aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xconfigure.py21
-rw-r--r--doc/building.txt22
-rw-r--r--doc/faq.txt7
-rw-r--r--doc/log.txt17
-rw-r--r--doc/users.txt3
-rw-r--r--readme.txt8
-rw-r--r--src/build-data/arch/x86_64.txt7
-rw-r--r--src/build-data/cc/clang.txt3
-rw-r--r--src/build-data/cc/gcc.txt18
-rw-r--r--src/build-data/os/mingw.txt1
-rw-r--r--src/build-data/os/nacl.txt4
-rw-r--r--src/constructs/srp6/info.txt7
-rw-r--r--src/constructs/srp6/srp6.cpp177
-rw-r--r--src/constructs/srp6/srp6.h94
-rw-r--r--src/engine/core_engine/core_modes.cpp14
-rw-r--r--src/entropy/hres_timer/hres_timer.cpp37
-rw-r--r--src/entropy/hres_timer/hres_timer.h3
-rw-r--r--src/filters/buf_filt.cpp2
-rw-r--r--src/libstate/policy.cpp25
-rw-r--r--src/math/mp/mp_comba.cpp1276
-rw-r--r--src/math/mp/mp_core.h3
-rw-r--r--src/ssl/hello.cpp8
-rw-r--r--src/ssl/tls_magic.h2
-rw-r--r--src/ssl/tls_messages.h3
-rw-r--r--src/utils/cpuid.cpp34
-rw-r--r--src/utils/dyn_load/dyn_load.cpp5
26 files changed, 1115 insertions, 686 deletions
diff --git a/configure.py b/configure.py
index bb0dbc192..4d0905340 100755
--- a/configure.py
+++ b/configure.py
@@ -1654,15 +1654,6 @@ def main(argv = None):
(modules, archinfo, ccinfo, osinfo) = load_info_files(options)
- if options.os is None:
- options.os = platform.system().lower()
-
- if re.match('^cygwin_.*', options.os):
- logging.debug("Converting '%s' to 'cygwin'", options.os)
- options.os = 'cygwin'
-
- logging.info('Guessing target OS is %s (use --os to set)' % (options.os))
-
if options.compiler is None:
if options.os == 'windows':
if have_program('g++') and not have_program('cl'):
@@ -1674,6 +1665,18 @@ def main(argv = None):
logging.info('Guessing to use compiler %s (use --cc to set)' % (
options.compiler))
+ if options.os is None:
+ options.os = platform.system().lower()
+
+ if re.match('^cygwin_.*', options.os):
+ logging.debug("Converting '%s' to 'cygwin'", options.os)
+ options.os = 'cygwin'
+
+ if options.os == 'windows' and options.compiler == 'gcc':
+ logging.warning('Detected GCC on Windows; use --os=cygwin or --os=mingw?')
+
+ logging.info('Guessing target OS is %s (use --os to set)' % (options.os))
+
if options.compiler not in ccinfo:
raise Exception('Unknown compiler "%s"; available options: %s' % (
options.compiler, ' '.join(sorted(ccinfo.keys()))))
diff --git a/doc/building.txt b/doc/building.txt
index 044e46c3d..e16531de4 100644
--- a/doc/building.txt
+++ b/doc/building.txt
@@ -60,10 +60,11 @@ we might see lines like::
INFO: Skipping, incompatible OS - beos_stats cryptoapi_rng win32_crit_section win32_stats
INFO: Skipping, incompatible compiler - mp_msvc64 mp_x86_32_msvc
-The ones that are 'loaded on request only' have to be explicitly asked
-for, because they rely on third party libraries which your system
-might not have. For instance to enable zlib support, add
-``--with-zlib`` to your invocation of ``configure.py``.
+The ones that are skipped because they are 'by request only' have to
+be explicitly asked for, because they rely on third party libraries
+which your system might not have or that you might not want the
+resulting binary to depend on. For instance to enable zlib support,
+add ``--with-zlib`` to your invocation of ``configure.py``.
You can control which algorithms and modules are built using the
options ``--enable-modules=MODS`` and ``--disable-modules=MODS``, for
@@ -191,6 +192,18 @@ your documentation and/or local expert for details).
Other Build-Related Tasks
----------------------------------------
+.. _building_docs:
+
+Building The Documentation
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+There are two documentation options available, Sphinx and Doxygen.
+Sphinx will be used if ``sphinx-build`` is detected in the PATH, or if
+``--with-sphinx`` is used at configure time. Doxygen is only enabled
+if ``--with-doxygen`` is used. Both are generated by the makefile
+target ``docs``.
+
+
.. _amalgamation:
The Amalgamation Build
@@ -250,7 +263,6 @@ It may be useful to run multiple builds with different
configurations. Specify ``--build-dir=<dir>`` to set up a build
environment in a different directory.
-
.. _configure_with_python3:
Configuring the Build With Python 3.1
diff --git a/doc/faq.txt b/doc/faq.txt
index 4ff5457bb..9658621fe 100644
--- a/doc/faq.txt
+++ b/doc/faq.txt
@@ -159,7 +159,7 @@ You can do any combination of:
* Contact the current lead maintainer personally; currently
`Jack Lloyd <http://www.randombit.net>`_
- (`personal PGP key` <http://www.randombit.net/pgpgkey.html`_)
+ (`personal PGP key <http://www.randombit.net/pgpgkey.html>`_)
* Email the `development list
<http://lists.randombit.net/mailman/listinfo/botan-devel>`_
@@ -185,9 +185,8 @@ Will it work on my platform XYZ??
----------------------------------------
The most common stumbling block is a compiler that is buggy or can't
-handle modern C++ (specifically, C++98). Check out the `build list
-<http://botan.randombit.net/builds.html>`_ for a sense of which
-platforms are actively being tested.
+handle modern C++ (specifically, C++98). Check out the :doc:`build log
+<build_log>` for a sense of which platforms are actively being tested.
I'm not feeling this, what can I use instead?
------------------------------------------------------------
diff --git a/doc/log.txt b/doc/log.txt
index 696fa4ac9..94c760a8a 100644
--- a/doc/log.txt
+++ b/doc/log.txt
@@ -10,14 +10,31 @@ Series 1.10
Version 1.10.2, Not Yet Released
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+* An implementation of SRP-6a compatible with the specification in
+ RFC 5054 is now available in srp6.h
+
* The exception catching syntax of configure.py has been changed to
the Python 3.x syntax. This syntax also works with Python 2.6 and
2.7, but not with any earlier Python 2 release. A simple search and
replace will allow running it under Python 2.5::
perl -pi -e 's/except (.*) as (.*):/except $1, $2:/g' configure.py
+* If clock_gettime is available on the system, poll all available
+ clock types in the hres_timer poll.
+
* Add AltiVec detection for IBM POWER7 processors.
+* Add AltiVec detection for OpenBSD, contributed by Brad Smith (PR 162)
+
+* Add Google's Native Client as an compile target
+
+* If targetting GCC on a Windows system, configure.py will warn that
+ likely you wanted to configure for either MinGW or Cygwin, not the
+ generic Windows target which is oriented to Win32 plus the Visual
+ C++ runtime.
+
+* Fixed a compilation problem of the dynamic loader hooks under MinGW GCC
+
* Don't set a soname on OpenBSD, as it doesn't support it (PR 158)
* Fix a configure.py incompatability with the subprocess module
diff --git a/doc/users.txt b/doc/users.txt
index 4c743b137..a48d9e60b 100644
--- a/doc/users.txt
+++ b/doc/users.txt
@@ -28,6 +28,9 @@ Open Source Software
crypto provider
<http://websvn.kde.org/trunk/kdesupport/qca/src/botantools/botan/>`_.
+* `TCHead <http://16s.us/TCHead/>`_ is a utility for analyzing
+ TrueCrypt volume headers.
+
* `Octopod <http://code.google.com/p/octopod/>`_ is a
file sharing system.
diff --git a/readme.txt b/readme.txt
index eea551afe..f7bc55f61 100644
--- a/readme.txt
+++ b/readme.txt
@@ -1,4 +1,4 @@
-Botan 1.10.1, 2011-07-11
+Botan 1.10.2, ????-??-??
http://botan.randombit.net/
Botan is a C++ class library for performing a wide variety of
@@ -8,8 +8,8 @@ Bugzilla (http://bugs.randombit.net/) or by sending a report to the
botan-devel mailing list. More information about the mailing list is
at http://lists.randombit.net/mailman/listinfo/botan-devel/
-You can find documentation online at http://botan.randombit.net/docs
-and http://botan.randombit.net/doxygen. A set of example programs can
-be found in the directory doc/examples.
+You can find documentation online at http://botan.randombit.net/ as
+well as in the doc directory in the distribution. Several examples can
+be found in doc/examples as well.
Jack Lloyd ([email protected])
diff --git a/src/build-data/arch/x86_64.txt b/src/build-data/arch/x86_64.txt
index 97b84fbde..922daa104 100644
--- a/src/build-data/arch/x86_64.txt
+++ b/src/build-data/arch/x86_64.txt
@@ -13,11 +13,12 @@ x64
<submodels>
k8
k10
+atom
nocona
core2
nehalem
westmere
-atom
+sandybridge
</submodels>
<submodel_aliases>
@@ -37,6 +38,6 @@ corei7cpu860 -> nehalem
<isa_extn>
sse2:all
-ssse3:core2,nehalem,westmere,atom
-aes-ni:westmere
+ssse3:core2,nehalem,westmere,atom,sandybridge
+aes-ni:westmere,sandybridge
</isa_extn>
diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt
index c8867ba93..8860a30ba 100644
--- a/src/build-data/cc/clang.txt
+++ b/src/build-data/cc/clang.txt
@@ -31,7 +31,8 @@ default -> "$(CXX) -shared -fPIC -Wl,-soname,$(SONAME)"
<mach_opt>
x86_64 -> "-march=SUBMODEL"
-nehalem -> "-march=core2 -mssse3 -msse4.1"
+nehalem -> "-march=corei7"
+westmere -> "-march=corei7 -maes"
</mach_opt>
<mach_abi_linking>
diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt
index dbf892dcf..be1830bb8 100644
--- a/src/build-data/cc/gcc.txt
+++ b/src/build-data/cc/gcc.txt
@@ -45,25 +45,27 @@ i386 -> "-mtune=generic -momit-leaf-frame-pointer"
i486 -> "-mtune=generic -momit-leaf-frame-pointer"
i586 -> "-mtune=generic -momit-leaf-frame-pointer"
+# Translate to GCC-speak
+nehalem -> "-march=corei7 -momit-leaf-frame-pointer"
+westmere -> "-march=corei7 -maes -momit-leaf-frame-pointer"
+sandybridge -> "-march=corei7-avx -momit-leaf-frame-pointer"
+atom32 -> "-march=atom -momit-leaf-frame-pointer"
+
ppc601 -> "-mpowerpc -mcpu=601"
cellppu -> "-mcpu=cell"
e500v2 -> "-mcpu=8548"
-atom32 -> "-march=atom -momit-leaf-frame-pointer"
+# No scheduler in GCC for anything after EV67
alpha-ev68 -> "-mcpu=ev67"
alpha-ev7 -> "-mcpu=ev67"
# The patch from Debian bug 594159 has this, don't know why though...
sh4 -> "-m4 -mieee"
+# Default family options (SUBMODEL is substitued with the actual
+# submodel name). Anything after the quotes is what should be
+# *removed* from the submodel name before it's put into SUBMODEL.
-# Until GCC gets -march support for these models
-nehalem -> "-march=core2 -msse4.1 -msse4.2 -momit-leaf-frame-pointer"
-westmere -> "-march=core2 -maes -msse4.1 -msse4.2 -momit-leaf-frame-pointer"
-
-# Default family options (SUBMODEL is substitued with the real submodel)
-# Anything after the quotes is what should be *removed* from the submodel name
-# before it's put into SUBMODEL.
alpha -> "-mcpu=SUBMODEL" alpha-
arm -> "-march=SUBMODEL"
superh -> "-mSUBMODEL" sh
diff --git a/src/build-data/os/mingw.txt b/src/build-data/os/mingw.txt
index 5daabac90..1268298cb 100644
--- a/src/build-data/os/mingw.txt
+++ b/src/build-data/os/mingw.txt
@@ -20,6 +20,7 @@ mingw32
</aliases>
<target_features>
+loadlibrary
win32_virtual_lock
win32_get_systemtime
</target_features>
diff --git a/src/build-data/os/nacl.txt b/src/build-data/os/nacl.txt
new file mode 100644
index 000000000..3df798ed8
--- /dev/null
+++ b/src/build-data/os/nacl.txt
@@ -0,0 +1,4 @@
+
+<target_features>
+gettimeofday
+</target_features>
diff --git a/src/constructs/srp6/info.txt b/src/constructs/srp6/info.txt
new file mode 100644
index 000000000..7962bd383
--- /dev/null
+++ b/src/constructs/srp6/info.txt
@@ -0,0 +1,7 @@
+define SRP6
+
+<requires>
+bigint
+hash
+dl_group
+</requires>
diff --git a/src/constructs/srp6/srp6.cpp b/src/constructs/srp6/srp6.cpp
new file mode 100644
index 000000000..995244688
--- /dev/null
+++ b/src/constructs/srp6/srp6.cpp
@@ -0,0 +1,177 @@
+/*
+* SRP-6a
+* (C) 2011 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#include <botan/srp6.h>
+#include <botan/dl_group.h>
+#include <botan/libstate.h>
+#include <botan/numthry.h>
+#include <memory>
+
+namespace Botan {
+
+namespace {
+
+BigInt hash_seq(const std::string& hash_id,
+ size_t pad_to,
+ const BigInt& in1,
+ const BigInt& in2)
+ {
+ std::auto_ptr<HashFunction> hash_fn(
+ global_state().algorithm_factory().make_hash_function(hash_id));
+
+ hash_fn->update(BigInt::encode_1363(in1, pad_to));
+ hash_fn->update(BigInt::encode_1363(in2, pad_to));
+
+ return BigInt::decode(hash_fn->final());
+ }
+
+BigInt hash_seq(const std::string& hash_id,
+ size_t pad_to,
+ const BigInt& in1,
+ const BigInt& in2,
+ const BigInt& in3)
+ {
+ std::auto_ptr<HashFunction> hash_fn(
+ global_state().algorithm_factory().make_hash_function(hash_id));
+
+ hash_fn->update(BigInt::encode_1363(in1, pad_to));
+ hash_fn->update(BigInt::encode_1363(in2, pad_to));
+ hash_fn->update(BigInt::encode_1363(in3, pad_to));
+
+ return BigInt::decode(hash_fn->final());
+ }
+
+BigInt compute_x(const std::string& hash_id,
+ const std::string& identifier,
+ const std::string& password,
+ const MemoryRegion<byte>& salt)
+ {
+ std::auto_ptr<HashFunction> hash_fn(
+ global_state().algorithm_factory().make_hash_function(hash_id));
+
+ hash_fn->update(identifier);
+ hash_fn->update(":");
+ hash_fn->update(password);
+
+ SecureVector<byte> inner_h = hash_fn->final();
+
+ hash_fn->update(salt);
+ hash_fn->update(inner_h);
+
+ SecureVector<byte> outer_h = hash_fn->final();
+
+ return BigInt::decode(outer_h);
+ }
+
+}
+
+std::pair<BigInt, BigInt>
+SRP6_Client_Session:: step1(const std::string& identifier,
+ const std::string& password,
+ const std::string& group_id,
+ const std::string& hash_id,
+ const MemoryRegion<byte>& salt,
+ const BigInt& B,
+ RandomNumberGenerator& rng)
+ {
+ DL_Group group(group_id);
+ const BigInt& g = group.get_g();
+ const BigInt& p = group.get_p();
+
+ p_bytes = group.get_p().bytes();
+
+ if(B % p == 0)
+ throw std::runtime_error("Invalid SRP parameter from server");
+
+ BigInt k = hash_seq(hash_id, p_bytes, p, g);
+
+ BigInt a(rng, p.bits() - 1);
+
+ A = power_mod(g, a, p);
+
+ BigInt u = hash_seq(hash_id, p_bytes, A, B);
+
+ const BigInt x = compute_x(hash_id, identifier, password, salt);
+
+ S = power_mod((B - (k * power_mod(g, x, p))) % p, (a + (u * x)), p);
+
+ this->hash_id = hash_id;
+
+ M1 = hash_seq(hash_id, p_bytes, A, B, S);
+
+ return std::make_pair<BigInt, BigInt>(A, M1);
+ }
+
+SymmetricKey SRP6_Client_Session::step2(const BigInt& M2)
+ {
+ BigInt M2x = hash_seq(hash_id, p_bytes, A, M1, S);
+
+ if(M2 != M2x)
+ throw std::runtime_error("Bad verification value from server");
+
+ return SymmetricKey(BigInt::encode_1363(S, p_bytes));
+ }
+
+BigInt SRP6_Client_Session::generate_verifier(const std::string& identifier,
+ const std::string& password,
+ const MemoryRegion<byte>& salt,
+ const std::string& group_id,
+ const std::string& hash_id)
+ {
+ const BigInt x = compute_x(hash_id, identifier, password, salt);
+
+ DL_Group group(group_id);
+ return power_mod(group.get_g(), x, group.get_p());
+ }
+
+BigInt SRP6_Server_Session::step1(const BigInt& v,
+ const std::string& group_id,
+ const std::string& hash_id,
+ RandomNumberGenerator& rng)
+ {
+ DL_Group group(group_id);
+ const BigInt& g = group.get_g();
+ const BigInt& p = group.get_p();
+
+ p_bytes = p.bytes();
+
+ BigInt k = hash_seq(hash_id, p_bytes, p, g);
+
+ BigInt b(rng, p.bits() - 1);
+
+ B = (v*k + power_mod(g, b, p)) % p;
+
+ this->v = v;
+ this->b = b;
+ this->p = p;
+ this->hash_id = hash_id;
+
+ return B;
+ }
+
+std::pair<SymmetricKey, BigInt> SRP6_Server_Session::step2(const BigInt& A, const BigInt& M1)
+ {
+ if(A % p == 0)
+ throw std::runtime_error("Invalid SRP parameter from client");
+
+ BigInt u = hash_seq(hash_id, p_bytes, A, B);
+
+ BigInt S = power_mod(A * power_mod(v, u, p), b, p);
+
+ BigInt M1x = hash_seq(hash_id, p_bytes, A, B, S);
+
+ if(M1 != M1x)
+ throw std::runtime_error("Bad verification value from client");
+
+ BigInt M2 = hash_seq(hash_id, p_bytes, A, M1, S);
+
+ SymmetricKey Sk = BigInt::encode_1363(S, p_bytes);
+
+ return std::make_pair<SymmetricKey, BigInt>(Sk, M2);
+ }
+
+}
diff --git a/src/constructs/srp6/srp6.h b/src/constructs/srp6/srp6.h
new file mode 100644
index 000000000..fbb4a686d
--- /dev/null
+++ b/src/constructs/srp6/srp6.h
@@ -0,0 +1,94 @@
+/*
+* SRP-6a (RFC 5054 compatatible)
+* (C) 2011 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#ifndef BOTAN_RFC5054_SRP6_H__
+#define BOTAN_RFC5054_SRP6_H__
+
+#include <botan/bigint.h>
+#include <botan/hash.h>
+#include <botan/rng.h>
+#include <botan/symkey.h>
+#include <string>
+
+namespace Botan {
+
+/**
+
+*/
+class BOTAN_DLL SRP6_Client_Session
+ {
+ public:
+
+ /**
+ * Client side step 1
+ * @param username the username we are attempting login for
+ * @param password the password we are attempting to use
+ * @param group_id specifies the shared SRP group
+ * @param hash_id specifies a secure hash function
+ * @param salt is the salt value sent by the server
+ * @param B is the server's public value
+ * @param rng is a random number generator
+ *
+ * @return (A,M1) the client public key and verification values,
+ which are sent to the server
+ */
+ std::pair<BigInt, BigInt> step1(const std::string& username,
+ const std::string& password,
+ const std::string& group_id,
+ const std::string& hash_id,
+ const MemoryRegion<byte>& salt,
+ const BigInt& B,
+ RandomNumberGenerator& rng);
+
+ /**
+ * Client side step 2
+ * @param M2 the server verification value
+ * @return shared secret key
+ */
+ SymmetricKey step2(const BigInt& M2);
+
+ /**
+ * Generate a new SRP-6 verifier
+ * @param identifier a username or other client identifier
+ * @param password the secret used to authenticate user
+ * @param salt a randomly chosen value, at least 128 bits long
+ */
+ static BigInt generate_verifier(const std::string& identifier,
+ const std::string& password,
+ const MemoryRegion<byte>& salt,
+ const std::string& group_id,
+ const std::string& hash_id);
+
+ private:
+ std::string hash_id;
+ BigInt A, M1, S;
+ size_t p_bytes;
+ };
+
+class BOTAN_DLL SRP6_Server_Session
+ {
+ public:
+ /**
+ * Server side step 1
+ * @param v the verification value saved from client registration
+ */
+ BigInt step1(const BigInt& v,
+ const std::string& group_id,
+ const std::string& hash_id,
+ RandomNumberGenerator& rng);
+
+ std::pair<SymmetricKey, BigInt> step2(const BigInt& A, const BigInt& M1);
+
+ private:
+ std::string hash_id;
+ BigInt B, b, v, S, p;
+ size_t p_bytes;
+ };
+
+}
+
+#endif
diff --git a/src/engine/core_engine/core_modes.cpp b/src/engine/core_engine/core_modes.cpp
index 035cd41c7..8a929e880 100644
--- a/src/engine/core_engine/core_modes.cpp
+++ b/src/engine/core_engine/core_modes.cpp
@@ -1,6 +1,6 @@
/*
* Core Engine
-* (C) 1999-2007 Jack Lloyd
+* (C) 1999-2007,2011 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -179,8 +179,8 @@ Keyed_Filter* get_cipher_mode(const BlockCipher* block_cipher,
* Get a cipher object
*/
Keyed_Filter* Core_Engine::get_cipher(const std::string& algo_spec,
- Cipher_Dir direction,
- Algorithm_Factory& af)
+ Cipher_Dir direction,
+ Algorithm_Factory& af)
{
std::vector<std::string> algo_parts = split_on(algo_spec, '/');
if(algo_parts.empty())
@@ -197,8 +197,12 @@ Keyed_Filter* Core_Engine::get_cipher(const std::string& algo_spec,
if(!block_cipher)
return 0;
- if(algo_parts.size() != 2 && algo_parts.size() != 3)
- return 0;
+ if(algo_parts.size() >= 4)
+ return 0; // 4 part mode, not something we know about
+
+ if(algo_parts.size() < 2)
+ throw Lookup_Error("Cipher specification '" + algo_spec +
+ "' is missing mode identifier");
std::string mode = algo_parts[1];
diff --git a/src/entropy/hres_timer/hres_timer.cpp b/src/entropy/hres_timer/hres_timer.cpp
index a10cdaf46..c6b31d996 100644
--- a/src/entropy/hres_timer/hres_timer.cpp
+++ b/src/entropy/hres_timer/hres_timer.cpp
@@ -1,6 +1,6 @@
/*
* High Resolution Timestamp Entropy Source
-* (C) 1999-2009 Jack Lloyd
+* (C) 1999-2009,2011 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -20,9 +20,44 @@ namespace Botan {
void High_Resolution_Timestamp::poll(Entropy_Accumulator& accum)
{
#if defined(BOTAN_TARGET_OS_HAS_QUERY_PERF_COUNTER)
+ {
LARGE_INTEGER tv;
::QueryPerformanceCounter(&tv);
accum.add(tv.QuadPart, 0);
+ }
+#endif
+
+#if defined(BOTAN_TARGET_OS_HAS_CLOCK_GETTIME)
+
+#define CLOCK_POLL(src) \
+ do { \
+ struct timespec ts; \
+ clock_gettime(src, &ts); \
+ accum.add(&ts, sizeof(ts), 0); \
+ } while(0)
+
+#if defined(CLOCK_REALTIME)
+ CLOCK_POLL(CLOCK_REALTIME);
+#endif
+
+#if defined(CLOCK_MONOTONIC)
+ CLOCK_POLL(CLOCK_MONOTONIC);
+#endif
+
+#if defined(CLOCK_MONOTONIC_RAW)
+ CLOCK_POLL(CLOCK_MONOTONIC_RAW);
+#endif
+
+#if defined(CLOCK_PROCESS_CPUTIME_ID)
+ CLOCK_POLL(CLOCK_PROCESS_CPUTIME_ID);
+#endif
+
+#if defined(CLOCK_THREAD_CPUTIME_ID)
+ CLOCK_POLL(CLOCK_THREAD_CPUTIME_ID);
+#endif
+
+#undef CLOCK_POLL
+
#endif
#if BOTAN_USE_GCC_INLINE_ASM
diff --git a/src/entropy/hres_timer/hres_timer.h b/src/entropy/hres_timer/hres_timer.h
index c693b8d4e..8b95c8308 100644
--- a/src/entropy/hres_timer/hres_timer.h
+++ b/src/entropy/hres_timer/hres_timer.h
@@ -14,6 +14,9 @@ namespace Botan {
/**
* Entropy source using high resolution timers
+*
+* @note Any results from timers are marked as not contributing entropy
+* to the poll, as a local attacker could observe them directly.
*/
class High_Resolution_Timestamp : public EntropySource
{
diff --git a/src/filters/buf_filt.cpp b/src/filters/buf_filt.cpp
index b332d74b8..ca3fa9a3c 100644
--- a/src/filters/buf_filt.cpp
+++ b/src/filters/buf_filt.cpp
@@ -82,7 +82,7 @@ void Buffered_Filter::write(const byte input[], size_t input_size)
void Buffered_Filter::end_msg()
{
if(buffer_pos < final_minimum)
- throw std::runtime_error("Buffered_Operation::final - not enough input");
+ throw std::runtime_error("Buffered filter end_msg without enough input");
size_t spare_blocks = (buffer_pos - final_minimum) / main_block_mod;
diff --git a/src/libstate/policy.cpp b/src/libstate/policy.cpp
index 05ca6f807..f91eed1d8 100644
--- a/src/libstate/policy.cpp
+++ b/src/libstate/policy.cpp
@@ -302,6 +302,16 @@ void set_default_dl_groups(Library_State& config)
"Nf2tRM/S10+SCL4lj/MklDMo9nMpwP//////////"
"-----END X942 DH PARAMETERS-----");
+ config.set("dl", "modp/srp/1024",
+ "-----BEGIN X942 DH PARAMETERS-----"
+ "MIIBCgKBgQDurwq5rbON1pwz+Ar6j8XoYHJhh3X/PAueojFMnCVldtZ033SW6oHT"
+ "ODtIE9aSxuDg1djiULmL5I5JXB1gidrRXcfXtGFU1rbOjvStabFdSYJVmyl7zxiF"
+ "xSn1ZmYOV+xo7bw8BXJswC/Uy/SXbqqa/VE4/oN2Q1ufxh0vwOsG4wIBAgKBgHdX"
+ "hVzW2cbrThn8BX1H4vQwOTDDuv+eBc9RGKZOErK7azpvukt1QOmcHaQJ60ljcHBq"
+ "7HEoXMXyRySuDrBE7Wiu4+vaMKprW2dHela02K6kwSrNlL3njELilPqzMwcr9jR2"
+ "3h4CuTZgF+pl+ku3VU1+qJx/Qbshrc/jDpfgdYNx"
+ "-----END X942 DH PARAMETERS-----");
+
config.set("dl", "modp/ietf/1536",
"-----BEGIN X942 DH PARAMETERS-----"
"MIIBigKBwQD//////////8kP2qIhaMI0xMZii4DcHNEpAk4IimfMdAILvqY7E5si"
@@ -330,6 +340,21 @@ void set_default_dl_groups(Library_State& config)
"2uKu+DemKWTvFeX7SqwLjBzKpL51SrVyiukTDEx9AogKuUctRVZVNH//////////"
"-----END X942 DH PARAMETERS-----");
+ config.set("dl", "modp/srp/2048",
+ "-----BEGIN X942 DH PARAMETERS-----"
+ "MIICDAKCAQEArGvbQTJKmpvxZt5eE4lYL69ytmUZh+4H/DGSlD21YFCjcynLtKCZ"
+ "7YGT4HV3Z6E91SMSq0sDMQ3Nf0ip2gT9UOgIOWntt2ewz2CVF5oWOrNmGgX71fqq"
+ "6CkYqZYvC5O4Vfl5k+yXXuqoDXQK2/T/dHNZ0EHVwz6nHSgeRGsUdzvKl7Q6I/uA"
+ "Fna9IHpDbGSB8dK5B4cXRhpbnTLmiPh3SFRFI7UksNV9Xqd6J3XS7PoDLPvb9S+z"
+ "eGFgJ5AE5Xrmr4dOcwPOUymczAQce8MI2CpWmPOo0MOCca41+Onb+7aUtcgD2J96"
+ "5DXeI21SX1R1m2XjcvzWjvIPpxEfnkr/cwIBAgKCAQBWNe2gmSVNTfizby8JxKwX"
+ "17lbMozD9wP+GMlKHtqwKFG5lOXaUEz2wMnwOruz0J7qkYlVpYGYhua/pFTtAn6o"
+ "dAQctPbbs9hnsEqLzQsdWbMNAv3q/VV0FIxUyxeFydwq/LzJ9kuvdVQGugVt+n+6"
+ "OazoIOrhn1OOlA8iNYo7neVL2h0R/cALO16QPSG2MkD46VyDw4ujDS3OmXNEfDuk"
+ "KiKR2pJYar6vU70Tuul2fQGWfe36l9m8MLATyAJyvXNXw6c5gecplM5mAg494YRs"
+ "FStMedRoYcE41xr8dO3920pa5AHsT71yGu8RtqkvqjrNsvG5fmtHeQfTiI/PJX+5"
+ "-----END X942 DH PARAMETERS-----");
+
config.set("dl", "modp/ietf/3072",
"-----BEGIN X942 DH PARAMETERS-----"
"MIIDDAKCAYEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb"
diff --git a/src/math/mp/mp_comba.cpp b/src/math/mp/mp_comba.cpp
index 2770d3f0a..99dcda176 100644
--- a/src/math/mp/mp_comba.cpp
+++ b/src/math/mp/mp_comba.cpp
@@ -1,6 +1,6 @@
/*
* Comba Multiplication and Squaring
-* (C) 1999-2007 Jack Lloyd
+* (C) 1999-2007,2011 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -19,30 +19,30 @@ void bigint_comba_sqr4(word z[8], const word x[4])
{
word w2 = 0, w1 = 0, w0 = 0;
- word3_muladd(&w2, &w1, &w0, x[0], x[0]);
- z[0] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd(&w2, &w1, &w0, x[ 0], x[ 0]);
+ z[ 0] = w0; w0 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[0], x[1]);
- z[1] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
+ z[ 1] = w1; w1 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[0], x[2]);
- word3_muladd(&w2, &w1, &w0, x[1], x[1]);
- z[2] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
+ word3_muladd(&w1, &w0, &w2, x[ 1], x[ 1]);
+ z[ 2] = w2; w2 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[0], x[3]);
- word3_muladd_2(&w2, &w1, &w0, x[1], x[2]);
- z[3] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
+ word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
+ z[ 3] = w0; w0 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[1], x[3]);
- word3_muladd(&w2, &w1, &w0, x[2], x[2]);
- z[4] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
+ word3_muladd(&w0, &w2, &w1, x[ 2], x[ 2]);
+ z[ 4] = w1; w1 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[2], x[3]);
- z[5] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
+ z[ 5] = w2; w2 = 0;
- word3_muladd(&w2, &w1, &w0, x[3], x[3]);
- z[6] = w0;
- z[7] = w1;
+ word3_muladd(&w2, &w1, &w0, x[ 3], x[ 3]);
+ z[ 6] = w0;
+ z[ 7] = w1;
}
/*
@@ -52,36 +52,36 @@ void bigint_comba_mul4(word z[8], const word x[4], const word y[4])
{
word w2 = 0, w1 = 0, w0 = 0;
- word3_muladd(&w2, &w1, &w0, x[0], y[0]);
- z[0] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
+ z[ 0] = w0; w0 = 0;
- word3_muladd(&w2, &w1, &w0, x[0], y[1]);
- word3_muladd(&w2, &w1, &w0, x[1], y[0]);
- z[1] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
+ word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
+ z[ 1] = w1; w1 = 0;
- word3_muladd(&w2, &w1, &w0, x[0], y[2]);
- word3_muladd(&w2, &w1, &w0, x[1], y[1]);
- word3_muladd(&w2, &w1, &w0, x[2], y[0]);
- z[2] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
+ word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
+ word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
+ z[ 2] = w2; w2 = 0;
- word3_muladd(&w2, &w1, &w0, x[0], y[3]);
- word3_muladd(&w2, &w1, &w0, x[1], y[2]);
- word3_muladd(&w2, &w1, &w0, x[2], y[1]);
- word3_muladd(&w2, &w1, &w0, x[3], y[0]);
- z[3] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
+ word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
+ word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
+ word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
+ z[ 3] = w0; w0 = 0;
- word3_muladd(&w2, &w1, &w0, x[1], y[3]);
- word3_muladd(&w2, &w1, &w0, x[2], y[2]);
- word3_muladd(&w2, &w1, &w0, x[3], y[1]);
- z[4] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
+ word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
+ word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
+ z[ 4] = w1; w1 = 0;
- word3_muladd(&w2, &w1, &w0, x[2], y[3]);
- word3_muladd(&w2, &w1, &w0, x[3], y[2]);
- z[5] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
+ word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
+ z[ 5] = w2; w2 = 0;
- word3_muladd(&w2, &w1, &w0, x[3], y[3]);
- z[6] = w0;
- z[7] = w1;
+ word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
+ z[ 6] = w0;
+ z[ 7] = w1;
}
/*
@@ -91,49 +91,49 @@ void bigint_comba_sqr6(word z[12], const word x[6])
{
word w2 = 0, w1 = 0, w0 = 0;
- word3_muladd(&w2, &w1, &w0, x[0], x[0]);
- z[0] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd(&w2, &w1, &w0, x[ 0], x[ 0]);
+ z[ 0] = w0; w0 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[0], x[1]);
- z[1] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
+ z[ 1] = w1; w1 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[0], x[2]);
- word3_muladd(&w2, &w1, &w0, x[1], x[1]);
- z[2] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
+ word3_muladd(&w1, &w0, &w2, x[ 1], x[ 1]);
+ z[ 2] = w2; w2 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[0], x[3]);
- word3_muladd_2(&w2, &w1, &w0, x[1], x[2]);
- z[3] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
+ word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
+ z[ 3] = w0; w0 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[0], x[4]);
- word3_muladd_2(&w2, &w1, &w0, x[1], x[3]);
- word3_muladd(&w2, &w1, &w0, x[2], x[2]);
- z[4] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
+ word3_muladd(&w0, &w2, &w1, x[ 2], x[ 2]);
+ z[ 4] = w1; w1 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[0], x[5]);
- word3_muladd_2(&w2, &w1, &w0, x[1], x[4]);
- word3_muladd_2(&w2, &w1, &w0, x[2], x[3]);
- z[5] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
+ z[ 5] = w2; w2 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[1], x[5]);
- word3_muladd_2(&w2, &w1, &w0, x[2], x[4]);
- word3_muladd(&w2, &w1, &w0, x[3], x[3]);
- z[6] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
+ word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
+ word3_muladd(&w2, &w1, &w0, x[ 3], x[ 3]);
+ z[ 6] = w0; w0 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[2], x[5]);
- word3_muladd_2(&w2, &w1, &w0, x[3], x[4]);
- z[7] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
+ z[ 7] = w1; w1 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[3], x[5]);
- word3_muladd(&w2, &w1, &w0, x[4], x[4]);
- z[8] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
+ word3_muladd(&w1, &w0, &w2, x[ 4], x[ 4]);
+ z[ 8] = w2; w2 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[4], x[5]);
- z[9] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
+ z[ 9] = w0; w0 = 0;
- word3_muladd(&w2, &w1, &w0, x[5], x[5]);
- z[10] = w0;
- z[11] = w1;
+ word3_muladd(&w0, &w2, &w1, x[ 5], x[ 5]);
+ z[10] = w1;
+ z[11] = w2;
}
/*
@@ -143,64 +143,64 @@ void bigint_comba_mul6(word z[12], const word x[6], const word y[6])
{
word w2 = 0, w1 = 0, w0 = 0;
- word3_muladd(&w2, &w1, &w0, x[0], y[0]);
- z[0] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[0], y[1]);
- word3_muladd(&w2, &w1, &w0, x[1], y[0]);
- z[1] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[0], y[2]);
- word3_muladd(&w2, &w1, &w0, x[1], y[1]);
- word3_muladd(&w2, &w1, &w0, x[2], y[0]);
- z[2] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[0], y[3]);
- word3_muladd(&w2, &w1, &w0, x[1], y[2]);
- word3_muladd(&w2, &w1, &w0, x[2], y[1]);
- word3_muladd(&w2, &w1, &w0, x[3], y[0]);
- z[3] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[0], y[4]);
- word3_muladd(&w2, &w1, &w0, x[1], y[3]);
- word3_muladd(&w2, &w1, &w0, x[2], y[2]);
- word3_muladd(&w2, &w1, &w0, x[3], y[1]);
- word3_muladd(&w2, &w1, &w0, x[4], y[0]);
- z[4] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[0], y[5]);
- word3_muladd(&w2, &w1, &w0, x[1], y[4]);
- word3_muladd(&w2, &w1, &w0, x[2], y[3]);
- word3_muladd(&w2, &w1, &w0, x[3], y[2]);
- word3_muladd(&w2, &w1, &w0, x[4], y[1]);
- word3_muladd(&w2, &w1, &w0, x[5], y[0]);
- z[5] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[1], y[5]);
- word3_muladd(&w2, &w1, &w0, x[2], y[4]);
- word3_muladd(&w2, &w1, &w0, x[3], y[3]);
- word3_muladd(&w2, &w1, &w0, x[4], y[2]);
- word3_muladd(&w2, &w1, &w0, x[5], y[1]);
- z[6] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[2], y[5]);
- word3_muladd(&w2, &w1, &w0, x[3], y[4]);
- word3_muladd(&w2, &w1, &w0, x[4], y[3]);
- word3_muladd(&w2, &w1, &w0, x[5], y[2]);
- z[7] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[3], y[5]);
- word3_muladd(&w2, &w1, &w0, x[4], y[4]);
- word3_muladd(&w2, &w1, &w0, x[5], y[3]);
- z[8] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[4], y[5]);
- word3_muladd(&w2, &w1, &w0, x[5], y[4]);
- z[9] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[5], y[5]);
- z[10] = w0;
- z[11] = w1;
+ word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
+ z[ 0] = w0; w0 = 0;
+
+ word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
+ word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
+ z[ 1] = w1; w1 = 0;
+
+ word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
+ word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
+ word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
+ z[ 2] = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
+ word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
+ word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
+ word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
+ z[ 3] = w0; w0 = 0;
+
+ word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
+ word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
+ word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
+ word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
+ word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
+ z[ 4] = w1; w1 = 0;
+
+ word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
+ word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
+ word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
+ word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
+ word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
+ word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
+ z[ 5] = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
+ word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
+ word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
+ word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
+ word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
+ z[ 6] = w0; w0 = 0;
+
+ word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
+ word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
+ word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
+ word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
+ z[ 7] = w1; w1 = 0;
+
+ word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
+ word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
+ word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
+ z[ 8] = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
+ word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
+ z[ 9] = w0; w0 = 0;
+
+ word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
+ z[10] = w1;
+ z[11] = w2;
}
/*
@@ -210,72 +210,72 @@ void bigint_comba_sqr8(word z[16], const word x[8])
{
word w2 = 0, w1 = 0, w0 = 0;
- word3_muladd(&w2, &w1, &w0, x[0], x[0]);
- z[0] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[0], x[1]);
- z[1] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[0], x[2]);
- word3_muladd(&w2, &w1, &w0, x[1], x[1]);
- z[2] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[0], x[3]);
- word3_muladd_2(&w2, &w1, &w0, x[1], x[2]);
- z[3] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[0], x[4]);
- word3_muladd_2(&w2, &w1, &w0, x[1], x[3]);
- word3_muladd(&w2, &w1, &w0, x[2], x[2]);
- z[4] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[0], x[5]);
- word3_muladd_2(&w2, &w1, &w0, x[1], x[4]);
- word3_muladd_2(&w2, &w1, &w0, x[2], x[3]);
- z[5] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[0], x[6]);
- word3_muladd_2(&w2, &w1, &w0, x[1], x[5]);
- word3_muladd_2(&w2, &w1, &w0, x[2], x[4]);
- word3_muladd(&w2, &w1, &w0, x[3], x[3]);
- z[6] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[0], x[7]);
- word3_muladd_2(&w2, &w1, &w0, x[1], x[6]);
- word3_muladd_2(&w2, &w1, &w0, x[2], x[5]);
- word3_muladd_2(&w2, &w1, &w0, x[3], x[4]);
- z[7] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[1], x[7]);
- word3_muladd_2(&w2, &w1, &w0, x[2], x[6]);
- word3_muladd_2(&w2, &w1, &w0, x[3], x[5]);
- word3_muladd(&w2, &w1, &w0, x[4], x[4]);
- z[8] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[2], x[7]);
- word3_muladd_2(&w2, &w1, &w0, x[3], x[6]);
- word3_muladd_2(&w2, &w1, &w0, x[4], x[5]);
- z[9] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[3], x[7]);
- word3_muladd_2(&w2, &w1, &w0, x[4], x[6]);
- word3_muladd(&w2, &w1, &w0, x[5], x[5]);
- z[10] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[4], x[7]);
- word3_muladd_2(&w2, &w1, &w0, x[5], x[6]);
- z[11] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[5], x[7]);
- word3_muladd(&w2, &w1, &w0, x[6], x[6]);
- z[12] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[6], x[7]);
- z[13] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[7], x[7]);
- z[14] = w0;
- z[15] = w1;
+ word3_muladd(&w2, &w1, &w0, x[ 0], x[ 0]);
+ z[ 0] = w0; w0 = 0;
+
+ word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
+ z[ 1] = w1; w1 = 0;
+
+ word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
+ word3_muladd(&w1, &w0, &w2, x[ 1], x[ 1]);
+ z[ 2] = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
+ word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
+ z[ 3] = w0; w0 = 0;
+
+ word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
+ word3_muladd(&w0, &w2, &w1, x[ 2], x[ 2]);
+ z[ 4] = w1; w1 = 0;
+
+ word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
+ z[ 5] = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]);
+ word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
+ word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
+ word3_muladd(&w2, &w1, &w0, x[ 3], x[ 3]);
+ z[ 6] = w0; w0 = 0;
+
+ word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 6]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
+ z[ 7] = w1; w1 = 0;
+
+ word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
+ word3_muladd(&w1, &w0, &w2, x[ 4], x[ 4]);
+ z[ 8] = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 7]);
+ word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 6]);
+ word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
+ z[ 9] = w0; w0 = 0;
+
+ word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]);
+ word3_muladd(&w0, &w2, &w1, x[ 5], x[ 5]);
+ z[10] = w1; w1 = 0;
+
+ word3_muladd_2(&w1, &w0, &w2, x[ 4], x[ 7]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 6]);
+ z[11] = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]);
+ word3_muladd(&w2, &w1, &w0, x[ 6], x[ 6]);
+ z[12] = w0; w0 = 0;
+
+ word3_muladd_2(&w0, &w2, &w1, x[ 6], x[ 7]);
+ z[13] = w1; w1 = 0;
+
+ word3_muladd(&w1, &w0, &w2, x[ 7], x[ 7]);
+ z[14] = w2;
+ z[15] = w0;
}
/*
@@ -285,100 +285,100 @@ void bigint_comba_mul8(word z[16], const word x[8], const word y[8])
{
word w2 = 0, w1 = 0, w0 = 0;
- word3_muladd(&w2, &w1, &w0, x[0], y[0]);
- z[0] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[0], y[1]);
- word3_muladd(&w2, &w1, &w0, x[1], y[0]);
- z[1] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[0], y[2]);
- word3_muladd(&w2, &w1, &w0, x[1], y[1]);
- word3_muladd(&w2, &w1, &w0, x[2], y[0]);
- z[2] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[0], y[3]);
- word3_muladd(&w2, &w1, &w0, x[1], y[2]);
- word3_muladd(&w2, &w1, &w0, x[2], y[1]);
- word3_muladd(&w2, &w1, &w0, x[3], y[0]);
- z[3] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[0], y[4]);
- word3_muladd(&w2, &w1, &w0, x[1], y[3]);
- word3_muladd(&w2, &w1, &w0, x[2], y[2]);
- word3_muladd(&w2, &w1, &w0, x[3], y[1]);
- word3_muladd(&w2, &w1, &w0, x[4], y[0]);
- z[4] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[0], y[5]);
- word3_muladd(&w2, &w1, &w0, x[1], y[4]);
- word3_muladd(&w2, &w1, &w0, x[2], y[3]);
- word3_muladd(&w2, &w1, &w0, x[3], y[2]);
- word3_muladd(&w2, &w1, &w0, x[4], y[1]);
- word3_muladd(&w2, &w1, &w0, x[5], y[0]);
- z[5] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[0], y[6]);
- word3_muladd(&w2, &w1, &w0, x[1], y[5]);
- word3_muladd(&w2, &w1, &w0, x[2], y[4]);
- word3_muladd(&w2, &w1, &w0, x[3], y[3]);
- word3_muladd(&w2, &w1, &w0, x[4], y[2]);
- word3_muladd(&w2, &w1, &w0, x[5], y[1]);
- word3_muladd(&w2, &w1, &w0, x[6], y[0]);
- z[6] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[0], y[7]);
- word3_muladd(&w2, &w1, &w0, x[1], y[6]);
- word3_muladd(&w2, &w1, &w0, x[2], y[5]);
- word3_muladd(&w2, &w1, &w0, x[3], y[4]);
- word3_muladd(&w2, &w1, &w0, x[4], y[3]);
- word3_muladd(&w2, &w1, &w0, x[5], y[2]);
- word3_muladd(&w2, &w1, &w0, x[6], y[1]);
- word3_muladd(&w2, &w1, &w0, x[7], y[0]);
- z[7] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[1], y[7]);
- word3_muladd(&w2, &w1, &w0, x[2], y[6]);
- word3_muladd(&w2, &w1, &w0, x[3], y[5]);
- word3_muladd(&w2, &w1, &w0, x[4], y[4]);
- word3_muladd(&w2, &w1, &w0, x[5], y[3]);
- word3_muladd(&w2, &w1, &w0, x[6], y[2]);
- word3_muladd(&w2, &w1, &w0, x[7], y[1]);
- z[8] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[2], y[7]);
- word3_muladd(&w2, &w1, &w0, x[3], y[6]);
- word3_muladd(&w2, &w1, &w0, x[4], y[5]);
- word3_muladd(&w2, &w1, &w0, x[5], y[4]);
- word3_muladd(&w2, &w1, &w0, x[6], y[3]);
- word3_muladd(&w2, &w1, &w0, x[7], y[2]);
- z[9] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[3], y[7]);
- word3_muladd(&w2, &w1, &w0, x[4], y[6]);
- word3_muladd(&w2, &w1, &w0, x[5], y[5]);
- word3_muladd(&w2, &w1, &w0, x[6], y[4]);
- word3_muladd(&w2, &w1, &w0, x[7], y[3]);
- z[10] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[4], y[7]);
- word3_muladd(&w2, &w1, &w0, x[5], y[6]);
- word3_muladd(&w2, &w1, &w0, x[6], y[5]);
- word3_muladd(&w2, &w1, &w0, x[7], y[4]);
- z[11] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[5], y[7]);
- word3_muladd(&w2, &w1, &w0, x[6], y[6]);
- word3_muladd(&w2, &w1, &w0, x[7], y[5]);
- z[12] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[6], y[7]);
- word3_muladd(&w2, &w1, &w0, x[7], y[6]);
- z[13] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[7], y[7]);
- z[14] = w0;
- z[15] = w1;
+ word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
+ z[ 0] = w0; w0 = 0;
+
+ word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
+ word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
+ z[ 1] = w1; w1 = 0;
+
+ word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
+ word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
+ word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
+ z[ 2] = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
+ word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
+ word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
+ word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
+ z[ 3] = w0; w0 = 0;
+
+ word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
+ word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
+ word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
+ word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
+ word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
+ z[ 4] = w1; w1 = 0;
+
+ word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
+ word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
+ word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
+ word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
+ word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
+ word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
+ z[ 5] = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
+ word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
+ word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]);
+ word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]);
+ word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
+ word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
+ word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
+ z[ 6] = w0; w0 = 0;
+
+ word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
+ word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
+ word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
+ word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
+ word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
+ word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
+ word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
+ word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
+ z[ 7] = w1; w1 = 0;
+
+ word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
+ word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
+ word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
+ word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
+ word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
+ word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
+ word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
+ z[ 8] = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]);
+ word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]);
+ word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]);
+ word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]);
+ word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]);
+ word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
+ z[ 9] = w0; w0 = 0;
+
+ word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
+ word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
+ word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
+ word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
+ word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
+ z[10] = w1; w1 = 0;
+
+ word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
+ word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
+ word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
+ word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
+ z[11] = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]);
+ word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]);
+ word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]);
+ z[12] = w0; w0 = 0;
+
+ word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
+ word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
+ z[13] = w1; w1 = 0;
+
+ word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
+ z[14] = w2;
+ z[15] = w0;
}
/*
@@ -389,70 +389,70 @@ void bigint_comba_sqr16(word z[32], const word x[16])
word w2 = 0, w1 = 0, w0 = 0;
word3_muladd(&w2, &w1, &w0, x[ 0], x[ 0]);
- z[ 0] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[ 0] = w0; w0 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 1]);
- z[ 1] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]);
+ z[ 1] = w1; w1 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 2]);
- word3_muladd(&w2, &w1, &w0, x[ 1], x[ 1]);
- z[ 2] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]);
+ word3_muladd(&w1, &w0, &w2, x[ 1], x[ 1]);
+ z[ 2] = w2; w2 = 0;
word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]);
word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]);
- z[ 3] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[ 3] = w0; w0 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 4]);
- word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 3]);
- word3_muladd(&w2, &w1, &w0, x[ 2], x[ 2]);
- z[ 4] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]);
+ word3_muladd(&w0, &w2, &w1, x[ 2], x[ 2]);
+ z[ 4] = w1; w1 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 5]);
- word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 4]);
- word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 3]);
- z[ 5] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]);
+ z[ 5] = w2; w2 = 0;
word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]);
word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]);
word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]);
word3_muladd(&w2, &w1, &w0, x[ 3], x[ 3]);
- z[ 6] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[ 6] = w0; w0 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 7]);
- word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 6]);
- word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 5]);
- word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 4]);
- z[ 7] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 6]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]);
+ z[ 7] = w1; w1 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 8]);
- word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 7]);
- word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 6]);
- word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 5]);
- word3_muladd(&w2, &w1, &w0, x[ 4], x[ 4]);
- z[ 8] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 8]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]);
+ word3_muladd(&w1, &w0, &w2, x[ 4], x[ 4]);
+ z[ 8] = w2; w2 = 0;
word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 9]);
word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 8]);
word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 7]);
word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 6]);
word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]);
- z[ 9] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[ 0], x[10]);
- word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 9]);
- word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 8]);
- word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 7]);
- word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 6]);
- word3_muladd(&w2, &w1, &w0, x[ 5], x[ 5]);
- z[10] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[ 0], x[11]);
- word3_muladd_2(&w2, &w1, &w0, x[ 1], x[10]);
- word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 9]);
- word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 8]);
- word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 7]);
- word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 6]);
- z[11] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[ 9] = w0; w0 = 0;
+
+ word3_muladd_2(&w0, &w2, &w1, x[ 0], x[10]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 9]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 8]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]);
+ word3_muladd(&w0, &w2, &w1, x[ 5], x[ 5]);
+ z[10] = w1; w1 = 0;
+
+ word3_muladd_2(&w1, &w0, &w2, x[ 0], x[11]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 1], x[10]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 9]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 8]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 4], x[ 7]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 6]);
+ z[11] = w2; w2 = 0;
word3_muladd_2(&w2, &w1, &w0, x[ 0], x[12]);
word3_muladd_2(&w2, &w1, &w0, x[ 1], x[11]);
@@ -461,26 +461,26 @@ void bigint_comba_sqr16(word z[32], const word x[16])
word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 8]);
word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]);
word3_muladd(&w2, &w1, &w0, x[ 6], x[ 6]);
- z[12] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[ 0], x[13]);
- word3_muladd_2(&w2, &w1, &w0, x[ 1], x[12]);
- word3_muladd_2(&w2, &w1, &w0, x[ 2], x[11]);
- word3_muladd_2(&w2, &w1, &w0, x[ 3], x[10]);
- word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 9]);
- word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 8]);
- word3_muladd_2(&w2, &w1, &w0, x[ 6], x[ 7]);
- z[13] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[ 0], x[14]);
- word3_muladd_2(&w2, &w1, &w0, x[ 1], x[13]);
- word3_muladd_2(&w2, &w1, &w0, x[ 2], x[12]);
- word3_muladd_2(&w2, &w1, &w0, x[ 3], x[11]);
- word3_muladd_2(&w2, &w1, &w0, x[ 4], x[10]);
- word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 9]);
- word3_muladd_2(&w2, &w1, &w0, x[ 6], x[ 8]);
- word3_muladd(&w2, &w1, &w0, x[ 7], x[ 7]);
- z[14] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[12] = w0; w0 = 0;
+
+ word3_muladd_2(&w0, &w2, &w1, x[ 0], x[13]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 1], x[12]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 2], x[11]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 3], x[10]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 9]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 5], x[ 8]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 6], x[ 7]);
+ z[13] = w1; w1 = 0;
+
+ word3_muladd_2(&w1, &w0, &w2, x[ 0], x[14]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 1], x[13]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 2], x[12]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 3], x[11]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 4], x[10]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 9]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 6], x[ 8]);
+ word3_muladd(&w1, &w0, &w2, x[ 7], x[ 7]);
+ z[14] = w2; w2 = 0;
word3_muladd_2(&w2, &w1, &w0, x[ 0], x[15]);
word3_muladd_2(&w2, &w1, &w0, x[ 1], x[14]);
@@ -490,26 +490,26 @@ void bigint_comba_sqr16(word z[32], const word x[16])
word3_muladd_2(&w2, &w1, &w0, x[ 5], x[10]);
word3_muladd_2(&w2, &w1, &w0, x[ 6], x[ 9]);
word3_muladd_2(&w2, &w1, &w0, x[ 7], x[ 8]);
- z[15] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[ 1], x[15]);
- word3_muladd_2(&w2, &w1, &w0, x[ 2], x[14]);
- word3_muladd_2(&w2, &w1, &w0, x[ 3], x[13]);
- word3_muladd_2(&w2, &w1, &w0, x[ 4], x[12]);
- word3_muladd_2(&w2, &w1, &w0, x[ 5], x[11]);
- word3_muladd_2(&w2, &w1, &w0, x[ 6], x[10]);
- word3_muladd_2(&w2, &w1, &w0, x[ 7], x[ 9]);
- word3_muladd(&w2, &w1, &w0, x[ 8], x[ 8]);
- z[16] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[ 2], x[15]);
- word3_muladd_2(&w2, &w1, &w0, x[ 3], x[14]);
- word3_muladd_2(&w2, &w1, &w0, x[ 4], x[13]);
- word3_muladd_2(&w2, &w1, &w0, x[ 5], x[12]);
- word3_muladd_2(&w2, &w1, &w0, x[ 6], x[11]);
- word3_muladd_2(&w2, &w1, &w0, x[ 7], x[10]);
- word3_muladd_2(&w2, &w1, &w0, x[ 8], x[ 9]);
- z[17] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[15] = w0; w0 = 0;
+
+ word3_muladd_2(&w0, &w2, &w1, x[ 1], x[15]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 2], x[14]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 3], x[13]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 4], x[12]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 5], x[11]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 6], x[10]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 7], x[ 9]);
+ word3_muladd(&w0, &w2, &w1, x[ 8], x[ 8]);
+ z[16] = w1; w1 = 0;
+
+ word3_muladd_2(&w1, &w0, &w2, x[ 2], x[15]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 3], x[14]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 4], x[13]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 5], x[12]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 6], x[11]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 7], x[10]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 8], x[ 9]);
+ z[17] = w2; w2 = 0;
word3_muladd_2(&w2, &w1, &w0, x[ 3], x[15]);
word3_muladd_2(&w2, &w1, &w0, x[ 4], x[14]);
@@ -518,70 +518,70 @@ void bigint_comba_sqr16(word z[32], const word x[16])
word3_muladd_2(&w2, &w1, &w0, x[ 7], x[11]);
word3_muladd_2(&w2, &w1, &w0, x[ 8], x[10]);
word3_muladd(&w2, &w1, &w0, x[ 9], x[ 9]);
- z[18] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[ 4], x[15]);
- word3_muladd_2(&w2, &w1, &w0, x[ 5], x[14]);
- word3_muladd_2(&w2, &w1, &w0, x[ 6], x[13]);
- word3_muladd_2(&w2, &w1, &w0, x[ 7], x[12]);
- word3_muladd_2(&w2, &w1, &w0, x[ 8], x[11]);
- word3_muladd_2(&w2, &w1, &w0, x[ 9], x[10]);
- z[19] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd_2(&w2, &w1, &w0, x[ 5], x[15]);
- word3_muladd_2(&w2, &w1, &w0, x[ 6], x[14]);
- word3_muladd_2(&w2, &w1, &w0, x[ 7], x[13]);
- word3_muladd_2(&w2, &w1, &w0, x[ 8], x[12]);
- word3_muladd_2(&w2, &w1, &w0, x[ 9], x[11]);
- word3_muladd(&w2, &w1, &w0, x[10], x[10]);
- z[20] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[18] = w0; w0 = 0;
+
+ word3_muladd_2(&w0, &w2, &w1, x[ 4], x[15]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 5], x[14]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 6], x[13]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 7], x[12]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 8], x[11]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 9], x[10]);
+ z[19] = w1; w1 = 0;
+
+ word3_muladd_2(&w1, &w0, &w2, x[ 5], x[15]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 6], x[14]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 7], x[13]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 8], x[12]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 9], x[11]);
+ word3_muladd(&w1, &w0, &w2, x[10], x[10]);
+ z[20] = w2; w2 = 0;
word3_muladd_2(&w2, &w1, &w0, x[ 6], x[15]);
word3_muladd_2(&w2, &w1, &w0, x[ 7], x[14]);
word3_muladd_2(&w2, &w1, &w0, x[ 8], x[13]);
word3_muladd_2(&w2, &w1, &w0, x[ 9], x[12]);
word3_muladd_2(&w2, &w1, &w0, x[10], x[11]);
- z[21] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[21] = w0; w0 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[ 7], x[15]);
- word3_muladd_2(&w2, &w1, &w0, x[ 8], x[14]);
- word3_muladd_2(&w2, &w1, &w0, x[ 9], x[13]);
- word3_muladd_2(&w2, &w1, &w0, x[10], x[12]);
- word3_muladd(&w2, &w1, &w0, x[11], x[11]);
- z[22] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w0, &w2, &w1, x[ 7], x[15]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 8], x[14]);
+ word3_muladd_2(&w0, &w2, &w1, x[ 9], x[13]);
+ word3_muladd_2(&w0, &w2, &w1, x[10], x[12]);
+ word3_muladd(&w0, &w2, &w1, x[11], x[11]);
+ z[22] = w1; w1 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[ 8], x[15]);
- word3_muladd_2(&w2, &w1, &w0, x[ 9], x[14]);
- word3_muladd_2(&w2, &w1, &w0, x[10], x[13]);
- word3_muladd_2(&w2, &w1, &w0, x[11], x[12]);
- z[23] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w1, &w0, &w2, x[ 8], x[15]);
+ word3_muladd_2(&w1, &w0, &w2, x[ 9], x[14]);
+ word3_muladd_2(&w1, &w0, &w2, x[10], x[13]);
+ word3_muladd_2(&w1, &w0, &w2, x[11], x[12]);
+ z[23] = w2; w2 = 0;
word3_muladd_2(&w2, &w1, &w0, x[ 9], x[15]);
word3_muladd_2(&w2, &w1, &w0, x[10], x[14]);
word3_muladd_2(&w2, &w1, &w0, x[11], x[13]);
word3_muladd(&w2, &w1, &w0, x[12], x[12]);
- z[24] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[24] = w0; w0 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[10], x[15]);
- word3_muladd_2(&w2, &w1, &w0, x[11], x[14]);
- word3_muladd_2(&w2, &w1, &w0, x[12], x[13]);
- z[25] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w0, &w2, &w1, x[10], x[15]);
+ word3_muladd_2(&w0, &w2, &w1, x[11], x[14]);
+ word3_muladd_2(&w0, &w2, &w1, x[12], x[13]);
+ z[25] = w1; w1 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[11], x[15]);
- word3_muladd_2(&w2, &w1, &w0, x[12], x[14]);
- word3_muladd(&w2, &w1, &w0, x[13], x[13]);
- z[26] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w1, &w0, &w2, x[11], x[15]);
+ word3_muladd_2(&w1, &w0, &w2, x[12], x[14]);
+ word3_muladd(&w1, &w0, &w2, x[13], x[13]);
+ z[26] = w2; w2 = 0;
word3_muladd_2(&w2, &w1, &w0, x[12], x[15]);
word3_muladd_2(&w2, &w1, &w0, x[13], x[14]);
- z[27] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[27] = w0; w0 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[13], x[15]);
- word3_muladd(&w2, &w1, &w0, x[14], x[14]);
- z[28] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w0, &w2, &w1, x[13], x[15]);
+ word3_muladd(&w0, &w2, &w1, x[14], x[14]);
+ z[28] = w1; w1 = 0;
- word3_muladd_2(&w2, &w1, &w0, x[14], x[15]);
- z[29] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd_2(&w1, &w0, &w2, x[14], x[15]);
+ z[29] = w2; w2 = 0;
word3_muladd(&w2, &w1, &w0, x[15], x[15]);
z[30] = w0;
@@ -596,37 +596,37 @@ void bigint_comba_mul16(word z[32], const word x[16], const word y[16])
word w2 = 0, w1 = 0, w0 = 0;
word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]);
- z[0] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[ 0] = w0; w0 = 0;
- word3_muladd(&w2, &w1, &w0, x[ 0], y[ 1]);
- word3_muladd(&w2, &w1, &w0, x[ 1], y[ 0]);
- z[1] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]);
+ word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]);
+ z[ 1] = w1; w1 = 0;
- word3_muladd(&w2, &w1, &w0, x[ 0], y[ 2]);
- word3_muladd(&w2, &w1, &w0, x[ 1], y[ 1]);
- word3_muladd(&w2, &w1, &w0, x[ 2], y[ 0]);
- z[2] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]);
+ word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]);
+ word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]);
+ z[ 2] = w2; w2 = 0;
word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]);
word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]);
word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]);
word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]);
- z[3] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[ 0], y[ 4]);
- word3_muladd(&w2, &w1, &w0, x[ 1], y[ 3]);
- word3_muladd(&w2, &w1, &w0, x[ 2], y[ 2]);
- word3_muladd(&w2, &w1, &w0, x[ 3], y[ 1]);
- word3_muladd(&w2, &w1, &w0, x[ 4], y[ 0]);
- z[4] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[ 0], y[ 5]);
- word3_muladd(&w2, &w1, &w0, x[ 1], y[ 4]);
- word3_muladd(&w2, &w1, &w0, x[ 2], y[ 3]);
- word3_muladd(&w2, &w1, &w0, x[ 3], y[ 2]);
- word3_muladd(&w2, &w1, &w0, x[ 4], y[ 1]);
- word3_muladd(&w2, &w1, &w0, x[ 5], y[ 0]);
- z[5] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[ 3] = w0; w0 = 0;
+
+ word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]);
+ word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]);
+ word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]);
+ word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]);
+ word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]);
+ z[ 4] = w1; w1 = 0;
+
+ word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]);
+ word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]);
+ word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]);
+ word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]);
+ word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]);
+ word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]);
+ z[ 5] = w2; w2 = 0;
word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]);
word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]);
@@ -635,28 +635,28 @@ void bigint_comba_mul16(word z[32], const word x[16], const word y[16])
word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]);
word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]);
word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]);
- z[6] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[ 0], y[ 7]);
- word3_muladd(&w2, &w1, &w0, x[ 1], y[ 6]);
- word3_muladd(&w2, &w1, &w0, x[ 2], y[ 5]);
- word3_muladd(&w2, &w1, &w0, x[ 3], y[ 4]);
- word3_muladd(&w2, &w1, &w0, x[ 4], y[ 3]);
- word3_muladd(&w2, &w1, &w0, x[ 5], y[ 2]);
- word3_muladd(&w2, &w1, &w0, x[ 6], y[ 1]);
- word3_muladd(&w2, &w1, &w0, x[ 7], y[ 0]);
- z[7] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[ 0], y[ 8]);
- word3_muladd(&w2, &w1, &w0, x[ 1], y[ 7]);
- word3_muladd(&w2, &w1, &w0, x[ 2], y[ 6]);
- word3_muladd(&w2, &w1, &w0, x[ 3], y[ 5]);
- word3_muladd(&w2, &w1, &w0, x[ 4], y[ 4]);
- word3_muladd(&w2, &w1, &w0, x[ 5], y[ 3]);
- word3_muladd(&w2, &w1, &w0, x[ 6], y[ 2]);
- word3_muladd(&w2, &w1, &w0, x[ 7], y[ 1]);
- word3_muladd(&w2, &w1, &w0, x[ 8], y[ 0]);
- z[8] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[ 6] = w0; w0 = 0;
+
+ word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]);
+ word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]);
+ word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]);
+ word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]);
+ word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]);
+ word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]);
+ word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]);
+ word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]);
+ z[ 7] = w1; w1 = 0;
+
+ word3_muladd(&w1, &w0, &w2, x[ 0], y[ 8]);
+ word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]);
+ word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]);
+ word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]);
+ word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]);
+ word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]);
+ word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]);
+ word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]);
+ word3_muladd(&w1, &w0, &w2, x[ 8], y[ 0]);
+ z[ 8] = w2; w2 = 0;
word3_muladd(&w2, &w1, &w0, x[ 0], y[ 9]);
word3_muladd(&w2, &w1, &w0, x[ 1], y[ 8]);
@@ -668,34 +668,34 @@ void bigint_comba_mul16(word z[32], const word x[16], const word y[16])
word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]);
word3_muladd(&w2, &w1, &w0, x[ 8], y[ 1]);
word3_muladd(&w2, &w1, &w0, x[ 9], y[ 0]);
- z[9] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[ 0], y[10]);
- word3_muladd(&w2, &w1, &w0, x[ 1], y[ 9]);
- word3_muladd(&w2, &w1, &w0, x[ 2], y[ 8]);
- word3_muladd(&w2, &w1, &w0, x[ 3], y[ 7]);
- word3_muladd(&w2, &w1, &w0, x[ 4], y[ 6]);
- word3_muladd(&w2, &w1, &w0, x[ 5], y[ 5]);
- word3_muladd(&w2, &w1, &w0, x[ 6], y[ 4]);
- word3_muladd(&w2, &w1, &w0, x[ 7], y[ 3]);
- word3_muladd(&w2, &w1, &w0, x[ 8], y[ 2]);
- word3_muladd(&w2, &w1, &w0, x[ 9], y[ 1]);
- word3_muladd(&w2, &w1, &w0, x[10], y[ 0]);
- z[10] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[ 0], y[11]);
- word3_muladd(&w2, &w1, &w0, x[ 1], y[10]);
- word3_muladd(&w2, &w1, &w0, x[ 2], y[ 9]);
- word3_muladd(&w2, &w1, &w0, x[ 3], y[ 8]);
- word3_muladd(&w2, &w1, &w0, x[ 4], y[ 7]);
- word3_muladd(&w2, &w1, &w0, x[ 5], y[ 6]);
- word3_muladd(&w2, &w1, &w0, x[ 6], y[ 5]);
- word3_muladd(&w2, &w1, &w0, x[ 7], y[ 4]);
- word3_muladd(&w2, &w1, &w0, x[ 8], y[ 3]);
- word3_muladd(&w2, &w1, &w0, x[ 9], y[ 2]);
- word3_muladd(&w2, &w1, &w0, x[10], y[ 1]);
- word3_muladd(&w2, &w1, &w0, x[11], y[ 0]);
- z[11] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[ 9] = w0; w0 = 0;
+
+ word3_muladd(&w0, &w2, &w1, x[ 0], y[10]);
+ word3_muladd(&w0, &w2, &w1, x[ 1], y[ 9]);
+ word3_muladd(&w0, &w2, &w1, x[ 2], y[ 8]);
+ word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]);
+ word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]);
+ word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]);
+ word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]);
+ word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]);
+ word3_muladd(&w0, &w2, &w1, x[ 8], y[ 2]);
+ word3_muladd(&w0, &w2, &w1, x[ 9], y[ 1]);
+ word3_muladd(&w0, &w2, &w1, x[10], y[ 0]);
+ z[10] = w1; w1 = 0;
+
+ word3_muladd(&w1, &w0, &w2, x[ 0], y[11]);
+ word3_muladd(&w1, &w0, &w2, x[ 1], y[10]);
+ word3_muladd(&w1, &w0, &w2, x[ 2], y[ 9]);
+ word3_muladd(&w1, &w0, &w2, x[ 3], y[ 8]);
+ word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]);
+ word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]);
+ word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]);
+ word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]);
+ word3_muladd(&w1, &w0, &w2, x[ 8], y[ 3]);
+ word3_muladd(&w1, &w0, &w2, x[ 9], y[ 2]);
+ word3_muladd(&w1, &w0, &w2, x[10], y[ 1]);
+ word3_muladd(&w1, &w0, &w2, x[11], y[ 0]);
+ z[11] = w2; w2 = 0;
word3_muladd(&w2, &w1, &w0, x[ 0], y[12]);
word3_muladd(&w2, &w1, &w0, x[ 1], y[11]);
@@ -710,40 +710,40 @@ void bigint_comba_mul16(word z[32], const word x[16], const word y[16])
word3_muladd(&w2, &w1, &w0, x[10], y[ 2]);
word3_muladd(&w2, &w1, &w0, x[11], y[ 1]);
word3_muladd(&w2, &w1, &w0, x[12], y[ 0]);
- z[12] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[ 0], y[13]);
- word3_muladd(&w2, &w1, &w0, x[ 1], y[12]);
- word3_muladd(&w2, &w1, &w0, x[ 2], y[11]);
- word3_muladd(&w2, &w1, &w0, x[ 3], y[10]);
- word3_muladd(&w2, &w1, &w0, x[ 4], y[ 9]);
- word3_muladd(&w2, &w1, &w0, x[ 5], y[ 8]);
- word3_muladd(&w2, &w1, &w0, x[ 6], y[ 7]);
- word3_muladd(&w2, &w1, &w0, x[ 7], y[ 6]);
- word3_muladd(&w2, &w1, &w0, x[ 8], y[ 5]);
- word3_muladd(&w2, &w1, &w0, x[ 9], y[ 4]);
- word3_muladd(&w2, &w1, &w0, x[10], y[ 3]);
- word3_muladd(&w2, &w1, &w0, x[11], y[ 2]);
- word3_muladd(&w2, &w1, &w0, x[12], y[ 1]);
- word3_muladd(&w2, &w1, &w0, x[13], y[ 0]);
- z[13] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[ 0], y[14]);
- word3_muladd(&w2, &w1, &w0, x[ 1], y[13]);
- word3_muladd(&w2, &w1, &w0, x[ 2], y[12]);
- word3_muladd(&w2, &w1, &w0, x[ 3], y[11]);
- word3_muladd(&w2, &w1, &w0, x[ 4], y[10]);
- word3_muladd(&w2, &w1, &w0, x[ 5], y[ 9]);
- word3_muladd(&w2, &w1, &w0, x[ 6], y[ 8]);
- word3_muladd(&w2, &w1, &w0, x[ 7], y[ 7]);
- word3_muladd(&w2, &w1, &w0, x[ 8], y[ 6]);
- word3_muladd(&w2, &w1, &w0, x[ 9], y[ 5]);
- word3_muladd(&w2, &w1, &w0, x[10], y[ 4]);
- word3_muladd(&w2, &w1, &w0, x[11], y[ 3]);
- word3_muladd(&w2, &w1, &w0, x[12], y[ 2]);
- word3_muladd(&w2, &w1, &w0, x[13], y[ 1]);
- word3_muladd(&w2, &w1, &w0, x[14], y[ 0]);
- z[14] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[12] = w0; w0 = 0;
+
+ word3_muladd(&w0, &w2, &w1, x[ 0], y[13]);
+ word3_muladd(&w0, &w2, &w1, x[ 1], y[12]);
+ word3_muladd(&w0, &w2, &w1, x[ 2], y[11]);
+ word3_muladd(&w0, &w2, &w1, x[ 3], y[10]);
+ word3_muladd(&w0, &w2, &w1, x[ 4], y[ 9]);
+ word3_muladd(&w0, &w2, &w1, x[ 5], y[ 8]);
+ word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]);
+ word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]);
+ word3_muladd(&w0, &w2, &w1, x[ 8], y[ 5]);
+ word3_muladd(&w0, &w2, &w1, x[ 9], y[ 4]);
+ word3_muladd(&w0, &w2, &w1, x[10], y[ 3]);
+ word3_muladd(&w0, &w2, &w1, x[11], y[ 2]);
+ word3_muladd(&w0, &w2, &w1, x[12], y[ 1]);
+ word3_muladd(&w0, &w2, &w1, x[13], y[ 0]);
+ z[13] = w1; w1 = 0;
+
+ word3_muladd(&w1, &w0, &w2, x[ 0], y[14]);
+ word3_muladd(&w1, &w0, &w2, x[ 1], y[13]);
+ word3_muladd(&w1, &w0, &w2, x[ 2], y[12]);
+ word3_muladd(&w1, &w0, &w2, x[ 3], y[11]);
+ word3_muladd(&w1, &w0, &w2, x[ 4], y[10]);
+ word3_muladd(&w1, &w0, &w2, x[ 5], y[ 9]);
+ word3_muladd(&w1, &w0, &w2, x[ 6], y[ 8]);
+ word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]);
+ word3_muladd(&w1, &w0, &w2, x[ 8], y[ 6]);
+ word3_muladd(&w1, &w0, &w2, x[ 9], y[ 5]);
+ word3_muladd(&w1, &w0, &w2, x[10], y[ 4]);
+ word3_muladd(&w1, &w0, &w2, x[11], y[ 3]);
+ word3_muladd(&w1, &w0, &w2, x[12], y[ 2]);
+ word3_muladd(&w1, &w0, &w2, x[13], y[ 1]);
+ word3_muladd(&w1, &w0, &w2, x[14], y[ 0]);
+ z[14] = w2; w2 = 0;
word3_muladd(&w2, &w1, &w0, x[ 0], y[15]);
word3_muladd(&w2, &w1, &w0, x[ 1], y[14]);
@@ -761,40 +761,40 @@ void bigint_comba_mul16(word z[32], const word x[16], const word y[16])
word3_muladd(&w2, &w1, &w0, x[13], y[ 2]);
word3_muladd(&w2, &w1, &w0, x[14], y[ 1]);
word3_muladd(&w2, &w1, &w0, x[15], y[ 0]);
- z[15] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[ 1], y[15]);
- word3_muladd(&w2, &w1, &w0, x[ 2], y[14]);
- word3_muladd(&w2, &w1, &w0, x[ 3], y[13]);
- word3_muladd(&w2, &w1, &w0, x[ 4], y[12]);
- word3_muladd(&w2, &w1, &w0, x[ 5], y[11]);
- word3_muladd(&w2, &w1, &w0, x[ 6], y[10]);
- word3_muladd(&w2, &w1, &w0, x[ 7], y[ 9]);
- word3_muladd(&w2, &w1, &w0, x[ 8], y[ 8]);
- word3_muladd(&w2, &w1, &w0, x[ 9], y[ 7]);
- word3_muladd(&w2, &w1, &w0, x[10], y[ 6]);
- word3_muladd(&w2, &w1, &w0, x[11], y[ 5]);
- word3_muladd(&w2, &w1, &w0, x[12], y[ 4]);
- word3_muladd(&w2, &w1, &w0, x[13], y[ 3]);
- word3_muladd(&w2, &w1, &w0, x[14], y[ 2]);
- word3_muladd(&w2, &w1, &w0, x[15], y[ 1]);
- z[16] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[ 2], y[15]);
- word3_muladd(&w2, &w1, &w0, x[ 3], y[14]);
- word3_muladd(&w2, &w1, &w0, x[ 4], y[13]);
- word3_muladd(&w2, &w1, &w0, x[ 5], y[12]);
- word3_muladd(&w2, &w1, &w0, x[ 6], y[11]);
- word3_muladd(&w2, &w1, &w0, x[ 7], y[10]);
- word3_muladd(&w2, &w1, &w0, x[ 8], y[ 9]);
- word3_muladd(&w2, &w1, &w0, x[ 9], y[ 8]);
- word3_muladd(&w2, &w1, &w0, x[10], y[ 7]);
- word3_muladd(&w2, &w1, &w0, x[11], y[ 6]);
- word3_muladd(&w2, &w1, &w0, x[12], y[ 5]);
- word3_muladd(&w2, &w1, &w0, x[13], y[ 4]);
- word3_muladd(&w2, &w1, &w0, x[14], y[ 3]);
- word3_muladd(&w2, &w1, &w0, x[15], y[ 2]);
- z[17] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[15] = w0; w0 = 0;
+
+ word3_muladd(&w0, &w2, &w1, x[ 1], y[15]);
+ word3_muladd(&w0, &w2, &w1, x[ 2], y[14]);
+ word3_muladd(&w0, &w2, &w1, x[ 3], y[13]);
+ word3_muladd(&w0, &w2, &w1, x[ 4], y[12]);
+ word3_muladd(&w0, &w2, &w1, x[ 5], y[11]);
+ word3_muladd(&w0, &w2, &w1, x[ 6], y[10]);
+ word3_muladd(&w0, &w2, &w1, x[ 7], y[ 9]);
+ word3_muladd(&w0, &w2, &w1, x[ 8], y[ 8]);
+ word3_muladd(&w0, &w2, &w1, x[ 9], y[ 7]);
+ word3_muladd(&w0, &w2, &w1, x[10], y[ 6]);
+ word3_muladd(&w0, &w2, &w1, x[11], y[ 5]);
+ word3_muladd(&w0, &w2, &w1, x[12], y[ 4]);
+ word3_muladd(&w0, &w2, &w1, x[13], y[ 3]);
+ word3_muladd(&w0, &w2, &w1, x[14], y[ 2]);
+ word3_muladd(&w0, &w2, &w1, x[15], y[ 1]);
+ z[16] = w1; w1 = 0;
+
+ word3_muladd(&w1, &w0, &w2, x[ 2], y[15]);
+ word3_muladd(&w1, &w0, &w2, x[ 3], y[14]);
+ word3_muladd(&w1, &w0, &w2, x[ 4], y[13]);
+ word3_muladd(&w1, &w0, &w2, x[ 5], y[12]);
+ word3_muladd(&w1, &w0, &w2, x[ 6], y[11]);
+ word3_muladd(&w1, &w0, &w2, x[ 7], y[10]);
+ word3_muladd(&w1, &w0, &w2, x[ 8], y[ 9]);
+ word3_muladd(&w1, &w0, &w2, x[ 9], y[ 8]);
+ word3_muladd(&w1, &w0, &w2, x[10], y[ 7]);
+ word3_muladd(&w1, &w0, &w2, x[11], y[ 6]);
+ word3_muladd(&w1, &w0, &w2, x[12], y[ 5]);
+ word3_muladd(&w1, &w0, &w2, x[13], y[ 4]);
+ word3_muladd(&w1, &w0, &w2, x[14], y[ 3]);
+ word3_muladd(&w1, &w0, &w2, x[15], y[ 2]);
+ z[17] = w2; w2 = 0;
word3_muladd(&w2, &w1, &w0, x[ 3], y[15]);
word3_muladd(&w2, &w1, &w0, x[ 4], y[14]);
@@ -809,34 +809,34 @@ void bigint_comba_mul16(word z[32], const word x[16], const word y[16])
word3_muladd(&w2, &w1, &w0, x[13], y[ 5]);
word3_muladd(&w2, &w1, &w0, x[14], y[ 4]);
word3_muladd(&w2, &w1, &w0, x[15], y[ 3]);
- z[18] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[ 4], y[15]);
- word3_muladd(&w2, &w1, &w0, x[ 5], y[14]);
- word3_muladd(&w2, &w1, &w0, x[ 6], y[13]);
- word3_muladd(&w2, &w1, &w0, x[ 7], y[12]);
- word3_muladd(&w2, &w1, &w0, x[ 8], y[11]);
- word3_muladd(&w2, &w1, &w0, x[ 9], y[10]);
- word3_muladd(&w2, &w1, &w0, x[10], y[ 9]);
- word3_muladd(&w2, &w1, &w0, x[11], y[ 8]);
- word3_muladd(&w2, &w1, &w0, x[12], y[ 7]);
- word3_muladd(&w2, &w1, &w0, x[13], y[ 6]);
- word3_muladd(&w2, &w1, &w0, x[14], y[ 5]);
- word3_muladd(&w2, &w1, &w0, x[15], y[ 4]);
- z[19] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[ 5], y[15]);
- word3_muladd(&w2, &w1, &w0, x[ 6], y[14]);
- word3_muladd(&w2, &w1, &w0, x[ 7], y[13]);
- word3_muladd(&w2, &w1, &w0, x[ 8], y[12]);
- word3_muladd(&w2, &w1, &w0, x[ 9], y[11]);
- word3_muladd(&w2, &w1, &w0, x[10], y[10]);
- word3_muladd(&w2, &w1, &w0, x[11], y[ 9]);
- word3_muladd(&w2, &w1, &w0, x[12], y[ 8]);
- word3_muladd(&w2, &w1, &w0, x[13], y[ 7]);
- word3_muladd(&w2, &w1, &w0, x[14], y[ 6]);
- word3_muladd(&w2, &w1, &w0, x[15], y[ 5]);
- z[20] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[18] = w0; w0 = 0;
+
+ word3_muladd(&w0, &w2, &w1, x[ 4], y[15]);
+ word3_muladd(&w0, &w2, &w1, x[ 5], y[14]);
+ word3_muladd(&w0, &w2, &w1, x[ 6], y[13]);
+ word3_muladd(&w0, &w2, &w1, x[ 7], y[12]);
+ word3_muladd(&w0, &w2, &w1, x[ 8], y[11]);
+ word3_muladd(&w0, &w2, &w1, x[ 9], y[10]);
+ word3_muladd(&w0, &w2, &w1, x[10], y[ 9]);
+ word3_muladd(&w0, &w2, &w1, x[11], y[ 8]);
+ word3_muladd(&w0, &w2, &w1, x[12], y[ 7]);
+ word3_muladd(&w0, &w2, &w1, x[13], y[ 6]);
+ word3_muladd(&w0, &w2, &w1, x[14], y[ 5]);
+ word3_muladd(&w0, &w2, &w1, x[15], y[ 4]);
+ z[19] = w1; w1 = 0;
+
+ word3_muladd(&w1, &w0, &w2, x[ 5], y[15]);
+ word3_muladd(&w1, &w0, &w2, x[ 6], y[14]);
+ word3_muladd(&w1, &w0, &w2, x[ 7], y[13]);
+ word3_muladd(&w1, &w0, &w2, x[ 8], y[12]);
+ word3_muladd(&w1, &w0, &w2, x[ 9], y[11]);
+ word3_muladd(&w1, &w0, &w2, x[10], y[10]);
+ word3_muladd(&w1, &w0, &w2, x[11], y[ 9]);
+ word3_muladd(&w1, &w0, &w2, x[12], y[ 8]);
+ word3_muladd(&w1, &w0, &w2, x[13], y[ 7]);
+ word3_muladd(&w1, &w0, &w2, x[14], y[ 6]);
+ word3_muladd(&w1, &w0, &w2, x[15], y[ 5]);
+ z[20] = w2; w2 = 0;
word3_muladd(&w2, &w1, &w0, x[ 6], y[15]);
word3_muladd(&w2, &w1, &w0, x[ 7], y[14]);
@@ -848,28 +848,28 @@ void bigint_comba_mul16(word z[32], const word x[16], const word y[16])
word3_muladd(&w2, &w1, &w0, x[13], y[ 8]);
word3_muladd(&w2, &w1, &w0, x[14], y[ 7]);
word3_muladd(&w2, &w1, &w0, x[15], y[ 6]);
- z[21] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[ 7], y[15]);
- word3_muladd(&w2, &w1, &w0, x[ 8], y[14]);
- word3_muladd(&w2, &w1, &w0, x[ 9], y[13]);
- word3_muladd(&w2, &w1, &w0, x[10], y[12]);
- word3_muladd(&w2, &w1, &w0, x[11], y[11]);
- word3_muladd(&w2, &w1, &w0, x[12], y[10]);
- word3_muladd(&w2, &w1, &w0, x[13], y[ 9]);
- word3_muladd(&w2, &w1, &w0, x[14], y[ 8]);
- word3_muladd(&w2, &w1, &w0, x[15], y[ 7]);
- z[22] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[ 8], y[15]);
- word3_muladd(&w2, &w1, &w0, x[ 9], y[14]);
- word3_muladd(&w2, &w1, &w0, x[10], y[13]);
- word3_muladd(&w2, &w1, &w0, x[11], y[12]);
- word3_muladd(&w2, &w1, &w0, x[12], y[11]);
- word3_muladd(&w2, &w1, &w0, x[13], y[10]);
- word3_muladd(&w2, &w1, &w0, x[14], y[ 9]);
- word3_muladd(&w2, &w1, &w0, x[15], y[ 8]);
- z[23] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[21] = w0; w0 = 0;
+
+ word3_muladd(&w0, &w2, &w1, x[ 7], y[15]);
+ word3_muladd(&w0, &w2, &w1, x[ 8], y[14]);
+ word3_muladd(&w0, &w2, &w1, x[ 9], y[13]);
+ word3_muladd(&w0, &w2, &w1, x[10], y[12]);
+ word3_muladd(&w0, &w2, &w1, x[11], y[11]);
+ word3_muladd(&w0, &w2, &w1, x[12], y[10]);
+ word3_muladd(&w0, &w2, &w1, x[13], y[ 9]);
+ word3_muladd(&w0, &w2, &w1, x[14], y[ 8]);
+ word3_muladd(&w0, &w2, &w1, x[15], y[ 7]);
+ z[22] = w1; w1 = 0;
+
+ word3_muladd(&w1, &w0, &w2, x[ 8], y[15]);
+ word3_muladd(&w1, &w0, &w2, x[ 9], y[14]);
+ word3_muladd(&w1, &w0, &w2, x[10], y[13]);
+ word3_muladd(&w1, &w0, &w2, x[11], y[12]);
+ word3_muladd(&w1, &w0, &w2, x[12], y[11]);
+ word3_muladd(&w1, &w0, &w2, x[13], y[10]);
+ word3_muladd(&w1, &w0, &w2, x[14], y[ 9]);
+ word3_muladd(&w1, &w0, &w2, x[15], y[ 8]);
+ z[23] = w2; w2 = 0;
word3_muladd(&w2, &w1, &w0, x[ 9], y[15]);
word3_muladd(&w2, &w1, &w0, x[10], y[14]);
@@ -878,37 +878,37 @@ void bigint_comba_mul16(word z[32], const word x[16], const word y[16])
word3_muladd(&w2, &w1, &w0, x[13], y[11]);
word3_muladd(&w2, &w1, &w0, x[14], y[10]);
word3_muladd(&w2, &w1, &w0, x[15], y[ 9]);
- z[24] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[10], y[15]);
- word3_muladd(&w2, &w1, &w0, x[11], y[14]);
- word3_muladd(&w2, &w1, &w0, x[12], y[13]);
- word3_muladd(&w2, &w1, &w0, x[13], y[12]);
- word3_muladd(&w2, &w1, &w0, x[14], y[11]);
- word3_muladd(&w2, &w1, &w0, x[15], y[10]);
- z[25] = w0; w0 = w1; w1 = w2; w2 = 0;
-
- word3_muladd(&w2, &w1, &w0, x[11], y[15]);
- word3_muladd(&w2, &w1, &w0, x[12], y[14]);
- word3_muladd(&w2, &w1, &w0, x[13], y[13]);
- word3_muladd(&w2, &w1, &w0, x[14], y[12]);
- word3_muladd(&w2, &w1, &w0, x[15], y[11]);
- z[26] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[24] = w0; w0 = 0;
+
+ word3_muladd(&w0, &w2, &w1, x[10], y[15]);
+ word3_muladd(&w0, &w2, &w1, x[11], y[14]);
+ word3_muladd(&w0, &w2, &w1, x[12], y[13]);
+ word3_muladd(&w0, &w2, &w1, x[13], y[12]);
+ word3_muladd(&w0, &w2, &w1, x[14], y[11]);
+ word3_muladd(&w0, &w2, &w1, x[15], y[10]);
+ z[25] = w1; w1 = 0;
+
+ word3_muladd(&w1, &w0, &w2, x[11], y[15]);
+ word3_muladd(&w1, &w0, &w2, x[12], y[14]);
+ word3_muladd(&w1, &w0, &w2, x[13], y[13]);
+ word3_muladd(&w1, &w0, &w2, x[14], y[12]);
+ word3_muladd(&w1, &w0, &w2, x[15], y[11]);
+ z[26] = w2; w2 = 0;
word3_muladd(&w2, &w1, &w0, x[12], y[15]);
word3_muladd(&w2, &w1, &w0, x[13], y[14]);
word3_muladd(&w2, &w1, &w0, x[14], y[13]);
word3_muladd(&w2, &w1, &w0, x[15], y[12]);
- z[27] = w0; w0 = w1; w1 = w2; w2 = 0;
+ z[27] = w0; w0 = 0;
- word3_muladd(&w2, &w1, &w0, x[13], y[15]);
- word3_muladd(&w2, &w1, &w0, x[14], y[14]);
- word3_muladd(&w2, &w1, &w0, x[15], y[13]);
- z[28] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd(&w0, &w2, &w1, x[13], y[15]);
+ word3_muladd(&w0, &w2, &w1, x[14], y[14]);
+ word3_muladd(&w0, &w2, &w1, x[15], y[13]);
+ z[28] = w1; w1 = 0;
- word3_muladd(&w2, &w1, &w0, x[14], y[15]);
- word3_muladd(&w2, &w1, &w0, x[15], y[14]);
- z[29] = w0; w0 = w1; w1 = w2; w2 = 0;
+ word3_muladd(&w1, &w0, &w2, x[14], y[15]);
+ word3_muladd(&w1, &w0, &w2, x[15], y[14]);
+ z[29] = w2; w2 = 0;
word3_muladd(&w2, &w1, &w0, x[15], y[15]);
z[30] = w0;
diff --git a/src/math/mp/mp_core.h b/src/math/mp/mp_core.h
index 40327b02b..82bdbad53 100644
--- a/src/math/mp/mp_core.h
+++ b/src/math/mp/mp_core.h
@@ -140,8 +140,7 @@ void bigint_comba_mul16(word z[32], const word x[16], const word y[16]);
void bigint_comba_sqr4(word out[8], const word in[4]);
void bigint_comba_sqr6(word out[12], const word in[6]);
void bigint_comba_sqr8(word out[16], const word in[8]);
-void bigint_comba_sqr8(word out[32], const word in[16]);
-void bigint_comba_sqr16(word out[64], const word in[32]);
+void bigint_comba_sqr16(word out[32], const word in[16]);
}
diff --git a/src/ssl/hello.cpp b/src/ssl/hello.cpp
index 2c5a9d2ea..ae0d9607b 100644
--- a/src/ssl/hello.cpp
+++ b/src/ssl/hello.cpp
@@ -190,6 +190,14 @@ void Client_Hello::deserialize(const MemoryRegion<byte>& buf)
}
}
}
+ else if(extension_code == TLSEXT_SRP_IDENTIFIER)
+ {
+ std::vector<byte> name = reader.get_range_vector<byte>(1, 1, 255);
+
+ requested_srp_id.assign(
+ reinterpret_cast<char*>(&name[0]),
+ name.size());
+ }
else
{
reader.discard_next(extension_size);
diff --git a/src/ssl/tls_magic.h b/src/ssl/tls_magic.h
index 0c2a610b1..00898738e 100644
--- a/src/ssl/tls_magic.h
+++ b/src/ssl/tls_magic.h
@@ -181,6 +181,8 @@ enum TLS_Handshake_Extension_Type {
TLSEXT_USABLE_ELLIPTIC_CURVES = 10,
TLSEXT_EC_POINT_FORMATS = 11,
+ TLSEXT_SRP_IDENTIFIER = 12,
+
TLSEXT_CERTIFICATE_TYPES = 9,
TLSEXT_SESSION_TICKET = 35
};
diff --git a/src/ssl/tls_messages.h b/src/ssl/tls_messages.h
index 0b3553ac0..e7eaa56e1 100644
--- a/src/ssl/tls_messages.h
+++ b/src/ssl/tls_messages.h
@@ -51,6 +51,8 @@ class Client_Hello : public HandshakeMessage
std::string hostname() const { return requested_hostname; }
+ std::string srp_identifier() const { return requested_srp_id; }
+
bool offered_suite(u16bit) const;
Client_Hello(RandomNumberGenerator& rng,
@@ -75,6 +77,7 @@ class Client_Hello : public HandshakeMessage
std::vector<u16bit> suites;
std::vector<byte> comp_algos;
std::string requested_hostname;
+ std::string requested_srp_id;
};
/**
diff --git a/src/utils/cpuid.cpp b/src/utils/cpuid.cpp
index 917789f65..f6581f09c 100644
--- a/src/utils/cpuid.cpp
+++ b/src/utils/cpuid.cpp
@@ -10,10 +10,20 @@
#include <botan/get_byte.h>
#include <botan/mem_ops.h>
+#if defined(BOTAN_TARGET_CPU_IS_PPC_FAMILY)
+
#if defined(BOTAN_TARGET_OS_IS_DARWIN)
#include <sys/sysctl.h>
#endif
+#if defined(BOTAN_TARGET_OS_IS_OPENBSD)
+ #include <sys/param.h>
+ #include <sys/sysctl.h>
+ #include <machine/cpu.h>
+#endif
+
+#endif
+
#if defined(BOTAN_TARGET_CPU_IS_X86_FAMILY)
#if defined(BOTAN_BUILD_COMPILER_IS_MSVC)
@@ -24,9 +34,9 @@
#elif defined(BOTAN_BUILD_COMPILER_IS_INTEL)
#include <ia32intrin.h>
- #define CALL_CPUID(type, out) do { __cpuid(out, type); } while(0);
+ #define CALL_CPUID(type, out) do { __cpuid(out, type); } while(0)
-#elif (BOTAN_GCC_VERSION >= 430)
+#elif defined(BOTAN_BUILD_COMPILER_IS_GCC) && (BOTAN_GCC_VERSION >= 430)
// Only available starting in GCC 4.3
#include <cpuid.h>
@@ -46,6 +56,20 @@ namespace {
}
+#elif defined(BOTAN_TARGET_ARCH_IS_X86_64) && \
+ (defined(BOTAN_BUILD_COMPILER_IS_CLANG) || defined(BOTAN_BUILD_COMPILER_IS_GCC))
+
+ /*
+ * We can't safely use this on x86-32 as some 32-bit ABIs use ebx as
+ * a PIC register, and in theory there are some x86-32s still out
+ * there that don't support cpuid at all; it requires strange
+ * contortions to detect them.
+ */
+
+ #define CALL_CPUID(type, out) \
+ asm("cpuid\n\t" : "=a" (out[0]), "=b" (out[1]), "=c" (out[2]), "=d" (out[3]) \
+ : "0" (type))
+
#else
#warning "No method of calling CPUID for this compiler"
#endif
@@ -92,10 +116,14 @@ u32bit get_x86_cache_line_size()
bool altivec_check_sysctl()
{
-#if defined(BOTAN_TARGET_OS_IS_DARWIN)
+#if defined(BOTAN_TARGET_OS_IS_DARWIN) || defined(BOTAN_TARGET_OS_IS_OPENBSD)
+#if defined(BOTAN_TARGET_OS_IS_OPENBSD)
+ int sels[2] = { CTL_MACHDEP, CPU_ALTIVEC };
+#else
// From Apple's docs
int sels[2] = { CTL_HW, HW_VECTORUNIT };
+#endif
int vector_type = 0;
size_t length = sizeof(vector_type);
int error = sysctl(sels, 2, &vector_type, &length, NULL, 0);
diff --git a/src/utils/dyn_load/dyn_load.cpp b/src/utils/dyn_load/dyn_load.cpp
index 4a8cb16fa..06b8c5df3 100644
--- a/src/utils/dyn_load/dyn_load.cpp
+++ b/src/utils/dyn_load/dyn_load.cpp
@@ -39,7 +39,7 @@ Dynamically_Loaded_Library::Dynamically_Loaded_Library(
raise_runtime_loader_exception(lib_name, dlerror());
#elif defined(BOTAN_TARGET_OS_HAS_LOADLIBRARY)
- lib = ::LoadLibrary(lib_name.c_str());
+ lib = ::LoadLibraryA(lib_name.c_str());
if(!lib)
raise_runtime_loader_exception(lib_name, "LoadLibrary failed");
@@ -65,7 +65,8 @@ void* Dynamically_Loaded_Library::resolve_symbol(const std::string& symbol)
#if defined(BOTAN_TARGET_OS_HAS_DLOPEN)
addr = ::dlsym(lib, symbol.c_str());
#elif defined(BOTAN_TARGET_OS_HAS_LOADLIBRARY)
- addr = ::GetProcAddress((HMODULE)lib, symbol.c_str());
+ addr = reinterpret_cast<void*>(::GetProcAddress((HMODULE)lib,
+ symbol.c_str()));
#endif
if(!addr)