/* $OpenBSD: bn_lib.c,v 1.36 2016/03/15 20:50:22 krw Exp $ */

/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

 * All rights reserved.

 *

 * This package is an SSL implementation written

 * by Eric Young (eay@cryptsoft.com).

 * The implementation was written so as to conform with Netscapes SSL.

 *

 * This library is free for commercial and non-commercial use as long as

 * the following conditions are aheared to.  The following conditions

 * apply to all code found in this distribution, be it the RC4, RSA,

 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

 * included with this distribution is covered by the same copyright terms

 * except that the holder is Tim Hudson (tjh@cryptsoft.com).

 *

 * Copyright remains Eric Young's, and as such any Copyright notices in

 * the code are not to be removed.

 * If this package is used in a product, Eric Young should be given attribution

 * as the author of the parts of the library used.

 * This can be in the form of a textual message at program startup or

 * in documentation (online or textual) provided with the package.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 * 3. All advertising materials mentioning features or use of this software

 *    must display the following acknowledgement:

 *    "This product includes cryptographic software written by

 *     Eric Young (eay@cryptsoft.com)"

 *    The word 'cryptographic' can be left out if the rouines from the library

 *    being used are not cryptographic related :-).

 * 4. If you include any Windows specific code (or a derivative thereof) from

 *    the apps directory (application code) you must include an acknowledgement:

 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

 *

 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 *

 * The licence and distribution terms for any publically available version or

 * derivative of this code cannot be changed.  i.e. this code cannot simply be

 * copied and put under another distribution licence

 * [including the GNU Public Licence.]

 */

#ifndef BN_DEBUG

# undef NDEBUG /* avoid conflicting definitions */

# define NDEBUG

#endif

#include <assert.h>

#include <limits.h>

#include <stdio.h>

#include <string.h>

#include <openssl/opensslconf.h>

#include <openssl/err.h>

#include "bn_lcl.h"

/* This stuff appears to be completely unused, so is deprecated */

#ifndef OPENSSL_NO_DEPRECATED

/* For a 32 bit machine

 * 2 -   4 ==  128

 * 3 -   8 ==  256

 * 4 -  16 ==  512

 * 5 -  32 == 1024

 * 6 -  64 == 2048

 * 7 - 128 == 4096

 * 8 - 256 == 8192

 */

static int bn_limit_bits = 0;

static int bn_limit_num = 8;        /* (1<<bn_limit_bits) */

static int bn_limit_bits_low = 0;

static int bn_limit_num_low = 8;    /* (1<<bn_limit_bits_low) */

static int bn_limit_bits_high = 0;

static int bn_limit_num_high = 8;   /* (1<<bn_limit_bits_high) */

static int bn_limit_bits_mont = 0;

static int bn_limit_num_mont = 8;   /* (1<<bn_limit_bits_mont) */

void

BN_set_params(int mult, int high, int low, int mont)

{

	}

	}

	}

	}

}

int

BN_get_params(int which)

{

	else

}

#endif

const BIGNUM *

BN_value_one(void)

	static const BN_ULONG data_one = 1L;

	static const BIGNUM const_one = {

		(BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA

	};

}

int

BN_num_bits_word(BN_ULONG l)

	static const unsigned char bits[256] = {

		0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4,

		5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5,

		6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,

		6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,

		7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,

		7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,

		7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,

		7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,

		8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,  8, 8, 8, 8,

		8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,

		8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,

		8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,

		8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,

		8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,

		8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,

		8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,

	};

#ifdef _LP64

			} else

		} else {

			} else

		}

	} else

#endif

	{

			else

		} else {

			else

		}

	}

}

int

BN_num_bits(const BIGNUM *a)

	bn_check_top(a);

}

void

BN_clear_free(BIGNUM *a)

	int i;

	bn_check_top(a);

	}

}

void

BN_free(BIGNUM *a)

void

BN_init(BIGNUM *a)

	bn_check_top(a);

BIGNUM *

BN_new(void)

	BIGNUM *ret;

	}

	bn_check_top(ret);

}

/* This is used both by bn_expand2() and bn_dup_expand() */

/* The caller MUST check that words > b->dmax before calling this */

static BN_ULONG *

bn_expand_internal(const BIGNUM *b, int words)

	const BN_ULONG *B;

	int i;

	bn_check_top(b);

	}

		    BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);

	}

	}

#if 1

	/* Check if the previous number needs to be copied */

			/*

			 * The fact that the loop is unrolled

			 * 4-wise is a tribute to Intel. It's

			 * the one that doesn't have enough

			 * registers to accommodate more data.

			 * I'd unroll it 8-wise otherwise:-)

			 *

			 *		<appro@fy.chalmers.se>

			 */

			BN_ULONG a0, a1, a2, a3;

		}

		case 3:

		case 2:

		case 1:

		}

	}

#else

	memset(A, 0, sizeof(BN_ULONG) * words);

	memcpy(A, b->d, sizeof(b->d[0]) * b->top);

#endif

}

/* This is an internal function that can be used instead of bn_expand2()

 * when there is a need to copy BIGNUMs instead of only expanding the

 * data part, while still expanding them.

 * Especially useful when needing to expand BIGNUMs that are declared

 * 'const' and should therefore not be changed.

 * The reason to use this instead of a BN_dup() followed by a bn_expand2()

 * is memory allocation overhead.  A BN_dup() followed by a bn_expand2()

 * will allocate new memory for the BIGNUM data twice, and free it once,

 * while bn_dup_expand() makes sure allocation is made only once.

 */

#ifndef OPENSSL_NO_DEPRECATED

BIGNUM *

bn_dup_expand(const BIGNUM *b, int words)

{

	bn_check_top(b);

	/* This function does not work if

	 *      words <= b->dmax && top < words

	 * because BN_dup() does not preserve 'dmax'!

	 * (But bn_dup_expand() is not used anywhere yet.)

	 */

			} else {

				/* r == NULL, BN_new failure */

			}

		}

		/* If a == NULL, there was an error in allocation in

		   bn_expand_internal(), and NULL should be returned */

	} else {

	}

	bn_check_top(r);

}

#endif

/* This is an internal function that should not be used in applications.

 * It ensures that 'b' has enough room for a 'words' word number

 * and initialises any unused part of b->d with leading zeros.

 * It is mostly used by the various BIGNUM routines. If there is an error,

 * NULL is returned. If not, 'b' is returned. */

BIGNUM *

bn_expand2(BIGNUM *b, int words)

	bn_check_top(b);

		}

	}

/* None of this should be necessary because of what b->top means! */

#if 0

	/* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */

	if (b->top < b->dmax) {

		int i;

		BN_ULONG *A = &(b->d[b->top]);

		for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) {

			A[0] = 0;

			A[1] = 0;

			A[2] = 0;

			A[3] = 0;

			A[4] = 0;

			A[5] = 0;

			A[6] = 0;

			A[7] = 0;

		}

		for (i = (b->dmax - b->top)&7; i > 0; i--, A++)

			A[0] = 0;

		assert(A == &(b->d[b->dmax]));

	}

#endif

	bn_check_top(b);

}

BIGNUM *

BN_dup(const BIGNUM *a)

	BIGNUM *t;

	bn_check_top(a);

	}

	bn_check_top(t);

}

BIGNUM *

BN_copy(BIGNUM *a, const BIGNUM *b)

	int i;

	BN_ULONG *A;

	const BN_ULONG *B;

	bn_check_top(b);

#if 1

		BN_ULONG a0, a1, a2, a3;

	}

	case 3:

	case 2:

	case 1:

	}

#else

	memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);

#endif

	bn_check_top(a);

}

void

BN_swap(BIGNUM *a, BIGNUM *b)

{

	int flags_old_a, flags_old_b;

	BN_ULONG *tmp_d;

	int tmp_top, tmp_dmax, tmp_neg;

	bn_check_top(a);

	bn_check_top(b);

	    (flags_old_b & BN_FLG_STATIC_DATA);

	    (flags_old_a & BN_FLG_STATIC_DATA);

	bn_check_top(a);

	bn_check_top(b);

}

void

BN_clear(BIGNUM *a)

{

	bn_check_top(a);

}

BN_ULONG

BN_get_word(const BIGNUM *a)

{

	/* a->top == 0 */

}

BIGNUM *

bn_expand(BIGNUM *a, int bits)

}

int

BN_set_word(BIGNUM *a, BN_ULONG w)

	bn_check_top(a);

	bn_check_top(a);

}

BIGNUM *

BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)

	unsigned int i, m;

	unsigned int n;

	BN_ULONG l;

	bn_check_top(ret);

	}

	}

		}

	}

	/* need to call this due to clear byte at top if avoiding

	 * having the top bit set (-ve number) */

}

/* ignore negative */

int

BN_bn2bin(const BIGNUM *a, unsigned char *to)

	int n, i;

	BN_ULONG l;

	bn_check_top(a);

	}

}

int

BN_ucmp(const BIGNUM *a, const BIGNUM *b)

	int i;

	BN_ULONG t1, t2, *ap, *bp;

	bn_check_top(a);

	bn_check_top(b);

	}

}

int

BN_cmp(const BIGNUM *a, const BIGNUM *b)

	int i;

	int gt, lt;

	BN_ULONG t1, t2;

		else

	}

	bn_check_top(a);

	bn_check_top(b);

		else

	}

	} else {

	}

	}

}

int

BN_set_bit(BIGNUM *a, int n)

	int i, j, k;

	}

	bn_check_top(a);

}

int

BN_clear_bit(BIGNUM *a, int n)

{

	int i, j;

	bn_check_top(a);

}

int

BN_is_bit_set(const BIGNUM *a, int n)

	int i, j;

	bn_check_top(a);

}

int

BN_mask_bits(BIGNUM *a, int n)

	int b, w;

	bn_check_top(a);

	else {

	}

}

void

BN_set_negative(BIGNUM *a, int b)

	else

int

bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)

	int i;

	BN_ULONG aa, bb;

	}

}

/* Here follows a specialised variants of bn_cmp_words().  It has the

   property of performing the operation on arrays of different sizes.

   The sizes of those arrays is expressed through cl, which is the

   common length ( basicall, min(len(a),len(b)) ), and dl, which is the

   delta between the two lengths, calculated as len(a)-len(b).

   All lengths are the number of BN_ULONGs...  */

int

bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl)

	int n, i;

		}

	}

		}

	}

}

/*

 * Constant-time conditional swap of a and b.

 * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.

 * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,

 * and that no more than nwords are used by either a or b.

 * a and b cannot be the same number

 */

void

BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)

	BN_ULONG t;

	int i;

	bn_wcheck_size(a, nwords);

	bn_wcheck_size(b, nwords);

	assert(a != b);

	assert((condition & (condition - 1)) == 0);

	assert(sizeof(BN_ULONG) >= sizeof(int));

#define BN_CONSTTIME_SWAP(ind) \

	do { \

		t = (a->d[ind] ^ b->d[ind]) & condition; \

		a->d[ind] ^= t; \

		b->d[ind] ^= t; \

	} while (0)

	default:

		/* Fallthrough */

	case 1:

	}

#undef BN_CONSTTIME_SWAP