*
*/
+/* NOTE: This file is licensed pursuant to the OpenSSL license below
+ * and may be modified; but after modifications, the above covenant
+ * may no longer apply! In such cases, the corresponding paragraph
+ * ["In addition, Sun covenants ... causes the infringement."] and
+ * this note can be edited out; but please keep the Sun copyright
+ * notice and attribution. */
+
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
BN_ULONG tab[16], top3b = a >> 61;
register BN_ULONG a1, a2, a4, a8;
- a1 = a & (0x1FFFFFFFFFFFFFFF); a2 = a1 << 1; a4 = a2 << 1; a8 = a4 << 1;
+ a1 = a & (0x1FFFFFFFFFFFFFFFULL); a2 = a1 << 1; a4 = a2 << 1; a8 = a4 << 1;
tab[ 0] = 0; tab[ 1] = a1; tab[ 2] = a2; tab[ 3] = a1^a2;
tab[ 4] = a4; tab[ 5] = a1^a4; tab[ 6] = a2^a4; tab[ 7] = a1^a2^a4;
int i;
const BIGNUM *at, *bt;
+ bn_check_top(a);
+ bn_check_top(b);
+
if (a->top < b->top) { at = b; bt = a; }
else { at = a; bt = b; }
- bn_expand2(r, at->top);
+ bn_wexpand(r, at->top);
for (i = 0; i < bt->top; i++)
{
}
r->top = at->top;
- bn_fix_top(r);
+ bn_correct_top(r);
return 1;
}
int j, k;
int n, dN, d0, d1;
BN_ULONG zz, *z;
-
- /* Since the algorithm does reduction in place, if a == r, copy the
- * contents of a into r so we can do reduction in r.
+
+ bn_check_top(a);
+
+ if (!p[0])
+ {
+ /* reduction mod 1 => return 0 */
+ BN_zero(r);
+ return 1;
+ }
+
+ /* Since the algorithm does reduction in the r value, if a != r, copy
+ * the contents of a into r so we can do reduction in r.
*/
- if ((a != NULL) && (a->d != r->d))
+ if (a != r)
{
if (!bn_wexpand(r, a->top)) return 0;
for (j = 0; j < a->top; j++)
if (z[j] == 0) { j--; continue; }
z[j] = 0;
- for (k = 1; p[k] > 0; k++)
+ for (k = 1; p[k] != 0; k++)
{
/* reducing component t^p[k] */
n = p[0] - p[k];
if (d0) z[dN] = (z[dN] << d1) >> d1; /* clear up the top d1 bits */
z[0] ^= zz; /* reduction t^0 component */
- for (k = 1; p[k] > 0; k++)
+ for (k = 1; p[k] != 0; k++)
{
+ BN_ULONG tmp_ulong;
+
/* reducing component t^p[k]*/
n = p[k] / BN_BITS2;
d0 = p[k] % BN_BITS2;
d1 = BN_BITS2 - d0;
z[n] ^= (zz << d0);
- if (d0) z[n+1] ^= (zz >> d1);
+ tmp_ulong = zz >> d1;
+ if (d0 && tmp_ulong)
+ z[n+1] ^= tmp_ulong;
}
}
- bn_fix_top(r);
-
+ bn_correct_top(r);
return 1;
}
*/
int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
{
+ int ret = 0;
const int max = BN_num_bits(p);
- unsigned int *arr=NULL, ret = 0;
+ unsigned int *arr=NULL;
+ bn_check_top(a);
+ bn_check_top(p);
if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
- if (BN_GF2m_poly2arr(p, arr, max) > max)
+ ret = BN_GF2m_poly2arr(p, arr, max);
+ if (!ret || ret > max)
{
BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH);
goto err;
}
ret = BN_GF2m_mod_arr(r, a, arr);
- err:
+ bn_check_top(r);
+err:
if (arr) OPENSSL_free(arr);
return ret;
}
int zlen, i, j, k, ret = 0;
BIGNUM *s;
BN_ULONG x1, x0, y1, y0, zz[4];
-
+
+ bn_check_top(a);
+ bn_check_top(b);
+
if (a == b)
{
return BN_GF2m_mod_sqr_arr(r, a, p, ctx);
}
-
BN_CTX_start(ctx);
if ((s = BN_CTX_get(ctx)) == NULL) goto err;
- zlen = a->top + b->top;
+ zlen = a->top + b->top + 4;
if (!bn_wexpand(s, zlen)) goto err;
s->top = zlen;
}
}
- bn_fix_top(s);
- BN_GF2m_mod_arr(r, s, p);
- ret = 1;
+ bn_correct_top(s);
+ if (BN_GF2m_mod_arr(r, s, p))
+ ret = 1;
+ bn_check_top(r);
- err:
+err:
BN_CTX_end(ctx);
return ret;
-
}
/* Compute the product of two polynomials a and b, reduce modulo p, and store
*/
int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
{
+ int ret = 0;
const int max = BN_num_bits(p);
- unsigned int *arr=NULL, ret = 0;
+ unsigned int *arr=NULL;
+ bn_check_top(a);
+ bn_check_top(b);
+ bn_check_top(p);
if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
- if (BN_GF2m_poly2arr(p, arr, max) > max)
+ ret = BN_GF2m_poly2arr(p, arr, max);
+ if (!ret || ret > max)
{
BNerr(BN_F_BN_GF2M_MOD_MUL,BN_R_INVALID_LENGTH);
goto err;
}
ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
- err:
+ bn_check_top(r);
+err:
if (arr) OPENSSL_free(arr);
return ret;
}
{
int i, ret = 0;
BIGNUM *s;
-
+
+ bn_check_top(a);
BN_CTX_start(ctx);
if ((s = BN_CTX_get(ctx)) == NULL) return 0;
if (!bn_wexpand(s, 2 * a->top)) goto err;
}
s->top = 2 * a->top;
- bn_fix_top(s);
+ bn_correct_top(s);
if (!BN_GF2m_mod_arr(r, s, p)) goto err;
+ bn_check_top(r);
ret = 1;
- err:
+err:
BN_CTX_end(ctx);
return ret;
}
*/
int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
{
+ int ret = 0;
const int max = BN_num_bits(p);
- unsigned int *arr=NULL, ret = 0;
+ unsigned int *arr=NULL;
+
+ bn_check_top(a);
+ bn_check_top(p);
if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
- if (BN_GF2m_poly2arr(p, arr, max) > max)
+ ret = BN_GF2m_poly2arr(p, arr, max);
+ if (!ret || ret > max)
{
BNerr(BN_F_BN_GF2M_MOD_SQR,BN_R_INVALID_LENGTH);
goto err;
}
ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
- err:
+ bn_check_top(r);
+err:
if (arr) OPENSSL_free(arr);
return ret;
}
BIGNUM *b, *c, *u, *v, *tmp;
int ret = 0;
+ bn_check_top(a);
+ bn_check_top(p);
+
BN_CTX_start(ctx);
b = BN_CTX_get(ctx);
if (v == NULL) goto err;
if (!BN_one(b)) goto err;
- if (!BN_zero(c)) goto err;
if (!BN_GF2m_mod(u, a, p)) goto err;
if (!BN_copy(v, p)) goto err;
- u->neg = 0; /* Need to set u->neg = 0 because BN_is_one(u) checks
- * the neg flag of the bignum.
- */
-
if (BN_is_zero(u)) goto err;
while (1)
if (!BN_rshift1(b, b)) goto err;
}
- if (BN_is_one(u)) break;
+ if (BN_abs_is_word(u, 1)) break;
if (BN_num_bits(u) < BN_num_bits(v))
{
if (!BN_copy(r, b)) goto err;
+ bn_check_top(r);
ret = 1;
- err:
+err:
BN_CTX_end(ctx);
return ret;
}
BIGNUM *field;
int ret = 0;
+ bn_check_top(xx);
BN_CTX_start(ctx);
if ((field = BN_CTX_get(ctx)) == NULL) goto err;
if (!BN_GF2m_arr2poly(p, field)) goto err;
ret = BN_GF2m_mod_inv(r, xx, field, ctx);
+ bn_check_top(r);
- err:
+err:
BN_CTX_end(ctx);
return ret;
}
{
BIGNUM *xinv = NULL;
int ret = 0;
-
+
+ bn_check_top(y);
+ bn_check_top(x);
+ bn_check_top(p);
+
BN_CTX_start(ctx);
xinv = BN_CTX_get(ctx);
if (xinv == NULL) goto err;
if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) goto err;
if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) goto err;
+ bn_check_top(r);
ret = 1;
- err:
+err:
BN_CTX_end(ctx);
return ret;
}
BIGNUM *a, *b, *u, *v;
int ret = 0;
+ bn_check_top(y);
+ bn_check_top(x);
+ bn_check_top(p);
+
BN_CTX_start(ctx);
a = BN_CTX_get(ctx);
if (!BN_GF2m_mod(u, y, p)) goto err;
if (!BN_GF2m_mod(a, x, p)) goto err;
if (!BN_copy(b, p)) goto err;
- if (!BN_zero(v)) goto err;
- a->neg = 0; /* Need to set a->neg = 0 because BN_is_one(a) checks
- * the neg flag of the bignum.
- */
-
while (!BN_is_odd(a))
{
if (!BN_rshift1(a, a)) goto err;
if (!BN_rshift1(v, v)) goto err;
} while (!BN_is_odd(b));
}
- else if (BN_is_one(a))
+ else if (BN_abs_is_word(a, 1))
break;
else
{
} while (1);
if (!BN_copy(r, u)) goto err;
+ bn_check_top(r);
ret = 1;
- err:
+err:
BN_CTX_end(ctx);
return ret;
}
BIGNUM *field;
int ret = 0;
+ bn_check_top(yy);
+ bn_check_top(xx);
+
BN_CTX_start(ctx);
if ((field = BN_CTX_get(ctx)) == NULL) goto err;
if (!BN_GF2m_arr2poly(p, field)) goto err;
ret = BN_GF2m_mod_div(r, yy, xx, field, ctx);
+ bn_check_top(r);
- err:
+err:
BN_CTX_end(ctx);
return ret;
}
{
int ret = 0, i, n;
BIGNUM *u;
-
+
+ bn_check_top(a);
+ bn_check_top(b);
+
if (BN_is_zero(b))
- {
return(BN_one(r));
- }
-
+
+ if (BN_abs_is_word(b, 1))
+ return (BN_copy(r, a) != NULL);
BN_CTX_start(ctx);
if ((u = BN_CTX_get(ctx)) == NULL) goto err;
}
}
if (!BN_copy(r, u)) goto err;
-
+ bn_check_top(r);
ret = 1;
-
- err:
+err:
BN_CTX_end(ctx);
return ret;
}
*/
int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
{
+ int ret = 0;
const int max = BN_num_bits(p);
- unsigned int *arr=NULL, ret = 0;
+ unsigned int *arr=NULL;
+ bn_check_top(a);
+ bn_check_top(b);
+ bn_check_top(p);
if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
- if (BN_GF2m_poly2arr(p, arr, max) > max)
+ ret = BN_GF2m_poly2arr(p, arr, max);
+ if (!ret || ret > max)
{
BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH);
goto err;
}
ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
- err:
+ bn_check_top(r);
+err:
if (arr) OPENSSL_free(arr);
return ret;
}
{
int ret = 0;
BIGNUM *u;
-
+
+ bn_check_top(a);
+
+ if (!p[0])
+ {
+ /* reduction mod 1 => return 0 */
+ BN_zero(r);
+ return 1;
+ }
+
BN_CTX_start(ctx);
if ((u = BN_CTX_get(ctx)) == NULL) goto err;
- if (!BN_zero(u)) goto err;
if (!BN_set_bit(u, p[0] - 1)) goto err;
ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);
+ bn_check_top(r);
- err:
+err:
BN_CTX_end(ctx);
return ret;
}
*/
int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
{
+ int ret = 0;
const int max = BN_num_bits(p);
- unsigned int *arr=NULL, ret = 0;
+ unsigned int *arr=NULL;
+ bn_check_top(a);
+ bn_check_top(p);
if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
- if (BN_GF2m_poly2arr(p, arr, max) > max)
+ ret = BN_GF2m_poly2arr(p, arr, max);
+ if (!ret || ret > max)
{
BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH);
goto err;
}
ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
- err:
+ bn_check_top(r);
+err:
if (arr) OPENSSL_free(arr);
return ret;
}
*/
int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p[], BN_CTX *ctx)
{
- int ret = 0, i, count = 0;
+ int ret = 0, count = 0;
+ unsigned int j;
BIGNUM *a, *z, *rho, *w, *w2, *tmp;
-
+
+ bn_check_top(a_);
+
+ if (!p[0])
+ {
+ /* reduction mod 1 => return 0 */
+ BN_zero(r);
+ return 1;
+ }
+
BN_CTX_start(ctx);
a = BN_CTX_get(ctx);
z = BN_CTX_get(ctx);
if (BN_is_zero(a))
{
- ret = BN_zero(r);
+ BN_zero(r);
+ ret = 1;
goto err;
}
{
/* compute half-trace of a */
if (!BN_copy(z, a)) goto err;
- for (i = 1; i <= (p[0] - 1) / 2; i++)
+ for (j = 1; j <= (p[0] - 1) / 2; j++)
{
if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
{
if (!BN_rand(rho, p[0], 0, 0)) goto err;
if (!BN_GF2m_mod_arr(rho, rho, p)) goto err;
- if (!BN_zero(z)) goto err;
+ BN_zero(z);
if (!BN_copy(w, rho)) goto err;
- for (i = 1; i <= p[0] - 1; i++)
+ for (j = 1; j <= p[0] - 1; j++)
{
if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) goto err;
if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) goto err;
if (!BN_GF2m_add(w, z, w)) goto err;
- if (BN_GF2m_cmp(w, a)) goto err;
+ if (BN_GF2m_cmp(w, a))
+ {
+ BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION);
+ goto err;
+ }
if (!BN_copy(r, z)) goto err;
+ bn_check_top(r);
ret = 1;
- err:
+err:
BN_CTX_end(ctx);
return ret;
}
*/
int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
{
+ int ret = 0;
const int max = BN_num_bits(p);
- unsigned int *arr=NULL, ret = 0;
- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
- if (BN_GF2m_poly2arr(p, arr, max) > max)
+ unsigned int *arr=NULL;
+ bn_check_top(a);
+ bn_check_top(p);
+ if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) *
+ max)) == NULL) goto err;
+ ret = BN_GF2m_poly2arr(p, arr, max);
+ if (!ret || ret > max)
{
BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD,BN_R_INVALID_LENGTH);
goto err;
}
ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
- err:
+ bn_check_top(r);
+err:
if (arr) OPENSSL_free(arr);
return ret;
}
-/* Convert the bit-string representation of a polynomial a into an array
+/* Convert the bit-string representation of a polynomial
+ * ( \sum_{i=0}^n a_i * x^i , where a_0 is *not* zero) into an array
* of integers corresponding to the bits with non-zero coefficient.
* Up to max elements of the array will be filled. Return value is total
* number of coefficients that would be extracted if array was large enough.
*/
int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max)
{
- int i, j, k;
+ int i, j, k = 0;
BN_ULONG mask;
- for (k = 0; k < max; k++) p[k] = 0;
- k = 0;
+ if (BN_is_zero(a) || !BN_is_bit_set(a, 0))
+ /* a_0 == 0 => return error (the unsigned int array
+ * must be terminated by 0)
+ */
+ return 0;
for (i = a->top - 1; i >= 0; i--)
{
+ if (!a->d[i])
+ /* skip word if a->d[i] == 0 */
+ continue;
mask = BN_TBIT;
for (j = BN_BITS2 - 1; j >= 0; j--)
{
{
int i;
+ bn_check_top(a);
BN_zero(a);
- for (i = 0; p[i] > 0; i++)
+ for (i = 0; p[i] != 0; i++)
{
BN_set_bit(a, p[i]);
}
BN_set_bit(a, 0);
-
+ bn_check_top(a);
+
return 1;
}
projects / openssl.git / blobdiff