1 /* crypto/bn/bn_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
60 # undef NDEBUG /* avoid conflicting definitions */
70 #define OPENSSL_FIPSAPI
72 #include <openssl/fips.h>
75 const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;
77 /* This stuff appears to be completely unused, so is deprecated */
78 #ifndef OPENSSL_NO_DEPRECATED
79 /* For a 32 bit machine
88 static int bn_limit_bits=0;
89 static int bn_limit_num=8; /* (1<<bn_limit_bits) */
90 static int bn_limit_bits_low=0;
91 static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
92 static int bn_limit_bits_high=0;
93 static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
94 static int bn_limit_bits_mont=0;
95 static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
97 void BN_set_params(int mult, int high, int low, int mont)
101 if (mult > (int)(sizeof(int)*8)-1)
102 mult=sizeof(int)*8-1;
104 bn_limit_num=1<<mult;
108 if (high > (int)(sizeof(int)*8)-1)
109 high=sizeof(int)*8-1;
110 bn_limit_bits_high=high;
111 bn_limit_num_high=1<<high;
115 if (low > (int)(sizeof(int)*8)-1)
117 bn_limit_bits_low=low;
118 bn_limit_num_low=1<<low;
122 if (mont > (int)(sizeof(int)*8)-1)
123 mont=sizeof(int)*8-1;
124 bn_limit_bits_mont=mont;
125 bn_limit_num_mont=1<<mont;
129 int BN_get_params(int which)
131 if (which == 0) return(bn_limit_bits);
132 else if (which == 1) return(bn_limit_bits_high);
133 else if (which == 2) return(bn_limit_bits_low);
134 else if (which == 3) return(bn_limit_bits_mont);
139 const BIGNUM *BN_value_one(void)
141 static const BN_ULONG data_one=1L;
142 static const BIGNUM const_one={(BN_ULONG *)&data_one,1,1,0,BN_FLG_STATIC_DATA};
147 int BN_num_bits_word(BN_ULONG l)
149 static const unsigned char bits[256]={
150 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
151 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
152 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
153 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
154 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
155 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
156 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
157 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
158 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
159 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
160 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
161 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
162 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
163 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
164 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
165 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
168 #if defined(SIXTY_FOUR_BIT_LONG)
169 if (l & 0xffffffff00000000L)
171 if (l & 0xffff000000000000L)
173 if (l & 0xff00000000000000L)
175 return(bits[(int)(l>>56)]+56);
177 else return(bits[(int)(l>>48)]+48);
181 if (l & 0x0000ff0000000000L)
183 return(bits[(int)(l>>40)]+40);
185 else return(bits[(int)(l>>32)]+32);
190 #ifdef SIXTY_FOUR_BIT
191 if (l & 0xffffffff00000000LL)
193 if (l & 0xffff000000000000LL)
195 if (l & 0xff00000000000000LL)
197 return(bits[(int)(l>>56)]+56);
199 else return(bits[(int)(l>>48)]+48);
203 if (l & 0x0000ff0000000000LL)
205 return(bits[(int)(l>>40)]+40);
207 else return(bits[(int)(l>>32)]+32);
214 #if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
218 return(bits[(int)(l>>24L)]+24);
219 else return(bits[(int)(l>>16L)]+16);
224 #if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
226 return(bits[(int)(l>>8)]+8);
229 return(bits[(int)(l )] );
234 int BN_num_bits(const BIGNUM *a)
239 if (BN_is_zero(a)) return 0;
240 return ((i*BN_BITS2) + BN_num_bits_word(a->d[i]));
243 void BN_clear_free(BIGNUM *a)
247 if (a == NULL) return;
251 OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
252 if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
255 i=BN_get_flags(a,BN_FLG_MALLOCED);
256 OPENSSL_cleanse(a,sizeof(BIGNUM));
261 void BN_free(BIGNUM *a)
263 if (a == NULL) return;
265 if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
267 if (a->flags & BN_FLG_MALLOCED)
271 #ifndef OPENSSL_NO_DEPRECATED
272 a->flags|=BN_FLG_FREE;
278 void BN_init(BIGNUM *a)
280 memset(a,0,sizeof(BIGNUM));
288 if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL)
290 BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
293 ret->flags=BN_FLG_MALLOCED;
302 /* This is used both by bn_expand2() and bn_dup_expand() */
303 /* The caller MUST check that words > b->dmax before calling this */
304 static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
306 BN_ULONG *A,*a = NULL;
312 if (words > (INT_MAX/(4*BN_BITS2)))
314 BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
317 if (BN_get_flags(b,BN_FLG_STATIC_DATA))
319 BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
322 a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*words);
325 BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
330 /* Check if the previous number needs to be copied */
333 for (i=b->top>>2; i>0; i--,A+=4,B+=4)
336 * The fact that the loop is unrolled
337 * 4-wise is a tribute to Intel. It's
338 * the one that doesn't have enough
339 * registers to accomodate more data.
340 * I'd unroll it 8-wise otherwise:-)
342 * <appro@fy.chalmers.se>
344 BN_ULONG a0,a1,a2,a3;
345 a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
346 A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
353 case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does
354 * the switch table by doing a=top&3; a--; goto jump_table[a];
355 * which fails for top== 0 */
361 memset(A,0,sizeof(BN_ULONG)*words);
362 memcpy(A,b->d,sizeof(b->d[0])*b->top);
368 /* This is an internal function that can be used instead of bn_expand2()
369 * when there is a need to copy BIGNUMs instead of only expanding the
370 * data part, while still expanding them.
371 * Especially useful when needing to expand BIGNUMs that are declared
372 * 'const' and should therefore not be changed.
373 * The reason to use this instead of a BN_dup() followed by a bn_expand2()
374 * is memory allocation overhead. A BN_dup() followed by a bn_expand2()
375 * will allocate new memory for the BIGNUM data twice, and free it once,
376 * while bn_dup_expand() makes sure allocation is made only once.
379 #ifndef OPENSSL_NO_DEPRECATED
380 BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
386 /* This function does not work if
387 * words <= b->dmax && top < words
388 * because BN_dup() does not preserve 'dmax'!
389 * (But bn_dup_expand() is not used anywhere yet.)
394 BN_ULONG *a = bn_expand_internal(b, words);
408 /* r == NULL, BN_new failure */
412 /* If a == NULL, there was an error in allocation in
413 bn_expand_internal(), and NULL should be returned */
425 /* This is an internal function that should not be used in applications.
426 * It ensures that 'b' has enough room for a 'words' word number
427 * and initialises any unused part of b->d with leading zeros.
428 * It is mostly used by the various BIGNUM routines. If there is an error,
429 * NULL is returned. If not, 'b' is returned. */
431 BIGNUM *bn_expand2(BIGNUM *b, int words)
437 BN_ULONG *a = bn_expand_internal(b, words);
439 if(b->d) OPENSSL_free(b->d);
444 /* None of this should be necessary because of what b->top means! */
446 /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */
447 if (b->top < b->dmax)
450 BN_ULONG *A = &(b->d[b->top]);
451 for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
453 A[0]=0; A[1]=0; A[2]=0; A[3]=0;
454 A[4]=0; A[5]=0; A[6]=0; A[7]=0;
456 for (i=(b->dmax - b->top)&7; i>0; i--,A++)
458 assert(A == &(b->d[b->dmax]));
465 BIGNUM *BN_dup(const BIGNUM *a)
469 if (a == NULL) return NULL;
473 if (t == NULL) return NULL;
483 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
491 if (a == b) return(a);
492 if (bn_wexpand(a,b->top) == NULL) return(NULL);
497 for (i=b->top>>2; i>0; i--,A+=4,B+=4)
499 BN_ULONG a0,a1,a2,a3;
500 a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
501 A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
508 case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
511 memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
520 void BN_swap(BIGNUM *a, BIGNUM *b)
522 int flags_old_a, flags_old_b;
524 int tmp_top, tmp_dmax, tmp_neg;
529 flags_old_a = a->flags;
530 flags_old_b = b->flags;
547 a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
548 b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
553 void BN_clear(BIGNUM *a)
557 memset(a->d,0,a->dmax*sizeof(a->d[0]));
562 BN_ULONG BN_get_word(const BIGNUM *a)
566 else if (a->top == 1)
572 int BN_set_word(BIGNUM *a, BN_ULONG w)
575 if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0);
578 a->top = (w ? 1 : 0);
583 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
592 if (ret == NULL) return(NULL);
601 i=((n-1)/BN_BYTES)+1;
602 m=((n-1)%(BN_BYTES));
603 if (bn_wexpand(ret, (int)i) == NULL)
620 /* need to call this due to clear byte at top if avoiding
621 * having the top bit set (-ve number) */
626 /* ignore negative */
627 int BN_bn2bin(const BIGNUM *a, unsigned char *to)
637 *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
642 int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
645 BN_ULONG t1,t2,*ap,*bp;
651 if (i != 0) return(i);
654 for (i=a->top-1; i>=0; i--)
659 return((t1 > t2) ? 1 : -1);
664 int BN_cmp(const BIGNUM *a, const BIGNUM *b)
670 if ((a == NULL) || (b == NULL))
683 if (a->neg != b->neg)
691 else { gt= -1; lt=1; }
693 if (a->top > b->top) return(gt);
694 if (a->top < b->top) return(lt);
695 for (i=a->top-1; i>=0; i--)
699 if (t1 > t2) return(gt);
700 if (t1 < t2) return(lt);
705 int BN_set_bit(BIGNUM *a, int n)
716 if (bn_wexpand(a,i+1) == NULL) return(0);
717 for(k=a->top; k<i+1; k++)
722 a->d[i]|=(((BN_ULONG)1)<<j);
727 int BN_clear_bit(BIGNUM *a, int n)
736 if (a->top <= i) return(0);
738 a->d[i]&=(~(((BN_ULONG)1)<<j));
743 int BN_is_bit_set(const BIGNUM *a, int n)
751 if (a->top <= i) return 0;
752 return (int)(((a->d[i])>>j)&((BN_ULONG)1));
755 int BN_mask_bits(BIGNUM *a, int n)
764 if (w >= a->top) return 0;
770 a->d[w]&= ~(BN_MASK2<<b);
776 void BN_set_negative(BIGNUM *a, int b)
778 if (b && !BN_is_zero(a))
784 int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
791 if (aa != bb) return((aa > bb)?1:-1);
792 for (i=n-2; i>=0; i--)
796 if (aa != bb) return((aa > bb)?1:-1);
801 /* Here follows a specialised variants of bn_cmp_words(). It has the
802 property of performing the operation on arrays of different sizes.
803 The sizes of those arrays is expressed through cl, which is the
804 common length ( basicall, min(len(a),len(b)) ), and dl, which is the
805 delta between the two lengths, calculated as len(a)-len(b).
806 All lengths are the number of BN_ULONGs... */
808 int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
819 return -1; /* a < b */
827 return 1; /* a > b */
830 return bn_cmp_words(a,b,cl);