/src/wolfssl-openssl-api/src/ssl_bn.c

Source
/* ssl_bn.c
 *
 * Copyright (C) 2006-2025 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

#include <wolfssl/wolfcrypt/libwolfssl_sources.h>

#include <wolfssl/internal.h>
#ifndef WC_NO_RNG
    #include <wolfssl/wolfcrypt/random.h>
#endif

#if !defined(WOLFSSL_SSL_BN_INCLUDED)
    #ifndef WOLFSSL_IGNORE_FILE_WARN
        #warning ssl_bn.c does not need to be compiled separately from ssl.c
    #endif
#else

/* Check on validity of big number.
 *
 * Used for parameter validation.
 *
 * @param [in] bn  Big number.
 * @return 1 when bn is not NULL and internal representation is not NULL.
 * @return 0 otherwise.
 */
#define BN_IS_NULL(bn) (((bn) == NULL) || ((bn)->internal == NULL))

/*******************************************************************************
 * Constructor/Destructor/Initializer APIs
 ******************************************************************************/

#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
/* Set big number to be negative.
 *
 * @param [in, out] bn   Big number to make negative.
 * @param [in]      neg  Whether number is negative.
 * @return  1 on success.
 * @return  -1 when bn or internal representation of bn is NULL.
 */
static int wolfssl_bn_set_neg(WOLFSSL_BIGNUM* bn, int neg)
{
    int ret = 1;

    if (BN_IS_NULL(bn)) {
        WOLFSSL_MSG("bn NULL error");
        ret = WOLFSSL_FATAL_ERROR;
    }
#if !defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_INT_NEGATIVE)
    else if (neg) {
        mp_setneg((mp_int*)bn->internal);
    }
    else {
        ((mp_int*)bn->internal)->sign = MP_ZPOS;
    }
#endif

    return ret;
}
#endif /* OPENSSL_EXTRA && !NO_ASN */

#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
/* Get the internal representation value into an MP integer.
 *
 * When calling wolfssl_bn_get_value, mpi should be cleared by caller if no
 * longer used. ie mp_free(mpi). This is to free data when fastmath is
 * disabled since a copy of mpi is made by this function and placed into bn.
 *
 * @param [in]      bn   Big number to copy value from.
 * @param [in, out] mpi  MP integer to copy into.
 * @return  1 on success.
 * @return  -1 when bn or internal representation of bn is NULL.
 * @return  -1 when mpi is NULL.
 * @return  -1 when copy fails.
 */
int wolfssl_bn_get_value(WOLFSSL_BIGNUM* bn, mp_int* mpi)
{
    int ret = 1;

    WOLFSSL_MSG("Entering wolfssl_bn_get_value_mp");

    /* Validate parameters. */
    if (BN_IS_NULL(bn)) {
        WOLFSSL_MSG("bn NULL error");
        ret = WOLFSSL_FATAL_ERROR;
    }
    else if (mpi == NULL) {
        WOLFSSL_MSG("mpi NULL error");
        ret = WOLFSSL_FATAL_ERROR;
    }

    /* Copy the internal representation into MP integer. */
    if ((ret == 1) && mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) {
        WOLFSSL_MSG("mp_copy error");
        ret = WOLFSSL_FATAL_ERROR;
    }

    return ret;
}

/* Set big number internal representation to value in mpi.
 *
 * Will create a new big number if bn points to NULL.
 *
 * When calling wolfssl_bn_set_value, mpi should be cleared by caller if no
 * longer used. ie mp_free(mpi). This is to free data when fastmath is
 * disabled since a copy of mpi is made by this function and placed into bn.
 *
 * @param [in, out] bn   Pointer to big number to have value.
 * @param [in]      mpi  MP integer with value to set.
 * @return  1 on success.
 * @return  -1 when mpi or bn is NULL.
 * @return  -1 when creating a new big number fails.
 * @return  -1 when copying MP integer fails.
 */
int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi)
{
    int ret = 1;
    WOLFSSL_BIGNUM* a = NULL;

#ifdef WOLFSSL_DEBUG_OPENSSL
    WOLFSSL_ENTER("wolfssl_bn_set_value");
#endif

    /* Validate parameters. */
    if ((bn == NULL) || (mpi == NULL)) {
        WOLFSSL_MSG("mpi or bn NULL error");
        ret = WOLFSSL_FATAL_ERROR;
    }

    /* Allocate a new big number if one not passed in. */
    if ((ret == 1) && (*bn == NULL)) {
        a = wolfSSL_BN_new();
        if (a == NULL) {
            WOLFSSL_MSG("wolfssl_bn_set_value alloc failed");
            ret = WOLFSSL_FATAL_ERROR;
        }
        *bn = a;
    }

    /* Copy MP integer value into internal representation of big number. */
    if ((ret == 1) && (mp_copy(mpi, (mp_int*)((*bn)->internal)) != MP_OKAY)) {
        WOLFSSL_MSG("mp_copy error");
        ret = WOLFSSL_FATAL_ERROR;
    }

    /* Dispose of any allocated big number on error. */
    if ((ret == -1) && (a != NULL)) {
        wolfSSL_BN_free(a);
        *bn = NULL;
    }
    return ret;
}

/* Initialize a big number.
 *
 * Assumes bn is not NULL.
 *
 * @param [in, out] bn  Big number to initialize.
 */
static void wolfssl_bn_init(WOLFSSL_BIGNUM* bn)
{
    /* Clear fields of big number. */
    XMEMSET(bn, 0, sizeof(WOLFSSL_BIGNUM));
    /* Initialization only fails when passed NULL. */
    (void)mp_init(&bn->mpi);
    /* Set an internal representation. */
    bn->internal = &bn->mpi;
}

/* Create a new big number.
 *
 * @return  An allocated and initialized big number on success.
 * @return  NULL on failure.
 */
WOLFSSL_BIGNUM* wolfSSL_BN_new(void)
{
    WOLFSSL_BIGNUM* bn = NULL;

#ifdef WOLFSSL_DEBUG_OPENSSL
    WOLFSSL_ENTER("wolfSSL_BN_new");
#endif

    /* Allocate memory for big number. */
    bn = (WOLFSSL_BIGNUM*)XMALLOC(sizeof(WOLFSSL_BIGNUM), NULL,
        DYNAMIC_TYPE_BIGINT);
    if (bn == NULL) {
        WOLFSSL_MSG("wolfSSL_BN_new malloc WOLFSSL_BIGNUM failure");
    }
    else {
        /* Initialize newly allocated object. */
        wolfssl_bn_init(bn);
    }

    return bn;
}

#if !defined(USE_INTEGER_HEAP_MATH) && !defined(HAVE_WOLF_BIGINT)
/* Initialize a big number.
 *
 * Call this instead of wolfSSL_BN_new() and wolfSSL_BN_free().
 *
 * Do not call this API after wolfSSL_BN_new() or wolfSSL_BN_init().
 *
 * @param [in, out] bn  Big number to initialize.
 */
void wolfSSL_BN_init(WOLFSSL_BIGNUM* bn)
{
#ifdef WOLFSSL_DEBUG_OPENSSL
    WOLFSSL_ENTER("wolfSSL_BN_init");
#endif

    /* Validate parameter. */
    if (bn != NULL) {
        /* Initialize big number object. */
        wolfssl_bn_init(bn);
    }
}
#endif

/* Dispose of big number.
 *
 * bn is unusable after this call.
 *
 * @param [in, out] bn  Big number to free.
 */
void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn)
{
#ifdef WOLFSSL_DEBUG_OPENSSL
    WOLFSSL_ENTER("wolfSSL_BN_free");
#endif

    /* Validate parameter. */
    if (bn != NULL) {
        /* Cleanup any internal representation. */
        if (bn->internal != NULL) {
            /* Free MP integer. */
            mp_free(&bn->mpi);
        }
        /* Dispose of big number object. */
        XFREE(bn, NULL, DYNAMIC_TYPE_BIGINT);
        /* bn = NULL, don't try to access or double free it */
    }
}

/* Zeroize and dispose of big number.
 *
 * bn is unusable after this call.
 *
 * @param [in, out] bn  Big number to clear and free.
 */
void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM* bn)
{
#ifdef WOLFSSL_DEBUG_OPENSSL
    WOLFSSL_ENTER("wolfSSL_BN_clear_free");
#endif

    /* Validate parameter. */
    if (bn != NULL) {
        /* Check for internal representation. */
        if (bn->internal != NULL) {
            /* Zeroize MP integer. */
            mp_forcezero((mp_int*)bn->internal);
        }
        /* Dispose of big number. */
        wolfSSL_BN_free(bn);
    }
}

/* Zeroize big number.
 *
 * @param [in, out] bn  Big number to clear.
 */
void wolfSSL_BN_clear(WOLFSSL_BIGNUM* bn)
{
#ifdef WOLFSSL_DEBUG_OPENSSL
    WOLFSSL_ENTER("wolfSSL_BN_clear");
#endif

    /* Validate parameter. */
    if (!BN_IS_NULL(bn)) {
        /* Zeroize MP integer. */
        mp_forcezero((mp_int*)bn->internal);
    }
}
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */

#ifdef OPENSSL_EXTRA

static WOLFSSL_BIGNUM* bn_one = NULL;

/* Return a big number with the value of one.
 *
 * @return  A big number with the value one on success.
 * @return  NULL on failure.
 */
const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void)
{
    WOLFSSL_BIGNUM* one;

    WOLFSSL_ENTER("wolfSSL_BN_value_one");

    /* Get the global object. */
    one = bn_one;
    /* Create a new big number if global not set. */
    if ((one == NULL) && ((one = wolfSSL_BN_new()) != NULL)) {
        /* Set internal representation to have a value of 1. */
        if (mp_set_int((mp_int*)one->internal, 1) != MP_OKAY) {
            /* Dispose of big number on error. */
            wolfSSL_BN_free(one);
            one = NULL;
        }
        else
    #ifndef SINGLE_THREADED
        /* Ensure global has not been set by another thread. */
        if (bn_one == NULL)
    #endif
        {
            /* Set this big number as the global. */
            bn_one = one;
        }
    #ifndef SINGLE_THREADED
        /* Check if another thread has set the global. */
        if (bn_one != one) {
            /* Dispose of this big number and return the global.  */
            wolfSSL_BN_free(one);
            one = bn_one;
        }
    #endif
    }

    return one;
}

static void wolfSSL_BN_free_one(void) {
    wolfSSL_BN_free(bn_one);
    bn_one = NULL;
}

/* Create a new big number with the same value as the one passed in.
 *
 * @param [in] bn  Big number to duplicate.
 * @return  Big number on success.
 * @return  NULL when bn or internal representation of bn is NULL.
 * @return  NULL when creating a new big number fails.
 * @return  NULL when copying the internal representation fails.
 */
WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM* bn)
{
    int err = 0;
    WOLFSSL_BIGNUM* ret = NULL;

    WOLFSSL_ENTER("wolfSSL_BN_dup");

    /* Validate parameter. */
    if (BN_IS_NULL(bn)) {
        WOLFSSL_MSG("bn NULL error");
        err = 1;
    }

    /* Create a new big number to return. */
    if ((!err) && ((ret = wolfSSL_BN_new()) == NULL)) {
        WOLFSSL_MSG("bn new error");
        err = 1;
    }

    if (!err) {
        err = (wolfSSL_BN_copy(ret, bn) == NULL);
    }

    if (err) {
         /* Dispose of dynamically allocated data. */
         wolfSSL_BN_free(ret);
         ret = NULL;
    }
    return ret;
}

/* Copy value from bn into another r.
 *
 * @param [in, out] r   Big number to copy into.
 * @param [in]      bn  Big number to copy from.
 * @return  Big number copied into on success.
 * @return  NULL when r or bn is NULL.
 * @return  NULL when copying fails.
 */
WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn)
{
    WOLFSSL_ENTER("wolfSSL_BN_copy");

    /* Validate parameters. */
    if (BN_IS_NULL(r) || BN_IS_NULL(bn)) {
        WOLFSSL_MSG("r or bn NULL error");
        r = NULL;
    }

    /* Copy the value in. */
    if ((r != NULL) && mp_copy((mp_int*)bn->internal, (mp_int*)r->internal) !=
            MP_OKAY) {
        WOLFSSL_MSG("mp_copy error");
        r = NULL;
    }

    if (r != NULL) {
        /* Copy other fields in a big number. */
        r->neg = bn->neg;
    }

    return r;
}


/*******************************************************************************
 * Encode/Decode APIs.
 ******************************************************************************/

/* Encode the number is a big-endian byte array.
 *
 * Assumes byte array is large enough to hold encoding when not NULL.
 * Use NULL for byte array to get length.
 *
 * Return compliant with OpenSSL.
 *
 * @param [in]  bn  Big number to reduced
 * @param [out] r   Byte array to encode into. May be NULL.
 * @return  Length of big number in bytes on success.
 * @return  -1 when bn is NULL or encoding fails.
 */
int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r)
{
    int ret;

    WOLFSSL_ENTER("wolfSSL_BN_bn2bin");

    /* Validate parameters. */
    if (BN_IS_NULL(bn)) {
        WOLFSSL_MSG("NULL bn error");
        ret = WOLFSSL_FATAL_ERROR;
    }
    else {
        /* Get the length of the encoding. */
        ret = mp_unsigned_bin_size((mp_int*)bn->internal);
        /* Encode if byte array supplied. */
        if ((r != NULL) && (mp_to_unsigned_bin((mp_int*)bn->internal, r) !=
                MP_OKAY)) {
            WOLFSSL_MSG("mp_to_unsigned_bin error");
            ret = WOLFSSL_FATAL_ERROR;
        }
    }

    return ret;
}


/* Return a big number with value of the decoding of the big-endian byte array.
 *
 * Returns ret when not NULL.
 * Allocates a big number when ret is NULL.
 * Assumes str is not NULL.
 *
 * @param [in]      data  Byte array to decode.
 * @param [in]      len   Number of bytes in byte array.
 * @param [in, out] ret   Big number to reduced. May be NULL.
 * @return  A big number on success.
 * @return  NULL on failure.
 */
WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
    WOLFSSL_BIGNUM* ret)
{
    WOLFSSL_BIGNUM* bn = NULL;

    WOLFSSL_ENTER("wolfSSL_BN_bin2bn");

    /* Validate parameters. */
    if (len < 0) {
        ret = NULL;
    }
    /* Allocate a new big number when ret is NULL. */
    else if (ret == NULL) {
        ret = wolfSSL_BN_new();
        bn = ret;
    }

    /* Check ret is usable. */
    if (ret != NULL) {
        /* Check internal representation is usable. */
        if (ret->internal == NULL) {
            ret = NULL;
        }
        else if (data != NULL) {
            /* Decode into big number. */
            if (mp_read_unsigned_bin((mp_int*)ret->internal, data, (word32)len)
                    != 0) {
                WOLFSSL_MSG("mp_read_unsigned_bin failure");
                /* Don't return anything on failure. bn will be freed if set. */
                ret = NULL;
            }
            else {
                /* Don't free bn as we are returning it. */
                bn = NULL;
            }
        }
        else if (data == NULL) {
            wolfSSL_BN_zero(ret);
            /* Don't free bn as we are returning it. */
            bn = NULL;
        }
    }

    /* Dispose of allocated BN not being returned. */
    wolfSSL_BN_free(bn);

    return ret;
}

/* Encode the big number value into a string, of the radix, that is allocated.
 *
 * @param [in] bn     Big number to encode.
 * @param [in] radix  Radix to encode to.
 * @return  String with encoding on success.
 * @return  NULL when bn or internal representation of bn is NULL.
 * @return  NULL on failure.
 */
static char* wolfssl_bn_bn2radix(const WOLFSSL_BIGNUM* bn, int radix)
{
    int err = 0;
    int len = 0;
    char* str = NULL;


    /* Validate parameter. */
    if (BN_IS_NULL(bn)) {
        WOLFSSL_MSG("bn NULL error");
        err = 1;
    }

    /* Determine length of encoding. */
    if ((!err) && (mp_radix_size((mp_int*)bn->internal, radix, &len) !=
            MP_OKAY)) {
        WOLFSSL_MSG("mp_radix_size failure");
        err = 1;
    }

    if (!err) {
        /* Allocate string. */
        str = (char*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_OPENSSL);
        if (str == NULL) {
            WOLFSSL_MSG("BN_bn2hex malloc string failure");
            err = 1;
        }
    }

    /* Encode into string using wolfCrypt. */
    if ((!err) && (mp_toradix((mp_int*)bn->internal, str, radix) != MP_OKAY)) {
        err = 1;
    }

    if (err) {
        /* Dispose of dynamically allocated data. */
        XFREE(str, NULL, DYNAMIC_TYPE_OPENSSL);
        /* Don't return freed string. */
        str = NULL;
    }
    return str;
}

/* Encode the big number value into hex string that is allocated.
 *
 * @param [in] bn  Big number to encode.
 * @return  String with encoding on success.
 * @return  NULL when bn or internal representation of bn is NULL.
 * @return  NULL on failure.
 */
char* wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
{
    WOLFSSL_ENTER("wolfSSL_BN_bn2hex");
    return wolfssl_bn_bn2radix(bn, MP_RADIX_HEX);
}

/* Decode string of a radix into a big number.
 *
 * If bn is a pointer to NULL, then a new big number is allocated and assigned.
 *
 * Note on use: this function expects str to be an even length. It is
 * converting pairs of bytes into 8-bit values. As an example, the RSA
 * public exponent is commonly 0x010001. To get it to convert, you need
 * to pass in the string "010001", it will fail if you use "10001". This
 * is an affect of how Base16_Decode() works.
 *
 * @param [in, out] bn     Pointer to a big number. May point to NULL.
 * @param [in]      str    Hex string to decode.
 * @param [in]      radix  Radix to decode from.
 * @return  1 on success.
 * @return  0 when bn or str is NULL or str is zero length.
 * @return  0 when creating a new big number fails.
 * @return  0 when decoding fails.
 */
static int wolfssl_bn_radix2bn(WOLFSSL_BIGNUM** bn, const char* str, int radix)
{
    int ret = 1;
    WOLFSSL_BIGNUM* a = NULL;

    /* Validate parameters. */
    if ((bn == NULL) || (str == NULL) || (str[0] == '\0')) {
        WOLFSSL_MSG("Bad function argument");
        ret = 0;
    }
    /* Check if we have a big number to decode into. */
    if ((ret == 1) && (*bn == NULL)) {
        /* Allocate a new big number. */
        a = wolfSSL_BN_new();
        if (a == NULL) {
            WOLFSSL_MSG("BN new failed");
            ret = 0;
        }
        /* Return allocated big number. */
        *bn = a;
    }
    /* Decode hex string into internal representation. */
    if ((ret == 1) && (mp_read_radix((mp_int*)(*bn)->internal, str, radix) !=
            MP_OKAY)) {
        WOLFSSL_MSG("Bad read_radix error");
        ret = 0;
    }

    if ((ret == 0) && (a != NULL)) {
        /* Dispose of big number. */
        wolfSSL_BN_free(a);
        /* Don't return freed big number. */
        *bn = NULL;
    }
    return ret;
}

/* Decode hex string into a big number.
 *
 * If bn is a pointer to NULL, then a new big number is allocated and assigned.
 *
 * Note on use: this function expects str to be an even length. It is
 * converting pairs of bytes into 8-bit values. As an example, the RSA
 * public exponent is commonly 0x010001. To get it to convert, you need
 * to pass in the string "010001", it will fail if you use "10001". This
 * is an affect of how Base16_Decode() works.
 *
 * @param [in, out] bn   Pointer to a big number. May point to NULL.
 * @param [in]      str  Hex string to decode.
 * @return  1 on success.
 * @return  0 when bn or str is NULL or str is zero length.
 * @return  0 when creating a new big number fails.
 * @return  0 when decoding fails.
 */
int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM** bn, const char* str)
{
    WOLFSSL_ENTER("wolfSSL_BN_hex2bn");
    return wolfssl_bn_radix2bn(bn, str, MP_RADIX_HEX);
}

#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
/* Encode big number into decimal string.
 *
 * @param [in] bn  Big number to encode.
 * @return  String with encoding on success.
 * @return  NULL when bn or internal representation of bn is NULL.
 * @return  NULL on failure.
 */
char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM *bn)
{
    WOLFSSL_ENTER("wolfSSL_BN_bn2hex");
    return wolfssl_bn_bn2radix(bn, MP_RADIX_DEC);
}
#else
/* Encode big number into decimal string.
 *
 * @param [in] bn  Big number to encode.
 * @return  NULL as implementation not available.
 */
char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM* bn)
{
    (void)bn;
    WOLFSSL_ENTER("wolfSSL_BN_bn2dec");
    return NULL;
}
#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */


#ifndef NO_RSA
/* Decode hex string into a big number.
 *
 * If bn is a pointer to NULL, then a new big number is allocated and assigned.
 *
 * Note on use: this function expects str to be an even length. It is
 * converting pairs of bytes into 8-bit values. As an example, the RSA
 * public exponent is commonly 0x010001. To get it to convert, you need
 * to pass in the string "010001", it will fail if you use "10001". This
 * is an affect of how Base16_Decode() works.
 *
 * @param [in, out] bn   Pointer to a big number. May point to NULL.
 * @param [in]      str  Hex string to decode.
 * @return  1 on success.
 * @return  0 when bn or str is NULL or str is zero length.
 * @return  0 when creating a new big number fails.
 * @return  0 when decoding fails.
 */
int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM** bn, const char* str)
{
    WOLFSSL_ENTER("wolfSSL_BN_bn2dec");
    return wolfssl_bn_radix2bn(bn, str, MP_RADIX_DEC);
}
#else
/* Decode hex string into a big number.
 *
 * @param [in, out] bn   Pointer to a big number. May point to NULL.
 * @param [in]      str  Hex string to decode.
 * @return  0 as implementation not available..
 */
int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM** bn, const char* str)
{
    (void)bn;
    (void)str;
    WOLFSSL_ENTER("wolfSSL_BN_bn2dec");
    return 0;
}
#endif

/*******************************************************************************
 * Get/Set APIs
 ******************************************************************************/

/* Calculate the number of bytes need to represent big number.
 *
 * Return compliant with OpenSSL.
 *
 * @param [in] bn  Big number to use.
 * @return  Size of BIGNUM in bytes on success.
 * @return  0 when bn or internal representation of bn is NULL.
 */
int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM* bn)
{
    int ret;

    WOLFSSL_ENTER("wolfSSL_BN_num_bytes");

    /* Validate parameter. */
    if (BN_IS_NULL(bn)) {
        ret = 0;
    }
    else {
        /* Get size from wolfCrypt. */
        ret = mp_unsigned_bin_size((mp_int*)bn->internal);
    }

    return ret;
}

/* Calculate the number of bits need to represent big number.
 *
 * Return compliant with OpenSSL.
 *
 * @param [in] bn  Big number to use.
 * @return  Size of BIGNUM in bits on success.
 * @return  0 when bn or internal representation of bn is NULL.
 */
int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM* bn)
{
    int ret;

    WOLFSSL_ENTER("wolfSSL_BN_num_bits");

    /* Validate parameter. */
    if (BN_IS_NULL(bn)) {
        ret = 0;
    }
    else {
        /* Get size from wolfCrypt. */
        ret = mp_count_bits((mp_int*)bn->internal);
    }

    return ret;
}

/* Indicates whether a big number is negative.
 *
 * @param [in] bn  Big number to use.
 * @return  1 when number is negative.
 * @return  0 when number is positive.
 * @return  0 when bn is NULL.
 */
int wolfSSL_BN_is_negative(const WOLFSSL_BIGNUM* bn)
{
    int ret;

    /* Validate parameter. */
    if (BN_IS_NULL(bn)) {
        ret = 0;
    }
    else {
        /* Check sign with wolfCrypt. */
        ret = mp_isneg((mp_int*)bn->internal);
    }

    return ret;
}

/* Indicates whether a big number is odd.
 *
 * Return compliant with OpenSSL.
 *
 * @param [in] bn  Big number to use.
 * @return  1 when number is odd.
 * @return  0 when number is even.
 * @return  0 when bn or internal representation of bn is NULL.
 */
int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM* bn)
{
    int ret;

    WOLFSSL_ENTER("wolfSSL_BN_is_odd");

    /* Validate parameter. */
    if (BN_IS_NULL(bn)) {
        ret = 0;
    }
    else {
        /* wolfCrypt checks whether value is odd. */
        ret = (mp_isodd((mp_int*)bn->internal) == MP_YES);
    }

    return ret;
}

#ifndef NO_WOLFSSL_STUB
/* Mask the lowest n bits.
 *
 * TODO: mp_mod_2d()
 *
 * Return compliant with OpenSSL.
 *
 * @param [in, out] bn  Big number to operation on.
 * @param [in]      n   Number of bits.
 * @return  0 on failure.
 */
int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n)
{
    (void)bn;
    (void)n;
    WOLFSSL_ENTER("wolfSSL_BN_mask_bits");
    WOLFSSL_STUB("BN_mask_bits");
    return 0;
}
#endif

/* Set a bit of the value in a big number.
 *
 * Return code compliant with OpenSSL.
 *
 * @param [in, out] bn  Big number to modify.
 * @return  1 on success.
 * @return  0 when bn or internal representation of bn is NULL.
 * @return  0 when failed to set bit.
 */
int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n)
{
    int ret = 1;

    if (BN_IS_NULL(bn)) {
        WOLFSSL_MSG("bn NULL error");
        ret = 0;
    }
    else if (mp_set_bit((mp_int*)bn->internal, n) != MP_OKAY) {
        WOLFSSL_MSG("mp_set_bit error");
        ret = 0;
    }

    return ret;
}

/* Clear a bit of the value in a big number.
 *
 * Return code compliant with OpenSSL.
 *
 * @param [in] bn  Big number to check.
 * @param [in] n   Inidex of bit to check.
 * @return  1 on success.
 * @return  0 when bn or internal representation of bn is NULL.
 * @return  0 when failed to clear bit.
 */
int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n)
{
    int ret = 1;
    WC_DECLARE_VAR(tmp, mp_int, 1, 0);

    /* Validate parameters. */
    if (BN_IS_NULL(bn) || (n < 0)) {
        WOLFSSL_MSG("bn NULL error");
        ret = 0;
    }
    /* Check if bit is set to clear. */
    if ((ret == 1) && (mp_is_bit_set((mp_int*)bn->internal, n))) {
        /* Allocate a new MP integer to hold bit to clear. */
        WC_ALLOC_VAR_EX(tmp, mp_int, 1, NULL, DYNAMIC_TYPE_BIGINT, ret=0);
        if (ret == 1) {
            /* Reset new MP integer. */
            XMEMSET(tmp, 0, sizeof(mp_int));
            if (mp_init(tmp) != MP_OKAY) {
                ret = 0;
            }
        }
        /* Set the bit to clear into temporary MP integer. */
        if ((ret == 1) && (mp_set_bit(tmp, n) != MP_OKAY)) {
            ret = 0;
        }
        /* Clear bit by sutraction. */
        if ((ret == 1) && (mp_sub((mp_int*)bn->internal, tmp,
                (mp_int*)bn->internal) != MP_OKAY)) {
            ret = 0;
        }

        /* Free any dynamic memory in MP integer. */
        mp_clear(tmp);
        WC_FREE_VAR_EX(tmp, NULL, DYNAMIC_TYPE_BIGINT);
    }

    return ret;
}

/* Returns whether the bit is set in the value of the big number.
 *
 * When bn is NULL, returns 0.
 *
 * Return code compliant with OpenSSL.
 *
 * @param [in] bn  Big number to check.
 * @param [in] n   Inidex of bit to check.
 * @return  1 if bit set.
 * @return  0 otherwise.
 */
int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM* bn, int n)
{
    int ret;

    /* Check for big number value. */
    if (BN_IS_NULL(bn) || (n < 0)) {
        WOLFSSL_MSG("bn NULL error");
        ret = 0;
    }
    else {
        /* Set bit with wolfCrypt. */
        ret = mp_is_bit_set((mp_int*)bn->internal, (mp_digit)n);
    }

    return ret;
}

/* Set the big number to the value 0.
 *
 * @param [in, out] bn  Big number to use.
 */
void wolfSSL_BN_zero(WOLFSSL_BIGNUM* bn)
{
    /* Validate parameter. */
    if (!BN_IS_NULL(bn)) {
        /* Set wolfCrypt representation to 0. */
        mp_zero((mp_int*)bn->internal);
    }
}

/* Set the big number to the value 0.
 *
 * @param [in, out] bn  Big number to use.
 * @return  1 on success.
 * @return  0 when bn or internal representation of bn is NULL.
 */
int wolfSSL_BN_one(WOLFSSL_BIGNUM* bn)
{
    int ret;

    /* Validate parameter. */
    if (BN_IS_NULL(bn)) {
        ret = 0;
    }
    else {
        /* Set to value one. */
        ret = wolfSSL_BN_set_word(bn, 1);
    }

    return ret;
}

/* Get the value of the MP integer as a word.
 *
 * Assumes the MP integer value will fit in a word.
 *
 * @param [in] mp  MP integer.
 * @return  Value of MP integer as an unsigned long.
 */
static WOLFSSL_BN_ULONG wolfssl_bn_get_word_1(mp_int *mp) {
#if DIGIT_BIT >= (SIZEOF_LONG * CHAR_BIT)
    return (WOLFSSL_BN_ULONG)mp->dp[0];
#else
    WOLFSSL_BN_ULONG ret = 0UL;
    unsigned int i;

    for (i = 0; i < (unsigned int)mp->used; ++i) {
        ret |= ((WOLFSSL_BN_ULONG)mp->dp[i]) << (DIGIT_BIT * i);
    }

    return ret;
#endif
}

/* Return the value of big number as an unsigned long if possible.
 *
 * @param [in] bn  Big number to get value from.
 * @return  Value or 0xFFFFFFFFL if bigger than unsigned long.
 */
WOLFSSL_BN_ULONG wolfSSL_BN_get_word(const WOLFSSL_BIGNUM* bn)
{
    WOLFSSL_BN_ULONG ret;

    WOLFSSL_ENTER("wolfSSL_BN_get_word");

    /* Validate parameter. */
    if (BN_IS_NULL(bn)) {
        WOLFSSL_MSG("Invalid argument");
        ret = 0;
    }
    /* Check whether big number is to fit in an unsigned long. */
    else if (wolfSSL_BN_num_bytes(bn) > (int)sizeof(unsigned long)) {
        WOLFSSL_MSG("bignum is larger than unsigned long");
        ret = WOLFSSL_BN_MAX_VAL;
    }
    else {
        /* Get the word from the internal representation. */
        ret = wolfssl_bn_get_word_1((mp_int*)bn->internal);
    }

    return ret;
}

/* Set the big number to the value in the word.
 *
 * Return code compliant with OpenSSL.
 *
 * @param [in, out] bn  Big number to set.
 * @param [in       w   Word to set.
 * @return  1 on success.
 * @return  0 when bn is NULL or setting value failed.
 */
int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, unsigned long w)
{
    int ret = 1;

    WOLFSSL_ENTER("wolfSSL_BN_set_word");

    /* Validate parameters. */
    if (BN_IS_NULL(bn)) {
        WOLFSSL_MSG("bn NULL error");
        ret = 0;
    }

    /* Set the word into the internal representation. */
    if ((ret == 1) && (mp_set_int((mp_int*)bn->internal, w) != MP_OKAY)) {
        WOLFSSL_MSG("mp_init_set_int error");
        ret = 0;
    }

    return ret;
}

/*******************************************************************************
 * Comparison APIs
 ******************************************************************************/

/* Compares two big numbers. a <=> b
 *
 * NULL equals NULL
 * NULL less than not NULL
 * not NULL greater than NULL.
 *
 * Return compliant with OpenSSL.
 *
 * @param [in] bn  First big number to compare.
 * @param [in] bn  Second big number to compare.
 * @return  -1 when a is less than b (a < b).
 * @return  0 when a is equal to b (a == b).
 * @return  1 when a is greater than b (a > b).
 * @return  0 when bn or internal representation of bn is NULL.
 */
int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b)
{
    int ret;
    int bIsNull;

    WOLFSSL_ENTER("wolfSSL_BN_cmp");

    /* Must know whether b is NULL. */
    bIsNull = BN_IS_NULL(b);
    /* Check whether a is NULL. */
    if (BN_IS_NULL(a)) {
        if (bIsNull) {
            /* NULL equals NULL. */
            ret = 0;
        }
        else {
            ret = -1; /* NULL less than not NULL. */
        }
    }
    else if (bIsNull) {
        /* not NULL greater than NULL. */
        ret = 1;
    }
    else {
        PRAGMA_GCC_DIAG_PUSH
        PRAGMA_GCC("GCC diagnostic ignored \"-Wduplicated-branches\"")
        /* Compare big numbers with wolfCrypt. */
        ret = mp_cmp((mp_int*)a->internal, (mp_int*)b->internal);
        /* Convert wolfCrypt return value. */
        if (ret == MP_EQ) {
            ret = 0;
        }
        else if (ret == MP_GT) {
            ret = 1;
        }
        else if (ret == MP_LT) {
            ret = -1;
        }
        else {
            /* ignored warning here because the same return value
               was intentional */
            ret = WOLFSSL_FATAL_ERROR; /* also -1 */
        }
        PRAGMA_GCC_DIAG_POP
    }

    return ret;
}

/* Same as above, but compare absolute value. */
int wolfSSL_BN_ucmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b)
{
    int ret = 0;
    int bIsNull;

    WOLFSSL_ENTER("wolfSSL_BN_ucmp");

    /* Must know whether b is NULL. */
    bIsNull = BN_IS_NULL(b);
    /* Check whether a is NULL. */
    if (BN_IS_NULL(a)) {
        if (bIsNull) {
            /* NULL equals NULL. */
            ret = 0;
        }
        else {
            ret = -1; /* NULL less than not NULL. */
        }
    }
    else if (bIsNull) {
        /* not NULL greater than NULL. */
        ret = 1;
    }
    else {
        /* Neither are NULL; copy to new instances and switch to positive if
         * required, compare, and then free.  Must copy because there is
         * possibility of switch to positive but they are declared const.
         * wolfssl_bn_set_neg() only returns -1 if the bn is NULL, but we
         * already check that so we can ignore the return code. Note for
         * wolfSSL_BN_is_negative if n=1 then set to positive. */
        WOLFSSL_BIGNUM* abs_a = wolfSSL_BN_dup(a);
        WOLFSSL_BIGNUM* abs_b = wolfSSL_BN_dup(b);

        if (abs_a == NULL || abs_b == NULL) {
            WOLFSSL_MSG("wolfSSL_BN_dup failed");
            wolfSSL_BN_free(abs_a);
            wolfSSL_BN_free(abs_b);
            return WOLFSSL_FATAL_ERROR;
        }

        if (wolfSSL_BN_is_negative(abs_a)) {
            wolfssl_bn_set_neg(abs_a, 1);
        }

        if (wolfSSL_BN_is_negative(abs_b)) {
            wolfssl_bn_set_neg(abs_b, 1);
        }

        ret = wolfSSL_BN_cmp(abs_a, abs_b);
        wolfSSL_BN_free(abs_a);
        wolfSSL_BN_free(abs_b);
    }
    return ret;
}

/* Indicates whether a big number is the value 0.
 *
 * Return compliant with OpenSSL.
 *
 * @param [in] bn  Big number to use.
 * @return  1 when number is zero.
 * @return  0 when number is not zero.
 * @return  0 when bn or internal representation of bn is NULL.
 */
int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM* bn)
{
    int ret;

    WOLFSSL_ENTER("wolfSSL_BN_is_zero");

    /* Validate parameter. */
    if (BN_IS_NULL(bn)) {
        ret = 0;
    }
    else {
        /* wolfCrypt checks whether value is 0. */
        ret = (mp_iszero((mp_int*)bn->internal) == MP_YES);
    }

    return ret;
}

/* Indicates whether a big number is the value 1.
 *
 * Return compliant with OpenSSL.
 *
 * @param [in] bn  Big number to use.
 * @return  1 when number is one.
 * @return  0 when number is not one.
 * @return  0 when bn or internal representation of bn is NULL.
 */
int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM* bn)
{
    int ret;

    WOLFSSL_ENTER("wolfSSL_BN_is_one");

    /* Validate parameter. */
    if (BN_IS_NULL(bn)) {
        ret = 0;
    }
    else {
        /* wolfCrypt checks whether value is 1. */
        ret = (mp_cmp_d((mp_int*)bn->internal, 1) == MP_EQ);
    }

    return ret;
}

/* Indicates whether a big number is the value passed in.
 *
 * Return compliant with OpenSSL.
 *
 * @param [in] bn  Big number to use.
 * @return  1 when big number is the value.
 * @return  0 when big number is not the value.
 * @return  0 when bn or internal representation of bn is NULL.
 */
int wolfSSL_BN_is_word(const WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
{
    int ret;

    WOLFSSL_ENTER("wolfSSL_BN_is_word");

    /* Validate parameter. */
    if (BN_IS_NULL(bn)) {
        WOLFSSL_MSG("bn NULL error");
        ret = 0;
    }
    else
#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
    /* When value is greater than what can be stored in one digit - special
     * case. */
    if (w > (WOLFSSL_BN_ULONG)MP_MASK) {
        /* TODO: small stack */
        mp_int w_mp;

        /* Create a MP to hold the number. */
        if (mp_init(&w_mp) != MP_OKAY) {
            ret = 0;
        }
        /* Set the value - held in more than one digit. */
        else if (mp_set_int(&w_mp, w) != MP_OKAY) {
            ret = 0;
        }
        else {
            /* Compare MP representations. */
            ret = (mp_cmp((mp_int *)bn->internal, &w_mp) == MP_EQ);
            mp_free(&w_mp);
        }
    }
    else
#endif
    {
        /* wolfCrypt checks whether it is the value. */
        ret = (mp_isword((mp_int*)bn->internal, (mp_digit)w) == MP_YES);
    }

    return ret;
}


/*******************************************************************************
 * Word operation APIs.
 ******************************************************************************/

enum BN_WORD_OP {
    BN_WORD_ADD = 0,
    BN_WORD_SUB = 1,
    BN_WORD_MUL = 2,
    BN_WORD_DIV = 3,
    BN_WORD_MOD = 4
};

/* Helper function for word operations.
 *
 * @param [in, out] bn  Big number to operate on.
 * @param [in]      w   Word to operate with.
 * @param [in]      op  Operation to perform. See BN_WORD_OP for valid values.
 * @param [out]     mod_res Result of the modulo operation.
 * @return  1 on success.
 * @return  0 on failure.
 */
static int bn_word_helper(const WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w,
        enum BN_WORD_OP op, WOLFSSL_BN_ULONG* mod_res)
{
    int ret = 1;

    WOLFSSL_ENTER("bn_word_helper");

    /* Validate parameters. */
    if (ret == 1 && BN_IS_NULL(bn)) {
        WOLFSSL_MSG("bn NULL error");
        ret = 0;
    }

    if (ret == 1) {
        int rc = MP_OKAY;
#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
        /* When input 'w' is greater than what can be stored in one digit */
        if (w > (WOLFSSL_BN_ULONG)MP_MASK) {
            DECL_MP_INT_SIZE_DYN(w_mp, sizeof(WOLFSSL_BN_ULONG) * CHAR_BIT,
                                       sizeof(WOLFSSL_BN_ULONG) * CHAR_BIT);
            NEW_MP_INT_SIZE(w_mp, sizeof(WOLFSSL_BN_ULONG) * CHAR_BIT, NULL,
                    DYNAMIC_TYPE_TMP_BUFFER);
#ifdef MP_INT_SIZE_CHECK_NULL
            if (w_mp == NULL) {
                WOLFSSL_MSG("NEW_MP_INT_SIZE error");
                ret = 0;
            }
#endif
            if (ret == 1 && mp_set_int(w_mp, w) != MP_OKAY) {
                WOLFSSL_MSG("mp_set_int error");
                ret = 0;
            }
            if (ret == 1) {
                switch (op) {
                    case BN_WORD_ADD:
                        rc = mp_add((mp_int*)bn->internal, w_mp,
                                (mp_int*)bn->internal);
                        break;
                    case BN_WORD_SUB:
                        rc = mp_sub((mp_int*)bn->internal, w_mp,
                                (mp_int*)bn->internal);
                        break;
                    case BN_WORD_MUL:
                        rc = mp_mul((mp_int*)bn->internal, w_mp,
                                (mp_int*)bn->internal);
                        break;
                    case BN_WORD_DIV:
                        rc = mp_div((mp_int*)bn->internal, w_mp,
                                (mp_int*)bn->internal, NULL);
                        break;
                    case BN_WORD_MOD:
                        rc = mp_mod((mp_int*) bn->internal, w_mp,
                                w_mp);
                        if (rc == MP_OKAY && mod_res != NULL)
                            *mod_res = wolfssl_bn_get_word_1(w_mp);
                        break;
                    default:
                        rc = WOLFSSL_NOT_IMPLEMENTED;
                        break;
                }
            }
            FREE_MP_INT_SIZE(w_mp, NULL, DYNAMIC_TYPE_RSA);
        }
        else
#endif
        {
            switch (op) {
                case BN_WORD_ADD:
                    rc = mp_add_d((mp_int*)bn->internal, (mp_digit)w,
                            (mp_int*)bn->internal);
                    break;
                case BN_WORD_SUB:
                    rc = mp_sub_d((mp_int*)bn->internal, (mp_digit)w,
                            (mp_int*)bn->internal);
                    break;
                case BN_WORD_MUL:
                    rc = mp_mul_d((mp_int*)bn->internal, (mp_digit)w,
                            (mp_int*)bn->internal);
                    break;
                case BN_WORD_DIV:
#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
/* copied from sp_int.h */
#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
    defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \
    defined(WC_MP_TO_RADIX)
                    rc = mp_div_d((mp_int*)bn->internal, (mp_digit)w,
                            (mp_int*)bn->internal, NULL);
#else
                    rc = WOLFSSL_NOT_IMPLEMENTED;
#endif
#else
                    rc = WOLFSSL_NOT_IMPLEMENTED;
#endif
                    break;
                case BN_WORD_MOD:
                    {
                        mp_digit _mod_res;
                        rc = mp_mod_d((mp_int*) bn->internal, (mp_digit) w,
                                &_mod_res);
                        if (rc == MP_OKAY && mod_res != NULL)
                            *mod_res = (WOLFSSL_BN_ULONG)_mod_res;
                    }
                    break;
                default:
                    rc = WOLFSSL_NOT_IMPLEMENTED;
                    break;
            }
        }
        if (ret == 1 && rc != MP_OKAY) {
            WOLFSSL_MSG("mp word operation error or not implemented");
            ret = 0;
        }
    }

    WOLFSSL_LEAVE("bn_word_helper", ret);

    return ret;
}

/* Add a word to a big number.
 *
 * Return code compliant with OpenSSL.
 *
 * @param [in, out] bn   Big number to operate on.
 * @param [in]      w    Word to operate with.
 * @return  1 on success.
 * @return  0 in failure.
 */
int wolfSSL_BN_add_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
{
    int ret;

    WOLFSSL_ENTER("wolfSSL_BN_add_word");

    ret = bn_word_helper(bn, w, BN_WORD_ADD, NULL);

    WOLFSSL_LEAVE("wolfSSL_BN_add_word", ret);

    return ret;
}

/* Subtract a word from a big number.
 *
 * Return code compliant with OpenSSL.
 *
 * @param [in, out] bn   Big number to operate on.
 * @param [in]      w    Word to operate with.
 * @return  1 on success.
 * @return  0 in failure.
 */
int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
{
    int ret;

    WOLFSSL_ENTER("wolfSSL_BN_sub_word");

    ret = bn_word_helper(bn, w, BN_WORD_SUB, NULL);

    WOLFSSL_LEAVE("wolfSSL_BN_sub_word", ret);

    return ret;
}

int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
{
    int ret;

    WOLFSSL_ENTER("wolfSSL_BN_mul_word");

    ret = bn_word_helper(bn, w, BN_WORD_MUL, NULL);

    WOLFSSL_LEAVE("wolfSSL_BN_mul_word", ret);

    return ret;
}


int wolfSSL_BN_div_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
{
    int ret;

    WOLFSSL_ENTER("wolfSSL_BN_div_word");

    ret = bn_word_helper(bn, w, BN_WORD_DIV, NULL);

    WOLFSSL_LEAVE("wolfSSL_BN_div_word", ret);

    return ret;
}

#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \
    !defined(NO_DSA))
/* Calculate bn modulo word w. bn % w
 *
 * Return code compliant with OpenSSL.
 *
 * @return  Word result on success
 * @return  -1 on error
 */
WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn,
    WOLFSSL_BN_ULONG w)
{
    int ret;
    WOLFSSL_BN_ULONG res = 0;

    WOLFSSL_ENTER("wolfSSL_BN_mod_word");

    ret = bn_word_helper(bn, w, BN_WORD_MOD, &res);

    WOLFSSL_LEAVE("wolfSSL_BN_mod_word", ret);

    return ret == 1 ? res : (WOLFSSL_BN_ULONG)-1;
}
#endif /* WOLFSSL_KEY_GEN && (!NO_RSA || !NO_DH || !NO_DSA) */

/*******************************************************************************
 * Shift APIs
 ******************************************************************************/

#ifndef WOLFSSL_SP_MATH
/* Shift the value in bn left by n bits into r. r = bn << n
 *
 * Return code compliant with OpenSSL.
 *
 * @return  1 on success.
 * @return  0 when r or bn or internal representation is NULL.
 * @return  0 on failure.
 */
int wolfSSL_BN_lshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
{
    int ret = 1;

    WOLFSSL_ENTER("wolfSSL_BN_lshift");

    /* Validate parameters. */
    if (BN_IS_NULL(r) || BN_IS_NULL(bn)) {
        WOLFSSL_MSG("bn NULL error");
        ret = 0;
    }
    else if (n < 0) {
        WOLFSSL_MSG("n value error");
        ret = 0;
    }

    /* Use wolfCrypt perform operation. */
    if ((ret == 1) && (mp_mul_2d((mp_int*)bn->internal, n,
            (mp_int*)r->internal) != MP_OKAY)) {
        WOLFSSL_MSG("mp_mul_2d error");
        ret = 0;
    }

    return ret;
}

/* Shift the value in bn right by n bits into r. r = bn >> n
 *
 * Return code compliant with OpenSSL.
 *
 * @return  1 on success.
 * @return  0 when r or bn or internal representation is NULL.
 * @return  0 on failure.
 */
int wolfSSL_BN_rshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
{
    int ret = 1;

    WOLFSSL_ENTER("wolfSSL_BN_rshift");

    /* Validate parameters. */
    if (BN_IS_NULL(r) || BN_IS_NULL(bn)) {
        WOLFSSL_MSG("bn NULL error");
        ret = 0;
    }
    else if (n < 0) {
        WOLFSSL_MSG("n value error");
        ret = 0;
    }

    /* Use wolfCrypt perform operation. */
    if ((ret == 1) && (mp_div_2d((mp_int*)bn->internal, n, (mp_int*)r->internal,
            NULL) != MP_OKAY)) {
        WOLFSSL_MSG("mp_mul_2d error");
        ret = 0;
    }

    return ret;
}
#endif

/*******************************************************************************
 * Simple Math APIs
 ******************************************************************************/

/* Add a to b into r. r = a + b
 *
 * Return code compliant with OpenSSL.
 *
 * @param [out] r  Big number to put result into.
 * @param [in]  a  Big number to be added to.
 * @param [in]  b  Big number to add with.
 *
 * @return  1 on success.
 * @return  0 when r, a or b or internal representation is NULL.
 * @return  0 on failure.
 */
int wolfSSL_BN_add(WOLFSSL_BIGNUM *r, WOLFSSL_BIGNUM *a, WOLFSSL_BIGNUM *b)
{
    int ret = 1;

    WOLFSSL_ENTER("wolfSSL_BN_add");

    /* Validate parameters. */
    if (BN_IS_NULL(r) || BN_IS_NULL(a) || BN_IS_NULL(b)) {
        WOLFSSL_MSG("bn NULL error");
        ret = 0;
    }

    /* Add the internal representations into internal representation. */
    if ((ret == 1) && (mp_add((mp_int*)a->internal, (mp_int*)b->internal,
            (mp_int*)r->internal) != MP_OKAY)) {
        WOLFSSL_MSG("mp_add_d error");
        ret = 0;
    }

    return ret;
}

/* Subtract a from b into r. r = a - b
 *
 * @param [out] r  Big number to put result into.
 * @param [in]  a  Big number to be subtracted from.
 * @param [in]  b  Big number to subtract with.
 *
 * @return  1 on success.
 * @return  0 when r, a or b is NULL.
 * @return  0 on failure.
 */
int wolfSSL_BN_sub(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a,
    const WOLFSSL_BIGNUM* b)
{
    int ret = 1;

    WOLFSSL_ENTER("wolfSSL_BN_sub");

    /* Validate parameters. */
    if (BN_IS_NULL(r) || BN_IS_NULL(a) || BN_IS_NULL(b)) {
        ret = 0;
    }

    /* Have wolfCrypt perform operation with internal representations. */
    if ((ret == 1) && (mp_sub((mp_int*)a->internal,(mp_int*)b->internal,
            (mp_int*)r->internal) != MP_OKAY)) {
        ret = 0;
    }

    WOLFSSL_LEAVE("wolfSSL_BN_sub mp_sub", ret);
    return ret;
}

/* Multiply a with b into r. r = a * b
 *
 * @param [out] r    Big number to put result into.
 * @param [in]  a    Big number to be multiplied.
 * @param [in]  b    Big number to multiply with.
 * @param [in]  ctx  BN context object. Unused.
 *
 * @return  1 on success.
 * @return  0 when r, a or b is NULL.
 * @return  0 when internal representation of r, a or b is NULL.
 * @return  0 on failure.
 */
int wolfSSL_BN_mul(WOLFSSL_BIGNUM *r, WOLFSSL_BIGNUM *a, WOLFSSL_BIGNUM *b,
    WOLFSSL_BN_CTX *ctx)
{
    int ret = 1;

    (void)ctx;

    WOLFSSL_ENTER("wolfSSL_BN_mul");

    /* Validate parameters. */
    if (BN_IS_NULL(r) || BN_IS_NULL(a) || BN_IS_NULL(b)) {
        ret = 0;
    }

    /* Have wolfCrypt perform operation with internal representations. */
    if ((ret == 1) && (mp_mul((mp_int*)a->internal, (mp_int*)b->internal,
            (mp_int*)r->internal) != MP_OKAY)) {
        ret = 0;
    }

    WOLFSSL_LEAVE("wolfSSL_BN_mul", ret);
    return ret;
}

#ifndef WOLFSSL_SP_MATH
/* Divide a by b into dv and put remainder into rem. dv = a / b, rem = a % b
 *
 * @param [out] dv   Big number to put division result into.
 * @param [out] rem  Big number to put remainder into.
 * @param [in]  a    Big number to be divided.
 * @param [in]  b    Big number to divide with.
 * @param [in]  ctx  BN context object. Unused.
 *
 * @return  1 on success.
 * @return  0 when dv, rem, a or b is NULL.
 * @return  0 when internal representation of dv, rem, a or b is NULL.
 * @return  0 on failure.
 */
int wolfSSL_BN_div(WOLFSSL_BIGNUM* dv, WOLFSSL_BIGNUM* rem,
    const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* d, WOLFSSL_BN_CTX* ctx)
{
    int ret = 1;
    WOLFSSL_BIGNUM* res = dv;

    /* BN context not needed. */
    (void)ctx;

    WOLFSSL_ENTER("wolfSSL_BN_div");

    if (BN_IS_NULL(res)) {
        res = wolfSSL_BN_new();
    }

    /* Validate parameters. */
    if (BN_IS_NULL(res) || BN_IS_NULL(rem) || BN_IS_NULL(a) || BN_IS_NULL(d)) {
        ret = 0;
    }

    /* Have wolfCrypt perform operation with internal representations. */
    if ((ret == 1) && (mp_div((mp_int*)a->internal, (mp_int*)d->internal,
            (mp_int*)res->internal, (mp_int*)rem->internal) != MP_OKAY)) {
        ret = 0;
    }

    if (res != dv)
        wolfSSL_BN_free(res);

    WOLFSSL_LEAVE("wolfSSL_BN_div", ret);
    return ret;
}
#endif

/* Calculate a mod b into r. r = a % b
 *
 * @param [out] r    Big number to put result into.
 * @param [in]  a    Big number to reduced
 * @param [in]  b    Big number to reduce with.
 * @param [in]  ctx  BN context object. Unused.
 *
 * @return  1 on success.
 * @return  0 when r, a or b is NULL.
 * @return  0 on failure.
 */
int wolfSSL_BN_mod(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a,
                  const WOLFSSL_BIGNUM* b, const WOLFSSL_BN_CTX* c)
{
    int ret = 1;

    (void)c;

    WOLFSSL_ENTER("wolfSSL_BN_mod");

    /* Validate parameters. */
    if (BN_IS_NULL(r) || BN_IS_NULL(a) || BN_IS_NULL(b)) {
        ret = 0;
    }

    /* Have wolfCrypt perform operation with internal representations. */
    if ((ret == 1) && (mp_mod((mp_int*)a->internal,(mp_int*)b->internal,
            (mp_int*)r->internal) != MP_OKAY)) {
        ret = 0;
    }

    WOLFSSL_LEAVE("wolfSSL_BN_mod mp_mod", ret);
    return ret;
}

/*******************************************************************************
 * Math and Mod APIs
 ******************************************************************************/

#ifndef WOLFSSL_SP_MATH
/* Add a to b modulo m into r. r = a + b (mod m)
 *
 * @param [in, out] r    Big number to hold result.
 * @param [in]      a    Big number to add to.
 * @param [in]      b    Big number to add with.
 * @param [in]      m    Big number that is the modulus.
 * @param [in]      ctx  BN context. Not used.
 * @return  1 on success.
 * @return  0 when r, a or b or internal representation is NULL.
 * @return  0 on calculation failure.
 */
int wolfSSL_BN_mod_add(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
    const WOLFSSL_BIGNUM *b, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
{
    int ret = 1;

    /* BN context not needed. */
    (void)ctx;

    WOLFSSL_ENTER("wolfSSL_BN_add");

    /* Validate parameters. */
    if (BN_IS_NULL(r) || BN_IS_NULL(a) || BN_IS_NULL(b) || BN_IS_NULL(m)) {
        WOLFSSL_MSG("bn NULL error");
        ret = 0;
    }

    /* Perform operation with wolfCrypt. */
    if ((ret == 1) && (mp_addmod((mp_int*)a->internal, (mp_int*)b->internal,
            (mp_int*)m->internal, (mp_int*)r->internal) != MP_OKAY)) {
        WOLFSSL_MSG("mp_add_d error");
        ret = 0;
    }

    return ret;
}
#endif

/* Calculate a multiplied by b, mod m into r. r = (a * b) % m
 *
 * @param [out] r    Big number to put result into.
 * @param [in]  a    Base as a big number.
 * @param [in]  b    Multiplier as a big number.
 * @param [in]  m    Modulus as a big number.
 * @param [in]  ctx  BN context object. Unused.
 *
 * @return  1 on success.
 * @return  0 when r, a, b or m is NULL.
 * @return  0 on failure.
 */
int wolfSSL_BN_mod_mul(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
    const WOLFSSL_BIGNUM *b, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
{
    int ret = 1;

    /* BN context not needed. */
    (void)ctx;

    WOLFSSL_ENTER("wolfSSL_BN_mod_mul");

    /* Validate parameters. */
    if (BN_IS_NULL(r) || BN_IS_NULL(a) || BN_IS_NULL(b) || BN_IS_NULL(m)) {
        WOLFSSL_MSG("Bad Argument");
        ret = 0;
    }

    /* Have wolfCrypt perform operation with internal representations. */
    if ((ret == 1) && (mp_mulmod((mp_int*)a->internal, (mp_int*)b->internal,
            (mp_int*)m->internal, (mp_int*)r->internal)) != MP_OKAY) {
        ret = 0;
    }

    WOLFSSL_LEAVE("wolfSSL_BN_mod_mul", ret);
    return ret;
}


/* Calculate a to the power of e, mod m into r. r = (a ^ e) % m
 *
 * @param [out] r    Big number to put result into.
 * @param [in]  a    Base as a big number.
 * @param [in]  e    Exponent as a big number.
 * @param [in]  m    Modulus as a big number.
 * @param [in]  ctx  BN context object. Unused.
 *
 * @return  1 on success.
 * @return  0 when r, a, p or m is NULL.
 * @return  0 on failure.
 */
int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
    const WOLFSSL_BIGNUM *e, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
{
    int ret = 1;

    /* BN context not needed. */
    (void)ctx;

    WOLFSSL_ENTER("wolfSSL_BN_mod_exp");

    /* Validate parameters. */
    if (BN_IS_NULL(r) || BN_IS_NULL(a) || BN_IS_NULL(e) || BN_IS_NULL(m)) {
        WOLFSSL_MSG("Bad Argument");
        ret = 0;
    }

    /* Have wolfCrypt perform operation with internal representations. */
    if ((ret == 1) && (mp_exptmod((mp_int*)a->internal, (mp_int*)e->internal,
            (mp_int*)m->internal, (mp_int*)r->internal)) != MP_OKAY) {
        ret = 0;
    }

    WOLFSSL_LEAVE("wolfSSL_BN_mod_exp", ret);
    return ret;
}

/* Calculate the modular inverse of a mod m into r. r = a^-1 mod m
 *
 * A new big number is allocated when r is NULL.
 *
 * @param [in, out] r    Big number to hold result. May be NULL.
 * @param [in]      a    Big number to invert.
 * @param [in]      m    Big number that is the modulus.
 * @param [in]      ctx  BN context. Not used.
 * @return  Big number holding result on success.
 * @return  NULL on failure.
 */
WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(WOLFSSL_BIGNUM *r, WOLFSSL_BIGNUM *a,
    const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
{
    int err = 0;
    WOLFSSL_BIGNUM* t = NULL;

    /* BN context not needed. */
    (void)ctx;

    WOLFSSL_ENTER("wolfSSL_BN_mod_inverse");

    /* Validate parameters. */
    if (BN_IS_NULL(a) || BN_IS_NULL(m) || ((r != NULL) &&
            (r->internal == NULL))) {
        WOLFSSL_MSG("a or n NULL error");
        err = 1;
    }
    /* Check whether we have a result big number. */
    if ((!err) && (r == NULL)) {
        /* Allocate a new big number to hold result and be returned. */
        t = wolfSSL_BN_new();
        if (t == NULL){
            WOLFSSL_MSG("WolfSSL_BN_new() failed");
            err = 1;
        }
        r = t;
    }

    /* Compute inverse of a modulo n and return in r */
    if ((!err) && (mp_invmod((mp_int *)a->internal, (mp_int *)m->internal,
            (mp_int*)r->internal) != MP_OKAY)) {
        WOLFSSL_MSG("mp_invmod() error");
        err = 1;
    }

    if (err) {
        wolfSSL_BN_free(t);
        r = NULL;
    }
    return r;
}

/*******************************************************************************
 * Other Math APIs
 ******************************************************************************/

#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
/* Needed to get mp_gcd. */
/* Greatest Common Divisor (GCM) of a and b into r. r = GCD(a, b)
 *
 * @param [out] r    Big number to put result into.
 * @param [in]  a    First big number.
 * @param [in]  b    Second big number.
 * @param [in]  ctx  BN context object. Unused.
 *
 * @return  1 on success.
 * @return  0 when r, a or b is NULL.
 * @return  0 when internal representation of r, a or b is NULL.
 * @return  0 on failure.
 */
int wolfSSL_BN_gcd(WOLFSSL_BIGNUM* r, WOLFSSL_BIGNUM* a, WOLFSSL_BIGNUM* b,
    WOLFSSL_BN_CTX* ctx)
{
    int ret = 1;

    /* BN context not needed. */
    (void)ctx;

    WOLFSSL_ENTER("wolfSSL_BN_gcd");

    /* Validate parameters. */
    if (BN_IS_NULL(r) || BN_IS_NULL(a) || BN_IS_NULL(b)) {
        ret = 0;
    }

    /* Have wolfCrypt perform operation with internal representations. */
    if ((ret == 1) && (mp_gcd((mp_int*)a->internal, (mp_int*)b->internal,
            (mp_int*)r->internal) != MP_OKAY)) {
        ret = 0;
    }

    WOLFSSL_LEAVE("wolfSSL_BN_gcd", ret);
    return ret;
}
#endif /* !NO_RSA && WOLFSSL_KEY_GEN */

/*******************************************************************************
 * Random APIs
 ******************************************************************************/

/* Generates a random number up to bits long.
 *
 * @param [in, out] bn       Big number to generate into.
 * @param [in]      bits     Number of bits in word.
 * @param [in]      top      Whether top bits must be set.
 *                           Valid values: WOLFSSL_BN_RAND_TOP_ANY,
 *                           WOLFSSL_BN_RAND_TOP_ONE, WOLFSSL_BN_RAND_TOP_TWO.
 * @param [in]      bottom   Whether bottom bit must be set.
 *                           Valid values: WOLFSSL_BN_RAND_BOTTOM_ANY,
                             WOLFSSL_BN_RAND_BOTTOM_ODD.
 * @return  1 on success.
 * @return  0 when bn is NULL.
 * @return  0 when bits is invalid.
 * @return  0 when bits and top/bottom are invalid.
 * @return  0 when generation fails.
 */
int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
{
    int ret = 1;
    word32 len = (word32)((bits + 7) / 8);
    WC_RNG* rng;

    WOLFSSL_ENTER("wolfSSL_BN_rand");

    /* Validate parameters. */
    if (BN_IS_NULL(bn)) {
        WOLFSSL_MSG("Bad argument - bn");
        ret = 0;
    }
    else if (bits < 0) {
        WOLFSSL_MSG("Bad argument - bits < 0");
        ret = 0;
    }
    else if ((bits == 0) && ((bottom != WOLFSSL_BN_RAND_BOTTOM_ANY) ||
            (top != WOLFSSL_BN_RAND_TOP_ANY))) {
        WOLFSSL_MSG("Bad top/bottom - bits == 0");
        ret = 0;
    }
    else if ((bits == 1) && (top > WOLFSSL_BN_RAND_TOP_ONE)) {
        WOLFSSL_MSG("Bad top - bits == 1");
        ret = 0;
    }

    /* Handle simple case of zero bits. */
    if ((ret == 1) && (bits == 0)) {
        mp_zero((mp_int*)bn->internal);
    }
    else if (ret == 1) {
        byte* buff = NULL;

        /* Get random to global random to generate bits. */
        if ((rng = wolfssl_make_global_rng()) == NULL) {
            WOLFSSL_MSG("Failed to use global RNG.");
            ret = 0;
        }

        /* Allocate buffer to hold generated bits. */
        if ((ret == 1) && ((buff = (byte*)XMALLOC(len, NULL,
                DYNAMIC_TYPE_TMP_BUFFER)) == NULL)) {
            WOLFSSL_MSG("Failed to allocate buffer.");
            ret = 0;
        }
        /* Generate bytes to cover bits. */
        if ((ret == 1) && wc_RNG_GenerateBlock(rng, buff, len) != 0) {
            WOLFSSL_MSG("wc_RNG_GenerateBlock failed");
            ret = 0;
        }
        /* Read bytes in to big number. */
        if ((ret == 1) && mp_read_unsigned_bin((mp_int*)bn->internal, buff, len)
                != MP_OKAY) {
            WOLFSSL_MSG("mp_read_unsigned_bin failed");
            ret = 0;
        }
        /* Dispose of buffer - no longer needed. */
        XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);

        if (ret == 1) {
            /* Truncate to requested bit length. */
            mp_rshb((mp_int*)bn->internal, 8 - (bits % 8));
        }

        /* Set top bit when required. */
        if ((ret == 1) && (top >= WOLFSSL_BN_RAND_TOP_ONE) &&
                (mp_set_bit((mp_int*)bn->internal, bits - 1) != MP_OKAY)) {
            WOLFSSL_MSG("Failed to set top bit");
            ret = 0;
        }
        /* Set second top bit when required. */
        if ((ret == 1) && (top > WOLFSSL_BN_RAND_TOP_ONE) &&
                (mp_set_bit((mp_int*)bn->internal, bits - 2) != MP_OKAY)) {
            WOLFSSL_MSG("Failed to set second top bit");
            ret = 0;
        }
        /* Set bottom bit when required. */
        if ((ret == 1) && (bottom == WOLFSSL_BN_RAND_BOTTOM_ODD) &&
                (mp_set_bit((mp_int*)bn->internal, 0) != MP_OKAY)) {
            WOLFSSL_MSG("Failed to set 0th bit");
            ret = 0;
        }
    }

    WOLFSSL_LEAVE("wolfSSL_BN_rand", ret);

    return ret;
}

/* Generates a pseudo-random number up to bits long.
 *
 * Implemented using wolfSSL_BN_rand().
 *
 * @param [in, out] bn       Big number to generate into.
 * @param [in]      bits     Number of bits in word.
 * @param [in]      top      Whether top bits must be set.
 *                           Valid values: WOLFSSL_BN_RAND_TOP_ANY,
 *                           WOLFSSL_BN_RAND_TOP_ONE, WOLFSSL_BN_RAND_TOP_TWO.
 * @param [in]      bottom   Whether bottom bit must be set.
 *                           Valid values: WOLFSSL_BN_RAND_BOTTOM_ANY,
                             WOLFSSL_BN_RAND_BOTTOM_ODD.
 * @return  1 on success.
 * @return  0 when bn is NULL.
 * @return  0 when bits is invalid.
 * @return  0 when bits and top/bottom are invalid.
 * @return  0 when generation fails.
 */
int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
{
    return wolfSSL_BN_rand(bn, bits, top, bottom);
}

/* Maximum number of trials to attempt at generating a number in range. */
#define RANGE_MAX_TRIALS    100

/* Generate big number to be a value between 0 and range-1.
 *
 * N = length of range input var
 *
 * Generate N-bit length numbers until generated number is less than range
 * @param [in] r      Big number to generate into.
 * @param [in] range  The upper limit of generated number.
 * @return  1 on success.
 * @return  0 on failure.
 */
int wolfSSL_BN_rand_range(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *range)
{
    int ret = 1;

    WOLFSSL_ENTER("wolfSSL_BN_rand_range");

    /* Validate parameters. */
    if (BN_IS_NULL(r) || BN_IS_NULL(range)) {
        WOLFSSL_MSG("Bad parameter");
        ret = 0;
    }

    if (ret == 1) {
        /* Calculate number of bits in modulus. */
        int n = wolfSSL_BN_num_bits(range);

        if (n <= 1) {
            /* Modulus is 0 or 1. */
            wolfSSL_BN_zero(r);
        }
        else {
            int i;
            /* Try generating a number in range for a limited number of trials.
             */
            for (i = 0; (ret == 1) && (i < RANGE_MAX_TRIALS); i++) {
                /* Generate a random number in range. */
                if (wolfSSL_BN_pseudo_rand(r, n, WOLFSSL_BN_RAND_TOP_ANY,
                        WOLFSSL_BN_RAND_BOTTOM_ANY) == 0) {
                    WOLFSSL_MSG("wolfSSL_BN_rand error");
                    ret = 0;
                }
                /* Check if in range. */
                else if (wolfSSL_BN_cmp(r, range) < 0) {
                    break;
                }
            }
            /* Fail if max trial attempts made. */
            if (i >= RANGE_MAX_TRIALS) {
                WOLFSSL_MSG("wolfSSL_BN_rand_range too many iterations");
                ret = 0;
            }
        }
    }

    return ret;
}

/*******************************************************************************
 * Prime APIs
 ******************************************************************************/

#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \
    !defined(NO_DSA))

/* Generate a prime number.
 *
 * @param [in, out] prime  Big number to generate into.
 * @param [in]      bits   Number of bits in generated number.
 * @param [in]      safe   Whether number must be a safe prime.
 * @param [in]      add    Value to add when generating. Not used.
 * @param [in]      rem    Remainder of number modulo add. Not used.
 * @param [in]      cb     Generation callback. Not used.
 * @return  1 on success.
 * @return  0 when prime is NULL.
 * @return  0 when safe required or add or rem is not NULL.
 * @return  0 on generation failure.
 */
int wolfSSL_BN_generate_prime_ex(WOLFSSL_BIGNUM* prime, int bits,
    int safe, const WOLFSSL_BIGNUM* add, const WOLFSSL_BIGNUM* rem,
    WOLFSSL_BN_GENCB* cb)
{
    int ret = 1;
    WC_DECLARE_VAR(tmpRng, WC_RNG, 1, 0);
    WC_RNG* rng = NULL;
    int localRng = 0;

    /* Callback not used. */
    (void)cb;

    WOLFSSL_ENTER("wolfSSL_BN_generate_prime_ex");

    /* Check unsupported parameters. */
    if ((safe == 1) || (add != NULL) || (rem != NULL)) {
        ret = 0;
    }
    /* Validate parameters. */
    else if (BN_IS_NULL(prime)) {
        ret = 0;
    }

    /* Create a new RNG or use global. */
    if ((ret == 1) && ((rng = wolfssl_make_rng(tmpRng, &localRng)) == NULL)) {
        ret = 0;
    }

    /* Use wolfCrypt to generate a prime. */
    if ((ret == 1) && (mp_rand_prime((mp_int*)prime->internal, (bits + 7) / 8,
            rng, NULL) != MP_OKAY)) {
        ret = 0;
    }

    if (localRng) {
        /* Dispose of local RNG that was created. */
        wc_FreeRng(rng);
        WC_FREE_VAR_EX(rng, NULL, DYNAMIC_TYPE_RNG);
    }

    WOLFSSL_LEAVE("wolfSSL_BN_generate_prime_ex", ret);

    return ret;
}

/* Check whether a big number is prime.
 *
 * Return code compliant with OpenSSL.
 *
 * @param [in] bn      Big number to check.
 * @param [in] checks  Number of Miller-Rabin tests to perform.
 * @param [in] ctx     BN context. Not used.
 * @param [in] cb      Generation callback. Not used.
 * @return  1 when number is prime.
 * @return  0 when number is not prime.
 * @return  -1 when bn is NULL or failure when checking.
 */
int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int checks,
    WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_GENCB *cb)
{
    int ret = 1;
    WC_RNG* rng    = NULL;
    WC_DECLARE_VAR(tmpRng, WC_RNG, 1, 0);
    int localRng = 0;
    int res = MP_NO;

    /* BN context not needed. */
    (void)ctx;
    (void)cb;

    WOLFSSL_ENTER("wolfSSL_BN_is_prime_ex");

    if (BN_IS_NULL(bn)) {
        WOLFSSL_MSG("bn NULL error");
        ret = WOLFSSL_FATAL_ERROR;
    }

    /* Create a new RNG or use global. */
    if ((ret == 1) && ((rng = wolfssl_make_rng(tmpRng, &localRng)) == NULL)) {
        ret = WOLFSSL_FATAL_ERROR;
    }

    if ((ret == 1) && (mp_prime_is_prime_ex((mp_int*)bn->internal, checks, &res,
            rng) != MP_OKAY)) {
        WOLFSSL_MSG("mp_prime_is_prime_ex error");
        ret = WOLFSSL_FATAL_ERROR;
    }

    if (localRng) {
        wc_FreeRng(rng);
        WC_FREE_VAR_EX(rng, NULL, DYNAMIC_TYPE_RNG);
    }

    if ((ret != -1) && (res != MP_YES)) {
        WOLFSSL_MSG("mp_prime_is_prime_ex not prime");
        ret = 0;
    }

    return ret;
}

#endif /* WOLFSSL_KEY_GEN && (!NO_RSA || !NO_DH || !NO_DSA) */

/*******************************************************************************
 * Print APIs
 ******************************************************************************/

#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
    defined(XFPRINTF)
/* Print big number to file pointer.
 *
 * Return code compliant with OpenSSL.
 *
 * @param [in] fp  File pointer.
 * @param [in] bn  Big number to print.
 * @return  1 on success.
 * @return  0 when fp is a bad file pointer.
 * @return  0 when bn is NULL.
 * @return  0 when creating hex string fails.
 * @return  0 when printing fails.
 */
int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn)
{
    int ret = 1;
    char* buf = NULL;

    WOLFSSL_ENTER("wolfSSL_BN_print_fp");

    /* Validate parameters. */
    if ((fp == XBADFILE) || BN_IS_NULL(bn)) {
        WOLFSSL_MSG("bn NULL error");
        ret = 0;
    }

    /* Create a hex string of big number. */
    if ((ret == 1) && ((buf = wolfSSL_BN_bn2hex(bn)) == NULL)) {
        WOLFSSL_MSG("wolfSSL_BN_bn2hex failure");
        ret = 0;
    }

    /* Print hex string to file pointer. */
    if ((ret == 1) && (XFPRINTF(fp, "%s", buf) < 0)) {
        ret = 0;
    }

    /* Dispose of any allocated data. */
    XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL);

    return ret;
}
#endif /* !NO_FILESYSTEM && XFPRINTF */

#ifndef NO_WOLFSSL_BN_CTX
/*******************************************************************************
 * BN_CTX APIs
 ******************************************************************************/

/* Create a new BN context object.
 *
 * @return  BN context object on success.
 * @return  NULL on failure.
 */
WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void)
{
    WOLFSSL_BN_CTX* ctx = NULL;

    WOLFSSL_ENTER("wolfSSL_BN_CTX_new");
    ctx = (WOLFSSL_BN_CTX*)XMALLOC(sizeof(WOLFSSL_BN_CTX), NULL,
            DYNAMIC_TYPE_OPENSSL);
    if (ctx != NULL) {
        XMEMSET(ctx, 0, sizeof(WOLFSSL_BN_CTX));
    }

    return ctx;
}


#ifndef NO_WOLFSSL_STUB
/* deprecated
 *
 * Initialize a BN context object.
 * This function was removed in OpenSSL 1.1.0 and later.
 * Keeping a stub function here for older applications that have BN_CTX_init()
 * calls.
 *
 * @param [in] ctx  Dummy BN context.
 */
void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx)
{
    (void)ctx;
    WOLFSSL_ENTER("wolfSSL_BN_CTX_init");
    WOLFSSL_STUB("wolfSSL_BN_CTX_init");
    WOLFSSL_MSG("wolfSSL_BN_CTX_init is deprecated");
}
#endif


/* Free a BN context object.
 *
 * @param [in] ctx  BN context object.
 */
void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx)
{
    WOLFSSL_ENTER("wolfSSL_BN_CTX_free");
    if (ctx != NULL) {
        while (ctx->list != NULL) {
            struct WOLFSSL_BN_CTX_LIST* tmp = ctx->list;
            ctx->list = ctx->list->next;
            wolfSSL_BN_free(tmp->bn);
            XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
        }
        XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL);
    }
}

/* Get a big number from the BN context.
 *
 * @param [in] ctx  BN context object.
 * @return  Big number on success.
 * @return  NULL on failure.
 */
WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx)
{
    WOLFSSL_BIGNUM* bn = NULL;

    WOLFSSL_ENTER("wolfSSL_BN_CTX_get");
    if (ctx != NULL) {
        struct WOLFSSL_BN_CTX_LIST* node = (struct WOLFSSL_BN_CTX_LIST*)XMALLOC(
                sizeof(struct WOLFSSL_BN_CTX_LIST), NULL, DYNAMIC_TYPE_OPENSSL);
        if (node != NULL) {
            XMEMSET(node, 0, sizeof(struct WOLFSSL_BN_CTX_LIST));
            bn = node->bn = wolfSSL_BN_new();
            if (node->bn != NULL) {
                node->next = ctx->list;
                ctx->list = node;
            }
            else {
                XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
                node = NULL;
            }
        }
    }

    return bn;
}

#ifndef NO_WOLFSSL_STUB
/* Start stack of temporary big numbers.
 *
 * Newly allocated big numbers are returned instead of having a stack.
 *
 * @param [in] ctx  BN context. Not used.
 */
void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx)
{
    (void)ctx;

    WOLFSSL_ENTER("wolfSSL_BN_CTX_start");
    WOLFSSL_STUB("BN_CTX_start");
    WOLFSSL_MSG("wolfSSL_BN_CTX_start TBD");
}
#endif

#endif /* NO_WOLFSSL_BN_CTX */

/*******************************************************************************
 * BN_MONT_CTX APIs
 ******************************************************************************/

WOLFSSL_BN_MONT_CTX* wolfSSL_BN_MONT_CTX_new(void)
{
    /* wolfcrypt doesn't need BN MONT context. */
    static int mont;
    WOLFSSL_ENTER("wolfSSL_BN_MONT_CTX_new");
    return (WOLFSSL_BN_MONT_CTX*)&mont;
}

void wolfSSL_BN_MONT_CTX_free(WOLFSSL_BN_MONT_CTX *mont)
{
    (void)mont;
    WOLFSSL_ENTER("wolfSSL_BN_MONT_CTX_free");
    /* Don't do anything since using dummy, static BN context. */
}

int wolfSSL_BN_MONT_CTX_set(WOLFSSL_BN_MONT_CTX *mont,
        const WOLFSSL_BIGNUM *mod, WOLFSSL_BN_CTX *ctx)
{
    (void) mont;
    (void) mod;
    (void) ctx;
    WOLFSSL_ENTER("wolfSSL_BN_MONT_CTX_set");
    return WOLFSSL_SUCCESS;
}

/* Calculate r = a ^ p % m.
 *
 * @param [out] r    Big number to store the result.
 * @param [in]  a    Base as an unsigned long.
 * @param [in]  p    Exponent as a big number.
 * @param [in]  m    Modulus as a big number.
 * @param [in]  ctx  BN context object. Unused.
 * @param [in]  mont Montgomery context object. Unused.
 *
 * @return  1 on success.
 * @return  0 on failure.
 */
int wolfSSL_BN_mod_exp_mont_word(WOLFSSL_BIGNUM *r, WOLFSSL_BN_ULONG a,
        const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx,
        WOLFSSL_BN_MONT_CTX *mont)
{
    WOLFSSL_BIGNUM* tmp = NULL;
    int ret = WOLFSSL_SUCCESS;

    (void)mont;
    WOLFSSL_ENTER("wolfSSL_BN_mod_exp_mont_word");

    if (ret == WOLFSSL_SUCCESS && (tmp = wolfSSL_BN_new()) == NULL) {
        WOLFSSL_MSG("wolfSSL_BN_new failed");
        ret = WOLFSSL_FAILURE;
    }
    if (ret == WOLFSSL_SUCCESS && (wolfSSL_BN_set_word(tmp, (unsigned long)a))
                                   == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
        WOLFSSL_MSG("wolfSSL_BN_set_word failed");
        ret = WOLFSSL_FAILURE;
    }
    if (ret == WOLFSSL_SUCCESS)
        ret = wolfSSL_BN_mod_exp(r, tmp, p, m, ctx);

    wolfSSL_BN_free(tmp);
    return ret;
}

#endif /* OPENSSL_EXTRA */

#endif /* !WOLFSSL_SSL_BN_INCLUDED */


Coverage Report

Created: 2025-11-16 07:15