- use BN_set_negative and BN_is_negative instead of BN_set_sign

  and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"

CHANGES

@@ -462,14 +462,13 @@
      Makefile.shared, for Cygwin's sake.
      [Richard Levitte]
 
-  *) Extend the BIGNUM API by creating new macros that behave like
-     functions
-
-          void BN_set_sign(BIGNUM *a, int neg);
-          int BN_get_sign(const BIGNUM *a);
+  *) Extend the BIGNUM API by creating a function 
+          void BN_set_negative(BIGNUM *a, int neg);
+     and a macro that behave like
+          int  BN_is_negative(const BIGNUM *a);
 
-     and avoid the need to access 'a->neg' directly in applications.
-     [Nils Larsch  <nla@trustcenter.de>]
+     to avoid the need to access 'a->neg' directly in applications.
+     [Nils Larsch]
 
   *) Implement fast modular reduction for pseudo-Mersenne primes
      used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).

crypto/asn1/a_enum.c

@@ -149,7 +149,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
 		ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR);
 		goto err;
 		}
-	if(BN_get_sign(bn)) ret->type = V_ASN1_NEG_ENUMERATED;
+	if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED;
 	else ret->type=V_ASN1_ENUMERATED;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
@@ -177,6 +177,6 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
 
 	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
 		ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
-	else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_sign(ret,1);
+	else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1);
 	return(ret);
 	}

crypto/asn1/a_int.c

@@ -416,7 +416,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 		ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
 		goto err;
 		}
-	if (BN_get_sign(bn))
+	if (BN_is_negative(bn))
 		ret->type = V_ASN1_NEG_INTEGER;
 	else ret->type=V_ASN1_INTEGER;
 	j=BN_num_bits(bn);
@@ -451,7 +451,7 @@ BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
 	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
 		ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
 	else if(ai->type == V_ASN1_NEG_INTEGER)
-		BN_set_sign(ret, 1);
+		BN_set_negative(ret, 1);
 	return(ret);
 	}
 

crypto/asn1/t_pkey.c

@@ -552,7 +552,7 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
 	const char *neg;
 
 	if (num == NULL) return(1);
-	neg = (BN_get_sign(num))?"-":"";
+	neg = (BN_is_negative(num))?"-":"";
 	if(!BIO_indent(bp,off,128))
 		return 0;
 	if (BN_is_zero(num))

crypto/bn/bn.h

@@ -90,13 +90,9 @@ extern "C" {
  * BN_DEBUG - turn on various debugging alterations to the bignum code
  * BN_DEBUG_RAND - uses random poisoning of unused words to trip up
  * mismanagement of bignum internals. You must also define BN_DEBUG.
- * BN_STRICT - disables anything (not already caught by BN_DEBUG) that uses the
- * old ambiguity over zero representation. At some point, this behaviour should
- * become standard.
  */
 /* #define BN_DEBUG */
 /* #define BN_DEBUG_RAND */
-/* #define BN_STRICT */
 
 #ifdef OPENSSL_SYS_VMS
 #undef BN_LLONG /* experimental, so far... */
@@ -366,11 +362,7 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b);
 /* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */
 #define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \
 				(((w) == 0) && ((a)->top == 0)))
-#ifdef BN_STRICT
 #define BN_is_zero(a)       ((a)->top == 0)
-#else
-#define BN_is_zero(a)       BN_abs_is_word(a,0)
-#endif
 #define BN_is_one(a)        (BN_abs_is_word((a),1) && !(a)->neg)
 #define BN_is_word(a,w)     (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg))
 #define BN_is_odd(a)	    (((a)->top > 0) && ((a)->d[0] & 1))
@@ -387,14 +379,6 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b);
 #else
 #define BN_zero(a)	(BN_set_word((a),0))
 #endif
-/* BN_set_sign(BIGNUM *, int) sets the sign of a BIGNUM
- * (0 for a non-negative value, 1 for negative) */
-#define BN_set_sign(a,b) ((a)->neg = (b))
-/* BN_get_sign(BIGNUM *) returns the sign of the BIGNUM */
-#define BN_get_sign(a)   ((a)->neg)
-
-/*#define BN_ascii2bn(a)	BN_hex2bn(a) */
-/*#define BN_bn2ascii(a)	BN_bn2hex(a) */
 
 const BIGNUM *BN_value_one(void);
 char *	BN_options(void);
@@ -429,6 +413,10 @@ int	BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 int	BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 int	BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
 int	BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
+/* BN_set_negative(): sets sign of a bignum */
+void	BN_set_negative(BIGNUM *b, int n);
+/* BN_get_negative():  returns 1 if the bignum is < 0 and 0 otherwise */
+#define BN_is_negative(a) ((a)->neg != 0)
 
 int	BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
 	BN_CTX *ctx);

crypto/bn/bn_lib.c

@@ -827,6 +827,14 @@ int BN_mask_bits(BIGNUM *a, int n)
 	return(1);
 	}
 
+void BN_set_negative(BIGNUM *a, int b)
+	{
+	if (b && !BN_is_zero(a))
+		a->neg = 1;
+	else
+		a->neg = 0;
+	}
+
 int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
 	{
 	int i;

crypto/bn/bn_print.c

@@ -134,7 +134,7 @@ char *BN_bn2dec(const BIGNUM *a)
 		}
 	else
 		{
-		if (BN_get_sign(t))
+		if (BN_is_negative(t))
 			*p++ = '-';
 
 		i=0;

crypto/dsa/dsa_ossl.c

@@ -281,13 +281,13 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
 
-	if (BN_is_zero(sig->r) || BN_get_sign(sig->r) ||
+	if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
 	    BN_ucmp(sig->r, dsa->q) >= 0)
 		{
 		ret = 0;
 		goto err;
 		}
-	if (BN_is_zero(sig->s) || BN_get_sign(sig->s) ||
+	if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
 	    BN_ucmp(sig->s, dsa->q) >= 0)
 		{
 		ret = 0;

crypto/ec/ec2_mult.c

@@ -296,8 +296,8 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
 		}
 
 	/* GF(2^m) field elements should always have BIGNUM::neg = 0 */
-	BN_set_sign(&r->X, 0);
-	BN_set_sign(&r->Y, 0);
+	BN_set_negative(&r->X, 0);
+	BN_set_negative(&r->Y, 0);
 
 	ret = 1;
 
@@ -343,7 +343,7 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 	if (scalar)
 		{
 		if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err;
-		if (BN_get_sign(scalar)) 
+		if (BN_is_negative(scalar)) 
 			if (!group->meth->invert(group, p, ctx)) goto err;
 		if (!group->meth->add(group, r, r, p, ctx)) goto err;
 		}
@@ -351,7 +351,7 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 	for (i = 0; i < num; i++)
 		{
 		if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err;
-		if (BN_get_sign(scalars[i]))
+		if (BN_is_negative(scalars[i]))
 			if (!group->meth->invert(group, p, ctx)) goto err;
 		if (!group->meth->add(group, r, r, p, ctx)) goto err;
 		}

crypto/ec/ec2_smpl.c

@@ -354,11 +354,11 @@ int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT
 		}
 
 	if (!BN_copy(&point->X, x)) goto err;
-	BN_set_sign(&point->X, 0);
+	BN_set_negative(&point->X, 0);
 	if (!BN_copy(&point->Y, y)) goto err;
-	BN_set_sign(&point->Y, 0);
+	BN_set_negative(&point->Y, 0);
 	if (!BN_copy(&point->Z, BN_value_one())) goto err;
-	BN_set_sign(&point->Z, 0);
+	BN_set_negative(&point->Z, 0);
 	point->Z_is_one = 1;
 	ret = 1;
 
@@ -389,12 +389,12 @@ int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_
 	if (x != NULL)
 		{
 		if (!BN_copy(x, &point->X)) goto err;
-		BN_set_sign(x, 0);
+		BN_set_negative(x, 0);
 		}
 	if (y != NULL)
 		{
 		if (!BN_copy(y, &point->Y)) goto err;
-		BN_set_sign(y, 0);
+		BN_set_negative(y, 0);
 		}
 	ret = 1;
 		

crypto/ec/ec_mult.c

@@ -203,7 +203,7 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
 	next_bit = bit << 1; /* at most 256 */
 	mask = next_bit - 1; /* at most 255 */
 
-	if (BN_get_sign(scalar))
+	if (BN_is_negative(scalar))
 		{
 		sign = -1;
 		}

crypto/ec/ecp_smpl.c

@@ -192,7 +192,7 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group,
 
 	/* group->field */
 	if (!BN_copy(&group->field, p)) goto err;
-	BN_set_sign(&group->field, 0);
+	BN_set_negative(&group->field, 0);
 
 	/* group->a */
 	if (!BN_nnmod(tmp_a, a, p, ctx)) goto err;

crypto/ec/ectest.c

@@ -672,7 +672,7 @@ void prime_field_tests()
 
 		if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
 		if (!BN_add(z, z, y)) ABORT;
-		BN_set_sign(z, 1);
+		BN_set_negative(z, 1);
 		scalars[0] = y;
 		scalars[1] = z; /* z = -(order + y) */
 
@@ -684,7 +684,7 @@ void prime_field_tests()
 
 		if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
 		if (!BN_add(z, x, y)) ABORT;
-		BN_set_sign(z, 1);
+		BN_set_negative(z, 1);
 		scalars[0] = x;
 		scalars[1] = y;
 		scalars[2] = z; /* z = -(x+y) */
@@ -1147,7 +1147,7 @@ void char2_field_tests()
 
 		if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
 		if (!BN_add(z, z, y)) ABORT;
-		BN_set_sign(z, 1);
+		BN_set_negative(z, 1);
 		scalars[0] = y;
 		scalars[1] = z; /* z = -(order + y) */
 
@@ -1159,7 +1159,7 @@ void char2_field_tests()
 
 		if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
 		if (!BN_add(z, x, y)) ABORT;
-		BN_set_sign(z, 1);
+		BN_set_negative(z, 1);
 		scalars[0] = x;
 		scalars[1] = y;
 		scalars[2] = z; /* z = -(x+y) */

crypto/ecdsa/ecs_ossl.c

@@ -360,9 +360,9 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
 		goto err;
 	}
 
-	if (BN_is_zero(sig->r)          || BN_get_sign(sig->r) || 
+	if (BN_is_zero(sig->r)          || BN_is_negative(sig->r) || 
 	    BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s)  ||
-	    BN_get_sign(sig->s)         || BN_ucmp(sig->s, order) >= 0)
+	    BN_is_negative(sig->s)      || BN_ucmp(sig->s, order) >= 0)
 	{
 		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE);
 		ret = 0;	/* signature is invalid */

crypto/rsa/rsa_eay.c

@@ -622,7 +622,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 	if (!BN_sub(r0,r0,m1)) goto err;
 	/* This will help stop the size of r0 increasing, which does
 	 * affect the multiply if it optimised for a power of 2 size */
-	if (BN_get_sign(r0))
+	if (BN_is_negative(r0))
 		if (!BN_add(r0,r0,rsa->p)) goto err;
 
 	if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err;
@@ -634,7 +634,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 	 * This will *never* happen with OpenSSL generated keys because
          * they ensure p > q [steve]
          */
-	if (BN_get_sign(r0))
+	if (BN_is_negative(r0))
 		if (!BN_add(r0,r0,rsa->p)) goto err;
 	if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
 	if (!BN_add(r0,r1,m1)) goto err;
@@ -648,7 +648,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 		 * for absolute equality, just congruency. */
 		if (!BN_sub(vrfy, vrfy, I)) goto err;
 		if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err;
-		if (BN_get_sign(vrfy))
+		if (BN_is_negative(vrfy))
 			if (!BN_add(vrfy, vrfy, rsa->n)) goto err;
 		if (!BN_is_zero(vrfy))
 			/* 'I' and 'vrfy' aren't congruent mod n. Don't leak

doc/crypto/bn.pod

@@ -27,6 +27,9 @@ bn - multiprecision integer arithmetics
  int BN_num_bits(const BIGNUM *a);
  int BN_num_bits_word(BN_ULONG w);
 
+ void BN_set_negative(BIGNUM *a, int n);
+ int  BN_is_negative(const BIGNUM *a);
+
  int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
  int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
  int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);