diff options
Diffstat (limited to 'deps/openssl/openssl/crypto/bn')
99 files changed, 5968 insertions, 17975 deletions
diff --git a/deps/openssl/openssl/crypto/bn/Makefile b/deps/openssl/openssl/crypto/bn/Makefile deleted file mode 100644 index 20e8ef0a28..0000000000 --- a/deps/openssl/openssl/crypto/bn/Makefile +++ /dev/null @@ -1,389 +0,0 @@ -# -# OpenSSL/crypto/bn/Makefile -# - -DIR= bn -TOP= ../.. -CC= cc -CPP= $(CC) -E -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -MAKEFILE= Makefile -AR= ar r - -BN_ASM= bn_asm.o - -CFLAGS= $(INCLUDES) $(CFLAG) -ASFLAGS= $(INCLUDES) $(ASFLAG) -AFLAGS= $(ASFLAGS) - -GENERAL=Makefile -TEST=bntest.c exptest.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \ - bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ - bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ - bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ - bn_depr.c bn_const.c bn_x931p.c - -LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \ - bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \ - bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \ - bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \ - bn_depr.o bn_const.o bn_x931p.o - -SRC= $(LIBSRC) - -EXHEADER= bn.h -HEADER= bn_lcl.h bn_prime.h $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -bn_prime.h: bn_prime.pl - $(PERL) bn_prime.pl >bn_prime.h - -divtest: divtest.c ../../libcrypto.a - cc -I../../include divtest.c -o divtest ../../libcrypto.a - -bnbug: bnbug.c ../../libcrypto.a top - cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -bn-586.s: asm/bn-586.pl ../perlasm/x86asm.pl - $(PERL) asm/bn-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ -co-586.s: asm/co-586.pl ../perlasm/x86asm.pl - $(PERL) asm/co-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ -x86-mont.s: asm/x86-mont.pl ../perlasm/x86asm.pl - $(PERL) asm/x86-mont.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ -x86-gf2m.s: asm/x86-gf2m.pl ../perlasm/x86asm.pl - $(PERL) asm/x86-gf2m.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ - -sparcv8.o: asm/sparcv8.S - $(CC) $(CFLAGS) -c asm/sparcv8.S -bn-sparcv9.o: asm/sparcv8plus.S - $(CC) $(CFLAGS) -c -o $@ asm/sparcv8plus.S -sparcv9a-mont.s: asm/sparcv9a-mont.pl - $(PERL) asm/sparcv9a-mont.pl $(CFLAGS) > $@ -sparcv9-mont.s: asm/sparcv9-mont.pl - $(PERL) asm/sparcv9-mont.pl $(CFLAGS) > $@ -vis3-mont.s: asm/vis3-mont.pl - $(PERL) asm/vis3-mont.pl $(CFLAGS) > $@ -sparct4-mont.S: asm/sparct4-mont.pl - $(PERL) asm/sparct4-mont.pl $(CFLAGS) > $@ -sparcv9-gf2m.S: asm/sparcv9-gf2m.pl - $(PERL) asm/sparcv9-gf2m.pl $(CFLAGS) > $@ - -bn-mips3.o: asm/mips3.s - @if [ "$(CC)" = "gcc" ]; then \ - ABI=`expr "$(CFLAGS)" : ".*-mabi=\([n3264]*\)"` && \ - as -$$ABI -O -o $@ asm/mips3.s; \ - else $(CC) -c $(CFLAGS) -o $@ asm/mips3.s; fi - -bn-mips.s: asm/mips.pl - $(PERL) asm/mips.pl $(PERLASM_SCHEME) $@ -mips-mont.s: asm/mips-mont.pl - $(PERL) asm/mips-mont.pl $(PERLASM_SCHEME) $@ - -bn-s390x.o: asm/s390x.S - $(CC) $(CFLAGS) -c -o $@ asm/s390x.S -s390x-gf2m.s: asm/s390x-gf2m.pl - $(PERL) asm/s390x-gf2m.pl $(PERLASM_SCHEME) $@ - -x86_64-gcc.o: asm/x86_64-gcc.c - $(CC) $(CFLAGS) -c -o $@ asm/x86_64-gcc.c -x86_64-mont.s: asm/x86_64-mont.pl - $(PERL) asm/x86_64-mont.pl $(PERLASM_SCHEME) > $@ -x86_64-mont5.s: asm/x86_64-mont5.pl - $(PERL) asm/x86_64-mont5.pl $(PERLASM_SCHEME) > $@ -x86_64-gf2m.s: asm/x86_64-gf2m.pl - $(PERL) asm/x86_64-gf2m.pl $(PERLASM_SCHEME) > $@ -rsaz-x86_64.s: asm/rsaz-x86_64.pl - $(PERL) asm/rsaz-x86_64.pl $(PERLASM_SCHEME) > $@ -rsaz-avx2.s: asm/rsaz-avx2.pl - $(PERL) asm/rsaz-avx2.pl $(PERLASM_SCHEME) > $@ - -bn-ia64.s: asm/ia64.S - $(CC) $(CFLAGS) -E asm/ia64.S > $@ -ia64-mont.s: asm/ia64-mont.pl - $(PERL) asm/ia64-mont.pl $@ $(CFLAGS) - -# GNU assembler fails to compile PA-RISC2 modules, insist on calling -# vendor assembler... -pa-risc2W.o: asm/pa-risc2W.s - /usr/ccs/bin/as -o pa-risc2W.o asm/pa-risc2W.s -pa-risc2.o: asm/pa-risc2.s - /usr/ccs/bin/as -o pa-risc2.o asm/pa-risc2.s -parisc-mont.s: asm/parisc-mont.pl - $(PERL) asm/parisc-mont.pl $(PERLASM_SCHEME) $@ - -# ppc - AIX, Linux, MacOS X... -bn-ppc.s: asm/ppc.pl; $(PERL) asm/ppc.pl $(PERLASM_SCHEME) $@ -ppc-mont.s: asm/ppc-mont.pl;$(PERL) asm/ppc-mont.pl $(PERLASM_SCHEME) $@ -ppc64-mont.s: asm/ppc64-mont.pl;$(PERL) asm/ppc64-mont.pl $(PERLASM_SCHEME) $@ - -alpha-mont.s: asm/alpha-mont.pl - (preproc=$$$$.$@.S; trap "rm $$preproc" INT; \ - $(PERL) asm/alpha-mont.pl > $$preproc && \ - $(CC) -E -P $$preproc > $@ && rm $$preproc) - -# GNU make "catch all" -%-mont.S: asm/%-mont.pl; $(PERL) $< $(PERLASM_SCHEME) $@ -%-gf2m.S: asm/%-gf2m.pl; $(PERL) $< $(PERLASM_SCHEME) $@ - -armv4-mont.o: armv4-mont.S -armv4-gf2m.o: armv4-gf2m.S - -files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO - -links: - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... - @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -exptest: - rm -f exptest - gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a - -div: - rm -f a.out - gcc -I.. -g div.c ../../libcrypto.a - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -update: bn_prime.h depend - -depend: - @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.s *.S *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -bn_add.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_add.c bn_lcl.h -bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_asm.c bn_lcl.h -bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h -bn_const.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -bn_const.o: ../../include/openssl/opensslconf.h -bn_const.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_const.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_const.o: ../../include/openssl/symhacks.h bn.h bn_const.c -bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_ctx.c bn_lcl.h -bn_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_depr.o: ../cryptlib.h bn_depr.c bn_lcl.h -bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_div.c bn_lcl.h -bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -bn_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bn_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -bn_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_err.o: bn_err.c -bn_exp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_exp.o: ../../include/openssl/symhacks.h ../constant_time_locl.h -bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h rsaz_exp.h -bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp2.c bn_lcl.h -bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gcd.c bn_lcl.h -bn_gf2m.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_gf2m.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_gf2m.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_gf2m.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_gf2m.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_gf2m.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_gf2m.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gf2m.c bn_lcl.h -bn_kron.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_kron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_kron.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_kron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_kron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_kron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_kron.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_kron.c bn_lcl.h -bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_lib.c -bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_mod.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_mod.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mod.c -bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_mont.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mont.c -bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_mpi.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_mpi.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mpi.c -bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_mul.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_mul.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mul.c -bn_nist.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_nist.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c -bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_prime.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h -bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_print.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_print.c -bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_rand.o: ../cryptlib.h bn_lcl.h bn_rand.c -bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_recp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_recp.c -bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_shift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_shift.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_shift.c -bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_sqr.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqr.c -bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_sqrt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_sqrt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqrt.c -bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c -bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -bn_x931p.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -bn_x931p.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_x931p.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_x931p.o: ../../include/openssl/symhacks.h bn_x931p.c diff --git a/deps/openssl/openssl/crypto/bn/README.pod b/deps/openssl/openssl/crypto/bn/README.pod new file mode 100644 index 0000000000..109ab0d914 --- /dev/null +++ b/deps/openssl/openssl/crypto/bn/README.pod @@ -0,0 +1,247 @@ +=pod + +=head1 NAME + +bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words, +bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8, +bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal, +bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive, +bn_mul_low_recursive, bn_mul_high, bn_sqr_normal, bn_sqr_recursive, +bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top, +bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM +library internal functions + +=head1 SYNOPSIS + + #include <openssl/bn.h> + + BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w); + BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, + BN_ULONG w); + void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num); + BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); + BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp, + int num); + BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp, + int num); + + void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); + void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); + void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a); + void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a); + + int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n); + + void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, + int nb); + void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n); + void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, + int dna, int dnb, BN_ULONG *tmp); + void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, + int n, int tna, int tnb, BN_ULONG *tmp); + void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, + int n2, BN_ULONG *tmp); + void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, + int n2, BN_ULONG *tmp); + + void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp); + void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp); + + void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c); + void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c); + void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a); + + BIGNUM *bn_expand(BIGNUM *a, int bits); + BIGNUM *bn_wexpand(BIGNUM *a, int n); + BIGNUM *bn_expand2(BIGNUM *a, int n); + void bn_fix_top(BIGNUM *a); + + void bn_check_top(BIGNUM *a); + void bn_print(BIGNUM *a); + void bn_dump(BN_ULONG *d, int n); + void bn_set_max(BIGNUM *a); + void bn_set_high(BIGNUM *r, BIGNUM *a, int n); + void bn_set_low(BIGNUM *r, BIGNUM *a, int n); + +=head1 DESCRIPTION + +This page documents the internal functions used by the OpenSSL +B<BIGNUM> implementation. They are described here to facilitate +debugging and extending the library. They are I<not> to be used by +applications. + +=head2 The BIGNUM structure + + typedef struct bignum_st BIGNUM; + + struct bignum_st + { + BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ + int top; /* Index of last used d +1. */ + /* The next are internal book keeping for bn_expand. */ + int dmax; /* Size of the d array. */ + int neg; /* one if the number is negative */ + int flags; + }; + + +The integer value is stored in B<d>, a malloc()ed array of words (B<BN_ULONG>), +least significant word first. A B<BN_ULONG> can be either 16, 32 or 64 bits +in size, depending on the 'number of bits' (B<BITS2>) specified in +C<openssl/bn.h>. + +B<dmax> is the size of the B<d> array that has been allocated. B<top> +is the number of words being used, so for a value of 4, bn.d[0]=4 and +bn.top=1. B<neg> is 1 if the number is negative. When a B<BIGNUM> is +B<0>, the B<d> field can be B<NULL> and B<top> == B<0>. + +B<flags> is a bit field of flags which are defined in C<openssl/bn.h>. The +flags begin with B<BN_FLG_>. The macros BN_set_flags(b, n) and +BN_get_flags(b, n) exist to enable or fetch flag(s) B<n> from B<BIGNUM> +structure B<b>. + +Various routines in this library require the use of temporary +B<BIGNUM> variables during their execution. Since dynamic memory +allocation to create B<BIGNUM>s is rather expensive when used in +conjunction with repeated subroutine calls, the B<BN_CTX> structure is +used. This structure contains B<BN_CTX_NUM> B<BIGNUM>s, see +L<BN_CTX_start(3)>. + +=head2 Low-level arithmetic operations + +These functions are implemented in C and for several platforms in +assembly language: + +bn_mul_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num> word +arrays B<rp> and B<ap>. It computes B<ap> * B<w>, places the result +in B<rp>, and returns the high word (carry). + +bn_mul_add_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num> +word arrays B<rp> and B<ap>. It computes B<ap> * B<w> + B<rp>, places +the result in B<rp>, and returns the high word (carry). + +bn_sqr_words(B<rp>, B<ap>, B<n>) operates on the B<num> word array +B<ap> and the 2*B<num> word array B<ap>. It computes B<ap> * B<ap> +word-wise, and places the low and high bytes of the result in B<rp>. + +bn_div_words(B<h>, B<l>, B<d>) divides the two word number (B<h>, B<l>) +by B<d> and returns the result. + +bn_add_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word +arrays B<ap>, B<bp> and B<rp>. It computes B<ap> + B<bp>, places the +result in B<rp>, and returns the high word (carry). + +bn_sub_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word +arrays B<ap>, B<bp> and B<rp>. It computes B<ap> - B<bp>, places the +result in B<rp>, and returns the carry (1 if B<bp> E<gt> B<ap>, 0 +otherwise). + +bn_mul_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and +B<b> and the 8 word array B<r>. It computes B<a>*B<b> and places the +result in B<r>. + +bn_mul_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and +B<b> and the 16 word array B<r>. It computes B<a>*B<b> and places the +result in B<r>. + +bn_sqr_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and +B<b> and the 8 word array B<r>. + +bn_sqr_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and +B<b> and the 16 word array B<r>. + +The following functions are implemented in C: + +bn_cmp_words(B<a>, B<b>, B<n>) operates on the B<n> word arrays B<a> +and B<b>. It returns 1, 0 and -1 if B<a> is greater than, equal and +less than B<b>. + +bn_mul_normal(B<r>, B<a>, B<na>, B<b>, B<nb>) operates on the B<na> +word array B<a>, the B<nb> word array B<b> and the B<na>+B<nb> word +array B<r>. It computes B<a>*B<b> and places the result in B<r>. + +bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word +arrays B<r>, B<a> and B<b>. It computes the B<n> low words of +B<a>*B<b> and places the result in B<r>. + +bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<dna>, B<dnb>, B<t>) operates +on the word arrays B<a> and B<b> of length B<n2>+B<dna> and B<n2>+B<dnb> +(B<dna> and B<dnb> are currently allowed to be 0 or negative) and the 2*B<n2> +word arrays B<r> and B<t>. B<n2> must be a power of 2. It computes +B<a>*B<b> and places the result in B<r>. + +bn_mul_part_recursive(B<r>, B<a>, B<b>, B<n>, B<tna>, B<tnb>, B<tmp>) +operates on the word arrays B<a> and B<b> of length B<n>+B<tna> and +B<n>+B<tnb> and the 4*B<n> word arrays B<r> and B<tmp>. + +bn_mul_low_recursive(B<r>, B<a>, B<b>, B<n2>, B<tmp>) operates on the +B<n2> word arrays B<r> and B<tmp> and the B<n2>/2 word arrays B<a> +and B<b>. + +bn_mul_high(B<r>, B<a>, B<b>, B<l>, B<n2>, B<tmp>) operates on the +B<n2> word arrays B<r>, B<a>, B<b> and B<l> (?) and the 3*B<n2> word +array B<tmp>. + +BN_mul() calls bn_mul_normal(), or an optimized implementation if the +factors have the same size: bn_mul_comba8() is used if they are 8 +words long, bn_mul_recursive() if they are larger than +B<BN_MULL_SIZE_NORMAL> and the size is an exact multiple of the word +size, and bn_mul_part_recursive() for others that are larger than +B<BN_MULL_SIZE_NORMAL>. + +bn_sqr_normal(B<r>, B<a>, B<n>, B<tmp>) operates on the B<n> word array +B<a> and the 2*B<n> word arrays B<tmp> and B<r>. + +The implementations use the following macros which, depending on the +architecture, may use "long long" C operations or inline assembler. +They are defined in C<bn_lcl.h>. + +mul(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<c> and places the +low word of the result in B<r> and the high word in B<c>. + +mul_add(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<r>+B<c> and +places the low word of the result in B<r> and the high word in B<c>. + +sqr(B<r0>, B<r1>, B<a>) computes B<a>*B<a> and places the low word +of the result in B<r0> and the high word in B<r1>. + +=head2 Size changes + +bn_expand() ensures that B<b> has enough space for a B<bits> bit +number. bn_wexpand() ensures that B<b> has enough space for an +B<n> word number. If the number has to be expanded, both macros +call bn_expand2(), which allocates a new B<d> array and copies the +data. They return B<NULL> on error, B<b> otherwise. + +The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most +significant non-zero word plus one when B<a> has shrunk. + +=head2 Debugging + +bn_check_top() verifies that C<((a)-E<gt>top E<gt>= 0 && (a)-E<gt>top +E<lt>= (a)-E<gt>dmax)>. A violation will cause the program to abort. + +bn_print() prints B<a> to stderr. bn_dump() prints B<n> words at B<d> +(in reverse order, i.e. most significant word first) to stderr. + +bn_set_max() makes B<a> a static number with a B<dmax> of its current size. +This is used by bn_set_low() and bn_set_high() to make B<r> a read-only +B<BIGNUM> that contains the B<n> low or high words of B<a>. + +If B<BN_DEBUG> is not defined, bn_check_top(), bn_print(), bn_dump() +and bn_set_max() are defined as empty macros. + +=head1 SEE ALSO + +L<bn(3)> + +=head1 COPYRIGHT + +Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut diff --git a/deps/openssl/openssl/crypto/bn/asm/README b/deps/openssl/openssl/crypto/bn/asm/README deleted file mode 100644 index b0f3a68a06..0000000000 --- a/deps/openssl/openssl/crypto/bn/asm/README +++ /dev/null @@ -1,27 +0,0 @@ -<OBSOLETE> - -All assember in this directory are just version of the file -crypto/bn/bn_asm.c. - -Quite a few of these files are just the assember output from gcc since on -quite a few machines they are 2 times faster than the system compiler. - -For the x86, I have hand written assember because of the bad job all -compilers seem to do on it. This normally gives a 2 time speed up in the RSA -routines. - -For the DEC alpha, I also hand wrote the assember (except the division which -is just the output from the C compiler pasted on the end of the file). -On the 2 alpha C compilers I had access to, it was not possible to do -64b x 64b -> 128b calculations (both long and the long long data types -were 64 bits). So the hand assember gives access to the 128 bit result and -a 2 times speedup :-). - -There are 3 versions of assember for the HP PA-RISC. - -pa-risc.s is the origional one which works fine and generated using gcc :-) - -pa-risc2W.s and pa-risc2.s are 64 and 32-bit PA-RISC 2.0 implementations -by Chris Ruemmler from HP (with some help from the HP C compiler). - -</OBSOLETE> diff --git a/deps/openssl/openssl/crypto/bn/asm/alpha-mont.pl b/deps/openssl/openssl/crypto/bn/asm/alpha-mont.pl index 03596e2014..1d68d6d072 100644 --- a/deps/openssl/openssl/crypto/bn/asm/alpha-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/alpha-mont.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # # ==================================================================== # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL @@ -15,6 +22,9 @@ # I.e. if you compare 1GHz 21264 and 2GHz Opteron, you'll observe ~2x # difference. +$output=pop; +open STDOUT,">$output"; + # int bn_mul_mont( $rp="a0"; # BN_ULONG *rp, $ap="a1"; # const BN_ULONG *ap, diff --git a/deps/openssl/openssl/crypto/bn/asm/armv4-gf2m.pl b/deps/openssl/openssl/crypto/bn/asm/armv4-gf2m.pl index 72381a7724..0bb5433075 100644 --- a/deps/openssl/openssl/crypto/bn/asm/armv4-gf2m.pl +++ b/deps/openssl/openssl/crypto/bn/asm/armv4-gf2m.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # # ==================================================================== # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL @@ -32,14 +39,31 @@ # # http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $code=<<___; #include "arm_arch.h" .text +#if defined(__thumb2__) +.syntax unified +.thumb +#else .code 32 +#endif ___ ################ # private interface to mul_1x1_ialu @@ -120,11 +144,17 @@ mul_1x1_ialu: eor $hi,$hi,$t0,lsr#8 ldr $t0,[sp,$i0] @ tab[b >> 30 ] +#ifdef __thumb2__ + itt ne +#endif eorne $lo,$lo,$b,lsl#30 eorne $hi,$hi,$b,lsr#2 tst $a,#1<<31 eor $lo,$lo,$t1,lsl#27 eor $hi,$hi,$t1,lsr#5 +#ifdef __thumb2__ + itt ne +#endif eorne $lo,$lo,$b,lsl#31 eorne $hi,$hi,$b,lsr#1 eor $lo,$lo,$t0,lsl#30 @@ -144,20 +174,33 @@ $code.=<<___; .align 5 bn_GF2m_mul_2x2: #if __ARM_MAX_ARCH__>=7 + stmdb sp!,{r10,lr} ldr r12,.LOPENSSL_armcap -.Lpic: ldr r12,[pc,r12] - tst r12,#1 + adr r10,.LOPENSSL_armcap + ldr r12,[r12,r10] +#ifdef __APPLE__ + ldr r12,[r12] +#endif + tst r12,#ARMV7_NEON + itt ne + ldrne r10,[sp],#8 bne .LNEON + stmdb sp!,{r4-r9} +#else + stmdb sp!,{r4-r10,lr} #endif ___ $ret="r10"; # reassigned 1st argument $code.=<<___; - stmdb sp!,{r4-r10,lr} mov $ret,r0 @ reassign 1st argument mov $b,r3 @ $b=b1 + sub r7,sp,#36 + mov r8,sp + and r7,r7,#-32 ldr r3,[sp,#32] @ load b0 mov $mask,#7<<2 - sub sp,sp,#32 @ allocate tab[8] + mov sp,r7 @ allocate tab[8] + str r8,[r7,#32] bl mul_1x1_ialu @ a1·b1 str $lo,[$ret,#8] @@ -181,6 +224,7 @@ ___ $code.=<<___; ldmia $ret,{@r[0]-@r[3]} eor $lo,$lo,$hi + ldr sp,[sp,#32] @ destroy tab[8] eor $hi,$hi,@r[1] eor $lo,$lo,@r[0] eor $hi,$hi,@r[2] @@ -188,7 +232,6 @@ $code.=<<___; eor $hi,$hi,@r[3] str $hi,[$ret,#8] eor $lo,$lo,$hi - add sp,sp,#32 @ destroy tab[8] str $lo,[$ret,#4] #if __ARM_ARCH__>=5 @@ -213,8 +256,8 @@ $code.=<<___; .align 5 .LNEON: ldr r12, [sp] @ 5th argument - vmov.32 $a, r2, r1 - vmov.32 $b, r12, r3 + vmov $a, r2, r1 + vmov $b, r12, r3 vmov.i64 $k48, #0x0000ffffffffffff vmov.i64 $k32, #0x00000000ffffffff vmov.i64 $k16, #0x000000000000ffff @@ -267,7 +310,7 @@ $code.=<<___; #if __ARM_MAX_ARCH__>=7 .align 5 .LOPENSSL_armcap: -.word OPENSSL_armcap_P-(.Lpic+8) +.word OPENSSL_armcap_P-. #endif .asciz "GF(2^m) Multiplication for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>" .align 5 diff --git a/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl b/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl index 1d330e9f8a..0dc4fe95e4 100644 --- a/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # ==================================================================== # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL @@ -38,8 +45,29 @@ # for execution on all NEON-capable processors, because gain on # others outweighs the marginal loss on Cortex-A9. -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +# September 2015 +# +# Align Cortex-A9 performance with November 2013 improvements, i.e. +# NEON code is now ~20-105% faster than integer-only one on this +# processor. But this optimization further improved performance even +# on other processors: NEON code path is ~45-180% faster than original +# integer-only on Cortex-A8, ~10-210% on Cortex-A15, ~70-450% on +# Snapdragon S4. + +$flavour = shift; +if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $num="r0"; # starts as num argument, but holds &tp[num-1] $ap="r1"; @@ -70,12 +98,17 @@ $code=<<___; #include "arm_arch.h" .text +#if defined(__thumb2__) +.syntax unified +.thumb +#else .code 32 +#endif #if __ARM_MAX_ARCH__>=7 .align 5 .LOPENSSL_armcap: -.word OPENSSL_armcap_P-bn_mul_mont +.word OPENSSL_armcap_P-.Lbn_mul_mont #endif .global bn_mul_mont @@ -83,15 +116,19 @@ $code=<<___; .align 5 bn_mul_mont: +.Lbn_mul_mont: ldr ip,[sp,#4] @ load num stmdb sp!,{r0,r2} @ sp points at argument block #if __ARM_MAX_ARCH__>=7 tst ip,#7 bne .Lialu - adr r0,bn_mul_mont + adr r0,.Lbn_mul_mont ldr r2,.LOPENSSL_armcap ldr r0,[r0,r2] - tst r0,#1 @ NEON available? +#ifdef __APPLE__ + ldr r0,[r0] +#endif + tst r0,#ARMV7_NEON @ NEON available? ldmia sp, {r0,r2} beq .Lialu add sp,sp,#8 @@ -101,6 +138,9 @@ bn_mul_mont: #endif cmp ip,#2 mov $num,ip @ load num +#ifdef __thumb2__ + ittt lt +#endif movlt r0,#0 addlt sp,sp,#2*4 blt .Labrt @@ -148,10 +188,11 @@ bn_mul_mont: ldr $n0,[$_n0] @ restore n0 adc $nhi,$nhi,#0 str $nlo,[$num] @ tp[num-1]= + mov $tj,sp str $nhi,[$num,#4] @ tp[num]= .Louter: - sub $tj,$num,sp @ "original" $num-1 value + sub $tj,$num,$tj @ "original" $num-1 value sub $ap,$ap,$tj @ "rewind" ap to &ap[1] ldr $bi,[$tp,#4]! @ *(++bp) sub $np,$np,$tj @ "rewind" np to &np[1] @@ -196,11 +237,16 @@ bn_mul_mont: str $nhi,[$num,#4] @ tp[num]= cmp $tp,$tj +#ifdef __thumb2__ + itt ne +#endif + movne $tj,sp bne .Louter ldr $rp,[$_rp] @ pull rp + mov $aj,sp add $num,$num,#4 @ $num to point at &tp[num] - sub $aj,$num,sp @ "original" num value + sub $aj,$num,$aj @ "original" num value mov $tp,sp @ "rewind" $tp mov $ap,$tp @ "borrow" $ap sub $np,$np,$aj @ "rewind" $np to &np[0] @@ -226,7 +272,8 @@ bn_mul_mont: cmp $tp,$num bne .Lcopy - add sp,$num,#4 @ skip over tp[num+1] + mov sp,$num + add sp,sp,#4 @ skip over tp[num+1] ldmia sp!,{r4-r12,lr} @ restore registers add sp,sp,#2*4 @ skip over {r0,r2} mov r0,#1 @@ -241,19 +288,16 @@ bn_mul_mont: .size bn_mul_mont,.-bn_mul_mont ___ { -sub Dlo() { shift=~m|q([1]?[0-9])|?"d".($1*2):""; } -sub Dhi() { shift=~m|q([1]?[0-9])|?"d".($1*2+1):""; } - my ($A0,$A1,$A2,$A3)=map("d$_",(0..3)); my ($N0,$N1,$N2,$N3)=map("d$_",(4..7)); my ($Z,$Temp)=("q4","q5"); -my ($A0xB,$A1xB,$A2xB,$A3xB,$A4xB,$A5xB,$A6xB,$A7xB)=map("q$_",(6..13)); +my @ACC=map("q$_",(6..13)); my ($Bi,$Ni,$M0)=map("d$_",(28..31)); -my $zero=&Dlo($Z); -my $temp=&Dlo($Temp); +my $zero="$Z#lo"; +my $temp="$Temp#lo"; my ($rptr,$aptr,$bptr,$nptr,$n0,$num)=map("r$_",(0..5)); -my ($tinptr,$toutptr,$inner,$outer)=map("r$_",(6..9)); +my ($tinptr,$toutptr,$inner,$outer,$bnptr)=map("r$_",(6..11)); $code.=<<___; #if __ARM_MAX_ARCH__>=7 @@ -267,60 +311,60 @@ bn_mul8x_mont_neon: stmdb sp!,{r4-r11} vstmdb sp!,{d8-d15} @ ABI specification says so ldmia ip,{r4-r5} @ load rest of parameter block + mov ip,sp + + cmp $num,#8 + bhi .LNEON_8n + + @ special case for $num==8, everything is in register bank... - sub $toutptr,sp,#16 vld1.32 {${Bi}[0]}, [$bptr,:32]! - sub $toutptr,$toutptr,$num,lsl#4 + veor $zero,$zero,$zero + sub $toutptr,sp,$num,lsl#4 vld1.32 {$A0-$A3}, [$aptr]! @ can't specify :32 :-( and $toutptr,$toutptr,#-64 vld1.32 {${M0}[0]}, [$n0,:32] mov sp,$toutptr @ alloca - veor $zero,$zero,$zero - subs $inner,$num,#8 vzip.16 $Bi,$zero - vmull.u32 $A0xB,$Bi,${A0}[0] - vmull.u32 $A1xB,$Bi,${A0}[1] - vmull.u32 $A2xB,$Bi,${A1}[0] - vshl.i64 $temp,`&Dhi("$A0xB")`,#16 - vmull.u32 $A3xB,$Bi,${A1}[1] + vmull.u32 @ACC[0],$Bi,${A0}[0] + vmull.u32 @ACC[1],$Bi,${A0}[1] + vmull.u32 @ACC[2],$Bi,${A1}[0] + vshl.i64 $Ni,@ACC[0]#hi,#16 + vmull.u32 @ACC[3],$Bi,${A1}[1] - vadd.u64 $temp,$temp,`&Dlo("$A0xB")` + vadd.u64 $Ni,$Ni,@ACC[0]#lo veor $zero,$zero,$zero - vmul.u32 $Ni,$temp,$M0 + vmul.u32 $Ni,$Ni,$M0 - vmull.u32 $A4xB,$Bi,${A2}[0] + vmull.u32 @ACC[4],$Bi,${A2}[0] vld1.32 {$N0-$N3}, [$nptr]! - vmull.u32 $A5xB,$Bi,${A2}[1] - vmull.u32 $A6xB,$Bi,${A3}[0] + vmull.u32 @ACC[5],$Bi,${A2}[1] + vmull.u32 @ACC[6],$Bi,${A3}[0] vzip.16 $Ni,$zero - vmull.u32 $A7xB,$Bi,${A3}[1] - - bne .LNEON_1st - - @ special case for num=8, everything is in register bank... + vmull.u32 @ACC[7],$Bi,${A3}[1] - vmlal.u32 $A0xB,$Ni,${N0}[0] + vmlal.u32 @ACC[0],$Ni,${N0}[0] sub $outer,$num,#1 - vmlal.u32 $A1xB,$Ni,${N0}[1] - vmlal.u32 $A2xB,$Ni,${N1}[0] - vmlal.u32 $A3xB,$Ni,${N1}[1] - - vmlal.u32 $A4xB,$Ni,${N2}[0] - vmov $Temp,$A0xB - vmlal.u32 $A5xB,$Ni,${N2}[1] - vmov $A0xB,$A1xB - vmlal.u32 $A6xB,$Ni,${N3}[0] - vmov $A1xB,$A2xB - vmlal.u32 $A7xB,$Ni,${N3}[1] - vmov $A2xB,$A3xB - vmov $A3xB,$A4xB + vmlal.u32 @ACC[1],$Ni,${N0}[1] + vmlal.u32 @ACC[2],$Ni,${N1}[0] + vmlal.u32 @ACC[3],$Ni,${N1}[1] + + vmlal.u32 @ACC[4],$Ni,${N2}[0] + vmov $Temp,@ACC[0] + vmlal.u32 @ACC[5],$Ni,${N2}[1] + vmov @ACC[0],@ACC[1] + vmlal.u32 @ACC[6],$Ni,${N3}[0] + vmov @ACC[1],@ACC[2] + vmlal.u32 @ACC[7],$Ni,${N3}[1] + vmov @ACC[2],@ACC[3] + vmov @ACC[3],@ACC[4] vshr.u64 $temp,$temp,#16 - vmov $A4xB,$A5xB - vmov $A5xB,$A6xB - vadd.u64 $temp,$temp,`&Dhi("$Temp")` - vmov $A6xB,$A7xB - veor $A7xB,$A7xB + vmov @ACC[4],@ACC[5] + vmov @ACC[5],@ACC[6] + vadd.u64 $temp,$temp,$Temp#hi + vmov @ACC[6],@ACC[7] + veor @ACC[7],@ACC[7] vshr.u64 $temp,$temp,#16 b .LNEON_outer8 @@ -330,279 +374,302 @@ bn_mul8x_mont_neon: vld1.32 {${Bi}[0]}, [$bptr,:32]! veor $zero,$zero,$zero vzip.16 $Bi,$zero - vadd.u64 `&Dlo("$A0xB")`,`&Dlo("$A0xB")`,$temp + vadd.u64 @ACC[0]#lo,@ACC[0]#lo,$temp - vmlal.u32 $A0xB,$Bi,${A0}[0] - vmlal.u32 $A1xB,$Bi,${A0}[1] - vmlal.u32 $A2xB,$Bi,${A1}[0] - vshl.i64 $temp,`&Dhi("$A0xB")`,#16 - vmlal.u32 $A3xB,$Bi,${A1}[1] + vmlal.u32 @ACC[0],$Bi,${A0}[0] + vmlal.u32 @ACC[1],$Bi,${A0}[1] + vmlal.u32 @ACC[2],$Bi,${A1}[0] + vshl.i64 $Ni,@ACC[0]#hi,#16 + vmlal.u32 @ACC[3],$Bi,${A1}[1] - vadd.u64 $temp,$temp,`&Dlo("$A0xB")` + vadd.u64 $Ni,$Ni,@ACC[0]#lo veor $zero,$zero,$zero subs $outer,$outer,#1 - vmul.u32 $Ni,$temp,$M0 + vmul.u32 $Ni,$Ni,$M0 - vmlal.u32 $A4xB,$Bi,${A2}[0] - vmlal.u32 $A5xB,$Bi,${A2}[1] - vmlal.u32 $A6xB,$Bi,${A3}[0] + vmlal.u32 @ACC[4],$Bi,${A2}[0] + vmlal.u32 @ACC[5],$Bi,${A2}[1] + vmlal.u32 @ACC[6],$Bi,${A3}[0] vzip.16 $Ni,$zero - vmlal.u32 $A7xB,$Bi,${A3}[1] - - vmlal.u32 $A0xB,$Ni,${N0}[0] - vmlal.u32 $A1xB,$Ni,${N0}[1] - vmlal.u32 $A2xB,$Ni,${N1}[0] - vmlal.u32 $A3xB,$Ni,${N1}[1] - - vmlal.u32 $A4xB,$Ni,${N2}[0] - vmov $Temp,$A0xB - vmlal.u32 $A5xB,$Ni,${N2}[1] - vmov $A0xB,$A1xB - vmlal.u32 $A6xB,$Ni,${N3}[0] - vmov $A1xB,$A2xB - vmlal.u32 $A7xB,$Ni,${N3}[1] - vmov $A2xB,$A3xB - vmov $A3xB,$A4xB + vmlal.u32 @ACC[7],$Bi,${A3}[1] + + vmlal.u32 @ACC[0],$Ni,${N0}[0] + vmlal.u32 @ACC[1],$Ni,${N0}[1] + vmlal.u32 @ACC[2],$Ni,${N1}[0] + vmlal.u32 @ACC[3],$Ni,${N1}[1] + + vmlal.u32 @ACC[4],$Ni,${N2}[0] + vmov $Temp,@ACC[0] + vmlal.u32 @ACC[5],$Ni,${N2}[1] + vmov @ACC[0],@ACC[1] + vmlal.u32 @ACC[6],$Ni,${N3}[0] + vmov @ACC[1],@ACC[2] + vmlal.u32 @ACC[7],$Ni,${N3}[1] + vmov @ACC[2],@ACC[3] + vmov @ACC[3],@ACC[4] vshr.u64 $temp,$temp,#16 - vmov $A4xB,$A5xB - vmov $A5xB,$A6xB - vadd.u64 $temp,$temp,`&Dhi("$Temp")` - vmov $A6xB,$A7xB - veor $A7xB,$A7xB + vmov @ACC[4],@ACC[5] + vmov @ACC[5],@ACC[6] + vadd.u64 $temp,$temp,$Temp#hi + vmov @ACC[6],@ACC[7] + veor @ACC[7],@ACC[7] vshr.u64 $temp,$temp,#16 bne .LNEON_outer8 - vadd.u64 `&Dlo("$A0xB")`,`&Dlo("$A0xB")`,$temp + vadd.u64 @ACC[0]#lo,@ACC[0]#lo,$temp mov $toutptr,sp - vshr.u64 $temp,`&Dlo("$A0xB")`,#16 + vshr.u64 $temp,@ACC[0]#lo,#16 mov $inner,$num - vadd.u64 `&Dhi("$A0xB")`,`&Dhi("$A0xB")`,$temp - add $tinptr,sp,#16 - vshr.u64 $temp,`&Dhi("$A0xB")`,#16 - vzip.16 `&Dlo("$A0xB")`,`&Dhi("$A0xB")` + vadd.u64 @ACC[0]#hi,@ACC[0]#hi,$temp + add $tinptr,sp,#96 + vshr.u64 $temp,@ACC[0]#hi,#16 + vzip.16 @ACC[0]#lo,@ACC[0]#hi - b .LNEON_tail2 + b .LNEON_tail_entry .align 4 -.LNEON_1st: - vmlal.u32 $A0xB,$Ni,${N0}[0] - vld1.32 {$A0-$A3}, [$aptr]! - vmlal.u32 $A1xB,$Ni,${N0}[1] +.LNEON_8n: + veor @ACC[0],@ACC[0],@ACC[0] + sub $toutptr,sp,#128 + veor @ACC[1],@ACC[1],@ACC[1] + sub $toutptr,$toutptr,$num,lsl#4 + veor @ACC[2],@ACC[2],@ACC[2] + and $toutptr,$toutptr,#-64 + veor @ACC[3],@ACC[3],@ACC[3] + mov sp,$toutptr @ alloca + veor @ACC[4],@ACC[4],@ACC[4] + add $toutptr,$toutptr,#256 + veor @ACC[5],@ACC[5],@ACC[5] + sub $inner,$num,#8 + veor @ACC[6],@ACC[6],@ACC[6] + veor @ACC[7],@ACC[7],@ACC[7] + +.LNEON_8n_init: + vst1.64 {@ACC[0]-@ACC[1]},[$toutptr,:256]! subs $inner,$inner,#8 - vmlal.u32 $A2xB,$Ni,${N1}[0] - vmlal.u32 $A3xB,$Ni,${N1}[1] - - vmlal.u32 $A4xB,$Ni,${N2}[0] - vld1.32 {$N0-$N1}, [$nptr]! - vmlal.u32 $A5xB,$Ni,${N2}[1] - vst1.64 {$A0xB-$A1xB}, [$toutptr,:256]! - vmlal.u32 $A6xB,$Ni,${N3}[0] - vmlal.u32 $A7xB,$Ni,${N3}[1] - vst1.64 {$A2xB-$A3xB}, [$toutptr,:256]! - - vmull.u32 $A0xB,$Bi,${A0}[0] - vld1.32 {$N2-$N3}, [$nptr]! - vmull.u32 $A1xB,$Bi,${A0}[1] - vst1.64 {$A4xB-$A5xB}, [$toutptr,:256]! - vmull.u32 $A2xB,$Bi,${A1}[0] - vmull.u32 $A3xB,$Bi,${A1}[1] - vst1.64 {$A6xB-$A7xB}, [$toutptr,:256]! - - vmull.u32 $A4xB,$Bi,${A2}[0] - vmull.u32 $A5xB,$Bi,${A2}[1] - vmull.u32 $A6xB,$Bi,${A3}[0] - vmull.u32 $A7xB,$Bi,${A3}[1] - - bne .LNEON_1st - - vmlal.u32 $A0xB,$Ni,${N0}[0] - add $tinptr,sp,#16 - vmlal.u32 $A1xB,$Ni,${N0}[1] - sub $aptr,$aptr,$num,lsl#2 @ rewind $aptr - vmlal.u32 $A2xB,$Ni,${N1}[0] - vld1.64 {$Temp}, [sp,:128] - vmlal.u32 $A3xB,$Ni,${N1}[1] - sub $outer,$num,#1 - - vmlal.u32 $A4xB,$Ni,${N2}[0] - vst1.64 {$A0xB-$A1xB}, [$toutptr,:256]! - vmlal.u32 $A5xB,$Ni,${N2}[1] - vshr.u64 $temp,$temp,#16 - vld1.64 {$A0xB}, [$tinptr, :128]! - vmlal.u32 $A6xB,$Ni,${N3}[0] - vst1.64 {$A2xB-$A3xB}, [$toutptr,:256]! - vmlal.u32 $A7xB,$Ni,${N3}[1] - - vst1.64 {$A4xB-$A5xB}, [$toutptr,:256]! - vadd.u64 $temp,$temp,`&Dhi("$Temp")` - veor $Z,$Z,$Z - vst1.64 {$A6xB-$A7xB}, [$toutptr,:256]! - vld1.64 {$A1xB-$A2xB}, [$tinptr, :256]! - vst1.64 {$Z}, [$toutptr,:128] - vshr.u64 $temp,$temp,#16 - - b .LNEON_outer + vst1.64 {@ACC[2]-@ACC[3]},[$toutptr,:256]! + vst1.64 {@ACC[4]-@ACC[5]},[$toutptr,:256]! + vst1.64 {@ACC[6]-@ACC[7]},[$toutptr,:256]! + bne .LNEON_8n_init + + add $tinptr,sp,#256 + vld1.32 {$A0-$A3},[$aptr]! + add $bnptr,sp,#8 + vld1.32 {${M0}[0]},[$n0,:32] + mov $outer,$num + b .LNEON_8n_outer .align 4 -.LNEON_outer: - vld1.32 {${Bi}[0]}, [$bptr,:32]! - sub $nptr,$nptr,$num,lsl#2 @ rewind $nptr - vld1.32 {$A0-$A3}, [$aptr]! +.LNEON_8n_outer: + vld1.32 {${Bi}[0]},[$bptr,:32]! @ *b++ veor $zero,$zero,$zero - mov $toutptr,sp vzip.16 $Bi,$zero + add $toutptr,sp,#128 + vld1.32 {$N0-$N3},[$nptr]! + + vmlal.u32 @ACC[0],$Bi,${A0}[0] + vmlal.u32 @ACC[1],$Bi,${A0}[1] + veor $zero,$zero,$zero + vmlal.u32 @ACC[2],$Bi,${A1}[0] + vshl.i64 $Ni,@ACC[0]#hi,#16 + vmlal.u32 @ACC[3],$Bi,${A1}[1] + vadd.u64 $Ni,$Ni,@ACC[0]#lo + vmlal.u32 @ACC[4],$Bi,${A2}[0] + vmul.u32 $Ni,$Ni,$M0 + vmlal.u32 @ACC[5],$Bi,${A2}[1] + vst1.32 {$Bi},[sp,:64] @ put aside smashed b[8*i+0] + vmlal.u32 @ACC[6],$Bi,${A3}[0] + vzip.16 $Ni,$zero + vmlal.u32 @ACC[7],$Bi,${A3}[1] +___ +for ($i=0; $i<7;) { +$code.=<<___; + vld1.32 {${Bi}[0]},[$bptr,:32]! @ *b++ + vmlal.u32 @ACC[0],$Ni,${N0}[0] + veor $temp,$temp,$temp + vmlal.u32 @ACC[1],$Ni,${N0}[1] + vzip.16 $Bi,$temp + vmlal.u32 @ACC[2],$Ni,${N1}[0] + vshr.u64 @ACC[0]#lo,@ACC[0]#lo,#16 + vmlal.u32 @ACC[3],$Ni,${N1}[1] + vmlal.u32 @ACC[4],$Ni,${N2}[0] + vadd.u64 @ACC[0]#lo,@ACC[0]#lo,@ACC[0]#hi + vmlal.u32 @ACC[5],$Ni,${N2}[1] + vshr.u64 @ACC[0]#lo,@ACC[0]#lo,#16 + vmlal.u32 @ACC[6],$Ni,${N3}[0] + vmlal.u32 @ACC[7],$Ni,${N3}[1] + vadd.u64 @ACC[1]#lo,@ACC[1]#lo,@ACC[0]#lo + vst1.32 {$Ni},[$bnptr,:64]! @ put aside smashed m[8*i+$i] +___ + push(@ACC,shift(@ACC)); $i++; +$code.=<<___; + vmlal.u32 @ACC[0],$Bi,${A0}[0] + vld1.64 {@ACC[7]},[$tinptr,:128]! + vmlal.u32 @ACC[1],$Bi,${A0}[1] + veor $zero,$zero,$zero + vmlal.u32 @ACC[2],$Bi,${A1}[0] + vshl.i64 $Ni,@ACC[0]#hi,#16 + vmlal.u32 @ACC[3],$Bi,${A1}[1] + vadd.u64 $Ni,$Ni,@ACC[0]#lo + vmlal.u32 @ACC[4],$Bi,${A2}[0] + vmul.u32 $Ni,$Ni,$M0 + vmlal.u32 @ACC[5],$Bi,${A2}[1] + vst1.32 {$Bi},[$bnptr,:64]! @ put aside smashed b[8*i+$i] + vmlal.u32 @ACC[6],$Bi,${A3}[0] + vzip.16 $Ni,$zero + vmlal.u32 @ACC[7],$Bi,${A3}[1] +___ +} +$code.=<<___; + vld1.32 {$Bi},[sp,:64] @ pull smashed b[8*i+0] + vmlal.u32 @ACC[0],$Ni,${N0}[0] + vld1.32 {$A0-$A3},[$aptr]! + vmlal.u32 @ACC[1],$Ni,${N0}[1] + vmlal.u32 @ACC[2],$Ni,${N1}[0] + vshr.u64 @ACC[0]#lo,@ACC[0]#lo,#16 + vmlal.u32 @ACC[3],$Ni,${N1}[1] + vmlal.u32 @ACC[4],$Ni,${N2}[0] + vadd.u64 @ACC[0]#lo,@ACC[0]#lo,@ACC[0]#hi + vmlal.u32 @ACC[5],$Ni,${N2}[1] + vshr.u64 @ACC[0]#lo,@ACC[0]#lo,#16 + vmlal.u32 @ACC[6],$Ni,${N3}[0] + vmlal.u32 @ACC[7],$Ni,${N3}[1] + vadd.u64 @ACC[1]#lo,@ACC[1]#lo,@ACC[0]#lo + vst1.32 {$Ni},[$bnptr,:64] @ put aside smashed m[8*i+$i] + add $bnptr,sp,#8 @ rewind +___ + push(@ACC,shift(@ACC)); +$code.=<<___; sub $inner,$num,#8 - vadd.u64 `&Dlo("$A0xB")`,`&Dlo("$A0xB")`,$temp - - vmlal.u32 $A0xB,$Bi,${A0}[0] - vld1.64 {$A3xB-$A4xB},[$tinptr,:256]! - vmlal.u32 $A1xB,$Bi,${A0}[1] - vmlal.u32 $A2xB,$Bi,${A1}[0] - vld1.64 {$A5xB-$A6xB},[$tinptr,:256]! - vmlal.u32 $A3xB,$Bi,${A1}[1] + b .LNEON_8n_inner - vshl.i64 $temp,`&Dhi("$A0xB")`,#16 - veor $zero,$zero,$zero - vadd.u64 $temp,$temp,`&Dlo("$A0xB")` - vld1.64 {$A7xB},[$tinptr,:128]! - vmul.u32 $Ni,$temp,$M0 - - vmlal.u32 $A4xB,$Bi,${A2}[0] - vld1.32 {$N0-$N3}, [$nptr]! - vmlal.u32 $A5xB,$Bi,${A2}[1] - vmlal.u32 $A6xB,$Bi,${A3}[0] - vzip.16 $Ni,$zero - vmlal.u32 $A7xB,$Bi,${A3}[1] - -.LNEON_inner: - vmlal.u32 $A0xB,$Ni,${N0}[0] - vld1.32 {$A0-$A3}, [$aptr]! - vmlal.u32 $A1xB,$Ni,${N0}[1] - subs $inner,$inner,#8 - vmlal.u32 $A2xB,$Ni,${N1}[0] - vmlal.u32 $A3xB,$Ni,${N1}[1] - vst1.64 {$A0xB-$A1xB}, [$toutptr,:256]! - - vmlal.u32 $A4xB,$Ni,${N2}[0] - vld1.64 {$A0xB}, [$tinptr, :128]! - vmlal.u32 $A5xB,$Ni,${N2}[1] - vst1.64 {$A2xB-$A3xB}, [$toutptr,:256]! - vmlal.u32 $A6xB,$Ni,${N3}[0] - vld1.64 {$A1xB-$A2xB}, [$tinptr, :256]! - vmlal.u32 $A7xB,$Ni,${N3}[1] - vst1.64 {$A4xB-$A5xB}, [$toutptr,:256]! - - vmlal.u32 $A0xB,$Bi,${A0}[0] - vld1.64 {$A3xB-$A4xB}, [$tinptr, :256]! - vmlal.u32 $A1xB,$Bi,${A0}[1] - vst1.64 {$A6xB-$A7xB}, [$toutptr,:256]! - vmlal.u32 $A2xB,$Bi,${A1}[0] - vld1.64 {$A5xB-$A6xB}, [$tinptr, :256]! - vmlal.u32 $A3xB,$Bi,${A1}[1] - vld1.32 {$N0-$N3}, [$nptr]! - - vmlal.u32 $A4xB,$Bi,${A2}[0] - vld1.64 {$A7xB}, [$tinptr, :128]! - vmlal.u32 $A5xB,$Bi,${A2}[1] - vmlal.u32 $A6xB,$Bi,${A3}[0] - vmlal.u32 $A7xB,$Bi,${A3}[1] - - bne .LNEON_inner - - vmlal.u32 $A0xB,$Ni,${N0}[0] - add $tinptr,sp,#16 - vmlal.u32 $A1xB,$Ni,${N0}[1] - sub $aptr,$aptr,$num,lsl#2 @ rewind $aptr - vmlal.u32 $A2xB,$Ni,${N1}[0] - vld1.64 {$Temp}, [sp,:128] - vmlal.u32 $A3xB,$Ni,${N1}[1] - subs $outer,$outer,#1 - - vmlal.u32 $A4xB,$Ni,${N2}[0] - vst1.64 {$A0xB-$A1xB}, [$toutptr,:256]! - vmlal.u32 $A5xB,$Ni,${N2}[1] - vld1.64 {$A0xB}, [$tinptr, :128]! - vshr.u64 $temp,$temp,#16 - vst1.64 {$A2xB-$A3xB}, [$toutptr,:256]! - vmlal.u32 $A6xB,$Ni,${N3}[0] - vld1.64 {$A1xB-$A2xB}, [$tinptr, :256]! - vmlal.u32 $A7xB,$Ni,${N3}[1] - - vst1.64 {$A4xB-$A5xB}, [$toutptr,:256]! - vadd.u64 $temp,$temp,`&Dhi("$Temp")` - vst1.64 {$A6xB-$A7xB}, [$toutptr,:256]! - vshr.u64 $temp,$temp,#16 - - bne .LNEON_outer +.align 4 +.LNEON_8n_inner: + subs $inner,$inner,#8 + vmlal.u32 @ACC[0],$Bi,${A0}[0] + vld1.64 {@ACC[7]},[$tinptr,:128] + vmlal.u32 @ACC[1],$Bi,${A0}[1] + vld1.32 {$Ni},[$bnptr,:64]! @ pull smashed m[8*i+0] + vmlal.u32 @ACC[2],$Bi,${A1}[0] + vld1.32 {$N0-$N3},[$nptr]! + vmlal.u32 @ACC[3],$Bi,${A1}[1] + it ne + addne $tinptr,$tinptr,#16 @ don't advance in last iteration + vmlal.u32 @ACC[4],$Bi,${A2}[0] + vmlal.u32 @ACC[5],$Bi,${A2}[1] + vmlal.u32 @ACC[6],$Bi,${A3}[0] + vmlal.u32 @ACC[7],$Bi,${A3}[1] +___ +for ($i=1; $i<8; $i++) { +$code.=<<___; + vld1.32 {$Bi},[$bnptr,:64]! @ pull smashed b[8*i+$i] + vmlal.u32 @ACC[0],$Ni,${N0}[0] + vmlal.u32 @ACC[1],$Ni,${N0}[1] + vmlal.u32 @ACC[2],$Ni,${N1}[0] + vmlal.u32 @ACC[3],$Ni,${N1}[1] + vmlal.u32 @ACC[4],$Ni,${N2}[0] + vmlal.u32 @ACC[5],$Ni,${N2}[1] + vmlal.u32 @ACC[6],$Ni,${N3}[0] + vmlal.u32 @ACC[7],$Ni,${N3}[1] + vst1.64 {@ACC[0]},[$toutptr,:128]! +___ + push(@ACC,shift(@ACC)); +$code.=<<___; + vmlal.u32 @ACC[0],$Bi,${A0}[0] + vld1.64 {@ACC[7]},[$tinptr,:128] + vmlal.u32 @ACC[1],$Bi,${A0}[1] + vld1.32 {$Ni},[$bnptr,:64]! @ pull smashed m[8*i+$i] + vmlal.u32 @ACC[2],$Bi,${A1}[0] + it ne + addne $tinptr,$tinptr,#16 @ don't advance in last iteration + vmlal.u32 @ACC[3],$Bi,${A1}[1] + vmlal.u32 @ACC[4],$Bi,${A2}[0] + vmlal.u32 @ACC[5],$Bi,${A2}[1] + vmlal.u32 @ACC[6],$Bi,${A3}[0] + vmlal.u32 @ACC[7],$Bi,${A3}[1] +___ +} +$code.=<<___; + it eq + subeq $aptr,$aptr,$num,lsl#2 @ rewind + vmlal.u32 @ACC[0],$Ni,${N0}[0] + vld1.32 {$Bi},[sp,:64] @ pull smashed b[8*i+0] + vmlal.u32 @ACC[1],$Ni,${N0}[1] + vld1.32 {$A0-$A3},[$aptr]! + vmlal.u32 @ACC[2],$Ni,${N1}[0] + add $bnptr,sp,#8 @ rewind + vmlal.u32 @ACC[3],$Ni,${N1}[1] + vmlal.u32 @ACC[4],$Ni,${N2}[0] + vmlal.u32 @ACC[5],$Ni,${N2}[1] + vmlal.u32 @ACC[6],$Ni,${N3}[0] + vst1.64 {@ACC[0]},[$toutptr,:128]! + vmlal.u32 @ACC[7],$Ni,${N3}[1] + + bne .LNEON_8n_inner +___ + push(@ACC,shift(@ACC)); +$code.=<<___; + add $tinptr,sp,#128 + vst1.64 {@ACC[0]-@ACC[1]},[$toutptr,:256]! + veor q2,q2,q2 @ $N0-$N1 + vst1.64 {@ACC[2]-@ACC[3]},[$toutptr,:256]! + veor q3,q3,q3 @ $N2-$N3 + vst1.64 {@ACC[4]-@ACC[5]},[$toutptr,:256]! + vst1.64 {@ACC[6]},[$toutptr,:128] + + subs $outer,$outer,#8 + vld1.64 {@ACC[0]-@ACC[1]},[$tinptr,:256]! + vld1.64 {@ACC[2]-@ACC[3]},[$tinptr,:256]! + vld1.64 {@ACC[4]-@ACC[5]},[$tinptr,:256]! + vld1.64 {@ACC[6]-@ACC[7]},[$tinptr,:256]! + + itt ne + subne $nptr,$nptr,$num,lsl#2 @ rewind + bne .LNEON_8n_outer + + add $toutptr,sp,#128 + vst1.64 {q2-q3}, [sp,:256]! @ start wiping stack frame + vshr.u64 $temp,@ACC[0]#lo,#16 + vst1.64 {q2-q3},[sp,:256]! + vadd.u64 @ACC[0]#hi,@ACC[0]#hi,$temp + vst1.64 {q2-q3}, [sp,:256]! + vshr.u64 $temp,@ACC[0]#hi,#16 + vst1.64 {q2-q3}, [sp,:256]! + vzip.16 @ACC[0]#lo,@ACC[0]#hi - mov $toutptr,sp mov $inner,$num + b .LNEON_tail_entry +.align 4 .LNEON_tail: - vadd.u64 `&Dlo("$A0xB")`,`&Dlo("$A0xB")`,$temp - vld1.64 {$A3xB-$A4xB}, [$tinptr, :256]! - vshr.u64 $temp,`&Dlo("$A0xB")`,#16 - vadd.u64 `&Dhi("$A0xB")`,`&Dhi("$A0xB")`,$temp - vld1.64 {$A5xB-$A6xB}, [$tinptr, :256]! - vshr.u64 $temp,`&Dhi("$A0xB")`,#16 - vld1.64 {$A7xB}, [$tinptr, :128]! - vzip.16 `&Dlo("$A0xB")`,`&Dhi("$A0xB")` - -.LNEON_tail2: - vadd.u64 `&Dlo("$A1xB")`,`&Dlo("$A1xB")`,$temp - vst1.32 {`&Dlo("$A0xB")`[0]}, [$toutptr, :32]! - vshr.u64 $temp,`&Dlo("$A1xB")`,#16 - vadd.u64 `&Dhi("$A1xB")`,`&Dhi("$A1xB")`,$temp - vshr.u64 $temp,`&Dhi("$A1xB")`,#16 - vzip.16 `&Dlo("$A1xB")`,`&Dhi("$A1xB")` - - vadd.u64 `&Dlo("$A2xB")`,`&Dlo("$A2xB")`,$temp - vst1.32 {`&Dlo("$A1xB")`[0]}, [$toutptr, :32]! - vshr.u64 $temp,`&Dlo("$A2xB")`,#16 - vadd.u64 `&Dhi("$A2xB")`,`&Dhi("$A2xB")`,$temp - vshr.u64 $temp,`&Dhi("$A2xB")`,#16 - vzip.16 `&Dlo("$A2xB")`,`&Dhi("$A2xB")` - - vadd.u64 `&Dlo("$A3xB")`,`&Dlo("$A3xB")`,$temp - vst1.32 {`&Dlo("$A2xB")`[0]}, [$toutptr, :32]! - vshr.u64 $temp,`&Dlo("$A3xB")`,#16 - vadd.u64 `&Dhi("$A3xB")`,`&Dhi("$A3xB")`,$temp - vshr.u64 $temp,`&Dhi("$A3xB")`,#16 - vzip.16 `&Dlo("$A3xB")`,`&Dhi("$A3xB")` - - vadd.u64 `&Dlo("$A4xB")`,`&Dlo("$A4xB")`,$temp - vst1.32 {`&Dlo("$A3xB")`[0]}, [$toutptr, :32]! - vshr.u64 $temp,`&Dlo("$A4xB")`,#16 - vadd.u64 `&Dhi("$A4xB")`,`&Dhi("$A4xB")`,$temp - vshr.u64 $temp,`&Dhi("$A4xB")`,#16 - vzip.16 `&Dlo("$A4xB")`,`&Dhi("$A4xB")` - - vadd.u64 `&Dlo("$A5xB")`,`&Dlo("$A5xB")`,$temp - vst1.32 {`&Dlo("$A4xB")`[0]}, [$toutptr, :32]! - vshr.u64 $temp,`&Dlo("$A5xB")`,#16 - vadd.u64 `&Dhi("$A5xB")`,`&Dhi("$A5xB")`,$temp - vshr.u64 $temp,`&Dhi("$A5xB")`,#16 - vzip.16 `&Dlo("$A5xB")`,`&Dhi("$A5xB")` - - vadd.u64 `&Dlo("$A6xB")`,`&Dlo("$A6xB")`,$temp - vst1.32 {`&Dlo("$A5xB")`[0]}, [$toutptr, :32]! - vshr.u64 $temp,`&Dlo("$A6xB")`,#16 - vadd.u64 `&Dhi("$A6xB")`,`&Dhi("$A6xB")`,$temp - vld1.64 {$A0xB}, [$tinptr, :128]! - vshr.u64 $temp,`&Dhi("$A6xB")`,#16 - vzip.16 `&Dlo("$A6xB")`,`&Dhi("$A6xB")` - - vadd.u64 `&Dlo("$A7xB")`,`&Dlo("$A7xB")`,$temp - vst1.32 {`&Dlo("$A6xB")`[0]}, [$toutptr, :32]! - vshr.u64 $temp,`&Dlo("$A7xB")`,#16 - vadd.u64 `&Dhi("$A7xB")`,`&Dhi("$A7xB")`,$temp - vld1.64 {$A1xB-$A2xB}, [$tinptr, :256]! - vshr.u64 $temp,`&Dhi("$A7xB")`,#16 - vzip.16 `&Dlo("$A7xB")`,`&Dhi("$A7xB")` + vadd.u64 @ACC[0]#lo,@ACC[0]#lo,$temp + vshr.u64 $temp,@ACC[0]#lo,#16 + vld1.64 {@ACC[2]-@ACC[3]}, [$tinptr, :256]! + vadd.u64 @ACC[0]#hi,@ACC[0]#hi,$temp + vld1.64 {@ACC[4]-@ACC[5]}, [$tinptr, :256]! + vshr.u64 $temp,@ACC[0]#hi,#16 + vld1.64 {@ACC[6]-@ACC[7]}, [$tinptr, :256]! + vzip.16 @ACC[0]#lo,@ACC[0]#hi + +.LNEON_tail_entry: +___ +for ($i=1; $i<8; $i++) { +$code.=<<___; + vadd.u64 @ACC[1]#lo,@ACC[1]#lo,$temp + vst1.32 {@ACC[0]#lo[0]}, [$toutptr, :32]! + vshr.u64 $temp,@ACC[1]#lo,#16 + vadd.u64 @ACC[1]#hi,@ACC[1]#hi,$temp + vshr.u64 $temp,@ACC[1]#hi,#16 + vzip.16 @ACC[1]#lo,@ACC[1]#hi +___ + push(@ACC,shift(@ACC)); +} + push(@ACC,shift(@ACC)); +$code.=<<___; + vld1.64 {@ACC[0]-@ACC[1]}, [$tinptr, :256]! subs $inner,$inner,#8 - vst1.32 {`&Dlo("$A7xB")`[0]}, [$toutptr, :32]! - + vst1.32 {@ACC[7]#lo[0]}, [$toutptr, :32]! bne .LNEON_tail vst1.32 {${temp}[0]}, [$toutptr, :32] @ top-most bit @@ -622,8 +689,9 @@ bn_mul8x_mont_neon: bne .LNEON_sub ldr r10, [$aptr] @ load top-most bit + mov r11,sp veor q0,q0,q0 - sub r11,$bptr,sp @ this is num*4 + sub r11,$bptr,r11 @ this is num*4 veor q1,q1,q1 mov $aptr,sp sub $rptr,$rptr,r11 @ rewind $rptr @@ -633,27 +701,33 @@ bn_mul8x_mont_neon: .LNEON_copy_n_zap: ldmia $aptr!, {r4-r7} ldmia $rptr, {r8-r11} + it cc movcc r8, r4 vst1.64 {q0-q1}, [$nptr,:256]! @ wipe + itt cc movcc r9, r5 movcc r10,r6 vst1.64 {q0-q1}, [$nptr,:256]! @ wipe + it cc movcc r11,r7 ldmia $aptr, {r4-r7} stmia $rptr!, {r8-r11} sub $aptr,$aptr,#16 ldmia $rptr, {r8-r11} + it cc movcc r8, r4 vst1.64 {q0-q1}, [$aptr,:256]! @ wipe + itt cc movcc r9, r5 movcc r10,r6 vst1.64 {q0-q1}, [$nptr,:256]! @ wipe + it cc movcc r11,r7 teq $aptr,$bptr @ preserves carry stmia $rptr!, {r8-r11} bne .LNEON_copy_n_zap - sub sp,ip,#96 + mov sp,ip vldmia sp!,{d8-d15} ldmia sp!,{r4-r11} ret @ bx lr @@ -669,8 +743,14 @@ $code.=<<___; #endif ___ -$code =~ s/\`([^\`]*)\`/eval $1/gem; -$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 -$code =~ s/\bret\b/bx lr/gm; -print $code; +foreach (split("\n",$code)) { + s/\`([^\`]*)\`/eval $1/ge; + + s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/ge or + s/\bret\b/bx lr/g or + s/\bbx\s+lr\b/.word\t0xe12fff1e/g; # make it possible to compile with -march=armv4 + + print $_,"\n"; +} + close STDOUT; diff --git a/deps/openssl/openssl/crypto/bn/asm/armv8-mont.pl b/deps/openssl/openssl/crypto/bn/asm/armv8-mont.pl new file mode 100755 index 0000000000..5d5af1b6be --- /dev/null +++ b/deps/openssl/openssl/crypto/bn/asm/armv8-mont.pl @@ -0,0 +1,1510 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +# ==================================================================== +# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# March 2015 +# +# "Teaser" Montgomery multiplication module for ARMv8. Needs more +# work. While it does improve RSA sign performance by 20-30% (less for +# longer keys) on most processors, for some reason RSA2048 is not +# faster and RSA4096 goes 15-20% slower on Cortex-A57. Multiplication +# instruction issue rate is limited on processor in question, meaning +# that dedicated squaring procedure is a must. Well, actually all +# contemporary AArch64 processors seem to have limited multiplication +# issue rate, i.e. they can't issue multiplication every cycle, which +# explains moderate improvement coefficients in comparison to +# compiler-generated code. Recall that compiler is instructed to use +# umulh and therefore uses same amount of multiplication instructions +# to do the job. Assembly's edge is to minimize number of "collateral" +# instructions and of course instruction scheduling. +# +# April 2015 +# +# Squaring procedure that handles lengths divisible by 8 improves +# RSA/DSA performance by 25-40-60% depending on processor and key +# length. Overall improvement coefficients are always positive in +# comparison to compiler-generated code. On Cortex-A57 improvement +# is still modest on longest key lengths, while others exhibit e.g. +# 50-70% improvement for RSA4096 sign. RSA2048 sign is ~25% faster +# on Cortex-A57 and ~60-100% faster on others. + +$flavour = shift; +$output = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +($lo0,$hi0,$aj,$m0,$alo,$ahi, + $lo1,$hi1,$nj,$m1,$nlo,$nhi, + $ovf, $i,$j,$tp,$tj) = map("x$_",6..17,19..24); + +# int bn_mul_mont( +$rp="x0"; # BN_ULONG *rp, +$ap="x1"; # const BN_ULONG *ap, +$bp="x2"; # const BN_ULONG *bp, +$np="x3"; # const BN_ULONG *np, +$n0="x4"; # const BN_ULONG *n0, +$num="x5"; # int num); + +$code.=<<___; +.text + +.globl bn_mul_mont +.type bn_mul_mont,%function +.align 5 +bn_mul_mont: + tst $num,#7 + b.eq __bn_sqr8x_mont + tst $num,#3 + b.eq __bn_mul4x_mont +.Lmul_mont: + stp x29,x30,[sp,#-64]! + add x29,sp,#0 + stp x19,x20,[sp,#16] + stp x21,x22,[sp,#32] + stp x23,x24,[sp,#48] + + ldr $m0,[$bp],#8 // bp[0] + sub $tp,sp,$num,lsl#3 + ldp $hi0,$aj,[$ap],#16 // ap[0..1] + lsl $num,$num,#3 + ldr $n0,[$n0] // *n0 + and $tp,$tp,#-16 // ABI says so + ldp $hi1,$nj,[$np],#16 // np[0..1] + + mul $lo0,$hi0,$m0 // ap[0]*bp[0] + sub $j,$num,#16 // j=num-2 + umulh $hi0,$hi0,$m0 + mul $alo,$aj,$m0 // ap[1]*bp[0] + umulh $ahi,$aj,$m0 + + mul $m1,$lo0,$n0 // "tp[0]"*n0 + mov sp,$tp // alloca + + // (*) mul $lo1,$hi1,$m1 // np[0]*m1 + umulh $hi1,$hi1,$m1 + mul $nlo,$nj,$m1 // np[1]*m1 + // (*) adds $lo1,$lo1,$lo0 // discarded + // (*) As for removal of first multiplication and addition + // instructions. The outcome of first addition is + // guaranteed to be zero, which leaves two computationally + // significant outcomes: it either carries or not. Then + // question is when does it carry? Is there alternative + // way to deduce it? If you follow operations, you can + // observe that condition for carry is quite simple: + // $lo0 being non-zero. So that carry can be calculated + // by adding -1 to $lo0. That's what next instruction does. + subs xzr,$lo0,#1 // (*) + umulh $nhi,$nj,$m1 + adc $hi1,$hi1,xzr + cbz $j,.L1st_skip + +.L1st: + ldr $aj,[$ap],#8 + adds $lo0,$alo,$hi0 + sub $j,$j,#8 // j-- + adc $hi0,$ahi,xzr + + ldr $nj,[$np],#8 + adds $lo1,$nlo,$hi1 + mul $alo,$aj,$m0 // ap[j]*bp[0] + adc $hi1,$nhi,xzr + umulh $ahi,$aj,$m0 + + adds $lo1,$lo1,$lo0 + mul $nlo,$nj,$m1 // np[j]*m1 + adc $hi1,$hi1,xzr + umulh $nhi,$nj,$m1 + str $lo1,[$tp],#8 // tp[j-1] + cbnz $j,.L1st + +.L1st_skip: + adds $lo0,$alo,$hi0 + sub $ap,$ap,$num // rewind $ap + adc $hi0,$ahi,xzr + + adds $lo1,$nlo,$hi1 + sub $np,$np,$num // rewind $np + adc $hi1,$nhi,xzr + + adds $lo1,$lo1,$lo0 + sub $i,$num,#8 // i=num-1 + adcs $hi1,$hi1,$hi0 + + adc $ovf,xzr,xzr // upmost overflow bit + stp $lo1,$hi1,[$tp] + +.Louter: + ldr $m0,[$bp],#8 // bp[i] + ldp $hi0,$aj,[$ap],#16 + ldr $tj,[sp] // tp[0] + add $tp,sp,#8 + + mul $lo0,$hi0,$m0 // ap[0]*bp[i] + sub $j,$num,#16 // j=num-2 + umulh $hi0,$hi0,$m0 + ldp $hi1,$nj,[$np],#16 + mul $alo,$aj,$m0 // ap[1]*bp[i] + adds $lo0,$lo0,$tj + umulh $ahi,$aj,$m0 + adc $hi0,$hi0,xzr + + mul $m1,$lo0,$n0 + sub $i,$i,#8 // i-- + + // (*) mul $lo1,$hi1,$m1 // np[0]*m1 + umulh $hi1,$hi1,$m1 + mul $nlo,$nj,$m1 // np[1]*m1 + // (*) adds $lo1,$lo1,$lo0 + subs xzr,$lo0,#1 // (*) + umulh $nhi,$nj,$m1 + cbz $j,.Linner_skip + +.Linner: + ldr $aj,[$ap],#8 + adc $hi1,$hi1,xzr + ldr $tj,[$tp],#8 // tp[j] + adds $lo0,$alo,$hi0 + sub $j,$j,#8 // j-- + adc $hi0,$ahi,xzr + + adds $lo1,$nlo,$hi1 + ldr $nj,[$np],#8 + adc $hi1,$nhi,xzr + + mul $alo,$aj,$m0 // ap[j]*bp[i] + adds $lo0,$lo0,$tj + umulh $ahi,$aj,$m0 + adc $hi0,$hi0,xzr + + mul $nlo,$nj,$m1 // np[j]*m1 + adds $lo1,$lo1,$lo0 + umulh $nhi,$nj,$m1 + str $lo1,[$tp,#-16] // tp[j-1] + cbnz $j,.Linner + +.Linner_skip: + ldr $tj,[$tp],#8 // tp[j] + adc $hi1,$hi1,xzr + adds $lo0,$alo,$hi0 + sub $ap,$ap,$num // rewind $ap + adc $hi0,$ahi,xzr + + adds $lo1,$nlo,$hi1 + sub $np,$np,$num // rewind $np + adcs $hi1,$nhi,$ovf + adc $ovf,xzr,xzr + + adds $lo0,$lo0,$tj + adc $hi0,$hi0,xzr + + adds $lo1,$lo1,$lo0 + adcs $hi1,$hi1,$hi0 + adc $ovf,$ovf,xzr // upmost overflow bit + stp $lo1,$hi1,[$tp,#-16] + + cbnz $i,.Louter + + // Final step. We see if result is larger than modulus, and + // if it is, subtract the modulus. But comparison implies + // subtraction. So we subtract modulus, see if it borrowed, + // and conditionally copy original value. + ldr $tj,[sp] // tp[0] + add $tp,sp,#8 + ldr $nj,[$np],#8 // np[0] + subs $j,$num,#8 // j=num-1 and clear borrow + mov $ap,$rp +.Lsub: + sbcs $aj,$tj,$nj // tp[j]-np[j] + ldr $tj,[$tp],#8 + sub $j,$j,#8 // j-- + ldr $nj,[$np],#8 + str $aj,[$ap],#8 // rp[j]=tp[j]-np[j] + cbnz $j,.Lsub + + sbcs $aj,$tj,$nj + sbcs $ovf,$ovf,xzr // did it borrow? + str $aj,[$ap],#8 // rp[num-1] + + ldr $tj,[sp] // tp[0] + add $tp,sp,#8 + ldr $aj,[$rp],#8 // rp[0] + sub $num,$num,#8 // num-- + nop +.Lcond_copy: + sub $num,$num,#8 // num-- + csel $nj,$tj,$aj,lo // did it borrow? + ldr $tj,[$tp],#8 + ldr $aj,[$rp],#8 + str xzr,[$tp,#-16] // wipe tp + str $nj,[$rp,#-16] + cbnz $num,.Lcond_copy + + csel $nj,$tj,$aj,lo + str xzr,[$tp,#-8] // wipe tp + str $nj,[$rp,#-8] + + ldp x19,x20,[x29,#16] + mov sp,x29 + ldp x21,x22,[x29,#32] + mov x0,#1 + ldp x23,x24,[x29,#48] + ldr x29,[sp],#64 + ret +.size bn_mul_mont,.-bn_mul_mont +___ +{ +######################################################################## +# Following is ARMv8 adaptation of sqrx8x_mont from x86_64-mont5 module. + +my ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("x$_",(6..13)); +my ($t0,$t1,$t2,$t3)=map("x$_",(14..17)); +my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("x$_",(19..26)); +my ($cnt,$carry,$topmost)=("x27","x28","x30"); +my ($tp,$ap_end,$na0)=($bp,$np,$carry); + +$code.=<<___; +.type __bn_sqr8x_mont,%function +.align 5 +__bn_sqr8x_mont: + cmp $ap,$bp + b.ne __bn_mul4x_mont +.Lsqr8x_mont: + stp x29,x30,[sp,#-128]! + add x29,sp,#0 + stp x19,x20,[sp,#16] + stp x21,x22,[sp,#32] + stp x23,x24,[sp,#48] + stp x25,x26,[sp,#64] + stp x27,x28,[sp,#80] + stp $rp,$np,[sp,#96] // offload rp and np + + ldp $a0,$a1,[$ap,#8*0] + ldp $a2,$a3,[$ap,#8*2] + ldp $a4,$a5,[$ap,#8*4] + ldp $a6,$a7,[$ap,#8*6] + + sub $tp,sp,$num,lsl#4 + lsl $num,$num,#3 + ldr $n0,[$n0] // *n0 + mov sp,$tp // alloca + sub $cnt,$num,#8*8 + b .Lsqr8x_zero_start + +.Lsqr8x_zero: + sub $cnt,$cnt,#8*8 + stp xzr,xzr,[$tp,#8*0] + stp xzr,xzr,[$tp,#8*2] + stp xzr,xzr,[$tp,#8*4] + stp xzr,xzr,[$tp,#8*6] +.Lsqr8x_zero_start: + stp xzr,xzr,[$tp,#8*8] + stp xzr,xzr,[$tp,#8*10] + stp xzr,xzr,[$tp,#8*12] + stp xzr,xzr,[$tp,#8*14] + add $tp,$tp,#8*16 + cbnz $cnt,.Lsqr8x_zero + + add $ap_end,$ap,$num + add $ap,$ap,#8*8 + mov $acc0,xzr + mov $acc1,xzr + mov $acc2,xzr + mov $acc3,xzr + mov $acc4,xzr + mov $acc5,xzr + mov $acc6,xzr + mov $acc7,xzr + mov $tp,sp + str $n0,[x29,#112] // offload n0 + + // Multiply everything but a[i]*a[i] +.align 4 +.Lsqr8x_outer_loop: + // a[1]a[0] (i) + // a[2]a[0] + // a[3]a[0] + // a[4]a[0] + // a[5]a[0] + // a[6]a[0] + // a[7]a[0] + // a[2]a[1] (ii) + // a[3]a[1] + // a[4]a[1] + // a[5]a[1] + // a[6]a[1] + // a[7]a[1] + // a[3]a[2] (iii) + // a[4]a[2] + // a[5]a[2] + // a[6]a[2] + // a[7]a[2] + // a[4]a[3] (iv) + // a[5]a[3] + // a[6]a[3] + // a[7]a[3] + // a[5]a[4] (v) + // a[6]a[4] + // a[7]a[4] + // a[6]a[5] (vi) + // a[7]a[5] + // a[7]a[6] (vii) + + mul $t0,$a1,$a0 // lo(a[1..7]*a[0]) (i) + mul $t1,$a2,$a0 + mul $t2,$a3,$a0 + mul $t3,$a4,$a0 + adds $acc1,$acc1,$t0 // t[1]+lo(a[1]*a[0]) + mul $t0,$a5,$a0 + adcs $acc2,$acc2,$t1 + mul $t1,$a6,$a0 + adcs $acc3,$acc3,$t2 + mul $t2,$a7,$a0 + adcs $acc4,$acc4,$t3 + umulh $t3,$a1,$a0 // hi(a[1..7]*a[0]) + adcs $acc5,$acc5,$t0 + umulh $t0,$a2,$a0 + adcs $acc6,$acc6,$t1 + umulh $t1,$a3,$a0 + adcs $acc7,$acc7,$t2 + umulh $t2,$a4,$a0 + stp $acc0,$acc1,[$tp],#8*2 // t[0..1] + adc $acc0,xzr,xzr // t[8] + adds $acc2,$acc2,$t3 // t[2]+lo(a[1]*a[0]) + umulh $t3,$a5,$a0 + adcs $acc3,$acc3,$t0 + umulh $t0,$a6,$a0 + adcs $acc4,$acc4,$t1 + umulh $t1,$a7,$a0 + adcs $acc5,$acc5,$t2 + mul $t2,$a2,$a1 // lo(a[2..7]*a[1]) (ii) + adcs $acc6,$acc6,$t3 + mul $t3,$a3,$a1 + adcs $acc7,$acc7,$t0 + mul $t0,$a4,$a1 + adc $acc0,$acc0,$t1 + + mul $t1,$a5,$a1 + adds $acc3,$acc3,$t2 + mul $t2,$a6,$a1 + adcs $acc4,$acc4,$t3 + mul $t3,$a7,$a1 + adcs $acc5,$acc5,$t0 + umulh $t0,$a2,$a1 // hi(a[2..7]*a[1]) + adcs $acc6,$acc6,$t1 + umulh $t1,$a3,$a1 + adcs $acc7,$acc7,$t2 + umulh $t2,$a4,$a1 + adcs $acc0,$acc0,$t3 + umulh $t3,$a5,$a1 + stp $acc2,$acc3,[$tp],#8*2 // t[2..3] + adc $acc1,xzr,xzr // t[9] + adds $acc4,$acc4,$t0 + umulh $t0,$a6,$a1 + adcs $acc5,$acc5,$t1 + umulh $t1,$a7,$a1 + adcs $acc6,$acc6,$t2 + mul $t2,$a3,$a2 // lo(a[3..7]*a[2]) (iii) + adcs $acc7,$acc7,$t3 + mul $t3,$a4,$a2 + adcs $acc0,$acc0,$t0 + mul $t0,$a5,$a2 + adc $acc1,$acc1,$t1 + + mul $t1,$a6,$a2 + adds $acc5,$acc5,$t2 + mul $t2,$a7,$a2 + adcs $acc6,$acc6,$t3 + umulh $t3,$a3,$a2 // hi(a[3..7]*a[2]) + adcs $acc7,$acc7,$t0 + umulh $t0,$a4,$a2 + adcs $acc0,$acc0,$t1 + umulh $t1,$a5,$a2 + adcs $acc1,$acc1,$t2 + umulh $t2,$a6,$a2 + stp $acc4,$acc5,[$tp],#8*2 // t[4..5] + adc $acc2,xzr,xzr // t[10] + adds $acc6,$acc6,$t3 + umulh $t3,$a7,$a2 + adcs $acc7,$acc7,$t0 + mul $t0,$a4,$a3 // lo(a[4..7]*a[3]) (iv) + adcs $acc0,$acc0,$t1 + mul $t1,$a5,$a3 + adcs $acc1,$acc1,$t2 + mul $t2,$a6,$a3 + adc $acc2,$acc2,$t3 + + mul $t3,$a7,$a3 + adds $acc7,$acc7,$t0 + umulh $t0,$a4,$a3 // hi(a[4..7]*a[3]) + adcs $acc0,$acc0,$t1 + umulh $t1,$a5,$a3 + adcs $acc1,$acc1,$t2 + umulh $t2,$a6,$a3 + adcs $acc2,$acc2,$t3 + umulh $t3,$a7,$a3 + stp $acc6,$acc7,[$tp],#8*2 // t[6..7] + adc $acc3,xzr,xzr // t[11] + adds $acc0,$acc0,$t0 + mul $t0,$a5,$a4 // lo(a[5..7]*a[4]) (v) + adcs $acc1,$acc1,$t1 + mul $t1,$a6,$a4 + adcs $acc2,$acc2,$t2 + mul $t2,$a7,$a4 + adc $acc3,$acc3,$t3 + + umulh $t3,$a5,$a4 // hi(a[5..7]*a[4]) + adds $acc1,$acc1,$t0 + umulh $t0,$a6,$a4 + adcs $acc2,$acc2,$t1 + umulh $t1,$a7,$a4 + adcs $acc3,$acc3,$t2 + mul $t2,$a6,$a5 // lo(a[6..7]*a[5]) (vi) + adc $acc4,xzr,xzr // t[12] + adds $acc2,$acc2,$t3 + mul $t3,$a7,$a5 + adcs $acc3,$acc3,$t0 + umulh $t0,$a6,$a5 // hi(a[6..7]*a[5]) + adc $acc4,$acc4,$t1 + + umulh $t1,$a7,$a5 + adds $acc3,$acc3,$t2 + mul $t2,$a7,$a6 // lo(a[7]*a[6]) (vii) + adcs $acc4,$acc4,$t3 + umulh $t3,$a7,$a6 // hi(a[7]*a[6]) + adc $acc5,xzr,xzr // t[13] + adds $acc4,$acc4,$t0 + sub $cnt,$ap_end,$ap // done yet? + adc $acc5,$acc5,$t1 + + adds $acc5,$acc5,$t2 + sub $t0,$ap_end,$num // rewinded ap + adc $acc6,xzr,xzr // t[14] + add $acc6,$acc6,$t3 + + cbz $cnt,.Lsqr8x_outer_break + + mov $n0,$a0 + ldp $a0,$a1,[$tp,#8*0] + ldp $a2,$a3,[$tp,#8*2] + ldp $a4,$a5,[$tp,#8*4] + ldp $a6,$a7,[$tp,#8*6] + adds $acc0,$acc0,$a0 + adcs $acc1,$acc1,$a1 + ldp $a0,$a1,[$ap,#8*0] + adcs $acc2,$acc2,$a2 + adcs $acc3,$acc3,$a3 + ldp $a2,$a3,[$ap,#8*2] + adcs $acc4,$acc4,$a4 + adcs $acc5,$acc5,$a5 + ldp $a4,$a5,[$ap,#8*4] + adcs $acc6,$acc6,$a6 + mov $rp,$ap + adcs $acc7,xzr,$a7 + ldp $a6,$a7,[$ap,#8*6] + add $ap,$ap,#8*8 + //adc $carry,xzr,xzr // moved below + mov $cnt,#-8*8 + + // a[8]a[0] + // a[9]a[0] + // a[a]a[0] + // a[b]a[0] + // a[c]a[0] + // a[d]a[0] + // a[e]a[0] + // a[f]a[0] + // a[8]a[1] + // a[f]a[1]........................ + // a[8]a[2] + // a[f]a[2]........................ + // a[8]a[3] + // a[f]a[3]........................ + // a[8]a[4] + // a[f]a[4]........................ + // a[8]a[5] + // a[f]a[5]........................ + // a[8]a[6] + // a[f]a[6]........................ + // a[8]a[7] + // a[f]a[7]........................ +.Lsqr8x_mul: + mul $t0,$a0,$n0 + adc $carry,xzr,xzr // carry bit, modulo-scheduled + mul $t1,$a1,$n0 + add $cnt,$cnt,#8 + mul $t2,$a2,$n0 + mul $t3,$a3,$n0 + adds $acc0,$acc0,$t0 + mul $t0,$a4,$n0 + adcs $acc1,$acc1,$t1 + mul $t1,$a5,$n0 + adcs $acc2,$acc2,$t2 + mul $t2,$a6,$n0 + adcs $acc3,$acc3,$t3 + mul $t3,$a7,$n0 + adcs $acc4,$acc4,$t0 + umulh $t0,$a0,$n0 + adcs $acc5,$acc5,$t1 + umulh $t1,$a1,$n0 + adcs $acc6,$acc6,$t2 + umulh $t2,$a2,$n0 + adcs $acc7,$acc7,$t3 + umulh $t3,$a3,$n0 + adc $carry,$carry,xzr + str $acc0,[$tp],#8 + adds $acc0,$acc1,$t0 + umulh $t0,$a4,$n0 + adcs $acc1,$acc2,$t1 + umulh $t1,$a5,$n0 + adcs $acc2,$acc3,$t2 + umulh $t2,$a6,$n0 + adcs $acc3,$acc4,$t3 + umulh $t3,$a7,$n0 + ldr $n0,[$rp,$cnt] + adcs $acc4,$acc5,$t0 + adcs $acc5,$acc6,$t1 + adcs $acc6,$acc7,$t2 + adcs $acc7,$carry,$t3 + //adc $carry,xzr,xzr // moved above + cbnz $cnt,.Lsqr8x_mul + // note that carry flag is guaranteed + // to be zero at this point + cmp $ap,$ap_end // done yet? + b.eq .Lsqr8x_break + + ldp $a0,$a1,[$tp,#8*0] + ldp $a2,$a3,[$tp,#8*2] + ldp $a4,$a5,[$tp,#8*4] + ldp $a6,$a7,[$tp,#8*6] + adds $acc0,$acc0,$a0 + ldr $n0,[$rp,#-8*8] + adcs $acc1,$acc1,$a1 + ldp $a0,$a1,[$ap,#8*0] + adcs $acc2,$acc2,$a2 + adcs $acc3,$acc3,$a3 + ldp $a2,$a3,[$ap,#8*2] + adcs $acc4,$acc4,$a4 + adcs $acc5,$acc5,$a5 + ldp $a4,$a5,[$ap,#8*4] + adcs $acc6,$acc6,$a6 + mov $cnt,#-8*8 + adcs $acc7,$acc7,$a7 + ldp $a6,$a7,[$ap,#8*6] + add $ap,$ap,#8*8 + //adc $carry,xzr,xzr // moved above + b .Lsqr8x_mul + +.align 4 +.Lsqr8x_break: + ldp $a0,$a1,[$rp,#8*0] + add $ap,$rp,#8*8 + ldp $a2,$a3,[$rp,#8*2] + sub $t0,$ap_end,$ap // is it last iteration? + ldp $a4,$a5,[$rp,#8*4] + sub $t1,$tp,$t0 + ldp $a6,$a7,[$rp,#8*6] + cbz $t0,.Lsqr8x_outer_loop + + stp $acc0,$acc1,[$tp,#8*0] + ldp $acc0,$acc1,[$t1,#8*0] + stp $acc2,$acc3,[$tp,#8*2] + ldp $acc2,$acc3,[$t1,#8*2] + stp $acc4,$acc5,[$tp,#8*4] + ldp $acc4,$acc5,[$t1,#8*4] + stp $acc6,$acc7,[$tp,#8*6] + mov $tp,$t1 + ldp $acc6,$acc7,[$t1,#8*6] + b .Lsqr8x_outer_loop + +.align 4 +.Lsqr8x_outer_break: + // Now multiply above result by 2 and add a[n-1]*a[n-1]|...|a[0]*a[0] + ldp $a1,$a3,[$t0,#8*0] // recall that $t0 is &a[0] + ldp $t1,$t2,[sp,#8*1] + ldp $a5,$a7,[$t0,#8*2] + add $ap,$t0,#8*4 + ldp $t3,$t0,[sp,#8*3] + + stp $acc0,$acc1,[$tp,#8*0] + mul $acc0,$a1,$a1 + stp $acc2,$acc3,[$tp,#8*2] + umulh $a1,$a1,$a1 + stp $acc4,$acc5,[$tp,#8*4] + mul $a2,$a3,$a3 + stp $acc6,$acc7,[$tp,#8*6] + mov $tp,sp + umulh $a3,$a3,$a3 + adds $acc1,$a1,$t1,lsl#1 + extr $t1,$t2,$t1,#63 + sub $cnt,$num,#8*4 + +.Lsqr4x_shift_n_add: + adcs $acc2,$a2,$t1 + extr $t2,$t3,$t2,#63 + sub $cnt,$cnt,#8*4 + adcs $acc3,$a3,$t2 + ldp $t1,$t2,[$tp,#8*5] + mul $a4,$a5,$a5 + ldp $a1,$a3,[$ap],#8*2 + umulh $a5,$a5,$a5 + mul $a6,$a7,$a7 + umulh $a7,$a7,$a7 + extr $t3,$t0,$t3,#63 + stp $acc0,$acc1,[$tp,#8*0] + adcs $acc4,$a4,$t3 + extr $t0,$t1,$t0,#63 + stp $acc2,$acc3,[$tp,#8*2] + adcs $acc5,$a5,$t0 + ldp $t3,$t0,[$tp,#8*7] + extr $t1,$t2,$t1,#63 + adcs $acc6,$a6,$t1 + extr $t2,$t3,$t2,#63 + adcs $acc7,$a7,$t2 + ldp $t1,$t2,[$tp,#8*9] + mul $a0,$a1,$a1 + ldp $a5,$a7,[$ap],#8*2 + umulh $a1,$a1,$a1 + mul $a2,$a3,$a3 + umulh $a3,$a3,$a3 + stp $acc4,$acc5,[$tp,#8*4] + extr $t3,$t0,$t3,#63 + stp $acc6,$acc7,[$tp,#8*6] + add $tp,$tp,#8*8 + adcs $acc0,$a0,$t3 + extr $t0,$t1,$t0,#63 + adcs $acc1,$a1,$t0 + ldp $t3,$t0,[$tp,#8*3] + extr $t1,$t2,$t1,#63 + cbnz $cnt,.Lsqr4x_shift_n_add +___ +my ($np,$np_end)=($ap,$ap_end); +$code.=<<___; + ldp $np,$n0,[x29,#104] // pull np and n0 + + adcs $acc2,$a2,$t1 + extr $t2,$t3,$t2,#63 + adcs $acc3,$a3,$t2 + ldp $t1,$t2,[$tp,#8*5] + mul $a4,$a5,$a5 + umulh $a5,$a5,$a5 + stp $acc0,$acc1,[$tp,#8*0] + mul $a6,$a7,$a7 + umulh $a7,$a7,$a7 + stp $acc2,$acc3,[$tp,#8*2] + extr $t3,$t0,$t3,#63 + adcs $acc4,$a4,$t3 + extr $t0,$t1,$t0,#63 + ldp $acc0,$acc1,[sp,#8*0] + adcs $acc5,$a5,$t0 + extr $t1,$t2,$t1,#63 + ldp $a0,$a1,[$np,#8*0] + adcs $acc6,$a6,$t1 + extr $t2,xzr,$t2,#63 + ldp $a2,$a3,[$np,#8*2] + adc $acc7,$a7,$t2 + ldp $a4,$a5,[$np,#8*4] + + // Reduce by 512 bits per iteration + mul $na0,$n0,$acc0 // t[0]*n0 + ldp $a6,$a7,[$np,#8*6] + add $np_end,$np,$num + ldp $acc2,$acc3,[sp,#8*2] + stp $acc4,$acc5,[$tp,#8*4] + ldp $acc4,$acc5,[sp,#8*4] + stp $acc6,$acc7,[$tp,#8*6] + ldp $acc6,$acc7,[sp,#8*6] + add $np,$np,#8*8 + mov $topmost,xzr // initial top-most carry + mov $tp,sp + mov $cnt,#8 + +.Lsqr8x_reduction: + // (*) mul $t0,$a0,$na0 // lo(n[0-7])*lo(t[0]*n0) + mul $t1,$a1,$na0 + sub $cnt,$cnt,#1 + mul $t2,$a2,$na0 + str $na0,[$tp],#8 // put aside t[0]*n0 for tail processing + mul $t3,$a3,$na0 + // (*) adds xzr,$acc0,$t0 + subs xzr,$acc0,#1 // (*) + mul $t0,$a4,$na0 + adcs $acc0,$acc1,$t1 + mul $t1,$a5,$na0 + adcs $acc1,$acc2,$t2 + mul $t2,$a6,$na0 + adcs $acc2,$acc3,$t3 + mul $t3,$a7,$na0 + adcs $acc3,$acc4,$t0 + umulh $t0,$a0,$na0 // hi(n[0-7])*lo(t[0]*n0) + adcs $acc4,$acc5,$t1 + umulh $t1,$a1,$na0 + adcs $acc5,$acc6,$t2 + umulh $t2,$a2,$na0 + adcs $acc6,$acc7,$t3 + umulh $t3,$a3,$na0 + adc $acc7,xzr,xzr + adds $acc0,$acc0,$t0 + umulh $t0,$a4,$na0 + adcs $acc1,$acc1,$t1 + umulh $t1,$a5,$na0 + adcs $acc2,$acc2,$t2 + umulh $t2,$a6,$na0 + adcs $acc3,$acc3,$t3 + umulh $t3,$a7,$na0 + mul $na0,$n0,$acc0 // next t[0]*n0 + adcs $acc4,$acc4,$t0 + adcs $acc5,$acc5,$t1 + adcs $acc6,$acc6,$t2 + adc $acc7,$acc7,$t3 + cbnz $cnt,.Lsqr8x_reduction + + ldp $t0,$t1,[$tp,#8*0] + ldp $t2,$t3,[$tp,#8*2] + mov $rp,$tp + sub $cnt,$np_end,$np // done yet? + adds $acc0,$acc0,$t0 + adcs $acc1,$acc1,$t1 + ldp $t0,$t1,[$tp,#8*4] + adcs $acc2,$acc2,$t2 + adcs $acc3,$acc3,$t3 + ldp $t2,$t3,[$tp,#8*6] + adcs $acc4,$acc4,$t0 + adcs $acc5,$acc5,$t1 + adcs $acc6,$acc6,$t2 + adcs $acc7,$acc7,$t3 + //adc $carry,xzr,xzr // moved below + cbz $cnt,.Lsqr8x8_post_condition + + ldr $n0,[$tp,#-8*8] + ldp $a0,$a1,[$np,#8*0] + ldp $a2,$a3,[$np,#8*2] + ldp $a4,$a5,[$np,#8*4] + mov $cnt,#-8*8 + ldp $a6,$a7,[$np,#8*6] + add $np,$np,#8*8 + +.Lsqr8x_tail: + mul $t0,$a0,$n0 + adc $carry,xzr,xzr // carry bit, modulo-scheduled + mul $t1,$a1,$n0 + add $cnt,$cnt,#8 + mul $t2,$a2,$n0 + mul $t3,$a3,$n0 + adds $acc0,$acc0,$t0 + mul $t0,$a4,$n0 + adcs $acc1,$acc1,$t1 + mul $t1,$a5,$n0 + adcs $acc2,$acc2,$t2 + mul $t2,$a6,$n0 + adcs $acc3,$acc3,$t3 + mul $t3,$a7,$n0 + adcs $acc4,$acc4,$t0 + umulh $t0,$a0,$n0 + adcs $acc5,$acc5,$t1 + umulh $t1,$a1,$n0 + adcs $acc6,$acc6,$t2 + umulh $t2,$a2,$n0 + adcs $acc7,$acc7,$t3 + umulh $t3,$a3,$n0 + adc $carry,$carry,xzr + str $acc0,[$tp],#8 + adds $acc0,$acc1,$t0 + umulh $t0,$a4,$n0 + adcs $acc1,$acc2,$t1 + umulh $t1,$a5,$n0 + adcs $acc2,$acc3,$t2 + umulh $t2,$a6,$n0 + adcs $acc3,$acc4,$t3 + umulh $t3,$a7,$n0 + ldr $n0,[$rp,$cnt] + adcs $acc4,$acc5,$t0 + adcs $acc5,$acc6,$t1 + adcs $acc6,$acc7,$t2 + adcs $acc7,$carry,$t3 + //adc $carry,xzr,xzr // moved above + cbnz $cnt,.Lsqr8x_tail + // note that carry flag is guaranteed + // to be zero at this point + ldp $a0,$a1,[$tp,#8*0] + sub $cnt,$np_end,$np // done yet? + sub $t2,$np_end,$num // rewinded np + ldp $a2,$a3,[$tp,#8*2] + ldp $a4,$a5,[$tp,#8*4] + ldp $a6,$a7,[$tp,#8*6] + cbz $cnt,.Lsqr8x_tail_break + + ldr $n0,[$rp,#-8*8] + adds $acc0,$acc0,$a0 + adcs $acc1,$acc1,$a1 + ldp $a0,$a1,[$np,#8*0] + adcs $acc2,$acc2,$a2 + adcs $acc3,$acc3,$a3 + ldp $a2,$a3,[$np,#8*2] + adcs $acc4,$acc4,$a4 + adcs $acc5,$acc5,$a5 + ldp $a4,$a5,[$np,#8*4] + adcs $acc6,$acc6,$a6 + mov $cnt,#-8*8 + adcs $acc7,$acc7,$a7 + ldp $a6,$a7,[$np,#8*6] + add $np,$np,#8*8 + //adc $carry,xzr,xzr // moved above + b .Lsqr8x_tail + +.align 4 +.Lsqr8x_tail_break: + ldr $n0,[x29,#112] // pull n0 + add $cnt,$tp,#8*8 // end of current t[num] window + + subs xzr,$topmost,#1 // "move" top-most carry to carry bit + adcs $t0,$acc0,$a0 + adcs $t1,$acc1,$a1 + ldp $acc0,$acc1,[$rp,#8*0] + adcs $acc2,$acc2,$a2 + ldp $a0,$a1,[$t2,#8*0] // recall that $t2 is &n[0] + adcs $acc3,$acc3,$a3 + ldp $a2,$a3,[$t2,#8*2] + adcs $acc4,$acc4,$a4 + adcs $acc5,$acc5,$a5 + ldp $a4,$a5,[$t2,#8*4] + adcs $acc6,$acc6,$a6 + adcs $acc7,$acc7,$a7 + ldp $a6,$a7,[$t2,#8*6] + add $np,$t2,#8*8 + adc $topmost,xzr,xzr // top-most carry + mul $na0,$n0,$acc0 + stp $t0,$t1,[$tp,#8*0] + stp $acc2,$acc3,[$tp,#8*2] + ldp $acc2,$acc3,[$rp,#8*2] + stp $acc4,$acc5,[$tp,#8*4] + ldp $acc4,$acc5,[$rp,#8*4] + cmp $cnt,x29 // did we hit the bottom? + stp $acc6,$acc7,[$tp,#8*6] + mov $tp,$rp // slide the window + ldp $acc6,$acc7,[$rp,#8*6] + mov $cnt,#8 + b.ne .Lsqr8x_reduction + + // Final step. We see if result is larger than modulus, and + // if it is, subtract the modulus. But comparison implies + // subtraction. So we subtract modulus, see if it borrowed, + // and conditionally copy original value. + ldr $rp,[x29,#96] // pull rp + add $tp,$tp,#8*8 + subs $t0,$acc0,$a0 + sbcs $t1,$acc1,$a1 + sub $cnt,$num,#8*8 + mov $ap_end,$rp // $rp copy + +.Lsqr8x_sub: + sbcs $t2,$acc2,$a2 + ldp $a0,$a1,[$np,#8*0] + sbcs $t3,$acc3,$a3 + stp $t0,$t1,[$rp,#8*0] + sbcs $t0,$acc4,$a4 + ldp $a2,$a3,[$np,#8*2] + sbcs $t1,$acc5,$a5 + stp $t2,$t3,[$rp,#8*2] + sbcs $t2,$acc6,$a6 + ldp $a4,$a5,[$np,#8*4] + sbcs $t3,$acc7,$a7 + ldp $a6,$a7,[$np,#8*6] + add $np,$np,#8*8 + ldp $acc0,$acc1,[$tp,#8*0] + sub $cnt,$cnt,#8*8 + ldp $acc2,$acc3,[$tp,#8*2] + ldp $acc4,$acc5,[$tp,#8*4] + ldp $acc6,$acc7,[$tp,#8*6] + add $tp,$tp,#8*8 + stp $t0,$t1,[$rp,#8*4] + sbcs $t0,$acc0,$a0 + stp $t2,$t3,[$rp,#8*6] + add $rp,$rp,#8*8 + sbcs $t1,$acc1,$a1 + cbnz $cnt,.Lsqr8x_sub + + sbcs $t2,$acc2,$a2 + mov $tp,sp + add $ap,sp,$num + ldp $a0,$a1,[$ap_end,#8*0] + sbcs $t3,$acc3,$a3 + stp $t0,$t1,[$rp,#8*0] + sbcs $t0,$acc4,$a4 + ldp $a2,$a3,[$ap_end,#8*2] + sbcs $t1,$acc5,$a5 + stp $t2,$t3,[$rp,#8*2] + sbcs $t2,$acc6,$a6 + ldp $acc0,$acc1,[$ap,#8*0] + sbcs $t3,$acc7,$a7 + ldp $acc2,$acc3,[$ap,#8*2] + sbcs xzr,$topmost,xzr // did it borrow? + ldr x30,[x29,#8] // pull return address + stp $t0,$t1,[$rp,#8*4] + stp $t2,$t3,[$rp,#8*6] + + sub $cnt,$num,#8*4 +.Lsqr4x_cond_copy: + sub $cnt,$cnt,#8*4 + csel $t0,$acc0,$a0,lo + stp xzr,xzr,[$tp,#8*0] + csel $t1,$acc1,$a1,lo + ldp $a0,$a1,[$ap_end,#8*4] + ldp $acc0,$acc1,[$ap,#8*4] + csel $t2,$acc2,$a2,lo + stp xzr,xzr,[$tp,#8*2] + add $tp,$tp,#8*4 + csel $t3,$acc3,$a3,lo + ldp $a2,$a3,[$ap_end,#8*6] + ldp $acc2,$acc3,[$ap,#8*6] + add $ap,$ap,#8*4 + stp $t0,$t1,[$ap_end,#8*0] + stp $t2,$t3,[$ap_end,#8*2] + add $ap_end,$ap_end,#8*4 + stp xzr,xzr,[$ap,#8*0] + stp xzr,xzr,[$ap,#8*2] + cbnz $cnt,.Lsqr4x_cond_copy + + csel $t0,$acc0,$a0,lo + stp xzr,xzr,[$tp,#8*0] + csel $t1,$acc1,$a1,lo + stp xzr,xzr,[$tp,#8*2] + csel $t2,$acc2,$a2,lo + csel $t3,$acc3,$a3,lo + stp $t0,$t1,[$ap_end,#8*0] + stp $t2,$t3,[$ap_end,#8*2] + + b .Lsqr8x_done + +.align 4 +.Lsqr8x8_post_condition: + adc $carry,xzr,xzr + ldr x30,[x29,#8] // pull return address + // $acc0-7,$carry hold result, $a0-7 hold modulus + subs $a0,$acc0,$a0 + ldr $ap,[x29,#96] // pull rp + sbcs $a1,$acc1,$a1 + stp xzr,xzr,[sp,#8*0] + sbcs $a2,$acc2,$a2 + stp xzr,xzr,[sp,#8*2] + sbcs $a3,$acc3,$a3 + stp xzr,xzr,[sp,#8*4] + sbcs $a4,$acc4,$a4 + stp xzr,xzr,[sp,#8*6] + sbcs $a5,$acc5,$a5 + stp xzr,xzr,[sp,#8*8] + sbcs $a6,$acc6,$a6 + stp xzr,xzr,[sp,#8*10] + sbcs $a7,$acc7,$a7 + stp xzr,xzr,[sp,#8*12] + sbcs $carry,$carry,xzr // did it borrow? + stp xzr,xzr,[sp,#8*14] + + // $a0-7 hold result-modulus + csel $a0,$acc0,$a0,lo + csel $a1,$acc1,$a1,lo + csel $a2,$acc2,$a2,lo + csel $a3,$acc3,$a3,lo + stp $a0,$a1,[$ap,#8*0] + csel $a4,$acc4,$a4,lo + csel $a5,$acc5,$a5,lo + stp $a2,$a3,[$ap,#8*2] + csel $a6,$acc6,$a6,lo + csel $a7,$acc7,$a7,lo + stp $a4,$a5,[$ap,#8*4] + stp $a6,$a7,[$ap,#8*6] + +.Lsqr8x_done: + ldp x19,x20,[x29,#16] + mov sp,x29 + ldp x21,x22,[x29,#32] + mov x0,#1 + ldp x23,x24,[x29,#48] + ldp x25,x26,[x29,#64] + ldp x27,x28,[x29,#80] + ldr x29,[sp],#128 + ret +.size __bn_sqr8x_mont,.-__bn_sqr8x_mont +___ +} + +{ +######################################################################## +# Even though this might look as ARMv8 adaptation of mulx4x_mont from +# x86_64-mont5 module, it's different in sense that it performs +# reduction 256 bits at a time. + +my ($a0,$a1,$a2,$a3, + $t0,$t1,$t2,$t3, + $m0,$m1,$m2,$m3, + $acc0,$acc1,$acc2,$acc3,$acc4, + $bi,$mi,$tp,$ap_end,$cnt) = map("x$_",(6..17,19..28)); +my $bp_end=$rp; +my ($carry,$topmost) = ($rp,"x30"); + +$code.=<<___; +.type __bn_mul4x_mont,%function +.align 5 +__bn_mul4x_mont: + stp x29,x30,[sp,#-128]! + add x29,sp,#0 + stp x19,x20,[sp,#16] + stp x21,x22,[sp,#32] + stp x23,x24,[sp,#48] + stp x25,x26,[sp,#64] + stp x27,x28,[sp,#80] + + sub $tp,sp,$num,lsl#3 + lsl $num,$num,#3 + ldr $n0,[$n0] // *n0 + sub sp,$tp,#8*4 // alloca + + add $t0,$bp,$num + add $ap_end,$ap,$num + stp $rp,$t0,[x29,#96] // offload rp and &b[num] + + ldr $bi,[$bp,#8*0] // b[0] + ldp $a0,$a1,[$ap,#8*0] // a[0..3] + ldp $a2,$a3,[$ap,#8*2] + add $ap,$ap,#8*4 + mov $acc0,xzr + mov $acc1,xzr + mov $acc2,xzr + mov $acc3,xzr + ldp $m0,$m1,[$np,#8*0] // n[0..3] + ldp $m2,$m3,[$np,#8*2] + adds $np,$np,#8*4 // clear carry bit + mov $carry,xzr + mov $cnt,#0 + mov $tp,sp + +.Loop_mul4x_1st_reduction: + mul $t0,$a0,$bi // lo(a[0..3]*b[0]) + adc $carry,$carry,xzr // modulo-scheduled + mul $t1,$a1,$bi + add $cnt,$cnt,#8 + mul $t2,$a2,$bi + and $cnt,$cnt,#31 + mul $t3,$a3,$bi + adds $acc0,$acc0,$t0 + umulh $t0,$a0,$bi // hi(a[0..3]*b[0]) + adcs $acc1,$acc1,$t1 + mul $mi,$acc0,$n0 // t[0]*n0 + adcs $acc2,$acc2,$t2 + umulh $t1,$a1,$bi + adcs $acc3,$acc3,$t3 + umulh $t2,$a2,$bi + adc $acc4,xzr,xzr + umulh $t3,$a3,$bi + ldr $bi,[$bp,$cnt] // next b[i] (or b[0]) + adds $acc1,$acc1,$t0 + // (*) mul $t0,$m0,$mi // lo(n[0..3]*t[0]*n0) + str $mi,[$tp],#8 // put aside t[0]*n0 for tail processing + adcs $acc2,$acc2,$t1 + mul $t1,$m1,$mi + adcs $acc3,$acc3,$t2 + mul $t2,$m2,$mi + adc $acc4,$acc4,$t3 // can't overflow + mul $t3,$m3,$mi + // (*) adds xzr,$acc0,$t0 + subs xzr,$acc0,#1 // (*) + umulh $t0,$m0,$mi // hi(n[0..3]*t[0]*n0) + adcs $acc0,$acc1,$t1 + umulh $t1,$m1,$mi + adcs $acc1,$acc2,$t2 + umulh $t2,$m2,$mi + adcs $acc2,$acc3,$t3 + umulh $t3,$m3,$mi + adcs $acc3,$acc4,$carry + adc $carry,xzr,xzr + adds $acc0,$acc0,$t0 + sub $t0,$ap_end,$ap + adcs $acc1,$acc1,$t1 + adcs $acc2,$acc2,$t2 + adcs $acc3,$acc3,$t3 + //adc $carry,$carry,xzr + cbnz $cnt,.Loop_mul4x_1st_reduction + + cbz $t0,.Lmul4x4_post_condition + + ldp $a0,$a1,[$ap,#8*0] // a[4..7] + ldp $a2,$a3,[$ap,#8*2] + add $ap,$ap,#8*4 + ldr $mi,[sp] // a[0]*n0 + ldp $m0,$m1,[$np,#8*0] // n[4..7] + ldp $m2,$m3,[$np,#8*2] + add $np,$np,#8*4 + +.Loop_mul4x_1st_tail: + mul $t0,$a0,$bi // lo(a[4..7]*b[i]) + adc $carry,$carry,xzr // modulo-scheduled + mul $t1,$a1,$bi + add $cnt,$cnt,#8 + mul $t2,$a2,$bi + and $cnt,$cnt,#31 + mul $t3,$a3,$bi + adds $acc0,$acc0,$t0 + umulh $t0,$a0,$bi // hi(a[4..7]*b[i]) + adcs $acc1,$acc1,$t1 + umulh $t1,$a1,$bi + adcs $acc2,$acc2,$t2 + umulh $t2,$a2,$bi + adcs $acc3,$acc3,$t3 + umulh $t3,$a3,$bi + adc $acc4,xzr,xzr + ldr $bi,[$bp,$cnt] // next b[i] (or b[0]) + adds $acc1,$acc1,$t0 + mul $t0,$m0,$mi // lo(n[4..7]*a[0]*n0) + adcs $acc2,$acc2,$t1 + mul $t1,$m1,$mi + adcs $acc3,$acc3,$t2 + mul $t2,$m2,$mi + adc $acc4,$acc4,$t3 // can't overflow + mul $t3,$m3,$mi + adds $acc0,$acc0,$t0 + umulh $t0,$m0,$mi // hi(n[4..7]*a[0]*n0) + adcs $acc1,$acc1,$t1 + umulh $t1,$m1,$mi + adcs $acc2,$acc2,$t2 + umulh $t2,$m2,$mi + adcs $acc3,$acc3,$t3 + adcs $acc4,$acc4,$carry + umulh $t3,$m3,$mi + adc $carry,xzr,xzr + ldr $mi,[sp,$cnt] // next t[0]*n0 + str $acc0,[$tp],#8 // result!!! + adds $acc0,$acc1,$t0 + sub $t0,$ap_end,$ap // done yet? + adcs $acc1,$acc2,$t1 + adcs $acc2,$acc3,$t2 + adcs $acc3,$acc4,$t3 + //adc $carry,$carry,xzr + cbnz $cnt,.Loop_mul4x_1st_tail + + sub $t1,$ap_end,$num // rewinded $ap + cbz $t0,.Lmul4x_proceed + + ldp $a0,$a1,[$ap,#8*0] + ldp $a2,$a3,[$ap,#8*2] + add $ap,$ap,#8*4 + ldp $m0,$m1,[$np,#8*0] + ldp $m2,$m3,[$np,#8*2] + add $np,$np,#8*4 + b .Loop_mul4x_1st_tail + +.align 5 +.Lmul4x_proceed: + ldr $bi,[$bp,#8*4]! // *++b + adc $topmost,$carry,xzr + ldp $a0,$a1,[$t1,#8*0] // a[0..3] + sub $np,$np,$num // rewind np + ldp $a2,$a3,[$t1,#8*2] + add $ap,$t1,#8*4 + + stp $acc0,$acc1,[$tp,#8*0] // result!!! + ldp $acc0,$acc1,[sp,#8*4] // t[0..3] + stp $acc2,$acc3,[$tp,#8*2] // result!!! + ldp $acc2,$acc3,[sp,#8*6] + + ldp $m0,$m1,[$np,#8*0] // n[0..3] + mov $tp,sp + ldp $m2,$m3,[$np,#8*2] + adds $np,$np,#8*4 // clear carry bit + mov $carry,xzr + +.align 4 +.Loop_mul4x_reduction: + mul $t0,$a0,$bi // lo(a[0..3]*b[4]) + adc $carry,$carry,xzr // modulo-scheduled + mul $t1,$a1,$bi + add $cnt,$cnt,#8 + mul $t2,$a2,$bi + and $cnt,$cnt,#31 + mul $t3,$a3,$bi + adds $acc0,$acc0,$t0 + umulh $t0,$a0,$bi // hi(a[0..3]*b[4]) + adcs $acc1,$acc1,$t1 + mul $mi,$acc0,$n0 // t[0]*n0 + adcs $acc2,$acc2,$t2 + umulh $t1,$a1,$bi + adcs $acc3,$acc3,$t3 + umulh $t2,$a2,$bi + adc $acc4,xzr,xzr + umulh $t3,$a3,$bi + ldr $bi,[$bp,$cnt] // next b[i] + adds $acc1,$acc1,$t0 + // (*) mul $t0,$m0,$mi + str $mi,[$tp],#8 // put aside t[0]*n0 for tail processing + adcs $acc2,$acc2,$t1 + mul $t1,$m1,$mi // lo(n[0..3]*t[0]*n0 + adcs $acc3,$acc3,$t2 + mul $t2,$m2,$mi + adc $acc4,$acc4,$t3 // can't overflow + mul $t3,$m3,$mi + // (*) adds xzr,$acc0,$t0 + subs xzr,$acc0,#1 // (*) + umulh $t0,$m0,$mi // hi(n[0..3]*t[0]*n0 + adcs $acc0,$acc1,$t1 + umulh $t1,$m1,$mi + adcs $acc1,$acc2,$t2 + umulh $t2,$m2,$mi + adcs $acc2,$acc3,$t3 + umulh $t3,$m3,$mi + adcs $acc3,$acc4,$carry + adc $carry,xzr,xzr + adds $acc0,$acc0,$t0 + adcs $acc1,$acc1,$t1 + adcs $acc2,$acc2,$t2 + adcs $acc3,$acc3,$t3 + //adc $carry,$carry,xzr + cbnz $cnt,.Loop_mul4x_reduction + + adc $carry,$carry,xzr + ldp $t0,$t1,[$tp,#8*4] // t[4..7] + ldp $t2,$t3,[$tp,#8*6] + ldp $a0,$a1,[$ap,#8*0] // a[4..7] + ldp $a2,$a3,[$ap,#8*2] + add $ap,$ap,#8*4 + adds $acc0,$acc0,$t0 + adcs $acc1,$acc1,$t1 + adcs $acc2,$acc2,$t2 + adcs $acc3,$acc3,$t3 + //adc $carry,$carry,xzr + + ldr $mi,[sp] // t[0]*n0 + ldp $m0,$m1,[$np,#8*0] // n[4..7] + ldp $m2,$m3,[$np,#8*2] + add $np,$np,#8*4 + +.align 4 +.Loop_mul4x_tail: + mul $t0,$a0,$bi // lo(a[4..7]*b[4]) + adc $carry,$carry,xzr // modulo-scheduled + mul $t1,$a1,$bi + add $cnt,$cnt,#8 + mul $t2,$a2,$bi + and $cnt,$cnt,#31 + mul $t3,$a3,$bi + adds $acc0,$acc0,$t0 + umulh $t0,$a0,$bi // hi(a[4..7]*b[4]) + adcs $acc1,$acc1,$t1 + umulh $t1,$a1,$bi + adcs $acc2,$acc2,$t2 + umulh $t2,$a2,$bi + adcs $acc3,$acc3,$t3 + umulh $t3,$a3,$bi + adc $acc4,xzr,xzr + ldr $bi,[$bp,$cnt] // next b[i] + adds $acc1,$acc1,$t0 + mul $t0,$m0,$mi // lo(n[4..7]*t[0]*n0) + adcs $acc2,$acc2,$t1 + mul $t1,$m1,$mi + adcs $acc3,$acc3,$t2 + mul $t2,$m2,$mi + adc $acc4,$acc4,$t3 // can't overflow + mul $t3,$m3,$mi + adds $acc0,$acc0,$t0 + umulh $t0,$m0,$mi // hi(n[4..7]*t[0]*n0) + adcs $acc1,$acc1,$t1 + umulh $t1,$m1,$mi + adcs $acc2,$acc2,$t2 + umulh $t2,$m2,$mi + adcs $acc3,$acc3,$t3 + umulh $t3,$m3,$mi + adcs $acc4,$acc4,$carry + ldr $mi,[sp,$cnt] // next a[0]*n0 + adc $carry,xzr,xzr + str $acc0,[$tp],#8 // result!!! + adds $acc0,$acc1,$t0 + sub $t0,$ap_end,$ap // done yet? + adcs $acc1,$acc2,$t1 + adcs $acc2,$acc3,$t2 + adcs $acc3,$acc4,$t3 + //adc $carry,$carry,xzr + cbnz $cnt,.Loop_mul4x_tail + + sub $t1,$np,$num // rewinded np? + adc $carry,$carry,xzr + cbz $t0,.Loop_mul4x_break + + ldp $t0,$t1,[$tp,#8*4] + ldp $t2,$t3,[$tp,#8*6] + ldp $a0,$a1,[$ap,#8*0] + ldp $a2,$a3,[$ap,#8*2] + add $ap,$ap,#8*4 + adds $acc0,$acc0,$t0 + adcs $acc1,$acc1,$t1 + adcs $acc2,$acc2,$t2 + adcs $acc3,$acc3,$t3 + //adc $carry,$carry,xzr + ldp $m0,$m1,[$np,#8*0] + ldp $m2,$m3,[$np,#8*2] + add $np,$np,#8*4 + b .Loop_mul4x_tail + +.align 4 +.Loop_mul4x_break: + ldp $t2,$t3,[x29,#96] // pull rp and &b[num] + adds $acc0,$acc0,$topmost + add $bp,$bp,#8*4 // bp++ + adcs $acc1,$acc1,xzr + sub $ap,$ap,$num // rewind ap + adcs $acc2,$acc2,xzr + stp $acc0,$acc1,[$tp,#8*0] // result!!! + adcs $acc3,$acc3,xzr + ldp $acc0,$acc1,[sp,#8*4] // t[0..3] + adc $topmost,$carry,xzr + stp $acc2,$acc3,[$tp,#8*2] // result!!! + cmp $bp,$t3 // done yet? + ldp $acc2,$acc3,[sp,#8*6] + ldp $m0,$m1,[$t1,#8*0] // n[0..3] + ldp $m2,$m3,[$t1,#8*2] + add $np,$t1,#8*4 + b.eq .Lmul4x_post + + ldr $bi,[$bp] + ldp $a0,$a1,[$ap,#8*0] // a[0..3] + ldp $a2,$a3,[$ap,#8*2] + adds $ap,$ap,#8*4 // clear carry bit + mov $carry,xzr + mov $tp,sp + b .Loop_mul4x_reduction + +.align 4 +.Lmul4x_post: + // Final step. We see if result is larger than modulus, and + // if it is, subtract the modulus. But comparison implies + // subtraction. So we subtract modulus, see if it borrowed, + // and conditionally copy original value. + mov $rp,$t2 + mov $ap_end,$t2 // $rp copy + subs $t0,$acc0,$m0 + add $tp,sp,#8*8 + sbcs $t1,$acc1,$m1 + sub $cnt,$num,#8*4 + +.Lmul4x_sub: + sbcs $t2,$acc2,$m2 + ldp $m0,$m1,[$np,#8*0] + sub $cnt,$cnt,#8*4 + ldp $acc0,$acc1,[$tp,#8*0] + sbcs $t3,$acc3,$m3 + ldp $m2,$m3,[$np,#8*2] + add $np,$np,#8*4 + ldp $acc2,$acc3,[$tp,#8*2] + add $tp,$tp,#8*4 + stp $t0,$t1,[$rp,#8*0] + sbcs $t0,$acc0,$m0 + stp $t2,$t3,[$rp,#8*2] + add $rp,$rp,#8*4 + sbcs $t1,$acc1,$m1 + cbnz $cnt,.Lmul4x_sub + + sbcs $t2,$acc2,$m2 + mov $tp,sp + add $ap,sp,#8*4 + ldp $a0,$a1,[$ap_end,#8*0] + sbcs $t3,$acc3,$m3 + stp $t0,$t1,[$rp,#8*0] + ldp $a2,$a3,[$ap_end,#8*2] + stp $t2,$t3,[$rp,#8*2] + ldp $acc0,$acc1,[$ap,#8*0] + ldp $acc2,$acc3,[$ap,#8*2] + sbcs xzr,$topmost,xzr // did it borrow? + ldr x30,[x29,#8] // pull return address + + sub $cnt,$num,#8*4 +.Lmul4x_cond_copy: + sub $cnt,$cnt,#8*4 + csel $t0,$acc0,$a0,lo + stp xzr,xzr,[$tp,#8*0] + csel $t1,$acc1,$a1,lo + ldp $a0,$a1,[$ap_end,#8*4] + ldp $acc0,$acc1,[$ap,#8*4] + csel $t2,$acc2,$a2,lo + stp xzr,xzr,[$tp,#8*2] + add $tp,$tp,#8*4 + csel $t3,$acc3,$a3,lo + ldp $a2,$a3,[$ap_end,#8*6] + ldp $acc2,$acc3,[$ap,#8*6] + add $ap,$ap,#8*4 + stp $t0,$t1,[$ap_end,#8*0] + stp $t2,$t3,[$ap_end,#8*2] + add $ap_end,$ap_end,#8*4 + cbnz $cnt,.Lmul4x_cond_copy + + csel $t0,$acc0,$a0,lo + stp xzr,xzr,[$tp,#8*0] + csel $t1,$acc1,$a1,lo + stp xzr,xzr,[$tp,#8*2] + csel $t2,$acc2,$a2,lo + stp xzr,xzr,[$tp,#8*3] + csel $t3,$acc3,$a3,lo + stp xzr,xzr,[$tp,#8*4] + stp $t0,$t1,[$ap_end,#8*0] + stp $t2,$t3,[$ap_end,#8*2] + + b .Lmul4x_done + +.align 4 +.Lmul4x4_post_condition: + adc $carry,$carry,xzr + ldr $ap,[x29,#96] // pull rp + // $acc0-3,$carry hold result, $m0-7 hold modulus + subs $a0,$acc0,$m0 + ldr x30,[x29,#8] // pull return address + sbcs $a1,$acc1,$m1 + stp xzr,xzr,[sp,#8*0] + sbcs $a2,$acc2,$m2 + stp xzr,xzr,[sp,#8*2] + sbcs $a3,$acc3,$m3 + stp xzr,xzr,[sp,#8*4] + sbcs xzr,$carry,xzr // did it borrow? + stp xzr,xzr,[sp,#8*6] + + // $a0-3 hold result-modulus + csel $a0,$acc0,$a0,lo + csel $a1,$acc1,$a1,lo + csel $a2,$acc2,$a2,lo + csel $a3,$acc3,$a3,lo + stp $a0,$a1,[$ap,#8*0] + stp $a2,$a3,[$ap,#8*2] + +.Lmul4x_done: + ldp x19,x20,[x29,#16] + mov sp,x29 + ldp x21,x22,[x29,#32] + mov x0,#1 + ldp x23,x24,[x29,#48] + ldp x25,x26,[x29,#64] + ldp x27,x28,[x29,#80] + ldr x29,[sp],#128 + ret +.size __bn_mul4x_mont,.-__bn_mul4x_mont +___ +} +$code.=<<___; +.asciz "Montgomery Multiplication for ARMv8, CRYPTOGAMS by <appro\@openssl.org>" +.align 4 +___ + +print $code; + +close STDOUT; diff --git a/deps/openssl/openssl/crypto/bn/asm/bn-586.pl b/deps/openssl/openssl/crypto/bn/asm/bn-586.pl index 332ef3e91d..1ca1bbf7d4 100644 --- a/deps/openssl/openssl/crypto/bn/asm/bn-586.pl +++ b/deps/openssl/openssl/crypto/bn/asm/bn-586.pl @@ -1,9 +1,19 @@ -#!/usr/local/bin/perl +#! /usr/bin/env perl +# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; +$output = pop; +open STDOUT,">$output"; + &asm_init($ARGV[0],$0); $sse2=0; @@ -21,6 +31,8 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &asm_finish(); +close STDOUT; + sub bn_mul_add_words { local($name)=@_; @@ -771,4 +783,3 @@ sub bn_sub_part_words &function_end($name); } - diff --git a/deps/openssl/openssl/crypto/bn/asm/bn-c64xplus.asm b/deps/openssl/openssl/crypto/bn/asm/bn-c64xplus.asm new file mode 100644 index 0000000000..de6d37728f --- /dev/null +++ b/deps/openssl/openssl/crypto/bn/asm/bn-c64xplus.asm @@ -0,0 +1,382 @@ +;; Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +;; +;; Licensed under the OpenSSL license (the "License"). You may not use +;; this file except in compliance with the License. You can obtain a copy +;; in the file LICENSE in the source distribution or at +;; https://www.openssl.org/source/license.html +;; +;;==================================================================== +;; Written by Andy Polyakov <appro@openssl.org> for the OpenSSL +;; project. +;; +;; Rights for redistribution and usage in source and binary forms are +;; granted according to the OpenSSL license. Warranty of any kind is +;; disclaimed. +;;==================================================================== +;; Compiler-generated multiply-n-add SPLOOP runs at 12*n cycles, n +;; being the number of 32-bit words, addition - 8*n. Corresponding 4x +;; unrolled SPLOOP-free loops - at ~8*n and ~5*n. Below assembler +;; SPLOOPs spin at ... 2*n cycles [plus epilogue]. +;;==================================================================== + .text + + .if .ASSEMBLER_VERSION<7000000 + .asg 0,__TI_EABI__ + .endif + .if __TI_EABI__ + .asg bn_mul_add_words,_bn_mul_add_words + .asg bn_mul_words,_bn_mul_words + .asg bn_sqr_words,_bn_sqr_words + .asg bn_add_words,_bn_add_words + .asg bn_sub_words,_bn_sub_words + .asg bn_div_words,_bn_div_words + .asg bn_sqr_comba8,_bn_sqr_comba8 + .asg bn_mul_comba8,_bn_mul_comba8 + .asg bn_sqr_comba4,_bn_sqr_comba4 + .asg bn_mul_comba4,_bn_mul_comba4 + .endif + + .asg B3,RA + .asg A4,ARG0 + .asg B4,ARG1 + .asg A6,ARG2 + .asg B6,ARG3 + .asg A8,ARG4 + .asg B8,ARG5 + .asg A4,RET + .asg A15,FP + .asg B14,DP + .asg B15,SP + + .global _bn_mul_add_words +_bn_mul_add_words: + .asmfunc + MV ARG2,B0 + [!B0] BNOP RA +||[!B0] MVK 0,RET + [B0] MVC B0,ILC + [B0] ZERO A19 ; high part of accumulator +|| [B0] MV ARG0,A2 +|| [B0] MV ARG3,A3 + NOP 3 + + SPLOOP 2 ; 2*n+10 +;;==================================================================== + LDW *ARG1++,B7 ; ap[i] + NOP 3 + LDW *ARG0++,A7 ; rp[i] + MPY32U B7,A3,A17:A16 + NOP 3 ; [2,0] in epilogue + ADDU A16,A7,A21:A20 + ADDU A19,A21:A20,A19:A18 +|| MV.S A17,A23 + SPKERNEL 2,1 ; leave slot for "return value" +|| STW A18,*A2++ ; rp[i] +|| ADD A19,A23,A19 +;;==================================================================== + BNOP RA,4 + MV A19,RET ; return value + .endasmfunc + + .global _bn_mul_words +_bn_mul_words: + .asmfunc + MV ARG2,B0 + [!B0] BNOP RA +||[!B0] MVK 0,RET + [B0] MVC B0,ILC + [B0] ZERO A19 ; high part of accumulator + NOP 3 + + SPLOOP 2 ; 2*n+10 +;;==================================================================== + LDW *ARG1++,A7 ; ap[i] + NOP 4 + MPY32U A7,ARG3,A17:A16 + NOP 4 ; [2,0] in epiloque + ADDU A19,A16,A19:A18 +|| MV.S A17,A21 + SPKERNEL 2,1 ; leave slot for "return value" +|| STW A18,*ARG0++ ; rp[i] +|| ADD.L A19,A21,A19 +;;==================================================================== + BNOP RA,4 + MV A19,RET ; return value + .endasmfunc + + .global _bn_sqr_words +_bn_sqr_words: + .asmfunc + MV ARG2,B0 + [!B0] BNOP RA +||[!B0] MVK 0,RET + [B0] MVC B0,ILC + [B0] MV ARG0,B2 +|| [B0] ADD 4,ARG0,ARG0 + NOP 3 + + SPLOOP 2 ; 2*n+10 +;;==================================================================== + LDW *ARG1++,B7 ; ap[i] + NOP 4 + MPY32U B7,B7,B1:B0 + NOP 3 ; [2,0] in epilogue + STW B0,*B2++(8) ; rp[2*i] + MV B1,A1 + SPKERNEL 2,0 ; fully overlap BNOP RA,5 +|| STW A1,*ARG0++(8) ; rp[2*i+1] +;;==================================================================== + BNOP RA,5 + .endasmfunc + + .global _bn_add_words +_bn_add_words: + .asmfunc + MV ARG3,B0 + [!B0] BNOP RA +||[!B0] MVK 0,RET + [B0] MVC B0,ILC + [B0] ZERO A1 ; carry flag +|| [B0] MV ARG0,A3 + NOP 3 + + SPLOOP 2 ; 2*n+6 +;;==================================================================== + LDW *ARG2++,A7 ; bp[i] +|| LDW *ARG1++,B7 ; ap[i] + NOP 4 + ADDU A7,B7,A9:A8 + ADDU A1,A9:A8,A1:A0 + SPKERNEL 0,0 ; fully overlap BNOP RA,5 +|| STW A0,*A3++ ; write result +|| MV A1,RET ; keep carry flag in RET +;;==================================================================== + BNOP RA,5 + .endasmfunc + + .global _bn_sub_words +_bn_sub_words: + .asmfunc + MV ARG3,B0 + [!B0] BNOP RA +||[!B0] MVK 0,RET + [B0] MVC B0,ILC + [B0] ZERO A2 ; borrow flag +|| [B0] MV ARG0,A3 + NOP 3 + + SPLOOP 2 ; 2*n+6 +;;==================================================================== + LDW *ARG2++,A7 ; bp[i] +|| LDW *ARG1++,B7 ; ap[i] + NOP 4 + SUBU B7,A7,A1:A0 + [A2] SUB A1:A0,1,A1:A0 + SPKERNEL 0,1 ; leave slot for "return borrow flag" +|| STW A0,*A3++ ; write result +|| AND 1,A1,A2 ; pass on borrow flag +;;==================================================================== + BNOP RA,4 + AND 1,A1,RET ; return borrow flag + .endasmfunc + + .global _bn_div_words +_bn_div_words: + .asmfunc + LMBD 1,A6,A0 ; leading zero bits in dv + LMBD 1,A4,A1 ; leading zero bits in hi +|| MVK 32,B0 + CMPLTU A1,A0,A2 +|| ADD A0,B0,B0 + [ A2] BNOP RA +||[ A2] MVK -1,A4 ; return overflow +||[!A2] MV A4,A3 ; reassign hi + [!A2] MV B4,A4 ; reassign lo, will be quotient +||[!A2] MVC B0,ILC + [!A2] SHL A6,A0,A6 ; normalize dv +|| MVK 1,A1 + + [!A2] CMPLTU A3,A6,A1 ; hi<dv? +||[!A2] SHL A4,1,A5:A4 ; lo<<1 + [!A1] SUB A3,A6,A3 ; hi-=dv +||[!A1] OR 1,A4,A4 + [!A2] SHRU A3,31,A1 ; upper bit +||[!A2] ADDAH A5,A3,A3 ; hi<<1|lo>>31 + + SPLOOP 3 + [!A1] CMPLTU A3,A6,A1 ; hi<dv? +||[ A1] ZERO A1 +|| SHL A4,1,A5:A4 ; lo<<1 + [!A1] SUB A3,A6,A3 ; hi-=dv +||[!A1] OR 1,A4,A4 ; quotient + SHRU A3,31,A1 ; upper bit +|| ADDAH A5,A3,A3 ; hi<<1|lo>>31 + SPKERNEL + + BNOP RA,5 + .endasmfunc + +;;==================================================================== +;; Not really Comba algorithm, just straightforward NxM... Dedicated +;; fully unrolled real Comba implementations are asymptotically 2x +;; faster, but naturally larger undertaking. Purpose of this exercise +;; was rather to learn to master nested SPLOOPs... +;;==================================================================== + .global _bn_sqr_comba8 + .global _bn_mul_comba8 +_bn_sqr_comba8: + MV ARG1,ARG2 +_bn_mul_comba8: + .asmfunc + MVK 8,B0 ; N, RILC +|| MVK 8,A0 ; M, outer loop counter +|| MV ARG1,A5 ; copy ap +|| MV ARG0,B4 ; copy rp +|| ZERO B19 ; high part of accumulator + MVC B0,RILC +|| SUB B0,2,B1 ; N-2, initial ILC +|| SUB B0,1,B2 ; const B2=N-1 +|| LDW *A5++,B6 ; ap[0] +|| MV A0,A3 ; const A3=M +sploopNxM?: ; for best performance arrange M<=N + [A0] SPLOOPD 2 ; 2*n+10 +|| MVC B1,ILC +|| ADDAW B4,B0,B5 +|| ZERO B7 +|| LDW *A5++,A9 ; pre-fetch ap[1] +|| ZERO A1 +|| SUB A0,1,A0 +;;==================================================================== +;; SPLOOP from bn_mul_add_words, but with flipped A<>B register files. +;; This is because of Advisory 15 from TI publication SPRZ247I. + LDW *ARG2++,A7 ; bp[i] + NOP 3 + [A1] LDW *B5++,B7 ; rp[i] + MPY32U A7,B6,B17:B16 + NOP 3 + ADDU B16,B7,B21:B20 + ADDU B19,B21:B20,B19:B18 +|| MV.S B17,B23 + SPKERNEL +|| STW B18,*B4++ ; rp[i] +|| ADD.S B19,B23,B19 +;;==================================================================== +outer?: ; m*2*(n+1)+10 + SUBAW ARG2,A3,ARG2 ; rewind bp to bp[0] + SPMASKR +|| CMPGT A0,1,A2 ; done pre-fetching ap[i+1]? + MVD A9,B6 ; move through .M unit(*) + [A2] LDW *A5++,A9 ; pre-fetch ap[i+1] + SUBAW B5,B2,B5 ; rewind rp to rp[1] + MVK 1,A1 + [A0] BNOP.S1 outer?,4 +|| [A0] SUB.L A0,1,A0 + STW B19,*B4--[B2] ; rewind rp tp rp[1] +|| ZERO.S B19 ; high part of accumulator +;; end of outer? + BNOP RA,5 ; return + .endasmfunc +;; (*) It should be noted that B6 is used as input to MPY32U in +;; chronologically next cycle in *preceding* SPLOOP iteration. +;; Normally such arrangement would require DINT, but at this +;; point SPLOOP is draining and interrupts are disabled +;; implicitly. + + .global _bn_sqr_comba4 + .global _bn_mul_comba4 +_bn_sqr_comba4: + MV ARG1,ARG2 +_bn_mul_comba4: + .asmfunc + .if 0 + BNOP sploopNxM?,3 + ;; Above mentioned m*2*(n+1)+10 does not apply in n=m=4 case, + ;; because of low-counter effect, when prologue phase finishes + ;; before SPKERNEL instruction is reached. As result it's 25% + ;; slower than expected... + MVK 4,B0 ; N, RILC +|| MVK 4,A0 ; M, outer loop counter +|| MV ARG1,A5 ; copy ap +|| MV ARG0,B4 ; copy rp +|| ZERO B19 ; high part of accumulator + MVC B0,RILC +|| SUB B0,2,B1 ; first ILC +|| SUB B0,1,B2 ; const B2=N-1 +|| LDW *A5++,B6 ; ap[0] +|| MV A0,A3 ; const A3=M + .else + ;; This alternative is an exercise in fully unrolled Comba + ;; algorithm implementation that operates at n*(n+1)+12, or + ;; as little as 32 cycles... + LDW *ARG1[0],B16 ; a[0] +|| LDW *ARG2[0],A16 ; b[0] + LDW *ARG1[1],B17 ; a[1] +|| LDW *ARG2[1],A17 ; b[1] + LDW *ARG1[2],B18 ; a[2] +|| LDW *ARG2[2],A18 ; b[2] + LDW *ARG1[3],B19 ; a[3] +|| LDW *ARG2[3],A19 ; b[3] + NOP + MPY32U A16,B16,A1:A0 ; a[0]*b[0] + MPY32U A17,B16,A23:A22 ; a[0]*b[1] + MPY32U A16,B17,A25:A24 ; a[1]*b[0] + MPY32U A16,B18,A27:A26 ; a[2]*b[0] + STW A0,*ARG0[0] +|| MPY32U A17,B17,A29:A28 ; a[1]*b[1] + MPY32U A18,B16,A31:A30 ; a[0]*b[2] +|| ADDU A22,A1,A1:A0 + MV A23,B0 +|| MPY32U A19,B16,A21:A20 ; a[3]*b[0] +|| ADDU A24,A1:A0,A1:A0 + ADDU A25,B0,B1:B0 +|| STW A0,*ARG0[1] +|| MPY32U A18,B17,A23:A22 ; a[2]*b[1] +|| ADDU A26,A1,A9:A8 + ADDU A27,B1,B9:B8 +|| MPY32U A17,B18,A25:A24 ; a[1]*b[2] +|| ADDU A28,A9:A8,A9:A8 + ADDU A29,B9:B8,B9:B8 +|| MPY32U A16,B19,A27:A26 ; a[0]*b[3] +|| ADDU A30,A9:A8,A9:A8 + ADDU A31,B9:B8,B9:B8 +|| ADDU B0,A9:A8,A9:A8 + STW A8,*ARG0[2] +|| ADDU A20,A9,A1:A0 + ADDU A21,B9,B1:B0 +|| MPY32U A19,B17,A21:A20 ; a[3]*b[1] +|| ADDU A22,A1:A0,A1:A0 + ADDU A23,B1:B0,B1:B0 +|| MPY32U A18,B18,A23:A22 ; a[2]*b[2] +|| ADDU A24,A1:A0,A1:A0 + ADDU A25,B1:B0,B1:B0 +|| MPY32U A17,B19,A25:A24 ; a[1]*b[3] +|| ADDU A26,A1:A0,A1:A0 + ADDU A27,B1:B0,B1:B0 +|| ADDU B8,A1:A0,A1:A0 + STW A0,*ARG0[3] +|| MPY32U A19,B18,A27:A26 ; a[3]*b[2] +|| ADDU A20,A1,A9:A8 + ADDU A21,B1,B9:B8 +|| MPY32U A18,B19,A29:A28 ; a[2]*b[3] +|| ADDU A22,A9:A8,A9:A8 + ADDU A23,B9:B8,B9:B8 +|| MPY32U A19,B19,A31:A30 ; a[3]*b[3] +|| ADDU A24,A9:A8,A9:A8 + ADDU A25,B9:B8,B9:B8 +|| ADDU B0,A9:A8,A9:A8 + STW A8,*ARG0[4] +|| ADDU A26,A9,A1:A0 + ADDU A27,B9,B1:B0 +|| ADDU A28,A1:A0,A1:A0 + ADDU A29,B1:B0,B1:B0 +|| BNOP RA +|| ADDU B8,A1:A0,A1:A0 + STW A0,*ARG0[5] +|| ADDU A30,A1,A9:A8 + ADD A31,B1,B8 + ADDU B0,A9:A8,A9:A8 ; removed || to avoid cross-path stall below + ADD B8,A9,A9 +|| STW A8,*ARG0[6] + STW A9,*ARG0[7] + .endif + .endasmfunc diff --git a/deps/openssl/openssl/crypto/bn/asm/c64xplus-gf2m.pl b/deps/openssl/openssl/crypto/bn/asm/c64xplus-gf2m.pl new file mode 100644 index 0000000000..c0e5400807 --- /dev/null +++ b/deps/openssl/openssl/crypto/bn/asm/c64xplus-gf2m.pl @@ -0,0 +1,160 @@ +#! /usr/bin/env perl +# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# +# ==================================================================== +# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# February 2012 +# +# The module implements bn_GF2m_mul_2x2 polynomial multiplication +# used in bn_gf2m.c. It's kind of low-hanging mechanical port from +# C for the time being... The subroutine runs in 37 cycles, which is +# 4.5x faster than compiler-generated code. Though comparison is +# totally unfair, because this module utilizes Galois Field Multiply +# instruction. + +while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} +open STDOUT,">$output"; + +($rp,$a1,$a0,$b1,$b0)=("A4","B4","A6","B6","A8"); # argument vector + +($Alo,$Alox0,$Alox1,$Alox2,$Alox3)=map("A$_",(16..20)); +($Ahi,$Ahix0,$Ahix1,$Ahix2,$Ahix3)=map("B$_",(16..20)); +($B_0,$B_1,$B_2,$B_3)=("B5","A5","A7","B7"); +($A,$B)=($Alo,$B_1); +$xFF="B1"; + +sub mul_1x1_upper { +my ($A,$B)=@_; +$code.=<<___; + EXTU $B,8,24,$B_2 ; smash $B to 4 bytes +|| AND $B,$xFF,$B_0 +|| SHRU $B,24,$B_3 + SHRU $A,16, $Ahi ; smash $A to two halfwords +|| EXTU $A,16,16,$Alo + + XORMPY $Alo,$B_2,$Alox2 ; 16x8 bits muliplication +|| XORMPY $Ahi,$B_2,$Ahix2 +|| EXTU $B,16,24,$B_1 + XORMPY $Alo,$B_0,$Alox0 +|| XORMPY $Ahi,$B_0,$Ahix0 + XORMPY $Alo,$B_3,$Alox3 +|| XORMPY $Ahi,$B_3,$Ahix3 + XORMPY $Alo,$B_1,$Alox1 +|| XORMPY $Ahi,$B_1,$Ahix1 +___ +} +sub mul_1x1_merged { +my ($OUTlo,$OUThi,$A,$B)=@_; +$code.=<<___; + EXTU $B,8,24,$B_2 ; smash $B to 4 bytes +|| AND $B,$xFF,$B_0 +|| SHRU $B,24,$B_3 + SHRU $A,16, $Ahi ; smash $A to two halfwords +|| EXTU $A,16,16,$Alo + + XOR $Ahix0,$Alox2,$Ahix0 +|| MV $Ahix2,$OUThi +|| XORMPY $Alo,$B_2,$Alox2 + XORMPY $Ahi,$B_2,$Ahix2 +|| EXTU $B,16,24,$B_1 +|| XORMPY $Alo,$B_0,A1 ; $Alox0 + XOR $Ahix1,$Alox3,$Ahix1 +|| SHL $Ahix0,16,$OUTlo +|| SHRU $Ahix0,16,$Ahix0 + XOR $Alox0,$OUTlo,$OUTlo +|| XOR $Ahix0,$OUThi,$OUThi +|| XORMPY $Ahi,$B_0,$Ahix0 +|| XORMPY $Alo,$B_3,$Alox3 +|| SHL $Alox1,8,$Alox1 +|| SHL $Ahix3,8,$Ahix3 + XOR $Alox1,$OUTlo,$OUTlo +|| XOR $Ahix3,$OUThi,$OUThi +|| XORMPY $Ahi,$B_3,$Ahix3 +|| SHL $Ahix1,24,$Alox1 +|| SHRU $Ahix1,8, $Ahix1 + XOR $Alox1,$OUTlo,$OUTlo +|| XOR $Ahix1,$OUThi,$OUThi +|| XORMPY $Alo,$B_1,$Alox1 +|| XORMPY $Ahi,$B_1,$Ahix1 +|| MV A1,$Alox0 +___ +} +sub mul_1x1_lower { +my ($OUTlo,$OUThi)=@_; +$code.=<<___; + ;NOP + XOR $Ahix0,$Alox2,$Ahix0 +|| MV $Ahix2,$OUThi + NOP + XOR $Ahix1,$Alox3,$Ahix1 +|| SHL $Ahix0,16,$OUTlo +|| SHRU $Ahix0,16,$Ahix0 + XOR $Alox0,$OUTlo,$OUTlo +|| XOR $Ahix0,$OUThi,$OUThi +|| SHL $Alox1,8,$Alox1 +|| SHL $Ahix3,8,$Ahix3 + XOR $Alox1,$OUTlo,$OUTlo +|| XOR $Ahix3,$OUThi,$OUThi +|| SHL $Ahix1,24,$Alox1 +|| SHRU $Ahix1,8, $Ahix1 + XOR $Alox1,$OUTlo,$OUTlo +|| XOR $Ahix1,$OUThi,$OUThi +___ +} +$code.=<<___; + .text + + .if .ASSEMBLER_VERSION<7000000 + .asg 0,__TI_EABI__ + .endif + .if __TI_EABI__ + .asg bn_GF2m_mul_2x2,_bn_GF2m_mul_2x2 + .endif + + .global _bn_GF2m_mul_2x2 +_bn_GF2m_mul_2x2: + .asmfunc + MVK 0xFF,$xFF +___ + &mul_1x1_upper($a0,$b0); # a0·b0 +$code.=<<___; +|| MV $b1,$B + MV $a1,$A +___ + &mul_1x1_merged("A28","B28",$A,$B); # a0·b0/a1·b1 +$code.=<<___; +|| XOR $b0,$b1,$B + XOR $a0,$a1,$A +___ + &mul_1x1_merged("A31","B31",$A,$B); # a1·b1/(a0+a1)·(b0+b1) +$code.=<<___; + XOR A28,A31,A29 +|| XOR B28,B31,B29 ; a0·b0+a1·b1 +___ + &mul_1x1_lower("A30","B30"); # (a0+a1)·(b0+b1) +$code.=<<___; +|| BNOP B3 + XOR A29,A30,A30 +|| XOR B29,B30,B30 ; (a0+a1)·(b0+b1)-a0·b0-a1·b1 + XOR B28,A30,A30 +|| STW A28,*${rp}[0] + XOR B30,A31,A31 +|| STW A30,*${rp}[1] + STW A31,*${rp}[2] + STW B31,*${rp}[3] + .endasmfunc +___ + +print $code; +close STDOUT; diff --git a/deps/openssl/openssl/crypto/bn/asm/co-586.pl b/deps/openssl/openssl/crypto/bn/asm/co-586.pl index 57101a6bd7..60d0363660 100644 --- a/deps/openssl/openssl/crypto/bn/asm/co-586.pl +++ b/deps/openssl/openssl/crypto/bn/asm/co-586.pl @@ -1,9 +1,18 @@ -#!/usr/local/bin/perl +#! /usr/bin/env perl +# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; +$output = pop; +open STDOUT,">$output"; + &asm_init($ARGV[0],$0); &bn_mul_comba("bn_mul_comba8",8); @@ -13,6 +22,8 @@ require "x86asm.pl"; &asm_finish(); +close STDOUT; + sub mul_add_c { local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_; diff --git a/deps/openssl/openssl/crypto/bn/asm/ia64-mont.pl b/deps/openssl/openssl/crypto/bn/asm/ia64-mont.pl index e258658428..5cc5c599f9 100644 --- a/deps/openssl/openssl/crypto/bn/asm/ia64-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/ia64-mont.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # # ==================================================================== # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL @@ -60,6 +67,8 @@ # hereafter less for longer keys, while verify - by 74-13%. # DSA performance improves by 115-30%. +$output=pop; + if ($^O eq "hpux") { $ADDP="addp4"; for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); } @@ -846,6 +855,6 @@ copyright: stringz "Montgomery multiplication for IA-64, CRYPTOGAMS by <appro\@openssl.org>" ___ -$output=shift and open STDOUT,">$output"; +open STDOUT,">$output" if $output; print $code; close STDOUT; diff --git a/deps/openssl/openssl/crypto/bn/asm/ia64.S b/deps/openssl/openssl/crypto/bn/asm/ia64.S index a9a42abfc3..f2404a3c1e 100644 --- a/deps/openssl/openssl/crypto/bn/asm/ia64.S +++ b/deps/openssl/openssl/crypto/bn/asm/ia64.S @@ -3,6 +3,13 @@ .ident "ia64.S, Version 2.1" .ident "IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>" +// Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +// +// Licensed under the OpenSSL license (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy +// in the file LICENSE in the source distribution or at +// https://www.openssl.org/source/license.html + // // ==================================================================== // Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL @@ -22,7 +29,7 @@ // ports is the same, i.e. 2, while I need 4. In other words, to this // module Itanium2 remains effectively as "wide" as Itanium. Yet it's // essentially different in respect to this module, and a re-tune was -// required. Well, because some intruction latencies has changed. Most +// required. Well, because some instruction latencies has changed. Most // noticeably those intensively used: // // Itanium Itanium2 @@ -363,7 +370,7 @@ bn_mul_words: // The loop therefore spins at the latency of xma minus 1, or in other // words at 6*(n+4) ticks:-( Compare to the "production" loop above // that runs in 2*(n+11) where the low latency problem is worked around -// by moving the dependency to one-tick latent interger ALU. Note that +// by moving the dependency to one-tick latent integer ALU. Note that // "distance" between ldf8 and xma is not latency of ldf8, but the // *difference* between xma and ldf8 latencies. .L_bn_mul_words_ctop: @@ -425,7 +432,7 @@ bn_mul_add_words: // version was performing *all* additions in IALU and was starving // for those even on Itanium 2. In this version one addition is // moved to FPU and is folded with multiplication. This is at cost -// of propogating the result from previous call to this subroutine +// of propagating the result from previous call to this subroutine // to L2 cache... In other words negligible even for shorter keys. // *Overall* performance improvement [over previous version] varies // from 11 to 22 percent depending on key length. @@ -495,7 +502,7 @@ bn_sqr_words: // scalability. The decision will very likely be reconsidered after the // benchmark program is profiled. I.e. if perfomance gain on Itanium // will appear larger than loss on "wider" IA-64, then the loop should -// be explicitely split and the epilogue compressed. +// be explicitly split and the epilogue compressed. .L_bn_sqr_words_ctop: { .mfi; (p16) ldf8 f32=[r33],8 (p25) xmpy.lu f42=f41,f41 diff --git a/deps/openssl/openssl/crypto/bn/asm/mips-mont.pl b/deps/openssl/openssl/crypto/bn/asm/mips-mont.pl index a33cdf4111..a907571bec 100644 --- a/deps/openssl/openssl/crypto/bn/asm/mips-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/mips-mont.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # # ==================================================================== # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL @@ -67,7 +74,7 @@ $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0x00fff000 : 0x00ff0000; # ###################################################################### -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} open STDOUT,">$output"; if ($flavour =~ /64|n32/i) { diff --git a/deps/openssl/openssl/crypto/bn/asm/mips.pl b/deps/openssl/openssl/crypto/bn/asm/mips.pl index acafde5e56..420f01f3a4 100644 --- a/deps/openssl/openssl/crypto/bn/asm/mips.pl +++ b/deps/openssl/openssl/crypto/bn/asm/mips.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # # ==================================================================== # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL @@ -15,7 +22,7 @@ # This is drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c. # # The module is designed to work with either of the "new" MIPS ABI(5), -# namely N32 or N64, offered by IRIX 6.x. It's not ment to work under +# namely N32 or N64, offered by IRIX 6.x. It's not meant to work under # IRIX 5.x not only because it doesn't support new ABIs but also # because 5.x kernels put R4x00 CPU into 32-bit mode and all those # 64-bit instructions (daddu, dmultu, etc.) found below gonna only @@ -49,7 +56,7 @@ # key length, more for longer keys. $flavour = shift || "o32"; -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} open STDOUT,">$output"; if ($flavour =~ /64|n32/i) { diff --git a/deps/openssl/openssl/crypto/bn/asm/mips3-mont.pl b/deps/openssl/openssl/crypto/bn/asm/mips3-mont.pl deleted file mode 100644 index 8f9156e02a..0000000000 --- a/deps/openssl/openssl/crypto/bn/asm/mips3-mont.pl +++ /dev/null @@ -1,327 +0,0 @@ -#!/usr/bin/env perl -# -# ==================================================================== -# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# This module doesn't present direct interest for OpenSSL, because it -# doesn't provide better performance for longer keys. While 512-bit -# RSA private key operations are 40% faster, 1024-bit ones are hardly -# faster at all, while longer key operations are slower by up to 20%. -# It might be of interest to embedded system developers though, as -# it's smaller than 1KB, yet offers ~3x improvement over compiler -# generated code. -# -# The module targets N32 and N64 MIPS ABIs and currently is a bit -# IRIX-centric, i.e. is likely to require adaptation for other OSes. - -# int bn_mul_mont( -$rp="a0"; # BN_ULONG *rp, -$ap="a1"; # const BN_ULONG *ap, -$bp="a2"; # const BN_ULONG *bp, -$np="a3"; # const BN_ULONG *np, -$n0="a4"; # const BN_ULONG *n0, -$num="a5"; # int num); - -$lo0="a6"; -$hi0="a7"; -$lo1="v0"; -$hi1="v1"; -$aj="t0"; -$bi="t1"; -$nj="t2"; -$tp="t3"; -$alo="s0"; -$ahi="s1"; -$nlo="s2"; -$nhi="s3"; -$tj="s4"; -$i="s5"; -$j="s6"; -$fp="t8"; -$m1="t9"; - -$FRAME=8*(2+8); - -$code=<<___; -#include <asm.h> -#include <regdef.h> - -.text - -.set noat -.set reorder - -.align 5 -.globl bn_mul_mont -.ent bn_mul_mont -bn_mul_mont: - .set noreorder - PTR_SUB sp,64 - move $fp,sp - .frame $fp,64,ra - slt AT,$num,4 - li v0,0 - beqzl AT,.Lproceed - nop - jr ra - PTR_ADD sp,$fp,64 - .set reorder -.align 5 -.Lproceed: - ld $n0,0($n0) - ld $bi,0($bp) # bp[0] - ld $aj,0($ap) # ap[0] - ld $nj,0($np) # np[0] - PTR_SUB sp,16 # place for two extra words - sll $num,3 - li AT,-4096 - PTR_SUB sp,$num - and sp,AT - - sd s0,0($fp) - sd s1,8($fp) - sd s2,16($fp) - sd s3,24($fp) - sd s4,32($fp) - sd s5,40($fp) - sd s6,48($fp) - sd s7,56($fp) - - dmultu $aj,$bi - ld $alo,8($ap) - ld $nlo,8($np) - mflo $lo0 - mfhi $hi0 - dmultu $lo0,$n0 - mflo $m1 - - dmultu $alo,$bi - mflo $alo - mfhi $ahi - - dmultu $nj,$m1 - mflo $lo1 - mfhi $hi1 - dmultu $nlo,$m1 - daddu $lo1,$lo0 - sltu AT,$lo1,$lo0 - daddu $hi1,AT - mflo $nlo - mfhi $nhi - - move $tp,sp - li $j,16 -.align 4 -.L1st: - .set noreorder - PTR_ADD $aj,$ap,$j - ld $aj,($aj) - PTR_ADD $nj,$np,$j - ld $nj,($nj) - - dmultu $aj,$bi - daddu $lo0,$alo,$hi0 - daddu $lo1,$nlo,$hi1 - sltu AT,$lo0,$hi0 - sltu s7,$lo1,$hi1 - daddu $hi0,$ahi,AT - daddu $hi1,$nhi,s7 - mflo $alo - mfhi $ahi - - daddu $lo1,$lo0 - sltu AT,$lo1,$lo0 - dmultu $nj,$m1 - daddu $hi1,AT - addu $j,8 - sd $lo1,($tp) - sltu s7,$j,$num - mflo $nlo - mfhi $nhi - - bnez s7,.L1st - PTR_ADD $tp,8 - .set reorder - - daddu $lo0,$alo,$hi0 - sltu AT,$lo0,$hi0 - daddu $hi0,$ahi,AT - - daddu $lo1,$nlo,$hi1 - sltu s7,$lo1,$hi1 - daddu $hi1,$nhi,s7 - daddu $lo1,$lo0 - sltu AT,$lo1,$lo0 - daddu $hi1,AT - - sd $lo1,($tp) - - daddu $hi1,$hi0 - sltu AT,$hi1,$hi0 - sd $hi1,8($tp) - sd AT,16($tp) - - li $i,8 -.align 4 -.Louter: - PTR_ADD $bi,$bp,$i - ld $bi,($bi) - ld $aj,($ap) - ld $alo,8($ap) - ld $tj,(sp) - - dmultu $aj,$bi - ld $nj,($np) - ld $nlo,8($np) - mflo $lo0 - mfhi $hi0 - daddu $lo0,$tj - dmultu $lo0,$n0 - sltu AT,$lo0,$tj - daddu $hi0,AT - mflo $m1 - - dmultu $alo,$bi - mflo $alo - mfhi $ahi - - dmultu $nj,$m1 - mflo $lo1 - mfhi $hi1 - - dmultu $nlo,$m1 - daddu $lo1,$lo0 - sltu AT,$lo1,$lo0 - daddu $hi1,AT - mflo $nlo - mfhi $nhi - - move $tp,sp - li $j,16 - ld $tj,8($tp) -.align 4 -.Linner: - .set noreorder - PTR_ADD $aj,$ap,$j - ld $aj,($aj) - PTR_ADD $nj,$np,$j - ld $nj,($nj) - - dmultu $aj,$bi - daddu $lo0,$alo,$hi0 - daddu $lo1,$nlo,$hi1 - sltu AT,$lo0,$hi0 - sltu s7,$lo1,$hi1 - daddu $hi0,$ahi,AT - daddu $hi1,$nhi,s7 - mflo $alo - mfhi $ahi - - daddu $lo0,$tj - addu $j,8 - dmultu $nj,$m1 - sltu AT,$lo0,$tj - daddu $lo1,$lo0 - daddu $hi0,AT - sltu s7,$lo1,$lo0 - ld $tj,16($tp) - daddu $hi1,s7 - sltu AT,$j,$num - mflo $nlo - mfhi $nhi - sd $lo1,($tp) - bnez AT,.Linner - PTR_ADD $tp,8 - .set reorder - - daddu $lo0,$alo,$hi0 - sltu AT,$lo0,$hi0 - daddu $hi0,$ahi,AT - daddu $lo0,$tj - sltu s7,$lo0,$tj - daddu $hi0,s7 - - ld $tj,16($tp) - daddu $lo1,$nlo,$hi1 - sltu AT,$lo1,$hi1 - daddu $hi1,$nhi,AT - daddu $lo1,$lo0 - sltu s7,$lo1,$lo0 - daddu $hi1,s7 - sd $lo1,($tp) - - daddu $lo1,$hi1,$hi0 - sltu $hi1,$lo1,$hi0 - daddu $lo1,$tj - sltu AT,$lo1,$tj - daddu $hi1,AT - sd $lo1,8($tp) - sd $hi1,16($tp) - - addu $i,8 - sltu s7,$i,$num - bnez s7,.Louter - - .set noreorder - PTR_ADD $tj,sp,$num # &tp[num] - move $tp,sp - move $ap,sp - li $hi0,0 # clear borrow bit - -.align 4 -.Lsub: ld $lo0,($tp) - ld $lo1,($np) - PTR_ADD $tp,8 - PTR_ADD $np,8 - dsubu $lo1,$lo0,$lo1 # tp[i]-np[i] - sgtu AT,$lo1,$lo0 - dsubu $lo0,$lo1,$hi0 - sgtu $hi0,$lo0,$lo1 - sd $lo0,($rp) - or $hi0,AT - sltu AT,$tp,$tj - bnez AT,.Lsub - PTR_ADD $rp,8 - - dsubu $hi0,$hi1,$hi0 # handle upmost overflow bit - move $tp,sp - PTR_SUB $rp,$num # restore rp - not $hi1,$hi0 - - and $ap,$hi0,sp - and $bp,$hi1,$rp - or $ap,$ap,$bp # ap=borrow?tp:rp - -.align 4 -.Lcopy: ld $aj,($ap) - PTR_ADD $ap,8 - PTR_ADD $tp,8 - sd zero,-8($tp) - sltu AT,$tp,$tj - sd $aj,($rp) - bnez AT,.Lcopy - PTR_ADD $rp,8 - - ld s0,0($fp) - ld s1,8($fp) - ld s2,16($fp) - ld s3,24($fp) - ld s4,32($fp) - ld s5,40($fp) - ld s6,48($fp) - ld s7,56($fp) - li v0,1 - jr ra - PTR_ADD sp,$fp,64 - .set reorder -END(bn_mul_mont) -.rdata -.asciiz "Montgomery Multiplication for MIPS III/IV, CRYPTOGAMS by <appro\@openssl.org>" -___ - -print $code; -close STDOUT; diff --git a/deps/openssl/openssl/crypto/bn/asm/mips3.s b/deps/openssl/openssl/crypto/bn/asm/mips3.s deleted file mode 100644 index dca4105c7d..0000000000 --- a/deps/openssl/openssl/crypto/bn/asm/mips3.s +++ /dev/null @@ -1,2201 +0,0 @@ -.rdata -.asciiz "mips3.s, Version 1.1" -.asciiz "MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>" - -/* - * ==================================================================== - * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL - * project. - * - * Rights for redistribution and usage in source and binary forms are - * granted according to the OpenSSL license. Warranty of any kind is - * disclaimed. - * ==================================================================== - */ - -/* - * This is my modest contributon to the OpenSSL project (see - * http://www.openssl.org/ for more information about it) and is - * a drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c - * module. For updates see http://fy.chalmers.se/~appro/hpe/. - * - * The module is designed to work with either of the "new" MIPS ABI(5), - * namely N32 or N64, offered by IRIX 6.x. It's not ment to work under - * IRIX 5.x not only because it doesn't support new ABIs but also - * because 5.x kernels put R4x00 CPU into 32-bit mode and all those - * 64-bit instructions (daddu, dmultu, etc.) found below gonna only - * cause illegal instruction exception:-( - * - * In addition the code depends on preprocessor flags set up by MIPSpro - * compiler driver (either as or cc) and therefore (probably?) can't be - * compiled by the GNU assembler. GNU C driver manages fine though... - * I mean as long as -mmips-as is specified or is the default option, - * because then it simply invokes /usr/bin/as which in turn takes - * perfect care of the preprocessor definitions. Another neat feature - * offered by the MIPSpro assembler is an optimization pass. This gave - * me the opportunity to have the code looking more regular as all those - * architecture dependent instruction rescheduling details were left to - * the assembler. Cool, huh? - * - * Performance improvement is astonishing! 'apps/openssl speed rsa dsa' - * goes way over 3 times faster! - * - * <appro@fy.chalmers.se> - */ -#include <asm.h> -#include <regdef.h> - -#if _MIPS_ISA>=4 -#define MOVNZ(cond,dst,src) \ - movn dst,src,cond -#else -#define MOVNZ(cond,dst,src) \ - .set noreorder; \ - bnezl cond,.+8; \ - move dst,src; \ - .set reorder -#endif - -.text - -.set noat -.set reorder - -#define MINUS4 v1 - -.align 5 -LEAF(bn_mul_add_words) - .set noreorder - bgtzl a2,.L_bn_mul_add_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_mul_add_words_proceed: - li MINUS4,-4 - and ta0,a2,MINUS4 - move v0,zero - beqz ta0,.L_bn_mul_add_words_tail - -.L_bn_mul_add_words_loop: - dmultu t0,a3 - ld t1,0(a0) - ld t2,8(a1) - ld t3,8(a0) - ld ta0,16(a1) - ld ta1,16(a0) - daddu t1,v0 - sltu v0,t1,v0 /* All manuals say it "compares 32-bit - * values", but it seems to work fine - * even on 64-bit registers. */ - mflo AT - mfhi t0 - daddu t1,AT - daddu v0,t0 - sltu AT,t1,AT - sd t1,0(a0) - daddu v0,AT - - dmultu t2,a3 - ld ta2,24(a1) - ld ta3,24(a0) - daddu t3,v0 - sltu v0,t3,v0 - mflo AT - mfhi t2 - daddu t3,AT - daddu v0,t2 - sltu AT,t3,AT - sd t3,8(a0) - daddu v0,AT - - dmultu ta0,a3 - subu a2,4 - PTR_ADD a0,32 - PTR_ADD a1,32 - daddu ta1,v0 - sltu v0,ta1,v0 - mflo AT - mfhi ta0 - daddu ta1,AT - daddu v0,ta0 - sltu AT,ta1,AT - sd ta1,-16(a0) - daddu v0,AT - - - dmultu ta2,a3 - and ta0,a2,MINUS4 - daddu ta3,v0 - sltu v0,ta3,v0 - mflo AT - mfhi ta2 - daddu ta3,AT - daddu v0,ta2 - sltu AT,ta3,AT - sd ta3,-8(a0) - daddu v0,AT - .set noreorder - bgtzl ta0,.L_bn_mul_add_words_loop - ld t0,0(a1) - - bnezl a2,.L_bn_mul_add_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_mul_add_words_return: - jr ra - -.L_bn_mul_add_words_tail: - dmultu t0,a3 - ld t1,0(a0) - subu a2,1 - daddu t1,v0 - sltu v0,t1,v0 - mflo AT - mfhi t0 - daddu t1,AT - daddu v0,t0 - sltu AT,t1,AT - sd t1,0(a0) - daddu v0,AT - beqz a2,.L_bn_mul_add_words_return - - ld t0,8(a1) - dmultu t0,a3 - ld t1,8(a0) - subu a2,1 - daddu t1,v0 - sltu v0,t1,v0 - mflo AT - mfhi t0 - daddu t1,AT - daddu v0,t0 - sltu AT,t1,AT - sd t1,8(a0) - daddu v0,AT - beqz a2,.L_bn_mul_add_words_return - - ld t0,16(a1) - dmultu t0,a3 - ld t1,16(a0) - daddu t1,v0 - sltu v0,t1,v0 - mflo AT - mfhi t0 - daddu t1,AT - daddu v0,t0 - sltu AT,t1,AT - sd t1,16(a0) - daddu v0,AT - jr ra -END(bn_mul_add_words) - -.align 5 -LEAF(bn_mul_words) - .set noreorder - bgtzl a2,.L_bn_mul_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_mul_words_proceed: - li MINUS4,-4 - and ta0,a2,MINUS4 - move v0,zero - beqz ta0,.L_bn_mul_words_tail - -.L_bn_mul_words_loop: - dmultu t0,a3 - ld t2,8(a1) - ld ta0,16(a1) - ld ta2,24(a1) - mflo AT - mfhi t0 - daddu v0,AT - sltu t1,v0,AT - sd v0,0(a0) - daddu v0,t1,t0 - - dmultu t2,a3 - subu a2,4 - PTR_ADD a0,32 - PTR_ADD a1,32 - mflo AT - mfhi t2 - daddu v0,AT - sltu t3,v0,AT - sd v0,-24(a0) - daddu v0,t3,t2 - - dmultu ta0,a3 - mflo AT - mfhi ta0 - daddu v0,AT - sltu ta1,v0,AT - sd v0,-16(a0) - daddu v0,ta1,ta0 - - - dmultu ta2,a3 - and ta0,a2,MINUS4 - mflo AT - mfhi ta2 - daddu v0,AT - sltu ta3,v0,AT - sd v0,-8(a0) - daddu v0,ta3,ta2 - .set noreorder - bgtzl ta0,.L_bn_mul_words_loop - ld t0,0(a1) - - bnezl a2,.L_bn_mul_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_mul_words_return: - jr ra - -.L_bn_mul_words_tail: - dmultu t0,a3 - subu a2,1 - mflo AT - mfhi t0 - daddu v0,AT - sltu t1,v0,AT - sd v0,0(a0) - daddu v0,t1,t0 - beqz a2,.L_bn_mul_words_return - - ld t0,8(a1) - dmultu t0,a3 - subu a2,1 - mflo AT - mfhi t0 - daddu v0,AT - sltu t1,v0,AT - sd v0,8(a0) - daddu v0,t1,t0 - beqz a2,.L_bn_mul_words_return - - ld t0,16(a1) - dmultu t0,a3 - mflo AT - mfhi t0 - daddu v0,AT - sltu t1,v0,AT - sd v0,16(a0) - daddu v0,t1,t0 - jr ra -END(bn_mul_words) - -.align 5 -LEAF(bn_sqr_words) - .set noreorder - bgtzl a2,.L_bn_sqr_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_sqr_words_proceed: - li MINUS4,-4 - and ta0,a2,MINUS4 - move v0,zero - beqz ta0,.L_bn_sqr_words_tail - -.L_bn_sqr_words_loop: - dmultu t0,t0 - ld t2,8(a1) - ld ta0,16(a1) - ld ta2,24(a1) - mflo t1 - mfhi t0 - sd t1,0(a0) - sd t0,8(a0) - - dmultu t2,t2 - subu a2,4 - PTR_ADD a0,64 - PTR_ADD a1,32 - mflo t3 - mfhi t2 - sd t3,-48(a0) - sd t2,-40(a0) - - dmultu ta0,ta0 - mflo ta1 - mfhi ta0 - sd ta1,-32(a0) - sd ta0,-24(a0) - - - dmultu ta2,ta2 - and ta0,a2,MINUS4 - mflo ta3 - mfhi ta2 - sd ta3,-16(a0) - sd ta2,-8(a0) - - .set noreorder - bgtzl ta0,.L_bn_sqr_words_loop - ld t0,0(a1) - - bnezl a2,.L_bn_sqr_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_sqr_words_return: - move v0,zero - jr ra - -.L_bn_sqr_words_tail: - dmultu t0,t0 - subu a2,1 - mflo t1 - mfhi t0 - sd t1,0(a0) - sd t0,8(a0) - beqz a2,.L_bn_sqr_words_return - - ld t0,8(a1) - dmultu t0,t0 - subu a2,1 - mflo t1 - mfhi t0 - sd t1,16(a0) - sd t0,24(a0) - beqz a2,.L_bn_sqr_words_return - - ld t0,16(a1) - dmultu t0,t0 - mflo t1 - mfhi t0 - sd t1,32(a0) - sd t0,40(a0) - jr ra -END(bn_sqr_words) - -.align 5 -LEAF(bn_add_words) - .set noreorder - bgtzl a3,.L_bn_add_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_add_words_proceed: - li MINUS4,-4 - and AT,a3,MINUS4 - move v0,zero - beqz AT,.L_bn_add_words_tail - -.L_bn_add_words_loop: - ld ta0,0(a2) - subu a3,4 - ld t1,8(a1) - and AT,a3,MINUS4 - ld t2,16(a1) - PTR_ADD a2,32 - ld t3,24(a1) - PTR_ADD a0,32 - ld ta1,-24(a2) - PTR_ADD a1,32 - ld ta2,-16(a2) - ld ta3,-8(a2) - daddu ta0,t0 - sltu t8,ta0,t0 - daddu t0,ta0,v0 - sltu v0,t0,ta0 - sd t0,-32(a0) - daddu v0,t8 - - daddu ta1,t1 - sltu t9,ta1,t1 - daddu t1,ta1,v0 - sltu v0,t1,ta1 - sd t1,-24(a0) - daddu v0,t9 - - daddu ta2,t2 - sltu t8,ta2,t2 - daddu t2,ta2,v0 - sltu v0,t2,ta2 - sd t2,-16(a0) - daddu v0,t8 - - daddu ta3,t3 - sltu t9,ta3,t3 - daddu t3,ta3,v0 - sltu v0,t3,ta3 - sd t3,-8(a0) - daddu v0,t9 - - .set noreorder - bgtzl AT,.L_bn_add_words_loop - ld t0,0(a1) - - bnezl a3,.L_bn_add_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_add_words_return: - jr ra - -.L_bn_add_words_tail: - ld ta0,0(a2) - daddu ta0,t0 - subu a3,1 - sltu t8,ta0,t0 - daddu t0,ta0,v0 - sltu v0,t0,ta0 - sd t0,0(a0) - daddu v0,t8 - beqz a3,.L_bn_add_words_return - - ld t1,8(a1) - ld ta1,8(a2) - daddu ta1,t1 - subu a3,1 - sltu t9,ta1,t1 - daddu t1,ta1,v0 - sltu v0,t1,ta1 - sd t1,8(a0) - daddu v0,t9 - beqz a3,.L_bn_add_words_return - - ld t2,16(a1) - ld ta2,16(a2) - daddu ta2,t2 - sltu t8,ta2,t2 - daddu t2,ta2,v0 - sltu v0,t2,ta2 - sd t2,16(a0) - daddu v0,t8 - jr ra -END(bn_add_words) - -.align 5 -LEAF(bn_sub_words) - .set noreorder - bgtzl a3,.L_bn_sub_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_sub_words_proceed: - li MINUS4,-4 - and AT,a3,MINUS4 - move v0,zero - beqz AT,.L_bn_sub_words_tail - -.L_bn_sub_words_loop: - ld ta0,0(a2) - subu a3,4 - ld t1,8(a1) - and AT,a3,MINUS4 - ld t2,16(a1) - PTR_ADD a2,32 - ld t3,24(a1) - PTR_ADD a0,32 - ld ta1,-24(a2) - PTR_ADD a1,32 - ld ta2,-16(a2) - ld ta3,-8(a2) - sltu t8,t0,ta0 - dsubu t0,ta0 - dsubu ta0,t0,v0 - sd ta0,-32(a0) - MOVNZ (t0,v0,t8) - - sltu t9,t1,ta1 - dsubu t1,ta1 - dsubu ta1,t1,v0 - sd ta1,-24(a0) - MOVNZ (t1,v0,t9) - - - sltu t8,t2,ta2 - dsubu t2,ta2 - dsubu ta2,t2,v0 - sd ta2,-16(a0) - MOVNZ (t2,v0,t8) - - sltu t9,t3,ta3 - dsubu t3,ta3 - dsubu ta3,t3,v0 - sd ta3,-8(a0) - MOVNZ (t3,v0,t9) - - .set noreorder - bgtzl AT,.L_bn_sub_words_loop - ld t0,0(a1) - - bnezl a3,.L_bn_sub_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_sub_words_return: - jr ra - -.L_bn_sub_words_tail: - ld ta0,0(a2) - subu a3,1 - sltu t8,t0,ta0 - dsubu t0,ta0 - dsubu ta0,t0,v0 - MOVNZ (t0,v0,t8) - sd ta0,0(a0) - beqz a3,.L_bn_sub_words_return - - ld t1,8(a1) - subu a3,1 - ld ta1,8(a2) - sltu t9,t1,ta1 - dsubu t1,ta1 - dsubu ta1,t1,v0 - MOVNZ (t1,v0,t9) - sd ta1,8(a0) - beqz a3,.L_bn_sub_words_return - - ld t2,16(a1) - ld ta2,16(a2) - sltu t8,t2,ta2 - dsubu t2,ta2 - dsubu ta2,t2,v0 - MOVNZ (t2,v0,t8) - sd ta2,16(a0) - jr ra -END(bn_sub_words) - -#undef MINUS4 - -.align 5 -LEAF(bn_div_3_words) - .set reorder - move a3,a0 /* we know that bn_div_words doesn't - * touch a3, ta2, ta3 and preserves a2 - * so that we can save two arguments - * and return address in registers - * instead of stack:-) - */ - ld a0,(a3) - move ta2,a1 - ld a1,-8(a3) - bne a0,a2,.L_bn_div_3_words_proceed - li v0,-1 - jr ra -.L_bn_div_3_words_proceed: - move ta3,ra - bal bn_div_words - move ra,ta3 - dmultu ta2,v0 - ld t2,-16(a3) - move ta0,zero - mfhi t1 - mflo t0 - sltu t8,t1,v1 -.L_bn_div_3_words_inner_loop: - bnez t8,.L_bn_div_3_words_inner_loop_done - sgeu AT,t2,t0 - seq t9,t1,v1 - and AT,t9 - sltu t3,t0,ta2 - daddu v1,a2 - dsubu t1,t3 - dsubu t0,ta2 - sltu t8,t1,v1 - sltu ta0,v1,a2 - or t8,ta0 - .set noreorder - beqzl AT,.L_bn_div_3_words_inner_loop - dsubu v0,1 - .set reorder -.L_bn_div_3_words_inner_loop_done: - jr ra -END(bn_div_3_words) - -.align 5 -LEAF(bn_div_words) - .set noreorder - bnezl a2,.L_bn_div_words_proceed - move v1,zero - jr ra - li v0,-1 /* I'd rather signal div-by-zero - * which can be done with 'break 7' */ - -.L_bn_div_words_proceed: - bltz a2,.L_bn_div_words_body - move t9,v1 - dsll a2,1 - bgtz a2,.-4 - addu t9,1 - - .set reorder - negu t1,t9 - li t2,-1 - dsll t2,t1 - and t2,a0 - dsrl AT,a1,t1 - .set noreorder - bnezl t2,.+8 - break 6 /* signal overflow */ - .set reorder - dsll a0,t9 - dsll a1,t9 - or a0,AT - -#define QT ta0 -#define HH ta1 -#define DH v1 -.L_bn_div_words_body: - dsrl DH,a2,32 - sgeu AT,a0,a2 - .set noreorder - bnezl AT,.+8 - dsubu a0,a2 - .set reorder - - li QT,-1 - dsrl HH,a0,32 - dsrl QT,32 /* q=0xffffffff */ - beq DH,HH,.L_bn_div_words_skip_div1 - ddivu zero,a0,DH - mflo QT -.L_bn_div_words_skip_div1: - dmultu a2,QT - dsll t3,a0,32 - dsrl AT,a1,32 - or t3,AT - mflo t0 - mfhi t1 -.L_bn_div_words_inner_loop1: - sltu t2,t3,t0 - seq t8,HH,t1 - sltu AT,HH,t1 - and t2,t8 - sltu v0,t0,a2 - or AT,t2 - .set noreorder - beqz AT,.L_bn_div_words_inner_loop1_done - dsubu t1,v0 - dsubu t0,a2 - b .L_bn_div_words_inner_loop1 - dsubu QT,1 - .set reorder -.L_bn_div_words_inner_loop1_done: - - dsll a1,32 - dsubu a0,t3,t0 - dsll v0,QT,32 - - li QT,-1 - dsrl HH,a0,32 - dsrl QT,32 /* q=0xffffffff */ - beq DH,HH,.L_bn_div_words_skip_div2 - ddivu zero,a0,DH - mflo QT -.L_bn_div_words_skip_div2: -#undef DH - dmultu a2,QT - dsll t3,a0,32 - dsrl AT,a1,32 - or t3,AT - mflo t0 - mfhi t1 -.L_bn_div_words_inner_loop2: - sltu t2,t3,t0 - seq t8,HH,t1 - sltu AT,HH,t1 - and t2,t8 - sltu v1,t0,a2 - or AT,t2 - .set noreorder - beqz AT,.L_bn_div_words_inner_loop2_done - dsubu t1,v1 - dsubu t0,a2 - b .L_bn_div_words_inner_loop2 - dsubu QT,1 - .set reorder -.L_bn_div_words_inner_loop2_done: -#undef HH - - dsubu a0,t3,t0 - or v0,QT - dsrl v1,a0,t9 /* v1 contains remainder if anybody wants it */ - dsrl a2,t9 /* restore a2 */ - jr ra -#undef QT -END(bn_div_words) - -#define a_0 t0 -#define a_1 t1 -#define a_2 t2 -#define a_3 t3 -#define b_0 ta0 -#define b_1 ta1 -#define b_2 ta2 -#define b_3 ta3 - -#define a_4 s0 -#define a_5 s2 -#define a_6 s4 -#define a_7 a1 /* once we load a[7] we don't need a anymore */ -#define b_4 s1 -#define b_5 s3 -#define b_6 s5 -#define b_7 a2 /* once we load b[7] we don't need b anymore */ - -#define t_1 t8 -#define t_2 t9 - -#define c_1 v0 -#define c_2 v1 -#define c_3 a3 - -#define FRAME_SIZE 48 - -.align 5 -LEAF(bn_mul_comba8) - .set noreorder - PTR_SUB sp,FRAME_SIZE - .frame sp,64,ra - .set reorder - ld a_0,0(a1) /* If compiled with -mips3 option on - * R5000 box assembler barks on this - * line with "shouldn't have mult/div - * as last instruction in bb (R10K - * bug)" warning. If anybody out there - * has a clue about how to circumvent - * this do send me a note. - * <appro@fy.chalmers.se> - */ - ld b_0,0(a2) - ld a_1,8(a1) - ld a_2,16(a1) - ld a_3,24(a1) - ld b_1,8(a2) - ld b_2,16(a2) - ld b_3,24(a2) - dmultu a_0,b_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ - sd s0,0(sp) - sd s1,8(sp) - sd s2,16(sp) - sd s3,24(sp) - sd s4,32(sp) - sd s5,40(sp) - mflo c_1 - mfhi c_2 - - dmultu a_0,b_1 /* mul_add_c(a[0],b[1],c2,c3,c1); */ - ld a_4,32(a1) - ld a_5,40(a1) - ld a_6,48(a1) - ld a_7,56(a1) - ld b_4,32(a2) - ld b_5,40(a2) - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu c_3,t_2,AT - dmultu a_1,b_0 /* mul_add_c(a[1],b[0],c2,c3,c1); */ - ld b_6,48(a2) - ld b_7,56(a2) - sd c_1,0(a0) /* r[0]=c1; */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - sd c_2,8(a0) /* r[1]=c2; */ - - dmultu a_2,b_0 /* mul_add_c(a[2],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - dmultu a_1,b_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_0,b_2 /* mul_add_c(a[0],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,16(a0) /* r[2]=c3; */ - - dmultu a_0,b_3 /* mul_add_c(a[0],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,b_0 /* mul_add_c(a[3],b[0],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,24(a0) /* r[3]=c1; */ - - dmultu a_4,b_0 /* mul_add_c(a[4],b[0],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_0,b_4 /* mul_add_c(a[0],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,32(a0) /* r[4]=c2; */ - - dmultu a_0,b_5 /* mul_add_c(a[0],b[5],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_4,b_1 /* mul_add_c(a[4],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_5,b_0 /* mul_add_c(a[5],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,40(a0) /* r[5]=c3; */ - - dmultu a_6,b_0 /* mul_add_c(a[6],b[0],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_2,b_4 /* mul_add_c(a[2],b[4],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_1,b_5 /* mul_add_c(a[1],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_0,b_6 /* mul_add_c(a[0],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,48(a0) /* r[6]=c1; */ - - dmultu a_0,b_7 /* mul_add_c(a[0],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_3,b_4 /* mul_add_c(a[3],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_4,b_3 /* mul_add_c(a[4],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_5,b_2 /* mul_add_c(a[5],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_6,b_1 /* mul_add_c(a[6],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_7,b_0 /* mul_add_c(a[7],b[0],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,56(a0) /* r[7]=c2; */ - - dmultu a_7,b_1 /* mul_add_c(a[7],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_4,b_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_3,b_5 /* mul_add_c(a[3],b[5],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_2,b_6 /* mul_add_c(a[2],b[6],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_1,b_7 /* mul_add_c(a[1],b[7],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,64(a0) /* r[8]=c3; */ - - dmultu a_2,b_7 /* mul_add_c(a[2],b[7],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_5,b_4 /* mul_add_c(a[5],b[4],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_6,b_3 /* mul_add_c(a[6],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_7,b_2 /* mul_add_c(a[7],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,72(a0) /* r[9]=c1; */ - - dmultu a_7,b_3 /* mul_add_c(a[7],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_4,b_6 /* mul_add_c(a[4],b[6],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_3,b_7 /* mul_add_c(a[3],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,80(a0) /* r[10]=c2; */ - - dmultu a_4,b_7 /* mul_add_c(a[4],b[7],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_7,b_4 /* mul_add_c(a[7],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,88(a0) /* r[11]=c3; */ - - dmultu a_7,b_5 /* mul_add_c(a[7],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,96(a0) /* r[12]=c1; */ - - dmultu a_6,b_7 /* mul_add_c(a[6],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,104(a0) /* r[13]=c2; */ - - dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ - ld s0,0(sp) - ld s1,8(sp) - ld s2,16(sp) - ld s3,24(sp) - ld s4,32(sp) - ld s5,40(sp) - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sd c_3,112(a0) /* r[14]=c3; */ - sd c_1,120(a0) /* r[15]=c1; */ - - PTR_ADD sp,FRAME_SIZE - - jr ra -END(bn_mul_comba8) - -.align 5 -LEAF(bn_mul_comba4) - .set reorder - ld a_0,0(a1) - ld b_0,0(a2) - ld a_1,8(a1) - ld a_2,16(a1) - dmultu a_0,b_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ - ld a_3,24(a1) - ld b_1,8(a2) - ld b_2,16(a2) - ld b_3,24(a2) - mflo c_1 - mfhi c_2 - sd c_1,0(a0) - - dmultu a_0,b_1 /* mul_add_c(a[0],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu c_3,t_2,AT - dmultu a_1,b_0 /* mul_add_c(a[1],b[0],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - sd c_2,8(a0) - - dmultu a_2,b_0 /* mul_add_c(a[2],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - dmultu a_1,b_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_0,b_2 /* mul_add_c(a[0],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,16(a0) - - dmultu a_0,b_3 /* mul_add_c(a[0],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,b_0 /* mul_add_c(a[3],b[0],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,24(a0) - - dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,32(a0) - - dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,40(a0) - - dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sd c_1,48(a0) - sd c_2,56(a0) - - jr ra -END(bn_mul_comba4) - -#undef a_4 -#undef a_5 -#undef a_6 -#undef a_7 -#define a_4 b_0 -#define a_5 b_1 -#define a_6 b_2 -#define a_7 b_3 - -.align 5 -LEAF(bn_sqr_comba8) - .set reorder - ld a_0,0(a1) - ld a_1,8(a1) - ld a_2,16(a1) - ld a_3,24(a1) - - dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ - ld a_4,32(a1) - ld a_5,40(a1) - ld a_6,48(a1) - ld a_7,56(a1) - mflo c_1 - mfhi c_2 - sd c_1,0(a0) - - dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu c_3,t_2,AT - sd c_2,8(a0) - - dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,16(a0) - - dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,24(a0) - - dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,32(a0) - - dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,40(a0) - - dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,48(a0) - - dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,56(a0) - - dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_4,a_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,64(a0) - - dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,72(a0) - - dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_5,a_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,80(a0) - - dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,88(a0) - - dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,96(a0) - - dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,104(a0) - - dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sd c_3,112(a0) - sd c_1,120(a0) - - jr ra -END(bn_sqr_comba8) - -.align 5 -LEAF(bn_sqr_comba4) - .set reorder - ld a_0,0(a1) - ld a_1,8(a1) - ld a_2,16(a1) - ld a_3,24(a1) - dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ - mflo c_1 - mfhi c_2 - sd c_1,0(a0) - - dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu c_3,t_2,AT - sd c_2,8(a0) - - dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,16(a0) - - dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,24(a0) - - dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,32(a0) - - dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,40(a0) - - dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sd c_1,48(a0) - sd c_2,56(a0) - - jr ra -END(bn_sqr_comba4) diff --git a/deps/openssl/openssl/crypto/bn/asm/pa-risc2.s b/deps/openssl/openssl/crypto/bn/asm/pa-risc2.s index f3b16290eb..413eac7123 100644 --- a/deps/openssl/openssl/crypto/bn/asm/pa-risc2.s +++ b/deps/openssl/openssl/crypto/bn/asm/pa-risc2.s @@ -1,3 +1,9 @@ +; Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +; +; Licensed under the OpenSSL license (the "License"). You may not use +; this file except in compliance with the License. You can obtain a copy +; in the file LICENSE in the source distribution or at +; https://www.openssl.org/source/license.html ; ; PA-RISC 2.0 implementation of bn_asm code, based on the ; 64-bit version of the code. This code is effectively the diff --git a/deps/openssl/openssl/crypto/bn/asm/pa-risc2W.s b/deps/openssl/openssl/crypto/bn/asm/pa-risc2W.s index a99545754d..97381172e7 100644 --- a/deps/openssl/openssl/crypto/bn/asm/pa-risc2W.s +++ b/deps/openssl/openssl/crypto/bn/asm/pa-risc2W.s @@ -1,3 +1,10 @@ +; Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +; +; Licensed under the OpenSSL license (the "License"). You may not use +; this file except in compliance with the License. You can obtain a copy +; in the file LICENSE in the source distribution or at +; https://www.openssl.org/source/license.html + ; ; PA-RISC 64-bit implementation of bn_asm code ; diff --git a/deps/openssl/openssl/crypto/bn/asm/parisc-mont.pl b/deps/openssl/openssl/crypto/bn/asm/parisc-mont.pl index c02ef6f014..8aa94e8511 100644 --- a/deps/openssl/openssl/crypto/bn/asm/parisc-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/parisc-mont.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # ==================================================================== # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL @@ -126,7 +133,7 @@ $fp="%r3"; $hi1="%r2"; $hi0="%r1"; -$xfer=$n0; # accomodates [-16..15] offset in fld[dw]s +$xfer=$n0; # accommodates [-16..15] offset in fld[dw]s $fm0="%fr4"; $fti=$fm0; $fbi="%fr5L"; diff --git a/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl b/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl index 6930a3aceb..5802260ca6 100644 --- a/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # ==================================================================== # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL diff --git a/deps/openssl/openssl/crypto/bn/asm/ppc.pl b/deps/openssl/openssl/crypto/bn/asm/ppc.pl index 446d8ba949..4ea534a1c7 100644 --- a/deps/openssl/openssl/crypto/bn/asm/ppc.pl +++ b/deps/openssl/openssl/crypto/bn/asm/ppc.pl @@ -1,5 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. # +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # Implemented as a Perl wrapper as we want to support several different # architectures with single file. We pick up the target based on the # file name we are asked to generate. @@ -419,7 +425,7 @@ $data=<<EOF; # r9,r10, r11 are the equivalents of c1,c2, c3. # # Possible optimization of loading all 8 longs of a into registers -# doesnt provide any speedup +# doesn't provide any speedup # xor r0,r0,r0 #set r0 = 0.Used in addze @@ -1009,7 +1015,7 @@ $data=<<EOF; $UMULL r8,r6,r7 $UMULH r9,r6,r7 addc r11,r11,r8 - addze r12,r9 # since we didnt set r12 to zero before. + addze r12,r9 # since we didn't set r12 to zero before. addze r10,r0 #mul_add_c(a[1],b[0],c2,c3,c1); $LD r6,`1*$BNSZ`(r4) diff --git a/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl b/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl index 595fc6d31f..1e19c958a1 100644 --- a/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # ==================================================================== # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL diff --git a/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl b/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl index 2b3f8b0e21..46d746b7d0 100755 --- a/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl +++ b/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + ############################################################################## # # @@ -103,7 +110,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0- $addx = ($ver>=3.03); } -open OUT,"| \"$^X\" $xlate $flavour $output"; +open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; *STDOUT = *OUT; if ($avx>1) {{{ diff --git a/deps/openssl/openssl/crypto/bn/asm/rsaz-x86_64.pl b/deps/openssl/openssl/crypto/bn/asm/rsaz-x86_64.pl index 87ce2c34d9..6f3b664f7a 100755 --- a/deps/openssl/openssl/crypto/bn/asm/rsaz-x86_64.pl +++ b/deps/openssl/openssl/crypto/bn/asm/rsaz-x86_64.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + ############################################################################## # # @@ -95,7 +102,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open OUT,"| \"$^X\" $xlate $flavour $output"; +open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; *STDOUT=*OUT; if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` @@ -1767,7 +1774,7 @@ ___ { # __rsaz_512_mul # # input: %rsi - ap, %rbp - bp - # ouput: + # output: # clobbers: everything my ($ap,$bp) = ("%rsi","%rbp"); $code.=<<___; @@ -1919,7 +1926,7 @@ if ($addx) { # __rsaz_512_mulx # # input: %rsi - ap, %rbp - bp - # ouput: + # output: # clobbers: everything my ($ap,$bp,$zero) = ("%rsi","%rbp","%rdi"); $code.=<<___; diff --git a/deps/openssl/openssl/crypto/bn/asm/s390x-gf2m.pl b/deps/openssl/openssl/crypto/bn/asm/s390x-gf2m.pl index 9d18d40e77..cbd16f4214 100644 --- a/deps/openssl/openssl/crypto/bn/asm/s390x-gf2m.pl +++ b/deps/openssl/openssl/crypto/bn/asm/s390x-gf2m.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # # ==================================================================== # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL @@ -35,7 +42,7 @@ if ($flavour =~ /3[12]/) { $g="g"; } -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} open STDOUT,">$output"; $stdframe=16*$SIZE_T+4*8; diff --git a/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl b/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl index 9fd64e81ee..2205bc2ca0 100644 --- a/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # ==================================================================== # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL @@ -54,7 +61,7 @@ if ($flavour =~ /3[12]/) { $g="g"; } -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} open STDOUT,">$output"; $stdframe=16*$SIZE_T+4*8; diff --git a/deps/openssl/openssl/crypto/bn/asm/s390x.S b/deps/openssl/openssl/crypto/bn/asm/s390x.S index f5eebe413a..292a7a9998 100755..100644 --- a/deps/openssl/openssl/crypto/bn/asm/s390x.S +++ b/deps/openssl/openssl/crypto/bn/asm/s390x.S @@ -1,11 +1,11 @@ .ident "s390x.S, version 1.1" // ==================================================================== -// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL -// project. +// Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. // -// Rights for redistribution and usage in source and binary forms are -// granted according to the OpenSSL license. Warranty of any kind is -// disclaimed. +// Licensed under the OpenSSL license (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy +// in the file LICENSE in the source distribution or at +// https://www.openssl.org/source/license.html // ==================================================================== .text diff --git a/deps/openssl/openssl/crypto/bn/asm/sparct4-mont.pl b/deps/openssl/openssl/crypto/bn/asm/sparct4-mont.pl index 71b45002a4..4faf66f10a 100755 --- a/deps/openssl/openssl/crypto/bn/asm/sparct4-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/sparct4-mont.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # ==================================================================== # Written by David S. Miller <davem@devemloft.net> and Andy Polyakov @@ -76,6 +83,9 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; push(@INC,"${dir}","${dir}../../perlasm"); require "sparcv9_modes.pl"; +$output = pop; +open STDOUT,">$output"; + $code.=<<___; #include "sparc_arch.h" diff --git a/deps/openssl/openssl/crypto/bn/asm/sparcv8.S b/deps/openssl/openssl/crypto/bn/asm/sparcv8.S index 88c5dc480a..9c31073b24 100644 --- a/deps/openssl/openssl/crypto/bn/asm/sparcv8.S +++ b/deps/openssl/openssl/crypto/bn/asm/sparcv8.S @@ -3,12 +3,12 @@ /* * ==================================================================== - * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL - * project. + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * - * Rights for redistribution and usage in source and binary forms are - * granted according to the OpenSSL license. Warranty of any kind is - * disclaimed. + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html * ==================================================================== */ diff --git a/deps/openssl/openssl/crypto/bn/asm/sparcv8plus.S b/deps/openssl/openssl/crypto/bn/asm/sparcv8plus.S index 63de1860f2..714a136675 100644 --- a/deps/openssl/openssl/crypto/bn/asm/sparcv8plus.S +++ b/deps/openssl/openssl/crypto/bn/asm/sparcv8plus.S @@ -3,12 +3,12 @@ /* * ==================================================================== - * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL - * project. + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * - * Rights for redistribution and usage in source and binary forms are - * granted according to the OpenSSL license. Warranty of any kind is - * disclaimed. + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html * ==================================================================== */ @@ -52,7 +52,7 @@ * # cd ../.. * # make; make test * - * Q. V8plus achitecture? What kind of beast is that? + * Q. V8plus architecture? What kind of beast is that? * A. Well, it's rather a programming model than an architecture... * It's actually v9-compliant, i.e. *any* UltraSPARC, CPU under * special conditions, namely when kernel doesn't preserve upper @@ -71,7 +71,7 @@ * * Q. 64-bit registers under 32-bit kernels? Didn't you just say it * doesn't work? - * A. You can't adress *all* registers as 64-bit wide:-( The catch is + * A. You can't address *all* registers as 64-bit wide:-( The catch is * that you actually may rely upon %o0-%o5 and %g1-%g4 being fully * preserved if you're in a leaf function, i.e. such never calling * any other functions. All functions in this module are leaf and @@ -144,6 +144,10 @@ * } */ +#ifdef OPENSSL_FIPSCANISTER +#include <openssl/fipssyms.h> +#endif + #if defined(__SUNPRO_C) && defined(__sparcv9) /* They've said -xarch=v9 at command line */ .register %g2,#scratch diff --git a/deps/openssl/openssl/crypto/bn/asm/sparcv9-gf2m.pl b/deps/openssl/openssl/crypto/bn/asm/sparcv9-gf2m.pl index ab94cd917c..dcf11a87a1 100644 --- a/deps/openssl/openssl/crypto/bn/asm/sparcv9-gf2m.pl +++ b/deps/openssl/openssl/crypto/bn/asm/sparcv9-gf2m.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # # ==================================================================== # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL @@ -18,6 +25,9 @@ # ~100-230% faster than gcc-generated code and ~35-90% faster than # the pure SPARCv9 code path. +$output = pop; +open STDOUT,">$output"; + $locals=16*8; $tab="%l0"; diff --git a/deps/openssl/openssl/crypto/bn/asm/sparcv9-mont.pl b/deps/openssl/openssl/crypto/bn/asm/sparcv9-mont.pl index d866287800..6807c8b6e0 100644 --- a/deps/openssl/openssl/crypto/bn/asm/sparcv9-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/sparcv9-mont.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # ==================================================================== # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL @@ -13,7 +20,7 @@ # for undertaken effort are multiple. First of all, UltraSPARC is not # the whole SPARCv9 universe and other VIS-free implementations deserve # optimized code as much. Secondly, newly introduced UltraSPARC T1, -# a.k.a. Niagara, has shared FPU and concurrent FPU-intensive pathes, +# a.k.a. Niagara, has shared FPU and concurrent FPU-intensive paths, # such as sparcv9a-mont, will simply sink it. Yes, T1 is equipped with # several integrated RSA/DSA accelerator circuits accessible through # kernel driver [only(*)], but having decent user-land software @@ -23,7 +30,7 @@ # instructions... # (*) Engine accessing the driver in question is on my TODO list. -# For reference, acceleator is estimated to give 6 to 10 times +# For reference, accelerator is estimated to give 6 to 10 times # improvement on single-threaded RSA sign. It should be noted # that 6-10x improvement coefficient does not actually mean # something extraordinary in terms of absolute [single-threaded] @@ -42,6 +49,9 @@ # module still have hidden potential [see TODO list there], which is # estimated to be larger than 20%... +$output = pop; +open STDOUT,">$output"; + # int bn_mul_mont( $rp="%i0"; # BN_ULONG *rp, $ap="%i1"; # const BN_ULONG *ap, @@ -50,10 +60,8 @@ $np="%i3"; # const BN_ULONG *np, $n0="%i4"; # const BN_ULONG *n0, $num="%i5"; # int num); -$bits=32; -for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); } -if ($bits==64) { $bias=2047; $frame=192; } -else { $bias=0; $frame=128; } +$frame="STACK_FRAME"; +$bias="STACK_BIAS"; $car0="%o0"; $car1="%o1"; @@ -76,6 +84,8 @@ $tpj="%l7"; $fname="bn_mul_mont_int"; $code=<<___; +#include "sparc_arch.h" + .section ".text",#alloc,#execinstr .global $fname @@ -105,7 +115,7 @@ $fname: ld [$np],$car1 ! np[0] sub %o7,$bias,%sp ! alloca ld [$np+4],$npj ! np[1] - be,pt `$bits==32?"%icc":"%xcc"`,.Lbn_sqr_mont + be,pt SIZE_T_CC,.Lbn_sqr_mont mov 12,$j mulx $car0,$mul0,$car0 ! ap[0]*bp[0] diff --git a/deps/openssl/openssl/crypto/bn/asm/sparcv9a-mont.pl b/deps/openssl/openssl/crypto/bn/asm/sparcv9a-mont.pl index a14205f2f0..50b690653f 100755 --- a/deps/openssl/openssl/crypto/bn/asm/sparcv9a-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/sparcv9a-mont.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # ==================================================================== # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL @@ -51,21 +58,17 @@ # # Modulo-scheduled inner loops allow to interleave floating point and # integer instructions and minimize Read-After-Write penalties. This -# results in *further* 20-50% perfromance improvement [depending on +# results in *further* 20-50% performance improvement [depending on # key length, more for longer keys] on USI&II cores and 30-80% - on # USIII&IV. +$output = pop; +open STDOUT,">$output"; + $fname="bn_mul_mont_fpu"; -$bits=32; -for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); } - -if ($bits==64) { - $bias=2047; - $frame=192; -} else { - $bias=0; - $frame=128; # 96 rounded up to largest known cache-line -} + +$frame="STACK_FRAME"; +$bias="STACK_BIAS"; $locals=64; # In order to provide for 32-/64-bit ABI duality, I keep integers wider @@ -121,6 +124,8 @@ $nhia="%f56"; $nhib="%f58"; $nhic="%f60"; $nhid="%f62"; $ASI_FL16_P=0xD2; # magic ASI value to engage 16-bit FP load $code=<<___; +#include "sparc_arch.h" + .section ".text",#alloc,#execinstr .global $fname @@ -867,7 +872,7 @@ ___ $code =~ s/\`([^\`]*)\`/eval($1)/gem; # Below substitution makes it possible to compile without demanding -# VIS extentions on command line, e.g. -xarch=v9 vs. -xarch=v9a. I +# VIS extensions on command line, e.g. -xarch=v9 vs. -xarch=v9a. I # dare to do this, because VIS capability is detected at run-time now # and this routine is not called on CPU not capable to execute it. Do # note that fzeros is not the only VIS dependency! Another dependency diff --git a/deps/openssl/openssl/crypto/bn/asm/via-mont.pl b/deps/openssl/openssl/crypto/bn/asm/via-mont.pl index c046a514c8..9f81bc822e 100644 --- a/deps/openssl/openssl/crypto/bn/asm/via-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/via-mont.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # # ==================================================================== # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL @@ -81,6 +88,9 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; +$output = pop; +open STDOUT,">$output"; + &asm_init($ARGV[0],"via-mont.pl"); # int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num); @@ -240,3 +250,5 @@ $sp=&DWP(28,"esp"); &asciz("Padlock Montgomery Multiplication, CRYPTOGAMS by <appro\@openssl.org>"); &asm_finish(); + +close STDOUT; diff --git a/deps/openssl/openssl/crypto/bn/asm/vis3-mont.pl b/deps/openssl/openssl/crypto/bn/asm/vis3-mont.pl index 263ac02b6f..64dba4480f 100644 --- a/deps/openssl/openssl/crypto/bn/asm/vis3-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/vis3-mont.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # ==================================================================== # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL @@ -18,16 +25,20 @@ # for reference purposes, because T4 has dedicated Montgomery # multiplication and squaring *instructions* that deliver even more. -$bits=32; -for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); } -if ($bits==64) { $bias=2047; $frame=192; } -else { $bias=0; $frame=112; } +$output = pop; +open STDOUT,">$output"; + +$frame = "STACK_FRAME"; +$bias = "STACK_BIAS"; + +$code.=<<___; +#include "sparc_arch.h" -$code.=<<___ if ($bits==64); +#ifdef __arch64__ .register %g2,#scratch .register %g3,#scratch -___ -$code.=<<___; +#endif + .section ".text",#alloc,#execinstr ___ @@ -333,7 +344,7 @@ ___ # Purpose of these subroutines is to explicitly encode VIS instructions, # so that one can compile the module without having to specify VIS -# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a. +# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a. # Idea is to reserve for option to produce "universal" binary and let # programmer detect if current CPU is VIS capable at run-time. sub unvis3 { diff --git a/deps/openssl/openssl/crypto/bn/asm/vms.mar b/deps/openssl/openssl/crypto/bn/asm/vms.mar deleted file mode 100644 index aefab15cdb..0000000000 --- a/deps/openssl/openssl/crypto/bn/asm/vms.mar +++ /dev/null @@ -1,6440 +0,0 @@ - .title vax_bn_mul_add_words unsigned multiply & add, 32*32+32+32=>64 -; -; w.j.m. 15-jan-1999 -; -; it's magic ... -; -; ULONG bn_mul_add_words(ULONG r[],ULONG a[],int n,ULONG w) { -; ULONG c = 0; -; int i; -; for(i = 0; i < n; i++) <c,r[i]> := r[i] + c + a[i] * w ; -; return c; -; } - -r=4 ;(AP) -a=8 ;(AP) -n=12 ;(AP) n by value (input) -w=16 ;(AP) w by value (input) - - - .psect code,nowrt - -.entry bn_mul_add_words,^m<r2,r3,r4,r5,r6> - - moval @r(ap),r2 - moval @a(ap),r3 - movl n(ap),r4 ; assumed >0 by C code - movl w(ap),r5 - clrl r6 ; c - -0$: - emul r5,(r3),(r2),r0 ; w, a[], r[] considered signed - - ; fixup for "negative" r[] - tstl (r2) - bgeq 10$ - incl r1 -10$: - - ; add in c - addl2 r6,r0 - adwc #0,r1 - - ; combined fixup for "negative" w, a[] - tstl r5 - bgeq 20$ - addl2 (r3),r1 -20$: - tstl (r3) - bgeq 30$ - addl2 r5,r1 -30$: - - movl r0,(r2)+ ; store lo result in r[] & advance - addl #4,r3 ; advance a[] - movl r1,r6 ; store hi result => c - - sobgtr r4,0$ - - movl r6,r0 ; return c - ret - - .title vax_bn_mul_words unsigned multiply & add, 32*32+32=>64 -; -; w.j.m. 15-jan-1999 -; -; it's magic ... -; -; ULONG bn_mul_words(ULONG r[],ULONG a[],int n,ULONG w) { -; ULONG c = 0; -; int i; -; for(i = 0; i < num; i++) <c,r[i]> := a[i] * w + c ; -; return(c); -; } - -r=4 ;(AP) -a=8 ;(AP) -n=12 ;(AP) n by value (input) -w=16 ;(AP) w by value (input) - - - .psect code,nowrt - -.entry bn_mul_words,^m<r2,r3,r4,r5,r6> - - moval @r(ap),r2 ; r2 -> r[] - moval @a(ap),r3 ; r3 -> a[] - movl n(ap),r4 ; r4 = loop count (assumed >0 by C code) - movl w(ap),r5 ; r5 = w - clrl r6 ; r6 = c - -0$: - ; <r1,r0> := w * a[] + c - emul r5,(r3),r6,r0 ; w, a[], c considered signed - - ; fixup for "negative" c - tstl r6 ; c - bgeq 10$ - incl r1 -10$: - - ; combined fixup for "negative" w, a[] - tstl r5 ; w - bgeq 20$ - addl2 (r3),r1 ; a[] -20$: - tstl (r3) ; a[] - bgeq 30$ - addl2 r5,r1 ; w -30$: - - movl r0,(r2)+ ; store lo result in r[] & advance - addl #4,r3 ; advance a[] - movl r1,r6 ; store hi result => c - - sobgtr r4,0$ - - movl r6,r0 ; return c - ret - - .title vax_bn_sqr_words unsigned square, 32*32=>64 -; -; w.j.m. 15-jan-1999 -; -; it's magic ... -; -; void bn_sqr_words(ULONG r[],ULONG a[],int n) { -; int i; -; for(i = 0; i < n; i++) <r[2*i+1],r[2*i]> := a[i] * a[i] ; -; } - -r=4 ;(AP) -a=8 ;(AP) -n=12 ;(AP) n by value (input) - - - .psect code,nowrt - -.entry bn_sqr_words,^m<r2,r3,r4,r5> - - moval @r(ap),r2 ; r2 -> r[] - moval @a(ap),r3 ; r3 -> a[] - movl n(ap),r4 ; r4 = n (assumed >0 by C code) - -0$: - movl (r3)+,r5 ; r5 = a[] & advance - - ; <r1,r0> := a[] * a[] - emul r5,r5,#0,r0 ; a[] considered signed - - ; fixup for "negative" a[] - tstl r5 ; a[] - bgeq 30$ - addl2 r5,r1 ; a[] - addl2 r5,r1 ; a[] -30$: - - movl r0,(r2)+ ; store lo result in r[] & advance - movl r1,(r2)+ ; store hi result in r[] & advance - - sobgtr r4,0$ - - movl #1,r0 ; return SS$_NORMAL - ret - - .title vax_bn_div_words unsigned divide -; -; Richard Levitte 20-Nov-2000 -; -; ULONG bn_div_words(ULONG h, ULONG l, ULONG d) -; { -; return ((ULONG)((((ULLONG)h)<<32)|l) / (ULLONG)d); -; } -; -; Using EDIV would be very easy, if it didn't do signed calculations. -; Any time any of the input numbers are signed, there are problems, -; usually with integer overflow, at which point it returns useless -; data (the quotient gets the value of l, and the remainder becomes 0). -; -; If it was just for the dividend, it would be very easy, just divide -; it by 2 (unsigned), do the division, multiply the resulting quotient -; and remainder by 2, add the bit that was dropped when dividing by 2 -; to the remainder, and do some adjustment so the remainder doesn't -; end up larger than the divisor. For some cases when the divisor is -; negative (from EDIV's point of view, i.e. when the highest bit is set), -; dividing the dividend by 2 isn't enough, and since some operations -; might generate integer overflows even when the dividend is divided by -; 4 (when the high part of the shifted down dividend ends up being exactly -; half of the divisor, the result is the quotient 0x80000000, which is -; negative...) it needs to be divided by 8. Furthermore, the divisor needs -; to be divided by 2 (unsigned) as well, to avoid more problems with the sign. -; In this case, a little extra fiddling with the remainder is required. -; -; So, the simplest way to handle this is always to divide the dividend -; by 8, and to divide the divisor by 2 if it's highest bit is set. -; After EDIV has been used, the quotient gets multiplied by 8 if the -; original divisor was positive, otherwise 4. The remainder, oddly -; enough, is *always* multiplied by 8. -; NOTE: in the case mentioned above, where the high part of the shifted -; down dividend ends up being exactly half the shifted down divisor, we -; end up with a 33 bit quotient. That's no problem however, it usually -; means we have ended up with a too large remainder as well, and the -; problem is fixed by the last part of the algorithm (next paragraph). -; -; The routine ends with comparing the resulting remainder with the -; original divisor and if the remainder is larger, subtract the -; original divisor from it, and increase the quotient by 1. This is -; done until the remainder is smaller than the divisor. -; -; The complete algorithm looks like this: -; -; d' = d -; l' = l & 7 -; [h,l] = [h,l] >> 3 -; [q,r] = floor([h,l] / d) # This is the EDIV operation -; if (q < 0) q = -q # I doubt this is necessary any more -; -; r' = r >> 29 -; if (d' >= 0) -; q' = q >> 29 -; q = q << 3 -; else -; q' = q >> 30 -; q = q << 2 -; r = (r << 3) + l' -; -; if (d' < 0) -; { -; [r',r] = [r',r] - q -; while ([r',r] < 0) -; { -; [r',r] = [r',r] + d -; [q',q] = [q',q] - 1 -; } -; } -; -; while ([r',r] >= d') -; { -; [r',r] = [r',r] - d' -; [q',q] = [q',q] + 1 -; } -; -; return q - -h=4 ;(AP) h by value (input) -l=8 ;(AP) l by value (input) -d=12 ;(AP) d by value (input) - -;r2 = l, q -;r3 = h, r -;r4 = d -;r5 = l' -;r6 = r' -;r7 = d' -;r8 = q' - - .psect code,nowrt - -.entry bn_div_words,^m<r2,r3,r4,r5,r6,r7,r8> - movl l(ap),r2 - movl h(ap),r3 - movl d(ap),r4 - - bicl3 #^XFFFFFFF8,r2,r5 ; l' = l & 7 - bicl3 #^X00000007,r2,r2 - - bicl3 #^XFFFFFFF8,r3,r6 - bicl3 #^X00000007,r3,r3 - - addl r6,r2 - - rotl #-3,r2,r2 ; l = l >> 3 - rotl #-3,r3,r3 ; h = h >> 3 - - movl r4,r7 ; d' = d - - movl #0,r6 ; r' = 0 - movl #0,r8 ; q' = 0 - - tstl r4 - beql 666$ ; Uh-oh, the divisor is 0... - bgtr 1$ - rotl #-1,r4,r4 ; If d is negative, shift it right. - bicl2 #^X80000000,r4 ; Since d is then a large number, the - ; lowest bit is insignificant - ; (contradict that, and I'll fix the problem!) -1$: - ediv r4,r2,r2,r3 ; Do the actual division - - tstl r2 - bgeq 3$ - mnegl r2,r2 ; if q < 0, negate it -3$: - tstl r7 - blss 4$ - rotl #3,r2,r2 ; q = q << 3 - bicl3 #^XFFFFFFF8,r2,r8 ; q' gets the high bits from q - bicl3 #^X00000007,r2,r2 - bsb 41$ -4$: ; else - rotl #2,r2,r2 ; q = q << 2 - bicl3 #^XFFFFFFFC,r2,r8 ; q' gets the high bits from q - bicl3 #^X00000003,r2,r2 -41$: - rotl #3,r3,r3 ; r = r << 3 - bicl3 #^XFFFFFFF8,r3,r6 ; r' gets the high bits from r - bicl3 #^X00000007,r3,r3 - addl r5,r3 ; r = r + l' - - tstl r7 - bgeq 5$ - bitl #1,r7 - beql 5$ ; if d' < 0 && d' & 1 - subl r2,r3 ; [r',r] = [r',r] - [q',q] - sbwc r8,r6 -45$: - bgeq 5$ ; while r < 0 - decl r2 ; [q',q] = [q',q] - 1 - sbwc #0,r8 - addl r7,r3 ; [r',r] = [r',r] + d' - adwc #0,r6 - brb 45$ - -; The return points are placed in the middle to keep a short distance from -; all the branch points -42$: -; movl r3,r1 - movl r2,r0 - ret -666$: - movl #^XFFFFFFFF,r0 - ret - -5$: - tstl r6 - bneq 6$ - cmpl r3,r7 - blssu 42$ ; while [r',r] >= d' -6$: - subl r7,r3 ; [r',r] = [r',r] - d' - sbwc #0,r6 - incl r2 ; [q',q] = [q',q] + 1 - adwc #0,r8 - brb 5$ - - .title vax_bn_add_words unsigned add of two arrays -; -; Richard Levitte 20-Nov-2000 -; -; ULONG bn_add_words(ULONG r[], ULONG a[], ULONG b[], int n) { -; ULONG c = 0; -; int i; -; for (i = 0; i < n; i++) <c,r[i]> = a[i] + b[i] + c; -; return(c); -; } - -r=4 ;(AP) r by reference (output) -a=8 ;(AP) a by reference (input) -b=12 ;(AP) b by reference (input) -n=16 ;(AP) n by value (input) - - - .psect code,nowrt - -.entry bn_add_words,^m<r2,r3,r4,r5,r6> - - moval @r(ap),r2 - moval @a(ap),r3 - moval @b(ap),r4 - movl n(ap),r5 ; assumed >0 by C code - clrl r0 ; c - - tstl r5 ; carry = 0 - bleq 666$ - -0$: - movl (r3)+,r6 ; carry untouched - adwc (r4)+,r6 ; carry used and touched - movl r6,(r2)+ ; carry untouched - sobgtr r5,0$ ; carry untouched - - adwc #0,r0 -666$: - ret - - .title vax_bn_sub_words unsigned add of two arrays -; -; Richard Levitte 20-Nov-2000 -; -; ULONG bn_sub_words(ULONG r[], ULONG a[], ULONG b[], int n) { -; ULONG c = 0; -; int i; -; for (i = 0; i < n; i++) <c,r[i]> = a[i] - b[i] - c; -; return(c); -; } - -r=4 ;(AP) r by reference (output) -a=8 ;(AP) a by reference (input) -b=12 ;(AP) b by reference (input) -n=16 ;(AP) n by value (input) - - - .psect code,nowrt - -.entry bn_sub_words,^m<r2,r3,r4,r5,r6> - - moval @r(ap),r2 - moval @a(ap),r3 - moval @b(ap),r4 - movl n(ap),r5 ; assumed >0 by C code - clrl r0 ; c - - tstl r5 ; carry = 0 - bleq 666$ - -0$: - movl (r3)+,r6 ; carry untouched - sbwc (r4)+,r6 ; carry used and touched - movl r6,(r2)+ ; carry untouched - sobgtr r5,0$ ; carry untouched - - adwc #0,r0 -666$: - ret - - -;r=4 ;(AP) -;a=8 ;(AP) -;b=12 ;(AP) -;n=16 ;(AP) n by value (input) - - .psect code,nowrt - -.entry BN_MUL_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11> - movab -924(sp),sp - clrq r8 - - clrl r10 - - movl 8(ap),r6 - movzwl 2(r6),r3 - movl 12(ap),r7 - bicl3 #-65536,(r7),r2 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-12(fp) - bicl3 #-65536,r3,-16(fp) - mull3 r0,-12(fp),-4(fp) - mull2 r2,-12(fp) - mull3 r2,-16(fp),-8(fp) - mull2 r0,-16(fp) - addl3 -4(fp),-8(fp),r0 - bicl3 #0,r0,-4(fp) - cmpl -4(fp),-8(fp) - bgequ noname.45 - addl2 #65536,-16(fp) -noname.45: - movzwl -2(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-16(fp) - bicl3 #-65536,-4(fp),r0 - ashl #16,r0,-8(fp) - addl3 -8(fp),-12(fp),r0 - bicl3 #0,r0,-12(fp) - cmpl -12(fp),-8(fp) - bgequ noname.46 - incl -16(fp) -noname.46: - movl -12(fp),r1 - movl -16(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.47 - incl r2 -noname.47: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.48 - incl r10 -noname.48: - - movl 4(ap),r11 - movl r9,(r11) - - clrl r9 - - movzwl 2(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-28(fp) - bicl3 #-65536,r2,-32(fp) - mull3 r0,-28(fp),-20(fp) - mull2 r3,-28(fp) - mull3 r3,-32(fp),-24(fp) - mull2 r0,-32(fp) - addl3 -20(fp),-24(fp),r0 - bicl3 #0,r0,-20(fp) - cmpl -20(fp),-24(fp) - bgequ noname.49 - addl2 #65536,-32(fp) -noname.49: - movzwl -18(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-32(fp) - bicl3 #-65536,-20(fp),r0 - ashl #16,r0,-24(fp) - addl3 -24(fp),-28(fp),r0 - bicl3 #0,r0,-28(fp) - cmpl -28(fp),-24(fp) - bgequ noname.50 - incl -32(fp) -noname.50: - movl -28(fp),r1 - movl -32(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.51 - incl r2 -noname.51: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.52 - incl r9 -noname.52: - - movzwl 6(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-44(fp) - bicl3 #-65536,r2,-48(fp) - mull3 r0,-44(fp),-36(fp) - mull2 r3,-44(fp) - mull3 r3,-48(fp),-40(fp) - mull2 r0,-48(fp) - addl3 -36(fp),-40(fp),r0 - bicl3 #0,r0,-36(fp) - cmpl -36(fp),-40(fp) - bgequ noname.53 - addl2 #65536,-48(fp) -noname.53: - movzwl -34(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-48(fp) - bicl3 #-65536,-36(fp),r0 - ashl #16,r0,-40(fp) - addl3 -40(fp),-44(fp),r0 - bicl3 #0,r0,-44(fp) - cmpl -44(fp),-40(fp) - bgequ noname.54 - incl -48(fp) -noname.54: - movl -44(fp),r1 - movl -48(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.55 - incl r2 -noname.55: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.56 - incl r9 -noname.56: - - movl r8,4(r11) - - clrl r8 - - movzwl 10(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-60(fp) - bicl3 #-65536,r2,-64(fp) - mull3 r0,-60(fp),-52(fp) - mull2 r3,-60(fp) - mull3 r3,-64(fp),-56(fp) - mull2 r0,-64(fp) - addl3 -52(fp),-56(fp),r0 - bicl3 #0,r0,-52(fp) - cmpl -52(fp),-56(fp) - bgequ noname.57 - addl2 #65536,-64(fp) -noname.57: - movzwl -50(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-64(fp) - bicl3 #-65536,-52(fp),r0 - ashl #16,r0,-56(fp) - addl3 -56(fp),-60(fp),r0 - bicl3 #0,r0,-60(fp) - cmpl -60(fp),-56(fp) - bgequ noname.58 - incl -64(fp) -noname.58: - movl -60(fp),r1 - movl -64(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.59 - incl r2 -noname.59: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.60 - incl r8 -noname.60: - - movzwl 6(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-76(fp) - bicl3 #-65536,r2,-80(fp) - mull3 r0,-76(fp),-68(fp) - mull2 r3,-76(fp) - mull3 r3,-80(fp),-72(fp) - mull2 r0,-80(fp) - addl3 -68(fp),-72(fp),r0 - bicl3 #0,r0,-68(fp) - cmpl -68(fp),-72(fp) - bgequ noname.61 - addl2 #65536,-80(fp) -noname.61: - movzwl -66(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-80(fp) - bicl3 #-65536,-68(fp),r0 - ashl #16,r0,-72(fp) - addl3 -72(fp),-76(fp),r0 - bicl3 #0,r0,-76(fp) - cmpl -76(fp),-72(fp) - bgequ noname.62 - incl -80(fp) -noname.62: - movl -76(fp),r1 - movl -80(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.63 - incl r2 -noname.63: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.64 - incl r8 -noname.64: - - movzwl 2(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-92(fp) - bicl3 #-65536,r2,-96(fp) - mull3 r0,-92(fp),-84(fp) - mull2 r3,-92(fp) - mull3 r3,-96(fp),-88(fp) - mull2 r0,-96(fp) - addl3 -84(fp),-88(fp),r0 - bicl3 #0,r0,-84(fp) - cmpl -84(fp),-88(fp) - bgequ noname.65 - addl2 #65536,-96(fp) -noname.65: - movzwl -82(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-96(fp) - bicl3 #-65536,-84(fp),r0 - ashl #16,r0,-88(fp) - addl3 -88(fp),-92(fp),r0 - bicl3 #0,r0,-92(fp) - cmpl -92(fp),-88(fp) - bgequ noname.66 - incl -96(fp) -noname.66: - movl -92(fp),r1 - movl -96(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.67 - incl r2 -noname.67: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.68 - incl r8 -noname.68: - - movl r10,8(r11) - - clrl r10 - - movzwl 2(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-108(fp) - bicl3 #-65536,r2,-112(fp) - mull3 r0,-108(fp),-100(fp) - mull2 r3,-108(fp) - mull3 r3,-112(fp),-104(fp) - mull2 r0,-112(fp) - addl3 -100(fp),-104(fp),r0 - bicl3 #0,r0,-100(fp) - cmpl -100(fp),-104(fp) - bgequ noname.69 - addl2 #65536,-112(fp) -noname.69: - movzwl -98(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-112(fp) - bicl3 #-65536,-100(fp),r0 - ashl #16,r0,-104(fp) - addl3 -104(fp),-108(fp),r0 - bicl3 #0,r0,-108(fp) - cmpl -108(fp),-104(fp) - bgequ noname.70 - incl -112(fp) -noname.70: - movl -108(fp),r1 - movl -112(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.71 - incl r2 -noname.71: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.72 - incl r10 -noname.72: - - movzwl 6(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-124(fp) - bicl3 #-65536,r2,-128(fp) - mull3 r0,-124(fp),-116(fp) - mull2 r3,-124(fp) - mull3 r3,-128(fp),-120(fp) - mull2 r0,-128(fp) - addl3 -116(fp),-120(fp),r0 - bicl3 #0,r0,-116(fp) - cmpl -116(fp),-120(fp) - bgequ noname.73 - addl2 #65536,-128(fp) -noname.73: - movzwl -114(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-128(fp) - bicl3 #-65536,-116(fp),r0 - ashl #16,r0,-120(fp) - addl3 -120(fp),-124(fp),r0 - bicl3 #0,r0,-124(fp) - cmpl -124(fp),-120(fp) - bgequ noname.74 - incl -128(fp) -noname.74: - movl -124(fp),r1 - movl -128(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.75 - incl r2 -noname.75: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.76 - incl r10 -noname.76: - - movzwl 10(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-140(fp) - bicl3 #-65536,r2,-144(fp) - mull3 r0,-140(fp),-132(fp) - mull2 r3,-140(fp) - mull3 r3,-144(fp),-136(fp) - mull2 r0,-144(fp) - addl3 -132(fp),-136(fp),r0 - bicl3 #0,r0,-132(fp) - cmpl -132(fp),-136(fp) - bgequ noname.77 - addl2 #65536,-144(fp) -noname.77: - movzwl -130(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-144(fp) - bicl3 #-65536,-132(fp),r0 - ashl #16,r0,-136(fp) - addl3 -136(fp),-140(fp),r0 - bicl3 #0,r0,-140(fp) - cmpl -140(fp),-136(fp) - bgequ noname.78 - incl -144(fp) -noname.78: - movl -140(fp),r1 - movl -144(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.79 - incl r2 -noname.79: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.80 - incl r10 -noname.80: - - movzwl 14(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-156(fp) - bicl3 #-65536,r2,-160(fp) - mull3 r0,-156(fp),-148(fp) - mull2 r3,-156(fp) - mull3 r3,-160(fp),-152(fp) - mull2 r0,-160(fp) - addl3 -148(fp),-152(fp),r0 - bicl3 #0,r0,-148(fp) - cmpl -148(fp),-152(fp) - bgequ noname.81 - addl2 #65536,-160(fp) -noname.81: - movzwl -146(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-160(fp) - bicl3 #-65536,-148(fp),r0 - ashl #16,r0,-152(fp) - addl3 -152(fp),-156(fp),r0 - bicl3 #0,r0,-156(fp) - cmpl -156(fp),-152(fp) - bgequ noname.82 - incl -160(fp) -noname.82: - movl -156(fp),r1 - movl -160(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.83 - incl r2 -noname.83: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.84 - incl r10 -noname.84: - - movl r9,12(r11) - - clrl r9 - - movzwl 18(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r6),-172(fp) - bicl3 #-65536,r2,-176(fp) - mull3 r0,-172(fp),-164(fp) - mull2 r3,-172(fp) - mull3 r3,-176(fp),-168(fp) - mull2 r0,-176(fp) - addl3 -164(fp),-168(fp),r0 - bicl3 #0,r0,-164(fp) - cmpl -164(fp),-168(fp) - bgequ noname.85 - addl2 #65536,-176(fp) -noname.85: - movzwl -162(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-176(fp) - bicl3 #-65536,-164(fp),r0 - ashl #16,r0,-168(fp) - addl3 -168(fp),-172(fp),r0 - bicl3 #0,r0,-172(fp) - cmpl -172(fp),-168(fp) - bgequ noname.86 - incl -176(fp) -noname.86: - movl -172(fp),r1 - movl -176(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.87 - incl r2 -noname.87: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.88 - incl r9 -noname.88: - - movzwl 14(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-188(fp) - bicl3 #-65536,r2,-192(fp) - mull3 r0,-188(fp),-180(fp) - mull2 r3,-188(fp) - mull3 r3,-192(fp),-184(fp) - mull2 r0,-192(fp) - addl3 -180(fp),-184(fp),r0 - bicl3 #0,r0,-180(fp) - cmpl -180(fp),-184(fp) - bgequ noname.89 - addl2 #65536,-192(fp) -noname.89: - movzwl -178(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-192(fp) - bicl3 #-65536,-180(fp),r0 - ashl #16,r0,-184(fp) - addl3 -184(fp),-188(fp),r0 - bicl3 #0,r0,-188(fp) - cmpl -188(fp),-184(fp) - bgequ noname.90 - incl -192(fp) -noname.90: - movl -188(fp),r1 - movl -192(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.91 - incl r2 -noname.91: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.92 - incl r9 -noname.92: - - movzwl 10(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-204(fp) - bicl3 #-65536,r2,-208(fp) - mull3 r0,-204(fp),-196(fp) - mull2 r3,-204(fp) - mull3 r3,-208(fp),-200(fp) - mull2 r0,-208(fp) - addl3 -196(fp),-200(fp),r0 - bicl3 #0,r0,-196(fp) - cmpl -196(fp),-200(fp) - bgequ noname.93 - addl2 #65536,-208(fp) -noname.93: - movzwl -194(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-208(fp) - bicl3 #-65536,-196(fp),r0 - ashl #16,r0,-200(fp) - addl3 -200(fp),-204(fp),r0 - bicl3 #0,r0,-204(fp) - cmpl -204(fp),-200(fp) - bgequ noname.94 - incl -208(fp) -noname.94: - movl -204(fp),r1 - movl -208(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.95 - incl r2 -noname.95: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.96 - incl r9 -noname.96: - - movzwl 6(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-220(fp) - bicl3 #-65536,r2,-224(fp) - mull3 r0,-220(fp),-212(fp) - mull2 r3,-220(fp) - mull3 r3,-224(fp),-216(fp) - mull2 r0,-224(fp) - addl3 -212(fp),-216(fp),r0 - bicl3 #0,r0,-212(fp) - cmpl -212(fp),-216(fp) - bgequ noname.97 - addl2 #65536,-224(fp) -noname.97: - movzwl -210(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-224(fp) - bicl3 #-65536,-212(fp),r0 - ashl #16,r0,-216(fp) - addl3 -216(fp),-220(fp),r0 - bicl3 #0,r0,-220(fp) - cmpl -220(fp),-216(fp) - bgequ noname.98 - incl -224(fp) -noname.98: - movl -220(fp),r1 - movl -224(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.99 - incl r2 -noname.99: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.100 - incl r9 -noname.100: - - movzwl 2(r6),r2 - bicl3 #-65536,16(r7),r3 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-236(fp) - bicl3 #-65536,r2,-240(fp) - mull3 r0,-236(fp),-228(fp) - mull2 r3,-236(fp) - mull3 r3,-240(fp),-232(fp) - mull2 r0,-240(fp) - addl3 -228(fp),-232(fp),r0 - bicl3 #0,r0,-228(fp) - cmpl -228(fp),-232(fp) - bgequ noname.101 - addl2 #65536,-240(fp) -noname.101: - movzwl -226(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-240(fp) - bicl3 #-65536,-228(fp),r0 - ashl #16,r0,-232(fp) - addl3 -232(fp),-236(fp),r0 - bicl3 #0,r0,-236(fp) - cmpl -236(fp),-232(fp) - bgequ noname.102 - incl -240(fp) -noname.102: - movl -236(fp),r1 - movl -240(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.103 - incl r2 -noname.103: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.104 - incl r9 -noname.104: - - movl r8,16(r11) - - clrl r8 - - movzwl 2(r6),r2 - bicl3 #-65536,20(r7),r3 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-252(fp) - bicl3 #-65536,r2,-256(fp) - mull3 r0,-252(fp),-244(fp) - mull2 r3,-252(fp) - mull3 r3,-256(fp),-248(fp) - mull2 r0,-256(fp) - addl3 -244(fp),-248(fp),r0 - bicl3 #0,r0,-244(fp) - cmpl -244(fp),-248(fp) - bgequ noname.105 - addl2 #65536,-256(fp) -noname.105: - movzwl -242(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-256(fp) - bicl3 #-65536,-244(fp),r0 - ashl #16,r0,-248(fp) - addl3 -248(fp),-252(fp),r0 - bicl3 #0,r0,-252(fp) - cmpl -252(fp),-248(fp) - bgequ noname.106 - incl -256(fp) -noname.106: - movl -252(fp),r1 - movl -256(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.107 - incl r2 -noname.107: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.108 - incl r8 -noname.108: - - movzwl 6(r6),r2 - bicl3 #-65536,16(r7),r3 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-268(fp) - bicl3 #-65536,r2,-272(fp) - mull3 r0,-268(fp),-260(fp) - mull2 r3,-268(fp) - mull3 r3,-272(fp),-264(fp) - mull2 r0,-272(fp) - addl3 -260(fp),-264(fp),r0 - bicl3 #0,r0,-260(fp) - cmpl -260(fp),-264(fp) - bgequ noname.109 - addl2 #65536,-272(fp) -noname.109: - movzwl -258(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-272(fp) - bicl3 #-65536,-260(fp),r0 - ashl #16,r0,-264(fp) - addl3 -264(fp),-268(fp),r0 - bicl3 #0,r0,-268(fp) - cmpl -268(fp),-264(fp) - bgequ noname.110 - incl -272(fp) -noname.110: - movl -268(fp),r1 - movl -272(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.111 - incl r2 -noname.111: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.112 - incl r8 -noname.112: - - movzwl 10(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-284(fp) - bicl3 #-65536,r2,-288(fp) - mull3 r0,-284(fp),-276(fp) - mull2 r3,-284(fp) - mull3 r3,-288(fp),-280(fp) - mull2 r0,-288(fp) - addl3 -276(fp),-280(fp),r0 - bicl3 #0,r0,-276(fp) - cmpl -276(fp),-280(fp) - bgequ noname.113 - addl2 #65536,-288(fp) -noname.113: - movzwl -274(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-288(fp) - bicl3 #-65536,-276(fp),r0 - ashl #16,r0,-280(fp) - addl3 -280(fp),-284(fp),r0 - bicl3 #0,r0,-284(fp) - cmpl -284(fp),-280(fp) - bgequ noname.114 - incl -288(fp) -noname.114: - movl -284(fp),r1 - movl -288(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.115 - incl r2 -noname.115: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.116 - incl r8 -noname.116: - - movzwl 14(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-300(fp) - bicl3 #-65536,r2,-304(fp) - mull3 r0,-300(fp),-292(fp) - mull2 r3,-300(fp) - mull3 r3,-304(fp),-296(fp) - mull2 r0,-304(fp) - addl3 -292(fp),-296(fp),r0 - bicl3 #0,r0,-292(fp) - cmpl -292(fp),-296(fp) - bgequ noname.117 - addl2 #65536,-304(fp) -noname.117: - movzwl -290(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-304(fp) - bicl3 #-65536,-292(fp),r0 - ashl #16,r0,-296(fp) - addl3 -296(fp),-300(fp),r0 - bicl3 #0,r0,-300(fp) - cmpl -300(fp),-296(fp) - bgequ noname.118 - incl -304(fp) -noname.118: - movl -300(fp),r1 - movl -304(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.119 - incl r2 -noname.119: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.120 - incl r8 -noname.120: - - movzwl 18(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r6),-316(fp) - bicl3 #-65536,r2,-320(fp) - mull3 r0,-316(fp),-308(fp) - mull2 r3,-316(fp) - mull3 r3,-320(fp),-312(fp) - mull2 r0,-320(fp) - addl3 -308(fp),-312(fp),r0 - bicl3 #0,r0,-308(fp) - cmpl -308(fp),-312(fp) - bgequ noname.121 - addl2 #65536,-320(fp) -noname.121: - movzwl -306(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-320(fp) - bicl3 #-65536,-308(fp),r0 - ashl #16,r0,-312(fp) - addl3 -312(fp),-316(fp),r0 - bicl3 #0,r0,-316(fp) - cmpl -316(fp),-312(fp) - bgequ noname.122 - incl -320(fp) -noname.122: - movl -316(fp),r1 - movl -320(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.123 - incl r2 - -noname.123: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.124 - incl r8 -noname.124: - - movzwl 22(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,20(r6),-332(fp) - bicl3 #-65536,r2,-336(fp) - mull3 r0,-332(fp),-324(fp) - mull2 r3,-332(fp) - mull3 r3,-336(fp),-328(fp) - mull2 r0,-336(fp) - addl3 -324(fp),-328(fp),r0 - bicl3 #0,r0,-324(fp) - cmpl -324(fp),-328(fp) - bgequ noname.125 - addl2 #65536,-336(fp) -noname.125: - movzwl -322(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-336(fp) - bicl3 #-65536,-324(fp),r0 - ashl #16,r0,-328(fp) - addl3 -328(fp),-332(fp),r0 - bicl3 #0,r0,-332(fp) - cmpl -332(fp),-328(fp) - bgequ noname.126 - incl -336(fp) -noname.126: - movl -332(fp),r1 - movl -336(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.127 - incl r2 -noname.127: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.128 - incl r8 -noname.128: - - movl r10,20(r11) - - clrl r10 - - movzwl 26(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,24(r6),-348(fp) - bicl3 #-65536,r2,-352(fp) - mull3 r0,-348(fp),-340(fp) - mull2 r3,-348(fp) - mull3 r3,-352(fp),-344(fp) - mull2 r0,-352(fp) - addl3 -340(fp),-344(fp),r0 - bicl3 #0,r0,-340(fp) - cmpl -340(fp),-344(fp) - bgequ noname.129 - addl2 #65536,-352(fp) -noname.129: - movzwl -338(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-352(fp) - bicl3 #-65536,-340(fp),r0 - ashl #16,r0,-344(fp) - addl3 -344(fp),-348(fp),r0 - bicl3 #0,r0,-348(fp) - cmpl -348(fp),-344(fp) - bgequ noname.130 - incl -352(fp) -noname.130: - movl -348(fp),r1 - movl -352(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.131 - incl r2 -noname.131: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.132 - incl r10 -noname.132: - - movzwl 22(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,20(r6),-364(fp) - bicl3 #-65536,r2,-368(fp) - mull3 r0,-364(fp),-356(fp) - mull2 r3,-364(fp) - mull3 r3,-368(fp),-360(fp) - mull2 r0,-368(fp) - addl3 -356(fp),-360(fp),r0 - bicl3 #0,r0,-356(fp) - cmpl -356(fp),-360(fp) - bgequ noname.133 - addl2 #65536,-368(fp) -noname.133: - movzwl -354(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-368(fp) - bicl3 #-65536,-356(fp),r0 - ashl #16,r0,-360(fp) - addl3 -360(fp),-364(fp),r0 - bicl3 #0,r0,-364(fp) - cmpl -364(fp),-360(fp) - bgequ noname.134 - incl -368(fp) -noname.134: - movl -364(fp),r1 - movl -368(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.135 - incl r2 -noname.135: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.136 - incl r10 -noname.136: - - movzwl 18(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r6),-380(fp) - bicl3 #-65536,r2,-384(fp) - mull3 r0,-380(fp),-372(fp) - mull2 r3,-380(fp) - mull3 r3,-384(fp),-376(fp) - mull2 r0,-384(fp) - addl3 -372(fp),-376(fp),r0 - bicl3 #0,r0,-372(fp) - cmpl -372(fp),-376(fp) - bgequ noname.137 - addl2 #65536,-384(fp) -noname.137: - movzwl -370(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-384(fp) - bicl3 #-65536,-372(fp),r0 - ashl #16,r0,-376(fp) - addl3 -376(fp),-380(fp),r0 - bicl3 #0,r0,-380(fp) - cmpl -380(fp),-376(fp) - bgequ noname.138 - incl -384(fp) -noname.138: - movl -380(fp),r1 - movl -384(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.139 - incl r2 -noname.139: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.140 - incl r10 -noname.140: - - movzwl 14(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-396(fp) - bicl3 #-65536,r2,-400(fp) - mull3 r0,-396(fp),-388(fp) - mull2 r3,-396(fp) - mull3 r3,-400(fp),-392(fp) - mull2 r0,-400(fp) - addl3 -388(fp),-392(fp),r0 - bicl3 #0,r0,-388(fp) - cmpl -388(fp),-392(fp) - bgequ noname.141 - addl2 #65536,-400(fp) -noname.141: - movzwl -386(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-400(fp) - bicl3 #-65536,-388(fp),r0 - ashl #16,r0,-392(fp) - addl3 -392(fp),-396(fp),r0 - bicl3 #0,r0,-396(fp) - cmpl -396(fp),-392(fp) - bgequ noname.142 - incl -400(fp) -noname.142: - movl -396(fp),r1 - movl -400(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.143 - incl r2 -noname.143: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.144 - incl r10 -noname.144: - - movzwl 10(r6),r2 - bicl3 #-65536,16(r7),r3 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-412(fp) - bicl3 #-65536,r2,-416(fp) - mull3 r0,-412(fp),-404(fp) - mull2 r3,-412(fp) - mull3 r3,-416(fp),-408(fp) - mull2 r0,-416(fp) - addl3 -404(fp),-408(fp),r0 - bicl3 #0,r0,-404(fp) - cmpl -404(fp),-408(fp) - bgequ noname.145 - addl2 #65536,-416(fp) -noname.145: - movzwl -402(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-416(fp) - bicl3 #-65536,-404(fp),r0 - ashl #16,r0,-408(fp) - addl3 -408(fp),-412(fp),r0 - bicl3 #0,r0,-412(fp) - cmpl -412(fp),-408(fp) - bgequ noname.146 - incl -416(fp) -noname.146: - movl -412(fp),r1 - movl -416(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.147 - incl r2 -noname.147: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.148 - incl r10 -noname.148: - - movzwl 6(r6),r2 - bicl3 #-65536,20(r7),r3 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-428(fp) - bicl3 #-65536,r2,-432(fp) - mull3 r0,-428(fp),-420(fp) - mull2 r3,-428(fp) - mull3 r3,-432(fp),-424(fp) - mull2 r0,-432(fp) - addl3 -420(fp),-424(fp),r0 - bicl3 #0,r0,-420(fp) - cmpl -420(fp),-424(fp) - bgequ noname.149 - addl2 #65536,-432(fp) -noname.149: - movzwl -418(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-432(fp) - bicl3 #-65536,-420(fp),r0 - ashl #16,r0,-424(fp) - addl3 -424(fp),-428(fp),r0 - bicl3 #0,r0,-428(fp) - cmpl -428(fp),-424(fp) - bgequ noname.150 - incl -432(fp) -noname.150: - movl -428(fp),r1 - movl -432(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.151 - incl r2 -noname.151: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.152 - incl r10 -noname.152: - - movzwl 2(r6),r2 - bicl3 #-65536,24(r7),r3 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-444(fp) - bicl3 #-65536,r2,-448(fp) - mull3 r0,-444(fp),-436(fp) - mull2 r3,-444(fp) - mull3 r3,-448(fp),-440(fp) - mull2 r0,-448(fp) - addl3 -436(fp),-440(fp),r0 - bicl3 #0,r0,-436(fp) - cmpl -436(fp),-440(fp) - bgequ noname.153 - addl2 #65536,-448(fp) -noname.153: - movzwl -434(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-448(fp) - bicl3 #-65536,-436(fp),r0 - ashl #16,r0,-440(fp) - addl3 -440(fp),-444(fp),r0 - bicl3 #0,r0,-444(fp) - cmpl -444(fp),-440(fp) - bgequ noname.154 - incl -448(fp) -noname.154: - movl -444(fp),r1 - movl -448(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.155 - incl r2 -noname.155: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.156 - incl r10 -noname.156: - - movl r9,24(r11) - - clrl r9 - - movzwl 2(r6),r2 - bicl3 #-65536,28(r7),r3 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-460(fp) - bicl3 #-65536,r2,-464(fp) - mull3 r0,-460(fp),-452(fp) - mull2 r3,-460(fp) - mull3 r3,-464(fp),-456(fp) - mull2 r0,-464(fp) - addl3 -452(fp),-456(fp),r0 - bicl3 #0,r0,-452(fp) - cmpl -452(fp),-456(fp) - bgequ noname.157 - addl2 #65536,-464(fp) -noname.157: - movzwl -450(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-464(fp) - bicl3 #-65536,-452(fp),r0 - ashl #16,r0,-456(fp) - addl3 -456(fp),-460(fp),r0 - bicl3 #0,r0,-460(fp) - cmpl -460(fp),-456(fp) - bgequ noname.158 - incl -464(fp) -noname.158: - movl -460(fp),r1 - movl -464(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.159 - incl r2 -noname.159: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.160 - incl r9 -noname.160: - - movzwl 6(r6),r2 - bicl3 #-65536,24(r7),r3 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-476(fp) - bicl3 #-65536,r2,-480(fp) - mull3 r0,-476(fp),-468(fp) - mull2 r3,-476(fp) - mull3 r3,-480(fp),-472(fp) - mull2 r0,-480(fp) - addl3 -468(fp),-472(fp),r0 - bicl3 #0,r0,-468(fp) - cmpl -468(fp),-472(fp) - bgequ noname.161 - addl2 #65536,-480(fp) -noname.161: - movzwl -466(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-480(fp) - bicl3 #-65536,-468(fp),r0 - ashl #16,r0,-472(fp) - addl3 -472(fp),-476(fp),r0 - bicl3 #0,r0,-476(fp) - cmpl -476(fp),-472(fp) - bgequ noname.162 - incl -480(fp) -noname.162: - movl -476(fp),r1 - movl -480(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.163 - incl r2 -noname.163: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.164 - incl r9 -noname.164: - - movzwl 10(r6),r2 - bicl3 #-65536,20(r7),r3 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-492(fp) - bicl3 #-65536,r2,-496(fp) - mull3 r0,-492(fp),-484(fp) - mull2 r3,-492(fp) - mull3 r3,-496(fp),-488(fp) - mull2 r0,-496(fp) - addl3 -484(fp),-488(fp),r0 - bicl3 #0,r0,-484(fp) - cmpl -484(fp),-488(fp) - bgequ noname.165 - addl2 #65536,-496(fp) -noname.165: - movzwl -482(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-496(fp) - bicl3 #-65536,-484(fp),r0 - ashl #16,r0,-488(fp) - addl3 -488(fp),-492(fp),r0 - bicl3 #0,r0,-492(fp) - cmpl -492(fp),-488(fp) - bgequ noname.166 - incl -496(fp) -noname.166: - movl -492(fp),r1 - movl -496(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.167 - incl r2 -noname.167: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.168 - incl r9 -noname.168: - - movzwl 14(r6),r2 - bicl3 #-65536,16(r7),r3 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-508(fp) - bicl3 #-65536,r2,-512(fp) - mull3 r0,-508(fp),-500(fp) - mull2 r3,-508(fp) - mull3 r3,-512(fp),-504(fp) - mull2 r0,-512(fp) - addl3 -500(fp),-504(fp),r0 - bicl3 #0,r0,-500(fp) - cmpl -500(fp),-504(fp) - bgequ noname.169 - addl2 #65536,-512(fp) -noname.169: - movzwl -498(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-512(fp) - bicl3 #-65536,-500(fp),r0 - ashl #16,r0,-504(fp) - addl3 -504(fp),-508(fp),r0 - bicl3 #0,r0,-508(fp) - cmpl -508(fp),-504(fp) - bgequ noname.170 - incl -512(fp) -noname.170: - movl -508(fp),r1 - movl -512(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.171 - incl r2 -noname.171: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.172 - incl r9 -noname.172: - - movzwl 18(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r6),-524(fp) - bicl3 #-65536,r2,-528(fp) - mull3 r0,-524(fp),-516(fp) - mull2 r3,-524(fp) - mull3 r3,-528(fp),-520(fp) - mull2 r0,-528(fp) - addl3 -516(fp),-520(fp),r0 - bicl3 #0,r0,-516(fp) - cmpl -516(fp),-520(fp) - bgequ noname.173 - addl2 #65536,-528(fp) -noname.173: - movzwl -514(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-528(fp) - bicl3 #-65536,-516(fp),r0 - ashl #16,r0,-520(fp) - addl3 -520(fp),-524(fp),r0 - bicl3 #0,r0,-524(fp) - cmpl -524(fp),-520(fp) - bgequ noname.174 - incl -528(fp) -noname.174: - movl -524(fp),r1 - movl -528(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.175 - incl r2 -noname.175: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.176 - incl r9 -noname.176: - - movzwl 22(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,20(r6),-540(fp) - bicl3 #-65536,r2,-544(fp) - mull3 r0,-540(fp),-532(fp) - mull2 r3,-540(fp) - mull3 r3,-544(fp),-536(fp) - mull2 r0,-544(fp) - addl3 -532(fp),-536(fp),r0 - bicl3 #0,r0,-532(fp) - cmpl -532(fp),-536(fp) - bgequ noname.177 - addl2 #65536,-544(fp) -noname.177: - movzwl -530(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-544(fp) - bicl3 #-65536,-532(fp),r0 - ashl #16,r0,-536(fp) - addl3 -536(fp),-540(fp),r0 - bicl3 #0,r0,-540(fp) - cmpl -540(fp),-536(fp) - bgequ noname.178 - incl -544(fp) -noname.178: - movl -540(fp),r1 - movl -544(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.179 - incl r2 -noname.179: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.180 - incl r9 -noname.180: - - movzwl 26(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,24(r6),-556(fp) - bicl3 #-65536,r2,-560(fp) - mull3 r0,-556(fp),-548(fp) - mull2 r3,-556(fp) - mull3 r3,-560(fp),-552(fp) - mull2 r0,-560(fp) - addl3 -548(fp),-552(fp),r0 - bicl3 #0,r0,-548(fp) - cmpl -548(fp),-552(fp) - bgequ noname.181 - addl2 #65536,-560(fp) -noname.181: - movzwl -546(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-560(fp) - bicl3 #-65536,-548(fp),r0 - ashl #16,r0,-552(fp) - addl3 -552(fp),-556(fp),r0 - bicl3 #0,r0,-556(fp) - cmpl -556(fp),-552(fp) - bgequ noname.182 - incl -560(fp) -noname.182: - movl -556(fp),r1 - movl -560(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.183 - incl r2 -noname.183: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.184 - incl r9 -noname.184: - - movzwl 30(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,28(r6),-572(fp) - bicl3 #-65536,r2,-576(fp) - mull3 r0,-572(fp),-564(fp) - mull2 r3,-572(fp) - mull3 r3,-576(fp),-568(fp) - mull2 r0,-576(fp) - addl3 -564(fp),-568(fp),r0 - bicl3 #0,r0,-564(fp) - cmpl -564(fp),-568(fp) - bgequ noname.185 - addl2 #65536,-576(fp) -noname.185: - movzwl -562(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-576(fp) - bicl3 #-65536,-564(fp),r0 - ashl #16,r0,-568(fp) - addl3 -568(fp),-572(fp),r0 - bicl3 #0,r0,-572(fp) - cmpl -572(fp),-568(fp) - bgequ noname.186 - incl -576(fp) -noname.186: - movl -572(fp),r1 - movl -576(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.187 - incl r2 -noname.187: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.188 - incl r9 -noname.188: - - movl r8,28(r11) - - clrl r8 - - movzwl 30(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,28(r6),-588(fp) - bicl3 #-65536,r2,-592(fp) - mull3 r0,-588(fp),-580(fp) - mull2 r3,-588(fp) - mull3 r3,-592(fp),-584(fp) - mull2 r0,-592(fp) - addl3 -580(fp),-584(fp),r0 - bicl3 #0,r0,-580(fp) - cmpl -580(fp),-584(fp) - bgequ noname.189 - addl2 #65536,-592(fp) -noname.189: - movzwl -578(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-592(fp) - bicl3 #-65536,-580(fp),r0 - ashl #16,r0,-584(fp) - addl3 -584(fp),-588(fp),r0 - bicl3 #0,r0,-588(fp) - cmpl -588(fp),-584(fp) - bgequ noname.190 - incl -592(fp) -noname.190: - movl -588(fp),r1 - movl -592(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.191 - incl r2 -noname.191: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.192 - incl r8 -noname.192: - - movzwl 26(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,24(r6),-604(fp) - bicl3 #-65536,r2,-608(fp) - mull3 r0,-604(fp),-596(fp) - mull2 r3,-604(fp) - mull3 r3,-608(fp),-600(fp) - mull2 r0,-608(fp) - addl3 -596(fp),-600(fp),r0 - bicl3 #0,r0,-596(fp) - cmpl -596(fp),-600(fp) - bgequ noname.193 - addl2 #65536,-608(fp) -noname.193: - movzwl -594(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-608(fp) - bicl3 #-65536,-596(fp),r0 - ashl #16,r0,-600(fp) - addl3 -600(fp),-604(fp),r0 - bicl3 #0,r0,-604(fp) - cmpl -604(fp),-600(fp) - bgequ noname.194 - incl -608(fp) -noname.194: - movl -604(fp),r1 - movl -608(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.195 - incl r2 -noname.195: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.196 - incl r8 -noname.196: - - movzwl 22(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,20(r6),-620(fp) - bicl3 #-65536,r2,-624(fp) - mull3 r0,-620(fp),-612(fp) - mull2 r3,-620(fp) - mull3 r3,-624(fp),-616(fp) - mull2 r0,-624(fp) - addl3 -612(fp),-616(fp),r0 - bicl3 #0,r0,-612(fp) - cmpl -612(fp),-616(fp) - bgequ noname.197 - addl2 #65536,-624(fp) -noname.197: - movzwl -610(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-624(fp) - bicl3 #-65536,-612(fp),r0 - ashl #16,r0,-616(fp) - addl3 -616(fp),-620(fp),r0 - bicl3 #0,r0,-620(fp) - cmpl -620(fp),-616(fp) - bgequ noname.198 - incl -624(fp) -noname.198: - movl -620(fp),r1 - movl -624(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.199 - incl r2 -noname.199: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.200 - incl r8 -noname.200: - - movzwl 18(r6),r2 - bicl3 #-65536,16(r7),r3 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r6),-636(fp) - bicl3 #-65536,r2,-640(fp) - mull3 r0,-636(fp),-628(fp) - mull2 r3,-636(fp) - mull3 r3,-640(fp),-632(fp) - mull2 r0,-640(fp) - addl3 -628(fp),-632(fp),r0 - bicl3 #0,r0,-628(fp) - cmpl -628(fp),-632(fp) - bgequ noname.201 - addl2 #65536,-640(fp) -noname.201: - movzwl -626(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-640(fp) - bicl3 #-65536,-628(fp),r0 - ashl #16,r0,-632(fp) - addl3 -632(fp),-636(fp),r0 - bicl3 #0,r0,-636(fp) - cmpl -636(fp),-632(fp) - bgequ noname.202 - incl -640(fp) -noname.202: - movl -636(fp),r1 - movl -640(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.203 - incl r2 -noname.203: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.204 - incl r8 -noname.204: - - movzwl 14(r6),r2 - bicl3 #-65536,20(r7),r3 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-652(fp) - bicl3 #-65536,r2,-656(fp) - mull3 r0,-652(fp),-644(fp) - mull2 r3,-652(fp) - mull3 r3,-656(fp),-648(fp) - mull2 r0,-656(fp) - addl3 -644(fp),-648(fp),r0 - bicl3 #0,r0,-644(fp) - cmpl -644(fp),-648(fp) - bgequ noname.205 - addl2 #65536,-656(fp) -noname.205: - movzwl -642(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-656(fp) - bicl3 #-65536,-644(fp),r0 - ashl #16,r0,-648(fp) - addl3 -648(fp),-652(fp),r0 - bicl3 #0,r0,-652(fp) - cmpl -652(fp),-648(fp) - bgequ noname.206 - incl -656(fp) -noname.206: - movl -652(fp),r1 - movl -656(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.207 - incl r2 -noname.207: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.208 - incl r8 -noname.208: - - movzwl 10(r6),r2 - bicl3 #-65536,24(r7),r3 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-668(fp) - bicl3 #-65536,r2,-672(fp) - mull3 r0,-668(fp),-660(fp) - mull2 r3,-668(fp) - mull3 r3,-672(fp),-664(fp) - mull2 r0,-672(fp) - addl3 -660(fp),-664(fp),r0 - bicl3 #0,r0,-660(fp) - cmpl -660(fp),-664(fp) - bgequ noname.209 - addl2 #65536,-672(fp) -noname.209: - movzwl -658(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-672(fp) - bicl3 #-65536,-660(fp),r0 - ashl #16,r0,-664(fp) - addl3 -664(fp),-668(fp),r0 - bicl3 #0,r0,-668(fp) - cmpl -668(fp),-664(fp) - bgequ noname.210 - incl -672(fp) -noname.210: - movl -668(fp),r1 - movl -672(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.211 - incl r2 -noname.211: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.212 - incl r8 -noname.212: - - movzwl 6(r6),r2 - bicl3 #-65536,28(r7),r3 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-684(fp) - bicl3 #-65536,r2,-688(fp) - mull3 r0,-684(fp),-676(fp) - mull2 r3,-684(fp) - mull3 r3,-688(fp),-680(fp) - mull2 r0,-688(fp) - addl3 -676(fp),-680(fp),r0 - bicl3 #0,r0,-676(fp) - cmpl -676(fp),-680(fp) - bgequ noname.213 - addl2 #65536,-688(fp) -noname.213: - movzwl -674(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-688(fp) - bicl3 #-65536,-676(fp),r0 - ashl #16,r0,-680(fp) - addl3 -680(fp),-684(fp),r0 - bicl3 #0,r0,-684(fp) - cmpl -684(fp),-680(fp) - bgequ noname.214 - incl -688(fp) -noname.214: - movl -684(fp),r1 - movl -688(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.215 - incl r2 -noname.215: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.216 - incl r8 -noname.216: - - movl r10,32(r11) - - clrl r10 - - movzwl 10(r6),r2 - bicl3 #-65536,28(r7),r3 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-700(fp) - bicl3 #-65536,r2,-704(fp) - mull3 r0,-700(fp),-692(fp) - mull2 r3,-700(fp) - mull3 r3,-704(fp),-696(fp) - mull2 r0,-704(fp) - addl3 -692(fp),-696(fp),r0 - bicl3 #0,r0,-692(fp) - cmpl -692(fp),-696(fp) - bgequ noname.217 - addl2 #65536,-704(fp) -noname.217: - movzwl -690(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-704(fp) - bicl3 #-65536,-692(fp),r0 - ashl #16,r0,-696(fp) - addl3 -696(fp),-700(fp),r0 - bicl3 #0,r0,-700(fp) - cmpl -700(fp),-696(fp) - bgequ noname.218 - incl -704(fp) -noname.218: - movl -700(fp),r1 - movl -704(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.219 - incl r2 -noname.219: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.220 - incl r10 -noname.220: - - movzwl 14(r6),r2 - bicl3 #-65536,24(r7),r3 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-716(fp) - bicl3 #-65536,r2,-720(fp) - mull3 r0,-716(fp),-708(fp) - mull2 r3,-716(fp) - mull3 r3,-720(fp),-712(fp) - mull2 r0,-720(fp) - addl3 -708(fp),-712(fp),r0 - bicl3 #0,r0,-708(fp) - cmpl -708(fp),-712(fp) - bgequ noname.221 - addl2 #65536,-720(fp) -noname.221: - movzwl -706(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-720(fp) - bicl3 #-65536,-708(fp),r0 - ashl #16,r0,-712(fp) - addl3 -712(fp),-716(fp),r0 - bicl3 #0,r0,-716(fp) - cmpl -716(fp),-712(fp) - bgequ noname.222 - incl -720(fp) -noname.222: - movl -716(fp),r1 - movl -720(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.223 - incl r2 -noname.223: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.224 - incl r10 -noname.224: - - movzwl 18(r6),r2 - bicl3 #-65536,20(r7),r3 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r6),-732(fp) - bicl3 #-65536,r2,-736(fp) - mull3 r0,-732(fp),-724(fp) - mull2 r3,-732(fp) - mull3 r3,-736(fp),-728(fp) - mull2 r0,-736(fp) - addl3 -724(fp),-728(fp),r0 - bicl3 #0,r0,-724(fp) - cmpl -724(fp),-728(fp) - bgequ noname.225 - addl2 #65536,-736(fp) -noname.225: - movzwl -722(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-736(fp) - bicl3 #-65536,-724(fp),r0 - ashl #16,r0,-728(fp) - addl3 -728(fp),-732(fp),r0 - bicl3 #0,r0,-732(fp) - cmpl -732(fp),-728(fp) - bgequ noname.226 - incl -736(fp) -noname.226: - movl -732(fp),r1 - movl -736(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.227 - incl r2 -noname.227: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.228 - incl r10 -noname.228: - - movzwl 22(r6),r2 - bicl3 #-65536,16(r7),r3 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,20(r6),-748(fp) - bicl3 #-65536,r2,-752(fp) - mull3 r0,-748(fp),-740(fp) - mull2 r3,-748(fp) - mull3 r3,-752(fp),-744(fp) - mull2 r0,-752(fp) - addl3 -740(fp),-744(fp),r0 - bicl3 #0,r0,-740(fp) - cmpl -740(fp),-744(fp) - bgequ noname.229 - addl2 #65536,-752(fp) -noname.229: - movzwl -738(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-752(fp) - bicl3 #-65536,-740(fp),r0 - ashl #16,r0,-744(fp) - addl3 -744(fp),-748(fp),r0 - bicl3 #0,r0,-748(fp) - cmpl -748(fp),-744(fp) - bgequ noname.230 - incl -752(fp) -noname.230: - movl -748(fp),r1 - movl -752(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.231 - incl r2 -noname.231: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.232 - incl r10 -noname.232: - - movzwl 26(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,24(r6),-764(fp) - bicl3 #-65536,r2,-768(fp) - mull3 r0,-764(fp),-756(fp) - mull2 r3,-764(fp) - mull3 r3,-768(fp),-760(fp) - mull2 r0,-768(fp) - addl3 -756(fp),-760(fp),r0 - bicl3 #0,r0,-756(fp) - cmpl -756(fp),-760(fp) - bgequ noname.233 - addl2 #65536,-768(fp) -noname.233: - movzwl -754(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-768(fp) - bicl3 #-65536,-756(fp),r0 - ashl #16,r0,-760(fp) - addl3 -760(fp),-764(fp),r0 - bicl3 #0,r0,-764(fp) - cmpl -764(fp),-760(fp) - bgequ noname.234 - incl -768(fp) -noname.234: - movl -764(fp),r1 - movl -768(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.235 - incl r2 -noname.235: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.236 - incl r10 -noname.236: - - bicl3 #-65536,28(r6),r3 - movzwl 30(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,8(r7),r2 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-772(fp) - mull2 r2,r5 - mull3 r2,r4,-776(fp) - mull2 r0,r4 - addl3 -772(fp),-776(fp),r0 - bicl3 #0,r0,-772(fp) - cmpl -772(fp),-776(fp) - bgequ noname.237 - addl2 #65536,r4 -noname.237: - movzwl -770(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-772(fp),r0 - ashl #16,r0,-776(fp) - addl2 -776(fp),r5 - bicl2 #0,r5 - cmpl r5,-776(fp) - bgequ noname.238 - incl r4 -noname.238: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.239 - incl r2 -noname.239: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.240 - incl r10 -noname.240: - - movl r9,36(r11) - - clrl r9 - - bicl3 #-65536,28(r6),r3 - movzwl 30(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r7),r2 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-780(fp) - mull2 r2,r5 - mull3 r2,r4,-784(fp) - mull2 r0,r4 - addl3 -780(fp),-784(fp),r0 - bicl3 #0,r0,-780(fp) - cmpl -780(fp),-784(fp) - bgequ noname.241 - addl2 #65536,r4 -noname.241: - movzwl -778(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-780(fp),r0 - ashl #16,r0,-784(fp) - addl2 -784(fp),r5 - bicl2 #0,r5 - cmpl r5,-784(fp) - bgequ noname.242 - incl r4 -noname.242: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.243 - incl r2 -noname.243: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.244 - incl r9 -noname.244: - - bicl3 #-65536,24(r6),r3 - movzwl 26(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r7),r2 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-788(fp) - mull2 r2,r5 - mull3 r2,r4,-792(fp) - mull2 r0,r4 - addl3 -788(fp),-792(fp),r0 - bicl3 #0,r0,-788(fp) - cmpl -788(fp),-792(fp) - bgequ noname.245 - addl2 #65536,r4 -noname.245: - movzwl -786(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-788(fp),r0 - ashl #16,r0,-792(fp) - addl2 -792(fp),r5 - bicl2 #0,r5 - cmpl r5,-792(fp) - bgequ noname.246 - incl r4 -noname.246: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.247 - incl r2 -noname.247: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.248 - incl r9 -noname.248: - - bicl3 #-65536,20(r6),r3 - movzwl 22(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r7),r2 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-796(fp) - mull2 r2,r5 - mull3 r2,r4,-800(fp) - mull2 r0,r4 - addl3 -796(fp),-800(fp),r0 - bicl3 #0,r0,-796(fp) - cmpl -796(fp),-800(fp) - bgequ noname.249 - addl2 #65536,r4 -noname.249: - movzwl -794(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-796(fp),r0 - ashl #16,r0,-800(fp) - addl2 -800(fp),r5 - bicl2 #0,r5 - cmpl r5,-800(fp) - bgequ noname.250 - incl r4 -noname.250: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.251 - incl r2 -noname.251: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.252 - incl r9 -noname.252: - - bicl3 #-65536,16(r6),r3 - movzwl 18(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,24(r7),r2 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-804(fp) - mull2 r2,r5 - mull3 r2,r4,-808(fp) - mull2 r0,r4 - addl3 -804(fp),-808(fp),r0 - bicl3 #0,r0,-804(fp) - cmpl -804(fp),-808(fp) - bgequ noname.253 - addl2 #65536,r4 -noname.253: - movzwl -802(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-804(fp),r0 - ashl #16,r0,-808(fp) - addl2 -808(fp),r5 - bicl2 #0,r5 - cmpl r5,-808(fp) - bgequ noname.254 - incl r4 -noname.254: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.255 - incl r2 -noname.255: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.256 - incl r9 -noname.256: - - bicl3 #-65536,12(r6),r3 - movzwl 14(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,28(r7),r2 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-812(fp) - mull2 r2,r5 - mull3 r2,r4,-816(fp) - mull2 r0,r4 - addl3 -812(fp),-816(fp),r0 - bicl3 #0,r0,-812(fp) - cmpl -812(fp),-816(fp) - bgequ noname.257 - addl2 #65536,r4 -noname.257: - movzwl -810(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-812(fp),r0 - ashl #16,r0,-816(fp) - addl2 -816(fp),r5 - bicl2 #0,r5 - cmpl r5,-816(fp) - bgequ noname.258 - incl r4 -noname.258: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.259 - incl r2 -noname.259: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.260 - incl r9 -noname.260: - - movl r8,40(r11) - - clrl r8 - - bicl3 #-65536,16(r6),r3 - movzwl 18(r6),r2 - bicl3 #-65536,28(r7),r1 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - movl r3,r4 - bicl3 #-65536,r2,-828(fp) - mull3 r0,r4,-820(fp) - mull2 r1,r4 - mull3 r1,-828(fp),-824(fp) - mull2 r0,-828(fp) - addl3 -820(fp),-824(fp),r0 - bicl3 #0,r0,-820(fp) - cmpl -820(fp),-824(fp) - bgequ noname.261 - addl2 #65536,-828(fp) -noname.261: - movzwl -818(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-828(fp) - bicl3 #-65536,-820(fp),r0 - ashl #16,r0,-824(fp) - addl2 -824(fp),r4 - bicl2 #0,r4 - cmpl r4,-824(fp) - bgequ noname.262 - incl -828(fp) -noname.262: - movl r4,r1 - movl -828(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.263 - incl r2 -noname.263: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.264 - incl r8 -noname.264: - - movzwl 22(r6),r2 - bicl3 #-65536,24(r7),r3 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,20(r6),-840(fp) - bicl3 #-65536,r2,-844(fp) - mull3 r0,-840(fp),-832(fp) - mull2 r3,-840(fp) - mull3 r3,-844(fp),-836(fp) - mull2 r0,-844(fp) - addl3 -832(fp),-836(fp),r0 - bicl3 #0,r0,-832(fp) - cmpl -832(fp),-836(fp) - bgequ noname.265 - addl2 #65536,-844(fp) -noname.265: - movzwl -830(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-844(fp) - bicl3 #-65536,-832(fp),r0 - ashl #16,r0,-836(fp) - addl3 -836(fp),-840(fp),r0 - bicl3 #0,r0,-840(fp) - cmpl -840(fp),-836(fp) - bgequ noname.266 - incl -844(fp) -noname.266: - movl -840(fp),r1 - movl -844(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.267 - incl r2 -noname.267: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.268 - incl r8 -noname.268: - - bicl3 #-65536,24(r6),r3 - movzwl 26(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r7),r2 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-848(fp) - mull2 r2,r5 - mull3 r2,r4,-852(fp) - mull2 r0,r4 - addl3 -848(fp),-852(fp),r0 - bicl3 #0,r0,-848(fp) - cmpl -848(fp),-852(fp) - bgequ noname.269 - addl2 #65536,r4 -noname.269: - movzwl -846(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-848(fp),r0 - ashl #16,r0,-852(fp) - addl2 -852(fp),r5 - bicl2 #0,r5 - cmpl r5,-852(fp) - bgequ noname.270 - incl r4 -noname.270: - movl r5,r1 - movl r4,r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.271 - incl r2 -noname.271: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.272 - incl r8 -noname.272: - - bicl3 #-65536,28(r6),r3 - movzwl 30(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r7),r2 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-856(fp) - mull2 r2,r5 - mull3 r2,r4,-860(fp) - mull2 r0,r4 - addl3 -856(fp),-860(fp),r0 - bicl3 #0,r0,-856(fp) - cmpl -856(fp),-860(fp) - bgequ noname.273 - addl2 #65536,r4 -noname.273: - movzwl -854(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-856(fp),r0 - ashl #16,r0,-860(fp) - addl2 -860(fp),r5 - bicl2 #0,r5 - cmpl r5,-860(fp) - bgequ noname.274 - incl r4 -noname.274: - movl r5,r1 - movl r4,r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.275 - incl r2 -noname.275: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.276 - incl r8 -noname.276: - - movl r10,44(r11) - - clrl r10 - - bicl3 #-65536,28(r6),r3 - movzwl 30(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r7),r2 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-864(fp) - mull2 r2,r5 - mull3 r2,r4,-868(fp) - mull2 r0,r4 - addl3 -864(fp),-868(fp),r0 - bicl3 #0,r0,-864(fp) - cmpl -864(fp),-868(fp) - bgequ noname.277 - addl2 #65536,r4 -noname.277: - movzwl -862(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-864(fp),r0 - ashl #16,r0,-868(fp) - addl2 -868(fp),r5 - bicl2 #0,r5 - cmpl r5,-868(fp) - bgequ noname.278 - incl r4 -noname.278: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.279 - incl r2 -noname.279: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.280 - incl r10 -noname.280: - - bicl3 #-65536,24(r6),r3 - movzwl 26(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,24(r7),r2 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-872(fp) - mull2 r2,r5 - mull3 r2,r4,-876(fp) - mull2 r0,r4 - addl3 -872(fp),-876(fp),r0 - bicl3 #0,r0,-872(fp) - cmpl -872(fp),-876(fp) - bgequ noname.281 - addl2 #65536,r4 -noname.281: - movzwl -870(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-872(fp),r0 - ashl #16,r0,-876(fp) - addl2 -876(fp),r5 - bicl2 #0,r5 - cmpl r5,-876(fp) - bgequ noname.282 - incl r4 -noname.282: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.283 - incl r2 -noname.283: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.284 - incl r10 -noname.284: - - bicl3 #-65536,20(r6),r3 - movzwl 22(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,28(r7),r2 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-880(fp) - mull2 r2,r5 - mull3 r2,r4,-884(fp) - mull2 r0,r4 - addl3 -880(fp),-884(fp),r0 - bicl3 #0,r0,-880(fp) - cmpl -880(fp),-884(fp) - bgequ noname.285 - addl2 #65536,r4 -noname.285: - movzwl -878(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-880(fp),r0 - ashl #16,r0,-884(fp) - addl2 -884(fp),r5 - bicl2 #0,r5 - cmpl r5,-884(fp) - bgequ noname.286 - incl r4 -noname.286: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.287 - incl r2 -noname.287: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.288 - incl r10 -noname.288: - - movl r9,48(r11) - - clrl r9 - - bicl3 #-65536,24(r6),r3 - movzwl 26(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,28(r7),r2 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-888(fp) - mull2 r2,r5 - mull3 r2,r4,-892(fp) - mull2 r0,r4 - addl3 -888(fp),-892(fp),r0 - bicl3 #0,r0,-888(fp) - cmpl -888(fp),-892(fp) - bgequ noname.289 - addl2 #65536,r4 -noname.289: - movzwl -886(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-888(fp),r0 - ashl #16,r0,-892(fp) - addl2 -892(fp),r5 - bicl2 #0,r5 - cmpl r5,-892(fp) - bgequ noname.290 - incl r4 -noname.290: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.291 - incl r2 -noname.291: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.292 - incl r9 -noname.292: - - movzwl 30(r6),r2 - bicl3 #-65536,24(r7),r3 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,28(r6),-904(fp) - bicl3 #-65536,r2,-908(fp) - mull3 r0,-904(fp),-896(fp) - mull2 r3,-904(fp) - mull3 r3,-908(fp),-900(fp) - mull2 r0,-908(fp) - addl3 -896(fp),-900(fp),r0 - bicl3 #0,r0,-896(fp) - cmpl -896(fp),-900(fp) - bgequ noname.293 - addl2 #65536,-908(fp) -noname.293: - movzwl -894(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-908(fp) - bicl3 #-65536,-896(fp),r0 - ashl #16,r0,-900(fp) - addl3 -900(fp),-904(fp),r0 - bicl3 #0,r0,-904(fp) - cmpl -904(fp),-900(fp) - bgequ noname.294 - incl -908(fp) -noname.294: - movl -904(fp),r1 - movl -908(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.295 - incl r2 -noname.295: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.296 - incl r9 -noname.296: - - movl r8,52(r11) - - clrl r8 - - movzwl 30(r6),r2 - bicl3 #-65536,28(r7),r3 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,28(r6),-920(fp) - bicl3 #-65536,r2,-924(fp) - mull3 r0,-920(fp),-912(fp) - mull2 r3,-920(fp) - mull3 r3,-924(fp),-916(fp) - mull2 r0,-924(fp) - addl3 -912(fp),-916(fp),r0 - bicl3 #0,r0,-912(fp) - cmpl -912(fp),-916(fp) - bgequ noname.297 - addl2 #65536,-924(fp) -noname.297: - movzwl -910(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-924(fp) - bicl3 #-65536,-912(fp),r0 - ashl #16,r0,-916(fp) - addl3 -916(fp),-920(fp),r0 - bicl3 #0,r0,-920(fp) - cmpl -920(fp),-916(fp) - bgequ noname.298 - incl -924(fp) -noname.298: - movl -920(fp),r1 - movl -924(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.299 - incl r2 -noname.299: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.300 - incl r8 -noname.300: - - movl r10,56(r11) - - movl r9,60(r11) - - ret - - - -;r=4 ;(AP) -;a=8 ;(AP) -;b=12 ;(AP) -;n=16 ;(AP) n by value (input) - - .psect code,nowrt - -.entry BN_MUL_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11> - movab -156(sp),sp - - clrq r9 - - clrl r8 - - movl 8(ap),r6 - bicl3 #-65536,(r6),r3 - movzwl 2(r6),r2 - bicl2 #-65536,r2 - movl 12(ap),r7 - bicl3 #-65536,(r7),r1 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r2,r4 - mull3 r0,r5,-4(fp) - mull2 r1,r5 - mull3 r1,r4,-8(fp) - mull2 r0,r4 - addl3 -4(fp),-8(fp),r0 - bicl3 #0,r0,-4(fp) - cmpl -4(fp),-8(fp) - bgequ noname.303 - addl2 #65536,r4 -noname.303: - movzwl -2(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-4(fp),r0 - ashl #16,r0,-8(fp) - addl2 -8(fp),r5 - bicl2 #0,r5 - cmpl r5,-8(fp) - bgequ noname.304 - incl r4 -noname.304: - movl r5,r1 - movl r4,r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.305 - incl r2 -noname.305: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.306 - incl r8 -noname.306: - - movl 4(ap),r11 - movl r10,(r11) - - clrl r10 - - bicl3 #-65536,(r6),r3 - movzwl 2(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r7),r2 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-12(fp) - mull2 r2,r5 - mull3 r2,r4,-16(fp) - mull2 r0,r4 - addl3 -12(fp),-16(fp),r0 - bicl3 #0,r0,-12(fp) - cmpl -12(fp),-16(fp) - bgequ noname.307 - addl2 #65536,r4 -noname.307: - movzwl -10(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-12(fp),r0 - ashl #16,r0,-16(fp) - addl2 -16(fp),r5 - bicl2 #0,r5 - cmpl r5,-16(fp) - bgequ noname.308 - incl r4 -noname.308: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.309 - incl r2 -noname.309: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.310 - incl r10 -noname.310: - - bicl3 #-65536,4(r6),r3 - movzwl 6(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,(r7),r2 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-20(fp) - mull2 r2,r5 - mull3 r2,r4,-24(fp) - mull2 r0,r4 - addl3 -20(fp),-24(fp),r0 - bicl3 #0,r0,-20(fp) - cmpl -20(fp),-24(fp) - bgequ noname.311 - addl2 #65536,r4 -noname.311: - movzwl -18(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-20(fp),r0 - ashl #16,r0,-24(fp) - addl2 -24(fp),r5 - bicl2 #0,r5 - cmpl r5,-24(fp) - bgequ noname.312 - incl r4 -noname.312: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.313 - incl r2 -noname.313: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.314 - incl r10 -noname.314: - - movl r9,4(r11) - - clrl r9 - - bicl3 #-65536,8(r6),r3 - movzwl 10(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,(r7),r2 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-28(fp) - mull2 r2,r5 - mull3 r2,r4,-32(fp) - mull2 r0,r4 - addl3 -28(fp),-32(fp),r0 - bicl3 #0,r0,-28(fp) - cmpl -28(fp),-32(fp) - bgequ noname.315 - addl2 #65536,r4 -noname.315: - movzwl -26(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-28(fp),r0 - ashl #16,r0,-32(fp) - addl2 -32(fp),r5 - bicl2 #0,r5 - cmpl r5,-32(fp) - bgequ noname.316 - incl r4 -noname.316: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.317 - incl r2 -noname.317: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.318 - incl r9 -noname.318: - - bicl3 #-65536,4(r6),r3 - movzwl 6(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r7),r2 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-36(fp) - mull2 r2,r5 - mull3 r2,r4,-40(fp) - mull2 r0,r4 - addl3 -36(fp),-40(fp),r0 - bicl3 #0,r0,-36(fp) - cmpl -36(fp),-40(fp) - bgequ noname.319 - addl2 #65536,r4 -noname.319: - movzwl -34(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-36(fp),r0 - ashl #16,r0,-40(fp) - addl2 -40(fp),r5 - bicl2 #0,r5 - cmpl r5,-40(fp) - bgequ noname.320 - incl r4 -noname.320: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.321 - incl r2 -noname.321: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.322 - incl r9 -noname.322: - - bicl3 #-65536,(r6),r3 - movzwl 2(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,8(r7),r2 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-44(fp) - mull2 r2,r5 - mull3 r2,r4,-48(fp) - mull2 r0,r4 - addl3 -44(fp),-48(fp),r0 - bicl3 #0,r0,-44(fp) - cmpl -44(fp),-48(fp) - bgequ noname.323 - addl2 #65536,r4 -noname.323: - movzwl -42(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-44(fp),r0 - ashl #16,r0,-48(fp) - addl2 -48(fp),r5 - bicl2 #0,r5 - cmpl r5,-48(fp) - bgequ noname.324 - incl r4 -noname.324: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.325 - incl r2 -noname.325: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.326 - incl r9 -noname.326: - - movl r8,8(r11) - - clrl r8 - - bicl3 #-65536,(r6),r3 - movzwl 2(r6),r2 - bicl3 #-65536,12(r7),r1 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - movl r3,r4 - bicl3 #-65536,r2,-60(fp) - mull3 r0,r4,-52(fp) - mull2 r1,r4 - mull3 r1,-60(fp),-56(fp) - mull2 r0,-60(fp) - addl3 -52(fp),-56(fp),r0 - bicl3 #0,r0,-52(fp) - cmpl -52(fp),-56(fp) - bgequ noname.327 - addl2 #65536,-60(fp) -noname.327: - movzwl -50(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-60(fp) - bicl3 #-65536,-52(fp),r0 - ashl #16,r0,-56(fp) - addl2 -56(fp),r4 - bicl2 #0,r4 - cmpl r4,-56(fp) - bgequ noname.328 - incl -60(fp) -noname.328: - movl r4,r1 - movl -60(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.329 - incl r2 -noname.329: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.330 - incl r8 -noname.330: - - movzwl 6(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-72(fp) - bicl3 #-65536,r2,-76(fp) - mull3 r0,-72(fp),-64(fp) - mull2 r3,-72(fp) - mull3 r3,-76(fp),-68(fp) - mull2 r0,-76(fp) - addl3 -64(fp),-68(fp),r0 - bicl3 #0,r0,-64(fp) - cmpl -64(fp),-68(fp) - bgequ noname.331 - addl2 #65536,-76(fp) -noname.331: - movzwl -62(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-76(fp) - bicl3 #-65536,-64(fp),r0 - ashl #16,r0,-68(fp) - addl3 -68(fp),-72(fp),r0 - bicl3 #0,r0,-72(fp) - cmpl -72(fp),-68(fp) - bgequ noname.332 - incl -76(fp) -noname.332: - movl -72(fp),r1 - movl -76(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.333 - incl r2 -noname.333: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.334 - incl r8 -noname.334: - - bicl3 #-65536,8(r6),r3 - movzwl 10(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r7),r2 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-80(fp) - mull2 r2,r5 - mull3 r2,r4,-84(fp) - mull2 r0,r4 - addl3 -80(fp),-84(fp),r0 - bicl3 #0,r0,-80(fp) - cmpl -80(fp),-84(fp) - bgequ noname.335 - addl2 #65536,r4 -noname.335: - movzwl -78(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-80(fp),r0 - ashl #16,r0,-84(fp) - addl2 -84(fp),r5 - bicl2 #0,r5 - cmpl r5,-84(fp) - bgequ noname.336 - incl r4 -noname.336: - movl r5,r1 - movl r4,r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.337 - incl r2 -noname.337: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.338 - incl r8 -noname.338: - - bicl3 #-65536,12(r6),r3 - movzwl 14(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,(r7),r2 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-88(fp) - mull2 r2,r5 - mull3 r2,r4,-92(fp) - mull2 r0,r4 - addl3 -88(fp),-92(fp),r0 - bicl3 #0,r0,-88(fp) - cmpl -88(fp),-92(fp) - bgequ noname.339 - addl2 #65536,r4 -noname.339: - movzwl -86(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-88(fp),r0 - ashl #16,r0,-92(fp) - addl2 -92(fp),r5 - bicl2 #0,r5 - cmpl r5,-92(fp) - bgequ noname.340 - incl r4 -noname.340: - movl r5,r1 - movl r4,r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.341 - incl r2 -noname.341: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.342 - incl r8 -noname.342: - - movl r10,12(r11) - - clrl r10 - - bicl3 #-65536,12(r6),r3 - movzwl 14(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r7),r2 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-96(fp) - mull2 r2,r5 - mull3 r2,r4,-100(fp) - mull2 r0,r4 - addl3 -96(fp),-100(fp),r0 - bicl3 #0,r0,-96(fp) - cmpl -96(fp),-100(fp) - bgequ noname.343 - addl2 #65536,r4 -noname.343: - movzwl -94(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-96(fp),r0 - ashl #16,r0,-100(fp) - addl2 -100(fp),r5 - bicl2 #0,r5 - cmpl r5,-100(fp) - bgequ noname.344 - incl r4 -noname.344: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.345 - incl r2 -noname.345: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.346 - incl r10 -noname.346: - - bicl3 #-65536,8(r6),r3 - movzwl 10(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,8(r7),r2 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-104(fp) - mull2 r2,r5 - mull3 r2,r4,-108(fp) - mull2 r0,r4 - addl3 -104(fp),-108(fp),r0 - bicl3 #0,r0,-104(fp) - cmpl -104(fp),-108(fp) - bgequ noname.347 - addl2 #65536,r4 -noname.347: - movzwl -102(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-104(fp),r0 - ashl #16,r0,-108(fp) - addl2 -108(fp),r5 - bicl2 #0,r5 - cmpl r5,-108(fp) - bgequ noname.348 - incl r4 -noname.348: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.349 - incl r2 -noname.349: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.350 - incl r10 -noname.350: - - bicl3 #-65536,4(r6),r3 - movzwl 6(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r7),r2 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-112(fp) - mull2 r2,r5 - mull3 r2,r4,-116(fp) - mull2 r0,r4 - addl3 -112(fp),-116(fp),r0 - bicl3 #0,r0,-112(fp) - cmpl -112(fp),-116(fp) - bgequ noname.351 - addl2 #65536,r4 -noname.351: - movzwl -110(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-112(fp),r0 - ashl #16,r0,-116(fp) - addl2 -116(fp),r5 - bicl2 #0,r5 - cmpl r5,-116(fp) - bgequ noname.352 - incl r4 -noname.352: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.353 - incl r2 -noname.353: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.354 - incl r10 -noname.354: - - movl r9,16(r11) - - clrl r9 - - bicl3 #-65536,8(r6),r3 - movzwl 10(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r7),r2 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-120(fp) - mull2 r2,r5 - mull3 r2,r4,-124(fp) - mull2 r0,r4 - addl3 -120(fp),-124(fp),r0 - bicl3 #0,r0,-120(fp) - cmpl -120(fp),-124(fp) - bgequ noname.355 - addl2 #65536,r4 -noname.355: - movzwl -118(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-120(fp),r0 - ashl #16,r0,-124(fp) - addl2 -124(fp),r5 - bicl2 #0,r5 - cmpl r5,-124(fp) - bgequ noname.356 - incl r4 -noname.356: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.357 - incl r2 -noname.357: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.358 - incl r9 -noname.358: - - movzwl 14(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-136(fp) - bicl3 #-65536,r2,-140(fp) - mull3 r0,-136(fp),-128(fp) - mull2 r3,-136(fp) - mull3 r3,-140(fp),-132(fp) - mull2 r0,-140(fp) - addl3 -128(fp),-132(fp),r0 - bicl3 #0,r0,-128(fp) - cmpl -128(fp),-132(fp) - bgequ noname.359 - addl2 #65536,-140(fp) -noname.359: - movzwl -126(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-140(fp) - bicl3 #-65536,-128(fp),r0 - ashl #16,r0,-132(fp) - addl3 -132(fp),-136(fp),r0 - bicl3 #0,r0,-136(fp) - cmpl -136(fp),-132(fp) - bgequ noname.360 - incl -140(fp) -noname.360: - movl -136(fp),r1 - movl -140(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.361 - incl r2 -noname.361: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.362 - incl r9 -noname.362: - - movl r8,20(r11) - - clrl r8 - - movzwl 14(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-152(fp) - bicl3 #-65536,r2,-156(fp) - mull3 r0,-152(fp),-144(fp) - mull2 r3,-152(fp) - mull3 r3,-156(fp),-148(fp) - mull2 r0,-156(fp) - addl3 -144(fp),-148(fp),r0 - bicl3 #0,r0,-144(fp) - cmpl -144(fp),-148(fp) - bgequ noname.363 - addl2 #65536,-156(fp) -noname.363: - movzwl -142(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-156(fp) - bicl3 #-65536,-144(fp),r0 - ashl #16,r0,-148(fp) - addl3 -148(fp),-152(fp),r0 - bicl3 #0,r0,-152(fp) - cmpl -152(fp),-148(fp) - bgequ noname.364 - incl -156(fp) -noname.364: - movl -152(fp),r1 - movl -156(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.365 - incl r2 -noname.365: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.366 - incl r8 -noname.366: - - movl r10,24(r11) - - movl r9,28(r11) - - ret - - - -;r=4 ;(AP) -;a=8 ;(AP) -;b=12 ;(AP) -;n=16 ;(AP) n by value (input) - - .psect code,nowrt - -.entry BN_SQR_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9> - movab -444(sp),sp - - clrq r8 - - clrl r7 - - movl 8(ap),r4 - movl (r4),r3 - bicl3 #-65536,r3,-4(fp) - extzv #16,#16,r3,r0 - bicl3 #-65536,r0,r3 - movl -4(fp),r0 - mull3 r0,r3,-8(fp) - mull3 r0,r0,-4(fp) - mull2 r3,r3 - bicl3 #32767,-8(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r3 - bicl3 #-65536,-8(fp),r0 - ashl #17,r0,-8(fp) - addl3 -4(fp),-8(fp),r0 - bicl3 #0,r0,-4(fp) - cmpl -4(fp),-8(fp) - bgequ noname.369 - incl r3 -noname.369: - movl -4(fp),r1 - movl r3,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.370 - incl r2 -noname.370: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.371 - incl r7 -noname.371: - - movl r9,@4(ap) - - clrl r9 - - movzwl 6(r4),r2 - bicl3 #-65536,(r4),r3 - movzwl 2(r4),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r4),-20(fp) - bicl3 #-65536,r2,-24(fp) - mull3 r0,-20(fp),-12(fp) - mull2 r3,-20(fp) - mull3 r3,-24(fp),-16(fp) - mull2 r0,-24(fp) - addl3 -12(fp),-16(fp),r0 - bicl3 #0,r0,-12(fp) - cmpl -12(fp),-16(fp) - bgequ noname.372 - addl2 #65536,-24(fp) -noname.372: - movzwl -10(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-24(fp) - bicl3 #-65536,-12(fp),r0 - ashl #16,r0,-16(fp) - addl3 -16(fp),-20(fp),r0 - bicl3 #0,r0,-20(fp) - cmpl -20(fp),-16(fp) - bgequ noname.373 - incl -24(fp) -noname.373: - movl -20(fp),r3 - movl -24(fp),r2 - bbc #31,r2,noname.374 - incl r9 -noname.374: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.375 - incl r2 -noname.375: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.376 - incl r2 - bicl3 #0,r2,r0 - bneq noname.376 - incl r9 -noname.376: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.377 - incl r9 -noname.377: - - movl 4(ap),r0 - movl r8,4(r0) - - clrl r8 - - movl 8(ap),r4 - movl 4(r4),r3 - bicl3 #-65536,r3,-28(fp) - extzv #16,#16,r3,r0 - bicl3 #-65536,r0,r3 - movl -28(fp),r0 - mull3 r0,r3,-32(fp) - mull3 r0,r0,-28(fp) - mull2 r3,r3 - bicl3 #32767,-32(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r3 - bicl3 #-65536,-32(fp),r0 - ashl #17,r0,-32(fp) - addl3 -28(fp),-32(fp),r0 - bicl3 #0,r0,-28(fp) - cmpl -28(fp),-32(fp) - bgequ noname.378 - incl r3 -noname.378: - movl -28(fp),r1 - movl r3,r2 - addl2 r1,r7 - bicl2 #0,r7 - cmpl r7,r1 - bgequ noname.379 - incl r2 -noname.379: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.380 - incl r8 -noname.380: - - movzwl 10(r4),r2 - bicl3 #-65536,(r4),r3 - movzwl 2(r4),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r4),-44(fp) - bicl3 #-65536,r2,-48(fp) - mull3 r0,-44(fp),-36(fp) - mull2 r3,-44(fp) - mull3 r3,-48(fp),-40(fp) - mull2 r0,-48(fp) - addl3 -36(fp),-40(fp),r0 - bicl3 #0,r0,-36(fp) - cmpl -36(fp),-40(fp) - bgequ noname.381 - addl2 #65536,-48(fp) -noname.381: - movzwl -34(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-48(fp) - bicl3 #-65536,-36(fp),r0 - ashl #16,r0,-40(fp) - addl3 -40(fp),-44(fp),r0 - bicl3 #0,r0,-44(fp) - cmpl -44(fp),-40(fp) - bgequ noname.382 - incl -48(fp) -noname.382: - movl -44(fp),r3 - movl -48(fp),r2 - bbc #31,r2,noname.383 - incl r8 -noname.383: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.384 - incl r2 -noname.384: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.385 - incl r2 - bicl3 #0,r2,r0 - bneq noname.385 - incl r8 -noname.385: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.386 - incl r8 -noname.386: - - movl 4(ap),r0 - movl r7,8(r0) - - clrl r7 - - movl 8(ap),r0 - movzwl 14(r0),r2 - bicl3 #-65536,(r0),r3 - movzwl 2(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r0),-60(fp) - bicl3 #-65536,r2,-64(fp) - mull3 r1,-60(fp),-52(fp) - mull2 r3,-60(fp) - mull3 r3,-64(fp),-56(fp) - mull2 r1,-64(fp) - addl3 -52(fp),-56(fp),r0 - bicl3 #0,r0,-52(fp) - cmpl -52(fp),-56(fp) - bgequ noname.387 - addl2 #65536,-64(fp) -noname.387: - movzwl -50(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-64(fp) - bicl3 #-65536,-52(fp),r0 - ashl #16,r0,-56(fp) - addl3 -56(fp),-60(fp),r0 - bicl3 #0,r0,-60(fp) - cmpl -60(fp),-56(fp) - bgequ noname.388 - incl -64(fp) -noname.388: - movl -60(fp),r3 - movl -64(fp),r2 - bbc #31,r2,noname.389 - incl r7 -noname.389: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.390 - incl r2 -noname.390: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.391 - incl r2 - bicl3 #0,r2,r0 - bneq noname.391 - incl r7 -noname.391: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.392 - incl r7 -noname.392: - - movl 8(ap),r0 - movzwl 10(r0),r2 - bicl3 #-65536,4(r0),r3 - movzwl 6(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,8(r0),-76(fp) - bicl3 #-65536,r2,-80(fp) - mull3 r1,-76(fp),-68(fp) - mull2 r3,-76(fp) - mull3 r3,-80(fp),-72(fp) - mull2 r1,-80(fp) - addl3 -68(fp),-72(fp),r0 - bicl3 #0,r0,-68(fp) - cmpl -68(fp),-72(fp) - bgequ noname.393 - addl2 #65536,-80(fp) -noname.393: - movzwl -66(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-80(fp) - bicl3 #-65536,-68(fp),r0 - ashl #16,r0,-72(fp) - addl3 -72(fp),-76(fp),r0 - bicl3 #0,r0,-76(fp) - cmpl -76(fp),-72(fp) - bgequ noname.394 - incl -80(fp) -noname.394: - movl -76(fp),r3 - movl -80(fp),r2 - bbc #31,r2,noname.395 - incl r7 -noname.395: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.396 - incl r2 -noname.396: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.397 - incl r2 - bicl3 #0,r2,r0 - bneq noname.397 - incl r7 -noname.397: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.398 - incl r7 -noname.398: - - movl 4(ap),r0 - movl r9,12(r0) - - clrl r9 - - movl 8(ap),r2 - movl 8(r2),r4 - bicl3 #-65536,r4,-84(fp) - extzv #16,#16,r4,r0 - bicl3 #-65536,r0,r4 - movl -84(fp),r0 - mull3 r0,r4,-88(fp) - mull3 r0,r0,-84(fp) - mull2 r4,r4 - bicl3 #32767,-88(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r4 - bicl3 #-65536,-88(fp),r0 - ashl #17,r0,-88(fp) - addl3 -84(fp),-88(fp),r0 - bicl3 #0,r0,-84(fp) - cmpl -84(fp),-88(fp) - bgequ noname.399 - incl r4 -noname.399: - movl -84(fp),r1 - movl r4,r3 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.400 - incl r3 -noname.400: - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.401 - incl r9 -noname.401: - - movzwl 14(r2),r3 - bicl3 #-65536,4(r2),r1 - movzwl 6(r2),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r2),-100(fp) - bicl3 #-65536,r3,-104(fp) - mull3 r0,-100(fp),-92(fp) - mull2 r1,-100(fp) - mull3 r1,-104(fp),-96(fp) - mull2 r0,-104(fp) - addl3 -92(fp),-96(fp),r0 - bicl3 #0,r0,-92(fp) - cmpl -92(fp),-96(fp) - bgequ noname.402 - addl2 #65536,-104(fp) -noname.402: - movzwl -90(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-104(fp) - bicl3 #-65536,-92(fp),r0 - ashl #16,r0,-96(fp) - addl3 -96(fp),-100(fp),r0 - bicl3 #0,r0,-100(fp) - cmpl -100(fp),-96(fp) - bgequ noname.403 - incl -104(fp) -noname.403: - movl -100(fp),r3 - movl -104(fp),r2 - bbc #31,r2,noname.404 - incl r9 -noname.404: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.405 - incl r2 -noname.405: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.406 - incl r2 - bicl3 #0,r2,r0 - bneq noname.406 - incl r9 -noname.406: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.407 - incl r9 -noname.407: - - movl 8(ap),r0 - movzwl 18(r0),r2 - bicl3 #-65536,(r0),r3 - movzwl 2(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r0),-116(fp) - bicl3 #-65536,r2,-120(fp) - mull3 r1,-116(fp),-108(fp) - mull2 r3,-116(fp) - mull3 r3,-120(fp),-112(fp) - mull2 r1,-120(fp) - addl3 -108(fp),-112(fp),r0 - bicl3 #0,r0,-108(fp) - cmpl -108(fp),-112(fp) - bgequ noname.408 - addl2 #65536,-120(fp) -noname.408: - movzwl -106(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-120(fp) - bicl3 #-65536,-108(fp),r0 - ashl #16,r0,-112(fp) - addl3 -112(fp),-116(fp),r0 - bicl3 #0,r0,-116(fp) - cmpl -116(fp),-112(fp) - bgequ noname.409 - incl -120(fp) -noname.409: - movl -116(fp),r3 - movl -120(fp),r2 - bbc #31,r2,noname.410 - incl r9 -noname.410: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.411 - incl r2 -noname.411: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.412 - incl r2 - bicl3 #0,r2,r0 - bneq noname.412 - incl r9 -noname.412: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.413 - incl r9 -noname.413: - - movl 4(ap),r0 - movl r8,16(r0) - - clrl r8 - - movl 8(ap),r0 - movzwl 22(r0),r2 - bicl3 #-65536,(r0),r3 - movzwl 2(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r0),-132(fp) - bicl3 #-65536,r2,-136(fp) - mull3 r1,-132(fp),-124(fp) - mull2 r3,-132(fp) - mull3 r3,-136(fp),-128(fp) - mull2 r1,-136(fp) - addl3 -124(fp),-128(fp),r0 - bicl3 #0,r0,-124(fp) - cmpl -124(fp),-128(fp) - bgequ noname.414 - addl2 #65536,-136(fp) -noname.414: - movzwl -122(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-136(fp) - bicl3 #-65536,-124(fp),r0 - ashl #16,r0,-128(fp) - addl3 -128(fp),-132(fp),r0 - bicl3 #0,r0,-132(fp) - cmpl -132(fp),-128(fp) - bgequ noname.415 - incl -136(fp) -noname.415: - movl -132(fp),r3 - movl -136(fp),r2 - bbc #31,r2,noname.416 - incl r8 -noname.416: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.417 - incl r2 -noname.417: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.418 - incl r2 - bicl3 #0,r2,r0 - bneq noname.418 - incl r8 -noname.418: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.419 - incl r8 -noname.419: - - movl 8(ap),r0 - movzwl 18(r0),r2 - bicl3 #-65536,4(r0),r3 - movzwl 6(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r0),-148(fp) - bicl3 #-65536,r2,-152(fp) - mull3 r1,-148(fp),-140(fp) - mull2 r3,-148(fp) - mull3 r3,-152(fp),-144(fp) - mull2 r1,-152(fp) - addl3 -140(fp),-144(fp),r0 - bicl3 #0,r0,-140(fp) - cmpl -140(fp),-144(fp) - bgequ noname.420 - addl2 #65536,-152(fp) -noname.420: - movzwl -138(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-152(fp) - bicl3 #-65536,-140(fp),r0 - ashl #16,r0,-144(fp) - addl3 -144(fp),-148(fp),r0 - bicl3 #0,r0,-148(fp) - cmpl -148(fp),-144(fp) - bgequ noname.421 - incl -152(fp) -noname.421: - movl -148(fp),r3 - movl -152(fp),r2 - bbc #31,r2,noname.422 - incl r8 -noname.422: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.423 - incl r2 -noname.423: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.424 - incl r2 - bicl3 #0,r2,r0 - bneq noname.424 - incl r8 -noname.424: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.425 - incl r8 -noname.425: - - movl 8(ap),r0 - movzwl 14(r0),r2 - bicl3 #-65536,8(r0),r3 - movzwl 10(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r0),-164(fp) - bicl3 #-65536,r2,-168(fp) - mull3 r1,-164(fp),-156(fp) - mull2 r3,-164(fp) - mull3 r3,-168(fp),-160(fp) - mull2 r1,-168(fp) - addl3 -156(fp),-160(fp),r0 - bicl3 #0,r0,-156(fp) - cmpl -156(fp),-160(fp) - bgequ noname.426 - addl2 #65536,-168(fp) -noname.426: - movzwl -154(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-168(fp) - bicl3 #-65536,-156(fp),r0 - ashl #16,r0,-160(fp) - addl3 -160(fp),-164(fp),r0 - bicl3 #0,r0,-164(fp) - cmpl -164(fp),-160(fp) - bgequ noname.427 - incl -168(fp) -noname.427: - movl -164(fp),r3 - movl -168(fp),r2 - bbc #31,r2,noname.428 - incl r8 -noname.428: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.429 - incl r2 -noname.429: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.430 - incl r2 - bicl3 #0,r2,r0 - bneq noname.430 - incl r8 -noname.430: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.431 - incl r8 -noname.431: - - movl 4(ap),r0 - movl r7,20(r0) - - clrl r7 - - movl 8(ap),r2 - movl 12(r2),r4 - bicl3 #-65536,r4,-172(fp) - extzv #16,#16,r4,r0 - bicl3 #-65536,r0,r4 - movl -172(fp),r0 - mull3 r0,r4,-176(fp) - mull3 r0,r0,-172(fp) - mull2 r4,r4 - bicl3 #32767,-176(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r4 - bicl3 #-65536,-176(fp),r0 - ashl #17,r0,-176(fp) - addl3 -172(fp),-176(fp),r0 - bicl3 #0,r0,-172(fp) - cmpl -172(fp),-176(fp) - bgequ noname.432 - incl r4 -noname.432: - movl -172(fp),r1 - movl r4,r3 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.433 - incl r3 -noname.433: - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.434 - incl r7 -noname.434: - - movzwl 18(r2),r3 - bicl3 #-65536,8(r2),r1 - movzwl 10(r2),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r2),-188(fp) - bicl3 #-65536,r3,-192(fp) - mull3 r0,-188(fp),-180(fp) - mull2 r1,-188(fp) - mull3 r1,-192(fp),-184(fp) - mull2 r0,-192(fp) - addl3 -180(fp),-184(fp),r0 - bicl3 #0,r0,-180(fp) - cmpl -180(fp),-184(fp) - bgequ noname.435 - addl2 #65536,-192(fp) -noname.435: - movzwl -178(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-192(fp) - bicl3 #-65536,-180(fp),r0 - ashl #16,r0,-184(fp) - addl3 -184(fp),-188(fp),r0 - bicl3 #0,r0,-188(fp) - cmpl -188(fp),-184(fp) - bgequ noname.436 - incl -192(fp) -noname.436: - movl -188(fp),r3 - movl -192(fp),r2 - bbc #31,r2,noname.437 - incl r7 -noname.437: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.438 - incl r2 -noname.438: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.439 - incl r2 - bicl3 #0,r2,r0 - bneq noname.439 - incl r7 -noname.439: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.440 - incl r7 -noname.440: - - movl 8(ap),r0 - movzwl 22(r0),r2 - bicl3 #-65536,4(r0),r3 - movzwl 6(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r0),-204(fp) - bicl3 #-65536,r2,-208(fp) - mull3 r1,-204(fp),-196(fp) - mull2 r3,-204(fp) - mull3 r3,-208(fp),-200(fp) - mull2 r1,-208(fp) - addl3 -196(fp),-200(fp),r0 - bicl3 #0,r0,-196(fp) - cmpl -196(fp),-200(fp) - bgequ noname.441 - addl2 #65536,-208(fp) -noname.441: - movzwl -194(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-208(fp) - bicl3 #-65536,-196(fp),r0 - ashl #16,r0,-200(fp) - addl3 -200(fp),-204(fp),r0 - bicl3 #0,r0,-204(fp) - cmpl -204(fp),-200(fp) - bgequ noname.442 - incl -208(fp) -noname.442: - movl -204(fp),r3 - movl -208(fp),r2 - bbc #31,r2,noname.443 - incl r7 -noname.443: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.444 - incl r2 -noname.444: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.445 - incl r2 - bicl3 #0,r2,r0 - bneq noname.445 - incl r7 -noname.445: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.446 - incl r7 -noname.446: - - movl 8(ap),r0 - movzwl 26(r0),r2 - bicl3 #-65536,(r0),r3 - movzwl 2(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,24(r0),-220(fp) - bicl3 #-65536,r2,-224(fp) - mull3 r1,-220(fp),-212(fp) - mull2 r3,-220(fp) - mull3 r3,-224(fp),-216(fp) - mull2 r1,-224(fp) - addl3 -212(fp),-216(fp),r0 - bicl3 #0,r0,-212(fp) - cmpl -212(fp),-216(fp) - bgequ noname.447 - addl2 #65536,-224(fp) -noname.447: - movzwl -210(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-224(fp) - bicl3 #-65536,-212(fp),r0 - ashl #16,r0,-216(fp) - addl3 -216(fp),-220(fp),r0 - bicl3 #0,r0,-220(fp) - cmpl -220(fp),-216(fp) - bgequ noname.448 - incl -224(fp) -noname.448: - movl -220(fp),r3 - movl -224(fp),r2 - bbc #31,r2,noname.449 - incl r7 -noname.449: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.450 - incl r2 -noname.450: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.451 - incl r2 - bicl3 #0,r2,r0 - bneq noname.451 - incl r7 -noname.451: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.452 - incl r7 -noname.452: - - movl 4(ap),r0 - movl r9,24(r0) - - clrl r9 - - movl 8(ap),r0 - movzwl 30(r0),r2 - bicl3 #-65536,(r0),r3 - movzwl 2(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,28(r0),-236(fp) - bicl3 #-65536,r2,-240(fp) - mull3 r1,-236(fp),-228(fp) - mull2 r3,-236(fp) - mull3 r3,-240(fp),-232(fp) - mull2 r1,-240(fp) - addl3 -228(fp),-232(fp),r0 - bicl3 #0,r0,-228(fp) - cmpl -228(fp),-232(fp) - bgequ noname.453 - addl2 #65536,-240(fp) -noname.453: - movzwl -226(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-240(fp) - bicl3 #-65536,-228(fp),r0 - ashl #16,r0,-232(fp) - addl3 -232(fp),-236(fp),r0 - bicl3 #0,r0,-236(fp) - cmpl -236(fp),-232(fp) - bgequ noname.454 - incl -240(fp) -noname.454: - movl -236(fp),r3 - movl -240(fp),r2 - bbc #31,r2,noname.455 - incl r9 -noname.455: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.456 - incl r2 -noname.456: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.457 - incl r2 - bicl3 #0,r2,r0 - bneq noname.457 - incl r9 -noname.457: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.458 - incl r9 -noname.458: - - movl 8(ap),r0 - movzwl 26(r0),r2 - bicl3 #-65536,4(r0),r3 - movzwl 6(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,24(r0),-252(fp) - bicl3 #-65536,r2,-256(fp) - mull3 r1,-252(fp),-244(fp) - mull2 r3,-252(fp) - mull3 r3,-256(fp),-248(fp) - mull2 r1,-256(fp) - addl3 -244(fp),-248(fp),r0 - bicl3 #0,r0,-244(fp) - cmpl -244(fp),-248(fp) - bgequ noname.459 - addl2 #65536,-256(fp) -noname.459: - movzwl -242(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-256(fp) - bicl3 #-65536,-244(fp),r0 - ashl #16,r0,-248(fp) - addl3 -248(fp),-252(fp),r0 - bicl3 #0,r0,-252(fp) - cmpl -252(fp),-248(fp) - bgequ noname.460 - incl -256(fp) -noname.460: - movl -252(fp),r3 - movl -256(fp),r2 - bbc #31,r2,noname.461 - incl r9 -noname.461: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.462 - incl r2 -noname.462: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.463 - incl r2 - bicl3 #0,r2,r0 - bneq noname.463 - incl r9 -noname.463: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.464 - incl r9 -noname.464: - - movl 8(ap),r0 - movzwl 22(r0),r2 - bicl3 #-65536,8(r0),r3 - movzwl 10(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r0),-268(fp) - bicl3 #-65536,r2,-272(fp) - mull3 r1,-268(fp),-260(fp) - mull2 r3,-268(fp) - mull3 r3,-272(fp),-264(fp) - mull2 r1,-272(fp) - addl3 -260(fp),-264(fp),r0 - bicl3 #0,r0,-260(fp) - cmpl -260(fp),-264(fp) - bgequ noname.465 - addl2 #65536,-272(fp) -noname.465: - movzwl -258(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-272(fp) - bicl3 #-65536,-260(fp),r0 - ashl #16,r0,-264(fp) - addl3 -264(fp),-268(fp),r0 - bicl3 #0,r0,-268(fp) - cmpl -268(fp),-264(fp) - bgequ noname.466 - incl -272(fp) -noname.466: - movl -268(fp),r3 - movl -272(fp),r2 - bbc #31,r2,noname.467 - incl r9 -noname.467: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.468 - incl r2 -noname.468: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.469 - incl r2 - bicl3 #0,r2,r0 - bneq noname.469 - incl r9 -noname.469: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.470 - incl r9 -noname.470: - - movl 8(ap),r0 - movzwl 18(r0),r2 - bicl3 #-65536,12(r0),r3 - movzwl 14(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r0),-284(fp) - bicl3 #-65536,r2,-288(fp) - mull3 r1,-284(fp),-276(fp) - mull2 r3,-284(fp) - mull3 r3,-288(fp),-280(fp) - mull2 r1,-288(fp) - addl3 -276(fp),-280(fp),r0 - bicl3 #0,r0,-276(fp) - cmpl -276(fp),-280(fp) - bgequ noname.471 - addl2 #65536,-288(fp) -noname.471: - movzwl -274(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-288(fp) - bicl3 #-65536,-276(fp),r0 - ashl #16,r0,-280(fp) - addl3 -280(fp),-284(fp),r0 - bicl3 #0,r0,-284(fp) - cmpl -284(fp),-280(fp) - bgequ noname.472 - incl -288(fp) -noname.472: - movl -284(fp),r3 - movl -288(fp),r2 - bbc #31,r2,noname.473 - incl r9 -noname.473: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.474 - incl r2 -noname.474: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.475 - incl r2 - bicl3 #0,r2,r0 - bneq noname.475 - incl r9 -noname.475: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.476 - incl r9 -noname.476: - - movl 4(ap),r0 - movl r8,28(r0) - - clrl r8 - - movl 8(ap),r3 - movl 16(r3),r4 - bicl3 #-65536,r4,r5 - extzv #16,#16,r4,r0 - bicl3 #-65536,r0,r4 - mull3 r5,r4,-292(fp) - mull2 r5,r5 - mull2 r4,r4 - bicl3 #32767,-292(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r4 - bicl3 #-65536,-292(fp),r0 - ashl #17,r0,-292(fp) - addl2 -292(fp),r5 - bicl2 #0,r5 - cmpl r5,-292(fp) - bgequ noname.477 - incl r4 -noname.477: - movl r5,r1 - movl r4,r2 - addl2 r1,r7 - bicl2 #0,r7 - cmpl r7,r1 - bgequ noname.478 - incl r2 -noname.478: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.479 - incl r8 -noname.479: - - bicl3 #-65536,20(r3),r4 - movzwl 22(r3),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r3),r2 - movzwl 14(r3),r0 - bicl2 #-65536,r0 - movl r4,r6 - movl r1,r5 - mull3 r0,r6,-296(fp) - mull2 r2,r6 - mull3 r2,r5,-300(fp) - mull2 r0,r5 - addl3 -296(fp),-300(fp),r0 - bicl3 #0,r0,-296(fp) - cmpl -296(fp),-300(fp) - bgequ noname.480 - addl2 #65536,r5 -noname.480: - movzwl -294(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r5 - bicl3 #-65536,-296(fp),r0 - ashl #16,r0,-300(fp) - addl2 -300(fp),r6 - bicl2 #0,r6 - cmpl r6,-300(fp) - bgequ noname.481 - incl r5 -noname.481: - movl r6,r3 - movl r5,r2 - bbc #31,r2,noname.482 - incl r8 -noname.482: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.483 - incl r2 -noname.483: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.484 - incl r2 - bicl3 #0,r2,r0 - bneq noname.484 - incl r8 -noname.484: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.485 - incl r8 -noname.485: - - movl 8(ap),r0 - bicl3 #-65536,24(r0),r3 - movzwl 26(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,8(r0),r2 - movzwl 10(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-304(fp) - mull2 r2,r5 - mull3 r2,r4,-308(fp) - mull2 r0,r4 - addl3 -304(fp),-308(fp),r0 - bicl3 #0,r0,-304(fp) - cmpl -304(fp),-308(fp) - bgequ noname.486 - addl2 #65536,r4 -noname.486: - movzwl -302(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-304(fp),r0 - ashl #16,r0,-308(fp) - addl2 -308(fp),r5 - bicl2 #0,r5 - cmpl r5,-308(fp) - bgequ noname.487 - incl r4 -noname.487: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.488 - incl r8 -noname.488: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.489 - incl r2 -noname.489: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.490 - incl r2 - bicl3 #0,r2,r0 - bneq noname.490 - incl r8 -noname.490: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.491 - incl r8 -noname.491: - - movl 8(ap),r0 - bicl3 #-65536,28(r0),r3 - movzwl 30(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r0),r2 - movzwl 6(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-312(fp) - mull2 r2,r5 - mull3 r2,r4,-316(fp) - mull2 r0,r4 - addl3 -312(fp),-316(fp),r0 - bicl3 #0,r0,-312(fp) - cmpl -312(fp),-316(fp) - bgequ noname.492 - addl2 #65536,r4 -noname.492: - movzwl -310(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-312(fp),r0 - ashl #16,r0,-316(fp) - addl2 -316(fp),r5 - bicl2 #0,r5 - cmpl r5,-316(fp) - bgequ noname.493 - incl r4 -noname.493: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.494 - incl r8 -noname.494: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.495 - incl r2 -noname.495: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.496 - incl r2 - bicl3 #0,r2,r0 - bneq noname.496 - incl r8 -noname.496: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.497 - incl r8 -noname.497: - - movl 4(ap),r0 - movl r7,32(r0) - - clrl r7 - - movl 8(ap),r0 - bicl3 #-65536,28(r0),r3 - movzwl 30(r0),r2 - bicl3 #-65536,8(r0),r1 - movzwl 10(r0),r0 - bicl2 #-65536,r0 - movl r3,r4 - bicl3 #-65536,r2,-328(fp) - mull3 r0,r4,-320(fp) - mull2 r1,r4 - mull3 r1,-328(fp),-324(fp) - mull2 r0,-328(fp) - addl3 -320(fp),-324(fp),r0 - bicl3 #0,r0,-320(fp) - cmpl -320(fp),-324(fp) - bgequ noname.498 - addl2 #65536,-328(fp) -noname.498: - movzwl -318(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-328(fp) - bicl3 #-65536,-320(fp),r0 - ashl #16,r0,-324(fp) - addl2 -324(fp),r4 - bicl2 #0,r4 - cmpl r4,-324(fp) - bgequ noname.499 - incl -328(fp) -noname.499: - movl r4,r3 - movl -328(fp),r2 - bbc #31,r2,noname.500 - incl r7 -noname.500: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.501 - incl r2 -noname.501: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.502 - incl r2 - bicl3 #0,r2,r0 - bneq noname.502 - incl r7 -noname.502: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.503 - incl r7 -noname.503: - - movl 8(ap),r0 - movzwl 26(r0),r2 - bicl3 #-65536,12(r0),r3 - movzwl 14(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,24(r0),-340(fp) - bicl3 #-65536,r2,-344(fp) - mull3 r1,-340(fp),-332(fp) - mull2 r3,-340(fp) - mull3 r3,-344(fp),-336(fp) - mull2 r1,-344(fp) - addl3 -332(fp),-336(fp),r0 - bicl3 #0,r0,-332(fp) - cmpl -332(fp),-336(fp) - bgequ noname.504 - addl2 #65536,-344(fp) -noname.504: - movzwl -330(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-344(fp) - bicl3 #-65536,-332(fp),r0 - ashl #16,r0,-336(fp) - addl3 -336(fp),-340(fp),r0 - bicl3 #0,r0,-340(fp) - cmpl -340(fp),-336(fp) - bgequ noname.505 - incl -344(fp) -noname.505: - movl -340(fp),r3 - movl -344(fp),r2 - bbc #31,r2,noname.506 - incl r7 -noname.506: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.507 - incl r2 -noname.507: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.508 - incl r2 - bicl3 #0,r2,r0 - bneq noname.508 - incl r7 -noname.508: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.509 - incl r7 -noname.509: - - movl 8(ap),r0 - movzwl 22(r0),r2 - bicl3 #-65536,16(r0),r3 - movzwl 18(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r0),-356(fp) - bicl3 #-65536,r2,-360(fp) - mull3 r1,-356(fp),-348(fp) - mull2 r3,-356(fp) - mull3 r3,-360(fp),-352(fp) - mull2 r1,-360(fp) - addl3 -348(fp),-352(fp),r0 - bicl3 #0,r0,-348(fp) - cmpl -348(fp),-352(fp) - bgequ noname.510 - addl2 #65536,-360(fp) -noname.510: - movzwl -346(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-360(fp) - bicl3 #-65536,-348(fp),r0 - ashl #16,r0,-352(fp) - addl3 -352(fp),-356(fp),r0 - bicl3 #0,r0,-356(fp) - cmpl -356(fp),-352(fp) - bgequ noname.511 - incl -360(fp) -noname.511: - movl -356(fp),r3 - movl -360(fp),r2 - bbc #31,r2,noname.512 - incl r7 -noname.512: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.513 - incl r2 -noname.513: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.514 - incl r2 - bicl3 #0,r2,r0 - bneq noname.514 - incl r7 -noname.514: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.515 - incl r7 -noname.515: - - movl 4(ap),r0 - movl r9,36(r0) - - clrl r9 - - movl 8(ap),r3 - movl 20(r3),r4 - bicl3 #-65536,r4,-364(fp) - extzv #16,#16,r4,r0 - bicl3 #-65536,r0,r4 - movl -364(fp),r0 - mull3 r0,r4,-368(fp) - mull3 r0,r0,-364(fp) - mull2 r4,r4 - bicl3 #32767,-368(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r4 - bicl3 #-65536,-368(fp),r0 - ashl #17,r0,-368(fp) - addl3 -364(fp),-368(fp),r0 - bicl3 #0,r0,-364(fp) - cmpl -364(fp),-368(fp) - bgequ noname.516 - incl r4 -noname.516: - movl -364(fp),r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.517 - incl r2 -noname.517: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.518 - incl r9 -noname.518: - - bicl3 #-65536,24(r3),r4 - movzwl 26(r3),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r3),r2 - movzwl 18(r3),r0 - bicl2 #-65536,r0 - movl r4,r6 - movl r1,r5 - mull3 r0,r6,-372(fp) - mull2 r2,r6 - mull3 r2,r5,-376(fp) - mull2 r0,r5 - addl3 -372(fp),-376(fp),r0 - bicl3 #0,r0,-372(fp) - cmpl -372(fp),-376(fp) - bgequ noname.519 - addl2 #65536,r5 -noname.519: - movzwl -370(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r5 - bicl3 #-65536,-372(fp),r0 - ashl #16,r0,-376(fp) - addl2 -376(fp),r6 - bicl2 #0,r6 - cmpl r6,-376(fp) - bgequ noname.520 - incl r5 -noname.520: - movl r6,r3 - movl r5,r2 - bbc #31,r2,noname.521 - incl r9 -noname.521: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.522 - incl r2 -noname.522: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.523 - incl r2 - bicl3 #0,r2,r0 - bneq noname.523 - incl r9 -noname.523: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.524 - incl r9 -noname.524: - - movl 8(ap),r0 - bicl3 #-65536,28(r0),r3 - movzwl 30(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r0),r2 - movzwl 14(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-380(fp) - mull2 r2,r5 - mull3 r2,r4,-384(fp) - mull2 r0,r4 - addl3 -380(fp),-384(fp),r0 - bicl3 #0,r0,-380(fp) - cmpl -380(fp),-384(fp) - bgequ noname.525 - addl2 #65536,r4 -noname.525: - movzwl -378(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-380(fp),r0 - ashl #16,r0,-384(fp) - addl2 -384(fp),r5 - bicl2 #0,r5 - cmpl r5,-384(fp) - bgequ noname.526 - incl r4 -noname.526: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.527 - incl r9 -noname.527: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.528 - incl r2 -noname.528: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.529 - incl r2 - bicl3 #0,r2,r0 - bneq noname.529 - incl r9 -noname.529: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.530 - incl r9 -noname.530: - movl 4(ap),r0 - movl r8,40(r0) - - clrl r8 - - movl 8(ap),r0 - bicl3 #-65536,28(r0),r3 - movzwl 30(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r0),r2 - movzwl 18(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-388(fp) - mull2 r2,r5 - mull3 r2,r4,-392(fp) - mull2 r0,r4 - addl3 -388(fp),-392(fp),r0 - bicl3 #0,r0,-388(fp) - cmpl -388(fp),-392(fp) - bgequ noname.531 - addl2 #65536,r4 -noname.531: - movzwl -386(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-388(fp),r0 - ashl #16,r0,-392(fp) - addl2 -392(fp),r5 - bicl2 #0,r5 - cmpl r5,-392(fp) - bgequ noname.532 - incl r4 -noname.532: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.533 - incl r8 -noname.533: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.534 - incl r2 -noname.534: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.535 - incl r2 - bicl3 #0,r2,r0 - bneq noname.535 - incl r8 -noname.535: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.536 - incl r8 -noname.536: - - movl 8(ap),r0 - bicl3 #-65536,24(r0),r3 - movzwl 26(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r0),r2 - movzwl 22(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-396(fp) - mull2 r2,r5 - mull3 r2,r4,-400(fp) - mull2 r0,r4 - addl3 -396(fp),-400(fp),r0 - bicl3 #0,r0,-396(fp) - cmpl -396(fp),-400(fp) - bgequ noname.537 - addl2 #65536,r4 -noname.537: - movzwl -394(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-396(fp),r0 - ashl #16,r0,-400(fp) - addl2 -400(fp),r5 - bicl2 #0,r5 - cmpl r5,-400(fp) - bgequ noname.538 - incl r4 -noname.538: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.539 - incl r8 -noname.539: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.540 - incl r2 -noname.540: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.541 - incl r2 - bicl3 #0,r2,r0 - bneq noname.541 - incl r8 -noname.541: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.542 - incl r8 -noname.542: - - movl 4(ap),r0 - movl r7,44(r0) - - clrl r7 - - movl 8(ap),r3 - movl 24(r3),r4 - bicl3 #-65536,r4,r5 - extzv #16,#16,r4,r0 - bicl3 #-65536,r0,r4 - mull3 r5,r4,-404(fp) - mull2 r5,r5 - mull2 r4,r4 - bicl3 #32767,-404(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r4 - bicl3 #-65536,-404(fp),r0 - ashl #17,r0,-404(fp) - addl2 -404(fp),r5 - bicl2 #0,r5 - cmpl r5,-404(fp) - bgequ noname.543 - incl r4 -noname.543: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.544 - incl r2 -noname.544: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.545 - incl r7 -noname.545: - - movzwl 30(r3),r2 - bicl3 #-65536,20(r3),r1 - movzwl 22(r3),r0 - bicl2 #-65536,r0 - bicl3 #-65536,28(r3),-416(fp) - bicl3 #-65536,r2,-420(fp) - mull3 r0,-416(fp),-408(fp) - mull2 r1,-416(fp) - mull3 r1,-420(fp),-412(fp) - mull2 r0,-420(fp) - addl3 -408(fp),-412(fp),r0 - bicl3 #0,r0,-408(fp) - cmpl -408(fp),-412(fp) - bgequ noname.546 - addl2 #65536,-420(fp) -noname.546: - movzwl -406(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-420(fp) - bicl3 #-65536,-408(fp),r0 - ashl #16,r0,-412(fp) - addl3 -412(fp),-416(fp),r0 - bicl3 #0,r0,-416(fp) - cmpl -416(fp),-412(fp) - bgequ noname.547 - incl -420(fp) -noname.547: - movl -416(fp),r3 - movl -420(fp),r2 - bbc #31,r2,noname.548 - incl r7 -noname.548: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.549 - incl r2 -noname.549: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.550 - incl r2 - bicl3 #0,r2,r0 - bneq noname.550 - incl r7 -noname.550: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.551 - incl r7 -noname.551: - - movl 4(ap),r0 - movl r9,48(r0) - - clrl r9 - - movl 8(ap),r0 - movzwl 30(r0),r2 - bicl3 #-65536,24(r0),r3 - movzwl 26(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,28(r0),-432(fp) - bicl3 #-65536,r2,-436(fp) - mull3 r1,-432(fp),-424(fp) - mull2 r3,-432(fp) - mull3 r3,-436(fp),-428(fp) - mull2 r1,-436(fp) - addl3 -424(fp),-428(fp),r0 - bicl3 #0,r0,-424(fp) - cmpl -424(fp),-428(fp) - bgequ noname.552 - addl2 #65536,-436(fp) -noname.552: - movzwl -422(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-436(fp) - bicl3 #-65536,-424(fp),r0 - ashl #16,r0,-428(fp) - addl3 -428(fp),-432(fp),r0 - bicl3 #0,r0,-432(fp) - cmpl -432(fp),-428(fp) - bgequ noname.553 - incl -436(fp) -noname.553: - movl -432(fp),r3 - movl -436(fp),r2 - bbc #31,r2,noname.554 - incl r9 -noname.554: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.555 - incl r2 -noname.555: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.556 - incl r2 - bicl3 #0,r2,r0 - bneq noname.556 - incl r9 -noname.556: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.557 - incl r9 -noname.557: - - movl 4(ap),r4 - movl r8,52(r4) - - clrl r8 - - movl 8(ap),r0 - movl 28(r0),r3 - bicl3 #-65536,r3,-440(fp) - extzv #16,#16,r3,r0 - bicl3 #-65536,r0,r3 - movl -440(fp),r0 - mull3 r0,r3,-444(fp) - mull3 r0,r0,-440(fp) - mull2 r3,r3 - bicl3 #32767,-444(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r3 - bicl3 #-65536,-444(fp),r0 - ashl #17,r0,-444(fp) - addl3 -440(fp),-444(fp),r0 - bicl3 #0,r0,-440(fp) - cmpl -440(fp),-444(fp) - bgequ noname.558 - incl r3 -noname.558: - movl -440(fp),r1 - movl r3,r2 - addl2 r1,r7 - bicl2 #0,r7 - cmpl r7,r1 - bgequ noname.559 - incl r2 -noname.559: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.560 - incl r8 -noname.560: - - movl r7,56(r4) - - movl r9,60(r4) - - ret - - - -;r=4 ;(AP) -;a=8 ;(AP) -;b=12 ;(AP) -;n=16 ;(AP) n by value (input) - - .psect code,nowrt - -.entry BN_SQR_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10> - subl2 #44,sp - - clrq r8 - - clrl r10 - - movl 8(ap),r5 - movl (r5),r3 - bicl3 #-65536,r3,r4 - extzv #16,#16,r3,r0 - bicl3 #-65536,r0,r3 - mull3 r4,r3,-4(fp) - mull2 r4,r4 - mull2 r3,r3 - bicl3 #32767,-4(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r3 - bicl3 #-65536,-4(fp),r0 - ashl #17,r0,-4(fp) - addl2 -4(fp),r4 - bicl2 #0,r4 - cmpl r4,-4(fp) - bgequ noname.563 - incl r3 -noname.563: - movl r4,r1 - movl r3,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.564 - incl r2 -noname.564: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.565 - incl r10 -noname.565: - - movl r9,@4(ap) - - clrl r9 - - bicl3 #-65536,4(r5),r3 - movzwl 6(r5),r1 - bicl2 #-65536,r1 - bicl3 #-65536,(r5),r2 - movzwl 2(r5),r0 - bicl2 #-65536,r0 - movl r3,r6 - movl r1,r4 - mull3 r0,r6,-8(fp) - mull2 r2,r6 - mull2 r4,r2 - mull2 r0,r4 - addl3 -8(fp),r2,r0 - bicl3 #0,r0,-8(fp) - cmpl -8(fp),r2 - bgequ noname.566 - addl2 #65536,r4 -noname.566: - movzwl -6(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-8(fp),r0 - ashl #16,r0,r1 - addl2 r1,r6 - bicl2 #0,r6 - cmpl r6,r1 - bgequ noname.567 - incl r4 -noname.567: - movl r6,r3 - movl r4,r2 - bbc #31,r2,noname.568 - incl r9 -noname.568: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.569 - incl r2 -noname.569: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.570 - incl r2 - bicl3 #0,r2,r0 - bneq noname.570 - incl r9 -noname.570: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.571 - incl r9 -noname.571: - - movl 4(ap),r0 - movl r8,4(r0) - - clrl r8 - - movl 8(ap),r4 - movl 4(r4),r3 - bicl3 #-65536,r3,r5 - extzv #16,#16,r3,r0 - bicl3 #-65536,r0,r3 - mull3 r5,r3,r1 - mull2 r5,r5 - mull2 r3,r3 - bicl3 #32767,r1,r0 - extzv #15,#17,r0,r0 - addl2 r0,r3 - bicl2 #-65536,r1 - ashl #17,r1,r1 - addl2 r1,r5 - bicl2 #0,r5 - cmpl r5,r1 - bgequ noname.572 - incl r3 -noname.572: - movl r5,r1 - movl r3,r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.573 - incl r2 -noname.573: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.574 - incl r8 -noname.574: - - bicl3 #-65536,8(r4),r3 - movzwl 10(r4),r1 - bicl2 #-65536,r1 - bicl3 #-65536,(r4),r2 - movzwl 2(r4),r0 - bicl2 #-65536,r0 - movl r3,r6 - movl r1,r5 - mull3 r0,r6,r7 - mull2 r2,r6 - mull2 r5,r2 - mull2 r0,r5 - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.575 - addl2 #65536,r5 -noname.575: - extzv #16,#16,r7,r0 - bicl2 #-65536,r0 - addl2 r0,r5 - bicl3 #-65536,r7,r0 - ashl #16,r0,r1 - addl2 r1,r6 - bicl2 #0,r6 - cmpl r6,r1 - bgequ noname.576 - incl r5 -noname.576: - movl r6,r3 - movl r5,r2 - bbc #31,r2,noname.577 - incl r8 -noname.577: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.578 - incl r2 -noname.578: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r10 - bicl2 #0,r10 - cmpl r10,r3 - bgequ noname.579 - incl r2 - bicl3 #0,r2,r0 - bneq noname.579 - incl r8 -noname.579: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.580 - incl r8 -noname.580: - - movl 4(ap),r0 - movl r10,8(r0) - - clrl r10 - - movl 8(ap),r0 - bicl3 #-65536,12(r0),r3 - movzwl 14(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,(r0),r2 - movzwl 2(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,r6 - mull2 r2,r5 - mull3 r2,r4,-12(fp) - mull2 r0,r4 - addl2 -12(fp),r6 - bicl2 #0,r6 - cmpl r6,-12(fp) - bgequ noname.581 - addl2 #65536,r4 -noname.581: - extzv #16,#16,r6,r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,r6,r0 - ashl #16,r0,-12(fp) - addl2 -12(fp),r5 - bicl2 #0,r5 - cmpl r5,-12(fp) - bgequ noname.582 - incl r4 -noname.582: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.583 - incl r10 -noname.583: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.584 - incl r2 -noname.584: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.585 - incl r2 - bicl3 #0,r2,r0 - bneq noname.585 - incl r10 -noname.585: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.586 - incl r10 -noname.586: - - movl 8(ap),r0 - bicl3 #-65536,8(r0),r3 - movzwl 10(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r0),r2 - movzwl 6(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-16(fp) - mull2 r2,r5 - mull3 r2,r4,-20(fp) - mull2 r0,r4 - addl3 -16(fp),-20(fp),r0 - bicl3 #0,r0,-16(fp) - cmpl -16(fp),-20(fp) - bgequ noname.587 - addl2 #65536,r4 -noname.587: - movzwl -14(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-16(fp),r0 - ashl #16,r0,-20(fp) - addl2 -20(fp),r5 - bicl2 #0,r5 - cmpl r5,-20(fp) - bgequ noname.588 - incl r4 -noname.588: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.589 - incl r10 -noname.589: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.590 - incl r2 -noname.590: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.591 - incl r2 - bicl3 #0,r2,r0 - bneq noname.591 - incl r10 -noname.591: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.592 - incl r10 -noname.592: - movl 4(ap),r0 - movl r9,12(r0) - - clrl r9 - - movl 8(ap),r3 - movl 8(r3),r4 - bicl3 #-65536,r4,r5 - extzv #16,#16,r4,r0 - bicl3 #-65536,r0,r4 - mull3 r5,r4,-24(fp) - mull2 r5,r5 - mull2 r4,r4 - bicl3 #32767,-24(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r4 - bicl3 #-65536,-24(fp),r0 - ashl #17,r0,-24(fp) - addl2 -24(fp),r5 - bicl2 #0,r5 - cmpl r5,-24(fp) - bgequ noname.593 - incl r4 -noname.593: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.594 - incl r2 -noname.594: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.595 - incl r9 -noname.595: - - bicl3 #-65536,12(r3),r4 - movzwl 14(r3),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r3),r2 - movzwl 6(r3),r0 - bicl2 #-65536,r0 - movl r4,r6 - movl r1,r5 - mull3 r0,r6,-28(fp) - mull2 r2,r6 - mull3 r2,r5,-32(fp) - mull2 r0,r5 - addl3 -28(fp),-32(fp),r0 - bicl3 #0,r0,-28(fp) - cmpl -28(fp),-32(fp) - bgequ noname.596 - addl2 #65536,r5 -noname.596: - movzwl -26(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r5 - bicl3 #-65536,-28(fp),r0 - ashl #16,r0,-32(fp) - addl2 -32(fp),r6 - bicl2 #0,r6 - cmpl r6,-32(fp) - bgequ noname.597 - incl r5 -noname.597: - movl r6,r3 - movl r5,r2 - bbc #31,r2,noname.598 - incl r9 -noname.598: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.599 - incl r2 -noname.599: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.600 - incl r2 - bicl3 #0,r2,r0 - bneq noname.600 - incl r9 -noname.600: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.601 - incl r9 -noname.601: - - movl 4(ap),r0 - movl r8,16(r0) - - clrl r8 - - movl 8(ap),r0 - bicl3 #-65536,12(r0),r3 - movzwl 14(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,8(r0),r2 - movzwl 10(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-36(fp) - mull2 r2,r5 - mull3 r2,r4,-40(fp) - mull2 r0,r4 - addl3 -36(fp),-40(fp),r0 - bicl3 #0,r0,-36(fp) - cmpl -36(fp),-40(fp) - bgequ noname.602 - addl2 #65536,r4 -noname.602: - movzwl -34(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-36(fp),r0 - ashl #16,r0,-40(fp) - addl2 -40(fp),r5 - bicl2 #0,r5 - cmpl r5,-40(fp) - bgequ noname.603 - incl r4 -noname.603: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.604 - incl r8 -noname.604: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.605 - incl r2 -noname.605: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r10 - bicl2 #0,r10 - cmpl r10,r3 - bgequ noname.606 - incl r2 - bicl3 #0,r2,r0 - bneq noname.606 - incl r8 -noname.606: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.607 - incl r8 -noname.607: - - movl 4(ap),r4 - movl r10,20(r4) - - clrl r10 - - movl 8(ap),r0 - movl 12(r0),r3 - bicl3 #-65536,r3,r5 - extzv #16,#16,r3,r0 - bicl3 #-65536,r0,r3 - mull3 r5,r3,-44(fp) - mull2 r5,r5 - mull2 r3,r3 - bicl3 #32767,-44(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r3 - bicl3 #-65536,-44(fp),r0 - ashl #17,r0,-44(fp) - addl2 -44(fp),r5 - bicl2 #0,r5 - cmpl r5,-44(fp) - bgequ noname.608 - incl r3 -noname.608: - movl r5,r1 - movl r3,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.609 - incl r2 -noname.609: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.610 - incl r10 -noname.610: - - movl r9,24(r4) - - movl r8,28(r4) - - ret - -; For now, the code below doesn't work, so I end this prematurely. -.end diff --git a/deps/openssl/openssl/crypto/bn/asm/x86-gf2m.pl b/deps/openssl/openssl/crypto/bn/asm/x86-gf2m.pl index b579530272..f464368733 100644 --- a/deps/openssl/openssl/crypto/bn/asm/x86-gf2m.pl +++ b/deps/openssl/openssl/crypto/bn/asm/x86-gf2m.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # # ==================================================================== # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL @@ -36,6 +43,9 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; +$output = pop; +open STDOUT,">$output"; + &asm_init($ARGV[0],$0,$x86only = $ARGV[$#ARGV] eq "386"); $sse2=0; @@ -311,3 +321,5 @@ if ($sse2) { &asciz ("GF(2^m) Multiplication for x86, CRYPTOGAMS by <appro\@openssl.org>"); &asm_finish(); + +close STDOUT; diff --git a/deps/openssl/openssl/crypto/bn/asm/x86-mont.pl b/deps/openssl/openssl/crypto/bn/asm/x86-mont.pl index 1c4003efc2..a8b402d59b 100755 --- a/deps/openssl/openssl/crypto/bn/asm/x86-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/x86-mont.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # ==================================================================== # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL @@ -30,6 +37,9 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; +$output = pop; +open STDOUT,">$output"; + &asm_init($ARGV[0],$0); $sse2=0; @@ -84,7 +94,9 @@ $frame=32; # size of above frame rounded up to 16n &and ("ebp",-64); # align to cache line - # Some OSes, *cough*-dows, insist on stack being "wired" to + # An OS-agnostic version of __chkstk. + # + # Some OSes (Windows) insist on stack being "wired" to # physical memory in strictly sequential manner, i.e. if stack # allocation spans two pages, then reference to farmost one can # be punishable by SEGV. But page walking can do good even on @@ -289,7 +301,7 @@ if (0) { &xor ("eax","eax"); # signal "not fast enough [yet]" &jmp (&label("just_leave")); # While the below code provides competitive performance for - # all key lengthes on modern Intel cores, it's still more + # all key lengths on modern Intel cores, it's still more # than 10% slower for 4096-bit key elsewhere:-( "Competitive" # means compared to the original integer-only assembler. # 512-bit RSA sign is better by ~40%, but that's about all @@ -613,3 +625,5 @@ $sbit=$num; &asciz("Montgomery Multiplication for x86, CRYPTOGAMS by <appro\@openssl.org>"); &asm_finish(); + +close STDOUT; diff --git a/deps/openssl/openssl/crypto/bn/asm/x86.pl b/deps/openssl/openssl/crypto/bn/asm/x86.pl deleted file mode 100644 index 1bc4f1bb27..0000000000 --- a/deps/openssl/openssl/crypto/bn/asm/x86.pl +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/local/bin/perl - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; - -require("x86/mul_add.pl"); -require("x86/mul.pl"); -require("x86/sqr.pl"); -require("x86/div.pl"); -require("x86/add.pl"); -require("x86/sub.pl"); -require("x86/comba.pl"); - -&asm_init($ARGV[0],$0); - -&bn_mul_add_words("bn_mul_add_words"); -&bn_mul_words("bn_mul_words"); -&bn_sqr_words("bn_sqr_words"); -&bn_div_words("bn_div_words"); -&bn_add_words("bn_add_words"); -&bn_sub_words("bn_sub_words"); -&bn_mul_comba("bn_mul_comba8",8); -&bn_mul_comba("bn_mul_comba4",4); -&bn_sqr_comba("bn_sqr_comba8",8); -&bn_sqr_comba("bn_sqr_comba4",4); - -&asm_finish(); - diff --git a/deps/openssl/openssl/crypto/bn/asm/x86/add.pl b/deps/openssl/openssl/crypto/bn/asm/x86/add.pl deleted file mode 100644 index 0b5cf583e3..0000000000 --- a/deps/openssl/openssl/crypto/bn/asm/x86/add.pl +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/local/bin/perl -# x86 assember - -sub bn_add_words - { - local($name)=@_; - - &function_begin($name,""); - - &comment(""); - $a="esi"; - $b="edi"; - $c="eax"; - $r="ebx"; - $tmp1="ecx"; - $tmp2="edx"; - $num="ebp"; - - &mov($r,&wparam(0)); # get r - &mov($a,&wparam(1)); # get a - &mov($b,&wparam(2)); # get b - &mov($num,&wparam(3)); # get num - &xor($c,$c); # clear carry - &and($num,0xfffffff8); # num / 8 - - &jz(&label("aw_finish")); - - &set_label("aw_loop",0); - for ($i=0; $i<8; $i++) - { - &comment("Round $i"); - - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov($tmp2,&DWP($i*4,$b,"",0)); # *b - &add($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &add($tmp1,$tmp2); - &adc($c,0); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - } - - &comment(""); - &add($a,32); - &add($b,32); - &add($r,32); - &sub($num,8); - &jnz(&label("aw_loop")); - - &set_label("aw_finish",0); - &mov($num,&wparam(3)); # get num - &and($num,7); - &jz(&label("aw_end")); - - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov($tmp2,&DWP($i*4,$b,"",0));# *b - &add($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &add($tmp1,$tmp2); - &adc($c,0); - &dec($num) if ($i != 6); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *a - &jz(&label("aw_end")) if ($i != 6); - } - &set_label("aw_end",0); - -# &mov("eax",$c); # $c is "eax" - - &function_end($name); - } - -1; diff --git a/deps/openssl/openssl/crypto/bn/asm/x86/comba.pl b/deps/openssl/openssl/crypto/bn/asm/x86/comba.pl deleted file mode 100644 index 2291253629..0000000000 --- a/deps/openssl/openssl/crypto/bn/asm/x86/comba.pl +++ /dev/null @@ -1,277 +0,0 @@ -#!/usr/local/bin/perl -# x86 assember - -sub mul_add_c - { - local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_; - - # pos == -1 if eax and edx are pre-loaded, 0 to load from next - # words, and 1 if load return value - - &comment("mul a[$ai]*b[$bi]"); - - # "eax" and "edx" will always be pre-loaded. - # &mov("eax",&DWP($ai*4,$a,"",0)) ; - # &mov("edx",&DWP($bi*4,$b,"",0)); - - &mul("edx"); - &add($c0,"eax"); - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # laod next a - &mov("eax",&wparam(0)) if $pos > 0; # load r[] - ### - &adc($c1,"edx"); - &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0; # laod next b - &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1; # laod next b - ### - &adc($c2,0); - # is pos > 1, it means it is the last loop - &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0; # save r[]; - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # laod next a - } - -sub sqr_add_c - { - local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_; - - # pos == -1 if eax and edx are pre-loaded, 0 to load from next - # words, and 1 if load return value - - &comment("sqr a[$ai]*a[$bi]"); - - # "eax" and "edx" will always be pre-loaded. - # &mov("eax",&DWP($ai*4,$a,"",0)) ; - # &mov("edx",&DWP($bi*4,$b,"",0)); - - if ($ai == $bi) - { &mul("eax");} - else - { &mul("edx");} - &add($c0,"eax"); - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # load next a - ### - &adc($c1,"edx"); - &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb); - ### - &adc($c2,0); - # is pos > 1, it means it is the last loop - &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0; # save r[]; - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next b - } - -sub sqr_add_c2 - { - local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_; - - # pos == -1 if eax and edx are pre-loaded, 0 to load from next - # words, and 1 if load return value - - &comment("sqr a[$ai]*a[$bi]"); - - # "eax" and "edx" will always be pre-loaded. - # &mov("eax",&DWP($ai*4,$a,"",0)) ; - # &mov("edx",&DWP($bi*4,$a,"",0)); - - if ($ai == $bi) - { &mul("eax");} - else - { &mul("edx");} - &add("eax","eax"); - ### - &adc("edx","edx"); - ### - &adc($c2,0); - &add($c0,"eax"); - &adc($c1,"edx"); - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # load next a - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next b - &adc($c2,0); - &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0; # save r[]; - &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb); - ### - } - -sub bn_mul_comba - { - local($name,$num)=@_; - local($a,$b,$c0,$c1,$c2); - local($i,$as,$ae,$bs,$be,$ai,$bi); - local($tot,$end); - - &function_begin_B($name,""); - - $c0="ebx"; - $c1="ecx"; - $c2="ebp"; - $a="esi"; - $b="edi"; - - $as=0; - $ae=0; - $bs=0; - $be=0; - $tot=$num+$num-1; - - &push("esi"); - &mov($a,&wparam(1)); - &push("edi"); - &mov($b,&wparam(2)); - &push("ebp"); - &push("ebx"); - - &xor($c0,$c0); - &mov("eax",&DWP(0,$a,"",0)); # load the first word - &xor($c1,$c1); - &mov("edx",&DWP(0,$b,"",0)); # load the first second - - for ($i=0; $i<$tot; $i++) - { - $ai=$as; - $bi=$bs; - $end=$be+1; - - &comment("################## Calculate word $i"); - - for ($j=$bs; $j<$end; $j++) - { - &xor($c2,$c2) if ($j == $bs); - if (($j+1) == $end) - { - $v=1; - $v=2 if (($i+1) == $tot); - } - else - { $v=0; } - if (($j+1) != $end) - { - $na=($ai-1); - $nb=($bi+1); - } - else - { - $na=$as+($i < ($num-1)); - $nb=$bs+($i >= ($num-1)); - } -#printf STDERR "[$ai,$bi] -> [$na,$nb]\n"; - &mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb); - if ($v) - { - &comment("saved r[$i]"); - # &mov("eax",&wparam(0)); - # &mov(&DWP($i*4,"eax","",0),$c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - } - $ai--; - $bi++; - } - $as++ if ($i < ($num-1)); - $ae++ if ($i >= ($num-1)); - - $bs++ if ($i >= ($num-1)); - $be++ if ($i < ($num-1)); - } - &comment("save r[$i]"); - # &mov("eax",&wparam(0)); - &mov(&DWP($i*4,"eax","",0),$c0); - - &pop("ebx"); - &pop("ebp"); - &pop("edi"); - &pop("esi"); - &ret(); - &function_end_B($name); - } - -sub bn_sqr_comba - { - local($name,$num)=@_; - local($r,$a,$c0,$c1,$c2)=@_; - local($i,$as,$ae,$bs,$be,$ai,$bi); - local($b,$tot,$end,$half); - - &function_begin_B($name,""); - - $c0="ebx"; - $c1="ecx"; - $c2="ebp"; - $a="esi"; - $r="edi"; - - &push("esi"); - &push("edi"); - &push("ebp"); - &push("ebx"); - &mov($r,&wparam(0)); - &mov($a,&wparam(1)); - &xor($c0,$c0); - &xor($c1,$c1); - &mov("eax",&DWP(0,$a,"",0)); # load the first word - - $as=0; - $ae=0; - $bs=0; - $be=0; - $tot=$num+$num-1; - - for ($i=0; $i<$tot; $i++) - { - $ai=$as; - $bi=$bs; - $end=$be+1; - - &comment("############### Calculate word $i"); - for ($j=$bs; $j<$end; $j++) - { - &xor($c2,$c2) if ($j == $bs); - if (($ai-1) < ($bi+1)) - { - $v=1; - $v=2 if ($i+1) == $tot; - } - else - { $v=0; } - if (!$v) - { - $na=$ai-1; - $nb=$bi+1; - } - else - { - $na=$as+($i < ($num-1)); - $nb=$bs+($i >= ($num-1)); - } - if ($ai == $bi) - { - &sqr_add_c($r,$a,$ai,$bi, - $c0,$c1,$c2,$v,$i,$na,$nb); - } - else - { - &sqr_add_c2($r,$a,$ai,$bi, - $c0,$c1,$c2,$v,$i,$na,$nb); - } - if ($v) - { - &comment("saved r[$i]"); - #&mov(&DWP($i*4,$r,"",0),$c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - last; - } - $ai--; - $bi++; - } - $as++ if ($i < ($num-1)); - $ae++ if ($i >= ($num-1)); - - $bs++ if ($i >= ($num-1)); - $be++ if ($i < ($num-1)); - } - &mov(&DWP($i*4,$r,"",0),$c0); - &pop("ebx"); - &pop("ebp"); - &pop("edi"); - &pop("esi"); - &ret(); - &function_end_B($name); - } - -1; diff --git a/deps/openssl/openssl/crypto/bn/asm/x86/div.pl b/deps/openssl/openssl/crypto/bn/asm/x86/div.pl deleted file mode 100644 index 0e90152caa..0000000000 --- a/deps/openssl/openssl/crypto/bn/asm/x86/div.pl +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/local/bin/perl -# x86 assember - -sub bn_div_words - { - local($name)=@_; - - &function_begin($name,""); - &mov("edx",&wparam(0)); # - &mov("eax",&wparam(1)); # - &mov("ebx",&wparam(2)); # - &div("ebx"); - &function_end($name); - } -1; diff --git a/deps/openssl/openssl/crypto/bn/asm/x86/f b/deps/openssl/openssl/crypto/bn/asm/x86/f deleted file mode 100644 index 22e4112224..0000000000 --- a/deps/openssl/openssl/crypto/bn/asm/x86/f +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/local/bin/perl -# x86 assember - diff --git a/deps/openssl/openssl/crypto/bn/asm/x86/mul.pl b/deps/openssl/openssl/crypto/bn/asm/x86/mul.pl deleted file mode 100644 index 674cb9b055..0000000000 --- a/deps/openssl/openssl/crypto/bn/asm/x86/mul.pl +++ /dev/null @@ -1,77 +0,0 @@ -#!/usr/local/bin/perl -# x86 assember - -sub bn_mul_words - { - local($name)=@_; - - &function_begin($name,""); - - &comment(""); - $Low="eax"; - $High="edx"; - $a="ebx"; - $w="ecx"; - $r="edi"; - $c="esi"; - $num="ebp"; - - &xor($c,$c); # clear carry - &mov($r,&wparam(0)); # - &mov($a,&wparam(1)); # - &mov($num,&wparam(2)); # - &mov($w,&wparam(3)); # - - &and($num,0xfffffff8); # num / 8 - &jz(&label("mw_finish")); - - &set_label("mw_loop",0); - for ($i=0; $i<32; $i+=4) - { - &comment("Round $i"); - - &mov("eax",&DWP($i,$a,"",0)); # *a - &mul($w); # *a * w - &add("eax",$c); # L(t)+=c - # XXX - - &adc("edx",0); # H(t)+=carry - &mov(&DWP($i,$r,"",0),"eax"); # *r= L(t); - - &mov($c,"edx"); # c= H(t); - } - - &comment(""); - &add($a,32); - &add($r,32); - &sub($num,8); - &jz(&label("mw_finish")); - &jmp(&label("mw_loop")); - - &set_label("mw_finish",0); - &mov($num,&wparam(2)); # get num - &and($num,7); - &jnz(&label("mw_finish2")); - &jmp(&label("mw_end")); - - &set_label("mw_finish2",1); - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov("eax",&DWP($i*4,$a,"",0));# *a - &mul($w); # *a * w - &add("eax",$c); # L(t)+=c - # XXX - &adc("edx",0); # H(t)+=carry - &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t); - &mov($c,"edx"); # c= H(t); - &dec($num) if ($i != 7-1); - &jz(&label("mw_end")) if ($i != 7-1); - } - &set_label("mw_end",0); - &mov("eax",$c); - - &function_end($name); - } - -1; diff --git a/deps/openssl/openssl/crypto/bn/asm/x86/mul_add.pl b/deps/openssl/openssl/crypto/bn/asm/x86/mul_add.pl deleted file mode 100644 index 61830d3a90..0000000000 --- a/deps/openssl/openssl/crypto/bn/asm/x86/mul_add.pl +++ /dev/null @@ -1,87 +0,0 @@ -#!/usr/local/bin/perl -# x86 assember - -sub bn_mul_add_words - { - local($name)=@_; - - &function_begin($name,""); - - &comment(""); - $Low="eax"; - $High="edx"; - $a="ebx"; - $w="ebp"; - $r="edi"; - $c="esi"; - - &xor($c,$c); # clear carry - &mov($r,&wparam(0)); # - - &mov("ecx",&wparam(2)); # - &mov($a,&wparam(1)); # - - &and("ecx",0xfffffff8); # num / 8 - &mov($w,&wparam(3)); # - - &push("ecx"); # Up the stack for a tmp variable - - &jz(&label("maw_finish")); - - &set_label("maw_loop",0); - - &mov(&swtmp(0),"ecx"); # - - for ($i=0; $i<32; $i+=4) - { - &comment("Round $i"); - - &mov("eax",&DWP($i,$a,"",0)); # *a - &mul($w); # *a * w - &add("eax",$c); # L(t)+= *r - &mov($c,&DWP($i,$r,"",0)); # L(t)+= *r - &adc("edx",0); # H(t)+=carry - &add("eax",$c); # L(t)+=c - &adc("edx",0); # H(t)+=carry - &mov(&DWP($i,$r,"",0),"eax"); # *r= L(t); - &mov($c,"edx"); # c= H(t); - } - - &comment(""); - &mov("ecx",&swtmp(0)); # - &add($a,32); - &add($r,32); - &sub("ecx",8); - &jnz(&label("maw_loop")); - - &set_label("maw_finish",0); - &mov("ecx",&wparam(2)); # get num - &and("ecx",7); - &jnz(&label("maw_finish2")); # helps branch prediction - &jmp(&label("maw_end")); - - &set_label("maw_finish2",1); - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov("eax",&DWP($i*4,$a,"",0));# *a - &mul($w); # *a * w - &add("eax",$c); # L(t)+=c - &mov($c,&DWP($i*4,$r,"",0)); # L(t)+= *r - &adc("edx",0); # H(t)+=carry - &add("eax",$c); - &adc("edx",0); # H(t)+=carry - &dec("ecx") if ($i != 7-1); - &mov(&DWP($i*4,$r,"",0),"eax"); # *r= L(t); - &mov($c,"edx"); # c= H(t); - &jz(&label("maw_end")) if ($i != 7-1); - } - &set_label("maw_end",0); - &mov("eax",$c); - - &pop("ecx"); # clear variable from - - &function_end($name); - } - -1; diff --git a/deps/openssl/openssl/crypto/bn/asm/x86/sqr.pl b/deps/openssl/openssl/crypto/bn/asm/x86/sqr.pl deleted file mode 100644 index 1f90993cf6..0000000000 --- a/deps/openssl/openssl/crypto/bn/asm/x86/sqr.pl +++ /dev/null @@ -1,60 +0,0 @@ -#!/usr/local/bin/perl -# x86 assember - -sub bn_sqr_words - { - local($name)=@_; - - &function_begin($name,""); - - &comment(""); - $r="esi"; - $a="edi"; - $num="ebx"; - - &mov($r,&wparam(0)); # - &mov($a,&wparam(1)); # - &mov($num,&wparam(2)); # - - &and($num,0xfffffff8); # num / 8 - &jz(&label("sw_finish")); - - &set_label("sw_loop",0); - for ($i=0; $i<32; $i+=4) - { - &comment("Round $i"); - &mov("eax",&DWP($i,$a,"",0)); # *a - # XXX - &mul("eax"); # *a * *a - &mov(&DWP($i*2,$r,"",0),"eax"); # - &mov(&DWP($i*2+4,$r,"",0),"edx");# - } - - &comment(""); - &add($a,32); - &add($r,64); - &sub($num,8); - &jnz(&label("sw_loop")); - - &set_label("sw_finish",0); - &mov($num,&wparam(2)); # get num - &and($num,7); - &jz(&label("sw_end")); - - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov("eax",&DWP($i*4,$a,"",0)); # *a - # XXX - &mul("eax"); # *a * *a - &mov(&DWP($i*8,$r,"",0),"eax"); # - &dec($num) if ($i != 7-1); - &mov(&DWP($i*8+4,$r,"",0),"edx"); - &jz(&label("sw_end")) if ($i != 7-1); - } - &set_label("sw_end",0); - - &function_end($name); - } - -1; diff --git a/deps/openssl/openssl/crypto/bn/asm/x86/sub.pl b/deps/openssl/openssl/crypto/bn/asm/x86/sub.pl deleted file mode 100644 index 837b0e1b07..0000000000 --- a/deps/openssl/openssl/crypto/bn/asm/x86/sub.pl +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/local/bin/perl -# x86 assember - -sub bn_sub_words - { - local($name)=@_; - - &function_begin($name,""); - - &comment(""); - $a="esi"; - $b="edi"; - $c="eax"; - $r="ebx"; - $tmp1="ecx"; - $tmp2="edx"; - $num="ebp"; - - &mov($r,&wparam(0)); # get r - &mov($a,&wparam(1)); # get a - &mov($b,&wparam(2)); # get b - &mov($num,&wparam(3)); # get num - &xor($c,$c); # clear carry - &and($num,0xfffffff8); # num / 8 - - &jz(&label("aw_finish")); - - &set_label("aw_loop",0); - for ($i=0; $i<8; $i++) - { - &comment("Round $i"); - - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov($tmp2,&DWP($i*4,$b,"",0)); # *b - &sub($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &sub($tmp1,$tmp2); - &adc($c,0); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - } - - &comment(""); - &add($a,32); - &add($b,32); - &add($r,32); - &sub($num,8); - &jnz(&label("aw_loop")); - - &set_label("aw_finish",0); - &mov($num,&wparam(3)); # get num - &and($num,7); - &jz(&label("aw_end")); - - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov($tmp2,&DWP($i*4,$b,"",0));# *b - &sub($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &sub($tmp1,$tmp2); - &adc($c,0); - &dec($num) if ($i != 6); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *a - &jz(&label("aw_end")) if ($i != 6); - } - &set_label("aw_end",0); - -# &mov("eax",$c); # $c is "eax" - - &function_end($name); - } - -1; diff --git a/deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c b/deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c index 1729b479d4..0ff3805a61 100644 --- a/deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c +++ b/deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c @@ -1,3 +1,12 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + #include "../bn_lcl.h" #if !(defined(__GNUC__) && __GNUC__>=2) # include "../bn_asm.c" /* kind of dirty hack for Sun Studio */ @@ -216,9 +225,10 @@ BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, " adcq (%5,%2,8),%0 \n" " movq %0,(%3,%2,8) \n" " lea 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n":"=&r" (ret), "+c"(n), - "+r"(i) + " dec %1 \n" + " jnz 1b \n" + " sbbq %0,%0 \n" + :"=&r" (ret), "+c"(n), "+r"(i) :"r"(rp), "r"(ap), "r"(bp) :"cc", "memory"); @@ -242,9 +252,10 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, " sbbq (%5,%2,8),%0 \n" " movq %0,(%3,%2,8) \n" " lea 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n":"=&r" (ret), "+c"(n), - "+r"(i) + " dec %1 \n" + " jnz 1b \n" + " sbbq %0,%0 \n" + :"=&r" (ret), "+c"(n), "+r"(i) :"r"(rp), "r"(ap), "r"(bp) :"cc", "memory"); diff --git a/deps/openssl/openssl/crypto/bn/asm/x86_64-gf2m.pl b/deps/openssl/openssl/crypto/bn/asm/x86_64-gf2m.pl index 42bbec2fb7..d962f62033 100644 --- a/deps/openssl/openssl/crypto/bn/asm/x86_64-gf2m.pl +++ b/deps/openssl/openssl/crypto/bn/asm/x86_64-gf2m.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # # ==================================================================== # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL @@ -31,7 +38,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open OUT,"| \"$^X\" $xlate $flavour $output"; +open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; *STDOUT=*OUT; ($lo,$hi)=("%rax","%rdx"); $a=$lo; diff --git a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl index 80492d8e63..df4cca5bfe 100755 --- a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # ==================================================================== # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL @@ -50,7 +57,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open OUT,"| \"$^X\" $xlate $flavour $output"; +open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; *STDOUT=*OUT; if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` @@ -129,7 +136,9 @@ $code.=<<___; neg $num # restore $num and \$-1024,%r10 # minimize TLB usage - # Some OSes, *cough*-dows, insist on stack being "wired" to + # An OS-agnostic version of __chkstk. + # + # Some OSes (Windows) insist on stack being "wired" to # physical memory in strictly sequential manner, i.e. if stack # allocation spans two pages, then reference to farmost one can # be punishable by SEGV. But page walking can do good even on diff --git a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl index 42178e455a..5779059ea2 100755 --- a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl +++ b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # ==================================================================== # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL @@ -35,7 +42,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open OUT,"| \"$^X\" $xlate $flavour $output"; +open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; *STDOUT=*OUT; if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` @@ -113,7 +120,9 @@ $code.=<<___; neg $num # restore $num and \$-1024,%r10 # minimize TLB usage - # Some OSes, *cough*-dows, insist on stack being "wired" to + # An OS-agnostic version of __chkstk. + # + # Some OSes (Windows) insist on stack being "wired" to # physical memory in strictly sequential manner, i.e. if stack # allocation spans two pages, then reference to farmost one can # be punishable by SEGV. But page walking can do good even on diff --git a/deps/openssl/openssl/crypto/bn/bn.h b/deps/openssl/openssl/crypto/bn/bn.h deleted file mode 100644 index 633d1b1f60..0000000000 --- a/deps/openssl/openssl/crypto/bn/bn.h +++ /dev/null @@ -1,951 +0,0 @@ -/* crypto/bn/bn.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the Eric Young open source - * license provided above. - * - * The binary polynomial arithmetic software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. - * - */ - -#ifndef HEADER_BN_H -# define HEADER_BN_H - -# include <limits.h> -# include <openssl/e_os2.h> -# ifndef OPENSSL_NO_FP_API -# include <stdio.h> /* FILE */ -# endif -# include <openssl/ossl_typ.h> -# include <openssl/crypto.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * These preprocessor symbols control various aspects of the bignum headers - * and library code. They're not defined by any "normal" configuration, as - * they are intended for development and testing purposes. NB: defining all - * three can be useful for debugging application code as well as openssl - * itself. BN_DEBUG - turn on various debugging alterations to the bignum - * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up - * mismanagement of bignum internals. You must also define BN_DEBUG. - */ -/* #define BN_DEBUG */ -/* #define BN_DEBUG_RAND */ - -# ifndef OPENSSL_SMALL_FOOTPRINT -# define BN_MUL_COMBA -# define BN_SQR_COMBA -# define BN_RECURSION -# endif - -/* - * This next option uses the C libraries (2 word)/(1 word) function. If it is - * not defined, I use my C version (which is slower). The reason for this - * flag is that when the particular C compiler library routine is used, and - * the library is linked with a different compiler, the library is missing. - * This mostly happens when the library is built with gcc and then linked - * using normal cc. This would be a common occurrence because gcc normally - * produces code that is 2 times faster than system compilers for the big - * number stuff. For machines with only one compiler (or shared libraries), - * this should be on. Again this in only really a problem on machines using - * "long long's", are 32bit, and are not using my assembler code. - */ -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ - defined(OPENSSL_SYS_WIN32) || defined(linux) -# ifndef BN_DIV2W -# define BN_DIV2W -# endif -# endif - -/* - * assuming long is 64bit - this is the DEC Alpha unsigned long long is only - * 64 bits :-(, don't define BN_LLONG for the DEC Alpha - */ -# ifdef SIXTY_FOUR_BIT_LONG -# define BN_ULLONG unsigned long long -# define BN_ULONG unsigned long -# define BN_LONG long -# define BN_BITS 128 -# define BN_BYTES 8 -# define BN_BITS2 64 -# define BN_BITS4 32 -# define BN_MASK (0xffffffffffffffffffffffffffffffffLL) -# define BN_MASK2 (0xffffffffffffffffL) -# define BN_MASK2l (0xffffffffL) -# define BN_MASK2h (0xffffffff00000000L) -# define BN_MASK2h1 (0xffffffff80000000L) -# define BN_TBIT (0x8000000000000000L) -# define BN_DEC_CONV (10000000000000000000UL) -# define BN_DEC_FMT1 "%lu" -# define BN_DEC_FMT2 "%019lu" -# define BN_DEC_NUM 19 -# define BN_HEX_FMT1 "%lX" -# define BN_HEX_FMT2 "%016lX" -# endif - -/* - * This is where the long long data type is 64 bits, but long is 32. For - * machines where there are 64bit registers, this is the mode to use. IRIX, - * on R4000 and above should use this mode, along with the relevant assembler - * code :-). Do NOT define BN_LLONG. - */ -# ifdef SIXTY_FOUR_BIT -# undef BN_LLONG -# undef BN_ULLONG -# define BN_ULONG unsigned long long -# define BN_LONG long long -# define BN_BITS 128 -# define BN_BYTES 8 -# define BN_BITS2 64 -# define BN_BITS4 32 -# define BN_MASK2 (0xffffffffffffffffLL) -# define BN_MASK2l (0xffffffffL) -# define BN_MASK2h (0xffffffff00000000LL) -# define BN_MASK2h1 (0xffffffff80000000LL) -# define BN_TBIT (0x8000000000000000LL) -# define BN_DEC_CONV (10000000000000000000ULL) -# define BN_DEC_FMT1 "%llu" -# define BN_DEC_FMT2 "%019llu" -# define BN_DEC_NUM 19 -# define BN_HEX_FMT1 "%llX" -# define BN_HEX_FMT2 "%016llX" -# endif - -# ifdef THIRTY_TWO_BIT -# ifdef BN_LLONG -# if defined(_WIN32) && !defined(__GNUC__) -# define BN_ULLONG unsigned __int64 -# define BN_MASK (0xffffffffffffffffI64) -# else -# define BN_ULLONG unsigned long long -# define BN_MASK (0xffffffffffffffffLL) -# endif -# endif -# define BN_ULONG unsigned int -# define BN_LONG int -# define BN_BITS 64 -# define BN_BYTES 4 -# define BN_BITS2 32 -# define BN_BITS4 16 -# define BN_MASK2 (0xffffffffL) -# define BN_MASK2l (0xffff) -# define BN_MASK2h1 (0xffff8000L) -# define BN_MASK2h (0xffff0000L) -# define BN_TBIT (0x80000000L) -# define BN_DEC_CONV (1000000000L) -# define BN_DEC_FMT1 "%u" -# define BN_DEC_FMT2 "%09u" -# define BN_DEC_NUM 9 -# define BN_HEX_FMT1 "%X" -# define BN_HEX_FMT2 "%08X" -# endif - -# define BN_DEFAULT_BITS 1280 - -# define BN_FLG_MALLOCED 0x01 -# define BN_FLG_STATIC_DATA 0x02 - -/* - * avoid leaking exponent information through timing, - * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, - * BN_div() will call BN_div_no_branch, - * BN_mod_inverse() will call BN_mod_inverse_no_branch. - */ -# define BN_FLG_CONSTTIME 0x04 - -# ifdef OPENSSL_NO_DEPRECATED -/* deprecated name for the flag */ -# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME -/* - * avoid leaking exponent information through timings - * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) - */ -# endif - -# ifndef OPENSSL_NO_DEPRECATED -# define BN_FLG_FREE 0x8000 - /* used for debuging */ -# endif -# define BN_set_flags(b,n) ((b)->flags|=(n)) -# define BN_get_flags(b,n) ((b)->flags&(n)) - -/* - * get a clone of a BIGNUM with changed flags, for *temporary* use only (the - * two BIGNUMs cannot not be used in parallel!) - */ -# define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ - (dest)->top=(b)->top, \ - (dest)->dmax=(b)->dmax, \ - (dest)->neg=(b)->neg, \ - (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \ - | ((b)->flags & ~BN_FLG_MALLOCED) \ - | BN_FLG_STATIC_DATA \ - | (n))) - -/* Already declared in ossl_typ.h */ -# if 0 -typedef struct bignum_st BIGNUM; -/* Used for temp variables (declaration hidden in bn_lcl.h) */ -typedef struct bignum_ctx BN_CTX; -typedef struct bn_blinding_st BN_BLINDING; -typedef struct bn_mont_ctx_st BN_MONT_CTX; -typedef struct bn_recp_ctx_st BN_RECP_CTX; -typedef struct bn_gencb_st BN_GENCB; -# endif - -struct bignum_st { - BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit - * chunks. */ - int top; /* Index of last used d +1. */ - /* The next are internal book keeping for bn_expand. */ - int dmax; /* Size of the d array. */ - int neg; /* one if the number is negative */ - int flags; -}; - -/* Used for montgomery multiplication */ -struct bn_mont_ctx_st { - int ri; /* number of bits in R */ - BIGNUM RR; /* used to convert to montgomery form */ - BIGNUM N; /* The modulus */ - BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only - * stored for bignum algorithm) */ - BN_ULONG n0[2]; /* least significant word(s) of Ni; (type - * changed with 0.9.9, was "BN_ULONG n0;" - * before) */ - int flags; -}; - -/* - * Used for reciprocal division/mod functions It cannot be shared between - * threads - */ -struct bn_recp_ctx_st { - BIGNUM N; /* the divisor */ - BIGNUM Nr; /* the reciprocal */ - int num_bits; - int shift; - int flags; -}; - -/* Used for slow "generation" functions. */ -struct bn_gencb_st { - unsigned int ver; /* To handle binary (in)compatibility */ - void *arg; /* callback-specific data */ - union { - /* if(ver==1) - handles old style callbacks */ - void (*cb_1) (int, int, void *); - /* if(ver==2) - new callback style */ - int (*cb_2) (int, int, BN_GENCB *); - } cb; -}; -/* Wrapper function to make using BN_GENCB easier, */ -int BN_GENCB_call(BN_GENCB *cb, int a, int b); -/* Macro to populate a BN_GENCB structure with an "old"-style callback */ -# define BN_GENCB_set_old(gencb, callback, cb_arg) { \ - BN_GENCB *tmp_gencb = (gencb); \ - tmp_gencb->ver = 1; \ - tmp_gencb->arg = (cb_arg); \ - tmp_gencb->cb.cb_1 = (callback); } -/* Macro to populate a BN_GENCB structure with a "new"-style callback */ -# define BN_GENCB_set(gencb, callback, cb_arg) { \ - BN_GENCB *tmp_gencb = (gencb); \ - tmp_gencb->ver = 2; \ - tmp_gencb->arg = (cb_arg); \ - tmp_gencb->cb.cb_2 = (callback); } - -# define BN_prime_checks 0 /* default: select number of iterations based - * on the size of the number */ - -/* - * number of Miller-Rabin iterations for an error rate of less than 2^-80 for - * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of - * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; - * original paper: Damgaard, Landrock, Pomerance: Average case error - * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) - * 177-194) - */ -# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ - (b) >= 850 ? 3 : \ - (b) >= 650 ? 4 : \ - (b) >= 550 ? 5 : \ - (b) >= 450 ? 6 : \ - (b) >= 400 ? 7 : \ - (b) >= 350 ? 8 : \ - (b) >= 300 ? 9 : \ - (b) >= 250 ? 12 : \ - (b) >= 200 ? 15 : \ - (b) >= 150 ? 18 : \ - /* b >= 100 */ 27) - -# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) - -/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ -# define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ - (((w) == 0) && ((a)->top == 0))) -# define BN_is_zero(a) ((a)->top == 0) -# define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) -# define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) -# define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) - -# define BN_one(a) (BN_set_word((a),1)) -# define BN_zero_ex(a) \ - do { \ - BIGNUM *_tmp_bn = (a); \ - _tmp_bn->top = 0; \ - _tmp_bn->neg = 0; \ - } while(0) -# ifdef OPENSSL_NO_DEPRECATED -# define BN_zero(a) BN_zero_ex(a) -# else -# define BN_zero(a) (BN_set_word((a),0)) -# endif - -const BIGNUM *BN_value_one(void); -char *BN_options(void); -BN_CTX *BN_CTX_new(void); -# ifndef OPENSSL_NO_DEPRECATED -void BN_CTX_init(BN_CTX *c); -# endif -void BN_CTX_free(BN_CTX *c); -void BN_CTX_start(BN_CTX *ctx); -BIGNUM *BN_CTX_get(BN_CTX *ctx); -void BN_CTX_end(BN_CTX *ctx); -int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); -int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); -int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); -int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); -int BN_num_bits(const BIGNUM *a); -int BN_num_bits_word(BN_ULONG); -BIGNUM *BN_new(void); -void BN_init(BIGNUM *); -void BN_clear_free(BIGNUM *a); -BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); -void BN_swap(BIGNUM *a, BIGNUM *b); -BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); -int BN_bn2bin(const BIGNUM *a, unsigned char *to); -BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); -int BN_bn2mpi(const BIGNUM *a, unsigned char *to); -int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); -/** BN_set_negative sets sign of a BIGNUM - * \param b pointer to the BIGNUM object - * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise - */ -void BN_set_negative(BIGNUM *b, int n); -/** BN_is_negative returns 1 if the BIGNUM is negative - * \param a pointer to the BIGNUM object - * \return 1 if a < 0 and 0 otherwise - */ -# define BN_is_negative(a) ((a)->neg != 0) - -int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, - BN_CTX *ctx); -# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) -int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); -int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx); -int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m); -int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx); -int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m); -int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx); -int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); -int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); -int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); -int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, - BN_CTX *ctx); -int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); - -BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); -BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); -int BN_mul_word(BIGNUM *a, BN_ULONG w); -int BN_add_word(BIGNUM *a, BN_ULONG w); -int BN_sub_word(BIGNUM *a, BN_ULONG w); -int BN_set_word(BIGNUM *a, BN_ULONG w); -BN_ULONG BN_get_word(const BIGNUM *a); - -int BN_cmp(const BIGNUM *a, const BIGNUM *b); -void BN_free(BIGNUM *a); -int BN_is_bit_set(const BIGNUM *a, int n); -int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); -int BN_lshift1(BIGNUM *r, const BIGNUM *a); -int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); - -int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); -int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont); -int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, - const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *m_ctx); -int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); - -int BN_mask_bits(BIGNUM *a, int n); -# ifndef OPENSSL_NO_FP_API -int BN_print_fp(FILE *fp, const BIGNUM *a); -# endif -# ifdef HEADER_BIO_H -int BN_print(BIO *fp, const BIGNUM *a); -# else -int BN_print(void *fp, const BIGNUM *a); -# endif -int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); -int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); -int BN_rshift1(BIGNUM *r, const BIGNUM *a); -void BN_clear(BIGNUM *a); -BIGNUM *BN_dup(const BIGNUM *a); -int BN_ucmp(const BIGNUM *a, const BIGNUM *b); -int BN_set_bit(BIGNUM *a, int n); -int BN_clear_bit(BIGNUM *a, int n); -char *BN_bn2hex(const BIGNUM *a); -char *BN_bn2dec(const BIGNUM *a); -int BN_hex2bn(BIGNUM **a, const char *str); -int BN_dec2bn(BIGNUM **a, const char *str); -int BN_asc2bn(BIGNUM **a, const char *str); -int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns - * -2 for - * error */ -BIGNUM *BN_mod_inverse(BIGNUM *ret, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); -BIGNUM *BN_mod_sqrt(BIGNUM *ret, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); - -void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); - -/* Deprecated versions */ -# ifndef OPENSSL_NO_DEPRECATED -BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, - void (*callback) (int, int, void *), void *cb_arg); -int BN_is_prime(const BIGNUM *p, int nchecks, - void (*callback) (int, int, void *), - BN_CTX *ctx, void *cb_arg); -int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, - void (*callback) (int, int, void *), BN_CTX *ctx, - void *cb_arg, int do_trial_division); -# endif /* !defined(OPENSSL_NO_DEPRECATED) */ - -/* Newer versions */ -int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, - const BIGNUM *rem, BN_GENCB *cb); -int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); -int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, - int do_trial_division, BN_GENCB *cb); - -int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); - -int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, - const BIGNUM *Xp, const BIGNUM *Xp1, - const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, - BN_GENCB *cb); -int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, - BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, - BN_CTX *ctx, BN_GENCB *cb); - -BN_MONT_CTX *BN_MONT_CTX_new(void); -void BN_MONT_CTX_init(BN_MONT_CTX *ctx); -int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - BN_MONT_CTX *mont, BN_CTX *ctx); -# define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ - (r),(a),&((mont)->RR),(mont),(ctx)) -int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, - BN_MONT_CTX *mont, BN_CTX *ctx); -void BN_MONT_CTX_free(BN_MONT_CTX *mont); -int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); -BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); -BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, - const BIGNUM *mod, BN_CTX *ctx); - -/* BN_BLINDING flags */ -# define BN_BLINDING_NO_UPDATE 0x00000001 -# define BN_BLINDING_NO_RECREATE 0x00000002 - -BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); -void BN_BLINDING_free(BN_BLINDING *b); -int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); -int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); -int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); -int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); -int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, - BN_CTX *); -# ifndef OPENSSL_NO_DEPRECATED -unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); -void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); -# endif -CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *); -unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); -void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); -BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, - const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, - int (*bn_mod_exp) (BIGNUM *r, - const BIGNUM *a, - const BIGNUM *p, - const BIGNUM *m, - BN_CTX *ctx, - BN_MONT_CTX *m_ctx), - BN_MONT_CTX *m_ctx); - -# ifndef OPENSSL_NO_DEPRECATED -void BN_set_params(int mul, int high, int low, int mont); -int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ -# endif - -void BN_RECP_CTX_init(BN_RECP_CTX *recp); -BN_RECP_CTX *BN_RECP_CTX_new(void); -void BN_RECP_CTX_free(BN_RECP_CTX *recp); -int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); -int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, - BN_RECP_CTX *recp, BN_CTX *ctx); -int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); -int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, - BN_RECP_CTX *recp, BN_CTX *ctx); - -# ifndef OPENSSL_NO_EC2M - -/* - * Functions for arithmetic over binary polynomials represented by BIGNUMs. - * The BIGNUM::neg property of BIGNUMs representing binary polynomials is - * ignored. Note that input arguments are not const so that their bit arrays - * can be expanded to the appropriate size if needed. - */ - -/* - * r = a + b - */ -int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) -/* - * r=a mod p - */ -int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); -/* r = (a * b) mod p */ -int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *p, BN_CTX *ctx); -/* r = (a * a) mod p */ -int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); -/* r = (1 / b) mod p */ -int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); -/* r = (a / b) mod p */ -int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *p, BN_CTX *ctx); -/* r = (a ^ b) mod p */ -int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *p, BN_CTX *ctx); -/* r = sqrt(a) mod p */ -int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - BN_CTX *ctx); -/* r^2 + r = a mod p */ -int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - BN_CTX *ctx); -# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) -/*- - * Some functions allow for representation of the irreducible polynomials - * as an unsigned int[], say p. The irreducible f(t) is then of the form: - * t^p[0] + t^p[1] + ... + t^p[k] - * where m = p[0] > p[1] > ... > p[k] = 0. - */ -/* r = a mod p */ -int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); -/* r = (a * b) mod p */ -int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const int p[], BN_CTX *ctx); -/* r = (a * a) mod p */ -int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], - BN_CTX *ctx); -/* r = (1 / b) mod p */ -int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], - BN_CTX *ctx); -/* r = (a / b) mod p */ -int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const int p[], BN_CTX *ctx); -/* r = (a ^ b) mod p */ -int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const int p[], BN_CTX *ctx); -/* r = sqrt(a) mod p */ -int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, - const int p[], BN_CTX *ctx); -/* r^2 + r = a mod p */ -int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, - const int p[], BN_CTX *ctx); -int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); -int BN_GF2m_arr2poly(const int p[], BIGNUM *a); - -# endif - -/* - * faster mod functions for the 'NIST primes' 0 <= a < p^2 - */ -int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); -int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); -int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); -int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); -int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); - -const BIGNUM *BN_get0_nist_prime_192(void); -const BIGNUM *BN_get0_nist_prime_224(void); -const BIGNUM *BN_get0_nist_prime_256(void); -const BIGNUM *BN_get0_nist_prime_384(void); -const BIGNUM *BN_get0_nist_prime_521(void); - -/* library internal functions */ - -# define bn_expand(a,bits) \ - ( \ - bits > (INT_MAX - BN_BITS2 + 1) ? \ - NULL \ - : \ - (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \ - (a) \ - : \ - bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \ - ) - -# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) -BIGNUM *bn_expand2(BIGNUM *a, int words); -# ifndef OPENSSL_NO_DEPRECATED -BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ -# endif - -/*- - * Bignum consistency macros - * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from - * bignum data after direct manipulations on the data. There is also an - * "internal" macro, bn_check_top(), for verifying that there are no leading - * zeroes. Unfortunately, some auditing is required due to the fact that - * bn_fix_top() has become an overabused duct-tape because bignum data is - * occasionally passed around in an inconsistent state. So the following - * changes have been made to sort this out; - * - bn_fix_top()s implementation has been moved to bn_correct_top() - * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and - * bn_check_top() is as before. - * - if BN_DEBUG *is* defined; - * - bn_check_top() tries to pollute unused words even if the bignum 'top' is - * consistent. (ed: only if BN_DEBUG_RAND is defined) - * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. - * The idea is to have debug builds flag up inconsistent bignums when they - * occur. If that occurs in a bn_fix_top(), we examine the code in question; if - * the use of bn_fix_top() was appropriate (ie. it follows directly after code - * that manipulates the bignum) it is converted to bn_correct_top(), and if it - * was not appropriate, we convert it permanently to bn_check_top() and track - * down the cause of the bug. Eventually, no internal code should be using the - * bn_fix_top() macro. External applications and libraries should try this with - * their own code too, both in terms of building against the openssl headers - * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it - * defined. This not only improves external code, it provides more test - * coverage for openssl's own code. - */ - -# ifdef BN_DEBUG - -/* We only need assert() when debugging */ -# include <assert.h> - -# ifdef BN_DEBUG_RAND -/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ -# ifndef RAND_pseudo_bytes -int RAND_pseudo_bytes(unsigned char *buf, int num); -# define BN_DEBUG_TRIX -# endif -# define bn_pollute(a) \ - do { \ - const BIGNUM *_bnum1 = (a); \ - if(_bnum1->top < _bnum1->dmax) { \ - unsigned char _tmp_char; \ - /* We cast away const without the compiler knowing, any \ - * *genuinely* constant variables that aren't mutable \ - * wouldn't be constructed with top!=dmax. */ \ - BN_ULONG *_not_const; \ - memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ - /* Debug only - safe to ignore error return */ \ - RAND_pseudo_bytes(&_tmp_char, 1); \ - memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ - (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ - } \ - } while(0) -# ifdef BN_DEBUG_TRIX -# undef RAND_pseudo_bytes -# endif -# else -# define bn_pollute(a) -# endif -# define bn_check_top(a) \ - do { \ - const BIGNUM *_bnum2 = (a); \ - if (_bnum2 != NULL) { \ - assert((_bnum2->top == 0) || \ - (_bnum2->d[_bnum2->top - 1] != 0)); \ - bn_pollute(_bnum2); \ - } \ - } while(0) - -# define bn_fix_top(a) bn_check_top(a) - -# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) -# define bn_wcheck_size(bn, words) \ - do { \ - const BIGNUM *_bnum2 = (bn); \ - assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \ - /* avoid unused variable warning with NDEBUG */ \ - (void)(_bnum2); \ - } while(0) - -# else /* !BN_DEBUG */ - -# define bn_pollute(a) -# define bn_check_top(a) -# define bn_fix_top(a) bn_correct_top(a) -# define bn_check_size(bn, bits) -# define bn_wcheck_size(bn, words) - -# endif - -# define bn_correct_top(a) \ - { \ - BN_ULONG *ftl; \ - int tmp_top = (a)->top; \ - if (tmp_top > 0) \ - { \ - for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \ - if (*(ftl--)) break; \ - (a)->top = tmp_top; \ - } \ - if ((a)->top == 0) \ - (a)->neg = 0; \ - bn_pollute(a); \ - } - -BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, - BN_ULONG w); -BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); -void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); -BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); -BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - int num); -BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - int num); - -/* Primes from RFC 2409 */ -BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); -BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn); - -/* Primes from RFC 3526 */ -BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn); -BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn); -BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn); -BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn); -BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn); -BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn); - -int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -void ERR_load_BN_strings(void); - -/* Error codes for the BN functions. */ - -/* Function codes. */ -# define BN_F_BNRAND 127 -# define BN_F_BN_BLINDING_CONVERT_EX 100 -# define BN_F_BN_BLINDING_CREATE_PARAM 128 -# define BN_F_BN_BLINDING_INVERT_EX 101 -# define BN_F_BN_BLINDING_NEW 102 -# define BN_F_BN_BLINDING_UPDATE 103 -# define BN_F_BN_BN2DEC 104 -# define BN_F_BN_BN2HEX 105 -# define BN_F_BN_CTX_GET 116 -# define BN_F_BN_CTX_NEW 106 -# define BN_F_BN_CTX_START 129 -# define BN_F_BN_DIV 107 -# define BN_F_BN_DIV_NO_BRANCH 138 -# define BN_F_BN_DIV_RECP 130 -# define BN_F_BN_EXP 123 -# define BN_F_BN_EXPAND2 108 -# define BN_F_BN_EXPAND_INTERNAL 120 -# define BN_F_BN_GF2M_MOD 131 -# define BN_F_BN_GF2M_MOD_EXP 132 -# define BN_F_BN_GF2M_MOD_MUL 133 -# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 -# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 -# define BN_F_BN_GF2M_MOD_SQR 136 -# define BN_F_BN_GF2M_MOD_SQRT 137 -# define BN_F_BN_LSHIFT 145 -# define BN_F_BN_MOD_EXP2_MONT 118 -# define BN_F_BN_MOD_EXP_MONT 109 -# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 -# define BN_F_BN_MOD_EXP_MONT_WORD 117 -# define BN_F_BN_MOD_EXP_RECP 125 -# define BN_F_BN_MOD_EXP_SIMPLE 126 -# define BN_F_BN_MOD_INVERSE 110 -# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 -# define BN_F_BN_MOD_LSHIFT_QUICK 119 -# define BN_F_BN_MOD_MUL_RECIPROCAL 111 -# define BN_F_BN_MOD_SQRT 121 -# define BN_F_BN_MPI2BN 112 -# define BN_F_BN_NEW 113 -# define BN_F_BN_RAND 114 -# define BN_F_BN_RAND_RANGE 122 -# define BN_F_BN_RSHIFT 146 -# define BN_F_BN_USUB 115 - -/* Reason codes. */ -# define BN_R_ARG2_LT_ARG3 100 -# define BN_R_BAD_RECIPROCAL 101 -# define BN_R_BIGNUM_TOO_LONG 114 -# define BN_R_BITS_TOO_SMALL 118 -# define BN_R_CALLED_WITH_EVEN_MODULUS 102 -# define BN_R_DIV_BY_ZERO 103 -# define BN_R_ENCODING_ERROR 104 -# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 -# define BN_R_INPUT_NOT_REDUCED 110 -# define BN_R_INVALID_LENGTH 106 -# define BN_R_INVALID_RANGE 115 -# define BN_R_INVALID_SHIFT 119 -# define BN_R_NOT_A_SQUARE 111 -# define BN_R_NOT_INITIALIZED 107 -# define BN_R_NO_INVERSE 108 -# define BN_R_NO_SOLUTION 116 -# define BN_R_P_IS_NOT_PRIME 112 -# define BN_R_TOO_MANY_ITERATIONS 113 -# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/deps/openssl/openssl/crypto/bn/bn.mul b/deps/openssl/openssl/crypto/bn/bn.mul deleted file mode 100644 index 9728870d38..0000000000 --- a/deps/openssl/openssl/crypto/bn/bn.mul +++ /dev/null @@ -1,19 +0,0 @@ -We need - -* bn_mul_comba8 -* bn_mul_comba4 -* bn_mul_normal -* bn_mul_recursive - -* bn_sqr_comba8 -* bn_sqr_comba4 -bn_sqr_normal -> BN_sqr -* bn_sqr_recursive - -* bn_mul_low_recursive -* bn_mul_low_normal -* bn_mul_high - -* bn_mul_part_recursive # symetric but not power of 2 - -bn_mul_asymetric_recursive # uneven, but do the chop up. diff --git a/deps/openssl/openssl/crypto/bn/bn_add.c b/deps/openssl/openssl/crypto/bn/bn_add.c index 2f3d110449..7cdefa77a1 100644 --- a/deps/openssl/openssl/crypto/bn/bn_add.c +++ b/deps/openssl/openssl/crypto/bn/bn_add.c @@ -1,69 +1,18 @@ -/* crypto/bn/bn_add.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" /* r can == a or b */ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { - const BIGNUM *tmp; int a_neg = a->neg, ret; bn_check_top(a); @@ -78,6 +27,8 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) if (a_neg ^ b->neg) { /* only one is negative */ if (a_neg) { + const BIGNUM *tmp; + tmp = a; a = b; b = tmp; @@ -87,14 +38,14 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) if (BN_ucmp(a, b) < 0) { if (!BN_usub(r, b, a)) - return (0); + return 0; r->neg = 1; } else { if (!BN_usub(r, a, b)) - return (0); + return 0; r->neg = 0; } - return (1); + return 1; } ret = BN_uadd(r, a, b); @@ -107,13 +58,15 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { int max, min, dif; - BN_ULONG *ap, *bp, *rp, carry, t1, t2; - const BIGNUM *tmp; + const BN_ULONG *ap, *bp; + BN_ULONG *rp, carry, t1, t2; bn_check_top(a); bn_check_top(b); if (a->top < b->top) { + const BIGNUM *tmp; + tmp = a; a = b; b = tmp; @@ -134,29 +87,17 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) carry = bn_add_words(rp, ap, bp, min); rp += min; ap += min; - bp += min; - - if (carry) { - while (dif) { - dif--; - t1 = *(ap++); - t2 = (t1 + 1) & BN_MASK2; - *(rp++) = t2; - if (t2) { - carry = 0; - break; - } - } - if (carry) { - /* carry != 0 => dif == 0 */ - *rp = 1; - r->top++; - } + + while (dif) { + dif--; + t1 = *(ap++); + t2 = (t1 + carry) & BN_MASK2; + *(rp++) = t2; + carry &= (t2 == 0); } - if (dif && rp != ap) - while (dif--) - /* copy remaining words if ap != rp */ - *(rp++) = *(ap++); + *rp = carry; + r->top += carry; + r->neg = 0; bn_check_top(r); return 1; @@ -166,11 +107,8 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { int max, min, dif; - register BN_ULONG t1, t2, *ap, *bp, *rp; - int i, carry; -#if defined(IRIX_CC_BUG) && !defined(LINT) - int dummy; -#endif + BN_ULONG t1, t2, borrow, *rp; + const BN_ULONG *ap, *bp; bn_check_top(a); bn_check_top(b); @@ -181,86 +119,42 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) if (dif < 0) { /* hmm... should not be happening */ BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3); - return (0); + return 0; } if (bn_wexpand(r, max) == NULL) - return (0); + return 0; ap = a->d; bp = b->d; rp = r->d; -#if 1 - carry = 0; - for (i = min; i != 0; i--) { - t1 = *(ap++); - t2 = *(bp++); - if (carry) { - carry = (t1 <= t2); - t1 = (t1 - t2 - 1) & BN_MASK2; - } else { - carry = (t1 < t2); - t1 = (t1 - t2) & BN_MASK2; - } -# if defined(IRIX_CC_BUG) && !defined(LINT) - dummy = t1; -# endif - *(rp++) = t1 & BN_MASK2; - } -#else - carry = bn_sub_words(rp, ap, bp, min); + borrow = bn_sub_words(rp, ap, bp, min); ap += min; - bp += min; rp += min; -#endif - if (carry) { /* subtracted */ - if (!dif) - /* error: a < b */ - return 0; - while (dif) { - dif--; - t1 = *(ap++); - t2 = (t1 - 1) & BN_MASK2; - *(rp++) = t2; - if (t1) - break; - } - } -#if 0 - memcpy(rp, ap, sizeof(*rp) * (max - i)); -#else - if (rp != ap) { - for (;;) { - if (!dif--) - break; - rp[0] = ap[0]; - if (!dif--) - break; - rp[1] = ap[1]; - if (!dif--) - break; - rp[2] = ap[2]; - if (!dif--) - break; - rp[3] = ap[3]; - rp += 4; - ap += 4; - } + + while (dif) { + dif--; + t1 = *(ap++); + t2 = (t1 - borrow) & BN_MASK2; + *(rp++) = t2; + borrow &= (t1 == 0); } -#endif + + while (max && *--rp == 0) + max--; r->top = max; r->neg = 0; - bn_correct_top(r); - return (1); + bn_pollute(r); + + return 1; } int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { int max; int add = 0, neg = 0; - const BIGNUM *tmp; bn_check_top(a); bn_check_top(b); @@ -273,6 +167,8 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) */ if (a->neg) { if (b->neg) { + const BIGNUM *tmp; + tmp = a; a = b; b = tmp; @@ -289,25 +185,25 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) if (add) { if (!BN_uadd(r, a, b)) - return (0); + return 0; r->neg = neg; - return (1); + return 1; } /* We are actually doing a - b :-) */ max = (a->top > b->top) ? a->top : b->top; if (bn_wexpand(r, max) == NULL) - return (0); + return 0; if (BN_ucmp(a, b) < 0) { if (!BN_usub(r, b, a)) - return (0); + return 0; r->neg = 1; } else { if (!BN_usub(r, a, b)) - return (0); + return 0; r->neg = 0; } bn_check_top(r); - return (1); + return 1; } diff --git a/deps/openssl/openssl/crypto/bn/bn_asm.c b/deps/openssl/openssl/crypto/bn/bn_asm.c index 03a33cffe5..39c6c2134b 100644 --- a/deps/openssl/openssl/crypto/bn/bn_asm.c +++ b/deps/openssl/openssl/crypto/bn/bn_asm.c @@ -1,69 +1,15 @@ -/* crypto/bn/bn_asm.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#ifndef BN_DEBUG -# undef NDEBUG /* avoid conflicting definitions */ -# define NDEBUG -#endif - -#include <stdio.h> #include <assert.h> -#include "cryptlib.h" +#include <openssl/crypto.h> +#include "internal/cryptlib.h" #include "bn_lcl.h" #if defined(BN_LLONG) || defined(BN_UMULT_HIGH) @@ -1005,13 +951,13 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, /* hmm... is it faster just to do a multiply? */ # undef bn_sqr_comba4 +# undef bn_sqr_comba8 void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) { BN_ULONG t[8]; bn_sqr_normal(r, a, 4, t); } -# undef bn_sqr_comba8 void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) { BN_ULONG t[16]; diff --git a/deps/openssl/openssl/crypto/bn/bn_blind.c b/deps/openssl/openssl/crypto/bn/bn_blind.c index d448daa3c7..24d138309d 100644 --- a/deps/openssl/openssl/crypto/bn/bn_blind.c +++ b/deps/openssl/openssl/crypto/bn/bn_blind.c @@ -1,116 +1,14 @@ -/* crypto/bn/bn_blind.c */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. +/* + * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include <stdio.h> -#include "cryptlib.h" +#include <openssl/opensslconf.h> +#include "internal/cryptlib.h" #include "bn_lcl.h" #define BN_BLINDING_COUNTER 32 @@ -120,16 +18,13 @@ struct bn_blinding_st { BIGNUM *Ai; BIGNUM *e; BIGNUM *mod; /* just a reference */ -#ifndef OPENSSL_NO_DEPRECATED - unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; used - * only by crypto/rsa/rsa_eay.c, rsa_lib.c */ -#endif - CRYPTO_THREADID tid; + CRYPTO_THREAD_ID tid; int counter; unsigned long flags; BN_MONT_CTX *m_ctx; int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + CRYPTO_RWLOCK *lock; }; BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) @@ -138,15 +33,25 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) bn_check_top(mod); - if ((ret = (BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) { + if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } - memset(ret, 0, sizeof(BN_BLINDING)); + + ret->lock = CRYPTO_THREAD_lock_new(); + if (ret->lock == NULL) { + BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); + OPENSSL_free(ret); + return NULL; + } + + BN_BLINDING_set_current_thread(ret); + if (A != NULL) { if ((ret->A = BN_dup(A)) == NULL) goto err; } + if (Ai != NULL) { if ((ret->Ai = BN_dup(Ai)) == NULL) goto err; @@ -155,6 +60,7 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) /* save a copy of mod in the BN_BLINDING structure */ if ((ret->mod = BN_dup(mod)) == NULL) goto err; + if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) BN_set_flags(ret->mod, BN_FLG_CONSTTIME); @@ -164,12 +70,12 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) * use. */ ret->counter = -1; - CRYPTO_THREADID_current(&ret->tid); - return (ret); + + return ret; + err: - if (ret != NULL) - BN_BLINDING_free(ret); - return (NULL); + BN_BLINDING_free(ret); + return NULL; } void BN_BLINDING_free(BN_BLINDING *r) @@ -177,14 +83,11 @@ void BN_BLINDING_free(BN_BLINDING *r) if (r == NULL) return; - if (r->A != NULL) - BN_free(r->A); - if (r->Ai != NULL) - BN_free(r->Ai); - if (r->e != NULL) - BN_free(r->e); - if (r->mod != NULL) - BN_free(r->mod); + BN_free(r->A); + BN_free(r->Ai); + BN_free(r->e); + BN_free(r->mod); + CRYPTO_THREAD_lock_free(r->lock); OPENSSL_free(r); } @@ -278,21 +181,24 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, return (ret); } -#ifndef OPENSSL_NO_DEPRECATED -unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b) +int BN_BLINDING_is_current_thread(BN_BLINDING *b) +{ + return CRYPTO_THREAD_compare_id(CRYPTO_THREAD_get_current_id(), b->tid); +} + +void BN_BLINDING_set_current_thread(BN_BLINDING *b) { - return b->thread_id; + b->tid = CRYPTO_THREAD_get_current_id(); } -void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n) +int BN_BLINDING_lock(BN_BLINDING *b) { - b->thread_id = n; + return CRYPTO_THREAD_write_lock(b->lock); } -#endif -CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b) +int BN_BLINDING_unlock(BN_BLINDING *b) { - return &b->tid; + return CRYPTO_THREAD_unlock(b->lock); } unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b) @@ -332,8 +238,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, goto err; if (e != NULL) { - if (ret->e != NULL) - BN_free(ret->e); + BN_free(ret->e); ret->e = BN_dup(e); } if (ret->e == NULL) @@ -345,20 +250,19 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, ret->m_ctx = m_ctx; do { + int rv; if (!BN_rand_range(ret->A, ret->mod)) goto err; - if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) { + if (!int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv)) { /* * this should almost never happen for good RSA keys */ - unsigned long error = ERR_peek_last_error(); - if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + if (rv) { if (retry_counter-- == 0) { BNerr(BN_F_BN_BLINDING_CREATE_PARAM, BN_R_TOO_MANY_ITERATIONS); goto err; } - ERR_clear_error(); } else goto err; } else @@ -376,7 +280,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, return ret; err: - if (b == NULL && ret != NULL) { + if (b == NULL) { BN_BLINDING_free(ret); ret = NULL; } diff --git a/deps/openssl/openssl/crypto/bn/bn_const.c b/deps/openssl/openssl/crypto/bn/bn_const.c index 12c3208c24..39dd61202a 100644 --- a/deps/openssl/openssl/crypto/bn/bn_const.c +++ b/deps/openssl/openssl/crypto/bn/bn_const.c @@ -1,7 +1,13 @@ -/* crypto/bn/knownprimes.c */ -/* Insert boilerplate */ +/* + * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ -#include "bn.h" +#include <openssl/bn.h> /*- * "First Oakley Default Group" from RFC2409, section 6.1. @@ -12,7 +18,7 @@ * RFC2412 specifies a generator of of 22. */ -BIGNUM *get_rfc2409_prime_768(BIGNUM *bn) +BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn) { static const unsigned char RFC2409_PRIME_768[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -40,7 +46,7 @@ BIGNUM *get_rfc2409_prime_768(BIGNUM *bn) * RFC2412 specifies a generator of 22. */ -BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn) +BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn) { static const unsigned char RFC2409_PRIME_1024[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -72,7 +78,7 @@ BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn) * RFC2312 specifies a generator of 22. */ -BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn) +BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn) { static const unsigned char RFC3526_PRIME_1536[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -111,7 +117,7 @@ BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn) * RFC3526 specifies a generator of 2. */ -BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn) +BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn) { static const unsigned char RFC3526_PRIME_2048[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -158,7 +164,7 @@ BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn) * RFC3526 specifies a generator of 2. */ -BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn) +BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn) { static const unsigned char RFC3526_PRIME_3072[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -221,7 +227,7 @@ BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn) * RFC3526 specifies a generator of 2. */ -BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn) +BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn) { static const unsigned char RFC3526_PRIME_4096[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -300,7 +306,7 @@ BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn) * RFC3526 specifies a generator of 2. */ -BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn) +BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn) { static const unsigned char RFC3526_PRIME_6144[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -411,7 +417,7 @@ BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn) * RFC3526 specifies a generator of 2. */ -BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn) +BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn) { static const unsigned char RFC3526_PRIME_8192[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, diff --git a/deps/openssl/openssl/crypto/bn/bn_ctx.c b/deps/openssl/openssl/crypto/bn/bn_ctx.c index 526c6a046d..68c0468743 100644 --- a/deps/openssl/openssl/crypto/bn/bn_ctx.c +++ b/deps/openssl/openssl/crypto/bn/bn_ctx.c @@ -1,69 +1,13 @@ -/* crypto/bn/bn_ctx.c */ -/* Written by Ulf Moeller for the OpenSSL project. */ -/* ==================================================================== - * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG) -# ifndef NDEBUG -# define NDEBUG -# endif -#endif - -#include <stdio.h> -#include <assert.h> - -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" /*- @@ -104,10 +48,7 @@ typedef struct bignum_pool { } BN_POOL; static void BN_POOL_init(BN_POOL *); static void BN_POOL_finish(BN_POOL *); -#ifndef OPENSSL_NO_DEPRECATED -static void BN_POOL_reset(BN_POOL *); -#endif -static BIGNUM *BN_POOL_get(BN_POOL *); +static BIGNUM *BN_POOL_get(BN_POOL *, int); static void BN_POOL_release(BN_POOL *, unsigned int); /************/ @@ -123,9 +64,6 @@ typedef struct bignum_ctx_stack { } BN_STACK; static void BN_STACK_init(BN_STACK *); static void BN_STACK_finish(BN_STACK *); -#ifndef OPENSSL_NO_DEPRECATED -static void BN_STACK_reset(BN_STACK *); -#endif static int BN_STACK_push(BN_STACK *, unsigned int); static unsigned int BN_STACK_pop(BN_STACK *); @@ -145,6 +83,8 @@ struct bignum_ctx { int err_stack; /* Block "gets" until an "end" (compatibility behaviour) */ int too_many; + /* Flags. */ + int flags; }; /* Enable this to find BN_CTX bugs */ @@ -190,40 +130,27 @@ static void ctxdbg(BN_CTX *ctx) # define CTXDBG_RET(ctx,ret) #endif -/* - * This function is an evil legacy and should not be used. This - * implementation is WYSIWYG, though I've done my best. - */ -#ifndef OPENSSL_NO_DEPRECATED -void BN_CTX_init(BN_CTX *ctx) -{ - /* - * Assume the caller obtained the context via BN_CTX_new() and so is - * trying to reset it for use. Nothing else makes sense, least of all - * binary compatibility from a time when they could declare a static - * variable. - */ - BN_POOL_reset(&ctx->pool); - BN_STACK_reset(&ctx->stack); - ctx->used = 0; - ctx->err_stack = 0; - ctx->too_many = 0; -} -#endif BN_CTX *BN_CTX_new(void) { - BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX)); - if (!ret) { + BN_CTX *ret; + + if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; } /* Initialise the structure */ BN_POOL_init(&ret->pool); BN_STACK_init(&ret->stack); - ret->used = 0; - ret->err_stack = 0; - ret->too_many = 0; + return ret; +} + +BN_CTX *BN_CTX_secure_new(void) +{ + BN_CTX *ret = BN_CTX_new(); + + if (ret != NULL) + ret->flags = BN_FLG_SECURE; return ret; } @@ -285,10 +212,11 @@ void BN_CTX_end(BN_CTX *ctx) BIGNUM *BN_CTX_get(BN_CTX *ctx) { BIGNUM *ret; + CTXDBG_ENTRY("BN_CTX_get", ctx); if (ctx->err_stack || ctx->too_many) return NULL; - if ((ret = BN_POOL_get(&ctx->pool)) == NULL) { + if ((ret = BN_POOL_get(&ctx->pool, ctx->flags)) == NULL) { /* * Setting too_many prevents repeated "get" attempts from cluttering * the error stack. @@ -316,32 +244,23 @@ static void BN_STACK_init(BN_STACK *st) static void BN_STACK_finish(BN_STACK *st) { - if (st->size) - OPENSSL_free(st->indexes); + OPENSSL_free(st->indexes); + st->indexes = NULL; } -#ifndef OPENSSL_NO_DEPRECATED -static void BN_STACK_reset(BN_STACK *st) -{ - st->depth = 0; -} -#endif static int BN_STACK_push(BN_STACK *st, unsigned int idx) { - if (st->depth == st->size) + if (st->depth == st->size) { /* Need to expand */ - { - unsigned int newsize = (st->size ? - (st->size * 3 / 2) : BN_CTX_START_FRAMES); - unsigned int *newitems = OPENSSL_malloc(newsize * - sizeof(unsigned int)); - if (!newitems) + unsigned int newsize = + st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES; + unsigned int *newitems = OPENSSL_malloc(sizeof(*newitems) * newsize); + if (newitems == NULL) return 0; if (st->depth) - memcpy(newitems, st->indexes, st->depth * sizeof(unsigned int)); - if (st->size) - OPENSSL_free(st->indexes); + memcpy(newitems, st->indexes, sizeof(*newitems) * st->depth); + OPENSSL_free(st->indexes); st->indexes = newitems; st->size = newsize; } @@ -366,55 +285,39 @@ static void BN_POOL_init(BN_POOL *p) static void BN_POOL_finish(BN_POOL *p) { + unsigned int loop; + BIGNUM *bn; + while (p->head) { - unsigned int loop = 0; - BIGNUM *bn = p->head->vals; - while (loop++ < BN_CTX_POOL_SIZE) { + for (loop = 0, bn = p->head->vals; loop++ < BN_CTX_POOL_SIZE; bn++) if (bn->d) BN_clear_free(bn); - bn++; - } p->current = p->head->next; OPENSSL_free(p->head); p->head = p->current; } } -#ifndef OPENSSL_NO_DEPRECATED -static void BN_POOL_reset(BN_POOL *p) -{ - BN_POOL_ITEM *item = p->head; - while (item) { - unsigned int loop = 0; - BIGNUM *bn = item->vals; - while (loop++ < BN_CTX_POOL_SIZE) { - if (bn->d) - BN_clear(bn); - bn++; - } - item = item->next; - } - p->current = p->head; - p->used = 0; -} -#endif -static BIGNUM *BN_POOL_get(BN_POOL *p) +static BIGNUM *BN_POOL_get(BN_POOL *p, int flag) { + BIGNUM *bn; + unsigned int loop; + + /* Full; allocate a new pool item and link it in. */ if (p->used == p->size) { - BIGNUM *bn; - unsigned int loop = 0; - BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM)); - if (!item) + BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(*item)); + if (item == NULL) return NULL; - /* Initialise the structure */ - bn = item->vals; - while (loop++ < BN_CTX_POOL_SIZE) - BN_init(bn++); + for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) { + bn_init(bn); + if ((flag & BN_FLG_SECURE) != 0) + BN_set_flags(bn, BN_FLG_SECURE); + } item->prev = p->tail; item->next = NULL; - /* Link it in */ - if (!p->head) + + if (p->head == NULL) p->head = p->current = p->tail = item; else { p->tail->next = item; @@ -426,6 +329,7 @@ static BIGNUM *BN_POOL_get(BN_POOL *p) /* Return the first bignum from the new pool */ return item->vals; } + if (!p->used) p->current = p->head; else if ((p->used % BN_CTX_POOL_SIZE) == 0) @@ -436,10 +340,11 @@ static BIGNUM *BN_POOL_get(BN_POOL *p) static void BN_POOL_release(BN_POOL *p, unsigned int num) { unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE; + p->used -= num; while (num--) { bn_check_top(p->current->vals + offset); - if (!offset) { + if (offset == 0) { offset = BN_CTX_POOL_SIZE - 1; p->current = p->current->prev; } else diff --git a/deps/openssl/openssl/crypto/bn/bn_depr.c b/deps/openssl/openssl/crypto/bn/bn_depr.c index 34895f5982..7d89214b1c 100644 --- a/deps/openssl/openssl/crypto/bn/bn_depr.c +++ b/deps/openssl/openssl/crypto/bn/bn_depr.c @@ -1,56 +1,10 @@ -/* crypto/bn/bn_depr.c */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ /* @@ -58,22 +12,22 @@ * slurp this code if applications are using them directly. */ -#include <stdio.h> -#include <time.h> -#include "cryptlib.h" -#include "bn_lcl.h" -#include <openssl/rand.h> +#include <openssl/opensslconf.h> +#if OPENSSL_API_COMPAT >= 0x00908000L +NON_EMPTY_TRANSLATION_UNIT +#else -static void *dummy = &dummy; +# include <stdio.h> +# include <time.h> +# include "internal/cryptlib.h" +# include "bn_lcl.h" -#ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, void (*callback) (int, int, void *), void *cb_arg) { BN_GENCB cb; BIGNUM *rnd = NULL; - int found = 0; BN_GENCB_set_old(&cb, callback, cb_arg); @@ -86,11 +40,10 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, goto err; /* we have a prime :-) */ - found = 1; + return ret; err: - if (!found && (ret == NULL) && (rnd != NULL)) - BN_free(rnd); - return (found ? rnd : NULL); + BN_free(rnd); + return NULL; } int BN_is_prime(const BIGNUM *a, int checks, diff --git a/deps/openssl/openssl/crypto/bn/bn_dh.c b/deps/openssl/openssl/crypto/bn/bn_dh.c new file mode 100644 index 0000000000..17d05597b3 --- /dev/null +++ b/deps/openssl/openssl/crypto/bn/bn_dh.c @@ -0,0 +1,220 @@ +/* + * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "bn_lcl.h" +#include "e_os.h" + +#ifndef OPENSSL_NO_DH +#include <openssl/dh.h> +#include "internal/bn_dh.h" +/* DH parameters from RFC5114 */ + +# if BN_BITS2 == 64 +static const BN_ULONG dh1024_160_p[] = { + 0xDF1FB2BC2E4A4371ULL, 0xE68CFDA76D4DA708ULL, 0x45BF37DF365C1A65ULL, + 0xA151AF5F0DC8B4BDULL, 0xFAA31A4FF55BCCC0ULL, 0x4EFFD6FAE5644738ULL, + 0x98488E9C219A7372ULL, 0xACCBDD7D90C4BD70ULL, 0x24975C3CD49B83BFULL, + 0x13ECB4AEA9061123ULL, 0x9838EF1E2EE652C0ULL, 0x6073E28675A23D18ULL, + 0x9A6A9DCA52D23B61ULL, 0x52C99FBCFB06A3C6ULL, 0xDE92DE5EAE5D54ECULL, + 0xB10B8F96A080E01DULL +}; + +static const BN_ULONG dh1024_160_g[] = { + 0x855E6EEB22B3B2E5ULL, 0x858F4DCEF97C2A24ULL, 0x2D779D5918D08BC8ULL, + 0xD662A4D18E73AFA3ULL, 0x1DBF0A0169B6A28AULL, 0xA6A24C087A091F53ULL, + 0x909D0D2263F80A76ULL, 0xD7FBD7D3B9A92EE1ULL, 0x5E91547F9E2749F4ULL, + 0x160217B4B01B886AULL, 0x777E690F5504F213ULL, 0x266FEA1E5C41564BULL, + 0xD6406CFF14266D31ULL, 0xF8104DD258AC507FULL, 0x6765A442EFB99905ULL, + 0xA4D1CBD5C3FD3412ULL +}; + +static const BN_ULONG dh1024_160_q[] = { + 0x64B7CB9D49462353ULL, 0x81A8DF278ABA4E7DULL, 0x00000000F518AA87ULL +}; + +static const BN_ULONG dh2048_224_p[] = { + 0x0AC4DFFE0C10E64FULL, 0xCF9DE5384E71B81CULL, 0x7EF363E2FFA31F71ULL, + 0xE3FB73C16B8E75B9ULL, 0xC9B53DCF4BA80A29ULL, 0x23F10B0E16E79763ULL, + 0xC52172E413042E9BULL, 0xBE60E69CC928B2B9ULL, 0x80CD86A1B9E587E8ULL, + 0x315D75E198C641A4ULL, 0xCDF93ACC44328387ULL, 0x15987D9ADC0A486DULL, + 0x7310F7121FD5A074ULL, 0x278273C7DE31EFDCULL, 0x1602E714415D9330ULL, + 0x81286130BC8985DBULL, 0xB3BF8A3170918836ULL, 0x6A00E0A0B9C49708ULL, + 0xC6BA0B2C8BBC27BEULL, 0xC9F98D11ED34DBF6ULL, 0x7AD5B7D0B6C12207ULL, + 0xD91E8FEF55B7394BULL, 0x9037C9EDEFDA4DF8ULL, 0x6D3F8152AD6AC212ULL, + 0x1DE6B85A1274A0A6ULL, 0xEB3D688A309C180EULL, 0xAF9A3C407BA1DF15ULL, + 0xE6FA141DF95A56DBULL, 0xB54B1597B61D0A75ULL, 0xA20D64E5683B9FD1ULL, + 0xD660FAA79559C51FULL, 0xAD107E1E9123A9D0ULL +}; + +static const BN_ULONG dh2048_224_g[] = { + 0x84B890D3191F2BFAULL, 0x81BC087F2A7065B3ULL, 0x19C418E1F6EC0179ULL, + 0x7B5A0F1C71CFFF4CULL, 0xEDFE72FE9B6AA4BDULL, 0x81E1BCFE94B30269ULL, + 0x566AFBB48D6C0191ULL, 0xB539CCE3409D13CDULL, 0x6AA21E7F5F2FF381ULL, + 0xD9E263E4770589EFULL, 0x10E183EDD19963DDULL, 0xB70A8137150B8EEBULL, + 0x051AE3D428C8F8ACULL, 0xBB77A86F0C1AB15BULL, 0x6E3025E316A330EFULL, + 0x19529A45D6F83456ULL, 0xF180EB34118E98D1ULL, 0xB5F6C6B250717CBEULL, + 0x09939D54DA7460CDULL, 0xE247150422EA1ED4ULL, 0xB8A762D0521BC98AULL, + 0xF4D027275AC1348BULL, 0xC17669101999024AULL, 0xBE5E9001A8D66AD7ULL, + 0xC57DB17C620A8652ULL, 0xAB739D7700C29F52ULL, 0xDD921F01A70C4AFAULL, + 0xA6824A4E10B9A6F0ULL, 0x74866A08CFE4FFE3ULL, 0x6CDEBE7B89998CAFULL, + 0x9DF30B5C8FFDAC50ULL, 0xAC4032EF4F2D9AE3ULL +}; + +static const BN_ULONG dh2048_224_q[] = { + 0xBF389A99B36371EBULL, 0x1F80535A4738CEBCULL, 0xC58D93FE99717710ULL, + 0x00000000801C0D34ULL +}; + +static const BN_ULONG dh2048_256_p[] = { + 0xDB094AE91E1A1597ULL, 0x693877FAD7EF09CAULL, 0x6116D2276E11715FULL, + 0xA4B54330C198AF12ULL, 0x75F26375D7014103ULL, 0xC3A3960A54E710C3ULL, + 0xDED4010ABD0BE621ULL, 0xC0B857F689962856ULL, 0xB3CA3F7971506026ULL, + 0x1CCACB83E6B486F6ULL, 0x67E144E514056425ULL, 0xF6A167B5A41825D9ULL, + 0x3AD8347796524D8EULL, 0xF13C6D9A51BFA4ABULL, 0x2D52526735488A0EULL, + 0xB63ACAE1CAA6B790ULL, 0x4FDB70C581B23F76ULL, 0xBC39A0BF12307F5CULL, + 0xB941F54EB1E59BB8ULL, 0x6C5BFC11D45F9088ULL, 0x22E0B1EF4275BF7BULL, + 0x91F9E6725B4758C0ULL, 0x5A8A9D306BCF67EDULL, 0x209E0C6497517ABDULL, + 0x3BF4296D830E9A7CULL, 0x16C3D91134096FAAULL, 0xFAF7DF4561B2AA30ULL, + 0xE00DF8F1D61957D4ULL, 0x5D2CEED4435E3B00ULL, 0x8CEEF608660DD0F2ULL, + 0xFFBBD19C65195999ULL, 0x87A8E61DB4B6663CULL +}; + +static const BN_ULONG dh2048_256_g[] = { + 0x664B4C0F6CC41659ULL, 0x5E2327CFEF98C582ULL, 0xD647D148D4795451ULL, + 0x2F63078490F00EF8ULL, 0x184B523D1DB246C3ULL, 0xC7891428CDC67EB6ULL, + 0x7FD028370DF92B52ULL, 0xB3353BBB64E0EC37ULL, 0xECD06E1557CD0915ULL, + 0xB7D2BBD2DF016199ULL, 0xC8484B1E052588B9ULL, 0xDB2A3B7313D3FE14ULL, + 0xD052B985D182EA0AULL, 0xA4BD1BFFE83B9C80ULL, 0xDFC967C1FB3F2E55ULL, + 0xB5045AF2767164E1ULL, 0x1D14348F6F2F9193ULL, 0x64E67982428EBC83ULL, + 0x8AC376D282D6ED38ULL, 0x777DE62AAAB8A862ULL, 0xDDF463E5E9EC144BULL, + 0x0196F931C77A57F2ULL, 0xA55AE31341000A65ULL, 0x901228F8C28CBB18ULL, + 0xBC3773BF7E8C6F62ULL, 0xBE3A6C1B0C6B47B1ULL, 0xFF4FED4AAC0BB555ULL, + 0x10DBC15077BE463FULL, 0x07F4793A1A0BA125ULL, 0x4CA7B18F21EF2054ULL, + 0x2E77506660EDBD48ULL, 0x3FB32C9B73134D0BULL +}; + +static const BN_ULONG dh2048_256_q[] = { + 0xA308B0FE64F5FBD3ULL, 0x99B1A47D1EB3750BULL, 0xB447997640129DA2ULL, + 0x8CF83642A709A097ULL +}; + +# elif BN_BITS2 == 32 + +static const BN_ULONG dh1024_160_p[] = { + 0x2E4A4371, 0xDF1FB2BC, 0x6D4DA708, 0xE68CFDA7, 0x365C1A65, 0x45BF37DF, + 0x0DC8B4BD, 0xA151AF5F, 0xF55BCCC0, 0xFAA31A4F, 0xE5644738, 0x4EFFD6FA, + 0x219A7372, 0x98488E9C, 0x90C4BD70, 0xACCBDD7D, 0xD49B83BF, 0x24975C3C, + 0xA9061123, 0x13ECB4AE, 0x2EE652C0, 0x9838EF1E, 0x75A23D18, 0x6073E286, + 0x52D23B61, 0x9A6A9DCA, 0xFB06A3C6, 0x52C99FBC, 0xAE5D54EC, 0xDE92DE5E, + 0xA080E01D, 0xB10B8F96 +}; + +static const BN_ULONG dh1024_160_g[] = { + 0x22B3B2E5, 0x855E6EEB, 0xF97C2A24, 0x858F4DCE, 0x18D08BC8, 0x2D779D59, + 0x8E73AFA3, 0xD662A4D1, 0x69B6A28A, 0x1DBF0A01, 0x7A091F53, 0xA6A24C08, + 0x63F80A76, 0x909D0D22, 0xB9A92EE1, 0xD7FBD7D3, 0x9E2749F4, 0x5E91547F, + 0xB01B886A, 0x160217B4, 0x5504F213, 0x777E690F, 0x5C41564B, 0x266FEA1E, + 0x14266D31, 0xD6406CFF, 0x58AC507F, 0xF8104DD2, 0xEFB99905, 0x6765A442, + 0xC3FD3412, 0xA4D1CBD5 +}; + +static const BN_ULONG dh1024_160_q[] = { + 0x49462353, 0x64B7CB9D, 0x8ABA4E7D, 0x81A8DF27, 0xF518AA87 +}; + +static const BN_ULONG dh2048_224_p[] = { + 0x0C10E64F, 0x0AC4DFFE, 0x4E71B81C, 0xCF9DE538, 0xFFA31F71, 0x7EF363E2, + 0x6B8E75B9, 0xE3FB73C1, 0x4BA80A29, 0xC9B53DCF, 0x16E79763, 0x23F10B0E, + 0x13042E9B, 0xC52172E4, 0xC928B2B9, 0xBE60E69C, 0xB9E587E8, 0x80CD86A1, + 0x98C641A4, 0x315D75E1, 0x44328387, 0xCDF93ACC, 0xDC0A486D, 0x15987D9A, + 0x1FD5A074, 0x7310F712, 0xDE31EFDC, 0x278273C7, 0x415D9330, 0x1602E714, + 0xBC8985DB, 0x81286130, 0x70918836, 0xB3BF8A31, 0xB9C49708, 0x6A00E0A0, + 0x8BBC27BE, 0xC6BA0B2C, 0xED34DBF6, 0xC9F98D11, 0xB6C12207, 0x7AD5B7D0, + 0x55B7394B, 0xD91E8FEF, 0xEFDA4DF8, 0x9037C9ED, 0xAD6AC212, 0x6D3F8152, + 0x1274A0A6, 0x1DE6B85A, 0x309C180E, 0xEB3D688A, 0x7BA1DF15, 0xAF9A3C40, + 0xF95A56DB, 0xE6FA141D, 0xB61D0A75, 0xB54B1597, 0x683B9FD1, 0xA20D64E5, + 0x9559C51F, 0xD660FAA7, 0x9123A9D0, 0xAD107E1E +}; + +static const BN_ULONG dh2048_224_g[] = { + 0x191F2BFA, 0x84B890D3, 0x2A7065B3, 0x81BC087F, 0xF6EC0179, 0x19C418E1, + 0x71CFFF4C, 0x7B5A0F1C, 0x9B6AA4BD, 0xEDFE72FE, 0x94B30269, 0x81E1BCFE, + 0x8D6C0191, 0x566AFBB4, 0x409D13CD, 0xB539CCE3, 0x5F2FF381, 0x6AA21E7F, + 0x770589EF, 0xD9E263E4, 0xD19963DD, 0x10E183ED, 0x150B8EEB, 0xB70A8137, + 0x28C8F8AC, 0x051AE3D4, 0x0C1AB15B, 0xBB77A86F, 0x16A330EF, 0x6E3025E3, + 0xD6F83456, 0x19529A45, 0x118E98D1, 0xF180EB34, 0x50717CBE, 0xB5F6C6B2, + 0xDA7460CD, 0x09939D54, 0x22EA1ED4, 0xE2471504, 0x521BC98A, 0xB8A762D0, + 0x5AC1348B, 0xF4D02727, 0x1999024A, 0xC1766910, 0xA8D66AD7, 0xBE5E9001, + 0x620A8652, 0xC57DB17C, 0x00C29F52, 0xAB739D77, 0xA70C4AFA, 0xDD921F01, + 0x10B9A6F0, 0xA6824A4E, 0xCFE4FFE3, 0x74866A08, 0x89998CAF, 0x6CDEBE7B, + 0x8FFDAC50, 0x9DF30B5C, 0x4F2D9AE3, 0xAC4032EF +}; + +static const BN_ULONG dh2048_224_q[] = { + 0xB36371EB, 0xBF389A99, 0x4738CEBC, 0x1F80535A, 0x99717710, 0xC58D93FE, + 0x801C0D34 +}; + +static const BN_ULONG dh2048_256_p[] = { + 0x1E1A1597, 0xDB094AE9, 0xD7EF09CA, 0x693877FA, 0x6E11715F, 0x6116D227, + 0xC198AF12, 0xA4B54330, 0xD7014103, 0x75F26375, 0x54E710C3, 0xC3A3960A, + 0xBD0BE621, 0xDED4010A, 0x89962856, 0xC0B857F6, 0x71506026, 0xB3CA3F79, + 0xE6B486F6, 0x1CCACB83, 0x14056425, 0x67E144E5, 0xA41825D9, 0xF6A167B5, + 0x96524D8E, 0x3AD83477, 0x51BFA4AB, 0xF13C6D9A, 0x35488A0E, 0x2D525267, + 0xCAA6B790, 0xB63ACAE1, 0x81B23F76, 0x4FDB70C5, 0x12307F5C, 0xBC39A0BF, + 0xB1E59BB8, 0xB941F54E, 0xD45F9088, 0x6C5BFC11, 0x4275BF7B, 0x22E0B1EF, + 0x5B4758C0, 0x91F9E672, 0x6BCF67ED, 0x5A8A9D30, 0x97517ABD, 0x209E0C64, + 0x830E9A7C, 0x3BF4296D, 0x34096FAA, 0x16C3D911, 0x61B2AA30, 0xFAF7DF45, + 0xD61957D4, 0xE00DF8F1, 0x435E3B00, 0x5D2CEED4, 0x660DD0F2, 0x8CEEF608, + 0x65195999, 0xFFBBD19C, 0xB4B6663C, 0x87A8E61D +}; + +static const BN_ULONG dh2048_256_g[] = { + 0x6CC41659, 0x664B4C0F, 0xEF98C582, 0x5E2327CF, 0xD4795451, 0xD647D148, + 0x90F00EF8, 0x2F630784, 0x1DB246C3, 0x184B523D, 0xCDC67EB6, 0xC7891428, + 0x0DF92B52, 0x7FD02837, 0x64E0EC37, 0xB3353BBB, 0x57CD0915, 0xECD06E15, + 0xDF016199, 0xB7D2BBD2, 0x052588B9, 0xC8484B1E, 0x13D3FE14, 0xDB2A3B73, + 0xD182EA0A, 0xD052B985, 0xE83B9C80, 0xA4BD1BFF, 0xFB3F2E55, 0xDFC967C1, + 0x767164E1, 0xB5045AF2, 0x6F2F9193, 0x1D14348F, 0x428EBC83, 0x64E67982, + 0x82D6ED38, 0x8AC376D2, 0xAAB8A862, 0x777DE62A, 0xE9EC144B, 0xDDF463E5, + 0xC77A57F2, 0x0196F931, 0x41000A65, 0xA55AE313, 0xC28CBB18, 0x901228F8, + 0x7E8C6F62, 0xBC3773BF, 0x0C6B47B1, 0xBE3A6C1B, 0xAC0BB555, 0xFF4FED4A, + 0x77BE463F, 0x10DBC150, 0x1A0BA125, 0x07F4793A, 0x21EF2054, 0x4CA7B18F, + 0x60EDBD48, 0x2E775066, 0x73134D0B, 0x3FB32C9B +}; + +static const BN_ULONG dh2048_256_q[] = { + 0x64F5FBD3, 0xA308B0FE, 0x1EB3750B, 0x99B1A47D, 0x40129DA2, 0xB4479976, + 0xA709A097, 0x8CF83642 +}; + +# else +# error "unsupported BN_BITS2" +# endif + +/* Macro to make a BIGNUM from static data */ + +# define make_dh_bn(x) extern const BIGNUM _bignum_##x; \ + const BIGNUM _bignum_##x = { (BN_ULONG *) x, \ + OSSL_NELEM(x),\ + OSSL_NELEM(x),\ + 0, BN_FLG_STATIC_DATA }; + + +make_dh_bn(dh1024_160_p) +make_dh_bn(dh1024_160_g) +make_dh_bn(dh1024_160_q) +make_dh_bn(dh2048_224_p) +make_dh_bn(dh2048_224_g) +make_dh_bn(dh2048_224_q) +make_dh_bn(dh2048_256_p) +make_dh_bn(dh2048_256_g) +make_dh_bn(dh2048_256_q) + +#endif diff --git a/deps/openssl/openssl/crypto/bn/bn_div.c b/deps/openssl/openssl/crypto/bn/bn_div.c index bc37671cf1..5e620b2096 100644 --- a/deps/openssl/openssl/crypto/bn/bn_div.c +++ b/deps/openssl/openssl/crypto/bn/bn_div.c @@ -1,64 +1,14 @@ -/* crypto/bn/bn_div.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include <stdio.h> #include <openssl/bn.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" /* The old slow way */ @@ -180,7 +130,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, # endif /* OPENSSL_NO_ASM */ /*- - * BN_div computes dv := num / divisor, rounding towards + * BN_div computes dv := num / divisor, rounding towards * zero, and sets up rm such that dv*divisor + rm = num holds. * Thus: * dv->neg == num->neg ^ divisor->neg (unless the result is zero) @@ -304,9 +254,9 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, wnump = &(snum->d[num_n - 1]); /* Setup to 'res' */ - res->neg = (num->neg ^ divisor->neg); if (!bn_wexpand(res, (loop + 1))) goto err; + res->neg = (num->neg ^ divisor->neg); res->top = loop - no_branch; resp = &(res->d[loop - 1]); @@ -328,6 +278,9 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, res->top--; } + /* Increase the resp pointer so that we never create an invalid pointer. */ + resp++; + /* * if res->top == 0 then clear the neg value otherwise decrease the resp * pointer @@ -337,7 +290,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, else resp--; - for (i = 0; i < loop - 1; i++, wnump--, resp--) { + for (i = 0; i < loop - 1; i++, wnump--) { BN_ULONG q, l0; /* * the first part of the loop uses the top two words of snum and sdiv @@ -362,10 +315,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0); # else q = bn_div_words(n0, n1, d0); -# ifdef BN_DEBUG_LEVITTE - fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ -X) -> 0x%08X\n", n0, n1, d0, q); -# endif # endif # ifndef REMAINDER_IS_ALREADY_CALCULATED @@ -390,10 +339,6 @@ X) -> 0x%08X\n", n0, n1, d0, q); BN_ULONG t2l, t2h; q = bn_div_words(n0, n1, d0); -# ifdef BN_DEBUG_LEVITTE - fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ -X) -> 0x%08X\n", n0, n1, d0, q); -# endif # ifndef REMAINDER_IS_ALREADY_CALCULATED rem = (n1 - q * d0) & BN_MASK2; # endif @@ -451,6 +396,7 @@ X) -> 0x%08X\n", n0, n1, d0, q); (*wnump)++; } /* store part of the result */ + resp--; *resp = q; } bn_correct_top(snum); diff --git a/deps/openssl/openssl/crypto/bn/bn_err.c b/deps/openssl/openssl/crypto/bn/bn_err.c index e7a703826e..5fe9db9ede 100644 --- a/deps/openssl/openssl/crypto/bn/bn_err.c +++ b/deps/openssl/openssl/crypto/bn/bn_err.c @@ -1,62 +1,11 @@ -/* crypto/bn/bn_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - /* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> @@ -70,7 +19,7 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason) static ERR_STRING_DATA BN_str_functs[] = { - {ERR_FUNC(BN_F_BNRAND), "BNRAND"}, + {ERR_FUNC(BN_F_BNRAND), "bnrand"}, {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"}, {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"}, {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"}, @@ -78,15 +27,17 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"}, {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"}, {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"}, + {ERR_FUNC(BN_F_BN_COMPUTE_WNAF), "bn_compute_wNAF"}, {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"}, {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"}, {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"}, {ERR_FUNC(BN_F_BN_DIV), "BN_div"}, - {ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"}, {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"}, {ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, - {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, - {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"}, + {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "bn_expand_internal"}, + {ERR_FUNC(BN_F_BN_GENCB_NEW), "BN_GENCB_new"}, + {ERR_FUNC(BN_F_BN_GENERATE_DSA_NONCE), "BN_generate_dsa_nonce"}, + {ERR_FUNC(BN_F_BN_GENERATE_PRIME_EX), "BN_generate_prime_ex"}, {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"}, @@ -104,13 +55,13 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"}, {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"}, {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"}, - {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"}, {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"}, {ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"}, {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"}, + {ERR_FUNC(BN_F_BN_SET_WORDS), "bn_set_words"}, {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, {0, NULL} }; @@ -133,6 +84,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, {ERR_REASON(BN_R_NO_SOLUTION), "no solution"}, + {ERR_REASON(BN_R_PRIVATE_KEY_TOO_LARGE), "private key too large"}, {ERR_REASON(BN_R_P_IS_NOT_PRIME), "p is not prime"}, {ERR_REASON(BN_R_TOO_MANY_ITERATIONS), "too many iterations"}, {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES), @@ -142,7 +94,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { #endif -void ERR_load_BN_strings(void) +int ERR_load_BN_strings(void) { #ifndef OPENSSL_NO_ERR @@ -151,4 +103,5 @@ void ERR_load_BN_strings(void) ERR_load_strings(0, BN_str_reasons); } #endif + return 1; } diff --git a/deps/openssl/openssl/crypto/bn/bn_exp.c b/deps/openssl/openssl/crypto/bn/bn_exp.c index 40115fc720..0d2d1eca6b 100644 --- a/deps/openssl/openssl/crypto/bn/bn_exp.c +++ b/deps/openssl/openssl/crypto/bn/bn_exp.c @@ -1,116 +1,14 @@ -/* crypto/bn/bn_exp.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" -#include "constant_time_locl.h" +#include "internal/cryptlib.h" +#include "internal/constant_time_locl.h" #include "bn_lcl.h" #include <stdlib.h> @@ -201,7 +99,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, bn_check_top(m); /*- - * For even modulus m = 2^k*m_odd, it might make sense to compute + * For even modulus m = 2^k*m_odd, it might make sense to compute * a^p mod m_odd and a^p mod 2^k separately (with Montgomery * exponentiation for the odd part), using appropriate exponent * reductions, and combine the results using the CRT. @@ -578,7 +476,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, goto err; ret = 1; err: - if ((in_mont == NULL) && (mont != NULL)) + if (in_mont == NULL) BN_MONT_CTX_free(mont); BN_CTX_end(ctx); bn_check_top(rr); @@ -637,6 +535,14 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, { int i, j; int width = 1 << window; + /* + * We declare table 'volatile' in order to discourage compiler + * from reordering loads from the table. Concern is that if + * reordered in specific manner loads might give away the + * information we are trying to conceal. Some would argue that + * compiler can reorder them anyway, but it can as well be + * argued that doing so would be violation of standard... + */ volatile BN_ULONG *table = (volatile BN_ULONG *)buf; if (bn_wexpand(b, top) == NULL) @@ -821,8 +727,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, else #endif if ((powerbufFree = - (unsigned char *)OPENSSL_malloc(powerbufLen + - MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) + OPENSSL_malloc(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL) goto err; @@ -1191,12 +1096,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, goto err; ret = 1; err: - if ((in_mont == NULL) && (mont != NULL)) + if (in_mont == NULL) BN_MONT_CTX_free(mont); if (powerbuf != NULL) { OPENSSL_cleanse(powerbuf, powerbufLen); - if (powerbufFree) - OPENSSL_free(powerbufFree); + OPENSSL_free(powerbufFree); } BN_CTX_end(ctx); return (ret); @@ -1343,7 +1247,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, } ret = 1; err: - if ((in_mont == NULL) && (mont != NULL)) + if (in_mont == NULL) BN_MONT_CTX_free(mont); BN_CTX_end(ctx); bn_check_top(rr); diff --git a/deps/openssl/openssl/crypto/bn/bn_exp2.c b/deps/openssl/openssl/crypto/bn/bn_exp2.c index 43fd2044c0..5141c21f6d 100644 --- a/deps/openssl/openssl/crypto/bn/bn_exp2.c +++ b/deps/openssl/openssl/crypto/bn/bn_exp2.c @@ -1,116 +1,14 @@ -/* crypto/bn/bn_exp2.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" #define TABLE_SIZE 32 @@ -295,7 +193,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, goto err; ret = 1; err: - if ((in_mont == NULL) && (mont != NULL)) + if (in_mont == NULL) BN_MONT_CTX_free(mont); BN_CTX_end(ctx); bn_check_top(rr); diff --git a/deps/openssl/openssl/crypto/bn/bn_gcd.c b/deps/openssl/openssl/crypto/bn/bn_gcd.c index ce59fe701f..067642644e 100644 --- a/deps/openssl/openssl/crypto/bn/bn_gcd.c +++ b/deps/openssl/openssl/crypto/bn/bn_gcd.c @@ -1,115 +1,13 @@ -/* crypto/bn/bn_gcd.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" static BIGNUM *euclid(BIGNUM *a, BIGNUM *b); @@ -226,10 +124,25 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, BIGNUM *BN_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) { + BIGNUM *rv; + int noinv; + rv = int_bn_mod_inverse(in, a, n, ctx, &noinv); + if (noinv) + BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); + return rv; +} + +BIGNUM *int_bn_mod_inverse(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, + int *pnoinv) +{ BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; BIGNUM *ret = NULL; int sign; + if (pnoinv) + *pnoinv = 0; + if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) { return BN_mod_inverse_no_branch(in, a, n, ctx); @@ -276,11 +189,11 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, * sign*Y*a == A (mod |n|). */ - if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) { + if (BN_is_odd(n) && (BN_num_bits(n) <= 2048)) { /* * Binary inversion algorithm; requires odd modulus. This is faster * than the general algorithm if the modulus is sufficiently small - * (about 400 .. 500 bits on 32-bit sytems, but much more on 64-bit + * (about 400 .. 500 bits on 32-bit systems, but much more on 64-bit * systems) */ int shift; @@ -364,8 +277,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, if (!BN_uadd(Y, Y, X)) goto err; /* - * as above, BN_mod_add_quick(Y, Y, X, n) would slow things - * down + * as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */ if (!BN_usub(A, A, B)) goto err; @@ -435,8 +347,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, * (**) sign*Y*a == D*B + M (mod |n|). */ - tmp = A; /* keep the BIGNUM object, the value does not - * matter */ + tmp = A; /* keep the BIGNUM object, the value does not matter */ /* (A, B) := (B, A mod B) ... */ A = B; @@ -457,15 +368,14 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, * i.e. * sign*(Y + D*X)*a == B (mod |n|). * - * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at + * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at * -sign*X*a == B (mod |n|), * sign*Y*a == A (mod |n|). * Note that X and Y stay non-negative all the time. */ /* - * most of the time D is very small, so we can optimize tmp := - * D*X+Y + * most of the time D is very small, so we can optimize tmp := D*X+Y */ if (BN_is_one(D)) { if (!BN_add(tmp, X, Y)) @@ -490,8 +400,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, goto err; } - M = Y; /* keep the BIGNUM object, the value does not - * matter */ + M = Y; /* keep the BIGNUM object, the value does not matter */ Y = X; X = tmp; sign = -sign; @@ -522,7 +431,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, goto err; } } else { - BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); + if (pnoinv) + *pnoinv = 1; goto err; } ret = R; @@ -543,8 +453,6 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, BN_CTX *ctx) { BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; - BIGNUM local_A, local_B; - BIGNUM *pA, *pB; BIGNUM *ret = NULL; int sign; @@ -582,11 +490,14 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, * BN_div_no_branch will be called eventually. */ - pB = &local_B; - local_B.flags = 0; - BN_with_flags(pB, B, BN_FLG_CONSTTIME); - if (!BN_nnmod(B, pB, A, ctx)) - goto err; + { + BIGNUM local_B; + bn_init(&local_B); + BN_with_flags(&local_B, B, BN_FLG_CONSTTIME); + if (!BN_nnmod(B, &local_B, A, ctx)) + goto err; + /* Ensure local_B goes out of scope before any further use of B */ + } } sign = -1; /*- @@ -610,13 +521,16 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, * BN_div_no_branch will be called eventually. */ - pA = &local_A; - local_A.flags = 0; - BN_with_flags(pA, A, BN_FLG_CONSTTIME); + { + BIGNUM local_A; + bn_init(&local_A); + BN_with_flags(&local_A, A, BN_FLG_CONSTTIME); - /* (D, M) := (A/B, A%B) ... */ - if (!BN_div(D, M, pA, B, ctx)) - goto err; + /* (D, M) := (A/B, A%B) ... */ + if (!BN_div(D, M, &local_A, B, ctx)) + goto err; + /* Ensure local_A goes out of scope before any further use of A */ + } /*- * Now @@ -647,7 +561,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, * i.e. * sign*(Y + D*X)*a == B (mod |n|). * - * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at + * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at * -sign*X*a == B (mod |n|), * sign*Y*a == A (mod |n|). * Note that X and Y stay non-negative all the time. diff --git a/deps/openssl/openssl/crypto/bn/bn_gf2m.c b/deps/openssl/openssl/crypto/bn/bn_gf2m.c index 2c61da1109..b1987f55dd 100644 --- a/deps/openssl/openssl/crypto/bn/bn_gf2m.c +++ b/deps/openssl/openssl/crypto/bn/bn_gf2m.c @@ -1,4 +1,12 @@ -/* crypto/bn/bn_gf2m.c */ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -8,91 +16,12 @@ * * The ECC Code is licensed pursuant to the OpenSSL open source * license provided below. - * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the ECC Code as delivered hereunder (or portions thereof), - * provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the ECC Code; - * 2) separates from the ECC Code; or - * 3) for infringements caused by: - * i) the modification of the ECC Code or - * ii) the combination of the ECC Code with other software or - * devices where such combination causes the infringement. - * - * The software is originally written by Sheueling Chang Shantz and - * Douglas Stebila of Sun Microsystems Laboratories. - * - */ - -/* - * NOTE: This file is licensed pursuant to the OpenSSL license below and may - * be modified; but after modifications, the above covenant may no longer - * apply! In such cases, the corresponding paragraph ["In addition, Sun - * covenants ... causes the infringement."] and this note can be edited out; - * but please keep the Sun copyright notice and attribution. - */ - -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * */ #include <assert.h> #include <limits.h> #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" #ifndef OPENSSL_NO_EC2M @@ -472,8 +401,8 @@ int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) int arr[6]; bn_check_top(a); bn_check_top(p); - ret = BN_GF2m_poly2arr(p, arr, sizeof(arr) / sizeof(arr[0])); - if (!ret || ret > (int)(sizeof(arr) / sizeof(arr[0]))) { + ret = BN_GF2m_poly2arr(p, arr, OSSL_NELEM(arr)); + if (!ret || ret > (int)OSSL_NELEM(arr)) { BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH); return 0; } @@ -550,7 +479,7 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, bn_check_top(a); bn_check_top(b); bn_check_top(p); - if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) + if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) { @@ -560,8 +489,7 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); bn_check_top(r); err: - if (arr) - OPENSSL_free(arr); + OPENSSL_free(arr); return ret; } @@ -609,7 +537,7 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) bn_check_top(a); bn_check_top(p); - if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) + if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) { @@ -619,8 +547,7 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); bn_check_top(r); err: - if (arr) - OPENSSL_free(arr); + OPENSSL_free(arr); return ret; } @@ -1034,7 +961,7 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, bn_check_top(a); bn_check_top(b); bn_check_top(p); - if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) + if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) { @@ -1044,8 +971,7 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); bn_check_top(r); err: - if (arr) - OPENSSL_free(arr); + OPENSSL_free(arr); return ret; } @@ -1094,7 +1020,7 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) int *arr = NULL; bn_check_top(a); bn_check_top(p); - if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) + if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) { @@ -1104,8 +1030,7 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); bn_check_top(r); err: - if (arr) - OPENSSL_free(arr); + OPENSSL_free(arr); return ret; } @@ -1164,7 +1089,7 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], if (tmp == NULL) goto err; do { - if (!BN_rand(rho, p[0], 0, 0)) + if (!BN_rand(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) goto err; if (!BN_GF2m_mod_arr(rho, rho, p)) goto err; @@ -1225,7 +1150,7 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, int *arr = NULL; bn_check_top(a); bn_check_top(p); - if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) + if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) { @@ -1235,8 +1160,7 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); bn_check_top(r); err: - if (arr) - OPENSSL_free(arr); + OPENSSL_free(arr); return ret; } diff --git a/deps/openssl/openssl/crypto/bn/bn_intern.c b/deps/openssl/openssl/crypto/bn/bn_intern.c new file mode 100644 index 0000000000..2c970647de --- /dev/null +++ b/deps/openssl/openssl/crypto/bn/bn_intern.c @@ -0,0 +1,210 @@ +/* + * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/cryptlib.h" +#include "bn_lcl.h" + +/* + * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. + * This is an array r[] of values that are either zero or odd with an + * absolute value less than 2^w satisfying + * scalar = \sum_j r[j]*2^j + * where at most one of any w+1 consecutive digits is non-zero + * with the exception that the most significant digit may be only + * w-1 zeros away from that next non-zero digit. + */ +signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) +{ + int window_val; + signed char *r = NULL; + int sign = 1; + int bit, next_bit, mask; + size_t len = 0, j; + + if (BN_is_zero(scalar)) { + r = OPENSSL_malloc(1); + if (r == NULL) { + BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); + goto err; + } + r[0] = 0; + *ret_len = 1; + return r; + } + + if (w <= 0 || w > 7) { /* 'signed char' can represent integers with + * absolute values less than 2^7 */ + BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); + goto err; + } + bit = 1 << w; /* at most 128 */ + next_bit = bit << 1; /* at most 256 */ + mask = next_bit - 1; /* at most 255 */ + + if (BN_is_negative(scalar)) { + sign = -1; + } + + if (scalar->d == NULL || scalar->top == 0) { + BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); + goto err; + } + + len = BN_num_bits(scalar); + r = OPENSSL_malloc(len + 1); /* + * Modified wNAF may be one digit longer than binary representation + * (*ret_len will be set to the actual length, i.e. at most + * BN_num_bits(scalar) + 1) + */ + if (r == NULL) { + BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); + goto err; + } + window_val = scalar->d[0] & mask; + j = 0; + while ((window_val != 0) || (j + w + 1 < len)) { /* if j+w+1 >= len, + * window_val will not + * increase */ + int digit = 0; + + /* 0 <= window_val <= 2^(w+1) */ + + if (window_val & 1) { + /* 0 < window_val < 2^(w+1) */ + + if (window_val & bit) { + digit = window_val - next_bit; /* -2^w < digit < 0 */ + +#if 1 /* modified wNAF */ + if (j + w + 1 >= len) { + /* + * Special case for generating modified wNAFs: + * no new bits will be added into window_val, + * so using a positive digit here will decrease + * the total length of the representation + */ + + digit = window_val & (mask >> 1); /* 0 < digit < 2^w */ + } +#endif + } else { + digit = window_val; /* 0 < digit < 2^w */ + } + + if (digit <= -bit || digit >= bit || !(digit & 1)) { + BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); + goto err; + } + + window_val -= digit; + + /* + * now window_val is 0 or 2^(w+1) in standard wNAF generation; + * for modified window NAFs, it may also be 2^w + */ + if (window_val != 0 && window_val != next_bit + && window_val != bit) { + BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); + goto err; + } + } + + r[j++] = sign * digit; + + window_val >>= 1; + window_val += bit * BN_is_bit_set(scalar, j + w); + + if (window_val > next_bit) { + BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); + goto err; + } + } + + if (j > len + 1) { + BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); + goto err; + } + *ret_len = j; + return r; + + err: + OPENSSL_free(r); + return NULL; +} + +int bn_get_top(const BIGNUM *a) +{ + return a->top; +} + +void bn_set_top(BIGNUM *a, int top) +{ + a->top = top; +} + +int bn_get_dmax(const BIGNUM *a) +{ + return a->dmax; +} + +void bn_set_all_zero(BIGNUM *a) +{ + int i; + + for (i = a->top; i < a->dmax; i++) + a->d[i] = 0; +} + +int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size) +{ + if (in->top > size) + return 0; + + memset(out, 0, sizeof(*out) * size); + if (in->d != NULL) + memcpy(out, in->d, sizeof(*out) * in->top); + return 1; +} + +BN_ULONG *bn_get_words(const BIGNUM *a) +{ + return a->d; +} + +void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size) +{ + a->d = words; + a->dmax = a->top = size; + a->neg = 0; + a->flags |= BN_FLG_STATIC_DATA; + bn_correct_top(a); +} + +int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words) +{ + if (bn_wexpand(a, num_words) == NULL) { + BNerr(BN_F_BN_SET_WORDS, ERR_R_MALLOC_FAILURE); + return 0; + } + + memcpy(a->d, words, sizeof(BN_ULONG) * num_words); + a->top = num_words; + bn_correct_top(a); + return 1; +} + +size_t bn_sizeof_BIGNUM(void) +{ + return sizeof(BIGNUM); +} + +BIGNUM *bn_array_el(BIGNUM *base, int el) +{ + return &base[el]; +} diff --git a/deps/openssl/openssl/crypto/bn/bn_kron.c b/deps/openssl/openssl/crypto/bn/bn_kron.c index 88d731ac75..b9bc6cca27 100644 --- a/deps/openssl/openssl/crypto/bn/bn_kron.c +++ b/deps/openssl/openssl/crypto/bn/bn_kron.c @@ -1,59 +1,13 @@ -/* crypto/bn/bn_kron.c */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" /* least significant word */ @@ -92,7 +46,7 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) goto end; /* - * Kronecker symbol, imlemented according to Henri Cohen, + * Kronecker symbol, implemented according to Henri Cohen, * "A Course in Computational Algebraic Number Theory" * (algorithm 1.4.10). */ diff --git a/deps/openssl/openssl/crypto/bn/bn_lcl.h b/deps/openssl/openssl/crypto/bn/bn_lcl.h index 00f4f09945..5fb3814554 100644 --- a/deps/openssl/openssl/crypto/bn/bn_lcl.h +++ b/deps/openssl/openssl/crypto/bn/bn_lcl.h @@ -1,123 +1,267 @@ -/* crypto/bn/bn_lcl.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #ifndef HEADER_BN_LCL_H # define HEADER_BN_LCL_H -# include <openssl/bn.h> +/* + * The EDK2 build doesn't use bn_conf.h; it sets THIRTY_TWO_BIT or + * SIXTY_FOUR_BIT in its own environment since it doesn't re-run our + * Configure script and needs to support both 32-bit and 64-bit. + */ +# include <openssl/opensslconf.h> + +# if !defined(OPENSSL_SYS_UEFI) +# include "internal/bn_conf.h" +# endif + +# include "internal/bn_int.h" #ifdef __cplusplus extern "C" { #endif +/* + * These preprocessor symbols control various aspects of the bignum headers + * and library code. They're not defined by any "normal" configuration, as + * they are intended for development and testing purposes. NB: defining all + * three can be useful for debugging application code as well as openssl + * itself. BN_DEBUG - turn on various debugging alterations to the bignum + * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up + * mismanagement of bignum internals. You must also define BN_DEBUG. + */ +/* #define BN_DEBUG */ +/* #define BN_DEBUG_RAND */ + +# ifndef OPENSSL_SMALL_FOOTPRINT +# define BN_MUL_COMBA +# define BN_SQR_COMBA +# define BN_RECURSION +# endif + +/* + * This next option uses the C libraries (2 word)/(1 word) function. If it is + * not defined, I use my C version (which is slower). The reason for this + * flag is that when the particular C compiler library routine is used, and + * the library is linked with a different compiler, the library is missing. + * This mostly happens when the library is built with gcc and then linked + * using normal cc. This would be a common occurrence because gcc normally + * produces code that is 2 times faster than system compilers for the big + * number stuff. For machines with only one compiler (or shared libraries), + * this should be on. Again this in only really a problem on machines using + * "long long's", are 32bit, and are not using my assembler code. + */ +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ + defined(OPENSSL_SYS_WIN32) || defined(linux) +# define BN_DIV2W +# endif + +/* + * 64-bit processor with LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT_LONG +# define BN_ULLONG unsigned long long +# define BN_BITS4 32 +# define BN_MASK2 (0xffffffffffffffffL) +# define BN_MASK2l (0xffffffffL) +# define BN_MASK2h (0xffffffff00000000L) +# define BN_MASK2h1 (0xffffffff80000000L) +# define BN_DEC_CONV (10000000000000000000UL) +# define BN_DEC_NUM 19 +# define BN_DEC_FMT1 "%lu" +# define BN_DEC_FMT2 "%019lu" +# endif + +/* + * 64-bit processor other than LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT +# undef BN_LLONG +# undef BN_ULLONG +# define BN_BITS4 32 +# define BN_MASK2 (0xffffffffffffffffLL) +# define BN_MASK2l (0xffffffffL) +# define BN_MASK2h (0xffffffff00000000LL) +# define BN_MASK2h1 (0xffffffff80000000LL) +# define BN_DEC_CONV (10000000000000000000ULL) +# define BN_DEC_NUM 19 +# define BN_DEC_FMT1 "%llu" +# define BN_DEC_FMT2 "%019llu" +# endif + +# ifdef THIRTY_TWO_BIT +# ifdef BN_LLONG +# if defined(_WIN32) && !defined(__GNUC__) +# define BN_ULLONG unsigned __int64 +# else +# define BN_ULLONG unsigned long long +# endif +# endif +# define BN_BITS4 16 +# define BN_MASK2 (0xffffffffL) +# define BN_MASK2l (0xffff) +# define BN_MASK2h1 (0xffff8000L) +# define BN_MASK2h (0xffff0000L) +# define BN_DEC_CONV (1000000000L) +# define BN_DEC_NUM 9 +# define BN_DEC_FMT1 "%u" +# define BN_DEC_FMT2 "%09u" +# endif + + +/*- + * Bignum consistency macros + * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from + * bignum data after direct manipulations on the data. There is also an + * "internal" macro, bn_check_top(), for verifying that there are no leading + * zeroes. Unfortunately, some auditing is required due to the fact that + * bn_fix_top() has become an overabused duct-tape because bignum data is + * occasionally passed around in an inconsistent state. So the following + * changes have been made to sort this out; + * - bn_fix_top()s implementation has been moved to bn_correct_top() + * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and + * bn_check_top() is as before. + * - if BN_DEBUG *is* defined; + * - bn_check_top() tries to pollute unused words even if the bignum 'top' is + * consistent. (ed: only if BN_DEBUG_RAND is defined) + * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. + * The idea is to have debug builds flag up inconsistent bignums when they + * occur. If that occurs in a bn_fix_top(), we examine the code in question; if + * the use of bn_fix_top() was appropriate (ie. it follows directly after code + * that manipulates the bignum) it is converted to bn_correct_top(), and if it + * was not appropriate, we convert it permanently to bn_check_top() and track + * down the cause of the bug. Eventually, no internal code should be using the + * bn_fix_top() macro. External applications and libraries should try this with + * their own code too, both in terms of building against the openssl headers + * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it + * defined. This not only improves external code, it provides more test + * coverage for openssl's own code. + */ + +# ifdef BN_DEBUG + +# ifdef BN_DEBUG_RAND +/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ +# ifndef RAND_bytes +int RAND_bytes(unsigned char *buf, int num); +# define BN_DEBUG_TRIX +# endif +# define bn_pollute(a) \ + do { \ + const BIGNUM *_bnum1 = (a); \ + if (_bnum1->top < _bnum1->dmax) { \ + unsigned char _tmp_char; \ + /* We cast away const without the compiler knowing, any \ + * *genuinely* constant variables that aren't mutable \ + * wouldn't be constructed with top!=dmax. */ \ + BN_ULONG *_not_const; \ + memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \ + RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\ + memset(_not_const + _bnum1->top, _tmp_char, \ + sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \ + } \ + } while(0) +# ifdef BN_DEBUG_TRIX +# undef RAND_bytes +# endif +# else +# define bn_pollute(a) +# endif +# define bn_check_top(a) \ + do { \ + const BIGNUM *_bnum2 = (a); \ + if (_bnum2 != NULL) { \ + OPENSSL_assert(((_bnum2->top == 0) && !_bnum2->neg) || \ + (_bnum2->top && (_bnum2->d[_bnum2->top - 1] != 0))); \ + bn_pollute(_bnum2); \ + } \ + } while(0) + +# define bn_fix_top(a) bn_check_top(a) + +# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +# define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + OPENSSL_assert((words) <= (_bnum2)->dmax && \ + (words) >= (_bnum2)->top); \ + /* avoid unused variable warning with NDEBUG */ \ + (void)(_bnum2); \ + } while(0) + +# else /* !BN_DEBUG */ + +# define bn_pollute(a) +# define bn_check_top(a) +# define bn_fix_top(a) bn_correct_top(a) +# define bn_check_size(bn, bits) +# define bn_wcheck_size(bn, words) + +# endif + +BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, + BN_ULONG w); +BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); +void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); +BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); +BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + int num); +BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + int num); + +struct bignum_st { + BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit + * chunks. */ + int top; /* Index of last used d +1. */ + /* The next are internal book keeping for bn_expand. */ + int dmax; /* Size of the d array. */ + int neg; /* one if the number is negative */ + int flags; +}; + +/* Used for montgomery multiplication */ +struct bn_mont_ctx_st { + int ri; /* number of bits in R */ + BIGNUM RR; /* used to convert to montgomery form */ + BIGNUM N; /* The modulus */ + BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only + * stored for bignum algorithm) */ + BN_ULONG n0[2]; /* least significant word(s) of Ni; (type + * changed with 0.9.9, was "BN_ULONG n0;" + * before) */ + int flags; +}; + +/* + * Used for reciprocal division/mod functions It cannot be shared between + * threads + */ +struct bn_recp_ctx_st { + BIGNUM N; /* the divisor */ + BIGNUM Nr; /* the reciprocal */ + int num_bits; + int shift; + int flags; +}; + +/* Used for slow "generation" functions. */ +struct bn_gencb_st { + unsigned int ver; /* To handle binary (in)compatibility */ + void *arg; /* callback-specific data */ + union { + /* if (ver==1) - handles old style callbacks */ + void (*cb_1) (int, int, void *); + /* if (ver==2) - new callback style */ + int (*cb_2) (int, int, BN_GENCB *); + } cb; +}; + /*- * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions * @@ -143,23 +287,11 @@ extern "C" { * (with draws in between). Very small exponents are often selected * with low Hamming weight, so we use w = 1 for b <= 23. */ -# if 1 -# define BN_window_bits_for_exponent_size(b) \ +# define BN_window_bits_for_exponent_size(b) \ ((b) > 671 ? 6 : \ (b) > 239 ? 5 : \ (b) > 79 ? 4 : \ (b) > 23 ? 3 : 1) -# else -/* - * Old SSLeay/OpenSSL table. Maximum window size was 5, so this table differs - * for b==1024; but it coincides for other interesting values (b==160, - * b==512). - */ -# define BN_window_bits_for_exponent_size(b) \ - ((b) > 255 ? 5 : \ - (b) > 127 ? 4 : \ - (b) > 17 ? 3 : 1) -# endif /* * BN_mod_exp_mont_conttime is based on the assumption that the L1 data cache @@ -294,8 +426,8 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, # endif # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) # if defined(__GNUC__) && __GNUC__>=2 -# if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4) - /* "h" constraint is no more since 4.4 */ +# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 + /* "h" constraint is not an option on R6 and was removed in 4.4 */ # define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) # define BN_UMULT_LOHI(low,high,a,b) ({ \ __uint128_t ret=(__uint128_t)(a)*(b); \ @@ -501,10 +633,10 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, } # endif /* !BN_LLONG */ -# if defined(OPENSSL_DOING_MAKEDEPEND) && defined(OPENSSL_FIPS) -# undef bn_div_words -# endif +void BN_RECP_CTX_init(BN_RECP_CTX *recp); +void BN_MONT_CTX_init(BN_MONT_CTX *ctx); +void bn_init(BIGNUM *a); void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb); void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); @@ -530,6 +662,26 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num); +BIGNUM *int_bn_mod_inverse(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, + int *noinv); + +int bn_probable_prime_dh(BIGNUM *rnd, int bits, + const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); +int bn_probable_prime_dh_retry(BIGNUM *rnd, int bits, BN_CTX *ctx); +int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx); + +static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits) +{ + if (bits > (INT_MAX - BN_BITS2 + 1)) + return NULL; + + if (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) + return a; + + return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2); +} + #ifdef __cplusplus } #endif diff --git a/deps/openssl/openssl/crypto/bn/bn_lib.c b/deps/openssl/openssl/crypto/bn/bn_lib.c index 27b9bdbc3c..7058494092 100644 --- a/deps/openssl/openssl/crypto/bn/bn_lib.c +++ b/deps/openssl/openssl/crypto/bn/bn_lib.c @@ -1,76 +1,20 @@ -/* crypto/bn/bn_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#ifndef BN_DEBUG -# undef NDEBUG /* avoid conflicting definitions */ -# define NDEBUG -#endif - #include <assert.h> #include <limits.h> -#include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" - -const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT; +#include <openssl/opensslconf.h> /* This stuff appears to be completely unused, so is deprecated */ -#ifndef OPENSSL_NO_DEPRECATED +#if OPENSSL_API_COMPAT < 0x00908000L /*- * For a 32 bit machine * 2 - 4 == 128 @@ -197,6 +141,15 @@ int BN_num_bits(const BIGNUM *a) return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); } +static void bn_free_d(BIGNUM *a) +{ + if (BN_get_flags(a, BN_FLG_SECURE)) + OPENSSL_secure_free(a->d); + else + OPENSSL_free(a->d); +} + + void BN_clear_free(BIGNUM *a) { int i; @@ -206,11 +159,11 @@ void BN_clear_free(BIGNUM *a) bn_check_top(a); if (a->d != NULL) { OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); - if (!(BN_get_flags(a, BN_FLG_STATIC_DATA))) - OPENSSL_free(a->d); + if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) + bn_free_d(a); } i = BN_get_flags(a, BN_FLG_MALLOCED); - OPENSSL_cleanse(a, sizeof(BIGNUM)); + OPENSSL_cleanse(a, sizeof(*a)); if (i) OPENSSL_free(a); } @@ -220,21 +173,23 @@ void BN_free(BIGNUM *a) if (a == NULL) return; bn_check_top(a); - if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) - OPENSSL_free(a->d); + if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) + bn_free_d(a); if (a->flags & BN_FLG_MALLOCED) OPENSSL_free(a); else { -#ifndef OPENSSL_NO_DEPRECATED +#if OPENSSL_API_COMPAT < 0x00908000L a->flags |= BN_FLG_FREE; #endif a->d = NULL; } } -void BN_init(BIGNUM *a) +void bn_init(BIGNUM *a) { - memset(a, 0, sizeof(BIGNUM)); + static BIGNUM nilbn; + + *a = nilbn; bn_check_top(a); } @@ -242,20 +197,24 @@ BIGNUM *BN_new(void) { BIGNUM *ret; - if ((ret = (BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) { + if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE); return (NULL); } ret->flags = BN_FLG_MALLOCED; - ret->top = 0; - ret->neg = 0; - ret->dmax = 0; - ret->d = NULL; bn_check_top(ret); return (ret); } -/* This is used both by bn_expand2() and bn_dup_expand() */ + BIGNUM *BN_secure_new(void) + { + BIGNUM *ret = BN_new(); + if (ret != NULL) + ret->flags |= BN_FLG_SECURE; + return (ret); + } + +/* This is used by bn_expand2() */ /* The caller MUST check that words > b->dmax before calling this */ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) { @@ -273,20 +232,14 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); return (NULL); } - a = A = (BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG) * words); + if (BN_get_flags(b, BN_FLG_SECURE)) + a = A = OPENSSL_secure_zalloc(words * sizeof(*a)); + else + a = A = OPENSSL_zalloc(words * sizeof(*a)); if (A == NULL) { BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE); return (NULL); } -#ifdef PURIFY - /* - * Valgrind complains in BN_consttime_swap because we process the whole - * array even if it's not initialised yet. This doesn't matter in that - * function - what's important is constant time operation (we're not - * actually going to use the data) - */ - memset(a, 0, sizeof(BN_ULONG) * words); -#endif #if 1 B = b->d; @@ -297,7 +250,7 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) * The fact that the loop is unrolled * 4-wise is a tribute to Intel. It's * the one that doesn't have enough - * registers to accomodate more data. + * registers to accommodate more data. * I'd unroll it 8-wise otherwise:-) * * <appro@fy.chalmers.se> @@ -312,24 +265,23 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) A[2] = a2; A[3] = a3; } - /* - * workaround for ultrix cc: without 'case 0', the optimizer does - * the switch table by doing a=top&3; a--; goto jump_table[a]; - * which fails for top== 0 - */ switch (b->top & 3) { case 3: A[2] = B[2]; + /* fall thru */ case 2: A[1] = B[1]; + /* fall thru */ case 1: A[0] = B[0]; + /* fall thru */ case 0: + /* Without the "case 0" some old optimizers got this wrong. */ ; } } #else - memset(A, 0, sizeof(BN_ULONG) * words); + memset(A, 0, sizeof(*A) * words); memcpy(A, b->d, sizeof(b->d[0]) * b->top); #endif @@ -337,58 +289,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) } /* - * This is an internal function that can be used instead of bn_expand2() when - * there is a need to copy BIGNUMs instead of only expanding the data part, - * while still expanding them. Especially useful when needing to expand - * BIGNUMs that are declared 'const' and should therefore not be changed. The - * reason to use this instead of a BN_dup() followed by a bn_expand2() is - * memory allocation overhead. A BN_dup() followed by a bn_expand2() will - * allocate new memory for the BIGNUM data twice, and free it once, while - * bn_dup_expand() makes sure allocation is made only once. - */ - -#ifndef OPENSSL_NO_DEPRECATED -BIGNUM *bn_dup_expand(const BIGNUM *b, int words) -{ - BIGNUM *r = NULL; - - bn_check_top(b); - - /* - * This function does not work if words <= b->dmax && top < words because - * BN_dup() does not preserve 'dmax'! (But bn_dup_expand() is not used - * anywhere yet.) - */ - - if (words > b->dmax) { - BN_ULONG *a = bn_expand_internal(b, words); - - if (a) { - r = BN_new(); - if (r) { - r->top = b->top; - r->dmax = words; - r->neg = b->neg; - r->d = a; - } else { - /* r == NULL, BN_new failure */ - OPENSSL_free(a); - } - } - /* - * If a == NULL, there was an error in allocation in - * bn_expand_internal(), and NULL should be returned - */ - } else { - r = BN_dup(b); - } - - bn_check_top(r); - return r; -} -#endif - -/* * This is an internal function that should not be used in applications. It * ensures that 'b' has enough room for a 'words' word number and initialises * any unused part of b->d with leading zeros. It is mostly used by the @@ -404,35 +304,14 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) BN_ULONG *a = bn_expand_internal(b, words); if (!a) return NULL; - if (b->d) - OPENSSL_free(b->d); + if (b->d) { + OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0])); + bn_free_d(b); + } b->d = a; b->dmax = words; } -/* None of this should be necessary because of what b->top means! */ -#if 0 - /* - * NB: bn_wexpand() calls this only if the BIGNUM really has to grow - */ - if (b->top < b->dmax) { - int i; - BN_ULONG *A = &(b->d[b->top]); - for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) { - A[0] = 0; - A[1] = 0; - A[2] = 0; - A[3] = 0; - A[4] = 0; - A[5] = 0; - A[6] = 0; - A[7] = 0; - } - for (i = (b->dmax - b->top) & 7; i > 0; i--, A++) - A[0] = 0; - assert(A == &(b->d[b->dmax])); - } -#endif bn_check_top(b); return b; } @@ -445,7 +324,7 @@ BIGNUM *BN_dup(const BIGNUM *a) return NULL; bn_check_top(a); - t = BN_new(); + t = BN_get_flags(a, BN_FLG_SECURE) ? BN_secure_new() : BN_new(); if (t == NULL) return NULL; if (!BN_copy(t, a)) { @@ -487,10 +366,13 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) switch (b->top & 3) { case 3: A[2] = B[2]; + /* fall thru */ case 2: A[1] = B[1]; + /* fall thru */ case 1: A[0] = B[0]; + /* fall thru */ case 0:; } #else @@ -542,7 +424,7 @@ void BN_clear(BIGNUM *a) { bn_check_top(a); if (a->d != NULL) - OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); + OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax); a->top = 0; a->neg = 0; } @@ -581,7 +463,9 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) if (ret == NULL) return (NULL); bn_check_top(ret); - l = 0; + /* Skip leading zero's. */ + for ( ; len > 0 && *s == 0; s++, len--) + continue; n = len; if (n == 0) { ret->top = 0; @@ -590,12 +474,12 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) i = ((n - 1) / BN_BYTES) + 1; m = ((n - 1) % (BN_BYTES)); if (bn_wexpand(ret, (int)i) == NULL) { - if (bn) - BN_free(bn); + BN_free(bn); return NULL; } ret->top = i; ret->neg = 0; + l = 0; while (n--) { l = (l << 8L) | *(s++); if (m-- == 0) { @@ -613,18 +497,106 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) } /* ignore negative */ -int BN_bn2bin(const BIGNUM *a, unsigned char *to) +static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) { - int n, i; + int i; BN_ULONG l; bn_check_top(a); - n = i = BN_num_bytes(a); + i = BN_num_bytes(a); + if (tolen == -1) + tolen = i; + else if (tolen < i) + return -1; + /* Add leading zeroes if necessary */ + if (tolen > i) { + memset(to, 0, tolen - i); + to += tolen - i; + } while (i--) { l = a->d[i / BN_BYTES]; *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; } - return (n); + return tolen; +} + +int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) +{ + if (tolen < 0) + return -1; + return bn2binpad(a, to, tolen); +} + +int BN_bn2bin(const BIGNUM *a, unsigned char *to) +{ + return bn2binpad(a, to, -1); +} + +BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret) +{ + unsigned int i, m; + unsigned int n; + BN_ULONG l; + BIGNUM *bn = NULL; + + if (ret == NULL) + ret = bn = BN_new(); + if (ret == NULL) + return (NULL); + bn_check_top(ret); + s += len; + /* Skip trailing zeroes. */ + for ( ; len > 0 && s[-1] == 0; s--, len--) + continue; + n = len; + if (n == 0) { + ret->top = 0; + return ret; + } + i = ((n - 1) / BN_BYTES) + 1; + m = ((n - 1) % (BN_BYTES)); + if (bn_wexpand(ret, (int)i) == NULL) { + BN_free(bn); + return NULL; + } + ret->top = i; + ret->neg = 0; + l = 0; + while (n--) { + s--; + l = (l << 8L) | *s; + if (m-- == 0) { + ret->d[--i] = l; + l = 0; + m = BN_BYTES - 1; + } + } + /* + * need to call this due to clear byte at top if avoiding having the top + * bit set (-ve number) + */ + bn_correct_top(ret); + return ret; +} + +int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen) +{ + int i; + BN_ULONG l; + bn_check_top(a); + i = BN_num_bytes(a); + if (tolen < i) + return -1; + /* Add trailing zeroes if necessary */ + if (tolen > i) + memset(to + i, 0, tolen - i); + to += i; + while (i--) { + l = a->d[i / BN_BYTES]; + to--; + *to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; + } + return tolen; } int BN_ucmp(const BIGNUM *a, const BIGNUM *b) @@ -800,9 +772,9 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) /* * Here follows a specialised variants of bn_cmp_words(). It has the - * property of performing the operation on arrays of different sizes. The + * capability of performing the operation on arrays of different sizes. The * sizes of those arrays is expressed through cl, which is the common length - * ( basicall, min(len(a),len(b)) ), and dl, which is the delta between the + * ( basically, min(len(a),len(b)) ), and dl, which is the delta between the * two lengths, calculated as len(a)-len(b). All lengths are the number of * BN_ULONGs... */ @@ -887,3 +859,158 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) } #undef BN_CONSTTIME_SWAP } + +/* Bits of security, see SP800-57 */ + +int BN_security_bits(int L, int N) +{ + int secbits, bits; + if (L >= 15360) + secbits = 256; + else if (L >= 7680) + secbits = 192; + else if (L >= 3072) + secbits = 128; + else if (L >= 2048) + secbits = 112; + else if (L >= 1024) + secbits = 80; + else + return 0; + if (N == -1) + return secbits; + bits = N / 2; + if (bits < 80) + return 0; + return bits >= secbits ? secbits : bits; +} + +void BN_zero_ex(BIGNUM *a) +{ + a->top = 0; + a->neg = 0; +} + +int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w) +{ + return ((a->top == 1) && (a->d[0] == w)) || ((w == 0) && (a->top == 0)); +} + +int BN_is_zero(const BIGNUM *a) +{ + return a->top == 0; +} + +int BN_is_one(const BIGNUM *a) +{ + return BN_abs_is_word(a, 1) && !a->neg; +} + +int BN_is_word(const BIGNUM *a, const BN_ULONG w) +{ + return BN_abs_is_word(a, w) && (!w || !a->neg); +} + +int BN_is_odd(const BIGNUM *a) +{ + return (a->top > 0) && (a->d[0] & 1); +} + +int BN_is_negative(const BIGNUM *a) +{ + return (a->neg != 0); +} + +int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx) +{ + return BN_mod_mul_montgomery(r, a, &(mont->RR), mont, ctx); +} + +void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags) +{ + dest->d = b->d; + dest->top = b->top; + dest->dmax = b->dmax; + dest->neg = b->neg; + dest->flags = ((dest->flags & BN_FLG_MALLOCED) + | (b->flags & ~BN_FLG_MALLOCED) + | BN_FLG_STATIC_DATA | flags); +} + +BN_GENCB *BN_GENCB_new(void) +{ + BN_GENCB *ret; + + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { + BNerr(BN_F_BN_GENCB_NEW, ERR_R_MALLOC_FAILURE); + return (NULL); + } + + return ret; +} + +void BN_GENCB_free(BN_GENCB *cb) +{ + if (cb == NULL) + return; + OPENSSL_free(cb); +} + +void BN_set_flags(BIGNUM *b, int n) +{ + b->flags |= n; +} + +int BN_get_flags(const BIGNUM *b, int n) +{ + return b->flags & n; +} + +/* Populate a BN_GENCB structure with an "old"-style callback */ +void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *), + void *cb_arg) +{ + BN_GENCB *tmp_gencb = gencb; + tmp_gencb->ver = 1; + tmp_gencb->arg = cb_arg; + tmp_gencb->cb.cb_1 = callback; +} + +/* Populate a BN_GENCB structure with a "new"-style callback */ +void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), + void *cb_arg) +{ + BN_GENCB *tmp_gencb = gencb; + tmp_gencb->ver = 2; + tmp_gencb->arg = cb_arg; + tmp_gencb->cb.cb_2 = callback; +} + +void *BN_GENCB_get_arg(BN_GENCB *cb) +{ + return cb->arg; +} + +BIGNUM *bn_wexpand(BIGNUM *a, int words) +{ + return (words <= a->dmax) ? a : bn_expand2(a, words); +} + +void bn_correct_top(BIGNUM *a) +{ + BN_ULONG *ftl; + int tmp_top = a->top; + + if (tmp_top > 0) { + for (ftl = &(a->d[tmp_top]); tmp_top > 0; tmp_top--) { + ftl--; + if (*ftl != 0) + break; + } + a->top = tmp_top; + } + if (a->top == 0) + a->neg = 0; + bn_pollute(a); +} diff --git a/deps/openssl/openssl/crypto/bn/bn_mod.c b/deps/openssl/openssl/crypto/bn/bn_mod.c index ffbce890cf..13b583f76c 100644 --- a/deps/openssl/openssl/crypto/bn/bn_mod.c +++ b/deps/openssl/openssl/crypto/bn/bn_mod.c @@ -1,129 +1,15 @@ -/* crypto/bn/bn_mod.c */ /* - * Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> - * for the OpenSSL project. - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" -#if 0 /* now just a #define */ -int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) -{ - return (BN_div(NULL, rem, m, d, ctx)); - /* note that rem->neg == m->neg (unless the remainder is zero) */ -} -#endif - int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) { /* @@ -262,8 +148,7 @@ int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); bn_check_top(r); - if (abs_m) - BN_free(abs_m); + BN_free(abs_m); return ret; } diff --git a/deps/openssl/openssl/crypto/bn/bn_mont.c b/deps/openssl/openssl/crypto/bn/bn_mont.c index c1703650ef..faef581571 100644 --- a/deps/openssl/openssl/crypto/bn/bn_mont.c +++ b/deps/openssl/openssl/crypto/bn/bn_mont.c @@ -1,112 +1,10 @@ -/* crypto/bn/bn_mont.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ /* @@ -116,8 +14,7 @@ * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf */ -#include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" #define MONT_WORD /* use the faster word-based algorithm */ @@ -197,12 +94,9 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) rp = r->d; /* clear the top words of T */ -# if 1 - for (i = r->top; i < max; i++) /* memset? XXX */ - rp[i] = 0; -# else - memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG)); -# endif + i = max - r->top; + if (i) + memset(&rp[r->top], 0, sizeof(*rp) * i); r->top = max; n0 = mont->n0[0]; @@ -303,7 +197,7 @@ BN_MONT_CTX *BN_MONT_CTX_new(void) { BN_MONT_CTX *ret; - if ((ret = (BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL) + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) return (NULL); BN_MONT_CTX_init(ret); @@ -314,9 +208,9 @@ BN_MONT_CTX *BN_MONT_CTX_new(void) void BN_MONT_CTX_init(BN_MONT_CTX *ctx) { ctx->ri = 0; - BN_init(&(ctx->RR)); - BN_init(&(ctx->N)); - BN_init(&(ctx->Ni)); + bn_init(&(ctx->RR)); + bn_init(&(ctx->N)); + bn_init(&(ctx->Ni)); ctx->n0[0] = ctx->n0[1] = 0; ctx->flags = 0; } @@ -356,7 +250,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) BIGNUM tmod; BN_ULONG buf[2]; - BN_init(&tmod); + bn_init(&tmod); tmod.d = buf; tmod.dmax = 2; tmod.neg = 0; @@ -489,14 +383,14 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) return (to); } -BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, const BIGNUM *mod, BN_CTX *ctx) { BN_MONT_CTX *ret; - CRYPTO_r_lock(lock); + CRYPTO_THREAD_read_lock(lock); ret = *pmont; - CRYPTO_r_unlock(lock); + CRYPTO_THREAD_unlock(lock); if (ret) return ret; @@ -509,7 +403,7 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, * (the losers throw away the work they've done). */ ret = BN_MONT_CTX_new(); - if (!ret) + if (ret == NULL) return NULL; if (!BN_MONT_CTX_set(ret, mod, ctx)) { BN_MONT_CTX_free(ret); @@ -517,12 +411,12 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, } /* The locked compare-and-set, after the local work is done. */ - CRYPTO_w_lock(lock); + CRYPTO_THREAD_write_lock(lock); if (*pmont) { BN_MONT_CTX_free(ret); ret = *pmont; } else *pmont = ret; - CRYPTO_w_unlock(lock); + CRYPTO_THREAD_unlock(lock); return ret; } diff --git a/deps/openssl/openssl/crypto/bn/bn_mpi.c b/deps/openssl/openssl/crypto/bn/bn_mpi.c index 3bd40bbd2b..043e21d26a 100644 --- a/deps/openssl/openssl/crypto/bn/bn_mpi.c +++ b/deps/openssl/openssl/crypto/bn/bn_mpi.c @@ -1,63 +1,14 @@ -/* crypto/bn/bn_mpi.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" int BN_bn2mpi(const BIGNUM *a, unsigned char *d) @@ -88,41 +39,48 @@ int BN_bn2mpi(const BIGNUM *a, unsigned char *d) return (num + 4 + ext); } -BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) +BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain) { long len; int neg = 0; + BIGNUM *a = NULL; if (n < 4) { BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH); - return (NULL); + return NULL; } len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int) d[3]; if ((len + 4) != n) { BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR); - return (NULL); + return NULL; } - if (a == NULL) + if (ain == NULL) a = BN_new(); + else + a = ain; + if (a == NULL) - return (NULL); + return NULL; if (len == 0) { a->neg = 0; a->top = 0; - return (a); + return a; } d += 4; if ((*d) & 0x80) neg = 1; - if (BN_bin2bn(d, (int)len, a) == NULL) - return (NULL); + if (BN_bin2bn(d, (int)len, a) == NULL) { + if (ain == NULL) + BN_free(a); + return NULL; + } a->neg = neg; if (neg) { BN_clear_bit(a, BN_num_bits(a) - 1); } bn_check_top(a); - return (a); + return a; } diff --git a/deps/openssl/openssl/crypto/bn/bn_mul.c b/deps/openssl/openssl/crypto/bn/bn_mul.c index 6b455a755f..a1abc5b05a 100644 --- a/deps/openssl/openssl/crypto/bn/bn_mul.c +++ b/deps/openssl/openssl/crypto/bn/bn_mul.c @@ -1,69 +1,14 @@ -/* crypto/bn/bn_mul.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#ifndef BN_DEBUG -# undef NDEBUG /* avoid conflicting definitions */ -# define NDEBUG -#endif - -#include <stdio.h> #include <assert.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" #if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS) @@ -71,7 +16,7 @@ * Here follows specialised variants of bn_add_words() and bn_sub_words(). * They have the property performing operations on arrays of different sizes. * The sizes of those arrays is expressed through cl, which is the common - * length ( basicall, min(len(a),len(b)) ), and dl, which is the delta + * length ( basically, min(len(a),len(b)) ), and dl, which is the delta * between the two lengths, calculated as len(a)-len(b). All lengths are the * number of BN_ULONGs... For the operations that require a result array as * parameter, it must have the length cl+abs(dl). These functions should @@ -96,10 +41,6 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, b += cl; if (dl < 0) { -# ifdef BN_COUNT - fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, - dl, c); -# endif for (;;) { t = b[0]; r[0] = (0 - t - c) & BN_MASK2; @@ -134,10 +75,6 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, } } else { int save_dl = dl; -# ifdef BN_COUNT - fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, - dl, c); -# endif while (c) { t = a[0]; r[0] = (t - c) & BN_MASK2; @@ -172,20 +109,18 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, r += 4; } if (dl > 0) { -# ifdef BN_COUNT - fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", - cl, dl); -# endif if (save_dl > dl) { switch (save_dl - dl) { case 1: r[1] = a[1]; if (--dl <= 0) break; + /* fall thru */ case 2: r[2] = a[2]; if (--dl <= 0) break; + /* fall thru */ case 3: r[3] = a[3]; if (--dl <= 0) @@ -196,10 +131,6 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, } } if (dl > 0) { -# ifdef BN_COUNT - fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", - cl, dl); -# endif for (;;) { r[0] = a[0]; if (--dl <= 0) @@ -241,10 +172,6 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, if (dl < 0) { int save_dl = dl; -#ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, - dl, c); -#endif while (c) { l = (c + b[0]) & BN_MASK2; c = (l < c); @@ -275,20 +202,18 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, r += 4; } if (dl < 0) { -#ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", - cl, dl); -#endif if (save_dl < dl) { switch (dl - save_dl) { case 1: r[1] = b[1]; if (++dl >= 0) break; + /* fall thru */ case 2: r[2] = b[2]; if (++dl >= 0) break; + /* fall thru */ case 3: r[3] = b[3]; if (++dl >= 0) @@ -299,10 +224,6 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, } } if (dl < 0) { -#ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", - cl, dl); -#endif for (;;) { r[0] = b[0]; if (++dl >= 0) @@ -323,9 +244,6 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, } } else { int save_dl = dl; -#ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl); -#endif while (c) { t = (a[0] + c) & BN_MASK2; c = (t < c); @@ -355,10 +273,6 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, a += 4; r += 4; } -#ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, - dl); -#endif if (dl > 0) { if (save_dl > dl) { switch (save_dl - dl) { @@ -366,10 +280,12 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, r[1] = a[1]; if (--dl <= 0) break; + /* fall thru */ case 2: r[2] = a[2]; if (--dl <= 0) break; + /* fall thru */ case 3: r[3] = a[3]; if (--dl <= 0) @@ -380,10 +296,6 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, } } if (dl > 0) { -#ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", - cl, dl); -#endif for (;;) { r[0] = a[0]; if (--dl <= 0) @@ -432,9 +344,6 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, unsigned int neg, zero; BN_ULONG ln, lo, *p; -# ifdef BN_COUNT - fprintf(stderr, " bn_mul_recursive %d%+d * %d%+d\n", n2, dna, n2, dnb); -# endif # ifdef BN_MUL_COMBA # if 0 if (n2 == 4) { @@ -501,7 +410,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, if (!zero) bn_mul_comba4(&(t[n2]), t, &(t[n])); else - memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG)); + memset(&t[n2], 0, sizeof(*t) * 8); bn_mul_comba4(r, a, b); bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n])); @@ -511,7 +420,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, if (!zero) bn_mul_comba8(&(t[n2]), t, &(t[n])); else - memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG)); + memset(&t[n2], 0, sizeof(*t) * 16); bn_mul_comba8(r, a, b); bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n])); @@ -522,7 +431,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, if (!zero) bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); else - memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); + memset(&t[n2], 0, sizeof(*t) * n2); bn_mul_recursive(r, a, b, n, 0, 0, p); bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p); } @@ -581,10 +490,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, int c1, c2, neg; BN_ULONG ln, lo, *p; -# ifdef BN_COUNT - fprintf(stderr, " bn_mul_part_recursive (%d%+d) * (%d%+d)\n", - n, tna, n, tnb); -# endif if (n < 8) { bn_mul_normal(r, a, n + tna, b, n + tnb); return; @@ -631,14 +536,14 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, bn_mul_comba4(&(t[n2]), t, &(t[n])); bn_mul_comba4(r, a, b); bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn); - memset(&(r[n2 + tn * 2]), 0, sizeof(BN_ULONG) * (n2 - tn * 2)); + memset(&r[n2 + tn * 2], 0, sizeof(*r) * (n2 - tn * 2)); } else # endif if (n == 8) { bn_mul_comba8(&(t[n2]), t, &(t[n])); bn_mul_comba8(r, a, b); bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); - memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb)); + memset(&r[n2 + tna + tnb], 0, sizeof(*r) * (n2 - tna - tnb)); } else { p = &(t[n2 * 2]); bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); @@ -654,7 +559,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, if (j == 0) { bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), i, tna - i, tnb - i, p); - memset(&(r[n2 + i * 2]), 0, sizeof(BN_ULONG) * (n2 - i * 2)); + memset(&r[n2 + i * 2], 0, sizeof(*r) * (n2 - i * 2)); } else if (j > 0) { /* eg, n == 16, i == 8 and tn == 11 */ bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]), i, tna - i, tnb - i, p); @@ -662,7 +567,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, sizeof(BN_ULONG) * (n2 - tna - tnb)); } else { /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ - memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2); + memset(&r[n2], 0, sizeof(*r) * n2); if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) { bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); @@ -741,10 +646,6 @@ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, { int n = n2 / 2; -# ifdef BN_COUNT - fprintf(stderr, " bn_mul_low_recursive %d * %d\n", n2, n2); -# endif - bn_mul_recursive(r, a, b, n, 0, 0, &(t[0])); if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) { bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2])); @@ -773,9 +674,6 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, int neg, oneg, zero; BN_ULONG ll, lc, *lp, *mp; -# ifdef BN_COUNT - fprintf(stderr, " bn_mul_high %d * %d\n", n2, n2); -# endif n = n2 / 2; /* Calculate (al-ah)*(bh-bl) */ @@ -837,9 +735,8 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, */ if (l != NULL) { lp = &(t[n2 + n]); - c1 = (int)(bn_add_words(lp, &(r[0]), &(l[0]), n)); + bn_add_words(lp, &(r[0]), &(l[0]), n); } else { - c1 = 0; lp = &(r[0]); } @@ -947,10 +844,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) int j = 0, k; #endif -#ifdef BN_COUNT - fprintf(stderr, "BN_mul %d * %d\n", a->top, b->top); -#endif - bn_check_top(a); bn_check_top(b); bn_check_top(r); @@ -970,7 +863,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) goto err; } else rr = r; - rr->neg = a->neg ^ b->neg; #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) i = al - bl; @@ -1042,6 +934,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) end: #endif + rr->neg = a->neg ^ b->neg; bn_correct_top(rr); if (r != rr && BN_copy(r, rr) == NULL) goto err; @@ -1057,10 +950,6 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) { BN_ULONG *rr; -#ifdef BN_COUNT - fprintf(stderr, " bn_mul_normal %d * %d\n", na, nb); -#endif - if (na < nb) { int itmp; BN_ULONG *ltmp; @@ -1101,9 +990,6 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) { -#ifdef BN_COUNT - fprintf(stderr, " bn_mul_low_normal %d * %d\n", n, n); -#endif bn_mul_words(r, a, n, b[0]); for (;;) { diff --git a/deps/openssl/openssl/crypto/bn/bn_nist.c b/deps/openssl/openssl/crypto/bn/bn_nist.c index 4a45404c6f..53598f97ef 100644 --- a/deps/openssl/openssl/crypto/bn/bn_nist.c +++ b/deps/openssl/openssl/crypto/bn/bn_nist.c @@ -1,63 +1,14 @@ -/* crypto/bn/bn_nist.c */ /* - * Written by Nils Larsch for the OpenSSL project - */ -/* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include "bn_lcl.h" -#include "cryptlib.h" +#include "internal/cryptlib.h" #define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 #define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 @@ -379,8 +330,8 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, PTR_SIZE_INT mask; static const BIGNUM _bignum_nist_p_192_sqr = { (BN_ULONG *)_nist_p_192_sqr, - sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), - sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), + OSSL_NELEM(_nist_p_192_sqr), + OSSL_NELEM(_nist_p_192_sqr), 0, BN_FLG_STATIC_DATA }; @@ -524,8 +475,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, } u; static const BIGNUM _bignum_nist_p_224_sqr = { (BN_ULONG *)_nist_p_224_sqr, - sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), - sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), + OSSL_NELEM(_nist_p_224_sqr), + OSSL_NELEM(_nist_p_224_sqr), 0, BN_FLG_STATIC_DATA }; @@ -645,7 +596,7 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, #endif } else if (carry < 0) { /* - * it's a bit more comlicated logic in this case. if bn_add_words + * it's a bit more complicated logic in this case. if bn_add_words * yields no carry, then result has to be adjusted by unconditionally * *adding* the modulus. but if it does, then result has to be * compared to the modulus and conditionally adjusted by @@ -705,8 +656,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, } u; static const BIGNUM _bignum_nist_p_256_sqr = { (BN_ULONG *)_nist_p_256_sqr, - sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), - sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), + OSSL_NELEM(_nist_p_256_sqr), + OSSL_NELEM(_nist_p_256_sqr), 0, BN_FLG_STATIC_DATA }; @@ -951,8 +902,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, } u; static const BIGNUM _bignum_nist_p_384_sqr = { (BN_ULONG *)_nist_p_384_sqr, - sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), - sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), + OSSL_NELEM(_nist_p_384_sqr), + OSSL_NELEM(_nist_p_384_sqr), 0, BN_FLG_STATIC_DATA }; @@ -1209,8 +1160,8 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, PTR_SIZE_INT mask; static const BIGNUM _bignum_nist_p_521_sqr = { (BN_ULONG *)_nist_p_521_sqr, - sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), - sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), + OSSL_NELEM(_nist_p_521_sqr), + OSSL_NELEM(_nist_p_521_sqr), 0, BN_FLG_STATIC_DATA }; @@ -1239,9 +1190,20 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP); /* ... and right shift */ for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) { +#if 0 + /* + * MSC ARM compiler [version 2013, presumably even earlier, + * much earlier] miscompiles this code, but not one in + * #else section. See RT#3541. + */ + tmp = val >> BN_NIST_521_RSHIFT; + val = t_d[i + 1]; + t_d[i] = (tmp | val << BN_NIST_521_LSHIFT) & BN_MASK2; +#else t_d[i] = (val >> BN_NIST_521_RSHIFT | (tmp = t_d[i + 1]) << BN_NIST_521_LSHIFT) & BN_MASK2; val = tmp; +#endif } t_d[i] = val >> BN_NIST_521_RSHIFT; /* lower 521 bits */ @@ -1260,3 +1222,18 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, return 1; } + +int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a, + const BIGNUM *field, BN_CTX *ctx) { + if (BN_ucmp(&_bignum_nist_p_192, p) == 0) + return BN_nist_mod_192; + if (BN_ucmp(&_bignum_nist_p_224, p) == 0) + return BN_nist_mod_224; + if (BN_ucmp(&_bignum_nist_p_256, p) == 0) + return BN_nist_mod_256; + if (BN_ucmp(&_bignum_nist_p_384, p) == 0) + return BN_nist_mod_384; + if (BN_ucmp(&_bignum_nist_p_521, p) == 0) + return BN_nist_mod_521; + return 0; +} diff --git a/deps/openssl/openssl/crypto/bn/bn_prime.c b/deps/openssl/openssl/crypto/bn/bn_prime.c index e911e15785..616389cfa6 100644 --- a/deps/openssl/openssl/crypto/bn/bn_prime.c +++ b/deps/openssl/openssl/crypto/bn/bn_prime.c @@ -1,125 +1,18 @@ -/* crypto/bn/bn_prime.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * WARNING: do not edit! + * Generated by crypto/bn/bn_prime.pl + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <time.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" -#include <openssl/rand.h> - -/* - * NB: these functions have been "upgraded", the deprecated versions (which - * are compatibility wrappers using these functions) are in bn_depr.c. - - * Geoff - */ /* * The quick sieve algorithm approach to weeding out primes is Philip @@ -131,12 +24,57 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont); -static int probable_prime(BIGNUM *rnd, int bits); -static int probable_prime_dh(BIGNUM *rnd, int bits, - const BIGNUM *add, const BIGNUM *rem, - BN_CTX *ctx); -static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add, - const BIGNUM *rem, BN_CTX *ctx); +static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods); +static int probable_prime_dh_safe(BIGNUM *rnd, int bits, + const BIGNUM *add, const BIGNUM *rem, + BN_CTX *ctx); + +static const int prime_offsets[480] = { + 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, + 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, + 167, 169, 173, 179, 181, 191, 193, 197, 199, 211, 221, 223, 227, 229, + 233, 239, 241, 247, 251, 257, 263, 269, 271, 277, 281, 283, 289, 293, + 299, 307, 311, 313, 317, 323, 331, 337, 347, 349, 353, 359, 361, 367, + 373, 377, 379, 383, 389, 391, 397, 401, 403, 409, 419, 421, 431, 433, + 437, 439, 443, 449, 457, 461, 463, 467, 479, 481, 487, 491, 493, 499, + 503, 509, 521, 523, 527, 529, 533, 541, 547, 551, 557, 559, 563, 569, + 571, 577, 587, 589, 593, 599, 601, 607, 611, 613, 617, 619, 629, 631, + 641, 643, 647, 653, 659, 661, 667, 673, 677, 683, 689, 691, 697, 701, + 703, 709, 713, 719, 727, 731, 733, 739, 743, 751, 757, 761, 767, 769, + 773, 779, 787, 793, 797, 799, 809, 811, 817, 821, 823, 827, 829, 839, + 841, 851, 853, 857, 859, 863, 871, 877, 881, 883, 887, 893, 899, 901, + 907, 911, 919, 923, 929, 937, 941, 943, 947, 949, 953, 961, 967, 971, + 977, 983, 989, 991, 997, 1003, 1007, 1009, 1013, 1019, 1021, 1027, 1031, + 1033, 1037, 1039, 1049, 1051, 1061, 1063, 1069, 1073, 1079, 1081, 1087, + 1091, 1093, 1097, 1103, 1109, 1117, 1121, 1123, 1129, 1139, 1147, 1151, + 1153, 1157, 1159, 1163, 1171, 1181, 1187, 1189, 1193, 1201, 1207, 1213, + 1217, 1219, 1223, 1229, 1231, 1237, 1241, 1247, 1249, 1259, 1261, 1271, + 1273, 1277, 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, 1313, 1319, + 1321, 1327, 1333, 1339, 1343, 1349, 1357, 1361, 1363, 1367, 1369, 1373, + 1381, 1387, 1391, 1399, 1403, 1409, 1411, 1417, 1423, 1427, 1429, 1433, + 1439, 1447, 1451, 1453, 1457, 1459, 1469, 1471, 1481, 1483, 1487, 1489, + 1493, 1499, 1501, 1511, 1513, 1517, 1523, 1531, 1537, 1541, 1543, 1549, + 1553, 1559, 1567, 1571, 1577, 1579, 1583, 1591, 1597, 1601, 1607, 1609, + 1613, 1619, 1621, 1627, 1633, 1637, 1643, 1649, 1651, 1657, 1663, 1667, + 1669, 1679, 1681, 1691, 1693, 1697, 1699, 1703, 1709, 1711, 1717, 1721, + 1723, 1733, 1739, 1741, 1747, 1751, 1753, 1759, 1763, 1769, 1777, 1781, + 1783, 1787, 1789, 1801, 1807, 1811, 1817, 1819, 1823, 1829, 1831, 1843, + 1847, 1849, 1853, 1861, 1867, 1871, 1873, 1877, 1879, 1889, 1891, 1901, + 1907, 1909, 1913, 1919, 1921, 1927, 1931, 1933, 1937, 1943, 1949, 1951, + 1957, 1961, 1963, 1973, 1979, 1987, 1993, 1997, 1999, 2003, 2011, 2017, + 2021, 2027, 2029, 2033, 2039, 2041, 2047, 2053, 2059, 2063, 2069, 2071, + 2077, 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2117, 2119, 2129, 2131, + 2137, 2141, 2143, 2147, 2153, 2159, 2161, 2171, 2173, 2179, 2183, 2197, + 2201, 2203, 2207, 2209, 2213, 2221, 2227, 2231, 2237, 2239, 2243, 2249, + 2251, 2257, 2263, 2267, 2269, 2273, 2279, 2281, 2287, 2291, 2293, 2297, + 2309, 2311 +}; + +static const int prime_offset_count = 480; +static const int prime_multiplier = 2310; +static const int prime_multiplier_bits = 11; /* 2^|prime_multiplier_bits| <= + * |prime_multiplier| */ +static const int first_prime_index = 5; int BN_GENCB_call(BN_GENCB *cb, int a, int b) { @@ -166,9 +104,24 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, BIGNUM *t; int found = 0; int i, j, c1 = 0; - BN_CTX *ctx; + BN_CTX *ctx = NULL; + prime_t *mods = NULL; int checks = BN_prime_checks_for_size(bits); + if (bits < 2) { + /* There are no prime numbers this small. */ + BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); + return 0; + } else if (bits == 2 && safe) { + /* The smallest safe prime (7) is three bits. */ + BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); + return 0; + } + + mods = OPENSSL_zalloc(sizeof(*mods) * NUMPRIMES); + if (mods == NULL) + goto err; + ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -179,18 +132,18 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, loop: /* make a random number and set the top and bottom bits */ if (add == NULL) { - if (!probable_prime(ret, bits)) + if (!probable_prime(ret, bits, mods)) goto err; } else { if (safe) { if (!probable_prime_dh_safe(ret, bits, add, rem, ctx)) goto err; } else { - if (!probable_prime_dh(ret, bits, add, rem, ctx)) + if (!bn_probable_prime_dh(ret, bits, add, rem, ctx)) goto err; } } - /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */ + if (!BN_GENCB_call(cb, 0, c1++)) /* aborted */ goto err; @@ -230,10 +183,10 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, /* we have a prime :-) */ found = 1; err: - if (ctx != NULL) { + OPENSSL_free(mods); + if (ctx != NULL) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_free(ctx); bn_check_top(ret); return found; } @@ -264,9 +217,13 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, /* a is even => a is prime if and only if a == 2 */ return BN_is_word(a, 2); if (do_trial_division) { - for (i = 1; i < NUMPRIMES; i++) - if (BN_mod_word(a, primes[i]) == 0) + for (i = 1; i < NUMPRIMES; i++) { + BN_ULONG mod = BN_mod_word(a, primes[i]); + if (mod == (BN_ULONG)-1) + goto err; + if (mod == 0) return 0; + } if (!BN_GENCB_call(cb, 1, -1)) goto err; } @@ -331,12 +288,88 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, if (ctx_passed == NULL) BN_CTX_free(ctx); } - if (mont != NULL) - BN_MONT_CTX_free(mont); + BN_MONT_CTX_free(mont); return (ret); } +int bn_probable_prime_dh_retry(BIGNUM *rnd, int bits, BN_CTX *ctx) +{ + int i; + int ret = 0; + + loop: + if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) + goto err; + + /* we now have a random number 'rand' to test. */ + + for (i = 1; i < NUMPRIMES; i++) { + /* check that rnd is a prime */ + BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); + if (mod == (BN_ULONG)-1) + goto err; + if (mod <= 1) { + goto loop; + } + } + ret = 1; + + err: + bn_check_top(rnd); + return (ret); +} + +int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx) +{ + int i; + BIGNUM *offset_index; + BIGNUM *offset_count; + int ret = 0; + + OPENSSL_assert(bits > prime_multiplier_bits); + + BN_CTX_start(ctx); + if ((offset_index = BN_CTX_get(ctx)) == NULL) + goto err; + if ((offset_count = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_add_word(offset_count, prime_offset_count)) + goto err; + + loop: + if (!BN_rand(rnd, bits - prime_multiplier_bits, + BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) + goto err; + if (BN_is_bit_set(rnd, bits)) + goto loop; + if (!BN_rand_range(offset_index, offset_count)) + goto err; + + if (!BN_mul_word(rnd, prime_multiplier) + || !BN_add_word(rnd, prime_offsets[BN_get_word(offset_index)])) + goto err; + + /* we now have a random number 'rand' to test. */ + + /* skip coprimes */ + for (i = first_prime_index; i < NUMPRIMES; i++) { + /* check that rnd is a prime */ + BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); + if (mod == (BN_ULONG)-1) + goto err; + if (mod <= 1) + goto loop; + } + ret = 1; + + err: + BN_CTX_end(ctx); + bn_check_top(rnd); + return ret; +} + static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont) @@ -364,41 +397,90 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, return 1; } -static int probable_prime(BIGNUM *rnd, int bits) +static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods) { int i; - prime_t mods[NUMPRIMES]; - BN_ULONG delta, maxdelta; + BN_ULONG delta; + BN_ULONG maxdelta = BN_MASK2 - primes[NUMPRIMES - 1]; + char is_single_word = bits <= BN_BITS2; again: - if (!BN_rand(rnd, bits, 1, 1)) + if (!BN_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD)) return (0); - /* we now have a random number 'rand' to test. */ - for (i = 1; i < NUMPRIMES; i++) - mods[i] = (prime_t) BN_mod_word(rnd, (BN_ULONG)primes[i]); - maxdelta = BN_MASK2 - primes[NUMPRIMES - 1]; + /* we now have a random number 'rnd' to test. */ + for (i = 1; i < NUMPRIMES; i++) { + BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); + if (mod == (BN_ULONG)-1) + return 0; + mods[i] = (prime_t) mod; + } + /* + * If bits is so small that it fits into a single word then we + * additionally don't want to exceed that many bits. + */ + if (is_single_word) { + BN_ULONG size_limit; + + if (bits == BN_BITS2) { + /* + * Shifting by this much has undefined behaviour so we do it a + * different way + */ + size_limit = ~((BN_ULONG)0) - BN_get_word(rnd); + } else { + size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1; + } + if (size_limit < maxdelta) + maxdelta = size_limit; + } delta = 0; - loop:for (i = 1; i < NUMPRIMES; i++) { - /* - * check that rnd is not a prime and also that gcd(rnd-1,primes) == 1 - * (except for 2) + loop: + if (is_single_word) { + BN_ULONG rnd_word = BN_get_word(rnd); + + /*- + * In the case that the candidate prime is a single word then + * we check that: + * 1) It's greater than primes[i] because we shouldn't reject + * 3 as being a prime number because it's a multiple of + * three. + * 2) That it's not a multiple of a known prime. We don't + * check that rnd-1 is also coprime to all the known + * primes because there aren't many small primes where + * that's true. */ - if (((mods[i] + delta) % primes[i]) <= 1) { - delta += 2; - if (delta > maxdelta) - goto again; - goto loop; + for (i = 1; i < NUMPRIMES && primes[i] < rnd_word; i++) { + if ((mods[i] + delta) % primes[i] == 0) { + delta += 2; + if (delta > maxdelta) + goto again; + goto loop; + } + } + } else { + for (i = 1; i < NUMPRIMES; i++) { + /* + * check that rnd is not a prime and also that gcd(rnd-1,primes) + * == 1 (except for 2) + */ + if (((mods[i] + delta) % primes[i]) <= 1) { + delta += 2; + if (delta > maxdelta) + goto again; + goto loop; + } } } if (!BN_add_word(rnd, delta)) return (0); + if (BN_num_bits(rnd) != bits) + goto again; bn_check_top(rnd); return (1); } -static int probable_prime_dh(BIGNUM *rnd, int bits, - const BIGNUM *add, const BIGNUM *rem, - BN_CTX *ctx) +int bn_probable_prime_dh(BIGNUM *rnd, int bits, + const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx) { int i, ret = 0; BIGNUM *t1; @@ -407,7 +489,7 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, if ((t1 = BN_CTX_get(ctx)) == NULL) goto err; - if (!BN_rand(rnd, bits, 0, 1)) + if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) goto err; /* we need ((rnd-rem) % add) == 0 */ @@ -426,15 +508,20 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, /* we now have a random number 'rand' to test. */ - loop:for (i = 1; i < NUMPRIMES; i++) { + loop: + for (i = 1; i < NUMPRIMES; i++) { /* check that rnd is a prime */ - if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) { + BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); + if (mod == (BN_ULONG)-1) + goto err; + if (mod <= 1) { if (!BN_add(rnd, rnd, add)) goto err; goto loop; } } ret = 1; + err: BN_CTX_end(ctx); bn_check_top(rnd); @@ -458,7 +545,7 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, if (!BN_rshift1(qadd, padd)) goto err; - if (!BN_rand(q, bits, 0, 1)) + if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) goto err; /* we need ((rnd-rem) % add) == 0 */ @@ -482,13 +569,17 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, if (!BN_add_word(p, 1)) goto err; - loop:for (i = 1; i < NUMPRIMES; i++) { + loop: + for (i = 1; i < NUMPRIMES; i++) { /* check that p and q are prime */ /* * check that for p and q gcd(p-1,primes) == 1 (except for 2) */ - if ((BN_mod_word(p, (BN_ULONG)primes[i]) == 0) || - (BN_mod_word(q, (BN_ULONG)primes[i]) == 0)) { + BN_ULONG pmod = BN_mod_word(p, (BN_ULONG)primes[i]); + BN_ULONG qmod = BN_mod_word(q, (BN_ULONG)primes[i]); + if (pmod == (BN_ULONG)-1 || qmod == (BN_ULONG)-1) + goto err; + if (pmod == 0 || qmod == 0) { if (!BN_add(p, p, padd)) goto err; if (!BN_add(q, q, qadd)) @@ -497,6 +588,7 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, } } ret = 1; + err: BN_CTX_end(ctx); bn_check_top(p); diff --git a/deps/openssl/openssl/crypto/bn/bn_prime.h b/deps/openssl/openssl/crypto/bn/bn_prime.h index 489af8b424..5f5cc4f580 100644 --- a/deps/openssl/openssl/crypto/bn/bn_prime.h +++ b/deps/openssl/openssl/crypto/bn/bn_prime.h @@ -1,326 +1,274 @@ -/* Auto generated by bn_prime.pl */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * WARNING: do not edit! + * Generated by crypto/bn/bn_prime.pl * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. + * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#ifndef EIGHT_BIT -# define NUMPRIMES 2048 typedef unsigned short prime_t; -#else -# define NUMPRIMES 54 -typedef unsigned char prime_t; -#endif -static const prime_t primes[NUMPRIMES] = { - 2, 3, 5, 7, 11, 13, 17, 19, - 23, 29, 31, 37, 41, 43, 47, 53, - 59, 61, 67, 71, 73, 79, 83, 89, - 97, 101, 103, 107, 109, 113, 127, 131, - 137, 139, 149, 151, 157, 163, 167, 173, - 179, 181, 191, 193, 197, 199, 211, 223, - 227, 229, 233, 239, 241, 251, -#ifndef EIGHT_BIT - 257, 263, - 269, 271, 277, 281, 283, 293, 307, 311, - 313, 317, 331, 337, 347, 349, 353, 359, - 367, 373, 379, 383, 389, 397, 401, 409, - 419, 421, 431, 433, 439, 443, 449, 457, - 461, 463, 467, 479, 487, 491, 499, 503, - 509, 521, 523, 541, 547, 557, 563, 569, - 571, 577, 587, 593, 599, 601, 607, 613, - 617, 619, 631, 641, 643, 647, 653, 659, - 661, 673, 677, 683, 691, 701, 709, 719, - 727, 733, 739, 743, 751, 757, 761, 769, - 773, 787, 797, 809, 811, 821, 823, 827, - 829, 839, 853, 857, 859, 863, 877, 881, - 883, 887, 907, 911, 919, 929, 937, 941, - 947, 953, 967, 971, 977, 983, 991, 997, - 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, - 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, - 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, - 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, - 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, - 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, - 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, - 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, - 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, - 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, - 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, - 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, - 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, - 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, - 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, - 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, - 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, - 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, - 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, - 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, - 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, - 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, - 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, - 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, - 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, - 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, - 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, - 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, - 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, - 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, - 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, - 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, - 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, - 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, - 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, - 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, - 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, - 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, - 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, - 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, - 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, - 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, - 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, - 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, - 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, - 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, - 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, - 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, - 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, - 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, - 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, - 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, - 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, - 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, - 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, - 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, - 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, - 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, - 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, - 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, - 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, - 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, - 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, - 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, - 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, - 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, - 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, - 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, - 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, - 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, - 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, - 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, - 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, - 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, - 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, - 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, - 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, - 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, - 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, - 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, - 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, - 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, - 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, - 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, - 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, - 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, - 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, - 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, - 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, - 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, - 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, - 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, - 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, - 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, - 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, - 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, - 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, - 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, - 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, - 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, - 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, - 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, - 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, - 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, - 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, - 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, - 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, - 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, - 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, - 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, - 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, - 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, - 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, - 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, - 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, - 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, - 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, - 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, - 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, - 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, - 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, - 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, - 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, - 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, - 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, - 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, - 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, - 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, - 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, - 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, - 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, - 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, - 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, - 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, - 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, - 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, - 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, - 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, - 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, - 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, - 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, - 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, - 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, - 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, - 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, - 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, - 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, - 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, - 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, - 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, - 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, - 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, - 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, - 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, - 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, - 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, - 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, - 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, - 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, - 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, - 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, - 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, - 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, - 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, - 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, - 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, - 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, - 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, - 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, - 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, - 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, - 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, - 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, - 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, - 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, - 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, - 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, - 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, - 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, - 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, - 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, - 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, - 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, - 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, - 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, - 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, - 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, - 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, - 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, - 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, - 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, - 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, - 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, - 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, - 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, - 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, - 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, - 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, - 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, - 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, - 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, - 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, - 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, - 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, - 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, - 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, - 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, - 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, - 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, - 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, - 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, - 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, - 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, - 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, - 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, - 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, - 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, - 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, - 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, - 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, - 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, - 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, - 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, - 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, - 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, - 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, - 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, - 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, - 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, - 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, - 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, - 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, - 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, - 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, - 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, -#endif +# define NUMPRIMES 2048 + +static const prime_t primes[2048] = { + + 2, 3, 5, 7, 11, 13, 17, 19, + 23, 29, 31, 37, 41, 43, 47, 53, + 59, 61, 67, 71, 73, 79, 83, 89, + 97, 101, 103, 107, 109, 113, 127, 131, + 137, 139, 149, 151, 157, 163, 167, 173, + 179, 181, 191, 193, 197, 199, 211, 223, + 227, 229, 233, 239, 241, 251, 257, 263, + 269, 271, 277, 281, 283, 293, 307, 311, + 313, 317, 331, 337, 347, 349, 353, 359, + 367, 373, 379, 383, 389, 397, 401, 409, + 419, 421, 431, 433, 439, 443, 449, 457, + 461, 463, 467, 479, 487, 491, 499, 503, + 509, 521, 523, 541, 547, 557, 563, 569, + 571, 577, 587, 593, 599, 601, 607, 613, + 617, 619, 631, 641, 643, 647, 653, 659, + 661, 673, 677, 683, 691, 701, 709, 719, + 727, 733, 739, 743, 751, 757, 761, 769, + 773, 787, 797, 809, 811, 821, 823, 827, + 829, 839, 853, 857, 859, 863, 877, 881, + 883, 887, 907, 911, 919, 929, 937, 941, + 947, 953, 967, 971, 977, 983, 991, 997, + 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, + 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, + 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, + 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, + 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, + 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, + 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, + 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, + 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, + 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, + 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, + 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, + 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, + 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, + 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, + 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, + 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, + 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, + 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, + 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, + 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, + 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, + 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, + 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, + 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, + 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, + 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, + 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, + 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, + 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, + 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, + 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, + 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, + 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, + 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, + 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, + 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, + 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, + 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, + 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, + 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, + 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, + 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, + 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, + 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, + 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, + 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, + 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, + 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, + 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, + 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, + 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, + 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, + 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, + 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, + 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, + 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, + 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, + 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, + 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, + 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, + 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, + 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, + 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, + 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, + 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, + 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, + 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, + 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, + 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, + 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, + 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, + 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, + 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, + 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, + 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, + 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, + 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, + 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, + 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, + 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, + 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, + 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, + 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, + 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, + 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, + 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, + 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, + 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, + 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, + 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, + 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, + 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, + 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, + 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, + 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, + 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, + 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, + 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, + 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, + 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, + 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, + 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, + 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, + 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, + 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, + 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, + 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, + 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, + 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, + 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, + 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, + 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, + 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, + 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, + 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, + 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, + 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, + 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, + 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, + 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, + 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, + 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, + 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, + 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, + 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, + 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, + 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, + 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, + 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, + 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, + 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, + 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, + 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, + 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, + 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, + 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, + 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, + 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, + 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, + 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, + 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, + 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, + 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, + 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, + 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, + 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, + 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, + 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, + 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, + 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, + 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, + 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, + 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, + 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, + 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, + 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, + 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, + 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, + 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, + 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, + 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, + 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, + 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, + 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, + 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, + 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, + 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, + 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, + 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, + 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, + 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, + 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, + 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, + 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, + 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, + 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, + 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, + 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, + 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, + 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, + 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, + 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, + 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, + 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, + 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, + 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, + 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, + 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, + 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, + 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, + 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, + 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, + 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, + 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, + 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, + 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, + 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, + 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, + 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, + 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, + 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, + 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, + 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, + 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, + 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, + 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, + 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, + 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, + 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, + 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, + 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, + 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, + 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, + 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, + 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, + 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, + 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, + 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, + 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, + 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, + 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, + 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, + 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, + 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, + 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, + 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, + 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, + 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, + 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, + 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, + 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, + 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, + 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, + 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, }; diff --git a/deps/openssl/openssl/crypto/bn/bn_prime.pl b/deps/openssl/openssl/crypto/bn/bn_prime.pl index 6bede65e1d..163d4a9d30 100644 --- a/deps/openssl/openssl/crypto/bn/bn_prime.pl +++ b/deps/openssl/openssl/crypto/bn/bn_prime.pl @@ -1,119 +1,46 @@ -#!/usr/local/bin/perl -# bn_prime.pl - -$num=2048; -$num=$ARGV[0] if ($#ARGV >= 0); - -push(@primes,2); -$p=1; -loop: while ($#primes < $num-1) - { - $p+=2; - $s=int(sqrt($p)); - - for ($i=0; defined($primes[$i]) && $primes[$i]<=$s; $i++) - { - next loop if (($p%$primes[$i]) == 0); - } - push(@primes,$p); - } - -# print <<"EOF"; -# /* Auto generated by bn_prime.pl */ -# /* Copyright (C) 1995-1997 Eric Young (eay\@mincom.oz.au). -# * All rights reserved. -# * Copyright remains Eric Young's, and as such any Copyright notices in -# * the code are not to be removed. -# * See the COPYRIGHT file in the SSLeay distribution for more details. -# */ +#! /usr/bin/env perl +# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. # -# EOF - -print <<\EOF; -/* Auto generated by bn_prime.pl */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +print <<"EOF"; +/* + * WARNING: do not edit! + * Generated by crypto/bn/bn_prime.pl * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ EOF -for ($i=0; $i <= $#primes; $i++) - { - if ($primes[$i] > 256) - { - $eight=$i; - last; - } - } - -printf "#ifndef EIGHT_BIT\n"; -printf "# define NUMPRIMES %d\n",$num; -printf "typedef unsigned short prime_t;\n"; -printf "#else\n"; -printf "# define NUMPRIMES %d\n",$eight; -printf "typedef unsigned char prime_t;\n"; -printf "#endif\n"; -print "static const prime_t primes[NUMPRIMES] = {"; -$init=0; -for ($i=0; $i <= $#primes; $i++) - { - printf "\n#ifndef EIGHT_BIT\n " if ($primes[$i] > 256) && !($init++); - printf("\n ") if ($i%8) == 0; - printf(" %5d,",$primes[$i]); - } -print "\n#endif\n};\n"; - +my $num = shift || 2048; +my @primes = ( 2 ); +my $p = 1; +loop: while ($#primes < $num-1) { + $p += 2; + my $s = int(sqrt($p)); + + for (my $i = 0; defined($primes[$i]) && $primes[$i] <= $s; $i++) { + next loop if ($p % $primes[$i]) == 0; + } + push(@primes, $p); +} + +print "typedef unsigned short prime_t;\n"; +printf "# define NUMPRIMES %d\n\n", $num; + +printf "static const prime_t primes[%d] = {\n", $num; +for (my $i = 0; $i <= $#primes; $i++) { + printf "\n " if ($i % 8) == 0; + printf "%4d, ", $primes[$i]; +} +print "\n};\n"; diff --git a/deps/openssl/openssl/crypto/bn/bn_print.c b/deps/openssl/openssl/crypto/bn/bn_print.c index c0b029dad6..5ffe2fc9ba 100644 --- a/deps/openssl/openssl/crypto/bn/bn_print.c +++ b/deps/openssl/openssl/crypto/bn/bn_print.c @@ -1,65 +1,16 @@ -/* crypto/bn/bn_print.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <ctype.h> #include <limits.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/buffer.h> #include "bn_lcl.h" @@ -111,8 +62,8 @@ char *BN_bn2dec(const BIGNUM *a) /*- * get an upper bound for the length of the decimal integer * num <= (BN_num_bits(a) + 1) * log(2) - * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) - * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 + * <= 3 * BN_num_bits(a) * 0.101 + log(2) + 1 (rounding error) + * <= 3 * BN_num_bits(a) / 10 + 3 * BN_num_bits / 1000 + 1 + 1 */ i = BN_num_bits(a) * 3; num = (i / 10 + i / 1000 + 1) + 1; @@ -162,16 +113,12 @@ char *BN_bn2dec(const BIGNUM *a) } ok = 1; err: - if (bn_data != NULL) - OPENSSL_free(bn_data); - if (t != NULL) - BN_free(t); - if (!ok && buf) { - OPENSSL_free(buf); - buf = NULL; - } - - return (buf); + OPENSSL_free(bn_data); + BN_free(t); + if (ok) + return buf; + OPENSSL_free(buf); + return NULL; } int BN_hex2bn(BIGNUM **bn, const char *a) @@ -192,7 +139,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a) for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++) continue; - if (i > INT_MAX/4) + if (i == 0 || i > INT_MAX/4) goto err; num = i + neg; @@ -220,13 +167,8 @@ int BN_hex2bn(BIGNUM **bn, const char *a) l = 0; for (;;) { c = a[j - m]; - if ((c >= '0') && (c <= '9')) - k = c - '0'; - else if ((c >= 'a') && (c <= 'f')) - k = c - 'a' + 10; - else if ((c >= 'A') && (c <= 'F')) - k = c - 'A' + 10; - else + k = OPENSSL_hexchar2int(c); + if (k < 0) k = 0; /* paranoia */ l = (l << 4) | k; @@ -269,7 +211,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a) for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++) continue; - if (i > INT_MAX/4) + if (i == 0 || i > INT_MAX/4) goto err; num = i + neg; @@ -301,8 +243,9 @@ int BN_dec2bn(BIGNUM **bn, const char *a) l += *a - '0'; a++; if (++j == BN_DEC_NUM) { - BN_mul_word(ret, BN_DEC_CONV); - BN_add_word(ret, l); + if (!BN_mul_word(ret, BN_DEC_CONV) + || !BN_add_word(ret, l)) + goto err; l = 0; j = 0; } @@ -341,8 +284,7 @@ int BN_asc2bn(BIGNUM **bn, const char *a) return 1; } -#ifndef OPENSSL_NO_BIO -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO int BN_print_fp(FILE *fp, const BIGNUM *a) { BIO *b; @@ -381,7 +323,6 @@ int BN_print(BIO *bp, const BIGNUM *a) end: return (ret); } -#endif char *BN_options(void) { diff --git a/deps/openssl/openssl/crypto/bn/bn_rand.c b/deps/openssl/openssl/crypto/bn/bn_rand.c index 60d3f2260b..9ce4c5f606 100644 --- a/deps/openssl/openssl/crypto/bn/bn_rand.c +++ b/deps/openssl/openssl/crypto/bn/bn_rand.c @@ -1,119 +1,18 @@ -/* crypto/bn/bn_rand.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <time.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" #include <openssl/rand.h> +#include <openssl/sha.h> static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) { @@ -122,7 +21,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) time_t tim; if (bits == 0) { - if (top != -1 || bottom != 0) + if (top != BN_RAND_TOP_ANY || bottom != BN_RAND_BOTTOM_ANY) goto toosmall; BN_zero(rnd); return 1; @@ -134,7 +33,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) bit = (bits - 1) % 8; mask = 0xff << (bit + 1); - buf = (unsigned char *)OPENSSL_malloc(bytes); + buf = OPENSSL_malloc(bytes); if (buf == NULL) { BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE); goto err; @@ -144,11 +43,9 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) time(&tim); RAND_add(&tim, sizeof(tim), 0.0); - /* We ignore the value of pseudorand and always call RAND_bytes */ if (RAND_bytes(buf, bytes) <= 0) goto err; -#if 1 if (pseudorand == 2) { /* * generate patterns that are more likely to trigger BN library bugs @@ -157,7 +54,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) unsigned char c; for (i = 0; i < bytes; i++) { - if (RAND_pseudo_bytes(&c, 1) < 0) + if (RAND_bytes(&c, 1) <= 0) goto err; if (c >= 128 && i > 0) buf[i] = buf[i - 1]; @@ -167,7 +64,6 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) buf[i] = 255; } } -#endif if (top >= 0) { if (top) { @@ -188,10 +84,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) goto err; ret = 1; err: - if (buf != NULL) { - OPENSSL_cleanse(buf, bytes); - OPENSSL_free(buf); - } + OPENSSL_clear_free(buf, bytes); bn_check_top(rnd); return (ret); @@ -210,12 +103,10 @@ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) return bnrand(1, rnd, bits, top, bottom); } -#if 1 int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) { return bnrand(2, rnd, bits, top, bottom); } -#endif /* random number r: 0 <= r < range */ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) @@ -242,7 +133,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) * than range */ do { - if (!bn_rand(r, n + 1, -1, 0)) + if (!bn_rand(r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) return 0; /* * If r < 3*range, use r := r MOD range (which is either r, r - @@ -268,7 +159,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) } else { do { /* range = 11..._2 or range = 101..._2 */ - if (!bn_rand(r, n, -1, 0)) + if (!bn_rand(r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) return 0; if (!--count) { @@ -292,3 +183,76 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) { return bn_rand_range(1, r, range); } + +/* + * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike + * BN_rand_range, it also includes the contents of |priv| and |message| in + * the generation so that an RNG failure isn't fatal as long as |priv| + * remains secret. This is intended for use in DSA and ECDSA where an RNG + * weakness leads directly to private key exposure unless this function is + * used. + */ +int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, + const BIGNUM *priv, const unsigned char *message, + size_t message_len, BN_CTX *ctx) +{ + SHA512_CTX sha; + /* + * We use 512 bits of random data per iteration to ensure that we have at + * least |range| bits of randomness. + */ + unsigned char random_bytes[64]; + unsigned char digest[SHA512_DIGEST_LENGTH]; + unsigned done, todo; + /* We generate |range|+8 bytes of random output. */ + const unsigned num_k_bytes = BN_num_bytes(range) + 8; + unsigned char private_bytes[96]; + unsigned char *k_bytes; + int ret = 0; + + k_bytes = OPENSSL_malloc(num_k_bytes); + if (k_bytes == NULL) + goto err; + + /* We copy |priv| into a local buffer to avoid exposing its length. */ + todo = sizeof(priv->d[0]) * priv->top; + if (todo > sizeof(private_bytes)) { + /* + * No reasonable DSA or ECDSA key should have a private key this + * large and we don't handle this case in order to avoid leaking the + * length of the private key. + */ + BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE); + goto err; + } + memcpy(private_bytes, priv->d, todo); + memset(private_bytes + todo, 0, sizeof(private_bytes) - todo); + + for (done = 0; done < num_k_bytes;) { + if (RAND_bytes(random_bytes, sizeof(random_bytes)) != 1) + goto err; + SHA512_Init(&sha); + SHA512_Update(&sha, &done, sizeof(done)); + SHA512_Update(&sha, private_bytes, sizeof(private_bytes)); + SHA512_Update(&sha, message, message_len); + SHA512_Update(&sha, random_bytes, sizeof(random_bytes)); + SHA512_Final(digest, &sha); + + todo = num_k_bytes - done; + if (todo > SHA512_DIGEST_LENGTH) + todo = SHA512_DIGEST_LENGTH; + memcpy(k_bytes + done, digest, todo); + done += todo; + } + + if (!BN_bin2bn(k_bytes, num_k_bytes, out)) + goto err; + if (BN_mod(out, out, range, ctx) != 1) + goto err; + ret = 1; + + err: + OPENSSL_free(k_bytes); + OPENSSL_cleanse(private_bytes, sizeof(private_bytes)); + return ret; +} diff --git a/deps/openssl/openssl/crypto/bn/bn_recp.c b/deps/openssl/openssl/crypto/bn/bn_recp.c index f047040efe..20585b9d4b 100644 --- a/deps/openssl/openssl/crypto/bn/bn_recp.c +++ b/deps/openssl/openssl/crypto/bn/bn_recp.c @@ -1,82 +1,31 @@ -/* crypto/bn/bn_recp.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" void BN_RECP_CTX_init(BN_RECP_CTX *recp) { - BN_init(&(recp->N)); - BN_init(&(recp->Nr)); - recp->num_bits = 0; - recp->shift = 0; - recp->flags = 0; + memset(recp, 0, sizeof(*recp)); + bn_init(&(recp->N)); + bn_init(&(recp->Nr)); } BN_RECP_CTX *BN_RECP_CTX_new(void) { BN_RECP_CTX *ret; - if ((ret = (BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL) + if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) return (NULL); - BN_RECP_CTX_init(ret); + bn_init(&(ret->N)); + bn_init(&(ret->Nr)); ret->flags = BN_FLG_MALLOCED; return (ret); } @@ -199,7 +148,6 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, goto err; r->neg = 0; -#if 1 j = 0; while (BN_ucmp(r, &(recp->N)) >= 0) { if (j++ > 2) { @@ -211,7 +159,6 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, if (!BN_add_word(d, 1)) goto err; } -#endif r->neg = BN_is_zero(r) ? 0 : m->neg; d->neg = m->neg ^ recp->N.neg; diff --git a/deps/openssl/openssl/crypto/bn/bn_shift.c b/deps/openssl/openssl/crypto/bn/bn_shift.c index 9673d9a306..6a1eec80af 100644 --- a/deps/openssl/openssl/crypto/bn/bn_shift.c +++ b/deps/openssl/openssl/crypto/bn/bn_shift.c @@ -1,63 +1,13 @@ -/* crypto/bn/bn_shift.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" int BN_lshift1(BIGNUM *r, const BIGNUM *a) @@ -124,6 +74,8 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) c = (t & 1) ? BN_TBIT : 0; } r->top = j; + if (!r->top) + r->neg = 0; /* don't allow negative zero */ bn_check_top(r); return (1); } @@ -142,10 +94,10 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) return 0; } - r->neg = a->neg; nw = n / BN_BITS2; if (bn_wexpand(r, a->top + nw + 1) == NULL) return (0); + r->neg = a->neg; lb = n % BN_BITS2; rb = BN_BITS2 - lb; f = a->d; @@ -160,10 +112,7 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) t[nw + i + 1] |= (l >> rb) & BN_MASK2; t[nw + i] = (l << lb) & BN_MASK2; } - memset(t, 0, nw * sizeof(t[0])); - /* - * for (i=0; i<nw; i++) t[i]=0; - */ + memset(t, 0, sizeof(*t) * nw); r->top = a->top + nw + 1; bn_correct_top(r); bn_check_top(r); @@ -193,9 +142,9 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) } i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2; if (r != a) { - r->neg = a->neg; if (bn_wexpand(r, i) == NULL) return (0); + r->neg = a->neg; } else { if (n == 0) return 1; /* or the copying loop will go berserk */ @@ -219,6 +168,8 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) if ((l = (l >> rb) & BN_MASK2)) *(t) = l; } + if (!r->top) + r->neg = 0; /* don't allow negative zero */ bn_check_top(r); return (1); } diff --git a/deps/openssl/openssl/crypto/bn/bn_sqr.c b/deps/openssl/openssl/crypto/bn/bn_sqr.c index 256d26e8db..44e7332acf 100644 --- a/deps/openssl/openssl/crypto/bn/bn_sqr.c +++ b/deps/openssl/openssl/crypto/bn/bn_sqr.c @@ -1,63 +1,13 @@ -/* crypto/bn/bn_sqr.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" /* r must not be a */ @@ -70,9 +20,6 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) int ret = 0; BIGNUM *tmp, *rr; -#ifdef BN_COUNT - fprintf(stderr, "BN_sqr %d * %d\n", a->top, a->top); -#endif bn_check_top(a); al = a->top; @@ -208,9 +155,6 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) int zero, c1; BN_ULONG ln, lo, *p; -# ifdef BN_COUNT - fprintf(stderr, " bn_sqr_recursive %d * %d\n", n2, n2); -# endif if (n2 == 4) { # ifndef BN_SQR_COMBA bn_sqr_normal(r, a, 4, t); @@ -246,7 +190,7 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) if (!zero) bn_sqr_recursive(&(t[n2]), t, n, p); else - memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); + memset(&t[n2], 0, sizeof(*t) * n2); bn_sqr_recursive(r, a, n, p); bn_sqr_recursive(&(r[n2]), &(a[n]), n, p); diff --git a/deps/openssl/openssl/crypto/bn/bn_sqrt.c b/deps/openssl/openssl/crypto/bn/bn_sqrt.c index 232af99a21..84376c78e5 100644 --- a/deps/openssl/openssl/crypto/bn/bn_sqrt.c +++ b/deps/openssl/openssl/crypto/bn/bn_sqrt.c @@ -1,63 +1,13 @@ -/* crypto/bn/bn_sqrt.c */ /* - * Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> and Bodo - * Moeller for the OpenSSL project. - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) @@ -398,9 +348,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) end: if (err) { - if (ret != NULL && ret != in) { + if (ret != in) BN_clear_free(ret); - } ret = NULL; } BN_CTX_end(ctx); diff --git a/deps/openssl/openssl/crypto/bn/bn_srp.c b/deps/openssl/openssl/crypto/bn/bn_srp.c new file mode 100644 index 0000000000..58b1691eee --- /dev/null +++ b/deps/openssl/openssl/crypto/bn/bn_srp.c @@ -0,0 +1,545 @@ +/* + * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "bn_lcl.h" +#include "e_os.h" + +#ifndef OPENSSL_NO_SRP + +#include <openssl/srp.h> +#include <internal/bn_srp.h> + +# if (BN_BYTES == 8) +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +# define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64) +# elif defined(__arch64__) +# define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL) +# else +# define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL) +# endif +# elif (BN_BYTES == 4) +# define bn_pack4(a1,a2,a3,a4) ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL) +# else +# error "unsupported BN_BYTES" +# endif + +static const BN_ULONG bn_group_1024_value[] = { + bn_pack4(0x9FC6, 0x1D2F, 0xC0EB, 0x06E3), + bn_pack4(0xFD51, 0x38FE, 0x8376, 0x435B), + bn_pack4(0x2FD4, 0xCBF4, 0x976E, 0xAA9A), + bn_pack4(0x68ED, 0xBC3C, 0x0572, 0x6CC0), + bn_pack4(0xC529, 0xF566, 0x660E, 0x57EC), + bn_pack4(0x8255, 0x9B29, 0x7BCF, 0x1885), + bn_pack4(0xCE8E, 0xF4AD, 0x69B1, 0x5D49), + bn_pack4(0x5DC7, 0xD7B4, 0x6154, 0xD6B6), + bn_pack4(0x8E49, 0x5C1D, 0x6089, 0xDAD1), + bn_pack4(0xE0D5, 0xD8E2, 0x50B9, 0x8BE4), + bn_pack4(0x383B, 0x4813, 0xD692, 0xC6E0), + bn_pack4(0xD674, 0xDF74, 0x96EA, 0x81D3), + bn_pack4(0x9EA2, 0x314C, 0x9C25, 0x6576), + bn_pack4(0x6072, 0x6187, 0x75FF, 0x3C0B), + bn_pack4(0x9C33, 0xF80A, 0xFA8F, 0xC5E8), + bn_pack4(0xEEAF, 0x0AB9, 0xADB3, 0x8DD6) +}; + +const BIGNUM bn_group_1024 = { + (BN_ULONG *)bn_group_1024_value, + OSSL_NELEM(bn_group_1024_value), + OSSL_NELEM(bn_group_1024_value), + 0, + BN_FLG_STATIC_DATA +}; + +static const BN_ULONG bn_group_1536_value[] = { + bn_pack4(0xCF76, 0xE3FE, 0xD135, 0xF9BB), + bn_pack4(0x1518, 0x0F93, 0x499A, 0x234D), + bn_pack4(0x8CE7, 0xA28C, 0x2442, 0xC6F3), + bn_pack4(0x5A02, 0x1FFF, 0x5E91, 0x479E), + bn_pack4(0x7F8A, 0x2FE9, 0xB8B5, 0x292E), + bn_pack4(0x837C, 0x264A, 0xE3A9, 0xBEB8), + bn_pack4(0xE442, 0x734A, 0xF7CC, 0xB7AE), + bn_pack4(0x6577, 0x2E43, 0x7D6C, 0x7F8C), + bn_pack4(0xDB2F, 0xD53D, 0x24B7, 0xC486), + bn_pack4(0x6EDF, 0x0195, 0x3934, 0x9627), + bn_pack4(0x158B, 0xFD3E, 0x2B9C, 0x8CF5), + bn_pack4(0x764E, 0x3F4B, 0x53DD, 0x9DA1), + bn_pack4(0x4754, 0x8381, 0xDBC5, 0xB1FC), + bn_pack4(0x9B60, 0x9E0B, 0xE3BA, 0xB63D), + bn_pack4(0x8134, 0xB1C8, 0xB979, 0x8914), + bn_pack4(0xDF02, 0x8A7C, 0xEC67, 0xF0D0), + bn_pack4(0x80B6, 0x55BB, 0x9A22, 0xE8DC), + bn_pack4(0x1558, 0x903B, 0xA0D0, 0xF843), + bn_pack4(0x51C6, 0xA94B, 0xE460, 0x7A29), + bn_pack4(0x5F4F, 0x5F55, 0x6E27, 0xCBDE), + bn_pack4(0xBEEE, 0xA961, 0x4B19, 0xCC4D), + bn_pack4(0xDBA5, 0x1DF4, 0x99AC, 0x4C80), + bn_pack4(0xB1F1, 0x2A86, 0x17A4, 0x7BBB), + bn_pack4(0x9DEF, 0x3CAF, 0xB939, 0x277A) +}; + +const BIGNUM bn_group_1536 = { + (BN_ULONG *)bn_group_1536_value, + OSSL_NELEM(bn_group_1536_value), + OSSL_NELEM(bn_group_1536_value), + 0, + BN_FLG_STATIC_DATA +}; + +static const BN_ULONG bn_group_2048_value[] = { + bn_pack4(0x0FA7, 0x111F, 0x9E4A, 0xFF73), + bn_pack4(0x9B65, 0xE372, 0xFCD6, 0x8EF2), + bn_pack4(0x35DE, 0x236D, 0x525F, 0x5475), + bn_pack4(0x94B5, 0xC803, 0xD89F, 0x7AE4), + bn_pack4(0x71AE, 0x35F8, 0xE9DB, 0xFBB6), + bn_pack4(0x2A56, 0x98F3, 0xA8D0, 0xC382), + bn_pack4(0x9CCC, 0x041C, 0x7BC3, 0x08D8), + bn_pack4(0xAF87, 0x4E73, 0x03CE, 0x5329), + bn_pack4(0x6160, 0x2790, 0x04E5, 0x7AE6), + bn_pack4(0x032C, 0xFBDB, 0xF52F, 0xB378), + bn_pack4(0x5EA7, 0x7A27, 0x75D2, 0xECFA), + bn_pack4(0x5445, 0x23B5, 0x24B0, 0xD57D), + bn_pack4(0x5B9D, 0x32E6, 0x88F8, 0x7748), + bn_pack4(0xF1D2, 0xB907, 0x8717, 0x461A), + bn_pack4(0x76BD, 0x207A, 0x436C, 0x6481), + bn_pack4(0xCA97, 0xB43A, 0x23FB, 0x8016), + bn_pack4(0x1D28, 0x1E44, 0x6B14, 0x773B), + bn_pack4(0x7359, 0xD041, 0xD5C3, 0x3EA7), + bn_pack4(0xA80D, 0x740A, 0xDBF4, 0xFF74), + bn_pack4(0x55F9, 0x7993, 0xEC97, 0x5EEA), + bn_pack4(0x2918, 0xA996, 0x2F0B, 0x93B8), + bn_pack4(0x661A, 0x05FB, 0xD5FA, 0xAAE8), + bn_pack4(0xCF60, 0x9517, 0x9A16, 0x3AB3), + bn_pack4(0xE808, 0x3969, 0xEDB7, 0x67B0), + bn_pack4(0xCD7F, 0x48A9, 0xDA04, 0xFD50), + bn_pack4(0xD523, 0x12AB, 0x4B03, 0x310D), + bn_pack4(0x8193, 0xE075, 0x7767, 0xA13D), + bn_pack4(0xA373, 0x29CB, 0xB4A0, 0x99ED), + bn_pack4(0xFC31, 0x9294, 0x3DB5, 0x6050), + bn_pack4(0xAF72, 0xB665, 0x1987, 0xEE07), + bn_pack4(0xF166, 0xDE5E, 0x1389, 0x582F), + bn_pack4(0xAC6B, 0xDB41, 0x324A, 0x9A9B) +}; + +const BIGNUM bn_group_2048 = { + (BN_ULONG *)bn_group_2048_value, + OSSL_NELEM(bn_group_2048_value), + OSSL_NELEM(bn_group_2048_value), + 0, + BN_FLG_STATIC_DATA +}; + +static const BN_ULONG bn_group_3072_value[] = { + bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), + bn_pack4(0x4B82, 0xD120, 0xA93A, 0xD2CA), + bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), + bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), + bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), + bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), + bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), + bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), + bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), + bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), + bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), + bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), + bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), + bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), + bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), + bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), + bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), + bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), + bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), + bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), + bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), + bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), + bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), + bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), + bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), + bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), + bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), + bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), + bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), + bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), + bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), + bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), + bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), + bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), + bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), + bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), + bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), + bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), + bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), + bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), + bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), + bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), + bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), + bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), + bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), + bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), + bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), + bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) +}; + +const BIGNUM bn_group_3072 = { + (BN_ULONG *)bn_group_3072_value, + OSSL_NELEM(bn_group_3072_value), + OSSL_NELEM(bn_group_3072_value), + 0, + BN_FLG_STATIC_DATA +}; + +static const BN_ULONG bn_group_4096_value[] = { + bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), + bn_pack4(0x4DF4, 0x35C9, 0x3406, 0x3199), + bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F), + bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1), + bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9), + bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C), + bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF), + bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED), + bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2), + bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D), + bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6), + bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9), + bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8), + bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA), + bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C), + bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26), + bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7), + bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801), + bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), + bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), + bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), + bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), + bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), + bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), + bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), + bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), + bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), + bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), + bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), + bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), + bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), + bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), + bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), + bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), + bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), + bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), + bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), + bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), + bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), + bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), + bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), + bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), + bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), + bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), + bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), + bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), + bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), + bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), + bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), + bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), + bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), + bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), + bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), + bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), + bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), + bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), + bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), + bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), + bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), + bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), + bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), + bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), + bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), + bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) +}; + +const BIGNUM bn_group_4096 = { + (BN_ULONG *)bn_group_4096_value, + OSSL_NELEM(bn_group_4096_value), + OSSL_NELEM(bn_group_4096_value), + 0, + BN_FLG_STATIC_DATA +}; + +static const BN_ULONG bn_group_6144_value[] = { + bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), + bn_pack4(0xE694, 0xF91E, 0x6DCC, 0x4024), + bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6), + bn_pack4(0x043E, 0x8F66, 0x3F48, 0x60EE), + bn_pack4(0x387F, 0xE8D7, 0x6E3C, 0x0468), + bn_pack4(0xDA56, 0xC9EC, 0x2EF2, 0x9632), + bn_pack4(0xEB19, 0xCCB1, 0xA313, 0xD55C), + bn_pack4(0xF550, 0xAA3D, 0x8A1F, 0xBFF0), + bn_pack4(0x06A1, 0xD58B, 0xB7C5, 0xDA76), + bn_pack4(0xA797, 0x15EE, 0xF29B, 0xE328), + bn_pack4(0x14CC, 0x5ED2, 0x0F80, 0x37E0), + bn_pack4(0xCC8F, 0x6D7E, 0xBF48, 0xE1D8), + bn_pack4(0x4BD4, 0x07B2, 0x2B41, 0x54AA), + bn_pack4(0x0F1D, 0x45B7, 0xFF58, 0x5AC5), + bn_pack4(0x23A9, 0x7A7E, 0x36CC, 0x88BE), + bn_pack4(0x59E7, 0xC97F, 0xBEC7, 0xE8F3), + bn_pack4(0xB5A8, 0x4031, 0x900B, 0x1C9E), + bn_pack4(0xD55E, 0x702F, 0x4698, 0x0C82), + bn_pack4(0xF482, 0xD7CE, 0x6E74, 0xFEF6), + bn_pack4(0xF032, 0xEA15, 0xD172, 0x1D03), + bn_pack4(0x5983, 0xCA01, 0xC64B, 0x92EC), + bn_pack4(0x6FB8, 0xF401, 0x378C, 0xD2BF), + bn_pack4(0x3320, 0x5151, 0x2BD7, 0xAF42), + bn_pack4(0xDB7F, 0x1447, 0xE6CC, 0x254B), + bn_pack4(0x44CE, 0x6CBA, 0xCED4, 0xBB1B), + bn_pack4(0xDA3E, 0xDBEB, 0xCF9B, 0x14ED), + bn_pack4(0x1797, 0x27B0, 0x865A, 0x8918), + bn_pack4(0xB06A, 0x53ED, 0x9027, 0xD831), + bn_pack4(0xE5DB, 0x382F, 0x4130, 0x01AE), + bn_pack4(0xF8FF, 0x9406, 0xAD9E, 0x530E), + bn_pack4(0xC975, 0x1E76, 0x3DBA, 0x37BD), + bn_pack4(0xC1D4, 0xDCB2, 0x6026, 0x46DE), + bn_pack4(0x36C3, 0xFAB4, 0xD27C, 0x7026), + bn_pack4(0x4DF4, 0x35C9, 0x3402, 0x8492), + bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F), + bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1), + bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9), + bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C), + bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF), + bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED), + bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2), + bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D), + bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6), + bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9), + bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8), + bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA), + bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C), + bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26), + bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7), + bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801), + bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), + bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), + bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), + bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), + bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), + bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), + bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), + bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), + bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), + bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), + bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), + bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), + bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), + bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), + bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), + bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), + bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), + bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), + bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), + bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), + bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), + bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), + bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), + bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), + bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), + bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), + bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), + bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), + bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), + bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), + bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), + bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), + bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), + bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), + bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), + bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), + bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), + bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), + bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), + bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), + bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), + bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), + bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), + bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), + bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), + bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) +}; + +const BIGNUM bn_group_6144 = { + (BN_ULONG *)bn_group_6144_value, + OSSL_NELEM(bn_group_6144_value), + OSSL_NELEM(bn_group_6144_value), + 0, + BN_FLG_STATIC_DATA +}; + +static const BN_ULONG bn_group_8192_value[] = { + bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), + bn_pack4(0x60C9, 0x80DD, 0x98ED, 0xD3DF), + bn_pack4(0xC81F, 0x56E8, 0x80B9, 0x6E71), + bn_pack4(0x9E30, 0x50E2, 0x7656, 0x94DF), + bn_pack4(0x9558, 0xE447, 0x5677, 0xE9AA), + bn_pack4(0xC919, 0x0DA6, 0xFC02, 0x6E47), + bn_pack4(0x889A, 0x002E, 0xD5EE, 0x382B), + bn_pack4(0x4009, 0x438B, 0x481C, 0x6CD7), + bn_pack4(0x3590, 0x46F4, 0xEB87, 0x9F92), + bn_pack4(0xFAF3, 0x6BC3, 0x1ECF, 0xA268), + bn_pack4(0xB1D5, 0x10BD, 0x7EE7, 0x4D73), + bn_pack4(0xF9AB, 0x4819, 0x5DED, 0x7EA1), + bn_pack4(0x64F3, 0x1CC5, 0x0846, 0x851D), + bn_pack4(0x4597, 0xE899, 0xA025, 0x5DC1), + bn_pack4(0xDF31, 0x0EE0, 0x74AB, 0x6A36), + bn_pack4(0x6D2A, 0x13F8, 0x3F44, 0xF82D), + bn_pack4(0x062B, 0x3CF5, 0xB3A2, 0x78A6), + bn_pack4(0x7968, 0x3303, 0xED5B, 0xDD3A), + bn_pack4(0xFA9D, 0x4B7F, 0xA2C0, 0x87E8), + bn_pack4(0x4BCB, 0xC886, 0x2F83, 0x85DD), + bn_pack4(0x3473, 0xFC64, 0x6CEA, 0x306B), + bn_pack4(0x13EB, 0x57A8, 0x1A23, 0xF0C7), + bn_pack4(0x2222, 0x2E04, 0xA403, 0x7C07), + bn_pack4(0xE3FD, 0xB8BE, 0xFC84, 0x8AD9), + bn_pack4(0x238F, 0x16CB, 0xE39D, 0x652D), + bn_pack4(0x3423, 0xB474, 0x2BF1, 0xC978), + bn_pack4(0x3AAB, 0x639C, 0x5AE4, 0xF568), + bn_pack4(0x2576, 0xF693, 0x6BA4, 0x2466), + bn_pack4(0x741F, 0xA7BF, 0x8AFC, 0x47ED), + bn_pack4(0x3BC8, 0x32B6, 0x8D9D, 0xD300), + bn_pack4(0xD8BE, 0xC4D0, 0x73B9, 0x31BA), + bn_pack4(0x3877, 0x7CB6, 0xA932, 0xDF8C), + bn_pack4(0x74A3, 0x926F, 0x12FE, 0xE5E4), + bn_pack4(0xE694, 0xF91E, 0x6DBE, 0x1159), + bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6), + bn_pack4(0x043E, 0x8F66, 0x3F48, 0x60EE), + bn_pack4(0x387F, 0xE8D7, 0x6E3C, 0x0468), + bn_pack4(0xDA56, 0xC9EC, 0x2EF2, 0x9632), + bn_pack4(0xEB19, 0xCCB1, 0xA313, 0xD55C), + bn_pack4(0xF550, 0xAA3D, 0x8A1F, 0xBFF0), + bn_pack4(0x06A1, 0xD58B, 0xB7C5, 0xDA76), + bn_pack4(0xA797, 0x15EE, 0xF29B, 0xE328), + bn_pack4(0x14CC, 0x5ED2, 0x0F80, 0x37E0), + bn_pack4(0xCC8F, 0x6D7E, 0xBF48, 0xE1D8), + bn_pack4(0x4BD4, 0x07B2, 0x2B41, 0x54AA), + bn_pack4(0x0F1D, 0x45B7, 0xFF58, 0x5AC5), + bn_pack4(0x23A9, 0x7A7E, 0x36CC, 0x88BE), + bn_pack4(0x59E7, 0xC97F, 0xBEC7, 0xE8F3), + bn_pack4(0xB5A8, 0x4031, 0x900B, 0x1C9E), + bn_pack4(0xD55E, 0x702F, 0x4698, 0x0C82), + bn_pack4(0xF482, 0xD7CE, 0x6E74, 0xFEF6), + bn_pack4(0xF032, 0xEA15, 0xD172, 0x1D03), + bn_pack4(0x5983, 0xCA01, 0xC64B, 0x92EC), + bn_pack4(0x6FB8, 0xF401, 0x378C, 0xD2BF), + bn_pack4(0x3320, 0x5151, 0x2BD7, 0xAF42), + bn_pack4(0xDB7F, 0x1447, 0xE6CC, 0x254B), + bn_pack4(0x44CE, 0x6CBA, 0xCED4, 0xBB1B), + bn_pack4(0xDA3E, 0xDBEB, 0xCF9B, 0x14ED), + bn_pack4(0x1797, 0x27B0, 0x865A, 0x8918), + bn_pack4(0xB06A, 0x53ED, 0x9027, 0xD831), + bn_pack4(0xE5DB, 0x382F, 0x4130, 0x01AE), + bn_pack4(0xF8FF, 0x9406, 0xAD9E, 0x530E), + bn_pack4(0xC975, 0x1E76, 0x3DBA, 0x37BD), + bn_pack4(0xC1D4, 0xDCB2, 0x6026, 0x46DE), + bn_pack4(0x36C3, 0xFAB4, 0xD27C, 0x7026), + bn_pack4(0x4DF4, 0x35C9, 0x3402, 0x8492), + bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F), + bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1), + bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9), + bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C), + bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF), + bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED), + bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2), + bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D), + bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6), + bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9), + bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8), + bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA), + bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C), + bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26), + bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7), + bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801), + bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), + bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), + bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), + bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), + bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), + bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), + bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), + bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), + bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), + bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), + bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), + bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), + bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), + bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), + bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), + bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), + bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), + bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), + bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), + bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), + bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), + bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), + bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), + bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), + bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), + bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), + bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), + bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), + bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), + bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), + bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), + bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), + bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), + bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), + bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), + bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), + bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), + bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), + bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), + bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), + bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), + bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), + bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), + bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), + bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), + bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) +}; + +const BIGNUM bn_group_8192 = { + (BN_ULONG *)bn_group_8192_value, + OSSL_NELEM(bn_group_8192_value), + OSSL_NELEM(bn_group_8192_value), + 0, + BN_FLG_STATIC_DATA +}; + +static const BN_ULONG bn_generator_19_value[] = { 19 }; + +const BIGNUM bn_generator_19 = { + (BN_ULONG *)bn_generator_19_value, + 1, + 1, + 0, + BN_FLG_STATIC_DATA +}; +static const BN_ULONG bn_generator_5_value[] = { 5 }; + +const BIGNUM bn_generator_5 = { + (BN_ULONG *)bn_generator_5_value, + 1, + 1, + 0, + BN_FLG_STATIC_DATA +}; +static const BN_ULONG bn_generator_2_value[] = { 2 }; + +const BIGNUM bn_generator_2 = { + (BN_ULONG *)bn_generator_2_value, + 1, + 1, + 0, + BN_FLG_STATIC_DATA +}; + +#endif diff --git a/deps/openssl/openssl/crypto/bn/bn_word.c b/deps/openssl/openssl/crypto/bn/bn_word.c index 9b5f9cb98c..1af13a53fb 100644 --- a/deps/openssl/openssl/crypto/bn/bn_word.c +++ b/deps/openssl/openssl/crypto/bn/bn_word.c @@ -1,63 +1,13 @@ -/* crypto/bn/bn_word.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) @@ -139,6 +89,8 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) if ((a->top > 0) && (a->d[a->top - 1] == 0)) a->top--; ret >>= j; + if (!a->top) + a->neg = 0; /* don't allow negative zero */ bn_check_top(a); return (ret); } diff --git a/deps/openssl/openssl/crypto/bn/bn_x931p.c b/deps/openssl/openssl/crypto/bn/bn_x931p.c index f444af3fea..8bfbcac6a4 100644 --- a/deps/openssl/openssl/crypto/bn/bn_x931p.c +++ b/deps/openssl/openssl/crypto/bn/bn_x931p.c @@ -1,64 +1,15 @@ -/* bn_x931p.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2005. - */ -/* ==================================================================== - * Copyright (c) 2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <openssl/bn.h> +#include "bn_lcl.h" /* X9.31 routines for prime derivation */ @@ -70,7 +21,7 @@ static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb) { - int i = 0; + int i = 0, is_prime; if (!BN_copy(pi, Xpi)) return 0; if (!BN_is_odd(pi) && !BN_add_word(pi, 1)) @@ -78,8 +29,11 @@ static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, for (;;) { i++; BN_GENCB_call(cb, 0, i); - /* NB 27 MR is specificed in X9.31 */ - if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb)) + /* NB 27 MR is specified in X9.31 */ + is_prime = BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb); + if (is_prime < 0) + return 0; + if (is_prime) break; if (!BN_add_word(pi, 2)) return 0; @@ -120,6 +74,9 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, pm1 = BN_CTX_get(ctx); + if (pm1 == NULL) + goto err; + if (!bn_x931_derive_pi(p1, Xp1, ctx, cb)) goto err; @@ -168,14 +125,18 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, goto err; if (!BN_gcd(t, pm1, e, ctx)) goto err; - if (BN_is_one(t) + if (BN_is_one(t)) { /* * X9.31 specifies 8 MR and 1 Lucas test or any prime test * offering similar or better guarantees 50 MR is considerably * better. */ - && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb)) - break; + int r = BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb); + if (r < 0) + goto err; + if (r) + break; + } if (!BN_add(p, p, p1p2)) goto err; } @@ -192,8 +153,8 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, } /* - * Generate pair of paramters Xp, Xq for X9.31 prime generation. Note: nbits - * paramter is sum of number of bits in both. + * Generate pair of parameters Xp, Xq for X9.31 prime generation. Note: nbits + * parameter is sum of number of bits in both. */ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) @@ -212,7 +173,7 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) * - 1. By setting the top two bits we ensure that the lower bound is * exceeded. */ - if (!BN_rand(Xp, nbits, 1, 0)) + if (!BN_rand(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY)) goto err; BN_CTX_start(ctx); @@ -221,7 +182,7 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) goto err; for (i = 0; i < 1000; i++) { - if (!BN_rand(Xq, nbits, 1, 0)) + if (!BN_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY)) goto err; /* Check that |Xp - Xq| > 2^(nbits - 100) */ BN_sub(t, Xp, Xq); @@ -264,9 +225,9 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, if (Xp1 == NULL || Xp2 == NULL) goto error; - if (!BN_rand(Xp1, 101, 0, 0)) + if (!BN_rand(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) goto error; - if (!BN_rand(Xp2, 101, 0, 0)) + if (!BN_rand(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) goto error; if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb)) goto error; diff --git a/deps/openssl/openssl/crypto/bn/bnspeed.c b/deps/openssl/openssl/crypto/bn/bnspeed.c deleted file mode 100644 index e387fdfbc2..0000000000 --- a/deps/openssl/openssl/crypto/bn/bnspeed.c +++ /dev/null @@ -1,232 +0,0 @@ -/* unused */ - -/* crypto/bn/bnspeed.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* most of this code has been pilfered from my libdes speed.c program */ - -#define BASENUM 1000000 -#undef PROG -#define PROG bnspeed_main - -#include <stdio.h> -#include <stdlib.h> -#include <signal.h> -#include <string.h> -#include <openssl/crypto.h> -#include <openssl/err.h> - -#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX) -# define TIMES -#endif - -#ifndef _IRIX -# include <time.h> -#endif -#ifdef TIMES -# include <sys/types.h> -# include <sys/times.h> -#endif - -/* - * Depending on the VMS version, the tms structure is perhaps defined. The - * __TMS macro will show if it was. If it wasn't defined, we should undefine - * TIMES, since that tells the rest of the program how things should be - * handled. -- Richard Levitte - */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) -# undef TIMES -#endif - -#ifndef TIMES -# include <sys/timeb.h> -#endif - -#if defined(sun) || defined(__ultrix) -# define _POSIX_SOURCE -# include <limits.h> -# include <sys/param.h> -#endif - -#include <openssl/bn.h> -#include <openssl/x509.h> - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) -# endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) -# endif -#endif - -#undef BUFSIZE -#define BUFSIZE ((long)1024*8) -int run = 0; - -static double Time_F(int s); -#define START 0 -#define STOP 1 - -static double Time_F(int s) -{ - double ret; -#ifdef TIMES - static struct tms tstart, tend; - - if (s == START) { - times(&tstart); - return (0); - } else { - times(&tend); - ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ; - return ((ret < 1e-3) ? 1e-3 : ret); - } -#else /* !times() */ - static struct timeb tstart, tend; - long i; - - if (s == START) { - ftime(&tstart); - return (0); - } else { - ftime(&tend); - i = (long)tend.millitm - (long)tstart.millitm; - ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1000.0; - return ((ret < 0.001) ? 0.001 : ret); - } -#endif -} - -#define NUM_SIZES 5 -static int sizes[NUM_SIZES] = { 128, 256, 512, 1024, 2048 }; - -/* - * static int sizes[NUM_SIZES]={59,179,299,419,539}; - */ - -void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); - -int main(int argc, char **argv) -{ - BN_CTX *ctx; - BIGNUM a, b, c; - - ctx = BN_CTX_new(); - BN_init(&a); - BN_init(&b); - BN_init(&c); - - do_mul(&a, &b, &c, ctx); -} - -void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) -{ - int i, j, k; - double tm; - long num; - - for (i = 0; i < NUM_SIZES; i++) { - num = BASENUM; - if (i) - num /= (i * 3); - BN_rand(a, sizes[i], 1, 0); - for (j = i; j < NUM_SIZES; j++) { - BN_rand(b, sizes[j], 1, 0); - Time_F(START); - for (k = 0; k < num; k++) - BN_mul(r, b, a, ctx); - tm = Time_F(STOP); - printf("mul %4d x %4d -> %8.3fms\n", sizes[i], sizes[j], - tm * 1000.0 / num); - } - } - - for (i = 0; i < NUM_SIZES; i++) { - num = BASENUM; - if (i) - num /= (i * 3); - BN_rand(a, sizes[i], 1, 0); - Time_F(START); - for (k = 0; k < num; k++) - BN_sqr(r, a, ctx); - tm = Time_F(STOP); - printf("sqr %4d x %4d -> %8.3fms\n", sizes[i], sizes[i], - tm * 1000.0 / num); - } - - for (i = 0; i < NUM_SIZES; i++) { - num = BASENUM / 10; - if (i) - num /= (i * 3); - BN_rand(a, sizes[i] - 1, 1, 0); - for (j = i; j < NUM_SIZES; j++) { - BN_rand(b, sizes[j], 1, 0); - Time_F(START); - for (k = 0; k < 100000; k++) - BN_div(r, NULL, b, a, ctx); - tm = Time_F(STOP); - printf("div %4d / %4d -> %8.3fms\n", sizes[j], sizes[i] - 1, - tm * 1000.0 / num); - } - } -} diff --git a/deps/openssl/openssl/crypto/bn/bntest.c b/deps/openssl/openssl/crypto/bn/bntest.c deleted file mode 100644 index abe5dbe0b0..0000000000 --- a/deps/openssl/openssl/crypto/bn/bntest.c +++ /dev/null @@ -1,2160 +0,0 @@ -/* crypto/bn/bntest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the Eric Young open source - * license provided above. - * - * The binary polynomial arithmetic software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. - * - */ - -/* - * Until the key-gen callbacks are modified to use newer prototypes, we allow - * deprecated functions for openssl-internal code - */ -#ifdef OPENSSL_NO_DEPRECATED -# undef OPENSSL_NO_DEPRECATED -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include "e_os.h" - -#include <openssl/bio.h> -#include <openssl/bn.h> -#include <openssl/rand.h> -#include <openssl/x509.h> -#include <openssl/err.h> - -const int num0 = 100; /* number of tests */ -const int num1 = 50; /* additional tests for some functions */ -const int num2 = 5; /* number of tests for slow functions */ - -int test_add(BIO *bp); -int test_sub(BIO *bp); -int test_lshift1(BIO *bp); -int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_); -int test_rshift1(BIO *bp); -int test_rshift(BIO *bp, BN_CTX *ctx); -int test_div(BIO *bp, BN_CTX *ctx); -int test_div_word(BIO *bp); -int test_div_recp(BIO *bp, BN_CTX *ctx); -int test_mul(BIO *bp); -int test_sqr(BIO *bp, BN_CTX *ctx); -int test_mont(BIO *bp, BN_CTX *ctx); -int test_mod(BIO *bp, BN_CTX *ctx); -int test_mod_mul(BIO *bp, BN_CTX *ctx); -int test_mod_exp(BIO *bp, BN_CTX *ctx); -int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx); -int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx); -int test_exp(BIO *bp, BN_CTX *ctx); -int test_gf2m_add(BIO *bp); -int test_gf2m_mod(BIO *bp); -int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx); -int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx); -int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx); -int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx); -int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx); -int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx); -int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx); -int test_kron(BIO *bp, BN_CTX *ctx); -int test_sqrt(BIO *bp, BN_CTX *ctx); -int rand_neg(void); -static int results = 0; - -static unsigned char lst[] = - "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9" - "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0"; - -static const char rnd_seed[] = - "string to make the random number generator think it has entropy"; - -static void message(BIO *out, char *m) -{ - fprintf(stderr, "test %s\n", m); - BIO_puts(out, "print \"test "); - BIO_puts(out, m); - BIO_puts(out, "\\n\"\n"); -} - -int main(int argc, char *argv[]) -{ - BN_CTX *ctx; - BIO *out; - char *outfile = NULL; - - results = 0; - - RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */ - - argc--; - argv++; - while (argc >= 1) { - if (strcmp(*argv, "-results") == 0) - results = 1; - else if (strcmp(*argv, "-out") == 0) { - if (--argc < 1) - break; - outfile = *(++argv); - } - argc--; - argv++; - } - - ctx = BN_CTX_new(); - if (ctx == NULL) - EXIT(1); - - out = BIO_new(BIO_s_file()); - if (out == NULL) - EXIT(1); - if (outfile == NULL) { - BIO_set_fp(out, stdout, BIO_NOCLOSE); - } else { - if (!BIO_write_filename(out, outfile)) { - perror(outfile); - EXIT(1); - } - } - - if (!results) - BIO_puts(out, "obase=16\nibase=16\n"); - - message(out, "BN_add"); - if (!test_add(out)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_sub"); - if (!test_sub(out)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_lshift1"); - if (!test_lshift1(out)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_lshift (fixed)"); - if (!test_lshift(out, ctx, BN_bin2bn(lst, sizeof(lst) - 1, NULL))) - goto err; - (void)BIO_flush(out); - - message(out, "BN_lshift"); - if (!test_lshift(out, ctx, NULL)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_rshift1"); - if (!test_rshift1(out)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_rshift"); - if (!test_rshift(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_sqr"); - if (!test_sqr(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_mul"); - if (!test_mul(out)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_div"); - if (!test_div(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_div_word"); - if (!test_div_word(out)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_div_recp"); - if (!test_div_recp(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_mod"); - if (!test_mod(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_mod_mul"); - if (!test_mod_mul(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_mont"); - if (!test_mont(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_mod_exp"); - if (!test_mod_exp(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_mod_exp_mont_consttime"); - if (!test_mod_exp_mont_consttime(out, ctx)) - goto err; - if (!test_mod_exp_mont5(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_exp"); - if (!test_exp(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_kronecker"); - if (!test_kron(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_mod_sqrt"); - if (!test_sqrt(out, ctx)) - goto err; - (void)BIO_flush(out); -#ifndef OPENSSL_NO_EC2M - message(out, "BN_GF2m_add"); - if (!test_gf2m_add(out)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_GF2m_mod"); - if (!test_gf2m_mod(out)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_GF2m_mod_mul"); - if (!test_gf2m_mod_mul(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_GF2m_mod_sqr"); - if (!test_gf2m_mod_sqr(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_GF2m_mod_inv"); - if (!test_gf2m_mod_inv(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_GF2m_mod_div"); - if (!test_gf2m_mod_div(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_GF2m_mod_exp"); - if (!test_gf2m_mod_exp(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_GF2m_mod_sqrt"); - if (!test_gf2m_mod_sqrt(out, ctx)) - goto err; - (void)BIO_flush(out); - - message(out, "BN_GF2m_mod_solve_quad"); - if (!test_gf2m_mod_solve_quad(out, ctx)) - goto err; - (void)BIO_flush(out); -#endif - BN_CTX_free(ctx); - BIO_free(out); - - EXIT(0); - err: - BIO_puts(out, "1\n"); /* make sure the Perl script fed by bc - * notices the failure, see test_bn in - * test/Makefile.ssl */ - (void)BIO_flush(out); - ERR_load_crypto_strings(); - ERR_print_errors_fp(stderr); - EXIT(1); - return (1); -} - -int test_add(BIO *bp) -{ - BIGNUM a, b, c; - int i; - - BN_init(&a); - BN_init(&b); - BN_init(&c); - - BN_bntest_rand(&a, 512, 0, 0); - for (i = 0; i < num0; i++) { - BN_bntest_rand(&b, 450 + i, 0, 0); - a.neg = rand_neg(); - b.neg = rand_neg(); - BN_add(&c, &a, &b); - if (bp != NULL) { - if (!results) { - BN_print(bp, &a); - BIO_puts(bp, " + "); - BN_print(bp, &b); - BIO_puts(bp, " - "); - } - BN_print(bp, &c); - BIO_puts(bp, "\n"); - } - a.neg = !a.neg; - b.neg = !b.neg; - BN_add(&c, &c, &b); - BN_add(&c, &c, &a); - if (!BN_is_zero(&c)) { - fprintf(stderr, "Add test failed!\n"); - return 0; - } - } - BN_free(&a); - BN_free(&b); - BN_free(&c); - return (1); -} - -int test_sub(BIO *bp) -{ - BIGNUM a, b, c; - int i; - - BN_init(&a); - BN_init(&b); - BN_init(&c); - - for (i = 0; i < num0 + num1; i++) { - if (i < num1) { - BN_bntest_rand(&a, 512, 0, 0); - BN_copy(&b, &a); - if (BN_set_bit(&a, i) == 0) - return (0); - BN_add_word(&b, i); - } else { - BN_bntest_rand(&b, 400 + i - num1, 0, 0); - a.neg = rand_neg(); - b.neg = rand_neg(); - } - BN_sub(&c, &a, &b); - if (bp != NULL) { - if (!results) { - BN_print(bp, &a); - BIO_puts(bp, " - "); - BN_print(bp, &b); - BIO_puts(bp, " - "); - } - BN_print(bp, &c); - BIO_puts(bp, "\n"); - } - BN_add(&c, &c, &b); - BN_sub(&c, &c, &a); - if (!BN_is_zero(&c)) { - fprintf(stderr, "Subtract test failed!\n"); - return 0; - } - } - BN_free(&a); - BN_free(&b); - BN_free(&c); - return (1); -} - -int test_div(BIO *bp, BN_CTX *ctx) -{ - BIGNUM a, b, c, d, e; - int i; - - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&d); - BN_init(&e); - - BN_one(&a); - BN_zero(&b); - - if (BN_div(&d, &c, &a, &b, ctx)) { - fprintf(stderr, "Division by zero succeeded!\n"); - return 0; - } - - for (i = 0; i < num0 + num1; i++) { - if (i < num1) { - BN_bntest_rand(&a, 400, 0, 0); - BN_copy(&b, &a); - BN_lshift(&a, &a, i); - BN_add_word(&a, i); - } else - BN_bntest_rand(&b, 50 + 3 * (i - num1), 0, 0); - a.neg = rand_neg(); - b.neg = rand_neg(); - BN_div(&d, &c, &a, &b, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, &a); - BIO_puts(bp, " / "); - BN_print(bp, &b); - BIO_puts(bp, " - "); - } - BN_print(bp, &d); - BIO_puts(bp, "\n"); - - if (!results) { - BN_print(bp, &a); - BIO_puts(bp, " % "); - BN_print(bp, &b); - BIO_puts(bp, " - "); - } - BN_print(bp, &c); - BIO_puts(bp, "\n"); - } - BN_mul(&e, &d, &b, ctx); - BN_add(&d, &e, &c); - BN_sub(&d, &d, &a); - if (!BN_is_zero(&d)) { - fprintf(stderr, "Division test failed!\n"); - return 0; - } - } - BN_free(&a); - BN_free(&b); - BN_free(&c); - BN_free(&d); - BN_free(&e); - return (1); -} - -static void print_word(BIO *bp, BN_ULONG w) -{ -#ifdef SIXTY_FOUR_BIT - if (sizeof(w) > sizeof(unsigned long)) { - unsigned long h = (unsigned long)(w >> 32), l = (unsigned long)(w); - - if (h) - BIO_printf(bp, "%lX%08lX", h, l); - else - BIO_printf(bp, "%lX", l); - return; - } -#endif - BIO_printf(bp, BN_HEX_FMT1, w); -} - -int test_div_word(BIO *bp) -{ - BIGNUM a, b; - BN_ULONG r, rmod, s; - int i; - - BN_init(&a); - BN_init(&b); - - for (i = 0; i < num0; i++) { - do { - BN_bntest_rand(&a, 512, -1, 0); - BN_bntest_rand(&b, BN_BITS2, -1, 0); - } while (BN_is_zero(&b)); - - s = b.d[0]; - BN_copy(&b, &a); - rmod = BN_mod_word(&b, s); - r = BN_div_word(&b, s); - - if (rmod != r) { - fprintf(stderr, "Mod (word) test failed!\n"); - return 0; - } - - if (bp != NULL) { - if (!results) { - BN_print(bp, &a); - BIO_puts(bp, " / "); - print_word(bp, s); - BIO_puts(bp, " - "); - } - BN_print(bp, &b); - BIO_puts(bp, "\n"); - - if (!results) { - BN_print(bp, &a); - BIO_puts(bp, " % "); - print_word(bp, s); - BIO_puts(bp, " - "); - } - print_word(bp, r); - BIO_puts(bp, "\n"); - } - BN_mul_word(&b, s); - BN_add_word(&b, r); - BN_sub(&b, &a, &b); - if (!BN_is_zero(&b)) { - fprintf(stderr, "Division (word) test failed!\n"); - return 0; - } - } - BN_free(&a); - BN_free(&b); - return (1); -} - -int test_div_recp(BIO *bp, BN_CTX *ctx) -{ - BIGNUM a, b, c, d, e; - BN_RECP_CTX recp; - int i; - - BN_RECP_CTX_init(&recp); - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&d); - BN_init(&e); - - for (i = 0; i < num0 + num1; i++) { - if (i < num1) { - BN_bntest_rand(&a, 400, 0, 0); - BN_copy(&b, &a); - BN_lshift(&a, &a, i); - BN_add_word(&a, i); - } else - BN_bntest_rand(&b, 50 + 3 * (i - num1), 0, 0); - a.neg = rand_neg(); - b.neg = rand_neg(); - BN_RECP_CTX_set(&recp, &b, ctx); - BN_div_recp(&d, &c, &a, &recp, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, &a); - BIO_puts(bp, " / "); - BN_print(bp, &b); - BIO_puts(bp, " - "); - } - BN_print(bp, &d); - BIO_puts(bp, "\n"); - - if (!results) { - BN_print(bp, &a); - BIO_puts(bp, " % "); - BN_print(bp, &b); - BIO_puts(bp, " - "); - } - BN_print(bp, &c); - BIO_puts(bp, "\n"); - } - BN_mul(&e, &d, &b, ctx); - BN_add(&d, &e, &c); - BN_sub(&d, &d, &a); - if (!BN_is_zero(&d)) { - fprintf(stderr, "Reciprocal division test failed!\n"); - fprintf(stderr, "a="); - BN_print_fp(stderr, &a); - fprintf(stderr, "\nb="); - BN_print_fp(stderr, &b); - fprintf(stderr, "\n"); - return 0; - } - } - BN_free(&a); - BN_free(&b); - BN_free(&c); - BN_free(&d); - BN_free(&e); - BN_RECP_CTX_free(&recp); - return (1); -} - -int test_mul(BIO *bp) -{ - BIGNUM a, b, c, d, e; - int i; - BN_CTX *ctx; - - ctx = BN_CTX_new(); - if (ctx == NULL) - EXIT(1); - - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&d); - BN_init(&e); - - for (i = 0; i < num0 + num1; i++) { - if (i <= num1) { - BN_bntest_rand(&a, 100, 0, 0); - BN_bntest_rand(&b, 100, 0, 0); - } else - BN_bntest_rand(&b, i - num1, 0, 0); - a.neg = rand_neg(); - b.neg = rand_neg(); - BN_mul(&c, &a, &b, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, &a); - BIO_puts(bp, " * "); - BN_print(bp, &b); - BIO_puts(bp, " - "); - } - BN_print(bp, &c); - BIO_puts(bp, "\n"); - } - BN_div(&d, &e, &c, &a, ctx); - BN_sub(&d, &d, &b); - if (!BN_is_zero(&d) || !BN_is_zero(&e)) { - fprintf(stderr, "Multiplication test failed!\n"); - return 0; - } - } - BN_free(&a); - BN_free(&b); - BN_free(&c); - BN_free(&d); - BN_free(&e); - BN_CTX_free(ctx); - return (1); -} - -int test_sqr(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *c, *d, *e; - int i, ret = 0; - - a = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - if (a == NULL || c == NULL || d == NULL || e == NULL) { - goto err; - } - - for (i = 0; i < num0; i++) { - BN_bntest_rand(a, 40 + i * 10, 0, 0); - a->neg = rand_neg(); - BN_sqr(c, a, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, a); - BIO_puts(bp, " - "); - } - BN_print(bp, c); - BIO_puts(bp, "\n"); - } - BN_div(d, e, c, a, ctx); - BN_sub(d, d, a); - if (!BN_is_zero(d) || !BN_is_zero(e)) { - fprintf(stderr, "Square test failed!\n"); - goto err; - } - } - - /* Regression test for a BN_sqr overflow bug. */ - BN_hex2bn(&a, - "80000000000000008000000000000001" - "FFFFFFFFFFFFFFFE0000000000000000"); - BN_sqr(c, a, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, a); - BIO_puts(bp, " - "); - } - BN_print(bp, c); - BIO_puts(bp, "\n"); - } - BN_mul(d, a, a, ctx); - if (BN_cmp(c, d)) { - fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " - "different results!\n"); - goto err; - } - - /* Regression test for a BN_sqr overflow bug. */ - BN_hex2bn(&a, - "80000000000000000000000080000001" - "FFFFFFFE000000000000000000000000"); - BN_sqr(c, a, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, a); - BIO_puts(bp, " - "); - } - BN_print(bp, c); - BIO_puts(bp, "\n"); - } - BN_mul(d, a, a, ctx); - if (BN_cmp(c, d)) { - fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " - "different results!\n"); - goto err; - } - ret = 1; - err: - if (a != NULL) - BN_free(a); - if (c != NULL) - BN_free(c); - if (d != NULL) - BN_free(d); - if (e != NULL) - BN_free(e); - return ret; -} - -int test_mont(BIO *bp, BN_CTX *ctx) -{ - BIGNUM a, b, c, d, A, B; - BIGNUM n; - int i; - BN_MONT_CTX *mont; - - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&d); - BN_init(&A); - BN_init(&B); - BN_init(&n); - - mont = BN_MONT_CTX_new(); - if (mont == NULL) - return 0; - - BN_zero(&n); - if (BN_MONT_CTX_set(mont, &n, ctx)) { - fprintf(stderr, "BN_MONT_CTX_set succeeded for zero modulus!\n"); - return 0; - } - - BN_set_word(&n, 16); - if (BN_MONT_CTX_set(mont, &n, ctx)) { - fprintf(stderr, "BN_MONT_CTX_set succeeded for even modulus!\n"); - return 0; - } - - BN_bntest_rand(&a, 100, 0, 0); - BN_bntest_rand(&b, 100, 0, 0); - for (i = 0; i < num2; i++) { - int bits = (200 * (i + 1)) / num2; - - if (bits == 0) - continue; - BN_bntest_rand(&n, bits, 0, 1); - BN_MONT_CTX_set(mont, &n, ctx); - - BN_nnmod(&a, &a, &n, ctx); - BN_nnmod(&b, &b, &n, ctx); - - BN_to_montgomery(&A, &a, mont, ctx); - BN_to_montgomery(&B, &b, mont, ctx); - - BN_mod_mul_montgomery(&c, &A, &B, mont, ctx); - BN_from_montgomery(&A, &c, mont, ctx); - if (bp != NULL) { - if (!results) { -#ifdef undef - fprintf(stderr, "%d * %d %% %d\n", - BN_num_bits(&a), - BN_num_bits(&b), BN_num_bits(mont->N)); -#endif - BN_print(bp, &a); - BIO_puts(bp, " * "); - BN_print(bp, &b); - BIO_puts(bp, " % "); - BN_print(bp, &(mont->N)); - BIO_puts(bp, " - "); - } - BN_print(bp, &A); - BIO_puts(bp, "\n"); - } - BN_mod_mul(&d, &a, &b, &n, ctx); - BN_sub(&d, &d, &A); - if (!BN_is_zero(&d)) { - fprintf(stderr, "Montgomery multiplication test failed!\n"); - return 0; - } - } - BN_MONT_CTX_free(mont); - BN_free(&a); - BN_free(&b); - BN_free(&c); - BN_free(&d); - BN_free(&A); - BN_free(&B); - BN_free(&n); - return (1); -} - -int test_mod(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b, *c, *d, *e; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - - BN_bntest_rand(a, 1024, 0, 0); - for (i = 0; i < num0; i++) { - BN_bntest_rand(b, 450 + i * 10, 0, 0); - a->neg = rand_neg(); - b->neg = rand_neg(); - BN_mod(c, a, b, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " % "); - BN_print(bp, b); - BIO_puts(bp, " - "); - } - BN_print(bp, c); - BIO_puts(bp, "\n"); - } - BN_div(d, e, a, b, ctx); - BN_sub(e, e, c); - if (!BN_is_zero(e)) { - fprintf(stderr, "Modulo test failed!\n"); - return 0; - } - } - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - return (1); -} - -int test_mod_mul(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b, *c, *d, *e; - int i, j; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - - BN_one(a); - BN_one(b); - BN_zero(c); - if (BN_mod_mul(e, a, b, c, ctx)) { - fprintf(stderr, "BN_mod_mul with zero modulus succeeded!\n"); - return 0; - } - - for (j = 0; j < 3; j++) { - BN_bntest_rand(c, 1024, 0, 0); - for (i = 0; i < num0; i++) { - BN_bntest_rand(a, 475 + i * 10, 0, 0); - BN_bntest_rand(b, 425 + i * 11, 0, 0); - a->neg = rand_neg(); - b->neg = rand_neg(); - if (!BN_mod_mul(e, a, b, c, ctx)) { - unsigned long l; - - while ((l = ERR_get_error())) - fprintf(stderr, "ERROR:%s\n", ERR_error_string(l, NULL)); - EXIT(1); - } - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, b); - BIO_puts(bp, " % "); - BN_print(bp, c); - if ((a->neg ^ b->neg) && !BN_is_zero(e)) { - /* - * If (a*b) % c is negative, c must be added in order - * to obtain the normalized remainder (new with - * OpenSSL 0.9.7, previous versions of BN_mod_mul - * could generate negative results) - */ - BIO_puts(bp, " + "); - BN_print(bp, c); - } - BIO_puts(bp, " - "); - } - BN_print(bp, e); - BIO_puts(bp, "\n"); - } - BN_mul(d, a, b, ctx); - BN_sub(d, d, e); - BN_div(a, b, d, c, ctx); - if (!BN_is_zero(b)) { - fprintf(stderr, "Modulo multiply test failed!\n"); - ERR_print_errors_fp(stderr); - return 0; - } - } - } - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - return (1); -} - -int test_mod_exp(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b, *c, *d, *e; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - - BN_one(a); - BN_one(b); - BN_zero(c); - if (BN_mod_exp(d, a, b, c, ctx)) { - fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n"); - return 0; - } - - BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */ - for (i = 0; i < num2; i++) { - BN_bntest_rand(a, 20 + i * 5, 0, 0); - BN_bntest_rand(b, 2 + i, 0, 0); - - if (!BN_mod_exp(d, a, b, c, ctx)) - return (0); - - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " ^ "); - BN_print(bp, b); - BIO_puts(bp, " % "); - BN_print(bp, c); - BIO_puts(bp, " - "); - } - BN_print(bp, d); - BIO_puts(bp, "\n"); - } - BN_exp(e, a, b, ctx); - BN_sub(e, e, d); - BN_div(a, b, e, c, ctx); - if (!BN_is_zero(b)) { - fprintf(stderr, "Modulo exponentiation test failed!\n"); - return 0; - } - } - - /* Regression test for carry propagation bug in sqr8x_reduction */ - BN_hex2bn(&a, "050505050505"); - BN_hex2bn(&b, "02"); - BN_hex2bn(&c, - "4141414141414141414141274141414141414141414141414141414141414141" - "4141414141414141414141414141414141414141414141414141414141414141" - "4141414141414141414141800000000000000000000000000000000000000000" - "0000000000000000000000000000000000000000000000000000000000000000" - "0000000000000000000000000000000000000000000000000000000000000000" - "0000000000000000000000000000000000000000000000000000000001"); - BN_mod_exp(d, a, b, c, ctx); - BN_mul(e, a, a, ctx); - if (BN_cmp(d, e)) { - fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n"); - return 0; - } - - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - return (1); -} - -int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b, *c, *d, *e; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - - BN_one(a); - BN_one(b); - BN_zero(c); - if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) { - fprintf(stderr, "BN_mod_exp_mont_consttime with zero modulus " - "succeeded\n"); - return 0; - } - - BN_set_word(c, 16); - if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) { - fprintf(stderr, "BN_mod_exp_mont_consttime with even modulus " - "succeeded\n"); - return 0; - } - - BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */ - for (i = 0; i < num2; i++) { - BN_bntest_rand(a, 20 + i * 5, 0, 0); - BN_bntest_rand(b, 2 + i, 0, 0); - - if (!BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) - return (00); - - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " ^ "); - BN_print(bp, b); - BIO_puts(bp, " % "); - BN_print(bp, c); - BIO_puts(bp, " - "); - } - BN_print(bp, d); - BIO_puts(bp, "\n"); - } - BN_exp(e, a, b, ctx); - BN_sub(e, e, d); - BN_div(a, b, e, c, ctx); - if (!BN_is_zero(b)) { - fprintf(stderr, "Modulo exponentiation test failed!\n"); - return 0; - } - } - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - return (1); -} - -/* - * Test constant-time modular exponentiation with 1024-bit inputs, which on - * x86_64 cause a different code branch to be taken. - */ -int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *p, *m, *d, *e; - BN_MONT_CTX *mont; - - a = BN_new(); - p = BN_new(); - m = BN_new(); - d = BN_new(); - e = BN_new(); - mont = BN_MONT_CTX_new(); - - BN_bntest_rand(m, 1024, 0, 1); /* must be odd for montgomery */ - /* Zero exponent */ - BN_bntest_rand(a, 1024, 0, 0); - BN_zero(p); - if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) - return 0; - if (!BN_is_one(d)) { - fprintf(stderr, "Modular exponentiation test failed!\n"); - return 0; - } - /* Zero input */ - BN_bntest_rand(p, 1024, 0, 0); - BN_zero(a); - if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) - return 0; - if (!BN_is_zero(d)) { - fprintf(stderr, "Modular exponentiation test failed!\n"); - return 0; - } - /* - * Craft an input whose Montgomery representation is 1, i.e., shorter - * than the modulus m, in order to test the const time precomputation - * scattering/gathering. - */ - BN_one(a); - BN_MONT_CTX_set(mont, m, ctx); - if (!BN_from_montgomery(e, a, mont, ctx)) - return 0; - if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) - return 0; - if (!BN_mod_exp_simple(a, e, p, m, ctx)) - return 0; - if (BN_cmp(a, d) != 0) { - fprintf(stderr, "Modular exponentiation test failed!\n"); - return 0; - } - /* Finally, some regular test vectors. */ - BN_bntest_rand(e, 1024, 0, 0); - if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) - return 0; - if (!BN_mod_exp_simple(a, e, p, m, ctx)) - return 0; - if (BN_cmp(a, d) != 0) { - fprintf(stderr, "Modular exponentiation test failed!\n"); - return 0; - } - BN_MONT_CTX_free(mont); - BN_free(a); - BN_free(p); - BN_free(m); - BN_free(d); - BN_free(e); - return (1); -} - -int test_exp(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b, *d, *e, *one; - int i; - - a = BN_new(); - b = BN_new(); - d = BN_new(); - e = BN_new(); - one = BN_new(); - BN_one(one); - - for (i = 0; i < num2; i++) { - BN_bntest_rand(a, 20 + i * 5, 0, 0); - BN_bntest_rand(b, 2 + i, 0, 0); - - if (BN_exp(d, a, b, ctx) <= 0) - return (0); - - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " ^ "); - BN_print(bp, b); - BIO_puts(bp, " - "); - } - BN_print(bp, d); - BIO_puts(bp, "\n"); - } - BN_one(e); - for (; !BN_is_zero(b); BN_sub(b, b, one)) - BN_mul(e, e, a, ctx); - BN_sub(e, e, d); - if (!BN_is_zero(e)) { - fprintf(stderr, "Exponentiation test failed!\n"); - return 0; - } - } - BN_free(a); - BN_free(b); - BN_free(d); - BN_free(e); - BN_free(one); - return (1); -} - -#ifndef OPENSSL_NO_EC2M -int test_gf2m_add(BIO *bp) -{ - BIGNUM a, b, c; - int i, ret = 0; - - BN_init(&a); - BN_init(&b); - BN_init(&c); - - for (i = 0; i < num0; i++) { - BN_rand(&a, 512, 0, 0); - BN_copy(&b, BN_value_one()); - a.neg = rand_neg(); - b.neg = rand_neg(); - BN_GF2m_add(&c, &a, &b); -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BN_print(bp, &a); - BIO_puts(bp, " ^ "); - BN_print(bp, &b); - BIO_puts(bp, " = "); - } - BN_print(bp, &c); - BIO_puts(bp, "\n"); - } -# endif - /* Test that two added values have the correct parity. */ - if ((BN_is_odd(&a) && BN_is_odd(&c)) - || (!BN_is_odd(&a) && !BN_is_odd(&c))) { - fprintf(stderr, "GF(2^m) addition test (a) failed!\n"); - goto err; - } - BN_GF2m_add(&c, &c, &c); - /* Test that c + c = 0. */ - if (!BN_is_zero(&c)) { - fprintf(stderr, "GF(2^m) addition test (b) failed!\n"); - goto err; - } - } - ret = 1; - err: - BN_free(&a); - BN_free(&b); - BN_free(&c); - return ret; -} - -int test_gf2m_mod(BIO *bp) -{ - BIGNUM *a, *b[2], *c, *d, *e; - int i, j, ret = 0; - int p0[] = { 163, 7, 6, 3, 0, -1 }; - int p1[] = { 193, 15, 0, -1 }; - - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - - BN_GF2m_arr2poly(p0, b[0]); - BN_GF2m_arr2poly(p1, b[1]); - - for (i = 0; i < num0; i++) { - BN_bntest_rand(a, 1024, 0, 0); - for (j = 0; j < 2; j++) { - BN_GF2m_mod(c, a, b[j]); -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " % "); - BN_print(bp, b[j]); - BIO_puts(bp, " - "); - BN_print(bp, c); - BIO_puts(bp, "\n"); - } - } -# endif - BN_GF2m_add(d, a, c); - BN_GF2m_mod(e, d, b[j]); - /* Test that a + (a mod p) mod p == 0. */ - if (!BN_is_zero(e)) { - fprintf(stderr, "GF(2^m) modulo test failed!\n"); - goto err; - } - } - } - ret = 1; - err: - BN_free(a); - BN_free(b[0]); - BN_free(b[1]); - BN_free(c); - BN_free(d); - BN_free(e); - return ret; -} - -int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b[2], *c, *d, *e, *f, *g, *h; - int i, j, ret = 0; - int p0[] = { 163, 7, 6, 3, 0, -1 }; - int p1[] = { 193, 15, 0, -1 }; - - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - f = BN_new(); - g = BN_new(); - h = BN_new(); - - BN_GF2m_arr2poly(p0, b[0]); - BN_GF2m_arr2poly(p1, b[1]); - - for (i = 0; i < num0; i++) { - BN_bntest_rand(a, 1024, 0, 0); - BN_bntest_rand(c, 1024, 0, 0); - BN_bntest_rand(d, 1024, 0, 0); - for (j = 0; j < 2; j++) { - BN_GF2m_mod_mul(e, a, c, b[j], ctx); -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, c); - BIO_puts(bp, " % "); - BN_print(bp, b[j]); - BIO_puts(bp, " - "); - BN_print(bp, e); - BIO_puts(bp, "\n"); - } - } -# endif - BN_GF2m_add(f, a, d); - BN_GF2m_mod_mul(g, f, c, b[j], ctx); - BN_GF2m_mod_mul(h, d, c, b[j], ctx); - BN_GF2m_add(f, e, g); - BN_GF2m_add(f, f, h); - /* Test that (a+d)*c = a*c + d*c. */ - if (!BN_is_zero(f)) { - fprintf(stderr, - "GF(2^m) modular multiplication test failed!\n"); - goto err; - } - } - } - ret = 1; - err: - BN_free(a); - BN_free(b[0]); - BN_free(b[1]); - BN_free(c); - BN_free(d); - BN_free(e); - BN_free(f); - BN_free(g); - BN_free(h); - return ret; -} - -int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b[2], *c, *d; - int i, j, ret = 0; - int p0[] = { 163, 7, 6, 3, 0, -1 }; - int p1[] = { 193, 15, 0, -1 }; - - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - - BN_GF2m_arr2poly(p0, b[0]); - BN_GF2m_arr2poly(p1, b[1]); - - for (i = 0; i < num0; i++) { - BN_bntest_rand(a, 1024, 0, 0); - for (j = 0; j < 2; j++) { - BN_GF2m_mod_sqr(c, a, b[j], ctx); - BN_copy(d, a); - BN_GF2m_mod_mul(d, a, d, b[j], ctx); -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " ^ 2 % "); - BN_print(bp, b[j]); - BIO_puts(bp, " = "); - BN_print(bp, c); - BIO_puts(bp, "; a * a = "); - BN_print(bp, d); - BIO_puts(bp, "\n"); - } - } -# endif - BN_GF2m_add(d, c, d); - /* Test that a*a = a^2. */ - if (!BN_is_zero(d)) { - fprintf(stderr, "GF(2^m) modular squaring test failed!\n"); - goto err; - } - } - } - ret = 1; - err: - BN_free(a); - BN_free(b[0]); - BN_free(b[1]); - BN_free(c); - BN_free(d); - return ret; -} - -int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b[2], *c, *d; - int i, j, ret = 0; - int p0[] = { 163, 7, 6, 3, 0, -1 }; - int p1[] = { 193, 15, 0, -1 }; - - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - - BN_GF2m_arr2poly(p0, b[0]); - BN_GF2m_arr2poly(p1, b[1]); - - for (i = 0; i < num0; i++) { - BN_bntest_rand(a, 512, 0, 0); - for (j = 0; j < 2; j++) { - BN_GF2m_mod_inv(c, a, b[j], ctx); - BN_GF2m_mod_mul(d, a, c, b[j], ctx); -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, c); - BIO_puts(bp, " - 1 % "); - BN_print(bp, b[j]); - BIO_puts(bp, "\n"); - } - } -# endif - /* Test that ((1/a)*a) = 1. */ - if (!BN_is_one(d)) { - fprintf(stderr, "GF(2^m) modular inversion test failed!\n"); - goto err; - } - } - } - ret = 1; - err: - BN_free(a); - BN_free(b[0]); - BN_free(b[1]); - BN_free(c); - BN_free(d); - return ret; -} - -int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b[2], *c, *d, *e, *f; - int i, j, ret = 0; - int p0[] = { 163, 7, 6, 3, 0, -1 }; - int p1[] = { 193, 15, 0, -1 }; - - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - f = BN_new(); - - BN_GF2m_arr2poly(p0, b[0]); - BN_GF2m_arr2poly(p1, b[1]); - - for (i = 0; i < num0; i++) { - BN_bntest_rand(a, 512, 0, 0); - BN_bntest_rand(c, 512, 0, 0); - for (j = 0; j < 2; j++) { - BN_GF2m_mod_div(d, a, c, b[j], ctx); - BN_GF2m_mod_mul(e, d, c, b[j], ctx); - BN_GF2m_mod_div(f, a, e, b[j], ctx); -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " = "); - BN_print(bp, c); - BIO_puts(bp, " * "); - BN_print(bp, d); - BIO_puts(bp, " % "); - BN_print(bp, b[j]); - BIO_puts(bp, "\n"); - } - } -# endif - /* Test that ((a/c)*c)/a = 1. */ - if (!BN_is_one(f)) { - fprintf(stderr, "GF(2^m) modular division test failed!\n"); - goto err; - } - } - } - ret = 1; - err: - BN_free(a); - BN_free(b[0]); - BN_free(b[1]); - BN_free(c); - BN_free(d); - BN_free(e); - BN_free(f); - return ret; -} - -int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b[2], *c, *d, *e, *f; - int i, j, ret = 0; - int p0[] = { 163, 7, 6, 3, 0, -1 }; - int p1[] = { 193, 15, 0, -1 }; - - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - f = BN_new(); - - BN_GF2m_arr2poly(p0, b[0]); - BN_GF2m_arr2poly(p1, b[1]); - - for (i = 0; i < num0; i++) { - BN_bntest_rand(a, 512, 0, 0); - BN_bntest_rand(c, 512, 0, 0); - BN_bntest_rand(d, 512, 0, 0); - for (j = 0; j < 2; j++) { - BN_GF2m_mod_exp(e, a, c, b[j], ctx); - BN_GF2m_mod_exp(f, a, d, b[j], ctx); - BN_GF2m_mod_mul(e, e, f, b[j], ctx); - BN_add(f, c, d); - BN_GF2m_mod_exp(f, a, f, b[j], ctx); -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " ^ ("); - BN_print(bp, c); - BIO_puts(bp, " + "); - BN_print(bp, d); - BIO_puts(bp, ") = "); - BN_print(bp, e); - BIO_puts(bp, "; - "); - BN_print(bp, f); - BIO_puts(bp, " % "); - BN_print(bp, b[j]); - BIO_puts(bp, "\n"); - } - } -# endif - BN_GF2m_add(f, e, f); - /* Test that a^(c+d)=a^c*a^d. */ - if (!BN_is_zero(f)) { - fprintf(stderr, - "GF(2^m) modular exponentiation test failed!\n"); - goto err; - } - } - } - ret = 1; - err: - BN_free(a); - BN_free(b[0]); - BN_free(b[1]); - BN_free(c); - BN_free(d); - BN_free(e); - BN_free(f); - return ret; -} - -int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b[2], *c, *d, *e, *f; - int i, j, ret = 0; - int p0[] = { 163, 7, 6, 3, 0, -1 }; - int p1[] = { 193, 15, 0, -1 }; - - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - f = BN_new(); - - BN_GF2m_arr2poly(p0, b[0]); - BN_GF2m_arr2poly(p1, b[1]); - - for (i = 0; i < num0; i++) { - BN_bntest_rand(a, 512, 0, 0); - for (j = 0; j < 2; j++) { - BN_GF2m_mod(c, a, b[j]); - BN_GF2m_mod_sqrt(d, a, b[j], ctx); - BN_GF2m_mod_sqr(e, d, b[j], ctx); -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BN_print(bp, d); - BIO_puts(bp, " ^ 2 - "); - BN_print(bp, a); - BIO_puts(bp, "\n"); - } - } -# endif - BN_GF2m_add(f, c, e); - /* Test that d^2 = a, where d = sqrt(a). */ - if (!BN_is_zero(f)) { - fprintf(stderr, "GF(2^m) modular square root test failed!\n"); - goto err; - } - } - } - ret = 1; - err: - BN_free(a); - BN_free(b[0]); - BN_free(b[1]); - BN_free(c); - BN_free(d); - BN_free(e); - BN_free(f); - return ret; -} - -int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b[2], *c, *d, *e; - int i, j, s = 0, t, ret = 0; - int p0[] = { 163, 7, 6, 3, 0, -1 }; - int p1[] = { 193, 15, 0, -1 }; - - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - - BN_GF2m_arr2poly(p0, b[0]); - BN_GF2m_arr2poly(p1, b[1]); - - for (i = 0; i < num0; i++) { - BN_bntest_rand(a, 512, 0, 0); - for (j = 0; j < 2; j++) { - t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx); - if (t) { - s++; - BN_GF2m_mod_sqr(d, c, b[j], ctx); - BN_GF2m_add(d, c, d); - BN_GF2m_mod(e, a, b[j]); -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BN_print(bp, c); - BIO_puts(bp, " is root of z^2 + z = "); - BN_print(bp, a); - BIO_puts(bp, " % "); - BN_print(bp, b[j]); - BIO_puts(bp, "\n"); - } - } -# endif - BN_GF2m_add(e, e, d); - /* - * Test that solution of quadratic c satisfies c^2 + c = a. - */ - if (!BN_is_zero(e)) { - fprintf(stderr, - "GF(2^m) modular solve quadratic test failed!\n"); - goto err; - } - - } else { -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BIO_puts(bp, "There are no roots of z^2 + z = "); - BN_print(bp, a); - BIO_puts(bp, " % "); - BN_print(bp, b[j]); - BIO_puts(bp, "\n"); - } - } -# endif - } - } - } - if (s == 0) { - fprintf(stderr, - "All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", - num0); - fprintf(stderr, - "this is very unlikely and probably indicates an error.\n"); - goto err; - } - ret = 1; - err: - BN_free(a); - BN_free(b[0]); - BN_free(b[1]); - BN_free(c); - BN_free(d); - BN_free(e); - return ret; -} -#endif -static int genprime_cb(int p, int n, BN_GENCB *arg) -{ - char c = '*'; - - if (p == 0) - c = '.'; - if (p == 1) - c = '+'; - if (p == 2) - c = '*'; - if (p == 3) - c = '\n'; - putc(c, stderr); - fflush(stderr); - return 1; -} - -int test_kron(BIO *bp, BN_CTX *ctx) -{ - BN_GENCB cb; - BIGNUM *a, *b, *r, *t; - int i; - int legendre, kronecker; - int ret = 0; - - a = BN_new(); - b = BN_new(); - r = BN_new(); - t = BN_new(); - if (a == NULL || b == NULL || r == NULL || t == NULL) - goto err; - - BN_GENCB_set(&cb, genprime_cb, NULL); - - /* - * We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). In - * this case we know that if b is prime, then BN_kronecker(a, b, ctx) is - * congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol). So we - * generate a random prime b and compare these values for a number of - * random a's. (That is, we run the Solovay-Strassen primality test to - * confirm that b is prime, except that we don't want to test whether b - * is prime but whether BN_kronecker works.) - */ - - if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) - goto err; - b->neg = rand_neg(); - putc('\n', stderr); - - for (i = 0; i < num0; i++) { - if (!BN_bntest_rand(a, 512, 0, 0)) - goto err; - a->neg = rand_neg(); - - /* t := (|b|-1)/2 (note that b is odd) */ - if (!BN_copy(t, b)) - goto err; - t->neg = 0; - if (!BN_sub_word(t, 1)) - goto err; - if (!BN_rshift1(t, t)) - goto err; - /* r := a^t mod b */ - b->neg = 0; - - if (!BN_mod_exp_recp(r, a, t, b, ctx)) - goto err; - b->neg = 1; - - if (BN_is_word(r, 1)) - legendre = 1; - else if (BN_is_zero(r)) - legendre = 0; - else { - if (!BN_add_word(r, 1)) - goto err; - if (0 != BN_ucmp(r, b)) { - fprintf(stderr, "Legendre symbol computation failed\n"); - goto err; - } - legendre = -1; - } - - kronecker = BN_kronecker(a, b, ctx); - if (kronecker < -1) - goto err; - /* we actually need BN_kronecker(a, |b|) */ - if (a->neg && b->neg) - kronecker = -kronecker; - - if (legendre != kronecker) { - fprintf(stderr, "legendre != kronecker; a = "); - BN_print_fp(stderr, a); - fprintf(stderr, ", b = "); - BN_print_fp(stderr, b); - fprintf(stderr, "\n"); - goto err; - } - - putc('.', stderr); - fflush(stderr); - } - - putc('\n', stderr); - fflush(stderr); - ret = 1; - err: - if (a != NULL) - BN_free(a); - if (b != NULL) - BN_free(b); - if (r != NULL) - BN_free(r); - if (t != NULL) - BN_free(t); - return ret; -} - -int test_sqrt(BIO *bp, BN_CTX *ctx) -{ - BN_GENCB cb; - BIGNUM *a, *p, *r; - int i, j; - int ret = 0; - - a = BN_new(); - p = BN_new(); - r = BN_new(); - if (a == NULL || p == NULL || r == NULL) - goto err; - - BN_GENCB_set(&cb, genprime_cb, NULL); - - for (i = 0; i < 16; i++) { - if (i < 8) { - unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 }; - - if (!BN_set_word(p, primes[i])) - goto err; - } else { - if (!BN_set_word(a, 32)) - goto err; - if (!BN_set_word(r, 2 * i + 1)) - goto err; - - if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) - goto err; - putc('\n', stderr); - } - p->neg = rand_neg(); - - for (j = 0; j < num2; j++) { - /* - * construct 'a' such that it is a square modulo p, but in - * general not a proper square and not reduced modulo p - */ - if (!BN_bntest_rand(r, 256, 0, 3)) - goto err; - if (!BN_nnmod(r, r, p, ctx)) - goto err; - if (!BN_mod_sqr(r, r, p, ctx)) - goto err; - if (!BN_bntest_rand(a, 256, 0, 3)) - goto err; - if (!BN_nnmod(a, a, p, ctx)) - goto err; - if (!BN_mod_sqr(a, a, p, ctx)) - goto err; - if (!BN_mul(a, a, r, ctx)) - goto err; - if (rand_neg()) - if (!BN_sub(a, a, p)) - goto err; - - if (!BN_mod_sqrt(r, a, p, ctx)) - goto err; - if (!BN_mod_sqr(r, r, p, ctx)) - goto err; - - if (!BN_nnmod(a, a, p, ctx)) - goto err; - - if (BN_cmp(a, r) != 0) { - fprintf(stderr, "BN_mod_sqrt failed: a = "); - BN_print_fp(stderr, a); - fprintf(stderr, ", r = "); - BN_print_fp(stderr, r); - fprintf(stderr, ", p = "); - BN_print_fp(stderr, p); - fprintf(stderr, "\n"); - goto err; - } - - putc('.', stderr); - fflush(stderr); - } - - putc('\n', stderr); - fflush(stderr); - } - ret = 1; - err: - if (a != NULL) - BN_free(a); - if (p != NULL) - BN_free(p); - if (r != NULL) - BN_free(r); - return ret; -} - -int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_) -{ - BIGNUM *a, *b, *c, *d; - int i; - - b = BN_new(); - c = BN_new(); - d = BN_new(); - BN_one(c); - - if (a_) - a = a_; - else { - a = BN_new(); - BN_bntest_rand(a, 200, 0, 0); - a->neg = rand_neg(); - } - for (i = 0; i < num0; i++) { - BN_lshift(b, a, i + 1); - BN_add(c, c, c); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, c); - BIO_puts(bp, " - "); - } - BN_print(bp, b); - BIO_puts(bp, "\n"); - } - BN_mul(d, a, c, ctx); - BN_sub(d, d, b); - if (!BN_is_zero(d)) { - fprintf(stderr, "Left shift test failed!\n"); - fprintf(stderr, "a="); - BN_print_fp(stderr, a); - fprintf(stderr, "\nb="); - BN_print_fp(stderr, b); - fprintf(stderr, "\nc="); - BN_print_fp(stderr, c); - fprintf(stderr, "\nd="); - BN_print_fp(stderr, d); - fprintf(stderr, "\n"); - return 0; - } - } - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - return (1); -} - -int test_lshift1(BIO *bp) -{ - BIGNUM *a, *b, *c; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - - BN_bntest_rand(a, 200, 0, 0); - a->neg = rand_neg(); - for (i = 0; i < num0; i++) { - BN_lshift1(b, a); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * 2"); - BIO_puts(bp, " - "); - } - BN_print(bp, b); - BIO_puts(bp, "\n"); - } - BN_add(c, a, a); - BN_sub(a, b, c); - if (!BN_is_zero(a)) { - fprintf(stderr, "Left shift one test failed!\n"); - return 0; - } - - BN_copy(a, b); - } - BN_free(a); - BN_free(b); - BN_free(c); - return (1); -} - -int test_rshift(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b, *c, *d, *e; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - BN_one(c); - - BN_bntest_rand(a, 200, 0, 0); - a->neg = rand_neg(); - for (i = 0; i < num0; i++) { - BN_rshift(b, a, i + 1); - BN_add(c, c, c); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " / "); - BN_print(bp, c); - BIO_puts(bp, " - "); - } - BN_print(bp, b); - BIO_puts(bp, "\n"); - } - BN_div(d, e, a, c, ctx); - BN_sub(d, d, b); - if (!BN_is_zero(d)) { - fprintf(stderr, "Right shift test failed!\n"); - return 0; - } - } - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - return (1); -} - -int test_rshift1(BIO *bp) -{ - BIGNUM *a, *b, *c; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - - BN_bntest_rand(a, 200, 0, 0); - a->neg = rand_neg(); - for (i = 0; i < num0; i++) { - BN_rshift1(b, a); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " / 2"); - BIO_puts(bp, " - "); - } - BN_print(bp, b); - BIO_puts(bp, "\n"); - } - BN_sub(c, a, b); - BN_sub(c, c, b); - if (!BN_is_zero(c) && !BN_abs_is_word(c, 1)) { - fprintf(stderr, "Right shift one test failed!\n"); - return 0; - } - BN_copy(a, b); - } - BN_free(a); - BN_free(b); - BN_free(c); - return (1); -} - -int rand_neg(void) -{ - static unsigned int neg = 0; - static int sign[8] = { 0, 0, 0, 1, 1, 0, 1, 1 }; - - return (sign[(neg++) % 8]); -} diff --git a/deps/openssl/openssl/crypto/bn/build.info b/deps/openssl/openssl/crypto/bn/build.info new file mode 100644 index 0000000000..c608ecce82 --- /dev/null +++ b/deps/openssl/openssl/crypto/bn/build.info @@ -0,0 +1,84 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ + bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \ + bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ + bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c \ + {- $target{bn_asm_src} -} \ + bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ + bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c +INCLUDE[../../libcrypto]=../../crypto/include + +INCLUDE[bn_exp.o]=.. + +GENERATE[bn-586.s]=asm/bn-586.pl \ + $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +DEPEND[bn-586.s]=../perlasm/x86asm.pl +GENERATE[co-586.s]=asm/co-586.pl \ + $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +DEPEND[co-586.s]=../perlasm/x86asm.pl +GENERATE[x86-mont.s]=asm/x86-mont.pl \ + $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +DEPEND[x86-mont.s]=../perlasm/x86asm.pl +GENERATE[x86-gf2m.s]=asm/x86-gf2m.pl \ + $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +DEPEND[x86-gf2m.s]=../perlasm/x86asm.pl + +GENERATE[sparcv9a-mont.S]=asm/sparcv9a-mont.pl $(PERLASM_SCHEME) +INCLUDE[sparcv9a-mont.o]=.. +GENERATE[sparcv9-mont.S]=asm/sparcv9-mont.pl $(PERLASM_SCHEME) +INCLUDE[sparcv9-mont.o]=.. +GENERATE[vis3-mont.S]=asm/vis3-mont.pl $(PERLASM_SCHEME) +INCLUDE[vis3-mont.o]=.. +GENERATE[sparct4-mont.S]=asm/sparct4-mont.pl $(PERLASM_SCHEME) +INCLUDE[sparct4-mont.o]=.. +GENERATE[sparcv9-gf2m.S]=asm/sparcv9-gf2m.pl $(PERLASM_SCHEME) +INCLUDE[sparcv9-gf2m.o]=.. + +GENERATE[bn-mips.s]=asm/mips.pl $(PERLASM_SCHEME) +GENERATE[mips-mont.s]=asm/mips-mont.pl $(PERLASM_SCHEME) + +GENERATE[s390x-mont.S]=asm/s390x-mont.pl $(PERLASM_SCHEME) +GENERATE[s390x-gf2m.s]=asm/s390x-gf2m.pl $(PERLASM_SCHEME) + +GENERATE[x86_64-mont.s]=asm/x86_64-mont.pl $(PERLASM_SCHEME) +GENERATE[x86_64-mont5.s]=asm/x86_64-mont5.pl $(PERLASM_SCHEME) +GENERATE[x86_64-gf2m.s]=asm/x86_64-gf2m.pl $(PERLASM_SCHEME) +GENERATE[rsaz-x86_64.s]=asm/rsaz-x86_64.pl $(PERLASM_SCHEME) +GENERATE[rsaz-avx2.s]=asm/rsaz-avx2.pl $(PERLASM_SCHEME) + +GENERATE[bn-ia64.s]=asm/ia64.S +GENERATE[ia64-mont.s]=asm/ia64-mont.pl $(CFLAGS) $(LIB_CFLAGS) + +GENERATE[parisc-mont.s]=asm/parisc-mont.pl $(PERLASM_SCHEME) + +# ppc - AIX, Linux, MacOS X... +GENERATE[bn-ppc.s]=asm/ppc.pl $(PERLASM_SCHEME) +GENERATE[ppc-mont.s]=asm/ppc-mont.pl $(PERLASM_SCHEME) +GENERATE[ppc64-mont.s]=asm/ppc64-mont.pl $(PERLASM_SCHEME) + +GENERATE[alpha-mont.S]=asm/alpha-mont.pl $(PERLASM_SCHEME) + +GENERATE[armv4-mont.S]=asm/armv4-mont.pl $(PERLASM_SCHEME) +INCLUDE[armv4-mont.o]=.. +GENERATE[armv4-gf2m.S]=asm/armv4-gf2m.pl $(PERLASM_SCHEME) +INCLUDE[armv4-gf2m.o]=.. +GENERATE[armv8-mont.S]=asm/armv8-mont.pl $(PERLASM_SCHEME) + +OVERRIDES=bn-mips3.o pa-risc2W.o pa-risc2.c +BEGINRAW[Makefile] +##### BN assembler implementations + +{- $builddir -}/bn-mips3.o: {- $sourcedir -}/asm/mips3.s + @if [ "$(CC)" = "gcc" ]; then \ + ABI=`expr "$(CFLAGS)" : ".*-mabi=\([n3264]*\)"` && \ + as -$$ABI -O -o $@ {- $sourcedir -}/asm/mips3.s; \ + else $(CC) -c $(CFLAGS) $(LIB_CFLAGS) -o $@ {- $sourcedir -}/asm/mips3.s; fi + +# GNU assembler fails to compile PA-RISC2 modules, insist on calling +# vendor assembler... +{- $builddir -}/pa-risc2W.o: {- $sourcedir -}/asm/pa-risc2W.s + CC="$(CC)" $(PERL) $(SRCDIR)/util/fipsas.pl $(SRCDIR) $< /usr/ccs/bin/as -o pa-risc2W.o {- $sourcedir -}/asm/pa-risc2W.s +{- $builddir -}/pa-risc2.o: {- $sourcedir -}/asm/pa-risc2.s + CC="$(CC)" $(PERL) $(SRCDIR)/util/fipsas.pl $(SRCDIR) $< /usr/ccs/bin/as -o pa-risc2.o {- $sourcedir -}/asm/pa-risc2.s + +ENDRAW[Makefile] diff --git a/deps/openssl/openssl/crypto/bn/divtest.c b/deps/openssl/openssl/crypto/bn/divtest.c deleted file mode 100644 index 2590b4581b..0000000000 --- a/deps/openssl/openssl/crypto/bn/divtest.c +++ /dev/null @@ -1,42 +0,0 @@ -#include <openssl/bn.h> -#include <openssl/rand.h> - -static int Rand(n) -{ - unsigned char x[2]; - RAND_pseudo_bytes(x, 2); - return (x[0] + 2 * x[1]); -} - -static void bug(char *m, BIGNUM *a, BIGNUM *b) -{ - printf("%s!\na=", m); - BN_print_fp(stdout, a); - printf("\nb="); - BN_print_fp(stdout, b); - printf("\n"); - fflush(stdout); -} - -main() -{ - BIGNUM *a = BN_new(), *b = BN_new(), *c = BN_new(), *d = BN_new(), - *C = BN_new(), *D = BN_new(); - BN_RECP_CTX *recp = BN_RECP_CTX_new(); - BN_CTX *ctx = BN_CTX_new(); - - for (;;) { - BN_pseudo_rand(a, Rand(), 0, 0); - BN_pseudo_rand(b, Rand(), 0, 0); - if (BN_is_zero(b)) - continue; - - BN_RECP_CTX_set(recp, b, ctx); - if (BN_div(C, D, a, b, ctx) != 1) - bug("BN_div failed", a, b); - if (BN_div_recp(c, d, a, recp, ctx) != 1) - bug("BN_div_recp failed", a, b); - else if (BN_cmp(c, C) != 0 || BN_cmp(c, C) != 0) - bug("mismatch", a, b); - } -} diff --git a/deps/openssl/openssl/crypto/bn/exp.c b/deps/openssl/openssl/crypto/bn/exp.c deleted file mode 100644 index fbce28c5be..0000000000 --- a/deps/openssl/openssl/crypto/bn/exp.c +++ /dev/null @@ -1,61 +0,0 @@ -/* unused */ - -#include <stdio.h> -#include <openssl/tmdiff.h> -#include "bn_lcl.h" - -#define SIZE 256 -#define NUM (8*8*8) -#define MOD (8*8*8*8*8) - -main(argc, argv) -int argc; -char *argv[]; -{ - BN_CTX ctx; - BIGNUM a, b, c, r, rr, t, l; - int j, i, size = SIZE, num = NUM, mod = MOD; - char *start, *end; - BN_MONT_CTX mont; - double d, md; - - BN_MONT_CTX_init(&mont); - BN_CTX_init(&ctx); - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&r); - - start = ms_time_new(); - end = ms_time_new(); - while (size <= 1024 * 8) { - BN_rand(&a, size, 0, 0); - BN_rand(&b, size, 1, 0); - BN_rand(&c, size, 0, 1); - - BN_mod(&a, &a, &c, &ctx); - - ms_time_get(start); - for (i = 0; i < 10; i++) - BN_MONT_CTX_set(&mont, &c, &ctx); - ms_time_get(end); - md = ms_time_diff(start, end); - - ms_time_get(start); - for (i = 0; i < num; i++) { - /* bn_mull(&r,&a,&b,&ctx); */ - /* BN_sqr(&r,&a,&ctx); */ - BN_mod_exp_mont(&r, &a, &b, &c, &ctx, &mont); - } - ms_time_get(end); - d = ms_time_diff(start, end) /* *50/33 */ ; - printf("%5d bit:%6.2f %6d %6.4f %4d m_set(%5.4f)\n", size, - d, num, d / num, (int)((d / num) * mod), md / 10.0); - num /= 8; - mod /= 8; - if (num <= 0) - num = 1; - size *= 2; - } - -} diff --git a/deps/openssl/openssl/crypto/bn/expspeed.c b/deps/openssl/openssl/crypto/bn/expspeed.c deleted file mode 100644 index 8ea980cdd2..0000000000 --- a/deps/openssl/openssl/crypto/bn/expspeed.c +++ /dev/null @@ -1,381 +0,0 @@ -/* unused */ - -/* crypto/bn/expspeed.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* most of this code has been pilfered from my libdes speed.c program */ - -#define BASENUM 5000 -#define NUM_START 0 - -/* - * determine timings for modexp, modmul, modsqr, gcd, Kronecker symbol, - * modular inverse, or modular square roots - */ -#define TEST_EXP -#undef TEST_MUL -#undef TEST_SQR -#undef TEST_GCD -#undef TEST_KRON -#undef TEST_INV -#undef TEST_SQRT -#define P_MOD_64 9 /* least significant 6 bits for prime to be - * used for BN_sqrt timings */ - -#if defined(TEST_EXP) + defined(TEST_MUL) + defined(TEST_SQR) + defined(TEST_GCD) + defined(TEST_KRON) + defined(TEST_INV) +defined(TEST_SQRT) != 1 -# error "choose one test" -#endif - -#if defined(TEST_INV) || defined(TEST_SQRT) -# define C_PRIME -static void genprime_cb(int p, int n, void *arg); -#endif - -#undef PROG -#define PROG bnspeed_main - -#include <stdio.h> -#include <stdlib.h> -#include <signal.h> -#include <string.h> -#include <openssl/crypto.h> -#include <openssl/err.h> -#include <openssl/rand.h> - -#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX) -# define TIMES -#endif - -#ifndef _IRIX -# include <time.h> -#endif -#ifdef TIMES -# include <sys/types.h> -# include <sys/times.h> -#endif - -/* - * Depending on the VMS version, the tms structure is perhaps defined. The - * __TMS macro will show if it was. If it wasn't defined, we should undefine - * TIMES, since that tells the rest of the program how things should be - * handled. -- Richard Levitte - */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) -# undef TIMES -#endif - -#ifndef TIMES -# include <sys/timeb.h> -#endif - -#if defined(sun) || defined(__ultrix) -# define _POSIX_SOURCE -# include <limits.h> -# include <sys/param.h> -#endif - -#include <openssl/bn.h> -#include <openssl/x509.h> - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) -# endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) -# endif -#endif - -#undef BUFSIZE -#define BUFSIZE ((long)1024*8) -int run = 0; - -static double Time_F(int s); -#define START 0 -#define STOP 1 - -static double Time_F(int s) -{ - double ret; -#ifdef TIMES - static struct tms tstart, tend; - - if (s == START) { - times(&tstart); - return (0); - } else { - times(&tend); - ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ; - return ((ret < 1e-3) ? 1e-3 : ret); - } -#else /* !times() */ - static struct timeb tstart, tend; - long i; - - if (s == START) { - ftime(&tstart); - return (0); - } else { - ftime(&tend); - i = (long)tend.millitm - (long)tstart.millitm; - ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1000.0; - return ((ret < 0.001) ? 0.001 : ret); - } -#endif -} - -#define NUM_SIZES 7 -#if NUM_START > NUM_SIZES -# error "NUM_START > NUM_SIZES" -#endif -static int sizes[NUM_SIZES] = { 128, 256, 512, 1024, 2048, 4096, 8192 }; - -static int mul_c[NUM_SIZES] = - { 8 * 8 * 8 * 8 * 8 * 8, 8 * 8 * 8 * 8 * 8, 8 * 8 * 8 * 8, 8 * 8 * 8, - 8 * 8, 8, 1 -}; - -/* - * static int sizes[NUM_SIZES]={59,179,299,419,539}; - */ - -#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof(str)); } - -void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx); - -int main(int argc, char **argv) -{ - BN_CTX *ctx; - BIGNUM *a, *b, *c, *r; - -#if 1 - if (!CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0)) - abort(); -#endif - - ctx = BN_CTX_new(); - a = BN_new(); - b = BN_new(); - c = BN_new(); - r = BN_new(); - - while (!RAND_status()) - /* not enough bits */ - RAND_SEED("I demand a manual recount!"); - - do_mul_exp(r, a, b, c, ctx); - return 0; -} - -void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx) -{ - int i, k; - double tm; - long num; - - num = BASENUM; - for (i = NUM_START; i < NUM_SIZES; i++) { -#ifdef C_PRIME -# ifdef TEST_SQRT - if (!BN_set_word(a, 64)) - goto err; - if (!BN_set_word(b, P_MOD_64)) - goto err; -# define ADD a -# define REM b -# else -# define ADD NULL -# define REM NULL -# endif - if (!BN_generate_prime(c, sizes[i], 0, ADD, REM, genprime_cb, NULL)) - goto err; - putc('\n', stderr); - fflush(stderr); -#endif - - for (k = 0; k < num; k++) { - if (k % 50 == 0) { /* Average over num/50 different choices of - * random numbers. */ - if (!BN_pseudo_rand(a, sizes[i], 1, 0)) - goto err; - - if (!BN_pseudo_rand(b, sizes[i], 1, 0)) - goto err; - -#ifndef C_PRIME - if (!BN_pseudo_rand(c, sizes[i], 1, 1)) - goto err; -#endif - -#ifdef TEST_SQRT - if (!BN_mod_sqr(a, a, c, ctx)) - goto err; - if (!BN_mod_sqr(b, b, c, ctx)) - goto err; -#else - if (!BN_nnmod(a, a, c, ctx)) - goto err; - if (!BN_nnmod(b, b, c, ctx)) - goto err; -#endif - - if (k == 0) - Time_F(START); - } -#if defined(TEST_EXP) - if (!BN_mod_exp(r, a, b, c, ctx)) - goto err; -#elif defined(TEST_MUL) - { - int i = 0; - for (i = 0; i < 50; i++) - if (!BN_mod_mul(r, a, b, c, ctx)) - goto err; - } -#elif defined(TEST_SQR) - { - int i = 0; - for (i = 0; i < 50; i++) { - if (!BN_mod_sqr(r, a, c, ctx)) - goto err; - if (!BN_mod_sqr(r, b, c, ctx)) - goto err; - } - } -#elif defined(TEST_GCD) - if (!BN_gcd(r, a, b, ctx)) - goto err; - if (!BN_gcd(r, b, c, ctx)) - goto err; - if (!BN_gcd(r, c, a, ctx)) - goto err; -#elif defined(TEST_KRON) - if (-2 == BN_kronecker(a, b, ctx)) - goto err; - if (-2 == BN_kronecker(b, c, ctx)) - goto err; - if (-2 == BN_kronecker(c, a, ctx)) - goto err; -#elif defined(TEST_INV) - if (!BN_mod_inverse(r, a, c, ctx)) - goto err; - if (!BN_mod_inverse(r, b, c, ctx)) - goto err; -#else /* TEST_SQRT */ - if (!BN_mod_sqrt(r, a, c, ctx)) - goto err; - if (!BN_mod_sqrt(r, b, c, ctx)) - goto err; -#endif - } - tm = Time_F(STOP); - printf( -#if defined(TEST_EXP) - "modexp %4d ^ %4d %% %4d" -#elif defined(TEST_MUL) - "50*modmul %4d %4d %4d" -#elif defined(TEST_SQR) - "100*modsqr %4d %4d %4d" -#elif defined(TEST_GCD) - "3*gcd %4d %4d %4d" -#elif defined(TEST_KRON) - "3*kronecker %4d %4d %4d" -#elif defined(TEST_INV) - "2*inv %4d %4d mod %4d" -#else /* TEST_SQRT */ - "2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d" -#endif - " -> %8.6fms %5.1f (%ld)\n", -#ifdef TEST_SQRT - P_MOD_64, -#endif - sizes[i], sizes[i], sizes[i], tm * 1000.0 / num, - tm * mul_c[i] / num, num); - num /= 7; - if (num <= 0) - num = 1; - } - return; - - err: - ERR_print_errors_fp(stderr); -} - -#ifdef C_PRIME -static void genprime_cb(int p, int n, void *arg) -{ - char c = '*'; - - if (p == 0) - c = '.'; - if (p == 1) - c = '+'; - if (p == 2) - c = '*'; - if (p == 3) - c = '\n'; - putc(c, stderr); - fflush(stderr); - (void)n; - (void)arg; -} -#endif diff --git a/deps/openssl/openssl/crypto/bn/exptest.c b/deps/openssl/openssl/crypto/bn/exptest.c deleted file mode 100644 index 779ee90203..0000000000 --- a/deps/openssl/openssl/crypto/bn/exptest.c +++ /dev/null @@ -1,315 +0,0 @@ -/* crypto/bn/exptest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include "../e_os.h" - -#include <openssl/bio.h> -#include <openssl/bn.h> -#include <openssl/rand.h> -#include <openssl/err.h> - -#define NUM_BITS (BN_BITS*2) - -static const char rnd_seed[] = - "string to make the random number generator think it has entropy"; - -/* - * Test that r == 0 in test_exp_mod_zero(). Returns one on success, - * returns zero and prints debug output otherwise. - */ -static int a_is_zero_mod_one(const char *method, const BIGNUM *r, - const BIGNUM *a) { - if (!BN_is_zero(r)) { - fprintf(stderr, "%s failed:\n", method); - fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n"); - fprintf(stderr, "a = "); - BN_print_fp(stderr, a); - fprintf(stderr, "\nr = "); - BN_print_fp(stderr, r); - fprintf(stderr, "\n"); - return 0; - } - return 1; -} - -/* - * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. - */ -static int test_exp_mod_zero() -{ - BIGNUM a, p, m; - BIGNUM r; - BN_ULONG one_word = 1; - BN_CTX *ctx = BN_CTX_new(); - int ret = 1, failed = 0; - - BN_init(&m); - BN_one(&m); - - BN_init(&a); - BN_one(&a); - - BN_init(&p); - BN_zero(&p); - - BN_init(&r); - - if (!BN_rand(&a, 1024, 0, 0)) - goto err; - - if (!BN_mod_exp(&r, &a, &p, &m, ctx)) - goto err; - - if (!a_is_zero_mod_one("BN_mod_exp", &r, &a)) - failed = 1; - - if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx)) - goto err; - - if (!a_is_zero_mod_one("BN_mod_exp_recp", &r, &a)) - failed = 1; - - if (!BN_mod_exp_simple(&r, &a, &p, &m, ctx)) - goto err; - - if (!a_is_zero_mod_one("BN_mod_exp_simple", &r, &a)) - failed = 1; - - if (!BN_mod_exp_mont(&r, &a, &p, &m, ctx, NULL)) - goto err; - - if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a)) - failed = 1; - - if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) { - goto err; - } - - if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", &r, &a)) - failed = 1; - - /* - * A different codepath exists for single word multiplication - * in non-constant-time only. - */ - if (!BN_mod_exp_mont_word(&r, one_word, &p, &m, ctx, NULL)) - goto err; - - if (!BN_is_zero(&r)) { - fprintf(stderr, "BN_mod_exp_mont_word failed:\n"); - fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n"); - fprintf(stderr, "r = "); - BN_print_fp(stderr, &r); - fprintf(stderr, "\n"); - return 0; - } - - ret = failed; - - err: - BN_free(&r); - BN_free(&a); - BN_free(&p); - BN_free(&m); - BN_CTX_free(ctx); - - return ret; -} - -int main(int argc, char *argv[]) -{ - BN_CTX *ctx; - BIO *out = NULL; - int i, ret; - unsigned char c; - BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m; - - /* - * Seed or BN_rand may fail, and we don't even check its return - * value (which we should) - */ - RAND_seed(rnd_seed, sizeof(rnd_seed)); - - ERR_load_BN_strings(); - - ctx = BN_CTX_new(); - if (ctx == NULL) - EXIT(1); - r_mont = BN_new(); - r_mont_const = BN_new(); - r_recp = BN_new(); - r_simple = BN_new(); - a = BN_new(); - b = BN_new(); - m = BN_new(); - if ((r_mont == NULL) || (r_recp == NULL) || (a == NULL) || (b == NULL)) - goto err; - - out = BIO_new(BIO_s_file()); - - if (out == NULL) - EXIT(1); - BIO_set_fp(out, stdout, BIO_NOCLOSE); - - for (i = 0; i < 200; i++) { - RAND_bytes(&c, 1); - c = (c % BN_BITS) - BN_BITS2; - BN_rand(a, NUM_BITS + c, 0, 0); - - RAND_bytes(&c, 1); - c = (c % BN_BITS) - BN_BITS2; - BN_rand(b, NUM_BITS + c, 0, 0); - - RAND_bytes(&c, 1); - c = (c % BN_BITS) - BN_BITS2; - BN_rand(m, NUM_BITS + c, 0, 1); - - BN_mod(a, a, m, ctx); - BN_mod(b, b, m, ctx); - - ret = BN_mod_exp_mont(r_mont, a, b, m, ctx, NULL); - if (ret <= 0) { - printf("BN_mod_exp_mont() problems\n"); - ERR_print_errors(out); - EXIT(1); - } - - ret = BN_mod_exp_recp(r_recp, a, b, m, ctx); - if (ret <= 0) { - printf("BN_mod_exp_recp() problems\n"); - ERR_print_errors(out); - EXIT(1); - } - - ret = BN_mod_exp_simple(r_simple, a, b, m, ctx); - if (ret <= 0) { - printf("BN_mod_exp_simple() problems\n"); - ERR_print_errors(out); - EXIT(1); - } - - ret = BN_mod_exp_mont_consttime(r_mont_const, a, b, m, ctx, NULL); - if (ret <= 0) { - printf("BN_mod_exp_mont_consttime() problems\n"); - ERR_print_errors(out); - EXIT(1); - } - - if (BN_cmp(r_simple, r_mont) == 0 - && BN_cmp(r_simple, r_recp) == 0 - && BN_cmp(r_simple, r_mont_const) == 0) { - printf("."); - fflush(stdout); - } else { - if (BN_cmp(r_simple, r_mont) != 0) - printf("\nsimple and mont results differ\n"); - if (BN_cmp(r_simple, r_mont_const) != 0) - printf("\nsimple and mont const time results differ\n"); - if (BN_cmp(r_simple, r_recp) != 0) - printf("\nsimple and recp results differ\n"); - - printf("a (%3d) = ", BN_num_bits(a)); - BN_print(out, a); - printf("\nb (%3d) = ", BN_num_bits(b)); - BN_print(out, b); - printf("\nm (%3d) = ", BN_num_bits(m)); - BN_print(out, m); - printf("\nsimple ="); - BN_print(out, r_simple); - printf("\nrecp ="); - BN_print(out, r_recp); - printf("\nmont ="); - BN_print(out, r_mont); - printf("\nmont_ct ="); - BN_print(out, r_mont_const); - printf("\n"); - EXIT(1); - } - } - BN_free(r_mont); - BN_free(r_mont_const); - BN_free(r_recp); - BN_free(r_simple); - BN_free(a); - BN_free(b); - BN_free(m); - BN_CTX_free(ctx); - ERR_remove_thread_state(NULL); - CRYPTO_mem_leaks(out); - BIO_free(out); - printf("\n"); - - if (test_exp_mod_zero() != 0) - goto err; - - printf("done\n"); - - EXIT(0); - err: - ERR_load_crypto_strings(); - ERR_print_errors(out); -#ifdef OPENSSL_SYS_NETWARE - printf("ERROR\n"); -#endif - EXIT(1); - return (1); -} diff --git a/deps/openssl/openssl/crypto/bn/rsaz_exp.c b/deps/openssl/openssl/crypto/bn/rsaz_exp.c index c54c6feb51..1a70f6cade 100644 --- a/deps/openssl/openssl/crypto/bn/rsaz_exp.c +++ b/deps/openssl/openssl/crypto/bn/rsaz_exp.c @@ -1,3 +1,12 @@ +/* + * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + /***************************************************************************** * * * Copyright (c) 2012, Intel Corporation * @@ -40,9 +49,12 @@ * (2) University of Haifa, Israel * *****************************************************************************/ +#include <openssl/opensslconf.h> #include "rsaz_exp.h" -#ifdef RSAZ_ENABLED +#ifndef RSAZ_ENABLED +NON_EMPTY_TRANSLATION_UNIT +#else /* * See crypto/bn/asm/rsaz-avx2.pl for further details. @@ -241,7 +253,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16], rsaz_1024_sqr_avx2(result, result, m, k0, 5); - wvalue = *((unsigned short *)&p_str[index / 8]); + wvalue = (p_str[(index / 8) + 1] << 8) | p_str[index / 8]; wvalue = (wvalue >> (index % 8)) & 31; index -= 5; @@ -337,10 +349,4 @@ void RSAZ_512_mod_exp(BN_ULONG result[8], OPENSSL_cleanse(storage, sizeof(storage)); } -#else - -# if defined(PEDANTIC) || defined(__DECC) || defined(__clang__) -static void *dummy = &dummy; -# endif - #endif diff --git a/deps/openssl/openssl/crypto/bn/rsaz_exp.h b/deps/openssl/openssl/crypto/bn/rsaz_exp.h index 229e181f67..9501cc8089 100644 --- a/deps/openssl/openssl/crypto/bn/rsaz_exp.h +++ b/deps/openssl/openssl/crypto/bn/rsaz_exp.h @@ -1,3 +1,12 @@ +/* + * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + /***************************************************************************** * * * Copyright (c) 2012, Intel Corporation * diff --git a/deps/openssl/openssl/crypto/bn/todo b/deps/openssl/openssl/crypto/bn/todo deleted file mode 100644 index e47e381aea..0000000000 --- a/deps/openssl/openssl/crypto/bn/todo +++ /dev/null @@ -1,3 +0,0 @@ -Cache RECP_CTX values -make the result argument independant of the inputs. -split up the _exp_ functions diff --git a/deps/openssl/openssl/crypto/bn/vms-helper.c b/deps/openssl/openssl/crypto/bn/vms-helper.c deleted file mode 100644 index f342e90cbf..0000000000 --- a/deps/openssl/openssl/crypto/bn/vms-helper.c +++ /dev/null @@ -1,68 +0,0 @@ -/* vms-helper.c */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include "cryptlib.h" -#include "bn_lcl.h" - -bn_div_words_abort(int i) -{ -#ifdef BN_DEBUG -# if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) - fprintf(stderr, "Division would overflow (%d)\n", i); -# endif - abort(); -#endif -} |