diff options
| author | Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com> | 2017-09-13 12:09:40 -0700 |
|---|---|---|
| committer | Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com> | 2017-09-13 12:09:40 -0700 |
| commit | b6f94dbeacfc6f0a507413096189304c58dbe66c (patch) | |
| tree | bce8c7db22209078618294c51d95a0c033aec7d9 /Cryptlib/OpenSSL/crypto/bn | |
| parent | 25f7fd1fb389a5f6356f353d16c5ead80dac6bbc (diff) | |
| download | efi-boot-shim-upstream/13_git1505328970.9c1c35c5.tar.gz efi-boot-shim-upstream/13_git1505328970.9c1c35c5.zip | |
New upstream version 13~git1505328970.9c1c35c5upstream/13_git1505328970.9c1c35c5
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/bn')
36 files changed, 4085 insertions, 3067 deletions
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn.h b/Cryptlib/OpenSSL/crypto/bn/bn.h new file mode 100644 index 00000000..633d1b1f --- /dev/null +++ b/Cryptlib/OpenSSL/crypto/bn/bn.h @@ -0,0 +1,951 @@ +/* crypto/bn/bn.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the Eric Young open source + * license provided above. + * + * The binary polynomial arithmetic software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#ifndef HEADER_BN_H +# define HEADER_BN_H + +# include <limits.h> +# include <openssl/e_os2.h> +# ifndef OPENSSL_NO_FP_API +# include <stdio.h> /* FILE */ +# endif +# include <openssl/ossl_typ.h> +# include <openssl/crypto.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * These preprocessor symbols control various aspects of the bignum headers + * and library code. They're not defined by any "normal" configuration, as + * they are intended for development and testing purposes. NB: defining all + * three can be useful for debugging application code as well as openssl + * itself. BN_DEBUG - turn on various debugging alterations to the bignum + * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up + * mismanagement of bignum internals. You must also define BN_DEBUG. + */ +/* #define BN_DEBUG */ +/* #define BN_DEBUG_RAND */ + +# ifndef OPENSSL_SMALL_FOOTPRINT +# define BN_MUL_COMBA +# define BN_SQR_COMBA +# define BN_RECURSION +# endif + +/* + * This next option uses the C libraries (2 word)/(1 word) function. If it is + * not defined, I use my C version (which is slower). The reason for this + * flag is that when the particular C compiler library routine is used, and + * the library is linked with a different compiler, the library is missing. + * This mostly happens when the library is built with gcc and then linked + * using normal cc. This would be a common occurrence because gcc normally + * produces code that is 2 times faster than system compilers for the big + * number stuff. For machines with only one compiler (or shared libraries), + * this should be on. Again this in only really a problem on machines using + * "long long's", are 32bit, and are not using my assembler code. + */ +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ + defined(OPENSSL_SYS_WIN32) || defined(linux) +# ifndef BN_DIV2W +# define BN_DIV2W +# endif +# endif + +/* + * assuming long is 64bit - this is the DEC Alpha unsigned long long is only + * 64 bits :-(, don't define BN_LLONG for the DEC Alpha + */ +# ifdef SIXTY_FOUR_BIT_LONG +# define BN_ULLONG unsigned long long +# define BN_ULONG unsigned long +# define BN_LONG long +# define BN_BITS 128 +# define BN_BYTES 8 +# define BN_BITS2 64 +# define BN_BITS4 32 +# define BN_MASK (0xffffffffffffffffffffffffffffffffLL) +# define BN_MASK2 (0xffffffffffffffffL) +# define BN_MASK2l (0xffffffffL) +# define BN_MASK2h (0xffffffff00000000L) +# define BN_MASK2h1 (0xffffffff80000000L) +# define BN_TBIT (0x8000000000000000L) +# define BN_DEC_CONV (10000000000000000000UL) +# define BN_DEC_FMT1 "%lu" +# define BN_DEC_FMT2 "%019lu" +# define BN_DEC_NUM 19 +# define BN_HEX_FMT1 "%lX" +# define BN_HEX_FMT2 "%016lX" +# endif + +/* + * This is where the long long data type is 64 bits, but long is 32. For + * machines where there are 64bit registers, this is the mode to use. IRIX, + * on R4000 and above should use this mode, along with the relevant assembler + * code :-). Do NOT define BN_LLONG. + */ +# ifdef SIXTY_FOUR_BIT +# undef BN_LLONG +# undef BN_ULLONG +# define BN_ULONG unsigned long long +# define BN_LONG long long +# define BN_BITS 128 +# define BN_BYTES 8 +# define BN_BITS2 64 +# define BN_BITS4 32 +# define BN_MASK2 (0xffffffffffffffffLL) +# define BN_MASK2l (0xffffffffL) +# define BN_MASK2h (0xffffffff00000000LL) +# define BN_MASK2h1 (0xffffffff80000000LL) +# define BN_TBIT (0x8000000000000000LL) +# define BN_DEC_CONV (10000000000000000000ULL) +# define BN_DEC_FMT1 "%llu" +# define BN_DEC_FMT2 "%019llu" +# define BN_DEC_NUM 19 +# define BN_HEX_FMT1 "%llX" +# define BN_HEX_FMT2 "%016llX" +# endif + +# ifdef THIRTY_TWO_BIT +# ifdef BN_LLONG +# if defined(_WIN32) && !defined(__GNUC__) +# define BN_ULLONG unsigned __int64 +# define BN_MASK (0xffffffffffffffffI64) +# else +# define BN_ULLONG unsigned long long +# define BN_MASK (0xffffffffffffffffLL) +# endif +# endif +# define BN_ULONG unsigned int +# define BN_LONG int +# define BN_BITS 64 +# define BN_BYTES 4 +# define BN_BITS2 32 +# define BN_BITS4 16 +# define BN_MASK2 (0xffffffffL) +# define BN_MASK2l (0xffff) +# define BN_MASK2h1 (0xffff8000L) +# define BN_MASK2h (0xffff0000L) +# define BN_TBIT (0x80000000L) +# define BN_DEC_CONV (1000000000L) +# define BN_DEC_FMT1 "%u" +# define BN_DEC_FMT2 "%09u" +# define BN_DEC_NUM 9 +# define BN_HEX_FMT1 "%X" +# define BN_HEX_FMT2 "%08X" +# endif + +# define BN_DEFAULT_BITS 1280 + +# define BN_FLG_MALLOCED 0x01 +# define BN_FLG_STATIC_DATA 0x02 + +/* + * avoid leaking exponent information through timing, + * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, + * BN_div() will call BN_div_no_branch, + * BN_mod_inverse() will call BN_mod_inverse_no_branch. + */ +# define BN_FLG_CONSTTIME 0x04 + +# ifdef OPENSSL_NO_DEPRECATED +/* deprecated name for the flag */ +# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME +/* + * avoid leaking exponent information through timings + * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) + */ +# endif + +# ifndef OPENSSL_NO_DEPRECATED +# define BN_FLG_FREE 0x8000 + /* used for debuging */ +# endif +# define BN_set_flags(b,n) ((b)->flags|=(n)) +# define BN_get_flags(b,n) ((b)->flags&(n)) + +/* + * get a clone of a BIGNUM with changed flags, for *temporary* use only (the + * two BIGNUMs cannot not be used in parallel!) + */ +# define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ + (dest)->top=(b)->top, \ + (dest)->dmax=(b)->dmax, \ + (dest)->neg=(b)->neg, \ + (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \ + | ((b)->flags & ~BN_FLG_MALLOCED) \ + | BN_FLG_STATIC_DATA \ + | (n))) + +/* Already declared in ossl_typ.h */ +# if 0 +typedef struct bignum_st BIGNUM; +/* Used for temp variables (declaration hidden in bn_lcl.h) */ +typedef struct bignum_ctx BN_CTX; +typedef struct bn_blinding_st BN_BLINDING; +typedef struct bn_mont_ctx_st BN_MONT_CTX; +typedef struct bn_recp_ctx_st BN_RECP_CTX; +typedef struct bn_gencb_st BN_GENCB; +# endif + +struct bignum_st { + BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit + * chunks. */ + int top; /* Index of last used d +1. */ + /* The next are internal book keeping for bn_expand. */ + int dmax; /* Size of the d array. */ + int neg; /* one if the number is negative */ + int flags; +}; + +/* Used for montgomery multiplication */ +struct bn_mont_ctx_st { + int ri; /* number of bits in R */ + BIGNUM RR; /* used to convert to montgomery form */ + BIGNUM N; /* The modulus */ + BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only + * stored for bignum algorithm) */ + BN_ULONG n0[2]; /* least significant word(s) of Ni; (type + * changed with 0.9.9, was "BN_ULONG n0;" + * before) */ + int flags; +}; + +/* + * Used for reciprocal division/mod functions It cannot be shared between + * threads + */ +struct bn_recp_ctx_st { + BIGNUM N; /* the divisor */ + BIGNUM Nr; /* the reciprocal */ + int num_bits; + int shift; + int flags; +}; + +/* Used for slow "generation" functions. */ +struct bn_gencb_st { + unsigned int ver; /* To handle binary (in)compatibility */ + void *arg; /* callback-specific data */ + union { + /* if(ver==1) - handles old style callbacks */ + void (*cb_1) (int, int, void *); + /* if(ver==2) - new callback style */ + int (*cb_2) (int, int, BN_GENCB *); + } cb; +}; +/* Wrapper function to make using BN_GENCB easier, */ +int BN_GENCB_call(BN_GENCB *cb, int a, int b); +/* Macro to populate a BN_GENCB structure with an "old"-style callback */ +# define BN_GENCB_set_old(gencb, callback, cb_arg) { \ + BN_GENCB *tmp_gencb = (gencb); \ + tmp_gencb->ver = 1; \ + tmp_gencb->arg = (cb_arg); \ + tmp_gencb->cb.cb_1 = (callback); } +/* Macro to populate a BN_GENCB structure with a "new"-style callback */ +# define BN_GENCB_set(gencb, callback, cb_arg) { \ + BN_GENCB *tmp_gencb = (gencb); \ + tmp_gencb->ver = 2; \ + tmp_gencb->arg = (cb_arg); \ + tmp_gencb->cb.cb_2 = (callback); } + +# define BN_prime_checks 0 /* default: select number of iterations based + * on the size of the number */ + +/* + * number of Miller-Rabin iterations for an error rate of less than 2^-80 for + * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of + * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; + * original paper: Damgaard, Landrock, Pomerance: Average case error + * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) + * 177-194) + */ +# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ + (b) >= 850 ? 3 : \ + (b) >= 650 ? 4 : \ + (b) >= 550 ? 5 : \ + (b) >= 450 ? 6 : \ + (b) >= 400 ? 7 : \ + (b) >= 350 ? 8 : \ + (b) >= 300 ? 9 : \ + (b) >= 250 ? 12 : \ + (b) >= 200 ? 15 : \ + (b) >= 150 ? 18 : \ + /* b >= 100 */ 27) + +# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) + +/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ +# define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ + (((w) == 0) && ((a)->top == 0))) +# define BN_is_zero(a) ((a)->top == 0) +# define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) +# define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) +# define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) + +# define BN_one(a) (BN_set_word((a),1)) +# define BN_zero_ex(a) \ + do { \ + BIGNUM *_tmp_bn = (a); \ + _tmp_bn->top = 0; \ + _tmp_bn->neg = 0; \ + } while(0) +# ifdef OPENSSL_NO_DEPRECATED +# define BN_zero(a) BN_zero_ex(a) +# else +# define BN_zero(a) (BN_set_word((a),0)) +# endif + +const BIGNUM *BN_value_one(void); +char *BN_options(void); +BN_CTX *BN_CTX_new(void); +# ifndef OPENSSL_NO_DEPRECATED +void BN_CTX_init(BN_CTX *c); +# endif +void BN_CTX_free(BN_CTX *c); +void BN_CTX_start(BN_CTX *ctx); +BIGNUM *BN_CTX_get(BN_CTX *ctx); +void BN_CTX_end(BN_CTX *ctx); +int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_num_bits(const BIGNUM *a); +int BN_num_bits_word(BN_ULONG); +BIGNUM *BN_new(void); +void BN_init(BIGNUM *); +void BN_clear_free(BIGNUM *a); +BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +void BN_swap(BIGNUM *a, BIGNUM *b); +BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2bin(const BIGNUM *a, unsigned char *to); +BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); +/** BN_set_negative sets sign of a BIGNUM + * \param b pointer to the BIGNUM object + * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise + */ +void BN_set_negative(BIGNUM *b, int n); +/** BN_is_negative returns 1 if the BIGNUM is negative + * \param a pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ +# define BN_is_negative(a) ((a)->neg != 0) + +int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + BN_CTX *ctx); +# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) +int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); +int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); + +BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +int BN_mul_word(BIGNUM *a, BN_ULONG w); +int BN_add_word(BIGNUM *a, BN_ULONG w); +int BN_sub_word(BIGNUM *a, BN_ULONG w); +int BN_set_word(BIGNUM *a, BN_ULONG w); +BN_ULONG BN_get_word(const BIGNUM *a); + +int BN_cmp(const BIGNUM *a, const BIGNUM *b); +void BN_free(BIGNUM *a); +int BN_is_bit_set(const BIGNUM *a, int n); +int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_lshift1(BIGNUM *r, const BIGNUM *a); +int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); +int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, + const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); + +int BN_mask_bits(BIGNUM *a, int n); +# ifndef OPENSSL_NO_FP_API +int BN_print_fp(FILE *fp, const BIGNUM *a); +# endif +# ifdef HEADER_BIO_H +int BN_print(BIO *fp, const BIGNUM *a); +# else +int BN_print(void *fp, const BIGNUM *a); +# endif +int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); +int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_rshift1(BIGNUM *r, const BIGNUM *a); +void BN_clear(BIGNUM *a); +BIGNUM *BN_dup(const BIGNUM *a); +int BN_ucmp(const BIGNUM *a, const BIGNUM *b); +int BN_set_bit(BIGNUM *a, int n); +int BN_clear_bit(BIGNUM *a, int n); +char *BN_bn2hex(const BIGNUM *a); +char *BN_bn2dec(const BIGNUM *a); +int BN_hex2bn(BIGNUM **a, const char *str); +int BN_dec2bn(BIGNUM **a, const char *str); +int BN_asc2bn(BIGNUM **a, const char *str); +int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns + * -2 for + * error */ +BIGNUM *BN_mod_inverse(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); +BIGNUM *BN_mod_sqrt(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); + +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + +/* Deprecated versions */ +# ifndef OPENSSL_NO_DEPRECATED +BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, + void (*callback) (int, int, void *), void *cb_arg); +int BN_is_prime(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg); +int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), BN_CTX *ctx, + void *cb_arg, int do_trial_division); +# endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* Newer versions */ +int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); +int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); +int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb); + +int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); + +int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + const BIGNUM *Xp, const BIGNUM *Xp1, + const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); +int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, + BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, + BN_CTX *ctx, BN_GENCB *cb); + +BN_MONT_CTX *BN_MONT_CTX_new(void); +void BN_MONT_CTX_init(BN_MONT_CTX *ctx); +int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +# define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ + (r),(a),&((mont)->RR),(mont),(ctx)) +int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, + BN_MONT_CTX *mont, BN_CTX *ctx); +void BN_MONT_CTX_free(BN_MONT_CTX *mont); +int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); +BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, + const BIGNUM *mod, BN_CTX *ctx); + +/* BN_BLINDING flags */ +# define BN_BLINDING_NO_UPDATE 0x00000001 +# define BN_BLINDING_NO_RECREATE 0x00000002 + +BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); +void BN_BLINDING_free(BN_BLINDING *b); +int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); +int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, + BN_CTX *); +# ifndef OPENSSL_NO_DEPRECATED +unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); +void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); +# endif +CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *); +unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, + int (*bn_mod_exp) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx); + +# ifndef OPENSSL_NO_DEPRECATED +void BN_set_params(int mul, int high, int low, int mont); +int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ +# endif + +void BN_RECP_CTX_init(BN_RECP_CTX *recp); +BN_RECP_CTX *BN_RECP_CTX_new(void); +void BN_RECP_CTX_free(BN_RECP_CTX *recp); +int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); +int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, + BN_RECP_CTX *recp, BN_CTX *ctx); +int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + BN_RECP_CTX *recp, BN_CTX *ctx); + +# ifndef OPENSSL_NO_EC2M + +/* + * Functions for arithmetic over binary polynomials represented by BIGNUMs. + * The BIGNUM::neg property of BIGNUMs representing binary polynomials is + * ignored. Note that input arguments are not const so that their bit arrays + * can be expanded to the appropriate size if needed. + */ + +/* + * r = a + b + */ +int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) +/* + * r=a mod p + */ +int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) +/*- + * Some functions allow for representation of the irreducible polynomials + * as an unsigned int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ +/* r = a mod p */ +int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], + BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], + BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); +int BN_GF2m_arr2poly(const int p[], BIGNUM *a); + +# endif + +/* + * faster mod functions for the 'NIST primes' 0 <= a < p^2 + */ +int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +const BIGNUM *BN_get0_nist_prime_192(void); +const BIGNUM *BN_get0_nist_prime_224(void); +const BIGNUM *BN_get0_nist_prime_256(void); +const BIGNUM *BN_get0_nist_prime_384(void); +const BIGNUM *BN_get0_nist_prime_521(void); + +/* library internal functions */ + +# define bn_expand(a,bits) \ + ( \ + bits > (INT_MAX - BN_BITS2 + 1) ? \ + NULL \ + : \ + (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \ + (a) \ + : \ + bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \ + ) + +# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) +BIGNUM *bn_expand2(BIGNUM *a, int words); +# ifndef OPENSSL_NO_DEPRECATED +BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ +# endif + +/*- + * Bignum consistency macros + * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from + * bignum data after direct manipulations on the data. There is also an + * "internal" macro, bn_check_top(), for verifying that there are no leading + * zeroes. Unfortunately, some auditing is required due to the fact that + * bn_fix_top() has become an overabused duct-tape because bignum data is + * occasionally passed around in an inconsistent state. So the following + * changes have been made to sort this out; + * - bn_fix_top()s implementation has been moved to bn_correct_top() + * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and + * bn_check_top() is as before. + * - if BN_DEBUG *is* defined; + * - bn_check_top() tries to pollute unused words even if the bignum 'top' is + * consistent. (ed: only if BN_DEBUG_RAND is defined) + * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. + * The idea is to have debug builds flag up inconsistent bignums when they + * occur. If that occurs in a bn_fix_top(), we examine the code in question; if + * the use of bn_fix_top() was appropriate (ie. it follows directly after code + * that manipulates the bignum) it is converted to bn_correct_top(), and if it + * was not appropriate, we convert it permanently to bn_check_top() and track + * down the cause of the bug. Eventually, no internal code should be using the + * bn_fix_top() macro. External applications and libraries should try this with + * their own code too, both in terms of building against the openssl headers + * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it + * defined. This not only improves external code, it provides more test + * coverage for openssl's own code. + */ + +# ifdef BN_DEBUG + +/* We only need assert() when debugging */ +# include <assert.h> + +# ifdef BN_DEBUG_RAND +/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ +# ifndef RAND_pseudo_bytes +int RAND_pseudo_bytes(unsigned char *buf, int num); +# define BN_DEBUG_TRIX +# endif +# define bn_pollute(a) \ + do { \ + const BIGNUM *_bnum1 = (a); \ + if(_bnum1->top < _bnum1->dmax) { \ + unsigned char _tmp_char; \ + /* We cast away const without the compiler knowing, any \ + * *genuinely* constant variables that aren't mutable \ + * wouldn't be constructed with top!=dmax. */ \ + BN_ULONG *_not_const; \ + memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ + /* Debug only - safe to ignore error return */ \ + RAND_pseudo_bytes(&_tmp_char, 1); \ + memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ + (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ + } \ + } while(0) +# ifdef BN_DEBUG_TRIX +# undef RAND_pseudo_bytes +# endif +# else +# define bn_pollute(a) +# endif +# define bn_check_top(a) \ + do { \ + const BIGNUM *_bnum2 = (a); \ + if (_bnum2 != NULL) { \ + assert((_bnum2->top == 0) || \ + (_bnum2->d[_bnum2->top - 1] != 0)); \ + bn_pollute(_bnum2); \ + } \ + } while(0) + +# define bn_fix_top(a) bn_check_top(a) + +# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +# define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \ + /* avoid unused variable warning with NDEBUG */ \ + (void)(_bnum2); \ + } while(0) + +# else /* !BN_DEBUG */ + +# define bn_pollute(a) +# define bn_check_top(a) +# define bn_fix_top(a) bn_correct_top(a) +# define bn_check_size(bn, bits) +# define bn_wcheck_size(bn, words) + +# endif + +# define bn_correct_top(a) \ + { \ + BN_ULONG *ftl; \ + int tmp_top = (a)->top; \ + if (tmp_top > 0) \ + { \ + for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \ + if (*(ftl--)) break; \ + (a)->top = tmp_top; \ + } \ + if ((a)->top == 0) \ + (a)->neg = 0; \ + bn_pollute(a); \ + } + +BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, + BN_ULONG w); +BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); +void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); +BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); +BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + int num); +BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + int num); + +/* Primes from RFC 2409 */ +BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); +BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn); + +/* Primes from RFC 3526 */ +BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn); + +int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_BN_strings(void); + +/* Error codes for the BN functions. */ + +/* Function codes. */ +# define BN_F_BNRAND 127 +# define BN_F_BN_BLINDING_CONVERT_EX 100 +# define BN_F_BN_BLINDING_CREATE_PARAM 128 +# define BN_F_BN_BLINDING_INVERT_EX 101 +# define BN_F_BN_BLINDING_NEW 102 +# define BN_F_BN_BLINDING_UPDATE 103 +# define BN_F_BN_BN2DEC 104 +# define BN_F_BN_BN2HEX 105 +# define BN_F_BN_CTX_GET 116 +# define BN_F_BN_CTX_NEW 106 +# define BN_F_BN_CTX_START 129 +# define BN_F_BN_DIV 107 +# define BN_F_BN_DIV_NO_BRANCH 138 +# define BN_F_BN_DIV_RECP 130 +# define BN_F_BN_EXP 123 +# define BN_F_BN_EXPAND2 108 +# define BN_F_BN_EXPAND_INTERNAL 120 +# define BN_F_BN_GF2M_MOD 131 +# define BN_F_BN_GF2M_MOD_EXP 132 +# define BN_F_BN_GF2M_MOD_MUL 133 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 +# define BN_F_BN_GF2M_MOD_SQR 136 +# define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 +# define BN_F_BN_MOD_EXP2_MONT 118 +# define BN_F_BN_MOD_EXP_MONT 109 +# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 +# define BN_F_BN_MOD_EXP_MONT_WORD 117 +# define BN_F_BN_MOD_EXP_RECP 125 +# define BN_F_BN_MOD_EXP_SIMPLE 126 +# define BN_F_BN_MOD_INVERSE 110 +# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 +# define BN_F_BN_MOD_LSHIFT_QUICK 119 +# define BN_F_BN_MOD_MUL_RECIPROCAL 111 +# define BN_F_BN_MOD_SQRT 121 +# define BN_F_BN_MPI2BN 112 +# define BN_F_BN_NEW 113 +# define BN_F_BN_RAND 114 +# define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RSHIFT 146 +# define BN_F_BN_USUB 115 + +/* Reason codes. */ +# define BN_R_ARG2_LT_ARG3 100 +# define BN_R_BAD_RECIPROCAL 101 +# define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 +# define BN_R_CALLED_WITH_EVEN_MODULUS 102 +# define BN_R_DIV_BY_ZERO 103 +# define BN_R_ENCODING_ERROR 104 +# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +# define BN_R_INPUT_NOT_REDUCED 110 +# define BN_R_INVALID_LENGTH 106 +# define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 +# define BN_R_NOT_A_SQUARE 111 +# define BN_R_NOT_INITIALIZED 107 +# define BN_R_NO_INVERSE 108 +# define BN_R_NO_SOLUTION 116 +# define BN_R_P_IS_NOT_PRIME 112 +# define BN_R_TOO_MANY_ITERATIONS 113 +# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_add.c b/Cryptlib/OpenSSL/crypto/bn/bn_add.c index 6479650a..2f3d1104 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_add.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_add.c @@ -1,18 +1,69 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_add.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ -#include "internal/cryptlib.h" +#include <stdio.h> +#include "cryptlib.h" #include "bn_lcl.h" /* r can == a or b */ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { + const BIGNUM *tmp; int a_neg = a->neg, ret; bn_check_top(a); @@ -27,8 +78,6 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) if (a_neg ^ b->neg) { /* only one is negative */ if (a_neg) { - const BIGNUM *tmp; - tmp = a; a = b; b = tmp; @@ -38,14 +87,14 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) if (BN_ucmp(a, b) < 0) { if (!BN_usub(r, b, a)) - return 0; + return (0); r->neg = 1; } else { if (!BN_usub(r, a, b)) - return 0; + return (0); r->neg = 0; } - return 1; + return (1); } ret = BN_uadd(r, a, b); @@ -58,15 +107,13 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { int max, min, dif; - const BN_ULONG *ap, *bp; - BN_ULONG *rp, carry, t1, t2; + BN_ULONG *ap, *bp, *rp, carry, t1, t2; + const BIGNUM *tmp; bn_check_top(a); bn_check_top(b); if (a->top < b->top) { - const BIGNUM *tmp; - tmp = a; a = b; b = tmp; @@ -87,17 +134,29 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) carry = bn_add_words(rp, ap, bp, min); rp += min; ap += min; - - while (dif) { - dif--; - t1 = *(ap++); - t2 = (t1 + carry) & BN_MASK2; - *(rp++) = t2; - carry &= (t2 == 0); + bp += min; + + if (carry) { + while (dif) { + dif--; + t1 = *(ap++); + t2 = (t1 + 1) & BN_MASK2; + *(rp++) = t2; + if (t2) { + carry = 0; + break; + } + } + if (carry) { + /* carry != 0 => dif == 0 */ + *rp = 1; + r->top++; + } } - *rp = carry; - r->top += carry; - + if (dif && rp != ap) + while (dif--) + /* copy remaining words if ap != rp */ + *(rp++) = *(ap++); r->neg = 0; bn_check_top(r); return 1; @@ -107,8 +166,11 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { int max, min, dif; - BN_ULONG t1, t2, borrow, *rp; - const BN_ULONG *ap, *bp; + register BN_ULONG t1, t2, *ap, *bp, *rp; + int i, carry; +#if defined(IRIX_CC_BUG) && !defined(LINT) + int dummy; +#endif bn_check_top(a); bn_check_top(b); @@ -119,38 +181,86 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) if (dif < 0) { /* hmm... should not be happening */ BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3); - return 0; + return (0); } if (bn_wexpand(r, max) == NULL) - return 0; + return (0); ap = a->d; bp = b->d; rp = r->d; - borrow = bn_sub_words(rp, ap, bp, min); +#if 1 + carry = 0; + for (i = min; i != 0; i--) { + t1 = *(ap++); + t2 = *(bp++); + if (carry) { + carry = (t1 <= t2); + t1 = (t1 - t2 - 1) & BN_MASK2; + } else { + carry = (t1 < t2); + t1 = (t1 - t2) & BN_MASK2; + } +# if defined(IRIX_CC_BUG) && !defined(LINT) + dummy = t1; +# endif + *(rp++) = t1 & BN_MASK2; + } +#else + carry = bn_sub_words(rp, ap, bp, min); ap += min; + bp += min; rp += min; - - while (dif) { - dif--; - t1 = *(ap++); - t2 = (t1 - borrow) & BN_MASK2; - *(rp++) = t2; - borrow &= (t1 == 0); +#endif + if (carry) { /* subtracted */ + if (!dif) + /* error: a < b */ + return 0; + while (dif) { + dif--; + t1 = *(ap++); + t2 = (t1 - 1) & BN_MASK2; + *(rp++) = t2; + if (t1) + break; + } + } +#if 0 + memcpy(rp, ap, sizeof(*rp) * (max - i)); +#else + if (rp != ap) { + for (;;) { + if (!dif--) + break; + rp[0] = ap[0]; + if (!dif--) + break; + rp[1] = ap[1]; + if (!dif--) + break; + rp[2] = ap[2]; + if (!dif--) + break; + rp[3] = ap[3]; + rp += 4; + ap += 4; + } } +#endif r->top = max; r->neg = 0; bn_correct_top(r); - return 1; + return (1); } int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { int max; int add = 0, neg = 0; + const BIGNUM *tmp; bn_check_top(a); bn_check_top(b); @@ -163,8 +273,6 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) */ if (a->neg) { if (b->neg) { - const BIGNUM *tmp; - tmp = a; a = b; b = tmp; @@ -181,25 +289,25 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) if (add) { if (!BN_uadd(r, a, b)) - return 0; + return (0); r->neg = neg; - return 1; + return (1); } /* We are actually doing a - b :-) */ max = (a->top > b->top) ? a->top : b->top; if (bn_wexpand(r, max) == NULL) - return 0; + return (0); if (BN_ucmp(a, b) < 0) { if (!BN_usub(r, b, a)) - return 0; + return (0); r->neg = 1; } else { if (!BN_usub(r, a, b)) - return 0; + return (0); r->neg = 0; } bn_check_top(r); - return 1; + return (1); } diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c index 39c6c213..03a33cff 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c @@ -1,15 +1,69 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_asm.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ +#ifndef BN_DEBUG +# undef NDEBUG /* avoid conflicting definitions */ +# define NDEBUG +#endif + +#include <stdio.h> #include <assert.h> -#include <openssl/crypto.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include "bn_lcl.h" #if defined(BN_LLONG) || defined(BN_UMULT_HIGH) @@ -951,13 +1005,13 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, /* hmm... is it faster just to do a multiply? */ # undef bn_sqr_comba4 -# undef bn_sqr_comba8 void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) { BN_ULONG t[8]; bn_sqr_normal(r, a, 4, t); } +# undef bn_sqr_comba8 void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) { BN_ULONG t[16]; diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_blind.c b/Cryptlib/OpenSSL/crypto/bn/bn_blind.c index 24d13830..d448daa3 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_blind.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_blind.c @@ -1,14 +1,116 @@ -/* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_blind.c */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ -#include <openssl/opensslconf.h> -#include "internal/cryptlib.h" +#include <stdio.h> +#include "cryptlib.h" #include "bn_lcl.h" #define BN_BLINDING_COUNTER 32 @@ -18,13 +120,16 @@ struct bn_blinding_st { BIGNUM *Ai; BIGNUM *e; BIGNUM *mod; /* just a reference */ - CRYPTO_THREAD_ID tid; +#ifndef OPENSSL_NO_DEPRECATED + unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; used + * only by crypto/rsa/rsa_eay.c, rsa_lib.c */ +#endif + CRYPTO_THREADID tid; int counter; unsigned long flags; BN_MONT_CTX *m_ctx; int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - CRYPTO_RWLOCK *lock; }; BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) @@ -33,25 +138,15 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) bn_check_top(mod); - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { + if ((ret = (BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) { BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); - return NULL; + return (NULL); } - - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { - BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ret); - return NULL; - } - - BN_BLINDING_set_current_thread(ret); - + memset(ret, 0, sizeof(BN_BLINDING)); if (A != NULL) { if ((ret->A = BN_dup(A)) == NULL) goto err; } - if (Ai != NULL) { if ((ret->Ai = BN_dup(Ai)) == NULL) goto err; @@ -60,7 +155,6 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) /* save a copy of mod in the BN_BLINDING structure */ if ((ret->mod = BN_dup(mod)) == NULL) goto err; - if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) BN_set_flags(ret->mod, BN_FLG_CONSTTIME); @@ -70,12 +164,12 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) * use. */ ret->counter = -1; - - return ret; - + CRYPTO_THREADID_current(&ret->tid); + return (ret); err: - BN_BLINDING_free(ret); - return NULL; + if (ret != NULL) + BN_BLINDING_free(ret); + return (NULL); } void BN_BLINDING_free(BN_BLINDING *r) @@ -83,11 +177,14 @@ void BN_BLINDING_free(BN_BLINDING *r) if (r == NULL) return; - BN_free(r->A); - BN_free(r->Ai); - BN_free(r->e); - BN_free(r->mod); - CRYPTO_THREAD_lock_free(r->lock); + if (r->A != NULL) + BN_free(r->A); + if (r->Ai != NULL) + BN_free(r->Ai); + if (r->e != NULL) + BN_free(r->e); + if (r->mod != NULL) + BN_free(r->mod); OPENSSL_free(r); } @@ -181,24 +278,21 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, return (ret); } -int BN_BLINDING_is_current_thread(BN_BLINDING *b) -{ - return CRYPTO_THREAD_compare_id(CRYPTO_THREAD_get_current_id(), b->tid); -} - -void BN_BLINDING_set_current_thread(BN_BLINDING *b) +#ifndef OPENSSL_NO_DEPRECATED +unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b) { - b->tid = CRYPTO_THREAD_get_current_id(); + return b->thread_id; } -int BN_BLINDING_lock(BN_BLINDING *b) +void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n) { - return CRYPTO_THREAD_write_lock(b->lock); + b->thread_id = n; } +#endif -int BN_BLINDING_unlock(BN_BLINDING *b) +CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b) { - return CRYPTO_THREAD_unlock(b->lock); + return &b->tid; } unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b) @@ -238,7 +332,8 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, goto err; if (e != NULL) { - BN_free(ret->e); + if (ret->e != NULL) + BN_free(ret->e); ret->e = BN_dup(e); } if (ret->e == NULL) @@ -250,19 +345,20 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, ret->m_ctx = m_ctx; do { - int rv; if (!BN_rand_range(ret->A, ret->mod)) goto err; - if (!int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv)) { + if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) { /* * this should almost never happen for good RSA keys */ - if (rv) { + unsigned long error = ERR_peek_last_error(); + if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) { if (retry_counter-- == 0) { BNerr(BN_F_BN_BLINDING_CREATE_PARAM, BN_R_TOO_MANY_ITERATIONS); goto err; } + ERR_clear_error(); } else goto err; } else @@ -280,7 +376,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, return ret; err: - if (b == NULL) { + if (b == NULL && ret != NULL) { BN_BLINDING_free(ret); ret = NULL; } diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_const.c b/Cryptlib/OpenSSL/crypto/bn/bn_const.c index 39dd6120..12c3208c 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_const.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_const.c @@ -1,13 +1,7 @@ -/* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ +/* crypto/bn/knownprimes.c */ +/* Insert boilerplate */ -#include <openssl/bn.h> +#include "bn.h" /*- * "First Oakley Default Group" from RFC2409, section 6.1. @@ -18,7 +12,7 @@ * RFC2412 specifies a generator of of 22. */ -BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn) +BIGNUM *get_rfc2409_prime_768(BIGNUM *bn) { static const unsigned char RFC2409_PRIME_768[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -46,7 +40,7 @@ BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn) * RFC2412 specifies a generator of 22. */ -BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn) +BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn) { static const unsigned char RFC2409_PRIME_1024[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -78,7 +72,7 @@ BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn) * RFC2312 specifies a generator of 22. */ -BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn) +BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn) { static const unsigned char RFC3526_PRIME_1536[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -117,7 +111,7 @@ BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn) * RFC3526 specifies a generator of 2. */ -BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn) +BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn) { static const unsigned char RFC3526_PRIME_2048[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -164,7 +158,7 @@ BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn) * RFC3526 specifies a generator of 2. */ -BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn) +BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn) { static const unsigned char RFC3526_PRIME_3072[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -227,7 +221,7 @@ BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn) * RFC3526 specifies a generator of 2. */ -BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn) +BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn) { static const unsigned char RFC3526_PRIME_4096[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -306,7 +300,7 @@ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn) * RFC3526 specifies a generator of 2. */ -BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn) +BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn) { static const unsigned char RFC3526_PRIME_6144[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -417,7 +411,7 @@ BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn) * RFC3526 specifies a generator of 2. */ -BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn) +BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn) { static const unsigned char RFC3526_PRIME_8192[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c index 68c04687..526c6a04 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c @@ -1,13 +1,69 @@ -/* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_ctx.c */ +/* Written by Ulf Moeller for the OpenSSL project. */ +/* ==================================================================== + * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ -#include "internal/cryptlib.h" +#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG) +# ifndef NDEBUG +# define NDEBUG +# endif +#endif + +#include <stdio.h> +#include <assert.h> + +#include "cryptlib.h" #include "bn_lcl.h" /*- @@ -48,7 +104,10 @@ typedef struct bignum_pool { } BN_POOL; static void BN_POOL_init(BN_POOL *); static void BN_POOL_finish(BN_POOL *); -static BIGNUM *BN_POOL_get(BN_POOL *, int); +#ifndef OPENSSL_NO_DEPRECATED +static void BN_POOL_reset(BN_POOL *); +#endif +static BIGNUM *BN_POOL_get(BN_POOL *); static void BN_POOL_release(BN_POOL *, unsigned int); /************/ @@ -64,6 +123,9 @@ typedef struct bignum_ctx_stack { } BN_STACK; static void BN_STACK_init(BN_STACK *); static void BN_STACK_finish(BN_STACK *); +#ifndef OPENSSL_NO_DEPRECATED +static void BN_STACK_reset(BN_STACK *); +#endif static int BN_STACK_push(BN_STACK *, unsigned int); static unsigned int BN_STACK_pop(BN_STACK *); @@ -83,8 +145,6 @@ struct bignum_ctx { int err_stack; /* Block "gets" until an "end" (compatibility behaviour) */ int too_many; - /* Flags. */ - int flags; }; /* Enable this to find BN_CTX bugs */ @@ -130,27 +190,40 @@ static void ctxdbg(BN_CTX *ctx) # define CTXDBG_RET(ctx,ret) #endif +/* + * This function is an evil legacy and should not be used. This + * implementation is WYSIWYG, though I've done my best. + */ +#ifndef OPENSSL_NO_DEPRECATED +void BN_CTX_init(BN_CTX *ctx) +{ + /* + * Assume the caller obtained the context via BN_CTX_new() and so is + * trying to reset it for use. Nothing else makes sense, least of all + * binary compatibility from a time when they could declare a static + * variable. + */ + BN_POOL_reset(&ctx->pool); + BN_STACK_reset(&ctx->stack); + ctx->used = 0; + ctx->err_stack = 0; + ctx->too_many = 0; +} +#endif BN_CTX *BN_CTX_new(void) { - BN_CTX *ret; - - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { + BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX)); + if (!ret) { BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; } /* Initialise the structure */ BN_POOL_init(&ret->pool); BN_STACK_init(&ret->stack); - return ret; -} - -BN_CTX *BN_CTX_secure_new(void) -{ - BN_CTX *ret = BN_CTX_new(); - - if (ret != NULL) - ret->flags = BN_FLG_SECURE; + ret->used = 0; + ret->err_stack = 0; + ret->too_many = 0; return ret; } @@ -212,11 +285,10 @@ void BN_CTX_end(BN_CTX *ctx) BIGNUM *BN_CTX_get(BN_CTX *ctx) { BIGNUM *ret; - CTXDBG_ENTRY("BN_CTX_get", ctx); if (ctx->err_stack || ctx->too_many) return NULL; - if ((ret = BN_POOL_get(&ctx->pool, ctx->flags)) == NULL) { + if ((ret = BN_POOL_get(&ctx->pool)) == NULL) { /* * Setting too_many prevents repeated "get" attempts from cluttering * the error stack. @@ -244,23 +316,32 @@ static void BN_STACK_init(BN_STACK *st) static void BN_STACK_finish(BN_STACK *st) { - OPENSSL_free(st->indexes); - st->indexes = NULL; + if (st->size) + OPENSSL_free(st->indexes); } +#ifndef OPENSSL_NO_DEPRECATED +static void BN_STACK_reset(BN_STACK *st) +{ + st->depth = 0; +} +#endif static int BN_STACK_push(BN_STACK *st, unsigned int idx) { - if (st->depth == st->size) { + if (st->depth == st->size) /* Need to expand */ - unsigned int newsize = - st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES; - unsigned int *newitems = OPENSSL_malloc(sizeof(*newitems) * newsize); - if (newitems == NULL) + { + unsigned int newsize = (st->size ? + (st->size * 3 / 2) : BN_CTX_START_FRAMES); + unsigned int *newitems = OPENSSL_malloc(newsize * + sizeof(unsigned int)); + if (!newitems) return 0; if (st->depth) - memcpy(newitems, st->indexes, sizeof(*newitems) * st->depth); - OPENSSL_free(st->indexes); + memcpy(newitems, st->indexes, st->depth * sizeof(unsigned int)); + if (st->size) + OPENSSL_free(st->indexes); st->indexes = newitems; st->size = newsize; } @@ -285,39 +366,55 @@ static void BN_POOL_init(BN_POOL *p) static void BN_POOL_finish(BN_POOL *p) { - unsigned int loop; - BIGNUM *bn; - while (p->head) { - for (loop = 0, bn = p->head->vals; loop++ < BN_CTX_POOL_SIZE; bn++) + unsigned int loop = 0; + BIGNUM *bn = p->head->vals; + while (loop++ < BN_CTX_POOL_SIZE) { if (bn->d) BN_clear_free(bn); + bn++; + } p->current = p->head->next; OPENSSL_free(p->head); p->head = p->current; } } - -static BIGNUM *BN_POOL_get(BN_POOL *p, int flag) +#ifndef OPENSSL_NO_DEPRECATED +static void BN_POOL_reset(BN_POOL *p) { - BIGNUM *bn; - unsigned int loop; + BN_POOL_ITEM *item = p->head; + while (item) { + unsigned int loop = 0; + BIGNUM *bn = item->vals; + while (loop++ < BN_CTX_POOL_SIZE) { + if (bn->d) + BN_clear(bn); + bn++; + } + item = item->next; + } + p->current = p->head; + p->used = 0; +} +#endif - /* Full; allocate a new pool item and link it in. */ +static BIGNUM *BN_POOL_get(BN_POOL *p) +{ if (p->used == p->size) { - BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(*item)); - if (item == NULL) + BIGNUM *bn; + unsigned int loop = 0; + BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM)); + if (!item) return NULL; - for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) { - bn_init(bn); - if ((flag & BN_FLG_SECURE) != 0) - BN_set_flags(bn, BN_FLG_SECURE); - } + /* Initialise the structure */ + bn = item->vals; + while (loop++ < BN_CTX_POOL_SIZE) + BN_init(bn++); item->prev = p->tail; item->next = NULL; - - if (p->head == NULL) + /* Link it in */ + if (!p->head) p->head = p->current = p->tail = item; else { p->tail->next = item; @@ -329,7 +426,6 @@ static BIGNUM *BN_POOL_get(BN_POOL *p, int flag) /* Return the first bignum from the new pool */ return item->vals; } - if (!p->used) p->current = p->head; else if ((p->used % BN_CTX_POOL_SIZE) == 0) @@ -340,11 +436,10 @@ static BIGNUM *BN_POOL_get(BN_POOL *p, int flag) static void BN_POOL_release(BN_POOL *p, unsigned int num) { unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE; - p->used -= num; while (num--) { bn_check_top(p->current->vals + offset); - if (offset == 0) { + if (!offset) { offset = BN_CTX_POOL_SIZE - 1; p->current = p->current->prev; } else diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c index 7d89214b..34895f59 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c @@ -1,10 +1,56 @@ -/* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_depr.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ /* @@ -12,22 +58,22 @@ * slurp this code if applications are using them directly. */ -#include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L -NON_EMPTY_TRANSLATION_UNIT -#else +#include <stdio.h> +#include <time.h> +#include "cryptlib.h" +#include "bn_lcl.h" +#include <openssl/rand.h> -# include <stdio.h> -# include <time.h> -# include "internal/cryptlib.h" -# include "bn_lcl.h" +static void *dummy = &dummy; +#ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, void (*callback) (int, int, void *), void *cb_arg) { BN_GENCB cb; BIGNUM *rnd = NULL; + int found = 0; BN_GENCB_set_old(&cb, callback, cb_arg); @@ -40,10 +86,11 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, goto err; /* we have a prime :-) */ - return ret; + found = 1; err: - BN_free(rnd); - return NULL; + if (!found && (ret == NULL) && (rnd != NULL)) + BN_free(rnd); + return (found ? rnd : NULL); } int BN_is_prime(const BIGNUM *a, int checks, diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_dh.c b/Cryptlib/OpenSSL/crypto/bn/bn_dh.c deleted file mode 100644 index 17d05597..00000000 --- a/Cryptlib/OpenSSL/crypto/bn/bn_dh.c +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "bn_lcl.h" -#include "e_os.h" - -#ifndef OPENSSL_NO_DH -#include <openssl/dh.h> -#include "internal/bn_dh.h" -/* DH parameters from RFC5114 */ - -# if BN_BITS2 == 64 -static const BN_ULONG dh1024_160_p[] = { - 0xDF1FB2BC2E4A4371ULL, 0xE68CFDA76D4DA708ULL, 0x45BF37DF365C1A65ULL, - 0xA151AF5F0DC8B4BDULL, 0xFAA31A4FF55BCCC0ULL, 0x4EFFD6FAE5644738ULL, - 0x98488E9C219A7372ULL, 0xACCBDD7D90C4BD70ULL, 0x24975C3CD49B83BFULL, - 0x13ECB4AEA9061123ULL, 0x9838EF1E2EE652C0ULL, 0x6073E28675A23D18ULL, - 0x9A6A9DCA52D23B61ULL, 0x52C99FBCFB06A3C6ULL, 0xDE92DE5EAE5D54ECULL, - 0xB10B8F96A080E01DULL -}; - -static const BN_ULONG dh1024_160_g[] = { - 0x855E6EEB22B3B2E5ULL, 0x858F4DCEF97C2A24ULL, 0x2D779D5918D08BC8ULL, - 0xD662A4D18E73AFA3ULL, 0x1DBF0A0169B6A28AULL, 0xA6A24C087A091F53ULL, - 0x909D0D2263F80A76ULL, 0xD7FBD7D3B9A92EE1ULL, 0x5E91547F9E2749F4ULL, - 0x160217B4B01B886AULL, 0x777E690F5504F213ULL, 0x266FEA1E5C41564BULL, - 0xD6406CFF14266D31ULL, 0xF8104DD258AC507FULL, 0x6765A442EFB99905ULL, - 0xA4D1CBD5C3FD3412ULL -}; - -static const BN_ULONG dh1024_160_q[] = { - 0x64B7CB9D49462353ULL, 0x81A8DF278ABA4E7DULL, 0x00000000F518AA87ULL -}; - -static const BN_ULONG dh2048_224_p[] = { - 0x0AC4DFFE0C10E64FULL, 0xCF9DE5384E71B81CULL, 0x7EF363E2FFA31F71ULL, - 0xE3FB73C16B8E75B9ULL, 0xC9B53DCF4BA80A29ULL, 0x23F10B0E16E79763ULL, - 0xC52172E413042E9BULL, 0xBE60E69CC928B2B9ULL, 0x80CD86A1B9E587E8ULL, - 0x315D75E198C641A4ULL, 0xCDF93ACC44328387ULL, 0x15987D9ADC0A486DULL, - 0x7310F7121FD5A074ULL, 0x278273C7DE31EFDCULL, 0x1602E714415D9330ULL, - 0x81286130BC8985DBULL, 0xB3BF8A3170918836ULL, 0x6A00E0A0B9C49708ULL, - 0xC6BA0B2C8BBC27BEULL, 0xC9F98D11ED34DBF6ULL, 0x7AD5B7D0B6C12207ULL, - 0xD91E8FEF55B7394BULL, 0x9037C9EDEFDA4DF8ULL, 0x6D3F8152AD6AC212ULL, - 0x1DE6B85A1274A0A6ULL, 0xEB3D688A309C180EULL, 0xAF9A3C407BA1DF15ULL, - 0xE6FA141DF95A56DBULL, 0xB54B1597B61D0A75ULL, 0xA20D64E5683B9FD1ULL, - 0xD660FAA79559C51FULL, 0xAD107E1E9123A9D0ULL -}; - -static const BN_ULONG dh2048_224_g[] = { - 0x84B890D3191F2BFAULL, 0x81BC087F2A7065B3ULL, 0x19C418E1F6EC0179ULL, - 0x7B5A0F1C71CFFF4CULL, 0xEDFE72FE9B6AA4BDULL, 0x81E1BCFE94B30269ULL, - 0x566AFBB48D6C0191ULL, 0xB539CCE3409D13CDULL, 0x6AA21E7F5F2FF381ULL, - 0xD9E263E4770589EFULL, 0x10E183EDD19963DDULL, 0xB70A8137150B8EEBULL, - 0x051AE3D428C8F8ACULL, 0xBB77A86F0C1AB15BULL, 0x6E3025E316A330EFULL, - 0x19529A45D6F83456ULL, 0xF180EB34118E98D1ULL, 0xB5F6C6B250717CBEULL, - 0x09939D54DA7460CDULL, 0xE247150422EA1ED4ULL, 0xB8A762D0521BC98AULL, - 0xF4D027275AC1348BULL, 0xC17669101999024AULL, 0xBE5E9001A8D66AD7ULL, - 0xC57DB17C620A8652ULL, 0xAB739D7700C29F52ULL, 0xDD921F01A70C4AFAULL, - 0xA6824A4E10B9A6F0ULL, 0x74866A08CFE4FFE3ULL, 0x6CDEBE7B89998CAFULL, - 0x9DF30B5C8FFDAC50ULL, 0xAC4032EF4F2D9AE3ULL -}; - -static const BN_ULONG dh2048_224_q[] = { - 0xBF389A99B36371EBULL, 0x1F80535A4738CEBCULL, 0xC58D93FE99717710ULL, - 0x00000000801C0D34ULL -}; - -static const BN_ULONG dh2048_256_p[] = { - 0xDB094AE91E1A1597ULL, 0x693877FAD7EF09CAULL, 0x6116D2276E11715FULL, - 0xA4B54330C198AF12ULL, 0x75F26375D7014103ULL, 0xC3A3960A54E710C3ULL, - 0xDED4010ABD0BE621ULL, 0xC0B857F689962856ULL, 0xB3CA3F7971506026ULL, - 0x1CCACB83E6B486F6ULL, 0x67E144E514056425ULL, 0xF6A167B5A41825D9ULL, - 0x3AD8347796524D8EULL, 0xF13C6D9A51BFA4ABULL, 0x2D52526735488A0EULL, - 0xB63ACAE1CAA6B790ULL, 0x4FDB70C581B23F76ULL, 0xBC39A0BF12307F5CULL, - 0xB941F54EB1E59BB8ULL, 0x6C5BFC11D45F9088ULL, 0x22E0B1EF4275BF7BULL, - 0x91F9E6725B4758C0ULL, 0x5A8A9D306BCF67EDULL, 0x209E0C6497517ABDULL, - 0x3BF4296D830E9A7CULL, 0x16C3D91134096FAAULL, 0xFAF7DF4561B2AA30ULL, - 0xE00DF8F1D61957D4ULL, 0x5D2CEED4435E3B00ULL, 0x8CEEF608660DD0F2ULL, - 0xFFBBD19C65195999ULL, 0x87A8E61DB4B6663CULL -}; - -static const BN_ULONG dh2048_256_g[] = { - 0x664B4C0F6CC41659ULL, 0x5E2327CFEF98C582ULL, 0xD647D148D4795451ULL, - 0x2F63078490F00EF8ULL, 0x184B523D1DB246C3ULL, 0xC7891428CDC67EB6ULL, - 0x7FD028370DF92B52ULL, 0xB3353BBB64E0EC37ULL, 0xECD06E1557CD0915ULL, - 0xB7D2BBD2DF016199ULL, 0xC8484B1E052588B9ULL, 0xDB2A3B7313D3FE14ULL, - 0xD052B985D182EA0AULL, 0xA4BD1BFFE83B9C80ULL, 0xDFC967C1FB3F2E55ULL, - 0xB5045AF2767164E1ULL, 0x1D14348F6F2F9193ULL, 0x64E67982428EBC83ULL, - 0x8AC376D282D6ED38ULL, 0x777DE62AAAB8A862ULL, 0xDDF463E5E9EC144BULL, - 0x0196F931C77A57F2ULL, 0xA55AE31341000A65ULL, 0x901228F8C28CBB18ULL, - 0xBC3773BF7E8C6F62ULL, 0xBE3A6C1B0C6B47B1ULL, 0xFF4FED4AAC0BB555ULL, - 0x10DBC15077BE463FULL, 0x07F4793A1A0BA125ULL, 0x4CA7B18F21EF2054ULL, - 0x2E77506660EDBD48ULL, 0x3FB32C9B73134D0BULL -}; - -static const BN_ULONG dh2048_256_q[] = { - 0xA308B0FE64F5FBD3ULL, 0x99B1A47D1EB3750BULL, 0xB447997640129DA2ULL, - 0x8CF83642A709A097ULL -}; - -# elif BN_BITS2 == 32 - -static const BN_ULONG dh1024_160_p[] = { - 0x2E4A4371, 0xDF1FB2BC, 0x6D4DA708, 0xE68CFDA7, 0x365C1A65, 0x45BF37DF, - 0x0DC8B4BD, 0xA151AF5F, 0xF55BCCC0, 0xFAA31A4F, 0xE5644738, 0x4EFFD6FA, - 0x219A7372, 0x98488E9C, 0x90C4BD70, 0xACCBDD7D, 0xD49B83BF, 0x24975C3C, - 0xA9061123, 0x13ECB4AE, 0x2EE652C0, 0x9838EF1E, 0x75A23D18, 0x6073E286, - 0x52D23B61, 0x9A6A9DCA, 0xFB06A3C6, 0x52C99FBC, 0xAE5D54EC, 0xDE92DE5E, - 0xA080E01D, 0xB10B8F96 -}; - -static const BN_ULONG dh1024_160_g[] = { - 0x22B3B2E5, 0x855E6EEB, 0xF97C2A24, 0x858F4DCE, 0x18D08BC8, 0x2D779D59, - 0x8E73AFA3, 0xD662A4D1, 0x69B6A28A, 0x1DBF0A01, 0x7A091F53, 0xA6A24C08, - 0x63F80A76, 0x909D0D22, 0xB9A92EE1, 0xD7FBD7D3, 0x9E2749F4, 0x5E91547F, - 0xB01B886A, 0x160217B4, 0x5504F213, 0x777E690F, 0x5C41564B, 0x266FEA1E, - 0x14266D31, 0xD6406CFF, 0x58AC507F, 0xF8104DD2, 0xEFB99905, 0x6765A442, - 0xC3FD3412, 0xA4D1CBD5 -}; - -static const BN_ULONG dh1024_160_q[] = { - 0x49462353, 0x64B7CB9D, 0x8ABA4E7D, 0x81A8DF27, 0xF518AA87 -}; - -static const BN_ULONG dh2048_224_p[] = { - 0x0C10E64F, 0x0AC4DFFE, 0x4E71B81C, 0xCF9DE538, 0xFFA31F71, 0x7EF363E2, - 0x6B8E75B9, 0xE3FB73C1, 0x4BA80A29, 0xC9B53DCF, 0x16E79763, 0x23F10B0E, - 0x13042E9B, 0xC52172E4, 0xC928B2B9, 0xBE60E69C, 0xB9E587E8, 0x80CD86A1, - 0x98C641A4, 0x315D75E1, 0x44328387, 0xCDF93ACC, 0xDC0A486D, 0x15987D9A, - 0x1FD5A074, 0x7310F712, 0xDE31EFDC, 0x278273C7, 0x415D9330, 0x1602E714, - 0xBC8985DB, 0x81286130, 0x70918836, 0xB3BF8A31, 0xB9C49708, 0x6A00E0A0, - 0x8BBC27BE, 0xC6BA0B2C, 0xED34DBF6, 0xC9F98D11, 0xB6C12207, 0x7AD5B7D0, - 0x55B7394B, 0xD91E8FEF, 0xEFDA4DF8, 0x9037C9ED, 0xAD6AC212, 0x6D3F8152, - 0x1274A0A6, 0x1DE6B85A, 0x309C180E, 0xEB3D688A, 0x7BA1DF15, 0xAF9A3C40, - 0xF95A56DB, 0xE6FA141D, 0xB61D0A75, 0xB54B1597, 0x683B9FD1, 0xA20D64E5, - 0x9559C51F, 0xD660FAA7, 0x9123A9D0, 0xAD107E1E -}; - -static const BN_ULONG dh2048_224_g[] = { - 0x191F2BFA, 0x84B890D3, 0x2A7065B3, 0x81BC087F, 0xF6EC0179, 0x19C418E1, - 0x71CFFF4C, 0x7B5A0F1C, 0x9B6AA4BD, 0xEDFE72FE, 0x94B30269, 0x81E1BCFE, - 0x8D6C0191, 0x566AFBB4, 0x409D13CD, 0xB539CCE3, 0x5F2FF381, 0x6AA21E7F, - 0x770589EF, 0xD9E263E4, 0xD19963DD, 0x10E183ED, 0x150B8EEB, 0xB70A8137, - 0x28C8F8AC, 0x051AE3D4, 0x0C1AB15B, 0xBB77A86F, 0x16A330EF, 0x6E3025E3, - 0xD6F83456, 0x19529A45, 0x118E98D1, 0xF180EB34, 0x50717CBE, 0xB5F6C6B2, - 0xDA7460CD, 0x09939D54, 0x22EA1ED4, 0xE2471504, 0x521BC98A, 0xB8A762D0, - 0x5AC1348B, 0xF4D02727, 0x1999024A, 0xC1766910, 0xA8D66AD7, 0xBE5E9001, - 0x620A8652, 0xC57DB17C, 0x00C29F52, 0xAB739D77, 0xA70C4AFA, 0xDD921F01, - 0x10B9A6F0, 0xA6824A4E, 0xCFE4FFE3, 0x74866A08, 0x89998CAF, 0x6CDEBE7B, - 0x8FFDAC50, 0x9DF30B5C, 0x4F2D9AE3, 0xAC4032EF -}; - -static const BN_ULONG dh2048_224_q[] = { - 0xB36371EB, 0xBF389A99, 0x4738CEBC, 0x1F80535A, 0x99717710, 0xC58D93FE, - 0x801C0D34 -}; - -static const BN_ULONG dh2048_256_p[] = { - 0x1E1A1597, 0xDB094AE9, 0xD7EF09CA, 0x693877FA, 0x6E11715F, 0x6116D227, - 0xC198AF12, 0xA4B54330, 0xD7014103, 0x75F26375, 0x54E710C3, 0xC3A3960A, - 0xBD0BE621, 0xDED4010A, 0x89962856, 0xC0B857F6, 0x71506026, 0xB3CA3F79, - 0xE6B486F6, 0x1CCACB83, 0x14056425, 0x67E144E5, 0xA41825D9, 0xF6A167B5, - 0x96524D8E, 0x3AD83477, 0x51BFA4AB, 0xF13C6D9A, 0x35488A0E, 0x2D525267, - 0xCAA6B790, 0xB63ACAE1, 0x81B23F76, 0x4FDB70C5, 0x12307F5C, 0xBC39A0BF, - 0xB1E59BB8, 0xB941F54E, 0xD45F9088, 0x6C5BFC11, 0x4275BF7B, 0x22E0B1EF, - 0x5B4758C0, 0x91F9E672, 0x6BCF67ED, 0x5A8A9D30, 0x97517ABD, 0x209E0C64, - 0x830E9A7C, 0x3BF4296D, 0x34096FAA, 0x16C3D911, 0x61B2AA30, 0xFAF7DF45, - 0xD61957D4, 0xE00DF8F1, 0x435E3B00, 0x5D2CEED4, 0x660DD0F2, 0x8CEEF608, - 0x65195999, 0xFFBBD19C, 0xB4B6663C, 0x87A8E61D -}; - -static const BN_ULONG dh2048_256_g[] = { - 0x6CC41659, 0x664B4C0F, 0xEF98C582, 0x5E2327CF, 0xD4795451, 0xD647D148, - 0x90F00EF8, 0x2F630784, 0x1DB246C3, 0x184B523D, 0xCDC67EB6, 0xC7891428, - 0x0DF92B52, 0x7FD02837, 0x64E0EC37, 0xB3353BBB, 0x57CD0915, 0xECD06E15, - 0xDF016199, 0xB7D2BBD2, 0x052588B9, 0xC8484B1E, 0x13D3FE14, 0xDB2A3B73, - 0xD182EA0A, 0xD052B985, 0xE83B9C80, 0xA4BD1BFF, 0xFB3F2E55, 0xDFC967C1, - 0x767164E1, 0xB5045AF2, 0x6F2F9193, 0x1D14348F, 0x428EBC83, 0x64E67982, - 0x82D6ED38, 0x8AC376D2, 0xAAB8A862, 0x777DE62A, 0xE9EC144B, 0xDDF463E5, - 0xC77A57F2, 0x0196F931, 0x41000A65, 0xA55AE313, 0xC28CBB18, 0x901228F8, - 0x7E8C6F62, 0xBC3773BF, 0x0C6B47B1, 0xBE3A6C1B, 0xAC0BB555, 0xFF4FED4A, - 0x77BE463F, 0x10DBC150, 0x1A0BA125, 0x07F4793A, 0x21EF2054, 0x4CA7B18F, - 0x60EDBD48, 0x2E775066, 0x73134D0B, 0x3FB32C9B -}; - -static const BN_ULONG dh2048_256_q[] = { - 0x64F5FBD3, 0xA308B0FE, 0x1EB3750B, 0x99B1A47D, 0x40129DA2, 0xB4479976, - 0xA709A097, 0x8CF83642 -}; - -# else -# error "unsupported BN_BITS2" -# endif - -/* Macro to make a BIGNUM from static data */ - -# define make_dh_bn(x) extern const BIGNUM _bignum_##x; \ - const BIGNUM _bignum_##x = { (BN_ULONG *) x, \ - OSSL_NELEM(x),\ - OSSL_NELEM(x),\ - 0, BN_FLG_STATIC_DATA }; - - -make_dh_bn(dh1024_160_p) -make_dh_bn(dh1024_160_g) -make_dh_bn(dh1024_160_q) -make_dh_bn(dh2048_224_p) -make_dh_bn(dh2048_224_g) -make_dh_bn(dh2048_224_q) -make_dh_bn(dh2048_256_p) -make_dh_bn(dh2048_256_g) -make_dh_bn(dh2048_256_q) - -#endif diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_div.c b/Cryptlib/OpenSSL/crypto/bn/bn_div.c index 5e620b20..bc37671c 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_div.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_div.c @@ -1,14 +1,64 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_div.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ +#include <stdio.h> #include <openssl/bn.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include "bn_lcl.h" /* The old slow way */ @@ -130,7 +180,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, # endif /* OPENSSL_NO_ASM */ /*- - * BN_div computes dv := num / divisor, rounding towards + * BN_div computes dv := num / divisor, rounding towards * zero, and sets up rm such that dv*divisor + rm = num holds. * Thus: * dv->neg == num->neg ^ divisor->neg (unless the result is zero) @@ -254,9 +304,9 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, wnump = &(snum->d[num_n - 1]); /* Setup to 'res' */ + res->neg = (num->neg ^ divisor->neg); if (!bn_wexpand(res, (loop + 1))) goto err; - res->neg = (num->neg ^ divisor->neg); res->top = loop - no_branch; resp = &(res->d[loop - 1]); @@ -278,9 +328,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, res->top--; } - /* Increase the resp pointer so that we never create an invalid pointer. */ - resp++; - /* * if res->top == 0 then clear the neg value otherwise decrease the resp * pointer @@ -290,7 +337,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, else resp--; - for (i = 0; i < loop - 1; i++, wnump--) { + for (i = 0; i < loop - 1; i++, wnump--, resp--) { BN_ULONG q, l0; /* * the first part of the loop uses the top two words of snum and sdiv @@ -315,6 +362,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0); # else q = bn_div_words(n0, n1, d0); +# ifdef BN_DEBUG_LEVITTE + fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ +X) -> 0x%08X\n", n0, n1, d0, q); +# endif # endif # ifndef REMAINDER_IS_ALREADY_CALCULATED @@ -339,6 +390,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_ULONG t2l, t2h; q = bn_div_words(n0, n1, d0); +# ifdef BN_DEBUG_LEVITTE + fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ +X) -> 0x%08X\n", n0, n1, d0, q); +# endif # ifndef REMAINDER_IS_ALREADY_CALCULATED rem = (n1 - q * d0) & BN_MASK2; # endif @@ -396,7 +451,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, (*wnump)++; } /* store part of the result */ - resp--; *resp = q; } bn_correct_top(snum); diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_err.c b/Cryptlib/OpenSSL/crypto/bn/bn_err.c index 5fe9db9e..e7a70382 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_err.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_err.c @@ -1,11 +1,62 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* + * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. */ #include <stdio.h> @@ -19,7 +70,7 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason) static ERR_STRING_DATA BN_str_functs[] = { - {ERR_FUNC(BN_F_BNRAND), "bnrand"}, + {ERR_FUNC(BN_F_BNRAND), "BNRAND"}, {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"}, {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"}, {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"}, @@ -27,17 +78,15 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"}, {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"}, {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"}, - {ERR_FUNC(BN_F_BN_COMPUTE_WNAF), "bn_compute_wNAF"}, {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"}, {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"}, {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"}, {ERR_FUNC(BN_F_BN_DIV), "BN_div"}, + {ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"}, {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"}, {ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, - {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "bn_expand_internal"}, - {ERR_FUNC(BN_F_BN_GENCB_NEW), "BN_GENCB_new"}, - {ERR_FUNC(BN_F_BN_GENERATE_DSA_NONCE), "BN_generate_dsa_nonce"}, - {ERR_FUNC(BN_F_BN_GENERATE_PRIME_EX), "BN_generate_prime_ex"}, + {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, + {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"}, {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"}, @@ -55,13 +104,13 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"}, {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"}, {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"}, + {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"}, {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"}, {ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"}, {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"}, - {ERR_FUNC(BN_F_BN_SET_WORDS), "bn_set_words"}, {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, {0, NULL} }; @@ -84,7 +133,6 @@ static ERR_STRING_DATA BN_str_reasons[] = { {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, {ERR_REASON(BN_R_NO_SOLUTION), "no solution"}, - {ERR_REASON(BN_R_PRIVATE_KEY_TOO_LARGE), "private key too large"}, {ERR_REASON(BN_R_P_IS_NOT_PRIME), "p is not prime"}, {ERR_REASON(BN_R_TOO_MANY_ITERATIONS), "too many iterations"}, {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES), @@ -94,7 +142,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { #endif -int ERR_load_BN_strings(void) +void ERR_load_BN_strings(void) { #ifndef OPENSSL_NO_ERR @@ -103,5 +151,4 @@ int ERR_load_BN_strings(void) ERR_load_strings(0, BN_str_reasons); } #endif - return 1; } diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c index feeb7649..195a7867 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c @@ -1,14 +1,116 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_exp.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ -#include "internal/cryptlib.h" -#include "internal/constant_time_locl.h" +#include "cryptlib.h" +#include "constant_time_locl.h" #include "bn_lcl.h" #include <stdlib.h> @@ -46,7 +148,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; + return -1; } BN_CTX_start(ctx); @@ -98,7 +200,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, bn_check_top(m); /*- - * For even modulus m = 2^k*m_odd, it might make sense to compute + * For even modulus m = 2^k*m_odd, it might make sense to compute * a^p mod m_odd and a^p mod 2^k separately (with Montgomery * exponentiation for the odd part), using appropriate exponent * reductions, and combine the results using the CRT. @@ -178,7 +280,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; + return -1; } bits = BN_num_bits(p); @@ -469,7 +571,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, goto err; ret = 1; err: - if (in_mont == NULL) + if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); BN_CTX_end(ctx); bn_check_top(rr); @@ -528,14 +630,6 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, { int i, j; int width = 1 << window; - /* - * We declare table 'volatile' in order to discourage compiler - * from reordering loads from the table. Concern is that if - * reordered in specific manner loads might give away the - * information we are trying to conceal. Some would argue that - * compiler can reorder them anyway, but it can as well be - * argued that doing so would be violation of standard... - */ volatile BN_ULONG *table = (volatile BN_ULONG *)buf; if (bn_wexpand(b, top) == NULL) @@ -716,7 +810,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, else #endif if ((powerbufFree = - OPENSSL_malloc(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) + (unsigned char *)OPENSSL_malloc(powerbufLen + + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL) goto err; @@ -1085,11 +1180,12 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, goto err; ret = 1; err: - if (in_mont == NULL) + if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); if (powerbuf != NULL) { OPENSSL_cleanse(powerbuf, powerbufLen); - OPENSSL_free(powerbufFree); + if (powerbufFree) + OPENSSL_free(powerbufFree); } BN_CTX_end(ctx); return (ret); @@ -1124,7 +1220,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; + return -1; } bn_check_top(p); @@ -1235,7 +1331,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, } ret = 1; err: - if (in_mont == NULL) + if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); BN_CTX_end(ctx); bn_check_top(rr); @@ -1255,7 +1351,7 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; + return -1; } bits = BN_num_bits(p); diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c index 5141c21f..43fd2044 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c @@ -1,14 +1,116 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_exp2.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include "bn_lcl.h" #define TABLE_SIZE 32 @@ -193,7 +295,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, goto err; ret = 1; err: - if (in_mont == NULL) + if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); BN_CTX_end(ctx); bn_check_top(rr); diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c index e1aac131..ce59fe70 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c @@ -1,13 +1,115 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_gcd.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ -#include "internal/cryptlib.h" +#include "cryptlib.h" #include "bn_lcl.h" static BIGNUM *euclid(BIGNUM *a, BIGNUM *b); @@ -124,25 +226,10 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, BIGNUM *BN_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) { - BIGNUM *rv; - int noinv; - rv = int_bn_mod_inverse(in, a, n, ctx, &noinv); - if (noinv) - BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); - return rv; -} - -BIGNUM *int_bn_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, - int *pnoinv) -{ BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; BIGNUM *ret = NULL; int sign; - if (pnoinv) - *pnoinv = 0; - if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) { return BN_mod_inverse_no_branch(in, a, n, ctx); @@ -189,11 +276,11 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, * sign*Y*a == A (mod |n|). */ - if (BN_is_odd(n) && (BN_num_bits(n) <= 2048)) { + if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) { /* * Binary inversion algorithm; requires odd modulus. This is faster * than the general algorithm if the modulus is sufficiently small - * (about 400 .. 500 bits on 32-bit systems, but much more on 64-bit + * (about 400 .. 500 bits on 32-bit sytems, but much more on 64-bit * systems) */ int shift; @@ -370,7 +457,7 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, * i.e. * sign*(Y + D*X)*a == B (mod |n|). * - * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at + * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at * -sign*X*a == B (mod |n|), * sign*Y*a == A (mod |n|). * Note that X and Y stay non-negative all the time. @@ -435,8 +522,7 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, goto err; } } else { - if (pnoinv) - *pnoinv = 1; + BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); goto err; } ret = R; @@ -457,6 +543,8 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, BN_CTX *ctx) { BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; + BIGNUM local_A, local_B; + BIGNUM *pA, *pB; BIGNUM *ret = NULL; int sign; @@ -494,14 +582,11 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, * BN_div_no_branch will be called eventually. */ - { - BIGNUM local_B; - bn_init(&local_B); - BN_with_flags(&local_B, B, BN_FLG_CONSTTIME); - if (!BN_nnmod(B, &local_B, A, ctx)) - goto err; - /* Ensure local_B goes out of scope before any further use of B */ - } + pB = &local_B; + local_B.flags = 0; + BN_with_flags(pB, B, BN_FLG_CONSTTIME); + if (!BN_nnmod(B, pB, A, ctx)) + goto err; } sign = -1; /*- @@ -525,16 +610,13 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, * BN_div_no_branch will be called eventually. */ - { - BIGNUM local_A; - bn_init(&local_A); - BN_with_flags(&local_A, A, BN_FLG_CONSTTIME); + pA = &local_A; + local_A.flags = 0; + BN_with_flags(pA, A, BN_FLG_CONSTTIME); - /* (D, M) := (A/B, A%B) ... */ - if (!BN_div(D, M, &local_A, B, ctx)) - goto err; - /* Ensure local_A goes out of scope before any further use of A */ - } + /* (D, M) := (A/B, A%B) ... */ + if (!BN_div(D, M, pA, B, ctx)) + goto err; /*- * Now @@ -565,7 +647,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, * i.e. * sign*(Y + D*X)*a == B (mod |n|). * - * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at + * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at * -sign*X*a == B (mod |n|), * sign*Y*a == A (mod |n|). * Note that X and Y stay non-negative all the time. diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c index b1987f55..2c61da11 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c @@ -1,12 +1,4 @@ -/* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - +/* crypto/bn/bn_gf2m.c */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -16,12 +8,91 @@ * * The ECC Code is licensed pursuant to the OpenSSL open source * license provided below. + * + * In addition, Sun covenants to all licensees who provide a reciprocal + * covenant with respect to their own patents if any, not to sue under + * current and future patent claims necessarily infringed by the making, + * using, practicing, selling, offering for sale and/or otherwise + * disposing of the ECC Code as delivered hereunder (or portions thereof), + * provided that such covenant shall not apply: + * 1) for code that a licensee deletes from the ECC Code; + * 2) separates from the ECC Code; or + * 3) for infringements caused by: + * i) the modification of the ECC Code or + * ii) the combination of the ECC Code with other software or + * devices where such combination causes the infringement. + * + * The software is originally written by Sheueling Chang Shantz and + * Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +/* + * NOTE: This file is licensed pursuant to the OpenSSL license below and may + * be modified; but after modifications, the above covenant may no longer + * apply! In such cases, the corresponding paragraph ["In addition, Sun + * covenants ... causes the infringement."] and this note can be edited out; + * but please keep the Sun copyright notice and attribution. + */ + +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * */ #include <assert.h> #include <limits.h> #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include "bn_lcl.h" #ifndef OPENSSL_NO_EC2M @@ -401,8 +472,8 @@ int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) int arr[6]; bn_check_top(a); bn_check_top(p); - ret = BN_GF2m_poly2arr(p, arr, OSSL_NELEM(arr)); - if (!ret || ret > (int)OSSL_NELEM(arr)) { + ret = BN_GF2m_poly2arr(p, arr, sizeof(arr) / sizeof(arr[0])); + if (!ret || ret > (int)(sizeof(arr) / sizeof(arr[0]))) { BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH); return 0; } @@ -479,7 +550,7 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, bn_check_top(a); bn_check_top(b); bn_check_top(p); - if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) + if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) { @@ -489,7 +560,8 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); bn_check_top(r); err: - OPENSSL_free(arr); + if (arr) + OPENSSL_free(arr); return ret; } @@ -537,7 +609,7 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) bn_check_top(a); bn_check_top(p); - if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) + if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) { @@ -547,7 +619,8 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); bn_check_top(r); err: - OPENSSL_free(arr); + if (arr) + OPENSSL_free(arr); return ret; } @@ -961,7 +1034,7 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, bn_check_top(a); bn_check_top(b); bn_check_top(p); - if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) + if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) { @@ -971,7 +1044,8 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); bn_check_top(r); err: - OPENSSL_free(arr); + if (arr) + OPENSSL_free(arr); return ret; } @@ -1020,7 +1094,7 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) int *arr = NULL; bn_check_top(a); bn_check_top(p); - if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) + if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) { @@ -1030,7 +1104,8 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); bn_check_top(r); err: - OPENSSL_free(arr); + if (arr) + OPENSSL_free(arr); return ret; } @@ -1089,7 +1164,7 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], if (tmp == NULL) goto err; do { - if (!BN_rand(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + if (!BN_rand(rho, p[0], 0, 0)) goto err; if (!BN_GF2m_mod_arr(rho, rho, p)) goto err; @@ -1150,7 +1225,7 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, int *arr = NULL; bn_check_top(a); bn_check_top(p); - if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) + if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) { @@ -1160,7 +1235,8 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); bn_check_top(r); err: - OPENSSL_free(arr); + if (arr) + OPENSSL_free(arr); return ret; } diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_intern.c b/Cryptlib/OpenSSL/crypto/bn/bn_intern.c deleted file mode 100644 index 2c970647..00000000 --- a/Cryptlib/OpenSSL/crypto/bn/bn_intern.c +++ /dev/null @@ -1,210 +0,0 @@ -/* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include "bn_lcl.h" - -/* - * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. - * This is an array r[] of values that are either zero or odd with an - * absolute value less than 2^w satisfying - * scalar = \sum_j r[j]*2^j - * where at most one of any w+1 consecutive digits is non-zero - * with the exception that the most significant digit may be only - * w-1 zeros away from that next non-zero digit. - */ -signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) -{ - int window_val; - signed char *r = NULL; - int sign = 1; - int bit, next_bit, mask; - size_t len = 0, j; - - if (BN_is_zero(scalar)) { - r = OPENSSL_malloc(1); - if (r == NULL) { - BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); - goto err; - } - r[0] = 0; - *ret_len = 1; - return r; - } - - if (w <= 0 || w > 7) { /* 'signed char' can represent integers with - * absolute values less than 2^7 */ - BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); - goto err; - } - bit = 1 << w; /* at most 128 */ - next_bit = bit << 1; /* at most 256 */ - mask = next_bit - 1; /* at most 255 */ - - if (BN_is_negative(scalar)) { - sign = -1; - } - - if (scalar->d == NULL || scalar->top == 0) { - BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); - goto err; - } - - len = BN_num_bits(scalar); - r = OPENSSL_malloc(len + 1); /* - * Modified wNAF may be one digit longer than binary representation - * (*ret_len will be set to the actual length, i.e. at most - * BN_num_bits(scalar) + 1) - */ - if (r == NULL) { - BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); - goto err; - } - window_val = scalar->d[0] & mask; - j = 0; - while ((window_val != 0) || (j + w + 1 < len)) { /* if j+w+1 >= len, - * window_val will not - * increase */ - int digit = 0; - - /* 0 <= window_val <= 2^(w+1) */ - - if (window_val & 1) { - /* 0 < window_val < 2^(w+1) */ - - if (window_val & bit) { - digit = window_val - next_bit; /* -2^w < digit < 0 */ - -#if 1 /* modified wNAF */ - if (j + w + 1 >= len) { - /* - * Special case for generating modified wNAFs: - * no new bits will be added into window_val, - * so using a positive digit here will decrease - * the total length of the representation - */ - - digit = window_val & (mask >> 1); /* 0 < digit < 2^w */ - } -#endif - } else { - digit = window_val; /* 0 < digit < 2^w */ - } - - if (digit <= -bit || digit >= bit || !(digit & 1)) { - BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); - goto err; - } - - window_val -= digit; - - /* - * now window_val is 0 or 2^(w+1) in standard wNAF generation; - * for modified window NAFs, it may also be 2^w - */ - if (window_val != 0 && window_val != next_bit - && window_val != bit) { - BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); - goto err; - } - } - - r[j++] = sign * digit; - - window_val >>= 1; - window_val += bit * BN_is_bit_set(scalar, j + w); - - if (window_val > next_bit) { - BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); - goto err; - } - } - - if (j > len + 1) { - BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); - goto err; - } - *ret_len = j; - return r; - - err: - OPENSSL_free(r); - return NULL; -} - -int bn_get_top(const BIGNUM *a) -{ - return a->top; -} - -void bn_set_top(BIGNUM *a, int top) -{ - a->top = top; -} - -int bn_get_dmax(const BIGNUM *a) -{ - return a->dmax; -} - -void bn_set_all_zero(BIGNUM *a) -{ - int i; - - for (i = a->top; i < a->dmax; i++) - a->d[i] = 0; -} - -int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size) -{ - if (in->top > size) - return 0; - - memset(out, 0, sizeof(*out) * size); - if (in->d != NULL) - memcpy(out, in->d, sizeof(*out) * in->top); - return 1; -} - -BN_ULONG *bn_get_words(const BIGNUM *a) -{ - return a->d; -} - -void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size) -{ - a->d = words; - a->dmax = a->top = size; - a->neg = 0; - a->flags |= BN_FLG_STATIC_DATA; - bn_correct_top(a); -} - -int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words) -{ - if (bn_wexpand(a, num_words) == NULL) { - BNerr(BN_F_BN_SET_WORDS, ERR_R_MALLOC_FAILURE); - return 0; - } - - memcpy(a->d, words, sizeof(BN_ULONG) * num_words); - a->top = num_words; - bn_correct_top(a); - return 1; -} - -size_t bn_sizeof_BIGNUM(void) -{ - return sizeof(BIGNUM); -} - -BIGNUM *bn_array_el(BIGNUM *base, int el) -{ - return &base[el]; -} diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c index b9bc6cca..88d731ac 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c @@ -1,13 +1,59 @@ -/* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_kron.c */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ -#include "internal/cryptlib.h" +#include "cryptlib.h" #include "bn_lcl.h" /* least significant word */ @@ -46,7 +92,7 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) goto end; /* - * Kronecker symbol, implemented according to Henri Cohen, + * Kronecker symbol, imlemented according to Henri Cohen, * "A Course in Computational Algebraic Number Theory" * (algorithm 1.4.10). */ diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lcl.h b/Cryptlib/OpenSSL/crypto/bn/bn_lcl.h index 5fb38145..00f4f099 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_lcl.h +++ b/Cryptlib/OpenSSL/crypto/bn/bn_lcl.h @@ -1,267 +1,123 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_lcl.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #ifndef HEADER_BN_LCL_H # define HEADER_BN_LCL_H -/* - * The EDK2 build doesn't use bn_conf.h; it sets THIRTY_TWO_BIT or - * SIXTY_FOUR_BIT in its own environment since it doesn't re-run our - * Configure script and needs to support both 32-bit and 64-bit. - */ -# include <openssl/opensslconf.h> - -# if !defined(OPENSSL_SYS_UEFI) -# include "internal/bn_conf.h" -# endif - -# include "internal/bn_int.h" +# include <openssl/bn.h> #ifdef __cplusplus extern "C" { #endif -/* - * These preprocessor symbols control various aspects of the bignum headers - * and library code. They're not defined by any "normal" configuration, as - * they are intended for development and testing purposes. NB: defining all - * three can be useful for debugging application code as well as openssl - * itself. BN_DEBUG - turn on various debugging alterations to the bignum - * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up - * mismanagement of bignum internals. You must also define BN_DEBUG. - */ -/* #define BN_DEBUG */ -/* #define BN_DEBUG_RAND */ - -# ifndef OPENSSL_SMALL_FOOTPRINT -# define BN_MUL_COMBA -# define BN_SQR_COMBA -# define BN_RECURSION -# endif - -/* - * This next option uses the C libraries (2 word)/(1 word) function. If it is - * not defined, I use my C version (which is slower). The reason for this - * flag is that when the particular C compiler library routine is used, and - * the library is linked with a different compiler, the library is missing. - * This mostly happens when the library is built with gcc and then linked - * using normal cc. This would be a common occurrence because gcc normally - * produces code that is 2 times faster than system compilers for the big - * number stuff. For machines with only one compiler (or shared libraries), - * this should be on. Again this in only really a problem on machines using - * "long long's", are 32bit, and are not using my assembler code. - */ -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ - defined(OPENSSL_SYS_WIN32) || defined(linux) -# define BN_DIV2W -# endif - -/* - * 64-bit processor with LP64 ABI - */ -# ifdef SIXTY_FOUR_BIT_LONG -# define BN_ULLONG unsigned long long -# define BN_BITS4 32 -# define BN_MASK2 (0xffffffffffffffffL) -# define BN_MASK2l (0xffffffffL) -# define BN_MASK2h (0xffffffff00000000L) -# define BN_MASK2h1 (0xffffffff80000000L) -# define BN_DEC_CONV (10000000000000000000UL) -# define BN_DEC_NUM 19 -# define BN_DEC_FMT1 "%lu" -# define BN_DEC_FMT2 "%019lu" -# endif - -/* - * 64-bit processor other than LP64 ABI - */ -# ifdef SIXTY_FOUR_BIT -# undef BN_LLONG -# undef BN_ULLONG -# define BN_BITS4 32 -# define BN_MASK2 (0xffffffffffffffffLL) -# define BN_MASK2l (0xffffffffL) -# define BN_MASK2h (0xffffffff00000000LL) -# define BN_MASK2h1 (0xffffffff80000000LL) -# define BN_DEC_CONV (10000000000000000000ULL) -# define BN_DEC_NUM 19 -# define BN_DEC_FMT1 "%llu" -# define BN_DEC_FMT2 "%019llu" -# endif - -# ifdef THIRTY_TWO_BIT -# ifdef BN_LLONG -# if defined(_WIN32) && !defined(__GNUC__) -# define BN_ULLONG unsigned __int64 -# else -# define BN_ULLONG unsigned long long -# endif -# endif -# define BN_BITS4 16 -# define BN_MASK2 (0xffffffffL) -# define BN_MASK2l (0xffff) -# define BN_MASK2h1 (0xffff8000L) -# define BN_MASK2h (0xffff0000L) -# define BN_DEC_CONV (1000000000L) -# define BN_DEC_NUM 9 -# define BN_DEC_FMT1 "%u" -# define BN_DEC_FMT2 "%09u" -# endif - - -/*- - * Bignum consistency macros - * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from - * bignum data after direct manipulations on the data. There is also an - * "internal" macro, bn_check_top(), for verifying that there are no leading - * zeroes. Unfortunately, some auditing is required due to the fact that - * bn_fix_top() has become an overabused duct-tape because bignum data is - * occasionally passed around in an inconsistent state. So the following - * changes have been made to sort this out; - * - bn_fix_top()s implementation has been moved to bn_correct_top() - * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and - * bn_check_top() is as before. - * - if BN_DEBUG *is* defined; - * - bn_check_top() tries to pollute unused words even if the bignum 'top' is - * consistent. (ed: only if BN_DEBUG_RAND is defined) - * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. - * The idea is to have debug builds flag up inconsistent bignums when they - * occur. If that occurs in a bn_fix_top(), we examine the code in question; if - * the use of bn_fix_top() was appropriate (ie. it follows directly after code - * that manipulates the bignum) it is converted to bn_correct_top(), and if it - * was not appropriate, we convert it permanently to bn_check_top() and track - * down the cause of the bug. Eventually, no internal code should be using the - * bn_fix_top() macro. External applications and libraries should try this with - * their own code too, both in terms of building against the openssl headers - * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it - * defined. This not only improves external code, it provides more test - * coverage for openssl's own code. - */ - -# ifdef BN_DEBUG - -# ifdef BN_DEBUG_RAND -/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ -# ifndef RAND_bytes -int RAND_bytes(unsigned char *buf, int num); -# define BN_DEBUG_TRIX -# endif -# define bn_pollute(a) \ - do { \ - const BIGNUM *_bnum1 = (a); \ - if (_bnum1->top < _bnum1->dmax) { \ - unsigned char _tmp_char; \ - /* We cast away const without the compiler knowing, any \ - * *genuinely* constant variables that aren't mutable \ - * wouldn't be constructed with top!=dmax. */ \ - BN_ULONG *_not_const; \ - memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \ - RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\ - memset(_not_const + _bnum1->top, _tmp_char, \ - sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \ - } \ - } while(0) -# ifdef BN_DEBUG_TRIX -# undef RAND_bytes -# endif -# else -# define bn_pollute(a) -# endif -# define bn_check_top(a) \ - do { \ - const BIGNUM *_bnum2 = (a); \ - if (_bnum2 != NULL) { \ - OPENSSL_assert(((_bnum2->top == 0) && !_bnum2->neg) || \ - (_bnum2->top && (_bnum2->d[_bnum2->top - 1] != 0))); \ - bn_pollute(_bnum2); \ - } \ - } while(0) - -# define bn_fix_top(a) bn_check_top(a) - -# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) -# define bn_wcheck_size(bn, words) \ - do { \ - const BIGNUM *_bnum2 = (bn); \ - OPENSSL_assert((words) <= (_bnum2)->dmax && \ - (words) >= (_bnum2)->top); \ - /* avoid unused variable warning with NDEBUG */ \ - (void)(_bnum2); \ - } while(0) - -# else /* !BN_DEBUG */ - -# define bn_pollute(a) -# define bn_check_top(a) -# define bn_fix_top(a) bn_correct_top(a) -# define bn_check_size(bn, bits) -# define bn_wcheck_size(bn, words) - -# endif - -BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, - BN_ULONG w); -BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); -void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); -BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); -BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - int num); -BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - int num); - -struct bignum_st { - BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit - * chunks. */ - int top; /* Index of last used d +1. */ - /* The next are internal book keeping for bn_expand. */ - int dmax; /* Size of the d array. */ - int neg; /* one if the number is negative */ - int flags; -}; - -/* Used for montgomery multiplication */ -struct bn_mont_ctx_st { - int ri; /* number of bits in R */ - BIGNUM RR; /* used to convert to montgomery form */ - BIGNUM N; /* The modulus */ - BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only - * stored for bignum algorithm) */ - BN_ULONG n0[2]; /* least significant word(s) of Ni; (type - * changed with 0.9.9, was "BN_ULONG n0;" - * before) */ - int flags; -}; - -/* - * Used for reciprocal division/mod functions It cannot be shared between - * threads - */ -struct bn_recp_ctx_st { - BIGNUM N; /* the divisor */ - BIGNUM Nr; /* the reciprocal */ - int num_bits; - int shift; - int flags; -}; - -/* Used for slow "generation" functions. */ -struct bn_gencb_st { - unsigned int ver; /* To handle binary (in)compatibility */ - void *arg; /* callback-specific data */ - union { - /* if (ver==1) - handles old style callbacks */ - void (*cb_1) (int, int, void *); - /* if (ver==2) - new callback style */ - int (*cb_2) (int, int, BN_GENCB *); - } cb; -}; - /*- * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions * @@ -287,11 +143,23 @@ struct bn_gencb_st { * (with draws in between). Very small exponents are often selected * with low Hamming weight, so we use w = 1 for b <= 23. */ -# define BN_window_bits_for_exponent_size(b) \ +# if 1 +# define BN_window_bits_for_exponent_size(b) \ ((b) > 671 ? 6 : \ (b) > 239 ? 5 : \ (b) > 79 ? 4 : \ (b) > 23 ? 3 : 1) +# else +/* + * Old SSLeay/OpenSSL table. Maximum window size was 5, so this table differs + * for b==1024; but it coincides for other interesting values (b==160, + * b==512). + */ +# define BN_window_bits_for_exponent_size(b) \ + ((b) > 255 ? 5 : \ + (b) > 127 ? 4 : \ + (b) > 17 ? 3 : 1) +# endif /* * BN_mod_exp_mont_conttime is based on the assumption that the L1 data cache @@ -426,8 +294,8 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, # endif # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) # if defined(__GNUC__) && __GNUC__>=2 -# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 - /* "h" constraint is not an option on R6 and was removed in 4.4 */ +# if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4) + /* "h" constraint is no more since 4.4 */ # define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) # define BN_UMULT_LOHI(low,high,a,b) ({ \ __uint128_t ret=(__uint128_t)(a)*(b); \ @@ -633,10 +501,10 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, } # endif /* !BN_LLONG */ -void BN_RECP_CTX_init(BN_RECP_CTX *recp); -void BN_MONT_CTX_init(BN_MONT_CTX *ctx); +# if defined(OPENSSL_DOING_MAKEDEPEND) && defined(OPENSSL_FIPS) +# undef bn_div_words +# endif -void bn_init(BIGNUM *a); void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb); void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); @@ -662,26 +530,6 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num); -BIGNUM *int_bn_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, - int *noinv); - -int bn_probable_prime_dh(BIGNUM *rnd, int bits, - const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); -int bn_probable_prime_dh_retry(BIGNUM *rnd, int bits, BN_CTX *ctx); -int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx); - -static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits) -{ - if (bits > (INT_MAX - BN_BITS2 + 1)) - return NULL; - - if (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) - return a; - - return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2); -} - #ifdef __cplusplus } #endif diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c index 17d34c31..10b78f51 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c @@ -1,20 +1,76 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_lib.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ +#ifndef BN_DEBUG +# undef NDEBUG /* avoid conflicting definitions */ +# define NDEBUG +#endif + #include <assert.h> #include <limits.h> -#include "internal/cryptlib.h" +#include <stdio.h> +#include "cryptlib.h" #include "bn_lcl.h" -#include <openssl/opensslconf.h> + +const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT; /* This stuff appears to be completely unused, so is deprecated */ -#if OPENSSL_API_COMPAT < 0x00908000L +#ifndef OPENSSL_NO_DEPRECATED /*- * For a 32 bit machine * 2 - 4 == 128 @@ -168,15 +224,6 @@ int BN_num_bits(const BIGNUM *a) return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); } -static void bn_free_d(BIGNUM *a) -{ - if (BN_get_flags(a, BN_FLG_SECURE)) - OPENSSL_secure_free(a->d); - else - OPENSSL_free(a->d); -} - - void BN_clear_free(BIGNUM *a) { int i; @@ -186,11 +233,11 @@ void BN_clear_free(BIGNUM *a) bn_check_top(a); if (a->d != NULL) { OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); - if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) - bn_free_d(a); + if (!(BN_get_flags(a, BN_FLG_STATIC_DATA))) + OPENSSL_free(a->d); } i = BN_get_flags(a, BN_FLG_MALLOCED); - OPENSSL_cleanse(a, sizeof(*a)); + OPENSSL_cleanse(a, sizeof(BIGNUM)); if (i) OPENSSL_free(a); } @@ -200,23 +247,21 @@ void BN_free(BIGNUM *a) if (a == NULL) return; bn_check_top(a); - if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) - bn_free_d(a); + if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) + OPENSSL_free(a->d); if (a->flags & BN_FLG_MALLOCED) OPENSSL_free(a); else { -#if OPENSSL_API_COMPAT < 0x00908000L +#ifndef OPENSSL_NO_DEPRECATED a->flags |= BN_FLG_FREE; #endif a->d = NULL; } } -void bn_init(BIGNUM *a) +void BN_init(BIGNUM *a) { - static BIGNUM nilbn; - - *a = nilbn; + memset(a, 0, sizeof(BIGNUM)); bn_check_top(a); } @@ -224,24 +269,20 @@ BIGNUM *BN_new(void) { BIGNUM *ret; - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { + if ((ret = (BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) { BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE); return (NULL); } ret->flags = BN_FLG_MALLOCED; + ret->top = 0; + ret->neg = 0; + ret->dmax = 0; + ret->d = NULL; bn_check_top(ret); return (ret); } - BIGNUM *BN_secure_new(void) - { - BIGNUM *ret = BN_new(); - if (ret != NULL) - ret->flags |= BN_FLG_SECURE; - return (ret); - } - -/* This is used by bn_expand2() */ +/* This is used both by bn_expand2() and bn_dup_expand() */ /* The caller MUST check that words > b->dmax before calling this */ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) { @@ -259,14 +300,20 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); return (NULL); } - if (BN_get_flags(b, BN_FLG_SECURE)) - a = A = OPENSSL_secure_zalloc(words * sizeof(*a)); - else - a = A = OPENSSL_zalloc(words * sizeof(*a)); + a = A = (BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG) * words); if (A == NULL) { BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE); return (NULL); } +#ifdef PURIFY + /* + * Valgrind complains in BN_consttime_swap because we process the whole + * array even if it's not initialised yet. This doesn't matter in that + * function - what's important is constant time operation (we're not + * actually going to use the data) + */ + memset(a, 0, sizeof(BN_ULONG) * words); +#endif #if 1 B = b->d; @@ -277,7 +324,7 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) * The fact that the loop is unrolled * 4-wise is a tribute to Intel. It's * the one that doesn't have enough - * registers to accommodate more data. + * registers to accomodate more data. * I'd unroll it 8-wise otherwise:-) * * <appro@fy.chalmers.se> @@ -292,6 +339,11 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) A[2] = a2; A[3] = a3; } + /* + * workaround for ultrix cc: without 'case 0', the optimizer does + * the switch table by doing a=top&3; a--; goto jump_table[a]; + * which fails for top== 0 + */ switch (b->top & 3) { case 3: A[2] = B[2]; @@ -300,12 +352,11 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) case 1: A[0] = B[0]; case 0: - /* Without the "case 0" some old optimizers got this wrong. */ ; } } #else - memset(A, 0, sizeof(*A) * words); + memset(A, 0, sizeof(BN_ULONG) * words); memcpy(A, b->d, sizeof(b->d[0]) * b->top); #endif @@ -313,6 +364,58 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) } /* + * This is an internal function that can be used instead of bn_expand2() when + * there is a need to copy BIGNUMs instead of only expanding the data part, + * while still expanding them. Especially useful when needing to expand + * BIGNUMs that are declared 'const' and should therefore not be changed. The + * reason to use this instead of a BN_dup() followed by a bn_expand2() is + * memory allocation overhead. A BN_dup() followed by a bn_expand2() will + * allocate new memory for the BIGNUM data twice, and free it once, while + * bn_dup_expand() makes sure allocation is made only once. + */ + +#ifndef OPENSSL_NO_DEPRECATED +BIGNUM *bn_dup_expand(const BIGNUM *b, int words) +{ + BIGNUM *r = NULL; + + bn_check_top(b); + + /* + * This function does not work if words <= b->dmax && top < words because + * BN_dup() does not preserve 'dmax'! (But bn_dup_expand() is not used + * anywhere yet.) + */ + + if (words > b->dmax) { + BN_ULONG *a = bn_expand_internal(b, words); + + if (a) { + r = BN_new(); + if (r) { + r->top = b->top; + r->dmax = words; + r->neg = b->neg; + r->d = a; + } else { + /* r == NULL, BN_new failure */ + OPENSSL_free(a); + } + } + /* + * If a == NULL, there was an error in allocation in + * bn_expand_internal(), and NULL should be returned + */ + } else { + r = BN_dup(b); + } + + bn_check_top(r); + return r; +} +#endif + +/* * This is an internal function that should not be used in applications. It * ensures that 'b' has enough room for a 'words' word number and initialises * any unused part of b->d with leading zeros. It is mostly used by the @@ -328,14 +431,35 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) BN_ULONG *a = bn_expand_internal(b, words); if (!a) return NULL; - if (b->d) { - OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0])); - bn_free_d(b); - } + if (b->d) + OPENSSL_free(b->d); b->d = a; b->dmax = words; } +/* None of this should be necessary because of what b->top means! */ +#if 0 + /* + * NB: bn_wexpand() calls this only if the BIGNUM really has to grow + */ + if (b->top < b->dmax) { + int i; + BN_ULONG *A = &(b->d[b->top]); + for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) { + A[0] = 0; + A[1] = 0; + A[2] = 0; + A[3] = 0; + A[4] = 0; + A[5] = 0; + A[6] = 0; + A[7] = 0; + } + for (i = (b->dmax - b->top) & 7; i > 0; i--, A++) + A[0] = 0; + assert(A == &(b->d[b->dmax])); + } +#endif bn_check_top(b); return b; } @@ -348,7 +472,7 @@ BIGNUM *BN_dup(const BIGNUM *a) return NULL; bn_check_top(a); - t = BN_get_flags(a, BN_FLG_SECURE) ? BN_secure_new() : BN_new(); + t = BN_new(); if (t == NULL) return NULL; if (!BN_copy(t, a)) { @@ -445,7 +569,7 @@ void BN_clear(BIGNUM *a) { bn_check_top(a); if (a->d != NULL) - OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax); + OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); a->top = 0; a->neg = 0; } @@ -484,9 +608,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) if (ret == NULL) return (NULL); bn_check_top(ret); - /* Skip leading zero's. */ - for ( ; len > 0 && *s == 0; s++, len--) - continue; + l = 0; n = len; if (n == 0) { ret->top = 0; @@ -495,12 +617,12 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) i = ((n - 1) / BN_BYTES) + 1; m = ((n - 1) % (BN_BYTES)); if (bn_wexpand(ret, (int)i) == NULL) { - BN_free(bn); + if (bn) + BN_free(bn); return NULL; } ret->top = i; ret->neg = 0; - l = 0; while (n--) { l = (l << 8L) | *(s++); if (m-- == 0) { @@ -518,106 +640,18 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) } /* ignore negative */ -static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) -{ - int i; - BN_ULONG l; - - bn_check_top(a); - i = BN_num_bytes(a); - if (tolen == -1) - tolen = i; - else if (tolen < i) - return -1; - /* Add leading zeroes if necessary */ - if (tolen > i) { - memset(to, 0, tolen - i); - to += tolen - i; - } - while (i--) { - l = a->d[i / BN_BYTES]; - *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; - } - return tolen; -} - -int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) -{ - if (tolen < 0) - return -1; - return bn2binpad(a, to, tolen); -} - int BN_bn2bin(const BIGNUM *a, unsigned char *to) { - return bn2binpad(a, to, -1); -} - -BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret) -{ - unsigned int i, m; - unsigned int n; + int n, i; BN_ULONG l; - BIGNUM *bn = NULL; - - if (ret == NULL) - ret = bn = BN_new(); - if (ret == NULL) - return (NULL); - bn_check_top(ret); - s += len; - /* Skip trailing zeroes. */ - for ( ; len > 0 && s[-1] == 0; s--, len--) - continue; - n = len; - if (n == 0) { - ret->top = 0; - return ret; - } - i = ((n - 1) / BN_BYTES) + 1; - m = ((n - 1) % (BN_BYTES)); - if (bn_wexpand(ret, (int)i) == NULL) { - BN_free(bn); - return NULL; - } - ret->top = i; - ret->neg = 0; - l = 0; - while (n--) { - s--; - l = (l << 8L) | *s; - if (m-- == 0) { - ret->d[--i] = l; - l = 0; - m = BN_BYTES - 1; - } - } - /* - * need to call this due to clear byte at top if avoiding having the top - * bit set (-ve number) - */ - bn_correct_top(ret); - return ret; -} -int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen) -{ - int i; - BN_ULONG l; bn_check_top(a); - i = BN_num_bytes(a); - if (tolen < i) - return -1; - /* Add trailing zeroes if necessary */ - if (tolen > i) - memset(to + i, 0, tolen - i); - to += i; + n = i = BN_num_bytes(a); while (i--) { l = a->d[i / BN_BYTES]; - to--; - *to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; + *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; } - return tolen; + return (n); } int BN_ucmp(const BIGNUM *a, const BIGNUM *b) @@ -793,9 +827,9 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) /* * Here follows a specialised variants of bn_cmp_words(). It has the - * capability of performing the operation on arrays of different sizes. The + * property of performing the operation on arrays of different sizes. The * sizes of those arrays is expressed through cl, which is the common length - * ( basically, min(len(a),len(b)) ), and dl, which is the delta between the + * ( basicall, min(len(a),len(b)) ), and dl, which is the delta between the * two lengths, calculated as len(a)-len(b). All lengths are the number of * BN_ULONGs... */ @@ -880,158 +914,3 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) } #undef BN_CONSTTIME_SWAP } - -/* Bits of security, see SP800-57 */ - -int BN_security_bits(int L, int N) -{ - int secbits, bits; - if (L >= 15360) - secbits = 256; - else if (L >= 7690) - secbits = 192; - else if (L >= 3072) - secbits = 128; - else if (L >= 2048) - secbits = 112; - else if (L >= 1024) - secbits = 80; - else - return 0; - if (N == -1) - return secbits; - bits = N / 2; - if (bits < 80) - return 0; - return bits >= secbits ? secbits : bits; -} - -void BN_zero_ex(BIGNUM *a) -{ - a->top = 0; - a->neg = 0; -} - -int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w) -{ - return ((a->top == 1) && (a->d[0] == w)) || ((w == 0) && (a->top == 0)); -} - -int BN_is_zero(const BIGNUM *a) -{ - return a->top == 0; -} - -int BN_is_one(const BIGNUM *a) -{ - return BN_abs_is_word(a, 1) && !a->neg; -} - -int BN_is_word(const BIGNUM *a, const BN_ULONG w) -{ - return BN_abs_is_word(a, w) && (!w || !a->neg); -} - -int BN_is_odd(const BIGNUM *a) -{ - return (a->top > 0) && (a->d[0] & 1); -} - -int BN_is_negative(const BIGNUM *a) -{ - return (a->neg != 0); -} - -int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx) -{ - return BN_mod_mul_montgomery(r, a, &(mont->RR), mont, ctx); -} - -void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags) -{ - dest->d = b->d; - dest->top = b->top; - dest->dmax = b->dmax; - dest->neg = b->neg; - dest->flags = ((dest->flags & BN_FLG_MALLOCED) - | (b->flags & ~BN_FLG_MALLOCED) - | BN_FLG_STATIC_DATA | flags); -} - -BN_GENCB *BN_GENCB_new(void) -{ - BN_GENCB *ret; - - if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { - BNerr(BN_F_BN_GENCB_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); - } - - return ret; -} - -void BN_GENCB_free(BN_GENCB *cb) -{ - if (cb == NULL) - return; - OPENSSL_free(cb); -} - -void BN_set_flags(BIGNUM *b, int n) -{ - b->flags |= n; -} - -int BN_get_flags(const BIGNUM *b, int n) -{ - return b->flags & n; -} - -/* Populate a BN_GENCB structure with an "old"-style callback */ -void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *), - void *cb_arg) -{ - BN_GENCB *tmp_gencb = gencb; - tmp_gencb->ver = 1; - tmp_gencb->arg = cb_arg; - tmp_gencb->cb.cb_1 = callback; -} - -/* Populate a BN_GENCB structure with a "new"-style callback */ -void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), - void *cb_arg) -{ - BN_GENCB *tmp_gencb = gencb; - tmp_gencb->ver = 2; - tmp_gencb->arg = cb_arg; - tmp_gencb->cb.cb_2 = callback; -} - -void *BN_GENCB_get_arg(BN_GENCB *cb) -{ - return cb->arg; -} - -BIGNUM *bn_wexpand(BIGNUM *a, int words) -{ - return (words <= a->dmax) ? a : bn_expand2(a, words); -} - -void bn_correct_top(BIGNUM *a) -{ - BN_ULONG *ftl; - int tmp_top = a->top; - - if (tmp_top > 0) { - for (ftl = &(a->d[tmp_top]); tmp_top > 0; tmp_top--) { - ftl--; - if (*ftl != 0) - break; - } - a->top = tmp_top; - } - if (a->top == 0) - a->neg = 0; - bn_pollute(a); -} diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c index 13b583f7..ffbce890 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c @@ -1,15 +1,129 @@ +/* crypto/bn/bn_mod.c */ /* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> + * for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ -#include "internal/cryptlib.h" +#include "cryptlib.h" #include "bn_lcl.h" +#if 0 /* now just a #define */ +int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) +{ + return (BN_div(NULL, rem, m, d, ctx)); + /* note that rem->neg == m->neg (unless the remainder is zero) */ +} +#endif + int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) { /* @@ -148,7 +262,8 @@ int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); bn_check_top(r); - BN_free(abs_m); + if (abs_m) + BN_free(abs_m); return ret; } diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c index 6d37279a..be95bd55 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c @@ -1,10 +1,112 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_mont.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ /* @@ -14,7 +116,8 @@ * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf */ -#include "internal/cryptlib.h" +#include <stdio.h> +#include "cryptlib.h" #include "bn_lcl.h" #define MONT_WORD /* use the faster word-based algorithm */ @@ -94,15 +197,36 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) rp = r->d; /* clear the top words of T */ - i = max - r->top; - if (i) - memset(&rp[r->top], 0, sizeof(*rp) * i); +# if 1 + for (i = r->top; i < max; i++) /* memset? XXX */ + rp[i] = 0; +# else + memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG)); +# endif r->top = max; n0 = mont->n0[0]; +# ifdef BN_COUNT + fprintf(stderr, "word BN_from_montgomery_word %d * %d\n", nl, nl); +# endif for (carry = 0, i = 0; i < nl; i++, rp++) { +# ifdef __TANDEM + { + long long t1; + long long t2; + long long t3; + t1 = rp[0] * (n0 & 0177777); + t2 = 037777600000l; + t2 = n0 & t2; + t3 = rp[0] & 0177777; + t2 = (t3 * t2) & BN_MASK2; + t1 = t1 + t2; + v = bn_mul_add_words(rp, np, nl, (BN_ULONG)t1); + } +# else v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2); +# endif v = (v + carry + rp[nl]) & BN_MASK2; carry |= (v != rp[nl]); carry &= (v <= rp[nl]); @@ -214,7 +338,7 @@ BN_MONT_CTX *BN_MONT_CTX_new(void) { BN_MONT_CTX *ret; - if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) + if ((ret = (BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL) return (NULL); BN_MONT_CTX_init(ret); @@ -225,9 +349,9 @@ BN_MONT_CTX *BN_MONT_CTX_new(void) void BN_MONT_CTX_init(BN_MONT_CTX *ctx) { ctx->ri = 0; - bn_init(&(ctx->RR)); - bn_init(&(ctx->N)); - bn_init(&(ctx->Ni)); + BN_init(&(ctx->RR)); + BN_init(&(ctx->N)); + BN_init(&(ctx->Ni)); ctx->n0[0] = ctx->n0[1] = 0; ctx->flags = 0; } @@ -265,7 +389,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) BIGNUM tmod; BN_ULONG buf[2]; - bn_init(&tmod); + BN_init(&tmod); tmod.d = buf; tmod.dmax = 2; tmod.neg = 0; @@ -395,14 +519,14 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) return (to); } -BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, const BIGNUM *mod, BN_CTX *ctx) { BN_MONT_CTX *ret; - CRYPTO_THREAD_read_lock(lock); + CRYPTO_r_lock(lock); ret = *pmont; - CRYPTO_THREAD_unlock(lock); + CRYPTO_r_unlock(lock); if (ret) return ret; @@ -415,7 +539,7 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, * (the losers throw away the work they've done). */ ret = BN_MONT_CTX_new(); - if (ret == NULL) + if (!ret) return NULL; if (!BN_MONT_CTX_set(ret, mod, ctx)) { BN_MONT_CTX_free(ret); @@ -423,12 +547,12 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, } /* The locked compare-and-set, after the local work is done. */ - CRYPTO_THREAD_write_lock(lock); + CRYPTO_w_lock(lock); if (*pmont) { BN_MONT_CTX_free(ret); ret = *pmont; } else *pmont = ret; - CRYPTO_THREAD_unlock(lock); + CRYPTO_w_unlock(lock); return ret; } diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c index 043e21d2..3bd40bbd 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c @@ -1,14 +1,63 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_mpi.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ #include <stdio.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include "bn_lcl.h" int BN_bn2mpi(const BIGNUM *a, unsigned char *d) @@ -39,48 +88,41 @@ int BN_bn2mpi(const BIGNUM *a, unsigned char *d) return (num + 4 + ext); } -BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain) +BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) { long len; int neg = 0; - BIGNUM *a = NULL; if (n < 4) { BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH); - return NULL; + return (NULL); } len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int) d[3]; if ((len + 4) != n) { BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR); - return NULL; + return (NULL); } - if (ain == NULL) + if (a == NULL) a = BN_new(); - else - a = ain; - if (a == NULL) - return NULL; + return (NULL); if (len == 0) { a->neg = 0; a->top = 0; - return a; + return (a); } d += 4; if ((*d) & 0x80) neg = 1; - if (BN_bin2bn(d, (int)len, a) == NULL) { - if (ain == NULL) - BN_free(a); - return NULL; - } + if (BN_bin2bn(d, (int)len, a) == NULL) + return (NULL); a->neg = neg; if (neg) { BN_clear_bit(a, BN_num_bits(a) - 1); } bn_check_top(a); - return a; + return (a); } diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c index 4a0a9505..3c618dc3 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c @@ -1,14 +1,69 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_mul.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ +#ifndef BN_DEBUG +# undef NDEBUG /* avoid conflicting definitions */ +# define NDEBUG +#endif + +#include <stdio.h> #include <assert.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include "bn_lcl.h" #if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS) @@ -16,7 +71,7 @@ * Here follows specialised variants of bn_add_words() and bn_sub_words(). * They have the property performing operations on arrays of different sizes. * The sizes of those arrays is expressed through cl, which is the common - * length ( basically, min(len(a),len(b)) ), and dl, which is the delta + * length ( basicall, min(len(a),len(b)) ), and dl, which is the delta * between the two lengths, calculated as len(a)-len(b). All lengths are the * number of BN_ULONGs... For the operations that require a result array as * parameter, it must have the length cl+abs(dl). These functions should @@ -41,6 +96,10 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, b += cl; if (dl < 0) { +# ifdef BN_COUNT + fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, + dl, c); +# endif for (;;) { t = b[0]; r[0] = (0 - t - c) & BN_MASK2; @@ -75,6 +134,10 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, } } else { int save_dl = dl; +# ifdef BN_COUNT + fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, + dl, c); +# endif while (c) { t = a[0]; r[0] = (t - c) & BN_MASK2; @@ -109,6 +172,10 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, r += 4; } if (dl > 0) { +# ifdef BN_COUNT + fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", + cl, dl); +# endif if (save_dl > dl) { switch (save_dl - dl) { case 1: @@ -129,6 +196,10 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, } } if (dl > 0) { +# ifdef BN_COUNT + fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", + cl, dl); +# endif for (;;) { r[0] = a[0]; if (--dl <= 0) @@ -170,6 +241,10 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, if (dl < 0) { int save_dl = dl; +#ifdef BN_COUNT + fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, + dl, c); +#endif while (c) { l = (c + b[0]) & BN_MASK2; c = (l < c); @@ -200,6 +275,10 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, r += 4; } if (dl < 0) { +#ifdef BN_COUNT + fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", + cl, dl); +#endif if (save_dl < dl) { switch (dl - save_dl) { case 1: @@ -220,6 +299,10 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, } } if (dl < 0) { +#ifdef BN_COUNT + fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", + cl, dl); +#endif for (;;) { r[0] = b[0]; if (++dl >= 0) @@ -240,6 +323,9 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, } } else { int save_dl = dl; +#ifdef BN_COUNT + fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl); +#endif while (c) { t = (a[0] + c) & BN_MASK2; c = (t < c); @@ -269,6 +355,10 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, a += 4; r += 4; } +#ifdef BN_COUNT + fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, + dl); +#endif if (dl > 0) { if (save_dl > dl) { switch (save_dl - dl) { @@ -290,6 +380,10 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, } } if (dl > 0) { +#ifdef BN_COUNT + fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", + cl, dl); +#endif for (;;) { r[0] = a[0]; if (--dl <= 0) @@ -338,6 +432,9 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, unsigned int neg, zero; BN_ULONG ln, lo, *p; +# ifdef BN_COUNT + fprintf(stderr, " bn_mul_recursive %d%+d * %d%+d\n", n2, dna, n2, dnb); +# endif # ifdef BN_MUL_COMBA # if 0 if (n2 == 4) { @@ -404,7 +501,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, if (!zero) bn_mul_comba4(&(t[n2]), t, &(t[n])); else - memset(&t[n2], 0, sizeof(*t) * 8); + memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG)); bn_mul_comba4(r, a, b); bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n])); @@ -414,7 +511,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, if (!zero) bn_mul_comba8(&(t[n2]), t, &(t[n])); else - memset(&t[n2], 0, sizeof(*t) * 16); + memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG)); bn_mul_comba8(r, a, b); bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n])); @@ -425,7 +522,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, if (!zero) bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); else - memset(&t[n2], 0, sizeof(*t) * n2); + memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); bn_mul_recursive(r, a, b, n, 0, 0, p); bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p); } @@ -484,6 +581,10 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, int c1, c2, neg; BN_ULONG ln, lo, *p; +# ifdef BN_COUNT + fprintf(stderr, " bn_mul_part_recursive (%d%+d) * (%d%+d)\n", + n, tna, n, tnb); +# endif if (n < 8) { bn_mul_normal(r, a, n + tna, b, n + tnb); return; @@ -530,14 +631,14 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, bn_mul_comba4(&(t[n2]), t, &(t[n])); bn_mul_comba4(r, a, b); bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn); - memset(&r[n2 + tn * 2], 0, sizeof(*r) * (n2 - tn * 2)); + memset(&(r[n2 + tn * 2]), 0, sizeof(BN_ULONG) * (n2 - tn * 2)); } else # endif if (n == 8) { bn_mul_comba8(&(t[n2]), t, &(t[n])); bn_mul_comba8(r, a, b); bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); - memset(&r[n2 + tna + tnb], 0, sizeof(*r) * (n2 - tna - tnb)); + memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb)); } else { p = &(t[n2 * 2]); bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); @@ -553,7 +654,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, if (j == 0) { bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), i, tna - i, tnb - i, p); - memset(&r[n2 + i * 2], 0, sizeof(*r) * (n2 - i * 2)); + memset(&(r[n2 + i * 2]), 0, sizeof(BN_ULONG) * (n2 - i * 2)); } else if (j > 0) { /* eg, n == 16, i == 8 and tn == 11 */ bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]), i, tna - i, tnb - i, p); @@ -561,7 +662,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, sizeof(BN_ULONG) * (n2 - tna - tnb)); } else { /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ - memset(&r[n2], 0, sizeof(*r) * n2); + memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2); if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) { bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); @@ -640,6 +741,10 @@ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, { int n = n2 / 2; +# ifdef BN_COUNT + fprintf(stderr, " bn_mul_low_recursive %d * %d\n", n2, n2); +# endif + bn_mul_recursive(r, a, b, n, 0, 0, &(t[0])); if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) { bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2])); @@ -668,6 +773,9 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, int neg, oneg, zero; BN_ULONG ll, lc, *lp, *mp; +# ifdef BN_COUNT + fprintf(stderr, " bn_mul_high %d * %d\n", n2, n2); +# endif n = n2 / 2; /* Calculate (al-ah)*(bh-bl) */ @@ -729,8 +837,9 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, */ if (l != NULL) { lp = &(t[n2 + n]); - bn_add_words(lp, &(r[0]), &(l[0]), n); + c1 = (int)(bn_add_words(lp, &(r[0]), &(l[0]), n)); } else { + c1 = 0; lp = &(r[0]); } @@ -838,6 +947,10 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) int j = 0, k; #endif +#ifdef BN_COUNT + fprintf(stderr, "BN_mul %d * %d\n", a->top, b->top); +#endif + bn_check_top(a); bn_check_top(b); bn_check_top(r); @@ -857,6 +970,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) goto err; } else rr = r; + rr->neg = a->neg ^ b->neg; #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) i = al - bl; @@ -968,7 +1082,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) end: #endif - rr->neg = a->neg ^ b->neg; bn_correct_top(rr); if (r != rr && BN_copy(r, rr) == NULL) goto err; @@ -984,6 +1097,10 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) { BN_ULONG *rr; +#ifdef BN_COUNT + fprintf(stderr, " bn_mul_normal %d * %d\n", na, nb); +#endif + if (na < nb) { int itmp; BN_ULONG *ltmp; @@ -1024,6 +1141,9 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) { +#ifdef BN_COUNT + fprintf(stderr, " bn_mul_low_normal %d * %d\n", n, n); +#endif bn_mul_words(r, a, n, b[0]); for (;;) { diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c index 53598f97..4a45404c 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c @@ -1,14 +1,63 @@ +/* crypto/bn/bn_nist.c */ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Nils Larsch for the OpenSSL project + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include "bn_lcl.h" -#include "internal/cryptlib.h" +#include "cryptlib.h" #define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 #define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 @@ -330,8 +379,8 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, PTR_SIZE_INT mask; static const BIGNUM _bignum_nist_p_192_sqr = { (BN_ULONG *)_nist_p_192_sqr, - OSSL_NELEM(_nist_p_192_sqr), - OSSL_NELEM(_nist_p_192_sqr), + sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), + sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), 0, BN_FLG_STATIC_DATA }; @@ -475,8 +524,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, } u; static const BIGNUM _bignum_nist_p_224_sqr = { (BN_ULONG *)_nist_p_224_sqr, - OSSL_NELEM(_nist_p_224_sqr), - OSSL_NELEM(_nist_p_224_sqr), + sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), + sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), 0, BN_FLG_STATIC_DATA }; @@ -596,7 +645,7 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, #endif } else if (carry < 0) { /* - * it's a bit more complicated logic in this case. if bn_add_words + * it's a bit more comlicated logic in this case. if bn_add_words * yields no carry, then result has to be adjusted by unconditionally * *adding* the modulus. but if it does, then result has to be * compared to the modulus and conditionally adjusted by @@ -656,8 +705,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, } u; static const BIGNUM _bignum_nist_p_256_sqr = { (BN_ULONG *)_nist_p_256_sqr, - OSSL_NELEM(_nist_p_256_sqr), - OSSL_NELEM(_nist_p_256_sqr), + sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), + sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), 0, BN_FLG_STATIC_DATA }; @@ -902,8 +951,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, } u; static const BIGNUM _bignum_nist_p_384_sqr = { (BN_ULONG *)_nist_p_384_sqr, - OSSL_NELEM(_nist_p_384_sqr), - OSSL_NELEM(_nist_p_384_sqr), + sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), + sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), 0, BN_FLG_STATIC_DATA }; @@ -1160,8 +1209,8 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, PTR_SIZE_INT mask; static const BIGNUM _bignum_nist_p_521_sqr = { (BN_ULONG *)_nist_p_521_sqr, - OSSL_NELEM(_nist_p_521_sqr), - OSSL_NELEM(_nist_p_521_sqr), + sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), + sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), 0, BN_FLG_STATIC_DATA }; @@ -1190,20 +1239,9 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP); /* ... and right shift */ for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) { -#if 0 - /* - * MSC ARM compiler [version 2013, presumably even earlier, - * much earlier] miscompiles this code, but not one in - * #else section. See RT#3541. - */ - tmp = val >> BN_NIST_521_RSHIFT; - val = t_d[i + 1]; - t_d[i] = (tmp | val << BN_NIST_521_LSHIFT) & BN_MASK2; -#else t_d[i] = (val >> BN_NIST_521_RSHIFT | (tmp = t_d[i + 1]) << BN_NIST_521_LSHIFT) & BN_MASK2; val = tmp; -#endif } t_d[i] = val >> BN_NIST_521_RSHIFT; /* lower 521 bits */ @@ -1222,18 +1260,3 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, return 1; } - -int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a, - const BIGNUM *field, BN_CTX *ctx) { - if (BN_ucmp(&_bignum_nist_p_192, p) == 0) - return BN_nist_mod_192; - if (BN_ucmp(&_bignum_nist_p_224, p) == 0) - return BN_nist_mod_224; - if (BN_ucmp(&_bignum_nist_p_256, p) == 0) - return BN_nist_mod_256; - if (BN_ucmp(&_bignum_nist_p_384, p) == 0) - return BN_nist_mod_384; - if (BN_ucmp(&_bignum_nist_p_521, p) == 0) - return BN_nist_mod_521; - return 0; -} diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c index 7103acfe..4dab3bba 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c @@ -1,18 +1,125 @@ -/* - * WARNING: do not edit! - * Generated by crypto/bn/bn_prime.pl - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_prime.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <time.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include "bn_lcl.h" +#include <openssl/rand.h> + +/* + * NB: these functions have been "upgraded", the deprecated versions (which + * are compatibility wrappers using these functions) are in bn_depr.c. - + * Geoff + */ /* * The quick sieve algorithm approach to weeding out primes is Philip @@ -25,56 +132,11 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont); static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods); -static int probable_prime_dh_safe(BIGNUM *rnd, int bits, - const BIGNUM *add, const BIGNUM *rem, - BN_CTX *ctx); - -static const int prime_offsets[480] = { - 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, - 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, - 167, 169, 173, 179, 181, 191, 193, 197, 199, 211, 221, 223, 227, 229, - 233, 239, 241, 247, 251, 257, 263, 269, 271, 277, 281, 283, 289, 293, - 299, 307, 311, 313, 317, 323, 331, 337, 347, 349, 353, 359, 361, 367, - 373, 377, 379, 383, 389, 391, 397, 401, 403, 409, 419, 421, 431, 433, - 437, 439, 443, 449, 457, 461, 463, 467, 479, 481, 487, 491, 493, 499, - 503, 509, 521, 523, 527, 529, 533, 541, 547, 551, 557, 559, 563, 569, - 571, 577, 587, 589, 593, 599, 601, 607, 611, 613, 617, 619, 629, 631, - 641, 643, 647, 653, 659, 661, 667, 673, 677, 683, 689, 691, 697, 701, - 703, 709, 713, 719, 727, 731, 733, 739, 743, 751, 757, 761, 767, 769, - 773, 779, 787, 793, 797, 799, 809, 811, 817, 821, 823, 827, 829, 839, - 841, 851, 853, 857, 859, 863, 871, 877, 881, 883, 887, 893, 899, 901, - 907, 911, 919, 923, 929, 937, 941, 943, 947, 949, 953, 961, 967, 971, - 977, 983, 989, 991, 997, 1003, 1007, 1009, 1013, 1019, 1021, 1027, 1031, - 1033, 1037, 1039, 1049, 1051, 1061, 1063, 1069, 1073, 1079, 1081, 1087, - 1091, 1093, 1097, 1103, 1109, 1117, 1121, 1123, 1129, 1139, 1147, 1151, - 1153, 1157, 1159, 1163, 1171, 1181, 1187, 1189, 1193, 1201, 1207, 1213, - 1217, 1219, 1223, 1229, 1231, 1237, 1241, 1247, 1249, 1259, 1261, 1271, - 1273, 1277, 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, 1313, 1319, - 1321, 1327, 1333, 1339, 1343, 1349, 1357, 1361, 1363, 1367, 1369, 1373, - 1381, 1387, 1391, 1399, 1403, 1409, 1411, 1417, 1423, 1427, 1429, 1433, - 1439, 1447, 1451, 1453, 1457, 1459, 1469, 1471, 1481, 1483, 1487, 1489, - 1493, 1499, 1501, 1511, 1513, 1517, 1523, 1531, 1537, 1541, 1543, 1549, - 1553, 1559, 1567, 1571, 1577, 1579, 1583, 1591, 1597, 1601, 1607, 1609, - 1613, 1619, 1621, 1627, 1633, 1637, 1643, 1649, 1651, 1657, 1663, 1667, - 1669, 1679, 1681, 1691, 1693, 1697, 1699, 1703, 1709, 1711, 1717, 1721, - 1723, 1733, 1739, 1741, 1747, 1751, 1753, 1759, 1763, 1769, 1777, 1781, - 1783, 1787, 1789, 1801, 1807, 1811, 1817, 1819, 1823, 1829, 1831, 1843, - 1847, 1849, 1853, 1861, 1867, 1871, 1873, 1877, 1879, 1889, 1891, 1901, - 1907, 1909, 1913, 1919, 1921, 1927, 1931, 1933, 1937, 1943, 1949, 1951, - 1957, 1961, 1963, 1973, 1979, 1987, 1993, 1997, 1999, 2003, 2011, 2017, - 2021, 2027, 2029, 2033, 2039, 2041, 2047, 2053, 2059, 2063, 2069, 2071, - 2077, 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2117, 2119, 2129, 2131, - 2137, 2141, 2143, 2147, 2153, 2159, 2161, 2171, 2173, 2179, 2183, 2197, - 2201, 2203, 2207, 2209, 2213, 2221, 2227, 2231, 2237, 2239, 2243, 2249, - 2251, 2257, 2263, 2267, 2269, 2273, 2279, 2281, 2287, 2291, 2293, 2297, - 2309, 2311 -}; - -static const int prime_offset_count = 480; -static const int prime_multiplier = 2310; -static const int prime_multiplier_bits = 11; /* 2^|prime_multiplier_bits| <= - * |prime_multiplier| */ -static const int first_prime_index = 5; +static int probable_prime_dh(BIGNUM *rnd, int bits, + const BIGNUM *add, const BIGNUM *rem, + BN_CTX *ctx); +static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add, + const BIGNUM *rem, BN_CTX *ctx); int BN_GENCB_call(BN_GENCB *cb, int a, int b) { @@ -108,20 +170,9 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, prime_t *mods = NULL; int checks = BN_prime_checks_for_size(bits); - if (bits < 2) { - /* There are no prime numbers this small. */ - BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); - return 0; - } else if (bits == 2 && safe) { - /* The smallest safe prime (7) is three bits. */ - BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); - return 0; - } - - mods = OPENSSL_zalloc(sizeof(*mods) * NUMPRIMES); + mods = OPENSSL_malloc(sizeof(*mods) * NUMPRIMES); if (mods == NULL) goto err; - ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -139,11 +190,11 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, if (!probable_prime_dh_safe(ret, bits, add, rem, ctx)) goto err; } else { - if (!bn_probable_prime_dh(ret, bits, add, rem, ctx)) + if (!probable_prime_dh(ret, bits, add, rem, ctx)) goto err; } } - + /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */ if (!BN_GENCB_call(cb, 0, c1++)) /* aborted */ goto err; @@ -184,9 +235,10 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, found = 1; err: OPENSSL_free(mods); - if (ctx != NULL) + if (ctx != NULL) { BN_CTX_end(ctx); - BN_CTX_free(ctx); + BN_CTX_free(ctx); + } bn_check_top(ret); return found; } @@ -218,13 +270,9 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, /* a is even => a is prime if and only if a == 2 */ return BN_is_word(a, 2); if (do_trial_division) { - for (i = 1; i < NUMPRIMES; i++) { - BN_ULONG mod = BN_mod_word(a, primes[i]); - if (mod == (BN_ULONG)-1) - goto err; - if (mod == 0) + for (i = 1; i < NUMPRIMES; i++) + if (BN_mod_word(a, primes[i]) == 0) return 0; - } if (!BN_GENCB_call(cb, 1, -1)) goto err; } @@ -300,88 +348,12 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, if (ctx_passed == NULL) BN_CTX_free(ctx); } - BN_MONT_CTX_free(mont); + if (mont != NULL) + BN_MONT_CTX_free(mont); return (ret); } -int bn_probable_prime_dh_retry(BIGNUM *rnd, int bits, BN_CTX *ctx) -{ - int i; - int ret = 0; - - loop: - if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) - goto err; - - /* we now have a random number 'rand' to test. */ - - for (i = 1; i < NUMPRIMES; i++) { - /* check that rnd is a prime */ - BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); - if (mod == (BN_ULONG)-1) - goto err; - if (mod <= 1) { - goto loop; - } - } - ret = 1; - - err: - bn_check_top(rnd); - return (ret); -} - -int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx) -{ - int i; - BIGNUM *offset_index; - BIGNUM *offset_count; - int ret = 0; - - OPENSSL_assert(bits > prime_multiplier_bits); - - BN_CTX_start(ctx); - if ((offset_index = BN_CTX_get(ctx)) == NULL) - goto err; - if ((offset_count = BN_CTX_get(ctx)) == NULL) - goto err; - - if (!BN_add_word(offset_count, prime_offset_count)) - goto err; - - loop: - if (!BN_rand(rnd, bits - prime_multiplier_bits, - BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) - goto err; - if (BN_is_bit_set(rnd, bits)) - goto loop; - if (!BN_rand_range(offset_index, offset_count)) - goto err; - - if (!BN_mul_word(rnd, prime_multiplier) - || !BN_add_word(rnd, prime_offsets[BN_get_word(offset_index)])) - goto err; - - /* we now have a random number 'rand' to test. */ - - /* skip coprimes */ - for (i = first_prime_index; i < NUMPRIMES; i++) { - /* check that rnd is a prime */ - BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); - if (mod == (BN_ULONG)-1) - goto err; - if (mod <= 1) - goto loop; - } - ret = 1; - - err: - BN_CTX_end(ctx); - bn_check_top(rnd); - return ret; -} - static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont) @@ -412,87 +384,37 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods) { int i; - BN_ULONG delta; - BN_ULONG maxdelta = BN_MASK2 - primes[NUMPRIMES - 1]; - char is_single_word = bits <= BN_BITS2; + BN_ULONG delta, maxdelta; again: - if (!BN_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD)) + if (!BN_rand(rnd, bits, 1, 1)) return (0); - /* we now have a random number 'rnd' to test. */ - for (i = 1; i < NUMPRIMES; i++) { - BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); - if (mod == (BN_ULONG)-1) - return 0; - mods[i] = (prime_t) mod; - } - /* - * If bits is so small that it fits into a single word then we - * additionally don't want to exceed that many bits. - */ - if (is_single_word) { - BN_ULONG size_limit; - - if (bits == BN_BITS2) { - /* - * Shifting by this much has undefined behaviour so we do it a - * different way - */ - size_limit = ~((BN_ULONG)0) - BN_get_word(rnd); - } else { - size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1; - } - if (size_limit < maxdelta) - maxdelta = size_limit; - } + /* we now have a random number 'rand' to test. */ + for (i = 1; i < NUMPRIMES; i++) + mods[i] = (prime_t) BN_mod_word(rnd, (BN_ULONG)primes[i]); + maxdelta = BN_MASK2 - primes[NUMPRIMES - 1]; delta = 0; - loop: - if (is_single_word) { - BN_ULONG rnd_word = BN_get_word(rnd); - - /*- - * In the case that the candidate prime is a single word then - * we check that: - * 1) It's greater than primes[i] because we shouldn't reject - * 3 as being a prime number because it's a multiple of - * three. - * 2) That it's not a multiple of a known prime. We don't - * check that rnd-1 is also coprime to all the known - * primes because there aren't many small primes where - * that's true. + loop:for (i = 1; i < NUMPRIMES; i++) { + /* + * check that rnd is not a prime and also that gcd(rnd-1,primes) == 1 + * (except for 2) */ - for (i = 1; i < NUMPRIMES && primes[i] < rnd_word; i++) { - if ((mods[i] + delta) % primes[i] == 0) { - delta += 2; - if (delta > maxdelta) - goto again; - goto loop; - } - } - } else { - for (i = 1; i < NUMPRIMES; i++) { - /* - * check that rnd is not a prime and also that gcd(rnd-1,primes) - * == 1 (except for 2) - */ - if (((mods[i] + delta) % primes[i]) <= 1) { - delta += 2; - if (delta > maxdelta) - goto again; - goto loop; - } + if (((mods[i] + delta) % primes[i]) <= 1) { + delta += 2; + if (delta > maxdelta) + goto again; + goto loop; } } if (!BN_add_word(rnd, delta)) return (0); - if (BN_num_bits(rnd) != bits) - goto again; bn_check_top(rnd); return (1); } -int bn_probable_prime_dh(BIGNUM *rnd, int bits, - const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx) +static int probable_prime_dh(BIGNUM *rnd, int bits, + const BIGNUM *add, const BIGNUM *rem, + BN_CTX *ctx) { int i, ret = 0; BIGNUM *t1; @@ -501,7 +423,7 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits, if ((t1 = BN_CTX_get(ctx)) == NULL) goto err; - if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) + if (!BN_rand(rnd, bits, 0, 1)) goto err; /* we need ((rnd-rem) % add) == 0 */ @@ -520,20 +442,15 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits, /* we now have a random number 'rand' to test. */ - loop: - for (i = 1; i < NUMPRIMES; i++) { + loop:for (i = 1; i < NUMPRIMES; i++) { /* check that rnd is a prime */ - BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); - if (mod == (BN_ULONG)-1) - goto err; - if (mod <= 1) { + if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) { if (!BN_add(rnd, rnd, add)) goto err; goto loop; } } ret = 1; - err: BN_CTX_end(ctx); bn_check_top(rnd); @@ -557,7 +474,7 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, if (!BN_rshift1(qadd, padd)) goto err; - if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) + if (!BN_rand(q, bits, 0, 1)) goto err; /* we need ((rnd-rem) % add) == 0 */ @@ -581,17 +498,13 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, if (!BN_add_word(p, 1)) goto err; - loop: - for (i = 1; i < NUMPRIMES; i++) { + loop:for (i = 1; i < NUMPRIMES; i++) { /* check that p and q are prime */ /* * check that for p and q gcd(p-1,primes) == 1 (except for 2) */ - BN_ULONG pmod = BN_mod_word(p, (BN_ULONG)primes[i]); - BN_ULONG qmod = BN_mod_word(q, (BN_ULONG)primes[i]); - if (pmod == (BN_ULONG)-1 || qmod == (BN_ULONG)-1) - goto err; - if (pmod == 0 || qmod == 0) { + if ((BN_mod_word(p, (BN_ULONG)primes[i]) == 0) || + (BN_mod_word(q, (BN_ULONG)primes[i]) == 0)) { if (!BN_add(p, p, padd)) goto err; if (!BN_add(q, q, qadd)) @@ -600,7 +513,6 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, } } ret = 1; - err: BN_CTX_end(ctx); bn_check_top(p); diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_prime.h b/Cryptlib/OpenSSL/crypto/bn/bn_prime.h index 41440fa4..5cf0de16 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_prime.h +++ b/Cryptlib/OpenSSL/crypto/bn/bn_prime.h @@ -1,274 +1,326 @@ -/* - * WARNING: do not edit! - * Generated by crypto/bn/bn_prime.pl +/* Auto generated by bn_prime.pl */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. * - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ -typedef unsigned short prime_t; +#ifndef EIGHT_BIT # define NUMPRIMES 2048 - -static const prime_t primes[2048] = { - - 2, 3, 5, 7, 11, 13, 17, 19, - 23, 29, 31, 37, 41, 43, 47, 53, - 59, 61, 67, 71, 73, 79, 83, 89, - 97, 101, 103, 107, 109, 113, 127, 131, - 137, 139, 149, 151, 157, 163, 167, 173, - 179, 181, 191, 193, 197, 199, 211, 223, - 227, 229, 233, 239, 241, 251, 257, 263, - 269, 271, 277, 281, 283, 293, 307, 311, - 313, 317, 331, 337, 347, 349, 353, 359, - 367, 373, 379, 383, 389, 397, 401, 409, - 419, 421, 431, 433, 439, 443, 449, 457, - 461, 463, 467, 479, 487, 491, 499, 503, - 509, 521, 523, 541, 547, 557, 563, 569, - 571, 577, 587, 593, 599, 601, 607, 613, - 617, 619, 631, 641, 643, 647, 653, 659, - 661, 673, 677, 683, 691, 701, 709, 719, - 727, 733, 739, 743, 751, 757, 761, 769, - 773, 787, 797, 809, 811, 821, 823, 827, - 829, 839, 853, 857, 859, 863, 877, 881, - 883, 887, 907, 911, 919, 929, 937, 941, - 947, 953, 967, 971, 977, 983, 991, 997, - 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, - 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, - 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, - 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, - 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, - 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, - 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, - 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, - 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, - 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, - 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, - 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, - 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, - 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, - 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, - 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, - 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, - 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, - 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, - 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, - 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, - 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, - 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, - 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, - 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, - 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, - 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, - 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, - 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, - 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, - 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, - 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, - 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, - 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, - 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, - 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, - 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, - 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, - 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, - 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, - 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, - 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, - 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, - 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, - 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, - 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, - 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, - 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, - 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, - 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, - 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, - 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, - 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, - 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, - 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, - 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, - 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, - 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, - 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, - 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, - 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, - 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, - 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, - 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, - 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, - 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, - 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, - 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, - 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, - 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, - 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, - 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, - 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, - 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, - 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, - 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, - 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, - 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, - 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, - 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, - 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, - 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, - 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, - 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, - 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, - 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, - 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, - 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, - 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, - 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, - 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, - 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, - 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, - 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, - 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, - 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, - 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, - 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, - 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, - 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, - 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, - 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, - 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, - 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, - 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, - 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, - 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, - 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, - 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, - 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, - 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, - 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, - 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, - 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, - 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, - 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, - 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, - 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, - 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, - 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, - 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, - 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, - 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, - 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, - 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, - 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, - 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, - 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, - 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, - 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, - 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, - 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, - 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, - 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, - 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, - 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, - 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, - 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, - 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, - 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, - 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, - 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, - 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, - 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, - 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, - 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, - 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, - 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, - 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, - 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, - 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, - 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, - 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, - 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, - 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, - 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, - 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, - 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, - 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, - 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, - 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, - 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, - 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, - 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, - 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, - 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, - 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, - 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, - 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, - 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, - 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, - 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, - 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, - 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, - 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, - 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, - 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, - 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, - 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, - 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, - 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, - 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, - 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, - 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, - 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, - 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, - 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, - 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, - 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, - 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, - 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, - 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, - 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, - 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, - 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, - 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, - 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, - 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, - 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, - 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, - 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, - 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, - 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, - 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, - 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, - 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, - 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, - 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, - 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, - 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, - 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, - 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, - 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, - 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, - 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, - 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, - 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, - 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, - 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, - 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, - 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, - 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, - 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, - 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, - 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, - 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, - 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, - 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, - 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, - 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, - 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, - 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, - 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, - 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, - 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, +typedef unsigned short prime_t; +#else +# define NUMPRIMES 54 +typedef unsigned char prime_t; +#endif +static const prime_t primes[NUMPRIMES] = { + 2, 3, 5, 7, 11, 13, 17, 19, + 23, 29, 31, 37, 41, 43, 47, 53, + 59, 61, 67, 71, 73, 79, 83, 89, + 97, 101, 103, 107, 109, 113, 127, 131, + 137, 139, 149, 151, 157, 163, 167, 173, + 179, 181, 191, 193, 197, 199, 211, 223, + 227, 229, 233, 239, 241, 251, +#ifndef EIGHT_BIT + 257, 263, + 269, 271, 277, 281, 283, 293, 307, 311, + 313, 317, 331, 337, 347, 349, 353, 359, + 367, 373, 379, 383, 389, 397, 401, 409, + 419, 421, 431, 433, 439, 443, 449, 457, + 461, 463, 467, 479, 487, 491, 499, 503, + 509, 521, 523, 541, 547, 557, 563, 569, + 571, 577, 587, 593, 599, 601, 607, 613, + 617, 619, 631, 641, 643, 647, 653, 659, + 661, 673, 677, 683, 691, 701, 709, 719, + 727, 733, 739, 743, 751, 757, 761, 769, + 773, 787, 797, 809, 811, 821, 823, 827, + 829, 839, 853, 857, 859, 863, 877, 881, + 883, 887, 907, 911, 919, 929, 937, 941, + 947, 953, 967, 971, 977, 983, 991, 997, + 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, + 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, + 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, + 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, + 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, + 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, + 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, + 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, + 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, + 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, + 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, + 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, + 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, + 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, + 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, + 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, + 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, + 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, + 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, + 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, + 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, + 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, + 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, + 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, + 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, + 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, + 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, + 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, + 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, + 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, + 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, + 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, + 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, + 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, + 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, + 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, + 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, + 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, + 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, + 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, + 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, + 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, + 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, + 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, + 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, + 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, + 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, + 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, + 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, + 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, + 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, + 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, + 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, + 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, + 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, + 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, + 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, + 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, + 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, + 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, + 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, + 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, + 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, + 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, + 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, + 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, + 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, + 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, + 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, + 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, + 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, + 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, + 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, + 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, + 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, + 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, + 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, + 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, + 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, + 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, + 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, + 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, + 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, + 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, + 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, + 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, + 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, + 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, + 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, + 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, + 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, + 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, + 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, + 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, + 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, + 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, + 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, + 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, + 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, + 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, + 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, + 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, + 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, + 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, + 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, + 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, + 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, + 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, + 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, + 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, + 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, + 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, + 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, + 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, + 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, + 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, + 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, + 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, + 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, + 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, + 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, + 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, + 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, + 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, + 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, + 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, + 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, + 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, + 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, + 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, + 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, + 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, + 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, + 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, + 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, + 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, + 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, + 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, + 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, + 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, + 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, + 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, + 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, + 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, + 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, + 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, + 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, + 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, + 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, + 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, + 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, + 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, + 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, + 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, + 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, + 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, + 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, + 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, + 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, + 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, + 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, + 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, + 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, + 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, + 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, + 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, + 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, + 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, + 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, + 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, + 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, + 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, + 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, + 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, + 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, + 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, + 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, + 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, + 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, + 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, + 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, + 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, + 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, + 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, + 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, + 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, + 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, + 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, + 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, + 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, + 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, + 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, + 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, + 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, + 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, + 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, + 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, + 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, + 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, + 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, + 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, + 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, + 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, + 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, + 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, + 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, + 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, + 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, + 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, + 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, + 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, + 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, + 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, + 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, + 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, + 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, + 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, + 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, + 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, + 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, + 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, + 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, + 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, + 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, + 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, + 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, + 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, + 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, + 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, + 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, + 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, + 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, + 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, + 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, + 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, +#endif }; diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_print.c b/Cryptlib/OpenSSL/crypto/bn/bn_print.c index a16bde86..f121fb6e 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_print.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_print.c @@ -1,16 +1,65 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_print.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ #include <stdio.h> #include <ctype.h> #include <limits.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include <openssl/buffer.h> #include "bn_lcl.h" @@ -64,8 +113,8 @@ char *BN_bn2dec(const BIGNUM *a) /*- * get an upper bound for the length of the decimal integer * num <= (BN_num_bits(a) + 1) * log(2) - * <= 3 * BN_num_bits(a) * 0.101 + log(2) + 1 (rounding error) - * <= 3 * BN_num_bits(a) / 10 + 3 * BN_num_bits / 1000 + 1 + 1 + * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) + * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 */ i = BN_num_bits(a) * 3; num = (i / 10 + i / 1000 + 1) + 1; @@ -115,12 +164,16 @@ char *BN_bn2dec(const BIGNUM *a) } ok = 1; err: - OPENSSL_free(bn_data); - BN_free(t); - if (ok) - return buf; - OPENSSL_free(buf); - return NULL; + if (bn_data != NULL) + OPENSSL_free(bn_data); + if (t != NULL) + BN_free(t); + if (!ok && buf) { + OPENSSL_free(buf); + buf = NULL; + } + + return (buf); } int BN_hex2bn(BIGNUM **bn, const char *a) @@ -141,7 +194,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a) for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++) continue; - if (i == 0 || i > INT_MAX/4) + if (i > INT_MAX/4) goto err; num = i + neg; @@ -169,8 +222,13 @@ int BN_hex2bn(BIGNUM **bn, const char *a) l = 0; for (;;) { c = a[j - m]; - k = OPENSSL_hexchar2int(c); - if (k < 0) + if ((c >= '0') && (c <= '9')) + k = c - '0'; + else if ((c >= 'a') && (c <= 'f')) + k = c - 'a' + 10; + else if ((c >= 'A') && (c <= 'F')) + k = c - 'A' + 10; + else k = 0; /* paranoia */ l = (l << 4) | k; @@ -213,7 +271,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a) for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++) continue; - if (i == 0 || i > INT_MAX/4) + if (i > INT_MAX/4) goto err; num = i + neg; @@ -245,9 +303,8 @@ int BN_dec2bn(BIGNUM **bn, const char *a) l += *a - '0'; a++; if (++j == BN_DEC_NUM) { - if (!BN_mul_word(ret, BN_DEC_CONV) - || !BN_add_word(ret, l)) - goto err; + BN_mul_word(ret, BN_DEC_CONV); + BN_add_word(ret, l); l = 0; j = 0; } @@ -286,7 +343,8 @@ int BN_asc2bn(BIGNUM **bn, const char *a) return 1; } -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_BIO +# ifndef OPENSSL_NO_FP_API int BN_print_fp(FILE *fp, const BIGNUM *a) { BIO *b; @@ -325,6 +383,7 @@ int BN_print(BIO *bp, const BIGNUM *a) end: return (ret); } +#endif char *BN_options(void) { diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c index 9ce4c5f6..60d3f226 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c @@ -1,18 +1,119 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_rand.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <time.h> -#include "internal/cryptlib.h" +#include "cryptlib.h" #include "bn_lcl.h" #include <openssl/rand.h> -#include <openssl/sha.h> static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) { @@ -21,7 +122,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) time_t tim; if (bits == 0) { - if (top != BN_RAND_TOP_ANY || bottom != BN_RAND_BOTTOM_ANY) + if (top != -1 || bottom != 0) goto toosmall; BN_zero(rnd); return 1; @@ -33,7 +134,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) bit = (bits - 1) % 8; mask = 0xff << (bit + 1); - buf = OPENSSL_malloc(bytes); + buf = (unsigned char *)OPENSSL_malloc(bytes); if (buf == NULL) { BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE); goto err; @@ -43,9 +144,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) time(&tim); RAND_add(&tim, sizeof(tim), 0.0); + /* We ignore the value of pseudorand and always call RAND_bytes */ if (RAND_bytes(buf, bytes) <= 0) goto err; +#if 1 if (pseudorand == 2) { /* * generate patterns that are more likely to trigger BN library bugs @@ -54,7 +157,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) unsigned char c; for (i = 0; i < bytes; i++) { - if (RAND_bytes(&c, 1) <= 0) + if (RAND_pseudo_bytes(&c, 1) < 0) goto err; if (c >= 128 && i > 0) buf[i] = buf[i - 1]; @@ -64,6 +167,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) buf[i] = 255; } } +#endif if (top >= 0) { if (top) { @@ -84,7 +188,10 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) goto err; ret = 1; err: - OPENSSL_clear_free(buf, bytes); + if (buf != NULL) { + OPENSSL_cleanse(buf, bytes); + OPENSSL_free(buf); + } bn_check_top(rnd); return (ret); @@ -103,10 +210,12 @@ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) return bnrand(1, rnd, bits, top, bottom); } +#if 1 int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) { return bnrand(2, rnd, bits, top, bottom); } +#endif /* random number r: 0 <= r < range */ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) @@ -133,7 +242,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) * than range */ do { - if (!bn_rand(r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) + if (!bn_rand(r, n + 1, -1, 0)) return 0; /* * If r < 3*range, use r := r MOD range (which is either r, r - @@ -159,7 +268,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) } else { do { /* range = 11..._2 or range = 101..._2 */ - if (!bn_rand(r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) + if (!bn_rand(r, n, -1, 0)) return 0; if (!--count) { @@ -183,76 +292,3 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) { return bn_rand_range(1, r, range); } - -/* - * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike - * BN_rand_range, it also includes the contents of |priv| and |message| in - * the generation so that an RNG failure isn't fatal as long as |priv| - * remains secret. This is intended for use in DSA and ECDSA where an RNG - * weakness leads directly to private key exposure unless this function is - * used. - */ -int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, - const BIGNUM *priv, const unsigned char *message, - size_t message_len, BN_CTX *ctx) -{ - SHA512_CTX sha; - /* - * We use 512 bits of random data per iteration to ensure that we have at - * least |range| bits of randomness. - */ - unsigned char random_bytes[64]; - unsigned char digest[SHA512_DIGEST_LENGTH]; - unsigned done, todo; - /* We generate |range|+8 bytes of random output. */ - const unsigned num_k_bytes = BN_num_bytes(range) + 8; - unsigned char private_bytes[96]; - unsigned char *k_bytes; - int ret = 0; - - k_bytes = OPENSSL_malloc(num_k_bytes); - if (k_bytes == NULL) - goto err; - - /* We copy |priv| into a local buffer to avoid exposing its length. */ - todo = sizeof(priv->d[0]) * priv->top; - if (todo > sizeof(private_bytes)) { - /* - * No reasonable DSA or ECDSA key should have a private key this - * large and we don't handle this case in order to avoid leaking the - * length of the private key. - */ - BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE); - goto err; - } - memcpy(private_bytes, priv->d, todo); - memset(private_bytes + todo, 0, sizeof(private_bytes) - todo); - - for (done = 0; done < num_k_bytes;) { - if (RAND_bytes(random_bytes, sizeof(random_bytes)) != 1) - goto err; - SHA512_Init(&sha); - SHA512_Update(&sha, &done, sizeof(done)); - SHA512_Update(&sha, private_bytes, sizeof(private_bytes)); - SHA512_Update(&sha, message, message_len); - SHA512_Update(&sha, random_bytes, sizeof(random_bytes)); - SHA512_Final(digest, &sha); - - todo = num_k_bytes - done; - if (todo > SHA512_DIGEST_LENGTH) - todo = SHA512_DIGEST_LENGTH; - memcpy(k_bytes + done, digest, todo); - done += todo; - } - - if (!BN_bin2bn(k_bytes, num_k_bytes, out)) - goto err; - if (BN_mod(out, out, range, ctx) != 1) - goto err; - ret = 1; - - err: - OPENSSL_free(k_bytes); - OPENSSL_cleanse(private_bytes, sizeof(private_bytes)); - return ret; -} diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c index 20585b9d..f047040e 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c @@ -1,31 +1,82 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_recp.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ -#include "internal/cryptlib.h" +#include <stdio.h> +#include "cryptlib.h" #include "bn_lcl.h" void BN_RECP_CTX_init(BN_RECP_CTX *recp) { - memset(recp, 0, sizeof(*recp)); - bn_init(&(recp->N)); - bn_init(&(recp->Nr)); + BN_init(&(recp->N)); + BN_init(&(recp->Nr)); + recp->num_bits = 0; + recp->shift = 0; + recp->flags = 0; } BN_RECP_CTX *BN_RECP_CTX_new(void) { BN_RECP_CTX *ret; - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) + if ((ret = (BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL) return (NULL); - bn_init(&(ret->N)); - bn_init(&(ret->Nr)); + BN_RECP_CTX_init(ret); ret->flags = BN_FLG_MALLOCED; return (ret); } @@ -148,6 +199,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, goto err; r->neg = 0; +#if 1 j = 0; while (BN_ucmp(r, &(recp->N)) >= 0) { if (j++ > 2) { @@ -159,6 +211,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, if (!BN_add_word(d, 1)) goto err; } +#endif r->neg = BN_is_zero(r) ? 0 : m->neg; d->neg = m->neg ^ recp->N.neg; diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c index 6a1eec80..9673d9a3 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c @@ -1,13 +1,63 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_shift.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ -#include "internal/cryptlib.h" +#include <stdio.h> +#include "cryptlib.h" #include "bn_lcl.h" int BN_lshift1(BIGNUM *r, const BIGNUM *a) @@ -74,8 +124,6 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) c = (t & 1) ? BN_TBIT : 0; } r->top = j; - if (!r->top) - r->neg = 0; /* don't allow negative zero */ bn_check_top(r); return (1); } @@ -94,10 +142,10 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) return 0; } + r->neg = a->neg; nw = n / BN_BITS2; if (bn_wexpand(r, a->top + nw + 1) == NULL) return (0); - r->neg = a->neg; lb = n % BN_BITS2; rb = BN_BITS2 - lb; f = a->d; @@ -112,7 +160,10 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) t[nw + i + 1] |= (l >> rb) & BN_MASK2; t[nw + i] = (l << lb) & BN_MASK2; } - memset(t, 0, sizeof(*t) * nw); + memset(t, 0, nw * sizeof(t[0])); + /* + * for (i=0; i<nw; i++) t[i]=0; + */ r->top = a->top + nw + 1; bn_correct_top(r); bn_check_top(r); @@ -142,9 +193,9 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) } i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2; if (r != a) { + r->neg = a->neg; if (bn_wexpand(r, i) == NULL) return (0); - r->neg = a->neg; } else { if (n == 0) return 1; /* or the copying loop will go berserk */ @@ -168,8 +219,6 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) if ((l = (l >> rb) & BN_MASK2)) *(t) = l; } - if (!r->top) - r->neg = 0; /* don't allow negative zero */ bn_check_top(r); return (1); } diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c index 44e7332a..256d26e8 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c @@ -1,13 +1,63 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_sqr.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ -#include "internal/cryptlib.h" +#include <stdio.h> +#include "cryptlib.h" #include "bn_lcl.h" /* r must not be a */ @@ -20,6 +70,9 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) int ret = 0; BIGNUM *tmp, *rr; +#ifdef BN_COUNT + fprintf(stderr, "BN_sqr %d * %d\n", a->top, a->top); +#endif bn_check_top(a); al = a->top; @@ -155,6 +208,9 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) int zero, c1; BN_ULONG ln, lo, *p; +# ifdef BN_COUNT + fprintf(stderr, " bn_sqr_recursive %d * %d\n", n2, n2); +# endif if (n2 == 4) { # ifndef BN_SQR_COMBA bn_sqr_normal(r, a, 4, t); @@ -190,7 +246,7 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) if (!zero) bn_sqr_recursive(&(t[n2]), t, n, p); else - memset(&t[n2], 0, sizeof(*t) * n2); + memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); bn_sqr_recursive(r, a, n, p); bn_sqr_recursive(&(r[n2]), &(a[n]), n, p); diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c index 84376c78..232af99a 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c @@ -1,13 +1,63 @@ +/* crypto/bn/bn_sqrt.c */ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> and Bodo + * Moeller for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ -#include "internal/cryptlib.h" +#include "cryptlib.h" #include "bn_lcl.h" BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) @@ -348,8 +398,9 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) end: if (err) { - if (ret != in) + if (ret != NULL && ret != in) { BN_clear_free(ret); + } ret = NULL; } BN_CTX_end(ctx); diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_srp.c b/Cryptlib/OpenSSL/crypto/bn/bn_srp.c deleted file mode 100644 index 58b1691e..00000000 --- a/Cryptlib/OpenSSL/crypto/bn/bn_srp.c +++ /dev/null @@ -1,545 +0,0 @@ -/* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "bn_lcl.h" -#include "e_os.h" - -#ifndef OPENSSL_NO_SRP - -#include <openssl/srp.h> -#include <internal/bn_srp.h> - -# if (BN_BYTES == 8) -# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -# define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64) -# elif defined(__arch64__) -# define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL) -# else -# define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL) -# endif -# elif (BN_BYTES == 4) -# define bn_pack4(a1,a2,a3,a4) ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL) -# else -# error "unsupported BN_BYTES" -# endif - -static const BN_ULONG bn_group_1024_value[] = { - bn_pack4(0x9FC6, 0x1D2F, 0xC0EB, 0x06E3), - bn_pack4(0xFD51, 0x38FE, 0x8376, 0x435B), - bn_pack4(0x2FD4, 0xCBF4, 0x976E, 0xAA9A), - bn_pack4(0x68ED, 0xBC3C, 0x0572, 0x6CC0), - bn_pack4(0xC529, 0xF566, 0x660E, 0x57EC), - bn_pack4(0x8255, 0x9B29, 0x7BCF, 0x1885), - bn_pack4(0xCE8E, 0xF4AD, 0x69B1, 0x5D49), - bn_pack4(0x5DC7, 0xD7B4, 0x6154, 0xD6B6), - bn_pack4(0x8E49, 0x5C1D, 0x6089, 0xDAD1), - bn_pack4(0xE0D5, 0xD8E2, 0x50B9, 0x8BE4), - bn_pack4(0x383B, 0x4813, 0xD692, 0xC6E0), - bn_pack4(0xD674, 0xDF74, 0x96EA, 0x81D3), - bn_pack4(0x9EA2, 0x314C, 0x9C25, 0x6576), - bn_pack4(0x6072, 0x6187, 0x75FF, 0x3C0B), - bn_pack4(0x9C33, 0xF80A, 0xFA8F, 0xC5E8), - bn_pack4(0xEEAF, 0x0AB9, 0xADB3, 0x8DD6) -}; - -const BIGNUM bn_group_1024 = { - (BN_ULONG *)bn_group_1024_value, - OSSL_NELEM(bn_group_1024_value), - OSSL_NELEM(bn_group_1024_value), - 0, - BN_FLG_STATIC_DATA -}; - -static const BN_ULONG bn_group_1536_value[] = { - bn_pack4(0xCF76, 0xE3FE, 0xD135, 0xF9BB), - bn_pack4(0x1518, 0x0F93, 0x499A, 0x234D), - bn_pack4(0x8CE7, 0xA28C, 0x2442, 0xC6F3), - bn_pack4(0x5A02, 0x1FFF, 0x5E91, 0x479E), - bn_pack4(0x7F8A, 0x2FE9, 0xB8B5, 0x292E), - bn_pack4(0x837C, 0x264A, 0xE3A9, 0xBEB8), - bn_pack4(0xE442, 0x734A, 0xF7CC, 0xB7AE), - bn_pack4(0x6577, 0x2E43, 0x7D6C, 0x7F8C), - bn_pack4(0xDB2F, 0xD53D, 0x24B7, 0xC486), - bn_pack4(0x6EDF, 0x0195, 0x3934, 0x9627), - bn_pack4(0x158B, 0xFD3E, 0x2B9C, 0x8CF5), - bn_pack4(0x764E, 0x3F4B, 0x53DD, 0x9DA1), - bn_pack4(0x4754, 0x8381, 0xDBC5, 0xB1FC), - bn_pack4(0x9B60, 0x9E0B, 0xE3BA, 0xB63D), - bn_pack4(0x8134, 0xB1C8, 0xB979, 0x8914), - bn_pack4(0xDF02, 0x8A7C, 0xEC67, 0xF0D0), - bn_pack4(0x80B6, 0x55BB, 0x9A22, 0xE8DC), - bn_pack4(0x1558, 0x903B, 0xA0D0, 0xF843), - bn_pack4(0x51C6, 0xA94B, 0xE460, 0x7A29), - bn_pack4(0x5F4F, 0x5F55, 0x6E27, 0xCBDE), - bn_pack4(0xBEEE, 0xA961, 0x4B19, 0xCC4D), - bn_pack4(0xDBA5, 0x1DF4, 0x99AC, 0x4C80), - bn_pack4(0xB1F1, 0x2A86, 0x17A4, 0x7BBB), - bn_pack4(0x9DEF, 0x3CAF, 0xB939, 0x277A) -}; - -const BIGNUM bn_group_1536 = { - (BN_ULONG *)bn_group_1536_value, - OSSL_NELEM(bn_group_1536_value), - OSSL_NELEM(bn_group_1536_value), - 0, - BN_FLG_STATIC_DATA -}; - -static const BN_ULONG bn_group_2048_value[] = { - bn_pack4(0x0FA7, 0x111F, 0x9E4A, 0xFF73), - bn_pack4(0x9B65, 0xE372, 0xFCD6, 0x8EF2), - bn_pack4(0x35DE, 0x236D, 0x525F, 0x5475), - bn_pack4(0x94B5, 0xC803, 0xD89F, 0x7AE4), - bn_pack4(0x71AE, 0x35F8, 0xE9DB, 0xFBB6), - bn_pack4(0x2A56, 0x98F3, 0xA8D0, 0xC382), - bn_pack4(0x9CCC, 0x041C, 0x7BC3, 0x08D8), - bn_pack4(0xAF87, 0x4E73, 0x03CE, 0x5329), - bn_pack4(0x6160, 0x2790, 0x04E5, 0x7AE6), - bn_pack4(0x032C, 0xFBDB, 0xF52F, 0xB378), - bn_pack4(0x5EA7, 0x7A27, 0x75D2, 0xECFA), - bn_pack4(0x5445, 0x23B5, 0x24B0, 0xD57D), - bn_pack4(0x5B9D, 0x32E6, 0x88F8, 0x7748), - bn_pack4(0xF1D2, 0xB907, 0x8717, 0x461A), - bn_pack4(0x76BD, 0x207A, 0x436C, 0x6481), - bn_pack4(0xCA97, 0xB43A, 0x23FB, 0x8016), - bn_pack4(0x1D28, 0x1E44, 0x6B14, 0x773B), - bn_pack4(0x7359, 0xD041, 0xD5C3, 0x3EA7), - bn_pack4(0xA80D, 0x740A, 0xDBF4, 0xFF74), - bn_pack4(0x55F9, 0x7993, 0xEC97, 0x5EEA), - bn_pack4(0x2918, 0xA996, 0x2F0B, 0x93B8), - bn_pack4(0x661A, 0x05FB, 0xD5FA, 0xAAE8), - bn_pack4(0xCF60, 0x9517, 0x9A16, 0x3AB3), - bn_pack4(0xE808, 0x3969, 0xEDB7, 0x67B0), - bn_pack4(0xCD7F, 0x48A9, 0xDA04, 0xFD50), - bn_pack4(0xD523, 0x12AB, 0x4B03, 0x310D), - bn_pack4(0x8193, 0xE075, 0x7767, 0xA13D), - bn_pack4(0xA373, 0x29CB, 0xB4A0, 0x99ED), - bn_pack4(0xFC31, 0x9294, 0x3DB5, 0x6050), - bn_pack4(0xAF72, 0xB665, 0x1987, 0xEE07), - bn_pack4(0xF166, 0xDE5E, 0x1389, 0x582F), - bn_pack4(0xAC6B, 0xDB41, 0x324A, 0x9A9B) -}; - -const BIGNUM bn_group_2048 = { - (BN_ULONG *)bn_group_2048_value, - OSSL_NELEM(bn_group_2048_value), - OSSL_NELEM(bn_group_2048_value), - 0, - BN_FLG_STATIC_DATA -}; - -static const BN_ULONG bn_group_3072_value[] = { - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), - bn_pack4(0x4B82, 0xD120, 0xA93A, 0xD2CA), - bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), - bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), - bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), - bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), - bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), - bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), - bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), - bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), - bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), - bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), - bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), - bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), - bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), - bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), - bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), - bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), - bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), - bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), - bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), - bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), - bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), - bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), - bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), - bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), - bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), - bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), - bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), - bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), - bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), - bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), - bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), - bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), - bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), - bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), - bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), - bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), - bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), - bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), - bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), - bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), - bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), - bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), - bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), - bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), - bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) -}; - -const BIGNUM bn_group_3072 = { - (BN_ULONG *)bn_group_3072_value, - OSSL_NELEM(bn_group_3072_value), - OSSL_NELEM(bn_group_3072_value), - 0, - BN_FLG_STATIC_DATA -}; - -static const BN_ULONG bn_group_4096_value[] = { - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), - bn_pack4(0x4DF4, 0x35C9, 0x3406, 0x3199), - bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F), - bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1), - bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9), - bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C), - bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF), - bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED), - bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2), - bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D), - bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6), - bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9), - bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8), - bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA), - bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C), - bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26), - bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7), - bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801), - bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), - bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), - bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), - bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), - bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), - bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), - bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), - bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), - bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), - bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), - bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), - bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), - bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), - bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), - bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), - bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), - bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), - bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), - bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), - bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), - bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), - bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), - bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), - bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), - bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), - bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), - bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), - bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), - bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), - bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), - bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), - bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), - bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), - bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), - bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), - bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), - bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), - bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), - bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), - bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), - bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), - bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), - bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), - bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), - bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) -}; - -const BIGNUM bn_group_4096 = { - (BN_ULONG *)bn_group_4096_value, - OSSL_NELEM(bn_group_4096_value), - OSSL_NELEM(bn_group_4096_value), - 0, - BN_FLG_STATIC_DATA -}; - -static const BN_ULONG bn_group_6144_value[] = { - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), - bn_pack4(0xE694, 0xF91E, 0x6DCC, 0x4024), - bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6), - bn_pack4(0x043E, 0x8F66, 0x3F48, 0x60EE), - bn_pack4(0x387F, 0xE8D7, 0x6E3C, 0x0468), - bn_pack4(0xDA56, 0xC9EC, 0x2EF2, 0x9632), - bn_pack4(0xEB19, 0xCCB1, 0xA313, 0xD55C), - bn_pack4(0xF550, 0xAA3D, 0x8A1F, 0xBFF0), - bn_pack4(0x06A1, 0xD58B, 0xB7C5, 0xDA76), - bn_pack4(0xA797, 0x15EE, 0xF29B, 0xE328), - bn_pack4(0x14CC, 0x5ED2, 0x0F80, 0x37E0), - bn_pack4(0xCC8F, 0x6D7E, 0xBF48, 0xE1D8), - bn_pack4(0x4BD4, 0x07B2, 0x2B41, 0x54AA), - bn_pack4(0x0F1D, 0x45B7, 0xFF58, 0x5AC5), - bn_pack4(0x23A9, 0x7A7E, 0x36CC, 0x88BE), - bn_pack4(0x59E7, 0xC97F, 0xBEC7, 0xE8F3), - bn_pack4(0xB5A8, 0x4031, 0x900B, 0x1C9E), - bn_pack4(0xD55E, 0x702F, 0x4698, 0x0C82), - bn_pack4(0xF482, 0xD7CE, 0x6E74, 0xFEF6), - bn_pack4(0xF032, 0xEA15, 0xD172, 0x1D03), - bn_pack4(0x5983, 0xCA01, 0xC64B, 0x92EC), - bn_pack4(0x6FB8, 0xF401, 0x378C, 0xD2BF), - bn_pack4(0x3320, 0x5151, 0x2BD7, 0xAF42), - bn_pack4(0xDB7F, 0x1447, 0xE6CC, 0x254B), - bn_pack4(0x44CE, 0x6CBA, 0xCED4, 0xBB1B), - bn_pack4(0xDA3E, 0xDBEB, 0xCF9B, 0x14ED), - bn_pack4(0x1797, 0x27B0, 0x865A, 0x8918), - bn_pack4(0xB06A, 0x53ED, 0x9027, 0xD831), - bn_pack4(0xE5DB, 0x382F, 0x4130, 0x01AE), - bn_pack4(0xF8FF, 0x9406, 0xAD9E, 0x530E), - bn_pack4(0xC975, 0x1E76, 0x3DBA, 0x37BD), - bn_pack4(0xC1D4, 0xDCB2, 0x6026, 0x46DE), - bn_pack4(0x36C3, 0xFAB4, 0xD27C, 0x7026), - bn_pack4(0x4DF4, 0x35C9, 0x3402, 0x8492), - bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F), - bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1), - bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9), - bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C), - bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF), - bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED), - bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2), - bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D), - bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6), - bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9), - bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8), - bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA), - bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C), - bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26), - bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7), - bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801), - bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), - bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), - bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), - bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), - bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), - bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), - bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), - bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), - bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), - bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), - bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), - bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), - bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), - bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), - bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), - bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), - bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), - bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), - bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), - bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), - bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), - bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), - bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), - bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), - bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), - bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), - bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), - bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), - bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), - bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), - bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), - bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), - bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), - bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), - bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), - bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), - bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), - bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), - bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), - bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), - bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), - bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), - bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), - bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), - bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) -}; - -const BIGNUM bn_group_6144 = { - (BN_ULONG *)bn_group_6144_value, - OSSL_NELEM(bn_group_6144_value), - OSSL_NELEM(bn_group_6144_value), - 0, - BN_FLG_STATIC_DATA -}; - -static const BN_ULONG bn_group_8192_value[] = { - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), - bn_pack4(0x60C9, 0x80DD, 0x98ED, 0xD3DF), - bn_pack4(0xC81F, 0x56E8, 0x80B9, 0x6E71), - bn_pack4(0x9E30, 0x50E2, 0x7656, 0x94DF), - bn_pack4(0x9558, 0xE447, 0x5677, 0xE9AA), - bn_pack4(0xC919, 0x0DA6, 0xFC02, 0x6E47), - bn_pack4(0x889A, 0x002E, 0xD5EE, 0x382B), - bn_pack4(0x4009, 0x438B, 0x481C, 0x6CD7), - bn_pack4(0x3590, 0x46F4, 0xEB87, 0x9F92), - bn_pack4(0xFAF3, 0x6BC3, 0x1ECF, 0xA268), - bn_pack4(0xB1D5, 0x10BD, 0x7EE7, 0x4D73), - bn_pack4(0xF9AB, 0x4819, 0x5DED, 0x7EA1), - bn_pack4(0x64F3, 0x1CC5, 0x0846, 0x851D), - bn_pack4(0x4597, 0xE899, 0xA025, 0x5DC1), - bn_pack4(0xDF31, 0x0EE0, 0x74AB, 0x6A36), - bn_pack4(0x6D2A, 0x13F8, 0x3F44, 0xF82D), - bn_pack4(0x062B, 0x3CF5, 0xB3A2, 0x78A6), - bn_pack4(0x7968, 0x3303, 0xED5B, 0xDD3A), - bn_pack4(0xFA9D, 0x4B7F, 0xA2C0, 0x87E8), - bn_pack4(0x4BCB, 0xC886, 0x2F83, 0x85DD), - bn_pack4(0x3473, 0xFC64, 0x6CEA, 0x306B), - bn_pack4(0x13EB, 0x57A8, 0x1A23, 0xF0C7), - bn_pack4(0x2222, 0x2E04, 0xA403, 0x7C07), - bn_pack4(0xE3FD, 0xB8BE, 0xFC84, 0x8AD9), - bn_pack4(0x238F, 0x16CB, 0xE39D, 0x652D), - bn_pack4(0x3423, 0xB474, 0x2BF1, 0xC978), - bn_pack4(0x3AAB, 0x639C, 0x5AE4, 0xF568), - bn_pack4(0x2576, 0xF693, 0x6BA4, 0x2466), - bn_pack4(0x741F, 0xA7BF, 0x8AFC, 0x47ED), - bn_pack4(0x3BC8, 0x32B6, 0x8D9D, 0xD300), - bn_pack4(0xD8BE, 0xC4D0, 0x73B9, 0x31BA), - bn_pack4(0x3877, 0x7CB6, 0xA932, 0xDF8C), - bn_pack4(0x74A3, 0x926F, 0x12FE, 0xE5E4), - bn_pack4(0xE694, 0xF91E, 0x6DBE, 0x1159), - bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6), - bn_pack4(0x043E, 0x8F66, 0x3F48, 0x60EE), - bn_pack4(0x387F, 0xE8D7, 0x6E3C, 0x0468), - bn_pack4(0xDA56, 0xC9EC, 0x2EF2, 0x9632), - bn_pack4(0xEB19, 0xCCB1, 0xA313, 0xD55C), - bn_pack4(0xF550, 0xAA3D, 0x8A1F, 0xBFF0), - bn_pack4(0x06A1, 0xD58B, 0xB7C5, 0xDA76), - bn_pack4(0xA797, 0x15EE, 0xF29B, 0xE328), - bn_pack4(0x14CC, 0x5ED2, 0x0F80, 0x37E0), - bn_pack4(0xCC8F, 0x6D7E, 0xBF48, 0xE1D8), - bn_pack4(0x4BD4, 0x07B2, 0x2B41, 0x54AA), - bn_pack4(0x0F1D, 0x45B7, 0xFF58, 0x5AC5), - bn_pack4(0x23A9, 0x7A7E, 0x36CC, 0x88BE), - bn_pack4(0x59E7, 0xC97F, 0xBEC7, 0xE8F3), - bn_pack4(0xB5A8, 0x4031, 0x900B, 0x1C9E), - bn_pack4(0xD55E, 0x702F, 0x4698, 0x0C82), - bn_pack4(0xF482, 0xD7CE, 0x6E74, 0xFEF6), - bn_pack4(0xF032, 0xEA15, 0xD172, 0x1D03), - bn_pack4(0x5983, 0xCA01, 0xC64B, 0x92EC), - bn_pack4(0x6FB8, 0xF401, 0x378C, 0xD2BF), - bn_pack4(0x3320, 0x5151, 0x2BD7, 0xAF42), - bn_pack4(0xDB7F, 0x1447, 0xE6CC, 0x254B), - bn_pack4(0x44CE, 0x6CBA, 0xCED4, 0xBB1B), - bn_pack4(0xDA3E, 0xDBEB, 0xCF9B, 0x14ED), - bn_pack4(0x1797, 0x27B0, 0x865A, 0x8918), - bn_pack4(0xB06A, 0x53ED, 0x9027, 0xD831), - bn_pack4(0xE5DB, 0x382F, 0x4130, 0x01AE), - bn_pack4(0xF8FF, 0x9406, 0xAD9E, 0x530E), - bn_pack4(0xC975, 0x1E76, 0x3DBA, 0x37BD), - bn_pack4(0xC1D4, 0xDCB2, 0x6026, 0x46DE), - bn_pack4(0x36C3, 0xFAB4, 0xD27C, 0x7026), - bn_pack4(0x4DF4, 0x35C9, 0x3402, 0x8492), - bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F), - bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1), - bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9), - bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C), - bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF), - bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED), - bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2), - bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D), - bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6), - bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9), - bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8), - bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA), - bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C), - bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26), - bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7), - bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801), - bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), - bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), - bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), - bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), - bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), - bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), - bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), - bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), - bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), - bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), - bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), - bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), - bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), - bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), - bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), - bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), - bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), - bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), - bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), - bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), - bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), - bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), - bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), - bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), - bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), - bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), - bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), - bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), - bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), - bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), - bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), - bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), - bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), - bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), - bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), - bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), - bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), - bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), - bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), - bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), - bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), - bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), - bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), - bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), - bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) -}; - -const BIGNUM bn_group_8192 = { - (BN_ULONG *)bn_group_8192_value, - OSSL_NELEM(bn_group_8192_value), - OSSL_NELEM(bn_group_8192_value), - 0, - BN_FLG_STATIC_DATA -}; - -static const BN_ULONG bn_generator_19_value[] = { 19 }; - -const BIGNUM bn_generator_19 = { - (BN_ULONG *)bn_generator_19_value, - 1, - 1, - 0, - BN_FLG_STATIC_DATA -}; -static const BN_ULONG bn_generator_5_value[] = { 5 }; - -const BIGNUM bn_generator_5 = { - (BN_ULONG *)bn_generator_5_value, - 1, - 1, - 0, - BN_FLG_STATIC_DATA -}; -static const BN_ULONG bn_generator_2_value[] = { 2 }; - -const BIGNUM bn_generator_2 = { - (BN_ULONG *)bn_generator_2_value, - 1, - 1, - 0, - BN_FLG_STATIC_DATA -}; - -#endif diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c index 1af13a53..9b5f9cb9 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_word.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_word.c @@ -1,13 +1,63 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +/* crypto/bn/bn_word.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ -#include "internal/cryptlib.h" +#include <stdio.h> +#include "cryptlib.h" #include "bn_lcl.h" BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) @@ -89,8 +139,6 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) if ((a->top > 0) && (a->d[a->top - 1] == 0)) a->top--; ret >>= j; - if (!a->top) - a->neg = 0; /* don't allow negative zero */ bn_check_top(a); return (ret); } diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c index 40734cb2..efa48bdf 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c @@ -1,15 +1,64 @@ +/* bn_x931p.c */ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <openssl/bn.h> -#include "bn_lcl.h" /* X9.31 routines for prime derivation */ @@ -21,7 +70,7 @@ static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb) { - int i = 0, is_prime; + int i = 0; if (!BN_copy(pi, Xpi)) return 0; if (!BN_is_odd(pi) && !BN_add_word(pi, 1)) @@ -29,11 +78,8 @@ static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, for (;;) { i++; BN_GENCB_call(cb, 0, i); - /* NB 27 MR is specified in X9.31 */ - is_prime = BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb); - if (is_prime < 0) - return 0; - if (is_prime) + /* NB 27 MR is specificed in X9.31 */ + if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb)) break; if (!BN_add_word(pi, 2)) return 0; @@ -74,9 +120,6 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, pm1 = BN_CTX_get(ctx); - if (pm1 == NULL) - goto err; - if (!bn_x931_derive_pi(p1, Xp1, ctx, cb)) goto err; @@ -125,18 +168,14 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, goto err; if (!BN_gcd(t, pm1, e, ctx)) goto err; - if (BN_is_one(t)) { + if (BN_is_one(t) /* * X9.31 specifies 8 MR and 1 Lucas test or any prime test * offering similar or better guarantees 50 MR is considerably * better. */ - int r = BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb); - if (r < 0) - goto err; - if (r) - break; - } + && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb)) + break; if (!BN_add(p, p, p1p2)) goto err; } @@ -153,8 +192,8 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, } /* - * Generate pair of parameters Xp, Xq for X9.31 prime generation. Note: nbits - * parameter is sum of number of bits in both. + * Generate pair of paramters Xp, Xq for X9.31 prime generation. Note: nbits + * paramter is sum of number of bits in both. */ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) @@ -173,14 +212,14 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) * - 1. By setting the top two bits we ensure that the lower bound is * exceeded. */ - if (!BN_rand(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY)) + if (!BN_rand(Xp, nbits, 1, 0)) goto err; BN_CTX_start(ctx); t = BN_CTX_get(ctx); for (i = 0; i < 1000; i++) { - if (!BN_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY)) + if (!BN_rand(Xq, nbits, 1, 0)) goto err; /* Check that |Xp - Xq| > 2^(nbits - 100) */ BN_sub(t, Xp, Xq); @@ -221,9 +260,9 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, if (!Xp2) Xp2 = BN_CTX_get(ctx); - if (!BN_rand(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + if (!BN_rand(Xp1, 101, 0, 0)) goto error; - if (!BN_rand(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + if (!BN_rand(Xp2, 101, 0, 0)) goto error; if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb)) goto error; diff --git a/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.c b/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.c deleted file mode 100644 index 1a70f6ca..00000000 --- a/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.c +++ /dev/null @@ -1,352 +0,0 @@ -/* - * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/***************************************************************************** -* * -* Copyright (c) 2012, Intel Corporation * -* * -* All rights reserved. * -* * -* Redistribution and use in source and binary forms, with or without * -* modification, are permitted provided that the following conditions are * -* met: * -* * -* * Redistributions of source code must retain the above copyright * -* notice, this list of conditions and the following disclaimer. * -* * -* * Redistributions in binary form must reproduce the above copyright * -* notice, this list of conditions and the following disclaimer in the * -* documentation and/or other materials provided with the * -* distribution. * -* * -* * Neither the name of the Intel Corporation nor the names of its * -* contributors may be used to endorse or promote products derived from * -* this software without specific prior written permission. * -* * -* * -* THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY * -* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * -* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * -* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR * -* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * -* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * -* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -* * -****************************************************************************** -* Developers and authors: * -* Shay Gueron (1, 2), and Vlad Krasnov (1) * -* (1) Intel Corporation, Israel Development Center, Haifa, Israel * -* (2) University of Haifa, Israel * -*****************************************************************************/ - -#include <openssl/opensslconf.h> -#include "rsaz_exp.h" - -#ifndef RSAZ_ENABLED -NON_EMPTY_TRANSLATION_UNIT -#else - -/* - * See crypto/bn/asm/rsaz-avx2.pl for further details. - */ -void rsaz_1024_norm2red_avx2(void *red, const void *norm); -void rsaz_1024_mul_avx2(void *ret, const void *a, const void *b, - const void *n, BN_ULONG k); -void rsaz_1024_sqr_avx2(void *ret, const void *a, const void *n, BN_ULONG k, - int cnt); -void rsaz_1024_scatter5_avx2(void *tbl, const void *val, int i); -void rsaz_1024_gather5_avx2(void *val, const void *tbl, int i); -void rsaz_1024_red2norm_avx2(void *norm, const void *red); - -#if defined(__GNUC__) -# define ALIGN64 __attribute__((aligned(64))) -#elif defined(_MSC_VER) -# define ALIGN64 __declspec(align(64)) -#elif defined(__SUNPRO_C) -# define ALIGN64 -# pragma align 64(one,two80) -#else -/* not fatal, might hurt performance a little */ -# define ALIGN64 -#endif - -ALIGN64 static const BN_ULONG one[40] = { - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -ALIGN64 static const BN_ULONG two80[40] = { - 0, 0, 1 << 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16], - const BN_ULONG base_norm[16], - const BN_ULONG exponent[16], - const BN_ULONG m_norm[16], const BN_ULONG RR[16], - BN_ULONG k0) -{ - unsigned char storage[320 * 3 + 32 * 9 * 16 + 64]; /* 5.5KB */ - unsigned char *p_str = storage + (64 - ((size_t)storage % 64)); - unsigned char *a_inv, *m, *result; - unsigned char *table_s = p_str + 320 * 3; - unsigned char *R2 = table_s; /* borrow */ - int index; - int wvalue; - - if ((((size_t)p_str & 4095) + 320) >> 12) { - result = p_str; - a_inv = p_str + 320; - m = p_str + 320 * 2; /* should not cross page */ - } else { - m = p_str; /* should not cross page */ - result = p_str + 320; - a_inv = p_str + 320 * 2; - } - - rsaz_1024_norm2red_avx2(m, m_norm); - rsaz_1024_norm2red_avx2(a_inv, base_norm); - rsaz_1024_norm2red_avx2(R2, RR); - - rsaz_1024_mul_avx2(R2, R2, R2, m, k0); - rsaz_1024_mul_avx2(R2, R2, two80, m, k0); - - /* table[0] = 1 */ - rsaz_1024_mul_avx2(result, R2, one, m, k0); - /* table[1] = a_inv^1 */ - rsaz_1024_mul_avx2(a_inv, a_inv, R2, m, k0); - - rsaz_1024_scatter5_avx2(table_s, result, 0); - rsaz_1024_scatter5_avx2(table_s, a_inv, 1); - - /* table[2] = a_inv^2 */ - rsaz_1024_sqr_avx2(result, a_inv, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 2); -#if 0 - /* this is almost 2x smaller and less than 1% slower */ - for (index = 3; index < 32; index++) { - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, index); - } -#else - /* table[4] = a_inv^4 */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 4); - /* table[8] = a_inv^8 */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 8); - /* table[16] = a_inv^16 */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 16); - /* table[17] = a_inv^17 */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 17); - - /* table[3] */ - rsaz_1024_gather5_avx2(result, table_s, 2); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 3); - /* table[6] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 6); - /* table[12] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 12); - /* table[24] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 24); - /* table[25] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 25); - - /* table[5] */ - rsaz_1024_gather5_avx2(result, table_s, 4); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 5); - /* table[10] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 10); - /* table[20] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 20); - /* table[21] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 21); - - /* table[7] */ - rsaz_1024_gather5_avx2(result, table_s, 6); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 7); - /* table[14] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 14); - /* table[28] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 28); - /* table[29] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 29); - - /* table[9] */ - rsaz_1024_gather5_avx2(result, table_s, 8); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 9); - /* table[18] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 18); - /* table[19] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 19); - - /* table[11] */ - rsaz_1024_gather5_avx2(result, table_s, 10); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 11); - /* table[22] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 22); - /* table[23] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 23); - - /* table[13] */ - rsaz_1024_gather5_avx2(result, table_s, 12); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 13); - /* table[26] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 26); - /* table[27] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 27); - - /* table[15] */ - rsaz_1024_gather5_avx2(result, table_s, 14); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 15); - /* table[30] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 30); - /* table[31] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 31); -#endif - - /* load first window */ - p_str = (unsigned char *)exponent; - wvalue = p_str[127] >> 3; - rsaz_1024_gather5_avx2(result, table_s, wvalue); - - index = 1014; - - while (index > -1) { /* loop for the remaining 127 windows */ - - rsaz_1024_sqr_avx2(result, result, m, k0, 5); - - wvalue = (p_str[(index / 8) + 1] << 8) | p_str[index / 8]; - wvalue = (wvalue >> (index % 8)) & 31; - index -= 5; - - rsaz_1024_gather5_avx2(a_inv, table_s, wvalue); /* borrow a_inv */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - } - - /* square four times */ - rsaz_1024_sqr_avx2(result, result, m, k0, 4); - - wvalue = p_str[0] & 15; - - rsaz_1024_gather5_avx2(a_inv, table_s, wvalue); /* borrow a_inv */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - - /* from Montgomery */ - rsaz_1024_mul_avx2(result, result, one, m, k0); - - rsaz_1024_red2norm_avx2(result_norm, result); - - OPENSSL_cleanse(storage, sizeof(storage)); -} - -/* - * See crypto/bn/rsaz-x86_64.pl for further details. - */ -void rsaz_512_mul(void *ret, const void *a, const void *b, const void *n, - BN_ULONG k); -void rsaz_512_mul_scatter4(void *ret, const void *a, const void *n, - BN_ULONG k, const void *tbl, unsigned int power); -void rsaz_512_mul_gather4(void *ret, const void *a, const void *tbl, - const void *n, BN_ULONG k, unsigned int power); -void rsaz_512_mul_by_one(void *ret, const void *a, const void *n, BN_ULONG k); -void rsaz_512_sqr(void *ret, const void *a, const void *n, BN_ULONG k, - int cnt); -void rsaz_512_scatter4(void *tbl, const BN_ULONG *val, int power); -void rsaz_512_gather4(BN_ULONG *val, const void *tbl, int power); - -void RSAZ_512_mod_exp(BN_ULONG result[8], - const BN_ULONG base[8], const BN_ULONG exponent[8], - const BN_ULONG m[8], BN_ULONG k0, const BN_ULONG RR[8]) -{ - unsigned char storage[16 * 8 * 8 + 64 * 2 + 64]; /* 1.2KB */ - unsigned char *table = storage + (64 - ((size_t)storage % 64)); - BN_ULONG *a_inv = (BN_ULONG *)(table + 16 * 8 * 8); - BN_ULONG *temp = (BN_ULONG *)(table + 16 * 8 * 8 + 8 * 8); - unsigned char *p_str = (unsigned char *)exponent; - int index; - unsigned int wvalue; - - /* table[0] = 1_inv */ - temp[0] = 0 - m[0]; - temp[1] = ~m[1]; - temp[2] = ~m[2]; - temp[3] = ~m[3]; - temp[4] = ~m[4]; - temp[5] = ~m[5]; - temp[6] = ~m[6]; - temp[7] = ~m[7]; - rsaz_512_scatter4(table, temp, 0); - - /* table [1] = a_inv^1 */ - rsaz_512_mul(a_inv, base, RR, m, k0); - rsaz_512_scatter4(table, a_inv, 1); - - /* table [2] = a_inv^2 */ - rsaz_512_sqr(temp, a_inv, m, k0, 1); - rsaz_512_scatter4(table, temp, 2); - - for (index = 3; index < 16; index++) - rsaz_512_mul_scatter4(temp, a_inv, m, k0, table, index); - - /* load first window */ - wvalue = p_str[63]; - - rsaz_512_gather4(temp, table, wvalue >> 4); - rsaz_512_sqr(temp, temp, m, k0, 4); - rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue & 0xf); - - for (index = 62; index >= 0; index--) { - wvalue = p_str[index]; - - rsaz_512_sqr(temp, temp, m, k0, 4); - rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue >> 4); - - rsaz_512_sqr(temp, temp, m, k0, 4); - rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue & 0x0f); - } - - /* from Montgomery */ - rsaz_512_mul_by_one(result, temp, m, k0); - - OPENSSL_cleanse(storage, sizeof(storage)); -} - -#endif diff --git a/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h b/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h index 9501cc80..229e181f 100644 --- a/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h +++ b/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h @@ -1,12 +1,3 @@ -/* - * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - /***************************************************************************** * * * Copyright (c) 2012, Intel Corporation * |