Bug Summary

File:src/lib/libcrypto/bn/bn_nist.c
Warning:line 696, column 3
Value stored to 'carry' is never read

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name bn_nist.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -fhalf-no-semantic-interposition -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/lib/libcrypto/obj -resource-dir /usr/local/lib/clang/13.0.0 -D LIBRESSL_INTERNAL -D LIBRESSL_CRYPTO_INTERNAL -D DSO_DLFCN -D HAVE_DLFCN_H -D HAVE_FUNOPEN -D OPENSSL_NO_HW_PADLOCK -I /usr/src/lib/libcrypto -I /usr/src/lib/libcrypto/asn1 -I /usr/src/lib/libcrypto/bio -I /usr/src/lib/libcrypto/bn -I /usr/src/lib/libcrypto/bytestring -I /usr/src/lib/libcrypto/dh -I /usr/src/lib/libcrypto/dsa -I /usr/src/lib/libcrypto/ec -I /usr/src/lib/libcrypto/ecdh -I /usr/src/lib/libcrypto/ecdsa -I /usr/src/lib/libcrypto/evp -I /usr/src/lib/libcrypto/hmac -I /usr/src/lib/libcrypto/modes -I /usr/src/lib/libcrypto/ocsp -I /usr/src/lib/libcrypto/rsa -I /usr/src/lib/libcrypto/x509 -I /usr/src/lib/libcrypto/obj -D AES_ASM -D BSAES_ASM -D VPAES_ASM -D OPENSSL_IA32_SSE2 -D RSA_ASM -D OPENSSL_BN_ASM_MONT -D OPENSSL_BN_ASM_MONT5 -D OPENSSL_BN_ASM_GF2m -D MD5_ASM -D GHASH_ASM -D RC4_MD5_ASM -D SHA1_ASM -D SHA256_ASM -D SHA512_ASM -D WHIRLPOOL_ASM -D OPENSSL_CPUID_OBJ -D PIC -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/lib/libcrypto/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/lib/libcrypto/bn/bn_nist.c
1/* $OpenBSD: bn_nist.c,v 1.19 2021/11/09 18:40:20 bcook Exp $ */
2/*
3 * Written by Nils Larsch for the OpenSSL project
4 */
5/* ====================================================================
6 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * openssl-core@openssl.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <endian.h>
60#include <stdint.h>
61#include <string.h>
62
63#include "bn_lcl.h"
64
65#define BN_NIST_192_TOP(192+64 -1)/64 (192+BN_BITS264-1)/BN_BITS264
66#define BN_NIST_224_TOP(224+64 -1)/64 (224+BN_BITS264-1)/BN_BITS264
67#define BN_NIST_256_TOP(256+64 -1)/64 (256+BN_BITS264-1)/BN_BITS264
68#define BN_NIST_384_TOP(384+64 -1)/64 (384+BN_BITS264-1)/BN_BITS264
69#define BN_NIST_521_TOP(521+64 -1)/64 (521+BN_BITS264-1)/BN_BITS264
70
71/* pre-computed tables are "carry-less" values of modulus*(i+1) */
72#if BN_BITS264 == 64
73static const BN_ULONGunsigned long _nist_p_192[][BN_NIST_192_TOP(192+64 -1)/64] = {
74 {0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFFULL},
75 {0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL},
76 {0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFCULL, 0xFFFFFFFFFFFFFFFFULL}
77};
78static const BN_ULONGunsigned long _nist_p_192_sqr[] = {
79 0x0000000000000001ULL, 0x0000000000000002ULL, 0x0000000000000001ULL,
80 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL
81};
82static const BN_ULONGunsigned long _nist_p_224[][BN_NIST_224_TOP(224+64 -1)/64] = {
83 {
84 0x0000000000000001ULL, 0xFFFFFFFF00000000ULL,
85 0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL
86 },
87 {
88 0x0000000000000002ULL, 0xFFFFFFFE00000000ULL,
89 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFFULL
90 } /* this one is "carry-full" */
91};
92static const BN_ULONGunsigned long _nist_p_224_sqr[] = {
93 0x0000000000000001ULL, 0xFFFFFFFE00000000ULL,
94 0xFFFFFFFFFFFFFFFFULL, 0x0000000200000000ULL,
95 0x0000000000000000ULL, 0xFFFFFFFFFFFFFFFEULL,
96 0xFFFFFFFFFFFFFFFFULL
97};
98static const BN_ULONGunsigned long _nist_p_256[][BN_NIST_256_TOP(256+64 -1)/64] = {
99 {
100 0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL,
101 0x0000000000000000ULL, 0xFFFFFFFF00000001ULL
102 },
103 {
104 0xFFFFFFFFFFFFFFFEULL, 0x00000001FFFFFFFFULL,
105 0x0000000000000000ULL, 0xFFFFFFFE00000002ULL
106 },
107 {
108 0xFFFFFFFFFFFFFFFDULL, 0x00000002FFFFFFFFULL,
109 0x0000000000000000ULL, 0xFFFFFFFD00000003ULL
110 },
111 {
112 0xFFFFFFFFFFFFFFFCULL, 0x00000003FFFFFFFFULL,
113 0x0000000000000000ULL, 0xFFFFFFFC00000004ULL
114 },
115 {
116 0xFFFFFFFFFFFFFFFBULL, 0x00000004FFFFFFFFULL,
117 0x0000000000000000ULL, 0xFFFFFFFB00000005ULL
118 },
119};
120static const BN_ULONGunsigned long _nist_p_256_sqr[] = {
121 0x0000000000000001ULL, 0xFFFFFFFE00000000ULL,
122 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFEULL,
123 0x00000001FFFFFFFEULL, 0x00000001FFFFFFFEULL,
124 0xFFFFFFFE00000001ULL, 0xFFFFFFFE00000002ULL
125};
126static const BN_ULONGunsigned long _nist_p_384[][BN_NIST_384_TOP(384+64 -1)/64] = {
127 {
128 0x00000000FFFFFFFFULL, 0xFFFFFFFF00000000ULL,
129 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFFULL,
130 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL
131 },
132 {
133 0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL,
134 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL,
135 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL
136 },
137 {
138 0x00000002FFFFFFFDULL, 0xFFFFFFFD00000000ULL,
139 0xFFFFFFFFFFFFFFFCULL, 0xFFFFFFFFFFFFFFFFULL,
140 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL
141 },
142 {
143 0x00000003FFFFFFFCULL, 0xFFFFFFFC00000000ULL,
144 0xFFFFFFFFFFFFFFFBULL, 0xFFFFFFFFFFFFFFFFULL,
145 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL
146 },
147 {
148 0x00000004FFFFFFFBULL, 0xFFFFFFFB00000000ULL,
149 0xFFFFFFFFFFFFFFFAULL, 0xFFFFFFFFFFFFFFFFULL,
150 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL
151 },
152};
153static const BN_ULONGunsigned long _nist_p_384_sqr[] = {
154 0xFFFFFFFE00000001ULL, 0x0000000200000000ULL, 0xFFFFFFFE00000000ULL,
155 0x0000000200000000ULL, 0x0000000000000001ULL, 0x0000000000000000ULL,
156 0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL,
157 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL
158};
159static const BN_ULONGunsigned long _nist_p_521[] = {
160 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
161 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
162 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0x00000000000001FFULL
163};
164static const BN_ULONGunsigned long _nist_p_521_sqr[] = {
165 0x0000000000000001ULL, 0x0000000000000000ULL, 0x0000000000000000ULL,
166 0x0000000000000000ULL, 0x0000000000000000ULL, 0x0000000000000000ULL,
167 0x0000000000000000ULL, 0x0000000000000000ULL, 0xFFFFFFFFFFFFFC00ULL,
168 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
169 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
170 0xFFFFFFFFFFFFFFFFULL, 0x000000000003FFFFULL
171};
172#elif BN_BITS264 == 32
173static const BN_ULONGunsigned long _nist_p_192[][BN_NIST_192_TOP(192+64 -1)/64] = {
174 {
175 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF,
176 0xFFFFFFFF, 0xFFFFFFFF
177 },
178 {
179 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF,
180 0xFFFFFFFF, 0xFFFFFFFF
181 },
182 {
183 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFC, 0xFFFFFFFF,
184 0xFFFFFFFF, 0xFFFFFFFF
185 }
186};
187static const BN_ULONGunsigned long _nist_p_192_sqr[] = {
188 0x00000001, 0x00000000, 0x00000002, 0x00000000, 0x00000001, 0x00000000,
189 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
190};
191static const BN_ULONGunsigned long _nist_p_224[][BN_NIST_224_TOP(224+64 -1)/64] = {
192 {
193 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF,
194 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
195 },
196 {
197 0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE,
198 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
199 }
200};
201static const BN_ULONGunsigned long _nist_p_224_sqr[] = {
202 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE,
203 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000002,
204 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF,
205 0xFFFFFFFF, 0xFFFFFFFF
206};
207static const BN_ULONGunsigned long _nist_p_256[][BN_NIST_256_TOP(256+64 -1)/64] = {
208 {
209 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000,
210 0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF
211 },
212 {
213 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001,
214 0x00000000, 0x00000000, 0x00000002, 0xFFFFFFFE
215 },
216 {
217 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002,
218 0x00000000, 0x00000000, 0x00000003, 0xFFFFFFFD
219 },
220 {
221 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003,
222 0x00000000, 0x00000000, 0x00000004, 0xFFFFFFFC
223 },
224 {
225 0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000004,
226 0x00000000, 0x00000000, 0x00000005, 0xFFFFFFFB
227 },
228};
229static const BN_ULONGunsigned long _nist_p_256_sqr[] = {
230 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE,
231 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0x00000001,
232 0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001,
233 0x00000001, 0xFFFFFFFE, 0x00000002, 0xFFFFFFFE
234};
235static const BN_ULONGunsigned long _nist_p_384[][BN_NIST_384_TOP(384+64 -1)/64] = {
236 {
237 0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF,
238 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
239 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
240 },
241 {
242 0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE,
243 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
244 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
245 },
246 {
247 0xFFFFFFFD, 0x00000002, 0x00000000, 0xFFFFFFFD,
248 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
249 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
250 },
251 {
252 0xFFFFFFFC, 0x00000003, 0x00000000, 0xFFFFFFFC,
253 0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
254 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
255 },
256 {
257 0xFFFFFFFB, 0x00000004, 0x00000000, 0xFFFFFFFB,
258 0xFFFFFFFA, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
259 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
260 },
261};
262static const BN_ULONGunsigned long _nist_p_384_sqr[] = {
263 0x00000001, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000000, 0xFFFFFFFE,
264 0x00000000, 0x00000002, 0x00000001, 0x00000000, 0x00000000, 0x00000000,
265 0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF,
266 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
267};
268static const BN_ULONGunsigned long _nist_p_521[] = {
269 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
270 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
271 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
272 0xFFFFFFFF, 0x000001FF
273};
274static const BN_ULONGunsigned long _nist_p_521_sqr[] = {
275 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
276 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
277 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFC00, 0xFFFFFFFF,
278 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
279 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
280 0xFFFFFFFF, 0xFFFFFFFF, 0x0003FFFF
281};
282#else
283#error "unsupported BN_BITS2"
284#endif
285
286static const BIGNUM _bignum_nist_p_192 = {
287 (BN_ULONGunsigned long *)_nist_p_192[0],
288 BN_NIST_192_TOP(192+64 -1)/64,
289 BN_NIST_192_TOP(192+64 -1)/64,
290 0,
291 BN_FLG_STATIC_DATA0x02
292};
293
294static const BIGNUM _bignum_nist_p_224 = {
295 (BN_ULONGunsigned long *)_nist_p_224[0],
296 BN_NIST_224_TOP(224+64 -1)/64,
297 BN_NIST_224_TOP(224+64 -1)/64,
298 0,
299 BN_FLG_STATIC_DATA0x02
300};
301
302static const BIGNUM _bignum_nist_p_256 = {
303 (BN_ULONGunsigned long *)_nist_p_256[0],
304 BN_NIST_256_TOP(256+64 -1)/64,
305 BN_NIST_256_TOP(256+64 -1)/64,
306 0,
307 BN_FLG_STATIC_DATA0x02
308};
309
310static const BIGNUM _bignum_nist_p_384 = {
311 (BN_ULONGunsigned long *)_nist_p_384[0],
312 BN_NIST_384_TOP(384+64 -1)/64,
313 BN_NIST_384_TOP(384+64 -1)/64,
314 0,
315 BN_FLG_STATIC_DATA0x02
316};
317
318static const BIGNUM _bignum_nist_p_521 = {
319 (BN_ULONGunsigned long *)_nist_p_521,
320 BN_NIST_521_TOP(521+64 -1)/64,
321 BN_NIST_521_TOP(521+64 -1)/64,
322 0,
323 BN_FLG_STATIC_DATA0x02
324};
325
326
327const BIGNUM *
328BN_get0_nist_prime_192(void)
329{
330 return &_bignum_nist_p_192;
331}
332
333const BIGNUM *
334BN_get0_nist_prime_224(void)
335{
336 return &_bignum_nist_p_224;
337}
338
339const BIGNUM *
340BN_get0_nist_prime_256(void)
341{
342 return &_bignum_nist_p_256;
343}
344
345const BIGNUM *
346BN_get0_nist_prime_384(void)
347{
348 return &_bignum_nist_p_384;
349}
350
351const BIGNUM *
352BN_get0_nist_prime_521(void)
353{
354 return &_bignum_nist_p_521;
355}
356
357static void
358nist_cp_bn_0(BN_ULONGunsigned long *dst, const BN_ULONGunsigned long *src, int top, int max)
359{
360 int i;
361
362#ifdef BN_DEBUG
363 OPENSSL_assert(top <= max)(void)((top <= max) ? 0 : (OpenSSLDie("/usr/src/lib/libcrypto/bn/bn_nist.c"
, 363, "top <= max"),1));
364#endif
365 for (i = 0; i < top; i++)
366 dst[i] = src[i];
367 for (; i < max; i++)
368 dst[i] = 0;
369}
370
371static void nist_cp_bn(BN_ULONGunsigned long *dst, const BN_ULONGunsigned long *src, int top)
372{
373 int i;
374
375 for (i = 0; i < top; i++)
376 dst[i] = src[i];
377}
378
379#if BN_BITS264 == 64
380#define bn_cp_64(to, n, from, m)(to)[n] = (m>=0)?((from)[m]):0; (to)[n] = (m>=0)?((from)[m]):0;
381#define bn_64_set_0(to, n)(to)[n] = (unsigned long)0; (to)[n] = (BN_ULONGunsigned long)0;
382/*
383 * two following macros are implemented under assumption that they
384 * are called in a sequence with *ascending* n, i.e. as they are...
385 */
386#define bn_cp_32_naked(to, n, from, m)(((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&(0xffffffff00000000L
)):(from[(m)/2]<<32)) :(to[(n)/2] =((m)&1)?(from[(m
)/2]>>32):(from[(m)/2]&(0xffffffffL)))) (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h(0xffffffff00000000L)):(from[(m)/2]<<32))\
387 :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l(0xffffffffL))))
388#define bn_32_set_0(to, n)(((n)&1)?(to[(n)/2]&=(0xffffffffL)):(to[(n)/2]=0)); (((n)&1)?(to[(n)/2]&=BN_MASK2l(0xffffffffL)):(to[(n)/2]=0));
389#define bn_cp_32(to,n,from,m)((m)>=0)?(((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]
&(0xffffffff00000000L)):(from[(m)/2]<<32)) :(to[(n)
/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&(0xffffffffL
)))):(((n)&1)?(to[(n)/2]&=(0xffffffffL)):(to[(n)/2]=0
)); ((m)>=0)?bn_cp_32_naked(to,n,from,m)(((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&(0xffffffff00000000L
)):(from[(m)/2]<<32)) :(to[(n)/2] =((m)&1)?(from[(m
)/2]>>32):(from[(m)/2]&(0xffffffffL)))):bn_32_set_0(to,n)(((n)&1)?(to[(n)/2]&=(0xffffffffL)):(to[(n)/2]=0));
390# if BYTE_ORDER1234 == LITTLE_ENDIAN1234
391# if defined(_LP641)
392# define NIST_INT64long long
393# else
394# define NIST_INT64long long long
395# endif
396# endif
397#else
398#define bn_cp_64(to, n, from, m)(to)[n] = (m>=0)?((from)[m]):0; \
399 { \
400 bn_cp_32(to, (n)*2, from, (m)*2)(((m)*2)>=0)?((((n)*2)&1)?(to[((n)*2)/2]|=(((m)*2)&
1)?(from[((m)*2)/2]&(0xffffffff00000000L)):(from[((m)*2)/
2]<<32)) :(to[((n)*2)/2] =(((m)*2)&1)?(from[((m)*2)
/2]>>32):(from[((m)*2)/2]&(0xffffffffL)))):((((n)*2
)&1)?(to[((n)*2)/2]&=(0xffffffffL)):(to[((n)*2)/2]=0)
);; \
401 bn_cp_32(to, (n)*2+1, from, (m)*2+1)(((m)*2+1)>=0)?((((n)*2+1)&1)?(to[((n)*2+1)/2]|=(((m)*
2+1)&1)?(from[((m)*2+1)/2]&(0xffffffff00000000L)):(from
[((m)*2+1)/2]<<32)) :(to[((n)*2+1)/2] =(((m)*2+1)&1
)?(from[((m)*2+1)/2]>>32):(from[((m)*2+1)/2]&(0xffffffffL
)))):((((n)*2+1)&1)?(to[((n)*2+1)/2]&=(0xffffffffL)):
(to[((n)*2+1)/2]=0));; \
402 }
403#define bn_64_set_0(to, n)(to)[n] = (unsigned long)0; \
404 { \
405 bn_32_set_0(to, (n)*2)((((n)*2)&1)?(to[((n)*2)/2]&=(0xffffffffL)):(to[((n)*
2)/2]=0));; \
406 bn_32_set_0(to, (n)*2+1)((((n)*2+1)&1)?(to[((n)*2+1)/2]&=(0xffffffffL)):(to[(
(n)*2+1)/2]=0));; \
407 }
408#define bn_cp_32(to, n, from, m)((m)>=0)?(((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]
&(0xffffffff00000000L)):(from[(m)/2]<<32)) :(to[(n)
/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&(0xffffffffL
)))):(((n)&1)?(to[(n)/2]&=(0xffffffffL)):(to[(n)/2]=0
)); (to)[n] = (m>=0)?((from)[m]):0;
409#define bn_32_set_0(to, n)(((n)&1)?(to[(n)/2]&=(0xffffffffL)):(to[(n)/2]=0)); (to)[n] = (BN_ULONGunsigned long)0;
410# if defined(BN_LLONG)
411# define NIST_INT64long long long
412# endif
413#endif /* BN_BITS2 != 64 */
414
415#define nist_set_192(to, from, a1, a2, a3){ (to)[0] = ((a3) - 3>=0)?((from)[(a3) - 3]):0; (to)[1] = (
(a2) - 3>=0)?((from)[(a2) - 3]):0; (to)[2] = ((a1) - 3>=
0)?((from)[(a1) - 3]):0; } \
416 { \
417 bn_cp_64(to, 0, from, (a3) - 3)(to)[0] = ((a3) - 3>=0)?((from)[(a3) - 3]):0; \
418 bn_cp_64(to, 1, from, (a2) - 3)(to)[1] = ((a2) - 3>=0)?((from)[(a2) - 3]):0; \
419 bn_cp_64(to, 2, from, (a1) - 3)(to)[2] = ((a1) - 3>=0)?((from)[(a1) - 3]):0; \
420 }
421
422int
423BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx)
424{
425 int top = a->top, i;
426 int carry;
427 BN_ULONGunsigned long *r_d, *a_d = a->d;
428 union {
429 BN_ULONGunsigned long bn[BN_NIST_192_TOP(192+64 -1)/64];
430 unsigned int ui[BN_NIST_192_TOP(192+64 -1)/64 *
431 sizeof(BN_ULONGunsigned long) / sizeof(unsigned int)];
432 } buf;
433 BN_ULONGunsigned long c_d[BN_NIST_192_TOP(192+64 -1)/64], *res;
434 uintptr_t mask;
435 static const BIGNUM _bignum_nist_p_192_sqr = {
436 (BN_ULONGunsigned long *)_nist_p_192_sqr,
437 sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]),
438 sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]),
439 0,
440 BN_FLG_STATIC_DATA0x02
441 };
442
443 field = &_bignum_nist_p_192; /* just to make sure */
444
445 if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_192_sqr) >= 0)
446 return BN_nnmod(r, a, field, ctx);
447
448 i = BN_ucmp(field, a);
449 if (i == 0) {
450 BN_zero(r)(BN_set_word((r),0));
451 return 1;
452 } else if (i > 0)
453 return (r == a) ? 1 : (BN_copy(r , a) != NULL((void *)0));
454
455 if (r != a) {
456 if (!bn_wexpand(r, BN_NIST_192_TOP)((((192+64 -1)/64) <= (r)->dmax)?(r):bn_expand2((r),((192
+64 -1)/64))))
457 return 0;
458 r_d = r->d;
459 nist_cp_bn(r_d, a_d, BN_NIST_192_TOP(192+64 -1)/64);
460 } else
461 r_d = a_d;
462
463 nist_cp_bn_0(buf.bn, a_d + BN_NIST_192_TOP(192+64 -1)/64, top - BN_NIST_192_TOP(192+64 -1)/64,
464 BN_NIST_192_TOP(192+64 -1)/64);
465
466#if defined(NIST_INT64long)
467 {
468 NIST_INT64long acc; /* accumulator */
469 unsigned int *rp = (unsigned int *)r_d;
470 const unsigned int *bp = (const unsigned int *)buf.ui;
471
472 acc = rp[0];
473 acc += bp[3 * 2 - 6];
474 acc += bp[5 * 2 - 6];
475 rp[0] = (unsigned int)acc;
476 acc >>= 32;
477
478 acc += rp[1];
479 acc += bp[3 * 2 - 5];
480 acc += bp[5 * 2 - 5];
481 rp[1] = (unsigned int)acc;
482 acc >>= 32;
483
484 acc += rp[2];
485 acc += bp[3 * 2 - 6];
486 acc += bp[4 * 2 - 6];
487 acc += bp[5 * 2 - 6];
488 rp[2] = (unsigned int)acc;
489 acc >>= 32;
490
491 acc += rp[3];
492 acc += bp[3 * 2 - 5];
493 acc += bp[4 * 2 - 5];
494 acc += bp[5 * 2 - 5];
495 rp[3] = (unsigned int)acc;
496 acc >>= 32;
497
498 acc += rp[4];
499 acc += bp[4 * 2 - 6];
500 acc += bp[5 * 2 - 6];
501 rp[4] = (unsigned int)acc;
502 acc >>= 32;
503
504 acc += rp[5];
505 acc += bp[4 * 2 - 5];
506 acc += bp[5 * 2 - 5];
507 rp[5] = (unsigned int)acc;
508
509 carry = (int)(acc >> 32);
510 }
511#else
512 {
513 BN_ULONGunsigned long t_d[BN_NIST_192_TOP(192+64 -1)/64] = {0};
514
515 nist_set_192(t_d, buf.bn, 0, 3, 3){ (t_d)[0] = ((3) - 3>=0)?((buf.bn)[(3) - 3]):0; (t_d)[1] =
((3) - 3>=0)?((buf.bn)[(3) - 3]):0; (t_d)[2] = ((0) - 3>=
0)?((buf.bn)[(0) - 3]):0; };
516 carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP(192+64 -1)/64);
517 nist_set_192(t_d, buf.bn, 4, 4, 0){ (t_d)[0] = ((0) - 3>=0)?((buf.bn)[(0) - 3]):0; (t_d)[1] =
((4) - 3>=0)?((buf.bn)[(4) - 3]):0; (t_d)[2] = ((4) - 3>=
0)?((buf.bn)[(4) - 3]):0; };
518 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP(192+64 -1)/64);
519 nist_set_192(t_d, buf.bn, 5, 5, 5){ (t_d)[0] = ((5) - 3>=0)?((buf.bn)[(5) - 3]):0; (t_d)[1] =
((5) - 3>=0)?((buf.bn)[(5) - 3]):0; (t_d)[2] = ((5) - 3>=
0)?((buf.bn)[(5) - 3]):0; }
520 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP(192+64 -1)/64);
521 }
522#endif
523 if (carry > 0)
524 carry = (int)bn_sub_words(r_d, r_d, _nist_p_192[carry - 1],
525 BN_NIST_192_TOP(192+64 -1)/64);
526 else
527 carry = 1;
528
529 /*
530 * we need 'if (carry==0 || result>=modulus) result-=modulus;'
531 * as comparison implies subtraction, we can write
532 * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
533 * this is what happens below, but without explicit if:-) a.
534 */
535 mask = 0 - (uintptr_t)bn_sub_words(c_d, r_d, _nist_p_192[0],
536 BN_NIST_192_TOP(192+64 -1)/64);
537 mask &= 0 - (uintptr_t)carry;
538 res = c_d;
539 res = (BN_ULONGunsigned long *)(((uintptr_t)res & ~mask) | ((uintptr_t)r_d & mask));
540 nist_cp_bn(r_d, res, BN_NIST_192_TOP(192+64 -1)/64);
541 r->top = BN_NIST_192_TOP(192+64 -1)/64;
542 bn_correct_top(r){ unsigned long *ftl; int tmp_top = (r)->top; if (tmp_top >
0) { for (ftl= &((r)->d[tmp_top-1]); tmp_top > 0; tmp_top
--) if (*(ftl--)) break; (r)->top = tmp_top; } ; };
543
544 return 1;
545}
546
547typedef BN_ULONGunsigned long (*bn_addsub_f)(BN_ULONGunsigned long *, const BN_ULONGunsigned long *,
548 const BN_ULONGunsigned long *, int);
549
550#define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7){ (((a7) - 7)>=0)?(((0)&1)?(to[(0)/2]|=(((a7) - 7)&
1)?(from[((a7) - 7)/2]&(0xffffffff00000000L)):(from[((a7)
- 7)/2]<<32)) :(to[(0)/2] =(((a7) - 7)&1)?(from[((
a7) - 7)/2]>>32):(from[((a7) - 7)/2]&(0xffffffffL))
)):(((0)&1)?(to[(0)/2]&=(0xffffffffL)):(to[(0)/2]=0))
; (((a6) - 7)>=0)?(((1)&1)?(to[(1)/2]|=(((a6) - 7)&
1)?(from[((a6) - 7)/2]&(0xffffffff00000000L)):(from[((a6)
- 7)/2]<<32)) :(to[(1)/2] =(((a6) - 7)&1)?(from[((
a6) - 7)/2]>>32):(from[((a6) - 7)/2]&(0xffffffffL))
)):(((1)&1)?(to[(1)/2]&=(0xffffffffL)):(to[(1)/2]=0))
; (((a5) - 7)>=0)?(((2)&1)?(to[(2)/2]|=(((a5) - 7)&
1)?(from[((a5) - 7)/2]&(0xffffffff00000000L)):(from[((a5)
- 7)/2]<<32)) :(to[(2)/2] =(((a5) - 7)&1)?(from[((
a5) - 7)/2]>>32):(from[((a5) - 7)/2]&(0xffffffffL))
)):(((2)&1)?(to[(2)/2]&=(0xffffffffL)):(to[(2)/2]=0))
; (((a4) - 7)>=0)?(((3)&1)?(to[(3)/2]|=(((a4) - 7)&
1)?(from[((a4) - 7)/2]&(0xffffffff00000000L)):(from[((a4)
- 7)/2]<<32)) :(to[(3)/2] =(((a4) - 7)&1)?(from[((
a4) - 7)/2]>>32):(from[((a4) - 7)/2]&(0xffffffffL))
)):(((3)&1)?(to[(3)/2]&=(0xffffffffL)):(to[(3)/2]=0))
; (((a3) - 7)>=0)?(((4)&1)?(to[(4)/2]|=(((a3) - 7)&
1)?(from[((a3) - 7)/2]&(0xffffffff00000000L)):(from[((a3)
- 7)/2]<<32)) :(to[(4)/2] =(((a3) - 7)&1)?(from[((
a3) - 7)/2]>>32):(from[((a3) - 7)/2]&(0xffffffffL))
)):(((4)&1)?(to[(4)/2]&=(0xffffffffL)):(to[(4)/2]=0))
; (((a2) - 7)>=0)?(((5)&1)?(to[(5)/2]|=(((a2) - 7)&
1)?(from[((a2) - 7)/2]&(0xffffffff00000000L)):(from[((a2)
- 7)/2]<<32)) :(to[(5)/2] =(((a2) - 7)&1)?(from[((
a2) - 7)/2]>>32):(from[((a2) - 7)/2]&(0xffffffffL))
)):(((5)&1)?(to[(5)/2]&=(0xffffffffL)):(to[(5)/2]=0))
; (((a1) - 7)>=0)?(((6)&1)?(to[(6)/2]|=(((a1) - 7)&
1)?(from[((a1) - 7)/2]&(0xffffffff00000000L)):(from[((a1)
- 7)/2]<<32)) :(to[(6)/2] =(((a1) - 7)&1)?(from[((
a1) - 7)/2]>>32):(from[((a1) - 7)/2]&(0xffffffffL))
)):(((6)&1)?(to[(6)/2]&=(0xffffffffL)):(to[(6)/2]=0))
; } \
551 { \
552 bn_cp_32(to, 0, from, (a7) - 7)(((a7) - 7)>=0)?(((0)&1)?(to[(0)/2]|=(((a7) - 7)&1
)?(from[((a7) - 7)/2]&(0xffffffff00000000L)):(from[((a7) -
7)/2]<<32)) :(to[(0)/2] =(((a7) - 7)&1)?(from[((a7
) - 7)/2]>>32):(from[((a7) - 7)/2]&(0xffffffffL))))
:(((0)&1)?(to[(0)/2]&=(0xffffffffL)):(to[(0)/2]=0)); \
553 bn_cp_32(to, 1, from, (a6) - 7)(((a6) - 7)>=0)?(((1)&1)?(to[(1)/2]|=(((a6) - 7)&1
)?(from[((a6) - 7)/2]&(0xffffffff00000000L)):(from[((a6) -
7)/2]<<32)) :(to[(1)/2] =(((a6) - 7)&1)?(from[((a6
) - 7)/2]>>32):(from[((a6) - 7)/2]&(0xffffffffL))))
:(((1)&1)?(to[(1)/2]&=(0xffffffffL)):(to[(1)/2]=0)); \
554 bn_cp_32(to, 2, from, (a5) - 7)(((a5) - 7)>=0)?(((2)&1)?(to[(2)/2]|=(((a5) - 7)&1
)?(from[((a5) - 7)/2]&(0xffffffff00000000L)):(from[((a5) -
7)/2]<<32)) :(to[(2)/2] =(((a5) - 7)&1)?(from[((a5
) - 7)/2]>>32):(from[((a5) - 7)/2]&(0xffffffffL))))
:(((2)&1)?(to[(2)/2]&=(0xffffffffL)):(to[(2)/2]=0)); \
555 bn_cp_32(to, 3, from, (a4) - 7)(((a4) - 7)>=0)?(((3)&1)?(to[(3)/2]|=(((a4) - 7)&1
)?(from[((a4) - 7)/2]&(0xffffffff00000000L)):(from[((a4) -
7)/2]<<32)) :(to[(3)/2] =(((a4) - 7)&1)?(from[((a4
) - 7)/2]>>32):(from[((a4) - 7)/2]&(0xffffffffL))))
:(((3)&1)?(to[(3)/2]&=(0xffffffffL)):(to[(3)/2]=0)); \
556 bn_cp_32(to, 4, from, (a3) - 7)(((a3) - 7)>=0)?(((4)&1)?(to[(4)/2]|=(((a3) - 7)&1
)?(from[((a3) - 7)/2]&(0xffffffff00000000L)):(from[((a3) -
7)/2]<<32)) :(to[(4)/2] =(((a3) - 7)&1)?(from[((a3
) - 7)/2]>>32):(from[((a3) - 7)/2]&(0xffffffffL))))
:(((4)&1)?(to[(4)/2]&=(0xffffffffL)):(to[(4)/2]=0)); \
557 bn_cp_32(to, 5, from, (a2) - 7)(((a2) - 7)>=0)?(((5)&1)?(to[(5)/2]|=(((a2) - 7)&1
)?(from[((a2) - 7)/2]&(0xffffffff00000000L)):(from[((a2) -
7)/2]<<32)) :(to[(5)/2] =(((a2) - 7)&1)?(from[((a2
) - 7)/2]>>32):(from[((a2) - 7)/2]&(0xffffffffL))))
:(((5)&1)?(to[(5)/2]&=(0xffffffffL)):(to[(5)/2]=0)); \
558 bn_cp_32(to, 6, from, (a1) - 7)(((a1) - 7)>=0)?(((6)&1)?(to[(6)/2]|=(((a1) - 7)&1
)?(from[((a1) - 7)/2]&(0xffffffff00000000L)):(from[((a1) -
7)/2]<<32)) :(to[(6)/2] =(((a1) - 7)&1)?(from[((a1
) - 7)/2]>>32):(from[((a1) - 7)/2]&(0xffffffffL))))
:(((6)&1)?(to[(6)/2]&=(0xffffffffL)):(to[(6)/2]=0)); \
559 }
560
561int
562BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx)
563{
564 int top = a->top, i;
565 int carry;
566 BN_ULONGunsigned long *r_d, *a_d = a->d;
567 union {
568 BN_ULONGunsigned long bn[BN_NIST_224_TOP(224+64 -1)/64];
569 unsigned int ui[BN_NIST_224_TOP(224+64 -1)/64 *
570 sizeof(BN_ULONGunsigned long) / sizeof(unsigned int)];
571 } buf;
572 BN_ULONGunsigned long c_d[BN_NIST_224_TOP(224+64 -1)/64], *res;
573 uintptr_t mask;
574 union {
575 bn_addsub_f f;
576 uintptr_t p;
577 } u;
578 static const BIGNUM _bignum_nist_p_224_sqr = {
579 (BN_ULONGunsigned long *)_nist_p_224_sqr,
580 sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]),
581 sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]),
582 0,
583 BN_FLG_STATIC_DATA0x02
584 };
585
586 field = &_bignum_nist_p_224; /* just to make sure */
587
588 if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_224_sqr) >= 0)
589 return BN_nnmod(r, a, field, ctx);
590
591 i = BN_ucmp(field, a);
592 if (i == 0) {
593 BN_zero(r)(BN_set_word((r),0));
594 return 1;
595 } else if (i > 0)
596 return (r == a) ? 1 : (BN_copy(r, a) != NULL((void *)0));
597
598 if (r != a) {
599 if (!bn_wexpand(r, BN_NIST_224_TOP)((((224+64 -1)/64) <= (r)->dmax)?(r):bn_expand2((r),((224
+64 -1)/64))))
600 return 0;
601 r_d = r->d;
602 nist_cp_bn(r_d, a_d, BN_NIST_224_TOP(224+64 -1)/64);
603 } else
604 r_d = a_d;
605
606 memset(&buf, 0, sizeof(buf));
607
608#if BN_BITS264==64
609 /* copy upper 256 bits of 448 bit number ... */
610 nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP(224+64 -1)/64 - 1),
611 top - (BN_NIST_224_TOP(224+64 -1)/64 - 1), BN_NIST_224_TOP(224+64 -1)/64);
612 /* ... and right shift by 32 to obtain upper 224 bits */
613 nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8){ (((8) - 7)>=0)?(((0)&1)?(buf.bn[(0)/2]|=(((8) - 7)&
1)?(c_d[((8) - 7)/2]&(0xffffffff00000000L)):(c_d[((8) - 7
)/2]<<32)) :(buf.bn[(0)/2] =(((8) - 7)&1)?(c_d[((8)
- 7)/2]>>32):(c_d[((8) - 7)/2]&(0xffffffffL)))):((
(0)&1)?(buf.bn[(0)/2]&=(0xffffffffL)):(buf.bn[(0)/2]=
0)); (((9) - 7)>=0)?(((1)&1)?(buf.bn[(1)/2]|=(((9) - 7
)&1)?(c_d[((9) - 7)/2]&(0xffffffff00000000L)):(c_d[((
9) - 7)/2]<<32)) :(buf.bn[(1)/2] =(((9) - 7)&1)?(c_d
[((9) - 7)/2]>>32):(c_d[((9) - 7)/2]&(0xffffffffL))
)):(((1)&1)?(buf.bn[(1)/2]&=(0xffffffffL)):(buf.bn[(1
)/2]=0)); (((10) - 7)>=0)?(((2)&1)?(buf.bn[(2)/2]|=(((
10) - 7)&1)?(c_d[((10) - 7)/2]&(0xffffffff00000000L))
:(c_d[((10) - 7)/2]<<32)) :(buf.bn[(2)/2] =(((10) - 7)&
1)?(c_d[((10) - 7)/2]>>32):(c_d[((10) - 7)/2]&(0xffffffffL
)))):(((2)&1)?(buf.bn[(2)/2]&=(0xffffffffL)):(buf.bn[
(2)/2]=0)); (((11) - 7)>=0)?(((3)&1)?(buf.bn[(3)/2]|=(
((11) - 7)&1)?(c_d[((11) - 7)/2]&(0xffffffff00000000L
)):(c_d[((11) - 7)/2]<<32)) :(buf.bn[(3)/2] =(((11) - 7
)&1)?(c_d[((11) - 7)/2]>>32):(c_d[((11) - 7)/2]&
(0xffffffffL)))):(((3)&1)?(buf.bn[(3)/2]&=(0xffffffffL
)):(buf.bn[(3)/2]=0)); (((12) - 7)>=0)?(((4)&1)?(buf.bn
[(4)/2]|=(((12) - 7)&1)?(c_d[((12) - 7)/2]&(0xffffffff00000000L
)):(c_d[((12) - 7)/2]<<32)) :(buf.bn[(4)/2] =(((12) - 7
)&1)?(c_d[((12) - 7)/2]>>32):(c_d[((12) - 7)/2]&
(0xffffffffL)))):(((4)&1)?(buf.bn[(4)/2]&=(0xffffffffL
)):(buf.bn[(4)/2]=0)); (((13) - 7)>=0)?(((5)&1)?(buf.bn
[(5)/2]|=(((13) - 7)&1)?(c_d[((13) - 7)/2]&(0xffffffff00000000L
)):(c_d[((13) - 7)/2]<<32)) :(buf.bn[(5)/2] =(((13) - 7
)&1)?(c_d[((13) - 7)/2]>>32):(c_d[((13) - 7)/2]&
(0xffffffffL)))):(((5)&1)?(buf.bn[(5)/2]&=(0xffffffffL
)):(buf.bn[(5)/2]=0)); (((14) - 7)>=0)?(((6)&1)?(buf.bn
[(6)/2]|=(((14) - 7)&1)?(c_d[((14) - 7)/2]&(0xffffffff00000000L
)):(c_d[((14) - 7)/2]<<32)) :(buf.bn[(6)/2] =(((14) - 7
)&1)?(c_d[((14) - 7)/2]>>32):(c_d[((14) - 7)/2]&
(0xffffffffL)))):(((6)&1)?(buf.bn[(6)/2]&=(0xffffffffL
)):(buf.bn[(6)/2]=0)); };
614 /* truncate lower part to 224 bits too */
615 r_d[BN_NIST_224_TOP(224+64 -1)/64 - 1] &= BN_MASK2l(0xffffffffL);
616#else
617 nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP(224+64 -1)/64,
618 top - BN_NIST_224_TOP(224+64 -1)/64, BN_NIST_224_TOP(224+64 -1)/64);
619#endif
620
621#if defined(NIST_INT64long) && BN_BITS264!=64
622 {
623 NIST_INT64long acc; /* accumulator */
624 unsigned int *rp = (unsigned int *)r_d;
625 const unsigned int *bp = (const unsigned int *)buf.ui;
626
627 acc = rp[0];
628 acc -= bp[7 - 7];
629 acc -= bp[11 - 7];
630 rp[0] = (unsigned int)acc;
631 acc >>= 32;
632
633 acc += rp[1];
634 acc -= bp[8 - 7];
635 acc -= bp[12 - 7];
636 rp[1] = (unsigned int)acc;
637 acc >>= 32;
638
639 acc += rp[2];
640 acc -= bp[9 - 7];
641 acc -= bp[13 - 7];
642 rp[2] = (unsigned int)acc;
643 acc >>= 32;
644
645 acc += rp[3];
646 acc += bp[7 - 7];
647 acc += bp[11 - 7];
648 acc -= bp[10 - 7];
649 rp[3] = (unsigned int)acc;
650 acc >>= 32;
651
652 acc += rp[4];
653 acc += bp[8 - 7];
654 acc += bp[12 - 7];
655 acc -= bp[11 - 7];
656 rp[4] = (unsigned int)acc;
657 acc >>= 32;
658
659 acc += rp[5];
660 acc += bp[9 - 7];
661 acc += bp[13 - 7];
662 acc -= bp[12 - 7];
663 rp[5] = (unsigned int)acc;
664 acc >>= 32;
665
666 acc += rp[6];
667 acc += bp[10 - 7];
668 acc -= bp[13 - 7];
669 rp[6] = (unsigned int)acc;
670
671 carry = (int)(acc >> 32);
672# if BN_BITS264==64
673 rp[7] = carry;
674# endif
675 }
676#else
677 {
678 BN_ULONGunsigned long t_d[BN_NIST_224_TOP(224+64 -1)/64] = {0};
679
680 nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0){ (((0) - 7)>=0)?(((0)&1)?(t_d[(0)/2]|=(((0) - 7)&
1)?(buf.bn[((0) - 7)/2]&(0xffffffff00000000L)):(buf.bn[((
0) - 7)/2]<<32)) :(t_d[(0)/2] =(((0) - 7)&1)?(buf.bn
[((0) - 7)/2]>>32):(buf.bn[((0) - 7)/2]&(0xffffffffL
)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL)):(t_d[(0)/2]
=0)); (((0) - 7)>=0)?(((1)&1)?(t_d[(1)/2]|=(((0) - 7)&
1)?(buf.bn[((0) - 7)/2]&(0xffffffff00000000L)):(buf.bn[((
0) - 7)/2]<<32)) :(t_d[(1)/2] =(((0) - 7)&1)?(buf.bn
[((0) - 7)/2]>>32):(buf.bn[((0) - 7)/2]&(0xffffffffL
)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL)):(t_d[(1)/2]
=0)); (((0) - 7)>=0)?(((2)&1)?(t_d[(2)/2]|=(((0) - 7)&
1)?(buf.bn[((0) - 7)/2]&(0xffffffff00000000L)):(buf.bn[((
0) - 7)/2]<<32)) :(t_d[(2)/2] =(((0) - 7)&1)?(buf.bn
[((0) - 7)/2]>>32):(buf.bn[((0) - 7)/2]&(0xffffffffL
)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL)):(t_d[(2)/2]
=0)); (((7) - 7)>=0)?(((3)&1)?(t_d[(3)/2]|=(((7) - 7)&
1)?(buf.bn[((7) - 7)/2]&(0xffffffff00000000L)):(buf.bn[((
7) - 7)/2]<<32)) :(t_d[(3)/2] =(((7) - 7)&1)?(buf.bn
[((7) - 7)/2]>>32):(buf.bn[((7) - 7)/2]&(0xffffffffL
)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL)):(t_d[(3)/2]
=0)); (((8) - 7)>=0)?(((4)&1)?(t_d[(4)/2]|=(((8) - 7)&
1)?(buf.bn[((8) - 7)/2]&(0xffffffff00000000L)):(buf.bn[((
8) - 7)/2]<<32)) :(t_d[(4)/2] =(((8) - 7)&1)?(buf.bn
[((8) - 7)/2]>>32):(buf.bn[((8) - 7)/2]&(0xffffffffL
)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL)):(t_d[(4)/2]
=0)); (((9) - 7)>=0)?(((5)&1)?(t_d[(5)/2]|=(((9) - 7)&
1)?(buf.bn[((9) - 7)/2]&(0xffffffff00000000L)):(buf.bn[((
9) - 7)/2]<<32)) :(t_d[(5)/2] =(((9) - 7)&1)?(buf.bn
[((9) - 7)/2]>>32):(buf.bn[((9) - 7)/2]&(0xffffffffL
)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL)):(t_d[(5)/2]
=0)); (((10) - 7)>=0)?(((6)&1)?(t_d[(6)/2]|=(((10) - 7
)&1)?(buf.bn[((10) - 7)/2]&(0xffffffff00000000L)):(buf
.bn[((10) - 7)/2]<<32)) :(t_d[(6)/2] =(((10) - 7)&1
)?(buf.bn[((10) - 7)/2]>>32):(buf.bn[((10) - 7)/2]&
(0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL))
:(t_d[(6)/2]=0)); };
681 carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP(224+64 -1)/64);
682 nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0){ (((0) - 7)>=0)?(((0)&1)?(t_d[(0)/2]|=(((0) - 7)&
1)?(buf.bn[((0) - 7)/2]&(0xffffffff00000000L)):(buf.bn[((
0) - 7)/2]<<32)) :(t_d[(0)/2] =(((0) - 7)&1)?(buf.bn
[((0) - 7)/2]>>32):(buf.bn[((0) - 7)/2]&(0xffffffffL
)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL)):(t_d[(0)/2]
=0)); (((0) - 7)>=0)?(((1)&1)?(t_d[(1)/2]|=(((0) - 7)&
1)?(buf.bn[((0) - 7)/2]&(0xffffffff00000000L)):(buf.bn[((
0) - 7)/2]<<32)) :(t_d[(1)/2] =(((0) - 7)&1)?(buf.bn
[((0) - 7)/2]>>32):(buf.bn[((0) - 7)/2]&(0xffffffffL
)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL)):(t_d[(1)/2]
=0)); (((0) - 7)>=0)?(((2)&1)?(t_d[(2)/2]|=(((0) - 7)&
1)?(buf.bn[((0) - 7)/2]&(0xffffffff00000000L)):(buf.bn[((
0) - 7)/2]<<32)) :(t_d[(2)/2] =(((0) - 7)&1)?(buf.bn
[((0) - 7)/2]>>32):(buf.bn[((0) - 7)/2]&(0xffffffffL
)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL)):(t_d[(2)/2]
=0)); (((11) - 7)>=0)?(((3)&1)?(t_d[(3)/2]|=(((11) - 7
)&1)?(buf.bn[((11) - 7)/2]&(0xffffffff00000000L)):(buf
.bn[((11) - 7)/2]<<32)) :(t_d[(3)/2] =(((11) - 7)&1
)?(buf.bn[((11) - 7)/2]>>32):(buf.bn[((11) - 7)/2]&
(0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL))
:(t_d[(3)/2]=0)); (((12) - 7)>=0)?(((4)&1)?(t_d[(4)/2]
|=(((12) - 7)&1)?(buf.bn[((12) - 7)/2]&(0xffffffff00000000L
)):(buf.bn[((12) - 7)/2]<<32)) :(t_d[(4)/2] =(((12) - 7
)&1)?(buf.bn[((12) - 7)/2]>>32):(buf.bn[((12) - 7)/
2]&(0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL
)):(t_d[(4)/2]=0)); (((13) - 7)>=0)?(((5)&1)?(t_d[(5)/
2]|=(((13) - 7)&1)?(buf.bn[((13) - 7)/2]&(0xffffffff00000000L
)):(buf.bn[((13) - 7)/2]<<32)) :(t_d[(5)/2] =(((13) - 7
)&1)?(buf.bn[((13) - 7)/2]>>32):(buf.bn[((13) - 7)/
2]&(0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL
)):(t_d[(5)/2]=0)); (((0) - 7)>=0)?(((6)&1)?(t_d[(6)/2
]|=(((0) - 7)&1)?(buf.bn[((0) - 7)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 7)/2]<<32)) :(t_d[(6)/2] =(((0) - 7)&
1)?(buf.bn[((0) - 7)/2]>>32):(buf.bn[((0) - 7)/2]&(
0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL)):
(t_d[(6)/2]=0)); };
683 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP(224+64 -1)/64);
684 nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7){ (((7) - 7)>=0)?(((0)&1)?(t_d[(0)/2]|=(((7) - 7)&
1)?(buf.bn[((7) - 7)/2]&(0xffffffff00000000L)):(buf.bn[((
7) - 7)/2]<<32)) :(t_d[(0)/2] =(((7) - 7)&1)?(buf.bn
[((7) - 7)/2]>>32):(buf.bn[((7) - 7)/2]&(0xffffffffL
)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL)):(t_d[(0)/2]
=0)); (((8) - 7)>=0)?(((1)&1)?(t_d[(1)/2]|=(((8) - 7)&
1)?(buf.bn[((8) - 7)/2]&(0xffffffff00000000L)):(buf.bn[((
8) - 7)/2]<<32)) :(t_d[(1)/2] =(((8) - 7)&1)?(buf.bn
[((8) - 7)/2]>>32):(buf.bn[((8) - 7)/2]&(0xffffffffL
)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL)):(t_d[(1)/2]
=0)); (((9) - 7)>=0)?(((2)&1)?(t_d[(2)/2]|=(((9) - 7)&
1)?(buf.bn[((9) - 7)/2]&(0xffffffff00000000L)):(buf.bn[((
9) - 7)/2]<<32)) :(t_d[(2)/2] =(((9) - 7)&1)?(buf.bn
[((9) - 7)/2]>>32):(buf.bn[((9) - 7)/2]&(0xffffffffL
)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL)):(t_d[(2)/2]
=0)); (((10) - 7)>=0)?(((3)&1)?(t_d[(3)/2]|=(((10) - 7
)&1)?(buf.bn[((10) - 7)/2]&(0xffffffff00000000L)):(buf
.bn[((10) - 7)/2]<<32)) :(t_d[(3)/2] =(((10) - 7)&1
)?(buf.bn[((10) - 7)/2]>>32):(buf.bn[((10) - 7)/2]&
(0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL))
:(t_d[(3)/2]=0)); (((11) - 7)>=0)?(((4)&1)?(t_d[(4)/2]
|=(((11) - 7)&1)?(buf.bn[((11) - 7)/2]&(0xffffffff00000000L
)):(buf.bn[((11) - 7)/2]<<32)) :(t_d[(4)/2] =(((11) - 7
)&1)?(buf.bn[((11) - 7)/2]>>32):(buf.bn[((11) - 7)/
2]&(0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL
)):(t_d[(4)/2]=0)); (((12) - 7)>=0)?(((5)&1)?(t_d[(5)/
2]|=(((12) - 7)&1)?(buf.bn[((12) - 7)/2]&(0xffffffff00000000L
)):(buf.bn[((12) - 7)/2]<<32)) :(t_d[(5)/2] =(((12) - 7
)&1)?(buf.bn[((12) - 7)/2]>>32):(buf.bn[((12) - 7)/
2]&(0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL
)):(t_d[(5)/2]=0)); (((13) - 7)>=0)?(((6)&1)?(t_d[(6)/
2]|=(((13) - 7)&1)?(buf.bn[((13) - 7)/2]&(0xffffffff00000000L
)):(buf.bn[((13) - 7)/2]<<32)) :(t_d[(6)/2] =(((13) - 7
)&1)?(buf.bn[((13) - 7)/2]>>32):(buf.bn[((13) - 7)/
2]&(0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL
)):(t_d[(6)/2]=0)); };
685 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP(224+64 -1)/64);
686 nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11){ (((11) - 7)>=0)?(((0)&1)?(t_d[(0)/2]|=(((11) - 7)&
1)?(buf.bn[((11) - 7)/2]&(0xffffffff00000000L)):(buf.bn[(
(11) - 7)/2]<<32)) :(t_d[(0)/2] =(((11) - 7)&1)?(buf
.bn[((11) - 7)/2]>>32):(buf.bn[((11) - 7)/2]&(0xffffffffL
)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL)):(t_d[(0)/2]
=0)); (((12) - 7)>=0)?(((1)&1)?(t_d[(1)/2]|=(((12) - 7
)&1)?(buf.bn[((12) - 7)/2]&(0xffffffff00000000L)):(buf
.bn[((12) - 7)/2]<<32)) :(t_d[(1)/2] =(((12) - 7)&1
)?(buf.bn[((12) - 7)/2]>>32):(buf.bn[((12) - 7)/2]&
(0xffffffffL)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL))
:(t_d[(1)/2]=0)); (((13) - 7)>=0)?(((2)&1)?(t_d[(2)/2]
|=(((13) - 7)&1)?(buf.bn[((13) - 7)/2]&(0xffffffff00000000L
)):(buf.bn[((13) - 7)/2]<<32)) :(t_d[(2)/2] =(((13) - 7
)&1)?(buf.bn[((13) - 7)/2]>>32):(buf.bn[((13) - 7)/
2]&(0xffffffffL)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL
)):(t_d[(2)/2]=0)); (((0) - 7)>=0)?(((3)&1)?(t_d[(3)/2
]|=(((0) - 7)&1)?(buf.bn[((0) - 7)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 7)/2]<<32)) :(t_d[(3)/2] =(((0) - 7)&
1)?(buf.bn[((0) - 7)/2]>>32):(buf.bn[((0) - 7)/2]&(
0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL)):
(t_d[(3)/2]=0)); (((0) - 7)>=0)?(((4)&1)?(t_d[(4)/2]|=
(((0) - 7)&1)?(buf.bn[((0) - 7)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 7)/2]<<32)) :(t_d[(4)/2] =(((0) - 7)&
1)?(buf.bn[((0) - 7)/2]>>32):(buf.bn[((0) - 7)/2]&(
0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL)):
(t_d[(4)/2]=0)); (((0) - 7)>=0)?(((5)&1)?(t_d[(5)/2]|=
(((0) - 7)&1)?(buf.bn[((0) - 7)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 7)/2]<<32)) :(t_d[(5)/2] =(((0) - 7)&
1)?(buf.bn[((0) - 7)/2]>>32):(buf.bn[((0) - 7)/2]&(
0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL)):
(t_d[(5)/2]=0)); (((0) - 7)>=0)?(((6)&1)?(t_d[(6)/2]|=
(((0) - 7)&1)?(buf.bn[((0) - 7)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 7)/2]<<32)) :(t_d[(6)/2] =(((0) - 7)&
1)?(buf.bn[((0) - 7)/2]>>32):(buf.bn[((0) - 7)/2]&(
0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL)):
(t_d[(6)/2]=0)); };
687 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP(224+64 -1)/64);
688
689#if BN_BITS264==64
690 carry = (int)(r_d[BN_NIST_224_TOP(224+64 -1)/64 - 1] >> 32);
691#endif
692 }
693#endif
694 u.f = bn_sub_words;
695 if (carry > 0) {
696 carry = (int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1],
Value stored to 'carry' is never read
697 BN_NIST_224_TOP(224+64 -1)/64);
698#if BN_BITS264==64
699 carry = (int)(~(r_d[BN_NIST_224_TOP(224+64 -1)/64 - 1] >> 32)) & 1;
700#endif
701 } else if (carry < 0) {
702 /* it's a bit more complicated logic in this case.
703 * if bn_add_words yields no carry, then result
704 * has to be adjusted by unconditionally *adding*
705 * the modulus. but if it does, then result has
706 * to be compared to the modulus and conditionally
707 * adjusted by *subtracting* the latter. */
708 carry = (int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1],
709 BN_NIST_224_TOP(224+64 -1)/64);
710 mask = 0 - (uintptr_t)carry;
711 u.p = ((uintptr_t)bn_sub_words & mask) |
712 ((uintptr_t)bn_add_words & ~mask);
713 } else
714 carry = 1;
715
716 /* otherwise it's effectively same as in BN_nist_mod_192... */
717 mask = 0 - (uintptr_t)(*u.f)(c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP(224+64 -1)/64);
718 mask &= 0 - (uintptr_t)carry;
719 res = c_d;
720 res = (BN_ULONGunsigned long *)(((uintptr_t)res & ~mask) | ((uintptr_t)r_d & mask));
721 nist_cp_bn(r_d, res, BN_NIST_224_TOP(224+64 -1)/64);
722 r->top = BN_NIST_224_TOP(224+64 -1)/64;
723 bn_correct_top(r){ unsigned long *ftl; int tmp_top = (r)->top; if (tmp_top >
0) { for (ftl= &((r)->d[tmp_top-1]); tmp_top > 0; tmp_top
--) if (*(ftl--)) break; (r)->top = tmp_top; } ; };
724
725 return 1;
726}
727
728#define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8){ (((a8) - 8)>=0)?(((0)&1)?(to[(0)/2]|=(((a8) - 8)&
1)?(from[((a8) - 8)/2]&(0xffffffff00000000L)):(from[((a8)
- 8)/2]<<32)) :(to[(0)/2] =(((a8) - 8)&1)?(from[((
a8) - 8)/2]>>32):(from[((a8) - 8)/2]&(0xffffffffL))
)):(((0)&1)?(to[(0)/2]&=(0xffffffffL)):(to[(0)/2]=0))
; (((a7) - 8)>=0)?(((1)&1)?(to[(1)/2]|=(((a7) - 8)&
1)?(from[((a7) - 8)/2]&(0xffffffff00000000L)):(from[((a7)
- 8)/2]<<32)) :(to[(1)/2] =(((a7) - 8)&1)?(from[((
a7) - 8)/2]>>32):(from[((a7) - 8)/2]&(0xffffffffL))
)):(((1)&1)?(to[(1)/2]&=(0xffffffffL)):(to[(1)/2]=0))
; (((a6) - 8)>=0)?(((2)&1)?(to[(2)/2]|=(((a6) - 8)&
1)?(from[((a6) - 8)/2]&(0xffffffff00000000L)):(from[((a6)
- 8)/2]<<32)) :(to[(2)/2] =(((a6) - 8)&1)?(from[((
a6) - 8)/2]>>32):(from[((a6) - 8)/2]&(0xffffffffL))
)):(((2)&1)?(to[(2)/2]&=(0xffffffffL)):(to[(2)/2]=0))
; (((a5) - 8)>=0)?(((3)&1)?(to[(3)/2]|=(((a5) - 8)&
1)?(from[((a5) - 8)/2]&(0xffffffff00000000L)):(from[((a5)
- 8)/2]<<32)) :(to[(3)/2] =(((a5) - 8)&1)?(from[((
a5) - 8)/2]>>32):(from[((a5) - 8)/2]&(0xffffffffL))
)):(((3)&1)?(to[(3)/2]&=(0xffffffffL)):(to[(3)/2]=0))
; (((a4) - 8)>=0)?(((4)&1)?(to[(4)/2]|=(((a4) - 8)&
1)?(from[((a4) - 8)/2]&(0xffffffff00000000L)):(from[((a4)
- 8)/2]<<32)) :(to[(4)/2] =(((a4) - 8)&1)?(from[((
a4) - 8)/2]>>32):(from[((a4) - 8)/2]&(0xffffffffL))
)):(((4)&1)?(to[(4)/2]&=(0xffffffffL)):(to[(4)/2]=0))
; (((a3) - 8)>=0)?(((5)&1)?(to[(5)/2]|=(((a3) - 8)&
1)?(from[((a3) - 8)/2]&(0xffffffff00000000L)):(from[((a3)
- 8)/2]<<32)) :(to[(5)/2] =(((a3) - 8)&1)?(from[((
a3) - 8)/2]>>32):(from[((a3) - 8)/2]&(0xffffffffL))
)):(((5)&1)?(to[(5)/2]&=(0xffffffffL)):(to[(5)/2]=0))
; (((a2) - 8)>=0)?(((6)&1)?(to[(6)/2]|=(((a2) - 8)&
1)?(from[((a2) - 8)/2]&(0xffffffff00000000L)):(from[((a2)
- 8)/2]<<32)) :(to[(6)/2] =(((a2) - 8)&1)?(from[((
a2) - 8)/2]>>32):(from[((a2) - 8)/2]&(0xffffffffL))
)):(((6)&1)?(to[(6)/2]&=(0xffffffffL)):(to[(6)/2]=0))
; (((a1) - 8)>=0)?(((7)&1)?(to[(7)/2]|=(((a1) - 8)&
1)?(from[((a1) - 8)/2]&(0xffffffff00000000L)):(from[((a1)
- 8)/2]<<32)) :(to[(7)/2] =(((a1) - 8)&1)?(from[((
a1) - 8)/2]>>32):(from[((a1) - 8)/2]&(0xffffffffL))
)):(((7)&1)?(to[(7)/2]&=(0xffffffffL)):(to[(7)/2]=0))
; } \
729 { \
730 bn_cp_32(to, 0, from, (a8) - 8)(((a8) - 8)>=0)?(((0)&1)?(to[(0)/2]|=(((a8) - 8)&1
)?(from[((a8) - 8)/2]&(0xffffffff00000000L)):(from[((a8) -
8)/2]<<32)) :(to[(0)/2] =(((a8) - 8)&1)?(from[((a8
) - 8)/2]>>32):(from[((a8) - 8)/2]&(0xffffffffL))))
:(((0)&1)?(to[(0)/2]&=(0xffffffffL)):(to[(0)/2]=0)); \
731 bn_cp_32(to, 1, from, (a7) - 8)(((a7) - 8)>=0)?(((1)&1)?(to[(1)/2]|=(((a7) - 8)&1
)?(from[((a7) - 8)/2]&(0xffffffff00000000L)):(from[((a7) -
8)/2]<<32)) :(to[(1)/2] =(((a7) - 8)&1)?(from[((a7
) - 8)/2]>>32):(from[((a7) - 8)/2]&(0xffffffffL))))
:(((1)&1)?(to[(1)/2]&=(0xffffffffL)):(to[(1)/2]=0)); \
732 bn_cp_32(to, 2, from, (a6) - 8)(((a6) - 8)>=0)?(((2)&1)?(to[(2)/2]|=(((a6) - 8)&1
)?(from[((a6) - 8)/2]&(0xffffffff00000000L)):(from[((a6) -
8)/2]<<32)) :(to[(2)/2] =(((a6) - 8)&1)?(from[((a6
) - 8)/2]>>32):(from[((a6) - 8)/2]&(0xffffffffL))))
:(((2)&1)?(to[(2)/2]&=(0xffffffffL)):(to[(2)/2]=0)); \
733 bn_cp_32(to, 3, from, (a5) - 8)(((a5) - 8)>=0)?(((3)&1)?(to[(3)/2]|=(((a5) - 8)&1
)?(from[((a5) - 8)/2]&(0xffffffff00000000L)):(from[((a5) -
8)/2]<<32)) :(to[(3)/2] =(((a5) - 8)&1)?(from[((a5
) - 8)/2]>>32):(from[((a5) - 8)/2]&(0xffffffffL))))
:(((3)&1)?(to[(3)/2]&=(0xffffffffL)):(to[(3)/2]=0)); \
734 bn_cp_32(to, 4, from, (a4) - 8)(((a4) - 8)>=0)?(((4)&1)?(to[(4)/2]|=(((a4) - 8)&1
)?(from[((a4) - 8)/2]&(0xffffffff00000000L)):(from[((a4) -
8)/2]<<32)) :(to[(4)/2] =(((a4) - 8)&1)?(from[((a4
) - 8)/2]>>32):(from[((a4) - 8)/2]&(0xffffffffL))))
:(((4)&1)?(to[(4)/2]&=(0xffffffffL)):(to[(4)/2]=0)); \
735 bn_cp_32(to, 5, from, (a3) - 8)(((a3) - 8)>=0)?(((5)&1)?(to[(5)/2]|=(((a3) - 8)&1
)?(from[((a3) - 8)/2]&(0xffffffff00000000L)):(from[((a3) -
8)/2]<<32)) :(to[(5)/2] =(((a3) - 8)&1)?(from[((a3
) - 8)/2]>>32):(from[((a3) - 8)/2]&(0xffffffffL))))
:(((5)&1)?(to[(5)/2]&=(0xffffffffL)):(to[(5)/2]=0)); \
736 bn_cp_32(to, 6, from, (a2) - 8)(((a2) - 8)>=0)?(((6)&1)?(to[(6)/2]|=(((a2) - 8)&1
)?(from[((a2) - 8)/2]&(0xffffffff00000000L)):(from[((a2) -
8)/2]<<32)) :(to[(6)/2] =(((a2) - 8)&1)?(from[((a2
) - 8)/2]>>32):(from[((a2) - 8)/2]&(0xffffffffL))))
:(((6)&1)?(to[(6)/2]&=(0xffffffffL)):(to[(6)/2]=0)); \
737 bn_cp_32(to, 7, from, (a1) - 8)(((a1) - 8)>=0)?(((7)&1)?(to[(7)/2]|=(((a1) - 8)&1
)?(from[((a1) - 8)/2]&(0xffffffff00000000L)):(from[((a1) -
8)/2]<<32)) :(to[(7)/2] =(((a1) - 8)&1)?(from[((a1
) - 8)/2]>>32):(from[((a1) - 8)/2]&(0xffffffffL))))
:(((7)&1)?(to[(7)/2]&=(0xffffffffL)):(to[(7)/2]=0)); \
738 }
739
740int
741BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx)
742{
743 int i, top = a->top;
744 int carry = 0;
745 BN_ULONGunsigned long *a_d = a->d, *r_d;
746 union {
747 BN_ULONGunsigned long bn[BN_NIST_256_TOP(256+64 -1)/64];
748 unsigned int ui[BN_NIST_256_TOP(256+64 -1)/64 *
749 sizeof(BN_ULONGunsigned long) / sizeof(unsigned int)];
750 } buf;
751 BN_ULONGunsigned long c_d[BN_NIST_256_TOP(256+64 -1)/64] = {0}, *res;
752 uintptr_t mask;
753 union {
754 bn_addsub_f f;
755 uintptr_t p;
756 } u;
757 static const BIGNUM _bignum_nist_p_256_sqr = {
758 (BN_ULONGunsigned long *)_nist_p_256_sqr,
759 sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]),
760 sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]),
761 0,
762 BN_FLG_STATIC_DATA0x02
763 };
764
765 field = &_bignum_nist_p_256; /* just to make sure */
766
767 if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_256_sqr) >= 0)
768 return BN_nnmod(r, a, field, ctx);
769
770 i = BN_ucmp(field, a);
771 if (i == 0) {
772 BN_zero(r)(BN_set_word((r),0));
773 return 1;
774 } else if (i > 0)
775 return (r == a) ? 1 : (BN_copy(r, a) != NULL((void *)0));
776
777 if (r != a) {
778 if (!bn_wexpand(r, BN_NIST_256_TOP)((((256+64 -1)/64) <= (r)->dmax)?(r):bn_expand2((r),((256
+64 -1)/64))))
779 return 0;
780 r_d = r->d;
781 nist_cp_bn(r_d, a_d, BN_NIST_256_TOP(256+64 -1)/64);
782 } else
783 r_d = a_d;
784
785 nist_cp_bn_0(buf.bn, a_d + BN_NIST_256_TOP(256+64 -1)/64,
786 top - BN_NIST_256_TOP(256+64 -1)/64, BN_NIST_256_TOP(256+64 -1)/64);
787
788#if defined(NIST_INT64long)
789 {
790 NIST_INT64long acc; /* accumulator */
791 unsigned int *rp = (unsigned int *)r_d;
792 const unsigned int *bp = (const unsigned int *)buf.ui;
793
794 acc = rp[0];
795 acc += bp[8 - 8];
796 acc += bp[9 - 8];
797 acc -= bp[11 - 8];
798 acc -= bp[12 - 8];
799 acc -= bp[13 - 8];
800 acc -= bp[14 - 8];
801 rp[0] = (unsigned int)acc;
802 acc >>= 32;
803
804 acc += rp[1];
805 acc += bp[9 - 8];
806 acc += bp[10 - 8];
807 acc -= bp[12 - 8];
808 acc -= bp[13 - 8];
809 acc -= bp[14 - 8];
810 acc -= bp[15 - 8];
811 rp[1] = (unsigned int)acc;
812 acc >>= 32;
813
814 acc += rp[2];
815 acc += bp[10 - 8];
816 acc += bp[11 - 8];
817 acc -= bp[13 - 8];
818 acc -= bp[14 - 8];
819 acc -= bp[15 - 8];
820 rp[2] = (unsigned int)acc;
821 acc >>= 32;
822
823 acc += rp[3];
824 acc += bp[11 - 8];
825 acc += bp[11 - 8];
826 acc += bp[12 - 8];
827 acc += bp[12 - 8];
828 acc += bp[13 - 8];
829 acc -= bp[15 - 8];
830 acc -= bp[8 - 8];
831 acc -= bp[9 - 8];
832 rp[3] = (unsigned int)acc;
833 acc >>= 32;
834
835 acc += rp[4];
836 acc += bp[12 - 8];
837 acc += bp[12 - 8];
838 acc += bp[13 - 8];
839 acc += bp[13 - 8];
840 acc += bp[14 - 8];
841 acc -= bp[9 - 8];
842 acc -= bp[10 - 8];
843 rp[4] = (unsigned int)acc;
844 acc >>= 32;
845
846 acc += rp[5];
847 acc += bp[13 - 8];
848 acc += bp[13 - 8];
849 acc += bp[14 - 8];
850 acc += bp[14 - 8];
851 acc += bp[15 - 8];
852 acc -= bp[10 - 8];
853 acc -= bp[11 - 8];
854 rp[5] = (unsigned int)acc;
855 acc >>= 32;
856
857 acc += rp[6];
858 acc += bp[14 - 8];
859 acc += bp[14 - 8];
860 acc += bp[15 - 8];
861 acc += bp[15 - 8];
862 acc += bp[14 - 8];
863 acc += bp[13 - 8];
864 acc -= bp[8 - 8];
865 acc -= bp[9 - 8];
866 rp[6] = (unsigned int)acc;
867 acc >>= 32;
868
869 acc += rp[7];
870 acc += bp[15 - 8];
871 acc += bp[15 - 8];
872 acc += bp[15 - 8];
873 acc += bp[8 - 8];
874 acc -= bp[10 - 8];
875 acc -= bp[11 - 8];
876 acc -= bp[12 - 8];
877 acc -= bp[13 - 8];
878 rp[7] = (unsigned int)acc;
879
880 carry = (int)(acc >> 32);
881 }
882#else
883 {
884 BN_ULONGunsigned long t_d[BN_NIST_256_TOP(256+64 -1)/64] = {0};
885
886 /*S1*/
887 nist_set_256(t_d, buf.bn, 15, 14, 13, 12, 11, 0, 0, 0){ (((0) - 8)>=0)?(((0)&1)?(t_d[(0)/2]|=(((0) - 8)&
1)?(buf.bn[((0) - 8)/2]&(0xffffffff00000000L)):(buf.bn[((
0) - 8)/2]<<32)) :(t_d[(0)/2] =(((0) - 8)&1)?(buf.bn
[((0) - 8)/2]>>32):(buf.bn[((0) - 8)/2]&(0xffffffffL
)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL)):(t_d[(0)/2]
=0)); (((0) - 8)>=0)?(((1)&1)?(t_d[(1)/2]|=(((0) - 8)&
1)?(buf.bn[((0) - 8)/2]&(0xffffffff00000000L)):(buf.bn[((
0) - 8)/2]<<32)) :(t_d[(1)/2] =(((0) - 8)&1)?(buf.bn
[((0) - 8)/2]>>32):(buf.bn[((0) - 8)/2]&(0xffffffffL
)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL)):(t_d[(1)/2]
=0)); (((0) - 8)>=0)?(((2)&1)?(t_d[(2)/2]|=(((0) - 8)&
1)?(buf.bn[((0) - 8)/2]&(0xffffffff00000000L)):(buf.bn[((
0) - 8)/2]<<32)) :(t_d[(2)/2] =(((0) - 8)&1)?(buf.bn
[((0) - 8)/2]>>32):(buf.bn[((0) - 8)/2]&(0xffffffffL
)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL)):(t_d[(2)/2]
=0)); (((11) - 8)>=0)?(((3)&1)?(t_d[(3)/2]|=(((11) - 8
)&1)?(buf.bn[((11) - 8)/2]&(0xffffffff00000000L)):(buf
.bn[((11) - 8)/2]<<32)) :(t_d[(3)/2] =(((11) - 8)&1
)?(buf.bn[((11) - 8)/2]>>32):(buf.bn[((11) - 8)/2]&
(0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL))
:(t_d[(3)/2]=0)); (((12) - 8)>=0)?(((4)&1)?(t_d[(4)/2]
|=(((12) - 8)&1)?(buf.bn[((12) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((12) - 8)/2]<<32)) :(t_d[(4)/2] =(((12) - 8
)&1)?(buf.bn[((12) - 8)/2]>>32):(buf.bn[((12) - 8)/
2]&(0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL
)):(t_d[(4)/2]=0)); (((13) - 8)>=0)?(((5)&1)?(t_d[(5)/
2]|=(((13) - 8)&1)?(buf.bn[((13) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((13) - 8)/2]<<32)) :(t_d[(5)/2] =(((13) - 8
)&1)?(buf.bn[((13) - 8)/2]>>32):(buf.bn[((13) - 8)/
2]&(0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL
)):(t_d[(5)/2]=0)); (((14) - 8)>=0)?(((6)&1)?(t_d[(6)/
2]|=(((14) - 8)&1)?(buf.bn[((14) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((14) - 8)/2]<<32)) :(t_d[(6)/2] =(((14) - 8
)&1)?(buf.bn[((14) - 8)/2]>>32):(buf.bn[((14) - 8)/
2]&(0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL
)):(t_d[(6)/2]=0)); (((15) - 8)>=0)?(((7)&1)?(t_d[(7)/
2]|=(((15) - 8)&1)?(buf.bn[((15) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((15) - 8)/2]<<32)) :(t_d[(7)/2] =(((15) - 8
)&1)?(buf.bn[((15) - 8)/2]>>32):(buf.bn[((15) - 8)/
2]&(0xffffffffL)))):(((7)&1)?(t_d[(7)/2]&=(0xffffffffL
)):(t_d[(7)/2]=0)); };
888 /*S2*/
889 nist_set_256(c_d, buf.bn, 0, 15, 14, 13, 12, 0, 0, 0){ (((0) - 8)>=0)?(((0)&1)?(c_d[(0)/2]|=(((0) - 8)&
1)?(buf.bn[((0) - 8)/2]&(0xffffffff00000000L)):(buf.bn[((
0) - 8)/2]<<32)) :(c_d[(0)/2] =(((0) - 8)&1)?(buf.bn
[((0) - 8)/2]>>32):(buf.bn[((0) - 8)/2]&(0xffffffffL
)))):(((0)&1)?(c_d[(0)/2]&=(0xffffffffL)):(c_d[(0)/2]
=0)); (((0) - 8)>=0)?(((1)&1)?(c_d[(1)/2]|=(((0) - 8)&
1)?(buf.bn[((0) - 8)/2]&(0xffffffff00000000L)):(buf.bn[((
0) - 8)/2]<<32)) :(c_d[(1)/2] =(((0) - 8)&1)?(buf.bn
[((0) - 8)/2]>>32):(buf.bn[((0) - 8)/2]&(0xffffffffL
)))):(((1)&1)?(c_d[(1)/2]&=(0xffffffffL)):(c_d[(1)/2]
=0)); (((0) - 8)>=0)?(((2)&1)?(c_d[(2)/2]|=(((0) - 8)&
1)?(buf.bn[((0) - 8)/2]&(0xffffffff00000000L)):(buf.bn[((
0) - 8)/2]<<32)) :(c_d[(2)/2] =(((0) - 8)&1)?(buf.bn
[((0) - 8)/2]>>32):(buf.bn[((0) - 8)/2]&(0xffffffffL
)))):(((2)&1)?(c_d[(2)/2]&=(0xffffffffL)):(c_d[(2)/2]
=0)); (((12) - 8)>=0)?(((3)&1)?(c_d[(3)/2]|=(((12) - 8
)&1)?(buf.bn[((12) - 8)/2]&(0xffffffff00000000L)):(buf
.bn[((12) - 8)/2]<<32)) :(c_d[(3)/2] =(((12) - 8)&1
)?(buf.bn[((12) - 8)/2]>>32):(buf.bn[((12) - 8)/2]&
(0xffffffffL)))):(((3)&1)?(c_d[(3)/2]&=(0xffffffffL))
:(c_d[(3)/2]=0)); (((13) - 8)>=0)?(((4)&1)?(c_d[(4)/2]
|=(((13) - 8)&1)?(buf.bn[((13) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((13) - 8)/2]<<32)) :(c_d[(4)/2] =(((13) - 8
)&1)?(buf.bn[((13) - 8)/2]>>32):(buf.bn[((13) - 8)/
2]&(0xffffffffL)))):(((4)&1)?(c_d[(4)/2]&=(0xffffffffL
)):(c_d[(4)/2]=0)); (((14) - 8)>=0)?(((5)&1)?(c_d[(5)/
2]|=(((14) - 8)&1)?(buf.bn[((14) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((14) - 8)/2]<<32)) :(c_d[(5)/2] =(((14) - 8
)&1)?(buf.bn[((14) - 8)/2]>>32):(buf.bn[((14) - 8)/
2]&(0xffffffffL)))):(((5)&1)?(c_d[(5)/2]&=(0xffffffffL
)):(c_d[(5)/2]=0)); (((15) - 8)>=0)?(((6)&1)?(c_d[(6)/
2]|=(((15) - 8)&1)?(buf.bn[((15) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((15) - 8)/2]<<32)) :(c_d[(6)/2] =(((15) - 8
)&1)?(buf.bn[((15) - 8)/2]>>32):(buf.bn[((15) - 8)/
2]&(0xffffffffL)))):(((6)&1)?(c_d[(6)/2]&=(0xffffffffL
)):(c_d[(6)/2]=0)); (((0) - 8)>=0)?(((7)&1)?(c_d[(7)/2
]|=(((0) - 8)&1)?(buf.bn[((0) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 8)/2]<<32)) :(c_d[(7)/2] =(((0) - 8)&
1)?(buf.bn[((0) - 8)/2]>>32):(buf.bn[((0) - 8)/2]&(
0xffffffffL)))):(((7)&1)?(c_d[(7)/2]&=(0xffffffffL)):
(c_d[(7)/2]=0)); };
890 carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP(256+64 -1)/64);
891 /* left shift */
892 {
893 BN_ULONGunsigned long *ap, t, c;
894 ap = t_d;
895 c = 0;
896 for (i = BN_NIST_256_TOP(256+64 -1)/64; i != 0; --i) {
897 t = *ap;
898 *(ap++) = ((t << 1) | c) & BN_MASK2(0xffffffffffffffffL);
899 c = (t & BN_TBIT(0x8000000000000000L)) ? 1 : 0;
900 }
901 carry <<= 1;
902 carry |= c;
903 }
904 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP(256+64 -1)/64);
905 /*S3*/
906 nist_set_256(t_d, buf.bn, 15, 14, 0, 0, 0, 10, 9, 8){ (((8) - 8)>=0)?(((0)&1)?(t_d[(0)/2]|=(((8) - 8)&
1)?(buf.bn[((8) - 8)/2]&(0xffffffff00000000L)):(buf.bn[((
8) - 8)/2]<<32)) :(t_d[(0)/2] =(((8) - 8)&1)?(buf.bn
[((8) - 8)/2]>>32):(buf.bn[((8) - 8)/2]&(0xffffffffL
)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL)):(t_d[(0)/2]
=0)); (((9) - 8)>=0)?(((1)&1)?(t_d[(1)/2]|=(((9) - 8)&
1)?(buf.bn[((9) - 8)/2]&(0xffffffff00000000L)):(buf.bn[((
9) - 8)/2]<<32)) :(t_d[(1)/2] =(((9) - 8)&1)?(buf.bn
[((9) - 8)/2]>>32):(buf.bn[((9) - 8)/2]&(0xffffffffL
)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL)):(t_d[(1)/2]
=0)); (((10) - 8)>=0)?(((2)&1)?(t_d[(2)/2]|=(((10) - 8
)&1)?(buf.bn[((10) - 8)/2]&(0xffffffff00000000L)):(buf
.bn[((10) - 8)/2]<<32)) :(t_d[(2)/2] =(((10) - 8)&1
)?(buf.bn[((10) - 8)/2]>>32):(buf.bn[((10) - 8)/2]&
(0xffffffffL)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL))
:(t_d[(2)/2]=0)); (((0) - 8)>=0)?(((3)&1)?(t_d[(3)/2]|=
(((0) - 8)&1)?(buf.bn[((0) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 8)/2]<<32)) :(t_d[(3)/2] =(((0) - 8)&
1)?(buf.bn[((0) - 8)/2]>>32):(buf.bn[((0) - 8)/2]&(
0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL)):
(t_d[(3)/2]=0)); (((0) - 8)>=0)?(((4)&1)?(t_d[(4)/2]|=
(((0) - 8)&1)?(buf.bn[((0) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 8)/2]<<32)) :(t_d[(4)/2] =(((0) - 8)&
1)?(buf.bn[((0) - 8)/2]>>32):(buf.bn[((0) - 8)/2]&(
0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL)):
(t_d[(4)/2]=0)); (((0) - 8)>=0)?(((5)&1)?(t_d[(5)/2]|=
(((0) - 8)&1)?(buf.bn[((0) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 8)/2]<<32)) :(t_d[(5)/2] =(((0) - 8)&
1)?(buf.bn[((0) - 8)/2]>>32):(buf.bn[((0) - 8)/2]&(
0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL)):
(t_d[(5)/2]=0)); (((14) - 8)>=0)?(((6)&1)?(t_d[(6)/2]|=
(((14) - 8)&1)?(buf.bn[((14) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((14) - 8)/2]<<32)) :(t_d[(6)/2] =(((14) - 8
)&1)?(buf.bn[((14) - 8)/2]>>32):(buf.bn[((14) - 8)/
2]&(0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL
)):(t_d[(6)/2]=0)); (((15) - 8)>=0)?(((7)&1)?(t_d[(7)/
2]|=(((15) - 8)&1)?(buf.bn[((15) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((15) - 8)/2]<<32)) :(t_d[(7)/2] =(((15) - 8
)&1)?(buf.bn[((15) - 8)/2]>>32):(buf.bn[((15) - 8)/
2]&(0xffffffffL)))):(((7)&1)?(t_d[(7)/2]&=(0xffffffffL
)):(t_d[(7)/2]=0)); };
907 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP(256+64 -1)/64);
908 /*S4*/
909 nist_set_256(t_d, buf.bn, 8, 13, 15, 14, 13, 11, 10, 9){ (((9) - 8)>=0)?(((0)&1)?(t_d[(0)/2]|=(((9) - 8)&
1)?(buf.bn[((9) - 8)/2]&(0xffffffff00000000L)):(buf.bn[((
9) - 8)/2]<<32)) :(t_d[(0)/2] =(((9) - 8)&1)?(buf.bn
[((9) - 8)/2]>>32):(buf.bn[((9) - 8)/2]&(0xffffffffL
)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL)):(t_d[(0)/2]
=0)); (((10) - 8)>=0)?(((1)&1)?(t_d[(1)/2]|=(((10) - 8
)&1)?(buf.bn[((10) - 8)/2]&(0xffffffff00000000L)):(buf
.bn[((10) - 8)/2]<<32)) :(t_d[(1)/2] =(((10) - 8)&1
)?(buf.bn[((10) - 8)/2]>>32):(buf.bn[((10) - 8)/2]&
(0xffffffffL)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL))
:(t_d[(1)/2]=0)); (((11) - 8)>=0)?(((2)&1)?(t_d[(2)/2]
|=(((11) - 8)&1)?(buf.bn[((11) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((11) - 8)/2]<<32)) :(t_d[(2)/2] =(((11) - 8
)&1)?(buf.bn[((11) - 8)/2]>>32):(buf.bn[((11) - 8)/
2]&(0xffffffffL)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL
)):(t_d[(2)/2]=0)); (((13) - 8)>=0)?(((3)&1)?(t_d[(3)/
2]|=(((13) - 8)&1)?(buf.bn[((13) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((13) - 8)/2]<<32)) :(t_d[(3)/2] =(((13) - 8
)&1)?(buf.bn[((13) - 8)/2]>>32):(buf.bn[((13) - 8)/
2]&(0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL
)):(t_d[(3)/2]=0)); (((14) - 8)>=0)?(((4)&1)?(t_d[(4)/
2]|=(((14) - 8)&1)?(buf.bn[((14) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((14) - 8)/2]<<32)) :(t_d[(4)/2] =(((14) - 8
)&1)?(buf.bn[((14) - 8)/2]>>32):(buf.bn[((14) - 8)/
2]&(0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL
)):(t_d[(4)/2]=0)); (((15) - 8)>=0)?(((5)&1)?(t_d[(5)/
2]|=(((15) - 8)&1)?(buf.bn[((15) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((15) - 8)/2]<<32)) :(t_d[(5)/2] =(((15) - 8
)&1)?(buf.bn[((15) - 8)/2]>>32):(buf.bn[((15) - 8)/
2]&(0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL
)):(t_d[(5)/2]=0)); (((13) - 8)>=0)?(((6)&1)?(t_d[(6)/
2]|=(((13) - 8)&1)?(buf.bn[((13) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((13) - 8)/2]<<32)) :(t_d[(6)/2] =(((13) - 8
)&1)?(buf.bn[((13) - 8)/2]>>32):(buf.bn[((13) - 8)/
2]&(0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL
)):(t_d[(6)/2]=0)); (((8) - 8)>=0)?(((7)&1)?(t_d[(7)/2
]|=(((8) - 8)&1)?(buf.bn[((8) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((8) - 8)/2]<<32)) :(t_d[(7)/2] =(((8) - 8)&
1)?(buf.bn[((8) - 8)/2]>>32):(buf.bn[((8) - 8)/2]&(
0xffffffffL)))):(((7)&1)?(t_d[(7)/2]&=(0xffffffffL)):
(t_d[(7)/2]=0)); };
910 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP(256+64 -1)/64);
911 /*D1*/
912 nist_set_256(t_d, buf.bn, 10, 8, 0, 0, 0, 13, 12, 11){ (((11) - 8)>=0)?(((0)&1)?(t_d[(0)/2]|=(((11) - 8)&
1)?(buf.bn[((11) - 8)/2]&(0xffffffff00000000L)):(buf.bn[(
(11) - 8)/2]<<32)) :(t_d[(0)/2] =(((11) - 8)&1)?(buf
.bn[((11) - 8)/2]>>32):(buf.bn[((11) - 8)/2]&(0xffffffffL
)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL)):(t_d[(0)/2]
=0)); (((12) - 8)>=0)?(((1)&1)?(t_d[(1)/2]|=(((12) - 8
)&1)?(buf.bn[((12) - 8)/2]&(0xffffffff00000000L)):(buf
.bn[((12) - 8)/2]<<32)) :(t_d[(1)/2] =(((12) - 8)&1
)?(buf.bn[((12) - 8)/2]>>32):(buf.bn[((12) - 8)/2]&
(0xffffffffL)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL))
:(t_d[(1)/2]=0)); (((13) - 8)>=0)?(((2)&1)?(t_d[(2)/2]
|=(((13) - 8)&1)?(buf.bn[((13) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((13) - 8)/2]<<32)) :(t_d[(2)/2] =(((13) - 8
)&1)?(buf.bn[((13) - 8)/2]>>32):(buf.bn[((13) - 8)/
2]&(0xffffffffL)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL
)):(t_d[(2)/2]=0)); (((0) - 8)>=0)?(((3)&1)?(t_d[(3)/2
]|=(((0) - 8)&1)?(buf.bn[((0) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 8)/2]<<32)) :(t_d[(3)/2] =(((0) - 8)&
1)?(buf.bn[((0) - 8)/2]>>32):(buf.bn[((0) - 8)/2]&(
0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL)):
(t_d[(3)/2]=0)); (((0) - 8)>=0)?(((4)&1)?(t_d[(4)/2]|=
(((0) - 8)&1)?(buf.bn[((0) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 8)/2]<<32)) :(t_d[(4)/2] =(((0) - 8)&
1)?(buf.bn[((0) - 8)/2]>>32):(buf.bn[((0) - 8)/2]&(
0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL)):
(t_d[(4)/2]=0)); (((0) - 8)>=0)?(((5)&1)?(t_d[(5)/2]|=
(((0) - 8)&1)?(buf.bn[((0) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 8)/2]<<32)) :(t_d[(5)/2] =(((0) - 8)&
1)?(buf.bn[((0) - 8)/2]>>32):(buf.bn[((0) - 8)/2]&(
0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL)):
(t_d[(5)/2]=0)); (((8) - 8)>=0)?(((6)&1)?(t_d[(6)/2]|=
(((8) - 8)&1)?(buf.bn[((8) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((8) - 8)/2]<<32)) :(t_d[(6)/2] =(((8) - 8)&
1)?(buf.bn[((8) - 8)/2]>>32):(buf.bn[((8) - 8)/2]&(
0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL)):
(t_d[(6)/2]=0)); (((10) - 8)>=0)?(((7)&1)?(t_d[(7)/2]|=
(((10) - 8)&1)?(buf.bn[((10) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((10) - 8)/2]<<32)) :(t_d[(7)/2] =(((10) - 8
)&1)?(buf.bn[((10) - 8)/2]>>32):(buf.bn[((10) - 8)/
2]&(0xffffffffL)))):(((7)&1)?(t_d[(7)/2]&=(0xffffffffL
)):(t_d[(7)/2]=0)); };
913 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP(256+64 -1)/64);
914 /*D2*/
915 nist_set_256(t_d, buf.bn, 11, 9, 0, 0, 15, 14, 13, 12){ (((12) - 8)>=0)?(((0)&1)?(t_d[(0)/2]|=(((12) - 8)&
1)?(buf.bn[((12) - 8)/2]&(0xffffffff00000000L)):(buf.bn[(
(12) - 8)/2]<<32)) :(t_d[(0)/2] =(((12) - 8)&1)?(buf
.bn[((12) - 8)/2]>>32):(buf.bn[((12) - 8)/2]&(0xffffffffL
)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL)):(t_d[(0)/2]
=0)); (((13) - 8)>=0)?(((1)&1)?(t_d[(1)/2]|=(((13) - 8
)&1)?(buf.bn[((13) - 8)/2]&(0xffffffff00000000L)):(buf
.bn[((13) - 8)/2]<<32)) :(t_d[(1)/2] =(((13) - 8)&1
)?(buf.bn[((13) - 8)/2]>>32):(buf.bn[((13) - 8)/2]&
(0xffffffffL)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL))
:(t_d[(1)/2]=0)); (((14) - 8)>=0)?(((2)&1)?(t_d[(2)/2]
|=(((14) - 8)&1)?(buf.bn[((14) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((14) - 8)/2]<<32)) :(t_d[(2)/2] =(((14) - 8
)&1)?(buf.bn[((14) - 8)/2]>>32):(buf.bn[((14) - 8)/
2]&(0xffffffffL)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL
)):(t_d[(2)/2]=0)); (((15) - 8)>=0)?(((3)&1)?(t_d[(3)/
2]|=(((15) - 8)&1)?(buf.bn[((15) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((15) - 8)/2]<<32)) :(t_d[(3)/2] =(((15) - 8
)&1)?(buf.bn[((15) - 8)/2]>>32):(buf.bn[((15) - 8)/
2]&(0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL
)):(t_d[(3)/2]=0)); (((0) - 8)>=0)?(((4)&1)?(t_d[(4)/2
]|=(((0) - 8)&1)?(buf.bn[((0) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 8)/2]<<32)) :(t_d[(4)/2] =(((0) - 8)&
1)?(buf.bn[((0) - 8)/2]>>32):(buf.bn[((0) - 8)/2]&(
0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL)):
(t_d[(4)/2]=0)); (((0) - 8)>=0)?(((5)&1)?(t_d[(5)/2]|=
(((0) - 8)&1)?(buf.bn[((0) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 8)/2]<<32)) :(t_d[(5)/2] =(((0) - 8)&
1)?(buf.bn[((0) - 8)/2]>>32):(buf.bn[((0) - 8)/2]&(
0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL)):
(t_d[(5)/2]=0)); (((9) - 8)>=0)?(((6)&1)?(t_d[(6)/2]|=
(((9) - 8)&1)?(buf.bn[((9) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((9) - 8)/2]<<32)) :(t_d[(6)/2] =(((9) - 8)&
1)?(buf.bn[((9) - 8)/2]>>32):(buf.bn[((9) - 8)/2]&(
0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL)):
(t_d[(6)/2]=0)); (((11) - 8)>=0)?(((7)&1)?(t_d[(7)/2]|=
(((11) - 8)&1)?(buf.bn[((11) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((11) - 8)/2]<<32)) :(t_d[(7)/2] =(((11) - 8
)&1)?(buf.bn[((11) - 8)/2]>>32):(buf.bn[((11) - 8)/
2]&(0xffffffffL)))):(((7)&1)?(t_d[(7)/2]&=(0xffffffffL
)):(t_d[(7)/2]=0)); };
916 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP(256+64 -1)/64);
917 /*D3*/
918 nist_set_256(t_d, buf.bn, 12, 0, 10, 9, 8, 15, 14, 13){ (((13) - 8)>=0)?(((0)&1)?(t_d[(0)/2]|=(((13) - 8)&
1)?(buf.bn[((13) - 8)/2]&(0xffffffff00000000L)):(buf.bn[(
(13) - 8)/2]<<32)) :(t_d[(0)/2] =(((13) - 8)&1)?(buf
.bn[((13) - 8)/2]>>32):(buf.bn[((13) - 8)/2]&(0xffffffffL
)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL)):(t_d[(0)/2]
=0)); (((14) - 8)>=0)?(((1)&1)?(t_d[(1)/2]|=(((14) - 8
)&1)?(buf.bn[((14) - 8)/2]&(0xffffffff00000000L)):(buf
.bn[((14) - 8)/2]<<32)) :(t_d[(1)/2] =(((14) - 8)&1
)?(buf.bn[((14) - 8)/2]>>32):(buf.bn[((14) - 8)/2]&
(0xffffffffL)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL))
:(t_d[(1)/2]=0)); (((15) - 8)>=0)?(((2)&1)?(t_d[(2)/2]
|=(((15) - 8)&1)?(buf.bn[((15) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((15) - 8)/2]<<32)) :(t_d[(2)/2] =(((15) - 8
)&1)?(buf.bn[((15) - 8)/2]>>32):(buf.bn[((15) - 8)/
2]&(0xffffffffL)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL
)):(t_d[(2)/2]=0)); (((8) - 8)>=0)?(((3)&1)?(t_d[(3)/2
]|=(((8) - 8)&1)?(buf.bn[((8) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((8) - 8)/2]<<32)) :(t_d[(3)/2] =(((8) - 8)&
1)?(buf.bn[((8) - 8)/2]>>32):(buf.bn[((8) - 8)/2]&(
0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL)):
(t_d[(3)/2]=0)); (((9) - 8)>=0)?(((4)&1)?(t_d[(4)/2]|=
(((9) - 8)&1)?(buf.bn[((9) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((9) - 8)/2]<<32)) :(t_d[(4)/2] =(((9) - 8)&
1)?(buf.bn[((9) - 8)/2]>>32):(buf.bn[((9) - 8)/2]&(
0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL)):
(t_d[(4)/2]=0)); (((10) - 8)>=0)?(((5)&1)?(t_d[(5)/2]|=
(((10) - 8)&1)?(buf.bn[((10) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((10) - 8)/2]<<32)) :(t_d[(5)/2] =(((10) - 8
)&1)?(buf.bn[((10) - 8)/2]>>32):(buf.bn[((10) - 8)/
2]&(0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL
)):(t_d[(5)/2]=0)); (((0) - 8)>=0)?(((6)&1)?(t_d[(6)/2
]|=(((0) - 8)&1)?(buf.bn[((0) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 8)/2]<<32)) :(t_d[(6)/2] =(((0) - 8)&
1)?(buf.bn[((0) - 8)/2]>>32):(buf.bn[((0) - 8)/2]&(
0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL)):
(t_d[(6)/2]=0)); (((12) - 8)>=0)?(((7)&1)?(t_d[(7)/2]|=
(((12) - 8)&1)?(buf.bn[((12) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((12) - 8)/2]<<32)) :(t_d[(7)/2] =(((12) - 8
)&1)?(buf.bn[((12) - 8)/2]>>32):(buf.bn[((12) - 8)/
2]&(0xffffffffL)))):(((7)&1)?(t_d[(7)/2]&=(0xffffffffL
)):(t_d[(7)/2]=0)); };
919 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP(256+64 -1)/64);
920 /*D4*/
921 nist_set_256(t_d, buf.bn, 13, 0, 11, 10, 9, 0, 15, 14){ (((14) - 8)>=0)?(((0)&1)?(t_d[(0)/2]|=(((14) - 8)&
1)?(buf.bn[((14) - 8)/2]&(0xffffffff00000000L)):(buf.bn[(
(14) - 8)/2]<<32)) :(t_d[(0)/2] =(((14) - 8)&1)?(buf
.bn[((14) - 8)/2]>>32):(buf.bn[((14) - 8)/2]&(0xffffffffL
)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL)):(t_d[(0)/2]
=0)); (((15) - 8)>=0)?(((1)&1)?(t_d[(1)/2]|=(((15) - 8
)&1)?(buf.bn[((15) - 8)/2]&(0xffffffff00000000L)):(buf
.bn[((15) - 8)/2]<<32)) :(t_d[(1)/2] =(((15) - 8)&1
)?(buf.bn[((15) - 8)/2]>>32):(buf.bn[((15) - 8)/2]&
(0xffffffffL)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL))
:(t_d[(1)/2]=0)); (((0) - 8)>=0)?(((2)&1)?(t_d[(2)/2]|=
(((0) - 8)&1)?(buf.bn[((0) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 8)/2]<<32)) :(t_d[(2)/2] =(((0) - 8)&
1)?(buf.bn[((0) - 8)/2]>>32):(buf.bn[((0) - 8)/2]&(
0xffffffffL)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL)):
(t_d[(2)/2]=0)); (((9) - 8)>=0)?(((3)&1)?(t_d[(3)/2]|=
(((9) - 8)&1)?(buf.bn[((9) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((9) - 8)/2]<<32)) :(t_d[(3)/2] =(((9) - 8)&
1)?(buf.bn[((9) - 8)/2]>>32):(buf.bn[((9) - 8)/2]&(
0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL)):
(t_d[(3)/2]=0)); (((10) - 8)>=0)?(((4)&1)?(t_d[(4)/2]|=
(((10) - 8)&1)?(buf.bn[((10) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((10) - 8)/2]<<32)) :(t_d[(4)/2] =(((10) - 8
)&1)?(buf.bn[((10) - 8)/2]>>32):(buf.bn[((10) - 8)/
2]&(0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL
)):(t_d[(4)/2]=0)); (((11) - 8)>=0)?(((5)&1)?(t_d[(5)/
2]|=(((11) - 8)&1)?(buf.bn[((11) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((11) - 8)/2]<<32)) :(t_d[(5)/2] =(((11) - 8
)&1)?(buf.bn[((11) - 8)/2]>>32):(buf.bn[((11) - 8)/
2]&(0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL
)):(t_d[(5)/2]=0)); (((0) - 8)>=0)?(((6)&1)?(t_d[(6)/2
]|=(((0) - 8)&1)?(buf.bn[((0) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 8)/2]<<32)) :(t_d[(6)/2] =(((0) - 8)&
1)?(buf.bn[((0) - 8)/2]>>32):(buf.bn[((0) - 8)/2]&(
0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL)):
(t_d[(6)/2]=0)); (((13) - 8)>=0)?(((7)&1)?(t_d[(7)/2]|=
(((13) - 8)&1)?(buf.bn[((13) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((13) - 8)/2]<<32)) :(t_d[(7)/2] =(((13) - 8
)&1)?(buf.bn[((13) - 8)/2]>>32):(buf.bn[((13) - 8)/
2]&(0xffffffffL)))):(((7)&1)?(t_d[(7)/2]&=(0xffffffffL
)):(t_d[(7)/2]=0)); };
922 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP(256+64 -1)/64);
923
924 }
925#endif
926 /* see BN_nist_mod_224 for explanation */
927 u.f = bn_sub_words;
928 if (carry > 0)
929 carry = (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1],
930 BN_NIST_256_TOP(256+64 -1)/64);
931 else if (carry < 0) {
932 carry = (int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1],
933 BN_NIST_256_TOP(256+64 -1)/64);
934 mask = 0 - (uintptr_t)carry;
935 u.p = ((uintptr_t)bn_sub_words & mask) |
936 ((uintptr_t)bn_add_words & ~mask);
937 } else
938 carry = 1;
939
940 mask = 0 - (uintptr_t)(*u.f)(c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP(256+64 -1)/64);
941 mask &= 0 - (uintptr_t)carry;
942 res = c_d;
943 res = (BN_ULONGunsigned long *)(((uintptr_t)res & ~mask) | ((uintptr_t)r_d & mask));
944 nist_cp_bn(r_d, res, BN_NIST_256_TOP(256+64 -1)/64);
945 r->top = BN_NIST_256_TOP(256+64 -1)/64;
946 bn_correct_top(r){ unsigned long *ftl; int tmp_top = (r)->top; if (tmp_top >
0) { for (ftl= &((r)->d[tmp_top-1]); tmp_top > 0; tmp_top
--) if (*(ftl--)) break; (r)->top = tmp_top; } ; };
947
948 return 1;
949}
950
951#define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12){ (((a12) - 12)>=0)?(((0)&1)?(to[(0)/2]|=(((a12) - 12)
&1)?(from[((a12) - 12)/2]&(0xffffffff00000000L)):(from
[((a12) - 12)/2]<<32)) :(to[(0)/2] =(((a12) - 12)&1
)?(from[((a12) - 12)/2]>>32):(from[((a12) - 12)/2]&
(0xffffffffL)))):(((0)&1)?(to[(0)/2]&=(0xffffffffL)):
(to[(0)/2]=0)); (((a11) - 12)>=0)?(((1)&1)?(to[(1)/2]|=
(((a11) - 12)&1)?(from[((a11) - 12)/2]&(0xffffffff00000000L
)):(from[((a11) - 12)/2]<<32)) :(to[(1)/2] =(((a11) - 12
)&1)?(from[((a11) - 12)/2]>>32):(from[((a11) - 12)/
2]&(0xffffffffL)))):(((1)&1)?(to[(1)/2]&=(0xffffffffL
)):(to[(1)/2]=0)); (((a10) - 12)>=0)?(((2)&1)?(to[(2)/
2]|=(((a10) - 12)&1)?(from[((a10) - 12)/2]&(0xffffffff00000000L
)):(from[((a10) - 12)/2]<<32)) :(to[(2)/2] =(((a10) - 12
)&1)?(from[((a10) - 12)/2]>>32):(from[((a10) - 12)/
2]&(0xffffffffL)))):(((2)&1)?(to[(2)/2]&=(0xffffffffL
)):(to[(2)/2]=0)); (((a9) - 12)>=0)?(((3)&1)?(to[(3)/2
]|=(((a9) - 12)&1)?(from[((a9) - 12)/2]&(0xffffffff00000000L
)):(from[((a9) - 12)/2]<<32)) :(to[(3)/2] =(((a9) - 12)
&1)?(from[((a9) - 12)/2]>>32):(from[((a9) - 12)/2]&
(0xffffffffL)))):(((3)&1)?(to[(3)/2]&=(0xffffffffL)):
(to[(3)/2]=0)); (((a8) - 12)>=0)?(((4)&1)?(to[(4)/2]|=
(((a8) - 12)&1)?(from[((a8) - 12)/2]&(0xffffffff00000000L
)):(from[((a8) - 12)/2]<<32)) :(to[(4)/2] =(((a8) - 12)
&1)?(from[((a8) - 12)/2]>>32):(from[((a8) - 12)/2]&
(0xffffffffL)))):(((4)&1)?(to[(4)/2]&=(0xffffffffL)):
(to[(4)/2]=0)); (((a7) - 12)>=0)?(((5)&1)?(to[(5)/2]|=
(((a7) - 12)&1)?(from[((a7) - 12)/2]&(0xffffffff00000000L
)):(from[((a7) - 12)/2]<<32)) :(to[(5)/2] =(((a7) - 12)
&1)?(from[((a7) - 12)/2]>>32):(from[((a7) - 12)/2]&
(0xffffffffL)))):(((5)&1)?(to[(5)/2]&=(0xffffffffL)):
(to[(5)/2]=0)); (((a6) - 12)>=0)?(((6)&1)?(to[(6)/2]|=
(((a6) - 12)&1)?(from[((a6) - 12)/2]&(0xffffffff00000000L
)):(from[((a6) - 12)/2]<<32)) :(to[(6)/2] =(((a6) - 12)
&1)?(from[((a6) - 12)/2]>>32):(from[((a6) - 12)/2]&
(0xffffffffL)))):(((6)&1)?(to[(6)/2]&=(0xffffffffL)):
(to[(6)/2]=0)); (((a5) - 12)>=0)?(((7)&1)?(to[(7)/2]|=
(((a5) - 12)&1)?(from[((a5) - 12)/2]&(0xffffffff00000000L
)):(from[((a5) - 12)/2]<<32)) :(to[(7)/2] =(((a5) - 12)
&1)?(from[((a5) - 12)/2]>>32):(from[((a5) - 12)/2]&
(0xffffffffL)))):(((7)&1)?(to[(7)/2]&=(0xffffffffL)):
(to[(7)/2]=0)); (((a4) - 12)>=0)?(((8)&1)?(to[(8)/2]|=
(((a4) - 12)&1)?(from[((a4) - 12)/2]&(0xffffffff00000000L
)):(from[((a4) - 12)/2]<<32)) :(to[(8)/2] =(((a4) - 12)
&1)?(from[((a4) - 12)/2]>>32):(from[((a4) - 12)/2]&
(0xffffffffL)))):(((8)&1)?(to[(8)/2]&=(0xffffffffL)):
(to[(8)/2]=0)); (((a3) - 12)>=0)?(((9)&1)?(to[(9)/2]|=
(((a3) - 12)&1)?(from[((a3) - 12)/2]&(0xffffffff00000000L
)):(from[((a3) - 12)/2]<<32)) :(to[(9)/2] =(((a3) - 12)
&1)?(from[((a3) - 12)/2]>>32):(from[((a3) - 12)/2]&
(0xffffffffL)))):(((9)&1)?(to[(9)/2]&=(0xffffffffL)):
(to[(9)/2]=0)); (((a2) - 12)>=0)?(((10)&1)?(to[(10)/2]
|=(((a2) - 12)&1)?(from[((a2) - 12)/2]&(0xffffffff00000000L
)):(from[((a2) - 12)/2]<<32)) :(to[(10)/2] =(((a2) - 12
)&1)?(from[((a2) - 12)/2]>>32):(from[((a2) - 12)/2]
&(0xffffffffL)))):(((10)&1)?(to[(10)/2]&=(0xffffffffL
)):(to[(10)/2]=0)); (((a1) - 12)>=0)?(((11)&1)?(to[(11
)/2]|=(((a1) - 12)&1)?(from[((a1) - 12)/2]&(0xffffffff00000000L
)):(from[((a1) - 12)/2]<<32)) :(to[(11)/2] =(((a1) - 12
)&1)?(from[((a1) - 12)/2]>>32):(from[((a1) - 12)/2]
&(0xffffffffL)))):(((11)&1)?(to[(11)/2]&=(0xffffffffL
)):(to[(11)/2]=0)); } \
952 { \
953 bn_cp_32(to, 0, from, (a12) - 12)(((a12) - 12)>=0)?(((0)&1)?(to[(0)/2]|=(((a12) - 12)&
1)?(from[((a12) - 12)/2]&(0xffffffff00000000L)):(from[((a12
) - 12)/2]<<32)) :(to[(0)/2] =(((a12) - 12)&1)?(from
[((a12) - 12)/2]>>32):(from[((a12) - 12)/2]&(0xffffffffL
)))):(((0)&1)?(to[(0)/2]&=(0xffffffffL)):(to[(0)/2]=0
)); \
954 bn_cp_32(to, 1, from, (a11) - 12)(((a11) - 12)>=0)?(((1)&1)?(to[(1)/2]|=(((a11) - 12)&
1)?(from[((a11) - 12)/2]&(0xffffffff00000000L)):(from[((a11
) - 12)/2]<<32)) :(to[(1)/2] =(((a11) - 12)&1)?(from
[((a11) - 12)/2]>>32):(from[((a11) - 12)/2]&(0xffffffffL
)))):(((1)&1)?(to[(1)/2]&=(0xffffffffL)):(to[(1)/2]=0
)); \
955 bn_cp_32(to, 2, from, (a10) - 12)(((a10) - 12)>=0)?(((2)&1)?(to[(2)/2]|=(((a10) - 12)&
1)?(from[((a10) - 12)/2]&(0xffffffff00000000L)):(from[((a10
) - 12)/2]<<32)) :(to[(2)/2] =(((a10) - 12)&1)?(from
[((a10) - 12)/2]>>32):(from[((a10) - 12)/2]&(0xffffffffL
)))):(((2)&1)?(to[(2)/2]&=(0xffffffffL)):(to[(2)/2]=0
)); \
956 bn_cp_32(to, 3, from, (a9) - 12)(((a9) - 12)>=0)?(((3)&1)?(to[(3)/2]|=(((a9) - 12)&
1)?(from[((a9) - 12)/2]&(0xffffffff00000000L)):(from[((a9
) - 12)/2]<<32)) :(to[(3)/2] =(((a9) - 12)&1)?(from
[((a9) - 12)/2]>>32):(from[((a9) - 12)/2]&(0xffffffffL
)))):(((3)&1)?(to[(3)/2]&=(0xffffffffL)):(to[(3)/2]=0
)); \
957 bn_cp_32(to, 4, from, (a8) - 12)(((a8) - 12)>=0)?(((4)&1)?(to[(4)/2]|=(((a8) - 12)&
1)?(from[((a8) - 12)/2]&(0xffffffff00000000L)):(from[((a8
) - 12)/2]<<32)) :(to[(4)/2] =(((a8) - 12)&1)?(from
[((a8) - 12)/2]>>32):(from[((a8) - 12)/2]&(0xffffffffL
)))):(((4)&1)?(to[(4)/2]&=(0xffffffffL)):(to[(4)/2]=0
)); \
958 bn_cp_32(to, 5, from, (a7) - 12)(((a7) - 12)>=0)?(((5)&1)?(to[(5)/2]|=(((a7) - 12)&
1)?(from[((a7) - 12)/2]&(0xffffffff00000000L)):(from[((a7
) - 12)/2]<<32)) :(to[(5)/2] =(((a7) - 12)&1)?(from
[((a7) - 12)/2]>>32):(from[((a7) - 12)/2]&(0xffffffffL
)))):(((5)&1)?(to[(5)/2]&=(0xffffffffL)):(to[(5)/2]=0
)); \
959 bn_cp_32(to, 6, from, (a6) - 12)(((a6) - 12)>=0)?(((6)&1)?(to[(6)/2]|=(((a6) - 12)&
1)?(from[((a6) - 12)/2]&(0xffffffff00000000L)):(from[((a6
) - 12)/2]<<32)) :(to[(6)/2] =(((a6) - 12)&1)?(from
[((a6) - 12)/2]>>32):(from[((a6) - 12)/2]&(0xffffffffL
)))):(((6)&1)?(to[(6)/2]&=(0xffffffffL)):(to[(6)/2]=0
)); \
960 bn_cp_32(to, 7, from, (a5) - 12)(((a5) - 12)>=0)?(((7)&1)?(to[(7)/2]|=(((a5) - 12)&
1)?(from[((a5) - 12)/2]&(0xffffffff00000000L)):(from[((a5
) - 12)/2]<<32)) :(to[(7)/2] =(((a5) - 12)&1)?(from
[((a5) - 12)/2]>>32):(from[((a5) - 12)/2]&(0xffffffffL
)))):(((7)&1)?(to[(7)/2]&=(0xffffffffL)):(to[(7)/2]=0
)); \
961 bn_cp_32(to, 8, from, (a4) - 12)(((a4) - 12)>=0)?(((8)&1)?(to[(8)/2]|=(((a4) - 12)&
1)?(from[((a4) - 12)/2]&(0xffffffff00000000L)):(from[((a4
) - 12)/2]<<32)) :(to[(8)/2] =(((a4) - 12)&1)?(from
[((a4) - 12)/2]>>32):(from[((a4) - 12)/2]&(0xffffffffL
)))):(((8)&1)?(to[(8)/2]&=(0xffffffffL)):(to[(8)/2]=0
)); \
962 bn_cp_32(to, 9, from, (a3) - 12)(((a3) - 12)>=0)?(((9)&1)?(to[(9)/2]|=(((a3) - 12)&
1)?(from[((a3) - 12)/2]&(0xffffffff00000000L)):(from[((a3
) - 12)/2]<<32)) :(to[(9)/2] =(((a3) - 12)&1)?(from
[((a3) - 12)/2]>>32):(from[((a3) - 12)/2]&(0xffffffffL
)))):(((9)&1)?(to[(9)/2]&=(0xffffffffL)):(to[(9)/2]=0
)); \
963 bn_cp_32(to, 10, from, (a2) - 12)(((a2) - 12)>=0)?(((10)&1)?(to[(10)/2]|=(((a2) - 12)&
1)?(from[((a2) - 12)/2]&(0xffffffff00000000L)):(from[((a2
) - 12)/2]<<32)) :(to[(10)/2] =(((a2) - 12)&1)?(from
[((a2) - 12)/2]>>32):(from[((a2) - 12)/2]&(0xffffffffL
)))):(((10)&1)?(to[(10)/2]&=(0xffffffffL)):(to[(10)/2
]=0)); \
964 bn_cp_32(to, 11, from, (a1) - 12)(((a1) - 12)>=0)?(((11)&1)?(to[(11)/2]|=(((a1) - 12)&
1)?(from[((a1) - 12)/2]&(0xffffffff00000000L)):(from[((a1
) - 12)/2]<<32)) :(to[(11)/2] =(((a1) - 12)&1)?(from
[((a1) - 12)/2]>>32):(from[((a1) - 12)/2]&(0xffffffffL
)))):(((11)&1)?(to[(11)/2]&=(0xffffffffL)):(to[(11)/2
]=0)); \
965 }
966
967int
968BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx)
969{
970 int i, top = a->top;
971 int carry = 0;
972 BN_ULONGunsigned long *r_d, *a_d = a->d;
973 union {
974 BN_ULONGunsigned long bn[BN_NIST_384_TOP(384+64 -1)/64];
975 unsigned int ui[BN_NIST_384_TOP(384+64 -1)/64 *
976 sizeof(BN_ULONGunsigned long) / sizeof(unsigned int)];
977 } buf;
978 BN_ULONGunsigned long c_d[BN_NIST_384_TOP(384+64 -1)/64], *res;
979 uintptr_t mask;
980 union {
981 bn_addsub_f f;
982 uintptr_t p;
983 } u;
984 static const BIGNUM _bignum_nist_p_384_sqr = {
985 (BN_ULONGunsigned long *)_nist_p_384_sqr,
986 sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]),
987 sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]),
988 0,
989 BN_FLG_STATIC_DATA0x02
990 };
991
992 field = &_bignum_nist_p_384; /* just to make sure */
993
994 if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_384_sqr) >= 0)
995 return BN_nnmod(r, a, field, ctx);
996
997 i = BN_ucmp(field, a);
998 if (i == 0) {
999 BN_zero(r)(BN_set_word((r),0));
1000 return 1;
1001 } else if (i > 0)
1002 return (r == a) ? 1 : (BN_copy(r, a) != NULL((void *)0));
1003
1004 if (r != a) {
1005 if (!bn_wexpand(r, BN_NIST_384_TOP)((((384+64 -1)/64) <= (r)->dmax)?(r):bn_expand2((r),((384
+64 -1)/64))))
1006 return 0;
1007 r_d = r->d;
1008 nist_cp_bn(r_d, a_d, BN_NIST_384_TOP(384+64 -1)/64);
1009 } else
1010 r_d = a_d;
1011
1012 nist_cp_bn_0(buf.bn, a_d + BN_NIST_384_TOP(384+64 -1)/64,
1013 top - BN_NIST_384_TOP(384+64 -1)/64, BN_NIST_384_TOP(384+64 -1)/64);
1014
1015#if defined(NIST_INT64long)
1016 {
1017 NIST_INT64long acc; /* accumulator */
1018 unsigned int *rp = (unsigned int *)r_d;
1019 const unsigned int *bp = (const unsigned int *)buf.ui;
1020
1021 acc = rp[0];
1022 acc += bp[12 - 12];
1023 acc += bp[21 - 12];
1024 acc += bp[20 - 12];
1025 acc -= bp[23 - 12];
1026 rp[0] = (unsigned int)acc;
1027 acc >>= 32;
1028
1029 acc += rp[1];
1030 acc += bp[13 - 12];
1031 acc += bp[22 - 12];
1032 acc += bp[23 - 12];
1033 acc -= bp[12 - 12];
1034 acc -= bp[20 - 12];
1035 rp[1] = (unsigned int)acc;
1036 acc >>= 32;
1037
1038 acc += rp[2];
1039 acc += bp[14 - 12];
1040 acc += bp[23 - 12];
1041 acc -= bp[13 - 12];
1042 acc -= bp[21 - 12];
1043 rp[2] = (unsigned int)acc;
1044 acc >>= 32;
1045
1046 acc += rp[3];
1047 acc += bp[15 - 12];
1048 acc += bp[12 - 12];
1049 acc += bp[20 - 12];
1050 acc += bp[21 - 12];
1051 acc -= bp[14 - 12];
1052 acc -= bp[22 - 12];
1053 acc -= bp[23 - 12];
1054 rp[3] = (unsigned int)acc;
1055 acc >>= 32;
1056
1057 acc += rp[4];
1058 acc += bp[21 - 12];
1059 acc += bp[21 - 12];
1060 acc += bp[16 - 12];
1061 acc += bp[13 - 12];
1062 acc += bp[12 - 12];
1063 acc += bp[20 - 12];
1064 acc += bp[22 - 12];
1065 acc -= bp[15 - 12];
1066 acc -= bp[23 - 12];
1067 acc -= bp[23 - 12];
1068 rp[4] = (unsigned int)acc;
1069 acc >>= 32;
1070
1071 acc += rp[5];
1072 acc += bp[22 - 12];
1073 acc += bp[22 - 12];
1074 acc += bp[17 - 12];
1075 acc += bp[14 - 12];
1076 acc += bp[13 - 12];
1077 acc += bp[21 - 12];
1078 acc += bp[23 - 12];
1079 acc -= bp[16 - 12];
1080 rp[5] = (unsigned int)acc;
1081 acc >>= 32;
1082
1083 acc += rp[6];
1084 acc += bp[23 - 12];
1085 acc += bp[23 - 12];
1086 acc += bp[18 - 12];
1087 acc += bp[15 - 12];
1088 acc += bp[14 - 12];
1089 acc += bp[22 - 12];
1090 acc -= bp[17 - 12];
1091 rp[6] = (unsigned int)acc;
1092 acc >>= 32;
1093
1094 acc += rp[7];
1095 acc += bp[19 - 12];
1096 acc += bp[16 - 12];
1097 acc += bp[15 - 12];
1098 acc += bp[23 - 12];
1099 acc -= bp[18 - 12];
1100 rp[7] = (unsigned int)acc;
1101 acc >>= 32;
1102
1103 acc += rp[8];
1104 acc += bp[20 - 12];
1105 acc += bp[17 - 12];
1106 acc += bp[16 - 12];
1107 acc -= bp[19 - 12];
1108 rp[8] = (unsigned int)acc;
1109 acc >>= 32;
1110
1111 acc += rp[9];
1112 acc += bp[21 - 12];
1113 acc += bp[18 - 12];
1114 acc += bp[17 - 12];
1115 acc -= bp[20 - 12];
1116 rp[9] = (unsigned int)acc;
1117 acc >>= 32;
1118
1119 acc += rp[10];
1120 acc += bp[22 - 12];
1121 acc += bp[19 - 12];
1122 acc += bp[18 - 12];
1123 acc -= bp[21 - 12];
1124 rp[10] = (unsigned int)acc;
1125 acc >>= 32;
1126
1127 acc += rp[11];
1128 acc += bp[23 - 12];
1129 acc += bp[20 - 12];
1130 acc += bp[19 - 12];
1131 acc -= bp[22 - 12];
1132 rp[11] = (unsigned int)acc;
1133
1134 carry = (int)(acc >> 32);
1135 }
1136#else
1137 {
1138 BN_ULONGunsigned long t_d[BN_NIST_384_TOP(384+64 -1)/64] = {0};
1139
1140 /*S1*/
1141 nist_set_256(t_d, buf.bn, 0, 0, 0, 0, 0, 23 - 4, 22 - 4,{ (((21 - 4) - 8)>=0)?(((0)&1)?(t_d[(0)/2]|=(((21 - 4)
- 8)&1)?(buf.bn[((21 - 4) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((21 - 4) - 8)/2]<<32)) :(t_d[(0)/2] =(((21 -
4) - 8)&1)?(buf.bn[((21 - 4) - 8)/2]>>32):(buf.bn[
((21 - 4) - 8)/2]&(0xffffffffL)))):(((0)&1)?(t_d[(0)/
2]&=(0xffffffffL)):(t_d[(0)/2]=0)); (((22 - 4) - 8)>=0
)?(((1)&1)?(t_d[(1)/2]|=(((22 - 4) - 8)&1)?(buf.bn[((
22 - 4) - 8)/2]&(0xffffffff00000000L)):(buf.bn[((22 - 4) -
8)/2]<<32)) :(t_d[(1)/2] =(((22 - 4) - 8)&1)?(buf.
bn[((22 - 4) - 8)/2]>>32):(buf.bn[((22 - 4) - 8)/2]&
(0xffffffffL)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL))
:(t_d[(1)/2]=0)); (((23 - 4) - 8)>=0)?(((2)&1)?(t_d[(2
)/2]|=(((23 - 4) - 8)&1)?(buf.bn[((23 - 4) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((23 - 4) - 8)/2]<<32)) :(t_d[(2)/2] =(((23 -
4) - 8)&1)?(buf.bn[((23 - 4) - 8)/2]>>32):(buf.bn[
((23 - 4) - 8)/2]&(0xffffffffL)))):(((2)&1)?(t_d[(2)/
2]&=(0xffffffffL)):(t_d[(2)/2]=0)); (((0) - 8)>=0)?(((
3)&1)?(t_d[(3)/2]|=(((0) - 8)&1)?(buf.bn[((0) - 8)/2]
&(0xffffffff00000000L)):(buf.bn[((0) - 8)/2]<<32)) :
(t_d[(3)/2] =(((0) - 8)&1)?(buf.bn[((0) - 8)/2]>>32
):(buf.bn[((0) - 8)/2]&(0xffffffffL)))):(((3)&1)?(t_d
[(3)/2]&=(0xffffffffL)):(t_d[(3)/2]=0)); (((0) - 8)>=0
)?(((4)&1)?(t_d[(4)/2]|=(((0) - 8)&1)?(buf.bn[((0) - 8
)/2]&(0xffffffff00000000L)):(buf.bn[((0) - 8)/2]<<32
)) :(t_d[(4)/2] =(((0) - 8)&1)?(buf.bn[((0) - 8)/2]>>
32):(buf.bn[((0) - 8)/2]&(0xffffffffL)))):(((4)&1)?(t_d
[(4)/2]&=(0xffffffffL)):(t_d[(4)/2]=0)); (((0) - 8)>=0
)?(((5)&1)?(t_d[(5)/2]|=(((0) - 8)&1)?(buf.bn[((0) - 8
)/2]&(0xffffffff00000000L)):(buf.bn[((0) - 8)/2]<<32
)) :(t_d[(5)/2] =(((0) - 8)&1)?(buf.bn[((0) - 8)/2]>>
32):(buf.bn[((0) - 8)/2]&(0xffffffffL)))):(((5)&1)?(t_d
[(5)/2]&=(0xffffffffL)):(t_d[(5)/2]=0)); (((0) - 8)>=0
)?(((6)&1)?(t_d[(6)/2]|=(((0) - 8)&1)?(buf.bn[((0) - 8
)/2]&(0xffffffff00000000L)):(buf.bn[((0) - 8)/2]<<32
)) :(t_d[(6)/2] =(((0) - 8)&1)?(buf.bn[((0) - 8)/2]>>
32):(buf.bn[((0) - 8)/2]&(0xffffffffL)))):(((6)&1)?(t_d
[(6)/2]&=(0xffffffffL)):(t_d[(6)/2]=0)); (((0) - 8)>=0
)?(((7)&1)?(t_d[(7)/2]|=(((0) - 8)&1)?(buf.bn[((0) - 8
)/2]&(0xffffffff00000000L)):(buf.bn[((0) - 8)/2]<<32
)) :(t_d[(7)/2] =(((0) - 8)&1)?(buf.bn[((0) - 8)/2]>>
32):(buf.bn[((0) - 8)/2]&(0xffffffffL)))):(((7)&1)?(t_d
[(7)/2]&=(0xffffffffL)):(t_d[(7)/2]=0)); }
1142 21 - 4){ (((21 - 4) - 8)>=0)?(((0)&1)?(t_d[(0)/2]|=(((21 - 4)
- 8)&1)?(buf.bn[((21 - 4) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((21 - 4) - 8)/2]<<32)) :(t_d[(0)/2] =(((21 -
4) - 8)&1)?(buf.bn[((21 - 4) - 8)/2]>>32):(buf.bn[
((21 - 4) - 8)/2]&(0xffffffffL)))):(((0)&1)?(t_d[(0)/
2]&=(0xffffffffL)):(t_d[(0)/2]=0)); (((22 - 4) - 8)>=0
)?(((1)&1)?(t_d[(1)/2]|=(((22 - 4) - 8)&1)?(buf.bn[((
22 - 4) - 8)/2]&(0xffffffff00000000L)):(buf.bn[((22 - 4) -
8)/2]<<32)) :(t_d[(1)/2] =(((22 - 4) - 8)&1)?(buf.
bn[((22 - 4) - 8)/2]>>32):(buf.bn[((22 - 4) - 8)/2]&
(0xffffffffL)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL))
:(t_d[(1)/2]=0)); (((23 - 4) - 8)>=0)?(((2)&1)?(t_d[(2
)/2]|=(((23 - 4) - 8)&1)?(buf.bn[((23 - 4) - 8)/2]&(0xffffffff00000000L
)):(buf.bn[((23 - 4) - 8)/2]<<32)) :(t_d[(2)/2] =(((23 -
4) - 8)&1)?(buf.bn[((23 - 4) - 8)/2]>>32):(buf.bn[
((23 - 4) - 8)/2]&(0xffffffffL)))):(((2)&1)?(t_d[(2)/
2]&=(0xffffffffL)):(t_d[(2)/2]=0)); (((0) - 8)>=0)?(((
3)&1)?(t_d[(3)/2]|=(((0) - 8)&1)?(buf.bn[((0) - 8)/2]
&(0xffffffff00000000L)):(buf.bn[((0) - 8)/2]<<32)) :
(t_d[(3)/2] =(((0) - 8)&1)?(buf.bn[((0) - 8)/2]>>32
):(buf.bn[((0) - 8)/2]&(0xffffffffL)))):(((3)&1)?(t_d
[(3)/2]&=(0xffffffffL)):(t_d[(3)/2]=0)); (((0) - 8)>=0
)?(((4)&1)?(t_d[(4)/2]|=(((0) - 8)&1)?(buf.bn[((0) - 8
)/2]&(0xffffffff00000000L)):(buf.bn[((0) - 8)/2]<<32
)) :(t_d[(4)/2] =(((0) - 8)&1)?(buf.bn[((0) - 8)/2]>>
32):(buf.bn[((0) - 8)/2]&(0xffffffffL)))):(((4)&1)?(t_d
[(4)/2]&=(0xffffffffL)):(t_d[(4)/2]=0)); (((0) - 8)>=0
)?(((5)&1)?(t_d[(5)/2]|=(((0) - 8)&1)?(buf.bn[((0) - 8
)/2]&(0xffffffff00000000L)):(buf.bn[((0) - 8)/2]<<32
)) :(t_d[(5)/2] =(((0) - 8)&1)?(buf.bn[((0) - 8)/2]>>
32):(buf.bn[((0) - 8)/2]&(0xffffffffL)))):(((5)&1)?(t_d
[(5)/2]&=(0xffffffffL)):(t_d[(5)/2]=0)); (((0) - 8)>=0
)?(((6)&1)?(t_d[(6)/2]|=(((0) - 8)&1)?(buf.bn[((0) - 8
)/2]&(0xffffffff00000000L)):(buf.bn[((0) - 8)/2]<<32
)) :(t_d[(6)/2] =(((0) - 8)&1)?(buf.bn[((0) - 8)/2]>>
32):(buf.bn[((0) - 8)/2]&(0xffffffffL)))):(((6)&1)?(t_d
[(6)/2]&=(0xffffffffL)):(t_d[(6)/2]=0)); (((0) - 8)>=0
)?(((7)&1)?(t_d[(7)/2]|=(((0) - 8)&1)?(buf.bn[((0) - 8
)/2]&(0xffffffff00000000L)):(buf.bn[((0) - 8)/2]<<32
)) :(t_d[(7)/2] =(((0) - 8)&1)?(buf.bn[((0) - 8)/2]>>
32):(buf.bn[((0) - 8)/2]&(0xffffffffL)))):(((7)&1)?(t_d
[(7)/2]&=(0xffffffffL)):(t_d[(7)/2]=0)); };
1143 /* left shift */
1144 {
1145 BN_ULONGunsigned long *ap, t, c;
1146 ap = t_d;
1147 c = 0;
1148 for (i = 3; i != 0; --i) {
1149 t= *ap;
1150 *(ap++) = ((t << 1)|c) & BN_MASK2(0xffffffffffffffffL);
1151 c = (t & BN_TBIT(0x8000000000000000L)) ? 1 : 0;
1152 }
1153 *ap = c;
1154 }
1155 carry = (int)bn_add_words(r_d + (128 / BN_BITS264),
1156 r_d + (128 / BN_BITS264), t_d, BN_NIST_256_TOP(256+64 -1)/64);
1157 /*S2 */
1158 carry += (int)bn_add_words(r_d, r_d, buf.bn, BN_NIST_384_TOP(384+64 -1)/64);
1159 /*S3*/
1160 nist_set_384(t_d, buf.bn, 20, 19, 18, 17, 16, 15, 14, 13, 12,{ (((21) - 12)>=0)?(((0)&1)?(t_d[(0)/2]|=(((21) - 12)&
1)?(buf.bn[((21) - 12)/2]&(0xffffffff00000000L)):(buf.bn[
((21) - 12)/2]<<32)) :(t_d[(0)/2] =(((21) - 12)&1)?
(buf.bn[((21) - 12)/2]>>32):(buf.bn[((21) - 12)/2]&
(0xffffffffL)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL))
:(t_d[(0)/2]=0)); (((22) - 12)>=0)?(((1)&1)?(t_d[(1)/2
]|=(((22) - 12)&1)?(buf.bn[((22) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((22) - 12)/2]<<32)) :(t_d[(1)/2] =(((22) - 12
)&1)?(buf.bn[((22) - 12)/2]>>32):(buf.bn[((22) - 12
)/2]&(0xffffffffL)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL
)):(t_d[(1)/2]=0)); (((23) - 12)>=0)?(((2)&1)?(t_d[(2)
/2]|=(((23) - 12)&1)?(buf.bn[((23) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((23) - 12)/2]<<32)) :(t_d[(2)/2] =(((23) - 12
)&1)?(buf.bn[((23) - 12)/2]>>32):(buf.bn[((23) - 12
)/2]&(0xffffffffL)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL
)):(t_d[(2)/2]=0)); (((12) - 12)>=0)?(((3)&1)?(t_d[(3)
/2]|=(((12) - 12)&1)?(buf.bn[((12) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((12) - 12)/2]<<32)) :(t_d[(3)/2] =(((12) - 12
)&1)?(buf.bn[((12) - 12)/2]>>32):(buf.bn[((12) - 12
)/2]&(0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL
)):(t_d[(3)/2]=0)); (((13) - 12)>=0)?(((4)&1)?(t_d[(4)
/2]|=(((13) - 12)&1)?(buf.bn[((13) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((13) - 12)/2]<<32)) :(t_d[(4)/2] =(((13) - 12
)&1)?(buf.bn[((13) - 12)/2]>>32):(buf.bn[((13) - 12
)/2]&(0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL
)):(t_d[(4)/2]=0)); (((14) - 12)>=0)?(((5)&1)?(t_d[(5)
/2]|=(((14) - 12)&1)?(buf.bn[((14) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((14) - 12)/2]<<32)) :(t_d[(5)/2] =(((14) - 12
)&1)?(buf.bn[((14) - 12)/2]>>32):(buf.bn[((14) - 12
)/2]&(0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL
)):(t_d[(5)/2]=0)); (((15) - 12)>=0)?(((6)&1)?(t_d[(6)
/2]|=(((15) - 12)&1)?(buf.bn[((15) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((15) - 12)/2]<<32)) :(t_d[(6)/2] =(((15) - 12
)&1)?(buf.bn[((15) - 12)/2]>>32):(buf.bn[((15) - 12
)/2]&(0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL
)):(t_d[(6)/2]=0)); (((16) - 12)>=0)?(((7)&1)?(t_d[(7)
/2]|=(((16) - 12)&1)?(buf.bn[((16) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((16) - 12)/2]<<32)) :(t_d[(7)/2] =(((16) - 12
)&1)?(buf.bn[((16) - 12)/2]>>32):(buf.bn[((16) - 12
)/2]&(0xffffffffL)))):(((7)&1)?(t_d[(7)/2]&=(0xffffffffL
)):(t_d[(7)/2]=0)); (((17) - 12)>=0)?(((8)&1)?(t_d[(8)
/2]|=(((17) - 12)&1)?(buf.bn[((17) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((17) - 12)/2]<<32)) :(t_d[(8)/2] =(((17) - 12
)&1)?(buf.bn[((17) - 12)/2]>>32):(buf.bn[((17) - 12
)/2]&(0xffffffffL)))):(((8)&1)?(t_d[(8)/2]&=(0xffffffffL
)):(t_d[(8)/2]=0)); (((18) - 12)>=0)?(((9)&1)?(t_d[(9)
/2]|=(((18) - 12)&1)?(buf.bn[((18) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((18) - 12)/2]<<32)) :(t_d[(9)/2] =(((18) - 12
)&1)?(buf.bn[((18) - 12)/2]>>32):(buf.bn[((18) - 12
)/2]&(0xffffffffL)))):(((9)&1)?(t_d[(9)/2]&=(0xffffffffL
)):(t_d[(9)/2]=0)); (((19) - 12)>=0)?(((10)&1)?(t_d[(10
)/2]|=(((19) - 12)&1)?(buf.bn[((19) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((19) - 12)/2]<<32)) :(t_d[(10)/2] =(((19) -
12)&1)?(buf.bn[((19) - 12)/2]>>32):(buf.bn[((19) -
12)/2]&(0xffffffffL)))):(((10)&1)?(t_d[(10)/2]&=
(0xffffffffL)):(t_d[(10)/2]=0)); (((20) - 12)>=0)?(((11)&
1)?(t_d[(11)/2]|=(((20) - 12)&1)?(buf.bn[((20) - 12)/2]&
(0xffffffff00000000L)):(buf.bn[((20) - 12)/2]<<32)) :(t_d
[(11)/2] =(((20) - 12)&1)?(buf.bn[((20) - 12)/2]>>32
):(buf.bn[((20) - 12)/2]&(0xffffffffL)))):(((11)&1)?(
t_d[(11)/2]&=(0xffffffffL)):(t_d[(11)/2]=0)); }
1161 23, 22, 21){ (((21) - 12)>=0)?(((0)&1)?(t_d[(0)/2]|=(((21) - 12)&
1)?(buf.bn[((21) - 12)/2]&(0xffffffff00000000L)):(buf.bn[
((21) - 12)/2]<<32)) :(t_d[(0)/2] =(((21) - 12)&1)?
(buf.bn[((21) - 12)/2]>>32):(buf.bn[((21) - 12)/2]&
(0xffffffffL)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL))
:(t_d[(0)/2]=0)); (((22) - 12)>=0)?(((1)&1)?(t_d[(1)/2
]|=(((22) - 12)&1)?(buf.bn[((22) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((22) - 12)/2]<<32)) :(t_d[(1)/2] =(((22) - 12
)&1)?(buf.bn[((22) - 12)/2]>>32):(buf.bn[((22) - 12
)/2]&(0xffffffffL)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL
)):(t_d[(1)/2]=0)); (((23) - 12)>=0)?(((2)&1)?(t_d[(2)
/2]|=(((23) - 12)&1)?(buf.bn[((23) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((23) - 12)/2]<<32)) :(t_d[(2)/2] =(((23) - 12
)&1)?(buf.bn[((23) - 12)/2]>>32):(buf.bn[((23) - 12
)/2]&(0xffffffffL)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL
)):(t_d[(2)/2]=0)); (((12) - 12)>=0)?(((3)&1)?(t_d[(3)
/2]|=(((12) - 12)&1)?(buf.bn[((12) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((12) - 12)/2]<<32)) :(t_d[(3)/2] =(((12) - 12
)&1)?(buf.bn[((12) - 12)/2]>>32):(buf.bn[((12) - 12
)/2]&(0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL
)):(t_d[(3)/2]=0)); (((13) - 12)>=0)?(((4)&1)?(t_d[(4)
/2]|=(((13) - 12)&1)?(buf.bn[((13) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((13) - 12)/2]<<32)) :(t_d[(4)/2] =(((13) - 12
)&1)?(buf.bn[((13) - 12)/2]>>32):(buf.bn[((13) - 12
)/2]&(0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL
)):(t_d[(4)/2]=0)); (((14) - 12)>=0)?(((5)&1)?(t_d[(5)
/2]|=(((14) - 12)&1)?(buf.bn[((14) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((14) - 12)/2]<<32)) :(t_d[(5)/2] =(((14) - 12
)&1)?(buf.bn[((14) - 12)/2]>>32):(buf.bn[((14) - 12
)/2]&(0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL
)):(t_d[(5)/2]=0)); (((15) - 12)>=0)?(((6)&1)?(t_d[(6)
/2]|=(((15) - 12)&1)?(buf.bn[((15) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((15) - 12)/2]<<32)) :(t_d[(6)/2] =(((15) - 12
)&1)?(buf.bn[((15) - 12)/2]>>32):(buf.bn[((15) - 12
)/2]&(0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL
)):(t_d[(6)/2]=0)); (((16) - 12)>=0)?(((7)&1)?(t_d[(7)
/2]|=(((16) - 12)&1)?(buf.bn[((16) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((16) - 12)/2]<<32)) :(t_d[(7)/2] =(((16) - 12
)&1)?(buf.bn[((16) - 12)/2]>>32):(buf.bn[((16) - 12
)/2]&(0xffffffffL)))):(((7)&1)?(t_d[(7)/2]&=(0xffffffffL
)):(t_d[(7)/2]=0)); (((17) - 12)>=0)?(((8)&1)?(t_d[(8)
/2]|=(((17) - 12)&1)?(buf.bn[((17) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((17) - 12)/2]<<32)) :(t_d[(8)/2] =(((17) - 12
)&1)?(buf.bn[((17) - 12)/2]>>32):(buf.bn[((17) - 12
)/2]&(0xffffffffL)))):(((8)&1)?(t_d[(8)/2]&=(0xffffffffL
)):(t_d[(8)/2]=0)); (((18) - 12)>=0)?(((9)&1)?(t_d[(9)
/2]|=(((18) - 12)&1)?(buf.bn[((18) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((18) - 12)/2]<<32)) :(t_d[(9)/2] =(((18) - 12
)&1)?(buf.bn[((18) - 12)/2]>>32):(buf.bn[((18) - 12
)/2]&(0xffffffffL)))):(((9)&1)?(t_d[(9)/2]&=(0xffffffffL
)):(t_d[(9)/2]=0)); (((19) - 12)>=0)?(((10)&1)?(t_d[(10
)/2]|=(((19) - 12)&1)?(buf.bn[((19) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((19) - 12)/2]<<32)) :(t_d[(10)/2] =(((19) -
12)&1)?(buf.bn[((19) - 12)/2]>>32):(buf.bn[((19) -
12)/2]&(0xffffffffL)))):(((10)&1)?(t_d[(10)/2]&=
(0xffffffffL)):(t_d[(10)/2]=0)); (((20) - 12)>=0)?(((11)&
1)?(t_d[(11)/2]|=(((20) - 12)&1)?(buf.bn[((20) - 12)/2]&
(0xffffffff00000000L)):(buf.bn[((20) - 12)/2]<<32)) :(t_d
[(11)/2] =(((20) - 12)&1)?(buf.bn[((20) - 12)/2]>>32
):(buf.bn[((20) - 12)/2]&(0xffffffffL)))):(((11)&1)?(
t_d[(11)/2]&=(0xffffffffL)):(t_d[(11)/2]=0)); };
1162 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP(384+64 -1)/64);
1163 /*S4*/
1164 nist_set_384(t_d, buf.bn, 19, 18, 17, 16, 15, 14, 13, 12, 20,{ (((0) - 12)>=0)?(((0)&1)?(t_d[(0)/2]|=(((0) - 12)&
1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L)):(buf.bn[(
(0) - 12)/2]<<32)) :(t_d[(0)/2] =(((0) - 12)&1)?(buf
.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/2]&(0xffffffffL
)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL)):(t_d[(0)/2]
=0)); (((23) - 12)>=0)?(((1)&1)?(t_d[(1)/2]|=(((23) - 12
)&1)?(buf.bn[((23) - 12)/2]&(0xffffffff00000000L)):(buf
.bn[((23) - 12)/2]<<32)) :(t_d[(1)/2] =(((23) - 12)&
1)?(buf.bn[((23) - 12)/2]>>32):(buf.bn[((23) - 12)/2]&
(0xffffffffL)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL))
:(t_d[(1)/2]=0)); (((0) - 12)>=0)?(((2)&1)?(t_d[(2)/2]
|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(2)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL
)):(t_d[(2)/2]=0)); (((20) - 12)>=0)?(((3)&1)?(t_d[(3)
/2]|=(((20) - 12)&1)?(buf.bn[((20) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((20) - 12)/2]<<32)) :(t_d[(3)/2] =(((20) - 12
)&1)?(buf.bn[((20) - 12)/2]>>32):(buf.bn[((20) - 12
)/2]&(0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL
)):(t_d[(3)/2]=0)); (((12) - 12)>=0)?(((4)&1)?(t_d[(4)
/2]|=(((12) - 12)&1)?(buf.bn[((12) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((12) - 12)/2]<<32)) :(t_d[(4)/2] =(((12) - 12
)&1)?(buf.bn[((12) - 12)/2]>>32):(buf.bn[((12) - 12
)/2]&(0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL
)):(t_d[(4)/2]=0)); (((13) - 12)>=0)?(((5)&1)?(t_d[(5)
/2]|=(((13) - 12)&1)?(buf.bn[((13) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((13) - 12)/2]<<32)) :(t_d[(5)/2] =(((13) - 12
)&1)?(buf.bn[((13) - 12)/2]>>32):(buf.bn[((13) - 12
)/2]&(0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL
)):(t_d[(5)/2]=0)); (((14) - 12)>=0)?(((6)&1)?(t_d[(6)
/2]|=(((14) - 12)&1)?(buf.bn[((14) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((14) - 12)/2]<<32)) :(t_d[(6)/2] =(((14) - 12
)&1)?(buf.bn[((14) - 12)/2]>>32):(buf.bn[((14) - 12
)/2]&(0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL
)):(t_d[(6)/2]=0)); (((15) - 12)>=0)?(((7)&1)?(t_d[(7)
/2]|=(((15) - 12)&1)?(buf.bn[((15) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((15) - 12)/2]<<32)) :(t_d[(7)/2] =(((15) - 12
)&1)?(buf.bn[((15) - 12)/2]>>32):(buf.bn[((15) - 12
)/2]&(0xffffffffL)))):(((7)&1)?(t_d[(7)/2]&=(0xffffffffL
)):(t_d[(7)/2]=0)); (((16) - 12)>=0)?(((8)&1)?(t_d[(8)
/2]|=(((16) - 12)&1)?(buf.bn[((16) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((16) - 12)/2]<<32)) :(t_d[(8)/2] =(((16) - 12
)&1)?(buf.bn[((16) - 12)/2]>>32):(buf.bn[((16) - 12
)/2]&(0xffffffffL)))):(((8)&1)?(t_d[(8)/2]&=(0xffffffffL
)):(t_d[(8)/2]=0)); (((17) - 12)>=0)?(((9)&1)?(t_d[(9)
/2]|=(((17) - 12)&1)?(buf.bn[((17) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((17) - 12)/2]<<32)) :(t_d[(9)/2] =(((17) - 12
)&1)?(buf.bn[((17) - 12)/2]>>32):(buf.bn[((17) - 12
)/2]&(0xffffffffL)))):(((9)&1)?(t_d[(9)/2]&=(0xffffffffL
)):(t_d[(9)/2]=0)); (((18) - 12)>=0)?(((10)&1)?(t_d[(10
)/2]|=(((18) - 12)&1)?(buf.bn[((18) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((18) - 12)/2]<<32)) :(t_d[(10)/2] =(((18) -
12)&1)?(buf.bn[((18) - 12)/2]>>32):(buf.bn[((18) -
12)/2]&(0xffffffffL)))):(((10)&1)?(t_d[(10)/2]&=
(0xffffffffL)):(t_d[(10)/2]=0)); (((19) - 12)>=0)?(((11)&
1)?(t_d[(11)/2]|=(((19) - 12)&1)?(buf.bn[((19) - 12)/2]&
(0xffffffff00000000L)):(buf.bn[((19) - 12)/2]<<32)) :(t_d
[(11)/2] =(((19) - 12)&1)?(buf.bn[((19) - 12)/2]>>32
):(buf.bn[((19) - 12)/2]&(0xffffffffL)))):(((11)&1)?(
t_d[(11)/2]&=(0xffffffffL)):(t_d[(11)/2]=0)); }
1165 0, 23, 0){ (((0) - 12)>=0)?(((0)&1)?(t_d[(0)/2]|=(((0) - 12)&
1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L)):(buf.bn[(
(0) - 12)/2]<<32)) :(t_d[(0)/2] =(((0) - 12)&1)?(buf
.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/2]&(0xffffffffL
)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL)):(t_d[(0)/2]
=0)); (((23) - 12)>=0)?(((1)&1)?(t_d[(1)/2]|=(((23) - 12
)&1)?(buf.bn[((23) - 12)/2]&(0xffffffff00000000L)):(buf
.bn[((23) - 12)/2]<<32)) :(t_d[(1)/2] =(((23) - 12)&
1)?(buf.bn[((23) - 12)/2]>>32):(buf.bn[((23) - 12)/2]&
(0xffffffffL)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL))
:(t_d[(1)/2]=0)); (((0) - 12)>=0)?(((2)&1)?(t_d[(2)/2]
|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(2)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL
)):(t_d[(2)/2]=0)); (((20) - 12)>=0)?(((3)&1)?(t_d[(3)
/2]|=(((20) - 12)&1)?(buf.bn[((20) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((20) - 12)/2]<<32)) :(t_d[(3)/2] =(((20) - 12
)&1)?(buf.bn[((20) - 12)/2]>>32):(buf.bn[((20) - 12
)/2]&(0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL
)):(t_d[(3)/2]=0)); (((12) - 12)>=0)?(((4)&1)?(t_d[(4)
/2]|=(((12) - 12)&1)?(buf.bn[((12) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((12) - 12)/2]<<32)) :(t_d[(4)/2] =(((12) - 12
)&1)?(buf.bn[((12) - 12)/2]>>32):(buf.bn[((12) - 12
)/2]&(0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL
)):(t_d[(4)/2]=0)); (((13) - 12)>=0)?(((5)&1)?(t_d[(5)
/2]|=(((13) - 12)&1)?(buf.bn[((13) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((13) - 12)/2]<<32)) :(t_d[(5)/2] =(((13) - 12
)&1)?(buf.bn[((13) - 12)/2]>>32):(buf.bn[((13) - 12
)/2]&(0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL
)):(t_d[(5)/2]=0)); (((14) - 12)>=0)?(((6)&1)?(t_d[(6)
/2]|=(((14) - 12)&1)?(buf.bn[((14) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((14) - 12)/2]<<32)) :(t_d[(6)/2] =(((14) - 12
)&1)?(buf.bn[((14) - 12)/2]>>32):(buf.bn[((14) - 12
)/2]&(0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL
)):(t_d[(6)/2]=0)); (((15) - 12)>=0)?(((7)&1)?(t_d[(7)
/2]|=(((15) - 12)&1)?(buf.bn[((15) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((15) - 12)/2]<<32)) :(t_d[(7)/2] =(((15) - 12
)&1)?(buf.bn[((15) - 12)/2]>>32):(buf.bn[((15) - 12
)/2]&(0xffffffffL)))):(((7)&1)?(t_d[(7)/2]&=(0xffffffffL
)):(t_d[(7)/2]=0)); (((16) - 12)>=0)?(((8)&1)?(t_d[(8)
/2]|=(((16) - 12)&1)?(buf.bn[((16) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((16) - 12)/2]<<32)) :(t_d[(8)/2] =(((16) - 12
)&1)?(buf.bn[((16) - 12)/2]>>32):(buf.bn[((16) - 12
)/2]&(0xffffffffL)))):(((8)&1)?(t_d[(8)/2]&=(0xffffffffL
)):(t_d[(8)/2]=0)); (((17) - 12)>=0)?(((9)&1)?(t_d[(9)
/2]|=(((17) - 12)&1)?(buf.bn[((17) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((17) - 12)/2]<<32)) :(t_d[(9)/2] =(((17) - 12
)&1)?(buf.bn[((17) - 12)/2]>>32):(buf.bn[((17) - 12
)/2]&(0xffffffffL)))):(((9)&1)?(t_d[(9)/2]&=(0xffffffffL
)):(t_d[(9)/2]=0)); (((18) - 12)>=0)?(((10)&1)?(t_d[(10
)/2]|=(((18) - 12)&1)?(buf.bn[((18) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((18) - 12)/2]<<32)) :(t_d[(10)/2] =(((18) -
12)&1)?(buf.bn[((18) - 12)/2]>>32):(buf.bn[((18) -
12)/2]&(0xffffffffL)))):(((10)&1)?(t_d[(10)/2]&=
(0xffffffffL)):(t_d[(10)/2]=0)); (((19) - 12)>=0)?(((11)&
1)?(t_d[(11)/2]|=(((19) - 12)&1)?(buf.bn[((19) - 12)/2]&
(0xffffffff00000000L)):(buf.bn[((19) - 12)/2]<<32)) :(t_d
[(11)/2] =(((19) - 12)&1)?(buf.bn[((19) - 12)/2]>>32
):(buf.bn[((19) - 12)/2]&(0xffffffffL)))):(((11)&1)?(
t_d[(11)/2]&=(0xffffffffL)):(t_d[(11)/2]=0)); };
1166 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP(384+64 -1)/64);
1167 /*S5*/
1168 nist_set_384(t_d, buf.bn, 0,0, 0,0, 23, 22, 21, 20, 0,0, 0, 0){ (((0) - 12)>=0)?(((0)&1)?(t_d[(0)/2]|=(((0) - 12)&
1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L)):(buf.bn[(
(0) - 12)/2]<<32)) :(t_d[(0)/2] =(((0) - 12)&1)?(buf
.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/2]&(0xffffffffL
)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL)):(t_d[(0)/2]
=0)); (((0) - 12)>=0)?(((1)&1)?(t_d[(1)/2]|=(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L)):(buf
.bn[((0) - 12)/2]<<32)) :(t_d[(1)/2] =(((0) - 12)&1
)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/2]&
(0xffffffffL)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL))
:(t_d[(1)/2]=0)); (((0) - 12)>=0)?(((2)&1)?(t_d[(2)/2]
|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(2)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL
)):(t_d[(2)/2]=0)); (((0) - 12)>=0)?(((3)&1)?(t_d[(3)/
2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(3)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL
)):(t_d[(3)/2]=0)); (((20) - 12)>=0)?(((4)&1)?(t_d[(4)
/2]|=(((20) - 12)&1)?(buf.bn[((20) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((20) - 12)/2]<<32)) :(t_d[(4)/2] =(((20) - 12
)&1)?(buf.bn[((20) - 12)/2]>>32):(buf.bn[((20) - 12
)/2]&(0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL
)):(t_d[(4)/2]=0)); (((21) - 12)>=0)?(((5)&1)?(t_d[(5)
/2]|=(((21) - 12)&1)?(buf.bn[((21) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((21) - 12)/2]<<32)) :(t_d[(5)/2] =(((21) - 12
)&1)?(buf.bn[((21) - 12)/2]>>32):(buf.bn[((21) - 12
)/2]&(0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL
)):(t_d[(5)/2]=0)); (((22) - 12)>=0)?(((6)&1)?(t_d[(6)
/2]|=(((22) - 12)&1)?(buf.bn[((22) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((22) - 12)/2]<<32)) :(t_d[(6)/2] =(((22) - 12
)&1)?(buf.bn[((22) - 12)/2]>>32):(buf.bn[((22) - 12
)/2]&(0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL
)):(t_d[(6)/2]=0)); (((23) - 12)>=0)?(((7)&1)?(t_d[(7)
/2]|=(((23) - 12)&1)?(buf.bn[((23) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((23) - 12)/2]<<32)) :(t_d[(7)/2] =(((23) - 12
)&1)?(buf.bn[((23) - 12)/2]>>32):(buf.bn[((23) - 12
)/2]&(0xffffffffL)))):(((7)&1)?(t_d[(7)/2]&=(0xffffffffL
)):(t_d[(7)/2]=0)); (((0) - 12)>=0)?(((8)&1)?(t_d[(8)/
2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(8)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((8)&1)?(t_d[(8)/2]&=(0xffffffffL
)):(t_d[(8)/2]=0)); (((0) - 12)>=0)?(((9)&1)?(t_d[(9)/
2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(9)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((9)&1)?(t_d[(9)/2]&=(0xffffffffL
)):(t_d[(9)/2]=0)); (((0) - 12)>=0)?(((10)&1)?(t_d[(10
)/2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(10)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((10)&1)?(t_d[(10)/2]&=(0xffffffffL
)):(t_d[(10)/2]=0)); (((0) - 12)>=0)?(((11)&1)?(t_d[(11
)/2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(11)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((11)&1)?(t_d[(11)/2]&=(0xffffffffL
)):(t_d[(11)/2]=0)); };
1169 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP(384+64 -1)/64);
1170 /*S6*/
1171 nist_set_384(t_d, buf.bn, 0,0, 0,0, 0,0, 23, 22, 21, 0,0, 20){ (((20) - 12)>=0)?(((0)&1)?(t_d[(0)/2]|=(((20) - 12)&
1)?(buf.bn[((20) - 12)/2]&(0xffffffff00000000L)):(buf.bn[
((20) - 12)/2]<<32)) :(t_d[(0)/2] =(((20) - 12)&1)?
(buf.bn[((20) - 12)/2]>>32):(buf.bn[((20) - 12)/2]&
(0xffffffffL)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL))
:(t_d[(0)/2]=0)); (((0) - 12)>=0)?(((1)&1)?(t_d[(1)/2]
|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(1)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL
)):(t_d[(1)/2]=0)); (((0) - 12)>=0)?(((2)&1)?(t_d[(2)/
2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(2)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL
)):(t_d[(2)/2]=0)); (((21) - 12)>=0)?(((3)&1)?(t_d[(3)
/2]|=(((21) - 12)&1)?(buf.bn[((21) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((21) - 12)/2]<<32)) :(t_d[(3)/2] =(((21) - 12
)&1)?(buf.bn[((21) - 12)/2]>>32):(buf.bn[((21) - 12
)/2]&(0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL
)):(t_d[(3)/2]=0)); (((22) - 12)>=0)?(((4)&1)?(t_d[(4)
/2]|=(((22) - 12)&1)?(buf.bn[((22) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((22) - 12)/2]<<32)) :(t_d[(4)/2] =(((22) - 12
)&1)?(buf.bn[((22) - 12)/2]>>32):(buf.bn[((22) - 12
)/2]&(0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL
)):(t_d[(4)/2]=0)); (((23) - 12)>=0)?(((5)&1)?(t_d[(5)
/2]|=(((23) - 12)&1)?(buf.bn[((23) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((23) - 12)/2]<<32)) :(t_d[(5)/2] =(((23) - 12
)&1)?(buf.bn[((23) - 12)/2]>>32):(buf.bn[((23) - 12
)/2]&(0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL
)):(t_d[(5)/2]=0)); (((0) - 12)>=0)?(((6)&1)?(t_d[(6)/
2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(6)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL
)):(t_d[(6)/2]=0)); (((0) - 12)>=0)?(((7)&1)?(t_d[(7)/
2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(7)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((7)&1)?(t_d[(7)/2]&=(0xffffffffL
)):(t_d[(7)/2]=0)); (((0) - 12)>=0)?(((8)&1)?(t_d[(8)/
2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(8)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((8)&1)?(t_d[(8)/2]&=(0xffffffffL
)):(t_d[(8)/2]=0)); (((0) - 12)>=0)?(((9)&1)?(t_d[(9)/
2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(9)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((9)&1)?(t_d[(9)/2]&=(0xffffffffL
)):(t_d[(9)/2]=0)); (((0) - 12)>=0)?(((10)&1)?(t_d[(10
)/2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(10)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((10)&1)?(t_d[(10)/2]&=(0xffffffffL
)):(t_d[(10)/2]=0)); (((0) - 12)>=0)?(((11)&1)?(t_d[(11
)/2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(11)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((11)&1)?(t_d[(11)/2]&=(0xffffffffL
)):(t_d[(11)/2]=0)); };
1172 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP(384+64 -1)/64);
1173 /*D1*/
1174 nist_set_384(t_d, buf.bn, 22, 21, 20, 19, 18, 17, 16, 15, 14,{ (((23) - 12)>=0)?(((0)&1)?(t_d[(0)/2]|=(((23) - 12)&
1)?(buf.bn[((23) - 12)/2]&(0xffffffff00000000L)):(buf.bn[
((23) - 12)/2]<<32)) :(t_d[(0)/2] =(((23) - 12)&1)?
(buf.bn[((23) - 12)/2]>>32):(buf.bn[((23) - 12)/2]&
(0xffffffffL)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL))
:(t_d[(0)/2]=0)); (((12) - 12)>=0)?(((1)&1)?(t_d[(1)/2
]|=(((12) - 12)&1)?(buf.bn[((12) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((12) - 12)/2]<<32)) :(t_d[(1)/2] =(((12) - 12
)&1)?(buf.bn[((12) - 12)/2]>>32):(buf.bn[((12) - 12
)/2]&(0xffffffffL)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL
)):(t_d[(1)/2]=0)); (((13) - 12)>=0)?(((2)&1)?(t_d[(2)
/2]|=(((13) - 12)&1)?(buf.bn[((13) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((13) - 12)/2]<<32)) :(t_d[(2)/2] =(((13) - 12
)&1)?(buf.bn[((13) - 12)/2]>>32):(buf.bn[((13) - 12
)/2]&(0xffffffffL)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL
)):(t_d[(2)/2]=0)); (((14) - 12)>=0)?(((3)&1)?(t_d[(3)
/2]|=(((14) - 12)&1)?(buf.bn[((14) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((14) - 12)/2]<<32)) :(t_d[(3)/2] =(((14) - 12
)&1)?(buf.bn[((14) - 12)/2]>>32):(buf.bn[((14) - 12
)/2]&(0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL
)):(t_d[(3)/2]=0)); (((15) - 12)>=0)?(((4)&1)?(t_d[(4)
/2]|=(((15) - 12)&1)?(buf.bn[((15) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((15) - 12)/2]<<32)) :(t_d[(4)/2] =(((15) - 12
)&1)?(buf.bn[((15) - 12)/2]>>32):(buf.bn[((15) - 12
)/2]&(0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL
)):(t_d[(4)/2]=0)); (((16) - 12)>=0)?(((5)&1)?(t_d[(5)
/2]|=(((16) - 12)&1)?(buf.bn[((16) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((16) - 12)/2]<<32)) :(t_d[(5)/2] =(((16) - 12
)&1)?(buf.bn[((16) - 12)/2]>>32):(buf.bn[((16) - 12
)/2]&(0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL
)):(t_d[(5)/2]=0)); (((17) - 12)>=0)?(((6)&1)?(t_d[(6)
/2]|=(((17) - 12)&1)?(buf.bn[((17) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((17) - 12)/2]<<32)) :(t_d[(6)/2] =(((17) - 12
)&1)?(buf.bn[((17) - 12)/2]>>32):(buf.bn[((17) - 12
)/2]&(0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL
)):(t_d[(6)/2]=0)); (((18) - 12)>=0)?(((7)&1)?(t_d[(7)
/2]|=(((18) - 12)&1)?(buf.bn[((18) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((18) - 12)/2]<<32)) :(t_d[(7)/2] =(((18) - 12
)&1)?(buf.bn[((18) - 12)/2]>>32):(buf.bn[((18) - 12
)/2]&(0xffffffffL)))):(((7)&1)?(t_d[(7)/2]&=(0xffffffffL
)):(t_d[(7)/2]=0)); (((19) - 12)>=0)?(((8)&1)?(t_d[(8)
/2]|=(((19) - 12)&1)?(buf.bn[((19) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((19) - 12)/2]<<32)) :(t_d[(8)/2] =(((19) - 12
)&1)?(buf.bn[((19) - 12)/2]>>32):(buf.bn[((19) - 12
)/2]&(0xffffffffL)))):(((8)&1)?(t_d[(8)/2]&=(0xffffffffL
)):(t_d[(8)/2]=0)); (((20) - 12)>=0)?(((9)&1)?(t_d[(9)
/2]|=(((20) - 12)&1)?(buf.bn[((20) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((20) - 12)/2]<<32)) :(t_d[(9)/2] =(((20) - 12
)&1)?(buf.bn[((20) - 12)/2]>>32):(buf.bn[((20) - 12
)/2]&(0xffffffffL)))):(((9)&1)?(t_d[(9)/2]&=(0xffffffffL
)):(t_d[(9)/2]=0)); (((21) - 12)>=0)?(((10)&1)?(t_d[(10
)/2]|=(((21) - 12)&1)?(buf.bn[((21) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((21) - 12)/2]<<32)) :(t_d[(10)/2] =(((21) -
12)&1)?(buf.bn[((21) - 12)/2]>>32):(buf.bn[((21) -
12)/2]&(0xffffffffL)))):(((10)&1)?(t_d[(10)/2]&=
(0xffffffffL)):(t_d[(10)/2]=0)); (((22) - 12)>=0)?(((11)&
1)?(t_d[(11)/2]|=(((22) - 12)&1)?(buf.bn[((22) - 12)/2]&
(0xffffffff00000000L)):(buf.bn[((22) - 12)/2]<<32)) :(t_d
[(11)/2] =(((22) - 12)&1)?(buf.bn[((22) - 12)/2]>>32
):(buf.bn[((22) - 12)/2]&(0xffffffffL)))):(((11)&1)?(
t_d[(11)/2]&=(0xffffffffL)):(t_d[(11)/2]=0)); }
1175 13, 12, 23){ (((23) - 12)>=0)?(((0)&1)?(t_d[(0)/2]|=(((23) - 12)&
1)?(buf.bn[((23) - 12)/2]&(0xffffffff00000000L)):(buf.bn[
((23) - 12)/2]<<32)) :(t_d[(0)/2] =(((23) - 12)&1)?
(buf.bn[((23) - 12)/2]>>32):(buf.bn[((23) - 12)/2]&
(0xffffffffL)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL))
:(t_d[(0)/2]=0)); (((12) - 12)>=0)?(((1)&1)?(t_d[(1)/2
]|=(((12) - 12)&1)?(buf.bn[((12) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((12) - 12)/2]<<32)) :(t_d[(1)/2] =(((12) - 12
)&1)?(buf.bn[((12) - 12)/2]>>32):(buf.bn[((12) - 12
)/2]&(0xffffffffL)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL
)):(t_d[(1)/2]=0)); (((13) - 12)>=0)?(((2)&1)?(t_d[(2)
/2]|=(((13) - 12)&1)?(buf.bn[((13) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((13) - 12)/2]<<32)) :(t_d[(2)/2] =(((13) - 12
)&1)?(buf.bn[((13) - 12)/2]>>32):(buf.bn[((13) - 12
)/2]&(0xffffffffL)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL
)):(t_d[(2)/2]=0)); (((14) - 12)>=0)?(((3)&1)?(t_d[(3)
/2]|=(((14) - 12)&1)?(buf.bn[((14) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((14) - 12)/2]<<32)) :(t_d[(3)/2] =(((14) - 12
)&1)?(buf.bn[((14) - 12)/2]>>32):(buf.bn[((14) - 12
)/2]&(0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL
)):(t_d[(3)/2]=0)); (((15) - 12)>=0)?(((4)&1)?(t_d[(4)
/2]|=(((15) - 12)&1)?(buf.bn[((15) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((15) - 12)/2]<<32)) :(t_d[(4)/2] =(((15) - 12
)&1)?(buf.bn[((15) - 12)/2]>>32):(buf.bn[((15) - 12
)/2]&(0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL
)):(t_d[(4)/2]=0)); (((16) - 12)>=0)?(((5)&1)?(t_d[(5)
/2]|=(((16) - 12)&1)?(buf.bn[((16) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((16) - 12)/2]<<32)) :(t_d[(5)/2] =(((16) - 12
)&1)?(buf.bn[((16) - 12)/2]>>32):(buf.bn[((16) - 12
)/2]&(0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL
)):(t_d[(5)/2]=0)); (((17) - 12)>=0)?(((6)&1)?(t_d[(6)
/2]|=(((17) - 12)&1)?(buf.bn[((17) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((17) - 12)/2]<<32)) :(t_d[(6)/2] =(((17) - 12
)&1)?(buf.bn[((17) - 12)/2]>>32):(buf.bn[((17) - 12
)/2]&(0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL
)):(t_d[(6)/2]=0)); (((18) - 12)>=0)?(((7)&1)?(t_d[(7)
/2]|=(((18) - 12)&1)?(buf.bn[((18) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((18) - 12)/2]<<32)) :(t_d[(7)/2] =(((18) - 12
)&1)?(buf.bn[((18) - 12)/2]>>32):(buf.bn[((18) - 12
)/2]&(0xffffffffL)))):(((7)&1)?(t_d[(7)/2]&=(0xffffffffL
)):(t_d[(7)/2]=0)); (((19) - 12)>=0)?(((8)&1)?(t_d[(8)
/2]|=(((19) - 12)&1)?(buf.bn[((19) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((19) - 12)/2]<<32)) :(t_d[(8)/2] =(((19) - 12
)&1)?(buf.bn[((19) - 12)/2]>>32):(buf.bn[((19) - 12
)/2]&(0xffffffffL)))):(((8)&1)?(t_d[(8)/2]&=(0xffffffffL
)):(t_d[(8)/2]=0)); (((20) - 12)>=0)?(((9)&1)?(t_d[(9)
/2]|=(((20) - 12)&1)?(buf.bn[((20) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((20) - 12)/2]<<32)) :(t_d[(9)/2] =(((20) - 12
)&1)?(buf.bn[((20) - 12)/2]>>32):(buf.bn[((20) - 12
)/2]&(0xffffffffL)))):(((9)&1)?(t_d[(9)/2]&=(0xffffffffL
)):(t_d[(9)/2]=0)); (((21) - 12)>=0)?(((10)&1)?(t_d[(10
)/2]|=(((21) - 12)&1)?(buf.bn[((21) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((21) - 12)/2]<<32)) :(t_d[(10)/2] =(((21) -
12)&1)?(buf.bn[((21) - 12)/2]>>32):(buf.bn[((21) -
12)/2]&(0xffffffffL)))):(((10)&1)?(t_d[(10)/2]&=
(0xffffffffL)):(t_d[(10)/2]=0)); (((22) - 12)>=0)?(((11)&
1)?(t_d[(11)/2]|=(((22) - 12)&1)?(buf.bn[((22) - 12)/2]&
(0xffffffff00000000L)):(buf.bn[((22) - 12)/2]<<32)) :(t_d
[(11)/2] =(((22) - 12)&1)?(buf.bn[((22) - 12)/2]>>32
):(buf.bn[((22) - 12)/2]&(0xffffffffL)))):(((11)&1)?(
t_d[(11)/2]&=(0xffffffffL)):(t_d[(11)/2]=0)); };
1176 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP(384+64 -1)/64);
1177 /*D2*/
1178 nist_set_384(t_d, buf.bn, 0,0, 0,0, 0,0, 0,23, 22, 21, 20, 0){ (((0) - 12)>=0)?(((0)&1)?(t_d[(0)/2]|=(((0) - 12)&
1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L)):(buf.bn[(
(0) - 12)/2]<<32)) :(t_d[(0)/2] =(((0) - 12)&1)?(buf
.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/2]&(0xffffffffL
)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL)):(t_d[(0)/2]
=0)); (((20) - 12)>=0)?(((1)&1)?(t_d[(1)/2]|=(((20) - 12
)&1)?(buf.bn[((20) - 12)/2]&(0xffffffff00000000L)):(buf
.bn[((20) - 12)/2]<<32)) :(t_d[(1)/2] =(((20) - 12)&
1)?(buf.bn[((20) - 12)/2]>>32):(buf.bn[((20) - 12)/2]&
(0xffffffffL)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL))
:(t_d[(1)/2]=0)); (((21) - 12)>=0)?(((2)&1)?(t_d[(2)/2
]|=(((21) - 12)&1)?(buf.bn[((21) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((21) - 12)/2]<<32)) :(t_d[(2)/2] =(((21) - 12
)&1)?(buf.bn[((21) - 12)/2]>>32):(buf.bn[((21) - 12
)/2]&(0xffffffffL)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL
)):(t_d[(2)/2]=0)); (((22) - 12)>=0)?(((3)&1)?(t_d[(3)
/2]|=(((22) - 12)&1)?(buf.bn[((22) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((22) - 12)/2]<<32)) :(t_d[(3)/2] =(((22) - 12
)&1)?(buf.bn[((22) - 12)/2]>>32):(buf.bn[((22) - 12
)/2]&(0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL
)):(t_d[(3)/2]=0)); (((23) - 12)>=0)?(((4)&1)?(t_d[(4)
/2]|=(((23) - 12)&1)?(buf.bn[((23) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((23) - 12)/2]<<32)) :(t_d[(4)/2] =(((23) - 12
)&1)?(buf.bn[((23) - 12)/2]>>32):(buf.bn[((23) - 12
)/2]&(0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL
)):(t_d[(4)/2]=0)); (((0) - 12)>=0)?(((5)&1)?(t_d[(5)/
2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(5)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL
)):(t_d[(5)/2]=0)); (((0) - 12)>=0)?(((6)&1)?(t_d[(6)/
2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(6)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL
)):(t_d[(6)/2]=0)); (((0) - 12)>=0)?(((7)&1)?(t_d[(7)/
2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(7)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((7)&1)?(t_d[(7)/2]&=(0xffffffffL
)):(t_d[(7)/2]=0)); (((0) - 12)>=0)?(((8)&1)?(t_d[(8)/
2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(8)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((8)&1)?(t_d[(8)/2]&=(0xffffffffL
)):(t_d[(8)/2]=0)); (((0) - 12)>=0)?(((9)&1)?(t_d[(9)/
2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(9)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((9)&1)?(t_d[(9)/2]&=(0xffffffffL
)):(t_d[(9)/2]=0)); (((0) - 12)>=0)?(((10)&1)?(t_d[(10
)/2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(10)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((10)&1)?(t_d[(10)/2]&=(0xffffffffL
)):(t_d[(10)/2]=0)); (((0) - 12)>=0)?(((11)&1)?(t_d[(11
)/2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(11)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((11)&1)?(t_d[(11)/2]&=(0xffffffffL
)):(t_d[(11)/2]=0)); };
1179 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP(384+64 -1)/64);
1180 /*D3*/
1181 nist_set_384(t_d, buf.bn, 0,0, 0,0, 0,0, 0,23, 23, 0,0, 0){ (((0) - 12)>=0)?(((0)&1)?(t_d[(0)/2]|=(((0) - 12)&
1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L)):(buf.bn[(
(0) - 12)/2]<<32)) :(t_d[(0)/2] =(((0) - 12)&1)?(buf
.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/2]&(0xffffffffL
)))):(((0)&1)?(t_d[(0)/2]&=(0xffffffffL)):(t_d[(0)/2]
=0)); (((0) - 12)>=0)?(((1)&1)?(t_d[(1)/2]|=(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L)):(buf
.bn[((0) - 12)/2]<<32)) :(t_d[(1)/2] =(((0) - 12)&1
)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/2]&
(0xffffffffL)))):(((1)&1)?(t_d[(1)/2]&=(0xffffffffL))
:(t_d[(1)/2]=0)); (((0) - 12)>=0)?(((2)&1)?(t_d[(2)/2]
|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(2)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((2)&1)?(t_d[(2)/2]&=(0xffffffffL
)):(t_d[(2)/2]=0)); (((23) - 12)>=0)?(((3)&1)?(t_d[(3)
/2]|=(((23) - 12)&1)?(buf.bn[((23) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((23) - 12)/2]<<32)) :(t_d[(3)/2] =(((23) - 12
)&1)?(buf.bn[((23) - 12)/2]>>32):(buf.bn[((23) - 12
)/2]&(0xffffffffL)))):(((3)&1)?(t_d[(3)/2]&=(0xffffffffL
)):(t_d[(3)/2]=0)); (((23) - 12)>=0)?(((4)&1)?(t_d[(4)
/2]|=(((23) - 12)&1)?(buf.bn[((23) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((23) - 12)/2]<<32)) :(t_d[(4)/2] =(((23) - 12
)&1)?(buf.bn[((23) - 12)/2]>>32):(buf.bn[((23) - 12
)/2]&(0xffffffffL)))):(((4)&1)?(t_d[(4)/2]&=(0xffffffffL
)):(t_d[(4)/2]=0)); (((0) - 12)>=0)?(((5)&1)?(t_d[(5)/
2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(5)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((5)&1)?(t_d[(5)/2]&=(0xffffffffL
)):(t_d[(5)/2]=0)); (((0) - 12)>=0)?(((6)&1)?(t_d[(6)/
2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(6)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((6)&1)?(t_d[(6)/2]&=(0xffffffffL
)):(t_d[(6)/2]=0)); (((0) - 12)>=0)?(((7)&1)?(t_d[(7)/
2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(7)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((7)&1)?(t_d[(7)/2]&=(0xffffffffL
)):(t_d[(7)/2]=0)); (((0) - 12)>=0)?(((8)&1)?(t_d[(8)/
2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(8)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((8)&1)?(t_d[(8)/2]&=(0xffffffffL
)):(t_d[(8)/2]=0)); (((0) - 12)>=0)?(((9)&1)?(t_d[(9)/
2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(9)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((9)&1)?(t_d[(9)/2]&=(0xffffffffL
)):(t_d[(9)/2]=0)); (((0) - 12)>=0)?(((10)&1)?(t_d[(10
)/2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(10)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((10)&1)?(t_d[(10)/2]&=(0xffffffffL
)):(t_d[(10)/2]=0)); (((0) - 12)>=0)?(((11)&1)?(t_d[(11
)/2]|=(((0) - 12)&1)?(buf.bn[((0) - 12)/2]&(0xffffffff00000000L
)):(buf.bn[((0) - 12)/2]<<32)) :(t_d[(11)/2] =(((0) - 12
)&1)?(buf.bn[((0) - 12)/2]>>32):(buf.bn[((0) - 12)/
2]&(0xffffffffL)))):(((11)&1)?(t_d[(11)/2]&=(0xffffffffL
)):(t_d[(11)/2]=0)); };
1182 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP(384+64 -1)/64);
1183
1184 }
1185#endif
1186 /* see BN_nist_mod_224 for explanation */
1187 u.f = bn_sub_words;
1188 if (carry > 0)
1189 carry = (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1],
1190 BN_NIST_384_TOP(384+64 -1)/64);
1191 else if (carry < 0) {
1192 carry = (int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1],
1193 BN_NIST_384_TOP(384+64 -1)/64);
1194 mask = 0 - (uintptr_t)carry;
1195 u.p = ((uintptr_t)bn_sub_words & mask) |
1196 ((uintptr_t)bn_add_words & ~mask);
1197 } else
1198 carry = 1;
1199
1200 mask = 0 - (uintptr_t)(*u.f)(c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP(384+64 -1)/64);
1201 mask &= 0 - (uintptr_t)carry;
1202 res = c_d;
1203 res = (BN_ULONGunsigned long *)(((uintptr_t)res & ~mask) | ((uintptr_t)r_d & mask));
1204 nist_cp_bn(r_d, res, BN_NIST_384_TOP(384+64 -1)/64);
1205 r->top = BN_NIST_384_TOP(384+64 -1)/64;
1206 bn_correct_top(r){ unsigned long *ftl; int tmp_top = (r)->top; if (tmp_top >
0) { for (ftl= &((r)->d[tmp_top-1]); tmp_top > 0; tmp_top
--) if (*(ftl--)) break; (r)->top = tmp_top; } ; };
1207
1208 return 1;
1209}
1210
1211#define BN_NIST_521_RSHIFT(521%64) (521%BN_BITS264)
1212#define BN_NIST_521_LSHIFT(64 -(521%64)) (BN_BITS264-BN_NIST_521_RSHIFT(521%64))
1213#define BN_NIST_521_TOP_MASK((unsigned long)(0xffffffffffffffffL)>>(64 -(521%64))) ((BN_ULONGunsigned long)BN_MASK2(0xffffffffffffffffL)>>BN_NIST_521_LSHIFT(64 -(521%64)))
1214
1215int
1216BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx)
1217{
1218 int top = a->top, i;
1219 BN_ULONGunsigned long *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP(521+64 -1)/64], val, tmp, *res;
1220 uintptr_t mask;
1221 static const BIGNUM _bignum_nist_p_521_sqr = {
1222 (BN_ULONGunsigned long *)_nist_p_521_sqr,
1223 sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]),
1224 sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]),
1225 0,
1226 BN_FLG_STATIC_DATA0x02
1227 };
1228
1229 field = &_bignum_nist_p_521; /* just to make sure */
1230
1231 if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_521_sqr) >= 0)
1232 return BN_nnmod(r, a, field, ctx);
1233
1234 i = BN_ucmp(field, a);
1235 if (i == 0) {
1236 BN_zero(r)(BN_set_word((r),0));
1237 return 1;
1238 } else if (i > 0)
1239 return (r == a) ? 1 : (BN_copy(r, a) != NULL((void *)0));
1240
1241 if (r != a) {
1242 if (!bn_wexpand(r, BN_NIST_521_TOP)((((521+64 -1)/64) <= (r)->dmax)?(r):bn_expand2((r),((521
+64 -1)/64))))
1243 return 0;
1244 r_d = r->d;
1245 nist_cp_bn(r_d, a_d, BN_NIST_521_TOP(521+64 -1)/64);
1246 } else
1247 r_d = a_d;
1248
1249 /* upper 521 bits, copy ... */
1250 nist_cp_bn_0(t_d, a_d + (BN_NIST_521_TOP(521+64 -1)/64 - 1),
1251 top - (BN_NIST_521_TOP(521+64 -1)/64 - 1), BN_NIST_521_TOP(521+64 -1)/64);
1252 /* ... and right shift */
1253 for (val = t_d[0], i = 0; i < BN_NIST_521_TOP(521+64 -1)/64 - 1; i++) {
1254 tmp = val >> BN_NIST_521_RSHIFT(521%64);
1255 val = t_d[i + 1];
1256 t_d[i] = (tmp | val << BN_NIST_521_LSHIFT(64 -(521%64))) & BN_MASK2(0xffffffffffffffffL);
1257 }
1258 t_d[i] = val >> BN_NIST_521_RSHIFT(521%64);
1259 /* lower 521 bits */
1260 r_d[i] &= BN_NIST_521_TOP_MASK((unsigned long)(0xffffffffffffffffL)>>(64 -(521%64)));
1261
1262 bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP(521+64 -1)/64);
1263 mask = 0 - (uintptr_t)bn_sub_words(t_d, r_d, _nist_p_521,
1264 BN_NIST_521_TOP(521+64 -1)/64);
1265 res = t_d;
1266 res = (BN_ULONGunsigned long *)(((uintptr_t)res & ~mask) | ((uintptr_t)r_d & mask));
1267 nist_cp_bn(r_d, res, BN_NIST_521_TOP(521+64 -1)/64);
1268 r->top = BN_NIST_521_TOP(521+64 -1)/64;
1269 bn_correct_top(r){ unsigned long *ftl; int tmp_top = (r)->top; if (tmp_top >
0) { for (ftl= &((r)->d[tmp_top-1]); tmp_top > 0; tmp_top
--) if (*(ftl--)) break; (r)->top = tmp_top; } ; };
1270
1271 return 1;
1272}