r[] & advance - movl r1,(r2)+ ; store hi result in r[] & advance - - sobgtr r4,0$ - - movl #1,r0 ; return SS$_NORMAL - ret - - .title vax_bn_div_words unsigned divide -; -; Richard Levitte 20-Nov-2000 -; -; ULONG bn_div_words(ULONG h, ULONG l, ULONG d) -; { -; return ((ULONG)((((ULLONG)h)<<32)|l) / (ULLONG)d); -; } -; -; Using EDIV would be very easy, if it didn't do signed calculations. -; Any time any of the input numbers are signed, there are problems, -; usually with integer overflow, at which point it returns useless -; data (the quotient gets the value of l, and the remainder becomes 0). -; -; If it was just for the dividend, it would be very easy, just divide -; it by 2 (unsigned), do the division, multiply the resulting quotient -; and remainder by 2, add the bit that was dropped when dividing by 2 -; to the remainder, and do some adjustment so the remainder doesn't -; end up larger than the divisor. For some cases when the divisor is -; negative (from EDIV's point of view, i.e. when the highest bit is set), -; dividing the dividend by 2 isn't enough, and since some operations -; might generate integer overflows even when the dividend is divided by -; 4 (when the high part of the shifted down dividend ends up being exactly -; half of the divisor, the result is the quotient 0x80000000, which is -; negative...) it needs to be divided by 8. Furthermore, the divisor needs -; to be divided by 2 (unsigned) as well, to avoid more problems with the sign. -; In this case, a little extra fiddling with the remainder is required. -; -; So, the simplest way to handle this is always to divide the dividend -; by 8, and to divide the divisor by 2 if it's highest bit is set. -; After EDIV has been used, the quotient gets multiplied by 8 if the -; original divisor was positive, otherwise 4. The remainder, oddly -; enough, is *always* multiplied by 8. -; NOTE: in the case mentioned above, where the high part of the shifted -; down dividend ends up being exactly half the shifted down divisor, we -; end up with a 33 bit quotient. That's no problem however, it usually -; means we have ended up with a too large remainder as well, and the -; problem is fixed by the last part of the algorithm (next paragraph). -; -; The routine ends with comparing the resulting remainder with the -; original divisor and if the remainder is larger, subtract the -; original divisor from it, and increase the quotient by 1. This is -; done until the remainder is smaller than the divisor. -; -; The complete algorithm looks like this: -; -; d' = d -; l' = l & 7 -; [h,l] = [h,l] >> 3 -; [q,r] = floor([h,l] / d) # This is the EDIV operation -; if (q < 0) q = -q # I doubt this is necessary any more -; -; r' = r >> 29 -; if (d' >= 0) -; q' = q >> 29 -; q = q << 3 -; else -; q' = q >> 30 -; q = q << 2 -; r = (r << 3) + l' -; -; if (d' < 0) -; { -; [r',r] = [r',r] - q -; while ([r',r] < 0) -; { -; [r',r] = [r',r] + d -; [q',q] = [q',q] - 1 -; } -; } -; -; while ([r',r] >= d') -; { -; [r',r] = [r',r] - d' -; [q',q] = [q',q] + 1 -; } -; -; return q - -h=4 ;(AP) h by value (input) -l=8 ;(AP) l by value (input) -d=12 ;(AP) d by value (input) - -;r2 = l, q -;r3 = h, r -;r4 = d -;r5 = l' -;r6 = r' -;r7 = d' -;r8 = q' - - .psect code,nowrt - -.entry bn_div_words,^m<r2,r3,r4,r5,r6,r7,r8> - movl l(ap),r2 - movl h(ap),r3 - movl d(ap),r4 - - bicl3 #^XFFFFFFF8,r2,r5 ; l' = l & 7 - bicl3 #^X00000007,r2,r2 - - bicl3 #^XFFFFFFF8,r3,r6 - bicl3 #^X00000007,r3,r3 - - addl r6,r2 - - rotl #-3,r2,r2 ; l = l >> 3 - rotl #-3,r3,r3 ; h = h >> 3 - - movl r4,r7 ; d' = d - - movl #0,r6 ; r' = 0 - movl #0,r8 ; q' = 0 - - tstl r4 - beql 666$ ; Uh-oh, the divisor is 0... - bgtr 1$ - rotl #-1,r4,r4 ; If d is negative, shift it right. - bicl2 #^X80000000,r4 ; Since d is then a large number, the - ; lowest bit is insignificant - ; (contradict that, and I'll fix the problem!) -1$: - ediv r4,r2,r2,r3 ; Do the actual division - - tstl r2 - bgeq 3$ - mnegl r2,r2 ; if q < 0, negate it -3$: - tstl r7 - blss 4$ - rotl #3,r2,r2 ; q = q << 3 - bicl3 #^XFFFFFFF8,r2,r8 ; q' gets the high bits from q - bicl3 #^X00000007,r2,r2 - bsb 41$ -4$: ; else - rotl #2,r2,r2 ; q = q << 2 - bicl3 #^XFFFFFFFC,r2,r8 ; q' gets the high bits from q - bicl3 #^X00000003,r2,r2 -41$: - rotl #3,r3,r3 ; r = r << 3 - bicl3 #^XFFFFFFF8,r3,r6 ; r' gets the high bits from r - bicl3 #^X00000007,r3,r3 - addl r5,r3 ; r = r + l' - - tstl r7 - bgeq 5$ - bitl #1,r7 - beql 5$ ; if d' < 0 && d' & 1 - subl r2,r3 ; [r',r] = [r',r] - [q',q] - sbwc r8,r6 -45$: - bgeq 5$ ; while r < 0 - decl r2 ; [q',q] = [q',q] - 1 - sbwc #0,r8 - addl r7,r3 ; [r',r] = [r',r] + d' - adwc #0,r6 - brb 45$ - -; The return points are placed in the middle to keep a short distance from -; all the branch points -42$: -; movl r3,r1 - movl r2,r0 - ret -666$: - movl #^XFFFFFFFF,r0 - ret - -5$: - tstl r6 - bneq 6$ - cmpl r3,r7 - blssu 42$ ; while [r',r] >= d' -6$: - subl r7,r3 ; [r',r] = [r',r] - d' - sbwc #0,r6 - incl r2 ; [q',q] = [q',q] + 1 - adwc #0,r8 - brb 5$ - - .title vax_bn_add_words unsigned add of two arrays -; -; Richard Levitte 20-Nov-2000 -; -; ULONG bn_add_words(ULONG r[], ULONG a[], ULONG b[], int n) { -; ULONG c = 0; -; int i; -; for (i = 0; i < n; i++) <c,r[i]> = a[i] + b[i] + c; -; return(c); -; } - -r=4 ;(AP) r by reference (output) -a=8 ;(AP) a by reference (input) -b=12 ;(AP) b by reference (input) -n=16 ;(AP) n by value (input) - - - .psect code,nowrt - -.entry bn_add_words,^m<r2,r3,r4,r5,r6> - - moval @r(ap),r2 - moval @a(ap),r3 - moval @b(ap),r4 - movl n(ap),r5 ; assumed >0 by C code - clrl r0 ; c - - tstl r5 ; carry = 0 - bleq 666$ - -0$: - movl (r3)+,r6 ; carry untouched - adwc (r4)+,r6 ; carry used and touched - movl r6,(r2)+ ; carry untouched - sobgtr r5,0$ ; carry untouched - - adwc #0,r0 -666$: - ret - - .title vax_bn_sub_words unsigned add of two arrays -; -; Richard Levitte 20-Nov-2000 -; -; ULONG bn_sub_words(ULONG r[], ULONG a[], ULONG b[], int n) { -; ULONG c = 0; -; int i; -; for (i = 0; i < n; i++) <c,r[i]> = a[i] - b[i] - c; -; return(c); -; } - -r=4 ;(AP) r by reference (output) -a=8 ;(AP) a by reference (input) -b=12 ;(AP) b by reference (input) -n=16 ;(AP) n by value (input) - - - .psect code,nowrt - -.entry bn_sub_words,^m<r2,r3,r4,r5,r6> - - moval @r(ap),r2 - moval @a(ap),r3 - moval @b(ap),r4 - movl n(ap),r5 ; assumed >0 by C code - clrl r0 ; c - - tstl r5 ; carry = 0 - bleq 666$ - -0$: - movl (r3)+,r6 ; carry untouched - sbwc (r4)+,r6 ; carry used and touched - movl r6,(r2)+ ; carry untouched - sobgtr r5,0$ ; carry untouched - - adwc #0,r0 -666$: - ret - - -;r=4 ;(AP) -;a=8 ;(AP) -;b=12 ;(AP) -;n=16 ;(AP) n by value (input) - - .psect code,nowrt - -.entry BN_MUL_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11> - movab -924(sp),sp - clrq r8 - - clrl r10 - - movl 8(ap),r6 - movzwl 2(r6),r3 - movl 12(ap),r7 - bicl3 #-65536,(r7),r2 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-12(fp) - bicl3 #-65536,r3,-16(fp) - mull3 r0,-12(fp),-4(fp) - mull2 r2,-12(fp) - mull3 r2,-16(fp),-8(fp) - mull2 r0,-16(fp) - addl3 -4(fp),-8(fp),r0 - bicl3 #0,r0,-4(fp) - cmpl -4(fp),-8(fp) - bgequ noname.45 - addl2 #65536,-16(fp) -noname.45: - movzwl -2(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-16(fp) - bicl3 #-65536,-4(fp),r0 - ashl #16,r0,-8(fp) - addl3 -8(fp),-12(fp),r0 - bicl3 #0,r0,-12(fp) - cmpl -12(fp),-8(fp) - bgequ noname.46 - incl -16(fp) -noname.46: - movl -12(fp),r1 - movl -16(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.47 - incl r2 -noname.47: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.48 - incl r10 -noname.48: - - movl 4(ap),r11 - movl r9,(r11) - - clrl r9 - - movzwl 2(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-28(fp) - bicl3 #-65536,r2,-32(fp) - mull3 r0,-28(fp),-20(fp) - mull2 r3,-28(fp) - mull3 r3,-32(fp),-24(fp) - mull2 r0,-32(fp) - addl3 -20(fp),-24(fp),r0 - bicl3 #0,r0,-20(fp) - cmpl -20(fp),-24(fp) - bgequ noname.49 - addl2 #65536,-32(fp) -noname.49: - movzwl -18(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-32(fp) - bicl3 #-65536,-20(fp),r0 - ashl #16,r0,-24(fp) - addl3 -24(fp),-28(fp),r0 - bicl3 #0,r0,-28(fp) - cmpl -28(fp),-24(fp) - bgequ noname.50 - incl -32(fp) -noname.50: - movl -28(fp),r1 - movl -32(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.51 - incl r2 -noname.51: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.52 - incl r9 -noname.52: - - movzwl 6(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-44(fp) - bicl3 #-65536,r2,-48(fp) - mull3 r0,-44(fp),-36(fp) - mull2 r3,-44(fp) - mull3 r3,-48(fp),-40(fp) - mull2 r0,-48(fp) - addl3 -36(fp),-40(fp),r0 - bicl3 #0,r0,-36(fp) - cmpl -36(fp),-40(fp) - bgequ noname.53 - addl2 #65536,-48(fp) -noname.53: - movzwl -34(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-48(fp) - bicl3 #-65536,-36(fp),r0 - ashl #16,r0,-40(fp) - addl3 -40(fp),-44(fp),r0 - bicl3 #0,r0,-44(fp) - cmpl -44(fp),-40(fp) - bgequ noname.54 - incl -48(fp) -noname.54: - movl -44(fp),r1 - movl -48(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.55 - incl r2 -noname.55: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.56 - incl r9 -noname.56: - - movl r8,4(r11) - - clrl r8 - - movzwl 10(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-60(fp) - bicl3 #-65536,r2,-64(fp) - mull3 r0,-60(fp),-52(fp) - mull2 r3,-60(fp) - mull3 r3,-64(fp),-56(fp) - mull2 r0,-64(fp) - addl3 -52(fp),-56(fp),r0 - bicl3 #0,r0,-52(fp) - cmpl -52(fp),-56(fp) - bgequ noname.57 - addl2 #65536,-64(fp) -noname.57: - movzwl -50(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-64(fp) - bicl3 #-65536,-52(fp),r0 - ashl #16,r0,-56(fp) - addl3 -56(fp),-60(fp),r0 - bicl3 #0,r0,-60(fp) - cmpl -60(fp),-56(fp) - bgequ noname.58 - incl -64(fp) -noname.58: - movl -60(fp),r1 - movl -64(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.59 - incl r2 -noname.59: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.60 - incl r8 -noname.60: - - movzwl 6(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-76(fp) - bicl3 #-65536,r2,-80(fp) - mull3 r0,-76(fp),-68(fp) - mull2 r3,-76(fp) - mull3 r3,-80(fp),-72(fp) - mull2 r0,-80(fp) - addl3 -68(fp),-72(fp),r0 - bicl3 #0,r0,-68(fp) - cmpl -68(fp),-72(fp) - bgequ noname.61 - addl2 #65536,-80(fp) -noname.61: - movzwl -66(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-80(fp) - bicl3 #-65536,-68(fp),r0 - ashl #16,r0,-72(fp) - addl3 -72(fp),-76(fp),r0 - bicl3 #0,r0,-76(fp) - cmpl -76(fp),-72(fp) - bgequ noname.62 - incl -80(fp) -noname.62: - movl -76(fp),r1 - movl -80(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.63 - incl r2 -noname.63: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.64 - incl r8 -noname.64: - - movzwl 2(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-92(fp) - bicl3 #-65536,r2,-96(fp) - mull3 r0,-92(fp),-84(fp) - mull2 r3,-92(fp) - mull3 r3,-96(fp),-88(fp) - mull2 r0,-96(fp) - addl3 -84(fp),-88(fp),r0 - bicl3 #0,r0,-84(fp) - cmpl -84(fp),-88(fp) - bgequ noname.65 - addl2 #65536,-96(fp) -noname.65: - movzwl -82(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-96(fp) - bicl3 #-65536,-84(fp),r0 - ashl #16,r0,-88(fp) - addl3 -88(fp),-92(fp),r0 - bicl3 #0,r0,-92(fp) - cmpl -92(fp),-88(fp) - bgequ noname.66 - incl -96(fp) -noname.66: - movl -92(fp),r1 - movl -96(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.67 - incl r2 -noname.67: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.68 - incl r8 -noname.68: - - movl r10,8(r11) - - clrl r10 - - movzwl 2(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-108(fp) - bicl3 #-65536,r2,-112(fp) - mull3 r0,-108(fp),-100(fp) - mull2 r3,-108(fp) - mull3 r3,-112(fp),-104(fp) - mull2 r0,-112(fp) - addl3 -100(fp),-104(fp),r0 - bicl3 #0,r0,-100(fp) - cmpl -100(fp),-104(fp) - bgequ noname.69 - addl2 #65536,-112(fp) -noname.69: - movzwl -98(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-112(fp) - bicl3 #-65536,-100(fp),r0 - ashl #16,r0,-104(fp) - addl3 -104(fp),-108(fp),r0 - bicl3 #0,r0,-108(fp) - cmpl -108(fp),-104(fp) - bgequ noname.70 - incl -112(fp) -noname.70: - movl -108(fp),r1 - movl -112(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.71 - incl r2 -noname.71: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.72 - incl r10 -noname.72: - - movzwl 6(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-124(fp) - bicl3 #-65536,r2,-128(fp) - mull3 r0,-124(fp),-116(fp) - mull2 r3,-124(fp) - mull3 r3,-128(fp),-120(fp) - mull2 r0,-128(fp) - addl3 -116(fp),-120(fp),r0 - bicl3 #0,r0,-116(fp) - cmpl -116(fp),-120(fp) - bgequ noname.73 - addl2 #65536,-128(fp) -noname.73: - movzwl -114(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-128(fp) - bicl3 #-65536,-116(fp),r0 - ashl #16,r0,-120(fp) - addl3 -120(fp),-124(fp),r0 - bicl3 #0,r0,-124(fp) - cmpl -124(fp),-120(fp) - bgequ noname.74 - incl -128(fp) -noname.74: - movl -124(fp),r1 - movl -128(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.75 - incl r2 -noname.75: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.76 - incl r10 -noname.76: - - movzwl 10(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-140(fp) - bicl3 #-65536,r2,-144(fp) - mull3 r0,-140(fp),-132(fp) - mull2 r3,-140(fp) - mull3 r3,-144(fp),-136(fp) - mull2 r0,-144(fp) - addl3 -132(fp),-136(fp),r0 - bicl3 #0,r0,-132(fp) - cmpl -132(fp),-136(fp) - bgequ noname.77 - addl2 #65536,-144(fp) -noname.77: - movzwl -130(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-144(fp) - bicl3 #-65536,-132(fp),r0 - ashl #16,r0,-136(fp) - addl3 -136(fp),-140(fp),r0 - bicl3 #0,r0,-140(fp) - cmpl -140(fp),-136(fp) - bgequ noname.78 - incl -144(fp) -noname.78: - movl -140(fp),r1 - movl -144(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.79 - incl r2 -noname.79: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.80 - incl r10 -noname.80: - - movzwl 14(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-156(fp) - bicl3 #-65536,r2,-160(fp) - mull3 r0,-156(fp),-148(fp) - mull2 r3,-156(fp) - mull3 r3,-160(fp),-152(fp) - mull2 r0,-160(fp) - addl3 -148(fp),-152(fp),r0 - bicl3 #0,r0,-148(fp) - cmpl -148(fp),-152(fp) - bgequ noname.81 - addl2 #65536,-160(fp) -noname.81: - movzwl -146(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-160(fp) - bicl3 #-65536,-148(fp),r0 - ashl #16,r0,-152(fp) - addl3 -152(fp),-156(fp),r0 - bicl3 #0,r0,-156(fp) - cmpl -156(fp),-152(fp) - bgequ noname.82 - incl -160(fp) -noname.82: - movl -156(fp),r1 - movl -160(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.83 - incl r2 -noname.83: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.84 - incl r10 -noname.84: - - movl r9,12(r11) - - clrl r9 - - movzwl 18(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r6),-172(fp) - bicl3 #-65536,r2,-176(fp) - mull3 r0,-172(fp),-164(fp) - mull2 r3,-172(fp) - mull3 r3,-176(fp),-168(fp) - mull2 r0,-176(fp) - addl3 -164(fp),-168(fp),r0 - bicl3 #0,r0,-164(fp) - cmpl -164(fp),-168(fp) - bgequ noname.85 - addl2 #65536,-176(fp) -noname.85: - movzwl -162(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-176(fp) - bicl3 #-65536,-164(fp),r0 - ashl #16,r0,-168(fp) - addl3 -168(fp),-172(fp),r0 - bicl3 #0,r0,-172(fp) - cmpl -172(fp),-168(fp) - bgequ noname.86 - incl -176(fp) -noname.86: - movl -172(fp),r1 - movl -176(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.87 - incl r2 -noname.87: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.88 - incl r9 -noname.88: - - movzwl 14(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-188(fp) - bicl3 #-65536,r2,-192(fp) - mull3 r0,-188(fp),-180(fp) - mull2 r3,-188(fp) - mull3 r3,-192(fp),-184(fp) - mull2 r0,-192(fp) - addl3 -180(fp),-184(fp),r0 - bicl3 #0,r0,-180(fp) - cmpl -180(fp),-184(fp) - bgequ noname.89 - addl2 #65536,-192(fp) -noname.89: - movzwl -178(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-192(fp) - bicl3 #-65536,-180(fp),r0 - ashl #16,r0,-184(fp) - addl3 -184(fp),-188(fp),r0 - bicl3 #0,r0,-188(fp) - cmpl -188(fp),-184(fp) - bgequ noname.90 - incl -192(fp) -noname.90: - movl -188(fp),r1 - movl -192(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.91 - incl r2 -noname.91: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.92 - incl r9 -noname.92: - - movzwl 10(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-204(fp) - bicl3 #-65536,r2,-208(fp) - mull3 r0,-204(fp),-196(fp) - mull2 r3,-204(fp) - mull3 r3,-208(fp),-200(fp) - mull2 r0,-208(fp) - addl3 -196(fp),-200(fp),r0 - bicl3 #0,r0,-196(fp) - cmpl -196(fp),-200(fp) - bgequ noname.93 - addl2 #65536,-208(fp) -noname.93: - movzwl -194(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-208(fp) - bicl3 #-65536,-196(fp),r0 - ashl #16,r0,-200(fp) - addl3 -200(fp),-204(fp),r0 - bicl3 #0,r0,-204(fp) - cmpl -204(fp),-200(fp) - bgequ noname.94 - incl -208(fp) -noname.94: - movl -204(fp),r1 - movl -208(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.95 - incl r2 -noname.95: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.96 - incl r9 -noname.96: - - movzwl 6(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-220(fp) - bicl3 #-65536,r2,-224(fp) - mull3 r0,-220(fp),-212(fp) - mull2 r3,-220(fp) - mull3 r3,-224(fp),-216(fp) - mull2 r0,-224(fp) - addl3 -212(fp),-216(fp),r0 - bicl3 #0,r0,-212(fp) - cmpl -212(fp),-216(fp) - bgequ noname.97 - addl2 #65536,-224(fp) -noname.97: - movzwl -210(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-224(fp) - bicl3 #-65536,-212(fp),r0 - ashl #16,r0,-216(fp) - addl3 -216(fp),-220(fp),r0 - bicl3 #0,r0,-220(fp) - cmpl -220(fp),-216(fp) - bgequ noname.98 - incl -224(fp) -noname.98: - movl -220(fp),r1 - movl -224(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.99 - incl r2 -noname.99: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.100 - incl r9 -noname.100: - - movzwl 2(r6),r2 - bicl3 #-65536,16(r7),r3 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-236(fp) - bicl3 #-65536,r2,-240(fp) - mull3 r0,-236(fp),-228(fp) - mull2 r3,-236(fp) - mull3 r3,-240(fp),-232(fp) - mull2 r0,-240(fp) - addl3 -228(fp),-232(fp),r0 - bicl3 #0,r0,-228(fp) - cmpl -228(fp),-232(fp) - bgequ noname.101 - addl2 #65536,-240(fp) -noname.101: - movzwl -226(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-240(fp) - bicl3 #-65536,-228(fp),r0 - ashl #16,r0,-232(fp) - addl3 -232(fp),-236(fp),r0 - bicl3 #0,r0,-236(fp) - cmpl -236(fp),-232(fp) - bgequ noname.102 - incl -240(fp) -noname.102: - movl -236(fp),r1 - movl -240(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.103 - incl r2 -noname.103: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.104 - incl r9 -noname.104: - - movl r8,16(r11) - - clrl r8 - - movzwl 2(r6),r2 - bicl3 #-65536,20(r7),r3 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-252(fp) - bicl3 #-65536,r2,-256(fp) - mull3 r0,-252(fp),-244(fp) - mull2 r3,-252(fp) - mull3 r3,-256(fp),-248(fp) - mull2 r0,-256(fp) - addl3 -244(fp),-248(fp),r0 - bicl3 #0,r0,-244(fp) - cmpl -244(fp),-248(fp) - bgequ noname.105 - addl2 #65536,-256(fp) -noname.105: - movzwl -242(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-256(fp) - bicl3 #-65536,-244(fp),r0 - ashl #16,r0,-248(fp) - addl3 -248(fp),-252(fp),r0 - bicl3 #0,r0,-252(fp) - cmpl -252(fp),-248(fp) - bgequ noname.106 - incl -256(fp) -noname.106: - movl -252(fp),r1 - movl -256(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.107 - incl r2 -noname.107: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.108 - incl r8 -noname.108: - - movzwl 6(r6),r2 - bicl3 #-65536,16(r7),r3 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-268(fp) - bicl3 #-65536,r2,-272(fp) - mull3 r0,-268(fp),-260(fp) - mull2 r3,-268(fp) - mull3 r3,-272(fp),-264(fp) - mull2 r0,-272(fp) - addl3 -260(fp),-264(fp),r0 - bicl3 #0,r0,-260(fp) - cmpl -260(fp),-264(fp) - bgequ noname.109 - addl2 #65536,-272(fp) -noname.109: - movzwl -258(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-272(fp) - bicl3 #-65536,-260(fp),r0 - ashl #16,r0,-264(fp) - addl3 -264(fp),-268(fp),r0 - bicl3 #0,r0,-268(fp) - cmpl -268(fp),-264(fp) - bgequ noname.110 - incl -272(fp) -noname.110: - movl -268(fp),r1 - movl -272(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.111 - incl r2 -noname.111: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.112 - incl r8 -noname.112: - - movzwl 10(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-284(fp) - bicl3 #-65536,r2,-288(fp) - mull3 r0,-284(fp),-276(fp) - mull2 r3,-284(fp) - mull3 r3,-288(fp),-280(fp) - mull2 r0,-288(fp) - addl3 -276(fp),-280(fp),r0 - bicl3 #0,r0,-276(fp) - cmpl -276(fp),-280(fp) - bgequ noname.113 - addl2 #65536,-288(fp) -noname.113: - movzwl -274(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-288(fp) - bicl3 #-65536,-276(fp),r0 - ashl #16,r0,-280(fp) - addl3 -280(fp),-284(fp),r0 - bicl3 #0,r0,-284(fp) - cmpl -284(fp),-280(fp) - bgequ noname.114 - incl -288(fp) -noname.114: - movl -284(fp),r1 - movl -288(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.115 - incl r2 -noname.115: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.116 - incl r8 -noname.116: - - movzwl 14(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-300(fp) - bicl3 #-65536,r2,-304(fp) - mull3 r0,-300(fp),-292(fp) - mull2 r3,-300(fp) - mull3 r3,-304(fp),-296(fp) - mull2 r0,-304(fp) - addl3 -292(fp),-296(fp),r0 - bicl3 #0,r0,-292(fp) - cmpl -292(fp),-296(fp) - bgequ noname.117 - addl2 #65536,-304(fp) -noname.117: - movzwl -290(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-304(fp) - bicl3 #-65536,-292(fp),r0 - ashl #16,r0,-296(fp) - addl3 -296(fp),-300(fp),r0 - bicl3 #0,r0,-300(fp) - cmpl -300(fp),-296(fp) - bgequ noname.118 - incl -304(fp) -noname.118: - movl -300(fp),r1 - movl -304(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.119 - incl r2 -noname.119: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.120 - incl r8 -noname.120: - - movzwl 18(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r6),-316(fp) - bicl3 #-65536,r2,-320(fp) - mull3 r0,-316(fp),-308(fp) - mull2 r3,-316(fp) - mull3 r3,-320(fp),-312(fp) - mull2 r0,-320(fp) - addl3 -308(fp),-312(fp),r0 - bicl3 #0,r0,-308(fp) - cmpl -308(fp),-312(fp) - bgequ noname.121 - addl2 #65536,-320(fp) -noname.121: - movzwl -306(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-320(fp) - bicl3 #-65536,-308(fp),r0 - ashl #16,r0,-312(fp) - addl3 -312(fp),-316(fp),r0 - bicl3 #0,r0,-316(fp) - cmpl -316(fp),-312(fp) - bgequ noname.122 - incl -320(fp) -noname.122: - movl -316(fp),r1 - movl -320(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.123 - incl r2 - -noname.123: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.124 - incl r8 -noname.124: - - movzwl 22(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,20(r6),-332(fp) - bicl3 #-65536,r2,-336(fp) - mull3 r0,-332(fp),-324(fp) - mull2 r3,-332(fp) - mull3 r3,-336(fp),-328(fp) - mull2 r0,-336(fp) - addl3 -324(fp),-328(fp),r0 - bicl3 #0,r0,-324(fp) - cmpl -324(fp),-328(fp) - bgequ noname.125 - addl2 #65536,-336(fp) -noname.125: - movzwl -322(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-336(fp) - bicl3 #-65536,-324(fp),r0 - ashl #16,r0,-328(fp) - addl3 -328(fp),-332(fp),r0 - bicl3 #0,r0,-332(fp) - cmpl -332(fp),-328(fp) - bgequ noname.126 - incl -336(fp) -noname.126: - movl -332(fp),r1 - movl -336(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.127 - incl r2 -noname.127: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.128 - incl r8 -noname.128: - - movl r10,20(r11) - - clrl r10 - - movzwl 26(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,24(r6),-348(fp) - bicl3 #-65536,r2,-352(fp) - mull3 r0,-348(fp),-340(fp) - mull2 r3,-348(fp) - mull3 r3,-352(fp),-344(fp) - mull2 r0,-352(fp) - addl3 -340(fp),-344(fp),r0 - bicl3 #0,r0,-340(fp) - cmpl -340(fp),-344(fp) - bgequ noname.129 - addl2 #65536,-352(fp) -noname.129: - movzwl -338(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-352(fp) - bicl3 #-65536,-340(fp),r0 - ashl #16,r0,-344(fp) - addl3 -344(fp),-348(fp),r0 - bicl3 #0,r0,-348(fp) - cmpl -348(fp),-344(fp) - bgequ noname.130 - incl -352(fp) -noname.130: - movl -348(fp),r1 - movl -352(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.131 - incl r2 -noname.131: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.132 - incl r10 -noname.132: - - movzwl 22(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,20(r6),-364(fp) - bicl3 #-65536,r2,-368(fp) - mull3 r0,-364(fp),-356(fp) - mull2 r3,-364(fp) - mull3 r3,-368(fp),-360(fp) - mull2 r0,-368(fp) - addl3 -356(fp),-360(fp),r0 - bicl3 #0,r0,-356(fp) - cmpl -356(fp),-360(fp) - bgequ noname.133 - addl2 #65536,-368(fp) -noname.133: - movzwl -354(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-368(fp) - bicl3 #-65536,-356(fp),r0 - ashl #16,r0,-360(fp) - addl3 -360(fp),-364(fp),r0 - bicl3 #0,r0,-364(fp) - cmpl -364(fp),-360(fp) - bgequ noname.134 - incl -368(fp) -noname.134: - movl -364(fp),r1 - movl -368(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.135 - incl r2 -noname.135: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.136 - incl r10 -noname.136: - - movzwl 18(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r6),-380(fp) - bicl3 #-65536,r2,-384(fp) - mull3 r0,-380(fp),-372(fp) - mull2 r3,-380(fp) - mull3 r3,-384(fp),-376(fp) - mull2 r0,-384(fp) - addl3 -372(fp),-376(fp),r0 - bicl3 #0,r0,-372(fp) - cmpl -372(fp),-376(fp) - bgequ noname.137 - addl2 #65536,-384(fp) -noname.137: - movzwl -370(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-384(fp) - bicl3 #-65536,-372(fp),r0 - ashl #16,r0,-376(fp) - addl3 -376(fp),-380(fp),r0 - bicl3 #0,r0,-380(fp) - cmpl -380(fp),-376(fp) - bgequ noname.138 - incl -384(fp) -noname.138: - movl -380(fp),r1 - movl -384(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.139 - incl r2 -noname.139: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.140 - incl r10 -noname.140: - - movzwl 14(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-396(fp) - bicl3 #-65536,r2,-400(fp) - mull3 r0,-396(fp),-388(fp) - mull2 r3,-396(fp) - mull3 r3,-400(fp),-392(fp) - mull2 r0,-400(fp) - addl3 -388(fp),-392(fp),r0 - bicl3 #0,r0,-388(fp) - cmpl -388(fp),-392(fp) - bgequ noname.141 - addl2 #65536,-400(fp) -noname.141: - movzwl -386(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-400(fp) - bicl3 #-65536,-388(fp),r0 - ashl #16,r0,-392(fp) - addl3 -392(fp),-396(fp),r0 - bicl3 #0,r0,-396(fp) - cmpl -396(fp),-392(fp) - bgequ noname.142 - incl -400(fp) -noname.142: - movl -396(fp),r1 - movl -400(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.143 - incl r2 -noname.143: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.144 - incl r10 -noname.144: - - movzwl 10(r6),r2 - bicl3 #-65536,16(r7),r3 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-412(fp) - bicl3 #-65536,r2,-416(fp) - mull3 r0,-412(fp),-404(fp) - mull2 r3,-412(fp) - mull3 r3,-416(fp),-408(fp) - mull2 r0,-416(fp) - addl3 -404(fp),-408(fp),r0 - bicl3 #0,r0,-404(fp) - cmpl -404(fp),-408(fp) - bgequ noname.145 - addl2 #65536,-416(fp) -noname.145: - movzwl -402(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-416(fp) - bicl3 #-65536,-404(fp),r0 - ashl #16,r0,-408(fp) - addl3 -408(fp),-412(fp),r0 - bicl3 #0,r0,-412(fp) - cmpl -412(fp),-408(fp) - bgequ noname.146 - incl -416(fp) -noname.146: - movl -412(fp),r1 - movl -416(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.147 - incl r2 -noname.147: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.148 - incl r10 -noname.148: - - movzwl 6(r6),r2 - bicl3 #-65536,20(r7),r3 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-428(fp) - bicl3 #-65536,r2,-432(fp) - mull3 r0,-428(fp),-420(fp) - mull2 r3,-428(fp) - mull3 r3,-432(fp),-424(fp) - mull2 r0,-432(fp) - addl3 -420(fp),-424(fp),r0 - bicl3 #0,r0,-420(fp) - cmpl -420(fp),-424(fp) - bgequ noname.149 - addl2 #65536,-432(fp) -noname.149: - movzwl -418(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-432(fp) - bicl3 #-65536,-420(fp),r0 - ashl #16,r0,-424(fp) - addl3 -424(fp),-428(fp),r0 - bicl3 #0,r0,-428(fp) - cmpl -428(fp),-424(fp) - bgequ noname.150 - incl -432(fp) -noname.150: - movl -428(fp),r1 - movl -432(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.151 - incl r2 -noname.151: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.152 - incl r10 -noname.152: - - movzwl 2(r6),r2 - bicl3 #-65536,24(r7),r3 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-444(fp) - bicl3 #-65536,r2,-448(fp) - mull3 r0,-444(fp),-436(fp) - mull2 r3,-444(fp) - mull3 r3,-448(fp),-440(fp) - mull2 r0,-448(fp) - addl3 -436(fp),-440(fp),r0 - bicl3 #0,r0,-436(fp) - cmpl -436(fp),-440(fp) - bgequ noname.153 - addl2 #65536,-448(fp) -noname.153: - movzwl -434(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-448(fp) - bicl3 #-65536,-436(fp),r0 - ashl #16,r0,-440(fp) - addl3 -440(fp),-444(fp),r0 - bicl3 #0,r0,-444(fp) - cmpl -444(fp),-440(fp) - bgequ noname.154 - incl -448(fp) -noname.154: - movl -444(fp),r1 - movl -448(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.155 - incl r2 -noname.155: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.156 - incl r10 -noname.156: - - movl r9,24(r11) - - clrl r9 - - movzwl 2(r6),r2 - bicl3 #-65536,28(r7),r3 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-460(fp) - bicl3 #-65536,r2,-464(fp) - mull3 r0,-460(fp),-452(fp) - mull2 r3,-460(fp) - mull3 r3,-464(fp),-456(fp) - mull2 r0,-464(fp) - addl3 -452(fp),-456(fp),r0 - bicl3 #0,r0,-452(fp) - cmpl -452(fp),-456(fp) - bgequ noname.157 - addl2 #65536,-464(fp) -noname.157: - movzwl -450(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-464(fp) - bicl3 #-65536,-452(fp),r0 - ashl #16,r0,-456(fp) - addl3 -456(fp),-460(fp),r0 - bicl3 #0,r0,-460(fp) - cmpl -460(fp),-456(fp) - bgequ noname.158 - incl -464(fp) -noname.158: - movl -460(fp),r1 - movl -464(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.159 - incl r2 -noname.159: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.160 - incl r9 -noname.160: - - movzwl 6(r6),r2 - bicl3 #-65536,24(r7),r3 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-476(fp) - bicl3 #-65536,r2,-480(fp) - mull3 r0,-476(fp),-468(fp) - mull2 r3,-476(fp) - mull3 r3,-480(fp),-472(fp) - mull2 r0,-480(fp) - addl3 -468(fp),-472(fp),r0 - bicl3 #0,r0,-468(fp) - cmpl -468(fp),-472(fp) - bgequ noname.161 - addl2 #65536,-480(fp) -noname.161: - movzwl -466(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-480(fp) - bicl3 #-65536,-468(fp),r0 - ashl #16,r0,-472(fp) - addl3 -472(fp),-476(fp),r0 - bicl3 #0,r0,-476(fp) - cmpl -476(fp),-472(fp) - bgequ noname.162 - incl -480(fp) -noname.162: - movl -476(fp),r1 - movl -480(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.163 - incl r2 -noname.163: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.164 - incl r9 -noname.164: - - movzwl 10(r6),r2 - bicl3 #-65536,20(r7),r3 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-492(fp) - bicl3 #-65536,r2,-496(fp) - mull3 r0,-492(fp),-484(fp) - mull2 r3,-492(fp) - mull3 r3,-496(fp),-488(fp) - mull2 r0,-496(fp) - addl3 -484(fp),-488(fp),r0 - bicl3 #0,r0,-484(fp) - cmpl -484(fp),-488(fp) - bgequ noname.165 - addl2 #65536,-496(fp) -noname.165: - movzwl -482(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-496(fp) - bicl3 #-65536,-484(fp),r0 - ashl #16,r0,-488(fp) - addl3 -488(fp),-492(fp),r0 - bicl3 #0,r0,-492(fp) - cmpl -492(fp),-488(fp) - bgequ noname.166 - incl -496(fp) -noname.166: - movl -492(fp),r1 - movl -496(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.167 - incl r2 -noname.167: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.168 - incl r9 -noname.168: - - movzwl 14(r6),r2 - bicl3 #-65536,16(r7),r3 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-508(fp) - bicl3 #-65536,r2,-512(fp) - mull3 r0,-508(fp),-500(fp) - mull2 r3,-508(fp) - mull3 r3,-512(fp),-504(fp) - mull2 r0,-512(fp) - addl3 -500(fp),-504(fp),r0 - bicl3 #0,r0,-500(fp) - cmpl -500(fp),-504(fp) - bgequ noname.169 - addl2 #65536,-512(fp) -noname.169: - movzwl -498(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-512(fp) - bicl3 #-65536,-500(fp),r0 - ashl #16,r0,-504(fp) - addl3 -504(fp),-508(fp),r0 - bicl3 #0,r0,-508(fp) - cmpl -508(fp),-504(fp) - bgequ noname.170 - incl -512(fp) -noname.170: - movl -508(fp),r1 - movl -512(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.171 - incl r2 -noname.171: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.172 - incl r9 -noname.172: - - movzwl 18(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r6),-524(fp) - bicl3 #-65536,r2,-528(fp) - mull3 r0,-524(fp),-516(fp) - mull2 r3,-524(fp) - mull3 r3,-528(fp),-520(fp) - mull2 r0,-528(fp) - addl3 -516(fp),-520(fp),r0 - bicl3 #0,r0,-516(fp) - cmpl -516(fp),-520(fp) - bgequ noname.173 - addl2 #65536,-528(fp) -noname.173: - movzwl -514(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-528(fp) - bicl3 #-65536,-516(fp),r0 - ashl #16,r0,-520(fp) - addl3 -520(fp),-524(fp),r0 - bicl3 #0,r0,-524(fp) - cmpl -524(fp),-520(fp) - bgequ noname.174 - incl -528(fp) -noname.174: - movl -524(fp),r1 - movl -528(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.175 - incl r2 -noname.175: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.176 - incl r9 -noname.176: - - movzwl 22(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,20(r6),-540(fp) - bicl3 #-65536,r2,-544(fp) - mull3 r0,-540(fp),-532(fp) - mull2 r3,-540(fp) - mull3 r3,-544(fp),-536(fp) - mull2 r0,-544(fp) - addl3 -532(fp),-536(fp),r0 - bicl3 #0,r0,-532(fp) - cmpl -532(fp),-536(fp) - bgequ noname.177 - addl2 #65536,-544(fp) -noname.177: - movzwl -530(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-544(fp) - bicl3 #-65536,-532(fp),r0 - ashl #16,r0,-536(fp) - addl3 -536(fp),-540(fp),r0 - bicl3 #0,r0,-540(fp) - cmpl -540(fp),-536(fp) - bgequ noname.178 - incl -544(fp) -noname.178: - movl -540(fp),r1 - movl -544(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.179 - incl r2 -noname.179: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.180 - incl r9 -noname.180: - - movzwl 26(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,24(r6),-556(fp) - bicl3 #-65536,r2,-560(fp) - mull3 r0,-556(fp),-548(fp) - mull2 r3,-556(fp) - mull3 r3,-560(fp),-552(fp) - mull2 r0,-560(fp) - addl3 -548(fp),-552(fp),r0 - bicl3 #0,r0,-548(fp) - cmpl -548(fp),-552(fp) - bgequ noname.181 - addl2 #65536,-560(fp) -noname.181: - movzwl -546(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-560(fp) - bicl3 #-65536,-548(fp),r0 - ashl #16,r0,-552(fp) - addl3 -552(fp),-556(fp),r0 - bicl3 #0,r0,-556(fp) - cmpl -556(fp),-552(fp) - bgequ noname.182 - incl -560(fp) -noname.182: - movl -556(fp),r1 - movl -560(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.183 - incl r2 -noname.183: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.184 - incl r9 -noname.184: - - movzwl 30(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,28(r6),-572(fp) - bicl3 #-65536,r2,-576(fp) - mull3 r0,-572(fp),-564(fp) - mull2 r3,-572(fp) - mull3 r3,-576(fp),-568(fp) - mull2 r0,-576(fp) - addl3 -564(fp),-568(fp),r0 - bicl3 #0,r0,-564(fp) - cmpl -564(fp),-568(fp) - bgequ noname.185 - addl2 #65536,-576(fp) -noname.185: - movzwl -562(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-576(fp) - bicl3 #-65536,-564(fp),r0 - ashl #16,r0,-568(fp) - addl3 -568(fp),-572(fp),r0 - bicl3 #0,r0,-572(fp) - cmpl -572(fp),-568(fp) - bgequ noname.186 - incl -576(fp) -noname.186: - movl -572(fp),r1 - movl -576(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.187 - incl r2 -noname.187: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.188 - incl r9 -noname.188: - - movl r8,28(r11) - - clrl r8 - - movzwl 30(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,28(r6),-588(fp) - bicl3 #-65536,r2,-592(fp) - mull3 r0,-588(fp),-580(fp) - mull2 r3,-588(fp) - mull3 r3,-592(fp),-584(fp) - mull2 r0,-592(fp) - addl3 -580(fp),-584(fp),r0 - bicl3 #0,r0,-580(fp) - cmpl -580(fp),-584(fp) - bgequ noname.189 - addl2 #65536,-592(fp) -noname.189: - movzwl -578(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-592(fp) - bicl3 #-65536,-580(fp),r0 - ashl #16,r0,-584(fp) - addl3 -584(fp),-588(fp),r0 - bicl3 #0,r0,-588(fp) - cmpl -588(fp),-584(fp) - bgequ noname.190 - incl -592(fp) -noname.190: - movl -588(fp),r1 - movl -592(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.191 - incl r2 -noname.191: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.192 - incl r8 -noname.192: - - movzwl 26(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,24(r6),-604(fp) - bicl3 #-65536,r2,-608(fp) - mull3 r0,-604(fp),-596(fp) - mull2 r3,-604(fp) - mull3 r3,-608(fp),-600(fp) - mull2 r0,-608(fp) - addl3 -596(fp),-600(fp),r0 - bicl3 #0,r0,-596(fp) - cmpl -596(fp),-600(fp) - bgequ noname.193 - addl2 #65536,-608(fp) -noname.193: - movzwl -594(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-608(fp) - bicl3 #-65536,-596(fp),r0 - ashl #16,r0,-600(fp) - addl3 -600(fp),-604(fp),r0 - bicl3 #0,r0,-604(fp) - cmpl -604(fp),-600(fp) - bgequ noname.194 - incl -608(fp) -noname.194: - movl -604(fp),r1 - movl -608(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.195 - incl r2 -noname.195: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.196 - incl r8 -noname.196: - - movzwl 22(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,20(r6),-620(fp) - bicl3 #-65536,r2,-624(fp) - mull3 r0,-620(fp),-612(fp) - mull2 r3,-620(fp) - mull3 r3,-624(fp),-616(fp) - mull2 r0,-624(fp) - addl3 -612(fp),-616(fp),r0 - bicl3 #0,r0,-612(fp) - cmpl -612(fp),-616(fp) - bgequ noname.197 - addl2 #65536,-624(fp) -noname.197: - movzwl -610(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-624(fp) - bicl3 #-65536,-612(fp),r0 - ashl #16,r0,-616(fp) - addl3 -616(fp),-620(fp),r0 - bicl3 #0,r0,-620(fp) - cmpl -620(fp),-616(fp) - bgequ noname.198 - incl -624(fp) -noname.198: - movl -620(fp),r1 - movl -624(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.199 - incl r2 -noname.199: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.200 - incl r8 -noname.200: - - movzwl 18(r6),r2 - bicl3 #-65536,16(r7),r3 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r6),-636(fp) - bicl3 #-65536,r2,-640(fp) - mull3 r0,-636(fp),-628(fp) - mull2 r3,-636(fp) - mull3 r3,-640(fp),-632(fp) - mull2 r0,-640(fp) - addl3 -628(fp),-632(fp),r0 - bicl3 #0,r0,-628(fp) - cmpl -628(fp),-632(fp) - bgequ noname.201 - addl2 #65536,-640(fp) -noname.201: - movzwl -626(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-640(fp) - bicl3 #-65536,-628(fp),r0 - ashl #16,r0,-632(fp) - addl3 -632(fp),-636(fp),r0 - bicl3 #0,r0,-636(fp) - cmpl -636(fp),-632(fp) - bgequ noname.202 - incl -640(fp) -noname.202: - movl -636(fp),r1 - movl -640(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.203 - incl r2 -noname.203: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.204 - incl r8 -noname.204: - - movzwl 14(r6),r2 - bicl3 #-65536,20(r7),r3 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-652(fp) - bicl3 #-65536,r2,-656(fp) - mull3 r0,-652(fp),-644(fp) - mull2 r3,-652(fp) - mull3 r3,-656(fp),-648(fp) - mull2 r0,-656(fp) - addl3 -644(fp),-648(fp),r0 - bicl3 #0,r0,-644(fp) - cmpl -644(fp),-648(fp) - bgequ noname.205 - addl2 #65536,-656(fp) -noname.205: - movzwl -642(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-656(fp) - bicl3 #-65536,-644(fp),r0 - ashl #16,r0,-648(fp) - addl3 -648(fp),-652(fp),r0 - bicl3 #0,r0,-652(fp) - cmpl -652(fp),-648(fp) - bgequ noname.206 - incl -656(fp) -noname.206: - movl -652(fp),r1 - movl -656(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.207 - incl r2 -noname.207: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.208 - incl r8 -noname.208: - - movzwl 10(r6),r2 - bicl3 #-65536,24(r7),r3 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-668(fp) - bicl3 #-65536,r2,-672(fp) - mull3 r0,-668(fp),-660(fp) - mull2 r3,-668(fp) - mull3 r3,-672(fp),-664(fp) - mull2 r0,-672(fp) - addl3 -660(fp),-664(fp),r0 - bicl3 #0,r0,-660(fp) - cmpl -660(fp),-664(fp) - bgequ noname.209 - addl2 #65536,-672(fp) -noname.209: - movzwl -658(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-672(fp) - bicl3 #-65536,-660(fp),r0 - ashl #16,r0,-664(fp) - addl3 -664(fp),-668(fp),r0 - bicl3 #0,r0,-668(fp) - cmpl -668(fp),-664(fp) - bgequ noname.210 - incl -672(fp) -noname.210: - movl -668(fp),r1 - movl -672(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.211 - incl r2 -noname.211: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.212 - incl r8 -noname.212: - - movzwl 6(r6),r2 - bicl3 #-65536,28(r7),r3 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-684(fp) - bicl3 #-65536,r2,-688(fp) - mull3 r0,-684(fp),-676(fp) - mull2 r3,-684(fp) - mull3 r3,-688(fp),-680(fp) - mull2 r0,-688(fp) - addl3 -676(fp),-680(fp),r0 - bicl3 #0,r0,-676(fp) - cmpl -676(fp),-680(fp) - bgequ noname.213 - addl2 #65536,-688(fp) -noname.213: - movzwl -674(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-688(fp) - bicl3 #-65536,-676(fp),r0 - ashl #16,r0,-680(fp) - addl3 -680(fp),-684(fp),r0 - bicl3 #0,r0,-684(fp) - cmpl -684(fp),-680(fp) - bgequ noname.214 - incl -688(fp) -noname.214: - movl -684(fp),r1 - movl -688(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.215 - incl r2 -noname.215: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.216 - incl r8 -noname.216: - - movl r10,32(r11) - - clrl r10 - - movzwl 10(r6),r2 - bicl3 #-65536,28(r7),r3 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-700(fp) - bicl3 #-65536,r2,-704(fp) - mull3 r0,-700(fp),-692(fp) - mull2 r3,-700(fp) - mull3 r3,-704(fp),-696(fp) - mull2 r0,-704(fp) - addl3 -692(fp),-696(fp),r0 - bicl3 #0,r0,-692(fp) - cmpl -692(fp),-696(fp) - bgequ noname.217 - addl2 #65536,-704(fp) -noname.217: - movzwl -690(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-704(fp) - bicl3 #-65536,-692(fp),r0 - ashl #16,r0,-696(fp) - addl3 -696(fp),-700(fp),r0 - bicl3 #0,r0,-700(fp) - cmpl -700(fp),-696(fp) - bgequ noname.218 - incl -704(fp) -noname.218: - movl -700(fp),r1 - movl -704(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.219 - incl r2 -noname.219: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.220 - incl r10 -noname.220: - - movzwl 14(r6),r2 - bicl3 #-65536,24(r7),r3 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-716(fp) - bicl3 #-65536,r2,-720(fp) - mull3 r0,-716(fp),-708(fp) - mull2 r3,-716(fp) - mull3 r3,-720(fp),-712(fp) - mull2 r0,-720(fp) - addl3 -708(fp),-712(fp),r0 - bicl3 #0,r0,-708(fp) - cmpl -708(fp),-712(fp) - bgequ noname.221 - addl2 #65536,-720(fp) -noname.221: - movzwl -706(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-720(fp) - bicl3 #-65536,-708(fp),r0 - ashl #16,r0,-712(fp) - addl3 -712(fp),-716(fp),r0 - bicl3 #0,r0,-716(fp) - cmpl -716(fp),-712(fp) - bgequ noname.222 - incl -720(fp) -noname.222: - movl -716(fp),r1 - movl -720(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.223 - incl r2 -noname.223: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.224 - incl r10 -noname.224: - - movzwl 18(r6),r2 - bicl3 #-65536,20(r7),r3 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r6),-732(fp) - bicl3 #-65536,r2,-736(fp) - mull3 r0,-732(fp),-724(fp) - mull2 r3,-732(fp) - mull3 r3,-736(fp),-728(fp) - mull2 r0,-736(fp) - addl3 -724(fp),-728(fp),r0 - bicl3 #0,r0,-724(fp) - cmpl -724(fp),-728(fp) - bgequ noname.225 - addl2 #65536,-736(fp) -noname.225: - movzwl -722(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-736(fp) - bicl3 #-65536,-724(fp),r0 - ashl #16,r0,-728(fp) - addl3 -728(fp),-732(fp),r0 - bicl3 #0,r0,-732(fp) - cmpl -732(fp),-728(fp) - bgequ noname.226 - incl -736(fp) -noname.226: - movl -732(fp),r1 - movl -736(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.227 - incl r2 -noname.227: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.228 - incl r10 -noname.228: - - movzwl 22(r6),r2 - bicl3 #-65536,16(r7),r3 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,20(r6),-748(fp) - bicl3 #-65536,r2,-752(fp) - mull3 r0,-748(fp),-740(fp) - mull2 r3,-748(fp) - mull3 r3,-752(fp),-744(fp) - mull2 r0,-752(fp) - addl3 -740(fp),-744(fp),r0 - bicl3 #0,r0,-740(fp) - cmpl -740(fp),-744(fp) - bgequ noname.229 - addl2 #65536,-752(fp) -noname.229: - movzwl -738(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-752(fp) - bicl3 #-65536,-740(fp),r0 - ashl #16,r0,-744(fp) - addl3 -744(fp),-748(fp),r0 - bicl3 #0,r0,-748(fp) - cmpl -748(fp),-744(fp) - bgequ noname.230 - incl -752(fp) -noname.230: - movl -748(fp),r1 - movl -752(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.231 - incl r2 -noname.231: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.232 - incl r10 -noname.232: - - movzwl 26(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,24(r6),-764(fp) - bicl3 #-65536,r2,-768(fp) - mull3 r0,-764(fp),-756(fp) - mull2 r3,-764(fp) - mull3 r3,-768(fp),-760(fp) - mull2 r0,-768(fp) - addl3 -756(fp),-760(fp),r0 - bicl3 #0,r0,-756(fp) - cmpl -756(fp),-760(fp) - bgequ noname.233 - addl2 #65536,-768(fp) -noname.233: - movzwl -754(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-768(fp) - bicl3 #-65536,-756(fp),r0 - ashl #16,r0,-760(fp) - addl3 -760(fp),-764(fp),r0 - bicl3 #0,r0,-764(fp) - cmpl -764(fp),-760(fp) - bgequ noname.234 - incl -768(fp) -noname.234: - movl -764(fp),r1 - movl -768(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.235 - incl r2 -noname.235: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.236 - incl r10 -noname.236: - - bicl3 #-65536,28(r6),r3 - movzwl 30(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,8(r7),r2 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-772(fp) - mull2 r2,r5 - mull3 r2,r4,-776(fp) - mull2 r0,r4 - addl3 -772(fp),-776(fp),r0 - bicl3 #0,r0,-772(fp) - cmpl -772(fp),-776(fp) - bgequ noname.237 - addl2 #65536,r4 -noname.237: - movzwl -770(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-772(fp),r0 - ashl #16,r0,-776(fp) - addl2 -776(fp),r5 - bicl2 #0,r5 - cmpl r5,-776(fp) - bgequ noname.238 - incl r4 -noname.238: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.239 - incl r2 -noname.239: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.240 - incl r10 -noname.240: - - movl r9,36(r11) - - clrl r9 - - bicl3 #-65536,28(r6),r3 - movzwl 30(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r7),r2 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-780(fp) - mull2 r2,r5 - mull3 r2,r4,-784(fp) - mull2 r0,r4 - addl3 -780(fp),-784(fp),r0 - bicl3 #0,r0,-780(fp) - cmpl -780(fp),-784(fp) - bgequ noname.241 - addl2 #65536,r4 -noname.241: - movzwl -778(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-780(fp),r0 - ashl #16,r0,-784(fp) - addl2 -784(fp),r5 - bicl2 #0,r5 - cmpl r5,-784(fp) - bgequ noname.242 - incl r4 -noname.242: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.243 - incl r2 -noname.243: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.244 - incl r9 -noname.244: - - bicl3 #-65536,24(r6),r3 - movzwl 26(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r7),r2 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-788(fp) - mull2 r2,r5 - mull3 r2,r4,-792(fp) - mull2 r0,r4 - addl3 -788(fp),-792(fp),r0 - bicl3 #0,r0,-788(fp) - cmpl -788(fp),-792(fp) - bgequ noname.245 - addl2 #65536,r4 -noname.245: - movzwl -786(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-788(fp),r0 - ashl #16,r0,-792(fp) - addl2 -792(fp),r5 - bicl2 #0,r5 - cmpl r5,-792(fp) - bgequ noname.246 - incl r4 -noname.246: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.247 - incl r2 -noname.247: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.248 - incl r9 -noname.248: - - bicl3 #-65536,20(r6),r3 - movzwl 22(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r7),r2 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-796(fp) - mull2 r2,r5 - mull3 r2,r4,-800(fp) - mull2 r0,r4 - addl3 -796(fp),-800(fp),r0 - bicl3 #0,r0,-796(fp) - cmpl -796(fp),-800(fp) - bgequ noname.249 - addl2 #65536,r4 -noname.249: - movzwl -794(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-796(fp),r0 - ashl #16,r0,-800(fp) - addl2 -800(fp),r5 - bicl2 #0,r5 - cmpl r5,-800(fp) - bgequ noname.250 - incl r4 -noname.250: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.251 - incl r2 -noname.251: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.252 - incl r9 -noname.252: - - bicl3 #-65536,16(r6),r3 - movzwl 18(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,24(r7),r2 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-804(fp) - mull2 r2,r5 - mull3 r2,r4,-808(fp) - mull2 r0,r4 - addl3 -804(fp),-808(fp),r0 - bicl3 #0,r0,-804(fp) - cmpl -804(fp),-808(fp) - bgequ noname.253 - addl2 #65536,r4 -noname.253: - movzwl -802(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-804(fp),r0 - ashl #16,r0,-808(fp) - addl2 -808(fp),r5 - bicl2 #0,r5 - cmpl r5,-808(fp) - bgequ noname.254 - incl r4 -noname.254: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.255 - incl r2 -noname.255: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.256 - incl r9 -noname.256: - - bicl3 #-65536,12(r6),r3 - movzwl 14(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,28(r7),r2 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-812(fp) - mull2 r2,r5 - mull3 r2,r4,-816(fp) - mull2 r0,r4 - addl3 -812(fp),-816(fp),r0 - bicl3 #0,r0,-812(fp) - cmpl -812(fp),-816(fp) - bgequ noname.257 - addl2 #65536,r4 -noname.257: - movzwl -810(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-812(fp),r0 - ashl #16,r0,-816(fp) - addl2 -816(fp),r5 - bicl2 #0,r5 - cmpl r5,-816(fp) - bgequ noname.258 - incl r4 -noname.258: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.259 - incl r2 -noname.259: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.260 - incl r9 -noname.260: - - movl r8,40(r11) - - clrl r8 - - bicl3 #-65536,16(r6),r3 - movzwl 18(r6),r2 - bicl3 #-65536,28(r7),r1 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - movl r3,r4 - bicl3 #-65536,r2,-828(fp) - mull3 r0,r4,-820(fp) - mull2 r1,r4 - mull3 r1,-828(fp),-824(fp) - mull2 r0,-828(fp) - addl3 -820(fp),-824(fp),r0 - bicl3 #0,r0,-820(fp) - cmpl -820(fp),-824(fp) - bgequ noname.261 - addl2 #65536,-828(fp) -noname.261: - movzwl -818(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-828(fp) - bicl3 #-65536,-820(fp),r0 - ashl #16,r0,-824(fp) - addl2 -824(fp),r4 - bicl2 #0,r4 - cmpl r4,-824(fp) - bgequ noname.262 - incl -828(fp) -noname.262: - movl r4,r1 - movl -828(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.263 - incl r2 -noname.263: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.264 - incl r8 -noname.264: - - movzwl 22(r6),r2 - bicl3 #-65536,24(r7),r3 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,20(r6),-840(fp) - bicl3 #-65536,r2,-844(fp) - mull3 r0,-840(fp),-832(fp) - mull2 r3,-840(fp) - mull3 r3,-844(fp),-836(fp) - mull2 r0,-844(fp) - addl3 -832(fp),-836(fp),r0 - bicl3 #0,r0,-832(fp) - cmpl -832(fp),-836(fp) - bgequ noname.265 - addl2 #65536,-844(fp) -noname.265: - movzwl -830(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-844(fp) - bicl3 #-65536,-832(fp),r0 - ashl #16,r0,-836(fp) - addl3 -836(fp),-840(fp),r0 - bicl3 #0,r0,-840(fp) - cmpl -840(fp),-836(fp) - bgequ noname.266 - incl -844(fp) -noname.266: - movl -840(fp),r1 - movl -844(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.267 - incl r2 -noname.267: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.268 - incl r8 -noname.268: - - bicl3 #-65536,24(r6),r3 - movzwl 26(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r7),r2 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-848(fp) - mull2 r2,r5 - mull3 r2,r4,-852(fp) - mull2 r0,r4 - addl3 -848(fp),-852(fp),r0 - bicl3 #0,r0,-848(fp) - cmpl -848(fp),-852(fp) - bgequ noname.269 - addl2 #65536,r4 -noname.269: - movzwl -846(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-848(fp),r0 - ashl #16,r0,-852(fp) - addl2 -852(fp),r5 - bicl2 #0,r5 - cmpl r5,-852(fp) - bgequ noname.270 - incl r4 -noname.270: - movl r5,r1 - movl r4,r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.271 - incl r2 -noname.271: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.272 - incl r8 -noname.272: - - bicl3 #-65536,28(r6),r3 - movzwl 30(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r7),r2 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-856(fp) - mull2 r2,r5 - mull3 r2,r4,-860(fp) - mull2 r0,r4 - addl3 -856(fp),-860(fp),r0 - bicl3 #0,r0,-856(fp) - cmpl -856(fp),-860(fp) - bgequ noname.273 - addl2 #65536,r4 -noname.273: - movzwl -854(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-856(fp),r0 - ashl #16,r0,-860(fp) - addl2 -860(fp),r5 - bicl2 #0,r5 - cmpl r5,-860(fp) - bgequ noname.274 - incl r4 -noname.274: - movl r5,r1 - movl r4,r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.275 - incl r2 -noname.275: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.276 - incl r8 -noname.276: - - movl r10,44(r11) - - clrl r10 - - bicl3 #-65536,28(r6),r3 - movzwl 30(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r7),r2 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-864(fp) - mull2 r2,r5 - mull3 r2,r4,-868(fp) - mull2 r0,r4 - addl3 -864(fp),-868(fp),r0 - bicl3 #0,r0,-864(fp) - cmpl -864(fp),-868(fp) - bgequ noname.277 - addl2 #65536,r4 -noname.277: - movzwl -862(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-864(fp),r0 - ashl #16,r0,-868(fp) - addl2 -868(fp),r5 - bicl2 #0,r5 - cmpl r5,-868(fp) - bgequ noname.278 - incl r4 -noname.278: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.279 - incl r2 -noname.279: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.280 - incl r10 -noname.280: - - bicl3 #-65536,24(r6),r3 - movzwl 26(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,24(r7),r2 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-872(fp) - mull2 r2,r5 - mull3 r2,r4,-876(fp) - mull2 r0,r4 - addl3 -872(fp),-876(fp),r0 - bicl3 #0,r0,-872(fp) - cmpl -872(fp),-876(fp) - bgequ noname.281 - addl2 #65536,r4 -noname.281: - movzwl -870(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-872(fp),r0 - ashl #16,r0,-876(fp) - addl2 -876(fp),r5 - bicl2 #0,r5 - cmpl r5,-876(fp) - bgequ noname.282 - incl r4 -noname.282: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.283 - incl r2 -noname.283: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.284 - incl r10 -noname.284: - - bicl3 #-65536,20(r6),r3 - movzwl 22(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,28(r7),r2 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-880(fp) - mull2 r2,r5 - mull3 r2,r4,-884(fp) - mull2 r0,r4 - addl3 -880(fp),-884(fp),r0 - bicl3 #0,r0,-880(fp) - cmpl -880(fp),-884(fp) - bgequ noname.285 - addl2 #65536,r4 -noname.285: - movzwl -878(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-880(fp),r0 - ashl #16,r0,-884(fp) - addl2 -884(fp),r5 - bicl2 #0,r5 - cmpl r5,-884(fp) - bgequ noname.286 - incl r4 -noname.286: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.287 - incl r2 -noname.287: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.288 - incl r10 -noname.288: - - movl r9,48(r11) - - clrl r9 - - bicl3 #-65536,24(r6),r3 - movzwl 26(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,28(r7),r2 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-888(fp) - mull2 r2,r5 - mull3 r2,r4,-892(fp) - mull2 r0,r4 - addl3 -888(fp),-892(fp),r0 - bicl3 #0,r0,-888(fp) - cmpl -888(fp),-892(fp) - bgequ noname.289 - addl2 #65536,r4 -noname.289: - movzwl -886(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-888(fp),r0 - ashl #16,r0,-892(fp) - addl2 -892(fp),r5 - bicl2 #0,r5 - cmpl r5,-892(fp) - bgequ noname.290 - incl r4 -noname.290: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.291 - incl r2 -noname.291: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.292 - incl r9 -noname.292: - - movzwl 30(r6),r2 - bicl3 #-65536,24(r7),r3 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,28(r6),-904(fp) - bicl3 #-65536,r2,-908(fp) - mull3 r0,-904(fp),-896(fp) - mull2 r3,-904(fp) - mull3 r3,-908(fp),-900(fp) - mull2 r0,-908(fp) - addl3 -896(fp),-900(fp),r0 - bicl3 #0,r0,-896(fp) - cmpl -896(fp),-900(fp) - bgequ noname.293 - addl2 #65536,-908(fp) -noname.293: - movzwl -894(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-908(fp) - bicl3 #-65536,-896(fp),r0 - ashl #16,r0,-900(fp) - addl3 -900(fp),-904(fp),r0 - bicl3 #0,r0,-904(fp) - cmpl -904(fp),-900(fp) - bgequ noname.294 - incl -908(fp) -noname.294: - movl -904(fp),r1 - movl -908(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.295 - incl r2 -noname.295: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.296 - incl r9 -noname.296: - - movl r8,52(r11) - - clrl r8 - - movzwl 30(r6),r2 - bicl3 #-65536,28(r7),r3 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,28(r6),-920(fp) - bicl3 #-65536,r2,-924(fp) - mull3 r0,-920(fp),-912(fp) - mull2 r3,-920(fp) - mull3 r3,-924(fp),-916(fp) - mull2 r0,-924(fp) - addl3 -912(fp),-916(fp),r0 - bicl3 #0,r0,-912(fp) - cmpl -912(fp),-916(fp) - bgequ noname.297 - addl2 #65536,-924(fp) -noname.297: - movzwl -910(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-924(fp) - bicl3 #-65536,-912(fp),r0 - ashl #16,r0,-916(fp) - addl3 -916(fp),-920(fp),r0 - bicl3 #0,r0,-920(fp) - cmpl -920(fp),-916(fp) - bgequ noname.298 - incl -924(fp) -noname.298: - movl -920(fp),r1 - movl -924(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.299 - incl r2 -noname.299: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.300 - incl r8 -noname.300: - - movl r10,56(r11) - - movl r9,60(r11) - - ret - - - -;r=4 ;(AP) -;a=8 ;(AP) -;b=12 ;(AP) -;n=16 ;(AP) n by value (input) - - .psect code,nowrt - -.entry BN_MUL_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11> - movab -156(sp),sp - - clrq r9 - - clrl r8 - - movl 8(ap),r6 - bicl3 #-65536,(r6),r3 - movzwl 2(r6),r2 - bicl2 #-65536,r2 - movl 12(ap),r7 - bicl3 #-65536,(r7),r1 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r2,r4 - mull3 r0,r5,-4(fp) - mull2 r1,r5 - mull3 r1,r4,-8(fp) - mull2 r0,r4 - addl3 -4(fp),-8(fp),r0 - bicl3 #0,r0,-4(fp) - cmpl -4(fp),-8(fp) - bgequ noname.303 - addl2 #65536,r4 -noname.303: - movzwl -2(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-4(fp),r0 - ashl #16,r0,-8(fp) - addl2 -8(fp),r5 - bicl2 #0,r5 - cmpl r5,-8(fp) - bgequ noname.304 - incl r4 -noname.304: - movl r5,r1 - movl r4,r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.305 - incl r2 -noname.305: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.306 - incl r8 -noname.306: - - movl 4(ap),r11 - movl r10,(r11) - - clrl r10 - - bicl3 #-65536,(r6),r3 - movzwl 2(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r7),r2 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-12(fp) - mull2 r2,r5 - mull3 r2,r4,-16(fp) - mull2 r0,r4 - addl3 -12(fp),-16(fp),r0 - bicl3 #0,r0,-12(fp) - cmpl -12(fp),-16(fp) - bgequ noname.307 - addl2 #65536,r4 -noname.307: - movzwl -10(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-12(fp),r0 - ashl #16,r0,-16(fp) - addl2 -16(fp),r5 - bicl2 #0,r5 - cmpl r5,-16(fp) - bgequ noname.308 - incl r4 -noname.308: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.309 - incl r2 -noname.309: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.310 - incl r10 -noname.310: - - bicl3 #-65536,4(r6),r3 - movzwl 6(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,(r7),r2 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-20(fp) - mull2 r2,r5 - mull3 r2,r4,-24(fp) - mull2 r0,r4 - addl3 -20(fp),-24(fp),r0 - bicl3 #0,r0,-20(fp) - cmpl -20(fp),-24(fp) - bgequ noname.311 - addl2 #65536,r4 -noname.311: - movzwl -18(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-20(fp),r0 - ashl #16,r0,-24(fp) - addl2 -24(fp),r5 - bicl2 #0,r5 - cmpl r5,-24(fp) - bgequ noname.312 - incl r4 -noname.312: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.313 - incl r2 -noname.313: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.314 - incl r10 -noname.314: - - movl r9,4(r11) - - clrl r9 - - bicl3 #-65536,8(r6),r3 - movzwl 10(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,(r7),r2 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-28(fp) - mull2 r2,r5 - mull3 r2,r4,-32(fp) - mull2 r0,r4 - addl3 -28(fp),-32(fp),r0 - bicl3 #0,r0,-28(fp) - cmpl -28(fp),-32(fp) - bgequ noname.315 - addl2 #65536,r4 -noname.315: - movzwl -26(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-28(fp),r0 - ashl #16,r0,-32(fp) - addl2 -32(fp),r5 - bicl2 #0,r5 - cmpl r5,-32(fp) - bgequ noname.316 - incl r4 -noname.316: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.317 - incl r2 -noname.317: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.318 - incl r9 -noname.318: - - bicl3 #-65536,4(r6),r3 - movzwl 6(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r7),r2 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-36(fp) - mull2 r2,r5 - mull3 r2,r4,-40(fp) - mull2 r0,r4 - addl3 -36(fp),-40(fp),r0 - bicl3 #0,r0,-36(fp) - cmpl -36(fp),-40(fp) - bgequ noname.319 - addl2 #65536,r4 -noname.319: - movzwl -34(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-36(fp),r0 - ashl #16,r0,-40(fp) - addl2 -40(fp),r5 - bicl2 #0,r5 - cmpl r5,-40(fp) - bgequ noname.320 - incl r4 -noname.320: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.321 - incl r2 -noname.321: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.322 - incl r9 -noname.322: - - bicl3 #-65536,(r6),r3 - movzwl 2(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,8(r7),r2 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-44(fp) - mull2 r2,r5 - mull3 r2,r4,-48(fp) - mull2 r0,r4 - addl3 -44(fp),-48(fp),r0 - bicl3 #0,r0,-44(fp) - cmpl -44(fp),-48(fp) - bgequ noname.323 - addl2 #65536,r4 -noname.323: - movzwl -42(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-44(fp),r0 - ashl #16,r0,-48(fp) - addl2 -48(fp),r5 - bicl2 #0,r5 - cmpl r5,-48(fp) - bgequ noname.324 - incl r4 -noname.324: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.325 - incl r2 -noname.325: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.326 - incl r9 -noname.326: - - movl r8,8(r11) - - clrl r8 - - bicl3 #-65536,(r6),r3 - movzwl 2(r6),r2 - bicl3 #-65536,12(r7),r1 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - movl r3,r4 - bicl3 #-65536,r2,-60(fp) - mull3 r0,r4,-52(fp) - mull2 r1,r4 - mull3 r1,-60(fp),-56(fp) - mull2 r0,-60(fp) - addl3 -52(fp),-56(fp),r0 - bicl3 #0,r0,-52(fp) - cmpl -52(fp),-56(fp) - bgequ noname.327 - addl2 #65536,-60(fp) -noname.327: - movzwl -50(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-60(fp) - bicl3 #-65536,-52(fp),r0 - ashl #16,r0,-56(fp) - addl2 -56(fp),r4 - bicl2 #0,r4 - cmpl r4,-56(fp) - bgequ noname.328 - incl -60(fp) -noname.328: - movl r4,r1 - movl -60(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.329 - incl r2 -noname.329: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.330 - incl r8 -noname.330: - - movzwl 6(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-72(fp) - bicl3 #-65536,r2,-76(fp) - mull3 r0,-72(fp),-64(fp) - mull2 r3,-72(fp) - mull3 r3,-76(fp),-68(fp) - mull2 r0,-76(fp) - addl3 -64(fp),-68(fp),r0 - bicl3 #0,r0,-64(fp) - cmpl -64(fp),-68(fp) - bgequ noname.331 - addl2 #65536,-76(fp) -noname.331: - movzwl -62(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-76(fp) - bicl3 #-65536,-64(fp),r0 - ashl #16,r0,-68(fp) - addl3 -68(fp),-72(fp),r0 - bicl3 #0,r0,-72(fp) - cmpl -72(fp),-68(fp) - bgequ noname.332 - incl -76(fp) -noname.332: - movl -72(fp),r1 - movl -76(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.333 - incl r2 -noname.333: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.334 - incl r8 -noname.334: - - bicl3 #-65536,8(r6),r3 - movzwl 10(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r7),r2 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-80(fp) - mull2 r2,r5 - mull3 r2,r4,-84(fp) - mull2 r0,r4 - addl3 -80(fp),-84(fp),r0 - bicl3 #0,r0,-80(fp) - cmpl -80(fp),-84(fp) - bgequ noname.335 - addl2 #65536,r4 -noname.335: - movzwl -78(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-80(fp),r0 - ashl #16,r0,-84(fp) - addl2 -84(fp),r5 - bicl2 #0,r5 - cmpl r5,-84(fp) - bgequ noname.336 - incl r4 -noname.336: - movl r5,r1 - movl r4,r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.337 - incl r2 -noname.337: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.338 - incl r8 -noname.338: - - bicl3 #-65536,12(r6),r3 - movzwl 14(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,(r7),r2 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-88(fp) - mull2 r2,r5 - mull3 r2,r4,-92(fp) - mull2 r0,r4 - addl3 -88(fp),-92(fp),r0 - bicl3 #0,r0,-88(fp) - cmpl -88(fp),-92(fp) - bgequ noname.339 - addl2 #65536,r4 -noname.339: - movzwl -86(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-88(fp),r0 - ashl #16,r0,-92(fp) - addl2 -92(fp),r5 - bicl2 #0,r5 - cmpl r5,-92(fp) - bgequ noname.340 - incl r4 -noname.340: - movl r5,r1 - movl r4,r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.341 - incl r2 -noname.341: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.342 - incl r8 -noname.342: - - movl r10,12(r11) - - clrl r10 - - bicl3 #-65536,12(r6),r3 - movzwl 14(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r7),r2 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-96(fp) - mull2 r2,r5 - mull3 r2,r4,-100(fp) - mull2 r0,r4 - addl3 -96(fp),-100(fp),r0 - bicl3 #0,r0,-96(fp) - cmpl -96(fp),-100(fp) - bgequ noname.343 - addl2 #65536,r4 -noname.343: - movzwl -94(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-96(fp),r0 - ashl #16,r0,-100(fp) - addl2 -100(fp),r5 - bicl2 #0,r5 - cmpl r5,-100(fp) - bgequ noname.344 - incl r4 -noname.344: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.345 - incl r2 -noname.345: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.346 - incl r10 -noname.346: - - bicl3 #-65536,8(r6),r3 - movzwl 10(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,8(r7),r2 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-104(fp) - mull2 r2,r5 - mull3 r2,r4,-108(fp) - mull2 r0,r4 - addl3 -104(fp),-108(fp),r0 - bicl3 #0,r0,-104(fp) - cmpl -104(fp),-108(fp) - bgequ noname.347 - addl2 #65536,r4 -noname.347: - movzwl -102(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-104(fp),r0 - ashl #16,r0,-108(fp) - addl2 -108(fp),r5 - bicl2 #0,r5 - cmpl r5,-108(fp) - bgequ noname.348 - incl r4 -noname.348: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.349 - incl r2 -noname.349: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.350 - incl r10 -noname.350: - - bicl3 #-65536,4(r6),r3 - movzwl 6(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r7),r2 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-112(fp) - mull2 r2,r5 - mull3 r2,r4,-116(fp) - mull2 r0,r4 - addl3 -112(fp),-116(fp),r0 - bicl3 #0,r0,-112(fp) - cmpl -112(fp),-116(fp) - bgequ noname.351 - addl2 #65536,r4 -noname.351: - movzwl -110(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-112(fp),r0 - ashl #16,r0,-116(fp) - addl2 -116(fp),r5 - bicl2 #0,r5 - cmpl r5,-116(fp) - bgequ noname.352 - incl r4 -noname.352: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.353 - incl r2 -noname.353: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.354 - incl r10 -noname.354: - - movl r9,16(r11) - - clrl r9 - - bicl3 #-65536,8(r6),r3 - movzwl 10(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r7),r2 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-120(fp) - mull2 r2,r5 - mull3 r2,r4,-124(fp) - mull2 r0,r4 - addl3 -120(fp),-124(fp),r0 - bicl3 #0,r0,-120(fp) - cmpl -120(fp),-124(fp) - bgequ noname.355 - addl2 #65536,r4 -noname.355: - movzwl -118(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-120(fp),r0 - ashl #16,r0,-124(fp) - addl2 -124(fp),r5 - bicl2 #0,r5 - cmpl r5,-124(fp) - bgequ noname.356 - incl r4 -noname.356: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.357 - incl r2 -noname.357: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.358 - incl r9 -noname.358: - - movzwl 14(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-136(fp) - bicl3 #-65536,r2,-140(fp) - mull3 r0,-136(fp),-128(fp) - mull2 r3,-136(fp) - mull3 r3,-140(fp),-132(fp) - mull2 r0,-140(fp) - addl3 -128(fp),-132(fp),r0 - bicl3 #0,r0,-128(fp) - cmpl -128(fp),-132(fp) - bgequ noname.359 - addl2 #65536,-140(fp) -noname.359: - movzwl -126(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-140(fp) - bicl3 #-65536,-128(fp),r0 - ashl #16,r0,-132(fp) - addl3 -132(fp),-136(fp),r0 - bicl3 #0,r0,-136(fp) - cmpl -136(fp),-132(fp) - bgequ noname.360 - incl -140(fp) -noname.360: - movl -136(fp),r1 - movl -140(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.361 - incl r2 -noname.361: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.362 - incl r9 -noname.362: - - movl r8,20(r11) - - clrl r8 - - movzwl 14(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-152(fp) - bicl3 #-65536,r2,-156(fp) - mull3 r0,-152(fp),-144(fp) - mull2 r3,-152(fp) - mull3 r3,-156(fp),-148(fp) - mull2 r0,-156(fp) - addl3 -144(fp),-148(fp),r0 - bicl3 #0,r0,-144(fp) - cmpl -144(fp),-148(fp) - bgequ noname.363 - addl2 #65536,-156(fp) -noname.363: - movzwl -142(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-156(fp) - bicl3 #-65536,-144(fp),r0 - ashl #16,r0,-148(fp) - addl3 -148(fp),-152(fp),r0 - bicl3 #0,r0,-152(fp) - cmpl -152(fp),-148(fp) - bgequ noname.364 - incl -156(fp) -noname.364: - movl -152(fp),r1 - movl -156(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.365 - incl r2 -noname.365: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.366 - incl r8 -noname.366: - - movl r10,24(r11) - - movl r9,28(r11) - - ret - - - -;r=4 ;(AP) -;a=8 ;(AP) -;b=12 ;(AP) -;n=16 ;(AP) n by value (input) - - .psect code,nowrt - -.entry BN_SQR_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9> - movab -444(sp),sp - - clrq r8 - - clrl r7 - - movl 8(ap),r4 - movl (r4),r3 - bicl3 #-65536,r3,-4(fp) - extzv #16,#16,r3,r0 - bicl3 #-65536,r0,r3 - movl -4(fp),r0 - mull3 r0,r3,-8(fp) - mull3 r0,r0,-4(fp) - mull2 r3,r3 - bicl3 #32767,-8(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r3 - bicl3 #-65536,-8(fp),r0 - ashl #17,r0,-8(fp) - addl3 -4(fp),-8(fp),r0 - bicl3 #0,r0,-4(fp) - cmpl -4(fp),-8(fp) - bgequ noname.369 - incl r3 -noname.369: - movl -4(fp),r1 - movl r3,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.370 - incl r2 -noname.370: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.371 - incl r7 -noname.371: - - movl r9,@4(ap) - - clrl r9 - - movzwl 6(r4),r2 - bicl3 #-65536,(r4),r3 - movzwl 2(r4),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r4),-20(fp) - bicl3 #-65536,r2,-24(fp) - mull3 r0,-20(fp),-12(fp) - mull2 r3,-20(fp) - mull3 r3,-24(fp),-16(fp) - mull2 r0,-24(fp) - addl3 -12(fp),-16(fp),r0 - bicl3 #0,r0,-12(fp) - cmpl -12(fp),-16(fp) - bgequ noname.372 - addl2 #65536,-24(fp) -noname.372: - movzwl -10(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-24(fp) - bicl3 #-65536,-12(fp),r0 - ashl #16,r0,-16(fp) - addl3 -16(fp),-20(fp),r0 - bicl3 #0,r0,-20(fp) - cmpl -20(fp),-16(fp) - bgequ noname.373 - incl -24(fp) -noname.373: - movl -20(fp),r3 - movl -24(fp),r2 - bbc #31,r2,noname.374 - incl r9 -noname.374: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.375 - incl r2 -noname.375: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.376 - incl r2 - bicl3 #0,r2,r0 - bneq noname.376 - incl r9 -noname.376: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.377 - incl r9 -noname.377: - - movl 4(ap),r0 - movl r8,4(r0) - - clrl r8 - - movl 8(ap),r4 - movl 4(r4),r3 - bicl3 #-65536,r3,-28(fp) - extzv #16,#16,r3,r0 - bicl3 #-65536,r0,r3 - movl -28(fp),r0 - mull3 r0,r3,-32(fp) - mull3 r0,r0,-28(fp) - mull2 r3,r3 - bicl3 #32767,-32(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r3 - bicl3 #-65536,-32(fp),r0 - ashl #17,r0,-32(fp) - addl3 -28(fp),-32(fp),r0 - bicl3 #0,r0,-28(fp) - cmpl -28(fp),-32(fp) - bgequ noname.378 - incl r3 -noname.378: - movl -28(fp),r1 - movl r3,r2 - addl2 r1,r7 - bicl2 #0,r7 - cmpl r7,r1 - bgequ noname.379 - incl r2 -noname.379: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.380 - incl r8 -noname.380: - - movzwl 10(r4),r2 - bicl3 #-65536,(r4),r3 - movzwl 2(r4),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r4),-44(fp) - bicl3 #-65536,r2,-48(fp) - mull3 r0,-44(fp),-36(fp) - mull2 r3,-44(fp) - mull3 r3,-48(fp),-40(fp) - mull2 r0,-48(fp) - addl3 -36(fp),-40(fp),r0 - bicl3 #0,r0,-36(fp) - cmpl -36(fp),-40(fp) - bgequ noname.381 - addl2 #65536,-48(fp) -noname.381: - movzwl -34(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-48(fp) - bicl3 #-65536,-36(fp),r0 - ashl #16,r0,-40(fp) - addl3 -40(fp),-44(fp),r0 - bicl3 #0,r0,-44(fp) - cmpl -44(fp),-40(fp) - bgequ noname.382 - incl -48(fp) -noname.382: - movl -44(fp),r3 - movl -48(fp),r2 - bbc #31,r2,noname.383 - incl r8 -noname.383: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.384 - incl r2 -noname.384: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.385 - incl r2 - bicl3 #0,r2,r0 - bneq noname.385 - incl r8 -noname.385: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.386 - incl r8 -noname.386: - - movl 4(ap),r0 - movl r7,8(r0) - - clrl r7 - - movl 8(ap),r0 - movzwl 14(r0),r2 - bicl3 #-65536,(r0),r3 - movzwl 2(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r0),-60(fp) - bicl3 #-65536,r2,-64(fp) - mull3 r1,-60(fp),-52(fp) - mull2 r3,-60(fp) - mull3 r3,-64(fp),-56(fp) - mull2 r1,-64(fp) - addl3 -52(fp),-56(fp),r0 - bicl3 #0,r0,-52(fp) - cmpl -52(fp),-56(fp) - bgequ noname.387 - addl2 #65536,-64(fp) -noname.387: - movzwl -50(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-64(fp) - bicl3 #-65536,-52(fp),r0 - ashl #16,r0,-56(fp) - addl3 -56(fp),-60(fp),r0 - bicl3 #0,r0,-60(fp) - cmpl -60(fp),-56(fp) - bgequ noname.388 - incl -64(fp) -noname.388: - movl -60(fp),r3 - movl -64(fp),r2 - bbc #31,r2,noname.389 - incl r7 -noname.389: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.390 - incl r2 -noname.390: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.391 - incl r2 - bicl3 #0,r2,r0 - bneq noname.391 - incl r7 -noname.391: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.392 - incl r7 -noname.392: - - movl 8(ap),r0 - movzwl 10(r0),r2 - bicl3 #-65536,4(r0),r3 - movzwl 6(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,8(r0),-76(fp) - bicl3 #-65536,r2,-80(fp) - mull3 r1,-76(fp),-68(fp) - mull2 r3,-76(fp) - mull3 r3,-80(fp),-72(fp) - mull2 r1,-80(fp) - addl3 -68(fp),-72(fp),r0 - bicl3 #0,r0,-68(fp) - cmpl -68(fp),-72(fp) - bgequ noname.393 - addl2 #65536,-80(fp) -noname.393: - movzwl -66(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-80(fp) - bicl3 #-65536,-68(fp),r0 - ashl #16,r0,-72(fp) - addl3 -72(fp),-76(fp),r0 - bicl3 #0,r0,-76(fp) - cmpl -76(fp),-72(fp) - bgequ noname.394 - incl -80(fp) -noname.394: - movl -76(fp),r3 - movl -80(fp),r2 - bbc #31,r2,noname.395 - incl r7 -noname.395: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.396 - incl r2 -noname.396: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.397 - incl r2 - bicl3 #0,r2,r0 - bneq noname.397 - incl r7 -noname.397: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.398 - incl r7 -noname.398: - - movl 4(ap),r0 - movl r9,12(r0) - - clrl r9 - - movl 8(ap),r2 - movl 8(r2),r4 - bicl3 #-65536,r4,-84(fp) - extzv #16,#16,r4,r0 - bicl3 #-65536,r0,r4 - movl -84(fp),r0 - mull3 r0,r4,-88(fp) - mull3 r0,r0,-84(fp) - mull2 r4,r4 - bicl3 #32767,-88(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r4 - bicl3 #-65536,-88(fp),r0 - ashl #17,r0,-88(fp) - addl3 -84(fp),-88(fp),r0 - bicl3 #0,r0,-84(fp) - cmpl -84(fp),-88(fp) - bgequ noname.399 - incl r4 -noname.399: - movl -84(fp),r1 - movl r4,r3 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.400 - incl r3 -noname.400: - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.401 - incl r9 -noname.401: - - movzwl 14(r2),r3 - bicl3 #-65536,4(r2),r1 - movzwl 6(r2),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r2),-100(fp) - bicl3 #-65536,r3,-104(fp) - mull3 r0,-100(fp),-92(fp) - mull2 r1,-100(fp) - mull3 r1,-104(fp),-96(fp) - mull2 r0,-104(fp) - addl3 -92(fp),-96(fp),r0 - bicl3 #0,r0,-92(fp) - cmpl -92(fp),-96(fp) - bgequ noname.402 - addl2 #65536,-104(fp) -noname.402: - movzwl -90(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-104(fp) - bicl3 #-65536,-92(fp),r0 - ashl #16,r0,-96(fp) - addl3 -96(fp),-100(fp),r0 - bicl3 #0,r0,-100(fp) - cmpl -100(fp),-96(fp) - bgequ noname.403 - incl -104(fp) -noname.403: - movl -100(fp),r3 - movl -104(fp),r2 - bbc #31,r2,noname.404 - incl r9 -noname.404: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.405 - incl r2 -noname.405: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.406 - incl r2 - bicl3 #0,r2,r0 - bneq noname.406 - incl r9 -noname.406: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.407 - incl r9 -noname.407: - - movl 8(ap),r0 - movzwl 18(r0),r2 - bicl3 #-65536,(r0),r3 - movzwl 2(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r0),-116(fp) - bicl3 #-65536,r2,-120(fp) - mull3 r1,-116(fp),-108(fp) - mull2 r3,-116(fp) - mull3 r3,-120(fp),-112(fp) - mull2 r1,-120(fp) - addl3 -108(fp),-112(fp),r0 - bicl3 #0,r0,-108(fp) - cmpl -108(fp),-112(fp) - bgequ noname.408 - addl2 #65536,-120(fp) -noname.408: - movzwl -106(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-120(fp) - bicl3 #-65536,-108(fp),r0 - ashl #16,r0,-112(fp) - addl3 -112(fp),-116(fp),r0 - bicl3 #0,r0,-116(fp) - cmpl -116(fp),-112(fp) - bgequ noname.409 - incl -120(fp) -noname.409: - movl -116(fp),r3 - movl -120(fp),r2 - bbc #31,r2,noname.410 - incl r9 -noname.410: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.411 - incl r2 -noname.411: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.412 - incl r2 - bicl3 #0,r2,r0 - bneq noname.412 - incl r9 -noname.412: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.413 - incl r9 -noname.413: - - movl 4(ap),r0 - movl r8,16(r0) - - clrl r8 - - movl 8(ap),r0 - movzwl 22(r0),r2 - bicl3 #-65536,(r0),r3 - movzwl 2(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r0),-132(fp) - bicl3 #-65536,r2,-136(fp) - mull3 r1,-132(fp),-124(fp) - mull2 r3,-132(fp) - mull3 r3,-136(fp),-128(fp) - mull2 r1,-136(fp) - addl3 -124(fp),-128(fp),r0 - bicl3 #0,r0,-124(fp) - cmpl -124(fp),-128(fp) - bgequ noname.414 - addl2 #65536,-136(fp) -noname.414: - movzwl -122(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-136(fp) - bicl3 #-65536,-124(fp),r0 - ashl #16,r0,-128(fp) - addl3 -128(fp),-132(fp),r0 - bicl3 #0,r0,-132(fp) - cmpl -132(fp),-128(fp) - bgequ noname.415 - incl -136(fp) -noname.415: - movl -132(fp),r3 - movl -136(fp),r2 - bbc #31,r2,noname.416 - incl r8 -noname.416: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.417 - incl r2 -noname.417: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.418 - incl r2 - bicl3 #0,r2,r0 - bneq noname.418 - incl r8 -noname.418: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.419 - incl r8 -noname.419: - - movl 8(ap),r0 - movzwl 18(r0),r2 - bicl3 #-65536,4(r0),r3 - movzwl 6(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r0),-148(fp) - bicl3 #-65536,r2,-152(fp) - mull3 r1,-148(fp),-140(fp) - mull2 r3,-148(fp) - mull3 r3,-152(fp),-144(fp) - mull2 r1,-152(fp) - addl3 -140(fp),-144(fp),r0 - bicl3 #0,r0,-140(fp) - cmpl -140(fp),-144(fp) - bgequ noname.420 - addl2 #65536,-152(fp) -noname.420: - movzwl -138(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-152(fp) - bicl3 #-65536,-140(fp),r0 - ashl #16,r0,-144(fp) - addl3 -144(fp),-148(fp),r0 - bicl3 #0,r0,-148(fp) - cmpl -148(fp),-144(fp) - bgequ noname.421 - incl -152(fp) -noname.421: - movl -148(fp),r3 - movl -152(fp),r2 - bbc #31,r2,noname.422 - incl r8 -noname.422: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.423 - incl r2 -noname.423: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.424 - incl r2 - bicl3 #0,r2,r0 - bneq noname.424 - incl r8 -noname.424: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.425 - incl r8 -noname.425: - - movl 8(ap),r0 - movzwl 14(r0),r2 - bicl3 #-65536,8(r0),r3 - movzwl 10(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r0),-164(fp) - bicl3 #-65536,r2,-168(fp) - mull3 r1,-164(fp),-156(fp) - mull2 r3,-164(fp) - mull3 r3,-168(fp),-160(fp) - mull2 r1,-168(fp) - addl3 -156(fp),-160(fp),r0 - bicl3 #0,r0,-156(fp) - cmpl -156(fp),-160(fp) - bgequ noname.426 - addl2 #65536,-168(fp) -noname.426: - movzwl -154(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-168(fp) - bicl3 #-65536,-156(fp),r0 - ashl #16,r0,-160(fp) - addl3 -160(fp),-164(fp),r0 - bicl3 #0,r0,-164(fp) - cmpl -164(fp),-160(fp) - bgequ noname.427 - incl -168(fp) -noname.427: - movl -164(fp),r3 - movl -168(fp),r2 - bbc #31,r2,noname.428 - incl r8 -noname.428: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.429 - incl r2 -noname.429: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.430 - incl r2 - bicl3 #0,r2,r0 - bneq noname.430 - incl r8 -noname.430: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.431 - incl r8 -noname.431: - - movl 4(ap),r0 - movl r7,20(r0) - - clrl r7 - - movl 8(ap),r2 - movl 12(r2),r4 - bicl3 #-65536,r4,-172(fp) - extzv #16,#16,r4,r0 - bicl3 #-65536,r0,r4 - movl -172(fp),r0 - mull3 r0,r4,-176(fp) - mull3 r0,r0,-172(fp) - mull2 r4,r4 - bicl3 #32767,-176(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r4 - bicl3 #-65536,-176(fp),r0 - ashl #17,r0,-176(fp) - addl3 -172(fp),-176(fp),r0 - bicl3 #0,r0,-172(fp) - cmpl -172(fp),-176(fp) - bgequ noname.432 - incl r4 -noname.432: - movl -172(fp),r1 - movl r4,r3 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.433 - incl r3 -noname.433: - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.434 - incl r7 -noname.434: - - movzwl 18(r2),r3 - bicl3 #-65536,8(r2),r1 - movzwl 10(r2),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r2),-188(fp) - bicl3 #-65536,r3,-192(fp) - mull3 r0,-188(fp),-180(fp) - mull2 r1,-188(fp) - mull3 r1,-192(fp),-184(fp) - mull2 r0,-192(fp) - addl3 -180(fp),-184(fp),r0 - bicl3 #0,r0,-180(fp) - cmpl -180(fp),-184(fp) - bgequ noname.435 - addl2 #65536,-192(fp) -noname.435: - movzwl -178(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-192(fp) - bicl3 #-65536,-180(fp),r0 - ashl #16,r0,-184(fp) - addl3 -184(fp),-188(fp),r0 - bicl3 #0,r0,-188(fp) - cmpl -188(fp),-184(fp) - bgequ noname.436 - incl -192(fp) -noname.436: - movl -188(fp),r3 - movl -192(fp),r2 - bbc #31,r2,noname.437 - incl r7 -noname.437: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.438 - incl r2 -noname.438: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.439 - incl r2 - bicl3 #0,r2,r0 - bneq noname.439 - incl r7 -noname.439: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.440 - incl r7 -noname.440: - - movl 8(ap),r0 - movzwl 22(r0),r2 - bicl3 #-65536,4(r0),r3 - movzwl 6(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r0),-204(fp) - bicl3 #-65536,r2,-208(fp) - mull3 r1,-204(fp),-196(fp) - mull2 r3,-204(fp) - mull3 r3,-208(fp),-200(fp) - mull2 r1,-208(fp) - addl3 -196(fp),-200(fp),r0 - bicl3 #0,r0,-196(fp) - cmpl -196(fp),-200(fp) - bgequ noname.441 - addl2 #65536,-208(fp) -noname.441: - movzwl -194(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-208(fp) - bicl3 #-65536,-196(fp),r0 - ashl #16,r0,-200(fp) - addl3 -200(fp),-204(fp),r0 - bicl3 #0,r0,-204(fp) - cmpl -204(fp),-200(fp) - bgequ noname.442 - incl -208(fp) -noname.442: - movl -204(fp),r3 - movl -208(fp),r2 - bbc #31,r2,noname.443 - incl r7 -noname.443: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.444 - incl r2 -noname.444: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.445 - incl r2 - bicl3 #0,r2,r0 - bneq noname.445 - incl r7 -noname.445: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.446 - incl r7 -noname.446: - - movl 8(ap),r0 - movzwl 26(r0),r2 - bicl3 #-65536,(r0),r3 - movzwl 2(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,24(r0),-220(fp) - bicl3 #-65536,r2,-224(fp) - mull3 r1,-220(fp),-212(fp) - mull2 r3,-220(fp) - mull3 r3,-224(fp),-216(fp) - mull2 r1,-224(fp) - addl3 -212(fp),-216(fp),r0 - bicl3 #0,r0,-212(fp) - cmpl -212(fp),-216(fp) - bgequ noname.447 - addl2 #65536,-224(fp) -noname.447: - movzwl -210(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-224(fp) - bicl3 #-65536,-212(fp),r0 - ashl #16,r0,-216(fp) - addl3 -216(fp),-220(fp),r0 - bicl3 #0,r0,-220(fp) - cmpl -220(fp),-216(fp) - bgequ noname.448 - incl -224(fp) -noname.448: - movl -220(fp),r3 - movl -224(fp),r2 - bbc #31,r2,noname.449 - incl r7 -noname.449: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.450 - incl r2 -noname.450: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.451 - incl r2 - bicl3 #0,r2,r0 - bneq noname.451 - incl r7 -noname.451: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.452 - incl r7 -noname.452: - - movl 4(ap),r0 - movl r9,24(r0) - - clrl r9 - - movl 8(ap),r0 - movzwl 30(r0),r2 - bicl3 #-65536,(r0),r3 - movzwl 2(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,28(r0),-236(fp) - bicl3 #-65536,r2,-240(fp) - mull3 r1,-236(fp),-228(fp) - mull2 r3,-236(fp) - mull3 r3,-240(fp),-232(fp) - mull2 r1,-240(fp) - addl3 -228(fp),-232(fp),r0 - bicl3 #0,r0,-228(fp) - cmpl -228(fp),-232(fp) - bgequ noname.453 - addl2 #65536,-240(fp) -noname.453: - movzwl -226(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-240(fp) - bicl3 #-65536,-228(fp),r0 - ashl #16,r0,-232(fp) - addl3 -232(fp),-236(fp),r0 - bicl3 #0,r0,-236(fp) - cmpl -236(fp),-232(fp) - bgequ noname.454 - incl -240(fp) -noname.454: - movl -236(fp),r3 - movl -240(fp),r2 - bbc #31,r2,noname.455 - incl r9 -noname.455: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.456 - incl r2 -noname.456: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.457 - incl r2 - bicl3 #0,r2,r0 - bneq noname.457 - incl r9 -noname.457: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.458 - incl r9 -noname.458: - - movl 8(ap),r0 - movzwl 26(r0),r2 - bicl3 #-65536,4(r0),r3 - movzwl 6(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,24(r0),-252(fp) - bicl3 #-65536,r2,-256(fp) - mull3 r1,-252(fp),-244(fp) - mull2 r3,-252(fp) - mull3 r3,-256(fp),-248(fp) - mull2 r1,-256(fp) - addl3 -244(fp),-248(fp),r0 - bicl3 #0,r0,-244(fp) - cmpl -244(fp),-248(fp) - bgequ noname.459 - addl2 #65536,-256(fp) -noname.459: - movzwl -242(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-256(fp) - bicl3 #-65536,-244(fp),r0 - ashl #16,r0,-248(fp) - addl3 -248(fp),-252(fp),r0 - bicl3 #0,r0,-252(fp) - cmpl -252(fp),-248(fp) - bgequ noname.460 - incl -256(fp) -noname.460: - movl -252(fp),r3 - movl -256(fp),r2 - bbc #31,r2,noname.461 - incl r9 -noname.461: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.462 - incl r2 -noname.462: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.463 - incl r2 - bicl3 #0,r2,r0 - bneq noname.463 - incl r9 -noname.463: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.464 - incl r9 -noname.464: - - movl 8(ap),r0 - movzwl 22(r0),r2 - bicl3 #-65536,8(r0),r3 - movzwl 10(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r0),-268(fp) - bicl3 #-65536,r2,-272(fp) - mull3 r1,-268(fp),-260(fp) - mull2 r3,-268(fp) - mull3 r3,-272(fp),-264(fp) - mull2 r1,-272(fp) - addl3 -260(fp),-264(fp),r0 - bicl3 #0,r0,-260(fp) - cmpl -260(fp),-264(fp) - bgequ noname.465 - addl2 #65536,-272(fp) -noname.465: - movzwl -258(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-272(fp) - bicl3 #-65536,-260(fp),r0 - ashl #16,r0,-264(fp) - addl3 -264(fp),-268(fp),r0 - bicl3 #0,r0,-268(fp) - cmpl -268(fp),-264(fp) - bgequ noname.466 - incl -272(fp) -noname.466: - movl -268(fp),r3 - movl -272(fp),r2 - bbc #31,r2,noname.467 - incl r9 -noname.467: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.468 - incl r2 -noname.468: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.469 - incl r2 - bicl3 #0,r2,r0 - bneq noname.469 - incl r9 -noname.469: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.470 - incl r9 -noname.470: - - movl 8(ap),r0 - movzwl 18(r0),r2 - bicl3 #-65536,12(r0),r3 - movzwl 14(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r0),-284(fp) - bicl3 #-65536,r2,-288(fp) - mull3 r1,-284(fp),-276(fp) - mull2 r3,-284(fp) - mull3 r3,-288(fp),-280(fp) - mull2 r1,-288(fp) - addl3 -276(fp),-280(fp),r0 - bicl3 #0,r0,-276(fp) - cmpl -276(fp),-280(fp) - bgequ noname.471 - addl2 #65536,-288(fp) -noname.471: - movzwl -274(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-288(fp) - bicl3 #-65536,-276(fp),r0 - ashl #16,r0,-280(fp) - addl3 -280(fp),-284(fp),r0 - bicl3 #0,r0,-284(fp) - cmpl -284(fp),-280(fp) - bgequ noname.472 - incl -288(fp) -noname.472: - movl -284(fp),r3 - movl -288(fp),r2 - bbc #31,r2,noname.473 - incl r9 -noname.473: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.474 - incl r2 -noname.474: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.475 - incl r2 - bicl3 #0,r2,r0 - bneq noname.475 - incl r9 -noname.475: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.476 - incl r9 -noname.476: - - movl 4(ap),r0 - movl r8,28(r0) - - clrl r8 - - movl 8(ap),r3 - movl 16(r3),r4 - bicl3 #-65536,r4,r5 - extzv #16,#16,r4,r0 - bicl3 #-65536,r0,r4 - mull3 r5,r4,-292(fp) - mull2 r5,r5 - mull2 r4,r4 - bicl3 #32767,-292(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r4 - bicl3 #-65536,-292(fp),r0 - ashl #17,r0,-292(fp) - addl2 -292(fp),r5 - bicl2 #0,r5 - cmpl r5,-292(fp) - bgequ noname.477 - incl r4 -noname.477: - movl r5,r1 - movl r4,r2 - addl2 r1,r7 - bicl2 #0,r7 - cmpl r7,r1 - bgequ noname.478 - incl r2 -noname.478: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.479 - incl r8 -noname.479: - - bicl3 #-65536,20(r3),r4 - movzwl 22(r3),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r3),r2 - movzwl 14(r3),r0 - bicl2 #-65536,r0 - movl r4,r6 - movl r1,r5 - mull3 r0,r6,-296(fp) - mull2 r2,r6 - mull3 r2,r5,-300(fp) - mull2 r0,r5 - addl3 -296(fp),-300(fp),r0 - bicl3 #0,r0,-296(fp) - cmpl -296(fp),-300(fp) - bgequ noname.480 - addl2 #65536,r5 -noname.480: - movzwl -294(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r5 - bicl3 #-65536,-296(fp),r0 - ashl #16,r0,-300(fp) - addl2 -300(fp),r6 - bicl2 #0,r6 - cmpl r6,-300(fp) - bgequ noname.481 - incl r5 -noname.481: - movl r6,r3 - movl r5,r2 - bbc #31,r2,noname.482 - incl r8 -noname.482: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.483 - incl r2 -noname.483: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.484 - incl r2 - bicl3 #0,r2,r0 - bneq noname.484 - incl r8 -noname.484: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.485 - incl r8 -noname.485: - - movl 8(ap),r0 - bicl3 #-65536,24(r0),r3 - movzwl 26(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,8(r0),r2 - movzwl 10(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-304(fp) - mull2 r2,r5 - mull3 r2,r4,-308(fp) - mull2 r0,r4 - addl3 -304(fp),-308(fp),r0 - bicl3 #0,r0,-304(fp) - cmpl -304(fp),-308(fp) - bgequ noname.486 - addl2 #65536,r4 -noname.486: - movzwl -302(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-304(fp),r0 - ashl #16,r0,-308(fp) - addl2 -308(fp),r5 - bicl2 #0,r5 - cmpl r5,-308(fp) - bgequ noname.487 - incl r4 -noname.487: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.488 - incl r8 -noname.488: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.489 - incl r2 -noname.489: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.490 - incl r2 - bicl3 #0,r2,r0 - bneq noname.490 - incl r8 -noname.490: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.491 - incl r8 -noname.491: - - movl 8(ap),r0 - bicl3 #-65536,28(r0),r3 - movzwl 30(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r0),r2 - movzwl 6(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-312(fp) - mull2 r2,r5 - mull3 r2,r4,-316(fp) - mull2 r0,r4 - addl3 -312(fp),-316(fp),r0 - bicl3 #0,r0,-312(fp) - cmpl -312(fp),-316(fp) - bgequ noname.492 - addl2 #65536,r4 -noname.492: - movzwl -310(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-312(fp),r0 - ashl #16,r0,-316(fp) - addl2 -316(fp),r5 - bicl2 #0,r5 - cmpl r5,-316(fp) - bgequ noname.493 - incl r4 -noname.493: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.494 - incl r8 -noname.494: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.495 - incl r2 -noname.495: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.496 - incl r2 - bicl3 #0,r2,r0 - bneq noname.496 - incl r8 -noname.496: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.497 - incl r8 -noname.497: - - movl 4(ap),r0 - movl r7,32(r0) - - clrl r7 - - movl 8(ap),r0 - bicl3 #-65536,28(r0),r3 - movzwl 30(r0),r2 - bicl3 #-65536,8(r0),r1 - movzwl 10(r0),r0 - bicl2 #-65536,r0 - movl r3,r4 - bicl3 #-65536,r2,-328(fp) - mull3 r0,r4,-320(fp) - mull2 r1,r4 - mull3 r1,-328(fp),-324(fp) - mull2 r0,-328(fp) - addl3 -320(fp),-324(fp),r0 - bicl3 #0,r0,-320(fp) - cmpl -320(fp),-324(fp) - bgequ noname.498 - addl2 #65536,-328(fp) -noname.498: - movzwl -318(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-328(fp) - bicl3 #-65536,-320(fp),r0 - ashl #16,r0,-324(fp) - addl2 -324(fp),r4 - bicl2 #0,r4 - cmpl r4,-324(fp) - bgequ noname.499 - incl -328(fp) -noname.499: - movl r4,r3 - movl -328(fp),r2 - bbc #31,r2,noname.500 - incl r7 -noname.500: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.501 - incl r2 -noname.501: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.502 - incl r2 - bicl3 #0,r2,r0 - bneq noname.502 - incl r7 -noname.502: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.503 - incl r7 -noname.503: - - movl 8(ap),r0 - movzwl 26(r0),r2 - bicl3 #-65536,12(r0),r3 - movzwl 14(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,24(r0),-340(fp) - bicl3 #-65536,r2,-344(fp) - mull3 r1,-340(fp),-332(fp) - mull2 r3,-340(fp) - mull3 r3,-344(fp),-336(fp) - mull2 r1,-344(fp) - addl3 -332(fp),-336(fp),r0 - bicl3 #0,r0,-332(fp) - cmpl -332(fp),-336(fp) - bgequ noname.504 - addl2 #65536,-344(fp) -noname.504: - movzwl -330(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-344(fp) - bicl3 #-65536,-332(fp),r0 - ashl #16,r0,-336(fp) - addl3 -336(fp),-340(fp),r0 - bicl3 #0,r0,-340(fp) - cmpl -340(fp),-336(fp) - bgequ noname.505 - incl -344(fp) -noname.505: - movl -340(fp),r3 - movl -344(fp),r2 - bbc #31,r2,noname.506 - incl r7 -noname.506: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.507 - incl r2 -noname.507: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.508 - incl r2 - bicl3 #0,r2,r0 - bneq noname.508 - incl r7 -noname.508: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.509 - incl r7 -noname.509: - - movl 8(ap),r0 - movzwl 22(r0),r2 - bicl3 #-65536,16(r0),r3 - movzwl 18(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r0),-356(fp) - bicl3 #-65536,r2,-360(fp) - mull3 r1,-356(fp),-348(fp) - mull2 r3,-356(fp) - mull3 r3,-360(fp),-352(fp) - mull2 r1,-360(fp) - addl3 -348(fp),-352(fp),r0 - bicl3 #0,r0,-348(fp) - cmpl -348(fp),-352(fp) - bgequ noname.510 - addl2 #65536,-360(fp) -noname.510: - movzwl -346(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-360(fp) - bicl3 #-65536,-348(fp),r0 - ashl #16,r0,-352(fp) - addl3 -352(fp),-356(fp),r0 - bicl3 #0,r0,-356(fp) - cmpl -356(fp),-352(fp) - bgequ noname.511 - incl -360(fp) -noname.511: - movl -356(fp),r3 - movl -360(fp),r2 - bbc #31,r2,noname.512 - incl r7 -noname.512: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.513 - incl r2 -noname.513: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.514 - incl r2 - bicl3 #0,r2,r0 - bneq noname.514 - incl r7 -noname.514: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.515 - incl r7 -noname.515: - - movl 4(ap),r0 - movl r9,36(r0) - - clrl r9 - - movl 8(ap),r3 - movl 20(r3),r4 - bicl3 #-65536,r4,-364(fp) - extzv #16,#16,r4,r0 - bicl3 #-65536,r0,r4 - movl -364(fp),r0 - mull3 r0,r4,-368(fp) - mull3 r0,r0,-364(fp) - mull2 r4,r4 - bicl3 #32767,-368(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r4 - bicl3 #-65536,-368(fp),r0 - ashl #17,r0,-368(fp) - addl3 -364(fp),-368(fp),r0 - bicl3 #0,r0,-364(fp) - cmpl -364(fp),-368(fp) - bgequ noname.516 - incl r4 -noname.516: - movl -364(fp),r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.517 - incl r2 -noname.517: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.518 - incl r9 -noname.518: - - bicl3 #-65536,24(r3),r4 - movzwl 26(r3),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r3),r2 - movzwl 18(r3),r0 - bicl2 #-65536,r0 - movl r4,r6 - movl r1,r5 - mull3 r0,r6,-372(fp) - mull2 r2,r6 - mull3 r2,r5,-376(fp) - mull2 r0,r5 - addl3 -372(fp),-376(fp),r0 - bicl3 #0,r0,-372(fp) - cmpl -372(fp),-376(fp) - bgequ noname.519 - addl2 #65536,r5 -noname.519: - movzwl -370(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r5 - bicl3 #-65536,-372(fp),r0 - ashl #16,r0,-376(fp) - addl2 -376(fp),r6 - bicl2 #0,r6 - cmpl r6,-376(fp) - bgequ noname.520 - incl r5 -noname.520: - movl r6,r3 - movl r5,r2 - bbc #31,r2,noname.521 - incl r9 -noname.521: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.522 - incl r2 -noname.522: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.523 - incl r2 - bicl3 #0,r2,r0 - bneq noname.523 - incl r9 -noname.523: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.524 - incl r9 -noname.524: - - movl 8(ap),r0 - bicl3 #-65536,28(r0),r3 - movzwl 30(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r0),r2 - movzwl 14(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-380(fp) - mull2 r2,r5 - mull3 r2,r4,-384(fp) - mull2 r0,r4 - addl3 -380(fp),-384(fp),r0 - bicl3 #0,r0,-380(fp) - cmpl -380(fp),-384(fp) - bgequ noname.525 - addl2 #65536,r4 -noname.525: - movzwl -378(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-380(fp),r0 - ashl #16,r0,-384(fp) - addl2 -384(fp),r5 - bicl2 #0,r5 - cmpl r5,-384(fp) - bgequ noname.526 - incl r4 -noname.526: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.527 - incl r9 -noname.527: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.528 - incl r2 -noname.528: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.529 - incl r2 - bicl3 #0,r2,r0 - bneq noname.529 - incl r9 -noname.529: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.530 - incl r9 -noname.530: - movl 4(ap),r0 - movl r8,40(r0) - - clrl r8 - - movl 8(ap),r0 - bicl3 #-65536,28(r0),r3 - movzwl 30(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r0),r2 - movzwl 18(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-388(fp) - mull2 r2,r5 - mull3 r2,r4,-392(fp) - mull2 r0,r4 - addl3 -388(fp),-392(fp),r0 - bicl3 #0,r0,-388(fp) - cmpl -388(fp),-392(fp) - bgequ noname.531 - addl2 #65536,r4 -noname.531: - movzwl -386(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-388(fp),r0 - ashl #16,r0,-392(fp) - addl2 -392(fp),r5 - bicl2 #0,r5 - cmpl r5,-392(fp) - bgequ noname.532 - incl r4 -noname.532: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.533 - incl r8 -noname.533: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.534 - incl r2 -noname.534: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.535 - incl r2 - bicl3 #0,r2,r0 - bneq noname.535 - incl r8 -noname.535: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.536 - incl r8 -noname.536: - - movl 8(ap),r0 - bicl3 #-65536,24(r0),r3 - movzwl 26(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r0),r2 - movzwl 22(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-396(fp) - mull2 r2,r5 - mull3 r2,r4,-400(fp) - mull2 r0,r4 - addl3 -396(fp),-400(fp),r0 - bicl3 #0,r0,-396(fp) - cmpl -396(fp),-400(fp) - bgequ noname.537 - addl2 #65536,r4 -noname.537: - movzwl -394(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-396(fp),r0 - ashl #16,r0,-400(fp) - addl2 -400(fp),r5 - bicl2 #0,r5 - cmpl r5,-400(fp) - bgequ noname.538 - incl r4 -noname.538: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.539 - incl r8 -noname.539: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.540 - incl r2 -noname.540: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.541 - incl r2 - bicl3 #0,r2,r0 - bneq noname.541 - incl r8 -noname.541: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.542 - incl r8 -noname.542: - - movl 4(ap),r0 - movl r7,44(r0) - - clrl r7 - - movl 8(ap),r3 - movl 24(r3),r4 - bicl3 #-65536,r4,r5 - extzv #16,#16,r4,r0 - bicl3 #-65536,r0,r4 - mull3 r5,r4,-404(fp) - mull2 r5,r5 - mull2 r4,r4 - bicl3 #32767,-404(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r4 - bicl3 #-65536,-404(fp),r0 - ashl #17,r0,-404(fp) - addl2 -404(fp),r5 - bicl2 #0,r5 - cmpl r5,-404(fp) - bgequ noname.543 - incl r4 -noname.543: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.544 - incl r2 -noname.544: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.545 - incl r7 -noname.545: - - movzwl 30(r3),r2 - bicl3 #-65536,20(r3),r1 - movzwl 22(r3),r0 - bicl2 #-65536,r0 - bicl3 #-65536,28(r3),-416(fp) - bicl3 #-65536,r2,-420(fp) - mull3 r0,-416(fp),-408(fp) - mull2 r1,-416(fp) - mull3 r1,-420(fp),-412(fp) - mull2 r0,-420(fp) - addl3 -408(fp),-412(fp),r0 - bicl3 #0,r0,-408(fp) - cmpl -408(fp),-412(fp) - bgequ noname.546 - addl2 #65536,-420(fp) -noname.546: - movzwl -406(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-420(fp) - bicl3 #-65536,-408(fp),r0 - ashl #16,r0,-412(fp) - addl3 -412(fp),-416(fp),r0 - bicl3 #0,r0,-416(fp) - cmpl -416(fp),-412(fp) - bgequ noname.547 - incl -420(fp) -noname.547: - movl -416(fp),r3 - movl -420(fp),r2 - bbc #31,r2,noname.548 - incl r7 -noname.548: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.549 - incl r2 -noname.549: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.550 - incl r2 - bicl3 #0,r2,r0 - bneq noname.550 - incl r7 -noname.550: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.551 - incl r7 -noname.551: - - movl 4(ap),r0 - movl r9,48(r0) - - clrl r9 - - movl 8(ap),r0 - movzwl 30(r0),r2 - bicl3 #-65536,24(r0),r3 - movzwl 26(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,28(r0),-432(fp) - bicl3 #-65536,r2,-436(fp) - mull3 r1,-432(fp),-424(fp) - mull2 r3,-432(fp) - mull3 r3,-436(fp),-428(fp) - mull2 r1,-436(fp) - addl3 -424(fp),-428(fp),r0 - bicl3 #0,r0,-424(fp) - cmpl -424(fp),-428(fp) - bgequ noname.552 - addl2 #65536,-436(fp) -noname.552: - movzwl -422(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-436(fp) - bicl3 #-65536,-424(fp),r0 - ashl #16,r0,-428(fp) - addl3 -428(fp),-432(fp),r0 - bicl3 #0,r0,-432(fp) - cmpl -432(fp),-428(fp) - bgequ noname.553 - incl -436(fp) -noname.553: - movl -432(fp),r3 - movl -436(fp),r2 - bbc #31,r2,noname.554 - incl r9 -noname.554: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.555 - incl r2 -noname.555: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.556 - incl r2 - bicl3 #0,r2,r0 - bneq noname.556 - incl r9 -noname.556: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.557 - incl r9 -noname.557: - - movl 4(ap),r4 - movl r8,52(r4) - - clrl r8 - - movl 8(ap),r0 - movl 28(r0),r3 - bicl3 #-65536,r3,-440(fp) - extzv #16,#16,r3,r0 - bicl3 #-65536,r0,r3 - movl -440(fp),r0 - mull3 r0,r3,-444(fp) - mull3 r0,r0,-440(fp) - mull2 r3,r3 - bicl3 #32767,-444(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r3 - bicl3 #-65536,-444(fp),r0 - ashl #17,r0,-444(fp) - addl3 -440(fp),-444(fp),r0 - bicl3 #0,r0,-440(fp) - cmpl -440(fp),-444(fp) - bgequ noname.558 - incl r3 -noname.558: - movl -440(fp),r1 - movl r3,r2 - addl2 r1,r7 - bicl2 #0,r7 - cmpl r7,r1 - bgequ noname.559 - incl r2 -noname.559: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.560 - incl r8 -noname.560: - - movl r7,56(r4) - - movl r9,60(r4) - - ret - - - -;r=4 ;(AP) -;a=8 ;(AP) -;b=12 ;(AP) -;n=16 ;(AP) n by value (input) - - .psect code,nowrt - -.entry BN_SQR_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10> - subl2 #44,sp - - clrq r8 - - clrl r10 - - movl 8(ap),r5 - movl (r5),r3 - bicl3 #-65536,r3,r4 - extzv #16,#16,r3,r0 - bicl3 #-65536,r0,r3 - mull3 r4,r3,-4(fp) - mull2 r4,r4 - mull2 r3,r3 - bicl3 #32767,-4(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r3 - bicl3 #-65536,-4(fp),r0 - ashl #17,r0,-4(fp) - addl2 -4(fp),r4 - bicl2 #0,r4 - cmpl r4,-4(fp) - bgequ noname.563 - incl r3 -noname.563: - movl r4,r1 - movl r3,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.564 - incl r2 -noname.564: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.565 - incl r10 -noname.565: - - movl r9,@4(ap) - - clrl r9 - - bicl3 #-65536,4(r5),r3 - movzwl 6(r5),r1 - bicl2 #-65536,r1 - bicl3 #-65536,(r5),r2 - movzwl 2(r5),r0 - bicl2 #-65536,r0 - movl r3,r6 - movl r1,r4 - mull3 r0,r6,-8(fp) - mull2 r2,r6 - mull2 r4,r2 - mull2 r0,r4 - addl3 -8(fp),r2,r0 - bicl3 #0,r0,-8(fp) - cmpl -8(fp),r2 - bgequ noname.566 - addl2 #65536,r4 -noname.566: - movzwl -6(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-8(fp),r0 - ashl #16,r0,r1 - addl2 r1,r6 - bicl2 #0,r6 - cmpl r6,r1 - bgequ noname.567 - incl r4 -noname.567: - movl r6,r3 - movl r4,r2 - bbc #31,r2,noname.568 - incl r9 -noname.568: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.569 - incl r2 -noname.569: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.570 - incl r2 - bicl3 #0,r2,r0 - bneq noname.570 - incl r9 -noname.570: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.571 - incl r9 -noname.571: - - movl 4(ap),r0 - movl r8,4(r0) - - clrl r8 - - movl 8(ap),r4 - movl 4(r4),r3 - bicl3 #-65536,r3,r5 - extzv #16,#16,r3,r0 - bicl3 #-65536,r0,r3 - mull3 r5,r3,r1 - mull2 r5,r5 - mull2 r3,r3 - bicl3 #32767,r1,r0 - extzv #15,#17,r0,r0 - addl2 r0,r3 - bicl2 #-65536,r1 - ashl #17,r1,r1 - addl2 r1,r5 - bicl2 #0,r5 - cmpl r5,r1 - bgequ noname.572 - incl r3 -noname.572: - movl r5,r1 - movl r3,r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.573 - incl r2 -noname.573: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.574 - incl r8 -noname.574: - - bicl3 #-65536,8(r4),r3 - movzwl 10(r4),r1 - bicl2 #-65536,r1 - bicl3 #-65536,(r4),r2 - movzwl 2(r4),r0 - bicl2 #-65536,r0 - movl r3,r6 - movl r1,r5 - mull3 r0,r6,r7 - mull2 r2,r6 - mull2 r5,r2 - mull2 r0,r5 - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.575 - addl2 #65536,r5 -noname.575: - extzv #16,#16,r7,r0 - bicl2 #-65536,r0 - addl2 r0,r5 - bicl3 #-65536,r7,r0 - ashl #16,r0,r1 - addl2 r1,r6 - bicl2 #0,r6 - cmpl r6,r1 - bgequ noname.576 - incl r5 -noname.576: - movl r6,r3 - movl r5,r2 - bbc #31,r2,noname.577 - incl r8 -noname.577: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.578 - incl r2 -noname.578: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r10 - bicl2 #0,r10 - cmpl r10,r3 - bgequ noname.579 - incl r2 - bicl3 #0,r2,r0 - bneq noname.579 - incl r8 -noname.579: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.580 - incl r8 -noname.580: - - movl 4(ap),r0 - movl r10,8(r0) - - clrl r10 - - movl 8(ap),r0 - bicl3 #-65536,12(r0),r3 - movzwl 14(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,(r0),r2 - movzwl 2(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,r6 - mull2 r2,r5 - mull3 r2,r4,-12(fp) - mull2 r0,r4 - addl2 -12(fp),r6 - bicl2 #0,r6 - cmpl r6,-12(fp) - bgequ noname.581 - addl2 #65536,r4 -noname.581: - extzv #16,#16,r6,r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,r6,r0 - ashl #16,r0,-12(fp) - addl2 -12(fp),r5 - bicl2 #0,r5 - cmpl r5,-12(fp) - bgequ noname.582 - incl r4 -noname.582: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.583 - incl r10 -noname.583: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.584 - incl r2 -noname.584: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.585 - incl r2 - bicl3 #0,r2,r0 - bneq noname.585 - incl r10 -noname.585: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.586 - incl r10 -noname.586: - - movl 8(ap),r0 - bicl3 #-65536,8(r0),r3 - movzwl 10(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r0),r2 - movzwl 6(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-16(fp) - mull2 r2,r5 - mull3 r2,r4,-20(fp) - mull2 r0,r4 - addl3 -16(fp),-20(fp),r0 - bicl3 #0,r0,-16(fp) - cmpl -16(fp),-20(fp) - bgequ noname.587 - addl2 #65536,r4 -noname.587: - movzwl -14(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-16(fp),r0 - ashl #16,r0,-20(fp) - addl2 -20(fp),r5 - bicl2 #0,r5 - cmpl r5,-20(fp) - bgequ noname.588 - incl r4 -noname.588: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.589 - incl r10 -noname.589: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.590 - incl r2 -noname.590: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.591 - incl r2 - bicl3 #0,r2,r0 - bneq noname.591 - incl r10 -noname.591: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.592 - incl r10 -noname.592: - movl 4(ap),r0 - movl r9,12(r0) - - clrl r9 - - movl 8(ap),r3 - movl 8(r3),r4 - bicl3 #-65536,r4,r5 - extzv #16,#16,r4,r0 - bicl3 #-65536,r0,r4 - mull3 r5,r4,-24(fp) - mull2 r5,r5 - mull2 r4,r4 - bicl3 #32767,-24(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r4 - bicl3 #-65536,-24(fp),r0 - ashl #17,r0,-24(fp) - addl2 -24(fp),r5 - bicl2 #0,r5 - cmpl r5,-24(fp) - bgequ noname.593 - incl r4 -noname.593: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.594 - incl r2 -noname.594: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.595 - incl r9 -noname.595: - - bicl3 #-65536,12(r3),r4 - movzwl 14(r3),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r3),r2 - movzwl 6(r3),r0 - bicl2 #-65536,r0 - movl r4,r6 - movl r1,r5 - mull3 r0,r6,-28(fp) - mull2 r2,r6 - mull3 r2,r5,-32(fp) - mull2 r0,r5 - addl3 -28(fp),-32(fp),r0 - bicl3 #0,r0,-28(fp) - cmpl -28(fp),-32(fp) - bgequ noname.596 - addl2 #65536,r5 -noname.596: - movzwl -26(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r5 - bicl3 #-65536,-28(fp),r0 - ashl #16,r0,-32(fp) - addl2 -32(fp),r6 - bicl2 #0,r6 - cmpl r6,-32(fp) - bgequ noname.597 - incl r5 -noname.597: - movl r6,r3 - movl r5,r2 - bbc #31,r2,noname.598 - incl r9 -noname.598: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.599 - incl r2 -noname.599: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.600 - incl r2 - bicl3 #0,r2,r0 - bneq noname.600 - incl r9 -noname.600: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.601 - incl r9 -noname.601: - - movl 4(ap),r0 - movl r8,16(r0) - - clrl r8 - - movl 8(ap),r0 - bicl3 #-65536,12(r0),r3 - movzwl 14(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,8(r0),r2 - movzwl 10(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-36(fp) - mull2 r2,r5 - mull3 r2,r4,-40(fp) - mull2 r0,r4 - addl3 -36(fp),-40(fp),r0 - bicl3 #0,r0,-36(fp) - cmpl -36(fp),-40(fp) - bgequ noname.602 - addl2 #65536,r4 -noname.602: - movzwl -34(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-36(fp),r0 - ashl #16,r0,-40(fp) - addl2 -40(fp),r5 - bicl2 #0,r5 - cmpl r5,-40(fp) - bgequ noname.603 - incl r4 -noname.603: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.604 - incl r8 -noname.604: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.605 - incl r2 -noname.605: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r10 - bicl2 #0,r10 - cmpl r10,r3 - bgequ noname.606 - incl r2 - bicl3 #0,r2,r0 - bneq noname.606 - incl r8 -noname.606: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.607 - incl r8 -noname.607: - - movl 4(ap),r4 - movl r10,20(r4) - - clrl r10 - - movl 8(ap),r0 - movl 12(r0),r3 - bicl3 #-65536,r3,r5 - extzv #16,#16,r3,r0 - bicl3 #-65536,r0,r3 - mull3 r5,r3,-44(fp) - mull2 r5,r5 - mull2 r3,r3 - bicl3 #32767,-44(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r3 - bicl3 #-65536,-44(fp),r0 - ashl #17,r0,-44(fp) - addl2 -44(fp),r5 - bicl2 #0,r5 - cmpl r5,-44(fp) - bgequ noname.608 - incl r3 -noname.608: - movl r5,r1 - movl r3,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.609 - incl r2 -noname.609: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.610 - incl r10 -noname.610: - - movl r9,24(r4) - - movl r8,28(r4) - - ret - -; For now, the code below doesn't work, so I end this prematurely. -.end diff --git a/thirdparty/openssl/crypto/bn/asm/x86/f b/thirdparty/openssl/crypto/bn/asm/x86/f deleted file mode 100644 index 22e4112224..0000000000 --- a/thirdparty/openssl/crypto/bn/asm/x86/f +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/local/bin/perl -# x86 assember - diff --git a/thirdparty/openssl/crypto/bn/asm/x86_64-gcc.c b/thirdparty/openssl/crypto/bn/asm/x86_64-gcc.c deleted file mode 100644 index 1729b479d4..0000000000 --- a/thirdparty/openssl/crypto/bn/asm/x86_64-gcc.c +++ /dev/null @@ -1,638 +0,0 @@ -#include "../bn_lcl.h" -#if !(defined(__GNUC__) && __GNUC__>=2) -# include "../bn_asm.c" /* kind of dirty hack for Sun Studio */ -#else -/*- - * x86_64 BIGNUM accelerator version 0.1, December 2002. - * - * Implemented by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL - * project. - * - * Rights for redistribution and usage in source and binary forms are - * granted according to the OpenSSL license. Warranty of any kind is - * disclaimed. - * - * Q. Version 0.1? It doesn't sound like Andy, he used to assign real - * versions, like 1.0... - * A. Well, that's because this code is basically a quick-n-dirty - * proof-of-concept hack. As you can see it's implemented with - * inline assembler, which means that you're bound to GCC and that - * there might be enough room for further improvement. - * - * Q. Why inline assembler? - * A. x86_64 features own ABI which I'm not familiar with. This is - * why I decided to let the compiler take care of subroutine - * prologue/epilogue as well as register allocation. For reference. - * Win64 implements different ABI for AMD64, different from Linux. - * - * Q. How much faster does it get? - * A. 'apps/openssl speed rsa dsa' output with no-asm: - * - * sign verify sign/s verify/s - * rsa 512 bits 0.0006s 0.0001s 1683.8 18456.2 - * rsa 1024 bits 0.0028s 0.0002s 356.0 6407.0 - * rsa 2048 bits 0.0172s 0.0005s 58.0 1957.8 - * rsa 4096 bits 0.1155s 0.0018s 8.7 555.6 - * sign verify sign/s verify/s - * dsa 512 bits 0.0005s 0.0006s 2100.8 1768.3 - * dsa 1024 bits 0.0014s 0.0018s 692.3 559.2 - * dsa 2048 bits 0.0049s 0.0061s 204.7 165.0 - * - * 'apps/openssl speed rsa dsa' output with this module: - * - * sign verify sign/s verify/s - * rsa 512 bits 0.0004s 0.0000s 2767.1 33297.9 - * rsa 1024 bits 0.0012s 0.0001s 867.4 14674.7 - * rsa 2048 bits 0.0061s 0.0002s 164.0 5270.0 - * rsa 4096 bits 0.0384s 0.0006s 26.1 1650.8 - * sign verify sign/s verify/s - * dsa 512 bits 0.0002s 0.0003s 4442.2 3786.3 - * dsa 1024 bits 0.0005s 0.0007s 1835.1 1497.4 - * dsa 2048 bits 0.0016s 0.0020s 620.4 504.6 - * - * For the reference. IA-32 assembler implementation performs - * very much like 64-bit code compiled with no-asm on the same - * machine. - */ - -# if defined(_WIN64) || !defined(__LP64__) -# define BN_ULONG unsigned long long -# else -# define BN_ULONG unsigned long -# endif - -# undef mul -# undef mul_add - -/*- - * "m"(a), "+m"(r) is the way to favor DirectPath µ-code; - * "g"(0) let the compiler to decide where does it - * want to keep the value of zero; - */ -# define mul_add(r,a,word,carry) do { \ - register BN_ULONG high,low; \ - asm ("mulq %3" \ - : "=a"(low),"=d"(high) \ - : "a"(word),"m"(a) \ - : "cc"); \ - asm ("addq %2,%0; adcq %3,%1" \ - : "+r"(carry),"+d"(high)\ - : "a"(low),"g"(0) \ - : "cc"); \ - asm ("addq %2,%0; adcq %3,%1" \ - : "+m"(r),"+d"(high) \ - : "r"(carry),"g"(0) \ - : "cc"); \ - carry=high; \ - } while (0) - -# define mul(r,a,word,carry) do { \ - register BN_ULONG high,low; \ - asm ("mulq %3" \ - : "=a"(low),"=d"(high) \ - : "a"(word),"g"(a) \ - : "cc"); \ - asm ("addq %2,%0; adcq %3,%1" \ - : "+r"(carry),"+d"(high)\ - : "a"(low),"g"(0) \ - : "cc"); \ - (r)=carry, carry=high; \ - } while (0) -# undef sqr -# define sqr(r0,r1,a) \ - asm ("mulq %2" \ - : "=a"(r0),"=d"(r1) \ - : "a"(a) \ - : "cc"); - -BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, - BN_ULONG w) -{ - BN_ULONG c1 = 0; - - if (num <= 0) - return (c1); - - while (num & ~3) { - mul_add(rp[0], ap[0], w, c1); - mul_add(rp[1], ap[1], w, c1); - mul_add(rp[2], ap[2], w, c1); - mul_add(rp[3], ap[3], w, c1); - ap += 4; - rp += 4; - num -= 4; - } - if (num) { - mul_add(rp[0], ap[0], w, c1); - if (--num == 0) - return c1; - mul_add(rp[1], ap[1], w, c1); - if (--num == 0) - return c1; - mul_add(rp[2], ap[2], w, c1); - return c1; - } - - return (c1); -} - -BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) -{ - BN_ULONG c1 = 0; - - if (num <= 0) - return (c1); - - while (num & ~3) { - mul(rp[0], ap[0], w, c1); - mul(rp[1], ap[1], w, c1); - mul(rp[2], ap[2], w, c1); - mul(rp[3], ap[3], w, c1); - ap += 4; - rp += 4; - num -= 4; - } - if (num) { - mul(rp[0], ap[0], w, c1); - if (--num == 0) - return c1; - mul(rp[1], ap[1], w, c1); - if (--num == 0) - return c1; - mul(rp[2], ap[2], w, c1); - } - return (c1); -} - -void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) -{ - if (n <= 0) - return; - - while (n & ~3) { - sqr(r[0], r[1], a[0]); - sqr(r[2], r[3], a[1]); - sqr(r[4], r[5], a[2]); - sqr(r[6], r[7], a[3]); - a += 4; - r += 8; - n -= 4; - } - if (n) { - sqr(r[0], r[1], a[0]); - if (--n == 0) - return; - sqr(r[2], r[3], a[1]); - if (--n == 0) - return; - sqr(r[4], r[5], a[2]); - } -} - -BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) -{ - BN_ULONG ret, waste; - - asm("divq %4":"=a"(ret), "=d"(waste) - : "a"(l), "d"(h), "r"(d) - : "cc"); - - return ret; -} - -BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - int n) -{ - BN_ULONG ret; - size_t i = 0; - - if (n <= 0) - return 0; - - asm volatile (" subq %0,%0 \n" /* clear carry */ - " jmp 1f \n" - ".p2align 4 \n" - "1: movq (%4,%2,8),%0 \n" - " adcq (%5,%2,8),%0 \n" - " movq %0,(%3,%2,8) \n" - " lea 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n":"=&r" (ret), "+c"(n), - "+r"(i) - :"r"(rp), "r"(ap), "r"(bp) - :"cc", "memory"); - - return ret & 1; -} - -# ifndef SIMICS -BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - int n) -{ - BN_ULONG ret; - size_t i = 0; - - if (n <= 0) - return 0; - - asm volatile (" subq %0,%0 \n" /* clear borrow */ - " jmp 1f \n" - ".p2align 4 \n" - "1: movq (%4,%2,8),%0 \n" - " sbbq (%5,%2,8),%0 \n" - " movq %0,(%3,%2,8) \n" - " lea 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n":"=&r" (ret), "+c"(n), - "+r"(i) - :"r"(rp), "r"(ap), "r"(bp) - :"cc", "memory"); - - return ret & 1; -} -# else -/* Simics 1.4<7 has buggy sbbq:-( */ -# define BN_MASK2 0xffffffffffffffffL -BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) -{ - BN_ULONG t1, t2; - int c = 0; - - if (n <= 0) - return ((BN_ULONG)0); - - for (;;) { - t1 = a[0]; - t2 = b[0]; - r[0] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) - c = (t1 < t2); - if (--n <= 0) - break; - - t1 = a[1]; - t2 = b[1]; - r[1] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) - c = (t1 < t2); - if (--n <= 0) - break; - - t1 = a[2]; - t2 = b[2]; - r[2] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) - c = (t1 < t2); - if (--n <= 0) - break; - - t1 = a[3]; - t2 = b[3]; - r[3] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) - c = (t1 < t2); - if (--n <= 0) - break; - - a += 4; - b += 4; - r += 4; - } - return (c); -} -# endif - -/* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */ -/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */ -/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ -/* - * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number - * c=(c2,c1,c0) - */ - -/* - * Keep in mind that carrying into high part of multiplication result - * can not overflow, because it cannot be all-ones. - */ -# if 0 -/* original macros are kept for reference purposes */ -# define mul_add_c(a,b,c0,c1,c2) do { \ - BN_ULONG ta = (a), tb = (b); \ - BN_ULONG lo, hi; \ - BN_UMULT_LOHI(lo,hi,ta,tb); \ - c0 += lo; hi += (c0<lo)?1:0; \ - c1 += hi; c2 += (c1<hi)?1:0; \ - } while(0) - -# define mul_add_c2(a,b,c0,c1,c2) do { \ - BN_ULONG ta = (a), tb = (b); \ - BN_ULONG lo, hi, tt; \ - BN_UMULT_LOHI(lo,hi,ta,tb); \ - c0 += lo; tt = hi+((c0<lo)?1:0); \ - c1 += tt; c2 += (c1<tt)?1:0; \ - c0 += lo; hi += (c0<lo)?1:0; \ - c1 += hi; c2 += (c1<hi)?1:0; \ - } while(0) - -# define sqr_add_c(a,i,c0,c1,c2) do { \ - BN_ULONG ta = (a)[i]; \ - BN_ULONG lo, hi; \ - BN_UMULT_LOHI(lo,hi,ta,ta); \ - c0 += lo; hi += (c0<lo)?1:0; \ - c1 += hi; c2 += (c1<hi)?1:0; \ - } while(0) -# else -# define mul_add_c(a,b,c0,c1,c2) do { \ - BN_ULONG t1,t2; \ - asm ("mulq %3" \ - : "=a"(t1),"=d"(t2) \ - : "a"(a),"m"(b) \ - : "cc"); \ - asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \ - : "+r"(c0),"+r"(c1),"+r"(c2) \ - : "r"(t1),"r"(t2),"g"(0) \ - : "cc"); \ - } while (0) - -# define sqr_add_c(a,i,c0,c1,c2) do { \ - BN_ULONG t1,t2; \ - asm ("mulq %2" \ - : "=a"(t1),"=d"(t2) \ - : "a"(a[i]) \ - : "cc"); \ - asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \ - : "+r"(c0),"+r"(c1),"+r"(c2) \ - : "r"(t1),"r"(t2),"g"(0) \ - : "cc"); \ - } while (0) - -# define mul_add_c2(a,b,c0,c1,c2) do { \ - BN_ULONG t1,t2; \ - asm ("mulq %3" \ - : "=a"(t1),"=d"(t2) \ - : "a"(a),"m"(b) \ - : "cc"); \ - asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \ - : "+r"(c0),"+r"(c1),"+r"(c2) \ - : "r"(t1),"r"(t2),"g"(0) \ - : "cc"); \ - asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \ - : "+r"(c0),"+r"(c1),"+r"(c2) \ - : "r"(t1),"r"(t2),"g"(0) \ - : "cc"); \ - } while (0) -# endif - -# define sqr_add_c2(a,i,j,c0,c1,c2) \ - mul_add_c2((a)[i],(a)[j],c0,c1,c2) - -void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) -{ - BN_ULONG c1, c2, c3; - - c1 = 0; - c2 = 0; - c3 = 0; - mul_add_c(a[0], b[0], c1, c2, c3); - r[0] = c1; - c1 = 0; - mul_add_c(a[0], b[1], c2, c3, c1); - mul_add_c(a[1], b[0], c2, c3, c1); - r[1] = c2; - c2 = 0; - mul_add_c(a[2], b[0], c3, c1, c2); - mul_add_c(a[1], b[1], c3, c1, c2); - mul_add_c(a[0], b[2], c3, c1, c2); - r[2] = c3; - c3 = 0; - mul_add_c(a[0], b[3], c1, c2, c3); - mul_add_c(a[1], b[2], c1, c2, c3); - mul_add_c(a[2], b[1], c1, c2, c3); - mul_add_c(a[3], b[0], c1, c2, c3); - r[3] = c1; - c1 = 0; - mul_add_c(a[4], b[0], c2, c3, c1); - mul_add_c(a[3], b[1], c2, c3, c1); - mul_add_c(a[2], b[2], c2, c3, c1); - mul_add_c(a[1], b[3], c2, c3, c1); - mul_add_c(a[0], b[4], c2, c3, c1); - r[4] = c2; - c2 = 0; - mul_add_c(a[0], b[5], c3, c1, c2); - mul_add_c(a[1], b[4], c3, c1, c2); - mul_add_c(a[2], b[3], c3, c1, c2); - mul_add_c(a[3], b[2], c3, c1, c2); - mul_add_c(a[4], b[1], c3, c1, c2); - mul_add_c(a[5], b[0], c3, c1, c2); - r[5] = c3; - c3 = 0; - mul_add_c(a[6], b[0], c1, c2, c3); - mul_add_c(a[5], b[1], c1, c2, c3); - mul_add_c(a[4], b[2], c1, c2, c3); - mul_add_c(a[3], b[3], c1, c2, c3); - mul_add_c(a[2], b[4], c1, c2, c3); - mul_add_c(a[1], b[5], c1, c2, c3); - mul_add_c(a[0], b[6], c1, c2, c3); - r[6] = c1; - c1 = 0; - mul_add_c(a[0], b[7], c2, c3, c1); - mul_add_c(a[1], b[6], c2, c3, c1); - mul_add_c(a[2], b[5], c2, c3, c1); - mul_add_c(a[3], b[4], c2, c3, c1); - mul_add_c(a[4], b[3], c2, c3, c1); - mul_add_c(a[5], b[2], c2, c3, c1); - mul_add_c(a[6], b[1], c2, c3, c1); - mul_add_c(a[7], b[0], c2, c3, c1); - r[7] = c2; - c2 = 0; - mul_add_c(a[7], b[1], c3, c1, c2); - mul_add_c(a[6], b[2], c3, c1, c2); - mul_add_c(a[5], b[3], c3, c1, c2); - mul_add_c(a[4], b[4], c3, c1, c2); - mul_add_c(a[3], b[5], c3, c1, c2); - mul_add_c(a[2], b[6], c3, c1, c2); - mul_add_c(a[1], b[7], c3, c1, c2); - r[8] = c3; - c3 = 0; - mul_add_c(a[2], b[7], c1, c2, c3); - mul_add_c(a[3], b[6], c1, c2, c3); - mul_add_c(a[4], b[5], c1, c2, c3); - mul_add_c(a[5], b[4], c1, c2, c3); - mul_add_c(a[6], b[3], c1, c2, c3); - mul_add_c(a[7], b[2], c1, c2, c3); - r[9] = c1; - c1 = 0; - mul_add_c(a[7], b[3], c2, c3, c1); - mul_add_c(a[6], b[4], c2, c3, c1); - mul_add_c(a[5], b[5], c2, c3, c1); - mul_add_c(a[4], b[6], c2, c3, c1); - mul_add_c(a[3], b[7], c2, c3, c1); - r[10] = c2; - c2 = 0; - mul_add_c(a[4], b[7], c3, c1, c2); - mul_add_c(a[5], b[6], c3, c1, c2); - mul_add_c(a[6], b[5], c3, c1, c2); - mul_add_c(a[7], b[4], c3, c1, c2); - r[11] = c3; - c3 = 0; - mul_add_c(a[7], b[5], c1, c2, c3); - mul_add_c(a[6], b[6], c1, c2, c3); - mul_add_c(a[5], b[7], c1, c2, c3); - r[12] = c1; - c1 = 0; - mul_add_c(a[6], b[7], c2, c3, c1); - mul_add_c(a[7], b[6], c2, c3, c1); - r[13] = c2; - c2 = 0; - mul_add_c(a[7], b[7], c3, c1, c2); - r[14] = c3; - r[15] = c1; -} - -void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) -{ - BN_ULONG c1, c2, c3; - - c1 = 0; - c2 = 0; - c3 = 0; - mul_add_c(a[0], b[0], c1, c2, c3); - r[0] = c1; - c1 = 0; - mul_add_c(a[0], b[1], c2, c3, c1); - mul_add_c(a[1], b[0], c2, c3, c1); - r[1] = c2; - c2 = 0; - mul_add_c(a[2], b[0], c3, c1, c2); - mul_add_c(a[1], b[1], c3, c1, c2); - mul_add_c(a[0], b[2], c3, c1, c2); - r[2] = c3; - c3 = 0; - mul_add_c(a[0], b[3], c1, c2, c3); - mul_add_c(a[1], b[2], c1, c2, c3); - mul_add_c(a[2], b[1], c1, c2, c3); - mul_add_c(a[3], b[0], c1, c2, c3); - r[3] = c1; - c1 = 0; - mul_add_c(a[3], b[1], c2, c3, c1); - mul_add_c(a[2], b[2], c2, c3, c1); - mul_add_c(a[1], b[3], c2, c3, c1); - r[4] = c2; - c2 = 0; - mul_add_c(a[2], b[3], c3, c1, c2); - mul_add_c(a[3], b[2], c3, c1, c2); - r[5] = c3; - c3 = 0; - mul_add_c(a[3], b[3], c1, c2, c3); - r[6] = c1; - r[7] = c2; -} - -void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) -{ - BN_ULONG c1, c2, c3; - - c1 = 0; - c2 = 0; - c3 = 0; - sqr_add_c(a, 0, c1, c2, c3); - r[0] = c1; - c1 = 0; - sqr_add_c2(a, 1, 0, c2, c3, c1); - r[1] = c2; - c2 = 0; - sqr_add_c(a, 1, c3, c1, c2); - sqr_add_c2(a, 2, 0, c3, c1, c2); - r[2] = c3; - c3 = 0; - sqr_add_c2(a, 3, 0, c1, c2, c3); - sqr_add_c2(a, 2, 1, c1, c2, c3); - r[3] = c1; - c1 = 0; - sqr_add_c(a, 2, c2, c3, c1); - sqr_add_c2(a, 3, 1, c2, c3, c1); - sqr_add_c2(a, 4, 0, c2, c3, c1); - r[4] = c2; - c2 = 0; - sqr_add_c2(a, 5, 0, c3, c1, c2); - sqr_add_c2(a, 4, 1, c3, c1, c2); - sqr_add_c2(a, 3, 2, c3, c1, c2); - r[5] = c3; - c3 = 0; - sqr_add_c(a, 3, c1, c2, c3); - sqr_add_c2(a, 4, 2, c1, c2, c3); - sqr_add_c2(a, 5, 1, c1, c2, c3); - sqr_add_c2(a, 6, 0, c1, c2, c3); - r[6] = c1; - c1 = 0; - sqr_add_c2(a, 7, 0, c2, c3, c1); - sqr_add_c2(a, 6, 1, c2, c3, c1); - sqr_add_c2(a, 5, 2, c2, c3, c1); - sqr_add_c2(a, 4, 3, c2, c3, c1); - r[7] = c2; - c2 = 0; - sqr_add_c(a, 4, c3, c1, c2); - sqr_add_c2(a, 5, 3, c3, c1, c2); - sqr_add_c2(a, 6, 2, c3, c1, c2); - sqr_add_c2(a, 7, 1, c3, c1, c2); - r[8] = c3; - c3 = 0; - sqr_add_c2(a, 7, 2, c1, c2, c3); - sqr_add_c2(a, 6, 3, c1, c2, c3); - sqr_add_c2(a, 5, 4, c1, c2, c3); - r[9] = c1; - c1 = 0; - sqr_add_c(a, 5, c2, c3, c1); - sqr_add_c2(a, 6, 4, c2, c3, c1); - sqr_add_c2(a, 7, 3, c2, c3, c1); - r[10] = c2; - c2 = 0; - sqr_add_c2(a, 7, 4, c3, c1, c2); - sqr_add_c2(a, 6, 5, c3, c1, c2); - r[11] = c3; - c3 = 0; - sqr_add_c(a, 6, c1, c2, c3); - sqr_add_c2(a, 7, 5, c1, c2, c3); - r[12] = c1; - c1 = 0; - sqr_add_c2(a, 7, 6, c2, c3, c1); - r[13] = c2; - c2 = 0; - sqr_add_c(a, 7, c3, c1, c2); - r[14] = c3; - r[15] = c1; -} - -void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) -{ - BN_ULONG c1, c2, c3; - - c1 = 0; - c2 = 0; - c3 = 0; - sqr_add_c(a, 0, c1, c2, c3); - r[0] = c1; - c1 = 0; - sqr_add_c2(a, 1, 0, c2, c3, c1); - r[1] = c2; - c2 = 0; - sqr_add_c(a, 1, c3, c1, c2); - sqr_add_c2(a, 2, 0, c3, c1, c2); - r[2] = c3; - c3 = 0; - sqr_add_c2(a, 3, 0, c1, c2, c3); - sqr_add_c2(a, 2, 1, c1, c2, c3); - r[3] = c1; - c1 = 0; - sqr_add_c(a, 2, c2, c3, c1); - sqr_add_c2(a, 3, 1, c2, c3, c1); - r[4] = c2; - c2 = 0; - sqr_add_c2(a, 3, 2, c3, c1, c2); - r[5] = c3; - c3 = 0; - sqr_add_c(a, 3, c1, c2, c3); - r[6] = c1; - r[7] = c2; -} -#endif diff --git a/thirdparty/openssl/crypto/bn/bn.mul b/thirdparty/openssl/crypto/bn/bn.mul deleted file mode 100644 index 9728870d38..0000000000 --- a/thirdparty/openssl/crypto/bn/bn.mul +++ /dev/null @@ -1,19 +0,0 @@ -We need - -* bn_mul_comba8 -* bn_mul_comba4 -* bn_mul_normal -* bn_mul_recursive - -* bn_sqr_comba8 -* bn_sqr_comba4 -bn_sqr_normal -> BN_sqr -* bn_sqr_recursive - -* bn_mul_low_recursive -* bn_mul_low_normal -* bn_mul_high - -* bn_mul_part_recursive # symetric but not power of 2 - -bn_mul_asymetric_recursive # uneven, but do the chop up. diff --git a/thirdparty/openssl/crypto/bn/bn_add.c b/thirdparty/openssl/crypto/bn/bn_add.c deleted file mode 100644 index 2f3d110449..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_add.c +++ /dev/null @@ -1,313 +0,0 @@ -/* crypto/bn/bn_add.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -/* r can == a or b */ -int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) -{ - const BIGNUM *tmp; - int a_neg = a->neg, ret; - - bn_check_top(a); - bn_check_top(b); - - /*- - * a + b a+b - * a + -b a-b - * -a + b b-a - * -a + -b -(a+b) - */ - if (a_neg ^ b->neg) { - /* only one is negative */ - if (a_neg) { - tmp = a; - a = b; - b = tmp; - } - - /* we are now a - b */ - - if (BN_ucmp(a, b) < 0) { - if (!BN_usub(r, b, a)) - return (0); - r->neg = 1; - } else { - if (!BN_usub(r, a, b)) - return (0); - r->neg = 0; - } - return (1); - } - - ret = BN_uadd(r, a, b); - r->neg = a_neg; - bn_check_top(r); - return ret; -} - -/* unsigned add of b to a */ -int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) -{ - int max, min, dif; - BN_ULONG *ap, *bp, *rp, carry, t1, t2; - const BIGNUM *tmp; - - bn_check_top(a); - bn_check_top(b); - - if (a->top < b->top) { - tmp = a; - a = b; - b = tmp; - } - max = a->top; - min = b->top; - dif = max - min; - - if (bn_wexpand(r, max + 1) == NULL) - return 0; - - r->top = max; - - ap = a->d; - bp = b->d; - rp = r->d; - - carry = bn_add_words(rp, ap, bp, min); - rp += min; - ap += min; - bp += min; - - if (carry) { - while (dif) { - dif--; - t1 = *(ap++); - t2 = (t1 + 1) & BN_MASK2; - *(rp++) = t2; - if (t2) { - carry = 0; - break; - } - } - if (carry) { - /* carry != 0 => dif == 0 */ - *rp = 1; - r->top++; - } - } - if (dif && rp != ap) - while (dif--) - /* copy remaining words if ap != rp */ - *(rp++) = *(ap++); - r->neg = 0; - bn_check_top(r); - return 1; -} - -/* unsigned subtraction of b from a, a must be larger than b. */ -int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) -{ - int max, min, dif; - register BN_ULONG t1, t2, *ap, *bp, *rp; - int i, carry; -#if defined(IRIX_CC_BUG) && !defined(LINT) - int dummy; -#endif - - bn_check_top(a); - bn_check_top(b); - - max = a->top; - min = b->top; - dif = max - min; - - if (dif < 0) { /* hmm... should not be happening */ - BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3); - return (0); - } - - if (bn_wexpand(r, max) == NULL) - return (0); - - ap = a->d; - bp = b->d; - rp = r->d; - -#if 1 - carry = 0; - for (i = min; i != 0; i--) { - t1 = *(ap++); - t2 = *(bp++); - if (carry) { - carry = (t1 <= t2); - t1 = (t1 - t2 - 1) & BN_MASK2; - } else { - carry = (t1 < t2); - t1 = (t1 - t2) & BN_MASK2; - } -# if defined(IRIX_CC_BUG) && !defined(LINT) - dummy = t1; -# endif - *(rp++) = t1 & BN_MASK2; - } -#else - carry = bn_sub_words(rp, ap, bp, min); - ap += min; - bp += min; - rp += min; -#endif - if (carry) { /* subtracted */ - if (!dif) - /* error: a < b */ - return 0; - while (dif) { - dif--; - t1 = *(ap++); - t2 = (t1 - 1) & BN_MASK2; - *(rp++) = t2; - if (t1) - break; - } - } -#if 0 - memcpy(rp, ap, sizeof(*rp) * (max - i)); -#else - if (rp != ap) { - for (;;) { - if (!dif--) - break; - rp[0] = ap[0]; - if (!dif--) - break; - rp[1] = ap[1]; - if (!dif--) - break; - rp[2] = ap[2]; - if (!dif--) - break; - rp[3] = ap[3]; - rp += 4; - ap += 4; - } - } -#endif - - r->top = max; - r->neg = 0; - bn_correct_top(r); - return (1); -} - -int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) -{ - int max; - int add = 0, neg = 0; - const BIGNUM *tmp; - - bn_check_top(a); - bn_check_top(b); - - /*- - * a - b a-b - * a - -b a+b - * -a - b -(a+b) - * -a - -b b-a - */ - if (a->neg) { - if (b->neg) { - tmp = a; - a = b; - b = tmp; - } else { - add = 1; - neg = 1; - } - } else { - if (b->neg) { - add = 1; - neg = 0; - } - } - - if (add) { - if (!BN_uadd(r, a, b)) - return (0); - r->neg = neg; - return (1); - } - - /* We are actually doing a - b :-) */ - - max = (a->top > b->top) ? a->top : b->top; - if (bn_wexpand(r, max) == NULL) - return (0); - if (BN_ucmp(a, b) < 0) { - if (!BN_usub(r, b, a)) - return (0); - r->neg = 1; - } else { - if (!BN_usub(r, a, b)) - return (0); - r->neg = 0; - } - bn_check_top(r); - return (1); -} diff --git a/thirdparty/openssl/crypto/bn/bn_asm.c b/thirdparty/openssl/crypto/bn/bn_asm.c deleted file mode 100644 index 03a33cffe5..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_asm.c +++ /dev/null @@ -1,1093 +0,0 @@ -/* crypto/bn/bn_asm.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef BN_DEBUG -# undef NDEBUG /* avoid conflicting definitions */ -# define NDEBUG -#endif - -#include <stdio.h> -#include <assert.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -#if defined(BN_LLONG) || defined(BN_UMULT_HIGH) - -BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, - BN_ULONG w) -{ - BN_ULONG c1 = 0; - - assert(num >= 0); - if (num <= 0) - return (c1); - -# ifndef OPENSSL_SMALL_FOOTPRINT - while (num & ~3) { - mul_add(rp[0], ap[0], w, c1); - mul_add(rp[1], ap[1], w, c1); - mul_add(rp[2], ap[2], w, c1); - mul_add(rp[3], ap[3], w, c1); - ap += 4; - rp += 4; - num -= 4; - } -# endif - while (num) { - mul_add(rp[0], ap[0], w, c1); - ap++; - rp++; - num--; - } - - return (c1); -} - -BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) -{ - BN_ULONG c1 = 0; - - assert(num >= 0); - if (num <= 0) - return (c1); - -# ifndef OPENSSL_SMALL_FOOTPRINT - while (num & ~3) { - mul(rp[0], ap[0], w, c1); - mul(rp[1], ap[1], w, c1); - mul(rp[2], ap[2], w, c1); - mul(rp[3], ap[3], w, c1); - ap += 4; - rp += 4; - num -= 4; - } -# endif - while (num) { - mul(rp[0], ap[0], w, c1); - ap++; - rp++; - num--; - } - return (c1); -} - -void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) -{ - assert(n >= 0); - if (n <= 0) - return; - -# ifndef OPENSSL_SMALL_FOOTPRINT - while (n & ~3) { - sqr(r[0], r[1], a[0]); - sqr(r[2], r[3], a[1]); - sqr(r[4], r[5], a[2]); - sqr(r[6], r[7], a[3]); - a += 4; - r += 8; - n -= 4; - } -# endif - while (n) { - sqr(r[0], r[1], a[0]); - a++; - r += 2; - n--; - } -} - -#else /* !(defined(BN_LLONG) || - * defined(BN_UMULT_HIGH)) */ - -BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, - BN_ULONG w) -{ - BN_ULONG c = 0; - BN_ULONG bl, bh; - - assert(num >= 0); - if (num <= 0) - return ((BN_ULONG)0); - - bl = LBITS(w); - bh = HBITS(w); - -# ifndef OPENSSL_SMALL_FOOTPRINT - while (num & ~3) { - mul_add(rp[0], ap[0], bl, bh, c); - mul_add(rp[1], ap[1], bl, bh, c); - mul_add(rp[2], ap[2], bl, bh, c); - mul_add(rp[3], ap[3], bl, bh, c); - ap += 4; - rp += 4; - num -= 4; - } -# endif - while (num) { - mul_add(rp[0], ap[0], bl, bh, c); - ap++; - rp++; - num--; - } - return (c); -} - -BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) -{ - BN_ULONG carry = 0; - BN_ULONG bl, bh; - - assert(num >= 0); - if (num <= 0) - return ((BN_ULONG)0); - - bl = LBITS(w); - bh = HBITS(w); - -# ifndef OPENSSL_SMALL_FOOTPRINT - while (num & ~3) { - mul(rp[0], ap[0], bl, bh, carry); - mul(rp[1], ap[1], bl, bh, carry); - mul(rp[2], ap[2], bl, bh, carry); - mul(rp[3], ap[3], bl, bh, carry); - ap += 4; - rp += 4; - num -= 4; - } -# endif - while (num) { - mul(rp[0], ap[0], bl, bh, carry); - ap++; - rp++; - num--; - } - return (carry); -} - -void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) -{ - assert(n >= 0); - if (n <= 0) - return; - -# ifndef OPENSSL_SMALL_FOOTPRINT - while (n & ~3) { - sqr64(r[0], r[1], a[0]); - sqr64(r[2], r[3], a[1]); - sqr64(r[4], r[5], a[2]); - sqr64(r[6], r[7], a[3]); - a += 4; - r += 8; - n -= 4; - } -# endif - while (n) { - sqr64(r[0], r[1], a[0]); - a++; - r += 2; - n--; - } -} - -#endif /* !(defined(BN_LLONG) || - * defined(BN_UMULT_HIGH)) */ - -#if defined(BN_LLONG) && defined(BN_DIV2W) - -BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) -{ - return ((BN_ULONG)(((((BN_ULLONG) h) << BN_BITS2) | l) / (BN_ULLONG) d)); -} - -#else - -/* Divide h,l by d and return the result. */ -/* I need to test this some more :-( */ -BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) -{ - BN_ULONG dh, dl, q, ret = 0, th, tl, t; - int i, count = 2; - - if (d == 0) - return (BN_MASK2); - - i = BN_num_bits_word(d); - assert((i == BN_BITS2) || (h <= (BN_ULONG)1 << i)); - - i = BN_BITS2 - i; - if (h >= d) - h -= d; - - if (i) { - d <<= i; - h = (h << i) | (l >> (BN_BITS2 - i)); - l <<= i; - } - dh = (d & BN_MASK2h) >> BN_BITS4; - dl = (d & BN_MASK2l); - for (;;) { - if ((h >> BN_BITS4) == dh) - q = BN_MASK2l; - else - q = h / dh; - - th = q * dh; - tl = dl * q; - for (;;) { - t = h - th; - if ((t & BN_MASK2h) || - ((tl) <= ((t << BN_BITS4) | ((l & BN_MASK2h) >> BN_BITS4)))) - break; - q--; - th -= dh; - tl -= dl; - } - t = (tl >> BN_BITS4); - tl = (tl << BN_BITS4) & BN_MASK2h; - th += t; - - if (l < tl) - th++; - l -= tl; - if (h < th) { - h += d; - q--; - } - h -= th; - - if (--count == 0) - break; - - ret = q << BN_BITS4; - h = ((h << BN_BITS4) | (l >> BN_BITS4)) & BN_MASK2; - l = (l & BN_MASK2l) << BN_BITS4; - } - ret |= q; - return (ret); -} -#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */ - -#ifdef BN_LLONG -BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int n) -{ - BN_ULLONG ll = 0; - - assert(n >= 0); - if (n <= 0) - return ((BN_ULONG)0); - -# ifndef OPENSSL_SMALL_FOOTPRINT - while (n & ~3) { - ll += (BN_ULLONG) a[0] + b[0]; - r[0] = (BN_ULONG)ll & BN_MASK2; - ll >>= BN_BITS2; - ll += (BN_ULLONG) a[1] + b[1]; - r[1] = (BN_ULONG)ll & BN_MASK2; - ll >>= BN_BITS2; - ll += (BN_ULLONG) a[2] + b[2]; - r[2] = (BN_ULONG)ll & BN_MASK2; - ll >>= BN_BITS2; - ll += (BN_ULLONG) a[3] + b[3]; - r[3] = (BN_ULONG)ll & BN_MASK2; - ll >>= BN_BITS2; - a += 4; - b += 4; - r += 4; - n -= 4; - } -# endif - while (n) { - ll += (BN_ULLONG) a[0] + b[0]; - r[0] = (BN_ULONG)ll & BN_MASK2; - ll >>= BN_BITS2; - a++; - b++; - r++; - n--; - } - return ((BN_ULONG)ll); -} -#else /* !BN_LLONG */ -BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int n) -{ - BN_ULONG c, l, t; - - assert(n >= 0); - if (n <= 0) - return ((BN_ULONG)0); - - c = 0; -# ifndef OPENSSL_SMALL_FOOTPRINT - while (n & ~3) { - t = a[0]; - t = (t + c) & BN_MASK2; - c = (t < c); - l = (t + b[0]) & BN_MASK2; - c += (l < t); - r[0] = l; - t = a[1]; - t = (t + c) & BN_MASK2; - c = (t < c); - l = (t + b[1]) & BN_MASK2; - c += (l < t); - r[1] = l; - t = a[2]; - t = (t + c) & BN_MASK2; - c = (t < c); - l = (t + b[2]) & BN_MASK2; - c += (l < t); - r[2] = l; - t = a[3]; - t = (t + c) & BN_MASK2; - c = (t < c); - l = (t + b[3]) & BN_MASK2; - c += (l < t); - r[3] = l; - a += 4; - b += 4; - r += 4; - n -= 4; - } -# endif - while (n) { - t = a[0]; - t = (t + c) & BN_MASK2; - c = (t < c); - l = (t + b[0]) & BN_MASK2; - c += (l < t); - r[0] = l; - a++; - b++; - r++; - n--; - } - return ((BN_ULONG)c); -} -#endif /* !BN_LLONG */ - -BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int n) -{ - BN_ULONG t1, t2; - int c = 0; - - assert(n >= 0); - if (n <= 0) - return ((BN_ULONG)0); - -#ifndef OPENSSL_SMALL_FOOTPRINT - while (n & ~3) { - t1 = a[0]; - t2 = b[0]; - r[0] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) - c = (t1 < t2); - t1 = a[1]; - t2 = b[1]; - r[1] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) - c = (t1 < t2); - t1 = a[2]; - t2 = b[2]; - r[2] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) - c = (t1 < t2); - t1 = a[3]; - t2 = b[3]; - r[3] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) - c = (t1 < t2); - a += 4; - b += 4; - r += 4; - n -= 4; - } -#endif - while (n) { - t1 = a[0]; - t2 = b[0]; - r[0] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) - c = (t1 < t2); - a++; - b++; - r++; - n--; - } - return (c); -} - -#if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT) - -# undef bn_mul_comba8 -# undef bn_mul_comba4 -# undef bn_sqr_comba8 -# undef bn_sqr_comba4 - -/* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */ -/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */ -/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ -/* - * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number - * c=(c2,c1,c0) - */ - -# ifdef BN_LLONG -/* - * Keep in mind that additions to multiplication result can not - * overflow, because its high half cannot be all-ones. - */ -# define mul_add_c(a,b,c0,c1,c2) do { \ - BN_ULONG hi; \ - BN_ULLONG t = (BN_ULLONG)(a)*(b); \ - t += c0; /* no carry */ \ - c0 = (BN_ULONG)Lw(t); \ - hi = (BN_ULONG)Hw(t); \ - c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \ - } while(0) - -# define mul_add_c2(a,b,c0,c1,c2) do { \ - BN_ULONG hi; \ - BN_ULLONG t = (BN_ULLONG)(a)*(b); \ - BN_ULLONG tt = t+c0; /* no carry */ \ - c0 = (BN_ULONG)Lw(tt); \ - hi = (BN_ULONG)Hw(tt); \ - c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \ - t += c0; /* no carry */ \ - c0 = (BN_ULONG)Lw(t); \ - hi = (BN_ULONG)Hw(t); \ - c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \ - } while(0) - -# define sqr_add_c(a,i,c0,c1,c2) do { \ - BN_ULONG hi; \ - BN_ULLONG t = (BN_ULLONG)a[i]*a[i]; \ - t += c0; /* no carry */ \ - c0 = (BN_ULONG)Lw(t); \ - hi = (BN_ULONG)Hw(t); \ - c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \ - } while(0) - -# define sqr_add_c2(a,i,j,c0,c1,c2) \ - mul_add_c2((a)[i],(a)[j],c0,c1,c2) - -# elif defined(BN_UMULT_LOHI) -/* - * Keep in mind that additions to hi can not overflow, because - * the high word of a multiplication result cannot be all-ones. - */ -# define mul_add_c(a,b,c0,c1,c2) do { \ - BN_ULONG ta = (a), tb = (b); \ - BN_ULONG lo, hi; \ - BN_UMULT_LOHI(lo,hi,ta,tb); \ - c0 += lo; hi += (c0<lo)?1:0; \ - c1 += hi; c2 += (c1<hi)?1:0; \ - } while(0) - -# define mul_add_c2(a,b,c0,c1,c2) do { \ - BN_ULONG ta = (a), tb = (b); \ - BN_ULONG lo, hi, tt; \ - BN_UMULT_LOHI(lo,hi,ta,tb); \ - c0 += lo; tt = hi+((c0<lo)?1:0); \ - c1 += tt; c2 += (c1<tt)?1:0; \ - c0 += lo; hi += (c0<lo)?1:0; \ - c1 += hi; c2 += (c1<hi)?1:0; \ - } while(0) - -# define sqr_add_c(a,i,c0,c1,c2) do { \ - BN_ULONG ta = (a)[i]; \ - BN_ULONG lo, hi; \ - BN_UMULT_LOHI(lo,hi,ta,ta); \ - c0 += lo; hi += (c0<lo)?1:0; \ - c1 += hi; c2 += (c1<hi)?1:0; \ - } while(0) - -# define sqr_add_c2(a,i,j,c0,c1,c2) \ - mul_add_c2((a)[i],(a)[j],c0,c1,c2) - -# elif defined(BN_UMULT_HIGH) -/* - * Keep in mind that additions to hi can not overflow, because - * the high word of a multiplication result cannot be all-ones. - */ -# define mul_add_c(a,b,c0,c1,c2) do { \ - BN_ULONG ta = (a), tb = (b); \ - BN_ULONG lo = ta * tb; \ - BN_ULONG hi = BN_UMULT_HIGH(ta,tb); \ - c0 += lo; hi += (c0<lo)?1:0; \ - c1 += hi; c2 += (c1<hi)?1:0; \ - } while(0) - -# define mul_add_c2(a,b,c0,c1,c2) do { \ - BN_ULONG ta = (a), tb = (b), tt; \ - BN_ULONG lo = ta * tb; \ - BN_ULONG hi = BN_UMULT_HIGH(ta,tb); \ - c0 += lo; tt = hi + ((c0<lo)?1:0); \ - c1 += tt; c2 += (c1<tt)?1:0; \ - c0 += lo; hi += (c0<lo)?1:0; \ - c1 += hi; c2 += (c1<hi)?1:0; \ - } while(0) - -# define sqr_add_c(a,i,c0,c1,c2) do { \ - BN_ULONG ta = (a)[i]; \ - BN_ULONG lo = ta * ta; \ - BN_ULONG hi = BN_UMULT_HIGH(ta,ta); \ - c0 += lo; hi += (c0<lo)?1:0; \ - c1 += hi; c2 += (c1<hi)?1:0; \ - } while(0) - -# define sqr_add_c2(a,i,j,c0,c1,c2) \ - mul_add_c2((a)[i],(a)[j],c0,c1,c2) - -# else /* !BN_LLONG */ -/* - * Keep in mind that additions to hi can not overflow, because - * the high word of a multiplication result cannot be all-ones. - */ -# define mul_add_c(a,b,c0,c1,c2) do { \ - BN_ULONG lo = LBITS(a), hi = HBITS(a); \ - BN_ULONG bl = LBITS(b), bh = HBITS(b); \ - mul64(lo,hi,bl,bh); \ - c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \ - c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \ - } while(0) - -# define mul_add_c2(a,b,c0,c1,c2) do { \ - BN_ULONG tt; \ - BN_ULONG lo = LBITS(a), hi = HBITS(a); \ - BN_ULONG bl = LBITS(b), bh = HBITS(b); \ - mul64(lo,hi,bl,bh); \ - tt = hi; \ - c0 = (c0+lo)&BN_MASK2; if (c0<lo) tt++; \ - c1 = (c1+tt)&BN_MASK2; if (c1<tt) c2++; \ - c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \ - c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \ - } while(0) - -# define sqr_add_c(a,i,c0,c1,c2) do { \ - BN_ULONG lo, hi; \ - sqr64(lo,hi,(a)[i]); \ - c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \ - c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \ - } while(0) - -# define sqr_add_c2(a,i,j,c0,c1,c2) \ - mul_add_c2((a)[i],(a)[j],c0,c1,c2) -# endif /* !BN_LLONG */ - -void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) -{ - BN_ULONG c1, c2, c3; - - c1 = 0; - c2 = 0; - c3 = 0; - mul_add_c(a[0], b[0], c1, c2, c3); - r[0] = c1; - c1 = 0; - mul_add_c(a[0], b[1], c2, c3, c1); - mul_add_c(a[1], b[0], c2, c3, c1); - r[1] = c2; - c2 = 0; - mul_add_c(a[2], b[0], c3, c1, c2); - mul_add_c(a[1], b[1], c3, c1, c2); - mul_add_c(a[0], b[2], c3, c1, c2); - r[2] = c3; - c3 = 0; - mul_add_c(a[0], b[3], c1, c2, c3); - mul_add_c(a[1], b[2], c1, c2, c3); - mul_add_c(a[2], b[1], c1, c2, c3); - mul_add_c(a[3], b[0], c1, c2, c3); - r[3] = c1; - c1 = 0; - mul_add_c(a[4], b[0], c2, c3, c1); - mul_add_c(a[3], b[1], c2, c3, c1); - mul_add_c(a[2], b[2], c2, c3, c1); - mul_add_c(a[1], b[3], c2, c3, c1); - mul_add_c(a[0], b[4], c2, c3, c1); - r[4] = c2; - c2 = 0; - mul_add_c(a[0], b[5], c3, c1, c2); - mul_add_c(a[1], b[4], c3, c1, c2); - mul_add_c(a[2], b[3], c3, c1, c2); - mul_add_c(a[3], b[2], c3, c1, c2); - mul_add_c(a[4], b[1], c3, c1, c2); - mul_add_c(a[5], b[0], c3, c1, c2); - r[5] = c3; - c3 = 0; - mul_add_c(a[6], b[0], c1, c2, c3); - mul_add_c(a[5], b[1], c1, c2, c3); - mul_add_c(a[4], b[2], c1, c2, c3); - mul_add_c(a[3], b[3], c1, c2, c3); - mul_add_c(a[2], b[4], c1, c2, c3); - mul_add_c(a[1], b[5], c1, c2, c3); - mul_add_c(a[0], b[6], c1, c2, c3); - r[6] = c1; - c1 = 0; - mul_add_c(a[0], b[7], c2, c3, c1); - mul_add_c(a[1], b[6], c2, c3, c1); - mul_add_c(a[2], b[5], c2, c3, c1); - mul_add_c(a[3], b[4], c2, c3, c1); - mul_add_c(a[4], b[3], c2, c3, c1); - mul_add_c(a[5], b[2], c2, c3, c1); - mul_add_c(a[6], b[1], c2, c3, c1); - mul_add_c(a[7], b[0], c2, c3, c1); - r[7] = c2; - c2 = 0; - mul_add_c(a[7], b[1], c3, c1, c2); - mul_add_c(a[6], b[2], c3, c1, c2); - mul_add_c(a[5], b[3], c3, c1, c2); - mul_add_c(a[4], b[4], c3, c1, c2); - mul_add_c(a[3], b[5], c3, c1, c2); - mul_add_c(a[2], b[6], c3, c1, c2); - mul_add_c(a[1], b[7], c3, c1, c2); - r[8] = c3; - c3 = 0; - mul_add_c(a[2], b[7], c1, c2, c3); - mul_add_c(a[3], b[6], c1, c2, c3); - mul_add_c(a[4], b[5], c1, c2, c3); - mul_add_c(a[5], b[4], c1, c2, c3); - mul_add_c(a[6], b[3], c1, c2, c3); - mul_add_c(a[7], b[2], c1, c2, c3); - r[9] = c1; - c1 = 0; - mul_add_c(a[7], b[3], c2, c3, c1); - mul_add_c(a[6], b[4], c2, c3, c1); - mul_add_c(a[5], b[5], c2, c3, c1); - mul_add_c(a[4], b[6], c2, c3, c1); - mul_add_c(a[3], b[7], c2, c3, c1); - r[10] = c2; - c2 = 0; - mul_add_c(a[4], b[7], c3, c1, c2); - mul_add_c(a[5], b[6], c3, c1, c2); - mul_add_c(a[6], b[5], c3, c1, c2); - mul_add_c(a[7], b[4], c3, c1, c2); - r[11] = c3; - c3 = 0; - mul_add_c(a[7], b[5], c1, c2, c3); - mul_add_c(a[6], b[6], c1, c2, c3); - mul_add_c(a[5], b[7], c1, c2, c3); - r[12] = c1; - c1 = 0; - mul_add_c(a[6], b[7], c2, c3, c1); - mul_add_c(a[7], b[6], c2, c3, c1); - r[13] = c2; - c2 = 0; - mul_add_c(a[7], b[7], c3, c1, c2); - r[14] = c3; - r[15] = c1; -} - -void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) -{ - BN_ULONG c1, c2, c3; - - c1 = 0; - c2 = 0; - c3 = 0; - mul_add_c(a[0], b[0], c1, c2, c3); - r[0] = c1; - c1 = 0; - mul_add_c(a[0], b[1], c2, c3, c1); - mul_add_c(a[1], b[0], c2, c3, c1); - r[1] = c2; - c2 = 0; - mul_add_c(a[2], b[0], c3, c1, c2); - mul_add_c(a[1], b[1], c3, c1, c2); - mul_add_c(a[0], b[2], c3, c1, c2); - r[2] = c3; - c3 = 0; - mul_add_c(a[0], b[3], c1, c2, c3); - mul_add_c(a[1], b[2], c1, c2, c3); - mul_add_c(a[2], b[1], c1, c2, c3); - mul_add_c(a[3], b[0], c1, c2, c3); - r[3] = c1; - c1 = 0; - mul_add_c(a[3], b[1], c2, c3, c1); - mul_add_c(a[2], b[2], c2, c3, c1); - mul_add_c(a[1], b[3], c2, c3, c1); - r[4] = c2; - c2 = 0; - mul_add_c(a[2], b[3], c3, c1, c2); - mul_add_c(a[3], b[2], c3, c1, c2); - r[5] = c3; - c3 = 0; - mul_add_c(a[3], b[3], c1, c2, c3); - r[6] = c1; - r[7] = c2; -} - -void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) -{ - BN_ULONG c1, c2, c3; - - c1 = 0; - c2 = 0; - c3 = 0; - sqr_add_c(a, 0, c1, c2, c3); - r[0] = c1; - c1 = 0; - sqr_add_c2(a, 1, 0, c2, c3, c1); - r[1] = c2; - c2 = 0; - sqr_add_c(a, 1, c3, c1, c2); - sqr_add_c2(a, 2, 0, c3, c1, c2); - r[2] = c3; - c3 = 0; - sqr_add_c2(a, 3, 0, c1, c2, c3); - sqr_add_c2(a, 2, 1, c1, c2, c3); - r[3] = c1; - c1 = 0; - sqr_add_c(a, 2, c2, c3, c1); - sqr_add_c2(a, 3, 1, c2, c3, c1); - sqr_add_c2(a, 4, 0, c2, c3, c1); - r[4] = c2; - c2 = 0; - sqr_add_c2(a, 5, 0, c3, c1, c2); - sqr_add_c2(a, 4, 1, c3, c1, c2); - sqr_add_c2(a, 3, 2, c3, c1, c2); - r[5] = c3; - c3 = 0; - sqr_add_c(a, 3, c1, c2, c3); - sqr_add_c2(a, 4, 2, c1, c2, c3); - sqr_add_c2(a, 5, 1, c1, c2, c3); - sqr_add_c2(a, 6, 0, c1, c2, c3); - r[6] = c1; - c1 = 0; - sqr_add_c2(a, 7, 0, c2, c3, c1); - sqr_add_c2(a, 6, 1, c2, c3, c1); - sqr_add_c2(a, 5, 2, c2, c3, c1); - sqr_add_c2(a, 4, 3, c2, c3, c1); - r[7] = c2; - c2 = 0; - sqr_add_c(a, 4, c3, c1, c2); - sqr_add_c2(a, 5, 3, c3, c1, c2); - sqr_add_c2(a, 6, 2, c3, c1, c2); - sqr_add_c2(a, 7, 1, c3, c1, c2); - r[8] = c3; - c3 = 0; - sqr_add_c2(a, 7, 2, c1, c2, c3); - sqr_add_c2(a, 6, 3, c1, c2, c3); - sqr_add_c2(a, 5, 4, c1, c2, c3); - r[9] = c1; - c1 = 0; - sqr_add_c(a, 5, c2, c3, c1); - sqr_add_c2(a, 6, 4, c2, c3, c1); - sqr_add_c2(a, 7, 3, c2, c3, c1); - r[10] = c2; - c2 = 0; - sqr_add_c2(a, 7, 4, c3, c1, c2); - sqr_add_c2(a, 6, 5, c3, c1, c2); - r[11] = c3; - c3 = 0; - sqr_add_c(a, 6, c1, c2, c3); - sqr_add_c2(a, 7, 5, c1, c2, c3); - r[12] = c1; - c1 = 0; - sqr_add_c2(a, 7, 6, c2, c3, c1); - r[13] = c2; - c2 = 0; - sqr_add_c(a, 7, c3, c1, c2); - r[14] = c3; - r[15] = c1; -} - -void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) -{ - BN_ULONG c1, c2, c3; - - c1 = 0; - c2 = 0; - c3 = 0; - sqr_add_c(a, 0, c1, c2, c3); - r[0] = c1; - c1 = 0; - sqr_add_c2(a, 1, 0, c2, c3, c1); - r[1] = c2; - c2 = 0; - sqr_add_c(a, 1, c3, c1, c2); - sqr_add_c2(a, 2, 0, c3, c1, c2); - r[2] = c3; - c3 = 0; - sqr_add_c2(a, 3, 0, c1, c2, c3); - sqr_add_c2(a, 2, 1, c1, c2, c3); - r[3] = c1; - c1 = 0; - sqr_add_c(a, 2, c2, c3, c1); - sqr_add_c2(a, 3, 1, c2, c3, c1); - r[4] = c2; - c2 = 0; - sqr_add_c2(a, 3, 2, c3, c1, c2); - r[5] = c3; - c3 = 0; - sqr_add_c(a, 3, c1, c2, c3); - r[6] = c1; - r[7] = c2; -} - -# ifdef OPENSSL_NO_ASM -# ifdef OPENSSL_BN_ASM_MONT -# include <alloca.h> -/* - * This is essentially reference implementation, which may or may not - * result in performance improvement. E.g. on IA-32 this routine was - * observed to give 40% faster rsa1024 private key operations and 10% - * faster rsa4096 ones, while on AMD64 it improves rsa1024 sign only - * by 10% and *worsens* rsa4096 sign by 15%. Once again, it's a - * reference implementation, one to be used as starting point for - * platform-specific assembler. Mentioned numbers apply to compiler - * generated code compiled with and without -DOPENSSL_BN_ASM_MONT and - * can vary not only from platform to platform, but even for compiler - * versions. Assembler vs. assembler improvement coefficients can - * [and are known to] differ and are to be documented elsewhere. - */ -int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0p, int num) -{ - BN_ULONG c0, c1, ml, *tp, n0; -# ifdef mul64 - BN_ULONG mh; -# endif - volatile BN_ULONG *vp; - int i = 0, j; - -# if 0 /* template for platform-specific - * implementation */ - if (ap == bp) - return bn_sqr_mont(rp, ap, np, n0p, num); -# endif - vp = tp = alloca((num + 2) * sizeof(BN_ULONG)); - - n0 = *n0p; - - c0 = 0; - ml = bp[0]; -# ifdef mul64 - mh = HBITS(ml); - ml = LBITS(ml); - for (j = 0; j < num; ++j) - mul(tp[j], ap[j], ml, mh, c0); -# else - for (j = 0; j < num; ++j) - mul(tp[j], ap[j], ml, c0); -# endif - - tp[num] = c0; - tp[num + 1] = 0; - goto enter; - - for (i = 0; i < num; i++) { - c0 = 0; - ml = bp[i]; -# ifdef mul64 - mh = HBITS(ml); - ml = LBITS(ml); - for (j = 0; j < num; ++j) - mul_add(tp[j], ap[j], ml, mh, c0); -# else - for (j = 0; j < num; ++j) - mul_add(tp[j], ap[j], ml, c0); -# endif - c1 = (tp[num] + c0) & BN_MASK2; - tp[num] = c1; - tp[num + 1] = (c1 < c0 ? 1 : 0); - enter: - c1 = tp[0]; - ml = (c1 * n0) & BN_MASK2; - c0 = 0; -# ifdef mul64 - mh = HBITS(ml); - ml = LBITS(ml); - mul_add(c1, np[0], ml, mh, c0); -# else - mul_add(c1, ml, np[0], c0); -# endif - for (j = 1; j < num; j++) { - c1 = tp[j]; -# ifdef mul64 - mul_add(c1, np[j], ml, mh, c0); -# else - mul_add(c1, ml, np[j], c0); -# endif - tp[j - 1] = c1 & BN_MASK2; - } - c1 = (tp[num] + c0) & BN_MASK2; - tp[num - 1] = c1; - tp[num] = tp[num + 1] + (c1 < c0 ? 1 : 0); - } - - if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) { - c0 = bn_sub_words(rp, tp, np, num); - if (tp[num] != 0 || c0 == 0) { - for (i = 0; i < num + 2; i++) - vp[i] = 0; - return 1; - } - } - for (i = 0; i < num; i++) - rp[i] = tp[i], vp[i] = 0; - vp[num] = 0; - vp[num + 1] = 0; - return 1; -} -# else -/* - * Return value of 0 indicates that multiplication/convolution was not - * performed to signal the caller to fall down to alternative/original - * code-path. - */ -int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num) -{ - return 0; -} -# endif /* OPENSSL_BN_ASM_MONT */ -# endif - -#else /* !BN_MUL_COMBA */ - -/* hmm... is it faster just to do a multiply? */ -# undef bn_sqr_comba4 -void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) -{ - BN_ULONG t[8]; - bn_sqr_normal(r, a, 4, t); -} - -# undef bn_sqr_comba8 -void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) -{ - BN_ULONG t[16]; - bn_sqr_normal(r, a, 8, t); -} - -void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) -{ - r[4] = bn_mul_words(&(r[0]), a, 4, b[0]); - r[5] = bn_mul_add_words(&(r[1]), a, 4, b[1]); - r[6] = bn_mul_add_words(&(r[2]), a, 4, b[2]); - r[7] = bn_mul_add_words(&(r[3]), a, 4, b[3]); -} - -void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) -{ - r[8] = bn_mul_words(&(r[0]), a, 8, b[0]); - r[9] = bn_mul_add_words(&(r[1]), a, 8, b[1]); - r[10] = bn_mul_add_words(&(r[2]), a, 8, b[2]); - r[11] = bn_mul_add_words(&(r[3]), a, 8, b[3]); - r[12] = bn_mul_add_words(&(r[4]), a, 8, b[4]); - r[13] = bn_mul_add_words(&(r[5]), a, 8, b[5]); - r[14] = bn_mul_add_words(&(r[6]), a, 8, b[6]); - r[15] = bn_mul_add_words(&(r[7]), a, 8, b[7]); -} - -# ifdef OPENSSL_NO_ASM -# ifdef OPENSSL_BN_ASM_MONT -# include <alloca.h> -int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0p, int num) -{ - BN_ULONG c0, c1, *tp, n0 = *n0p; - volatile BN_ULONG *vp; - int i = 0, j; - - vp = tp = alloca((num + 2) * sizeof(BN_ULONG)); - - for (i = 0; i <= num; i++) - tp[i] = 0; - - for (i = 0; i < num; i++) { - c0 = bn_mul_add_words(tp, ap, num, bp[i]); - c1 = (tp[num] + c0) & BN_MASK2; - tp[num] = c1; - tp[num + 1] = (c1 < c0 ? 1 : 0); - - c0 = bn_mul_add_words(tp, np, num, tp[0] * n0); - c1 = (tp[num] + c0) & BN_MASK2; - tp[num] = c1; - tp[num + 1] += (c1 < c0 ? 1 : 0); - for (j = 0; j <= num; j++) - tp[j] = tp[j + 1]; - } - - if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) { - c0 = bn_sub_words(rp, tp, np, num); - if (tp[num] != 0 || c0 == 0) { - for (i = 0; i < num + 2; i++) - vp[i] = 0; - return 1; - } - } - for (i = 0; i < num; i++) - rp[i] = tp[i], vp[i] = 0; - vp[num] = 0; - vp[num + 1] = 0; - return 1; -} -# else -int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num) -{ - return 0; -} -# endif /* OPENSSL_BN_ASM_MONT */ -# endif - -#endif /* !BN_MUL_COMBA */ diff --git a/thirdparty/openssl/crypto/bn/bn_blind.c b/thirdparty/openssl/crypto/bn/bn_blind.c deleted file mode 100644 index d448daa3c7..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_blind.c +++ /dev/null @@ -1,385 +0,0 @@ -/* crypto/bn/bn_blind.c */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -#define BN_BLINDING_COUNTER 32 - -struct bn_blinding_st { - BIGNUM *A; - BIGNUM *Ai; - BIGNUM *e; - BIGNUM *mod; /* just a reference */ -#ifndef OPENSSL_NO_DEPRECATED - unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; used - * only by crypto/rsa/rsa_eay.c, rsa_lib.c */ -#endif - CRYPTO_THREADID tid; - int counter; - unsigned long flags; - BN_MONT_CTX *m_ctx; - int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -}; - -BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) -{ - BN_BLINDING *ret = NULL; - - bn_check_top(mod); - - if ((ret = (BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) { - BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); - } - memset(ret, 0, sizeof(BN_BLINDING)); - if (A != NULL) { - if ((ret->A = BN_dup(A)) == NULL) - goto err; - } - if (Ai != NULL) { - if ((ret->Ai = BN_dup(Ai)) == NULL) - goto err; - } - - /* save a copy of mod in the BN_BLINDING structure */ - if ((ret->mod = BN_dup(mod)) == NULL) - goto err; - if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) - BN_set_flags(ret->mod, BN_FLG_CONSTTIME); - - /* - * Set the counter to the special value -1 to indicate that this is - * never-used fresh blinding that does not need updating before first - * use. - */ - ret->counter = -1; - CRYPTO_THREADID_current(&ret->tid); - return (ret); - err: - if (ret != NULL) - BN_BLINDING_free(ret); - return (NULL); -} - -void BN_BLINDING_free(BN_BLINDING *r) -{ - if (r == NULL) - return; - - if (r->A != NULL) - BN_free(r->A); - if (r->Ai != NULL) - BN_free(r->Ai); - if (r->e != NULL) - BN_free(r->e); - if (r->mod != NULL) - BN_free(r->mod); - OPENSSL_free(r); -} - -int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) -{ - int ret = 0; - - if ((b->A == NULL) || (b->Ai == NULL)) { - BNerr(BN_F_BN_BLINDING_UPDATE, BN_R_NOT_INITIALIZED); - goto err; - } - - if (b->counter == -1) - b->counter = 0; - - if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL && - !(b->flags & BN_BLINDING_NO_RECREATE)) { - /* re-create blinding parameters */ - if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL)) - goto err; - } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) { - if (!BN_mod_mul(b->A, b->A, b->A, b->mod, ctx)) - goto err; - if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx)) - goto err; - } - - ret = 1; - err: - if (b->counter == BN_BLINDING_COUNTER) - b->counter = 0; - return (ret); -} - -int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) -{ - return BN_BLINDING_convert_ex(n, NULL, b, ctx); -} - -int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) -{ - int ret = 1; - - bn_check_top(n); - - if ((b->A == NULL) || (b->Ai == NULL)) { - BNerr(BN_F_BN_BLINDING_CONVERT_EX, BN_R_NOT_INITIALIZED); - return (0); - } - - if (b->counter == -1) - /* Fresh blinding, doesn't need updating. */ - b->counter = 0; - else if (!BN_BLINDING_update(b, ctx)) - return (0); - - if (r != NULL) { - if (!BN_copy(r, b->Ai)) - ret = 0; - } - - if (!BN_mod_mul(n, n, b->A, b->mod, ctx)) - ret = 0; - - return ret; -} - -int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) -{ - return BN_BLINDING_invert_ex(n, NULL, b, ctx); -} - -int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, - BN_CTX *ctx) -{ - int ret; - - bn_check_top(n); - - if (r != NULL) - ret = BN_mod_mul(n, n, r, b->mod, ctx); - else { - if (b->Ai == NULL) { - BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED); - return (0); - } - ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); - } - - bn_check_top(n); - return (ret); -} - -#ifndef OPENSSL_NO_DEPRECATED -unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b) -{ - return b->thread_id; -} - -void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n) -{ - b->thread_id = n; -} -#endif - -CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b) -{ - return &b->tid; -} - -unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b) -{ - return b->flags; -} - -void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags) -{ - b->flags = flags; -} - -BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, - const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, - int (*bn_mod_exp) (BIGNUM *r, - const BIGNUM *a, - const BIGNUM *p, - const BIGNUM *m, - BN_CTX *ctx, - BN_MONT_CTX *m_ctx), - BN_MONT_CTX *m_ctx) -{ - int retry_counter = 32; - BN_BLINDING *ret = NULL; - - if (b == NULL) - ret = BN_BLINDING_new(NULL, NULL, m); - else - ret = b; - - if (ret == NULL) - goto err; - - if (ret->A == NULL && (ret->A = BN_new()) == NULL) - goto err; - if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL) - goto err; - - if (e != NULL) { - if (ret->e != NULL) - BN_free(ret->e); - ret->e = BN_dup(e); - } - if (ret->e == NULL) - goto err; - - if (bn_mod_exp != NULL) - ret->bn_mod_exp = bn_mod_exp; - if (m_ctx != NULL) - ret->m_ctx = m_ctx; - - do { - if (!BN_rand_range(ret->A, ret->mod)) - goto err; - if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) { - /* - * this should almost never happen for good RSA keys - */ - unsigned long error = ERR_peek_last_error(); - if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) { - if (retry_counter-- == 0) { - BNerr(BN_F_BN_BLINDING_CREATE_PARAM, - BN_R_TOO_MANY_ITERATIONS); - goto err; - } - ERR_clear_error(); - } else - goto err; - } else - break; - } while (1); - - if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) { - if (!ret->bn_mod_exp - (ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) - goto err; - } else { - if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)) - goto err; - } - - return ret; - err: - if (b == NULL && ret != NULL) { - BN_BLINDING_free(ret); - ret = NULL; - } - - return ret; -} diff --git a/thirdparty/openssl/crypto/bn/bn_const.c b/thirdparty/openssl/crypto/bn/bn_const.c deleted file mode 100644 index 12c3208c24..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_const.c +++ /dev/null @@ -1,547 +0,0 @@ -/* crypto/bn/knownprimes.c */ -/* Insert boilerplate */ - -#include "bn.h" - -/*- - * "First Oakley Default Group" from RFC2409, section 6.1. - * - * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 } - * - * RFC2409 specifies a generator of 2. - * RFC2412 specifies a generator of of 22. - */ - -BIGNUM *get_rfc2409_prime_768(BIGNUM *bn) -{ - static const unsigned char RFC2409_PRIME_768[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x3A, 0x36, 0x20, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - }; - return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn); -} - -/*- - * "Second Oakley Default Group" from RFC2409, section 6.2. - * - * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }. - * - * RFC2409 specifies a generator of 2. - * RFC2412 specifies a generator of 22. - */ - -BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn) -{ - static const unsigned char RFC2409_PRIME_1024[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, - 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, - 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, - 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, - 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - }; - return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn); -} - -/*- - * "1536-bit MODP Group" from RFC3526, Section 2. - * - * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } - * - * RFC3526 specifies a generator of 2. - * RFC2312 specifies a generator of 22. - */ - -BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn) -{ - static const unsigned char RFC3526_PRIME_1536[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, - 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, - 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, - 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, - 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, - 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, - 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, - 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, - 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, - 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, - 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, - 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, - 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x23, 0x73, 0x27, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - }; - return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), bn); -} - -/*- - * "2048-bit MODP Group" from RFC3526, Section 3. - * - * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 } - * - * RFC3526 specifies a generator of 2. - */ - -BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn) -{ - static const unsigned char RFC3526_PRIME_2048[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, - 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, - 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, - 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, - 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, - 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, - 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, - 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, - 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, - 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, - 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, - 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, - 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, - 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, - 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, - 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, - 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, - 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, - 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, - 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, - 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - }; - return BN_bin2bn(RFC3526_PRIME_2048, sizeof(RFC3526_PRIME_2048), bn); -} - -/*- - * "3072-bit MODP Group" from RFC3526, Section 4. - * - * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 } - * - * RFC3526 specifies a generator of 2. - */ - -BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn) -{ - static const unsigned char RFC3526_PRIME_3072[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, - 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, - 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, - 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, - 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, - 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, - 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, - 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, - 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, - 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, - 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, - 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, - 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, - 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, - 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, - 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, - 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, - 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, - 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, - 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, - 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, - 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, - 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, - 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, - 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, - 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, - 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, - 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, - 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, - 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, - 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, - 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, - 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, - 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, - 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, - 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, - 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - }; - return BN_bin2bn(RFC3526_PRIME_3072, sizeof(RFC3526_PRIME_3072), bn); -} - -/*- - * "4096-bit MODP Group" from RFC3526, Section 5. - * - * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 } - * - * RFC3526 specifies a generator of 2. - */ - -BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn) -{ - static const unsigned char RFC3526_PRIME_4096[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, - 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, - 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, - 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, - 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, - 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, - 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, - 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, - 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, - 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, - 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, - 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, - 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, - 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, - 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, - 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, - 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, - 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, - 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, - 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, - 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, - 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, - 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, - 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, - 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, - 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, - 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, - 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, - 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, - 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, - 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, - 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, - 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, - 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, - 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, - 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, - 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, - 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, - 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, - 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, - 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, - 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, - 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, - 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, - 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, - 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, - 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, - 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, - 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, - 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, - 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, - 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, - 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - }; - return BN_bin2bn(RFC3526_PRIME_4096, sizeof(RFC3526_PRIME_4096), bn); -} - -/*- - * "6144-bit MODP Group" from RFC3526, Section 6. - * - * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 } - * - * RFC3526 specifies a generator of 2. - */ - -BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn) -{ - static const unsigned char RFC3526_PRIME_6144[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, - 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, - 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, - 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, - 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, - 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, - 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, - 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, - 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, - 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, - 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, - 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, - 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, - 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, - 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, - 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, - 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, - 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, - 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, - 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, - 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, - 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, - 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, - 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, - 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, - 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, - 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, - 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, - 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, - 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, - 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, - 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, - 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, - 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, - 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, - 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, - 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, - 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, - 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, - 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, - 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, - 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, - 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, - 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, - 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, - 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, - 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, - 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, - 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, - 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, - 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, - 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, - 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, - 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, - 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE, - 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, - 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, - 0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE, - 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, - 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, - 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED, - 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, - 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, - 0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42, - 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, - 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, - 0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03, - 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, - 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, - 0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E, - 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, - 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, - 0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5, - 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, - 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, - 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0, - 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, - 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, - 0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0, - 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, - 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, - 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68, - 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, - 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, - 0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xCC, 0x40, 0x24, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - }; - return BN_bin2bn(RFC3526_PRIME_6144, sizeof(RFC3526_PRIME_6144), bn); -} - -/*- - * "8192-bit MODP Group" from RFC3526, Section 7. - * - * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 } - * - * RFC3526 specifies a generator of 2. - */ - -BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn) -{ - static const unsigned char RFC3526_PRIME_8192[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, - 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, - 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, - 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, - 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, - 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, - 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, - 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, - 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, - 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, - 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, - 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, - 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, - 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, - 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, - 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, - 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, - 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, - 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, - 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, - 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, - 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, - 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, - 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, - 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, - 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, - 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, - 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, - 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, - 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, - 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, - 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, - 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, - 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, - 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, - 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, - 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, - 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, - 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, - 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, - 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, - 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, - 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, - 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, - 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, - 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, - 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, - 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, - 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, - 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, - 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, - 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, - 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, - 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, - 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE, - 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, - 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, - 0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE, - 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, - 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, - 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED, - 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, - 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, - 0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42, - 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, - 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, - 0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03, - 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, - 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, - 0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E, - 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, - 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, - 0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5, - 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, - 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, - 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0, - 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, - 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, - 0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0, - 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, - 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, - 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68, - 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, - 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, - 0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xBE, 0x11, 0x59, - 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4, - 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, - 0xD8, 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA, - 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00, - 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED, - 0x25, 0x76, 0xF6, 0x93, 0x6B, 0xA4, 0x24, 0x66, - 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68, - 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, - 0x23, 0x8F, 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D, - 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9, - 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07, - 0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, 0xF0, 0xC7, - 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B, - 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, - 0xFA, 0x9D, 0x4B, 0x7F, 0xA2, 0xC0, 0x87, 0xE8, - 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A, - 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, - 0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, 0x2D, - 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36, - 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, - 0x64, 0xF3, 0x1C, 0xC5, 0x08, 0x46, 0x85, 0x1D, - 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1, - 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, - 0xFA, 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68, - 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92, - 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, - 0x88, 0x9A, 0x00, 0x2E, 0xD5, 0xEE, 0x38, 0x2B, - 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47, - 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA, - 0x9E, 0x30, 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF, - 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71, - 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - }; - return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn); -} diff --git a/thirdparty/openssl/crypto/bn/bn_ctx.c b/thirdparty/openssl/crypto/bn/bn_ctx.c deleted file mode 100644 index 526c6a046d..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_ctx.c +++ /dev/null @@ -1,448 +0,0 @@ -/* crypto/bn/bn_ctx.c */ -/* Written by Ulf Moeller for the OpenSSL project. */ -/* ==================================================================== - * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG) -# ifndef NDEBUG -# define NDEBUG -# endif -#endif - -#include <stdio.h> -#include <assert.h> - -#include "cryptlib.h" -#include "bn_lcl.h" - -/*- - * TODO list - * - * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and - * check they can be safely removed. - * - Check +1 and other ugliness in BN_from_montgomery() - * - * 2. Consider allowing a BN_new_ex() that, at least, lets you specify an - * appropriate 'block' size that will be honoured by bn_expand_internal() to - * prevent piddly little reallocations. OTOH, profiling bignum expansions in - * BN_CTX doesn't show this to be a big issue. - */ - -/* How many bignums are in each "pool item"; */ -#define BN_CTX_POOL_SIZE 16 -/* The stack frame info is resizing, set a first-time expansion size; */ -#define BN_CTX_START_FRAMES 32 - -/***********/ -/* BN_POOL */ -/***********/ - -/* A bundle of bignums that can be linked with other bundles */ -typedef struct bignum_pool_item { - /* The bignum values */ - BIGNUM vals[BN_CTX_POOL_SIZE]; - /* Linked-list admin */ - struct bignum_pool_item *prev, *next; -} BN_POOL_ITEM; -/* A linked-list of bignums grouped in bundles */ -typedef struct bignum_pool { - /* Linked-list admin */ - BN_POOL_ITEM *head, *current, *tail; - /* Stack depth and allocation size */ - unsigned used, size; -} BN_POOL; -static void BN_POOL_init(BN_POOL *); -static void BN_POOL_finish(BN_POOL *); -#ifndef OPENSSL_NO_DEPRECATED -static void BN_POOL_reset(BN_POOL *); -#endif -static BIGNUM *BN_POOL_get(BN_POOL *); -static void BN_POOL_release(BN_POOL *, unsigned int); - -/************/ -/* BN_STACK */ -/************/ - -/* A wrapper to manage the "stack frames" */ -typedef struct bignum_ctx_stack { - /* Array of indexes into the bignum stack */ - unsigned int *indexes; - /* Number of stack frames, and the size of the allocated array */ - unsigned int depth, size; -} BN_STACK; -static void BN_STACK_init(BN_STACK *); -static void BN_STACK_finish(BN_STACK *); -#ifndef OPENSSL_NO_DEPRECATED -static void BN_STACK_reset(BN_STACK *); -#endif -static int BN_STACK_push(BN_STACK *, unsigned int); -static unsigned int BN_STACK_pop(BN_STACK *); - -/**********/ -/* BN_CTX */ -/**********/ - -/* The opaque BN_CTX type */ -struct bignum_ctx { - /* The bignum bundles */ - BN_POOL pool; - /* The "stack frames", if you will */ - BN_STACK stack; - /* The number of bignums currently assigned */ - unsigned int used; - /* Depth of stack overflow */ - int err_stack; - /* Block "gets" until an "end" (compatibility behaviour) */ - int too_many; -}; - -/* Enable this to find BN_CTX bugs */ -#ifdef BN_CTX_DEBUG -static const char *ctxdbg_cur = NULL; -static void ctxdbg(BN_CTX *ctx) -{ - unsigned int bnidx = 0, fpidx = 0; - BN_POOL_ITEM *item = ctx->pool.head; - BN_STACK *stack = &ctx->stack; - fprintf(stderr, "(%16p): ", ctx); - while (bnidx < ctx->used) { - fprintf(stderr, "%03x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); - if (!(bnidx % BN_CTX_POOL_SIZE)) - item = item->next; - } - fprintf(stderr, "\n"); - bnidx = 0; - fprintf(stderr, " : "); - while (fpidx < stack->depth) { - while (bnidx++ < stack->indexes[fpidx]) - fprintf(stderr, " "); - fprintf(stderr, "^^^ "); - bnidx++; - fpidx++; - } - fprintf(stderr, "\n"); -} - -# define CTXDBG_ENTRY(str, ctx) do { \ - ctxdbg_cur = (str); \ - fprintf(stderr,"Starting %s\n", ctxdbg_cur); \ - ctxdbg(ctx); \ - } while(0) -# define CTXDBG_EXIT(ctx) do { \ - fprintf(stderr,"Ending %s\n", ctxdbg_cur); \ - ctxdbg(ctx); \ - } while(0) -# define CTXDBG_RET(ctx,ret) -#else -# define CTXDBG_ENTRY(str, ctx) -# define CTXDBG_EXIT(ctx) -# define CTXDBG_RET(ctx,ret) -#endif - -/* - * This function is an evil legacy and should not be used. This - * implementation is WYSIWYG, though I've done my best. - */ -#ifndef OPENSSL_NO_DEPRECATED -void BN_CTX_init(BN_CTX *ctx) -{ - /* - * Assume the caller obtained the context via BN_CTX_new() and so is - * trying to reset it for use. Nothing else makes sense, least of all - * binary compatibility from a time when they could declare a static - * variable. - */ - BN_POOL_reset(&ctx->pool); - BN_STACK_reset(&ctx->stack); - ctx->used = 0; - ctx->err_stack = 0; - ctx->too_many = 0; -} -#endif - -BN_CTX *BN_CTX_new(void) -{ - BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX)); - if (!ret) { - BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE); - return NULL; - } - /* Initialise the structure */ - BN_POOL_init(&ret->pool); - BN_STACK_init(&ret->stack); - ret->used = 0; - ret->err_stack = 0; - ret->too_many = 0; - return ret; -} - -void BN_CTX_free(BN_CTX *ctx) -{ - if (ctx == NULL) - return; -#ifdef BN_CTX_DEBUG - { - BN_POOL_ITEM *pool = ctx->pool.head; - fprintf(stderr, "BN_CTX_free, stack-size=%d, pool-bignums=%d\n", - ctx->stack.size, ctx->pool.size); - fprintf(stderr, "dmaxs: "); - while (pool) { - unsigned loop = 0; - while (loop < BN_CTX_POOL_SIZE) - fprintf(stderr, "%02x ", pool->vals[loop++].dmax); - pool = pool->next; - } - fprintf(stderr, "\n"); - } -#endif - BN_STACK_finish(&ctx->stack); - BN_POOL_finish(&ctx->pool); - OPENSSL_free(ctx); -} - -void BN_CTX_start(BN_CTX *ctx) -{ - CTXDBG_ENTRY("BN_CTX_start", ctx); - /* If we're already overflowing ... */ - if (ctx->err_stack || ctx->too_many) - ctx->err_stack++; - /* (Try to) get a new frame pointer */ - else if (!BN_STACK_push(&ctx->stack, ctx->used)) { - BNerr(BN_F_BN_CTX_START, BN_R_TOO_MANY_TEMPORARY_VARIABLES); - ctx->err_stack++; - } - CTXDBG_EXIT(ctx); -} - -void BN_CTX_end(BN_CTX *ctx) -{ - CTXDBG_ENTRY("BN_CTX_end", ctx); - if (ctx->err_stack) - ctx->err_stack--; - else { - unsigned int fp = BN_STACK_pop(&ctx->stack); - /* Does this stack frame have anything to release? */ - if (fp < ctx->used) - BN_POOL_release(&ctx->pool, ctx->used - fp); - ctx->used = fp; - /* Unjam "too_many" in case "get" had failed */ - ctx->too_many = 0; - } - CTXDBG_EXIT(ctx); -} - -BIGNUM *BN_CTX_get(BN_CTX *ctx) -{ - BIGNUM *ret; - CTXDBG_ENTRY("BN_CTX_get", ctx); - if (ctx->err_stack || ctx->too_many) - return NULL; - if ((ret = BN_POOL_get(&ctx->pool)) == NULL) { - /* - * Setting too_many prevents repeated "get" attempts from cluttering - * the error stack. - */ - ctx->too_many = 1; - BNerr(BN_F_BN_CTX_GET, BN_R_TOO_MANY_TEMPORARY_VARIABLES); - return NULL; - } - /* OK, make sure the returned bignum is "zero" */ - BN_zero(ret); - ctx->used++; - CTXDBG_RET(ctx, ret); - return ret; -} - -/************/ -/* BN_STACK */ -/************/ - -static void BN_STACK_init(BN_STACK *st) -{ - st->indexes = NULL; - st->depth = st->size = 0; -} - -static void BN_STACK_finish(BN_STACK *st) -{ - if (st->size) - OPENSSL_free(st->indexes); -} - -#ifndef OPENSSL_NO_DEPRECATED -static void BN_STACK_reset(BN_STACK *st) -{ - st->depth = 0; -} -#endif - -static int BN_STACK_push(BN_STACK *st, unsigned int idx) -{ - if (st->depth == st->size) - /* Need to expand */ - { - unsigned int newsize = (st->size ? - (st->size * 3 / 2) : BN_CTX_START_FRAMES); - unsigned int *newitems = OPENSSL_malloc(newsize * - sizeof(unsigned int)); - if (!newitems) - return 0; - if (st->depth) - memcpy(newitems, st->indexes, st->depth * sizeof(unsigned int)); - if (st->size) - OPENSSL_free(st->indexes); - st->indexes = newitems; - st->size = newsize; - } - st->indexes[(st->depth)++] = idx; - return 1; -} - -static unsigned int BN_STACK_pop(BN_STACK *st) -{ - return st->indexes[--(st->depth)]; -} - -/***********/ -/* BN_POOL */ -/***********/ - -static void BN_POOL_init(BN_POOL *p) -{ - p->head = p->current = p->tail = NULL; - p->used = p->size = 0; -} - -static void BN_POOL_finish(BN_POOL *p) -{ - while (p->head) { - unsigned int loop = 0; - BIGNUM *bn = p->head->vals; - while (loop++ < BN_CTX_POOL_SIZE) { - if (bn->d) - BN_clear_free(bn); - bn++; - } - p->current = p->head->next; - OPENSSL_free(p->head); - p->head = p->current; - } -} - -#ifndef OPENSSL_NO_DEPRECATED -static void BN_POOL_reset(BN_POOL *p) -{ - BN_POOL_ITEM *item = p->head; - while (item) { - unsigned int loop = 0; - BIGNUM *bn = item->vals; - while (loop++ < BN_CTX_POOL_SIZE) { - if (bn->d) - BN_clear(bn); - bn++; - } - item = item->next; - } - p->current = p->head; - p->used = 0; -} -#endif - -static BIGNUM *BN_POOL_get(BN_POOL *p) -{ - if (p->used == p->size) { - BIGNUM *bn; - unsigned int loop = 0; - BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM)); - if (!item) - return NULL; - /* Initialise the structure */ - bn = item->vals; - while (loop++ < BN_CTX_POOL_SIZE) - BN_init(bn++); - item->prev = p->tail; - item->next = NULL; - /* Link it in */ - if (!p->head) - p->head = p->current = p->tail = item; - else { - p->tail->next = item; - p->tail = item; - p->current = item; - } - p->size += BN_CTX_POOL_SIZE; - p->used++; - /* Return the first bignum from the new pool */ - return item->vals; - } - if (!p->used) - p->current = p->head; - else if ((p->used % BN_CTX_POOL_SIZE) == 0) - p->current = p->current->next; - return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE); -} - -static void BN_POOL_release(BN_POOL *p, unsigned int num) -{ - unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE; - p->used -= num; - while (num--) { - bn_check_top(p->current->vals + offset); - if (!offset) { - offset = BN_CTX_POOL_SIZE - 1; - p->current = p->current->prev; - } else - offset--; - } -} diff --git a/thirdparty/openssl/crypto/bn/bn_depr.c b/thirdparty/openssl/crypto/bn/bn_depr.c deleted file mode 100644 index 34895f5982..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_depr.c +++ /dev/null @@ -1,115 +0,0 @@ -/* crypto/bn/bn_depr.c */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - * Support for deprecated functions goes here - static linkage will only - * slurp this code if applications are using them directly. - */ - -#include <stdio.h> -#include <time.h> -#include "cryptlib.h" -#include "bn_lcl.h" -#include <openssl/rand.h> - -static void *dummy = &dummy; - -#ifndef OPENSSL_NO_DEPRECATED -BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, - void (*callback) (int, int, void *), void *cb_arg) -{ - BN_GENCB cb; - BIGNUM *rnd = NULL; - int found = 0; - - BN_GENCB_set_old(&cb, callback, cb_arg); - - if (ret == NULL) { - if ((rnd = BN_new()) == NULL) - goto err; - } else - rnd = ret; - if (!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb)) - goto err; - - /* we have a prime :-) */ - found = 1; - err: - if (!found && (ret == NULL) && (rnd != NULL)) - BN_free(rnd); - return (found ? rnd : NULL); -} - -int BN_is_prime(const BIGNUM *a, int checks, - void (*callback) (int, int, void *), BN_CTX *ctx_passed, - void *cb_arg) -{ - BN_GENCB cb; - BN_GENCB_set_old(&cb, callback, cb_arg); - return BN_is_prime_ex(a, checks, ctx_passed, &cb); -} - -int BN_is_prime_fasttest(const BIGNUM *a, int checks, - void (*callback) (int, int, void *), - BN_CTX *ctx_passed, void *cb_arg, - int do_trial_division) -{ - BN_GENCB cb; - BN_GENCB_set_old(&cb, callback, cb_arg); - return BN_is_prime_fasttest_ex(a, checks, ctx_passed, - do_trial_division, &cb); -} -#endif diff --git a/thirdparty/openssl/crypto/bn/bn_div.c b/thirdparty/openssl/crypto/bn/bn_div.c deleted file mode 100644 index bc37671cf1..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_div.c +++ /dev/null @@ -1,477 +0,0 @@ -/* crypto/bn/bn_div.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <openssl/bn.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -/* The old slow way */ -#if 0 -int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, - BN_CTX *ctx) -{ - int i, nm, nd; - int ret = 0; - BIGNUM *D; - - bn_check_top(m); - bn_check_top(d); - if (BN_is_zero(d)) { - BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO); - return (0); - } - - if (BN_ucmp(m, d) < 0) { - if (rem != NULL) { - if (BN_copy(rem, m) == NULL) - return (0); - } - if (dv != NULL) - BN_zero(dv); - return (1); - } - - BN_CTX_start(ctx); - D = BN_CTX_get(ctx); - if (dv == NULL) - dv = BN_CTX_get(ctx); - if (rem == NULL) - rem = BN_CTX_get(ctx); - if (D == NULL || dv == NULL || rem == NULL) - goto end; - - nd = BN_num_bits(d); - nm = BN_num_bits(m); - if (BN_copy(D, d) == NULL) - goto end; - if (BN_copy(rem, m) == NULL) - goto end; - - /* - * The next 2 are needed so we can do a dv->d[0]|=1 later since - * BN_lshift1 will only work once there is a value :-) - */ - BN_zero(dv); - if (bn_wexpand(dv, 1) == NULL) - goto end; - dv->top = 1; - - if (!BN_lshift(D, D, nm - nd)) - goto end; - for (i = nm - nd; i >= 0; i--) { - if (!BN_lshift1(dv, dv)) - goto end; - if (BN_ucmp(rem, D) >= 0) { - dv->d[0] |= 1; - if (!BN_usub(rem, rem, D)) - goto end; - } -/* CAN IMPROVE (and have now :=) */ - if (!BN_rshift1(D, D)) - goto end; - } - rem->neg = BN_is_zero(rem) ? 0 : m->neg; - dv->neg = m->neg ^ d->neg; - ret = 1; - end: - BN_CTX_end(ctx); - return (ret); -} - -#else - -# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \ - && !defined(PEDANTIC) && !defined(BN_DIV3W) -# if defined(__GNUC__) && __GNUC__>=2 -# if defined(__i386) || defined (__i386__) - /*- - * There were two reasons for implementing this template: - * - GNU C generates a call to a function (__udivdi3 to be exact) - * in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to - * understand why...); - * - divl doesn't only calculate quotient, but also leaves - * remainder in %edx which we can definitely use here:-) - * - * <appro@fy.chalmers.se> - */ -# undef bn_div_words -# define bn_div_words(n0,n1,d0) \ - ({ asm volatile ( \ - "divl %4" \ - : "=a"(q), "=d"(rem) \ - : "a"(n1), "d"(n0), "r"(d0) \ - : "cc"); \ - q; \ - }) -# define REMAINDER_IS_ALREADY_CALCULATED -# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG) - /* - * Same story here, but it's 128-bit by 64-bit division. Wow! - * <appro@fy.chalmers.se> - */ -# undef bn_div_words -# define bn_div_words(n0,n1,d0) \ - ({ asm volatile ( \ - "divq %4" \ - : "=a"(q), "=d"(rem) \ - : "a"(n1), "d"(n0), "r"(d0) \ - : "cc"); \ - q; \ - }) -# define REMAINDER_IS_ALREADY_CALCULATED -# endif /* __<cpu> */ -# endif /* __GNUC__ */ -# endif /* OPENSSL_NO_ASM */ - -/*- - * BN_div computes dv := num / divisor, rounding towards - * zero, and sets up rm such that dv*divisor + rm = num holds. - * Thus: - * dv->neg == num->neg ^ divisor->neg (unless the result is zero) - * rm->neg == num->neg (unless the remainder is zero) - * If 'dv' or 'rm' is NULL, the respective value is not returned. - */ -int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, - BN_CTX *ctx) -{ - int norm_shift, i, loop; - BIGNUM *tmp, wnum, *snum, *sdiv, *res; - BN_ULONG *resp, *wnump; - BN_ULONG d0, d1; - int num_n, div_n; - int no_branch = 0; - - /* - * Invalid zero-padding would have particularly bad consequences so don't - * just rely on bn_check_top() here (bn_check_top() works only for - * BN_DEBUG builds) - */ - if ((num->top > 0 && num->d[num->top - 1] == 0) || - (divisor->top > 0 && divisor->d[divisor->top - 1] == 0)) { - BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED); - return 0; - } - - bn_check_top(num); - bn_check_top(divisor); - - if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) - || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) { - no_branch = 1; - } - - bn_check_top(dv); - bn_check_top(rm); - /*- bn_check_top(num); *//* - * 'num' has been checked already - */ - /*- bn_check_top(divisor); *//* - * 'divisor' has been checked already - */ - - if (BN_is_zero(divisor)) { - BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO); - return (0); - } - - if (!no_branch && BN_ucmp(num, divisor) < 0) { - if (rm != NULL) { - if (BN_copy(rm, num) == NULL) - return (0); - } - if (dv != NULL) - BN_zero(dv); - return (1); - } - - BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - snum = BN_CTX_get(ctx); - sdiv = BN_CTX_get(ctx); - if (dv == NULL) - res = BN_CTX_get(ctx); - else - res = dv; - if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL) - goto err; - - /* First we normalise the numbers */ - norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2); - if (!(BN_lshift(sdiv, divisor, norm_shift))) - goto err; - sdiv->neg = 0; - norm_shift += BN_BITS2; - if (!(BN_lshift(snum, num, norm_shift))) - goto err; - snum->neg = 0; - - if (no_branch) { - /* - * Since we don't know whether snum is larger than sdiv, we pad snum - * with enough zeroes without changing its value. - */ - if (snum->top <= sdiv->top + 1) { - if (bn_wexpand(snum, sdiv->top + 2) == NULL) - goto err; - for (i = snum->top; i < sdiv->top + 2; i++) - snum->d[i] = 0; - snum->top = sdiv->top + 2; - } else { - if (bn_wexpand(snum, snum->top + 1) == NULL) - goto err; - snum->d[snum->top] = 0; - snum->top++; - } - } - - div_n = sdiv->top; - num_n = snum->top; - loop = num_n - div_n; - /* - * Lets setup a 'window' into snum This is the part that corresponds to - * the current 'area' being divided - */ - wnum.neg = 0; - wnum.d = &(snum->d[loop]); - wnum.top = div_n; - /* - * only needed when BN_ucmp messes up the values between top and max - */ - wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ - - /* Get the top 2 words of sdiv */ - /* div_n=sdiv->top; */ - d0 = sdiv->d[div_n - 1]; - d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2]; - - /* pointer to the 'top' of snum */ - wnump = &(snum->d[num_n - 1]); - - /* Setup to 'res' */ - res->neg = (num->neg ^ divisor->neg); - if (!bn_wexpand(res, (loop + 1))) - goto err; - res->top = loop - no_branch; - resp = &(res->d[loop - 1]); - - /* space for temp */ - if (!bn_wexpand(tmp, (div_n + 1))) - goto err; - - if (!no_branch) { - if (BN_ucmp(&wnum, sdiv) >= 0) { - /* - * If BN_DEBUG_RAND is defined BN_ucmp changes (via bn_pollute) - * the const bignum arguments => clean the values between top and - * max again - */ - bn_clear_top2max(&wnum); - bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); - *resp = 1; - } else - res->top--; - } - - /* - * if res->top == 0 then clear the neg value otherwise decrease the resp - * pointer - */ - if (res->top == 0) - res->neg = 0; - else - resp--; - - for (i = 0; i < loop - 1; i++, wnump--, resp--) { - BN_ULONG q, l0; - /* - * the first part of the loop uses the top two words of snum and sdiv - * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv - */ -# if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM) - BN_ULONG bn_div_3_words(BN_ULONG *, BN_ULONG, BN_ULONG); - q = bn_div_3_words(wnump, d1, d0); -# else - BN_ULONG n0, n1, rem = 0; - - n0 = wnump[0]; - n1 = wnump[-1]; - if (n0 == d0) - q = BN_MASK2; - else { /* n0 < d0 */ - -# ifdef BN_LLONG - BN_ULLONG t2; - -# if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words) - q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0); -# else - q = bn_div_words(n0, n1, d0); -# ifdef BN_DEBUG_LEVITTE - fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ -X) -> 0x%08X\n", n0, n1, d0, q); -# endif -# endif - -# ifndef REMAINDER_IS_ALREADY_CALCULATED - /* - * rem doesn't have to be BN_ULLONG. The least we - * know it's less that d0, isn't it? - */ - rem = (n1 - q * d0) & BN_MASK2; -# endif - t2 = (BN_ULLONG) d1 *q; - - for (;;) { - if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | wnump[-2])) - break; - q--; - rem += d0; - if (rem < d0) - break; /* don't let rem overflow */ - t2 -= d1; - } -# else /* !BN_LLONG */ - BN_ULONG t2l, t2h; - - q = bn_div_words(n0, n1, d0); -# ifdef BN_DEBUG_LEVITTE - fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ -X) -> 0x%08X\n", n0, n1, d0, q); -# endif -# ifndef REMAINDER_IS_ALREADY_CALCULATED - rem = (n1 - q * d0) & BN_MASK2; -# endif - -# if defined(BN_UMULT_LOHI) - BN_UMULT_LOHI(t2l, t2h, d1, q); -# elif defined(BN_UMULT_HIGH) - t2l = d1 * q; - t2h = BN_UMULT_HIGH(d1, q); -# else - { - BN_ULONG ql, qh; - t2l = LBITS(d1); - t2h = HBITS(d1); - ql = LBITS(q); - qh = HBITS(q); - mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */ - } -# endif - - for (;;) { - if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2]))) - break; - q--; - rem += d0; - if (rem < d0) - break; /* don't let rem overflow */ - if (t2l < d1) - t2h--; - t2l -= d1; - } -# endif /* !BN_LLONG */ - } -# endif /* !BN_DIV3W */ - - l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q); - tmp->d[div_n] = l0; - wnum.d--; - /* - * ingore top values of the bignums just sub the two BN_ULONG arrays - * with bn_sub_words - */ - if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) { - /* - * Note: As we have considered only the leading two BN_ULONGs in - * the calculation of q, sdiv * q might be greater than wnum (but - * then (q-1) * sdiv is less or equal than wnum) - */ - q--; - if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) - /* - * we can't have an overflow here (assuming that q != 0, but - * if q == 0 then tmp is zero anyway) - */ - (*wnump)++; - } - /* store part of the result */ - *resp = q; - } - bn_correct_top(snum); - if (rm != NULL) { - /* - * Keep a copy of the neg flag in num because if rm==num BN_rshift() - * will overwrite it. - */ - int neg = num->neg; - BN_rshift(rm, snum, norm_shift); - if (!BN_is_zero(rm)) - rm->neg = neg; - bn_check_top(rm); - } - if (no_branch) - bn_correct_top(res); - BN_CTX_end(ctx); - return (1); - err: - bn_check_top(rm); - BN_CTX_end(ctx); - return (0); -} -#endif diff --git a/thirdparty/openssl/crypto/bn/bn_err.c b/thirdparty/openssl/crypto/bn/bn_err.c deleted file mode 100644 index e7a703826e..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_err.c +++ /dev/null @@ -1,154 +0,0 @@ -/* crypto/bn/bn_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include <stdio.h> -#include <openssl/err.h> -#include <openssl/bn.h> - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason) - -static ERR_STRING_DATA BN_str_functs[] = { - {ERR_FUNC(BN_F_BNRAND), "BNRAND"}, - {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"}, - {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"}, - {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"}, - {ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"}, - {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"}, - {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"}, - {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"}, - {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"}, - {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"}, - {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"}, - {ERR_FUNC(BN_F_BN_DIV), "BN_div"}, - {ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"}, - {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"}, - {ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, - {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, - {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"}, - {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"}, - {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"}, - {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"}, - {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"}, - {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, - {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, - {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, - {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"}, - {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, - {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, - {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, - {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"}, - {ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"}, - {ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"}, - {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"}, - {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"}, - {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"}, - {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"}, - {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"}, - {ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"}, - {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, - {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, - {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, - {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"}, - {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, - {0, NULL} -}; - -static ERR_STRING_DATA BN_str_reasons[] = { - {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, - {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"}, - {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"}, - {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"}, - {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, - {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"}, - {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"}, - {ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA), - "expand on static bignum data"}, - {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"}, - {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"}, - {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"}, - {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"}, - {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"}, - {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, - {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, - {ERR_REASON(BN_R_NO_SOLUTION), "no solution"}, - {ERR_REASON(BN_R_P_IS_NOT_PRIME), "p is not prime"}, - {ERR_REASON(BN_R_TOO_MANY_ITERATIONS), "too many iterations"}, - {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES), - "too many temporary variables"}, - {0, NULL} -}; - -#endif - -void ERR_load_BN_strings(void) -{ -#ifndef OPENSSL_NO_ERR - - if (ERR_func_error_string(BN_str_functs[0].error) == NULL) { - ERR_load_strings(0, BN_str_functs); - ERR_load_strings(0, BN_str_reasons); - } -#endif -} diff --git a/thirdparty/openssl/crypto/bn/bn_exp.c b/thirdparty/openssl/crypto/bn/bn_exp.c deleted file mode 100644 index 195a7867a4..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_exp.c +++ /dev/null @@ -1,1458 +0,0 @@ -/* crypto/bn/bn_exp.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "cryptlib.h" -#include "constant_time_locl.h" -#include "bn_lcl.h" - -#include <stdlib.h> -#ifdef _WIN32 -# include <malloc.h> -# ifndef alloca -# define alloca _alloca -# endif -#elif defined(__GNUC__) -# ifndef alloca -# define alloca(s) __builtin_alloca((s)) -# endif -#elif defined(__sun) -# include <alloca.h> -#endif - -#include "rsaz_exp.h" - -#undef SPARC_T4_MONT -#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc)) -# include "sparc_arch.h" -extern unsigned int OPENSSL_sparcv9cap_P[]; -# define SPARC_T4_MONT -#endif - -/* maximum precomputation table size for *variable* sliding windows */ -#define TABLE_SIZE 32 - -/* this one works - simple but works */ -int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) -{ - int i, bits, ret = 0; - BIGNUM *v, *rr; - - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { - /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ - BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; - } - - BN_CTX_start(ctx); - if ((r == a) || (r == p)) - rr = BN_CTX_get(ctx); - else - rr = r; - v = BN_CTX_get(ctx); - if (rr == NULL || v == NULL) - goto err; - - if (BN_copy(v, a) == NULL) - goto err; - bits = BN_num_bits(p); - - if (BN_is_odd(p)) { - if (BN_copy(rr, a) == NULL) - goto err; - } else { - if (!BN_one(rr)) - goto err; - } - - for (i = 1; i < bits; i++) { - if (!BN_sqr(v, v, ctx)) - goto err; - if (BN_is_bit_set(p, i)) { - if (!BN_mul(rr, rr, v, ctx)) - goto err; - } - } - if (r != rr && BN_copy(r, rr) == NULL) - goto err; - - ret = 1; - err: - BN_CTX_end(ctx); - bn_check_top(r); - return (ret); -} - -int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, - BN_CTX *ctx) -{ - int ret; - - bn_check_top(a); - bn_check_top(p); - bn_check_top(m); - - /*- - * For even modulus m = 2^k*m_odd, it might make sense to compute - * a^p mod m_odd and a^p mod 2^k separately (with Montgomery - * exponentiation for the odd part), using appropriate exponent - * reductions, and combine the results using the CRT. - * - * For now, we use Montgomery only if the modulus is odd; otherwise, - * exponentiation using the reciprocal-based quick remaindering - * algorithm is used. - * - * (Timing obtained with expspeed.c [computations a^p mod m - * where a, p, m are of the same length: 256, 512, 1024, 2048, - * 4096, 8192 bits], compared to the running time of the - * standard algorithm: - * - * BN_mod_exp_mont 33 .. 40 % [AMD K6-2, Linux, debug configuration] - * 55 .. 77 % [UltraSparc processor, but - * debug-solaris-sparcv8-gcc conf.] - * - * BN_mod_exp_recp 50 .. 70 % [AMD K6-2, Linux, debug configuration] - * 62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc] - * - * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont - * at 2048 and more bits, but at 512 and 1024 bits, it was - * slower even than the standard algorithm! - * - * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations] - * should be obtained when the new Montgomery reduction code - * has been integrated into OpenSSL.) - */ - -#define MONT_MUL_MOD -#define MONT_EXP_WORD -#define RECP_MUL_MOD - -#ifdef MONT_MUL_MOD - /* - * I have finally been able to take out this pre-condition of the top bit - * being set. It was caused by an error in BN_div with negatives. There - * was also another problem when for a^b%m a >= m. eay 07-May-97 - */ - /* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */ - - if (BN_is_odd(m)) { -# ifdef MONT_EXP_WORD - if (a->top == 1 && !a->neg - && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) { - BN_ULONG A = a->d[0]; - ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL); - } else -# endif - ret = BN_mod_exp_mont(r, a, p, m, ctx, NULL); - } else -#endif -#ifdef RECP_MUL_MOD - { - ret = BN_mod_exp_recp(r, a, p, m, ctx); - } -#else - { - ret = BN_mod_exp_simple(r, a, p, m, ctx); - } -#endif - - bn_check_top(r); - return (ret); -} - -int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) -{ - int i, j, bits, ret = 0, wstart, wend, window, wvalue; - int start = 1; - BIGNUM *aa; - /* Table of variables obtained from 'ctx' */ - BIGNUM *val[TABLE_SIZE]; - BN_RECP_CTX recp; - - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { - /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ - BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; - } - - bits = BN_num_bits(p); - if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { - ret = 1; - BN_zero(r); - } else { - ret = BN_one(r); - } - return ret; - } - - BN_CTX_start(ctx); - aa = BN_CTX_get(ctx); - val[0] = BN_CTX_get(ctx); - if (!aa || !val[0]) - goto err; - - BN_RECP_CTX_init(&recp); - if (m->neg) { - /* ignore sign of 'm' */ - if (!BN_copy(aa, m)) - goto err; - aa->neg = 0; - if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0) - goto err; - } else { - if (BN_RECP_CTX_set(&recp, m, ctx) <= 0) - goto err; - } - - if (!BN_nnmod(val[0], a, m, ctx)) - goto err; /* 1 */ - if (BN_is_zero(val[0])) { - BN_zero(r); - ret = 1; - goto err; - } - - window = BN_window_bits_for_exponent_size(bits); - if (window > 1) { - if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx)) - goto err; /* 2 */ - j = 1 << (window - 1); - for (i = 1; i < j; i++) { - if (((val[i] = BN_CTX_get(ctx)) == NULL) || - !BN_mod_mul_reciprocal(val[i], val[i - 1], aa, &recp, ctx)) - goto err; - } - } - - start = 1; /* This is used to avoid multiplication etc - * when there is only the value '1' in the - * buffer. */ - wvalue = 0; /* The 'value' of the window */ - wstart = bits - 1; /* The top bit of the window */ - wend = 0; /* The bottom bit of the window */ - - if (!BN_one(r)) - goto err; - - for (;;) { - if (BN_is_bit_set(p, wstart) == 0) { - if (!start) - if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx)) - goto err; - if (wstart == 0) - break; - wstart--; - continue; - } - /* - * We now have wstart on a 'set' bit, we now need to work out how bit - * a window to do. To do this we need to scan forward until the last - * set bit before the end of the window - */ - j = wstart; - wvalue = 1; - wend = 0; - for (i = 1; i < window; i++) { - if (wstart - i < 0) - break; - if (BN_is_bit_set(p, wstart - i)) { - wvalue <<= (i - wend); - wvalue |= 1; - wend = i; - } - } - - /* wend is the size of the current window */ - j = wend + 1; - /* add the 'bytes above' */ - if (!start) - for (i = 0; i < j; i++) { - if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx)) - goto err; - } - - /* wvalue will be an odd number < 2^window */ - if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], &recp, ctx)) - goto err; - - /* move the 'window' down further */ - wstart -= wend + 1; - wvalue = 0; - start = 0; - if (wstart < 0) - break; - } - ret = 1; - err: - BN_CTX_end(ctx); - BN_RECP_CTX_free(&recp); - bn_check_top(r); - return (ret); -} - -int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -{ - int i, j, bits, ret = 0, wstart, wend, window, wvalue; - int start = 1; - BIGNUM *d, *r; - const BIGNUM *aa; - /* Table of variables obtained from 'ctx' */ - BIGNUM *val[TABLE_SIZE]; - BN_MONT_CTX *mont = NULL; - - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { - return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); - } - - bn_check_top(a); - bn_check_top(p); - bn_check_top(m); - - if (!BN_is_odd(m)) { - BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS); - return (0); - } - bits = BN_num_bits(p); - if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { - ret = 1; - BN_zero(rr); - } else { - ret = BN_one(rr); - } - return ret; - } - - BN_CTX_start(ctx); - d = BN_CTX_get(ctx); - r = BN_CTX_get(ctx); - val[0] = BN_CTX_get(ctx); - if (!d || !r || !val[0]) - goto err; - - /* - * If this is not done, things will break in the montgomery part - */ - - if (in_mont != NULL) - mont = in_mont; - else { - if ((mont = BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(mont, m, ctx)) - goto err; - } - - if (a->neg || BN_ucmp(a, m) >= 0) { - if (!BN_nnmod(val[0], a, m, ctx)) - goto err; - aa = val[0]; - } else - aa = a; - if (BN_is_zero(aa)) { - BN_zero(rr); - ret = 1; - goto err; - } - if (!BN_to_montgomery(val[0], aa, mont, ctx)) - goto err; /* 1 */ - - window = BN_window_bits_for_exponent_size(bits); - if (window > 1) { - if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx)) - goto err; /* 2 */ - j = 1 << (window - 1); - for (i = 1; i < j; i++) { - if (((val[i] = BN_CTX_get(ctx)) == NULL) || - !BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx)) - goto err; - } - } - - start = 1; /* This is used to avoid multiplication etc - * when there is only the value '1' in the - * buffer. */ - wvalue = 0; /* The 'value' of the window */ - wstart = bits - 1; /* The top bit of the window */ - wend = 0; /* The bottom bit of the window */ - -#if 1 /* by Shay Gueron's suggestion */ - j = m->top; /* borrow j */ - if (m->d[j - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) { - if (bn_wexpand(r, j) == NULL) - goto err; - /* 2^(top*BN_BITS2) - m */ - r->d[0] = (0 - m->d[0]) & BN_MASK2; - for (i = 1; i < j; i++) - r->d[i] = (~m->d[i]) & BN_MASK2; - r->top = j; - /* - * Upper words will be zero if the corresponding words of 'm' were - * 0xfff[...], so decrement r->top accordingly. - */ - bn_correct_top(r); - } else -#endif - if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) - goto err; - for (;;) { - if (BN_is_bit_set(p, wstart) == 0) { - if (!start) { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) - goto err; - } - if (wstart == 0) - break; - wstart--; - continue; - } - /* - * We now have wstart on a 'set' bit, we now need to work out how bit - * a window to do. To do this we need to scan forward until the last - * set bit before the end of the window - */ - j = wstart; - wvalue = 1; - wend = 0; - for (i = 1; i < window; i++) { - if (wstart - i < 0) - break; - if (BN_is_bit_set(p, wstart - i)) { - wvalue <<= (i - wend); - wvalue |= 1; - wend = i; - } - } - - /* wend is the size of the current window */ - j = wend + 1; - /* add the 'bytes above' */ - if (!start) - for (i = 0; i < j; i++) { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) - goto err; - } - - /* wvalue will be an odd number < 2^window */ - if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx)) - goto err; - - /* move the 'window' down further */ - wstart -= wend + 1; - wvalue = 0; - start = 0; - if (wstart < 0) - break; - } -#if defined(SPARC_T4_MONT) - if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) { - j = mont->N.top; /* borrow j */ - val[0]->d[0] = 1; /* borrow val[0] */ - for (i = 1; i < j; i++) - val[0]->d[i] = 0; - val[0]->top = j; - if (!BN_mod_mul_montgomery(rr, r, val[0], mont, ctx)) - goto err; - } else -#endif - if (!BN_from_montgomery(rr, r, mont, ctx)) - goto err; - ret = 1; - err: - if ((in_mont == NULL) && (mont != NULL)) - BN_MONT_CTX_free(mont); - BN_CTX_end(ctx); - bn_check_top(rr); - return (ret); -} - -#if defined(SPARC_T4_MONT) -static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos) -{ - BN_ULONG ret = 0; - int wordpos; - - wordpos = bitpos / BN_BITS2; - bitpos %= BN_BITS2; - if (wordpos >= 0 && wordpos < a->top) { - ret = a->d[wordpos] & BN_MASK2; - if (bitpos) { - ret >>= bitpos; - if (++wordpos < a->top) - ret |= a->d[wordpos] << (BN_BITS2 - bitpos); - } - } - - return ret & BN_MASK2; -} -#endif - -/* - * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific - * layout so that accessing any of these table values shows the same access - * pattern as far as cache lines are concerned. The following functions are - * used to transfer a BIGNUM from/to that table. - */ - -static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top, - unsigned char *buf, int idx, - int window) -{ - int i, j; - int width = 1 << window; - BN_ULONG *table = (BN_ULONG *)buf; - - if (top > b->top) - top = b->top; /* this works because 'buf' is explicitly - * zeroed */ - for (i = 0, j = idx; i < top; i++, j += width) { - table[j] = b->d[i]; - } - - return 1; -} - -static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, - unsigned char *buf, int idx, - int window) -{ - int i, j; - int width = 1 << window; - volatile BN_ULONG *table = (volatile BN_ULONG *)buf; - - if (bn_wexpand(b, top) == NULL) - return 0; - - if (window <= 3) { - for (i = 0; i < top; i++, table += width) { - BN_ULONG acc = 0; - - for (j = 0; j < width; j++) { - acc |= table[j] & - ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1)); - } - - b->d[i] = acc; - } - } else { - int xstride = 1 << (window - 2); - BN_ULONG y0, y1, y2, y3; - - i = idx >> (window - 2); /* equivalent of idx / xstride */ - idx &= xstride - 1; /* equivalent of idx % xstride */ - - y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1); - y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1); - y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1); - y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1); - - for (i = 0; i < top; i++, table += width) { - BN_ULONG acc = 0; - - for (j = 0; j < xstride; j++) { - acc |= ( (table[j + 0 * xstride] & y0) | - (table[j + 1 * xstride] & y1) | - (table[j + 2 * xstride] & y2) | - (table[j + 3 * xstride] & y3) ) - & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1)); - } - - b->d[i] = acc; - } - } - - b->top = top; - bn_correct_top(b); - return 1; -} - -/* - * Given a pointer value, compute the next address that is a cache line - * multiple. - */ -#define MOD_EXP_CTIME_ALIGN(x_) \ - ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) - -/* - * This variant of BN_mod_exp_mont() uses fixed windows and the special - * precomputation memory layout to limit data-dependency to a minimum to - * protect secret exponents (cf. the hyper-threading timing attacks pointed - * out by Colin Percival, - * http://www.daemonology.net/hyperthreading-considered-harmful/) - */ -int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont) -{ - int i, bits, ret = 0, window, wvalue; - int top; - BN_MONT_CTX *mont = NULL; - - int numPowers; - unsigned char *powerbufFree = NULL; - int powerbufLen = 0; - unsigned char *powerbuf = NULL; - BIGNUM tmp, am; -#if defined(SPARC_T4_MONT) - unsigned int t4 = 0; -#endif - - bn_check_top(a); - bn_check_top(p); - bn_check_top(m); - - if (!BN_is_odd(m)) { - BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS); - return (0); - } - - top = m->top; - - bits = BN_num_bits(p); - if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { - ret = 1; - BN_zero(rr); - } else { - ret = BN_one(rr); - } - return ret; - } - - BN_CTX_start(ctx); - - /* - * Allocate a montgomery context if it was not supplied by the caller. If - * this is not done, things will break in the montgomery part. - */ - if (in_mont != NULL) - mont = in_mont; - else { - if ((mont = BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(mont, m, ctx)) - goto err; - } - -#ifdef RSAZ_ENABLED - /* - * If the size of the operands allow it, perform the optimized - * RSAZ exponentiation. For further information see - * crypto/bn/rsaz_exp.c and accompanying assembly modules. - */ - if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024) - && rsaz_avx2_eligible()) { - if (NULL == bn_wexpand(rr, 16)) - goto err; - RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d, - mont->n0[0]); - rr->top = 16; - rr->neg = 0; - bn_correct_top(rr); - ret = 1; - goto err; - } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) { - if (NULL == bn_wexpand(rr, 8)) - goto err; - RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d); - rr->top = 8; - rr->neg = 0; - bn_correct_top(rr); - ret = 1; - goto err; - } -#endif - - /* Get the window size to use with size of p. */ - window = BN_window_bits_for_ctime_exponent_size(bits); -#if defined(SPARC_T4_MONT) - if (window >= 5 && (top & 15) == 0 && top <= 64 && - (OPENSSL_sparcv9cap_P[1] & (CFR_MONTMUL | CFR_MONTSQR)) == - (CFR_MONTMUL | CFR_MONTSQR) && (t4 = OPENSSL_sparcv9cap_P[0])) - window = 5; - else -#endif -#if defined(OPENSSL_BN_ASM_MONT5) - if (window >= 5) { - window = 5; /* ~5% improvement for RSA2048 sign, and even - * for RSA4096 */ - /* reserve space for mont->N.d[] copy */ - powerbufLen += top * sizeof(mont->N.d[0]); - } -#endif - (void)0; - - /* - * Allocate a buffer large enough to hold all of the pre-computed powers - * of am, am itself and tmp. - */ - numPowers = 1 << window; - powerbufLen += sizeof(m->d[0]) * (top * numPowers + - ((2 * top) > - numPowers ? (2 * top) : numPowers)); -#ifdef alloca - if (powerbufLen < 3072) - powerbufFree = - alloca(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH); - else -#endif - if ((powerbufFree = - (unsigned char *)OPENSSL_malloc(powerbufLen + - MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) - == NULL) - goto err; - - powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree); - memset(powerbuf, 0, powerbufLen); - -#ifdef alloca - if (powerbufLen < 3072) - powerbufFree = NULL; -#endif - - /* lay down tmp and am right after powers table */ - tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers); - am.d = tmp.d + top; - tmp.top = am.top = 0; - tmp.dmax = am.dmax = top; - tmp.neg = am.neg = 0; - tmp.flags = am.flags = BN_FLG_STATIC_DATA; - - /* prepare a^0 in Montgomery domain */ -#if 1 /* by Shay Gueron's suggestion */ - if (m->d[top - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) { - /* 2^(top*BN_BITS2) - m */ - tmp.d[0] = (0 - m->d[0]) & BN_MASK2; - for (i = 1; i < top; i++) - tmp.d[i] = (~m->d[i]) & BN_MASK2; - tmp.top = top; - } else -#endif - if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx)) - goto err; - - /* prepare a^1 in Montgomery domain */ - if (a->neg || BN_ucmp(a, m) >= 0) { - if (!BN_mod(&am, a, m, ctx)) - goto err; - if (!BN_to_montgomery(&am, &am, mont, ctx)) - goto err; - } else if (!BN_to_montgomery(&am, a, mont, ctx)) - goto err; - -#if defined(SPARC_T4_MONT) - if (t4) { - typedef int (*bn_pwr5_mont_f) (BN_ULONG *tp, const BN_ULONG *np, - const BN_ULONG *n0, const void *table, - int power, int bits); - int bn_pwr5_mont_t4_8(BN_ULONG *tp, const BN_ULONG *np, - const BN_ULONG *n0, const void *table, - int power, int bits); - int bn_pwr5_mont_t4_16(BN_ULONG *tp, const BN_ULONG *np, - const BN_ULONG *n0, const void *table, - int power, int bits); - int bn_pwr5_mont_t4_24(BN_ULONG *tp, const BN_ULONG *np, - const BN_ULONG *n0, const void *table, - int power, int bits); - int bn_pwr5_mont_t4_32(BN_ULONG *tp, const BN_ULONG *np, - const BN_ULONG *n0, const void *table, - int power, int bits); - static const bn_pwr5_mont_f pwr5_funcs[4] = { - bn_pwr5_mont_t4_8, bn_pwr5_mont_t4_16, - bn_pwr5_mont_t4_24, bn_pwr5_mont_t4_32 - }; - bn_pwr5_mont_f pwr5_worker = pwr5_funcs[top / 16 - 1]; - - typedef int (*bn_mul_mont_f) (BN_ULONG *rp, const BN_ULONG *ap, - const void *bp, const BN_ULONG *np, - const BN_ULONG *n0); - int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const void *bp, - const BN_ULONG *np, const BN_ULONG *n0); - int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap, - const void *bp, const BN_ULONG *np, - const BN_ULONG *n0); - int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap, - const void *bp, const BN_ULONG *np, - const BN_ULONG *n0); - int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap, - const void *bp, const BN_ULONG *np, - const BN_ULONG *n0); - static const bn_mul_mont_f mul_funcs[4] = { - bn_mul_mont_t4_8, bn_mul_mont_t4_16, - bn_mul_mont_t4_24, bn_mul_mont_t4_32 - }; - bn_mul_mont_f mul_worker = mul_funcs[top / 16 - 1]; - - void bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, - const void *bp, const BN_ULONG *np, - const BN_ULONG *n0, int num); - void bn_mul_mont_t4(BN_ULONG *rp, const BN_ULONG *ap, - const void *bp, const BN_ULONG *np, - const BN_ULONG *n0, int num); - void bn_mul_mont_gather5_t4(BN_ULONG *rp, const BN_ULONG *ap, - const void *table, const BN_ULONG *np, - const BN_ULONG *n0, int num, int power); - void bn_flip_n_scatter5_t4(const BN_ULONG *inp, size_t num, - void *table, size_t power); - void bn_gather5_t4(BN_ULONG *out, size_t num, - void *table, size_t power); - void bn_flip_t4(BN_ULONG *dst, BN_ULONG *src, size_t num); - - BN_ULONG *np = mont->N.d, *n0 = mont->n0; - int stride = 5 * (6 - (top / 16 - 1)); /* multiple of 5, but less - * than 32 */ - - /* - * BN_to_montgomery can contaminate words above .top [in - * BN_DEBUG[_DEBUG] build]... - */ - for (i = am.top; i < top; i++) - am.d[i] = 0; - for (i = tmp.top; i < top; i++) - tmp.d[i] = 0; - - bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 0); - bn_flip_n_scatter5_t4(am.d, top, powerbuf, 1); - if (!(*mul_worker) (tmp.d, am.d, am.d, np, n0) && - !(*mul_worker) (tmp.d, am.d, am.d, np, n0)) - bn_mul_mont_vis3(tmp.d, am.d, am.d, np, n0, top); - bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 2); - - for (i = 3; i < 32; i++) { - /* Calculate a^i = a^(i-1) * a */ - if (!(*mul_worker) (tmp.d, tmp.d, am.d, np, n0) && - !(*mul_worker) (tmp.d, tmp.d, am.d, np, n0)) - bn_mul_mont_vis3(tmp.d, tmp.d, am.d, np, n0, top); - bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, i); - } - - /* switch to 64-bit domain */ - np = alloca(top * sizeof(BN_ULONG)); - top /= 2; - bn_flip_t4(np, mont->N.d, top); - - bits--; - for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--) - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); - bn_gather5_t4(tmp.d, top, powerbuf, wvalue); - - /* - * Scan the exponent one window at a time starting from the most - * significant bits. - */ - while (bits >= 0) { - if (bits < stride) - stride = bits + 1; - bits -= stride; - wvalue = bn_get_bits(p, bits + 1); - - if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride)) - continue; - /* retry once and fall back */ - if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride)) - continue; - - bits += stride - 5; - wvalue >>= stride - 5; - wvalue &= 31; - bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont_gather5_t4(tmp.d, tmp.d, powerbuf, np, n0, top, - wvalue); - } - - bn_flip_t4(tmp.d, tmp.d, top); - top *= 2; - /* back to 32-bit domain */ - tmp.top = top; - bn_correct_top(&tmp); - OPENSSL_cleanse(np, top * sizeof(BN_ULONG)); - } else -#endif -#if defined(OPENSSL_BN_ASM_MONT5) - if (window == 5 && top > 1) { - /* - * This optimization uses ideas from http://eprint.iacr.org/2011/239, - * specifically optimization of cache-timing attack countermeasures - * and pre-computation optimization. - */ - - /* - * Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as - * 512-bit RSA is hardly relevant, we omit it to spare size... - */ - void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap, - const void *table, const BN_ULONG *np, - const BN_ULONG *n0, int num, int power); - void bn_scatter5(const BN_ULONG *inp, size_t num, - void *table, size_t power); - void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power); - void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, - const void *table, const BN_ULONG *np, - const BN_ULONG *n0, int num, int power); - int bn_get_bits5(const BN_ULONG *ap, int off); - int bn_from_montgomery(BN_ULONG *rp, const BN_ULONG *ap, - const BN_ULONG *not_used, const BN_ULONG *np, - const BN_ULONG *n0, int num); - - BN_ULONG *n0 = mont->n0, *np; - - /* - * BN_to_montgomery can contaminate words above .top [in - * BN_DEBUG[_DEBUG] build]... - */ - for (i = am.top; i < top; i++) - am.d[i] = 0; - for (i = tmp.top; i < top; i++) - tmp.d[i] = 0; - - /* - * copy mont->N.d[] to improve cache locality - */ - for (np = am.d + top, i = 0; i < top; i++) - np[i] = mont->N.d[i]; - - bn_scatter5(tmp.d, top, powerbuf, 0); - bn_scatter5(am.d, am.top, powerbuf, 1); - bn_mul_mont(tmp.d, am.d, am.d, np, n0, top); - bn_scatter5(tmp.d, top, powerbuf, 2); - -# if 0 - for (i = 3; i < 32; i++) { - /* Calculate a^i = a^(i-1) * a */ - bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1); - bn_scatter5(tmp.d, top, powerbuf, i); - } -# else - /* same as above, but uses squaring for 1/2 of operations */ - for (i = 4; i < 32; i *= 2) { - bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_scatter5(tmp.d, top, powerbuf, i); - } - for (i = 3; i < 8; i += 2) { - int j; - bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1); - bn_scatter5(tmp.d, top, powerbuf, i); - for (j = 2 * i; j < 32; j *= 2) { - bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_scatter5(tmp.d, top, powerbuf, j); - } - } - for (; i < 16; i += 2) { - bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1); - bn_scatter5(tmp.d, top, powerbuf, i); - bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_scatter5(tmp.d, top, powerbuf, 2 * i); - } - for (; i < 32; i += 2) { - bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1); - bn_scatter5(tmp.d, top, powerbuf, i); - } -# endif - bits--; - for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--) - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); - bn_gather5(tmp.d, top, powerbuf, wvalue); - - /* - * Scan the exponent one window at a time starting from the most - * significant bits. - */ - if (top & 7) - while (bits >= 0) { - for (wvalue = 0, i = 0; i < 5; i++, bits--) - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); - - bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top, - wvalue); - } else { - while (bits >= 0) { - wvalue = bn_get_bits5(p->d, bits - 4); - bits -= 5; - bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top, wvalue); - } - } - - ret = bn_from_montgomery(tmp.d, tmp.d, NULL, np, n0, top); - tmp.top = top; - bn_correct_top(&tmp); - if (ret) { - if (!BN_copy(rr, &tmp)) - ret = 0; - goto err; /* non-zero ret means it's not error */ - } - } else -#endif - { - if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window)) - goto err; - if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window)) - goto err; - - /* - * If the window size is greater than 1, then calculate - * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) (even - * powers could instead be computed as (a^(i/2))^2 to use the slight - * performance advantage of sqr over mul). - */ - if (window > 1) { - if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx)) - goto err; - if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2, - window)) - goto err; - for (i = 3; i < numPowers; i++) { - /* Calculate a^i = a^(i-1) * a */ - if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx)) - goto err; - if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i, - window)) - goto err; - } - } - - bits--; - for (wvalue = 0, i = bits % window; i >= 0; i--, bits--) - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); - if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue, - window)) - goto err; - - /* - * Scan the exponent one window at a time starting from the most - * significant bits. - */ - while (bits >= 0) { - wvalue = 0; /* The 'value' of the window */ - - /* Scan the window, squaring the result as we go */ - for (i = 0; i < window; i++, bits--) { - if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx)) - goto err; - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); - } - - /* - * Fetch the appropriate pre-computed value from the pre-buf - */ - if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue, - window)) - goto err; - - /* Multiply the result into the intermediate result */ - if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx)) - goto err; - } - } - - /* Convert the final result from montgomery to standard format */ -#if defined(SPARC_T4_MONT) - if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) { - am.d[0] = 1; /* borrow am */ - for (i = 1; i < top; i++) - am.d[i] = 0; - if (!BN_mod_mul_montgomery(rr, &tmp, &am, mont, ctx)) - goto err; - } else -#endif - if (!BN_from_montgomery(rr, &tmp, mont, ctx)) - goto err; - ret = 1; - err: - if ((in_mont == NULL) && (mont != NULL)) - BN_MONT_CTX_free(mont); - if (powerbuf != NULL) { - OPENSSL_cleanse(powerbuf, powerbufLen); - if (powerbufFree) - OPENSSL_free(powerbufFree); - } - BN_CTX_end(ctx); - return (ret); -} - -int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -{ - BN_MONT_CTX *mont = NULL; - int b, bits, ret = 0; - int r_is_one; - BN_ULONG w, next_w; - BIGNUM *d, *r, *t; - BIGNUM *swap_tmp; -#define BN_MOD_MUL_WORD(r, w, m) \ - (BN_mul_word(r, (w)) && \ - (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \ - (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1)))) - /* - * BN_MOD_MUL_WORD is only used with 'w' large, so the BN_ucmp test is - * probably more overhead than always using BN_mod (which uses BN_copy if - * a similar test returns true). - */ - /* - * We can use BN_mod and do not need BN_nnmod because our accumulator is - * never negative (the result of BN_mod does not depend on the sign of - * the modulus). - */ -#define BN_TO_MONTGOMERY_WORD(r, w, mont) \ - (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) - - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { - /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ - BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; - } - - bn_check_top(p); - bn_check_top(m); - - if (!BN_is_odd(m)) { - BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS); - return (0); - } - if (m->top == 1) - a %= m->d[0]; /* make sure that 'a' is reduced */ - - bits = BN_num_bits(p); - if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { - ret = 1; - BN_zero(rr); - } else { - ret = BN_one(rr); - } - return ret; - } - if (a == 0) { - BN_zero(rr); - ret = 1; - return ret; - } - - BN_CTX_start(ctx); - d = BN_CTX_get(ctx); - r = BN_CTX_get(ctx); - t = BN_CTX_get(ctx); - if (d == NULL || r == NULL || t == NULL) - goto err; - - if (in_mont != NULL) - mont = in_mont; - else { - if ((mont = BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(mont, m, ctx)) - goto err; - } - - r_is_one = 1; /* except for Montgomery factor */ - - /* bits-1 >= 0 */ - - /* The result is accumulated in the product r*w. */ - w = a; /* bit 'bits-1' of 'p' is always set */ - for (b = bits - 2; b >= 0; b--) { - /* First, square r*w. */ - next_w = w * w; - if ((next_w / w) != w) { /* overflow */ - if (r_is_one) { - if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) - goto err; - r_is_one = 0; - } else { - if (!BN_MOD_MUL_WORD(r, w, m)) - goto err; - } - next_w = 1; - } - w = next_w; - if (!r_is_one) { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) - goto err; - } - - /* Second, multiply r*w by 'a' if exponent bit is set. */ - if (BN_is_bit_set(p, b)) { - next_w = w * a; - if ((next_w / a) != w) { /* overflow */ - if (r_is_one) { - if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) - goto err; - r_is_one = 0; - } else { - if (!BN_MOD_MUL_WORD(r, w, m)) - goto err; - } - next_w = a; - } - w = next_w; - } - } - - /* Finally, set r:=r*w. */ - if (w != 1) { - if (r_is_one) { - if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) - goto err; - r_is_one = 0; - } else { - if (!BN_MOD_MUL_WORD(r, w, m)) - goto err; - } - } - - if (r_is_one) { /* can happen only if a == 1 */ - if (!BN_one(rr)) - goto err; - } else { - if (!BN_from_montgomery(rr, r, mont, ctx)) - goto err; - } - ret = 1; - err: - if ((in_mont == NULL) && (mont != NULL)) - BN_MONT_CTX_free(mont); - BN_CTX_end(ctx); - bn_check_top(rr); - return (ret); -} - -/* The old fallback, simple version :-) */ -int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) -{ - int i, j, bits, ret = 0, wstart, wend, window, wvalue; - int start = 1; - BIGNUM *d; - /* Table of variables obtained from 'ctx' */ - BIGNUM *val[TABLE_SIZE]; - - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { - /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ - BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; - } - - bits = BN_num_bits(p); - if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { - ret = 1; - BN_zero(r); - } else { - ret = BN_one(r); - } - return ret; - } - - BN_CTX_start(ctx); - d = BN_CTX_get(ctx); - val[0] = BN_CTX_get(ctx); - if (!d || !val[0]) - goto err; - - if (!BN_nnmod(val[0], a, m, ctx)) - goto err; /* 1 */ - if (BN_is_zero(val[0])) { - BN_zero(r); - ret = 1; - goto err; - } - - window = BN_window_bits_for_exponent_size(bits); - if (window > 1) { - if (!BN_mod_mul(d, val[0], val[0], m, ctx)) - goto err; /* 2 */ - j = 1 << (window - 1); - for (i = 1; i < j; i++) { - if (((val[i] = BN_CTX_get(ctx)) == NULL) || - !BN_mod_mul(val[i], val[i - 1], d, m, ctx)) - goto err; - } - } - - start = 1; /* This is used to avoid multiplication etc - * when there is only the value '1' in the - * buffer. */ - wvalue = 0; /* The 'value' of the window */ - wstart = bits - 1; /* The top bit of the window */ - wend = 0; /* The bottom bit of the window */ - - if (!BN_one(r)) - goto err; - - for (;;) { - if (BN_is_bit_set(p, wstart) == 0) { - if (!start) - if (!BN_mod_mul(r, r, r, m, ctx)) - goto err; - if (wstart == 0) - break; - wstart--; - continue; - } - /* - * We now have wstart on a 'set' bit, we now need to work out how bit - * a window to do. To do this we need to scan forward until the last - * set bit before the end of the window - */ - j = wstart; - wvalue = 1; - wend = 0; - for (i = 1; i < window; i++) { - if (wstart - i < 0) - break; - if (BN_is_bit_set(p, wstart - i)) { - wvalue <<= (i - wend); - wvalue |= 1; - wend = i; - } - } - - /* wend is the size of the current window */ - j = wend + 1; - /* add the 'bytes above' */ - if (!start) - for (i = 0; i < j; i++) { - if (!BN_mod_mul(r, r, r, m, ctx)) - goto err; - } - - /* wvalue will be an odd number < 2^window */ - if (!BN_mod_mul(r, r, val[wvalue >> 1], m, ctx)) - goto err; - - /* move the 'window' down further */ - wstart -= wend + 1; - wvalue = 0; - start = 0; - if (wstart < 0) - break; - } - ret = 1; - err: - BN_CTX_end(ctx); - bn_check_top(r); - return (ret); -} diff --git a/thirdparty/openssl/crypto/bn/bn_exp2.c b/thirdparty/openssl/crypto/bn/bn_exp2.c deleted file mode 100644 index 43fd2044c0..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_exp2.c +++ /dev/null @@ -1,303 +0,0 @@ -/* crypto/bn/bn_exp2.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -#define TABLE_SIZE 32 - -int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, - const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont) -{ - int i, j, bits, b, bits1, bits2, ret = - 0, wpos1, wpos2, window1, window2, wvalue1, wvalue2; - int r_is_one = 1; - BIGNUM *d, *r; - const BIGNUM *a_mod_m; - /* Tables of variables obtained from 'ctx' */ - BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE]; - BN_MONT_CTX *mont = NULL; - - bn_check_top(a1); - bn_check_top(p1); - bn_check_top(a2); - bn_check_top(p2); - bn_check_top(m); - - if (!(m->d[0] & 1)) { - BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS); - return (0); - } - bits1 = BN_num_bits(p1); - bits2 = BN_num_bits(p2); - if ((bits1 == 0) && (bits2 == 0)) { - ret = BN_one(rr); - return ret; - } - - bits = (bits1 > bits2) ? bits1 : bits2; - - BN_CTX_start(ctx); - d = BN_CTX_get(ctx); - r = BN_CTX_get(ctx); - val1[0] = BN_CTX_get(ctx); - val2[0] = BN_CTX_get(ctx); - if (!d || !r || !val1[0] || !val2[0]) - goto err; - - if (in_mont != NULL) - mont = in_mont; - else { - if ((mont = BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(mont, m, ctx)) - goto err; - } - - window1 = BN_window_bits_for_exponent_size(bits1); - window2 = BN_window_bits_for_exponent_size(bits2); - - /* - * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1) - */ - if (a1->neg || BN_ucmp(a1, m) >= 0) { - if (!BN_mod(val1[0], a1, m, ctx)) - goto err; - a_mod_m = val1[0]; - } else - a_mod_m = a1; - if (BN_is_zero(a_mod_m)) { - BN_zero(rr); - ret = 1; - goto err; - } - - if (!BN_to_montgomery(val1[0], a_mod_m, mont, ctx)) - goto err; - if (window1 > 1) { - if (!BN_mod_mul_montgomery(d, val1[0], val1[0], mont, ctx)) - goto err; - - j = 1 << (window1 - 1); - for (i = 1; i < j; i++) { - if (((val1[i] = BN_CTX_get(ctx)) == NULL) || - !BN_mod_mul_montgomery(val1[i], val1[i - 1], d, mont, ctx)) - goto err; - } - } - - /* - * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1) - */ - if (a2->neg || BN_ucmp(a2, m) >= 0) { - if (!BN_mod(val2[0], a2, m, ctx)) - goto err; - a_mod_m = val2[0]; - } else - a_mod_m = a2; - if (BN_is_zero(a_mod_m)) { - BN_zero(rr); - ret = 1; - goto err; - } - if (!BN_to_montgomery(val2[0], a_mod_m, mont, ctx)) - goto err; - if (window2 > 1) { - if (!BN_mod_mul_montgomery(d, val2[0], val2[0], mont, ctx)) - goto err; - - j = 1 << (window2 - 1); - for (i = 1; i < j; i++) { - if (((val2[i] = BN_CTX_get(ctx)) == NULL) || - !BN_mod_mul_montgomery(val2[i], val2[i - 1], d, mont, ctx)) - goto err; - } - } - - /* Now compute the power product, using independent windows. */ - r_is_one = 1; - wvalue1 = 0; /* The 'value' of the first window */ - wvalue2 = 0; /* The 'value' of the second window */ - wpos1 = 0; /* If wvalue1 > 0, the bottom bit of the - * first window */ - wpos2 = 0; /* If wvalue2 > 0, the bottom bit of the - * second window */ - - if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) - goto err; - for (b = bits - 1; b >= 0; b--) { - if (!r_is_one) { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) - goto err; - } - - if (!wvalue1) - if (BN_is_bit_set(p1, b)) { - /* - * consider bits b-window1+1 .. b for this window - */ - i = b - window1 + 1; - while (!BN_is_bit_set(p1, i)) /* works for i<0 */ - i++; - wpos1 = i; - wvalue1 = 1; - for (i = b - 1; i >= wpos1; i--) { - wvalue1 <<= 1; - if (BN_is_bit_set(p1, i)) - wvalue1++; - } - } - - if (!wvalue2) - if (BN_is_bit_set(p2, b)) { - /* - * consider bits b-window2+1 .. b for this window - */ - i = b - window2 + 1; - while (!BN_is_bit_set(p2, i)) - i++; - wpos2 = i; - wvalue2 = 1; - for (i = b - 1; i >= wpos2; i--) { - wvalue2 <<= 1; - if (BN_is_bit_set(p2, i)) - wvalue2++; - } - } - - if (wvalue1 && b == wpos1) { - /* wvalue1 is odd and < 2^window1 */ - if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1], mont, ctx)) - goto err; - wvalue1 = 0; - r_is_one = 0; - } - - if (wvalue2 && b == wpos2) { - /* wvalue2 is odd and < 2^window2 */ - if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1], mont, ctx)) - goto err; - wvalue2 = 0; - r_is_one = 0; - } - } - if (!BN_from_montgomery(rr, r, mont, ctx)) - goto err; - ret = 1; - err: - if ((in_mont == NULL) && (mont != NULL)) - BN_MONT_CTX_free(mont); - BN_CTX_end(ctx); - bn_check_top(rr); - return (ret); -} diff --git a/thirdparty/openssl/crypto/bn/bn_gcd.c b/thirdparty/openssl/crypto/bn/bn_gcd.c deleted file mode 100644 index ce59fe701f..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_gcd.c +++ /dev/null @@ -1,702 +0,0 @@ -/* crypto/bn/bn_gcd.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "cryptlib.h" -#include "bn_lcl.h" - -static BIGNUM *euclid(BIGNUM *a, BIGNUM *b); - -int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) -{ - BIGNUM *a, *b, *t; - int ret = 0; - - bn_check_top(in_a); - bn_check_top(in_b); - - BN_CTX_start(ctx); - a = BN_CTX_get(ctx); - b = BN_CTX_get(ctx); - if (a == NULL || b == NULL) - goto err; - - if (BN_copy(a, in_a) == NULL) - goto err; - if (BN_copy(b, in_b) == NULL) - goto err; - a->neg = 0; - b->neg = 0; - - if (BN_cmp(a, b) < 0) { - t = a; - a = b; - b = t; - } - t = euclid(a, b); - if (t == NULL) - goto err; - - if (BN_copy(r, t) == NULL) - goto err; - ret = 1; - err: - BN_CTX_end(ctx); - bn_check_top(r); - return (ret); -} - -static BIGNUM *euclid(BIGNUM *a, BIGNUM *b) -{ - BIGNUM *t; - int shifts = 0; - - bn_check_top(a); - bn_check_top(b); - - /* 0 <= b <= a */ - while (!BN_is_zero(b)) { - /* 0 < b <= a */ - - if (BN_is_odd(a)) { - if (BN_is_odd(b)) { - if (!BN_sub(a, a, b)) - goto err; - if (!BN_rshift1(a, a)) - goto err; - if (BN_cmp(a, b) < 0) { - t = a; - a = b; - b = t; - } - } else { /* a odd - b even */ - - if (!BN_rshift1(b, b)) - goto err; - if (BN_cmp(a, b) < 0) { - t = a; - a = b; - b = t; - } - } - } else { /* a is even */ - - if (BN_is_odd(b)) { - if (!BN_rshift1(a, a)) - goto err; - if (BN_cmp(a, b) < 0) { - t = a; - a = b; - b = t; - } - } else { /* a even - b even */ - - if (!BN_rshift1(a, a)) - goto err; - if (!BN_rshift1(b, b)) - goto err; - shifts++; - } - } - /* 0 <= b <= a */ - } - - if (shifts) { - if (!BN_lshift(a, a, shifts)) - goto err; - } - bn_check_top(a); - return (a); - err: - return (NULL); -} - -/* solves ax == 1 (mod n) */ -static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *ctx); - -BIGNUM *BN_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) -{ - BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; - BIGNUM *ret = NULL; - int sign; - - if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) - || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) { - return BN_mod_inverse_no_branch(in, a, n, ctx); - } - - bn_check_top(a); - bn_check_top(n); - - BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - B = BN_CTX_get(ctx); - X = BN_CTX_get(ctx); - D = BN_CTX_get(ctx); - M = BN_CTX_get(ctx); - Y = BN_CTX_get(ctx); - T = BN_CTX_get(ctx); - if (T == NULL) - goto err; - - if (in == NULL) - R = BN_new(); - else - R = in; - if (R == NULL) - goto err; - - BN_one(X); - BN_zero(Y); - if (BN_copy(B, a) == NULL) - goto err; - if (BN_copy(A, n) == NULL) - goto err; - A->neg = 0; - if (B->neg || (BN_ucmp(B, A) >= 0)) { - if (!BN_nnmod(B, B, A, ctx)) - goto err; - } - sign = -1; - /*- - * From B = a mod |n|, A = |n| it follows that - * - * 0 <= B < A, - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - */ - - if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) { - /* - * Binary inversion algorithm; requires odd modulus. This is faster - * than the general algorithm if the modulus is sufficiently small - * (about 400 .. 500 bits on 32-bit sytems, but much more on 64-bit - * systems) - */ - int shift; - - while (!BN_is_zero(B)) { - /*- - * 0 < B < |n|, - * 0 < A <= |n|, - * (1) -sign*X*a == B (mod |n|), - * (2) sign*Y*a == A (mod |n|) - */ - - /* - * Now divide B by the maximum possible power of two in the - * integers, and divide X by the same value mod |n|. When we're - * done, (1) still holds. - */ - shift = 0; - while (!BN_is_bit_set(B, shift)) { /* note that 0 < B */ - shift++; - - if (BN_is_odd(X)) { - if (!BN_uadd(X, X, n)) - goto err; - } - /* - * now X is even, so we can easily divide it by two - */ - if (!BN_rshift1(X, X)) - goto err; - } - if (shift > 0) { - if (!BN_rshift(B, B, shift)) - goto err; - } - - /* - * Same for A and Y. Afterwards, (2) still holds. - */ - shift = 0; - while (!BN_is_bit_set(A, shift)) { /* note that 0 < A */ - shift++; - - if (BN_is_odd(Y)) { - if (!BN_uadd(Y, Y, n)) - goto err; - } - /* now Y is even */ - if (!BN_rshift1(Y, Y)) - goto err; - } - if (shift > 0) { - if (!BN_rshift(A, A, shift)) - goto err; - } - - /*- - * We still have (1) and (2). - * Both A and B are odd. - * The following computations ensure that - * - * 0 <= B < |n|, - * 0 < A < |n|, - * (1) -sign*X*a == B (mod |n|), - * (2) sign*Y*a == A (mod |n|), - * - * and that either A or B is even in the next iteration. - */ - if (BN_ucmp(B, A) >= 0) { - /* -sign*(X + Y)*a == B - A (mod |n|) */ - if (!BN_uadd(X, X, Y)) - goto err; - /* - * NB: we could use BN_mod_add_quick(X, X, Y, n), but that - * actually makes the algorithm slower - */ - if (!BN_usub(B, B, A)) - goto err; - } else { - /* sign*(X + Y)*a == A - B (mod |n|) */ - if (!BN_uadd(Y, Y, X)) - goto err; - /* - * as above, BN_mod_add_quick(Y, Y, X, n) would slow things - * down - */ - if (!BN_usub(A, A, B)) - goto err; - } - } - } else { - /* general inversion algorithm */ - - while (!BN_is_zero(B)) { - BIGNUM *tmp; - - /*- - * 0 < B < A, - * (*) -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|) - */ - - /* (D, M) := (A/B, A%B) ... */ - if (BN_num_bits(A) == BN_num_bits(B)) { - if (!BN_one(D)) - goto err; - if (!BN_sub(M, A, B)) - goto err; - } else if (BN_num_bits(A) == BN_num_bits(B) + 1) { - /* A/B is 1, 2, or 3 */ - if (!BN_lshift1(T, B)) - goto err; - if (BN_ucmp(A, T) < 0) { - /* A < 2*B, so D=1 */ - if (!BN_one(D)) - goto err; - if (!BN_sub(M, A, B)) - goto err; - } else { - /* A >= 2*B, so D=2 or D=3 */ - if (!BN_sub(M, A, T)) - goto err; - if (!BN_add(D, T, B)) - goto err; /* use D (:= 3*B) as temp */ - if (BN_ucmp(A, D) < 0) { - /* A < 3*B, so D=2 */ - if (!BN_set_word(D, 2)) - goto err; - /* - * M (= A - 2*B) already has the correct value - */ - } else { - /* only D=3 remains */ - if (!BN_set_word(D, 3)) - goto err; - /* - * currently M = A - 2*B, but we need M = A - 3*B - */ - if (!BN_sub(M, M, B)) - goto err; - } - } - } else { - if (!BN_div(D, M, A, B, ctx)) - goto err; - } - - /*- - * Now - * A = D*B + M; - * thus we have - * (**) sign*Y*a == D*B + M (mod |n|). - */ - - tmp = A; /* keep the BIGNUM object, the value does not - * matter */ - - /* (A, B) := (B, A mod B) ... */ - A = B; - B = M; - /* ... so we have 0 <= B < A again */ - - /*- - * Since the former M is now B and the former B is now A, - * (**) translates into - * sign*Y*a == D*A + B (mod |n|), - * i.e. - * sign*Y*a - D*A == B (mod |n|). - * Similarly, (*) translates into - * -sign*X*a == A (mod |n|). - * - * Thus, - * sign*Y*a + D*sign*X*a == B (mod |n|), - * i.e. - * sign*(Y + D*X)*a == B (mod |n|). - * - * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - * Note that X and Y stay non-negative all the time. - */ - - /* - * most of the time D is very small, so we can optimize tmp := - * D*X+Y - */ - if (BN_is_one(D)) { - if (!BN_add(tmp, X, Y)) - goto err; - } else { - if (BN_is_word(D, 2)) { - if (!BN_lshift1(tmp, X)) - goto err; - } else if (BN_is_word(D, 4)) { - if (!BN_lshift(tmp, X, 2)) - goto err; - } else if (D->top == 1) { - if (!BN_copy(tmp, X)) - goto err; - if (!BN_mul_word(tmp, D->d[0])) - goto err; - } else { - if (!BN_mul(tmp, D, X, ctx)) - goto err; - } - if (!BN_add(tmp, tmp, Y)) - goto err; - } - - M = Y; /* keep the BIGNUM object, the value does not - * matter */ - Y = X; - X = tmp; - sign = -sign; - } - } - - /*- - * The while loop (Euclid's algorithm) ends when - * A == gcd(a,n); - * we have - * sign*Y*a == A (mod |n|), - * where Y is non-negative. - */ - - if (sign < 0) { - if (!BN_sub(Y, n, Y)) - goto err; - } - /* Now Y*a == A (mod |n|). */ - - if (BN_is_one(A)) { - /* Y*a == 1 (mod |n|) */ - if (!Y->neg && BN_ucmp(Y, n) < 0) { - if (!BN_copy(R, Y)) - goto err; - } else { - if (!BN_nnmod(R, Y, n, ctx)) - goto err; - } - } else { - BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); - goto err; - } - ret = R; - err: - if ((ret == NULL) && (in == NULL)) - BN_free(R); - BN_CTX_end(ctx); - bn_check_top(ret); - return (ret); -} - -/* - * BN_mod_inverse_no_branch is a special version of BN_mod_inverse. It does - * not contain branches that may leak sensitive information. - */ -static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *ctx) -{ - BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; - BIGNUM local_A, local_B; - BIGNUM *pA, *pB; - BIGNUM *ret = NULL; - int sign; - - bn_check_top(a); - bn_check_top(n); - - BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - B = BN_CTX_get(ctx); - X = BN_CTX_get(ctx); - D = BN_CTX_get(ctx); - M = BN_CTX_get(ctx); - Y = BN_CTX_get(ctx); - T = BN_CTX_get(ctx); - if (T == NULL) - goto err; - - if (in == NULL) - R = BN_new(); - else - R = in; - if (R == NULL) - goto err; - - BN_one(X); - BN_zero(Y); - if (BN_copy(B, a) == NULL) - goto err; - if (BN_copy(A, n) == NULL) - goto err; - A->neg = 0; - - if (B->neg || (BN_ucmp(B, A) >= 0)) { - /* - * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ - pB = &local_B; - local_B.flags = 0; - BN_with_flags(pB, B, BN_FLG_CONSTTIME); - if (!BN_nnmod(B, pB, A, ctx)) - goto err; - } - sign = -1; - /*- - * From B = a mod |n|, A = |n| it follows that - * - * 0 <= B < A, - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - */ - - while (!BN_is_zero(B)) { - BIGNUM *tmp; - - /*- - * 0 < B < A, - * (*) -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|) - */ - - /* - * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ - pA = &local_A; - local_A.flags = 0; - BN_with_flags(pA, A, BN_FLG_CONSTTIME); - - /* (D, M) := (A/B, A%B) ... */ - if (!BN_div(D, M, pA, B, ctx)) - goto err; - - /*- - * Now - * A = D*B + M; - * thus we have - * (**) sign*Y*a == D*B + M (mod |n|). - */ - - tmp = A; /* keep the BIGNUM object, the value does not - * matter */ - - /* (A, B) := (B, A mod B) ... */ - A = B; - B = M; - /* ... so we have 0 <= B < A again */ - - /*- - * Since the former M is now B and the former B is now A, - * (**) translates into - * sign*Y*a == D*A + B (mod |n|), - * i.e. - * sign*Y*a - D*A == B (mod |n|). - * Similarly, (*) translates into - * -sign*X*a == A (mod |n|). - * - * Thus, - * sign*Y*a + D*sign*X*a == B (mod |n|), - * i.e. - * sign*(Y + D*X)*a == B (mod |n|). - * - * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - * Note that X and Y stay non-negative all the time. - */ - - if (!BN_mul(tmp, D, X, ctx)) - goto err; - if (!BN_add(tmp, tmp, Y)) - goto err; - - M = Y; /* keep the BIGNUM object, the value does not - * matter */ - Y = X; - X = tmp; - sign = -sign; - } - - /*- - * The while loop (Euclid's algorithm) ends when - * A == gcd(a,n); - * we have - * sign*Y*a == A (mod |n|), - * where Y is non-negative. - */ - - if (sign < 0) { - if (!BN_sub(Y, n, Y)) - goto err; - } - /* Now Y*a == A (mod |n|). */ - - if (BN_is_one(A)) { - /* Y*a == 1 (mod |n|) */ - if (!Y->neg && BN_ucmp(Y, n) < 0) { - if (!BN_copy(R, Y)) - goto err; - } else { - if (!BN_nnmod(R, Y, n, ctx)) - goto err; - } - } else { - BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE); - goto err; - } - ret = R; - err: - if ((ret == NULL) && (in == NULL)) - BN_free(R); - BN_CTX_end(ctx); - bn_check_top(ret); - return (ret); -} diff --git a/thirdparty/openssl/crypto/bn/bn_gf2m.c b/thirdparty/openssl/crypto/bn/bn_gf2m.c deleted file mode 100644 index 2c61da1109..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_gf2m.c +++ /dev/null @@ -1,1300 +0,0 @@ -/* crypto/bn/bn_gf2m.c */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * The Elliptic Curve Public-Key Crypto Library (ECC Code) included - * herein is developed by SUN MICROSYSTEMS, INC., and is contributed - * to the OpenSSL project. - * - * The ECC Code is licensed pursuant to the OpenSSL open source - * license provided below. - * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the ECC Code as delivered hereunder (or portions thereof), - * provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the ECC Code; - * 2) separates from the ECC Code; or - * 3) for infringements caused by: - * i) the modification of the ECC Code or - * ii) the combination of the ECC Code with other software or - * devices where such combination causes the infringement. - * - * The software is originally written by Sheueling Chang Shantz and - * Douglas Stebila of Sun Microsystems Laboratories. - * - */ - -/* - * NOTE: This file is licensed pursuant to the OpenSSL license below and may - * be modified; but after modifications, the above covenant may no longer - * apply! In such cases, the corresponding paragraph ["In addition, Sun - * covenants ... causes the infringement."] and this note can be edited out; - * but please keep the Sun copyright notice and attribution. - */ - -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <assert.h> -#include <limits.h> -#include <stdio.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -#ifndef OPENSSL_NO_EC2M - -/* - * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should - * fail. - */ -# define MAX_ITERATIONS 50 - -static const BN_ULONG SQR_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21, - 64, 65, 68, 69, 80, 81, 84, 85 -}; - -/* Platform-specific macros to accelerate squaring. */ -# if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) -# define SQR1(w) \ - SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \ - SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \ - SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \ - SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF] -# define SQR0(w) \ - SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \ - SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \ - SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ - SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] -# endif -# ifdef THIRTY_TWO_BIT -# define SQR1(w) \ - SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \ - SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF] -# define SQR0(w) \ - SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ - SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] -# endif - -# if !defined(OPENSSL_BN_ASM_GF2m) -/* - * Product of two polynomials a, b each with degree < BN_BITS2 - 1, result is - * a polynomial r with degree < 2 * BN_BITS - 1 The caller MUST ensure that - * the variables have the right amount of space allocated. - */ -# ifdef THIRTY_TWO_BIT -static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, - const BN_ULONG b) -{ - register BN_ULONG h, l, s; - BN_ULONG tab[8], top2b = a >> 30; - register BN_ULONG a1, a2, a4; - - a1 = a & (0x3FFFFFFF); - a2 = a1 << 1; - a4 = a2 << 1; - - tab[0] = 0; - tab[1] = a1; - tab[2] = a2; - tab[3] = a1 ^ a2; - tab[4] = a4; - tab[5] = a1 ^ a4; - tab[6] = a2 ^ a4; - tab[7] = a1 ^ a2 ^ a4; - - s = tab[b & 0x7]; - l = s; - s = tab[b >> 3 & 0x7]; - l ^= s << 3; - h = s >> 29; - s = tab[b >> 6 & 0x7]; - l ^= s << 6; - h ^= s >> 26; - s = tab[b >> 9 & 0x7]; - l ^= s << 9; - h ^= s >> 23; - s = tab[b >> 12 & 0x7]; - l ^= s << 12; - h ^= s >> 20; - s = tab[b >> 15 & 0x7]; - l ^= s << 15; - h ^= s >> 17; - s = tab[b >> 18 & 0x7]; - l ^= s << 18; - h ^= s >> 14; - s = tab[b >> 21 & 0x7]; - l ^= s << 21; - h ^= s >> 11; - s = tab[b >> 24 & 0x7]; - l ^= s << 24; - h ^= s >> 8; - s = tab[b >> 27 & 0x7]; - l ^= s << 27; - h ^= s >> 5; - s = tab[b >> 30]; - l ^= s << 30; - h ^= s >> 2; - - /* compensate for the top two bits of a */ - - if (top2b & 01) { - l ^= b << 30; - h ^= b >> 2; - } - if (top2b & 02) { - l ^= b << 31; - h ^= b >> 1; - } - - *r1 = h; - *r0 = l; -} -# endif -# if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) -static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, - const BN_ULONG b) -{ - register BN_ULONG h, l, s; - BN_ULONG tab[16], top3b = a >> 61; - register BN_ULONG a1, a2, a4, a8; - - a1 = a & (0x1FFFFFFFFFFFFFFFULL); - a2 = a1 << 1; - a4 = a2 << 1; - a8 = a4 << 1; - - tab[0] = 0; - tab[1] = a1; - tab[2] = a2; - tab[3] = a1 ^ a2; - tab[4] = a4; - tab[5] = a1 ^ a4; - tab[6] = a2 ^ a4; - tab[7] = a1 ^ a2 ^ a4; - tab[8] = a8; - tab[9] = a1 ^ a8; - tab[10] = a2 ^ a8; - tab[11] = a1 ^ a2 ^ a8; - tab[12] = a4 ^ a8; - tab[13] = a1 ^ a4 ^ a8; - tab[14] = a2 ^ a4 ^ a8; - tab[15] = a1 ^ a2 ^ a4 ^ a8; - - s = tab[b & 0xF]; - l = s; - s = tab[b >> 4 & 0xF]; - l ^= s << 4; - h = s >> 60; - s = tab[b >> 8 & 0xF]; - l ^= s << 8; - h ^= s >> 56; - s = tab[b >> 12 & 0xF]; - l ^= s << 12; - h ^= s >> 52; - s = tab[b >> 16 & 0xF]; - l ^= s << 16; - h ^= s >> 48; - s = tab[b >> 20 & 0xF]; - l ^= s << 20; - h ^= s >> 44; - s = tab[b >> 24 & 0xF]; - l ^= s << 24; - h ^= s >> 40; - s = tab[b >> 28 & 0xF]; - l ^= s << 28; - h ^= s >> 36; - s = tab[b >> 32 & 0xF]; - l ^= s << 32; - h ^= s >> 32; - s = tab[b >> 36 & 0xF]; - l ^= s << 36; - h ^= s >> 28; - s = tab[b >> 40 & 0xF]; - l ^= s << 40; - h ^= s >> 24; - s = tab[b >> 44 & 0xF]; - l ^= s << 44; - h ^= s >> 20; - s = tab[b >> 48 & 0xF]; - l ^= s << 48; - h ^= s >> 16; - s = tab[b >> 52 & 0xF]; - l ^= s << 52; - h ^= s >> 12; - s = tab[b >> 56 & 0xF]; - l ^= s << 56; - h ^= s >> 8; - s = tab[b >> 60]; - l ^= s << 60; - h ^= s >> 4; - - /* compensate for the top three bits of a */ - - if (top3b & 01) { - l ^= b << 61; - h ^= b >> 3; - } - if (top3b & 02) { - l ^= b << 62; - h ^= b >> 2; - } - if (top3b & 04) { - l ^= b << 63; - h ^= b >> 1; - } - - *r1 = h; - *r0 = l; -} -# endif - -/* - * Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1, - * result is a polynomial r with degree < 4 * BN_BITS2 - 1 The caller MUST - * ensure that the variables have the right amount of space allocated. - */ -static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, - const BN_ULONG b1, const BN_ULONG b0) -{ - BN_ULONG m1, m0; - /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */ - bn_GF2m_mul_1x1(r + 3, r + 2, a1, b1); - bn_GF2m_mul_1x1(r + 1, r, a0, b0); - bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1); - /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */ - r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */ - r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */ -} -# else -void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1, - BN_ULONG b0); -# endif - -/* - * Add polynomials a and b and store result in r; r could be a or b, a and b - * could be equal; r is the bitwise XOR of a and b. - */ -int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) -{ - int i; - const BIGNUM *at, *bt; - - bn_check_top(a); - bn_check_top(b); - - if (a->top < b->top) { - at = b; - bt = a; - } else { - at = a; - bt = b; - } - - if (bn_wexpand(r, at->top) == NULL) - return 0; - - for (i = 0; i < bt->top; i++) { - r->d[i] = at->d[i] ^ bt->d[i]; - } - for (; i < at->top; i++) { - r->d[i] = at->d[i]; - } - - r->top = at->top; - bn_correct_top(r); - - return 1; -} - -/*- - * Some functions allow for representation of the irreducible polynomials - * as an int[], say p. The irreducible f(t) is then of the form: - * t^p[0] + t^p[1] + ... + t^p[k] - * where m = p[0] > p[1] > ... > p[k] = 0. - */ - -/* Performs modular reduction of a and store result in r. r could be a. */ -int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]) -{ - int j, k; - int n, dN, d0, d1; - BN_ULONG zz, *z; - - bn_check_top(a); - - if (!p[0]) { - /* reduction mod 1 => return 0 */ - BN_zero(r); - return 1; - } - - /* - * Since the algorithm does reduction in the r value, if a != r, copy the - * contents of a into r so we can do reduction in r. - */ - if (a != r) { - if (!bn_wexpand(r, a->top)) - return 0; - for (j = 0; j < a->top; j++) { - r->d[j] = a->d[j]; - } - r->top = a->top; - } - z = r->d; - - /* start reduction */ - dN = p[0] / BN_BITS2; - for (j = r->top - 1; j > dN;) { - zz = z[j]; - if (z[j] == 0) { - j--; - continue; - } - z[j] = 0; - - for (k = 1; p[k] != 0; k++) { - /* reducing component t^p[k] */ - n = p[0] - p[k]; - d0 = n % BN_BITS2; - d1 = BN_BITS2 - d0; - n /= BN_BITS2; - z[j - n] ^= (zz >> d0); - if (d0) - z[j - n - 1] ^= (zz << d1); - } - - /* reducing component t^0 */ - n = dN; - d0 = p[0] % BN_BITS2; - d1 = BN_BITS2 - d0; - z[j - n] ^= (zz >> d0); - if (d0) - z[j - n - 1] ^= (zz << d1); - } - - /* final round of reduction */ - while (j == dN) { - - d0 = p[0] % BN_BITS2; - zz = z[dN] >> d0; - if (zz == 0) - break; - d1 = BN_BITS2 - d0; - - /* clear up the top d1 bits */ - if (d0) - z[dN] = (z[dN] << d1) >> d1; - else - z[dN] = 0; - z[0] ^= zz; /* reduction t^0 component */ - - for (k = 1; p[k] != 0; k++) { - BN_ULONG tmp_ulong; - - /* reducing component t^p[k] */ - n = p[k] / BN_BITS2; - d0 = p[k] % BN_BITS2; - d1 = BN_BITS2 - d0; - z[n] ^= (zz << d0); - if (d0 && (tmp_ulong = zz >> d1)) - z[n + 1] ^= tmp_ulong; - } - - } - - bn_correct_top(r); - return 1; -} - -/* - * Performs modular reduction of a by p and store result in r. r could be a. - * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper - * function is only provided for convenience; for best performance, use the - * BN_GF2m_mod_arr function. - */ -int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) -{ - int ret = 0; - int arr[6]; - bn_check_top(a); - bn_check_top(p); - ret = BN_GF2m_poly2arr(p, arr, sizeof(arr) / sizeof(arr[0])); - if (!ret || ret > (int)(sizeof(arr) / sizeof(arr[0]))) { - BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH); - return 0; - } - ret = BN_GF2m_mod_arr(r, a, arr); - bn_check_top(r); - return ret; -} - -/* - * Compute the product of two polynomials a and b, reduce modulo p, and store - * the result in r. r could be a or b; a could be b. - */ -int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const int p[], BN_CTX *ctx) -{ - int zlen, i, j, k, ret = 0; - BIGNUM *s; - BN_ULONG x1, x0, y1, y0, zz[4]; - - bn_check_top(a); - bn_check_top(b); - - if (a == b) { - return BN_GF2m_mod_sqr_arr(r, a, p, ctx); - } - - BN_CTX_start(ctx); - if ((s = BN_CTX_get(ctx)) == NULL) - goto err; - - zlen = a->top + b->top + 4; - if (!bn_wexpand(s, zlen)) - goto err; - s->top = zlen; - - for (i = 0; i < zlen; i++) - s->d[i] = 0; - - for (j = 0; j < b->top; j += 2) { - y0 = b->d[j]; - y1 = ((j + 1) == b->top) ? 0 : b->d[j + 1]; - for (i = 0; i < a->top; i += 2) { - x0 = a->d[i]; - x1 = ((i + 1) == a->top) ? 0 : a->d[i + 1]; - bn_GF2m_mul_2x2(zz, x1, x0, y1, y0); - for (k = 0; k < 4; k++) - s->d[i + j + k] ^= zz[k]; - } - } - - bn_correct_top(s); - if (BN_GF2m_mod_arr(r, s, p)) - ret = 1; - bn_check_top(r); - - err: - BN_CTX_end(ctx); - return ret; -} - -/* - * Compute the product of two polynomials a and b, reduce modulo p, and store - * the result in r. r could be a or b; a could equal b. This function calls - * down to the BN_GF2m_mod_mul_arr implementation; this wrapper function is - * only provided for convenience; for best performance, use the - * BN_GF2m_mod_mul_arr function. - */ -int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *p, BN_CTX *ctx) -{ - int ret = 0; - const int max = BN_num_bits(p) + 1; - int *arr = NULL; - bn_check_top(a); - bn_check_top(b); - bn_check_top(p); - if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) - goto err; - ret = BN_GF2m_poly2arr(p, arr, max); - if (!ret || ret > max) { - BNerr(BN_F_BN_GF2M_MOD_MUL, BN_R_INVALID_LENGTH); - goto err; - } - ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); - bn_check_top(r); - err: - if (arr) - OPENSSL_free(arr); - return ret; -} - -/* Square a, reduce the result mod p, and store it in a. r could be a. */ -int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], - BN_CTX *ctx) -{ - int i, ret = 0; - BIGNUM *s; - - bn_check_top(a); - BN_CTX_start(ctx); - if ((s = BN_CTX_get(ctx)) == NULL) - goto err; - if (!bn_wexpand(s, 2 * a->top)) - goto err; - - for (i = a->top - 1; i >= 0; i--) { - s->d[2 * i + 1] = SQR1(a->d[i]); - s->d[2 * i] = SQR0(a->d[i]); - } - - s->top = 2 * a->top; - bn_correct_top(s); - if (!BN_GF2m_mod_arr(r, s, p)) - goto err; - bn_check_top(r); - ret = 1; - err: - BN_CTX_end(ctx); - return ret; -} - -/* - * Square a, reduce the result mod p, and store it in a. r could be a. This - * function calls down to the BN_GF2m_mod_sqr_arr implementation; this - * wrapper function is only provided for convenience; for best performance, - * use the BN_GF2m_mod_sqr_arr function. - */ -int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) -{ - int ret = 0; - const int max = BN_num_bits(p) + 1; - int *arr = NULL; - - bn_check_top(a); - bn_check_top(p); - if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) - goto err; - ret = BN_GF2m_poly2arr(p, arr, max); - if (!ret || ret > max) { - BNerr(BN_F_BN_GF2M_MOD_SQR, BN_R_INVALID_LENGTH); - goto err; - } - ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); - bn_check_top(r); - err: - if (arr) - OPENSSL_free(arr); - return ret; -} - -/* - * Invert a, reduce modulo p, and store the result in r. r could be a. Uses - * Modified Almost Inverse Algorithm (Algorithm 10) from Hankerson, D., - * Hernandez, J.L., and Menezes, A. "Software Implementation of Elliptic - * Curve Cryptography Over Binary Fields". - */ -int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) -{ - BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp; - int ret = 0; - - bn_check_top(a); - bn_check_top(p); - - BN_CTX_start(ctx); - - if ((b = BN_CTX_get(ctx)) == NULL) - goto err; - if ((c = BN_CTX_get(ctx)) == NULL) - goto err; - if ((u = BN_CTX_get(ctx)) == NULL) - goto err; - if ((v = BN_CTX_get(ctx)) == NULL) - goto err; - - if (!BN_GF2m_mod(u, a, p)) - goto err; - if (BN_is_zero(u)) - goto err; - - if (!BN_copy(v, p)) - goto err; -# if 0 - if (!BN_one(b)) - goto err; - - while (1) { - while (!BN_is_odd(u)) { - if (BN_is_zero(u)) - goto err; - if (!BN_rshift1(u, u)) - goto err; - if (BN_is_odd(b)) { - if (!BN_GF2m_add(b, b, p)) - goto err; - } - if (!BN_rshift1(b, b)) - goto err; - } - - if (BN_abs_is_word(u, 1)) - break; - - if (BN_num_bits(u) < BN_num_bits(v)) { - tmp = u; - u = v; - v = tmp; - tmp = b; - b = c; - c = tmp; - } - - if (!BN_GF2m_add(u, u, v)) - goto err; - if (!BN_GF2m_add(b, b, c)) - goto err; - } -# else - { - int i; - int ubits = BN_num_bits(u); - int vbits = BN_num_bits(v); /* v is copy of p */ - int top = p->top; - BN_ULONG *udp, *bdp, *vdp, *cdp; - - if (!bn_wexpand(u, top)) - goto err; - udp = u->d; - for (i = u->top; i < top; i++) - udp[i] = 0; - u->top = top; - if (!bn_wexpand(b, top)) - goto err; - bdp = b->d; - bdp[0] = 1; - for (i = 1; i < top; i++) - bdp[i] = 0; - b->top = top; - if (!bn_wexpand(c, top)) - goto err; - cdp = c->d; - for (i = 0; i < top; i++) - cdp[i] = 0; - c->top = top; - vdp = v->d; /* It pays off to "cache" *->d pointers, - * because it allows optimizer to be more - * aggressive. But we don't have to "cache" - * p->d, because *p is declared 'const'... */ - while (1) { - while (ubits && !(udp[0] & 1)) { - BN_ULONG u0, u1, b0, b1, mask; - - u0 = udp[0]; - b0 = bdp[0]; - mask = (BN_ULONG)0 - (b0 & 1); - b0 ^= p->d[0] & mask; - for (i = 0; i < top - 1; i++) { - u1 = udp[i + 1]; - udp[i] = ((u0 >> 1) | (u1 << (BN_BITS2 - 1))) & BN_MASK2; - u0 = u1; - b1 = bdp[i + 1] ^ (p->d[i + 1] & mask); - bdp[i] = ((b0 >> 1) | (b1 << (BN_BITS2 - 1))) & BN_MASK2; - b0 = b1; - } - udp[i] = u0 >> 1; - bdp[i] = b0 >> 1; - ubits--; - } - - if (ubits <= BN_BITS2) { - if (udp[0] == 0) /* poly was reducible */ - goto err; - if (udp[0] == 1) - break; - } - - if (ubits < vbits) { - i = ubits; - ubits = vbits; - vbits = i; - tmp = u; - u = v; - v = tmp; - tmp = b; - b = c; - c = tmp; - udp = vdp; - vdp = v->d; - bdp = cdp; - cdp = c->d; - } - for (i = 0; i < top; i++) { - udp[i] ^= vdp[i]; - bdp[i] ^= cdp[i]; - } - if (ubits == vbits) { - BN_ULONG ul; - int utop = (ubits - 1) / BN_BITS2; - - while ((ul = udp[utop]) == 0 && utop) - utop--; - ubits = utop * BN_BITS2 + BN_num_bits_word(ul); - } - } - bn_correct_top(b); - } -# endif - - if (!BN_copy(r, b)) - goto err; - bn_check_top(r); - ret = 1; - - err: -# ifdef BN_DEBUG /* BN_CTX_end would complain about the - * expanded form */ - bn_correct_top(c); - bn_correct_top(u); - bn_correct_top(v); -# endif - BN_CTX_end(ctx); - return ret; -} - -/* - * Invert xx, reduce modulo p, and store the result in r. r could be xx. - * This function calls down to the BN_GF2m_mod_inv implementation; this - * wrapper function is only provided for convenience; for best performance, - * use the BN_GF2m_mod_inv function. - */ -int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], - BN_CTX *ctx) -{ - BIGNUM *field; - int ret = 0; - - bn_check_top(xx); - BN_CTX_start(ctx); - if ((field = BN_CTX_get(ctx)) == NULL) - goto err; - if (!BN_GF2m_arr2poly(p, field)) - goto err; - - ret = BN_GF2m_mod_inv(r, xx, field, ctx); - bn_check_top(r); - - err: - BN_CTX_end(ctx); - return ret; -} - -# ifndef OPENSSL_SUN_GF2M_DIV -/* - * Divide y by x, reduce modulo p, and store the result in r. r could be x - * or y, x could equal y. - */ -int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, - const BIGNUM *p, BN_CTX *ctx) -{ - BIGNUM *xinv = NULL; - int ret = 0; - - bn_check_top(y); - bn_check_top(x); - bn_check_top(p); - - BN_CTX_start(ctx); - xinv = BN_CTX_get(ctx); - if (xinv == NULL) - goto err; - - if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) - goto err; - if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) - goto err; - bn_check_top(r); - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; -} -# else -/* - * Divide y by x, reduce modulo p, and store the result in r. r could be x - * or y, x could equal y. Uses algorithm Modular_Division_GF(2^m) from - * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to the - * Great Divide". - */ -int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, - const BIGNUM *p, BN_CTX *ctx) -{ - BIGNUM *a, *b, *u, *v; - int ret = 0; - - bn_check_top(y); - bn_check_top(x); - bn_check_top(p); - - BN_CTX_start(ctx); - - a = BN_CTX_get(ctx); - b = BN_CTX_get(ctx); - u = BN_CTX_get(ctx); - v = BN_CTX_get(ctx); - if (v == NULL) - goto err; - - /* reduce x and y mod p */ - if (!BN_GF2m_mod(u, y, p)) - goto err; - if (!BN_GF2m_mod(a, x, p)) - goto err; - if (!BN_copy(b, p)) - goto err; - - while (!BN_is_odd(a)) { - if (!BN_rshift1(a, a)) - goto err; - if (BN_is_odd(u)) - if (!BN_GF2m_add(u, u, p)) - goto err; - if (!BN_rshift1(u, u)) - goto err; - } - - do { - if (BN_GF2m_cmp(b, a) > 0) { - if (!BN_GF2m_add(b, b, a)) - goto err; - if (!BN_GF2m_add(v, v, u)) - goto err; - do { - if (!BN_rshift1(b, b)) - goto err; - if (BN_is_odd(v)) - if (!BN_GF2m_add(v, v, p)) - goto err; - if (!BN_rshift1(v, v)) - goto err; - } while (!BN_is_odd(b)); - } else if (BN_abs_is_word(a, 1)) - break; - else { - if (!BN_GF2m_add(a, a, b)) - goto err; - if (!BN_GF2m_add(u, u, v)) - goto err; - do { - if (!BN_rshift1(a, a)) - goto err; - if (BN_is_odd(u)) - if (!BN_GF2m_add(u, u, p)) - goto err; - if (!BN_rshift1(u, u)) - goto err; - } while (!BN_is_odd(a)); - } - } while (1); - - if (!BN_copy(r, u)) - goto err; - bn_check_top(r); - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; -} -# endif - -/* - * Divide yy by xx, reduce modulo p, and store the result in r. r could be xx - * * or yy, xx could equal yy. This function calls down to the - * BN_GF2m_mod_div implementation; this wrapper function is only provided for - * convenience; for best performance, use the BN_GF2m_mod_div function. - */ -int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, - const int p[], BN_CTX *ctx) -{ - BIGNUM *field; - int ret = 0; - - bn_check_top(yy); - bn_check_top(xx); - - BN_CTX_start(ctx); - if ((field = BN_CTX_get(ctx)) == NULL) - goto err; - if (!BN_GF2m_arr2poly(p, field)) - goto err; - - ret = BN_GF2m_mod_div(r, yy, xx, field, ctx); - bn_check_top(r); - - err: - BN_CTX_end(ctx); - return ret; -} - -/* - * Compute the bth power of a, reduce modulo p, and store the result in r. r - * could be a. Uses simple square-and-multiply algorithm A.5.1 from IEEE - * P1363. - */ -int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const int p[], BN_CTX *ctx) -{ - int ret = 0, i, n; - BIGNUM *u; - - bn_check_top(a); - bn_check_top(b); - - if (BN_is_zero(b)) - return (BN_one(r)); - - if (BN_abs_is_word(b, 1)) - return (BN_copy(r, a) != NULL); - - BN_CTX_start(ctx); - if ((u = BN_CTX_get(ctx)) == NULL) - goto err; - - if (!BN_GF2m_mod_arr(u, a, p)) - goto err; - - n = BN_num_bits(b) - 1; - for (i = n - 1; i >= 0; i--) { - if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx)) - goto err; - if (BN_is_bit_set(b, i)) { - if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx)) - goto err; - } - } - if (!BN_copy(r, u)) - goto err; - bn_check_top(r); - ret = 1; - err: - BN_CTX_end(ctx); - return ret; -} - -/* - * Compute the bth power of a, reduce modulo p, and store the result in r. r - * could be a. This function calls down to the BN_GF2m_mod_exp_arr - * implementation; this wrapper function is only provided for convenience; - * for best performance, use the BN_GF2m_mod_exp_arr function. - */ -int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *p, BN_CTX *ctx) -{ - int ret = 0; - const int max = BN_num_bits(p) + 1; - int *arr = NULL; - bn_check_top(a); - bn_check_top(b); - bn_check_top(p); - if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) - goto err; - ret = BN_GF2m_poly2arr(p, arr, max); - if (!ret || ret > max) { - BNerr(BN_F_BN_GF2M_MOD_EXP, BN_R_INVALID_LENGTH); - goto err; - } - ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); - bn_check_top(r); - err: - if (arr) - OPENSSL_free(arr); - return ret; -} - -/* - * Compute the square root of a, reduce modulo p, and store the result in r. - * r could be a. Uses exponentiation as in algorithm A.4.1 from IEEE P1363. - */ -int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[], - BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *u; - - bn_check_top(a); - - if (!p[0]) { - /* reduction mod 1 => return 0 */ - BN_zero(r); - return 1; - } - - BN_CTX_start(ctx); - if ((u = BN_CTX_get(ctx)) == NULL) - goto err; - - if (!BN_set_bit(u, p[0] - 1)) - goto err; - ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx); - bn_check_top(r); - - err: - BN_CTX_end(ctx); - return ret; -} - -/* - * Compute the square root of a, reduce modulo p, and store the result in r. - * r could be a. This function calls down to the BN_GF2m_mod_sqrt_arr - * implementation; this wrapper function is only provided for convenience; - * for best performance, use the BN_GF2m_mod_sqrt_arr function. - */ -int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) -{ - int ret = 0; - const int max = BN_num_bits(p) + 1; - int *arr = NULL; - bn_check_top(a); - bn_check_top(p); - if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) - goto err; - ret = BN_GF2m_poly2arr(p, arr, max); - if (!ret || ret > max) { - BNerr(BN_F_BN_GF2M_MOD_SQRT, BN_R_INVALID_LENGTH); - goto err; - } - ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); - bn_check_top(r); - err: - if (arr) - OPENSSL_free(arr); - return ret; -} - -/* - * Find r such that r^2 + r = a mod p. r could be a. If no r exists returns - * 0. Uses algorithms A.4.7 and A.4.6 from IEEE P1363. - */ -int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], - BN_CTX *ctx) -{ - int ret = 0, count = 0, j; - BIGNUM *a, *z, *rho, *w, *w2, *tmp; - - bn_check_top(a_); - - if (!p[0]) { - /* reduction mod 1 => return 0 */ - BN_zero(r); - return 1; - } - - BN_CTX_start(ctx); - a = BN_CTX_get(ctx); - z = BN_CTX_get(ctx); - w = BN_CTX_get(ctx); - if (w == NULL) - goto err; - - if (!BN_GF2m_mod_arr(a, a_, p)) - goto err; - - if (BN_is_zero(a)) { - BN_zero(r); - ret = 1; - goto err; - } - - if (p[0] & 0x1) { /* m is odd */ - /* compute half-trace of a */ - if (!BN_copy(z, a)) - goto err; - for (j = 1; j <= (p[0] - 1) / 2; j++) { - if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) - goto err; - if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) - goto err; - if (!BN_GF2m_add(z, z, a)) - goto err; - } - - } else { /* m is even */ - - rho = BN_CTX_get(ctx); - w2 = BN_CTX_get(ctx); - tmp = BN_CTX_get(ctx); - if (tmp == NULL) - goto err; - do { - if (!BN_rand(rho, p[0], 0, 0)) - goto err; - if (!BN_GF2m_mod_arr(rho, rho, p)) - goto err; - BN_zero(z); - if (!BN_copy(w, rho)) - goto err; - for (j = 1; j <= p[0] - 1; j++) { - if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) - goto err; - if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) - goto err; - if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx)) - goto err; - if (!BN_GF2m_add(z, z, tmp)) - goto err; - if (!BN_GF2m_add(w, w2, rho)) - goto err; - } - count++; - } while (BN_is_zero(w) && (count < MAX_ITERATIONS)); - if (BN_is_zero(w)) { - BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_TOO_MANY_ITERATIONS); - goto err; - } - } - - if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) - goto err; - if (!BN_GF2m_add(w, z, w)) - goto err; - if (BN_GF2m_cmp(w, a)) { - BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION); - goto err; - } - - if (!BN_copy(r, z)) - goto err; - bn_check_top(r); - - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; -} - -/* - * Find r such that r^2 + r = a mod p. r could be a. If no r exists returns - * 0. This function calls down to the BN_GF2m_mod_solve_quad_arr - * implementation; this wrapper function is only provided for convenience; - * for best performance, use the BN_GF2m_mod_solve_quad_arr function. - */ -int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - BN_CTX *ctx) -{ - int ret = 0; - const int max = BN_num_bits(p) + 1; - int *arr = NULL; - bn_check_top(a); - bn_check_top(p); - if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) - goto err; - ret = BN_GF2m_poly2arr(p, arr, max); - if (!ret || ret > max) { - BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD, BN_R_INVALID_LENGTH); - goto err; - } - ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); - bn_check_top(r); - err: - if (arr) - OPENSSL_free(arr); - return ret; -} - -/* - * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i * - * x^i) into an array of integers corresponding to the bits with non-zero - * coefficient. Array is terminated with -1. Up to max elements of the array - * will be filled. Return value is total number of array elements that would - * be filled if array was large enough. - */ -int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max) -{ - int i, j, k = 0; - BN_ULONG mask; - - if (BN_is_zero(a)) - return 0; - - for (i = a->top - 1; i >= 0; i--) { - if (!a->d[i]) - /* skip word if a->d[i] == 0 */ - continue; - mask = BN_TBIT; - for (j = BN_BITS2 - 1; j >= 0; j--) { - if (a->d[i] & mask) { - if (k < max) - p[k] = BN_BITS2 * i + j; - k++; - } - mask >>= 1; - } - } - - if (k < max) { - p[k] = -1; - k++; - } - - return k; -} - -/* - * Convert the coefficient array representation of a polynomial to a - * bit-string. The array must be terminated by -1. - */ -int BN_GF2m_arr2poly(const int p[], BIGNUM *a) -{ - int i; - - bn_check_top(a); - BN_zero(a); - for (i = 0; p[i] != -1; i++) { - if (BN_set_bit(a, p[i]) == 0) - return 0; - } - bn_check_top(a); - - return 1; -} - -#endif diff --git a/thirdparty/openssl/crypto/bn/bn_kron.c b/thirdparty/openssl/crypto/bn/bn_kron.c deleted file mode 100644 index 88d731ac75..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_kron.c +++ /dev/null @@ -1,186 +0,0 @@ -/* crypto/bn/bn_kron.c */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "cryptlib.h" -#include "bn_lcl.h" - -/* least significant word */ -#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0]) - -/* Returns -2 for errors because both -1 and 0 are valid results. */ -int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -{ - int i; - int ret = -2; /* avoid 'uninitialized' warning */ - int err = 0; - BIGNUM *A, *B, *tmp; - /*- - * In 'tab', only odd-indexed entries are relevant: - * For any odd BIGNUM n, - * tab[BN_lsw(n) & 7] - * is $(-1)^{(n^2-1)/8}$ (using TeX notation). - * Note that the sign of n does not matter. - */ - static const int tab[8] = { 0, 1, 0, -1, 0, -1, 0, 1 }; - - bn_check_top(a); - bn_check_top(b); - - BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - B = BN_CTX_get(ctx); - if (B == NULL) - goto end; - - err = !BN_copy(A, a); - if (err) - goto end; - err = !BN_copy(B, b); - if (err) - goto end; - - /* - * Kronecker symbol, imlemented according to Henri Cohen, - * "A Course in Computational Algebraic Number Theory" - * (algorithm 1.4.10). - */ - - /* Cohen's step 1: */ - - if (BN_is_zero(B)) { - ret = BN_abs_is_word(A, 1); - goto end; - } - - /* Cohen's step 2: */ - - if (!BN_is_odd(A) && !BN_is_odd(B)) { - ret = 0; - goto end; - } - - /* now B is non-zero */ - i = 0; - while (!BN_is_bit_set(B, i)) - i++; - err = !BN_rshift(B, B, i); - if (err) - goto end; - if (i & 1) { - /* i is odd */ - /* (thus B was even, thus A must be odd!) */ - - /* set 'ret' to $(-1)^{(A^2-1)/8}$ */ - ret = tab[BN_lsw(A) & 7]; - } else { - /* i is even */ - ret = 1; - } - - if (B->neg) { - B->neg = 0; - if (A->neg) - ret = -ret; - } - - /* - * now B is positive and odd, so what remains to be done is to compute - * the Jacobi symbol (A/B) and multiply it by 'ret' - */ - - while (1) { - /* Cohen's step 3: */ - - /* B is positive and odd */ - - if (BN_is_zero(A)) { - ret = BN_is_one(B) ? ret : 0; - goto end; - } - - /* now A is non-zero */ - i = 0; - while (!BN_is_bit_set(A, i)) - i++; - err = !BN_rshift(A, A, i); - if (err) - goto end; - if (i & 1) { - /* i is odd */ - /* multiply 'ret' by $(-1)^{(B^2-1)/8}$ */ - ret = ret * tab[BN_lsw(B) & 7]; - } - - /* Cohen's step 4: */ - /* multiply 'ret' by $(-1)^{(A-1)(B-1)/4}$ */ - if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2) - ret = -ret; - - /* (A, B) := (B mod |A|, |A|) */ - err = !BN_nnmod(B, B, A, ctx); - if (err) - goto end; - tmp = A; - A = B; - B = tmp; - tmp->neg = 0; - } - end: - BN_CTX_end(ctx); - if (err) - return -2; - else - return ret; -} diff --git a/thirdparty/openssl/crypto/bn/bn_lcl.h b/thirdparty/openssl/crypto/bn/bn_lcl.h deleted file mode 100644 index 00f4f09945..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_lcl.h +++ /dev/null @@ -1,537 +0,0 @@ -/* crypto/bn/bn_lcl.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_BN_LCL_H -# define HEADER_BN_LCL_H - -# include <openssl/bn.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/*- - * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions - * - * - * For window size 'w' (w >= 2) and a random 'b' bits exponent, - * the number of multiplications is a constant plus on average - * - * 2^(w-1) + (b-w)/(w+1); - * - * here 2^(w-1) is for precomputing the table (we actually need - * entries only for windows that have the lowest bit set), and - * (b-w)/(w+1) is an approximation for the expected number of - * w-bit windows, not counting the first one. - * - * Thus we should use - * - * w >= 6 if b > 671 - * w = 5 if 671 > b > 239 - * w = 4 if 239 > b > 79 - * w = 3 if 79 > b > 23 - * w <= 2 if 23 > b - * - * (with draws in between). Very small exponents are often selected - * with low Hamming weight, so we use w = 1 for b <= 23. - */ -# if 1 -# define BN_window_bits_for_exponent_size(b) \ - ((b) > 671 ? 6 : \ - (b) > 239 ? 5 : \ - (b) > 79 ? 4 : \ - (b) > 23 ? 3 : 1) -# else -/* - * Old SSLeay/OpenSSL table. Maximum window size was 5, so this table differs - * for b==1024; but it coincides for other interesting values (b==160, - * b==512). - */ -# define BN_window_bits_for_exponent_size(b) \ - ((b) > 255 ? 5 : \ - (b) > 127 ? 4 : \ - (b) > 17 ? 3 : 1) -# endif - -/* - * BN_mod_exp_mont_conttime is based on the assumption that the L1 data cache - * line width of the target processor is at least the following value. - */ -# define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 ) -# define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1) - -/* - * Window sizes optimized for fixed window size modular exponentiation - * algorithm (BN_mod_exp_mont_consttime). To achieve the security goals of - * BN_mode_exp_mont_consttime, the maximum size of the window must not exceed - * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH). Window size thresholds are - * defined for cache line sizes of 32 and 64, cache line sizes where - * log_2(32)=5 and log_2(64)=6 respectively. A window size of 7 should only be - * used on processors that have a 128 byte or greater cache line size. - */ -# if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64 - -# define BN_window_bits_for_ctime_exponent_size(b) \ - ((b) > 937 ? 6 : \ - (b) > 306 ? 5 : \ - (b) > 89 ? 4 : \ - (b) > 22 ? 3 : 1) -# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6) - -# elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32 - -# define BN_window_bits_for_ctime_exponent_size(b) \ - ((b) > 306 ? 5 : \ - (b) > 89 ? 4 : \ - (b) > 22 ? 3 : 1) -# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5) - -# endif - -/* Pentium pro 16,16,16,32,64 */ -/* Alpha 16,16,16,16.64 */ -# define BN_MULL_SIZE_NORMAL (16)/* 32 */ -# define BN_MUL_RECURSIVE_SIZE_NORMAL (16)/* 32 less than */ -# define BN_SQR_RECURSIVE_SIZE_NORMAL (16)/* 32 */ -# define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32)/* 32 */ -# define BN_MONT_CTX_SET_SIZE_WORD (64)/* 32 */ - -/* - * 2011-02-22 SMS. In various places, a size_t variable or a type cast to - * size_t was used to perform integer-only operations on pointers. This - * failed on VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t - * is still only 32 bits. What's needed in these cases is an integer type - * with the same size as a pointer, which size_t is not certain to be. The - * only fix here is VMS-specific. - */ -# if defined(OPENSSL_SYS_VMS) -# if __INITIAL_POINTER_SIZE == 64 -# define PTR_SIZE_INT long long -# else /* __INITIAL_POINTER_SIZE == 64 */ -# define PTR_SIZE_INT int -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ -# elif !defined(PTR_SIZE_INT) /* defined(OPENSSL_SYS_VMS) */ -# define PTR_SIZE_INT size_t -# endif /* defined(OPENSSL_SYS_VMS) [else] */ - -# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) -/* - * BN_UMULT_HIGH section. - * - * No, I'm not trying to overwhelm you when stating that the - * product of N-bit numbers is 2*N bits wide:-) No, I don't expect - * you to be impressed when I say that if the compiler doesn't - * support 2*N integer type, then you have to replace every N*N - * multiplication with 4 (N/2)*(N/2) accompanied by some shifts - * and additions which unavoidably results in severe performance - * penalties. Of course provided that the hardware is capable of - * producing 2*N result... That's when you normally start - * considering assembler implementation. However! It should be - * pointed out that some CPUs (most notably Alpha, PowerPC and - * upcoming IA-64 family:-) provide *separate* instruction - * calculating the upper half of the product placing the result - * into a general purpose register. Now *if* the compiler supports - * inline assembler, then it's not impossible to implement the - * "bignum" routines (and have the compiler optimize 'em) - * exhibiting "native" performance in C. That's what BN_UMULT_HIGH - * macro is about:-) - * - * <appro@fy.chalmers.se> - */ -# if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) -# if defined(__DECC) -# include <c_asm.h> -# define BN_UMULT_HIGH(a,b) (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b)) -# elif defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret; \ - asm ("umulh %1,%2,%0" \ - : "=r"(ret) \ - : "r"(a), "r"(b)); \ - ret; }) -# endif /* compiler */ -# elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG) -# if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret; \ - asm ("mulhdu %0,%1,%2" \ - : "=r"(ret) \ - : "r"(a), "r"(b)); \ - ret; }) -# endif /* compiler */ -# elif (defined(__x86_64) || defined(__x86_64__)) && \ - (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) -# if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret,discard; \ - asm ("mulq %3" \ - : "=a"(discard),"=d"(ret) \ - : "a"(a), "g"(b) \ - : "cc"); \ - ret; }) -# define BN_UMULT_LOHI(low,high,a,b) \ - asm ("mulq %3" \ - : "=a"(low),"=d"(high) \ - : "a"(a),"g"(b) \ - : "cc"); -# endif -# elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT) -# if defined(_MSC_VER) && _MSC_VER>=1400 -unsigned __int64 __umulh(unsigned __int64 a, unsigned __int64 b); -unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, - unsigned __int64 *h); -# pragma intrinsic(__umulh,_umul128) -# define BN_UMULT_HIGH(a,b) __umulh((a),(b)) -# define BN_UMULT_LOHI(low,high,a,b) ((low)=_umul128((a),(b),&(high))) -# endif -# elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) -# if defined(__GNUC__) && __GNUC__>=2 -# if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4) - /* "h" constraint is no more since 4.4 */ -# define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) -# define BN_UMULT_LOHI(low,high,a,b) ({ \ - __uint128_t ret=(__uint128_t)(a)*(b); \ - (high)=ret>>64; (low)=ret; }) -# else -# define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret; \ - asm ("dmultu %1,%2" \ - : "=h"(ret) \ - : "r"(a), "r"(b) : "l"); \ - ret; }) -# define BN_UMULT_LOHI(low,high,a,b)\ - asm ("dmultu %2,%3" \ - : "=l"(low),"=h"(high) \ - : "r"(a), "r"(b)); -# endif -# endif -# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG) -# if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret; \ - asm ("umulh %0,%1,%2" \ - : "=r"(ret) \ - : "r"(a), "r"(b)); \ - ret; }) -# endif -# endif /* cpu */ -# endif /* OPENSSL_NO_ASM */ - -/************************************************************* - * Using the long long type - */ -# define Lw(t) (((BN_ULONG)(t))&BN_MASK2) -# define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) - -# ifdef BN_DEBUG_RAND -# define bn_clear_top2max(a) \ - { \ - int ind = (a)->dmax - (a)->top; \ - BN_ULONG *ftl = &(a)->d[(a)->top-1]; \ - for (; ind != 0; ind--) \ - *(++ftl) = 0x0; \ - } -# else -# define bn_clear_top2max(a) -# endif - -# ifdef BN_LLONG -# define mul_add(r,a,w,c) { \ - BN_ULLONG t; \ - t=(BN_ULLONG)w * (a) + (r) + (c); \ - (r)= Lw(t); \ - (c)= Hw(t); \ - } - -# define mul(r,a,w,c) { \ - BN_ULLONG t; \ - t=(BN_ULLONG)w * (a) + (c); \ - (r)= Lw(t); \ - (c)= Hw(t); \ - } - -# define sqr(r0,r1,a) { \ - BN_ULLONG t; \ - t=(BN_ULLONG)(a)*(a); \ - (r0)=Lw(t); \ - (r1)=Hw(t); \ - } - -# elif defined(BN_UMULT_LOHI) -# define mul_add(r,a,w,c) { \ - BN_ULONG high,low,ret,tmp=(a); \ - ret = (r); \ - BN_UMULT_LOHI(low,high,w,tmp); \ - ret += (c); \ - (c) = (ret<(c))?1:0; \ - (c) += high; \ - ret += low; \ - (c) += (ret<low)?1:0; \ - (r) = ret; \ - } - -# define mul(r,a,w,c) { \ - BN_ULONG high,low,ret,ta=(a); \ - BN_UMULT_LOHI(low,high,w,ta); \ - ret = low + (c); \ - (c) = high; \ - (c) += (ret<low)?1:0; \ - (r) = ret; \ - } - -# define sqr(r0,r1,a) { \ - BN_ULONG tmp=(a); \ - BN_UMULT_LOHI(r0,r1,tmp,tmp); \ - } - -# elif defined(BN_UMULT_HIGH) -# define mul_add(r,a,w,c) { \ - BN_ULONG high,low,ret,tmp=(a); \ - ret = (r); \ - high= BN_UMULT_HIGH(w,tmp); \ - ret += (c); \ - low = (w) * tmp; \ - (c) = (ret<(c))?1:0; \ - (c) += high; \ - ret += low; \ - (c) += (ret<low)?1:0; \ - (r) = ret; \ - } - -# define mul(r,a,w,c) { \ - BN_ULONG high,low,ret,ta=(a); \ - low = (w) * ta; \ - high= BN_UMULT_HIGH(w,ta); \ - ret = low + (c); \ - (c) = high; \ - (c) += (ret<low)?1:0; \ - (r) = ret; \ - } - -# define sqr(r0,r1,a) { \ - BN_ULONG tmp=(a); \ - (r0) = tmp * tmp; \ - (r1) = BN_UMULT_HIGH(tmp,tmp); \ - } - -# else -/************************************************************* - * No long long type - */ - -# define LBITS(a) ((a)&BN_MASK2l) -# define HBITS(a) (((a)>>BN_BITS4)&BN_MASK2l) -# define L2HBITS(a) (((a)<<BN_BITS4)&BN_MASK2) - -# define LLBITS(a) ((a)&BN_MASKl) -# define LHBITS(a) (((a)>>BN_BITS2)&BN_MASKl) -# define LL2HBITS(a) ((BN_ULLONG)((a)&BN_MASKl)<<BN_BITS2) - -# define mul64(l,h,bl,bh) \ - { \ - BN_ULONG m,m1,lt,ht; \ - \ - lt=l; \ - ht=h; \ - m =(bh)*(lt); \ - lt=(bl)*(lt); \ - m1=(bl)*(ht); \ - ht =(bh)*(ht); \ - m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS((BN_ULONG)1); \ - ht+=HBITS(m); \ - m1=L2HBITS(m); \ - lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \ - (l)=lt; \ - (h)=ht; \ - } - -# define sqr64(lo,ho,in) \ - { \ - BN_ULONG l,h,m; \ - \ - h=(in); \ - l=LBITS(h); \ - h=HBITS(h); \ - m =(l)*(h); \ - l*=l; \ - h*=h; \ - h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \ - m =(m&BN_MASK2l)<<(BN_BITS4+1); \ - l=(l+m)&BN_MASK2; if (l < m) h++; \ - (lo)=l; \ - (ho)=h; \ - } - -# define mul_add(r,a,bl,bh,c) { \ - BN_ULONG l,h; \ - \ - h= (a); \ - l=LBITS(h); \ - h=HBITS(h); \ - mul64(l,h,(bl),(bh)); \ - \ - /* non-multiply part */ \ - l=(l+(c))&BN_MASK2; if (l < (c)) h++; \ - (c)=(r); \ - l=(l+(c))&BN_MASK2; if (l < (c)) h++; \ - (c)=h&BN_MASK2; \ - (r)=l; \ - } - -# define mul(r,a,bl,bh,c) { \ - BN_ULONG l,h; \ - \ - h= (a); \ - l=LBITS(h); \ - h=HBITS(h); \ - mul64(l,h,(bl),(bh)); \ - \ - /* non-multiply part */ \ - l+=(c); if ((l&BN_MASK2) < (c)) h++; \ - (c)=h&BN_MASK2; \ - (r)=l&BN_MASK2; \ - } -# endif /* !BN_LLONG */ - -# if defined(OPENSSL_DOING_MAKEDEPEND) && defined(OPENSSL_FIPS) -# undef bn_div_words -# endif - -void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb); -void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); -void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); -void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp); -void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a); -void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a); -int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n); -int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl); -void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - int dna, int dnb, BN_ULONG *t); -void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, - int n, int tna, int tnb, BN_ULONG *t); -void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t); -void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n); -void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - BN_ULONG *t); -void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, - BN_ULONG *t); -BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl); -BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl); -int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/thirdparty/openssl/crypto/bn/bn_lib.c b/thirdparty/openssl/crypto/bn/bn_lib.c deleted file mode 100644 index 10b78f5126..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_lib.c +++ /dev/null @@ -1,916 +0,0 @@ -/* crypto/bn/bn_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef BN_DEBUG -# undef NDEBUG /* avoid conflicting definitions */ -# define NDEBUG -#endif - -#include <assert.h> -#include <limits.h> -#include <stdio.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT; - -/* This stuff appears to be completely unused, so is deprecated */ -#ifndef OPENSSL_NO_DEPRECATED -/*- - * For a 32 bit machine - * 2 - 4 == 128 - * 3 - 8 == 256 - * 4 - 16 == 512 - * 5 - 32 == 1024 - * 6 - 64 == 2048 - * 7 - 128 == 4096 - * 8 - 256 == 8192 - */ -static int bn_limit_bits = 0; -static int bn_limit_num = 8; /* (1<<bn_limit_bits) */ -static int bn_limit_bits_low = 0; -static int bn_limit_num_low = 8; /* (1<<bn_limit_bits_low) */ -static int bn_limit_bits_high = 0; -static int bn_limit_num_high = 8; /* (1<<bn_limit_bits_high) */ -static int bn_limit_bits_mont = 0; -static int bn_limit_num_mont = 8; /* (1<<bn_limit_bits_mont) */ - -void BN_set_params(int mult, int high, int low, int mont) -{ - if (mult >= 0) { - if (mult > (int)(sizeof(int) * 8) - 1) - mult = sizeof(int) * 8 - 1; - bn_limit_bits = mult; - bn_limit_num = 1 << mult; - } - if (high >= 0) { - if (high > (int)(sizeof(int) * 8) - 1) - high = sizeof(int) * 8 - 1; - bn_limit_bits_high = high; - bn_limit_num_high = 1 << high; - } - if (low >= 0) { - if (low > (int)(sizeof(int) * 8) - 1) - low = sizeof(int) * 8 - 1; - bn_limit_bits_low = low; - bn_limit_num_low = 1 << low; - } - if (mont >= 0) { - if (mont > (int)(sizeof(int) * 8) - 1) - mont = sizeof(int) * 8 - 1; - bn_limit_bits_mont = mont; - bn_limit_num_mont = 1 << mont; - } -} - -int BN_get_params(int which) -{ - if (which == 0) - return (bn_limit_bits); - else if (which == 1) - return (bn_limit_bits_high); - else if (which == 2) - return (bn_limit_bits_low); - else if (which == 3) - return (bn_limit_bits_mont); - else - return (0); -} -#endif - -const BIGNUM *BN_value_one(void) -{ - static const BN_ULONG data_one = 1L; - static const BIGNUM const_one = - { (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA }; - - return (&const_one); -} - -int BN_num_bits_word(BN_ULONG l) -{ - static const unsigned char bits[256] = { - 0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4, - 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, - 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, - 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - }; - -#if defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xffffffff00000000L) { - if (l & 0xffff000000000000L) { - if (l & 0xff00000000000000L) { - return (bits[(int)(l >> 56)] + 56); - } else - return (bits[(int)(l >> 48)] + 48); - } else { - if (l & 0x0000ff0000000000L) { - return (bits[(int)(l >> 40)] + 40); - } else - return (bits[(int)(l >> 32)] + 32); - } - } else -#else -# ifdef SIXTY_FOUR_BIT - if (l & 0xffffffff00000000LL) { - if (l & 0xffff000000000000LL) { - if (l & 0xff00000000000000LL) { - return (bits[(int)(l >> 56)] + 56); - } else - return (bits[(int)(l >> 48)] + 48); - } else { - if (l & 0x0000ff0000000000LL) { - return (bits[(int)(l >> 40)] + 40); - } else - return (bits[(int)(l >> 32)] + 32); - } - } else -# endif -#endif - { -#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xffff0000L) { - if (l & 0xff000000L) - return (bits[(int)(l >> 24L)] + 24); - else - return (bits[(int)(l >> 16L)] + 16); - } else -#endif - { -#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xff00L) - return (bits[(int)(l >> 8)] + 8); - else -#endif - return (bits[(int)(l)]); - } - } -} - -int BN_num_bits(const BIGNUM *a) -{ - int i = a->top - 1; - bn_check_top(a); - - if (BN_is_zero(a)) - return 0; - return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); -} - -void BN_clear_free(BIGNUM *a) -{ - int i; - - if (a == NULL) - return; - bn_check_top(a); - if (a->d != NULL) { - OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); - if (!(BN_get_flags(a, BN_FLG_STATIC_DATA))) - OPENSSL_free(a->d); - } - i = BN_get_flags(a, BN_FLG_MALLOCED); - OPENSSL_cleanse(a, sizeof(BIGNUM)); - if (i) - OPENSSL_free(a); -} - -void BN_free(BIGNUM *a) -{ - if (a == NULL) - return; - bn_check_top(a); - if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) - OPENSSL_free(a->d); - if (a->flags & BN_FLG_MALLOCED) - OPENSSL_free(a); - else { -#ifndef OPENSSL_NO_DEPRECATED - a->flags |= BN_FLG_FREE; -#endif - a->d = NULL; - } -} - -void BN_init(BIGNUM *a) -{ - memset(a, 0, sizeof(BIGNUM)); - bn_check_top(a); -} - -BIGNUM *BN_new(void) -{ - BIGNUM *ret; - - if ((ret = (BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) { - BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); - } - ret->flags = BN_FLG_MALLOCED; - ret->top = 0; - ret->neg = 0; - ret->dmax = 0; - ret->d = NULL; - bn_check_top(ret); - return (ret); -} - -/* This is used both by bn_expand2() and bn_dup_expand() */ -/* The caller MUST check that words > b->dmax before calling this */ -static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) -{ - BN_ULONG *A, *a = NULL; - const BN_ULONG *B; - int i; - - bn_check_top(b); - - if (words > (INT_MAX / (4 * BN_BITS2))) { - BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG); - return NULL; - } - if (BN_get_flags(b, BN_FLG_STATIC_DATA)) { - BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); - return (NULL); - } - a = A = (BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG) * words); - if (A == NULL) { - BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE); - return (NULL); - } -#ifdef PURIFY - /* - * Valgrind complains in BN_consttime_swap because we process the whole - * array even if it's not initialised yet. This doesn't matter in that - * function - what's important is constant time operation (we're not - * actually going to use the data) - */ - memset(a, 0, sizeof(BN_ULONG) * words); -#endif - -#if 1 - B = b->d; - /* Check if the previous number needs to be copied */ - if (B != NULL) { - for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) { - /* - * The fact that the loop is unrolled - * 4-wise is a tribute to Intel. It's - * the one that doesn't have enough - * registers to accomodate more data. - * I'd unroll it 8-wise otherwise:-) - * - * <appro@fy.chalmers.se> - */ - BN_ULONG a0, a1, a2, a3; - a0 = B[0]; - a1 = B[1]; - a2 = B[2]; - a3 = B[3]; - A[0] = a0; - A[1] = a1; - A[2] = a2; - A[3] = a3; - } - /* - * workaround for ultrix cc: without 'case 0', the optimizer does - * the switch table by doing a=top&3; a--; goto jump_table[a]; - * which fails for top== 0 - */ - switch (b->top & 3) { - case 3: - A[2] = B[2]; - case 2: - A[1] = B[1]; - case 1: - A[0] = B[0]; - case 0: - ; - } - } -#else - memset(A, 0, sizeof(BN_ULONG) * words); - memcpy(A, b->d, sizeof(b->d[0]) * b->top); -#endif - - return (a); -} - -/* - * This is an internal function that can be used instead of bn_expand2() when - * there is a need to copy BIGNUMs instead of only expanding the data part, - * while still expanding them. Especially useful when needing to expand - * BIGNUMs that are declared 'const' and should therefore not be changed. The - * reason to use this instead of a BN_dup() followed by a bn_expand2() is - * memory allocation overhead. A BN_dup() followed by a bn_expand2() will - * allocate new memory for the BIGNUM data twice, and free it once, while - * bn_dup_expand() makes sure allocation is made only once. - */ - -#ifndef OPENSSL_NO_DEPRECATED -BIGNUM *bn_dup_expand(const BIGNUM *b, int words) -{ - BIGNUM *r = NULL; - - bn_check_top(b); - - /* - * This function does not work if words <= b->dmax && top < words because - * BN_dup() does not preserve 'dmax'! (But bn_dup_expand() is not used - * anywhere yet.) - */ - - if (words > b->dmax) { - BN_ULONG *a = bn_expand_internal(b, words); - - if (a) { - r = BN_new(); - if (r) { - r->top = b->top; - r->dmax = words; - r->neg = b->neg; - r->d = a; - } else { - /* r == NULL, BN_new failure */ - OPENSSL_free(a); - } - } - /* - * If a == NULL, there was an error in allocation in - * bn_expand_internal(), and NULL should be returned - */ - } else { - r = BN_dup(b); - } - - bn_check_top(r); - return r; -} -#endif - -/* - * This is an internal function that should not be used in applications. It - * ensures that 'b' has enough room for a 'words' word number and initialises - * any unused part of b->d with leading zeros. It is mostly used by the - * various BIGNUM routines. If there is an error, NULL is returned. If not, - * 'b' is returned. - */ - -BIGNUM *bn_expand2(BIGNUM *b, int words) -{ - bn_check_top(b); - - if (words > b->dmax) { - BN_ULONG *a = bn_expand_internal(b, words); - if (!a) - return NULL; - if (b->d) - OPENSSL_free(b->d); - b->d = a; - b->dmax = words; - } - -/* None of this should be necessary because of what b->top means! */ -#if 0 - /* - * NB: bn_wexpand() calls this only if the BIGNUM really has to grow - */ - if (b->top < b->dmax) { - int i; - BN_ULONG *A = &(b->d[b->top]); - for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) { - A[0] = 0; - A[1] = 0; - A[2] = 0; - A[3] = 0; - A[4] = 0; - A[5] = 0; - A[6] = 0; - A[7] = 0; - } - for (i = (b->dmax - b->top) & 7; i > 0; i--, A++) - A[0] = 0; - assert(A == &(b->d[b->dmax])); - } -#endif - bn_check_top(b); - return b; -} - -BIGNUM *BN_dup(const BIGNUM *a) -{ - BIGNUM *t; - - if (a == NULL) - return NULL; - bn_check_top(a); - - t = BN_new(); - if (t == NULL) - return NULL; - if (!BN_copy(t, a)) { - BN_free(t); - return NULL; - } - bn_check_top(t); - return t; -} - -BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) -{ - int i; - BN_ULONG *A; - const BN_ULONG *B; - - bn_check_top(b); - - if (a == b) - return (a); - if (bn_wexpand(a, b->top) == NULL) - return (NULL); - -#if 1 - A = a->d; - B = b->d; - for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) { - BN_ULONG a0, a1, a2, a3; - a0 = B[0]; - a1 = B[1]; - a2 = B[2]; - a3 = B[3]; - A[0] = a0; - A[1] = a1; - A[2] = a2; - A[3] = a3; - } - /* ultrix cc workaround, see comments in bn_expand_internal */ - switch (b->top & 3) { - case 3: - A[2] = B[2]; - case 2: - A[1] = B[1]; - case 1: - A[0] = B[0]; - case 0:; - } -#else - memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); -#endif - - a->top = b->top; - a->neg = b->neg; - bn_check_top(a); - return (a); -} - -void BN_swap(BIGNUM *a, BIGNUM *b) -{ - int flags_old_a, flags_old_b; - BN_ULONG *tmp_d; - int tmp_top, tmp_dmax, tmp_neg; - - bn_check_top(a); - bn_check_top(b); - - flags_old_a = a->flags; - flags_old_b = b->flags; - - tmp_d = a->d; - tmp_top = a->top; - tmp_dmax = a->dmax; - tmp_neg = a->neg; - - a->d = b->d; - a->top = b->top; - a->dmax = b->dmax; - a->neg = b->neg; - - b->d = tmp_d; - b->top = tmp_top; - b->dmax = tmp_dmax; - b->neg = tmp_neg; - - a->flags = - (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); - b->flags = - (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); - bn_check_top(a); - bn_check_top(b); -} - -void BN_clear(BIGNUM *a) -{ - bn_check_top(a); - if (a->d != NULL) - OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); - a->top = 0; - a->neg = 0; -} - -BN_ULONG BN_get_word(const BIGNUM *a) -{ - if (a->top > 1) - return BN_MASK2; - else if (a->top == 1) - return a->d[0]; - /* a->top == 0 */ - return 0; -} - -int BN_set_word(BIGNUM *a, BN_ULONG w) -{ - bn_check_top(a); - if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL) - return (0); - a->neg = 0; - a->d[0] = w; - a->top = (w ? 1 : 0); - bn_check_top(a); - return (1); -} - -BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) -{ - unsigned int i, m; - unsigned int n; - BN_ULONG l; - BIGNUM *bn = NULL; - - if (ret == NULL) - ret = bn = BN_new(); - if (ret == NULL) - return (NULL); - bn_check_top(ret); - l = 0; - n = len; - if (n == 0) { - ret->top = 0; - return (ret); - } - i = ((n - 1) / BN_BYTES) + 1; - m = ((n - 1) % (BN_BYTES)); - if (bn_wexpand(ret, (int)i) == NULL) { - if (bn) - BN_free(bn); - return NULL; - } - ret->top = i; - ret->neg = 0; - while (n--) { - l = (l << 8L) | *(s++); - if (m-- == 0) { - ret->d[--i] = l; - l = 0; - m = BN_BYTES - 1; - } - } - /* - * need to call this due to clear byte at top if avoiding having the top - * bit set (-ve number) - */ - bn_correct_top(ret); - return (ret); -} - -/* ignore negative */ -int BN_bn2bin(const BIGNUM *a, unsigned char *to) -{ - int n, i; - BN_ULONG l; - - bn_check_top(a); - n = i = BN_num_bytes(a); - while (i--) { - l = a->d[i / BN_BYTES]; - *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; - } - return (n); -} - -int BN_ucmp(const BIGNUM *a, const BIGNUM *b) -{ - int i; - BN_ULONG t1, t2, *ap, *bp; - - bn_check_top(a); - bn_check_top(b); - - i = a->top - b->top; - if (i != 0) - return (i); - ap = a->d; - bp = b->d; - for (i = a->top - 1; i >= 0; i--) { - t1 = ap[i]; - t2 = bp[i]; - if (t1 != t2) - return ((t1 > t2) ? 1 : -1); - } - return (0); -} - -int BN_cmp(const BIGNUM *a, const BIGNUM *b) -{ - int i; - int gt, lt; - BN_ULONG t1, t2; - - if ((a == NULL) || (b == NULL)) { - if (a != NULL) - return (-1); - else if (b != NULL) - return (1); - else - return (0); - } - - bn_check_top(a); - bn_check_top(b); - - if (a->neg != b->neg) { - if (a->neg) - return (-1); - else - return (1); - } - if (a->neg == 0) { - gt = 1; - lt = -1; - } else { - gt = -1; - lt = 1; - } - - if (a->top > b->top) - return (gt); - if (a->top < b->top) - return (lt); - for (i = a->top - 1; i >= 0; i--) { - t1 = a->d[i]; - t2 = b->d[i]; - if (t1 > t2) - return (gt); - if (t1 < t2) - return (lt); - } - return (0); -} - -int BN_set_bit(BIGNUM *a, int n) -{ - int i, j, k; - - if (n < 0) - return 0; - - i = n / BN_BITS2; - j = n % BN_BITS2; - if (a->top <= i) { - if (bn_wexpand(a, i + 1) == NULL) - return (0); - for (k = a->top; k < i + 1; k++) - a->d[k] = 0; - a->top = i + 1; - } - - a->d[i] |= (((BN_ULONG)1) << j); - bn_check_top(a); - return (1); -} - -int BN_clear_bit(BIGNUM *a, int n) -{ - int i, j; - - bn_check_top(a); - if (n < 0) - return 0; - - i = n / BN_BITS2; - j = n % BN_BITS2; - if (a->top <= i) - return (0); - - a->d[i] &= (~(((BN_ULONG)1) << j)); - bn_correct_top(a); - return (1); -} - -int BN_is_bit_set(const BIGNUM *a, int n) -{ - int i, j; - - bn_check_top(a); - if (n < 0) - return 0; - i = n / BN_BITS2; - j = n % BN_BITS2; - if (a->top <= i) - return 0; - return (int)(((a->d[i]) >> j) & ((BN_ULONG)1)); -} - -int BN_mask_bits(BIGNUM *a, int n) -{ - int b, w; - - bn_check_top(a); - if (n < 0) - return 0; - - w = n / BN_BITS2; - b = n % BN_BITS2; - if (w >= a->top) - return 0; - if (b == 0) - a->top = w; - else { - a->top = w + 1; - a->d[w] &= ~(BN_MASK2 << b); - } - bn_correct_top(a); - return (1); -} - -void BN_set_negative(BIGNUM *a, int b) -{ - if (b && !BN_is_zero(a)) - a->neg = 1; - else - a->neg = 0; -} - -int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) -{ - int i; - BN_ULONG aa, bb; - - aa = a[n - 1]; - bb = b[n - 1]; - if (aa != bb) - return ((aa > bb) ? 1 : -1); - for (i = n - 2; i >= 0; i--) { - aa = a[i]; - bb = b[i]; - if (aa != bb) - return ((aa > bb) ? 1 : -1); - } - return (0); -} - -/* - * Here follows a specialised variants of bn_cmp_words(). It has the - * property of performing the operation on arrays of different sizes. The - * sizes of those arrays is expressed through cl, which is the common length - * ( basicall, min(len(a),len(b)) ), and dl, which is the delta between the - * two lengths, calculated as len(a)-len(b). All lengths are the number of - * BN_ULONGs... - */ - -int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl) -{ - int n, i; - n = cl - 1; - - if (dl < 0) { - for (i = dl; i < 0; i++) { - if (b[n - i] != 0) - return -1; /* a < b */ - } - } - if (dl > 0) { - for (i = dl; i > 0; i--) { - if (a[n + i] != 0) - return 1; /* a > b */ - } - } - return bn_cmp_words(a, b, cl); -} - -/* - * Constant-time conditional swap of a and b. - * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. - * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, - * and that no more than nwords are used by either a or b. - * a and b cannot be the same number - */ -void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) -{ - BN_ULONG t; - int i; - - bn_wcheck_size(a, nwords); - bn_wcheck_size(b, nwords); - - assert(a != b); - assert((condition & (condition - 1)) == 0); - assert(sizeof(BN_ULONG) >= sizeof(int)); - - condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; - - t = (a->top ^ b->top) & condition; - a->top ^= t; - b->top ^= t; - -#define BN_CONSTTIME_SWAP(ind) \ - do { \ - t = (a->d[ind] ^ b->d[ind]) & condition; \ - a->d[ind] ^= t; \ - b->d[ind] ^= t; \ - } while (0) - - switch (nwords) { - default: - for (i = 10; i < nwords; i++) - BN_CONSTTIME_SWAP(i); - /* Fallthrough */ - case 10: - BN_CONSTTIME_SWAP(9); /* Fallthrough */ - case 9: - BN_CONSTTIME_SWAP(8); /* Fallthrough */ - case 8: - BN_CONSTTIME_SWAP(7); /* Fallthrough */ - case 7: - BN_CONSTTIME_SWAP(6); /* Fallthrough */ - case 6: - BN_CONSTTIME_SWAP(5); /* Fallthrough */ - case 5: - BN_CONSTTIME_SWAP(4); /* Fallthrough */ - case 4: - BN_CONSTTIME_SWAP(3); /* Fallthrough */ - case 3: - BN_CONSTTIME_SWAP(2); /* Fallthrough */ - case 2: - BN_CONSTTIME_SWAP(1); /* Fallthrough */ - case 1: - BN_CONSTTIME_SWAP(0); - } -#undef BN_CONSTTIME_SWAP -} diff --git a/thirdparty/openssl/crypto/bn/bn_mod.c b/thirdparty/openssl/crypto/bn/bn_mod.c deleted file mode 100644 index ffbce890cf..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_mod.c +++ /dev/null @@ -1,316 +0,0 @@ -/* crypto/bn/bn_mod.c */ -/* - * Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> - * for the OpenSSL project. - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "cryptlib.h" -#include "bn_lcl.h" - -#if 0 /* now just a #define */ -int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) -{ - return (BN_div(NULL, rem, m, d, ctx)); - /* note that rem->neg == m->neg (unless the remainder is zero) */ -} -#endif - -int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) -{ - /* - * like BN_mod, but returns non-negative remainder (i.e., 0 <= r < |d| - * always holds) - */ - - if (!(BN_mod(r, m, d, ctx))) - return 0; - if (!r->neg) - return 1; - /* now -|d| < r < 0, so we have to set r := r + |d| */ - return (d->neg ? BN_sub : BN_add) (r, r, d); -} - -int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx) -{ - if (!BN_add(r, a, b)) - return 0; - return BN_nnmod(r, r, m, ctx); -} - -/* - * BN_mod_add variant that may be used if both a and b are non-negative and - * less than m - */ -int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m) -{ - if (!BN_uadd(r, a, b)) - return 0; - if (BN_ucmp(r, m) >= 0) - return BN_usub(r, r, m); - return 1; -} - -int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx) -{ - if (!BN_sub(r, a, b)) - return 0; - return BN_nnmod(r, r, m, ctx); -} - -/* - * BN_mod_sub variant that may be used if both a and b are non-negative and - * less than m - */ -int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m) -{ - if (!BN_sub(r, a, b)) - return 0; - if (r->neg) - return BN_add(r, r, m); - return 1; -} - -/* slow but works */ -int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx) -{ - BIGNUM *t; - int ret = 0; - - bn_check_top(a); - bn_check_top(b); - bn_check_top(m); - - BN_CTX_start(ctx); - if ((t = BN_CTX_get(ctx)) == NULL) - goto err; - if (a == b) { - if (!BN_sqr(t, a, ctx)) - goto err; - } else { - if (!BN_mul(t, a, b, ctx)) - goto err; - } - if (!BN_nnmod(r, t, m, ctx)) - goto err; - bn_check_top(r); - ret = 1; - err: - BN_CTX_end(ctx); - return (ret); -} - -int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) -{ - if (!BN_sqr(r, a, ctx)) - return 0; - /* r->neg == 0, thus we don't need BN_nnmod */ - return BN_mod(r, r, m, ctx); -} - -int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) -{ - if (!BN_lshift1(r, a)) - return 0; - bn_check_top(r); - return BN_nnmod(r, r, m, ctx); -} - -/* - * BN_mod_lshift1 variant that may be used if a is non-negative and less than - * m - */ -int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m) -{ - if (!BN_lshift1(r, a)) - return 0; - bn_check_top(r); - if (BN_cmp(r, m) >= 0) - return BN_sub(r, r, m); - return 1; -} - -int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, - BN_CTX *ctx) -{ - BIGNUM *abs_m = NULL; - int ret; - - if (!BN_nnmod(r, a, m, ctx)) - return 0; - - if (m->neg) { - abs_m = BN_dup(m); - if (abs_m == NULL) - return 0; - abs_m->neg = 0; - } - - ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); - bn_check_top(r); - - if (abs_m) - BN_free(abs_m); - return ret; -} - -/* - * BN_mod_lshift variant that may be used if a is non-negative and less than - * m - */ -int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) -{ - if (r != a) { - if (BN_copy(r, a) == NULL) - return 0; - } - - while (n > 0) { - int max_shift; - - /* 0 < r < m */ - max_shift = BN_num_bits(m) - BN_num_bits(r); - /* max_shift >= 0 */ - - if (max_shift < 0) { - BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED); - return 0; - } - - if (max_shift > n) - max_shift = n; - - if (max_shift) { - if (!BN_lshift(r, r, max_shift)) - return 0; - n -= max_shift; - } else { - if (!BN_lshift1(r, r)) - return 0; - --n; - } - - /* BN_num_bits(r) <= BN_num_bits(m) */ - - if (BN_cmp(r, m) >= 0) { - if (!BN_sub(r, r, m)) - return 0; - } - } - bn_check_top(r); - - return 1; -} diff --git a/thirdparty/openssl/crypto/bn/bn_mont.c b/thirdparty/openssl/crypto/bn/bn_mont.c deleted file mode 100644 index be95bd55d0..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_mont.c +++ /dev/null @@ -1,558 +0,0 @@ -/* crypto/bn/bn_mont.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - * Details about Montgomery multiplication algorithms can be found at - * http://security.ece.orst.edu/publications.html, e.g. - * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and - * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf - */ - -#include <stdio.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -#define MONT_WORD /* use the faster word-based algorithm */ - -#ifdef MONT_WORD -static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); -#endif - -int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - BN_MONT_CTX *mont, BN_CTX *ctx) -{ - BIGNUM *tmp; - int ret = 0; -#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) - int num = mont->N.top; - - if (num > 1 && a->top == num && b->top == num) { - if (bn_wexpand(r, num) == NULL) - return (0); - if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) { - r->neg = a->neg ^ b->neg; - r->top = num; - bn_correct_top(r); - return (1); - } - } -#endif - - BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - if (tmp == NULL) - goto err; - - bn_check_top(tmp); - if (a == b) { - if (!BN_sqr(tmp, a, ctx)) - goto err; - } else { - if (!BN_mul(tmp, a, b, ctx)) - goto err; - } - /* reduce from aRR to aR */ -#ifdef MONT_WORD - if (!BN_from_montgomery_word(r, tmp, mont)) - goto err; -#else - if (!BN_from_montgomery(r, tmp, mont, ctx)) - goto err; -#endif - bn_check_top(r); - ret = 1; - err: - BN_CTX_end(ctx); - return (ret); -} - -#ifdef MONT_WORD -static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) -{ - BIGNUM *n; - BN_ULONG *ap, *np, *rp, n0, v, carry; - int nl, max, i; - - n = &(mont->N); - nl = n->top; - if (nl == 0) { - ret->top = 0; - return (1); - } - - max = (2 * nl); /* carry is stored separately */ - if (bn_wexpand(r, max) == NULL) - return (0); - - r->neg ^= n->neg; - np = n->d; - rp = r->d; - - /* clear the top words of T */ -# if 1 - for (i = r->top; i < max; i++) /* memset? XXX */ - rp[i] = 0; -# else - memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG)); -# endif - - r->top = max; - n0 = mont->n0[0]; - -# ifdef BN_COUNT - fprintf(stderr, "word BN_from_montgomery_word %d * %d\n", nl, nl); -# endif - for (carry = 0, i = 0; i < nl; i++, rp++) { -# ifdef __TANDEM - { - long long t1; - long long t2; - long long t3; - t1 = rp[0] * (n0 & 0177777); - t2 = 037777600000l; - t2 = n0 & t2; - t3 = rp[0] & 0177777; - t2 = (t3 * t2) & BN_MASK2; - t1 = t1 + t2; - v = bn_mul_add_words(rp, np, nl, (BN_ULONG)t1); - } -# else - v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2); -# endif - v = (v + carry + rp[nl]) & BN_MASK2; - carry |= (v != rp[nl]); - carry &= (v <= rp[nl]); - rp[nl] = v; - } - - if (bn_wexpand(ret, nl) == NULL) - return (0); - ret->top = nl; - ret->neg = r->neg; - - rp = ret->d; - ap = &(r->d[nl]); - -# define BRANCH_FREE 1 -# if BRANCH_FREE - { - BN_ULONG *nrp; - size_t m; - - v = bn_sub_words(rp, ap, np, nl) - carry; - /* - * if subtraction result is real, then trick unconditional memcpy - * below to perform in-place "refresh" instead of actual copy. - */ - m = (0 - (size_t)v); - nrp = - (BN_ULONG *)(((PTR_SIZE_INT) rp & ~m) | ((PTR_SIZE_INT) ap & m)); - - for (i = 0, nl -= 4; i < nl; i += 4) { - BN_ULONG t1, t2, t3, t4; - - t1 = nrp[i + 0]; - t2 = nrp[i + 1]; - t3 = nrp[i + 2]; - ap[i + 0] = 0; - t4 = nrp[i + 3]; - ap[i + 1] = 0; - rp[i + 0] = t1; - ap[i + 2] = 0; - rp[i + 1] = t2; - ap[i + 3] = 0; - rp[i + 2] = t3; - rp[i + 3] = t4; - } - for (nl += 4; i < nl; i++) - rp[i] = nrp[i], ap[i] = 0; - } -# else - if (bn_sub_words(rp, ap, np, nl) - carry) - memcpy(rp, ap, nl * sizeof(BN_ULONG)); -# endif - bn_correct_top(r); - bn_correct_top(ret); - bn_check_top(ret); - - return (1); -} -#endif /* MONT_WORD */ - -int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx) -{ - int retn = 0; -#ifdef MONT_WORD - BIGNUM *t; - - BN_CTX_start(ctx); - if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) - retn = BN_from_montgomery_word(ret, t, mont); - BN_CTX_end(ctx); -#else /* !MONT_WORD */ - BIGNUM *t1, *t2; - - BN_CTX_start(ctx); - t1 = BN_CTX_get(ctx); - t2 = BN_CTX_get(ctx); - if (t1 == NULL || t2 == NULL) - goto err; - - if (!BN_copy(t1, a)) - goto err; - BN_mask_bits(t1, mont->ri); - - if (!BN_mul(t2, t1, &mont->Ni, ctx)) - goto err; - BN_mask_bits(t2, mont->ri); - - if (!BN_mul(t1, t2, &mont->N, ctx)) - goto err; - if (!BN_add(t2, a, t1)) - goto err; - if (!BN_rshift(ret, t2, mont->ri)) - goto err; - - if (BN_ucmp(ret, &(mont->N)) >= 0) { - if (!BN_usub(ret, ret, &(mont->N))) - goto err; - } - retn = 1; - bn_check_top(ret); - err: - BN_CTX_end(ctx); -#endif /* MONT_WORD */ - return (retn); -} - -BN_MONT_CTX *BN_MONT_CTX_new(void) -{ - BN_MONT_CTX *ret; - - if ((ret = (BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL) - return (NULL); - - BN_MONT_CTX_init(ret); - ret->flags = BN_FLG_MALLOCED; - return (ret); -} - -void BN_MONT_CTX_init(BN_MONT_CTX *ctx) -{ - ctx->ri = 0; - BN_init(&(ctx->RR)); - BN_init(&(ctx->N)); - BN_init(&(ctx->Ni)); - ctx->n0[0] = ctx->n0[1] = 0; - ctx->flags = 0; -} - -void BN_MONT_CTX_free(BN_MONT_CTX *mont) -{ - if (mont == NULL) - return; - - BN_clear_free(&(mont->RR)); - BN_clear_free(&(mont->N)); - BN_clear_free(&(mont->Ni)); - if (mont->flags & BN_FLG_MALLOCED) - OPENSSL_free(mont); -} - -int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *Ri, *R; - - if (BN_is_zero(mod)) - return 0; - - BN_CTX_start(ctx); - if ((Ri = BN_CTX_get(ctx)) == NULL) - goto err; - R = &(mont->RR); /* grab RR as a temp */ - if (!BN_copy(&(mont->N), mod)) - goto err; /* Set N */ - mont->N.neg = 0; - -#ifdef MONT_WORD - { - BIGNUM tmod; - BN_ULONG buf[2]; - - BN_init(&tmod); - tmod.d = buf; - tmod.dmax = 2; - tmod.neg = 0; - - mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2; - -# if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) - /* - * Only certain BN_BITS2<=32 platforms actually make use of n0[1], - * and we could use the #else case (with a shorter R value) for the - * others. However, currently only the assembler files do know which - * is which. - */ - - BN_zero(R); - if (!(BN_set_bit(R, 2 * BN_BITS2))) - goto err; - - tmod.top = 0; - if ((buf[0] = mod->d[0])) - tmod.top = 1; - if ((buf[1] = mod->top > 1 ? mod->d[1] : 0)) - tmod.top = 2; - - if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) - goto err; - if (!BN_lshift(Ri, Ri, 2 * BN_BITS2)) - goto err; /* R*Ri */ - if (!BN_is_zero(Ri)) { - if (!BN_sub_word(Ri, 1)) - goto err; - } else { /* if N mod word size == 1 */ - - if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL) - goto err; - /* Ri-- (mod double word size) */ - Ri->neg = 0; - Ri->d[0] = BN_MASK2; - Ri->d[1] = BN_MASK2; - Ri->top = 2; - } - if (!BN_div(Ri, NULL, Ri, &tmod, ctx)) - goto err; - /* - * Ni = (R*Ri-1)/N, keep only couple of least significant words: - */ - mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; - mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0; -# else - BN_zero(R); - if (!(BN_set_bit(R, BN_BITS2))) - goto err; /* R */ - - buf[0] = mod->d[0]; /* tmod = N mod word size */ - buf[1] = 0; - tmod.top = buf[0] != 0 ? 1 : 0; - /* Ri = R^-1 mod N */ - if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) - goto err; - if (!BN_lshift(Ri, Ri, BN_BITS2)) - goto err; /* R*Ri */ - if (!BN_is_zero(Ri)) { - if (!BN_sub_word(Ri, 1)) - goto err; - } else { /* if N mod word size == 1 */ - - if (!BN_set_word(Ri, BN_MASK2)) - goto err; /* Ri-- (mod word size) */ - } - if (!BN_div(Ri, NULL, Ri, &tmod, ctx)) - goto err; - /* - * Ni = (R*Ri-1)/N, keep only least significant word: - */ - mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; - mont->n0[1] = 0; -# endif - } -#else /* !MONT_WORD */ - { /* bignum version */ - mont->ri = BN_num_bits(&mont->N); - BN_zero(R); - if (!BN_set_bit(R, mont->ri)) - goto err; /* R = 2^ri */ - /* Ri = R^-1 mod N */ - if ((BN_mod_inverse(Ri, R, &mont->N, ctx)) == NULL) - goto err; - if (!BN_lshift(Ri, Ri, mont->ri)) - goto err; /* R*Ri */ - if (!BN_sub_word(Ri, 1)) - goto err; - /* - * Ni = (R*Ri-1) / N - */ - if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx)) - goto err; - } -#endif - - /* setup RR for conversions */ - BN_zero(&(mont->RR)); - if (!BN_set_bit(&(mont->RR), mont->ri * 2)) - goto err; - if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx)) - goto err; - - ret = 1; - err: - BN_CTX_end(ctx); - return ret; -} - -BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) -{ - if (to == from) - return (to); - - if (!BN_copy(&(to->RR), &(from->RR))) - return NULL; - if (!BN_copy(&(to->N), &(from->N))) - return NULL; - if (!BN_copy(&(to->Ni), &(from->Ni))) - return NULL; - to->ri = from->ri; - to->n0[0] = from->n0[0]; - to->n0[1] = from->n0[1]; - return (to); -} - -BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, - const BIGNUM *mod, BN_CTX *ctx) -{ - BN_MONT_CTX *ret; - - CRYPTO_r_lock(lock); - ret = *pmont; - CRYPTO_r_unlock(lock); - if (ret) - return ret; - - /* - * We don't want to serialise globally while doing our lazy-init math in - * BN_MONT_CTX_set. That punishes threads that are doing independent - * things. Instead, punish the case where more than one thread tries to - * lazy-init the same 'pmont', by having each do the lazy-init math work - * independently and only use the one from the thread that wins the race - * (the losers throw away the work they've done). - */ - ret = BN_MONT_CTX_new(); - if (!ret) - return NULL; - if (!BN_MONT_CTX_set(ret, mod, ctx)) { - BN_MONT_CTX_free(ret); - return NULL; - } - - /* The locked compare-and-set, after the local work is done. */ - CRYPTO_w_lock(lock); - if (*pmont) { - BN_MONT_CTX_free(ret); - ret = *pmont; - } else - *pmont = ret; - CRYPTO_w_unlock(lock); - return ret; -} diff --git a/thirdparty/openssl/crypto/bn/bn_mpi.c b/thirdparty/openssl/crypto/bn/bn_mpi.c deleted file mode 100644 index 3bd40bbd2b..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_mpi.c +++ /dev/null @@ -1,128 +0,0 @@ -/* crypto/bn/bn_mpi.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -int BN_bn2mpi(const BIGNUM *a, unsigned char *d) -{ - int bits; - int num = 0; - int ext = 0; - long l; - - bits = BN_num_bits(a); - num = (bits + 7) / 8; - if (bits > 0) { - ext = ((bits & 0x07) == 0); - } - if (d == NULL) - return (num + 4 + ext); - - l = num + ext; - d[0] = (unsigned char)(l >> 24) & 0xff; - d[1] = (unsigned char)(l >> 16) & 0xff; - d[2] = (unsigned char)(l >> 8) & 0xff; - d[3] = (unsigned char)(l) & 0xff; - if (ext) - d[4] = 0; - num = BN_bn2bin(a, &(d[4 + ext])); - if (a->neg) - d[4] |= 0x80; - return (num + 4 + ext); -} - -BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) -{ - long len; - int neg = 0; - - if (n < 4) { - BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH); - return (NULL); - } - len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int) - d[3]; - if ((len + 4) != n) { - BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR); - return (NULL); - } - - if (a == NULL) - a = BN_new(); - if (a == NULL) - return (NULL); - - if (len == 0) { - a->neg = 0; - a->top = 0; - return (a); - } - d += 4; - if ((*d) & 0x80) - neg = 1; - if (BN_bin2bn(d, (int)len, a) == NULL) - return (NULL); - a->neg = neg; - if (neg) { - BN_clear_bit(a, BN_num_bits(a) - 1); - } - bn_check_top(a); - return (a); -} diff --git a/thirdparty/openssl/crypto/bn/bn_mul.c b/thirdparty/openssl/crypto/bn/bn_mul.c deleted file mode 100644 index 3c618dc307..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_mul.c +++ /dev/null @@ -1,1165 +0,0 @@ -/* crypto/bn/bn_mul.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef BN_DEBUG -# undef NDEBUG /* avoid conflicting definitions */ -# define NDEBUG -#endif - -#include <stdio.h> -#include <assert.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -#if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS) -/* - * Here follows specialised variants of bn_add_words() and bn_sub_words(). - * They have the property performing operations on arrays of different sizes. - * The sizes of those arrays is expressed through cl, which is the common - * length ( basicall, min(len(a),len(b)) ), and dl, which is the delta - * between the two lengths, calculated as len(a)-len(b). All lengths are the - * number of BN_ULONGs... For the operations that require a result array as - * parameter, it must have the length cl+abs(dl). These functions should - * probably end up in bn_asm.c as soon as there are assembler counterparts - * for the systems that use assembler files. - */ - -BN_ULONG bn_sub_part_words(BN_ULONG *r, - const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl) -{ - BN_ULONG c, t; - - assert(cl >= 0); - c = bn_sub_words(r, a, b, cl); - - if (dl == 0) - return c; - - r += cl; - a += cl; - b += cl; - - if (dl < 0) { -# ifdef BN_COUNT - fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, - dl, c); -# endif - for (;;) { - t = b[0]; - r[0] = (0 - t - c) & BN_MASK2; - if (t != 0) - c = 1; - if (++dl >= 0) - break; - - t = b[1]; - r[1] = (0 - t - c) & BN_MASK2; - if (t != 0) - c = 1; - if (++dl >= 0) - break; - - t = b[2]; - r[2] = (0 - t - c) & BN_MASK2; - if (t != 0) - c = 1; - if (++dl >= 0) - break; - - t = b[3]; - r[3] = (0 - t - c) & BN_MASK2; - if (t != 0) - c = 1; - if (++dl >= 0) - break; - - b += 4; - r += 4; - } - } else { - int save_dl = dl; -# ifdef BN_COUNT - fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, - dl, c); -# endif - while (c) { - t = a[0]; - r[0] = (t - c) & BN_MASK2; - if (t != 0) - c = 0; - if (--dl <= 0) - break; - - t = a[1]; - r[1] = (t - c) & BN_MASK2; - if (t != 0) - c = 0; - if (--dl <= 0) - break; - - t = a[2]; - r[2] = (t - c) & BN_MASK2; - if (t != 0) - c = 0; - if (--dl <= 0) - break; - - t = a[3]; - r[3] = (t - c) & BN_MASK2; - if (t != 0) - c = 0; - if (--dl <= 0) - break; - - save_dl = dl; - a += 4; - r += 4; - } - if (dl > 0) { -# ifdef BN_COUNT - fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", - cl, dl); -# endif - if (save_dl > dl) { - switch (save_dl - dl) { - case 1: - r[1] = a[1]; - if (--dl <= 0) - break; - case 2: - r[2] = a[2]; - if (--dl <= 0) - break; - case 3: - r[3] = a[3]; - if (--dl <= 0) - break; - } - a += 4; - r += 4; - } - } - if (dl > 0) { -# ifdef BN_COUNT - fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", - cl, dl); -# endif - for (;;) { - r[0] = a[0]; - if (--dl <= 0) - break; - r[1] = a[1]; - if (--dl <= 0) - break; - r[2] = a[2]; - if (--dl <= 0) - break; - r[3] = a[3]; - if (--dl <= 0) - break; - - a += 4; - r += 4; - } - } - } - return c; -} -#endif - -BN_ULONG bn_add_part_words(BN_ULONG *r, - const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl) -{ - BN_ULONG c, l, t; - - assert(cl >= 0); - c = bn_add_words(r, a, b, cl); - - if (dl == 0) - return c; - - r += cl; - a += cl; - b += cl; - - if (dl < 0) { - int save_dl = dl; -#ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, - dl, c); -#endif - while (c) { - l = (c + b[0]) & BN_MASK2; - c = (l < c); - r[0] = l; - if (++dl >= 0) - break; - - l = (c + b[1]) & BN_MASK2; - c = (l < c); - r[1] = l; - if (++dl >= 0) - break; - - l = (c + b[2]) & BN_MASK2; - c = (l < c); - r[2] = l; - if (++dl >= 0) - break; - - l = (c + b[3]) & BN_MASK2; - c = (l < c); - r[3] = l; - if (++dl >= 0) - break; - - save_dl = dl; - b += 4; - r += 4; - } - if (dl < 0) { -#ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", - cl, dl); -#endif - if (save_dl < dl) { - switch (dl - save_dl) { - case 1: - r[1] = b[1]; - if (++dl >= 0) - break; - case 2: - r[2] = b[2]; - if (++dl >= 0) - break; - case 3: - r[3] = b[3]; - if (++dl >= 0) - break; - } - b += 4; - r += 4; - } - } - if (dl < 0) { -#ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", - cl, dl); -#endif - for (;;) { - r[0] = b[0]; - if (++dl >= 0) - break; - r[1] = b[1]; - if (++dl >= 0) - break; - r[2] = b[2]; - if (++dl >= 0) - break; - r[3] = b[3]; - if (++dl >= 0) - break; - - b += 4; - r += 4; - } - } - } else { - int save_dl = dl; -#ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl); -#endif - while (c) { - t = (a[0] + c) & BN_MASK2; - c = (t < c); - r[0] = t; - if (--dl <= 0) - break; - - t = (a[1] + c) & BN_MASK2; - c = (t < c); - r[1] = t; - if (--dl <= 0) - break; - - t = (a[2] + c) & BN_MASK2; - c = (t < c); - r[2] = t; - if (--dl <= 0) - break; - - t = (a[3] + c) & BN_MASK2; - c = (t < c); - r[3] = t; - if (--dl <= 0) - break; - - save_dl = dl; - a += 4; - r += 4; - } -#ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, - dl); -#endif - if (dl > 0) { - if (save_dl > dl) { - switch (save_dl - dl) { - case 1: - r[1] = a[1]; - if (--dl <= 0) - break; - case 2: - r[2] = a[2]; - if (--dl <= 0) - break; - case 3: - r[3] = a[3]; - if (--dl <= 0) - break; - } - a += 4; - r += 4; - } - } - if (dl > 0) { -#ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", - cl, dl); -#endif - for (;;) { - r[0] = a[0]; - if (--dl <= 0) - break; - r[1] = a[1]; - if (--dl <= 0) - break; - r[2] = a[2]; - if (--dl <= 0) - break; - r[3] = a[3]; - if (--dl <= 0) - break; - - a += 4; - r += 4; - } - } - } - return c; -} - -#ifdef BN_RECURSION -/* - * Karatsuba recursive multiplication algorithm (cf. Knuth, The Art of - * Computer Programming, Vol. 2) - */ - -/*- - * r is 2*n2 words in size, - * a and b are both n2 words in size. - * n2 must be a power of 2. - * We multiply and return the result. - * t must be 2*n2 words in size - * We calculate - * a[0]*b[0] - * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) - * a[1]*b[1] - */ -/* dnX may not be positive, but n2/2+dnX has to be */ -void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - int dna, int dnb, BN_ULONG *t) -{ - int n = n2 / 2, c1, c2; - int tna = n + dna, tnb = n + dnb; - unsigned int neg, zero; - BN_ULONG ln, lo, *p; - -# ifdef BN_COUNT - fprintf(stderr, " bn_mul_recursive %d%+d * %d%+d\n", n2, dna, n2, dnb); -# endif -# ifdef BN_MUL_COMBA -# if 0 - if (n2 == 4) { - bn_mul_comba4(r, a, b); - return; - } -# endif - /* - * Only call bn_mul_comba 8 if n2 == 8 and the two arrays are complete - * [steve] - */ - if (n2 == 8 && dna == 0 && dnb == 0) { - bn_mul_comba8(r, a, b); - return; - } -# endif /* BN_MUL_COMBA */ - /* Else do normal multiply */ - if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) { - bn_mul_normal(r, a, n2 + dna, b, n2 + dnb); - if ((dna + dnb) < 0) - memset(&r[2 * n2 + dna + dnb], 0, - sizeof(BN_ULONG) * -(dna + dnb)); - return; - } - /* r=(a[0]-a[1])*(b[1]-b[0]) */ - c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna); - c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n); - zero = neg = 0; - switch (c1 * 3 + c2) { - case -4: - bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ - bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ - break; - case -3: - zero = 1; - break; - case -2: - bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ - bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */ - neg = 1; - break; - case -1: - case 0: - case 1: - zero = 1; - break; - case 2: - bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */ - bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ - neg = 1; - break; - case 3: - zero = 1; - break; - case 4: - bn_sub_part_words(t, a, &(a[n]), tna, n - tna); - bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); - break; - } - -# ifdef BN_MUL_COMBA - if (n == 4 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba4 could take - * extra args to do this well */ - if (!zero) - bn_mul_comba4(&(t[n2]), t, &(t[n])); - else - memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG)); - - bn_mul_comba4(r, a, b); - bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n])); - } else if (n == 8 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba8 could - * take extra args to do - * this well */ - if (!zero) - bn_mul_comba8(&(t[n2]), t, &(t[n])); - else - memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG)); - - bn_mul_comba8(r, a, b); - bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n])); - } else -# endif /* BN_MUL_COMBA */ - { - p = &(t[n2 * 2]); - if (!zero) - bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); - else - memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); - bn_mul_recursive(r, a, b, n, 0, 0, p); - bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p); - } - - /*- - * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - */ - - c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); - - if (neg) { /* if t[32] is negative */ - c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); - } else { - /* Might have a carry */ - c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2)); - } - - /*- - * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - * c1 holds the carry bits - */ - c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); - if (c1) { - p = &(r[n + n2]); - lo = *p; - ln = (lo + c1) & BN_MASK2; - *p = ln; - - /* - * The overflow will stop before we over write words we should not - * overwrite - */ - if (ln < (BN_ULONG)c1) { - do { - p++; - lo = *p; - ln = (lo + 1) & BN_MASK2; - *p = ln; - } while (ln == 0); - } - } -} - -/* - * n+tn is the word length t needs to be n*4 is size, as does r - */ -/* tnX may not be negative but less than n */ -void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, - int tna, int tnb, BN_ULONG *t) -{ - int i, j, n2 = n * 2; - int c1, c2, neg; - BN_ULONG ln, lo, *p; - -# ifdef BN_COUNT - fprintf(stderr, " bn_mul_part_recursive (%d%+d) * (%d%+d)\n", - n, tna, n, tnb); -# endif - if (n < 8) { - bn_mul_normal(r, a, n + tna, b, n + tnb); - return; - } - - /* r=(a[0]-a[1])*(b[1]-b[0]) */ - c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna); - c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n); - neg = 0; - switch (c1 * 3 + c2) { - case -4: - bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ - bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ - break; - case -3: - /* break; */ - case -2: - bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ - bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */ - neg = 1; - break; - case -1: - case 0: - case 1: - /* break; */ - case 2: - bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */ - bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ - neg = 1; - break; - case 3: - /* break; */ - case 4: - bn_sub_part_words(t, a, &(a[n]), tna, n - tna); - bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); - break; - } - /* - * The zero case isn't yet implemented here. The speedup would probably - * be negligible. - */ -# if 0 - if (n == 4) { - bn_mul_comba4(&(t[n2]), t, &(t[n])); - bn_mul_comba4(r, a, b); - bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn); - memset(&(r[n2 + tn * 2]), 0, sizeof(BN_ULONG) * (n2 - tn * 2)); - } else -# endif - if (n == 8) { - bn_mul_comba8(&(t[n2]), t, &(t[n])); - bn_mul_comba8(r, a, b); - bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); - memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb)); - } else { - p = &(t[n2 * 2]); - bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); - bn_mul_recursive(r, a, b, n, 0, 0, p); - i = n / 2; - /* - * If there is only a bottom half to the number, just do it - */ - if (tna > tnb) - j = tna - i; - else - j = tnb - i; - if (j == 0) { - bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), - i, tna - i, tnb - i, p); - memset(&(r[n2 + i * 2]), 0, sizeof(BN_ULONG) * (n2 - i * 2)); - } else if (j > 0) { /* eg, n == 16, i == 8 and tn == 11 */ - bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]), - i, tna - i, tnb - i, p); - memset(&(r[n2 + tna + tnb]), 0, - sizeof(BN_ULONG) * (n2 - tna - tnb)); - } else { /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ - - memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2); - if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL - && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) { - bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); - } else { - for (;;) { - i /= 2; - /* - * these simplified conditions work exclusively because - * difference between tna and tnb is 1 or 0 - */ - if (i < tna || i < tnb) { - bn_mul_part_recursive(&(r[n2]), - &(a[n]), &(b[n]), - i, tna - i, tnb - i, p); - break; - } else if (i == tna || i == tnb) { - bn_mul_recursive(&(r[n2]), - &(a[n]), &(b[n]), - i, tna - i, tnb - i, p); - break; - } - } - } - } - } - - /*- - * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - */ - - c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); - - if (neg) { /* if t[32] is negative */ - c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); - } else { - /* Might have a carry */ - c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2)); - } - - /*- - * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - * c1 holds the carry bits - */ - c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); - if (c1) { - p = &(r[n + n2]); - lo = *p; - ln = (lo + c1) & BN_MASK2; - *p = ln; - - /* - * The overflow will stop before we over write words we should not - * overwrite - */ - if (ln < (BN_ULONG)c1) { - do { - p++; - lo = *p; - ln = (lo + 1) & BN_MASK2; - *p = ln; - } while (ln == 0); - } - } -} - -/*- - * a and b must be the same size, which is n2. - * r needs to be n2 words and t needs to be n2*2 - */ -void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - BN_ULONG *t) -{ - int n = n2 / 2; - -# ifdef BN_COUNT - fprintf(stderr, " bn_mul_low_recursive %d * %d\n", n2, n2); -# endif - - bn_mul_recursive(r, a, b, n, 0, 0, &(t[0])); - if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) { - bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2])); - bn_add_words(&(r[n]), &(r[n]), &(t[0]), n); - bn_mul_low_recursive(&(t[0]), &(a[n]), &(b[0]), n, &(t[n2])); - bn_add_words(&(r[n]), &(r[n]), &(t[0]), n); - } else { - bn_mul_low_normal(&(t[0]), &(a[0]), &(b[n]), n); - bn_mul_low_normal(&(t[n]), &(a[n]), &(b[0]), n); - bn_add_words(&(r[n]), &(r[n]), &(t[0]), n); - bn_add_words(&(r[n]), &(r[n]), &(t[n]), n); - } -} - -/*- - * a and b must be the same size, which is n2. - * r needs to be n2 words and t needs to be n2*2 - * l is the low words of the output. - * t needs to be n2*3 - */ -void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, - BN_ULONG *t) -{ - int i, n; - int c1, c2; - int neg, oneg, zero; - BN_ULONG ll, lc, *lp, *mp; - -# ifdef BN_COUNT - fprintf(stderr, " bn_mul_high %d * %d\n", n2, n2); -# endif - n = n2 / 2; - - /* Calculate (al-ah)*(bh-bl) */ - neg = zero = 0; - c1 = bn_cmp_words(&(a[0]), &(a[n]), n); - c2 = bn_cmp_words(&(b[n]), &(b[0]), n); - switch (c1 * 3 + c2) { - case -4: - bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n); - bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n); - break; - case -3: - zero = 1; - break; - case -2: - bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n); - bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n); - neg = 1; - break; - case -1: - case 0: - case 1: - zero = 1; - break; - case 2: - bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n); - bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n); - neg = 1; - break; - case 3: - zero = 1; - break; - case 4: - bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n); - bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n); - break; - } - - oneg = neg; - /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */ - /* r[10] = (a[1]*b[1]) */ -# ifdef BN_MUL_COMBA - if (n == 8) { - bn_mul_comba8(&(t[0]), &(r[0]), &(r[n])); - bn_mul_comba8(r, &(a[n]), &(b[n])); - } else -# endif - { - bn_mul_recursive(&(t[0]), &(r[0]), &(r[n]), n, 0, 0, &(t[n2])); - bn_mul_recursive(r, &(a[n]), &(b[n]), n, 0, 0, &(t[n2])); - } - - /*- - * s0 == low(al*bl) - * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl) - * We know s0 and s1 so the only unknown is high(al*bl) - * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl)) - * high(al*bl) == s1 - (r[0]+l[0]+t[0]) - */ - if (l != NULL) { - lp = &(t[n2 + n]); - c1 = (int)(bn_add_words(lp, &(r[0]), &(l[0]), n)); - } else { - c1 = 0; - lp = &(r[0]); - } - - if (neg) - neg = (int)(bn_sub_words(&(t[n2]), lp, &(t[0]), n)); - else { - bn_add_words(&(t[n2]), lp, &(t[0]), n); - neg = 0; - } - - if (l != NULL) { - bn_sub_words(&(t[n2 + n]), &(l[n]), &(t[n2]), n); - } else { - lp = &(t[n2 + n]); - mp = &(t[n2]); - for (i = 0; i < n; i++) - lp[i] = ((~mp[i]) + 1) & BN_MASK2; - } - - /*- - * s[0] = low(al*bl) - * t[3] = high(al*bl) - * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign - * r[10] = (a[1]*b[1]) - */ - /*- - * R[10] = al*bl - * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0]) - * R[32] = ah*bh - */ - /*- - * R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow) - * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow) - * R[3]=r[1]+(carry/borrow) - */ - if (l != NULL) { - lp = &(t[n2]); - c1 = (int)(bn_add_words(lp, &(t[n2 + n]), &(l[0]), n)); - } else { - lp = &(t[n2 + n]); - c1 = 0; - } - c1 += (int)(bn_add_words(&(t[n2]), lp, &(r[0]), n)); - if (oneg) - c1 -= (int)(bn_sub_words(&(t[n2]), &(t[n2]), &(t[0]), n)); - else - c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), &(t[0]), n)); - - c2 = (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n2 + n]), n)); - c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(r[n]), n)); - if (oneg) - c2 -= (int)(bn_sub_words(&(r[0]), &(r[0]), &(t[n]), n)); - else - c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n]), n)); - - if (c1 != 0) { /* Add starting at r[0], could be +ve or -ve */ - i = 0; - if (c1 > 0) { - lc = c1; - do { - ll = (r[i] + lc) & BN_MASK2; - r[i++] = ll; - lc = (lc > ll); - } while (lc); - } else { - lc = -c1; - do { - ll = r[i]; - r[i++] = (ll - lc) & BN_MASK2; - lc = (lc > ll); - } while (lc); - } - } - if (c2 != 0) { /* Add starting at r[1] */ - i = n; - if (c2 > 0) { - lc = c2; - do { - ll = (r[i] + lc) & BN_MASK2; - r[i++] = ll; - lc = (lc > ll); - } while (lc); - } else { - lc = -c2; - do { - ll = r[i]; - r[i++] = (ll - lc) & BN_MASK2; - lc = (lc > ll); - } while (lc); - } - } -} -#endif /* BN_RECURSION */ - -int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -{ - int ret = 0; - int top, al, bl; - BIGNUM *rr; -#if defined(BN_MUL_COMBA) || defined(BN_RECURSION) - int i; -#endif -#ifdef BN_RECURSION - BIGNUM *t = NULL; - int j = 0, k; -#endif - -#ifdef BN_COUNT - fprintf(stderr, "BN_mul %d * %d\n", a->top, b->top); -#endif - - bn_check_top(a); - bn_check_top(b); - bn_check_top(r); - - al = a->top; - bl = b->top; - - if ((al == 0) || (bl == 0)) { - BN_zero(r); - return (1); - } - top = al + bl; - - BN_CTX_start(ctx); - if ((r == a) || (r == b)) { - if ((rr = BN_CTX_get(ctx)) == NULL) - goto err; - } else - rr = r; - rr->neg = a->neg ^ b->neg; - -#if defined(BN_MUL_COMBA) || defined(BN_RECURSION) - i = al - bl; -#endif -#ifdef BN_MUL_COMBA - if (i == 0) { -# if 0 - if (al == 4) { - if (bn_wexpand(rr, 8) == NULL) - goto err; - rr->top = 8; - bn_mul_comba4(rr->d, a->d, b->d); - goto end; - } -# endif - if (al == 8) { - if (bn_wexpand(rr, 16) == NULL) - goto err; - rr->top = 16; - bn_mul_comba8(rr->d, a->d, b->d); - goto end; - } - } -#endif /* BN_MUL_COMBA */ -#ifdef BN_RECURSION - if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) { - if (i >= -1 && i <= 1) { - /* - * Find out the power of two lower or equal to the longest of the - * two numbers - */ - if (i >= 0) { - j = BN_num_bits_word((BN_ULONG)al); - } - if (i == -1) { - j = BN_num_bits_word((BN_ULONG)bl); - } - j = 1 << (j - 1); - assert(j <= al || j <= bl); - k = j + j; - t = BN_CTX_get(ctx); - if (t == NULL) - goto err; - if (al > j || bl > j) { - if (bn_wexpand(t, k * 4) == NULL) - goto err; - if (bn_wexpand(rr, k * 4) == NULL) - goto err; - bn_mul_part_recursive(rr->d, a->d, b->d, - j, al - j, bl - j, t->d); - } else { /* al <= j || bl <= j */ - - if (bn_wexpand(t, k * 2) == NULL) - goto err; - if (bn_wexpand(rr, k * 2) == NULL) - goto err; - bn_mul_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d); - } - rr->top = top; - goto end; - } -# if 0 - if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) { - BIGNUM *tmp_bn = (BIGNUM *)b; - if (bn_wexpand(tmp_bn, al) == NULL) - goto err; - tmp_bn->d[bl] = 0; - bl++; - i--; - } else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) { - BIGNUM *tmp_bn = (BIGNUM *)a; - if (bn_wexpand(tmp_bn, bl) == NULL) - goto err; - tmp_bn->d[al] = 0; - al++; - i++; - } - if (i == 0) { - /* symmetric and > 4 */ - /* 16 or larger */ - j = BN_num_bits_word((BN_ULONG)al); - j = 1 << (j - 1); - k = j + j; - t = BN_CTX_get(ctx); - if (al == j) { /* exact multiple */ - if (bn_wexpand(t, k * 2) == NULL) - goto err; - if (bn_wexpand(rr, k * 2) == NULL) - goto err; - bn_mul_recursive(rr->d, a->d, b->d, al, t->d); - } else { - if (bn_wexpand(t, k * 4) == NULL) - goto err; - if (bn_wexpand(rr, k * 4) == NULL) - goto err; - bn_mul_part_recursive(rr->d, a->d, b->d, al - j, j, t->d); - } - rr->top = top; - goto end; - } -# endif - } -#endif /* BN_RECURSION */ - if (bn_wexpand(rr, top) == NULL) - goto err; - rr->top = top; - bn_mul_normal(rr->d, a->d, al, b->d, bl); - -#if defined(BN_MUL_COMBA) || defined(BN_RECURSION) - end: -#endif - bn_correct_top(rr); - if (r != rr && BN_copy(r, rr) == NULL) - goto err; - - ret = 1; - err: - bn_check_top(r); - BN_CTX_end(ctx); - return (ret); -} - -void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) -{ - BN_ULONG *rr; - -#ifdef BN_COUNT - fprintf(stderr, " bn_mul_normal %d * %d\n", na, nb); -#endif - - if (na < nb) { - int itmp; - BN_ULONG *ltmp; - - itmp = na; - na = nb; - nb = itmp; - ltmp = a; - a = b; - b = ltmp; - - } - rr = &(r[na]); - if (nb <= 0) { - (void)bn_mul_words(r, a, na, 0); - return; - } else - rr[0] = bn_mul_words(r, a, na, b[0]); - - for (;;) { - if (--nb <= 0) - return; - rr[1] = bn_mul_add_words(&(r[1]), a, na, b[1]); - if (--nb <= 0) - return; - rr[2] = bn_mul_add_words(&(r[2]), a, na, b[2]); - if (--nb <= 0) - return; - rr[3] = bn_mul_add_words(&(r[3]), a, na, b[3]); - if (--nb <= 0) - return; - rr[4] = bn_mul_add_words(&(r[4]), a, na, b[4]); - rr += 4; - r += 4; - b += 4; - } -} - -void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) -{ -#ifdef BN_COUNT - fprintf(stderr, " bn_mul_low_normal %d * %d\n", n, n); -#endif - bn_mul_words(r, a, n, b[0]); - - for (;;) { - if (--n <= 0) - return; - bn_mul_add_words(&(r[1]), a, n, b[1]); - if (--n <= 0) - return; - bn_mul_add_words(&(r[2]), a, n, b[2]); - if (--n <= 0) - return; - bn_mul_add_words(&(r[3]), a, n, b[3]); - if (--n <= 0) - return; - bn_mul_add_words(&(r[4]), a, n, b[4]); - r += 4; - b += 4; - } -} diff --git a/thirdparty/openssl/crypto/bn/bn_nist.c b/thirdparty/openssl/crypto/bn/bn_nist.c deleted file mode 100644 index 4a45404c6f..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_nist.c +++ /dev/null @@ -1,1262 +0,0 @@ -/* crypto/bn/bn_nist.c */ -/* - * Written by Nils Larsch for the OpenSSL project - */ -/* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "bn_lcl.h" -#include "cryptlib.h" - -#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 -#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 -#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2 -#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2 -#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2 - -/* pre-computed tables are "carry-less" values of modulus*(i+1) */ -#if BN_BITS2 == 64 -static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = { - {0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFFULL}, - {0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL}, - {0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFCULL, 0xFFFFFFFFFFFFFFFFULL} -}; - -static const BN_ULONG _nist_p_192_sqr[] = { - 0x0000000000000001ULL, 0x0000000000000002ULL, 0x0000000000000001ULL, - 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL -}; - -static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = { - {0x0000000000000001ULL, 0xFFFFFFFF00000000ULL, - 0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL}, - {0x0000000000000002ULL, 0xFFFFFFFE00000000ULL, - 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFFULL} /* this one is - * "carry-full" */ -}; - -static const BN_ULONG _nist_p_224_sqr[] = { - 0x0000000000000001ULL, 0xFFFFFFFE00000000ULL, - 0xFFFFFFFFFFFFFFFFULL, 0x0000000200000000ULL, - 0x0000000000000000ULL, 0xFFFFFFFFFFFFFFFEULL, - 0xFFFFFFFFFFFFFFFFULL -}; - -static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = { - {0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL, - 0x0000000000000000ULL, 0xFFFFFFFF00000001ULL}, - {0xFFFFFFFFFFFFFFFEULL, 0x00000001FFFFFFFFULL, - 0x0000000000000000ULL, 0xFFFFFFFE00000002ULL}, - {0xFFFFFFFFFFFFFFFDULL, 0x00000002FFFFFFFFULL, - 0x0000000000000000ULL, 0xFFFFFFFD00000003ULL}, - {0xFFFFFFFFFFFFFFFCULL, 0x00000003FFFFFFFFULL, - 0x0000000000000000ULL, 0xFFFFFFFC00000004ULL}, - {0xFFFFFFFFFFFFFFFBULL, 0x00000004FFFFFFFFULL, - 0x0000000000000000ULL, 0xFFFFFFFB00000005ULL}, -}; - -static const BN_ULONG _nist_p_256_sqr[] = { - 0x0000000000000001ULL, 0xFFFFFFFE00000000ULL, - 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFEULL, - 0x00000001FFFFFFFEULL, 0x00000001FFFFFFFEULL, - 0xFFFFFFFE00000001ULL, 0xFFFFFFFE00000002ULL -}; - -static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = { - {0x00000000FFFFFFFFULL, 0xFFFFFFFF00000000ULL, 0xFFFFFFFFFFFFFFFEULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, - {0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, - {0x00000002FFFFFFFDULL, 0xFFFFFFFD00000000ULL, 0xFFFFFFFFFFFFFFFCULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, - {0x00000003FFFFFFFCULL, 0xFFFFFFFC00000000ULL, 0xFFFFFFFFFFFFFFFBULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, - {0x00000004FFFFFFFBULL, 0xFFFFFFFB00000000ULL, 0xFFFFFFFFFFFFFFFAULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, -}; - -static const BN_ULONG _nist_p_384_sqr[] = { - 0xFFFFFFFE00000001ULL, 0x0000000200000000ULL, 0xFFFFFFFE00000000ULL, - 0x0000000200000000ULL, 0x0000000000000001ULL, 0x0000000000000000ULL, - 0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL -}; - -static const BN_ULONG _nist_p_521[] = - { 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, - 0x00000000000001FFULL -}; - -static const BN_ULONG _nist_p_521_sqr[] = { - 0x0000000000000001ULL, 0x0000000000000000ULL, 0x0000000000000000ULL, - 0x0000000000000000ULL, 0x0000000000000000ULL, 0x0000000000000000ULL, - 0x0000000000000000ULL, 0x0000000000000000ULL, 0xFFFFFFFFFFFFFC00ULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, - 0xFFFFFFFFFFFFFFFFULL, 0x000000000003FFFFULL -}; -#elif BN_BITS2 == 32 -static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = { - {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF} -}; - -static const BN_ULONG _nist_p_192_sqr[] = { - 0x00000001, 0x00000000, 0x00000002, 0x00000000, 0x00000001, 0x00000000, - 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF -}; - -static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = { - {0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF} -}; - -static const BN_ULONG _nist_p_224_sqr[] = { - 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE, - 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000002, - 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF -}; - -static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = { - {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, - 0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF}, - {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001, - 0x00000000, 0x00000000, 0x00000002, 0xFFFFFFFE}, - {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002, - 0x00000000, 0x00000000, 0x00000003, 0xFFFFFFFD}, - {0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003, - 0x00000000, 0x00000000, 0x00000004, 0xFFFFFFFC}, - {0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000004, - 0x00000000, 0x00000000, 0x00000005, 0xFFFFFFFB}, -}; - -static const BN_ULONG _nist_p_256_sqr[] = { - 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0x00000001, - 0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001, - 0x00000001, 0xFFFFFFFE, 0x00000002, 0xFFFFFFFE -}; - -static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = { - {0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0xFFFFFFFD, 0x00000002, 0x00000000, 0xFFFFFFFD, 0xFFFFFFFC, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0xFFFFFFFC, 0x00000003, 0x00000000, 0xFFFFFFFC, 0xFFFFFFFB, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0xFFFFFFFB, 0x00000004, 0x00000000, 0xFFFFFFFB, 0xFFFFFFFA, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, -}; - -static const BN_ULONG _nist_p_384_sqr[] = { - 0x00000001, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000000, 0xFFFFFFFE, - 0x00000000, 0x00000002, 0x00000001, 0x00000000, 0x00000000, 0x00000000, - 0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF -}; - -static const BN_ULONG _nist_p_521[] = { 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, - 0xFFFFFFFF, 0x000001FF -}; - -static const BN_ULONG _nist_p_521_sqr[] = { - 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFC00, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0x0003FFFF -}; -#else -# error "unsupported BN_BITS2" -#endif - -static const BIGNUM _bignum_nist_p_192 = { - (BN_ULONG *)_nist_p_192[0], - BN_NIST_192_TOP, - BN_NIST_192_TOP, - 0, - BN_FLG_STATIC_DATA -}; - -static const BIGNUM _bignum_nist_p_224 = { - (BN_ULONG *)_nist_p_224[0], - BN_NIST_224_TOP, - BN_NIST_224_TOP, - 0, - BN_FLG_STATIC_DATA -}; - -static const BIGNUM _bignum_nist_p_256 = { - (BN_ULONG *)_nist_p_256[0], - BN_NIST_256_TOP, - BN_NIST_256_TOP, - 0, - BN_FLG_STATIC_DATA -}; - -static const BIGNUM _bignum_nist_p_384 = { - (BN_ULONG *)_nist_p_384[0], - BN_NIST_384_TOP, - BN_NIST_384_TOP, - 0, - BN_FLG_STATIC_DATA -}; - -static const BIGNUM _bignum_nist_p_521 = { - (BN_ULONG *)_nist_p_521, - BN_NIST_521_TOP, - BN_NIST_521_TOP, - 0, - BN_FLG_STATIC_DATA -}; - -const BIGNUM *BN_get0_nist_prime_192(void) -{ - return &_bignum_nist_p_192; -} - -const BIGNUM *BN_get0_nist_prime_224(void) -{ - return &_bignum_nist_p_224; -} - -const BIGNUM *BN_get0_nist_prime_256(void) -{ - return &_bignum_nist_p_256; -} - -const BIGNUM *BN_get0_nist_prime_384(void) -{ - return &_bignum_nist_p_384; -} - -const BIGNUM *BN_get0_nist_prime_521(void) -{ - return &_bignum_nist_p_521; -} - -static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max) -{ - int i; - -#ifdef BN_DEBUG - OPENSSL_assert(top <= max); -#endif - for (i = 0; i < top; i++) - dst[i] = src[i]; - for (; i < max; i++) - dst[i] = 0; -} - -static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top) -{ - int i; - - for (i = 0; i < top; i++) - dst[i] = src[i]; -} - -#if BN_BITS2 == 64 -# define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; -# define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0; -/* - * two following macros are implemented under assumption that they - * are called in a sequence with *ascending* n, i.e. as they are... - */ -# define bn_cp_32_naked(to, n, from, m) (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\ - :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l))) -# define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0)); -# define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n) -# if defined(L_ENDIAN) -# if defined(__arch64__) -# define NIST_INT64 long -# else -# define NIST_INT64 long long -# endif -# endif -#else -# define bn_cp_64(to, n, from, m) \ - { \ - bn_cp_32(to, (n)*2, from, (m)*2); \ - bn_cp_32(to, (n)*2+1, from, (m)*2+1); \ - } -# define bn_64_set_0(to, n) \ - { \ - bn_32_set_0(to, (n)*2); \ - bn_32_set_0(to, (n)*2+1); \ - } -# define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; -# define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; -# if defined(_WIN32) && !defined(__GNUC__) -# define NIST_INT64 __int64 -# elif defined(BN_LLONG) -# define NIST_INT64 long long -# endif -#endif /* BN_BITS2 != 64 */ - -#define nist_set_192(to, from, a1, a2, a3) \ - { \ - bn_cp_64(to, 0, from, (a3) - 3) \ - bn_cp_64(to, 1, from, (a2) - 3) \ - bn_cp_64(to, 2, from, (a1) - 3) \ - } - -int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - BN_CTX *ctx) -{ - int top = a->top, i; - int carry; - register BN_ULONG *r_d, *a_d = a->d; - union { - BN_ULONG bn[BN_NIST_192_TOP]; - unsigned int ui[BN_NIST_192_TOP * sizeof(BN_ULONG) / - sizeof(unsigned int)]; - } buf; - BN_ULONG c_d[BN_NIST_192_TOP], *res; - PTR_SIZE_INT mask; - static const BIGNUM _bignum_nist_p_192_sqr = { - (BN_ULONG *)_nist_p_192_sqr, - sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), - sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), - 0, BN_FLG_STATIC_DATA - }; - - field = &_bignum_nist_p_192; /* just to make sure */ - - if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_192_sqr) >= 0) - return BN_nnmod(r, a, field, ctx); - - i = BN_ucmp(field, a); - if (i == 0) { - BN_zero(r); - return 1; - } else if (i > 0) - return (r == a) ? 1 : (BN_copy(r, a) != NULL); - - if (r != a) { - if (!bn_wexpand(r, BN_NIST_192_TOP)) - return 0; - r_d = r->d; - nist_cp_bn(r_d, a_d, BN_NIST_192_TOP); - } else - r_d = a_d; - - nist_cp_bn_0(buf.bn, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, - BN_NIST_192_TOP); - -#if defined(NIST_INT64) - { - NIST_INT64 acc; /* accumulator */ - unsigned int *rp = (unsigned int *)r_d; - const unsigned int *bp = (const unsigned int *)buf.ui; - - acc = rp[0]; - acc += bp[3 * 2 - 6]; - acc += bp[5 * 2 - 6]; - rp[0] = (unsigned int)acc; - acc >>= 32; - - acc += rp[1]; - acc += bp[3 * 2 - 5]; - acc += bp[5 * 2 - 5]; - rp[1] = (unsigned int)acc; - acc >>= 32; - - acc += rp[2]; - acc += bp[3 * 2 - 6]; - acc += bp[4 * 2 - 6]; - acc += bp[5 * 2 - 6]; - rp[2] = (unsigned int)acc; - acc >>= 32; - - acc += rp[3]; - acc += bp[3 * 2 - 5]; - acc += bp[4 * 2 - 5]; - acc += bp[5 * 2 - 5]; - rp[3] = (unsigned int)acc; - acc >>= 32; - - acc += rp[4]; - acc += bp[4 * 2 - 6]; - acc += bp[5 * 2 - 6]; - rp[4] = (unsigned int)acc; - acc >>= 32; - - acc += rp[5]; - acc += bp[4 * 2 - 5]; - acc += bp[5 * 2 - 5]; - rp[5] = (unsigned int)acc; - - carry = (int)(acc >> 32); - } -#else - { - BN_ULONG t_d[BN_NIST_192_TOP]; - - nist_set_192(t_d, buf.bn, 0, 3, 3); - carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); - nist_set_192(t_d, buf.bn, 4, 4, 0); - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); - nist_set_192(t_d, buf.bn, 5, 5, 5) - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); - } -#endif - if (carry > 0) - carry = - (int)bn_sub_words(r_d, r_d, _nist_p_192[carry - 1], - BN_NIST_192_TOP); - else - carry = 1; - - /* - * we need 'if (carry==0 || result>=modulus) result-=modulus;' - * as comparison implies subtraction, we can write - * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' - * this is what happens below, but without explicit if:-) a. - */ - mask = - 0 - (PTR_SIZE_INT) bn_sub_words(c_d, r_d, _nist_p_192[0], - BN_NIST_192_TOP); - mask &= 0 - (PTR_SIZE_INT) carry; - res = c_d; - res = (BN_ULONG *) - (((PTR_SIZE_INT) res & ~mask) | ((PTR_SIZE_INT) r_d & mask)); - nist_cp_bn(r_d, res, BN_NIST_192_TOP); - r->top = BN_NIST_192_TOP; - bn_correct_top(r); - - return 1; -} - -typedef BN_ULONG (*bn_addsub_f) (BN_ULONG *, const BN_ULONG *, - const BN_ULONG *, int); - -#define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \ - { \ - bn_cp_32(to, 0, from, (a7) - 7) \ - bn_cp_32(to, 1, from, (a6) - 7) \ - bn_cp_32(to, 2, from, (a5) - 7) \ - bn_cp_32(to, 3, from, (a4) - 7) \ - bn_cp_32(to, 4, from, (a3) - 7) \ - bn_cp_32(to, 5, from, (a2) - 7) \ - bn_cp_32(to, 6, from, (a1) - 7) \ - } - -int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - BN_CTX *ctx) -{ - int top = a->top, i; - int carry; - BN_ULONG *r_d, *a_d = a->d; - union { - BN_ULONG bn[BN_NIST_224_TOP]; - unsigned int ui[BN_NIST_224_TOP * sizeof(BN_ULONG) / - sizeof(unsigned int)]; - } buf; - BN_ULONG c_d[BN_NIST_224_TOP], *res; - PTR_SIZE_INT mask; - union { - bn_addsub_f f; - PTR_SIZE_INT p; - } u; - static const BIGNUM _bignum_nist_p_224_sqr = { - (BN_ULONG *)_nist_p_224_sqr, - sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), - sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), - 0, BN_FLG_STATIC_DATA - }; - - field = &_bignum_nist_p_224; /* just to make sure */ - - if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_224_sqr) >= 0) - return BN_nnmod(r, a, field, ctx); - - i = BN_ucmp(field, a); - if (i == 0) { - BN_zero(r); - return 1; - } else if (i > 0) - return (r == a) ? 1 : (BN_copy(r, a) != NULL); - - if (r != a) { - if (!bn_wexpand(r, BN_NIST_224_TOP)) - return 0; - r_d = r->d; - nist_cp_bn(r_d, a_d, BN_NIST_224_TOP); - } else - r_d = a_d; - -#if BN_BITS2==64 - /* copy upper 256 bits of 448 bit number ... */ - nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP - 1), - top - (BN_NIST_224_TOP - 1), BN_NIST_224_TOP); - /* ... and right shift by 32 to obtain upper 224 bits */ - nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8); - /* truncate lower part to 224 bits too */ - r_d[BN_NIST_224_TOP - 1] &= BN_MASK2l; -#else - nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, - BN_NIST_224_TOP); -#endif - -#if defined(NIST_INT64) && BN_BITS2!=64 - { - NIST_INT64 acc; /* accumulator */ - unsigned int *rp = (unsigned int *)r_d; - const unsigned int *bp = (const unsigned int *)buf.ui; - - acc = rp[0]; - acc -= bp[7 - 7]; - acc -= bp[11 - 7]; - rp[0] = (unsigned int)acc; - acc >>= 32; - - acc += rp[1]; - acc -= bp[8 - 7]; - acc -= bp[12 - 7]; - rp[1] = (unsigned int)acc; - acc >>= 32; - - acc += rp[2]; - acc -= bp[9 - 7]; - acc -= bp[13 - 7]; - rp[2] = (unsigned int)acc; - acc >>= 32; - - acc += rp[3]; - acc += bp[7 - 7]; - acc += bp[11 - 7]; - acc -= bp[10 - 7]; - rp[3] = (unsigned int)acc; - acc >>= 32; - - acc += rp[4]; - acc += bp[8 - 7]; - acc += bp[12 - 7]; - acc -= bp[11 - 7]; - rp[4] = (unsigned int)acc; - acc >>= 32; - - acc += rp[5]; - acc += bp[9 - 7]; - acc += bp[13 - 7]; - acc -= bp[12 - 7]; - rp[5] = (unsigned int)acc; - acc >>= 32; - - acc += rp[6]; - acc += bp[10 - 7]; - acc -= bp[13 - 7]; - rp[6] = (unsigned int)acc; - - carry = (int)(acc >> 32); -# if BN_BITS2==64 - rp[7] = carry; -# endif - } -#else - { - BN_ULONG t_d[BN_NIST_224_TOP]; - - nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0); - carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); - nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0); - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); - nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7); - carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); - nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11); - carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); - -# if BN_BITS2==64 - carry = (int)(r_d[BN_NIST_224_TOP - 1] >> 32); -# endif - } -#endif - u.f = bn_sub_words; - if (carry > 0) { - carry = - (int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1], - BN_NIST_224_TOP); -#if BN_BITS2==64 - carry = (int)(~(r_d[BN_NIST_224_TOP - 1] >> 32)) & 1; -#endif - } else if (carry < 0) { - /* - * it's a bit more comlicated logic in this case. if bn_add_words - * yields no carry, then result has to be adjusted by unconditionally - * *adding* the modulus. but if it does, then result has to be - * compared to the modulus and conditionally adjusted by - * *subtracting* the latter. - */ - carry = - (int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1], - BN_NIST_224_TOP); - mask = 0 - (PTR_SIZE_INT) carry; - u.p = ((PTR_SIZE_INT) bn_sub_words & mask) | - ((PTR_SIZE_INT) bn_add_words & ~mask); - } else - carry = 1; - - /* otherwise it's effectively same as in BN_nist_mod_192... */ - mask = - 0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP); - mask &= 0 - (PTR_SIZE_INT) carry; - res = c_d; - res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) | - ((PTR_SIZE_INT) r_d & mask)); - nist_cp_bn(r_d, res, BN_NIST_224_TOP); - r->top = BN_NIST_224_TOP; - bn_correct_top(r); - - return 1; -} - -#define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \ - { \ - bn_cp_32(to, 0, from, (a8) - 8) \ - bn_cp_32(to, 1, from, (a7) - 8) \ - bn_cp_32(to, 2, from, (a6) - 8) \ - bn_cp_32(to, 3, from, (a5) - 8) \ - bn_cp_32(to, 4, from, (a4) - 8) \ - bn_cp_32(to, 5, from, (a3) - 8) \ - bn_cp_32(to, 6, from, (a2) - 8) \ - bn_cp_32(to, 7, from, (a1) - 8) \ - } - -int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - BN_CTX *ctx) -{ - int i, top = a->top; - int carry = 0; - register BN_ULONG *a_d = a->d, *r_d; - union { - BN_ULONG bn[BN_NIST_256_TOP]; - unsigned int ui[BN_NIST_256_TOP * sizeof(BN_ULONG) / - sizeof(unsigned int)]; - } buf; - BN_ULONG c_d[BN_NIST_256_TOP], *res; - PTR_SIZE_INT mask; - union { - bn_addsub_f f; - PTR_SIZE_INT p; - } u; - static const BIGNUM _bignum_nist_p_256_sqr = { - (BN_ULONG *)_nist_p_256_sqr, - sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), - sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), - 0, BN_FLG_STATIC_DATA - }; - - field = &_bignum_nist_p_256; /* just to make sure */ - - if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_256_sqr) >= 0) - return BN_nnmod(r, a, field, ctx); - - i = BN_ucmp(field, a); - if (i == 0) { - BN_zero(r); - return 1; - } else if (i > 0) - return (r == a) ? 1 : (BN_copy(r, a) != NULL); - - if (r != a) { - if (!bn_wexpand(r, BN_NIST_256_TOP)) - return 0; - r_d = r->d; - nist_cp_bn(r_d, a_d, BN_NIST_256_TOP); - } else - r_d = a_d; - - nist_cp_bn_0(buf.bn, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, - BN_NIST_256_TOP); - -#if defined(NIST_INT64) - { - NIST_INT64 acc; /* accumulator */ - unsigned int *rp = (unsigned int *)r_d; - const unsigned int *bp = (const unsigned int *)buf.ui; - - acc = rp[0]; - acc += bp[8 - 8]; - acc += bp[9 - 8]; - acc -= bp[11 - 8]; - acc -= bp[12 - 8]; - acc -= bp[13 - 8]; - acc -= bp[14 - 8]; - rp[0] = (unsigned int)acc; - acc >>= 32; - - acc += rp[1]; - acc += bp[9 - 8]; - acc += bp[10 - 8]; - acc -= bp[12 - 8]; - acc -= bp[13 - 8]; - acc -= bp[14 - 8]; - acc -= bp[15 - 8]; - rp[1] = (unsigned int)acc; - acc >>= 32; - - acc += rp[2]; - acc += bp[10 - 8]; - acc += bp[11 - 8]; - acc -= bp[13 - 8]; - acc -= bp[14 - 8]; - acc -= bp[15 - 8]; - rp[2] = (unsigned int)acc; - acc >>= 32; - - acc += rp[3]; - acc += bp[11 - 8]; - acc += bp[11 - 8]; - acc += bp[12 - 8]; - acc += bp[12 - 8]; - acc += bp[13 - 8]; - acc -= bp[15 - 8]; - acc -= bp[8 - 8]; - acc -= bp[9 - 8]; - rp[3] = (unsigned int)acc; - acc >>= 32; - - acc += rp[4]; - acc += bp[12 - 8]; - acc += bp[12 - 8]; - acc += bp[13 - 8]; - acc += bp[13 - 8]; - acc += bp[14 - 8]; - acc -= bp[9 - 8]; - acc -= bp[10 - 8]; - rp[4] = (unsigned int)acc; - acc >>= 32; - - acc += rp[5]; - acc += bp[13 - 8]; - acc += bp[13 - 8]; - acc += bp[14 - 8]; - acc += bp[14 - 8]; - acc += bp[15 - 8]; - acc -= bp[10 - 8]; - acc -= bp[11 - 8]; - rp[5] = (unsigned int)acc; - acc >>= 32; - - acc += rp[6]; - acc += bp[14 - 8]; - acc += bp[14 - 8]; - acc += bp[15 - 8]; - acc += bp[15 - 8]; - acc += bp[14 - 8]; - acc += bp[13 - 8]; - acc -= bp[8 - 8]; - acc -= bp[9 - 8]; - rp[6] = (unsigned int)acc; - acc >>= 32; - - acc += rp[7]; - acc += bp[15 - 8]; - acc += bp[15 - 8]; - acc += bp[15 - 8]; - acc += bp[8 - 8]; - acc -= bp[10 - 8]; - acc -= bp[11 - 8]; - acc -= bp[12 - 8]; - acc -= bp[13 - 8]; - rp[7] = (unsigned int)acc; - - carry = (int)(acc >> 32); - } -#else - { - BN_ULONG t_d[BN_NIST_256_TOP]; - - /* - * S1 - */ - nist_set_256(t_d, buf.bn, 15, 14, 13, 12, 11, 0, 0, 0); - /* - * S2 - */ - nist_set_256(c_d, buf.bn, 0, 15, 14, 13, 12, 0, 0, 0); - carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); - /* left shift */ - { - register BN_ULONG *ap, t, c; - ap = t_d; - c = 0; - for (i = BN_NIST_256_TOP; i != 0; --i) { - t = *ap; - *(ap++) = ((t << 1) | c) & BN_MASK2; - c = (t & BN_TBIT) ? 1 : 0; - } - carry <<= 1; - carry |= c; - } - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); - /* - * S3 - */ - nist_set_256(t_d, buf.bn, 15, 14, 0, 0, 0, 10, 9, 8); - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); - /* - * S4 - */ - nist_set_256(t_d, buf.bn, 8, 13, 15, 14, 13, 11, 10, 9); - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); - /* - * D1 - */ - nist_set_256(t_d, buf.bn, 10, 8, 0, 0, 0, 13, 12, 11); - carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); - /* - * D2 - */ - nist_set_256(t_d, buf.bn, 11, 9, 0, 0, 15, 14, 13, 12); - carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); - /* - * D3 - */ - nist_set_256(t_d, buf.bn, 12, 0, 10, 9, 8, 15, 14, 13); - carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); - /* - * D4 - */ - nist_set_256(t_d, buf.bn, 13, 0, 11, 10, 9, 0, 15, 14); - carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); - - } -#endif - /* see BN_nist_mod_224 for explanation */ - u.f = bn_sub_words; - if (carry > 0) - carry = - (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1], - BN_NIST_256_TOP); - else if (carry < 0) { - carry = - (int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1], - BN_NIST_256_TOP); - mask = 0 - (PTR_SIZE_INT) carry; - u.p = ((PTR_SIZE_INT) bn_sub_words & mask) | - ((PTR_SIZE_INT) bn_add_words & ~mask); - } else - carry = 1; - - mask = - 0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP); - mask &= 0 - (PTR_SIZE_INT) carry; - res = c_d; - res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) | - ((PTR_SIZE_INT) r_d & mask)); - nist_cp_bn(r_d, res, BN_NIST_256_TOP); - r->top = BN_NIST_256_TOP; - bn_correct_top(r); - - return 1; -} - -#define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \ - { \ - bn_cp_32(to, 0, from, (a12) - 12) \ - bn_cp_32(to, 1, from, (a11) - 12) \ - bn_cp_32(to, 2, from, (a10) - 12) \ - bn_cp_32(to, 3, from, (a9) - 12) \ - bn_cp_32(to, 4, from, (a8) - 12) \ - bn_cp_32(to, 5, from, (a7) - 12) \ - bn_cp_32(to, 6, from, (a6) - 12) \ - bn_cp_32(to, 7, from, (a5) - 12) \ - bn_cp_32(to, 8, from, (a4) - 12) \ - bn_cp_32(to, 9, from, (a3) - 12) \ - bn_cp_32(to, 10, from, (a2) - 12) \ - bn_cp_32(to, 11, from, (a1) - 12) \ - } - -int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - BN_CTX *ctx) -{ - int i, top = a->top; - int carry = 0; - register BN_ULONG *r_d, *a_d = a->d; - union { - BN_ULONG bn[BN_NIST_384_TOP]; - unsigned int ui[BN_NIST_384_TOP * sizeof(BN_ULONG) / - sizeof(unsigned int)]; - } buf; - BN_ULONG c_d[BN_NIST_384_TOP], *res; - PTR_SIZE_INT mask; - union { - bn_addsub_f f; - PTR_SIZE_INT p; - } u; - static const BIGNUM _bignum_nist_p_384_sqr = { - (BN_ULONG *)_nist_p_384_sqr, - sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), - sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), - 0, BN_FLG_STATIC_DATA - }; - - field = &_bignum_nist_p_384; /* just to make sure */ - - if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_384_sqr) >= 0) - return BN_nnmod(r, a, field, ctx); - - i = BN_ucmp(field, a); - if (i == 0) { - BN_zero(r); - return 1; - } else if (i > 0) - return (r == a) ? 1 : (BN_copy(r, a) != NULL); - - if (r != a) { - if (!bn_wexpand(r, BN_NIST_384_TOP)) - return 0; - r_d = r->d; - nist_cp_bn(r_d, a_d, BN_NIST_384_TOP); - } else - r_d = a_d; - - nist_cp_bn_0(buf.bn, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, - BN_NIST_384_TOP); - -#if defined(NIST_INT64) - { - NIST_INT64 acc; /* accumulator */ - unsigned int *rp = (unsigned int *)r_d; - const unsigned int *bp = (const unsigned int *)buf.ui; - - acc = rp[0]; - acc += bp[12 - 12]; - acc += bp[21 - 12]; - acc += bp[20 - 12]; - acc -= bp[23 - 12]; - rp[0] = (unsigned int)acc; - acc >>= 32; - - acc += rp[1]; - acc += bp[13 - 12]; - acc += bp[22 - 12]; - acc += bp[23 - 12]; - acc -= bp[12 - 12]; - acc -= bp[20 - 12]; - rp[1] = (unsigned int)acc; - acc >>= 32; - - acc += rp[2]; - acc += bp[14 - 12]; - acc += bp[23 - 12]; - acc -= bp[13 - 12]; - acc -= bp[21 - 12]; - rp[2] = (unsigned int)acc; - acc >>= 32; - - acc += rp[3]; - acc += bp[15 - 12]; - acc += bp[12 - 12]; - acc += bp[20 - 12]; - acc += bp[21 - 12]; - acc -= bp[14 - 12]; - acc -= bp[22 - 12]; - acc -= bp[23 - 12]; - rp[3] = (unsigned int)acc; - acc >>= 32; - - acc += rp[4]; - acc += bp[21 - 12]; - acc += bp[21 - 12]; - acc += bp[16 - 12]; - acc += bp[13 - 12]; - acc += bp[12 - 12]; - acc += bp[20 - 12]; - acc += bp[22 - 12]; - acc -= bp[15 - 12]; - acc -= bp[23 - 12]; - acc -= bp[23 - 12]; - rp[4] = (unsigned int)acc; - acc >>= 32; - - acc += rp[5]; - acc += bp[22 - 12]; - acc += bp[22 - 12]; - acc += bp[17 - 12]; - acc += bp[14 - 12]; - acc += bp[13 - 12]; - acc += bp[21 - 12]; - acc += bp[23 - 12]; - acc -= bp[16 - 12]; - rp[5] = (unsigned int)acc; - acc >>= 32; - - acc += rp[6]; - acc += bp[23 - 12]; - acc += bp[23 - 12]; - acc += bp[18 - 12]; - acc += bp[15 - 12]; - acc += bp[14 - 12]; - acc += bp[22 - 12]; - acc -= bp[17 - 12]; - rp[6] = (unsigned int)acc; - acc >>= 32; - - acc += rp[7]; - acc += bp[19 - 12]; - acc += bp[16 - 12]; - acc += bp[15 - 12]; - acc += bp[23 - 12]; - acc -= bp[18 - 12]; - rp[7] = (unsigned int)acc; - acc >>= 32; - - acc += rp[8]; - acc += bp[20 - 12]; - acc += bp[17 - 12]; - acc += bp[16 - 12]; - acc -= bp[19 - 12]; - rp[8] = (unsigned int)acc; - acc >>= 32; - - acc += rp[9]; - acc += bp[21 - 12]; - acc += bp[18 - 12]; - acc += bp[17 - 12]; - acc -= bp[20 - 12]; - rp[9] = (unsigned int)acc; - acc >>= 32; - - acc += rp[10]; - acc += bp[22 - 12]; - acc += bp[19 - 12]; - acc += bp[18 - 12]; - acc -= bp[21 - 12]; - rp[10] = (unsigned int)acc; - acc >>= 32; - - acc += rp[11]; - acc += bp[23 - 12]; - acc += bp[20 - 12]; - acc += bp[19 - 12]; - acc -= bp[22 - 12]; - rp[11] = (unsigned int)acc; - - carry = (int)(acc >> 32); - } -#else - { - BN_ULONG t_d[BN_NIST_384_TOP]; - - /* - * S1 - */ - nist_set_256(t_d, buf.bn, 0, 0, 0, 0, 0, 23 - 4, 22 - 4, 21 - 4); - /* left shift */ - { - register BN_ULONG *ap, t, c; - ap = t_d; - c = 0; - for (i = 3; i != 0; --i) { - t = *ap; - *(ap++) = ((t << 1) | c) & BN_MASK2; - c = (t & BN_TBIT) ? 1 : 0; - } - *ap = c; - } - carry = - (int)bn_add_words(r_d + (128 / BN_BITS2), r_d + (128 / BN_BITS2), - t_d, BN_NIST_256_TOP); - /* - * S2 - */ - carry += (int)bn_add_words(r_d, r_d, buf.bn, BN_NIST_384_TOP); - /* - * S3 - */ - nist_set_384(t_d, buf.bn, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23, 22, - 21); - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); - /* - * S4 - */ - nist_set_384(t_d, buf.bn, 19, 18, 17, 16, 15, 14, 13, 12, 20, 0, 23, - 0); - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); - /* - * S5 - */ - nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 23, 22, 21, 20, 0, 0, 0, 0); - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); - /* - * S6 - */ - nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 23, 22, 21, 0, 0, 20); - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); - /* - * D1 - */ - nist_set_384(t_d, buf.bn, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12, - 23); - carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); - /* - * D2 - */ - nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 0, 23, 22, 21, 20, 0); - carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); - /* - * D3 - */ - nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 0, 23, 23, 0, 0, 0); - carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); - - } -#endif - /* see BN_nist_mod_224 for explanation */ - u.f = bn_sub_words; - if (carry > 0) - carry = - (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1], - BN_NIST_384_TOP); - else if (carry < 0) { - carry = - (int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1], - BN_NIST_384_TOP); - mask = 0 - (PTR_SIZE_INT) carry; - u.p = ((PTR_SIZE_INT) bn_sub_words & mask) | - ((PTR_SIZE_INT) bn_add_words & ~mask); - } else - carry = 1; - - mask = - 0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP); - mask &= 0 - (PTR_SIZE_INT) carry; - res = c_d; - res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) | - ((PTR_SIZE_INT) r_d & mask)); - nist_cp_bn(r_d, res, BN_NIST_384_TOP); - r->top = BN_NIST_384_TOP; - bn_correct_top(r); - - return 1; -} - -#define BN_NIST_521_RSHIFT (521%BN_BITS2) -#define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT) -#define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT) - -int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - BN_CTX *ctx) -{ - int top = a->top, i; - BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res; - PTR_SIZE_INT mask; - static const BIGNUM _bignum_nist_p_521_sqr = { - (BN_ULONG *)_nist_p_521_sqr, - sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), - sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), - 0, BN_FLG_STATIC_DATA - }; - - field = &_bignum_nist_p_521; /* just to make sure */ - - if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_521_sqr) >= 0) - return BN_nnmod(r, a, field, ctx); - - i = BN_ucmp(field, a); - if (i == 0) { - BN_zero(r); - return 1; - } else if (i > 0) - return (r == a) ? 1 : (BN_copy(r, a) != NULL); - - if (r != a) { - if (!bn_wexpand(r, BN_NIST_521_TOP)) - return 0; - r_d = r->d; - nist_cp_bn(r_d, a_d, BN_NIST_521_TOP); - } else - r_d = a_d; - - /* upper 521 bits, copy ... */ - nist_cp_bn_0(t_d, a_d + (BN_NIST_521_TOP - 1), - top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP); - /* ... and right shift */ - for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) { - t_d[i] = (val >> BN_NIST_521_RSHIFT | - (tmp = t_d[i + 1]) << BN_NIST_521_LSHIFT) & BN_MASK2; - val = tmp; - } - t_d[i] = val >> BN_NIST_521_RSHIFT; - /* lower 521 bits */ - r_d[i] &= BN_NIST_521_TOP_MASK; - - bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP); - mask = - 0 - (PTR_SIZE_INT) bn_sub_words(t_d, r_d, _nist_p_521, - BN_NIST_521_TOP); - res = t_d; - res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) | - ((PTR_SIZE_INT) r_d & mask)); - nist_cp_bn(r_d, res, BN_NIST_521_TOP); - r->top = BN_NIST_521_TOP; - bn_correct_top(r); - - return 1; -} diff --git a/thirdparty/openssl/crypto/bn/bn_prime.c b/thirdparty/openssl/crypto/bn/bn_prime.c deleted file mode 100644 index e911e15785..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_prime.c +++ /dev/null @@ -1,504 +0,0 @@ -/* crypto/bn/bn_prime.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include <time.h> -#include "cryptlib.h" -#include "bn_lcl.h" -#include <openssl/rand.h> - -/* - * NB: these functions have been "upgraded", the deprecated versions (which - * are compatibility wrappers using these functions) are in bn_depr.c. - - * Geoff - */ - -/* - * The quick sieve algorithm approach to weeding out primes is Philip - * Zimmermann's, as implemented in PGP. I have had a read of his comments - * and implemented my own version. - */ -#include "bn_prime.h" - -static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, - const BIGNUM *a1_odd, int k, BN_CTX *ctx, - BN_MONT_CTX *mont); -static int probable_prime(BIGNUM *rnd, int bits); -static int probable_prime_dh(BIGNUM *rnd, int bits, - const BIGNUM *add, const BIGNUM *rem, - BN_CTX *ctx); -static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add, - const BIGNUM *rem, BN_CTX *ctx); - -int BN_GENCB_call(BN_GENCB *cb, int a, int b) -{ - /* No callback means continue */ - if (!cb) - return 1; - switch (cb->ver) { - case 1: - /* Deprecated-style callbacks */ - if (!cb->cb.cb_1) - return 1; - cb->cb.cb_1(a, b, cb->arg); - return 1; - case 2: - /* New-style callbacks */ - return cb->cb.cb_2(a, b, cb); - default: - break; - } - /* Unrecognised callback type */ - return 0; -} - -int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb) -{ - BIGNUM *t; - int found = 0; - int i, j, c1 = 0; - BN_CTX *ctx; - int checks = BN_prime_checks_for_size(bits); - - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - BN_CTX_start(ctx); - t = BN_CTX_get(ctx); - if (!t) - goto err; - loop: - /* make a random number and set the top and bottom bits */ - if (add == NULL) { - if (!probable_prime(ret, bits)) - goto err; - } else { - if (safe) { - if (!probable_prime_dh_safe(ret, bits, add, rem, ctx)) - goto err; - } else { - if (!probable_prime_dh(ret, bits, add, rem, ctx)) - goto err; - } - } - /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */ - if (!BN_GENCB_call(cb, 0, c1++)) - /* aborted */ - goto err; - - if (!safe) { - i = BN_is_prime_fasttest_ex(ret, checks, ctx, 0, cb); - if (i == -1) - goto err; - if (i == 0) - goto loop; - } else { - /* - * for "safe prime" generation, check that (p-1)/2 is prime. Since a - * prime is odd, We just need to divide by 2 - */ - if (!BN_rshift1(t, ret)) - goto err; - - for (i = 0; i < checks; i++) { - j = BN_is_prime_fasttest_ex(ret, 1, ctx, 0, cb); - if (j == -1) - goto err; - if (j == 0) - goto loop; - - j = BN_is_prime_fasttest_ex(t, 1, ctx, 0, cb); - if (j == -1) - goto err; - if (j == 0) - goto loop; - - if (!BN_GENCB_call(cb, 2, c1 - 1)) - goto err; - /* We have a safe prime test pass */ - } - } - /* we have a prime :-) */ - found = 1; - err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - bn_check_top(ret); - return found; -} - -int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, - BN_GENCB *cb) -{ - return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb); -} - -int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, - int do_trial_division, BN_GENCB *cb) -{ - int i, j, ret = -1; - int k; - BN_CTX *ctx = NULL; - BIGNUM *A1, *A1_odd, *check; /* taken from ctx */ - BN_MONT_CTX *mont = NULL; - - if (BN_cmp(a, BN_value_one()) <= 0) - return 0; - - if (checks == BN_prime_checks) - checks = BN_prime_checks_for_size(BN_num_bits(a)); - - /* first look for small factors */ - if (!BN_is_odd(a)) - /* a is even => a is prime if and only if a == 2 */ - return BN_is_word(a, 2); - if (do_trial_division) { - for (i = 1; i < NUMPRIMES; i++) - if (BN_mod_word(a, primes[i]) == 0) - return 0; - if (!BN_GENCB_call(cb, 1, -1)) - goto err; - } - - if (ctx_passed != NULL) - ctx = ctx_passed; - else if ((ctx = BN_CTX_new()) == NULL) - goto err; - BN_CTX_start(ctx); - - A1 = BN_CTX_get(ctx); - A1_odd = BN_CTX_get(ctx); - check = BN_CTX_get(ctx); - if (check == NULL) - goto err; - - /* compute A1 := a - 1 */ - if (!BN_copy(A1, a)) - goto err; - if (!BN_sub_word(A1, 1)) - goto err; - if (BN_is_zero(A1)) { - ret = 0; - goto err; - } - - /* write A1 as A1_odd * 2^k */ - k = 1; - while (!BN_is_bit_set(A1, k)) - k++; - if (!BN_rshift(A1_odd, A1, k)) - goto err; - - /* Montgomery setup for computations mod a */ - mont = BN_MONT_CTX_new(); - if (mont == NULL) - goto err; - if (!BN_MONT_CTX_set(mont, a, ctx)) - goto err; - - for (i = 0; i < checks; i++) { - if (!BN_pseudo_rand_range(check, A1)) - goto err; - if (!BN_add_word(check, 1)) - goto err; - /* now 1 <= check < a */ - - j = witness(check, a, A1, A1_odd, k, ctx, mont); - if (j == -1) - goto err; - if (j) { - ret = 0; - goto err; - } - if (!BN_GENCB_call(cb, 1, i)) - goto err; - } - ret = 1; - err: - if (ctx != NULL) { - BN_CTX_end(ctx); - if (ctx_passed == NULL) - BN_CTX_free(ctx); - } - if (mont != NULL) - BN_MONT_CTX_free(mont); - - return (ret); -} - -static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, - const BIGNUM *a1_odd, int k, BN_CTX *ctx, - BN_MONT_CTX *mont) -{ - if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */ - return -1; - if (BN_is_one(w)) - return 0; /* probably prime */ - if (BN_cmp(w, a1) == 0) - return 0; /* w == -1 (mod a), 'a' is probably prime */ - while (--k) { - if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */ - return -1; - if (BN_is_one(w)) - return 1; /* 'a' is composite, otherwise a previous 'w' - * would have been == -1 (mod 'a') */ - if (BN_cmp(w, a1) == 0) - return 0; /* w == -1 (mod a), 'a' is probably prime */ - } - /* - * If we get here, 'w' is the (a-1)/2-th power of the original 'w', and - * it is neither -1 nor +1 -- so 'a' cannot be prime - */ - bn_check_top(w); - return 1; -} - -static int probable_prime(BIGNUM *rnd, int bits) -{ - int i; - prime_t mods[NUMPRIMES]; - BN_ULONG delta, maxdelta; - - again: - if (!BN_rand(rnd, bits, 1, 1)) - return (0); - /* we now have a random number 'rand' to test. */ - for (i = 1; i < NUMPRIMES; i++) - mods[i] = (prime_t) BN_mod_word(rnd, (BN_ULONG)primes[i]); - maxdelta = BN_MASK2 - primes[NUMPRIMES - 1]; - delta = 0; - loop:for (i = 1; i < NUMPRIMES; i++) { - /* - * check that rnd is not a prime and also that gcd(rnd-1,primes) == 1 - * (except for 2) - */ - if (((mods[i] + delta) % primes[i]) <= 1) { - delta += 2; - if (delta > maxdelta) - goto again; - goto loop; - } - } - if (!BN_add_word(rnd, delta)) - return (0); - bn_check_top(rnd); - return (1); -} - -static int probable_prime_dh(BIGNUM *rnd, int bits, - const BIGNUM *add, const BIGNUM *rem, - BN_CTX *ctx) -{ - int i, ret = 0; - BIGNUM *t1; - - BN_CTX_start(ctx); - if ((t1 = BN_CTX_get(ctx)) == NULL) - goto err; - - if (!BN_rand(rnd, bits, 0, 1)) - goto err; - - /* we need ((rnd-rem) % add) == 0 */ - - if (!BN_mod(t1, rnd, add, ctx)) - goto err; - if (!BN_sub(rnd, rnd, t1)) - goto err; - if (rem == NULL) { - if (!BN_add_word(rnd, 1)) - goto err; - } else { - if (!BN_add(rnd, rnd, rem)) - goto err; - } - - /* we now have a random number 'rand' to test. */ - - loop:for (i = 1; i < NUMPRIMES; i++) { - /* check that rnd is a prime */ - if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) { - if (!BN_add(rnd, rnd, add)) - goto err; - goto loop; - } - } - ret = 1; - err: - BN_CTX_end(ctx); - bn_check_top(rnd); - return (ret); -} - -static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, - const BIGNUM *rem, BN_CTX *ctx) -{ - int i, ret = 0; - BIGNUM *t1, *qadd, *q; - - bits--; - BN_CTX_start(ctx); - t1 = BN_CTX_get(ctx); - q = BN_CTX_get(ctx); - qadd = BN_CTX_get(ctx); - if (qadd == NULL) - goto err; - - if (!BN_rshift1(qadd, padd)) - goto err; - - if (!BN_rand(q, bits, 0, 1)) - goto err; - - /* we need ((rnd-rem) % add) == 0 */ - if (!BN_mod(t1, q, qadd, ctx)) - goto err; - if (!BN_sub(q, q, t1)) - goto err; - if (rem == NULL) { - if (!BN_add_word(q, 1)) - goto err; - } else { - if (!BN_rshift1(t1, rem)) - goto err; - if (!BN_add(q, q, t1)) - goto err; - } - - /* we now have a random number 'rand' to test. */ - if (!BN_lshift1(p, q)) - goto err; - if (!BN_add_word(p, 1)) - goto err; - - loop:for (i = 1; i < NUMPRIMES; i++) { - /* check that p and q are prime */ - /* - * check that for p and q gcd(p-1,primes) == 1 (except for 2) - */ - if ((BN_mod_word(p, (BN_ULONG)primes[i]) == 0) || - (BN_mod_word(q, (BN_ULONG)primes[i]) == 0)) { - if (!BN_add(p, p, padd)) - goto err; - if (!BN_add(q, q, qadd)) - goto err; - goto loop; - } - } - ret = 1; - err: - BN_CTX_end(ctx); - bn_check_top(p); - return (ret); -} diff --git a/thirdparty/openssl/crypto/bn/bn_prime.h b/thirdparty/openssl/crypto/bn/bn_prime.h deleted file mode 100644 index 489af8b424..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_prime.h +++ /dev/null @@ -1,326 +0,0 @@ -/* Auto generated by bn_prime.pl */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef EIGHT_BIT -# define NUMPRIMES 2048 -typedef unsigned short prime_t; -#else -# define NUMPRIMES 54 -typedef unsigned char prime_t; -#endif -static const prime_t primes[NUMPRIMES] = { - 2, 3, 5, 7, 11, 13, 17, 19, - 23, 29, 31, 37, 41, 43, 47, 53, - 59, 61, 67, 71, 73, 79, 83, 89, - 97, 101, 103, 107, 109, 113, 127, 131, - 137, 139, 149, 151, 157, 163, 167, 173, - 179, 181, 191, 193, 197, 199, 211, 223, - 227, 229, 233, 239, 241, 251, -#ifndef EIGHT_BIT - 257, 263, - 269, 271, 277, 281, 283, 293, 307, 311, - 313, 317, 331, 337, 347, 349, 353, 359, - 367, 373, 379, 383, 389, 397, 401, 409, - 419, 421, 431, 433, 439, 443, 449, 457, - 461, 463, 467, 479, 487, 491, 499, 503, - 509, 521, 523, 541, 547, 557, 563, 569, - 571, 577, 587, 593, 599, 601, 607, 613, - 617, 619, 631, 641, 643, 647, 653, 659, - 661, 673, 677, 683, 691, 701, 709, 719, - 727, 733, 739, 743, 751, 757, 761, 769, - 773, 787, 797, 809, 811, 821, 823, 827, - 829, 839, 853, 857, 859, 863, 877, 881, - 883, 887, 907, 911, 919, 929, 937, 941, - 947, 953, 967, 971, 977, 983, 991, 997, - 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, - 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, - 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, - 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, - 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, - 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, - 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, - 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, - 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, - 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, - 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, - 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, - 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, - 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, - 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, - 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, - 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, - 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, - 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, - 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, - 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, - 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, - 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, - 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, - 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, - 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, - 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, - 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, - 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, - 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, - 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, - 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, - 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, - 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, - 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, - 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, - 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, - 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, - 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, - 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, - 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, - 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, - 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, - 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, - 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, - 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, - 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, - 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, - 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, - 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, - 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, - 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, - 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, - 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, - 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, - 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, - 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, - 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, - 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, - 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, - 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, - 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, - 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, - 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, - 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, - 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, - 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, - 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, - 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, - 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, - 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, - 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, - 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, - 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, - 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, - 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, - 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, - 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, - 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, - 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, - 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, - 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, - 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, - 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, - 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, - 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, - 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, - 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, - 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, - 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, - 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, - 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, - 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, - 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, - 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, - 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, - 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, - 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, - 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, - 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, - 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, - 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, - 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, - 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, - 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, - 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, - 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, - 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, - 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, - 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, - 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, - 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, - 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, - 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, - 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, - 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, - 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, - 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, - 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, - 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, - 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, - 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, - 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, - 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, - 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, - 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, - 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, - 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, - 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, - 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, - 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, - 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, - 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, - 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, - 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, - 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, - 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, - 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, - 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, - 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, - 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, - 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, - 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, - 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, - 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, - 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, - 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, - 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, - 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, - 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, - 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, - 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, - 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, - 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, - 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, - 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, - 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, - 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, - 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, - 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, - 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, - 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, - 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, - 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, - 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, - 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, - 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, - 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, - 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, - 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, - 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, - 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, - 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, - 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, - 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, - 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, - 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, - 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, - 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, - 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, - 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, - 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, - 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, - 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, - 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, - 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, - 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, - 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, - 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, - 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, - 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, - 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, - 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, - 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, - 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, - 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, - 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, - 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, - 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, - 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, - 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, - 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, - 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, - 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, - 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, - 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, - 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, - 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, - 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, - 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, - 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, - 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, - 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, - 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, - 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, - 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, - 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, - 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, - 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, - 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, - 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, - 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, - 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, - 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, - 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, - 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, - 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, - 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, - 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, - 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, - 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, - 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, - 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, - 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, - 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, -#endif -}; diff --git a/thirdparty/openssl/crypto/bn/bn_print.c b/thirdparty/openssl/crypto/bn/bn_print.c deleted file mode 100644 index f85a6550a5..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_print.c +++ /dev/null @@ -1,402 +0,0 @@ -/* crypto/bn/bn_print.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <ctype.h> -#include <limits.h> -#include "cryptlib.h" -#include <openssl/buffer.h> -#include "bn_lcl.h" - -static const char Hex[] = "0123456789ABCDEF"; - -/* Must 'OPENSSL_free' the returned data */ -char *BN_bn2hex(const BIGNUM *a) -{ - int i, j, v, z = 0; - char *buf; - char *p; - - if (BN_is_zero(a)) - return OPENSSL_strdup("0"); - buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); - if (buf == NULL) { - BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE); - goto err; - } - p = buf; - if (a->neg) - *(p++) = '-'; - for (i = a->top - 1; i >= 0; i--) { - for (j = BN_BITS2 - 8; j >= 0; j -= 8) { - /* strip leading zeros */ - v = ((int)(a->d[i] >> (long)j)) & 0xff; - if (z || (v != 0)) { - *(p++) = Hex[v >> 4]; - *(p++) = Hex[v & 0x0f]; - z = 1; - } - } - } - *p = '\0'; - err: - return (buf); -} - -/* Must 'OPENSSL_free' the returned data */ -char *BN_bn2dec(const BIGNUM *a) -{ - int i = 0, num, ok = 0; - char *buf = NULL; - char *p; - BIGNUM *t = NULL; - BN_ULONG *bn_data = NULL, *lp; - int bn_data_num; - - /*- - * get an upper bound for the length of the decimal integer - * num <= (BN_num_bits(a) + 1) * log(2) - * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) - * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 - */ - i = BN_num_bits(a) * 3; - num = (i / 10 + i / 1000 + 1) + 1; - bn_data_num = num / BN_DEC_NUM + 1; - bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG)); - buf = OPENSSL_malloc(num + 3); - if ((buf == NULL) || (bn_data == NULL)) { - BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE); - goto err; - } - if ((t = BN_dup(a)) == NULL) - goto err; - -#define BUF_REMAIN (num+3 - (size_t)(p - buf)) - p = buf; - lp = bn_data; - if (BN_is_zero(t)) { - *(p++) = '0'; - *(p++) = '\0'; - } else { - if (BN_is_negative(t)) - *p++ = '-'; - - while (!BN_is_zero(t)) { - if (lp - bn_data >= bn_data_num) - goto err; - *lp = BN_div_word(t, BN_DEC_CONV); - if (*lp == (BN_ULONG)-1) - goto err; - lp++; - } - lp--; - /* - * We now have a series of blocks, BN_DEC_NUM chars in length, where - * the last one needs truncation. The blocks need to be reversed in - * order. - */ - BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp); - while (*p) - p++; - while (lp != bn_data) { - lp--; - BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp); - while (*p) - p++; - } - } - ok = 1; - err: - if (bn_data != NULL) - OPENSSL_free(bn_data); - if (t != NULL) - BN_free(t); - if (!ok && buf) { - OPENSSL_free(buf); - buf = NULL; - } - - return (buf); -} - -int BN_hex2bn(BIGNUM **bn, const char *a) -{ - BIGNUM *ret = NULL; - BN_ULONG l = 0; - int neg = 0, h, m, i, j, k, c; - int num; - - if ((a == NULL) || (*a == '\0')) - return (0); - - if (*a == '-') { - neg = 1; - a++; - } - - for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++) - continue; - - if (i > INT_MAX/4) - goto err; - - num = i + neg; - if (bn == NULL) - return (num); - - /* a is the start of the hex digits, and it is 'i' long */ - if (*bn == NULL) { - if ((ret = BN_new()) == NULL) - return (0); - } else { - ret = *bn; - BN_zero(ret); - } - - /* i is the number of hex digits */ - if (bn_expand(ret, i * 4) == NULL) - goto err; - - j = i; /* least significant 'hex' */ - m = 0; - h = 0; - while (j > 0) { - m = ((BN_BYTES * 2) <= j) ? (BN_BYTES * 2) : j; - l = 0; - for (;;) { - c = a[j - m]; - if ((c >= '0') && (c <= '9')) - k = c - '0'; - else if ((c >= 'a') && (c <= 'f')) - k = c - 'a' + 10; - else if ((c >= 'A') && (c <= 'F')) - k = c - 'A' + 10; - else - k = 0; /* paranoia */ - l = (l << 4) | k; - - if (--m <= 0) { - ret->d[h++] = l; - break; - } - } - j -= (BN_BYTES * 2); - } - ret->top = h; - bn_correct_top(ret); - - *bn = ret; - bn_check_top(ret); - /* Don't set the negative flag if it's zero. */ - if (ret->top != 0) - ret->neg = neg; - return (num); - err: - if (*bn == NULL) - BN_free(ret); - return (0); -} - -int BN_dec2bn(BIGNUM **bn, const char *a) -{ - BIGNUM *ret = NULL; - BN_ULONG l = 0; - int neg = 0, i, j; - int num; - - if ((a == NULL) || (*a == '\0')) - return (0); - if (*a == '-') { - neg = 1; - a++; - } - - for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++) - continue; - - if (i > INT_MAX/4) - goto err; - - num = i + neg; - if (bn == NULL) - return (num); - - /* - * a is the start of the digits, and it is 'i' long. We chop it into - * BN_DEC_NUM digits at a time - */ - if (*bn == NULL) { - if ((ret = BN_new()) == NULL) - return (0); - } else { - ret = *bn; - BN_zero(ret); - } - - /* i is the number of digits, a bit of an over expand */ - if (bn_expand(ret, i * 4) == NULL) - goto err; - - j = BN_DEC_NUM - (i % BN_DEC_NUM); - if (j == BN_DEC_NUM) - j = 0; - l = 0; - while (--i >= 0) { - l *= 10; - l += *a - '0'; - a++; - if (++j == BN_DEC_NUM) { - BN_mul_word(ret, BN_DEC_CONV); - BN_add_word(ret, l); - l = 0; - j = 0; - } - } - - bn_correct_top(ret); - *bn = ret; - bn_check_top(ret); - /* Don't set the negative flag if it's zero. */ - if (ret->top != 0) - ret->neg = neg; - return (num); - err: - if (*bn == NULL) - BN_free(ret); - return (0); -} - -int BN_asc2bn(BIGNUM **bn, const char *a) -{ - const char *p = a; - - if (*p == '-') - p++; - - if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x')) { - if (!BN_hex2bn(bn, p + 2)) - return 0; - } else { - if (!BN_dec2bn(bn, p)) - return 0; - } - /* Don't set the negative flag if it's zero. */ - if (*a == '-' && (*bn)->top != 0) - (*bn)->neg = 1; - return 1; -} - -#ifndef OPENSSL_NO_BIO -# ifndef OPENSSL_NO_FP_API -int BN_print_fp(FILE *fp, const BIGNUM *a) -{ - BIO *b; - int ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) - return (0); - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = BN_print(b, a); - BIO_free(b); - return (ret); -} -# endif - -int BN_print(BIO *bp, const BIGNUM *a) -{ - int i, j, v, z = 0; - int ret = 0; - - if ((a->neg) && (BIO_write(bp, "-", 1) != 1)) - goto end; - if (BN_is_zero(a) && (BIO_write(bp, "0", 1) != 1)) - goto end; - for (i = a->top - 1; i >= 0; i--) { - for (j = BN_BITS2 - 4; j >= 0; j -= 4) { - /* strip leading zeros */ - v = ((int)(a->d[i] >> (long)j)) & 0x0f; - if (z || (v != 0)) { - if (BIO_write(bp, &(Hex[v]), 1) != 1) - goto end; - z = 1; - } - } - } - ret = 1; - end: - return (ret); -} -#endif - -char *BN_options(void) -{ - static int init = 0; - static char data[16]; - - if (!init) { - init++; -#ifdef BN_LLONG - BIO_snprintf(data, sizeof data, "bn(%d,%d)", - (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8); -#else - BIO_snprintf(data, sizeof data, "bn(%d,%d)", - (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8); -#endif - } - return (data); -} diff --git a/thirdparty/openssl/crypto/bn/bn_rand.c b/thirdparty/openssl/crypto/bn/bn_rand.c deleted file mode 100644 index 60d3f2260b..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_rand.c +++ /dev/null @@ -1,294 +0,0 @@ -/* crypto/bn/bn_rand.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include <time.h> -#include "cryptlib.h" -#include "bn_lcl.h" -#include <openssl/rand.h> - -static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) -{ - unsigned char *buf = NULL; - int ret = 0, bit, bytes, mask; - time_t tim; - - if (bits == 0) { - if (top != -1 || bottom != 0) - goto toosmall; - BN_zero(rnd); - return 1; - } - if (bits < 0 || (bits == 1 && top > 0)) - goto toosmall; - - bytes = (bits + 7) / 8; - bit = (bits - 1) % 8; - mask = 0xff << (bit + 1); - - buf = (unsigned char *)OPENSSL_malloc(bytes); - if (buf == NULL) { - BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* make a random number and set the top and bottom bits */ - time(&tim); - RAND_add(&tim, sizeof(tim), 0.0); - - /* We ignore the value of pseudorand and always call RAND_bytes */ - if (RAND_bytes(buf, bytes) <= 0) - goto err; - -#if 1 - if (pseudorand == 2) { - /* - * generate patterns that are more likely to trigger BN library bugs - */ - int i; - unsigned char c; - - for (i = 0; i < bytes; i++) { - if (RAND_pseudo_bytes(&c, 1) < 0) - goto err; - if (c >= 128 && i > 0) - buf[i] = buf[i - 1]; - else if (c < 42) - buf[i] = 0; - else if (c < 84) - buf[i] = 255; - } - } -#endif - - if (top >= 0) { - if (top) { - if (bit == 0) { - buf[0] = 1; - buf[1] |= 0x80; - } else { - buf[0] |= (3 << (bit - 1)); - } - } else { - buf[0] |= (1 << bit); - } - } - buf[0] &= ~mask; - if (bottom) /* set bottom bit if requested */ - buf[bytes - 1] |= 1; - if (!BN_bin2bn(buf, bytes, rnd)) - goto err; - ret = 1; - err: - if (buf != NULL) { - OPENSSL_cleanse(buf, bytes); - OPENSSL_free(buf); - } - bn_check_top(rnd); - return (ret); - -toosmall: - BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL); - return 0; -} - -int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) -{ - return bnrand(0, rnd, bits, top, bottom); -} - -int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) -{ - return bnrand(1, rnd, bits, top, bottom); -} - -#if 1 -int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) -{ - return bnrand(2, rnd, bits, top, bottom); -} -#endif - -/* random number r: 0 <= r < range */ -static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) -{ - int (*bn_rand) (BIGNUM *, int, int, int) = - pseudo ? BN_pseudo_rand : BN_rand; - int n; - int count = 100; - - if (range->neg || BN_is_zero(range)) { - BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); - return 0; - } - - n = BN_num_bits(range); /* n > 0 */ - - /* BN_is_bit_set(range, n - 1) always holds */ - - if (n == 1) - BN_zero(r); - else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) { - /* - * range = 100..._2, so 3*range (= 11..._2) is exactly one bit longer - * than range - */ - do { - if (!bn_rand(r, n + 1, -1, 0)) - return 0; - /* - * If r < 3*range, use r := r MOD range (which is either r, r - - * range, or r - 2*range). Otherwise, iterate once more. Since - * 3*range = 11..._2, each iteration succeeds with probability >= - * .75. - */ - if (BN_cmp(r, range) >= 0) { - if (!BN_sub(r, r, range)) - return 0; - if (BN_cmp(r, range) >= 0) - if (!BN_sub(r, r, range)) - return 0; - } - - if (!--count) { - BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); - return 0; - } - - } - while (BN_cmp(r, range) >= 0); - } else { - do { - /* range = 11..._2 or range = 101..._2 */ - if (!bn_rand(r, n, -1, 0)) - return 0; - - if (!--count) { - BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); - return 0; - } - } - while (BN_cmp(r, range) >= 0); - } - - bn_check_top(r); - return 1; -} - -int BN_rand_range(BIGNUM *r, const BIGNUM *range) -{ - return bn_rand_range(0, r, range); -} - -int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) -{ - return bn_rand_range(1, r, range); -} diff --git a/thirdparty/openssl/crypto/bn/bn_recp.c b/thirdparty/openssl/crypto/bn/bn_recp.c deleted file mode 100644 index f047040efe..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_recp.c +++ /dev/null @@ -1,252 +0,0 @@ -/* crypto/bn/bn_recp.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -void BN_RECP_CTX_init(BN_RECP_CTX *recp) -{ - BN_init(&(recp->N)); - BN_init(&(recp->Nr)); - recp->num_bits = 0; - recp->shift = 0; - recp->flags = 0; -} - -BN_RECP_CTX *BN_RECP_CTX_new(void) -{ - BN_RECP_CTX *ret; - - if ((ret = (BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL) - return (NULL); - - BN_RECP_CTX_init(ret); - ret->flags = BN_FLG_MALLOCED; - return (ret); -} - -void BN_RECP_CTX_free(BN_RECP_CTX *recp) -{ - if (recp == NULL) - return; - - BN_free(&(recp->N)); - BN_free(&(recp->Nr)); - if (recp->flags & BN_FLG_MALLOCED) - OPENSSL_free(recp); -} - -int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx) -{ - if (!BN_copy(&(recp->N), d)) - return 0; - BN_zero(&(recp->Nr)); - recp->num_bits = BN_num_bits(d); - recp->shift = 0; - return (1); -} - -int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, - BN_RECP_CTX *recp, BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *a; - const BIGNUM *ca; - - BN_CTX_start(ctx); - if ((a = BN_CTX_get(ctx)) == NULL) - goto err; - if (y != NULL) { - if (x == y) { - if (!BN_sqr(a, x, ctx)) - goto err; - } else { - if (!BN_mul(a, x, y, ctx)) - goto err; - } - ca = a; - } else - ca = x; /* Just do the mod */ - - ret = BN_div_recp(NULL, r, ca, recp, ctx); - err: - BN_CTX_end(ctx); - bn_check_top(r); - return (ret); -} - -int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, - BN_RECP_CTX *recp, BN_CTX *ctx) -{ - int i, j, ret = 0; - BIGNUM *a, *b, *d, *r; - - BN_CTX_start(ctx); - a = BN_CTX_get(ctx); - b = BN_CTX_get(ctx); - if (dv != NULL) - d = dv; - else - d = BN_CTX_get(ctx); - if (rem != NULL) - r = rem; - else - r = BN_CTX_get(ctx); - if (a == NULL || b == NULL || d == NULL || r == NULL) - goto err; - - if (BN_ucmp(m, &(recp->N)) < 0) { - BN_zero(d); - if (!BN_copy(r, m)) { - BN_CTX_end(ctx); - return 0; - } - BN_CTX_end(ctx); - return (1); - } - - /* - * We want the remainder Given input of ABCDEF / ab we need multiply - * ABCDEF by 3 digests of the reciprocal of ab - */ - - /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */ - i = BN_num_bits(m); - j = recp->num_bits << 1; - if (j > i) - i = j; - - /* Nr := round(2^i / N) */ - if (i != recp->shift) - recp->shift = BN_reciprocal(&(recp->Nr), &(recp->N), i, ctx); - /* BN_reciprocal could have returned -1 for an error */ - if (recp->shift == -1) - goto err; - - /*- - * d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))| - * = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))| - * <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)| - * = |m/N| - */ - if (!BN_rshift(a, m, recp->num_bits)) - goto err; - if (!BN_mul(b, a, &(recp->Nr), ctx)) - goto err; - if (!BN_rshift(d, b, i - recp->num_bits)) - goto err; - d->neg = 0; - - if (!BN_mul(b, &(recp->N), d, ctx)) - goto err; - if (!BN_usub(r, m, b)) - goto err; - r->neg = 0; - -#if 1 - j = 0; - while (BN_ucmp(r, &(recp->N)) >= 0) { - if (j++ > 2) { - BNerr(BN_F_BN_DIV_RECP, BN_R_BAD_RECIPROCAL); - goto err; - } - if (!BN_usub(r, r, &(recp->N))) - goto err; - if (!BN_add_word(d, 1)) - goto err; - } -#endif - - r->neg = BN_is_zero(r) ? 0 : m->neg; - d->neg = m->neg ^ recp->N.neg; - ret = 1; - err: - BN_CTX_end(ctx); - bn_check_top(dv); - bn_check_top(rem); - return (ret); -} - -/* - * len is the expected size of the result We actually calculate with an extra - * word of precision, so we can do faster division if the remainder is not - * required. - */ -/* r := 2^len / m */ -int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx) -{ - int ret = -1; - BIGNUM *t; - - BN_CTX_start(ctx); - if ((t = BN_CTX_get(ctx)) == NULL) - goto err; - - if (!BN_set_bit(t, len)) - goto err; - - if (!BN_div(r, NULL, t, m, ctx)) - goto err; - - ret = len; - err: - bn_check_top(r); - BN_CTX_end(ctx); - return (ret); -} diff --git a/thirdparty/openssl/crypto/bn/bn_shift.c b/thirdparty/openssl/crypto/bn/bn_shift.c deleted file mode 100644 index 9673d9a306..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_shift.c +++ /dev/null @@ -1,224 +0,0 @@ -/* crypto/bn/bn_shift.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -int BN_lshift1(BIGNUM *r, const BIGNUM *a) -{ - register BN_ULONG *ap, *rp, t, c; - int i; - - bn_check_top(r); - bn_check_top(a); - - if (r != a) { - r->neg = a->neg; - if (bn_wexpand(r, a->top + 1) == NULL) - return (0); - r->top = a->top; - } else { - if (bn_wexpand(r, a->top + 1) == NULL) - return (0); - } - ap = a->d; - rp = r->d; - c = 0; - for (i = 0; i < a->top; i++) { - t = *(ap++); - *(rp++) = ((t << 1) | c) & BN_MASK2; - c = (t & BN_TBIT) ? 1 : 0; - } - if (c) { - *rp = 1; - r->top++; - } - bn_check_top(r); - return (1); -} - -int BN_rshift1(BIGNUM *r, const BIGNUM *a) -{ - BN_ULONG *ap, *rp, t, c; - int i, j; - - bn_check_top(r); - bn_check_top(a); - - if (BN_is_zero(a)) { - BN_zero(r); - return (1); - } - i = a->top; - ap = a->d; - j = i - (ap[i - 1] == 1); - if (a != r) { - if (bn_wexpand(r, j) == NULL) - return (0); - r->neg = a->neg; - } - rp = r->d; - t = ap[--i]; - c = (t & 1) ? BN_TBIT : 0; - if (t >>= 1) - rp[i] = t; - while (i > 0) { - t = ap[--i]; - rp[i] = ((t >> 1) & BN_MASK2) | c; - c = (t & 1) ? BN_TBIT : 0; - } - r->top = j; - bn_check_top(r); - return (1); -} - -int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) -{ - int i, nw, lb, rb; - BN_ULONG *t, *f; - BN_ULONG l; - - bn_check_top(r); - bn_check_top(a); - - if (n < 0) { - BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT); - return 0; - } - - r->neg = a->neg; - nw = n / BN_BITS2; - if (bn_wexpand(r, a->top + nw + 1) == NULL) - return (0); - lb = n % BN_BITS2; - rb = BN_BITS2 - lb; - f = a->d; - t = r->d; - t[a->top + nw] = 0; - if (lb == 0) - for (i = a->top - 1; i >= 0; i--) - t[nw + i] = f[i]; - else - for (i = a->top - 1; i >= 0; i--) { - l = f[i]; - t[nw + i + 1] |= (l >> rb) & BN_MASK2; - t[nw + i] = (l << lb) & BN_MASK2; - } - memset(t, 0, nw * sizeof(t[0])); - /* - * for (i=0; i<nw; i++) t[i]=0; - */ - r->top = a->top + nw + 1; - bn_correct_top(r); - bn_check_top(r); - return (1); -} - -int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) -{ - int i, j, nw, lb, rb; - BN_ULONG *t, *f; - BN_ULONG l, tmp; - - bn_check_top(r); - bn_check_top(a); - - if (n < 0) { - BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT); - return 0; - } - - nw = n / BN_BITS2; - rb = n % BN_BITS2; - lb = BN_BITS2 - rb; - if (nw >= a->top || a->top == 0) { - BN_zero(r); - return (1); - } - i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2; - if (r != a) { - r->neg = a->neg; - if (bn_wexpand(r, i) == NULL) - return (0); - } else { - if (n == 0) - return 1; /* or the copying loop will go berserk */ - } - - f = &(a->d[nw]); - t = r->d; - j = a->top - nw; - r->top = i; - - if (rb == 0) { - for (i = j; i != 0; i--) - *(t++) = *(f++); - } else { - l = *(f++); - for (i = j - 1; i != 0; i--) { - tmp = (l >> rb) & BN_MASK2; - l = *(f++); - *(t++) = (tmp | (l << lb)) & BN_MASK2; - } - if ((l = (l >> rb) & BN_MASK2)) - *(t) = l; - } - bn_check_top(r); - return (1); -} diff --git a/thirdparty/openssl/crypto/bn/bn_sqr.c b/thirdparty/openssl/crypto/bn/bn_sqr.c deleted file mode 100644 index 256d26e8db..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_sqr.c +++ /dev/null @@ -1,291 +0,0 @@ -/* crypto/bn/bn_sqr.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -/* r must not be a */ -/* - * I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 - */ -int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) -{ - int max, al; - int ret = 0; - BIGNUM *tmp, *rr; - -#ifdef BN_COUNT - fprintf(stderr, "BN_sqr %d * %d\n", a->top, a->top); -#endif - bn_check_top(a); - - al = a->top; - if (al <= 0) { - r->top = 0; - r->neg = 0; - return 1; - } - - BN_CTX_start(ctx); - rr = (a != r) ? r : BN_CTX_get(ctx); - tmp = BN_CTX_get(ctx); - if (!rr || !tmp) - goto err; - - max = 2 * al; /* Non-zero (from above) */ - if (bn_wexpand(rr, max) == NULL) - goto err; - - if (al == 4) { -#ifndef BN_SQR_COMBA - BN_ULONG t[8]; - bn_sqr_normal(rr->d, a->d, 4, t); -#else - bn_sqr_comba4(rr->d, a->d); -#endif - } else if (al == 8) { -#ifndef BN_SQR_COMBA - BN_ULONG t[16]; - bn_sqr_normal(rr->d, a->d, 8, t); -#else - bn_sqr_comba8(rr->d, a->d); -#endif - } else { -#if defined(BN_RECURSION) - if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) { - BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL * 2]; - bn_sqr_normal(rr->d, a->d, al, t); - } else { - int j, k; - - j = BN_num_bits_word((BN_ULONG)al); - j = 1 << (j - 1); - k = j + j; - if (al == j) { - if (bn_wexpand(tmp, k * 2) == NULL) - goto err; - bn_sqr_recursive(rr->d, a->d, al, tmp->d); - } else { - if (bn_wexpand(tmp, max) == NULL) - goto err; - bn_sqr_normal(rr->d, a->d, al, tmp->d); - } - } -#else - if (bn_wexpand(tmp, max) == NULL) - goto err; - bn_sqr_normal(rr->d, a->d, al, tmp->d); -#endif - } - - rr->neg = 0; - /* - * If the most-significant half of the top word of 'a' is zero, then the - * square of 'a' will max-1 words. - */ - if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l)) - rr->top = max - 1; - else - rr->top = max; - if (r != rr && BN_copy(r, rr) == NULL) - goto err; - - ret = 1; - err: - bn_check_top(rr); - bn_check_top(tmp); - BN_CTX_end(ctx); - return (ret); -} - -/* tmp must have 2*n words */ -void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp) -{ - int i, j, max; - const BN_ULONG *ap; - BN_ULONG *rp; - - max = n * 2; - ap = a; - rp = r; - rp[0] = rp[max - 1] = 0; - rp++; - j = n; - - if (--j > 0) { - ap++; - rp[j] = bn_mul_words(rp, ap, j, ap[-1]); - rp += 2; - } - - for (i = n - 2; i > 0; i--) { - j--; - ap++; - rp[j] = bn_mul_add_words(rp, ap, j, ap[-1]); - rp += 2; - } - - bn_add_words(r, r, r, max); - - /* There will not be a carry */ - - bn_sqr_words(tmp, a, n); - - bn_add_words(r, r, tmp, max); -} - -#ifdef BN_RECURSION -/*- - * r is 2*n words in size, - * a and b are both n words in size. (There's not actually a 'b' here ...) - * n must be a power of 2. - * We multiply and return the result. - * t must be 2*n words in size - * We calculate - * a[0]*b[0] - * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) - * a[1]*b[1] - */ -void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) -{ - int n = n2 / 2; - int zero, c1; - BN_ULONG ln, lo, *p; - -# ifdef BN_COUNT - fprintf(stderr, " bn_sqr_recursive %d * %d\n", n2, n2); -# endif - if (n2 == 4) { -# ifndef BN_SQR_COMBA - bn_sqr_normal(r, a, 4, t); -# else - bn_sqr_comba4(r, a); -# endif - return; - } else if (n2 == 8) { -# ifndef BN_SQR_COMBA - bn_sqr_normal(r, a, 8, t); -# else - bn_sqr_comba8(r, a); -# endif - return; - } - if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) { - bn_sqr_normal(r, a, n2, t); - return; - } - /* r=(a[0]-a[1])*(a[1]-a[0]) */ - c1 = bn_cmp_words(a, &(a[n]), n); - zero = 0; - if (c1 > 0) - bn_sub_words(t, a, &(a[n]), n); - else if (c1 < 0) - bn_sub_words(t, &(a[n]), a, n); - else - zero = 1; - - /* The result will always be negative unless it is zero */ - p = &(t[n2 * 2]); - - if (!zero) - bn_sqr_recursive(&(t[n2]), t, n, p); - else - memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); - bn_sqr_recursive(r, a, n, p); - bn_sqr_recursive(&(r[n2]), &(a[n]), n, p); - - /*- - * t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - */ - - c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); - - /* t[32] is negative */ - c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); - - /*- - * t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1]) - * r[10] holds (a[0]*a[0]) - * r[32] holds (a[1]*a[1]) - * c1 holds the carry bits - */ - c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); - if (c1) { - p = &(r[n + n2]); - lo = *p; - ln = (lo + c1) & BN_MASK2; - *p = ln; - - /* - * The overflow will stop before we over write words we should not - * overwrite - */ - if (ln < (BN_ULONG)c1) { - do { - p++; - lo = *p; - ln = (lo + 1) & BN_MASK2; - *p = ln; - } while (ln == 0); - } - } -} -#endif diff --git a/thirdparty/openssl/crypto/bn/bn_sqrt.c b/thirdparty/openssl/crypto/bn/bn_sqrt.c deleted file mode 100644 index 232af99a21..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_sqrt.c +++ /dev/null @@ -1,409 +0,0 @@ -/* crypto/bn/bn_sqrt.c */ -/* - * Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> and Bodo - * Moeller for the OpenSSL project. - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "cryptlib.h" -#include "bn_lcl.h" - -BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) -/* - * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks - * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number - * Theory", algorithm 1.5.1). 'p' must be prime! - */ -{ - BIGNUM *ret = in; - int err = 1; - int r; - BIGNUM *A, *b, *q, *t, *x, *y; - int e, i, j; - - if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) { - if (BN_abs_is_word(p, 2)) { - if (ret == NULL) - ret = BN_new(); - if (ret == NULL) - goto end; - if (!BN_set_word(ret, BN_is_bit_set(a, 0))) { - if (ret != in) - BN_free(ret); - return NULL; - } - bn_check_top(ret); - return ret; - } - - BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); - return (NULL); - } - - if (BN_is_zero(a) || BN_is_one(a)) { - if (ret == NULL) - ret = BN_new(); - if (ret == NULL) - goto end; - if (!BN_set_word(ret, BN_is_one(a))) { - if (ret != in) - BN_free(ret); - return NULL; - } - bn_check_top(ret); - return ret; - } - - BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - b = BN_CTX_get(ctx); - q = BN_CTX_get(ctx); - t = BN_CTX_get(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (y == NULL) - goto end; - - if (ret == NULL) - ret = BN_new(); - if (ret == NULL) - goto end; - - /* A = a mod p */ - if (!BN_nnmod(A, a, p, ctx)) - goto end; - - /* now write |p| - 1 as 2^e*q where q is odd */ - e = 1; - while (!BN_is_bit_set(p, e)) - e++; - /* we'll set q later (if needed) */ - - if (e == 1) { - /*- - * The easy case: (|p|-1)/2 is odd, so 2 has an inverse - * modulo (|p|-1)/2, and square roots can be computed - * directly by modular exponentiation. - * We have - * 2 * (|p|+1)/4 == 1 (mod (|p|-1)/2), - * so we can use exponent (|p|+1)/4, i.e. (|p|-3)/4 + 1. - */ - if (!BN_rshift(q, p, 2)) - goto end; - q->neg = 0; - if (!BN_add_word(q, 1)) - goto end; - if (!BN_mod_exp(ret, A, q, p, ctx)) - goto end; - err = 0; - goto vrfy; - } - - if (e == 2) { - /*- - * |p| == 5 (mod 8) - * - * In this case 2 is always a non-square since - * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime. - * So if a really is a square, then 2*a is a non-square. - * Thus for - * b := (2*a)^((|p|-5)/8), - * i := (2*a)*b^2 - * we have - * i^2 = (2*a)^((1 + (|p|-5)/4)*2) - * = (2*a)^((p-1)/2) - * = -1; - * so if we set - * x := a*b*(i-1), - * then - * x^2 = a^2 * b^2 * (i^2 - 2*i + 1) - * = a^2 * b^2 * (-2*i) - * = a*(-i)*(2*a*b^2) - * = a*(-i)*i - * = a. - * - * (This is due to A.O.L. Atkin, - * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>, - * November 1992.) - */ - - /* t := 2*a */ - if (!BN_mod_lshift1_quick(t, A, p)) - goto end; - - /* b := (2*a)^((|p|-5)/8) */ - if (!BN_rshift(q, p, 3)) - goto end; - q->neg = 0; - if (!BN_mod_exp(b, t, q, p, ctx)) - goto end; - - /* y := b^2 */ - if (!BN_mod_sqr(y, b, p, ctx)) - goto end; - - /* t := (2*a)*b^2 - 1 */ - if (!BN_mod_mul(t, t, y, p, ctx)) - goto end; - if (!BN_sub_word(t, 1)) - goto end; - - /* x = a*b*t */ - if (!BN_mod_mul(x, A, b, p, ctx)) - goto end; - if (!BN_mod_mul(x, x, t, p, ctx)) - goto end; - - if (!BN_copy(ret, x)) - goto end; - err = 0; - goto vrfy; - } - - /* - * e > 2, so we really have to use the Tonelli/Shanks algorithm. First, - * find some y that is not a square. - */ - if (!BN_copy(q, p)) - goto end; /* use 'q' as temp */ - q->neg = 0; - i = 2; - do { - /* - * For efficiency, try small numbers first; if this fails, try random - * numbers. - */ - if (i < 22) { - if (!BN_set_word(y, i)) - goto end; - } else { - if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) - goto end; - if (BN_ucmp(y, p) >= 0) { - if (!(p->neg ? BN_add : BN_sub) (y, y, p)) - goto end; - } - /* now 0 <= y < |p| */ - if (BN_is_zero(y)) - if (!BN_set_word(y, i)) - goto end; - } - - r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */ - if (r < -1) - goto end; - if (r == 0) { - /* m divides p */ - BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); - goto end; - } - } - while (r == 1 && ++i < 82); - - if (r != -1) { - /* - * Many rounds and still no non-square -- this is more likely a bug - * than just bad luck. Even if p is not prime, we should have found - * some y such that r == -1. - */ - BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS); - goto end; - } - - /* Here's our actual 'q': */ - if (!BN_rshift(q, q, e)) - goto end; - - /* - * Now that we have some non-square, we can find an element of order 2^e - * by computing its q'th power. - */ - if (!BN_mod_exp(y, y, q, p, ctx)) - goto end; - if (BN_is_one(y)) { - BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); - goto end; - } - - /*- - * Now we know that (if p is indeed prime) there is an integer - * k, 0 <= k < 2^e, such that - * - * a^q * y^k == 1 (mod p). - * - * As a^q is a square and y is not, k must be even. - * q+1 is even, too, so there is an element - * - * X := a^((q+1)/2) * y^(k/2), - * - * and it satisfies - * - * X^2 = a^q * a * y^k - * = a, - * - * so it is the square root that we are looking for. - */ - - /* t := (q-1)/2 (note that q is odd) */ - if (!BN_rshift1(t, q)) - goto end; - - /* x := a^((q-1)/2) */ - if (BN_is_zero(t)) { /* special case: p = 2^e + 1 */ - if (!BN_nnmod(t, A, p, ctx)) - goto end; - if (BN_is_zero(t)) { - /* special case: a == 0 (mod p) */ - BN_zero(ret); - err = 0; - goto end; - } else if (!BN_one(x)) - goto end; - } else { - if (!BN_mod_exp(x, A, t, p, ctx)) - goto end; - if (BN_is_zero(x)) { - /* special case: a == 0 (mod p) */ - BN_zero(ret); - err = 0; - goto end; - } - } - - /* b := a*x^2 (= a^q) */ - if (!BN_mod_sqr(b, x, p, ctx)) - goto end; - if (!BN_mod_mul(b, b, A, p, ctx)) - goto end; - - /* x := a*x (= a^((q+1)/2)) */ - if (!BN_mod_mul(x, x, A, p, ctx)) - goto end; - - while (1) { - /*- - * Now b is a^q * y^k for some even k (0 <= k < 2^E - * where E refers to the original value of e, which we - * don't keep in a variable), and x is a^((q+1)/2) * y^(k/2). - * - * We have a*b = x^2, - * y^2^(e-1) = -1, - * b^2^(e-1) = 1. - */ - - if (BN_is_one(b)) { - if (!BN_copy(ret, x)) - goto end; - err = 0; - goto vrfy; - } - - /* find smallest i such that b^(2^i) = 1 */ - i = 1; - if (!BN_mod_sqr(t, b, p, ctx)) - goto end; - while (!BN_is_one(t)) { - i++; - if (i == e) { - BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); - goto end; - } - if (!BN_mod_mul(t, t, t, p, ctx)) - goto end; - } - - /* t := y^2^(e - i - 1) */ - if (!BN_copy(t, y)) - goto end; - for (j = e - i - 1; j > 0; j--) { - if (!BN_mod_sqr(t, t, p, ctx)) - goto end; - } - if (!BN_mod_mul(y, t, t, p, ctx)) - goto end; - if (!BN_mod_mul(x, x, t, p, ctx)) - goto end; - if (!BN_mod_mul(b, b, y, p, ctx)) - goto end; - e = i; - } - - vrfy: - if (!err) { - /* - * verify the result -- the input might have been not a square (test - * added in 0.9.8) - */ - - if (!BN_mod_sqr(x, ret, p, ctx)) - err = 1; - - if (!err && 0 != BN_cmp(x, A)) { - BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); - err = 1; - } - } - - end: - if (err) { - if (ret != NULL && ret != in) { - BN_clear_free(ret); - } - ret = NULL; - } - BN_CTX_end(ctx); - bn_check_top(ret); - return ret; -} diff --git a/thirdparty/openssl/crypto/bn/bn_word.c b/thirdparty/openssl/crypto/bn/bn_word.c deleted file mode 100644 index 9b5f9cb98c..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_word.c +++ /dev/null @@ -1,249 +0,0 @@ -/* crypto/bn/bn_word.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) -{ -#ifndef BN_LLONG - BN_ULONG ret = 0; -#else - BN_ULLONG ret = 0; -#endif - int i; - - if (w == 0) - return (BN_ULONG)-1; - -#ifndef BN_LLONG - /* - * If |w| is too long and we don't have BN_ULLONG then we need to fall - * back to using BN_div_word - */ - if (w > ((BN_ULONG)1 << BN_BITS4)) { - BIGNUM *tmp = BN_dup(a); - if (tmp == NULL) - return (BN_ULONG)-1; - - ret = BN_div_word(tmp, w); - BN_free(tmp); - - return ret; - } -#endif - - bn_check_top(a); - w &= BN_MASK2; - for (i = a->top - 1; i >= 0; i--) { -#ifndef BN_LLONG - /* - * We can assume here that | w <= ((BN_ULONG)1 << BN_BITS4) | and so - * | ret < ((BN_ULONG)1 << BN_BITS4) | and therefore the shifts here are - * safe and will not overflow - */ - ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & BN_MASK2l)) % w; - ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w; -#else - ret = (BN_ULLONG) (((ret << (BN_ULLONG) BN_BITS2) | a->d[i]) % - (BN_ULLONG) w); -#endif - } - return ((BN_ULONG)ret); -} - -BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) -{ - BN_ULONG ret = 0; - int i, j; - - bn_check_top(a); - w &= BN_MASK2; - - if (!w) - /* actually this an error (division by zero) */ - return (BN_ULONG)-1; - if (a->top == 0) - return 0; - - /* normalize input (so bn_div_words doesn't complain) */ - j = BN_BITS2 - BN_num_bits_word(w); - w <<= j; - if (!BN_lshift(a, a, j)) - return (BN_ULONG)-1; - - for (i = a->top - 1; i >= 0; i--) { - BN_ULONG l, d; - - l = a->d[i]; - d = bn_div_words(ret, l, w); - ret = (l - ((d * w) & BN_MASK2)) & BN_MASK2; - a->d[i] = d; - } - if ((a->top > 0) && (a->d[a->top - 1] == 0)) - a->top--; - ret >>= j; - bn_check_top(a); - return (ret); -} - -int BN_add_word(BIGNUM *a, BN_ULONG w) -{ - BN_ULONG l; - int i; - - bn_check_top(a); - w &= BN_MASK2; - - /* degenerate case: w is zero */ - if (!w) - return 1; - /* degenerate case: a is zero */ - if (BN_is_zero(a)) - return BN_set_word(a, w); - /* handle 'a' when negative */ - if (a->neg) { - a->neg = 0; - i = BN_sub_word(a, w); - if (!BN_is_zero(a)) - a->neg = !(a->neg); - return (i); - } - for (i = 0; w != 0 && i < a->top; i++) { - a->d[i] = l = (a->d[i] + w) & BN_MASK2; - w = (w > l) ? 1 : 0; - } - if (w && i == a->top) { - if (bn_wexpand(a, a->top + 1) == NULL) - return 0; - a->top++; - a->d[i] = w; - } - bn_check_top(a); - return (1); -} - -int BN_sub_word(BIGNUM *a, BN_ULONG w) -{ - int i; - - bn_check_top(a); - w &= BN_MASK2; - - /* degenerate case: w is zero */ - if (!w) - return 1; - /* degenerate case: a is zero */ - if (BN_is_zero(a)) { - i = BN_set_word(a, w); - if (i != 0) - BN_set_negative(a, 1); - return i; - } - /* handle 'a' when negative */ - if (a->neg) { - a->neg = 0; - i = BN_add_word(a, w); - a->neg = 1; - return (i); - } - - if ((a->top == 1) && (a->d[0] < w)) { - a->d[0] = w - a->d[0]; - a->neg = 1; - return (1); - } - i = 0; - for (;;) { - if (a->d[i] >= w) { - a->d[i] -= w; - break; - } else { - a->d[i] = (a->d[i] - w) & BN_MASK2; - i++; - w = 1; - } - } - if ((a->d[i] == 0) && (i == (a->top - 1))) - a->top--; - bn_check_top(a); - return (1); -} - -int BN_mul_word(BIGNUM *a, BN_ULONG w) -{ - BN_ULONG ll; - - bn_check_top(a); - w &= BN_MASK2; - if (a->top) { - if (w == 0) - BN_zero(a); - else { - ll = bn_mul_words(a->d, a->d, a->top, w); - if (ll) { - if (bn_wexpand(a, a->top + 1) == NULL) - return (0); - a->d[a->top++] = ll; - } - } - } - bn_check_top(a); - return (1); -} diff --git a/thirdparty/openssl/crypto/bn/bn_x931p.c b/thirdparty/openssl/crypto/bn/bn_x931p.c deleted file mode 100644 index efa48bdf87..0000000000 --- a/thirdparty/openssl/crypto/bn/bn_x931p.c +++ /dev/null @@ -1,277 +0,0 @@ -/* bn_x931p.c */ -/* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2005. - */ -/* ==================================================================== - * Copyright (c) 2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include <openssl/bn.h> - -/* X9.31 routines for prime derivation */ - -/* - * X9.31 prime derivation. This is used to generate the primes pi (p1, p2, - * q1, q2) from a parameter Xpi by checking successive odd integers. - */ - -static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, - BN_GENCB *cb) -{ - int i = 0; - if (!BN_copy(pi, Xpi)) - return 0; - if (!BN_is_odd(pi) && !BN_add_word(pi, 1)) - return 0; - for (;;) { - i++; - BN_GENCB_call(cb, 0, i); - /* NB 27 MR is specificed in X9.31 */ - if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb)) - break; - if (!BN_add_word(pi, 2)) - return 0; - } - BN_GENCB_call(cb, 2, i); - return 1; -} - -/* - * This is the main X9.31 prime derivation function. From parameters Xp1, Xp2 - * and Xp derive the prime p. If the parameters p1 or p2 are not NULL they - * will be returned too: this is needed for testing. - */ - -int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, - const BIGNUM *Xp, const BIGNUM *Xp1, - const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, - BN_GENCB *cb) -{ - int ret = 0; - - BIGNUM *t, *p1p2, *pm1; - - /* Only even e supported */ - if (!BN_is_odd(e)) - return 0; - - BN_CTX_start(ctx); - if (!p1) - p1 = BN_CTX_get(ctx); - - if (!p2) - p2 = BN_CTX_get(ctx); - - t = BN_CTX_get(ctx); - - p1p2 = BN_CTX_get(ctx); - - pm1 = BN_CTX_get(ctx); - - if (!bn_x931_derive_pi(p1, Xp1, ctx, cb)) - goto err; - - if (!bn_x931_derive_pi(p2, Xp2, ctx, cb)) - goto err; - - if (!BN_mul(p1p2, p1, p2, ctx)) - goto err; - - /* First set p to value of Rp */ - - if (!BN_mod_inverse(p, p2, p1, ctx)) - goto err; - - if (!BN_mul(p, p, p2, ctx)) - goto err; - - if (!BN_mod_inverse(t, p1, p2, ctx)) - goto err; - - if (!BN_mul(t, t, p1, ctx)) - goto err; - - if (!BN_sub(p, p, t)) - goto err; - - if (p->neg && !BN_add(p, p, p1p2)) - goto err; - - /* p now equals Rp */ - - if (!BN_mod_sub(p, p, Xp, p1p2, ctx)) - goto err; - - if (!BN_add(p, p, Xp)) - goto err; - - /* p now equals Yp0 */ - - for (;;) { - int i = 1; - BN_GENCB_call(cb, 0, i++); - if (!BN_copy(pm1, p)) - goto err; - if (!BN_sub_word(pm1, 1)) - goto err; - if (!BN_gcd(t, pm1, e, ctx)) - goto err; - if (BN_is_one(t) - /* - * X9.31 specifies 8 MR and 1 Lucas test or any prime test - * offering similar or better guarantees 50 MR is considerably - * better. - */ - && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb)) - break; - if (!BN_add(p, p, p1p2)) - goto err; - } - - BN_GENCB_call(cb, 3, 0); - - ret = 1; - - err: - - BN_CTX_end(ctx); - - return ret; -} - -/* - * Generate pair of paramters Xp, Xq for X9.31 prime generation. Note: nbits - * paramter is sum of number of bits in both. - */ - -int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) -{ - BIGNUM *t; - int i; - /* - * Number of bits for each prime is of the form 512+128s for s = 0, 1, - * ... - */ - if ((nbits < 1024) || (nbits & 0xff)) - return 0; - nbits >>= 1; - /* - * The random value Xp must be between sqrt(2) * 2^(nbits-1) and 2^nbits - * - 1. By setting the top two bits we ensure that the lower bound is - * exceeded. - */ - if (!BN_rand(Xp, nbits, 1, 0)) - goto err; - - BN_CTX_start(ctx); - t = BN_CTX_get(ctx); - - for (i = 0; i < 1000; i++) { - if (!BN_rand(Xq, nbits, 1, 0)) - goto err; - /* Check that |Xp - Xq| > 2^(nbits - 100) */ - BN_sub(t, Xp, Xq); - if (BN_num_bits(t) > (nbits - 100)) - break; - } - - BN_CTX_end(ctx); - - if (i < 1000) - return 1; - - return 0; - - err: - BN_CTX_end(ctx); - return 0; -} - -/* - * Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1 and - * Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL the - * relevant parameter will be stored in it. Due to the fact that |Xp - Xq| > - * 2^(nbits - 100) must be satisfied Xp and Xq are generated using the - * previous function and supplied as input. - */ - -int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, - BIGNUM *Xp1, BIGNUM *Xp2, - const BIGNUM *Xp, - const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb) -{ - int ret = 0; - - BN_CTX_start(ctx); - if (!Xp1) - Xp1 = BN_CTX_get(ctx); - if (!Xp2) - Xp2 = BN_CTX_get(ctx); - - if (!BN_rand(Xp1, 101, 0, 0)) - goto error; - if (!BN_rand(Xp2, 101, 0, 0)) - goto error; - if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb)) - goto error; - - ret = 1; - - error: - BN_CTX_end(ctx); - - return ret; - -} diff --git a/thirdparty/openssl/crypto/bn/bnspeed.c b/thirdparty/openssl/crypto/bn/bnspeed.c deleted file mode 100644 index e387fdfbc2..0000000000 --- a/thirdparty/openssl/crypto/bn/bnspeed.c +++ /dev/null @@ -1,232 +0,0 @@ -/* unused */ - -/* crypto/bn/bnspeed.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* most of this code has been pilfered from my libdes speed.c program */ - -#define BASENUM 1000000 -#undef PROG -#define PROG bnspeed_main - -#include <stdio.h> -#include <stdlib.h> -#include <signal.h> -#include <string.h> -#include <openssl/crypto.h> -#include <openssl/err.h> - -#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX) -# define TIMES -#endif - -#ifndef _IRIX -# include <time.h> -#endif -#ifdef TIMES -# include <sys/types.h> -# include <sys/times.h> -#endif - -/* - * Depending on the VMS version, the tms structure is perhaps defined. The - * __TMS macro will show if it was. If it wasn't defined, we should undefine - * TIMES, since that tells the rest of the program how things should be - * handled. -- Richard Levitte - */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) -# undef TIMES -#endif - -#ifndef TIMES -# include <sys/timeb.h> -#endif - -#if defined(sun) || defined(__ultrix) -# define _POSIX_SOURCE -# include <limits.h> -# include <sys/param.h> -#endif - -#include <openssl/bn.h> -#include <openssl/x509.h> - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) -# endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) -# endif -#endif - -#undef BUFSIZE -#define BUFSIZE ((long)1024*8) -int run = 0; - -static double Time_F(int s); -#define START 0 -#define STOP 1 - -static double Time_F(int s) -{ - double ret; -#ifdef TIMES - static struct tms tstart, tend; - - if (s == START) { - times(&tstart); - return (0); - } else { - times(&tend); - ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ; - return ((ret < 1e-3) ? 1e-3 : ret); - } -#else /* !times() */ - static struct timeb tstart, tend; - long i; - - if (s == START) { - ftime(&tstart); - return (0); - } else { - ftime(&tend); - i = (long)tend.millitm - (long)tstart.millitm; - ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1000.0; - return ((ret < 0.001) ? 0.001 : ret); - } -#endif -} - -#define NUM_SIZES 5 -static int sizes[NUM_SIZES] = { 128, 256, 512, 1024, 2048 }; - -/* - * static int sizes[NUM_SIZES]={59,179,299,419,539}; - */ - -void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); - -int main(int argc, char **argv) -{ - BN_CTX *ctx; - BIGNUM a, b, c; - - ctx = BN_CTX_new(); - BN_init(&a); - BN_init(&b); - BN_init(&c); - - do_mul(&a, &b, &c, ctx); -} - -void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) -{ - int i, j, k; - double tm; - long num; - - for (i = 0; i < NUM_SIZES; i++) { - num = BASENUM; - if (i) - num /= (i * 3); - BN_rand(a, sizes[i], 1, 0); - for (j = i; j < NUM_SIZES; j++) { - BN_rand(b, sizes[j], 1, 0); - Time_F(START); - for (k = 0; k < num; k++) - BN_mul(r, b, a, ctx); - tm = Time_F(STOP); - printf("mul %4d x %4d -> %8.3fms\n", sizes[i], sizes[j], - tm * 1000.0 / num); - } - } - - for (i = 0; i < NUM_SIZES; i++) { - num = BASENUM; - if (i) - num /= (i * 3); - BN_rand(a, sizes[i], 1, 0); - Time_F(START); - for (k = 0; k < num; k++) - BN_sqr(r, a, ctx); - tm = Time_F(STOP); - printf("sqr %4d x %4d -> %8.3fms\n", sizes[i], sizes[i], - tm * 1000.0 / num); - } - - for (i = 0; i < NUM_SIZES; i++) { - num = BASENUM / 10; - if (i) - num /= (i * 3); - BN_rand(a, sizes[i] - 1, 1, 0); - for (j = i; j < NUM_SIZES; j++) { - BN_rand(b, sizes[j], 1, 0); - Time_F(START); - for (k = 0; k < 100000; k++) - BN_div(r, NULL, b, a, ctx); - tm = Time_F(STOP); - printf("div %4d / %4d -> %8.3fms\n", sizes[j], sizes[i] - 1, - tm * 1000.0 / num); - } - } -} diff --git a/thirdparty/openssl/crypto/bn/exp.c b/thirdparty/openssl/crypto/bn/exp.c deleted file mode 100644 index fbce28c5be..0000000000 --- a/thirdparty/openssl/crypto/bn/exp.c +++ /dev/null @@ -1,61 +0,0 @@ -/* unused */ - -#include <stdio.h> -#include <openssl/tmdiff.h> -#include "bn_lcl.h" - -#define SIZE 256 -#define NUM (8*8*8) -#define MOD (8*8*8*8*8) - -main(argc, argv) -int argc; -char *argv[]; -{ - BN_CTX ctx; - BIGNUM a, b, c, r, rr, t, l; - int j, i, size = SIZE, num = NUM, mod = MOD; - char *start, *end; - BN_MONT_CTX mont; - double d, md; - - BN_MONT_CTX_init(&mont); - BN_CTX_init(&ctx); - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&r); - - start = ms_time_new(); - end = ms_time_new(); - while (size <= 1024 * 8) { - BN_rand(&a, size, 0, 0); - BN_rand(&b, size, 1, 0); - BN_rand(&c, size, 0, 1); - - BN_mod(&a, &a, &c, &ctx); - - ms_time_get(start); - for (i = 0; i < 10; i++) - BN_MONT_CTX_set(&mont, &c, &ctx); - ms_time_get(end); - md = ms_time_diff(start, end); - - ms_time_get(start); - for (i = 0; i < num; i++) { - /* bn_mull(&r,&a,&b,&ctx); */ - /* BN_sqr(&r,&a,&ctx); */ - BN_mod_exp_mont(&r, &a, &b, &c, &ctx, &mont); - } - ms_time_get(end); - d = ms_time_diff(start, end) /* *50/33 */ ; - printf("%5d bit:%6.2f %6d %6.4f %4d m_set(%5.4f)\n", size, - d, num, d / num, (int)((d / num) * mod), md / 10.0); - num /= 8; - mod /= 8; - if (num <= 0) - num = 1; - size *= 2; - } - -} diff --git a/thirdparty/openssl/crypto/bn/expspeed.c b/thirdparty/openssl/crypto/bn/expspeed.c deleted file mode 100644 index 513a568a48..0000000000 --- a/thirdparty/openssl/crypto/bn/expspeed.c +++ /dev/null @@ -1,381 +0,0 @@ -/* unused */ - -/* crypto/bn/expspeed.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* most of this code has been pilfered from my libdes speed.c program */ - -#define BASENUM 5000 -#define NUM_START 0 - -/* - * determine timings for modexp, modmul, modsqr, gcd, Kronecker symbol, - * modular inverse, or modular square roots - */ -#define TEST_EXP -#undef TEST_MUL -#undef TEST_SQR -#undef TEST_GCD -#undef TEST_KRON -#undef TEST_INV -#undef TEST_SQRT -#define P_MOD_64 9 /* least significant 6 bits for prime to be - * used for BN_sqrt timings */ - -#if defined(TEST_EXP) + defined(TEST_MUL) + defined(TEST_SQR) + defined(TEST_GCD) + defined(TEST_KRON) + defined(TEST_INV) +defined(TEST_SQRT) != 1 -# error "choose one test" -#endif - -#if defined(TEST_INV) || defined(TEST_SQRT) -# define C_PRIME -static void genprime_cb(int p, int n, void *arg); -#endif - -#undef PROG -#define PROG bnspeed_main - -#include <stdio.h> -#include <stdlib.h> -#include <signal.h> -#include <string.h> -#include <openssl/crypto.h> -#include <openssl/err.h> -#include <openssl/rand.h> - -#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX) -# define TIMES -#endif - -#ifndef _IRIX -# include <time.h> -#endif -#ifdef TIMES -# include <sys/types.h> -# include <sys/times.h> -#endif - -/* - * Depending on the VMS version, the tms structure is perhaps defined. The - * __TMS macro will show if it was. If it wasn't defined, we should undefine - * TIMES, since that tells the rest of the program how things should be - * handled. -- Richard Levitte - */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) -# undef TIMES -#endif - -#ifndef TIMES -# include <sys/timeb.h> -#endif - -#if defined(sun) || defined(__ultrix) -# define _POSIX_SOURCE -# include <limits.h> -# include <sys/param.h> -#endif - -#include <openssl/bn.h> -#include <openssl/x509.h> - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) -# endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) -# endif -#endif - -#undef BUFSIZE -#define BUFSIZE ((long)1024*8) -int run = 0; - -static double Time_F(int s); -#define START 0 -#define STOP 1 - -static double Time_F(int s) -{ - double ret; -#ifdef TIMES - static struct tms tstart, tend; - - if (s == START) { - times(&tstart); - return (0); - } else { - times(&tend); - ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ; - return ((ret < 1e-3) ? 1e-3 : ret); - } -#else /* !times() */ - static struct timeb tstart, tend; - long i; - - if (s == START) { - ftime(&tstart); - return (0); - } else { - ftime(&tend); - i = (long)tend.millitm - (long)tstart.millitm; - ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1000.0; - return ((ret < 0.001) ? 0.001 : ret); - } -#endif -} - -#define NUM_SIZES 7 -#if NUM_START > NUM_SIZES -# error "NUM_START > NUM_SIZES" -#endif -static int sizes[NUM_SIZES] = { 128, 256, 512, 1024, 2048, 4096, 8192 }; - -static int mul_c[NUM_SIZES] = - { 8 * 8 * 8 * 8 * 8 * 8, 8 * 8 * 8 * 8 * 8, 8 * 8 * 8 * 8, 8 * 8 * 8, - 8 * 8, 8, 1 -}; - -/* - * static int sizes[NUM_SIZES]={59,179,299,419,539}; - */ - -#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof str); } - -void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx); - -int main(int argc, char **argv) -{ - BN_CTX *ctx; - BIGNUM *a, *b, *c, *r; - -#if 1 - if (!CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0)) - abort(); -#endif - - ctx = BN_CTX_new(); - a = BN_new(); - b = BN_new(); - c = BN_new(); - r = BN_new(); - - while (!RAND_status()) - /* not enough bits */ - RAND_SEED("I demand a manual recount!"); - - do_mul_exp(r, a, b, c, ctx); - return 0; -} - -void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx) -{ - int i, k; - double tm; - long num; - - num = BASENUM; - for (i = NUM_START; i < NUM_SIZES; i++) { -#ifdef C_PRIME -# ifdef TEST_SQRT - if (!BN_set_word(a, 64)) - goto err; - if (!BN_set_word(b, P_MOD_64)) - goto err; -# define ADD a -# define REM b -# else -# define ADD NULL -# define REM NULL -# endif - if (!BN_generate_prime(c, sizes[i], 0, ADD, REM, genprime_cb, NULL)) - goto err; - putc('\n', stderr); - fflush(stderr); -#endif - - for (k = 0; k < num; k++) { - if (k % 50 == 0) { /* Average over num/50 different choices of - * random numbers. */ - if (!BN_pseudo_rand(a, sizes[i], 1, 0)) - goto err; - - if (!BN_pseudo_rand(b, sizes[i], 1, 0)) - goto err; - -#ifndef C_PRIME - if (!BN_pseudo_rand(c, sizes[i], 1, 1)) - goto err; -#endif - -#ifdef TEST_SQRT - if (!BN_mod_sqr(a, a, c, ctx)) - goto err; - if (!BN_mod_sqr(b, b, c, ctx)) - goto err; -#else - if (!BN_nnmod(a, a, c, ctx)) - goto err; - if (!BN_nnmod(b, b, c, ctx)) - goto err; -#endif - - if (k == 0) - Time_F(START); - } -#if defined(TEST_EXP) - if (!BN_mod_exp(r, a, b, c, ctx)) - goto err; -#elif defined(TEST_MUL) - { - int i = 0; - for (i = 0; i < 50; i++) - if (!BN_mod_mul(r, a, b, c, ctx)) - goto err; - } -#elif defined(TEST_SQR) - { - int i = 0; - for (i = 0; i < 50; i++) { - if (!BN_mod_sqr(r, a, c, ctx)) - goto err; - if (!BN_mod_sqr(r, b, c, ctx)) - goto err; - } - } -#elif defined(TEST_GCD) - if (!BN_gcd(r, a, b, ctx)) - goto err; - if (!BN_gcd(r, b, c, ctx)) - goto err; - if (!BN_gcd(r, c, a, ctx)) - goto err; -#elif defined(TEST_KRON) - if (-2 == BN_kronecker(a, b, ctx)) - goto err; - if (-2 == BN_kronecker(b, c, ctx)) - goto err; - if (-2 == BN_kronecker(c, a, ctx)) - goto err; -#elif defined(TEST_INV) - if (!BN_mod_inverse(r, a, c, ctx)) - goto err; - if (!BN_mod_inverse(r, b, c, ctx)) - goto err; -#else /* TEST_SQRT */ - if (!BN_mod_sqrt(r, a, c, ctx)) - goto err; - if (!BN_mod_sqrt(r, b, c, ctx)) - goto err; -#endif - } - tm = Time_F(STOP); - printf( -#if defined(TEST_EXP) - "modexp %4d ^ %4d %% %4d" -#elif defined(TEST_MUL) - "50*modmul %4d %4d %4d" -#elif defined(TEST_SQR) - "100*modsqr %4d %4d %4d" -#elif defined(TEST_GCD) - "3*gcd %4d %4d %4d" -#elif defined(TEST_KRON) - "3*kronecker %4d %4d %4d" -#elif defined(TEST_INV) - "2*inv %4d %4d mod %4d" -#else /* TEST_SQRT */ - "2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d" -#endif - " -> %8.6fms %5.1f (%ld)\n", -#ifdef TEST_SQRT - P_MOD_64, -#endif - sizes[i], sizes[i], sizes[i], tm * 1000.0 / num, - tm * mul_c[i] / num, num); - num /= 7; - if (num <= 0) - num = 1; - } - return; - - err: - ERR_print_errors_fp(stderr); -} - -#ifdef C_PRIME -static void genprime_cb(int p, int n, void *arg) -{ - char c = '*'; - - if (p == 0) - c = '.'; - if (p == 1) - c = '+'; - if (p == 2) - c = '*'; - if (p == 3) - c = '\n'; - putc(c, stderr); - fflush(stderr); - (void)n; - (void)arg; -} -#endif diff --git a/thirdparty/openssl/crypto/bn/rsaz_exp.c b/thirdparty/openssl/crypto/bn/rsaz_exp.c deleted file mode 100644 index c54c6feb51..0000000000 --- a/thirdparty/openssl/crypto/bn/rsaz_exp.c +++ /dev/null @@ -1,346 +0,0 @@ -/***************************************************************************** -* * -* Copyright (c) 2012, Intel Corporation * -* * -* All rights reserved. * -* * -* Redistribution and use in source and binary forms, with or without * -* modification, are permitted provided that the following conditions are * -* met: * -* * -* * Redistributions of source code must retain the above copyright * -* notice, this list of conditions and the following disclaimer. * -* * -* * Redistributions in binary form must reproduce the above copyright * -* notice, this list of conditions and the following disclaimer in the * -* documentation and/or other materials provided with the * -* distribution. * -* * -* * Neither the name of the Intel Corporation nor the names of its * -* contributors may be used to endorse or promote products derived from * -* this software without specific prior written permission. * -* * -* * -* THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY * -* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * -* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * -* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR * -* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * -* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * -* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -* * -****************************************************************************** -* Developers and authors: * -* Shay Gueron (1, 2), and Vlad Krasnov (1) * -* (1) Intel Corporation, Israel Development Center, Haifa, Israel * -* (2) University of Haifa, Israel * -*****************************************************************************/ - -#include "rsaz_exp.h" - -#ifdef RSAZ_ENABLED - -/* - * See crypto/bn/asm/rsaz-avx2.pl for further details. - */ -void rsaz_1024_norm2red_avx2(void *red, const void *norm); -void rsaz_1024_mul_avx2(void *ret, const void *a, const void *b, - const void *n, BN_ULONG k); -void rsaz_1024_sqr_avx2(void *ret, const void *a, const void *n, BN_ULONG k, - int cnt); -void rsaz_1024_scatter5_avx2(void *tbl, const void *val, int i); -void rsaz_1024_gather5_avx2(void *val, const void *tbl, int i); -void rsaz_1024_red2norm_avx2(void *norm, const void *red); - -#if defined(__GNUC__) -# define ALIGN64 __attribute__((aligned(64))) -#elif defined(_MSC_VER) -# define ALIGN64 __declspec(align(64)) -#elif defined(__SUNPRO_C) -# define ALIGN64 -# pragma align 64(one,two80) -#else -/* not fatal, might hurt performance a little */ -# define ALIGN64 -#endif - -ALIGN64 static const BN_ULONG one[40] = { - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -ALIGN64 static const BN_ULONG two80[40] = { - 0, 0, 1 << 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16], - const BN_ULONG base_norm[16], - const BN_ULONG exponent[16], - const BN_ULONG m_norm[16], const BN_ULONG RR[16], - BN_ULONG k0) -{ - unsigned char storage[320 * 3 + 32 * 9 * 16 + 64]; /* 5.5KB */ - unsigned char *p_str = storage + (64 - ((size_t)storage % 64)); - unsigned char *a_inv, *m, *result; - unsigned char *table_s = p_str + 320 * 3; - unsigned char *R2 = table_s; /* borrow */ - int index; - int wvalue; - - if ((((size_t)p_str & 4095) + 320) >> 12) { - result = p_str; - a_inv = p_str + 320; - m = p_str + 320 * 2; /* should not cross page */ - } else { - m = p_str; /* should not cross page */ - result = p_str + 320; - a_inv = p_str + 320 * 2; - } - - rsaz_1024_norm2red_avx2(m, m_norm); - rsaz_1024_norm2red_avx2(a_inv, base_norm); - rsaz_1024_norm2red_avx2(R2, RR); - - rsaz_1024_mul_avx2(R2, R2, R2, m, k0); - rsaz_1024_mul_avx2(R2, R2, two80, m, k0); - - /* table[0] = 1 */ - rsaz_1024_mul_avx2(result, R2, one, m, k0); - /* table[1] = a_inv^1 */ - rsaz_1024_mul_avx2(a_inv, a_inv, R2, m, k0); - - rsaz_1024_scatter5_avx2(table_s, result, 0); - rsaz_1024_scatter5_avx2(table_s, a_inv, 1); - - /* table[2] = a_inv^2 */ - rsaz_1024_sqr_avx2(result, a_inv, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 2); -#if 0 - /* this is almost 2x smaller and less than 1% slower */ - for (index = 3; index < 32; index++) { - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, index); - } -#else - /* table[4] = a_inv^4 */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 4); - /* table[8] = a_inv^8 */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 8); - /* table[16] = a_inv^16 */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 16); - /* table[17] = a_inv^17 */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 17); - - /* table[3] */ - rsaz_1024_gather5_avx2(result, table_s, 2); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 3); - /* table[6] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 6); - /* table[12] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 12); - /* table[24] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 24); - /* table[25] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 25); - - /* table[5] */ - rsaz_1024_gather5_avx2(result, table_s, 4); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 5); - /* table[10] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 10); - /* table[20] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 20); - /* table[21] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 21); - - /* table[7] */ - rsaz_1024_gather5_avx2(result, table_s, 6); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 7); - /* table[14] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 14); - /* table[28] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 28); - /* table[29] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 29); - - /* table[9] */ - rsaz_1024_gather5_avx2(result, table_s, 8); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 9); - /* table[18] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 18); - /* table[19] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 19); - - /* table[11] */ - rsaz_1024_gather5_avx2(result, table_s, 10); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 11); - /* table[22] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 22); - /* table[23] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 23); - - /* table[13] */ - rsaz_1024_gather5_avx2(result, table_s, 12); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 13); - /* table[26] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 26); - /* table[27] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 27); - - /* table[15] */ - rsaz_1024_gather5_avx2(result, table_s, 14); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 15); - /* table[30] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 30); - /* table[31] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 31); -#endif - - /* load first window */ - p_str = (unsigned char *)exponent; - wvalue = p_str[127] >> 3; - rsaz_1024_gather5_avx2(result, table_s, wvalue); - - index = 1014; - - while (index > -1) { /* loop for the remaining 127 windows */ - - rsaz_1024_sqr_avx2(result, result, m, k0, 5); - - wvalue = *((unsigned short *)&p_str[index / 8]); - wvalue = (wvalue >> (index % 8)) & 31; - index -= 5; - - rsaz_1024_gather5_avx2(a_inv, table_s, wvalue); /* borrow a_inv */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - } - - /* square four times */ - rsaz_1024_sqr_avx2(result, result, m, k0, 4); - - wvalue = p_str[0] & 15; - - rsaz_1024_gather5_avx2(a_inv, table_s, wvalue); /* borrow a_inv */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - - /* from Montgomery */ - rsaz_1024_mul_avx2(result, result, one, m, k0); - - rsaz_1024_red2norm_avx2(result_norm, result); - - OPENSSL_cleanse(storage, sizeof(storage)); -} - -/* - * See crypto/bn/rsaz-x86_64.pl for further details. - */ -void rsaz_512_mul(void *ret, const void *a, const void *b, const void *n, - BN_ULONG k); -void rsaz_512_mul_scatter4(void *ret, const void *a, const void *n, - BN_ULONG k, const void *tbl, unsigned int power); -void rsaz_512_mul_gather4(void *ret, const void *a, const void *tbl, - const void *n, BN_ULONG k, unsigned int power); -void rsaz_512_mul_by_one(void *ret, const void *a, const void *n, BN_ULONG k); -void rsaz_512_sqr(void *ret, const void *a, const void *n, BN_ULONG k, - int cnt); -void rsaz_512_scatter4(void *tbl, const BN_ULONG *val, int power); -void rsaz_512_gather4(BN_ULONG *val, const void *tbl, int power); - -void RSAZ_512_mod_exp(BN_ULONG result[8], - const BN_ULONG base[8], const BN_ULONG exponent[8], - const BN_ULONG m[8], BN_ULONG k0, const BN_ULONG RR[8]) -{ - unsigned char storage[16 * 8 * 8 + 64 * 2 + 64]; /* 1.2KB */ - unsigned char *table = storage + (64 - ((size_t)storage % 64)); - BN_ULONG *a_inv = (BN_ULONG *)(table + 16 * 8 * 8); - BN_ULONG *temp = (BN_ULONG *)(table + 16 * 8 * 8 + 8 * 8); - unsigned char *p_str = (unsigned char *)exponent; - int index; - unsigned int wvalue; - - /* table[0] = 1_inv */ - temp[0] = 0 - m[0]; - temp[1] = ~m[1]; - temp[2] = ~m[2]; - temp[3] = ~m[3]; - temp[4] = ~m[4]; - temp[5] = ~m[5]; - temp[6] = ~m[6]; - temp[7] = ~m[7]; - rsaz_512_scatter4(table, temp, 0); - - /* table [1] = a_inv^1 */ - rsaz_512_mul(a_inv, base, RR, m, k0); - rsaz_512_scatter4(table, a_inv, 1); - - /* table [2] = a_inv^2 */ - rsaz_512_sqr(temp, a_inv, m, k0, 1); - rsaz_512_scatter4(table, temp, 2); - - for (index = 3; index < 16; index++) - rsaz_512_mul_scatter4(temp, a_inv, m, k0, table, index); - - /* load first window */ - wvalue = p_str[63]; - - rsaz_512_gather4(temp, table, wvalue >> 4); - rsaz_512_sqr(temp, temp, m, k0, 4); - rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue & 0xf); - - for (index = 62; index >= 0; index--) { - wvalue = p_str[index]; - - rsaz_512_sqr(temp, temp, m, k0, 4); - rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue >> 4); - - rsaz_512_sqr(temp, temp, m, k0, 4); - rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue & 0x0f); - } - - /* from Montgomery */ - rsaz_512_mul_by_one(result, temp, m, k0); - - OPENSSL_cleanse(storage, sizeof(storage)); -} - -#else - -# if defined(PEDANTIC) || defined(__DECC) || defined(__clang__) -static void *dummy = &dummy; -# endif - -#endif diff --git a/thirdparty/openssl/crypto/bn/rsaz_exp.h b/thirdparty/openssl/crypto/bn/rsaz_exp.h deleted file mode 100644 index 229e181f67..0000000000 --- a/thirdparty/openssl/crypto/bn/rsaz_exp.h +++ /dev/null @@ -1,68 +0,0 @@ -/***************************************************************************** -* * -* Copyright (c) 2012, Intel Corporation * -* * -* All rights reserved. * -* * -* Redistribution and use in source and binary forms, with or without * -* modification, are permitted provided that the following conditions are * -* met: * -* * -* * Redistributions of source code must retain the above copyright * -* notice, this list of conditions and the following disclaimer. * -* * -* * Redistributions in binary form must reproduce the above copyright * -* notice, this list of conditions and the following disclaimer in the * -* documentation and/or other materials provided with the * -* distribution. * -* * -* * Neither the name of the Intel Corporation nor the names of its * -* contributors may be used to endorse or promote products derived from * -* this software without specific prior written permission. * -* * -* * -* THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY * -* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * -* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * -* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR * -* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * -* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * -* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -* * -****************************************************************************** -* Developers and authors: * -* Shay Gueron (1, 2), and Vlad Krasnov (1) * -* (1) Intel Corporation, Israel Development Center, Haifa, Israel * -* (2) University of Haifa, Israel * -*****************************************************************************/ - -#ifndef RSAZ_EXP_H -# define RSAZ_EXP_H - -# undef RSAZ_ENABLED -# if defined(OPENSSL_BN_ASM_MONT) && \ - (defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64)) -# define RSAZ_ENABLED - -# include <openssl/bn.h> - -void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16], - const BN_ULONG base_norm[16], - const BN_ULONG exponent[16], - const BN_ULONG m_norm[16], const BN_ULONG RR[16], - BN_ULONG k0); -int rsaz_avx2_eligible(); - -void RSAZ_512_mod_exp(BN_ULONG result[8], - const BN_ULONG base_norm[8], const BN_ULONG exponent[8], - const BN_ULONG m_norm[8], BN_ULONG k0, - const BN_ULONG RR[8]); - -# endif - -#endif diff --git a/thirdparty/openssl/crypto/bn/todo b/thirdparty/openssl/crypto/bn/todo deleted file mode 100644 index e47e381aea..0000000000 --- a/thirdparty/openssl/crypto/bn/todo +++ /dev/null @@ -1,3 +0,0 @@ -Cache RECP_CTX values -make the result argument independant of the inputs. -split up the _exp_ functions diff --git a/thirdparty/openssl/crypto/bn/vms-helper.c b/thirdparty/openssl/crypto/bn/vms-helper.c deleted file mode 100644 index f342e90cbf..0000000000 --- a/thirdparty/openssl/crypto/bn/vms-helper.c +++ /dev/null @@ -1,68 +0,0 @@ -/* vms-helper.c */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -bn_div_words_abort(int i) -{ -#ifdef BN_DEBUG -# if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) - fprintf(stderr, "Division would overflow (%d)\n", i); -# endif - abort(); -#endif -} |