#include <assert.h>
#include <limits.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include "bn_lcl.h"
-
-const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT;
+#include <openssl/opensslconf.h>
/* This stuff appears to be completely unused, so is deprecated */
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x00908000L
/*-
* For a 32 bit machine
* 2 - 4 == 128
return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
}
+static void bn_free_d(BIGNUM *a)
+{
+ if (BN_get_flags(a,BN_FLG_SECURE))
+ OPENSSL_secure_free(a->d);
+ else
+ OPENSSL_free(a->d);
+}
+
+
void BN_clear_free(BIGNUM *a)
{
int i;
bn_check_top(a);
if (a->d != NULL) {
OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
- if (!(BN_get_flags(a, BN_FLG_STATIC_DATA)))
- OPENSSL_free(a->d);
+ if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
+ bn_free_d(a);
}
i = BN_get_flags(a, BN_FLG_MALLOCED);
- OPENSSL_cleanse(a, sizeof(BIGNUM));
+ OPENSSL_cleanse(a, sizeof(*a));
if (i)
OPENSSL_free(a);
}
if (a == NULL)
return;
bn_check_top(a);
- if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA)))
- OPENSSL_free(a->d);
+ if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
+ bn_free_d(a);
if (a->flags & BN_FLG_MALLOCED)
OPENSSL_free(a);
else {
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x00908000L
a->flags |= BN_FLG_FREE;
#endif
a->d = NULL;
}
}
-void BN_init(BIGNUM *a)
+void bn_init(BIGNUM *a)
{
- memset(a, 0, sizeof(BIGNUM));
+ static BIGNUM nilbn;
+
+ *a = nilbn;
bn_check_top(a);
}
{
BIGNUM *ret;
- if ((ret = (BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) {
+ if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
return (NULL);
}
ret->flags = BN_FLG_MALLOCED;
- ret->top = 0;
- ret->neg = 0;
- ret->dmax = 0;
- ret->d = NULL;
bn_check_top(ret);
return (ret);
}
-/* This is used both by bn_expand2() and bn_dup_expand() */
+ BIGNUM *BN_secure_new(void)
+ {
+ BIGNUM *ret = BN_new();
+ if (ret != NULL)
+ ret->flags |= BN_FLG_SECURE;
+ return (ret);
+ }
+
+/* This is used by bn_expand2() */
/* The caller MUST check that words > b->dmax before calling this */
static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
{
BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
return (NULL);
}
- a = A = (BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG) * words);
+ if (BN_get_flags(b,BN_FLG_SECURE))
+ a = A = OPENSSL_secure_malloc(words * sizeof(*a));
+ else
+ a = A = OPENSSL_malloc(words * sizeof(*a));
if (A == NULL) {
BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
return (NULL);
* function - what's important is constant time operation (we're not
* actually going to use the data)
*/
- memset(a, 0, sizeof(BN_ULONG) * words);
+ memset(a, 0, sizeof(*a) * words);
#endif
#if 1
}
}
#else
- memset(A, 0, sizeof(BN_ULONG) * words);
+ memset(A, 0, sizeof(*A) * words);
memcpy(A, b->d, sizeof(b->d[0]) * b->top);
#endif
BN_ULONG *a = bn_expand_internal(b, words);
if (!a)
return NULL;
- if (b->d)
- OPENSSL_free(b->d);
+ if (b->d) {
+ OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
+ bn_free_d(b);
+ }
b->d = a;
b->dmax = words;
}
-/* None of this should be necessary because of what b->top means! */
-#if 0
- /*
- * NB: bn_wexpand() calls this only if the BIGNUM really has to grow
- */
- if (b->top < b->dmax) {
- int i;
- BN_ULONG *A = &(b->d[b->top]);
- for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) {
- A[0] = 0;
- A[1] = 0;
- A[2] = 0;
- A[3] = 0;
- A[4] = 0;
- A[5] = 0;
- A[6] = 0;
- A[7] = 0;
- }
- for (i = (b->dmax - b->top) & 7; i > 0; i--, A++)
- A[0] = 0;
- assert(A == &(b->d[b->dmax]));
- }
-#endif
bn_check_top(b);
return b;
}
return NULL;
bn_check_top(a);
- t = BN_new();
+ t = BN_get_flags(a, BN_FLG_SECURE) ? BN_secure_new() : BN_new();
if (t == NULL)
return NULL;
if (!BN_copy(t, a)) {
{
bn_check_top(a);
if (a->d != NULL)
- memset(a->d, 0, a->dmax * sizeof(a->d[0]));
+ memset(a->d, 0, sizeof(*a->d) * a->dmax);
a->top = 0;
a->neg = 0;
}
if (ret == NULL)
return (NULL);
bn_check_top(ret);
- l = 0;
+ /* Skip leading zero's. */
+ for ( ; len > 0 && *s == 0; s++, len--)
+ continue;
n = len;
if (n == 0) {
ret->top = 0;
i = ((n - 1) / BN_BYTES) + 1;
m = ((n - 1) % (BN_BYTES));
if (bn_wexpand(ret, (int)i) == NULL) {
- if (bn)
- BN_free(bn);
+ BN_free(bn);
return NULL;
}
ret->top = i;
ret->neg = 0;
+ l = 0;
while (n--) {
l = (l << 8L) | *(s++);
if (m-- == 0) {
return BN_mod_mul_montgomery(r, a, &(mont->RR), mont, ctx);
}
-void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int n)
+void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags)
{
dest->d = b->d;
dest->top = b->top;
dest->neg = b->neg;
dest->flags = ((dest->flags & BN_FLG_MALLOCED)
| (b->flags & ~BN_FLG_MALLOCED)
- | BN_FLG_STATIC_DATA | n);
+ | BN_FLG_STATIC_DATA | flags);
}
BN_GENCB *BN_GENCB_new(void)
{
BN_GENCB *ret;
- if ((ret = (BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB))) == NULL) {
+ if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
BNerr(BN_F_BN_GENCB_NEW, ERR_R_MALLOC_FAILURE);
return (NULL);
}