From 0b4099d6d19c0b67ef55094b449653c80ad6ff44 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Mon, 2 Oct 2017 15:27:27 +0900
Subject: [PATCH] mpi_montsqr fix for GNU/Linux.

---
 ChangeLog                 |  4 ++++
 polarssl/library/bignum.c | 17 +++++++++++++++++
 src/Makefile              |  2 +-
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 809d5c8..847952e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2017-10-02  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* library/bignum.c (mpi_montsqr): Easy C implementation.
+
 2017-09-30  NIIBE Yutaka  <gniibe@fsij.org>
 
 	* src/flash.c (flash_terminate, flash_activate)
diff --git a/polarssl/library/bignum.c b/polarssl/library/bignum.c
index 57c8380..108090d 100644
--- a/polarssl/library/bignum.c
+++ b/polarssl/library/bignum.c
@@ -223,6 +223,7 @@ size_t mpi_lsb( const mpi *X )
     return( 0 );
 }
 
+#if !defined(POLARSSL_HAVE_UDBL)
 /*
  * Count leading zero bits in a given integer
  */
@@ -240,6 +241,7 @@ static size_t int_clz( const t_uint x )
 
     return j;
 }
+#endif
 
 /*
  * Return the number of most significant bits
@@ -1512,9 +1514,22 @@ static void mpi_montred( size_t n, const t_uint *np, t_uint mm, t_uint *d )
 /*
  * Montgomery square: A = A * A * R^-1 mod N
  * A is placed at the upper half of D.
+ *
+ * n : number of limbs of N
+ * np: pointer to limbs of bignum N
+ * mm: m' = -N^(-1) mod b where b = 2^number-of-bit-in-limb
+ * d (destination): the result [<-- temp -->][<--- A ---->]
+ *                               lower part    upper part
+ *                                   n-limb       n-limb
  */
 static void mpi_montsqr( size_t n, const t_uint *np, t_uint mm, t_uint *d )
 {
+#ifdef BIGNUM_C_IMPLEMENTATION
+  t_uint a_input[n];
+
+  memcpy (a_input, &d[n], sizeof (a_input));
+  mpi_montmul (n, np, mm, d, a_input);
+#else
   size_t i;
   register t_uint c = 0;
 
@@ -1526,6 +1541,7 @@ static void mpi_montsqr( size_t n, const t_uint *np, t_uint mm, t_uint *d )
 
       x_i = *xj;
       *xj++ = c;
+
       asm (/* (C,R4,R5) := w_i_i + x_i*x_i; w_i_i := R5; */
            "mov    %[c], #0\n\t"
            "ldr    r5, [%[wij]]\n\t"          /* R5 := w_i_i; */
@@ -1598,6 +1614,7 @@ static void mpi_montsqr( size_t n, const t_uint *np, t_uint mm, t_uint *d )
       mpi_sub_hlp( n, np, d );
   else
       mpi_sub_hlp( n, d - n, d - n);
+#endif
 }
 
 /*
diff --git a/src/Makefile b/src/Makefile
index 2742959..da36faa 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -34,7 +34,7 @@ USE_EVENTFLAG = yes
 ifeq ($(EMULATION),)
 DEFS += -DFLASH_UPGRADE_SUPPORT
 else
-DEFS += -DBN256_C_IMPLEMENTATION
+DEFS += -DBN256_C_IMPLEMENTATION -DBIGNUM_C_IMPLEMENTATION
 endif
 
 ifneq ($(ENABLE_DEBUG),)