1
/* crypto/bn/bn_lib.c */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5
* This package is an SSL implementation written
6
* by Eric Young (eay@cryptsoft.com).
7
* The implementation was written so as to conform with Netscapes SSL.
9
* This library is free for commercial and non-commercial use as long as
10
* the following conditions are aheared to. The following conditions
11
* apply to all code found in this distribution, be it the RC4, RSA,
12
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13
* included with this distribution is covered by the same copyright terms
14
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
16
* Copyright remains Eric Young's, and as such any Copyright notices in
17
* the code are not to be removed.
18
* If this package is used in a product, Eric Young should be given attribution
19
* as the author of the parts of the library used.
20
* This can be in the form of a textual message at program startup or
21
* in documentation (online or textual) provided with the package.
23
* Redistribution and use in source and binary forms, with or without
24
* modification, are permitted provided that the following conditions
26
* 1. Redistributions of source code must retain the copyright
27
* notice, this list of conditions and the following disclaimer.
28
* 2. Redistributions in binary form must reproduce the above copyright
29
* notice, this list of conditions and the following disclaimer in the
30
* documentation and/or other materials provided with the distribution.
31
* 3. All advertising materials mentioning features or use of this software
32
* must display the following acknowledgement:
33
* "This product includes cryptographic software written by
34
* Eric Young (eay@cryptsoft.com)"
35
* The word 'cryptographic' can be left out if the rouines from the library
36
* being used are not cryptographic related :-).
37
* 4. If you include any Windows specific code (or a derivative thereof) from
38
* the apps directory (application code) you must include an acknowledgement:
39
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53
* The licence and distribution terms for any publically available version or
54
* derivative of this code cannot be changed. i.e. this code cannot simply be
55
* copied and put under another distribution licence
56
* [including the GNU Public Licence.]
60
# undef NDEBUG /* avoid conflicting definitions */
70
const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT;
72
/* For a 32 bit machine
81
static int bn_limit_bits=0;
82
static int bn_limit_num=8; /* (1<<bn_limit_bits) */
83
static int bn_limit_bits_low=0;
84
static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
85
static int bn_limit_bits_high=0;
86
static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
87
static int bn_limit_bits_mont=0;
88
static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
90
void BN_set_params(int mult, int high, int low, int mont)
94
if (mult > (sizeof(int)*8)-1)
101
if (high > (sizeof(int)*8)-1)
102
high=sizeof(int)*8-1;
103
bn_limit_bits_high=high;
104
bn_limit_num_high=1<<high;
108
if (low > (sizeof(int)*8)-1)
110
bn_limit_bits_low=low;
111
bn_limit_num_low=1<<low;
115
if (mont > (sizeof(int)*8)-1)
116
mont=sizeof(int)*8-1;
117
bn_limit_bits_mont=mont;
118
bn_limit_num_mont=1<<mont;
122
int BN_get_params(int which)
124
if (which == 0) return(bn_limit_bits);
125
else if (which == 1) return(bn_limit_bits_high);
126
else if (which == 2) return(bn_limit_bits_low);
127
else if (which == 3) return(bn_limit_bits_mont);
131
const BIGNUM *BN_value_one(void)
133
static BN_ULONG data_one=1L;
134
static BIGNUM const_one={&data_one,1,1,0};
139
char *BN_options(void)
142
static char data[16];
148
BIO_snprintf(data,sizeof data,"bn(%d,%d)",
149
(int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
151
BIO_snprintf(data,sizeof data,"bn(%d,%d)",
152
(int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
158
int BN_num_bits_word(BN_ULONG l)
160
static const char bits[256]={
161
0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
162
5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
163
6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
164
6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
165
7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
166
7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
167
7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
168
7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
169
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
170
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
171
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
172
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
173
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
174
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
175
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
176
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
179
#if defined(SIXTY_FOUR_BIT_LONG)
180
if (l & 0xffffffff00000000L)
182
if (l & 0xffff000000000000L)
184
if (l & 0xff00000000000000L)
186
return(bits[(int)(l>>56)]+56);
188
else return(bits[(int)(l>>48)]+48);
192
if (l & 0x0000ff0000000000L)
194
return(bits[(int)(l>>40)]+40);
196
else return(bits[(int)(l>>32)]+32);
201
#ifdef SIXTY_FOUR_BIT
202
if (l & 0xffffffff00000000LL)
204
if (l & 0xffff000000000000LL)
206
if (l & 0xff00000000000000LL)
208
return(bits[(int)(l>>56)]+56);
210
else return(bits[(int)(l>>48)]+48);
214
if (l & 0x0000ff0000000000LL)
216
return(bits[(int)(l>>40)]+40);
218
else return(bits[(int)(l>>32)]+32);
225
#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
229
return(bits[(int)(l>>24L)]+24);
230
else return(bits[(int)(l>>16L)]+16);
235
#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
237
return(bits[(int)(l>>8)]+8);
240
return(bits[(int)(l )] );
245
int BN_num_bits(const BIGNUM *a)
252
if (a->top == 0) return(0);
255
i=(a->top-1)*BN_BITS2;
256
return(i+BN_num_bits_word(l));
259
void BN_clear_free(BIGNUM *a)
263
if (a == NULL) return;
266
OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
267
if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
270
i=BN_get_flags(a,BN_FLG_MALLOCED);
271
OPENSSL_cleanse(a,sizeof(BIGNUM));
276
void BN_free(BIGNUM *a)
278
if (a == NULL) return;
279
if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
281
a->flags|=BN_FLG_FREE; /* REMOVE? */
282
if (a->flags & BN_FLG_MALLOCED)
286
void BN_init(BIGNUM *a)
288
memset(a,0,sizeof(BIGNUM));
295
if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL)
297
BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
300
ret->flags=BN_FLG_MALLOCED;
308
/* This is used both by bn_expand2() and bn_dup_expand() */
309
/* The caller MUST check that words > b->dmax before calling this */
310
static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
312
BN_ULONG *A,*a = NULL;
316
if (words > (INT_MAX/(4*BN_BITS2)))
318
BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
323
if (BN_get_flags(b,BN_FLG_STATIC_DATA))
325
BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
328
a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1));
331
BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
336
/* Check if the previous number needs to be copied */
339
for (i=b->top>>2; i>0; i--,A+=4,B+=4)
342
* The fact that the loop is unrolled
343
* 4-wise is a tribute to Intel. It's
344
* the one that doesn't have enough
345
* registers to accomodate more data.
346
* I'd unroll it 8-wise otherwise:-)
348
* <appro@fy.chalmers.se>
350
BN_ULONG a0,a1,a2,a3;
351
a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
352
A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
359
case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does
360
* the switch table by doing a=top&3; a--; goto jump_table[a];
361
* which fails for top== 0 */
366
/* Now need to zero any data between b->top and b->max */
370
for (i=(words - b->top)>>3; i>0; i--,A+=8)
372
A[0]=0; A[1]=0; A[2]=0; A[3]=0;
373
A[4]=0; A[5]=0; A[6]=0; A[7]=0;
375
for (i=(words - b->top)&7; i>0; i--,A++)
378
memset(A,0,sizeof(BN_ULONG)*(words+1));
379
memcpy(A,b->d,sizeof(b->d[0])*b->top);
385
/* This is an internal function that can be used instead of bn_expand2()
386
* when there is a need to copy BIGNUMs instead of only expanding the
387
* data part, while still expanding them.
388
* Especially useful when needing to expand BIGNUMs that are declared
389
* 'const' and should therefore not be changed.
390
* The reason to use this instead of a BN_dup() followed by a bn_expand2()
391
* is memory allocation overhead. A BN_dup() followed by a bn_expand2()
392
* will allocate new memory for the BIGNUM data twice, and free it once,
393
* while bn_dup_expand() makes sure allocation is made only once.
396
BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
400
/* This function does not work if
401
* words <= b->dmax && top < words
402
* because BN_dup() does not preserve 'dmax'!
403
* (But bn_dup_expand() is not used anywhere yet.)
408
BN_ULONG *a = bn_expand_internal(b, words);
422
/* r == NULL, BN_new failure */
426
/* If a == NULL, there was an error in allocation in
427
bn_expand_internal(), and NULL should be returned */
437
/* This is an internal function that should not be used in applications.
438
* It ensures that 'b' has enough room for a 'words' word number number.
439
* It is mostly used by the various BIGNUM routines. If there is an error,
440
* NULL is returned. If not, 'b' is returned. */
442
BIGNUM *bn_expand2(BIGNUM *b, int words)
446
BN_ULONG *a = bn_expand_internal(b, words);
461
BIGNUM *BN_dup(const BIGNUM *a)
465
if (a == NULL) return NULL;
470
if (t == NULL) return(NULL);
472
/* now r == t || r == NULL */
478
BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
486
if (a == b) return(a);
487
if (bn_wexpand(a,b->top) == NULL) return(NULL);
492
for (i=b->top>>2; i>0; i--,A+=4,B+=4)
494
BN_ULONG a0,a1,a2,a3;
495
a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
496
A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
503
case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
506
memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
509
/* memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/
511
if ((a->top == 0) && (a->d != NULL))
517
void BN_swap(BIGNUM *a, BIGNUM *b)
519
int flags_old_a, flags_old_b;
521
int tmp_top, tmp_dmax, tmp_neg;
523
flags_old_a = a->flags;
524
flags_old_b = b->flags;
541
a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
542
b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
546
void BN_clear(BIGNUM *a)
549
memset(a->d,0,a->dmax*sizeof(a->d[0]));
554
BN_ULONG BN_get_word(const BIGNUM *a)
560
if (n > sizeof(BN_ULONG))
562
for (i=a->top-1; i>=0; i--)
564
#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
565
ret<<=BN_BITS4; /* stops the compiler complaining */
575
int BN_set_word(BIGNUM *a, BN_ULONG w)
578
if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0);
580
n=sizeof(BN_ULONG)/BN_BYTES;
583
a->d[0]=(BN_ULONG)w&BN_MASK2;
584
if (a->d[0] != 0) a->top=1;
587
/* the following is done instead of
588
* w>>=BN_BITS2 so compilers don't complain
589
* on builds where sizeof(long) == BN_TYPES */
590
#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
596
a->d[i]=(BN_ULONG)w&BN_MASK2;
597
if (a->d[i] != 0) a->top=i+1;
602
BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
608
if (ret == NULL) ret=BN_new();
609
if (ret == NULL) return(NULL);
617
if (bn_expand(ret,(int)(n+2)*8) == NULL)
619
i=((n-1)/BN_BYTES)+1;
620
m=((n-1)%(BN_BYTES));
633
/* need to call this due to clear byte at top if avoiding
634
* having the top bit set (-ve number) */
639
/* ignore negative */
640
int BN_bn2bin(const BIGNUM *a, unsigned char *to)
649
*(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
654
int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
657
BN_ULONG t1,t2,*ap,*bp;
663
if (i != 0) return(i);
666
for (i=a->top-1; i>=0; i--)
671
return(t1 > t2?1:-1);
676
int BN_cmp(const BIGNUM *a, const BIGNUM *b)
682
if ((a == NULL) || (b == NULL))
695
if (a->neg != b->neg)
703
else { gt= -1; lt=1; }
705
if (a->top > b->top) return(gt);
706
if (a->top < b->top) return(lt);
707
for (i=a->top-1; i>=0; i--)
711
if (t1 > t2) return(gt);
712
if (t1 < t2) return(lt);
717
int BN_set_bit(BIGNUM *a, int n)
725
if (bn_wexpand(a,i+1) == NULL) return(0);
726
for(k=a->top; k<i+1; k++)
731
a->d[i]|=(((BN_ULONG)1)<<j);
735
int BN_clear_bit(BIGNUM *a, int n)
741
if (a->top <= i) return(0);
743
a->d[i]&=(~(((BN_ULONG)1)<<j));
748
int BN_is_bit_set(const BIGNUM *a, int n)
752
if (n < 0) return(0);
755
if (a->top <= i) return(0);
756
return((a->d[i]&(((BN_ULONG)1)<<j))?1:0);
759
int BN_mask_bits(BIGNUM *a, int n)
765
if (w >= a->top) return(0);
771
a->d[w]&= ~(BN_MASK2<<b);
777
int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
784
if (aa != bb) return((aa > bb)?1:-1);
785
for (i=n-2; i>=0; i--)
789
if (aa != bb) return((aa > bb)?1:-1);
794
/* Here follows a specialised variants of bn_cmp_words(). It has the
795
property of performing the operation on arrays of different sizes.
796
The sizes of those arrays is expressed through cl, which is the
797
common length ( basicall, min(len(a),len(b)) ), and dl, which is the
798
delta between the two lengths, calculated as len(a)-len(b).
799
All lengths are the number of BN_ULONGs... */
801
int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
812
return -1; /* a < b */
820
return 1; /* a > b */
823
return bn_cmp_words(a,b,cl);