]>
Commit | Line | Data |
---|---|---|
d02b48c6 | 1 | /* crypto/bn/bn_div.c */ |
58964a49 | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
d02b48c6 RE |
3 | * All rights reserved. |
4 | * | |
5 | * This package is an SSL implementation written | |
6 | * by Eric Young (eay@cryptsoft.com). | |
7 | * The implementation was written so as to conform with Netscapes SSL. | |
8 | * | |
9 | * This library is free for commercial and non-commercial use as long as | |
10 | * the following conditions are aheared to. The following conditions | |
11 | * apply to all code found in this distribution, be it the RC4, RSA, | |
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 | * included with this distribution is covered by the same copyright terms | |
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
15 | * | |
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | |
17 | * the code are not to be removed. | |
18 | * If this package is used in a product, Eric Young should be given attribution | |
19 | * as the author of the parts of the library used. | |
20 | * This can be in the form of a textual message at program startup or | |
21 | * in documentation (online or textual) provided with the package. | |
22 | * | |
23 | * Redistribution and use in source and binary forms, with or without | |
24 | * modification, are permitted provided that the following conditions | |
25 | * are met: | |
26 | * 1. Redistributions of source code must retain the copyright | |
27 | * notice, this list of conditions and the following disclaimer. | |
28 | * 2. Redistributions in binary form must reproduce the above copyright | |
29 | * notice, this list of conditions and the following disclaimer in the | |
30 | * documentation and/or other materials provided with the distribution. | |
31 | * 3. All advertising materials mentioning features or use of this software | |
32 | * must display the following acknowledgement: | |
33 | * "This product includes cryptographic software written by | |
34 | * Eric Young (eay@cryptsoft.com)" | |
35 | * The word 'cryptographic' can be left out if the rouines from the library | |
36 | * being used are not cryptographic related :-). | |
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | |
38 | * the apps directory (application code) you must include an acknowledgement: | |
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
40 | * | |
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | |
52 | * | |
53 | * The licence and distribution terms for any publically available version or | |
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | |
57 | */ | |
58 | ||
59 | #include <stdio.h> | |
84c15db5 | 60 | #include <openssl/bn.h> |
d02b48c6 RE |
61 | #include "cryptlib.h" |
62 | #include "bn_lcl.h" | |
63 | ||
78a0c1f1 | 64 | |
d02b48c6 | 65 | /* The old slow way */ |
4a6222d7 | 66 | #if 0 |
0bde1089 UM |
67 | int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, |
68 | BN_CTX *ctx) | |
d02b48c6 RE |
69 | { |
70 | int i,nm,nd; | |
9b141126 | 71 | int ret = 0; |
d02b48c6 RE |
72 | BIGNUM *D; |
73 | ||
dfeab068 RE |
74 | bn_check_top(m); |
75 | bn_check_top(d); | |
d02b48c6 RE |
76 | if (BN_is_zero(d)) |
77 | { | |
78 | BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO); | |
79 | return(0); | |
80 | } | |
81 | ||
82 | if (BN_ucmp(m,d) < 0) | |
83 | { | |
84 | if (rem != NULL) | |
85 | { if (BN_copy(rem,m) == NULL) return(0); } | |
86 | if (dv != NULL) BN_zero(dv); | |
87 | return(1); | |
88 | } | |
89 | ||
9b141126 UM |
90 | BN_CTX_start(ctx); |
91 | D = BN_CTX_get(ctx); | |
92 | if (dv == NULL) dv = BN_CTX_get(ctx); | |
93 | if (rem == NULL) rem = BN_CTX_get(ctx); | |
94 | if (D == NULL || dv == NULL || rem == NULL) | |
95 | goto end; | |
d02b48c6 RE |
96 | |
97 | nd=BN_num_bits(d); | |
98 | nm=BN_num_bits(m); | |
9b141126 UM |
99 | if (BN_copy(D,d) == NULL) goto end; |
100 | if (BN_copy(rem,m) == NULL) goto end; | |
d02b48c6 RE |
101 | |
102 | /* The next 2 are needed so we can do a dv->d[0]|=1 later | |
103 | * since BN_lshift1 will only work once there is a value :-) */ | |
104 | BN_zero(dv); | |
dfeab068 | 105 | bn_wexpand(dv,1); |
d02b48c6 RE |
106 | dv->top=1; |
107 | ||
9b141126 | 108 | if (!BN_lshift(D,D,nm-nd)) goto end; |
d02b48c6 RE |
109 | for (i=nm-nd; i>=0; i--) |
110 | { | |
9b141126 | 111 | if (!BN_lshift1(dv,dv)) goto end; |
d02b48c6 RE |
112 | if (BN_ucmp(rem,D) >= 0) |
113 | { | |
114 | dv->d[0]|=1; | |
9b141126 | 115 | if (!BN_usub(rem,rem,D)) goto end; |
d02b48c6 RE |
116 | } |
117 | /* CAN IMPROVE (and have now :=) */ | |
9b141126 | 118 | if (!BN_rshift1(D,D)) goto end; |
d02b48c6 RE |
119 | } |
120 | rem->neg=BN_is_zero(rem)?0:m->neg; | |
121 | dv->neg=m->neg^d->neg; | |
9b141126 UM |
122 | ret = 1; |
123 | end: | |
124 | BN_CTX_end(ctx); | |
125 | return(ret); | |
d02b48c6 RE |
126 | } |
127 | ||
128 | #else | |
129 | ||
cf1b7d96 RL |
130 | #if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \ |
131 | && !defined(PEDANTIC) && !defined(BN_DIV3W) | |
4a6222d7 | 132 | # if defined(__GNUC__) && __GNUC__>=2 |
5dd955dc | 133 | # if defined(__i386) || defined (__i386__) |
4a6222d7 UM |
134 | /* |
135 | * There were two reasons for implementing this template: | |
136 | * - GNU C generates a call to a function (__udivdi3 to be exact) | |
137 | * in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to | |
138 | * understand why...); | |
139 | * - divl doesn't only calculate quotient, but also leaves | |
140 | * remainder in %edx which we can definitely use here:-) | |
141 | * | |
142 | * <appro@fy.chalmers.se> | |
143 | */ | |
144 | # define bn_div_words(n0,n1,d0) \ | |
145 | ({ asm volatile ( \ | |
146 | "divl %4" \ | |
147 | : "=a"(q), "=d"(rem) \ | |
148 | : "a"(n1), "d"(n0), "g"(d0) \ | |
149 | : "cc"); \ | |
150 | q; \ | |
151 | }) | |
152 | # define REMAINDER_IS_ALREADY_CALCULATED | |
2f98abbc AP |
153 | # elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG) |
154 | /* | |
155 | * Same story here, but it's 128-bit by 64-bit division. Wow! | |
156 | * <appro@fy.chalmers.se> | |
157 | */ | |
158 | # define bn_div_words(n0,n1,d0) \ | |
159 | ({ asm volatile ( \ | |
160 | "divq %4" \ | |
161 | : "=a"(q), "=d"(rem) \ | |
162 | : "a"(n1), "d"(n0), "g"(d0) \ | |
163 | : "cc"); \ | |
164 | q; \ | |
165 | }) | |
166 | # define REMAINDER_IS_ALREADY_CALCULATED | |
4a6222d7 UM |
167 | # endif /* __<cpu> */ |
168 | # endif /* __GNUC__ */ | |
cf1b7d96 | 169 | #endif /* OPENSSL_NO_ASM */ |
4a6222d7 | 170 | |
78a0c1f1 | 171 | |
55525742 AP |
172 | /* BN_div[_no_branch] computes dv := num / divisor, rounding towards |
173 | * zero, and sets up rm such that dv*divisor + rm = num holds. | |
78a0c1f1 BM |
174 | * Thus: |
175 | * dv->neg == num->neg ^ divisor->neg (unless the result is zero) | |
176 | * rm->neg == num->neg (unless the remainder is zero) | |
177 | * If 'dv' or 'rm' is NULL, the respective value is not returned. | |
178 | */ | |
55525742 AP |
179 | static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, |
180 | const BIGNUM *divisor, BN_CTX *ctx); | |
84c15db5 BL |
181 | int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, |
182 | BN_CTX *ctx) | |
d02b48c6 | 183 | { |
6343829a | 184 | int norm_shift,i,loop; |
d02b48c6 RE |
185 | BIGNUM *tmp,wnum,*snum,*sdiv,*res; |
186 | BN_ULONG *resp,*wnump; | |
187 | BN_ULONG d0,d1; | |
6343829a | 188 | int num_n,div_n; |
d02b48c6 | 189 | |
f8d6be3f BM |
190 | /* Invalid zero-padding would have particularly bad consequences |
191 | * in the case of 'num', so don't just rely on bn_check_top() for this one | |
192 | * (bn_check_top() works only for BN_DEBUG builds) */ | |
193 | if (num->top > 0 && num->d[num->top - 1] == 0) | |
194 | { | |
195 | BNerr(BN_F_BN_DIV,BN_R_NOT_INITIALIZED); | |
196 | return 0; | |
197 | } | |
198 | ||
199 | bn_check_top(num); | |
200 | ||
b002265e | 201 | if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) |
bd31fb21 BM |
202 | { |
203 | return BN_div_no_branch(dv, rm, num, divisor, ctx); | |
204 | } | |
205 | ||
8215e7a9 NL |
206 | bn_check_top(dv); |
207 | bn_check_top(rm); | |
f8d6be3f | 208 | /* bn_check_top(num); */ /* 'num' has been checked already */ |
dfeab068 RE |
209 | bn_check_top(divisor); |
210 | ||
58964a49 | 211 | if (BN_is_zero(divisor)) |
d02b48c6 RE |
212 | { |
213 | BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO); | |
214 | return(0); | |
215 | } | |
216 | ||
217 | if (BN_ucmp(num,divisor) < 0) | |
218 | { | |
219 | if (rm != NULL) | |
220 | { if (BN_copy(rm,num) == NULL) return(0); } | |
221 | if (dv != NULL) BN_zero(dv); | |
222 | return(1); | |
223 | } | |
224 | ||
9b141126 UM |
225 | BN_CTX_start(ctx); |
226 | tmp=BN_CTX_get(ctx); | |
9b141126 UM |
227 | snum=BN_CTX_get(ctx); |
228 | sdiv=BN_CTX_get(ctx); | |
d02b48c6 | 229 | if (dv == NULL) |
9b141126 | 230 | res=BN_CTX_get(ctx); |
d02b48c6 | 231 | else res=dv; |
7f7b8d68 | 232 | if (sdiv == NULL || res == NULL) goto err; |
d02b48c6 RE |
233 | |
234 | /* First we normalise the numbers */ | |
235 | norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); | |
9cdf87f1 | 236 | if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err; |
d02b48c6 RE |
237 | sdiv->neg=0; |
238 | norm_shift+=BN_BITS2; | |
9cdf87f1 | 239 | if (!(BN_lshift(snum,num,norm_shift))) goto err; |
d02b48c6 RE |
240 | snum->neg=0; |
241 | div_n=sdiv->top; | |
242 | num_n=snum->top; | |
243 | loop=num_n-div_n; | |
d02b48c6 RE |
244 | /* Lets setup a 'window' into snum |
245 | * This is the part that corresponds to the current | |
246 | * 'area' being divided */ | |
9e989810 GT |
247 | wnum.neg = 0; |
248 | wnum.d = &(snum->d[loop]); | |
249 | wnum.top = div_n; | |
9e989810 GT |
250 | /* only needed when BN_ucmp messes up the values between top and max */ |
251 | wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ | |
d02b48c6 RE |
252 | |
253 | /* Get the top 2 words of sdiv */ | |
5c0c2280 | 254 | /* div_n=sdiv->top; */ |
d02b48c6 RE |
255 | d0=sdiv->d[div_n-1]; |
256 | d1=(div_n == 1)?0:sdiv->d[div_n-2]; | |
257 | ||
258 | /* pointer to the 'top' of snum */ | |
259 | wnump= &(snum->d[num_n-1]); | |
260 | ||
261 | /* Setup to 'res' */ | |
262 | res->neg= (num->neg^divisor->neg); | |
58964a49 | 263 | if (!bn_wexpand(res,(loop+1))) goto err; |
dfeab068 | 264 | res->top=loop; |
d02b48c6 RE |
265 | resp= &(res->d[loop-1]); |
266 | ||
267 | /* space for temp */ | |
6343829a | 268 | if (!bn_wexpand(tmp,(div_n+1))) goto err; |
d02b48c6 RE |
269 | |
270 | if (BN_ucmp(&wnum,sdiv) >= 0) | |
271 | { | |
9e989810 GT |
272 | /* If BN_DEBUG_RAND is defined BN_ucmp changes (via |
273 | * bn_pollute) the const bignum arguments => | |
274 | * clean the values between top and max again */ | |
275 | bn_clear_top2max(&wnum); | |
9e989810 | 276 | bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); |
d02b48c6 | 277 | *resp=1; |
d02b48c6 RE |
278 | } |
279 | else | |
280 | res->top--; | |
9e989810 GT |
281 | /* if res->top == 0 then clear the neg value otherwise decrease |
282 | * the resp pointer */ | |
80d89e6a BM |
283 | if (res->top == 0) |
284 | res->neg = 0; | |
bd31fb21 BM |
285 | else |
286 | resp--; | |
287 | ||
288 | for (i=0; i<loop-1; i++, wnump--, resp--) | |
289 | { | |
290 | BN_ULONG q,l0; | |
291 | /* the first part of the loop uses the top two words of | |
292 | * snum and sdiv to calculate a BN_ULONG q such that | |
293 | * | wnum - sdiv * q | < sdiv */ | |
294 | #if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM) | |
295 | BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG); | |
296 | q=bn_div_3_words(wnump,d1,d0); | |
297 | #else | |
298 | BN_ULONG n0,n1,rem=0; | |
299 | ||
300 | n0=wnump[0]; | |
301 | n1=wnump[-1]; | |
302 | if (n0 == d0) | |
303 | q=BN_MASK2; | |
304 | else /* n0 < d0 */ | |
305 | { | |
306 | #ifdef BN_LLONG | |
307 | BN_ULLONG t2; | |
308 | ||
309 | #if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words) | |
310 | q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0); | |
311 | #else | |
312 | q=bn_div_words(n0,n1,d0); | |
313 | #ifdef BN_DEBUG_LEVITTE | |
314 | fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ | |
315 | X) -> 0x%08X\n", | |
316 | n0, n1, d0, q); | |
317 | #endif | |
318 | #endif | |
319 | ||
320 | #ifndef REMAINDER_IS_ALREADY_CALCULATED | |
321 | /* | |
322 | * rem doesn't have to be BN_ULLONG. The least we | |
323 | * know it's less that d0, isn't it? | |
324 | */ | |
325 | rem=(n1-q*d0)&BN_MASK2; | |
326 | #endif | |
327 | t2=(BN_ULLONG)d1*q; | |
328 | ||
329 | for (;;) | |
330 | { | |
331 | if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2])) | |
332 | break; | |
333 | q--; | |
334 | rem += d0; | |
335 | if (rem < d0) break; /* don't let rem overflow */ | |
336 | t2 -= d1; | |
337 | } | |
338 | #else /* !BN_LLONG */ | |
56c7754c | 339 | BN_ULONG t2l,t2h; |
bd31fb21 BM |
340 | |
341 | q=bn_div_words(n0,n1,d0); | |
342 | #ifdef BN_DEBUG_LEVITTE | |
343 | fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ | |
344 | X) -> 0x%08X\n", | |
345 | n0, n1, d0, q); | |
346 | #endif | |
347 | #ifndef REMAINDER_IS_ALREADY_CALCULATED | |
348 | rem=(n1-q*d0)&BN_MASK2; | |
349 | #endif | |
350 | ||
351 | #if defined(BN_UMULT_LOHI) | |
352 | BN_UMULT_LOHI(t2l,t2h,d1,q); | |
353 | #elif defined(BN_UMULT_HIGH) | |
354 | t2l = d1 * q; | |
355 | t2h = BN_UMULT_HIGH(d1,q); | |
356 | #else | |
56c7754c DSH |
357 | { |
358 | BN_ULONG ql, qh; | |
bd31fb21 BM |
359 | t2l=LBITS(d1); t2h=HBITS(d1); |
360 | ql =LBITS(q); qh =HBITS(q); | |
361 | mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */ | |
56c7754c | 362 | } |
bd31fb21 BM |
363 | #endif |
364 | ||
365 | for (;;) | |
366 | { | |
367 | if ((t2h < rem) || | |
368 | ((t2h == rem) && (t2l <= wnump[-2]))) | |
369 | break; | |
370 | q--; | |
371 | rem += d0; | |
372 | if (rem < d0) break; /* don't let rem overflow */ | |
373 | if (t2l < d1) t2h--; t2l -= d1; | |
374 | } | |
375 | #endif /* !BN_LLONG */ | |
376 | } | |
377 | #endif /* !BN_DIV3W */ | |
378 | ||
379 | l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); | |
380 | tmp->d[div_n]=l0; | |
381 | wnum.d--; | |
382 | /* ingore top values of the bignums just sub the two | |
383 | * BN_ULONG arrays with bn_sub_words */ | |
384 | if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1)) | |
385 | { | |
386 | /* Note: As we have considered only the leading | |
387 | * two BN_ULONGs in the calculation of q, sdiv * q | |
388 | * might be greater than wnum (but then (q-1) * sdiv | |
389 | * is less or equal than wnum) | |
390 | */ | |
391 | q--; | |
392 | if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) | |
393 | /* we can't have an overflow here (assuming | |
394 | * that q != 0, but if q == 0 then tmp is | |
395 | * zero anyway) */ | |
396 | (*wnump)++; | |
397 | } | |
398 | /* store part of the result */ | |
399 | *resp = q; | |
400 | } | |
401 | bn_correct_top(snum); | |
402 | if (rm != NULL) | |
403 | { | |
404 | /* Keep a copy of the neg flag in num because if rm==num | |
405 | * BN_rshift() will overwrite it. | |
406 | */ | |
407 | int neg = num->neg; | |
408 | BN_rshift(rm,snum,norm_shift); | |
409 | if (!BN_is_zero(rm)) | |
410 | rm->neg = neg; | |
411 | bn_check_top(rm); | |
412 | } | |
413 | BN_CTX_end(ctx); | |
414 | return(1); | |
415 | err: | |
416 | bn_check_top(rm); | |
417 | BN_CTX_end(ctx); | |
418 | return(0); | |
419 | } | |
420 | ||
421 | ||
422 | /* BN_div_no_branch is a special version of BN_div. It does not contain | |
423 | * branches that may leak sensitive information. | |
424 | */ | |
55525742 | 425 | static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, |
bd31fb21 BM |
426 | const BIGNUM *divisor, BN_CTX *ctx) |
427 | { | |
428 | int norm_shift,i,loop; | |
429 | BIGNUM *tmp,wnum,*snum,*sdiv,*res; | |
430 | BN_ULONG *resp,*wnump; | |
431 | BN_ULONG d0,d1; | |
6343829a | 432 | int num_n,div_n; |
bd31fb21 BM |
433 | |
434 | bn_check_top(dv); | |
435 | bn_check_top(rm); | |
f8d6be3f | 436 | /* bn_check_top(num); */ /* 'num' has been checked in BN_div() */ |
bd31fb21 BM |
437 | bn_check_top(divisor); |
438 | ||
439 | if (BN_is_zero(divisor)) | |
440 | { | |
24a8c25a | 441 | BNerr(BN_F_BN_DIV_NO_BRANCH,BN_R_DIV_BY_ZERO); |
bd31fb21 BM |
442 | return(0); |
443 | } | |
444 | ||
445 | BN_CTX_start(ctx); | |
446 | tmp=BN_CTX_get(ctx); | |
447 | snum=BN_CTX_get(ctx); | |
448 | sdiv=BN_CTX_get(ctx); | |
449 | if (dv == NULL) | |
450 | res=BN_CTX_get(ctx); | |
451 | else res=dv; | |
452 | if (sdiv == NULL || res == NULL) goto err; | |
453 | ||
454 | /* First we normalise the numbers */ | |
455 | norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); | |
456 | if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err; | |
457 | sdiv->neg=0; | |
458 | norm_shift+=BN_BITS2; | |
459 | if (!(BN_lshift(snum,num,norm_shift))) goto err; | |
460 | snum->neg=0; | |
461 | ||
462 | /* Since we don't know whether snum is larger than sdiv, | |
463 | * we pad snum with enough zeroes without changing its | |
464 | * value. | |
465 | */ | |
466 | if (snum->top <= sdiv->top+1) | |
467 | { | |
468 | if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err; | |
469 | for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0; | |
470 | snum->top = sdiv->top + 2; | |
471 | } | |
472 | else | |
473 | { | |
474 | if (bn_wexpand(snum, snum->top + 1) == NULL) goto err; | |
475 | snum->d[snum->top] = 0; | |
476 | snum->top ++; | |
477 | } | |
478 | ||
479 | div_n=sdiv->top; | |
480 | num_n=snum->top; | |
481 | loop=num_n-div_n; | |
482 | /* Lets setup a 'window' into snum | |
483 | * This is the part that corresponds to the current | |
484 | * 'area' being divided */ | |
485 | wnum.neg = 0; | |
486 | wnum.d = &(snum->d[loop]); | |
487 | wnum.top = div_n; | |
488 | /* only needed when BN_ucmp messes up the values between top and max */ | |
489 | wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ | |
490 | ||
491 | /* Get the top 2 words of sdiv */ | |
492 | /* div_n=sdiv->top; */ | |
493 | d0=sdiv->d[div_n-1]; | |
494 | d1=(div_n == 1)?0:sdiv->d[div_n-2]; | |
495 | ||
496 | /* pointer to the 'top' of snum */ | |
497 | wnump= &(snum->d[num_n-1]); | |
498 | ||
499 | /* Setup to 'res' */ | |
500 | res->neg= (num->neg^divisor->neg); | |
6343829a | 501 | if (!bn_wexpand(res,(loop+1))) goto err; |
bd31fb21 BM |
502 | res->top=loop-1; |
503 | resp= &(res->d[loop-1]); | |
504 | ||
505 | /* space for temp */ | |
6343829a | 506 | if (!bn_wexpand(tmp,(div_n+1))) goto err; |
bd31fb21 BM |
507 | |
508 | /* if res->top == 0 then clear the neg value otherwise decrease | |
509 | * the resp pointer */ | |
510 | if (res->top == 0) | |
511 | res->neg = 0; | |
9e989810 GT |
512 | else |
513 | resp--; | |
d02b48c6 | 514 | |
9e989810 | 515 | for (i=0; i<loop-1; i++, wnump--, resp--) |
d02b48c6 | 516 | { |
0dd25e36 | 517 | BN_ULONG q,l0; |
9e989810 GT |
518 | /* the first part of the loop uses the top two words of |
519 | * snum and sdiv to calculate a BN_ULONG q such that | |
520 | * | wnum - sdiv * q | < sdiv */ | |
cf1b7d96 | 521 | #if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM) |
500230ee | 522 | BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG); |
0bbd0352 | 523 | q=bn_div_3_words(wnump,d1,d0); |
0dd25e36 | 524 | #else |
4c22909e | 525 | BN_ULONG n0,n1,rem=0; |
d02b48c6 | 526 | |
d02b48c6 RE |
527 | n0=wnump[0]; |
528 | n1=wnump[-1]; | |
529 | if (n0 == d0) | |
530 | q=BN_MASK2; | |
4a6222d7 UM |
531 | else /* n0 < d0 */ |
532 | { | |
533 | #ifdef BN_LLONG | |
534 | BN_ULLONG t2; | |
535 | ||
4c22909e | 536 | #if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words) |
8e1589ec | 537 | q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0); |
0dd25e36 | 538 | #else |
dfeab068 | 539 | q=bn_div_words(n0,n1,d0); |
3c801fa4 RL |
540 | #ifdef BN_DEBUG_LEVITTE |
541 | fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ | |
542 | X) -> 0x%08X\n", | |
543 | n0, n1, d0, q); | |
544 | #endif | |
0dd25e36 | 545 | #endif |
0dd25e36 | 546 | |
fe7cd164 | 547 | #ifndef REMAINDER_IS_ALREADY_CALCULATED |
4a6222d7 UM |
548 | /* |
549 | * rem doesn't have to be BN_ULLONG. The least we | |
550 | * know it's less that d0, isn't it? | |
551 | */ | |
552 | rem=(n1-q*d0)&BN_MASK2; | |
4c22909e | 553 | #endif |
4a6222d7 UM |
554 | t2=(BN_ULLONG)d1*q; |
555 | ||
556 | for (;;) | |
557 | { | |
558 | if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2])) | |
559 | break; | |
560 | q--; | |
561 | rem += d0; | |
562 | if (rem < d0) break; /* don't let rem overflow */ | |
563 | t2 -= d1; | |
564 | } | |
565 | #else /* !BN_LLONG */ | |
56c7754c | 566 | BN_ULONG t2l,t2h; |
0dd25e36 | 567 | |
4a6222d7 | 568 | q=bn_div_words(n0,n1,d0); |
3c801fa4 RL |
569 | #ifdef BN_DEBUG_LEVITTE |
570 | fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ | |
571 | X) -> 0x%08X\n", | |
572 | n0, n1, d0, q); | |
573 | #endif | |
fe7cd164 | 574 | #ifndef REMAINDER_IS_ALREADY_CALCULATED |
4a6222d7 | 575 | rem=(n1-q*d0)&BN_MASK2; |
4c22909e | 576 | #endif |
4a6222d7 | 577 | |
2f98abbc AP |
578 | #if defined(BN_UMULT_LOHI) |
579 | BN_UMULT_LOHI(t2l,t2h,d1,q); | |
580 | #elif defined(BN_UMULT_HIGH) | |
4a6222d7 UM |
581 | t2l = d1 * q; |
582 | t2h = BN_UMULT_HIGH(d1,q); | |
fb81ac5e | 583 | #else |
56c7754c DSH |
584 | { |
585 | BN_ULONG ql, qh; | |
4a6222d7 UM |
586 | t2l=LBITS(d1); t2h=HBITS(d1); |
587 | ql =LBITS(q); qh =HBITS(q); | |
588 | mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */ | |
56c7754c | 589 | } |
fb81ac5e | 590 | #endif |
0dd25e36 | 591 | |
4a6222d7 UM |
592 | for (;;) |
593 | { | |
594 | if ((t2h < rem) || | |
595 | ((t2h == rem) && (t2l <= wnump[-2]))) | |
596 | break; | |
597 | q--; | |
598 | rem += d0; | |
599 | if (rem < d0) break; /* don't let rem overflow */ | |
600 | if (t2l < d1) t2h--; t2l -= d1; | |
601 | } | |
602 | #endif /* !BN_LLONG */ | |
d02b48c6 | 603 | } |
4c22909e | 604 | #endif /* !BN_DIV3W */ |
4a6222d7 | 605 | |
58964a49 | 606 | l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); |
d02b48c6 | 607 | tmp->d[div_n]=l0; |
9e989810 GT |
608 | wnum.d--; |
609 | /* ingore top values of the bignums just sub the two | |
610 | * BN_ULONG arrays with bn_sub_words */ | |
611 | if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1)) | |
d02b48c6 | 612 | { |
9e989810 GT |
613 | /* Note: As we have considered only the leading |
614 | * two BN_ULONGs in the calculation of q, sdiv * q | |
615 | * might be greater than wnum (but then (q-1) * sdiv | |
616 | * is less or equal than wnum) | |
617 | */ | |
d02b48c6 | 618 | q--; |
9e989810 GT |
619 | if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) |
620 | /* we can't have an overflow here (assuming | |
621 | * that q != 0, but if q == 0 then tmp is | |
622 | * zero anyway) */ | |
623 | (*wnump)++; | |
d02b48c6 | 624 | } |
9e989810 GT |
625 | /* store part of the result */ |
626 | *resp = q; | |
d02b48c6 | 627 | } |
a8aa764d | 628 | bn_correct_top(snum); |
d02b48c6 RE |
629 | if (rm != NULL) |
630 | { | |
3d2e469c DSH |
631 | /* Keep a copy of the neg flag in num because if rm==num |
632 | * BN_rshift() will overwrite it. | |
633 | */ | |
634 | int neg = num->neg; | |
d02b48c6 | 635 | BN_rshift(rm,snum,norm_shift); |
78a0c1f1 | 636 | if (!BN_is_zero(rm)) |
3d2e469c | 637 | rm->neg = neg; |
d870740c | 638 | bn_check_top(rm); |
d02b48c6 | 639 | } |
d1e7d1d9 | 640 | bn_correct_top(res); |
9b141126 | 641 | BN_CTX_end(ctx); |
d02b48c6 RE |
642 | return(1); |
643 | err: | |
8215e7a9 | 644 | bn_check_top(rm); |
4a6222d7 | 645 | BN_CTX_end(ctx); |
d02b48c6 RE |
646 | return(0); |
647 | } | |
648 | ||
649 | #endif |