/src/openssl/crypto/bn/bn_ctx.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <openssl/trace.h> |
11 | | #include "internal/cryptlib.h" |
12 | | #include "bn_local.h" |
13 | | |
14 | | /* How many bignums are in each "pool item"; */ |
15 | 0 | #define BN_CTX_POOL_SIZE 16 |
16 | | /* The stack frame info is resizing, set a first-time expansion size; */ |
17 | 0 | #define BN_CTX_START_FRAMES 32 |
18 | | |
19 | | /***********/ |
20 | | /* BN_POOL */ |
21 | | /***********/ |
22 | | |
23 | | /* A bundle of bignums that can be linked with other bundles */ |
24 | | typedef struct bignum_pool_item { |
25 | | /* The bignum values */ |
26 | | BIGNUM vals[BN_CTX_POOL_SIZE]; |
27 | | /* Linked-list admin */ |
28 | | struct bignum_pool_item *prev, *next; |
29 | | } BN_POOL_ITEM; |
30 | | /* A linked-list of bignums grouped in bundles */ |
31 | | typedef struct bignum_pool { |
32 | | /* Linked-list admin */ |
33 | | BN_POOL_ITEM *head, *current, *tail; |
34 | | /* Stack depth and allocation size */ |
35 | | unsigned used, size; |
36 | | } BN_POOL; |
37 | | static void BN_POOL_init(BN_POOL *); |
38 | | static void BN_POOL_finish(BN_POOL *); |
39 | | static BIGNUM *BN_POOL_get(BN_POOL *, int); |
40 | | static void BN_POOL_release(BN_POOL *, unsigned int); |
41 | | |
42 | | /************/ |
43 | | /* BN_STACK */ |
44 | | /************/ |
45 | | |
46 | | /* A wrapper to manage the "stack frames" */ |
47 | | typedef struct bignum_ctx_stack { |
48 | | /* Array of indexes into the bignum stack */ |
49 | | unsigned int *indexes; |
50 | | /* Number of stack frames, and the size of the allocated array */ |
51 | | unsigned int depth, size; |
52 | | } BN_STACK; |
53 | | static void BN_STACK_init(BN_STACK *); |
54 | | static void BN_STACK_finish(BN_STACK *); |
55 | | static int BN_STACK_push(BN_STACK *, unsigned int); |
56 | | static unsigned int BN_STACK_pop(BN_STACK *); |
57 | | |
58 | | /**********/ |
59 | | /* BN_CTX */ |
60 | | /**********/ |
61 | | |
62 | | /* The opaque BN_CTX type */ |
63 | | struct bignum_ctx { |
64 | | /* The bignum bundles */ |
65 | | BN_POOL pool; |
66 | | /* The "stack frames", if you will */ |
67 | | BN_STACK stack; |
68 | | /* The number of bignums currently assigned */ |
69 | | unsigned int used; |
70 | | /* Depth of stack overflow */ |
71 | | int err_stack; |
72 | | /* Block "gets" until an "end" (compatibility behaviour) */ |
73 | | int too_many; |
74 | | /* Flags. */ |
75 | | int flags; |
76 | | /* The library context */ |
77 | | OSSL_LIB_CTX *libctx; |
78 | | }; |
79 | | |
80 | | #ifndef FIPS_MODULE |
81 | | /* Debugging functionality */ |
82 | | static void ctxdbg(BIO *channel, const char *text, BN_CTX *ctx) |
83 | 0 | { |
84 | 0 | unsigned int bnidx = 0, fpidx = 0; |
85 | 0 | BN_POOL_ITEM *item = ctx->pool.head; |
86 | 0 | BN_STACK *stack = &ctx->stack; |
87 | 0 |
|
88 | 0 | BIO_printf(channel, "%s\n", text); |
89 | 0 | BIO_printf(channel, " (%16p): ", (void*)ctx); |
90 | 0 | while (bnidx < ctx->used) { |
91 | 0 | BIO_printf(channel, "%03x ", |
92 | 0 | item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); |
93 | 0 | if (!(bnidx % BN_CTX_POOL_SIZE)) |
94 | 0 | item = item->next; |
95 | 0 | } |
96 | 0 | BIO_printf(channel, "\n"); |
97 | 0 | bnidx = 0; |
98 | 0 | BIO_printf(channel, " %16s : ", ""); |
99 | 0 | while (fpidx < stack->depth) { |
100 | 0 | while (bnidx++ < stack->indexes[fpidx]) |
101 | 0 | BIO_printf(channel, " "); |
102 | 0 | BIO_printf(channel, "^^^ "); |
103 | 0 | bnidx++; |
104 | 0 | fpidx++; |
105 | 0 | } |
106 | 0 | BIO_printf(channel, "\n"); |
107 | 0 | } |
108 | | |
109 | | # define CTXDBG(str, ctx) \ |
110 | 0 | OSSL_TRACE_BEGIN(BN_CTX) { \ |
111 | 0 | ctxdbg(trc_out, str, ctx); \ |
112 | 0 | } OSSL_TRACE_END(BN_CTX) |
113 | | #else |
114 | | /* We do not want tracing in FIPS module */ |
115 | | # define CTXDBG(str, ctx) do {} while(0) |
116 | | #endif /* FIPS_MODULE */ |
117 | | |
118 | | BN_CTX *BN_CTX_new_ex(OSSL_LIB_CTX *ctx) |
119 | 0 | { |
120 | 0 | BN_CTX *ret; |
121 | |
|
122 | 0 | if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) |
123 | 0 | return NULL; |
124 | | /* Initialise the structure */ |
125 | 0 | BN_POOL_init(&ret->pool); |
126 | 0 | BN_STACK_init(&ret->stack); |
127 | 0 | ret->libctx = ctx; |
128 | 0 | return ret; |
129 | 0 | } |
130 | | |
131 | | #ifndef FIPS_MODULE |
132 | | BN_CTX *BN_CTX_new(void) |
133 | 0 | { |
134 | 0 | return BN_CTX_new_ex(NULL); |
135 | 0 | } |
136 | | #endif |
137 | | |
138 | | BN_CTX *BN_CTX_secure_new_ex(OSSL_LIB_CTX *ctx) |
139 | 0 | { |
140 | 0 | BN_CTX *ret = BN_CTX_new_ex(ctx); |
141 | |
|
142 | 0 | if (ret != NULL) |
143 | 0 | ret->flags = BN_FLG_SECURE; |
144 | 0 | return ret; |
145 | 0 | } |
146 | | |
147 | | #ifndef FIPS_MODULE |
148 | | BN_CTX *BN_CTX_secure_new(void) |
149 | 0 | { |
150 | 0 | return BN_CTX_secure_new_ex(NULL); |
151 | 0 | } |
152 | | #endif |
153 | | |
154 | | void BN_CTX_free(BN_CTX *ctx) |
155 | 0 | { |
156 | 0 | if (ctx == NULL) |
157 | 0 | return; |
158 | 0 | #ifndef FIPS_MODULE |
159 | 0 | OSSL_TRACE_BEGIN(BN_CTX) { |
160 | 0 | BN_POOL_ITEM *pool = ctx->pool.head; |
161 | 0 | BIO_printf(trc_out, |
162 | 0 | "BN_CTX_free(): stack-size=%d, pool-bignums=%d\n", |
163 | 0 | ctx->stack.size, ctx->pool.size); |
164 | 0 | BIO_printf(trc_out, " dmaxs: "); |
165 | 0 | while (pool) { |
166 | 0 | unsigned loop = 0; |
167 | 0 | while (loop < BN_CTX_POOL_SIZE) |
168 | 0 | BIO_printf(trc_out, "%02x ", pool->vals[loop++].dmax); |
169 | 0 | pool = pool->next; |
170 | 0 | } |
171 | 0 | BIO_printf(trc_out, "\n"); |
172 | 0 | } OSSL_TRACE_END(BN_CTX); |
173 | 0 | #endif |
174 | 0 | BN_STACK_finish(&ctx->stack); |
175 | 0 | BN_POOL_finish(&ctx->pool); |
176 | 0 | OPENSSL_free(ctx); |
177 | 0 | } |
178 | | |
179 | | void BN_CTX_start(BN_CTX *ctx) |
180 | 0 | { |
181 | 0 | CTXDBG("ENTER BN_CTX_start()", ctx); |
182 | | /* If we're already overflowing ... */ |
183 | 0 | if (ctx->err_stack || ctx->too_many) |
184 | 0 | ctx->err_stack++; |
185 | | /* (Try to) get a new frame pointer */ |
186 | 0 | else if (!BN_STACK_push(&ctx->stack, ctx->used)) { |
187 | 0 | ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_TEMPORARY_VARIABLES); |
188 | 0 | ctx->err_stack++; |
189 | 0 | } |
190 | 0 | CTXDBG("LEAVE BN_CTX_start()", ctx); |
191 | 0 | } |
192 | | |
193 | | void BN_CTX_end(BN_CTX *ctx) |
194 | 0 | { |
195 | 0 | if (ctx == NULL) |
196 | 0 | return; |
197 | 0 | CTXDBG("ENTER BN_CTX_end()", ctx); |
198 | 0 | if (ctx->err_stack) |
199 | 0 | ctx->err_stack--; |
200 | 0 | else { |
201 | 0 | unsigned int fp = BN_STACK_pop(&ctx->stack); |
202 | | /* Does this stack frame have anything to release? */ |
203 | 0 | if (fp < ctx->used) |
204 | 0 | BN_POOL_release(&ctx->pool, ctx->used - fp); |
205 | 0 | ctx->used = fp; |
206 | | /* Unjam "too_many" in case "get" had failed */ |
207 | 0 | ctx->too_many = 0; |
208 | 0 | } |
209 | 0 | CTXDBG("LEAVE BN_CTX_end()", ctx); |
210 | 0 | } |
211 | | |
212 | | BIGNUM *BN_CTX_get(BN_CTX *ctx) |
213 | 0 | { |
214 | 0 | BIGNUM *ret; |
215 | |
|
216 | 0 | CTXDBG("ENTER BN_CTX_get()", ctx); |
217 | 0 | if (ctx->err_stack || ctx->too_many) |
218 | 0 | return NULL; |
219 | 0 | if ((ret = BN_POOL_get(&ctx->pool, ctx->flags)) == NULL) { |
220 | | /* |
221 | | * Setting too_many prevents repeated "get" attempts from cluttering |
222 | | * the error stack. |
223 | | */ |
224 | 0 | ctx->too_many = 1; |
225 | 0 | ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_TEMPORARY_VARIABLES); |
226 | 0 | return NULL; |
227 | 0 | } |
228 | | /* OK, make sure the returned bignum is "zero" */ |
229 | 0 | BN_zero(ret); |
230 | | /* clear BN_FLG_CONSTTIME if leaked from previous frames */ |
231 | 0 | ret->flags &= (~BN_FLG_CONSTTIME); |
232 | 0 | ctx->used++; |
233 | 0 | CTXDBG("LEAVE BN_CTX_get()", ctx); |
234 | 0 | return ret; |
235 | 0 | } |
236 | | |
237 | | OSSL_LIB_CTX *ossl_bn_get_libctx(BN_CTX *ctx) |
238 | 0 | { |
239 | 0 | if (ctx == NULL) |
240 | 0 | return NULL; |
241 | 0 | return ctx->libctx; |
242 | 0 | } |
243 | | |
244 | | /************/ |
245 | | /* BN_STACK */ |
246 | | /************/ |
247 | | |
248 | | static void BN_STACK_init(BN_STACK *st) |
249 | 0 | { |
250 | 0 | st->indexes = NULL; |
251 | 0 | st->depth = st->size = 0; |
252 | 0 | } |
253 | | |
254 | | static void BN_STACK_finish(BN_STACK *st) |
255 | 0 | { |
256 | 0 | OPENSSL_free(st->indexes); |
257 | 0 | st->indexes = NULL; |
258 | 0 | } |
259 | | |
260 | | |
261 | | static int BN_STACK_push(BN_STACK *st, unsigned int idx) |
262 | 0 | { |
263 | 0 | if (st->depth == st->size) { |
264 | | /* Need to expand */ |
265 | 0 | unsigned int newsize = |
266 | 0 | st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES; |
267 | 0 | unsigned int *newitems; |
268 | |
|
269 | 0 | if ((newitems = OPENSSL_malloc_array(newsize, sizeof(*newitems))) == NULL) |
270 | 0 | return 0; |
271 | 0 | if (st->depth) |
272 | 0 | memcpy(newitems, st->indexes, sizeof(*newitems) * st->depth); |
273 | 0 | OPENSSL_free(st->indexes); |
274 | 0 | st->indexes = newitems; |
275 | 0 | st->size = newsize; |
276 | 0 | } |
277 | 0 | st->indexes[(st->depth)++] = idx; |
278 | 0 | return 1; |
279 | 0 | } |
280 | | |
281 | | static unsigned int BN_STACK_pop(BN_STACK *st) |
282 | 0 | { |
283 | 0 | return st->indexes[--(st->depth)]; |
284 | 0 | } |
285 | | |
286 | | /***********/ |
287 | | /* BN_POOL */ |
288 | | /***********/ |
289 | | |
290 | | static void BN_POOL_init(BN_POOL *p) |
291 | 0 | { |
292 | 0 | p->head = p->current = p->tail = NULL; |
293 | 0 | p->used = p->size = 0; |
294 | 0 | } |
295 | | |
296 | | static void BN_POOL_finish(BN_POOL *p) |
297 | 0 | { |
298 | 0 | unsigned int loop; |
299 | 0 | BIGNUM *bn; |
300 | |
|
301 | 0 | while (p->head) { |
302 | 0 | for (loop = 0, bn = p->head->vals; loop++ < BN_CTX_POOL_SIZE; bn++) |
303 | 0 | if (bn->d) |
304 | 0 | BN_clear_free(bn); |
305 | 0 | p->current = p->head->next; |
306 | 0 | OPENSSL_free(p->head); |
307 | 0 | p->head = p->current; |
308 | 0 | } |
309 | 0 | } |
310 | | |
311 | | |
312 | | static BIGNUM *BN_POOL_get(BN_POOL *p, int flag) |
313 | 0 | { |
314 | 0 | BIGNUM *bn; |
315 | 0 | unsigned int loop; |
316 | | |
317 | | /* Full; allocate a new pool item and link it in. */ |
318 | 0 | if (p->used == p->size) { |
319 | 0 | BN_POOL_ITEM *item; |
320 | |
|
321 | 0 | if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) |
322 | 0 | return NULL; |
323 | 0 | for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) { |
324 | 0 | bn_init(bn); |
325 | 0 | if ((flag & BN_FLG_SECURE) != 0) |
326 | 0 | BN_set_flags(bn, BN_FLG_SECURE); |
327 | 0 | } |
328 | 0 | item->prev = p->tail; |
329 | 0 | item->next = NULL; |
330 | |
|
331 | 0 | if (p->head == NULL) |
332 | 0 | p->head = p->current = p->tail = item; |
333 | 0 | else { |
334 | 0 | p->tail->next = item; |
335 | 0 | p->tail = item; |
336 | 0 | p->current = item; |
337 | 0 | } |
338 | 0 | p->size += BN_CTX_POOL_SIZE; |
339 | 0 | p->used++; |
340 | | /* Return the first bignum from the new pool */ |
341 | 0 | return item->vals; |
342 | 0 | } |
343 | | |
344 | 0 | if (!p->used) |
345 | 0 | p->current = p->head; |
346 | 0 | else if ((p->used % BN_CTX_POOL_SIZE) == 0) |
347 | 0 | p->current = p->current->next; |
348 | 0 | return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE); |
349 | 0 | } |
350 | | |
351 | | static void BN_POOL_release(BN_POOL *p, unsigned int num) |
352 | 0 | { |
353 | 0 | unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE; |
354 | |
|
355 | 0 | p->used -= num; |
356 | 0 | while (num--) { |
357 | 0 | bn_check_top(p->current->vals + offset); |
358 | 0 | if (offset == 0) { |
359 | 0 | offset = BN_CTX_POOL_SIZE - 1; |
360 | 0 | p->current = p->current->prev; |
361 | 0 | } else |
362 | 0 | offset--; |
363 | 0 | } |
364 | 0 | } |