1 /* crypto/bn/bn_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
59 © Portions copyright (c) 2006 Nokia Corporation. All rights reserved.
64 # undef NDEBUG /* avoid conflicting definitions */
73 #if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__)))
74 #include "libcrypto_wsd_macros.h"
75 #include "libcrypto_wsd.h"
78 const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;
80 /* This stuff appears to be completely unused, so is deprecated */
81 #ifndef OPENSSL_NO_DEPRECATED
82 /* For a 32 bit machine
92 static int bn_limit_bits=0;
93 static int bn_limit_num=8; /* (1<<bn_limit_bits) */
94 static int bn_limit_bits_low=0;
95 static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
96 static int bn_limit_bits_high=0;
97 static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
98 static int bn_limit_bits_mont=0;
99 static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
100 EXPORT_C void BN_set_params(int mult, int high, int low, int mont)
104 if (mult > (int)(sizeof(int)*8)-1)
105 mult=sizeof(int)*8-1;
107 bn_limit_num=1<<mult;
111 if (high > (int)(sizeof(int)*8)-1)
112 high=sizeof(int)*8-1;
113 bn_limit_bits_high=high;
114 bn_limit_num_high=1<<high;
118 if (low > (int)(sizeof(int)*8)-1)
120 bn_limit_bits_low=low;
121 bn_limit_num_low=1<<low;
125 if (mont > (int)(sizeof(int)*8)-1)
126 mont=sizeof(int)*8-1;
127 bn_limit_bits_mont=mont;
128 bn_limit_num_mont=1<<mont;
132 EXPORT_C int BN_get_params(int which)
134 if (which == 0) return(bn_limit_bits);
135 else if (which == 1) return(bn_limit_bits_high);
136 else if (which == 2) return(bn_limit_bits_low);
137 else if (which == 3) return(bn_limit_bits_mont);
143 GET_STATIC_VAR_FROM_TLS(data_one,bn_lib,BN_ULONG)
144 #define data_one (*GET_WSD_VAR_NAME(data_one,bn_lib, s)())
145 GET_STATIC_VAR_FROM_TLS(const_one,bn_lib,BIGNUM)
146 #define const_one (*GET_WSD_VAR_NAME(const_one,bn_lib, s)())
149 EXPORT_C const BIGNUM *BN_value_one(void)
152 static BN_ULONG data_one=1L;
154 static BIGNUM const_one={&data_one,1,1,0,BN_FLG_STATIC_DATA};
161 GET_STATIC_ARRAY_FROM_TLS(data,bn_lib,char)
162 #define data (GET_WSD_VAR_NAME(data,bn_lib, s)())
163 GET_STATIC_VAR_FROM_TLS(init,bn_lib,int)
164 #define init (*GET_WSD_VAR_NAME(init,bn_lib, s)())
168 EXPORT_C char *BN_options(void)
172 static char data[16];
179 BIO_snprintf(data,sizeof data,"bn(%d,%d)",
180 (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
182 BIO_snprintf(data,sizeof data,"bn(%d,%d)",
183 (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
189 EXPORT_C int BN_num_bits_word(BN_ULONG l)
191 static const char bits[256]={
192 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
193 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
194 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
195 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
196 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
197 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
198 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
199 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
200 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
201 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
202 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
203 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
204 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
205 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
206 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
207 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
210 #if defined(SIXTY_FOUR_BIT_LONG)
211 if (l & 0xffffffff00000000L)
213 if (l & 0xffff000000000000L)
215 if (l & 0xff00000000000000L)
217 return(bits[(int)(l>>56)]+56);
219 else return(bits[(int)(l>>48)]+48);
223 if (l & 0x0000ff0000000000L)
225 return(bits[(int)(l>>40)]+40);
227 else return(bits[(int)(l>>32)]+32);
232 #ifdef SIXTY_FOUR_BIT
233 if (l & 0xffffffff00000000LL)
235 if (l & 0xffff000000000000LL)
237 if (l & 0xff00000000000000LL)
239 return(bits[(int)(l>>56)]+56);
241 else return(bits[(int)(l>>48)]+48);
245 if (l & 0x0000ff0000000000LL)
247 return(bits[(int)(l>>40)]+40);
249 else return(bits[(int)(l>>32)]+32);
256 #if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
260 return(bits[(int)(l>>24L)]+24);
261 else return(bits[(int)(l>>16L)]+16);
266 #if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
268 return(bits[(int)(l>>8)]+8);
271 return(bits[(int)(l )] );
276 EXPORT_C int BN_num_bits(const BIGNUM *a)
281 if (BN_is_zero(a)) return 0;
282 return ((i*BN_BITS2) + BN_num_bits_word(a->d[i]));
285 EXPORT_C void BN_clear_free(BIGNUM *a)
289 if (a == NULL) return;
293 OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
294 if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
297 i=BN_get_flags(a,BN_FLG_MALLOCED);
298 OPENSSL_cleanse(a,sizeof(BIGNUM));
303 EXPORT_C void BN_free(BIGNUM *a)
305 if (a == NULL) return;
307 if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
309 if (a->flags & BN_FLG_MALLOCED)
313 #ifndef OPENSSL_NO_DEPRECATED
314 a->flags|=BN_FLG_FREE;
320 EXPORT_C void BN_init(BIGNUM *a)
322 memset(a,0,sizeof(BIGNUM));
326 EXPORT_C BIGNUM *BN_new(void)
330 if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL)
332 BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
335 ret->flags=BN_FLG_MALLOCED;
344 /* This is used both by bn_expand2() and bn_dup_expand() */
345 /* The caller MUST check that words > b->dmax before calling this */
346 static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
348 BN_ULONG *A,*a = NULL;
354 if (words > (INT_MAX/(4*BN_BITS2)))
356 BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
359 if (BN_get_flags(b,BN_FLG_STATIC_DATA))
361 BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
364 a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*words);
367 BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
372 /* Check if the previous number needs to be copied */
375 for (i=b->top>>2; i>0; i--,A+=4,B+=4)
378 * The fact that the loop is unrolled
379 * 4-wise is a tribute to Intel. It's
380 * the one that doesn't have enough
381 * registers to accomodate more data.
382 * I'd unroll it 8-wise otherwise:-)
384 * <appro@fy.chalmers.se>
386 BN_ULONG a0,a1,a2,a3;
387 a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
388 A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
395 case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does
396 * the switch table by doing a=top&3; a--; goto jump_table[a];
397 * which fails for top== 0 */
403 memset(A,0,sizeof(BN_ULONG)*words);
404 memcpy(A,b->d,sizeof(b->d[0])*b->top);
410 /* This is an internal function that can be used instead of bn_expand2()
411 * when there is a need to copy BIGNUMs instead of only expanding the
412 * data part, while still expanding them.
413 * Especially useful when needing to expand BIGNUMs that are declared
414 * 'const' and should therefore not be changed.
415 * The reason to use this instead of a BN_dup() followed by a bn_expand2()
416 * is memory allocation overhead. A BN_dup() followed by a bn_expand2()
417 * will allocate new memory for the BIGNUM data twice, and free it once,
418 * while bn_dup_expand() makes sure allocation is made only once.
421 #ifndef OPENSSL_NO_DEPRECATED
422 EXPORT_C BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
428 /* This function does not work if
429 * words <= b->dmax && top < words
430 * because BN_dup() does not preserve 'dmax'!
431 * (But bn_dup_expand() is not used anywhere yet.)
436 BN_ULONG *a = bn_expand_internal(b, words);
450 /* r == NULL, BN_new failure */
454 /* If a == NULL, there was an error in allocation in
455 bn_expand_internal(), and NULL should be returned */
467 /* This is an internal function that should not be used in applications.
468 * It ensures that 'b' has enough room for a 'words' word number
469 * and initialises any unused part of b->d with leading zeros.
470 * It is mostly used by the various BIGNUM routines. If there is an error,
471 * NULL is returned. If not, 'b' is returned. */
473 EXPORT_C BIGNUM *bn_expand2(BIGNUM *b, int words)
479 BN_ULONG *a = bn_expand_internal(b, words);
481 if(b->d) OPENSSL_free(b->d);
486 /* None of this should be necessary because of what b->top means! */
488 /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */
489 if (b->top < b->dmax)
492 BN_ULONG *A = &(b->d[b->top]);
493 for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
495 A[0]=0; A[1]=0; A[2]=0; A[3]=0;
496 A[4]=0; A[5]=0; A[6]=0; A[7]=0;
498 for (i=(b->dmax - b->top)&7; i>0; i--,A++)
500 assert(A == &(b->d[b->dmax]));
507 EXPORT_C BIGNUM *BN_dup(const BIGNUM *a)
511 if (a == NULL) return NULL;
515 if (t == NULL) return NULL;
525 EXPORT_C BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
533 if (a == b) return(a);
534 if (bn_wexpand(a,b->top) == NULL) return(NULL);
539 for (i=b->top>>2; i>0; i--,A+=4,B+=4)
541 BN_ULONG a0,a1,a2,a3;
542 a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
543 A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
550 case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
553 memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
562 EXPORT_C void BN_swap(BIGNUM *a, BIGNUM *b)
564 int flags_old_a, flags_old_b;
566 int tmp_top, tmp_dmax, tmp_neg;
571 flags_old_a = a->flags;
572 flags_old_b = b->flags;
589 a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
590 b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
595 EXPORT_C void BN_clear(BIGNUM *a)
599 memset(a->d,0,a->dmax*sizeof(a->d[0]));
604 EXPORT_C BN_ULONG BN_get_word(const BIGNUM *a)
608 else if (a->top == 1)
614 EXPORT_C int BN_set_word(BIGNUM *a, BN_ULONG w)
617 if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0);
620 a->top = (w ? 1 : 0);
625 EXPORT_C BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
634 if (ret == NULL) return(NULL);
643 i=((n-1)/BN_BYTES)+1;
644 m=((n-1)%(BN_BYTES));
645 if (bn_wexpand(ret, (int)i) == NULL)
662 /* need to call this due to clear byte at top if avoiding
663 * having the top bit set (-ve number) */
668 /* ignore negative */
669 EXPORT_C int BN_bn2bin(const BIGNUM *a, unsigned char *to)
679 *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
684 EXPORT_C int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
687 BN_ULONG t1,t2,*ap,*bp;
693 if (i != 0) return(i);
696 for (i=a->top-1; i>=0; i--)
701 return((t1 > t2) ? 1 : -1);
706 EXPORT_C int BN_cmp(const BIGNUM *a, const BIGNUM *b)
712 if ((a == NULL) || (b == NULL))
725 if (a->neg != b->neg)
733 else { gt= -1; lt=1; }
735 if (a->top > b->top) return(gt);
736 if (a->top < b->top) return(lt);
737 for (i=a->top-1; i>=0; i--)
741 if (t1 > t2) return(gt);
742 if (t1 < t2) return(lt);
747 EXPORT_C int BN_set_bit(BIGNUM *a, int n)
758 if (bn_wexpand(a,i+1) == NULL) return(0);
759 for(k=a->top; k<i+1; k++)
764 a->d[i]|=(((BN_ULONG)1)<<j);
769 EXPORT_C int BN_clear_bit(BIGNUM *a, int n)
778 if (a->top <= i) return(0);
780 a->d[i]&=(~(((BN_ULONG)1)<<j));
785 EXPORT_C int BN_is_bit_set(const BIGNUM *a, int n)
793 if (a->top <= i) return 0;
794 return(((a->d[i])>>j)&((BN_ULONG)1));
797 EXPORT_C int BN_mask_bits(BIGNUM *a, int n)
806 if (w >= a->top) return 0;
812 a->d[w]&= ~(BN_MASK2<<b);
818 EXPORT_C void BN_set_negative(BIGNUM *a, int b)
820 if (b && !BN_is_zero(a))
826 EXPORT_C int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
833 if (aa != bb) return((aa > bb)?1:-1);
834 for (i=n-2; i>=0; i--)
838 if (aa != bb) return((aa > bb)?1:-1);
843 /* Here follows a specialised variants of bn_cmp_words(). It has the
844 property of performing the operation on arrays of different sizes.
845 The sizes of those arrays is expressed through cl, which is the
846 common length ( basicall, min(len(a),len(b)) ), and dl, which is the
847 delta between the two lengths, calculated as len(a)-len(b).
848 All lengths are the number of BN_ULONGs... */
850 EXPORT_C int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
861 return -1; /* a < b */
869 return 1; /* a > b */
872 return bn_cmp_words(a,b,cl);