mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
AppleM1: Update openssl to v1.1.1l
This commit is contained in:
parent
1fe12b8e8c
commit
b787656eea
990 changed files with 13406 additions and 18710 deletions
|
@ -188,7 +188,7 @@ B<a> and the 2*B<n> word arrays B<tmp> and B<r>.
|
|||
|
||||
The implementations use the following macros which, depending on the
|
||||
architecture, may use "long long" C operations or inline assembler.
|
||||
They are defined in C<bn_lcl.h>.
|
||||
They are defined in C<bn_local.h>.
|
||||
|
||||
mul(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<c> and places the
|
||||
low word of the result in B<r> and the high word in B<c>.
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -325,4 +325,4 @@ bn_mul_mont:
|
|||
___
|
||||
|
||||
print $code;
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -329,4 +329,4 @@ foreach (split("\n",$code)) {
|
|||
|
||||
print $_,"\n";
|
||||
}
|
||||
close STDOUT; # enforce flush
|
||||
close STDOUT or die "error closing STDOUT: $!"; # enforce flush
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -754,4 +754,4 @@ foreach (split("\n",$code)) {
|
|||
print $_,"\n";
|
||||
}
|
||||
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -1511,4 +1511,4 @@ ___
|
|||
|
||||
print $code;
|
||||
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -31,7 +31,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
|
|||
|
||||
&asm_finish();
|
||||
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
||||
sub bn_mul_add_words
|
||||
{
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -157,4 +157,4 @@ $code.=<<___;
|
|||
___
|
||||
|
||||
print $code;
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -22,7 +22,7 @@ open STDOUT,">$output";
|
|||
|
||||
&asm_finish();
|
||||
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
||||
sub mul_add_c
|
||||
{
|
||||
|
@ -39,17 +39,17 @@ sub mul_add_c
|
|||
|
||||
&mul("edx");
|
||||
&add($c0,"eax");
|
||||
&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # laod next a
|
||||
&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # load next a
|
||||
&mov("eax",&wparam(0)) if $pos > 0; # load r[]
|
||||
###
|
||||
&adc($c1,"edx");
|
||||
&mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0; # laod next b
|
||||
&mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1; # laod next b
|
||||
&mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0; # load next b
|
||||
&mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1; # load next b
|
||||
###
|
||||
&adc($c2,0);
|
||||
# is pos > 1, it means it is the last loop
|
||||
&mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0; # save r[];
|
||||
&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # laod next a
|
||||
&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next a
|
||||
}
|
||||
|
||||
sub sqr_add_c
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -857,4 +857,4 @@ ___
|
|||
|
||||
open STDOUT,">$output" if $output;
|
||||
print $code;
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -430,4 +430,4 @@ ___
|
|||
$code =~ s/\`([^\`]*)\`/eval $1/gem;
|
||||
|
||||
print $code;
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -89,7 +89,7 @@ if ($flavour =~ /64|n32/i) {
|
|||
$SZREG=4;
|
||||
$REG_S="sw";
|
||||
$REG_L="lw";
|
||||
$code=".set mips2\n";
|
||||
$code="#if !(defined (__mips_isa_rev) && (__mips_isa_rev >= 6))\n.set mips2\n#endif\n";
|
||||
}
|
||||
|
||||
# Below is N32/64 register layout used in the original module.
|
||||
|
@ -801,7 +801,7 @@ $code.=<<___;
|
|||
#if 0
|
||||
/*
|
||||
* The bn_div_3_words entry point is re-used for constant-time interface.
|
||||
* Implementation is retained as hystorical reference.
|
||||
* Implementation is retained as historical reference.
|
||||
*/
|
||||
.align 5
|
||||
.globl bn_div_3_words
|
||||
|
@ -2260,4 +2260,4 @@ $code.=<<___;
|
|||
.end bn_sqr_comba4
|
||||
___
|
||||
print $code;
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -1003,4 +1003,4 @@ foreach (split("\n",$code)) {
|
|||
|
||||
print $_,"\n";
|
||||
}
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -1987,4 +1987,4 @@ ___
|
|||
|
||||
$code =~ s/\`([^\`]*)\`/eval $1/gem;
|
||||
print $code;
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -258,6 +258,7 @@ $data=<<EOF;
|
|||
# .text section
|
||||
|
||||
.machine "any"
|
||||
.text
|
||||
|
||||
#
|
||||
# NOTE: The following label name should be changed to
|
||||
|
@ -2008,4 +2009,4 @@ Lppcasm_maw_adios:
|
|||
EOF
|
||||
$data =~ s/\`([^\`]*)\`/eval $1/gem;
|
||||
print $data;
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -1649,4 +1649,4 @@ ___
|
|||
|
||||
$code =~ s/\`([^\`]*)\`/eval $1/gem;
|
||||
print $code;
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright (c) 2012, Intel Corporation. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
|
@ -66,7 +66,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
|||
$addx = ($1>=11);
|
||||
}
|
||||
|
||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
|
||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+)\.([0-9]+)/) {
|
||||
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
|
||||
$avx = ($ver>=3.0) + ($ver>=3.01);
|
||||
$addx = ($ver>=3.03);
|
||||
|
@ -1979,4 +1979,4 @@ rsaz_1024_gather5_avx2:
|
|||
___
|
||||
}}}
|
||||
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright (c) 2012, Intel Corporation. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
|
@ -81,7 +81,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
|||
$addx = ($1>=12);
|
||||
}
|
||||
|
||||
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
|
||||
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) {
|
||||
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
|
||||
$addx = ($ver>=3.03);
|
||||
}
|
||||
|
@ -116,7 +116,7 @@ rsaz_512_sqr: # 25-29% faster than rsaz_512_mul
|
|||
subq \$128+24, %rsp
|
||||
.cfi_adjust_cfa_offset 128+24
|
||||
.Lsqr_body:
|
||||
movq $mod, %rbp # common argument
|
||||
movq $mod, %xmm1 # common off-load
|
||||
movq ($inp), %rdx
|
||||
movq 8($inp), %rax
|
||||
movq $n0, 128(%rsp)
|
||||
|
@ -134,7 +134,8 @@ $code.=<<___;
|
|||
.Loop_sqr:
|
||||
movl $times,128+8(%rsp)
|
||||
#first iteration
|
||||
movq %rdx, %rbx
|
||||
movq %rdx, %rbx # 0($inp)
|
||||
mov %rax, %rbp # 8($inp)
|
||||
mulq %rdx
|
||||
movq %rax, %r8
|
||||
movq 16($inp), %rax
|
||||
|
@ -173,31 +174,29 @@ $code.=<<___;
|
|||
mulq %rbx
|
||||
addq %rax, %r14
|
||||
movq %rbx, %rax
|
||||
movq %rdx, %r15
|
||||
adcq \$0, %r15
|
||||
adcq \$0, %rdx
|
||||
|
||||
addq %r8, %r8 #shlq \$1, %r8
|
||||
movq %r9, %rcx
|
||||
adcq %r9, %r9 #shld \$1, %r8, %r9
|
||||
xorq %rcx,%rcx # rcx:r8 = r8 << 1
|
||||
addq %r8, %r8
|
||||
movq %rdx, %r15
|
||||
adcq \$0, %rcx
|
||||
|
||||
mulq %rax
|
||||
movq %rax, (%rsp)
|
||||
addq %rdx, %r8
|
||||
adcq \$0, %r9
|
||||
addq %r8, %rdx
|
||||
adcq \$0, %rcx
|
||||
|
||||
movq %r8, 8(%rsp)
|
||||
shrq \$63, %rcx
|
||||
movq %rax, (%rsp)
|
||||
movq %rdx, 8(%rsp)
|
||||
|
||||
#second iteration
|
||||
movq 8($inp), %r8
|
||||
movq 16($inp), %rax
|
||||
mulq %r8
|
||||
mulq %rbp
|
||||
addq %rax, %r10
|
||||
movq 24($inp), %rax
|
||||
movq %rdx, %rbx
|
||||
adcq \$0, %rbx
|
||||
|
||||
mulq %r8
|
||||
mulq %rbp
|
||||
addq %rax, %r11
|
||||
movq 32($inp), %rax
|
||||
adcq \$0, %rdx
|
||||
|
@ -205,7 +204,7 @@ $code.=<<___;
|
|||
movq %rdx, %rbx
|
||||
adcq \$0, %rbx
|
||||
|
||||
mulq %r8
|
||||
mulq %rbp
|
||||
addq %rax, %r12
|
||||
movq 40($inp), %rax
|
||||
adcq \$0, %rdx
|
||||
|
@ -213,7 +212,7 @@ $code.=<<___;
|
|||
movq %rdx, %rbx
|
||||
adcq \$0, %rbx
|
||||
|
||||
mulq %r8
|
||||
mulq %rbp
|
||||
addq %rax, %r13
|
||||
movq 48($inp), %rax
|
||||
adcq \$0, %rdx
|
||||
|
@ -221,7 +220,7 @@ $code.=<<___;
|
|||
movq %rdx, %rbx
|
||||
adcq \$0, %rbx
|
||||
|
||||
mulq %r8
|
||||
mulq %rbp
|
||||
addq %rax, %r14
|
||||
movq 56($inp), %rax
|
||||
adcq \$0, %rdx
|
||||
|
@ -229,39 +228,39 @@ $code.=<<___;
|
|||
movq %rdx, %rbx
|
||||
adcq \$0, %rbx
|
||||
|
||||
mulq %r8
|
||||
mulq %rbp
|
||||
addq %rax, %r15
|
||||
movq %r8, %rax
|
||||
movq %rbp, %rax
|
||||
adcq \$0, %rdx
|
||||
addq %rbx, %r15
|
||||
movq %rdx, %r8
|
||||
movq %r10, %rdx
|
||||
adcq \$0, %r8
|
||||
adcq \$0, %rdx
|
||||
|
||||
add %rdx, %rdx
|
||||
lea (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10
|
||||
movq %r11, %rbx
|
||||
adcq %r11, %r11 #shld \$1, %r10, %r11
|
||||
xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1
|
||||
addq %r9, %r9
|
||||
movq %rdx, %r8
|
||||
adcq %r10, %r10
|
||||
adcq \$0, %rbx
|
||||
|
||||
mulq %rax
|
||||
# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
|
||||
addq %rcx, %rax
|
||||
movq 16($inp), %rbp
|
||||
addq %rax, %r9
|
||||
movq 24($inp), %rax
|
||||
adcq %rdx, %r10
|
||||
adcq \$0, %r11
|
||||
adcq \$0, %rbx
|
||||
|
||||
movq %r9, 16(%rsp)
|
||||
movq %r10, 24(%rsp)
|
||||
shrq \$63, %rbx
|
||||
|
||||
#third iteration
|
||||
movq 16($inp), %r9
|
||||
movq 24($inp), %rax
|
||||
mulq %r9
|
||||
mulq %rbp
|
||||
addq %rax, %r12
|
||||
movq 32($inp), %rax
|
||||
movq %rdx, %rcx
|
||||
adcq \$0, %rcx
|
||||
|
||||
mulq %r9
|
||||
mulq %rbp
|
||||
addq %rax, %r13
|
||||
movq 40($inp), %rax
|
||||
adcq \$0, %rdx
|
||||
|
@ -269,7 +268,7 @@ $code.=<<___;
|
|||
movq %rdx, %rcx
|
||||
adcq \$0, %rcx
|
||||
|
||||
mulq %r9
|
||||
mulq %rbp
|
||||
addq %rax, %r14
|
||||
movq 48($inp), %rax
|
||||
adcq \$0, %rdx
|
||||
|
@ -277,9 +276,7 @@ $code.=<<___;
|
|||
movq %rdx, %rcx
|
||||
adcq \$0, %rcx
|
||||
|
||||
mulq %r9
|
||||
movq %r12, %r10
|
||||
lea (%rbx,%r12,2), %r12 #shld \$1, %rbx, %r12
|
||||
mulq %rbp
|
||||
addq %rax, %r15
|
||||
movq 56($inp), %rax
|
||||
adcq \$0, %rdx
|
||||
|
@ -287,36 +284,40 @@ $code.=<<___;
|
|||
movq %rdx, %rcx
|
||||
adcq \$0, %rcx
|
||||
|
||||
mulq %r9
|
||||
shrq \$63, %r10
|
||||
mulq %rbp
|
||||
addq %rax, %r8
|
||||
movq %r9, %rax
|
||||
movq %rbp, %rax
|
||||
adcq \$0, %rdx
|
||||
addq %rcx, %r8
|
||||
movq %rdx, %r9
|
||||
adcq \$0, %r9
|
||||
adcq \$0, %rdx
|
||||
|
||||
movq %r13, %rcx
|
||||
leaq (%r10,%r13,2), %r13 #shld \$1, %r12, %r13
|
||||
xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1
|
||||
addq %r11, %r11
|
||||
movq %rdx, %r9
|
||||
adcq %r12, %r12
|
||||
adcq \$0, %rcx
|
||||
|
||||
mulq %rax
|
||||
# rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
|
||||
addq %rbx, %rax
|
||||
movq 24($inp), %r10
|
||||
addq %rax, %r11
|
||||
movq 32($inp), %rax
|
||||
adcq %rdx, %r12
|
||||
adcq \$0, %r13
|
||||
adcq \$0, %rcx
|
||||
|
||||
movq %r11, 32(%rsp)
|
||||
movq %r12, 40(%rsp)
|
||||
shrq \$63, %rcx
|
||||
|
||||
#fourth iteration
|
||||
movq 24($inp), %r10
|
||||
movq 32($inp), %rax
|
||||
mov %rax, %r11 # 32($inp)
|
||||
mulq %r10
|
||||
addq %rax, %r14
|
||||
movq 40($inp), %rax
|
||||
movq %rdx, %rbx
|
||||
adcq \$0, %rbx
|
||||
|
||||
mov %rax, %r12 # 40($inp)
|
||||
mulq %r10
|
||||
addq %rax, %r15
|
||||
movq 48($inp), %rax
|
||||
|
@ -325,9 +326,8 @@ $code.=<<___;
|
|||
movq %rdx, %rbx
|
||||
adcq \$0, %rbx
|
||||
|
||||
mov %rax, %rbp # 48($inp)
|
||||
mulq %r10
|
||||
movq %r14, %r12
|
||||
leaq (%rcx,%r14,2), %r14 #shld \$1, %rcx, %r14
|
||||
addq %rax, %r8
|
||||
movq 56($inp), %rax
|
||||
adcq \$0, %rdx
|
||||
|
@ -336,32 +336,33 @@ $code.=<<___;
|
|||
adcq \$0, %rbx
|
||||
|
||||
mulq %r10
|
||||
shrq \$63, %r12
|
||||
addq %rax, %r9
|
||||
movq %r10, %rax
|
||||
adcq \$0, %rdx
|
||||
addq %rbx, %r9
|
||||
movq %rdx, %r10
|
||||
adcq \$0, %r10
|
||||
adcq \$0, %rdx
|
||||
|
||||
movq %r15, %rbx
|
||||
leaq (%r12,%r15,2),%r15 #shld \$1, %r14, %r15
|
||||
xorq %rbx, %rbx # rbx:r13:r14 = r13:r14 << 1
|
||||
addq %r13, %r13
|
||||
movq %rdx, %r10
|
||||
adcq %r14, %r14
|
||||
adcq \$0, %rbx
|
||||
|
||||
mulq %rax
|
||||
# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
|
||||
addq %rcx, %rax
|
||||
addq %rax, %r13
|
||||
movq %r12, %rax # 40($inp)
|
||||
adcq %rdx, %r14
|
||||
adcq \$0, %r15
|
||||
adcq \$0, %rbx
|
||||
|
||||
movq %r13, 48(%rsp)
|
||||
movq %r14, 56(%rsp)
|
||||
shrq \$63, %rbx
|
||||
|
||||
#fifth iteration
|
||||
movq 32($inp), %r11
|
||||
movq 40($inp), %rax
|
||||
mulq %r11
|
||||
addq %rax, %r8
|
||||
movq 48($inp), %rax
|
||||
movq %rbp, %rax # 48($inp)
|
||||
movq %rdx, %rcx
|
||||
adcq \$0, %rcx
|
||||
|
||||
|
@ -369,97 +370,99 @@ $code.=<<___;
|
|||
addq %rax, %r9
|
||||
movq 56($inp), %rax
|
||||
adcq \$0, %rdx
|
||||
movq %r8, %r12
|
||||
leaq (%rbx,%r8,2), %r8 #shld \$1, %rbx, %r8
|
||||
addq %rcx, %r9
|
||||
movq %rdx, %rcx
|
||||
adcq \$0, %rcx
|
||||
|
||||
mov %rax, %r14 # 56($inp)
|
||||
mulq %r11
|
||||
shrq \$63, %r12
|
||||
addq %rax, %r10
|
||||
movq %r11, %rax
|
||||
adcq \$0, %rdx
|
||||
addq %rcx, %r10
|
||||
movq %rdx, %r11
|
||||
adcq \$0, %r11
|
||||
adcq \$0, %rdx
|
||||
|
||||
movq %r9, %rcx
|
||||
leaq (%r12,%r9,2), %r9 #shld \$1, %r8, %r9
|
||||
xorq %rcx, %rcx # rcx:r8:r15 = r8:r15 << 1
|
||||
addq %r15, %r15
|
||||
movq %rdx, %r11
|
||||
adcq %r8, %r8
|
||||
adcq \$0, %rcx
|
||||
|
||||
mulq %rax
|
||||
# rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
|
||||
addq %rbx, %rax
|
||||
addq %rax, %r15
|
||||
movq %rbp, %rax # 48($inp)
|
||||
adcq %rdx, %r8
|
||||
adcq \$0, %r9
|
||||
adcq \$0, %rcx
|
||||
|
||||
movq %r15, 64(%rsp)
|
||||
movq %r8, 72(%rsp)
|
||||
shrq \$63, %rcx
|
||||
|
||||
#sixth iteration
|
||||
movq 40($inp), %r12
|
||||
movq 48($inp), %rax
|
||||
mulq %r12
|
||||
addq %rax, %r10
|
||||
movq 56($inp), %rax
|
||||
movq %r14, %rax # 56($inp)
|
||||
movq %rdx, %rbx
|
||||
adcq \$0, %rbx
|
||||
|
||||
mulq %r12
|
||||
addq %rax, %r11
|
||||
movq %r12, %rax
|
||||
movq %r10, %r15
|
||||
leaq (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10
|
||||
adcq \$0, %rdx
|
||||
shrq \$63, %r15
|
||||
addq %rbx, %r11
|
||||
movq %rdx, %r12
|
||||
adcq \$0, %r12
|
||||
adcq \$0, %rdx
|
||||
|
||||
movq %r11, %rbx
|
||||
leaq (%r15,%r11,2), %r11 #shld \$1, %r10, %r11
|
||||
xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1
|
||||
addq %r9, %r9
|
||||
movq %rdx, %r12
|
||||
adcq %r10, %r10
|
||||
adcq \$0, %rbx
|
||||
|
||||
mulq %rax
|
||||
# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
|
||||
addq %rcx, %rax
|
||||
addq %rax, %r9
|
||||
movq %r14, %rax # 56($inp)
|
||||
adcq %rdx, %r10
|
||||
adcq \$0, %r11
|
||||
adcq \$0, %rbx
|
||||
|
||||
movq %r9, 80(%rsp)
|
||||
movq %r10, 88(%rsp)
|
||||
|
||||
#seventh iteration
|
||||
movq 48($inp), %r13
|
||||
movq 56($inp), %rax
|
||||
mulq %r13
|
||||
mulq %rbp
|
||||
addq %rax, %r12
|
||||
movq %r13, %rax
|
||||
movq %rdx, %r13
|
||||
adcq \$0, %r13
|
||||
movq %rbp, %rax
|
||||
adcq \$0, %rdx
|
||||
|
||||
xorq %r14, %r14
|
||||
shlq \$1, %rbx
|
||||
adcq %r12, %r12 #shld \$1, %rbx, %r12
|
||||
adcq %r13, %r13 #shld \$1, %r12, %r13
|
||||
adcq %r14, %r14 #shld \$1, %r13, %r14
|
||||
xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1
|
||||
addq %r11, %r11
|
||||
movq %rdx, %r13
|
||||
adcq %r12, %r12
|
||||
adcq \$0, %rcx
|
||||
|
||||
mulq %rax
|
||||
# rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
|
||||
addq %rbx, %rax
|
||||
addq %rax, %r11
|
||||
movq %r14, %rax # 56($inp)
|
||||
adcq %rdx, %r12
|
||||
adcq \$0, %r13
|
||||
adcq \$0, %rcx
|
||||
|
||||
movq %r11, 96(%rsp)
|
||||
movq %r12, 104(%rsp)
|
||||
|
||||
#eighth iteration
|
||||
movq 56($inp), %rax
|
||||
xorq %rbx, %rbx # rbx:r13 = r13 << 1
|
||||
addq %r13, %r13
|
||||
adcq \$0, %rbx
|
||||
|
||||
mulq %rax
|
||||
addq %rax, %r13
|
||||
adcq \$0, %rdx
|
||||
|
||||
addq %rdx, %r14
|
||||
|
||||
movq %r13, 112(%rsp)
|
||||
movq %r14, 120(%rsp)
|
||||
# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
|
||||
addq %rcx, %rax
|
||||
addq %r13, %rax
|
||||
adcq %rbx, %rdx
|
||||
|
||||
movq (%rsp), %r8
|
||||
movq 8(%rsp), %r9
|
||||
|
@ -469,6 +472,10 @@ $code.=<<___;
|
|||
movq 40(%rsp), %r13
|
||||
movq 48(%rsp), %r14
|
||||
movq 56(%rsp), %r15
|
||||
movq %xmm1, %rbp
|
||||
|
||||
movq %rax, 112(%rsp)
|
||||
movq %rdx, 120(%rsp)
|
||||
|
||||
call __rsaz_512_reduce
|
||||
|
||||
|
@ -500,9 +507,9 @@ $code.=<<___;
|
|||
.Loop_sqrx:
|
||||
movl $times,128+8(%rsp)
|
||||
movq $out, %xmm0 # off-load
|
||||
movq %rbp, %xmm1 # off-load
|
||||
#first iteration
|
||||
mulx %rax, %r8, %r9
|
||||
mov %rax, %rbx
|
||||
|
||||
mulx 16($inp), %rcx, %r10
|
||||
xor %rbp, %rbp # cf=0, of=0
|
||||
|
@ -510,40 +517,39 @@ $code.=<<___;
|
|||
mulx 24($inp), %rax, %r11
|
||||
adcx %rcx, %r9
|
||||
|
||||
mulx 32($inp), %rcx, %r12
|
||||
.byte 0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00 # mulx 32($inp), %rcx, %r12
|
||||
adcx %rax, %r10
|
||||
|
||||
mulx 40($inp), %rax, %r13
|
||||
.byte 0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00 # mulx 40($inp), %rax, %r13
|
||||
adcx %rcx, %r11
|
||||
|
||||
.byte 0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($inp), %rcx, %r14
|
||||
mulx 48($inp), %rcx, %r14
|
||||
adcx %rax, %r12
|
||||
adcx %rcx, %r13
|
||||
|
||||
.byte 0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00 # mulx 56($inp), %rax, %r15
|
||||
mulx 56($inp), %rax, %r15
|
||||
adcx %rax, %r14
|
||||
adcx %rbp, %r15 # %rbp is 0
|
||||
|
||||
mov %r9, %rcx
|
||||
shld \$1, %r8, %r9
|
||||
shl \$1, %r8
|
||||
|
||||
xor %ebp, %ebp
|
||||
mulx %rdx, %rax, %rdx
|
||||
adcx %rdx, %r8
|
||||
mov 8($inp), %rdx
|
||||
adcx %rbp, %r9
|
||||
mulx %rdx, %rax, $out
|
||||
mov %rbx, %rdx # 8($inp)
|
||||
xor %rcx, %rcx
|
||||
adox %r8, %r8
|
||||
adcx $out, %r8
|
||||
adox %rbp, %rcx
|
||||
adcx %rbp, %rcx
|
||||
|
||||
mov %rax, (%rsp)
|
||||
mov %r8, 8(%rsp)
|
||||
|
||||
#second iteration
|
||||
mulx 16($inp), %rax, %rbx
|
||||
.byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00 # mulx 16($inp), %rax, %rbx
|
||||
adox %rax, %r10
|
||||
adcx %rbx, %r11
|
||||
|
||||
.byte 0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r8
|
||||
mulx 24($inp), $out, %r8
|
||||
adox $out, %r11
|
||||
.byte 0x66
|
||||
adcx %r8, %r12
|
||||
|
||||
mulx 32($inp), %rax, %rbx
|
||||
|
@ -561,24 +567,25 @@ $code.=<<___;
|
|||
.byte 0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r8
|
||||
adox $out, %r15
|
||||
adcx %rbp, %r8
|
||||
mulx %rdx, %rax, $out
|
||||
adox %rbp, %r8
|
||||
.byte 0x48,0x8b,0x96,0x10,0x00,0x00,0x00 # mov 16($inp), %rdx
|
||||
|
||||
mov %r11, %rbx
|
||||
shld \$1, %r10, %r11
|
||||
shld \$1, %rcx, %r10
|
||||
|
||||
xor %ebp,%ebp
|
||||
mulx %rdx, %rax, %rcx
|
||||
mov 16($inp), %rdx
|
||||
xor %rbx, %rbx
|
||||
adox %r9, %r9
|
||||
# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
|
||||
adcx %rcx, %rax
|
||||
adox %r10, %r10
|
||||
adcx %rax, %r9
|
||||
adcx %rcx, %r10
|
||||
adcx %rbp, %r11
|
||||
adox %rbp, %rbx
|
||||
adcx $out, %r10
|
||||
adcx %rbp, %rbx
|
||||
|
||||
mov %r9, 16(%rsp)
|
||||
.byte 0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00 # mov %r10, 24(%rsp)
|
||||
|
||||
#third iteration
|
||||
.byte 0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r9
|
||||
mulx 24($inp), $out, %r9
|
||||
adox $out, %r12
|
||||
adcx %r9, %r13
|
||||
|
||||
|
@ -586,7 +593,7 @@ $code.=<<___;
|
|||
adox %rax, %r13
|
||||
adcx %rcx, %r14
|
||||
|
||||
mulx 40($inp), $out, %r9
|
||||
.byte 0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r9
|
||||
adox $out, %r14
|
||||
adcx %r9, %r15
|
||||
|
||||
|
@ -594,27 +601,28 @@ $code.=<<___;
|
|||
adox %rax, %r15
|
||||
adcx %rcx, %r8
|
||||
|
||||
.byte 0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r9
|
||||
mulx 56($inp), $out, %r9
|
||||
adox $out, %r8
|
||||
adcx %rbp, %r9
|
||||
mulx %rdx, %rax, $out
|
||||
adox %rbp, %r9
|
||||
|
||||
mov %r13, %rcx
|
||||
shld \$1, %r12, %r13
|
||||
shld \$1, %rbx, %r12
|
||||
|
||||
xor %ebp, %ebp
|
||||
mulx %rdx, %rax, %rdx
|
||||
adcx %rax, %r11
|
||||
adcx %rdx, %r12
|
||||
mov 24($inp), %rdx
|
||||
adcx %rbp, %r13
|
||||
|
||||
xor %rcx, %rcx
|
||||
adox %r11, %r11
|
||||
# rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
|
||||
adcx %rbx, %rax
|
||||
adox %r12, %r12
|
||||
adcx %rax, %r11
|
||||
adox %rbp, %rcx
|
||||
adcx $out, %r12
|
||||
adcx %rbp, %rcx
|
||||
|
||||
mov %r11, 32(%rsp)
|
||||
.byte 0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00 # mov %r12, 40(%rsp)
|
||||
mov %r12, 40(%rsp)
|
||||
|
||||
#fourth iteration
|
||||
.byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00 # mulx 32($inp), %rax, %rbx
|
||||
mulx 32($inp), %rax, %rbx
|
||||
adox %rax, %r14
|
||||
adcx %rbx, %r15
|
||||
|
||||
|
@ -629,25 +637,25 @@ $code.=<<___;
|
|||
mulx 56($inp), $out, %r10
|
||||
adox $out, %r9
|
||||
adcx %rbp, %r10
|
||||
mulx %rdx, %rax, $out
|
||||
adox %rbp, %r10
|
||||
|
||||
.byte 0x66
|
||||
mov %r15, %rbx
|
||||
shld \$1, %r14, %r15
|
||||
shld \$1, %rcx, %r14
|
||||
|
||||
xor %ebp, %ebp
|
||||
mulx %rdx, %rax, %rdx
|
||||
adcx %rax, %r13
|
||||
adcx %rdx, %r14
|
||||
mov 32($inp), %rdx
|
||||
adcx %rbp, %r15
|
||||
|
||||
xor %rbx, %rbx
|
||||
adox %r13, %r13
|
||||
# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
|
||||
adcx %rcx, %rax
|
||||
adox %r14, %r14
|
||||
adcx %rax, %r13
|
||||
adox %rbp, %rbx
|
||||
adcx $out, %r14
|
||||
adcx %rbp, %rbx
|
||||
|
||||
mov %r13, 48(%rsp)
|
||||
mov %r14, 56(%rsp)
|
||||
|
||||
#fifth iteration
|
||||
.byte 0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r11
|
||||
mulx 40($inp), $out, %r11
|
||||
adox $out, %r8
|
||||
adcx %r11, %r9
|
||||
|
||||
|
@ -658,18 +666,19 @@ $code.=<<___;
|
|||
mulx 56($inp), $out, %r11
|
||||
adox $out, %r10
|
||||
adcx %rbp, %r11
|
||||
mulx %rdx, %rax, $out
|
||||
mov 40($inp), %rdx
|
||||
adox %rbp, %r11
|
||||
|
||||
mov %r9, %rcx
|
||||
shld \$1, %r8, %r9
|
||||
shld \$1, %rbx, %r8
|
||||
|
||||
xor %ebp, %ebp
|
||||
mulx %rdx, %rax, %rdx
|
||||
xor %rcx, %rcx
|
||||
adox %r15, %r15
|
||||
# rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
|
||||
adcx %rbx, %rax
|
||||
adox %r8, %r8
|
||||
adcx %rax, %r15
|
||||
adcx %rdx, %r8
|
||||
mov 40($inp), %rdx
|
||||
adcx %rbp, %r9
|
||||
adox %rbp, %rcx
|
||||
adcx $out, %r8
|
||||
adcx %rbp, %rcx
|
||||
|
||||
mov %r15, 64(%rsp)
|
||||
mov %r8, 72(%rsp)
|
||||
|
@ -682,18 +691,19 @@ $code.=<<___;
|
|||
.byte 0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r12
|
||||
adox $out, %r11
|
||||
adcx %rbp, %r12
|
||||
mulx %rdx, %rax, $out
|
||||
adox %rbp, %r12
|
||||
|
||||
mov %r11, %rbx
|
||||
shld \$1, %r10, %r11
|
||||
shld \$1, %rcx, %r10
|
||||
|
||||
xor %ebp, %ebp
|
||||
mulx %rdx, %rax, %rdx
|
||||
adcx %rax, %r9
|
||||
adcx %rdx, %r10
|
||||
mov 48($inp), %rdx
|
||||
adcx %rbp, %r11
|
||||
|
||||
xor %rbx, %rbx
|
||||
adox %r9, %r9
|
||||
# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
|
||||
adcx %rcx, %rax
|
||||
adox %r10, %r10
|
||||
adcx %rax, %r9
|
||||
adcx $out, %r10
|
||||
adox %rbp, %rbx
|
||||
adcx %rbp, %rbx
|
||||
|
||||
mov %r9, 80(%rsp)
|
||||
mov %r10, 88(%rsp)
|
||||
|
@ -703,31 +713,31 @@ $code.=<<___;
|
|||
adox %rax, %r12
|
||||
adox %rbp, %r13
|
||||
|
||||
xor %r14, %r14
|
||||
shld \$1, %r13, %r14
|
||||
shld \$1, %r12, %r13
|
||||
shld \$1, %rbx, %r12
|
||||
|
||||
xor %ebp, %ebp
|
||||
mulx %rdx, %rax, %rdx
|
||||
adcx %rax, %r11
|
||||
adcx %rdx, %r12
|
||||
mulx %rdx, %rax, $out
|
||||
xor %rcx, %rcx
|
||||
mov 56($inp), %rdx
|
||||
adcx %rbp, %r13
|
||||
adox %r11, %r11
|
||||
# rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
|
||||
adcx %rbx, %rax
|
||||
adox %r12, %r12
|
||||
adcx %rax, %r11
|
||||
adox %rbp, %rcx
|
||||
adcx $out, %r12
|
||||
adcx %rbp, %rcx
|
||||
|
||||
.byte 0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00 # mov %r11, 96(%rsp)
|
||||
.byte 0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00 # mov %r12, 104(%rsp)
|
||||
|
||||
#eighth iteration
|
||||
mulx %rdx, %rax, %rdx
|
||||
adox %rax, %r13
|
||||
adox %rbp, %rdx
|
||||
xor %rbx, %rbx
|
||||
adox %r13, %r13
|
||||
# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
|
||||
adcx %rcx, %rax
|
||||
adox %rbp, %rbx
|
||||
adcx %r13, %rax
|
||||
adcx %rdx, %rbx
|
||||
|
||||
.byte 0x66
|
||||
add %rdx, %r14
|
||||
|
||||
movq %r13, 112(%rsp)
|
||||
movq %r14, 120(%rsp)
|
||||
movq %xmm0, $out
|
||||
movq %xmm1, %rbp
|
||||
|
||||
|
@ -741,6 +751,9 @@ $code.=<<___;
|
|||
movq 48(%rsp), %r14
|
||||
movq 56(%rsp), %r15
|
||||
|
||||
movq %rax, 112(%rsp)
|
||||
movq %rbx, 120(%rsp)
|
||||
|
||||
call __rsaz_512_reducex
|
||||
|
||||
addq 64(%rsp), %r8
|
||||
|
@ -1606,6 +1619,7 @@ $code.=<<___;
|
|||
.type __rsaz_512_reduce,\@abi-omnipotent
|
||||
.align 32
|
||||
__rsaz_512_reduce:
|
||||
.cfi_startproc
|
||||
movq %r8, %rbx
|
||||
imulq 128+8(%rsp), %rbx
|
||||
movq 0(%rbp), %rax
|
||||
|
@ -1685,6 +1699,7 @@ __rsaz_512_reduce:
|
|||
jne .Lreduction_loop
|
||||
|
||||
ret
|
||||
.cfi_endproc
|
||||
.size __rsaz_512_reduce,.-__rsaz_512_reduce
|
||||
___
|
||||
}
|
||||
|
@ -1698,6 +1713,7 @@ $code.=<<___;
|
|||
.type __rsaz_512_reducex,\@abi-omnipotent
|
||||
.align 32
|
||||
__rsaz_512_reducex:
|
||||
.cfi_startproc
|
||||
#movq 128+8(%rsp), %rdx # pull $n0
|
||||
imulq %r8, %rdx
|
||||
xorq %rsi, %rsi # cf=0,of=0
|
||||
|
@ -1750,6 +1766,7 @@ __rsaz_512_reducex:
|
|||
jne .Lreduction_loopx
|
||||
|
||||
ret
|
||||
.cfi_endproc
|
||||
.size __rsaz_512_reducex,.-__rsaz_512_reducex
|
||||
___
|
||||
}
|
||||
|
@ -1761,6 +1778,7 @@ $code.=<<___;
|
|||
.type __rsaz_512_subtract,\@abi-omnipotent
|
||||
.align 32
|
||||
__rsaz_512_subtract:
|
||||
.cfi_startproc
|
||||
movq %r8, ($out)
|
||||
movq %r9, 8($out)
|
||||
movq %r10, 16($out)
|
||||
|
@ -1814,6 +1832,7 @@ __rsaz_512_subtract:
|
|||
movq %r15, 56($out)
|
||||
|
||||
ret
|
||||
.cfi_endproc
|
||||
.size __rsaz_512_subtract,.-__rsaz_512_subtract
|
||||
___
|
||||
}
|
||||
|
@ -1827,6 +1846,7 @@ $code.=<<___;
|
|||
.type __rsaz_512_mul,\@abi-omnipotent
|
||||
.align 32
|
||||
__rsaz_512_mul:
|
||||
.cfi_startproc
|
||||
leaq 8(%rsp), %rdi
|
||||
|
||||
movq ($ap), %rax
|
||||
|
@ -1965,6 +1985,7 @@ __rsaz_512_mul:
|
|||
movq %r15, 56(%rdi)
|
||||
|
||||
ret
|
||||
.cfi_endproc
|
||||
.size __rsaz_512_mul,.-__rsaz_512_mul
|
||||
___
|
||||
}
|
||||
|
@ -1979,6 +2000,7 @@ $code.=<<___;
|
|||
.type __rsaz_512_mulx,\@abi-omnipotent
|
||||
.align 32
|
||||
__rsaz_512_mulx:
|
||||
.cfi_startproc
|
||||
mulx ($ap), %rbx, %r8 # initial %rdx preloaded by caller
|
||||
mov \$-6, %rcx
|
||||
|
||||
|
@ -2095,6 +2117,7 @@ __rsaz_512_mulx:
|
|||
mov %r15, 8+64+56(%rsp)
|
||||
|
||||
ret
|
||||
.cfi_endproc
|
||||
.size __rsaz_512_mulx,.-__rsaz_512_mulx
|
||||
___
|
||||
}
|
||||
|
@ -2105,6 +2128,7 @@ $code.=<<___;
|
|||
.type rsaz_512_scatter4,\@abi-omnipotent
|
||||
.align 16
|
||||
rsaz_512_scatter4:
|
||||
.cfi_startproc
|
||||
leaq ($out,$power,8), $out
|
||||
movl \$8, %r9d
|
||||
jmp .Loop_scatter
|
||||
|
@ -2117,12 +2141,14 @@ rsaz_512_scatter4:
|
|||
decl %r9d
|
||||
jnz .Loop_scatter
|
||||
ret
|
||||
.cfi_endproc
|
||||
.size rsaz_512_scatter4,.-rsaz_512_scatter4
|
||||
|
||||
.globl rsaz_512_gather4
|
||||
.type rsaz_512_gather4,\@abi-omnipotent
|
||||
.align 16
|
||||
rsaz_512_gather4:
|
||||
.cfi_startproc
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
.LSEH_begin_rsaz_512_gather4:
|
||||
|
@ -2217,6 +2243,7 @@ ___
|
|||
$code.=<<___;
|
||||
ret
|
||||
.LSEH_end_rsaz_512_gather4:
|
||||
.cfi_endproc
|
||||
.size rsaz_512_gather4,.-rsaz_512_gather4
|
||||
|
||||
.align 64
|
||||
|
@ -2401,4 +2428,4 @@ ___
|
|||
|
||||
$code =~ s/\`([^\`]*)\`/eval $1/gem;
|
||||
print $code;
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -225,4 +225,4 @@ ___
|
|||
|
||||
$code =~ s/\`([^\`]*)\`/eval($1)/gem;
|
||||
print $code;
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -145,7 +145,7 @@ $code.=<<___;
|
|||
lghi $NHI,0
|
||||
alcgr $NHI,$nhi
|
||||
|
||||
la $j,8(%r0) # j=1
|
||||
la $j,8 # j=1
|
||||
lr $count,$num
|
||||
|
||||
.align 16
|
||||
|
@ -197,7 +197,7 @@ $code.=<<___;
|
|||
lghi $NHI,0
|
||||
alcgr $NHI,$nhi
|
||||
|
||||
la $j,8(%r0) # j=1
|
||||
la $j,8 # j=1
|
||||
lr $count,$num
|
||||
|
||||
.align 16
|
||||
|
@ -241,7 +241,7 @@ $code.=<<___;
|
|||
la $ap,$stdframe($sp)
|
||||
ahi $num,1 # restore $num, incidentally clears "borrow"
|
||||
|
||||
la $j,0(%r0)
|
||||
la $j,0
|
||||
lr $count,$num
|
||||
.Lsub: lg $alo,0($j,$ap)
|
||||
lg $nlo,0($j,$np)
|
||||
|
@ -255,7 +255,7 @@ $code.=<<___;
|
|||
lghi $NHI,-1
|
||||
xgr $NHI,$AHI
|
||||
|
||||
la $j,0(%r0)
|
||||
la $j,0
|
||||
lgr $count,$num
|
||||
.Lcopy: lg $ahi,$stdframe($j,$sp) # conditional copy
|
||||
lg $alo,0($j,$rp)
|
||||
|
@ -281,4 +281,4 @@ foreach (split("\n",$code)) {
|
|||
s/_dswap\s+(%r[0-9]+)/sprintf("rllg\t%s,%s,32",$1,$1) if($SIZE_T==4)/e;
|
||||
print $_,"\n";
|
||||
}
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -511,7 +511,7 @@ bn_mul_comba4:
|
|||
lghi zero,0
|
||||
|
||||
mul_add_c(0,0,c1,c2,c3);
|
||||
stg c1,0*8(%r3)
|
||||
stg c1,0*8(%r2)
|
||||
lghi c1,0
|
||||
|
||||
mul_add_c(0,1,c2,c3,c1);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -1225,4 +1225,4 @@ ___
|
|||
|
||||
&emit_assembler();
|
||||
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -197,4 +197,4 @@ ___
|
|||
|
||||
$code =~ s/\`([^\`]*)\`/eval($1)/gem;
|
||||
print $code;
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -617,4 +617,4 @@ $code.=<<___;
|
|||
___
|
||||
$code =~ s/\`([^\`]*)\`/eval($1)/gem;
|
||||
print $code;
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -884,4 +884,4 @@ $code =~ s/fzeros\s+%f([0-9]+)/
|
|||
|
||||
print $code;
|
||||
# flush
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -248,4 +248,4 @@ $sp=&DWP(28,"esp");
|
|||
|
||||
&asm_finish();
|
||||
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -381,4 +381,4 @@ foreach (split("\n",$code)) {
|
|||
print $_,"\n";
|
||||
}
|
||||
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -322,4 +322,4 @@ if ($sse2) {
|
|||
|
||||
&asm_finish();
|
||||
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -628,4 +628,4 @@ $sbit=$num;
|
|||
|
||||
&asm_finish();
|
||||
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "../bn_lcl.h"
|
||||
#include "../bn_local.h"
|
||||
#if !(defined(__GNUC__) && __GNUC__>=2)
|
||||
# include "../bn_asm.c" /* kind of dirty hack for Sun Studio */
|
||||
#else
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -421,4 +421,4 @@ ___
|
|||
|
||||
$code =~ s/\`([^\`]*)\`/eval($1)/gem;
|
||||
print $code;
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -75,7 +75,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
|||
$addx = ($1>=12);
|
||||
}
|
||||
|
||||
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
|
||||
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) {
|
||||
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
|
||||
$addx = ($ver>=3.03);
|
||||
}
|
||||
|
@ -1589,4 +1589,4 @@ ___
|
|||
}
|
||||
|
||||
print $code;
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -60,7 +60,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
|||
$addx = ($1>=12);
|
||||
}
|
||||
|
||||
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
|
||||
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) {
|
||||
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
|
||||
$addx = ($ver>=3.03);
|
||||
}
|
||||
|
@ -580,6 +580,7 @@ $code.=<<___;
|
|||
.type mul4x_internal,\@abi-omnipotent
|
||||
.align 32
|
||||
mul4x_internal:
|
||||
.cfi_startproc
|
||||
shl \$5,$num # $num was in bytes
|
||||
movd `($win64?56:8)`(%rax),%xmm5 # load 7th argument, index
|
||||
lea .Linc(%rip),%rax
|
||||
|
@ -1074,6 +1075,7 @@ $code.=<<___
|
|||
___
|
||||
}
|
||||
$code.=<<___;
|
||||
.cfi_endproc
|
||||
.size mul4x_internal,.-mul4x_internal
|
||||
___
|
||||
}}}
|
||||
|
@ -1239,6 +1241,7 @@ $code.=<<___;
|
|||
.align 32
|
||||
bn_sqr8x_internal:
|
||||
__bn_sqr8x_internal:
|
||||
.cfi_startproc
|
||||
##############################################################
|
||||
# Squaring part:
|
||||
#
|
||||
|
@ -2030,6 +2033,7 @@ __bn_sqr8x_reduction:
|
|||
cmp %rdx,$tptr # end of t[]?
|
||||
jb .L8x_reduction_loop
|
||||
ret
|
||||
.cfi_endproc
|
||||
.size bn_sqr8x_internal,.-bn_sqr8x_internal
|
||||
___
|
||||
}
|
||||
|
@ -2042,6 +2046,7 @@ $code.=<<___;
|
|||
.type __bn_post4x_internal,\@abi-omnipotent
|
||||
.align 32
|
||||
__bn_post4x_internal:
|
||||
.cfi_startproc
|
||||
mov 8*0($nptr),%r12
|
||||
lea (%rdi,$num),$tptr # %rdi was $tptr above
|
||||
mov $num,%rcx
|
||||
|
@ -2092,6 +2097,7 @@ __bn_post4x_internal:
|
|||
mov $num,%r10 # prepare for back-to-back call
|
||||
neg $num # restore $num
|
||||
ret
|
||||
.cfi_endproc
|
||||
.size __bn_post4x_internal,.-__bn_post4x_internal
|
||||
___
|
||||
}
|
||||
|
@ -2101,10 +2107,12 @@ $code.=<<___;
|
|||
.type bn_from_montgomery,\@abi-omnipotent
|
||||
.align 32
|
||||
bn_from_montgomery:
|
||||
.cfi_startproc
|
||||
testl \$7,`($win64?"48(%rsp)":"%r9d")`
|
||||
jz bn_from_mont8x
|
||||
xor %eax,%eax
|
||||
ret
|
||||
.cfi_endproc
|
||||
.size bn_from_montgomery,.-bn_from_montgomery
|
||||
|
||||
.type bn_from_mont8x,\@function,6
|
||||
|
@ -2400,6 +2408,7 @@ bn_mulx4x_mont_gather5:
|
|||
.type mulx4x_internal,\@abi-omnipotent
|
||||
.align 32
|
||||
mulx4x_internal:
|
||||
.cfi_startproc
|
||||
mov $num,8(%rsp) # save -$num (it was in bytes)
|
||||
mov $num,%r10
|
||||
neg $num # restore $num
|
||||
|
@ -2750,6 +2759,7 @@ $code.=<<___;
|
|||
mov 8*2(%rbp),%r14
|
||||
mov 8*3(%rbp),%r15
|
||||
jmp .Lsqrx4x_sub_entry # common post-condition
|
||||
.cfi_endproc
|
||||
.size mulx4x_internal,.-mulx4x_internal
|
||||
___
|
||||
}{
|
||||
|
@ -3555,6 +3565,7 @@ my ($rptr,$nptr)=("%rdx","%rbp");
|
|||
$code.=<<___;
|
||||
.align 32
|
||||
__bn_postx4x_internal:
|
||||
.cfi_startproc
|
||||
mov 8*0($nptr),%r12
|
||||
mov %rcx,%r10 # -$num
|
||||
mov %rcx,%r9 # -$num
|
||||
|
@ -3602,6 +3613,7 @@ __bn_postx4x_internal:
|
|||
neg %r9 # restore $num
|
||||
|
||||
ret
|
||||
.cfi_endproc
|
||||
.size __bn_postx4x_internal,.-__bn_postx4x_internal
|
||||
___
|
||||
}
|
||||
|
@ -3618,6 +3630,7 @@ $code.=<<___;
|
|||
.type bn_get_bits5,\@abi-omnipotent
|
||||
.align 16
|
||||
bn_get_bits5:
|
||||
.cfi_startproc
|
||||
lea 0($inp),%r10
|
||||
lea 1($inp),%r11
|
||||
mov $num,%ecx
|
||||
|
@ -3631,12 +3644,14 @@ bn_get_bits5:
|
|||
shrl %cl,%eax
|
||||
and \$31,%eax
|
||||
ret
|
||||
.cfi_endproc
|
||||
.size bn_get_bits5,.-bn_get_bits5
|
||||
|
||||
.globl bn_scatter5
|
||||
.type bn_scatter5,\@abi-omnipotent
|
||||
.align 16
|
||||
bn_scatter5:
|
||||
.cfi_startproc
|
||||
cmp \$0, $num
|
||||
jz .Lscatter_epilogue
|
||||
lea ($tbl,$idx,8),$tbl
|
||||
|
@ -3649,6 +3664,7 @@ bn_scatter5:
|
|||
jnz .Lscatter
|
||||
.Lscatter_epilogue:
|
||||
ret
|
||||
.cfi_endproc
|
||||
.size bn_scatter5,.-bn_scatter5
|
||||
|
||||
.globl bn_gather5
|
||||
|
@ -3656,6 +3672,7 @@ bn_scatter5:
|
|||
.align 32
|
||||
bn_gather5:
|
||||
.LSEH_begin_bn_gather5: # Win64 thing, but harmless in other cases
|
||||
.cfi_startproc
|
||||
# I can't trust assembler to use specific encoding:-(
|
||||
.byte 0x4c,0x8d,0x14,0x24 #lea (%rsp),%r10
|
||||
.byte 0x48,0x81,0xec,0x08,0x01,0x00,0x00 #sub $0x108,%rsp
|
||||
|
@ -3740,6 +3757,7 @@ $code.=<<___;
|
|||
lea (%r10),%rsp
|
||||
ret
|
||||
.LSEH_end_bn_gather5:
|
||||
.cfi_endproc
|
||||
.size bn_gather5,.-bn_gather5
|
||||
___
|
||||
}
|
||||
|
@ -3942,4 +3960,4 @@ ___
|
|||
$code =~ s/\`([^\`]*)\`/eval($1)/gem;
|
||||
|
||||
print $code;
|
||||
close STDOUT;
|
||||
close STDOUT or die "error closing STDOUT: $!";
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
*/
|
||||
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
/* signed add of b to a. */
|
||||
int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
#include <assert.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
#include <openssl/opensslconf.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
#define BN_BLINDING_COUNTER 32
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
*/
|
||||
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
/*-
|
||||
* TODO list
|
||||
|
@ -194,6 +194,8 @@ void BN_CTX_start(BN_CTX *ctx)
|
|||
|
||||
void BN_CTX_end(BN_CTX *ctx)
|
||||
{
|
||||
if (ctx == NULL)
|
||||
return;
|
||||
CTXDBG_ENTRY("BN_CTX_end", ctx);
|
||||
if (ctx->err_stack)
|
||||
ctx->err_stack--;
|
||||
|
|
|
@ -20,7 +20,7 @@ NON_EMPTY_TRANSLATION_UNIT
|
|||
# include <stdio.h>
|
||||
# include <time.h>
|
||||
# include "internal/cryptlib.h"
|
||||
# include "bn_lcl.h"
|
||||
# include "bn_local.h"
|
||||
|
||||
BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
|
||||
const BIGNUM *add, const BIGNUM *rem,
|
||||
|
|
|
@ -7,12 +7,12 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
#include "internal/nelem.h"
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#include <openssl/dh.h>
|
||||
#include "internal/bn_dh.h"
|
||||
#include "crypto/bn_dh.h"
|
||||
/* DH parameters from RFC5114 */
|
||||
|
||||
# if BN_BITS2 == 64
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -10,7 +10,7 @@
|
|||
#include <assert.h>
|
||||
#include <openssl/bn.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
/* The old slow way */
|
||||
#if 0
|
||||
|
@ -258,7 +258,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
|
|||
*
|
||||
* - availability of constant-time bn_div_3_words;
|
||||
* - dividend is at least as "wide" as divisor, limb-wise, zero-padded
|
||||
* if so requied, which shouldn't be a privacy problem, because
|
||||
* if so required, which shouldn't be a privacy problem, because
|
||||
* divisor's length is considered public;
|
||||
*/
|
||||
int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
|
||||
|
@ -268,7 +268,7 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
|
|||
BIGNUM *tmp, *snum, *sdiv, *res;
|
||||
BN_ULONG *resp, *wnum, *wnumtop;
|
||||
BN_ULONG d0, d1;
|
||||
int num_n, div_n;
|
||||
int num_n, div_n, num_neg;
|
||||
|
||||
assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0);
|
||||
|
||||
|
@ -326,7 +326,8 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
|
|||
/* Setup quotient */
|
||||
if (!bn_wexpand(res, loop))
|
||||
goto err;
|
||||
res->neg = (num->neg ^ divisor->neg);
|
||||
num_neg = num->neg;
|
||||
res->neg = (num_neg ^ divisor->neg);
|
||||
res->top = loop;
|
||||
res->flags |= BN_FLG_FIXED_TOP;
|
||||
resp = &(res->d[loop]);
|
||||
|
@ -442,7 +443,7 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
|
|||
*--resp = q;
|
||||
}
|
||||
/* snum holds remainder, it's as wide as divisor */
|
||||
snum->neg = num->neg;
|
||||
snum->neg = num_neg;
|
||||
snum->top = div_n;
|
||||
snum->flags |= BN_FLG_FIXED_TOP;
|
||||
if (rm != NULL)
|
||||
|
|
|
@ -8,8 +8,8 @@
|
|||
*/
|
||||
|
||||
#include "internal/cryptlib.h"
|
||||
#include "internal/constant_time_locl.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "internal/constant_time.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
#include <stdlib.h>
|
||||
#ifdef _WIN32
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
#include <stdio.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
#define TABLE_SIZE 32
|
||||
|
||||
|
|
562
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_gcd.c
vendored
562
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_gcd.c
vendored
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -8,130 +8,191 @@
|
|||
*/
|
||||
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
|
||||
|
||||
int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
|
||||
/*
|
||||
* bn_mod_inverse_no_branch is a special version of BN_mod_inverse. It does
|
||||
* not contain branches that may leak sensitive information.
|
||||
*
|
||||
* This is a static function, we ensure all callers in this file pass valid
|
||||
* arguments: all passed pointers here are non-NULL.
|
||||
*/
|
||||
static ossl_inline
|
||||
BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in,
|
||||
const BIGNUM *a, const BIGNUM *n,
|
||||
BN_CTX *ctx, int *pnoinv)
|
||||
{
|
||||
BIGNUM *a, *b, *t;
|
||||
int ret = 0;
|
||||
BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
|
||||
BIGNUM *ret = NULL;
|
||||
int sign;
|
||||
|
||||
bn_check_top(in_a);
|
||||
bn_check_top(in_b);
|
||||
bn_check_top(a);
|
||||
bn_check_top(n);
|
||||
|
||||
BN_CTX_start(ctx);
|
||||
a = BN_CTX_get(ctx);
|
||||
b = BN_CTX_get(ctx);
|
||||
if (b == NULL)
|
||||
A = BN_CTX_get(ctx);
|
||||
B = BN_CTX_get(ctx);
|
||||
X = BN_CTX_get(ctx);
|
||||
D = BN_CTX_get(ctx);
|
||||
M = BN_CTX_get(ctx);
|
||||
Y = BN_CTX_get(ctx);
|
||||
T = BN_CTX_get(ctx);
|
||||
if (T == NULL)
|
||||
goto err;
|
||||
|
||||
if (BN_copy(a, in_a) == NULL)
|
||||
if (in == NULL)
|
||||
R = BN_new();
|
||||
else
|
||||
R = in;
|
||||
if (R == NULL)
|
||||
goto err;
|
||||
if (BN_copy(b, in_b) == NULL)
|
||||
goto err;
|
||||
a->neg = 0;
|
||||
b->neg = 0;
|
||||
|
||||
if (BN_cmp(a, b) < 0) {
|
||||
t = a;
|
||||
a = b;
|
||||
b = t;
|
||||
BN_one(X);
|
||||
BN_zero(Y);
|
||||
if (BN_copy(B, a) == NULL)
|
||||
goto err;
|
||||
if (BN_copy(A, n) == NULL)
|
||||
goto err;
|
||||
A->neg = 0;
|
||||
|
||||
if (B->neg || (BN_ucmp(B, A) >= 0)) {
|
||||
/*
|
||||
* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
|
||||
* BN_div_no_branch will be called eventually.
|
||||
*/
|
||||
{
|
||||
BIGNUM local_B;
|
||||
bn_init(&local_B);
|
||||
BN_with_flags(&local_B, B, BN_FLG_CONSTTIME);
|
||||
if (!BN_nnmod(B, &local_B, A, ctx))
|
||||
goto err;
|
||||
/* Ensure local_B goes out of scope before any further use of B */
|
||||
}
|
||||
}
|
||||
t = euclid(a, b);
|
||||
if (t == NULL)
|
||||
goto err;
|
||||
sign = -1;
|
||||
/*-
|
||||
* From B = a mod |n|, A = |n| it follows that
|
||||
*
|
||||
* 0 <= B < A,
|
||||
* -sign*X*a == B (mod |n|),
|
||||
* sign*Y*a == A (mod |n|).
|
||||
*/
|
||||
|
||||
if (BN_copy(r, t) == NULL)
|
||||
while (!BN_is_zero(B)) {
|
||||
BIGNUM *tmp;
|
||||
|
||||
/*-
|
||||
* 0 < B < A,
|
||||
* (*) -sign*X*a == B (mod |n|),
|
||||
* sign*Y*a == A (mod |n|)
|
||||
*/
|
||||
|
||||
/*
|
||||
* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
|
||||
* BN_div_no_branch will be called eventually.
|
||||
*/
|
||||
{
|
||||
BIGNUM local_A;
|
||||
bn_init(&local_A);
|
||||
BN_with_flags(&local_A, A, BN_FLG_CONSTTIME);
|
||||
|
||||
/* (D, M) := (A/B, A%B) ... */
|
||||
if (!BN_div(D, M, &local_A, B, ctx))
|
||||
goto err;
|
||||
/* Ensure local_A goes out of scope before any further use of A */
|
||||
}
|
||||
|
||||
/*-
|
||||
* Now
|
||||
* A = D*B + M;
|
||||
* thus we have
|
||||
* (**) sign*Y*a == D*B + M (mod |n|).
|
||||
*/
|
||||
|
||||
tmp = A; /* keep the BIGNUM object, the value does not
|
||||
* matter */
|
||||
|
||||
/* (A, B) := (B, A mod B) ... */
|
||||
A = B;
|
||||
B = M;
|
||||
/* ... so we have 0 <= B < A again */
|
||||
|
||||
/*-
|
||||
* Since the former M is now B and the former B is now A,
|
||||
* (**) translates into
|
||||
* sign*Y*a == D*A + B (mod |n|),
|
||||
* i.e.
|
||||
* sign*Y*a - D*A == B (mod |n|).
|
||||
* Similarly, (*) translates into
|
||||
* -sign*X*a == A (mod |n|).
|
||||
*
|
||||
* Thus,
|
||||
* sign*Y*a + D*sign*X*a == B (mod |n|),
|
||||
* i.e.
|
||||
* sign*(Y + D*X)*a == B (mod |n|).
|
||||
*
|
||||
* So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
|
||||
* -sign*X*a == B (mod |n|),
|
||||
* sign*Y*a == A (mod |n|).
|
||||
* Note that X and Y stay non-negative all the time.
|
||||
*/
|
||||
|
||||
if (!BN_mul(tmp, D, X, ctx))
|
||||
goto err;
|
||||
if (!BN_add(tmp, tmp, Y))
|
||||
goto err;
|
||||
|
||||
M = Y; /* keep the BIGNUM object, the value does not
|
||||
* matter */
|
||||
Y = X;
|
||||
X = tmp;
|
||||
sign = -sign;
|
||||
}
|
||||
|
||||
/*-
|
||||
* The while loop (Euclid's algorithm) ends when
|
||||
* A == gcd(a,n);
|
||||
* we have
|
||||
* sign*Y*a == A (mod |n|),
|
||||
* where Y is non-negative.
|
||||
*/
|
||||
|
||||
if (sign < 0) {
|
||||
if (!BN_sub(Y, n, Y))
|
||||
goto err;
|
||||
}
|
||||
/* Now Y*a == A (mod |n|). */
|
||||
|
||||
if (BN_is_one(A)) {
|
||||
/* Y*a == 1 (mod |n|) */
|
||||
if (!Y->neg && BN_ucmp(Y, n) < 0) {
|
||||
if (!BN_copy(R, Y))
|
||||
goto err;
|
||||
} else {
|
||||
if (!BN_nnmod(R, Y, n, ctx))
|
||||
goto err;
|
||||
}
|
||||
} else {
|
||||
*pnoinv = 1;
|
||||
/* caller sets the BN_R_NO_INVERSE error */
|
||||
goto err;
|
||||
ret = 1;
|
||||
}
|
||||
|
||||
ret = R;
|
||||
*pnoinv = 0;
|
||||
|
||||
err:
|
||||
if ((ret == NULL) && (in == NULL))
|
||||
BN_free(R);
|
||||
BN_CTX_end(ctx);
|
||||
bn_check_top(r);
|
||||
bn_check_top(ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
|
||||
{
|
||||
BIGNUM *t;
|
||||
int shifts = 0;
|
||||
|
||||
bn_check_top(a);
|
||||
bn_check_top(b);
|
||||
|
||||
/* 0 <= b <= a */
|
||||
while (!BN_is_zero(b)) {
|
||||
/* 0 < b <= a */
|
||||
|
||||
if (BN_is_odd(a)) {
|
||||
if (BN_is_odd(b)) {
|
||||
if (!BN_sub(a, a, b))
|
||||
goto err;
|
||||
if (!BN_rshift1(a, a))
|
||||
goto err;
|
||||
if (BN_cmp(a, b) < 0) {
|
||||
t = a;
|
||||
a = b;
|
||||
b = t;
|
||||
}
|
||||
} else { /* a odd - b even */
|
||||
|
||||
if (!BN_rshift1(b, b))
|
||||
goto err;
|
||||
if (BN_cmp(a, b) < 0) {
|
||||
t = a;
|
||||
a = b;
|
||||
b = t;
|
||||
}
|
||||
}
|
||||
} else { /* a is even */
|
||||
|
||||
if (BN_is_odd(b)) {
|
||||
if (!BN_rshift1(a, a))
|
||||
goto err;
|
||||
if (BN_cmp(a, b) < 0) {
|
||||
t = a;
|
||||
a = b;
|
||||
b = t;
|
||||
}
|
||||
} else { /* a even - b even */
|
||||
|
||||
if (!BN_rshift1(a, a))
|
||||
goto err;
|
||||
if (!BN_rshift1(b, b))
|
||||
goto err;
|
||||
shifts++;
|
||||
}
|
||||
}
|
||||
/* 0 <= b <= a */
|
||||
}
|
||||
|
||||
if (shifts) {
|
||||
if (!BN_lshift(a, a, shifts))
|
||||
goto err;
|
||||
}
|
||||
bn_check_top(a);
|
||||
return a;
|
||||
err:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* solves ax == 1 (mod n) */
|
||||
static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
|
||||
const BIGNUM *a, const BIGNUM *n,
|
||||
BN_CTX *ctx);
|
||||
|
||||
BIGNUM *BN_mod_inverse(BIGNUM *in,
|
||||
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
|
||||
{
|
||||
BIGNUM *rv;
|
||||
int noinv;
|
||||
rv = int_bn_mod_inverse(in, a, n, ctx, &noinv);
|
||||
if (noinv)
|
||||
BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
|
||||
return rv;
|
||||
}
|
||||
|
||||
/*
|
||||
* This is an internal function, we assume all callers pass valid arguments:
|
||||
* all pointers passed here are assumed non-NULL.
|
||||
*/
|
||||
BIGNUM *int_bn_mod_inverse(BIGNUM *in,
|
||||
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
|
||||
int *pnoinv)
|
||||
|
@ -142,17 +203,15 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
|
|||
|
||||
/* This is invalid input so we don't worry about constant time here */
|
||||
if (BN_abs_is_word(n, 1) || BN_is_zero(n)) {
|
||||
if (pnoinv != NULL)
|
||||
*pnoinv = 1;
|
||||
*pnoinv = 1;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (pnoinv != NULL)
|
||||
*pnoinv = 0;
|
||||
*pnoinv = 0;
|
||||
|
||||
if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0)
|
||||
|| (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) {
|
||||
return BN_mod_inverse_no_branch(in, a, n, ctx);
|
||||
return bn_mod_inverse_no_branch(in, a, n, ctx, pnoinv);
|
||||
}
|
||||
|
||||
bn_check_top(a);
|
||||
|
@ -438,8 +497,7 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
|
|||
goto err;
|
||||
}
|
||||
} else {
|
||||
if (pnoinv)
|
||||
*pnoinv = 1;
|
||||
*pnoinv = 1;
|
||||
goto err;
|
||||
}
|
||||
ret = R;
|
||||
|
@ -451,173 +509,137 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
|
|||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* BN_mod_inverse_no_branch is a special version of BN_mod_inverse. It does
|
||||
* not contain branches that may leak sensitive information.
|
||||
*/
|
||||
static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
|
||||
const BIGNUM *a, const BIGNUM *n,
|
||||
BN_CTX *ctx)
|
||||
/* solves ax == 1 (mod n) */
|
||||
BIGNUM *BN_mod_inverse(BIGNUM *in,
|
||||
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
|
||||
{
|
||||
BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
|
||||
BIGNUM *ret = NULL;
|
||||
int sign;
|
||||
BN_CTX *new_ctx = NULL;
|
||||
BIGNUM *rv;
|
||||
int noinv = 0;
|
||||
|
||||
bn_check_top(a);
|
||||
bn_check_top(n);
|
||||
if (ctx == NULL) {
|
||||
ctx = new_ctx = BN_CTX_new();
|
||||
if (ctx == NULL) {
|
||||
BNerr(BN_F_BN_MOD_INVERSE, ERR_R_MALLOC_FAILURE);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
rv = int_bn_mod_inverse(in, a, n, ctx, &noinv);
|
||||
if (noinv)
|
||||
BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
|
||||
BN_CTX_free(new_ctx);
|
||||
return rv;
|
||||
}
|
||||
|
||||
/*-
|
||||
* This function is based on the constant-time GCD work by Bernstein and Yang:
|
||||
* https://eprint.iacr.org/2019/266
|
||||
* Generalized fast GCD function to allow even inputs.
|
||||
* The algorithm first finds the shared powers of 2 between
|
||||
* the inputs, and removes them, reducing at least one of the
|
||||
* inputs to an odd value. Then it proceeds to calculate the GCD.
|
||||
* Before returning the resulting GCD, we take care of adding
|
||||
* back the powers of two removed at the beginning.
|
||||
* Note 1: we assume the bit length of both inputs is public information,
|
||||
* since access to top potentially leaks this information.
|
||||
*/
|
||||
int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
|
||||
{
|
||||
BIGNUM *g, *temp = NULL;
|
||||
BN_ULONG mask = 0;
|
||||
int i, j, top, rlen, glen, m, bit = 1, delta = 1, cond = 0, shifts = 0, ret = 0;
|
||||
|
||||
/* Note 2: zero input corner cases are not constant-time since they are
|
||||
* handled immediately. An attacker can run an attack under this
|
||||
* assumption without the need of side-channel information. */
|
||||
if (BN_is_zero(in_b)) {
|
||||
ret = BN_copy(r, in_a) != NULL;
|
||||
r->neg = 0;
|
||||
return ret;
|
||||
}
|
||||
if (BN_is_zero(in_a)) {
|
||||
ret = BN_copy(r, in_b) != NULL;
|
||||
r->neg = 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
bn_check_top(in_a);
|
||||
bn_check_top(in_b);
|
||||
|
||||
BN_CTX_start(ctx);
|
||||
A = BN_CTX_get(ctx);
|
||||
B = BN_CTX_get(ctx);
|
||||
X = BN_CTX_get(ctx);
|
||||
D = BN_CTX_get(ctx);
|
||||
M = BN_CTX_get(ctx);
|
||||
Y = BN_CTX_get(ctx);
|
||||
T = BN_CTX_get(ctx);
|
||||
if (T == NULL)
|
||||
temp = BN_CTX_get(ctx);
|
||||
g = BN_CTX_get(ctx);
|
||||
|
||||
/* make r != 0, g != 0 even, so BN_rshift is not a potential nop */
|
||||
if (g == NULL
|
||||
|| !BN_lshift1(g, in_b)
|
||||
|| !BN_lshift1(r, in_a))
|
||||
goto err;
|
||||
|
||||
if (in == NULL)
|
||||
R = BN_new();
|
||||
else
|
||||
R = in;
|
||||
if (R == NULL)
|
||||
goto err;
|
||||
|
||||
BN_one(X);
|
||||
BN_zero(Y);
|
||||
if (BN_copy(B, a) == NULL)
|
||||
goto err;
|
||||
if (BN_copy(A, n) == NULL)
|
||||
goto err;
|
||||
A->neg = 0;
|
||||
|
||||
if (B->neg || (BN_ucmp(B, A) >= 0)) {
|
||||
/*
|
||||
* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
|
||||
* BN_div_no_branch will be called eventually.
|
||||
*/
|
||||
{
|
||||
BIGNUM local_B;
|
||||
bn_init(&local_B);
|
||||
BN_with_flags(&local_B, B, BN_FLG_CONSTTIME);
|
||||
if (!BN_nnmod(B, &local_B, A, ctx))
|
||||
goto err;
|
||||
/* Ensure local_B goes out of scope before any further use of B */
|
||||
/* find shared powers of two, i.e. "shifts" >= 1 */
|
||||
for (i = 0; i < r->dmax && i < g->dmax; i++) {
|
||||
mask = ~(r->d[i] | g->d[i]);
|
||||
for (j = 0; j < BN_BITS2; j++) {
|
||||
bit &= mask;
|
||||
shifts += bit;
|
||||
mask >>= 1;
|
||||
}
|
||||
}
|
||||
sign = -1;
|
||||
/*-
|
||||
* From B = a mod |n|, A = |n| it follows that
|
||||
*
|
||||
* 0 <= B < A,
|
||||
* -sign*X*a == B (mod |n|),
|
||||
* sign*Y*a == A (mod |n|).
|
||||
*/
|
||||
|
||||
while (!BN_is_zero(B)) {
|
||||
BIGNUM *tmp;
|
||||
|
||||
/*-
|
||||
* 0 < B < A,
|
||||
* (*) -sign*X*a == B (mod |n|),
|
||||
* sign*Y*a == A (mod |n|)
|
||||
*/
|
||||
|
||||
/*
|
||||
* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
|
||||
* BN_div_no_branch will be called eventually.
|
||||
*/
|
||||
{
|
||||
BIGNUM local_A;
|
||||
bn_init(&local_A);
|
||||
BN_with_flags(&local_A, A, BN_FLG_CONSTTIME);
|
||||
|
||||
/* (D, M) := (A/B, A%B) ... */
|
||||
if (!BN_div(D, M, &local_A, B, ctx))
|
||||
goto err;
|
||||
/* Ensure local_A goes out of scope before any further use of A */
|
||||
}
|
||||
|
||||
/*-
|
||||
* Now
|
||||
* A = D*B + M;
|
||||
* thus we have
|
||||
* (**) sign*Y*a == D*B + M (mod |n|).
|
||||
*/
|
||||
|
||||
tmp = A; /* keep the BIGNUM object, the value does not
|
||||
* matter */
|
||||
|
||||
/* (A, B) := (B, A mod B) ... */
|
||||
A = B;
|
||||
B = M;
|
||||
/* ... so we have 0 <= B < A again */
|
||||
|
||||
/*-
|
||||
* Since the former M is now B and the former B is now A,
|
||||
* (**) translates into
|
||||
* sign*Y*a == D*A + B (mod |n|),
|
||||
* i.e.
|
||||
* sign*Y*a - D*A == B (mod |n|).
|
||||
* Similarly, (*) translates into
|
||||
* -sign*X*a == A (mod |n|).
|
||||
*
|
||||
* Thus,
|
||||
* sign*Y*a + D*sign*X*a == B (mod |n|),
|
||||
* i.e.
|
||||
* sign*(Y + D*X)*a == B (mod |n|).
|
||||
*
|
||||
* So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
|
||||
* -sign*X*a == B (mod |n|),
|
||||
* sign*Y*a == A (mod |n|).
|
||||
* Note that X and Y stay non-negative all the time.
|
||||
*/
|
||||
|
||||
if (!BN_mul(tmp, D, X, ctx))
|
||||
goto err;
|
||||
if (!BN_add(tmp, tmp, Y))
|
||||
goto err;
|
||||
|
||||
M = Y; /* keep the BIGNUM object, the value does not
|
||||
* matter */
|
||||
Y = X;
|
||||
X = tmp;
|
||||
sign = -sign;
|
||||
}
|
||||
|
||||
/*-
|
||||
* The while loop (Euclid's algorithm) ends when
|
||||
* A == gcd(a,n);
|
||||
* we have
|
||||
* sign*Y*a == A (mod |n|),
|
||||
* where Y is non-negative.
|
||||
*/
|
||||
|
||||
if (sign < 0) {
|
||||
if (!BN_sub(Y, n, Y))
|
||||
goto err;
|
||||
}
|
||||
/* Now Y*a == A (mod |n|). */
|
||||
|
||||
if (BN_is_one(A)) {
|
||||
/* Y*a == 1 (mod |n|) */
|
||||
if (!Y->neg && BN_ucmp(Y, n) < 0) {
|
||||
if (!BN_copy(R, Y))
|
||||
goto err;
|
||||
} else {
|
||||
if (!BN_nnmod(R, Y, n, ctx))
|
||||
goto err;
|
||||
}
|
||||
} else {
|
||||
BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE);
|
||||
/* subtract shared powers of two; shifts >= 1 */
|
||||
if (!BN_rshift(r, r, shifts)
|
||||
|| !BN_rshift(g, g, shifts))
|
||||
goto err;
|
||||
|
||||
/* expand to biggest nword, with room for a possible extra word */
|
||||
top = 1 + ((r->top >= g->top) ? r->top : g->top);
|
||||
if (bn_wexpand(r, top) == NULL
|
||||
|| bn_wexpand(g, top) == NULL
|
||||
|| bn_wexpand(temp, top) == NULL)
|
||||
goto err;
|
||||
|
||||
/* re arrange inputs s.t. r is odd */
|
||||
BN_consttime_swap((~r->d[0]) & 1, r, g, top);
|
||||
|
||||
/* compute the number of iterations */
|
||||
rlen = BN_num_bits(r);
|
||||
glen = BN_num_bits(g);
|
||||
m = 4 + 3 * ((rlen >= glen) ? rlen : glen);
|
||||
|
||||
for (i = 0; i < m; i++) {
|
||||
/* conditionally flip signs if delta is positive and g is odd */
|
||||
cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1
|
||||
/* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */
|
||||
& (~((g->top - 1) >> (sizeof(g->top) * 8 - 1)));
|
||||
delta = (-cond & -delta) | ((cond - 1) & delta);
|
||||
r->neg ^= cond;
|
||||
/* swap */
|
||||
BN_consttime_swap(cond, r, g, top);
|
||||
|
||||
/* elimination step */
|
||||
delta++;
|
||||
if (!BN_add(temp, g, r))
|
||||
goto err;
|
||||
BN_consttime_swap(g->d[0] & 1 /* g is odd */
|
||||
/* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */
|
||||
& (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))),
|
||||
g, temp, top);
|
||||
if (!BN_rshift1(g, g))
|
||||
goto err;
|
||||
}
|
||||
ret = R;
|
||||
|
||||
/* remove possible negative sign */
|
||||
r->neg = 0;
|
||||
/* add powers of 2 removed, then correct the artificial shift */
|
||||
if (!BN_lshift(r, r, shifts)
|
||||
|| !BN_rshift1(r, r))
|
||||
goto err;
|
||||
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
if ((ret == NULL) && (in == NULL))
|
||||
BN_free(R);
|
||||
BN_CTX_end(ctx);
|
||||
bn_check_top(ret);
|
||||
bn_check_top(r);
|
||||
return ret;
|
||||
}
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
#include <limits.h>
|
||||
#include <stdio.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
#ifndef OPENSSL_NO_EC2M
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
*/
|
||||
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
/*
|
||||
* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
*/
|
||||
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
/* least significant word */
|
||||
#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
|
||||
|
|
129
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_lib.c
vendored
129
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_lib.c
vendored
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -10,9 +10,9 @@
|
|||
#include <assert.h>
|
||||
#include <limits.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
#include <openssl/opensslconf.h>
|
||||
#include "internal/constant_time_locl.h"
|
||||
#include "internal/constant_time.h"
|
||||
|
||||
/* This stuff appears to be completely unused, so is deprecated */
|
||||
#if OPENSSL_API_COMPAT < 0x00908000L
|
||||
|
@ -87,6 +87,15 @@ const BIGNUM *BN_value_one(void)
|
|||
return &const_one;
|
||||
}
|
||||
|
||||
/*
|
||||
* Old Visual Studio ARM compiler miscompiles BN_num_bits_word()
|
||||
* https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html
|
||||
*/
|
||||
#if defined(_MSC_VER) && defined(_ARM_) && defined(_WIN32_WCE) \
|
||||
&& _MSC_VER>=1400 && _MSC_VER<1501
|
||||
# define MS_BROKEN_BN_num_bits_word
|
||||
# pragma optimize("", off)
|
||||
#endif
|
||||
int BN_num_bits_word(BN_ULONG l)
|
||||
{
|
||||
BN_ULONG x, mask;
|
||||
|
@ -131,21 +140,70 @@ int BN_num_bits_word(BN_ULONG l)
|
|||
|
||||
return bits;
|
||||
}
|
||||
#ifdef MS_BROKEN_BN_num_bits_word
|
||||
# pragma optimize("", on)
|
||||
#endif
|
||||
|
||||
/*
|
||||
* This function still leaks `a->dmax`: it's caller's responsibility to
|
||||
* expand the input `a` in advance to a public length.
|
||||
*/
|
||||
static ossl_inline
|
||||
int bn_num_bits_consttime(const BIGNUM *a)
|
||||
{
|
||||
int j, ret;
|
||||
unsigned int mask, past_i;
|
||||
int i = a->top - 1;
|
||||
bn_check_top(a);
|
||||
|
||||
for (j = 0, past_i = 0, ret = 0; j < a->dmax; j++) {
|
||||
mask = constant_time_eq_int(i, j); /* 0xff..ff if i==j, 0x0 otherwise */
|
||||
|
||||
ret += BN_BITS2 & (~mask & ~past_i);
|
||||
ret += BN_num_bits_word(a->d[j]) & mask;
|
||||
|
||||
past_i |= mask; /* past_i will become 0xff..ff after i==j */
|
||||
}
|
||||
|
||||
/*
|
||||
* if BN_is_zero(a) => i is -1 and ret contains garbage, so we mask the
|
||||
* final result.
|
||||
*/
|
||||
mask = ~(constant_time_eq_int(i, ((int)-1)));
|
||||
|
||||
return ret & mask;
|
||||
}
|
||||
|
||||
int BN_num_bits(const BIGNUM *a)
|
||||
{
|
||||
int i = a->top - 1;
|
||||
bn_check_top(a);
|
||||
|
||||
if (a->flags & BN_FLG_CONSTTIME) {
|
||||
/*
|
||||
* We assume that BIGNUMs flagged as CONSTTIME have also been expanded
|
||||
* so that a->dmax is not leaking secret information.
|
||||
*
|
||||
* In other words, it's the caller's responsibility to ensure `a` has
|
||||
* been preallocated in advance to a public length if we hit this
|
||||
* branch.
|
||||
*
|
||||
*/
|
||||
return bn_num_bits_consttime(a);
|
||||
}
|
||||
|
||||
if (BN_is_zero(a))
|
||||
return 0;
|
||||
|
||||
return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
|
||||
}
|
||||
|
||||
static void bn_free_d(BIGNUM *a)
|
||||
static void bn_free_d(BIGNUM *a, int clear)
|
||||
{
|
||||
if (BN_get_flags(a, BN_FLG_SECURE))
|
||||
OPENSSL_secure_free(a->d);
|
||||
OPENSSL_secure_clear_free(a->d, a->dmax * sizeof(a->d[0]));
|
||||
else if (clear != 0)
|
||||
OPENSSL_clear_free(a->d, a->dmax * sizeof(a->d[0]));
|
||||
else
|
||||
OPENSSL_free(a->d);
|
||||
}
|
||||
|
@ -155,10 +213,8 @@ void BN_clear_free(BIGNUM *a)
|
|||
{
|
||||
if (a == NULL)
|
||||
return;
|
||||
if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA)) {
|
||||
OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
|
||||
bn_free_d(a);
|
||||
}
|
||||
if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA))
|
||||
bn_free_d(a, 1);
|
||||
if (BN_get_flags(a, BN_FLG_MALLOCED)) {
|
||||
OPENSSL_cleanse(a, sizeof(*a));
|
||||
OPENSSL_free(a);
|
||||
|
@ -170,7 +226,7 @@ void BN_free(BIGNUM *a)
|
|||
if (a == NULL)
|
||||
return;
|
||||
if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
|
||||
bn_free_d(a);
|
||||
bn_free_d(a, 0);
|
||||
if (a->flags & BN_FLG_MALLOCED)
|
||||
OPENSSL_free(a);
|
||||
}
|
||||
|
@ -248,10 +304,8 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
|
|||
BN_ULONG *a = bn_expand_internal(b, words);
|
||||
if (!a)
|
||||
return NULL;
|
||||
if (b->d) {
|
||||
OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
|
||||
bn_free_d(b);
|
||||
}
|
||||
if (b->d != NULL)
|
||||
bn_free_d(b, 1);
|
||||
b->d = a;
|
||||
b->dmax = words;
|
||||
}
|
||||
|
@ -280,15 +334,19 @@ BIGNUM *BN_dup(const BIGNUM *a)
|
|||
|
||||
BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
|
||||
{
|
||||
int bn_words;
|
||||
|
||||
bn_check_top(b);
|
||||
|
||||
bn_words = BN_get_flags(b, BN_FLG_CONSTTIME) ? b->dmax : b->top;
|
||||
|
||||
if (a == b)
|
||||
return a;
|
||||
if (bn_wexpand(a, b->top) == NULL)
|
||||
if (bn_wexpand(a, bn_words) == NULL)
|
||||
return NULL;
|
||||
|
||||
if (b->top > 0)
|
||||
memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
|
||||
memcpy(a->d, b->d, sizeof(b->d[0]) * bn_words);
|
||||
|
||||
a->neg = b->neg;
|
||||
a->top = b->top;
|
||||
|
@ -338,6 +396,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b)
|
|||
|
||||
void BN_clear(BIGNUM *a)
|
||||
{
|
||||
if (a == NULL)
|
||||
return;
|
||||
bn_check_top(a);
|
||||
if (a->d != NULL)
|
||||
OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);
|
||||
|
@ -414,8 +474,11 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
|
|||
return ret;
|
||||
}
|
||||
|
||||
typedef enum {big, little} endianess_t;
|
||||
|
||||
/* ignore negative */
|
||||
static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
|
||||
static
|
||||
int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen, endianess_t endianess)
|
||||
{
|
||||
int n;
|
||||
size_t i, lasti, j, atop, mask;
|
||||
|
@ -447,10 +510,17 @@ static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
|
|||
|
||||
lasti = atop - 1;
|
||||
atop = a->top * BN_BYTES;
|
||||
for (i = 0, j = 0, to += tolen; j < (size_t)tolen; j++) {
|
||||
if (endianess == big)
|
||||
to += tolen; /* start from the end of the buffer */
|
||||
for (i = 0, j = 0; j < (size_t)tolen; j++) {
|
||||
unsigned char val;
|
||||
l = a->d[i / BN_BYTES];
|
||||
mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1));
|
||||
*--to = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask);
|
||||
val = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask);
|
||||
if (endianess == big)
|
||||
*--to = val;
|
||||
else
|
||||
*to++ = val;
|
||||
i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */
|
||||
}
|
||||
|
||||
|
@ -461,12 +531,12 @@ int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
|
|||
{
|
||||
if (tolen < 0)
|
||||
return -1;
|
||||
return bn2binpad(a, to, tolen);
|
||||
return bn2binpad(a, to, tolen, big);
|
||||
}
|
||||
|
||||
int BN_bn2bin(const BIGNUM *a, unsigned char *to)
|
||||
{
|
||||
return bn2binpad(a, to, -1);
|
||||
return bn2binpad(a, to, -1, big);
|
||||
}
|
||||
|
||||
BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
|
||||
|
@ -518,22 +588,9 @@ BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
|
|||
|
||||
int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen)
|
||||
{
|
||||
int i;
|
||||
BN_ULONG l;
|
||||
bn_check_top(a);
|
||||
i = BN_num_bytes(a);
|
||||
if (tolen < i)
|
||||
if (tolen < 0)
|
||||
return -1;
|
||||
/* Add trailing zeroes if necessary */
|
||||
if (tolen > i)
|
||||
memset(to + i, 0, tolen - i);
|
||||
to += i;
|
||||
while (i--) {
|
||||
l = a->d[i / BN_BYTES];
|
||||
to--;
|
||||
*to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
|
||||
}
|
||||
return tolen;
|
||||
return bn2binpad(a, to, tolen, little);
|
||||
}
|
||||
|
||||
int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -7,8 +7,8 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#ifndef HEADER_BN_LCL_H
|
||||
# define HEADER_BN_LCL_H
|
||||
#ifndef OSSL_CRYPTO_BN_LOCAL_H
|
||||
# define OSSL_CRYPTO_BN_LOCAL_H
|
||||
|
||||
/*
|
||||
* The EDK2 build doesn't use bn_conf.h; it sets THIRTY_TWO_BIT or
|
||||
|
@ -18,10 +18,10 @@
|
|||
# include <openssl/opensslconf.h>
|
||||
|
||||
# if !defined(OPENSSL_SYS_UEFI)
|
||||
# include "internal/bn_conf.h"
|
||||
# include "crypto/bn_conf.h"
|
||||
# endif
|
||||
|
||||
# include "internal/bn_int.h"
|
||||
# include "crypto/bn.h"
|
||||
|
||||
/*
|
||||
* These preprocessor symbols control various aspects of the bignum headers
|
||||
|
@ -295,7 +295,7 @@ struct bn_gencb_st {
|
|||
(b) > 23 ? 3 : 1)
|
||||
|
||||
/*
|
||||
* BN_mod_exp_mont_conttime is based on the assumption that the L1 data cache
|
||||
* BN_mod_exp_mont_consttime is based on the assumption that the L1 data cache
|
||||
* line width of the target processor is at least the following value.
|
||||
*/
|
||||
# define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 )
|
||||
|
@ -654,9 +654,6 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
|
|||
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
|
||||
int *noinv);
|
||||
|
||||
int bn_probable_prime_dh(BIGNUM *rnd, int bits,
|
||||
const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
|
||||
|
||||
static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits)
|
||||
{
|
||||
if (bits > (INT_MAX - BN_BITS2 + 1))
|
|
@ -8,7 +8,7 @@
|
|||
*/
|
||||
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
|
||||
{
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
*/
|
||||
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
#define MONT_WORD /* use the faster word-based algorithm */
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -9,7 +9,7 @@
|
|||
|
||||
#include <stdio.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
|
||||
{
|
||||
|
@ -45,7 +45,7 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
|
|||
int neg = 0;
|
||||
BIGNUM *a = NULL;
|
||||
|
||||
if (n < 4) {
|
||||
if (n < 4 || (d[0] & 0x80) != 0) {
|
||||
BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
#include <assert.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
#if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS)
|
||||
/*
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
#include "internal/cryptlib.h"
|
||||
|
||||
#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2
|
||||
|
|
218
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.c
vendored
218
trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.c
vendored
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -10,7 +10,7 @@
|
|||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
/*
|
||||
* The quick sieve algorithm approach to weeding out primes is Philip
|
||||
|
@ -22,10 +22,12 @@
|
|||
static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
|
||||
const BIGNUM *a1_odd, int k, BN_CTX *ctx,
|
||||
BN_MONT_CTX *mont);
|
||||
static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);
|
||||
static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
|
||||
const BIGNUM *add, const BIGNUM *rem,
|
||||
BN_CTX *ctx);
|
||||
static int probable_prime(BIGNUM *rnd, int bits, int safe, prime_t *mods);
|
||||
static int probable_prime_dh(BIGNUM *rnd, int bits, int safe, prime_t *mods,
|
||||
const BIGNUM *add, const BIGNUM *rem,
|
||||
BN_CTX *ctx);
|
||||
|
||||
#define square(x) ((BN_ULONG)(x) * (BN_ULONG)(x))
|
||||
|
||||
int BN_GENCB_call(BN_GENCB *cb, int a, int b)
|
||||
{
|
||||
|
@ -63,8 +65,12 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
|
|||
/* There are no prime numbers this small. */
|
||||
BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
|
||||
return 0;
|
||||
} else if (bits == 2 && safe) {
|
||||
/* The smallest safe prime (7) is three bits. */
|
||||
} else if (add == NULL && safe && bits < 6 && bits != 3) {
|
||||
/*
|
||||
* The smallest safe prime (7) is three bits.
|
||||
* But the following two safe primes with less than 6 bits (11, 23)
|
||||
* are unreachable for BN_rand with BN_RAND_TOP_TWO.
|
||||
*/
|
||||
BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
|
||||
return 0;
|
||||
}
|
||||
|
@ -83,16 +89,11 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
|
|||
loop:
|
||||
/* make a random number and set the top and bottom bits */
|
||||
if (add == NULL) {
|
||||
if (!probable_prime(ret, bits, mods))
|
||||
if (!probable_prime(ret, bits, safe, mods))
|
||||
goto err;
|
||||
} else {
|
||||
if (safe) {
|
||||
if (!probable_prime_dh_safe(ret, bits, add, rem, ctx))
|
||||
goto err;
|
||||
} else {
|
||||
if (!bn_probable_prime_dh(ret, bits, add, rem, ctx))
|
||||
goto err;
|
||||
}
|
||||
if (!probable_prime_dh(ret, bits, safe, mods, add, rem, ctx))
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!BN_GENCB_call(cb, 0, c1++))
|
||||
|
@ -135,8 +136,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
|
|||
found = 1;
|
||||
err:
|
||||
OPENSSL_free(mods);
|
||||
if (ctx != NULL)
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
bn_check_top(ret);
|
||||
return found;
|
||||
|
@ -269,17 +269,18 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
|
|||
return 1;
|
||||
}
|
||||
|
||||
static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
|
||||
static int probable_prime(BIGNUM *rnd, int bits, int safe, prime_t *mods)
|
||||
{
|
||||
int i;
|
||||
BN_ULONG delta;
|
||||
BN_ULONG maxdelta = BN_MASK2 - primes[NUMPRIMES - 1];
|
||||
char is_single_word = bits <= BN_BITS2;
|
||||
|
||||
again:
|
||||
/* TODO: Not all primes are private */
|
||||
if (!BN_priv_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD))
|
||||
return 0;
|
||||
if (safe && !BN_set_bit(rnd, 1))
|
||||
return 0;
|
||||
/* we now have a random number 'rnd' to test. */
|
||||
for (i = 1; i < NUMPRIMES; i++) {
|
||||
BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
|
||||
|
@ -287,61 +288,25 @@ static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
|
|||
return 0;
|
||||
mods[i] = (prime_t) mod;
|
||||
}
|
||||
/*
|
||||
* If bits is so small that it fits into a single word then we
|
||||
* additionally don't want to exceed that many bits.
|
||||
*/
|
||||
if (is_single_word) {
|
||||
BN_ULONG size_limit;
|
||||
|
||||
if (bits == BN_BITS2) {
|
||||
/*
|
||||
* Shifting by this much has undefined behaviour so we do it a
|
||||
* different way
|
||||
*/
|
||||
size_limit = ~((BN_ULONG)0) - BN_get_word(rnd);
|
||||
} else {
|
||||
size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1;
|
||||
}
|
||||
if (size_limit < maxdelta)
|
||||
maxdelta = size_limit;
|
||||
}
|
||||
delta = 0;
|
||||
loop:
|
||||
if (is_single_word) {
|
||||
BN_ULONG rnd_word = BN_get_word(rnd);
|
||||
|
||||
/*-
|
||||
* In the case that the candidate prime is a single word then
|
||||
* we check that:
|
||||
* 1) It's greater than primes[i] because we shouldn't reject
|
||||
* 3 as being a prime number because it's a multiple of
|
||||
* three.
|
||||
* 2) That it's not a multiple of a known prime. We don't
|
||||
* check that rnd-1 is also coprime to all the known
|
||||
* primes because there aren't many small primes where
|
||||
* that's true.
|
||||
for (i = 1; i < NUMPRIMES; i++) {
|
||||
/*
|
||||
* check that rnd is a prime and also that
|
||||
* gcd(rnd-1,primes) == 1 (except for 2)
|
||||
* do the second check only if we are interested in safe primes
|
||||
* in the case that the candidate prime is a single word then
|
||||
* we check only the primes up to sqrt(rnd)
|
||||
*/
|
||||
for (i = 1; i < NUMPRIMES && primes[i] < rnd_word; i++) {
|
||||
if ((mods[i] + delta) % primes[i] == 0) {
|
||||
delta += 2;
|
||||
if (delta > maxdelta)
|
||||
goto again;
|
||||
goto loop;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
for (i = 1; i < NUMPRIMES; i++) {
|
||||
/*
|
||||
* check that rnd is not a prime and also that gcd(rnd-1,primes)
|
||||
* == 1 (except for 2)
|
||||
*/
|
||||
if (((mods[i] + delta) % primes[i]) <= 1) {
|
||||
delta += 2;
|
||||
if (delta > maxdelta)
|
||||
goto again;
|
||||
goto loop;
|
||||
}
|
||||
if (bits <= 31 && delta <= 0x7fffffff
|
||||
&& square(primes[i]) > BN_get_word(rnd) + delta)
|
||||
break;
|
||||
if (safe ? (mods[i] + delta) % primes[i] <= 1
|
||||
: (mods[i] + delta) % primes[i] == 0) {
|
||||
delta += safe ? 4 : 2;
|
||||
if (delta > maxdelta)
|
||||
goto again;
|
||||
goto loop;
|
||||
}
|
||||
}
|
||||
if (!BN_add_word(rnd, delta))
|
||||
|
@ -352,16 +317,23 @@ static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
|
|||
return 1;
|
||||
}
|
||||
|
||||
int bn_probable_prime_dh(BIGNUM *rnd, int bits,
|
||||
const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx)
|
||||
static int probable_prime_dh(BIGNUM *rnd, int bits, int safe, prime_t *mods,
|
||||
const BIGNUM *add, const BIGNUM *rem,
|
||||
BN_CTX *ctx)
|
||||
{
|
||||
int i, ret = 0;
|
||||
BIGNUM *t1;
|
||||
BN_ULONG delta;
|
||||
BN_ULONG maxdelta = BN_MASK2 - primes[NUMPRIMES - 1];
|
||||
|
||||
BN_CTX_start(ctx);
|
||||
if ((t1 = BN_CTX_get(ctx)) == NULL)
|
||||
goto err;
|
||||
|
||||
if (maxdelta > BN_MASK2 - BN_get_word(add))
|
||||
maxdelta = BN_MASK2 - BN_get_word(add);
|
||||
|
||||
again:
|
||||
if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
|
||||
goto err;
|
||||
|
||||
|
@ -372,27 +344,44 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits,
|
|||
if (!BN_sub(rnd, rnd, t1))
|
||||
goto err;
|
||||
if (rem == NULL) {
|
||||
if (!BN_add_word(rnd, 1))
|
||||
if (!BN_add_word(rnd, safe ? 3u : 1u))
|
||||
goto err;
|
||||
} else {
|
||||
if (!BN_add(rnd, rnd, rem))
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* we now have a random number 'rand' to test. */
|
||||
if (BN_num_bits(rnd) < bits
|
||||
|| BN_get_word(rnd) < (safe ? 5u : 3u)) {
|
||||
if (!BN_add(rnd, rnd, add))
|
||||
goto err;
|
||||
}
|
||||
|
||||
loop:
|
||||
/* we now have a random number 'rnd' to test. */
|
||||
for (i = 1; i < NUMPRIMES; i++) {
|
||||
/* check that rnd is a prime */
|
||||
BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
|
||||
if (mod == (BN_ULONG)-1)
|
||||
goto err;
|
||||
if (mod <= 1) {
|
||||
if (!BN_add(rnd, rnd, add))
|
||||
goto err;
|
||||
mods[i] = (prime_t) mod;
|
||||
}
|
||||
delta = 0;
|
||||
loop:
|
||||
for (i = 1; i < NUMPRIMES; i++) {
|
||||
/* check that rnd is a prime */
|
||||
if (bits <= 31 && delta <= 0x7fffffff
|
||||
&& square(primes[i]) > BN_get_word(rnd) + delta)
|
||||
break;
|
||||
/* rnd mod p == 1 implies q = (rnd-1)/2 is divisible by p */
|
||||
if (safe ? (mods[i] + delta) % primes[i] <= 1
|
||||
: (mods[i] + delta) % primes[i] == 0) {
|
||||
delta += BN_get_word(add);
|
||||
if (delta > maxdelta)
|
||||
goto again;
|
||||
goto loop;
|
||||
}
|
||||
}
|
||||
if (!BN_add_word(rnd, delta))
|
||||
goto err;
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
|
@ -400,70 +389,3 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits,
|
|||
bn_check_top(rnd);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
|
||||
const BIGNUM *rem, BN_CTX *ctx)
|
||||
{
|
||||
int i, ret = 0;
|
||||
BIGNUM *t1, *qadd, *q;
|
||||
|
||||
bits--;
|
||||
BN_CTX_start(ctx);
|
||||
t1 = BN_CTX_get(ctx);
|
||||
q = BN_CTX_get(ctx);
|
||||
qadd = BN_CTX_get(ctx);
|
||||
if (qadd == NULL)
|
||||
goto err;
|
||||
|
||||
if (!BN_rshift1(qadd, padd))
|
||||
goto err;
|
||||
|
||||
if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
|
||||
goto err;
|
||||
|
||||
/* we need ((rnd-rem) % add) == 0 */
|
||||
if (!BN_mod(t1, q, qadd, ctx))
|
||||
goto err;
|
||||
if (!BN_sub(q, q, t1))
|
||||
goto err;
|
||||
if (rem == NULL) {
|
||||
if (!BN_add_word(q, 1))
|
||||
goto err;
|
||||
} else {
|
||||
if (!BN_rshift1(t1, rem))
|
||||
goto err;
|
||||
if (!BN_add(q, q, t1))
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* we now have a random number 'rand' to test. */
|
||||
if (!BN_lshift1(p, q))
|
||||
goto err;
|
||||
if (!BN_add_word(p, 1))
|
||||
goto err;
|
||||
|
||||
loop:
|
||||
for (i = 1; i < NUMPRIMES; i++) {
|
||||
/* check that p and q are prime */
|
||||
/*
|
||||
* check that for p and q gcd(p-1,primes) == 1 (except for 2)
|
||||
*/
|
||||
BN_ULONG pmod = BN_mod_word(p, (BN_ULONG)primes[i]);
|
||||
BN_ULONG qmod = BN_mod_word(q, (BN_ULONG)primes[i]);
|
||||
if (pmod == (BN_ULONG)-1 || qmod == (BN_ULONG)-1)
|
||||
goto err;
|
||||
if (pmod == 0 || qmod == 0) {
|
||||
if (!BN_add(p, p, padd))
|
||||
goto err;
|
||||
if (!BN_add(q, q, qadd))
|
||||
goto err;
|
||||
goto loop;
|
||||
}
|
||||
}
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
BN_CTX_end(ctx);
|
||||
bn_check_top(p);
|
||||
return ret;
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
* WARNING: do not edit!
|
||||
* Generated by crypto/bn/bn_prime.pl
|
||||
*
|
||||
* Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -8,11 +8,11 @@
|
|||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include "internal/ctype.h"
|
||||
#include "crypto/ctype.h"
|
||||
#include <limits.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/buffer.h>
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
static const char Hex[] = "0123456789ABCDEF";
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -10,7 +10,7 @@
|
|||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/sha.h>
|
||||
|
||||
|
@ -225,8 +225,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
|
|||
goto err;
|
||||
|
||||
/* We copy |priv| into a local buffer to avoid exposing its length. */
|
||||
todo = sizeof(priv->d[0]) * priv->top;
|
||||
if (todo > sizeof(private_bytes)) {
|
||||
if (BN_bn2binpad(priv, private_bytes, sizeof(private_bytes)) < 0) {
|
||||
/*
|
||||
* No reasonable DSA or ECDSA key should have a private key this
|
||||
* large and we don't handle this case in order to avoid leaking the
|
||||
|
@ -235,8 +234,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
|
|||
BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE);
|
||||
goto err;
|
||||
}
|
||||
memcpy(private_bytes, priv->d, todo);
|
||||
memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
|
||||
|
||||
for (done = 0; done < num_k_bytes;) {
|
||||
if (RAND_priv_bytes(random_bytes, sizeof(random_bytes)) != 1)
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
*/
|
||||
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
void BN_RECP_CTX_init(BN_RECP_CTX *recp)
|
||||
{
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
#include <assert.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
int BN_lshift1(BIGNUM *r, const BIGNUM *a)
|
||||
{
|
||||
|
@ -34,12 +34,10 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
|
|||
for (i = 0; i < a->top; i++) {
|
||||
t = *(ap++);
|
||||
*(rp++) = ((t << 1) | c) & BN_MASK2;
|
||||
c = (t & BN_TBIT) ? 1 : 0;
|
||||
}
|
||||
if (c) {
|
||||
*rp = 1;
|
||||
r->top++;
|
||||
c = t >> (BN_BITS2 - 1);
|
||||
}
|
||||
*rp = c;
|
||||
r->top += c;
|
||||
bn_check_top(r);
|
||||
return 1;
|
||||
}
|
||||
|
@ -47,7 +45,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
|
|||
int BN_rshift1(BIGNUM *r, const BIGNUM *a)
|
||||
{
|
||||
BN_ULONG *ap, *rp, t, c;
|
||||
int i, j;
|
||||
int i;
|
||||
|
||||
bn_check_top(r);
|
||||
bn_check_top(a);
|
||||
|
@ -58,23 +56,22 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a)
|
|||
}
|
||||
i = a->top;
|
||||
ap = a->d;
|
||||
j = i - (ap[i - 1] == 1);
|
||||
if (a != r) {
|
||||
if (bn_wexpand(r, j) == NULL)
|
||||
if (bn_wexpand(r, i) == NULL)
|
||||
return 0;
|
||||
r->neg = a->neg;
|
||||
}
|
||||
rp = r->d;
|
||||
r->top = i;
|
||||
t = ap[--i];
|
||||
c = (t & 1) ? BN_TBIT : 0;
|
||||
if (t >>= 1)
|
||||
rp[i] = t;
|
||||
rp[i] = t >> 1;
|
||||
c = t << (BN_BITS2 - 1);
|
||||
r->top -= (t == 1);
|
||||
while (i > 0) {
|
||||
t = ap[--i];
|
||||
rp[i] = ((t >> 1) & BN_MASK2) | c;
|
||||
c = (t & 1) ? BN_TBIT : 0;
|
||||
c = t << (BN_BITS2 - 1);
|
||||
}
|
||||
r->top = j;
|
||||
if (!r->top)
|
||||
r->neg = 0; /* don't allow negative zero */
|
||||
bn_check_top(r);
|
||||
|
@ -152,57 +149,19 @@ int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n)
|
|||
|
||||
int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
|
||||
{
|
||||
int i, j, nw, lb, rb;
|
||||
BN_ULONG *t, *f;
|
||||
BN_ULONG l, tmp;
|
||||
|
||||
bn_check_top(r);
|
||||
bn_check_top(a);
|
||||
int ret = 0;
|
||||
|
||||
if (n < 0) {
|
||||
BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT);
|
||||
return 0;
|
||||
}
|
||||
|
||||
nw = n / BN_BITS2;
|
||||
rb = n % BN_BITS2;
|
||||
lb = BN_BITS2 - rb;
|
||||
if (nw >= a->top || a->top == 0) {
|
||||
BN_zero(r);
|
||||
return 1;
|
||||
}
|
||||
i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2;
|
||||
if (r != a) {
|
||||
if (bn_wexpand(r, i) == NULL)
|
||||
return 0;
|
||||
r->neg = a->neg;
|
||||
} else {
|
||||
if (n == 0)
|
||||
return 1; /* or the copying loop will go berserk */
|
||||
}
|
||||
ret = bn_rshift_fixed_top(r, a, n);
|
||||
|
||||
f = &(a->d[nw]);
|
||||
t = r->d;
|
||||
j = a->top - nw;
|
||||
r->top = i;
|
||||
|
||||
if (rb == 0) {
|
||||
for (i = j; i != 0; i--)
|
||||
*(t++) = *(f++);
|
||||
} else {
|
||||
l = *(f++);
|
||||
for (i = j - 1; i != 0; i--) {
|
||||
tmp = (l >> rb) & BN_MASK2;
|
||||
l = *(f++);
|
||||
*(t++) = (tmp | (l << lb)) & BN_MASK2;
|
||||
}
|
||||
if ((l = (l >> rb) & BN_MASK2))
|
||||
*(t) = l;
|
||||
}
|
||||
if (!r->top)
|
||||
r->neg = 0; /* don't allow negative zero */
|
||||
bn_correct_top(r);
|
||||
bn_check_top(r);
|
||||
return 1;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
*/
|
||||
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
/* r must not be a */
|
||||
/*
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -8,7 +8,7 @@
|
|||
*/
|
||||
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
|
||||
/*
|
||||
|
@ -125,7 +125,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
|
|||
* = a.
|
||||
*
|
||||
* (This is due to A.O.L. Atkin,
|
||||
* <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
|
||||
* Subject: Square Roots and Cognate Matters modulo p=8n+5.
|
||||
* URL: https://listserv.nodak.edu/cgi-bin/wa.exe?A2=ind9211&L=NMBRTHRY&P=4026
|
||||
* November 1992.)
|
||||
*/
|
||||
|
||||
|
|
|
@ -7,13 +7,13 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
#include "internal/nelem.h"
|
||||
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
|
||||
#include <openssl/srp.h>
|
||||
#include "internal/bn_srp.h"
|
||||
#include "crypto/bn_srp.h"
|
||||
|
||||
# if (BN_BYTES == 8)
|
||||
# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
*/
|
||||
|
||||
#include "internal/cryptlib.h"
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
|
||||
{
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
#include <stdio.h>
|
||||
#include <openssl/bn.h>
|
||||
#include "bn_lcl.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
/* X9.31 routines for prime derivation */
|
||||
|
||||
|
|
|
@ -6,7 +6,6 @@ SOURCE[../../libcrypto]=\
|
|||
{- $target{bn_asm_src} -} \
|
||||
bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
|
||||
bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c
|
||||
INCLUDE[../../libcrypto]=../../crypto/include
|
||||
|
||||
INCLUDE[bn_exp.o]=..
|
||||
|
||||
|
|
|
@ -12,8 +12,8 @@
|
|||
* (2) University of Haifa, Israel
|
||||
*/
|
||||
|
||||
#ifndef RSAZ_EXP_H
|
||||
# define RSAZ_EXP_H
|
||||
#ifndef OSSL_CRYPTO_BN_RSAZ_EXP_H
|
||||
# define OSSL_CRYPTO_BN_RSAZ_EXP_H
|
||||
|
||||
# undef RSAZ_ENABLED
|
||||
# if defined(OPENSSL_BN_ASM_MONT) && \
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue