1 /* crypto/bn/bn_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
63 const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT;
65 /* For a 32 bit machine
74 OPENSSL_GLOBAL int bn_limit_bits=0;
75 OPENSSL_GLOBAL int bn_limit_num=8; /* (1<<bn_limit_bits) */
76 OPENSSL_GLOBAL int bn_limit_bits_low=0;
77 OPENSSL_GLOBAL int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
78 OPENSSL_GLOBAL int bn_limit_bits_high=0;
79 OPENSSL_GLOBAL int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
80 OPENSSL_GLOBAL int bn_limit_bits_mont=0;
81 OPENSSL_GLOBAL int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
83 void BN_set_params(int mult, int high, int low, int mont)
87 if (mult > (sizeof(int)*8)-1)
94 if (high > (sizeof(int)*8)-1)
96 bn_limit_bits_high=high;
97 bn_limit_num_high=1<<high;
101 if (low > (sizeof(int)*8)-1)
103 bn_limit_bits_low=low;
104 bn_limit_num_low=1<<low;
108 if (mont > (sizeof(int)*8)-1)
109 mont=sizeof(int)*8-1;
110 bn_limit_bits_mont=mont;
111 bn_limit_num_mont=1<<mont;
115 int BN_get_params(int which)
117 if (which == 0) return(bn_limit_bits);
118 else if (which == 1) return(bn_limit_bits_high);
119 else if (which == 2) return(bn_limit_bits_low);
120 else if (which == 3) return(bn_limit_bits_mont);
124 BIGNUM *BN_value_one(void)
126 static BN_ULONG data_one=1L;
127 static BIGNUM const_one={&data_one,1,1,0};
132 char *BN_options(void)
135 static char data[16];
141 sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULLONG)*8,
142 (int)sizeof(BN_ULONG)*8);
144 sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULONG)*8,
145 (int)sizeof(BN_ULONG)*8);
151 int BN_num_bits_word(BN_ULONG l)
153 static const char bits[256]={
154 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
155 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
156 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
157 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
158 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
159 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
160 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
161 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
162 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
163 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
164 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
165 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
166 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
167 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
168 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
169 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
172 #if defined(SIXTY_FOUR_BIT_LONG)
173 if (l & 0xffffffff00000000L)
175 if (l & 0xffff000000000000L)
177 if (l & 0xff00000000000000L)
179 return(bits[(int)(l>>56)]+56);
181 else return(bits[(int)(l>>48)]+48);
185 if (l & 0x0000ff0000000000L)
187 return(bits[(int)(l>>40)]+40);
189 else return(bits[(int)(l>>32)]+32);
194 #ifdef SIXTY_FOUR_BIT
195 if (l & 0xffffffff00000000LL)
197 if (l & 0xffff000000000000LL)
199 if (l & 0xff00000000000000LL)
201 return(bits[(int)(l>>56)]+56);
203 else return(bits[(int)(l>>48)]+48);
207 if (l & 0x0000ff0000000000LL)
209 return(bits[(int)(l>>40)]+40);
211 else return(bits[(int)(l>>32)]+32);
218 #if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
222 return(bits[(int)(l>>24L)]+24);
223 else return(bits[(int)(l>>16L)]+16);
228 #if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
230 return(bits[(int)(l>>8)]+8);
233 return(bits[(int)(l )] );
238 int BN_num_bits(const BIGNUM *a)
245 if (a->top == 0) return(0);
247 i=(a->top-1)*BN_BITS2;
250 #if !defined(NO_STDIO) && !defined(WIN16)
251 fprintf(stderr,"BAD TOP VALUE\n");
255 return(i+BN_num_bits_word(l));
258 void BN_clear_free(BIGNUM *a)
262 if (a == NULL) return;
265 memset(a->d,0,a->max*sizeof(a->d[0]));
266 if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
269 i=BN_get_flags(a,BN_FLG_MALLOCED);
270 memset(a,0,sizeof(BIGNUM));
275 void BN_free(BIGNUM *a)
277 if (a == NULL) return;
278 if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
280 a->flags|=BN_FLG_FREE; /* REMOVE? */
281 if (a->flags & BN_FLG_MALLOCED)
285 void BN_init(BIGNUM *a)
287 memset(a,0,sizeof(BIGNUM));
294 if ((ret=(BIGNUM *)Malloc(sizeof(BIGNUM))) == NULL)
296 BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
299 ret->flags=BN_FLG_MALLOCED;
308 BN_CTX *BN_CTX_new(void)
312 ret=(BN_CTX *)Malloc(sizeof(BN_CTX));
315 BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
320 ret->flags=BN_FLG_MALLOCED;
324 void BN_CTX_init(BN_CTX *ctx)
326 memset(ctx,0,sizeof(BN_CTX));
331 void BN_CTX_free(BN_CTX *c)
338 for (i=0; i<BN_CTX_NUM; i++)
339 BN_clear_free(&(c->bn[i]));
340 if (c->flags & BN_FLG_MALLOCED)
344 BIGNUM *bn_expand2(BIGNUM *b, int words)
355 if (BN_get_flags(b,BN_FLG_STATIC_DATA))
357 BNerr(BN_F_BN_EXPAND2,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
360 a=A=(BN_ULONG *)Malloc(sizeof(BN_ULONG)*(words+1));
363 BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE);
368 /* Check if the previous number needs to be copied */
372 /* This lot is an unrolled loop to copy b->top
373 * BN_ULONGs from B to A
376 * I have nothing against unrolling but it's usually done for
377 * several reasons, namely:
378 * - minimize percentage of decision making code, i.e. branches;
379 * - avoid cache trashing;
380 * - make it possible to schedule loads earlier;
381 * Now let's examine the code below. The cornerstone of C is
382 * "programmer is always right" and that's what we love it for:-)
383 * For this very reason C compilers have to be paranoid when it
384 * comes to data aliasing and assume the worst. Yeah, but what
385 * does it mean in real life? This means that loop body below will
386 * be compiled to sequence of loads immediately followed by stores
387 * as compiler assumes the worst, something in A==B+1 style. As a
388 * result CPU pipeline is going to starve for incoming data. Secondly
389 * if A and B happen to share same cache line such code is going to
390 * cause severe cache trashing. Both factors have severe impact on
391 * performance of modern CPUs and this is the reason why this
392 * particulare piece of code is #ifdefed away and replaced by more
393 * "friendly" version found in #else section below. This comment
394 * also applies to BN_copy function.
396 * <appro@fy.chalmers.se>
398 for (i=b->top&(~7); i>0; i-=8)
400 A[0]=B[0]; A[1]=B[1]; A[2]=B[2]; A[3]=B[3];
401 A[4]=B[4]; A[5]=B[5]; A[6]=B[6]; A[7]=B[7];
422 /* I need the 'case 0' entry for utrix cc.
423 * If the optimiser is turned on, it does the
424 * switch table by doing
427 * goto jump_table[a];
428 * If top is 0, this makes us jump to 0xffffffc
429 * which is rather bad :-(.
435 for (i=b->top>>2; i>0; i--,A+=4,B+=4)
438 * The fact that the loop is unrolled
439 * 4-wise is a tribute to Intel. It's
440 * the one that doesn't have enough
441 * registers to accomodate more data.
442 * I'd unroll it 8-wise otherwise:-)
444 * <appro@fy.chalmers.se>
446 BN_ULONG a0,a1,a2,a3;
447 a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
448 A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
455 case 0: ; /* ultrix cc workaround, see above */
464 /* Now need to zero any data between b->top and b->max */
467 for (i=(b->max - b->top)>>3; i>0; i--,A+=8)
469 A[0]=0; A[1]=0; A[2]=0; A[3]=0;
470 A[4]=0; A[5]=0; A[6]=0; A[7]=0;
472 for (i=(b->max - b->top)&7; i>0; i--,A++)
475 memset(A,0,sizeof(BN_ULONG)*(words+1));
476 memcpy(A,b->d,sizeof(b->d[0])*b->top);
481 /* memset(&(p[b->max]),0,((words+1)-b->max)*sizeof(BN_ULONG)); */
482 /* { int i; for (i=b->max; i<words+1; i++) p[i]=i;} */
488 BIGNUM *BN_dup(const BIGNUM *a)
492 if (a == NULL) return NULL;
497 if (r == NULL) return(NULL);
498 return((BIGNUM *)BN_copy(r,a));
501 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
509 if (a == b) return(a);
510 if (bn_wexpand(a,b->top) == NULL) return(NULL);
515 for (i=b->top>>2; i>0; i--,A+=4,B+=4)
517 BN_ULONG a0,a1,a2,a3;
518 a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
519 A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
526 case 0: ; /* ultrix cc workaround, see comments in bn_expand2 */
529 memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
532 /* memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/
534 if ((a->top == 0) && (a->d != NULL))
540 void BN_clear(BIGNUM *a)
543 memset(a->d,0,a->max*sizeof(a->d[0]));
548 BN_ULONG BN_get_word(BIGNUM *a)
554 if (n > sizeof(BN_ULONG))
556 for (i=a->top-1; i>=0; i--)
558 #ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
559 ret<<=BN_BITS4; /* stops the compiler complaining */
569 int BN_set_word(BIGNUM *a, BN_ULONG w)
572 if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0);
574 n=sizeof(BN_ULONG)/BN_BYTES;
577 a->d[0]=(BN_ULONG)w&BN_MASK2;
578 if (a->d[0] != 0) a->top=1;
581 /* the following is done instead of
582 * w>>=BN_BITS2 so compilers don't complain
583 * on builds where sizeof(long) == BN_TYPES */
584 #ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
590 a->d[i]=(BN_ULONG)w&BN_MASK2;
591 if (a->d[i] != 0) a->top=i+1;
596 /* ignore negative */
597 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
603 if (ret == NULL) ret=BN_new();
604 if (ret == NULL) return(NULL);
612 if (bn_expand(ret,(int)(n+2)*8) == NULL)
614 i=((n-1)/BN_BYTES)+1;
615 m=((n-1)%(BN_BYTES));
627 /* need to call this due to clear byte at top if avoiding
628 * having the top bit set (-ve number) */
633 /* ignore negative */
634 int BN_bn2bin(const BIGNUM *a, unsigned char *to)
643 *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
648 int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
651 BN_ULONG t1,t2,*ap,*bp;
657 if (i != 0) return(i);
660 for (i=a->top-1; i>=0; i--)
665 return(t1 > t2?1:-1);
670 int BN_cmp(const BIGNUM *a, const BIGNUM *b)
676 if ((a == NULL) || (b == NULL))
689 if (a->neg != b->neg)
697 else { gt= -1; lt=1; }
699 if (a->top > b->top) return(gt);
700 if (a->top < b->top) return(lt);
701 for (i=a->top-1; i>=0; i--)
705 if (t1 > t2) return(gt);
706 if (t1 < t2) return(lt);
711 int BN_set_bit(BIGNUM *a, int n)
719 if (bn_wexpand(a,i+1) == NULL) return(0);
720 for(k=a->top; k<i+1; k++)
725 a->d[i]|=(((BN_ULONG)1)<<j);
729 int BN_clear_bit(BIGNUM *a, int n)
735 if (a->top <= i) return(0);
737 a->d[i]&=(~(((BN_ULONG)1)<<j));
742 int BN_is_bit_set(const BIGNUM *a, int n)
746 if (n < 0) return(0);
749 if (a->top <= i) return(0);
750 return((a->d[i]&(((BN_ULONG)1)<<j))?1:0);
753 int BN_mask_bits(BIGNUM *a, int n)
759 if (w >= a->top) return(0);
765 a->d[w]&= ~(BN_MASK2<<b);
771 int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n)
778 if (aa != bb) return((aa > bb)?1:-1);
779 for (i=n-2; i>=0; i--)
783 if (aa != bb) return((aa > bb)?1:-1);
projects / openssl.git / blob