/src/openssl/crypto/bn/bn_mul.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <assert.h> |
11 | | #include "internal/cryptlib.h" |
12 | | #include "bn_local.h" |
13 | | |
14 | | #if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS) |
15 | | /* |
16 | | * Here follows specialised variants of bn_add_words() and bn_sub_words(). |
17 | | * They have the property performing operations on arrays of different sizes. |
18 | | * The sizes of those arrays is expressed through cl, which is the common |
19 | | * length ( basically, min(len(a),len(b)) ), and dl, which is the delta |
20 | | * between the two lengths, calculated as len(a)-len(b). All lengths are the |
21 | | * number of BN_ULONGs... For the operations that require a result array as |
22 | | * parameter, it must have the length cl+abs(dl). These functions should |
23 | | * probably end up in bn_asm.c as soon as there are assembler counterparts |
24 | | * for the systems that use assembler files. |
25 | | */ |
26 | | |
27 | | BN_ULONG bn_sub_part_words(BN_ULONG *r, |
28 | | const BN_ULONG *a, const BN_ULONG *b, |
29 | | int cl, int dl) |
30 | 0 | { |
31 | 0 | BN_ULONG c, t; |
32 | |
|
33 | 0 | assert(cl >= 0); |
34 | 0 | c = bn_sub_words(r, a, b, cl); |
35 | |
|
36 | 0 | if (dl == 0) |
37 | 0 | return c; |
38 | | |
39 | 0 | r += cl; |
40 | 0 | a += cl; |
41 | 0 | b += cl; |
42 | |
|
43 | 0 | if (dl < 0) { |
44 | 0 | for (;;) { |
45 | 0 | t = b[0]; |
46 | 0 | r[0] = (0 - t - c) & BN_MASK2; |
47 | 0 | if (t != 0) |
48 | 0 | c = 1; |
49 | 0 | if (++dl >= 0) |
50 | 0 | break; |
51 | | |
52 | 0 | t = b[1]; |
53 | 0 | r[1] = (0 - t - c) & BN_MASK2; |
54 | 0 | if (t != 0) |
55 | 0 | c = 1; |
56 | 0 | if (++dl >= 0) |
57 | 0 | break; |
58 | | |
59 | 0 | t = b[2]; |
60 | 0 | r[2] = (0 - t - c) & BN_MASK2; |
61 | 0 | if (t != 0) |
62 | 0 | c = 1; |
63 | 0 | if (++dl >= 0) |
64 | 0 | break; |
65 | | |
66 | 0 | t = b[3]; |
67 | 0 | r[3] = (0 - t - c) & BN_MASK2; |
68 | 0 | if (t != 0) |
69 | 0 | c = 1; |
70 | 0 | if (++dl >= 0) |
71 | 0 | break; |
72 | | |
73 | 0 | b += 4; |
74 | 0 | r += 4; |
75 | 0 | } |
76 | 0 | } else { |
77 | 0 | int save_dl = dl; |
78 | 0 | while (c) { |
79 | 0 | t = a[0]; |
80 | 0 | r[0] = (t - c) & BN_MASK2; |
81 | 0 | if (t != 0) |
82 | 0 | c = 0; |
83 | 0 | if (--dl <= 0) |
84 | 0 | break; |
85 | | |
86 | 0 | t = a[1]; |
87 | 0 | r[1] = (t - c) & BN_MASK2; |
88 | 0 | if (t != 0) |
89 | 0 | c = 0; |
90 | 0 | if (--dl <= 0) |
91 | 0 | break; |
92 | | |
93 | 0 | t = a[2]; |
94 | 0 | r[2] = (t - c) & BN_MASK2; |
95 | 0 | if (t != 0) |
96 | 0 | c = 0; |
97 | 0 | if (--dl <= 0) |
98 | 0 | break; |
99 | | |
100 | 0 | t = a[3]; |
101 | 0 | r[3] = (t - c) & BN_MASK2; |
102 | 0 | if (t != 0) |
103 | 0 | c = 0; |
104 | 0 | if (--dl <= 0) |
105 | 0 | break; |
106 | | |
107 | 0 | save_dl = dl; |
108 | 0 | a += 4; |
109 | 0 | r += 4; |
110 | 0 | } |
111 | 0 | if (dl > 0) { |
112 | 0 | if (save_dl > dl) { |
113 | 0 | switch (save_dl - dl) { |
114 | 0 | case 1: |
115 | 0 | r[1] = a[1]; |
116 | 0 | if (--dl <= 0) |
117 | 0 | break; |
118 | | /* fall through */ |
119 | 0 | case 2: |
120 | 0 | r[2] = a[2]; |
121 | 0 | if (--dl <= 0) |
122 | 0 | break; |
123 | | /* fall through */ |
124 | 0 | case 3: |
125 | 0 | r[3] = a[3]; |
126 | 0 | if (--dl <= 0) |
127 | 0 | break; |
128 | 0 | } |
129 | 0 | a += 4; |
130 | 0 | r += 4; |
131 | 0 | } |
132 | 0 | } |
133 | 0 | if (dl > 0) { |
134 | 0 | for (;;) { |
135 | 0 | r[0] = a[0]; |
136 | 0 | if (--dl <= 0) |
137 | 0 | break; |
138 | 0 | r[1] = a[1]; |
139 | 0 | if (--dl <= 0) |
140 | 0 | break; |
141 | 0 | r[2] = a[2]; |
142 | 0 | if (--dl <= 0) |
143 | 0 | break; |
144 | 0 | r[3] = a[3]; |
145 | 0 | if (--dl <= 0) |
146 | 0 | break; |
147 | | |
148 | 0 | a += 4; |
149 | 0 | r += 4; |
150 | 0 | } |
151 | 0 | } |
152 | 0 | } |
153 | 0 | return c; |
154 | 0 | } |
155 | | #endif |
156 | | |
157 | | #ifdef BN_RECURSION |
158 | | /* |
159 | | * Karatsuba recursive multiplication algorithm (cf. Knuth, The Art of |
160 | | * Computer Programming, Vol. 2) |
161 | | */ |
162 | | |
163 | | /*- |
164 | | * r is 2*n2 words in size, |
165 | | * a and b are both n2 words in size. |
166 | | * n2 must be a power of 2. |
167 | | * We multiply and return the result. |
168 | | * t must be 2*n2 words in size |
169 | | * We calculate |
170 | | * a[0]*b[0] |
171 | | * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) |
172 | | * a[1]*b[1] |
173 | | */ |
174 | | /* dnX may not be positive, but n2/2+dnX has to be */ |
175 | | void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, |
176 | | int dna, int dnb, BN_ULONG *t) |
177 | 0 | { |
178 | 0 | int n = n2 / 2, c1, c2; |
179 | 0 | int tna = n + dna, tnb = n + dnb; |
180 | 0 | unsigned int neg, zero; |
181 | 0 | BN_ULONG ln, lo, *p; |
182 | |
|
183 | 0 | # ifdef BN_MUL_COMBA |
184 | | # if 0 |
185 | | if (n2 == 4) { |
186 | | bn_mul_comba4(r, a, b); |
187 | | return; |
188 | | } |
189 | | # endif |
190 | | /* |
191 | | * Only call bn_mul_comba 8 if n2 == 8 and the two arrays are complete |
192 | | * [steve] |
193 | | */ |
194 | 0 | if (n2 == 8 && dna == 0 && dnb == 0) { |
195 | 0 | bn_mul_comba8(r, a, b); |
196 | 0 | return; |
197 | 0 | } |
198 | 0 | # endif /* BN_MUL_COMBA */ |
199 | | /* Else do normal multiply */ |
200 | 0 | if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) { |
201 | 0 | bn_mul_normal(r, a, n2 + dna, b, n2 + dnb); |
202 | 0 | if ((dna + dnb) < 0) |
203 | 0 | memset(&r[2 * n2 + dna + dnb], 0, |
204 | 0 | sizeof(BN_ULONG) * -(dna + dnb)); |
205 | 0 | return; |
206 | 0 | } |
207 | | /* r=(a[0]-a[1])*(b[1]-b[0]) */ |
208 | 0 | c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna); |
209 | 0 | c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n); |
210 | 0 | zero = neg = 0; |
211 | 0 | switch (c1 * 3 + c2) { |
212 | 0 | case -4: |
213 | 0 | bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ |
214 | 0 | bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ |
215 | 0 | break; |
216 | 0 | case -3: |
217 | 0 | zero = 1; |
218 | 0 | break; |
219 | 0 | case -2: |
220 | 0 | bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ |
221 | 0 | bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */ |
222 | 0 | neg = 1; |
223 | 0 | break; |
224 | 0 | case -1: |
225 | 0 | case 0: |
226 | 0 | case 1: |
227 | 0 | zero = 1; |
228 | 0 | break; |
229 | 0 | case 2: |
230 | 0 | bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */ |
231 | 0 | bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ |
232 | 0 | neg = 1; |
233 | 0 | break; |
234 | 0 | case 3: |
235 | 0 | zero = 1; |
236 | 0 | break; |
237 | 0 | case 4: |
238 | 0 | bn_sub_part_words(t, a, &(a[n]), tna, n - tna); |
239 | 0 | bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); |
240 | 0 | break; |
241 | 0 | } |
242 | | |
243 | 0 | # ifdef BN_MUL_COMBA |
244 | 0 | if (n == 4 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba4 could take |
245 | | * extra args to do this well */ |
246 | 0 | if (!zero) |
247 | 0 | bn_mul_comba4(&(t[n2]), t, &(t[n])); |
248 | 0 | else |
249 | 0 | memset(&t[n2], 0, sizeof(*t) * 8); |
250 | |
|
251 | 0 | bn_mul_comba4(r, a, b); |
252 | 0 | bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n])); |
253 | 0 | } else if (n == 8 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba8 could |
254 | | * take extra args to do |
255 | | * this well */ |
256 | 0 | if (!zero) |
257 | 0 | bn_mul_comba8(&(t[n2]), t, &(t[n])); |
258 | 0 | else |
259 | 0 | memset(&t[n2], 0, sizeof(*t) * 16); |
260 | |
|
261 | 0 | bn_mul_comba8(r, a, b); |
262 | 0 | bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n])); |
263 | 0 | } else |
264 | 0 | # endif /* BN_MUL_COMBA */ |
265 | 0 | { |
266 | 0 | p = &(t[n2 * 2]); |
267 | 0 | if (!zero) |
268 | 0 | bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); |
269 | 0 | else |
270 | 0 | memset(&t[n2], 0, sizeof(*t) * n2); |
271 | 0 | bn_mul_recursive(r, a, b, n, 0, 0, p); |
272 | 0 | bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p); |
273 | 0 | } |
274 | | |
275 | | /*- |
276 | | * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign |
277 | | * r[10] holds (a[0]*b[0]) |
278 | | * r[32] holds (b[1]*b[1]) |
279 | | */ |
280 | |
|
281 | 0 | c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); |
282 | |
|
283 | 0 | if (neg) { /* if t[32] is negative */ |
284 | 0 | c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); |
285 | 0 | } else { |
286 | | /* Might have a carry */ |
287 | 0 | c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2)); |
288 | 0 | } |
289 | | |
290 | | /*- |
291 | | * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) |
292 | | * r[10] holds (a[0]*b[0]) |
293 | | * r[32] holds (b[1]*b[1]) |
294 | | * c1 holds the carry bits |
295 | | */ |
296 | 0 | c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); |
297 | 0 | if (c1) { |
298 | 0 | p = &(r[n + n2]); |
299 | 0 | lo = *p; |
300 | 0 | ln = (lo + c1) & BN_MASK2; |
301 | 0 | *p = ln; |
302 | | |
303 | | /* |
304 | | * The overflow will stop before we over write words we should not |
305 | | * overwrite |
306 | | */ |
307 | 0 | if (ln < (BN_ULONG)c1) { |
308 | 0 | do { |
309 | 0 | p++; |
310 | 0 | lo = *p; |
311 | 0 | ln = (lo + 1) & BN_MASK2; |
312 | 0 | *p = ln; |
313 | 0 | } while (ln == 0); |
314 | 0 | } |
315 | 0 | } |
316 | 0 | } |
317 | | |
318 | | /* |
319 | | * n+tn is the word length t needs to be n*4 is size, as does r |
320 | | */ |
321 | | /* tnX may not be negative but less than n */ |
322 | | void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, |
323 | | int tna, int tnb, BN_ULONG *t) |
324 | 0 | { |
325 | 0 | int i, j, n2 = n * 2; |
326 | 0 | int c1, c2, neg; |
327 | 0 | BN_ULONG ln, lo, *p; |
328 | |
|
329 | 0 | if (n < 8) { |
330 | 0 | bn_mul_normal(r, a, n + tna, b, n + tnb); |
331 | 0 | return; |
332 | 0 | } |
333 | | |
334 | | /* r=(a[0]-a[1])*(b[1]-b[0]) */ |
335 | 0 | c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna); |
336 | 0 | c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n); |
337 | 0 | neg = 0; |
338 | 0 | switch (c1 * 3 + c2) { |
339 | 0 | case -4: |
340 | 0 | bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ |
341 | 0 | bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ |
342 | 0 | break; |
343 | 0 | case -3: |
344 | 0 | case -2: |
345 | 0 | bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ |
346 | 0 | bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */ |
347 | 0 | neg = 1; |
348 | 0 | break; |
349 | 0 | case -1: |
350 | 0 | case 0: |
351 | 0 | case 1: |
352 | 0 | case 2: |
353 | 0 | bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */ |
354 | 0 | bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ |
355 | 0 | neg = 1; |
356 | 0 | break; |
357 | 0 | case 3: |
358 | 0 | case 4: |
359 | 0 | bn_sub_part_words(t, a, &(a[n]), tna, n - tna); |
360 | 0 | bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); |
361 | 0 | break; |
362 | 0 | } |
363 | | /* |
364 | | * The zero case isn't yet implemented here. The speedup would probably |
365 | | * be negligible. |
366 | | */ |
367 | | # if 0 |
368 | | if (n == 4) { |
369 | | bn_mul_comba4(&(t[n2]), t, &(t[n])); |
370 | | bn_mul_comba4(r, a, b); |
371 | | bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn); |
372 | | memset(&r[n2 + tn * 2], 0, sizeof(*r) * (n2 - tn * 2)); |
373 | | } else |
374 | | # endif |
375 | 0 | if (n == 8) { |
376 | 0 | bn_mul_comba8(&(t[n2]), t, &(t[n])); |
377 | 0 | bn_mul_comba8(r, a, b); |
378 | 0 | bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); |
379 | 0 | memset(&r[n2 + tna + tnb], 0, sizeof(*r) * (n2 - tna - tnb)); |
380 | 0 | } else { |
381 | 0 | p = &(t[n2 * 2]); |
382 | 0 | bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); |
383 | 0 | bn_mul_recursive(r, a, b, n, 0, 0, p); |
384 | 0 | i = n / 2; |
385 | | /* |
386 | | * If there is only a bottom half to the number, just do it |
387 | | */ |
388 | 0 | if (tna > tnb) |
389 | 0 | j = tna - i; |
390 | 0 | else |
391 | 0 | j = tnb - i; |
392 | 0 | if (j == 0) { |
393 | 0 | bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), |
394 | 0 | i, tna - i, tnb - i, p); |
395 | 0 | memset(&r[n2 + i * 2], 0, sizeof(*r) * (n2 - i * 2)); |
396 | 0 | } else if (j > 0) { /* eg, n == 16, i == 8 and tn == 11 */ |
397 | 0 | bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]), |
398 | 0 | i, tna - i, tnb - i, p); |
399 | 0 | memset(&(r[n2 + tna + tnb]), 0, |
400 | 0 | sizeof(BN_ULONG) * (n2 - tna - tnb)); |
401 | 0 | } else { /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ |
402 | |
|
403 | 0 | memset(&r[n2], 0, sizeof(*r) * n2); |
404 | 0 | if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL |
405 | 0 | && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) { |
406 | 0 | bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); |
407 | 0 | } else { |
408 | 0 | for (;;) { |
409 | 0 | i /= 2; |
410 | | /* |
411 | | * these simplified conditions work exclusively because |
412 | | * difference between tna and tnb is 1 or 0 |
413 | | */ |
414 | 0 | if (i < tna || i < tnb) { |
415 | 0 | bn_mul_part_recursive(&(r[n2]), |
416 | 0 | &(a[n]), &(b[n]), |
417 | 0 | i, tna - i, tnb - i, p); |
418 | 0 | break; |
419 | 0 | } else if (i == tna || i == tnb) { |
420 | 0 | bn_mul_recursive(&(r[n2]), |
421 | 0 | &(a[n]), &(b[n]), |
422 | 0 | i, tna - i, tnb - i, p); |
423 | 0 | break; |
424 | 0 | } |
425 | 0 | } |
426 | 0 | } |
427 | 0 | } |
428 | 0 | } |
429 | | |
430 | | /*- |
431 | | * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign |
432 | | * r[10] holds (a[0]*b[0]) |
433 | | * r[32] holds (b[1]*b[1]) |
434 | | */ |
435 | |
|
436 | 0 | c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); |
437 | |
|
438 | 0 | if (neg) { /* if t[32] is negative */ |
439 | 0 | c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); |
440 | 0 | } else { |
441 | | /* Might have a carry */ |
442 | 0 | c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2)); |
443 | 0 | } |
444 | | |
445 | | /*- |
446 | | * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) |
447 | | * r[10] holds (a[0]*b[0]) |
448 | | * r[32] holds (b[1]*b[1]) |
449 | | * c1 holds the carry bits |
450 | | */ |
451 | 0 | c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); |
452 | 0 | if (c1) { |
453 | 0 | p = &(r[n + n2]); |
454 | 0 | lo = *p; |
455 | 0 | ln = (lo + c1) & BN_MASK2; |
456 | 0 | *p = ln; |
457 | | |
458 | | /* |
459 | | * The overflow will stop before we over write words we should not |
460 | | * overwrite |
461 | | */ |
462 | 0 | if (ln < (BN_ULONG)c1) { |
463 | 0 | do { |
464 | 0 | p++; |
465 | 0 | lo = *p; |
466 | 0 | ln = (lo + 1) & BN_MASK2; |
467 | 0 | *p = ln; |
468 | 0 | } while (ln == 0); |
469 | 0 | } |
470 | 0 | } |
471 | 0 | } |
472 | | |
473 | | /*- |
474 | | * a and b must be the same size, which is n2. |
475 | | * r needs to be n2 words and t needs to be n2*2 |
476 | | */ |
477 | | void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, |
478 | | BN_ULONG *t) |
479 | 0 | { |
480 | 0 | int n = n2 / 2; |
481 | |
|
482 | 0 | bn_mul_recursive(r, a, b, n, 0, 0, &(t[0])); |
483 | 0 | if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) { |
484 | 0 | bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2])); |
485 | 0 | bn_add_words(&(r[n]), &(r[n]), &(t[0]), n); |
486 | 0 | bn_mul_low_recursive(&(t[0]), &(a[n]), &(b[0]), n, &(t[n2])); |
487 | 0 | bn_add_words(&(r[n]), &(r[n]), &(t[0]), n); |
488 | 0 | } else { |
489 | 0 | bn_mul_low_normal(&(t[0]), &(a[0]), &(b[n]), n); |
490 | 0 | bn_mul_low_normal(&(t[n]), &(a[n]), &(b[0]), n); |
491 | 0 | bn_add_words(&(r[n]), &(r[n]), &(t[0]), n); |
492 | 0 | bn_add_words(&(r[n]), &(r[n]), &(t[n]), n); |
493 | 0 | } |
494 | 0 | } |
495 | | #endif /* BN_RECURSION */ |
496 | | |
497 | | int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) |
498 | 0 | { |
499 | 0 | int ret = bn_mul_fixed_top(r, a, b, ctx); |
500 | |
|
501 | 0 | bn_correct_top(r); |
502 | 0 | bn_check_top(r); |
503 | |
|
504 | 0 | return ret; |
505 | 0 | } |
506 | | |
507 | | int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) |
508 | 0 | { |
509 | 0 | int ret = 0; |
510 | 0 | int top, al, bl; |
511 | 0 | BIGNUM *rr; |
512 | 0 | #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) |
513 | 0 | int i; |
514 | 0 | #endif |
515 | 0 | #ifdef BN_RECURSION |
516 | 0 | BIGNUM *t = NULL; |
517 | 0 | int j = 0, k; |
518 | 0 | #endif |
519 | |
|
520 | 0 | bn_check_top(a); |
521 | 0 | bn_check_top(b); |
522 | 0 | bn_check_top(r); |
523 | |
|
524 | 0 | al = a->top; |
525 | 0 | bl = b->top; |
526 | |
|
527 | 0 | if ((al == 0) || (bl == 0)) { |
528 | 0 | BN_zero(r); |
529 | 0 | return 1; |
530 | 0 | } |
531 | 0 | top = al + bl; |
532 | |
|
533 | 0 | BN_CTX_start(ctx); |
534 | 0 | if ((r == a) || (r == b)) { |
535 | 0 | if ((rr = BN_CTX_get(ctx)) == NULL) |
536 | 0 | goto err; |
537 | 0 | } else |
538 | 0 | rr = r; |
539 | | |
540 | 0 | #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) |
541 | 0 | i = al - bl; |
542 | 0 | #endif |
543 | 0 | #ifdef BN_MUL_COMBA |
544 | 0 | if (i == 0) { |
545 | | # if 0 |
546 | | if (al == 4) { |
547 | | if (bn_wexpand(rr, 8) == NULL) |
548 | | goto err; |
549 | | rr->top = 8; |
550 | | bn_mul_comba4(rr->d, a->d, b->d); |
551 | | goto end; |
552 | | } |
553 | | # endif |
554 | 0 | if (al == 8) { |
555 | 0 | if (bn_wexpand(rr, 16) == NULL) |
556 | 0 | goto err; |
557 | 0 | rr->top = 16; |
558 | 0 | bn_mul_comba8(rr->d, a->d, b->d); |
559 | 0 | goto end; |
560 | 0 | } |
561 | 0 | } |
562 | 0 | #endif /* BN_MUL_COMBA */ |
563 | 0 | #ifdef BN_RECURSION |
564 | 0 | if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) { |
565 | 0 | if (i >= -1 && i <= 1) { |
566 | | /* |
567 | | * Find out the power of two lower or equal to the longest of the |
568 | | * two numbers |
569 | | */ |
570 | 0 | if (i >= 0) { |
571 | 0 | j = BN_num_bits_word((BN_ULONG)al); |
572 | 0 | } |
573 | 0 | if (i == -1) { |
574 | 0 | j = BN_num_bits_word((BN_ULONG)bl); |
575 | 0 | } |
576 | 0 | j = 1 << (j - 1); |
577 | 0 | assert(j <= al || j <= bl); |
578 | 0 | k = j + j; |
579 | 0 | t = BN_CTX_get(ctx); |
580 | 0 | if (t == NULL) |
581 | 0 | goto err; |
582 | 0 | if (al > j || bl > j) { |
583 | 0 | if (bn_wexpand(t, k * 4) == NULL) |
584 | 0 | goto err; |
585 | 0 | if (bn_wexpand(rr, k * 4) == NULL) |
586 | 0 | goto err; |
587 | 0 | bn_mul_part_recursive(rr->d, a->d, b->d, |
588 | 0 | j, al - j, bl - j, t->d); |
589 | 0 | } else { /* al <= j || bl <= j */ |
590 | |
|
591 | 0 | if (bn_wexpand(t, k * 2) == NULL) |
592 | 0 | goto err; |
593 | 0 | if (bn_wexpand(rr, k * 2) == NULL) |
594 | 0 | goto err; |
595 | 0 | bn_mul_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d); |
596 | 0 | } |
597 | 0 | rr->top = top; |
598 | 0 | goto end; |
599 | 0 | } |
600 | 0 | } |
601 | 0 | #endif /* BN_RECURSION */ |
602 | 0 | if (bn_wexpand(rr, top) == NULL) |
603 | 0 | goto err; |
604 | 0 | rr->top = top; |
605 | 0 | bn_mul_normal(rr->d, a->d, al, b->d, bl); |
606 | |
|
607 | 0 | #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) |
608 | 0 | end: |
609 | 0 | #endif |
610 | 0 | rr->neg = a->neg ^ b->neg; |
611 | 0 | rr->flags |= BN_FLG_FIXED_TOP; |
612 | 0 | if (r != rr && BN_copy(r, rr) == NULL) |
613 | 0 | goto err; |
614 | | |
615 | 0 | ret = 1; |
616 | 0 | err: |
617 | 0 | bn_check_top(r); |
618 | 0 | BN_CTX_end(ctx); |
619 | 0 | return ret; |
620 | 0 | } |
621 | | |
622 | | void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) |
623 | 0 | { |
624 | 0 | BN_ULONG *rr; |
625 | |
|
626 | 0 | if (na < nb) { |
627 | 0 | int itmp; |
628 | 0 | BN_ULONG *ltmp; |
629 | |
|
630 | 0 | itmp = na; |
631 | 0 | na = nb; |
632 | 0 | nb = itmp; |
633 | 0 | ltmp = a; |
634 | 0 | a = b; |
635 | 0 | b = ltmp; |
636 | |
|
637 | 0 | } |
638 | 0 | rr = &(r[na]); |
639 | 0 | if (nb <= 0) { |
640 | 0 | (void)bn_mul_words(r, a, na, 0); |
641 | 0 | return; |
642 | 0 | } else |
643 | 0 | rr[0] = bn_mul_words(r, a, na, b[0]); |
644 | | |
645 | 0 | for (;;) { |
646 | 0 | if (--nb <= 0) |
647 | 0 | return; |
648 | 0 | rr[1] = bn_mul_add_words(&(r[1]), a, na, b[1]); |
649 | 0 | if (--nb <= 0) |
650 | 0 | return; |
651 | 0 | rr[2] = bn_mul_add_words(&(r[2]), a, na, b[2]); |
652 | 0 | if (--nb <= 0) |
653 | 0 | return; |
654 | 0 | rr[3] = bn_mul_add_words(&(r[3]), a, na, b[3]); |
655 | 0 | if (--nb <= 0) |
656 | 0 | return; |
657 | 0 | rr[4] = bn_mul_add_words(&(r[4]), a, na, b[4]); |
658 | 0 | rr += 4; |
659 | 0 | r += 4; |
660 | 0 | b += 4; |
661 | 0 | } |
662 | 0 | } |
663 | | |
664 | | void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) |
665 | 0 | { |
666 | 0 | bn_mul_words(r, a, n, b[0]); |
667 | |
|
668 | 0 | for (;;) { |
669 | 0 | if (--n <= 0) |
670 | 0 | return; |
671 | 0 | bn_mul_add_words(&(r[1]), a, n, b[1]); |
672 | 0 | if (--n <= 0) |
673 | 0 | return; |
674 | 0 | bn_mul_add_words(&(r[2]), a, n, b[2]); |
675 | 0 | if (--n <= 0) |
676 | 0 | return; |
677 | 0 | bn_mul_add_words(&(r[3]), a, n, b[3]); |
678 | 0 | if (--n <= 0) |
679 | 0 | return; |
680 | 0 | bn_mul_add_words(&(r[4]), a, n, b[4]); |
681 | 0 | r += 4; |
682 | 0 | b += 4; |
683 | 0 | } |
684 | 0 | } |