1*ca1d80d6Sbeck /* $OpenBSD: bn_ctx.c,v 1.22 2023/07/08 12:21:58 beck Exp $ */
224d7b3e0Sjsing /*
324d7b3e0Sjsing * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
4ba5406e9Sbeck *
524d7b3e0Sjsing * Permission to use, copy, modify, and distribute this software for any
624d7b3e0Sjsing * purpose with or without fee is hereby granted, provided that the above
724d7b3e0Sjsing * copyright notice and this permission notice appear in all copies.
8ba5406e9Sbeck *
924d7b3e0Sjsing * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
1024d7b3e0Sjsing * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
1124d7b3e0Sjsing * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
1224d7b3e0Sjsing * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
1324d7b3e0Sjsing * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
1424d7b3e0Sjsing * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1524d7b3e0Sjsing * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16ba5406e9Sbeck */
17ba5406e9Sbeck
1824d7b3e0Sjsing #include <stddef.h>
19a8913c44Sjsing #include <string.h>
20da347917Sbeck
218cf4d6a6Sjsing #include <openssl/opensslconf.h>
22b6ab114eSjsing #include <openssl/err.h>
23b6ab114eSjsing
24c9675a23Stb #include "bn_local.h"
25ba5406e9Sbeck
2624d7b3e0Sjsing #define BN_CTX_INITIAL_LEN 8
274fcf65c5Sdjm
282bd9bb84Sjsing struct bignum_ctx {
2924d7b3e0Sjsing BIGNUM **bignums;
3024d7b3e0Sjsing uint8_t *groups;
3124d7b3e0Sjsing uint8_t group;
3224d7b3e0Sjsing size_t index;
3324d7b3e0Sjsing size_t len;
3424d7b3e0Sjsing
3524d7b3e0Sjsing int error;
364fcf65c5Sdjm };
374fcf65c5Sdjm
3824d7b3e0Sjsing static int
bn_ctx_grow(BN_CTX * bctx)3924d7b3e0Sjsing bn_ctx_grow(BN_CTX *bctx)
404fcf65c5Sdjm {
4124d7b3e0Sjsing BIGNUM **bignums = NULL;
4224d7b3e0Sjsing uint8_t *groups = NULL;
4324d7b3e0Sjsing size_t len;
442bd9bb84Sjsing
4524d7b3e0Sjsing if ((len = bctx->len) == 0) {
4624d7b3e0Sjsing len = BN_CTX_INITIAL_LEN;
4724d7b3e0Sjsing } else {
4824d7b3e0Sjsing if (SIZE_MAX - len < len)
4924d7b3e0Sjsing return 0;
5024d7b3e0Sjsing len *= 2;
514fcf65c5Sdjm }
52f1c87baeSderaadt
5324d7b3e0Sjsing if ((bignums = recallocarray(bctx->bignums, bctx->len, len,
5424d7b3e0Sjsing sizeof(bctx->bignums[0]))) == NULL)
5524d7b3e0Sjsing return 0;
5624d7b3e0Sjsing bctx->bignums = bignums;
57f1c87baeSderaadt
5824d7b3e0Sjsing if ((groups = reallocarray(bctx->groups, len,
5924d7b3e0Sjsing sizeof(bctx->groups[0]))) == NULL)
6024d7b3e0Sjsing return 0;
6124d7b3e0Sjsing bctx->groups = groups;
624fcf65c5Sdjm
6324d7b3e0Sjsing bctx->len = len;
6424d7b3e0Sjsing
6524d7b3e0Sjsing return 1;
664fcf65c5Sdjm }
67ba5406e9Sbeck
682bd9bb84Sjsing BN_CTX *
BN_CTX_new(void)692bd9bb84Sjsing BN_CTX_new(void)
70ba5406e9Sbeck {
7124d7b3e0Sjsing return calloc(1, sizeof(struct bignum_ctx));
72ba5406e9Sbeck }
73*ca1d80d6Sbeck LCRYPTO_ALIAS(BN_CTX_new);
74ba5406e9Sbeck
752bd9bb84Sjsing void
BN_CTX_free(BN_CTX * bctx)7624d7b3e0Sjsing BN_CTX_free(BN_CTX *bctx)
7724d7b3e0Sjsing {
7824d7b3e0Sjsing size_t i;
7924d7b3e0Sjsing
8024d7b3e0Sjsing if (bctx == NULL)
814fcf65c5Sdjm return;
8224d7b3e0Sjsing
8324d7b3e0Sjsing for (i = 0; i < bctx->len; i++) {
8424d7b3e0Sjsing BN_free(bctx->bignums[i]);
8524d7b3e0Sjsing bctx->bignums[i] = NULL;
864fcf65c5Sdjm }
8724d7b3e0Sjsing
8824d7b3e0Sjsing free(bctx->bignums);
8924d7b3e0Sjsing free(bctx->groups);
9024d7b3e0Sjsing
9124d7b3e0Sjsing freezero(bctx, sizeof(*bctx));
92ba5406e9Sbeck }
93*ca1d80d6Sbeck LCRYPTO_ALIAS(BN_CTX_free);
94ba5406e9Sbeck
952bd9bb84Sjsing void
BN_CTX_start(BN_CTX * bctx)9624d7b3e0Sjsing BN_CTX_start(BN_CTX *bctx)
97ba5406e9Sbeck {
9824d7b3e0Sjsing bctx->group++;
992bd9bb84Sjsing
10024d7b3e0Sjsing if (bctx->group == 0) {
1015067ae9fSbeck BNerror(BN_R_TOO_MANY_TEMPORARY_VARIABLES);
10224d7b3e0Sjsing bctx->error = 1;
1031eac54c3Sschwarze return;
104ba5406e9Sbeck }
1054fcf65c5Sdjm }
106*ca1d80d6Sbeck LCRYPTO_ALIAS(BN_CTX_start);
1074fcf65c5Sdjm
1082bd9bb84Sjsing BIGNUM *
BN_CTX_get(BN_CTX * bctx)10924d7b3e0Sjsing BN_CTX_get(BN_CTX *bctx)
1104fcf65c5Sdjm {
11124d7b3e0Sjsing BIGNUM *bn = NULL;
1122bd9bb84Sjsing
11324d7b3e0Sjsing if (bctx->error)
1142bd9bb84Sjsing return NULL;
11524d7b3e0Sjsing
11624d7b3e0Sjsing if (bctx->group == 0) {
11724d7b3e0Sjsing BNerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
11824d7b3e0Sjsing bctx->error = 1;
11924d7b3e0Sjsing return NULL;
12024d7b3e0Sjsing }
12124d7b3e0Sjsing
12224d7b3e0Sjsing if (bctx->index == bctx->len) {
12324d7b3e0Sjsing if (!bn_ctx_grow(bctx)) {
1245067ae9fSbeck BNerror(BN_R_TOO_MANY_TEMPORARY_VARIABLES);
12524d7b3e0Sjsing bctx->error = 1;
1264fcf65c5Sdjm return NULL;
1274fcf65c5Sdjm }
1284fcf65c5Sdjm }
1294fcf65c5Sdjm
13024d7b3e0Sjsing if ((bn = bctx->bignums[bctx->index]) == NULL) {
13124d7b3e0Sjsing if ((bn = BN_new()) == NULL) {
13224d7b3e0Sjsing BNerror(BN_R_TOO_MANY_TEMPORARY_VARIABLES);
13324d7b3e0Sjsing bctx->error = 1;
1342bd9bb84Sjsing return NULL;
1354fcf65c5Sdjm }
13624d7b3e0Sjsing bctx->bignums[bctx->index] = bn;
1374fcf65c5Sdjm }
13824d7b3e0Sjsing bctx->groups[bctx->index] = bctx->group;
13924d7b3e0Sjsing bctx->index++;
14024d7b3e0Sjsing
14124d7b3e0Sjsing BN_zero(bn);
14224d7b3e0Sjsing
14324d7b3e0Sjsing return bn;
1444fcf65c5Sdjm }
145*ca1d80d6Sbeck LCRYPTO_ALIAS(BN_CTX_get);
1464fcf65c5Sdjm
14724d7b3e0Sjsing void
BN_CTX_end(BN_CTX * bctx)14824d7b3e0Sjsing BN_CTX_end(BN_CTX *bctx)
1494fcf65c5Sdjm {
15024d7b3e0Sjsing if (bctx == NULL || bctx->error || bctx->group == 0)
15124d7b3e0Sjsing return;
1522bd9bb84Sjsing
15324d7b3e0Sjsing while (bctx->index > 0 && bctx->groups[bctx->index - 1] == bctx->group) {
15424d7b3e0Sjsing BN_zero(bctx->bignums[bctx->index - 1]);
15524d7b3e0Sjsing bctx->groups[bctx->index - 1] = 0;
15624d7b3e0Sjsing bctx->index--;
1574fcf65c5Sdjm }
15824d7b3e0Sjsing
15924d7b3e0Sjsing bctx->group--;
1604fcf65c5Sdjm }
161*ca1d80d6Sbeck LCRYPTO_ALIAS(BN_CTX_end);
162