From eb8dd9dca1228af0cd132f515509051ecfabf6f6 Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Mon, 14 Apr 2025 17:32:06 +0000 Subject: This commit was manufactured by cvs2git to create tag 'tb_20250414'. --- src/lib/libcrypto/bn/bn_lib.c | 752 ------------------------------------------ 1 file changed, 752 deletions(-) delete mode 100644 src/lib/libcrypto/bn/bn_lib.c (limited to 'src/lib/libcrypto/bn/bn_lib.c') diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c deleted file mode 100644 index 72b988650c..0000000000 --- a/src/lib/libcrypto/bn/bn_lib.c +++ /dev/null @@ -1,752 +0,0 @@ -/* $OpenBSD: bn_lib.c,v 1.93 2024/04/16 13:07:14 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include - -#include - -#include - -#include "bn_local.h" -#include "bn_internal.h" - -BIGNUM * -BN_new(void) -{ - BIGNUM *bn; - - if ((bn = calloc(1, sizeof(BIGNUM))) == NULL) { - BNerror(ERR_R_MALLOC_FAILURE); - return NULL; - } - bn->flags = BN_FLG_MALLOCED; - - return bn; -} -LCRYPTO_ALIAS(BN_new); - -void -BN_init(BIGNUM *a) -{ - memset(a, 0, sizeof(BIGNUM)); -} - -void -BN_clear(BIGNUM *a) -{ - if (a->d != NULL) - explicit_bzero(a->d, a->dmax * sizeof(a->d[0])); - a->top = 0; - a->neg = 0; -} -LCRYPTO_ALIAS(BN_clear); - -void -BN_free(BIGNUM *bn) -{ - if (bn == NULL) - return; - - if (!BN_get_flags(bn, BN_FLG_STATIC_DATA)) - freezero(bn->d, bn->dmax * sizeof(bn->d[0])); - - if (!BN_get_flags(bn, BN_FLG_MALLOCED)) { - explicit_bzero(bn, sizeof(*bn)); - return; - } - - freezero(bn, sizeof(*bn)); -} -LCRYPTO_ALIAS(BN_free); - -void -BN_clear_free(BIGNUM *bn) -{ - BN_free(bn); -} -LCRYPTO_ALIAS(BN_clear_free); - -void -BN_set_flags(BIGNUM *b, int n) -{ - b->flags |= n; -} -LCRYPTO_ALIAS(BN_set_flags); - -int -BN_get_flags(const BIGNUM *b, int n) -{ - return b->flags & n; -} -LCRYPTO_ALIAS(BN_get_flags); - -void -BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags) -{ - int dest_flags; - - dest_flags = (dest->flags & BN_FLG_MALLOCED) | - (b->flags & ~BN_FLG_MALLOCED) | BN_FLG_STATIC_DATA | flags; - - *dest = *b; - dest->flags = dest_flags; -} -LCRYPTO_ALIAS(BN_with_flags); - -static const BN_ULONG bn_value_one_data = 1; -static const BIGNUM bn_value_one = { - .d = (BN_ULONG *)&bn_value_one_data, - .top = 1, - .dmax = 1, - .neg = 0, - .flags = BN_FLG_STATIC_DATA, -}; - -const BIGNUM * -BN_value_one(void) -{ - return &bn_value_one; -} -LCRYPTO_ALIAS(BN_value_one); - -int -BN_num_bits_word(BN_ULONG w) -{ - return BN_BITS2 - bn_clzw(w); -} -LCRYPTO_ALIAS(BN_num_bits_word); - -int -BN_num_bits(const BIGNUM *bn) -{ - return bn_bitsize(bn); -} -LCRYPTO_ALIAS(BN_num_bits); - -void -bn_correct_top(BIGNUM *a) -{ - while (a->top > 0 && a->d[a->top - 1] == 0) - a->top--; -} - -static int -bn_expand_internal(BIGNUM *bn, int words) -{ - BN_ULONG *d; - - if (words < 0) { - BNerror(BN_R_BIGNUM_TOO_LONG); // XXX - return 0; - } - - if (words > INT_MAX / (4 * BN_BITS2)) { - BNerror(BN_R_BIGNUM_TOO_LONG); - return 0; - } - if (BN_get_flags(bn, BN_FLG_STATIC_DATA)) { - BNerror(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); - return 0; - } - - d = recallocarray(bn->d, bn->dmax, words, sizeof(BN_ULONG)); - if (d == NULL) { - BNerror(ERR_R_MALLOC_FAILURE); - return 0; - } - bn->d = d; - bn->dmax = words; - - return 1; -} - -int -bn_expand_bits(BIGNUM *bn, size_t bits) -{ - int words; - - if (bits > (INT_MAX - BN_BITS2 + 1)) - return 0; - - words = (bits + BN_BITS2 - 1) / BN_BITS2; - - return bn_wexpand(bn, words); -} - -int -bn_expand_bytes(BIGNUM *bn, size_t bytes) -{ - int words; - - if (bytes > (INT_MAX - BN_BYTES + 1)) - return 0; - - words = (bytes + BN_BYTES - 1) / BN_BYTES; - - return bn_wexpand(bn, words); -} - -int -bn_wexpand(BIGNUM *bn, int words) -{ - if (words < 0) - return 0; - - if (words <= bn->dmax) - return 1; - - return bn_expand_internal(bn, words); -} - -BIGNUM * -BN_dup(const BIGNUM *a) -{ - BIGNUM *t; - - if (a == NULL) - return NULL; - - t = BN_new(); - if (t == NULL) - return NULL; - if (!bn_copy(t, a)) { - BN_free(t); - return NULL; - } - return t; -} -LCRYPTO_ALIAS(BN_dup); - -static inline void -bn_copy_words(BN_ULONG *ap, const BN_ULONG *bp, int n) -{ - while (n > 0) { - ap[0] = bp[0]; - ap++; - bp++; - n--; - } -} - -BIGNUM * -BN_copy(BIGNUM *a, const BIGNUM *b) -{ - if (a == b) - return (a); - - if (!bn_wexpand(a, b->top)) - return (NULL); - - bn_copy_words(a->d, b->d, b->top); - - /* Copy constant time flag from b, but make it sticky on a. */ - a->flags |= b->flags & BN_FLG_CONSTTIME; - - a->top = b->top; - a->neg = b->neg; - - return (a); -} -LCRYPTO_ALIAS(BN_copy); - -int -bn_copy(BIGNUM *dst, const BIGNUM *src) -{ - return BN_copy(dst, src) != NULL; -} - -void -BN_swap(BIGNUM *a, BIGNUM *b) -{ - int flags_old_a, flags_old_b; - BN_ULONG *tmp_d; - int tmp_top, tmp_dmax, tmp_neg; - - - flags_old_a = a->flags; - flags_old_b = b->flags; - - tmp_d = a->d; - tmp_top = a->top; - tmp_dmax = a->dmax; - tmp_neg = a->neg; - - a->d = b->d; - a->top = b->top; - a->dmax = b->dmax; - a->neg = b->neg; - - b->d = tmp_d; - b->top = tmp_top; - b->dmax = tmp_dmax; - b->neg = tmp_neg; - - a->flags = (flags_old_a & BN_FLG_MALLOCED) | - (flags_old_b & BN_FLG_STATIC_DATA); - b->flags = (flags_old_b & BN_FLG_MALLOCED) | - (flags_old_a & BN_FLG_STATIC_DATA); -} -LCRYPTO_ALIAS(BN_swap); - -BN_ULONG -BN_get_word(const BIGNUM *a) -{ - if (a->top > 1) - return BN_MASK2; - else if (a->top == 1) - return a->d[0]; - /* a->top == 0 */ - return 0; -} -LCRYPTO_ALIAS(BN_get_word); - -int -BN_set_word(BIGNUM *a, BN_ULONG w) -{ - if (!bn_wexpand(a, 1)) - return (0); - a->neg = 0; - a->d[0] = w; - a->top = (w ? 1 : 0); - return (1); -} -LCRYPTO_ALIAS(BN_set_word); - -int -BN_ucmp(const BIGNUM *a, const BIGNUM *b) -{ - int i; - - if (a->top < b->top) - return -1; - if (a->top > b->top) - return 1; - - for (i = a->top - 1; i >= 0; i--) { - if (a->d[i] != b->d[i]) - return (a->d[i] > b->d[i] ? 1 : -1); - } - - return 0; -} -LCRYPTO_ALIAS(BN_ucmp); - -int -BN_cmp(const BIGNUM *a, const BIGNUM *b) -{ - if (a == NULL || b == NULL) { - if (a != NULL) - return -1; - if (b != NULL) - return 1; - return 0; - } - - if (a->neg != b->neg) - return b->neg - a->neg; - - if (a->neg) - return BN_ucmp(b, a); - - return BN_ucmp(a, b); -} -LCRYPTO_ALIAS(BN_cmp); - -int -BN_set_bit(BIGNUM *a, int n) -{ - int i, j, k; - - if (n < 0) - return 0; - - i = n / BN_BITS2; - j = n % BN_BITS2; - if (a->top <= i) { - if (!bn_wexpand(a, i + 1)) - return (0); - for (k = a->top; k < i + 1; k++) - a->d[k] = 0; - a->top = i + 1; - } - - a->d[i] |= (((BN_ULONG)1) << j); - return (1); -} -LCRYPTO_ALIAS(BN_set_bit); - -int -BN_clear_bit(BIGNUM *a, int n) -{ - int i, j; - - if (n < 0) - return 0; - - i = n / BN_BITS2; - j = n % BN_BITS2; - if (a->top <= i) - return (0); - - a->d[i] &= (~(((BN_ULONG)1) << j)); - bn_correct_top(a); - - BN_set_negative(a, a->neg); - - return (1); -} -LCRYPTO_ALIAS(BN_clear_bit); - -int -BN_is_bit_set(const BIGNUM *a, int n) -{ - int i, j; - - if (n < 0) - return 0; - i = n / BN_BITS2; - j = n % BN_BITS2; - if (a->top <= i) - return 0; - return (int)(((a->d[i]) >> j) & ((BN_ULONG)1)); -} -LCRYPTO_ALIAS(BN_is_bit_set); - -int -BN_mask_bits(BIGNUM *a, int n) -{ - int b, w; - - if (n < 0) - return 0; - - w = n / BN_BITS2; - b = n % BN_BITS2; - if (w >= a->top) - return 0; - if (b == 0) - a->top = w; - else { - a->top = w + 1; - a->d[w] &= ~(BN_MASK2 << b); - } - bn_correct_top(a); - - BN_set_negative(a, a->neg); - - return (1); -} -LCRYPTO_ALIAS(BN_mask_bits); - -void -BN_set_negative(BIGNUM *bn, int neg) -{ - bn->neg = ~BN_is_zero(bn) & bn_ct_ne_zero(neg); -} -LCRYPTO_ALIAS(BN_set_negative); - -/* - * Constant-time conditional swap of a and b. - * a and b are swapped if condition is not 0. - * The code assumes that at most one bit of condition is set. - * nwords is the number of words to swap. - * The code assumes that at least nwords are allocated in both a and b, - * and that no more than nwords are used by either a or b. - * a and b cannot be the same number - */ -void -BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) -{ - BN_ULONG t; - int i; - - assert(a != b); - assert((condition & (condition - 1)) == 0); - assert(sizeof(BN_ULONG) >= sizeof(int)); - - condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; - - t = (a->top^b->top) & condition; - a->top ^= t; - b->top ^= t; - -#define BN_CONSTTIME_SWAP(ind) \ - do { \ - t = (a->d[ind] ^ b->d[ind]) & condition; \ - a->d[ind] ^= t; \ - b->d[ind] ^= t; \ - } while (0) - - - switch (nwords) { - default: - for (i = 10; i < nwords; i++) - BN_CONSTTIME_SWAP(i); - /* Fallthrough */ - case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ - case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ - case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ - case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ - case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ - case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ - case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ - case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ - case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ - case 1: - BN_CONSTTIME_SWAP(0); - } -#undef BN_CONSTTIME_SWAP -} -LCRYPTO_ALIAS(BN_consttime_swap); - -/* - * Constant-time conditional swap of a and b. - * a and b are swapped if condition is not 0. - * nwords is the number of words to swap. - */ -int -BN_swap_ct(BN_ULONG condition, BIGNUM *a, BIGNUM *b, size_t nwords) -{ - BN_ULONG t; - int i, words; - - if (a == b) - return 1; - if (nwords > INT_MAX) - return 0; - words = (int)nwords; - if (!bn_wexpand(a, words) || !bn_wexpand(b, words)) - return 0; - if (a->top > words || b->top > words) { - BNerror(BN_R_INVALID_LENGTH); - return 0; - } - - /* Set condition to 0 (if it was zero) or all 1s otherwise. */ - condition = ((~condition & (condition - 1)) >> (BN_BITS2 - 1)) - 1; - - /* swap top field */ - t = (a->top ^ b->top) & condition; - a->top ^= t; - b->top ^= t; - - /* swap neg field */ - t = (a->neg ^ b->neg) & condition; - a->neg ^= t; - b->neg ^= t; - - /* swap BN_FLG_CONSTTIME from flag field */ - t = ((a->flags ^ b->flags) & BN_FLG_CONSTTIME) & condition; - a->flags ^= t; - b->flags ^= t; - - /* swap the data */ - for (i = 0; i < words; i++) { - t = (a->d[i] ^ b->d[i]) & condition; - a->d[i] ^= t; - b->d[i] ^= t; - } - - return 1; -} - -void -BN_zero(BIGNUM *a) -{ - a->neg = 0; - a->top = 0; -} -LCRYPTO_ALIAS(BN_zero); - -int -BN_one(BIGNUM *a) -{ - return BN_set_word(a, 1); -} -LCRYPTO_ALIAS(BN_one); - -int -BN_abs_is_word(const BIGNUM *a, const BN_ULONG w) -{ - return (a->top == 1 && a->d[0] == w) || (w == 0 && a->top == 0); -} -LCRYPTO_ALIAS(BN_abs_is_word); - -int -BN_is_zero(const BIGNUM *bn) -{ - BN_ULONG bits = 0; - int i; - - for (i = 0; i < bn->top; i++) - bits |= bn->d[i]; - - return bits == 0; -} -LCRYPTO_ALIAS(BN_is_zero); - -int -BN_is_one(const BIGNUM *a) -{ - return BN_abs_is_word(a, 1) && !a->neg; -} -LCRYPTO_ALIAS(BN_is_one); - -int -BN_is_word(const BIGNUM *a, const BN_ULONG w) -{ - return BN_abs_is_word(a, w) && (w == 0 || !a->neg); -} -LCRYPTO_ALIAS(BN_is_word); - -int -BN_is_odd(const BIGNUM *a) -{ - return a->top > 0 && (a->d[0] & 1); -} -LCRYPTO_ALIAS(BN_is_odd); - -int -BN_is_negative(const BIGNUM *a) -{ - return a->neg != 0; -} -LCRYPTO_ALIAS(BN_is_negative); - -/* - * Bits of security, see SP800-57, section 5.6.11, table 2. - */ -int -BN_security_bits(int L, int N) -{ - int secbits, bits; - - if (L >= 15360) - secbits = 256; - else if (L >= 7680) - secbits = 192; - else if (L >= 3072) - secbits = 128; - else if (L >= 2048) - secbits = 112; - else if (L >= 1024) - secbits = 80; - else - return 0; - - if (N == -1) - return secbits; - - bits = N / 2; - if (bits < 80) - return 0; - - return bits >= secbits ? secbits : bits; -} -LCRYPTO_ALIAS(BN_security_bits); - -BN_GENCB * -BN_GENCB_new(void) -{ - BN_GENCB *cb; - - if ((cb = calloc(1, sizeof(*cb))) == NULL) - return NULL; - - return cb; -} -LCRYPTO_ALIAS(BN_GENCB_new); - -void -BN_GENCB_free(BN_GENCB *cb) -{ - if (cb == NULL) - return; - free(cb); -} -LCRYPTO_ALIAS(BN_GENCB_free); - -/* Populate a BN_GENCB structure with an "old"-style callback */ -void -BN_GENCB_set_old(BN_GENCB *gencb, void (*cb)(int, int, void *), void *cb_arg) -{ - gencb->ver = 1; - gencb->cb.cb_1 = cb; - gencb->arg = cb_arg; -} -LCRYPTO_ALIAS(BN_GENCB_set_old); - -/* Populate a BN_GENCB structure with a "new"-style callback */ -void -BN_GENCB_set(BN_GENCB *gencb, int (*cb)(int, int, BN_GENCB *), void *cb_arg) -{ - gencb->ver = 2; - gencb->cb.cb_2 = cb; - gencb->arg = cb_arg; -} -LCRYPTO_ALIAS(BN_GENCB_set); - -void * -BN_GENCB_get_arg(BN_GENCB *cb) -{ - return cb->arg; -} -LCRYPTO_ALIAS(BN_GENCB_get_arg); -- cgit v1.2.3-55-g6feb