/src/openssl111/crypto/bn/bn_ctx.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include "internal/cryptlib.h" |
11 | | #include "bn_local.h" |
12 | | |
13 | | /*- |
14 | | * TODO list |
15 | | * |
16 | | * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and |
17 | | * check they can be safely removed. |
18 | | * - Check +1 and other ugliness in BN_from_montgomery() |
19 | | * |
20 | | * 2. Consider allowing a BN_new_ex() that, at least, lets you specify an |
21 | | * appropriate 'block' size that will be honoured by bn_expand_internal() to |
22 | | * prevent piddly little reallocations. OTOH, profiling bignum expansions in |
23 | | * BN_CTX doesn't show this to be a big issue. |
24 | | */ |
25 | | |
26 | | /* How many bignums are in each "pool item"; */ |
27 | 5.81M | #define BN_CTX_POOL_SIZE 16 |
28 | | /* The stack frame info is resizing, set a first-time expansion size; */ |
29 | 3.09k | #define BN_CTX_START_FRAMES 32 |
30 | | |
31 | | /***********/ |
32 | | /* BN_POOL */ |
33 | | /***********/ |
34 | | |
35 | | /* A bundle of bignums that can be linked with other bundles */ |
36 | | typedef struct bignum_pool_item { |
37 | | /* The bignum values */ |
38 | | BIGNUM vals[BN_CTX_POOL_SIZE]; |
39 | | /* Linked-list admin */ |
40 | | struct bignum_pool_item *prev, *next; |
41 | | } BN_POOL_ITEM; |
42 | | /* A linked-list of bignums grouped in bundles */ |
43 | | typedef struct bignum_pool { |
44 | | /* Linked-list admin */ |
45 | | BN_POOL_ITEM *head, *current, *tail; |
46 | | /* Stack depth and allocation size */ |
47 | | unsigned used, size; |
48 | | } BN_POOL; |
49 | | static void BN_POOL_init(BN_POOL *); |
50 | | static void BN_POOL_finish(BN_POOL *); |
51 | | static BIGNUM *BN_POOL_get(BN_POOL *, int); |
52 | | static void BN_POOL_release(BN_POOL *, unsigned int); |
53 | | |
54 | | /************/ |
55 | | /* BN_STACK */ |
56 | | /************/ |
57 | | |
58 | | /* A wrapper to manage the "stack frames" */ |
59 | | typedef struct bignum_ctx_stack { |
60 | | /* Array of indexes into the bignum stack */ |
61 | | unsigned int *indexes; |
62 | | /* Number of stack frames, and the size of the allocated array */ |
63 | | unsigned int depth, size; |
64 | | } BN_STACK; |
65 | | static void BN_STACK_init(BN_STACK *); |
66 | | static void BN_STACK_finish(BN_STACK *); |
67 | | static int BN_STACK_push(BN_STACK *, unsigned int); |
68 | | static unsigned int BN_STACK_pop(BN_STACK *); |
69 | | |
70 | | /**********/ |
71 | | /* BN_CTX */ |
72 | | /**********/ |
73 | | |
74 | | /* The opaque BN_CTX type */ |
75 | | struct bignum_ctx { |
76 | | /* The bignum bundles */ |
77 | | BN_POOL pool; |
78 | | /* The "stack frames", if you will */ |
79 | | BN_STACK stack; |
80 | | /* The number of bignums currently assigned */ |
81 | | unsigned int used; |
82 | | /* Depth of stack overflow */ |
83 | | int err_stack; |
84 | | /* Block "gets" until an "end" (compatibility behaviour) */ |
85 | | int too_many; |
86 | | /* Flags. */ |
87 | | int flags; |
88 | | }; |
89 | | |
90 | | /* Enable this to find BN_CTX bugs */ |
91 | | #ifdef BN_CTX_DEBUG |
92 | | static const char *ctxdbg_cur = NULL; |
93 | | static void ctxdbg(BN_CTX *ctx) |
94 | | { |
95 | | unsigned int bnidx = 0, fpidx = 0; |
96 | | BN_POOL_ITEM *item = ctx->pool.head; |
97 | | BN_STACK *stack = &ctx->stack; |
98 | | fprintf(stderr, "(%16p): ", ctx); |
99 | | while (bnidx < ctx->used) { |
100 | | fprintf(stderr, "%03x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); |
101 | | if (!(bnidx % BN_CTX_POOL_SIZE)) |
102 | | item = item->next; |
103 | | } |
104 | | fprintf(stderr, "\n"); |
105 | | bnidx = 0; |
106 | | fprintf(stderr, " : "); |
107 | | while (fpidx < stack->depth) { |
108 | | while (bnidx++ < stack->indexes[fpidx]) |
109 | | fprintf(stderr, " "); |
110 | | fprintf(stderr, "^^^ "); |
111 | | bnidx++; |
112 | | fpidx++; |
113 | | } |
114 | | fprintf(stderr, "\n"); |
115 | | } |
116 | | |
117 | | # define CTXDBG_ENTRY(str, ctx) do { \ |
118 | | ctxdbg_cur = (str); \ |
119 | | fprintf(stderr,"Starting %s\n", ctxdbg_cur); \ |
120 | | ctxdbg(ctx); \ |
121 | | } while(0) |
122 | | # define CTXDBG_EXIT(ctx) do { \ |
123 | | fprintf(stderr,"Ending %s\n", ctxdbg_cur); \ |
124 | | ctxdbg(ctx); \ |
125 | | } while(0) |
126 | | # define CTXDBG_RET(ctx,ret) |
127 | | #else |
128 | | # define CTXDBG_ENTRY(str, ctx) |
129 | | # define CTXDBG_EXIT(ctx) |
130 | | # define CTXDBG_RET(ctx,ret) |
131 | | #endif |
132 | | |
133 | | |
134 | | BN_CTX *BN_CTX_new(void) |
135 | 3.32k | { |
136 | 3.32k | BN_CTX *ret; |
137 | | |
138 | 3.32k | if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { |
139 | 0 | BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE); |
140 | 0 | return NULL; |
141 | 0 | } |
142 | | /* Initialise the structure */ |
143 | 3.32k | BN_POOL_init(&ret->pool); |
144 | 3.32k | BN_STACK_init(&ret->stack); |
145 | 3.32k | return ret; |
146 | 3.32k | } |
147 | | |
148 | | BN_CTX *BN_CTX_secure_new(void) |
149 | 0 | { |
150 | 0 | BN_CTX *ret = BN_CTX_new(); |
151 | |
|
152 | 0 | if (ret != NULL) |
153 | 0 | ret->flags = BN_FLG_SECURE; |
154 | 0 | return ret; |
155 | 0 | } |
156 | | |
157 | | void BN_CTX_free(BN_CTX *ctx) |
158 | 4.72k | { |
159 | 4.72k | if (ctx == NULL) |
160 | 1.39k | return; |
161 | | #ifdef BN_CTX_DEBUG |
162 | | { |
163 | | BN_POOL_ITEM *pool = ctx->pool.head; |
164 | | fprintf(stderr, "BN_CTX_free, stack-size=%d, pool-bignums=%d\n", |
165 | | ctx->stack.size, ctx->pool.size); |
166 | | fprintf(stderr, "dmaxs: "); |
167 | | while (pool) { |
168 | | unsigned loop = 0; |
169 | | while (loop < BN_CTX_POOL_SIZE) |
170 | | fprintf(stderr, "%02x ", pool->vals[loop++].dmax); |
171 | | pool = pool->next; |
172 | | } |
173 | | fprintf(stderr, "\n"); |
174 | | } |
175 | | #endif |
176 | 3.32k | BN_STACK_finish(&ctx->stack); |
177 | 3.32k | BN_POOL_finish(&ctx->pool); |
178 | 3.32k | OPENSSL_free(ctx); |
179 | 3.32k | } |
180 | | |
181 | | void BN_CTX_start(BN_CTX *ctx) |
182 | 1.49M | { |
183 | 1.49M | CTXDBG_ENTRY("BN_CTX_start", ctx); |
184 | | /* If we're already overflowing ... */ |
185 | 1.49M | if (ctx->err_stack || ctx->too_many) |
186 | 0 | ctx->err_stack++; |
187 | | /* (Try to) get a new frame pointer */ |
188 | 1.49M | else if (!BN_STACK_push(&ctx->stack, ctx->used)) { |
189 | 0 | BNerr(BN_F_BN_CTX_START, BN_R_TOO_MANY_TEMPORARY_VARIABLES); |
190 | 0 | ctx->err_stack++; |
191 | 0 | } |
192 | 1.49M | CTXDBG_EXIT(ctx); |
193 | 1.49M | } |
194 | | |
195 | | void BN_CTX_end(BN_CTX *ctx) |
196 | 1.49M | { |
197 | 1.49M | if (ctx == NULL) |
198 | 0 | return; |
199 | 1.49M | CTXDBG_ENTRY("BN_CTX_end", ctx); |
200 | 1.49M | if (ctx->err_stack) |
201 | 0 | ctx->err_stack--; |
202 | 1.49M | else { |
203 | 1.49M | unsigned int fp = BN_STACK_pop(&ctx->stack); |
204 | | /* Does this stack frame have anything to release? */ |
205 | 1.49M | if (fp < ctx->used) |
206 | 1.27M | BN_POOL_release(&ctx->pool, ctx->used - fp); |
207 | 1.49M | ctx->used = fp; |
208 | | /* Unjam "too_many" in case "get" had failed */ |
209 | 1.49M | ctx->too_many = 0; |
210 | 1.49M | } |
211 | 1.49M | CTXDBG_EXIT(ctx); |
212 | 1.49M | } |
213 | | |
214 | | BIGNUM *BN_CTX_get(BN_CTX *ctx) |
215 | 2.21M | { |
216 | 2.21M | BIGNUM *ret; |
217 | | |
218 | 2.21M | CTXDBG_ENTRY("BN_CTX_get", ctx); |
219 | 2.21M | if (ctx->err_stack || ctx->too_many) |
220 | 0 | return NULL; |
221 | 2.21M | if ((ret = BN_POOL_get(&ctx->pool, ctx->flags)) == NULL) { |
222 | | /* |
223 | | * Setting too_many prevents repeated "get" attempts from cluttering |
224 | | * the error stack. |
225 | | */ |
226 | 0 | ctx->too_many = 1; |
227 | 0 | BNerr(BN_F_BN_CTX_GET, BN_R_TOO_MANY_TEMPORARY_VARIABLES); |
228 | 0 | return NULL; |
229 | 0 | } |
230 | | /* OK, make sure the returned bignum is "zero" */ |
231 | 2.21M | BN_zero(ret); |
232 | | /* clear BN_FLG_CONSTTIME if leaked from previous frames */ |
233 | 2.21M | ret->flags &= (~BN_FLG_CONSTTIME); |
234 | 2.21M | ctx->used++; |
235 | 2.21M | CTXDBG_RET(ctx, ret); |
236 | 2.21M | return ret; |
237 | 2.21M | } |
238 | | |
239 | | /************/ |
240 | | /* BN_STACK */ |
241 | | /************/ |
242 | | |
243 | | static void BN_STACK_init(BN_STACK *st) |
244 | 3.32k | { |
245 | 3.32k | st->indexes = NULL; |
246 | 3.32k | st->depth = st->size = 0; |
247 | 3.32k | } |
248 | | |
249 | | static void BN_STACK_finish(BN_STACK *st) |
250 | 3.32k | { |
251 | 3.32k | OPENSSL_free(st->indexes); |
252 | 3.32k | st->indexes = NULL; |
253 | 3.32k | } |
254 | | |
255 | | |
256 | | static int BN_STACK_push(BN_STACK *st, unsigned int idx) |
257 | 1.49M | { |
258 | 1.49M | if (st->depth == st->size) { |
259 | | /* Need to expand */ |
260 | 3.09k | unsigned int newsize = |
261 | 3.09k | st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES; |
262 | 3.09k | unsigned int *newitems; |
263 | | |
264 | 3.09k | if ((newitems = OPENSSL_malloc(sizeof(*newitems) * newsize)) == NULL) { |
265 | 0 | BNerr(BN_F_BN_STACK_PUSH, ERR_R_MALLOC_FAILURE); |
266 | 0 | return 0; |
267 | 0 | } |
268 | 3.09k | if (st->depth) |
269 | 0 | memcpy(newitems, st->indexes, sizeof(*newitems) * st->depth); |
270 | 3.09k | OPENSSL_free(st->indexes); |
271 | 3.09k | st->indexes = newitems; |
272 | 3.09k | st->size = newsize; |
273 | 3.09k | } |
274 | 1.49M | st->indexes[(st->depth)++] = idx; |
275 | 1.49M | return 1; |
276 | 1.49M | } |
277 | | |
278 | | static unsigned int BN_STACK_pop(BN_STACK *st) |
279 | 1.49M | { |
280 | 1.49M | return st->indexes[--(st->depth)]; |
281 | 1.49M | } |
282 | | |
283 | | /***********/ |
284 | | /* BN_POOL */ |
285 | | /***********/ |
286 | | |
287 | | static void BN_POOL_init(BN_POOL *p) |
288 | 3.32k | { |
289 | 3.32k | p->head = p->current = p->tail = NULL; |
290 | 3.32k | p->used = p->size = 0; |
291 | 3.32k | } |
292 | | |
293 | | static void BN_POOL_finish(BN_POOL *p) |
294 | 3.32k | { |
295 | 3.32k | unsigned int loop; |
296 | 3.32k | BIGNUM *bn; |
297 | | |
298 | 6.60k | while (p->head) { |
299 | 55.6k | for (loop = 0, bn = p->head->vals; loop++ < BN_CTX_POOL_SIZE; bn++) |
300 | 52.3k | if (bn->d) |
301 | 39.5k | BN_clear_free(bn); |
302 | 3.27k | p->current = p->head->next; |
303 | 3.27k | OPENSSL_free(p->head); |
304 | 3.27k | p->head = p->current; |
305 | 3.27k | } |
306 | 3.32k | } |
307 | | |
308 | | |
309 | | static BIGNUM *BN_POOL_get(BN_POOL *p, int flag) |
310 | 2.21M | { |
311 | 2.21M | BIGNUM *bn; |
312 | 2.21M | unsigned int loop; |
313 | | |
314 | | /* Full; allocate a new pool item and link it in. */ |
315 | 2.21M | if (p->used == p->size) { |
316 | 3.27k | BN_POOL_ITEM *item; |
317 | | |
318 | 3.27k | if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) { |
319 | 0 | BNerr(BN_F_BN_POOL_GET, ERR_R_MALLOC_FAILURE); |
320 | 0 | return NULL; |
321 | 0 | } |
322 | 55.6k | for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) { |
323 | 52.3k | bn_init(bn); |
324 | 52.3k | if ((flag & BN_FLG_SECURE) != 0) |
325 | 0 | BN_set_flags(bn, BN_FLG_SECURE); |
326 | 52.3k | } |
327 | 3.27k | item->prev = p->tail; |
328 | 3.27k | item->next = NULL; |
329 | | |
330 | 3.27k | if (p->head == NULL) |
331 | 3.09k | p->head = p->current = p->tail = item; |
332 | 178 | else { |
333 | 178 | p->tail->next = item; |
334 | 178 | p->tail = item; |
335 | 178 | p->current = item; |
336 | 178 | } |
337 | 3.27k | p->size += BN_CTX_POOL_SIZE; |
338 | 3.27k | p->used++; |
339 | | /* Return the first bignum from the new pool */ |
340 | 3.27k | return item->vals; |
341 | 3.27k | } |
342 | | |
343 | 2.20M | if (!p->used) |
344 | 3.09k | p->current = p->head; |
345 | 2.20M | else if ((p->used % BN_CTX_POOL_SIZE) == 0) |
346 | 889 | p->current = p->current->next; |
347 | 2.20M | return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE); |
348 | 2.21M | } |
349 | | |
350 | | static void BN_POOL_release(BN_POOL *p, unsigned int num) |
351 | 1.27M | { |
352 | 1.27M | unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE; |
353 | | |
354 | 1.27M | p->used -= num; |
355 | 3.48M | while (num--) { |
356 | 2.21M | bn_check_top(p->current->vals + offset); |
357 | 2.21M | if (offset == 0) { |
358 | 7.25k | offset = BN_CTX_POOL_SIZE - 1; |
359 | 7.25k | p->current = p->current->prev; |
360 | 7.25k | } else |
361 | 2.20M | offset--; |
362 | 2.21M | } |
363 | 1.27M | } |