/src/openssl32/crypto/bn/bn_recp.c

Source (jump to first uncovered line)
/*
 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include "internal/cryptlib.h"
#include "bn_local.h"

void BN_RECP_CTX_init(BN_RECP_CTX *recp)
{
    memset(recp, 0, sizeof(*recp));
    bn_init(&(recp->N));
    bn_init(&(recp->Nr));
}

BN_RECP_CTX *BN_RECP_CTX_new(void)
{
    BN_RECP_CTX *ret;

    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
        return NULL;

    bn_init(&(ret->N));
    bn_init(&(ret->Nr));
    ret->flags = BN_FLG_MALLOCED;
    return ret;
}

void BN_RECP_CTX_free(BN_RECP_CTX *recp)
{
    if (recp == NULL)
        return;
    BN_free(&recp->N);
    BN_free(&recp->Nr);
    if (recp->flags & BN_FLG_MALLOCED)
        OPENSSL_free(recp);
}

int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
{
    if (BN_is_zero(d) || !BN_copy(&(recp->N), d))
        return 0;
    BN_zero(&(recp->Nr));
    recp->num_bits = BN_num_bits(d);
    recp->shift = 0;
    return 1;
}

int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
                          BN_RECP_CTX *recp, BN_CTX *ctx)
{
    int ret = 0;
    BIGNUM *a;
    const BIGNUM *ca;

    BN_CTX_start(ctx);
    if ((a = BN_CTX_get(ctx)) == NULL)
        goto err;
    if (y != NULL) {
        if (x == y) {
            if (!BN_sqr(a, x, ctx))
                goto err;
        } else {
            if (!BN_mul(a, x, y, ctx))
                goto err;
        }
        ca = a;
    } else
        ca = x;                 /* Just do the mod */

    ret = BN_div_recp(NULL, r, ca, recp, ctx);
 err:
    BN_CTX_end(ctx);
    bn_check_top(r);
    return ret;
}

int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
                BN_RECP_CTX *recp, BN_CTX *ctx)
{
    int i, j, ret = 0;
    BIGNUM *a, *b, *d, *r;

    BN_CTX_start(ctx);
    d = (dv != NULL) ? dv : BN_CTX_get(ctx);
    r = (rem != NULL) ? rem : BN_CTX_get(ctx);
    a = BN_CTX_get(ctx);
    b = BN_CTX_get(ctx);
    if (b == NULL)
        goto err;

    if (BN_ucmp(m, &(recp->N)) < 0) {
        BN_zero(d);
        if (!BN_copy(r, m)) {
            BN_CTX_end(ctx);
            return 0;
        }
        BN_CTX_end(ctx);
        return 1;
    }

    /*
     * We want the remainder Given input of ABCDEF / ab we need multiply
     * ABCDEF by 3 digests of the reciprocal of ab
     */

    /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
    i = BN_num_bits(m);
    j = recp->num_bits << 1;
    if (j > i)
        i = j;

    /* Nr := round(2^i / N) */
    if (i != recp->shift)
        recp->shift = BN_reciprocal(&(recp->Nr), &(recp->N), i, ctx);
    /* BN_reciprocal could have returned -1 for an error */
    if (recp->shift == -1)
        goto err;

    /*-
     * d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
     *    = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
     *   <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
     *    = |m/N|
     */
    if (!BN_rshift(a, m, recp->num_bits))
        goto err;
    if (!BN_mul(b, a, &(recp->Nr), ctx))
        goto err;
    if (!BN_rshift(d, b, i - recp->num_bits))
        goto err;
    d->neg = 0;

    if (!BN_mul(b, &(recp->N), d, ctx))
        goto err;
    if (!BN_usub(r, m, b))
        goto err;
    r->neg = 0;

    j = 0;
    while (BN_ucmp(r, &(recp->N)) >= 0) {
        if (j++ > 2) {
            ERR_raise(ERR_LIB_BN, BN_R_BAD_RECIPROCAL);
            goto err;
        }
        if (!BN_usub(r, r, &(recp->N)))
            goto err;
        if (!BN_add_word(d, 1))
            goto err;
    }

    r->neg = BN_is_zero(r) ? 0 : m->neg;
    d->neg = m->neg ^ recp->N.neg;
    ret = 1;
 err:
    BN_CTX_end(ctx);
    bn_check_top(dv);
    bn_check_top(rem);
    return ret;
}

/*
 * len is the expected size of the result We actually calculate with an extra
 * word of precision, so we can do faster division if the remainder is not
 * required.
 */
/* r := 2^len / m */
int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
{
    int ret = -1;
    BIGNUM *t;

    BN_CTX_start(ctx);
    if ((t = BN_CTX_get(ctx)) == NULL)
        goto err;

    if (!BN_set_bit(t, len))
        goto err;

    if (!BN_div(r, NULL, t, m, ctx))
        goto err;

    ret = len;
 err:
    bn_check_top(r);
    BN_CTX_end(ctx);
    return ret;
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include "internal/cryptlib.h"
11		#include "bn_local.h"
12
13		void BN_RECP_CTX_init(BN_RECP_CTX *recp)
14	8.06k	{
15	8.06k	memset(recp, 0, sizeof(*recp));
16	8.06k	bn_init(&(recp->N));
17	8.06k	bn_init(&(recp->Nr));
18	8.06k	}
19
20		BN_RECP_CTX *BN_RECP_CTX_new(void)
21	0	{
22	0	BN_RECP_CTX *ret;
23
24	0	if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
25	0	return NULL;
26
27	0	bn_init(&(ret->N));
28	0	bn_init(&(ret->Nr));
29	0	ret->flags = BN_FLG_MALLOCED;
30	0	return ret;
31	0	}
32
33		void BN_RECP_CTX_free(BN_RECP_CTX *recp)
34	8.06k	{
35	8.06k	if (recp == NULL)
36	0	return;
37	8.06k	BN_free(&recp->N);
38	8.06k	BN_free(&recp->Nr);
39	8.06k	if (recp->flags & BN_FLG_MALLOCED)
40	0	OPENSSL_free(recp);
41	8.06k	}
42
43		int BN_RECP_CTX_set(BN_RECP_CTX recp, const BIGNUM d, BN_CTX *ctx)
44	8.06k	{
45	8.06k	if (BN_is_zero(d) \|\| !BN_copy(&(recp->N), d))
46	0	return 0;
47	8.06k	BN_zero(&(recp->Nr));
48	8.06k	recp->num_bits = BN_num_bits(d);
49	8.06k	recp->shift = 0;
50	8.06k	return 1;
51	8.06k	}
52
53		int BN_mod_mul_reciprocal(BIGNUM r, const BIGNUM x, const BIGNUM *y,
54		BN_RECP_CTX recp, BN_CTX ctx)
55	427k	{
56	427k	int ret = 0;
57	427k	BIGNUM *a;
58	427k	const BIGNUM *ca;
59
60	427k	BN_CTX_start(ctx);
61	427k	if ((a = BN_CTX_get(ctx)) == NULL)
62	0	goto err;
63	427k	if (y != NULL) {
64	427k	if (x == y) {
65	335k	if (!BN_sqr(a, x, ctx))
66	0	goto err;
67	335k	} else {
68	91.6k	if (!BN_mul(a, x, y, ctx))
69	0	goto err;
70	91.6k	}
71	427k	ca = a;
72	427k	} else
73	0	ca = x; /* Just do the mod */
74
75	427k	ret = BN_div_recp(NULL, r, ca, recp, ctx);
76	427k	err:
77	427k	BN_CTX_end(ctx);
78	427k	bn_check_top(r);
79	427k	return ret;
80	427k	}
81
82		int BN_div_recp(BIGNUM dv, BIGNUM rem, const BIGNUM *m,
83		BN_RECP_CTX recp, BN_CTX ctx)
84	427k	{
85	427k	int i, j, ret = 0;
86	427k	BIGNUM a, b, d, r;
87
88	427k	BN_CTX_start(ctx);
89	427k	d = (dv != NULL) ? dv : BN_CTX_get(ctx);
90	427k	r = (rem != NULL) ? rem : BN_CTX_get(ctx);
91	427k	a = BN_CTX_get(ctx);
92	427k	b = BN_CTX_get(ctx);
93	427k	if (b == NULL)
94	0	goto err;
95
96	427k	if (BN_ucmp(m, &(recp->N)) < 0) {
97	110k	BN_zero(d);
98	110k	if (!BN_copy(r, m)) {
99	0	BN_CTX_end(ctx);
100	0	return 0;
101	0	}
102	110k	BN_CTX_end(ctx);
103	110k	return 1;
104	110k	}
105
106		/*
107		* We want the remainder Given input of ABCDEF / ab we need multiply
108		* ABCDEF by 3 digests of the reciprocal of ab
109		*/
110
111		/* i := max(BN_num_bits(m), 2BN_num_bits(N)) /
112	316k	i = BN_num_bits(m);
113	316k	j = recp->num_bits << 1;
114	316k	if (j > i)
115	268k	i = j;
116
117		/* Nr := round(2^i / N) */
118	316k	if (i != recp->shift)
119	7.84k	recp->shift = BN_reciprocal(&(recp->Nr), &(recp->N), i, ctx);
120		/* BN_reciprocal could have returned -1 for an error */
121	316k	if (recp->shift == -1)
122	0	goto err;
123
124		/*-
125		* d := \|round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))\|
126		* = \|round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))\|
127		* <= \|(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)\|
128		* = \|m/N\|
129		*/
130	316k	if (!BN_rshift(a, m, recp->num_bits))
131	0	goto err;
132	316k	if (!BN_mul(b, a, &(recp->Nr), ctx))
133	0	goto err;
134	316k	if (!BN_rshift(d, b, i - recp->num_bits))
135	0	goto err;
136	316k	d->neg = 0;
137
138	316k	if (!BN_mul(b, &(recp->N), d, ctx))
139	0	goto err;
140	316k	if (!BN_usub(r, m, b))
141	0	goto err;
142	316k	r->neg = 0;
143
144	316k	j = 0;
145	536k	while (BN_ucmp(r, &(recp->N)) >= 0) {
146	220k	if (j++ > 2) {
147	0	ERR_raise(ERR_LIB_BN, BN_R_BAD_RECIPROCAL);
148	0	goto err;
149	0	}
150	220k	if (!BN_usub(r, r, &(recp->N)))
151	0	goto err;
152	220k	if (!BN_add_word(d, 1))
153	0	goto err;
154	220k	}
155
156	316k	r->neg = BN_is_zero(r) ? 0 : m->neg;
157	316k	d->neg = m->neg ^ recp->N.neg;
158	316k	ret = 1;
159	316k	err:
160	316k	BN_CTX_end(ctx);
161	316k	bn_check_top(dv);
162	316k	bn_check_top(rem);
163	316k	return ret;
164	316k	}
165
166		/*
167		* len is the expected size of the result We actually calculate with an extra
168		* word of precision, so we can do faster division if the remainder is not
169		* required.
170		*/
171		/* r := 2^len / m */
172		int BN_reciprocal(BIGNUM r, const BIGNUM m, int len, BN_CTX *ctx)
173	7.84k	{
174	7.84k	int ret = -1;
175	7.84k	BIGNUM *t;
176
177	7.84k	BN_CTX_start(ctx);
178	7.84k	if ((t = BN_CTX_get(ctx)) == NULL)
179	0	goto err;
180
181	7.84k	if (!BN_set_bit(t, len))
182	0	goto err;
183
184	7.84k	if (!BN_div(r, NULL, t, m, ctx))
185	0	goto err;
186
187	7.84k	ret = len;
188	7.84k	err:
189	7.84k	bn_check_top(r);
190	7.84k	BN_CTX_end(ctx);
191	7.84k	return ret;
192	7.84k	}

Coverage Report

Created: 2025-06-13 06:58