Hide BN_CTX structure details.

Incease the number of BIGNUMs in a BN_CTX.

diff --git a/CHANGES b/CHANGES
index d52d19f0a8ee760f45479e7535c3cc928ab5374a..4824aeee8a10d8c032ba437d5be2dcce80b13faf 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,10 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them
+     in <openssl/bn.h>.  Also further increase BN_CTX_NUM to 24.
+     [Bodo Moeller]
+
   *) Modify EVP_Digest*() routines so they now return values. Although the
      internal software routines can never fail additional hardware versions
      might.

diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h
index 50bc303a34990a0ae07c37fb63ba0dd2a247c996..7e4234339bf5c2407777584a7cc7a4e8838de0e1 100644 (file)
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -238,18 +238,8 @@ typedef struct bignum_st
        int flags;
        } BIGNUM;
 
-/* Used for temp variables */
-#define BN_CTX_NUM     20
-#define BN_CTX_NUM_POS 12
-typedef struct bignum_ctx
-       {
-       int tos;
-       BIGNUM bn[BN_CTX_NUM];
-       int flags;
-       int depth;
-       int pos[BN_CTX_NUM_POS];
-       int too_many;
-       } BN_CTX;
+/* Used for temp variables (declaration hidden in bn_lcl.h) */
+typedef struct bignum_ctx BN_CTX;
 
 typedef struct bn_blinding_st
        {

diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
index 28b334fbd56f55a5731e20bb590239ba2d8d0431..7daf19eb8436cf42bfec2aaba2a1866353b642b0 100644 (file)
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -61,8 +61,9 @@
 
 #include <stdio.h>
 #include <assert.h>
+
 #include "cryptlib.h"
-#include <openssl/bn.h>
+#include "bn_lcl.h"
 
 
 BN_CTX *BN_CTX_new(void)
@@ -83,6 +84,7 @@ BN_CTX *BN_CTX_new(void)
 
 void BN_CTX_init(BN_CTX *ctx)
        {
+#if 0 /* explicit version */
        int i;
        ctx->tos = 0;
        ctx->flags = 0;
@@ -90,6 +92,9 @@ void BN_CTX_init(BN_CTX *ctx)
        ctx->too_many = 0;
        for (i = 0; i < BN_CTX_NUM; i++)
                BN_init(&(ctx->bn[i]));
+#else
+       memset(ctx, 0, sizeof *ctx);
+#endif
        }
 
 void BN_CTX_free(BN_CTX *ctx)

diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h
index 3314f5ad35b974dbbec8d15f168aa7e0bbe3e6a3..df12a01b7a634488b278d0b83af88ae17bf76532 100644 (file)
--- a/crypto/bn/bn_lcl.h
+++ b/crypto/bn/bn_lcl.h
@@ -119,6 +119,20 @@ extern "C" {
 #endif
 
 
+/* Used for temp variables */
+#define BN_CTX_NUM     24
+#define BN_CTX_NUM_POS 12
+struct bignum_ctx
+       {
+       int tos;
+       BIGNUM bn[BN_CTX_NUM];
+       int flags;
+       int depth;
+       int pos[BN_CTX_NUM_POS];
+       int too_many;
+       } /* BN_CTX */;
+
+
 /*
  * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
  *

diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c
index 43a620e3a5fb3a7f4894c088640fdc0755bdf583..443cf420e5ce9cd54a2f420676adf465d1b08db0 100644 (file)
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -485,9 +485,11 @@ int test_mul(BIO *bp)
        {
        BIGNUM a,b,c,d,e;
        int i;
-       BN_CTX ctx;
+       BN_CTX *ctx;
 
-       BN_CTX_init(&ctx);
+       ctx = BN_CTX_new();
+       if (ctx == NULL) exit(1);
+       
        BN_init(&a);
        BN_init(&b);
        BN_init(&c);
@@ -505,7 +507,7 @@ int test_mul(BIO *bp)
                        BN_bntest_rand(&b,i-num1,0,0);
                a.neg=rand_neg();
                b.neg=rand_neg();
-               BN_mul(&c,&a,&b,&ctx);
+               BN_mul(&c,&a,&b,ctx);
                if (bp != NULL)
                        {
                        if (!results)
@@ -518,7 +520,7 @@ int test_mul(BIO *bp)
                        BN_print(bp,&c);
                        BIO_puts(bp,"\n");
                        }
-               BN_div(&d,&e,&c,&a,&ctx);
+               BN_div(&d,&e,&c,&a,ctx);
                BN_sub(&d,&d,&b);
                if(!BN_is_zero(&d) || !BN_is_zero(&e))
                    {
@@ -531,7 +533,7 @@ int test_mul(BIO *bp)
        BN_free(&c);
        BN_free(&d);
        BN_free(&e);
-       BN_CTX_free(&ctx);
+       BN_CTX_free(ctx);
        return(1);
        }
 

diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index ad86048a368eec84c3e78b99b9ddec116b01cc11..91af882e43356860459ddd4a91e6025c405b74c2 100644 (file)
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -101,11 +101,12 @@ const DH_METHOD *DH_OpenSSL(void)
 static int generate_key(DH *dh)
        {
        int ok=0;
-       BN_CTX ctx;
+       BN_CTX *ctx;
        BN_MONT_CTX *mont;
        BIGNUM *pub_key=NULL,*priv_key=NULL;
 
-       BN_CTX_init(&ctx);
+       ctx = BN_CTX_new();
+       if (ctx == NULL) goto err;
 
        if (dh->priv_key == NULL)
                {
@@ -130,12 +131,12 @@ static int generate_key(DH *dh)
                {
                if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
-                               dh->p,&ctx)) goto err;
+                               dh->p,ctx)) goto err;
                }
        mont=(BN_MONT_CTX *)dh->method_mont_p;
 
        if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
-                               priv_key,dh->p,&ctx,mont))
+                               priv_key,dh->p,ctx,mont))
                goto err;
                
        dh->pub_key=pub_key;
@@ -147,20 +148,21 @@ err:
 
        if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
        if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
-       BN_CTX_free(&ctx);
+       BN_CTX_free(ctx);
        return(ok);
        }
 
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
        {
-       BN_CTX ctx;
+       BN_CTX *ctx;
        BN_MONT_CTX *mont;
        BIGNUM *tmp;
        int ret= -1;
 
-       BN_CTX_init(&ctx);
-       BN_CTX_start(&ctx);
-       tmp = BN_CTX_get(&ctx);
+       ctx = BN_CTX_new();
+       if (ctx == NULL) goto err;
+       BN_CTX_start(ctx);
+       tmp = BN_CTX_get(ctx);
        
        if (dh->priv_key == NULL)
                {
@@ -171,12 +173,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
                {
                if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
-                               dh->p,&ctx)) goto err;
+                               dh->p,ctx)) goto err;
                }
 
        mont=(BN_MONT_CTX *)dh->method_mont_p;
        if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, tmp, pub_key,
-                               dh->priv_key,dh->p,&ctx,mont))
+                               dh->priv_key,dh->p,ctx,mont))
                {
                DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
                goto err;
@@ -184,8 +186,8 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 
        ret=BN_bn2bin(tmp,key);
 err:
-       BN_CTX_end(&ctx);
-       BN_CTX_free(&ctx);
+       BN_CTX_end(ctx);
+       BN_CTX_free(ctx);
        return(ret);
        }
 

diff --git a/crypto/engine/engine_openssl.c b/crypto/engine/engine_openssl.c
index a6292a0af212841f51207735d943b0fb2d8b5ed7..b8d90757843de01bf307ec0702037a2a436b8376 100644 (file)
--- a/crypto/engine/engine_openssl.c
+++ b/crypto/engine/engine_openssl.c
@@ -129,6 +129,7 @@ static int openssl_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        BN_init(&r1);
        /* BN_mul() cannot accept const BIGNUMs so I use the BN_CTX
         * to duplicate what I need. <sigh> */
+       BN_CTX_start(bn_ctx);
        if ((temp_bn = BN_CTX_get(bn_ctx)) == NULL) goto err;
        if (!BN_copy(temp_bn, iqmp)) goto err;
  
@@ -166,8 +167,7 @@ static int openssl_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 err:
        BN_clear_free(&m1);
        BN_clear_free(&r1);
-       if (temp_bn)
-               bn_ctx->tos--;
+       BN_CTX_end(ctx);
        if (!ctx)
                BN_CTX_free(bn_ctx);
        return(ret);

diff --git a/crypto/engine/hw_atalla.c b/crypto/engine/hw_atalla.c
index 9cd9bac5d30a513f4dfa4f52bf0a27dbfc768e6e..84105516eeb3b96135bd8ad3fecf8353aa46173e 100644 (file)
--- a/crypto/engine/hw_atalla.c
+++ b/crypto/engine/hw_atalla.c
@@ -318,11 +318,12 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                goto err;
        }
        /* Prepare the params */
+       BN_CTX_start(ctx);
        modulus = BN_CTX_get(ctx);
        exponent = BN_CTX_get(ctx);
        argument = BN_CTX_get(ctx);
        result = BN_CTX_get(ctx);
-       if(!modulus || !exponent || !argument || !result)
+       if (!result)
        {
                ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_CTX_FULL);
                goto err;
@@ -360,10 +361,7 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        BN_bin2bn((unsigned char *)result->d, numbytes, r);
        to_return = 1;
 err:
-       if(modulus) ctx->tos--;
-       if(exponent) ctx->tos--;
-       if(argument) ctx->tos--;
-       if(result) ctx->tos--;
+       BN_CTX_end(ctx);
        return to_return;
        }
 

diff --git a/crypto/engine/hw_cswift.c b/crypto/engine/hw_cswift.c
index 582d74c72c633035edce01f583369421f54bf7b3..2ee9040ca06372cb5e6397901e833b384f9c2bdf 100644 (file)
--- a/crypto/engine/hw_cswift.c
+++ b/crypto/engine/hw_cswift.c
@@ -358,11 +358,12 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                }
        acquired = 1;
        /* Prepare the params */
+       BN_CTX_start(ctx);
        modulus = BN_CTX_get(ctx);
        exponent = BN_CTX_get(ctx);
        argument = BN_CTX_get(ctx);
        result = BN_CTX_get(ctx);
-       if(!modulus || !exponent || !argument || !result)
+       if(!result)
                {
                ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_CTX_FULL);
                goto err;
@@ -421,10 +422,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 err:
        if(acquired)
                release_context(hac);
-       if(modulus) ctx->tos--;
-       if(exponent) ctx->tos--;
-       if(argument) ctx->tos--;
-       if(result) ctx->tos--;
+       BN_CTX_end(ctx);
        return to_return;
        }
 
@@ -454,6 +452,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                }
        acquired = 1;
        /* Prepare the params */
+       BN_CTX_start(ctx);
        rsa_p = BN_CTX_get(ctx);
        rsa_q = BN_CTX_get(ctx);
        rsa_dmp1 = BN_CTX_get(ctx);
@@ -461,8 +460,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        rsa_iqmp = BN_CTX_get(ctx);
        argument = BN_CTX_get(ctx);
        result = BN_CTX_get(ctx);
-       if(!rsa_p || !rsa_q || !rsa_dmp1 || !rsa_dmq1 || !rsa_iqmp ||
-                       !argument || !result)
+       if(!result)
                {
                ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_CTX_FULL);
                goto err;
@@ -532,13 +530,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 err:
        if(acquired)
                release_context(hac);
-       if(rsa_p) ctx->tos--;
-       if(rsa_q) ctx->tos--;
-       if(rsa_dmp1) ctx->tos--;
-       if(rsa_dmq1) ctx->tos--;
-       if(rsa_iqmp) ctx->tos--;
-       if(argument) ctx->tos--;
-       if(result) ctx->tos--;
+       BN_CTX_end(ctx);
        return to_return;
        }
  
@@ -594,12 +586,13 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
                }
        acquired = 1;
        /* Prepare the params */
+       BN_CTX_start(ctx);
        dsa_p = BN_CTX_get(ctx);
        dsa_q = BN_CTX_get(ctx);
        dsa_g = BN_CTX_get(ctx);
        dsa_key = BN_CTX_get(ctx);
        result = BN_CTX_get(ctx);
-       if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !result)
+       if(!result)
                {
                ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_CTX_FULL);
                goto err;
@@ -672,13 +665,11 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 err:
        if(acquired)
                release_context(hac);
-       if(dsa_p) ctx->tos--;
-       if(dsa_q) ctx->tos--;
-       if(dsa_g) ctx->tos--;
-       if(dsa_key) ctx->tos--;
-       if(result) ctx->tos--;
        if(ctx)
+               {
+               BN_CTX_end(ctx);
                BN_CTX_free(ctx);
+               }
        return to_return;
        }
 
@@ -708,12 +699,13 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
                }
        acquired = 1;
        /* Prepare the params */
+       BN_CTX_start(ctx);
        dsa_p = BN_CTX_get(ctx);
        dsa_q = BN_CTX_get(ctx);
        dsa_g = BN_CTX_get(ctx);
        dsa_key = BN_CTX_get(ctx);
        argument = BN_CTX_get(ctx);
-       if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !argument)
+       if(!argument)
                {
                ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_CTX_FULL);
                goto err;
@@ -786,13 +778,11 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
 err:
        if(acquired)
                release_context(hac);
-       if(dsa_p) ctx->tos--;
-       if(dsa_q) ctx->tos--;
-       if(dsa_g) ctx->tos--;
-       if(dsa_key) ctx->tos--;
-       if(argument) ctx->tos--;
        if(ctx)
+               {
+               BN_CTX_end(ctx);
                BN_CTX_free(ctx);
+               }
        return to_return;
        }