xref: /openssl-master/crypto/bn/bn_exp.c

88 int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,  in BN_mod_exp()  argument
95     bn_check_top(m);  in BN_mod_exp()
133     if (BN_is_odd(m)) {  in BN_mod_exp()
138             && (BN_get_flags(m, BN_FLG_CONSTTIME) == 0)) {  in BN_mod_exp()
140             ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL);  in BN_mod_exp()
143             ret = BN_mod_exp_mont(r, a, p, m, ctx, NULL);  in BN_mod_exp()
148         ret = BN_mod_exp_recp(r, a, p, m, ctx);  in BN_mod_exp()
152         ret = BN_mod_exp_simple(r, a, p, m, ctx);  in BN_mod_exp()
161                     const BIGNUM *m, BN_CTX *ctx)  in BN_mod_exp_recp()  argument
172             || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {  in BN_mod_exp_recp()
181         if (BN_abs_is_word(m, 1)) {  in BN_mod_exp_recp()
197     if (m->neg) {  in BN_mod_exp_recp()
199         if (!BN_copy(aa, m))  in BN_mod_exp_recp()
205         if (BN_RECP_CTX_set(&recp, m, ctx) <= 0)  in BN_mod_exp_recp()
209     if (!BN_nnmod(val[0], a, m, ctx))  in BN_mod_exp_recp()
295                     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)  in BN_mod_exp_mont()  argument
307             || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {  in BN_mod_exp_mont()
308         return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);  in BN_mod_exp_mont()
313     bn_check_top(m);  in BN_mod_exp_mont()
315     if (!BN_is_odd(m)) {  in BN_mod_exp_mont()
322         if (BN_abs_is_word(m, 1)) {  in BN_mod_exp_mont()
347         if (!BN_MONT_CTX_set(mont, m, ctx))  in BN_mod_exp_mont()
351     if (a->neg || BN_ucmp(a, m) >= 0) {  in BN_mod_exp_mont()
352         if (!BN_nnmod(val[0], a, m, ctx))  in BN_mod_exp_mont()
380     j = m->top;                 /* borrow j */  in BN_mod_exp_mont()
381     if (m->d[j - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) {  in BN_mod_exp_mont()
385         r->d[0] = (0 - m->d[0]) & BN_MASK2;  in BN_mod_exp_mont()
387             r->d[i] = (~m->d[i]) & BN_MASK2;  in BN_mod_exp_mont()
590                               const BIGNUM *m, BN_CTX *ctx,  in BN_mod_exp_mont_consttime()  argument
608     bn_check_top(m);  in BN_mod_exp_mont_consttime()
610     if (!BN_is_odd(m)) {  in BN_mod_exp_mont_consttime()
615     top = m->top;  in BN_mod_exp_mont_consttime()
624         if (BN_abs_is_word(m, 1)) {  in BN_mod_exp_mont_consttime()
644         if (!BN_MONT_CTX_set(mont, m, ctx))  in BN_mod_exp_mont_consttime()
648     if (a->neg || BN_ucmp(a, m) >= 0) {  in BN_mod_exp_mont_consttime()
651             || !BN_nnmod(reduced, a, m, ctx)) {  in BN_mod_exp_mont_consttime()
663     if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)  in BN_mod_exp_mont_consttime()
667         RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d,  in BN_mod_exp_mont_consttime()
674     } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {  in BN_mod_exp_mont_consttime()
677         RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d);  in BN_mod_exp_mont_consttime()
710     powerbufLen += sizeof(m->d[0]) * (top * numPowers +  in BN_mod_exp_mont_consttime()
733     tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers);  in BN_mod_exp_mont_consttime()
742     if (m->d[top - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) {  in BN_mod_exp_mont_consttime()
744         tmp.d[0] = (0 - m->d[0]) & BN_MASK2;  in BN_mod_exp_mont_consttime()
746             tmp.d[i] = (~m->d[i]) & BN_MASK2;  in BN_mod_exp_mont_consttime()
1127                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)  in BN_mod_exp_mont_word()  argument
1135 #define BN_MOD_MUL_WORD(r, w, m) \  in BN_mod_exp_mont_word()  argument
1138                         (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))  in BN_mod_exp_mont_word()
1153             || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {  in BN_mod_exp_mont_word()
1160     bn_check_top(m);  in BN_mod_exp_mont_word()
1162     if (!BN_is_odd(m)) {  in BN_mod_exp_mont_word()
1166     if (m->top == 1)  in BN_mod_exp_mont_word()
1167         a %= m->d[0];           /* make sure that 'a' is reduced */  in BN_mod_exp_mont_word()
1172         if (BN_abs_is_word(m, 1)) {  in BN_mod_exp_mont_word()
1197         if (!BN_MONT_CTX_set(mont, m, ctx))  in BN_mod_exp_mont_word()
1216                 if (!BN_MOD_MUL_WORD(r, w, m))  in BN_mod_exp_mont_word()
1236                     if (!BN_MOD_MUL_WORD(r, w, m))  in BN_mod_exp_mont_word()
1252             if (!BN_MOD_MUL_WORD(r, w, m))  in BN_mod_exp_mont_word()
1275                       const BIGNUM *m, BN_CTX *ctx)  in BN_mod_exp_simple()  argument
1285             || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {  in BN_mod_exp_simple()
1294         if (BN_abs_is_word(m, 1)) {  in BN_mod_exp_simple()
1309     if (!BN_nnmod(val[0], a, m, ctx))  in BN_mod_exp_simple()
1319         if (!BN_mod_mul(d, val[0], val[0], m, ctx))  in BN_mod_exp_simple()
1324                 !BN_mod_mul(val[i], val[i - 1], d, m, ctx))  in BN_mod_exp_simple()
1342                 if (!BN_mod_mul(r, r, r, m, ctx))  in BN_mod_exp_simple()
1371                 if (!BN_mod_mul(r, r, r, m, ctx))  in BN_mod_exp_simple()
1376         if (!BN_mod_mul(r, r, val[wvalue >> 1], m, ctx))  in BN_mod_exp_simple()

Last Index update Sun Aug 20 00:18:20 CST 2023