--- /dev/null
+/* crypto/bn/bn_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef BN_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;
+
+/* This stuff appears to be completely unused, so is deprecated */
+#ifndef OPENSSL_NO_DEPRECATED
+/* For a 32 bit machine
+ * 2 - 4 == 128
+ * 3 - 8 == 256
+ * 4 - 16 == 512
+ * 5 - 32 == 1024
+ * 6 - 64 == 2048
+ * 7 - 128 == 4096
+ * 8 - 256 == 8192
+ */
+static int bn_limit_bits=0;
+static int bn_limit_num=8; /* (1<<bn_limit_bits) */
+static int bn_limit_bits_low=0;
+static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
+static int bn_limit_bits_high=0;
+static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
+static int bn_limit_bits_mont=0;
+static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
+
+void BN_set_params(int mult, int high, int low, int mont)
+ {
+ if (mult >= 0)
+ {
+ if (mult > (int)(sizeof(int)*8)-1)
+ mult=sizeof(int)*8-1;
+ bn_limit_bits=mult;
+ bn_limit_num=1<<mult;
+ }
+ if (high >= 0)
+ {
+ if (high > (int)(sizeof(int)*8)-1)
+ high=sizeof(int)*8-1;
+ bn_limit_bits_high=high;
+ bn_limit_num_high=1<<high;
+ }
+ if (low >= 0)
+ {
+ if (low > (int)(sizeof(int)*8)-1)
+ low=sizeof(int)*8-1;
+ bn_limit_bits_low=low;
+ bn_limit_num_low=1<<low;
+ }
+ if (mont >= 0)
+ {
+ if (mont > (int)(sizeof(int)*8)-1)
+ mont=sizeof(int)*8-1;
+ bn_limit_bits_mont=mont;
+ bn_limit_num_mont=1<<mont;
+ }
+ }
+
+int BN_get_params(int which)
+ {
+ if (which == 0) return(bn_limit_bits);
+ else if (which == 1) return(bn_limit_bits_high);
+ else if (which == 2) return(bn_limit_bits_low);
+ else if (which == 3) return(bn_limit_bits_mont);
+ else return(0);
+ }
+#endif
+
+const BIGNUM *BN_value_one(void)
+ {
+ static const BN_ULONG data_one=1L;
+ static const BIGNUM const_one={(BN_ULONG *)&data_one,1,1,0,BN_FLG_STATIC_DATA};
+
+ return(&const_one);
+ }
+
+int BN_num_bits_word(BN_ULONG l)
+ {
+ static const unsigned char bits[256]={
+ 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
+ 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
+ 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
+ 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
+ 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+ 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+ 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+ 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+ 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+ 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+ 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+ 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+ 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+ 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+ 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+ 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+ };
+
+#if defined(SIXTY_FOUR_BIT_LONG)
+ if (l & 0xffffffff00000000L)
+ {
+ if (l & 0xffff000000000000L)
+ {
+ if (l & 0xff00000000000000L)
+ {
+ return(bits[(int)(l>>56)]+56);
+ }
+ else return(bits[(int)(l>>48)]+48);
+ }
+ else
+ {
+ if (l & 0x0000ff0000000000L)
+ {
+ return(bits[(int)(l>>40)]+40);
+ }
+ else return(bits[(int)(l>>32)]+32);
+ }
+ }
+ else
+#else
+#ifdef SIXTY_FOUR_BIT
+ if (l & 0xffffffff00000000LL)
+ {
+ if (l & 0xffff000000000000LL)
+ {
+ if (l & 0xff00000000000000LL)
+ {
+ return(bits[(int)(l>>56)]+56);
+ }
+ else return(bits[(int)(l>>48)]+48);
+ }
+ else
+ {
+ if (l & 0x0000ff0000000000LL)
+ {
+ return(bits[(int)(l>>40)]+40);
+ }
+ else return(bits[(int)(l>>32)]+32);
+ }
+ }
+ else
+#endif
+#endif
+ {
+#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+ if (l & 0xffff0000L)
+ {
+ if (l & 0xff000000L)
+ return(bits[(int)(l>>24L)]+24);
+ else return(bits[(int)(l>>16L)]+16);
+ }
+ else
+#endif
+ {
+#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+ if (l & 0xff00L)
+ return(bits[(int)(l>>8)]+8);
+ else
+#endif
+ return(bits[(int)(l )] );
+ }
+ }
+ }
+
+int BN_num_bits(const BIGNUM *a)
+ {
+ int i = a->top - 1;
+ bn_check_top(a);
+
+ if (BN_is_zero(a)) return 0;
+ return ((i*BN_BITS2) + BN_num_bits_word(a->d[i]));
+ }
+
+void BN_clear_free(BIGNUM *a)
+ {
+ int i;
+
+ if (a == NULL) return;
+ bn_check_top(a);
+ if (a->d != NULL)
+ {
+ OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
+ if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
+ OPENSSL_free(a->d);
+ }
+ i=BN_get_flags(a,BN_FLG_MALLOCED);
+ OPENSSL_cleanse(a,sizeof(BIGNUM));
+ if (i)
+ OPENSSL_free(a);
+ }
+
+void BN_free(BIGNUM *a)
+ {
+ if (a == NULL) return;
+ bn_check_top(a);
+ if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
+ OPENSSL_free(a->d);
+ if (a->flags & BN_FLG_MALLOCED)
+ OPENSSL_free(a);
+ else
+ {
+#ifndef OPENSSL_NO_DEPRECATED
+ a->flags|=BN_FLG_FREE;
+#endif
+ a->d = NULL;
+ }
+ }
+
+void BN_init(BIGNUM *a)
+ {
+ memset(a,0,sizeof(BIGNUM));
+ bn_check_top(a);
+ }
+
+BIGNUM *BN_new(void)
+ {
+ BIGNUM *ret;
+
+ if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL)
+ {
+ BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+ ret->flags=BN_FLG_MALLOCED;
+ ret->top=0;
+ ret->neg=0;
+ ret->dmax=0;
+ ret->d=NULL;
+ bn_check_top(ret);
+ return(ret);
+ }
+
+/* This is used both by bn_expand2() and bn_dup_expand() */
+/* The caller MUST check that words > b->dmax before calling this */
+static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
+ {
+ BN_ULONG *A,*a = NULL;
+ const BN_ULONG *B;
+ int i;
+
+ bn_check_top(b);
+
+ if (words > (INT_MAX/(4*BN_BITS2)))
+ {
+ BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
+ return NULL;
+ }
+ if (BN_get_flags(b,BN_FLG_STATIC_DATA))
+ {
+ BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
+ return(NULL);
+ }
+ a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*words);
+ if (A == NULL)
+ {
+ BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+#ifdef PURIFY
+ /* Valgrind complains in BN_consttime_swap because we process the whole
+ * array even if it's not initialised yet. This doesn't matter in that
+ * function - what's important is constant time operation (we're not
+ * actually going to use the data)
+ */
+ memset(a, 0, sizeof(BN_ULONG)*words);
+#endif
+
+#if 1
+ B=b->d;
+ /* Check if the previous number needs to be copied */
+ if (B != NULL)
+ {
+ for (i=b->top>>2; i>0; i--,A+=4,B+=4)
+ {
+ /*
+ * The fact that the loop is unrolled
+ * 4-wise is a tribute to Intel. It's
+ * the one that doesn't have enough
+ * registers to accomodate more data.
+ * I'd unroll it 8-wise otherwise:-)
+ *
+ * <appro@fy.chalmers.se>
+ */
+ BN_ULONG a0,a1,a2,a3;
+ a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
+ A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
+ }
+ switch (b->top&3)
+ {
+ case 3: A[2]=B[2];
+ case 2: A[1]=B[1];
+ case 1: A[0]=B[0];
+ case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does
+ * the switch table by doing a=top&3; a--; goto jump_table[a];
+ * which fails for top== 0 */
+ ;
+ }
+ }
+
+#else
+ memset(A,0,sizeof(BN_ULONG)*words);
+ memcpy(A,b->d,sizeof(b->d[0])*b->top);
+#endif
+
+ return(a);
+ }
+
+/* This is an internal function that can be used instead of bn_expand2()
+ * when there is a need to copy BIGNUMs instead of only expanding the
+ * data part, while still expanding them.
+ * Especially useful when needing to expand BIGNUMs that are declared
+ * 'const' and should therefore not be changed.
+ * The reason to use this instead of a BN_dup() followed by a bn_expand2()
+ * is memory allocation overhead. A BN_dup() followed by a bn_expand2()
+ * will allocate new memory for the BIGNUM data twice, and free it once,
+ * while bn_dup_expand() makes sure allocation is made only once.
+ */
+
+#ifndef OPENSSL_NO_DEPRECATED
+BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
+ {
+ BIGNUM *r = NULL;
+
+ bn_check_top(b);
+
+ /* This function does not work if
+ * words <= b->dmax && top < words
+ * because BN_dup() does not preserve 'dmax'!
+ * (But bn_dup_expand() is not used anywhere yet.)
+ */
+
+ if (words > b->dmax)
+ {
+ BN_ULONG *a = bn_expand_internal(b, words);
+
+ if (a)
+ {
+ r = BN_new();
+ if (r)
+ {
+ r->top = b->top;
+ r->dmax = words;
+ r->neg = b->neg;
+ r->d = a;
+ }
+ else
+ {
+ /* r == NULL, BN_new failure */
+ OPENSSL_free(a);
+ }
+ }
+ /* If a == NULL, there was an error in allocation in
+ bn_expand_internal(), and NULL should be returned */
+ }
+ else
+ {
+ r = BN_dup(b);
+ }
+
+ bn_check_top(r);
+ return r;
+ }
+#endif
+
+/* This is an internal function that should not be used in applications.
+ * It ensures that 'b' has enough room for a 'words' word number
+ * and initialises any unused part of b->d with leading zeros.
+ * It is mostly used by the various BIGNUM routines. If there is an error,
+ * NULL is returned. If not, 'b' is returned. */
+
+BIGNUM *bn_expand2(BIGNUM *b, int words)
+ {
+ bn_check_top(b);
+
+ if (words > b->dmax)
+ {
+ BN_ULONG *a = bn_expand_internal(b, words);
+ if(!a) return NULL;
+ if(b->d) OPENSSL_free(b->d);
+ b->d=a;
+ b->dmax=words;
+ }
+
+/* None of this should be necessary because of what b->top means! */
+#if 0
+ /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */
+ if (b->top < b->dmax)
+ {
+ int i;
+ BN_ULONG *A = &(b->d[b->top]);
+ for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
+ {
+ A[0]=0; A[1]=0; A[2]=0; A[3]=0;
+ A[4]=0; A[5]=0; A[6]=0; A[7]=0;
+ }
+ for (i=(b->dmax - b->top)&7; i>0; i--,A++)
+ A[0]=0;
+ assert(A == &(b->d[b->dmax]));
+ }
+#endif
+ bn_check_top(b);
+ return b;
+ }
+
+BIGNUM *BN_dup(const BIGNUM *a)
+ {
+ BIGNUM *t;
+
+ if (a == NULL) return NULL;
+ bn_check_top(a);
+
+ t = BN_new();
+ if (t == NULL) return NULL;
+ if(!BN_copy(t, a))
+ {
+ BN_free(t);
+ return NULL;
+ }
+ bn_check_top(t);
+ return t;
+ }
+
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
+ {
+ int i;
+ BN_ULONG *A;
+ const BN_ULONG *B;
+
+ bn_check_top(b);
+
+ if (a == b) return(a);
+ if (bn_wexpand(a,b->top) == NULL) return(NULL);
+
+#if 1
+ A=a->d;
+ B=b->d;
+ for (i=b->top>>2; i>0; i--,A+=4,B+=4)
+ {
+ BN_ULONG a0,a1,a2,a3;
+ a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
+ A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
+ }
+ switch (b->top&3)
+ {
+ case 3: A[2]=B[2];
+ case 2: A[1]=B[1];
+ case 1: A[0]=B[0];
+ case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
+ }
+#else
+ memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
+#endif
+
+ a->top=b->top;
+ a->neg=b->neg;
+ bn_check_top(a);
+ return(a);
+ }
+
+void BN_swap(BIGNUM *a, BIGNUM *b)
+ {
+ int flags_old_a, flags_old_b;
+ BN_ULONG *tmp_d;
+ int tmp_top, tmp_dmax, tmp_neg;
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ flags_old_a = a->flags;
+ flags_old_b = b->flags;
+
+ tmp_d = a->d;
+ tmp_top = a->top;
+ tmp_dmax = a->dmax;
+ tmp_neg = a->neg;
+
+ a->d = b->d;
+ a->top = b->top;
+ a->dmax = b->dmax;
+ a->neg = b->neg;
+
+ b->d = tmp_d;
+ b->top = tmp_top;
+ b->dmax = tmp_dmax;
+ b->neg = tmp_neg;
+
+ a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
+ b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
+ bn_check_top(a);
+ bn_check_top(b);
+ }
+
+void BN_clear(BIGNUM *a)
+ {
+ bn_check_top(a);
+ if (a->d != NULL)
+ memset(a->d,0,a->dmax*sizeof(a->d[0]));
+ a->top=0;
+ a->neg=0;
+ }
+
+BN_ULONG BN_get_word(const BIGNUM *a)
+ {
+ if (a->top > 1)
+ return BN_MASK2;
+ else if (a->top == 1)
+ return a->d[0];
+ /* a->top == 0 */
+ return 0;
+ }
+
+int BN_set_word(BIGNUM *a, BN_ULONG w)
+ {
+ bn_check_top(a);
+ if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0);
+ a->neg = 0;
+ a->d[0] = w;
+ a->top = (w ? 1 : 0);
+ bn_check_top(a);
+ return(1);
+ }
+
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
+ {
+ unsigned int i,m;
+ unsigned int n;
+ BN_ULONG l;
+ BIGNUM *bn = NULL;
+
+ if (ret == NULL)
+ ret = bn = BN_new();
+ if (ret == NULL) return(NULL);
+ bn_check_top(ret);
+ l=0;
+ n=len;
+ if (n == 0)
+ {
+ ret->top=0;
+ return(ret);
+ }
+ i=((n-1)/BN_BYTES)+1;
+ m=((n-1)%(BN_BYTES));
+ if (bn_wexpand(ret, (int)i) == NULL)
+ {
+ if (bn) BN_free(bn);
+ return NULL;
+ }
+ ret->top=i;
+ ret->neg=0;
+ while (n--)
+ {
+ l=(l<<8L)| *(s++);
+ if (m-- == 0)
+ {
+ ret->d[--i]=l;
+ l=0;
+ m=BN_BYTES-1;
+ }
+ }
+ /* need to call this due to clear byte at top if avoiding
+ * having the top bit set (-ve number) */
+ bn_correct_top(ret);
+ return(ret);
+ }
+
+/* ignore negative */
+int BN_bn2bin(const BIGNUM *a, unsigned char *to)
+ {
+ int n,i;
+ BN_ULONG l;
+
+ bn_check_top(a);
+ n=i=BN_num_bytes(a);
+ while (i--)
+ {
+ l=a->d[i/BN_BYTES];
+ *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
+ }
+ return(n);
+ }
+
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
+ {
+ int i;
+ BN_ULONG t1,t2,*ap,*bp;
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ i=a->top-b->top;
+ if (i != 0) return(i);
+ ap=a->d;
+ bp=b->d;
+ for (i=a->top-1; i>=0; i--)
+ {
+ t1= ap[i];
+ t2= bp[i];
+ if (t1 != t2)
+ return((t1 > t2) ? 1 : -1);
+ }
+ return(0);
+ }
+
+int BN_cmp(const BIGNUM *a, const BIGNUM *b)
+ {
+ int i;
+ int gt,lt;
+ BN_ULONG t1,t2;
+
+ if ((a == NULL) || (b == NULL))
+ {
+ if (a != NULL)
+ return(-1);
+ else if (b != NULL)
+ return(1);
+ else
+ return(0);
+ }
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ if (a->neg != b->neg)
+ {
+ if (a->neg)
+ return(-1);
+ else return(1);
+ }
+ if (a->neg == 0)
+ { gt=1; lt= -1; }
+ else { gt= -1; lt=1; }
+
+ if (a->top > b->top) return(gt);
+ if (a->top < b->top) return(lt);
+ for (i=a->top-1; i>=0; i--)
+ {
+ t1=a->d[i];
+ t2=b->d[i];
+ if (t1 > t2) return(gt);
+ if (t1 < t2) return(lt);
+ }
+ return(0);
+ }
+
+int BN_set_bit(BIGNUM *a, int n)
+ {
+ int i,j,k;
+
+ if (n < 0)
+ return 0;
+
+ i=n/BN_BITS2;
+ j=n%BN_BITS2;
+ if (a->top <= i)
+ {
+ if (bn_wexpand(a,i+1) == NULL) return(0);
+ for(k=a->top; k<i+1; k++)
+ a->d[k]=0;
+ a->top=i+1;
+ }
+
+ a->d[i]|=(((BN_ULONG)1)<<j);
+ bn_check_top(a);
+ return(1);
+ }
+
+int BN_clear_bit(BIGNUM *a, int n)
+ {
+ int i,j;
+
+ bn_check_top(a);
+ if (n < 0) return 0;
+
+ i=n/BN_BITS2;
+ j=n%BN_BITS2;
+ if (a->top <= i) return(0);
+
+ a->d[i]&=(~(((BN_ULONG)1)<<j));
+ bn_correct_top(a);
+ return(1);
+ }
+
+int BN_is_bit_set(const BIGNUM *a, int n)
+ {
+ int i,j;
+
+ bn_check_top(a);
+ if (n < 0) return 0;
+ i=n/BN_BITS2;
+ j=n%BN_BITS2;
+ if (a->top <= i) return 0;
+ return (int)(((a->d[i])>>j)&((BN_ULONG)1));
+ }
+
+int BN_mask_bits(BIGNUM *a, int n)
+ {
+ int b,w;
+
+ bn_check_top(a);
+ if (n < 0) return 0;
+
+ w=n/BN_BITS2;
+ b=n%BN_BITS2;
+ if (w >= a->top) return 0;
+ if (b == 0)
+ a->top=w;
+ else
+ {
+ a->top=w+1;
+ a->d[w]&= ~(BN_MASK2<<b);
+ }
+ bn_correct_top(a);
+ return(1);
+ }
+
+void BN_set_negative(BIGNUM *a, int b)
+ {
+ if (b && !BN_is_zero(a))
+ a->neg = 1;
+ else
+ a->neg = 0;
+ }
+
+int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
+ {
+ int i;
+ BN_ULONG aa,bb;
+
+ aa=a[n-1];
+ bb=b[n-1];
+ if (aa != bb) return((aa > bb)?1:-1);
+ for (i=n-2; i>=0; i--)
+ {
+ aa=a[i];
+ bb=b[i];
+ if (aa != bb) return((aa > bb)?1:-1);
+ }
+ return(0);
+ }
+
+/* Here follows a specialised variants of bn_cmp_words(). It has the
+ property of performing the operation on arrays of different sizes.
+ The sizes of those arrays is expressed through cl, which is the
+ common length ( basicall, min(len(a),len(b)) ), and dl, which is the
+ delta between the two lengths, calculated as len(a)-len(b).
+ All lengths are the number of BN_ULONGs... */
+
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
+ int cl, int dl)
+ {
+ int n,i;
+ n = cl-1;
+
+ if (dl < 0)
+ {
+ for (i=dl; i<0; i++)
+ {
+ if (b[n-i] != 0)
+ return -1; /* a < b */
+ }
+ }
+ if (dl > 0)
+ {
+ for (i=dl; i>0; i--)
+ {
+ if (a[n+i] != 0)
+ return 1; /* a > b */
+ }
+ }
+ return bn_cmp_words(a,b,cl);
+ }
+
+/*
+ * Constant-time conditional swap of a and b.
+ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
+ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
+ * and that no more than nwords are used by either a or b.
+ * a and b cannot be the same number
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+ {
+ BN_ULONG t;
+ int i;
+
+ bn_wcheck_size(a, nwords);
+ bn_wcheck_size(b, nwords);
+
+ assert(a != b);
+ assert((condition & (condition - 1)) == 0);
+ assert(sizeof(BN_ULONG) >= sizeof(int));
+
+ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+
+ t = (a->top^b->top) & condition;
+ a->top ^= t;
+ b->top ^= t;
+
+#define BN_CONSTTIME_SWAP(ind) \
+ do { \
+ t = (a->d[ind] ^ b->d[ind]) & condition; \
+ a->d[ind] ^= t; \
+ b->d[ind] ^= t; \
+ } while (0)
+
+
+ switch (nwords) {
+ default:
+ for (i = 10; i < nwords; i++)
+ BN_CONSTTIME_SWAP(i);
+ /* Fallthrough */
+ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
+ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
+ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
+ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
+ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
+ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
+ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
+ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
+ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
+ case 1: BN_CONSTTIME_SWAP(0);
+ }
+#undef BN_CONSTTIME_SWAP
+}
projects / cassiopeia.git / blobdiff