1 /* crypto/bn/bn_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
60 # undef NDEBUG /* avoid conflicting definitions */
69 const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT;
71 /* For a 32 bit machine
80 static int bn_limit_bits=0;
81 static int bn_limit_num=8; /* (1<<bn_limit_bits) */
82 static int bn_limit_bits_low=0;
83 static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
84 static int bn_limit_bits_high=0;
85 static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
86 static int bn_limit_bits_mont=0;
87 static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
89 void BN_set_params(int mult, int high, int low, int mont)
93 if (mult > (sizeof(int)*8)-1)
100 if (high > (sizeof(int)*8)-1)
101 high=sizeof(int)*8-1;
102 bn_limit_bits_high=high;
103 bn_limit_num_high=1<<high;
107 if (low > (sizeof(int)*8)-1)
109 bn_limit_bits_low=low;
110 bn_limit_num_low=1<<low;
114 if (mont > (sizeof(int)*8)-1)
115 mont=sizeof(int)*8-1;
116 bn_limit_bits_mont=mont;
117 bn_limit_num_mont=1<<mont;
121 int BN_get_params(int which)
123 if (which == 0) return(bn_limit_bits);
124 else if (which == 1) return(bn_limit_bits_high);
125 else if (which == 2) return(bn_limit_bits_low);
126 else if (which == 3) return(bn_limit_bits_mont);
130 BIGNUM *BN_value_one(void)
132 static BN_ULONG data_one=1L;
133 static BIGNUM const_one={&data_one,1,1,0};
138 char *BN_options(void)
141 static char data[16];
147 sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULLONG)*8,
148 (int)sizeof(BN_ULONG)*8);
150 sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULONG)*8,
151 (int)sizeof(BN_ULONG)*8);
157 int BN_num_bits_word(BN_ULONG l)
159 static const char bits[256]={
160 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
161 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
162 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
163 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
164 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
165 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
166 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
167 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
168 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
169 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
170 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
171 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
172 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
173 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
174 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
175 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
178 #if defined(SIXTY_FOUR_BIT_LONG)
179 if (l & 0xffffffff00000000L)
181 if (l & 0xffff000000000000L)
183 if (l & 0xff00000000000000L)
185 return(bits[(int)(l>>56)]+56);
187 else return(bits[(int)(l>>48)]+48);
191 if (l & 0x0000ff0000000000L)
193 return(bits[(int)(l>>40)]+40);
195 else return(bits[(int)(l>>32)]+32);
200 #ifdef SIXTY_FOUR_BIT
201 if (l & 0xffffffff00000000LL)
203 if (l & 0xffff000000000000LL)
205 if (l & 0xff00000000000000LL)
207 return(bits[(int)(l>>56)]+56);
209 else return(bits[(int)(l>>48)]+48);
213 if (l & 0x0000ff0000000000LL)
215 return(bits[(int)(l>>40)]+40);
217 else return(bits[(int)(l>>32)]+32);
224 #if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
228 return(bits[(int)(l>>24L)]+24);
229 else return(bits[(int)(l>>16L)]+16);
234 #if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
236 return(bits[(int)(l>>8)]+8);
239 return(bits[(int)(l )] );
244 int BN_num_bits(const BIGNUM *a)
251 if (a->top == 0) return(0);
254 i=(a->top-1)*BN_BITS2;
255 return(i+BN_num_bits_word(l));
258 void BN_clear_free(BIGNUM *a)
262 if (a == NULL) return;
265 memset(a->d,0,a->dmax*sizeof(a->d[0]));
266 if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
269 i=BN_get_flags(a,BN_FLG_MALLOCED);
270 memset(a,0,sizeof(BIGNUM));
275 void BN_free(BIGNUM *a)
277 if (a == NULL) return;
278 if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
280 a->flags|=BN_FLG_FREE; /* REMOVE? */
281 if (a->flags & BN_FLG_MALLOCED)
285 void BN_init(BIGNUM *a)
287 memset(a,0,sizeof(BIGNUM));
294 if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL)
296 BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
299 ret->flags=BN_FLG_MALLOCED;
307 /* This is used both by bn_expand2() and bn_dup_expand() */
308 /* The caller MUST check that words > b->dmax before calling this */
309 static BN_ULONG *internal_bn_expand(const BIGNUM *b, int words)
311 BN_ULONG *A,*a = NULL;
316 if (BN_get_flags(b,BN_FLG_STATIC_DATA))
318 BNerr(BN_F_BN_EXPAND2,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
321 a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1));
324 BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE);
329 /* Check if the previous number needs to be copied */
333 /* This lot is an unrolled loop to copy b->top
334 * BN_ULONGs from B to A
337 * I have nothing against unrolling but it's usually done for
338 * several reasons, namely:
339 * - minimize percentage of decision making code, i.e. branches;
340 * - avoid cache trashing;
341 * - make it possible to schedule loads earlier;
342 * Now let's examine the code below. The cornerstone of C is
343 * "programmer is always right" and that's what we love it for:-)
344 * For this very reason C compilers have to be paranoid when it
345 * comes to data aliasing and assume the worst. Yeah, but what
346 * does it mean in real life? This means that loop body below will
347 * be compiled to sequence of loads immediately followed by stores
348 * as compiler assumes the worst, something in A==B+1 style. As a
349 * result CPU pipeline is going to starve for incoming data. Secondly
350 * if A and B happen to share same cache line such code is going to
351 * cause severe cache trashing. Both factors have severe impact on
352 * performance of modern CPUs and this is the reason why this
353 * particular piece of code is #ifdefed away and replaced by more
354 * "friendly" version found in #else section below. This comment
355 * also applies to BN_copy function.
357 * <appro@fy.chalmers.se>
359 for (i=b->top&(~7); i>0; i-=8)
361 A[0]=B[0]; A[1]=B[1]; A[2]=B[2]; A[3]=B[3];
362 A[4]=B[4]; A[5]=B[5]; A[6]=B[6]; A[7]=B[7];
383 /* I need the 'case 0' entry for utrix cc.
384 * If the optimizer is turned on, it does the
385 * switch table by doing
388 * goto jump_table[a];
389 * If top is 0, this makes us jump to 0xffffffc
390 * which is rather bad :-(.
396 for (i=b->top>>2; i>0; i--,A+=4,B+=4)
399 * The fact that the loop is unrolled
400 * 4-wise is a tribute to Intel. It's
401 * the one that doesn't have enough
402 * registers to accomodate more data.
403 * I'd unroll it 8-wise otherwise:-)
405 * <appro@fy.chalmers.se>
407 BN_ULONG a0,a1,a2,a3;
408 a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
409 A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
416 case 0: ; /* ultrix cc workaround, see above */
421 /* Now need to zero any data between b->top and b->max */
424 for (i=(words - b->top)>>3; i>0; i--,A+=8)
426 A[0]=0; A[1]=0; A[2]=0; A[3]=0;
427 A[4]=0; A[5]=0; A[6]=0; A[7]=0;
429 for (i=(words - b->top)&7; i>0; i--,A++)
432 memset(A,0,sizeof(BN_ULONG)*(words+1));
433 memcpy(A,b->d,sizeof(b->d[0])*b->top);
439 /* This is an internal function that can be used instead of bn_expand2()
440 * when there is a need to copy BIGNUMs instead of only expanding the
441 * data part, while still expanding them.
442 * Especially useful when needing to expand BIGNUMs that are declared
443 * 'const' and should therefore not be changed.
444 * The reason to use this instead of a BN_dup() followed by a bn_expand2()
445 * is memory allocation overhead. A BN_dup() followed by a bn_expand2()
446 * will allocate new memory for the BIGNUM data twice, and free it once,
447 * while bn_dup_expand() makes sure allocation is made only once.
450 BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
456 BN_ULONG *a = internal_bn_expand(b, words);
470 /* r == NULL, BN_new failure */
474 /* If a == NULL, there was an error in allocation in
475 internal_bn_expand(), and NULL should be returned */
485 /* This is an internal function that should not be used in applications.
486 * It ensures that 'b' has enough room for a 'words' word number number.
487 * It is mostly used by the various BIGNUM routines. If there is an error,
488 * NULL is returned. If not, 'b' is returned. */
490 BIGNUM *bn_expand2(BIGNUM *b, int words)
494 BN_ULONG *a = internal_bn_expand(b, words);
508 BIGNUM *BN_dup(const BIGNUM *a)
512 if (a == NULL) return NULL;
517 if (t == NULL) return(NULL);
519 /* now r == t || r == NULL */
525 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
533 if (a == b) return(a);
534 if (bn_wexpand(a,b->top) == NULL) return(NULL);
539 for (i=b->top>>2; i>0; i--,A+=4,B+=4)
541 BN_ULONG a0,a1,a2,a3;
542 a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
543 A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
550 case 0: ; /* ultrix cc workaround, see comments in bn_expand2 */
553 memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
556 /* memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/
558 if ((a->top == 0) && (a->d != NULL))
564 void BN_clear(BIGNUM *a)
567 memset(a->d,0,a->dmax*sizeof(a->d[0]));
572 BN_ULONG BN_get_word(const BIGNUM *a)
578 if (n > sizeof(BN_ULONG))
580 for (i=a->top-1; i>=0; i--)
582 #ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
583 ret<<=BN_BITS4; /* stops the compiler complaining */
593 int BN_set_word(BIGNUM *a, BN_ULONG w)
596 if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0);
598 n=sizeof(BN_ULONG)/BN_BYTES;
601 a->d[0]=(BN_ULONG)w&BN_MASK2;
602 if (a->d[0] != 0) a->top=1;
605 /* the following is done instead of
606 * w>>=BN_BITS2 so compilers don't complain
607 * on builds where sizeof(long) == BN_TYPES */
608 #ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
614 a->d[i]=(BN_ULONG)w&BN_MASK2;
615 if (a->d[i] != 0) a->top=i+1;
620 /* ignore negative */
621 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
627 if (ret == NULL) ret=BN_new();
628 if (ret == NULL) return(NULL);
636 if (bn_expand(ret,(int)(n+2)*8) == NULL)
638 i=((n-1)/BN_BYTES)+1;
639 m=((n-1)%(BN_BYTES));
651 /* need to call this due to clear byte at top if avoiding
652 * having the top bit set (-ve number) */
657 /* ignore negative */
658 int BN_bn2bin(const BIGNUM *a, unsigned char *to)
667 *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
672 int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
675 BN_ULONG t1,t2,*ap,*bp;
681 if (i != 0) return(i);
684 for (i=a->top-1; i>=0; i--)
689 return(t1 > t2?1:-1);
694 int BN_cmp(const BIGNUM *a, const BIGNUM *b)
700 if ((a == NULL) || (b == NULL))
713 if (a->neg != b->neg)
721 else { gt= -1; lt=1; }
723 if (a->top > b->top) return(gt);
724 if (a->top < b->top) return(lt);
725 for (i=a->top-1; i>=0; i--)
729 if (t1 > t2) return(gt);
730 if (t1 < t2) return(lt);
735 int BN_set_bit(BIGNUM *a, int n)
743 if (bn_wexpand(a,i+1) == NULL) return(0);
744 for(k=a->top; k<i+1; k++)
749 a->d[i]|=(((BN_ULONG)1)<<j);
753 int BN_clear_bit(BIGNUM *a, int n)
759 if (a->top <= i) return(0);
761 a->d[i]&=(~(((BN_ULONG)1)<<j));
766 int BN_is_bit_set(const BIGNUM *a, int n)
770 if (n < 0) return(0);
773 if (a->top <= i) return(0);
774 return((a->d[i]&(((BN_ULONG)1)<<j))?1:0);
777 int BN_mask_bits(BIGNUM *a, int n)
783 if (w >= a->top) return(0);
789 a->d[w]&= ~(BN_MASK2<<b);
795 int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n)
802 if (aa != bb) return((aa > bb)?1:-1);
803 for (i=n-2; i>=0; i--)
807 if (aa != bb) return((aa > bb)?1:-1);