1
/* crypto/bn/bn_lib.c */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5
* This package is an SSL implementation written
6
* by Eric Young (eay@cryptsoft.com).
7
* The implementation was written so as to conform with Netscapes SSL.
9
* This library is free for commercial and non-commercial use as long as
10
* the following conditions are aheared to. The following conditions
11
* apply to all code found in this distribution, be it the RC4, RSA,
12
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13
* included with this distribution is covered by the same copyright terms
14
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
16
* Copyright remains Eric Young's, and as such any Copyright notices in
17
* the code are not to be removed.
18
* If this package is used in a product, Eric Young should be given attribution
19
* as the author of the parts of the library used.
20
* This can be in the form of a textual message at program startup or
21
* in documentation (online or textual) provided with the package.
23
* Redistribution and use in source and binary forms, with or without
24
* modification, are permitted provided that the following conditions
26
* 1. Redistributions of source code must retain the copyright
27
* notice, this list of conditions and the following disclaimer.
28
* 2. Redistributions in binary form must reproduce the above copyright
29
* notice, this list of conditions and the following disclaimer in the
30
* documentation and/or other materials provided with the distribution.
31
* 3. All advertising materials mentioning features or use of this software
32
* must display the following acknowledgement:
33
* "This product includes cryptographic software written by
34
* Eric Young (eay@cryptsoft.com)"
35
* The word 'cryptographic' can be left out if the rouines from the library
36
* being used are not cryptographic related :-).
37
* 4. If you include any Windows specific code (or a derivative thereof) from
38
* the apps directory (application code) you must include an acknowledgement:
39
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53
* The licence and distribution terms for any publically available version or
54
* derivative of this code cannot be changed. i.e. this code cannot simply be
55
* copied and put under another distribution licence
56
* [including the GNU Public Licence.]
60
# undef NDEBUG /* avoid conflicting definitions */
70
BIGNUM *BN_value_one(void)
72
static BN_ULONG data_one=1L;
73
static BIGNUM const_one={&data_one,1,1,0};
79
int BN_num_bits_word(BN_ULONG l)
81
static const char bits[256]={
82
0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
83
5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
84
6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
85
6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
86
7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
87
7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
88
7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
89
7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
90
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
91
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
92
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
93
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
94
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
95
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
96
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
97
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
100
#if defined(SIXTY_FOUR_BIT_LONG)
101
if (l & 0xffffffff00000000L)
103
if (l & 0xffff000000000000L)
105
if (l & 0xff00000000000000L)
107
return(bits[(int)(l>>56)]+56);
109
else return(bits[(int)(l>>48)]+48);
113
if (l & 0x0000ff0000000000L)
115
return(bits[(int)(l>>40)]+40);
117
else return(bits[(int)(l>>32)]+32);
122
#ifdef SIXTY_FOUR_BIT
123
if (l & 0xffffffff00000000LL)
125
if (l & 0xffff000000000000LL)
127
if (l & 0xff00000000000000LL)
129
return(bits[(int)(l>>56)]+56);
131
else return(bits[(int)(l>>48)]+48);
135
if (l & 0x0000ff0000000000LL)
137
return(bits[(int)(l>>40)]+40);
139
else return(bits[(int)(l>>32)]+32);
146
#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
150
return(bits[(int)(l>>24L)]+24);
151
else return(bits[(int)(l>>16L)]+16);
156
#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
158
return(bits[(int)(l>>8)]+8);
161
return(bits[(int)(l )] );
166
int BN_num_bits(const BIGNUM *a)
173
if (a->top == 0) return(0);
176
i=(a->top-1)*BN_BITS2;
177
return(i+BN_num_bits_word(l));
180
void BN_clear_free(BIGNUM *a)
184
if (a == NULL) return;
187
memset(a->d,0,a->dmax*sizeof(a->d[0]));
188
if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
191
i=BN_get_flags(a,BN_FLG_MALLOCED);
192
memset(a,0,sizeof(BIGNUM));
197
void BN_free(BIGNUM *a)
199
if (a == NULL) return;
200
if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
202
a->flags|=BN_FLG_FREE; /* REMOVE? */
203
if (a->flags & BN_FLG_MALLOCED)
207
void BN_init(BIGNUM *a)
209
memset(a,0,sizeof(BIGNUM));
217
if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL)
219
BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
222
ret->flags=BN_FLG_MALLOCED;
231
/* This is an internal function that should not be used in applications.
232
* It ensures that 'b' has enough room for a 'words' word number number.
233
* It is mostly used by the various BIGNUM routines. If there is an error,
234
* NULL is returned. If not, 'b' is returned. */
236
BIGNUM *bn_expand2(BIGNUM *b, int words)
246
if (words > (INT_MAX/(4*BN_BITS2)))
248
BNerr(BN_F_BN_EXPAND2,BN_R_BIGNUM_TOO_LONG);
253
if (BN_get_flags(b,BN_FLG_STATIC_DATA))
255
BNerr(BN_F_BN_EXPAND2,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
258
a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1));
261
BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE);
266
/* Check if the previous number needs to be copied */
270
/* This lot is an unrolled loop to copy b->top
271
* BN_ULONGs from B to A
274
* I have nothing against unrolling but it's usually done for
275
* several reasons, namely:
276
* - minimize percentage of decision making code, i.e. branches;
277
* - avoid cache trashing;
278
* - make it possible to schedule loads earlier;
279
* Now let's examine the code below. The cornerstone of C is
280
* "programmer is always right" and that's what we love it for:-)
281
* For this very reason C compilers have to be paranoid when it
282
* comes to data aliasing and assume the worst. Yeah, but what
283
* does it mean in real life? This means that loop body below will
284
* be compiled to sequence of loads immediately followed by stores
285
* as compiler assumes the worst, something in A==B+1 style. As a
286
* result CPU pipeline is going to starve for incoming data. Secondly
287
* if A and B happen to share same cache line such code is going to
288
* cause severe cache trashing. Both factors have severe impact on
289
* performance of modern CPUs and this is the reason why this
290
* particular piece of code is #ifdefed away and replaced by more
291
* "friendly" version found in #else section below. This comment
292
* also applies to BN_copy function.
294
* <appro@fy.chalmers.se>
296
for (i=b->top&(~7); i>0; i-=8)
298
A[0]=B[0]; A[1]=B[1]; A[2]=B[2]; A[3]=B[3];
299
A[4]=B[4]; A[5]=B[5]; A[6]=B[6]; A[7]=B[7];
320
/* I need the 'case 0' entry for utrix cc.
321
* If the optimizer is turned on, it does the
322
* switch table by doing
325
* goto jump_table[a];
326
* If top is 0, this makes us jump to 0xffffffc
327
* which is rather bad :-(.
333
for (i=b->top>>2; i>0; i--,A+=4,B+=4)
336
* The fact that the loop is unrolled
337
* 4-wise is a tribute to Intel. It's
338
* the one that doesn't have enough
339
* registers to accomodate more data.
340
* I'd unroll it 8-wise otherwise:-)
342
* <appro@fy.chalmers.se>
344
BN_ULONG a0,a1,a2,a3;
345
a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
346
A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
353
case 0: ; /* ultrix cc workaround, see above */
362
/* Now need to zero any data between b->top and b->max */
365
for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
367
A[0]=0; A[1]=0; A[2]=0; A[3]=0;
368
A[4]=0; A[5]=0; A[6]=0; A[7]=0;
370
for (i=(b->dmax - b->top)&7; i>0; i--,A++)
373
memset(A,0,sizeof(BN_ULONG)*(words+1));
374
memcpy(A,b->d,sizeof(b->d[0])*b->top);
379
/* memset(&(p[b->max]),0,((words+1)-b->max)*sizeof(BN_ULONG)); */
380
/* { int i; for (i=b->max; i<words+1; i++) p[i]=i;} */
387
BIGNUM *BN_dup(const BIGNUM *a)
391
if (a == NULL) return NULL;
396
if (r == NULL) return(NULL);
397
return((BIGNUM *)BN_copy(r,a));
401
BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
409
if (a == b) return(a);
410
if (bn_wexpand(a,b->top) == NULL) return(NULL);
415
for (i=b->top>>2; i>0; i--,A+=4,B+=4)
417
BN_ULONG a0,a1,a2,a3;
418
a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
419
A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
426
case 0: ; /* ultrix cc workaround, see comments in bn_expand2 */
429
memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
432
/* memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/
434
if ((a->top == 0) && (a->d != NULL))
441
void BN_clear(BIGNUM *a)
444
memset(a->d,0,a->dmax*sizeof(a->d[0]));
449
BN_ULONG BN_get_word(BIGNUM *a)
455
if (n > sizeof(BN_ULONG))
457
for (i=a->top-1; i>=0; i--)
459
#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
460
ret<<=BN_BITS4; /* stops the compiler complaining */
471
int BN_set_word(BIGNUM *a, BN_ULONG w)
474
if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0);
476
n=sizeof(BN_ULONG)/BN_BYTES;
479
a->d[0]=(BN_ULONG)w&BN_MASK2;
480
if (a->d[0] != 0) a->top=1;
483
/* the following is done instead of
484
* w>>=BN_BITS2 so compilers don't complain
485
* on builds where sizeof(long) == BN_TYPES */
486
#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
492
a->d[i]=(BN_ULONG)w&BN_MASK2;
493
if (a->d[i] != 0) a->top=i+1;
498
/* ignore negative */
499
BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
506
if (ret == NULL) ret=BN_new();
508
if (ret == NULL) return(NULL);
516
if (bn_expand(ret,(int)(n+2)*8) == NULL)
518
i=((n-1)/BN_BYTES)+1;
519
m=((n-1)%(BN_BYTES));
531
/* need to call this due to clear byte at top if avoiding
532
* having the top bit set (-ve number) */
537
/* ignore negative */
538
int BN_bn2bin(const BIGNUM *a, unsigned char *to)
547
*(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
552
int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
555
BN_ULONG t1,t2,*ap,*bp;
561
if (i != 0) return(i);
564
for (i=a->top-1; i>=0; i--)
569
return(t1 > t2?1:-1);
575
int BN_cmp(const BIGNUM *a, const BIGNUM *b)
581
if ((a == NULL) || (b == NULL))
594
if (a->neg != b->neg)
602
else { gt= -1; lt=1; }
604
if (a->top > b->top) return(gt);
605
if (a->top < b->top) return(lt);
606
for (i=a->top-1; i>=0; i--)
610
if (t1 > t2) return(gt);
611
if (t1 < t2) return(lt);
616
int BN_set_bit(BIGNUM *a, int n)
624
if (bn_wexpand(a,i+1) == NULL) return(0);
625
for(k=a->top; k<i+1; k++)
630
a->d[i]|=(((BN_ULONG)1)<<j);
634
int BN_clear_bit(BIGNUM *a, int n)
640
if (a->top <= i) return(0);
642
a->d[i]&=(~(((BN_ULONG)1)<<j));
648
int BN_is_bit_set(const BIGNUM *a, int n)
652
if (n < 0) return(0);
655
if (a->top <= i) return(0);
656
return((a->d[i]&(((BN_ULONG)1)<<j))?1:0);
660
int BN_mask_bits(BIGNUM *a, int n)
666
if (w >= a->top) return(0);
672
a->d[w]&= ~(BN_MASK2<<b);
678
int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n)
685
if (aa != bb) return((aa > bb)?1:-1);
686
for (i=n-2; i>=0; i--)
690
if (aa != bb) return((aa > bb)?1:-1);