1 /* crypto/bn/bn_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
60 # undef NDEBUG /* avoid conflicting definitions */
70 const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT;
72 /* For a 32 bit machine
81 static int bn_limit_bits=0;
82 static int bn_limit_num=8; /* (1<<bn_limit_bits) */
83 static int bn_limit_bits_low=0;
84 static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
85 static int bn_limit_bits_high=0;
86 static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
87 static int bn_limit_bits_mont=0;
88 static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
90 void BN_set_params(int mult, int high, int low, int mont)
94 if (mult > (int)(sizeof(int)*8)-1)
101 if (high > (int)(sizeof(int)*8)-1)
102 high=sizeof(int)*8-1;
103 bn_limit_bits_high=high;
104 bn_limit_num_high=1<<high;
108 if (low > (int)(sizeof(int)*8)-1)
110 bn_limit_bits_low=low;
111 bn_limit_num_low=1<<low;
115 if (mont > (int)(sizeof(int)*8)-1)
116 mont=sizeof(int)*8-1;
117 bn_limit_bits_mont=mont;
118 bn_limit_num_mont=1<<mont;
122 int BN_get_params(int which)
124 if (which == 0) return(bn_limit_bits);
125 else if (which == 1) return(bn_limit_bits_high);
126 else if (which == 2) return(bn_limit_bits_low);
127 else if (which == 3) return(bn_limit_bits_mont);
131 const BIGNUM *BN_value_one(void)
133 static BN_ULONG data_one=1L;
134 static BIGNUM const_one={&data_one,1,1,0,BN_FLG_STATIC_DATA};
139 char *BN_options(void)
142 static char data[16];
148 BIO_snprintf(data,sizeof data,"bn(%d,%d)",
149 (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
151 BIO_snprintf(data,sizeof data,"bn(%d,%d)",
152 (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
158 int BN_num_bits_word(BN_ULONG l)
160 static const char bits[256]={
161 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
162 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
163 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
164 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
165 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
166 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
167 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
168 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
169 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
170 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
171 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
172 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
173 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
174 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
175 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
176 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
179 #if defined(SIXTY_FOUR_BIT_LONG)
180 if (l & 0xffffffff00000000L)
182 if (l & 0xffff000000000000L)
184 if (l & 0xff00000000000000L)
186 return(bits[(int)(l>>56)]+56);
188 else return(bits[(int)(l>>48)]+48);
192 if (l & 0x0000ff0000000000L)
194 return(bits[(int)(l>>40)]+40);
196 else return(bits[(int)(l>>32)]+32);
201 #ifdef SIXTY_FOUR_BIT
202 if (l & 0xffffffff00000000LL)
204 if (l & 0xffff000000000000LL)
206 if (l & 0xff00000000000000LL)
208 return(bits[(int)(l>>56)]+56);
210 else return(bits[(int)(l>>48)]+48);
214 if (l & 0x0000ff0000000000LL)
216 return(bits[(int)(l>>40)]+40);
218 else return(bits[(int)(l>>32)]+32);
225 #if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
229 return(bits[(int)(l>>24L)]+24);
230 else return(bits[(int)(l>>16L)]+16);
235 #if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
237 return(bits[(int)(l>>8)]+8);
240 return(bits[(int)(l )] );
245 int BN_num_bits(const BIGNUM *a)
250 if (BN_is_zero(a)) return 0;
251 return ((i*BN_BITS2) + BN_num_bits_word(a->d[i]));
254 void BN_clear_free(BIGNUM *a)
258 if (a == NULL) return;
262 OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
263 if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
266 i=BN_get_flags(a,BN_FLG_MALLOCED);
267 OPENSSL_cleanse(a,sizeof(BIGNUM));
272 void BN_free(BIGNUM *a)
274 if (a == NULL) return;
276 if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
278 if (a->flags & BN_FLG_MALLOCED)
282 #ifndef OPENSSL_NO_DEPRECATED
283 a->flags|=BN_FLG_FREE;
289 void BN_init(BIGNUM *a)
291 memset(a,0,sizeof(BIGNUM));
299 if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL)
301 BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
304 ret->flags=BN_FLG_MALLOCED;
313 /* This is used both by bn_expand2() and bn_dup_expand() */
314 /* The caller MUST check that words > b->dmax before calling this */
315 static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
317 BN_ULONG *A,*a = NULL;
323 if (words > (INT_MAX/(4*BN_BITS2)))
325 BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
328 if (BN_get_flags(b,BN_FLG_STATIC_DATA))
330 BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
333 a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*words);
336 BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
341 /* Check if the previous number needs to be copied */
344 for (i=b->top>>2; i>0; i--,A+=4,B+=4)
347 * The fact that the loop is unrolled
348 * 4-wise is a tribute to Intel. It's
349 * the one that doesn't have enough
350 * registers to accomodate more data.
351 * I'd unroll it 8-wise otherwise:-)
353 * <appro@fy.chalmers.se>
355 BN_ULONG a0,a1,a2,a3;
356 a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
357 A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
364 case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does
365 * the switch table by doing a=top&3; a--; goto jump_table[a];
366 * which fails for top== 0 */
372 memset(A,0,sizeof(BN_ULONG)*words);
373 memcpy(A,b->d,sizeof(b->d[0])*b->top);
379 /* This is an internal function that can be used instead of bn_expand2()
380 * when there is a need to copy BIGNUMs instead of only expanding the
381 * data part, while still expanding them.
382 * Especially useful when needing to expand BIGNUMs that are declared
383 * 'const' and should therefore not be changed.
384 * The reason to use this instead of a BN_dup() followed by a bn_expand2()
385 * is memory allocation overhead. A BN_dup() followed by a bn_expand2()
386 * will allocate new memory for the BIGNUM data twice, and free it once,
387 * while bn_dup_expand() makes sure allocation is made only once.
390 #ifndef OPENSSL_NO_DEPRECATED
391 BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
397 /* This function does not work if
398 * words <= b->dmax && top < words
399 * because BN_dup() does not preserve 'dmax'!
400 * (But bn_dup_expand() is not used anywhere yet.)
405 BN_ULONG *a = bn_expand_internal(b, words);
419 /* r == NULL, BN_new failure */
423 /* If a == NULL, there was an error in allocation in
424 bn_expand_internal(), and NULL should be returned */
436 /* This is an internal function that should not be used in applications.
437 * It ensures that 'b' has enough room for a 'words' word number
438 * and initialises any unused part of b->d with leading zeros.
439 * It is mostly used by the various BIGNUM routines. If there is an error,
440 * NULL is returned. If not, 'b' is returned. */
442 BIGNUM *bn_expand2(BIGNUM *b, int words)
448 BN_ULONG *a = bn_expand_internal(b, words);
450 if(b->d) OPENSSL_free(b->d);
455 /* None of this should be necessary because of what b->top means! */
457 /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */
458 if (b->top < b->dmax)
461 BN_ULONG *A = &(b->d[b->top]);
462 for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
464 A[0]=0; A[1]=0; A[2]=0; A[3]=0;
465 A[4]=0; A[5]=0; A[6]=0; A[7]=0;
467 for (i=(b->dmax - b->top)&7; i>0; i--,A++)
469 assert(A == &(b->d[b->dmax]));
476 BIGNUM *BN_dup(const BIGNUM *a)
480 if (a == NULL) return NULL;
484 if (t == NULL) return NULL;
494 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
502 if (a == b) return(a);
503 if (bn_wexpand(a,b->top) == NULL) return(NULL);
508 for (i=b->top>>2; i>0; i--,A+=4,B+=4)
510 BN_ULONG a0,a1,a2,a3;
511 a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
512 A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
519 case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
522 memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
527 if ((a->top == 0) && (a->d != NULL))
535 BIGNUM *BN_ncopy(BIGNUM *a, const BIGNUM *b, size_t n)
545 min = (b->top < (int)n)? b->top: (int)n;
551 if (bn_wexpand(a, min) == NULL)
556 for (i=min>>2; i>0; i--, A+=4, B+=4)
558 BN_ULONG a0,a1,a2,a3;
559 a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
560 A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
575 void BN_swap(BIGNUM *a, BIGNUM *b)
577 int flags_old_a, flags_old_b;
579 int tmp_top, tmp_dmax, tmp_neg;
584 flags_old_a = a->flags;
585 flags_old_b = b->flags;
602 a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
603 b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
608 void BN_clear(BIGNUM *a)
612 memset(a->d,0,a->dmax*sizeof(a->d[0]));
617 BN_ULONG BN_get_word(const BIGNUM *a)
621 else if (a->top == 1)
627 int BN_set_word(BIGNUM *a, BN_ULONG w)
630 if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0);
633 a->top = (w ? 1 : 0);
638 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
644 if (ret == NULL) ret=BN_new();
645 if (ret == NULL) return(NULL);
654 if (bn_expand(ret,(int)(n+2)*8) == NULL)
656 i=((n-1)/BN_BYTES)+1;
657 m=((n-1)%(BN_BYTES));
670 /* need to call this due to clear byte at top if avoiding
671 * having the top bit set (-ve number) */
676 /* ignore negative */
677 int BN_bn2bin(const BIGNUM *a, unsigned char *to)
687 *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
692 int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
695 BN_ULONG t1,t2,*ap,*bp;
701 if (i != 0) return(i);
704 for (i=a->top-1; i>=0; i--)
709 return((t1 > t2) ? 1 : -1);
714 int BN_cmp(const BIGNUM *a, const BIGNUM *b)
720 if ((a == NULL) || (b == NULL))
733 if (a->neg != b->neg)
741 else { gt= -1; lt=1; }
743 if (a->top > b->top) return(gt);
744 if (a->top < b->top) return(lt);
745 for (i=a->top-1; i>=0; i--)
749 if (t1 > t2) return(gt);
750 if (t1 < t2) return(lt);
755 int BN_set_bit(BIGNUM *a, int n)
766 if (bn_wexpand(a,i+1) == NULL) return(0);
767 for(k=a->top; k<i+1; k++)
772 a->d[i]|=(((BN_ULONG)1)<<j);
777 int BN_clear_bit(BIGNUM *a, int n)
786 if (a->top <= i) return(0);
788 a->d[i]&=(~(((BN_ULONG)1)<<j));
793 int BN_is_bit_set(const BIGNUM *a, int n)
801 if (a->top <= i) return 0;
802 return((a->d[i]&(((BN_ULONG)1)<<j))?1:0);
805 int BN_mask_bits(BIGNUM *a, int n)
814 if (w >= a->top) return 0;
820 a->d[w]&= ~(BN_MASK2<<b);
826 int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
833 if (aa != bb) return((aa > bb)?1:-1);
834 for (i=n-2; i>=0; i--)
838 if (aa != bb) return((aa > bb)?1:-1);
843 /* Here follows a specialised variants of bn_cmp_words(). It has the
844 property of performing the operation on arrays of different sizes.
845 The sizes of those arrays is expressed through cl, which is the
846 common length ( basicall, min(len(a),len(b)) ), and dl, which is the
847 delta between the two lengths, calculated as len(a)-len(b).
848 All lengths are the number of BN_ULONGs... */
850 int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
861 return -1; /* a < b */
869 return 1; /* a > b */
872 return bn_cmp_words(a,b,cl);