]>
Commit | Line | Data |
---|---|---|
b4c9fbed AG |
1 | -----BEGIN PGP SIGNED MESSAGE----- |
2 | Hash: SHA1 | |
3 | ||
4 | - --- openssl-0.9.8e/crypto/bn/bn_mont.c 2006-06-16 03:01:14.000000000 +0200 | |
5 | +++ openssl-0.9.8-cvs/crypto/bn/bn_mont.c 2007-06-29 10:13:25.000000000 +0200 | |
6 | @@ -176,7 +176,6 @@ | |
7 | ||
8 | max=(nl+al+1); /* allow for overflow (no?) XXX */ | |
9 | if (bn_wexpand(r,max) == NULL) goto err; | |
10 | - - if (bn_wexpand(ret,max) == NULL) goto err; | |
11 | ||
12 | r->neg=a->neg^n->neg; | |
13 | np=n->d; | |
14 | @@ -228,19 +227,70 @@ | |
15 | } | |
16 | bn_correct_top(r); | |
17 | ||
18 | - - /* mont->ri will be a multiple of the word size */ | |
19 | - -#if 0 | |
20 | - - BN_rshift(ret,r,mont->ri); | |
21 | - -#else | |
22 | - - ret->neg = r->neg; | |
23 | - - x=ri; | |
24 | + /* mont->ri will be a multiple of the word size and below code | |
25 | + * is kind of BN_rshift(ret,r,mont->ri) equivalent */ | |
26 | + if (r->top <= ri) | |
27 | + { | |
28 | + ret->top=0; | |
29 | + retn=1; | |
30 | + goto err; | |
31 | + } | |
32 | + al=r->top-ri; | |
33 | + | |
34 | +# define BRANCH_FREE 1 | |
35 | +# if BRANCH_FREE | |
36 | + if (bn_wexpand(ret,ri) == NULL) goto err; | |
37 | + x=0-(((al-ri)>>(sizeof(al)*8-1))&1); | |
38 | + ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ | |
39 | + ret->neg=r->neg; | |
40 | + | |
41 | rp=ret->d; | |
42 | - - ap= &(r->d[x]); | |
43 | - - if (r->top < x) | |
44 | - - al=0; | |
45 | - - else | |
46 | - - al=r->top-x; | |
47 | + ap=&(r->d[ri]); | |
48 | + | |
49 | + { | |
50 | + size_t m1,m2; | |
51 | + | |
52 | + v=bn_sub_words(rp,ap,np,ri); | |
53 | + /* this ----------------^^ works even in al<ri case | |
54 | + * thanks to zealous zeroing of top of the vector in the | |
55 | + * beginning. */ | |
56 | + | |
57 | + /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */ | |
58 | + /* in other words if subtraction result is real, then | |
59 | + * trick unconditional memcpy below to perform in-place | |
60 | + * "refresh" instead of actual copy. */ | |
61 | + m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */ | |
62 | + m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */ | |
63 | + m1|=m2; /* (al!=ri) */ | |
64 | + m1|=(0-(size_t)v); /* (al!=ri || v) */ | |
65 | + m1&=~m2; /* (al!=ri || v) && !al>ri */ | |
66 | + nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); | |
67 | + } | |
68 | + | |
69 | + /* 'i<ri' is chosen to eliminate dependency on input data, even | |
70 | + * though it results in redundant copy in al<ri case. */ | |
71 | + for (i=0,ri-=4; i<ri; i+=4) | |
72 | + { | |
73 | + BN_ULONG t1,t2,t3,t4; | |
74 | + | |
75 | + t1=nrp[i+0]; | |
76 | + t2=nrp[i+1]; | |
77 | + t3=nrp[i+2]; ap[i+0]=0; | |
78 | + t4=nrp[i+3]; ap[i+1]=0; | |
79 | + rp[i+0]=t1; ap[i+2]=0; | |
80 | + rp[i+1]=t2; ap[i+3]=0; | |
81 | + rp[i+2]=t3; | |
82 | + rp[i+3]=t4; | |
83 | + } | |
84 | + for (ri+=4; i<ri; i++) | |
85 | + rp[i]=nrp[i], ap[i]=0; | |
86 | +# else | |
87 | + if (bn_wexpand(ret,al) == NULL) goto err; | |
88 | ret->top=al; | |
89 | + ret->neg=r->neg; | |
90 | + | |
91 | + rp=ret->d; | |
92 | + ap=&(r->d[ri]); | |
93 | al-=4; | |
94 | for (i=0; i<al; i+=4) | |
95 | { | |
96 | @@ -258,7 +308,7 @@ | |
97 | al+=4; | |
98 | for (; i<al; i++) | |
99 | rp[i]=ap[i]; | |
100 | - -#endif | |
101 | +# endif | |
102 | #else /* !MONT_WORD */ | |
103 | BIGNUM *t1,*t2; | |
104 | ||
105 | @@ -278,10 +328,12 @@ | |
106 | if (!BN_rshift(ret,t2,mont->ri)) goto err; | |
107 | #endif /* MONT_WORD */ | |
108 | ||
109 | +#if !defined(BRANCH_FREE) || BRANCH_FREE==0 | |
110 | if (BN_ucmp(ret, &(mont->N)) >= 0) | |
111 | { | |
112 | if (!BN_usub(ret,ret,&(mont->N))) goto err; | |
113 | } | |
114 | +#endif | |
115 | retn=1; | |
116 | bn_check_top(ret); | |
117 | err: | |
118 | -----BEGIN PGP SIGNATURE----- | |
119 | Version: GnuPG v1.4.5 (GNU/Linux) | |
120 | ||
121 | iQCVAwUBRrGk++6tTP1JpWPZAQJbjwP/W/6mROtxOVU1gvvq/uFHCytNWHVaJfKA | |
122 | 7zh+v4OPQEIYekIBkEpNFgTJbHcyIZoyDNnwOetkRXvI4LDqvV1V5/pA5bzrKqDj | |
123 | zv7Hj8R7DGqG8ad0Esf3l7SqqirI3curkIzm5/cALJBJxz/Pp7qyXNzzQgp55UPz | |
124 | iBDdynBpa+s= | |
125 | =aquq | |
126 | -----END PGP SIGNATURE----- |