commit 22bae681926eabc13c88db558e10355345f5a2aa
parent ceca94318f8347d9141f1e833f1d7b0445430643
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 29 Oct 2023 16:34:07 +0100
zalloc intended to zero-out the RAM, do this manually now
Diffstat:
3 files changed, 3145 insertions(+), 2782 deletions(-)
diff --git a/openssl/main.c b/openssl/main.c
@@ -4,7 +4,7 @@
#include <gcrypt.h>
-#define NEED_LIBGCRYPT_VERSION "1.10.2"
+#define NEED_LIBGCRYPT_VERSION "1.10.1"
int main(int argc, char** argv)
{
diff --git a/openssl/openssl-test.c b/openssl/openssl-test.c
@@ -10,26 +10,26 @@
#include <stdlib.h>
#include <string.h>
-typedef struct ossl_ex_data_global_st {
- CRYPTO_RWLOCK *ex_data_lock;
- EX_CALLBACKS ex_data[CRYPTO_EX_INDEX__COUNT];
+typedef struct ossl_ex_data_global_st
+{
+ CRYPTO_RWLOCK *ex_data_lock;
+ EX_CALLBACKS ex_data[CRYPTO_EX_INDEX__COUNT];
} OSSL_EX_DATA_GLOBAL;
+struct ossl_lib_ctx_st
+{
+ CRYPTO_RWLOCK *lock, *rand_crngt_lock;
+ OSSL_EX_DATA_GLOBAL global;
-
-struct ossl_lib_ctx_st {
- CRYPTO_RWLOCK *lock, *rand_crngt_lock;
- OSSL_EX_DATA_GLOBAL global;
-
- void *property_string_data;
- void *evp_method_store;
- void *provider_store;
- void *namemap;
- void *property_defns;
- void *global_properties;
- void *drbg;
- void *drbg_nonce;
+ void *property_string_data;
+ void *evp_method_store;
+ void *provider_store;
+ void *namemap;
+ void *property_defns;
+ void *global_properties;
+ void *drbg;
+ void *drbg_nonce;
/*#ifndef FIPS_MODULE
void *provider_conf;
void *bio_core;
@@ -41,23 +41,18 @@ struct ossl_lib_ctx_st {
void *self_test_cb;
#endif*/
#if defined(OPENSSL_THREADS)
- void *threads;
+ void *threads;
#endif
- void *rand_crngt;
+ void *rand_crngt;
#ifdef FIPS_MODULE
- void *thread_event_handler;
- void *fips_prov;
+ void *thread_event_handler;
+ void *fips_prov;
#endif
- unsigned int ischild:1;
+ unsigned int ischild : 1;
};
-
-
-
-
-
/*
typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
int idx, long argl, void *argp);
@@ -70,94 +65,105 @@ __owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
CRYPTO_EX_free *free_func);
*/
-struct crypto_ex_data_st {
- //STACK_OF(void) *sk;
- void * sk;
+struct crypto_ex_data_st
+{
+ // STACK_OF(void) *sk;
+ void *sk;
};
-//DEFINE_STACK_OF(void)
+// DEFINE_STACK_OF(void)
typedef struct bn_mont_ctx_st BN_MONT_CTX;
-struct bn_mont_ctx_st {
- int ri; /* number of bits in R */
- BIGNUM RR; /* used to convert to montgomery form,
+struct bn_mont_ctx_st
+{
+ int ri; /* number of bits in R */
+ BIGNUM RR; /* used to convert to montgomery form,
possibly zero-padded */
- BIGNUM N; /* The modulus */
- BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only
+ BIGNUM N; /* The modulus */
+ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only
* stored for bignum algorithm) */
- BN_ULONG n0[2]; /* least significant word(s) of Ni; (type
+ BN_ULONG n0[2]; /* least significant word(s) of Ni; (type
* changed with 0.9.9, was "BN_ULONG n0;"
* before) */
- int flags;
+ int flags;
};
-int BN_get_flags(const BIGNUM *b, int n)
+int
+BN_get_flags (const BIGNUM *b, int n)
{
- return b->flags & n;
+ return b->flags & n;
}
-int BN_is_zero(const BIGNUM *a)
+
+int
+BN_is_zero (const BIGNUM *a)
{
- return a->top == 0;
+ return a->top == 0;
}
-int BN_num_bits_word(BN_ULONG l)
+
+int
+BN_num_bits_word (BN_ULONG l)
{
- BN_ULONG x, mask;
- int bits = (l != 0);
+ BN_ULONG x, mask;
+ int bits = (l != 0);
#if BN_BITS2 > 32
- x = l >> 32;
- mask = (0 - x) & BN_MASK2;
- mask = (0 - (mask >> (BN_BITS2 - 1)));
- bits += 32 & mask;
- l ^= (x ^ l) & mask;
+ x = l >> 32;
+ mask = (0 - x) & BN_MASK2;
+ mask = (0 - (mask >> (BN_BITS2 - 1)));
+ bits += 32 & mask;
+ l ^= (x ^ l) & mask;
#endif
- x = l >> 16;
- mask = (0 - x) & BN_MASK2;
- mask = (0 - (mask >> (BN_BITS2 - 1)));
- bits += 16 & mask;
- l ^= (x ^ l) & mask;
+ x = l >> 16;
+ mask = (0 - x) & BN_MASK2;
+ mask = (0 - (mask >> (BN_BITS2 - 1)));
+ bits += 16 & mask;
+ l ^= (x ^ l) & mask;
- x = l >> 8;
- mask = (0 - x) & BN_MASK2;
- mask = (0 - (mask >> (BN_BITS2 - 1)));
- bits += 8 & mask;
- l ^= (x ^ l) & mask;
+ x = l >> 8;
+ mask = (0 - x) & BN_MASK2;
+ mask = (0 - (mask >> (BN_BITS2 - 1)));
+ bits += 8 & mask;
+ l ^= (x ^ l) & mask;
- x = l >> 4;
- mask = (0 - x) & BN_MASK2;
- mask = (0 - (mask >> (BN_BITS2 - 1)));
- bits += 4 & mask;
- l ^= (x ^ l) & mask;
+ x = l >> 4;
+ mask = (0 - x) & BN_MASK2;
+ mask = (0 - (mask >> (BN_BITS2 - 1)));
+ bits += 4 & mask;
+ l ^= (x ^ l) & mask;
- x = l >> 2;
- mask = (0 - x) & BN_MASK2;
- mask = (0 - (mask >> (BN_BITS2 - 1)));
- bits += 2 & mask;
- l ^= (x ^ l) & mask;
+ x = l >> 2;
+ mask = (0 - x) & BN_MASK2;
+ mask = (0 - (mask >> (BN_BITS2 - 1)));
+ bits += 2 & mask;
+ l ^= (x ^ l) & mask;
- x = l >> 1;
- mask = (0 - x) & BN_MASK2;
- mask = (0 - (mask >> (BN_BITS2 - 1)));
- bits += 1 & mask;
+ x = l >> 1;
+ mask = (0 - x) & BN_MASK2;
+ mask = (0 - (mask >> (BN_BITS2 - 1)));
+ bits += 1 & mask;
- return bits;
+ return bits;
}
-int BN_num_bits(const BIGNUM *a)
+
+int
+BN_num_bits (const BIGNUM *a)
{
- int i = a->top - 1;
- bn_check_top(a);
+ int i = a->top - 1;
+ bn_check_top (a);
- if (BN_is_zero(a))
- return 0;
+ if (BN_is_zero (a))
+ return 0;
- return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
+ return ((i * BN_BITS2) + BN_num_bits_word (a->d[i]));
}
-void CRYPTO_free(void *str, const char *file, int line)
+
+void
+CRYPTO_free (void *str, const char *file, int line)
{/*
INCREMENT(free_count);
if (free_impl != CRYPTO_free) {
@@ -165,839 +171,944 @@ void CRYPTO_free(void *str, const char *file, int line)
return;
}
*/
- free(str);
+ free (str);
}
-void CRYPTO_clear_free(void *str, size_t num, const char *file, int line)
+
+void
+CRYPTO_clear_free (void *str, size_t num, const char *file, int line)
{
- if (str == NULL)
- return;
- if (num)
- {} // OPENSSL_cleanse(str, num);
- CRYPTO_free(str, file, line);
+ if (str == NULL)
+ return;
+ if (num)
+ {
+ } // OPENSSL_cleanse(str, num);
+ CRYPTO_free (str, file, line);
}
-static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
+
+static BN_ULONG *
+bn_expand_internal (const BIGNUM *b, int words)
{
- BN_ULONG *a = NULL;
+ BN_ULONG *a = NULL;
- if (words > (INT_MAX / (4 * BN_BITS2))) {
- // ERR_raise(ERR_LIB_BN, BN_R_BIGNUM_TOO_LONG);
- assert(0);
- return NULL;
- }
-
- if (BN_get_flags(b, BN_FLG_SECURE))
- {} // a = OPENSSL_secure_zalloc(words * sizeof(*a));
- else
- a = OPENSSL_zalloc(words * sizeof(*a));
- if (a == NULL)
- return NULL;
+ if (words > (INT_MAX / (4 * BN_BITS2)))
+ {
+ // ERR_raise(ERR_LIB_BN, BN_R_BIGNUM_TOO_LONG);
+ assert (0);
+ return NULL;
+ }
- assert(b->top <= words);
- if (b->top > 0)
- memcpy(a, b->d, sizeof(*a) * b->top);
+ if (BN_get_flags (b, BN_FLG_SECURE))
+ {
+ } // a = OPENSSL_secure_zalloc(words * sizeof(*a));
+ else
+ a = OPENSSL_zalloc (words * sizeof(*a));
+ memset (a, 0, words * sizeof(*a));
+ if (a == NULL)
+ return NULL;
- return a;
+ assert (b->top <= words);
+ if (b->top > 0)
+ memcpy (a, b->d, sizeof(*a) * b->top);
+
+ return a;
}
-static void bn_free_d(BIGNUM *a, int clear)
+
+static void
+bn_free_d (BIGNUM *a, int clear)
{
- // if (BN_get_flags(a, BN_FLG_SECURE))
- // OPENSSL_secure_clear_free(a->d, a->dmax * sizeof(a->d[0]));
- /*else*/ //if (clear != 0)
- // OPENSSL_clear_free(a->d, a->dmax * sizeof(a->d[0]));
- // else
- OPENSSL_free(a->d);
+ // if (BN_get_flags(a, BN_FLG_SECURE))
+ // OPENSSL_secure_clear_free(a->d, a->dmax * sizeof(a->d[0]));
+ /*else*/ // if (clear != 0)
+ // OPENSSL_clear_free(a->d, a->dmax * sizeof(a->d[0]));
+ // else
+ OPENSSL_free (a->d);
}
-BIGNUM *bn_expand2(BIGNUM *b, int words)
+BIGNUM *
+bn_expand2 (BIGNUM *b, int words)
{
- if (words > b->dmax) {
- BN_ULONG *a = bn_expand_internal(b, words);
- if (!a)
- return NULL;
- if (b->d != NULL)
- bn_free_d(b, 1);
- b->d = a;
- b->dmax = words;
- }
+ if (words > b->dmax)
+ {
+ BN_ULONG *a = bn_expand_internal (b, words);
+ if (! a)
+ return NULL;
+ if (b->d != NULL)
+ bn_free_d (b, 1);
+ b->d = a;
+ b->dmax = words;
+ }
- return b;
+ return b;
}
-static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits)
+
+static ossl_inline BIGNUM *
+bn_expand (BIGNUM *a, int bits)
{
- if (bits > (INT_MAX - BN_BITS2 + 1))
- return NULL;
+ if (bits > (INT_MAX - BN_BITS2 + 1))
+ return NULL;
- if (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax)
- return a;
+ if (((bits + BN_BITS2 - 1) / BN_BITS2) <= (a)->dmax)
+ return a;
- return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2);
+ return bn_expand2 ((a),(bits + BN_BITS2 - 1) / BN_BITS2);
}
-int BN_set_word(BIGNUM *a, BN_ULONG w)
+
+int
+BN_set_word (BIGNUM *a, BN_ULONG w)
{
- bn_check_top(a);
- if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL)
- return 0;
- a->neg = 0;
- a->d[0] = w;
- a->top = (w ? 1 : 0);
- a->flags &= ~BN_FLG_FIXED_TOP;
- bn_check_top(a);
- return 1;
+ bn_check_top (a);
+ if (bn_expand (a, (int) sizeof(BN_ULONG) * 8) == NULL)
+ return 0;
+ a->neg = 0;
+ a->d[0] = w;
+ a->top = (w ? 1 : 0);
+ a->flags &= ~BN_FLG_FIXED_TOP;
+ bn_check_top (a);
+ return 1;
}
-int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w)
+int
+BN_abs_is_word (const BIGNUM *a, const BN_ULONG w)
{
- return ((a->top == 1) && (a->d[0] == w)) || ((w == 0) && (a->top == 0));
+ return ((a->top == 1) && (a->d[0] == w)) || ((w == 0) && (a->top == 0));
}
-
-
-
-void BN_CTX_start(BN_CTX *ctx)
+void
+BN_CTX_start (BN_CTX *ctx)
{
// CTXDBG("ENTER BN_CTX_start()", ctx);
- /* If we're already overflowing ... */
- if (ctx->err_stack || ctx->too_many)
- ctx->err_stack++;
- /* (Try to) get a new frame pointer */
- else if (!BN_STACK_push(&ctx->stack, ctx->used)) {
- // ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
- assert(0);
- ctx->err_stack++;
- }
- // CTXDBG("LEAVE BN_CTX_start()", ctx);
+ /* If we're already overflowing ... */
+ if (ctx->err_stack || ctx->too_many)
+ ctx->err_stack++;
+ /* (Try to) get a new frame pointer */
+ else if (! BN_STACK_push (&ctx->stack, ctx->used))
+ {
+ // ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+ assert (0);
+ ctx->err_stack++;
+ }
+ // CTXDBG("LEAVE BN_CTX_start()", ctx);
+}
+
+
+BIGNUM *
+BN_CTX_get (BN_CTX *ctx)
+{
+ BIGNUM *ret;
+
+ // CTXDBG("ENTER BN_CTX_get()", ctx);
+ if (ctx->err_stack || ctx->too_many)
+ return NULL;
+ if ((ret = BN_POOL_get (&ctx->pool, ctx->flags)) == NULL)
+ {
+ /*
+ * Setting too_many prevents repeated "get" attempts from cluttering
+ * the error stack.
+ */
+ ctx->too_many = 1;
+ // ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+ assert (0);
+ return NULL;
+ }
+ /* OK, make sure the returned bignum is "zero" */
+ BN_zero (ret);
+ /* clear BN_FLG_CONSTTIME if leaked from previous frames */
+ ret->flags &= (~BN_FLG_CONSTTIME);
+ ctx->used++;
+ // CTXDBG("LEAVE BN_CTX_get()", ctx);
+ return ret;
}
-BIGNUM *BN_CTX_get(BN_CTX *ctx)
-{
- BIGNUM *ret;
-
- // CTXDBG("ENTER BN_CTX_get()", ctx);
- if (ctx->err_stack || ctx->too_many)
- return NULL;
- if ((ret = BN_POOL_get(&ctx->pool, ctx->flags)) == NULL) {
- /*
- * Setting too_many prevents repeated "get" attempts from cluttering
- * the error stack.
- */
- ctx->too_many = 1;
- // ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
- assert(0);
- return NULL;
- }
- /* OK, make sure the returned bignum is "zero" */
- BN_zero(ret);
- /* clear BN_FLG_CONSTTIME if leaked from previous frames */
- ret->flags &= (~BN_FLG_CONSTTIME);
- ctx->used++;
- // CTXDBG("LEAVE BN_CTX_get()", ctx);
- return ret;
-}
-void bn_init(BIGNUM *a)
+void
+bn_init (BIGNUM *a)
{
- static BIGNUM nilbn;
+ static BIGNUM nilbn;
- *a = nilbn;
- bn_check_top(a);
+ *a = nilbn;
+ bn_check_top (a);
}
-void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
+
+void
+BN_MONT_CTX_init (BN_MONT_CTX *ctx)
{
- ctx->ri = 0;
- bn_init(&ctx->RR);
- bn_init(&ctx->N);
- bn_init(&ctx->Ni);
- ctx->n0[0] = ctx->n0[1] = 0;
- ctx->flags = 0;
+ ctx->ri = 0;
+ bn_init (&ctx->RR);
+ bn_init (&ctx->N);
+ bn_init (&ctx->Ni);
+ ctx->n0[0] = ctx->n0[1] = 0;
+ ctx->flags = 0;
}
-BN_MONT_CTX *BN_MONT_CTX_new(void)
+
+BN_MONT_CTX *
+BN_MONT_CTX_new (void)
{
- BN_MONT_CTX *ret;
+ BN_MONT_CTX *ret;
- if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
- return NULL;
+ if ((ret = OPENSSL_malloc (sizeof(*ret))) == NULL)
+ return NULL;
- BN_MONT_CTX_init(ret);
- ret->flags = BN_FLG_MALLOCED;
- return ret;
+ BN_MONT_CTX_init (ret);
+ ret->flags = BN_FLG_MALLOCED;
+ return ret;
}
-int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
+
+int
+BN_ucmp (const BIGNUM *a, const BIGNUM *b)
{
- int i;
- BN_ULONG t1, t2, *ap, *bp;
+ int i;
+ BN_ULONG t1, t2, *ap, *bp;
- bn_check_top(a);
- bn_check_top(b);
+ bn_check_top (a);
+ bn_check_top (b);
- i = a->top - b->top;
- if (i != 0)
- return i;
- ap = a->d;
- bp = b->d;
- for (i = a->top - 1; i >= 0; i--) {
- t1 = ap[i];
- t2 = bp[i];
- if (t1 != t2)
- return ((t1 > t2) ? 1 : -1);
- }
- return 0;
+ i = a->top - b->top;
+ if (i != 0)
+ return i;
+ ap = a->d;
+ bp = b->d;
+ for (i = a->top - 1; i >= 0; i--)
+ {
+ t1 = ap[i];
+ t2 = bp[i];
+ if (t1 != t2)
+ return ((t1 > t2) ? 1 : -1);
+ }
+ return 0;
}
-BIGNUM *bn_wexpand(BIGNUM *a, int words)
-{
- return (words <= a->dmax) ? a : bn_expand2(a, words);
-}
-BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
- int n)
+BIGNUM *
+bn_wexpand (BIGNUM *a, int words)
{
- BN_ULONG t1, t2;
- int c = 0;
-
- assert(n >= 0);
- if (n <= 0)
- return (BN_ULONG)0;
-
-#ifndef OPENSSL_SMALL_FOOTPRINT
- while (n & ~3) {
- t1 = a[0];
- t2 = (t1 - c) & BN_MASK2;
- c = (t2 > t1);
- t1 = b[0];
- t1 = (t2 - t1) & BN_MASK2;
- r[0] = t1;
- c += (t1 > t2);
- t1 = a[1];
- t2 = (t1 - c) & BN_MASK2;
- c = (t2 > t1);
- t1 = b[1];
- t1 = (t2 - t1) & BN_MASK2;
- r[1] = t1;
- c += (t1 > t2);
- t1 = a[2];
- t2 = (t1 - c) & BN_MASK2;
- c = (t2 > t1);
- t1 = b[2];
- t1 = (t2 - t1) & BN_MASK2;
- r[2] = t1;
- c += (t1 > t2);
- t1 = a[3];
- t2 = (t1 - c) & BN_MASK2;
- c = (t2 > t1);
- t1 = b[3];
- t1 = (t2 - t1) & BN_MASK2;
- r[3] = t1;
- c += (t1 > t2);
- a += 4;
- b += 4;
- r += 4;
- n -= 4;
- }
-#endif
- while (n) {
- t1 = a[0];
- t2 = (t1 - c) & BN_MASK2;
- c = (t2 > t1);
- t1 = b[0];
- t1 = (t2 - t1) & BN_MASK2;
- r[0] = t1;
- c += (t1 > t2);
- a++;
- b++;
- r++;
- n--;
- }
- return c;
+ return (words <= a->dmax) ? a : bn_expand2 (a, words);
}
-int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+BN_ULONG
+bn_sub_words (BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+ int n)
{
- int max, min, dif;
- BN_ULONG t1, t2, borrow, *rp;
- const BN_ULONG *ap, *bp;
-
- bn_check_top(a);
- bn_check_top(b);
+ BN_ULONG t1, t2;
+ int c = 0;
- max = a->top;
- min = b->top;
- dif = max - min;
+ assert (n >= 0);
+ if (n <= 0)
+ return (BN_ULONG) 0;
- if (dif < 0) { /* hmm... should not be happening */
- //ERR_raise(ERR_LIB_BN, BN_R_ARG2_LT_ARG3);
- assert(0);
- return 0;
- }
+#ifndef OPENSSL_SMALL_FOOTPRINT
+ while (n & ~3)
+ {
+ t1 = a[0];
+ t2 = (t1 - c) & BN_MASK2;
+ c = (t2 > t1);
+ t1 = b[0];
+ t1 = (t2 - t1) & BN_MASK2;
+ r[0] = t1;
+ c += (t1 > t2);
+ t1 = a[1];
+ t2 = (t1 - c) & BN_MASK2;
+ c = (t2 > t1);
+ t1 = b[1];
+ t1 = (t2 - t1) & BN_MASK2;
+ r[1] = t1;
+ c += (t1 > t2);
+ t1 = a[2];
+ t2 = (t1 - c) & BN_MASK2;
+ c = (t2 > t1);
+ t1 = b[2];
+ t1 = (t2 - t1) & BN_MASK2;
+ r[2] = t1;
+ c += (t1 > t2);
+ t1 = a[3];
+ t2 = (t1 - c) & BN_MASK2;
+ c = (t2 > t1);
+ t1 = b[3];
+ t1 = (t2 - t1) & BN_MASK2;
+ r[3] = t1;
+ c += (t1 > t2);
+ a += 4;
+ b += 4;
+ r += 4;
+ n -= 4;
+ }
+#endif
+ while (n)
+ {
+ t1 = a[0];
+ t2 = (t1 - c) & BN_MASK2;
+ c = (t2 > t1);
+ t1 = b[0];
+ t1 = (t2 - t1) & BN_MASK2;
+ r[0] = t1;
+ c += (t1 > t2);
+ a++;
+ b++;
+ r++;
+ n--;
+ }
+ return c;
+}
+
+
+int
+BN_usub (BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+ int max, min, dif;
+ BN_ULONG t1, t2, borrow, *rp;
+ const BN_ULONG *ap, *bp;
+
+ bn_check_top (a);
+ bn_check_top (b);
+
+ max = a->top;
+ min = b->top;
+ dif = max - min;
+
+ if (dif < 0) /* hmm... should not be happening */
+ // ERR_raise(ERR_LIB_BN, BN_R_ARG2_LT_ARG3);
+ {
+ assert (0);
+ return 0;
+ }
- if (bn_wexpand(r, max) == NULL)
- return 0;
+ if (bn_wexpand (r, max) == NULL)
+ return 0;
- ap = a->d;
- bp = b->d;
- rp = r->d;
+ ap = a->d;
+ bp = b->d;
+ rp = r->d;
- borrow = bn_sub_words(rp, ap, bp, min);
- ap += min;
- rp += min;
+ borrow = bn_sub_words (rp, ap, bp, min);
+ ap += min;
+ rp += min;
- while (dif) {
- dif--;
- t1 = *(ap++);
- t2 = (t1 - borrow) & BN_MASK2;
- *(rp++) = t2;
- borrow &= (t1 == 0);
- }
+ while (dif)
+ {
+ dif--;
+ t1 = *(ap++);
+ t2 = (t1 - borrow) & BN_MASK2;
+ *(rp++) = t2;
+ borrow &= (t1 == 0);
+ }
- while (max && *--rp == 0)
- max--;
+ while (max && *--rp == 0)
+ max--;
- r->top = max;
- r->neg = 0;
- bn_pollute(r);
+ r->top = max;
+ r->neg = 0;
+ bn_pollute (r);
- return 1;
+ return 1;
}
+
#ifdef BN_LLONG
-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
- int n)
+BN_ULONG
+bn_add_words (BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+ int n)
{
- BN_ULLONG ll = 0;
+ BN_ULLONG ll = 0;
- assert(n >= 0);
- if (n <= 0)
- return (BN_ULONG)0;
+ assert (n >= 0);
+ if (n <= 0)
+ return (BN_ULONG) 0;
# ifndef OPENSSL_SMALL_FOOTPRINT
- while (n & ~3) {
- ll += (BN_ULLONG) a[0] + b[0];
- r[0] = (BN_ULONG)ll & BN_MASK2;
- ll >>= BN_BITS2;
- ll += (BN_ULLONG) a[1] + b[1];
- r[1] = (BN_ULONG)ll & BN_MASK2;
- ll >>= BN_BITS2;
- ll += (BN_ULLONG) a[2] + b[2];
- r[2] = (BN_ULONG)ll & BN_MASK2;
- ll >>= BN_BITS2;
- ll += (BN_ULLONG) a[3] + b[3];
- r[3] = (BN_ULONG)ll & BN_MASK2;
- ll >>= BN_BITS2;
- a += 4;
- b += 4;
- r += 4;
- n -= 4;
- }
+ while (n & ~3)
+ {
+ ll += (BN_ULLONG) a[0] + b[0];
+ r[0] = (BN_ULONG) ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ ll += (BN_ULLONG) a[1] + b[1];
+ r[1] = (BN_ULONG) ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ ll += (BN_ULLONG) a[2] + b[2];
+ r[2] = (BN_ULONG) ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ ll += (BN_ULLONG) a[3] + b[3];
+ r[3] = (BN_ULONG) ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ a += 4;
+ b += 4;
+ r += 4;
+ n -= 4;
+ }
# endif
- while (n) {
- ll += (BN_ULLONG) a[0] + b[0];
- r[0] = (BN_ULONG)ll & BN_MASK2;
- ll >>= BN_BITS2;
- a++;
- b++;
- r++;
- n--;
- }
- return (BN_ULONG)ll;
+ while (n)
+ {
+ ll += (BN_ULLONG) a[0] + b[0];
+ r[0] = (BN_ULONG) ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ a++;
+ b++;
+ r++;
+ n--;
+ }
+ return (BN_ULONG) ll;
}
+
+
#else /* !BN_LLONG */
-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
- int n)
+BN_ULONG
+bn_add_words (BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+ int n)
{
- BN_ULONG c, l, t;
+ BN_ULONG c, l, t;
- assert(n >= 0);
- if (n <= 0)
- return (BN_ULONG)0;
+ assert (n >= 0);
+ if (n <= 0)
+ return (BN_ULONG) 0;
- c = 0;
+ c = 0;
# ifndef OPENSSL_SMALL_FOOTPRINT
- while (n & ~3) {
- t = a[0];
- t = (t + c) & BN_MASK2;
- c = (t < c);
- l = (t + b[0]) & BN_MASK2;
- c += (l < t);
- r[0] = l;
- t = a[1];
- t = (t + c) & BN_MASK2;
- c = (t < c);
- l = (t + b[1]) & BN_MASK2;
- c += (l < t);
- r[1] = l;
- t = a[2];
- t = (t + c) & BN_MASK2;
- c = (t < c);
- l = (t + b[2]) & BN_MASK2;
- c += (l < t);
- r[2] = l;
- t = a[3];
- t = (t + c) & BN_MASK2;
- c = (t < c);
- l = (t + b[3]) & BN_MASK2;
- c += (l < t);
- r[3] = l;
- a += 4;
- b += 4;
- r += 4;
- n -= 4;
- }
+ while (n & ~3)
+ {
+ t = a[0];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[0]) & BN_MASK2;
+ c += (l < t);
+ r[0] = l;
+ t = a[1];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[1]) & BN_MASK2;
+ c += (l < t);
+ r[1] = l;
+ t = a[2];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[2]) & BN_MASK2;
+ c += (l < t);
+ r[2] = l;
+ t = a[3];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[3]) & BN_MASK2;
+ c += (l < t);
+ r[3] = l;
+ a += 4;
+ b += 4;
+ r += 4;
+ n -= 4;
+ }
# endif
- while (n) {
- t = a[0];
- t = (t + c) & BN_MASK2;
- c = (t < c);
- l = (t + b[0]) & BN_MASK2;
- c += (l < t);
- r[0] = l;
- a++;
- b++;
- r++;
- n--;
- }
- return (BN_ULONG)c;
+ while (n)
+ {
+ t = a[0];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[0]) & BN_MASK2;
+ c += (l < t);
+ r[0] = l;
+ a++;
+ b++;
+ r++;
+ n--;
+ }
+ return (BN_ULONG) c;
}
+
+
#endif /* !BN_LLONG */
/* unsigned add of b to a, r can be equal to a or b. */
-int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+int
+BN_uadd (BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
{
- int max, min, dif;
- const BN_ULONG *ap, *bp;
- BN_ULONG *rp, carry, t1, t2;
+ int max, min, dif;
+ const BN_ULONG *ap, *bp;
+ BN_ULONG *rp, carry, t1, t2;
- bn_check_top(a);
- bn_check_top(b);
+ bn_check_top (a);
+ bn_check_top (b);
- if (a->top < b->top) {
- const BIGNUM *tmp;
+ if (a->top < b->top)
+ {
+ const BIGNUM *tmp;
- tmp = a;
- a = b;
- b = tmp;
- }
- max = a->top;
- min = b->top;
- dif = max - min;
+ tmp = a;
+ a = b;
+ b = tmp;
+ }
+ max = a->top;
+ min = b->top;
+ dif = max - min;
- if (bn_wexpand(r, max + 1) == NULL)
- return 0;
+ if (bn_wexpand (r, max + 1) == NULL)
+ return 0;
- r->top = max;
+ r->top = max;
- ap = a->d;
- bp = b->d;
- rp = r->d;
+ ap = a->d;
+ bp = b->d;
+ rp = r->d;
- carry = bn_add_words(rp, ap, bp, min);
- rp += min;
- ap += min;
+ carry = bn_add_words (rp, ap, bp, min);
+ rp += min;
+ ap += min;
- while (dif) {
- dif--;
- t1 = *(ap++);
- t2 = (t1 + carry) & BN_MASK2;
- *(rp++) = t2;
- carry &= (t2 == 0);
- }
- *rp = carry;
- r->top += carry;
+ while (dif)
+ {
+ dif--;
+ t1 = *(ap++);
+ t2 = (t1 + carry) & BN_MASK2;
+ *(rp++) = t2;
+ carry &= (t2 == 0);
+ }
+ *rp = carry;
+ r->top += carry;
- r->neg = 0;
- bn_check_top(r);
- return 1;
+ r->neg = 0;
+ bn_check_top (r);
+ return 1;
}
-int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-{
- int ret, r_neg, cmp_res;
-
- bn_check_top(a);
- bn_check_top(b);
-
- if (a->neg != b->neg) {
- r_neg = a->neg;
- ret = BN_uadd(r, a, b);
- } else {
- cmp_res = BN_ucmp(a, b);
- if (cmp_res > 0) {
- r_neg = a->neg;
- ret = BN_usub(r, a, b);
- } else if (cmp_res < 0) {
- r_neg = !b->neg;
- ret = BN_usub(r, b, a);
- } else {
- r_neg = 0;
- BN_zero(r);
- ret = 1;
- }
+
+int
+BN_sub (BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+ int ret, r_neg, cmp_res;
+
+ bn_check_top (a);
+ bn_check_top (b);
+
+ if (a->neg != b->neg)
+ {
+ r_neg = a->neg;
+ ret = BN_uadd (r, a, b);
+ }
+ else
+ {
+ cmp_res = BN_ucmp (a, b);
+ if (cmp_res > 0)
+ {
+ r_neg = a->neg;
+ ret = BN_usub (r, a, b);
+ }
+ else if (cmp_res < 0)
+ {
+ r_neg = ! b->neg;
+ ret = BN_usub (r, b, a);
}
+ else
+ {
+ r_neg = 0;
+ BN_zero (r);
+ ret = 1;
+ }
+ }
- r->neg = r_neg;
- bn_check_top(r);
- return ret;
+ r->neg = r_neg;
+ bn_check_top (r);
+ return ret;
}
-int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-{
- int ret, r_neg, cmp_res;
-
- bn_check_top(a);
- bn_check_top(b);
-
- if (a->neg == b->neg) {
- r_neg = a->neg;
- ret = BN_uadd(r, a, b);
- } else {
- cmp_res = BN_ucmp(a, b);
- if (cmp_res > 0) {
- r_neg = a->neg;
- ret = BN_usub(r, a, b);
- } else if (cmp_res < 0) {
- r_neg = b->neg;
- ret = BN_usub(r, b, a);
- } else {
- r_neg = 0;
- BN_zero(r);
- ret = 1;
- }
+
+int
+BN_add (BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+ int ret, r_neg, cmp_res;
+
+ bn_check_top (a);
+ bn_check_top (b);
+
+ if (a->neg == b->neg)
+ {
+ r_neg = a->neg;
+ ret = BN_uadd (r, a, b);
+ }
+ else
+ {
+ cmp_res = BN_ucmp (a, b);
+ if (cmp_res > 0)
+ {
+ r_neg = a->neg;
+ ret = BN_usub (r, a, b);
+ }
+ else if (cmp_res < 0)
+ {
+ r_neg = b->neg;
+ ret = BN_usub (r, b, a);
}
+ else
+ {
+ r_neg = 0;
+ BN_zero (r);
+ ret = 1;
+ }
+ }
- r->neg = r_neg;
- bn_check_top(r);
- return ret;
+ r->neg = r_neg;
+ bn_check_top (r);
+ return ret;
}
-int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+
+int
+BN_nnmod (BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
{
- /*
- * like BN_mod, but returns non-negative remainder (i.e., 0 <= r < |d|
- * always holds)
- */
+ /*
+ * like BN_mod, but returns non-negative remainder (i.e., 0 <= r < |d|
+ * always holds)
+ */
- if (!(BN_mod(r, m, d, ctx)))
- return 0;
- if (!r->neg)
- return 1;
- /* now -|d| < r < 0, so we have to set r := r + |d| */
- return (d->neg ? BN_sub : BN_add) (r, r, d);
+ if (! (BN_mod (r, m, d, ctx)))
+ return 0;
+ if (! r->neg)
+ return 1;
+ /* now -|d| < r < 0, so we have to set r := r + |d| */
+ return (d->neg ? BN_sub : BN_add)(r, r, d);
}
-BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
+
+BIGNUM *
+BN_copy (BIGNUM *a, const BIGNUM *b)
{
- int bn_words;
+ int bn_words;
- bn_check_top(b);
+ bn_check_top (b);
- bn_words = BN_get_flags(b, BN_FLG_CONSTTIME) ? b->dmax : b->top;
+ bn_words = BN_get_flags (b, BN_FLG_CONSTTIME) ? b->dmax : b->top;
- if (a == b)
- return a;
- if (bn_wexpand(a, bn_words) == NULL)
- return NULL;
+ if (a == b)
+ return a;
+ if (bn_wexpand (a, bn_words) == NULL)
+ return NULL;
- if (b->top > 0)
- memcpy(a->d, b->d, sizeof(b->d[0]) * bn_words);
+ if (b->top > 0)
+ memcpy (a->d, b->d, sizeof(b->d[0]) * bn_words);
- a->neg = b->neg;
- a->top = b->top;
- a->flags |= b->flags & BN_FLG_FIXED_TOP;
- bn_check_top(a);
- return a;
+ a->neg = b->neg;
+ a->top = b->top;
+ a->flags |= b->flags & BN_FLG_FIXED_TOP;
+ bn_check_top (a);
+ return a;
}
-static int bn_left_align(BIGNUM *num)
+
+static int
+bn_left_align (BIGNUM *num)
{
- BN_ULONG *d = num->d, n, m, rmask;
- int top = num->top;
- int rshift = BN_num_bits_word(d[top - 1]), lshift, i;
+ BN_ULONG *d = num->d, n, m, rmask;
+ int top = num->top;
+ int rshift = BN_num_bits_word (d[top - 1]), lshift, i;
- lshift = BN_BITS2 - rshift;
- rshift %= BN_BITS2; /* say no to undefined behaviour */
- rmask = (BN_ULONG)0 - rshift; /* rmask = 0 - (rshift != 0) */
- rmask |= rmask >> 8;
+ lshift = BN_BITS2 - rshift;
+ rshift %= BN_BITS2; /* say no to undefined behaviour */
+ rmask = (BN_ULONG) 0 - rshift; /* rmask = 0 - (rshift != 0) */
+ rmask |= rmask >> 8;
- for (i = 0, m = 0; i < top; i++) {
- n = d[i];
- d[i] = ((n << lshift) | m) & BN_MASK2;
- m = (n >> rshift) & rmask;
- }
+ for (i = 0, m = 0; i < top; i++)
+ {
+ n = d[i];
+ d[i] = ((n << lshift) | m) & BN_MASK2;
+ m = (n >> rshift) & rmask;
+ }
- return lshift;
+ return lshift;
}
+
/*
* In respect to shift factor the execution time is invariant of
* |n % BN_BITS2|, but not |n / BN_BITS2|. Or in other words pre-condition
* for constant-time-ness is |n < BN_BITS2| or |n / BN_BITS2| being
* non-secret.
*/
-int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n)
-{
- int i, nw;
- unsigned int lb, rb;
- BN_ULONG *t, *f;
- BN_ULONG l, m, rmask = 0;
-
- assert(n >= 0);
-
- bn_check_top(r);
- bn_check_top(a);
-
- nw = n / BN_BITS2;
- if (bn_wexpand(r, a->top + nw + 1) == NULL)
- return 0;
-
- if (a->top != 0) {
- lb = (unsigned int)n % BN_BITS2;
- rb = BN_BITS2 - lb;
- rb %= BN_BITS2; /* say no to undefined behaviour */
- rmask = (BN_ULONG)0 - rb; /* rmask = 0 - (rb != 0) */
- rmask |= rmask >> 8;
- f = &(a->d[0]);
- t = &(r->d[nw]);
- l = f[a->top - 1];
- t[a->top] = (l >> rb) & rmask;
- for (i = a->top - 1; i > 0; i--) {
- m = l << lb;
- l = f[i - 1];
- t[i] = (m | ((l >> rb) & rmask)) & BN_MASK2;
- }
- t[0] = (l << lb) & BN_MASK2;
- } else {
- /* shouldn't happen, but formally required */
- r->d[nw] = 0;
+int
+bn_lshift_fixed_top (BIGNUM *r, const BIGNUM *a, int n)
+{
+ int i, nw;
+ unsigned int lb, rb;
+ BN_ULONG *t, *f;
+ BN_ULONG l, m, rmask = 0;
+
+ assert (n >= 0);
+
+ bn_check_top (r);
+ bn_check_top (a);
+
+ nw = n / BN_BITS2;
+ if (bn_wexpand (r, a->top + nw + 1) == NULL)
+ return 0;
+
+ if (a->top != 0)
+ {
+ lb = (unsigned int) n % BN_BITS2;
+ rb = BN_BITS2 - lb;
+ rb %= BN_BITS2; /* say no to undefined behaviour */
+ rmask = (BN_ULONG) 0 - rb; /* rmask = 0 - (rb != 0) */
+ rmask |= rmask >> 8;
+ f = &(a->d[0]);
+ t = &(r->d[nw]);
+ l = f[a->top - 1];
+ t[a->top] = (l >> rb) & rmask;
+ for (i = a->top - 1; i > 0; i--)
+ {
+ m = l << lb;
+ l = f[i - 1];
+ t[i] = (m | ((l >> rb) & rmask)) & BN_MASK2;
}
- if (nw != 0)
- memset(r->d, 0, sizeof(*t) * nw);
+ t[0] = (l << lb) & BN_MASK2;
+ }
+ else
+ {
+ /* shouldn't happen, but formally required */
+ r->d[nw] = 0;
+ }
+ if (nw != 0)
+ memset (r->d, 0, sizeof(*t) * nw);
- r->neg = a->neg;
- r->top = a->top + nw + 1;
- r->flags |= BN_FLG_FIXED_TOP;
+ r->neg = a->neg;
+ r->top = a->top + nw + 1;
+ r->flags |= BN_FLG_FIXED_TOP;
- return 1;
+ return 1;
}
+
#if defined(BN_LLONG) && defined(BN_DIV2W)
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+BN_ULONG
+bn_div_words (BN_ULONG h, BN_ULONG l, BN_ULONG d)
{
- return ((BN_ULONG)(((((BN_ULLONG) h) << BN_BITS2) | l) / (BN_ULLONG) d));
+ return ((BN_ULONG) (((((BN_ULLONG) h) << BN_BITS2) | l) / (BN_ULLONG) d));
}
+
#else
/* Divide h,l by d and return the result. */
/* I need to test this some more :-( */
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
-{
- BN_ULONG dh, dl, q, ret = 0, th, tl, t;
- int i, count = 2;
-
- if (d == 0)
- return BN_MASK2;
-
- i = BN_num_bits_word(d);
- assert((i == BN_BITS2) || (h <= (BN_ULONG)1 << i));
-
- i = BN_BITS2 - i;
- if (h >= d)
- h -= d;
+BN_ULONG
+bn_div_words (BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{
+ BN_ULONG dh, dl, q, ret = 0, th, tl, t;
+ int i, count = 2;
+
+ if (d == 0)
+ return BN_MASK2;
+
+ i = BN_num_bits_word (d);
+ assert ((i == BN_BITS2) || (h <= (BN_ULONG) 1 << i));
+
+ i = BN_BITS2 - i;
+ if (h >= d)
+ h -= d;
+
+ if (i)
+ {
+ d <<= i;
+ h = (h << i) | (l >> (BN_BITS2 - i));
+ l <<= i;
+ }
+ dh = (d & BN_MASK2h) >> BN_BITS4;
+ dl = (d & BN_MASK2l);
+ for (;;)
+ {
+ if ((h >> BN_BITS4) == dh)
+ q = BN_MASK2l;
+ else
+ q = h / dh;
- if (i) {
- d <<= i;
- h = (h << i) | (l >> (BN_BITS2 - i));
- l <<= i;
+ th = q * dh;
+ tl = dl * q;
+ for (;;)
+ {
+ t = h - th;
+ if ((t & BN_MASK2h) ||
+ ((tl) <= ((t << BN_BITS4) | ((l & BN_MASK2h) >> BN_BITS4))))
+ break;
+ q--;
+ th -= dh;
+ tl -= dl;
+ }
+ t = (tl >> BN_BITS4);
+ tl = (tl << BN_BITS4) & BN_MASK2h;
+ th += t;
+
+ if (l < tl)
+ th++;
+ l -= tl;
+ if (h < th)
+ {
+ h += d;
+ q--;
}
- dh = (d & BN_MASK2h) >> BN_BITS4;
- dl = (d & BN_MASK2l);
- for (;;) {
- if ((h >> BN_BITS4) == dh)
- q = BN_MASK2l;
- else
- q = h / dh;
-
- th = q * dh;
- tl = dl * q;
- for (;;) {
- t = h - th;
- if ((t & BN_MASK2h) ||
- ((tl) <= ((t << BN_BITS4) | ((l & BN_MASK2h) >> BN_BITS4))))
- break;
- q--;
- th -= dh;
- tl -= dl;
- }
- t = (tl >> BN_BITS4);
- tl = (tl << BN_BITS4) & BN_MASK2h;
- th += t;
-
- if (l < tl)
- th++;
- l -= tl;
- if (h < th) {
- h += d;
- q--;
- }
- h -= th;
+ h -= th;
- if (--count == 0)
- break;
+ if (--count == 0)
+ break;
- ret = q << BN_BITS4;
- h = ((h << BN_BITS4) | (l >> BN_BITS4)) & BN_MASK2;
- l = (l & BN_MASK2l) << BN_BITS4;
- }
- ret |= q;
- return ret;
+ ret = q << BN_BITS4;
+ h = ((h << BN_BITS4) | (l >> BN_BITS4)) & BN_MASK2;
+ l = (l & BN_MASK2l) << BN_BITS4;
+ }
+ ret |= q;
+ return ret;
}
-#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
+#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+BN_ULONG
+bn_mul_words (BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
{
- BN_ULONG carry = 0;
- BN_ULONG bl, bh;
+ BN_ULONG carry = 0;
+ BN_ULONG bl, bh;
- assert(num >= 0);
- if (num <= 0)
- return (BN_ULONG)0;
+ assert (num >= 0);
+ if (num <= 0)
+ return (BN_ULONG) 0;
- bl = LBITS(w);
- bh = HBITS(w);
+ bl = LBITS (w);
+ bh = HBITS (w);
# ifndef OPENSSL_SMALL_FOOTPRINT
- while (num & ~3) {
- mul(rp[0], ap[0], bl, bh, carry);
- mul(rp[1], ap[1], bl, bh, carry);
- mul(rp[2], ap[2], bl, bh, carry);
- mul(rp[3], ap[3], bl, bh, carry);
- ap += 4;
- rp += 4;
- num -= 4;
- }
+ while (num & ~3)
+ {
+ mul (rp[0], ap[0], bl, bh, carry);
+ mul (rp[1], ap[1], bl, bh, carry);
+ mul (rp[2], ap[2], bl, bh, carry);
+ mul (rp[3], ap[3], bl, bh, carry);
+ ap += 4;
+ rp += 4;
+ num -= 4;
+ }
# endif
- while (num) {
- mul(rp[0], ap[0], bl, bh, carry);
- ap++;
- rp++;
- num--;
- }
- return carry;
+ while (num)
+ {
+ mul (rp[0], ap[0], bl, bh, carry);
+ ap++;
+ rp++;
+ num--;
+ }
+ return carry;
}
-void BN_CTX_end(BN_CTX *ctx)
+
+void
+BN_CTX_end (BN_CTX *ctx)
{
- if (ctx == NULL)
- return;
+ if (ctx == NULL)
+ return;
// CTXDBG("ENTER BN_CTX_end()", ctx);
- if (ctx->err_stack)
- ctx->err_stack--;
- else {
- unsigned int fp = BN_STACK_pop(&ctx->stack);
- /* Does this stack frame have anything to release? */
- if (fp < ctx->used)
- BN_POOL_release(&ctx->pool, ctx->used - fp);
- ctx->used = fp;
- /* Unjam "too_many" in case "get" had failed */
- ctx->too_many = 0;
- }
+ if (ctx->err_stack)
+ ctx->err_stack--;
+ else
+ {
+ unsigned int fp = BN_STACK_pop (&ctx->stack);
+ /* Does this stack frame have anything to release? */
+ if (fp < ctx->used)
+ BN_POOL_release (&ctx->pool, ctx->used - fp);
+ ctx->used = fp;
+ /* Unjam "too_many" in case "get" had failed */
+ ctx->too_many = 0;
+ }
// CTXDBG("LEAVE BN_CTX_end()", ctx);
}
-int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n)
+
+int
+bn_rshift_fixed_top (BIGNUM *r, const BIGNUM *a, int n)
{
- int i, top, nw;
- unsigned int lb, rb;
- BN_ULONG *t, *f;
- BN_ULONG l, m, mask;
+ int i, top, nw;
+ unsigned int lb, rb;
+ BN_ULONG *t, *f;
+ BN_ULONG l, m, mask;
- bn_check_top(r);
- bn_check_top(a);
+ bn_check_top (r);
+ bn_check_top (a);
- assert(n >= 0);
+ assert (n >= 0);
- nw = n / BN_BITS2;
- if (nw >= a->top) {
- /* shouldn't happen, but formally required */
- BN_zero(r);
- return 1;
- }
+ nw = n / BN_BITS2;
+ if (nw >= a->top)
+ {
+ /* shouldn't happen, but formally required */
+ BN_zero (r);
+ return 1;
+ }
+
+ rb = (unsigned int) n % BN_BITS2;
+ lb = BN_BITS2 - rb;
+ lb %= BN_BITS2; /* say no to undefined behaviour */
+ mask = (BN_ULONG) 0 - lb; /* mask = 0 - (lb != 0) */
+ mask |= mask >> 8;
+ top = a->top - nw;
+ if (r != a && bn_wexpand (r, top) == NULL)
+ return 0;
- rb = (unsigned int)n % BN_BITS2;
- lb = BN_BITS2 - rb;
- lb %= BN_BITS2; /* say no to undefined behaviour */
- mask = (BN_ULONG)0 - lb; /* mask = 0 - (lb != 0) */
- mask |= mask >> 8;
- top = a->top - nw;
- if (r != a && bn_wexpand(r, top) == NULL)
- return 0;
-
- t = &(r->d[0]);
- f = &(a->d[nw]);
- l = f[0];
- for (i = 0; i < top - 1; i++) {
- m = f[i + 1];
- t[i] = (l >> rb) | ((m << lb) & mask);
- l = m;
- }
- t[i] = l >> rb;
+ t = &(r->d[0]);
+ f = &(a->d[nw]);
+ l = f[0];
+ for (i = 0; i < top - 1; i++)
+ {
+ m = f[i + 1];
+ t[i] = (l >> rb) | ((m << lb) & mask);
+ l = m;
+ }
+ t[i] = l >> rb;
- r->neg = a->neg;
- r->top = top;
- r->flags |= BN_FLG_FIXED_TOP;
+ r->neg = a->neg;
+ r->top = top;
+ r->flags |= BN_FLG_FIXED_TOP;
- return 1;
+ return 1;
}
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
- BN_ULONG w)
+
+BN_ULONG
+bn_mul_add_words (BN_ULONG *rp, const BN_ULONG *ap, int num,
+ BN_ULONG w)
{
- BN_ULONG c = 0;
- BN_ULONG bl, bh;
+ BN_ULONG c = 0;
+ BN_ULONG bl, bh;
- assert(num >= 0);
- if (num <= 0)
- return (BN_ULONG)0;
+ assert (num >= 0);
+ if (num <= 0)
+ return (BN_ULONG) 0;
- bl = LBITS(w);
- bh = HBITS(w);
+ bl = LBITS (w);
+ bh = HBITS (w);
# ifndef OPENSSL_SMALL_FOOTPRINT
- while (num & ~3) {
- mul_add(rp[0], ap[0], bl, bh, c);
- mul_add(rp[1], ap[1], bl, bh, c);
- mul_add(rp[2], ap[2], bl, bh, c);
- mul_add(rp[3], ap[3], bl, bh, c);
- ap += 4;
- rp += 4;
- num -= 4;
- }
+ while (num & ~3)
+ {
+ mul_add (rp[0], ap[0], bl, bh, c);
+ mul_add (rp[1], ap[1], bl, bh, c);
+ mul_add (rp[2], ap[2], bl, bh, c);
+ mul_add (rp[3], ap[3], bl, bh, c);
+ ap += 4;
+ rp += 4;
+ num -= 4;
+ }
# endif
- while (num) {
- mul_add(rp[0], ap[0], bl, bh, c);
- ap++;
- rp++;
- num--;
- }
- return c;
+ while (num)
+ {
+ mul_add (rp[0], ap[0], bl, bh, c);
+ ap++;
+ rp++;
+ num--;
+ }
+ return c;
}
-
/*
* It's argued that *length* of *significant* part of divisor is public.
* Even if it's private modulus that is. Again, *length* is assumed
@@ -1021,2067 +1132,2319 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
* if so required, which shouldn't be a privacy problem, because
* divisor's length is considered public;
*/
-int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
- const BIGNUM *divisor, BN_CTX *ctx)
-{
- int norm_shift, i, j, loop;
- BIGNUM *tmp, *snum, *sdiv, *res;
- BN_ULONG *resp, *wnum, *wnumtop;
- BN_ULONG d0, d1;
- int num_n, div_n, num_neg;
-
- assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0);
-
- bn_check_top(num);
- bn_check_top(divisor);
- bn_check_top(dv);
- bn_check_top(rm);
-
- BN_CTX_start(ctx);
- res = (dv == NULL) ? BN_CTX_get(ctx) : dv;
- tmp = BN_CTX_get(ctx);
- snum = BN_CTX_get(ctx);
- sdiv = BN_CTX_get(ctx);
- if (sdiv == NULL)
- goto err;
-
- /* First we normalise the numbers */
- if (!BN_copy(sdiv, divisor))
- goto err;
- norm_shift = bn_left_align(sdiv);
- sdiv->neg = 0;
- /*
- * Note that bn_lshift_fixed_top's output is always one limb longer
- * than input, even when norm_shift is zero. This means that amount of
- * inner loop iterations is invariant of dividend value, and that one
- * doesn't need to compare dividend and divisor if they were originally
- * of the same bit length.
- */
- if (!(bn_lshift_fixed_top(snum, num, norm_shift)))
- goto err;
-
- div_n = sdiv->top;
- num_n = snum->top;
-
- if (num_n <= div_n) {
- /* caller didn't pad dividend -> no constant-time guarantee... */
- if (bn_wexpand(snum, div_n + 1) == NULL)
- goto err;
- memset(&(snum->d[num_n]), 0, (div_n - num_n + 1) * sizeof(BN_ULONG));
- snum->top = num_n = div_n + 1;
- }
-
- loop = num_n - div_n;
+int
+bn_div_fixed_top (BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
+ const BIGNUM *divisor, BN_CTX *ctx)
+{
+ int norm_shift, i, j, loop;
+ BIGNUM *tmp, *snum, *sdiv, *res;
+ BN_ULONG *resp, *wnum, *wnumtop;
+ BN_ULONG d0, d1;
+ int num_n, div_n, num_neg;
+
+ assert (divisor->top > 0 && divisor->d[divisor->top - 1] != 0);
+
+ bn_check_top (num);
+ bn_check_top (divisor);
+ bn_check_top (dv);
+ bn_check_top (rm);
+
+ BN_CTX_start (ctx);
+ res = (dv == NULL) ? BN_CTX_get (ctx) : dv;
+ tmp = BN_CTX_get (ctx);
+ snum = BN_CTX_get (ctx);
+ sdiv = BN_CTX_get (ctx);
+ if (sdiv == NULL)
+ goto err;
+
+ /* First we normalise the numbers */
+ if (! BN_copy (sdiv, divisor))
+ goto err;
+ norm_shift = bn_left_align (sdiv);
+ sdiv->neg = 0;
+ /*
+ * Note that bn_lshift_fixed_top's output is always one limb longer
+ * than input, even when norm_shift is zero. This means that amount of
+ * inner loop iterations is invariant of dividend value, and that one
+ * doesn't need to compare dividend and divisor if they were originally
+ * of the same bit length.
+ */
+ if (! (bn_lshift_fixed_top (snum, num, norm_shift)))
+ goto err;
+
+ div_n = sdiv->top;
+ num_n = snum->top;
+
+ if (num_n <= div_n)
+ {
+ /* caller didn't pad dividend -> no constant-time guarantee... */
+ if (bn_wexpand (snum, div_n + 1) == NULL)
+ goto err;
+ memset (&(snum->d[num_n]), 0, (div_n - num_n + 1) * sizeof(BN_ULONG));
+ snum->top = num_n = div_n + 1;
+ }
+
+ loop = num_n - div_n;
+ /*
+ * Lets setup a 'window' into snum This is the part that corresponds to
+ * the current 'area' being divided
+ */
+ wnum = &(snum->d[loop]);
+ wnumtop = &(snum->d[num_n - 1]);
+
+ /* Get the top 2 words of sdiv */
+ d0 = sdiv->d[div_n - 1];
+ d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2];
+
+ /* Setup quotient */
+ if (! bn_wexpand (res, loop))
+ goto err;
+ num_neg = num->neg;
+ res->neg = (num_neg ^ divisor->neg);
+ res->top = loop;
+ res->flags |= BN_FLG_FIXED_TOP;
+ resp = &(res->d[loop]);
+
+ /* space for temp */
+ if (! bn_wexpand (tmp, (div_n + 1)))
+ goto err;
+
+ for (i = 0; i < loop; i++, wnumtop--)
+ {
+ BN_ULONG q, l0;
/*
- * Lets setup a 'window' into snum This is the part that corresponds to
- * the current 'area' being divided
+ * the first part of the loop uses the top two words of snum and sdiv
+ * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv
*/
- wnum = &(snum->d[loop]);
- wnumtop = &(snum->d[num_n - 1]);
-
- /* Get the top 2 words of sdiv */
- d0 = sdiv->d[div_n - 1];
- d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2];
-
- /* Setup quotient */
- if (!bn_wexpand(res, loop))
- goto err;
- num_neg = num->neg;
- res->neg = (num_neg ^ divisor->neg);
- res->top = loop;
- res->flags |= BN_FLG_FIXED_TOP;
- resp = &(res->d[loop]);
-
- /* space for temp */
- if (!bn_wexpand(tmp, (div_n + 1)))
- goto err;
-
- for (i = 0; i < loop; i++, wnumtop--) {
- BN_ULONG q, l0;
- /*
- * the first part of the loop uses the top two words of snum and sdiv
- * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv
- */
# if defined(BN_DIV3W)
- q = bn_div_3_words(wnumtop, d1, d0);
+ q = bn_div_3_words (wnumtop, d1, d0);
# else
- BN_ULONG n0, n1, rem = 0;
-
- n0 = wnumtop[0];
- n1 = wnumtop[-1];
- if (n0 == d0)
- q = BN_MASK2;
- else { /* n0 < d0 */
- BN_ULONG n2 = (wnumtop == wnum) ? 0 : wnumtop[-2];
+ BN_ULONG n0, n1, rem = 0;
+
+ n0 = wnumtop[0];
+ n1 = wnumtop[-1];
+ if (n0 == d0)
+ q = BN_MASK2;
+ else /* n0 < d0 */
+ {
+ BN_ULONG n2 = (wnumtop == wnum) ? 0 : wnumtop[-2];
# ifdef BN_LLONG
- BN_ULLONG t2;
+ BN_ULLONG t2;
-# if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
- q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0);
+# if defined(BN_LLONG) && defined(BN_DIV2W) && ! defined(bn_div_words)
+ q = (BN_ULONG) (((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0);
# else
- q = bn_div_words(n0, n1, d0);
+ q = bn_div_words (n0, n1, d0);
# endif
# ifndef REMAINDER_IS_ALREADY_CALCULATED
- /*
- * rem doesn't have to be BN_ULLONG. The least we
- * know it's less that d0, isn't it?
- */
- rem = (n1 - q * d0) & BN_MASK2;
+ /*
+ * rem doesn't have to be BN_ULLONG. The least we
+ * know it's less that d0, isn't it?
+ */
+ rem = (n1 - q * d0) & BN_MASK2;
# endif
- t2 = (BN_ULLONG) d1 *q;
-
- for (;;) {
- if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | n2))
- break;
- q--;
- rem += d0;
- if (rem < d0)
- break; /* don't let rem overflow */
- t2 -= d1;
- }
+ t2 = (BN_ULLONG) d1 * q;
+
+ for (;;)
+ {
+ if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | n2))
+ break;
+ q--;
+ rem += d0;
+ if (rem < d0)
+ break; /* don't let rem overflow */
+ t2 -= d1;
+ }
# else /* !BN_LLONG */
- BN_ULONG t2l, t2h;
+ BN_ULONG t2l, t2h;
- q = bn_div_words(n0, n1, d0);
+ q = bn_div_words (n0, n1, d0);
# ifndef REMAINDER_IS_ALREADY_CALCULATED
- rem = (n1 - q * d0) & BN_MASK2;
+ rem = (n1 - q * d0) & BN_MASK2;
# endif
# if defined(BN_UMULT_LOHI)
- BN_UMULT_LOHI(t2l, t2h, d1, q);
+ BN_UMULT_LOHI (t2l, t2h, d1, q);
# elif defined(BN_UMULT_HIGH)
- t2l = d1 * q;
- t2h = BN_UMULT_HIGH(d1, q);
+ t2l = d1 * q;
+ t2h = BN_UMULT_HIGH (d1, q);
# else
- {
- BN_ULONG ql, qh;
- t2l = LBITS(d1);
- t2h = HBITS(d1);
- ql = LBITS(q);
- qh = HBITS(q);
- mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */
- }
+ {
+ BN_ULONG ql, qh;
+ t2l = LBITS (d1);
+ t2h = HBITS (d1);
+ ql = LBITS (q);
+ qh = HBITS (q);
+ mul64 (t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */
+ }
# endif
- for (;;) {
- if ((t2h < rem) || ((t2h == rem) && (t2l <= n2)))
- break;
- q--;
- rem += d0;
- if (rem < d0)
- break; /* don't let rem overflow */
- if (t2l < d1)
- t2h--;
- t2l -= d1;
- }
+ for (;;)
+ {
+ if ((t2h < rem) || ((t2h == rem) && (t2l <= n2)))
+ break;
+ q--;
+ rem += d0;
+ if (rem < d0)
+ break; /* don't let rem overflow */
+ if (t2l < d1)
+ t2h--;
+ t2l -= d1;
+ }
# endif /* !BN_LLONG */
- }
-# endif /* !BN_DIV3W */
-
- l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q);
- tmp->d[div_n] = l0;
- wnum--;
- /*
- * ignore top values of the bignums just sub the two BN_ULONG arrays
- * with bn_sub_words
- */
- l0 = bn_sub_words(wnum, wnum, tmp->d, div_n + 1);
- q -= l0;
- /*
- * Note: As we have considered only the leading two BN_ULONGs in
- * the calculation of q, sdiv * q might be greater than wnum (but
- * then (q-1) * sdiv is less or equal than wnum)
- */
- for (l0 = 0 - l0, j = 0; j < div_n; j++)
- tmp->d[j] = sdiv->d[j] & l0;
- l0 = bn_add_words(wnum, wnum, tmp->d, div_n);
- (*wnumtop) += l0;
- assert((*wnumtop) == 0);
-
- /* store part of the result */
- *--resp = q;
- }
- /* snum holds remainder, it's as wide as divisor */
- snum->neg = num_neg;
- snum->top = div_n;
- snum->flags |= BN_FLG_FIXED_TOP;
-
- if (rm != NULL && bn_rshift_fixed_top(rm, snum, norm_shift) == 0)
- goto err;
-
- BN_CTX_end(ctx);
- return 1;
- err:
- bn_check_top(rm);
- BN_CTX_end(ctx);
- return 0;
-}
-
-void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
-{
- BN_ULONG *rr;
-
- if (na < nb) {
- int itmp;
- BN_ULONG *ltmp;
-
- itmp = na;
- na = nb;
- nb = itmp;
- ltmp = a;
- a = b;
- b = ltmp;
-
- }
- rr = &(r[na]);
- if (nb <= 0) {
- (void)bn_mul_words(r, a, na, 0);
- return;
- } else
- rr[0] = bn_mul_words(r, a, na, b[0]);
-
- for (;;) {
- if (--nb <= 0)
- return;
- rr[1] = bn_mul_add_words(&(r[1]), a, na, b[1]);
- if (--nb <= 0)
- return;
- rr[2] = bn_mul_add_words(&(r[2]), a, na, b[2]);
- if (--nb <= 0)
- return;
- rr[3] = bn_mul_add_words(&(r[3]), a, na, b[3]);
- if (--nb <= 0)
- return;
- rr[4] = bn_mul_add_words(&(r[4]), a, na, b[4]);
- rr += 4;
- r += 4;
- b += 4;
}
-}
+# endif /* !BN_DIV3W */
-int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-{
- int ret = 0;
- int top, al, bl;
- BIGNUM *rr;
+ l0 = bn_mul_words (tmp->d, sdiv->d, div_n, q);
+ tmp->d[div_n] = l0;
+ wnum--;
+ /*
+ * ignore top values of the bignums just sub the two BN_ULONG arrays
+ * with bn_sub_words
+ */
+ l0 = bn_sub_words (wnum, wnum, tmp->d, div_n + 1);
+ q -= l0;
+ /*
+ * Note: As we have considered only the leading two BN_ULONGs in
+ * the calculation of q, sdiv * q might be greater than wnum (but
+ * then (q-1) * sdiv is less or equal than wnum)
+ */
+ for (l0 = 0 - l0, j = 0; j < div_n; j++)
+ tmp->d[j] = sdiv->d[j] & l0;
+ l0 = bn_add_words (wnum, wnum, tmp->d, div_n);
+ (*wnumtop) += l0;
+ assert ((*wnumtop) == 0);
+
+ /* store part of the result */
+ *--resp = q;
+ }
+ /* snum holds remainder, it's as wide as divisor */
+ snum->neg = num_neg;
+ snum->top = div_n;
+ snum->flags |= BN_FLG_FIXED_TOP;
+
+ if (rm != NULL && bn_rshift_fixed_top (rm, snum, norm_shift) == 0)
+ goto err;
+
+ BN_CTX_end (ctx);
+ return 1;
+err:
+ bn_check_top (rm);
+ BN_CTX_end (ctx);
+ return 0;
+}
+
+
+void
+bn_mul_normal (BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
+{
+ BN_ULONG *rr;
+
+ if (na < nb)
+ {
+ int itmp;
+ BN_ULONG *ltmp;
+
+ itmp = na;
+ na = nb;
+ nb = itmp;
+ ltmp = a;
+ a = b;
+ b = ltmp;
+
+ }
+ rr = &(r[na]);
+ if (nb <= 0)
+ {
+ (void) bn_mul_words (r, a, na, 0);
+ return;
+ }
+ else
+ rr[0] = bn_mul_words (r, a, na, b[0]);
+
+ for (;;)
+ {
+ if (--nb <= 0)
+ return;
+ rr[1] = bn_mul_add_words (&(r[1]), a, na, b[1]);
+ if (--nb <= 0)
+ return;
+ rr[2] = bn_mul_add_words (&(r[2]), a, na, b[2]);
+ if (--nb <= 0)
+ return;
+ rr[3] = bn_mul_add_words (&(r[3]), a, na, b[3]);
+ if (--nb <= 0)
+ return;
+ rr[4] = bn_mul_add_words (&(r[4]), a, na, b[4]);
+ rr += 4;
+ r += 4;
+ b += 4;
+ }
+}
+
+
+int
+bn_mul_fixed_top (BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+ int ret = 0;
+ int top, al, bl;
+ BIGNUM *rr;
#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
- int i;
+ int i;
#endif
#ifdef BN_RECURSION
- BIGNUM *t = NULL;
- int j = 0, k;
+ BIGNUM *t = NULL;
+ int j = 0, k;
#endif
- bn_check_top(a);
- bn_check_top(b);
- bn_check_top(r);
+ bn_check_top (a);
+ bn_check_top (b);
+ bn_check_top (r);
- al = a->top;
- bl = b->top;
+ al = a->top;
+ bl = b->top;
- if ((al == 0) || (bl == 0)) {
- BN_zero(r);
- return 1;
- }
- top = al + bl;
-
- BN_CTX_start(ctx);
- if ((r == a) || (r == b)) {
- if ((rr = BN_CTX_get(ctx)) == NULL)
- goto err;
- } else
- rr = r;
+ if ((al == 0) || (bl == 0))
+ {
+ BN_zero (r);
+ return 1;
+ }
+ top = al + bl;
+
+ BN_CTX_start (ctx);
+ if ((r == a) || (r == b))
+ {
+ if ((rr = BN_CTX_get (ctx)) == NULL)
+ goto err;
+ }
+ else
+ rr = r;
#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
- i = al - bl;
+ i = al - bl;
#endif
#ifdef BN_MUL_COMBA
- if (i == 0) {
+ if (i == 0)
+ {
# if 0
- if (al == 4) {
- if (bn_wexpand(rr, 8) == NULL)
- goto err;
- rr->top = 8;
- bn_mul_comba4(rr->d, a->d, b->d);
- goto end;
- }
+ if (al == 4)
+ {
+ if (bn_wexpand (rr, 8) == NULL)
+ goto err;
+ rr->top = 8;
+ bn_mul_comba4 (rr->d, a->d, b->d);
+ goto end;
+ }
# endif
- if (al == 8) {
- if (bn_wexpand(rr, 16) == NULL)
- goto err;
- rr->top = 16;
- bn_mul_comba8(rr->d, a->d, b->d);
- goto end;
- }
+ if (al == 8)
+ {
+ if (bn_wexpand (rr, 16) == NULL)
+ goto err;
+ rr->top = 16;
+ bn_mul_comba8 (rr->d, a->d, b->d);
+ goto end;
}
+ }
#endif /* BN_MUL_COMBA */
#ifdef BN_RECURSION
- if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) {
- if (i >= -1 && i <= 1) {
- /*
- * Find out the power of two lower or equal to the longest of the
- * two numbers
- */
- if (i >= 0) {
- j = BN_num_bits_word((BN_ULONG)al);
- }
- if (i == -1) {
- j = BN_num_bits_word((BN_ULONG)bl);
- }
- j = 1 << (j - 1);
- assert(j <= al || j <= bl);
- k = j + j;
- t = BN_CTX_get(ctx);
- if (t == NULL)
- goto err;
- if (al > j || bl > j) {
- if (bn_wexpand(t, k * 4) == NULL)
- goto err;
- if (bn_wexpand(rr, k * 4) == NULL)
- goto err;
- bn_mul_part_recursive(rr->d, a->d, b->d,
- j, al - j, bl - j, t->d);
- } else { /* al <= j || bl <= j */
-
- if (bn_wexpand(t, k * 2) == NULL)
- goto err;
- if (bn_wexpand(rr, k * 2) == NULL)
- goto err;
- bn_mul_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d);
- }
- rr->top = top;
- goto end;
- }
- }
-#endif /* BN_RECURSION */
- if (bn_wexpand(rr, top) == NULL)
+ if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL))
+ {
+ if (i >= -1 && i <= 1)
+ {
+ /*
+ * Find out the power of two lower or equal to the longest of the
+ * two numbers
+ */
+ if (i >= 0)
+ {
+ j = BN_num_bits_word ((BN_ULONG) al);
+ }
+ if (i == -1)
+ {
+ j = BN_num_bits_word ((BN_ULONG) bl);
+ }
+ j = 1 << (j - 1);
+ assert (j <= al || j <= bl);
+ k = j + j;
+ t = BN_CTX_get (ctx);
+ if (t == NULL)
goto err;
- rr->top = top;
- bn_mul_normal(rr->d, a->d, al, b->d, bl);
+ if (al > j || bl > j)
+ {
+ if (bn_wexpand (t, k * 4) == NULL)
+ goto err;
+ if (bn_wexpand (rr, k * 4) == NULL)
+ goto err;
+ bn_mul_part_recursive (rr->d, a->d, b->d,
+ j, al - j, bl - j, t->d);
+ }
+ else /* al <= j || bl <= j */
+
+ {
+ if (bn_wexpand (t, k * 2) == NULL)
+ goto err;
+ if (bn_wexpand (rr, k * 2) == NULL)
+ goto err;
+ bn_mul_recursive (rr->d, a->d, b->d, j, al - j, bl - j, t->d);
+ }
+ rr->top = top;
+ goto end;
+ }
+ }
+#endif /* BN_RECURSION */
+ if (bn_wexpand (rr, top) == NULL)
+ goto err;
+ rr->top = top;
+ bn_mul_normal (rr->d, a->d, al, b->d, bl);
#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
- end:
+end:
#endif
- rr->neg = a->neg ^ b->neg;
- rr->flags |= BN_FLG_FIXED_TOP;
- if (r != rr && BN_copy(r, rr) == NULL)
- goto err;
+ rr->neg = a->neg ^ b->neg;
+ rr->flags |= BN_FLG_FIXED_TOP;
+ if (r != rr && BN_copy (r, rr) == NULL)
+ goto err;
- ret = 1;
- err:
- bn_check_top(r);
- BN_CTX_end(ctx);
- return ret;
+ ret = 1;
+err:
+ bn_check_top (r);
+ BN_CTX_end (ctx);
+ return ret;
}
-void bn_correct_top(BIGNUM *a)
+
+void
+bn_correct_top (BIGNUM *a)
{
- BN_ULONG *ftl;
- int tmp_top = a->top;
+ BN_ULONG *ftl;
+ int tmp_top = a->top;
- if (tmp_top > 0) {
- for (ftl = &(a->d[tmp_top]); tmp_top > 0; tmp_top--) {
- ftl--;
- if (*ftl != 0)
- break;
- }
- a->top = tmp_top;
+ if (tmp_top > 0)
+ {
+ for (ftl = &(a->d[tmp_top]); tmp_top > 0; tmp_top--)
+ {
+ ftl--;
+ if (*ftl != 0)
+ break;
}
- if (a->top == 0)
- a->neg = 0;
- a->flags &= ~BN_FLG_FIXED_TOP;
- bn_pollute(a);
+ a->top = tmp_top;
+ }
+ if (a->top == 0)
+ a->neg = 0;
+ a->flags &= ~BN_FLG_FIXED_TOP;
+ bn_pollute (a);
}
-int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
- BN_CTX *ctx)
+
+int
+BN_div (BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+ BN_CTX *ctx)
{
- int ret;
+ int ret;
- if (BN_is_zero(divisor)) {
- // ERR_raise(ERR_LIB_BN, BN_R_DIV_BY_ZERO);
- // return 0;
- assert(0);
- }
+ if (BN_is_zero (divisor))
+ {
+ // ERR_raise(ERR_LIB_BN, BN_R_DIV_BY_ZERO);
+ // return 0;
+ assert (0);
+ }
- /*
- * Invalid zero-padding would have particularly bad consequences so don't
- * just rely on bn_check_top() here (bn_check_top() works only for
- * BN_DEBUG builds)
- */
- if (divisor->d[divisor->top - 1] == 0) {
- // ERR_raise(ERR_LIB_BN, BN_R_NOT_INITIALIZED);
- //return 0;
- assert(0);
- }
+ /*
+ * Invalid zero-padding would have particularly bad consequences so don't
+ * just rely on bn_check_top() here (bn_check_top() works only for
+ * BN_DEBUG builds)
+ */
+ if (divisor->d[divisor->top - 1] == 0)
+ {
+ // ERR_raise(ERR_LIB_BN, BN_R_NOT_INITIALIZED);
+ // return 0;
+ assert (0);
+ }
- ret = bn_div_fixed_top(dv, rm, num, divisor, ctx);
+ ret = bn_div_fixed_top (dv, rm, num, divisor, ctx);
- if (ret) {
- if (dv != NULL)
- bn_correct_top(dv);
- if (rm != NULL)
- bn_correct_top(rm);
- }
+ if (ret)
+ {
+ if (dv != NULL)
+ bn_correct_top (dv);
+ if (rm != NULL)
+ bn_correct_top (rm);
+ }
- return ret;
+ return ret;
}
-
-
-
-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+void
+bn_sqr_words (BN_ULONG *r, const BN_ULONG *a, int n)
{
- assert(n >= 0);
- if (n <= 0)
- return;
+ assert (n >= 0);
+ if (n <= 0)
+ return;
# ifndef OPENSSL_SMALL_FOOTPRINT
- while (n & ~3) {
- sqr64(r[0], r[1], a[0]);
- sqr64(r[2], r[3], a[1]);
- sqr64(r[4], r[5], a[2]);
- sqr64(r[6], r[7], a[3]);
- a += 4;
- r += 8;
- n -= 4;
- }
+ while (n & ~3)
+ {
+ sqr64 (r[0], r[1], a[0]);
+ sqr64 (r[2], r[3], a[1]);
+ sqr64 (r[4], r[5], a[2]);
+ sqr64 (r[6], r[7], a[3]);
+ a += 4;
+ r += 8;
+ n -= 4;
+ }
# endif
- while (n) {
- sqr64(r[0], r[1], a[0]);
- a++;
- r += 2;
- n--;
- }
+ while (n)
+ {
+ sqr64 (r[0], r[1], a[0]);
+ a++;
+ r += 2;
+ n--;
+ }
}
/* tmp must have 2*n words */
-void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
+void
+bn_sqr_normal (BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
{
- int i, j, max;
- const BN_ULONG *ap;
- BN_ULONG *rp;
+ int i, j, max;
+ const BN_ULONG *ap;
+ BN_ULONG *rp;
- max = n * 2;
- ap = a;
- rp = r;
- rp[0] = rp[max - 1] = 0;
- rp++;
- j = n;
+ max = n * 2;
+ ap = a;
+ rp = r;
+ rp[0] = rp[max - 1] = 0;
+ rp++;
+ j = n;
- if (--j > 0) {
- ap++;
- rp[j] = bn_mul_words(rp, ap, j, ap[-1]);
- rp += 2;
- }
+ if (--j > 0)
+ {
+ ap++;
+ rp[j] = bn_mul_words (rp, ap, j, ap[-1]);
+ rp += 2;
+ }
- for (i = n - 2; i > 0; i--) {
- j--;
- ap++;
- rp[j] = bn_mul_add_words(rp, ap, j, ap[-1]);
- rp += 2;
- }
+ for (i = n - 2; i > 0; i--)
+ {
+ j--;
+ ap++;
+ rp[j] = bn_mul_add_words (rp, ap, j, ap[-1]);
+ rp += 2;
+ }
- bn_add_words(r, r, r, max);
+ bn_add_words (r, r, r, max);
- /* There will not be a carry */
+ /* There will not be a carry */
- bn_sqr_words(tmp, a, n);
+ bn_sqr_words (tmp, a, n);
- bn_add_words(r, r, tmp, max);
+ bn_add_words (r, r, tmp, max);
}
-int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+
+int
+bn_sqr_fixed_top (BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
{
- int max, al;
- int ret = 0;
- BIGNUM *tmp, *rr;
+ int max, al;
+ int ret = 0;
+ BIGNUM *tmp, *rr;
- bn_check_top(a);
+ bn_check_top (a);
- al = a->top;
- if (al <= 0) {
- r->top = 0;
- r->neg = 0;
- return 1;
- }
+ al = a->top;
+ if (al <= 0)
+ {
+ r->top = 0;
+ r->neg = 0;
+ return 1;
+ }
- BN_CTX_start(ctx);
- rr = (a != r) ? r : BN_CTX_get(ctx);
- tmp = BN_CTX_get(ctx);
- if (rr == NULL || tmp == NULL)
- goto err;
+ BN_CTX_start (ctx);
+ rr = (a != r) ? r : BN_CTX_get (ctx);
+ tmp = BN_CTX_get (ctx);
+ if (rr == NULL || tmp == NULL)
+ goto err;
- max = 2 * al; /* Non-zero (from above) */
- if (bn_wexpand(rr, max) == NULL)
- goto err;
+ max = 2 * al; /* Non-zero (from above) */
+ if (bn_wexpand (rr, max) == NULL)
+ goto err;
- if (al == 4) {
+ if (al == 4)
+ {
#ifndef BN_SQR_COMBA
- BN_ULONG t[8];
- bn_sqr_normal(rr->d, a->d, 4, t);
+ BN_ULONG t[8];
+ bn_sqr_normal (rr->d, a->d, 4, t);
#else
- bn_sqr_comba4(rr->d, a->d);
+ bn_sqr_comba4 (rr->d, a->d);
#endif
- } else if (al == 8) {
+ }
+ else if (al == 8)
+ {
#ifndef BN_SQR_COMBA
- BN_ULONG t[16];
- bn_sqr_normal(rr->d, a->d, 8, t);
+ BN_ULONG t[16];
+ bn_sqr_normal (rr->d, a->d, 8, t);
#else
- bn_sqr_comba8(rr->d, a->d);
+ bn_sqr_comba8 (rr->d, a->d);
#endif
- } else {
+ }
+ else
+ {
#if defined(BN_RECURSION)
- if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) {
- BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL * 2];
- bn_sqr_normal(rr->d, a->d, al, t);
- } else {
- int j, k;
-
- j = BN_num_bits_word((BN_ULONG)al);
- j = 1 << (j - 1);
- k = j + j;
- if (al == j) {
- if (bn_wexpand(tmp, k * 2) == NULL)
- goto err;
- bn_sqr_recursive(rr->d, a->d, al, tmp->d);
- } else {
- if (bn_wexpand(tmp, max) == NULL)
- goto err;
- bn_sqr_normal(rr->d, a->d, al, tmp->d);
- }
- }
+ if (al < BN_SQR_RECURSIVE_SIZE_NORMAL)
+ {
+ BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL * 2];
+ bn_sqr_normal (rr->d, a->d, al, t);
+ }
+ else
+ {
+ int j, k;
+
+ j = BN_num_bits_word ((BN_ULONG) al);
+ j = 1 << (j - 1);
+ k = j + j;
+ if (al == j)
+ {
+ if (bn_wexpand (tmp, k * 2) == NULL)
+ goto err;
+ bn_sqr_recursive (rr->d, a->d, al, tmp->d);
+ }
+ else
+ {
+ if (bn_wexpand (tmp, max) == NULL)
+ goto err;
+ bn_sqr_normal (rr->d, a->d, al, tmp->d);
+ }
+ }
#else
- if (bn_wexpand(tmp, max) == NULL)
- goto err;
- bn_sqr_normal(rr->d, a->d, al, tmp->d);
+ if (bn_wexpand (tmp, max) == NULL)
+ goto err;
+ bn_sqr_normal (rr->d, a->d, al, tmp->d);
#endif
- }
+ }
- rr->neg = 0;
- rr->top = max;
- rr->flags |= BN_FLG_FIXED_TOP;
- if (r != rr && BN_copy(r, rr) == NULL)
- goto err;
+ rr->neg = 0;
+ rr->top = max;
+ rr->flags |= BN_FLG_FIXED_TOP;
+ if (r != rr && BN_copy (r, rr) == NULL)
+ goto err;
- ret = 1;
- err:
- bn_check_top(rr);
- bn_check_top(tmp);
- BN_CTX_end(ctx);
- return ret;
+ ret = 1;
+err:
+ bn_check_top (rr);
+ bn_check_top (tmp);
+ BN_CTX_end (ctx);
+ return ret;
}
-int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
+
+int
+BN_rshift (BIGNUM *r, const BIGNUM *a, int n)
{
- int ret = 0;
+ int ret = 0;
- if (n < 0) {
- // ERR_raise(ERR_LIB_BN, BN_R_INVALID_SHIFT);
- assert(0);
- //return 0;
- }
+ if (n < 0)
+ {
+ // ERR_raise(ERR_LIB_BN, BN_R_INVALID_SHIFT);
+ assert (0);
+ // return 0;
+ }
- ret = bn_rshift_fixed_top(r, a, n);
+ ret = bn_rshift_fixed_top (r, a, n);
- bn_correct_top(r);
- bn_check_top(r);
+ bn_correct_top (r);
+ bn_check_top (r);
- return ret;
+ return ret;
}
-int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-{
- int ret = bn_mul_fixed_top(r, a, b, ctx);
-
- bn_correct_top(r);
- bn_check_top(r);
- return ret;
-}
-
-int BN_mask_bits(BIGNUM *a, int n)
+int
+BN_mul (BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
{
- int b, w;
+ int ret = bn_mul_fixed_top (r, a, b, ctx);
- bn_check_top(a);
- if (n < 0)
- return 0;
+ bn_correct_top (r);
+ bn_check_top (r);
- w = n / BN_BITS2;
- b = n % BN_BITS2;
- if (w >= a->top)
- return 0;
- if (b == 0)
- a->top = w;
- else {
- a->top = w + 1;
- a->d[w] &= ~(BN_MASK2 << b);
- }
- bn_correct_top(a);
- return 1;
+ return ret;
}
-static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
-{
- BIGNUM *n;
- BN_ULONG *ap, *np, *rp, n0, v, carry;
- int nl, max, i;
- unsigned int rtop;
-
- n = &(mont->N);
- nl = n->top;
- if (nl == 0) {
- ret->top = 0;
- return 1;
- }
-
- max = (2 * nl); /* carry is stored separately */
- if (bn_wexpand(r, max) == NULL)
- return 0;
- r->neg ^= n->neg;
- np = n->d;
- rp = r->d;
+int
+BN_mask_bits (BIGNUM *a, int n)
+{
+ int b, w;
- /* clear the top words of T */
- for (rtop = r->top, i = 0; i < max; i++) {
- v = (BN_ULONG)0 - ((i - rtop) >> (8 * sizeof(rtop) - 1));
- rp[i] &= v;
- }
+ bn_check_top (a);
+ if (n < 0)
+ return 0;
- r->top = max;
- r->flags |= BN_FLG_FIXED_TOP;
- n0 = mont->n0[0];
+ w = n / BN_BITS2;
+ b = n % BN_BITS2;
+ if (w >= a->top)
+ return 0;
+ if (b == 0)
+ a->top = w;
+ else
+ {
+ a->top = w + 1;
+ a->d[w] &= ~(BN_MASK2 << b);
+ }
+ bn_correct_top (a);
+ return 1;
+}
+
+
+static int
+bn_from_montgomery_word (BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
+{
+ BIGNUM *n;
+ BN_ULONG *ap, *np, *rp, n0, v, carry;
+ int nl, max, i;
+ unsigned int rtop;
+
+ n = &(mont->N);
+ nl = n->top;
+ if (nl == 0)
+ {
+ ret->top = 0;
+ return 1;
+ }
- /*
- * Add multiples of |n| to |r| until R = 2^(nl * BN_BITS2) divides it. On
- * input, we had |r| < |n| * R, so now |r| < 2 * |n| * R. Note that |r|
- * includes |carry| which is stored separately.
- */
- for (carry = 0, i = 0; i < nl; i++, rp++) {
- v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2);
- v = (v + carry + rp[nl]) & BN_MASK2;
- carry |= (v != rp[nl]);
- carry &= (v <= rp[nl]);
- rp[nl] = v;
- }
+ max = (2 * nl); /* carry is stored separately */
+ if (bn_wexpand (r, max) == NULL)
+ return 0;
- if (bn_wexpand(ret, nl) == NULL)
- return 0;
- ret->top = nl;
- ret->flags |= BN_FLG_FIXED_TOP;
- ret->neg = r->neg;
+ r->neg ^= n->neg;
+ np = n->d;
+ rp = r->d;
+
+ /* clear the top words of T */
+ for (rtop = r->top, i = 0; i < max; i++)
+ {
+ v = (BN_ULONG) 0 - ((i - rtop) >> (8 * sizeof(rtop) - 1));
+ rp[i] &= v;
+ }
+
+ r->top = max;
+ r->flags |= BN_FLG_FIXED_TOP;
+ n0 = mont->n0[0];
+
+ /*
+ * Add multiples of |n| to |r| until R = 2^(nl * BN_BITS2) divides it. On
+ * input, we had |r| < |n| * R, so now |r| < 2 * |n| * R. Note that |r|
+ * includes |carry| which is stored separately.
+ */
+ for (carry = 0, i = 0; i < nl; i++, rp++)
+ {
+ v = bn_mul_add_words (rp, np, nl, (rp[0] * n0) & BN_MASK2);
+ v = (v + carry + rp[nl]) & BN_MASK2;
+ carry |= (v != rp[nl]);
+ carry &= (v <= rp[nl]);
+ rp[nl] = v;
+ }
+
+ if (bn_wexpand (ret, nl) == NULL)
+ return 0;
+ ret->top = nl;
+ ret->flags |= BN_FLG_FIXED_TOP;
+ ret->neg = r->neg;
- rp = ret->d;
+ rp = ret->d;
- /*
- * Shift |nl| words to divide by R. We have |ap| < 2 * |n|. Note that |ap|
- * includes |carry| which is stored separately.
- */
- ap = &(r->d[nl]);
+ /*
+ * Shift |nl| words to divide by R. We have |ap| < 2 * |n|. Note that |ap|
+ * includes |carry| which is stored separately.
+ */
+ ap = &(r->d[nl]);
- carry -= bn_sub_words(rp, ap, np, nl);
- /*
- * |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note
- * |carry| cannot be 1. That would imply the subtraction did not fit in
- * |nl| words, and we know at most one subtraction is needed.
- */
- for (i = 0; i < nl; i++) {
- rp[i] = (carry & ap[i]) | (~carry & rp[i]);
- ap[i] = 0;
- }
+ carry -= bn_sub_words (rp, ap, np, nl);
+ /*
+ * |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note
+ * |carry| cannot be 1. That would imply the subtraction did not fit in
+ * |nl| words, and we know at most one subtraction is needed.
+ */
+ for (i = 0; i < nl; i++)
+ {
+ rp[i] = (carry & ap[i]) | (~carry & rp[i]);
+ ap[i] = 0;
+ }
- return 1;
+ return 1;
}
-int bn_from_mont_fixed_top(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
- BN_CTX *ctx)
+
+int
+bn_from_mont_fixed_top (BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx)
{
- int retn = 0;
+ int retn = 0;
#ifdef MONT_WORD
- BIGNUM *t;
-
- BN_CTX_start(ctx);
- if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) {
- retn = bn_from_montgomery_word(ret, t, mont);
- }
- BN_CTX_end(ctx);
+ BIGNUM *t;
+
+ BN_CTX_start (ctx);
+ if ((t = BN_CTX_get (ctx)) && BN_copy (t, a))
+ {
+ retn = bn_from_montgomery_word (ret, t, mont);
+ }
+ BN_CTX_end (ctx);
#else /* !MONT_WORD */
- BIGNUM *t1, *t2;
-
- BN_CTX_start(ctx);
- t1 = BN_CTX_get(ctx);
- t2 = BN_CTX_get(ctx);
- if (t2 == NULL)
- goto err;
-
- if (!BN_copy(t1, a))
- goto err;
- BN_mask_bits(t1, mont->ri);
-
- if (!BN_mul(t2, t1, &mont->Ni, ctx))
- goto err;
- BN_mask_bits(t2, mont->ri);
-
- if (!BN_mul(t1, t2, &mont->N, ctx))
- goto err;
- if (!BN_add(t2, a, t1))
- goto err;
- if (!BN_rshift(ret, t2, mont->ri))
- goto err;
-
- if (BN_ucmp(ret, &(mont->N)) >= 0) {
- if (!BN_usub(ret, ret, &(mont->N)))
- goto err;
- }
- retn = 1;
- bn_check_top(ret);
- err:
- BN_CTX_end(ctx);
+ BIGNUM *t1, *t2;
+
+ BN_CTX_start (ctx);
+ t1 = BN_CTX_get (ctx);
+ t2 = BN_CTX_get (ctx);
+ if (t2 == NULL)
+ goto err;
+
+ if (! BN_copy (t1, a))
+ goto err;
+ BN_mask_bits (t1, mont->ri);
+
+ if (! BN_mul (t2, t1, &mont->Ni, ctx))
+ goto err;
+ BN_mask_bits (t2, mont->ri);
+
+ if (! BN_mul (t1, t2, &mont->N, ctx))
+ goto err;
+ if (! BN_add (t2, a, t1))
+ goto err;
+ if (! BN_rshift (ret, t2, mont->ri))
+ goto err;
+
+ if (BN_ucmp (ret, &(mont->N)) >= 0)
+ {
+ if (! BN_usub (ret, ret, &(mont->N)))
+ goto err;
+ }
+ retn = 1;
+ bn_check_top (ret);
+err:
+ BN_CTX_end (ctx);
#endif /* MONT_WORD */
- return retn;
+ return retn;
}
-int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
- BN_CTX *ctx)
+
+int
+BN_from_montgomery (BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx)
{
- int retn;
+ int retn;
- retn = bn_from_mont_fixed_top(ret, a, mont, ctx);
- bn_correct_top(ret);
- bn_check_top(ret);
+ retn = bn_from_mont_fixed_top (ret, a, mont, ctx);
+ bn_correct_top (ret);
+ bn_check_top (ret);
- return retn;
+ return retn;
}
-int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- BN_MONT_CTX *mont, BN_CTX *ctx)
+
+int
+bn_mul_mont_fixed_top (BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ BN_MONT_CTX *mont, BN_CTX *ctx)
{
- BIGNUM *tmp;
- int ret = 0;
- int num = mont->N.top;
+ BIGNUM *tmp;
+ int ret = 0;
+ int num = mont->N.top;
#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
- if (num > 1 && num <= BN_SOFT_LIMIT && a->top == num && b->top == num) {
- if (bn_wexpand(r, num) == NULL)
- return 0;
- if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
- r->neg = a->neg ^ b->neg;
- r->top = num;
- r->flags |= BN_FLG_FIXED_TOP;
- return 1;
- }
+ if (num > 1 && num <= BN_SOFT_LIMIT && a->top == num && b->top == num)
+ {
+ if (bn_wexpand (r, num) == NULL)
+ return 0;
+ if (bn_mul_mont (r->d, a->d, b->d, mont->N.d, mont->n0, num))
+ {
+ r->neg = a->neg ^ b->neg;
+ r->top = num;
+ r->flags |= BN_FLG_FIXED_TOP;
+ return 1;
}
+ }
#endif
- if ((a->top + b->top) > 2 * num)
- return 0;
-
- BN_CTX_start(ctx);
- tmp = BN_CTX_get(ctx);
- if (tmp == NULL)
- goto err;
+ if ((a->top + b->top) > 2 * num)
+ return 0;
- bn_check_top(tmp);
- if (a == b) {
- if (!bn_sqr_fixed_top(tmp, a, ctx))
- goto err;
- } else {
- if (!bn_mul_fixed_top(tmp, a, b, ctx))
- goto err;
- }
- /* reduce from aRR to aR */
+ BN_CTX_start (ctx);
+ tmp = BN_CTX_get (ctx);
+ if (tmp == NULL)
+ goto err;
+
+ bn_check_top (tmp);
+ if (a == b)
+ {
+ if (! bn_sqr_fixed_top (tmp, a, ctx))
+ goto err;
+ }
+ else
+ {
+ if (! bn_mul_fixed_top (tmp, a, b, ctx))
+ goto err;
+ }
+ /* reduce from aRR to aR */
#ifdef MONT_WORD
- if (!bn_from_montgomery_word(r, tmp, mont))
- goto err;
+ if (! bn_from_montgomery_word (r, tmp, mont))
+ goto err;
#else
- if (!BN_from_montgomery(r, tmp, mont, ctx))
- goto err;
+ if (! BN_from_montgomery (r, tmp, mont, ctx))
+ goto err;
#endif
- ret = 1;
- err:
- BN_CTX_end(ctx);
- return ret;
+ ret = 1;
+err:
+ BN_CTX_end (ctx);
+ return ret;
}
-int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
- BN_CTX *ctx)
+int
+bn_to_mont_fixed_top (BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx)
{
- return bn_mul_mont_fixed_top(r, a, &(mont->RR), mont, ctx);
+ return bn_mul_mont_fixed_top (r, a, &(mont->RR), mont, ctx);
}
-static int BN_STACK_push(BN_STACK *st, unsigned int idx)
+
+static int
+BN_STACK_push (BN_STACK *st, unsigned int idx)
{
- if (st->depth == st->size) {
- /* Need to expand */
- unsigned int newsize =
- st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES;
- unsigned int *newitems;
+ if (st->depth == st->size)
+ {
+ /* Need to expand */
+ unsigned int newsize =
+ st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES;
+ unsigned int *newitems;
- if ((newitems = OPENSSL_malloc(sizeof(*newitems) * newsize)) == NULL)
- return 0;
- if (st->depth)
- memcpy(newitems, st->indexes, sizeof(*newitems) * st->depth);
- OPENSSL_free(st->indexes);
- st->indexes = newitems;
- st->size = newsize;
- }
- st->indexes[(st->depth)++] = idx;
- return 1;
+ if ((newitems = OPENSSL_malloc (sizeof(*newitems) * newsize)) == NULL)
+ return 0;
+ if (st->depth)
+ memcpy (newitems, st->indexes, sizeof(*newitems) * st->depth);
+ OPENSSL_free (st->indexes);
+ st->indexes = newitems;
+ st->size = newsize;
+ }
+ st->indexes[(st->depth)++] = idx;
+ return 1;
}
-static unsigned int BN_STACK_pop(BN_STACK *st)
+
+static unsigned int
+BN_STACK_pop (BN_STACK *st)
{
- return st->indexes[--(st->depth)];
+ return st->indexes[--(st->depth)];
}
-static void BN_STACK_init(BN_STACK *st)
+
+static void
+BN_STACK_init (BN_STACK *st)
{
- st->indexes = NULL;
- st->depth = st->size = 0;
+ st->indexes = NULL;
+ st->depth = st->size = 0;
}
-static void BN_STACK_finish(BN_STACK *st)
+
+static void
+BN_STACK_finish (BN_STACK *st)
{
- OPENSSL_free(st->indexes);
- st->indexes = NULL;
+ OPENSSL_free (st->indexes);
+ st->indexes = NULL;
}
-static void BN_POOL_init(BN_POOL *p)
+
+static void
+BN_POOL_init (BN_POOL *p)
{
- p->head = p->current = p->tail = NULL;
- p->used = p->size = 0;
+ p->head = p->current = p->tail = NULL;
+ p->used = p->size = 0;
}
+
typedef void *(*memset_t)(void *, int, size_t);
static volatile memset_t memset_func = memset;
-void OPENSSL_cleanse(void *ptr, size_t len)
+void
+OPENSSL_cleanse (void *ptr, size_t len)
{
- memset_func(ptr, 0, len);
+ memset_func (ptr, 0, len);
}
-void BN_clear_free(BIGNUM *a)
+void
+BN_clear_free (BIGNUM *a)
{
- if (a == NULL)
- return;
- if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA))
- bn_free_d(a, 1);
- if (BN_get_flags(a, BN_FLG_MALLOCED)) {
- OPENSSL_cleanse(a, sizeof(*a));
- OPENSSL_free(a);
- }
+ if (a == NULL)
+ return;
+ if (a->d != NULL && ! BN_get_flags (a, BN_FLG_STATIC_DATA))
+ bn_free_d (a, 1);
+ if (BN_get_flags (a, BN_FLG_MALLOCED))
+ {
+ OPENSSL_cleanse (a, sizeof(*a));
+ OPENSSL_free (a);
+ }
}
-static void BN_POOL_finish(BN_POOL *p)
+
+static void
+BN_POOL_finish (BN_POOL *p)
{
- unsigned int loop;
- BIGNUM *bn;
+ unsigned int loop;
+ BIGNUM *bn;
- while (p->head) {
- for (loop = 0, bn = p->head->vals; loop++ < BN_CTX_POOL_SIZE; bn++)
- if (bn->d)
- BN_clear_free(bn);
- p->current = p->head->next;
- OPENSSL_free(p->head);
- p->head = p->current;
- }
+ while (p->head)
+ {
+ for (loop = 0, bn = p->head->vals; loop++ < BN_CTX_POOL_SIZE; bn++)
+ if (bn->d)
+ BN_clear_free (bn);
+ p->current = p->head->next;
+ OPENSSL_free (p->head);
+ p->head = p->current;
+ }
}
-void BN_set_flags(BIGNUM *b, int n)
+
+void
+BN_set_flags (BIGNUM *b, int n)
{
- b->flags |= n;
+ b->flags |= n;
}
-static BIGNUM *BN_POOL_get(BN_POOL *p, int flag)
+
+static BIGNUM *
+BN_POOL_get (BN_POOL *p, int flag)
{
- BIGNUM *bn;
- unsigned int loop;
+ BIGNUM *bn;
+ unsigned int loop;
- /* Full; allocate a new pool item and link it in. */
- if (p->used == p->size) {
- BN_POOL_ITEM *item;
+ /* Full; allocate a new pool item and link it in. */
+ if (p->used == p->size)
+ {
+ BN_POOL_ITEM *item;
- if ((item = OPENSSL_malloc(sizeof(*item))) == NULL)
- return NULL;
- for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) {
- bn_init(bn);
- if ((flag & BN_FLG_SECURE) != 0)
- BN_set_flags(bn, BN_FLG_SECURE);
- }
- item->prev = p->tail;
- item->next = NULL;
-
- if (p->head == NULL)
- p->head = p->current = p->tail = item;
- else {
- p->tail->next = item;
- p->tail = item;
- p->current = item;
- }
- p->size += BN_CTX_POOL_SIZE;
- p->used++;
- /* Return the first bignum from the new pool */
- return item->vals;
+ if ((item = OPENSSL_malloc (sizeof(*item))) == NULL)
+ return NULL;
+ for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++)
+ {
+ bn_init (bn);
+ if ((flag & BN_FLG_SECURE) != 0)
+ BN_set_flags (bn, BN_FLG_SECURE);
}
+ item->prev = p->tail;
+ item->next = NULL;
- if (!p->used)
- p->current = p->head;
- else if ((p->used % BN_CTX_POOL_SIZE) == 0)
- p->current = p->current->next;
- return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
+ if (p->head == NULL)
+ p->head = p->current = p->tail = item;
+ else
+ {
+ p->tail->next = item;
+ p->tail = item;
+ p->current = item;
+ }
+ p->size += BN_CTX_POOL_SIZE;
+ p->used++;
+ /* Return the first bignum from the new pool */
+ return item->vals;
+ }
+
+ if (! p->used)
+ p->current = p->head;
+ else if ((p->used % BN_CTX_POOL_SIZE) == 0)
+ p->current = p->current->next;
+ return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
}
-static void BN_POOL_release(BN_POOL *p, unsigned int num)
+
+static void
+BN_POOL_release (BN_POOL *p, unsigned int num)
{
- unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;
+ unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;
- p->used -= num;
- while (num--) {
- bn_check_top(p->current->vals + offset);
- if (offset == 0) {
- offset = BN_CTX_POOL_SIZE - 1;
- p->current = p->current->prev;
- } else
- offset--;
+ p->used -= num;
+ while (num--)
+ {
+ bn_check_top (p->current->vals + offset);
+ if (offset == 0)
+ {
+ offset = BN_CTX_POOL_SIZE - 1;
+ p->current = p->current->prev;
}
+ else
+ offset--;
+ }
}
-const BIGNUM *BN_value_one(void)
+
+const BIGNUM *
+BN_value_one (void)
{
- static const BN_ULONG data_one = 1L;
- static const BIGNUM const_one =
- { (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA };
+ static const BN_ULONG data_one = 1L;
+ static const BIGNUM const_one =
+ { (BN_ULONG *) &data_one, 1, 1, 0, BN_FLG_STATIC_DATA };
- return &const_one;
+ return &const_one;
}
-int BN_is_bit_set(const BIGNUM *a, int n)
+
+int
+BN_is_bit_set (const BIGNUM *a, int n)
{
- int i, j;
+ int i, j;
- bn_check_top(a);
- if (n < 0)
- return 0;
- i = n / BN_BITS2;
- j = n % BN_BITS2;
- if (a->top <= i)
- return 0;
- return (int)(((a->d[i]) >> j) & ((BN_ULONG)1));
+ bn_check_top (a);
+ if (n < 0)
+ return 0;
+ i = n / BN_BITS2;
+ j = n % BN_BITS2;
+ if (a->top <= i)
+ return 0;
+ return (int) (((a->d[i]) >> j) & ((BN_ULONG) 1));
}
-int BN_set_bit(BIGNUM *a, int n)
+
+int
+BN_set_bit (BIGNUM *a, int n)
{
- int i, j, k;
+ int i, j, k;
- if (n < 0)
- return 0;
+ if (n < 0)
+ return 0;
- i = n / BN_BITS2;
- j = n % BN_BITS2;
- if (a->top <= i) {
- if (bn_wexpand(a, i + 1) == NULL)
- return 0;
- for (k = a->top; k < i + 1; k++)
- a->d[k] = 0;
- a->top = i + 1;
- a->flags &= ~BN_FLG_FIXED_TOP;
- }
+ i = n / BN_BITS2;
+ j = n % BN_BITS2;
+ if (a->top <= i)
+ {
+ if (bn_wexpand (a, i + 1) == NULL)
+ return 0;
+ for (k = a->top; k < i + 1; k++)
+ a->d[k] = 0;
+ a->top = i + 1;
+ a->flags &= ~BN_FLG_FIXED_TOP;
+ }
- a->d[i] |= (((BN_ULONG)1) << j);
- bn_check_top(a);
- return 1;
+ a->d[i] |= (((BN_ULONG) 1) << j);
+ bn_check_top (a);
+ return 1;
}
-BN_CTX *BN_CTX_new_ex(OSSL_LIB_CTX *ctx)
+
+BN_CTX *
+BN_CTX_new_ex (OSSL_LIB_CTX *ctx)
{
- BN_CTX *ret;
+ BN_CTX *ret;
- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
- return NULL;
- /* Initialise the structure */
- BN_POOL_init(&ret->pool);
- BN_STACK_init(&ret->stack);
- ret->libctx = ctx;
- return ret;
+ if ((ret = OPENSSL_zalloc (sizeof(*ret))) == NULL)
+ return NULL;
+ memset (ret,
+ 0,
+ sizeof (*ret));
+ /* Initialise the structure */
+ BN_POOL_init (&ret->pool);
+ BN_STACK_init (&ret->stack);
+ ret->libctx = ctx;
+ return ret;
}
-BIGNUM *BN_new(void)
+
+BIGNUM *
+BN_new (void)
{
- BIGNUM *ret;
+ BIGNUM *ret;
- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
- return NULL;
- ret->flags = BN_FLG_MALLOCED;
- bn_check_top(ret);
- return ret;
+ if ((ret = OPENSSL_zalloc (sizeof(*ret))) == NULL)
+ return NULL;
+ memset (ret, 0, sizeof (*ret));
+ ret->flags = BN_FLG_MALLOCED;
+ bn_check_top (ret);
+ return ret;
}
-int BN_is_odd(const BIGNUM *a)
-{
- return (a->top > 0) && (a->d[0] & 1);
-}
-int BN_lshift1(BIGNUM *r, const BIGNUM *a)
+int
+BN_is_odd (const BIGNUM *a)
{
- register BN_ULONG *ap, *rp, t, c;
- int i;
-
- bn_check_top(r);
- bn_check_top(a);
-
- if (r != a) {
- r->neg = a->neg;
- if (bn_wexpand(r, a->top + 1) == NULL)
- return 0;
- r->top = a->top;
- } else {
- if (bn_wexpand(r, a->top + 1) == NULL)
- return 0;
- }
- ap = a->d;
- rp = r->d;
- c = 0;
- for (i = 0; i < a->top; i++) {
- t = *(ap++);
- *(rp++) = ((t << 1) | c) & BN_MASK2;
- c = t >> (BN_BITS2 - 1);
- }
- *rp = c;
- r->top += c;
- bn_check_top(r);
- return 1;
+ return (a->top > 0) && (a->d[0] & 1);
}
-int BN_rshift1(BIGNUM *r, const BIGNUM *a)
+
+int
+BN_lshift1 (BIGNUM *r, const BIGNUM *a)
{
- BN_ULONG *ap, *rp, t, c;
- int i;
+ register BN_ULONG *ap, *rp, t, c;
+ int i;
- bn_check_top(r);
- bn_check_top(a);
+ bn_check_top (r);
+ bn_check_top (a);
- if (BN_is_zero(a)) {
- BN_zero(r);
- return 1;
- }
- i = a->top;
- ap = a->d;
- if (a != r) {
- if (bn_wexpand(r, i) == NULL)
- return 0;
- r->neg = a->neg;
- }
- rp = r->d;
- r->top = i;
+ if (r != a)
+ {
+ r->neg = a->neg;
+ if (bn_wexpand (r, a->top + 1) == NULL)
+ return 0;
+ r->top = a->top;
+ }
+ else
+ {
+ if (bn_wexpand (r, a->top + 1) == NULL)
+ return 0;
+ }
+ ap = a->d;
+ rp = r->d;
+ c = 0;
+ for (i = 0; i < a->top; i++)
+ {
+ t = *(ap++);
+ *(rp++) = ((t << 1) | c) & BN_MASK2;
+ c = t >> (BN_BITS2 - 1);
+ }
+ *rp = c;
+ r->top += c;
+ bn_check_top (r);
+ return 1;
+}
+
+
+int
+BN_rshift1 (BIGNUM *r, const BIGNUM *a)
+{
+ BN_ULONG *ap, *rp, t, c;
+ int i;
+
+ bn_check_top (r);
+ bn_check_top (a);
+
+ if (BN_is_zero (a))
+ {
+ BN_zero (r);
+ return 1;
+ }
+ i = a->top;
+ ap = a->d;
+ if (a != r)
+ {
+ if (bn_wexpand (r, i) == NULL)
+ return 0;
+ r->neg = a->neg;
+ }
+ rp = r->d;
+ r->top = i;
+ t = ap[--i];
+ rp[i] = t >> 1;
+ c = t << (BN_BITS2 - 1);
+ r->top -= (t == 1);
+ while (i > 0)
+ {
t = ap[--i];
- rp[i] = t >> 1;
+ rp[i] = ((t >> 1) & BN_MASK2) | c;
c = t << (BN_BITS2 - 1);
- r->top -= (t == 1);
- while (i > 0) {
- t = ap[--i];
- rp[i] = ((t >> 1) & BN_MASK2) | c;
- c = t << (BN_BITS2 - 1);
- }
- if (!r->top)
- r->neg = 0; /* don't allow negative zero */
- bn_check_top(r);
- return 1;
+ }
+ if (! r->top)
+ r->neg = 0; /* don't allow negative zero */
+ bn_check_top (r);
+ return 1;
}
-int BN_is_word(const BIGNUM *a, const BN_ULONG w)
+
+int
+BN_is_word (const BIGNUM *a, const BN_ULONG w)
{
- return BN_abs_is_word(a, w) && (!w || !a->neg);
+ return BN_abs_is_word (a, w) && (! w || ! a->neg);
}
-int BN_is_one(const BIGNUM *a)
+
+int
+BN_is_one (const BIGNUM *a)
{
- return BN_abs_is_word(a, 1) && !a->neg;
+ return BN_abs_is_word (a, 1) && ! a->neg;
}
-int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
+
+int
+BN_lshift (BIGNUM *r, const BIGNUM *a, int n)
{
- int ret;
+ int ret;
- if (n < 0) {
- // ERR_raise(ERR_LIB_BN, BN_R_INVALID_SHIFT);
- //return 0;
- assert(0);
- }
+ if (n < 0)
+ {
+ // ERR_raise(ERR_LIB_BN, BN_R_INVALID_SHIFT);
+ // return 0;
+ assert (0);
+ }
- ret = bn_lshift_fixed_top(r, a, n);
+ ret = bn_lshift_fixed_top (r, a, n);
- bn_correct_top(r);
- bn_check_top(r);
+ bn_correct_top (r);
+ bn_check_top (r);
- return ret;
+ return ret;
}
-int BN_mul_word(BIGNUM *a, BN_ULONG w)
+
+int
+BN_mul_word (BIGNUM *a, BN_ULONG w)
{
- BN_ULONG ll;
+ BN_ULONG ll;
- bn_check_top(a);
- w &= BN_MASK2;
- if (a->top) {
- if (w == 0)
- BN_zero(a);
- else {
- ll = bn_mul_words(a->d, a->d, a->top, w);
- if (ll) {
- if (bn_wexpand(a, a->top + 1) == NULL)
- return 0;
- a->d[a->top++] = ll;
- }
- }
+ bn_check_top (a);
+ w &= BN_MASK2;
+ if (a->top)
+ {
+ if (w == 0)
+ BN_zero (a);
+ else
+ {
+ ll = bn_mul_words (a->d, a->d, a->top, w);
+ if (ll)
+ {
+ if (bn_wexpand (a, a->top + 1) == NULL)
+ return 0;
+ a->d[a->top++] = ll;
+ }
}
- bn_check_top(a);
- return 1;
+ }
+ bn_check_top (a);
+ return 1;
}
+
/*
* This is an internal function, we assume all callers pass valid arguments:
* all pointers passed here are assumed non-NULL.
*/
-BIGNUM *int_bn_mod_inverse(BIGNUM *in,
- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
- int *pnoinv)
-{
- BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
- BIGNUM *ret = NULL;
- int sign;
-
- /* This is invalid input so we don't worry about constant time here */
- if (BN_abs_is_word(n, 1) || BN_is_zero(n)) {
- *pnoinv = 1;
- return NULL;
- }
-
- *pnoinv = 0;
+BIGNUM *
+int_bn_mod_inverse (BIGNUM *in,
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
+ int *pnoinv)
+{
+ BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
+ BIGNUM *ret = NULL;
+ int sign;
+
+ /* This is invalid input so we don't worry about constant time here */
+ if (BN_abs_is_word (n, 1) || BN_is_zero (n))
+ {
+ *pnoinv = 1;
+ return NULL;
+ }
+
+ *pnoinv = 0;
/*
if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0)
|| (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) {
return bn_mod_inverse_no_branch(in, a, n, ctx, pnoinv);
}
*/
- bn_check_top(a);
- bn_check_top(n);
-
- BN_CTX_start(ctx);
- A = BN_CTX_get(ctx);
- B = BN_CTX_get(ctx);
- X = BN_CTX_get(ctx);
- D = BN_CTX_get(ctx);
- M = BN_CTX_get(ctx);
- Y = BN_CTX_get(ctx);
- T = BN_CTX_get(ctx);
- if (T == NULL)
- goto err;
-
- if (in == NULL)
- R = BN_new();
- else
- R = in;
- if (R == NULL)
- goto err;
-
- if (!BN_one(X))
- goto err;
- BN_zero(Y);
- if (BN_copy(B, a) == NULL)
- goto err;
- if (BN_copy(A, n) == NULL)
- goto err;
- A->neg = 0;
- if (B->neg || (BN_ucmp(B, A) >= 0)) {
- if (!BN_nnmod(B, B, A, ctx))
- goto err;
- }
- sign = -1;
- /*-
- * From B = a mod |n|, A = |n| it follows that
- *
- * 0 <= B < A,
- * -sign*X*a == B (mod |n|),
- * sign*Y*a == A (mod |n|).
+ bn_check_top (a);
+ bn_check_top (n);
+
+ BN_CTX_start (ctx);
+ A = BN_CTX_get (ctx);
+ B = BN_CTX_get (ctx);
+ X = BN_CTX_get (ctx);
+ D = BN_CTX_get (ctx);
+ M = BN_CTX_get (ctx);
+ Y = BN_CTX_get (ctx);
+ T = BN_CTX_get (ctx);
+ if (T == NULL)
+ goto err;
+
+ if (in == NULL)
+ R = BN_new ();
+ else
+ R = in;
+ if (R == NULL)
+ goto err;
+
+ if (! BN_one (X))
+ goto err;
+ BN_zero (Y);
+ if (BN_copy (B, a) == NULL)
+ goto err;
+ if (BN_copy (A, n) == NULL)
+ goto err;
+ A->neg = 0;
+ if (B->neg || (BN_ucmp (B, A) >= 0))
+ {
+ if (! BN_nnmod (B, B, A, ctx))
+ goto err;
+ }
+ sign = -1;
+ /*-
+ * From B = a mod |n|, A = |n| it follows that
+ *
+ * 0 <= B < A,
+ * -sign*X*a == B (mod |n|),
+ * sign*Y*a == A (mod |n|).
+ */
+
+ if (BN_is_odd (n) && (BN_num_bits (n) <= 2048))
+ {
+ /*
+ * Binary inversion algorithm; requires odd modulus. This is faster
+ * than the general algorithm if the modulus is sufficiently small
+ * (about 400 .. 500 bits on 32-bit systems, but much more on 64-bit
+ * systems)
*/
+ int shift;
- if (BN_is_odd(n) && (BN_num_bits(n) <= 2048)) {
+ while (! BN_is_zero (B))
+ {
+ /*-
+ * 0 < B < |n|,
+ * 0 < A <= |n|,
+ * (1) -sign*X*a == B (mod |n|),
+ * (2) sign*Y*a == A (mod |n|)
+ */
+
+ /*
+ * Now divide B by the maximum possible power of two in the
+ * integers, and divide X by the same value mod |n|. When we're
+ * done, (1) still holds.
+ */
+ shift = 0;
+ while (! BN_is_bit_set (B, shift)) /* note that 0 < B */
+ {
+ shift++;
+
+ if (BN_is_odd (X))
+ {
+ if (! BN_uadd (X, X, n))
+ goto err;
+ }
/*
- * Binary inversion algorithm; requires odd modulus. This is faster
- * than the general algorithm if the modulus is sufficiently small
- * (about 400 .. 500 bits on 32-bit systems, but much more on 64-bit
- * systems)
+ * now X is even, so we can easily divide it by two
*/
- int shift;
-
- while (!BN_is_zero(B)) {
- /*-
- * 0 < B < |n|,
- * 0 < A <= |n|,
- * (1) -sign*X*a == B (mod |n|),
- * (2) sign*Y*a == A (mod |n|)
- */
+ if (! BN_rshift1 (X, X))
+ goto err;
+ }
+ if (shift > 0)
+ {
+ if (! BN_rshift (B, B, shift))
+ goto err;
+ }
+
+ /*
+ * Same for A and Y. Afterwards, (2) still holds.
+ */
+ shift = 0;
+ while (! BN_is_bit_set (A, shift)) /* note that 0 < A */
+ {
+ shift++;
+
+ if (BN_is_odd (Y))
+ {
+ if (! BN_uadd (Y, Y, n))
+ goto err;
+ }
+ /* now Y is even */
+ if (! BN_rshift1 (Y, Y))
+ goto err;
+ }
+ if (shift > 0)
+ {
+ if (! BN_rshift (A, A, shift))
+ goto err;
+ }
+
+ /*-
+ * We still have (1) and (2).
+ * Both A and B are odd.
+ * The following computations ensure that
+ *
+ * 0 <= B < |n|,
+ * 0 < A < |n|,
+ * (1) -sign*X*a == B (mod |n|),
+ * (2) sign*Y*a == A (mod |n|),
+ *
+ * and that either A or B is even in the next iteration.
+ */
+ if (BN_ucmp (B, A) >= 0)
+ {
+ /* -sign*(X + Y)*a == B - A (mod |n|) */
+ if (! BN_uadd (X, X, Y))
+ goto err;
+ /*
+ * NB: we could use BN_mod_add_quick(X, X, Y, n), but that
+ * actually makes the algorithm slower
+ */
+ if (! BN_usub (B, B, A))
+ goto err;
+ }
+ else
+ {
+ /* sign*(X + Y)*a == A - B (mod |n|) */
+ if (! BN_uadd (Y, Y, X))
+ goto err;
+ /*
+ * as above, BN_mod_add_quick(Y, Y, X, n) would slow things down
+ */
+ if (! BN_usub (A, A, B))
+ goto err;
+ }
+ }
+ }
+ else
+ {
+ /* general inversion algorithm */
+ while (! BN_is_zero (B))
+ {
+ BIGNUM *tmp;
+
+ /*-
+ * 0 < B < A,
+ * (*) -sign*X*a == B (mod |n|),
+ * sign*Y*a == A (mod |n|)
+ */
+
+ /* (D, M) := (A/B, A%B) ... */
+ if (BN_num_bits (A) == BN_num_bits (B))
+ {
+ if (! BN_one (D))
+ goto err;
+ if (! BN_sub (M, A, B))
+ goto err;
+ }
+ else if (BN_num_bits (A) == BN_num_bits (B) + 1)
+ {
+ /* A/B is 1, 2, or 3 */
+ if (! BN_lshift1 (T, B))
+ goto err;
+ if (BN_ucmp (A, T) < 0)
+ {
+ /* A < 2*B, so D=1 */
+ if (! BN_one (D))
+ goto err;
+ if (! BN_sub (M, A, B))
+ goto err;
+ }
+ else
+ {
+ /* A >= 2*B, so D=2 or D=3 */
+ if (! BN_sub (M, A, T))
+ goto err;
+ if (! BN_add (D, T, B))
+ goto err; /* use D (:= 3*B) as temp */
+ if (BN_ucmp (A, D) < 0)
+ {
+ /* A < 3*B, so D=2 */
+ if (! BN_set_word (D, 2))
+ goto err;
/*
- * Now divide B by the maximum possible power of two in the
- * integers, and divide X by the same value mod |n|. When we're
- * done, (1) still holds.
+ * M (= A - 2*B) already has the correct value
*/
- shift = 0;
- while (!BN_is_bit_set(B, shift)) { /* note that 0 < B */
- shift++;
-
- if (BN_is_odd(X)) {
- if (!BN_uadd(X, X, n))
- goto err;
- }
- /*
- * now X is even, so we can easily divide it by two
- */
- if (!BN_rshift1(X, X))
- goto err;
- }
- if (shift > 0) {
- if (!BN_rshift(B, B, shift))
- goto err;
- }
-
+ }
+ else
+ {
+ /* only D=3 remains */
+ if (! BN_set_word (D, 3))
+ goto err;
/*
- * Same for A and Y. Afterwards, (2) still holds.
+ * currently M = A - 2*B, but we need M = A - 3*B
*/
- shift = 0;
- while (!BN_is_bit_set(A, shift)) { /* note that 0 < A */
- shift++;
-
- if (BN_is_odd(Y)) {
- if (!BN_uadd(Y, Y, n))
- goto err;
- }
- /* now Y is even */
- if (!BN_rshift1(Y, Y))
- goto err;
- }
- if (shift > 0) {
- if (!BN_rshift(A, A, shift))
- goto err;
- }
-
- /*-
- * We still have (1) and (2).
- * Both A and B are odd.
- * The following computations ensure that
- *
- * 0 <= B < |n|,
- * 0 < A < |n|,
- * (1) -sign*X*a == B (mod |n|),
- * (2) sign*Y*a == A (mod |n|),
- *
- * and that either A or B is even in the next iteration.
- */
- if (BN_ucmp(B, A) >= 0) {
- /* -sign*(X + Y)*a == B - A (mod |n|) */
- if (!BN_uadd(X, X, Y))
- goto err;
- /*
- * NB: we could use BN_mod_add_quick(X, X, Y, n), but that
- * actually makes the algorithm slower
- */
- if (!BN_usub(B, B, A))
- goto err;
- } else {
- /* sign*(X + Y)*a == A - B (mod |n|) */
- if (!BN_uadd(Y, Y, X))
- goto err;
- /*
- * as above, BN_mod_add_quick(Y, Y, X, n) would slow things down
- */
- if (!BN_usub(A, A, B))
- goto err;
- }
+ if (! BN_sub (M, M, B))
+ goto err;
+ }
}
- } else {
- /* general inversion algorithm */
-
- while (!BN_is_zero(B)) {
- BIGNUM *tmp;
-
- /*-
- * 0 < B < A,
- * (*) -sign*X*a == B (mod |n|),
- * sign*Y*a == A (mod |n|)
- */
-
- /* (D, M) := (A/B, A%B) ... */
- if (BN_num_bits(A) == BN_num_bits(B)) {
- if (!BN_one(D))
- goto err;
- if (!BN_sub(M, A, B))
- goto err;
- } else if (BN_num_bits(A) == BN_num_bits(B) + 1) {
- /* A/B is 1, 2, or 3 */
- if (!BN_lshift1(T, B))
- goto err;
- if (BN_ucmp(A, T) < 0) {
- /* A < 2*B, so D=1 */
- if (!BN_one(D))
- goto err;
- if (!BN_sub(M, A, B))
- goto err;
- } else {
- /* A >= 2*B, so D=2 or D=3 */
- if (!BN_sub(M, A, T))
- goto err;
- if (!BN_add(D, T, B))
- goto err; /* use D (:= 3*B) as temp */
- if (BN_ucmp(A, D) < 0) {
- /* A < 3*B, so D=2 */
- if (!BN_set_word(D, 2))
- goto err;
- /*
- * M (= A - 2*B) already has the correct value
- */
- } else {
- /* only D=3 remains */
- if (!BN_set_word(D, 3))
- goto err;
- /*
- * currently M = A - 2*B, but we need M = A - 3*B
- */
- if (!BN_sub(M, M, B))
- goto err;
- }
- }
- } else {
- if (!BN_div(D, M, A, B, ctx))
- goto err;
- }
-
- /*-
- * Now
- * A = D*B + M;
- * thus we have
- * (**) sign*Y*a == D*B + M (mod |n|).
- */
-
- tmp = A; /* keep the BIGNUM object, the value does not matter */
-
- /* (A, B) := (B, A mod B) ... */
- A = B;
- B = M;
- /* ... so we have 0 <= B < A again */
-
- /*-
- * Since the former M is now B and the former B is now A,
- * (**) translates into
- * sign*Y*a == D*A + B (mod |n|),
- * i.e.
- * sign*Y*a - D*A == B (mod |n|).
- * Similarly, (*) translates into
- * -sign*X*a == A (mod |n|).
- *
- * Thus,
- * sign*Y*a + D*sign*X*a == B (mod |n|),
- * i.e.
- * sign*(Y + D*X)*a == B (mod |n|).
- *
- * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
- * -sign*X*a == B (mod |n|),
- * sign*Y*a == A (mod |n|).
- * Note that X and Y stay non-negative all the time.
- */
-
- /*
- * most of the time D is very small, so we can optimize tmp := D*X+Y
- */
- if (BN_is_one(D)) {
- if (!BN_add(tmp, X, Y))
- goto err;
- } else {
- if (BN_is_word(D, 2)) {
- if (!BN_lshift1(tmp, X))
- goto err;
- } else if (BN_is_word(D, 4)) {
- if (!BN_lshift(tmp, X, 2))
- goto err;
- } else if (D->top == 1) {
- if (!BN_copy(tmp, X))
- goto err;
- if (!BN_mul_word(tmp, D->d[0]))
- goto err;
- } else {
- if (!BN_mul(tmp, D, X, ctx))
- goto err;
- }
- if (!BN_add(tmp, tmp, Y))
- goto err;
- }
-
- M = Y; /* keep the BIGNUM object, the value does not matter */
- Y = X;
- X = tmp;
- sign = -sign;
+ }
+ else
+ {
+ if (! BN_div (D, M, A, B, ctx))
+ goto err;
+ }
+
+ /*-
+ * Now
+ * A = D*B + M;
+ * thus we have
+ * (**) sign*Y*a == D*B + M (mod |n|).
+ */
+
+ tmp = A; /* keep the BIGNUM object, the value does not matter */
+
+ /* (A, B) := (B, A mod B) ... */
+ A = B;
+ B = M;
+ /* ... so we have 0 <= B < A again */
+
+ /*-
+ * Since the former M is now B and the former B is now A,
+ * (**) translates into
+ * sign*Y*a == D*A + B (mod |n|),
+ * i.e.
+ * sign*Y*a - D*A == B (mod |n|).
+ * Similarly, (*) translates into
+ * -sign*X*a == A (mod |n|).
+ *
+ * Thus,
+ * sign*Y*a + D*sign*X*a == B (mod |n|),
+ * i.e.
+ * sign*(Y + D*X)*a == B (mod |n|).
+ *
+ * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
+ * -sign*X*a == B (mod |n|),
+ * sign*Y*a == A (mod |n|).
+ * Note that X and Y stay non-negative all the time.
+ */
+
+ /*
+ * most of the time D is very small, so we can optimize tmp := D*X+Y
+ */
+ if (BN_is_one (D))
+ {
+ if (! BN_add (tmp, X, Y))
+ goto err;
+ }
+ else
+ {
+ if (BN_is_word (D, 2))
+ {
+ if (! BN_lshift1 (tmp, X))
+ goto err;
}
- }
-
- /*-
- * The while loop (Euclid's algorithm) ends when
- * A == gcd(a,n);
- * we have
- * sign*Y*a == A (mod |n|),
- * where Y is non-negative.
- */
-
- if (sign < 0) {
- if (!BN_sub(Y, n, Y))
+ else if (BN_is_word (D, 4))
+ {
+ if (! BN_lshift (tmp, X, 2))
+ goto err;
+ }
+ else if (D->top == 1)
+ {
+ if (! BN_copy (tmp, X))
+ goto err;
+ if (! BN_mul_word (tmp, D->d[0]))
+ goto err;
+ }
+ else
+ {
+ if (! BN_mul (tmp, D, X, ctx))
goto err;
- }
- /* Now Y*a == A (mod |n|). */
-
- if (BN_is_one(A)) {
- /* Y*a == 1 (mod |n|) */
- if (!Y->neg && BN_ucmp(Y, n) < 0) {
- if (!BN_copy(R, Y))
- goto err;
- } else {
- if (!BN_nnmod(R, Y, n, ctx))
- goto err;
}
- } else {
- *pnoinv = 1;
+ if (! BN_add (tmp, tmp, Y))
+ goto err;
+ }
+
+ M = Y; /* keep the BIGNUM object, the value does not matter */
+ Y = X;
+ X = tmp;
+ sign = -sign;
+ }
+ }
+
+ /*-
+ * The while loop (Euclid's algorithm) ends when
+ * A == gcd(a,n);
+ * we have
+ * sign*Y*a == A (mod |n|),
+ * where Y is non-negative.
+ */
+
+ if (sign < 0)
+ {
+ if (! BN_sub (Y, n, Y))
+ goto err;
+ }
+ /* Now Y*a == A (mod |n|). */
+
+ if (BN_is_one (A))
+ {
+ /* Y*a == 1 (mod |n|) */
+ if (! Y->neg && BN_ucmp (Y, n) < 0)
+ {
+ if (! BN_copy (R, Y))
goto err;
}
- ret = R;
- err:
- if ((ret == NULL) && (in == NULL))
- // BN_free(R);
- return 0;
- BN_CTX_end(ctx);
- bn_check_top(ret);
- return ret;
-}
-
-void BN_set_negative(BIGNUM *a, int b)
-{
- if (b && !BN_is_zero(a))
- a->neg = 1;
else
- a->neg = 0;
+ {
+ if (! BN_nnmod (R, Y, n, ctx))
+ goto err;
+ }
+ }
+ else
+ {
+ *pnoinv = 1;
+ goto err;
+ }
+ ret = R;
+err:
+ if ((ret == NULL) && (in == NULL))
+ // BN_free(R);
+ return 0;
+ BN_CTX_end (ctx);
+ bn_check_top (ret);
+ return ret;
}
-BIGNUM *BN_mod_inverse(BIGNUM *in,
- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
+void
+BN_set_negative (BIGNUM *a, int b)
{
- BN_CTX *new_ctx = NULL;
- BIGNUM *rv;
- int noinv = 0;
-
- if (ctx == NULL) {
- ctx = new_ctx = BN_CTX_new_ex(NULL);
- if (ctx == NULL) {
- //ERR_raise(ERR_LIB_BN, ERR_R_BN_LIB);
- assert(0);
- return NULL;
- }
- }
-
- rv = int_bn_mod_inverse(in, a, n, ctx, &noinv);
- if (noinv)
- // ERR_raise(ERR_LIB_BN, BN_R_NO_INVERSE);
- assert(0);
- return 0;
- // BN_CTX_free(new_ctx);
- return rv;
+ if (b && ! BN_is_zero (a))
+ a->neg = 1;
+ else
+ a->neg = 0;
}
-
-int BN_sub_word(BIGNUM *a, BN_ULONG w)
+BIGNUM *
+BN_mod_inverse (BIGNUM *in,
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
{
- int i;
-
- bn_check_top(a);
- w &= BN_MASK2;
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *rv;
+ int noinv = 0;
- /* degenerate case: w is zero */
- if (!w)
- return 1;
- /* degenerate case: a is zero */
- if (BN_is_zero(a)) {
- i = BN_set_word(a, w);
- if (i != 0)
- BN_set_negative(a, 1);
- return i;
- }
- /* handle 'a' when negative */
- if (a->neg) {
- a->neg = 0;
- i = BN_add_word(a, w);
- a->neg = 1;
- return i;
+ if (ctx == NULL)
+ {
+ ctx = new_ctx = BN_CTX_new_ex (NULL);
+ if (ctx == NULL)
+ {
+ // ERR_raise(ERR_LIB_BN, ERR_R_BN_LIB);
+ assert (0);
+ return NULL;
}
+ }
- if ((a->top == 1) && (a->d[0] < w)) {
- a->d[0] = w - a->d[0];
- a->neg = 1;
- return 1;
- }
- i = 0;
- for (;;) {
- if (a->d[i] >= w) {
- a->d[i] -= w;
- break;
- } else {
- a->d[i] = (a->d[i] - w) & BN_MASK2;
- i++;
- w = 1;
- }
- }
- if ((a->d[i] == 0) && (i == (a->top - 1)))
- a->top--;
- bn_check_top(a);
- return 1;
+ rv = int_bn_mod_inverse (in, a, n, ctx, &noinv);
+ if (noinv)
+ // ERR_raise(ERR_LIB_BN, BN_R_NO_INVERSE);
+ assert (0);
+ return 0;
+ // BN_CTX_free(new_ctx);
+ return rv;
}
-int BN_add_word(BIGNUM *a, BN_ULONG w)
+
+int
+BN_sub_word (BIGNUM *a, BN_ULONG w)
{
- BN_ULONG l;
- int i;
+ int i;
- bn_check_top(a);
- w &= BN_MASK2;
+ bn_check_top (a);
+ w &= BN_MASK2;
- /* degenerate case: w is zero */
- if (!w)
- return 1;
- /* degenerate case: a is zero */
- if (BN_is_zero(a))
- return BN_set_word(a, w);
- /* handle 'a' when negative */
- if (a->neg) {
- a->neg = 0;
- i = BN_sub_word(a, w);
- if (!BN_is_zero(a))
- a->neg = !(a->neg);
- return i;
- }
- for (i = 0; w != 0 && i < a->top; i++) {
- a->d[i] = l = (a->d[i] + w) & BN_MASK2;
- w = (w > l) ? 1 : 0;
+ /* degenerate case: w is zero */
+ if (! w)
+ return 1;
+ /* degenerate case: a is zero */
+ if (BN_is_zero (a))
+ {
+ i = BN_set_word (a, w);
+ if (i != 0)
+ BN_set_negative (a, 1);
+ return i;
+ }
+ /* handle 'a' when negative */
+ if (a->neg)
+ {
+ a->neg = 0;
+ i = BN_add_word (a, w);
+ a->neg = 1;
+ return i;
+ }
+
+ if ((a->top == 1) && (a->d[0] < w))
+ {
+ a->d[0] = w - a->d[0];
+ a->neg = 1;
+ return 1;
+ }
+ i = 0;
+ for (;;)
+ {
+ if (a->d[i] >= w)
+ {
+ a->d[i] -= w;
+ break;
}
- if (w && i == a->top) {
- if (bn_wexpand(a, a->top + 1) == NULL)
- return 0;
- a->top++;
- a->d[i] = w;
+ else
+ {
+ a->d[i] = (a->d[i] - w) & BN_MASK2;
+ i++;
+ w = 1;
}
- bn_check_top(a);
- return 1;
+ }
+ if ((a->d[i] == 0) && (i == (a->top - 1)))
+ a->top--;
+ bn_check_top (a);
+ return 1;
}
-
-int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
+int
+BN_add_word (BIGNUM *a, BN_ULONG w)
{
- int i, ret = 0;
- BIGNUM *Ri, *R;
+ BN_ULONG l;
+ int i;
- if (BN_is_zero(mod))
- return 0;
+ bn_check_top (a);
+ w &= BN_MASK2;
- BN_CTX_start(ctx);
- if ((Ri = BN_CTX_get(ctx)) == NULL)
- goto err;
- R = &(mont->RR); /* grab RR as a temp */
- if (!BN_copy(&(mont->N), mod))
- goto err; /* Set N */
- if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
- BN_set_flags(&(mont->N), BN_FLG_CONSTTIME);
- mont->N.neg = 0;
+ /* degenerate case: w is zero */
+ if (! w)
+ return 1;
+ /* degenerate case: a is zero */
+ if (BN_is_zero (a))
+ return BN_set_word (a, w);
+ /* handle 'a' when negative */
+ if (a->neg)
+ {
+ a->neg = 0;
+ i = BN_sub_word (a, w);
+ if (! BN_is_zero (a))
+ a->neg = ! (a->neg);
+ return i;
+ }
+ for (i = 0; w != 0 && i < a->top; i++)
+ {
+ a->d[i] = l = (a->d[i] + w) & BN_MASK2;
+ w = (w > l) ? 1 : 0;
+ }
+ if (w && i == a->top)
+ {
+ if (bn_wexpand (a, a->top + 1) == NULL)
+ return 0;
+ a->top++;
+ a->d[i] = w;
+ }
+ bn_check_top (a);
+ return 1;
+}
+
+
+int
+BN_MONT_CTX_set (BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
+{
+ int i, ret = 0;
+ BIGNUM *Ri, *R;
+
+ if (BN_is_zero (mod))
+ return 0;
+
+ BN_CTX_start (ctx);
+ if ((Ri = BN_CTX_get (ctx)) == NULL)
+ goto err;
+ R = &(mont->RR); /* grab RR as a temp */
+ if (! BN_copy (&(mont->N), mod))
+ goto err; /* Set N */
+ if (BN_get_flags (mod, BN_FLG_CONSTTIME) != 0)
+ BN_set_flags (&(mont->N), BN_FLG_CONSTTIME);
+ mont->N.neg = 0;
#ifdef MONT_WORD
- {
- BIGNUM tmod;
- BN_ULONG buf[2];
+ {
+ BIGNUM tmod;
+ BN_ULONG buf[2];
- bn_init(&tmod);
- tmod.d = buf;
- tmod.dmax = 2;
- tmod.neg = 0;
+ bn_init (&tmod);
+ tmod.d = buf;
+ tmod.dmax = 2;
+ tmod.neg = 0;
- if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
- BN_set_flags(&tmod, BN_FLG_CONSTTIME);
+ if (BN_get_flags (mod, BN_FLG_CONSTTIME) != 0)
+ BN_set_flags (&tmod, BN_FLG_CONSTTIME);
- mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
+ mont->ri = (BN_num_bits (mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
# if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
- /*
- * Only certain BN_BITS2<=32 platforms actually make use of n0[1],
- * and we could use the #else case (with a shorter R value) for the
- * others. However, currently only the assembler files do know which
- * is which.
- */
-
- BN_zero(R);
- if (!(BN_set_bit(R, 2 * BN_BITS2)))
- goto err;
+ /*
+ * Only certain BN_BITS2<=32 platforms actually make use of n0[1],
+ * and we could use the #else case (with a shorter R value) for the
+ * others. However, currently only the assembler files do know which
+ * is which.
+ */
- tmod.top = 0;
- if ((buf[0] = mod->d[0]))
- tmod.top = 1;
- if ((buf[1] = mod->top > 1 ? mod->d[1] : 0))
- tmod.top = 2;
+ BN_zero (R);
+ if (! (BN_set_bit (R, 2 * BN_BITS2)))
+ goto err;
+
+ tmod.top = 0;
+ if ((buf[0] = mod->d[0]))
+ tmod.top = 1;
+ if ((buf[1] = mod->top > 1 ? mod->d[1] : 0))
+ tmod.top = 2;
+
+ if (BN_is_one (&tmod))
+ BN_zero (Ri);
+ else if ((BN_mod_inverse (Ri, R, &tmod, ctx)) == NULL)
+ goto err;
+ if (! BN_lshift (Ri, Ri, 2 * BN_BITS2))
+ goto err; /* R*Ri */
+ if (! BN_is_zero (Ri))
+ {
+ if (! BN_sub_word (Ri, 1))
+ goto err;
+ }
+ else /* if N mod word size == 1 */
- if (BN_is_one(&tmod))
- BN_zero(Ri);
- else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
- goto err;
- if (!BN_lshift(Ri, Ri, 2 * BN_BITS2))
- goto err; /* R*Ri */
- if (!BN_is_zero(Ri)) {
- if (!BN_sub_word(Ri, 1))
- goto err;
- } else { /* if N mod word size == 1 */
-
- if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL)
- goto err;
- /* Ri-- (mod double word size) */
- Ri->neg = 0;
- Ri->d[0] = BN_MASK2;
- Ri->d[1] = BN_MASK2;
- Ri->top = 2;
- }
- if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
- goto err;
- /*
- * Ni = (R*Ri-1)/N, keep only couple of least significant words:
- */
- mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
- mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
+ {
+ if (bn_expand (Ri, (int) sizeof(BN_ULONG) * 2) == NULL)
+ goto err;
+ /* Ri-- (mod double word size) */
+ Ri->neg = 0;
+ Ri->d[0] = BN_MASK2;
+ Ri->d[1] = BN_MASK2;
+ Ri->top = 2;
+ }
+ if (! BN_div (Ri, NULL, Ri, &tmod, ctx))
+ goto err;
+ /*
+ * Ni = (R*Ri-1)/N, keep only couple of least significant words:
+ */
+ mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
+ mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
# else
- BN_zero(R);
- if (!(BN_set_bit(R, BN_BITS2)))
- goto err; /* R */
-
- buf[0] = mod->d[0]; /* tmod = N mod word size */
- buf[1] = 0;
- tmod.top = buf[0] != 0 ? 1 : 0;
- /* Ri = R^-1 mod N */
- if (BN_is_one(&tmod))
- BN_zero(Ri);
- else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
- goto err;
- if (!BN_lshift(Ri, Ri, BN_BITS2))
- goto err; /* R*Ri */
- if (!BN_is_zero(Ri)) {
- if (!BN_sub_word(Ri, 1))
- goto err;
- } else { /* if N mod word size == 1 */
-
- if (!BN_set_word(Ri, BN_MASK2))
- goto err; /* Ri-- (mod word size) */
- }
- if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
- goto err;
- /*
- * Ni = (R*Ri-1)/N, keep only least significant word:
- */
- mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
- mont->n0[1] = 0;
-# endif
+ BN_zero (R);
+ if (! (BN_set_bit (R, BN_BITS2)))
+ goto err; /* R */
+
+ buf[0] = mod->d[0]; /* tmod = N mod word size */
+ buf[1] = 0;
+ tmod.top = buf[0] != 0 ? 1 : 0;
+ /* Ri = R^-1 mod N */
+ if (BN_is_one (&tmod))
+ BN_zero (Ri);
+ else if ((BN_mod_inverse (Ri, R, &tmod, ctx)) == NULL)
+ goto err;
+ if (! BN_lshift (Ri, Ri, BN_BITS2))
+ goto err; /* R*Ri */
+ if (! BN_is_zero (Ri))
+ {
+ if (! BN_sub_word (Ri, 1))
+ goto err;
}
-#else /* !MONT_WORD */
- { /* bignum version */
- mont->ri = BN_num_bits(&mont->N);
- BN_zero(R);
- if (!BN_set_bit(R, mont->ri))
- goto err; /* R = 2^ri */
- /* Ri = R^-1 mod N */
- if ((BN_mod_inverse(Ri, R, &mont->N, ctx)) == NULL)
- goto err;
- if (!BN_lshift(Ri, Ri, mont->ri))
- goto err; /* R*Ri */
- if (!BN_sub_word(Ri, 1))
- goto err;
- /*
- * Ni = (R*Ri-1) / N
- */
- if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx))
- goto err;
+ else /* if N mod word size == 1 */
+
+ {
+ if (! BN_set_word (Ri, BN_MASK2))
+ goto err; /* Ri-- (mod word size) */
}
+ if (! BN_div (Ri, NULL, Ri, &tmod, ctx))
+ goto err;
+ /*
+ * Ni = (R*Ri-1)/N, keep only least significant word:
+ */
+ mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
+ mont->n0[1] = 0;
+# endif
+ }
+#else /* !MONT_WORD */
+ { /* bignum version */
+ mont->ri = BN_num_bits (&mont->N);
+ BN_zero (R);
+ if (! BN_set_bit (R, mont->ri))
+ goto err; /* R = 2^ri */
+ /* Ri = R^-1 mod N */
+ if ((BN_mod_inverse (Ri, R, &mont->N, ctx)) == NULL)
+ goto err;
+ if (! BN_lshift (Ri, Ri, mont->ri))
+ goto err; /* R*Ri */
+ if (! BN_sub_word (Ri, 1))
+ goto err;
+ /*
+ * Ni = (R*Ri-1) / N
+ */
+ if (! BN_div (&(mont->Ni), NULL, Ri, &mont->N, ctx))
+ goto err;
+ }
#endif
- /* setup RR for conversions */
- BN_zero(&(mont->RR));
- if (!BN_set_bit(&(mont->RR), mont->ri * 2))
- goto err;
- if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
- goto err;
+ /* setup RR for conversions */
+ BN_zero (&(mont->RR));
+ if (! BN_set_bit (&(mont->RR), mont->ri * 2))
+ goto err;
+ if (! BN_mod (&(mont->RR), &(mont->RR), &(mont->N), ctx))
+ goto err;
- for (i = mont->RR.top, ret = mont->N.top; i < ret; i++)
- mont->RR.d[i] = 0;
- mont->RR.top = ret;
- mont->RR.flags |= BN_FLG_FIXED_TOP;
+ for (i = mont->RR.top, ret = mont->N.top; i < ret; i++)
+ mont->RR.d[i] = 0;
+ mont->RR.top = ret;
+ mont->RR.flags |= BN_FLG_FIXED_TOP;
- ret = 1;
- err:
- BN_CTX_end(ctx);
- return ret;
+ ret = 1;
+err:
+ BN_CTX_end (ctx);
+ return ret;
}
-
// FINALLYYYYYYY
-int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+int
+BN_mod_exp_mont (BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
- int i, j, bits, ret = 0, wstart, wend, window;
- int start = 1;
- BIGNUM *d, *r;
- const BIGNUM *aa;
- /* Table of variables obtained from 'ctx' */
- BIGNUM *val[TABLE_SIZE];
- BN_MONT_CTX *mont = NULL;
+ int i, j, bits, ret = 0, wstart, wend, window;
+ int start = 1;
+ BIGNUM *d, *r;
+ const BIGNUM *aa;
+ /* Table of variables obtained from 'ctx' */
+ BIGNUM *val[TABLE_SIZE];
+ BN_MONT_CTX *mont = NULL;
- bn_check_top(a);
- bn_check_top(p);
- bn_check_top(m);
+ bn_check_top (a);
+ bn_check_top (p);
+ bn_check_top (m);
- if (!BN_is_odd(m)) {
- // ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS);
- assert(0);
- return 0;
- }
+ if (! BN_is_odd (m))
+ {
+ // ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS);
+ assert (0);
+ return 0;
+ }
-
- /*
- if (m->top <= BN_CONSTTIME_SIZE_LIMIT
- && (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
- || BN_get_flags(a, BN_FLG_CONSTTIME) != 0
- || BN_get_flags(m, BN_FLG_CONSTTIME) != 0)) {
- return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
- }
+
+ /*
+ if (m->top <= BN_CONSTTIME_SIZE_LIMIT
+ && (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
+ || BN_get_flags(a, BN_FLG_CONSTTIME) != 0
+ || BN_get_flags(m, BN_FLG_CONSTTIME) != 0)) {
+ return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
+ }
*/
- bits = BN_num_bits(p);
- if (bits == 0) {
- /* x**0 mod 1, or x**0 mod -1 is still zero. */
- if (BN_abs_is_word(m, 1)) {
- ret = 1;
- BN_zero(rr);
- } else {
- ret = BN_one(rr);
- }
- return ret;
+ bits = BN_num_bits (p);
+ if (bits == 0)
+ {
+ /* x**0 mod 1, or x**0 mod -1 is still zero. */
+ if (BN_abs_is_word (m, 1))
+ {
+ ret = 1;
+ BN_zero (rr);
}
-
- BN_CTX_start(ctx);
- d = BN_CTX_get(ctx);
- r = BN_CTX_get(ctx);
- val[0] = BN_CTX_get(ctx);
- if (val[0] == NULL)
- goto err;
-
- /*
- * If this is not done, things will break in the montgomery part
- */
-
- if (in_mont != NULL)
- mont = in_mont;
- else {
- if ((mont = BN_MONT_CTX_new()) == NULL)
- goto err;
- if (!BN_MONT_CTX_set(mont, m, ctx))
- goto err;
+ else
+ {
+ ret = BN_one (rr);
}
-
- if (a->neg || BN_ucmp(a, m) >= 0) {
- if (!BN_nnmod(val[0], a, m, ctx))
- goto err;
- aa = val[0];
- } else
- aa = a;
- if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx))
- goto err; /* 1 */
-
- window = BN_window_bits_for_exponent_size(bits);
- if (window > 1) {
- if (!bn_mul_mont_fixed_top(d, val[0], val[0], mont, ctx))
- goto err; /* 2 */
- j = 1 << (window - 1);
- for (i = 1; i < j; i++) {
- if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
- !bn_mul_mont_fixed_top(val[i], val[i - 1], d, mont, ctx))
- goto err;
- }
+ return ret;
+ }
+
+ BN_CTX_start (ctx);
+ d = BN_CTX_get (ctx);
+ r = BN_CTX_get (ctx);
+ val[0] = BN_CTX_get (ctx);
+ if (val[0] == NULL)
+ goto err;
+
+ /*
+ * If this is not done, things will break in the montgomery part
+ */
+
+ if (in_mont != NULL)
+ mont = in_mont;
+ else
+ {
+ if ((mont = BN_MONT_CTX_new ()) == NULL)
+ goto err;
+ if (! BN_MONT_CTX_set (mont, m, ctx))
+ goto err;
+ }
+
+ if (a->neg || BN_ucmp (a, m) >= 0)
+ {
+ if (! BN_nnmod (val[0], a, m, ctx))
+ goto err;
+ aa = val[0];
+ }
+ else
+ aa = a;
+ if (! bn_to_mont_fixed_top (val[0], aa, mont, ctx))
+ goto err; /* 1 */
+
+ window = BN_window_bits_for_exponent_size (bits);
+ if (window > 1)
+ {
+ if (! bn_mul_mont_fixed_top (d, val[0], val[0], mont, ctx))
+ goto err; /* 2 */
+ j = 1 << (window - 1);
+ for (i = 1; i < j; i++)
+ {
+ if (((val[i] = BN_CTX_get (ctx)) == NULL) ||
+ ! bn_mul_mont_fixed_top (val[i], val[i - 1], d, mont, ctx))
+ goto err;
}
+ }
- start = 1; /* This is used to avoid multiplication etc
+ start = 1; /* This is used to avoid multiplication etc
* when there is only the value '1' in the
* buffer. */
- wstart = bits - 1; /* The top bit of the window */
- wend = 0; /* The bottom bit of the window */
+ wstart = bits - 1; /* The top bit of the window */
+ wend = 0; /* The bottom bit of the window */
#if 1 /* by Shay Gueron's suggestion */
- j = m->top; /* borrow j */
- if (m->d[j - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) {
- if (bn_wexpand(r, j) == NULL)
- goto err;
- /* 2^(top*BN_BITS2) - m */
- r->d[0] = (0 - m->d[0]) & BN_MASK2;
- for (i = 1; i < j; i++)
- r->d[i] = (~m->d[i]) & BN_MASK2;
- r->top = j;
- r->flags |= BN_FLG_FIXED_TOP;
- } else
+ j = m->top; /* borrow j */
+ if (m->d[j - 1] & (((BN_ULONG) 1) << (BN_BITS2 - 1)))
+ {
+ if (bn_wexpand (r, j) == NULL)
+ goto err;
+ /* 2^(top*BN_BITS2) - m */
+ r->d[0] = (0 - m->d[0]) & BN_MASK2;
+ for (i = 1; i < j; i++)
+ r->d[i] = (~m->d[i]) & BN_MASK2;
+ r->top = j;
+ r->flags |= BN_FLG_FIXED_TOP;
+ }
+ else
#endif
- if (!bn_to_mont_fixed_top(r, BN_value_one(), mont, ctx))
- goto err;
- for (;;) {
- int wvalue; /* The 'value' of the window */
-
- if (BN_is_bit_set(p, wstart) == 0) {
- if (!start) {
- if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx))
- goto err;
- }
- if (wstart == 0)
- break;
- wstart--;
- continue;
- }
- /*
- * We now have wstart on a 'set' bit, we now need to work out how bit
- * a window to do. To do this we need to scan forward until the last
- * set bit before the end of the window
- */
- wvalue = 1;
- wend = 0;
- for (i = 1; i < window; i++) {
- if (wstart - i < 0)
- break;
- if (BN_is_bit_set(p, wstart - i)) {
- wvalue <<= (i - wend);
- wvalue |= 1;
- wend = i;
- }
- }
+ if (! bn_to_mont_fixed_top (r, BN_value_one (), mont, ctx))
+ goto err;
+ for (;;)
+ {
+ int wvalue; /* The 'value' of the window */
- /* wend is the size of the current window */
- j = wend + 1;
- /* add the 'bytes above' */
- if (!start)
- for (i = 0; i < j; i++) {
- if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx))
- goto err;
- }
-
- /* wvalue will be an odd number < 2^window */
- if (!bn_mul_mont_fixed_top(r, r, val[wvalue >> 1], mont, ctx))
- goto err;
-
- /* move the 'window' down further */
- wstart -= wend + 1;
- start = 0;
- if (wstart < 0)
- break;
+ if (BN_is_bit_set (p, wstart) == 0)
+ {
+ if (! start)
+ {
+ if (! bn_mul_mont_fixed_top (r, r, r, mont, ctx))
+ goto err;
+ }
+ if (wstart == 0)
+ break;
+ wstart--;
+ continue;
}
/*
- * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery
- * removes padding [if any] and makes return value suitable for public
- * API consumer.
+ * We now have wstart on a 'set' bit, we now need to work out how bit
+ * a window to do. To do this we need to scan forward until the last
+ * set bit before the end of the window
*/
+ wvalue = 1;
+ wend = 0;
+ for (i = 1; i < window; i++)
+ {
+ if (wstart - i < 0)
+ break;
+ if (BN_is_bit_set (p, wstart - i))
+ {
+ wvalue <<= (i - wend);
+ wvalue |= 1;
+ wend = i;
+ }
+ }
+
+ /* wend is the size of the current window */
+ j = wend + 1;
+ /* add the 'bytes above' */
+ if (! start)
+ for (i = 0; i < j; i++)
+ {
+ if (! bn_mul_mont_fixed_top (r, r, r, mont, ctx))
+ goto err;
+ }
+
+ /* wvalue will be an odd number < 2^window */
+ if (! bn_mul_mont_fixed_top (r, r, val[wvalue >> 1], mont, ctx))
+ goto err;
+
+ /* move the 'window' down further */
+ wstart -= wend + 1;
+ start = 0;
+ if (wstart < 0)
+ break;
+ }
+ /*
+ * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery
+ * removes padding [if any] and makes return value suitable for public
+ * API consumer.
+ */
#if defined(SPARC_T4_MONT)
- if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
- j = mont->N.top; /* borrow j */
- val[0]->d[0] = 1; /* borrow val[0] */
- for (i = 1; i < j; i++)
- val[0]->d[i] = 0;
- val[0]->top = j;
- if (!BN_mod_mul_montgomery(rr, r, val[0], mont, ctx))
- goto err;
- } else
+ if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU))
+ {
+ j = mont->N.top; /* borrow j */
+ val[0]->d[0] = 1; /* borrow val[0] */
+ for (i = 1; i < j; i++)
+ val[0]->d[i] = 0;
+ val[0]->top = j;
+ if (! BN_mod_mul_montgomery (rr, r, val[0], mont, ctx))
+ goto err;
+ }
+ else
#endif
- if (!BN_from_montgomery(rr, r, mont, ctx))
- goto err;
- ret = 1;
- err:
- if (in_mont == NULL)
- // BN_MONT_CTX_free(mont);
- return 0;
- BN_CTX_end(ctx);
- bn_check_top(rr);
- return ret;
+ if (! BN_from_montgomery (rr, r, mont, ctx))
+ goto err;
+ ret = 1;
+err:
+ if (in_mont == NULL)
+ // BN_MONT_CTX_free(mont);
+ return 0;
+ BN_CTX_end (ctx);
+ bn_check_top (rr);
+ return ret;
}
-int ossl_ctype_check(int c, unsigned int mask)
-{
- const int max = sizeof(ctype_char_map) / sizeof(*ctype_char_map);
- const int a = ossl_toascii(c);
-
- return a >= 0 && a < max && (ctype_char_map[a] & mask) != 0;
-}
-int OPENSSL_hexchar2int(unsigned char c)
+int
+ossl_ctype_check (int c, unsigned int mask)
{
-#ifdef CHARSET_EBCDIC
- c = os_toebcdic[c];
-#endif
+ const int max = sizeof(ctype_char_map) / sizeof(*ctype_char_map);
+ const int a = ossl_toascii (c);
- switch (c) {
- case '0':
- return 0;
- case '1':
- return 1;
- case '2':
- return 2;
- case '3':
- return 3;
- case '4':
- return 4;
- case '5':
- return 5;
- case '6':
- return 6;
- case '7':
- return 7;
- case '8':
- return 8;
- case '9':
- return 9;
- case 'a': case 'A':
- return 0x0A;
- case 'b': case 'B':
- return 0x0B;
- case 'c': case 'C':
- return 0x0C;
- case 'd': case 'D':
- return 0x0D;
- case 'e': case 'E':
- return 0x0E;
- case 'f': case 'F':
- return 0x0F;
- }
- return -1;
+ return a >= 0 && a < max && (ctype_char_map[a] & mask) != 0;
}
-int BN_hex2bn(BIGNUM **bn, const char *a)
+int
+OPENSSL_hexchar2int (unsigned char c)
{
- BIGNUM *ret = NULL;
- BN_ULONG l = 0;
- int neg = 0, h, m, i, j, k, c;
- int num;
+#ifdef CHARSET_EBCDIC
+ c = os_toebcdic[c];
+#endif
- if (a == NULL || *a == '\0')
- return 0;
+ switch (c)
+ {
+ case '0':
+ return 0;
+ case '1':
+ return 1;
+ case '2':
+ return 2;
+ case '3':
+ return 3;
+ case '4':
+ return 4;
+ case '5':
+ return 5;
+ case '6':
+ return 6;
+ case '7':
+ return 7;
+ case '8':
+ return 8;
+ case '9':
+ return 9;
+ case 'a': case 'A':
+ return 0x0A;
+ case 'b': case 'B':
+ return 0x0B;
+ case 'c': case 'C':
+ return 0x0C;
+ case 'd': case 'D':
+ return 0x0D;
+ case 'e': case 'E':
+ return 0x0E;
+ case 'f': case 'F':
+ return 0x0F;
+ }
+ return -1;
+}
+
+
+int
+BN_hex2bn (BIGNUM **bn, const char *a)
+{
+ BIGNUM *ret = NULL;
+ BN_ULONG l = 0;
+ int neg = 0, h, m, i, j, k, c;
+ int num;
+
+ if (a == NULL || *a == '\0')
+ return 0;
- if (*a == '-') {
- neg = 1;
- a++;
- }
+ if (*a == '-')
+ {
+ neg = 1;
+ a++;
+ }
- for (i = 0; i <= INT_MAX / 4 && ossl_isxdigit(a[i]); i++)
- continue;
-
- if (i == 0 || i > INT_MAX / 4)
- return 0;
-
- num = i + neg;
- if (bn == NULL)
- return num;
-
- /* a is the start of the hex digits, and it is 'i' long */
- if (*bn == NULL) {
- if ((ret = BN_new()) == NULL)
- return 0;
- } else {
- ret = *bn;
- if (BN_get_flags(ret, BN_FLG_STATIC_DATA)) {
- // ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT);
- assert(0);
- return 0;
- }
- BN_zero(ret);
- }
+ for (i = 0; i <= INT_MAX / 4 && ossl_isxdigit (a[i]); i++)
+ continue;
- /* i is the number of hex digits */
- if (bn_expand(ret, i * 4) == NULL)
- goto err;
+ if (i == 0 || i > INT_MAX / 4)
+ return 0;
- j = i; /* least significant 'hex' */
- m = 0;
- h = 0;
- while (j > 0) {
- m = (BN_BYTES * 2 <= j) ? BN_BYTES * 2 : j;
- l = 0;
- for (;;) {
- c = a[j - m];
- k = OPENSSL_hexchar2int(c);
- if (k < 0)
- k = 0; /* paranoia */
- l = (l << 4) | k;
-
- if (--m <= 0) {
- ret->d[h++] = l;
- break;
- }
- }
- j -= BN_BYTES * 2;
- }
- ret->top = h;
- bn_correct_top(ret);
-
- *bn = ret;
- bn_check_top(ret);
- /* Don't set the negative flag if it's zero. */
- if (ret->top != 0)
- ret->neg = neg;
+ num = i + neg;
+ if (bn == NULL)
return num;
- err:
- if (*bn == NULL)
- // BN_free(ret);
- return 0;
+
+ /* a is the start of the hex digits, and it is 'i' long */
+ if (*bn == NULL)
+ {
+ if ((ret = BN_new ()) == NULL)
+ return 0;
+ }
+ else
+ {
+ ret = *bn;
+ if (BN_get_flags (ret, BN_FLG_STATIC_DATA))
+ {
+ // ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT);
+ assert (0);
+ return 0;
+ }
+ BN_zero (ret);
+ }
+
+ /* i is the number of hex digits */
+ if (bn_expand (ret, i * 4) == NULL)
+ goto err;
+
+ j = i; /* least significant 'hex' */
+ m = 0;
+ h = 0;
+ while (j > 0)
+ {
+ m = (BN_BYTES * 2 <= j) ? BN_BYTES * 2 : j;
+ l = 0;
+ for (;;)
+ {
+ c = a[j - m];
+ k = OPENSSL_hexchar2int (c);
+ if (k < 0)
+ k = 0; /* paranoia */
+ l = (l << 4) | k;
+
+ if (--m <= 0)
+ {
+ ret->d[h++] = l;
+ break;
+ }
+ }
+ j -= BN_BYTES * 2;
+ }
+ ret->top = h;
+ bn_correct_top (ret);
+
+ *bn = ret;
+ bn_check_top (ret);
+ /* Don't set the negative flag if it's zero. */
+ if (ret->top != 0)
+ ret->neg = neg;
+ return num;
+err:
+ if (*bn == NULL)
+ // BN_free(ret);
return 0;
+ return 0;
}
-
// USAGE?
-//int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx)
-
-//BN_mod_exp_mont(r, a, p, m, ctx, NULL);
-
-void test(char * aa, char *pp, char *mm) {
-
- OSSL_LIB_CTX ossl; // should be initialised
-
- BN_CTX ctx = *BN_CTX_new_ex(&ossl);
-
- BIGNUM *a = BN_new();
- BIGNUM *p = BN_new();
- BIGNUM *m = BN_new();
-
- BIGNUM *r = BN_new();
-
- BN_hex2bn(&a, aa);
- BN_hex2bn(&p, pp);
- BN_hex2bn(&m, mm);
-
- BN_mod_exp_mont(r, a, p, m, &ctx, NULL);
-
- return;
-
-}
+// int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx)
+
+// BN_mod_exp_mont(r, a, p, m, ctx, NULL);
+void
+test (char *aa, char *pp, char *mm)
+{
+ OSSL_LIB_CTX ossl; // should be initialised
+
+ BN_CTX ctx = *BN_CTX_new_ex (&ossl);
+
+ BIGNUM *a = BN_new ();
+ BIGNUM *p = BN_new ();
+ BIGNUM *m = BN_new ();
+ BIGNUM *r = BN_new ();
+
+ if (0 == BN_hex2bn (&a, aa))
+ abort ();
+ if (0 == BN_hex2bn (&p, pp))
+ abort ();
+ if (0 == BN_hex2bn (&m, mm))
+ abort ();
+
+ BN_mod_exp_mont (r, a, p, m, &ctx, NULL);
+}
diff --git a/openssl/openssl-test.h b/openssl/openssl-test.h
@@ -17,7 +17,6 @@
#define BN_CTX_START_FRAMES 32
-
#define SIXTY_FOUR_BIT // on gpu that would be 32
# ifdef SIXTY_FOUR_BIT
@@ -36,23 +35,21 @@
typedef struct bignum_st BIGNUM;
-struct bignum_st {
- BN_ULONG *d; /*
+struct bignum_st
+{
+ BN_ULONG *d; /*
* Pointer to an array of 'BN_BITS2' bit
* chunks. These chunks are organised in
* a least significant chunk first order.
*/
- int top; /* Index of last used d +1. */
- /* The next are internal book keeping for bn_expand. */
- int dmax; /* Size of the d array. */
- int neg; /* one if the number is negative */
- int flags;
+ int top; /* Index of last used d +1. */
+ /* The next are internal book keeping for bn_expand. */
+ int dmax; /* Size of the d array. */
+ int neg; /* one if the number is negative */
+ int flags;
};
-
-
-
typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
typedef struct ex_callback_st EX_CALLBACK;
@@ -60,104 +57,110 @@ typedef struct ex_callback_st EX_CALLBACK;
typedef void CRYPTO_RWLOCK;
typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int idx, long argl, void *argp);
+ int idx, long argl, void *argp);
typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
int idx, long argl, void *argp);
typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
void *from_d, int idx, long argl, void *argp);
-/* __owur */ int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func);
-
+/* __owur */ int CRYPTO_get_ex_new_index (int class_index, long argl,
+ void *argp,
+ CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
typedef struct ossl_lib_ctx_st OSSL_LIB_CTX;
-
-
-struct ex_callback_st {
- long argl; /* Arbitrary long */
- void *argp; /* Arbitrary void * */
- int priority; /* Priority ordering for freeing */
- CRYPTO_EX_new *new_func;
- CRYPTO_EX_free *free_func;
- CRYPTO_EX_dup *dup_func;
+struct ex_callback_st
+{
+ long argl; /* Arbitrary long */
+ void *argp; /* Arbitrary void * */
+ int priority; /* Priority ordering for freeing */
+ CRYPTO_EX_new *new_func;
+ CRYPTO_EX_free *free_func;
+ CRYPTO_EX_dup *dup_func;
};
-typedef struct ex_callbacks_st {
+typedef struct ex_callbacks_st
+{
// STACK_OF(EX_CALLBACK) *meth;
-
- void * meth;
-} EX_CALLBACKS;
+ void *meth;
+} EX_CALLBACKS;
-typedef struct bignum_pool_item {
- /* The bignum values */
- BIGNUM vals[BN_CTX_POOL_SIZE];
- /* Linked-list admin */
- struct bignum_pool_item *prev, *next;
+typedef struct bignum_pool_item
+{
+ /* The bignum values */
+ BIGNUM vals[BN_CTX_POOL_SIZE];
+ /* Linked-list admin */
+ struct bignum_pool_item *prev, *next;
} BN_POOL_ITEM;
-typedef struct bignum_ctx_stack {
- /* Array of indexes into the bignum stack */
- unsigned int *indexes;
- /* Number of stack frames, and the size of the allocated array */
- unsigned int depth, size;
+typedef struct bignum_ctx_stack
+{
+ /* Array of indexes into the bignum stack */
+ unsigned int *indexes;
+ /* Number of stack frames, and the size of the allocated array */
+ unsigned int depth, size;
} BN_STACK;
-static void BN_STACK_init(BN_STACK *);
-static void BN_STACK_finish(BN_STACK *);
-static int BN_STACK_push(BN_STACK *, unsigned int);
-static unsigned int BN_STACK_pop(BN_STACK *);
+static void BN_STACK_init (BN_STACK *);
+
+static void BN_STACK_finish (BN_STACK *);
+static int BN_STACK_push (BN_STACK *, unsigned int);
+static unsigned int BN_STACK_pop (BN_STACK *);
-typedef struct bignum_pool {
- /* Linked-list admin */
- BN_POOL_ITEM *head, *current, *tail;
- /* Stack depth and allocation size */
- unsigned used, size;
+typedef struct bignum_pool
+{
+ /* Linked-list admin */
+ BN_POOL_ITEM *head, *current, *tail;
+ /* Stack depth and allocation size */
+ unsigned used, size;
} BN_POOL;
-static void BN_POOL_init(BN_POOL *);
-static void BN_POOL_finish(BN_POOL *);
-static BIGNUM *BN_POOL_get(BN_POOL *, int);
-static void BN_POOL_release(BN_POOL *, unsigned int);
+static void BN_POOL_init (BN_POOL *);
+static void BN_POOL_finish (BN_POOL *);
+
+static BIGNUM *BN_POOL_get (BN_POOL *, int);
+
+static void BN_POOL_release (BN_POOL *, unsigned int);
typedef struct bignum_ctx BN_CTX;
-struct bignum_ctx {
- /* The bignum bundles */
- BN_POOL pool;
- /* The "stack frames", if you will */
- BN_STACK stack;
- /* The number of bignums currently assigned */
- unsigned int used;
- /* Depth of stack overflow */
- int err_stack;
- /* Block "gets" until an "end" (compatibility behaviour) */
- int too_many;
- /* Flags. */
- int flags;
- /* The library context */
- OSSL_LIB_CTX *libctx;
+struct bignum_ctx
+{
+ /* The bignum bundles */
+ BN_POOL pool;
+ /* The "stack frames", if you will */
+ BN_STACK stack;
+ /* The number of bignums currently assigned */
+ unsigned int used;
+ /* Depth of stack overflow */
+ int err_stack;
+ /* Block "gets" until an "end" (compatibility behaviour) */
+ int too_many;
+ /* Flags. */
+ int flags;
+ /* The library context */
+ OSSL_LIB_CTX *libctx;
};
# define BN_FLG_FIXED_TOP 0
# define bn_pollute(a)
# define bn_check_top(a)
-# define bn_fix_top(a) bn_correct_top(a)
+# define bn_fix_top(a) bn_correct_top (a)
# define bn_check_size(bn, bits)
# define bn_wcheck_size(bn, words)
-
#define BN_CONSTTIME_SIZE_LIMIT (INT_MAX / BN_BYTES / 256)
#define BN_FLG_CONSTTIME 0x04
@@ -165,11 +168,11 @@ struct bignum_ctx {
# define BN_BITS2 (BN_BYTES * 8)
# define BN_BITS (BN_BITS2 * 2)
-# define BN_TBIT ((BN_ULONG)1 << (BN_BITS2 - 1))
+# define BN_TBIT ((BN_ULONG) 1 << (BN_BITS2 - 1))
# define BN_MASK2 (0xffffffffffffffffLL)
-# define BN_zero(a) (BN_set_word((a),0))
+# define BN_zero(a) (BN_set_word ((a),0))
# define ossl_inline inline
@@ -185,13 +188,11 @@ struct bignum_ctx {
#define OPENSSL_free free
-
# define OPENSSL_clear_free(addr, num) \
- CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE)
-
+ CRYPTO_clear_free (addr, num, OPENSSL_FILE, OPENSSL_LINE)
-# define BN_one(a) (BN_set_word((a),1))
+# define BN_one(a) (BN_set_word ((a),1))
# define BN_FLG_MALLOCED 0x01
# define BN_FLG_STATIC_DATA 0x02
@@ -201,102 +202,103 @@ struct bignum_ctx {
# define BN_MASK2h1 (0xffff8000L)
# define BN_MASK2h (0xffff0000L)
-# define LBITS(a) ((a)&BN_MASK2l)
-# define HBITS(a) (((a)>>BN_BITS4)&BN_MASK2l)
-# define L2HBITS(a) (((a)<<BN_BITS4)&BN_MASK2)
+# define LBITS(a) ((a) & BN_MASK2l)
+# define HBITS(a) (((a) >> BN_BITS4) & BN_MASK2l)
+# define L2HBITS(a) (((a) << BN_BITS4) & BN_MASK2)
-# define LLBITS(a) ((a)&BN_MASKl)
-# define LHBITS(a) (((a)>>BN_BITS2)&BN_MASKl)
-# define LL2HBITS(a) ((BN_ULLONG)((a)&BN_MASKl)<<BN_BITS2)
+# define LLBITS(a) ((a) & BN_MASKl)
+# define LHBITS(a) (((a) >> BN_BITS2) & BN_MASKl)
+# define LL2HBITS(a) ((BN_ULLONG) ((a) & BN_MASKl) << BN_BITS2)
# define mul64(l,h,bl,bh) \
- { \
- BN_ULONG m,m1,lt,ht; \
+ { \
+ BN_ULONG m,m1,lt,ht; \
\
- lt=l; \
- ht=h; \
- m =(bh)*(lt); \
- lt=(bl)*(lt); \
- m1=(bl)*(ht); \
- ht =(bh)*(ht); \
- m=(m+m1)&BN_MASK2; ht += L2HBITS((BN_ULONG)(m < m1)); \
- ht+=HBITS(m); \
- m1=L2HBITS(m); \
- lt=(lt+m1)&BN_MASK2; ht += (lt < m1); \
- (l)=lt; \
- (h)=ht; \
- }
+ lt = l; \
+ ht = h; \
+ m = (bh) * (lt); \
+ lt = (bl) * (lt); \
+ m1 = (bl) * (ht); \
+ ht = (bh) * (ht); \
+ m = (m + m1) & BN_MASK2; ht += L2HBITS ((BN_ULONG) (m < m1)); \
+ ht += HBITS (m); \
+ m1 = L2HBITS (m); \
+ lt = (lt + m1) & BN_MASK2; ht += (lt < m1); \
+ (l) = lt; \
+ (h) = ht; \
+ }
# define mul(r,a,bl,bh,c) { \
- BN_ULONG l,h; \
+ BN_ULONG l,h; \
\
- h= (a); \
- l=LBITS(h); \
- h=HBITS(h); \
- mul64(l,h,(bl),(bh)); \
+ h = (a); \
+ l = LBITS (h); \
+ h = HBITS (h); \
+ mul64 (l,h,(bl),(bh)); \
\
- /* non-multiply part */ \
- l+=(c); h += ((l&BN_MASK2) < (c)); \
- (c)=h&BN_MASK2; \
- (r)=l&BN_MASK2; \
- }
+ /* non-multiply part */ \
+ l += (c); h += ((l & BN_MASK2) < (c)); \
+ (c) = h & BN_MASK2; \
+ (r) = l & BN_MASK2; \
+}
# define mul_add(r,a,bl,bh,c) { \
- BN_ULONG l,h; \
+ BN_ULONG l,h; \
\
- h= (a); \
- l=LBITS(h); \
- h=HBITS(h); \
- mul64(l,h,(bl),(bh)); \
+ h = (a); \
+ l = LBITS (h); \
+ h = HBITS (h); \
+ mul64 (l,h,(bl),(bh)); \
\
- /* non-multiply part */ \
- l=(l+(c))&BN_MASK2; h += (l < (c)); \
- (c)=(r); \
- l=(l+(c))&BN_MASK2; h += (l < (c)); \
- (c)=h&BN_MASK2; \
- (r)=l; \
- }
+ /* non-multiply part */ \
+ l = (l + (c)) & BN_MASK2; h += (l < (c)); \
+ (c) = (r); \
+ l = (l + (c)) & BN_MASK2; h += (l < (c)); \
+ (c) = h & BN_MASK2; \
+ (r) = l; \
+}
# define sqr64(lo,ho,in) \
- { \
- BN_ULONG l,h,m; \
+ { \
+ BN_ULONG l,h,m; \
\
- h=(in); \
- l=LBITS(h); \
- h=HBITS(h); \
- m =(l)*(h); \
- l*=l; \
- h*=h; \
- h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
- m =(m&BN_MASK2l)<<(BN_BITS4+1); \
- l=(l+m)&BN_MASK2; h += (l < m); \
- (lo)=l; \
- (ho)=h; \
- }
+ h = (in); \
+ l = LBITS (h); \
+ h = HBITS (h); \
+ m = (l) * (h); \
+ l *= l; \
+ h *= h; \
+ h += (m & BN_MASK2h1) >> (BN_BITS4 - 1); \
+ m = (m & BN_MASK2l) << (BN_BITS4 + 1); \
+ l = (l + m) & BN_MASK2; h += (l < m); \
+ (lo) = l; \
+ (ho) = h; \
+ }
# define BN_window_bits_for_exponent_size(b) \
- ((b) > 671 ? 6 : \
- (b) > 239 ? 5 : \
- (b) > 79 ? 4 : \
- (b) > 23 ? 3 : 1)
+ ((b) > 671 ? 6 : \
+ (b) > 239 ? 5 : \
+ (b) > 79 ? 4 : \
+ (b) > 23 ? 3 : 1)
-int BN_add_word(BIGNUM *a, BN_ULONG w);
-int BN_sub_word(BIGNUM *a, BN_ULONG w);
+int BN_add_word (BIGNUM *a, BN_ULONG w);
+
+int BN_sub_word (BIGNUM *a, BN_ULONG w);
# define ossl_toascii(c) (c)
-# define ossl_isxdigit(c) (ossl_ctype_check((c), CTYPE_MASK_xdigit))
+# define ossl_isxdigit(c) (ossl_ctype_check ((c), CTYPE_MASK_xdigit))
/* maximum precomputation table size for *variable* sliding windows */
#define TABLE_SIZE 32
-# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
+# define BN_mod(rem,m,d,ctx) BN_div (NULL,(rem),(m),(d),(ctx))
-int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
- BN_CTX *ctx);
+int BN_div (BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+ BN_CTX *ctx);
# define CTYPE_MASK_lower 0x1
# define CTYPE_MASK_upper 0x2
@@ -312,220 +314,218 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
# define CTYPE_MASK_asn1print 0x800
static const unsigned short ctype_char_map[128] = {
- /* 00 nul */ CTYPE_MASK_cntrl,
- /* 01 soh */ CTYPE_MASK_cntrl,
- /* 02 stx */ CTYPE_MASK_cntrl,
- /* 03 etx */ CTYPE_MASK_cntrl,
- /* 04 eot */ CTYPE_MASK_cntrl,
- /* 05 enq */ CTYPE_MASK_cntrl,
- /* 06 ack */ CTYPE_MASK_cntrl,
- /* 07 \a */ CTYPE_MASK_cntrl,
- /* 08 \b */ CTYPE_MASK_cntrl,
- /* 09 \t */ CTYPE_MASK_blank | CTYPE_MASK_cntrl | CTYPE_MASK_space,
- /* 0A \n */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
- /* 0B \v */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
- /* 0C \f */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
- /* 0D \r */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
- /* 0E so */ CTYPE_MASK_cntrl,
- /* 0F si */ CTYPE_MASK_cntrl,
- /* 10 dle */ CTYPE_MASK_cntrl,
- /* 11 dc1 */ CTYPE_MASK_cntrl,
- /* 12 dc2 */ CTYPE_MASK_cntrl,
- /* 13 dc3 */ CTYPE_MASK_cntrl,
- /* 14 dc4 */ CTYPE_MASK_cntrl,
- /* 15 nak */ CTYPE_MASK_cntrl,
- /* 16 syn */ CTYPE_MASK_cntrl,
- /* 17 etb */ CTYPE_MASK_cntrl,
- /* 18 can */ CTYPE_MASK_cntrl,
- /* 19 em */ CTYPE_MASK_cntrl,
- /* 1A sub */ CTYPE_MASK_cntrl,
- /* 1B esc */ CTYPE_MASK_cntrl,
- /* 1C fs */ CTYPE_MASK_cntrl,
- /* 1D gs */ CTYPE_MASK_cntrl,
- /* 1E rs */ CTYPE_MASK_cntrl,
- /* 1F us */ CTYPE_MASK_cntrl,
- /* 20 */ CTYPE_MASK_blank | CTYPE_MASK_print | CTYPE_MASK_space
- | CTYPE_MASK_asn1print,
- /* 21 ! */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 22 " */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 23 # */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 24 $ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 25 % */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 26 & */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 27 ' */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
- | CTYPE_MASK_asn1print,
- /* 28 ( */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
- | CTYPE_MASK_asn1print,
- /* 29 ) */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
- | CTYPE_MASK_asn1print,
- /* 2A * */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 2B + */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 2C , */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
- | CTYPE_MASK_asn1print,
- /* 2D - */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
- | CTYPE_MASK_asn1print,
- /* 2E . */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
- | CTYPE_MASK_asn1print,
- /* 2F / */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 30 0 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 31 1 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 32 2 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 33 3 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 34 4 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 35 5 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 36 6 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 37 7 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 38 8 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 39 9 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 3A : */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
- | CTYPE_MASK_asn1print,
- /* 3B ; */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 3C < */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 3D = */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 3E > */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 3F ? */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
- | CTYPE_MASK_asn1print,
- /* 40 @ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 41 A */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 42 B */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 43 C */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 44 D */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 45 E */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 46 F */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 47 G */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 48 H */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 49 I */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 4A J */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 4B K */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 4C L */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 4D M */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 4E N */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 4F O */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 50 P */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 51 Q */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 52 R */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 53 S */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 54 T */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 55 U */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 56 V */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 57 W */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 58 X */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 59 Y */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 5A Z */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 5B [ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 5C \ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 5D ] */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 5E ^ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 5F _ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 60 ` */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 61 a */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 62 b */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 63 c */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 64 d */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 65 e */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 66 f */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 67 g */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 68 h */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 69 i */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 6A j */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 6B k */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 6C l */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 6D m */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 6E n */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 6F o */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 70 p */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 71 q */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 72 r */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 73 s */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 74 t */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 75 u */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 76 v */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 77 w */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 78 x */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 79 y */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 7A z */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
- | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
- /* 7B { */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 7C | */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 7D } */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 7E ~ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
- /* 7F del */ CTYPE_MASK_cntrl
+ /* 00 nul */ CTYPE_MASK_cntrl,
+ /* 01 soh */ CTYPE_MASK_cntrl,
+ /* 02 stx */ CTYPE_MASK_cntrl,
+ /* 03 etx */ CTYPE_MASK_cntrl,
+ /* 04 eot */ CTYPE_MASK_cntrl,
+ /* 05 enq */ CTYPE_MASK_cntrl,
+ /* 06 ack */ CTYPE_MASK_cntrl,
+ /* 07 \a */ CTYPE_MASK_cntrl,
+ /* 08 \b */ CTYPE_MASK_cntrl,
+ /* 09 \t */ CTYPE_MASK_blank | CTYPE_MASK_cntrl | CTYPE_MASK_space,
+ /* 0A \n */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+ /* 0B \v */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+ /* 0C \f */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+ /* 0D \r */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+ /* 0E so */ CTYPE_MASK_cntrl,
+ /* 0F si */ CTYPE_MASK_cntrl,
+ /* 10 dle */ CTYPE_MASK_cntrl,
+ /* 11 dc1 */ CTYPE_MASK_cntrl,
+ /* 12 dc2 */ CTYPE_MASK_cntrl,
+ /* 13 dc3 */ CTYPE_MASK_cntrl,
+ /* 14 dc4 */ CTYPE_MASK_cntrl,
+ /* 15 nak */ CTYPE_MASK_cntrl,
+ /* 16 syn */ CTYPE_MASK_cntrl,
+ /* 17 etb */ CTYPE_MASK_cntrl,
+ /* 18 can */ CTYPE_MASK_cntrl,
+ /* 19 em */ CTYPE_MASK_cntrl,
+ /* 1A sub */ CTYPE_MASK_cntrl,
+ /* 1B esc */ CTYPE_MASK_cntrl,
+ /* 1C fs */ CTYPE_MASK_cntrl,
+ /* 1D gs */ CTYPE_MASK_cntrl,
+ /* 1E rs */ CTYPE_MASK_cntrl,
+ /* 1F us */ CTYPE_MASK_cntrl,
+ /* 20 */ CTYPE_MASK_blank | CTYPE_MASK_print | CTYPE_MASK_space
+ | CTYPE_MASK_asn1print,
+ /* 21 ! */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 22 " */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 23 # */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 24 $ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 25 % */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 26 & */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 27 ' */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+ | CTYPE_MASK_asn1print,
+ /* 28 ( */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+ | CTYPE_MASK_asn1print,
+ /* 29 ) */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+ | CTYPE_MASK_asn1print,
+ /* 2A * */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 2B + */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 2C , */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+ | CTYPE_MASK_asn1print,
+ /* 2D - */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+ | CTYPE_MASK_asn1print,
+ /* 2E . */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+ | CTYPE_MASK_asn1print,
+ /* 2F / */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 30 0 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 31 1 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 32 2 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 33 3 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 34 4 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 35 5 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 36 6 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 37 7 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 38 8 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 39 9 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 3A : */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+ | CTYPE_MASK_asn1print,
+ /* 3B ; */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 3C < */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 3D = */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 3E > */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 3F ? */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+ | CTYPE_MASK_asn1print,
+ /* 40 @ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 41 A */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 42 B */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 43 C */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 44 D */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 45 E */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 46 F */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 47 G */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 48 H */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 49 I */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 4A J */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 4B K */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 4C L */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 4D M */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 4E N */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 4F O */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 50 P */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 51 Q */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 52 R */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 53 S */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 54 T */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 55 U */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 56 V */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 57 W */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 58 X */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 59 Y */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 5A Z */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 5B [ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 5C \ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 5D ] */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 5E ^ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 5F _ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 60 ` */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 61 a */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 62 b */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 63 c */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 64 d */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 65 e */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 66 f */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 67 g */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 68 h */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 69 i */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 6A j */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 6B k */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 6C l */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 6D m */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 6E n */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 6F o */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 70 p */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 71 q */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 72 r */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 73 s */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 74 t */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 75 u */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 76 v */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 77 w */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 78 x */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 79 y */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 7A z */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+ | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+ /* 7B { */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 7C | */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 7D } */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 7E ~ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+ /* 7F del */ CTYPE_MASK_cntrl
};
-
-// maybe I should not use this is not
+// maybe I should not use this is not
#define MONT_WORD
-//#define BN_MUL_COMBA
+// #define BN_MUL_COMBA
-
-void test(char * aa, char *pp, char *mm);
+// aa = e, pp = d, mm = n
+void test (char *aa, char *pp, char *mm);
#endif /* openssl_test_h */
-
