source: EcnlProtoTool/trunk/openssl-1.1.0e/crypto/bn/bn_lib.c@ 331

Last change on this file since 331 was 331, checked in by coas-nagasima, 6 years ago

prototoolに関連するプロジェクトをnewlibからmuslを使うよう変更・更新
ntshellをnewlibの下位の実装から、muslのsyscallの実装に変更・更新
以下のOSSをアップデート
・mruby-1.3.0
・musl-1.1.18
・onigmo-6.1.3
・tcc-0.9.27
以下のOSSを追加
・openssl-1.1.0e
・curl-7.57.0
・zlib-1.2.11
以下のmrbgemsを追加
・iij/mruby-digest
・iij/mruby-env
・iij/mruby-errno
・iij/mruby-iijson
・iij/mruby-ipaddr
・iij/mruby-mock
・iij/mruby-require
・iij/mruby-tls-openssl
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-csrc
File size: 22.9 KB
RevLine 
[331]1/*
2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <assert.h>
11#include <limits.h>
12#include "internal/cryptlib.h"
13#include "bn_lcl.h"
14#include <openssl/opensslconf.h>
15
16/* This stuff appears to be completely unused, so is deprecated */
17#if OPENSSL_API_COMPAT < 0x00908000L
18/*-
19 * For a 32 bit machine
20 * 2 - 4 == 128
21 * 3 - 8 == 256
22 * 4 - 16 == 512
23 * 5 - 32 == 1024
24 * 6 - 64 == 2048
25 * 7 - 128 == 4096
26 * 8 - 256 == 8192
27 */
28static int bn_limit_bits = 0;
29static int bn_limit_num = 8; /* (1<<bn_limit_bits) */
30static int bn_limit_bits_low = 0;
31static int bn_limit_num_low = 8; /* (1<<bn_limit_bits_low) */
32static int bn_limit_bits_high = 0;
33static int bn_limit_num_high = 8; /* (1<<bn_limit_bits_high) */
34static int bn_limit_bits_mont = 0;
35static int bn_limit_num_mont = 8; /* (1<<bn_limit_bits_mont) */
36
37void BN_set_params(int mult, int high, int low, int mont)
38{
39 if (mult >= 0) {
40 if (mult > (int)(sizeof(int) * 8) - 1)
41 mult = sizeof(int) * 8 - 1;
42 bn_limit_bits = mult;
43 bn_limit_num = 1 << mult;
44 }
45 if (high >= 0) {
46 if (high > (int)(sizeof(int) * 8) - 1)
47 high = sizeof(int) * 8 - 1;
48 bn_limit_bits_high = high;
49 bn_limit_num_high = 1 << high;
50 }
51 if (low >= 0) {
52 if (low > (int)(sizeof(int) * 8) - 1)
53 low = sizeof(int) * 8 - 1;
54 bn_limit_bits_low = low;
55 bn_limit_num_low = 1 << low;
56 }
57 if (mont >= 0) {
58 if (mont > (int)(sizeof(int) * 8) - 1)
59 mont = sizeof(int) * 8 - 1;
60 bn_limit_bits_mont = mont;
61 bn_limit_num_mont = 1 << mont;
62 }
63}
64
65int BN_get_params(int which)
66{
67 if (which == 0)
68 return (bn_limit_bits);
69 else if (which == 1)
70 return (bn_limit_bits_high);
71 else if (which == 2)
72 return (bn_limit_bits_low);
73 else if (which == 3)
74 return (bn_limit_bits_mont);
75 else
76 return (0);
77}
78#endif
79
80const BIGNUM *BN_value_one(void)
81{
82 static const BN_ULONG data_one = 1L;
83 static const BIGNUM const_one =
84 { (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA };
85
86 return (&const_one);
87}
88
89int BN_num_bits_word(BN_ULONG l)
90{
91 static const unsigned char bits[256] = {
92 0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4,
93 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5,
94 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
95 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
96 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
97 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
98 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
99 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
100 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
101 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
102 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
103 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
104 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
105 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
106 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
107 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
108 };
109
110#if defined(SIXTY_FOUR_BIT_LONG)
111 if (l & 0xffffffff00000000L) {
112 if (l & 0xffff000000000000L) {
113 if (l & 0xff00000000000000L) {
114 return (bits[(int)(l >> 56)] + 56);
115 } else
116 return (bits[(int)(l >> 48)] + 48);
117 } else {
118 if (l & 0x0000ff0000000000L) {
119 return (bits[(int)(l >> 40)] + 40);
120 } else
121 return (bits[(int)(l >> 32)] + 32);
122 }
123 } else
124#else
125# ifdef SIXTY_FOUR_BIT
126 if (l & 0xffffffff00000000LL) {
127 if (l & 0xffff000000000000LL) {
128 if (l & 0xff00000000000000LL) {
129 return (bits[(int)(l >> 56)] + 56);
130 } else
131 return (bits[(int)(l >> 48)] + 48);
132 } else {
133 if (l & 0x0000ff0000000000LL) {
134 return (bits[(int)(l >> 40)] + 40);
135 } else
136 return (bits[(int)(l >> 32)] + 32);
137 }
138 } else
139# endif
140#endif
141 {
142#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
143 if (l & 0xffff0000L) {
144 if (l & 0xff000000L)
145 return (bits[(int)(l >> 24L)] + 24);
146 else
147 return (bits[(int)(l >> 16L)] + 16);
148 } else
149#endif
150 {
151#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
152 if (l & 0xff00L)
153 return (bits[(int)(l >> 8)] + 8);
154 else
155#endif
156 return (bits[(int)(l)]);
157 }
158 }
159}
160
161int BN_num_bits(const BIGNUM *a)
162{
163 int i = a->top - 1;
164 bn_check_top(a);
165
166 if (BN_is_zero(a))
167 return 0;
168 return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
169}
170
171static void bn_free_d(BIGNUM *a)
172{
173 if (BN_get_flags(a, BN_FLG_SECURE))
174 OPENSSL_secure_free(a->d);
175 else
176 OPENSSL_free(a->d);
177}
178
179
180void BN_clear_free(BIGNUM *a)
181{
182 int i;
183
184 if (a == NULL)
185 return;
186 bn_check_top(a);
187 if (a->d != NULL) {
188 OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
189 if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
190 bn_free_d(a);
191 }
192 i = BN_get_flags(a, BN_FLG_MALLOCED);
193 OPENSSL_cleanse(a, sizeof(*a));
194 if (i)
195 OPENSSL_free(a);
196}
197
198void BN_free(BIGNUM *a)
199{
200 if (a == NULL)
201 return;
202 bn_check_top(a);
203 if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
204 bn_free_d(a);
205 if (a->flags & BN_FLG_MALLOCED)
206 OPENSSL_free(a);
207 else {
208#if OPENSSL_API_COMPAT < 0x00908000L
209 a->flags |= BN_FLG_FREE;
210#endif
211 a->d = NULL;
212 }
213}
214
215void bn_init(BIGNUM *a)
216{
217 static BIGNUM nilbn;
218
219 *a = nilbn;
220 bn_check_top(a);
221}
222
223BIGNUM *BN_new(void)
224{
225 BIGNUM *ret;
226
227 if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
228 BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
229 return (NULL);
230 }
231 ret->flags = BN_FLG_MALLOCED;
232 bn_check_top(ret);
233 return (ret);
234}
235
236 BIGNUM *BN_secure_new(void)
237 {
238 BIGNUM *ret = BN_new();
239 if (ret != NULL)
240 ret->flags |= BN_FLG_SECURE;
241 return (ret);
242 }
243
244/* This is used by bn_expand2() */
245/* The caller MUST check that words > b->dmax before calling this */
246static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
247{
248 BN_ULONG *A, *a = NULL;
249 const BN_ULONG *B;
250 int i;
251
252 bn_check_top(b);
253
254 if (words > (INT_MAX / (4 * BN_BITS2))) {
255 BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
256 return NULL;
257 }
258 if (BN_get_flags(b, BN_FLG_STATIC_DATA)) {
259 BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
260 return (NULL);
261 }
262 if (BN_get_flags(b, BN_FLG_SECURE))
263 a = A = OPENSSL_secure_zalloc(words * sizeof(*a));
264 else
265 a = A = OPENSSL_zalloc(words * sizeof(*a));
266 if (A == NULL) {
267 BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
268 return (NULL);
269 }
270
271#if 1
272 B = b->d;
273 /* Check if the previous number needs to be copied */
274 if (B != NULL) {
275 for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
276 /*
277 * The fact that the loop is unrolled
278 * 4-wise is a tribute to Intel. It's
279 * the one that doesn't have enough
280 * registers to accommodate more data.
281 * I'd unroll it 8-wise otherwise:-)
282 *
283 * <appro@fy.chalmers.se>
284 */
285 BN_ULONG a0, a1, a2, a3;
286 a0 = B[0];
287 a1 = B[1];
288 a2 = B[2];
289 a3 = B[3];
290 A[0] = a0;
291 A[1] = a1;
292 A[2] = a2;
293 A[3] = a3;
294 }
295 switch (b->top & 3) {
296 case 3:
297 A[2] = B[2];
298 case 2:
299 A[1] = B[1];
300 case 1:
301 A[0] = B[0];
302 case 0:
303 /* Without the "case 0" some old optimizers got this wrong. */
304 ;
305 }
306 }
307#else
308 memset(A, 0, sizeof(*A) * words);
309 memcpy(A, b->d, sizeof(b->d[0]) * b->top);
310#endif
311
312 return (a);
313}
314
315/*
316 * This is an internal function that should not be used in applications. It
317 * ensures that 'b' has enough room for a 'words' word number and initialises
318 * any unused part of b->d with leading zeros. It is mostly used by the
319 * various BIGNUM routines. If there is an error, NULL is returned. If not,
320 * 'b' is returned.
321 */
322
323BIGNUM *bn_expand2(BIGNUM *b, int words)
324{
325 bn_check_top(b);
326
327 if (words > b->dmax) {
328 BN_ULONG *a = bn_expand_internal(b, words);
329 if (!a)
330 return NULL;
331 if (b->d) {
332 OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
333 bn_free_d(b);
334 }
335 b->d = a;
336 b->dmax = words;
337 }
338
339 bn_check_top(b);
340 return b;
341}
342
343BIGNUM *BN_dup(const BIGNUM *a)
344{
345 BIGNUM *t;
346
347 if (a == NULL)
348 return NULL;
349 bn_check_top(a);
350
351 t = BN_get_flags(a, BN_FLG_SECURE) ? BN_secure_new() : BN_new();
352 if (t == NULL)
353 return NULL;
354 if (!BN_copy(t, a)) {
355 BN_free(t);
356 return NULL;
357 }
358 bn_check_top(t);
359 return t;
360}
361
362BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
363{
364 int i;
365 BN_ULONG *A;
366 const BN_ULONG *B;
367
368 bn_check_top(b);
369
370 if (a == b)
371 return (a);
372 if (bn_wexpand(a, b->top) == NULL)
373 return (NULL);
374
375#if 1
376 A = a->d;
377 B = b->d;
378 for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
379 BN_ULONG a0, a1, a2, a3;
380 a0 = B[0];
381 a1 = B[1];
382 a2 = B[2];
383 a3 = B[3];
384 A[0] = a0;
385 A[1] = a1;
386 A[2] = a2;
387 A[3] = a3;
388 }
389 /* ultrix cc workaround, see comments in bn_expand_internal */
390 switch (b->top & 3) {
391 case 3:
392 A[2] = B[2];
393 case 2:
394 A[1] = B[1];
395 case 1:
396 A[0] = B[0];
397 case 0:;
398 }
399#else
400 memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
401#endif
402
403 a->top = b->top;
404 a->neg = b->neg;
405 bn_check_top(a);
406 return (a);
407}
408
409void BN_swap(BIGNUM *a, BIGNUM *b)
410{
411 int flags_old_a, flags_old_b;
412 BN_ULONG *tmp_d;
413 int tmp_top, tmp_dmax, tmp_neg;
414
415 bn_check_top(a);
416 bn_check_top(b);
417
418 flags_old_a = a->flags;
419 flags_old_b = b->flags;
420
421 tmp_d = a->d;
422 tmp_top = a->top;
423 tmp_dmax = a->dmax;
424 tmp_neg = a->neg;
425
426 a->d = b->d;
427 a->top = b->top;
428 a->dmax = b->dmax;
429 a->neg = b->neg;
430
431 b->d = tmp_d;
432 b->top = tmp_top;
433 b->dmax = tmp_dmax;
434 b->neg = tmp_neg;
435
436 a->flags =
437 (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
438 b->flags =
439 (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
440 bn_check_top(a);
441 bn_check_top(b);
442}
443
444void BN_clear(BIGNUM *a)
445{
446 bn_check_top(a);
447 if (a->d != NULL)
448 OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);
449 a->top = 0;
450 a->neg = 0;
451}
452
453BN_ULONG BN_get_word(const BIGNUM *a)
454{
455 if (a->top > 1)
456 return BN_MASK2;
457 else if (a->top == 1)
458 return a->d[0];
459 /* a->top == 0 */
460 return 0;
461}
462
463int BN_set_word(BIGNUM *a, BN_ULONG w)
464{
465 bn_check_top(a);
466 if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL)
467 return (0);
468 a->neg = 0;
469 a->d[0] = w;
470 a->top = (w ? 1 : 0);
471 bn_check_top(a);
472 return (1);
473}
474
475BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
476{
477 unsigned int i, m;
478 unsigned int n;
479 BN_ULONG l;
480 BIGNUM *bn = NULL;
481
482 if (ret == NULL)
483 ret = bn = BN_new();
484 if (ret == NULL)
485 return (NULL);
486 bn_check_top(ret);
487 /* Skip leading zero's. */
488 for ( ; len > 0 && *s == 0; s++, len--)
489 continue;
490 n = len;
491 if (n == 0) {
492 ret->top = 0;
493 return (ret);
494 }
495 i = ((n - 1) / BN_BYTES) + 1;
496 m = ((n - 1) % (BN_BYTES));
497 if (bn_wexpand(ret, (int)i) == NULL) {
498 BN_free(bn);
499 return NULL;
500 }
501 ret->top = i;
502 ret->neg = 0;
503 l = 0;
504 while (n--) {
505 l = (l << 8L) | *(s++);
506 if (m-- == 0) {
507 ret->d[--i] = l;
508 l = 0;
509 m = BN_BYTES - 1;
510 }
511 }
512 /*
513 * need to call this due to clear byte at top if avoiding having the top
514 * bit set (-ve number)
515 */
516 bn_correct_top(ret);
517 return (ret);
518}
519
520/* ignore negative */
521static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
522{
523 int i;
524 BN_ULONG l;
525
526 bn_check_top(a);
527 i = BN_num_bytes(a);
528 if (tolen == -1)
529 tolen = i;
530 else if (tolen < i)
531 return -1;
532 /* Add leading zeroes if necessary */
533 if (tolen > i) {
534 memset(to, 0, tolen - i);
535 to += tolen - i;
536 }
537 while (i--) {
538 l = a->d[i / BN_BYTES];
539 *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
540 }
541 return tolen;
542}
543
544int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
545{
546 if (tolen < 0)
547 return -1;
548 return bn2binpad(a, to, tolen);
549}
550
551int BN_bn2bin(const BIGNUM *a, unsigned char *to)
552{
553 return bn2binpad(a, to, -1);
554}
555
556BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
557{
558 unsigned int i, m;
559 unsigned int n;
560 BN_ULONG l;
561 BIGNUM *bn = NULL;
562
563 if (ret == NULL)
564 ret = bn = BN_new();
565 if (ret == NULL)
566 return (NULL);
567 bn_check_top(ret);
568 s += len;
569 /* Skip trailing zeroes. */
570 for ( ; len > 0 && s[-1] == 0; s--, len--)
571 continue;
572 n = len;
573 if (n == 0) {
574 ret->top = 0;
575 return ret;
576 }
577 i = ((n - 1) / BN_BYTES) + 1;
578 m = ((n - 1) % (BN_BYTES));
579 if (bn_wexpand(ret, (int)i) == NULL) {
580 BN_free(bn);
581 return NULL;
582 }
583 ret->top = i;
584 ret->neg = 0;
585 l = 0;
586 while (n--) {
587 s--;
588 l = (l << 8L) | *s;
589 if (m-- == 0) {
590 ret->d[--i] = l;
591 l = 0;
592 m = BN_BYTES - 1;
593 }
594 }
595 /*
596 * need to call this due to clear byte at top if avoiding having the top
597 * bit set (-ve number)
598 */
599 bn_correct_top(ret);
600 return ret;
601}
602
603int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen)
604{
605 int i;
606 BN_ULONG l;
607 bn_check_top(a);
608 i = BN_num_bytes(a);
609 if (tolen < i)
610 return -1;
611 /* Add trailing zeroes if necessary */
612 if (tolen > i)
613 memset(to + i, 0, tolen - i);
614 to += i;
615 while (i--) {
616 l = a->d[i / BN_BYTES];
617 to--;
618 *to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
619 }
620 return tolen;
621}
622
623int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
624{
625 int i;
626 BN_ULONG t1, t2, *ap, *bp;
627
628 bn_check_top(a);
629 bn_check_top(b);
630
631 i = a->top - b->top;
632 if (i != 0)
633 return (i);
634 ap = a->d;
635 bp = b->d;
636 for (i = a->top - 1; i >= 0; i--) {
637 t1 = ap[i];
638 t2 = bp[i];
639 if (t1 != t2)
640 return ((t1 > t2) ? 1 : -1);
641 }
642 return (0);
643}
644
645int BN_cmp(const BIGNUM *a, const BIGNUM *b)
646{
647 int i;
648 int gt, lt;
649 BN_ULONG t1, t2;
650
651 if ((a == NULL) || (b == NULL)) {
652 if (a != NULL)
653 return (-1);
654 else if (b != NULL)
655 return (1);
656 else
657 return (0);
658 }
659
660 bn_check_top(a);
661 bn_check_top(b);
662
663 if (a->neg != b->neg) {
664 if (a->neg)
665 return (-1);
666 else
667 return (1);
668 }
669 if (a->neg == 0) {
670 gt = 1;
671 lt = -1;
672 } else {
673 gt = -1;
674 lt = 1;
675 }
676
677 if (a->top > b->top)
678 return (gt);
679 if (a->top < b->top)
680 return (lt);
681 for (i = a->top - 1; i >= 0; i--) {
682 t1 = a->d[i];
683 t2 = b->d[i];
684 if (t1 > t2)
685 return (gt);
686 if (t1 < t2)
687 return (lt);
688 }
689 return (0);
690}
691
692int BN_set_bit(BIGNUM *a, int n)
693{
694 int i, j, k;
695
696 if (n < 0)
697 return 0;
698
699 i = n / BN_BITS2;
700 j = n % BN_BITS2;
701 if (a->top <= i) {
702 if (bn_wexpand(a, i + 1) == NULL)
703 return (0);
704 for (k = a->top; k < i + 1; k++)
705 a->d[k] = 0;
706 a->top = i + 1;
707 }
708
709 a->d[i] |= (((BN_ULONG)1) << j);
710 bn_check_top(a);
711 return (1);
712}
713
714int BN_clear_bit(BIGNUM *a, int n)
715{
716 int i, j;
717
718 bn_check_top(a);
719 if (n < 0)
720 return 0;
721
722 i = n / BN_BITS2;
723 j = n % BN_BITS2;
724 if (a->top <= i)
725 return (0);
726
727 a->d[i] &= (~(((BN_ULONG)1) << j));
728 bn_correct_top(a);
729 return (1);
730}
731
732int BN_is_bit_set(const BIGNUM *a, int n)
733{
734 int i, j;
735
736 bn_check_top(a);
737 if (n < 0)
738 return 0;
739 i = n / BN_BITS2;
740 j = n % BN_BITS2;
741 if (a->top <= i)
742 return 0;
743 return (int)(((a->d[i]) >> j) & ((BN_ULONG)1));
744}
745
746int BN_mask_bits(BIGNUM *a, int n)
747{
748 int b, w;
749
750 bn_check_top(a);
751 if (n < 0)
752 return 0;
753
754 w = n / BN_BITS2;
755 b = n % BN_BITS2;
756 if (w >= a->top)
757 return 0;
758 if (b == 0)
759 a->top = w;
760 else {
761 a->top = w + 1;
762 a->d[w] &= ~(BN_MASK2 << b);
763 }
764 bn_correct_top(a);
765 return (1);
766}
767
768void BN_set_negative(BIGNUM *a, int b)
769{
770 if (b && !BN_is_zero(a))
771 a->neg = 1;
772 else
773 a->neg = 0;
774}
775
776int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
777{
778 int i;
779 BN_ULONG aa, bb;
780
781 aa = a[n - 1];
782 bb = b[n - 1];
783 if (aa != bb)
784 return ((aa > bb) ? 1 : -1);
785 for (i = n - 2; i >= 0; i--) {
786 aa = a[i];
787 bb = b[i];
788 if (aa != bb)
789 return ((aa > bb) ? 1 : -1);
790 }
791 return (0);
792}
793
794/*
795 * Here follows a specialised variants of bn_cmp_words(). It has the
796 * capability of performing the operation on arrays of different sizes. The
797 * sizes of those arrays is expressed through cl, which is the common length
798 * ( basically, min(len(a),len(b)) ), and dl, which is the delta between the
799 * two lengths, calculated as len(a)-len(b). All lengths are the number of
800 * BN_ULONGs...
801 */
802
803int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl)
804{
805 int n, i;
806 n = cl - 1;
807
808 if (dl < 0) {
809 for (i = dl; i < 0; i++) {
810 if (b[n - i] != 0)
811 return -1; /* a < b */
812 }
813 }
814 if (dl > 0) {
815 for (i = dl; i > 0; i--) {
816 if (a[n + i] != 0)
817 return 1; /* a > b */
818 }
819 }
820 return bn_cmp_words(a, b, cl);
821}
822
823/*
824 * Constant-time conditional swap of a and b.
825 * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
826 * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
827 * and that no more than nwords are used by either a or b.
828 * a and b cannot be the same number
829 */
830void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
831{
832 BN_ULONG t;
833 int i;
834
835 bn_wcheck_size(a, nwords);
836 bn_wcheck_size(b, nwords);
837
838 assert(a != b);
839 assert((condition & (condition - 1)) == 0);
840 assert(sizeof(BN_ULONG) >= sizeof(int));
841
842 condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
843
844 t = (a->top ^ b->top) & condition;
845 a->top ^= t;
846 b->top ^= t;
847
848#define BN_CONSTTIME_SWAP(ind) \
849 do { \
850 t = (a->d[ind] ^ b->d[ind]) & condition; \
851 a->d[ind] ^= t; \
852 b->d[ind] ^= t; \
853 } while (0)
854
855 switch (nwords) {
856 default:
857 for (i = 10; i < nwords; i++)
858 BN_CONSTTIME_SWAP(i);
859 /* Fallthrough */
860 case 10:
861 BN_CONSTTIME_SWAP(9); /* Fallthrough */
862 case 9:
863 BN_CONSTTIME_SWAP(8); /* Fallthrough */
864 case 8:
865 BN_CONSTTIME_SWAP(7); /* Fallthrough */
866 case 7:
867 BN_CONSTTIME_SWAP(6); /* Fallthrough */
868 case 6:
869 BN_CONSTTIME_SWAP(5); /* Fallthrough */
870 case 5:
871 BN_CONSTTIME_SWAP(4); /* Fallthrough */
872 case 4:
873 BN_CONSTTIME_SWAP(3); /* Fallthrough */
874 case 3:
875 BN_CONSTTIME_SWAP(2); /* Fallthrough */
876 case 2:
877 BN_CONSTTIME_SWAP(1); /* Fallthrough */
878 case 1:
879 BN_CONSTTIME_SWAP(0);
880 }
881#undef BN_CONSTTIME_SWAP
882}
883
884/* Bits of security, see SP800-57 */
885
886int BN_security_bits(int L, int N)
887{
888 int secbits, bits;
889 if (L >= 15360)
890 secbits = 256;
891 else if (L >= 7690)
892 secbits = 192;
893 else if (L >= 3072)
894 secbits = 128;
895 else if (L >= 2048)
896 secbits = 112;
897 else if (L >= 1024)
898 secbits = 80;
899 else
900 return 0;
901 if (N == -1)
902 return secbits;
903 bits = N / 2;
904 if (bits < 80)
905 return 0;
906 return bits >= secbits ? secbits : bits;
907}
908
909void BN_zero_ex(BIGNUM *a)
910{
911 a->top = 0;
912 a->neg = 0;
913}
914
915int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w)
916{
917 return ((a->top == 1) && (a->d[0] == w)) || ((w == 0) && (a->top == 0));
918}
919
920int BN_is_zero(const BIGNUM *a)
921{
922 return a->top == 0;
923}
924
925int BN_is_one(const BIGNUM *a)
926{
927 return BN_abs_is_word(a, 1) && !a->neg;
928}
929
930int BN_is_word(const BIGNUM *a, const BN_ULONG w)
931{
932 return BN_abs_is_word(a, w) && (!w || !a->neg);
933}
934
935int BN_is_odd(const BIGNUM *a)
936{
937 return (a->top > 0) && (a->d[0] & 1);
938}
939
940int BN_is_negative(const BIGNUM *a)
941{
942 return (a->neg != 0);
943}
944
945int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
946 BN_CTX *ctx)
947{
948 return BN_mod_mul_montgomery(r, a, &(mont->RR), mont, ctx);
949}
950
951void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags)
952{
953 dest->d = b->d;
954 dest->top = b->top;
955 dest->dmax = b->dmax;
956 dest->neg = b->neg;
957 dest->flags = ((dest->flags & BN_FLG_MALLOCED)
958 | (b->flags & ~BN_FLG_MALLOCED)
959 | BN_FLG_STATIC_DATA | flags);
960}
961
962BN_GENCB *BN_GENCB_new(void)
963{
964 BN_GENCB *ret;
965
966 if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
967 BNerr(BN_F_BN_GENCB_NEW, ERR_R_MALLOC_FAILURE);
968 return (NULL);
969 }
970
971 return ret;
972}
973
974void BN_GENCB_free(BN_GENCB *cb)
975{
976 if (cb == NULL)
977 return;
978 OPENSSL_free(cb);
979}
980
981void BN_set_flags(BIGNUM *b, int n)
982{
983 b->flags |= n;
984}
985
986int BN_get_flags(const BIGNUM *b, int n)
987{
988 return b->flags & n;
989}
990
991/* Populate a BN_GENCB structure with an "old"-style callback */
992void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *),
993 void *cb_arg)
994{
995 BN_GENCB *tmp_gencb = gencb;
996 tmp_gencb->ver = 1;
997 tmp_gencb->arg = cb_arg;
998 tmp_gencb->cb.cb_1 = callback;
999}
1000
1001/* Populate a BN_GENCB structure with a "new"-style callback */
1002void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *),
1003 void *cb_arg)
1004{
1005 BN_GENCB *tmp_gencb = gencb;
1006 tmp_gencb->ver = 2;
1007 tmp_gencb->arg = cb_arg;
1008 tmp_gencb->cb.cb_2 = callback;
1009}
1010
1011void *BN_GENCB_get_arg(BN_GENCB *cb)
1012{
1013 return cb->arg;
1014}
1015
1016BIGNUM *bn_wexpand(BIGNUM *a, int words)
1017{
1018 return (words <= a->dmax) ? a : bn_expand2(a, words);
1019}
1020
1021void bn_correct_top(BIGNUM *a)
1022{
1023 BN_ULONG *ftl;
1024 int tmp_top = a->top;
1025
1026 if (tmp_top > 0) {
1027 for (ftl = &(a->d[tmp_top]); tmp_top > 0; tmp_top--) {
1028 ftl--;
1029 if (*ftl != 0)
1030 break;
1031 }
1032 a->top = tmp_top;
1033 }
1034 if (a->top == 0)
1035 a->neg = 0;
1036 bn_pollute(a);
1037}
Note: See TracBrowser for help on using the repository browser.