diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2023-03-07 06:15:10 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2023-03-07 06:15:10 +0000 |
| commit | cf68f5cfb341204883e592700821bd40b4a9eee1 (patch) | |
| tree | 6a5a819023cc31ad4971b95fabe6d4235d7d14eb | |
| parent | 3db1ca0e30c5ebe34bfb44601c78e7a2c198ac01 (diff) | |
Refactor BN_mod_mul_montgomery().
Pull out the simplistic implementation (using BN_mul() or BN_sqr()) into a
bn_mod_mul_montgomery_simple() function. Provide bn_mod_mul_montgomery()
with an implementation that changes depending on if the assembly
bn_mul_mont() is available or not. Turn BN_mod_mul_montgomery() and
BN_to_montgomery() into callers of bn_mod_mul_montgomery().
ok beck@ tb@
| -rw-r--r-- | lib/libcrypto/bn/bn_mont.c | 68 |
1 files changed, 48 insertions, 20 deletions
diff --git a/lib/libcrypto/bn/bn_mont.c b/lib/libcrypto/bn/bn_mont.c index 5dcd548f85d..d2ca4404f9f 100644 --- a/lib/libcrypto/bn/bn_mont.c +++ b/lib/libcrypto/bn/bn_mont.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_mont.c,v 1.48 2023/03/07 06:05:06 jsing Exp $ */ +/* $OpenBSD: bn_mont.c,v 1.49 2023/03/07 06:15:09 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -305,28 +305,13 @@ BN_MONT_CTX_set_locked(BN_MONT_CTX **pmctx, int lock, const BIGNUM *mod, static int bn_montgomery_reduce(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mctx); -int -BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +static int +bn_mod_mul_montgomery_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mctx, BN_CTX *ctx) { BIGNUM *tmp; int ret = 0; -#if defined(OPENSSL_BN_ASM_MONT) - int num = mctx->N.top; - - if (num > 1 && a->top == num && b->top == num) { - if (!bn_wexpand(r, num)) - return (0); - if (bn_mul_mont(r->d, a->d, b->d, mctx->N.d, mctx->n0, num)) { - r->top = num; - bn_correct_top(r); - BN_set_negative(r, a->neg ^ b->neg); - return (1); - } - } -#endif - BN_CTX_start(ctx); if ((tmp = BN_CTX_get(ctx)) == NULL) @@ -351,11 +336,54 @@ BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, return ret; } +#ifndef OPENSSL_BN_ASM_MONT +int +bn_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mctx, BN_CTX *ctx) +{ + return bn_mod_mul_montgomery_simple(r, a, b, mctx, ctx); +} +#else + +int +bn_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mctx, BN_CTX *ctx) +{ + if (mctx->N.top <= 1 || a->top != mctx->N.top || b->top != mctx->N.top) + return bn_mod_mul_montgomery_simple(r, a, b, mctx, ctx); + + if (!bn_wexpand(r, mctx->N.top)) + return 0; + + /* + * Legacy bn_mul_mont() can indicate that we should "fallback" to + * another implementation. + */ + if (!bn_mul_mont(r->d, a->d, b->d, mctx->N.d, mctx->n0, mctx->N.top)) + return bn_mod_mul_montgomery_simple(r, a, b, mctx, ctx); + + r->top = mctx->N.top; + bn_correct_top(r); + + BN_set_negative(r, a->neg ^ b->neg); + + return (1); +} +#endif + +int +BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mctx, BN_CTX *ctx) +{ + /* Compute r = aR * bR * R^-1 mod N = abR mod N */ + return bn_mod_mul_montgomery(r, a, b, mctx, ctx); +} + int -BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx) +BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mctx, BN_CTX *ctx) { /* Compute r = a * R * R * R^-1 mod N = aR mod N */ - return BN_mod_mul_montgomery(r, a, &mont->RR, mont, ctx); + return bn_mod_mul_montgomery(r, a, &mctx->RR, mctx, ctx); } /* |