144         if (a->top == 1 && !a->neg  in BN_mod_exp()
332     if (m->top <= BN_CONSTTIME_SIZE_LIMIT  in BN_mod_exp_mont()
399     j = m->top;                 /* borrow j */  in BN_mod_exp_mont()
407         r->top = j;  in BN_mod_exp_mont()
469         j = mont->N.top;        /* borrow j */  in BN_mod_exp_mont()
473         val[0]->top = j;  in BN_mod_exp_mont()
496     if (wordpos >= 0 && wordpos < a->top) {  in bn_get_bits()
500             if (++wordpos < a->top)  in bn_get_bits()
515 static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,  in MOD_EXP_CTIME_COPY_TO_PREBUF()  argument
523     if (top > b->top)  in MOD_EXP_CTIME_COPY_TO_PREBUF()
524         top = b->top;           /* this works because 'buf' is explicitly  in MOD_EXP_CTIME_COPY_TO_PREBUF()
526     for (i = 0, j = idx; i < top; i++, j += width) {  in MOD_EXP_CTIME_COPY_TO_PREBUF()
533 static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,  in MOD_EXP_CTIME_COPY_FROM_PREBUF()  argument
549     if (bn_wexpand(b, top) == NULL)  in MOD_EXP_CTIME_COPY_FROM_PREBUF()
553         for (i = 0; i < top; i++, table += width) {  in MOD_EXP_CTIME_COPY_FROM_PREBUF()
575         for (i = 0; i < top; i++, table += width) {  in MOD_EXP_CTIME_COPY_FROM_PREBUF()
590     b->top = top;  in MOD_EXP_CTIME_COPY_FROM_PREBUF()
614     int top;  in bn_mod_exp_mont_fixed_top()  local
631     top = m->top;  in bn_mod_exp_mont_fixed_top()
633     if (top > BN_CONSTTIME_SIZE_LIMIT) {  in bn_mod_exp_mont_fixed_top()
642     bits = p->top * BN_BITS2;  in bn_mod_exp_mont_fixed_top()
684     if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)  in bn_mod_exp_mont_fixed_top()
690         rr->top = 16;  in bn_mod_exp_mont_fixed_top()
695     } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {  in bn_mod_exp_mont_fixed_top()
699         rr->top = 8;  in bn_mod_exp_mont_fixed_top()
710     if (window >= 5 && (top & 15) == 0 && top <= 64 &&  in bn_mod_exp_mont_fixed_top()
717     if (window >= 5 && top <= BN_SOFT_LIMIT) {  in bn_mod_exp_mont_fixed_top()
721         powerbufLen += top * sizeof(mont->N.d[0]);  in bn_mod_exp_mont_fixed_top()
731     powerbufLen += sizeof(m->d[0]) * (top * numPowers +  in bn_mod_exp_mont_fixed_top()
732                                       ((2 * top) >  in bn_mod_exp_mont_fixed_top()
733                                        numPowers ? (2 * top) : numPowers));  in bn_mod_exp_mont_fixed_top()
754     tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers);  in bn_mod_exp_mont_fixed_top()
755     am.d = tmp.d + top;  in bn_mod_exp_mont_fixed_top()
756     tmp.top = am.top = 0;  in bn_mod_exp_mont_fixed_top()
757     tmp.dmax = am.dmax = top;  in bn_mod_exp_mont_fixed_top()
763     if (m->d[top - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) {  in bn_mod_exp_mont_fixed_top()
766         for (i = 1; i < top; i++)  in bn_mod_exp_mont_fixed_top()
768         tmp.top = top;  in bn_mod_exp_mont_fixed_top()
778     if (top > BN_SOFT_LIMIT)  in bn_mod_exp_mont_fixed_top()
802         bn_pwr5_mont_f pwr5_worker = pwr5_funcs[top / 16 - 1];  in bn_mod_exp_mont_fixed_top()
822         bn_mul_mont_f mul_worker = mul_funcs[top / 16 - 1];  in bn_mod_exp_mont_fixed_top()
840         int stride = 5 * (6 - (top / 16 - 1)); /* multiple of 5, but less  in bn_mod_exp_mont_fixed_top()
847         for (i = am.top; i < top; i++)  in bn_mod_exp_mont_fixed_top()
849         for (i = tmp.top; i < top; i++)  in bn_mod_exp_mont_fixed_top()
852         bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 0);  in bn_mod_exp_mont_fixed_top()
853         bn_flip_n_scatter5_t4(am.d, top, powerbuf, 1);  in bn_mod_exp_mont_fixed_top()
856             bn_mul_mont_vis3(tmp.d, am.d, am.d, np, n0, top);  in bn_mod_exp_mont_fixed_top()
857         bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 2);  in bn_mod_exp_mont_fixed_top()
863                 bn_mul_mont_vis3(tmp.d, tmp.d, am.d, np, n0, top);  in bn_mod_exp_mont_fixed_top()
864             bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, i);  in bn_mod_exp_mont_fixed_top()
868         np = alloca(top * sizeof(BN_ULONG));  in bn_mod_exp_mont_fixed_top()
869         top /= 2;  in bn_mod_exp_mont_fixed_top()
870         bn_flip_t4(np, mont->N.d, top);  in bn_mod_exp_mont_fixed_top()
882         bn_gather5_t4(tmp.d, top, powerbuf, wvalue);  in bn_mod_exp_mont_fixed_top()
903             bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);  in bn_mod_exp_mont_fixed_top()
904             bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);  in bn_mod_exp_mont_fixed_top()
905             bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);  in bn_mod_exp_mont_fixed_top()
906             bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);  in bn_mod_exp_mont_fixed_top()
907             bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);  in bn_mod_exp_mont_fixed_top()
908             bn_mul_mont_gather5_t4(tmp.d, tmp.d, powerbuf, np, n0, top,  in bn_mod_exp_mont_fixed_top()
912         bn_flip_t4(tmp.d, tmp.d, top);  in bn_mod_exp_mont_fixed_top()
913         top *= 2;  in bn_mod_exp_mont_fixed_top()
915         tmp.top = top;  in bn_mod_exp_mont_fixed_top()
917         OPENSSL_cleanse(np, top * sizeof(BN_ULONG));  in bn_mod_exp_mont_fixed_top()
921     if (window == 5 && top > 1) {  in bn_mod_exp_mont_fixed_top()
956         for (i = am.top; i < top; i++)  in bn_mod_exp_mont_fixed_top()
958         for (i = tmp.top; i < top; i++)  in bn_mod_exp_mont_fixed_top()
964         for (np = am.d + top, i = 0; i < top; i++)  in bn_mod_exp_mont_fixed_top()
967         bn_scatter5(tmp.d, top, powerbuf, 0);  in bn_mod_exp_mont_fixed_top()
968         bn_scatter5(am.d, am.top, powerbuf, 1);  in bn_mod_exp_mont_fixed_top()
969         bn_mul_mont(tmp.d, am.d, am.d, np, n0, top);  in bn_mod_exp_mont_fixed_top()
970         bn_scatter5(tmp.d, top, powerbuf, 2);  in bn_mod_exp_mont_fixed_top()
975             bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);  in bn_mod_exp_mont_fixed_top()
976             bn_scatter5(tmp.d, top, powerbuf, i);  in bn_mod_exp_mont_fixed_top()
981             bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);  in bn_mod_exp_mont_fixed_top()
982             bn_scatter5(tmp.d, top, powerbuf, i);  in bn_mod_exp_mont_fixed_top()
986             bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);  in bn_mod_exp_mont_fixed_top()
987             bn_scatter5(tmp.d, top, powerbuf, i);  in bn_mod_exp_mont_fixed_top()
989                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);  in bn_mod_exp_mont_fixed_top()
990                 bn_scatter5(tmp.d, top, powerbuf, j);  in bn_mod_exp_mont_fixed_top()
994             bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);  in bn_mod_exp_mont_fixed_top()
995             bn_scatter5(tmp.d, top, powerbuf, i);  in bn_mod_exp_mont_fixed_top()
996             bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);  in bn_mod_exp_mont_fixed_top()
997             bn_scatter5(tmp.d, top, powerbuf, 2 * i);  in bn_mod_exp_mont_fixed_top()
1000             bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);  in bn_mod_exp_mont_fixed_top()
1001             bn_scatter5(tmp.d, top, powerbuf, i);  in bn_mod_exp_mont_fixed_top()
1014         bn_gather5(tmp.d, top, powerbuf, wvalue);  in bn_mod_exp_mont_fixed_top()
1020         if (top & 7) {  in bn_mod_exp_mont_fixed_top()
1022                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);  in bn_mod_exp_mont_fixed_top()
1023                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);  in bn_mod_exp_mont_fixed_top()
1024                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);  in bn_mod_exp_mont_fixed_top()
1025                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);  in bn_mod_exp_mont_fixed_top()
1026                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);  in bn_mod_exp_mont_fixed_top()
1027                 bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top,  in bn_mod_exp_mont_fixed_top()
1032                 bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top,  in bn_mod_exp_mont_fixed_top()
1037         tmp.top = top;  in bn_mod_exp_mont_fixed_top()
1053         if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window))  in bn_mod_exp_mont_fixed_top()
1055         if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window))  in bn_mod_exp_mont_fixed_top()
1067             if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,  in bn_mod_exp_mont_fixed_top()
1074                 if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,  in bn_mod_exp_mont_fixed_top()
1090         if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue,  in bn_mod_exp_mont_fixed_top()
1121             if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue,  in bn_mod_exp_mont_fixed_top()
1139         for (i = 1; i < top; i++)  in bn_mod_exp_mont_fixed_top()
1212     if (m->top == 1)  in BN_mod_exp_mont_word()
1472         (((a1->top == 16) && (p1->top == 16) && (BN_num_bits(m1) == 1024) &&  in BN_mod_exp_mont_consttime_x2()
1473           (a2->top == 16) && (p2->top == 16) && (BN_num_bits(m2) == 1024)) ||  in BN_mod_exp_mont_consttime_x2()
1474          ((a1->top == 24) && (p1->top == 24) && (BN_num_bits(m1) == 1536) &&  in BN_mod_exp_mont_consttime_x2()
1475           (a2->top == 24) && (p2->top == 24) && (BN_num_bits(m2) == 1536)) ||  in BN_mod_exp_mont_consttime_x2()
1476          ((a1->top == 32) && (p1->top == 32) && (BN_num_bits(m1) == 2048) &&  in BN_mod_exp_mont_consttime_x2()
1477           (a2->top == 32) && (p2->top == 32) && (BN_num_bits(m2) == 2048)))) {  in BN_mod_exp_mont_consttime_x2()
1479         int topn = a1->top;  in BN_mod_exp_mont_consttime_x2()
1512         rr1->top = topn;  in BN_mod_exp_mont_consttime_x2()
1517         rr2->top = topn;  in BN_mod_exp_mont_consttime_x2()

Last Index update Tue Feb 18 22:03:21 UTC 2025

Dedicated to & Maintained by Room-11