GCC Code Coverage Report | |||||||||||||||||||||
|
|||||||||||||||||||||
Line | Branch | Exec | Source |
1 |
/* $OpenBSD: bn_lib.c,v 1.38 2017/05/02 03:59:44 deraadt Exp $ */ |
||
2 |
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
||
3 |
* All rights reserved. |
||
4 |
* |
||
5 |
* This package is an SSL implementation written |
||
6 |
* by Eric Young (eay@cryptsoft.com). |
||
7 |
* The implementation was written so as to conform with Netscapes SSL. |
||
8 |
* |
||
9 |
* This library is free for commercial and non-commercial use as long as |
||
10 |
* the following conditions are aheared to. The following conditions |
||
11 |
* apply to all code found in this distribution, be it the RC4, RSA, |
||
12 |
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
||
13 |
* included with this distribution is covered by the same copyright terms |
||
14 |
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
||
15 |
* |
||
16 |
* Copyright remains Eric Young's, and as such any Copyright notices in |
||
17 |
* the code are not to be removed. |
||
18 |
* If this package is used in a product, Eric Young should be given attribution |
||
19 |
* as the author of the parts of the library used. |
||
20 |
* This can be in the form of a textual message at program startup or |
||
21 |
* in documentation (online or textual) provided with the package. |
||
22 |
* |
||
23 |
* Redistribution and use in source and binary forms, with or without |
||
24 |
* modification, are permitted provided that the following conditions |
||
25 |
* are met: |
||
26 |
* 1. Redistributions of source code must retain the copyright |
||
27 |
* notice, this list of conditions and the following disclaimer. |
||
28 |
* 2. Redistributions in binary form must reproduce the above copyright |
||
29 |
* notice, this list of conditions and the following disclaimer in the |
||
30 |
* documentation and/or other materials provided with the distribution. |
||
31 |
* 3. All advertising materials mentioning features or use of this software |
||
32 |
* must display the following acknowledgement: |
||
33 |
* "This product includes cryptographic software written by |
||
34 |
* Eric Young (eay@cryptsoft.com)" |
||
35 |
* The word 'cryptographic' can be left out if the rouines from the library |
||
36 |
* being used are not cryptographic related :-). |
||
37 |
* 4. If you include any Windows specific code (or a derivative thereof) from |
||
38 |
* the apps directory (application code) you must include an acknowledgement: |
||
39 |
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
||
40 |
* |
||
41 |
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
||
42 |
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
||
43 |
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
||
44 |
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
||
45 |
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
||
46 |
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
||
47 |
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
||
48 |
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
||
49 |
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
||
50 |
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
||
51 |
* SUCH DAMAGE. |
||
52 |
* |
||
53 |
* The licence and distribution terms for any publically available version or |
||
54 |
* derivative of this code cannot be changed. i.e. this code cannot simply be |
||
55 |
* copied and put under another distribution licence |
||
56 |
* [including the GNU Public Licence.] |
||
57 |
*/ |
||
58 |
|||
59 |
#ifndef BN_DEBUG |
||
60 |
# undef NDEBUG /* avoid conflicting definitions */ |
||
61 |
# define NDEBUG |
||
62 |
#endif |
||
63 |
|||
64 |
#include <assert.h> |
||
65 |
#include <limits.h> |
||
66 |
#include <stdio.h> |
||
67 |
#include <string.h> |
||
68 |
|||
69 |
#include <openssl/opensslconf.h> |
||
70 |
|||
71 |
#include <openssl/err.h> |
||
72 |
|||
73 |
#include "bn_lcl.h" |
||
74 |
|||
75 |
/* This stuff appears to be completely unused, so is deprecated */ |
||
76 |
#ifndef OPENSSL_NO_DEPRECATED |
||
77 |
/* For a 32 bit machine |
||
78 |
* 2 - 4 == 128 |
||
79 |
* 3 - 8 == 256 |
||
80 |
* 4 - 16 == 512 |
||
81 |
* 5 - 32 == 1024 |
||
82 |
* 6 - 64 == 2048 |
||
83 |
* 7 - 128 == 4096 |
||
84 |
* 8 - 256 == 8192 |
||
85 |
*/ |
||
86 |
static int bn_limit_bits = 0; |
||
87 |
static int bn_limit_num = 8; /* (1<<bn_limit_bits) */ |
||
88 |
static int bn_limit_bits_low = 0; |
||
89 |
static int bn_limit_num_low = 8; /* (1<<bn_limit_bits_low) */ |
||
90 |
static int bn_limit_bits_high = 0; |
||
91 |
static int bn_limit_num_high = 8; /* (1<<bn_limit_bits_high) */ |
||
92 |
static int bn_limit_bits_mont = 0; |
||
93 |
static int bn_limit_num_mont = 8; /* (1<<bn_limit_bits_mont) */ |
||
94 |
|||
95 |
void |
||
96 |
BN_set_params(int mult, int high, int low, int mont) |
||
97 |
{ |
||
98 |
if (mult >= 0) { |
||
99 |
if (mult > (int)(sizeof(int) * 8) - 1) |
||
100 |
mult = sizeof(int) * 8 - 1; |
||
101 |
bn_limit_bits = mult; |
||
102 |
bn_limit_num = 1 << mult; |
||
103 |
} |
||
104 |
if (high >= 0) { |
||
105 |
if (high > (int)(sizeof(int) * 8) - 1) |
||
106 |
high = sizeof(int) * 8 - 1; |
||
107 |
bn_limit_bits_high = high; |
||
108 |
bn_limit_num_high = 1 << high; |
||
109 |
} |
||
110 |
if (low >= 0) { |
||
111 |
if (low > (int)(sizeof(int) * 8) - 1) |
||
112 |
low = sizeof(int) * 8 - 1; |
||
113 |
bn_limit_bits_low = low; |
||
114 |
bn_limit_num_low = 1 << low; |
||
115 |
} |
||
116 |
if (mont >= 0) { |
||
117 |
if (mont > (int)(sizeof(int) * 8) - 1) |
||
118 |
mont = sizeof(int) * 8 - 1; |
||
119 |
bn_limit_bits_mont = mont; |
||
120 |
bn_limit_num_mont = 1 << mont; |
||
121 |
} |
||
122 |
} |
||
123 |
|||
124 |
int |
||
125 |
BN_get_params(int which) |
||
126 |
{ |
||
127 |
if (which == 0) |
||
128 |
return (bn_limit_bits); |
||
129 |
else if (which == 1) |
||
130 |
return (bn_limit_bits_high); |
||
131 |
else if (which == 2) |
||
132 |
return (bn_limit_bits_low); |
||
133 |
else if (which == 3) |
||
134 |
return (bn_limit_bits_mont); |
||
135 |
else |
||
136 |
return (0); |
||
137 |
} |
||
138 |
#endif |
||
139 |
|||
140 |
const BIGNUM * |
||
141 |
BN_value_one(void) |
||
142 |
{ |
||
143 |
static const BN_ULONG data_one = 1L; |
||
144 |
static const BIGNUM const_one = { |
||
145 |
(BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA |
||
146 |
}; |
||
147 |
|||
148 |
1025932 |
return (&const_one); |
|
149 |
} |
||
150 |
|||
151 |
int |
||
152 |
BN_num_bits_word(BN_ULONG l) |
||
153 |
{ |
||
154 |
static const unsigned char bits[256] = { |
||
155 |
0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4, |
||
156 |
5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, |
||
157 |
6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, |
||
158 |
6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, |
||
159 |
7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, |
||
160 |
7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, |
||
161 |
7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, |
||
162 |
7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, |
||
163 |
8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, |
||
164 |
8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, |
||
165 |
8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, |
||
166 |
8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, |
||
167 |
8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, |
||
168 |
8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, |
||
169 |
8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, |
||
170 |
8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, |
||
171 |
}; |
||
172 |
|||
173 |
#ifdef _LP64 |
||
174 |
✓✓ | 50485920 |
if (l & 0xffffffff00000000L) { |
175 |
✓✓ | 19318700 |
if (l & 0xffff000000000000L) { |
176 |
✓✓ | 17226231 |
if (l & 0xff00000000000000L) { |
177 |
15903507 |
return (bits[(int)(l >> 56)] + 56); |
|
178 |
} else |
||
179 |
1322724 |
return (bits[(int)(l >> 48)] + 48); |
|
180 |
} else { |
||
181 |
✓✓ | 2092469 |
if (l & 0x0000ff0000000000L) { |
182 |
1151448 |
return (bits[(int)(l >> 40)] + 40); |
|
183 |
} else |
||
184 |
941021 |
return (bits[(int)(l >> 32)] + 32); |
|
185 |
} |
||
186 |
} else |
||
187 |
#endif |
||
188 |
{ |
||
189 |
✓✓ | 5924260 |
if (l & 0xffff0000L) { |
190 |
✓✓ | 3193895 |
if (l & 0xff000000L) |
191 |
1871461 |
return (bits[(int)(l >> 24L)] + 24); |
|
192 |
else |
||
193 |
1322434 |
return (bits[(int)(l >> 16L)] + 16); |
|
194 |
} else { |
||
195 |
✓✓ | 2730365 |
if (l & 0xff00L) |
196 |
1339559 |
return (bits[(int)(l >> 8)] + 8); |
|
197 |
else |
||
198 |
1390806 |
return (bits[(int)(l)]); |
|
199 |
} |
||
200 |
} |
||
201 |
25242960 |
} |
|
202 |
|||
203 |
int |
||
204 |
BN_num_bits(const BIGNUM *a) |
||
205 |
{ |
||
206 |
44946162 |
int i = a->top - 1; |
|
207 |
|||
208 |
bn_check_top(a); |
||
209 |
|||
210 |
✓✓ | 22473081 |
if (BN_is_zero(a)) |
211 |
495 |
return 0; |
|
212 |
22472586 |
return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); |
|
213 |
22473081 |
} |
|
214 |
|||
215 |
void |
||
216 |
BN_clear_free(BIGNUM *a) |
||
217 |
{ |
||
218 |
int i; |
||
219 |
|||
220 |
✓✓ | 5791490 |
if (a == NULL) |
221 |
29841 |
return; |
|
222 |
bn_check_top(a); |
||
223 |
✓✓✓✗ |
5686920 |
if (a->d != NULL && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) |
224 |
2821016 |
freezero(a->d, a->dmax * sizeof(a->d[0])); |
|
225 |
2865904 |
i = BN_get_flags(a, BN_FLG_MALLOCED); |
|
226 |
2865904 |
explicit_bzero(a, sizeof(BIGNUM)); |
|
227 |
✓✓ | 2865904 |
if (i) |
228 |
free(a); |
||
229 |
5761649 |
} |
|
230 |
|||
231 |
void |
||
232 |
BN_free(BIGNUM *a) |
||
233 |
{ |
||
234 |
1701840 |
BN_clear_free(a); |
|
235 |
850920 |
} |
|
236 |
|||
237 |
void |
||
238 |
BN_init(BIGNUM *a) |
||
239 |
{ |
||
240 |
16952864 |
memset(a, 0, sizeof(BIGNUM)); |
|
241 |
bn_check_top(a); |
||
242 |
8476432 |
} |
|
243 |
|||
244 |
BIGNUM * |
||
245 |
BN_new(void) |
||
246 |
{ |
||
247 |
BIGNUM *ret; |
||
248 |
|||
249 |
✗✓ | 1454448 |
if ((ret = malloc(sizeof(BIGNUM))) == NULL) { |
250 |
BNerror(ERR_R_MALLOC_FAILURE); |
||
251 |
return (NULL); |
||
252 |
} |
||
253 |
727224 |
ret->flags = BN_FLG_MALLOCED; |
|
254 |
727224 |
ret->top = 0; |
|
255 |
727224 |
ret->neg = 0; |
|
256 |
727224 |
ret->dmax = 0; |
|
257 |
727224 |
ret->d = NULL; |
|
258 |
bn_check_top(ret); |
||
259 |
727224 |
return (ret); |
|
260 |
727224 |
} |
|
261 |
|||
262 |
/* This is used both by bn_expand2() and bn_dup_expand() */ |
||
263 |
/* The caller MUST check that words > b->dmax before calling this */ |
||
264 |
static BN_ULONG * |
||
265 |
bn_expand_internal(const BIGNUM *b, int words) |
||
266 |
{ |
||
267 |
BN_ULONG *A, *a = NULL; |
||
268 |
const BN_ULONG *B; |
||
269 |
int i; |
||
270 |
|||
271 |
bn_check_top(b); |
||
272 |
|||
273 |
✓✓ | 10768672 |
if (words > (INT_MAX/(4*BN_BITS2))) { |
274 |
18 |
BNerror(BN_R_BIGNUM_TOO_LONG); |
|
275 |
18 |
return NULL; |
|
276 |
} |
||
277 |
✗✓ | 5384318 |
if (BN_get_flags(b, BN_FLG_STATIC_DATA)) { |
278 |
BNerror(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); |
||
279 |
return (NULL); |
||
280 |
} |
||
281 |
5384318 |
a = A = reallocarray(NULL, words, sizeof(BN_ULONG)); |
|
282 |
✗✓ | 5384318 |
if (A == NULL) { |
283 |
BNerror(ERR_R_MALLOC_FAILURE); |
||
284 |
return (NULL); |
||
285 |
} |
||
286 |
#if 1 |
||
287 |
5384318 |
B = b->d; |
|
288 |
/* Check if the previous number needs to be copied */ |
||
289 |
✓✓ | 5384318 |
if (B != NULL) { |
290 |
✓✓ | 11059982 |
for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) { |
291 |
/* |
||
292 |
* The fact that the loop is unrolled |
||
293 |
* 4-wise is a tribute to Intel. It's |
||
294 |
* the one that doesn't have enough |
||
295 |
* registers to accommodate more data. |
||
296 |
* I'd unroll it 8-wise otherwise:-) |
||
297 |
* |
||
298 |
* <appro@fy.chalmers.se> |
||
299 |
*/ |
||
300 |
BN_ULONG a0, a1, a2, a3; |
||
301 |
2971013 |
a0 = B[0]; |
|
302 |
2971013 |
a1 = B[1]; |
|
303 |
2971013 |
a2 = B[2]; |
|
304 |
2971013 |
a3 = B[3]; |
|
305 |
2971013 |
A[0] = a0; |
|
306 |
2971013 |
A[1] = a1; |
|
307 |
2971013 |
A[2] = a2; |
|
308 |
2971013 |
A[3] = a3; |
|
309 |
} |
||
310 |
✓✓✓✓ |
5692256 |
switch (b->top & 3) { |
311 |
case 3: |
||
312 |
29044 |
A[2] = B[2]; |
|
313 |
case 2: |
||
314 |
62774 |
A[1] = B[1]; |
|
315 |
case 1: |
||
316 |
255527 |
A[0] = B[0]; |
|
317 |
255527 |
} |
|
318 |
} |
||
319 |
|||
320 |
#else |
||
321 |
memset(A, 0, sizeof(BN_ULONG) * words); |
||
322 |
memcpy(A, b->d, sizeof(b->d[0]) * b->top); |
||
323 |
#endif |
||
324 |
|||
325 |
5384318 |
return (a); |
|
326 |
5384336 |
} |
|
327 |
|||
328 |
/* This is an internal function that can be used instead of bn_expand2() |
||
329 |
* when there is a need to copy BIGNUMs instead of only expanding the |
||
330 |
* data part, while still expanding them. |
||
331 |
* Especially useful when needing to expand BIGNUMs that are declared |
||
332 |
* 'const' and should therefore not be changed. |
||
333 |
* The reason to use this instead of a BN_dup() followed by a bn_expand2() |
||
334 |
* is memory allocation overhead. A BN_dup() followed by a bn_expand2() |
||
335 |
* will allocate new memory for the BIGNUM data twice, and free it once, |
||
336 |
* while bn_dup_expand() makes sure allocation is made only once. |
||
337 |
*/ |
||
338 |
|||
339 |
#ifndef OPENSSL_NO_DEPRECATED |
||
340 |
BIGNUM * |
||
341 |
bn_dup_expand(const BIGNUM *b, int words) |
||
342 |
{ |
||
343 |
BIGNUM *r = NULL; |
||
344 |
|||
345 |
bn_check_top(b); |
||
346 |
|||
347 |
/* This function does not work if |
||
348 |
* words <= b->dmax && top < words |
||
349 |
* because BN_dup() does not preserve 'dmax'! |
||
350 |
* (But bn_dup_expand() is not used anywhere yet.) |
||
351 |
*/ |
||
352 |
|||
353 |
if (words > b->dmax) { |
||
354 |
BN_ULONG *a = bn_expand_internal(b, words); |
||
355 |
|||
356 |
if (a) { |
||
357 |
r = BN_new(); |
||
358 |
if (r) { |
||
359 |
r->top = b->top; |
||
360 |
r->dmax = words; |
||
361 |
r->neg = b->neg; |
||
362 |
r->d = a; |
||
363 |
} else { |
||
364 |
/* r == NULL, BN_new failure */ |
||
365 |
free(a); |
||
366 |
} |
||
367 |
} |
||
368 |
/* If a == NULL, there was an error in allocation in |
||
369 |
bn_expand_internal(), and NULL should be returned */ |
||
370 |
} else { |
||
371 |
r = BN_dup(b); |
||
372 |
} |
||
373 |
|||
374 |
bn_check_top(r); |
||
375 |
return r; |
||
376 |
} |
||
377 |
#endif |
||
378 |
|||
379 |
/* This is an internal function that should not be used in applications. |
||
380 |
* It ensures that 'b' has enough room for a 'words' word number |
||
381 |
* and initialises any unused part of b->d with leading zeros. |
||
382 |
* It is mostly used by the various BIGNUM routines. If there is an error, |
||
383 |
* NULL is returned. If not, 'b' is returned. */ |
||
384 |
|||
385 |
BIGNUM * |
||
386 |
bn_expand2(BIGNUM *b, int words) |
||
387 |
{ |
||
388 |
bn_check_top(b); |
||
389 |
|||
390 |
✓✗ | 10768672 |
if (words > b->dmax) { |
391 |
5384336 |
BN_ULONG *a = bn_expand_internal(b, words); |
|
392 |
✓✓ | 5384336 |
if (!a) |
393 |
18 |
return NULL; |
|
394 |
✓✓ | 5384318 |
if (b->d) |
395 |
2558978 |
freezero(b->d, b->dmax * sizeof(b->d[0])); |
|
396 |
5384318 |
b->d = a; |
|
397 |
5384318 |
b->dmax = words; |
|
398 |
✓✓ | 5384318 |
} |
399 |
|||
400 |
/* None of this should be necessary because of what b->top means! */ |
||
401 |
#if 0 |
||
402 |
/* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */ |
||
403 |
if (b->top < b->dmax) { |
||
404 |
int i; |
||
405 |
BN_ULONG *A = &(b->d[b->top]); |
||
406 |
for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) { |
||
407 |
A[0] = 0; |
||
408 |
A[1] = 0; |
||
409 |
A[2] = 0; |
||
410 |
A[3] = 0; |
||
411 |
A[4] = 0; |
||
412 |
A[5] = 0; |
||
413 |
A[6] = 0; |
||
414 |
A[7] = 0; |
||
415 |
} |
||
416 |
for (i = (b->dmax - b->top)&7; i > 0; i--, A++) |
||
417 |
A[0] = 0; |
||
418 |
assert(A == &(b->d[b->dmax])); |
||
419 |
} |
||
420 |
#endif |
||
421 |
bn_check_top(b); |
||
422 |
5384318 |
return b; |
|
423 |
5384336 |
} |
|
424 |
|||
425 |
BIGNUM * |
||
426 |
BN_dup(const BIGNUM *a) |
||
427 |
{ |
||
428 |
BIGNUM *t; |
||
429 |
|||
430 |
✗✓ | 434378 |
if (a == NULL) |
431 |
return NULL; |
||
432 |
bn_check_top(a); |
||
433 |
|||
434 |
217189 |
t = BN_new(); |
|
435 |
✗✓ | 217189 |
if (t == NULL) |
436 |
return NULL; |
||
437 |
✗✓ | 217189 |
if (!BN_copy(t, a)) { |
438 |
BN_free(t); |
||
439 |
return NULL; |
||
440 |
} |
||
441 |
bn_check_top(t); |
||
442 |
217189 |
return t; |
|
443 |
217189 |
} |
|
444 |
|||
445 |
BIGNUM * |
||
446 |
BN_copy(BIGNUM *a, const BIGNUM *b) |
||
447 |
{ |
||
448 |
int i; |
||
449 |
BN_ULONG *A; |
||
450 |
const BN_ULONG *B; |
||
451 |
|||
452 |
bn_check_top(b); |
||
453 |
|||
454 |
✓✓ | 9271474 |
if (a == b) |
455 |
608 |
return (a); |
|
456 |
✓✓✗✓ |
9857825 |
if (bn_wexpand(a, b->top) == NULL) |
457 |
return (NULL); |
||
458 |
|||
459 |
#if 1 |
||
460 |
4635129 |
A = a->d; |
|
461 |
4635129 |
B = b->d; |
|
462 |
✓✓ | 23188130 |
for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) { |
463 |
BN_ULONG a0, a1, a2, a3; |
||
464 |
6958936 |
a0 = B[0]; |
|
465 |
6958936 |
a1 = B[1]; |
|
466 |
6958936 |
a2 = B[2]; |
|
467 |
6958936 |
a3 = B[3]; |
|
468 |
6958936 |
A[0] = a0; |
|
469 |
6958936 |
A[1] = a1; |
|
470 |
6958936 |
A[2] = a2; |
|
471 |
6958936 |
A[3] = a3; |
|
472 |
} |
||
473 |
✓✓✓✓ |
8344889 |
switch (b->top & 3) { |
474 |
case 3: |
||
475 |
530624 |
A[2] = B[2]; |
|
476 |
case 2: |
||
477 |
935821 |
A[1] = B[1]; |
|
478 |
case 1: |
||
479 |
2243315 |
A[0] = B[0]; |
|
480 |
2243315 |
} |
|
481 |
#else |
||
482 |
memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); |
||
483 |
#endif |
||
484 |
|||
485 |
4635129 |
a->top = b->top; |
|
486 |
4635129 |
a->neg = b->neg; |
|
487 |
bn_check_top(a); |
||
488 |
4635129 |
return (a); |
|
489 |
4635737 |
} |
|
490 |
|||
491 |
void |
||
492 |
BN_swap(BIGNUM *a, BIGNUM *b) |
||
493 |
{ |
||
494 |
int flags_old_a, flags_old_b; |
||
495 |
BN_ULONG *tmp_d; |
||
496 |
int tmp_top, tmp_dmax, tmp_neg; |
||
497 |
|||
498 |
bn_check_top(a); |
||
499 |
bn_check_top(b); |
||
500 |
|||
501 |
flags_old_a = a->flags; |
||
502 |
flags_old_b = b->flags; |
||
503 |
|||
504 |
tmp_d = a->d; |
||
505 |
tmp_top = a->top; |
||
506 |
tmp_dmax = a->dmax; |
||
507 |
tmp_neg = a->neg; |
||
508 |
|||
509 |
a->d = b->d; |
||
510 |
a->top = b->top; |
||
511 |
a->dmax = b->dmax; |
||
512 |
a->neg = b->neg; |
||
513 |
|||
514 |
b->d = tmp_d; |
||
515 |
b->top = tmp_top; |
||
516 |
b->dmax = tmp_dmax; |
||
517 |
b->neg = tmp_neg; |
||
518 |
|||
519 |
a->flags = (flags_old_a & BN_FLG_MALLOCED) | |
||
520 |
(flags_old_b & BN_FLG_STATIC_DATA); |
||
521 |
b->flags = (flags_old_b & BN_FLG_MALLOCED) | |
||
522 |
(flags_old_a & BN_FLG_STATIC_DATA); |
||
523 |
bn_check_top(a); |
||
524 |
bn_check_top(b); |
||
525 |
} |
||
526 |
|||
527 |
void |
||
528 |
BN_clear(BIGNUM *a) |
||
529 |
{ |
||
530 |
bn_check_top(a); |
||
531 |
✓✗ | 1056 |
if (a->d != NULL) |
532 |
528 |
memset(a->d, 0, a->dmax * sizeof(a->d[0])); |
|
533 |
528 |
a->top = 0; |
|
534 |
528 |
a->neg = 0; |
|
535 |
528 |
} |
|
536 |
|||
537 |
BN_ULONG |
||
538 |
BN_get_word(const BIGNUM *a) |
||
539 |
{ |
||
540 |
✗✓ | 74072 |
if (a->top > 1) |
541 |
return BN_MASK2; |
||
542 |
✓✓ | 37036 |
else if (a->top == 1) |
543 |
31954 |
return a->d[0]; |
|
544 |
/* a->top == 0 */ |
||
545 |
5082 |
return 0; |
|
546 |
37036 |
} |
|
547 |
|||
548 |
BIGNUM * |
||
549 |
bn_expand(BIGNUM *a, int bits) |
||
550 |
{ |
||
551 |
✗✓ | 75488764 |
if (bits > (INT_MAX - BN_BITS2 + 1)) |
552 |
return (NULL); |
||
553 |
|||
554 |
✓✓ | 37744382 |
if (((bits + BN_BITS2 - 1) / BN_BITS2) <= a->dmax) |
555 |
35612552 |
return (a); |
|
556 |
|||
557 |
2131830 |
return bn_expand2(a, (bits + BN_BITS2 - 1) / BN_BITS2); |
|
558 |
37744382 |
} |
|
559 |
|||
560 |
int |
||
561 |
BN_set_word(BIGNUM *a, BN_ULONG w) |
||
562 |
{ |
||
563 |
bn_check_top(a); |
||
564 |
✗✓ | 75487758 |
if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL) |
565 |
return (0); |
||
566 |
37743879 |
a->neg = 0; |
|
567 |
37743879 |
a->d[0] = w; |
|
568 |
37743879 |
a->top = (w ? 1 : 0); |
|
569 |
bn_check_top(a); |
||
570 |
37743879 |
return (1); |
|
571 |
37743879 |
} |
|
572 |
|||
573 |
BIGNUM * |
||
574 |
BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) |
||
575 |
{ |
||
576 |
unsigned int i, m; |
||
577 |
unsigned int n; |
||
578 |
BN_ULONG l; |
||
579 |
BIGNUM *bn = NULL; |
||
580 |
|||
581 |
✓✓ | 960208 |
if (ret == NULL) |
582 |
17802 |
ret = bn = BN_new(); |
|
583 |
✗✓ | 480104 |
if (ret == NULL) |
584 |
return (NULL); |
||
585 |
bn_check_top(ret); |
||
586 |
l = 0; |
||
587 |
n = len; |
||
588 |
✓✓ | 480104 |
if (n == 0) { |
589 |
18 |
ret->top = 0; |
|
590 |
18 |
return (ret); |
|
591 |
} |
||
592 |
480086 |
i = ((n - 1) / BN_BYTES) + 1; |
|
593 |
480086 |
m = ((n - 1) % (BN_BYTES)); |
|
594 |
✓✓✓✓ |
1364823 |
if (bn_wexpand(ret, (int)i) == NULL) { |
595 |
18 |
BN_free(bn); |
|
596 |
18 |
return NULL; |
|
597 |
} |
||
598 |
480068 |
ret->top = i; |
|
599 |
480068 |
ret->neg = 0; |
|
600 |
✓✓ | 210022078 |
while (n--) { |
601 |
104530971 |
l = (l << 8L) | *(s++); |
|
602 |
✓✓ | 104530971 |
if (m-- == 0) { |
603 |
13095922 |
ret->d[--i] = l; |
|
604 |
l = 0; |
||
605 |
m = BN_BYTES - 1; |
||
606 |
13095922 |
} |
|
607 |
} |
||
608 |
/* need to call this due to clear byte at top if avoiding |
||
609 |
* having the top bit set (-ve number) */ |
||
610 |
✓✗✓✓ ✓✓ |
2436261 |
bn_correct_top(ret); |
611 |
480068 |
return (ret); |
|
612 |
480104 |
} |
|
613 |
|||
614 |
/* ignore negative */ |
||
615 |
int |
||
616 |
BN_bn2bin(const BIGNUM *a, unsigned char *to) |
||
617 |
{ |
||
618 |
int n, i; |
||
619 |
BN_ULONG l; |
||
620 |
|||
621 |
bn_check_top(a); |
||
622 |
775108 |
n = i=BN_num_bytes(a); |
|
623 |
✓✓ | 188019310 |
while (i--) { |
624 |
93622101 |
l = a->d[i / BN_BYTES]; |
|
625 |
93622101 |
*(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; |
|
626 |
} |
||
627 |
387554 |
return (n); |
|
628 |
} |
||
629 |
|||
630 |
int |
||
631 |
BN_ucmp(const BIGNUM *a, const BIGNUM *b) |
||
632 |
{ |
||
633 |
int i; |
||
634 |
BN_ULONG t1, t2, *ap, *bp; |
||
635 |
|||
636 |
bn_check_top(a); |
||
637 |
bn_check_top(b); |
||
638 |
|||
639 |
39374510 |
i = a->top - b->top; |
|
640 |
✓✓ | 19687255 |
if (i != 0) |
641 |
5598254 |
return (i); |
|
642 |
14089001 |
ap = a->d; |
|
643 |
14089001 |
bp = b->d; |
|
644 |
✓✓ | 30330134 |
for (i = a->top - 1; i >= 0; i--) { |
645 |
15072202 |
t1 = ap[i]; |
|
646 |
15072202 |
t2 = bp[i]; |
|
647 |
✓✓ | 15072202 |
if (t1 != t2) |
648 |
13996136 |
return ((t1 > t2) ? 1 : -1); |
|
649 |
} |
||
650 |
92865 |
return (0); |
|
651 |
19687255 |
} |
|
652 |
|||
653 |
int |
||
654 |
BN_cmp(const BIGNUM *a, const BIGNUM *b) |
||
655 |
{ |
||
656 |
int i; |
||
657 |
int gt, lt; |
||
658 |
BN_ULONG t1, t2; |
||
659 |
|||
660 |
✗✓ | 18101842 |
if ((a == NULL) || (b == NULL)) { |
661 |
if (a != NULL) |
||
662 |
return (-1); |
||
663 |
else if (b != NULL) |
||
664 |
return (1); |
||
665 |
else |
||
666 |
return (0); |
||
667 |
} |
||
668 |
|||
669 |
bn_check_top(a); |
||
670 |
bn_check_top(b); |
||
671 |
|||
672 |
✓✓ | 9050921 |
if (a->neg != b->neg) { |
673 |
✓✓ | 2224 |
if (a->neg) |
674 |
86 |
return (-1); |
|
675 |
else |
||
676 |
2138 |
return (1); |
|
677 |
} |
||
678 |
✓✓ | 9048697 |
if (a->neg == 0) { |
679 |
gt = 1; |
||
680 |
lt = -1; |
||
681 |
9048473 |
} else { |
|
682 |
gt = -1; |
||
683 |
lt = 1; |
||
684 |
} |
||
685 |
|||
686 |
✓✓ | 9048697 |
if (a->top > b->top) |
687 |
3626403 |
return (gt); |
|
688 |
✓✓ | 5422294 |
if (a->top < b->top) |
689 |
16050 |
return (lt); |
|
690 |
✓✓ | 10998286 |
for (i = a->top - 1; i >= 0; i--) { |
691 |
5467993 |
t1 = a->d[i]; |
|
692 |
5467993 |
t2 = b->d[i]; |
|
693 |
✓✓ | 5467993 |
if (t1 > t2) |
694 |
1359482 |
return (gt); |
|
695 |
✓✓ | 4108511 |
if (t1 < t2) |
696 |
4015612 |
return (lt); |
|
697 |
} |
||
698 |
31150 |
return (0); |
|
699 |
9050921 |
} |
|
700 |
|||
701 |
int |
||
702 |
BN_set_bit(BIGNUM *a, int n) |
||
703 |
{ |
||
704 |
int i, j, k; |
||
705 |
|||
706 |
✗✓ | 133344 |
if (n < 0) |
707 |
return 0; |
||
708 |
|||
709 |
66672 |
i = n / BN_BITS2; |
|
710 |
66672 |
j = n % BN_BITS2; |
|
711 |
✓✓ | 66672 |
if (a->top <= i) { |
712 |
✓✓✗✓ |
196426 |
if (bn_wexpand(a, i + 1) == NULL) |
713 |
return (0); |
||
714 |
✓✓ | 2593976 |
for (k = a->top; k < i + 1; k++) |
715 |
1230854 |
a->d[k] = 0; |
|
716 |
66134 |
a->top = i + 1; |
|
717 |
66134 |
} |
|
718 |
|||
719 |
66672 |
a->d[i] |= (((BN_ULONG)1) << j); |
|
720 |
bn_check_top(a); |
||
721 |
66672 |
return (1); |
|
722 |
66672 |
} |
|
723 |
|||
724 |
int |
||
725 |
BN_clear_bit(BIGNUM *a, int n) |
||
726 |
{ |
||
727 |
int i, j; |
||
728 |
|||
729 |
bn_check_top(a); |
||
730 |
if (n < 0) |
||
731 |
return 0; |
||
732 |
|||
733 |
i = n / BN_BITS2; |
||
734 |
j = n % BN_BITS2; |
||
735 |
if (a->top <= i) |
||
736 |
return (0); |
||
737 |
|||
738 |
a->d[i] &= (~(((BN_ULONG)1) << j)); |
||
739 |
bn_correct_top(a); |
||
740 |
return (1); |
||
741 |
} |
||
742 |
|||
743 |
int |
||
744 |
BN_is_bit_set(const BIGNUM *a, int n) |
||
745 |
{ |
||
746 |
int i, j; |
||
747 |
|||
748 |
bn_check_top(a); |
||
749 |
✓✓ | 167723870 |
if (n < 0) |
750 |
17 |
return 0; |
|
751 |
83861918 |
i = n / BN_BITS2; |
|
752 |
83861918 |
j = n % BN_BITS2; |
|
753 |
✓✓ | 83861918 |
if (a->top <= i) |
754 |
11358 |
return 0; |
|
755 |
83850560 |
return (int)(((a->d[i]) >> j) & ((BN_ULONG)1)); |
|
756 |
83861935 |
} |
|
757 |
|||
758 |
int |
||
759 |
BN_mask_bits(BIGNUM *a, int n) |
||
760 |
{ |
||
761 |
int b, w; |
||
762 |
|||
763 |
bn_check_top(a); |
||
764 |
✗✓ | 3846 |
if (n < 0) |
765 |
return 0; |
||
766 |
|||
767 |
1923 |
w = n / BN_BITS2; |
|
768 |
1923 |
b = n % BN_BITS2; |
|
769 |
✗✓ | 1923 |
if (w >= a->top) |
770 |
return 0; |
||
771 |
✗✓ | 1923 |
if (b == 0) |
772 |
a->top = w; |
||
773 |
else { |
||
774 |
1923 |
a->top = w + 1; |
|
775 |
1923 |
a->d[w] &= ~(BN_MASK2 << b); |
|
776 |
} |
||
777 |
✓✗✓✗ ✗✓ |
9615 |
bn_correct_top(a); |
778 |
1923 |
return (1); |
|
779 |
1923 |
} |
|
780 |
|||
781 |
void |
||
782 |
BN_set_negative(BIGNUM *a, int b) |
||
783 |
{ |
||
784 |
✓✓✓✗ |
232400 |
if (b && !BN_is_zero(a)) |
785 |
88 |
a->neg = 1; |
|
786 |
else |
||
787 |
a->neg = 0; |
||
788 |
116156 |
} |
|
789 |
|||
790 |
int |
||
791 |
bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) |
||
792 |
{ |
||
793 |
int i; |
||
794 |
BN_ULONG aa, bb; |
||
795 |
|||
796 |
1547028 |
aa = a[n - 1]; |
|
797 |
773514 |
bb = b[n - 1]; |
|
798 |
✓✓ | 773514 |
if (aa != bb) |
799 |
752982 |
return ((aa > bb) ? 1 : -1); |
|
800 |
✓✓ | 128320 |
for (i = n - 2; i >= 0; i--) { |
801 |
63944 |
aa = a[i]; |
|
802 |
63944 |
bb = b[i]; |
|
803 |
✓✓ | 63944 |
if (aa != bb) |
804 |
20316 |
return ((aa > bb) ? 1 : -1); |
|
805 |
} |
||
806 |
216 |
return (0); |
|
807 |
773514 |
} |
|
808 |
|||
809 |
/* Here follows a specialised variants of bn_cmp_words(). It has the |
||
810 |
property of performing the operation on arrays of different sizes. |
||
811 |
The sizes of those arrays is expressed through cl, which is the |
||
812 |
common length ( basicall, min(len(a),len(b)) ), and dl, which is the |
||
813 |
delta between the two lengths, calculated as len(a)-len(b). |
||
814 |
All lengths are the number of BN_ULONGs... */ |
||
815 |
|||
816 |
int |
||
817 |
bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl) |
||
818 |
{ |
||
819 |
int n, i; |
||
820 |
|||
821 |
1249900 |
n = cl - 1; |
|
822 |
|||
823 |
✓✓ | 624950 |
if (dl < 0) { |
824 |
✓✓ | 19370 |
for (i = dl; i < 0; i++) { |
825 |
✓✓ | 9673 |
if (b[n - i] != 0) |
826 |
9227 |
return -1; /* a < b */ |
|
827 |
} |
||
828 |
} |
||
829 |
✓✓ | 615723 |
if (dl > 0) { |
830 |
✓✓ | 21144 |
for (i = dl; i > 0; i--) { |
831 |
✓✓ | 10560 |
if (a[n + i] != 0) |
832 |
10128 |
return 1; /* a > b */ |
|
833 |
} |
||
834 |
} |
||
835 |
605595 |
return bn_cmp_words(a, b, cl); |
|
836 |
624950 |
} |
|
837 |
|||
838 |
/* |
||
839 |
* Constant-time conditional swap of a and b. |
||
840 |
* a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. |
||
841 |
* nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, |
||
842 |
* and that no more than nwords are used by either a or b. |
||
843 |
* a and b cannot be the same number |
||
844 |
*/ |
||
845 |
void |
||
846 |
BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) |
||
847 |
{ |
||
848 |
BN_ULONG t; |
||
849 |
int i; |
||
850 |
|||
851 |
bn_wcheck_size(a, nwords); |
||
852 |
bn_wcheck_size(b, nwords); |
||
853 |
|||
854 |
assert(a != b); |
||
855 |
assert((condition & (condition - 1)) == 0); |
||
856 |
assert(sizeof(BN_ULONG) >= sizeof(int)); |
||
857 |
|||
858 |
12292840 |
condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; |
|
859 |
|||
860 |
10318948 |
t = (a->top^b->top) & condition; |
|
861 |
10318948 |
a->top ^= t; |
|
862 |
10318948 |
b->top ^= t; |
|
863 |
|||
864 |
#define BN_CONSTTIME_SWAP(ind) \ |
||
865 |
do { \ |
||
866 |
t = (a->d[ind] ^ b->d[ind]) & condition; \ |
||
867 |
a->d[ind] ^= t; \ |
||
868 |
b->d[ind] ^= t; \ |
||
869 |
} while (0) |
||
870 |
|||
871 |
|||
872 |
✗✗✓✓ ✓✓✓✓ ✓✓✓ |
10318948 |
switch (nwords) { |
873 |
default: |
||
874 |
for (i = 10; i < nwords; i++) |
||
875 |
BN_CONSTTIME_SWAP(i); |
||
876 |
/* Fallthrough */ |
||
877 |
case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ |
||
878 |
308828 |
case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ |
|
879 |
308828 |
case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ |
|
880 |
593488 |
case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ |
|
881 |
733832 |
case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ |
|
882 |
978288 |
case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ |
|
883 |
1482884 |
case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ |
|
884 |
1965016 |
case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ |
|
885 |
1973892 |
case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ |
|
886 |
case 1: |
||
887 |
1973892 |
BN_CONSTTIME_SWAP(0); |
|
888 |
} |
||
889 |
#undef BN_CONSTTIME_SWAP |
||
890 |
1973892 |
} |
Generated by: GCOVR (Version 3.3) |