Move bn internal functions into bn_int.h and bn_lcl.h

Reviewed-by: NTim Hudson <tjh@openssl.org>

crypto/bn/bn.h

@@ -620,114 +620,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv,
 			  const unsigned char *message, size_t message_len,
 			  BN_CTX *ctx);
 
-/* library internal functions */
-
-#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
-	(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
-BIGNUM *bn_wexpand(BIGNUM *a, int words);
-BIGNUM *bn_expand2(BIGNUM *a, int words);
-#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
-#endif
-
-/* Bignum consistency macros
- * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
- * bignum data after direct manipulations on the data. There is also an
- * "internal" macro, bn_check_top(), for verifying that there are no leading
- * zeroes. Unfortunately, some auditing is required due to the fact that
- * bn_fix_top() has become an overabused duct-tape because bignum data is
- * occasionally passed around in an inconsistent state. So the following
- * changes have been made to sort this out;
- * - bn_fix_top()s implementation has been moved to bn_correct_top()
- * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
- *   bn_check_top() is as before.
- * - if BN_DEBUG *is* defined;
- *   - bn_check_top() tries to pollute unused words even if the bignum 'top' is
- *     consistent. (ed: only if BN_DEBUG_RAND is defined)
- *   - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
- * The idea is to have debug builds flag up inconsistent bignums when they
- * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
- * the use of bn_fix_top() was appropriate (ie. it follows directly after code
- * that manipulates the bignum) it is converted to bn_correct_top(), and if it
- * was not appropriate, we convert it permanently to bn_check_top() and track
- * down the cause of the bug. Eventually, no internal code should be using the
- * bn_fix_top() macro. External applications and libraries should try this with
- * their own code too, both in terms of building against the openssl headers
- * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
- * defined. This not only improves external code, it provides more test
- * coverage for openssl's own code.
- */
-
-#ifdef BN_DEBUG
-
-/* We only need assert() when debugging */
-#include <assert.h>
-
-#ifdef BN_DEBUG_RAND
-/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
-#ifndef RAND_pseudo_bytes
-int RAND_pseudo_bytes(unsigned char *buf,int num);
-#define BN_DEBUG_TRIX
-#endif
-#define bn_pollute(a) \
-	do { \
-		const BIGNUM *_bnum1 = (a); \
-		if(_bnum1->top < _bnum1->dmax) { \
-			unsigned char _tmp_char; \
-			/* We cast away const without the compiler knowing, any \
-			 * *genuinely* constant variables that aren't mutable \
-			 * wouldn't be constructed with top!=dmax. */ \
-			BN_ULONG *_not_const; \
-			memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
-			RAND_pseudo_bytes(&_tmp_char, 1); \
-			memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
-				(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
-		} \
-	} while(0)
-#ifdef BN_DEBUG_TRIX
-#undef RAND_pseudo_bytes
-#endif
-#else
-#define bn_pollute(a)
-#endif
-#define bn_check_top(a) \
-	do { \
-		const BIGNUM *_bnum2 = (a); \
-		if (_bnum2 != NULL) { \
-			assert((_bnum2->top == 0) || \
-				(_bnum2->d[_bnum2->top - 1] != 0)); \
-			bn_pollute(_bnum2); \
-		} \
-	} while(0)
-
-#define bn_fix_top(a)		bn_check_top(a)
-
-#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
-#define bn_wcheck_size(bn, words) \
-	do { \
-		const BIGNUM *_bnum2 = (bn); \
-		assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
-	} while(0)
-
-#else /* !BN_DEBUG */
-
-#define bn_pollute(a)
-#define bn_check_top(a)
-#define bn_fix_top(a)		bn_correct_top(a)
-#define bn_check_size(bn, bits)
-#define bn_wcheck_size(bn, words)
-
-#endif
-
-void bn_correct_top(BIGNUM *a);
-
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
-void     bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
-BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
-BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
 
 /* Primes from RFC 2409 */
 BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);

crypto/bn/bn_lcl.h

@@ -118,6 +118,103 @@
 extern "C" {
 #endif
 
+/* Bignum consistency macros
+ * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
+ * bignum data after direct manipulations on the data. There is also an
+ * "internal" macro, bn_check_top(), for verifying that there are no leading
+ * zeroes. Unfortunately, some auditing is required due to the fact that
+ * bn_fix_top() has become an overabused duct-tape because bignum data is
+ * occasionally passed around in an inconsistent state. So the following
+ * changes have been made to sort this out;
+ * - bn_fix_top()s implementation has been moved to bn_correct_top()
+ * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
+ *   bn_check_top() is as before.
+ * - if BN_DEBUG *is* defined;
+ *   - bn_check_top() tries to pollute unused words even if the bignum 'top' is
+ *     consistent. (ed: only if BN_DEBUG_RAND is defined)
+ *   - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
+ * The idea is to have debug builds flag up inconsistent bignums when they
+ * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
+ * the use of bn_fix_top() was appropriate (ie. it follows directly after code
+ * that manipulates the bignum) it is converted to bn_correct_top(), and if it
+ * was not appropriate, we convert it permanently to bn_check_top() and track
+ * down the cause of the bug. Eventually, no internal code should be using the
+ * bn_fix_top() macro. External applications and libraries should try this with
+ * their own code too, both in terms of building against the openssl headers
+ * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
+ * defined. This not only improves external code, it provides more test
+ * coverage for openssl's own code.
+ */
+
+#ifdef BN_DEBUG
+
+/* We only need assert() when debugging */
+#include <assert.h>
+
+#ifdef BN_DEBUG_RAND
+/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
+#ifndef RAND_pseudo_bytes
+int RAND_pseudo_bytes(unsigned char *buf,int num);
+#define BN_DEBUG_TRIX
+#endif
+#define bn_pollute(a) \
+	do { \
+		const BIGNUM *_bnum1 = (a); \
+		if(_bnum1->top < _bnum1->dmax) { \
+			unsigned char _tmp_char; \
+			/* We cast away const without the compiler knowing, any \
+			 * *genuinely* constant variables that aren't mutable \
+			 * wouldn't be constructed with top!=dmax. */ \
+			BN_ULONG *_not_const; \
+			memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
+			RAND_pseudo_bytes(&_tmp_char, 1); \
+			memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
+				(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
+		} \
+	} while(0)
+#ifdef BN_DEBUG_TRIX
+#undef RAND_pseudo_bytes
+#endif
+#else
+#define bn_pollute(a)
+#endif
+#define bn_check_top(a) \
+	do { \
+		const BIGNUM *_bnum2 = (a); \
+		if (_bnum2 != NULL) { \
+			assert((_bnum2->top == 0) || \
+				(_bnum2->d[_bnum2->top - 1] != 0)); \
+			bn_pollute(_bnum2); \
+		} \
+	} while(0)
+
+#define bn_fix_top(a)		bn_check_top(a)
+
+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#define bn_wcheck_size(bn, words) \
+	do { \
+		const BIGNUM *_bnum2 = (bn); \
+		assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
+	} while(0)
+
+#else /* !BN_DEBUG */
+
+#define bn_pollute(a)
+#define bn_check_top(a)
+#define bn_fix_top(a)		bn_correct_top(a)
+#define bn_check_size(bn, bits)
+#define bn_wcheck_size(bn, words)
+
+#endif
+
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+void     bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
+
 
 struct bignum_st
 	{

crypto/bn/bn_lib.c

@@ -370,63 +370,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
 	return(a);
 	}
 
-/* This is an internal function that can be used instead of bn_expand2()
- * when there is a need to copy BIGNUMs instead of only expanding the
- * data part, while still expanding them.
- * Especially useful when needing to expand BIGNUMs that are declared
- * 'const' and should therefore not be changed.
- * The reason to use this instead of a BN_dup() followed by a bn_expand2()
- * is memory allocation overhead.  A BN_dup() followed by a bn_expand2()
- * will allocate new memory for the BIGNUM data twice, and free it once,
- * while bn_dup_expand() makes sure allocation is made only once.
- */
-
-#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
-	{
-	BIGNUM *r = NULL;
-
-	bn_check_top(b);
-
-	/* This function does not work if
-	 *      words <= b->dmax && top < words
-	 * because BN_dup() does not preserve 'dmax'!
-	 * (But bn_dup_expand() is not used anywhere yet.)
-	 */
-
-	if (words > b->dmax)
-		{
-		BN_ULONG *a = bn_expand_internal(b, words);
-
-		if (a)
-			{
-			r = BN_new();
-			if (r)
-				{
-				r->top = b->top;
-				r->dmax = words;
-				r->neg = b->neg;
-				r->d = a;
-				}
-			else
-				{
-				/* r == NULL, BN_new failure */
-				OPENSSL_free(a);
-				}
-			}
-		/* If a == NULL, there was an error in allocation in
-		   bn_expand_internal(), and NULL should be returned */
-		}
-	else
-		{
-		r = BN_dup(b);
-		}
-
-	bn_check_top(r);
-	return r;
-	}
-#endif
-
 /* This is an internal function that should not be used in applications.
  * It ensures that 'b' has enough room for a 'words' word number
  * and initialises any unused part of b->d with leading zeros.

crypto/include/internal/bn_int.h

@@ -62,6 +62,13 @@
 extern "C" {
 #endif
 
+#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
+	(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
+BIGNUM *bn_wexpand(BIGNUM *a, int words);
+BIGNUM *bn_expand2(BIGNUM *a, int words);
+
+void bn_correct_top(BIGNUM *a);
+
 /* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
  * This is an array  r[]  of values that are either zero or odd with an
  * absolute value less than  2^w  satisfying

util/libeay.num

@@ -694,13 +694,13 @@ a2i_ASN1_INTEGER                        700	EXIST::FUNCTION:BIO
 a2i_ASN1_STRING                         701	EXIST::FUNCTION:BIO
 asn1_Finish                             702	EXIST::FUNCTION:
 asn1_GetSequence                        703	EXIST::FUNCTION:
-bn_div_words                            704	EXIST::FUNCTION:
-bn_expand2                              705	EXIST::FUNCTION:
-bn_mul_add_words                        706	EXIST::FUNCTION:
-bn_mul_words                            707	EXIST::FUNCTION:
+bn_div_words                            704	NOEXIST::FUNCTION:
+bn_expand2                              705	NOEXIST::FUNCTION:
+bn_mul_add_words                        706	NOEXIST::FUNCTION:
+bn_mul_words                            707	NOEXIST::FUNCTION:
 BN_uadd                                 708	EXIST::FUNCTION:
 BN_usub                                 709	EXIST::FUNCTION:
-bn_sqr_words                            710	EXIST::FUNCTION:
+bn_sqr_words                            710	NOEXIST::FUNCTION:
 _ossl_old_crypt                         711	EXIST:!NeXT,!PERL5:FUNCTION:DES
 d2i_ASN1_BIT_STRING                     712	EXIST::FUNCTION:
 d2i_ASN1_BOOLEAN                        713	EXIST::FUNCTION:
@@ -1013,7 +1013,7 @@ RSA_padding_check_PKCS1_type_1          1035	EXIST::FUNCTION:RSA
 RSA_padding_check_PKCS1_type_2          1036	EXIST::FUNCTION:RSA
 RSA_padding_check_SSLv23                1037	EXIST::FUNCTION:RSA
 RSA_padding_check_none                  1038	EXIST::FUNCTION:RSA
-bn_add_words                            1039	EXIST::FUNCTION:
+bn_add_words                            1039	NOEXIST::FUNCTION:
 d2i_Netscape_RSA_2                      1040	NOEXIST::FUNCTION:
 CRYPTO_get_ex_new_index                 1041	EXIST::FUNCTION:
 RIPEMD160_Init                          1042	EXIST::FUNCTION:RIPEMD
@@ -1085,7 +1085,7 @@ PROXY_set_connect_mode                  1112	NOEXIST::FUNCTION:
 RAND_SSLeay                             1113	EXIST::FUNCTION:
 RAND_set_rand_method                    1114	EXIST::FUNCTION:
 RSA_memory_lock                         1115	EXIST::FUNCTION:RSA
-bn_sub_words                            1116	EXIST::FUNCTION:
+bn_sub_words                            1116	NOEXIST::FUNCTION:
 bn_mul_normal                           1117	NOEXIST::FUNCTION:
 bn_mul_comba8                           1118	NOEXIST::FUNCTION:
 bn_mul_comba4                           1119	NOEXIST::FUNCTION:
@@ -2419,7 +2419,7 @@ UI_get_string_type                      2916	EXIST::FUNCTION:
 ENGINE_unregister_DH                    2917	EXIST::FUNCTION:ENGINE
 ENGINE_register_all_DSA                 2918	EXIST::FUNCTION:ENGINE
 OCSP_ONEREQ_get_ext_by_critical         2919	EXIST::FUNCTION:
-bn_dup_expand                           2920	EXIST::FUNCTION:DEPRECATED
+bn_dup_expand                           2920	NOEXIST::FUNCTION:
 OCSP_cert_id_new                        2921	EXIST::FUNCTION:
 BASIC_CONSTRAINTS_it                    2922	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 BASIC_CONSTRAINTS_it                    2922	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -4513,7 +4513,6 @@ RSA_check_key_ex                        4872	EXIST::FUNCTION:RSA
 i2s_ASN1_IA5STRING                      4874	EXIST::FUNCTION:
 s2i_ASN1_IA5STRING                      4875	EXIST::FUNCTION:
 FIPS_dsa_sign_ctx                       4876	EXIST:OPENSSL_FIPS:FUNCTION:DSA
-FIPS_ecdsa_sign                         4877	EXIST:OPENSSL_FIPS:FUNCTION:ECDSA
 CRYPTO_ocb128_release                   4878	EXIST::FUNCTION:
 CRYPTO_ocb128_new                       4879	EXIST::FUNCTION:
 CRYPTO_ocb128_finish                    4880	EXIST::FUNCTION:
@@ -4526,12 +4525,12 @@ EVP_aes_192_ocb                         4886	EXIST::FUNCTION:AES
 EVP_aes_128_ocb                         4887	EXIST::FUNCTION:AES
 CRYPTO_ocb128_init                      4888	EXIST::FUNCTION:
 CRYPTO_ocb128_encrypt                   4889	EXIST::FUNCTION:
-bn_wexpand                              4878	EXIST::FUNCTION:
+bn_wexpand                              4878	NOEXIST::FUNCTION:
 BN_zero_ex                              4879	EXIST::FUNCTION:
 BN_is_zero                              4880	EXIST::FUNCTION:
 BN_with_flags                           4881	EXIST::FUNCTION:
 BN_abs_is_word                          4882	EXIST::FUNCTION:
-bn_correct_top                          4883	EXIST::FUNCTION:
+bn_correct_top                          4883	NOEXIST::FUNCTION:
 BN_to_montgomery                        4884	EXIST::FUNCTION:
 BN_GENCB_new                            4885	EXIST::FUNCTION:
 BN_is_odd                               4886	EXIST::FUNCTION: