BN_CTX is opaque and the static initialiser BN_CTX_init() is not used

except internally to the allocator BN_CTX_new(), as such this deprecates
the use of BN_CTX_init() in the API. Moreover, the structure definition of
BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself.

NDEBUG should probably only be "forced" in the top-level configuration, but
until it is I will avoid removing it from bn_ctx.c which might surprise
people with massive slow-downs in their keygens. So I've left it in
bn_ctx.c but tidied up the preprocessor logic a touch and made it more
tolerant of debugging efforts.

CHANGES

@@ -4,6 +4,12 @@
 
  Changes between 0.9.7c and 0.9.8  [xx XXX xxxx]
 
+  *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
+     that can only be obtained through BN_CTX_new() (which implicitly
+     initialises it). The presence of this function only made it possible
+     to overwrite an existing structure (and cause memory leaks).
+     [Geoff Thorpe]
+
   *) Because of the callback-based approach for implementing LHASH as a
      template type, lh_insert() adds opaque objects to hash-tables and
      lh_doall() or lh_doall_arg() are typically used with a destructor callback

crypto/bn/bn.h

@@ -363,7 +363,9 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b);
 const BIGNUM *BN_value_one(void);
 char *	BN_options(void);
 BN_CTX *BN_CTX_new(void);
+#ifndef OPENSSL_NO_DEPRECATED
 void	BN_CTX_init(BN_CTX *c);
+#endif
 void	BN_CTX_free(BN_CTX *c);
 void	BN_CTX_start(BN_CTX *ctx);
 BIGNUM *BN_CTX_get(BN_CTX *ctx);

crypto/bn/bn_ctx.c

@@ -54,9 +54,10 @@
  *
  */
 
-#ifndef BN_CTX_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
+#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG)
+#ifndef NDEBUG
+#define NDEBUG
+#endif
 #endif
 
 #include <stdio.h>
@@ -65,6 +66,37 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
+/* BN_CTX structure details */
+#define BN_CTX_NUM	32
+#define BN_CTX_NUM_POS	12
+struct bignum_ctx
+	{
+	int tos;
+	BIGNUM bn[BN_CTX_NUM];
+	int flags;
+	int depth;
+	int pos[BN_CTX_NUM_POS];
+	int too_many;
+	};
+
+#ifndef OPENSSL_NO_DEPRECATED
+void BN_CTX_init(BN_CTX *ctx)
+#else
+static void BN_CTX_init(BN_CTX *ctx)
+#endif
+	{
+#if 0 /* explicit version */
+	int i;
+	ctx->tos = 0;
+	ctx->flags = 0;
+	ctx->depth = 0;
+	ctx->too_many = 0;
+	for (i = 0; i < BN_CTX_NUM; i++)
+		BN_init(&(ctx->bn[i]));
+#else
+	memset(ctx, 0, sizeof *ctx);
+#endif
+	}
 
 BN_CTX *BN_CTX_new(void)
 	{
@@ -82,21 +114,6 @@ BN_CTX *BN_CTX_new(void)
 	return(ret);
 	}
 
-void BN_CTX_init(BN_CTX *ctx)
-	{
-#if 0 /* explicit version */
-	int i;
-	ctx->tos = 0;
-	ctx->flags = 0;
-	ctx->depth = 0;
-	ctx->too_many = 0;
-	for (i = 0; i < BN_CTX_NUM; i++)
-		BN_init(&(ctx->bn[i]));
-#else
-	memset(ctx, 0, sizeof *ctx);
-#endif
-	}
-
 void BN_CTX_free(BN_CTX *ctx)
 	{
 	int i;

crypto/bn/bn_lcl.h

@@ -119,20 +119,6 @@ extern "C" {
 #endif
 
 
-/* Used for temp variables */
-#define BN_CTX_NUM	32
-#define BN_CTX_NUM_POS	12
-struct bignum_ctx
-	{
-	int tos;
-	BIGNUM bn[BN_CTX_NUM];
-	int flags;
-	int depth;
-	int pos[BN_CTX_NUM_POS];
-	int too_many;
-	} /* BN_CTX */;
-
-
 /*
  * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
  *