*
*/
-#define OPENSSL_FIPSAPI
+
#include "cryptlib.h"
#include "bn_lcl.h"
bn_check_top(p);
bn_check_top(m);
- /* For even modulus m = 2^k*m_odd, it might make sense to compute
+ /*-
+ * For even modulus m = 2^k*m_odd, it might make sense to compute
* a^p mod m_odd and a^p mod 2^k separately (with Montgomery
* exponentiation for the odd part), using appropriate exponent
* reductions, and combine the results using the CRT.
* the top bit being set. It was caused by an error in BN_div
* with negatives. There was also another problem when for a^b%m
* a >= m. eay 07-May-97 */
-/* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
+ /* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
if (BN_is_odd(m))
{
r->d[0] = (0-m->d[0])&BN_MASK2;
for(i=1;i<j;i++) r->d[i] = (~m->d[i])&BN_MASK2;
r->top = j;
+ /* Upper words will be zero if the corresponding words of 'm'
+ * were 0xfff[...], so decrement r->top accordingly. */
+ bn_correct_top(r);
}
else
#endif
* RSAZ exponentiation. For further information see
* crypto/bn/rsaz_exp.c and accompanying assembly modules.
*/
- if (((OPENSSL_ia32cap_P[2]&0x80100) != 0x80100) /* check for MULX/AD*X */
- && (16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)
+ if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)
&& rsaz_avx2_eligible())
{
if (NULL == bn_wexpand(rr, 16)) goto err;
else
#endif
#if defined(OPENSSL_BN_ASM_MONT5)
- /* This optimization uses ideas from http://eprint.iacr.org/2011/239,
- * specifically optimization of cache-timing attack countermeasures
- * and pre-computation optimization. */
-
- /* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
- * 512-bit RSA is hardly relevant, we omit it to spare size... */
- if (window==5)
+ if (window==5 && top>1)
{
+ /* This optimization uses ideas from http://eprint.iacr.org/2011/239,
+ * specifically optimization of cache-timing attack countermeasures
+ * and pre-computation optimization. */
+
+ /* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
+ * 512-bit RSA is hardly relevant, we omit it to spare size... */
void bn_mul_mont_gather5(BN_ULONG *rp,const BN_ULONG *ap,
const void *table,const BN_ULONG *np,
const BN_ULONG *n0,int num,int power);