提交 c62b26fd 编写于 作者: B Bodo Möller

Hide BN_CTX structure details.

Incease the number of BIGNUMs in a BN_CTX.
上级 e0a9ba9c
...@@ -3,6 +3,10 @@ ...@@ -3,6 +3,10 @@
Changes between 0.9.6 and 0.9.7 [xx XXX 2000] Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
*) Hide BN_CTX structure details in bn_lcl.h instead of publishing them
in <openssl/bn.h>. Also further increase BN_CTX_NUM to 24.
[Bodo Moeller]
*) Modify EVP_Digest*() routines so they now return values. Although the *) Modify EVP_Digest*() routines so they now return values. Although the
internal software routines can never fail additional hardware versions internal software routines can never fail additional hardware versions
might. might.
......
...@@ -238,18 +238,8 @@ typedef struct bignum_st ...@@ -238,18 +238,8 @@ typedef struct bignum_st
int flags; int flags;
} BIGNUM; } BIGNUM;
/* Used for temp variables */ /* Used for temp variables (declaration hidden in bn_lcl.h) */
#define BN_CTX_NUM 20 typedef struct bignum_ctx BN_CTX;
#define BN_CTX_NUM_POS 12
typedef struct bignum_ctx
{
int tos;
BIGNUM bn[BN_CTX_NUM];
int flags;
int depth;
int pos[BN_CTX_NUM_POS];
int too_many;
} BN_CTX;
typedef struct bn_blinding_st typedef struct bn_blinding_st
{ {
......
...@@ -61,8 +61,9 @@ ...@@ -61,8 +61,9 @@
#include <stdio.h> #include <stdio.h>
#include <assert.h> #include <assert.h>
#include "cryptlib.h" #include "cryptlib.h"
#include <openssl/bn.h> #include "bn_lcl.h"
BN_CTX *BN_CTX_new(void) BN_CTX *BN_CTX_new(void)
...@@ -83,6 +84,7 @@ BN_CTX *BN_CTX_new(void) ...@@ -83,6 +84,7 @@ BN_CTX *BN_CTX_new(void)
void BN_CTX_init(BN_CTX *ctx) void BN_CTX_init(BN_CTX *ctx)
{ {
#if 0 /* explicit version */
int i; int i;
ctx->tos = 0; ctx->tos = 0;
ctx->flags = 0; ctx->flags = 0;
...@@ -90,6 +92,9 @@ void BN_CTX_init(BN_CTX *ctx) ...@@ -90,6 +92,9 @@ void BN_CTX_init(BN_CTX *ctx)
ctx->too_many = 0; ctx->too_many = 0;
for (i = 0; i < BN_CTX_NUM; i++) for (i = 0; i < BN_CTX_NUM; i++)
BN_init(&(ctx->bn[i])); BN_init(&(ctx->bn[i]));
#else
memset(ctx, 0, sizeof *ctx);
#endif
} }
void BN_CTX_free(BN_CTX *ctx) void BN_CTX_free(BN_CTX *ctx)
......
...@@ -119,6 +119,20 @@ extern "C" { ...@@ -119,6 +119,20 @@ extern "C" {
#endif #endif
/* Used for temp variables */
#define BN_CTX_NUM 24
#define BN_CTX_NUM_POS 12
struct bignum_ctx
{
int tos;
BIGNUM bn[BN_CTX_NUM];
int flags;
int depth;
int pos[BN_CTX_NUM_POS];
int too_many;
} /* BN_CTX */;
/* /*
* BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
* *
......
...@@ -485,9 +485,11 @@ int test_mul(BIO *bp) ...@@ -485,9 +485,11 @@ int test_mul(BIO *bp)
{ {
BIGNUM a,b,c,d,e; BIGNUM a,b,c,d,e;
int i; int i;
BN_CTX ctx; BN_CTX *ctx;
ctx = BN_CTX_new();
if (ctx == NULL) exit(1);
BN_CTX_init(&ctx);
BN_init(&a); BN_init(&a);
BN_init(&b); BN_init(&b);
BN_init(&c); BN_init(&c);
...@@ -505,7 +507,7 @@ int test_mul(BIO *bp) ...@@ -505,7 +507,7 @@ int test_mul(BIO *bp)
BN_bntest_rand(&b,i-num1,0,0); BN_bntest_rand(&b,i-num1,0,0);
a.neg=rand_neg(); a.neg=rand_neg();
b.neg=rand_neg(); b.neg=rand_neg();
BN_mul(&c,&a,&b,&ctx); BN_mul(&c,&a,&b,ctx);
if (bp != NULL) if (bp != NULL)
{ {
if (!results) if (!results)
...@@ -518,7 +520,7 @@ int test_mul(BIO *bp) ...@@ -518,7 +520,7 @@ int test_mul(BIO *bp)
BN_print(bp,&c); BN_print(bp,&c);
BIO_puts(bp,"\n"); BIO_puts(bp,"\n");
} }
BN_div(&d,&e,&c,&a,&ctx); BN_div(&d,&e,&c,&a,ctx);
BN_sub(&d,&d,&b); BN_sub(&d,&d,&b);
if(!BN_is_zero(&d) || !BN_is_zero(&e)) if(!BN_is_zero(&d) || !BN_is_zero(&e))
{ {
...@@ -531,7 +533,7 @@ int test_mul(BIO *bp) ...@@ -531,7 +533,7 @@ int test_mul(BIO *bp)
BN_free(&c); BN_free(&c);
BN_free(&d); BN_free(&d);
BN_free(&e); BN_free(&e);
BN_CTX_free(&ctx); BN_CTX_free(ctx);
return(1); return(1);
} }
......
...@@ -101,11 +101,12 @@ const DH_METHOD *DH_OpenSSL(void) ...@@ -101,11 +101,12 @@ const DH_METHOD *DH_OpenSSL(void)
static int generate_key(DH *dh) static int generate_key(DH *dh)
{ {
int ok=0; int ok=0;
BN_CTX ctx; BN_CTX *ctx;
BN_MONT_CTX *mont; BN_MONT_CTX *mont;
BIGNUM *pub_key=NULL,*priv_key=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL;
BN_CTX_init(&ctx); ctx = BN_CTX_new();
if (ctx == NULL) goto err;
if (dh->priv_key == NULL) if (dh->priv_key == NULL)
{ {
...@@ -130,12 +131,12 @@ static int generate_key(DH *dh) ...@@ -130,12 +131,12 @@ static int generate_key(DH *dh)
{ {
if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
dh->p,&ctx)) goto err; dh->p,ctx)) goto err;
} }
mont=(BN_MONT_CTX *)dh->method_mont_p; mont=(BN_MONT_CTX *)dh->method_mont_p;
if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g, if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
priv_key,dh->p,&ctx,mont)) priv_key,dh->p,ctx,mont))
goto err; goto err;
dh->pub_key=pub_key; dh->pub_key=pub_key;
...@@ -147,20 +148,21 @@ err: ...@@ -147,20 +148,21 @@ err:
if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key);
if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
BN_CTX_free(&ctx); BN_CTX_free(ctx);
return(ok); return(ok);
} }
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{ {
BN_CTX ctx; BN_CTX *ctx;
BN_MONT_CTX *mont; BN_MONT_CTX *mont;
BIGNUM *tmp; BIGNUM *tmp;
int ret= -1; int ret= -1;
BN_CTX_init(&ctx); ctx = BN_CTX_new();
BN_CTX_start(&ctx); if (ctx == NULL) goto err;
tmp = BN_CTX_get(&ctx); BN_CTX_start(ctx);
tmp = BN_CTX_get(ctx);
if (dh->priv_key == NULL) if (dh->priv_key == NULL)
{ {
...@@ -171,12 +173,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) ...@@ -171,12 +173,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{ {
if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
dh->p,&ctx)) goto err; dh->p,ctx)) goto err;
} }
mont=(BN_MONT_CTX *)dh->method_mont_p; mont=(BN_MONT_CTX *)dh->method_mont_p;
if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, tmp, pub_key, if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, tmp, pub_key,
dh->priv_key,dh->p,&ctx,mont)) dh->priv_key,dh->p,ctx,mont))
{ {
DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB); DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
goto err; goto err;
...@@ -184,8 +186,8 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) ...@@ -184,8 +186,8 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
ret=BN_bn2bin(tmp,key); ret=BN_bn2bin(tmp,key);
err: err:
BN_CTX_end(&ctx); BN_CTX_end(ctx);
BN_CTX_free(&ctx); BN_CTX_free(ctx);
return(ret); return(ret);
} }
......
...@@ -129,6 +129,7 @@ static int openssl_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ...@@ -129,6 +129,7 @@ static int openssl_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BN_init(&r1); BN_init(&r1);
/* BN_mul() cannot accept const BIGNUMs so I use the BN_CTX /* BN_mul() cannot accept const BIGNUMs so I use the BN_CTX
* to duplicate what I need. <sigh> */ * to duplicate what I need. <sigh> */
BN_CTX_start(bn_ctx);
if ((temp_bn = BN_CTX_get(bn_ctx)) == NULL) goto err; if ((temp_bn = BN_CTX_get(bn_ctx)) == NULL) goto err;
if (!BN_copy(temp_bn, iqmp)) goto err; if (!BN_copy(temp_bn, iqmp)) goto err;
...@@ -166,8 +167,7 @@ static int openssl_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ...@@ -166,8 +167,7 @@ static int openssl_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
err: err:
BN_clear_free(&m1); BN_clear_free(&m1);
BN_clear_free(&r1); BN_clear_free(&r1);
if (temp_bn) BN_CTX_end(ctx);
bn_ctx->tos--;
if (!ctx) if (!ctx)
BN_CTX_free(bn_ctx); BN_CTX_free(bn_ctx);
return(ret); return(ret);
......
...@@ -318,11 +318,12 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ...@@ -318,11 +318,12 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
goto err; goto err;
} }
/* Prepare the params */ /* Prepare the params */
BN_CTX_start(ctx);
modulus = BN_CTX_get(ctx); modulus = BN_CTX_get(ctx);
exponent = BN_CTX_get(ctx); exponent = BN_CTX_get(ctx);
argument = BN_CTX_get(ctx); argument = BN_CTX_get(ctx);
result = BN_CTX_get(ctx); result = BN_CTX_get(ctx);
if(!modulus || !exponent || !argument || !result) if (!result)
{ {
ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_CTX_FULL); ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_CTX_FULL);
goto err; goto err;
...@@ -360,10 +361,7 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ...@@ -360,10 +361,7 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BN_bin2bn((unsigned char *)result->d, numbytes, r); BN_bin2bn((unsigned char *)result->d, numbytes, r);
to_return = 1; to_return = 1;
err: err:
if(modulus) ctx->tos--; BN_CTX_end(ctx);
if(exponent) ctx->tos--;
if(argument) ctx->tos--;
if(result) ctx->tos--;
return to_return; return to_return;
} }
......
...@@ -358,11 +358,12 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ...@@ -358,11 +358,12 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
} }
acquired = 1; acquired = 1;
/* Prepare the params */ /* Prepare the params */
BN_CTX_start(ctx);
modulus = BN_CTX_get(ctx); modulus = BN_CTX_get(ctx);
exponent = BN_CTX_get(ctx); exponent = BN_CTX_get(ctx);
argument = BN_CTX_get(ctx); argument = BN_CTX_get(ctx);
result = BN_CTX_get(ctx); result = BN_CTX_get(ctx);
if(!modulus || !exponent || !argument || !result) if(!result)
{ {
ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_CTX_FULL); ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_CTX_FULL);
goto err; goto err;
...@@ -421,10 +422,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ...@@ -421,10 +422,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
err: err:
if(acquired) if(acquired)
release_context(hac); release_context(hac);
if(modulus) ctx->tos--; BN_CTX_end(ctx);
if(exponent) ctx->tos--;
if(argument) ctx->tos--;
if(result) ctx->tos--;
return to_return; return to_return;
} }
...@@ -454,6 +452,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ...@@ -454,6 +452,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
} }
acquired = 1; acquired = 1;
/* Prepare the params */ /* Prepare the params */
BN_CTX_start(ctx);
rsa_p = BN_CTX_get(ctx); rsa_p = BN_CTX_get(ctx);
rsa_q = BN_CTX_get(ctx); rsa_q = BN_CTX_get(ctx);
rsa_dmp1 = BN_CTX_get(ctx); rsa_dmp1 = BN_CTX_get(ctx);
...@@ -461,8 +460,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ...@@ -461,8 +460,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
rsa_iqmp = BN_CTX_get(ctx); rsa_iqmp = BN_CTX_get(ctx);
argument = BN_CTX_get(ctx); argument = BN_CTX_get(ctx);
result = BN_CTX_get(ctx); result = BN_CTX_get(ctx);
if(!rsa_p || !rsa_q || !rsa_dmp1 || !rsa_dmq1 || !rsa_iqmp || if(!result)
!argument || !result)
{ {
ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_CTX_FULL); ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_CTX_FULL);
goto err; goto err;
...@@ -532,13 +530,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ...@@ -532,13 +530,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
err: err:
if(acquired) if(acquired)
release_context(hac); release_context(hac);
if(rsa_p) ctx->tos--; BN_CTX_end(ctx);
if(rsa_q) ctx->tos--;
if(rsa_dmp1) ctx->tos--;
if(rsa_dmq1) ctx->tos--;
if(rsa_iqmp) ctx->tos--;
if(argument) ctx->tos--;
if(result) ctx->tos--;
return to_return; return to_return;
} }
...@@ -594,12 +586,13 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) ...@@ -594,12 +586,13 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
} }
acquired = 1; acquired = 1;
/* Prepare the params */ /* Prepare the params */
BN_CTX_start(ctx);
dsa_p = BN_CTX_get(ctx); dsa_p = BN_CTX_get(ctx);
dsa_q = BN_CTX_get(ctx); dsa_q = BN_CTX_get(ctx);
dsa_g = BN_CTX_get(ctx); dsa_g = BN_CTX_get(ctx);
dsa_key = BN_CTX_get(ctx); dsa_key = BN_CTX_get(ctx);
result = BN_CTX_get(ctx); result = BN_CTX_get(ctx);
if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !result) if(!result)
{ {
ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_CTX_FULL); ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_CTX_FULL);
goto err; goto err;
...@@ -672,13 +665,11 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) ...@@ -672,13 +665,11 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
err: err:
if(acquired) if(acquired)
release_context(hac); release_context(hac);
if(dsa_p) ctx->tos--;
if(dsa_q) ctx->tos--;
if(dsa_g) ctx->tos--;
if(dsa_key) ctx->tos--;
if(result) ctx->tos--;
if(ctx) if(ctx)
{
BN_CTX_end(ctx);
BN_CTX_free(ctx); BN_CTX_free(ctx);
}
return to_return; return to_return;
} }
...@@ -708,12 +699,13 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, ...@@ -708,12 +699,13 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
} }
acquired = 1; acquired = 1;
/* Prepare the params */ /* Prepare the params */
BN_CTX_start(ctx);
dsa_p = BN_CTX_get(ctx); dsa_p = BN_CTX_get(ctx);
dsa_q = BN_CTX_get(ctx); dsa_q = BN_CTX_get(ctx);
dsa_g = BN_CTX_get(ctx); dsa_g = BN_CTX_get(ctx);
dsa_key = BN_CTX_get(ctx); dsa_key = BN_CTX_get(ctx);
argument = BN_CTX_get(ctx); argument = BN_CTX_get(ctx);
if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !argument) if(!argument)
{ {
ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_CTX_FULL); ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_CTX_FULL);
goto err; goto err;
...@@ -786,13 +778,11 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, ...@@ -786,13 +778,11 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
err: err:
if(acquired) if(acquired)
release_context(hac); release_context(hac);
if(dsa_p) ctx->tos--;
if(dsa_q) ctx->tos--;
if(dsa_g) ctx->tos--;
if(dsa_key) ctx->tos--;
if(argument) ctx->tos--;
if(ctx) if(ctx)
{
BN_CTX_end(ctx);
BN_CTX_free(ctx); BN_CTX_free(ctx);
}
return to_return; return to_return;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册