1 /* crypto/bn/bn_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
60 # undef NDEBUG /* avoid conflicting definitions */
70 const char *BN_version
="Big Number" OPENSSL_VERSION_PTEXT
;
72 /* This stuff appears to be completely unused, so is deprecated */
73 #ifndef OPENSSL_NO_DEPRECATED
74 /* For a 32 bit machine
83 static int bn_limit_bits
=0;
84 static int bn_limit_num
=8; /* (1<<bn_limit_bits) */
85 static int bn_limit_bits_low
=0;
86 static int bn_limit_num_low
=8; /* (1<<bn_limit_bits_low) */
87 static int bn_limit_bits_high
=0;
88 static int bn_limit_num_high
=8; /* (1<<bn_limit_bits_high) */
89 static int bn_limit_bits_mont
=0;
90 static int bn_limit_num_mont
=8; /* (1<<bn_limit_bits_mont) */
92 void BN_set_params(int mult
, int high
, int low
, int mont
)
96 if (mult
> (int)(sizeof(int)*8)-1)
103 if (high
> (int)(sizeof(int)*8)-1)
104 high
=sizeof(int)*8-1;
105 bn_limit_bits_high
=high
;
106 bn_limit_num_high
=1<<high
;
110 if (low
> (int)(sizeof(int)*8)-1)
112 bn_limit_bits_low
=low
;
113 bn_limit_num_low
=1<<low
;
117 if (mont
> (int)(sizeof(int)*8)-1)
118 mont
=sizeof(int)*8-1;
119 bn_limit_bits_mont
=mont
;
120 bn_limit_num_mont
=1<<mont
;
124 int BN_get_params(int which
)
126 if (which
== 0) return(bn_limit_bits
);
127 else if (which
== 1) return(bn_limit_bits_high
);
128 else if (which
== 2) return(bn_limit_bits_low
);
129 else if (which
== 3) return(bn_limit_bits_mont
);
134 const BIGNUM
*BN_value_one(void)
136 static BN_ULONG data_one
=1L;
137 static BIGNUM const_one
={&data_one
,1,1,0,BN_FLG_STATIC_DATA
};
142 char *BN_options(void)
145 static char data
[16];
151 BIO_snprintf(data
,sizeof data
,"bn(%d,%d)",
152 (int)sizeof(BN_ULLONG
)*8,(int)sizeof(BN_ULONG
)*8);
154 BIO_snprintf(data
,sizeof data
,"bn(%d,%d)",
155 (int)sizeof(BN_ULONG
)*8,(int)sizeof(BN_ULONG
)*8);
161 int BN_num_bits_word(BN_ULONG l
)
163 static const char bits
[256]={
164 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
165 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
166 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
167 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
168 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
169 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
170 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
171 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
172 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
173 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
174 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
175 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
176 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
177 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
178 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
179 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
182 #if defined(SIXTY_FOUR_BIT_LONG)
183 if (l
& 0xffffffff00000000L
)
185 if (l
& 0xffff000000000000L
)
187 if (l
& 0xff00000000000000L
)
189 return(bits
[(int)(l
>>56)]+56);
191 else return(bits
[(int)(l
>>48)]+48);
195 if (l
& 0x0000ff0000000000L
)
197 return(bits
[(int)(l
>>40)]+40);
199 else return(bits
[(int)(l
>>32)]+32);
204 #ifdef SIXTY_FOUR_BIT
205 if (l
& 0xffffffff00000000LL
)
207 if (l
& 0xffff000000000000LL
)
209 if (l
& 0xff00000000000000LL
)
211 return(bits
[(int)(l
>>56)]+56);
213 else return(bits
[(int)(l
>>48)]+48);
217 if (l
& 0x0000ff0000000000LL
)
219 return(bits
[(int)(l
>>40)]+40);
221 else return(bits
[(int)(l
>>32)]+32);
228 #if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
232 return(bits
[(int)(l
>>24L)]+24);
233 else return(bits
[(int)(l
>>16L)]+16);
238 #if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
240 return(bits
[(int)(l
>>8)]+8);
243 return(bits
[(int)(l
)] );
248 int BN_num_bits(const BIGNUM
*a
)
253 if (BN_is_zero(a
)) return 0;
254 return ((i
*BN_BITS2
) + BN_num_bits_word(a
->d
[i
]));
257 void BN_clear_free(BIGNUM
*a
)
261 if (a
== NULL
) return;
265 OPENSSL_cleanse(a
->d
,a
->dmax
*sizeof(a
->d
[0]));
266 if (!(BN_get_flags(a
,BN_FLG_STATIC_DATA
)))
269 i
=BN_get_flags(a
,BN_FLG_MALLOCED
);
270 OPENSSL_cleanse(a
,sizeof(BIGNUM
));
275 void BN_free(BIGNUM
*a
)
277 if (a
== NULL
) return;
279 if ((a
->d
!= NULL
) && !(BN_get_flags(a
,BN_FLG_STATIC_DATA
)))
281 if (a
->flags
& BN_FLG_MALLOCED
)
285 #ifndef OPENSSL_NO_DEPRECATED
286 a
->flags
|=BN_FLG_FREE
;
292 void BN_init(BIGNUM
*a
)
294 memset(a
,0,sizeof(BIGNUM
));
302 if ((ret
=(BIGNUM
*)OPENSSL_malloc(sizeof(BIGNUM
))) == NULL
)
304 BNerr(BN_F_BN_NEW
,ERR_R_MALLOC_FAILURE
);
307 ret
->flags
=BN_FLG_MALLOCED
;
316 /* This is used both by bn_expand2() and bn_dup_expand() */
317 /* The caller MUST check that words > b->dmax before calling this */
318 static BN_ULONG
*bn_expand_internal(const BIGNUM
*b
, int words
)
320 BN_ULONG
*A
,*a
= NULL
;
326 if (words
> (INT_MAX
/(4*BN_BITS2
)))
328 BNerr(BN_F_BN_EXPAND_INTERNAL
,BN_R_BIGNUM_TOO_LONG
);
331 if (BN_get_flags(b
,BN_FLG_STATIC_DATA
))
333 BNerr(BN_F_BN_EXPAND_INTERNAL
,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA
);
336 a
=A
=(BN_ULONG
*)OPENSSL_malloc(sizeof(BN_ULONG
)*words
);
339 BNerr(BN_F_BN_EXPAND_INTERNAL
,ERR_R_MALLOC_FAILURE
);
344 /* Check if the previous number needs to be copied */
347 for (i
=b
->top
>>2; i
>0; i
--,A
+=4,B
+=4)
350 * The fact that the loop is unrolled
351 * 4-wise is a tribute to Intel. It's
352 * the one that doesn't have enough
353 * registers to accomodate more data.
354 * I'd unroll it 8-wise otherwise:-)
356 * <appro@fy.chalmers.se>
358 BN_ULONG a0
,a1
,a2
,a3
;
359 a0
=B
[0]; a1
=B
[1]; a2
=B
[2]; a3
=B
[3];
360 A
[0]=a0
; A
[1]=a1
; A
[2]=a2
; A
[3]=a3
;
367 case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does
368 * the switch table by doing a=top&3; a--; goto jump_table[a];
369 * which fails for top== 0 */
375 memset(A
,0,sizeof(BN_ULONG
)*words
);
376 memcpy(A
,b
->d
,sizeof(b
->d
[0])*b
->top
);
382 /* This is an internal function that can be used instead of bn_expand2()
383 * when there is a need to copy BIGNUMs instead of only expanding the
384 * data part, while still expanding them.
385 * Especially useful when needing to expand BIGNUMs that are declared
386 * 'const' and should therefore not be changed.
387 * The reason to use this instead of a BN_dup() followed by a bn_expand2()
388 * is memory allocation overhead. A BN_dup() followed by a bn_expand2()
389 * will allocate new memory for the BIGNUM data twice, and free it once,
390 * while bn_dup_expand() makes sure allocation is made only once.
393 #ifndef OPENSSL_NO_DEPRECATED
394 BIGNUM
*bn_dup_expand(const BIGNUM
*b
, int words
)
400 /* This function does not work if
401 * words <= b->dmax && top < words
402 * because BN_dup() does not preserve 'dmax'!
403 * (But bn_dup_expand() is not used anywhere yet.)
408 BN_ULONG
*a
= bn_expand_internal(b
, words
);
422 /* r == NULL, BN_new failure */
426 /* If a == NULL, there was an error in allocation in
427 bn_expand_internal(), and NULL should be returned */
439 /* This is an internal function that should not be used in applications.
440 * It ensures that 'b' has enough room for a 'words' word number
441 * and initialises any unused part of b->d with leading zeros.
442 * It is mostly used by the various BIGNUM routines. If there is an error,
443 * NULL is returned. If not, 'b' is returned. */
445 BIGNUM
*bn_expand2(BIGNUM
*b
, int words
)
451 BN_ULONG
*a
= bn_expand_internal(b
, words
);
453 if(b
->d
) OPENSSL_free(b
->d
);
458 /* None of this should be necessary because of what b->top means! */
460 /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */
461 if (b
->top
< b
->dmax
)
464 BN_ULONG
*A
= &(b
->d
[b
->top
]);
465 for (i
=(b
->dmax
- b
->top
)>>3; i
>0; i
--,A
+=8)
467 A
[0]=0; A
[1]=0; A
[2]=0; A
[3]=0;
468 A
[4]=0; A
[5]=0; A
[6]=0; A
[7]=0;
470 for (i
=(b
->dmax
- b
->top
)&7; i
>0; i
--,A
++)
472 assert(A
== &(b
->d
[b
->dmax
]));
479 BIGNUM
*BN_dup(const BIGNUM
*a
)
483 if (a
== NULL
) return NULL
;
487 if (t
== NULL
) return NULL
;
497 BIGNUM
*BN_copy(BIGNUM
*a
, const BIGNUM
*b
)
505 if (a
== b
) return(a
);
506 if (bn_wexpand(a
,b
->top
) == NULL
) return(NULL
);
511 for (i
=b
->top
>>2; i
>0; i
--,A
+=4,B
+=4)
513 BN_ULONG a0
,a1
,a2
,a3
;
514 a0
=B
[0]; a1
=B
[1]; a2
=B
[2]; a3
=B
[3];
515 A
[0]=a0
; A
[1]=a1
; A
[2]=a2
; A
[3]=a3
;
522 case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
525 memcpy(a
->d
,b
->d
,sizeof(b
->d
[0])*b
->top
);
534 BIGNUM
*BN_ncopy(BIGNUM
*a
, const BIGNUM
*b
, size_t n
)
544 min
= (b
->top
< (int)n
)? b
->top
: (int)n
;
550 if (bn_wexpand(a
, min
) == NULL
)
555 for (i
=min
>>2; i
>0; i
--, A
+=4, B
+=4)
557 BN_ULONG a0
,a1
,a2
,a3
;
558 a0
=B
[0]; a1
=B
[1]; a2
=B
[2]; a3
=B
[3];
559 A
[0]=a0
; A
[1]=a1
; A
[2]=a2
; A
[3]=a3
;
574 void BN_swap(BIGNUM
*a
, BIGNUM
*b
)
576 int flags_old_a
, flags_old_b
;
578 int tmp_top
, tmp_dmax
, tmp_neg
;
583 flags_old_a
= a
->flags
;
584 flags_old_b
= b
->flags
;
601 a
->flags
= (flags_old_a
& BN_FLG_MALLOCED
) | (flags_old_b
& BN_FLG_STATIC_DATA
);
602 b
->flags
= (flags_old_b
& BN_FLG_MALLOCED
) | (flags_old_a
& BN_FLG_STATIC_DATA
);
607 void BN_clear(BIGNUM
*a
)
611 memset(a
->d
,0,a
->dmax
*sizeof(a
->d
[0]));
616 BN_ULONG
BN_get_word(const BIGNUM
*a
)
620 else if (a
->top
== 1)
626 int BN_set_word(BIGNUM
*a
, BN_ULONG w
)
629 if (bn_expand(a
,(int)sizeof(BN_ULONG
)*8) == NULL
) return(0);
632 a
->top
= (w
? 1 : 0);
637 BIGNUM
*BN_bin2bn(const unsigned char *s
, int len
, BIGNUM
*ret
)
646 if (ret
== NULL
) return(NULL
);
655 i
=((n
-1)/BN_BYTES
)+1;
656 m
=((n
-1)%(BN_BYTES
));
657 if (bn_wexpand(ret
, (int)i
) == NULL
)
674 /* need to call this due to clear byte at top if avoiding
675 * having the top bit set (-ve number) */
680 /* ignore negative */
681 int BN_bn2bin(const BIGNUM
*a
, unsigned char *to
)
691 *(to
++)=(unsigned char)(l
>>(8*(i
%BN_BYTES
)))&0xff;
696 int BN_ucmp(const BIGNUM
*a
, const BIGNUM
*b
)
699 BN_ULONG t1
,t2
,*ap
,*bp
;
705 if (i
!= 0) return(i
);
708 for (i
=a
->top
-1; i
>=0; i
--)
713 return((t1
> t2
) ? 1 : -1);
718 int BN_cmp(const BIGNUM
*a
, const BIGNUM
*b
)
724 if ((a
== NULL
) || (b
== NULL
))
737 if (a
->neg
!= b
->neg
)
745 else { gt
= -1; lt
=1; }
747 if (a
->top
> b
->top
) return(gt
);
748 if (a
->top
< b
->top
) return(lt
);
749 for (i
=a
->top
-1; i
>=0; i
--)
753 if (t1
> t2
) return(gt
);
754 if (t1
< t2
) return(lt
);
759 int BN_set_bit(BIGNUM
*a
, int n
)
770 if (bn_wexpand(a
,i
+1) == NULL
) return(0);
771 for(k
=a
->top
; k
<i
+1; k
++)
776 a
->d
[i
]|=(((BN_ULONG
)1)<<j
);
781 int BN_clear_bit(BIGNUM
*a
, int n
)
790 if (a
->top
<= i
) return(0);
792 a
->d
[i
]&=(~(((BN_ULONG
)1)<<j
));
797 int BN_is_bit_set(const BIGNUM
*a
, int n
)
805 if (a
->top
<= i
) return 0;
806 return((a
->d
[i
]&(((BN_ULONG
)1)<<j
))?1:0);
809 int BN_mask_bits(BIGNUM
*a
, int n
)
818 if (w
>= a
->top
) return 0;
824 a
->d
[w
]&= ~(BN_MASK2
<<b
);
830 int bn_cmp_words(const BN_ULONG
*a
, const BN_ULONG
*b
, int n
)
837 if (aa
!= bb
) return((aa
> bb
)?1:-1);
838 for (i
=n
-2; i
>=0; i
--)
842 if (aa
!= bb
) return((aa
> bb
)?1:-1);
847 /* Here follows a specialised variants of bn_cmp_words(). It has the
848 property of performing the operation on arrays of different sizes.
849 The sizes of those arrays is expressed through cl, which is the
850 common length ( basicall, min(len(a),len(b)) ), and dl, which is the
851 delta between the two lengths, calculated as len(a)-len(b).
852 All lengths are the number of BN_ULONGs... */
854 int bn_cmp_part_words(const BN_ULONG
*a
, const BN_ULONG
*b
,
865 return -1; /* a < b */
873 return 1; /* a > b */
876 return bn_cmp_words(a
,b
,cl
);