-/* crypto/bn/bn_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
-#ifndef BN_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
#include <assert.h>
#include <limits.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include "bn_lcl.h"
-
-const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT;
+#include <openssl/opensslconf.h>
/* This stuff appears to be completely unused, so is deprecated */
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x00908000L
/*-
* For a 32 bit machine
* 2 - 4 == 128
int BN_get_params(int which)
{
if (which == 0)
- return (bn_limit_bits);
+ return bn_limit_bits;
else if (which == 1)
- return (bn_limit_bits_high);
+ return bn_limit_bits_high;
else if (which == 2)
- return (bn_limit_bits_low);
+ return bn_limit_bits_low;
else if (which == 3)
- return (bn_limit_bits_mont);
+ return bn_limit_bits_mont;
else
- return (0);
+ return 0;
}
#endif
static const BIGNUM const_one =
{ (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA };
- return (&const_one);
+ return &const_one;
}
int BN_num_bits_word(BN_ULONG l)
return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
}
-void BN_clear_free(BIGNUM *a)
+static void bn_free_d(BIGNUM *a)
{
- int i;
+ if (BN_get_flags(a, BN_FLG_SECURE))
+ OPENSSL_secure_free(a->d);
+ else
+ OPENSSL_free(a->d);
+}
+
+void BN_clear_free(BIGNUM *a)
+{
if (a == NULL)
return;
- bn_check_top(a);
- if (a->d != NULL) {
+ if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA)) {
OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
- if (!(BN_get_flags(a, BN_FLG_STATIC_DATA)))
- OPENSSL_free(a->d);
+ bn_free_d(a);
}
- i = BN_get_flags(a, BN_FLG_MALLOCED);
- OPENSSL_cleanse(a, sizeof(BIGNUM));
- if (i)
+ if (BN_get_flags(a, BN_FLG_MALLOCED)) {
+ OPENSSL_cleanse(a, sizeof(*a));
OPENSSL_free(a);
+ }
}
void BN_free(BIGNUM *a)
{
if (a == NULL)
return;
- bn_check_top(a);
if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
- OPENSSL_free(a->d);
+ bn_free_d(a);
if (a->flags & BN_FLG_MALLOCED)
OPENSSL_free(a);
- else {
-#ifndef OPENSSL_NO_DEPRECATED
- a->flags |= BN_FLG_FREE;
-#endif
- a->d = NULL;
- }
}
-void BN_init(BIGNUM *a)
+void bn_init(BIGNUM *a)
{
- memset(a, 0, sizeof(BIGNUM));
+ static BIGNUM nilbn;
+
+ *a = nilbn;
bn_check_top(a);
}
{
BIGNUM *ret;
- if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+ if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ return NULL;
}
ret->flags = BN_FLG_MALLOCED;
- ret->top = 0;
- ret->neg = 0;
- ret->dmax = 0;
- ret->d = NULL;
bn_check_top(ret);
- return (ret);
+ return ret;
}
-/* This is used both by bn_expand2() and bn_dup_expand() */
+ BIGNUM *BN_secure_new(void)
+ {
+ BIGNUM *ret = BN_new();
+ if (ret != NULL)
+ ret->flags |= BN_FLG_SECURE;
+ return ret;
+ }
+
+/* This is used by bn_expand2() */
/* The caller MUST check that words > b->dmax before calling this */
static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
{
- BN_ULONG *A, *a = NULL;
- const BN_ULONG *B;
- int i;
+ BN_ULONG *a = NULL;
bn_check_top(b);
}
if (BN_get_flags(b, BN_FLG_STATIC_DATA)) {
BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
- return (NULL);
+ return NULL;
}
- a = A = OPENSSL_malloc(sizeof(*a) * words);
- if (A == NULL) {
+ if (BN_get_flags(b, BN_FLG_SECURE))
+ a = OPENSSL_secure_zalloc(words * sizeof(*a));
+ else
+ a = OPENSSL_zalloc(words * sizeof(*a));
+ if (a == NULL) {
BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ return NULL;
}
-#ifdef PURIFY
- /*
- * Valgrind complains in BN_consttime_swap because we process the whole
- * array even if it's not initialised yet. This doesn't matter in that
- * function - what's important is constant time operation (we're not
- * actually going to use the data)
- */
- memset(a, 0, sizeof(BN_ULONG) * words);
-#endif
-#if 1
- B = b->d;
- /* Check if the previous number needs to be copied */
- if (B != NULL) {
- for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
- /*
- * The fact that the loop is unrolled
- * 4-wise is a tribute to Intel. It's
- * the one that doesn't have enough
- * registers to accomodate more data.
- * I'd unroll it 8-wise otherwise:-)
- *
- * <appro@fy.chalmers.se>
- */
- BN_ULONG a0, a1, a2, a3;
- a0 = B[0];
- a1 = B[1];
- a2 = B[2];
- a3 = B[3];
- A[0] = a0;
- A[1] = a1;
- A[2] = a2;
- A[3] = a3;
- }
- /*
- * workaround for ultrix cc: without 'case 0', the optimizer does
- * the switch table by doing a=top&3; a--; goto jump_table[a];
- * which fails for top== 0
- */
- switch (b->top & 3) {
- case 3:
- A[2] = B[2];
- case 2:
- A[1] = B[1];
- case 1:
- A[0] = B[0];
- case 0:
- ;
- }
- }
-#else
- memset(A, 0, sizeof(BN_ULONG) * words);
- memcpy(A, b->d, sizeof(b->d[0]) * b->top);
-#endif
+ assert(b->top <= words);
+ if (b->top > 0)
+ memcpy(a, b->d, sizeof(*a) * b->top);
- return (a);
+ return a;
}
/*
BN_ULONG *a = bn_expand_internal(b, words);
if (!a)
return NULL;
- OPENSSL_free(b->d);
+ if (b->d) {
+ OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
+ bn_free_d(b);
+ }
b->d = a;
b->dmax = words;
}
return NULL;
bn_check_top(a);
- t = BN_new();
+ t = BN_get_flags(a, BN_FLG_SECURE) ? BN_secure_new() : BN_new();
if (t == NULL)
return NULL;
if (!BN_copy(t, a)) {
BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
{
- int i;
- BN_ULONG *A;
- const BN_ULONG *B;
-
bn_check_top(b);
if (a == b)
- return (a);
+ return a;
if (bn_wexpand(a, b->top) == NULL)
- return (NULL);
-
-#if 1
- A = a->d;
- B = b->d;
- for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
- BN_ULONG a0, a1, a2, a3;
- a0 = B[0];
- a1 = B[1];
- a2 = B[2];
- a3 = B[3];
- A[0] = a0;
- A[1] = a1;
- A[2] = a2;
- A[3] = a3;
- }
- /* ultrix cc workaround, see comments in bn_expand_internal */
- switch (b->top & 3) {
- case 3:
- A[2] = B[2];
- case 2:
- A[1] = B[1];
- case 1:
- A[0] = B[0];
- case 0:;
- }
-#else
- memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
-#endif
+ return NULL;
+
+ if (b->top > 0)
+ memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
+
+ if (BN_get_flags(b, BN_FLG_CONSTTIME) != 0)
+ BN_set_flags(a, BN_FLG_CONSTTIME);
a->top = b->top;
a->neg = b->neg;
bn_check_top(a);
- return (a);
+ return a;
}
void BN_swap(BIGNUM *a, BIGNUM *b)
{
bn_check_top(a);
if (a->d != NULL)
- memset(a->d, 0, a->dmax * sizeof(a->d[0]));
+ OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);
a->top = 0;
a->neg = 0;
}
{
bn_check_top(a);
if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL)
- return (0);
+ return 0;
a->neg = 0;
a->d[0] = w;
a->top = (w ? 1 : 0);
bn_check_top(a);
- return (1);
+ return 1;
}
BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
if (ret == NULL)
ret = bn = BN_new();
if (ret == NULL)
- return (NULL);
+ return NULL;
bn_check_top(ret);
- l = 0;
+ /* Skip leading zero's. */
+ for ( ; len > 0 && *s == 0; s++, len--)
+ continue;
n = len;
if (n == 0) {
ret->top = 0;
- return (ret);
+ return ret;
}
i = ((n - 1) / BN_BYTES) + 1;
m = ((n - 1) % (BN_BYTES));
}
ret->top = i;
ret->neg = 0;
+ l = 0;
while (n--) {
l = (l << 8L) | *(s++);
if (m-- == 0) {
* bit set (-ve number)
*/
bn_correct_top(ret);
- return (ret);
+ return ret;
}
/* ignore negative */
-int BN_bn2bin(const BIGNUM *a, unsigned char *to)
+static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
{
- int n, i;
+ int i;
BN_ULONG l;
bn_check_top(a);
- n = i = BN_num_bytes(a);
+ i = BN_num_bytes(a);
+ if (tolen == -1)
+ tolen = i;
+ else if (tolen < i)
+ return -1;
+ /* Add leading zeroes if necessary */
+ if (tolen > i) {
+ memset(to, 0, tolen - i);
+ to += tolen - i;
+ }
while (i--) {
l = a->d[i / BN_BYTES];
*(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
}
- return (n);
+ return tolen;
+}
+
+int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
+{
+ if (tolen < 0)
+ return -1;
+ return bn2binpad(a, to, tolen);
+}
+
+int BN_bn2bin(const BIGNUM *a, unsigned char *to)
+{
+ return bn2binpad(a, to, -1);
+}
+
+BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
+{
+ unsigned int i, m;
+ unsigned int n;
+ BN_ULONG l;
+ BIGNUM *bn = NULL;
+
+ if (ret == NULL)
+ ret = bn = BN_new();
+ if (ret == NULL)
+ return NULL;
+ bn_check_top(ret);
+ s += len;
+ /* Skip trailing zeroes. */
+ for ( ; len > 0 && s[-1] == 0; s--, len--)
+ continue;
+ n = len;
+ if (n == 0) {
+ ret->top = 0;
+ return ret;
+ }
+ i = ((n - 1) / BN_BYTES) + 1;
+ m = ((n - 1) % (BN_BYTES));
+ if (bn_wexpand(ret, (int)i) == NULL) {
+ BN_free(bn);
+ return NULL;
+ }
+ ret->top = i;
+ ret->neg = 0;
+ l = 0;
+ while (n--) {
+ s--;
+ l = (l << 8L) | *s;
+ if (m-- == 0) {
+ ret->d[--i] = l;
+ l = 0;
+ m = BN_BYTES - 1;
+ }
+ }
+ /*
+ * need to call this due to clear byte at top if avoiding having the top
+ * bit set (-ve number)
+ */
+ bn_correct_top(ret);
+ return ret;
+}
+
+int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen)
+{
+ int i;
+ BN_ULONG l;
+ bn_check_top(a);
+ i = BN_num_bytes(a);
+ if (tolen < i)
+ return -1;
+ /* Add trailing zeroes if necessary */
+ if (tolen > i)
+ memset(to + i, 0, tolen - i);
+ to += i;
+ while (i--) {
+ l = a->d[i / BN_BYTES];
+ to--;
+ *to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
+ }
+ return tolen;
}
int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
i = a->top - b->top;
if (i != 0)
- return (i);
+ return i;
ap = a->d;
bp = b->d;
for (i = a->top - 1; i >= 0; i--) {
if (t1 != t2)
return ((t1 > t2) ? 1 : -1);
}
- return (0);
+ return 0;
}
int BN_cmp(const BIGNUM *a, const BIGNUM *b)
if ((a == NULL) || (b == NULL)) {
if (a != NULL)
- return (-1);
+ return -1;
else if (b != NULL)
- return (1);
+ return 1;
else
- return (0);
+ return 0;
}
bn_check_top(a);
if (a->neg != b->neg) {
if (a->neg)
- return (-1);
+ return -1;
else
- return (1);
+ return 1;
}
if (a->neg == 0) {
gt = 1;
}
if (a->top > b->top)
- return (gt);
+ return gt;
if (a->top < b->top)
- return (lt);
+ return lt;
for (i = a->top - 1; i >= 0; i--) {
t1 = a->d[i];
t2 = b->d[i];
if (t1 > t2)
- return (gt);
+ return gt;
if (t1 < t2)
- return (lt);
+ return lt;
}
- return (0);
+ return 0;
}
int BN_set_bit(BIGNUM *a, int n)
j = n % BN_BITS2;
if (a->top <= i) {
if (bn_wexpand(a, i + 1) == NULL)
- return (0);
+ return 0;
for (k = a->top; k < i + 1; k++)
a->d[k] = 0;
a->top = i + 1;
a->d[i] |= (((BN_ULONG)1) << j);
bn_check_top(a);
- return (1);
+ return 1;
}
int BN_clear_bit(BIGNUM *a, int n)
i = n / BN_BITS2;
j = n % BN_BITS2;
if (a->top <= i)
- return (0);
+ return 0;
a->d[i] &= (~(((BN_ULONG)1) << j));
bn_correct_top(a);
- return (1);
+ return 1;
}
int BN_is_bit_set(const BIGNUM *a, int n)
a->d[w] &= ~(BN_MASK2 << b);
}
bn_correct_top(a);
- return (1);
+ return 1;
}
void BN_set_negative(BIGNUM *a, int b)
if (aa != bb)
return ((aa > bb) ? 1 : -1);
}
- return (0);
+ return 0;
}
/*
* Here follows a specialised variants of bn_cmp_words(). It has the
- * property of performing the operation on arrays of different sizes. The
+ * capability of performing the operation on arrays of different sizes. The
* sizes of those arrays is expressed through cl, which is the common length
- * ( basicall, min(len(a),len(b)) ), and dl, which is the delta between the
+ * ( basically, min(len(a),len(b)) ), and dl, which is the delta between the
* two lengths, calculated as len(a)-len(b). All lengths are the number of
* BN_ULONGs...
*/
int secbits, bits;
if (L >= 15360)
secbits = 256;
- else if (L >= 7690)
+ else if (L >= 7680)
secbits = 192;
else if (L >= 3072)
secbits = 128;
return BN_mod_mul_montgomery(r, a, &(mont->RR), mont, ctx);
}
-void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int n)
+void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags)
{
dest->d = b->d;
dest->top = b->top;
dest->neg = b->neg;
dest->flags = ((dest->flags & BN_FLG_MALLOCED)
| (b->flags & ~BN_FLG_MALLOCED)
- | BN_FLG_STATIC_DATA | n);
+ | BN_FLG_STATIC_DATA | flags);
}
BN_GENCB *BN_GENCB_new(void)
if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
BNerr(BN_F_BN_GENCB_NEW, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ return NULL;
}
return ret;
int tmp_top = a->top;
if (tmp_top > 0) {
- for (ftl = &(a->d[tmp_top - 1]); tmp_top > 0; tmp_top--)
- if (*(ftl--))
+ for (ftl = &(a->d[tmp_top]); tmp_top > 0; tmp_top--) {
+ ftl--;
+ if (*ftl != 0)
break;
+ }
a->top = tmp_top;
}
+ if (a->top == 0)
+ a->neg = 0;
bn_pollute(a);
}
projects / openssl.git / blobdiff