Commit b6358c89 authored by Geoff Thorpe's avatar Geoff Thorpe
Browse files

Convert openssl code not to assume the deprecated form of BN_zero(). 

Remove certain redundant BN_zero() initialisations, because BN_CTX_get(),
BN_init(), [etc] already initialise to zero.

Correct error checking in bn_sqr.c, and be less wishy-wash about how/why
the result's 'top' value is set (note also, 'max' is always > 0 at this
point).
parent 5d735465

CHANGES

+6 −0
Original line number Diff line number Diff line
@@ -4,6 +4,12 @@ 


 Changes between 0.9.7c and 0.9.8  [xx XXX xxxx]



  *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results,

     and this should never fail. So the return value from the use of

     BN_set_word() (which can fail due to needless expansion) is now deprecated;

     if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro.

     [Geoff Thorpe]



  *) BN_CTX_get() should return zero-valued bignums, providing the same

     initialised value as BN_new().

     [Geoff Thorpe, suggested by Ulf Möller]

crypto/bn/bn_exp.c

+8 −4
Original line number Diff line number Diff line
@@ -266,7 +266,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 
	if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err;		/* 1 */

	if (BN_is_zero(&(val[0])))

		{

		ret = BN_zero(r);

		BN_zero(r);

		ret = 1;

		goto err;

		}
@@ -409,7 +410,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, 
		aa=a;

	if (BN_is_zero(aa))

		{

		ret = BN_zero(rr);

		BN_zero(rr);

		ret = 1;

		goto err;

		}

	if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */
@@ -541,7 +543,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, 
		}

	if (a == 0)

		{

		ret = BN_zero(rr);

		BN_zero(rr);

		ret = 1;

		return ret;

		}
@@ -666,7 +669,8 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 
	if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err;		/* 1 */

	if (BN_is_zero(&(val[0])))

		{

		ret = BN_zero(r);

		BN_zero(r);

		ret = 1;

		goto err;

		}

crypto/bn/bn_exp2.c

+4 −2
Original line number Diff line number Diff line
@@ -179,7 +179,8 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, 
		a_mod_m = a1;

	if (BN_is_zero(a_mod_m))

		{

		ret = BN_zero(rr);

		BN_zero(rr);

		ret = 1;

		goto err;

		}
@@ -214,7 +215,8 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, 
		a_mod_m = a2;

	if (BN_is_zero(a_mod_m))

		{

		ret = BN_zero(rr);

		BN_zero(rr);

		ret = 1;

		goto err;

		}

	if (!BN_to_montgomery(&(val2[0]),a_mod_m,mont,ctx)) goto err;

crypto/bn/bn_gf2m.c

+15 −8
Original line number Diff line number Diff line
@@ -329,8 +329,11 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) 
	bn_check_top(a);



	if (!p[0])

		{

		/* reduction mod 1 => return 0 */

		return BN_zero(r);

		BN_zero(r);

		return 1;

		}



	/* Since the algorithm does reduction in the r value, if a != r, copy

	 * the contents of a into r so we can do reduction in r.
@@ -590,7 +593,6 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) 
	if (v == NULL) goto err;



	if (!BN_one(b)) goto err;

	if (!BN_zero(c)) goto err;

	if (!BN_GF2m_mod(u, a, p)) goto err;

	if (!BN_copy(v, p)) goto err;
@@ -709,7 +711,6 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p 
	if (!BN_GF2m_mod(u, y, p)) goto err;

	if (!BN_GF2m_mod(a, x, p)) goto err;

	if (!BN_copy(b, p)) goto err;

	if (!BN_zero(v)) goto err;

	

	while (!BN_is_odd(a))

		{
@@ -865,13 +866,15 @@ int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_ 
	bn_check_top(a);



	if (!p[0])

		{

		/* reduction mod 1 => return 0 */

		return BN_zero(r);

		BN_zero(r);

		return 1;

		}



	BN_CTX_start(ctx);

	if ((u = BN_CTX_get(ctx)) == NULL) goto err;

	

	if (!BN_zero(u)) goto err;

	if (!BN_set_bit(u, p[0] - 1)) goto err;

	ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);

	bn_check_top(r);
@@ -921,8 +924,11 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p 
	bn_check_top(a_);



	if (!p[0])

		{

		/* reduction mod 1 => return 0 */

		return BN_zero(r);

		BN_zero(r);

		return 1;

		}



	BN_CTX_start(ctx);

	a = BN_CTX_get(ctx);
@@ -934,7 +940,8 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p 
	

	if (BN_is_zero(a))

		{

		ret = BN_zero(r);

		BN_zero(r);

		ret = 1;

		goto err;

		}
@@ -960,7 +967,7 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p 
			{

			if (!BN_rand(rho, p[0], 0, 0)) goto err;

			if (!BN_GF2m_mod_arr(rho, rho, p)) goto err;

			if (!BN_zero(z)) goto err;

			BN_zero(z);

			if (!BN_copy(w, rho)) goto err;

			for (j = 1; j <= p[0] - 1; j++)

				{

crypto/bn/bn_mont.c

+3 −3
Original line number Diff line number Diff line
@@ -284,7 +284,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) 
		BN_ULONG buf[2];



		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;

		if (!(BN_zero(R))) goto err;

		BN_zero(R);

		if (!(BN_set_bit(R,BN_BITS2))) goto err;	/* R */



		buf[0]=mod->d[0]; /* tmod = N mod word size */
@@ -314,7 +314,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) 
#else /* !MONT_WORD */

		{ /* bignum version */

		mont->ri=BN_num_bits(&mont->N);

		if (!BN_zero(R)) goto err;

		BN_zero(R);

		if (!BN_set_bit(R,mont->ri)) goto err;  /* R = 2^ri */

		                                        /* Ri = R^-1 mod N*/

		if ((BN_mod_inverse(&Ri,R,&mont->N,ctx)) == NULL)
@@ -328,7 +328,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) 
#endif



	/* setup RR for conversions */

	if (!BN_zero(&(mont->RR))) goto err;

	BN_zero(&(mont->RR));

	if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err;

	if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err;