From b6358c89a10128692875fb92921b663c4d079a1e Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sat, 13 Mar 2004 23:57:20 +0000 Subject: [PATCH] Convert openssl code not to assume the deprecated form of BN_zero(). Remove certain redundant BN_zero() initialisations, because BN_CTX_get(), BN_init(), [etc] already initialise to zero. Correct error checking in bn_sqr.c, and be less wishy-wash about how/why the result's 'top' value is set (note also, 'max' is always > 0 at this point). --- CHANGES | 6 ++++++ crypto/bn/bn_exp.c | 12 ++++++++---- crypto/bn/bn_exp2.c | 6 ++++-- crypto/bn/bn_gf2m.c | 23 +++++++++++++++-------- crypto/bn/bn_mont.c | 6 +++--- crypto/bn/bn_mul.c | 4 ++-- crypto/bn/bn_nist.c | 20 ++++++++++++++++---- crypto/bn/bn_rand.c | 4 +--- crypto/bn/bn_recp.c | 5 ++--- crypto/bn/bn_sqr.c | 17 +++++++++++------ crypto/bn/bn_sqrt.c | 4 ++-- crypto/ec/ec2_mult.c | 4 ++-- crypto/ec/ec2_smpl.c | 3 ++- crypto/ec/ec_lib.c | 4 ++-- crypto/ec/ecp_smpl.c | 7 ++++--- 15 files changed, 80 insertions(+), 45 deletions(-) diff --git a/CHANGES b/CHANGES index e675c90309..a8866ad9a0 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results, + and this should never fail. So the return value from the use of + BN_set_word() (which can fail due to needless expansion) is now deprecated; + if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro. + [Geoff Thorpe] + *) BN_CTX_get() should return zero-valued bignums, providing the same initialised value as BN_new(). [Geoff Thorpe, suggested by Ulf Möller] diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index aef77cb792..c11e5afd32 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -266,7 +266,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err; /* 1 */ if (BN_is_zero(&(val[0]))) { - ret = BN_zero(r); + BN_zero(r); + ret = 1; goto err; } @@ -409,7 +410,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, aa=a; if (BN_is_zero(aa)) { - ret = BN_zero(rr); + BN_zero(rr); + ret = 1; goto err; } if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */ @@ -541,7 +543,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, } if (a == 0) { - ret = BN_zero(rr); + BN_zero(rr); + ret = 1; return ret; } @@ -666,7 +669,8 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err; /* 1 */ if (BN_is_zero(&(val[0]))) { - ret = BN_zero(r); + BN_zero(r); + ret = 1; goto err; } diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c index 979ceeffce..1223c678ce 100644 --- a/crypto/bn/bn_exp2.c +++ b/crypto/bn/bn_exp2.c @@ -179,7 +179,8 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, a_mod_m = a1; if (BN_is_zero(a_mod_m)) { - ret = BN_zero(rr); + BN_zero(rr); + ret = 1; goto err; } @@ -214,7 +215,8 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, a_mod_m = a2; if (BN_is_zero(a_mod_m)) { - ret = BN_zero(rr); + BN_zero(rr); + ret = 1; goto err; } if (!BN_to_montgomery(&(val2[0]),a_mod_m,mont,ctx)) goto err; diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 30520eedec..17513b1166 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -329,8 +329,11 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) bn_check_top(a); if (!p[0]) + { /* reduction mod 1 => return 0 */ - return BN_zero(r); + BN_zero(r); + return 1; + } /* Since the algorithm does reduction in the r value, if a != r, copy * the contents of a into r so we can do reduction in r. @@ -590,7 +593,6 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (v == NULL) goto err; if (!BN_one(b)) goto err; - if (!BN_zero(c)) goto err; if (!BN_GF2m_mod(u, a, p)) goto err; if (!BN_copy(v, p)) goto err; @@ -709,7 +711,6 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p if (!BN_GF2m_mod(u, y, p)) goto err; if (!BN_GF2m_mod(a, x, p)) goto err; if (!BN_copy(b, p)) goto err; - if (!BN_zero(v)) goto err; while (!BN_is_odd(a)) { @@ -865,13 +866,15 @@ int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_ bn_check_top(a); if (!p[0]) + { /* reduction mod 1 => return 0 */ - return BN_zero(r); + BN_zero(r); + return 1; + } BN_CTX_start(ctx); if ((u = BN_CTX_get(ctx)) == NULL) goto err; - if (!BN_zero(u)) goto err; if (!BN_set_bit(u, p[0] - 1)) goto err; ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx); bn_check_top(r); @@ -921,8 +924,11 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p bn_check_top(a_); if (!p[0]) + { /* reduction mod 1 => return 0 */ - return BN_zero(r); + BN_zero(r); + return 1; + } BN_CTX_start(ctx); a = BN_CTX_get(ctx); @@ -934,7 +940,8 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p if (BN_is_zero(a)) { - ret = BN_zero(r); + BN_zero(r); + ret = 1; goto err; } @@ -960,7 +967,7 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p { if (!BN_rand(rho, p[0], 0, 0)) goto err; if (!BN_GF2m_mod_arr(rho, rho, p)) goto err; - if (!BN_zero(z)) goto err; + BN_zero(z); if (!BN_copy(w, rho)) goto err; for (j = 1; j <= p[0] - 1; j++) { diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index 22d23cc3d7..14650ab9d5 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -284,7 +284,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) BN_ULONG buf[2]; mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; - if (!(BN_zero(R))) goto err; + BN_zero(R); if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */ buf[0]=mod->d[0]; /* tmod = N mod word size */ @@ -314,7 +314,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) #else /* !MONT_WORD */ { /* bignum version */ mont->ri=BN_num_bits(&mont->N); - if (!BN_zero(R)) goto err; + BN_zero(R); if (!BN_set_bit(R,mont->ri)) goto err; /* R = 2^ri */ /* Ri = R^-1 mod N*/ if ((BN_mod_inverse(&Ri,R,&mont->N,ctx)) == NULL) @@ -328,7 +328,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) #endif /* setup RR for conversions */ - if (!BN_zero(&(mont->RR))) goto err; + BN_zero(&(mont->RR)); if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err; if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err; diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index 5a92f9a335..aec1eafc65 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -964,7 +964,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) if ((al == 0) || (bl == 0)) { - if (!BN_zero(r)) goto err; + BN_zero(r); return(1); } top=al+bl; @@ -1094,8 +1094,8 @@ end: if (r != rr) BN_copy(r,rr); ret=1; err: - BN_CTX_end(ctx); bn_check_top(r); + BN_CTX_end(ctx); return(ret); } diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index a29503be25..bbe2cbe749 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -319,7 +319,10 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, top = BN_ucmp(field, a); if (top == 0) - return BN_zero(r); + { + BN_zero(r); + return 1; + } else if (top > 0) return (r == a)? 1 : (BN_copy(r ,a) != NULL); @@ -394,7 +397,10 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, tmp_int = BN_ucmp(field, a); if (tmp_int == 0) - return BN_zero(r); + { + BN_zero(r); + return 1; + } else if (tmp_int > 0) return (r == a)? 1 : (BN_copy(r ,a) != NULL); @@ -514,7 +520,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, tmp_int = BN_ucmp(field, a); if (tmp_int == 0) - return BN_zero(r); + { + BN_zero(r); + return 1; + } else if (tmp_int > 0) return (r == a)? 1 : (BN_copy(r ,a) != NULL); @@ -672,7 +681,10 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, tmp_int = BN_ucmp(field, a); if (tmp_int == 0) - return BN_zero(r); + { + BN_zero(r); + return 1; + } else if (tmp_int > 0) return (r == a)? 1 : (BN_copy(r ,a) != NULL); diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index de5a1f0c63..df45575f9a 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -244,9 +244,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) /* BN_is_bit_set(range, n - 1) always holds */ if (n == 1) - { - if (!BN_zero(r)) return 0; - } + BN_zero(r); else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) { /* range = 100..._2, diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c index 411dd60895..05b845b2a1 100644 --- a/crypto/bn/bn_recp.c +++ b/crypto/bn/bn_recp.c @@ -94,7 +94,7 @@ void BN_RECP_CTX_free(BN_RECP_CTX *recp) int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx) { if (!BN_copy(&(recp->N),d)) return 0; - if (!BN_zero(&(recp->Nr))) return 0; + BN_zero(&(recp->Nr)); recp->num_bits=BN_num_bits(d); recp->shift=0; return(1); @@ -148,7 +148,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, if (BN_ucmp(m,&(recp->N)) < 0) { - if (!BN_zero(d)) return 0; + BN_zero(d); if (!BN_copy(r,m)) return 0; BN_CTX_end(ctx); return(1); @@ -221,7 +221,6 @@ int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx) BN_init(&t); - if (!BN_zero(&t)) goto err; if (!BN_set_bit(&t,len)) goto err; if (!BN_div(r,NULL,&t,m,ctx)) goto err; diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c index ab678d1f30..8831daa390 100644 --- a/crypto/bn/bn_sqr.c +++ b/crypto/bn/bn_sqr.c @@ -77,15 +77,15 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) if (al <= 0) { r->top=0; - return(1); + return 1; } BN_CTX_start(ctx); rr=(a != r) ? r : BN_CTX_get(ctx); tmp=BN_CTX_get(ctx); - if (tmp == NULL) goto err; + if (!rr || !tmp) goto err; - max=(al+al); + max = 2 * al; /* Non-zero (from above) */ if (bn_wexpand(rr,max+1) == NULL) goto err; if (al == 4) @@ -138,14 +138,19 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) #endif } - rr->top=max; rr->neg=0; - if ((max > 0) && (rr->d[max-1] == 0)) rr->top--; + /* If the most-significant half of the top word of 'a' is zero, then + * the square of 'a' will max-1 words. */ + if(a->d[al - 1] == (a->d[al - 1] & BN_MASK2l)) + rr->top = max - 1; + else + rr->top = max; if (rr != r) BN_copy(r,rr); ret = 1; err: + if(rr) bn_check_top(rr); + if(tmp) bn_check_top(tmp); BN_CTX_end(ctx); - bn_check_top(r); return(ret); } diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index 51902703e1..924ee274df 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -288,7 +288,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (BN_is_zero(t)) { /* special case: a == 0 (mod p) */ - if (!BN_zero(ret)) goto end; + BN_zero(ret); err = 0; goto end; } @@ -301,7 +301,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (BN_is_zero(x)) { /* special case: a == 0 (mod p) */ - if (!BN_zero(ret)) goto end; + BN_zero(ret); err = 0; goto end; } diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c index a0ee7c152f..a8ead01d61 100644 --- a/crypto/ec/ec2_mult.c +++ b/crypto/ec/ec2_mult.c @@ -155,8 +155,8 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG if (BN_is_zero(z1)) { - if (!BN_zero(x2)) return 0; - if (!BN_zero(z2)) return 0; + BN_zero(x2); + BN_zero(z2); return 1; } diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 89e8152015..1132c8e5af 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -335,7 +335,8 @@ int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src) int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point) { point->Z_is_one = 0; - return (BN_zero(&point->Z)); + BN_zero(&point->Z); + return 1; } diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index b3ef05659a..ba5b821c9c 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -299,12 +299,12 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIG if (order != NULL) { if (!BN_copy(&group->order, order)) return 0; } else - { if (!BN_zero(&group->order)) return 0; } + BN_zero(&group->order); if (cofactor != NULL) { if (!BN_copy(&group->cofactor, cofactor)) return 0; } else - { if (!BN_zero(&group->cofactor)) return 0; } + BN_zero(&group->cofactor); return 1; } diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 1abe831a37..de90f90aa1 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -385,7 +385,8 @@ int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src) int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point) { point->Z_is_one = 0; - return (BN_zero(&point->Z)); + BN_zero(&point->Z); + return 1; } @@ -1093,7 +1094,7 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, con else { /* a is the inverse of b */ - if (!BN_zero(&r->Z)) goto end; + BN_zero(&r->Z); r->Z_is_one = 0; ret = 1; goto end; @@ -1169,7 +1170,7 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_ if (EC_POINT_is_at_infinity(group, a)) { - if (!BN_zero(&r->Z)) return 0; + BN_zero(&r->Z); r->Z_is_one = 0; return 1; } -- 2.34.1