mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Move bn internal functions into bn_int.h and bn_lcl.h

Browse Source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Matt Caswell 2014-11-02 20:16:59 +00:00
parent e35af275d5
commit 02a62d1a4a
5 changed files with 114 additions and 176 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
crypto/bn/bn.h
View File

@ -620,114 +620,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv,
const unsigned char *message, size_t message_len,
BN_CTX *ctx);
/* library internal functions */
#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
BIGNUM *bn_wexpand(BIGNUM *a, int words);
BIGNUM *bn_expand2(BIGNUM *a, int words);
#ifndef OPENSSL_NO_DEPRECATED
BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
#endif
/* Bignum consistency macros
* There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
* bignum data after direct manipulations on the data. There is also an
* "internal" macro, bn_check_top(), for verifying that there are no leading
* zeroes. Unfortunately, some auditing is required due to the fact that
* bn_fix_top() has become an overabused duct-tape because bignum data is
* occasionally passed around in an inconsistent state. So the following
* changes have been made to sort this out;
* - bn_fix_top()s implementation has been moved to bn_correct_top()
* - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
* bn_check_top() is as before.
* - if BN_DEBUG *is* defined;
* - bn_check_top() tries to pollute unused words even if the bignum 'top' is
* consistent. (ed: only if BN_DEBUG_RAND is defined)
* - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
* The idea is to have debug builds flag up inconsistent bignums when they
* occur. If that occurs in a bn_fix_top(), we examine the code in question; if
* the use of bn_fix_top() was appropriate (ie. it follows directly after code
* that manipulates the bignum) it is converted to bn_correct_top(), and if it
* was not appropriate, we convert it permanently to bn_check_top() and track
* down the cause of the bug. Eventually, no internal code should be using the
* bn_fix_top() macro. External applications and libraries should try this with
* their own code too, both in terms of building against the openssl headers
* with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
* defined. This not only improves external code, it provides more test
* coverage for openssl's own code.
*/
#ifdef BN_DEBUG
/* We only need assert() when debugging */
#include <assert.h>
#ifdef BN_DEBUG_RAND
/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
#ifndef RAND_pseudo_bytes
int RAND_pseudo_bytes(unsigned char *buf,int num);
#define BN_DEBUG_TRIX
#endif
#define bn_pollute(a) \
do { \
const BIGNUM *_bnum1 = (a); \
if(_bnum1->top < _bnum1->dmax) { \
unsigned char _tmp_char; \
/* We cast away const without the compiler knowing, any \
* *genuinely* constant variables that aren't mutable \
* wouldn't be constructed with top!=dmax. */ \
BN_ULONG *_not_const; \
memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
RAND_pseudo_bytes(&_tmp_char, 1); \
memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
} \
} while(0)
#ifdef BN_DEBUG_TRIX
#undef RAND_pseudo_bytes
#endif
#else
#define bn_pollute(a)
#endif
#define bn_check_top(a) \
do { \
const BIGNUM *_bnum2 = (a); \
if (_bnum2 != NULL) { \
assert((_bnum2->top == 0) || \
(_bnum2->d[_bnum2->top - 1] != 0)); \
bn_pollute(_bnum2); \
} \
} while(0)
#define bn_fix_top(a) bn_check_top(a)
#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
#define bn_wcheck_size(bn, words) \
do { \
const BIGNUM *_bnum2 = (bn); \
assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
} while(0)
#else /* !BN_DEBUG */
#define bn_pollute(a)
#define bn_check_top(a)
#define bn_fix_top(a) bn_correct_top(a)
#define bn_check_size(bn, bits)
#define bn_wcheck_size(bn, words)
#endif
void bn_correct_top(BIGNUM *a);
BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
/* Primes from RFC 2409 */
BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);

97
crypto/bn/bn_lcl.h
View File

@ -118,6 +118,103 @@
extern "C" {
#endif
/* Bignum consistency macros
* There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
* bignum data after direct manipulations on the data. There is also an
* "internal" macro, bn_check_top(), for verifying that there are no leading
* zeroes. Unfortunately, some auditing is required due to the fact that
* bn_fix_top() has become an overabused duct-tape because bignum data is
* occasionally passed around in an inconsistent state. So the following
* changes have been made to sort this out;
* - bn_fix_top()s implementation has been moved to bn_correct_top()
* - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
* bn_check_top() is as before.
* - if BN_DEBUG *is* defined;
* - bn_check_top() tries to pollute unused words even if the bignum 'top' is
* consistent. (ed: only if BN_DEBUG_RAND is defined)
* - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
* The idea is to have debug builds flag up inconsistent bignums when they
* occur. If that occurs in a bn_fix_top(), we examine the code in question; if
* the use of bn_fix_top() was appropriate (ie. it follows directly after code
* that manipulates the bignum) it is converted to bn_correct_top(), and if it
* was not appropriate, we convert it permanently to bn_check_top() and track
* down the cause of the bug. Eventually, no internal code should be using the
* bn_fix_top() macro. External applications and libraries should try this with
* their own code too, both in terms of building against the openssl headers
* with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
* defined. This not only improves external code, it provides more test
* coverage for openssl's own code.
*/
#ifdef BN_DEBUG
/* We only need assert() when debugging */
#include <assert.h>
#ifdef BN_DEBUG_RAND
/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
#ifndef RAND_pseudo_bytes
int RAND_pseudo_bytes(unsigned char *buf,int num);
#define BN_DEBUG_TRIX
#endif
#define bn_pollute(a) \
do { \
const BIGNUM *_bnum1 = (a); \
if(_bnum1->top < _bnum1->dmax) { \
unsigned char _tmp_char; \
/* We cast away const without the compiler knowing, any \
* *genuinely* constant variables that aren't mutable \
* wouldn't be constructed with top!=dmax. */ \
BN_ULONG *_not_const; \
memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
RAND_pseudo_bytes(&_tmp_char, 1); \
memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
} \
} while(0)
#ifdef BN_DEBUG_TRIX
#undef RAND_pseudo_bytes
#endif
#else
#define bn_pollute(a)
#endif
#define bn_check_top(a) \
do { \
const BIGNUM *_bnum2 = (a); \
if (_bnum2 != NULL) { \
assert((_bnum2->top == 0) || \
(_bnum2->d[_bnum2->top - 1] != 0)); \
bn_pollute(_bnum2); \
} \
} while(0)
#define bn_fix_top(a) bn_check_top(a)
#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
#define bn_wcheck_size(bn, words) \
do { \
const BIGNUM *_bnum2 = (bn); \
assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
} while(0)
#else /* !BN_DEBUG */
#define bn_pollute(a)
#define bn_check_top(a)
#define bn_fix_top(a) bn_correct_top(a)
#define bn_check_size(bn, bits)
#define bn_wcheck_size(bn, words)
#endif
BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
struct bignum_st
{

57
crypto/bn/bn_lib.c
View File

@ -370,63 +370,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
return(a);
}
/* This is an internal function that can be used instead of bn_expand2()
* when there is a need to copy BIGNUMs instead of only expanding the
* data part, while still expanding them.
* Especially useful when needing to expand BIGNUMs that are declared
* 'const' and should therefore not be changed.
* The reason to use this instead of a BN_dup() followed by a bn_expand2()
* is memory allocation overhead. A BN_dup() followed by a bn_expand2()
* will allocate new memory for the BIGNUM data twice, and free it once,
* while bn_dup_expand() makes sure allocation is made only once.
*/
#ifndef OPENSSL_NO_DEPRECATED
BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
{
BIGNUM *r = NULL;
bn_check_top(b);
/* This function does not work if
* words <= b->dmax && top < words
* because BN_dup() does not preserve 'dmax'!
* (But bn_dup_expand() is not used anywhere yet.)
*/
if (words > b->dmax)
{
BN_ULONG *a = bn_expand_internal(b, words);
if (a)
{
r = BN_new();
if (r)
{
r->top = b->top;
r->dmax = words;
r->neg = b->neg;
r->d = a;
}
else
{
/* r == NULL, BN_new failure */
OPENSSL_free(a);
}
}
/* If a == NULL, there was an error in allocation in
bn_expand_internal(), and NULL should be returned */
}
else
{
r = BN_dup(b);
}
bn_check_top(r);
return r;
}
#endif
/* This is an internal function that should not be used in applications.
* It ensures that 'b' has enough room for a 'words' word number
* and initialises any unused part of b->d with leading zeros.

7
crypto/include/internal/bn_int.h
View File

@ -62,6 +62,13 @@
extern "C" {
#endif
#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
BIGNUM *bn_wexpand(BIGNUM *a, int words);
BIGNUM *bn_expand2(BIGNUM *a, int words);
void bn_correct_top(BIGNUM *a);
/* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
* This is an array r[] of values that are either zero or odd with an
* absolute value less than 2^w satisfying

21
util/libeay.num
View File

@ -694,13 +694,13 @@ a2i_ASN1_INTEGER 700 EXIST::FUNCTION:BIO
a2i_ASN1_STRING 701 EXIST::FUNCTION:BIO
asn1_Finish 702 EXIST::FUNCTION:
asn1_GetSequence 703 EXIST::FUNCTION:
bn_div_words 704 EXIST::FUNCTION:
bn_expand2 705 EXIST::FUNCTION:
bn_mul_add_words 706 EXIST::FUNCTION:
bn_mul_words 707 EXIST::FUNCTION:
bn_div_words 704 NOEXIST::FUNCTION:
bn_expand2 705 NOEXIST::FUNCTION:
bn_mul_add_words 706 NOEXIST::FUNCTION:
bn_mul_words 707 NOEXIST::FUNCTION:
BN_uadd 708 EXIST::FUNCTION:
BN_usub 709 EXIST::FUNCTION:
bn_sqr_words 710 EXIST::FUNCTION:
bn_sqr_words 710 NOEXIST::FUNCTION:
_ossl_old_crypt 711 EXIST:!NeXT,!PERL5:FUNCTION:DES
d2i_ASN1_BIT_STRING 712 EXIST::FUNCTION:
d2i_ASN1_BOOLEAN 713 EXIST::FUNCTION:
@ -1013,7 +1013,7 @@ RSA_padding_check_PKCS1_type_1 1035 EXIST::FUNCTION:RSA
RSA_padding_check_PKCS1_type_2 1036 EXIST::FUNCTION:RSA
RSA_padding_check_SSLv23 1037 EXIST::FUNCTION:RSA
RSA_padding_check_none 1038 EXIST::FUNCTION:RSA
bn_add_words 1039 EXIST::FUNCTION:
bn_add_words 1039 NOEXIST::FUNCTION:
d2i_Netscape_RSA_2 1040 NOEXIST::FUNCTION:
CRYPTO_get_ex_new_index 1041 EXIST::FUNCTION:
RIPEMD160_Init 1042 EXIST::FUNCTION:RIPEMD
@ -1085,7 +1085,7 @@ PROXY_set_connect_mode 1112 NOEXIST::FUNCTION:
RAND_SSLeay 1113 EXIST::FUNCTION:
RAND_set_rand_method 1114 EXIST::FUNCTION:
RSA_memory_lock 1115 EXIST::FUNCTION:RSA
bn_sub_words 1116 EXIST::FUNCTION:
bn_sub_words 1116 NOEXIST::FUNCTION:
bn_mul_normal 1117 NOEXIST::FUNCTION:
bn_mul_comba8 1118 NOEXIST::FUNCTION:
bn_mul_comba4 1119 NOEXIST::FUNCTION:
@ -2419,7 +2419,7 @@ UI_get_string_type 2916 EXIST::FUNCTION:
ENGINE_unregister_DH 2917 EXIST::FUNCTION:ENGINE
ENGINE_register_all_DSA 2918 EXIST::FUNCTION:ENGINE
OCSP_ONEREQ_get_ext_by_critical 2919 EXIST::FUNCTION:
bn_dup_expand 2920 EXIST::FUNCTION:DEPRECATED
bn_dup_expand 2920 NOEXIST::FUNCTION:
OCSP_cert_id_new 2921 EXIST::FUNCTION:
BASIC_CONSTRAINTS_it 2922 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
BASIC_CONSTRAINTS_it 2922 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@ -4513,7 +4513,6 @@ RSA_check_key_ex 4872 EXIST::FUNCTION:RSA
i2s_ASN1_IA5STRING 4874 EXIST::FUNCTION:
s2i_ASN1_IA5STRING 4875 EXIST::FUNCTION:
FIPS_dsa_sign_ctx 4876 EXIST:OPENSSL_FIPS:FUNCTION:DSA
FIPS_ecdsa_sign 4877 EXIST:OPENSSL_FIPS:FUNCTION:ECDSA
CRYPTO_ocb128_release 4878 EXIST::FUNCTION:
CRYPTO_ocb128_new 4879 EXIST::FUNCTION:
CRYPTO_ocb128_finish 4880 EXIST::FUNCTION:
@ -4526,12 +4525,12 @@ EVP_aes_192_ocb 4886 EXIST::FUNCTION:AES
EVP_aes_128_ocb 4887 EXIST::FUNCTION:AES
CRYPTO_ocb128_init 4888 EXIST::FUNCTION:
CRYPTO_ocb128_encrypt 4889 EXIST::FUNCTION:
bn_wexpand 4878 EXIST::FUNCTION:
bn_wexpand 4878 NOEXIST::FUNCTION:
BN_zero_ex 4879 EXIST::FUNCTION:
BN_is_zero 4880 EXIST::FUNCTION:
BN_with_flags 4881 EXIST::FUNCTION:
BN_abs_is_word 4882 EXIST::FUNCTION:
bn_correct_top 4883 EXIST::FUNCTION:
bn_correct_top 4883 NOEXIST::FUNCTION:
BN_to_montgomery 4884 EXIST::FUNCTION:
BN_GENCB_new 4885 EXIST::FUNCTION:
BN_is_odd 4886 EXIST::FUNCTION: