summaryrefslogtreecommitdiff
path: root/thirdparty/openssl/crypto/bn
diff options
context:
space:
mode:
Diffstat (limited to 'thirdparty/openssl/crypto/bn')
-rw-r--r--thirdparty/openssl/crypto/bn/asm/README27
-rw-r--r--thirdparty/openssl/crypto/bn/asm/vms.mar6440
-rw-r--r--thirdparty/openssl/crypto/bn/asm/x86/f3
-rw-r--r--thirdparty/openssl/crypto/bn/asm/x86_64-gcc.c638
-rw-r--r--thirdparty/openssl/crypto/bn/bn.mul19
-rw-r--r--thirdparty/openssl/crypto/bn/bn_add.c313
-rw-r--r--thirdparty/openssl/crypto/bn/bn_asm.c1093
-rw-r--r--thirdparty/openssl/crypto/bn/bn_blind.c385
-rw-r--r--thirdparty/openssl/crypto/bn/bn_const.c547
-rw-r--r--thirdparty/openssl/crypto/bn/bn_ctx.c448
-rw-r--r--thirdparty/openssl/crypto/bn/bn_depr.c115
-rw-r--r--thirdparty/openssl/crypto/bn/bn_div.c477
-rw-r--r--thirdparty/openssl/crypto/bn/bn_err.c154
-rw-r--r--thirdparty/openssl/crypto/bn/bn_exp.c1458
-rw-r--r--thirdparty/openssl/crypto/bn/bn_exp2.c303
-rw-r--r--thirdparty/openssl/crypto/bn/bn_gcd.c702
-rw-r--r--thirdparty/openssl/crypto/bn/bn_gf2m.c1300
-rw-r--r--thirdparty/openssl/crypto/bn/bn_kron.c186
-rw-r--r--thirdparty/openssl/crypto/bn/bn_lcl.h537
-rw-r--r--thirdparty/openssl/crypto/bn/bn_lib.c916
-rw-r--r--thirdparty/openssl/crypto/bn/bn_mod.c316
-rw-r--r--thirdparty/openssl/crypto/bn/bn_mont.c558
-rw-r--r--thirdparty/openssl/crypto/bn/bn_mpi.c128
-rw-r--r--thirdparty/openssl/crypto/bn/bn_mul.c1165
-rw-r--r--thirdparty/openssl/crypto/bn/bn_nist.c1262
-rw-r--r--thirdparty/openssl/crypto/bn/bn_prime.c504
-rw-r--r--thirdparty/openssl/crypto/bn/bn_prime.h326
-rw-r--r--thirdparty/openssl/crypto/bn/bn_print.c402
-rw-r--r--thirdparty/openssl/crypto/bn/bn_rand.c294
-rw-r--r--thirdparty/openssl/crypto/bn/bn_recp.c252
-rw-r--r--thirdparty/openssl/crypto/bn/bn_shift.c224
-rw-r--r--thirdparty/openssl/crypto/bn/bn_sqr.c291
-rw-r--r--thirdparty/openssl/crypto/bn/bn_sqrt.c409
-rw-r--r--thirdparty/openssl/crypto/bn/bn_word.c249
-rw-r--r--thirdparty/openssl/crypto/bn/bn_x931p.c277
-rw-r--r--thirdparty/openssl/crypto/bn/bnspeed.c232
-rw-r--r--thirdparty/openssl/crypto/bn/exp.c61
-rw-r--r--thirdparty/openssl/crypto/bn/expspeed.c381
-rw-r--r--thirdparty/openssl/crypto/bn/rsaz_exp.c346
-rw-r--r--thirdparty/openssl/crypto/bn/rsaz_exp.h68
-rw-r--r--thirdparty/openssl/crypto/bn/todo3
-rw-r--r--thirdparty/openssl/crypto/bn/vms-helper.c68
42 files changed, 0 insertions, 23877 deletions
diff --git a/thirdparty/openssl/crypto/bn/asm/README b/thirdparty/openssl/crypto/bn/asm/README
deleted file mode 100644
index b0f3a68a06..0000000000
--- a/thirdparty/openssl/crypto/bn/asm/README
+++ /dev/null
@@ -1,27 +0,0 @@
-<OBSOLETE>
-
-All assember in this directory are just version of the file
-crypto/bn/bn_asm.c.
-
-Quite a few of these files are just the assember output from gcc since on
-quite a few machines they are 2 times faster than the system compiler.
-
-For the x86, I have hand written assember because of the bad job all
-compilers seem to do on it. This normally gives a 2 time speed up in the RSA
-routines.
-
-For the DEC alpha, I also hand wrote the assember (except the division which
-is just the output from the C compiler pasted on the end of the file).
-On the 2 alpha C compilers I had access to, it was not possible to do
-64b x 64b -> 128b calculations (both long and the long long data types
-were 64 bits). So the hand assember gives access to the 128 bit result and
-a 2 times speedup :-).
-
-There are 3 versions of assember for the HP PA-RISC.
-
-pa-risc.s is the origional one which works fine and generated using gcc :-)
-
-pa-risc2W.s and pa-risc2.s are 64 and 32-bit PA-RISC 2.0 implementations
-by Chris Ruemmler from HP (with some help from the HP C compiler).
-
-</OBSOLETE>
diff --git a/thirdparty/openssl/crypto/bn/asm/vms.mar b/thirdparty/openssl/crypto/bn/asm/vms.mar
deleted file mode 100644
index aefab15cdb..0000000000
--- a/thirdparty/openssl/crypto/bn/asm/vms.mar
+++ /dev/null
@@ -1,6440 +0,0 @@
- .title vax_bn_mul_add_words unsigned multiply & add, 32*32+32+32=>64
-;
-; w.j.m. 15-jan-1999
-;
-; it's magic ...
-;
-; ULONG bn_mul_add_words(ULONG r[],ULONG a[],int n,ULONG w) {
-; ULONG c = 0;
-; int i;
-; for(i = 0; i < n; i++) <c,r[i]> := r[i] + c + a[i] * w ;
-; return c;
-; }
-
-r=4 ;(AP)
-a=8 ;(AP)
-n=12 ;(AP) n by value (input)
-w=16 ;(AP) w by value (input)
-
-
- .psect code,nowrt
-
-.entry bn_mul_add_words,^m<r2,r3,r4,r5,r6>
-
- moval @r(ap),r2
- moval @a(ap),r3
- movl n(ap),r4 ; assumed >0 by C code
- movl w(ap),r5
- clrl r6 ; c
-
-0$:
- emul r5,(r3),(r2),r0 ; w, a[], r[] considered signed
-
- ; fixup for "negative" r[]
- tstl (r2)
- bgeq 10$
- incl r1
-10$:
-
- ; add in c
- addl2 r6,r0
- adwc #0,r1
-
- ; combined fixup for "negative" w, a[]
- tstl r5
- bgeq 20$
- addl2 (r3),r1
-20$:
- tstl (r3)
- bgeq 30$
- addl2 r5,r1
-30$:
-
- movl r0,(r2)+ ; store lo result in r[] & advance
- addl #4,r3 ; advance a[]
- movl r1,r6 ; store hi result => c
-
- sobgtr r4,0$
-
- movl r6,r0 ; return c
- ret
-
- .title vax_bn_mul_words unsigned multiply & add, 32*32+32=>64
-;
-; w.j.m. 15-jan-1999
-;
-; it's magic ...
-;
-; ULONG bn_mul_words(ULONG r[],ULONG a[],int n,ULONG w) {
-; ULONG c = 0;
-; int i;
-; for(i = 0; i < num; i++) <c,r[i]> := a[i] * w + c ;
-; return(c);
-; }
-
-r=4 ;(AP)
-a=8 ;(AP)
-n=12 ;(AP) n by value (input)
-w=16 ;(AP) w by value (input)
-
-
- .psect code,nowrt
-
-.entry bn_mul_words,^m<r2,r3,r4,r5,r6>
-
- moval @r(ap),r2 ; r2 -> r[]
- moval @a(ap),r3 ; r3 -> a[]
- movl n(ap),r4 ; r4 = loop count (assumed >0 by C code)
- movl w(ap),r5 ; r5 = w
- clrl r6 ; r6 = c
-
-0$:
- ; <r1,r0> := w * a[] + c
- emul r5,(r3),r6,r0 ; w, a[], c considered signed
-
- ; fixup for "negative" c
- tstl r6 ; c
- bgeq 10$
- incl r1
-10$:
-
- ; combined fixup for "negative" w, a[]
- tstl r5 ; w
- bgeq 20$
- addl2 (r3),r1 ; a[]
-20$:
- tstl (r3) ; a[]
- bgeq 30$
- addl2 r5,r1 ; w
-30$:
-
- movl r0,(r2)+ ; store lo result in r[] & advance
- addl #4,r3 ; advance a[]
- movl r1,r6 ; store hi result => c
-
- sobgtr r4,0$
-
- movl r6,r0 ; return c
- ret
-
- .title vax_bn_sqr_words unsigned square, 32*32=>64
-;
-; w.j.m. 15-jan-1999
-;
-; it's magic ...
-;
-; void bn_sqr_words(ULONG r[],ULONG a[],int n) {
-; int i;
-; for(i = 0; i < n; i++) <r[2*i+1],r[2*i]> := a[i] * a[i] ;
-; }
-
-r=4 ;(AP)
-a=8 ;(AP)
-n=12 ;(AP) n by value (input)
-
-
- .psect code,nowrt
-
-.entry bn_sqr_words,^m<r2,r3,r4,r5>
-
- moval @r(ap),r2 ; r2 -> r[]
- moval @a(ap),r3 ; r3 -> a[]
- movl n(ap),r4 ; r4 = n (assumed >0 by C code)
-
-0$:
- movl (r3)+,r5 ; r5 = a[] & advance
-
- ; <r1,r0> := a[] * a[]
- emul r5,r5,#0,r0 ; a[] considered signed
-
- ; fixup for "negative" a[]
- tstl r5 ; a[]
- bgeq 30$
- addl2 r5,r1 ; a[]
- addl2 r5,r1 ; a[]
-30$:
-
- movl r0,(r2)+ ; store lo result in r[] & advance
- movl r1,(r2)+ ; store hi result in r[] & advance
-
- sobgtr r4,0$
-
- movl #1,r0 ; return SS$_NORMAL
- ret
-
- .title vax_bn_div_words unsigned divide
-;
-; Richard Levitte 20-Nov-2000
-;
-; ULONG bn_div_words(ULONG h, ULONG l, ULONG d)
-; {
-; return ((ULONG)((((ULLONG)h)<<32)|l) / (ULLONG)d);
-; }
-;
-; Using EDIV would be very easy, if it didn't do signed calculations.
-; Any time any of the input numbers are signed, there are problems,
-; usually with integer overflow, at which point it returns useless
-; data (the quotient gets the value of l, and the remainder becomes 0).
-;
-; If it was just for the dividend, it would be very easy, just divide
-; it by 2 (unsigned), do the division, multiply the resulting quotient
-; and remainder by 2, add the bit that was dropped when dividing by 2
-; to the remainder, and do some adjustment so the remainder doesn't
-; end up larger than the divisor. For some cases when the divisor is
-; negative (from EDIV's point of view, i.e. when the highest bit is set),
-; dividing the dividend by 2 isn't enough, and since some operations
-; might generate integer overflows even when the dividend is divided by
-; 4 (when the high part of the shifted down dividend ends up being exactly
-; half of the divisor, the result is the quotient 0x80000000, which is
-; negative...) it needs to be divided by 8. Furthermore, the divisor needs
-; to be divided by 2 (unsigned) as well, to avoid more problems with the sign.
-; In this case, a little extra fiddling with the remainder is required.
-;
-; So, the simplest way to handle this is always to divide the dividend
-; by 8, and to divide the divisor by 2 if it's highest bit is set.
-; After EDIV has been used, the quotient gets multiplied by 8 if the
-; original divisor was positive, otherwise 4. The remainder, oddly
-; enough, is *always* multiplied by 8.
-; NOTE: in the case mentioned above, where the high part of the shifted
-; down dividend ends up being exactly half the shifted down divisor, we
-; end up with a 33 bit quotient. That's no problem however, it usually
-; means we have ended up with a too large remainder as well, and the
-; problem is fixed by the last part of the algorithm (next paragraph).
-;
-; The routine ends with comparing the resulting remainder with the
-; original divisor and if the remainder is larger, subtract the
-; original divisor from it, and increase the quotient by 1. This is
-; done until the remainder is smaller than the divisor.
-;
-; The complete algorithm looks like this:
-;
-; d' = d
-; l' = l & 7
-; [h,l] = [h,l] >> 3
-; [q,r] = floor([h,l] / d) # This is the EDIV operation
-; if (q < 0) q = -q # I doubt this is necessary any more
-;
-; r' = r >> 29
-; if (d' >= 0)
-; q' = q >> 29
-; q = q << 3
-; else
-; q' = q >> 30
-; q = q << 2
-; r = (r << 3) + l'
-;
-; if (d' < 0)
-; {
-; [r',r] = [r',r] - q
-; while ([r',r] < 0)
-; {
-; [r',r] = [r',r] + d
-; [q',q] = [q',q] - 1
-; }
-; }
-;
-; while ([r',r] >= d')
-; {
-; [r',r] = [r',r] - d'
-; [q',q] = [q',q] + 1
-; }
-;
-; return q
-
-h=4 ;(AP) h by value (input)
-l=8 ;(AP) l by value (input)
-d=12 ;(AP) d by value (input)
-
-;r2 = l, q
-;r3 = h, r
-;r4 = d
-;r5 = l'
-;r6 = r'
-;r7 = d'
-;r8 = q'
-
- .psect code,nowrt
-
-.entry bn_div_words,^m<r2,r3,r4,r5,r6,r7,r8>
- movl l(ap),r2
- movl h(ap),r3
- movl d(ap),r4
-
- bicl3 #^XFFFFFFF8,r2,r5 ; l' = l & 7
- bicl3 #^X00000007,r2,r2
-
- bicl3 #^XFFFFFFF8,r3,r6
- bicl3 #^X00000007,r3,r3
-
- addl r6,r2
-
- rotl #-3,r2,r2 ; l = l >> 3
- rotl #-3,r3,r3 ; h = h >> 3
-
- movl r4,r7 ; d' = d
-
- movl #0,r6 ; r' = 0
- movl #0,r8 ; q' = 0
-
- tstl r4
- beql 666$ ; Uh-oh, the divisor is 0...
- bgtr 1$
- rotl #-1,r4,r4 ; If d is negative, shift it right.
- bicl2 #^X80000000,r4 ; Since d is then a large number, the
- ; lowest bit is insignificant
- ; (contradict that, and I'll fix the problem!)
-1$:
- ediv r4,r2,r2,r3 ; Do the actual division
-
- tstl r2
- bgeq 3$
- mnegl r2,r2 ; if q < 0, negate it
-3$:
- tstl r7
- blss 4$
- rotl #3,r2,r2 ; q = q << 3
- bicl3 #^XFFFFFFF8,r2,r8 ; q' gets the high bits from q
- bicl3 #^X00000007,r2,r2
- bsb 41$
-4$: ; else
- rotl #2,r2,r2 ; q = q << 2
- bicl3 #^XFFFFFFFC,r2,r8 ; q' gets the high bits from q
- bicl3 #^X00000003,r2,r2
-41$:
- rotl #3,r3,r3 ; r = r << 3
- bicl3 #^XFFFFFFF8,r3,r6 ; r' gets the high bits from r
- bicl3 #^X00000007,r3,r3
- addl r5,r3 ; r = r + l'
-
- tstl r7
- bgeq 5$
- bitl #1,r7
- beql 5$ ; if d' < 0 && d' & 1
- subl r2,r3 ; [r',r] = [r',r] - [q',q]
- sbwc r8,r6
-45$:
- bgeq 5$ ; while r < 0
- decl r2 ; [q',q] = [q',q] - 1
- sbwc #0,r8
- addl r7,r3 ; [r',r] = [r',r] + d'
- adwc #0,r6
- brb 45$
-
-; The return points are placed in the middle to keep a short distance from
-; all the branch points
-42$:
-; movl r3,r1
- movl r2,r0
- ret
-666$:
- movl #^XFFFFFFFF,r0
- ret
-
-5$:
- tstl r6
- bneq 6$
- cmpl r3,r7
- blssu 42$ ; while [r',r] >= d'
-6$:
- subl r7,r3 ; [r',r] = [r',r] - d'
- sbwc #0,r6
- incl r2 ; [q',q] = [q',q] + 1
- adwc #0,r8
- brb 5$
-
- .title vax_bn_add_words unsigned add of two arrays
-;
-; Richard Levitte 20-Nov-2000
-;
-; ULONG bn_add_words(ULONG r[], ULONG a[], ULONG b[], int n) {
-; ULONG c = 0;
-; int i;
-; for (i = 0; i < n; i++) <c,r[i]> = a[i] + b[i] + c;
-; return(c);
-; }
-
-r=4 ;(AP) r by reference (output)
-a=8 ;(AP) a by reference (input)
-b=12 ;(AP) b by reference (input)
-n=16 ;(AP) n by value (input)
-
-
- .psect code,nowrt
-
-.entry bn_add_words,^m<r2,r3,r4,r5,r6>
-
- moval @r(ap),r2
- moval @a(ap),r3
- moval @b(ap),r4
- movl n(ap),r5 ; assumed >0 by C code
- clrl r0 ; c
-
- tstl r5 ; carry = 0
- bleq 666$
-
-0$:
- movl (r3)+,r6 ; carry untouched
- adwc (r4)+,r6 ; carry used and touched
- movl r6,(r2)+ ; carry untouched
- sobgtr r5,0$ ; carry untouched
-
- adwc #0,r0
-666$:
- ret
-
- .title vax_bn_sub_words unsigned add of two arrays
-;
-; Richard Levitte 20-Nov-2000
-;
-; ULONG bn_sub_words(ULONG r[], ULONG a[], ULONG b[], int n) {
-; ULONG c = 0;
-; int i;
-; for (i = 0; i < n; i++) <c,r[i]> = a[i] - b[i] - c;
-; return(c);
-; }
-
-r=4 ;(AP) r by reference (output)
-a=8 ;(AP) a by reference (input)
-b=12 ;(AP) b by reference (input)
-n=16 ;(AP) n by value (input)
-
-
- .psect code,nowrt
-
-.entry bn_sub_words,^m<r2,r3,r4,r5,r6>
-
- moval @r(ap),r2
- moval @a(ap),r3
- moval @b(ap),r4
- movl n(ap),r5 ; assumed >0 by C code
- clrl r0 ; c
-
- tstl r5 ; carry = 0
- bleq 666$
-
-0$:
- movl (r3)+,r6 ; carry untouched
- sbwc (r4)+,r6 ; carry used and touched
- movl r6,(r2)+ ; carry untouched
- sobgtr r5,0$ ; carry untouched
-
- adwc #0,r0
-666$:
- ret
-
-
-;r=4 ;(AP)
-;a=8 ;(AP)
-;b=12 ;(AP)
-;n=16 ;(AP) n by value (input)
-
- .psect code,nowrt
-
-.entry BN_MUL_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11>
- movab -924(sp),sp
- clrq r8
-
- clrl r10
-
- movl 8(ap),r6
- movzwl 2(r6),r3
- movl 12(ap),r7
- bicl3 #-65536,(r7),r2
- movzwl 2(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,(r6),-12(fp)
- bicl3 #-65536,r3,-16(fp)
- mull3 r0,-12(fp),-4(fp)
- mull2 r2,-12(fp)
- mull3 r2,-16(fp),-8(fp)
- mull2 r0,-16(fp)
- addl3 -4(fp),-8(fp),r0
- bicl3 #0,r0,-4(fp)
- cmpl -4(fp),-8(fp)
- bgequ noname.45
- addl2 #65536,-16(fp)
-noname.45:
- movzwl -2(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-16(fp)
- bicl3 #-65536,-4(fp),r0
- ashl #16,r0,-8(fp)
- addl3 -8(fp),-12(fp),r0
- bicl3 #0,r0,-12(fp)
- cmpl -12(fp),-8(fp)
- bgequ noname.46
- incl -16(fp)
-noname.46:
- movl -12(fp),r1
- movl -16(fp),r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.47
- incl r2
-noname.47:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.48
- incl r10
-noname.48:
-
- movl 4(ap),r11
- movl r9,(r11)
-
- clrl r9
-
- movzwl 2(r6),r2
- bicl3 #-65536,4(r7),r3
- movzwl 6(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,(r6),-28(fp)
- bicl3 #-65536,r2,-32(fp)
- mull3 r0,-28(fp),-20(fp)
- mull2 r3,-28(fp)
- mull3 r3,-32(fp),-24(fp)
- mull2 r0,-32(fp)
- addl3 -20(fp),-24(fp),r0
- bicl3 #0,r0,-20(fp)
- cmpl -20(fp),-24(fp)
- bgequ noname.49
- addl2 #65536,-32(fp)
-noname.49:
- movzwl -18(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-32(fp)
- bicl3 #-65536,-20(fp),r0
- ashl #16,r0,-24(fp)
- addl3 -24(fp),-28(fp),r0
- bicl3 #0,r0,-28(fp)
- cmpl -28(fp),-24(fp)
- bgequ noname.50
- incl -32(fp)
-noname.50:
- movl -28(fp),r1
- movl -32(fp),r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.51
- incl r2
-noname.51:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.52
- incl r9
-noname.52:
-
- movzwl 6(r6),r2
- bicl3 #-65536,(r7),r3
- movzwl 2(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,4(r6),-44(fp)
- bicl3 #-65536,r2,-48(fp)
- mull3 r0,-44(fp),-36(fp)
- mull2 r3,-44(fp)
- mull3 r3,-48(fp),-40(fp)
- mull2 r0,-48(fp)
- addl3 -36(fp),-40(fp),r0
- bicl3 #0,r0,-36(fp)
- cmpl -36(fp),-40(fp)
- bgequ noname.53
- addl2 #65536,-48(fp)
-noname.53:
- movzwl -34(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-48(fp)
- bicl3 #-65536,-36(fp),r0
- ashl #16,r0,-40(fp)
- addl3 -40(fp),-44(fp),r0
- bicl3 #0,r0,-44(fp)
- cmpl -44(fp),-40(fp)
- bgequ noname.54
- incl -48(fp)
-noname.54:
- movl -44(fp),r1
- movl -48(fp),r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.55
- incl r2
-noname.55:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.56
- incl r9
-noname.56:
-
- movl r8,4(r11)
-
- clrl r8
-
- movzwl 10(r6),r2
- bicl3 #-65536,(r7),r3
- movzwl 2(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,8(r6),-60(fp)
- bicl3 #-65536,r2,-64(fp)
- mull3 r0,-60(fp),-52(fp)
- mull2 r3,-60(fp)
- mull3 r3,-64(fp),-56(fp)
- mull2 r0,-64(fp)
- addl3 -52(fp),-56(fp),r0
- bicl3 #0,r0,-52(fp)
- cmpl -52(fp),-56(fp)
- bgequ noname.57
- addl2 #65536,-64(fp)
-noname.57:
- movzwl -50(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-64(fp)
- bicl3 #-65536,-52(fp),r0
- ashl #16,r0,-56(fp)
- addl3 -56(fp),-60(fp),r0
- bicl3 #0,r0,-60(fp)
- cmpl -60(fp),-56(fp)
- bgequ noname.58
- incl -64(fp)
-noname.58:
- movl -60(fp),r1
- movl -64(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.59
- incl r2
-noname.59:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.60
- incl r8
-noname.60:
-
- movzwl 6(r6),r2
- bicl3 #-65536,4(r7),r3
- movzwl 6(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,4(r6),-76(fp)
- bicl3 #-65536,r2,-80(fp)
- mull3 r0,-76(fp),-68(fp)
- mull2 r3,-76(fp)
- mull3 r3,-80(fp),-72(fp)
- mull2 r0,-80(fp)
- addl3 -68(fp),-72(fp),r0
- bicl3 #0,r0,-68(fp)
- cmpl -68(fp),-72(fp)
- bgequ noname.61
- addl2 #65536,-80(fp)
-noname.61:
- movzwl -66(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-80(fp)
- bicl3 #-65536,-68(fp),r0
- ashl #16,r0,-72(fp)
- addl3 -72(fp),-76(fp),r0
- bicl3 #0,r0,-76(fp)
- cmpl -76(fp),-72(fp)
- bgequ noname.62
- incl -80(fp)
-noname.62:
- movl -76(fp),r1
- movl -80(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.63
- incl r2
-noname.63:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.64
- incl r8
-noname.64:
-
- movzwl 2(r6),r2
- bicl3 #-65536,8(r7),r3
- movzwl 10(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,(r6),-92(fp)
- bicl3 #-65536,r2,-96(fp)
- mull3 r0,-92(fp),-84(fp)
- mull2 r3,-92(fp)
- mull3 r3,-96(fp),-88(fp)
- mull2 r0,-96(fp)
- addl3 -84(fp),-88(fp),r0
- bicl3 #0,r0,-84(fp)
- cmpl -84(fp),-88(fp)
- bgequ noname.65
- addl2 #65536,-96(fp)
-noname.65:
- movzwl -82(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-96(fp)
- bicl3 #-65536,-84(fp),r0
- ashl #16,r0,-88(fp)
- addl3 -88(fp),-92(fp),r0
- bicl3 #0,r0,-92(fp)
- cmpl -92(fp),-88(fp)
- bgequ noname.66
- incl -96(fp)
-noname.66:
- movl -92(fp),r1
- movl -96(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.67
- incl r2
-noname.67:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.68
- incl r8
-noname.68:
-
- movl r10,8(r11)
-
- clrl r10
-
- movzwl 2(r6),r2
- bicl3 #-65536,12(r7),r3
- movzwl 14(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,(r6),-108(fp)
- bicl3 #-65536,r2,-112(fp)
- mull3 r0,-108(fp),-100(fp)
- mull2 r3,-108(fp)
- mull3 r3,-112(fp),-104(fp)
- mull2 r0,-112(fp)
- addl3 -100(fp),-104(fp),r0
- bicl3 #0,r0,-100(fp)
- cmpl -100(fp),-104(fp)
- bgequ noname.69
- addl2 #65536,-112(fp)
-noname.69:
- movzwl -98(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-112(fp)
- bicl3 #-65536,-100(fp),r0
- ashl #16,r0,-104(fp)
- addl3 -104(fp),-108(fp),r0
- bicl3 #0,r0,-108(fp)
- cmpl -108(fp),-104(fp)
- bgequ noname.70
- incl -112(fp)
-noname.70:
- movl -108(fp),r1
- movl -112(fp),r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.71
- incl r2
-noname.71:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.72
- incl r10
-noname.72:
-
- movzwl 6(r6),r2
- bicl3 #-65536,8(r7),r3
- movzwl 10(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,4(r6),-124(fp)
- bicl3 #-65536,r2,-128(fp)
- mull3 r0,-124(fp),-116(fp)
- mull2 r3,-124(fp)
- mull3 r3,-128(fp),-120(fp)
- mull2 r0,-128(fp)
- addl3 -116(fp),-120(fp),r0
- bicl3 #0,r0,-116(fp)
- cmpl -116(fp),-120(fp)
- bgequ noname.73
- addl2 #65536,-128(fp)
-noname.73:
- movzwl -114(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-128(fp)
- bicl3 #-65536,-116(fp),r0
- ashl #16,r0,-120(fp)
- addl3 -120(fp),-124(fp),r0
- bicl3 #0,r0,-124(fp)
- cmpl -124(fp),-120(fp)
- bgequ noname.74
- incl -128(fp)
-noname.74:
- movl -124(fp),r1
- movl -128(fp),r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.75
- incl r2
-noname.75:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.76
- incl r10
-noname.76:
-
- movzwl 10(r6),r2
- bicl3 #-65536,4(r7),r3
- movzwl 6(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,8(r6),-140(fp)
- bicl3 #-65536,r2,-144(fp)
- mull3 r0,-140(fp),-132(fp)
- mull2 r3,-140(fp)
- mull3 r3,-144(fp),-136(fp)
- mull2 r0,-144(fp)
- addl3 -132(fp),-136(fp),r0
- bicl3 #0,r0,-132(fp)
- cmpl -132(fp),-136(fp)
- bgequ noname.77
- addl2 #65536,-144(fp)
-noname.77:
- movzwl -130(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-144(fp)
- bicl3 #-65536,-132(fp),r0
- ashl #16,r0,-136(fp)
- addl3 -136(fp),-140(fp),r0
- bicl3 #0,r0,-140(fp)
- cmpl -140(fp),-136(fp)
- bgequ noname.78
- incl -144(fp)
-noname.78:
- movl -140(fp),r1
- movl -144(fp),r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.79
- incl r2
-noname.79:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.80
- incl r10
-noname.80:
-
- movzwl 14(r6),r2
- bicl3 #-65536,(r7),r3
- movzwl 2(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,12(r6),-156(fp)
- bicl3 #-65536,r2,-160(fp)
- mull3 r0,-156(fp),-148(fp)
- mull2 r3,-156(fp)
- mull3 r3,-160(fp),-152(fp)
- mull2 r0,-160(fp)
- addl3 -148(fp),-152(fp),r0
- bicl3 #0,r0,-148(fp)
- cmpl -148(fp),-152(fp)
- bgequ noname.81
- addl2 #65536,-160(fp)
-noname.81:
- movzwl -146(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-160(fp)
- bicl3 #-65536,-148(fp),r0
- ashl #16,r0,-152(fp)
- addl3 -152(fp),-156(fp),r0
- bicl3 #0,r0,-156(fp)
- cmpl -156(fp),-152(fp)
- bgequ noname.82
- incl -160(fp)
-noname.82:
- movl -156(fp),r1
- movl -160(fp),r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.83
- incl r2
-noname.83:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.84
- incl r10
-noname.84:
-
- movl r9,12(r11)
-
- clrl r9
-
- movzwl 18(r6),r2
- bicl3 #-65536,(r7),r3
- movzwl 2(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,16(r6),-172(fp)
- bicl3 #-65536,r2,-176(fp)
- mull3 r0,-172(fp),-164(fp)
- mull2 r3,-172(fp)
- mull3 r3,-176(fp),-168(fp)
- mull2 r0,-176(fp)
- addl3 -164(fp),-168(fp),r0
- bicl3 #0,r0,-164(fp)
- cmpl -164(fp),-168(fp)
- bgequ noname.85
- addl2 #65536,-176(fp)
-noname.85:
- movzwl -162(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-176(fp)
- bicl3 #-65536,-164(fp),r0
- ashl #16,r0,-168(fp)
- addl3 -168(fp),-172(fp),r0
- bicl3 #0,r0,-172(fp)
- cmpl -172(fp),-168(fp)
- bgequ noname.86
- incl -176(fp)
-noname.86:
- movl -172(fp),r1
- movl -176(fp),r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.87
- incl r2
-noname.87:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.88
- incl r9
-noname.88:
-
- movzwl 14(r6),r2
- bicl3 #-65536,4(r7),r3
- movzwl 6(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,12(r6),-188(fp)
- bicl3 #-65536,r2,-192(fp)
- mull3 r0,-188(fp),-180(fp)
- mull2 r3,-188(fp)
- mull3 r3,-192(fp),-184(fp)
- mull2 r0,-192(fp)
- addl3 -180(fp),-184(fp),r0
- bicl3 #0,r0,-180(fp)
- cmpl -180(fp),-184(fp)
- bgequ noname.89
- addl2 #65536,-192(fp)
-noname.89:
- movzwl -178(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-192(fp)
- bicl3 #-65536,-180(fp),r0
- ashl #16,r0,-184(fp)
- addl3 -184(fp),-188(fp),r0
- bicl3 #0,r0,-188(fp)
- cmpl -188(fp),-184(fp)
- bgequ noname.90
- incl -192(fp)
-noname.90:
- movl -188(fp),r1
- movl -192(fp),r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.91
- incl r2
-noname.91:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.92
- incl r9
-noname.92:
-
- movzwl 10(r6),r2
- bicl3 #-65536,8(r7),r3
- movzwl 10(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,8(r6),-204(fp)
- bicl3 #-65536,r2,-208(fp)
- mull3 r0,-204(fp),-196(fp)
- mull2 r3,-204(fp)
- mull3 r3,-208(fp),-200(fp)
- mull2 r0,-208(fp)
- addl3 -196(fp),-200(fp),r0
- bicl3 #0,r0,-196(fp)
- cmpl -196(fp),-200(fp)
- bgequ noname.93
- addl2 #65536,-208(fp)
-noname.93:
- movzwl -194(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-208(fp)
- bicl3 #-65536,-196(fp),r0
- ashl #16,r0,-200(fp)
- addl3 -200(fp),-204(fp),r0
- bicl3 #0,r0,-204(fp)
- cmpl -204(fp),-200(fp)
- bgequ noname.94
- incl -208(fp)
-noname.94:
- movl -204(fp),r1
- movl -208(fp),r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.95
- incl r2
-noname.95:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.96
- incl r9
-noname.96:
-
- movzwl 6(r6),r2
- bicl3 #-65536,12(r7),r3
- movzwl 14(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,4(r6),-220(fp)
- bicl3 #-65536,r2,-224(fp)
- mull3 r0,-220(fp),-212(fp)
- mull2 r3,-220(fp)
- mull3 r3,-224(fp),-216(fp)
- mull2 r0,-224(fp)
- addl3 -212(fp),-216(fp),r0
- bicl3 #0,r0,-212(fp)
- cmpl -212(fp),-216(fp)
- bgequ noname.97
- addl2 #65536,-224(fp)
-noname.97:
- movzwl -210(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-224(fp)
- bicl3 #-65536,-212(fp),r0
- ashl #16,r0,-216(fp)
- addl3 -216(fp),-220(fp),r0
- bicl3 #0,r0,-220(fp)
- cmpl -220(fp),-216(fp)
- bgequ noname.98
- incl -224(fp)
-noname.98:
- movl -220(fp),r1
- movl -224(fp),r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.99
- incl r2
-noname.99:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.100
- incl r9
-noname.100:
-
- movzwl 2(r6),r2
- bicl3 #-65536,16(r7),r3
- movzwl 18(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,(r6),-236(fp)
- bicl3 #-65536,r2,-240(fp)
- mull3 r0,-236(fp),-228(fp)
- mull2 r3,-236(fp)
- mull3 r3,-240(fp),-232(fp)
- mull2 r0,-240(fp)
- addl3 -228(fp),-232(fp),r0
- bicl3 #0,r0,-228(fp)
- cmpl -228(fp),-232(fp)
- bgequ noname.101
- addl2 #65536,-240(fp)
-noname.101:
- movzwl -226(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-240(fp)
- bicl3 #-65536,-228(fp),r0
- ashl #16,r0,-232(fp)
- addl3 -232(fp),-236(fp),r0
- bicl3 #0,r0,-236(fp)
- cmpl -236(fp),-232(fp)
- bgequ noname.102
- incl -240(fp)
-noname.102:
- movl -236(fp),r1
- movl -240(fp),r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.103
- incl r2
-noname.103:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.104
- incl r9
-noname.104:
-
- movl r8,16(r11)
-
- clrl r8
-
- movzwl 2(r6),r2
- bicl3 #-65536,20(r7),r3
- movzwl 22(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,(r6),-252(fp)
- bicl3 #-65536,r2,-256(fp)
- mull3 r0,-252(fp),-244(fp)
- mull2 r3,-252(fp)
- mull3 r3,-256(fp),-248(fp)
- mull2 r0,-256(fp)
- addl3 -244(fp),-248(fp),r0
- bicl3 #0,r0,-244(fp)
- cmpl -244(fp),-248(fp)
- bgequ noname.105
- addl2 #65536,-256(fp)
-noname.105:
- movzwl -242(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-256(fp)
- bicl3 #-65536,-244(fp),r0
- ashl #16,r0,-248(fp)
- addl3 -248(fp),-252(fp),r0
- bicl3 #0,r0,-252(fp)
- cmpl -252(fp),-248(fp)
- bgequ noname.106
- incl -256(fp)
-noname.106:
- movl -252(fp),r1
- movl -256(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.107
- incl r2
-noname.107:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.108
- incl r8
-noname.108:
-
- movzwl 6(r6),r2
- bicl3 #-65536,16(r7),r3
- movzwl 18(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,4(r6),-268(fp)
- bicl3 #-65536,r2,-272(fp)
- mull3 r0,-268(fp),-260(fp)
- mull2 r3,-268(fp)
- mull3 r3,-272(fp),-264(fp)
- mull2 r0,-272(fp)
- addl3 -260(fp),-264(fp),r0
- bicl3 #0,r0,-260(fp)
- cmpl -260(fp),-264(fp)
- bgequ noname.109
- addl2 #65536,-272(fp)
-noname.109:
- movzwl -258(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-272(fp)
- bicl3 #-65536,-260(fp),r0
- ashl #16,r0,-264(fp)
- addl3 -264(fp),-268(fp),r0
- bicl3 #0,r0,-268(fp)
- cmpl -268(fp),-264(fp)
- bgequ noname.110
- incl -272(fp)
-noname.110:
- movl -268(fp),r1
- movl -272(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.111
- incl r2
-noname.111:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.112
- incl r8
-noname.112:
-
- movzwl 10(r6),r2
- bicl3 #-65536,12(r7),r3
- movzwl 14(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,8(r6),-284(fp)
- bicl3 #-65536,r2,-288(fp)
- mull3 r0,-284(fp),-276(fp)
- mull2 r3,-284(fp)
- mull3 r3,-288(fp),-280(fp)
- mull2 r0,-288(fp)
- addl3 -276(fp),-280(fp),r0
- bicl3 #0,r0,-276(fp)
- cmpl -276(fp),-280(fp)
- bgequ noname.113
- addl2 #65536,-288(fp)
-noname.113:
- movzwl -274(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-288(fp)
- bicl3 #-65536,-276(fp),r0
- ashl #16,r0,-280(fp)
- addl3 -280(fp),-284(fp),r0
- bicl3 #0,r0,-284(fp)
- cmpl -284(fp),-280(fp)
- bgequ noname.114
- incl -288(fp)
-noname.114:
- movl -284(fp),r1
- movl -288(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.115
- incl r2
-noname.115:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.116
- incl r8
-noname.116:
-
- movzwl 14(r6),r2
- bicl3 #-65536,8(r7),r3
- movzwl 10(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,12(r6),-300(fp)
- bicl3 #-65536,r2,-304(fp)
- mull3 r0,-300(fp),-292(fp)
- mull2 r3,-300(fp)
- mull3 r3,-304(fp),-296(fp)
- mull2 r0,-304(fp)
- addl3 -292(fp),-296(fp),r0
- bicl3 #0,r0,-292(fp)
- cmpl -292(fp),-296(fp)
- bgequ noname.117
- addl2 #65536,-304(fp)
-noname.117:
- movzwl -290(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-304(fp)
- bicl3 #-65536,-292(fp),r0
- ashl #16,r0,-296(fp)
- addl3 -296(fp),-300(fp),r0
- bicl3 #0,r0,-300(fp)
- cmpl -300(fp),-296(fp)
- bgequ noname.118
- incl -304(fp)
-noname.118:
- movl -300(fp),r1
- movl -304(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.119
- incl r2
-noname.119:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.120
- incl r8
-noname.120:
-
- movzwl 18(r6),r2
- bicl3 #-65536,4(r7),r3
- movzwl 6(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,16(r6),-316(fp)
- bicl3 #-65536,r2,-320(fp)
- mull3 r0,-316(fp),-308(fp)
- mull2 r3,-316(fp)
- mull3 r3,-320(fp),-312(fp)
- mull2 r0,-320(fp)
- addl3 -308(fp),-312(fp),r0
- bicl3 #0,r0,-308(fp)
- cmpl -308(fp),-312(fp)
- bgequ noname.121
- addl2 #65536,-320(fp)
-noname.121:
- movzwl -306(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-320(fp)
- bicl3 #-65536,-308(fp),r0
- ashl #16,r0,-312(fp)
- addl3 -312(fp),-316(fp),r0
- bicl3 #0,r0,-316(fp)
- cmpl -316(fp),-312(fp)
- bgequ noname.122
- incl -320(fp)
-noname.122:
- movl -316(fp),r1
- movl -320(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.123
- incl r2
-
-noname.123:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.124
- incl r8
-noname.124:
-
- movzwl 22(r6),r2
- bicl3 #-65536,(r7),r3
- movzwl 2(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,20(r6),-332(fp)
- bicl3 #-65536,r2,-336(fp)
- mull3 r0,-332(fp),-324(fp)
- mull2 r3,-332(fp)
- mull3 r3,-336(fp),-328(fp)
- mull2 r0,-336(fp)
- addl3 -324(fp),-328(fp),r0
- bicl3 #0,r0,-324(fp)
- cmpl -324(fp),-328(fp)
- bgequ noname.125
- addl2 #65536,-336(fp)
-noname.125:
- movzwl -322(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-336(fp)
- bicl3 #-65536,-324(fp),r0
- ashl #16,r0,-328(fp)
- addl3 -328(fp),-332(fp),r0
- bicl3 #0,r0,-332(fp)
- cmpl -332(fp),-328(fp)
- bgequ noname.126
- incl -336(fp)
-noname.126:
- movl -332(fp),r1
- movl -336(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.127
- incl r2
-noname.127:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.128
- incl r8
-noname.128:
-
- movl r10,20(r11)
-
- clrl r10
-
- movzwl 26(r6),r2
- bicl3 #-65536,(r7),r3
- movzwl 2(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,24(r6),-348(fp)
- bicl3 #-65536,r2,-352(fp)
- mull3 r0,-348(fp),-340(fp)
- mull2 r3,-348(fp)
- mull3 r3,-352(fp),-344(fp)
- mull2 r0,-352(fp)
- addl3 -340(fp),-344(fp),r0
- bicl3 #0,r0,-340(fp)
- cmpl -340(fp),-344(fp)
- bgequ noname.129
- addl2 #65536,-352(fp)
-noname.129:
- movzwl -338(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-352(fp)
- bicl3 #-65536,-340(fp),r0
- ashl #16,r0,-344(fp)
- addl3 -344(fp),-348(fp),r0
- bicl3 #0,r0,-348(fp)
- cmpl -348(fp),-344(fp)
- bgequ noname.130
- incl -352(fp)
-noname.130:
- movl -348(fp),r1
- movl -352(fp),r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.131
- incl r2
-noname.131:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.132
- incl r10
-noname.132:
-
- movzwl 22(r6),r2
- bicl3 #-65536,4(r7),r3
- movzwl 6(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,20(r6),-364(fp)
- bicl3 #-65536,r2,-368(fp)
- mull3 r0,-364(fp),-356(fp)
- mull2 r3,-364(fp)
- mull3 r3,-368(fp),-360(fp)
- mull2 r0,-368(fp)
- addl3 -356(fp),-360(fp),r0
- bicl3 #0,r0,-356(fp)
- cmpl -356(fp),-360(fp)
- bgequ noname.133
- addl2 #65536,-368(fp)
-noname.133:
- movzwl -354(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-368(fp)
- bicl3 #-65536,-356(fp),r0
- ashl #16,r0,-360(fp)
- addl3 -360(fp),-364(fp),r0
- bicl3 #0,r0,-364(fp)
- cmpl -364(fp),-360(fp)
- bgequ noname.134
- incl -368(fp)
-noname.134:
- movl -364(fp),r1
- movl -368(fp),r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.135
- incl r2
-noname.135:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.136
- incl r10
-noname.136:
-
- movzwl 18(r6),r2
- bicl3 #-65536,8(r7),r3
- movzwl 10(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,16(r6),-380(fp)
- bicl3 #-65536,r2,-384(fp)
- mull3 r0,-380(fp),-372(fp)
- mull2 r3,-380(fp)
- mull3 r3,-384(fp),-376(fp)
- mull2 r0,-384(fp)
- addl3 -372(fp),-376(fp),r0
- bicl3 #0,r0,-372(fp)
- cmpl -372(fp),-376(fp)
- bgequ noname.137
- addl2 #65536,-384(fp)
-noname.137:
- movzwl -370(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-384(fp)
- bicl3 #-65536,-372(fp),r0
- ashl #16,r0,-376(fp)
- addl3 -376(fp),-380(fp),r0
- bicl3 #0,r0,-380(fp)
- cmpl -380(fp),-376(fp)
- bgequ noname.138
- incl -384(fp)
-noname.138:
- movl -380(fp),r1
- movl -384(fp),r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.139
- incl r2
-noname.139:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.140
- incl r10
-noname.140:
-
- movzwl 14(r6),r2
- bicl3 #-65536,12(r7),r3
- movzwl 14(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,12(r6),-396(fp)
- bicl3 #-65536,r2,-400(fp)
- mull3 r0,-396(fp),-388(fp)
- mull2 r3,-396(fp)
- mull3 r3,-400(fp),-392(fp)
- mull2 r0,-400(fp)
- addl3 -388(fp),-392(fp),r0
- bicl3 #0,r0,-388(fp)
- cmpl -388(fp),-392(fp)
- bgequ noname.141
- addl2 #65536,-400(fp)
-noname.141:
- movzwl -386(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-400(fp)
- bicl3 #-65536,-388(fp),r0
- ashl #16,r0,-392(fp)
- addl3 -392(fp),-396(fp),r0
- bicl3 #0,r0,-396(fp)
- cmpl -396(fp),-392(fp)
- bgequ noname.142
- incl -400(fp)
-noname.142:
- movl -396(fp),r1
- movl -400(fp),r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.143
- incl r2
-noname.143:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.144
- incl r10
-noname.144:
-
- movzwl 10(r6),r2
- bicl3 #-65536,16(r7),r3
- movzwl 18(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,8(r6),-412(fp)
- bicl3 #-65536,r2,-416(fp)
- mull3 r0,-412(fp),-404(fp)
- mull2 r3,-412(fp)
- mull3 r3,-416(fp),-408(fp)
- mull2 r0,-416(fp)
- addl3 -404(fp),-408(fp),r0
- bicl3 #0,r0,-404(fp)
- cmpl -404(fp),-408(fp)
- bgequ noname.145
- addl2 #65536,-416(fp)
-noname.145:
- movzwl -402(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-416(fp)
- bicl3 #-65536,-404(fp),r0
- ashl #16,r0,-408(fp)
- addl3 -408(fp),-412(fp),r0
- bicl3 #0,r0,-412(fp)
- cmpl -412(fp),-408(fp)
- bgequ noname.146
- incl -416(fp)
-noname.146:
- movl -412(fp),r1
- movl -416(fp),r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.147
- incl r2
-noname.147:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.148
- incl r10
-noname.148:
-
- movzwl 6(r6),r2
- bicl3 #-65536,20(r7),r3
- movzwl 22(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,4(r6),-428(fp)
- bicl3 #-65536,r2,-432(fp)
- mull3 r0,-428(fp),-420(fp)
- mull2 r3,-428(fp)
- mull3 r3,-432(fp),-424(fp)
- mull2 r0,-432(fp)
- addl3 -420(fp),-424(fp),r0
- bicl3 #0,r0,-420(fp)
- cmpl -420(fp),-424(fp)
- bgequ noname.149
- addl2 #65536,-432(fp)
-noname.149:
- movzwl -418(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-432(fp)
- bicl3 #-65536,-420(fp),r0
- ashl #16,r0,-424(fp)
- addl3 -424(fp),-428(fp),r0
- bicl3 #0,r0,-428(fp)
- cmpl -428(fp),-424(fp)
- bgequ noname.150
- incl -432(fp)
-noname.150:
- movl -428(fp),r1
- movl -432(fp),r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.151
- incl r2
-noname.151:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.152
- incl r10
-noname.152:
-
- movzwl 2(r6),r2
- bicl3 #-65536,24(r7),r3
- movzwl 26(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,(r6),-444(fp)
- bicl3 #-65536,r2,-448(fp)
- mull3 r0,-444(fp),-436(fp)
- mull2 r3,-444(fp)
- mull3 r3,-448(fp),-440(fp)
- mull2 r0,-448(fp)
- addl3 -436(fp),-440(fp),r0
- bicl3 #0,r0,-436(fp)
- cmpl -436(fp),-440(fp)
- bgequ noname.153
- addl2 #65536,-448(fp)
-noname.153:
- movzwl -434(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-448(fp)
- bicl3 #-65536,-436(fp),r0
- ashl #16,r0,-440(fp)
- addl3 -440(fp),-444(fp),r0
- bicl3 #0,r0,-444(fp)
- cmpl -444(fp),-440(fp)
- bgequ noname.154
- incl -448(fp)
-noname.154:
- movl -444(fp),r1
- movl -448(fp),r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.155
- incl r2
-noname.155:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.156
- incl r10
-noname.156:
-
- movl r9,24(r11)
-
- clrl r9
-
- movzwl 2(r6),r2
- bicl3 #-65536,28(r7),r3
- movzwl 30(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,(r6),-460(fp)
- bicl3 #-65536,r2,-464(fp)
- mull3 r0,-460(fp),-452(fp)
- mull2 r3,-460(fp)
- mull3 r3,-464(fp),-456(fp)
- mull2 r0,-464(fp)
- addl3 -452(fp),-456(fp),r0
- bicl3 #0,r0,-452(fp)
- cmpl -452(fp),-456(fp)
- bgequ noname.157
- addl2 #65536,-464(fp)
-noname.157:
- movzwl -450(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-464(fp)
- bicl3 #-65536,-452(fp),r0
- ashl #16,r0,-456(fp)
- addl3 -456(fp),-460(fp),r0
- bicl3 #0,r0,-460(fp)
- cmpl -460(fp),-456(fp)
- bgequ noname.158
- incl -464(fp)
-noname.158:
- movl -460(fp),r1
- movl -464(fp),r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.159
- incl r2
-noname.159:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.160
- incl r9
-noname.160:
-
- movzwl 6(r6),r2
- bicl3 #-65536,24(r7),r3
- movzwl 26(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,4(r6),-476(fp)
- bicl3 #-65536,r2,-480(fp)
- mull3 r0,-476(fp),-468(fp)
- mull2 r3,-476(fp)
- mull3 r3,-480(fp),-472(fp)
- mull2 r0,-480(fp)
- addl3 -468(fp),-472(fp),r0
- bicl3 #0,r0,-468(fp)
- cmpl -468(fp),-472(fp)
- bgequ noname.161
- addl2 #65536,-480(fp)
-noname.161:
- movzwl -466(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-480(fp)
- bicl3 #-65536,-468(fp),r0
- ashl #16,r0,-472(fp)
- addl3 -472(fp),-476(fp),r0
- bicl3 #0,r0,-476(fp)
- cmpl -476(fp),-472(fp)
- bgequ noname.162
- incl -480(fp)
-noname.162:
- movl -476(fp),r1
- movl -480(fp),r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.163
- incl r2
-noname.163:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.164
- incl r9
-noname.164:
-
- movzwl 10(r6),r2
- bicl3 #-65536,20(r7),r3
- movzwl 22(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,8(r6),-492(fp)
- bicl3 #-65536,r2,-496(fp)
- mull3 r0,-492(fp),-484(fp)
- mull2 r3,-492(fp)
- mull3 r3,-496(fp),-488(fp)
- mull2 r0,-496(fp)
- addl3 -484(fp),-488(fp),r0
- bicl3 #0,r0,-484(fp)
- cmpl -484(fp),-488(fp)
- bgequ noname.165
- addl2 #65536,-496(fp)
-noname.165:
- movzwl -482(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-496(fp)
- bicl3 #-65536,-484(fp),r0
- ashl #16,r0,-488(fp)
- addl3 -488(fp),-492(fp),r0
- bicl3 #0,r0,-492(fp)
- cmpl -492(fp),-488(fp)
- bgequ noname.166
- incl -496(fp)
-noname.166:
- movl -492(fp),r1
- movl -496(fp),r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.167
- incl r2
-noname.167:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.168
- incl r9
-noname.168:
-
- movzwl 14(r6),r2
- bicl3 #-65536,16(r7),r3
- movzwl 18(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,12(r6),-508(fp)
- bicl3 #-65536,r2,-512(fp)
- mull3 r0,-508(fp),-500(fp)
- mull2 r3,-508(fp)
- mull3 r3,-512(fp),-504(fp)
- mull2 r0,-512(fp)
- addl3 -500(fp),-504(fp),r0
- bicl3 #0,r0,-500(fp)
- cmpl -500(fp),-504(fp)
- bgequ noname.169
- addl2 #65536,-512(fp)
-noname.169:
- movzwl -498(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-512(fp)
- bicl3 #-65536,-500(fp),r0
- ashl #16,r0,-504(fp)
- addl3 -504(fp),-508(fp),r0
- bicl3 #0,r0,-508(fp)
- cmpl -508(fp),-504(fp)
- bgequ noname.170
- incl -512(fp)
-noname.170:
- movl -508(fp),r1
- movl -512(fp),r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.171
- incl r2
-noname.171:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.172
- incl r9
-noname.172:
-
- movzwl 18(r6),r2
- bicl3 #-65536,12(r7),r3
- movzwl 14(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,16(r6),-524(fp)
- bicl3 #-65536,r2,-528(fp)
- mull3 r0,-524(fp),-516(fp)
- mull2 r3,-524(fp)
- mull3 r3,-528(fp),-520(fp)
- mull2 r0,-528(fp)
- addl3 -516(fp),-520(fp),r0
- bicl3 #0,r0,-516(fp)
- cmpl -516(fp),-520(fp)
- bgequ noname.173
- addl2 #65536,-528(fp)
-noname.173:
- movzwl -514(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-528(fp)
- bicl3 #-65536,-516(fp),r0
- ashl #16,r0,-520(fp)
- addl3 -520(fp),-524(fp),r0
- bicl3 #0,r0,-524(fp)
- cmpl -524(fp),-520(fp)
- bgequ noname.174
- incl -528(fp)
-noname.174:
- movl -524(fp),r1
- movl -528(fp),r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.175
- incl r2
-noname.175:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.176
- incl r9
-noname.176:
-
- movzwl 22(r6),r2
- bicl3 #-65536,8(r7),r3
- movzwl 10(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,20(r6),-540(fp)
- bicl3 #-65536,r2,-544(fp)
- mull3 r0,-540(fp),-532(fp)
- mull2 r3,-540(fp)
- mull3 r3,-544(fp),-536(fp)
- mull2 r0,-544(fp)
- addl3 -532(fp),-536(fp),r0
- bicl3 #0,r0,-532(fp)
- cmpl -532(fp),-536(fp)
- bgequ noname.177
- addl2 #65536,-544(fp)
-noname.177:
- movzwl -530(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-544(fp)
- bicl3 #-65536,-532(fp),r0
- ashl #16,r0,-536(fp)
- addl3 -536(fp),-540(fp),r0
- bicl3 #0,r0,-540(fp)
- cmpl -540(fp),-536(fp)
- bgequ noname.178
- incl -544(fp)
-noname.178:
- movl -540(fp),r1
- movl -544(fp),r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.179
- incl r2
-noname.179:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.180
- incl r9
-noname.180:
-
- movzwl 26(r6),r2
- bicl3 #-65536,4(r7),r3
- movzwl 6(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,24(r6),-556(fp)
- bicl3 #-65536,r2,-560(fp)
- mull3 r0,-556(fp),-548(fp)
- mull2 r3,-556(fp)
- mull3 r3,-560(fp),-552(fp)
- mull2 r0,-560(fp)
- addl3 -548(fp),-552(fp),r0
- bicl3 #0,r0,-548(fp)
- cmpl -548(fp),-552(fp)
- bgequ noname.181
- addl2 #65536,-560(fp)
-noname.181:
- movzwl -546(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-560(fp)
- bicl3 #-65536,-548(fp),r0
- ashl #16,r0,-552(fp)
- addl3 -552(fp),-556(fp),r0
- bicl3 #0,r0,-556(fp)
- cmpl -556(fp),-552(fp)
- bgequ noname.182
- incl -560(fp)
-noname.182:
- movl -556(fp),r1
- movl -560(fp),r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.183
- incl r2
-noname.183:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.184
- incl r9
-noname.184:
-
- movzwl 30(r6),r2
- bicl3 #-65536,(r7),r3
- movzwl 2(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,28(r6),-572(fp)
- bicl3 #-65536,r2,-576(fp)
- mull3 r0,-572(fp),-564(fp)
- mull2 r3,-572(fp)
- mull3 r3,-576(fp),-568(fp)
- mull2 r0,-576(fp)
- addl3 -564(fp),-568(fp),r0
- bicl3 #0,r0,-564(fp)
- cmpl -564(fp),-568(fp)
- bgequ noname.185
- addl2 #65536,-576(fp)
-noname.185:
- movzwl -562(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-576(fp)
- bicl3 #-65536,-564(fp),r0
- ashl #16,r0,-568(fp)
- addl3 -568(fp),-572(fp),r0
- bicl3 #0,r0,-572(fp)
- cmpl -572(fp),-568(fp)
- bgequ noname.186
- incl -576(fp)
-noname.186:
- movl -572(fp),r1
- movl -576(fp),r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.187
- incl r2
-noname.187:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.188
- incl r9
-noname.188:
-
- movl r8,28(r11)
-
- clrl r8
-
- movzwl 30(r6),r2
- bicl3 #-65536,4(r7),r3
- movzwl 6(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,28(r6),-588(fp)
- bicl3 #-65536,r2,-592(fp)
- mull3 r0,-588(fp),-580(fp)
- mull2 r3,-588(fp)
- mull3 r3,-592(fp),-584(fp)
- mull2 r0,-592(fp)
- addl3 -580(fp),-584(fp),r0
- bicl3 #0,r0,-580(fp)
- cmpl -580(fp),-584(fp)
- bgequ noname.189
- addl2 #65536,-592(fp)
-noname.189:
- movzwl -578(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-592(fp)
- bicl3 #-65536,-580(fp),r0
- ashl #16,r0,-584(fp)
- addl3 -584(fp),-588(fp),r0
- bicl3 #0,r0,-588(fp)
- cmpl -588(fp),-584(fp)
- bgequ noname.190
- incl -592(fp)
-noname.190:
- movl -588(fp),r1
- movl -592(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.191
- incl r2
-noname.191:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.192
- incl r8
-noname.192:
-
- movzwl 26(r6),r2
- bicl3 #-65536,8(r7),r3
- movzwl 10(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,24(r6),-604(fp)
- bicl3 #-65536,r2,-608(fp)
- mull3 r0,-604(fp),-596(fp)
- mull2 r3,-604(fp)
- mull3 r3,-608(fp),-600(fp)
- mull2 r0,-608(fp)
- addl3 -596(fp),-600(fp),r0
- bicl3 #0,r0,-596(fp)
- cmpl -596(fp),-600(fp)
- bgequ noname.193
- addl2 #65536,-608(fp)
-noname.193:
- movzwl -594(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-608(fp)
- bicl3 #-65536,-596(fp),r0
- ashl #16,r0,-600(fp)
- addl3 -600(fp),-604(fp),r0
- bicl3 #0,r0,-604(fp)
- cmpl -604(fp),-600(fp)
- bgequ noname.194
- incl -608(fp)
-noname.194:
- movl -604(fp),r1
- movl -608(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.195
- incl r2
-noname.195:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.196
- incl r8
-noname.196:
-
- movzwl 22(r6),r2
- bicl3 #-65536,12(r7),r3
- movzwl 14(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,20(r6),-620(fp)
- bicl3 #-65536,r2,-624(fp)
- mull3 r0,-620(fp),-612(fp)
- mull2 r3,-620(fp)
- mull3 r3,-624(fp),-616(fp)
- mull2 r0,-624(fp)
- addl3 -612(fp),-616(fp),r0
- bicl3 #0,r0,-612(fp)
- cmpl -612(fp),-616(fp)
- bgequ noname.197
- addl2 #65536,-624(fp)
-noname.197:
- movzwl -610(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-624(fp)
- bicl3 #-65536,-612(fp),r0
- ashl #16,r0,-616(fp)
- addl3 -616(fp),-620(fp),r0
- bicl3 #0,r0,-620(fp)
- cmpl -620(fp),-616(fp)
- bgequ noname.198
- incl -624(fp)
-noname.198:
- movl -620(fp),r1
- movl -624(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.199
- incl r2
-noname.199:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.200
- incl r8
-noname.200:
-
- movzwl 18(r6),r2
- bicl3 #-65536,16(r7),r3
- movzwl 18(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,16(r6),-636(fp)
- bicl3 #-65536,r2,-640(fp)
- mull3 r0,-636(fp),-628(fp)
- mull2 r3,-636(fp)
- mull3 r3,-640(fp),-632(fp)
- mull2 r0,-640(fp)
- addl3 -628(fp),-632(fp),r0
- bicl3 #0,r0,-628(fp)
- cmpl -628(fp),-632(fp)
- bgequ noname.201
- addl2 #65536,-640(fp)
-noname.201:
- movzwl -626(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-640(fp)
- bicl3 #-65536,-628(fp),r0
- ashl #16,r0,-632(fp)
- addl3 -632(fp),-636(fp),r0
- bicl3 #0,r0,-636(fp)
- cmpl -636(fp),-632(fp)
- bgequ noname.202
- incl -640(fp)
-noname.202:
- movl -636(fp),r1
- movl -640(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.203
- incl r2
-noname.203:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.204
- incl r8
-noname.204:
-
- movzwl 14(r6),r2
- bicl3 #-65536,20(r7),r3
- movzwl 22(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,12(r6),-652(fp)
- bicl3 #-65536,r2,-656(fp)
- mull3 r0,-652(fp),-644(fp)
- mull2 r3,-652(fp)
- mull3 r3,-656(fp),-648(fp)
- mull2 r0,-656(fp)
- addl3 -644(fp),-648(fp),r0
- bicl3 #0,r0,-644(fp)
- cmpl -644(fp),-648(fp)
- bgequ noname.205
- addl2 #65536,-656(fp)
-noname.205:
- movzwl -642(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-656(fp)
- bicl3 #-65536,-644(fp),r0
- ashl #16,r0,-648(fp)
- addl3 -648(fp),-652(fp),r0
- bicl3 #0,r0,-652(fp)
- cmpl -652(fp),-648(fp)
- bgequ noname.206
- incl -656(fp)
-noname.206:
- movl -652(fp),r1
- movl -656(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.207
- incl r2
-noname.207:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.208
- incl r8
-noname.208:
-
- movzwl 10(r6),r2
- bicl3 #-65536,24(r7),r3
- movzwl 26(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,8(r6),-668(fp)
- bicl3 #-65536,r2,-672(fp)
- mull3 r0,-668(fp),-660(fp)
- mull2 r3,-668(fp)
- mull3 r3,-672(fp),-664(fp)
- mull2 r0,-672(fp)
- addl3 -660(fp),-664(fp),r0
- bicl3 #0,r0,-660(fp)
- cmpl -660(fp),-664(fp)
- bgequ noname.209
- addl2 #65536,-672(fp)
-noname.209:
- movzwl -658(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-672(fp)
- bicl3 #-65536,-660(fp),r0
- ashl #16,r0,-664(fp)
- addl3 -664(fp),-668(fp),r0
- bicl3 #0,r0,-668(fp)
- cmpl -668(fp),-664(fp)
- bgequ noname.210
- incl -672(fp)
-noname.210:
- movl -668(fp),r1
- movl -672(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.211
- incl r2
-noname.211:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.212
- incl r8
-noname.212:
-
- movzwl 6(r6),r2
- bicl3 #-65536,28(r7),r3
- movzwl 30(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,4(r6),-684(fp)
- bicl3 #-65536,r2,-688(fp)
- mull3 r0,-684(fp),-676(fp)
- mull2 r3,-684(fp)
- mull3 r3,-688(fp),-680(fp)
- mull2 r0,-688(fp)
- addl3 -676(fp),-680(fp),r0
- bicl3 #0,r0,-676(fp)
- cmpl -676(fp),-680(fp)
- bgequ noname.213
- addl2 #65536,-688(fp)
-noname.213:
- movzwl -674(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-688(fp)
- bicl3 #-65536,-676(fp),r0
- ashl #16,r0,-680(fp)
- addl3 -680(fp),-684(fp),r0
- bicl3 #0,r0,-684(fp)
- cmpl -684(fp),-680(fp)
- bgequ noname.214
- incl -688(fp)
-noname.214:
- movl -684(fp),r1
- movl -688(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.215
- incl r2
-noname.215:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.216
- incl r8
-noname.216:
-
- movl r10,32(r11)
-
- clrl r10
-
- movzwl 10(r6),r2
- bicl3 #-65536,28(r7),r3
- movzwl 30(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,8(r6),-700(fp)
- bicl3 #-65536,r2,-704(fp)
- mull3 r0,-700(fp),-692(fp)
- mull2 r3,-700(fp)
- mull3 r3,-704(fp),-696(fp)
- mull2 r0,-704(fp)
- addl3 -692(fp),-696(fp),r0
- bicl3 #0,r0,-692(fp)
- cmpl -692(fp),-696(fp)
- bgequ noname.217
- addl2 #65536,-704(fp)
-noname.217:
- movzwl -690(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-704(fp)
- bicl3 #-65536,-692(fp),r0
- ashl #16,r0,-696(fp)
- addl3 -696(fp),-700(fp),r0
- bicl3 #0,r0,-700(fp)
- cmpl -700(fp),-696(fp)
- bgequ noname.218
- incl -704(fp)
-noname.218:
- movl -700(fp),r1
- movl -704(fp),r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.219
- incl r2
-noname.219:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.220
- incl r10
-noname.220:
-
- movzwl 14(r6),r2
- bicl3 #-65536,24(r7),r3
- movzwl 26(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,12(r6),-716(fp)
- bicl3 #-65536,r2,-720(fp)
- mull3 r0,-716(fp),-708(fp)
- mull2 r3,-716(fp)
- mull3 r3,-720(fp),-712(fp)
- mull2 r0,-720(fp)
- addl3 -708(fp),-712(fp),r0
- bicl3 #0,r0,-708(fp)
- cmpl -708(fp),-712(fp)
- bgequ noname.221
- addl2 #65536,-720(fp)
-noname.221:
- movzwl -706(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-720(fp)
- bicl3 #-65536,-708(fp),r0
- ashl #16,r0,-712(fp)
- addl3 -712(fp),-716(fp),r0
- bicl3 #0,r0,-716(fp)
- cmpl -716(fp),-712(fp)
- bgequ noname.222
- incl -720(fp)
-noname.222:
- movl -716(fp),r1
- movl -720(fp),r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.223
- incl r2
-noname.223:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.224
- incl r10
-noname.224:
-
- movzwl 18(r6),r2
- bicl3 #-65536,20(r7),r3
- movzwl 22(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,16(r6),-732(fp)
- bicl3 #-65536,r2,-736(fp)
- mull3 r0,-732(fp),-724(fp)
- mull2 r3,-732(fp)
- mull3 r3,-736(fp),-728(fp)
- mull2 r0,-736(fp)
- addl3 -724(fp),-728(fp),r0
- bicl3 #0,r0,-724(fp)
- cmpl -724(fp),-728(fp)
- bgequ noname.225
- addl2 #65536,-736(fp)
-noname.225:
- movzwl -722(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-736(fp)
- bicl3 #-65536,-724(fp),r0
- ashl #16,r0,-728(fp)
- addl3 -728(fp),-732(fp),r0
- bicl3 #0,r0,-732(fp)
- cmpl -732(fp),-728(fp)
- bgequ noname.226
- incl -736(fp)
-noname.226:
- movl -732(fp),r1
- movl -736(fp),r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.227
- incl r2
-noname.227:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.228
- incl r10
-noname.228:
-
- movzwl 22(r6),r2
- bicl3 #-65536,16(r7),r3
- movzwl 18(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,20(r6),-748(fp)
- bicl3 #-65536,r2,-752(fp)
- mull3 r0,-748(fp),-740(fp)
- mull2 r3,-748(fp)
- mull3 r3,-752(fp),-744(fp)
- mull2 r0,-752(fp)
- addl3 -740(fp),-744(fp),r0
- bicl3 #0,r0,-740(fp)
- cmpl -740(fp),-744(fp)
- bgequ noname.229
- addl2 #65536,-752(fp)
-noname.229:
- movzwl -738(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-752(fp)
- bicl3 #-65536,-740(fp),r0
- ashl #16,r0,-744(fp)
- addl3 -744(fp),-748(fp),r0
- bicl3 #0,r0,-748(fp)
- cmpl -748(fp),-744(fp)
- bgequ noname.230
- incl -752(fp)
-noname.230:
- movl -748(fp),r1
- movl -752(fp),r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.231
- incl r2
-noname.231:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.232
- incl r10
-noname.232:
-
- movzwl 26(r6),r2
- bicl3 #-65536,12(r7),r3
- movzwl 14(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,24(r6),-764(fp)
- bicl3 #-65536,r2,-768(fp)
- mull3 r0,-764(fp),-756(fp)
- mull2 r3,-764(fp)
- mull3 r3,-768(fp),-760(fp)
- mull2 r0,-768(fp)
- addl3 -756(fp),-760(fp),r0
- bicl3 #0,r0,-756(fp)
- cmpl -756(fp),-760(fp)
- bgequ noname.233
- addl2 #65536,-768(fp)
-noname.233:
- movzwl -754(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-768(fp)
- bicl3 #-65536,-756(fp),r0
- ashl #16,r0,-760(fp)
- addl3 -760(fp),-764(fp),r0
- bicl3 #0,r0,-764(fp)
- cmpl -764(fp),-760(fp)
- bgequ noname.234
- incl -768(fp)
-noname.234:
- movl -764(fp),r1
- movl -768(fp),r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.235
- incl r2
-noname.235:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.236
- incl r10
-noname.236:
-
- bicl3 #-65536,28(r6),r3
- movzwl 30(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,8(r7),r2
- movzwl 10(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-772(fp)
- mull2 r2,r5
- mull3 r2,r4,-776(fp)
- mull2 r0,r4
- addl3 -772(fp),-776(fp),r0
- bicl3 #0,r0,-772(fp)
- cmpl -772(fp),-776(fp)
- bgequ noname.237
- addl2 #65536,r4
-noname.237:
- movzwl -770(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-772(fp),r0
- ashl #16,r0,-776(fp)
- addl2 -776(fp),r5
- bicl2 #0,r5
- cmpl r5,-776(fp)
- bgequ noname.238
- incl r4
-noname.238:
- movl r5,r1
- movl r4,r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.239
- incl r2
-noname.239:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.240
- incl r10
-noname.240:
-
- movl r9,36(r11)
-
- clrl r9
-
- bicl3 #-65536,28(r6),r3
- movzwl 30(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,12(r7),r2
- movzwl 14(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-780(fp)
- mull2 r2,r5
- mull3 r2,r4,-784(fp)
- mull2 r0,r4
- addl3 -780(fp),-784(fp),r0
- bicl3 #0,r0,-780(fp)
- cmpl -780(fp),-784(fp)
- bgequ noname.241
- addl2 #65536,r4
-noname.241:
- movzwl -778(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-780(fp),r0
- ashl #16,r0,-784(fp)
- addl2 -784(fp),r5
- bicl2 #0,r5
- cmpl r5,-784(fp)
- bgequ noname.242
- incl r4
-noname.242:
- movl r5,r1
- movl r4,r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.243
- incl r2
-noname.243:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.244
- incl r9
-noname.244:
-
- bicl3 #-65536,24(r6),r3
- movzwl 26(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,16(r7),r2
- movzwl 18(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-788(fp)
- mull2 r2,r5
- mull3 r2,r4,-792(fp)
- mull2 r0,r4
- addl3 -788(fp),-792(fp),r0
- bicl3 #0,r0,-788(fp)
- cmpl -788(fp),-792(fp)
- bgequ noname.245
- addl2 #65536,r4
-noname.245:
- movzwl -786(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-788(fp),r0
- ashl #16,r0,-792(fp)
- addl2 -792(fp),r5
- bicl2 #0,r5
- cmpl r5,-792(fp)
- bgequ noname.246
- incl r4
-noname.246:
- movl r5,r1
- movl r4,r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.247
- incl r2
-noname.247:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.248
- incl r9
-noname.248:
-
- bicl3 #-65536,20(r6),r3
- movzwl 22(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,20(r7),r2
- movzwl 22(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-796(fp)
- mull2 r2,r5
- mull3 r2,r4,-800(fp)
- mull2 r0,r4
- addl3 -796(fp),-800(fp),r0
- bicl3 #0,r0,-796(fp)
- cmpl -796(fp),-800(fp)
- bgequ noname.249
- addl2 #65536,r4
-noname.249:
- movzwl -794(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-796(fp),r0
- ashl #16,r0,-800(fp)
- addl2 -800(fp),r5
- bicl2 #0,r5
- cmpl r5,-800(fp)
- bgequ noname.250
- incl r4
-noname.250:
- movl r5,r1
- movl r4,r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.251
- incl r2
-noname.251:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.252
- incl r9
-noname.252:
-
- bicl3 #-65536,16(r6),r3
- movzwl 18(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,24(r7),r2
- movzwl 26(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-804(fp)
- mull2 r2,r5
- mull3 r2,r4,-808(fp)
- mull2 r0,r4
- addl3 -804(fp),-808(fp),r0
- bicl3 #0,r0,-804(fp)
- cmpl -804(fp),-808(fp)
- bgequ noname.253
- addl2 #65536,r4
-noname.253:
- movzwl -802(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-804(fp),r0
- ashl #16,r0,-808(fp)
- addl2 -808(fp),r5
- bicl2 #0,r5
- cmpl r5,-808(fp)
- bgequ noname.254
- incl r4
-noname.254:
- movl r5,r1
- movl r4,r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.255
- incl r2
-noname.255:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.256
- incl r9
-noname.256:
-
- bicl3 #-65536,12(r6),r3
- movzwl 14(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,28(r7),r2
- movzwl 30(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-812(fp)
- mull2 r2,r5
- mull3 r2,r4,-816(fp)
- mull2 r0,r4
- addl3 -812(fp),-816(fp),r0
- bicl3 #0,r0,-812(fp)
- cmpl -812(fp),-816(fp)
- bgequ noname.257
- addl2 #65536,r4
-noname.257:
- movzwl -810(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-812(fp),r0
- ashl #16,r0,-816(fp)
- addl2 -816(fp),r5
- bicl2 #0,r5
- cmpl r5,-816(fp)
- bgequ noname.258
- incl r4
-noname.258:
- movl r5,r1
- movl r4,r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.259
- incl r2
-noname.259:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.260
- incl r9
-noname.260:
-
- movl r8,40(r11)
-
- clrl r8
-
- bicl3 #-65536,16(r6),r3
- movzwl 18(r6),r2
- bicl3 #-65536,28(r7),r1
- movzwl 30(r7),r0
- bicl2 #-65536,r0
- movl r3,r4
- bicl3 #-65536,r2,-828(fp)
- mull3 r0,r4,-820(fp)
- mull2 r1,r4
- mull3 r1,-828(fp),-824(fp)
- mull2 r0,-828(fp)
- addl3 -820(fp),-824(fp),r0
- bicl3 #0,r0,-820(fp)
- cmpl -820(fp),-824(fp)
- bgequ noname.261
- addl2 #65536,-828(fp)
-noname.261:
- movzwl -818(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-828(fp)
- bicl3 #-65536,-820(fp),r0
- ashl #16,r0,-824(fp)
- addl2 -824(fp),r4
- bicl2 #0,r4
- cmpl r4,-824(fp)
- bgequ noname.262
- incl -828(fp)
-noname.262:
- movl r4,r1
- movl -828(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.263
- incl r2
-noname.263:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.264
- incl r8
-noname.264:
-
- movzwl 22(r6),r2
- bicl3 #-65536,24(r7),r3
- movzwl 26(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,20(r6),-840(fp)
- bicl3 #-65536,r2,-844(fp)
- mull3 r0,-840(fp),-832(fp)
- mull2 r3,-840(fp)
- mull3 r3,-844(fp),-836(fp)
- mull2 r0,-844(fp)
- addl3 -832(fp),-836(fp),r0
- bicl3 #0,r0,-832(fp)
- cmpl -832(fp),-836(fp)
- bgequ noname.265
- addl2 #65536,-844(fp)
-noname.265:
- movzwl -830(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-844(fp)
- bicl3 #-65536,-832(fp),r0
- ashl #16,r0,-836(fp)
- addl3 -836(fp),-840(fp),r0
- bicl3 #0,r0,-840(fp)
- cmpl -840(fp),-836(fp)
- bgequ noname.266
- incl -844(fp)
-noname.266:
- movl -840(fp),r1
- movl -844(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.267
- incl r2
-noname.267:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.268
- incl r8
-noname.268:
-
- bicl3 #-65536,24(r6),r3
- movzwl 26(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,20(r7),r2
- movzwl 22(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-848(fp)
- mull2 r2,r5
- mull3 r2,r4,-852(fp)
- mull2 r0,r4
- addl3 -848(fp),-852(fp),r0
- bicl3 #0,r0,-848(fp)
- cmpl -848(fp),-852(fp)
- bgequ noname.269
- addl2 #65536,r4
-noname.269:
- movzwl -846(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-848(fp),r0
- ashl #16,r0,-852(fp)
- addl2 -852(fp),r5
- bicl2 #0,r5
- cmpl r5,-852(fp)
- bgequ noname.270
- incl r4
-noname.270:
- movl r5,r1
- movl r4,r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.271
- incl r2
-noname.271:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.272
- incl r8
-noname.272:
-
- bicl3 #-65536,28(r6),r3
- movzwl 30(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,16(r7),r2
- movzwl 18(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-856(fp)
- mull2 r2,r5
- mull3 r2,r4,-860(fp)
- mull2 r0,r4
- addl3 -856(fp),-860(fp),r0
- bicl3 #0,r0,-856(fp)
- cmpl -856(fp),-860(fp)
- bgequ noname.273
- addl2 #65536,r4
-noname.273:
- movzwl -854(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-856(fp),r0
- ashl #16,r0,-860(fp)
- addl2 -860(fp),r5
- bicl2 #0,r5
- cmpl r5,-860(fp)
- bgequ noname.274
- incl r4
-noname.274:
- movl r5,r1
- movl r4,r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.275
- incl r2
-noname.275:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.276
- incl r8
-noname.276:
-
- movl r10,44(r11)
-
- clrl r10
-
- bicl3 #-65536,28(r6),r3
- movzwl 30(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,20(r7),r2
- movzwl 22(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-864(fp)
- mull2 r2,r5
- mull3 r2,r4,-868(fp)
- mull2 r0,r4
- addl3 -864(fp),-868(fp),r0
- bicl3 #0,r0,-864(fp)
- cmpl -864(fp),-868(fp)
- bgequ noname.277
- addl2 #65536,r4
-noname.277:
- movzwl -862(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-864(fp),r0
- ashl #16,r0,-868(fp)
- addl2 -868(fp),r5
- bicl2 #0,r5
- cmpl r5,-868(fp)
- bgequ noname.278
- incl r4
-noname.278:
- movl r5,r1
- movl r4,r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.279
- incl r2
-noname.279:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.280
- incl r10
-noname.280:
-
- bicl3 #-65536,24(r6),r3
- movzwl 26(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,24(r7),r2
- movzwl 26(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-872(fp)
- mull2 r2,r5
- mull3 r2,r4,-876(fp)
- mull2 r0,r4
- addl3 -872(fp),-876(fp),r0
- bicl3 #0,r0,-872(fp)
- cmpl -872(fp),-876(fp)
- bgequ noname.281
- addl2 #65536,r4
-noname.281:
- movzwl -870(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-872(fp),r0
- ashl #16,r0,-876(fp)
- addl2 -876(fp),r5
- bicl2 #0,r5
- cmpl r5,-876(fp)
- bgequ noname.282
- incl r4
-noname.282:
- movl r5,r1
- movl r4,r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.283
- incl r2
-noname.283:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.284
- incl r10
-noname.284:
-
- bicl3 #-65536,20(r6),r3
- movzwl 22(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,28(r7),r2
- movzwl 30(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-880(fp)
- mull2 r2,r5
- mull3 r2,r4,-884(fp)
- mull2 r0,r4
- addl3 -880(fp),-884(fp),r0
- bicl3 #0,r0,-880(fp)
- cmpl -880(fp),-884(fp)
- bgequ noname.285
- addl2 #65536,r4
-noname.285:
- movzwl -878(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-880(fp),r0
- ashl #16,r0,-884(fp)
- addl2 -884(fp),r5
- bicl2 #0,r5
- cmpl r5,-884(fp)
- bgequ noname.286
- incl r4
-noname.286:
- movl r5,r1
- movl r4,r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.287
- incl r2
-noname.287:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.288
- incl r10
-noname.288:
-
- movl r9,48(r11)
-
- clrl r9
-
- bicl3 #-65536,24(r6),r3
- movzwl 26(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,28(r7),r2
- movzwl 30(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-888(fp)
- mull2 r2,r5
- mull3 r2,r4,-892(fp)
- mull2 r0,r4
- addl3 -888(fp),-892(fp),r0
- bicl3 #0,r0,-888(fp)
- cmpl -888(fp),-892(fp)
- bgequ noname.289
- addl2 #65536,r4
-noname.289:
- movzwl -886(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-888(fp),r0
- ashl #16,r0,-892(fp)
- addl2 -892(fp),r5
- bicl2 #0,r5
- cmpl r5,-892(fp)
- bgequ noname.290
- incl r4
-noname.290:
- movl r5,r1
- movl r4,r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.291
- incl r2
-noname.291:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.292
- incl r9
-noname.292:
-
- movzwl 30(r6),r2
- bicl3 #-65536,24(r7),r3
- movzwl 26(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,28(r6),-904(fp)
- bicl3 #-65536,r2,-908(fp)
- mull3 r0,-904(fp),-896(fp)
- mull2 r3,-904(fp)
- mull3 r3,-908(fp),-900(fp)
- mull2 r0,-908(fp)
- addl3 -896(fp),-900(fp),r0
- bicl3 #0,r0,-896(fp)
- cmpl -896(fp),-900(fp)
- bgequ noname.293
- addl2 #65536,-908(fp)
-noname.293:
- movzwl -894(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-908(fp)
- bicl3 #-65536,-896(fp),r0
- ashl #16,r0,-900(fp)
- addl3 -900(fp),-904(fp),r0
- bicl3 #0,r0,-904(fp)
- cmpl -904(fp),-900(fp)
- bgequ noname.294
- incl -908(fp)
-noname.294:
- movl -904(fp),r1
- movl -908(fp),r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.295
- incl r2
-noname.295:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.296
- incl r9
-noname.296:
-
- movl r8,52(r11)
-
- clrl r8
-
- movzwl 30(r6),r2
- bicl3 #-65536,28(r7),r3
- movzwl 30(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,28(r6),-920(fp)
- bicl3 #-65536,r2,-924(fp)
- mull3 r0,-920(fp),-912(fp)
- mull2 r3,-920(fp)
- mull3 r3,-924(fp),-916(fp)
- mull2 r0,-924(fp)
- addl3 -912(fp),-916(fp),r0
- bicl3 #0,r0,-912(fp)
- cmpl -912(fp),-916(fp)
- bgequ noname.297
- addl2 #65536,-924(fp)
-noname.297:
- movzwl -910(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-924(fp)
- bicl3 #-65536,-912(fp),r0
- ashl #16,r0,-916(fp)
- addl3 -916(fp),-920(fp),r0
- bicl3 #0,r0,-920(fp)
- cmpl -920(fp),-916(fp)
- bgequ noname.298
- incl -924(fp)
-noname.298:
- movl -920(fp),r1
- movl -924(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.299
- incl r2
-noname.299:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.300
- incl r8
-noname.300:
-
- movl r10,56(r11)
-
- movl r9,60(r11)
-
- ret
-
-
-
-;r=4 ;(AP)
-;a=8 ;(AP)
-;b=12 ;(AP)
-;n=16 ;(AP) n by value (input)
-
- .psect code,nowrt
-
-.entry BN_MUL_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11>
- movab -156(sp),sp
-
- clrq r9
-
- clrl r8
-
- movl 8(ap),r6
- bicl3 #-65536,(r6),r3
- movzwl 2(r6),r2
- bicl2 #-65536,r2
- movl 12(ap),r7
- bicl3 #-65536,(r7),r1
- movzwl 2(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r2,r4
- mull3 r0,r5,-4(fp)
- mull2 r1,r5
- mull3 r1,r4,-8(fp)
- mull2 r0,r4
- addl3 -4(fp),-8(fp),r0
- bicl3 #0,r0,-4(fp)
- cmpl -4(fp),-8(fp)
- bgequ noname.303
- addl2 #65536,r4
-noname.303:
- movzwl -2(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-4(fp),r0
- ashl #16,r0,-8(fp)
- addl2 -8(fp),r5
- bicl2 #0,r5
- cmpl r5,-8(fp)
- bgequ noname.304
- incl r4
-noname.304:
- movl r5,r1
- movl r4,r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.305
- incl r2
-noname.305:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.306
- incl r8
-noname.306:
-
- movl 4(ap),r11
- movl r10,(r11)
-
- clrl r10
-
- bicl3 #-65536,(r6),r3
- movzwl 2(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,4(r7),r2
- movzwl 6(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-12(fp)
- mull2 r2,r5
- mull3 r2,r4,-16(fp)
- mull2 r0,r4
- addl3 -12(fp),-16(fp),r0
- bicl3 #0,r0,-12(fp)
- cmpl -12(fp),-16(fp)
- bgequ noname.307
- addl2 #65536,r4
-noname.307:
- movzwl -10(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-12(fp),r0
- ashl #16,r0,-16(fp)
- addl2 -16(fp),r5
- bicl2 #0,r5
- cmpl r5,-16(fp)
- bgequ noname.308
- incl r4
-noname.308:
- movl r5,r1
- movl r4,r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.309
- incl r2
-noname.309:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.310
- incl r10
-noname.310:
-
- bicl3 #-65536,4(r6),r3
- movzwl 6(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,(r7),r2
- movzwl 2(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-20(fp)
- mull2 r2,r5
- mull3 r2,r4,-24(fp)
- mull2 r0,r4
- addl3 -20(fp),-24(fp),r0
- bicl3 #0,r0,-20(fp)
- cmpl -20(fp),-24(fp)
- bgequ noname.311
- addl2 #65536,r4
-noname.311:
- movzwl -18(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-20(fp),r0
- ashl #16,r0,-24(fp)
- addl2 -24(fp),r5
- bicl2 #0,r5
- cmpl r5,-24(fp)
- bgequ noname.312
- incl r4
-noname.312:
- movl r5,r1
- movl r4,r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.313
- incl r2
-noname.313:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.314
- incl r10
-noname.314:
-
- movl r9,4(r11)
-
- clrl r9
-
- bicl3 #-65536,8(r6),r3
- movzwl 10(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,(r7),r2
- movzwl 2(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-28(fp)
- mull2 r2,r5
- mull3 r2,r4,-32(fp)
- mull2 r0,r4
- addl3 -28(fp),-32(fp),r0
- bicl3 #0,r0,-28(fp)
- cmpl -28(fp),-32(fp)
- bgequ noname.315
- addl2 #65536,r4
-noname.315:
- movzwl -26(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-28(fp),r0
- ashl #16,r0,-32(fp)
- addl2 -32(fp),r5
- bicl2 #0,r5
- cmpl r5,-32(fp)
- bgequ noname.316
- incl r4
-noname.316:
- movl r5,r1
- movl r4,r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.317
- incl r2
-noname.317:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.318
- incl r9
-noname.318:
-
- bicl3 #-65536,4(r6),r3
- movzwl 6(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,4(r7),r2
- movzwl 6(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-36(fp)
- mull2 r2,r5
- mull3 r2,r4,-40(fp)
- mull2 r0,r4
- addl3 -36(fp),-40(fp),r0
- bicl3 #0,r0,-36(fp)
- cmpl -36(fp),-40(fp)
- bgequ noname.319
- addl2 #65536,r4
-noname.319:
- movzwl -34(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-36(fp),r0
- ashl #16,r0,-40(fp)
- addl2 -40(fp),r5
- bicl2 #0,r5
- cmpl r5,-40(fp)
- bgequ noname.320
- incl r4
-noname.320:
- movl r5,r1
- movl r4,r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.321
- incl r2
-noname.321:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.322
- incl r9
-noname.322:
-
- bicl3 #-65536,(r6),r3
- movzwl 2(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,8(r7),r2
- movzwl 10(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-44(fp)
- mull2 r2,r5
- mull3 r2,r4,-48(fp)
- mull2 r0,r4
- addl3 -44(fp),-48(fp),r0
- bicl3 #0,r0,-44(fp)
- cmpl -44(fp),-48(fp)
- bgequ noname.323
- addl2 #65536,r4
-noname.323:
- movzwl -42(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-44(fp),r0
- ashl #16,r0,-48(fp)
- addl2 -48(fp),r5
- bicl2 #0,r5
- cmpl r5,-48(fp)
- bgequ noname.324
- incl r4
-noname.324:
- movl r5,r1
- movl r4,r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.325
- incl r2
-noname.325:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.326
- incl r9
-noname.326:
-
- movl r8,8(r11)
-
- clrl r8
-
- bicl3 #-65536,(r6),r3
- movzwl 2(r6),r2
- bicl3 #-65536,12(r7),r1
- movzwl 14(r7),r0
- bicl2 #-65536,r0
- movl r3,r4
- bicl3 #-65536,r2,-60(fp)
- mull3 r0,r4,-52(fp)
- mull2 r1,r4
- mull3 r1,-60(fp),-56(fp)
- mull2 r0,-60(fp)
- addl3 -52(fp),-56(fp),r0
- bicl3 #0,r0,-52(fp)
- cmpl -52(fp),-56(fp)
- bgequ noname.327
- addl2 #65536,-60(fp)
-noname.327:
- movzwl -50(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-60(fp)
- bicl3 #-65536,-52(fp),r0
- ashl #16,r0,-56(fp)
- addl2 -56(fp),r4
- bicl2 #0,r4
- cmpl r4,-56(fp)
- bgequ noname.328
- incl -60(fp)
-noname.328:
- movl r4,r1
- movl -60(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.329
- incl r2
-noname.329:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.330
- incl r8
-noname.330:
-
- movzwl 6(r6),r2
- bicl3 #-65536,8(r7),r3
- movzwl 10(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,4(r6),-72(fp)
- bicl3 #-65536,r2,-76(fp)
- mull3 r0,-72(fp),-64(fp)
- mull2 r3,-72(fp)
- mull3 r3,-76(fp),-68(fp)
- mull2 r0,-76(fp)
- addl3 -64(fp),-68(fp),r0
- bicl3 #0,r0,-64(fp)
- cmpl -64(fp),-68(fp)
- bgequ noname.331
- addl2 #65536,-76(fp)
-noname.331:
- movzwl -62(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-76(fp)
- bicl3 #-65536,-64(fp),r0
- ashl #16,r0,-68(fp)
- addl3 -68(fp),-72(fp),r0
- bicl3 #0,r0,-72(fp)
- cmpl -72(fp),-68(fp)
- bgequ noname.332
- incl -76(fp)
-noname.332:
- movl -72(fp),r1
- movl -76(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.333
- incl r2
-noname.333:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.334
- incl r8
-noname.334:
-
- bicl3 #-65536,8(r6),r3
- movzwl 10(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,4(r7),r2
- movzwl 6(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-80(fp)
- mull2 r2,r5
- mull3 r2,r4,-84(fp)
- mull2 r0,r4
- addl3 -80(fp),-84(fp),r0
- bicl3 #0,r0,-80(fp)
- cmpl -80(fp),-84(fp)
- bgequ noname.335
- addl2 #65536,r4
-noname.335:
- movzwl -78(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-80(fp),r0
- ashl #16,r0,-84(fp)
- addl2 -84(fp),r5
- bicl2 #0,r5
- cmpl r5,-84(fp)
- bgequ noname.336
- incl r4
-noname.336:
- movl r5,r1
- movl r4,r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.337
- incl r2
-noname.337:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.338
- incl r8
-noname.338:
-
- bicl3 #-65536,12(r6),r3
- movzwl 14(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,(r7),r2
- movzwl 2(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-88(fp)
- mull2 r2,r5
- mull3 r2,r4,-92(fp)
- mull2 r0,r4
- addl3 -88(fp),-92(fp),r0
- bicl3 #0,r0,-88(fp)
- cmpl -88(fp),-92(fp)
- bgequ noname.339
- addl2 #65536,r4
-noname.339:
- movzwl -86(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-88(fp),r0
- ashl #16,r0,-92(fp)
- addl2 -92(fp),r5
- bicl2 #0,r5
- cmpl r5,-92(fp)
- bgequ noname.340
- incl r4
-noname.340:
- movl r5,r1
- movl r4,r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.341
- incl r2
-noname.341:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.342
- incl r8
-noname.342:
-
- movl r10,12(r11)
-
- clrl r10
-
- bicl3 #-65536,12(r6),r3
- movzwl 14(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,4(r7),r2
- movzwl 6(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-96(fp)
- mull2 r2,r5
- mull3 r2,r4,-100(fp)
- mull2 r0,r4
- addl3 -96(fp),-100(fp),r0
- bicl3 #0,r0,-96(fp)
- cmpl -96(fp),-100(fp)
- bgequ noname.343
- addl2 #65536,r4
-noname.343:
- movzwl -94(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-96(fp),r0
- ashl #16,r0,-100(fp)
- addl2 -100(fp),r5
- bicl2 #0,r5
- cmpl r5,-100(fp)
- bgequ noname.344
- incl r4
-noname.344:
- movl r5,r1
- movl r4,r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.345
- incl r2
-noname.345:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.346
- incl r10
-noname.346:
-
- bicl3 #-65536,8(r6),r3
- movzwl 10(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,8(r7),r2
- movzwl 10(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-104(fp)
- mull2 r2,r5
- mull3 r2,r4,-108(fp)
- mull2 r0,r4
- addl3 -104(fp),-108(fp),r0
- bicl3 #0,r0,-104(fp)
- cmpl -104(fp),-108(fp)
- bgequ noname.347
- addl2 #65536,r4
-noname.347:
- movzwl -102(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-104(fp),r0
- ashl #16,r0,-108(fp)
- addl2 -108(fp),r5
- bicl2 #0,r5
- cmpl r5,-108(fp)
- bgequ noname.348
- incl r4
-noname.348:
- movl r5,r1
- movl r4,r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.349
- incl r2
-noname.349:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.350
- incl r10
-noname.350:
-
- bicl3 #-65536,4(r6),r3
- movzwl 6(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,12(r7),r2
- movzwl 14(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-112(fp)
- mull2 r2,r5
- mull3 r2,r4,-116(fp)
- mull2 r0,r4
- addl3 -112(fp),-116(fp),r0
- bicl3 #0,r0,-112(fp)
- cmpl -112(fp),-116(fp)
- bgequ noname.351
- addl2 #65536,r4
-noname.351:
- movzwl -110(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-112(fp),r0
- ashl #16,r0,-116(fp)
- addl2 -116(fp),r5
- bicl2 #0,r5
- cmpl r5,-116(fp)
- bgequ noname.352
- incl r4
-noname.352:
- movl r5,r1
- movl r4,r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.353
- incl r2
-noname.353:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.354
- incl r10
-noname.354:
-
- movl r9,16(r11)
-
- clrl r9
-
- bicl3 #-65536,8(r6),r3
- movzwl 10(r6),r1
- bicl2 #-65536,r1
- bicl3 #-65536,12(r7),r2
- movzwl 14(r7),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-120(fp)
- mull2 r2,r5
- mull3 r2,r4,-124(fp)
- mull2 r0,r4
- addl3 -120(fp),-124(fp),r0
- bicl3 #0,r0,-120(fp)
- cmpl -120(fp),-124(fp)
- bgequ noname.355
- addl2 #65536,r4
-noname.355:
- movzwl -118(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-120(fp),r0
- ashl #16,r0,-124(fp)
- addl2 -124(fp),r5
- bicl2 #0,r5
- cmpl r5,-124(fp)
- bgequ noname.356
- incl r4
-noname.356:
- movl r5,r1
- movl r4,r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.357
- incl r2
-noname.357:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.358
- incl r9
-noname.358:
-
- movzwl 14(r6),r2
- bicl3 #-65536,8(r7),r3
- movzwl 10(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,12(r6),-136(fp)
- bicl3 #-65536,r2,-140(fp)
- mull3 r0,-136(fp),-128(fp)
- mull2 r3,-136(fp)
- mull3 r3,-140(fp),-132(fp)
- mull2 r0,-140(fp)
- addl3 -128(fp),-132(fp),r0
- bicl3 #0,r0,-128(fp)
- cmpl -128(fp),-132(fp)
- bgequ noname.359
- addl2 #65536,-140(fp)
-noname.359:
- movzwl -126(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-140(fp)
- bicl3 #-65536,-128(fp),r0
- ashl #16,r0,-132(fp)
- addl3 -132(fp),-136(fp),r0
- bicl3 #0,r0,-136(fp)
- cmpl -136(fp),-132(fp)
- bgequ noname.360
- incl -140(fp)
-noname.360:
- movl -136(fp),r1
- movl -140(fp),r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.361
- incl r2
-noname.361:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.362
- incl r9
-noname.362:
-
- movl r8,20(r11)
-
- clrl r8
-
- movzwl 14(r6),r2
- bicl3 #-65536,12(r7),r3
- movzwl 14(r7),r0
- bicl2 #-65536,r0
- bicl3 #-65536,12(r6),-152(fp)
- bicl3 #-65536,r2,-156(fp)
- mull3 r0,-152(fp),-144(fp)
- mull2 r3,-152(fp)
- mull3 r3,-156(fp),-148(fp)
- mull2 r0,-156(fp)
- addl3 -144(fp),-148(fp),r0
- bicl3 #0,r0,-144(fp)
- cmpl -144(fp),-148(fp)
- bgequ noname.363
- addl2 #65536,-156(fp)
-noname.363:
- movzwl -142(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-156(fp)
- bicl3 #-65536,-144(fp),r0
- ashl #16,r0,-148(fp)
- addl3 -148(fp),-152(fp),r0
- bicl3 #0,r0,-152(fp)
- cmpl -152(fp),-148(fp)
- bgequ noname.364
- incl -156(fp)
-noname.364:
- movl -152(fp),r1
- movl -156(fp),r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.365
- incl r2
-noname.365:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.366
- incl r8
-noname.366:
-
- movl r10,24(r11)
-
- movl r9,28(r11)
-
- ret
-
-
-
-;r=4 ;(AP)
-;a=8 ;(AP)
-;b=12 ;(AP)
-;n=16 ;(AP) n by value (input)
-
- .psect code,nowrt
-
-.entry BN_SQR_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9>
- movab -444(sp),sp
-
- clrq r8
-
- clrl r7
-
- movl 8(ap),r4
- movl (r4),r3
- bicl3 #-65536,r3,-4(fp)
- extzv #16,#16,r3,r0
- bicl3 #-65536,r0,r3
- movl -4(fp),r0
- mull3 r0,r3,-8(fp)
- mull3 r0,r0,-4(fp)
- mull2 r3,r3
- bicl3 #32767,-8(fp),r0
- extzv #15,#17,r0,r0
- addl2 r0,r3
- bicl3 #-65536,-8(fp),r0
- ashl #17,r0,-8(fp)
- addl3 -4(fp),-8(fp),r0
- bicl3 #0,r0,-4(fp)
- cmpl -4(fp),-8(fp)
- bgequ noname.369
- incl r3
-noname.369:
- movl -4(fp),r1
- movl r3,r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.370
- incl r2
-noname.370:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.371
- incl r7
-noname.371:
-
- movl r9,@4(ap)
-
- clrl r9
-
- movzwl 6(r4),r2
- bicl3 #-65536,(r4),r3
- movzwl 2(r4),r0
- bicl2 #-65536,r0
- bicl3 #-65536,4(r4),-20(fp)
- bicl3 #-65536,r2,-24(fp)
- mull3 r0,-20(fp),-12(fp)
- mull2 r3,-20(fp)
- mull3 r3,-24(fp),-16(fp)
- mull2 r0,-24(fp)
- addl3 -12(fp),-16(fp),r0
- bicl3 #0,r0,-12(fp)
- cmpl -12(fp),-16(fp)
- bgequ noname.372
- addl2 #65536,-24(fp)
-noname.372:
- movzwl -10(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-24(fp)
- bicl3 #-65536,-12(fp),r0
- ashl #16,r0,-16(fp)
- addl3 -16(fp),-20(fp),r0
- bicl3 #0,r0,-20(fp)
- cmpl -20(fp),-16(fp)
- bgequ noname.373
- incl -24(fp)
-noname.373:
- movl -20(fp),r3
- movl -24(fp),r2
- bbc #31,r2,noname.374
- incl r9
-noname.374:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.375
- incl r2
-noname.375:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r8
- bicl2 #0,r8
- cmpl r8,r3
- bgequ noname.376
- incl r2
- bicl3 #0,r2,r0
- bneq noname.376
- incl r9
-noname.376:
- addl2 r2,r7
- bicl2 #0,r7
- cmpl r7,r2
- bgequ noname.377
- incl r9
-noname.377:
-
- movl 4(ap),r0
- movl r8,4(r0)
-
- clrl r8
-
- movl 8(ap),r4
- movl 4(r4),r3
- bicl3 #-65536,r3,-28(fp)
- extzv #16,#16,r3,r0
- bicl3 #-65536,r0,r3
- movl -28(fp),r0
- mull3 r0,r3,-32(fp)
- mull3 r0,r0,-28(fp)
- mull2 r3,r3
- bicl3 #32767,-32(fp),r0
- extzv #15,#17,r0,r0
- addl2 r0,r3
- bicl3 #-65536,-32(fp),r0
- ashl #17,r0,-32(fp)
- addl3 -28(fp),-32(fp),r0
- bicl3 #0,r0,-28(fp)
- cmpl -28(fp),-32(fp)
- bgequ noname.378
- incl r3
-noname.378:
- movl -28(fp),r1
- movl r3,r2
- addl2 r1,r7
- bicl2 #0,r7
- cmpl r7,r1
- bgequ noname.379
- incl r2
-noname.379:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.380
- incl r8
-noname.380:
-
- movzwl 10(r4),r2
- bicl3 #-65536,(r4),r3
- movzwl 2(r4),r0
- bicl2 #-65536,r0
- bicl3 #-65536,8(r4),-44(fp)
- bicl3 #-65536,r2,-48(fp)
- mull3 r0,-44(fp),-36(fp)
- mull2 r3,-44(fp)
- mull3 r3,-48(fp),-40(fp)
- mull2 r0,-48(fp)
- addl3 -36(fp),-40(fp),r0
- bicl3 #0,r0,-36(fp)
- cmpl -36(fp),-40(fp)
- bgequ noname.381
- addl2 #65536,-48(fp)
-noname.381:
- movzwl -34(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-48(fp)
- bicl3 #-65536,-36(fp),r0
- ashl #16,r0,-40(fp)
- addl3 -40(fp),-44(fp),r0
- bicl3 #0,r0,-44(fp)
- cmpl -44(fp),-40(fp)
- bgequ noname.382
- incl -48(fp)
-noname.382:
- movl -44(fp),r3
- movl -48(fp),r2
- bbc #31,r2,noname.383
- incl r8
-noname.383:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.384
- incl r2
-noname.384:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r7
- bicl2 #0,r7
- cmpl r7,r3
- bgequ noname.385
- incl r2
- bicl3 #0,r2,r0
- bneq noname.385
- incl r8
-noname.385:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.386
- incl r8
-noname.386:
-
- movl 4(ap),r0
- movl r7,8(r0)
-
- clrl r7
-
- movl 8(ap),r0
- movzwl 14(r0),r2
- bicl3 #-65536,(r0),r3
- movzwl 2(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,12(r0),-60(fp)
- bicl3 #-65536,r2,-64(fp)
- mull3 r1,-60(fp),-52(fp)
- mull2 r3,-60(fp)
- mull3 r3,-64(fp),-56(fp)
- mull2 r1,-64(fp)
- addl3 -52(fp),-56(fp),r0
- bicl3 #0,r0,-52(fp)
- cmpl -52(fp),-56(fp)
- bgequ noname.387
- addl2 #65536,-64(fp)
-noname.387:
- movzwl -50(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-64(fp)
- bicl3 #-65536,-52(fp),r0
- ashl #16,r0,-56(fp)
- addl3 -56(fp),-60(fp),r0
- bicl3 #0,r0,-60(fp)
- cmpl -60(fp),-56(fp)
- bgequ noname.388
- incl -64(fp)
-noname.388:
- movl -60(fp),r3
- movl -64(fp),r2
- bbc #31,r2,noname.389
- incl r7
-noname.389:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.390
- incl r2
-noname.390:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r9
- bicl2 #0,r9
- cmpl r9,r3
- bgequ noname.391
- incl r2
- bicl3 #0,r2,r0
- bneq noname.391
- incl r7
-noname.391:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.392
- incl r7
-noname.392:
-
- movl 8(ap),r0
- movzwl 10(r0),r2
- bicl3 #-65536,4(r0),r3
- movzwl 6(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,8(r0),-76(fp)
- bicl3 #-65536,r2,-80(fp)
- mull3 r1,-76(fp),-68(fp)
- mull2 r3,-76(fp)
- mull3 r3,-80(fp),-72(fp)
- mull2 r1,-80(fp)
- addl3 -68(fp),-72(fp),r0
- bicl3 #0,r0,-68(fp)
- cmpl -68(fp),-72(fp)
- bgequ noname.393
- addl2 #65536,-80(fp)
-noname.393:
- movzwl -66(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-80(fp)
- bicl3 #-65536,-68(fp),r0
- ashl #16,r0,-72(fp)
- addl3 -72(fp),-76(fp),r0
- bicl3 #0,r0,-76(fp)
- cmpl -76(fp),-72(fp)
- bgequ noname.394
- incl -80(fp)
-noname.394:
- movl -76(fp),r3
- movl -80(fp),r2
- bbc #31,r2,noname.395
- incl r7
-noname.395:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.396
- incl r2
-noname.396:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r9
- bicl2 #0,r9
- cmpl r9,r3
- bgequ noname.397
- incl r2
- bicl3 #0,r2,r0
- bneq noname.397
- incl r7
-noname.397:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.398
- incl r7
-noname.398:
-
- movl 4(ap),r0
- movl r9,12(r0)
-
- clrl r9
-
- movl 8(ap),r2
- movl 8(r2),r4
- bicl3 #-65536,r4,-84(fp)
- extzv #16,#16,r4,r0
- bicl3 #-65536,r0,r4
- movl -84(fp),r0
- mull3 r0,r4,-88(fp)
- mull3 r0,r0,-84(fp)
- mull2 r4,r4
- bicl3 #32767,-88(fp),r0
- extzv #15,#17,r0,r0
- addl2 r0,r4
- bicl3 #-65536,-88(fp),r0
- ashl #17,r0,-88(fp)
- addl3 -84(fp),-88(fp),r0
- bicl3 #0,r0,-84(fp)
- cmpl -84(fp),-88(fp)
- bgequ noname.399
- incl r4
-noname.399:
- movl -84(fp),r1
- movl r4,r3
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.400
- incl r3
-noname.400:
- addl2 r3,r7
- bicl2 #0,r7
- cmpl r7,r3
- bgequ noname.401
- incl r9
-noname.401:
-
- movzwl 14(r2),r3
- bicl3 #-65536,4(r2),r1
- movzwl 6(r2),r0
- bicl2 #-65536,r0
- bicl3 #-65536,12(r2),-100(fp)
- bicl3 #-65536,r3,-104(fp)
- mull3 r0,-100(fp),-92(fp)
- mull2 r1,-100(fp)
- mull3 r1,-104(fp),-96(fp)
- mull2 r0,-104(fp)
- addl3 -92(fp),-96(fp),r0
- bicl3 #0,r0,-92(fp)
- cmpl -92(fp),-96(fp)
- bgequ noname.402
- addl2 #65536,-104(fp)
-noname.402:
- movzwl -90(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-104(fp)
- bicl3 #-65536,-92(fp),r0
- ashl #16,r0,-96(fp)
- addl3 -96(fp),-100(fp),r0
- bicl3 #0,r0,-100(fp)
- cmpl -100(fp),-96(fp)
- bgequ noname.403
- incl -104(fp)
-noname.403:
- movl -100(fp),r3
- movl -104(fp),r2
- bbc #31,r2,noname.404
- incl r9
-noname.404:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.405
- incl r2
-noname.405:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r8
- bicl2 #0,r8
- cmpl r8,r3
- bgequ noname.406
- incl r2
- bicl3 #0,r2,r0
- bneq noname.406
- incl r9
-noname.406:
- addl2 r2,r7
- bicl2 #0,r7
- cmpl r7,r2
- bgequ noname.407
- incl r9
-noname.407:
-
- movl 8(ap),r0
- movzwl 18(r0),r2
- bicl3 #-65536,(r0),r3
- movzwl 2(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,16(r0),-116(fp)
- bicl3 #-65536,r2,-120(fp)
- mull3 r1,-116(fp),-108(fp)
- mull2 r3,-116(fp)
- mull3 r3,-120(fp),-112(fp)
- mull2 r1,-120(fp)
- addl3 -108(fp),-112(fp),r0
- bicl3 #0,r0,-108(fp)
- cmpl -108(fp),-112(fp)
- bgequ noname.408
- addl2 #65536,-120(fp)
-noname.408:
- movzwl -106(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-120(fp)
- bicl3 #-65536,-108(fp),r0
- ashl #16,r0,-112(fp)
- addl3 -112(fp),-116(fp),r0
- bicl3 #0,r0,-116(fp)
- cmpl -116(fp),-112(fp)
- bgequ noname.409
- incl -120(fp)
-noname.409:
- movl -116(fp),r3
- movl -120(fp),r2
- bbc #31,r2,noname.410
- incl r9
-noname.410:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.411
- incl r2
-noname.411:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r8
- bicl2 #0,r8
- cmpl r8,r3
- bgequ noname.412
- incl r2
- bicl3 #0,r2,r0
- bneq noname.412
- incl r9
-noname.412:
- addl2 r2,r7
- bicl2 #0,r7
- cmpl r7,r2
- bgequ noname.413
- incl r9
-noname.413:
-
- movl 4(ap),r0
- movl r8,16(r0)
-
- clrl r8
-
- movl 8(ap),r0
- movzwl 22(r0),r2
- bicl3 #-65536,(r0),r3
- movzwl 2(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,20(r0),-132(fp)
- bicl3 #-65536,r2,-136(fp)
- mull3 r1,-132(fp),-124(fp)
- mull2 r3,-132(fp)
- mull3 r3,-136(fp),-128(fp)
- mull2 r1,-136(fp)
- addl3 -124(fp),-128(fp),r0
- bicl3 #0,r0,-124(fp)
- cmpl -124(fp),-128(fp)
- bgequ noname.414
- addl2 #65536,-136(fp)
-noname.414:
- movzwl -122(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-136(fp)
- bicl3 #-65536,-124(fp),r0
- ashl #16,r0,-128(fp)
- addl3 -128(fp),-132(fp),r0
- bicl3 #0,r0,-132(fp)
- cmpl -132(fp),-128(fp)
- bgequ noname.415
- incl -136(fp)
-noname.415:
- movl -132(fp),r3
- movl -136(fp),r2
- bbc #31,r2,noname.416
- incl r8
-noname.416:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.417
- incl r2
-noname.417:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r7
- bicl2 #0,r7
- cmpl r7,r3
- bgequ noname.418
- incl r2
- bicl3 #0,r2,r0
- bneq noname.418
- incl r8
-noname.418:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.419
- incl r8
-noname.419:
-
- movl 8(ap),r0
- movzwl 18(r0),r2
- bicl3 #-65536,4(r0),r3
- movzwl 6(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,16(r0),-148(fp)
- bicl3 #-65536,r2,-152(fp)
- mull3 r1,-148(fp),-140(fp)
- mull2 r3,-148(fp)
- mull3 r3,-152(fp),-144(fp)
- mull2 r1,-152(fp)
- addl3 -140(fp),-144(fp),r0
- bicl3 #0,r0,-140(fp)
- cmpl -140(fp),-144(fp)
- bgequ noname.420
- addl2 #65536,-152(fp)
-noname.420:
- movzwl -138(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-152(fp)
- bicl3 #-65536,-140(fp),r0
- ashl #16,r0,-144(fp)
- addl3 -144(fp),-148(fp),r0
- bicl3 #0,r0,-148(fp)
- cmpl -148(fp),-144(fp)
- bgequ noname.421
- incl -152(fp)
-noname.421:
- movl -148(fp),r3
- movl -152(fp),r2
- bbc #31,r2,noname.422
- incl r8
-noname.422:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.423
- incl r2
-noname.423:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r7
- bicl2 #0,r7
- cmpl r7,r3
- bgequ noname.424
- incl r2
- bicl3 #0,r2,r0
- bneq noname.424
- incl r8
-noname.424:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.425
- incl r8
-noname.425:
-
- movl 8(ap),r0
- movzwl 14(r0),r2
- bicl3 #-65536,8(r0),r3
- movzwl 10(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,12(r0),-164(fp)
- bicl3 #-65536,r2,-168(fp)
- mull3 r1,-164(fp),-156(fp)
- mull2 r3,-164(fp)
- mull3 r3,-168(fp),-160(fp)
- mull2 r1,-168(fp)
- addl3 -156(fp),-160(fp),r0
- bicl3 #0,r0,-156(fp)
- cmpl -156(fp),-160(fp)
- bgequ noname.426
- addl2 #65536,-168(fp)
-noname.426:
- movzwl -154(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-168(fp)
- bicl3 #-65536,-156(fp),r0
- ashl #16,r0,-160(fp)
- addl3 -160(fp),-164(fp),r0
- bicl3 #0,r0,-164(fp)
- cmpl -164(fp),-160(fp)
- bgequ noname.427
- incl -168(fp)
-noname.427:
- movl -164(fp),r3
- movl -168(fp),r2
- bbc #31,r2,noname.428
- incl r8
-noname.428:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.429
- incl r2
-noname.429:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r7
- bicl2 #0,r7
- cmpl r7,r3
- bgequ noname.430
- incl r2
- bicl3 #0,r2,r0
- bneq noname.430
- incl r8
-noname.430:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.431
- incl r8
-noname.431:
-
- movl 4(ap),r0
- movl r7,20(r0)
-
- clrl r7
-
- movl 8(ap),r2
- movl 12(r2),r4
- bicl3 #-65536,r4,-172(fp)
- extzv #16,#16,r4,r0
- bicl3 #-65536,r0,r4
- movl -172(fp),r0
- mull3 r0,r4,-176(fp)
- mull3 r0,r0,-172(fp)
- mull2 r4,r4
- bicl3 #32767,-176(fp),r0
- extzv #15,#17,r0,r0
- addl2 r0,r4
- bicl3 #-65536,-176(fp),r0
- ashl #17,r0,-176(fp)
- addl3 -172(fp),-176(fp),r0
- bicl3 #0,r0,-172(fp)
- cmpl -172(fp),-176(fp)
- bgequ noname.432
- incl r4
-noname.432:
- movl -172(fp),r1
- movl r4,r3
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.433
- incl r3
-noname.433:
- addl2 r3,r8
- bicl2 #0,r8
- cmpl r8,r3
- bgequ noname.434
- incl r7
-noname.434:
-
- movzwl 18(r2),r3
- bicl3 #-65536,8(r2),r1
- movzwl 10(r2),r0
- bicl2 #-65536,r0
- bicl3 #-65536,16(r2),-188(fp)
- bicl3 #-65536,r3,-192(fp)
- mull3 r0,-188(fp),-180(fp)
- mull2 r1,-188(fp)
- mull3 r1,-192(fp),-184(fp)
- mull2 r0,-192(fp)
- addl3 -180(fp),-184(fp),r0
- bicl3 #0,r0,-180(fp)
- cmpl -180(fp),-184(fp)
- bgequ noname.435
- addl2 #65536,-192(fp)
-noname.435:
- movzwl -178(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-192(fp)
- bicl3 #-65536,-180(fp),r0
- ashl #16,r0,-184(fp)
- addl3 -184(fp),-188(fp),r0
- bicl3 #0,r0,-188(fp)
- cmpl -188(fp),-184(fp)
- bgequ noname.436
- incl -192(fp)
-noname.436:
- movl -188(fp),r3
- movl -192(fp),r2
- bbc #31,r2,noname.437
- incl r7
-noname.437:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.438
- incl r2
-noname.438:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r9
- bicl2 #0,r9
- cmpl r9,r3
- bgequ noname.439
- incl r2
- bicl3 #0,r2,r0
- bneq noname.439
- incl r7
-noname.439:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.440
- incl r7
-noname.440:
-
- movl 8(ap),r0
- movzwl 22(r0),r2
- bicl3 #-65536,4(r0),r3
- movzwl 6(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,20(r0),-204(fp)
- bicl3 #-65536,r2,-208(fp)
- mull3 r1,-204(fp),-196(fp)
- mull2 r3,-204(fp)
- mull3 r3,-208(fp),-200(fp)
- mull2 r1,-208(fp)
- addl3 -196(fp),-200(fp),r0
- bicl3 #0,r0,-196(fp)
- cmpl -196(fp),-200(fp)
- bgequ noname.441
- addl2 #65536,-208(fp)
-noname.441:
- movzwl -194(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-208(fp)
- bicl3 #-65536,-196(fp),r0
- ashl #16,r0,-200(fp)
- addl3 -200(fp),-204(fp),r0
- bicl3 #0,r0,-204(fp)
- cmpl -204(fp),-200(fp)
- bgequ noname.442
- incl -208(fp)
-noname.442:
- movl -204(fp),r3
- movl -208(fp),r2
- bbc #31,r2,noname.443
- incl r7
-noname.443:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.444
- incl r2
-noname.444:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r9
- bicl2 #0,r9
- cmpl r9,r3
- bgequ noname.445
- incl r2
- bicl3 #0,r2,r0
- bneq noname.445
- incl r7
-noname.445:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.446
- incl r7
-noname.446:
-
- movl 8(ap),r0
- movzwl 26(r0),r2
- bicl3 #-65536,(r0),r3
- movzwl 2(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,24(r0),-220(fp)
- bicl3 #-65536,r2,-224(fp)
- mull3 r1,-220(fp),-212(fp)
- mull2 r3,-220(fp)
- mull3 r3,-224(fp),-216(fp)
- mull2 r1,-224(fp)
- addl3 -212(fp),-216(fp),r0
- bicl3 #0,r0,-212(fp)
- cmpl -212(fp),-216(fp)
- bgequ noname.447
- addl2 #65536,-224(fp)
-noname.447:
- movzwl -210(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-224(fp)
- bicl3 #-65536,-212(fp),r0
- ashl #16,r0,-216(fp)
- addl3 -216(fp),-220(fp),r0
- bicl3 #0,r0,-220(fp)
- cmpl -220(fp),-216(fp)
- bgequ noname.448
- incl -224(fp)
-noname.448:
- movl -220(fp),r3
- movl -224(fp),r2
- bbc #31,r2,noname.449
- incl r7
-noname.449:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.450
- incl r2
-noname.450:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r9
- bicl2 #0,r9
- cmpl r9,r3
- bgequ noname.451
- incl r2
- bicl3 #0,r2,r0
- bneq noname.451
- incl r7
-noname.451:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.452
- incl r7
-noname.452:
-
- movl 4(ap),r0
- movl r9,24(r0)
-
- clrl r9
-
- movl 8(ap),r0
- movzwl 30(r0),r2
- bicl3 #-65536,(r0),r3
- movzwl 2(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,28(r0),-236(fp)
- bicl3 #-65536,r2,-240(fp)
- mull3 r1,-236(fp),-228(fp)
- mull2 r3,-236(fp)
- mull3 r3,-240(fp),-232(fp)
- mull2 r1,-240(fp)
- addl3 -228(fp),-232(fp),r0
- bicl3 #0,r0,-228(fp)
- cmpl -228(fp),-232(fp)
- bgequ noname.453
- addl2 #65536,-240(fp)
-noname.453:
- movzwl -226(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-240(fp)
- bicl3 #-65536,-228(fp),r0
- ashl #16,r0,-232(fp)
- addl3 -232(fp),-236(fp),r0
- bicl3 #0,r0,-236(fp)
- cmpl -236(fp),-232(fp)
- bgequ noname.454
- incl -240(fp)
-noname.454:
- movl -236(fp),r3
- movl -240(fp),r2
- bbc #31,r2,noname.455
- incl r9
-noname.455:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.456
- incl r2
-noname.456:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r8
- bicl2 #0,r8
- cmpl r8,r3
- bgequ noname.457
- incl r2
- bicl3 #0,r2,r0
- bneq noname.457
- incl r9
-noname.457:
- addl2 r2,r7
- bicl2 #0,r7
- cmpl r7,r2
- bgequ noname.458
- incl r9
-noname.458:
-
- movl 8(ap),r0
- movzwl 26(r0),r2
- bicl3 #-65536,4(r0),r3
- movzwl 6(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,24(r0),-252(fp)
- bicl3 #-65536,r2,-256(fp)
- mull3 r1,-252(fp),-244(fp)
- mull2 r3,-252(fp)
- mull3 r3,-256(fp),-248(fp)
- mull2 r1,-256(fp)
- addl3 -244(fp),-248(fp),r0
- bicl3 #0,r0,-244(fp)
- cmpl -244(fp),-248(fp)
- bgequ noname.459
- addl2 #65536,-256(fp)
-noname.459:
- movzwl -242(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-256(fp)
- bicl3 #-65536,-244(fp),r0
- ashl #16,r0,-248(fp)
- addl3 -248(fp),-252(fp),r0
- bicl3 #0,r0,-252(fp)
- cmpl -252(fp),-248(fp)
- bgequ noname.460
- incl -256(fp)
-noname.460:
- movl -252(fp),r3
- movl -256(fp),r2
- bbc #31,r2,noname.461
- incl r9
-noname.461:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.462
- incl r2
-noname.462:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r8
- bicl2 #0,r8
- cmpl r8,r3
- bgequ noname.463
- incl r2
- bicl3 #0,r2,r0
- bneq noname.463
- incl r9
-noname.463:
- addl2 r2,r7
- bicl2 #0,r7
- cmpl r7,r2
- bgequ noname.464
- incl r9
-noname.464:
-
- movl 8(ap),r0
- movzwl 22(r0),r2
- bicl3 #-65536,8(r0),r3
- movzwl 10(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,20(r0),-268(fp)
- bicl3 #-65536,r2,-272(fp)
- mull3 r1,-268(fp),-260(fp)
- mull2 r3,-268(fp)
- mull3 r3,-272(fp),-264(fp)
- mull2 r1,-272(fp)
- addl3 -260(fp),-264(fp),r0
- bicl3 #0,r0,-260(fp)
- cmpl -260(fp),-264(fp)
- bgequ noname.465
- addl2 #65536,-272(fp)
-noname.465:
- movzwl -258(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-272(fp)
- bicl3 #-65536,-260(fp),r0
- ashl #16,r0,-264(fp)
- addl3 -264(fp),-268(fp),r0
- bicl3 #0,r0,-268(fp)
- cmpl -268(fp),-264(fp)
- bgequ noname.466
- incl -272(fp)
-noname.466:
- movl -268(fp),r3
- movl -272(fp),r2
- bbc #31,r2,noname.467
- incl r9
-noname.467:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.468
- incl r2
-noname.468:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r8
- bicl2 #0,r8
- cmpl r8,r3
- bgequ noname.469
- incl r2
- bicl3 #0,r2,r0
- bneq noname.469
- incl r9
-noname.469:
- addl2 r2,r7
- bicl2 #0,r7
- cmpl r7,r2
- bgequ noname.470
- incl r9
-noname.470:
-
- movl 8(ap),r0
- movzwl 18(r0),r2
- bicl3 #-65536,12(r0),r3
- movzwl 14(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,16(r0),-284(fp)
- bicl3 #-65536,r2,-288(fp)
- mull3 r1,-284(fp),-276(fp)
- mull2 r3,-284(fp)
- mull3 r3,-288(fp),-280(fp)
- mull2 r1,-288(fp)
- addl3 -276(fp),-280(fp),r0
- bicl3 #0,r0,-276(fp)
- cmpl -276(fp),-280(fp)
- bgequ noname.471
- addl2 #65536,-288(fp)
-noname.471:
- movzwl -274(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-288(fp)
- bicl3 #-65536,-276(fp),r0
- ashl #16,r0,-280(fp)
- addl3 -280(fp),-284(fp),r0
- bicl3 #0,r0,-284(fp)
- cmpl -284(fp),-280(fp)
- bgequ noname.472
- incl -288(fp)
-noname.472:
- movl -284(fp),r3
- movl -288(fp),r2
- bbc #31,r2,noname.473
- incl r9
-noname.473:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.474
- incl r2
-noname.474:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r8
- bicl2 #0,r8
- cmpl r8,r3
- bgequ noname.475
- incl r2
- bicl3 #0,r2,r0
- bneq noname.475
- incl r9
-noname.475:
- addl2 r2,r7
- bicl2 #0,r7
- cmpl r7,r2
- bgequ noname.476
- incl r9
-noname.476:
-
- movl 4(ap),r0
- movl r8,28(r0)
-
- clrl r8
-
- movl 8(ap),r3
- movl 16(r3),r4
- bicl3 #-65536,r4,r5
- extzv #16,#16,r4,r0
- bicl3 #-65536,r0,r4
- mull3 r5,r4,-292(fp)
- mull2 r5,r5
- mull2 r4,r4
- bicl3 #32767,-292(fp),r0
- extzv #15,#17,r0,r0
- addl2 r0,r4
- bicl3 #-65536,-292(fp),r0
- ashl #17,r0,-292(fp)
- addl2 -292(fp),r5
- bicl2 #0,r5
- cmpl r5,-292(fp)
- bgequ noname.477
- incl r4
-noname.477:
- movl r5,r1
- movl r4,r2
- addl2 r1,r7
- bicl2 #0,r7
- cmpl r7,r1
- bgequ noname.478
- incl r2
-noname.478:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.479
- incl r8
-noname.479:
-
- bicl3 #-65536,20(r3),r4
- movzwl 22(r3),r1
- bicl2 #-65536,r1
- bicl3 #-65536,12(r3),r2
- movzwl 14(r3),r0
- bicl2 #-65536,r0
- movl r4,r6
- movl r1,r5
- mull3 r0,r6,-296(fp)
- mull2 r2,r6
- mull3 r2,r5,-300(fp)
- mull2 r0,r5
- addl3 -296(fp),-300(fp),r0
- bicl3 #0,r0,-296(fp)
- cmpl -296(fp),-300(fp)
- bgequ noname.480
- addl2 #65536,r5
-noname.480:
- movzwl -294(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r5
- bicl3 #-65536,-296(fp),r0
- ashl #16,r0,-300(fp)
- addl2 -300(fp),r6
- bicl2 #0,r6
- cmpl r6,-300(fp)
- bgequ noname.481
- incl r5
-noname.481:
- movl r6,r3
- movl r5,r2
- bbc #31,r2,noname.482
- incl r8
-noname.482:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.483
- incl r2
-noname.483:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r7
- bicl2 #0,r7
- cmpl r7,r3
- bgequ noname.484
- incl r2
- bicl3 #0,r2,r0
- bneq noname.484
- incl r8
-noname.484:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.485
- incl r8
-noname.485:
-
- movl 8(ap),r0
- bicl3 #-65536,24(r0),r3
- movzwl 26(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,8(r0),r2
- movzwl 10(r0),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-304(fp)
- mull2 r2,r5
- mull3 r2,r4,-308(fp)
- mull2 r0,r4
- addl3 -304(fp),-308(fp),r0
- bicl3 #0,r0,-304(fp)
- cmpl -304(fp),-308(fp)
- bgequ noname.486
- addl2 #65536,r4
-noname.486:
- movzwl -302(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-304(fp),r0
- ashl #16,r0,-308(fp)
- addl2 -308(fp),r5
- bicl2 #0,r5
- cmpl r5,-308(fp)
- bgequ noname.487
- incl r4
-noname.487:
- movl r5,r3
- movl r4,r2
- bbc #31,r2,noname.488
- incl r8
-noname.488:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.489
- incl r2
-noname.489:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r7
- bicl2 #0,r7
- cmpl r7,r3
- bgequ noname.490
- incl r2
- bicl3 #0,r2,r0
- bneq noname.490
- incl r8
-noname.490:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.491
- incl r8
-noname.491:
-
- movl 8(ap),r0
- bicl3 #-65536,28(r0),r3
- movzwl 30(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,4(r0),r2
- movzwl 6(r0),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-312(fp)
- mull2 r2,r5
- mull3 r2,r4,-316(fp)
- mull2 r0,r4
- addl3 -312(fp),-316(fp),r0
- bicl3 #0,r0,-312(fp)
- cmpl -312(fp),-316(fp)
- bgequ noname.492
- addl2 #65536,r4
-noname.492:
- movzwl -310(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-312(fp),r0
- ashl #16,r0,-316(fp)
- addl2 -316(fp),r5
- bicl2 #0,r5
- cmpl r5,-316(fp)
- bgequ noname.493
- incl r4
-noname.493:
- movl r5,r3
- movl r4,r2
- bbc #31,r2,noname.494
- incl r8
-noname.494:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.495
- incl r2
-noname.495:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r7
- bicl2 #0,r7
- cmpl r7,r3
- bgequ noname.496
- incl r2
- bicl3 #0,r2,r0
- bneq noname.496
- incl r8
-noname.496:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.497
- incl r8
-noname.497:
-
- movl 4(ap),r0
- movl r7,32(r0)
-
- clrl r7
-
- movl 8(ap),r0
- bicl3 #-65536,28(r0),r3
- movzwl 30(r0),r2
- bicl3 #-65536,8(r0),r1
- movzwl 10(r0),r0
- bicl2 #-65536,r0
- movl r3,r4
- bicl3 #-65536,r2,-328(fp)
- mull3 r0,r4,-320(fp)
- mull2 r1,r4
- mull3 r1,-328(fp),-324(fp)
- mull2 r0,-328(fp)
- addl3 -320(fp),-324(fp),r0
- bicl3 #0,r0,-320(fp)
- cmpl -320(fp),-324(fp)
- bgequ noname.498
- addl2 #65536,-328(fp)
-noname.498:
- movzwl -318(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-328(fp)
- bicl3 #-65536,-320(fp),r0
- ashl #16,r0,-324(fp)
- addl2 -324(fp),r4
- bicl2 #0,r4
- cmpl r4,-324(fp)
- bgequ noname.499
- incl -328(fp)
-noname.499:
- movl r4,r3
- movl -328(fp),r2
- bbc #31,r2,noname.500
- incl r7
-noname.500:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.501
- incl r2
-noname.501:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r9
- bicl2 #0,r9
- cmpl r9,r3
- bgequ noname.502
- incl r2
- bicl3 #0,r2,r0
- bneq noname.502
- incl r7
-noname.502:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.503
- incl r7
-noname.503:
-
- movl 8(ap),r0
- movzwl 26(r0),r2
- bicl3 #-65536,12(r0),r3
- movzwl 14(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,24(r0),-340(fp)
- bicl3 #-65536,r2,-344(fp)
- mull3 r1,-340(fp),-332(fp)
- mull2 r3,-340(fp)
- mull3 r3,-344(fp),-336(fp)
- mull2 r1,-344(fp)
- addl3 -332(fp),-336(fp),r0
- bicl3 #0,r0,-332(fp)
- cmpl -332(fp),-336(fp)
- bgequ noname.504
- addl2 #65536,-344(fp)
-noname.504:
- movzwl -330(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-344(fp)
- bicl3 #-65536,-332(fp),r0
- ashl #16,r0,-336(fp)
- addl3 -336(fp),-340(fp),r0
- bicl3 #0,r0,-340(fp)
- cmpl -340(fp),-336(fp)
- bgequ noname.505
- incl -344(fp)
-noname.505:
- movl -340(fp),r3
- movl -344(fp),r2
- bbc #31,r2,noname.506
- incl r7
-noname.506:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.507
- incl r2
-noname.507:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r9
- bicl2 #0,r9
- cmpl r9,r3
- bgequ noname.508
- incl r2
- bicl3 #0,r2,r0
- bneq noname.508
- incl r7
-noname.508:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.509
- incl r7
-noname.509:
-
- movl 8(ap),r0
- movzwl 22(r0),r2
- bicl3 #-65536,16(r0),r3
- movzwl 18(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,20(r0),-356(fp)
- bicl3 #-65536,r2,-360(fp)
- mull3 r1,-356(fp),-348(fp)
- mull2 r3,-356(fp)
- mull3 r3,-360(fp),-352(fp)
- mull2 r1,-360(fp)
- addl3 -348(fp),-352(fp),r0
- bicl3 #0,r0,-348(fp)
- cmpl -348(fp),-352(fp)
- bgequ noname.510
- addl2 #65536,-360(fp)
-noname.510:
- movzwl -346(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-360(fp)
- bicl3 #-65536,-348(fp),r0
- ashl #16,r0,-352(fp)
- addl3 -352(fp),-356(fp),r0
- bicl3 #0,r0,-356(fp)
- cmpl -356(fp),-352(fp)
- bgequ noname.511
- incl -360(fp)
-noname.511:
- movl -356(fp),r3
- movl -360(fp),r2
- bbc #31,r2,noname.512
- incl r7
-noname.512:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.513
- incl r2
-noname.513:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r9
- bicl2 #0,r9
- cmpl r9,r3
- bgequ noname.514
- incl r2
- bicl3 #0,r2,r0
- bneq noname.514
- incl r7
-noname.514:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.515
- incl r7
-noname.515:
-
- movl 4(ap),r0
- movl r9,36(r0)
-
- clrl r9
-
- movl 8(ap),r3
- movl 20(r3),r4
- bicl3 #-65536,r4,-364(fp)
- extzv #16,#16,r4,r0
- bicl3 #-65536,r0,r4
- movl -364(fp),r0
- mull3 r0,r4,-368(fp)
- mull3 r0,r0,-364(fp)
- mull2 r4,r4
- bicl3 #32767,-368(fp),r0
- extzv #15,#17,r0,r0
- addl2 r0,r4
- bicl3 #-65536,-368(fp),r0
- ashl #17,r0,-368(fp)
- addl3 -364(fp),-368(fp),r0
- bicl3 #0,r0,-364(fp)
- cmpl -364(fp),-368(fp)
- bgequ noname.516
- incl r4
-noname.516:
- movl -364(fp),r1
- movl r4,r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.517
- incl r2
-noname.517:
- addl2 r2,r7
- bicl2 #0,r7
- cmpl r7,r2
- bgequ noname.518
- incl r9
-noname.518:
-
- bicl3 #-65536,24(r3),r4
- movzwl 26(r3),r1
- bicl2 #-65536,r1
- bicl3 #-65536,16(r3),r2
- movzwl 18(r3),r0
- bicl2 #-65536,r0
- movl r4,r6
- movl r1,r5
- mull3 r0,r6,-372(fp)
- mull2 r2,r6
- mull3 r2,r5,-376(fp)
- mull2 r0,r5
- addl3 -372(fp),-376(fp),r0
- bicl3 #0,r0,-372(fp)
- cmpl -372(fp),-376(fp)
- bgequ noname.519
- addl2 #65536,r5
-noname.519:
- movzwl -370(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r5
- bicl3 #-65536,-372(fp),r0
- ashl #16,r0,-376(fp)
- addl2 -376(fp),r6
- bicl2 #0,r6
- cmpl r6,-376(fp)
- bgequ noname.520
- incl r5
-noname.520:
- movl r6,r3
- movl r5,r2
- bbc #31,r2,noname.521
- incl r9
-noname.521:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.522
- incl r2
-noname.522:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r8
- bicl2 #0,r8
- cmpl r8,r3
- bgequ noname.523
- incl r2
- bicl3 #0,r2,r0
- bneq noname.523
- incl r9
-noname.523:
- addl2 r2,r7
- bicl2 #0,r7
- cmpl r7,r2
- bgequ noname.524
- incl r9
-noname.524:
-
- movl 8(ap),r0
- bicl3 #-65536,28(r0),r3
- movzwl 30(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,12(r0),r2
- movzwl 14(r0),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-380(fp)
- mull2 r2,r5
- mull3 r2,r4,-384(fp)
- mull2 r0,r4
- addl3 -380(fp),-384(fp),r0
- bicl3 #0,r0,-380(fp)
- cmpl -380(fp),-384(fp)
- bgequ noname.525
- addl2 #65536,r4
-noname.525:
- movzwl -378(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-380(fp),r0
- ashl #16,r0,-384(fp)
- addl2 -384(fp),r5
- bicl2 #0,r5
- cmpl r5,-384(fp)
- bgequ noname.526
- incl r4
-noname.526:
- movl r5,r3
- movl r4,r2
- bbc #31,r2,noname.527
- incl r9
-noname.527:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.528
- incl r2
-noname.528:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r8
- bicl2 #0,r8
- cmpl r8,r3
- bgequ noname.529
- incl r2
- bicl3 #0,r2,r0
- bneq noname.529
- incl r9
-noname.529:
- addl2 r2,r7
- bicl2 #0,r7
- cmpl r7,r2
- bgequ noname.530
- incl r9
-noname.530:
- movl 4(ap),r0
- movl r8,40(r0)
-
- clrl r8
-
- movl 8(ap),r0
- bicl3 #-65536,28(r0),r3
- movzwl 30(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,16(r0),r2
- movzwl 18(r0),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-388(fp)
- mull2 r2,r5
- mull3 r2,r4,-392(fp)
- mull2 r0,r4
- addl3 -388(fp),-392(fp),r0
- bicl3 #0,r0,-388(fp)
- cmpl -388(fp),-392(fp)
- bgequ noname.531
- addl2 #65536,r4
-noname.531:
- movzwl -386(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-388(fp),r0
- ashl #16,r0,-392(fp)
- addl2 -392(fp),r5
- bicl2 #0,r5
- cmpl r5,-392(fp)
- bgequ noname.532
- incl r4
-noname.532:
- movl r5,r3
- movl r4,r2
- bbc #31,r2,noname.533
- incl r8
-noname.533:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.534
- incl r2
-noname.534:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r7
- bicl2 #0,r7
- cmpl r7,r3
- bgequ noname.535
- incl r2
- bicl3 #0,r2,r0
- bneq noname.535
- incl r8
-noname.535:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.536
- incl r8
-noname.536:
-
- movl 8(ap),r0
- bicl3 #-65536,24(r0),r3
- movzwl 26(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,20(r0),r2
- movzwl 22(r0),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-396(fp)
- mull2 r2,r5
- mull3 r2,r4,-400(fp)
- mull2 r0,r4
- addl3 -396(fp),-400(fp),r0
- bicl3 #0,r0,-396(fp)
- cmpl -396(fp),-400(fp)
- bgequ noname.537
- addl2 #65536,r4
-noname.537:
- movzwl -394(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-396(fp),r0
- ashl #16,r0,-400(fp)
- addl2 -400(fp),r5
- bicl2 #0,r5
- cmpl r5,-400(fp)
- bgequ noname.538
- incl r4
-noname.538:
- movl r5,r3
- movl r4,r2
- bbc #31,r2,noname.539
- incl r8
-noname.539:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.540
- incl r2
-noname.540:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r7
- bicl2 #0,r7
- cmpl r7,r3
- bgequ noname.541
- incl r2
- bicl3 #0,r2,r0
- bneq noname.541
- incl r8
-noname.541:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.542
- incl r8
-noname.542:
-
- movl 4(ap),r0
- movl r7,44(r0)
-
- clrl r7
-
- movl 8(ap),r3
- movl 24(r3),r4
- bicl3 #-65536,r4,r5
- extzv #16,#16,r4,r0
- bicl3 #-65536,r0,r4
- mull3 r5,r4,-404(fp)
- mull2 r5,r5
- mull2 r4,r4
- bicl3 #32767,-404(fp),r0
- extzv #15,#17,r0,r0
- addl2 r0,r4
- bicl3 #-65536,-404(fp),r0
- ashl #17,r0,-404(fp)
- addl2 -404(fp),r5
- bicl2 #0,r5
- cmpl r5,-404(fp)
- bgequ noname.543
- incl r4
-noname.543:
- movl r5,r1
- movl r4,r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.544
- incl r2
-noname.544:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.545
- incl r7
-noname.545:
-
- movzwl 30(r3),r2
- bicl3 #-65536,20(r3),r1
- movzwl 22(r3),r0
- bicl2 #-65536,r0
- bicl3 #-65536,28(r3),-416(fp)
- bicl3 #-65536,r2,-420(fp)
- mull3 r0,-416(fp),-408(fp)
- mull2 r1,-416(fp)
- mull3 r1,-420(fp),-412(fp)
- mull2 r0,-420(fp)
- addl3 -408(fp),-412(fp),r0
- bicl3 #0,r0,-408(fp)
- cmpl -408(fp),-412(fp)
- bgequ noname.546
- addl2 #65536,-420(fp)
-noname.546:
- movzwl -406(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-420(fp)
- bicl3 #-65536,-408(fp),r0
- ashl #16,r0,-412(fp)
- addl3 -412(fp),-416(fp),r0
- bicl3 #0,r0,-416(fp)
- cmpl -416(fp),-412(fp)
- bgequ noname.547
- incl -420(fp)
-noname.547:
- movl -416(fp),r3
- movl -420(fp),r2
- bbc #31,r2,noname.548
- incl r7
-noname.548:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.549
- incl r2
-noname.549:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r9
- bicl2 #0,r9
- cmpl r9,r3
- bgequ noname.550
- incl r2
- bicl3 #0,r2,r0
- bneq noname.550
- incl r7
-noname.550:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.551
- incl r7
-noname.551:
-
- movl 4(ap),r0
- movl r9,48(r0)
-
- clrl r9
-
- movl 8(ap),r0
- movzwl 30(r0),r2
- bicl3 #-65536,24(r0),r3
- movzwl 26(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,28(r0),-432(fp)
- bicl3 #-65536,r2,-436(fp)
- mull3 r1,-432(fp),-424(fp)
- mull2 r3,-432(fp)
- mull3 r3,-436(fp),-428(fp)
- mull2 r1,-436(fp)
- addl3 -424(fp),-428(fp),r0
- bicl3 #0,r0,-424(fp)
- cmpl -424(fp),-428(fp)
- bgequ noname.552
- addl2 #65536,-436(fp)
-noname.552:
- movzwl -422(fp),r0
- bicl2 #-65536,r0
- addl2 r0,-436(fp)
- bicl3 #-65536,-424(fp),r0
- ashl #16,r0,-428(fp)
- addl3 -428(fp),-432(fp),r0
- bicl3 #0,r0,-432(fp)
- cmpl -432(fp),-428(fp)
- bgequ noname.553
- incl -436(fp)
-noname.553:
- movl -432(fp),r3
- movl -436(fp),r2
- bbc #31,r2,noname.554
- incl r9
-noname.554:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.555
- incl r2
-noname.555:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r8
- bicl2 #0,r8
- cmpl r8,r3
- bgequ noname.556
- incl r2
- bicl3 #0,r2,r0
- bneq noname.556
- incl r9
-noname.556:
- addl2 r2,r7
- bicl2 #0,r7
- cmpl r7,r2
- bgequ noname.557
- incl r9
-noname.557:
-
- movl 4(ap),r4
- movl r8,52(r4)
-
- clrl r8
-
- movl 8(ap),r0
- movl 28(r0),r3
- bicl3 #-65536,r3,-440(fp)
- extzv #16,#16,r3,r0
- bicl3 #-65536,r0,r3
- movl -440(fp),r0
- mull3 r0,r3,-444(fp)
- mull3 r0,r0,-440(fp)
- mull2 r3,r3
- bicl3 #32767,-444(fp),r0
- extzv #15,#17,r0,r0
- addl2 r0,r3
- bicl3 #-65536,-444(fp),r0
- ashl #17,r0,-444(fp)
- addl3 -440(fp),-444(fp),r0
- bicl3 #0,r0,-440(fp)
- cmpl -440(fp),-444(fp)
- bgequ noname.558
- incl r3
-noname.558:
- movl -440(fp),r1
- movl r3,r2
- addl2 r1,r7
- bicl2 #0,r7
- cmpl r7,r1
- bgequ noname.559
- incl r2
-noname.559:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.560
- incl r8
-noname.560:
-
- movl r7,56(r4)
-
- movl r9,60(r4)
-
- ret
-
-
-
-;r=4 ;(AP)
-;a=8 ;(AP)
-;b=12 ;(AP)
-;n=16 ;(AP) n by value (input)
-
- .psect code,nowrt
-
-.entry BN_SQR_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10>
- subl2 #44,sp
-
- clrq r8
-
- clrl r10
-
- movl 8(ap),r5
- movl (r5),r3
- bicl3 #-65536,r3,r4
- extzv #16,#16,r3,r0
- bicl3 #-65536,r0,r3
- mull3 r4,r3,-4(fp)
- mull2 r4,r4
- mull2 r3,r3
- bicl3 #32767,-4(fp),r0
- extzv #15,#17,r0,r0
- addl2 r0,r3
- bicl3 #-65536,-4(fp),r0
- ashl #17,r0,-4(fp)
- addl2 -4(fp),r4
- bicl2 #0,r4
- cmpl r4,-4(fp)
- bgequ noname.563
- incl r3
-noname.563:
- movl r4,r1
- movl r3,r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.564
- incl r2
-noname.564:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.565
- incl r10
-noname.565:
-
- movl r9,@4(ap)
-
- clrl r9
-
- bicl3 #-65536,4(r5),r3
- movzwl 6(r5),r1
- bicl2 #-65536,r1
- bicl3 #-65536,(r5),r2
- movzwl 2(r5),r0
- bicl2 #-65536,r0
- movl r3,r6
- movl r1,r4
- mull3 r0,r6,-8(fp)
- mull2 r2,r6
- mull2 r4,r2
- mull2 r0,r4
- addl3 -8(fp),r2,r0
- bicl3 #0,r0,-8(fp)
- cmpl -8(fp),r2
- bgequ noname.566
- addl2 #65536,r4
-noname.566:
- movzwl -6(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-8(fp),r0
- ashl #16,r0,r1
- addl2 r1,r6
- bicl2 #0,r6
- cmpl r6,r1
- bgequ noname.567
- incl r4
-noname.567:
- movl r6,r3
- movl r4,r2
- bbc #31,r2,noname.568
- incl r9
-noname.568:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.569
- incl r2
-noname.569:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r8
- bicl2 #0,r8
- cmpl r8,r3
- bgequ noname.570
- incl r2
- bicl3 #0,r2,r0
- bneq noname.570
- incl r9
-noname.570:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.571
- incl r9
-noname.571:
-
- movl 4(ap),r0
- movl r8,4(r0)
-
- clrl r8
-
- movl 8(ap),r4
- movl 4(r4),r3
- bicl3 #-65536,r3,r5
- extzv #16,#16,r3,r0
- bicl3 #-65536,r0,r3
- mull3 r5,r3,r1
- mull2 r5,r5
- mull2 r3,r3
- bicl3 #32767,r1,r0
- extzv #15,#17,r0,r0
- addl2 r0,r3
- bicl2 #-65536,r1
- ashl #17,r1,r1
- addl2 r1,r5
- bicl2 #0,r5
- cmpl r5,r1
- bgequ noname.572
- incl r3
-noname.572:
- movl r5,r1
- movl r3,r2
- addl2 r1,r10
- bicl2 #0,r10
- cmpl r10,r1
- bgequ noname.573
- incl r2
-noname.573:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.574
- incl r8
-noname.574:
-
- bicl3 #-65536,8(r4),r3
- movzwl 10(r4),r1
- bicl2 #-65536,r1
- bicl3 #-65536,(r4),r2
- movzwl 2(r4),r0
- bicl2 #-65536,r0
- movl r3,r6
- movl r1,r5
- mull3 r0,r6,r7
- mull2 r2,r6
- mull2 r5,r2
- mull2 r0,r5
- addl2 r2,r7
- bicl2 #0,r7
- cmpl r7,r2
- bgequ noname.575
- addl2 #65536,r5
-noname.575:
- extzv #16,#16,r7,r0
- bicl2 #-65536,r0
- addl2 r0,r5
- bicl3 #-65536,r7,r0
- ashl #16,r0,r1
- addl2 r1,r6
- bicl2 #0,r6
- cmpl r6,r1
- bgequ noname.576
- incl r5
-noname.576:
- movl r6,r3
- movl r5,r2
- bbc #31,r2,noname.577
- incl r8
-noname.577:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.578
- incl r2
-noname.578:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r10
- bicl2 #0,r10
- cmpl r10,r3
- bgequ noname.579
- incl r2
- bicl3 #0,r2,r0
- bneq noname.579
- incl r8
-noname.579:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.580
- incl r8
-noname.580:
-
- movl 4(ap),r0
- movl r10,8(r0)
-
- clrl r10
-
- movl 8(ap),r0
- bicl3 #-65536,12(r0),r3
- movzwl 14(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,(r0),r2
- movzwl 2(r0),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,r6
- mull2 r2,r5
- mull3 r2,r4,-12(fp)
- mull2 r0,r4
- addl2 -12(fp),r6
- bicl2 #0,r6
- cmpl r6,-12(fp)
- bgequ noname.581
- addl2 #65536,r4
-noname.581:
- extzv #16,#16,r6,r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,r6,r0
- ashl #16,r0,-12(fp)
- addl2 -12(fp),r5
- bicl2 #0,r5
- cmpl r5,-12(fp)
- bgequ noname.582
- incl r4
-noname.582:
- movl r5,r3
- movl r4,r2
- bbc #31,r2,noname.583
- incl r10
-noname.583:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.584
- incl r2
-noname.584:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r9
- bicl2 #0,r9
- cmpl r9,r3
- bgequ noname.585
- incl r2
- bicl3 #0,r2,r0
- bneq noname.585
- incl r10
-noname.585:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.586
- incl r10
-noname.586:
-
- movl 8(ap),r0
- bicl3 #-65536,8(r0),r3
- movzwl 10(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,4(r0),r2
- movzwl 6(r0),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-16(fp)
- mull2 r2,r5
- mull3 r2,r4,-20(fp)
- mull2 r0,r4
- addl3 -16(fp),-20(fp),r0
- bicl3 #0,r0,-16(fp)
- cmpl -16(fp),-20(fp)
- bgequ noname.587
- addl2 #65536,r4
-noname.587:
- movzwl -14(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-16(fp),r0
- ashl #16,r0,-20(fp)
- addl2 -20(fp),r5
- bicl2 #0,r5
- cmpl r5,-20(fp)
- bgequ noname.588
- incl r4
-noname.588:
- movl r5,r3
- movl r4,r2
- bbc #31,r2,noname.589
- incl r10
-noname.589:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.590
- incl r2
-noname.590:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r9
- bicl2 #0,r9
- cmpl r9,r3
- bgequ noname.591
- incl r2
- bicl3 #0,r2,r0
- bneq noname.591
- incl r10
-noname.591:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.592
- incl r10
-noname.592:
- movl 4(ap),r0
- movl r9,12(r0)
-
- clrl r9
-
- movl 8(ap),r3
- movl 8(r3),r4
- bicl3 #-65536,r4,r5
- extzv #16,#16,r4,r0
- bicl3 #-65536,r0,r4
- mull3 r5,r4,-24(fp)
- mull2 r5,r5
- mull2 r4,r4
- bicl3 #32767,-24(fp),r0
- extzv #15,#17,r0,r0
- addl2 r0,r4
- bicl3 #-65536,-24(fp),r0
- ashl #17,r0,-24(fp)
- addl2 -24(fp),r5
- bicl2 #0,r5
- cmpl r5,-24(fp)
- bgequ noname.593
- incl r4
-noname.593:
- movl r5,r1
- movl r4,r2
- addl2 r1,r8
- bicl2 #0,r8
- cmpl r8,r1
- bgequ noname.594
- incl r2
-noname.594:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.595
- incl r9
-noname.595:
-
- bicl3 #-65536,12(r3),r4
- movzwl 14(r3),r1
- bicl2 #-65536,r1
- bicl3 #-65536,4(r3),r2
- movzwl 6(r3),r0
- bicl2 #-65536,r0
- movl r4,r6
- movl r1,r5
- mull3 r0,r6,-28(fp)
- mull2 r2,r6
- mull3 r2,r5,-32(fp)
- mull2 r0,r5
- addl3 -28(fp),-32(fp),r0
- bicl3 #0,r0,-28(fp)
- cmpl -28(fp),-32(fp)
- bgequ noname.596
- addl2 #65536,r5
-noname.596:
- movzwl -26(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r5
- bicl3 #-65536,-28(fp),r0
- ashl #16,r0,-32(fp)
- addl2 -32(fp),r6
- bicl2 #0,r6
- cmpl r6,-32(fp)
- bgequ noname.597
- incl r5
-noname.597:
- movl r6,r3
- movl r5,r2
- bbc #31,r2,noname.598
- incl r9
-noname.598:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.599
- incl r2
-noname.599:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r8
- bicl2 #0,r8
- cmpl r8,r3
- bgequ noname.600
- incl r2
- bicl3 #0,r2,r0
- bneq noname.600
- incl r9
-noname.600:
- addl2 r2,r10
- bicl2 #0,r10
- cmpl r10,r2
- bgequ noname.601
- incl r9
-noname.601:
-
- movl 4(ap),r0
- movl r8,16(r0)
-
- clrl r8
-
- movl 8(ap),r0
- bicl3 #-65536,12(r0),r3
- movzwl 14(r0),r1
- bicl2 #-65536,r1
- bicl3 #-65536,8(r0),r2
- movzwl 10(r0),r0
- bicl2 #-65536,r0
- movl r3,r5
- movl r1,r4
- mull3 r0,r5,-36(fp)
- mull2 r2,r5
- mull3 r2,r4,-40(fp)
- mull2 r0,r4
- addl3 -36(fp),-40(fp),r0
- bicl3 #0,r0,-36(fp)
- cmpl -36(fp),-40(fp)
- bgequ noname.602
- addl2 #65536,r4
-noname.602:
- movzwl -34(fp),r0
- bicl2 #-65536,r0
- addl2 r0,r4
- bicl3 #-65536,-36(fp),r0
- ashl #16,r0,-40(fp)
- addl2 -40(fp),r5
- bicl2 #0,r5
- cmpl r5,-40(fp)
- bgequ noname.603
- incl r4
-noname.603:
- movl r5,r3
- movl r4,r2
- bbc #31,r2,noname.604
- incl r8
-noname.604:
- addl2 r2,r2
- bicl2 #0,r2
- bbc #31,r3,noname.605
- incl r2
-noname.605:
- addl2 r3,r3
- bicl2 #0,r3
- addl2 r3,r10
- bicl2 #0,r10
- cmpl r10,r3
- bgequ noname.606
- incl r2
- bicl3 #0,r2,r0
- bneq noname.606
- incl r8
-noname.606:
- addl2 r2,r9
- bicl2 #0,r9
- cmpl r9,r2
- bgequ noname.607
- incl r8
-noname.607:
-
- movl 4(ap),r4
- movl r10,20(r4)
-
- clrl r10
-
- movl 8(ap),r0
- movl 12(r0),r3
- bicl3 #-65536,r3,r5
- extzv #16,#16,r3,r0
- bicl3 #-65536,r0,r3
- mull3 r5,r3,-44(fp)
- mull2 r5,r5
- mull2 r3,r3
- bicl3 #32767,-44(fp),r0
- extzv #15,#17,r0,r0
- addl2 r0,r3
- bicl3 #-65536,-44(fp),r0
- ashl #17,r0,-44(fp)
- addl2 -44(fp),r5
- bicl2 #0,r5
- cmpl r5,-44(fp)
- bgequ noname.608
- incl r3
-noname.608:
- movl r5,r1
- movl r3,r2
- addl2 r1,r9
- bicl2 #0,r9
- cmpl r9,r1
- bgequ noname.609
- incl r2
-noname.609:
- addl2 r2,r8
- bicl2 #0,r8
- cmpl r8,r2
- bgequ noname.610
- incl r10
-noname.610:
-
- movl r9,24(r4)
-
- movl r8,28(r4)
-
- ret
-
-; For now, the code below doesn't work, so I end this prematurely.
-.end
diff --git a/thirdparty/openssl/crypto/bn/asm/x86/f b/thirdparty/openssl/crypto/bn/asm/x86/f
deleted file mode 100644
index 22e4112224..0000000000
--- a/thirdparty/openssl/crypto/bn/asm/x86/f
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/usr/local/bin/perl
-# x86 assember
-
diff --git a/thirdparty/openssl/crypto/bn/asm/x86_64-gcc.c b/thirdparty/openssl/crypto/bn/asm/x86_64-gcc.c
deleted file mode 100644
index 1729b479d4..0000000000
--- a/thirdparty/openssl/crypto/bn/asm/x86_64-gcc.c
+++ /dev/null
@@ -1,638 +0,0 @@
-#include "../bn_lcl.h"
-#if !(defined(__GNUC__) && __GNUC__>=2)
-# include "../bn_asm.c" /* kind of dirty hack for Sun Studio */
-#else
-/*-
- * x86_64 BIGNUM accelerator version 0.1, December 2002.
- *
- * Implemented by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
- * project.
- *
- * Rights for redistribution and usage in source and binary forms are
- * granted according to the OpenSSL license. Warranty of any kind is
- * disclaimed.
- *
- * Q. Version 0.1? It doesn't sound like Andy, he used to assign real
- * versions, like 1.0...
- * A. Well, that's because this code is basically a quick-n-dirty
- * proof-of-concept hack. As you can see it's implemented with
- * inline assembler, which means that you're bound to GCC and that
- * there might be enough room for further improvement.
- *
- * Q. Why inline assembler?
- * A. x86_64 features own ABI which I'm not familiar with. This is
- * why I decided to let the compiler take care of subroutine
- * prologue/epilogue as well as register allocation. For reference.
- * Win64 implements different ABI for AMD64, different from Linux.
- *
- * Q. How much faster does it get?
- * A. 'apps/openssl speed rsa dsa' output with no-asm:
- *
- * sign verify sign/s verify/s
- * rsa 512 bits 0.0006s 0.0001s 1683.8 18456.2
- * rsa 1024 bits 0.0028s 0.0002s 356.0 6407.0
- * rsa 2048 bits 0.0172s 0.0005s 58.0 1957.8
- * rsa 4096 bits 0.1155s 0.0018s 8.7 555.6
- * sign verify sign/s verify/s
- * dsa 512 bits 0.0005s 0.0006s 2100.8 1768.3
- * dsa 1024 bits 0.0014s 0.0018s 692.3 559.2
- * dsa 2048 bits 0.0049s 0.0061s 204.7 165.0
- *
- * 'apps/openssl speed rsa dsa' output with this module:
- *
- * sign verify sign/s verify/s
- * rsa 512 bits 0.0004s 0.0000s 2767.1 33297.9
- * rsa 1024 bits 0.0012s 0.0001s 867.4 14674.7
- * rsa 2048 bits 0.0061s 0.0002s 164.0 5270.0
- * rsa 4096 bits 0.0384s 0.0006s 26.1 1650.8
- * sign verify sign/s verify/s
- * dsa 512 bits 0.0002s 0.0003s 4442.2 3786.3
- * dsa 1024 bits 0.0005s 0.0007s 1835.1 1497.4
- * dsa 2048 bits 0.0016s 0.0020s 620.4 504.6
- *
- * For the reference. IA-32 assembler implementation performs
- * very much like 64-bit code compiled with no-asm on the same
- * machine.
- */
-
-# if defined(_WIN64) || !defined(__LP64__)
-# define BN_ULONG unsigned long long
-# else
-# define BN_ULONG unsigned long
-# endif
-
-# undef mul
-# undef mul_add
-
-/*-
- * "m"(a), "+m"(r) is the way to favor DirectPath µ-code;
- * "g"(0) let the compiler to decide where does it
- * want to keep the value of zero;
- */
-# define mul_add(r,a,word,carry) do { \
- register BN_ULONG high,low; \
- asm ("mulq %3" \
- : "=a"(low),"=d"(high) \
- : "a"(word),"m"(a) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(carry),"+d"(high)\
- : "a"(low),"g"(0) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+m"(r),"+d"(high) \
- : "r"(carry),"g"(0) \
- : "cc"); \
- carry=high; \
- } while (0)
-
-# define mul(r,a,word,carry) do { \
- register BN_ULONG high,low; \
- asm ("mulq %3" \
- : "=a"(low),"=d"(high) \
- : "a"(word),"g"(a) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(carry),"+d"(high)\
- : "a"(low),"g"(0) \
- : "cc"); \
- (r)=carry, carry=high; \
- } while (0)
-# undef sqr
-# define sqr(r0,r1,a) \
- asm ("mulq %2" \
- : "=a"(r0),"=d"(r1) \
- : "a"(a) \
- : "cc");
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
- BN_ULONG w)
-{
- BN_ULONG c1 = 0;
-
- if (num <= 0)
- return (c1);
-
- while (num & ~3) {
- mul_add(rp[0], ap[0], w, c1);
- mul_add(rp[1], ap[1], w, c1);
- mul_add(rp[2], ap[2], w, c1);
- mul_add(rp[3], ap[3], w, c1);
- ap += 4;
- rp += 4;
- num -= 4;
- }
- if (num) {
- mul_add(rp[0], ap[0], w, c1);
- if (--num == 0)
- return c1;
- mul_add(rp[1], ap[1], w, c1);
- if (--num == 0)
- return c1;
- mul_add(rp[2], ap[2], w, c1);
- return c1;
- }
-
- return (c1);
-}
-
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
-{
- BN_ULONG c1 = 0;
-
- if (num <= 0)
- return (c1);
-
- while (num & ~3) {
- mul(rp[0], ap[0], w, c1);
- mul(rp[1], ap[1], w, c1);
- mul(rp[2], ap[2], w, c1);
- mul(rp[3], ap[3], w, c1);
- ap += 4;
- rp += 4;
- num -= 4;
- }
- if (num) {
- mul(rp[0], ap[0], w, c1);
- if (--num == 0)
- return c1;
- mul(rp[1], ap[1], w, c1);
- if (--num == 0)
- return c1;
- mul(rp[2], ap[2], w, c1);
- }
- return (c1);
-}
-
-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
-{
- if (n <= 0)
- return;
-
- while (n & ~3) {
- sqr(r[0], r[1], a[0]);
- sqr(r[2], r[3], a[1]);
- sqr(r[4], r[5], a[2]);
- sqr(r[6], r[7], a[3]);
- a += 4;
- r += 8;
- n -= 4;
- }
- if (n) {
- sqr(r[0], r[1], a[0]);
- if (--n == 0)
- return;
- sqr(r[2], r[3], a[1]);
- if (--n == 0)
- return;
- sqr(r[4], r[5], a[2]);
- }
-}
-
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
-{
- BN_ULONG ret, waste;
-
- asm("divq %4":"=a"(ret), "=d"(waste)
- : "a"(l), "d"(h), "r"(d)
- : "cc");
-
- return ret;
-}
-
-BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
- int n)
-{
- BN_ULONG ret;
- size_t i = 0;
-
- if (n <= 0)
- return 0;
-
- asm volatile (" subq %0,%0 \n" /* clear carry */
- " jmp 1f \n"
- ".p2align 4 \n"
- "1: movq (%4,%2,8),%0 \n"
- " adcq (%5,%2,8),%0 \n"
- " movq %0,(%3,%2,8) \n"
- " lea 1(%2),%2 \n"
- " loop 1b \n"
- " sbbq %0,%0 \n":"=&r" (ret), "+c"(n),
- "+r"(i)
- :"r"(rp), "r"(ap), "r"(bp)
- :"cc", "memory");
-
- return ret & 1;
-}
-
-# ifndef SIMICS
-BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
- int n)
-{
- BN_ULONG ret;
- size_t i = 0;
-
- if (n <= 0)
- return 0;
-
- asm volatile (" subq %0,%0 \n" /* clear borrow */
- " jmp 1f \n"
- ".p2align 4 \n"
- "1: movq (%4,%2,8),%0 \n"
- " sbbq (%5,%2,8),%0 \n"
- " movq %0,(%3,%2,8) \n"
- " lea 1(%2),%2 \n"
- " loop 1b \n"
- " sbbq %0,%0 \n":"=&r" (ret), "+c"(n),
- "+r"(i)
- :"r"(rp), "r"(ap), "r"(bp)
- :"cc", "memory");
-
- return ret & 1;
-}
-# else
-/* Simics 1.4<7 has buggy sbbq:-( */
-# define BN_MASK2 0xffffffffffffffffL
-BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-{
- BN_ULONG t1, t2;
- int c = 0;
-
- if (n <= 0)
- return ((BN_ULONG)0);
-
- for (;;) {
- t1 = a[0];
- t2 = b[0];
- r[0] = (t1 - t2 - c) & BN_MASK2;
- if (t1 != t2)
- c = (t1 < t2);
- if (--n <= 0)
- break;
-
- t1 = a[1];
- t2 = b[1];
- r[1] = (t1 - t2 - c) & BN_MASK2;
- if (t1 != t2)
- c = (t1 < t2);
- if (--n <= 0)
- break;
-
- t1 = a[2];
- t2 = b[2];
- r[2] = (t1 - t2 - c) & BN_MASK2;
- if (t1 != t2)
- c = (t1 < t2);
- if (--n <= 0)
- break;
-
- t1 = a[3];
- t2 = b[3];
- r[3] = (t1 - t2 - c) & BN_MASK2;
- if (t1 != t2)
- c = (t1 < t2);
- if (--n <= 0)
- break;
-
- a += 4;
- b += 4;
- r += 4;
- }
- return (c);
-}
-# endif
-
-/* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */
-/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
-/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
-/*
- * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number
- * c=(c2,c1,c0)
- */
-
-/*
- * Keep in mind that carrying into high part of multiplication result
- * can not overflow, because it cannot be all-ones.
- */
-# if 0
-/* original macros are kept for reference purposes */
-# define mul_add_c(a,b,c0,c1,c2) do { \
- BN_ULONG ta = (a), tb = (b); \
- BN_ULONG lo, hi; \
- BN_UMULT_LOHI(lo,hi,ta,tb); \
- c0 += lo; hi += (c0<lo)?1:0; \
- c1 += hi; c2 += (c1<hi)?1:0; \
- } while(0)
-
-# define mul_add_c2(a,b,c0,c1,c2) do { \
- BN_ULONG ta = (a), tb = (b); \
- BN_ULONG lo, hi, tt; \
- BN_UMULT_LOHI(lo,hi,ta,tb); \
- c0 += lo; tt = hi+((c0<lo)?1:0); \
- c1 += tt; c2 += (c1<tt)?1:0; \
- c0 += lo; hi += (c0<lo)?1:0; \
- c1 += hi; c2 += (c1<hi)?1:0; \
- } while(0)
-
-# define sqr_add_c(a,i,c0,c1,c2) do { \
- BN_ULONG ta = (a)[i]; \
- BN_ULONG lo, hi; \
- BN_UMULT_LOHI(lo,hi,ta,ta); \
- c0 += lo; hi += (c0<lo)?1:0; \
- c1 += hi; c2 += (c1<hi)?1:0; \
- } while(0)
-# else
-# define mul_add_c(a,b,c0,c1,c2) do { \
- BN_ULONG t1,t2; \
- asm ("mulq %3" \
- : "=a"(t1),"=d"(t2) \
- : "a"(a),"m"(b) \
- : "cc"); \
- asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \
- : "+r"(c0),"+r"(c1),"+r"(c2) \
- : "r"(t1),"r"(t2),"g"(0) \
- : "cc"); \
- } while (0)
-
-# define sqr_add_c(a,i,c0,c1,c2) do { \
- BN_ULONG t1,t2; \
- asm ("mulq %2" \
- : "=a"(t1),"=d"(t2) \
- : "a"(a[i]) \
- : "cc"); \
- asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \
- : "+r"(c0),"+r"(c1),"+r"(c2) \
- : "r"(t1),"r"(t2),"g"(0) \
- : "cc"); \
- } while (0)
-
-# define mul_add_c2(a,b,c0,c1,c2) do { \
- BN_ULONG t1,t2; \
- asm ("mulq %3" \
- : "=a"(t1),"=d"(t2) \
- : "a"(a),"m"(b) \
- : "cc"); \
- asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \
- : "+r"(c0),"+r"(c1),"+r"(c2) \
- : "r"(t1),"r"(t2),"g"(0) \
- : "cc"); \
- asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \
- : "+r"(c0),"+r"(c1),"+r"(c2) \
- : "r"(t1),"r"(t2),"g"(0) \
- : "cc"); \
- } while (0)
-# endif
-
-# define sqr_add_c2(a,i,j,c0,c1,c2) \
- mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-{
- BN_ULONG c1, c2, c3;
-
- c1 = 0;
- c2 = 0;
- c3 = 0;
- mul_add_c(a[0], b[0], c1, c2, c3);
- r[0] = c1;
- c1 = 0;
- mul_add_c(a[0], b[1], c2, c3, c1);
- mul_add_c(a[1], b[0], c2, c3, c1);
- r[1] = c2;
- c2 = 0;
- mul_add_c(a[2], b[0], c3, c1, c2);
- mul_add_c(a[1], b[1], c3, c1, c2);
- mul_add_c(a[0], b[2], c3, c1, c2);
- r[2] = c3;
- c3 = 0;
- mul_add_c(a[0], b[3], c1, c2, c3);
- mul_add_c(a[1], b[2], c1, c2, c3);
- mul_add_c(a[2], b[1], c1, c2, c3);
- mul_add_c(a[3], b[0], c1, c2, c3);
- r[3] = c1;
- c1 = 0;
- mul_add_c(a[4], b[0], c2, c3, c1);
- mul_add_c(a[3], b[1], c2, c3, c1);
- mul_add_c(a[2], b[2], c2, c3, c1);
- mul_add_c(a[1], b[3], c2, c3, c1);
- mul_add_c(a[0], b[4], c2, c3, c1);
- r[4] = c2;
- c2 = 0;
- mul_add_c(a[0], b[5], c3, c1, c2);
- mul_add_c(a[1], b[4], c3, c1, c2);
- mul_add_c(a[2], b[3], c3, c1, c2);
- mul_add_c(a[3], b[2], c3, c1, c2);
- mul_add_c(a[4], b[1], c3, c1, c2);
- mul_add_c(a[5], b[0], c3, c1, c2);
- r[5] = c3;
- c3 = 0;
- mul_add_c(a[6], b[0], c1, c2, c3);
- mul_add_c(a[5], b[1], c1, c2, c3);
- mul_add_c(a[4], b[2], c1, c2, c3);
- mul_add_c(a[3], b[3], c1, c2, c3);
- mul_add_c(a[2], b[4], c1, c2, c3);
- mul_add_c(a[1], b[5], c1, c2, c3);
- mul_add_c(a[0], b[6], c1, c2, c3);
- r[6] = c1;
- c1 = 0;
- mul_add_c(a[0], b[7], c2, c3, c1);
- mul_add_c(a[1], b[6], c2, c3, c1);
- mul_add_c(a[2], b[5], c2, c3, c1);
- mul_add_c(a[3], b[4], c2, c3, c1);
- mul_add_c(a[4], b[3], c2, c3, c1);
- mul_add_c(a[5], b[2], c2, c3, c1);
- mul_add_c(a[6], b[1], c2, c3, c1);
- mul_add_c(a[7], b[0], c2, c3, c1);
- r[7] = c2;
- c2 = 0;
- mul_add_c(a[7], b[1], c3, c1, c2);
- mul_add_c(a[6], b[2], c3, c1, c2);
- mul_add_c(a[5], b[3], c3, c1, c2);
- mul_add_c(a[4], b[4], c3, c1, c2);
- mul_add_c(a[3], b[5], c3, c1, c2);
- mul_add_c(a[2], b[6], c3, c1, c2);
- mul_add_c(a[1], b[7], c3, c1, c2);
- r[8] = c3;
- c3 = 0;
- mul_add_c(a[2], b[7], c1, c2, c3);
- mul_add_c(a[3], b[6], c1, c2, c3);
- mul_add_c(a[4], b[5], c1, c2, c3);
- mul_add_c(a[5], b[4], c1, c2, c3);
- mul_add_c(a[6], b[3], c1, c2, c3);
- mul_add_c(a[7], b[2], c1, c2, c3);
- r[9] = c1;
- c1 = 0;
- mul_add_c(a[7], b[3], c2, c3, c1);
- mul_add_c(a[6], b[4], c2, c3, c1);
- mul_add_c(a[5], b[5], c2, c3, c1);
- mul_add_c(a[4], b[6], c2, c3, c1);
- mul_add_c(a[3], b[7], c2, c3, c1);
- r[10] = c2;
- c2 = 0;
- mul_add_c(a[4], b[7], c3, c1, c2);
- mul_add_c(a[5], b[6], c3, c1, c2);
- mul_add_c(a[6], b[5], c3, c1, c2);
- mul_add_c(a[7], b[4], c3, c1, c2);
- r[11] = c3;
- c3 = 0;
- mul_add_c(a[7], b[5], c1, c2, c3);
- mul_add_c(a[6], b[6], c1, c2, c3);
- mul_add_c(a[5], b[7], c1, c2, c3);
- r[12] = c1;
- c1 = 0;
- mul_add_c(a[6], b[7], c2, c3, c1);
- mul_add_c(a[7], b[6], c2, c3, c1);
- r[13] = c2;
- c2 = 0;
- mul_add_c(a[7], b[7], c3, c1, c2);
- r[14] = c3;
- r[15] = c1;
-}
-
-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-{
- BN_ULONG c1, c2, c3;
-
- c1 = 0;
- c2 = 0;
- c3 = 0;
- mul_add_c(a[0], b[0], c1, c2, c3);
- r[0] = c1;
- c1 = 0;
- mul_add_c(a[0], b[1], c2, c3, c1);
- mul_add_c(a[1], b[0], c2, c3, c1);
- r[1] = c2;
- c2 = 0;
- mul_add_c(a[2], b[0], c3, c1, c2);
- mul_add_c(a[1], b[1], c3, c1, c2);
- mul_add_c(a[0], b[2], c3, c1, c2);
- r[2] = c3;
- c3 = 0;
- mul_add_c(a[0], b[3], c1, c2, c3);
- mul_add_c(a[1], b[2], c1, c2, c3);
- mul_add_c(a[2], b[1], c1, c2, c3);
- mul_add_c(a[3], b[0], c1, c2, c3);
- r[3] = c1;
- c1 = 0;
- mul_add_c(a[3], b[1], c2, c3, c1);
- mul_add_c(a[2], b[2], c2, c3, c1);
- mul_add_c(a[1], b[3], c2, c3, c1);
- r[4] = c2;
- c2 = 0;
- mul_add_c(a[2], b[3], c3, c1, c2);
- mul_add_c(a[3], b[2], c3, c1, c2);
- r[5] = c3;
- c3 = 0;
- mul_add_c(a[3], b[3], c1, c2, c3);
- r[6] = c1;
- r[7] = c2;
-}
-
-void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
-{
- BN_ULONG c1, c2, c3;
-
- c1 = 0;
- c2 = 0;
- c3 = 0;
- sqr_add_c(a, 0, c1, c2, c3);
- r[0] = c1;
- c1 = 0;
- sqr_add_c2(a, 1, 0, c2, c3, c1);
- r[1] = c2;
- c2 = 0;
- sqr_add_c(a, 1, c3, c1, c2);
- sqr_add_c2(a, 2, 0, c3, c1, c2);
- r[2] = c3;
- c3 = 0;
- sqr_add_c2(a, 3, 0, c1, c2, c3);
- sqr_add_c2(a, 2, 1, c1, c2, c3);
- r[3] = c1;
- c1 = 0;
- sqr_add_c(a, 2, c2, c3, c1);
- sqr_add_c2(a, 3, 1, c2, c3, c1);
- sqr_add_c2(a, 4, 0, c2, c3, c1);
- r[4] = c2;
- c2 = 0;
- sqr_add_c2(a, 5, 0, c3, c1, c2);
- sqr_add_c2(a, 4, 1, c3, c1, c2);
- sqr_add_c2(a, 3, 2, c3, c1, c2);
- r[5] = c3;
- c3 = 0;
- sqr_add_c(a, 3, c1, c2, c3);
- sqr_add_c2(a, 4, 2, c1, c2, c3);
- sqr_add_c2(a, 5, 1, c1, c2, c3);
- sqr_add_c2(a, 6, 0, c1, c2, c3);
- r[6] = c1;
- c1 = 0;
- sqr_add_c2(a, 7, 0, c2, c3, c1);
- sqr_add_c2(a, 6, 1, c2, c3, c1);
- sqr_add_c2(a, 5, 2, c2, c3, c1);
- sqr_add_c2(a, 4, 3, c2, c3, c1);
- r[7] = c2;
- c2 = 0;
- sqr_add_c(a, 4, c3, c1, c2);
- sqr_add_c2(a, 5, 3, c3, c1, c2);
- sqr_add_c2(a, 6, 2, c3, c1, c2);
- sqr_add_c2(a, 7, 1, c3, c1, c2);
- r[8] = c3;
- c3 = 0;
- sqr_add_c2(a, 7, 2, c1, c2, c3);
- sqr_add_c2(a, 6, 3, c1, c2, c3);
- sqr_add_c2(a, 5, 4, c1, c2, c3);
- r[9] = c1;
- c1 = 0;
- sqr_add_c(a, 5, c2, c3, c1);
- sqr_add_c2(a, 6, 4, c2, c3, c1);
- sqr_add_c2(a, 7, 3, c2, c3, c1);
- r[10] = c2;
- c2 = 0;
- sqr_add_c2(a, 7, 4, c3, c1, c2);
- sqr_add_c2(a, 6, 5, c3, c1, c2);
- r[11] = c3;
- c3 = 0;
- sqr_add_c(a, 6, c1, c2, c3);
- sqr_add_c2(a, 7, 5, c1, c2, c3);
- r[12] = c1;
- c1 = 0;
- sqr_add_c2(a, 7, 6, c2, c3, c1);
- r[13] = c2;
- c2 = 0;
- sqr_add_c(a, 7, c3, c1, c2);
- r[14] = c3;
- r[15] = c1;
-}
-
-void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
-{
- BN_ULONG c1, c2, c3;
-
- c1 = 0;
- c2 = 0;
- c3 = 0;
- sqr_add_c(a, 0, c1, c2, c3);
- r[0] = c1;
- c1 = 0;
- sqr_add_c2(a, 1, 0, c2, c3, c1);
- r[1] = c2;
- c2 = 0;
- sqr_add_c(a, 1, c3, c1, c2);
- sqr_add_c2(a, 2, 0, c3, c1, c2);
- r[2] = c3;
- c3 = 0;
- sqr_add_c2(a, 3, 0, c1, c2, c3);
- sqr_add_c2(a, 2, 1, c1, c2, c3);
- r[3] = c1;
- c1 = 0;
- sqr_add_c(a, 2, c2, c3, c1);
- sqr_add_c2(a, 3, 1, c2, c3, c1);
- r[4] = c2;
- c2 = 0;
- sqr_add_c2(a, 3, 2, c3, c1, c2);
- r[5] = c3;
- c3 = 0;
- sqr_add_c(a, 3, c1, c2, c3);
- r[6] = c1;
- r[7] = c2;
-}
-#endif
diff --git a/thirdparty/openssl/crypto/bn/bn.mul b/thirdparty/openssl/crypto/bn/bn.mul
deleted file mode 100644
index 9728870d38..0000000000
--- a/thirdparty/openssl/crypto/bn/bn.mul
+++ /dev/null
@@ -1,19 +0,0 @@
-We need
-
-* bn_mul_comba8
-* bn_mul_comba4
-* bn_mul_normal
-* bn_mul_recursive
-
-* bn_sqr_comba8
-* bn_sqr_comba4
-bn_sqr_normal -> BN_sqr
-* bn_sqr_recursive
-
-* bn_mul_low_recursive
-* bn_mul_low_normal
-* bn_mul_high
-
-* bn_mul_part_recursive # symetric but not power of 2
-
-bn_mul_asymetric_recursive # uneven, but do the chop up.
diff --git a/thirdparty/openssl/crypto/bn/bn_add.c b/thirdparty/openssl/crypto/bn/bn_add.c
deleted file mode 100644
index 2f3d110449..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_add.c
+++ /dev/null
@@ -1,313 +0,0 @@
-/* crypto/bn/bn_add.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-/* r can == a or b */
-int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-{
- const BIGNUM *tmp;
- int a_neg = a->neg, ret;
-
- bn_check_top(a);
- bn_check_top(b);
-
- /*-
- * a + b a+b
- * a + -b a-b
- * -a + b b-a
- * -a + -b -(a+b)
- */
- if (a_neg ^ b->neg) {
- /* only one is negative */
- if (a_neg) {
- tmp = a;
- a = b;
- b = tmp;
- }
-
- /* we are now a - b */
-
- if (BN_ucmp(a, b) < 0) {
- if (!BN_usub(r, b, a))
- return (0);
- r->neg = 1;
- } else {
- if (!BN_usub(r, a, b))
- return (0);
- r->neg = 0;
- }
- return (1);
- }
-
- ret = BN_uadd(r, a, b);
- r->neg = a_neg;
- bn_check_top(r);
- return ret;
-}
-
-/* unsigned add of b to a */
-int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-{
- int max, min, dif;
- BN_ULONG *ap, *bp, *rp, carry, t1, t2;
- const BIGNUM *tmp;
-
- bn_check_top(a);
- bn_check_top(b);
-
- if (a->top < b->top) {
- tmp = a;
- a = b;
- b = tmp;
- }
- max = a->top;
- min = b->top;
- dif = max - min;
-
- if (bn_wexpand(r, max + 1) == NULL)
- return 0;
-
- r->top = max;
-
- ap = a->d;
- bp = b->d;
- rp = r->d;
-
- carry = bn_add_words(rp, ap, bp, min);
- rp += min;
- ap += min;
- bp += min;
-
- if (carry) {
- while (dif) {
- dif--;
- t1 = *(ap++);
- t2 = (t1 + 1) & BN_MASK2;
- *(rp++) = t2;
- if (t2) {
- carry = 0;
- break;
- }
- }
- if (carry) {
- /* carry != 0 => dif == 0 */
- *rp = 1;
- r->top++;
- }
- }
- if (dif && rp != ap)
- while (dif--)
- /* copy remaining words if ap != rp */
- *(rp++) = *(ap++);
- r->neg = 0;
- bn_check_top(r);
- return 1;
-}
-
-/* unsigned subtraction of b from a, a must be larger than b. */
-int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-{
- int max, min, dif;
- register BN_ULONG t1, t2, *ap, *bp, *rp;
- int i, carry;
-#if defined(IRIX_CC_BUG) && !defined(LINT)
- int dummy;
-#endif
-
- bn_check_top(a);
- bn_check_top(b);
-
- max = a->top;
- min = b->top;
- dif = max - min;
-
- if (dif < 0) { /* hmm... should not be happening */
- BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3);
- return (0);
- }
-
- if (bn_wexpand(r, max) == NULL)
- return (0);
-
- ap = a->d;
- bp = b->d;
- rp = r->d;
-
-#if 1
- carry = 0;
- for (i = min; i != 0; i--) {
- t1 = *(ap++);
- t2 = *(bp++);
- if (carry) {
- carry = (t1 <= t2);
- t1 = (t1 - t2 - 1) & BN_MASK2;
- } else {
- carry = (t1 < t2);
- t1 = (t1 - t2) & BN_MASK2;
- }
-# if defined(IRIX_CC_BUG) && !defined(LINT)
- dummy = t1;
-# endif
- *(rp++) = t1 & BN_MASK2;
- }
-#else
- carry = bn_sub_words(rp, ap, bp, min);
- ap += min;
- bp += min;
- rp += min;
-#endif
- if (carry) { /* subtracted */
- if (!dif)
- /* error: a < b */
- return 0;
- while (dif) {
- dif--;
- t1 = *(ap++);
- t2 = (t1 - 1) & BN_MASK2;
- *(rp++) = t2;
- if (t1)
- break;
- }
- }
-#if 0
- memcpy(rp, ap, sizeof(*rp) * (max - i));
-#else
- if (rp != ap) {
- for (;;) {
- if (!dif--)
- break;
- rp[0] = ap[0];
- if (!dif--)
- break;
- rp[1] = ap[1];
- if (!dif--)
- break;
- rp[2] = ap[2];
- if (!dif--)
- break;
- rp[3] = ap[3];
- rp += 4;
- ap += 4;
- }
- }
-#endif
-
- r->top = max;
- r->neg = 0;
- bn_correct_top(r);
- return (1);
-}
-
-int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-{
- int max;
- int add = 0, neg = 0;
- const BIGNUM *tmp;
-
- bn_check_top(a);
- bn_check_top(b);
-
- /*-
- * a - b a-b
- * a - -b a+b
- * -a - b -(a+b)
- * -a - -b b-a
- */
- if (a->neg) {
- if (b->neg) {
- tmp = a;
- a = b;
- b = tmp;
- } else {
- add = 1;
- neg = 1;
- }
- } else {
- if (b->neg) {
- add = 1;
- neg = 0;
- }
- }
-
- if (add) {
- if (!BN_uadd(r, a, b))
- return (0);
- r->neg = neg;
- return (1);
- }
-
- /* We are actually doing a - b :-) */
-
- max = (a->top > b->top) ? a->top : b->top;
- if (bn_wexpand(r, max) == NULL)
- return (0);
- if (BN_ucmp(a, b) < 0) {
- if (!BN_usub(r, b, a))
- return (0);
- r->neg = 1;
- } else {
- if (!BN_usub(r, a, b))
- return (0);
- r->neg = 0;
- }
- bn_check_top(r);
- return (1);
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_asm.c b/thirdparty/openssl/crypto/bn/bn_asm.c
deleted file mode 100644
index 03a33cffe5..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_asm.c
+++ /dev/null
@@ -1,1093 +0,0 @@
-/* crypto/bn/bn_asm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef BN_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <stdio.h>
-#include <assert.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
- BN_ULONG w)
-{
- BN_ULONG c1 = 0;
-
- assert(num >= 0);
- if (num <= 0)
- return (c1);
-
-# ifndef OPENSSL_SMALL_FOOTPRINT
- while (num & ~3) {
- mul_add(rp[0], ap[0], w, c1);
- mul_add(rp[1], ap[1], w, c1);
- mul_add(rp[2], ap[2], w, c1);
- mul_add(rp[3], ap[3], w, c1);
- ap += 4;
- rp += 4;
- num -= 4;
- }
-# endif
- while (num) {
- mul_add(rp[0], ap[0], w, c1);
- ap++;
- rp++;
- num--;
- }
-
- return (c1);
-}
-
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
-{
- BN_ULONG c1 = 0;
-
- assert(num >= 0);
- if (num <= 0)
- return (c1);
-
-# ifndef OPENSSL_SMALL_FOOTPRINT
- while (num & ~3) {
- mul(rp[0], ap[0], w, c1);
- mul(rp[1], ap[1], w, c1);
- mul(rp[2], ap[2], w, c1);
- mul(rp[3], ap[3], w, c1);
- ap += 4;
- rp += 4;
- num -= 4;
- }
-# endif
- while (num) {
- mul(rp[0], ap[0], w, c1);
- ap++;
- rp++;
- num--;
- }
- return (c1);
-}
-
-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
-{
- assert(n >= 0);
- if (n <= 0)
- return;
-
-# ifndef OPENSSL_SMALL_FOOTPRINT
- while (n & ~3) {
- sqr(r[0], r[1], a[0]);
- sqr(r[2], r[3], a[1]);
- sqr(r[4], r[5], a[2]);
- sqr(r[6], r[7], a[3]);
- a += 4;
- r += 8;
- n -= 4;
- }
-# endif
- while (n) {
- sqr(r[0], r[1], a[0]);
- a++;
- r += 2;
- n--;
- }
-}
-
-#else /* !(defined(BN_LLONG) ||
- * defined(BN_UMULT_HIGH)) */
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
- BN_ULONG w)
-{
- BN_ULONG c = 0;
- BN_ULONG bl, bh;
-
- assert(num >= 0);
- if (num <= 0)
- return ((BN_ULONG)0);
-
- bl = LBITS(w);
- bh = HBITS(w);
-
-# ifndef OPENSSL_SMALL_FOOTPRINT
- while (num & ~3) {
- mul_add(rp[0], ap[0], bl, bh, c);
- mul_add(rp[1], ap[1], bl, bh, c);
- mul_add(rp[2], ap[2], bl, bh, c);
- mul_add(rp[3], ap[3], bl, bh, c);
- ap += 4;
- rp += 4;
- num -= 4;
- }
-# endif
- while (num) {
- mul_add(rp[0], ap[0], bl, bh, c);
- ap++;
- rp++;
- num--;
- }
- return (c);
-}
-
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
-{
- BN_ULONG carry = 0;
- BN_ULONG bl, bh;
-
- assert(num >= 0);
- if (num <= 0)
- return ((BN_ULONG)0);
-
- bl = LBITS(w);
- bh = HBITS(w);
-
-# ifndef OPENSSL_SMALL_FOOTPRINT
- while (num & ~3) {
- mul(rp[0], ap[0], bl, bh, carry);
- mul(rp[1], ap[1], bl, bh, carry);
- mul(rp[2], ap[2], bl, bh, carry);
- mul(rp[3], ap[3], bl, bh, carry);
- ap += 4;
- rp += 4;
- num -= 4;
- }
-# endif
- while (num) {
- mul(rp[0], ap[0], bl, bh, carry);
- ap++;
- rp++;
- num--;
- }
- return (carry);
-}
-
-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
-{
- assert(n >= 0);
- if (n <= 0)
- return;
-
-# ifndef OPENSSL_SMALL_FOOTPRINT
- while (n & ~3) {
- sqr64(r[0], r[1], a[0]);
- sqr64(r[2], r[3], a[1]);
- sqr64(r[4], r[5], a[2]);
- sqr64(r[6], r[7], a[3]);
- a += 4;
- r += 8;
- n -= 4;
- }
-# endif
- while (n) {
- sqr64(r[0], r[1], a[0]);
- a++;
- r += 2;
- n--;
- }
-}
-
-#endif /* !(defined(BN_LLONG) ||
- * defined(BN_UMULT_HIGH)) */
-
-#if defined(BN_LLONG) && defined(BN_DIV2W)
-
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
-{
- return ((BN_ULONG)(((((BN_ULLONG) h) << BN_BITS2) | l) / (BN_ULLONG) d));
-}
-
-#else
-
-/* Divide h,l by d and return the result. */
-/* I need to test this some more :-( */
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
-{
- BN_ULONG dh, dl, q, ret = 0, th, tl, t;
- int i, count = 2;
-
- if (d == 0)
- return (BN_MASK2);
-
- i = BN_num_bits_word(d);
- assert((i == BN_BITS2) || (h <= (BN_ULONG)1 << i));
-
- i = BN_BITS2 - i;
- if (h >= d)
- h -= d;
-
- if (i) {
- d <<= i;
- h = (h << i) | (l >> (BN_BITS2 - i));
- l <<= i;
- }
- dh = (d & BN_MASK2h) >> BN_BITS4;
- dl = (d & BN_MASK2l);
- for (;;) {
- if ((h >> BN_BITS4) == dh)
- q = BN_MASK2l;
- else
- q = h / dh;
-
- th = q * dh;
- tl = dl * q;
- for (;;) {
- t = h - th;
- if ((t & BN_MASK2h) ||
- ((tl) <= ((t << BN_BITS4) | ((l & BN_MASK2h) >> BN_BITS4))))
- break;
- q--;
- th -= dh;
- tl -= dl;
- }
- t = (tl >> BN_BITS4);
- tl = (tl << BN_BITS4) & BN_MASK2h;
- th += t;
-
- if (l < tl)
- th++;
- l -= tl;
- if (h < th) {
- h += d;
- q--;
- }
- h -= th;
-
- if (--count == 0)
- break;
-
- ret = q << BN_BITS4;
- h = ((h << BN_BITS4) | (l >> BN_BITS4)) & BN_MASK2;
- l = (l & BN_MASK2l) << BN_BITS4;
- }
- ret |= q;
- return (ret);
-}
-#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
-
-#ifdef BN_LLONG
-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
- int n)
-{
- BN_ULLONG ll = 0;
-
- assert(n >= 0);
- if (n <= 0)
- return ((BN_ULONG)0);
-
-# ifndef OPENSSL_SMALL_FOOTPRINT
- while (n & ~3) {
- ll += (BN_ULLONG) a[0] + b[0];
- r[0] = (BN_ULONG)ll & BN_MASK2;
- ll >>= BN_BITS2;
- ll += (BN_ULLONG) a[1] + b[1];
- r[1] = (BN_ULONG)ll & BN_MASK2;
- ll >>= BN_BITS2;
- ll += (BN_ULLONG) a[2] + b[2];
- r[2] = (BN_ULONG)ll & BN_MASK2;
- ll >>= BN_BITS2;
- ll += (BN_ULLONG) a[3] + b[3];
- r[3] = (BN_ULONG)ll & BN_MASK2;
- ll >>= BN_BITS2;
- a += 4;
- b += 4;
- r += 4;
- n -= 4;
- }
-# endif
- while (n) {
- ll += (BN_ULLONG) a[0] + b[0];
- r[0] = (BN_ULONG)ll & BN_MASK2;
- ll >>= BN_BITS2;
- a++;
- b++;
- r++;
- n--;
- }
- return ((BN_ULONG)ll);
-}
-#else /* !BN_LLONG */
-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
- int n)
-{
- BN_ULONG c, l, t;
-
- assert(n >= 0);
- if (n <= 0)
- return ((BN_ULONG)0);
-
- c = 0;
-# ifndef OPENSSL_SMALL_FOOTPRINT
- while (n & ~3) {
- t = a[0];
- t = (t + c) & BN_MASK2;
- c = (t < c);
- l = (t + b[0]) & BN_MASK2;
- c += (l < t);
- r[0] = l;
- t = a[1];
- t = (t + c) & BN_MASK2;
- c = (t < c);
- l = (t + b[1]) & BN_MASK2;
- c += (l < t);
- r[1] = l;
- t = a[2];
- t = (t + c) & BN_MASK2;
- c = (t < c);
- l = (t + b[2]) & BN_MASK2;
- c += (l < t);
- r[2] = l;
- t = a[3];
- t = (t + c) & BN_MASK2;
- c = (t < c);
- l = (t + b[3]) & BN_MASK2;
- c += (l < t);
- r[3] = l;
- a += 4;
- b += 4;
- r += 4;
- n -= 4;
- }
-# endif
- while (n) {
- t = a[0];
- t = (t + c) & BN_MASK2;
- c = (t < c);
- l = (t + b[0]) & BN_MASK2;
- c += (l < t);
- r[0] = l;
- a++;
- b++;
- r++;
- n--;
- }
- return ((BN_ULONG)c);
-}
-#endif /* !BN_LLONG */
-
-BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
- int n)
-{
- BN_ULONG t1, t2;
- int c = 0;
-
- assert(n >= 0);
- if (n <= 0)
- return ((BN_ULONG)0);
-
-#ifndef OPENSSL_SMALL_FOOTPRINT
- while (n & ~3) {
- t1 = a[0];
- t2 = b[0];
- r[0] = (t1 - t2 - c) & BN_MASK2;
- if (t1 != t2)
- c = (t1 < t2);
- t1 = a[1];
- t2 = b[1];
- r[1] = (t1 - t2 - c) & BN_MASK2;
- if (t1 != t2)
- c = (t1 < t2);
- t1 = a[2];
- t2 = b[2];
- r[2] = (t1 - t2 - c) & BN_MASK2;
- if (t1 != t2)
- c = (t1 < t2);
- t1 = a[3];
- t2 = b[3];
- r[3] = (t1 - t2 - c) & BN_MASK2;
- if (t1 != t2)
- c = (t1 < t2);
- a += 4;
- b += 4;
- r += 4;
- n -= 4;
- }
-#endif
- while (n) {
- t1 = a[0];
- t2 = b[0];
- r[0] = (t1 - t2 - c) & BN_MASK2;
- if (t1 != t2)
- c = (t1 < t2);
- a++;
- b++;
- r++;
- n--;
- }
- return (c);
-}
-
-#if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT)
-
-# undef bn_mul_comba8
-# undef bn_mul_comba4
-# undef bn_sqr_comba8
-# undef bn_sqr_comba4
-
-/* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */
-/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
-/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
-/*
- * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number
- * c=(c2,c1,c0)
- */
-
-# ifdef BN_LLONG
-/*
- * Keep in mind that additions to multiplication result can not
- * overflow, because its high half cannot be all-ones.
- */
-# define mul_add_c(a,b,c0,c1,c2) do { \
- BN_ULONG hi; \
- BN_ULLONG t = (BN_ULLONG)(a)*(b); \
- t += c0; /* no carry */ \
- c0 = (BN_ULONG)Lw(t); \
- hi = (BN_ULONG)Hw(t); \
- c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
- } while(0)
-
-# define mul_add_c2(a,b,c0,c1,c2) do { \
- BN_ULONG hi; \
- BN_ULLONG t = (BN_ULLONG)(a)*(b); \
- BN_ULLONG tt = t+c0; /* no carry */ \
- c0 = (BN_ULONG)Lw(tt); \
- hi = (BN_ULONG)Hw(tt); \
- c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
- t += c0; /* no carry */ \
- c0 = (BN_ULONG)Lw(t); \
- hi = (BN_ULONG)Hw(t); \
- c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
- } while(0)
-
-# define sqr_add_c(a,i,c0,c1,c2) do { \
- BN_ULONG hi; \
- BN_ULLONG t = (BN_ULLONG)a[i]*a[i]; \
- t += c0; /* no carry */ \
- c0 = (BN_ULONG)Lw(t); \
- hi = (BN_ULONG)Hw(t); \
- c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
- } while(0)
-
-# define sqr_add_c2(a,i,j,c0,c1,c2) \
- mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-# elif defined(BN_UMULT_LOHI)
-/*
- * Keep in mind that additions to hi can not overflow, because
- * the high word of a multiplication result cannot be all-ones.
- */
-# define mul_add_c(a,b,c0,c1,c2) do { \
- BN_ULONG ta = (a), tb = (b); \
- BN_ULONG lo, hi; \
- BN_UMULT_LOHI(lo,hi,ta,tb); \
- c0 += lo; hi += (c0<lo)?1:0; \
- c1 += hi; c2 += (c1<hi)?1:0; \
- } while(0)
-
-# define mul_add_c2(a,b,c0,c1,c2) do { \
- BN_ULONG ta = (a), tb = (b); \
- BN_ULONG lo, hi, tt; \
- BN_UMULT_LOHI(lo,hi,ta,tb); \
- c0 += lo; tt = hi+((c0<lo)?1:0); \
- c1 += tt; c2 += (c1<tt)?1:0; \
- c0 += lo; hi += (c0<lo)?1:0; \
- c1 += hi; c2 += (c1<hi)?1:0; \
- } while(0)
-
-# define sqr_add_c(a,i,c0,c1,c2) do { \
- BN_ULONG ta = (a)[i]; \
- BN_ULONG lo, hi; \
- BN_UMULT_LOHI(lo,hi,ta,ta); \
- c0 += lo; hi += (c0<lo)?1:0; \
- c1 += hi; c2 += (c1<hi)?1:0; \
- } while(0)
-
-# define sqr_add_c2(a,i,j,c0,c1,c2) \
- mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-# elif defined(BN_UMULT_HIGH)
-/*
- * Keep in mind that additions to hi can not overflow, because
- * the high word of a multiplication result cannot be all-ones.
- */
-# define mul_add_c(a,b,c0,c1,c2) do { \
- BN_ULONG ta = (a), tb = (b); \
- BN_ULONG lo = ta * tb; \
- BN_ULONG hi = BN_UMULT_HIGH(ta,tb); \
- c0 += lo; hi += (c0<lo)?1:0; \
- c1 += hi; c2 += (c1<hi)?1:0; \
- } while(0)
-
-# define mul_add_c2(a,b,c0,c1,c2) do { \
- BN_ULONG ta = (a), tb = (b), tt; \
- BN_ULONG lo = ta * tb; \
- BN_ULONG hi = BN_UMULT_HIGH(ta,tb); \
- c0 += lo; tt = hi + ((c0<lo)?1:0); \
- c1 += tt; c2 += (c1<tt)?1:0; \
- c0 += lo; hi += (c0<lo)?1:0; \
- c1 += hi; c2 += (c1<hi)?1:0; \
- } while(0)
-
-# define sqr_add_c(a,i,c0,c1,c2) do { \
- BN_ULONG ta = (a)[i]; \
- BN_ULONG lo = ta * ta; \
- BN_ULONG hi = BN_UMULT_HIGH(ta,ta); \
- c0 += lo; hi += (c0<lo)?1:0; \
- c1 += hi; c2 += (c1<hi)?1:0; \
- } while(0)
-
-# define sqr_add_c2(a,i,j,c0,c1,c2) \
- mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-# else /* !BN_LLONG */
-/*
- * Keep in mind that additions to hi can not overflow, because
- * the high word of a multiplication result cannot be all-ones.
- */
-# define mul_add_c(a,b,c0,c1,c2) do { \
- BN_ULONG lo = LBITS(a), hi = HBITS(a); \
- BN_ULONG bl = LBITS(b), bh = HBITS(b); \
- mul64(lo,hi,bl,bh); \
- c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \
- c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
- } while(0)
-
-# define mul_add_c2(a,b,c0,c1,c2) do { \
- BN_ULONG tt; \
- BN_ULONG lo = LBITS(a), hi = HBITS(a); \
- BN_ULONG bl = LBITS(b), bh = HBITS(b); \
- mul64(lo,hi,bl,bh); \
- tt = hi; \
- c0 = (c0+lo)&BN_MASK2; if (c0<lo) tt++; \
- c1 = (c1+tt)&BN_MASK2; if (c1<tt) c2++; \
- c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \
- c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
- } while(0)
-
-# define sqr_add_c(a,i,c0,c1,c2) do { \
- BN_ULONG lo, hi; \
- sqr64(lo,hi,(a)[i]); \
- c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \
- c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
- } while(0)
-
-# define sqr_add_c2(a,i,j,c0,c1,c2) \
- mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-# endif /* !BN_LLONG */
-
-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-{
- BN_ULONG c1, c2, c3;
-
- c1 = 0;
- c2 = 0;
- c3 = 0;
- mul_add_c(a[0], b[0], c1, c2, c3);
- r[0] = c1;
- c1 = 0;
- mul_add_c(a[0], b[1], c2, c3, c1);
- mul_add_c(a[1], b[0], c2, c3, c1);
- r[1] = c2;
- c2 = 0;
- mul_add_c(a[2], b[0], c3, c1, c2);
- mul_add_c(a[1], b[1], c3, c1, c2);
- mul_add_c(a[0], b[2], c3, c1, c2);
- r[2] = c3;
- c3 = 0;
- mul_add_c(a[0], b[3], c1, c2, c3);
- mul_add_c(a[1], b[2], c1, c2, c3);
- mul_add_c(a[2], b[1], c1, c2, c3);
- mul_add_c(a[3], b[0], c1, c2, c3);
- r[3] = c1;
- c1 = 0;
- mul_add_c(a[4], b[0], c2, c3, c1);
- mul_add_c(a[3], b[1], c2, c3, c1);
- mul_add_c(a[2], b[2], c2, c3, c1);
- mul_add_c(a[1], b[3], c2, c3, c1);
- mul_add_c(a[0], b[4], c2, c3, c1);
- r[4] = c2;
- c2 = 0;
- mul_add_c(a[0], b[5], c3, c1, c2);
- mul_add_c(a[1], b[4], c3, c1, c2);
- mul_add_c(a[2], b[3], c3, c1, c2);
- mul_add_c(a[3], b[2], c3, c1, c2);
- mul_add_c(a[4], b[1], c3, c1, c2);
- mul_add_c(a[5], b[0], c3, c1, c2);
- r[5] = c3;
- c3 = 0;
- mul_add_c(a[6], b[0], c1, c2, c3);
- mul_add_c(a[5], b[1], c1, c2, c3);
- mul_add_c(a[4], b[2], c1, c2, c3);
- mul_add_c(a[3], b[3], c1, c2, c3);
- mul_add_c(a[2], b[4], c1, c2, c3);
- mul_add_c(a[1], b[5], c1, c2, c3);
- mul_add_c(a[0], b[6], c1, c2, c3);
- r[6] = c1;
- c1 = 0;
- mul_add_c(a[0], b[7], c2, c3, c1);
- mul_add_c(a[1], b[6], c2, c3, c1);
- mul_add_c(a[2], b[5], c2, c3, c1);
- mul_add_c(a[3], b[4], c2, c3, c1);
- mul_add_c(a[4], b[3], c2, c3, c1);
- mul_add_c(a[5], b[2], c2, c3, c1);
- mul_add_c(a[6], b[1], c2, c3, c1);
- mul_add_c(a[7], b[0], c2, c3, c1);
- r[7] = c2;
- c2 = 0;
- mul_add_c(a[7], b[1], c3, c1, c2);
- mul_add_c(a[6], b[2], c3, c1, c2);
- mul_add_c(a[5], b[3], c3, c1, c2);
- mul_add_c(a[4], b[4], c3, c1, c2);
- mul_add_c(a[3], b[5], c3, c1, c2);
- mul_add_c(a[2], b[6], c3, c1, c2);
- mul_add_c(a[1], b[7], c3, c1, c2);
- r[8] = c3;
- c3 = 0;
- mul_add_c(a[2], b[7], c1, c2, c3);
- mul_add_c(a[3], b[6], c1, c2, c3);
- mul_add_c(a[4], b[5], c1, c2, c3);
- mul_add_c(a[5], b[4], c1, c2, c3);
- mul_add_c(a[6], b[3], c1, c2, c3);
- mul_add_c(a[7], b[2], c1, c2, c3);
- r[9] = c1;
- c1 = 0;
- mul_add_c(a[7], b[3], c2, c3, c1);
- mul_add_c(a[6], b[4], c2, c3, c1);
- mul_add_c(a[5], b[5], c2, c3, c1);
- mul_add_c(a[4], b[6], c2, c3, c1);
- mul_add_c(a[3], b[7], c2, c3, c1);
- r[10] = c2;
- c2 = 0;
- mul_add_c(a[4], b[7], c3, c1, c2);
- mul_add_c(a[5], b[6], c3, c1, c2);
- mul_add_c(a[6], b[5], c3, c1, c2);
- mul_add_c(a[7], b[4], c3, c1, c2);
- r[11] = c3;
- c3 = 0;
- mul_add_c(a[7], b[5], c1, c2, c3);
- mul_add_c(a[6], b[6], c1, c2, c3);
- mul_add_c(a[5], b[7], c1, c2, c3);
- r[12] = c1;
- c1 = 0;
- mul_add_c(a[6], b[7], c2, c3, c1);
- mul_add_c(a[7], b[6], c2, c3, c1);
- r[13] = c2;
- c2 = 0;
- mul_add_c(a[7], b[7], c3, c1, c2);
- r[14] = c3;
- r[15] = c1;
-}
-
-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-{
- BN_ULONG c1, c2, c3;
-
- c1 = 0;
- c2 = 0;
- c3 = 0;
- mul_add_c(a[0], b[0], c1, c2, c3);
- r[0] = c1;
- c1 = 0;
- mul_add_c(a[0], b[1], c2, c3, c1);
- mul_add_c(a[1], b[0], c2, c3, c1);
- r[1] = c2;
- c2 = 0;
- mul_add_c(a[2], b[0], c3, c1, c2);
- mul_add_c(a[1], b[1], c3, c1, c2);
- mul_add_c(a[0], b[2], c3, c1, c2);
- r[2] = c3;
- c3 = 0;
- mul_add_c(a[0], b[3], c1, c2, c3);
- mul_add_c(a[1], b[2], c1, c2, c3);
- mul_add_c(a[2], b[1], c1, c2, c3);
- mul_add_c(a[3], b[0], c1, c2, c3);
- r[3] = c1;
- c1 = 0;
- mul_add_c(a[3], b[1], c2, c3, c1);
- mul_add_c(a[2], b[2], c2, c3, c1);
- mul_add_c(a[1], b[3], c2, c3, c1);
- r[4] = c2;
- c2 = 0;
- mul_add_c(a[2], b[3], c3, c1, c2);
- mul_add_c(a[3], b[2], c3, c1, c2);
- r[5] = c3;
- c3 = 0;
- mul_add_c(a[3], b[3], c1, c2, c3);
- r[6] = c1;
- r[7] = c2;
-}
-
-void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
-{
- BN_ULONG c1, c2, c3;
-
- c1 = 0;
- c2 = 0;
- c3 = 0;
- sqr_add_c(a, 0, c1, c2, c3);
- r[0] = c1;
- c1 = 0;
- sqr_add_c2(a, 1, 0, c2, c3, c1);
- r[1] = c2;
- c2 = 0;
- sqr_add_c(a, 1, c3, c1, c2);
- sqr_add_c2(a, 2, 0, c3, c1, c2);
- r[2] = c3;
- c3 = 0;
- sqr_add_c2(a, 3, 0, c1, c2, c3);
- sqr_add_c2(a, 2, 1, c1, c2, c3);
- r[3] = c1;
- c1 = 0;
- sqr_add_c(a, 2, c2, c3, c1);
- sqr_add_c2(a, 3, 1, c2, c3, c1);
- sqr_add_c2(a, 4, 0, c2, c3, c1);
- r[4] = c2;
- c2 = 0;
- sqr_add_c2(a, 5, 0, c3, c1, c2);
- sqr_add_c2(a, 4, 1, c3, c1, c2);
- sqr_add_c2(a, 3, 2, c3, c1, c2);
- r[5] = c3;
- c3 = 0;
- sqr_add_c(a, 3, c1, c2, c3);
- sqr_add_c2(a, 4, 2, c1, c2, c3);
- sqr_add_c2(a, 5, 1, c1, c2, c3);
- sqr_add_c2(a, 6, 0, c1, c2, c3);
- r[6] = c1;
- c1 = 0;
- sqr_add_c2(a, 7, 0, c2, c3, c1);
- sqr_add_c2(a, 6, 1, c2, c3, c1);
- sqr_add_c2(a, 5, 2, c2, c3, c1);
- sqr_add_c2(a, 4, 3, c2, c3, c1);
- r[7] = c2;
- c2 = 0;
- sqr_add_c(a, 4, c3, c1, c2);
- sqr_add_c2(a, 5, 3, c3, c1, c2);
- sqr_add_c2(a, 6, 2, c3, c1, c2);
- sqr_add_c2(a, 7, 1, c3, c1, c2);
- r[8] = c3;
- c3 = 0;
- sqr_add_c2(a, 7, 2, c1, c2, c3);
- sqr_add_c2(a, 6, 3, c1, c2, c3);
- sqr_add_c2(a, 5, 4, c1, c2, c3);
- r[9] = c1;
- c1 = 0;
- sqr_add_c(a, 5, c2, c3, c1);
- sqr_add_c2(a, 6, 4, c2, c3, c1);
- sqr_add_c2(a, 7, 3, c2, c3, c1);
- r[10] = c2;
- c2 = 0;
- sqr_add_c2(a, 7, 4, c3, c1, c2);
- sqr_add_c2(a, 6, 5, c3, c1, c2);
- r[11] = c3;
- c3 = 0;
- sqr_add_c(a, 6, c1, c2, c3);
- sqr_add_c2(a, 7, 5, c1, c2, c3);
- r[12] = c1;
- c1 = 0;
- sqr_add_c2(a, 7, 6, c2, c3, c1);
- r[13] = c2;
- c2 = 0;
- sqr_add_c(a, 7, c3, c1, c2);
- r[14] = c3;
- r[15] = c1;
-}
-
-void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
-{
- BN_ULONG c1, c2, c3;
-
- c1 = 0;
- c2 = 0;
- c3 = 0;
- sqr_add_c(a, 0, c1, c2, c3);
- r[0] = c1;
- c1 = 0;
- sqr_add_c2(a, 1, 0, c2, c3, c1);
- r[1] = c2;
- c2 = 0;
- sqr_add_c(a, 1, c3, c1, c2);
- sqr_add_c2(a, 2, 0, c3, c1, c2);
- r[2] = c3;
- c3 = 0;
- sqr_add_c2(a, 3, 0, c1, c2, c3);
- sqr_add_c2(a, 2, 1, c1, c2, c3);
- r[3] = c1;
- c1 = 0;
- sqr_add_c(a, 2, c2, c3, c1);
- sqr_add_c2(a, 3, 1, c2, c3, c1);
- r[4] = c2;
- c2 = 0;
- sqr_add_c2(a, 3, 2, c3, c1, c2);
- r[5] = c3;
- c3 = 0;
- sqr_add_c(a, 3, c1, c2, c3);
- r[6] = c1;
- r[7] = c2;
-}
-
-# ifdef OPENSSL_NO_ASM
-# ifdef OPENSSL_BN_ASM_MONT
-# include <alloca.h>
-/*
- * This is essentially reference implementation, which may or may not
- * result in performance improvement. E.g. on IA-32 this routine was
- * observed to give 40% faster rsa1024 private key operations and 10%
- * faster rsa4096 ones, while on AMD64 it improves rsa1024 sign only
- * by 10% and *worsens* rsa4096 sign by 15%. Once again, it's a
- * reference implementation, one to be used as starting point for
- * platform-specific assembler. Mentioned numbers apply to compiler
- * generated code compiled with and without -DOPENSSL_BN_ASM_MONT and
- * can vary not only from platform to platform, but even for compiler
- * versions. Assembler vs. assembler improvement coefficients can
- * [and are known to] differ and are to be documented elsewhere.
- */
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
- const BN_ULONG *np, const BN_ULONG *n0p, int num)
-{
- BN_ULONG c0, c1, ml, *tp, n0;
-# ifdef mul64
- BN_ULONG mh;
-# endif
- volatile BN_ULONG *vp;
- int i = 0, j;
-
-# if 0 /* template for platform-specific
- * implementation */
- if (ap == bp)
- return bn_sqr_mont(rp, ap, np, n0p, num);
-# endif
- vp = tp = alloca((num + 2) * sizeof(BN_ULONG));
-
- n0 = *n0p;
-
- c0 = 0;
- ml = bp[0];
-# ifdef mul64
- mh = HBITS(ml);
- ml = LBITS(ml);
- for (j = 0; j < num; ++j)
- mul(tp[j], ap[j], ml, mh, c0);
-# else
- for (j = 0; j < num; ++j)
- mul(tp[j], ap[j], ml, c0);
-# endif
-
- tp[num] = c0;
- tp[num + 1] = 0;
- goto enter;
-
- for (i = 0; i < num; i++) {
- c0 = 0;
- ml = bp[i];
-# ifdef mul64
- mh = HBITS(ml);
- ml = LBITS(ml);
- for (j = 0; j < num; ++j)
- mul_add(tp[j], ap[j], ml, mh, c0);
-# else
- for (j = 0; j < num; ++j)
- mul_add(tp[j], ap[j], ml, c0);
-# endif
- c1 = (tp[num] + c0) & BN_MASK2;
- tp[num] = c1;
- tp[num + 1] = (c1 < c0 ? 1 : 0);
- enter:
- c1 = tp[0];
- ml = (c1 * n0) & BN_MASK2;
- c0 = 0;
-# ifdef mul64
- mh = HBITS(ml);
- ml = LBITS(ml);
- mul_add(c1, np[0], ml, mh, c0);
-# else
- mul_add(c1, ml, np[0], c0);
-# endif
- for (j = 1; j < num; j++) {
- c1 = tp[j];
-# ifdef mul64
- mul_add(c1, np[j], ml, mh, c0);
-# else
- mul_add(c1, ml, np[j], c0);
-# endif
- tp[j - 1] = c1 & BN_MASK2;
- }
- c1 = (tp[num] + c0) & BN_MASK2;
- tp[num - 1] = c1;
- tp[num] = tp[num + 1] + (c1 < c0 ? 1 : 0);
- }
-
- if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
- c0 = bn_sub_words(rp, tp, np, num);
- if (tp[num] != 0 || c0 == 0) {
- for (i = 0; i < num + 2; i++)
- vp[i] = 0;
- return 1;
- }
- }
- for (i = 0; i < num; i++)
- rp[i] = tp[i], vp[i] = 0;
- vp[num] = 0;
- vp[num + 1] = 0;
- return 1;
-}
-# else
-/*
- * Return value of 0 indicates that multiplication/convolution was not
- * performed to signal the caller to fall down to alternative/original
- * code-path.
- */
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
- const BN_ULONG *np, const BN_ULONG *n0, int num)
-{
- return 0;
-}
-# endif /* OPENSSL_BN_ASM_MONT */
-# endif
-
-#else /* !BN_MUL_COMBA */
-
-/* hmm... is it faster just to do a multiply? */
-# undef bn_sqr_comba4
-void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
-{
- BN_ULONG t[8];
- bn_sqr_normal(r, a, 4, t);
-}
-
-# undef bn_sqr_comba8
-void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
-{
- BN_ULONG t[16];
- bn_sqr_normal(r, a, 8, t);
-}
-
-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-{
- r[4] = bn_mul_words(&(r[0]), a, 4, b[0]);
- r[5] = bn_mul_add_words(&(r[1]), a, 4, b[1]);
- r[6] = bn_mul_add_words(&(r[2]), a, 4, b[2]);
- r[7] = bn_mul_add_words(&(r[3]), a, 4, b[3]);
-}
-
-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-{
- r[8] = bn_mul_words(&(r[0]), a, 8, b[0]);
- r[9] = bn_mul_add_words(&(r[1]), a, 8, b[1]);
- r[10] = bn_mul_add_words(&(r[2]), a, 8, b[2]);
- r[11] = bn_mul_add_words(&(r[3]), a, 8, b[3]);
- r[12] = bn_mul_add_words(&(r[4]), a, 8, b[4]);
- r[13] = bn_mul_add_words(&(r[5]), a, 8, b[5]);
- r[14] = bn_mul_add_words(&(r[6]), a, 8, b[6]);
- r[15] = bn_mul_add_words(&(r[7]), a, 8, b[7]);
-}
-
-# ifdef OPENSSL_NO_ASM
-# ifdef OPENSSL_BN_ASM_MONT
-# include <alloca.h>
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
- const BN_ULONG *np, const BN_ULONG *n0p, int num)
-{
- BN_ULONG c0, c1, *tp, n0 = *n0p;
- volatile BN_ULONG *vp;
- int i = 0, j;
-
- vp = tp = alloca((num + 2) * sizeof(BN_ULONG));
-
- for (i = 0; i <= num; i++)
- tp[i] = 0;
-
- for (i = 0; i < num; i++) {
- c0 = bn_mul_add_words(tp, ap, num, bp[i]);
- c1 = (tp[num] + c0) & BN_MASK2;
- tp[num] = c1;
- tp[num + 1] = (c1 < c0 ? 1 : 0);
-
- c0 = bn_mul_add_words(tp, np, num, tp[0] * n0);
- c1 = (tp[num] + c0) & BN_MASK2;
- tp[num] = c1;
- tp[num + 1] += (c1 < c0 ? 1 : 0);
- for (j = 0; j <= num; j++)
- tp[j] = tp[j + 1];
- }
-
- if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
- c0 = bn_sub_words(rp, tp, np, num);
- if (tp[num] != 0 || c0 == 0) {
- for (i = 0; i < num + 2; i++)
- vp[i] = 0;
- return 1;
- }
- }
- for (i = 0; i < num; i++)
- rp[i] = tp[i], vp[i] = 0;
- vp[num] = 0;
- vp[num + 1] = 0;
- return 1;
-}
-# else
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
- const BN_ULONG *np, const BN_ULONG *n0, int num)
-{
- return 0;
-}
-# endif /* OPENSSL_BN_ASM_MONT */
-# endif
-
-#endif /* !BN_MUL_COMBA */
diff --git a/thirdparty/openssl/crypto/bn/bn_blind.c b/thirdparty/openssl/crypto/bn/bn_blind.c
deleted file mode 100644
index d448daa3c7..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_blind.c
+++ /dev/null
@@ -1,385 +0,0 @@
-/* crypto/bn/bn_blind.c */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#define BN_BLINDING_COUNTER 32
-
-struct bn_blinding_st {
- BIGNUM *A;
- BIGNUM *Ai;
- BIGNUM *e;
- BIGNUM *mod; /* just a reference */
-#ifndef OPENSSL_NO_DEPRECATED
- unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; used
- * only by crypto/rsa/rsa_eay.c, rsa_lib.c */
-#endif
- CRYPTO_THREADID tid;
- int counter;
- unsigned long flags;
- BN_MONT_CTX *m_ctx;
- int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-};
-
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
-{
- BN_BLINDING *ret = NULL;
-
- bn_check_top(mod);
-
- if ((ret = (BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) {
- BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
- return (NULL);
- }
- memset(ret, 0, sizeof(BN_BLINDING));
- if (A != NULL) {
- if ((ret->A = BN_dup(A)) == NULL)
- goto err;
- }
- if (Ai != NULL) {
- if ((ret->Ai = BN_dup(Ai)) == NULL)
- goto err;
- }
-
- /* save a copy of mod in the BN_BLINDING structure */
- if ((ret->mod = BN_dup(mod)) == NULL)
- goto err;
- if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
- BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
-
- /*
- * Set the counter to the special value -1 to indicate that this is
- * never-used fresh blinding that does not need updating before first
- * use.
- */
- ret->counter = -1;
- CRYPTO_THREADID_current(&ret->tid);
- return (ret);
- err:
- if (ret != NULL)
- BN_BLINDING_free(ret);
- return (NULL);
-}
-
-void BN_BLINDING_free(BN_BLINDING *r)
-{
- if (r == NULL)
- return;
-
- if (r->A != NULL)
- BN_free(r->A);
- if (r->Ai != NULL)
- BN_free(r->Ai);
- if (r->e != NULL)
- BN_free(r->e);
- if (r->mod != NULL)
- BN_free(r->mod);
- OPENSSL_free(r);
-}
-
-int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
-{
- int ret = 0;
-
- if ((b->A == NULL) || (b->Ai == NULL)) {
- BNerr(BN_F_BN_BLINDING_UPDATE, BN_R_NOT_INITIALIZED);
- goto err;
- }
-
- if (b->counter == -1)
- b->counter = 0;
-
- if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
- !(b->flags & BN_BLINDING_NO_RECREATE)) {
- /* re-create blinding parameters */
- if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
- goto err;
- } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) {
- if (!BN_mod_mul(b->A, b->A, b->A, b->mod, ctx))
- goto err;
- if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx))
- goto err;
- }
-
- ret = 1;
- err:
- if (b->counter == BN_BLINDING_COUNTER)
- b->counter = 0;
- return (ret);
-}
-
-int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
-{
- return BN_BLINDING_convert_ex(n, NULL, b, ctx);
-}
-
-int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
-{
- int ret = 1;
-
- bn_check_top(n);
-
- if ((b->A == NULL) || (b->Ai == NULL)) {
- BNerr(BN_F_BN_BLINDING_CONVERT_EX, BN_R_NOT_INITIALIZED);
- return (0);
- }
-
- if (b->counter == -1)
- /* Fresh blinding, doesn't need updating. */
- b->counter = 0;
- else if (!BN_BLINDING_update(b, ctx))
- return (0);
-
- if (r != NULL) {
- if (!BN_copy(r, b->Ai))
- ret = 0;
- }
-
- if (!BN_mod_mul(n, n, b->A, b->mod, ctx))
- ret = 0;
-
- return ret;
-}
-
-int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
-{
- return BN_BLINDING_invert_ex(n, NULL, b, ctx);
-}
-
-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
- BN_CTX *ctx)
-{
- int ret;
-
- bn_check_top(n);
-
- if (r != NULL)
- ret = BN_mod_mul(n, n, r, b->mod, ctx);
- else {
- if (b->Ai == NULL) {
- BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED);
- return (0);
- }
- ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
- }
-
- bn_check_top(n);
- return (ret);
-}
-
-#ifndef OPENSSL_NO_DEPRECATED
-unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b)
-{
- return b->thread_id;
-}
-
-void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n)
-{
- b->thread_id = n;
-}
-#endif
-
-CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b)
-{
- return &b->tid;
-}
-
-unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b)
-{
- return b->flags;
-}
-
-void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
-{
- b->flags = flags;
-}
-
-BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
- const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
- int (*bn_mod_exp) (BIGNUM *r,
- const BIGNUM *a,
- const BIGNUM *p,
- const BIGNUM *m,
- BN_CTX *ctx,
- BN_MONT_CTX *m_ctx),
- BN_MONT_CTX *m_ctx)
-{
- int retry_counter = 32;
- BN_BLINDING *ret = NULL;
-
- if (b == NULL)
- ret = BN_BLINDING_new(NULL, NULL, m);
- else
- ret = b;
-
- if (ret == NULL)
- goto err;
-
- if (ret->A == NULL && (ret->A = BN_new()) == NULL)
- goto err;
- if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL)
- goto err;
-
- if (e != NULL) {
- if (ret->e != NULL)
- BN_free(ret->e);
- ret->e = BN_dup(e);
- }
- if (ret->e == NULL)
- goto err;
-
- if (bn_mod_exp != NULL)
- ret->bn_mod_exp = bn_mod_exp;
- if (m_ctx != NULL)
- ret->m_ctx = m_ctx;
-
- do {
- if (!BN_rand_range(ret->A, ret->mod))
- goto err;
- if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) {
- /*
- * this should almost never happen for good RSA keys
- */
- unsigned long error = ERR_peek_last_error();
- if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
- if (retry_counter-- == 0) {
- BNerr(BN_F_BN_BLINDING_CREATE_PARAM,
- BN_R_TOO_MANY_ITERATIONS);
- goto err;
- }
- ERR_clear_error();
- } else
- goto err;
- } else
- break;
- } while (1);
-
- if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) {
- if (!ret->bn_mod_exp
- (ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
- goto err;
- } else {
- if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
- goto err;
- }
-
- return ret;
- err:
- if (b == NULL && ret != NULL) {
- BN_BLINDING_free(ret);
- ret = NULL;
- }
-
- return ret;
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_const.c b/thirdparty/openssl/crypto/bn/bn_const.c
deleted file mode 100644
index 12c3208c24..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_const.c
+++ /dev/null
@@ -1,547 +0,0 @@
-/* crypto/bn/knownprimes.c */
-/* Insert boilerplate */
-
-#include "bn.h"
-
-/*-
- * "First Oakley Default Group" from RFC2409, section 6.1.
- *
- * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
- *
- * RFC2409 specifies a generator of 2.
- * RFC2412 specifies a generator of of 22.
- */
-
-BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
-{
- static const unsigned char RFC2409_PRIME_768[] = {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x3A, 0x36, 0x20,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- };
- return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn);
-}
-
-/*-
- * "Second Oakley Default Group" from RFC2409, section 6.2.
- *
- * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
- *
- * RFC2409 specifies a generator of 2.
- * RFC2412 specifies a generator of 22.
- */
-
-BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
-{
- static const unsigned char RFC2409_PRIME_1024[] = {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- };
- return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn);
-}
-
-/*-
- * "1536-bit MODP Group" from RFC3526, Section 2.
- *
- * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
- *
- * RFC3526 specifies a generator of 2.
- * RFC2312 specifies a generator of 22.
- */
-
-BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
-{
- static const unsigned char RFC3526_PRIME_1536[] = {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x23, 0x73, 0x27,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), bn);
-}
-
-/*-
- * "2048-bit MODP Group" from RFC3526, Section 3.
- *
- * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
- *
- * RFC3526 specifies a generator of 2.
- */
-
-BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
-{
- static const unsigned char RFC3526_PRIME_2048[] = {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_2048, sizeof(RFC3526_PRIME_2048), bn);
-}
-
-/*-
- * "3072-bit MODP Group" from RFC3526, Section 4.
- *
- * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
- *
- * RFC3526 specifies a generator of 2.
- */
-
-BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
-{
- static const unsigned char RFC3526_PRIME_3072[] = {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
- 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
- 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
- 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
- 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
- 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
- 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
- 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
- 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
- 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
- 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
- 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
- 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
- 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
- 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
- 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
- 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_3072, sizeof(RFC3526_PRIME_3072), bn);
-}
-
-/*-
- * "4096-bit MODP Group" from RFC3526, Section 5.
- *
- * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
- *
- * RFC3526 specifies a generator of 2.
- */
-
-BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
-{
- static const unsigned char RFC3526_PRIME_4096[] = {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
- 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
- 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
- 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
- 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
- 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
- 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
- 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
- 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
- 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
- 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
- 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
- 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
- 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
- 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
- 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
- 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
- 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
- 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
- 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
- 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
- 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
- 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
- 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
- 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
- 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
- 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
- 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
- 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
- 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
- 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
- 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
- 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_4096, sizeof(RFC3526_PRIME_4096), bn);
-}
-
-/*-
- * "6144-bit MODP Group" from RFC3526, Section 6.
- *
- * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
- *
- * RFC3526 specifies a generator of 2.
- */
-
-BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
-{
- static const unsigned char RFC3526_PRIME_6144[] = {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
- 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
- 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
- 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
- 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
- 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
- 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
- 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
- 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
- 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
- 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
- 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
- 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
- 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
- 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
- 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
- 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
- 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
- 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
- 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
- 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
- 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
- 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
- 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
- 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
- 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
- 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
- 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
- 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
- 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
- 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
- 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
- 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
- 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26,
- 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE,
- 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
- 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E,
- 0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE,
- 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
- 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18,
- 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED,
- 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
- 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B,
- 0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42,
- 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
- 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC,
- 0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03,
- 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
- 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82,
- 0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E,
- 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
- 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE,
- 0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5,
- 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
- 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8,
- 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0,
- 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
- 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76,
- 0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0,
- 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
- 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32,
- 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68,
- 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
- 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6,
- 0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xCC, 0x40, 0x24,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_6144, sizeof(RFC3526_PRIME_6144), bn);
-}
-
-/*-
- * "8192-bit MODP Group" from RFC3526, Section 7.
- *
- * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
- *
- * RFC3526 specifies a generator of 2.
- */
-
-BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn)
-{
- static const unsigned char RFC3526_PRIME_8192[] = {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
- 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
- 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
- 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
- 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
- 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
- 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
- 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
- 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
- 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
- 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
- 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
- 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
- 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
- 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
- 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
- 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
- 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
- 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
- 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
- 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
- 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
- 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
- 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
- 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
- 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
- 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
- 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
- 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
- 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
- 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
- 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
- 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
- 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26,
- 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE,
- 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
- 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E,
- 0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE,
- 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
- 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18,
- 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED,
- 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
- 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B,
- 0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42,
- 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
- 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC,
- 0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03,
- 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
- 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82,
- 0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E,
- 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
- 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE,
- 0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5,
- 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
- 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8,
- 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0,
- 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
- 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76,
- 0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0,
- 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
- 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32,
- 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68,
- 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
- 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6,
- 0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xBE, 0x11, 0x59,
- 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4,
- 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C,
- 0xD8, 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA,
- 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00,
- 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED,
- 0x25, 0x76, 0xF6, 0x93, 0x6B, 0xA4, 0x24, 0x66,
- 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68,
- 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78,
- 0x23, 0x8F, 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D,
- 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9,
- 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07,
- 0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, 0xF0, 0xC7,
- 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B,
- 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD,
- 0xFA, 0x9D, 0x4B, 0x7F, 0xA2, 0xC0, 0x87, 0xE8,
- 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A,
- 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6,
- 0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, 0x2D,
- 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36,
- 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1,
- 0x64, 0xF3, 0x1C, 0xC5, 0x08, 0x46, 0x85, 0x1D,
- 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1,
- 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73,
- 0xFA, 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68,
- 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92,
- 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7,
- 0x88, 0x9A, 0x00, 0x2E, 0xD5, 0xEE, 0x38, 0x2B,
- 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47,
- 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA,
- 0x9E, 0x30, 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF,
- 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71,
- 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn);
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_ctx.c b/thirdparty/openssl/crypto/bn/bn_ctx.c
deleted file mode 100644
index 526c6a046d..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_ctx.c
+++ /dev/null
@@ -1,448 +0,0 @@
-/* crypto/bn/bn_ctx.c */
-/* Written by Ulf Moeller for the OpenSSL project. */
-/* ====================================================================
- * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG)
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-
-#include <stdio.h>
-#include <assert.h>
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-/*-
- * TODO list
- *
- * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and
- * check they can be safely removed.
- * - Check +1 and other ugliness in BN_from_montgomery()
- *
- * 2. Consider allowing a BN_new_ex() that, at least, lets you specify an
- * appropriate 'block' size that will be honoured by bn_expand_internal() to
- * prevent piddly little reallocations. OTOH, profiling bignum expansions in
- * BN_CTX doesn't show this to be a big issue.
- */
-
-/* How many bignums are in each "pool item"; */
-#define BN_CTX_POOL_SIZE 16
-/* The stack frame info is resizing, set a first-time expansion size; */
-#define BN_CTX_START_FRAMES 32
-
-/***********/
-/* BN_POOL */
-/***********/
-
-/* A bundle of bignums that can be linked with other bundles */
-typedef struct bignum_pool_item {
- /* The bignum values */
- BIGNUM vals[BN_CTX_POOL_SIZE];
- /* Linked-list admin */
- struct bignum_pool_item *prev, *next;
-} BN_POOL_ITEM;
-/* A linked-list of bignums grouped in bundles */
-typedef struct bignum_pool {
- /* Linked-list admin */
- BN_POOL_ITEM *head, *current, *tail;
- /* Stack depth and allocation size */
- unsigned used, size;
-} BN_POOL;
-static void BN_POOL_init(BN_POOL *);
-static void BN_POOL_finish(BN_POOL *);
-#ifndef OPENSSL_NO_DEPRECATED
-static void BN_POOL_reset(BN_POOL *);
-#endif
-static BIGNUM *BN_POOL_get(BN_POOL *);
-static void BN_POOL_release(BN_POOL *, unsigned int);
-
-/************/
-/* BN_STACK */
-/************/
-
-/* A wrapper to manage the "stack frames" */
-typedef struct bignum_ctx_stack {
- /* Array of indexes into the bignum stack */
- unsigned int *indexes;
- /* Number of stack frames, and the size of the allocated array */
- unsigned int depth, size;
-} BN_STACK;
-static void BN_STACK_init(BN_STACK *);
-static void BN_STACK_finish(BN_STACK *);
-#ifndef OPENSSL_NO_DEPRECATED
-static void BN_STACK_reset(BN_STACK *);
-#endif
-static int BN_STACK_push(BN_STACK *, unsigned int);
-static unsigned int BN_STACK_pop(BN_STACK *);
-
-/**********/
-/* BN_CTX */
-/**********/
-
-/* The opaque BN_CTX type */
-struct bignum_ctx {
- /* The bignum bundles */
- BN_POOL pool;
- /* The "stack frames", if you will */
- BN_STACK stack;
- /* The number of bignums currently assigned */
- unsigned int used;
- /* Depth of stack overflow */
- int err_stack;
- /* Block "gets" until an "end" (compatibility behaviour) */
- int too_many;
-};
-
-/* Enable this to find BN_CTX bugs */
-#ifdef BN_CTX_DEBUG
-static const char *ctxdbg_cur = NULL;
-static void ctxdbg(BN_CTX *ctx)
-{
- unsigned int bnidx = 0, fpidx = 0;
- BN_POOL_ITEM *item = ctx->pool.head;
- BN_STACK *stack = &ctx->stack;
- fprintf(stderr, "(%16p): ", ctx);
- while (bnidx < ctx->used) {
- fprintf(stderr, "%03x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
- if (!(bnidx % BN_CTX_POOL_SIZE))
- item = item->next;
- }
- fprintf(stderr, "\n");
- bnidx = 0;
- fprintf(stderr, " : ");
- while (fpidx < stack->depth) {
- while (bnidx++ < stack->indexes[fpidx])
- fprintf(stderr, " ");
- fprintf(stderr, "^^^ ");
- bnidx++;
- fpidx++;
- }
- fprintf(stderr, "\n");
-}
-
-# define CTXDBG_ENTRY(str, ctx) do { \
- ctxdbg_cur = (str); \
- fprintf(stderr,"Starting %s\n", ctxdbg_cur); \
- ctxdbg(ctx); \
- } while(0)
-# define CTXDBG_EXIT(ctx) do { \
- fprintf(stderr,"Ending %s\n", ctxdbg_cur); \
- ctxdbg(ctx); \
- } while(0)
-# define CTXDBG_RET(ctx,ret)
-#else
-# define CTXDBG_ENTRY(str, ctx)
-# define CTXDBG_EXIT(ctx)
-# define CTXDBG_RET(ctx,ret)
-#endif
-
-/*
- * This function is an evil legacy and should not be used. This
- * implementation is WYSIWYG, though I've done my best.
- */
-#ifndef OPENSSL_NO_DEPRECATED
-void BN_CTX_init(BN_CTX *ctx)
-{
- /*
- * Assume the caller obtained the context via BN_CTX_new() and so is
- * trying to reset it for use. Nothing else makes sense, least of all
- * binary compatibility from a time when they could declare a static
- * variable.
- */
- BN_POOL_reset(&ctx->pool);
- BN_STACK_reset(&ctx->stack);
- ctx->used = 0;
- ctx->err_stack = 0;
- ctx->too_many = 0;
-}
-#endif
-
-BN_CTX *BN_CTX_new(void)
-{
- BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX));
- if (!ret) {
- BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- /* Initialise the structure */
- BN_POOL_init(&ret->pool);
- BN_STACK_init(&ret->stack);
- ret->used = 0;
- ret->err_stack = 0;
- ret->too_many = 0;
- return ret;
-}
-
-void BN_CTX_free(BN_CTX *ctx)
-{
- if (ctx == NULL)
- return;
-#ifdef BN_CTX_DEBUG
- {
- BN_POOL_ITEM *pool = ctx->pool.head;
- fprintf(stderr, "BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
- ctx->stack.size, ctx->pool.size);
- fprintf(stderr, "dmaxs: ");
- while (pool) {
- unsigned loop = 0;
- while (loop < BN_CTX_POOL_SIZE)
- fprintf(stderr, "%02x ", pool->vals[loop++].dmax);
- pool = pool->next;
- }
- fprintf(stderr, "\n");
- }
-#endif
- BN_STACK_finish(&ctx->stack);
- BN_POOL_finish(&ctx->pool);
- OPENSSL_free(ctx);
-}
-
-void BN_CTX_start(BN_CTX *ctx)
-{
- CTXDBG_ENTRY("BN_CTX_start", ctx);
- /* If we're already overflowing ... */
- if (ctx->err_stack || ctx->too_many)
- ctx->err_stack++;
- /* (Try to) get a new frame pointer */
- else if (!BN_STACK_push(&ctx->stack, ctx->used)) {
- BNerr(BN_F_BN_CTX_START, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
- ctx->err_stack++;
- }
- CTXDBG_EXIT(ctx);
-}
-
-void BN_CTX_end(BN_CTX *ctx)
-{
- CTXDBG_ENTRY("BN_CTX_end", ctx);
- if (ctx->err_stack)
- ctx->err_stack--;
- else {
- unsigned int fp = BN_STACK_pop(&ctx->stack);
- /* Does this stack frame have anything to release? */
- if (fp < ctx->used)
- BN_POOL_release(&ctx->pool, ctx->used - fp);
- ctx->used = fp;
- /* Unjam "too_many" in case "get" had failed */
- ctx->too_many = 0;
- }
- CTXDBG_EXIT(ctx);
-}
-
-BIGNUM *BN_CTX_get(BN_CTX *ctx)
-{
- BIGNUM *ret;
- CTXDBG_ENTRY("BN_CTX_get", ctx);
- if (ctx->err_stack || ctx->too_many)
- return NULL;
- if ((ret = BN_POOL_get(&ctx->pool)) == NULL) {
- /*
- * Setting too_many prevents repeated "get" attempts from cluttering
- * the error stack.
- */
- ctx->too_many = 1;
- BNerr(BN_F_BN_CTX_GET, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
- return NULL;
- }
- /* OK, make sure the returned bignum is "zero" */
- BN_zero(ret);
- ctx->used++;
- CTXDBG_RET(ctx, ret);
- return ret;
-}
-
-/************/
-/* BN_STACK */
-/************/
-
-static void BN_STACK_init(BN_STACK *st)
-{
- st->indexes = NULL;
- st->depth = st->size = 0;
-}
-
-static void BN_STACK_finish(BN_STACK *st)
-{
- if (st->size)
- OPENSSL_free(st->indexes);
-}
-
-#ifndef OPENSSL_NO_DEPRECATED
-static void BN_STACK_reset(BN_STACK *st)
-{
- st->depth = 0;
-}
-#endif
-
-static int BN_STACK_push(BN_STACK *st, unsigned int idx)
-{
- if (st->depth == st->size)
- /* Need to expand */
- {
- unsigned int newsize = (st->size ?
- (st->size * 3 / 2) : BN_CTX_START_FRAMES);
- unsigned int *newitems = OPENSSL_malloc(newsize *
- sizeof(unsigned int));
- if (!newitems)
- return 0;
- if (st->depth)
- memcpy(newitems, st->indexes, st->depth * sizeof(unsigned int));
- if (st->size)
- OPENSSL_free(st->indexes);
- st->indexes = newitems;
- st->size = newsize;
- }
- st->indexes[(st->depth)++] = idx;
- return 1;
-}
-
-static unsigned int BN_STACK_pop(BN_STACK *st)
-{
- return st->indexes[--(st->depth)];
-}
-
-/***********/
-/* BN_POOL */
-/***********/
-
-static void BN_POOL_init(BN_POOL *p)
-{
- p->head = p->current = p->tail = NULL;
- p->used = p->size = 0;
-}
-
-static void BN_POOL_finish(BN_POOL *p)
-{
- while (p->head) {
- unsigned int loop = 0;
- BIGNUM *bn = p->head->vals;
- while (loop++ < BN_CTX_POOL_SIZE) {
- if (bn->d)
- BN_clear_free(bn);
- bn++;
- }
- p->current = p->head->next;
- OPENSSL_free(p->head);
- p->head = p->current;
- }
-}
-
-#ifndef OPENSSL_NO_DEPRECATED
-static void BN_POOL_reset(BN_POOL *p)
-{
- BN_POOL_ITEM *item = p->head;
- while (item) {
- unsigned int loop = 0;
- BIGNUM *bn = item->vals;
- while (loop++ < BN_CTX_POOL_SIZE) {
- if (bn->d)
- BN_clear(bn);
- bn++;
- }
- item = item->next;
- }
- p->current = p->head;
- p->used = 0;
-}
-#endif
-
-static BIGNUM *BN_POOL_get(BN_POOL *p)
-{
- if (p->used == p->size) {
- BIGNUM *bn;
- unsigned int loop = 0;
- BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM));
- if (!item)
- return NULL;
- /* Initialise the structure */
- bn = item->vals;
- while (loop++ < BN_CTX_POOL_SIZE)
- BN_init(bn++);
- item->prev = p->tail;
- item->next = NULL;
- /* Link it in */
- if (!p->head)
- p->head = p->current = p->tail = item;
- else {
- p->tail->next = item;
- p->tail = item;
- p->current = item;
- }
- p->size += BN_CTX_POOL_SIZE;
- p->used++;
- /* Return the first bignum from the new pool */
- return item->vals;
- }
- if (!p->used)
- p->current = p->head;
- else if ((p->used % BN_CTX_POOL_SIZE) == 0)
- p->current = p->current->next;
- return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
-}
-
-static void BN_POOL_release(BN_POOL *p, unsigned int num)
-{
- unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;
- p->used -= num;
- while (num--) {
- bn_check_top(p->current->vals + offset);
- if (!offset) {
- offset = BN_CTX_POOL_SIZE - 1;
- p->current = p->current->prev;
- } else
- offset--;
- }
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_depr.c b/thirdparty/openssl/crypto/bn/bn_depr.c
deleted file mode 100644
index 34895f5982..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_depr.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/* crypto/bn/bn_depr.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * Support for deprecated functions goes here - static linkage will only
- * slurp this code if applications are using them directly.
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-#include <openssl/rand.h>
-
-static void *dummy = &dummy;
-
-#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
- const BIGNUM *add, const BIGNUM *rem,
- void (*callback) (int, int, void *), void *cb_arg)
-{
- BN_GENCB cb;
- BIGNUM *rnd = NULL;
- int found = 0;
-
- BN_GENCB_set_old(&cb, callback, cb_arg);
-
- if (ret == NULL) {
- if ((rnd = BN_new()) == NULL)
- goto err;
- } else
- rnd = ret;
- if (!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
- goto err;
-
- /* we have a prime :-) */
- found = 1;
- err:
- if (!found && (ret == NULL) && (rnd != NULL))
- BN_free(rnd);
- return (found ? rnd : NULL);
-}
-
-int BN_is_prime(const BIGNUM *a, int checks,
- void (*callback) (int, int, void *), BN_CTX *ctx_passed,
- void *cb_arg)
-{
- BN_GENCB cb;
- BN_GENCB_set_old(&cb, callback, cb_arg);
- return BN_is_prime_ex(a, checks, ctx_passed, &cb);
-}
-
-int BN_is_prime_fasttest(const BIGNUM *a, int checks,
- void (*callback) (int, int, void *),
- BN_CTX *ctx_passed, void *cb_arg,
- int do_trial_division)
-{
- BN_GENCB cb;
- BN_GENCB_set_old(&cb, callback, cb_arg);
- return BN_is_prime_fasttest_ex(a, checks, ctx_passed,
- do_trial_division, &cb);
-}
-#endif
diff --git a/thirdparty/openssl/crypto/bn/bn_div.c b/thirdparty/openssl/crypto/bn/bn_div.c
deleted file mode 100644
index bc37671cf1..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_div.c
+++ /dev/null
@@ -1,477 +0,0 @@
-/* crypto/bn/bn_div.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-/* The old slow way */
-#if 0
-int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
- BN_CTX *ctx)
-{
- int i, nm, nd;
- int ret = 0;
- BIGNUM *D;
-
- bn_check_top(m);
- bn_check_top(d);
- if (BN_is_zero(d)) {
- BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
- return (0);
- }
-
- if (BN_ucmp(m, d) < 0) {
- if (rem != NULL) {
- if (BN_copy(rem, m) == NULL)
- return (0);
- }
- if (dv != NULL)
- BN_zero(dv);
- return (1);
- }
-
- BN_CTX_start(ctx);
- D = BN_CTX_get(ctx);
- if (dv == NULL)
- dv = BN_CTX_get(ctx);
- if (rem == NULL)
- rem = BN_CTX_get(ctx);
- if (D == NULL || dv == NULL || rem == NULL)
- goto end;
-
- nd = BN_num_bits(d);
- nm = BN_num_bits(m);
- if (BN_copy(D, d) == NULL)
- goto end;
- if (BN_copy(rem, m) == NULL)
- goto end;
-
- /*
- * The next 2 are needed so we can do a dv->d[0]|=1 later since
- * BN_lshift1 will only work once there is a value :-)
- */
- BN_zero(dv);
- if (bn_wexpand(dv, 1) == NULL)
- goto end;
- dv->top = 1;
-
- if (!BN_lshift(D, D, nm - nd))
- goto end;
- for (i = nm - nd; i >= 0; i--) {
- if (!BN_lshift1(dv, dv))
- goto end;
- if (BN_ucmp(rem, D) >= 0) {
- dv->d[0] |= 1;
- if (!BN_usub(rem, rem, D))
- goto end;
- }
-/* CAN IMPROVE (and have now :=) */
- if (!BN_rshift1(D, D))
- goto end;
- }
- rem->neg = BN_is_zero(rem) ? 0 : m->neg;
- dv->neg = m->neg ^ d->neg;
- ret = 1;
- end:
- BN_CTX_end(ctx);
- return (ret);
-}
-
-#else
-
-# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \
- && !defined(PEDANTIC) && !defined(BN_DIV3W)
-# if defined(__GNUC__) && __GNUC__>=2
-# if defined(__i386) || defined (__i386__)
- /*-
- * There were two reasons for implementing this template:
- * - GNU C generates a call to a function (__udivdi3 to be exact)
- * in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
- * understand why...);
- * - divl doesn't only calculate quotient, but also leaves
- * remainder in %edx which we can definitely use here:-)
- *
- * <appro@fy.chalmers.se>
- */
-# undef bn_div_words
-# define bn_div_words(n0,n1,d0) \
- ({ asm volatile ( \
- "divl %4" \
- : "=a"(q), "=d"(rem) \
- : "a"(n1), "d"(n0), "r"(d0) \
- : "cc"); \
- q; \
- })
-# define REMAINDER_IS_ALREADY_CALCULATED
-# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
- /*
- * Same story here, but it's 128-bit by 64-bit division. Wow!
- * <appro@fy.chalmers.se>
- */
-# undef bn_div_words
-# define bn_div_words(n0,n1,d0) \
- ({ asm volatile ( \
- "divq %4" \
- : "=a"(q), "=d"(rem) \
- : "a"(n1), "d"(n0), "r"(d0) \
- : "cc"); \
- q; \
- })
-# define REMAINDER_IS_ALREADY_CALCULATED
-# endif /* __<cpu> */
-# endif /* __GNUC__ */
-# endif /* OPENSSL_NO_ASM */
-
-/*-
- * BN_div computes dv := num / divisor, rounding towards
- * zero, and sets up rm such that dv*divisor + rm = num holds.
- * Thus:
- * dv->neg == num->neg ^ divisor->neg (unless the result is zero)
- * rm->neg == num->neg (unless the remainder is zero)
- * If 'dv' or 'rm' is NULL, the respective value is not returned.
- */
-int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
- BN_CTX *ctx)
-{
- int norm_shift, i, loop;
- BIGNUM *tmp, wnum, *snum, *sdiv, *res;
- BN_ULONG *resp, *wnump;
- BN_ULONG d0, d1;
- int num_n, div_n;
- int no_branch = 0;
-
- /*
- * Invalid zero-padding would have particularly bad consequences so don't
- * just rely on bn_check_top() here (bn_check_top() works only for
- * BN_DEBUG builds)
- */
- if ((num->top > 0 && num->d[num->top - 1] == 0) ||
- (divisor->top > 0 && divisor->d[divisor->top - 1] == 0)) {
- BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED);
- return 0;
- }
-
- bn_check_top(num);
- bn_check_top(divisor);
-
- if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0)
- || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) {
- no_branch = 1;
- }
-
- bn_check_top(dv);
- bn_check_top(rm);
- /*- bn_check_top(num); *//*
- * 'num' has been checked already
- */
- /*- bn_check_top(divisor); *//*
- * 'divisor' has been checked already
- */
-
- if (BN_is_zero(divisor)) {
- BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
- return (0);
- }
-
- if (!no_branch && BN_ucmp(num, divisor) < 0) {
- if (rm != NULL) {
- if (BN_copy(rm, num) == NULL)
- return (0);
- }
- if (dv != NULL)
- BN_zero(dv);
- return (1);
- }
-
- BN_CTX_start(ctx);
- tmp = BN_CTX_get(ctx);
- snum = BN_CTX_get(ctx);
- sdiv = BN_CTX_get(ctx);
- if (dv == NULL)
- res = BN_CTX_get(ctx);
- else
- res = dv;
- if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL)
- goto err;
-
- /* First we normalise the numbers */
- norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2);
- if (!(BN_lshift(sdiv, divisor, norm_shift)))
- goto err;
- sdiv->neg = 0;
- norm_shift += BN_BITS2;
- if (!(BN_lshift(snum, num, norm_shift)))
- goto err;
- snum->neg = 0;
-
- if (no_branch) {
- /*
- * Since we don't know whether snum is larger than sdiv, we pad snum
- * with enough zeroes without changing its value.
- */
- if (snum->top <= sdiv->top + 1) {
- if (bn_wexpand(snum, sdiv->top + 2) == NULL)
- goto err;
- for (i = snum->top; i < sdiv->top + 2; i++)
- snum->d[i] = 0;
- snum->top = sdiv->top + 2;
- } else {
- if (bn_wexpand(snum, snum->top + 1) == NULL)
- goto err;
- snum->d[snum->top] = 0;
- snum->top++;
- }
- }
-
- div_n = sdiv->top;
- num_n = snum->top;
- loop = num_n - div_n;
- /*
- * Lets setup a 'window' into snum This is the part that corresponds to
- * the current 'area' being divided
- */
- wnum.neg = 0;
- wnum.d = &(snum->d[loop]);
- wnum.top = div_n;
- /*
- * only needed when BN_ucmp messes up the values between top and max
- */
- wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */
-
- /* Get the top 2 words of sdiv */
- /* div_n=sdiv->top; */
- d0 = sdiv->d[div_n - 1];
- d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2];
-
- /* pointer to the 'top' of snum */
- wnump = &(snum->d[num_n - 1]);
-
- /* Setup to 'res' */
- res->neg = (num->neg ^ divisor->neg);
- if (!bn_wexpand(res, (loop + 1)))
- goto err;
- res->top = loop - no_branch;
- resp = &(res->d[loop - 1]);
-
- /* space for temp */
- if (!bn_wexpand(tmp, (div_n + 1)))
- goto err;
-
- if (!no_branch) {
- if (BN_ucmp(&wnum, sdiv) >= 0) {
- /*
- * If BN_DEBUG_RAND is defined BN_ucmp changes (via bn_pollute)
- * the const bignum arguments => clean the values between top and
- * max again
- */
- bn_clear_top2max(&wnum);
- bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n);
- *resp = 1;
- } else
- res->top--;
- }
-
- /*
- * if res->top == 0 then clear the neg value otherwise decrease the resp
- * pointer
- */
- if (res->top == 0)
- res->neg = 0;
- else
- resp--;
-
- for (i = 0; i < loop - 1; i++, wnump--, resp--) {
- BN_ULONG q, l0;
- /*
- * the first part of the loop uses the top two words of snum and sdiv
- * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv
- */
-# if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
- BN_ULONG bn_div_3_words(BN_ULONG *, BN_ULONG, BN_ULONG);
- q = bn_div_3_words(wnump, d1, d0);
-# else
- BN_ULONG n0, n1, rem = 0;
-
- n0 = wnump[0];
- n1 = wnump[-1];
- if (n0 == d0)
- q = BN_MASK2;
- else { /* n0 < d0 */
-
-# ifdef BN_LLONG
- BN_ULLONG t2;
-
-# if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
- q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0);
-# else
- q = bn_div_words(n0, n1, d0);
-# ifdef BN_DEBUG_LEVITTE
- fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n", n0, n1, d0, q);
-# endif
-# endif
-
-# ifndef REMAINDER_IS_ALREADY_CALCULATED
- /*
- * rem doesn't have to be BN_ULLONG. The least we
- * know it's less that d0, isn't it?
- */
- rem = (n1 - q * d0) & BN_MASK2;
-# endif
- t2 = (BN_ULLONG) d1 *q;
-
- for (;;) {
- if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | wnump[-2]))
- break;
- q--;
- rem += d0;
- if (rem < d0)
- break; /* don't let rem overflow */
- t2 -= d1;
- }
-# else /* !BN_LLONG */
- BN_ULONG t2l, t2h;
-
- q = bn_div_words(n0, n1, d0);
-# ifdef BN_DEBUG_LEVITTE
- fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n", n0, n1, d0, q);
-# endif
-# ifndef REMAINDER_IS_ALREADY_CALCULATED
- rem = (n1 - q * d0) & BN_MASK2;
-# endif
-
-# if defined(BN_UMULT_LOHI)
- BN_UMULT_LOHI(t2l, t2h, d1, q);
-# elif defined(BN_UMULT_HIGH)
- t2l = d1 * q;
- t2h = BN_UMULT_HIGH(d1, q);
-# else
- {
- BN_ULONG ql, qh;
- t2l = LBITS(d1);
- t2h = HBITS(d1);
- ql = LBITS(q);
- qh = HBITS(q);
- mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */
- }
-# endif
-
- for (;;) {
- if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2])))
- break;
- q--;
- rem += d0;
- if (rem < d0)
- break; /* don't let rem overflow */
- if (t2l < d1)
- t2h--;
- t2l -= d1;
- }
-# endif /* !BN_LLONG */
- }
-# endif /* !BN_DIV3W */
-
- l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q);
- tmp->d[div_n] = l0;
- wnum.d--;
- /*
- * ingore top values of the bignums just sub the two BN_ULONG arrays
- * with bn_sub_words
- */
- if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) {
- /*
- * Note: As we have considered only the leading two BN_ULONGs in
- * the calculation of q, sdiv * q might be greater than wnum (but
- * then (q-1) * sdiv is less or equal than wnum)
- */
- q--;
- if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
- /*
- * we can't have an overflow here (assuming that q != 0, but
- * if q == 0 then tmp is zero anyway)
- */
- (*wnump)++;
- }
- /* store part of the result */
- *resp = q;
- }
- bn_correct_top(snum);
- if (rm != NULL) {
- /*
- * Keep a copy of the neg flag in num because if rm==num BN_rshift()
- * will overwrite it.
- */
- int neg = num->neg;
- BN_rshift(rm, snum, norm_shift);
- if (!BN_is_zero(rm))
- rm->neg = neg;
- bn_check_top(rm);
- }
- if (no_branch)
- bn_correct_top(res);
- BN_CTX_end(ctx);
- return (1);
- err:
- bn_check_top(rm);
- BN_CTX_end(ctx);
- return (0);
-}
-#endif
diff --git a/thirdparty/openssl/crypto/bn/bn_err.c b/thirdparty/openssl/crypto/bn/bn_err.c
deleted file mode 100644
index e7a703826e..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_err.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/* crypto/bn/bn_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
-
-static ERR_STRING_DATA BN_str_functs[] = {
- {ERR_FUNC(BN_F_BNRAND), "BNRAND"},
- {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"},
- {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"},
- {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"},
- {ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"},
- {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"},
- {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"},
- {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"},
- {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"},
- {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
- {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"},
- {ERR_FUNC(BN_F_BN_DIV), "BN_div"},
- {ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"},
- {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"},
- {ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
- {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"},
- {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"},
- {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"},
- {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"},
- {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"},
- {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"},
- {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
- {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
- {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
- {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"},
- {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
- {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
- {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
- {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"},
- {ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"},
- {ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"},
- {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
- {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"},
- {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
- {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"},
- {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
- {ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
- {ERR_FUNC(BN_F_BN_NEW), "BN_new"},
- {ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
- {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
- {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"},
- {ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
- {0, NULL}
-};
-
-static ERR_STRING_DATA BN_str_reasons[] = {
- {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"},
- {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"},
- {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"},
- {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"},
- {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"},
- {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"},
- {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"},
- {ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),
- "expand on static bignum data"},
- {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"},
- {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"},
- {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"},
- {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"},
- {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"},
- {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"},
- {ERR_REASON(BN_R_NO_INVERSE), "no inverse"},
- {ERR_REASON(BN_R_NO_SOLUTION), "no solution"},
- {ERR_REASON(BN_R_P_IS_NOT_PRIME), "p is not prime"},
- {ERR_REASON(BN_R_TOO_MANY_ITERATIONS), "too many iterations"},
- {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),
- "too many temporary variables"},
- {0, NULL}
-};
-
-#endif
-
-void ERR_load_BN_strings(void)
-{
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(BN_str_functs[0].error) == NULL) {
- ERR_load_strings(0, BN_str_functs);
- ERR_load_strings(0, BN_str_reasons);
- }
-#endif
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_exp.c b/thirdparty/openssl/crypto/bn/bn_exp.c
deleted file mode 100644
index 195a7867a4..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_exp.c
+++ /dev/null
@@ -1,1458 +0,0 @@
-/* crypto/bn/bn_exp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include "constant_time_locl.h"
-#include "bn_lcl.h"
-
-#include <stdlib.h>
-#ifdef _WIN32
-# include <malloc.h>
-# ifndef alloca
-# define alloca _alloca
-# endif
-#elif defined(__GNUC__)
-# ifndef alloca
-# define alloca(s) __builtin_alloca((s))
-# endif
-#elif defined(__sun)
-# include <alloca.h>
-#endif
-
-#include "rsaz_exp.h"
-
-#undef SPARC_T4_MONT
-#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc))
-# include "sparc_arch.h"
-extern unsigned int OPENSSL_sparcv9cap_P[];
-# define SPARC_T4_MONT
-#endif
-
-/* maximum precomputation table size for *variable* sliding windows */
-#define TABLE_SIZE 32
-
-/* this one works - simple but works */
-int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-{
- int i, bits, ret = 0;
- BIGNUM *v, *rr;
-
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
- /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
- BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return -1;
- }
-
- BN_CTX_start(ctx);
- if ((r == a) || (r == p))
- rr = BN_CTX_get(ctx);
- else
- rr = r;
- v = BN_CTX_get(ctx);
- if (rr == NULL || v == NULL)
- goto err;
-
- if (BN_copy(v, a) == NULL)
- goto err;
- bits = BN_num_bits(p);
-
- if (BN_is_odd(p)) {
- if (BN_copy(rr, a) == NULL)
- goto err;
- } else {
- if (!BN_one(rr))
- goto err;
- }
-
- for (i = 1; i < bits; i++) {
- if (!BN_sqr(v, v, ctx))
- goto err;
- if (BN_is_bit_set(p, i)) {
- if (!BN_mul(rr, rr, v, ctx))
- goto err;
- }
- }
- if (r != rr && BN_copy(r, rr) == NULL)
- goto err;
-
- ret = 1;
- err:
- BN_CTX_end(ctx);
- bn_check_top(r);
- return (ret);
-}
-
-int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
- BN_CTX *ctx)
-{
- int ret;
-
- bn_check_top(a);
- bn_check_top(p);
- bn_check_top(m);
-
- /*-
- * For even modulus m = 2^k*m_odd, it might make sense to compute
- * a^p mod m_odd and a^p mod 2^k separately (with Montgomery
- * exponentiation for the odd part), using appropriate exponent
- * reductions, and combine the results using the CRT.
- *
- * For now, we use Montgomery only if the modulus is odd; otherwise,
- * exponentiation using the reciprocal-based quick remaindering
- * algorithm is used.
- *
- * (Timing obtained with expspeed.c [computations a^p mod m
- * where a, p, m are of the same length: 256, 512, 1024, 2048,
- * 4096, 8192 bits], compared to the running time of the
- * standard algorithm:
- *
- * BN_mod_exp_mont 33 .. 40 % [AMD K6-2, Linux, debug configuration]
- * 55 .. 77 % [UltraSparc processor, but
- * debug-solaris-sparcv8-gcc conf.]
- *
- * BN_mod_exp_recp 50 .. 70 % [AMD K6-2, Linux, debug configuration]
- * 62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
- *
- * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont
- * at 2048 and more bits, but at 512 and 1024 bits, it was
- * slower even than the standard algorithm!
- *
- * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]
- * should be obtained when the new Montgomery reduction code
- * has been integrated into OpenSSL.)
- */
-
-#define MONT_MUL_MOD
-#define MONT_EXP_WORD
-#define RECP_MUL_MOD
-
-#ifdef MONT_MUL_MOD
- /*
- * I have finally been able to take out this pre-condition of the top bit
- * being set. It was caused by an error in BN_div with negatives. There
- * was also another problem when for a^b%m a >= m. eay 07-May-97
- */
- /* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
-
- if (BN_is_odd(m)) {
-# ifdef MONT_EXP_WORD
- if (a->top == 1 && !a->neg
- && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) {
- BN_ULONG A = a->d[0];
- ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL);
- } else
-# endif
- ret = BN_mod_exp_mont(r, a, p, m, ctx, NULL);
- } else
-#endif
-#ifdef RECP_MUL_MOD
- {
- ret = BN_mod_exp_recp(r, a, p, m, ctx);
- }
-#else
- {
- ret = BN_mod_exp_simple(r, a, p, m, ctx);
- }
-#endif
-
- bn_check_top(r);
- return (ret);
-}
-
-int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
-{
- int i, j, bits, ret = 0, wstart, wend, window, wvalue;
- int start = 1;
- BIGNUM *aa;
- /* Table of variables obtained from 'ctx' */
- BIGNUM *val[TABLE_SIZE];
- BN_RECP_CTX recp;
-
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
- /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
- BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return -1;
- }
-
- bits = BN_num_bits(p);
- if (bits == 0) {
- /* x**0 mod 1 is still zero. */
- if (BN_is_one(m)) {
- ret = 1;
- BN_zero(r);
- } else {
- ret = BN_one(r);
- }
- return ret;
- }
-
- BN_CTX_start(ctx);
- aa = BN_CTX_get(ctx);
- val[0] = BN_CTX_get(ctx);
- if (!aa || !val[0])
- goto err;
-
- BN_RECP_CTX_init(&recp);
- if (m->neg) {
- /* ignore sign of 'm' */
- if (!BN_copy(aa, m))
- goto err;
- aa->neg = 0;
- if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0)
- goto err;
- } else {
- if (BN_RECP_CTX_set(&recp, m, ctx) <= 0)
- goto err;
- }
-
- if (!BN_nnmod(val[0], a, m, ctx))
- goto err; /* 1 */
- if (BN_is_zero(val[0])) {
- BN_zero(r);
- ret = 1;
- goto err;
- }
-
- window = BN_window_bits_for_exponent_size(bits);
- if (window > 1) {
- if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx))
- goto err; /* 2 */
- j = 1 << (window - 1);
- for (i = 1; i < j; i++) {
- if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul_reciprocal(val[i], val[i - 1], aa, &recp, ctx))
- goto err;
- }
- }
-
- start = 1; /* This is used to avoid multiplication etc
- * when there is only the value '1' in the
- * buffer. */
- wvalue = 0; /* The 'value' of the window */
- wstart = bits - 1; /* The top bit of the window */
- wend = 0; /* The bottom bit of the window */
-
- if (!BN_one(r))
- goto err;
-
- for (;;) {
- if (BN_is_bit_set(p, wstart) == 0) {
- if (!start)
- if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
- goto err;
- if (wstart == 0)
- break;
- wstart--;
- continue;
- }
- /*
- * We now have wstart on a 'set' bit, we now need to work out how bit
- * a window to do. To do this we need to scan forward until the last
- * set bit before the end of the window
- */
- j = wstart;
- wvalue = 1;
- wend = 0;
- for (i = 1; i < window; i++) {
- if (wstart - i < 0)
- break;
- if (BN_is_bit_set(p, wstart - i)) {
- wvalue <<= (i - wend);
- wvalue |= 1;
- wend = i;
- }
- }
-
- /* wend is the size of the current window */
- j = wend + 1;
- /* add the 'bytes above' */
- if (!start)
- for (i = 0; i < j; i++) {
- if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
- goto err;
- }
-
- /* wvalue will be an odd number < 2^window */
- if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], &recp, ctx))
- goto err;
-
- /* move the 'window' down further */
- wstart -= wend + 1;
- wvalue = 0;
- start = 0;
- if (wstart < 0)
- break;
- }
- ret = 1;
- err:
- BN_CTX_end(ctx);
- BN_RECP_CTX_free(&recp);
- bn_check_top(r);
- return (ret);
-}
-
-int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-{
- int i, j, bits, ret = 0, wstart, wend, window, wvalue;
- int start = 1;
- BIGNUM *d, *r;
- const BIGNUM *aa;
- /* Table of variables obtained from 'ctx' */
- BIGNUM *val[TABLE_SIZE];
- BN_MONT_CTX *mont = NULL;
-
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
- return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
- }
-
- bn_check_top(a);
- bn_check_top(p);
- bn_check_top(m);
-
- if (!BN_is_odd(m)) {
- BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
- return (0);
- }
- bits = BN_num_bits(p);
- if (bits == 0) {
- /* x**0 mod 1 is still zero. */
- if (BN_is_one(m)) {
- ret = 1;
- BN_zero(rr);
- } else {
- ret = BN_one(rr);
- }
- return ret;
- }
-
- BN_CTX_start(ctx);
- d = BN_CTX_get(ctx);
- r = BN_CTX_get(ctx);
- val[0] = BN_CTX_get(ctx);
- if (!d || !r || !val[0])
- goto err;
-
- /*
- * If this is not done, things will break in the montgomery part
- */
-
- if (in_mont != NULL)
- mont = in_mont;
- else {
- if ((mont = BN_MONT_CTX_new()) == NULL)
- goto err;
- if (!BN_MONT_CTX_set(mont, m, ctx))
- goto err;
- }
-
- if (a->neg || BN_ucmp(a, m) >= 0) {
- if (!BN_nnmod(val[0], a, m, ctx))
- goto err;
- aa = val[0];
- } else
- aa = a;
- if (BN_is_zero(aa)) {
- BN_zero(rr);
- ret = 1;
- goto err;
- }
- if (!BN_to_montgomery(val[0], aa, mont, ctx))
- goto err; /* 1 */
-
- window = BN_window_bits_for_exponent_size(bits);
- if (window > 1) {
- if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx))
- goto err; /* 2 */
- j = 1 << (window - 1);
- for (i = 1; i < j; i++) {
- if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx))
- goto err;
- }
- }
-
- start = 1; /* This is used to avoid multiplication etc
- * when there is only the value '1' in the
- * buffer. */
- wvalue = 0; /* The 'value' of the window */
- wstart = bits - 1; /* The top bit of the window */
- wend = 0; /* The bottom bit of the window */
-
-#if 1 /* by Shay Gueron's suggestion */
- j = m->top; /* borrow j */
- if (m->d[j - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) {
- if (bn_wexpand(r, j) == NULL)
- goto err;
- /* 2^(top*BN_BITS2) - m */
- r->d[0] = (0 - m->d[0]) & BN_MASK2;
- for (i = 1; i < j; i++)
- r->d[i] = (~m->d[i]) & BN_MASK2;
- r->top = j;
- /*
- * Upper words will be zero if the corresponding words of 'm' were
- * 0xfff[...], so decrement r->top accordingly.
- */
- bn_correct_top(r);
- } else
-#endif
- if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
- goto err;
- for (;;) {
- if (BN_is_bit_set(p, wstart) == 0) {
- if (!start) {
- if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
- goto err;
- }
- if (wstart == 0)
- break;
- wstart--;
- continue;
- }
- /*
- * We now have wstart on a 'set' bit, we now need to work out how bit
- * a window to do. To do this we need to scan forward until the last
- * set bit before the end of the window
- */
- j = wstart;
- wvalue = 1;
- wend = 0;
- for (i = 1; i < window; i++) {
- if (wstart - i < 0)
- break;
- if (BN_is_bit_set(p, wstart - i)) {
- wvalue <<= (i - wend);
- wvalue |= 1;
- wend = i;
- }
- }
-
- /* wend is the size of the current window */
- j = wend + 1;
- /* add the 'bytes above' */
- if (!start)
- for (i = 0; i < j; i++) {
- if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
- goto err;
- }
-
- /* wvalue will be an odd number < 2^window */
- if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx))
- goto err;
-
- /* move the 'window' down further */
- wstart -= wend + 1;
- wvalue = 0;
- start = 0;
- if (wstart < 0)
- break;
- }
-#if defined(SPARC_T4_MONT)
- if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
- j = mont->N.top; /* borrow j */
- val[0]->d[0] = 1; /* borrow val[0] */
- for (i = 1; i < j; i++)
- val[0]->d[i] = 0;
- val[0]->top = j;
- if (!BN_mod_mul_montgomery(rr, r, val[0], mont, ctx))
- goto err;
- } else
-#endif
- if (!BN_from_montgomery(rr, r, mont, ctx))
- goto err;
- ret = 1;
- err:
- if ((in_mont == NULL) && (mont != NULL))
- BN_MONT_CTX_free(mont);
- BN_CTX_end(ctx);
- bn_check_top(rr);
- return (ret);
-}
-
-#if defined(SPARC_T4_MONT)
-static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos)
-{
- BN_ULONG ret = 0;
- int wordpos;
-
- wordpos = bitpos / BN_BITS2;
- bitpos %= BN_BITS2;
- if (wordpos >= 0 && wordpos < a->top) {
- ret = a->d[wordpos] & BN_MASK2;
- if (bitpos) {
- ret >>= bitpos;
- if (++wordpos < a->top)
- ret |= a->d[wordpos] << (BN_BITS2 - bitpos);
- }
- }
-
- return ret & BN_MASK2;
-}
-#endif
-
-/*
- * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific
- * layout so that accessing any of these table values shows the same access
- * pattern as far as cache lines are concerned. The following functions are
- * used to transfer a BIGNUM from/to that table.
- */
-
-static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
- unsigned char *buf, int idx,
- int window)
-{
- int i, j;
- int width = 1 << window;
- BN_ULONG *table = (BN_ULONG *)buf;
-
- if (top > b->top)
- top = b->top; /* this works because 'buf' is explicitly
- * zeroed */
- for (i = 0, j = idx; i < top; i++, j += width) {
- table[j] = b->d[i];
- }
-
- return 1;
-}
-
-static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
- unsigned char *buf, int idx,
- int window)
-{
- int i, j;
- int width = 1 << window;
- volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
-
- if (bn_wexpand(b, top) == NULL)
- return 0;
-
- if (window <= 3) {
- for (i = 0; i < top; i++, table += width) {
- BN_ULONG acc = 0;
-
- for (j = 0; j < width; j++) {
- acc |= table[j] &
- ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
- }
-
- b->d[i] = acc;
- }
- } else {
- int xstride = 1 << (window - 2);
- BN_ULONG y0, y1, y2, y3;
-
- i = idx >> (window - 2); /* equivalent of idx / xstride */
- idx &= xstride - 1; /* equivalent of idx % xstride */
-
- y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
- y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1);
- y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1);
- y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1);
-
- for (i = 0; i < top; i++, table += width) {
- BN_ULONG acc = 0;
-
- for (j = 0; j < xstride; j++) {
- acc |= ( (table[j + 0 * xstride] & y0) |
- (table[j + 1 * xstride] & y1) |
- (table[j + 2 * xstride] & y2) |
- (table[j + 3 * xstride] & y3) )
- & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
- }
-
- b->d[i] = acc;
- }
- }
-
- b->top = top;
- bn_correct_top(b);
- return 1;
-}
-
-/*
- * Given a pointer value, compute the next address that is a cache line
- * multiple.
- */
-#define MOD_EXP_CTIME_ALIGN(x_) \
- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
-
-/*
- * This variant of BN_mod_exp_mont() uses fixed windows and the special
- * precomputation memory layout to limit data-dependency to a minimum to
- * protect secret exponents (cf. the hyper-threading timing attacks pointed
- * out by Colin Percival,
- * http://www.daemonology.net/hyperthreading-considered-harmful/)
- */
-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *in_mont)
-{
- int i, bits, ret = 0, window, wvalue;
- int top;
- BN_MONT_CTX *mont = NULL;
-
- int numPowers;
- unsigned char *powerbufFree = NULL;
- int powerbufLen = 0;
- unsigned char *powerbuf = NULL;
- BIGNUM tmp, am;
-#if defined(SPARC_T4_MONT)
- unsigned int t4 = 0;
-#endif
-
- bn_check_top(a);
- bn_check_top(p);
- bn_check_top(m);
-
- if (!BN_is_odd(m)) {
- BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS);
- return (0);
- }
-
- top = m->top;
-
- bits = BN_num_bits(p);
- if (bits == 0) {
- /* x**0 mod 1 is still zero. */
- if (BN_is_one(m)) {
- ret = 1;
- BN_zero(rr);
- } else {
- ret = BN_one(rr);
- }
- return ret;
- }
-
- BN_CTX_start(ctx);
-
- /*
- * Allocate a montgomery context if it was not supplied by the caller. If
- * this is not done, things will break in the montgomery part.
- */
- if (in_mont != NULL)
- mont = in_mont;
- else {
- if ((mont = BN_MONT_CTX_new()) == NULL)
- goto err;
- if (!BN_MONT_CTX_set(mont, m, ctx))
- goto err;
- }
-
-#ifdef RSAZ_ENABLED
- /*
- * If the size of the operands allow it, perform the optimized
- * RSAZ exponentiation. For further information see
- * crypto/bn/rsaz_exp.c and accompanying assembly modules.
- */
- if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)
- && rsaz_avx2_eligible()) {
- if (NULL == bn_wexpand(rr, 16))
- goto err;
- RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d,
- mont->n0[0]);
- rr->top = 16;
- rr->neg = 0;
- bn_correct_top(rr);
- ret = 1;
- goto err;
- } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {
- if (NULL == bn_wexpand(rr, 8))
- goto err;
- RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d);
- rr->top = 8;
- rr->neg = 0;
- bn_correct_top(rr);
- ret = 1;
- goto err;
- }
-#endif
-
- /* Get the window size to use with size of p. */
- window = BN_window_bits_for_ctime_exponent_size(bits);
-#if defined(SPARC_T4_MONT)
- if (window >= 5 && (top & 15) == 0 && top <= 64 &&
- (OPENSSL_sparcv9cap_P[1] & (CFR_MONTMUL | CFR_MONTSQR)) ==
- (CFR_MONTMUL | CFR_MONTSQR) && (t4 = OPENSSL_sparcv9cap_P[0]))
- window = 5;
- else
-#endif
-#if defined(OPENSSL_BN_ASM_MONT5)
- if (window >= 5) {
- window = 5; /* ~5% improvement for RSA2048 sign, and even
- * for RSA4096 */
- /* reserve space for mont->N.d[] copy */
- powerbufLen += top * sizeof(mont->N.d[0]);
- }
-#endif
- (void)0;
-
- /*
- * Allocate a buffer large enough to hold all of the pre-computed powers
- * of am, am itself and tmp.
- */
- numPowers = 1 << window;
- powerbufLen += sizeof(m->d[0]) * (top * numPowers +
- ((2 * top) >
- numPowers ? (2 * top) : numPowers));
-#ifdef alloca
- if (powerbufLen < 3072)
- powerbufFree =
- alloca(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
- else
-#endif
- if ((powerbufFree =
- (unsigned char *)OPENSSL_malloc(powerbufLen +
- MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH))
- == NULL)
- goto err;
-
- powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
- memset(powerbuf, 0, powerbufLen);
-
-#ifdef alloca
- if (powerbufLen < 3072)
- powerbufFree = NULL;
-#endif
-
- /* lay down tmp and am right after powers table */
- tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers);
- am.d = tmp.d + top;
- tmp.top = am.top = 0;
- tmp.dmax = am.dmax = top;
- tmp.neg = am.neg = 0;
- tmp.flags = am.flags = BN_FLG_STATIC_DATA;
-
- /* prepare a^0 in Montgomery domain */
-#if 1 /* by Shay Gueron's suggestion */
- if (m->d[top - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) {
- /* 2^(top*BN_BITS2) - m */
- tmp.d[0] = (0 - m->d[0]) & BN_MASK2;
- for (i = 1; i < top; i++)
- tmp.d[i] = (~m->d[i]) & BN_MASK2;
- tmp.top = top;
- } else
-#endif
- if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx))
- goto err;
-
- /* prepare a^1 in Montgomery domain */
- if (a->neg || BN_ucmp(a, m) >= 0) {
- if (!BN_mod(&am, a, m, ctx))
- goto err;
- if (!BN_to_montgomery(&am, &am, mont, ctx))
- goto err;
- } else if (!BN_to_montgomery(&am, a, mont, ctx))
- goto err;
-
-#if defined(SPARC_T4_MONT)
- if (t4) {
- typedef int (*bn_pwr5_mont_f) (BN_ULONG *tp, const BN_ULONG *np,
- const BN_ULONG *n0, const void *table,
- int power, int bits);
- int bn_pwr5_mont_t4_8(BN_ULONG *tp, const BN_ULONG *np,
- const BN_ULONG *n0, const void *table,
- int power, int bits);
- int bn_pwr5_mont_t4_16(BN_ULONG *tp, const BN_ULONG *np,
- const BN_ULONG *n0, const void *table,
- int power, int bits);
- int bn_pwr5_mont_t4_24(BN_ULONG *tp, const BN_ULONG *np,
- const BN_ULONG *n0, const void *table,
- int power, int bits);
- int bn_pwr5_mont_t4_32(BN_ULONG *tp, const BN_ULONG *np,
- const BN_ULONG *n0, const void *table,
- int power, int bits);
- static const bn_pwr5_mont_f pwr5_funcs[4] = {
- bn_pwr5_mont_t4_8, bn_pwr5_mont_t4_16,
- bn_pwr5_mont_t4_24, bn_pwr5_mont_t4_32
- };
- bn_pwr5_mont_f pwr5_worker = pwr5_funcs[top / 16 - 1];
-
- typedef int (*bn_mul_mont_f) (BN_ULONG *rp, const BN_ULONG *ap,
- const void *bp, const BN_ULONG *np,
- const BN_ULONG *n0);
- int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const void *bp,
- const BN_ULONG *np, const BN_ULONG *n0);
- int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
- const void *bp, const BN_ULONG *np,
- const BN_ULONG *n0);
- int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
- const void *bp, const BN_ULONG *np,
- const BN_ULONG *n0);
- int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
- const void *bp, const BN_ULONG *np,
- const BN_ULONG *n0);
- static const bn_mul_mont_f mul_funcs[4] = {
- bn_mul_mont_t4_8, bn_mul_mont_t4_16,
- bn_mul_mont_t4_24, bn_mul_mont_t4_32
- };
- bn_mul_mont_f mul_worker = mul_funcs[top / 16 - 1];
-
- void bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap,
- const void *bp, const BN_ULONG *np,
- const BN_ULONG *n0, int num);
- void bn_mul_mont_t4(BN_ULONG *rp, const BN_ULONG *ap,
- const void *bp, const BN_ULONG *np,
- const BN_ULONG *n0, int num);
- void bn_mul_mont_gather5_t4(BN_ULONG *rp, const BN_ULONG *ap,
- const void *table, const BN_ULONG *np,
- const BN_ULONG *n0, int num, int power);
- void bn_flip_n_scatter5_t4(const BN_ULONG *inp, size_t num,
- void *table, size_t power);
- void bn_gather5_t4(BN_ULONG *out, size_t num,
- void *table, size_t power);
- void bn_flip_t4(BN_ULONG *dst, BN_ULONG *src, size_t num);
-
- BN_ULONG *np = mont->N.d, *n0 = mont->n0;
- int stride = 5 * (6 - (top / 16 - 1)); /* multiple of 5, but less
- * than 32 */
-
- /*
- * BN_to_montgomery can contaminate words above .top [in
- * BN_DEBUG[_DEBUG] build]...
- */
- for (i = am.top; i < top; i++)
- am.d[i] = 0;
- for (i = tmp.top; i < top; i++)
- tmp.d[i] = 0;
-
- bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 0);
- bn_flip_n_scatter5_t4(am.d, top, powerbuf, 1);
- if (!(*mul_worker) (tmp.d, am.d, am.d, np, n0) &&
- !(*mul_worker) (tmp.d, am.d, am.d, np, n0))
- bn_mul_mont_vis3(tmp.d, am.d, am.d, np, n0, top);
- bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 2);
-
- for (i = 3; i < 32; i++) {
- /* Calculate a^i = a^(i-1) * a */
- if (!(*mul_worker) (tmp.d, tmp.d, am.d, np, n0) &&
- !(*mul_worker) (tmp.d, tmp.d, am.d, np, n0))
- bn_mul_mont_vis3(tmp.d, tmp.d, am.d, np, n0, top);
- bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, i);
- }
-
- /* switch to 64-bit domain */
- np = alloca(top * sizeof(BN_ULONG));
- top /= 2;
- bn_flip_t4(np, mont->N.d, top);
-
- bits--;
- for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--)
- wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
- bn_gather5_t4(tmp.d, top, powerbuf, wvalue);
-
- /*
- * Scan the exponent one window at a time starting from the most
- * significant bits.
- */
- while (bits >= 0) {
- if (bits < stride)
- stride = bits + 1;
- bits -= stride;
- wvalue = bn_get_bits(p, bits + 1);
-
- if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride))
- continue;
- /* retry once and fall back */
- if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride))
- continue;
-
- bits += stride - 5;
- wvalue >>= stride - 5;
- wvalue &= 31;
- bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
- bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
- bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
- bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
- bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
- bn_mul_mont_gather5_t4(tmp.d, tmp.d, powerbuf, np, n0, top,
- wvalue);
- }
-
- bn_flip_t4(tmp.d, tmp.d, top);
- top *= 2;
- /* back to 32-bit domain */
- tmp.top = top;
- bn_correct_top(&tmp);
- OPENSSL_cleanse(np, top * sizeof(BN_ULONG));
- } else
-#endif
-#if defined(OPENSSL_BN_ASM_MONT5)
- if (window == 5 && top > 1) {
- /*
- * This optimization uses ideas from http://eprint.iacr.org/2011/239,
- * specifically optimization of cache-timing attack countermeasures
- * and pre-computation optimization.
- */
-
- /*
- * Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
- * 512-bit RSA is hardly relevant, we omit it to spare size...
- */
- void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
- const void *table, const BN_ULONG *np,
- const BN_ULONG *n0, int num, int power);
- void bn_scatter5(const BN_ULONG *inp, size_t num,
- void *table, size_t power);
- void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power);
- void bn_power5(BN_ULONG *rp, const BN_ULONG *ap,
- const void *table, const BN_ULONG *np,
- const BN_ULONG *n0, int num, int power);
- int bn_get_bits5(const BN_ULONG *ap, int off);
- int bn_from_montgomery(BN_ULONG *rp, const BN_ULONG *ap,
- const BN_ULONG *not_used, const BN_ULONG *np,
- const BN_ULONG *n0, int num);
-
- BN_ULONG *n0 = mont->n0, *np;
-
- /*
- * BN_to_montgomery can contaminate words above .top [in
- * BN_DEBUG[_DEBUG] build]...
- */
- for (i = am.top; i < top; i++)
- am.d[i] = 0;
- for (i = tmp.top; i < top; i++)
- tmp.d[i] = 0;
-
- /*
- * copy mont->N.d[] to improve cache locality
- */
- for (np = am.d + top, i = 0; i < top; i++)
- np[i] = mont->N.d[i];
-
- bn_scatter5(tmp.d, top, powerbuf, 0);
- bn_scatter5(am.d, am.top, powerbuf, 1);
- bn_mul_mont(tmp.d, am.d, am.d, np, n0, top);
- bn_scatter5(tmp.d, top, powerbuf, 2);
-
-# if 0
- for (i = 3; i < 32; i++) {
- /* Calculate a^i = a^(i-1) * a */
- bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
- bn_scatter5(tmp.d, top, powerbuf, i);
- }
-# else
- /* same as above, but uses squaring for 1/2 of operations */
- for (i = 4; i < 32; i *= 2) {
- bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
- bn_scatter5(tmp.d, top, powerbuf, i);
- }
- for (i = 3; i < 8; i += 2) {
- int j;
- bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
- bn_scatter5(tmp.d, top, powerbuf, i);
- for (j = 2 * i; j < 32; j *= 2) {
- bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
- bn_scatter5(tmp.d, top, powerbuf, j);
- }
- }
- for (; i < 16; i += 2) {
- bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
- bn_scatter5(tmp.d, top, powerbuf, i);
- bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
- bn_scatter5(tmp.d, top, powerbuf, 2 * i);
- }
- for (; i < 32; i += 2) {
- bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
- bn_scatter5(tmp.d, top, powerbuf, i);
- }
-# endif
- bits--;
- for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--)
- wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
- bn_gather5(tmp.d, top, powerbuf, wvalue);
-
- /*
- * Scan the exponent one window at a time starting from the most
- * significant bits.
- */
- if (top & 7)
- while (bits >= 0) {
- for (wvalue = 0, i = 0; i < 5; i++, bits--)
- wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
-
- bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
- bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
- bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
- bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
- bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
- bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top,
- wvalue);
- } else {
- while (bits >= 0) {
- wvalue = bn_get_bits5(p->d, bits - 4);
- bits -= 5;
- bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top, wvalue);
- }
- }
-
- ret = bn_from_montgomery(tmp.d, tmp.d, NULL, np, n0, top);
- tmp.top = top;
- bn_correct_top(&tmp);
- if (ret) {
- if (!BN_copy(rr, &tmp))
- ret = 0;
- goto err; /* non-zero ret means it's not error */
- }
- } else
-#endif
- {
- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window))
- goto err;
- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window))
- goto err;
-
- /*
- * If the window size is greater than 1, then calculate
- * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) (even
- * powers could instead be computed as (a^(i/2))^2 to use the slight
- * performance advantage of sqr over mul).
- */
- if (window > 1) {
- if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
- goto err;
- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,
- window))
- goto err;
- for (i = 3; i < numPowers; i++) {
- /* Calculate a^i = a^(i-1) * a */
- if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx))
- goto err;
- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,
- window))
- goto err;
- }
- }
-
- bits--;
- for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
- wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
- if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue,
- window))
- goto err;
-
- /*
- * Scan the exponent one window at a time starting from the most
- * significant bits.
- */
- while (bits >= 0) {
- wvalue = 0; /* The 'value' of the window */
-
- /* Scan the window, squaring the result as we go */
- for (i = 0; i < window; i++, bits--) {
- if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx))
- goto err;
- wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
- }
-
- /*
- * Fetch the appropriate pre-computed value from the pre-buf
- */
- if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue,
- window))
- goto err;
-
- /* Multiply the result into the intermediate result */
- if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx))
- goto err;
- }
- }
-
- /* Convert the final result from montgomery to standard format */
-#if defined(SPARC_T4_MONT)
- if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
- am.d[0] = 1; /* borrow am */
- for (i = 1; i < top; i++)
- am.d[i] = 0;
- if (!BN_mod_mul_montgomery(rr, &tmp, &am, mont, ctx))
- goto err;
- } else
-#endif
- if (!BN_from_montgomery(rr, &tmp, mont, ctx))
- goto err;
- ret = 1;
- err:
- if ((in_mont == NULL) && (mont != NULL))
- BN_MONT_CTX_free(mont);
- if (powerbuf != NULL) {
- OPENSSL_cleanse(powerbuf, powerbufLen);
- if (powerbufFree)
- OPENSSL_free(powerbufFree);
- }
- BN_CTX_end(ctx);
- return (ret);
-}
-
-int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-{
- BN_MONT_CTX *mont = NULL;
- int b, bits, ret = 0;
- int r_is_one;
- BN_ULONG w, next_w;
- BIGNUM *d, *r, *t;
- BIGNUM *swap_tmp;
-#define BN_MOD_MUL_WORD(r, w, m) \
- (BN_mul_word(r, (w)) && \
- (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \
- (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
- /*
- * BN_MOD_MUL_WORD is only used with 'w' large, so the BN_ucmp test is
- * probably more overhead than always using BN_mod (which uses BN_copy if
- * a similar test returns true).
- */
- /*
- * We can use BN_mod and do not need BN_nnmod because our accumulator is
- * never negative (the result of BN_mod does not depend on the sign of
- * the modulus).
- */
-#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
- (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
-
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
- /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
- BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return -1;
- }
-
- bn_check_top(p);
- bn_check_top(m);
-
- if (!BN_is_odd(m)) {
- BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS);
- return (0);
- }
- if (m->top == 1)
- a %= m->d[0]; /* make sure that 'a' is reduced */
-
- bits = BN_num_bits(p);
- if (bits == 0) {
- /* x**0 mod 1 is still zero. */
- if (BN_is_one(m)) {
- ret = 1;
- BN_zero(rr);
- } else {
- ret = BN_one(rr);
- }
- return ret;
- }
- if (a == 0) {
- BN_zero(rr);
- ret = 1;
- return ret;
- }
-
- BN_CTX_start(ctx);
- d = BN_CTX_get(ctx);
- r = BN_CTX_get(ctx);
- t = BN_CTX_get(ctx);
- if (d == NULL || r == NULL || t == NULL)
- goto err;
-
- if (in_mont != NULL)
- mont = in_mont;
- else {
- if ((mont = BN_MONT_CTX_new()) == NULL)
- goto err;
- if (!BN_MONT_CTX_set(mont, m, ctx))
- goto err;
- }
-
- r_is_one = 1; /* except for Montgomery factor */
-
- /* bits-1 >= 0 */
-
- /* The result is accumulated in the product r*w. */
- w = a; /* bit 'bits-1' of 'p' is always set */
- for (b = bits - 2; b >= 0; b--) {
- /* First, square r*w. */
- next_w = w * w;
- if ((next_w / w) != w) { /* overflow */
- if (r_is_one) {
- if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
- goto err;
- r_is_one = 0;
- } else {
- if (!BN_MOD_MUL_WORD(r, w, m))
- goto err;
- }
- next_w = 1;
- }
- w = next_w;
- if (!r_is_one) {
- if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
- goto err;
- }
-
- /* Second, multiply r*w by 'a' if exponent bit is set. */
- if (BN_is_bit_set(p, b)) {
- next_w = w * a;
- if ((next_w / a) != w) { /* overflow */
- if (r_is_one) {
- if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
- goto err;
- r_is_one = 0;
- } else {
- if (!BN_MOD_MUL_WORD(r, w, m))
- goto err;
- }
- next_w = a;
- }
- w = next_w;
- }
- }
-
- /* Finally, set r:=r*w. */
- if (w != 1) {
- if (r_is_one) {
- if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
- goto err;
- r_is_one = 0;
- } else {
- if (!BN_MOD_MUL_WORD(r, w, m))
- goto err;
- }
- }
-
- if (r_is_one) { /* can happen only if a == 1 */
- if (!BN_one(rr))
- goto err;
- } else {
- if (!BN_from_montgomery(rr, r, mont, ctx))
- goto err;
- }
- ret = 1;
- err:
- if ((in_mont == NULL) && (mont != NULL))
- BN_MONT_CTX_free(mont);
- BN_CTX_end(ctx);
- bn_check_top(rr);
- return (ret);
-}
-
-/* The old fallback, simple version :-) */
-int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
-{
- int i, j, bits, ret = 0, wstart, wend, window, wvalue;
- int start = 1;
- BIGNUM *d;
- /* Table of variables obtained from 'ctx' */
- BIGNUM *val[TABLE_SIZE];
-
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
- /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
- BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return -1;
- }
-
- bits = BN_num_bits(p);
- if (bits == 0) {
- /* x**0 mod 1 is still zero. */
- if (BN_is_one(m)) {
- ret = 1;
- BN_zero(r);
- } else {
- ret = BN_one(r);
- }
- return ret;
- }
-
- BN_CTX_start(ctx);
- d = BN_CTX_get(ctx);
- val[0] = BN_CTX_get(ctx);
- if (!d || !val[0])
- goto err;
-
- if (!BN_nnmod(val[0], a, m, ctx))
- goto err; /* 1 */
- if (BN_is_zero(val[0])) {
- BN_zero(r);
- ret = 1;
- goto err;
- }
-
- window = BN_window_bits_for_exponent_size(bits);
- if (window > 1) {
- if (!BN_mod_mul(d, val[0], val[0], m, ctx))
- goto err; /* 2 */
- j = 1 << (window - 1);
- for (i = 1; i < j; i++) {
- if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul(val[i], val[i - 1], d, m, ctx))
- goto err;
- }
- }
-
- start = 1; /* This is used to avoid multiplication etc
- * when there is only the value '1' in the
- * buffer. */
- wvalue = 0; /* The 'value' of the window */
- wstart = bits - 1; /* The top bit of the window */
- wend = 0; /* The bottom bit of the window */
-
- if (!BN_one(r))
- goto err;
-
- for (;;) {
- if (BN_is_bit_set(p, wstart) == 0) {
- if (!start)
- if (!BN_mod_mul(r, r, r, m, ctx))
- goto err;
- if (wstart == 0)
- break;
- wstart--;
- continue;
- }
- /*
- * We now have wstart on a 'set' bit, we now need to work out how bit
- * a window to do. To do this we need to scan forward until the last
- * set bit before the end of the window
- */
- j = wstart;
- wvalue = 1;
- wend = 0;
- for (i = 1; i < window; i++) {
- if (wstart - i < 0)
- break;
- if (BN_is_bit_set(p, wstart - i)) {
- wvalue <<= (i - wend);
- wvalue |= 1;
- wend = i;
- }
- }
-
- /* wend is the size of the current window */
- j = wend + 1;
- /* add the 'bytes above' */
- if (!start)
- for (i = 0; i < j; i++) {
- if (!BN_mod_mul(r, r, r, m, ctx))
- goto err;
- }
-
- /* wvalue will be an odd number < 2^window */
- if (!BN_mod_mul(r, r, val[wvalue >> 1], m, ctx))
- goto err;
-
- /* move the 'window' down further */
- wstart -= wend + 1;
- wvalue = 0;
- start = 0;
- if (wstart < 0)
- break;
- }
- ret = 1;
- err:
- BN_CTX_end(ctx);
- bn_check_top(r);
- return (ret);
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_exp2.c b/thirdparty/openssl/crypto/bn/bn_exp2.c
deleted file mode 100644
index 43fd2044c0..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_exp2.c
+++ /dev/null
@@ -1,303 +0,0 @@
-/* crypto/bn/bn_exp2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#define TABLE_SIZE 32
-
-int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
- const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
-{
- int i, j, bits, b, bits1, bits2, ret =
- 0, wpos1, wpos2, window1, window2, wvalue1, wvalue2;
- int r_is_one = 1;
- BIGNUM *d, *r;
- const BIGNUM *a_mod_m;
- /* Tables of variables obtained from 'ctx' */
- BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
- BN_MONT_CTX *mont = NULL;
-
- bn_check_top(a1);
- bn_check_top(p1);
- bn_check_top(a2);
- bn_check_top(p2);
- bn_check_top(m);
-
- if (!(m->d[0] & 1)) {
- BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
- return (0);
- }
- bits1 = BN_num_bits(p1);
- bits2 = BN_num_bits(p2);
- if ((bits1 == 0) && (bits2 == 0)) {
- ret = BN_one(rr);
- return ret;
- }
-
- bits = (bits1 > bits2) ? bits1 : bits2;
-
- BN_CTX_start(ctx);
- d = BN_CTX_get(ctx);
- r = BN_CTX_get(ctx);
- val1[0] = BN_CTX_get(ctx);
- val2[0] = BN_CTX_get(ctx);
- if (!d || !r || !val1[0] || !val2[0])
- goto err;
-
- if (in_mont != NULL)
- mont = in_mont;
- else {
- if ((mont = BN_MONT_CTX_new()) == NULL)
- goto err;
- if (!BN_MONT_CTX_set(mont, m, ctx))
- goto err;
- }
-
- window1 = BN_window_bits_for_exponent_size(bits1);
- window2 = BN_window_bits_for_exponent_size(bits2);
-
- /*
- * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1)
- */
- if (a1->neg || BN_ucmp(a1, m) >= 0) {
- if (!BN_mod(val1[0], a1, m, ctx))
- goto err;
- a_mod_m = val1[0];
- } else
- a_mod_m = a1;
- if (BN_is_zero(a_mod_m)) {
- BN_zero(rr);
- ret = 1;
- goto err;
- }
-
- if (!BN_to_montgomery(val1[0], a_mod_m, mont, ctx))
- goto err;
- if (window1 > 1) {
- if (!BN_mod_mul_montgomery(d, val1[0], val1[0], mont, ctx))
- goto err;
-
- j = 1 << (window1 - 1);
- for (i = 1; i < j; i++) {
- if (((val1[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul_montgomery(val1[i], val1[i - 1], d, mont, ctx))
- goto err;
- }
- }
-
- /*
- * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1)
- */
- if (a2->neg || BN_ucmp(a2, m) >= 0) {
- if (!BN_mod(val2[0], a2, m, ctx))
- goto err;
- a_mod_m = val2[0];
- } else
- a_mod_m = a2;
- if (BN_is_zero(a_mod_m)) {
- BN_zero(rr);
- ret = 1;
- goto err;
- }
- if (!BN_to_montgomery(val2[0], a_mod_m, mont, ctx))
- goto err;
- if (window2 > 1) {
- if (!BN_mod_mul_montgomery(d, val2[0], val2[0], mont, ctx))
- goto err;
-
- j = 1 << (window2 - 1);
- for (i = 1; i < j; i++) {
- if (((val2[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul_montgomery(val2[i], val2[i - 1], d, mont, ctx))
- goto err;
- }
- }
-
- /* Now compute the power product, using independent windows. */
- r_is_one = 1;
- wvalue1 = 0; /* The 'value' of the first window */
- wvalue2 = 0; /* The 'value' of the second window */
- wpos1 = 0; /* If wvalue1 > 0, the bottom bit of the
- * first window */
- wpos2 = 0; /* If wvalue2 > 0, the bottom bit of the
- * second window */
-
- if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
- goto err;
- for (b = bits - 1; b >= 0; b--) {
- if (!r_is_one) {
- if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
- goto err;
- }
-
- if (!wvalue1)
- if (BN_is_bit_set(p1, b)) {
- /*
- * consider bits b-window1+1 .. b for this window
- */
- i = b - window1 + 1;
- while (!BN_is_bit_set(p1, i)) /* works for i<0 */
- i++;
- wpos1 = i;
- wvalue1 = 1;
- for (i = b - 1; i >= wpos1; i--) {
- wvalue1 <<= 1;
- if (BN_is_bit_set(p1, i))
- wvalue1++;
- }
- }
-
- if (!wvalue2)
- if (BN_is_bit_set(p2, b)) {
- /*
- * consider bits b-window2+1 .. b for this window
- */
- i = b - window2 + 1;
- while (!BN_is_bit_set(p2, i))
- i++;
- wpos2 = i;
- wvalue2 = 1;
- for (i = b - 1; i >= wpos2; i--) {
- wvalue2 <<= 1;
- if (BN_is_bit_set(p2, i))
- wvalue2++;
- }
- }
-
- if (wvalue1 && b == wpos1) {
- /* wvalue1 is odd and < 2^window1 */
- if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1], mont, ctx))
- goto err;
- wvalue1 = 0;
- r_is_one = 0;
- }
-
- if (wvalue2 && b == wpos2) {
- /* wvalue2 is odd and < 2^window2 */
- if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1], mont, ctx))
- goto err;
- wvalue2 = 0;
- r_is_one = 0;
- }
- }
- if (!BN_from_montgomery(rr, r, mont, ctx))
- goto err;
- ret = 1;
- err:
- if ((in_mont == NULL) && (mont != NULL))
- BN_MONT_CTX_free(mont);
- BN_CTX_end(ctx);
- bn_check_top(rr);
- return (ret);
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_gcd.c b/thirdparty/openssl/crypto/bn/bn_gcd.c
deleted file mode 100644
index ce59fe701f..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_gcd.c
+++ /dev/null
@@ -1,702 +0,0 @@
-/* crypto/bn/bn_gcd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
-
-int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
-{
- BIGNUM *a, *b, *t;
- int ret = 0;
-
- bn_check_top(in_a);
- bn_check_top(in_b);
-
- BN_CTX_start(ctx);
- a = BN_CTX_get(ctx);
- b = BN_CTX_get(ctx);
- if (a == NULL || b == NULL)
- goto err;
-
- if (BN_copy(a, in_a) == NULL)
- goto err;
- if (BN_copy(b, in_b) == NULL)
- goto err;
- a->neg = 0;
- b->neg = 0;
-
- if (BN_cmp(a, b) < 0) {
- t = a;
- a = b;
- b = t;
- }
- t = euclid(a, b);
- if (t == NULL)
- goto err;
-
- if (BN_copy(r, t) == NULL)
- goto err;
- ret = 1;
- err:
- BN_CTX_end(ctx);
- bn_check_top(r);
- return (ret);
-}
-
-static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
-{
- BIGNUM *t;
- int shifts = 0;
-
- bn_check_top(a);
- bn_check_top(b);
-
- /* 0 <= b <= a */
- while (!BN_is_zero(b)) {
- /* 0 < b <= a */
-
- if (BN_is_odd(a)) {
- if (BN_is_odd(b)) {
- if (!BN_sub(a, a, b))
- goto err;
- if (!BN_rshift1(a, a))
- goto err;
- if (BN_cmp(a, b) < 0) {
- t = a;
- a = b;
- b = t;
- }
- } else { /* a odd - b even */
-
- if (!BN_rshift1(b, b))
- goto err;
- if (BN_cmp(a, b) < 0) {
- t = a;
- a = b;
- b = t;
- }
- }
- } else { /* a is even */
-
- if (BN_is_odd(b)) {
- if (!BN_rshift1(a, a))
- goto err;
- if (BN_cmp(a, b) < 0) {
- t = a;
- a = b;
- b = t;
- }
- } else { /* a even - b even */
-
- if (!BN_rshift1(a, a))
- goto err;
- if (!BN_rshift1(b, b))
- goto err;
- shifts++;
- }
- }
- /* 0 <= b <= a */
- }
-
- if (shifts) {
- if (!BN_lshift(a, a, shifts))
- goto err;
- }
- bn_check_top(a);
- return (a);
- err:
- return (NULL);
-}
-
-/* solves ax == 1 (mod n) */
-static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
- const BIGNUM *a, const BIGNUM *n,
- BN_CTX *ctx);
-
-BIGNUM *BN_mod_inverse(BIGNUM *in,
- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
-{
- BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
- BIGNUM *ret = NULL;
- int sign;
-
- if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0)
- || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) {
- return BN_mod_inverse_no_branch(in, a, n, ctx);
- }
-
- bn_check_top(a);
- bn_check_top(n);
-
- BN_CTX_start(ctx);
- A = BN_CTX_get(ctx);
- B = BN_CTX_get(ctx);
- X = BN_CTX_get(ctx);
- D = BN_CTX_get(ctx);
- M = BN_CTX_get(ctx);
- Y = BN_CTX_get(ctx);
- T = BN_CTX_get(ctx);
- if (T == NULL)
- goto err;
-
- if (in == NULL)
- R = BN_new();
- else
- R = in;
- if (R == NULL)
- goto err;
-
- BN_one(X);
- BN_zero(Y);
- if (BN_copy(B, a) == NULL)
- goto err;
- if (BN_copy(A, n) == NULL)
- goto err;
- A->neg = 0;
- if (B->neg || (BN_ucmp(B, A) >= 0)) {
- if (!BN_nnmod(B, B, A, ctx))
- goto err;
- }
- sign = -1;
- /*-
- * From B = a mod |n|, A = |n| it follows that
- *
- * 0 <= B < A,
- * -sign*X*a == B (mod |n|),
- * sign*Y*a == A (mod |n|).
- */
-
- if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) {
- /*
- * Binary inversion algorithm; requires odd modulus. This is faster
- * than the general algorithm if the modulus is sufficiently small
- * (about 400 .. 500 bits on 32-bit sytems, but much more on 64-bit
- * systems)
- */
- int shift;
-
- while (!BN_is_zero(B)) {
- /*-
- * 0 < B < |n|,
- * 0 < A <= |n|,
- * (1) -sign*X*a == B (mod |n|),
- * (2) sign*Y*a == A (mod |n|)
- */
-
- /*
- * Now divide B by the maximum possible power of two in the
- * integers, and divide X by the same value mod |n|. When we're
- * done, (1) still holds.
- */
- shift = 0;
- while (!BN_is_bit_set(B, shift)) { /* note that 0 < B */
- shift++;
-
- if (BN_is_odd(X)) {
- if (!BN_uadd(X, X, n))
- goto err;
- }
- /*
- * now X is even, so we can easily divide it by two
- */
- if (!BN_rshift1(X, X))
- goto err;
- }
- if (shift > 0) {
- if (!BN_rshift(B, B, shift))
- goto err;
- }
-
- /*
- * Same for A and Y. Afterwards, (2) still holds.
- */
- shift = 0;
- while (!BN_is_bit_set(A, shift)) { /* note that 0 < A */
- shift++;
-
- if (BN_is_odd(Y)) {
- if (!BN_uadd(Y, Y, n))
- goto err;
- }
- /* now Y is even */
- if (!BN_rshift1(Y, Y))
- goto err;
- }
- if (shift > 0) {
- if (!BN_rshift(A, A, shift))
- goto err;
- }
-
- /*-
- * We still have (1) and (2).
- * Both A and B are odd.
- * The following computations ensure that
- *
- * 0 <= B < |n|,
- * 0 < A < |n|,
- * (1) -sign*X*a == B (mod |n|),
- * (2) sign*Y*a == A (mod |n|),
- *
- * and that either A or B is even in the next iteration.
- */
- if (BN_ucmp(B, A) >= 0) {
- /* -sign*(X + Y)*a == B - A (mod |n|) */
- if (!BN_uadd(X, X, Y))
- goto err;
- /*
- * NB: we could use BN_mod_add_quick(X, X, Y, n), but that
- * actually makes the algorithm slower
- */
- if (!BN_usub(B, B, A))
- goto err;
- } else {
- /* sign*(X + Y)*a == A - B (mod |n|) */
- if (!BN_uadd(Y, Y, X))
- goto err;
- /*
- * as above, BN_mod_add_quick(Y, Y, X, n) would slow things
- * down
- */
- if (!BN_usub(A, A, B))
- goto err;
- }
- }
- } else {
- /* general inversion algorithm */
-
- while (!BN_is_zero(B)) {
- BIGNUM *tmp;
-
- /*-
- * 0 < B < A,
- * (*) -sign*X*a == B (mod |n|),
- * sign*Y*a == A (mod |n|)
- */
-
- /* (D, M) := (A/B, A%B) ... */
- if (BN_num_bits(A) == BN_num_bits(B)) {
- if (!BN_one(D))
- goto err;
- if (!BN_sub(M, A, B))
- goto err;
- } else if (BN_num_bits(A) == BN_num_bits(B) + 1) {
- /* A/B is 1, 2, or 3 */
- if (!BN_lshift1(T, B))
- goto err;
- if (BN_ucmp(A, T) < 0) {
- /* A < 2*B, so D=1 */
- if (!BN_one(D))
- goto err;
- if (!BN_sub(M, A, B))
- goto err;
- } else {
- /* A >= 2*B, so D=2 or D=3 */
- if (!BN_sub(M, A, T))
- goto err;
- if (!BN_add(D, T, B))
- goto err; /* use D (:= 3*B) as temp */
- if (BN_ucmp(A, D) < 0) {
- /* A < 3*B, so D=2 */
- if (!BN_set_word(D, 2))
- goto err;
- /*
- * M (= A - 2*B) already has the correct value
- */
- } else {
- /* only D=3 remains */
- if (!BN_set_word(D, 3))
- goto err;
- /*
- * currently M = A - 2*B, but we need M = A - 3*B
- */
- if (!BN_sub(M, M, B))
- goto err;
- }
- }
- } else {
- if (!BN_div(D, M, A, B, ctx))
- goto err;
- }
-
- /*-
- * Now
- * A = D*B + M;
- * thus we have
- * (**) sign*Y*a == D*B + M (mod |n|).
- */
-
- tmp = A; /* keep the BIGNUM object, the value does not
- * matter */
-
- /* (A, B) := (B, A mod B) ... */
- A = B;
- B = M;
- /* ... so we have 0 <= B < A again */
-
- /*-
- * Since the former M is now B and the former B is now A,
- * (**) translates into
- * sign*Y*a == D*A + B (mod |n|),
- * i.e.
- * sign*Y*a - D*A == B (mod |n|).
- * Similarly, (*) translates into
- * -sign*X*a == A (mod |n|).
- *
- * Thus,
- * sign*Y*a + D*sign*X*a == B (mod |n|),
- * i.e.
- * sign*(Y + D*X)*a == B (mod |n|).
- *
- * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
- * -sign*X*a == B (mod |n|),
- * sign*Y*a == A (mod |n|).
- * Note that X and Y stay non-negative all the time.
- */
-
- /*
- * most of the time D is very small, so we can optimize tmp :=
- * D*X+Y
- */
- if (BN_is_one(D)) {
- if (!BN_add(tmp, X, Y))
- goto err;
- } else {
- if (BN_is_word(D, 2)) {
- if (!BN_lshift1(tmp, X))
- goto err;
- } else if (BN_is_word(D, 4)) {
- if (!BN_lshift(tmp, X, 2))
- goto err;
- } else if (D->top == 1) {
- if (!BN_copy(tmp, X))
- goto err;
- if (!BN_mul_word(tmp, D->d[0]))
- goto err;
- } else {
- if (!BN_mul(tmp, D, X, ctx))
- goto err;
- }
- if (!BN_add(tmp, tmp, Y))
- goto err;
- }
-
- M = Y; /* keep the BIGNUM object, the value does not
- * matter */
- Y = X;
- X = tmp;
- sign = -sign;
- }
- }
-
- /*-
- * The while loop (Euclid's algorithm) ends when
- * A == gcd(a,n);
- * we have
- * sign*Y*a == A (mod |n|),
- * where Y is non-negative.
- */
-
- if (sign < 0) {
- if (!BN_sub(Y, n, Y))
- goto err;
- }
- /* Now Y*a == A (mod |n|). */
-
- if (BN_is_one(A)) {
- /* Y*a == 1 (mod |n|) */
- if (!Y->neg && BN_ucmp(Y, n) < 0) {
- if (!BN_copy(R, Y))
- goto err;
- } else {
- if (!BN_nnmod(R, Y, n, ctx))
- goto err;
- }
- } else {
- BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
- goto err;
- }
- ret = R;
- err:
- if ((ret == NULL) && (in == NULL))
- BN_free(R);
- BN_CTX_end(ctx);
- bn_check_top(ret);
- return (ret);
-}
-
-/*
- * BN_mod_inverse_no_branch is a special version of BN_mod_inverse. It does
- * not contain branches that may leak sensitive information.
- */
-static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
- const BIGNUM *a, const BIGNUM *n,
- BN_CTX *ctx)
-{
- BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
- BIGNUM local_A, local_B;
- BIGNUM *pA, *pB;
- BIGNUM *ret = NULL;
- int sign;
-
- bn_check_top(a);
- bn_check_top(n);
-
- BN_CTX_start(ctx);
- A = BN_CTX_get(ctx);
- B = BN_CTX_get(ctx);
- X = BN_CTX_get(ctx);
- D = BN_CTX_get(ctx);
- M = BN_CTX_get(ctx);
- Y = BN_CTX_get(ctx);
- T = BN_CTX_get(ctx);
- if (T == NULL)
- goto err;
-
- if (in == NULL)
- R = BN_new();
- else
- R = in;
- if (R == NULL)
- goto err;
-
- BN_one(X);
- BN_zero(Y);
- if (BN_copy(B, a) == NULL)
- goto err;
- if (BN_copy(A, n) == NULL)
- goto err;
- A->neg = 0;
-
- if (B->neg || (BN_ucmp(B, A) >= 0)) {
- /*
- * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
- * BN_div_no_branch will be called eventually.
- */
- pB = &local_B;
- local_B.flags = 0;
- BN_with_flags(pB, B, BN_FLG_CONSTTIME);
- if (!BN_nnmod(B, pB, A, ctx))
- goto err;
- }
- sign = -1;
- /*-
- * From B = a mod |n|, A = |n| it follows that
- *
- * 0 <= B < A,
- * -sign*X*a == B (mod |n|),
- * sign*Y*a == A (mod |n|).
- */
-
- while (!BN_is_zero(B)) {
- BIGNUM *tmp;
-
- /*-
- * 0 < B < A,
- * (*) -sign*X*a == B (mod |n|),
- * sign*Y*a == A (mod |n|)
- */
-
- /*
- * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
- * BN_div_no_branch will be called eventually.
- */
- pA = &local_A;
- local_A.flags = 0;
- BN_with_flags(pA, A, BN_FLG_CONSTTIME);
-
- /* (D, M) := (A/B, A%B) ... */
- if (!BN_div(D, M, pA, B, ctx))
- goto err;
-
- /*-
- * Now
- * A = D*B + M;
- * thus we have
- * (**) sign*Y*a == D*B + M (mod |n|).
- */
-
- tmp = A; /* keep the BIGNUM object, the value does not
- * matter */
-
- /* (A, B) := (B, A mod B) ... */
- A = B;
- B = M;
- /* ... so we have 0 <= B < A again */
-
- /*-
- * Since the former M is now B and the former B is now A,
- * (**) translates into
- * sign*Y*a == D*A + B (mod |n|),
- * i.e.
- * sign*Y*a - D*A == B (mod |n|).
- * Similarly, (*) translates into
- * -sign*X*a == A (mod |n|).
- *
- * Thus,
- * sign*Y*a + D*sign*X*a == B (mod |n|),
- * i.e.
- * sign*(Y + D*X)*a == B (mod |n|).
- *
- * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
- * -sign*X*a == B (mod |n|),
- * sign*Y*a == A (mod |n|).
- * Note that X and Y stay non-negative all the time.
- */
-
- if (!BN_mul(tmp, D, X, ctx))
- goto err;
- if (!BN_add(tmp, tmp, Y))
- goto err;
-
- M = Y; /* keep the BIGNUM object, the value does not
- * matter */
- Y = X;
- X = tmp;
- sign = -sign;
- }
-
- /*-
- * The while loop (Euclid's algorithm) ends when
- * A == gcd(a,n);
- * we have
- * sign*Y*a == A (mod |n|),
- * where Y is non-negative.
- */
-
- if (sign < 0) {
- if (!BN_sub(Y, n, Y))
- goto err;
- }
- /* Now Y*a == A (mod |n|). */
-
- if (BN_is_one(A)) {
- /* Y*a == 1 (mod |n|) */
- if (!Y->neg && BN_ucmp(Y, n) < 0) {
- if (!BN_copy(R, Y))
- goto err;
- } else {
- if (!BN_nnmod(R, Y, n, ctx))
- goto err;
- }
- } else {
- BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE);
- goto err;
- }
- ret = R;
- err:
- if ((ret == NULL) && (in == NULL))
- BN_free(R);
- BN_CTX_end(ctx);
- bn_check_top(ret);
- return (ret);
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_gf2m.c b/thirdparty/openssl/crypto/bn/bn_gf2m.c
deleted file mode 100644
index 2c61da1109..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_gf2m.c
+++ /dev/null
@@ -1,1300 +0,0 @@
-/* crypto/bn/bn_gf2m.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * In addition, Sun covenants to all licensees who provide a reciprocal
- * covenant with respect to their own patents if any, not to sue under
- * current and future patent claims necessarily infringed by the making,
- * using, practicing, selling, offering for sale and/or otherwise
- * disposing of the ECC Code as delivered hereunder (or portions thereof),
- * provided that such covenant shall not apply:
- * 1) for code that a licensee deletes from the ECC Code;
- * 2) separates from the ECC Code; or
- * 3) for infringements caused by:
- * i) the modification of the ECC Code or
- * ii) the combination of the ECC Code with other software or
- * devices where such combination causes the infringement.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-/*
- * NOTE: This file is licensed pursuant to the OpenSSL license below and may
- * be modified; but after modifications, the above covenant may no longer
- * apply! In such cases, the corresponding paragraph ["In addition, Sun
- * covenants ... causes the infringement."] and this note can be edited out;
- * but please keep the Sun copyright notice and attribution.
- */
-
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <assert.h>
-#include <limits.h>
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#ifndef OPENSSL_NO_EC2M
-
-/*
- * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should
- * fail.
- */
-# define MAX_ITERATIONS 50
-
-static const BN_ULONG SQR_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21,
- 64, 65, 68, 69, 80, 81, 84, 85
-};
-
-/* Platform-specific macros to accelerate squaring. */
-# if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
-# define SQR1(w) \
- SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \
- SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \
- SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \
- SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF]
-# define SQR0(w) \
- SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \
- SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \
- SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \
- SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
-# endif
-# ifdef THIRTY_TWO_BIT
-# define SQR1(w) \
- SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \
- SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF]
-# define SQR0(w) \
- SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \
- SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
-# endif
-
-# if !defined(OPENSSL_BN_ASM_GF2m)
-/*
- * Product of two polynomials a, b each with degree < BN_BITS2 - 1, result is
- * a polynomial r with degree < 2 * BN_BITS - 1 The caller MUST ensure that
- * the variables have the right amount of space allocated.
- */
-# ifdef THIRTY_TWO_BIT
-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a,
- const BN_ULONG b)
-{
- register BN_ULONG h, l, s;
- BN_ULONG tab[8], top2b = a >> 30;
- register BN_ULONG a1, a2, a4;
-
- a1 = a & (0x3FFFFFFF);
- a2 = a1 << 1;
- a4 = a2 << 1;
-
- tab[0] = 0;
- tab[1] = a1;
- tab[2] = a2;
- tab[3] = a1 ^ a2;
- tab[4] = a4;
- tab[5] = a1 ^ a4;
- tab[6] = a2 ^ a4;
- tab[7] = a1 ^ a2 ^ a4;
-
- s = tab[b & 0x7];
- l = s;
- s = tab[b >> 3 & 0x7];
- l ^= s << 3;
- h = s >> 29;
- s = tab[b >> 6 & 0x7];
- l ^= s << 6;
- h ^= s >> 26;
- s = tab[b >> 9 & 0x7];
- l ^= s << 9;
- h ^= s >> 23;
- s = tab[b >> 12 & 0x7];
- l ^= s << 12;
- h ^= s >> 20;
- s = tab[b >> 15 & 0x7];
- l ^= s << 15;
- h ^= s >> 17;
- s = tab[b >> 18 & 0x7];
- l ^= s << 18;
- h ^= s >> 14;
- s = tab[b >> 21 & 0x7];
- l ^= s << 21;
- h ^= s >> 11;
- s = tab[b >> 24 & 0x7];
- l ^= s << 24;
- h ^= s >> 8;
- s = tab[b >> 27 & 0x7];
- l ^= s << 27;
- h ^= s >> 5;
- s = tab[b >> 30];
- l ^= s << 30;
- h ^= s >> 2;
-
- /* compensate for the top two bits of a */
-
- if (top2b & 01) {
- l ^= b << 30;
- h ^= b >> 2;
- }
- if (top2b & 02) {
- l ^= b << 31;
- h ^= b >> 1;
- }
-
- *r1 = h;
- *r0 = l;
-}
-# endif
-# if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a,
- const BN_ULONG b)
-{
- register BN_ULONG h, l, s;
- BN_ULONG tab[16], top3b = a >> 61;
- register BN_ULONG a1, a2, a4, a8;
-
- a1 = a & (0x1FFFFFFFFFFFFFFFULL);
- a2 = a1 << 1;
- a4 = a2 << 1;
- a8 = a4 << 1;
-
- tab[0] = 0;
- tab[1] = a1;
- tab[2] = a2;
- tab[3] = a1 ^ a2;
- tab[4] = a4;
- tab[5] = a1 ^ a4;
- tab[6] = a2 ^ a4;
- tab[7] = a1 ^ a2 ^ a4;
- tab[8] = a8;
- tab[9] = a1 ^ a8;
- tab[10] = a2 ^ a8;
- tab[11] = a1 ^ a2 ^ a8;
- tab[12] = a4 ^ a8;
- tab[13] = a1 ^ a4 ^ a8;
- tab[14] = a2 ^ a4 ^ a8;
- tab[15] = a1 ^ a2 ^ a4 ^ a8;
-
- s = tab[b & 0xF];
- l = s;
- s = tab[b >> 4 & 0xF];
- l ^= s << 4;
- h = s >> 60;
- s = tab[b >> 8 & 0xF];
- l ^= s << 8;
- h ^= s >> 56;
- s = tab[b >> 12 & 0xF];
- l ^= s << 12;
- h ^= s >> 52;
- s = tab[b >> 16 & 0xF];
- l ^= s << 16;
- h ^= s >> 48;
- s = tab[b >> 20 & 0xF];
- l ^= s << 20;
- h ^= s >> 44;
- s = tab[b >> 24 & 0xF];
- l ^= s << 24;
- h ^= s >> 40;
- s = tab[b >> 28 & 0xF];
- l ^= s << 28;
- h ^= s >> 36;
- s = tab[b >> 32 & 0xF];
- l ^= s << 32;
- h ^= s >> 32;
- s = tab[b >> 36 & 0xF];
- l ^= s << 36;
- h ^= s >> 28;
- s = tab[b >> 40 & 0xF];
- l ^= s << 40;
- h ^= s >> 24;
- s = tab[b >> 44 & 0xF];
- l ^= s << 44;
- h ^= s >> 20;
- s = tab[b >> 48 & 0xF];
- l ^= s << 48;
- h ^= s >> 16;
- s = tab[b >> 52 & 0xF];
- l ^= s << 52;
- h ^= s >> 12;
- s = tab[b >> 56 & 0xF];
- l ^= s << 56;
- h ^= s >> 8;
- s = tab[b >> 60];
- l ^= s << 60;
- h ^= s >> 4;
-
- /* compensate for the top three bits of a */
-
- if (top3b & 01) {
- l ^= b << 61;
- h ^= b >> 3;
- }
- if (top3b & 02) {
- l ^= b << 62;
- h ^= b >> 2;
- }
- if (top3b & 04) {
- l ^= b << 63;
- h ^= b >> 1;
- }
-
- *r1 = h;
- *r0 = l;
-}
-# endif
-
-/*
- * Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1,
- * result is a polynomial r with degree < 4 * BN_BITS2 - 1 The caller MUST
- * ensure that the variables have the right amount of space allocated.
- */
-static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0,
- const BN_ULONG b1, const BN_ULONG b0)
-{
- BN_ULONG m1, m0;
- /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */
- bn_GF2m_mul_1x1(r + 3, r + 2, a1, b1);
- bn_GF2m_mul_1x1(r + 1, r, a0, b0);
- bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);
- /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */
- r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */
- r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */
-}
-# else
-void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1,
- BN_ULONG b0);
-# endif
-
-/*
- * Add polynomials a and b and store result in r; r could be a or b, a and b
- * could be equal; r is the bitwise XOR of a and b.
- */
-int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-{
- int i;
- const BIGNUM *at, *bt;
-
- bn_check_top(a);
- bn_check_top(b);
-
- if (a->top < b->top) {
- at = b;
- bt = a;
- } else {
- at = a;
- bt = b;
- }
-
- if (bn_wexpand(r, at->top) == NULL)
- return 0;
-
- for (i = 0; i < bt->top; i++) {
- r->d[i] = at->d[i] ^ bt->d[i];
- }
- for (; i < at->top; i++) {
- r->d[i] = at->d[i];
- }
-
- r->top = at->top;
- bn_correct_top(r);
-
- return 1;
-}
-
-/*-
- * Some functions allow for representation of the irreducible polynomials
- * as an int[], say p. The irreducible f(t) is then of the form:
- * t^p[0] + t^p[1] + ... + t^p[k]
- * where m = p[0] > p[1] > ... > p[k] = 0.
- */
-
-/* Performs modular reduction of a and store result in r. r could be a. */
-int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
-{
- int j, k;
- int n, dN, d0, d1;
- BN_ULONG zz, *z;
-
- bn_check_top(a);
-
- if (!p[0]) {
- /* reduction mod 1 => return 0 */
- BN_zero(r);
- return 1;
- }
-
- /*
- * Since the algorithm does reduction in the r value, if a != r, copy the
- * contents of a into r so we can do reduction in r.
- */
- if (a != r) {
- if (!bn_wexpand(r, a->top))
- return 0;
- for (j = 0; j < a->top; j++) {
- r->d[j] = a->d[j];
- }
- r->top = a->top;
- }
- z = r->d;
-
- /* start reduction */
- dN = p[0] / BN_BITS2;
- for (j = r->top - 1; j > dN;) {
- zz = z[j];
- if (z[j] == 0) {
- j--;
- continue;
- }
- z[j] = 0;
-
- for (k = 1; p[k] != 0; k++) {
- /* reducing component t^p[k] */
- n = p[0] - p[k];
- d0 = n % BN_BITS2;
- d1 = BN_BITS2 - d0;
- n /= BN_BITS2;
- z[j - n] ^= (zz >> d0);
- if (d0)
- z[j - n - 1] ^= (zz << d1);
- }
-
- /* reducing component t^0 */
- n = dN;
- d0 = p[0] % BN_BITS2;
- d1 = BN_BITS2 - d0;
- z[j - n] ^= (zz >> d0);
- if (d0)
- z[j - n - 1] ^= (zz << d1);
- }
-
- /* final round of reduction */
- while (j == dN) {
-
- d0 = p[0] % BN_BITS2;
- zz = z[dN] >> d0;
- if (zz == 0)
- break;
- d1 = BN_BITS2 - d0;
-
- /* clear up the top d1 bits */
- if (d0)
- z[dN] = (z[dN] << d1) >> d1;
- else
- z[dN] = 0;
- z[0] ^= zz; /* reduction t^0 component */
-
- for (k = 1; p[k] != 0; k++) {
- BN_ULONG tmp_ulong;
-
- /* reducing component t^p[k] */
- n = p[k] / BN_BITS2;
- d0 = p[k] % BN_BITS2;
- d1 = BN_BITS2 - d0;
- z[n] ^= (zz << d0);
- if (d0 && (tmp_ulong = zz >> d1))
- z[n + 1] ^= tmp_ulong;
- }
-
- }
-
- bn_correct_top(r);
- return 1;
-}
-
-/*
- * Performs modular reduction of a by p and store result in r. r could be a.
- * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
- * BN_GF2m_mod_arr function.
- */
-int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
-{
- int ret = 0;
- int arr[6];
- bn_check_top(a);
- bn_check_top(p);
- ret = BN_GF2m_poly2arr(p, arr, sizeof(arr) / sizeof(arr[0]));
- if (!ret || ret > (int)(sizeof(arr) / sizeof(arr[0]))) {
- BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH);
- return 0;
- }
- ret = BN_GF2m_mod_arr(r, a, arr);
- bn_check_top(r);
- return ret;
-}
-
-/*
- * Compute the product of two polynomials a and b, reduce modulo p, and store
- * the result in r. r could be a or b; a could be b.
- */
-int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- const int p[], BN_CTX *ctx)
-{
- int zlen, i, j, k, ret = 0;
- BIGNUM *s;
- BN_ULONG x1, x0, y1, y0, zz[4];
-
- bn_check_top(a);
- bn_check_top(b);
-
- if (a == b) {
- return BN_GF2m_mod_sqr_arr(r, a, p, ctx);
- }
-
- BN_CTX_start(ctx);
- if ((s = BN_CTX_get(ctx)) == NULL)
- goto err;
-
- zlen = a->top + b->top + 4;
- if (!bn_wexpand(s, zlen))
- goto err;
- s->top = zlen;
-
- for (i = 0; i < zlen; i++)
- s->d[i] = 0;
-
- for (j = 0; j < b->top; j += 2) {
- y0 = b->d[j];
- y1 = ((j + 1) == b->top) ? 0 : b->d[j + 1];
- for (i = 0; i < a->top; i += 2) {
- x0 = a->d[i];
- x1 = ((i + 1) == a->top) ? 0 : a->d[i + 1];
- bn_GF2m_mul_2x2(zz, x1, x0, y1, y0);
- for (k = 0; k < 4; k++)
- s->d[i + j + k] ^= zz[k];
- }
- }
-
- bn_correct_top(s);
- if (BN_GF2m_mod_arr(r, s, p))
- ret = 1;
- bn_check_top(r);
-
- err:
- BN_CTX_end(ctx);
- return ret;
-}
-
-/*
- * Compute the product of two polynomials a and b, reduce modulo p, and store
- * the result in r. r could be a or b; a could equal b. This function calls
- * down to the BN_GF2m_mod_mul_arr implementation; this wrapper function is
- * only provided for convenience; for best performance, use the
- * BN_GF2m_mod_mul_arr function.
- */
-int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- const BIGNUM *p, BN_CTX *ctx)
-{
- int ret = 0;
- const int max = BN_num_bits(p) + 1;
- int *arr = NULL;
- bn_check_top(a);
- bn_check_top(b);
- bn_check_top(p);
- if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL)
- goto err;
- ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max) {
- BNerr(BN_F_BN_GF2M_MOD_MUL, BN_R_INVALID_LENGTH);
- goto err;
- }
- ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
- bn_check_top(r);
- err:
- if (arr)
- OPENSSL_free(arr);
- return ret;
-}
-
-/* Square a, reduce the result mod p, and store it in a. r could be a. */
-int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
- BN_CTX *ctx)
-{
- int i, ret = 0;
- BIGNUM *s;
-
- bn_check_top(a);
- BN_CTX_start(ctx);
- if ((s = BN_CTX_get(ctx)) == NULL)
- goto err;
- if (!bn_wexpand(s, 2 * a->top))
- goto err;
-
- for (i = a->top - 1; i >= 0; i--) {
- s->d[2 * i + 1] = SQR1(a->d[i]);
- s->d[2 * i] = SQR0(a->d[i]);
- }
-
- s->top = 2 * a->top;
- bn_correct_top(s);
- if (!BN_GF2m_mod_arr(r, s, p))
- goto err;
- bn_check_top(r);
- ret = 1;
- err:
- BN_CTX_end(ctx);
- return ret;
-}
-
-/*
- * Square a, reduce the result mod p, and store it in a. r could be a. This
- * function calls down to the BN_GF2m_mod_sqr_arr implementation; this
- * wrapper function is only provided for convenience; for best performance,
- * use the BN_GF2m_mod_sqr_arr function.
- */
-int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-{
- int ret = 0;
- const int max = BN_num_bits(p) + 1;
- int *arr = NULL;
-
- bn_check_top(a);
- bn_check_top(p);
- if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL)
- goto err;
- ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max) {
- BNerr(BN_F_BN_GF2M_MOD_SQR, BN_R_INVALID_LENGTH);
- goto err;
- }
- ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
- bn_check_top(r);
- err:
- if (arr)
- OPENSSL_free(arr);
- return ret;
-}
-
-/*
- * Invert a, reduce modulo p, and store the result in r. r could be a. Uses
- * Modified Almost Inverse Algorithm (Algorithm 10) from Hankerson, D.,
- * Hernandez, J.L., and Menezes, A. "Software Implementation of Elliptic
- * Curve Cryptography Over Binary Fields".
- */
-int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-{
- BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp;
- int ret = 0;
-
- bn_check_top(a);
- bn_check_top(p);
-
- BN_CTX_start(ctx);
-
- if ((b = BN_CTX_get(ctx)) == NULL)
- goto err;
- if ((c = BN_CTX_get(ctx)) == NULL)
- goto err;
- if ((u = BN_CTX_get(ctx)) == NULL)
- goto err;
- if ((v = BN_CTX_get(ctx)) == NULL)
- goto err;
-
- if (!BN_GF2m_mod(u, a, p))
- goto err;
- if (BN_is_zero(u))
- goto err;
-
- if (!BN_copy(v, p))
- goto err;
-# if 0
- if (!BN_one(b))
- goto err;
-
- while (1) {
- while (!BN_is_odd(u)) {
- if (BN_is_zero(u))
- goto err;
- if (!BN_rshift1(u, u))
- goto err;
- if (BN_is_odd(b)) {
- if (!BN_GF2m_add(b, b, p))
- goto err;
- }
- if (!BN_rshift1(b, b))
- goto err;
- }
-
- if (BN_abs_is_word(u, 1))
- break;
-
- if (BN_num_bits(u) < BN_num_bits(v)) {
- tmp = u;
- u = v;
- v = tmp;
- tmp = b;
- b = c;
- c = tmp;
- }
-
- if (!BN_GF2m_add(u, u, v))
- goto err;
- if (!BN_GF2m_add(b, b, c))
- goto err;
- }
-# else
- {
- int i;
- int ubits = BN_num_bits(u);
- int vbits = BN_num_bits(v); /* v is copy of p */
- int top = p->top;
- BN_ULONG *udp, *bdp, *vdp, *cdp;
-
- if (!bn_wexpand(u, top))
- goto err;
- udp = u->d;
- for (i = u->top; i < top; i++)
- udp[i] = 0;
- u->top = top;
- if (!bn_wexpand(b, top))
- goto err;
- bdp = b->d;
- bdp[0] = 1;
- for (i = 1; i < top; i++)
- bdp[i] = 0;
- b->top = top;
- if (!bn_wexpand(c, top))
- goto err;
- cdp = c->d;
- for (i = 0; i < top; i++)
- cdp[i] = 0;
- c->top = top;
- vdp = v->d; /* It pays off to "cache" *->d pointers,
- * because it allows optimizer to be more
- * aggressive. But we don't have to "cache"
- * p->d, because *p is declared 'const'... */
- while (1) {
- while (ubits && !(udp[0] & 1)) {
- BN_ULONG u0, u1, b0, b1, mask;
-
- u0 = udp[0];
- b0 = bdp[0];
- mask = (BN_ULONG)0 - (b0 & 1);
- b0 ^= p->d[0] & mask;
- for (i = 0; i < top - 1; i++) {
- u1 = udp[i + 1];
- udp[i] = ((u0 >> 1) | (u1 << (BN_BITS2 - 1))) & BN_MASK2;
- u0 = u1;
- b1 = bdp[i + 1] ^ (p->d[i + 1] & mask);
- bdp[i] = ((b0 >> 1) | (b1 << (BN_BITS2 - 1))) & BN_MASK2;
- b0 = b1;
- }
- udp[i] = u0 >> 1;
- bdp[i] = b0 >> 1;
- ubits--;
- }
-
- if (ubits <= BN_BITS2) {
- if (udp[0] == 0) /* poly was reducible */
- goto err;
- if (udp[0] == 1)
- break;
- }
-
- if (ubits < vbits) {
- i = ubits;
- ubits = vbits;
- vbits = i;
- tmp = u;
- u = v;
- v = tmp;
- tmp = b;
- b = c;
- c = tmp;
- udp = vdp;
- vdp = v->d;
- bdp = cdp;
- cdp = c->d;
- }
- for (i = 0; i < top; i++) {
- udp[i] ^= vdp[i];
- bdp[i] ^= cdp[i];
- }
- if (ubits == vbits) {
- BN_ULONG ul;
- int utop = (ubits - 1) / BN_BITS2;
-
- while ((ul = udp[utop]) == 0 && utop)
- utop--;
- ubits = utop * BN_BITS2 + BN_num_bits_word(ul);
- }
- }
- bn_correct_top(b);
- }
-# endif
-
- if (!BN_copy(r, b))
- goto err;
- bn_check_top(r);
- ret = 1;
-
- err:
-# ifdef BN_DEBUG /* BN_CTX_end would complain about the
- * expanded form */
- bn_correct_top(c);
- bn_correct_top(u);
- bn_correct_top(v);
-# endif
- BN_CTX_end(ctx);
- return ret;
-}
-
-/*
- * Invert xx, reduce modulo p, and store the result in r. r could be xx.
- * This function calls down to the BN_GF2m_mod_inv implementation; this
- * wrapper function is only provided for convenience; for best performance,
- * use the BN_GF2m_mod_inv function.
- */
-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[],
- BN_CTX *ctx)
-{
- BIGNUM *field;
- int ret = 0;
-
- bn_check_top(xx);
- BN_CTX_start(ctx);
- if ((field = BN_CTX_get(ctx)) == NULL)
- goto err;
- if (!BN_GF2m_arr2poly(p, field))
- goto err;
-
- ret = BN_GF2m_mod_inv(r, xx, field, ctx);
- bn_check_top(r);
-
- err:
- BN_CTX_end(ctx);
- return ret;
-}
-
-# ifndef OPENSSL_SUN_GF2M_DIV
-/*
- * Divide y by x, reduce modulo p, and store the result in r. r could be x
- * or y, x could equal y.
- */
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x,
- const BIGNUM *p, BN_CTX *ctx)
-{
- BIGNUM *xinv = NULL;
- int ret = 0;
-
- bn_check_top(y);
- bn_check_top(x);
- bn_check_top(p);
-
- BN_CTX_start(ctx);
- xinv = BN_CTX_get(ctx);
- if (xinv == NULL)
- goto err;
-
- if (!BN_GF2m_mod_inv(xinv, x, p, ctx))
- goto err;
- if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx))
- goto err;
- bn_check_top(r);
- ret = 1;
-
- err:
- BN_CTX_end(ctx);
- return ret;
-}
-# else
-/*
- * Divide y by x, reduce modulo p, and store the result in r. r could be x
- * or y, x could equal y. Uses algorithm Modular_Division_GF(2^m) from
- * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to the
- * Great Divide".
- */
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x,
- const BIGNUM *p, BN_CTX *ctx)
-{
- BIGNUM *a, *b, *u, *v;
- int ret = 0;
-
- bn_check_top(y);
- bn_check_top(x);
- bn_check_top(p);
-
- BN_CTX_start(ctx);
-
- a = BN_CTX_get(ctx);
- b = BN_CTX_get(ctx);
- u = BN_CTX_get(ctx);
- v = BN_CTX_get(ctx);
- if (v == NULL)
- goto err;
-
- /* reduce x and y mod p */
- if (!BN_GF2m_mod(u, y, p))
- goto err;
- if (!BN_GF2m_mod(a, x, p))
- goto err;
- if (!BN_copy(b, p))
- goto err;
-
- while (!BN_is_odd(a)) {
- if (!BN_rshift1(a, a))
- goto err;
- if (BN_is_odd(u))
- if (!BN_GF2m_add(u, u, p))
- goto err;
- if (!BN_rshift1(u, u))
- goto err;
- }
-
- do {
- if (BN_GF2m_cmp(b, a) > 0) {
- if (!BN_GF2m_add(b, b, a))
- goto err;
- if (!BN_GF2m_add(v, v, u))
- goto err;
- do {
- if (!BN_rshift1(b, b))
- goto err;
- if (BN_is_odd(v))
- if (!BN_GF2m_add(v, v, p))
- goto err;
- if (!BN_rshift1(v, v))
- goto err;
- } while (!BN_is_odd(b));
- } else if (BN_abs_is_word(a, 1))
- break;
- else {
- if (!BN_GF2m_add(a, a, b))
- goto err;
- if (!BN_GF2m_add(u, u, v))
- goto err;
- do {
- if (!BN_rshift1(a, a))
- goto err;
- if (BN_is_odd(u))
- if (!BN_GF2m_add(u, u, p))
- goto err;
- if (!BN_rshift1(u, u))
- goto err;
- } while (!BN_is_odd(a));
- }
- } while (1);
-
- if (!BN_copy(r, u))
- goto err;
- bn_check_top(r);
- ret = 1;
-
- err:
- BN_CTX_end(ctx);
- return ret;
-}
-# endif
-
-/*
- * Divide yy by xx, reduce modulo p, and store the result in r. r could be xx
- * * or yy, xx could equal yy. This function calls down to the
- * BN_GF2m_mod_div implementation; this wrapper function is only provided for
- * convenience; for best performance, use the BN_GF2m_mod_div function.
- */
-int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx,
- const int p[], BN_CTX *ctx)
-{
- BIGNUM *field;
- int ret = 0;
-
- bn_check_top(yy);
- bn_check_top(xx);
-
- BN_CTX_start(ctx);
- if ((field = BN_CTX_get(ctx)) == NULL)
- goto err;
- if (!BN_GF2m_arr2poly(p, field))
- goto err;
-
- ret = BN_GF2m_mod_div(r, yy, xx, field, ctx);
- bn_check_top(r);
-
- err:
- BN_CTX_end(ctx);
- return ret;
-}
-
-/*
- * Compute the bth power of a, reduce modulo p, and store the result in r. r
- * could be a. Uses simple square-and-multiply algorithm A.5.1 from IEEE
- * P1363.
- */
-int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- const int p[], BN_CTX *ctx)
-{
- int ret = 0, i, n;
- BIGNUM *u;
-
- bn_check_top(a);
- bn_check_top(b);
-
- if (BN_is_zero(b))
- return (BN_one(r));
-
- if (BN_abs_is_word(b, 1))
- return (BN_copy(r, a) != NULL);
-
- BN_CTX_start(ctx);
- if ((u = BN_CTX_get(ctx)) == NULL)
- goto err;
-
- if (!BN_GF2m_mod_arr(u, a, p))
- goto err;
-
- n = BN_num_bits(b) - 1;
- for (i = n - 1; i >= 0; i--) {
- if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx))
- goto err;
- if (BN_is_bit_set(b, i)) {
- if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx))
- goto err;
- }
- }
- if (!BN_copy(r, u))
- goto err;
- bn_check_top(r);
- ret = 1;
- err:
- BN_CTX_end(ctx);
- return ret;
-}
-
-/*
- * Compute the bth power of a, reduce modulo p, and store the result in r. r
- * could be a. This function calls down to the BN_GF2m_mod_exp_arr
- * implementation; this wrapper function is only provided for convenience;
- * for best performance, use the BN_GF2m_mod_exp_arr function.
- */
-int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- const BIGNUM *p, BN_CTX *ctx)
-{
- int ret = 0;
- const int max = BN_num_bits(p) + 1;
- int *arr = NULL;
- bn_check_top(a);
- bn_check_top(b);
- bn_check_top(p);
- if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL)
- goto err;
- ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max) {
- BNerr(BN_F_BN_GF2M_MOD_EXP, BN_R_INVALID_LENGTH);
- goto err;
- }
- ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
- bn_check_top(r);
- err:
- if (arr)
- OPENSSL_free(arr);
- return ret;
-}
-
-/*
- * Compute the square root of a, reduce modulo p, and store the result in r.
- * r could be a. Uses exponentiation as in algorithm A.4.1 from IEEE P1363.
- */
-int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[],
- BN_CTX *ctx)
-{
- int ret = 0;
- BIGNUM *u;
-
- bn_check_top(a);
-
- if (!p[0]) {
- /* reduction mod 1 => return 0 */
- BN_zero(r);
- return 1;
- }
-
- BN_CTX_start(ctx);
- if ((u = BN_CTX_get(ctx)) == NULL)
- goto err;
-
- if (!BN_set_bit(u, p[0] - 1))
- goto err;
- ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);
- bn_check_top(r);
-
- err:
- BN_CTX_end(ctx);
- return ret;
-}
-
-/*
- * Compute the square root of a, reduce modulo p, and store the result in r.
- * r could be a. This function calls down to the BN_GF2m_mod_sqrt_arr
- * implementation; this wrapper function is only provided for convenience;
- * for best performance, use the BN_GF2m_mod_sqrt_arr function.
- */
-int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-{
- int ret = 0;
- const int max = BN_num_bits(p) + 1;
- int *arr = NULL;
- bn_check_top(a);
- bn_check_top(p);
- if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL)
- goto err;
- ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max) {
- BNerr(BN_F_BN_GF2M_MOD_SQRT, BN_R_INVALID_LENGTH);
- goto err;
- }
- ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
- bn_check_top(r);
- err:
- if (arr)
- OPENSSL_free(arr);
- return ret;
-}
-
-/*
- * Find r such that r^2 + r = a mod p. r could be a. If no r exists returns
- * 0. Uses algorithms A.4.7 and A.4.6 from IEEE P1363.
- */
-int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
- BN_CTX *ctx)
-{
- int ret = 0, count = 0, j;
- BIGNUM *a, *z, *rho, *w, *w2, *tmp;
-
- bn_check_top(a_);
-
- if (!p[0]) {
- /* reduction mod 1 => return 0 */
- BN_zero(r);
- return 1;
- }
-
- BN_CTX_start(ctx);
- a = BN_CTX_get(ctx);
- z = BN_CTX_get(ctx);
- w = BN_CTX_get(ctx);
- if (w == NULL)
- goto err;
-
- if (!BN_GF2m_mod_arr(a, a_, p))
- goto err;
-
- if (BN_is_zero(a)) {
- BN_zero(r);
- ret = 1;
- goto err;
- }
-
- if (p[0] & 0x1) { /* m is odd */
- /* compute half-trace of a */
- if (!BN_copy(z, a))
- goto err;
- for (j = 1; j <= (p[0] - 1) / 2; j++) {
- if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
- goto err;
- if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
- goto err;
- if (!BN_GF2m_add(z, z, a))
- goto err;
- }
-
- } else { /* m is even */
-
- rho = BN_CTX_get(ctx);
- w2 = BN_CTX_get(ctx);
- tmp = BN_CTX_get(ctx);
- if (tmp == NULL)
- goto err;
- do {
- if (!BN_rand(rho, p[0], 0, 0))
- goto err;
- if (!BN_GF2m_mod_arr(rho, rho, p))
- goto err;
- BN_zero(z);
- if (!BN_copy(w, rho))
- goto err;
- for (j = 1; j <= p[0] - 1; j++) {
- if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
- goto err;
- if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx))
- goto err;
- if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx))
- goto err;
- if (!BN_GF2m_add(z, z, tmp))
- goto err;
- if (!BN_GF2m_add(w, w2, rho))
- goto err;
- }
- count++;
- } while (BN_is_zero(w) && (count < MAX_ITERATIONS));
- if (BN_is_zero(w)) {
- BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_TOO_MANY_ITERATIONS);
- goto err;
- }
- }
-
- if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx))
- goto err;
- if (!BN_GF2m_add(w, z, w))
- goto err;
- if (BN_GF2m_cmp(w, a)) {
- BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION);
- goto err;
- }
-
- if (!BN_copy(r, z))
- goto err;
- bn_check_top(r);
-
- ret = 1;
-
- err:
- BN_CTX_end(ctx);
- return ret;
-}
-
-/*
- * Find r such that r^2 + r = a mod p. r could be a. If no r exists returns
- * 0. This function calls down to the BN_GF2m_mod_solve_quad_arr
- * implementation; this wrapper function is only provided for convenience;
- * for best performance, use the BN_GF2m_mod_solve_quad_arr function.
- */
-int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- BN_CTX *ctx)
-{
- int ret = 0;
- const int max = BN_num_bits(p) + 1;
- int *arr = NULL;
- bn_check_top(a);
- bn_check_top(p);
- if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL)
- goto err;
- ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max) {
- BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD, BN_R_INVALID_LENGTH);
- goto err;
- }
- ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
- bn_check_top(r);
- err:
- if (arr)
- OPENSSL_free(arr);
- return ret;
-}
-
-/*
- * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i *
- * x^i) into an array of integers corresponding to the bits with non-zero
- * coefficient. Array is terminated with -1. Up to max elements of the array
- * will be filled. Return value is total number of array elements that would
- * be filled if array was large enough.
- */
-int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
-{
- int i, j, k = 0;
- BN_ULONG mask;
-
- if (BN_is_zero(a))
- return 0;
-
- for (i = a->top - 1; i >= 0; i--) {
- if (!a->d[i])
- /* skip word if a->d[i] == 0 */
- continue;
- mask = BN_TBIT;
- for (j = BN_BITS2 - 1; j >= 0; j--) {
- if (a->d[i] & mask) {
- if (k < max)
- p[k] = BN_BITS2 * i + j;
- k++;
- }
- mask >>= 1;
- }
- }
-
- if (k < max) {
- p[k] = -1;
- k++;
- }
-
- return k;
-}
-
-/*
- * Convert the coefficient array representation of a polynomial to a
- * bit-string. The array must be terminated by -1.
- */
-int BN_GF2m_arr2poly(const int p[], BIGNUM *a)
-{
- int i;
-
- bn_check_top(a);
- BN_zero(a);
- for (i = 0; p[i] != -1; i++) {
- if (BN_set_bit(a, p[i]) == 0)
- return 0;
- }
- bn_check_top(a);
-
- return 1;
-}
-
-#endif
diff --git a/thirdparty/openssl/crypto/bn/bn_kron.c b/thirdparty/openssl/crypto/bn/bn_kron.c
deleted file mode 100644
index 88d731ac75..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_kron.c
+++ /dev/null
@@ -1,186 +0,0 @@
-/* crypto/bn/bn_kron.c */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-/* least significant word */
-#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
-
-/* Returns -2 for errors because both -1 and 0 are valid results. */
-int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-{
- int i;
- int ret = -2; /* avoid 'uninitialized' warning */
- int err = 0;
- BIGNUM *A, *B, *tmp;
- /*-
- * In 'tab', only odd-indexed entries are relevant:
- * For any odd BIGNUM n,
- * tab[BN_lsw(n) & 7]
- * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
- * Note that the sign of n does not matter.
- */
- static const int tab[8] = { 0, 1, 0, -1, 0, -1, 0, 1 };
-
- bn_check_top(a);
- bn_check_top(b);
-
- BN_CTX_start(ctx);
- A = BN_CTX_get(ctx);
- B = BN_CTX_get(ctx);
- if (B == NULL)
- goto end;
-
- err = !BN_copy(A, a);
- if (err)
- goto end;
- err = !BN_copy(B, b);
- if (err)
- goto end;
-
- /*
- * Kronecker symbol, imlemented according to Henri Cohen,
- * "A Course in Computational Algebraic Number Theory"
- * (algorithm 1.4.10).
- */
-
- /* Cohen's step 1: */
-
- if (BN_is_zero(B)) {
- ret = BN_abs_is_word(A, 1);
- goto end;
- }
-
- /* Cohen's step 2: */
-
- if (!BN_is_odd(A) && !BN_is_odd(B)) {
- ret = 0;
- goto end;
- }
-
- /* now B is non-zero */
- i = 0;
- while (!BN_is_bit_set(B, i))
- i++;
- err = !BN_rshift(B, B, i);
- if (err)
- goto end;
- if (i & 1) {
- /* i is odd */
- /* (thus B was even, thus A must be odd!) */
-
- /* set 'ret' to $(-1)^{(A^2-1)/8}$ */
- ret = tab[BN_lsw(A) & 7];
- } else {
- /* i is even */
- ret = 1;
- }
-
- if (B->neg) {
- B->neg = 0;
- if (A->neg)
- ret = -ret;
- }
-
- /*
- * now B is positive and odd, so what remains to be done is to compute
- * the Jacobi symbol (A/B) and multiply it by 'ret'
- */
-
- while (1) {
- /* Cohen's step 3: */
-
- /* B is positive and odd */
-
- if (BN_is_zero(A)) {
- ret = BN_is_one(B) ? ret : 0;
- goto end;
- }
-
- /* now A is non-zero */
- i = 0;
- while (!BN_is_bit_set(A, i))
- i++;
- err = !BN_rshift(A, A, i);
- if (err)
- goto end;
- if (i & 1) {
- /* i is odd */
- /* multiply 'ret' by $(-1)^{(B^2-1)/8}$ */
- ret = ret * tab[BN_lsw(B) & 7];
- }
-
- /* Cohen's step 4: */
- /* multiply 'ret' by $(-1)^{(A-1)(B-1)/4}$ */
- if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
- ret = -ret;
-
- /* (A, B) := (B mod |A|, |A|) */
- err = !BN_nnmod(B, B, A, ctx);
- if (err)
- goto end;
- tmp = A;
- A = B;
- B = tmp;
- tmp->neg = 0;
- }
- end:
- BN_CTX_end(ctx);
- if (err)
- return -2;
- else
- return ret;
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_lcl.h b/thirdparty/openssl/crypto/bn/bn_lcl.h
deleted file mode 100644
index 00f4f09945..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_lcl.h
+++ /dev/null
@@ -1,537 +0,0 @@
-/* crypto/bn/bn_lcl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_BN_LCL_H
-# define HEADER_BN_LCL_H
-
-# include <openssl/bn.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*-
- * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
- *
- *
- * For window size 'w' (w >= 2) and a random 'b' bits exponent,
- * the number of multiplications is a constant plus on average
- *
- * 2^(w-1) + (b-w)/(w+1);
- *
- * here 2^(w-1) is for precomputing the table (we actually need
- * entries only for windows that have the lowest bit set), and
- * (b-w)/(w+1) is an approximation for the expected number of
- * w-bit windows, not counting the first one.
- *
- * Thus we should use
- *
- * w >= 6 if b > 671
- * w = 5 if 671 > b > 239
- * w = 4 if 239 > b > 79
- * w = 3 if 79 > b > 23
- * w <= 2 if 23 > b
- *
- * (with draws in between). Very small exponents are often selected
- * with low Hamming weight, so we use w = 1 for b <= 23.
- */
-# if 1
-# define BN_window_bits_for_exponent_size(b) \
- ((b) > 671 ? 6 : \
- (b) > 239 ? 5 : \
- (b) > 79 ? 4 : \
- (b) > 23 ? 3 : 1)
-# else
-/*
- * Old SSLeay/OpenSSL table. Maximum window size was 5, so this table differs
- * for b==1024; but it coincides for other interesting values (b==160,
- * b==512).
- */
-# define BN_window_bits_for_exponent_size(b) \
- ((b) > 255 ? 5 : \
- (b) > 127 ? 4 : \
- (b) > 17 ? 3 : 1)
-# endif
-
-/*
- * BN_mod_exp_mont_conttime is based on the assumption that the L1 data cache
- * line width of the target processor is at least the following value.
- */
-# define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 )
-# define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1)
-
-/*
- * Window sizes optimized for fixed window size modular exponentiation
- * algorithm (BN_mod_exp_mont_consttime). To achieve the security goals of
- * BN_mode_exp_mont_consttime, the maximum size of the window must not exceed
- * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH). Window size thresholds are
- * defined for cache line sizes of 32 and 64, cache line sizes where
- * log_2(32)=5 and log_2(64)=6 respectively. A window size of 7 should only be
- * used on processors that have a 128 byte or greater cache line size.
- */
-# if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64
-
-# define BN_window_bits_for_ctime_exponent_size(b) \
- ((b) > 937 ? 6 : \
- (b) > 306 ? 5 : \
- (b) > 89 ? 4 : \
- (b) > 22 ? 3 : 1)
-# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6)
-
-# elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32
-
-# define BN_window_bits_for_ctime_exponent_size(b) \
- ((b) > 306 ? 5 : \
- (b) > 89 ? 4 : \
- (b) > 22 ? 3 : 1)
-# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5)
-
-# endif
-
-/* Pentium pro 16,16,16,32,64 */
-/* Alpha 16,16,16,16.64 */
-# define BN_MULL_SIZE_NORMAL (16)/* 32 */
-# define BN_MUL_RECURSIVE_SIZE_NORMAL (16)/* 32 less than */
-# define BN_SQR_RECURSIVE_SIZE_NORMAL (16)/* 32 */
-# define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32)/* 32 */
-# define BN_MONT_CTX_SET_SIZE_WORD (64)/* 32 */
-
-/*
- * 2011-02-22 SMS. In various places, a size_t variable or a type cast to
- * size_t was used to perform integer-only operations on pointers. This
- * failed on VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t
- * is still only 32 bits. What's needed in these cases is an integer type
- * with the same size as a pointer, which size_t is not certain to be. The
- * only fix here is VMS-specific.
- */
-# if defined(OPENSSL_SYS_VMS)
-# if __INITIAL_POINTER_SIZE == 64
-# define PTR_SIZE_INT long long
-# else /* __INITIAL_POINTER_SIZE == 64 */
-# define PTR_SIZE_INT int
-# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
-# elif !defined(PTR_SIZE_INT) /* defined(OPENSSL_SYS_VMS) */
-# define PTR_SIZE_INT size_t
-# endif /* defined(OPENSSL_SYS_VMS) [else] */
-
-# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
-/*
- * BN_UMULT_HIGH section.
- *
- * No, I'm not trying to overwhelm you when stating that the
- * product of N-bit numbers is 2*N bits wide:-) No, I don't expect
- * you to be impressed when I say that if the compiler doesn't
- * support 2*N integer type, then you have to replace every N*N
- * multiplication with 4 (N/2)*(N/2) accompanied by some shifts
- * and additions which unavoidably results in severe performance
- * penalties. Of course provided that the hardware is capable of
- * producing 2*N result... That's when you normally start
- * considering assembler implementation. However! It should be
- * pointed out that some CPUs (most notably Alpha, PowerPC and
- * upcoming IA-64 family:-) provide *separate* instruction
- * calculating the upper half of the product placing the result
- * into a general purpose register. Now *if* the compiler supports
- * inline assembler, then it's not impossible to implement the
- * "bignum" routines (and have the compiler optimize 'em)
- * exhibiting "native" performance in C. That's what BN_UMULT_HIGH
- * macro is about:-)
- *
- * <appro@fy.chalmers.se>
- */
-# if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
-# if defined(__DECC)
-# include <c_asm.h>
-# define BN_UMULT_HIGH(a,b) (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b))
-# elif defined(__GNUC__) && __GNUC__>=2
-# define BN_UMULT_HIGH(a,b) ({ \
- register BN_ULONG ret; \
- asm ("umulh %1,%2,%0" \
- : "=r"(ret) \
- : "r"(a), "r"(b)); \
- ret; })
-# endif /* compiler */
-# elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG)
-# if defined(__GNUC__) && __GNUC__>=2
-# define BN_UMULT_HIGH(a,b) ({ \
- register BN_ULONG ret; \
- asm ("mulhdu %0,%1,%2" \
- : "=r"(ret) \
- : "r"(a), "r"(b)); \
- ret; })
-# endif /* compiler */
-# elif (defined(__x86_64) || defined(__x86_64__)) && \
- (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
-# if defined(__GNUC__) && __GNUC__>=2
-# define BN_UMULT_HIGH(a,b) ({ \
- register BN_ULONG ret,discard; \
- asm ("mulq %3" \
- : "=a"(discard),"=d"(ret) \
- : "a"(a), "g"(b) \
- : "cc"); \
- ret; })
-# define BN_UMULT_LOHI(low,high,a,b) \
- asm ("mulq %3" \
- : "=a"(low),"=d"(high) \
- : "a"(a),"g"(b) \
- : "cc");
-# endif
-# elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT)
-# if defined(_MSC_VER) && _MSC_VER>=1400
-unsigned __int64 __umulh(unsigned __int64 a, unsigned __int64 b);
-unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
- unsigned __int64 *h);
-# pragma intrinsic(__umulh,_umul128)
-# define BN_UMULT_HIGH(a,b) __umulh((a),(b))
-# define BN_UMULT_LOHI(low,high,a,b) ((low)=_umul128((a),(b),&(high)))
-# endif
-# elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
-# if defined(__GNUC__) && __GNUC__>=2
-# if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4)
- /* "h" constraint is no more since 4.4 */
-# define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64)
-# define BN_UMULT_LOHI(low,high,a,b) ({ \
- __uint128_t ret=(__uint128_t)(a)*(b); \
- (high)=ret>>64; (low)=ret; })
-# else
-# define BN_UMULT_HIGH(a,b) ({ \
- register BN_ULONG ret; \
- asm ("dmultu %1,%2" \
- : "=h"(ret) \
- : "r"(a), "r"(b) : "l"); \
- ret; })
-# define BN_UMULT_LOHI(low,high,a,b)\
- asm ("dmultu %2,%3" \
- : "=l"(low),"=h"(high) \
- : "r"(a), "r"(b));
-# endif
-# endif
-# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
-# if defined(__GNUC__) && __GNUC__>=2
-# define BN_UMULT_HIGH(a,b) ({ \
- register BN_ULONG ret; \
- asm ("umulh %0,%1,%2" \
- : "=r"(ret) \
- : "r"(a), "r"(b)); \
- ret; })
-# endif
-# endif /* cpu */
-# endif /* OPENSSL_NO_ASM */
-
-/*************************************************************
- * Using the long long type
- */
-# define Lw(t) (((BN_ULONG)(t))&BN_MASK2)
-# define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
-
-# ifdef BN_DEBUG_RAND
-# define bn_clear_top2max(a) \
- { \
- int ind = (a)->dmax - (a)->top; \
- BN_ULONG *ftl = &(a)->d[(a)->top-1]; \
- for (; ind != 0; ind--) \
- *(++ftl) = 0x0; \
- }
-# else
-# define bn_clear_top2max(a)
-# endif
-
-# ifdef BN_LLONG
-# define mul_add(r,a,w,c) { \
- BN_ULLONG t; \
- t=(BN_ULLONG)w * (a) + (r) + (c); \
- (r)= Lw(t); \
- (c)= Hw(t); \
- }
-
-# define mul(r,a,w,c) { \
- BN_ULLONG t; \
- t=(BN_ULLONG)w * (a) + (c); \
- (r)= Lw(t); \
- (c)= Hw(t); \
- }
-
-# define sqr(r0,r1,a) { \
- BN_ULLONG t; \
- t=(BN_ULLONG)(a)*(a); \
- (r0)=Lw(t); \
- (r1)=Hw(t); \
- }
-
-# elif defined(BN_UMULT_LOHI)
-# define mul_add(r,a,w,c) { \
- BN_ULONG high,low,ret,tmp=(a); \
- ret = (r); \
- BN_UMULT_LOHI(low,high,w,tmp); \
- ret += (c); \
- (c) = (ret<(c))?1:0; \
- (c) += high; \
- ret += low; \
- (c) += (ret<low)?1:0; \
- (r) = ret; \
- }
-
-# define mul(r,a,w,c) { \
- BN_ULONG high,low,ret,ta=(a); \
- BN_UMULT_LOHI(low,high,w,ta); \
- ret = low + (c); \
- (c) = high; \
- (c) += (ret<low)?1:0; \
- (r) = ret; \
- }
-
-# define sqr(r0,r1,a) { \
- BN_ULONG tmp=(a); \
- BN_UMULT_LOHI(r0,r1,tmp,tmp); \
- }
-
-# elif defined(BN_UMULT_HIGH)
-# define mul_add(r,a,w,c) { \
- BN_ULONG high,low,ret,tmp=(a); \
- ret = (r); \
- high= BN_UMULT_HIGH(w,tmp); \
- ret += (c); \
- low = (w) * tmp; \
- (c) = (ret<(c))?1:0; \
- (c) += high; \
- ret += low; \
- (c) += (ret<low)?1:0; \
- (r) = ret; \
- }
-
-# define mul(r,a,w,c) { \
- BN_ULONG high,low,ret,ta=(a); \
- low = (w) * ta; \
- high= BN_UMULT_HIGH(w,ta); \
- ret = low + (c); \
- (c) = high; \
- (c) += (ret<low)?1:0; \
- (r) = ret; \
- }
-
-# define sqr(r0,r1,a) { \
- BN_ULONG tmp=(a); \
- (r0) = tmp * tmp; \
- (r1) = BN_UMULT_HIGH(tmp,tmp); \
- }
-
-# else
-/*************************************************************
- * No long long type
- */
-
-# define LBITS(a) ((a)&BN_MASK2l)
-# define HBITS(a) (((a)>>BN_BITS4)&BN_MASK2l)
-# define L2HBITS(a) (((a)<<BN_BITS4)&BN_MASK2)
-
-# define LLBITS(a) ((a)&BN_MASKl)
-# define LHBITS(a) (((a)>>BN_BITS2)&BN_MASKl)
-# define LL2HBITS(a) ((BN_ULLONG)((a)&BN_MASKl)<<BN_BITS2)
-
-# define mul64(l,h,bl,bh) \
- { \
- BN_ULONG m,m1,lt,ht; \
- \
- lt=l; \
- ht=h; \
- m =(bh)*(lt); \
- lt=(bl)*(lt); \
- m1=(bl)*(ht); \
- ht =(bh)*(ht); \
- m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS((BN_ULONG)1); \
- ht+=HBITS(m); \
- m1=L2HBITS(m); \
- lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \
- (l)=lt; \
- (h)=ht; \
- }
-
-# define sqr64(lo,ho,in) \
- { \
- BN_ULONG l,h,m; \
- \
- h=(in); \
- l=LBITS(h); \
- h=HBITS(h); \
- m =(l)*(h); \
- l*=l; \
- h*=h; \
- h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
- m =(m&BN_MASK2l)<<(BN_BITS4+1); \
- l=(l+m)&BN_MASK2; if (l < m) h++; \
- (lo)=l; \
- (ho)=h; \
- }
-
-# define mul_add(r,a,bl,bh,c) { \
- BN_ULONG l,h; \
- \
- h= (a); \
- l=LBITS(h); \
- h=HBITS(h); \
- mul64(l,h,(bl),(bh)); \
- \
- /* non-multiply part */ \
- l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
- (c)=(r); \
- l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
- (c)=h&BN_MASK2; \
- (r)=l; \
- }
-
-# define mul(r,a,bl,bh,c) { \
- BN_ULONG l,h; \
- \
- h= (a); \
- l=LBITS(h); \
- h=HBITS(h); \
- mul64(l,h,(bl),(bh)); \
- \
- /* non-multiply part */ \
- l+=(c); if ((l&BN_MASK2) < (c)) h++; \
- (c)=h&BN_MASK2; \
- (r)=l&BN_MASK2; \
- }
-# endif /* !BN_LLONG */
-
-# if defined(OPENSSL_DOING_MAKEDEPEND) && defined(OPENSSL_FIPS)
-# undef bn_div_words
-# endif
-
-void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb);
-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
-void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp);
-void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a);
-void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a);
-int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n);
-int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl);
-void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
- int dna, int dnb, BN_ULONG *t);
-void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
- int n, int tna, int tnb, BN_ULONG *t);
-void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t);
-void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
-void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
- BN_ULONG *t);
-void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
- BN_ULONG *t);
-BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl);
-BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl);
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
- const BN_ULONG *np, const BN_ULONG *n0, int num);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/thirdparty/openssl/crypto/bn/bn_lib.c b/thirdparty/openssl/crypto/bn/bn_lib.c
deleted file mode 100644
index 10b78f5126..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_lib.c
+++ /dev/null
@@ -1,916 +0,0 @@
-/* crypto/bn/bn_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef BN_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <assert.h>
-#include <limits.h>
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT;
-
-/* This stuff appears to be completely unused, so is deprecated */
-#ifndef OPENSSL_NO_DEPRECATED
-/*-
- * For a 32 bit machine
- * 2 - 4 == 128
- * 3 - 8 == 256
- * 4 - 16 == 512
- * 5 - 32 == 1024
- * 6 - 64 == 2048
- * 7 - 128 == 4096
- * 8 - 256 == 8192
- */
-static int bn_limit_bits = 0;
-static int bn_limit_num = 8; /* (1<<bn_limit_bits) */
-static int bn_limit_bits_low = 0;
-static int bn_limit_num_low = 8; /* (1<<bn_limit_bits_low) */
-static int bn_limit_bits_high = 0;
-static int bn_limit_num_high = 8; /* (1<<bn_limit_bits_high) */
-static int bn_limit_bits_mont = 0;
-static int bn_limit_num_mont = 8; /* (1<<bn_limit_bits_mont) */
-
-void BN_set_params(int mult, int high, int low, int mont)
-{
- if (mult >= 0) {
- if (mult > (int)(sizeof(int) * 8) - 1)
- mult = sizeof(int) * 8 - 1;
- bn_limit_bits = mult;
- bn_limit_num = 1 << mult;
- }
- if (high >= 0) {
- if (high > (int)(sizeof(int) * 8) - 1)
- high = sizeof(int) * 8 - 1;
- bn_limit_bits_high = high;
- bn_limit_num_high = 1 << high;
- }
- if (low >= 0) {
- if (low > (int)(sizeof(int) * 8) - 1)
- low = sizeof(int) * 8 - 1;
- bn_limit_bits_low = low;
- bn_limit_num_low = 1 << low;
- }
- if (mont >= 0) {
- if (mont > (int)(sizeof(int) * 8) - 1)
- mont = sizeof(int) * 8 - 1;
- bn_limit_bits_mont = mont;
- bn_limit_num_mont = 1 << mont;
- }
-}
-
-int BN_get_params(int which)
-{
- if (which == 0)
- return (bn_limit_bits);
- else if (which == 1)
- return (bn_limit_bits_high);
- else if (which == 2)
- return (bn_limit_bits_low);
- else if (which == 3)
- return (bn_limit_bits_mont);
- else
- return (0);
-}
-#endif
-
-const BIGNUM *BN_value_one(void)
-{
- static const BN_ULONG data_one = 1L;
- static const BIGNUM const_one =
- { (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA };
-
- return (&const_one);
-}
-
-int BN_num_bits_word(BN_ULONG l)
-{
- static const unsigned char bits[256] = {
- 0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4,
- 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5,
- 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
- 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
- 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
- 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
- 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
- 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
- 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
- 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
- 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
- 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
- };
-
-#if defined(SIXTY_FOUR_BIT_LONG)
- if (l & 0xffffffff00000000L) {
- if (l & 0xffff000000000000L) {
- if (l & 0xff00000000000000L) {
- return (bits[(int)(l >> 56)] + 56);
- } else
- return (bits[(int)(l >> 48)] + 48);
- } else {
- if (l & 0x0000ff0000000000L) {
- return (bits[(int)(l >> 40)] + 40);
- } else
- return (bits[(int)(l >> 32)] + 32);
- }
- } else
-#else
-# ifdef SIXTY_FOUR_BIT
- if (l & 0xffffffff00000000LL) {
- if (l & 0xffff000000000000LL) {
- if (l & 0xff00000000000000LL) {
- return (bits[(int)(l >> 56)] + 56);
- } else
- return (bits[(int)(l >> 48)] + 48);
- } else {
- if (l & 0x0000ff0000000000LL) {
- return (bits[(int)(l >> 40)] + 40);
- } else
- return (bits[(int)(l >> 32)] + 32);
- }
- } else
-# endif
-#endif
- {
-#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
- if (l & 0xffff0000L) {
- if (l & 0xff000000L)
- return (bits[(int)(l >> 24L)] + 24);
- else
- return (bits[(int)(l >> 16L)] + 16);
- } else
-#endif
- {
-#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
- if (l & 0xff00L)
- return (bits[(int)(l >> 8)] + 8);
- else
-#endif
- return (bits[(int)(l)]);
- }
- }
-}
-
-int BN_num_bits(const BIGNUM *a)
-{
- int i = a->top - 1;
- bn_check_top(a);
-
- if (BN_is_zero(a))
- return 0;
- return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
-}
-
-void BN_clear_free(BIGNUM *a)
-{
- int i;
-
- if (a == NULL)
- return;
- bn_check_top(a);
- if (a->d != NULL) {
- OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
- if (!(BN_get_flags(a, BN_FLG_STATIC_DATA)))
- OPENSSL_free(a->d);
- }
- i = BN_get_flags(a, BN_FLG_MALLOCED);
- OPENSSL_cleanse(a, sizeof(BIGNUM));
- if (i)
- OPENSSL_free(a);
-}
-
-void BN_free(BIGNUM *a)
-{
- if (a == NULL)
- return;
- bn_check_top(a);
- if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA)))
- OPENSSL_free(a->d);
- if (a->flags & BN_FLG_MALLOCED)
- OPENSSL_free(a);
- else {
-#ifndef OPENSSL_NO_DEPRECATED
- a->flags |= BN_FLG_FREE;
-#endif
- a->d = NULL;
- }
-}
-
-void BN_init(BIGNUM *a)
-{
- memset(a, 0, sizeof(BIGNUM));
- bn_check_top(a);
-}
-
-BIGNUM *BN_new(void)
-{
- BIGNUM *ret;
-
- if ((ret = (BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) {
- BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
- return (NULL);
- }
- ret->flags = BN_FLG_MALLOCED;
- ret->top = 0;
- ret->neg = 0;
- ret->dmax = 0;
- ret->d = NULL;
- bn_check_top(ret);
- return (ret);
-}
-
-/* This is used both by bn_expand2() and bn_dup_expand() */
-/* The caller MUST check that words > b->dmax before calling this */
-static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
-{
- BN_ULONG *A, *a = NULL;
- const BN_ULONG *B;
- int i;
-
- bn_check_top(b);
-
- if (words > (INT_MAX / (4 * BN_BITS2))) {
- BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
- return NULL;
- }
- if (BN_get_flags(b, BN_FLG_STATIC_DATA)) {
- BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
- return (NULL);
- }
- a = A = (BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG) * words);
- if (A == NULL) {
- BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
- return (NULL);
- }
-#ifdef PURIFY
- /*
- * Valgrind complains in BN_consttime_swap because we process the whole
- * array even if it's not initialised yet. This doesn't matter in that
- * function - what's important is constant time operation (we're not
- * actually going to use the data)
- */
- memset(a, 0, sizeof(BN_ULONG) * words);
-#endif
-
-#if 1
- B = b->d;
- /* Check if the previous number needs to be copied */
- if (B != NULL) {
- for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
- /*
- * The fact that the loop is unrolled
- * 4-wise is a tribute to Intel. It's
- * the one that doesn't have enough
- * registers to accomodate more data.
- * I'd unroll it 8-wise otherwise:-)
- *
- * <appro@fy.chalmers.se>
- */
- BN_ULONG a0, a1, a2, a3;
- a0 = B[0];
- a1 = B[1];
- a2 = B[2];
- a3 = B[3];
- A[0] = a0;
- A[1] = a1;
- A[2] = a2;
- A[3] = a3;
- }
- /*
- * workaround for ultrix cc: without 'case 0', the optimizer does
- * the switch table by doing a=top&3; a--; goto jump_table[a];
- * which fails for top== 0
- */
- switch (b->top & 3) {
- case 3:
- A[2] = B[2];
- case 2:
- A[1] = B[1];
- case 1:
- A[0] = B[0];
- case 0:
- ;
- }
- }
-#else
- memset(A, 0, sizeof(BN_ULONG) * words);
- memcpy(A, b->d, sizeof(b->d[0]) * b->top);
-#endif
-
- return (a);
-}
-
-/*
- * This is an internal function that can be used instead of bn_expand2() when
- * there is a need to copy BIGNUMs instead of only expanding the data part,
- * while still expanding them. Especially useful when needing to expand
- * BIGNUMs that are declared 'const' and should therefore not be changed. The
- * reason to use this instead of a BN_dup() followed by a bn_expand2() is
- * memory allocation overhead. A BN_dup() followed by a bn_expand2() will
- * allocate new memory for the BIGNUM data twice, and free it once, while
- * bn_dup_expand() makes sure allocation is made only once.
- */
-
-#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
-{
- BIGNUM *r = NULL;
-
- bn_check_top(b);
-
- /*
- * This function does not work if words <= b->dmax && top < words because
- * BN_dup() does not preserve 'dmax'! (But bn_dup_expand() is not used
- * anywhere yet.)
- */
-
- if (words > b->dmax) {
- BN_ULONG *a = bn_expand_internal(b, words);
-
- if (a) {
- r = BN_new();
- if (r) {
- r->top = b->top;
- r->dmax = words;
- r->neg = b->neg;
- r->d = a;
- } else {
- /* r == NULL, BN_new failure */
- OPENSSL_free(a);
- }
- }
- /*
- * If a == NULL, there was an error in allocation in
- * bn_expand_internal(), and NULL should be returned
- */
- } else {
- r = BN_dup(b);
- }
-
- bn_check_top(r);
- return r;
-}
-#endif
-
-/*
- * This is an internal function that should not be used in applications. It
- * ensures that 'b' has enough room for a 'words' word number and initialises
- * any unused part of b->d with leading zeros. It is mostly used by the
- * various BIGNUM routines. If there is an error, NULL is returned. If not,
- * 'b' is returned.
- */
-
-BIGNUM *bn_expand2(BIGNUM *b, int words)
-{
- bn_check_top(b);
-
- if (words > b->dmax) {
- BN_ULONG *a = bn_expand_internal(b, words);
- if (!a)
- return NULL;
- if (b->d)
- OPENSSL_free(b->d);
- b->d = a;
- b->dmax = words;
- }
-
-/* None of this should be necessary because of what b->top means! */
-#if 0
- /*
- * NB: bn_wexpand() calls this only if the BIGNUM really has to grow
- */
- if (b->top < b->dmax) {
- int i;
- BN_ULONG *A = &(b->d[b->top]);
- for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) {
- A[0] = 0;
- A[1] = 0;
- A[2] = 0;
- A[3] = 0;
- A[4] = 0;
- A[5] = 0;
- A[6] = 0;
- A[7] = 0;
- }
- for (i = (b->dmax - b->top) & 7; i > 0; i--, A++)
- A[0] = 0;
- assert(A == &(b->d[b->dmax]));
- }
-#endif
- bn_check_top(b);
- return b;
-}
-
-BIGNUM *BN_dup(const BIGNUM *a)
-{
- BIGNUM *t;
-
- if (a == NULL)
- return NULL;
- bn_check_top(a);
-
- t = BN_new();
- if (t == NULL)
- return NULL;
- if (!BN_copy(t, a)) {
- BN_free(t);
- return NULL;
- }
- bn_check_top(t);
- return t;
-}
-
-BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
-{
- int i;
- BN_ULONG *A;
- const BN_ULONG *B;
-
- bn_check_top(b);
-
- if (a == b)
- return (a);
- if (bn_wexpand(a, b->top) == NULL)
- return (NULL);
-
-#if 1
- A = a->d;
- B = b->d;
- for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
- BN_ULONG a0, a1, a2, a3;
- a0 = B[0];
- a1 = B[1];
- a2 = B[2];
- a3 = B[3];
- A[0] = a0;
- A[1] = a1;
- A[2] = a2;
- A[3] = a3;
- }
- /* ultrix cc workaround, see comments in bn_expand_internal */
- switch (b->top & 3) {
- case 3:
- A[2] = B[2];
- case 2:
- A[1] = B[1];
- case 1:
- A[0] = B[0];
- case 0:;
- }
-#else
- memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
-#endif
-
- a->top = b->top;
- a->neg = b->neg;
- bn_check_top(a);
- return (a);
-}
-
-void BN_swap(BIGNUM *a, BIGNUM *b)
-{
- int flags_old_a, flags_old_b;
- BN_ULONG *tmp_d;
- int tmp_top, tmp_dmax, tmp_neg;
-
- bn_check_top(a);
- bn_check_top(b);
-
- flags_old_a = a->flags;
- flags_old_b = b->flags;
-
- tmp_d = a->d;
- tmp_top = a->top;
- tmp_dmax = a->dmax;
- tmp_neg = a->neg;
-
- a->d = b->d;
- a->top = b->top;
- a->dmax = b->dmax;
- a->neg = b->neg;
-
- b->d = tmp_d;
- b->top = tmp_top;
- b->dmax = tmp_dmax;
- b->neg = tmp_neg;
-
- a->flags =
- (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
- b->flags =
- (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
- bn_check_top(a);
- bn_check_top(b);
-}
-
-void BN_clear(BIGNUM *a)
-{
- bn_check_top(a);
- if (a->d != NULL)
- OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
- a->top = 0;
- a->neg = 0;
-}
-
-BN_ULONG BN_get_word(const BIGNUM *a)
-{
- if (a->top > 1)
- return BN_MASK2;
- else if (a->top == 1)
- return a->d[0];
- /* a->top == 0 */
- return 0;
-}
-
-int BN_set_word(BIGNUM *a, BN_ULONG w)
-{
- bn_check_top(a);
- if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL)
- return (0);
- a->neg = 0;
- a->d[0] = w;
- a->top = (w ? 1 : 0);
- bn_check_top(a);
- return (1);
-}
-
-BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
-{
- unsigned int i, m;
- unsigned int n;
- BN_ULONG l;
- BIGNUM *bn = NULL;
-
- if (ret == NULL)
- ret = bn = BN_new();
- if (ret == NULL)
- return (NULL);
- bn_check_top(ret);
- l = 0;
- n = len;
- if (n == 0) {
- ret->top = 0;
- return (ret);
- }
- i = ((n - 1) / BN_BYTES) + 1;
- m = ((n - 1) % (BN_BYTES));
- if (bn_wexpand(ret, (int)i) == NULL) {
- if (bn)
- BN_free(bn);
- return NULL;
- }
- ret->top = i;
- ret->neg = 0;
- while (n--) {
- l = (l << 8L) | *(s++);
- if (m-- == 0) {
- ret->d[--i] = l;
- l = 0;
- m = BN_BYTES - 1;
- }
- }
- /*
- * need to call this due to clear byte at top if avoiding having the top
- * bit set (-ve number)
- */
- bn_correct_top(ret);
- return (ret);
-}
-
-/* ignore negative */
-int BN_bn2bin(const BIGNUM *a, unsigned char *to)
-{
- int n, i;
- BN_ULONG l;
-
- bn_check_top(a);
- n = i = BN_num_bytes(a);
- while (i--) {
- l = a->d[i / BN_BYTES];
- *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
- }
- return (n);
-}
-
-int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
-{
- int i;
- BN_ULONG t1, t2, *ap, *bp;
-
- bn_check_top(a);
- bn_check_top(b);
-
- i = a->top - b->top;
- if (i != 0)
- return (i);
- ap = a->d;
- bp = b->d;
- for (i = a->top - 1; i >= 0; i--) {
- t1 = ap[i];
- t2 = bp[i];
- if (t1 != t2)
- return ((t1 > t2) ? 1 : -1);
- }
- return (0);
-}
-
-int BN_cmp(const BIGNUM *a, const BIGNUM *b)
-{
- int i;
- int gt, lt;
- BN_ULONG t1, t2;
-
- if ((a == NULL) || (b == NULL)) {
- if (a != NULL)
- return (-1);
- else if (b != NULL)
- return (1);
- else
- return (0);
- }
-
- bn_check_top(a);
- bn_check_top(b);
-
- if (a->neg != b->neg) {
- if (a->neg)
- return (-1);
- else
- return (1);
- }
- if (a->neg == 0) {
- gt = 1;
- lt = -1;
- } else {
- gt = -1;
- lt = 1;
- }
-
- if (a->top > b->top)
- return (gt);
- if (a->top < b->top)
- return (lt);
- for (i = a->top - 1; i >= 0; i--) {
- t1 = a->d[i];
- t2 = b->d[i];
- if (t1 > t2)
- return (gt);
- if (t1 < t2)
- return (lt);
- }
- return (0);
-}
-
-int BN_set_bit(BIGNUM *a, int n)
-{
- int i, j, k;
-
- if (n < 0)
- return 0;
-
- i = n / BN_BITS2;
- j = n % BN_BITS2;
- if (a->top <= i) {
- if (bn_wexpand(a, i + 1) == NULL)
- return (0);
- for (k = a->top; k < i + 1; k++)
- a->d[k] = 0;
- a->top = i + 1;
- }
-
- a->d[i] |= (((BN_ULONG)1) << j);
- bn_check_top(a);
- return (1);
-}
-
-int BN_clear_bit(BIGNUM *a, int n)
-{
- int i, j;
-
- bn_check_top(a);
- if (n < 0)
- return 0;
-
- i = n / BN_BITS2;
- j = n % BN_BITS2;
- if (a->top <= i)
- return (0);
-
- a->d[i] &= (~(((BN_ULONG)1) << j));
- bn_correct_top(a);
- return (1);
-}
-
-int BN_is_bit_set(const BIGNUM *a, int n)
-{
- int i, j;
-
- bn_check_top(a);
- if (n < 0)
- return 0;
- i = n / BN_BITS2;
- j = n % BN_BITS2;
- if (a->top <= i)
- return 0;
- return (int)(((a->d[i]) >> j) & ((BN_ULONG)1));
-}
-
-int BN_mask_bits(BIGNUM *a, int n)
-{
- int b, w;
-
- bn_check_top(a);
- if (n < 0)
- return 0;
-
- w = n / BN_BITS2;
- b = n % BN_BITS2;
- if (w >= a->top)
- return 0;
- if (b == 0)
- a->top = w;
- else {
- a->top = w + 1;
- a->d[w] &= ~(BN_MASK2 << b);
- }
- bn_correct_top(a);
- return (1);
-}
-
-void BN_set_negative(BIGNUM *a, int b)
-{
- if (b && !BN_is_zero(a))
- a->neg = 1;
- else
- a->neg = 0;
-}
-
-int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
-{
- int i;
- BN_ULONG aa, bb;
-
- aa = a[n - 1];
- bb = b[n - 1];
- if (aa != bb)
- return ((aa > bb) ? 1 : -1);
- for (i = n - 2; i >= 0; i--) {
- aa = a[i];
- bb = b[i];
- if (aa != bb)
- return ((aa > bb) ? 1 : -1);
- }
- return (0);
-}
-
-/*
- * Here follows a specialised variants of bn_cmp_words(). It has the
- * property of performing the operation on arrays of different sizes. The
- * sizes of those arrays is expressed through cl, which is the common length
- * ( basicall, min(len(a),len(b)) ), and dl, which is the delta between the
- * two lengths, calculated as len(a)-len(b). All lengths are the number of
- * BN_ULONGs...
- */
-
-int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl)
-{
- int n, i;
- n = cl - 1;
-
- if (dl < 0) {
- for (i = dl; i < 0; i++) {
- if (b[n - i] != 0)
- return -1; /* a < b */
- }
- }
- if (dl > 0) {
- for (i = dl; i > 0; i--) {
- if (a[n + i] != 0)
- return 1; /* a > b */
- }
- }
- return bn_cmp_words(a, b, cl);
-}
-
-/*
- * Constant-time conditional swap of a and b.
- * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
- * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
- * and that no more than nwords are used by either a or b.
- * a and b cannot be the same number
- */
-void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
-{
- BN_ULONG t;
- int i;
-
- bn_wcheck_size(a, nwords);
- bn_wcheck_size(b, nwords);
-
- assert(a != b);
- assert((condition & (condition - 1)) == 0);
- assert(sizeof(BN_ULONG) >= sizeof(int));
-
- condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
-
- t = (a->top ^ b->top) & condition;
- a->top ^= t;
- b->top ^= t;
-
-#define BN_CONSTTIME_SWAP(ind) \
- do { \
- t = (a->d[ind] ^ b->d[ind]) & condition; \
- a->d[ind] ^= t; \
- b->d[ind] ^= t; \
- } while (0)
-
- switch (nwords) {
- default:
- for (i = 10; i < nwords; i++)
- BN_CONSTTIME_SWAP(i);
- /* Fallthrough */
- case 10:
- BN_CONSTTIME_SWAP(9); /* Fallthrough */
- case 9:
- BN_CONSTTIME_SWAP(8); /* Fallthrough */
- case 8:
- BN_CONSTTIME_SWAP(7); /* Fallthrough */
- case 7:
- BN_CONSTTIME_SWAP(6); /* Fallthrough */
- case 6:
- BN_CONSTTIME_SWAP(5); /* Fallthrough */
- case 5:
- BN_CONSTTIME_SWAP(4); /* Fallthrough */
- case 4:
- BN_CONSTTIME_SWAP(3); /* Fallthrough */
- case 3:
- BN_CONSTTIME_SWAP(2); /* Fallthrough */
- case 2:
- BN_CONSTTIME_SWAP(1); /* Fallthrough */
- case 1:
- BN_CONSTTIME_SWAP(0);
- }
-#undef BN_CONSTTIME_SWAP
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_mod.c b/thirdparty/openssl/crypto/bn/bn_mod.c
deleted file mode 100644
index ffbce890cf..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_mod.c
+++ /dev/null
@@ -1,316 +0,0 @@
-/* crypto/bn/bn_mod.c */
-/*
- * Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
- * for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#if 0 /* now just a #define */
-int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
-{
- return (BN_div(NULL, rem, m, d, ctx));
- /* note that rem->neg == m->neg (unless the remainder is zero) */
-}
-#endif
-
-int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
-{
- /*
- * like BN_mod, but returns non-negative remainder (i.e., 0 <= r < |d|
- * always holds)
- */
-
- if (!(BN_mod(r, m, d, ctx)))
- return 0;
- if (!r->neg)
- return 1;
- /* now -|d| < r < 0, so we have to set r := r + |d| */
- return (d->neg ? BN_sub : BN_add) (r, r, d);
-}
-
-int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
- BN_CTX *ctx)
-{
- if (!BN_add(r, a, b))
- return 0;
- return BN_nnmod(r, r, m, ctx);
-}
-
-/*
- * BN_mod_add variant that may be used if both a and b are non-negative and
- * less than m
- */
-int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- const BIGNUM *m)
-{
- if (!BN_uadd(r, a, b))
- return 0;
- if (BN_ucmp(r, m) >= 0)
- return BN_usub(r, r, m);
- return 1;
-}
-
-int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
- BN_CTX *ctx)
-{
- if (!BN_sub(r, a, b))
- return 0;
- return BN_nnmod(r, r, m, ctx);
-}
-
-/*
- * BN_mod_sub variant that may be used if both a and b are non-negative and
- * less than m
- */
-int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- const BIGNUM *m)
-{
- if (!BN_sub(r, a, b))
- return 0;
- if (r->neg)
- return BN_add(r, r, m);
- return 1;
-}
-
-/* slow but works */
-int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
- BN_CTX *ctx)
-{
- BIGNUM *t;
- int ret = 0;
-
- bn_check_top(a);
- bn_check_top(b);
- bn_check_top(m);
-
- BN_CTX_start(ctx);
- if ((t = BN_CTX_get(ctx)) == NULL)
- goto err;
- if (a == b) {
- if (!BN_sqr(t, a, ctx))
- goto err;
- } else {
- if (!BN_mul(t, a, b, ctx))
- goto err;
- }
- if (!BN_nnmod(r, t, m, ctx))
- goto err;
- bn_check_top(r);
- ret = 1;
- err:
- BN_CTX_end(ctx);
- return (ret);
-}
-
-int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
-{
- if (!BN_sqr(r, a, ctx))
- return 0;
- /* r->neg == 0, thus we don't need BN_nnmod */
- return BN_mod(r, r, m, ctx);
-}
-
-int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
-{
- if (!BN_lshift1(r, a))
- return 0;
- bn_check_top(r);
- return BN_nnmod(r, r, m, ctx);
-}
-
-/*
- * BN_mod_lshift1 variant that may be used if a is non-negative and less than
- * m
- */
-int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
-{
- if (!BN_lshift1(r, a))
- return 0;
- bn_check_top(r);
- if (BN_cmp(r, m) >= 0)
- return BN_sub(r, r, m);
- return 1;
-}
-
-int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
- BN_CTX *ctx)
-{
- BIGNUM *abs_m = NULL;
- int ret;
-
- if (!BN_nnmod(r, a, m, ctx))
- return 0;
-
- if (m->neg) {
- abs_m = BN_dup(m);
- if (abs_m == NULL)
- return 0;
- abs_m->neg = 0;
- }
-
- ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
- bn_check_top(r);
-
- if (abs_m)
- BN_free(abs_m);
- return ret;
-}
-
-/*
- * BN_mod_lshift variant that may be used if a is non-negative and less than
- * m
- */
-int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
-{
- if (r != a) {
- if (BN_copy(r, a) == NULL)
- return 0;
- }
-
- while (n > 0) {
- int max_shift;
-
- /* 0 < r < m */
- max_shift = BN_num_bits(m) - BN_num_bits(r);
- /* max_shift >= 0 */
-
- if (max_shift < 0) {
- BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
- return 0;
- }
-
- if (max_shift > n)
- max_shift = n;
-
- if (max_shift) {
- if (!BN_lshift(r, r, max_shift))
- return 0;
- n -= max_shift;
- } else {
- if (!BN_lshift1(r, r))
- return 0;
- --n;
- }
-
- /* BN_num_bits(r) <= BN_num_bits(m) */
-
- if (BN_cmp(r, m) >= 0) {
- if (!BN_sub(r, r, m))
- return 0;
- }
- }
- bn_check_top(r);
-
- return 1;
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_mont.c b/thirdparty/openssl/crypto/bn/bn_mont.c
deleted file mode 100644
index be95bd55d0..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_mont.c
+++ /dev/null
@@ -1,558 +0,0 @@
-/* crypto/bn/bn_mont.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * Details about Montgomery multiplication algorithms can be found at
- * http://security.ece.orst.edu/publications.html, e.g.
- * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and
- * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#define MONT_WORD /* use the faster word-based algorithm */
-
-#ifdef MONT_WORD
-static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
-#endif
-
-int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- BN_MONT_CTX *mont, BN_CTX *ctx)
-{
- BIGNUM *tmp;
- int ret = 0;
-#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
- int num = mont->N.top;
-
- if (num > 1 && a->top == num && b->top == num) {
- if (bn_wexpand(r, num) == NULL)
- return (0);
- if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
- r->neg = a->neg ^ b->neg;
- r->top = num;
- bn_correct_top(r);
- return (1);
- }
- }
-#endif
-
- BN_CTX_start(ctx);
- tmp = BN_CTX_get(ctx);
- if (tmp == NULL)
- goto err;
-
- bn_check_top(tmp);
- if (a == b) {
- if (!BN_sqr(tmp, a, ctx))
- goto err;
- } else {
- if (!BN_mul(tmp, a, b, ctx))
- goto err;
- }
- /* reduce from aRR to aR */
-#ifdef MONT_WORD
- if (!BN_from_montgomery_word(r, tmp, mont))
- goto err;
-#else
- if (!BN_from_montgomery(r, tmp, mont, ctx))
- goto err;
-#endif
- bn_check_top(r);
- ret = 1;
- err:
- BN_CTX_end(ctx);
- return (ret);
-}
-
-#ifdef MONT_WORD
-static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
-{
- BIGNUM *n;
- BN_ULONG *ap, *np, *rp, n0, v, carry;
- int nl, max, i;
-
- n = &(mont->N);
- nl = n->top;
- if (nl == 0) {
- ret->top = 0;
- return (1);
- }
-
- max = (2 * nl); /* carry is stored separately */
- if (bn_wexpand(r, max) == NULL)
- return (0);
-
- r->neg ^= n->neg;
- np = n->d;
- rp = r->d;
-
- /* clear the top words of T */
-# if 1
- for (i = r->top; i < max; i++) /* memset? XXX */
- rp[i] = 0;
-# else
- memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG));
-# endif
-
- r->top = max;
- n0 = mont->n0[0];
-
-# ifdef BN_COUNT
- fprintf(stderr, "word BN_from_montgomery_word %d * %d\n", nl, nl);
-# endif
- for (carry = 0, i = 0; i < nl; i++, rp++) {
-# ifdef __TANDEM
- {
- long long t1;
- long long t2;
- long long t3;
- t1 = rp[0] * (n0 & 0177777);
- t2 = 037777600000l;
- t2 = n0 & t2;
- t3 = rp[0] & 0177777;
- t2 = (t3 * t2) & BN_MASK2;
- t1 = t1 + t2;
- v = bn_mul_add_words(rp, np, nl, (BN_ULONG)t1);
- }
-# else
- v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2);
-# endif
- v = (v + carry + rp[nl]) & BN_MASK2;
- carry |= (v != rp[nl]);
- carry &= (v <= rp[nl]);
- rp[nl] = v;
- }
-
- if (bn_wexpand(ret, nl) == NULL)
- return (0);
- ret->top = nl;
- ret->neg = r->neg;
-
- rp = ret->d;
- ap = &(r->d[nl]);
-
-# define BRANCH_FREE 1
-# if BRANCH_FREE
- {
- BN_ULONG *nrp;
- size_t m;
-
- v = bn_sub_words(rp, ap, np, nl) - carry;
- /*
- * if subtraction result is real, then trick unconditional memcpy
- * below to perform in-place "refresh" instead of actual copy.
- */
- m = (0 - (size_t)v);
- nrp =
- (BN_ULONG *)(((PTR_SIZE_INT) rp & ~m) | ((PTR_SIZE_INT) ap & m));
-
- for (i = 0, nl -= 4; i < nl; i += 4) {
- BN_ULONG t1, t2, t3, t4;
-
- t1 = nrp[i + 0];
- t2 = nrp[i + 1];
- t3 = nrp[i + 2];
- ap[i + 0] = 0;
- t4 = nrp[i + 3];
- ap[i + 1] = 0;
- rp[i + 0] = t1;
- ap[i + 2] = 0;
- rp[i + 1] = t2;
- ap[i + 3] = 0;
- rp[i + 2] = t3;
- rp[i + 3] = t4;
- }
- for (nl += 4; i < nl; i++)
- rp[i] = nrp[i], ap[i] = 0;
- }
-# else
- if (bn_sub_words(rp, ap, np, nl) - carry)
- memcpy(rp, ap, nl * sizeof(BN_ULONG));
-# endif
- bn_correct_top(r);
- bn_correct_top(ret);
- bn_check_top(ret);
-
- return (1);
-}
-#endif /* MONT_WORD */
-
-int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
- BN_CTX *ctx)
-{
- int retn = 0;
-#ifdef MONT_WORD
- BIGNUM *t;
-
- BN_CTX_start(ctx);
- if ((t = BN_CTX_get(ctx)) && BN_copy(t, a))
- retn = BN_from_montgomery_word(ret, t, mont);
- BN_CTX_end(ctx);
-#else /* !MONT_WORD */
- BIGNUM *t1, *t2;
-
- BN_CTX_start(ctx);
- t1 = BN_CTX_get(ctx);
- t2 = BN_CTX_get(ctx);
- if (t1 == NULL || t2 == NULL)
- goto err;
-
- if (!BN_copy(t1, a))
- goto err;
- BN_mask_bits(t1, mont->ri);
-
- if (!BN_mul(t2, t1, &mont->Ni, ctx))
- goto err;
- BN_mask_bits(t2, mont->ri);
-
- if (!BN_mul(t1, t2, &mont->N, ctx))
- goto err;
- if (!BN_add(t2, a, t1))
- goto err;
- if (!BN_rshift(ret, t2, mont->ri))
- goto err;
-
- if (BN_ucmp(ret, &(mont->N)) >= 0) {
- if (!BN_usub(ret, ret, &(mont->N)))
- goto err;
- }
- retn = 1;
- bn_check_top(ret);
- err:
- BN_CTX_end(ctx);
-#endif /* MONT_WORD */
- return (retn);
-}
-
-BN_MONT_CTX *BN_MONT_CTX_new(void)
-{
- BN_MONT_CTX *ret;
-
- if ((ret = (BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL)
- return (NULL);
-
- BN_MONT_CTX_init(ret);
- ret->flags = BN_FLG_MALLOCED;
- return (ret);
-}
-
-void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
-{
- ctx->ri = 0;
- BN_init(&(ctx->RR));
- BN_init(&(ctx->N));
- BN_init(&(ctx->Ni));
- ctx->n0[0] = ctx->n0[1] = 0;
- ctx->flags = 0;
-}
-
-void BN_MONT_CTX_free(BN_MONT_CTX *mont)
-{
- if (mont == NULL)
- return;
-
- BN_clear_free(&(mont->RR));
- BN_clear_free(&(mont->N));
- BN_clear_free(&(mont->Ni));
- if (mont->flags & BN_FLG_MALLOCED)
- OPENSSL_free(mont);
-}
-
-int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
-{
- int ret = 0;
- BIGNUM *Ri, *R;
-
- if (BN_is_zero(mod))
- return 0;
-
- BN_CTX_start(ctx);
- if ((Ri = BN_CTX_get(ctx)) == NULL)
- goto err;
- R = &(mont->RR); /* grab RR as a temp */
- if (!BN_copy(&(mont->N), mod))
- goto err; /* Set N */
- mont->N.neg = 0;
-
-#ifdef MONT_WORD
- {
- BIGNUM tmod;
- BN_ULONG buf[2];
-
- BN_init(&tmod);
- tmod.d = buf;
- tmod.dmax = 2;
- tmod.neg = 0;
-
- mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
-
-# if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
- /*
- * Only certain BN_BITS2<=32 platforms actually make use of n0[1],
- * and we could use the #else case (with a shorter R value) for the
- * others. However, currently only the assembler files do know which
- * is which.
- */
-
- BN_zero(R);
- if (!(BN_set_bit(R, 2 * BN_BITS2)))
- goto err;
-
- tmod.top = 0;
- if ((buf[0] = mod->d[0]))
- tmod.top = 1;
- if ((buf[1] = mod->top > 1 ? mod->d[1] : 0))
- tmod.top = 2;
-
- if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
- goto err;
- if (!BN_lshift(Ri, Ri, 2 * BN_BITS2))
- goto err; /* R*Ri */
- if (!BN_is_zero(Ri)) {
- if (!BN_sub_word(Ri, 1))
- goto err;
- } else { /* if N mod word size == 1 */
-
- if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL)
- goto err;
- /* Ri-- (mod double word size) */
- Ri->neg = 0;
- Ri->d[0] = BN_MASK2;
- Ri->d[1] = BN_MASK2;
- Ri->top = 2;
- }
- if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
- goto err;
- /*
- * Ni = (R*Ri-1)/N, keep only couple of least significant words:
- */
- mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
- mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
-# else
- BN_zero(R);
- if (!(BN_set_bit(R, BN_BITS2)))
- goto err; /* R */
-
- buf[0] = mod->d[0]; /* tmod = N mod word size */
- buf[1] = 0;
- tmod.top = buf[0] != 0 ? 1 : 0;
- /* Ri = R^-1 mod N */
- if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
- goto err;
- if (!BN_lshift(Ri, Ri, BN_BITS2))
- goto err; /* R*Ri */
- if (!BN_is_zero(Ri)) {
- if (!BN_sub_word(Ri, 1))
- goto err;
- } else { /* if N mod word size == 1 */
-
- if (!BN_set_word(Ri, BN_MASK2))
- goto err; /* Ri-- (mod word size) */
- }
- if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
- goto err;
- /*
- * Ni = (R*Ri-1)/N, keep only least significant word:
- */
- mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
- mont->n0[1] = 0;
-# endif
- }
-#else /* !MONT_WORD */
- { /* bignum version */
- mont->ri = BN_num_bits(&mont->N);
- BN_zero(R);
- if (!BN_set_bit(R, mont->ri))
- goto err; /* R = 2^ri */
- /* Ri = R^-1 mod N */
- if ((BN_mod_inverse(Ri, R, &mont->N, ctx)) == NULL)
- goto err;
- if (!BN_lshift(Ri, Ri, mont->ri))
- goto err; /* R*Ri */
- if (!BN_sub_word(Ri, 1))
- goto err;
- /*
- * Ni = (R*Ri-1) / N
- */
- if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx))
- goto err;
- }
-#endif
-
- /* setup RR for conversions */
- BN_zero(&(mont->RR));
- if (!BN_set_bit(&(mont->RR), mont->ri * 2))
- goto err;
- if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
- goto err;
-
- ret = 1;
- err:
- BN_CTX_end(ctx);
- return ret;
-}
-
-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
-{
- if (to == from)
- return (to);
-
- if (!BN_copy(&(to->RR), &(from->RR)))
- return NULL;
- if (!BN_copy(&(to->N), &(from->N)))
- return NULL;
- if (!BN_copy(&(to->Ni), &(from->Ni)))
- return NULL;
- to->ri = from->ri;
- to->n0[0] = from->n0[0];
- to->n0[1] = from->n0[1];
- return (to);
-}
-
-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
- const BIGNUM *mod, BN_CTX *ctx)
-{
- BN_MONT_CTX *ret;
-
- CRYPTO_r_lock(lock);
- ret = *pmont;
- CRYPTO_r_unlock(lock);
- if (ret)
- return ret;
-
- /*
- * We don't want to serialise globally while doing our lazy-init math in
- * BN_MONT_CTX_set. That punishes threads that are doing independent
- * things. Instead, punish the case where more than one thread tries to
- * lazy-init the same 'pmont', by having each do the lazy-init math work
- * independently and only use the one from the thread that wins the race
- * (the losers throw away the work they've done).
- */
- ret = BN_MONT_CTX_new();
- if (!ret)
- return NULL;
- if (!BN_MONT_CTX_set(ret, mod, ctx)) {
- BN_MONT_CTX_free(ret);
- return NULL;
- }
-
- /* The locked compare-and-set, after the local work is done. */
- CRYPTO_w_lock(lock);
- if (*pmont) {
- BN_MONT_CTX_free(ret);
- ret = *pmont;
- } else
- *pmont = ret;
- CRYPTO_w_unlock(lock);
- return ret;
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_mpi.c b/thirdparty/openssl/crypto/bn/bn_mpi.c
deleted file mode 100644
index 3bd40bbd2b..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_mpi.c
+++ /dev/null
@@ -1,128 +0,0 @@
-/* crypto/bn/bn_mpi.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
-{
- int bits;
- int num = 0;
- int ext = 0;
- long l;
-
- bits = BN_num_bits(a);
- num = (bits + 7) / 8;
- if (bits > 0) {
- ext = ((bits & 0x07) == 0);
- }
- if (d == NULL)
- return (num + 4 + ext);
-
- l = num + ext;
- d[0] = (unsigned char)(l >> 24) & 0xff;
- d[1] = (unsigned char)(l >> 16) & 0xff;
- d[2] = (unsigned char)(l >> 8) & 0xff;
- d[3] = (unsigned char)(l) & 0xff;
- if (ext)
- d[4] = 0;
- num = BN_bn2bin(a, &(d[4 + ext]));
- if (a->neg)
- d[4] |= 0x80;
- return (num + 4 + ext);
-}
-
-BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
-{
- long len;
- int neg = 0;
-
- if (n < 4) {
- BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
- return (NULL);
- }
- len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int)
- d[3];
- if ((len + 4) != n) {
- BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR);
- return (NULL);
- }
-
- if (a == NULL)
- a = BN_new();
- if (a == NULL)
- return (NULL);
-
- if (len == 0) {
- a->neg = 0;
- a->top = 0;
- return (a);
- }
- d += 4;
- if ((*d) & 0x80)
- neg = 1;
- if (BN_bin2bn(d, (int)len, a) == NULL)
- return (NULL);
- a->neg = neg;
- if (neg) {
- BN_clear_bit(a, BN_num_bits(a) - 1);
- }
- bn_check_top(a);
- return (a);
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_mul.c b/thirdparty/openssl/crypto/bn/bn_mul.c
deleted file mode 100644
index 3c618dc307..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_mul.c
+++ /dev/null
@@ -1,1165 +0,0 @@
-/* crypto/bn/bn_mul.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef BN_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <stdio.h>
-#include <assert.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS)
-/*
- * Here follows specialised variants of bn_add_words() and bn_sub_words().
- * They have the property performing operations on arrays of different sizes.
- * The sizes of those arrays is expressed through cl, which is the common
- * length ( basicall, min(len(a),len(b)) ), and dl, which is the delta
- * between the two lengths, calculated as len(a)-len(b). All lengths are the
- * number of BN_ULONGs... For the operations that require a result array as
- * parameter, it must have the length cl+abs(dl). These functions should
- * probably end up in bn_asm.c as soon as there are assembler counterparts
- * for the systems that use assembler files.
- */
-
-BN_ULONG bn_sub_part_words(BN_ULONG *r,
- const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl)
-{
- BN_ULONG c, t;
-
- assert(cl >= 0);
- c = bn_sub_words(r, a, b, cl);
-
- if (dl == 0)
- return c;
-
- r += cl;
- a += cl;
- b += cl;
-
- if (dl < 0) {
-# ifdef BN_COUNT
- fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl,
- dl, c);
-# endif
- for (;;) {
- t = b[0];
- r[0] = (0 - t - c) & BN_MASK2;
- if (t != 0)
- c = 1;
- if (++dl >= 0)
- break;
-
- t = b[1];
- r[1] = (0 - t - c) & BN_MASK2;
- if (t != 0)
- c = 1;
- if (++dl >= 0)
- break;
-
- t = b[2];
- r[2] = (0 - t - c) & BN_MASK2;
- if (t != 0)
- c = 1;
- if (++dl >= 0)
- break;
-
- t = b[3];
- r[3] = (0 - t - c) & BN_MASK2;
- if (t != 0)
- c = 1;
- if (++dl >= 0)
- break;
-
- b += 4;
- r += 4;
- }
- } else {
- int save_dl = dl;
-# ifdef BN_COUNT
- fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl,
- dl, c);
-# endif
- while (c) {
- t = a[0];
- r[0] = (t - c) & BN_MASK2;
- if (t != 0)
- c = 0;
- if (--dl <= 0)
- break;
-
- t = a[1];
- r[1] = (t - c) & BN_MASK2;
- if (t != 0)
- c = 0;
- if (--dl <= 0)
- break;
-
- t = a[2];
- r[2] = (t - c) & BN_MASK2;
- if (t != 0)
- c = 0;
- if (--dl <= 0)
- break;
-
- t = a[3];
- r[3] = (t - c) & BN_MASK2;
- if (t != 0)
- c = 0;
- if (--dl <= 0)
- break;
-
- save_dl = dl;
- a += 4;
- r += 4;
- }
- if (dl > 0) {
-# ifdef BN_COUNT
- fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n",
- cl, dl);
-# endif
- if (save_dl > dl) {
- switch (save_dl - dl) {
- case 1:
- r[1] = a[1];
- if (--dl <= 0)
- break;
- case 2:
- r[2] = a[2];
- if (--dl <= 0)
- break;
- case 3:
- r[3] = a[3];
- if (--dl <= 0)
- break;
- }
- a += 4;
- r += 4;
- }
- }
- if (dl > 0) {
-# ifdef BN_COUNT
- fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n",
- cl, dl);
-# endif
- for (;;) {
- r[0] = a[0];
- if (--dl <= 0)
- break;
- r[1] = a[1];
- if (--dl <= 0)
- break;
- r[2] = a[2];
- if (--dl <= 0)
- break;
- r[3] = a[3];
- if (--dl <= 0)
- break;
-
- a += 4;
- r += 4;
- }
- }
- }
- return c;
-}
-#endif
-
-BN_ULONG bn_add_part_words(BN_ULONG *r,
- const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl)
-{
- BN_ULONG c, l, t;
-
- assert(cl >= 0);
- c = bn_add_words(r, a, b, cl);
-
- if (dl == 0)
- return c;
-
- r += cl;
- a += cl;
- b += cl;
-
- if (dl < 0) {
- int save_dl = dl;
-#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl,
- dl, c);
-#endif
- while (c) {
- l = (c + b[0]) & BN_MASK2;
- c = (l < c);
- r[0] = l;
- if (++dl >= 0)
- break;
-
- l = (c + b[1]) & BN_MASK2;
- c = (l < c);
- r[1] = l;
- if (++dl >= 0)
- break;
-
- l = (c + b[2]) & BN_MASK2;
- c = (l < c);
- r[2] = l;
- if (++dl >= 0)
- break;
-
- l = (c + b[3]) & BN_MASK2;
- c = (l < c);
- r[3] = l;
- if (++dl >= 0)
- break;
-
- save_dl = dl;
- b += 4;
- r += 4;
- }
- if (dl < 0) {
-#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n",
- cl, dl);
-#endif
- if (save_dl < dl) {
- switch (dl - save_dl) {
- case 1:
- r[1] = b[1];
- if (++dl >= 0)
- break;
- case 2:
- r[2] = b[2];
- if (++dl >= 0)
- break;
- case 3:
- r[3] = b[3];
- if (++dl >= 0)
- break;
- }
- b += 4;
- r += 4;
- }
- }
- if (dl < 0) {
-#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n",
- cl, dl);
-#endif
- for (;;) {
- r[0] = b[0];
- if (++dl >= 0)
- break;
- r[1] = b[1];
- if (++dl >= 0)
- break;
- r[2] = b[2];
- if (++dl >= 0)
- break;
- r[3] = b[3];
- if (++dl >= 0)
- break;
-
- b += 4;
- r += 4;
- }
- }
- } else {
- int save_dl = dl;
-#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl);
-#endif
- while (c) {
- t = (a[0] + c) & BN_MASK2;
- c = (t < c);
- r[0] = t;
- if (--dl <= 0)
- break;
-
- t = (a[1] + c) & BN_MASK2;
- c = (t < c);
- r[1] = t;
- if (--dl <= 0)
- break;
-
- t = (a[2] + c) & BN_MASK2;
- c = (t < c);
- r[2] = t;
- if (--dl <= 0)
- break;
-
- t = (a[3] + c) & BN_MASK2;
- c = (t < c);
- r[3] = t;
- if (--dl <= 0)
- break;
-
- save_dl = dl;
- a += 4;
- r += 4;
- }
-#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl,
- dl);
-#endif
- if (dl > 0) {
- if (save_dl > dl) {
- switch (save_dl - dl) {
- case 1:
- r[1] = a[1];
- if (--dl <= 0)
- break;
- case 2:
- r[2] = a[2];
- if (--dl <= 0)
- break;
- case 3:
- r[3] = a[3];
- if (--dl <= 0)
- break;
- }
- a += 4;
- r += 4;
- }
- }
- if (dl > 0) {
-#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n",
- cl, dl);
-#endif
- for (;;) {
- r[0] = a[0];
- if (--dl <= 0)
- break;
- r[1] = a[1];
- if (--dl <= 0)
- break;
- r[2] = a[2];
- if (--dl <= 0)
- break;
- r[3] = a[3];
- if (--dl <= 0)
- break;
-
- a += 4;
- r += 4;
- }
- }
- }
- return c;
-}
-
-#ifdef BN_RECURSION
-/*
- * Karatsuba recursive multiplication algorithm (cf. Knuth, The Art of
- * Computer Programming, Vol. 2)
- */
-
-/*-
- * r is 2*n2 words in size,
- * a and b are both n2 words in size.
- * n2 must be a power of 2.
- * We multiply and return the result.
- * t must be 2*n2 words in size
- * We calculate
- * a[0]*b[0]
- * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
- * a[1]*b[1]
- */
-/* dnX may not be positive, but n2/2+dnX has to be */
-void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
- int dna, int dnb, BN_ULONG *t)
-{
- int n = n2 / 2, c1, c2;
- int tna = n + dna, tnb = n + dnb;
- unsigned int neg, zero;
- BN_ULONG ln, lo, *p;
-
-# ifdef BN_COUNT
- fprintf(stderr, " bn_mul_recursive %d%+d * %d%+d\n", n2, dna, n2, dnb);
-# endif
-# ifdef BN_MUL_COMBA
-# if 0
- if (n2 == 4) {
- bn_mul_comba4(r, a, b);
- return;
- }
-# endif
- /*
- * Only call bn_mul_comba 8 if n2 == 8 and the two arrays are complete
- * [steve]
- */
- if (n2 == 8 && dna == 0 && dnb == 0) {
- bn_mul_comba8(r, a, b);
- return;
- }
-# endif /* BN_MUL_COMBA */
- /* Else do normal multiply */
- if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) {
- bn_mul_normal(r, a, n2 + dna, b, n2 + dnb);
- if ((dna + dnb) < 0)
- memset(&r[2 * n2 + dna + dnb], 0,
- sizeof(BN_ULONG) * -(dna + dnb));
- return;
- }
- /* r=(a[0]-a[1])*(b[1]-b[0]) */
- c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna);
- c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n);
- zero = neg = 0;
- switch (c1 * 3 + c2) {
- case -4:
- bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
- bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
- break;
- case -3:
- zero = 1;
- break;
- case -2:
- bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
- bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
- neg = 1;
- break;
- case -1:
- case 0:
- case 1:
- zero = 1;
- break;
- case 2:
- bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
- bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
- neg = 1;
- break;
- case 3:
- zero = 1;
- break;
- case 4:
- bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
- bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
- break;
- }
-
-# ifdef BN_MUL_COMBA
- if (n == 4 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba4 could take
- * extra args to do this well */
- if (!zero)
- bn_mul_comba4(&(t[n2]), t, &(t[n]));
- else
- memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG));
-
- bn_mul_comba4(r, a, b);
- bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n]));
- } else if (n == 8 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba8 could
- * take extra args to do
- * this well */
- if (!zero)
- bn_mul_comba8(&(t[n2]), t, &(t[n]));
- else
- memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG));
-
- bn_mul_comba8(r, a, b);
- bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n]));
- } else
-# endif /* BN_MUL_COMBA */
- {
- p = &(t[n2 * 2]);
- if (!zero)
- bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
- else
- memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
- bn_mul_recursive(r, a, b, n, 0, 0, p);
- bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p);
- }
-
- /*-
- * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
- * r[10] holds (a[0]*b[0])
- * r[32] holds (b[1]*b[1])
- */
-
- c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
-
- if (neg) { /* if t[32] is negative */
- c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
- } else {
- /* Might have a carry */
- c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2));
- }
-
- /*-
- * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
- * r[10] holds (a[0]*b[0])
- * r[32] holds (b[1]*b[1])
- * c1 holds the carry bits
- */
- c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
- if (c1) {
- p = &(r[n + n2]);
- lo = *p;
- ln = (lo + c1) & BN_MASK2;
- *p = ln;
-
- /*
- * The overflow will stop before we over write words we should not
- * overwrite
- */
- if (ln < (BN_ULONG)c1) {
- do {
- p++;
- lo = *p;
- ln = (lo + 1) & BN_MASK2;
- *p = ln;
- } while (ln == 0);
- }
- }
-}
-
-/*
- * n+tn is the word length t needs to be n*4 is size, as does r
- */
-/* tnX may not be negative but less than n */
-void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
- int tna, int tnb, BN_ULONG *t)
-{
- int i, j, n2 = n * 2;
- int c1, c2, neg;
- BN_ULONG ln, lo, *p;
-
-# ifdef BN_COUNT
- fprintf(stderr, " bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
- n, tna, n, tnb);
-# endif
- if (n < 8) {
- bn_mul_normal(r, a, n + tna, b, n + tnb);
- return;
- }
-
- /* r=(a[0]-a[1])*(b[1]-b[0]) */
- c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna);
- c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n);
- neg = 0;
- switch (c1 * 3 + c2) {
- case -4:
- bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
- bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
- break;
- case -3:
- /* break; */
- case -2:
- bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
- bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
- neg = 1;
- break;
- case -1:
- case 0:
- case 1:
- /* break; */
- case 2:
- bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
- bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
- neg = 1;
- break;
- case 3:
- /* break; */
- case 4:
- bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
- bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
- break;
- }
- /*
- * The zero case isn't yet implemented here. The speedup would probably
- * be negligible.
- */
-# if 0
- if (n == 4) {
- bn_mul_comba4(&(t[n2]), t, &(t[n]));
- bn_mul_comba4(r, a, b);
- bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn);
- memset(&(r[n2 + tn * 2]), 0, sizeof(BN_ULONG) * (n2 - tn * 2));
- } else
-# endif
- if (n == 8) {
- bn_mul_comba8(&(t[n2]), t, &(t[n]));
- bn_mul_comba8(r, a, b);
- bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
- memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb));
- } else {
- p = &(t[n2 * 2]);
- bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
- bn_mul_recursive(r, a, b, n, 0, 0, p);
- i = n / 2;
- /*
- * If there is only a bottom half to the number, just do it
- */
- if (tna > tnb)
- j = tna - i;
- else
- j = tnb - i;
- if (j == 0) {
- bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]),
- i, tna - i, tnb - i, p);
- memset(&(r[n2 + i * 2]), 0, sizeof(BN_ULONG) * (n2 - i * 2));
- } else if (j > 0) { /* eg, n == 16, i == 8 and tn == 11 */
- bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]),
- i, tna - i, tnb - i, p);
- memset(&(r[n2 + tna + tnb]), 0,
- sizeof(BN_ULONG) * (n2 - tna - tnb));
- } else { /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
-
- memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2);
- if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL
- && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) {
- bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
- } else {
- for (;;) {
- i /= 2;
- /*
- * these simplified conditions work exclusively because
- * difference between tna and tnb is 1 or 0
- */
- if (i < tna || i < tnb) {
- bn_mul_part_recursive(&(r[n2]),
- &(a[n]), &(b[n]),
- i, tna - i, tnb - i, p);
- break;
- } else if (i == tna || i == tnb) {
- bn_mul_recursive(&(r[n2]),
- &(a[n]), &(b[n]),
- i, tna - i, tnb - i, p);
- break;
- }
- }
- }
- }
- }
-
- /*-
- * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
- * r[10] holds (a[0]*b[0])
- * r[32] holds (b[1]*b[1])
- */
-
- c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
-
- if (neg) { /* if t[32] is negative */
- c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
- } else {
- /* Might have a carry */
- c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2));
- }
-
- /*-
- * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
- * r[10] holds (a[0]*b[0])
- * r[32] holds (b[1]*b[1])
- * c1 holds the carry bits
- */
- c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
- if (c1) {
- p = &(r[n + n2]);
- lo = *p;
- ln = (lo + c1) & BN_MASK2;
- *p = ln;
-
- /*
- * The overflow will stop before we over write words we should not
- * overwrite
- */
- if (ln < (BN_ULONG)c1) {
- do {
- p++;
- lo = *p;
- ln = (lo + 1) & BN_MASK2;
- *p = ln;
- } while (ln == 0);
- }
- }
-}
-
-/*-
- * a and b must be the same size, which is n2.
- * r needs to be n2 words and t needs to be n2*2
- */
-void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
- BN_ULONG *t)
-{
- int n = n2 / 2;
-
-# ifdef BN_COUNT
- fprintf(stderr, " bn_mul_low_recursive %d * %d\n", n2, n2);
-# endif
-
- bn_mul_recursive(r, a, b, n, 0, 0, &(t[0]));
- if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) {
- bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2]));
- bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
- bn_mul_low_recursive(&(t[0]), &(a[n]), &(b[0]), n, &(t[n2]));
- bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
- } else {
- bn_mul_low_normal(&(t[0]), &(a[0]), &(b[n]), n);
- bn_mul_low_normal(&(t[n]), &(a[n]), &(b[0]), n);
- bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
- bn_add_words(&(r[n]), &(r[n]), &(t[n]), n);
- }
-}
-
-/*-
- * a and b must be the same size, which is n2.
- * r needs to be n2 words and t needs to be n2*2
- * l is the low words of the output.
- * t needs to be n2*3
- */
-void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
- BN_ULONG *t)
-{
- int i, n;
- int c1, c2;
- int neg, oneg, zero;
- BN_ULONG ll, lc, *lp, *mp;
-
-# ifdef BN_COUNT
- fprintf(stderr, " bn_mul_high %d * %d\n", n2, n2);
-# endif
- n = n2 / 2;
-
- /* Calculate (al-ah)*(bh-bl) */
- neg = zero = 0;
- c1 = bn_cmp_words(&(a[0]), &(a[n]), n);
- c2 = bn_cmp_words(&(b[n]), &(b[0]), n);
- switch (c1 * 3 + c2) {
- case -4:
- bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n);
- bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n);
- break;
- case -3:
- zero = 1;
- break;
- case -2:
- bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n);
- bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n);
- neg = 1;
- break;
- case -1:
- case 0:
- case 1:
- zero = 1;
- break;
- case 2:
- bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n);
- bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n);
- neg = 1;
- break;
- case 3:
- zero = 1;
- break;
- case 4:
- bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n);
- bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n);
- break;
- }
-
- oneg = neg;
- /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
- /* r[10] = (a[1]*b[1]) */
-# ifdef BN_MUL_COMBA
- if (n == 8) {
- bn_mul_comba8(&(t[0]), &(r[0]), &(r[n]));
- bn_mul_comba8(r, &(a[n]), &(b[n]));
- } else
-# endif
- {
- bn_mul_recursive(&(t[0]), &(r[0]), &(r[n]), n, 0, 0, &(t[n2]));
- bn_mul_recursive(r, &(a[n]), &(b[n]), n, 0, 0, &(t[n2]));
- }
-
- /*-
- * s0 == low(al*bl)
- * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
- * We know s0 and s1 so the only unknown is high(al*bl)
- * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
- * high(al*bl) == s1 - (r[0]+l[0]+t[0])
- */
- if (l != NULL) {
- lp = &(t[n2 + n]);
- c1 = (int)(bn_add_words(lp, &(r[0]), &(l[0]), n));
- } else {
- c1 = 0;
- lp = &(r[0]);
- }
-
- if (neg)
- neg = (int)(bn_sub_words(&(t[n2]), lp, &(t[0]), n));
- else {
- bn_add_words(&(t[n2]), lp, &(t[0]), n);
- neg = 0;
- }
-
- if (l != NULL) {
- bn_sub_words(&(t[n2 + n]), &(l[n]), &(t[n2]), n);
- } else {
- lp = &(t[n2 + n]);
- mp = &(t[n2]);
- for (i = 0; i < n; i++)
- lp[i] = ((~mp[i]) + 1) & BN_MASK2;
- }
-
- /*-
- * s[0] = low(al*bl)
- * t[3] = high(al*bl)
- * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
- * r[10] = (a[1]*b[1])
- */
- /*-
- * R[10] = al*bl
- * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
- * R[32] = ah*bh
- */
- /*-
- * R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
- * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
- * R[3]=r[1]+(carry/borrow)
- */
- if (l != NULL) {
- lp = &(t[n2]);
- c1 = (int)(bn_add_words(lp, &(t[n2 + n]), &(l[0]), n));
- } else {
- lp = &(t[n2 + n]);
- c1 = 0;
- }
- c1 += (int)(bn_add_words(&(t[n2]), lp, &(r[0]), n));
- if (oneg)
- c1 -= (int)(bn_sub_words(&(t[n2]), &(t[n2]), &(t[0]), n));
- else
- c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), &(t[0]), n));
-
- c2 = (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n2 + n]), n));
- c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(r[n]), n));
- if (oneg)
- c2 -= (int)(bn_sub_words(&(r[0]), &(r[0]), &(t[n]), n));
- else
- c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n]), n));
-
- if (c1 != 0) { /* Add starting at r[0], could be +ve or -ve */
- i = 0;
- if (c1 > 0) {
- lc = c1;
- do {
- ll = (r[i] + lc) & BN_MASK2;
- r[i++] = ll;
- lc = (lc > ll);
- } while (lc);
- } else {
- lc = -c1;
- do {
- ll = r[i];
- r[i++] = (ll - lc) & BN_MASK2;
- lc = (lc > ll);
- } while (lc);
- }
- }
- if (c2 != 0) { /* Add starting at r[1] */
- i = n;
- if (c2 > 0) {
- lc = c2;
- do {
- ll = (r[i] + lc) & BN_MASK2;
- r[i++] = ll;
- lc = (lc > ll);
- } while (lc);
- } else {
- lc = -c2;
- do {
- ll = r[i];
- r[i++] = (ll - lc) & BN_MASK2;
- lc = (lc > ll);
- } while (lc);
- }
- }
-}
-#endif /* BN_RECURSION */
-
-int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-{
- int ret = 0;
- int top, al, bl;
- BIGNUM *rr;
-#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
- int i;
-#endif
-#ifdef BN_RECURSION
- BIGNUM *t = NULL;
- int j = 0, k;
-#endif
-
-#ifdef BN_COUNT
- fprintf(stderr, "BN_mul %d * %d\n", a->top, b->top);
-#endif
-
- bn_check_top(a);
- bn_check_top(b);
- bn_check_top(r);
-
- al = a->top;
- bl = b->top;
-
- if ((al == 0) || (bl == 0)) {
- BN_zero(r);
- return (1);
- }
- top = al + bl;
-
- BN_CTX_start(ctx);
- if ((r == a) || (r == b)) {
- if ((rr = BN_CTX_get(ctx)) == NULL)
- goto err;
- } else
- rr = r;
- rr->neg = a->neg ^ b->neg;
-
-#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
- i = al - bl;
-#endif
-#ifdef BN_MUL_COMBA
- if (i == 0) {
-# if 0
- if (al == 4) {
- if (bn_wexpand(rr, 8) == NULL)
- goto err;
- rr->top = 8;
- bn_mul_comba4(rr->d, a->d, b->d);
- goto end;
- }
-# endif
- if (al == 8) {
- if (bn_wexpand(rr, 16) == NULL)
- goto err;
- rr->top = 16;
- bn_mul_comba8(rr->d, a->d, b->d);
- goto end;
- }
- }
-#endif /* BN_MUL_COMBA */
-#ifdef BN_RECURSION
- if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) {
- if (i >= -1 && i <= 1) {
- /*
- * Find out the power of two lower or equal to the longest of the
- * two numbers
- */
- if (i >= 0) {
- j = BN_num_bits_word((BN_ULONG)al);
- }
- if (i == -1) {
- j = BN_num_bits_word((BN_ULONG)bl);
- }
- j = 1 << (j - 1);
- assert(j <= al || j <= bl);
- k = j + j;
- t = BN_CTX_get(ctx);
- if (t == NULL)
- goto err;
- if (al > j || bl > j) {
- if (bn_wexpand(t, k * 4) == NULL)
- goto err;
- if (bn_wexpand(rr, k * 4) == NULL)
- goto err;
- bn_mul_part_recursive(rr->d, a->d, b->d,
- j, al - j, bl - j, t->d);
- } else { /* al <= j || bl <= j */
-
- if (bn_wexpand(t, k * 2) == NULL)
- goto err;
- if (bn_wexpand(rr, k * 2) == NULL)
- goto err;
- bn_mul_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d);
- }
- rr->top = top;
- goto end;
- }
-# if 0
- if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) {
- BIGNUM *tmp_bn = (BIGNUM *)b;
- if (bn_wexpand(tmp_bn, al) == NULL)
- goto err;
- tmp_bn->d[bl] = 0;
- bl++;
- i--;
- } else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) {
- BIGNUM *tmp_bn = (BIGNUM *)a;
- if (bn_wexpand(tmp_bn, bl) == NULL)
- goto err;
- tmp_bn->d[al] = 0;
- al++;
- i++;
- }
- if (i == 0) {
- /* symmetric and > 4 */
- /* 16 or larger */
- j = BN_num_bits_word((BN_ULONG)al);
- j = 1 << (j - 1);
- k = j + j;
- t = BN_CTX_get(ctx);
- if (al == j) { /* exact multiple */
- if (bn_wexpand(t, k * 2) == NULL)
- goto err;
- if (bn_wexpand(rr, k * 2) == NULL)
- goto err;
- bn_mul_recursive(rr->d, a->d, b->d, al, t->d);
- } else {
- if (bn_wexpand(t, k * 4) == NULL)
- goto err;
- if (bn_wexpand(rr, k * 4) == NULL)
- goto err;
- bn_mul_part_recursive(rr->d, a->d, b->d, al - j, j, t->d);
- }
- rr->top = top;
- goto end;
- }
-# endif
- }
-#endif /* BN_RECURSION */
- if (bn_wexpand(rr, top) == NULL)
- goto err;
- rr->top = top;
- bn_mul_normal(rr->d, a->d, al, b->d, bl);
-
-#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
- end:
-#endif
- bn_correct_top(rr);
- if (r != rr && BN_copy(r, rr) == NULL)
- goto err;
-
- ret = 1;
- err:
- bn_check_top(r);
- BN_CTX_end(ctx);
- return (ret);
-}
-
-void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
-{
- BN_ULONG *rr;
-
-#ifdef BN_COUNT
- fprintf(stderr, " bn_mul_normal %d * %d\n", na, nb);
-#endif
-
- if (na < nb) {
- int itmp;
- BN_ULONG *ltmp;
-
- itmp = na;
- na = nb;
- nb = itmp;
- ltmp = a;
- a = b;
- b = ltmp;
-
- }
- rr = &(r[na]);
- if (nb <= 0) {
- (void)bn_mul_words(r, a, na, 0);
- return;
- } else
- rr[0] = bn_mul_words(r, a, na, b[0]);
-
- for (;;) {
- if (--nb <= 0)
- return;
- rr[1] = bn_mul_add_words(&(r[1]), a, na, b[1]);
- if (--nb <= 0)
- return;
- rr[2] = bn_mul_add_words(&(r[2]), a, na, b[2]);
- if (--nb <= 0)
- return;
- rr[3] = bn_mul_add_words(&(r[3]), a, na, b[3]);
- if (--nb <= 0)
- return;
- rr[4] = bn_mul_add_words(&(r[4]), a, na, b[4]);
- rr += 4;
- r += 4;
- b += 4;
- }
-}
-
-void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-{
-#ifdef BN_COUNT
- fprintf(stderr, " bn_mul_low_normal %d * %d\n", n, n);
-#endif
- bn_mul_words(r, a, n, b[0]);
-
- for (;;) {
- if (--n <= 0)
- return;
- bn_mul_add_words(&(r[1]), a, n, b[1]);
- if (--n <= 0)
- return;
- bn_mul_add_words(&(r[2]), a, n, b[2]);
- if (--n <= 0)
- return;
- bn_mul_add_words(&(r[3]), a, n, b[3]);
- if (--n <= 0)
- return;
- bn_mul_add_words(&(r[4]), a, n, b[4]);
- r += 4;
- b += 4;
- }
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_nist.c b/thirdparty/openssl/crypto/bn/bn_nist.c
deleted file mode 100644
index 4a45404c6f..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_nist.c
+++ /dev/null
@@ -1,1262 +0,0 @@
-/* crypto/bn/bn_nist.c */
-/*
- * Written by Nils Larsch for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "bn_lcl.h"
-#include "cryptlib.h"
-
-#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2
-#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2
-#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2
-#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2
-#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2
-
-/* pre-computed tables are "carry-less" values of modulus*(i+1) */
-#if BN_BITS2 == 64
-static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
- {0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFFULL},
- {0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL},
- {0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFCULL, 0xFFFFFFFFFFFFFFFFULL}
-};
-
-static const BN_ULONG _nist_p_192_sqr[] = {
- 0x0000000000000001ULL, 0x0000000000000002ULL, 0x0000000000000001ULL,
- 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL
-};
-
-static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
- {0x0000000000000001ULL, 0xFFFFFFFF00000000ULL,
- 0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL},
- {0x0000000000000002ULL, 0xFFFFFFFE00000000ULL,
- 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFFULL} /* this one is
- * "carry-full" */
-};
-
-static const BN_ULONG _nist_p_224_sqr[] = {
- 0x0000000000000001ULL, 0xFFFFFFFE00000000ULL,
- 0xFFFFFFFFFFFFFFFFULL, 0x0000000200000000ULL,
- 0x0000000000000000ULL, 0xFFFFFFFFFFFFFFFEULL,
- 0xFFFFFFFFFFFFFFFFULL
-};
-
-static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
- {0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL,
- 0x0000000000000000ULL, 0xFFFFFFFF00000001ULL},
- {0xFFFFFFFFFFFFFFFEULL, 0x00000001FFFFFFFFULL,
- 0x0000000000000000ULL, 0xFFFFFFFE00000002ULL},
- {0xFFFFFFFFFFFFFFFDULL, 0x00000002FFFFFFFFULL,
- 0x0000000000000000ULL, 0xFFFFFFFD00000003ULL},
- {0xFFFFFFFFFFFFFFFCULL, 0x00000003FFFFFFFFULL,
- 0x0000000000000000ULL, 0xFFFFFFFC00000004ULL},
- {0xFFFFFFFFFFFFFFFBULL, 0x00000004FFFFFFFFULL,
- 0x0000000000000000ULL, 0xFFFFFFFB00000005ULL},
-};
-
-static const BN_ULONG _nist_p_256_sqr[] = {
- 0x0000000000000001ULL, 0xFFFFFFFE00000000ULL,
- 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFEULL,
- 0x00000001FFFFFFFEULL, 0x00000001FFFFFFFEULL,
- 0xFFFFFFFE00000001ULL, 0xFFFFFFFE00000002ULL
-};
-
-static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
- {0x00000000FFFFFFFFULL, 0xFFFFFFFF00000000ULL, 0xFFFFFFFFFFFFFFFEULL,
- 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
- {0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL,
- 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
- {0x00000002FFFFFFFDULL, 0xFFFFFFFD00000000ULL, 0xFFFFFFFFFFFFFFFCULL,
- 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
- {0x00000003FFFFFFFCULL, 0xFFFFFFFC00000000ULL, 0xFFFFFFFFFFFFFFFBULL,
- 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
- {0x00000004FFFFFFFBULL, 0xFFFFFFFB00000000ULL, 0xFFFFFFFFFFFFFFFAULL,
- 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
-};
-
-static const BN_ULONG _nist_p_384_sqr[] = {
- 0xFFFFFFFE00000001ULL, 0x0000000200000000ULL, 0xFFFFFFFE00000000ULL,
- 0x0000000200000000ULL, 0x0000000000000001ULL, 0x0000000000000000ULL,
- 0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL,
- 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL
-};
-
-static const BN_ULONG _nist_p_521[] =
- { 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
- 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
- 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
- 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
- 0x00000000000001FFULL
-};
-
-static const BN_ULONG _nist_p_521_sqr[] = {
- 0x0000000000000001ULL, 0x0000000000000000ULL, 0x0000000000000000ULL,
- 0x0000000000000000ULL, 0x0000000000000000ULL, 0x0000000000000000ULL,
- 0x0000000000000000ULL, 0x0000000000000000ULL, 0xFFFFFFFFFFFFFC00ULL,
- 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
- 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
- 0xFFFFFFFFFFFFFFFFULL, 0x000000000003FFFFULL
-};
-#elif BN_BITS2 == 32
-static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
- {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
- {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
- {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}
-};
-
-static const BN_ULONG _nist_p_192_sqr[] = {
- 0x00000001, 0x00000000, 0x00000002, 0x00000000, 0x00000001, 0x00000000,
- 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
-};
-
-static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
- {0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF,
- 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
- {0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE,
- 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}
-};
-
-static const BN_ULONG _nist_p_224_sqr[] = {
- 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE,
- 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000002,
- 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF,
- 0xFFFFFFFF, 0xFFFFFFFF
-};
-
-static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
- {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000,
- 0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF},
- {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001,
- 0x00000000, 0x00000000, 0x00000002, 0xFFFFFFFE},
- {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002,
- 0x00000000, 0x00000000, 0x00000003, 0xFFFFFFFD},
- {0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003,
- 0x00000000, 0x00000000, 0x00000004, 0xFFFFFFFC},
- {0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000004,
- 0x00000000, 0x00000000, 0x00000005, 0xFFFFFFFB},
-};
-
-static const BN_ULONG _nist_p_256_sqr[] = {
- 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE,
- 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0x00000001,
- 0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001,
- 0x00000001, 0xFFFFFFFE, 0x00000002, 0xFFFFFFFE
-};
-
-static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
- {0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF,
- 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
- {0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF,
- 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
- {0xFFFFFFFD, 0x00000002, 0x00000000, 0xFFFFFFFD, 0xFFFFFFFC, 0xFFFFFFFF,
- 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
- {0xFFFFFFFC, 0x00000003, 0x00000000, 0xFFFFFFFC, 0xFFFFFFFB, 0xFFFFFFFF,
- 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
- {0xFFFFFFFB, 0x00000004, 0x00000000, 0xFFFFFFFB, 0xFFFFFFFA, 0xFFFFFFFF,
- 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
-};
-
-static const BN_ULONG _nist_p_384_sqr[] = {
- 0x00000001, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000000, 0xFFFFFFFE,
- 0x00000000, 0x00000002, 0x00000001, 0x00000000, 0x00000000, 0x00000000,
- 0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF,
- 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
-};
-
-static const BN_ULONG _nist_p_521[] = { 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
- 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
- 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
- 0xFFFFFFFF, 0x000001FF
-};
-
-static const BN_ULONG _nist_p_521_sqr[] = {
- 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
- 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
- 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFC00, 0xFFFFFFFF,
- 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
- 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
- 0xFFFFFFFF, 0xFFFFFFFF, 0x0003FFFF
-};
-#else
-# error "unsupported BN_BITS2"
-#endif
-
-static const BIGNUM _bignum_nist_p_192 = {
- (BN_ULONG *)_nist_p_192[0],
- BN_NIST_192_TOP,
- BN_NIST_192_TOP,
- 0,
- BN_FLG_STATIC_DATA
-};
-
-static const BIGNUM _bignum_nist_p_224 = {
- (BN_ULONG *)_nist_p_224[0],
- BN_NIST_224_TOP,
- BN_NIST_224_TOP,
- 0,
- BN_FLG_STATIC_DATA
-};
-
-static const BIGNUM _bignum_nist_p_256 = {
- (BN_ULONG *)_nist_p_256[0],
- BN_NIST_256_TOP,
- BN_NIST_256_TOP,
- 0,
- BN_FLG_STATIC_DATA
-};
-
-static const BIGNUM _bignum_nist_p_384 = {
- (BN_ULONG *)_nist_p_384[0],
- BN_NIST_384_TOP,
- BN_NIST_384_TOP,
- 0,
- BN_FLG_STATIC_DATA
-};
-
-static const BIGNUM _bignum_nist_p_521 = {
- (BN_ULONG *)_nist_p_521,
- BN_NIST_521_TOP,
- BN_NIST_521_TOP,
- 0,
- BN_FLG_STATIC_DATA
-};
-
-const BIGNUM *BN_get0_nist_prime_192(void)
-{
- return &_bignum_nist_p_192;
-}
-
-const BIGNUM *BN_get0_nist_prime_224(void)
-{
- return &_bignum_nist_p_224;
-}
-
-const BIGNUM *BN_get0_nist_prime_256(void)
-{
- return &_bignum_nist_p_256;
-}
-
-const BIGNUM *BN_get0_nist_prime_384(void)
-{
- return &_bignum_nist_p_384;
-}
-
-const BIGNUM *BN_get0_nist_prime_521(void)
-{
- return &_bignum_nist_p_521;
-}
-
-static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max)
-{
- int i;
-
-#ifdef BN_DEBUG
- OPENSSL_assert(top <= max);
-#endif
- for (i = 0; i < top; i++)
- dst[i] = src[i];
- for (; i < max; i++)
- dst[i] = 0;
-}
-
-static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top)
-{
- int i;
-
- for (i = 0; i < top; i++)
- dst[i] = src[i];
-}
-
-#if BN_BITS2 == 64
-# define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0;
-# define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0;
-/*
- * two following macros are implemented under assumption that they
- * are called in a sequence with *ascending* n, i.e. as they are...
- */
-# define bn_cp_32_naked(to, n, from, m) (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\
- :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l)))
-# define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0));
-# define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n)
-# if defined(L_ENDIAN)
-# if defined(__arch64__)
-# define NIST_INT64 long
-# else
-# define NIST_INT64 long long
-# endif
-# endif
-#else
-# define bn_cp_64(to, n, from, m) \
- { \
- bn_cp_32(to, (n)*2, from, (m)*2); \
- bn_cp_32(to, (n)*2+1, from, (m)*2+1); \
- }
-# define bn_64_set_0(to, n) \
- { \
- bn_32_set_0(to, (n)*2); \
- bn_32_set_0(to, (n)*2+1); \
- }
-# define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0;
-# define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0;
-# if defined(_WIN32) && !defined(__GNUC__)
-# define NIST_INT64 __int64
-# elif defined(BN_LLONG)
-# define NIST_INT64 long long
-# endif
-#endif /* BN_BITS2 != 64 */
-
-#define nist_set_192(to, from, a1, a2, a3) \
- { \
- bn_cp_64(to, 0, from, (a3) - 3) \
- bn_cp_64(to, 1, from, (a2) - 3) \
- bn_cp_64(to, 2, from, (a1) - 3) \
- }
-
-int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
- BN_CTX *ctx)
-{
- int top = a->top, i;
- int carry;
- register BN_ULONG *r_d, *a_d = a->d;
- union {
- BN_ULONG bn[BN_NIST_192_TOP];
- unsigned int ui[BN_NIST_192_TOP * sizeof(BN_ULONG) /
- sizeof(unsigned int)];
- } buf;
- BN_ULONG c_d[BN_NIST_192_TOP], *res;
- PTR_SIZE_INT mask;
- static const BIGNUM _bignum_nist_p_192_sqr = {
- (BN_ULONG *)_nist_p_192_sqr,
- sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]),
- sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]),
- 0, BN_FLG_STATIC_DATA
- };
-
- field = &_bignum_nist_p_192; /* just to make sure */
-
- if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_192_sqr) >= 0)
- return BN_nnmod(r, a, field, ctx);
-
- i = BN_ucmp(field, a);
- if (i == 0) {
- BN_zero(r);
- return 1;
- } else if (i > 0)
- return (r == a) ? 1 : (BN_copy(r, a) != NULL);
-
- if (r != a) {
- if (!bn_wexpand(r, BN_NIST_192_TOP))
- return 0;
- r_d = r->d;
- nist_cp_bn(r_d, a_d, BN_NIST_192_TOP);
- } else
- r_d = a_d;
-
- nist_cp_bn_0(buf.bn, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP,
- BN_NIST_192_TOP);
-
-#if defined(NIST_INT64)
- {
- NIST_INT64 acc; /* accumulator */
- unsigned int *rp = (unsigned int *)r_d;
- const unsigned int *bp = (const unsigned int *)buf.ui;
-
- acc = rp[0];
- acc += bp[3 * 2 - 6];
- acc += bp[5 * 2 - 6];
- rp[0] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[1];
- acc += bp[3 * 2 - 5];
- acc += bp[5 * 2 - 5];
- rp[1] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[2];
- acc += bp[3 * 2 - 6];
- acc += bp[4 * 2 - 6];
- acc += bp[5 * 2 - 6];
- rp[2] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[3];
- acc += bp[3 * 2 - 5];
- acc += bp[4 * 2 - 5];
- acc += bp[5 * 2 - 5];
- rp[3] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[4];
- acc += bp[4 * 2 - 6];
- acc += bp[5 * 2 - 6];
- rp[4] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[5];
- acc += bp[4 * 2 - 5];
- acc += bp[5 * 2 - 5];
- rp[5] = (unsigned int)acc;
-
- carry = (int)(acc >> 32);
- }
-#else
- {
- BN_ULONG t_d[BN_NIST_192_TOP];
-
- nist_set_192(t_d, buf.bn, 0, 3, 3);
- carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
- nist_set_192(t_d, buf.bn, 4, 4, 0);
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
- nist_set_192(t_d, buf.bn, 5, 5, 5)
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
- }
-#endif
- if (carry > 0)
- carry =
- (int)bn_sub_words(r_d, r_d, _nist_p_192[carry - 1],
- BN_NIST_192_TOP);
- else
- carry = 1;
-
- /*
- * we need 'if (carry==0 || result>=modulus) result-=modulus;'
- * as comparison implies subtraction, we can write
- * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
- * this is what happens below, but without explicit if:-) a.
- */
- mask =
- 0 - (PTR_SIZE_INT) bn_sub_words(c_d, r_d, _nist_p_192[0],
- BN_NIST_192_TOP);
- mask &= 0 - (PTR_SIZE_INT) carry;
- res = c_d;
- res = (BN_ULONG *)
- (((PTR_SIZE_INT) res & ~mask) | ((PTR_SIZE_INT) r_d & mask));
- nist_cp_bn(r_d, res, BN_NIST_192_TOP);
- r->top = BN_NIST_192_TOP;
- bn_correct_top(r);
-
- return 1;
-}
-
-typedef BN_ULONG (*bn_addsub_f) (BN_ULONG *, const BN_ULONG *,
- const BN_ULONG *, int);
-
-#define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \
- { \
- bn_cp_32(to, 0, from, (a7) - 7) \
- bn_cp_32(to, 1, from, (a6) - 7) \
- bn_cp_32(to, 2, from, (a5) - 7) \
- bn_cp_32(to, 3, from, (a4) - 7) \
- bn_cp_32(to, 4, from, (a3) - 7) \
- bn_cp_32(to, 5, from, (a2) - 7) \
- bn_cp_32(to, 6, from, (a1) - 7) \
- }
-
-int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
- BN_CTX *ctx)
-{
- int top = a->top, i;
- int carry;
- BN_ULONG *r_d, *a_d = a->d;
- union {
- BN_ULONG bn[BN_NIST_224_TOP];
- unsigned int ui[BN_NIST_224_TOP * sizeof(BN_ULONG) /
- sizeof(unsigned int)];
- } buf;
- BN_ULONG c_d[BN_NIST_224_TOP], *res;
- PTR_SIZE_INT mask;
- union {
- bn_addsub_f f;
- PTR_SIZE_INT p;
- } u;
- static const BIGNUM _bignum_nist_p_224_sqr = {
- (BN_ULONG *)_nist_p_224_sqr,
- sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]),
- sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]),
- 0, BN_FLG_STATIC_DATA
- };
-
- field = &_bignum_nist_p_224; /* just to make sure */
-
- if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_224_sqr) >= 0)
- return BN_nnmod(r, a, field, ctx);
-
- i = BN_ucmp(field, a);
- if (i == 0) {
- BN_zero(r);
- return 1;
- } else if (i > 0)
- return (r == a) ? 1 : (BN_copy(r, a) != NULL);
-
- if (r != a) {
- if (!bn_wexpand(r, BN_NIST_224_TOP))
- return 0;
- r_d = r->d;
- nist_cp_bn(r_d, a_d, BN_NIST_224_TOP);
- } else
- r_d = a_d;
-
-#if BN_BITS2==64
- /* copy upper 256 bits of 448 bit number ... */
- nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP - 1),
- top - (BN_NIST_224_TOP - 1), BN_NIST_224_TOP);
- /* ... and right shift by 32 to obtain upper 224 bits */
- nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8);
- /* truncate lower part to 224 bits too */
- r_d[BN_NIST_224_TOP - 1] &= BN_MASK2l;
-#else
- nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP,
- BN_NIST_224_TOP);
-#endif
-
-#if defined(NIST_INT64) && BN_BITS2!=64
- {
- NIST_INT64 acc; /* accumulator */
- unsigned int *rp = (unsigned int *)r_d;
- const unsigned int *bp = (const unsigned int *)buf.ui;
-
- acc = rp[0];
- acc -= bp[7 - 7];
- acc -= bp[11 - 7];
- rp[0] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[1];
- acc -= bp[8 - 7];
- acc -= bp[12 - 7];
- rp[1] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[2];
- acc -= bp[9 - 7];
- acc -= bp[13 - 7];
- rp[2] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[3];
- acc += bp[7 - 7];
- acc += bp[11 - 7];
- acc -= bp[10 - 7];
- rp[3] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[4];
- acc += bp[8 - 7];
- acc += bp[12 - 7];
- acc -= bp[11 - 7];
- rp[4] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[5];
- acc += bp[9 - 7];
- acc += bp[13 - 7];
- acc -= bp[12 - 7];
- rp[5] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[6];
- acc += bp[10 - 7];
- acc -= bp[13 - 7];
- rp[6] = (unsigned int)acc;
-
- carry = (int)(acc >> 32);
-# if BN_BITS2==64
- rp[7] = carry;
-# endif
- }
-#else
- {
- BN_ULONG t_d[BN_NIST_224_TOP];
-
- nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
- carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
- nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
- nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);
- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
- nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11);
- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-
-# if BN_BITS2==64
- carry = (int)(r_d[BN_NIST_224_TOP - 1] >> 32);
-# endif
- }
-#endif
- u.f = bn_sub_words;
- if (carry > 0) {
- carry =
- (int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1],
- BN_NIST_224_TOP);
-#if BN_BITS2==64
- carry = (int)(~(r_d[BN_NIST_224_TOP - 1] >> 32)) & 1;
-#endif
- } else if (carry < 0) {
- /*
- * it's a bit more comlicated logic in this case. if bn_add_words
- * yields no carry, then result has to be adjusted by unconditionally
- * *adding* the modulus. but if it does, then result has to be
- * compared to the modulus and conditionally adjusted by
- * *subtracting* the latter.
- */
- carry =
- (int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1],
- BN_NIST_224_TOP);
- mask = 0 - (PTR_SIZE_INT) carry;
- u.p = ((PTR_SIZE_INT) bn_sub_words & mask) |
- ((PTR_SIZE_INT) bn_add_words & ~mask);
- } else
- carry = 1;
-
- /* otherwise it's effectively same as in BN_nist_mod_192... */
- mask =
- 0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP);
- mask &= 0 - (PTR_SIZE_INT) carry;
- res = c_d;
- res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
- ((PTR_SIZE_INT) r_d & mask));
- nist_cp_bn(r_d, res, BN_NIST_224_TOP);
- r->top = BN_NIST_224_TOP;
- bn_correct_top(r);
-
- return 1;
-}
-
-#define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \
- { \
- bn_cp_32(to, 0, from, (a8) - 8) \
- bn_cp_32(to, 1, from, (a7) - 8) \
- bn_cp_32(to, 2, from, (a6) - 8) \
- bn_cp_32(to, 3, from, (a5) - 8) \
- bn_cp_32(to, 4, from, (a4) - 8) \
- bn_cp_32(to, 5, from, (a3) - 8) \
- bn_cp_32(to, 6, from, (a2) - 8) \
- bn_cp_32(to, 7, from, (a1) - 8) \
- }
-
-int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
- BN_CTX *ctx)
-{
- int i, top = a->top;
- int carry = 0;
- register BN_ULONG *a_d = a->d, *r_d;
- union {
- BN_ULONG bn[BN_NIST_256_TOP];
- unsigned int ui[BN_NIST_256_TOP * sizeof(BN_ULONG) /
- sizeof(unsigned int)];
- } buf;
- BN_ULONG c_d[BN_NIST_256_TOP], *res;
- PTR_SIZE_INT mask;
- union {
- bn_addsub_f f;
- PTR_SIZE_INT p;
- } u;
- static const BIGNUM _bignum_nist_p_256_sqr = {
- (BN_ULONG *)_nist_p_256_sqr,
- sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]),
- sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]),
- 0, BN_FLG_STATIC_DATA
- };
-
- field = &_bignum_nist_p_256; /* just to make sure */
-
- if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_256_sqr) >= 0)
- return BN_nnmod(r, a, field, ctx);
-
- i = BN_ucmp(field, a);
- if (i == 0) {
- BN_zero(r);
- return 1;
- } else if (i > 0)
- return (r == a) ? 1 : (BN_copy(r, a) != NULL);
-
- if (r != a) {
- if (!bn_wexpand(r, BN_NIST_256_TOP))
- return 0;
- r_d = r->d;
- nist_cp_bn(r_d, a_d, BN_NIST_256_TOP);
- } else
- r_d = a_d;
-
- nist_cp_bn_0(buf.bn, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP,
- BN_NIST_256_TOP);
-
-#if defined(NIST_INT64)
- {
- NIST_INT64 acc; /* accumulator */
- unsigned int *rp = (unsigned int *)r_d;
- const unsigned int *bp = (const unsigned int *)buf.ui;
-
- acc = rp[0];
- acc += bp[8 - 8];
- acc += bp[9 - 8];
- acc -= bp[11 - 8];
- acc -= bp[12 - 8];
- acc -= bp[13 - 8];
- acc -= bp[14 - 8];
- rp[0] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[1];
- acc += bp[9 - 8];
- acc += bp[10 - 8];
- acc -= bp[12 - 8];
- acc -= bp[13 - 8];
- acc -= bp[14 - 8];
- acc -= bp[15 - 8];
- rp[1] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[2];
- acc += bp[10 - 8];
- acc += bp[11 - 8];
- acc -= bp[13 - 8];
- acc -= bp[14 - 8];
- acc -= bp[15 - 8];
- rp[2] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[3];
- acc += bp[11 - 8];
- acc += bp[11 - 8];
- acc += bp[12 - 8];
- acc += bp[12 - 8];
- acc += bp[13 - 8];
- acc -= bp[15 - 8];
- acc -= bp[8 - 8];
- acc -= bp[9 - 8];
- rp[3] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[4];
- acc += bp[12 - 8];
- acc += bp[12 - 8];
- acc += bp[13 - 8];
- acc += bp[13 - 8];
- acc += bp[14 - 8];
- acc -= bp[9 - 8];
- acc -= bp[10 - 8];
- rp[4] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[5];
- acc += bp[13 - 8];
- acc += bp[13 - 8];
- acc += bp[14 - 8];
- acc += bp[14 - 8];
- acc += bp[15 - 8];
- acc -= bp[10 - 8];
- acc -= bp[11 - 8];
- rp[5] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[6];
- acc += bp[14 - 8];
- acc += bp[14 - 8];
- acc += bp[15 - 8];
- acc += bp[15 - 8];
- acc += bp[14 - 8];
- acc += bp[13 - 8];
- acc -= bp[8 - 8];
- acc -= bp[9 - 8];
- rp[6] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[7];
- acc += bp[15 - 8];
- acc += bp[15 - 8];
- acc += bp[15 - 8];
- acc += bp[8 - 8];
- acc -= bp[10 - 8];
- acc -= bp[11 - 8];
- acc -= bp[12 - 8];
- acc -= bp[13 - 8];
- rp[7] = (unsigned int)acc;
-
- carry = (int)(acc >> 32);
- }
-#else
- {
- BN_ULONG t_d[BN_NIST_256_TOP];
-
- /*
- * S1
- */
- nist_set_256(t_d, buf.bn, 15, 14, 13, 12, 11, 0, 0, 0);
- /*
- * S2
- */
- nist_set_256(c_d, buf.bn, 0, 15, 14, 13, 12, 0, 0, 0);
- carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP);
- /* left shift */
- {
- register BN_ULONG *ap, t, c;
- ap = t_d;
- c = 0;
- for (i = BN_NIST_256_TOP; i != 0; --i) {
- t = *ap;
- *(ap++) = ((t << 1) | c) & BN_MASK2;
- c = (t & BN_TBIT) ? 1 : 0;
- }
- carry <<= 1;
- carry |= c;
- }
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
- /*
- * S3
- */
- nist_set_256(t_d, buf.bn, 15, 14, 0, 0, 0, 10, 9, 8);
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
- /*
- * S4
- */
- nist_set_256(t_d, buf.bn, 8, 13, 15, 14, 13, 11, 10, 9);
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
- /*
- * D1
- */
- nist_set_256(t_d, buf.bn, 10, 8, 0, 0, 0, 13, 12, 11);
- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
- /*
- * D2
- */
- nist_set_256(t_d, buf.bn, 11, 9, 0, 0, 15, 14, 13, 12);
- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
- /*
- * D3
- */
- nist_set_256(t_d, buf.bn, 12, 0, 10, 9, 8, 15, 14, 13);
- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
- /*
- * D4
- */
- nist_set_256(t_d, buf.bn, 13, 0, 11, 10, 9, 0, 15, 14);
- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
-
- }
-#endif
- /* see BN_nist_mod_224 for explanation */
- u.f = bn_sub_words;
- if (carry > 0)
- carry =
- (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1],
- BN_NIST_256_TOP);
- else if (carry < 0) {
- carry =
- (int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1],
- BN_NIST_256_TOP);
- mask = 0 - (PTR_SIZE_INT) carry;
- u.p = ((PTR_SIZE_INT) bn_sub_words & mask) |
- ((PTR_SIZE_INT) bn_add_words & ~mask);
- } else
- carry = 1;
-
- mask =
- 0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP);
- mask &= 0 - (PTR_SIZE_INT) carry;
- res = c_d;
- res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
- ((PTR_SIZE_INT) r_d & mask));
- nist_cp_bn(r_d, res, BN_NIST_256_TOP);
- r->top = BN_NIST_256_TOP;
- bn_correct_top(r);
-
- return 1;
-}
-
-#define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \
- { \
- bn_cp_32(to, 0, from, (a12) - 12) \
- bn_cp_32(to, 1, from, (a11) - 12) \
- bn_cp_32(to, 2, from, (a10) - 12) \
- bn_cp_32(to, 3, from, (a9) - 12) \
- bn_cp_32(to, 4, from, (a8) - 12) \
- bn_cp_32(to, 5, from, (a7) - 12) \
- bn_cp_32(to, 6, from, (a6) - 12) \
- bn_cp_32(to, 7, from, (a5) - 12) \
- bn_cp_32(to, 8, from, (a4) - 12) \
- bn_cp_32(to, 9, from, (a3) - 12) \
- bn_cp_32(to, 10, from, (a2) - 12) \
- bn_cp_32(to, 11, from, (a1) - 12) \
- }
-
-int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
- BN_CTX *ctx)
-{
- int i, top = a->top;
- int carry = 0;
- register BN_ULONG *r_d, *a_d = a->d;
- union {
- BN_ULONG bn[BN_NIST_384_TOP];
- unsigned int ui[BN_NIST_384_TOP * sizeof(BN_ULONG) /
- sizeof(unsigned int)];
- } buf;
- BN_ULONG c_d[BN_NIST_384_TOP], *res;
- PTR_SIZE_INT mask;
- union {
- bn_addsub_f f;
- PTR_SIZE_INT p;
- } u;
- static const BIGNUM _bignum_nist_p_384_sqr = {
- (BN_ULONG *)_nist_p_384_sqr,
- sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]),
- sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]),
- 0, BN_FLG_STATIC_DATA
- };
-
- field = &_bignum_nist_p_384; /* just to make sure */
-
- if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_384_sqr) >= 0)
- return BN_nnmod(r, a, field, ctx);
-
- i = BN_ucmp(field, a);
- if (i == 0) {
- BN_zero(r);
- return 1;
- } else if (i > 0)
- return (r == a) ? 1 : (BN_copy(r, a) != NULL);
-
- if (r != a) {
- if (!bn_wexpand(r, BN_NIST_384_TOP))
- return 0;
- r_d = r->d;
- nist_cp_bn(r_d, a_d, BN_NIST_384_TOP);
- } else
- r_d = a_d;
-
- nist_cp_bn_0(buf.bn, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP,
- BN_NIST_384_TOP);
-
-#if defined(NIST_INT64)
- {
- NIST_INT64 acc; /* accumulator */
- unsigned int *rp = (unsigned int *)r_d;
- const unsigned int *bp = (const unsigned int *)buf.ui;
-
- acc = rp[0];
- acc += bp[12 - 12];
- acc += bp[21 - 12];
- acc += bp[20 - 12];
- acc -= bp[23 - 12];
- rp[0] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[1];
- acc += bp[13 - 12];
- acc += bp[22 - 12];
- acc += bp[23 - 12];
- acc -= bp[12 - 12];
- acc -= bp[20 - 12];
- rp[1] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[2];
- acc += bp[14 - 12];
- acc += bp[23 - 12];
- acc -= bp[13 - 12];
- acc -= bp[21 - 12];
- rp[2] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[3];
- acc += bp[15 - 12];
- acc += bp[12 - 12];
- acc += bp[20 - 12];
- acc += bp[21 - 12];
- acc -= bp[14 - 12];
- acc -= bp[22 - 12];
- acc -= bp[23 - 12];
- rp[3] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[4];
- acc += bp[21 - 12];
- acc += bp[21 - 12];
- acc += bp[16 - 12];
- acc += bp[13 - 12];
- acc += bp[12 - 12];
- acc += bp[20 - 12];
- acc += bp[22 - 12];
- acc -= bp[15 - 12];
- acc -= bp[23 - 12];
- acc -= bp[23 - 12];
- rp[4] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[5];
- acc += bp[22 - 12];
- acc += bp[22 - 12];
- acc += bp[17 - 12];
- acc += bp[14 - 12];
- acc += bp[13 - 12];
- acc += bp[21 - 12];
- acc += bp[23 - 12];
- acc -= bp[16 - 12];
- rp[5] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[6];
- acc += bp[23 - 12];
- acc += bp[23 - 12];
- acc += bp[18 - 12];
- acc += bp[15 - 12];
- acc += bp[14 - 12];
- acc += bp[22 - 12];
- acc -= bp[17 - 12];
- rp[6] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[7];
- acc += bp[19 - 12];
- acc += bp[16 - 12];
- acc += bp[15 - 12];
- acc += bp[23 - 12];
- acc -= bp[18 - 12];
- rp[7] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[8];
- acc += bp[20 - 12];
- acc += bp[17 - 12];
- acc += bp[16 - 12];
- acc -= bp[19 - 12];
- rp[8] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[9];
- acc += bp[21 - 12];
- acc += bp[18 - 12];
- acc += bp[17 - 12];
- acc -= bp[20 - 12];
- rp[9] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[10];
- acc += bp[22 - 12];
- acc += bp[19 - 12];
- acc += bp[18 - 12];
- acc -= bp[21 - 12];
- rp[10] = (unsigned int)acc;
- acc >>= 32;
-
- acc += rp[11];
- acc += bp[23 - 12];
- acc += bp[20 - 12];
- acc += bp[19 - 12];
- acc -= bp[22 - 12];
- rp[11] = (unsigned int)acc;
-
- carry = (int)(acc >> 32);
- }
-#else
- {
- BN_ULONG t_d[BN_NIST_384_TOP];
-
- /*
- * S1
- */
- nist_set_256(t_d, buf.bn, 0, 0, 0, 0, 0, 23 - 4, 22 - 4, 21 - 4);
- /* left shift */
- {
- register BN_ULONG *ap, t, c;
- ap = t_d;
- c = 0;
- for (i = 3; i != 0; --i) {
- t = *ap;
- *(ap++) = ((t << 1) | c) & BN_MASK2;
- c = (t & BN_TBIT) ? 1 : 0;
- }
- *ap = c;
- }
- carry =
- (int)bn_add_words(r_d + (128 / BN_BITS2), r_d + (128 / BN_BITS2),
- t_d, BN_NIST_256_TOP);
- /*
- * S2
- */
- carry += (int)bn_add_words(r_d, r_d, buf.bn, BN_NIST_384_TOP);
- /*
- * S3
- */
- nist_set_384(t_d, buf.bn, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23, 22,
- 21);
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
- /*
- * S4
- */
- nist_set_384(t_d, buf.bn, 19, 18, 17, 16, 15, 14, 13, 12, 20, 0, 23,
- 0);
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
- /*
- * S5
- */
- nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 23, 22, 21, 20, 0, 0, 0, 0);
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
- /*
- * S6
- */
- nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 23, 22, 21, 0, 0, 20);
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
- /*
- * D1
- */
- nist_set_384(t_d, buf.bn, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12,
- 23);
- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
- /*
- * D2
- */
- nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 0, 23, 22, 21, 20, 0);
- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
- /*
- * D3
- */
- nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 0, 23, 23, 0, 0, 0);
- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
-
- }
-#endif
- /* see BN_nist_mod_224 for explanation */
- u.f = bn_sub_words;
- if (carry > 0)
- carry =
- (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1],
- BN_NIST_384_TOP);
- else if (carry < 0) {
- carry =
- (int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1],
- BN_NIST_384_TOP);
- mask = 0 - (PTR_SIZE_INT) carry;
- u.p = ((PTR_SIZE_INT) bn_sub_words & mask) |
- ((PTR_SIZE_INT) bn_add_words & ~mask);
- } else
- carry = 1;
-
- mask =
- 0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP);
- mask &= 0 - (PTR_SIZE_INT) carry;
- res = c_d;
- res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
- ((PTR_SIZE_INT) r_d & mask));
- nist_cp_bn(r_d, res, BN_NIST_384_TOP);
- r->top = BN_NIST_384_TOP;
- bn_correct_top(r);
-
- return 1;
-}
-
-#define BN_NIST_521_RSHIFT (521%BN_BITS2)
-#define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT)
-#define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT)
-
-int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
- BN_CTX *ctx)
-{
- int top = a->top, i;
- BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res;
- PTR_SIZE_INT mask;
- static const BIGNUM _bignum_nist_p_521_sqr = {
- (BN_ULONG *)_nist_p_521_sqr,
- sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]),
- sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]),
- 0, BN_FLG_STATIC_DATA
- };
-
- field = &_bignum_nist_p_521; /* just to make sure */
-
- if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_521_sqr) >= 0)
- return BN_nnmod(r, a, field, ctx);
-
- i = BN_ucmp(field, a);
- if (i == 0) {
- BN_zero(r);
- return 1;
- } else if (i > 0)
- return (r == a) ? 1 : (BN_copy(r, a) != NULL);
-
- if (r != a) {
- if (!bn_wexpand(r, BN_NIST_521_TOP))
- return 0;
- r_d = r->d;
- nist_cp_bn(r_d, a_d, BN_NIST_521_TOP);
- } else
- r_d = a_d;
-
- /* upper 521 bits, copy ... */
- nist_cp_bn_0(t_d, a_d + (BN_NIST_521_TOP - 1),
- top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP);
- /* ... and right shift */
- for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) {
- t_d[i] = (val >> BN_NIST_521_RSHIFT |
- (tmp = t_d[i + 1]) << BN_NIST_521_LSHIFT) & BN_MASK2;
- val = tmp;
- }
- t_d[i] = val >> BN_NIST_521_RSHIFT;
- /* lower 521 bits */
- r_d[i] &= BN_NIST_521_TOP_MASK;
-
- bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP);
- mask =
- 0 - (PTR_SIZE_INT) bn_sub_words(t_d, r_d, _nist_p_521,
- BN_NIST_521_TOP);
- res = t_d;
- res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
- ((PTR_SIZE_INT) r_d & mask));
- nist_cp_bn(r_d, res, BN_NIST_521_TOP);
- r->top = BN_NIST_521_TOP;
- bn_correct_top(r);
-
- return 1;
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_prime.c b/thirdparty/openssl/crypto/bn/bn_prime.c
deleted file mode 100644
index e911e15785..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_prime.c
+++ /dev/null
@@ -1,504 +0,0 @@
-/* crypto/bn/bn_prime.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-#include <openssl/rand.h>
-
-/*
- * NB: these functions have been "upgraded", the deprecated versions (which
- * are compatibility wrappers using these functions) are in bn_depr.c. -
- * Geoff
- */
-
-/*
- * The quick sieve algorithm approach to weeding out primes is Philip
- * Zimmermann's, as implemented in PGP. I have had a read of his comments
- * and implemented my own version.
- */
-#include "bn_prime.h"
-
-static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
- const BIGNUM *a1_odd, int k, BN_CTX *ctx,
- BN_MONT_CTX *mont);
-static int probable_prime(BIGNUM *rnd, int bits);
-static int probable_prime_dh(BIGNUM *rnd, int bits,
- const BIGNUM *add, const BIGNUM *rem,
- BN_CTX *ctx);
-static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add,
- const BIGNUM *rem, BN_CTX *ctx);
-
-int BN_GENCB_call(BN_GENCB *cb, int a, int b)
-{
- /* No callback means continue */
- if (!cb)
- return 1;
- switch (cb->ver) {
- case 1:
- /* Deprecated-style callbacks */
- if (!cb->cb.cb_1)
- return 1;
- cb->cb.cb_1(a, b, cb->arg);
- return 1;
- case 2:
- /* New-style callbacks */
- return cb->cb.cb_2(a, b, cb);
- default:
- break;
- }
- /* Unrecognised callback type */
- return 0;
-}
-
-int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
- const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
-{
- BIGNUM *t;
- int found = 0;
- int i, j, c1 = 0;
- BN_CTX *ctx;
- int checks = BN_prime_checks_for_size(bits);
-
- ctx = BN_CTX_new();
- if (ctx == NULL)
- goto err;
- BN_CTX_start(ctx);
- t = BN_CTX_get(ctx);
- if (!t)
- goto err;
- loop:
- /* make a random number and set the top and bottom bits */
- if (add == NULL) {
- if (!probable_prime(ret, bits))
- goto err;
- } else {
- if (safe) {
- if (!probable_prime_dh_safe(ret, bits, add, rem, ctx))
- goto err;
- } else {
- if (!probable_prime_dh(ret, bits, add, rem, ctx))
- goto err;
- }
- }
- /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */
- if (!BN_GENCB_call(cb, 0, c1++))
- /* aborted */
- goto err;
-
- if (!safe) {
- i = BN_is_prime_fasttest_ex(ret, checks, ctx, 0, cb);
- if (i == -1)
- goto err;
- if (i == 0)
- goto loop;
- } else {
- /*
- * for "safe prime" generation, check that (p-1)/2 is prime. Since a
- * prime is odd, We just need to divide by 2
- */
- if (!BN_rshift1(t, ret))
- goto err;
-
- for (i = 0; i < checks; i++) {
- j = BN_is_prime_fasttest_ex(ret, 1, ctx, 0, cb);
- if (j == -1)
- goto err;
- if (j == 0)
- goto loop;
-
- j = BN_is_prime_fasttest_ex(t, 1, ctx, 0, cb);
- if (j == -1)
- goto err;
- if (j == 0)
- goto loop;
-
- if (!BN_GENCB_call(cb, 2, c1 - 1))
- goto err;
- /* We have a safe prime test pass */
- }
- }
- /* we have a prime :-) */
- found = 1;
- err:
- if (ctx != NULL) {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- bn_check_top(ret);
- return found;
-}
-
-int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
- BN_GENCB *cb)
-{
- return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);
-}
-
-int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
- int do_trial_division, BN_GENCB *cb)
-{
- int i, j, ret = -1;
- int k;
- BN_CTX *ctx = NULL;
- BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
- BN_MONT_CTX *mont = NULL;
-
- if (BN_cmp(a, BN_value_one()) <= 0)
- return 0;
-
- if (checks == BN_prime_checks)
- checks = BN_prime_checks_for_size(BN_num_bits(a));
-
- /* first look for small factors */
- if (!BN_is_odd(a))
- /* a is even => a is prime if and only if a == 2 */
- return BN_is_word(a, 2);
- if (do_trial_division) {
- for (i = 1; i < NUMPRIMES; i++)
- if (BN_mod_word(a, primes[i]) == 0)
- return 0;
- if (!BN_GENCB_call(cb, 1, -1))
- goto err;
- }
-
- if (ctx_passed != NULL)
- ctx = ctx_passed;
- else if ((ctx = BN_CTX_new()) == NULL)
- goto err;
- BN_CTX_start(ctx);
-
- A1 = BN_CTX_get(ctx);
- A1_odd = BN_CTX_get(ctx);
- check = BN_CTX_get(ctx);
- if (check == NULL)
- goto err;
-
- /* compute A1 := a - 1 */
- if (!BN_copy(A1, a))
- goto err;
- if (!BN_sub_word(A1, 1))
- goto err;
- if (BN_is_zero(A1)) {
- ret = 0;
- goto err;
- }
-
- /* write A1 as A1_odd * 2^k */
- k = 1;
- while (!BN_is_bit_set(A1, k))
- k++;
- if (!BN_rshift(A1_odd, A1, k))
- goto err;
-
- /* Montgomery setup for computations mod a */
- mont = BN_MONT_CTX_new();
- if (mont == NULL)
- goto err;
- if (!BN_MONT_CTX_set(mont, a, ctx))
- goto err;
-
- for (i = 0; i < checks; i++) {
- if (!BN_pseudo_rand_range(check, A1))
- goto err;
- if (!BN_add_word(check, 1))
- goto err;
- /* now 1 <= check < a */
-
- j = witness(check, a, A1, A1_odd, k, ctx, mont);
- if (j == -1)
- goto err;
- if (j) {
- ret = 0;
- goto err;
- }
- if (!BN_GENCB_call(cb, 1, i))
- goto err;
- }
- ret = 1;
- err:
- if (ctx != NULL) {
- BN_CTX_end(ctx);
- if (ctx_passed == NULL)
- BN_CTX_free(ctx);
- }
- if (mont != NULL)
- BN_MONT_CTX_free(mont);
-
- return (ret);
-}
-
-static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
- const BIGNUM *a1_odd, int k, BN_CTX *ctx,
- BN_MONT_CTX *mont)
-{
- if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */
- return -1;
- if (BN_is_one(w))
- return 0; /* probably prime */
- if (BN_cmp(w, a1) == 0)
- return 0; /* w == -1 (mod a), 'a' is probably prime */
- while (--k) {
- if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */
- return -1;
- if (BN_is_one(w))
- return 1; /* 'a' is composite, otherwise a previous 'w'
- * would have been == -1 (mod 'a') */
- if (BN_cmp(w, a1) == 0)
- return 0; /* w == -1 (mod a), 'a' is probably prime */
- }
- /*
- * If we get here, 'w' is the (a-1)/2-th power of the original 'w', and
- * it is neither -1 nor +1 -- so 'a' cannot be prime
- */
- bn_check_top(w);
- return 1;
-}
-
-static int probable_prime(BIGNUM *rnd, int bits)
-{
- int i;
- prime_t mods[NUMPRIMES];
- BN_ULONG delta, maxdelta;
-
- again:
- if (!BN_rand(rnd, bits, 1, 1))
- return (0);
- /* we now have a random number 'rand' to test. */
- for (i = 1; i < NUMPRIMES; i++)
- mods[i] = (prime_t) BN_mod_word(rnd, (BN_ULONG)primes[i]);
- maxdelta = BN_MASK2 - primes[NUMPRIMES - 1];
- delta = 0;
- loop:for (i = 1; i < NUMPRIMES; i++) {
- /*
- * check that rnd is not a prime and also that gcd(rnd-1,primes) == 1
- * (except for 2)
- */
- if (((mods[i] + delta) % primes[i]) <= 1) {
- delta += 2;
- if (delta > maxdelta)
- goto again;
- goto loop;
- }
- }
- if (!BN_add_word(rnd, delta))
- return (0);
- bn_check_top(rnd);
- return (1);
-}
-
-static int probable_prime_dh(BIGNUM *rnd, int bits,
- const BIGNUM *add, const BIGNUM *rem,
- BN_CTX *ctx)
-{
- int i, ret = 0;
- BIGNUM *t1;
-
- BN_CTX_start(ctx);
- if ((t1 = BN_CTX_get(ctx)) == NULL)
- goto err;
-
- if (!BN_rand(rnd, bits, 0, 1))
- goto err;
-
- /* we need ((rnd-rem) % add) == 0 */
-
- if (!BN_mod(t1, rnd, add, ctx))
- goto err;
- if (!BN_sub(rnd, rnd, t1))
- goto err;
- if (rem == NULL) {
- if (!BN_add_word(rnd, 1))
- goto err;
- } else {
- if (!BN_add(rnd, rnd, rem))
- goto err;
- }
-
- /* we now have a random number 'rand' to test. */
-
- loop:for (i = 1; i < NUMPRIMES; i++) {
- /* check that rnd is a prime */
- if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) {
- if (!BN_add(rnd, rnd, add))
- goto err;
- goto loop;
- }
- }
- ret = 1;
- err:
- BN_CTX_end(ctx);
- bn_check_top(rnd);
- return (ret);
-}
-
-static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
- const BIGNUM *rem, BN_CTX *ctx)
-{
- int i, ret = 0;
- BIGNUM *t1, *qadd, *q;
-
- bits--;
- BN_CTX_start(ctx);
- t1 = BN_CTX_get(ctx);
- q = BN_CTX_get(ctx);
- qadd = BN_CTX_get(ctx);
- if (qadd == NULL)
- goto err;
-
- if (!BN_rshift1(qadd, padd))
- goto err;
-
- if (!BN_rand(q, bits, 0, 1))
- goto err;
-
- /* we need ((rnd-rem) % add) == 0 */
- if (!BN_mod(t1, q, qadd, ctx))
- goto err;
- if (!BN_sub(q, q, t1))
- goto err;
- if (rem == NULL) {
- if (!BN_add_word(q, 1))
- goto err;
- } else {
- if (!BN_rshift1(t1, rem))
- goto err;
- if (!BN_add(q, q, t1))
- goto err;
- }
-
- /* we now have a random number 'rand' to test. */
- if (!BN_lshift1(p, q))
- goto err;
- if (!BN_add_word(p, 1))
- goto err;
-
- loop:for (i = 1; i < NUMPRIMES; i++) {
- /* check that p and q are prime */
- /*
- * check that for p and q gcd(p-1,primes) == 1 (except for 2)
- */
- if ((BN_mod_word(p, (BN_ULONG)primes[i]) == 0) ||
- (BN_mod_word(q, (BN_ULONG)primes[i]) == 0)) {
- if (!BN_add(p, p, padd))
- goto err;
- if (!BN_add(q, q, qadd))
- goto err;
- goto loop;
- }
- }
- ret = 1;
- err:
- BN_CTX_end(ctx);
- bn_check_top(p);
- return (ret);
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_prime.h b/thirdparty/openssl/crypto/bn/bn_prime.h
deleted file mode 100644
index 489af8b424..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_prime.h
+++ /dev/null
@@ -1,326 +0,0 @@
-/* Auto generated by bn_prime.pl */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef EIGHT_BIT
-# define NUMPRIMES 2048
-typedef unsigned short prime_t;
-#else
-# define NUMPRIMES 54
-typedef unsigned char prime_t;
-#endif
-static const prime_t primes[NUMPRIMES] = {
- 2, 3, 5, 7, 11, 13, 17, 19,
- 23, 29, 31, 37, 41, 43, 47, 53,
- 59, 61, 67, 71, 73, 79, 83, 89,
- 97, 101, 103, 107, 109, 113, 127, 131,
- 137, 139, 149, 151, 157, 163, 167, 173,
- 179, 181, 191, 193, 197, 199, 211, 223,
- 227, 229, 233, 239, 241, 251,
-#ifndef EIGHT_BIT
- 257, 263,
- 269, 271, 277, 281, 283, 293, 307, 311,
- 313, 317, 331, 337, 347, 349, 353, 359,
- 367, 373, 379, 383, 389, 397, 401, 409,
- 419, 421, 431, 433, 439, 443, 449, 457,
- 461, 463, 467, 479, 487, 491, 499, 503,
- 509, 521, 523, 541, 547, 557, 563, 569,
- 571, 577, 587, 593, 599, 601, 607, 613,
- 617, 619, 631, 641, 643, 647, 653, 659,
- 661, 673, 677, 683, 691, 701, 709, 719,
- 727, 733, 739, 743, 751, 757, 761, 769,
- 773, 787, 797, 809, 811, 821, 823, 827,
- 829, 839, 853, 857, 859, 863, 877, 881,
- 883, 887, 907, 911, 919, 929, 937, 941,
- 947, 953, 967, 971, 977, 983, 991, 997,
- 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049,
- 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097,
- 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163,
- 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223,
- 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283,
- 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321,
- 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423,
- 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459,
- 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511,
- 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571,
- 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619,
- 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693,
- 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747,
- 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811,
- 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877,
- 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949,
- 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003,
- 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069,
- 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129,
- 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203,
- 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267,
- 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311,
- 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377,
- 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423,
- 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503,
- 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579,
- 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657,
- 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693,
- 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741,
- 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801,
- 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861,
- 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939,
- 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011,
- 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079,
- 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167,
- 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221,
- 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301,
- 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347,
- 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413,
- 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491,
- 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541,
- 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607,
- 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671,
- 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727,
- 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797,
- 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863,
- 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923,
- 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003,
- 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057,
- 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129,
- 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211,
- 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259,
- 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337,
- 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409,
- 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481,
- 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547,
- 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621,
- 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673,
- 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751,
- 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813,
- 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909,
- 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967,
- 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011,
- 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087,
- 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167,
- 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233,
- 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309,
- 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399,
- 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443,
- 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507,
- 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573,
- 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653,
- 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711,
- 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791,
- 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849,
- 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897,
- 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007,
- 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073,
- 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133,
- 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211,
- 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271,
- 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329,
- 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379,
- 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473,
- 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563,
- 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637,
- 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701,
- 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779,
- 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833,
- 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907,
- 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971,
- 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027,
- 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121,
- 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207,
- 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253,
- 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349,
- 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457,
- 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517,
- 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561,
- 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621,
- 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691,
- 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757,
- 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853,
- 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919,
- 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009,
- 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087,
- 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161,
- 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231,
- 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291,
- 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369,
- 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443,
- 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537,
- 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609,
- 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677,
- 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731,
- 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803,
- 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861,
- 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941,
- 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011,
- 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091,
- 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161,
- 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227,
- 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311,
- 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377,
- 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433,
- 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491,
- 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587,
- 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649,
- 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733,
- 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791,
- 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857,
- 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929,
- 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037,
- 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099,
- 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163,
- 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247,
- 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303,
- 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369,
- 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459,
- 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531,
- 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627,
- 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691,
- 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771,
- 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859,
- 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937,
- 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003,
- 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087,
- 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161,
- 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251,
- 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317,
- 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399,
- 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483,
- 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551,
- 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657,
- 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731,
- 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813,
- 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887,
- 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941,
- 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011,
- 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101,
- 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161,
- 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251,
- 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323,
- 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401,
- 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473,
- 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527,
- 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589,
- 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653,
- 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739,
- 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821,
- 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907,
- 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967,
- 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033,
- 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109,
- 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177,
- 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259,
- 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337,
- 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421,
- 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499,
- 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597,
- 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681,
- 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723,
- 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799,
- 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879,
- 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933,
- 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033,
- 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143,
- 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221,
- 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323,
- 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407,
- 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461,
- 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549,
- 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627,
- 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699,
- 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753,
- 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821,
- 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887,
- 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957,
- 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073,
- 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137,
- 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217,
- 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277,
- 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331,
- 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401,
- 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473,
- 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569,
- 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643,
- 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727,
- 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773,
- 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859,
- 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919,
- 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007,
- 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087,
- 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183,
- 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249,
- 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349,
- 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427,
- 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493,
- 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603,
- 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661,
- 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747,
- 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843,
- 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927,
- 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993,
- 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053,
- 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159,
- 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231,
- 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327,
- 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389,
- 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467,
- 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519,
- 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599,
- 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683,
- 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783,
- 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863,
-#endif
-};
diff --git a/thirdparty/openssl/crypto/bn/bn_print.c b/thirdparty/openssl/crypto/bn/bn_print.c
deleted file mode 100644
index f85a6550a5..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_print.c
+++ /dev/null
@@ -1,402 +0,0 @@
-/* crypto/bn/bn_print.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <limits.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include "bn_lcl.h"
-
-static const char Hex[] = "0123456789ABCDEF";
-
-/* Must 'OPENSSL_free' the returned data */
-char *BN_bn2hex(const BIGNUM *a)
-{
- int i, j, v, z = 0;
- char *buf;
- char *p;
-
- if (BN_is_zero(a))
- return OPENSSL_strdup("0");
- buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
- if (buf == NULL) {
- BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- p = buf;
- if (a->neg)
- *(p++) = '-';
- for (i = a->top - 1; i >= 0; i--) {
- for (j = BN_BITS2 - 8; j >= 0; j -= 8) {
- /* strip leading zeros */
- v = ((int)(a->d[i] >> (long)j)) & 0xff;
- if (z || (v != 0)) {
- *(p++) = Hex[v >> 4];
- *(p++) = Hex[v & 0x0f];
- z = 1;
- }
- }
- }
- *p = '\0';
- err:
- return (buf);
-}
-
-/* Must 'OPENSSL_free' the returned data */
-char *BN_bn2dec(const BIGNUM *a)
-{
- int i = 0, num, ok = 0;
- char *buf = NULL;
- char *p;
- BIGNUM *t = NULL;
- BN_ULONG *bn_data = NULL, *lp;
- int bn_data_num;
-
- /*-
- * get an upper bound for the length of the decimal integer
- * num <= (BN_num_bits(a) + 1) * log(2)
- * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error)
- * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
- */
- i = BN_num_bits(a) * 3;
- num = (i / 10 + i / 1000 + 1) + 1;
- bn_data_num = num / BN_DEC_NUM + 1;
- bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG));
- buf = OPENSSL_malloc(num + 3);
- if ((buf == NULL) || (bn_data == NULL)) {
- BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if ((t = BN_dup(a)) == NULL)
- goto err;
-
-#define BUF_REMAIN (num+3 - (size_t)(p - buf))
- p = buf;
- lp = bn_data;
- if (BN_is_zero(t)) {
- *(p++) = '0';
- *(p++) = '\0';
- } else {
- if (BN_is_negative(t))
- *p++ = '-';
-
- while (!BN_is_zero(t)) {
- if (lp - bn_data >= bn_data_num)
- goto err;
- *lp = BN_div_word(t, BN_DEC_CONV);
- if (*lp == (BN_ULONG)-1)
- goto err;
- lp++;
- }
- lp--;
- /*
- * We now have a series of blocks, BN_DEC_NUM chars in length, where
- * the last one needs truncation. The blocks need to be reversed in
- * order.
- */
- BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp);
- while (*p)
- p++;
- while (lp != bn_data) {
- lp--;
- BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp);
- while (*p)
- p++;
- }
- }
- ok = 1;
- err:
- if (bn_data != NULL)
- OPENSSL_free(bn_data);
- if (t != NULL)
- BN_free(t);
- if (!ok && buf) {
- OPENSSL_free(buf);
- buf = NULL;
- }
-
- return (buf);
-}
-
-int BN_hex2bn(BIGNUM **bn, const char *a)
-{
- BIGNUM *ret = NULL;
- BN_ULONG l = 0;
- int neg = 0, h, m, i, j, k, c;
- int num;
-
- if ((a == NULL) || (*a == '\0'))
- return (0);
-
- if (*a == '-') {
- neg = 1;
- a++;
- }
-
- for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++)
- continue;
-
- if (i > INT_MAX/4)
- goto err;
-
- num = i + neg;
- if (bn == NULL)
- return (num);
-
- /* a is the start of the hex digits, and it is 'i' long */
- if (*bn == NULL) {
- if ((ret = BN_new()) == NULL)
- return (0);
- } else {
- ret = *bn;
- BN_zero(ret);
- }
-
- /* i is the number of hex digits */
- if (bn_expand(ret, i * 4) == NULL)
- goto err;
-
- j = i; /* least significant 'hex' */
- m = 0;
- h = 0;
- while (j > 0) {
- m = ((BN_BYTES * 2) <= j) ? (BN_BYTES * 2) : j;
- l = 0;
- for (;;) {
- c = a[j - m];
- if ((c >= '0') && (c <= '9'))
- k = c - '0';
- else if ((c >= 'a') && (c <= 'f'))
- k = c - 'a' + 10;
- else if ((c >= 'A') && (c <= 'F'))
- k = c - 'A' + 10;
- else
- k = 0; /* paranoia */
- l = (l << 4) | k;
-
- if (--m <= 0) {
- ret->d[h++] = l;
- break;
- }
- }
- j -= (BN_BYTES * 2);
- }
- ret->top = h;
- bn_correct_top(ret);
-
- *bn = ret;
- bn_check_top(ret);
- /* Don't set the negative flag if it's zero. */
- if (ret->top != 0)
- ret->neg = neg;
- return (num);
- err:
- if (*bn == NULL)
- BN_free(ret);
- return (0);
-}
-
-int BN_dec2bn(BIGNUM **bn, const char *a)
-{
- BIGNUM *ret = NULL;
- BN_ULONG l = 0;
- int neg = 0, i, j;
- int num;
-
- if ((a == NULL) || (*a == '\0'))
- return (0);
- if (*a == '-') {
- neg = 1;
- a++;
- }
-
- for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++)
- continue;
-
- if (i > INT_MAX/4)
- goto err;
-
- num = i + neg;
- if (bn == NULL)
- return (num);
-
- /*
- * a is the start of the digits, and it is 'i' long. We chop it into
- * BN_DEC_NUM digits at a time
- */
- if (*bn == NULL) {
- if ((ret = BN_new()) == NULL)
- return (0);
- } else {
- ret = *bn;
- BN_zero(ret);
- }
-
- /* i is the number of digits, a bit of an over expand */
- if (bn_expand(ret, i * 4) == NULL)
- goto err;
-
- j = BN_DEC_NUM - (i % BN_DEC_NUM);
- if (j == BN_DEC_NUM)
- j = 0;
- l = 0;
- while (--i >= 0) {
- l *= 10;
- l += *a - '0';
- a++;
- if (++j == BN_DEC_NUM) {
- BN_mul_word(ret, BN_DEC_CONV);
- BN_add_word(ret, l);
- l = 0;
- j = 0;
- }
- }
-
- bn_correct_top(ret);
- *bn = ret;
- bn_check_top(ret);
- /* Don't set the negative flag if it's zero. */
- if (ret->top != 0)
- ret->neg = neg;
- return (num);
- err:
- if (*bn == NULL)
- BN_free(ret);
- return (0);
-}
-
-int BN_asc2bn(BIGNUM **bn, const char *a)
-{
- const char *p = a;
-
- if (*p == '-')
- p++;
-
- if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x')) {
- if (!BN_hex2bn(bn, p + 2))
- return 0;
- } else {
- if (!BN_dec2bn(bn, p))
- return 0;
- }
- /* Don't set the negative flag if it's zero. */
- if (*a == '-' && (*bn)->top != 0)
- (*bn)->neg = 1;
- return 1;
-}
-
-#ifndef OPENSSL_NO_BIO
-# ifndef OPENSSL_NO_FP_API
-int BN_print_fp(FILE *fp, const BIGNUM *a)
-{
- BIO *b;
- int ret;
-
- if ((b = BIO_new(BIO_s_file())) == NULL)
- return (0);
- BIO_set_fp(b, fp, BIO_NOCLOSE);
- ret = BN_print(b, a);
- BIO_free(b);
- return (ret);
-}
-# endif
-
-int BN_print(BIO *bp, const BIGNUM *a)
-{
- int i, j, v, z = 0;
- int ret = 0;
-
- if ((a->neg) && (BIO_write(bp, "-", 1) != 1))
- goto end;
- if (BN_is_zero(a) && (BIO_write(bp, "0", 1) != 1))
- goto end;
- for (i = a->top - 1; i >= 0; i--) {
- for (j = BN_BITS2 - 4; j >= 0; j -= 4) {
- /* strip leading zeros */
- v = ((int)(a->d[i] >> (long)j)) & 0x0f;
- if (z || (v != 0)) {
- if (BIO_write(bp, &(Hex[v]), 1) != 1)
- goto end;
- z = 1;
- }
- }
- }
- ret = 1;
- end:
- return (ret);
-}
-#endif
-
-char *BN_options(void)
-{
- static int init = 0;
- static char data[16];
-
- if (!init) {
- init++;
-#ifdef BN_LLONG
- BIO_snprintf(data, sizeof data, "bn(%d,%d)",
- (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8);
-#else
- BIO_snprintf(data, sizeof data, "bn(%d,%d)",
- (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8);
-#endif
- }
- return (data);
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_rand.c b/thirdparty/openssl/crypto/bn/bn_rand.c
deleted file mode 100644
index 60d3f2260b..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_rand.c
+++ /dev/null
@@ -1,294 +0,0 @@
-/* crypto/bn/bn_rand.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-#include <openssl/rand.h>
-
-static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
-{
- unsigned char *buf = NULL;
- int ret = 0, bit, bytes, mask;
- time_t tim;
-
- if (bits == 0) {
- if (top != -1 || bottom != 0)
- goto toosmall;
- BN_zero(rnd);
- return 1;
- }
- if (bits < 0 || (bits == 1 && top > 0))
- goto toosmall;
-
- bytes = (bits + 7) / 8;
- bit = (bits - 1) % 8;
- mask = 0xff << (bit + 1);
-
- buf = (unsigned char *)OPENSSL_malloc(bytes);
- if (buf == NULL) {
- BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* make a random number and set the top and bottom bits */
- time(&tim);
- RAND_add(&tim, sizeof(tim), 0.0);
-
- /* We ignore the value of pseudorand and always call RAND_bytes */
- if (RAND_bytes(buf, bytes) <= 0)
- goto err;
-
-#if 1
- if (pseudorand == 2) {
- /*
- * generate patterns that are more likely to trigger BN library bugs
- */
- int i;
- unsigned char c;
-
- for (i = 0; i < bytes; i++) {
- if (RAND_pseudo_bytes(&c, 1) < 0)
- goto err;
- if (c >= 128 && i > 0)
- buf[i] = buf[i - 1];
- else if (c < 42)
- buf[i] = 0;
- else if (c < 84)
- buf[i] = 255;
- }
- }
-#endif
-
- if (top >= 0) {
- if (top) {
- if (bit == 0) {
- buf[0] = 1;
- buf[1] |= 0x80;
- } else {
- buf[0] |= (3 << (bit - 1));
- }
- } else {
- buf[0] |= (1 << bit);
- }
- }
- buf[0] &= ~mask;
- if (bottom) /* set bottom bit if requested */
- buf[bytes - 1] |= 1;
- if (!BN_bin2bn(buf, bytes, rnd))
- goto err;
- ret = 1;
- err:
- if (buf != NULL) {
- OPENSSL_cleanse(buf, bytes);
- OPENSSL_free(buf);
- }
- bn_check_top(rnd);
- return (ret);
-
-toosmall:
- BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
- return 0;
-}
-
-int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
-{
- return bnrand(0, rnd, bits, top, bottom);
-}
-
-int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
-{
- return bnrand(1, rnd, bits, top, bottom);
-}
-
-#if 1
-int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
-{
- return bnrand(2, rnd, bits, top, bottom);
-}
-#endif
-
-/* random number r: 0 <= r < range */
-static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
-{
- int (*bn_rand) (BIGNUM *, int, int, int) =
- pseudo ? BN_pseudo_rand : BN_rand;
- int n;
- int count = 100;
-
- if (range->neg || BN_is_zero(range)) {
- BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
- return 0;
- }
-
- n = BN_num_bits(range); /* n > 0 */
-
- /* BN_is_bit_set(range, n - 1) always holds */
-
- if (n == 1)
- BN_zero(r);
- else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
- /*
- * range = 100..._2, so 3*range (= 11..._2) is exactly one bit longer
- * than range
- */
- do {
- if (!bn_rand(r, n + 1, -1, 0))
- return 0;
- /*
- * If r < 3*range, use r := r MOD range (which is either r, r -
- * range, or r - 2*range). Otherwise, iterate once more. Since
- * 3*range = 11..._2, each iteration succeeds with probability >=
- * .75.
- */
- if (BN_cmp(r, range) >= 0) {
- if (!BN_sub(r, r, range))
- return 0;
- if (BN_cmp(r, range) >= 0)
- if (!BN_sub(r, r, range))
- return 0;
- }
-
- if (!--count) {
- BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
- return 0;
- }
-
- }
- while (BN_cmp(r, range) >= 0);
- } else {
- do {
- /* range = 11..._2 or range = 101..._2 */
- if (!bn_rand(r, n, -1, 0))
- return 0;
-
- if (!--count) {
- BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
- return 0;
- }
- }
- while (BN_cmp(r, range) >= 0);
- }
-
- bn_check_top(r);
- return 1;
-}
-
-int BN_rand_range(BIGNUM *r, const BIGNUM *range)
-{
- return bn_rand_range(0, r, range);
-}
-
-int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
-{
- return bn_rand_range(1, r, range);
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_recp.c b/thirdparty/openssl/crypto/bn/bn_recp.c
deleted file mode 100644
index f047040efe..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_recp.c
+++ /dev/null
@@ -1,252 +0,0 @@
-/* crypto/bn/bn_recp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-void BN_RECP_CTX_init(BN_RECP_CTX *recp)
-{
- BN_init(&(recp->N));
- BN_init(&(recp->Nr));
- recp->num_bits = 0;
- recp->shift = 0;
- recp->flags = 0;
-}
-
-BN_RECP_CTX *BN_RECP_CTX_new(void)
-{
- BN_RECP_CTX *ret;
-
- if ((ret = (BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL)
- return (NULL);
-
- BN_RECP_CTX_init(ret);
- ret->flags = BN_FLG_MALLOCED;
- return (ret);
-}
-
-void BN_RECP_CTX_free(BN_RECP_CTX *recp)
-{
- if (recp == NULL)
- return;
-
- BN_free(&(recp->N));
- BN_free(&(recp->Nr));
- if (recp->flags & BN_FLG_MALLOCED)
- OPENSSL_free(recp);
-}
-
-int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
-{
- if (!BN_copy(&(recp->N), d))
- return 0;
- BN_zero(&(recp->Nr));
- recp->num_bits = BN_num_bits(d);
- recp->shift = 0;
- return (1);
-}
-
-int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
- BN_RECP_CTX *recp, BN_CTX *ctx)
-{
- int ret = 0;
- BIGNUM *a;
- const BIGNUM *ca;
-
- BN_CTX_start(ctx);
- if ((a = BN_CTX_get(ctx)) == NULL)
- goto err;
- if (y != NULL) {
- if (x == y) {
- if (!BN_sqr(a, x, ctx))
- goto err;
- } else {
- if (!BN_mul(a, x, y, ctx))
- goto err;
- }
- ca = a;
- } else
- ca = x; /* Just do the mod */
-
- ret = BN_div_recp(NULL, r, ca, recp, ctx);
- err:
- BN_CTX_end(ctx);
- bn_check_top(r);
- return (ret);
-}
-
-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
- BN_RECP_CTX *recp, BN_CTX *ctx)
-{
- int i, j, ret = 0;
- BIGNUM *a, *b, *d, *r;
-
- BN_CTX_start(ctx);
- a = BN_CTX_get(ctx);
- b = BN_CTX_get(ctx);
- if (dv != NULL)
- d = dv;
- else
- d = BN_CTX_get(ctx);
- if (rem != NULL)
- r = rem;
- else
- r = BN_CTX_get(ctx);
- if (a == NULL || b == NULL || d == NULL || r == NULL)
- goto err;
-
- if (BN_ucmp(m, &(recp->N)) < 0) {
- BN_zero(d);
- if (!BN_copy(r, m)) {
- BN_CTX_end(ctx);
- return 0;
- }
- BN_CTX_end(ctx);
- return (1);
- }
-
- /*
- * We want the remainder Given input of ABCDEF / ab we need multiply
- * ABCDEF by 3 digests of the reciprocal of ab
- */
-
- /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
- i = BN_num_bits(m);
- j = recp->num_bits << 1;
- if (j > i)
- i = j;
-
- /* Nr := round(2^i / N) */
- if (i != recp->shift)
- recp->shift = BN_reciprocal(&(recp->Nr), &(recp->N), i, ctx);
- /* BN_reciprocal could have returned -1 for an error */
- if (recp->shift == -1)
- goto err;
-
- /*-
- * d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
- * = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
- * <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
- * = |m/N|
- */
- if (!BN_rshift(a, m, recp->num_bits))
- goto err;
- if (!BN_mul(b, a, &(recp->Nr), ctx))
- goto err;
- if (!BN_rshift(d, b, i - recp->num_bits))
- goto err;
- d->neg = 0;
-
- if (!BN_mul(b, &(recp->N), d, ctx))
- goto err;
- if (!BN_usub(r, m, b))
- goto err;
- r->neg = 0;
-
-#if 1
- j = 0;
- while (BN_ucmp(r, &(recp->N)) >= 0) {
- if (j++ > 2) {
- BNerr(BN_F_BN_DIV_RECP, BN_R_BAD_RECIPROCAL);
- goto err;
- }
- if (!BN_usub(r, r, &(recp->N)))
- goto err;
- if (!BN_add_word(d, 1))
- goto err;
- }
-#endif
-
- r->neg = BN_is_zero(r) ? 0 : m->neg;
- d->neg = m->neg ^ recp->N.neg;
- ret = 1;
- err:
- BN_CTX_end(ctx);
- bn_check_top(dv);
- bn_check_top(rem);
- return (ret);
-}
-
-/*
- * len is the expected size of the result We actually calculate with an extra
- * word of precision, so we can do faster division if the remainder is not
- * required.
- */
-/* r := 2^len / m */
-int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
-{
- int ret = -1;
- BIGNUM *t;
-
- BN_CTX_start(ctx);
- if ((t = BN_CTX_get(ctx)) == NULL)
- goto err;
-
- if (!BN_set_bit(t, len))
- goto err;
-
- if (!BN_div(r, NULL, t, m, ctx))
- goto err;
-
- ret = len;
- err:
- bn_check_top(r);
- BN_CTX_end(ctx);
- return (ret);
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_shift.c b/thirdparty/openssl/crypto/bn/bn_shift.c
deleted file mode 100644
index 9673d9a306..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_shift.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/* crypto/bn/bn_shift.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-int BN_lshift1(BIGNUM *r, const BIGNUM *a)
-{
- register BN_ULONG *ap, *rp, t, c;
- int i;
-
- bn_check_top(r);
- bn_check_top(a);
-
- if (r != a) {
- r->neg = a->neg;
- if (bn_wexpand(r, a->top + 1) == NULL)
- return (0);
- r->top = a->top;
- } else {
- if (bn_wexpand(r, a->top + 1) == NULL)
- return (0);
- }
- ap = a->d;
- rp = r->d;
- c = 0;
- for (i = 0; i < a->top; i++) {
- t = *(ap++);
- *(rp++) = ((t << 1) | c) & BN_MASK2;
- c = (t & BN_TBIT) ? 1 : 0;
- }
- if (c) {
- *rp = 1;
- r->top++;
- }
- bn_check_top(r);
- return (1);
-}
-
-int BN_rshift1(BIGNUM *r, const BIGNUM *a)
-{
- BN_ULONG *ap, *rp, t, c;
- int i, j;
-
- bn_check_top(r);
- bn_check_top(a);
-
- if (BN_is_zero(a)) {
- BN_zero(r);
- return (1);
- }
- i = a->top;
- ap = a->d;
- j = i - (ap[i - 1] == 1);
- if (a != r) {
- if (bn_wexpand(r, j) == NULL)
- return (0);
- r->neg = a->neg;
- }
- rp = r->d;
- t = ap[--i];
- c = (t & 1) ? BN_TBIT : 0;
- if (t >>= 1)
- rp[i] = t;
- while (i > 0) {
- t = ap[--i];
- rp[i] = ((t >> 1) & BN_MASK2) | c;
- c = (t & 1) ? BN_TBIT : 0;
- }
- r->top = j;
- bn_check_top(r);
- return (1);
-}
-
-int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
-{
- int i, nw, lb, rb;
- BN_ULONG *t, *f;
- BN_ULONG l;
-
- bn_check_top(r);
- bn_check_top(a);
-
- if (n < 0) {
- BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT);
- return 0;
- }
-
- r->neg = a->neg;
- nw = n / BN_BITS2;
- if (bn_wexpand(r, a->top + nw + 1) == NULL)
- return (0);
- lb = n % BN_BITS2;
- rb = BN_BITS2 - lb;
- f = a->d;
- t = r->d;
- t[a->top + nw] = 0;
- if (lb == 0)
- for (i = a->top - 1; i >= 0; i--)
- t[nw + i] = f[i];
- else
- for (i = a->top - 1; i >= 0; i--) {
- l = f[i];
- t[nw + i + 1] |= (l >> rb) & BN_MASK2;
- t[nw + i] = (l << lb) & BN_MASK2;
- }
- memset(t, 0, nw * sizeof(t[0]));
- /*
- * for (i=0; i<nw; i++) t[i]=0;
- */
- r->top = a->top + nw + 1;
- bn_correct_top(r);
- bn_check_top(r);
- return (1);
-}
-
-int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
-{
- int i, j, nw, lb, rb;
- BN_ULONG *t, *f;
- BN_ULONG l, tmp;
-
- bn_check_top(r);
- bn_check_top(a);
-
- if (n < 0) {
- BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT);
- return 0;
- }
-
- nw = n / BN_BITS2;
- rb = n % BN_BITS2;
- lb = BN_BITS2 - rb;
- if (nw >= a->top || a->top == 0) {
- BN_zero(r);
- return (1);
- }
- i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2;
- if (r != a) {
- r->neg = a->neg;
- if (bn_wexpand(r, i) == NULL)
- return (0);
- } else {
- if (n == 0)
- return 1; /* or the copying loop will go berserk */
- }
-
- f = &(a->d[nw]);
- t = r->d;
- j = a->top - nw;
- r->top = i;
-
- if (rb == 0) {
- for (i = j; i != 0; i--)
- *(t++) = *(f++);
- } else {
- l = *(f++);
- for (i = j - 1; i != 0; i--) {
- tmp = (l >> rb) & BN_MASK2;
- l = *(f++);
- *(t++) = (tmp | (l << lb)) & BN_MASK2;
- }
- if ((l = (l >> rb) & BN_MASK2))
- *(t) = l;
- }
- bn_check_top(r);
- return (1);
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_sqr.c b/thirdparty/openssl/crypto/bn/bn_sqr.c
deleted file mode 100644
index 256d26e8db..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_sqr.c
+++ /dev/null
@@ -1,291 +0,0 @@
-/* crypto/bn/bn_sqr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-/* r must not be a */
-/*
- * I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96
- */
-int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-{
- int max, al;
- int ret = 0;
- BIGNUM *tmp, *rr;
-
-#ifdef BN_COUNT
- fprintf(stderr, "BN_sqr %d * %d\n", a->top, a->top);
-#endif
- bn_check_top(a);
-
- al = a->top;
- if (al <= 0) {
- r->top = 0;
- r->neg = 0;
- return 1;
- }
-
- BN_CTX_start(ctx);
- rr = (a != r) ? r : BN_CTX_get(ctx);
- tmp = BN_CTX_get(ctx);
- if (!rr || !tmp)
- goto err;
-
- max = 2 * al; /* Non-zero (from above) */
- if (bn_wexpand(rr, max) == NULL)
- goto err;
-
- if (al == 4) {
-#ifndef BN_SQR_COMBA
- BN_ULONG t[8];
- bn_sqr_normal(rr->d, a->d, 4, t);
-#else
- bn_sqr_comba4(rr->d, a->d);
-#endif
- } else if (al == 8) {
-#ifndef BN_SQR_COMBA
- BN_ULONG t[16];
- bn_sqr_normal(rr->d, a->d, 8, t);
-#else
- bn_sqr_comba8(rr->d, a->d);
-#endif
- } else {
-#if defined(BN_RECURSION)
- if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) {
- BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL * 2];
- bn_sqr_normal(rr->d, a->d, al, t);
- } else {
- int j, k;
-
- j = BN_num_bits_word((BN_ULONG)al);
- j = 1 << (j - 1);
- k = j + j;
- if (al == j) {
- if (bn_wexpand(tmp, k * 2) == NULL)
- goto err;
- bn_sqr_recursive(rr->d, a->d, al, tmp->d);
- } else {
- if (bn_wexpand(tmp, max) == NULL)
- goto err;
- bn_sqr_normal(rr->d, a->d, al, tmp->d);
- }
- }
-#else
- if (bn_wexpand(tmp, max) == NULL)
- goto err;
- bn_sqr_normal(rr->d, a->d, al, tmp->d);
-#endif
- }
-
- rr->neg = 0;
- /*
- * If the most-significant half of the top word of 'a' is zero, then the
- * square of 'a' will max-1 words.
- */
- if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
- rr->top = max - 1;
- else
- rr->top = max;
- if (r != rr && BN_copy(r, rr) == NULL)
- goto err;
-
- ret = 1;
- err:
- bn_check_top(rr);
- bn_check_top(tmp);
- BN_CTX_end(ctx);
- return (ret);
-}
-
-/* tmp must have 2*n words */
-void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
-{
- int i, j, max;
- const BN_ULONG *ap;
- BN_ULONG *rp;
-
- max = n * 2;
- ap = a;
- rp = r;
- rp[0] = rp[max - 1] = 0;
- rp++;
- j = n;
-
- if (--j > 0) {
- ap++;
- rp[j] = bn_mul_words(rp, ap, j, ap[-1]);
- rp += 2;
- }
-
- for (i = n - 2; i > 0; i--) {
- j--;
- ap++;
- rp[j] = bn_mul_add_words(rp, ap, j, ap[-1]);
- rp += 2;
- }
-
- bn_add_words(r, r, r, max);
-
- /* There will not be a carry */
-
- bn_sqr_words(tmp, a, n);
-
- bn_add_words(r, r, tmp, max);
-}
-
-#ifdef BN_RECURSION
-/*-
- * r is 2*n words in size,
- * a and b are both n words in size. (There's not actually a 'b' here ...)
- * n must be a power of 2.
- * We multiply and return the result.
- * t must be 2*n words in size
- * We calculate
- * a[0]*b[0]
- * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
- * a[1]*b[1]
- */
-void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
-{
- int n = n2 / 2;
- int zero, c1;
- BN_ULONG ln, lo, *p;
-
-# ifdef BN_COUNT
- fprintf(stderr, " bn_sqr_recursive %d * %d\n", n2, n2);
-# endif
- if (n2 == 4) {
-# ifndef BN_SQR_COMBA
- bn_sqr_normal(r, a, 4, t);
-# else
- bn_sqr_comba4(r, a);
-# endif
- return;
- } else if (n2 == 8) {
-# ifndef BN_SQR_COMBA
- bn_sqr_normal(r, a, 8, t);
-# else
- bn_sqr_comba8(r, a);
-# endif
- return;
- }
- if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) {
- bn_sqr_normal(r, a, n2, t);
- return;
- }
- /* r=(a[0]-a[1])*(a[1]-a[0]) */
- c1 = bn_cmp_words(a, &(a[n]), n);
- zero = 0;
- if (c1 > 0)
- bn_sub_words(t, a, &(a[n]), n);
- else if (c1 < 0)
- bn_sub_words(t, &(a[n]), a, n);
- else
- zero = 1;
-
- /* The result will always be negative unless it is zero */
- p = &(t[n2 * 2]);
-
- if (!zero)
- bn_sqr_recursive(&(t[n2]), t, n, p);
- else
- memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
- bn_sqr_recursive(r, a, n, p);
- bn_sqr_recursive(&(r[n2]), &(a[n]), n, p);
-
- /*-
- * t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
- * r[10] holds (a[0]*b[0])
- * r[32] holds (b[1]*b[1])
- */
-
- c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
-
- /* t[32] is negative */
- c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
-
- /*-
- * t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
- * r[10] holds (a[0]*a[0])
- * r[32] holds (a[1]*a[1])
- * c1 holds the carry bits
- */
- c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
- if (c1) {
- p = &(r[n + n2]);
- lo = *p;
- ln = (lo + c1) & BN_MASK2;
- *p = ln;
-
- /*
- * The overflow will stop before we over write words we should not
- * overwrite
- */
- if (ln < (BN_ULONG)c1) {
- do {
- p++;
- lo = *p;
- ln = (lo + 1) & BN_MASK2;
- *p = ln;
- } while (ln == 0);
- }
- }
-}
-#endif
diff --git a/thirdparty/openssl/crypto/bn/bn_sqrt.c b/thirdparty/openssl/crypto/bn/bn_sqrt.c
deleted file mode 100644
index 232af99a21..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_sqrt.c
+++ /dev/null
@@ -1,409 +0,0 @@
-/* crypto/bn/bn_sqrt.c */
-/*
- * Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> and Bodo
- * Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-/*
- * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks
- * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number
- * Theory", algorithm 1.5.1). 'p' must be prime!
- */
-{
- BIGNUM *ret = in;
- int err = 1;
- int r;
- BIGNUM *A, *b, *q, *t, *x, *y;
- int e, i, j;
-
- if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) {
- if (BN_abs_is_word(p, 2)) {
- if (ret == NULL)
- ret = BN_new();
- if (ret == NULL)
- goto end;
- if (!BN_set_word(ret, BN_is_bit_set(a, 0))) {
- if (ret != in)
- BN_free(ret);
- return NULL;
- }
- bn_check_top(ret);
- return ret;
- }
-
- BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
- return (NULL);
- }
-
- if (BN_is_zero(a) || BN_is_one(a)) {
- if (ret == NULL)
- ret = BN_new();
- if (ret == NULL)
- goto end;
- if (!BN_set_word(ret, BN_is_one(a))) {
- if (ret != in)
- BN_free(ret);
- return NULL;
- }
- bn_check_top(ret);
- return ret;
- }
-
- BN_CTX_start(ctx);
- A = BN_CTX_get(ctx);
- b = BN_CTX_get(ctx);
- q = BN_CTX_get(ctx);
- t = BN_CTX_get(ctx);
- x = BN_CTX_get(ctx);
- y = BN_CTX_get(ctx);
- if (y == NULL)
- goto end;
-
- if (ret == NULL)
- ret = BN_new();
- if (ret == NULL)
- goto end;
-
- /* A = a mod p */
- if (!BN_nnmod(A, a, p, ctx))
- goto end;
-
- /* now write |p| - 1 as 2^e*q where q is odd */
- e = 1;
- while (!BN_is_bit_set(p, e))
- e++;
- /* we'll set q later (if needed) */
-
- if (e == 1) {
- /*-
- * The easy case: (|p|-1)/2 is odd, so 2 has an inverse
- * modulo (|p|-1)/2, and square roots can be computed
- * directly by modular exponentiation.
- * We have
- * 2 * (|p|+1)/4 == 1 (mod (|p|-1)/2),
- * so we can use exponent (|p|+1)/4, i.e. (|p|-3)/4 + 1.
- */
- if (!BN_rshift(q, p, 2))
- goto end;
- q->neg = 0;
- if (!BN_add_word(q, 1))
- goto end;
- if (!BN_mod_exp(ret, A, q, p, ctx))
- goto end;
- err = 0;
- goto vrfy;
- }
-
- if (e == 2) {
- /*-
- * |p| == 5 (mod 8)
- *
- * In this case 2 is always a non-square since
- * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime.
- * So if a really is a square, then 2*a is a non-square.
- * Thus for
- * b := (2*a)^((|p|-5)/8),
- * i := (2*a)*b^2
- * we have
- * i^2 = (2*a)^((1 + (|p|-5)/4)*2)
- * = (2*a)^((p-1)/2)
- * = -1;
- * so if we set
- * x := a*b*(i-1),
- * then
- * x^2 = a^2 * b^2 * (i^2 - 2*i + 1)
- * = a^2 * b^2 * (-2*i)
- * = a*(-i)*(2*a*b^2)
- * = a*(-i)*i
- * = a.
- *
- * (This is due to A.O.L. Atkin,
- * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
- * November 1992.)
- */
-
- /* t := 2*a */
- if (!BN_mod_lshift1_quick(t, A, p))
- goto end;
-
- /* b := (2*a)^((|p|-5)/8) */
- if (!BN_rshift(q, p, 3))
- goto end;
- q->neg = 0;
- if (!BN_mod_exp(b, t, q, p, ctx))
- goto end;
-
- /* y := b^2 */
- if (!BN_mod_sqr(y, b, p, ctx))
- goto end;
-
- /* t := (2*a)*b^2 - 1 */
- if (!BN_mod_mul(t, t, y, p, ctx))
- goto end;
- if (!BN_sub_word(t, 1))
- goto end;
-
- /* x = a*b*t */
- if (!BN_mod_mul(x, A, b, p, ctx))
- goto end;
- if (!BN_mod_mul(x, x, t, p, ctx))
- goto end;
-
- if (!BN_copy(ret, x))
- goto end;
- err = 0;
- goto vrfy;
- }
-
- /*
- * e > 2, so we really have to use the Tonelli/Shanks algorithm. First,
- * find some y that is not a square.
- */
- if (!BN_copy(q, p))
- goto end; /* use 'q' as temp */
- q->neg = 0;
- i = 2;
- do {
- /*
- * For efficiency, try small numbers first; if this fails, try random
- * numbers.
- */
- if (i < 22) {
- if (!BN_set_word(y, i))
- goto end;
- } else {
- if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0))
- goto end;
- if (BN_ucmp(y, p) >= 0) {
- if (!(p->neg ? BN_add : BN_sub) (y, y, p))
- goto end;
- }
- /* now 0 <= y < |p| */
- if (BN_is_zero(y))
- if (!BN_set_word(y, i))
- goto end;
- }
-
- r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
- if (r < -1)
- goto end;
- if (r == 0) {
- /* m divides p */
- BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
- goto end;
- }
- }
- while (r == 1 && ++i < 82);
-
- if (r != -1) {
- /*
- * Many rounds and still no non-square -- this is more likely a bug
- * than just bad luck. Even if p is not prime, we should have found
- * some y such that r == -1.
- */
- BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
- goto end;
- }
-
- /* Here's our actual 'q': */
- if (!BN_rshift(q, q, e))
- goto end;
-
- /*
- * Now that we have some non-square, we can find an element of order 2^e
- * by computing its q'th power.
- */
- if (!BN_mod_exp(y, y, q, p, ctx))
- goto end;
- if (BN_is_one(y)) {
- BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
- goto end;
- }
-
- /*-
- * Now we know that (if p is indeed prime) there is an integer
- * k, 0 <= k < 2^e, such that
- *
- * a^q * y^k == 1 (mod p).
- *
- * As a^q is a square and y is not, k must be even.
- * q+1 is even, too, so there is an element
- *
- * X := a^((q+1)/2) * y^(k/2),
- *
- * and it satisfies
- *
- * X^2 = a^q * a * y^k
- * = a,
- *
- * so it is the square root that we are looking for.
- */
-
- /* t := (q-1)/2 (note that q is odd) */
- if (!BN_rshift1(t, q))
- goto end;
-
- /* x := a^((q-1)/2) */
- if (BN_is_zero(t)) { /* special case: p = 2^e + 1 */
- if (!BN_nnmod(t, A, p, ctx))
- goto end;
- if (BN_is_zero(t)) {
- /* special case: a == 0 (mod p) */
- BN_zero(ret);
- err = 0;
- goto end;
- } else if (!BN_one(x))
- goto end;
- } else {
- if (!BN_mod_exp(x, A, t, p, ctx))
- goto end;
- if (BN_is_zero(x)) {
- /* special case: a == 0 (mod p) */
- BN_zero(ret);
- err = 0;
- goto end;
- }
- }
-
- /* b := a*x^2 (= a^q) */
- if (!BN_mod_sqr(b, x, p, ctx))
- goto end;
- if (!BN_mod_mul(b, b, A, p, ctx))
- goto end;
-
- /* x := a*x (= a^((q+1)/2)) */
- if (!BN_mod_mul(x, x, A, p, ctx))
- goto end;
-
- while (1) {
- /*-
- * Now b is a^q * y^k for some even k (0 <= k < 2^E
- * where E refers to the original value of e, which we
- * don't keep in a variable), and x is a^((q+1)/2) * y^(k/2).
- *
- * We have a*b = x^2,
- * y^2^(e-1) = -1,
- * b^2^(e-1) = 1.
- */
-
- if (BN_is_one(b)) {
- if (!BN_copy(ret, x))
- goto end;
- err = 0;
- goto vrfy;
- }
-
- /* find smallest i such that b^(2^i) = 1 */
- i = 1;
- if (!BN_mod_sqr(t, b, p, ctx))
- goto end;
- while (!BN_is_one(t)) {
- i++;
- if (i == e) {
- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
- goto end;
- }
- if (!BN_mod_mul(t, t, t, p, ctx))
- goto end;
- }
-
- /* t := y^2^(e - i - 1) */
- if (!BN_copy(t, y))
- goto end;
- for (j = e - i - 1; j > 0; j--) {
- if (!BN_mod_sqr(t, t, p, ctx))
- goto end;
- }
- if (!BN_mod_mul(y, t, t, p, ctx))
- goto end;
- if (!BN_mod_mul(x, x, t, p, ctx))
- goto end;
- if (!BN_mod_mul(b, b, y, p, ctx))
- goto end;
- e = i;
- }
-
- vrfy:
- if (!err) {
- /*
- * verify the result -- the input might have been not a square (test
- * added in 0.9.8)
- */
-
- if (!BN_mod_sqr(x, ret, p, ctx))
- err = 1;
-
- if (!err && 0 != BN_cmp(x, A)) {
- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
- err = 1;
- }
- }
-
- end:
- if (err) {
- if (ret != NULL && ret != in) {
- BN_clear_free(ret);
- }
- ret = NULL;
- }
- BN_CTX_end(ctx);
- bn_check_top(ret);
- return ret;
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_word.c b/thirdparty/openssl/crypto/bn/bn_word.c
deleted file mode 100644
index 9b5f9cb98c..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_word.c
+++ /dev/null
@@ -1,249 +0,0 @@
-/* crypto/bn/bn_word.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
-{
-#ifndef BN_LLONG
- BN_ULONG ret = 0;
-#else
- BN_ULLONG ret = 0;
-#endif
- int i;
-
- if (w == 0)
- return (BN_ULONG)-1;
-
-#ifndef BN_LLONG
- /*
- * If |w| is too long and we don't have BN_ULLONG then we need to fall
- * back to using BN_div_word
- */
- if (w > ((BN_ULONG)1 << BN_BITS4)) {
- BIGNUM *tmp = BN_dup(a);
- if (tmp == NULL)
- return (BN_ULONG)-1;
-
- ret = BN_div_word(tmp, w);
- BN_free(tmp);
-
- return ret;
- }
-#endif
-
- bn_check_top(a);
- w &= BN_MASK2;
- for (i = a->top - 1; i >= 0; i--) {
-#ifndef BN_LLONG
- /*
- * We can assume here that | w <= ((BN_ULONG)1 << BN_BITS4) | and so
- * | ret < ((BN_ULONG)1 << BN_BITS4) | and therefore the shifts here are
- * safe and will not overflow
- */
- ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & BN_MASK2l)) % w;
- ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w;
-#else
- ret = (BN_ULLONG) (((ret << (BN_ULLONG) BN_BITS2) | a->d[i]) %
- (BN_ULLONG) w);
-#endif
- }
- return ((BN_ULONG)ret);
-}
-
-BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
-{
- BN_ULONG ret = 0;
- int i, j;
-
- bn_check_top(a);
- w &= BN_MASK2;
-
- if (!w)
- /* actually this an error (division by zero) */
- return (BN_ULONG)-1;
- if (a->top == 0)
- return 0;
-
- /* normalize input (so bn_div_words doesn't complain) */
- j = BN_BITS2 - BN_num_bits_word(w);
- w <<= j;
- if (!BN_lshift(a, a, j))
- return (BN_ULONG)-1;
-
- for (i = a->top - 1; i >= 0; i--) {
- BN_ULONG l, d;
-
- l = a->d[i];
- d = bn_div_words(ret, l, w);
- ret = (l - ((d * w) & BN_MASK2)) & BN_MASK2;
- a->d[i] = d;
- }
- if ((a->top > 0) && (a->d[a->top - 1] == 0))
- a->top--;
- ret >>= j;
- bn_check_top(a);
- return (ret);
-}
-
-int BN_add_word(BIGNUM *a, BN_ULONG w)
-{
- BN_ULONG l;
- int i;
-
- bn_check_top(a);
- w &= BN_MASK2;
-
- /* degenerate case: w is zero */
- if (!w)
- return 1;
- /* degenerate case: a is zero */
- if (BN_is_zero(a))
- return BN_set_word(a, w);
- /* handle 'a' when negative */
- if (a->neg) {
- a->neg = 0;
- i = BN_sub_word(a, w);
- if (!BN_is_zero(a))
- a->neg = !(a->neg);
- return (i);
- }
- for (i = 0; w != 0 && i < a->top; i++) {
- a->d[i] = l = (a->d[i] + w) & BN_MASK2;
- w = (w > l) ? 1 : 0;
- }
- if (w && i == a->top) {
- if (bn_wexpand(a, a->top + 1) == NULL)
- return 0;
- a->top++;
- a->d[i] = w;
- }
- bn_check_top(a);
- return (1);
-}
-
-int BN_sub_word(BIGNUM *a, BN_ULONG w)
-{
- int i;
-
- bn_check_top(a);
- w &= BN_MASK2;
-
- /* degenerate case: w is zero */
- if (!w)
- return 1;
- /* degenerate case: a is zero */
- if (BN_is_zero(a)) {
- i = BN_set_word(a, w);
- if (i != 0)
- BN_set_negative(a, 1);
- return i;
- }
- /* handle 'a' when negative */
- if (a->neg) {
- a->neg = 0;
- i = BN_add_word(a, w);
- a->neg = 1;
- return (i);
- }
-
- if ((a->top == 1) && (a->d[0] < w)) {
- a->d[0] = w - a->d[0];
- a->neg = 1;
- return (1);
- }
- i = 0;
- for (;;) {
- if (a->d[i] >= w) {
- a->d[i] -= w;
- break;
- } else {
- a->d[i] = (a->d[i] - w) & BN_MASK2;
- i++;
- w = 1;
- }
- }
- if ((a->d[i] == 0) && (i == (a->top - 1)))
- a->top--;
- bn_check_top(a);
- return (1);
-}
-
-int BN_mul_word(BIGNUM *a, BN_ULONG w)
-{
- BN_ULONG ll;
-
- bn_check_top(a);
- w &= BN_MASK2;
- if (a->top) {
- if (w == 0)
- BN_zero(a);
- else {
- ll = bn_mul_words(a->d, a->d, a->top, w);
- if (ll) {
- if (bn_wexpand(a, a->top + 1) == NULL)
- return (0);
- a->d[a->top++] = ll;
- }
- }
- }
- bn_check_top(a);
- return (1);
-}
diff --git a/thirdparty/openssl/crypto/bn/bn_x931p.c b/thirdparty/openssl/crypto/bn/bn_x931p.c
deleted file mode 100644
index efa48bdf87..0000000000
--- a/thirdparty/openssl/crypto/bn/bn_x931p.c
+++ /dev/null
@@ -1,277 +0,0 @@
-/* bn_x931p.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-
-/* X9.31 routines for prime derivation */
-
-/*
- * X9.31 prime derivation. This is used to generate the primes pi (p1, p2,
- * q1, q2) from a parameter Xpi by checking successive odd integers.
- */
-
-static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
- BN_GENCB *cb)
-{
- int i = 0;
- if (!BN_copy(pi, Xpi))
- return 0;
- if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
- return 0;
- for (;;) {
- i++;
- BN_GENCB_call(cb, 0, i);
- /* NB 27 MR is specificed in X9.31 */
- if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb))
- break;
- if (!BN_add_word(pi, 2))
- return 0;
- }
- BN_GENCB_call(cb, 2, i);
- return 1;
-}
-
-/*
- * This is the main X9.31 prime derivation function. From parameters Xp1, Xp2
- * and Xp derive the prime p. If the parameters p1 or p2 are not NULL they
- * will be returned too: this is needed for testing.
- */
-
-int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
- const BIGNUM *Xp, const BIGNUM *Xp1,
- const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
- BN_GENCB *cb)
-{
- int ret = 0;
-
- BIGNUM *t, *p1p2, *pm1;
-
- /* Only even e supported */
- if (!BN_is_odd(e))
- return 0;
-
- BN_CTX_start(ctx);
- if (!p1)
- p1 = BN_CTX_get(ctx);
-
- if (!p2)
- p2 = BN_CTX_get(ctx);
-
- t = BN_CTX_get(ctx);
-
- p1p2 = BN_CTX_get(ctx);
-
- pm1 = BN_CTX_get(ctx);
-
- if (!bn_x931_derive_pi(p1, Xp1, ctx, cb))
- goto err;
-
- if (!bn_x931_derive_pi(p2, Xp2, ctx, cb))
- goto err;
-
- if (!BN_mul(p1p2, p1, p2, ctx))
- goto err;
-
- /* First set p to value of Rp */
-
- if (!BN_mod_inverse(p, p2, p1, ctx))
- goto err;
-
- if (!BN_mul(p, p, p2, ctx))
- goto err;
-
- if (!BN_mod_inverse(t, p1, p2, ctx))
- goto err;
-
- if (!BN_mul(t, t, p1, ctx))
- goto err;
-
- if (!BN_sub(p, p, t))
- goto err;
-
- if (p->neg && !BN_add(p, p, p1p2))
- goto err;
-
- /* p now equals Rp */
-
- if (!BN_mod_sub(p, p, Xp, p1p2, ctx))
- goto err;
-
- if (!BN_add(p, p, Xp))
- goto err;
-
- /* p now equals Yp0 */
-
- for (;;) {
- int i = 1;
- BN_GENCB_call(cb, 0, i++);
- if (!BN_copy(pm1, p))
- goto err;
- if (!BN_sub_word(pm1, 1))
- goto err;
- if (!BN_gcd(t, pm1, e, ctx))
- goto err;
- if (BN_is_one(t)
- /*
- * X9.31 specifies 8 MR and 1 Lucas test or any prime test
- * offering similar or better guarantees 50 MR is considerably
- * better.
- */
- && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
- break;
- if (!BN_add(p, p, p1p2))
- goto err;
- }
-
- BN_GENCB_call(cb, 3, 0);
-
- ret = 1;
-
- err:
-
- BN_CTX_end(ctx);
-
- return ret;
-}
-
-/*
- * Generate pair of paramters Xp, Xq for X9.31 prime generation. Note: nbits
- * paramter is sum of number of bits in both.
- */
-
-int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
-{
- BIGNUM *t;
- int i;
- /*
- * Number of bits for each prime is of the form 512+128s for s = 0, 1,
- * ...
- */
- if ((nbits < 1024) || (nbits & 0xff))
- return 0;
- nbits >>= 1;
- /*
- * The random value Xp must be between sqrt(2) * 2^(nbits-1) and 2^nbits
- * - 1. By setting the top two bits we ensure that the lower bound is
- * exceeded.
- */
- if (!BN_rand(Xp, nbits, 1, 0))
- goto err;
-
- BN_CTX_start(ctx);
- t = BN_CTX_get(ctx);
-
- for (i = 0; i < 1000; i++) {
- if (!BN_rand(Xq, nbits, 1, 0))
- goto err;
- /* Check that |Xp - Xq| > 2^(nbits - 100) */
- BN_sub(t, Xp, Xq);
- if (BN_num_bits(t) > (nbits - 100))
- break;
- }
-
- BN_CTX_end(ctx);
-
- if (i < 1000)
- return 1;
-
- return 0;
-
- err:
- BN_CTX_end(ctx);
- return 0;
-}
-
-/*
- * Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1 and
- * Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL the
- * relevant parameter will be stored in it. Due to the fact that |Xp - Xq| >
- * 2^(nbits - 100) must be satisfied Xp and Xq are generated using the
- * previous function and supplied as input.
- */
-
-int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
- BIGNUM *Xp1, BIGNUM *Xp2,
- const BIGNUM *Xp,
- const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)
-{
- int ret = 0;
-
- BN_CTX_start(ctx);
- if (!Xp1)
- Xp1 = BN_CTX_get(ctx);
- if (!Xp2)
- Xp2 = BN_CTX_get(ctx);
-
- if (!BN_rand(Xp1, 101, 0, 0))
- goto error;
- if (!BN_rand(Xp2, 101, 0, 0))
- goto error;
- if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
- goto error;
-
- ret = 1;
-
- error:
- BN_CTX_end(ctx);
-
- return ret;
-
-}
diff --git a/thirdparty/openssl/crypto/bn/bnspeed.c b/thirdparty/openssl/crypto/bn/bnspeed.c
deleted file mode 100644
index e387fdfbc2..0000000000
--- a/thirdparty/openssl/crypto/bn/bnspeed.c
+++ /dev/null
@@ -1,232 +0,0 @@
-/* unused */
-
-/* crypto/bn/bnspeed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* most of this code has been pilfered from my libdes speed.c program */
-
-#define BASENUM 1000000
-#undef PROG
-#define PROG bnspeed_main
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <signal.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-# define TIMES
-#endif
-
-#ifndef _IRIX
-# include <time.h>
-#endif
-#ifdef TIMES
-# include <sys/types.h>
-# include <sys/times.h>
-#endif
-
-/*
- * Depending on the VMS version, the tms structure is perhaps defined. The
- * __TMS macro will show if it was. If it wasn't defined, we should undefine
- * TIMES, since that tells the rest of the program how things should be
- * handled. -- Richard Levitte
- */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-# undef TIMES
-#endif
-
-#ifndef TIMES
-# include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-# define _POSIX_SOURCE
-# include <limits.h>
-# include <sys/param.h>
-#endif
-
-#include <openssl/bn.h>
-#include <openssl/x509.h>
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-# define HZ 100.0
-# else /* _BSD_CLK_TCK_ */
-# define HZ ((double)_BSD_CLK_TCK_)
-# endif
-# else /* CLK_TCK */
-# define HZ ((double)CLK_TCK)
-# endif
-#endif
-
-#undef BUFSIZE
-#define BUFSIZE ((long)1024*8)
-int run = 0;
-
-static double Time_F(int s);
-#define START 0
-#define STOP 1
-
-static double Time_F(int s)
-{
- double ret;
-#ifdef TIMES
- static struct tms tstart, tend;
-
- if (s == START) {
- times(&tstart);
- return (0);
- } else {
- times(&tend);
- ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
- return ((ret < 1e-3) ? 1e-3 : ret);
- }
-#else /* !times() */
- static struct timeb tstart, tend;
- long i;
-
- if (s == START) {
- ftime(&tstart);
- return (0);
- } else {
- ftime(&tend);
- i = (long)tend.millitm - (long)tstart.millitm;
- ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1000.0;
- return ((ret < 0.001) ? 0.001 : ret);
- }
-#endif
-}
-
-#define NUM_SIZES 5
-static int sizes[NUM_SIZES] = { 128, 256, 512, 1024, 2048 };
-
-/*
- * static int sizes[NUM_SIZES]={59,179,299,419,539};
- */
-
-void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-
-int main(int argc, char **argv)
-{
- BN_CTX *ctx;
- BIGNUM a, b, c;
-
- ctx = BN_CTX_new();
- BN_init(&a);
- BN_init(&b);
- BN_init(&c);
-
- do_mul(&a, &b, &c, ctx);
-}
-
-void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
-{
- int i, j, k;
- double tm;
- long num;
-
- for (i = 0; i < NUM_SIZES; i++) {
- num = BASENUM;
- if (i)
- num /= (i * 3);
- BN_rand(a, sizes[i], 1, 0);
- for (j = i; j < NUM_SIZES; j++) {
- BN_rand(b, sizes[j], 1, 0);
- Time_F(START);
- for (k = 0; k < num; k++)
- BN_mul(r, b, a, ctx);
- tm = Time_F(STOP);
- printf("mul %4d x %4d -> %8.3fms\n", sizes[i], sizes[j],
- tm * 1000.0 / num);
- }
- }
-
- for (i = 0; i < NUM_SIZES; i++) {
- num = BASENUM;
- if (i)
- num /= (i * 3);
- BN_rand(a, sizes[i], 1, 0);
- Time_F(START);
- for (k = 0; k < num; k++)
- BN_sqr(r, a, ctx);
- tm = Time_F(STOP);
- printf("sqr %4d x %4d -> %8.3fms\n", sizes[i], sizes[i],
- tm * 1000.0 / num);
- }
-
- for (i = 0; i < NUM_SIZES; i++) {
- num = BASENUM / 10;
- if (i)
- num /= (i * 3);
- BN_rand(a, sizes[i] - 1, 1, 0);
- for (j = i; j < NUM_SIZES; j++) {
- BN_rand(b, sizes[j], 1, 0);
- Time_F(START);
- for (k = 0; k < 100000; k++)
- BN_div(r, NULL, b, a, ctx);
- tm = Time_F(STOP);
- printf("div %4d / %4d -> %8.3fms\n", sizes[j], sizes[i] - 1,
- tm * 1000.0 / num);
- }
- }
-}
diff --git a/thirdparty/openssl/crypto/bn/exp.c b/thirdparty/openssl/crypto/bn/exp.c
deleted file mode 100644
index fbce28c5be..0000000000
--- a/thirdparty/openssl/crypto/bn/exp.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/* unused */
-
-#include <stdio.h>
-#include <openssl/tmdiff.h>
-#include "bn_lcl.h"
-
-#define SIZE 256
-#define NUM (8*8*8)
-#define MOD (8*8*8*8*8)
-
-main(argc, argv)
-int argc;
-char *argv[];
-{
- BN_CTX ctx;
- BIGNUM a, b, c, r, rr, t, l;
- int j, i, size = SIZE, num = NUM, mod = MOD;
- char *start, *end;
- BN_MONT_CTX mont;
- double d, md;
-
- BN_MONT_CTX_init(&mont);
- BN_CTX_init(&ctx);
- BN_init(&a);
- BN_init(&b);
- BN_init(&c);
- BN_init(&r);
-
- start = ms_time_new();
- end = ms_time_new();
- while (size <= 1024 * 8) {
- BN_rand(&a, size, 0, 0);
- BN_rand(&b, size, 1, 0);
- BN_rand(&c, size, 0, 1);
-
- BN_mod(&a, &a, &c, &ctx);
-
- ms_time_get(start);
- for (i = 0; i < 10; i++)
- BN_MONT_CTX_set(&mont, &c, &ctx);
- ms_time_get(end);
- md = ms_time_diff(start, end);
-
- ms_time_get(start);
- for (i = 0; i < num; i++) {
- /* bn_mull(&r,&a,&b,&ctx); */
- /* BN_sqr(&r,&a,&ctx); */
- BN_mod_exp_mont(&r, &a, &b, &c, &ctx, &mont);
- }
- ms_time_get(end);
- d = ms_time_diff(start, end) /* *50/33 */ ;
- printf("%5d bit:%6.2f %6d %6.4f %4d m_set(%5.4f)\n", size,
- d, num, d / num, (int)((d / num) * mod), md / 10.0);
- num /= 8;
- mod /= 8;
- if (num <= 0)
- num = 1;
- size *= 2;
- }
-
-}
diff --git a/thirdparty/openssl/crypto/bn/expspeed.c b/thirdparty/openssl/crypto/bn/expspeed.c
deleted file mode 100644
index 513a568a48..0000000000
--- a/thirdparty/openssl/crypto/bn/expspeed.c
+++ /dev/null
@@ -1,381 +0,0 @@
-/* unused */
-
-/* crypto/bn/expspeed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* most of this code has been pilfered from my libdes speed.c program */
-
-#define BASENUM 5000
-#define NUM_START 0
-
-/*
- * determine timings for modexp, modmul, modsqr, gcd, Kronecker symbol,
- * modular inverse, or modular square roots
- */
-#define TEST_EXP
-#undef TEST_MUL
-#undef TEST_SQR
-#undef TEST_GCD
-#undef TEST_KRON
-#undef TEST_INV
-#undef TEST_SQRT
-#define P_MOD_64 9 /* least significant 6 bits for prime to be
- * used for BN_sqrt timings */
-
-#if defined(TEST_EXP) + defined(TEST_MUL) + defined(TEST_SQR) + defined(TEST_GCD) + defined(TEST_KRON) + defined(TEST_INV) +defined(TEST_SQRT) != 1
-# error "choose one test"
-#endif
-
-#if defined(TEST_INV) || defined(TEST_SQRT)
-# define C_PRIME
-static void genprime_cb(int p, int n, void *arg);
-#endif
-
-#undef PROG
-#define PROG bnspeed_main
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <signal.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-# define TIMES
-#endif
-
-#ifndef _IRIX
-# include <time.h>
-#endif
-#ifdef TIMES
-# include <sys/types.h>
-# include <sys/times.h>
-#endif
-
-/*
- * Depending on the VMS version, the tms structure is perhaps defined. The
- * __TMS macro will show if it was. If it wasn't defined, we should undefine
- * TIMES, since that tells the rest of the program how things should be
- * handled. -- Richard Levitte
- */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-# undef TIMES
-#endif
-
-#ifndef TIMES
-# include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-# define _POSIX_SOURCE
-# include <limits.h>
-# include <sys/param.h>
-#endif
-
-#include <openssl/bn.h>
-#include <openssl/x509.h>
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-# define HZ 100.0
-# else /* _BSD_CLK_TCK_ */
-# define HZ ((double)_BSD_CLK_TCK_)
-# endif
-# else /* CLK_TCK */
-# define HZ ((double)CLK_TCK)
-# endif
-#endif
-
-#undef BUFSIZE
-#define BUFSIZE ((long)1024*8)
-int run = 0;
-
-static double Time_F(int s);
-#define START 0
-#define STOP 1
-
-static double Time_F(int s)
-{
- double ret;
-#ifdef TIMES
- static struct tms tstart, tend;
-
- if (s == START) {
- times(&tstart);
- return (0);
- } else {
- times(&tend);
- ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
- return ((ret < 1e-3) ? 1e-3 : ret);
- }
-#else /* !times() */
- static struct timeb tstart, tend;
- long i;
-
- if (s == START) {
- ftime(&tstart);
- return (0);
- } else {
- ftime(&tend);
- i = (long)tend.millitm - (long)tstart.millitm;
- ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1000.0;
- return ((ret < 0.001) ? 0.001 : ret);
- }
-#endif
-}
-
-#define NUM_SIZES 7
-#if NUM_START > NUM_SIZES
-# error "NUM_START > NUM_SIZES"
-#endif
-static int sizes[NUM_SIZES] = { 128, 256, 512, 1024, 2048, 4096, 8192 };
-
-static int mul_c[NUM_SIZES] =
- { 8 * 8 * 8 * 8 * 8 * 8, 8 * 8 * 8 * 8 * 8, 8 * 8 * 8 * 8, 8 * 8 * 8,
- 8 * 8, 8, 1
-};
-
-/*
- * static int sizes[NUM_SIZES]={59,179,299,419,539};
- */
-
-#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof str); }
-
-void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx);
-
-int main(int argc, char **argv)
-{
- BN_CTX *ctx;
- BIGNUM *a, *b, *c, *r;
-
-#if 1
- if (!CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0))
- abort();
-#endif
-
- ctx = BN_CTX_new();
- a = BN_new();
- b = BN_new();
- c = BN_new();
- r = BN_new();
-
- while (!RAND_status())
- /* not enough bits */
- RAND_SEED("I demand a manual recount!");
-
- do_mul_exp(r, a, b, c, ctx);
- return 0;
-}
-
-void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
-{
- int i, k;
- double tm;
- long num;
-
- num = BASENUM;
- for (i = NUM_START; i < NUM_SIZES; i++) {
-#ifdef C_PRIME
-# ifdef TEST_SQRT
- if (!BN_set_word(a, 64))
- goto err;
- if (!BN_set_word(b, P_MOD_64))
- goto err;
-# define ADD a
-# define REM b
-# else
-# define ADD NULL
-# define REM NULL
-# endif
- if (!BN_generate_prime(c, sizes[i], 0, ADD, REM, genprime_cb, NULL))
- goto err;
- putc('\n', stderr);
- fflush(stderr);
-#endif
-
- for (k = 0; k < num; k++) {
- if (k % 50 == 0) { /* Average over num/50 different choices of
- * random numbers. */
- if (!BN_pseudo_rand(a, sizes[i], 1, 0))
- goto err;
-
- if (!BN_pseudo_rand(b, sizes[i], 1, 0))
- goto err;
-
-#ifndef C_PRIME
- if (!BN_pseudo_rand(c, sizes[i], 1, 1))
- goto err;
-#endif
-
-#ifdef TEST_SQRT
- if (!BN_mod_sqr(a, a, c, ctx))
- goto err;
- if (!BN_mod_sqr(b, b, c, ctx))
- goto err;
-#else
- if (!BN_nnmod(a, a, c, ctx))
- goto err;
- if (!BN_nnmod(b, b, c, ctx))
- goto err;
-#endif
-
- if (k == 0)
- Time_F(START);
- }
-#if defined(TEST_EXP)
- if (!BN_mod_exp(r, a, b, c, ctx))
- goto err;
-#elif defined(TEST_MUL)
- {
- int i = 0;
- for (i = 0; i < 50; i++)
- if (!BN_mod_mul(r, a, b, c, ctx))
- goto err;
- }
-#elif defined(TEST_SQR)
- {
- int i = 0;
- for (i = 0; i < 50; i++) {
- if (!BN_mod_sqr(r, a, c, ctx))
- goto err;
- if (!BN_mod_sqr(r, b, c, ctx))
- goto err;
- }
- }
-#elif defined(TEST_GCD)
- if (!BN_gcd(r, a, b, ctx))
- goto err;
- if (!BN_gcd(r, b, c, ctx))
- goto err;
- if (!BN_gcd(r, c, a, ctx))
- goto err;
-#elif defined(TEST_KRON)
- if (-2 == BN_kronecker(a, b, ctx))
- goto err;
- if (-2 == BN_kronecker(b, c, ctx))
- goto err;
- if (-2 == BN_kronecker(c, a, ctx))
- goto err;
-#elif defined(TEST_INV)
- if (!BN_mod_inverse(r, a, c, ctx))
- goto err;
- if (!BN_mod_inverse(r, b, c, ctx))
- goto err;
-#else /* TEST_SQRT */
- if (!BN_mod_sqrt(r, a, c, ctx))
- goto err;
- if (!BN_mod_sqrt(r, b, c, ctx))
- goto err;
-#endif
- }
- tm = Time_F(STOP);
- printf(
-#if defined(TEST_EXP)
- "modexp %4d ^ %4d %% %4d"
-#elif defined(TEST_MUL)
- "50*modmul %4d %4d %4d"
-#elif defined(TEST_SQR)
- "100*modsqr %4d %4d %4d"
-#elif defined(TEST_GCD)
- "3*gcd %4d %4d %4d"
-#elif defined(TEST_KRON)
- "3*kronecker %4d %4d %4d"
-#elif defined(TEST_INV)
- "2*inv %4d %4d mod %4d"
-#else /* TEST_SQRT */
- "2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d"
-#endif
- " -> %8.6fms %5.1f (%ld)\n",
-#ifdef TEST_SQRT
- P_MOD_64,
-#endif
- sizes[i], sizes[i], sizes[i], tm * 1000.0 / num,
- tm * mul_c[i] / num, num);
- num /= 7;
- if (num <= 0)
- num = 1;
- }
- return;
-
- err:
- ERR_print_errors_fp(stderr);
-}
-
-#ifdef C_PRIME
-static void genprime_cb(int p, int n, void *arg)
-{
- char c = '*';
-
- if (p == 0)
- c = '.';
- if (p == 1)
- c = '+';
- if (p == 2)
- c = '*';
- if (p == 3)
- c = '\n';
- putc(c, stderr);
- fflush(stderr);
- (void)n;
- (void)arg;
-}
-#endif
diff --git a/thirdparty/openssl/crypto/bn/rsaz_exp.c b/thirdparty/openssl/crypto/bn/rsaz_exp.c
deleted file mode 100644
index c54c6feb51..0000000000
--- a/thirdparty/openssl/crypto/bn/rsaz_exp.c
+++ /dev/null
@@ -1,346 +0,0 @@
-/*****************************************************************************
-* *
-* Copyright (c) 2012, Intel Corporation *
-* *
-* All rights reserved. *
-* *
-* Redistribution and use in source and binary forms, with or without *
-* modification, are permitted provided that the following conditions are *
-* met: *
-* *
-* * Redistributions of source code must retain the above copyright *
-* notice, this list of conditions and the following disclaimer. *
-* *
-* * Redistributions in binary form must reproduce the above copyright *
-* notice, this list of conditions and the following disclaimer in the *
-* documentation and/or other materials provided with the *
-* distribution. *
-* *
-* * Neither the name of the Intel Corporation nor the names of its *
-* contributors may be used to endorse or promote products derived from *
-* this software without specific prior written permission. *
-* *
-* *
-* THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY *
-* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
-* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR *
-* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR *
-* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, *
-* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, *
-* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR *
-* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF *
-* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING *
-* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS *
-* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *
-* *
-******************************************************************************
-* Developers and authors: *
-* Shay Gueron (1, 2), and Vlad Krasnov (1) *
-* (1) Intel Corporation, Israel Development Center, Haifa, Israel *
-* (2) University of Haifa, Israel *
-*****************************************************************************/
-
-#include "rsaz_exp.h"
-
-#ifdef RSAZ_ENABLED
-
-/*
- * See crypto/bn/asm/rsaz-avx2.pl for further details.
- */
-void rsaz_1024_norm2red_avx2(void *red, const void *norm);
-void rsaz_1024_mul_avx2(void *ret, const void *a, const void *b,
- const void *n, BN_ULONG k);
-void rsaz_1024_sqr_avx2(void *ret, const void *a, const void *n, BN_ULONG k,
- int cnt);
-void rsaz_1024_scatter5_avx2(void *tbl, const void *val, int i);
-void rsaz_1024_gather5_avx2(void *val, const void *tbl, int i);
-void rsaz_1024_red2norm_avx2(void *norm, const void *red);
-
-#if defined(__GNUC__)
-# define ALIGN64 __attribute__((aligned(64)))
-#elif defined(_MSC_VER)
-# define ALIGN64 __declspec(align(64))
-#elif defined(__SUNPRO_C)
-# define ALIGN64
-# pragma align 64(one,two80)
-#else
-/* not fatal, might hurt performance a little */
-# define ALIGN64
-#endif
-
-ALIGN64 static const BN_ULONG one[40] = {
- 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-ALIGN64 static const BN_ULONG two80[40] = {
- 0, 0, 1 << 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
- const BN_ULONG base_norm[16],
- const BN_ULONG exponent[16],
- const BN_ULONG m_norm[16], const BN_ULONG RR[16],
- BN_ULONG k0)
-{
- unsigned char storage[320 * 3 + 32 * 9 * 16 + 64]; /* 5.5KB */
- unsigned char *p_str = storage + (64 - ((size_t)storage % 64));
- unsigned char *a_inv, *m, *result;
- unsigned char *table_s = p_str + 320 * 3;
- unsigned char *R2 = table_s; /* borrow */
- int index;
- int wvalue;
-
- if ((((size_t)p_str & 4095) + 320) >> 12) {
- result = p_str;
- a_inv = p_str + 320;
- m = p_str + 320 * 2; /* should not cross page */
- } else {
- m = p_str; /* should not cross page */
- result = p_str + 320;
- a_inv = p_str + 320 * 2;
- }
-
- rsaz_1024_norm2red_avx2(m, m_norm);
- rsaz_1024_norm2red_avx2(a_inv, base_norm);
- rsaz_1024_norm2red_avx2(R2, RR);
-
- rsaz_1024_mul_avx2(R2, R2, R2, m, k0);
- rsaz_1024_mul_avx2(R2, R2, two80, m, k0);
-
- /* table[0] = 1 */
- rsaz_1024_mul_avx2(result, R2, one, m, k0);
- /* table[1] = a_inv^1 */
- rsaz_1024_mul_avx2(a_inv, a_inv, R2, m, k0);
-
- rsaz_1024_scatter5_avx2(table_s, result, 0);
- rsaz_1024_scatter5_avx2(table_s, a_inv, 1);
-
- /* table[2] = a_inv^2 */
- rsaz_1024_sqr_avx2(result, a_inv, m, k0, 1);
- rsaz_1024_scatter5_avx2(table_s, result, 2);
-#if 0
- /* this is almost 2x smaller and less than 1% slower */
- for (index = 3; index < 32; index++) {
- rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
- rsaz_1024_scatter5_avx2(table_s, result, index);
- }
-#else
- /* table[4] = a_inv^4 */
- rsaz_1024_sqr_avx2(result, result, m, k0, 1);
- rsaz_1024_scatter5_avx2(table_s, result, 4);
- /* table[8] = a_inv^8 */
- rsaz_1024_sqr_avx2(result, result, m, k0, 1);
- rsaz_1024_scatter5_avx2(table_s, result, 8);
- /* table[16] = a_inv^16 */
- rsaz_1024_sqr_avx2(result, result, m, k0, 1);
- rsaz_1024_scatter5_avx2(table_s, result, 16);
- /* table[17] = a_inv^17 */
- rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
- rsaz_1024_scatter5_avx2(table_s, result, 17);
-
- /* table[3] */
- rsaz_1024_gather5_avx2(result, table_s, 2);
- rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
- rsaz_1024_scatter5_avx2(table_s, result, 3);
- /* table[6] */
- rsaz_1024_sqr_avx2(result, result, m, k0, 1);
- rsaz_1024_scatter5_avx2(table_s, result, 6);
- /* table[12] */
- rsaz_1024_sqr_avx2(result, result, m, k0, 1);
- rsaz_1024_scatter5_avx2(table_s, result, 12);
- /* table[24] */
- rsaz_1024_sqr_avx2(result, result, m, k0, 1);
- rsaz_1024_scatter5_avx2(table_s, result, 24);
- /* table[25] */
- rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
- rsaz_1024_scatter5_avx2(table_s, result, 25);
-
- /* table[5] */
- rsaz_1024_gather5_avx2(result, table_s, 4);
- rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
- rsaz_1024_scatter5_avx2(table_s, result, 5);
- /* table[10] */
- rsaz_1024_sqr_avx2(result, result, m, k0, 1);
- rsaz_1024_scatter5_avx2(table_s, result, 10);
- /* table[20] */
- rsaz_1024_sqr_avx2(result, result, m, k0, 1);
- rsaz_1024_scatter5_avx2(table_s, result, 20);
- /* table[21] */
- rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
- rsaz_1024_scatter5_avx2(table_s, result, 21);
-
- /* table[7] */
- rsaz_1024_gather5_avx2(result, table_s, 6);
- rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
- rsaz_1024_scatter5_avx2(table_s, result, 7);
- /* table[14] */
- rsaz_1024_sqr_avx2(result, result, m, k0, 1);
- rsaz_1024_scatter5_avx2(table_s, result, 14);
- /* table[28] */
- rsaz_1024_sqr_avx2(result, result, m, k0, 1);
- rsaz_1024_scatter5_avx2(table_s, result, 28);
- /* table[29] */
- rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
- rsaz_1024_scatter5_avx2(table_s, result, 29);
-
- /* table[9] */
- rsaz_1024_gather5_avx2(result, table_s, 8);
- rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
- rsaz_1024_scatter5_avx2(table_s, result, 9);
- /* table[18] */
- rsaz_1024_sqr_avx2(result, result, m, k0, 1);
- rsaz_1024_scatter5_avx2(table_s, result, 18);
- /* table[19] */
- rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
- rsaz_1024_scatter5_avx2(table_s, result, 19);
-
- /* table[11] */
- rsaz_1024_gather5_avx2(result, table_s, 10);
- rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
- rsaz_1024_scatter5_avx2(table_s, result, 11);
- /* table[22] */
- rsaz_1024_sqr_avx2(result, result, m, k0, 1);
- rsaz_1024_scatter5_avx2(table_s, result, 22);
- /* table[23] */
- rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
- rsaz_1024_scatter5_avx2(table_s, result, 23);
-
- /* table[13] */
- rsaz_1024_gather5_avx2(result, table_s, 12);
- rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
- rsaz_1024_scatter5_avx2(table_s, result, 13);
- /* table[26] */
- rsaz_1024_sqr_avx2(result, result, m, k0, 1);
- rsaz_1024_scatter5_avx2(table_s, result, 26);
- /* table[27] */
- rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
- rsaz_1024_scatter5_avx2(table_s, result, 27);
-
- /* table[15] */
- rsaz_1024_gather5_avx2(result, table_s, 14);
- rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
- rsaz_1024_scatter5_avx2(table_s, result, 15);
- /* table[30] */
- rsaz_1024_sqr_avx2(result, result, m, k0, 1);
- rsaz_1024_scatter5_avx2(table_s, result, 30);
- /* table[31] */
- rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
- rsaz_1024_scatter5_avx2(table_s, result, 31);
-#endif
-
- /* load first window */
- p_str = (unsigned char *)exponent;
- wvalue = p_str[127] >> 3;
- rsaz_1024_gather5_avx2(result, table_s, wvalue);
-
- index = 1014;
-
- while (index > -1) { /* loop for the remaining 127 windows */
-
- rsaz_1024_sqr_avx2(result, result, m, k0, 5);
-
- wvalue = *((unsigned short *)&p_str[index / 8]);
- wvalue = (wvalue >> (index % 8)) & 31;
- index -= 5;
-
- rsaz_1024_gather5_avx2(a_inv, table_s, wvalue); /* borrow a_inv */
- rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
- }
-
- /* square four times */
- rsaz_1024_sqr_avx2(result, result, m, k0, 4);
-
- wvalue = p_str[0] & 15;
-
- rsaz_1024_gather5_avx2(a_inv, table_s, wvalue); /* borrow a_inv */
- rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
-
- /* from Montgomery */
- rsaz_1024_mul_avx2(result, result, one, m, k0);
-
- rsaz_1024_red2norm_avx2(result_norm, result);
-
- OPENSSL_cleanse(storage, sizeof(storage));
-}
-
-/*
- * See crypto/bn/rsaz-x86_64.pl for further details.
- */
-void rsaz_512_mul(void *ret, const void *a, const void *b, const void *n,
- BN_ULONG k);
-void rsaz_512_mul_scatter4(void *ret, const void *a, const void *n,
- BN_ULONG k, const void *tbl, unsigned int power);
-void rsaz_512_mul_gather4(void *ret, const void *a, const void *tbl,
- const void *n, BN_ULONG k, unsigned int power);
-void rsaz_512_mul_by_one(void *ret, const void *a, const void *n, BN_ULONG k);
-void rsaz_512_sqr(void *ret, const void *a, const void *n, BN_ULONG k,
- int cnt);
-void rsaz_512_scatter4(void *tbl, const BN_ULONG *val, int power);
-void rsaz_512_gather4(BN_ULONG *val, const void *tbl, int power);
-
-void RSAZ_512_mod_exp(BN_ULONG result[8],
- const BN_ULONG base[8], const BN_ULONG exponent[8],
- const BN_ULONG m[8], BN_ULONG k0, const BN_ULONG RR[8])
-{
- unsigned char storage[16 * 8 * 8 + 64 * 2 + 64]; /* 1.2KB */
- unsigned char *table = storage + (64 - ((size_t)storage % 64));
- BN_ULONG *a_inv = (BN_ULONG *)(table + 16 * 8 * 8);
- BN_ULONG *temp = (BN_ULONG *)(table + 16 * 8 * 8 + 8 * 8);
- unsigned char *p_str = (unsigned char *)exponent;
- int index;
- unsigned int wvalue;
-
- /* table[0] = 1_inv */
- temp[0] = 0 - m[0];
- temp[1] = ~m[1];
- temp[2] = ~m[2];
- temp[3] = ~m[3];
- temp[4] = ~m[4];
- temp[5] = ~m[5];
- temp[6] = ~m[6];
- temp[7] = ~m[7];
- rsaz_512_scatter4(table, temp, 0);
-
- /* table [1] = a_inv^1 */
- rsaz_512_mul(a_inv, base, RR, m, k0);
- rsaz_512_scatter4(table, a_inv, 1);
-
- /* table [2] = a_inv^2 */
- rsaz_512_sqr(temp, a_inv, m, k0, 1);
- rsaz_512_scatter4(table, temp, 2);
-
- for (index = 3; index < 16; index++)
- rsaz_512_mul_scatter4(temp, a_inv, m, k0, table, index);
-
- /* load first window */
- wvalue = p_str[63];
-
- rsaz_512_gather4(temp, table, wvalue >> 4);
- rsaz_512_sqr(temp, temp, m, k0, 4);
- rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue & 0xf);
-
- for (index = 62; index >= 0; index--) {
- wvalue = p_str[index];
-
- rsaz_512_sqr(temp, temp, m, k0, 4);
- rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue >> 4);
-
- rsaz_512_sqr(temp, temp, m, k0, 4);
- rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue & 0x0f);
- }
-
- /* from Montgomery */
- rsaz_512_mul_by_one(result, temp, m, k0);
-
- OPENSSL_cleanse(storage, sizeof(storage));
-}
-
-#else
-
-# if defined(PEDANTIC) || defined(__DECC) || defined(__clang__)
-static void *dummy = &dummy;
-# endif
-
-#endif
diff --git a/thirdparty/openssl/crypto/bn/rsaz_exp.h b/thirdparty/openssl/crypto/bn/rsaz_exp.h
deleted file mode 100644
index 229e181f67..0000000000
--- a/thirdparty/openssl/crypto/bn/rsaz_exp.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/*****************************************************************************
-* *
-* Copyright (c) 2012, Intel Corporation *
-* *
-* All rights reserved. *
-* *
-* Redistribution and use in source and binary forms, with or without *
-* modification, are permitted provided that the following conditions are *
-* met: *
-* *
-* * Redistributions of source code must retain the above copyright *
-* notice, this list of conditions and the following disclaimer. *
-* *
-* * Redistributions in binary form must reproduce the above copyright *
-* notice, this list of conditions and the following disclaimer in the *
-* documentation and/or other materials provided with the *
-* distribution. *
-* *
-* * Neither the name of the Intel Corporation nor the names of its *
-* contributors may be used to endorse or promote products derived from *
-* this software without specific prior written permission. *
-* *
-* *
-* THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY *
-* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
-* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR *
-* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR *
-* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, *
-* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, *
-* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR *
-* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF *
-* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING *
-* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS *
-* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *
-* *
-******************************************************************************
-* Developers and authors: *
-* Shay Gueron (1, 2), and Vlad Krasnov (1) *
-* (1) Intel Corporation, Israel Development Center, Haifa, Israel *
-* (2) University of Haifa, Israel *
-*****************************************************************************/
-
-#ifndef RSAZ_EXP_H
-# define RSAZ_EXP_H
-
-# undef RSAZ_ENABLED
-# if defined(OPENSSL_BN_ASM_MONT) && \
- (defined(__x86_64) || defined(__x86_64__) || \
- defined(_M_AMD64) || defined(_M_X64))
-# define RSAZ_ENABLED
-
-# include <openssl/bn.h>
-
-void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16],
- const BN_ULONG base_norm[16],
- const BN_ULONG exponent[16],
- const BN_ULONG m_norm[16], const BN_ULONG RR[16],
- BN_ULONG k0);
-int rsaz_avx2_eligible();
-
-void RSAZ_512_mod_exp(BN_ULONG result[8],
- const BN_ULONG base_norm[8], const BN_ULONG exponent[8],
- const BN_ULONG m_norm[8], BN_ULONG k0,
- const BN_ULONG RR[8]);
-
-# endif
-
-#endif
diff --git a/thirdparty/openssl/crypto/bn/todo b/thirdparty/openssl/crypto/bn/todo
deleted file mode 100644
index e47e381aea..0000000000
--- a/thirdparty/openssl/crypto/bn/todo
+++ /dev/null
@@ -1,3 +0,0 @@
-Cache RECP_CTX values
-make the result argument independant of the inputs.
-split up the _exp_ functions
diff --git a/thirdparty/openssl/crypto/bn/vms-helper.c b/thirdparty/openssl/crypto/bn/vms-helper.c
deleted file mode 100644
index f342e90cbf..0000000000
--- a/thirdparty/openssl/crypto/bn/vms-helper.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/* vms-helper.c */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-bn_div_words_abort(int i)
-{
-#ifdef BN_DEBUG
-# if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
- fprintf(stderr, "Division would overflow (%d)\n", i);
-# endif
- abort();
-#endif
-}