Use MONT_WORD macro to control if the word-based or the bignum

algorithm is used.

crypto/bn/bn.h

@@ -260,7 +260,6 @@ typedef struct bn_blinding_st
 /* Used for montgomery multiplication */
 typedef struct bn_mont_ctx_st
 	{
-	int use_word;  /* 0 for word form, 1 for bignum form */
 	int ri;        /* number of bits in R */
 	BIGNUM RR;     /* used to convert to montgomery form */
 	BIGNUM N;      /* The modulus */

crypto/bn/bn_mont.c

@@ -67,6 +67,8 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
+#define MONT_WORD /* use the faster word-based algorithm */
+
 int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
 			  BN_MONT_CTX *mont, BN_CTX *ctx)
 	{
@@ -105,22 +107,17 @@ err:
 	return(0);
 	}
 
-#define BN_RECURSION_MONT
-
 int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont,
 	     BN_CTX *ctx)
 	{
 	int retn=0;
-	BN_CTX_start(ctx);
 
-#ifdef BN_RECURSION_MONT
-	if (mont->use_word)
-#endif
-		{
+#ifdef MONT_WORD
 	BIGNUM *n,*r;
 	BN_ULONG *ap,*np,*rp,n0,v,*nrp;
 	int al,nl,max,i,x,ri;
 
+	BN_CTX_start(ctx);
 	if ((r = BN_CTX_get(ctx)) == NULL) goto err;
 
 	if (!BN_copy(r,a)) goto err;
@@ -155,7 +152,7 @@ int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont,
 	n0=mont->n0;
 
 #ifdef BN_COUNT
-printf("word BN_from_montgomery %d * %d\n",nl,nl);
+	printf("word BN_from_montgomery %d * %d\n",nl,nl);
 #endif
 	for (i=0; i<nl; i++)
 		{
@@ -203,18 +200,10 @@ printf("word BN_from_montgomery %d * %d\n",nl,nl);
 	for (; i<al; i++)
 		rp[i]=ap[i];
 #endif
-
-		if (BN_ucmp(ret, &(mont->N)) >= 0)
-			{
-			BN_usub(ret,ret,&(mont->N)); /* XXX */
-			}
-		retn=1;
-		}
-#ifdef BN_RECURSION_MONT
-	else /* bignum version */ 
-		{
+#else /* !MONT_WORD */ 
 	BIGNUM *t1,*t2;
 
+	BN_CTX_start(ctx);
 	t1 = BN_CTX_get(ctx);
 	t2 = BN_CTX_get(ctx);
 	if (t1 == NULL || t2 == NULL) goto err;
@@ -228,12 +217,13 @@ printf("word BN_from_montgomery %d * %d\n",nl,nl);
 	if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
 	if (!BN_add(t2,a,t1)) goto err;
 	BN_rshift(ret,t2,mont->ri);
+#endif /* MONT_WORD */
 
-		if (BN_ucmp(ret,&mont->N) >= 0)
-			BN_usub(ret,ret,&mont->N);
-		retn=1;
+	if (BN_ucmp(ret, &(mont->N)) >= 0)
+		{
+		BN_usub(ret,ret,&(mont->N));
 		}
-#endif
+	retn=1;
  err:
 	BN_CTX_end(ctx);
 	return(retn);
@@ -253,7 +243,6 @@ BN_MONT_CTX *BN_MONT_CTX_new(void)
 
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
 	{
-	ctx->use_word=0;
 	ctx->ri=0;
 	BN_init(&(ctx->RR));
 	BN_init(&(ctx->N));
@@ -281,16 +270,11 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
 	R= &(mont->RR);					/* grab RR as a temp */
 	BN_copy(&(mont->N),mod);			/* Set N */
 
-#ifdef BN_RECURSION_MONT
-	/* the word-based algorithm is faster */
-	if (mont->N.top > BN_MONT_CTX_SET_SIZE_WORD)
-#endif
+#ifdef MONT_WORD
 		{
 		BIGNUM tmod;
 		BN_ULONG buf[2];
 
-		mont->use_word=1;
-
 		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
 		BN_zero(R);
 		BN_set_bit(R,BN_BITS2);			/* R */
@@ -314,10 +298,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
 		mont->n0=Ri.d[0];
 		BN_free(&Ri);
 		}
-#ifdef BN_RECURSION_MONT
-	else
+#else /* !MONT_WORD */
 		{ /* bignum version */
-		mont->use_word=0;
 		mont->ri=BN_num_bits(mod);
 		BN_zero(R);
 		BN_set_bit(R,mont->ri);			/* R = 2^ri */
@@ -349,7 +331,6 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
 	BN_copy(&(to->RR),&(from->RR));
 	BN_copy(&(to->N),&(from->N));
 	BN_copy(&(to->Ni),&(from->Ni));
-	to->use_word=from->use_word;
 	to->ri=from->ri;
 	to->n0=from->n0;
 	return(to);

doc/crypto/BN_mod_mul_montgomery.pod

@@ -58,7 +58,6 @@ The B<BN_MONT_CTX> structure is defined as follows:
 
  typedef struct bn_mont_ctx_st
         {
-        int use_word;   /* 0 for word form, 1 for bignum form */
         int ri;         /* number of bits in R */
         BIGNUM RR;      /* R^2 (used to convert to Montgomery form) */
         BIGNUM N;       /* The modulus */