[thirdparty/openssl.git] / crypto / bn / bn_ctx.c

/*
 * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/trace.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"

/*-
 * TODO list
 *
 * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and
 * check they can be safely removed.
 *  - Check +1 and other ugliness in BN_from_montgomery()
 *
 * 2. Consider allowing a BN_new_ex() that, at least, lets you specify an
 * appropriate 'block' size that will be honoured by bn_expand_internal() to
 * prevent piddly little reallocations. OTOH, profiling bignum expansions in
 * BN_CTX doesn't show this to be a big issue.
 */

/* How many bignums are in each "pool item"; */
#define BN_CTX_POOL_SIZE        16
/* The stack frame info is resizing, set a first-time expansion size; */
#define BN_CTX_START_FRAMES     32

/***********/
/* BN_POOL */
/***********/

/* A bundle of bignums that can be linked with other bundles */
typedef struct bignum_pool_item {
    /* The bignum values */
    BIGNUM vals[BN_CTX_POOL_SIZE];
    /* Linked-list admin */
    struct bignum_pool_item *prev, *next;
} BN_POOL_ITEM;
/* A linked-list of bignums grouped in bundles */
typedef struct bignum_pool {
    /* Linked-list admin */
    BN_POOL_ITEM *head, *current, *tail;
    /* Stack depth and allocation size */
    unsigned used, size;
} BN_POOL;
static void BN_POOL_init(BN_POOL *);
static void BN_POOL_finish(BN_POOL *);
static BIGNUM *BN_POOL_get(BN_POOL *, int);
static void BN_POOL_release(BN_POOL *, unsigned int);

/************/
/* BN_STACK */
/************/

/* A wrapper to manage the "stack frames" */
typedef struct bignum_ctx_stack {
    /* Array of indexes into the bignum stack */
    unsigned int *indexes;
    /* Number of stack frames, and the size of the allocated array */
    unsigned int depth, size;
} BN_STACK;
static void BN_STACK_init(BN_STACK *);
static void BN_STACK_finish(BN_STACK *);
static int BN_STACK_push(BN_STACK *, unsigned int);
static unsigned int BN_STACK_pop(BN_STACK *);

/**********/
/* BN_CTX */
/**********/

/* The opaque BN_CTX type */
struct bignum_ctx {
    /* The bignum bundles */
    BN_POOL pool;
    /* The "stack frames", if you will */
    BN_STACK stack;
    /* The number of bignums currently assigned */
    unsigned int used;
    /* Depth of stack overflow */
    int err_stack;
    /* Block "gets" until an "end" (compatibility behaviour) */
    int too_many;
    /* Flags. */
    int flags;
    /* The library context */
    OPENSSL_CTX *libctx;
};

#ifndef FIPS_MODE
/* Debugging functionality */
static void ctxdbg(BIO *channel, const char *text, BN_CTX *ctx)
{
    unsigned int bnidx = 0, fpidx = 0;
    BN_POOL_ITEM *item = ctx->pool.head;
    BN_STACK *stack = &ctx->stack;

    BIO_printf(channel, "%s\n", text);
    BIO_printf(channel, "  (%16p): ", (void*)ctx);
    while (bnidx < ctx->used) {
        BIO_printf(channel, "%03x ",
                   item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
        if (!(bnidx % BN_CTX_POOL_SIZE))
            item = item->next;
    }
    BIO_printf(channel, "\n");
    bnidx = 0;
    BIO_printf(channel, "   %16s : ", "");
    while (fpidx < stack->depth) {
        while (bnidx++ < stack->indexes[fpidx])
            BIO_printf(channel, "    ");
        BIO_printf(channel, "^^^ ");
        bnidx++;
        fpidx++;
    }
    BIO_printf(channel, "\n");
}

# define CTXDBG(str, ctx)           \
    OSSL_TRACE_BEGIN(BN_CTX) {      \
        ctxdbg(trc_out, str, ctx);  \
    } OSSL_TRACE_END(BN_CTX)
#else
/* TODO(3.0): Consider if we want to do this in FIPS mode */
# define CTXDBG(str, ctx) do {} while(0)
#endif /* FIPS_MODE */

BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx)
{
    BN_CTX *ret;

    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
        BNerr(BN_F_BN_CTX_NEW_EX, ERR_R_MALLOC_FAILURE);
        return NULL;
    }
    /* Initialise the structure */
    BN_POOL_init(&ret->pool);
    BN_STACK_init(&ret->stack);
    ret->libctx = ctx;
    return ret;
}

BN_CTX *BN_CTX_new(void)
{
    return BN_CTX_new_ex(NULL);
}

BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx)
{
    BN_CTX *ret = BN_CTX_new_ex(ctx);

    if (ret != NULL)
        ret->flags = BN_FLG_SECURE;
    return ret;
}

BN_CTX *BN_CTX_secure_new(void)
{
    return BN_CTX_secure_new_ex(NULL);
}

void BN_CTX_free(BN_CTX *ctx)
{
    if (ctx == NULL)
        return;
#ifndef FIPS_MODE
    OSSL_TRACE_BEGIN(BN_CTX) {
        BN_POOL_ITEM *pool = ctx->pool.head;
        BIO_printf(trc_out,
                   "BN_CTX_free(): stack-size=%d, pool-bignums=%d\n",
                   ctx->stack.size, ctx->pool.size);
        BIO_printf(trc_out, "  dmaxs: ");
        while (pool) {
            unsigned loop = 0;
            while (loop < BN_CTX_POOL_SIZE)
                BIO_printf(trc_out, "%02x ", pool->vals[loop++].dmax);
            pool = pool->next;
        }
        BIO_printf(trc_out, "\n");
    } OSSL_TRACE_END(BN_CTX);
#endif
    BN_STACK_finish(&ctx->stack);
    BN_POOL_finish(&ctx->pool);
    OPENSSL_free(ctx);
}

void BN_CTX_start(BN_CTX *ctx)
{
    CTXDBG("ENTER BN_CTX_start()", ctx);
    /* If we're already overflowing ... */
    if (ctx->err_stack || ctx->too_many)
        ctx->err_stack++;
    /* (Try to) get a new frame pointer */
    else if (!BN_STACK_push(&ctx->stack, ctx->used)) {
        BNerr(BN_F_BN_CTX_START, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
        ctx->err_stack++;
    }
    CTXDBG("LEAVE BN_CTX_start()", ctx);
}

void BN_CTX_end(BN_CTX *ctx)
{
    if (ctx == NULL)
        return;
    CTXDBG("ENTER BN_CTX_end()", ctx);
    if (ctx->err_stack)
        ctx->err_stack--;
    else {
        unsigned int fp = BN_STACK_pop(&ctx->stack);
        /* Does this stack frame have anything to release? */
        if (fp < ctx->used)
            BN_POOL_release(&ctx->pool, ctx->used - fp);
        ctx->used = fp;
        /* Unjam "too_many" in case "get" had failed */
        ctx->too_many = 0;
    }
    CTXDBG("LEAVE BN_CTX_end()", ctx);
}

BIGNUM *BN_CTX_get(BN_CTX *ctx)
{
    BIGNUM *ret;

    CTXDBG("ENTER BN_CTX_get()", ctx);
    if (ctx->err_stack || ctx->too_many)
        return NULL;
    if ((ret = BN_POOL_get(&ctx->pool, ctx->flags)) == NULL) {
        /*
         * Setting too_many prevents repeated "get" attempts from cluttering
         * the error stack.
         */
        ctx->too_many = 1;
        BNerr(BN_F_BN_CTX_GET, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
        return NULL;
    }
    /* OK, make sure the returned bignum is "zero" */
    BN_zero(ret);
    /* clear BN_FLG_CONSTTIME if leaked from previous frames */
    ret->flags &= (~BN_FLG_CONSTTIME);
    ctx->used++;
    CTXDBG("LEAVE BN_CTX_get()", ctx);
    return ret;
}

OPENSSL_CTX *bn_get_lib_ctx(BN_CTX *ctx)
{
    if (ctx == NULL)
        return NULL;
    return ctx->libctx;
}

/************/
/* BN_STACK */
/************/

static void BN_STACK_init(BN_STACK *st)
{
    st->indexes = NULL;
    st->depth = st->size = 0;
}

static void BN_STACK_finish(BN_STACK *st)
{
    OPENSSL_free(st->indexes);
    st->indexes = NULL;
}


static int BN_STACK_push(BN_STACK *st, unsigned int idx)
{
    if (st->depth == st->size) {
        /* Need to expand */
        unsigned int newsize =
            st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES;
        unsigned int *newitems;

        if ((newitems = OPENSSL_malloc(sizeof(*newitems) * newsize)) == NULL) {
            BNerr(BN_F_BN_STACK_PUSH, ERR_R_MALLOC_FAILURE);
            return 0;
        }
        if (st->depth)
            memcpy(newitems, st->indexes, sizeof(*newitems) * st->depth);
        OPENSSL_free(st->indexes);
        st->indexes = newitems;
        st->size = newsize;
    }
    st->indexes[(st->depth)++] = idx;
    return 1;
}

static unsigned int BN_STACK_pop(BN_STACK *st)
{
    return st->indexes[--(st->depth)];
}

/***********/
/* BN_POOL */
/***********/

static void BN_POOL_init(BN_POOL *p)
{
    p->head = p->current = p->tail = NULL;
    p->used = p->size = 0;
}

static void BN_POOL_finish(BN_POOL *p)
{
    unsigned int loop;
    BIGNUM *bn;

    while (p->head) {
        for (loop = 0, bn = p->head->vals; loop++ < BN_CTX_POOL_SIZE; bn++)
            if (bn->d)
                BN_clear_free(bn);
        p->current = p->head->next;
        OPENSSL_free(p->head);
        p->head = p->current;
    }
}


static BIGNUM *BN_POOL_get(BN_POOL *p, int flag)
{
    BIGNUM *bn;
    unsigned int loop;

    /* Full; allocate a new pool item and link it in. */
    if (p->used == p->size) {
        BN_POOL_ITEM *item;

        if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
            BNerr(BN_F_BN_POOL_GET, ERR_R_MALLOC_FAILURE);
            return NULL;
        }
        for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) {
            bn_init(bn);
            if ((flag & BN_FLG_SECURE) != 0)
                BN_set_flags(bn, BN_FLG_SECURE);
        }
        item->prev = p->tail;
        item->next = NULL;

        if (p->head == NULL)
            p->head = p->current = p->tail = item;
        else {
            p->tail->next = item;
            p->tail = item;
            p->current = item;
        }
        p->size += BN_CTX_POOL_SIZE;
        p->used++;
        /* Return the first bignum from the new pool */
        return item->vals;
    }

    if (!p->used)
        p->current = p->head;
    else if ((p->used % BN_CTX_POOL_SIZE) == 0)
        p->current = p->current->next;
    return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
}

static void BN_POOL_release(BN_POOL *p, unsigned int num)
{
    unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;

    p->used -= num;
    while (num--) {
        bn_check_top(p->current->vals + offset);
        if (offset == 0) {
            offset = BN_CTX_POOL_SIZE - 1;
            p->current = p->current->prev;
        } else
            offset--;
    }
}
Commit	Line	Data
	1	/*
	2	* Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <openssl/trace.h>
	11	#include "internal/cryptlib.h"
	12	#include "bn_lcl.h"
	13
	14	/*-
	15	* TODO list
	16	*
	17	* 1. Check a bunch of "(words+1)" type hacks in various bignum functions and
	18	* check they can be safely removed.
	19	* - Check +1 and other ugliness in BN_from_montgomery()
	20	*
	21	* 2. Consider allowing a BN_new_ex() that, at least, lets you specify an
	22	* appropriate 'block' size that will be honoured by bn_expand_internal() to
	23	* prevent piddly little reallocations. OTOH, profiling bignum expansions in
	24	* BN_CTX doesn't show this to be a big issue.
	25	*/
	26
	27	/* How many bignums are in each "pool item"; */
	28	#define BN_CTX_POOL_SIZE 16
	29	/* The stack frame info is resizing, set a first-time expansion size; */
	30	#define BN_CTX_START_FRAMES 32
	31
	32	/***********/
	33	/* BN_POOL */
	34	/***********/
	35
	36	/* A bundle of bignums that can be linked with other bundles */
	37	typedef struct bignum_pool_item {
	38	/* The bignum values */
	39	BIGNUM vals[BN_CTX_POOL_SIZE];
	40	/* Linked-list admin */
	41	struct bignum_pool_item prev, next;
	42	} BN_POOL_ITEM;
	43	/* A linked-list of bignums grouped in bundles */
	44	typedef struct bignum_pool {
	45	/* Linked-list admin */
	46	BN_POOL_ITEM head, current, *tail;
	47	/* Stack depth and allocation size */
	48	unsigned used, size;
	49	} BN_POOL;
	50	static void BN_POOL_init(BN_POOL *);
	51	static void BN_POOL_finish(BN_POOL *);
	52	static BIGNUM BN_POOL_get(BN_POOL , int);
	53	static void BN_POOL_release(BN_POOL *, unsigned int);
	54
	55	/************/
	56	/* BN_STACK */
	57	/************/
	58
	59	/* A wrapper to manage the "stack frames" */
	60	typedef struct bignum_ctx_stack {
	61	/* Array of indexes into the bignum stack */
	62	unsigned int *indexes;
	63	/* Number of stack frames, and the size of the allocated array */
	64	unsigned int depth, size;
	65	} BN_STACK;
	66	static void BN_STACK_init(BN_STACK *);
	67	static void BN_STACK_finish(BN_STACK *);
	68	static int BN_STACK_push(BN_STACK *, unsigned int);
	69	static unsigned int BN_STACK_pop(BN_STACK *);
	70
	71	/**********/
	72	/* BN_CTX */
	73	/**********/
	74
	75	/* The opaque BN_CTX type */
	76	struct bignum_ctx {
	77	/* The bignum bundles */
	78	BN_POOL pool;
	79	/* The "stack frames", if you will */
	80	BN_STACK stack;
	81	/* The number of bignums currently assigned */
	82	unsigned int used;
	83	/* Depth of stack overflow */
	84	int err_stack;
	85	/* Block "gets" until an "end" (compatibility behaviour) */
	86	int too_many;
	87	/* Flags. */
	88	int flags;
	89	/* The library context */
	90	OPENSSL_CTX *libctx;
	91	};
	92
	93	#ifndef FIPS_MODE
	94	/* Debugging functionality */
	95	static void ctxdbg(BIO channel, const char text, BN_CTX *ctx)
	96	{
	97	unsigned int bnidx = 0, fpidx = 0;
	98	BN_POOL_ITEM *item = ctx->pool.head;
	99	BN_STACK *stack = &ctx->stack;
	100
	101	BIO_printf(channel, "%s\n", text);
	102	BIO_printf(channel, " (%16p): ", (void*)ctx);
	103	while (bnidx < ctx->used) {
	104	BIO_printf(channel, "%03x ",
	105	item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
	106	if (!(bnidx % BN_CTX_POOL_SIZE))
	107	item = item->next;
	108	}
	109	BIO_printf(channel, "\n");
	110	bnidx = 0;
	111	BIO_printf(channel, " %16s : ", "");
	112	while (fpidx < stack->depth) {
	113	while (bnidx++ < stack->indexes[fpidx])
	114	BIO_printf(channel, " ");
	115	BIO_printf(channel, "^^^ ");
	116	bnidx++;
	117	fpidx++;
	118	}
	119	BIO_printf(channel, "\n");
	120	}
	121
	122	# define CTXDBG(str, ctx) \
	123	OSSL_TRACE_BEGIN(BN_CTX) { \
	124	ctxdbg(trc_out, str, ctx); \
	125	} OSSL_TRACE_END(BN_CTX)
	126	#else
	127	/* TODO(3.0): Consider if we want to do this in FIPS mode */
	128	# define CTXDBG(str, ctx) do {} while(0)
	129	#endif /* FIPS_MODE */
	130
	131	BN_CTX BN_CTX_new_ex(OPENSSL_CTX ctx)
	132	{
	133	BN_CTX *ret;
	134
	135	if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
	136	BNerr(BN_F_BN_CTX_NEW_EX, ERR_R_MALLOC_FAILURE);
	137	return NULL;
	138	}
	139	/* Initialise the structure */
	140	BN_POOL_init(&ret->pool);
	141	BN_STACK_init(&ret->stack);
	142	ret->libctx = ctx;
	143	return ret;
	144	}
	145
	146	BN_CTX *BN_CTX_new(void)
	147	{
	148	return BN_CTX_new_ex(NULL);
	149	}
	150
	151	BN_CTX BN_CTX_secure_new_ex(OPENSSL_CTX ctx)
	152	{
	153	BN_CTX *ret = BN_CTX_new_ex(ctx);
	154
	155	if (ret != NULL)
	156	ret->flags = BN_FLG_SECURE;
	157	return ret;
	158	}
	159
	160	BN_CTX *BN_CTX_secure_new(void)
	161	{
	162	return BN_CTX_secure_new_ex(NULL);
	163	}
	164
	165	void BN_CTX_free(BN_CTX *ctx)
	166	{
	167	if (ctx == NULL)
	168	return;
	169	#ifndef FIPS_MODE
	170	OSSL_TRACE_BEGIN(BN_CTX) {
	171	BN_POOL_ITEM *pool = ctx->pool.head;
	172	BIO_printf(trc_out,
	173	"BN_CTX_free(): stack-size=%d, pool-bignums=%d\n",
	174	ctx->stack.size, ctx->pool.size);
	175	BIO_printf(trc_out, " dmaxs: ");
	176	while (pool) {
	177	unsigned loop = 0;
	178	while (loop < BN_CTX_POOL_SIZE)
	179	BIO_printf(trc_out, "%02x ", pool->vals[loop++].dmax);
	180	pool = pool->next;
	181	}
	182	BIO_printf(trc_out, "\n");
	183	} OSSL_TRACE_END(BN_CTX);
	184	#endif
	185	BN_STACK_finish(&ctx->stack);
	186	BN_POOL_finish(&ctx->pool);
	187	OPENSSL_free(ctx);
	188	}
	189
	190	void BN_CTX_start(BN_CTX *ctx)
	191	{
	192	CTXDBG("ENTER BN_CTX_start()", ctx);
	193	/* If we're already overflowing ... */
	194	if (ctx->err_stack \|\| ctx->too_many)
	195	ctx->err_stack++;
	196	/* (Try to) get a new frame pointer */
	197	else if (!BN_STACK_push(&ctx->stack, ctx->used)) {
	198	BNerr(BN_F_BN_CTX_START, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
	199	ctx->err_stack++;
	200	}
	201	CTXDBG("LEAVE BN_CTX_start()", ctx);
	202	}
	203
	204	void BN_CTX_end(BN_CTX *ctx)
	205	{
	206	if (ctx == NULL)
	207	return;
	208	CTXDBG("ENTER BN_CTX_end()", ctx);
	209	if (ctx->err_stack)
	210	ctx->err_stack--;
	211	else {
	212	unsigned int fp = BN_STACK_pop(&ctx->stack);
	213	/* Does this stack frame have anything to release? */
	214	if (fp < ctx->used)
	215	BN_POOL_release(&ctx->pool, ctx->used - fp);
	216	ctx->used = fp;
	217	/* Unjam "too_many" in case "get" had failed */
	218	ctx->too_many = 0;
	219	}
	220	CTXDBG("LEAVE BN_CTX_end()", ctx);
	221	}
	222
	223	BIGNUM BN_CTX_get(BN_CTX ctx)
	224	{
	225	BIGNUM *ret;
	226
	227	CTXDBG("ENTER BN_CTX_get()", ctx);
	228	if (ctx->err_stack \|\| ctx->too_many)
	229	return NULL;
	230	if ((ret = BN_POOL_get(&ctx->pool, ctx->flags)) == NULL) {
	231	/*
	232	* Setting too_many prevents repeated "get" attempts from cluttering
	233	* the error stack.
	234	*/
	235	ctx->too_many = 1;
	236	BNerr(BN_F_BN_CTX_GET, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
	237	return NULL;
	238	}
	239	/* OK, make sure the returned bignum is "zero" */
	240	BN_zero(ret);
	241	/* clear BN_FLG_CONSTTIME if leaked from previous frames */
	242	ret->flags &= (~BN_FLG_CONSTTIME);
	243	ctx->used++;
	244	CTXDBG("LEAVE BN_CTX_get()", ctx);
	245	return ret;
	246	}
	247
	248	OPENSSL_CTX bn_get_lib_ctx(BN_CTX ctx)
	249	{
	250	if (ctx == NULL)
	251	return NULL;
	252	return ctx->libctx;
	253	}
	254
	255	/************/
	256	/* BN_STACK */
	257	/************/
	258
	259	static void BN_STACK_init(BN_STACK *st)
	260	{
	261	st->indexes = NULL;
	262	st->depth = st->size = 0;
	263	}
	264
	265	static void BN_STACK_finish(BN_STACK *st)
	266	{
	267	OPENSSL_free(st->indexes);
	268	st->indexes = NULL;
	269	}
	270
	271
	272	static int BN_STACK_push(BN_STACK *st, unsigned int idx)
	273	{
	274	if (st->depth == st->size) {
	275	/* Need to expand */
	276	unsigned int newsize =
	277	st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES;
	278	unsigned int *newitems;
	279
	280	if ((newitems = OPENSSL_malloc(sizeof(newitems) newsize)) == NULL) {
	281	BNerr(BN_F_BN_STACK_PUSH, ERR_R_MALLOC_FAILURE);
	282	return 0;
	283	}
	284	if (st->depth)
	285	memcpy(newitems, st->indexes, sizeof(newitems) st->depth);
	286	OPENSSL_free(st->indexes);
	287	st->indexes = newitems;
	288	st->size = newsize;
	289	}
	290	st->indexes[(st->depth)++] = idx;
	291	return 1;
	292	}
	293
	294	static unsigned int BN_STACK_pop(BN_STACK *st)
	295	{
	296	return st->indexes[--(st->depth)];
	297	}
	298
	299	/***********/
	300	/* BN_POOL */
	301	/***********/
	302
	303	static void BN_POOL_init(BN_POOL *p)
	304	{
	305	p->head = p->current = p->tail = NULL;
	306	p->used = p->size = 0;
	307	}
	308
	309	static void BN_POOL_finish(BN_POOL *p)
	310	{
	311	unsigned int loop;
	312	BIGNUM *bn;
	313
	314	while (p->head) {
	315	for (loop = 0, bn = p->head->vals; loop++ < BN_CTX_POOL_SIZE; bn++)
	316	if (bn->d)
	317	BN_clear_free(bn);
	318	p->current = p->head->next;
	319	OPENSSL_free(p->head);
	320	p->head = p->current;
	321	}
	322	}
	323
	324
	325	static BIGNUM BN_POOL_get(BN_POOL p, int flag)
	326	{
	327	BIGNUM *bn;
	328	unsigned int loop;
	329
	330	/* Full; allocate a new pool item and link it in. */
	331	if (p->used == p->size) {
	332	BN_POOL_ITEM *item;
	333
	334	if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
	335	BNerr(BN_F_BN_POOL_GET, ERR_R_MALLOC_FAILURE);
	336	return NULL;
	337	}
	338	for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) {
	339	bn_init(bn);
	340	if ((flag & BN_FLG_SECURE) != 0)
	341	BN_set_flags(bn, BN_FLG_SECURE);
	342	}
	343	item->prev = p->tail;
	344	item->next = NULL;
	345
	346	if (p->head == NULL)
	347	p->head = p->current = p->tail = item;
	348	else {
	349	p->tail->next = item;
	350	p->tail = item;
	351	p->current = item;
	352	}
	353	p->size += BN_CTX_POOL_SIZE;
	354	p->used++;
	355	/* Return the first bignum from the new pool */
	356	return item->vals;
	357	}
	358
	359	if (!p->used)
	360	p->current = p->head;
	361	else if ((p->used % BN_CTX_POOL_SIZE) == 0)
	362	p->current = p->current->next;
	363	return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
	364	}
	365
	366	static void BN_POOL_release(BN_POOL *p, unsigned int num)
	367	{
	368	unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;
	369
	370	p->used -= num;
	371	while (num--) {
	372	bn_check_top(p->current->vals + offset);
	373	if (offset == 0) {
	374	offset = BN_CTX_POOL_SIZE - 1;
	375	p->current = p->current->prev;
	376	} else
	377	offset--;
	378	}
	379	}