1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <openssl/bn.h>
58
59 #include <limits.h>
60 #include <string.h>
61
62 #include <openssl/err.h>
63 #include <openssl/mem.h>
64
65 #include "internal.h"
66
67
BN_new(void)68 BIGNUM *BN_new(void) {
69 BIGNUM *bn = OPENSSL_malloc(sizeof(BIGNUM));
70
71 if (bn == NULL) {
72 OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE);
73 return NULL;
74 }
75
76 OPENSSL_memset(bn, 0, sizeof(BIGNUM));
77 bn->flags = BN_FLG_MALLOCED;
78
79 return bn;
80 }
81
BN_init(BIGNUM * bn)82 void BN_init(BIGNUM *bn) {
83 OPENSSL_memset(bn, 0, sizeof(BIGNUM));
84 }
85
BN_free(BIGNUM * bn)86 void BN_free(BIGNUM *bn) {
87 if (bn == NULL) {
88 return;
89 }
90
91 if ((bn->flags & BN_FLG_STATIC_DATA) == 0) {
92 OPENSSL_free(bn->d);
93 }
94
95 if (bn->flags & BN_FLG_MALLOCED) {
96 OPENSSL_free(bn);
97 } else {
98 bn->d = NULL;
99 }
100 }
101
BN_clear_free(BIGNUM * bn)102 void BN_clear_free(BIGNUM *bn) {
103 char should_free;
104
105 if (bn == NULL) {
106 return;
107 }
108
109 if (bn->d != NULL) {
110 OPENSSL_cleanse(bn->d, bn->dmax * sizeof(bn->d[0]));
111 if ((bn->flags & BN_FLG_STATIC_DATA) == 0) {
112 OPENSSL_free(bn->d);
113 }
114 }
115
116 should_free = (bn->flags & BN_FLG_MALLOCED) != 0;
117 OPENSSL_cleanse(bn, sizeof(BIGNUM));
118 if (should_free) {
119 OPENSSL_free(bn);
120 }
121 }
122
BN_dup(const BIGNUM * src)123 BIGNUM *BN_dup(const BIGNUM *src) {
124 BIGNUM *copy;
125
126 if (src == NULL) {
127 return NULL;
128 }
129
130 copy = BN_new();
131 if (copy == NULL) {
132 return NULL;
133 }
134
135 if (!BN_copy(copy, src)) {
136 BN_free(copy);
137 return NULL;
138 }
139
140 return copy;
141 }
142
BN_copy(BIGNUM * dest,const BIGNUM * src)143 BIGNUM *BN_copy(BIGNUM *dest, const BIGNUM *src) {
144 if (src == dest) {
145 return dest;
146 }
147
148 if (bn_wexpand(dest, src->top) == NULL) {
149 return NULL;
150 }
151
152 OPENSSL_memcpy(dest->d, src->d, sizeof(src->d[0]) * src->top);
153
154 dest->top = src->top;
155 dest->neg = src->neg;
156 return dest;
157 }
158
BN_clear(BIGNUM * bn)159 void BN_clear(BIGNUM *bn) {
160 if (bn->d != NULL) {
161 OPENSSL_memset(bn->d, 0, bn->dmax * sizeof(bn->d[0]));
162 }
163
164 bn->top = 0;
165 bn->neg = 0;
166 }
167
BN_value_one(void)168 const BIGNUM *BN_value_one(void) {
169 static const BN_ULONG kOneLimbs[1] = { 1 };
170 static const BIGNUM kOne = STATIC_BIGNUM(kOneLimbs);
171
172 return &kOne;
173 }
174
175 /* BN_num_bits_word returns the minimum number of bits needed to represent the
176 * value in |l|. */
BN_num_bits_word(BN_ULONG l)177 unsigned BN_num_bits_word(BN_ULONG l) {
178 static const unsigned char bits[256] = {
179 0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4, 5, 5, 5, 5, 5, 5, 5, 5,
180 5, 5, 5, 5, 5, 5, 5, 5, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
181 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 7, 7, 7, 7, 7, 7, 7, 7,
182 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
183 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
184 7, 7, 7, 7, 7, 7, 7, 7, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
185 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
186 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
187 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
188 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
189 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8};
190
191 #if defined(OPENSSL_64_BIT)
192 if (l & 0xffffffff00000000L) {
193 if (l & 0xffff000000000000L) {
194 if (l & 0xff00000000000000L) {
195 return (bits[(int)(l >> 56)] + 56);
196 } else {
197 return (bits[(int)(l >> 48)] + 48);
198 }
199 } else {
200 if (l & 0x0000ff0000000000L) {
201 return (bits[(int)(l >> 40)] + 40);
202 } else {
203 return (bits[(int)(l >> 32)] + 32);
204 }
205 }
206 } else
207 #endif
208 {
209 if (l & 0xffff0000L) {
210 if (l & 0xff000000L) {
211 return (bits[(int)(l >> 24L)] + 24);
212 } else {
213 return (bits[(int)(l >> 16L)] + 16);
214 }
215 } else {
216 if (l & 0xff00L) {
217 return (bits[(int)(l >> 8)] + 8);
218 } else {
219 return (bits[(int)(l)]);
220 }
221 }
222 }
223 }
224
BN_num_bits(const BIGNUM * bn)225 unsigned BN_num_bits(const BIGNUM *bn) {
226 const int max = bn->top - 1;
227
228 if (BN_is_zero(bn)) {
229 return 0;
230 }
231
232 return max*BN_BITS2 + BN_num_bits_word(bn->d[max]);
233 }
234
BN_num_bytes(const BIGNUM * bn)235 unsigned BN_num_bytes(const BIGNUM *bn) {
236 return (BN_num_bits(bn) + 7) / 8;
237 }
238
BN_zero(BIGNUM * bn)239 void BN_zero(BIGNUM *bn) {
240 bn->top = bn->neg = 0;
241 }
242
BN_one(BIGNUM * bn)243 int BN_one(BIGNUM *bn) {
244 return BN_set_word(bn, 1);
245 }
246
BN_set_word(BIGNUM * bn,BN_ULONG value)247 int BN_set_word(BIGNUM *bn, BN_ULONG value) {
248 if (value == 0) {
249 BN_zero(bn);
250 return 1;
251 }
252
253 if (bn_wexpand(bn, 1) == NULL) {
254 return 0;
255 }
256
257 bn->neg = 0;
258 bn->d[0] = value;
259 bn->top = 1;
260 return 1;
261 }
262
BN_set_u64(BIGNUM * bn,uint64_t value)263 int BN_set_u64(BIGNUM *bn, uint64_t value) {
264 #if BN_BITS2 == 64
265 return BN_set_word(bn, value);
266 #elif BN_BITS2 == 32
267 if (value <= BN_MASK2) {
268 return BN_set_word(bn, (BN_ULONG)value);
269 }
270
271 if (bn_wexpand(bn, 2) == NULL) {
272 return 0;
273 }
274
275 bn->neg = 0;
276 bn->d[0] = (BN_ULONG)value;
277 bn->d[1] = (BN_ULONG)(value >> 32);
278 bn->top = 2;
279 return 1;
280 #else
281 #error "BN_BITS2 must be 32 or 64."
282 #endif
283 }
284
bn_set_words(BIGNUM * bn,const BN_ULONG * words,size_t num)285 int bn_set_words(BIGNUM *bn, const BN_ULONG *words, size_t num) {
286 if (bn_wexpand(bn, num) == NULL) {
287 return 0;
288 }
289 OPENSSL_memmove(bn->d, words, num * sizeof(BN_ULONG));
290 /* |bn_wexpand| verified that |num| isn't too large. */
291 bn->top = (int)num;
292 bn_correct_top(bn);
293 bn->neg = 0;
294 return 1;
295 }
296
BN_is_negative(const BIGNUM * bn)297 int BN_is_negative(const BIGNUM *bn) {
298 return bn->neg != 0;
299 }
300
BN_set_negative(BIGNUM * bn,int sign)301 void BN_set_negative(BIGNUM *bn, int sign) {
302 if (sign && !BN_is_zero(bn)) {
303 bn->neg = 1;
304 } else {
305 bn->neg = 0;
306 }
307 }
308
bn_wexpand(BIGNUM * bn,size_t words)309 BIGNUM *bn_wexpand(BIGNUM *bn, size_t words) {
310 BN_ULONG *a;
311
312 if (words <= (size_t)bn->dmax) {
313 return bn;
314 }
315
316 if (words > (INT_MAX / (4 * BN_BITS2))) {
317 OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG);
318 return NULL;
319 }
320
321 if (bn->flags & BN_FLG_STATIC_DATA) {
322 OPENSSL_PUT_ERROR(BN, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
323 return NULL;
324 }
325
326 a = OPENSSL_malloc(sizeof(BN_ULONG) * words);
327 if (a == NULL) {
328 OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE);
329 return NULL;
330 }
331
332 OPENSSL_memcpy(a, bn->d, sizeof(BN_ULONG) * bn->top);
333
334 OPENSSL_free(bn->d);
335 bn->d = a;
336 bn->dmax = (int)words;
337
338 return bn;
339 }
340
bn_expand(BIGNUM * bn,size_t bits)341 BIGNUM *bn_expand(BIGNUM *bn, size_t bits) {
342 if (bits + BN_BITS2 - 1 < bits) {
343 OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG);
344 return NULL;
345 }
346 return bn_wexpand(bn, (bits+BN_BITS2-1)/BN_BITS2);
347 }
348
bn_correct_top(BIGNUM * bn)349 void bn_correct_top(BIGNUM *bn) {
350 BN_ULONG *ftl;
351 int tmp_top = bn->top;
352
353 if (tmp_top > 0) {
354 for (ftl = &(bn->d[tmp_top - 1]); tmp_top > 0; tmp_top--) {
355 if (*(ftl--)) {
356 break;
357 }
358 }
359 bn->top = tmp_top;
360 }
361
362 if (bn->top == 0) {
363 bn->neg = 0;
364 }
365 }
366