sync with OpenBSD -current
This commit is contained in:
parent
a48b7fc94f
commit
df306e9b72
GPG key ID:
F42C07F07E2E35B7
1354 changed files with 105229 additions and 31150 deletions
|
|
@ -109,9 +109,9 @@ $code=<<___;
|
|||
.machine "any"
|
||||
.text
|
||||
|
||||
.globl .bn_mul_mont_int
|
||||
.globl .bn_mul_mont
|
||||
.align 4
|
||||
.bn_mul_mont_int:
|
||||
.bn_mul_mont:
|
||||
cmpwi $num,4
|
||||
mr $rp,r3 ; $rp is reassigned
|
||||
li r3,0
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load diff
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: bn.h,v 1.78 2024/04/10 14:58:06 beck Exp $ */
|
||||
/* $OpenBSD: bn.h,v 1.79 2025/01/06 13:15:08 tb Exp $ */
|
||||
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
|
|
@ -401,8 +401,8 @@ int BN_set_bit(BIGNUM *a, int n);
|
|||
int BN_clear_bit(BIGNUM *a, int n);
|
||||
char * BN_bn2hex(const BIGNUM *a);
|
||||
char * BN_bn2dec(const BIGNUM *a);
|
||||
int BN_hex2bn(BIGNUM **a, const char *str);
|
||||
int BN_dec2bn(BIGNUM **a, const char *str);
|
||||
int BN_hex2bn(BIGNUM **a, const char *str);
|
||||
int BN_dec2bn(BIGNUM **a, const char *str);
|
||||
int BN_asc2bn(BIGNUM **a, const char *str);
|
||||
int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
|
||||
int BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */
|
||||
|
|
@ -421,7 +421,7 @@ int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
|
|||
int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
|
||||
int do_trial_division, BN_GENCB *cb);
|
||||
|
||||
BN_MONT_CTX *BN_MONT_CTX_new(void );
|
||||
BN_MONT_CTX *BN_MONT_CTX_new(void);
|
||||
int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||
BN_MONT_CTX *mont, BN_CTX *ctx);
|
||||
int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: bn_convert.c,v 1.22 2024/06/22 16:33:00 jsing Exp $ */
|
||||
/* $OpenBSD: bn_convert.c,v 1.23 2024/11/08 14:18:44 jsing Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
|
|
@ -69,87 +69,73 @@
|
|||
|
||||
#include "bn_local.h"
|
||||
#include "bytestring.h"
|
||||
#include "crypto_internal.h"
|
||||
|
||||
static int bn_dec2bn_cbs(BIGNUM **bnp, CBS *cbs);
|
||||
static int bn_hex2bn_cbs(BIGNUM **bnp, CBS *cbs);
|
||||
|
||||
static const char hex_digits[] = "0123456789ABCDEF";
|
||||
|
||||
typedef enum {
|
||||
big,
|
||||
little,
|
||||
} endianness_t;
|
||||
|
||||
/* ignore negative */
|
||||
static int
|
||||
bn2binpad(const BIGNUM *a, unsigned char *to, int tolen, endianness_t endianness)
|
||||
bn_bn2binpad_internal(const BIGNUM *bn, uint8_t *out, int out_len,
|
||||
int little_endian)
|
||||
{
|
||||
int n;
|
||||
size_t i, lasti, j, atop, mask;
|
||||
BN_ULONG l;
|
||||
uint8_t mask, v;
|
||||
BN_ULONG w;
|
||||
int i, j;
|
||||
int b, n;
|
||||
|
||||
/*
|
||||
* In case |a| is fixed-top, BN_num_bytes can return bogus length,
|
||||
* but it's assumed that fixed-top inputs ought to be "nominated"
|
||||
* even for padded output, so it works out...
|
||||
*/
|
||||
n = BN_num_bytes(a);
|
||||
if (tolen == -1)
|
||||
tolen = n;
|
||||
else if (tolen < n) { /* uncommon/unlike case */
|
||||
BIGNUM temp = *a;
|
||||
n = BN_num_bytes(bn);
|
||||
|
||||
bn_correct_top(&temp);
|
||||
if (out_len == -1)
|
||||
out_len = n;
|
||||
if (out_len < n)
|
||||
return -1;
|
||||
|
||||
n = BN_num_bytes(&temp);
|
||||
if (tolen < n)
|
||||
return -1;
|
||||
if (bn->dmax == 0) {
|
||||
explicit_bzero(out, out_len);
|
||||
return out_len;
|
||||
}
|
||||
|
||||
/* Swipe through whole available data and don't give away padded zero. */
|
||||
atop = a->dmax * BN_BYTES;
|
||||
if (atop == 0) {
|
||||
explicit_bzero(to, tolen);
|
||||
return tolen;
|
||||
mask = 0;
|
||||
b = BN_BITS2;
|
||||
j = 0;
|
||||
|
||||
for (i = out_len - 1; i >= 0; i--) {
|
||||
if (b == BN_BITS2) {
|
||||
mask = crypto_ct_lt_mask(j, bn->top);
|
||||
w = bn->d[j++ % bn->dmax];
|
||||
b = 0;
|
||||
}
|
||||
out[i] = (w >> b) & mask;
|
||||
b += 8;
|
||||
}
|
||||
|
||||
lasti = atop - 1;
|
||||
atop = a->top * BN_BYTES;
|
||||
|
||||
if (endianness == big)
|
||||
to += tolen; /* start from the end of the buffer */
|
||||
|
||||
for (i = 0, j = 0; j < (size_t)tolen; j++) {
|
||||
unsigned char val;
|
||||
|
||||
l = a->d[i / BN_BYTES];
|
||||
mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1));
|
||||
val = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask);
|
||||
|
||||
if (endianness == big)
|
||||
*--to = val;
|
||||
else
|
||||
*to++ = val;
|
||||
|
||||
i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */
|
||||
if (little_endian) {
|
||||
for (i = 0, j = out_len - 1; i < out_len / 2; i++, j--) {
|
||||
v = out[i];
|
||||
out[i] = out[j];
|
||||
out[j] = v;
|
||||
}
|
||||
}
|
||||
|
||||
return tolen;
|
||||
return out_len;
|
||||
}
|
||||
|
||||
int
|
||||
BN_bn2bin(const BIGNUM *a, unsigned char *to)
|
||||
BN_bn2bin(const BIGNUM *bn, unsigned char *to)
|
||||
{
|
||||
return bn2binpad(a, to, -1, big);
|
||||
return bn_bn2binpad_internal(bn, to, -1, 0);
|
||||
}
|
||||
LCRYPTO_ALIAS(BN_bn2bin);
|
||||
|
||||
int
|
||||
BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
|
||||
BN_bn2binpad(const BIGNUM *bn, unsigned char *to, int to_len)
|
||||
{
|
||||
if (tolen < 0)
|
||||
if (to_len < 0)
|
||||
return -1;
|
||||
return bn2binpad(a, to, tolen, big);
|
||||
|
||||
return bn_bn2binpad_internal(bn, to, to_len, 0);
|
||||
}
|
||||
LCRYPTO_ALIAS(BN_bn2binpad);
|
||||
|
||||
|
|
@ -225,12 +211,12 @@ BN_bin2bn(const unsigned char *d, int len, BIGNUM *bn)
|
|||
LCRYPTO_ALIAS(BN_bin2bn);
|
||||
|
||||
int
|
||||
BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen)
|
||||
BN_bn2lebinpad(const BIGNUM *bn, unsigned char *to, int to_len)
|
||||
{
|
||||
if (tolen < 0)
|
||||
if (to_len < 0)
|
||||
return -1;
|
||||
|
||||
return bn2binpad(a, to, tolen, little);
|
||||
return bn_bn2binpad_internal(bn, to, to_len, 1);
|
||||
}
|
||||
LCRYPTO_ALIAS(BN_bn2lebinpad);
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: bn_local.h,v 1.43 2024/04/16 13:07:14 jsing Exp $ */
|
||||
/* $OpenBSD: bn_local.h,v 1.45 2025/01/06 13:47:37 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
|
|
@ -280,18 +280,16 @@ int bn_rand_interval(BIGNUM *rnd, BN_ULONG lower_word, const BIGNUM *upper_exc);
|
|||
|
||||
void BN_init(BIGNUM *);
|
||||
|
||||
int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
|
||||
|
||||
void BN_RECP_CTX_init(BN_RECP_CTX *recp);
|
||||
BN_RECP_CTX *BN_RECP_CTX_new(void);
|
||||
void BN_RECP_CTX_free(BN_RECP_CTX *recp);
|
||||
int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx);
|
||||
int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
|
||||
BN_CTX *ctx);
|
||||
int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
|
||||
BN_RECP_CTX *recp, BN_CTX *ctx);
|
||||
int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
const BIGNUM *m, BN_CTX *ctx);
|
||||
int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
|
||||
BN_RECP_CTX *recp, BN_CTX *ctx);
|
||||
|
||||
/* Explicitly const time / non-const time versions for internal use */
|
||||
int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: bn_recp.c,v 1.19 2023/03/27 10:25:02 tb Exp $ */
|
||||
/* $OpenBSD: bn_recp.c,v 1.21 2025/01/06 13:47:37 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
|
|
@ -107,30 +107,28 @@ BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
|
|||
return (1);
|
||||
}
|
||||
|
||||
int
|
||||
BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
|
||||
BN_RECP_CTX *recp, BN_CTX *ctx)
|
||||
/* len is the expected size of the result
|
||||
* We actually calculate with an extra word of precision, so
|
||||
* we can do faster division if the remainder is not required.
|
||||
*/
|
||||
/* r := 2^len / m */
|
||||
static int
|
||||
BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
|
||||
{
|
||||
int ret = 0;
|
||||
BIGNUM *a;
|
||||
const BIGNUM *ca;
|
||||
int ret = -1;
|
||||
BIGNUM *t;
|
||||
|
||||
BN_CTX_start(ctx);
|
||||
if ((a = BN_CTX_get(ctx)) == NULL)
|
||||
if ((t = BN_CTX_get(ctx)) == NULL)
|
||||
goto err;
|
||||
if (y != NULL) {
|
||||
if (x == y) {
|
||||
if (!BN_sqr(a, x, ctx))
|
||||
goto err;
|
||||
} else {
|
||||
if (!BN_mul(a, x, y, ctx))
|
||||
goto err;
|
||||
}
|
||||
ca = a;
|
||||
} else
|
||||
ca = x; /* Just do the mod */
|
||||
|
||||
ret = BN_div_recp(NULL, r, ca, recp, ctx);
|
||||
if (!BN_set_bit(t, len))
|
||||
goto err;
|
||||
|
||||
if (!BN_div_ct(r, NULL, t,m, ctx))
|
||||
goto err;
|
||||
|
||||
ret = len;
|
||||
|
||||
err:
|
||||
BN_CTX_end(ctx);
|
||||
|
|
@ -231,28 +229,31 @@ err:
|
|||
return (ret);
|
||||
}
|
||||
|
||||
/* len is the expected size of the result
|
||||
* We actually calculate with an extra word of precision, so
|
||||
* we can do faster division if the remainder is not required.
|
||||
*/
|
||||
/* r := 2^len / m */
|
||||
|
||||
int
|
||||
BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
|
||||
BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
|
||||
BN_RECP_CTX *recp, BN_CTX *ctx)
|
||||
{
|
||||
int ret = -1;
|
||||
BIGNUM *t;
|
||||
int ret = 0;
|
||||
BIGNUM *a;
|
||||
const BIGNUM *ca;
|
||||
|
||||
BN_CTX_start(ctx);
|
||||
if ((t = BN_CTX_get(ctx)) == NULL)
|
||||
if ((a = BN_CTX_get(ctx)) == NULL)
|
||||
goto err;
|
||||
if (y != NULL) {
|
||||
if (x == y) {
|
||||
if (!BN_sqr(a, x, ctx))
|
||||
goto err;
|
||||
} else {
|
||||
if (!BN_mul(a, x, y, ctx))
|
||||
goto err;
|
||||
}
|
||||
ca = a;
|
||||
} else
|
||||
ca = x; /* Just do the mod */
|
||||
|
||||
if (!BN_set_bit(t, len))
|
||||
goto err;
|
||||
|
||||
if (!BN_div_ct(r, NULL, t,m, ctx))
|
||||
goto err;
|
||||
|
||||
ret = len;
|
||||
ret = BN_div_recp(NULL, r, ca, recp, ctx);
|
||||
|
||||
err:
|
||||
BN_CTX_end(ctx);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue