1 /* crypto/bn/bn_asm.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
60 # undef NDEBUG /* avoid conflicting definitions */
69 #if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
71 BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
80 # ifndef OPENSSL_SMALL_FOOTPRINT
82 mul_add(rp[0], ap[0], w, c1);
83 mul_add(rp[1], ap[1], w, c1);
84 mul_add(rp[2], ap[2], w, c1);
85 mul_add(rp[3], ap[3], w, c1);
92 mul_add(rp[0], ap[0], w, c1);
101 BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
109 # ifndef OPENSSL_SMALL_FOOTPRINT
111 mul(rp[0], ap[0], w, c1);
112 mul(rp[1], ap[1], w, c1);
113 mul(rp[2], ap[2], w, c1);
114 mul(rp[3], ap[3], w, c1);
121 mul(rp[0], ap[0], w, c1);
129 void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
135 # ifndef OPENSSL_SMALL_FOOTPRINT
137 sqr(r[0], r[1], a[0]);
138 sqr(r[2], r[3], a[1]);
139 sqr(r[4], r[5], a[2]);
140 sqr(r[6], r[7], a[3]);
147 sqr(r[0], r[1], a[0]);
154 #else /* !(defined(BN_LLONG) ||
155 * defined(BN_UMULT_HIGH)) */
157 BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
165 return ((BN_ULONG)0);
170 # ifndef OPENSSL_SMALL_FOOTPRINT
172 mul_add(rp[0], ap[0], bl, bh, c);
173 mul_add(rp[1], ap[1], bl, bh, c);
174 mul_add(rp[2], ap[2], bl, bh, c);
175 mul_add(rp[3], ap[3], bl, bh, c);
182 mul_add(rp[0], ap[0], bl, bh, c);
190 BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
197 return ((BN_ULONG)0);
202 # ifndef OPENSSL_SMALL_FOOTPRINT
204 mul(rp[0], ap[0], bl, bh, carry);
205 mul(rp[1], ap[1], bl, bh, carry);
206 mul(rp[2], ap[2], bl, bh, carry);
207 mul(rp[3], ap[3], bl, bh, carry);
214 mul(rp[0], ap[0], bl, bh, carry);
222 void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
228 # ifndef OPENSSL_SMALL_FOOTPRINT
230 sqr64(r[0], r[1], a[0]);
231 sqr64(r[2], r[3], a[1]);
232 sqr64(r[4], r[5], a[2]);
233 sqr64(r[6], r[7], a[3]);
240 sqr64(r[0], r[1], a[0]);
247 #endif /* !(defined(BN_LLONG) ||
248 * defined(BN_UMULT_HIGH)) */
250 #if defined(BN_LLONG) && defined(BN_DIV2W)
252 BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
254 return ((BN_ULONG)(((((BN_ULLONG) h) << BN_BITS2) | l) / (BN_ULLONG) d));
259 /* Divide h,l by d and return the result. */
260 /* I need to test this some more :-( */
261 BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
263 BN_ULONG dh, dl, q, ret = 0, th, tl, t;
269 i = BN_num_bits_word(d);
270 assert((i == BN_BITS2) || (h <= (BN_ULONG)1 << i));
278 h = (h << i) | (l >> (BN_BITS2 - i));
281 dh = (d & BN_MASK2h) >> BN_BITS4;
282 dl = (d & BN_MASK2l);
284 if ((h >> BN_BITS4) == dh)
293 if ((t & BN_MASK2h) ||
294 ((tl) <= ((t << BN_BITS4) | ((l & BN_MASK2h) >> BN_BITS4))))
300 t = (tl >> BN_BITS4);
301 tl = (tl << BN_BITS4) & BN_MASK2h;
317 h = ((h << BN_BITS4) | (l >> BN_BITS4)) & BN_MASK2;
318 l = (l & BN_MASK2l) << BN_BITS4;
323 #endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
326 BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
333 return ((BN_ULONG)0);
335 # ifndef OPENSSL_SMALL_FOOTPRINT
337 ll += (BN_ULLONG) a[0] + b[0];
338 r[0] = (BN_ULONG)ll & BN_MASK2;
340 ll += (BN_ULLONG) a[1] + b[1];
341 r[1] = (BN_ULONG)ll & BN_MASK2;
343 ll += (BN_ULLONG) a[2] + b[2];
344 r[2] = (BN_ULONG)ll & BN_MASK2;
346 ll += (BN_ULLONG) a[3] + b[3];
347 r[3] = (BN_ULONG)ll & BN_MASK2;
356 ll += (BN_ULLONG) a[0] + b[0];
357 r[0] = (BN_ULONG)ll & BN_MASK2;
364 return ((BN_ULONG)ll);
366 #else /* !BN_LLONG */
367 BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
374 return ((BN_ULONG)0);
377 # ifndef OPENSSL_SMALL_FOOTPRINT
380 t = (t + c) & BN_MASK2;
382 l = (t + b[0]) & BN_MASK2;
386 t = (t + c) & BN_MASK2;
388 l = (t + b[1]) & BN_MASK2;
392 t = (t + c) & BN_MASK2;
394 l = (t + b[2]) & BN_MASK2;
398 t = (t + c) & BN_MASK2;
400 l = (t + b[3]) & BN_MASK2;
411 t = (t + c) & BN_MASK2;
413 l = (t + b[0]) & BN_MASK2;
421 return ((BN_ULONG)c);
423 #endif /* !BN_LLONG */
425 BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
433 return ((BN_ULONG)0);
435 #ifndef OPENSSL_SMALL_FOOTPRINT
439 r[0] = (t1 - t2 - c) & BN_MASK2;
444 r[1] = (t1 - t2 - c) & BN_MASK2;
449 r[2] = (t1 - t2 - c) & BN_MASK2;
454 r[3] = (t1 - t2 - c) & BN_MASK2;
466 r[0] = (t1 - t2 - c) & BN_MASK2;
477 #if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT)
479 # undef bn_mul_comba8
480 # undef bn_mul_comba4
481 # undef bn_sqr_comba8
482 # undef bn_sqr_comba4
484 /* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */
485 /* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
486 /* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
488 * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number
493 * Keep in mind that carrying into high part of multiplication result
494 * can not overflow, because it cannot be all-ones.
497 # define mul_add_c(a,b,c0,c1,c2) \
499 t1=(BN_ULONG)Lw(t); \
500 t2=(BN_ULONG)Hw(t); \
501 c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
502 c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
504 # define mul_add_c2(a,b,c0,c1,c2) \
508 t1=(BN_ULONG)Lw(tt); \
509 t2=(BN_ULONG)Hw(tt); \
510 c0=(c0+t1)&BN_MASK2; \
511 if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
512 c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
514 # define sqr_add_c(a,i,c0,c1,c2) \
515 t=(BN_ULLONG)a[i]*a[i]; \
516 t1=(BN_ULONG)Lw(t); \
517 t2=(BN_ULONG)Hw(t); \
518 c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
519 c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
521 # define sqr_add_c2(a,i,j,c0,c1,c2) \
522 mul_add_c2((a)[i],(a)[j],c0,c1,c2)
524 # elif defined(BN_UMULT_LOHI)
526 # define mul_add_c(a,b,c0,c1,c2) { \
527 BN_ULONG ta=(a),tb=(b); \
528 BN_UMULT_LOHI(t1,t2,ta,tb); \
529 c0 += t1; t2 += (c0<t1)?1:0; \
530 c1 += t2; c2 += (c1<t2)?1:0; \
533 # define mul_add_c2(a,b,c0,c1,c2) { \
534 BN_ULONG ta=(a),tb=(b),t0; \
535 BN_UMULT_LOHI(t0,t1,ta,tb); \
536 c0 += t0; t2 = t1+((c0<t0)?1:0);\
537 c1 += t2; c2 += (c1<t2)?1:0; \
538 c0 += t0; t1 += (c0<t0)?1:0; \
539 c1 += t1; c2 += (c1<t1)?1:0; \
542 # define sqr_add_c(a,i,c0,c1,c2) { \
543 BN_ULONG ta=(a)[i]; \
544 BN_UMULT_LOHI(t1,t2,ta,ta); \
545 c0 += t1; t2 += (c0<t1)?1:0; \
546 c1 += t2; c2 += (c1<t2)?1:0; \
549 # define sqr_add_c2(a,i,j,c0,c1,c2) \
550 mul_add_c2((a)[i],(a)[j],c0,c1,c2)
552 # elif defined(BN_UMULT_HIGH)
554 # define mul_add_c(a,b,c0,c1,c2) { \
555 BN_ULONG ta=(a),tb=(b); \
557 t2 = BN_UMULT_HIGH(ta,tb); \
558 c0 += t1; t2 += (c0<t1)?1:0; \
559 c1 += t2; c2 += (c1<t2)?1:0; \
562 # define mul_add_c2(a,b,c0,c1,c2) { \
563 BN_ULONG ta=(a),tb=(b),t0; \
564 t1 = BN_UMULT_HIGH(ta,tb); \
566 c0 += t0; t2 = t1+((c0<t0)?1:0);\
567 c1 += t2; c2 += (c1<t2)?1:0; \
568 c0 += t0; t1 += (c0<t0)?1:0; \
569 c1 += t1; c2 += (c1<t1)?1:0; \
572 # define sqr_add_c(a,i,c0,c1,c2) { \
573 BN_ULONG ta=(a)[i]; \
575 t2 = BN_UMULT_HIGH(ta,ta); \
576 c0 += t1; t2 += (c0<t1)?1:0; \
577 c1 += t2; c2 += (c1<t2)?1:0; \
580 # define sqr_add_c2(a,i,j,c0,c1,c2) \
581 mul_add_c2((a)[i],(a)[j],c0,c1,c2)
583 # else /* !BN_LLONG */
584 # define mul_add_c(a,b,c0,c1,c2) \
585 t1=LBITS(a); t2=HBITS(a); \
586 bl=LBITS(b); bh=HBITS(b); \
587 mul64(t1,t2,bl,bh); \
588 c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
589 c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
591 # define mul_add_c2(a,b,c0,c1,c2) \
592 t1=LBITS(a); t2=HBITS(a); \
593 bl=LBITS(b); bh=HBITS(b); \
594 mul64(t1,t2,bl,bh); \
595 if (t2 & BN_TBIT) c2++; \
596 t2=(t2+t2)&BN_MASK2; \
597 if (t1 & BN_TBIT) t2++; \
598 t1=(t1+t1)&BN_MASK2; \
599 c0=(c0+t1)&BN_MASK2; \
600 if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
601 c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
603 # define sqr_add_c(a,i,c0,c1,c2) \
604 sqr64(t1,t2,(a)[i]); \
605 c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
606 c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
608 # define sqr_add_c2(a,i,j,c0,c1,c2) \
609 mul_add_c2((a)[i],(a)[j],c0,c1,c2)
610 # endif /* !BN_LLONG */
612 void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
625 mul_add_c(a[0], b[0], c1, c2, c3);
628 mul_add_c(a[0], b[1], c2, c3, c1);
629 mul_add_c(a[1], b[0], c2, c3, c1);
632 mul_add_c(a[2], b[0], c3, c1, c2);
633 mul_add_c(a[1], b[1], c3, c1, c2);
634 mul_add_c(a[0], b[2], c3, c1, c2);
637 mul_add_c(a[0], b[3], c1, c2, c3);
638 mul_add_c(a[1], b[2], c1, c2, c3);
639 mul_add_c(a[2], b[1], c1, c2, c3);
640 mul_add_c(a[3], b[0], c1, c2, c3);
643 mul_add_c(a[4], b[0], c2, c3, c1);
644 mul_add_c(a[3], b[1], c2, c3, c1);
645 mul_add_c(a[2], b[2], c2, c3, c1);
646 mul_add_c(a[1], b[3], c2, c3, c1);
647 mul_add_c(a[0], b[4], c2, c3, c1);
650 mul_add_c(a[0], b[5], c3, c1, c2);
651 mul_add_c(a[1], b[4], c3, c1, c2);
652 mul_add_c(a[2], b[3], c3, c1, c2);
653 mul_add_c(a[3], b[2], c3, c1, c2);
654 mul_add_c(a[4], b[1], c3, c1, c2);
655 mul_add_c(a[5], b[0], c3, c1, c2);
658 mul_add_c(a[6], b[0], c1, c2, c3);
659 mul_add_c(a[5], b[1], c1, c2, c3);
660 mul_add_c(a[4], b[2], c1, c2, c3);
661 mul_add_c(a[3], b[3], c1, c2, c3);
662 mul_add_c(a[2], b[4], c1, c2, c3);
663 mul_add_c(a[1], b[5], c1, c2, c3);
664 mul_add_c(a[0], b[6], c1, c2, c3);
667 mul_add_c(a[0], b[7], c2, c3, c1);
668 mul_add_c(a[1], b[6], c2, c3, c1);
669 mul_add_c(a[2], b[5], c2, c3, c1);
670 mul_add_c(a[3], b[4], c2, c3, c1);
671 mul_add_c(a[4], b[3], c2, c3, c1);
672 mul_add_c(a[5], b[2], c2, c3, c1);
673 mul_add_c(a[6], b[1], c2, c3, c1);
674 mul_add_c(a[7], b[0], c2, c3, c1);
677 mul_add_c(a[7], b[1], c3, c1, c2);
678 mul_add_c(a[6], b[2], c3, c1, c2);
679 mul_add_c(a[5], b[3], c3, c1, c2);
680 mul_add_c(a[4], b[4], c3, c1, c2);
681 mul_add_c(a[3], b[5], c3, c1, c2);
682 mul_add_c(a[2], b[6], c3, c1, c2);
683 mul_add_c(a[1], b[7], c3, c1, c2);
686 mul_add_c(a[2], b[7], c1, c2, c3);
687 mul_add_c(a[3], b[6], c1, c2, c3);
688 mul_add_c(a[4], b[5], c1, c2, c3);
689 mul_add_c(a[5], b[4], c1, c2, c3);
690 mul_add_c(a[6], b[3], c1, c2, c3);
691 mul_add_c(a[7], b[2], c1, c2, c3);
694 mul_add_c(a[7], b[3], c2, c3, c1);
695 mul_add_c(a[6], b[4], c2, c3, c1);
696 mul_add_c(a[5], b[5], c2, c3, c1);
697 mul_add_c(a[4], b[6], c2, c3, c1);
698 mul_add_c(a[3], b[7], c2, c3, c1);
701 mul_add_c(a[4], b[7], c3, c1, c2);
702 mul_add_c(a[5], b[6], c3, c1, c2);
703 mul_add_c(a[6], b[5], c3, c1, c2);
704 mul_add_c(a[7], b[4], c3, c1, c2);
707 mul_add_c(a[7], b[5], c1, c2, c3);
708 mul_add_c(a[6], b[6], c1, c2, c3);
709 mul_add_c(a[5], b[7], c1, c2, c3);
712 mul_add_c(a[6], b[7], c2, c3, c1);
713 mul_add_c(a[7], b[6], c2, c3, c1);
716 mul_add_c(a[7], b[7], c3, c1, c2);
721 void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
734 mul_add_c(a[0], b[0], c1, c2, c3);
737 mul_add_c(a[0], b[1], c2, c3, c1);
738 mul_add_c(a[1], b[0], c2, c3, c1);
741 mul_add_c(a[2], b[0], c3, c1, c2);
742 mul_add_c(a[1], b[1], c3, c1, c2);
743 mul_add_c(a[0], b[2], c3, c1, c2);
746 mul_add_c(a[0], b[3], c1, c2, c3);
747 mul_add_c(a[1], b[2], c1, c2, c3);
748 mul_add_c(a[2], b[1], c1, c2, c3);
749 mul_add_c(a[3], b[0], c1, c2, c3);
752 mul_add_c(a[3], b[1], c2, c3, c1);
753 mul_add_c(a[2], b[2], c2, c3, c1);
754 mul_add_c(a[1], b[3], c2, c3, c1);
757 mul_add_c(a[2], b[3], c3, c1, c2);
758 mul_add_c(a[3], b[2], c3, c1, c2);
761 mul_add_c(a[3], b[3], c1, c2, c3);
766 void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
779 sqr_add_c(a, 0, c1, c2, c3);
782 sqr_add_c2(a, 1, 0, c2, c3, c1);
785 sqr_add_c(a, 1, c3, c1, c2);
786 sqr_add_c2(a, 2, 0, c3, c1, c2);
789 sqr_add_c2(a, 3, 0, c1, c2, c3);
790 sqr_add_c2(a, 2, 1, c1, c2, c3);
793 sqr_add_c(a, 2, c2, c3, c1);
794 sqr_add_c2(a, 3, 1, c2, c3, c1);
795 sqr_add_c2(a, 4, 0, c2, c3, c1);
798 sqr_add_c2(a, 5, 0, c3, c1, c2);
799 sqr_add_c2(a, 4, 1, c3, c1, c2);
800 sqr_add_c2(a, 3, 2, c3, c1, c2);
803 sqr_add_c(a, 3, c1, c2, c3);
804 sqr_add_c2(a, 4, 2, c1, c2, c3);
805 sqr_add_c2(a, 5, 1, c1, c2, c3);
806 sqr_add_c2(a, 6, 0, c1, c2, c3);
809 sqr_add_c2(a, 7, 0, c2, c3, c1);
810 sqr_add_c2(a, 6, 1, c2, c3, c1);
811 sqr_add_c2(a, 5, 2, c2, c3, c1);
812 sqr_add_c2(a, 4, 3, c2, c3, c1);
815 sqr_add_c(a, 4, c3, c1, c2);
816 sqr_add_c2(a, 5, 3, c3, c1, c2);
817 sqr_add_c2(a, 6, 2, c3, c1, c2);
818 sqr_add_c2(a, 7, 1, c3, c1, c2);
821 sqr_add_c2(a, 7, 2, c1, c2, c3);
822 sqr_add_c2(a, 6, 3, c1, c2, c3);
823 sqr_add_c2(a, 5, 4, c1, c2, c3);
826 sqr_add_c(a, 5, c2, c3, c1);
827 sqr_add_c2(a, 6, 4, c2, c3, c1);
828 sqr_add_c2(a, 7, 3, c2, c3, c1);
831 sqr_add_c2(a, 7, 4, c3, c1, c2);
832 sqr_add_c2(a, 6, 5, c3, c1, c2);
835 sqr_add_c(a, 6, c1, c2, c3);
836 sqr_add_c2(a, 7, 5, c1, c2, c3);
839 sqr_add_c2(a, 7, 6, c2, c3, c1);
842 sqr_add_c(a, 7, c3, c1, c2);
847 void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
860 sqr_add_c(a, 0, c1, c2, c3);
863 sqr_add_c2(a, 1, 0, c2, c3, c1);
866 sqr_add_c(a, 1, c3, c1, c2);
867 sqr_add_c2(a, 2, 0, c3, c1, c2);
870 sqr_add_c2(a, 3, 0, c1, c2, c3);
871 sqr_add_c2(a, 2, 1, c1, c2, c3);
874 sqr_add_c(a, 2, c2, c3, c1);
875 sqr_add_c2(a, 3, 1, c2, c3, c1);
878 sqr_add_c2(a, 3, 2, c3, c1, c2);
881 sqr_add_c(a, 3, c1, c2, c3);
886 # ifdef OPENSSL_NO_ASM
887 # ifdef OPENSSL_BN_ASM_MONT
890 * This is essentially reference implementation, which may or may not
891 * result in performance improvement. E.g. on IA-32 this routine was
892 * observed to give 40% faster rsa1024 private key operations and 10%
893 * faster rsa4096 ones, while on AMD64 it improves rsa1024 sign only
894 * by 10% and *worsens* rsa4096 sign by 15%. Once again, it's a
895 * reference implementation, one to be used as starting point for
896 * platform-specific assembler. Mentioned numbers apply to compiler
897 * generated code compiled with and without -DOPENSSL_BN_ASM_MONT and
898 * can vary not only from platform to platform, but even for compiler
899 * versions. Assembler vs. assembler improvement coefficients can
900 * [and are known to] differ and are to be documented elsewhere.
902 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
903 const BN_ULONG *np, const BN_ULONG *n0p, int num)
905 BN_ULONG c0, c1, ml, *tp, n0;
909 volatile BN_ULONG *vp;
912 # if 0 /* template for platform-specific
915 return bn_sqr_mont(rp, ap, np, n0p, num);
917 vp = tp = alloca((num + 2) * sizeof(BN_ULONG));
926 for (j = 0; j < num; ++j)
927 mul(tp[j], ap[j], ml, mh, c0);
929 for (j = 0; j < num; ++j)
930 mul(tp[j], ap[j], ml, c0);
937 for (i = 0; i < num; i++) {
943 for (j = 0; j < num; ++j)
944 mul_add(tp[j], ap[j], ml, mh, c0);
946 for (j = 0; j < num; ++j)
947 mul_add(tp[j], ap[j], ml, c0);
949 c1 = (tp[num] + c0) & BN_MASK2;
951 tp[num + 1] = (c1 < c0 ? 1 : 0);
954 ml = (c1 * n0) & BN_MASK2;
959 mul_add(c1, np[0], ml, mh, c0);
961 mul_add(c1, ml, np[0], c0);
963 for (j = 1; j < num; j++) {
966 mul_add(c1, np[j], ml, mh, c0);
968 mul_add(c1, ml, np[j], c0);
970 tp[j - 1] = c1 & BN_MASK2;
972 c1 = (tp[num] + c0) & BN_MASK2;
974 tp[num] = tp[num + 1] + (c1 < c0 ? 1 : 0);
977 if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
978 c0 = bn_sub_words(rp, tp, np, num);
979 if (tp[num] != 0 || c0 == 0) {
980 for (i = 0; i < num + 2; i++)
985 for (i = 0; i < num; i++)
986 rp[i] = tp[i], vp[i] = 0;
993 * Return value of 0 indicates that multiplication/convolution was not
994 * performed to signal the caller to fall down to alternative/original
997 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
998 const BN_ULONG *np, const BN_ULONG *n0, int num)
1002 # endif /* OPENSSL_BN_ASM_MONT */
1005 #else /* !BN_MUL_COMBA */
1007 /* hmm... is it faster just to do a multiply? */
1008 # undef bn_sqr_comba4
1009 void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
1012 bn_sqr_normal(r, a, 4, t);
1015 # undef bn_sqr_comba8
1016 void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
1019 bn_sqr_normal(r, a, 8, t);
1022 void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
1024 r[4] = bn_mul_words(&(r[0]), a, 4, b[0]);
1025 r[5] = bn_mul_add_words(&(r[1]), a, 4, b[1]);
1026 r[6] = bn_mul_add_words(&(r[2]), a, 4, b[2]);
1027 r[7] = bn_mul_add_words(&(r[3]), a, 4, b[3]);
1030 void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
1032 r[8] = bn_mul_words(&(r[0]), a, 8, b[0]);
1033 r[9] = bn_mul_add_words(&(r[1]), a, 8, b[1]);
1034 r[10] = bn_mul_add_words(&(r[2]), a, 8, b[2]);
1035 r[11] = bn_mul_add_words(&(r[3]), a, 8, b[3]);
1036 r[12] = bn_mul_add_words(&(r[4]), a, 8, b[4]);
1037 r[13] = bn_mul_add_words(&(r[5]), a, 8, b[5]);
1038 r[14] = bn_mul_add_words(&(r[6]), a, 8, b[6]);
1039 r[15] = bn_mul_add_words(&(r[7]), a, 8, b[7]);
1042 # ifdef OPENSSL_NO_ASM
1043 # ifdef OPENSSL_BN_ASM_MONT
1044 # include <alloca.h>
1045 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
1046 const BN_ULONG *np, const BN_ULONG *n0p, int num)
1048 BN_ULONG c0, c1, *tp, n0 = *n0p;
1049 volatile BN_ULONG *vp;
1052 vp = tp = alloca((num + 2) * sizeof(BN_ULONG));
1054 for (i = 0; i <= num; i++)
1057 for (i = 0; i < num; i++) {
1058 c0 = bn_mul_add_words(tp, ap, num, bp[i]);
1059 c1 = (tp[num] + c0) & BN_MASK2;
1061 tp[num + 1] = (c1 < c0 ? 1 : 0);
1063 c0 = bn_mul_add_words(tp, np, num, tp[0] * n0);
1064 c1 = (tp[num] + c0) & BN_MASK2;
1066 tp[num + 1] += (c1 < c0 ? 1 : 0);
1067 for (j = 0; j <= num; j++)
1071 if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
1072 c0 = bn_sub_words(rp, tp, np, num);
1073 if (tp[num] != 0 || c0 == 0) {
1074 for (i = 0; i < num + 2; i++)
1079 for (i = 0; i < num; i++)
1080 rp[i] = tp[i], vp[i] = 0;
1086 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
1087 const BN_ULONG *np, const BN_ULONG *n0, int num)
1091 # endif /* OPENSSL_BN_ASM_MONT */
1094 #endif /* !BN_MUL_COMBA */
tuxillo's projects / dragonfly.git / blob