/src/openssl/crypto/bn/bn_ctx.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <openssl/trace.h> |
11 | | #include "internal/cryptlib.h" |
12 | | #include "bn_local.h" |
13 | | |
14 | | /* How many bignums are in each "pool item"; */ |
15 | 0 | #define BN_CTX_POOL_SIZE 16 |
16 | | /* The stack frame info is resizing, set a first-time expansion size; */ |
17 | 0 | #define BN_CTX_START_FRAMES 32 |
18 | | |
19 | | /***********/ |
20 | | /* BN_POOL */ |
21 | | /***********/ |
22 | | |
23 | | /* A bundle of bignums that can be linked with other bundles */ |
24 | | typedef struct bignum_pool_item { |
25 | | /* The bignum values */ |
26 | | BIGNUM vals[BN_CTX_POOL_SIZE]; |
27 | | /* Linked-list admin */ |
28 | | struct bignum_pool_item *prev, *next; |
29 | | } BN_POOL_ITEM; |
30 | | /* A linked-list of bignums grouped in bundles */ |
31 | | typedef struct bignum_pool { |
32 | | /* Linked-list admin */ |
33 | | BN_POOL_ITEM *head, *current, *tail; |
34 | | /* Stack depth and allocation size */ |
35 | | unsigned used, size; |
36 | | } BN_POOL; |
37 | | static void BN_POOL_init(BN_POOL *); |
38 | | static void BN_POOL_finish(BN_POOL *); |
39 | | static BIGNUM *BN_POOL_get(BN_POOL *, int); |
40 | | static void BN_POOL_release(BN_POOL *, unsigned int); |
41 | | |
42 | | /************/ |
43 | | /* BN_STACK */ |
44 | | /************/ |
45 | | |
46 | | /* A wrapper to manage the "stack frames" */ |
47 | | typedef struct bignum_ctx_stack { |
48 | | /* Array of indexes into the bignum stack */ |
49 | | unsigned int *indexes; |
50 | | /* Number of stack frames, and the size of the allocated array */ |
51 | | unsigned int depth, size; |
52 | | } BN_STACK; |
53 | | static void BN_STACK_init(BN_STACK *); |
54 | | static void BN_STACK_finish(BN_STACK *); |
55 | | static int BN_STACK_push(BN_STACK *, unsigned int); |
56 | | static unsigned int BN_STACK_pop(BN_STACK *); |
57 | | |
58 | | /**********/ |
59 | | /* BN_CTX */ |
60 | | /**********/ |
61 | | |
62 | | /* The opaque BN_CTX type */ |
63 | | struct bignum_ctx { |
64 | | /* The bignum bundles */ |
65 | | BN_POOL pool; |
66 | | /* The "stack frames", if you will */ |
67 | | BN_STACK stack; |
68 | | /* The number of bignums currently assigned */ |
69 | | unsigned int used; |
70 | | /* Depth of stack overflow */ |
71 | | int err_stack; |
72 | | /* Block "gets" until an "end" (compatibility behaviour) */ |
73 | | int too_many; |
74 | | /* Flags. */ |
75 | | int flags; |
76 | | /* The library context */ |
77 | | OSSL_LIB_CTX *libctx; |
78 | | }; |
79 | | |
80 | | #ifndef FIPS_MODULE |
81 | | /* Debugging functionality */ |
82 | | static void ctxdbg(BIO *channel, const char *text, BN_CTX *ctx) |
83 | 0 | { |
84 | 0 | unsigned int bnidx = 0, fpidx = 0; |
85 | 0 | BN_POOL_ITEM *item = ctx->pool.head; |
86 | 0 | BN_STACK *stack = &ctx->stack; |
87 | 0 |
|
88 | 0 | BIO_printf(channel, "%s\n", text); |
89 | 0 | BIO_printf(channel, " (%16p): ", (void *)ctx); |
90 | 0 | while (bnidx < ctx->used) { |
91 | 0 | BIO_printf(channel, "%03x ", |
92 | 0 | item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); |
93 | 0 | if (!(bnidx % BN_CTX_POOL_SIZE)) |
94 | 0 | item = item->next; |
95 | 0 | } |
96 | 0 | BIO_printf(channel, "\n"); |
97 | 0 | bnidx = 0; |
98 | 0 | BIO_printf(channel, " %16s : ", ""); |
99 | 0 | while (fpidx < stack->depth) { |
100 | 0 | while (bnidx++ < stack->indexes[fpidx]) |
101 | 0 | BIO_printf(channel, " "); |
102 | 0 | BIO_printf(channel, "^^^ "); |
103 | 0 | bnidx++; |
104 | 0 | fpidx++; |
105 | 0 | } |
106 | 0 | BIO_printf(channel, "\n"); |
107 | 0 | } |
108 | | |
109 | | #define CTXDBG(str, ctx) \ |
110 | 0 | OSSL_TRACE_BEGIN(BN_CTX) \ |
111 | 0 | { \ |
112 | 0 | ctxdbg(trc_out, str, ctx); \ |
113 | 0 | } \ |
114 | 0 | OSSL_TRACE_END(BN_CTX) |
115 | | #else |
116 | | /* We do not want tracing in FIPS module */ |
117 | | #define CTXDBG(str, ctx) \ |
118 | | do { \ |
119 | | } while (0) |
120 | | #endif /* FIPS_MODULE */ |
121 | | |
122 | | BN_CTX *BN_CTX_new_ex(OSSL_LIB_CTX *ctx) |
123 | 0 | { |
124 | 0 | BN_CTX *ret; |
125 | |
|
126 | 0 | if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) |
127 | 0 | return NULL; |
128 | | /* Initialise the structure */ |
129 | 0 | BN_POOL_init(&ret->pool); |
130 | 0 | BN_STACK_init(&ret->stack); |
131 | 0 | ret->libctx = ctx; |
132 | 0 | return ret; |
133 | 0 | } |
134 | | |
135 | | #ifndef FIPS_MODULE |
136 | | BN_CTX *BN_CTX_new(void) |
137 | 0 | { |
138 | 0 | return BN_CTX_new_ex(NULL); |
139 | 0 | } |
140 | | #endif |
141 | | |
142 | | BN_CTX *BN_CTX_secure_new_ex(OSSL_LIB_CTX *ctx) |
143 | 0 | { |
144 | 0 | BN_CTX *ret = BN_CTX_new_ex(ctx); |
145 | |
|
146 | 0 | if (ret != NULL) |
147 | 0 | ret->flags = BN_FLG_SECURE; |
148 | 0 | return ret; |
149 | 0 | } |
150 | | |
151 | | #ifndef FIPS_MODULE |
152 | | BN_CTX *BN_CTX_secure_new(void) |
153 | 0 | { |
154 | 0 | return BN_CTX_secure_new_ex(NULL); |
155 | 0 | } |
156 | | #endif |
157 | | |
158 | | void BN_CTX_free(BN_CTX *ctx) |
159 | 0 | { |
160 | 0 | if (ctx == NULL) |
161 | 0 | return; |
162 | 0 | #ifndef FIPS_MODULE |
163 | 0 | OSSL_TRACE_BEGIN(BN_CTX) |
164 | 0 | { |
165 | 0 | BN_POOL_ITEM *pool = ctx->pool.head; |
166 | 0 | BIO_printf(trc_out, |
167 | 0 | "BN_CTX_free(): stack-size=%d, pool-bignums=%d\n", |
168 | 0 | ctx->stack.size, ctx->pool.size); |
169 | 0 | BIO_printf(trc_out, " dmaxs: "); |
170 | 0 | while (pool) { |
171 | 0 | unsigned loop = 0; |
172 | 0 | while (loop < BN_CTX_POOL_SIZE) |
173 | 0 | BIO_printf(trc_out, "%02x ", pool->vals[loop++].dmax); |
174 | 0 | pool = pool->next; |
175 | 0 | } |
176 | 0 | BIO_printf(trc_out, "\n"); |
177 | 0 | } |
178 | 0 | OSSL_TRACE_END(BN_CTX); |
179 | 0 | #endif |
180 | 0 | BN_STACK_finish(&ctx->stack); |
181 | 0 | BN_POOL_finish(&ctx->pool); |
182 | 0 | OPENSSL_free(ctx); |
183 | 0 | } |
184 | | |
185 | | void BN_CTX_start(BN_CTX *ctx) |
186 | 0 | { |
187 | 0 | CTXDBG("ENTER BN_CTX_start()", ctx); |
188 | | /* If we're already overflowing ... */ |
189 | 0 | if (ctx->err_stack || ctx->too_many) |
190 | 0 | ctx->err_stack++; |
191 | | /* (Try to) get a new frame pointer */ |
192 | 0 | else if (!BN_STACK_push(&ctx->stack, ctx->used)) { |
193 | 0 | ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_TEMPORARY_VARIABLES); |
194 | 0 | ctx->err_stack++; |
195 | 0 | } |
196 | 0 | CTXDBG("LEAVE BN_CTX_start()", ctx); |
197 | 0 | } |
198 | | |
199 | | void BN_CTX_end(BN_CTX *ctx) |
200 | 0 | { |
201 | 0 | if (ctx == NULL) |
202 | 0 | return; |
203 | 0 | CTXDBG("ENTER BN_CTX_end()", ctx); |
204 | 0 | if (ctx->err_stack) |
205 | 0 | ctx->err_stack--; |
206 | 0 | else { |
207 | 0 | unsigned int fp = BN_STACK_pop(&ctx->stack); |
208 | | /* Does this stack frame have anything to release? */ |
209 | 0 | if (fp < ctx->used) |
210 | 0 | BN_POOL_release(&ctx->pool, ctx->used - fp); |
211 | 0 | ctx->used = fp; |
212 | | /* Unjam "too_many" in case "get" had failed */ |
213 | 0 | ctx->too_many = 0; |
214 | 0 | } |
215 | 0 | CTXDBG("LEAVE BN_CTX_end()", ctx); |
216 | 0 | } |
217 | | |
218 | | BIGNUM *BN_CTX_get(BN_CTX *ctx) |
219 | 0 | { |
220 | 0 | BIGNUM *ret; |
221 | |
|
222 | 0 | CTXDBG("ENTER BN_CTX_get()", ctx); |
223 | 0 | if (ctx->err_stack || ctx->too_many) |
224 | 0 | return NULL; |
225 | 0 | if ((ret = BN_POOL_get(&ctx->pool, ctx->flags)) == NULL) { |
226 | | /* |
227 | | * Setting too_many prevents repeated "get" attempts from cluttering |
228 | | * the error stack. |
229 | | */ |
230 | 0 | ctx->too_many = 1; |
231 | 0 | ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_TEMPORARY_VARIABLES); |
232 | 0 | return NULL; |
233 | 0 | } |
234 | | /* OK, make sure the returned bignum is "zero" */ |
235 | 0 | BN_zero(ret); |
236 | | /* clear BN_FLG_CONSTTIME if leaked from previous frames */ |
237 | 0 | ret->flags &= (~BN_FLG_CONSTTIME); |
238 | 0 | ctx->used++; |
239 | 0 | CTXDBG("LEAVE BN_CTX_get()", ctx); |
240 | 0 | return ret; |
241 | 0 | } |
242 | | |
243 | | OSSL_LIB_CTX *ossl_bn_get_libctx(BN_CTX *ctx) |
244 | 0 | { |
245 | 0 | if (ctx == NULL) |
246 | 0 | return NULL; |
247 | 0 | return ctx->libctx; |
248 | 0 | } |
249 | | |
250 | | /************/ |
251 | | /* BN_STACK */ |
252 | | /************/ |
253 | | |
254 | | static void BN_STACK_init(BN_STACK *st) |
255 | 0 | { |
256 | 0 | st->indexes = NULL; |
257 | 0 | st->depth = st->size = 0; |
258 | 0 | } |
259 | | |
260 | | static void BN_STACK_finish(BN_STACK *st) |
261 | 0 | { |
262 | 0 | OPENSSL_free(st->indexes); |
263 | 0 | st->indexes = NULL; |
264 | 0 | } |
265 | | |
266 | | static int BN_STACK_push(BN_STACK *st, unsigned int idx) |
267 | 0 | { |
268 | 0 | if (st->depth == st->size) { |
269 | | /* Need to expand */ |
270 | 0 | unsigned int newsize = st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES; |
271 | 0 | unsigned int *newitems; |
272 | |
|
273 | 0 | if ((newitems = OPENSSL_malloc_array(newsize, sizeof(*newitems))) == NULL) |
274 | 0 | return 0; |
275 | 0 | if (st->depth) |
276 | 0 | memcpy(newitems, st->indexes, sizeof(*newitems) * st->depth); |
277 | 0 | OPENSSL_free(st->indexes); |
278 | 0 | st->indexes = newitems; |
279 | 0 | st->size = newsize; |
280 | 0 | } |
281 | 0 | st->indexes[(st->depth)++] = idx; |
282 | 0 | return 1; |
283 | 0 | } |
284 | | |
285 | | static unsigned int BN_STACK_pop(BN_STACK *st) |
286 | 0 | { |
287 | 0 | return st->indexes[--(st->depth)]; |
288 | 0 | } |
289 | | |
290 | | /***********/ |
291 | | /* BN_POOL */ |
292 | | /***********/ |
293 | | |
294 | | static void BN_POOL_init(BN_POOL *p) |
295 | 0 | { |
296 | 0 | p->head = p->current = p->tail = NULL; |
297 | 0 | p->used = p->size = 0; |
298 | 0 | } |
299 | | |
300 | | static void BN_POOL_finish(BN_POOL *p) |
301 | 0 | { |
302 | 0 | unsigned int loop; |
303 | 0 | BIGNUM *bn; |
304 | |
|
305 | 0 | while (p->head) { |
306 | 0 | for (loop = 0, bn = p->head->vals; loop++ < BN_CTX_POOL_SIZE; bn++) |
307 | 0 | if (bn->d) |
308 | 0 | BN_clear_free(bn); |
309 | 0 | p->current = p->head->next; |
310 | 0 | OPENSSL_free(p->head); |
311 | 0 | p->head = p->current; |
312 | 0 | } |
313 | 0 | } |
314 | | |
315 | | static BIGNUM *BN_POOL_get(BN_POOL *p, int flag) |
316 | 0 | { |
317 | 0 | BIGNUM *bn; |
318 | 0 | unsigned int loop; |
319 | | |
320 | | /* Full; allocate a new pool item and link it in. */ |
321 | 0 | if (p->used == p->size) { |
322 | 0 | BN_POOL_ITEM *item; |
323 | |
|
324 | 0 | if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) |
325 | 0 | return NULL; |
326 | 0 | for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) { |
327 | 0 | bn_init(bn); |
328 | 0 | if ((flag & BN_FLG_SECURE) != 0) |
329 | 0 | BN_set_flags(bn, BN_FLG_SECURE); |
330 | 0 | } |
331 | 0 | item->prev = p->tail; |
332 | 0 | item->next = NULL; |
333 | |
|
334 | 0 | if (p->head == NULL) |
335 | 0 | p->head = p->current = p->tail = item; |
336 | 0 | else { |
337 | 0 | p->tail->next = item; |
338 | 0 | p->tail = item; |
339 | 0 | p->current = item; |
340 | 0 | } |
341 | 0 | p->size += BN_CTX_POOL_SIZE; |
342 | 0 | p->used++; |
343 | | /* Return the first bignum from the new pool */ |
344 | 0 | return item->vals; |
345 | 0 | } |
346 | | |
347 | 0 | if (!p->used) |
348 | 0 | p->current = p->head; |
349 | 0 | else if ((p->used % BN_CTX_POOL_SIZE) == 0) |
350 | 0 | p->current = p->current->next; |
351 | 0 | return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE); |
352 | 0 | } |
353 | | |
354 | | static void BN_POOL_release(BN_POOL *p, unsigned int num) |
355 | 0 | { |
356 | 0 | unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE; |
357 | |
|
358 | 0 | p->used -= num; |
359 | 0 | while (num--) { |
360 | 0 | bn_check_top(p->current->vals + offset); |
361 | 0 | if (offset == 0) { |
362 | 0 | offset = BN_CTX_POOL_SIZE - 1; |
363 | 0 | p->current = p->current->prev; |
364 | 0 | } else |
365 | 0 | offset--; |
366 | 0 | } |
367 | 0 | } |