X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fbn%2Fbn_lib.c;h=99179232f448dbb64c3c286c312c23cbf89915cb;hb=1d3235f85c4b0e51b6baf7d8b89089c6c77f6928;hp=ce9f768cdb149b60db829645f80d2ed5aa584259;hpb=23d38992fca13773291ca647220707bfb0636361;p=oweals%2Fopenssl.git

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index ce9f768cdb..99179232f4 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -1,65 +1,12 @@
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
-#ifndef BN_DEBUG
-# undef NDEBUG                  /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
 #include <assert.h>
 #include <limits.h>
 #include "internal/cryptlib.h"
@@ -223,7 +170,7 @@ int BN_num_bits(const BIGNUM *a)
 
 static void bn_free_d(BIGNUM *a)
 {
-    if (BN_get_flags(a,BN_FLG_SECURE))
+    if (BN_get_flags(a, BN_FLG_SECURE))
         OPENSSL_secure_free(a->d);
     else
         OPENSSL_free(a->d);
@@ -298,9 +245,7 @@ BIGNUM *BN_new(void)
 /* The caller MUST check that words > b->dmax before calling this */
 static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
 {
-    BN_ULONG *A, *a = NULL;
-    const BN_ULONG *B;
-    int i;
+    BN_ULONG *a = NULL;
 
     bn_check_top(b);
 
@@ -312,57 +257,20 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
         BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
         return (NULL);
     }
-    if (BN_get_flags(b,BN_FLG_SECURE))
-        a = A = OPENSSL_secure_zalloc(words * sizeof(*a));
+    if (BN_get_flags(b, BN_FLG_SECURE))
+        a = OPENSSL_secure_zalloc(words * sizeof(*a));
     else
-        a = A = OPENSSL_zalloc(words * sizeof(*a));
-    if (A == NULL) {
+        a = OPENSSL_zalloc(words * sizeof(*a));
+    if (a == NULL) {
         BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
         return (NULL);
     }
 
-#if 1
-    B = b->d;
-    /* Check if the previous number needs to be copied */
-    if (B != NULL) {
-        for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
-            /*
-             * The fact that the loop is unrolled
-             * 4-wise is a tribute to Intel. It's
-             * the one that doesn't have enough
-             * registers to accommodate more data.
-             * I'd unroll it 8-wise otherwise:-)
-             *
-             *              <appro@fy.chalmers.se>
-             */
-            BN_ULONG a0, a1, a2, a3;
-            a0 = B[0];
-            a1 = B[1];
-            a2 = B[2];
-            a3 = B[3];
-            A[0] = a0;
-            A[1] = a1;
-            A[2] = a2;
-            A[3] = a3;
-        }
-        switch (b->top & 3) {
-        case 3:
-            A[2] = B[2];
-        case 2:
-            A[1] = B[1];
-        case 1:
-            A[0] = B[0];
-        case 0:
-            /* Without the "case 0" some old optimizers got this wrong. */
-            ;
-        }
-    }
-#else
-    memset(A, 0, sizeof(*A) * words);
-    memcpy(A, b->d, sizeof(b->d[0]) * b->top);
-#endif
+    assert(b->top <= words);
+    if (b->top > 0)
+        memcpy(a, b->d, sizeof(*a) * b->top);
 
-    return (a);
+    return a;
 }
 
 /*
@@ -414,49 +322,20 @@ BIGNUM *BN_dup(const BIGNUM *a)
 
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
 {
-    int i;
-    BN_ULONG *A;
-    const BN_ULONG *B;
-
     bn_check_top(b);
 
     if (a == b)
-        return (a);
+        return a;
     if (bn_wexpand(a, b->top) == NULL)
-        return (NULL);
+        return NULL;
 
-#if 1
-    A = a->d;
-    B = b->d;
-    for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
-        BN_ULONG a0, a1, a2, a3;
-        a0 = B[0];
-        a1 = B[1];
-        a2 = B[2];
-        a3 = B[3];
-        A[0] = a0;
-        A[1] = a1;
-        A[2] = a2;
-        A[3] = a3;
-    }
-    /* ultrix cc workaround, see comments in bn_expand_internal */
-    switch (b->top & 3) {
-    case 3:
-        A[2] = B[2];
-    case 2:
-        A[1] = B[1];
-    case 1:
-        A[0] = B[0];
-    case 0:;
-    }
-#else
-    memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
-#endif
+    if (b->top > 0)
+        memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
 
     a->top = b->top;
     a->neg = b->neg;
     bn_check_top(a);
-    return (a);
+    return a;
 }
 
 void BN_swap(BIGNUM *a, BIGNUM *b)
@@ -498,7 +377,7 @@ void BN_clear(BIGNUM *a)
 {
     bn_check_top(a);
     if (a->d != NULL)
-        memset(a->d, 0, sizeof(*a->d) * a->dmax);
+        OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);
     a->top = 0;
     a->neg = 0;
 }
@@ -618,9 +497,9 @@ BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
     if (ret == NULL)
         return (NULL);
     bn_check_top(ret);
-    s += len - 1;
+    s += len;
     /* Skip trailing zeroes. */
-    for ( ; len > 0 && *s == 0; s--, len--)
+    for ( ; len > 0 && s[-1] == 0; s--, len--)
         continue;
     n = len;
     if (n == 0) {
@@ -637,7 +516,8 @@ BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
     ret->neg = 0;
     l = 0;
     while (n--) {
-        l = (l << 8L) | *(s--);
+        s--;
+        l = (l << 8L) | *s;
         if (m-- == 0) {
             ret->d[--i] = l;
             l = 0;
@@ -663,10 +543,11 @@ int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen)
     /* Add trailing zeroes if necessary */
     if (tolen > i)
         memset(to + i, 0, tolen - i);
-    to += i - 1;
+    to += i;
     while (i--) {
         l = a->d[i / BN_BYTES];
-        *(to--) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
+        to--;
+        *to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
     }
     return tolen;
 }
@@ -844,9 +725,9 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
 
 /*
  * Here follows a specialised variants of bn_cmp_words().  It has the
- * property of performing the operation on arrays of different sizes. The
+ * capability of performing the operation on arrays of different sizes. The
  * sizes of those arrays is expressed through cl, which is the common length
- * ( basicall, min(len(a),len(b)) ), and dl, which is the delta between the
+ * ( basically, min(len(a),len(b)) ), and dl, which is the delta between the
  * two lengths, calculated as len(a)-len(b). All lengths are the number of
  * BN_ULONGs...
  */
@@ -1075,10 +956,14 @@ void bn_correct_top(BIGNUM *a)
     int tmp_top = a->top;
 
     if (tmp_top > 0) {
-        for (ftl = &(a->d[tmp_top - 1]); tmp_top > 0; tmp_top--)
-            if (*(ftl--))
+        for (ftl = &(a->d[tmp_top]); tmp_top > 0; tmp_top--) {
+            ftl--;
+            if (*ftl != 0)
                 break;
+        }
         a->top = tmp_top;
     }
+    if (a->top == 0)
+        a->neg = 0;
     bn_pollute(a);
 }