1 /* crypto/bn/bn_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
60 # undef NDEBUG /* avoid conflicting definitions */
70 const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT;
72 /* For a 32 bit machine
81 static int bn_limit_bits=0;
82 static int bn_limit_num=8; /* (1<<bn_limit_bits) */
83 static int bn_limit_bits_low=0;
84 static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
85 static int bn_limit_bits_high=0;
86 static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
87 static int bn_limit_bits_mont=0;
88 static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
90 void BN_set_params(int mult, int high, int low, int mont)
94 if (mult > (int)(sizeof(int)*8)-1)
101 if (high > (int)(sizeof(int)*8)-1)
102 high=sizeof(int)*8-1;
103 bn_limit_bits_high=high;
104 bn_limit_num_high=1<<high;
108 if (low > (int)(sizeof(int)*8)-1)
110 bn_limit_bits_low=low;
111 bn_limit_num_low=1<<low;
115 if (mont > (int)(sizeof(int)*8)-1)
116 mont=sizeof(int)*8-1;
117 bn_limit_bits_mont=mont;
118 bn_limit_num_mont=1<<mont;
122 int BN_get_params(int which)
124 if (which == 0) return(bn_limit_bits);
125 else if (which == 1) return(bn_limit_bits_high);
126 else if (which == 2) return(bn_limit_bits_low);
127 else if (which == 3) return(bn_limit_bits_mont);
131 const BIGNUM *BN_value_one(void)
133 static BN_ULONG data_one=1L;
134 static BIGNUM const_one={&data_one,1,1,0,BN_FLG_STATIC_DATA};
139 char *BN_options(void)
142 static char data[16];
148 sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULLONG)*8,
149 (int)sizeof(BN_ULONG)*8);
151 sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULONG)*8,
152 (int)sizeof(BN_ULONG)*8);
158 int BN_num_bits_word(BN_ULONG l)
160 static const char bits[256]={
161 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
162 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
163 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
164 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
165 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
166 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
167 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
168 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
169 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
170 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
171 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
172 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
173 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
174 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
175 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
176 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
179 #if defined(SIXTY_FOUR_BIT_LONG)
180 if (l & 0xffffffff00000000L)
182 if (l & 0xffff000000000000L)
184 if (l & 0xff00000000000000L)
186 return(bits[(int)(l>>56)]+56);
188 else return(bits[(int)(l>>48)]+48);
192 if (l & 0x0000ff0000000000L)
194 return(bits[(int)(l>>40)]+40);
196 else return(bits[(int)(l>>32)]+32);
201 #ifdef SIXTY_FOUR_BIT
202 if (l & 0xffffffff00000000LL)
204 if (l & 0xffff000000000000LL)
206 if (l & 0xff00000000000000LL)
208 return(bits[(int)(l>>56)]+56);
210 else return(bits[(int)(l>>48)]+48);
214 if (l & 0x0000ff0000000000LL)
216 return(bits[(int)(l>>40)]+40);
218 else return(bits[(int)(l>>32)]+32);
225 #if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
229 return(bits[(int)(l>>24L)]+24);
230 else return(bits[(int)(l>>16L)]+16);
235 #if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
237 return(bits[(int)(l>>8)]+8);
240 return(bits[(int)(l )] );
245 int BN_num_bits(const BIGNUM *a)
250 if (BN_is_zero(a)) return 0;
251 return ((i*BN_BITS2) + BN_num_bits_word(a->d[i]));
254 void BN_clear_free(BIGNUM *a)
258 if (a == NULL) return;
262 OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
263 if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
266 i=BN_get_flags(a,BN_FLG_MALLOCED);
267 OPENSSL_cleanse(a,sizeof(BIGNUM));
272 void BN_free(BIGNUM *a)
274 if (a == NULL) return;
276 if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
278 if (a->flags & BN_FLG_MALLOCED)
282 #ifndef OPENSSL_NO_DEPRECATED
283 a->flags|=BN_FLG_FREE;
289 void BN_init(BIGNUM *a)
291 memset(a,0,sizeof(BIGNUM));
299 if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL)
301 BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
304 ret->flags=BN_FLG_MALLOCED;
313 /* This is used both by bn_expand2() and bn_dup_expand() */
314 /* The caller MUST check that words > b->dmax before calling this */
315 static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
317 BN_ULONG *A,*a = NULL;
323 if (words > (INT_MAX/(4*BN_BITS2)))
325 BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
328 if (BN_get_flags(b,BN_FLG_STATIC_DATA))
330 BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
333 a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1));
336 BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
341 /* Check if the previous number needs to be copied */
344 for (i=b->top>>2; i>0; i--,A+=4,B+=4)
347 * The fact that the loop is unrolled
348 * 4-wise is a tribute to Intel. It's
349 * the one that doesn't have enough
350 * registers to accomodate more data.
351 * I'd unroll it 8-wise otherwise:-)
353 * <appro@fy.chalmers.se>
355 BN_ULONG a0,a1,a2,a3;
356 a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
357 A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
364 case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does
365 * the switch table by doing a=top&3; a--; goto jump_table[a];
366 * which fails for top== 0 */
372 memset(A,0,sizeof(BN_ULONG)*(words+1));
373 memcpy(A,b->d,sizeof(b->d[0])*b->top);
379 /* This is an internal function that can be used instead of bn_expand2()
380 * when there is a need to copy BIGNUMs instead of only expanding the
381 * data part, while still expanding them.
382 * Especially useful when needing to expand BIGNUMs that are declared
383 * 'const' and should therefore not be changed.
384 * The reason to use this instead of a BN_dup() followed by a bn_expand2()
385 * is memory allocation overhead. A BN_dup() followed by a bn_expand2()
386 * will allocate new memory for the BIGNUM data twice, and free it once,
387 * while bn_dup_expand() makes sure allocation is made only once.
390 BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
396 /* This function does not work if
397 * words <= b->dmax && top < words
398 * because BN_dup() does not preserve 'dmax'!
399 * (But bn_dup_expand() is not used anywhere yet.)
404 BN_ULONG *a = bn_expand_internal(b, words);
418 /* r == NULL, BN_new failure */
422 /* If a == NULL, there was an error in allocation in
423 bn_expand_internal(), and NULL should be returned */
434 /* This is an internal function that should not be used in applications.
435 * It ensures that 'b' has enough room for a 'words' word number
436 * and initialises any unused part of b->d with leading zeros.
437 * It is mostly used by the various BIGNUM routines. If there is an error,
438 * NULL is returned. If not, 'b' is returned. */
440 BIGNUM *bn_expand2(BIGNUM *b, int words)
449 BN_ULONG *a = bn_expand_internal(b, words);
451 if(b->d) OPENSSL_free(b->d);
456 /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */
457 if (b->top < b->dmax)
460 for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
462 A[0]=0; A[1]=0; A[2]=0; A[3]=0;
463 A[4]=0; A[5]=0; A[6]=0; A[7]=0;
465 for (i=(b->dmax - b->top)&7; i>0; i--,A++)
467 assert(A == &(b->d[b->dmax]));
473 BIGNUM *BN_dup(const BIGNUM *a)
477 if (a == NULL) return NULL;
481 if (t == NULL) return NULL;
491 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
499 if (a == b) return(a);
500 if (bn_wexpand(a,b->top) == NULL) return(NULL);
505 for (i=b->top>>2; i>0; i--,A+=4,B+=4)
507 BN_ULONG a0,a1,a2,a3;
508 a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
509 A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
516 case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
519 memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
524 if ((a->top == 0) && (a->d != NULL))
532 BIGNUM *BN_ncopy(BIGNUM *a, const BIGNUM *b, size_t n)
542 min = (b->top < (int)n)? b->top: (int)n;
548 if (bn_wexpand(a, min) == NULL)
553 for (i=min>>2; i>0; i--, A+=4, B+=4)
555 BN_ULONG a0,a1,a2,a3;
556 a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
557 A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
572 void BN_swap(BIGNUM *a, BIGNUM *b)
574 int flags_old_a, flags_old_b;
576 int tmp_top, tmp_dmax, tmp_neg;
581 flags_old_a = a->flags;
582 flags_old_b = b->flags;
599 a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
600 b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
605 void BN_clear(BIGNUM *a)
609 memset(a->d,0,a->dmax*sizeof(a->d[0]));
614 BN_ULONG BN_get_word(const BIGNUM *a)
620 if (n > (int)sizeof(BN_ULONG))
622 for (i=a->top-1; i>=0; i--)
624 #ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
625 ret<<=BN_BITS4; /* stops the compiler complaining */
635 int BN_set_word(BIGNUM *a, BN_ULONG w)
639 if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0);
641 n=sizeof(BN_ULONG)/BN_BYTES;
644 a->d[0]=(BN_ULONG)w&BN_MASK2;
645 if (a->d[0] != 0) a->top=1;
648 /* the following is done instead of
649 * w>>=BN_BITS2 so compilers don't complain
650 * on builds where sizeof(long) == BN_TYPES */
651 #ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
657 a->d[i]=(BN_ULONG)w&BN_MASK2;
658 if (a->d[i] != 0) a->top=i+1;
664 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
670 if (ret == NULL) ret=BN_new();
671 if (ret == NULL) return(NULL);
680 if (bn_expand(ret,(int)(n+2)*8) == NULL)
682 i=((n-1)/BN_BYTES)+1;
683 m=((n-1)%(BN_BYTES));
696 /* need to call this due to clear byte at top if avoiding
697 * having the top bit set (-ve number) */
702 /* ignore negative */
703 int BN_bn2bin(const BIGNUM *a, unsigned char *to)
713 *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
718 int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
721 BN_ULONG t1,t2,*ap,*bp;
727 if (i != 0) return(i);
730 for (i=a->top-1; i>=0; i--)
735 return((t1 > t2) ? 1 : -1);
740 int BN_cmp(const BIGNUM *a, const BIGNUM *b)
746 if ((a == NULL) || (b == NULL))
759 if (a->neg != b->neg)
767 else { gt= -1; lt=1; }
769 if (a->top > b->top) return(gt);
770 if (a->top < b->top) return(lt);
771 for (i=a->top-1; i>=0; i--)
775 if (t1 > t2) return(gt);
776 if (t1 < t2) return(lt);
781 int BN_set_bit(BIGNUM *a, int n)
792 if (bn_wexpand(a,i+1) == NULL) return(0);
793 for(k=a->top; k<i+1; k++)
798 a->d[i]|=(((BN_ULONG)1)<<j);
803 int BN_clear_bit(BIGNUM *a, int n)
812 if (a->top <= i) return(0);
814 a->d[i]&=(~(((BN_ULONG)1)<<j));
819 int BN_is_bit_set(const BIGNUM *a, int n)
827 if (a->top <= i) return 0;
828 return((a->d[i]&(((BN_ULONG)1)<<j))?1:0);
831 int BN_mask_bits(BIGNUM *a, int n)
840 if (w >= a->top) return 0;
846 a->d[w]&= ~(BN_MASK2<<b);
852 int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
859 if (aa != bb) return((aa > bb)?1:-1);
860 for (i=n-2; i>=0; i--)
864 if (aa != bb) return((aa > bb)?1:-1);
869 /* Here follows a specialised variants of bn_cmp_words(). It has the
870 property of performing the operation on arrays of different sizes.
871 The sizes of those arrays is expressed through cl, which is the
872 common length ( basicall, min(len(a),len(b)) ), and dl, which is the
873 delta between the two lengths, calculated as len(a)-len(b).
874 All lengths are the number of BN_ULONGs... */
876 int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
887 return -1; /* a < b */
895 return 1; /* a > b */
898 return bn_cmp_words(a,b,cl);