diff --git a/CHANGES b/CHANGES index 2c48478b457cdaeb5906e7093c991e3613b6b033..84b8efae2c32908a771a4439873332cfcf870316 100644 --- a/CHANGES +++ b/CHANGES @@ -462,14 +462,13 @@ Makefile.shared, for Cygwin's sake. [Richard Levitte] - *) Extend the BIGNUM API by creating new macros that behave like - functions - - void BN_set_sign(BIGNUM *a, int neg); - int BN_get_sign(const BIGNUM *a); + *) Extend the BIGNUM API by creating a function + void BN_set_negative(BIGNUM *a, int neg); + and a macro that behave like + int BN_is_negative(const BIGNUM *a); - and avoid the need to access 'a->neg' directly in applications. - [Nils Larsch ] + to avoid the need to access 'a->neg' directly in applications. + [Nils Larsch] *) Implement fast modular reduction for pseudo-Mersenne primes used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c). diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c index af9fb9b39e318a2478fdfcde2fe2cd8a4696d0a0..fe9aa13b9cd5b71b0393ac68fe75b252a7fd6016 100644 --- a/crypto/asn1/a_enum.c +++ b/crypto/asn1/a_enum.c @@ -149,7 +149,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR); goto err; } - if(BN_get_sign(bn)) ret->type = V_ASN1_NEG_ENUMERATED; + if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED; else ret->type=V_ASN1_ENUMERATED; j=BN_num_bits(bn); len=((j == 0)?0:((j/8)+1)); @@ -177,6 +177,6 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn) if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB); - else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_sign(ret,1); + else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1); return(ret); } diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 78a6cb0d295e42fe69042a84d339f4388d9e0faf..973f0c14479bf68949d89bf09eab23ed6599a46a 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -416,7 +416,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai) ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR); goto err; } - if (BN_get_sign(bn)) + if (BN_is_negative(bn)) ret->type = V_ASN1_NEG_INTEGER; else ret->type=V_ASN1_INTEGER; j=BN_num_bits(bn); @@ -451,7 +451,7 @@ BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn) if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB); else if(ai->type == V_ASN1_NEG_INTEGER) - BN_set_sign(ret, 1); + BN_set_negative(ret, 1); return(ret); } diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c index 86bd2e04e42dd5b1b3d97a4c0a22bbd454b1442e..94bd37c32ea947868b8251cf656d55a1d88ffa43 100644 --- a/crypto/asn1/t_pkey.c +++ b/crypto/asn1/t_pkey.c @@ -552,7 +552,7 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf, const char *neg; if (num == NULL) return(1); - neg = (BN_get_sign(num))?"-":""; + neg = (BN_is_negative(num))?"-":""; if(!BIO_indent(bp,off,128)) return 0; if (BN_is_zero(num)) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index acf48b9784edcd6cacf8899591c7ee100ad7557f..36d03bd2bec1bc10b41b415502d4918f5e9b82d5 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -90,13 +90,9 @@ extern "C" { * BN_DEBUG - turn on various debugging alterations to the bignum code * BN_DEBUG_RAND - uses random poisoning of unused words to trip up * mismanagement of bignum internals. You must also define BN_DEBUG. - * BN_STRICT - disables anything (not already caught by BN_DEBUG) that uses the - * old ambiguity over zero representation. At some point, this behaviour should - * become standard. */ /* #define BN_DEBUG */ /* #define BN_DEBUG_RAND */ -/* #define BN_STRICT */ #ifdef OPENSSL_SYS_VMS #undef BN_LLONG /* experimental, so far... */ @@ -366,11 +362,7 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b); /* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ #define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ (((w) == 0) && ((a)->top == 0))) -#ifdef BN_STRICT #define BN_is_zero(a) ((a)->top == 0) -#else -#define BN_is_zero(a) BN_abs_is_word(a,0) -#endif #define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) #define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) #define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) @@ -387,14 +379,6 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b); #else #define BN_zero(a) (BN_set_word((a),0)) #endif -/* BN_set_sign(BIGNUM *, int) sets the sign of a BIGNUM - * (0 for a non-negative value, 1 for negative) */ -#define BN_set_sign(a,b) ((a)->neg = (b)) -/* BN_get_sign(BIGNUM *) returns the sign of the BIGNUM */ -#define BN_get_sign(a) ((a)->neg) - -/*#define BN_ascii2bn(a) BN_hex2bn(a) */ -/*#define BN_bn2ascii(a) BN_bn2hex(a) */ const BIGNUM *BN_value_one(void); char * BN_options(void); @@ -429,6 +413,10 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx); +/* BN_set_negative(): sets sign of a bignum */ +void BN_set_negative(BIGNUM *b, int n); +/* BN_get_negative(): returns 1 if the bignum is < 0 and 0 otherwise */ +#define BN_is_negative(a) ((a)->neg != 0) int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index bbefd80309d096623a891cd7943bb478636cf4af..05d35982e599a88a3846d73e729dacb68da6dc25 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -827,6 +827,14 @@ int BN_mask_bits(BIGNUM *a, int n) return(1); } +void BN_set_negative(BIGNUM *a, int b) + { + if (b && !BN_is_zero(a)) + a->neg = 1; + else + a->neg = 0; + } + int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) { int i; diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 5fb8473f377ea773c6dfa75b741f0f8d6adeee52..055d048856cd3801e50d562e15b883d69676732a 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -134,7 +134,7 @@ char *BN_bn2dec(const BIGNUM *a) } else { - if (BN_get_sign(t)) + if (BN_is_negative(t)) *p++ = '-'; i=0; diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index c3ad7a14abdf830f109d812171e28556497a9563..a37763468a61e5fcba56dd3bd4291b4dc83bd57a 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -281,13 +281,13 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, if ((ctx=BN_CTX_new()) == NULL) goto err; - if (BN_is_zero(sig->r) || BN_get_sign(sig->r) || + if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || BN_ucmp(sig->r, dsa->q) >= 0) { ret = 0; goto err; } - if (BN_is_zero(sig->s) || BN_get_sign(sig->s) || + if (BN_is_zero(sig->s) || BN_is_negative(sig->s) || BN_ucmp(sig->s, dsa->q) >= 0) { ret = 0; diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c index a8ead01d610d1d0fb717f8cbdac9b44d9269206a..3431671444e1d6d42787e28cf647f58dadb12e57 100644 --- a/crypto/ec/ec2_mult.c +++ b/crypto/ec/ec2_mult.c @@ -296,8 +296,8 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, } /* GF(2^m) field elements should always have BIGNUM::neg = 0 */ - BN_set_sign(&r->X, 0); - BN_set_sign(&r->Y, 0); + BN_set_negative(&r->X, 0); + BN_set_negative(&r->Y, 0); ret = 1; @@ -343,7 +343,7 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (scalar) { if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err; - if (BN_get_sign(scalar)) + if (BN_is_negative(scalar)) if (!group->meth->invert(group, p, ctx)) goto err; if (!group->meth->add(group, r, r, p, ctx)) goto err; } @@ -351,7 +351,7 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, for (i = 0; i < num; i++) { if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err; - if (BN_get_sign(scalars[i])) + if (BN_is_negative(scalars[i])) if (!group->meth->invert(group, p, ctx)) goto err; if (!group->meth->add(group, r, r, p, ctx)) goto err; } diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 34c3a953a5a55e20e87f980e88e9fcfe55ccb880..a9f7c9d378060d195e33127afd257d2ff3c44132 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -354,11 +354,11 @@ int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT } if (!BN_copy(&point->X, x)) goto err; - BN_set_sign(&point->X, 0); + BN_set_negative(&point->X, 0); if (!BN_copy(&point->Y, y)) goto err; - BN_set_sign(&point->Y, 0); + BN_set_negative(&point->Y, 0); if (!BN_copy(&point->Z, BN_value_one())) goto err; - BN_set_sign(&point->Z, 0); + BN_set_negative(&point->Z, 0); point->Z_is_one = 1; ret = 1; @@ -389,12 +389,12 @@ int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_ if (x != NULL) { if (!BN_copy(x, &point->X)) goto err; - BN_set_sign(x, 0); + BN_set_negative(x, 0); } if (y != NULL) { if (!BN_copy(y, &point->Y)) goto err; - BN_set_sign(y, 0); + BN_set_negative(y, 0); } ret = 1; diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 236b66c18a6be7f747f63cf0361abb1782e1ce76..101f44a2e0e9c0d70cbbea07d0fac93d50d63a19 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -203,7 +203,7 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) next_bit = bit << 1; /* at most 256 */ mask = next_bit - 1; /* at most 255 */ - if (BN_get_sign(scalar)) + if (BN_is_negative(scalar)) { sign = -1; } diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 1c0052c5ca99759909585678a545d802b8fc7abf..75296a36733089fb555ed2bc703a044863e4c58d 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -192,7 +192,7 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group, /* group->field */ if (!BN_copy(&group->field, p)) goto err; - BN_set_sign(&group->field, 0); + BN_set_negative(&group->field, 0); /* group->a */ if (!BN_nnmod(tmp_a, a, p, ctx)) goto err; diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index b96feae7f327fb686a4318a095bfff335a79571c..92d2f671acc2652238046a40d6e6ee9735d65075 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -672,7 +672,7 @@ void prime_field_tests() if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT; if (!BN_add(z, z, y)) ABORT; - BN_set_sign(z, 1); + BN_set_negative(z, 1); scalars[0] = y; scalars[1] = z; /* z = -(order + y) */ @@ -684,7 +684,7 @@ void prime_field_tests() if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT; if (!BN_add(z, x, y)) ABORT; - BN_set_sign(z, 1); + BN_set_negative(z, 1); scalars[0] = x; scalars[1] = y; scalars[2] = z; /* z = -(x+y) */ @@ -1147,7 +1147,7 @@ void char2_field_tests() if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT; if (!BN_add(z, z, y)) ABORT; - BN_set_sign(z, 1); + BN_set_negative(z, 1); scalars[0] = y; scalars[1] = z; /* z = -(order + y) */ @@ -1159,7 +1159,7 @@ void char2_field_tests() if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT; if (!BN_add(z, x, y)) ABORT; - BN_set_sign(z, 1); + BN_set_negative(z, 1); scalars[0] = x; scalars[1] = y; scalars[2] = z; /* z = -(x+y) */ diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 712f666641795818285a14aa08ba4d5a63fcf0b3..61125b282f35a6bc2e40a2ea647685ae0f069d29 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -360,9 +360,9 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, goto err; } - if (BN_is_zero(sig->r) || BN_get_sign(sig->r) || + if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || - BN_get_sign(sig->s) || BN_ucmp(sig->s, order) >= 0) + BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) { ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE); ret = 0; /* signature is invalid */ diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index b66b4bc14094d22a8cffb8d5a2b20117e11e7e90..3ee753ec86d1f3027afcfe0f04ce14fbdf0176b4 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -622,7 +622,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) if (!BN_sub(r0,r0,m1)) goto err; /* This will help stop the size of r0 increasing, which does * affect the multiply if it optimised for a power of 2 size */ - if (BN_get_sign(r0)) + if (BN_is_negative(r0)) if (!BN_add(r0,r0,rsa->p)) goto err; if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err; @@ -634,7 +634,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) * This will *never* happen with OpenSSL generated keys because * they ensure p > q [steve] */ - if (BN_get_sign(r0)) + if (BN_is_negative(r0)) if (!BN_add(r0,r0,rsa->p)) goto err; if (!BN_mul(r1,r0,rsa->q,ctx)) goto err; if (!BN_add(r0,r1,m1)) goto err; @@ -648,7 +648,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) * for absolute equality, just congruency. */ if (!BN_sub(vrfy, vrfy, I)) goto err; if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err; - if (BN_get_sign(vrfy)) + if (BN_is_negative(vrfy)) if (!BN_add(vrfy, vrfy, rsa->n)) goto err; if (!BN_is_zero(vrfy)) /* 'I' and 'vrfy' aren't congruent mod n. Don't leak diff --git a/doc/crypto/bn.pod b/doc/crypto/bn.pod index 210dfeac08cdce4891d26d83f836121a1310d370..c3b0d08918c821dd00ca5c7a0d166bb5c118bbcf 100644 --- a/doc/crypto/bn.pod +++ b/doc/crypto/bn.pod @@ -27,6 +27,9 @@ bn - multiprecision integer arithmetics int BN_num_bits(const BIGNUM *a); int BN_num_bits_word(BN_ULONG w); + void BN_set_negative(BIGNUM *a, int n); + int BN_is_negative(const BIGNUM *a); + int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);