cmp.c
Go to the documentation of this file.
1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2  * All rights reserved.
3  *
4  * This package is an SSL implementation written
5  * by Eric Young (eay@cryptsoft.com).
6  * The implementation was written so as to conform with Netscapes SSL.
7  *
8  * This library is free for commercial and non-commercial use as long as
9  * the following conditions are aheared to. The following conditions
10  * apply to all code found in this distribution, be it the RC4, RSA,
11  * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12  * included with this distribution is covered by the same copyright terms
13  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14  *
15  * Copyright remains Eric Young's, and as such any Copyright notices in
16  * the code are not to be removed.
17  * If this package is used in a product, Eric Young should be given attribution
18  * as the author of the parts of the library used.
19  * This can be in the form of a textual message at program startup or
20  * in documentation (online or textual) provided with the package.
21  *
22  * Redistribution and use in source and binary forms, with or without
23  * modification, are permitted provided that the following conditions
24  * are met:
25  * 1. Redistributions of source code must retain the copyright
26  * notice, this list of conditions and the following disclaimer.
27  * 2. Redistributions in binary form must reproduce the above copyright
28  * notice, this list of conditions and the following disclaimer in the
29  * documentation and/or other materials provided with the distribution.
30  * 3. All advertising materials mentioning features or use of this software
31  * must display the following acknowledgement:
32  * "This product includes cryptographic software written by
33  * Eric Young (eay@cryptsoft.com)"
34  * The word 'cryptographic' can be left out if the rouines from the library
35  * being used are not cryptographic related :-).
36  * 4. If you include any Windows specific code (or a derivative thereof) from
37  * the apps directory (application code) you must include an acknowledgement:
38  * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39  *
40  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50  * SUCH DAMAGE.
51  *
52  * The licence and distribution terms for any publically available version or
53  * derivative of this code cannot be changed. i.e. this code cannot simply be
54  * copied and put under another distribution licence
55  * [including the GNU Public Licence.] */
56 
57 #include <openssl/bn.h>
58 
59 #include <openssl/mem.h>
60 #include <openssl/type_check.h>
61 
62 #include "internal.h"
63 #include "../../internal.h"
64 
65 
66 static int bn_cmp_words_consttime(const BN_ULONG *a, size_t a_len,
67  const BN_ULONG *b, size_t b_len) {
68  OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
69  "crypto_word_t is too small");
70  int ret = 0;
71  // Process the common words in little-endian order.
72  size_t min = a_len < b_len ? a_len : b_len;
73  for (size_t i = 0; i < min; i++) {
74  crypto_word_t eq = constant_time_eq_w(a[i], b[i]);
75  crypto_word_t lt = constant_time_lt_w(a[i], b[i]);
76  ret =
77  constant_time_select_int(eq, ret, constant_time_select_int(lt, -1, 1));
78  }
79 
80  // If |a| or |b| has non-zero words beyond |min|, they take precedence.
81  if (a_len < b_len) {
82  crypto_word_t mask = 0;
83  for (size_t i = a_len; i < b_len; i++) {
84  mask |= b[i];
85  }
86  ret = constant_time_select_int(constant_time_is_zero_w(mask), ret, -1);
87  } else if (b_len < a_len) {
88  crypto_word_t mask = 0;
89  for (size_t i = b_len; i < a_len; i++) {
90  mask |= a[i];
91  }
92  ret = constant_time_select_int(constant_time_is_zero_w(mask), ret, 1);
93  }
94 
95  return ret;
96 }
97 
98 int BN_ucmp(const BIGNUM *a, const BIGNUM *b) {
99  return bn_cmp_words_consttime(a->d, a->width, b->d, b->width);
100 }
101 
102 int BN_cmp(const BIGNUM *a, const BIGNUM *b) {
103  if ((a == NULL) || (b == NULL)) {
104  if (a != NULL) {
105  return -1;
106  } else if (b != NULL) {
107  return 1;
108  } else {
109  return 0;
110  }
111  }
112 
113  // We do not attempt to process the sign bit in constant time. Negative
114  // |BIGNUM|s should never occur in crypto, only calculators.
115  if (a->neg != b->neg) {
116  if (a->neg) {
117  return -1;
118  }
119  return 1;
120  }
121 
122  int ret = BN_ucmp(a, b);
123  return a->neg ? -ret : ret;
124 }
125 
126 int bn_less_than_words(const BN_ULONG *a, const BN_ULONG *b, size_t len) {
127  return bn_cmp_words_consttime(a, len, b, len) < 0;
128 }
129 
130 int BN_abs_is_word(const BIGNUM *bn, BN_ULONG w) {
131  if (bn->width == 0) {
132  return w == 0;
133  }
134  BN_ULONG mask = bn->d[0] ^ w;
135  for (int i = 1; i < bn->width; i++) {
136  mask |= bn->d[i];
137  }
138  return mask == 0;
139 }
140 
141 int BN_cmp_word(const BIGNUM *a, BN_ULONG b) {
142  BIGNUM b_bn;
143  BN_init(&b_bn);
144 
145  b_bn.d = &b;
146  b_bn.width = b > 0;
147  b_bn.dmax = 1;
148  b_bn.flags = BN_FLG_STATIC_DATA;
149  return BN_cmp(a, &b_bn);
150 }
151 
152 int BN_is_zero(const BIGNUM *bn) {
153  return bn_fits_in_words(bn, 0);
154 }
155 
156 int BN_is_one(const BIGNUM *bn) {
157  return bn->neg == 0 && BN_abs_is_word(bn, 1);
158 }
159 
160 int BN_is_word(const BIGNUM *bn, BN_ULONG w) {
161  return BN_abs_is_word(bn, w) && (w == 0 || bn->neg == 0);
162 }
163 
164 int BN_is_odd(const BIGNUM *bn) {
165  return bn->width > 0 && (bn->d[0] & 1) == 1;
166 }
167 
168 int BN_is_pow2(const BIGNUM *bn) {
169  int width = bn_minimal_width(bn);
170  if (width == 0 || bn->neg) {
171  return 0;
172  }
173 
174  for (int i = 0; i < width - 1; i++) {
175  if (bn->d[i] != 0) {
176  return 0;
177  }
178  }
179 
180  return 0 == (bn->d[width-1] & (bn->d[width-1] - 1));
181 }
182 
183 int BN_equal_consttime(const BIGNUM *a, const BIGNUM *b) {
184  BN_ULONG mask = 0;
185  // If |a| or |b| has more words than the other, all those words must be zero.
186  for (int i = a->width; i < b->width; i++) {
187  mask |= b->d[i];
188  }
189  for (int i = b->width; i < a->width; i++) {
190  mask |= a->d[i];
191  }
192  // Common words must match.
193  int min = a->width < b->width ? a->width : b->width;
194  for (int i = 0; i < min; i++) {
195  mask |= (a->d[i] ^ b->d[i]);
196  }
197  // The sign bit must match.
198  mask |= (a->neg ^ b->neg);
199  return mask == 0;
200 }
bn.h
width
int width
Definition: libuv/docs/code/tty-gravity/main.c:10
BN_is_zero
int BN_is_zero(const BIGNUM *bn)
Definition: cmp.c:152
BN_is_odd
int BN_is_odd(const BIGNUM *bn)
Definition: cmp.c:164
BN_equal_consttime
int BN_equal_consttime(const BIGNUM *a, const BIGNUM *b)
Definition: cmp.c:183
BN_FLG_STATIC_DATA
#define BN_FLG_STATIC_DATA
Definition: bn.h:997
bignum_st::width
int width
Definition: bn.h:975
bn_fits_in_words
#define bn_fits_in_words
Definition: boringssl_prefix_symbols.h:2855
a
int a
Definition: abseil-cpp/absl/container/internal/hash_policy_traits_test.cc:88
constant_time_is_zero_w
static crypto_word_t constant_time_is_zero_w(crypto_word_t a)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:372
bn_minimal_width
#define bn_minimal_width
Definition: boringssl_prefix_symbols.h:2868
bn_cmp_words_consttime
static int bn_cmp_words_consttime(const BN_ULONG *a, size_t a_len, const BN_ULONG *b, size_t b_len)
Definition: cmp.c:66
constant_time_select_int
static int constant_time_select_int(crypto_word_t mask, int a, int b)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:441
BN_abs_is_word
int BN_abs_is_word(const BIGNUM *bn, BN_ULONG w)
Definition: cmp.c:130
BN_cmp
int BN_cmp(const BIGNUM *a, const BIGNUM *b)
Definition: cmp.c:102
min
#define min(a, b)
Definition: qsort.h:83
b
uint64_t b
Definition: abseil-cpp/absl/container/internal/layout_test.cc:53
BN_cmp_word
int BN_cmp_word(const BIGNUM *a, BN_ULONG b)
Definition: cmp.c:141
BN_ucmp
int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
Definition: cmp.c:98
BN_is_pow2
int BN_is_pow2(const BIGNUM *bn)
Definition: cmp.c:168
bignum_st::neg
int neg
Definition: bn.h:979
absl::compare_internal::eq
eq
Definition: abseil-cpp/absl/types/compare.h:72
bignum_st
Definition: bn.h:957
bn_less_than_words
int bn_less_than_words(const BN_ULONG *a, const BN_ULONG *b, size_t len)
Definition: cmp.c:126
internal.h
ret
UniquePtr< SSL_SESSION > ret
Definition: ssl_x509.cc:1029
BN_is_one
int BN_is_one(const BIGNUM *bn)
Definition: cmp.c:156
bignum_st::d
BN_ULONG * d
Definition: bn.h:960
BN_init
#define BN_init
Definition: boringssl_prefix_symbols.h:931
mem.h
type_check.h
len
int len
Definition: abseil-cpp/absl/base/internal/low_level_alloc_test.cc:46
constant_time_eq_w
static crypto_word_t constant_time_eq_w(crypto_word_t a, crypto_word_t b)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:394
bignum_st::flags
int flags
Definition: bn.h:981
BN_is_word
int BN_is_word(const BIGNUM *bn, BN_ULONG w)
Definition: cmp.c:160
bignum_st::dmax
int dmax
Definition: bn.h:977
OPENSSL_STATIC_ASSERT
#define OPENSSL_STATIC_ASSERT(cond, msg)
Definition: type_check.h:75
i
uint64_t i
Definition: abseil-cpp/absl/container/btree_benchmark.cc:230
constant_time_lt_w
static crypto_word_t constant_time_lt_w(crypto_word_t a, crypto_word_t b)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:318

grpc
Author(s):
autogenerated on Thu Mar 13 2025 02:58:48