summaryrefslogtreecommitdiffstats
path: root/crypto/bn/bn_nist.c
diff options
context:
space:
mode:
authorAndy Polyakov <appro@openssl.org>2008-04-09 13:36:04 +0200
committerAndy Polyakov <appro@openssl.org>2008-04-09 13:36:04 +0200
commit2c4226c42b2606a43a41ebc5c97a96b24de4216a (patch)
tree93ee4479be11843a658525a780525a4c30f9758b /crypto/bn/bn_nist.c
parentFix various typos, update SMIMECapabilities description. (diff)
downloadopenssl-2c4226c42b2606a43a41ebc5c97a96b24de4216a.tar.xz
openssl-2c4226c42b2606a43a41ebc5c97a96b24de4216a.zip
Do BN_nist_mod_384 by the book, as cheating doesn't work. Other functions
will be revised too. PR: 1593
Diffstat (limited to 'crypto/bn/bn_nist.c')
-rw-r--r--crypto/bn/bn_nist.c122
1 files changed, 63 insertions, 59 deletions
diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c
index fd15c28777..6b88c5fa13 100644
--- a/crypto/bn/bn_nist.c
+++ b/crypto/bn/bn_nist.c
@@ -176,10 +176,6 @@ const BIGNUM *BN_get0_nist_prime_521(void)
static BN_ULONG _256_data[BN_NIST_256_TOP*6];
static int _is_set_256_data = 0;
static void _init_256_data(void);
-
-static BN_ULONG _384_data[BN_NIST_384_TOP*8];
-static int _is_set_384_data = 0;
-static void _init_384_data(void);
#endif
#define BN_NIST_ADD_ONE(a) while (!(*(a)=(*(a)+1)&BN_MASK2)) ++(a);
@@ -527,26 +523,6 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
#endif
}
-#if BN_BITS2 == 32
-static void _init_384_data(void)
- {
- int i;
- BN_ULONG *tmp1 = _384_data;
- const BN_ULONG *tmp2 = tmp1;
-
- memcpy(tmp1, _nist_p_384, BN_NIST_384_TOP * sizeof(BN_ULONG));
- tmp1 += BN_NIST_384_TOP;
-
- for (i=0; i<7; i++)
- {
- bn_add_words(tmp1, _nist_p_384, tmp2, BN_NIST_384_TOP);
- tmp2 = tmp1;
- tmp1 += BN_NIST_384_TOP;
- }
- _is_set_384_data = 1;
- }
-#endif
-
#define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \
{ \
if (a12 != 0) bn_cp_32(to, 0, from, (a12) - 12) else bn_32_set_0(to, 0)\
@@ -571,17 +547,10 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
int carry = 0;
register BN_ULONG *r_d, *a_d = a->d;
BN_ULONG t_d[BN_NIST_384_TOP],
- buf[BN_NIST_384_TOP];
-
- if (!_is_set_384_data)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_BN);
-
- if (!_is_set_384_data)
- _init_384_data();
-
- CRYPTO_w_unlock(CRYPTO_LOCK_BN);
- }
+ buf[BN_NIST_384_TOP],
+ c_d[BN_NIST_384_TOP],
+ *res;
+ size_t mask;
i = BN_ucmp(field, a);
if (i == 0)
@@ -624,48 +593,83 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
}
carry = bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2),
t_d, BN_NIST_256_TOP);
+ /* this is equivalent to if (result >= module) */
+ mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
+ mask = ~mask | (0-(size_t)carry);
+ res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
+
/*S2 */
- carry += bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP);
+ carry = bn_add_words(r_d, res, buf, BN_NIST_384_TOP);
+ mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
+ mask = ~mask | (0-(size_t)carry);
+ res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
+
/*S3*/
nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21);
- carry += bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+ carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP);
+ mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
+ mask = ~mask | (0-(size_t)carry);
+ res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
+
/*S4*/
nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0);
- carry += bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+ carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP);
+ mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
+ mask = ~mask | (0-(size_t)carry);
+ res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
+
/*S5*/
- nist_set_256(t_d, buf, 0, 0, 0, 0, 23-4, 22-4, 21-4, 20-4);
- carry += bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2),
- t_d, BN_NIST_256_TOP);
+ nist_set_384(t_d, buf,0,0,0,0,23,22,21,20,0,0,0,0);
+ carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP);
+ mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
+ mask = ~mask | (0-(size_t)carry);
+ res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
+
/*S6*/
nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20);
- carry += bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
-
- if (carry)
- bn_sub_words(r_d, r_d, _384_data + BN_NIST_384_TOP *
- (carry-1), BN_NIST_384_TOP);
+ carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP);
+ mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
+ mask = ~mask | (0-(size_t)carry);
+ res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
/*D1*/
nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23);
- carry = bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+#if BRANCH_FREE
+ carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP);
+ bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
+ mask = 0-(size_t)carry;
+ res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
+#else
+ if (bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP))
+ bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP);
+#endif
/*D2*/
nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0);
- carry += bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+#if BRANCH_FREE
+ carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP);
+ bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
+ mask = 0-(size_t)carry;
+ res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
+#else
+ if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP))
+ bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP);
+#endif
/*D3*/
nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0);
- carry += bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
-
- if (carry)
- bn_add_words(r_d, r_d, _384_data + BN_NIST_384_TOP *
- (carry-1), BN_NIST_384_TOP);
+#if BRANCH_FREE
+ carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP);
+ bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
+ mask = 0-(size_t)carry;
+ res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
+ nist_cp_bn(r_d, res, BN_NIST_384_TOP);
+#else
+ if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP))
+ bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP);
+#endif
r->top = BN_NIST_384_TOP;
bn_correct_top(r);
- if (BN_ucmp(r, field) >= 0)
- {
- bn_sub_words(r_d, r_d, _nist_p_384, BN_NIST_384_TOP);
- bn_correct_top(r);
- }
- bn_check_top(r);
+
return 1;
#else
return 0;