BN_CTX is opaque and the static initialiser BN_CTX_init() is not used

except internally to the allocator BN_CTX_new(), as such this deprecates
the use of BN_CTX_init() in the API. Moreover, the structure definition of
BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself.

NDEBUG should probably only be "forced" in the top-level configuration, but
until it is I will avoid removing it from bn_ctx.c which might surprise
people with massive slow-downs in their keygens. So I've left it in
bn_ctx.c but tidied up the preprocessor logic a touch and made it more
tolerant of debugging efforts.

diff --git a/CHANGES b/CHANGES
index c206df30ff18362c86d9e3867d6713395991def0..d157408763324970b7cddc23f2c7a7d8129be8bc 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 0.9.7c and 0.9.8  [xx XXX xxxx]
 
+  *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
+     that can only be obtained through BN_CTX_new() (which implicitly
+     initialises it). The presence of this function only made it possible
+     to overwrite an existing structure (and cause memory leaks).
+     [Geoff Thorpe]
+
   *) Because of the callback-based approach for implementing LHASH as a
      template type, lh_insert() adds opaque objects to hash-tables and
      lh_doall() or lh_doall_arg() are typically used with a destructor callback

diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h
index d7a5fce6ea426c2dc22e866982da7e8e9824b512..686b3b3079fcb5231397d096bebf5f2ad24cc1ff 100644 (file)
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -363,7 +363,9 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b);
 const BIGNUM *BN_value_one(void);
 char * BN_options(void);
 BN_CTX *BN_CTX_new(void);
+#ifndef OPENSSL_NO_DEPRECATED
 void   BN_CTX_init(BN_CTX *c);
+#endif
 void   BN_CTX_free(BN_CTX *c);
 void   BN_CTX_start(BN_CTX *ctx);
 BIGNUM *BN_CTX_get(BN_CTX *ctx);

diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
index 7daf19eb8436cf42bfec2aaba2a1866353b642b0..34cc75cfa93524500a5145676b2c5c344d9216fa 100644 (file)
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -54,9 +54,10 @@
  *
  */
 
-#ifndef BN_CTX_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
+#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG)
+#ifndef NDEBUG
+#define NDEBUG
+#endif
 #endif
 
 #include <stdio.h>
@@ -65,6 +66,37 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
+/* BN_CTX structure details */
+#define BN_CTX_NUM     32
+#define BN_CTX_NUM_POS 12
+struct bignum_ctx
+       {
+       int tos;
+       BIGNUM bn[BN_CTX_NUM];
+       int flags;
+       int depth;
+       int pos[BN_CTX_NUM_POS];
+       int too_many;
+       };
+
+#ifndef OPENSSL_NO_DEPRECATED
+void BN_CTX_init(BN_CTX *ctx)
+#else
+static void BN_CTX_init(BN_CTX *ctx)
+#endif
+       {
+#if 0 /* explicit version */
+       int i;
+       ctx->tos = 0;
+       ctx->flags = 0;
+       ctx->depth = 0;
+       ctx->too_many = 0;
+       for (i = 0; i < BN_CTX_NUM; i++)
+               BN_init(&(ctx->bn[i]));
+#else
+       memset(ctx, 0, sizeof *ctx);
+#endif
+       }
 
 BN_CTX *BN_CTX_new(void)
        {
@@ -82,21 +114,6 @@ BN_CTX *BN_CTX_new(void)
        return(ret);
        }
 
-void BN_CTX_init(BN_CTX *ctx)
-       {
-#if 0 /* explicit version */
-       int i;
-       ctx->tos = 0;
-       ctx->flags = 0;
-       ctx->depth = 0;
-       ctx->too_many = 0;
-       for (i = 0; i < BN_CTX_NUM; i++)
-               BN_init(&(ctx->bn[i]));
-#else
-       memset(ctx, 0, sizeof *ctx);
-#endif
-       }
-
 void BN_CTX_free(BN_CTX *ctx)
        {
        int i;

diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h
index 01cb6e92803b20ec38ea9bf9ecc62d23aa263673..0c448724d54c81e2f475f8c333987b7a7227afc1 100644 (file)
--- a/crypto/bn/bn_lcl.h
+++ b/crypto/bn/bn_lcl.h
@@ -119,20 +119,6 @@ extern "C" {
 #endif
 
 
-/* Used for temp variables */
-#define BN_CTX_NUM     32
-#define BN_CTX_NUM_POS 12
-struct bignum_ctx
-       {
-       int tos;
-       BIGNUM bn[BN_CTX_NUM];
-       int flags;
-       int depth;
-       int pos[BN_CTX_NUM_POS];
-       int too_many;
-       } /* BN_CTX */;
-
-
 /*
  * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
  *