Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
大约 1 年 前同步成功

通知 9
Star 18
Fork 1
T
Third Party Openssl

体验新版 GitCode,发现更多精彩内容 >>

You need to sign in or sign up before continuing.
提交 6b6443de 编写于 作者: A Andy Polyakov
浏览文件
操作

Eliminate conditional final subtraction in Montgomery multiplication.

上级 54b5fd53
隐藏空白更改
内联 并排
Showing with 54 addition and 7 deletion
crypto/bn/bn_mont.c
浏览文件 @ 6b6443de
...@@ -240,20 +240,67 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) ...@@ -240,20 +240,67 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
} }
} }
bn_correct_top(r); bn_correct_top(r);
/* mont->ri will be a multiple of the word size */ /* mont->ri will be a multiple of the word size and below code
#if 0 * is kind of BN_rshift(ret,r,mont->ri) equivalent */
BN_rshift(ret,r,mont->ri);
#else
if (r->top < ri) if (r->top < ri)
{ {
ret->top=0; ret->top=0;
return(1); return(1);
} }
al=r->top-ri; al=r->top-ri;
if (bn_wexpand(ret,al) == NULL) return(0);
#define BRANCH_FREE 1
#if BRANCH_FREE
if (bn_wexpand(ret,ri) == NULL) return(0);
x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */
ret->neg=r->neg; ret->neg=r->neg;
rp=ret->d;
ap=&(r->d[ri]);
nrp=ap;
/* This 'if' denotes violation of 2*M<r^(n-1) boundary condition
* formulated by C.D.Walter in "Montgomery exponentiation needs
* no final subtractions." Incurred branch can disclose only
* information about modulus length, which is not really secret. */
if ((mont->N.d[ri-1]>>(BN_BITS2-2))!=0)
{
size_t m1,m2;
v=bn_sub_words(rp,ap,mont->N.d,ri);
/* if (al==ri && !v) || al>ri) nrp=rp; */
/* in other words if subtraction result is real, then
* trick unconditional memcpy below to make "refresh"
* instead of real copy. */
m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */
m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */
m1=~(m1|m2); /* (al==ri) */
m1&=~(0-(size_t)v); /* (al==ri && !v) */
m1|=m2; /* (al==ri && !v) || al>ri */
nrp=(BN_ULONG *)(((size_t)rp&m1)|((size_t)ap&~m1));
}
for (i=0,ri-=4; i<ri; i+=4)
{
BN_ULONG t1,t2,t3,t4;
t1=nrp[i+0];
t2=nrp[i+1];
t3=nrp[i+2]; ap[i+0]=0;
t4=nrp[i+3]; ap[i+1]=0;
rp[i+0]=t1; ap[i+2]=0;
rp[i+1]=t2; ap[i+3]=0;
rp[i+2]=t3;
rp[i+3]=t4;
}
for (ri+=4; i<ri; i++)
rp[i]=nrp[i], ap[i]=0;
#else
if (bn_wexpand(ret,al) == NULL) return(0);
ret->top=al; ret->top=al;
ret->neg=r->neg;
rp=ret->d; rp=ret->d;
ap=&(r->d[ri]); ap=&(r->d[ri]);
...@@ -274,12 +321,12 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) ...@@ -274,12 +321,12 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
al+=4; al+=4;
for (; i<al; i++) for (; i<al; i++)
rp[i]=ap[i]; rp[i]=ap[i];
#endif
if (BN_ucmp(ret, &(mont->N)) >= 0) if (BN_ucmp(ret, &(mont->N)) >= 0)
{ {
if (!BN_usub(ret,ret,&(mont->N))) return(0); if (!BN_usub(ret,ret,&(mont->N))) return(0);
} }
#endif
bn_check_top(ret); bn_check_top(ret);
return(1); return(1);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册