Move bn internal functions into bn_int.h and bn_lcl.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
parent
e35af275d5
commit
02a62d1a4a
108
crypto/bn/bn.h
108
crypto/bn/bn.h
@ -620,114 +620,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv,
|
||||
const unsigned char *message, size_t message_len,
|
||||
BN_CTX *ctx);
|
||||
|
||||
/* library internal functions */
|
||||
|
||||
#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
|
||||
(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
|
||||
BIGNUM *bn_wexpand(BIGNUM *a, int words);
|
||||
BIGNUM *bn_expand2(BIGNUM *a, int words);
|
||||
#ifndef OPENSSL_NO_DEPRECATED
|
||||
BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
|
||||
#endif
|
||||
|
||||
/* Bignum consistency macros
|
||||
* There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
|
||||
* bignum data after direct manipulations on the data. There is also an
|
||||
* "internal" macro, bn_check_top(), for verifying that there are no leading
|
||||
* zeroes. Unfortunately, some auditing is required due to the fact that
|
||||
* bn_fix_top() has become an overabused duct-tape because bignum data is
|
||||
* occasionally passed around in an inconsistent state. So the following
|
||||
* changes have been made to sort this out;
|
||||
* - bn_fix_top()s implementation has been moved to bn_correct_top()
|
||||
* - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
|
||||
* bn_check_top() is as before.
|
||||
* - if BN_DEBUG *is* defined;
|
||||
* - bn_check_top() tries to pollute unused words even if the bignum 'top' is
|
||||
* consistent. (ed: only if BN_DEBUG_RAND is defined)
|
||||
* - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
|
||||
* The idea is to have debug builds flag up inconsistent bignums when they
|
||||
* occur. If that occurs in a bn_fix_top(), we examine the code in question; if
|
||||
* the use of bn_fix_top() was appropriate (ie. it follows directly after code
|
||||
* that manipulates the bignum) it is converted to bn_correct_top(), and if it
|
||||
* was not appropriate, we convert it permanently to bn_check_top() and track
|
||||
* down the cause of the bug. Eventually, no internal code should be using the
|
||||
* bn_fix_top() macro. External applications and libraries should try this with
|
||||
* their own code too, both in terms of building against the openssl headers
|
||||
* with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
|
||||
* defined. This not only improves external code, it provides more test
|
||||
* coverage for openssl's own code.
|
||||
*/
|
||||
|
||||
#ifdef BN_DEBUG
|
||||
|
||||
/* We only need assert() when debugging */
|
||||
#include <assert.h>
|
||||
|
||||
#ifdef BN_DEBUG_RAND
|
||||
/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
|
||||
#ifndef RAND_pseudo_bytes
|
||||
int RAND_pseudo_bytes(unsigned char *buf,int num);
|
||||
#define BN_DEBUG_TRIX
|
||||
#endif
|
||||
#define bn_pollute(a) \
|
||||
do { \
|
||||
const BIGNUM *_bnum1 = (a); \
|
||||
if(_bnum1->top < _bnum1->dmax) { \
|
||||
unsigned char _tmp_char; \
|
||||
/* We cast away const without the compiler knowing, any \
|
||||
* *genuinely* constant variables that aren't mutable \
|
||||
* wouldn't be constructed with top!=dmax. */ \
|
||||
BN_ULONG *_not_const; \
|
||||
memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
|
||||
RAND_pseudo_bytes(&_tmp_char, 1); \
|
||||
memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
|
||||
(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
|
||||
} \
|
||||
} while(0)
|
||||
#ifdef BN_DEBUG_TRIX
|
||||
#undef RAND_pseudo_bytes
|
||||
#endif
|
||||
#else
|
||||
#define bn_pollute(a)
|
||||
#endif
|
||||
#define bn_check_top(a) \
|
||||
do { \
|
||||
const BIGNUM *_bnum2 = (a); \
|
||||
if (_bnum2 != NULL) { \
|
||||
assert((_bnum2->top == 0) || \
|
||||
(_bnum2->d[_bnum2->top - 1] != 0)); \
|
||||
bn_pollute(_bnum2); \
|
||||
} \
|
||||
} while(0)
|
||||
|
||||
#define bn_fix_top(a) bn_check_top(a)
|
||||
|
||||
#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
|
||||
#define bn_wcheck_size(bn, words) \
|
||||
do { \
|
||||
const BIGNUM *_bnum2 = (bn); \
|
||||
assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
|
||||
} while(0)
|
||||
|
||||
#else /* !BN_DEBUG */
|
||||
|
||||
#define bn_pollute(a)
|
||||
#define bn_check_top(a)
|
||||
#define bn_fix_top(a) bn_correct_top(a)
|
||||
#define bn_check_size(bn, bits)
|
||||
#define bn_wcheck_size(bn, words)
|
||||
|
||||
#endif
|
||||
|
||||
void bn_correct_top(BIGNUM *a);
|
||||
|
||||
|
||||
BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
|
||||
BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
|
||||
void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
|
||||
BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
|
||||
BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
|
||||
BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
|
||||
|
||||
/* Primes from RFC 2409 */
|
||||
BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
|
||||
|
@ -118,6 +118,103 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* Bignum consistency macros
|
||||
* There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
|
||||
* bignum data after direct manipulations on the data. There is also an
|
||||
* "internal" macro, bn_check_top(), for verifying that there are no leading
|
||||
* zeroes. Unfortunately, some auditing is required due to the fact that
|
||||
* bn_fix_top() has become an overabused duct-tape because bignum data is
|
||||
* occasionally passed around in an inconsistent state. So the following
|
||||
* changes have been made to sort this out;
|
||||
* - bn_fix_top()s implementation has been moved to bn_correct_top()
|
||||
* - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
|
||||
* bn_check_top() is as before.
|
||||
* - if BN_DEBUG *is* defined;
|
||||
* - bn_check_top() tries to pollute unused words even if the bignum 'top' is
|
||||
* consistent. (ed: only if BN_DEBUG_RAND is defined)
|
||||
* - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
|
||||
* The idea is to have debug builds flag up inconsistent bignums when they
|
||||
* occur. If that occurs in a bn_fix_top(), we examine the code in question; if
|
||||
* the use of bn_fix_top() was appropriate (ie. it follows directly after code
|
||||
* that manipulates the bignum) it is converted to bn_correct_top(), and if it
|
||||
* was not appropriate, we convert it permanently to bn_check_top() and track
|
||||
* down the cause of the bug. Eventually, no internal code should be using the
|
||||
* bn_fix_top() macro. External applications and libraries should try this with
|
||||
* their own code too, both in terms of building against the openssl headers
|
||||
* with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
|
||||
* defined. This not only improves external code, it provides more test
|
||||
* coverage for openssl's own code.
|
||||
*/
|
||||
|
||||
#ifdef BN_DEBUG
|
||||
|
||||
/* We only need assert() when debugging */
|
||||
#include <assert.h>
|
||||
|
||||
#ifdef BN_DEBUG_RAND
|
||||
/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
|
||||
#ifndef RAND_pseudo_bytes
|
||||
int RAND_pseudo_bytes(unsigned char *buf,int num);
|
||||
#define BN_DEBUG_TRIX
|
||||
#endif
|
||||
#define bn_pollute(a) \
|
||||
do { \
|
||||
const BIGNUM *_bnum1 = (a); \
|
||||
if(_bnum1->top < _bnum1->dmax) { \
|
||||
unsigned char _tmp_char; \
|
||||
/* We cast away const without the compiler knowing, any \
|
||||
* *genuinely* constant variables that aren't mutable \
|
||||
* wouldn't be constructed with top!=dmax. */ \
|
||||
BN_ULONG *_not_const; \
|
||||
memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
|
||||
RAND_pseudo_bytes(&_tmp_char, 1); \
|
||||
memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
|
||||
(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
|
||||
} \
|
||||
} while(0)
|
||||
#ifdef BN_DEBUG_TRIX
|
||||
#undef RAND_pseudo_bytes
|
||||
#endif
|
||||
#else
|
||||
#define bn_pollute(a)
|
||||
#endif
|
||||
#define bn_check_top(a) \
|
||||
do { \
|
||||
const BIGNUM *_bnum2 = (a); \
|
||||
if (_bnum2 != NULL) { \
|
||||
assert((_bnum2->top == 0) || \
|
||||
(_bnum2->d[_bnum2->top - 1] != 0)); \
|
||||
bn_pollute(_bnum2); \
|
||||
} \
|
||||
} while(0)
|
||||
|
||||
#define bn_fix_top(a) bn_check_top(a)
|
||||
|
||||
#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
|
||||
#define bn_wcheck_size(bn, words) \
|
||||
do { \
|
||||
const BIGNUM *_bnum2 = (bn); \
|
||||
assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
|
||||
} while(0)
|
||||
|
||||
#else /* !BN_DEBUG */
|
||||
|
||||
#define bn_pollute(a)
|
||||
#define bn_check_top(a)
|
||||
#define bn_fix_top(a) bn_correct_top(a)
|
||||
#define bn_check_size(bn, bits)
|
||||
#define bn_wcheck_size(bn, words)
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
|
||||
BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
|
||||
void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
|
||||
BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
|
||||
BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
|
||||
BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
|
||||
|
||||
|
||||
struct bignum_st
|
||||
{
|
||||
|
@ -370,63 +370,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
|
||||
return(a);
|
||||
}
|
||||
|
||||
/* This is an internal function that can be used instead of bn_expand2()
|
||||
* when there is a need to copy BIGNUMs instead of only expanding the
|
||||
* data part, while still expanding them.
|
||||
* Especially useful when needing to expand BIGNUMs that are declared
|
||||
* 'const' and should therefore not be changed.
|
||||
* The reason to use this instead of a BN_dup() followed by a bn_expand2()
|
||||
* is memory allocation overhead. A BN_dup() followed by a bn_expand2()
|
||||
* will allocate new memory for the BIGNUM data twice, and free it once,
|
||||
* while bn_dup_expand() makes sure allocation is made only once.
|
||||
*/
|
||||
|
||||
#ifndef OPENSSL_NO_DEPRECATED
|
||||
BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
|
||||
{
|
||||
BIGNUM *r = NULL;
|
||||
|
||||
bn_check_top(b);
|
||||
|
||||
/* This function does not work if
|
||||
* words <= b->dmax && top < words
|
||||
* because BN_dup() does not preserve 'dmax'!
|
||||
* (But bn_dup_expand() is not used anywhere yet.)
|
||||
*/
|
||||
|
||||
if (words > b->dmax)
|
||||
{
|
||||
BN_ULONG *a = bn_expand_internal(b, words);
|
||||
|
||||
if (a)
|
||||
{
|
||||
r = BN_new();
|
||||
if (r)
|
||||
{
|
||||
r->top = b->top;
|
||||
r->dmax = words;
|
||||
r->neg = b->neg;
|
||||
r->d = a;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* r == NULL, BN_new failure */
|
||||
OPENSSL_free(a);
|
||||
}
|
||||
}
|
||||
/* If a == NULL, there was an error in allocation in
|
||||
bn_expand_internal(), and NULL should be returned */
|
||||
}
|
||||
else
|
||||
{
|
||||
r = BN_dup(b);
|
||||
}
|
||||
|
||||
bn_check_top(r);
|
||||
return r;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* This is an internal function that should not be used in applications.
|
||||
* It ensures that 'b' has enough room for a 'words' word number
|
||||
* and initialises any unused part of b->d with leading zeros.
|
||||
|
@ -62,6 +62,13 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
|
||||
(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
|
||||
BIGNUM *bn_wexpand(BIGNUM *a, int words);
|
||||
BIGNUM *bn_expand2(BIGNUM *a, int words);
|
||||
|
||||
void bn_correct_top(BIGNUM *a);
|
||||
|
||||
/* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
|
||||
* This is an array r[] of values that are either zero or odd with an
|
||||
* absolute value less than 2^w satisfying
|
||||
|
@ -694,13 +694,13 @@ a2i_ASN1_INTEGER 700 EXIST::FUNCTION:BIO
|
||||
a2i_ASN1_STRING 701 EXIST::FUNCTION:BIO
|
||||
asn1_Finish 702 EXIST::FUNCTION:
|
||||
asn1_GetSequence 703 EXIST::FUNCTION:
|
||||
bn_div_words 704 EXIST::FUNCTION:
|
||||
bn_expand2 705 EXIST::FUNCTION:
|
||||
bn_mul_add_words 706 EXIST::FUNCTION:
|
||||
bn_mul_words 707 EXIST::FUNCTION:
|
||||
bn_div_words 704 NOEXIST::FUNCTION:
|
||||
bn_expand2 705 NOEXIST::FUNCTION:
|
||||
bn_mul_add_words 706 NOEXIST::FUNCTION:
|
||||
bn_mul_words 707 NOEXIST::FUNCTION:
|
||||
BN_uadd 708 EXIST::FUNCTION:
|
||||
BN_usub 709 EXIST::FUNCTION:
|
||||
bn_sqr_words 710 EXIST::FUNCTION:
|
||||
bn_sqr_words 710 NOEXIST::FUNCTION:
|
||||
_ossl_old_crypt 711 EXIST:!NeXT,!PERL5:FUNCTION:DES
|
||||
d2i_ASN1_BIT_STRING 712 EXIST::FUNCTION:
|
||||
d2i_ASN1_BOOLEAN 713 EXIST::FUNCTION:
|
||||
@ -1013,7 +1013,7 @@ RSA_padding_check_PKCS1_type_1 1035 EXIST::FUNCTION:RSA
|
||||
RSA_padding_check_PKCS1_type_2 1036 EXIST::FUNCTION:RSA
|
||||
RSA_padding_check_SSLv23 1037 EXIST::FUNCTION:RSA
|
||||
RSA_padding_check_none 1038 EXIST::FUNCTION:RSA
|
||||
bn_add_words 1039 EXIST::FUNCTION:
|
||||
bn_add_words 1039 NOEXIST::FUNCTION:
|
||||
d2i_Netscape_RSA_2 1040 NOEXIST::FUNCTION:
|
||||
CRYPTO_get_ex_new_index 1041 EXIST::FUNCTION:
|
||||
RIPEMD160_Init 1042 EXIST::FUNCTION:RIPEMD
|
||||
@ -1085,7 +1085,7 @@ PROXY_set_connect_mode 1112 NOEXIST::FUNCTION:
|
||||
RAND_SSLeay 1113 EXIST::FUNCTION:
|
||||
RAND_set_rand_method 1114 EXIST::FUNCTION:
|
||||
RSA_memory_lock 1115 EXIST::FUNCTION:RSA
|
||||
bn_sub_words 1116 EXIST::FUNCTION:
|
||||
bn_sub_words 1116 NOEXIST::FUNCTION:
|
||||
bn_mul_normal 1117 NOEXIST::FUNCTION:
|
||||
bn_mul_comba8 1118 NOEXIST::FUNCTION:
|
||||
bn_mul_comba4 1119 NOEXIST::FUNCTION:
|
||||
@ -2419,7 +2419,7 @@ UI_get_string_type 2916 EXIST::FUNCTION:
|
||||
ENGINE_unregister_DH 2917 EXIST::FUNCTION:ENGINE
|
||||
ENGINE_register_all_DSA 2918 EXIST::FUNCTION:ENGINE
|
||||
OCSP_ONEREQ_get_ext_by_critical 2919 EXIST::FUNCTION:
|
||||
bn_dup_expand 2920 EXIST::FUNCTION:DEPRECATED
|
||||
bn_dup_expand 2920 NOEXIST::FUNCTION:
|
||||
OCSP_cert_id_new 2921 EXIST::FUNCTION:
|
||||
BASIC_CONSTRAINTS_it 2922 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
|
||||
BASIC_CONSTRAINTS_it 2922 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
|
||||
@ -4513,7 +4513,6 @@ RSA_check_key_ex 4872 EXIST::FUNCTION:RSA
|
||||
i2s_ASN1_IA5STRING 4874 EXIST::FUNCTION:
|
||||
s2i_ASN1_IA5STRING 4875 EXIST::FUNCTION:
|
||||
FIPS_dsa_sign_ctx 4876 EXIST:OPENSSL_FIPS:FUNCTION:DSA
|
||||
FIPS_ecdsa_sign 4877 EXIST:OPENSSL_FIPS:FUNCTION:ECDSA
|
||||
CRYPTO_ocb128_release 4878 EXIST::FUNCTION:
|
||||
CRYPTO_ocb128_new 4879 EXIST::FUNCTION:
|
||||
CRYPTO_ocb128_finish 4880 EXIST::FUNCTION:
|
||||
@ -4526,12 +4525,12 @@ EVP_aes_192_ocb 4886 EXIST::FUNCTION:AES
|
||||
EVP_aes_128_ocb 4887 EXIST::FUNCTION:AES
|
||||
CRYPTO_ocb128_init 4888 EXIST::FUNCTION:
|
||||
CRYPTO_ocb128_encrypt 4889 EXIST::FUNCTION:
|
||||
bn_wexpand 4878 EXIST::FUNCTION:
|
||||
bn_wexpand 4878 NOEXIST::FUNCTION:
|
||||
BN_zero_ex 4879 EXIST::FUNCTION:
|
||||
BN_is_zero 4880 EXIST::FUNCTION:
|
||||
BN_with_flags 4881 EXIST::FUNCTION:
|
||||
BN_abs_is_word 4882 EXIST::FUNCTION:
|
||||
bn_correct_top 4883 EXIST::FUNCTION:
|
||||
bn_correct_top 4883 NOEXIST::FUNCTION:
|
||||
BN_to_montgomery 4884 EXIST::FUNCTION:
|
||||
BN_GENCB_new 4885 EXIST::FUNCTION:
|
||||
BN_is_odd 4886 EXIST::FUNCTION:
|
||||
|
Loading…
x
Reference in New Issue
Block a user