Minimise the amount of code dependent on BN_DEBUG_RAND. In particular,
[openssl.git] / crypto / bn / bn_nist.c
index 4e21a05..a29503b 100644 (file)
@@ -1,4 +1,4 @@
-/* crypto/bn/bn_nist.p */
+/* crypto/bn/bn_nist.c */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
  */
 
 #include "bn_lcl.h"
  */
 
 #include "bn_lcl.h"
+#include "cryptlib.h"
 
 #define BN_NIST_192_TOP        (192+BN_BITS2-1)/BN_BITS2
 #define BN_NIST_224_TOP        (224+BN_BITS2-1)/BN_BITS2
 #define BN_NIST_256_TOP        (256+BN_BITS2-1)/BN_BITS2
 
 #define BN_NIST_192_TOP        (192+BN_BITS2-1)/BN_BITS2
 #define BN_NIST_224_TOP        (224+BN_BITS2-1)/BN_BITS2
 #define BN_NIST_256_TOP        (256+BN_BITS2-1)/BN_BITS2
-#define        BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_384_TOP        (384+BN_BITS2-1)/BN_BITS2
 #define BN_NIST_521_TOP        (521+BN_BITS2-1)/BN_BITS2
 
 #if BN_BITS2 == 64
 #define BN_NIST_521_TOP        (521+BN_BITS2-1)/BN_BITS2
 
 #if BN_BITS2 == 64
-const static BN_ULONG _nist_p_192[] = {0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFE,
-       0xFFFFFFFFFFFFFFFF};
-const static BN_ULONG _nist_p_224[] = {0x0000000000000001,0xFFFFFFFF00000000,
-       0xFFFFFFFFFFFFFFFF,0x00000000FFFFFFFF};
-const static BN_ULONG _nist_p_256[] = {0xFFFFFFFFFFFFFFFF,0x00000000FFFFFFFF,
-       0x0000000000000000,0xFFFFFFFF00000001};
-const static BN_ULONG _nist_p_384[] = {0x00000000FFFFFFFF,0xFFFFFFFF00000000,
-       0xFFFFFFFFFFFFFFFE,0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,
-       0xFFFFFFFFFFFFFFFF};
-const static BN_ULONG _nist_p_521[] = {0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,
-       0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,
-       0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,
-       0x00000000000001FF};
+const static BN_ULONG _nist_p_192[] =
+       {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL,
+       0xFFFFFFFFFFFFFFFFULL};
+const static BN_ULONG _nist_p_224[] =
+       {0x0000000000000001ULL,0xFFFFFFFF00000000ULL,
+       0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL};
+const static BN_ULONG _nist_p_256[] =
+       {0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL,
+       0x0000000000000000ULL,0xFFFFFFFF00000001ULL};
+const static BN_ULONG _nist_p_384[] =
+       {0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL,
+       0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL,
+       0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL};
+const static BN_ULONG _nist_p_521[] =
+       {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
+       0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
+       0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
+       0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
+       0x00000000000001FFULL};
 #elif BN_BITS2 == 32
 const static BN_ULONG _nist_p_192[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,
        0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};
 #elif BN_BITS2 == 32
 const static BN_ULONG _nist_p_192[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,
        0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};
@@ -128,36 +135,36 @@ const static BN_ULONG _nist_p_521[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
 
 const BIGNUM *BN_get0_nist_prime_192(void)
        {
 
 const BIGNUM *BN_get0_nist_prime_192(void)
        {
-       static BIGNUM const_nist_192={(BN_ULONG *)_nist_p_192,BN_NIST_192_TOP,
-               BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA};
+       static BIGNUM const_nist_192 = { (BN_ULONG *)_nist_p_192,
+               BN_NIST_192_TOP, BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA };
        return &const_nist_192;
        }
 
 const BIGNUM *BN_get0_nist_prime_224(void)
        {
        return &const_nist_192;
        }
 
 const BIGNUM *BN_get0_nist_prime_224(void)
        {
-       static BIGNUM const_nist_224={(BN_ULONG *)_nist_p_224,BN_NIST_224_TOP,
-               BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA};
+       static BIGNUM const_nist_224 = { (BN_ULONG *)_nist_p_224,
+               BN_NIST_224_TOP, BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA };
        return &const_nist_224;
        }
 
 const BIGNUM *BN_get0_nist_prime_256(void)
        {
        return &const_nist_224;
        }
 
 const BIGNUM *BN_get0_nist_prime_256(void)
        {
-       static BIGNUM const_nist_256={(BN_ULONG *)_nist_p_256,BN_NIST_256_TOP,
-               BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA};
+       static BIGNUM const_nist_256 = { (BN_ULONG *)_nist_p_256,
+               BN_NIST_256_TOP, BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA };
        return &const_nist_256;
        }
 
 const BIGNUM *BN_get0_nist_prime_384(void)
        {
        return &const_nist_256;
        }
 
 const BIGNUM *BN_get0_nist_prime_384(void)
        {
-       static BIGNUM const_nist_384={(BN_ULONG *)_nist_p_384,BN_NIST_384_TOP,
-               BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA};
+       static BIGNUM const_nist_384 = { (BN_ULONG *)_nist_p_384,
+               BN_NIST_384_TOP, BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA };
        return &const_nist_384;
        }
 
 const BIGNUM *BN_get0_nist_prime_521(void)
        {
        return &const_nist_384;
        }
 
 const BIGNUM *BN_get0_nist_prime_521(void)
        {
-       static BIGNUM const_nist_521={(BN_ULONG *)_nist_p_521,BN_NIST_521_TOP,
-               BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA};
+       static BIGNUM const_nist_521 = { (BN_ULONG *)_nist_p_521,
+               BN_NIST_521_TOP, BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA };
        return &const_nist_521;
        }
 
        return &const_nist_521;
        }
 
@@ -314,7 +321,7 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        if (top == 0)
                return BN_zero(r);
        else if (top > 0)
        if (top == 0)
                return BN_zero(r);
        else if (top > 0)
-               return (r == a)? 1 : !!BN_copy(r ,a);
+               return (r == a)? 1 : (BN_copy(r ,a) != NULL);
 
        if (r != a)
                if (!BN_ncopy(r, a, BN_NIST_192_TOP))
 
        if (r != a)
                if (!BN_ncopy(r, a, BN_NIST_192_TOP))
@@ -352,18 +359,14 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                        --carry; 
                }
        r->top = BN_NIST_192_TOP;
                        --carry; 
                }
        r->top = BN_NIST_192_TOP;
-
-#if 0
-       bn_clear_top2max(r);
-#endif
-       bn_fix_top(r);
-
+       bn_correct_top(r);
        if (BN_ucmp(r, field) >= 0)
                {
                bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP);
        if (BN_ucmp(r, field) >= 0)
                {
                bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP);
-               bn_fix_top(r);
+               bn_correct_top(r);
                }
 
                }
 
+       bn_check_top(r);
        return 1;
        }
 
        return 1;
        }
 
@@ -393,7 +396,7 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        if (tmp_int == 0)
                return BN_zero(r);
        else if (tmp_int > 0)
        if (tmp_int == 0)
                return BN_zero(r);
        else if (tmp_int > 0)
-               return (r == a)? 1 : !!BN_copy(r ,a);
+               return (r == a)? 1 : (BN_copy(r ,a) != NULL);
 
        if (r != a)
                if (!BN_ncopy(r, a, BN_NIST_224_TOP))
 
        if (r != a)
                if (!BN_ncopy(r, a, BN_NIST_224_TOP))
@@ -445,16 +448,13 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                        }
 
        r->top = BN_NIST_224_TOP;
                        }
 
        r->top = BN_NIST_224_TOP;
-#if 0
-       bn_clear_top2max(r);
-#endif
-       bn_fix_top(r);
-
+       bn_correct_top(r);
        if (BN_ucmp(r, field) >= 0)
                {
                bn_sub_words(r_d, r_d, _nist_p_224, BN_NIST_224_TOP);
        if (BN_ucmp(r, field) >= 0)
                {
                bn_sub_words(r_d, r_d, _nist_p_224, BN_NIST_224_TOP);
-               bn_fix_top(r);
+               bn_correct_top(r);
                }
                }
+       bn_check_top(r);
        return 1;
 #else
        return 0;
        return 1;
 #else
        return 0;
@@ -503,13 +503,20 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        BN_32_BIT_BUF(14) BN_32_BIT_BUF(15)
 
        if (!_is_set_256_data)
        BN_32_BIT_BUF(14) BN_32_BIT_BUF(15)
 
        if (!_is_set_256_data)
-               _init_256_data();
-
+               {
+               CRYPTO_w_lock(CRYPTO_LOCK_BN);
+               
+               if (!_is_set_256_data)
+                       _init_256_data();
+               
+               CRYPTO_w_unlock(CRYPTO_LOCK_BN);
+               }
+       
        tmp_int = BN_ucmp(field, a);
        if (tmp_int == 0)
                return BN_zero(r);
        else if (tmp_int > 0)
        tmp_int = BN_ucmp(field, a);
        if (tmp_int == 0)
                return BN_zero(r);
        else if (tmp_int > 0)
-               return (r == a)? 1 : !!BN_copy(r ,a);
+               return (r == a)? 1 : (BN_copy(r ,a) != NULL);
 
        if (r != a)
                if (!BN_ncopy(r, a, BN_NIST_256_TOP))
 
        if (r != a)
                if (!BN_ncopy(r, a, BN_NIST_256_TOP))
@@ -596,16 +603,13 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                }
 
        r->top = BN_NIST_256_TOP;
                }
 
        r->top = BN_NIST_256_TOP;
-#if 0
-       bn_clear_top2max(r);
-#endif
-       bn_fix_top(r);
-
+       bn_correct_top(r);
        if (BN_ucmp(r, field) >= 0)
                {
                bn_sub_words(r_d, r_d, _nist_p_256, BN_NIST_256_TOP);
        if (BN_ucmp(r, field) >= 0)
                {
                bn_sub_words(r_d, r_d, _nist_p_256, BN_NIST_256_TOP);
-               bn_fix_top(r);
+               bn_correct_top(r);
                }
                }
+       bn_check_top(r);
        return 1;
 #else
        return 0;
        return 1;
 #else
        return 0;
@@ -657,13 +661,20 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        BN_32_BIT_BUF(22) BN_32_BIT_BUF(23)
 
        if (!_is_set_384_data)
        BN_32_BIT_BUF(22) BN_32_BIT_BUF(23)
 
        if (!_is_set_384_data)
-               _init_384_data();
+               {
+               CRYPTO_w_lock(CRYPTO_LOCK_BN);
+               
+               if (!_is_set_384_data)
+                       _init_384_data();
+
+               CRYPTO_w_unlock(CRYPTO_LOCK_BN);
+               }
 
        tmp_int = BN_ucmp(field, a);
        if (tmp_int == 0)
                return BN_zero(r);
        else if (tmp_int > 0)
 
        tmp_int = BN_ucmp(field, a);
        if (tmp_int == 0)
                return BN_zero(r);
        else if (tmp_int > 0)
-               return (r == a)? 1 : !!BN_copy(r ,a);
+               return (r == a)? 1 : (BN_copy(r ,a) != NULL);
 
        if (r != a)
                if (!BN_ncopy(r, a, BN_NIST_384_TOP))
 
        if (r != a)
                if (!BN_ncopy(r, a, BN_NIST_384_TOP))
@@ -757,16 +768,13 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                }
 
        r->top = BN_NIST_384_TOP;
                }
 
        r->top = BN_NIST_384_TOP;
-#if 0
-       bn_clear_top2max(r);
-#endif
-       bn_fix_top(r);
-
+       bn_correct_top(r);
        if (BN_ucmp(r, field) >= 0)
                {
                bn_sub_words(r_d, r_d, _nist_p_384, BN_NIST_384_TOP);
        if (BN_ucmp(r, field) >= 0)
                {
                bn_sub_words(r_d, r_d, _nist_p_384, BN_NIST_384_TOP);
-               bn_fix_top(r);
+               bn_correct_top(r);
                }
                }
+       bn_check_top(r);
        return 1;
 #else
        return 0;
        return 1;
 #else
        return 0;
@@ -793,7 +801,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        top = a->top;
        if (top < BN_NIST_521_TOP  || ( top == BN_NIST_521_TOP &&
            (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK)))))
        top = a->top;
        if (top < BN_NIST_521_TOP  || ( top == BN_NIST_521_TOP &&
            (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK)))))
-               return (r == a)? 1 : !!BN_copy(r ,a);
+               return (r == a)? 1 : (BN_copy(r ,a) != NULL);
 
        BN_CTX_start(ctx);
        tmp = BN_CTX_get(ctx);
 
        BN_CTX_start(ctx);
        tmp = BN_CTX_get(ctx);
@@ -808,6 +816,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        if (tmp->top == BN_NIST_521_TOP)
                tmp->d[BN_NIST_521_TOP-1]  &= BN_NIST_521_TOP_MASK;
 
        if (tmp->top == BN_NIST_521_TOP)
                tmp->d[BN_NIST_521_TOP-1]  &= BN_NIST_521_TOP_MASK;
 
+       bn_correct_top(tmp);
        if (!BN_uadd(r, tmp, r))
                return 0;
        top = r->top;
        if (!BN_uadd(r, tmp, r))
                return 0;
        top = r->top;
@@ -818,11 +827,12 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                BN_NIST_ADD_ONE(r_d)
                r_d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; 
                }
                BN_NIST_ADD_ONE(r_d)
                r_d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; 
                }
-       bn_fix_top(r);
+       bn_correct_top(r);
 
        ret = 1;
 err:
        BN_CTX_end(ctx);
 
        ret = 1;
 err:
        BN_CTX_end(ctx);
-       
+
+       bn_check_top(r);
        return ret;
        }
        return ret;
        }