144         if (a->top == 1 && !a->neg  in BN_mod_exp()
332     if (m->top <= BN_CONSTTIME_SIZE_LIMIT  in BN_mod_exp_mont()
399     j = m->top;                 /* borrow j */  in BN_mod_exp_mont()
407         r->top = j;  in BN_mod_exp_mont()
469         j = mont->N.top;        /* borrow j */  in BN_mod_exp_mont()
473         val[0]->top = j;  in BN_mod_exp_mont()
496     if (wordpos >= 0 && wordpos < a->top) {  in bn_get_bits()
500             if (++wordpos < a->top)  in bn_get_bits()
515 static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,  in MOD_EXP_CTIME_COPY_TO_PREBUF()  argument
523     if (top > b->top)  in MOD_EXP_CTIME_COPY_TO_PREBUF()
524         top = b->top;           /* this works because 'buf' is explicitly  in MOD_EXP_CTIME_COPY_TO_PREBUF()
526     for (i = 0, j = idx; i < top; i++, j += width) {  in MOD_EXP_CTIME_COPY_TO_PREBUF()
533 static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,  in MOD_EXP_CTIME_COPY_FROM_PREBUF()  argument
549     if (bn_wexpand(b, top) == NULL)  in MOD_EXP_CTIME_COPY_FROM_PREBUF()
553         for (i = 0; i < top; i++, table += width) {  in MOD_EXP_CTIME_COPY_FROM_PREBUF()
575         for (i = 0; i < top; i++, table += width) {  in MOD_EXP_CTIME_COPY_FROM_PREBUF()
590     b->top = top;  in MOD_EXP_CTIME_COPY_FROM_PREBUF()
614     int top;  in BN_mod_exp_mont_consttime()  local
635     top = m->top;  in BN_mod_exp_mont_consttime()
637     if (top > BN_CONSTTIME_SIZE_LIMIT) {  in BN_mod_exp_mont_consttime()
646     bits = p->top * BN_BITS2;  in BN_mod_exp_mont_consttime()
688     if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)  in BN_mod_exp_mont_consttime()
694         rr->top = 16;  in BN_mod_exp_mont_consttime()
699     } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {  in BN_mod_exp_mont_consttime()
703         rr->top = 8;  in BN_mod_exp_mont_consttime()
714     if (window >= 5 && (top & 15) == 0 && top <= 64 &&  in BN_mod_exp_mont_consttime()
721     if (window >= 5 && top <= BN_SOFT_LIMIT) {  in BN_mod_exp_mont_consttime()
725         powerbufLen += top * sizeof(mont->N.d[0]);  in BN_mod_exp_mont_consttime()
735     powerbufLen += sizeof(m->d[0]) * (top * numPowers +  in BN_mod_exp_mont_consttime()
736                                       ((2 * top) >  in BN_mod_exp_mont_consttime()
737                                        numPowers ? (2 * top) : numPowers));  in BN_mod_exp_mont_consttime()
758     tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers);  in BN_mod_exp_mont_consttime()
759     am.d = tmp.d + top;  in BN_mod_exp_mont_consttime()
760     tmp.top = am.top = 0;  in BN_mod_exp_mont_consttime()
761     tmp.dmax = am.dmax = top;  in BN_mod_exp_mont_consttime()
767     if (m->d[top - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) {  in BN_mod_exp_mont_consttime()
770         for (i = 1; i < top; i++)  in BN_mod_exp_mont_consttime()
772         tmp.top = top;  in BN_mod_exp_mont_consttime()
782     if (top > BN_SOFT_LIMIT)  in BN_mod_exp_mont_consttime()
806         bn_pwr5_mont_f pwr5_worker = pwr5_funcs[top / 16 - 1];  in BN_mod_exp_mont_consttime()
826         bn_mul_mont_f mul_worker = mul_funcs[top / 16 - 1];  in BN_mod_exp_mont_consttime()
844         int stride = 5 * (6 - (top / 16 - 1)); /* multiple of 5, but less  in BN_mod_exp_mont_consttime()
851         for (i = am.top; i < top; i++)  in BN_mod_exp_mont_consttime()
853         for (i = tmp.top; i < top; i++)  in BN_mod_exp_mont_consttime()
856         bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 0);  in BN_mod_exp_mont_consttime()
857         bn_flip_n_scatter5_t4(am.d, top, powerbuf, 1);  in BN_mod_exp_mont_consttime()
860             bn_mul_mont_vis3(tmp.d, am.d, am.d, np, n0, top);  in BN_mod_exp_mont_consttime()
861         bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 2);  in BN_mod_exp_mont_consttime()
867                 bn_mul_mont_vis3(tmp.d, tmp.d, am.d, np, n0, top);  in BN_mod_exp_mont_consttime()
868             bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, i);  in BN_mod_exp_mont_consttime()
872         np = alloca(top * sizeof(BN_ULONG));  in BN_mod_exp_mont_consttime()
873         top /= 2;  in BN_mod_exp_mont_consttime()
874         bn_flip_t4(np, mont->N.d, top);  in BN_mod_exp_mont_consttime()
886         bn_gather5_t4(tmp.d, top, powerbuf, wvalue);  in BN_mod_exp_mont_consttime()
907             bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);  in BN_mod_exp_mont_consttime()
908             bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);  in BN_mod_exp_mont_consttime()
909             bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);  in BN_mod_exp_mont_consttime()
910             bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);  in BN_mod_exp_mont_consttime()
911             bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);  in BN_mod_exp_mont_consttime()
912             bn_mul_mont_gather5_t4(tmp.d, tmp.d, powerbuf, np, n0, top,  in BN_mod_exp_mont_consttime()
916         bn_flip_t4(tmp.d, tmp.d, top);  in BN_mod_exp_mont_consttime()
917         top *= 2;  in BN_mod_exp_mont_consttime()
919         tmp.top = top;  in BN_mod_exp_mont_consttime()
921         OPENSSL_cleanse(np, top * sizeof(BN_ULONG));  in BN_mod_exp_mont_consttime()
925     if (window == 5 && top > 1) {  in BN_mod_exp_mont_consttime()
960         for (i = am.top; i < top; i++)  in BN_mod_exp_mont_consttime()
962         for (i = tmp.top; i < top; i++)  in BN_mod_exp_mont_consttime()
968         for (np = am.d + top, i = 0; i < top; i++)  in BN_mod_exp_mont_consttime()
971         bn_scatter5(tmp.d, top, powerbuf, 0);  in BN_mod_exp_mont_consttime()
972         bn_scatter5(am.d, am.top, powerbuf, 1);  in BN_mod_exp_mont_consttime()
973         bn_mul_mont(tmp.d, am.d, am.d, np, n0, top);  in BN_mod_exp_mont_consttime()
974         bn_scatter5(tmp.d, top, powerbuf, 2);  in BN_mod_exp_mont_consttime()
979             bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);  in BN_mod_exp_mont_consttime()
980             bn_scatter5(tmp.d, top, powerbuf, i);  in BN_mod_exp_mont_consttime()
985             bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);  in BN_mod_exp_mont_consttime()
986             bn_scatter5(tmp.d, top, powerbuf, i);  in BN_mod_exp_mont_consttime()
990             bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);  in BN_mod_exp_mont_consttime()
991             bn_scatter5(tmp.d, top, powerbuf, i);  in BN_mod_exp_mont_consttime()
993                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);  in BN_mod_exp_mont_consttime()
994                 bn_scatter5(tmp.d, top, powerbuf, j);  in BN_mod_exp_mont_consttime()
998             bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);  in BN_mod_exp_mont_consttime()
999             bn_scatter5(tmp.d, top, powerbuf, i);  in BN_mod_exp_mont_consttime()
1000             bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);  in BN_mod_exp_mont_consttime()
1001             bn_scatter5(tmp.d, top, powerbuf, 2 * i);  in BN_mod_exp_mont_consttime()
1004             bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);  in BN_mod_exp_mont_consttime()
1005             bn_scatter5(tmp.d, top, powerbuf, i);  in BN_mod_exp_mont_consttime()
1018         bn_gather5(tmp.d, top, powerbuf, wvalue);  in BN_mod_exp_mont_consttime()
1024         if (top & 7) {  in BN_mod_exp_mont_consttime()
1026                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);  in BN_mod_exp_mont_consttime()
1027                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);  in BN_mod_exp_mont_consttime()
1028                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);  in BN_mod_exp_mont_consttime()
1029                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);  in BN_mod_exp_mont_consttime()
1030                 bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);  in BN_mod_exp_mont_consttime()
1031                 bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top,  in BN_mod_exp_mont_consttime()
1036                 bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top,  in BN_mod_exp_mont_consttime()
1041         tmp.top = top;  in BN_mod_exp_mont_consttime()
1057         if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window))  in BN_mod_exp_mont_consttime()
1059         if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window))  in BN_mod_exp_mont_consttime()
1071             if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,  in BN_mod_exp_mont_consttime()
1078                 if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,  in BN_mod_exp_mont_consttime()
1094         if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue,  in BN_mod_exp_mont_consttime()
1125             if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue,  in BN_mod_exp_mont_consttime()
1143         for (i = 1; i < top; i++)  in BN_mod_exp_mont_consttime()
1203     if (m->top == 1)  in BN_mod_exp_mont_word()
1463         (((a1->top == 16) && (p1->top == 16) && (BN_num_bits(m1) == 1024) &&  in BN_mod_exp_mont_consttime_x2()
1464           (a2->top == 16) && (p2->top == 16) && (BN_num_bits(m2) == 1024)) ||  in BN_mod_exp_mont_consttime_x2()
1465          ((a1->top == 24) && (p1->top == 24) && (BN_num_bits(m1) == 1536) &&  in BN_mod_exp_mont_consttime_x2()
1466           (a2->top == 24) && (p2->top == 24) && (BN_num_bits(m2) == 1536)) ||  in BN_mod_exp_mont_consttime_x2()
1467          ((a1->top == 32) && (p1->top == 32) && (BN_num_bits(m1) == 2048) &&  in BN_mod_exp_mont_consttime_x2()
1468           (a2->top == 32) && (p2->top == 32) && (BN_num_bits(m2) == 2048)))) {  in BN_mod_exp_mont_consttime_x2()
1470         int topn = a1->top;  in BN_mod_exp_mont_consttime_x2()
1503         rr1->top = topn;  in BN_mod_exp_mont_consttime_x2()
1508         rr2->top = topn;  in BN_mod_exp_mont_consttime_x2()

Last Index update Fri Nov 22 14:03:13 UTC 2024

Dedicated to & Maintained by Room-11