• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2  * All rights reserved.
3  *
4  * This package is an SSL implementation written
5  * by Eric Young (eay@cryptsoft.com).
6  * The implementation was written so as to conform with Netscapes SSL.
7  *
8  * This library is free for commercial and non-commercial use as long as
9  * the following conditions are aheared to.  The following conditions
10  * apply to all code found in this distribution, be it the RC4, RSA,
11  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
12  * included with this distribution is covered by the same copyright terms
13  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14  *
15  * Copyright remains Eric Young's, and as such any Copyright notices in
16  * the code are not to be removed.
17  * If this package is used in a product, Eric Young should be given attribution
18  * as the author of the parts of the library used.
19  * This can be in the form of a textual message at program startup or
20  * in documentation (online or textual) provided with the package.
21  *
22  * Redistribution and use in source and binary forms, with or without
23  * modification, are permitted provided that the following conditions
24  * are met:
25  * 1. Redistributions of source code must retain the copyright
26  *    notice, this list of conditions and the following disclaimer.
27  * 2. Redistributions in binary form must reproduce the above copyright
28  *    notice, this list of conditions and the following disclaimer in the
29  *    documentation and/or other materials provided with the distribution.
30  * 3. All advertising materials mentioning features or use of this software
31  *    must display the following acknowledgement:
32  *    "This product includes cryptographic software written by
33  *     Eric Young (eay@cryptsoft.com)"
34  *    The word 'cryptographic' can be left out if the rouines from the library
35  *    being used are not cryptographic related :-).
36  * 4. If you include any Windows specific code (or a derivative thereof) from
37  *    the apps directory (application code) you must include an acknowledgement:
38  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39  *
40  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50  * SUCH DAMAGE.
51  *
52  * The licence and distribution terms for any publically available version or
53  * derivative of this code cannot be changed.  i.e. this code cannot simply be
54  * copied and put under another distribution licence
55  * [including the GNU Public Licence.] */
56 
57 #include <openssl/bn.h>
58 
59 #include <limits.h>
60 #include <string.h>
61 
62 #include <openssl/err.h>
63 #include <openssl/mem.h>
64 
65 #include "internal.h"
66 
67 
BN_new(void)68 BIGNUM *BN_new(void) {
69   BIGNUM *bn = OPENSSL_malloc(sizeof(BIGNUM));
70 
71   if (bn == NULL) {
72     OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE);
73     return NULL;
74   }
75 
76   memset(bn, 0, sizeof(BIGNUM));
77   bn->flags = BN_FLG_MALLOCED;
78 
79   return bn;
80 }
81 
BN_init(BIGNUM * bn)82 void BN_init(BIGNUM *bn) {
83   memset(bn, 0, sizeof(BIGNUM));
84 }
85 
BN_free(BIGNUM * bn)86 void BN_free(BIGNUM *bn) {
87   if (bn == NULL) {
88     return;
89   }
90 
91   if ((bn->flags & BN_FLG_STATIC_DATA) == 0) {
92     OPENSSL_free(bn->d);
93   }
94 
95   if (bn->flags & BN_FLG_MALLOCED) {
96     OPENSSL_free(bn);
97   } else {
98     bn->d = NULL;
99   }
100 }
101 
BN_clear_free(BIGNUM * bn)102 void BN_clear_free(BIGNUM *bn) {
103   char should_free;
104 
105   if (bn == NULL) {
106     return;
107   }
108 
109   if (bn->d != NULL) {
110     OPENSSL_cleanse(bn->d, bn->dmax * sizeof(bn->d[0]));
111     if ((bn->flags & BN_FLG_STATIC_DATA) == 0) {
112       OPENSSL_free(bn->d);
113     }
114   }
115 
116   should_free = (bn->flags & BN_FLG_MALLOCED) != 0;
117   OPENSSL_cleanse(bn, sizeof(BIGNUM));
118   if (should_free) {
119     OPENSSL_free(bn);
120   }
121 }
122 
BN_dup(const BIGNUM * src)123 BIGNUM *BN_dup(const BIGNUM *src) {
124   BIGNUM *copy;
125 
126   if (src == NULL) {
127     return NULL;
128   }
129 
130   copy = BN_new();
131   if (copy == NULL) {
132     return NULL;
133   }
134 
135   if (!BN_copy(copy, src)) {
136     BN_free(copy);
137     return NULL;
138   }
139 
140   return copy;
141 }
142 
BN_copy(BIGNUM * dest,const BIGNUM * src)143 BIGNUM *BN_copy(BIGNUM *dest, const BIGNUM *src) {
144   if (src == dest) {
145     return dest;
146   }
147 
148   if (bn_wexpand(dest, src->top) == NULL) {
149     return NULL;
150   }
151 
152   memcpy(dest->d, src->d, sizeof(src->d[0]) * src->top);
153 
154   dest->top = src->top;
155   dest->neg = src->neg;
156   return dest;
157 }
158 
BN_clear(BIGNUM * bn)159 void BN_clear(BIGNUM *bn) {
160   if (bn->d != NULL) {
161     memset(bn->d, 0, bn->dmax * sizeof(bn->d[0]));
162   }
163 
164   bn->top = 0;
165   bn->neg = 0;
166 }
167 
BN_value_one(void)168 const BIGNUM *BN_value_one(void) {
169   static const BN_ULONG kOneLimbs[1] = { 1 };
170   static const BIGNUM kOne = STATIC_BIGNUM(kOneLimbs);
171 
172   return &kOne;
173 }
174 
BN_with_flags(BIGNUM * out,const BIGNUM * in,int flags)175 void BN_with_flags(BIGNUM *out, const BIGNUM *in, int flags) {
176   memcpy(out, in, sizeof(BIGNUM));
177   out->flags &= ~BN_FLG_MALLOCED;
178   out->flags |= BN_FLG_STATIC_DATA | flags;
179 }
180 
181 /* BN_num_bits_word returns the minimum number of bits needed to represent the
182  * value in |l|. */
BN_num_bits_word(BN_ULONG l)183 unsigned BN_num_bits_word(BN_ULONG l) {
184   static const unsigned char bits[256] = {
185       0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4, 5, 5, 5, 5, 5, 5, 5, 5,
186       5, 5, 5, 5, 5, 5, 5, 5, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
187       6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 7, 7, 7, 7, 7, 7, 7, 7,
188       7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
189       7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
190       7, 7, 7, 7, 7, 7, 7, 7, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
191       8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
192       8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
193       8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
194       8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
195       8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8};
196 
197 #if defined(OPENSSL_64_BIT)
198   if (l & 0xffffffff00000000L) {
199     if (l & 0xffff000000000000L) {
200       if (l & 0xff00000000000000L) {
201         return (bits[(int)(l >> 56)] + 56);
202       } else {
203         return (bits[(int)(l >> 48)] + 48);
204       }
205     } else {
206       if (l & 0x0000ff0000000000L) {
207         return (bits[(int)(l >> 40)] + 40);
208       } else {
209         return (bits[(int)(l >> 32)] + 32);
210       }
211     }
212   } else
213 #endif
214   {
215     if (l & 0xffff0000L) {
216       if (l & 0xff000000L) {
217         return (bits[(int)(l >> 24L)] + 24);
218       } else {
219         return (bits[(int)(l >> 16L)] + 16);
220       }
221     } else {
222       if (l & 0xff00L) {
223         return (bits[(int)(l >> 8)] + 8);
224       } else {
225         return (bits[(int)(l)]);
226       }
227     }
228   }
229 }
230 
BN_num_bits(const BIGNUM * bn)231 unsigned BN_num_bits(const BIGNUM *bn) {
232   const int max = bn->top - 1;
233 
234   if (BN_is_zero(bn)) {
235     return 0;
236   }
237 
238   return max*BN_BITS2 + BN_num_bits_word(bn->d[max]);
239 }
240 
BN_num_bytes(const BIGNUM * bn)241 unsigned BN_num_bytes(const BIGNUM *bn) {
242   return (BN_num_bits(bn) + 7) / 8;
243 }
244 
BN_zero(BIGNUM * bn)245 void BN_zero(BIGNUM *bn) {
246   bn->top = bn->neg = 0;
247 }
248 
BN_one(BIGNUM * bn)249 int BN_one(BIGNUM *bn) {
250   return BN_set_word(bn, 1);
251 }
252 
BN_set_word(BIGNUM * bn,BN_ULONG value)253 int BN_set_word(BIGNUM *bn, BN_ULONG value) {
254   if (value == 0) {
255     BN_zero(bn);
256     return 1;
257   }
258 
259   if (bn_wexpand(bn, 1) == NULL) {
260     return 0;
261   }
262 
263   bn->neg = 0;
264   bn->d[0] = value;
265   bn->top = 1;
266   return 1;
267 }
268 
BN_is_negative(const BIGNUM * bn)269 int BN_is_negative(const BIGNUM *bn) {
270   return bn->neg != 0;
271 }
272 
BN_set_negative(BIGNUM * bn,int sign)273 void BN_set_negative(BIGNUM *bn, int sign) {
274   if (sign && !BN_is_zero(bn)) {
275     bn->neg = 1;
276   } else {
277     bn->neg = 0;
278   }
279 }
280 
bn_wexpand(BIGNUM * bn,size_t words)281 BIGNUM *bn_wexpand(BIGNUM *bn, size_t words) {
282   BN_ULONG *a;
283 
284   if (words <= (size_t)bn->dmax) {
285     return bn;
286   }
287 
288   if (words > (INT_MAX / (4 * BN_BITS2))) {
289     OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG);
290     return NULL;
291   }
292 
293   if (bn->flags & BN_FLG_STATIC_DATA) {
294     OPENSSL_PUT_ERROR(BN, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
295     return NULL;
296   }
297 
298   a = (BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG) * words);
299   if (a == NULL) {
300     OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE);
301     return NULL;
302   }
303 
304   memcpy(a, bn->d, sizeof(BN_ULONG) * bn->top);
305 
306   OPENSSL_free(bn->d);
307   bn->d = a;
308   bn->dmax = (int)words;
309 
310   return bn;
311 }
312 
bn_expand(BIGNUM * bn,size_t bits)313 BIGNUM *bn_expand(BIGNUM *bn, size_t bits) {
314   if (bits + BN_BITS2 - 1 < bits) {
315     OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG);
316     return NULL;
317   }
318   return bn_wexpand(bn, (bits+BN_BITS2-1)/BN_BITS2);
319 }
320 
bn_correct_top(BIGNUM * bn)321 void bn_correct_top(BIGNUM *bn) {
322   BN_ULONG *ftl;
323   int tmp_top = bn->top;
324 
325   if (tmp_top > 0) {
326     for (ftl = &(bn->d[tmp_top - 1]); tmp_top > 0; tmp_top--) {
327       if (*(ftl--)) {
328         break;
329       }
330     }
331     bn->top = tmp_top;
332   }
333 }
334 
BN_get_flags(const BIGNUM * bn,int flags)335 int BN_get_flags(const BIGNUM *bn, int flags) {
336   return bn->flags & flags;
337 }
338 
BN_set_flags(BIGNUM * bn,int flags)339 void BN_set_flags(BIGNUM *bn, int flags) {
340   bn->flags |= flags;
341 }
342