- use BN_set_negative and BN_is_negative instead of BN_set_sign
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
diff --git a/CHANGES b/CHANGES
index 2c48478..84b8efa 100644
--- a/CHANGES
+++ b/CHANGES
@@ -462,14 +462,13 @@
Makefile.shared, for Cygwin's sake.
[Richard Levitte]
- *) Extend the BIGNUM API by creating new macros that behave like
- functions
+ *) Extend the BIGNUM API by creating a function
+ void BN_set_negative(BIGNUM *a, int neg);
+ and a macro that behave like
+ int BN_is_negative(const BIGNUM *a);
- void BN_set_sign(BIGNUM *a, int neg);
- int BN_get_sign(const BIGNUM *a);
-
- and avoid the need to access 'a->neg' directly in applications.
- [Nils Larsch <nla@trustcenter.de>]
+ to avoid the need to access 'a->neg' directly in applications.
+ [Nils Larsch]
*) Implement fast modular reduction for pseudo-Mersenne primes
used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).
diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c
index af9fb9b..fe9aa13 100644
--- a/crypto/asn1/a_enum.c
+++ b/crypto/asn1/a_enum.c
@@ -149,7 +149,7 @@
ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR);
goto err;
}
- if(BN_get_sign(bn)) ret->type = V_ASN1_NEG_ENUMERATED;
+ if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED;
else ret->type=V_ASN1_ENUMERATED;
j=BN_num_bits(bn);
len=((j == 0)?0:((j/8)+1));
@@ -177,6 +177,6 @@
if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
- else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_sign(ret,1);
+ else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1);
return(ret);
}
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index 78a6cb0..973f0c1 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -416,7 +416,7 @@
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
goto err;
}
- if (BN_get_sign(bn))
+ if (BN_is_negative(bn))
ret->type = V_ASN1_NEG_INTEGER;
else ret->type=V_ASN1_INTEGER;
j=BN_num_bits(bn);
@@ -451,7 +451,7 @@
if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
else if(ai->type == V_ASN1_NEG_INTEGER)
- BN_set_sign(ret, 1);
+ BN_set_negative(ret, 1);
return(ret);
}
diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c
index 86bd2e0..94bd37c 100644
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -552,7 +552,7 @@
const char *neg;
if (num == NULL) return(1);
- neg = (BN_get_sign(num))?"-":"";
+ neg = (BN_is_negative(num))?"-":"";
if(!BIO_indent(bp,off,128))
return 0;
if (BN_is_zero(num))
diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h
index acf48b9..36d03bd 100644
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -90,13 +90,9 @@
* BN_DEBUG - turn on various debugging alterations to the bignum code
* BN_DEBUG_RAND - uses random poisoning of unused words to trip up
* mismanagement of bignum internals. You must also define BN_DEBUG.
- * BN_STRICT - disables anything (not already caught by BN_DEBUG) that uses the
- * old ambiguity over zero representation. At some point, this behaviour should
- * become standard.
*/
/* #define BN_DEBUG */
/* #define BN_DEBUG_RAND */
-/* #define BN_STRICT */
#ifdef OPENSSL_SYS_VMS
#undef BN_LLONG /* experimental, so far... */
@@ -366,11 +362,7 @@
/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */
#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \
(((w) == 0) && ((a)->top == 0)))
-#ifdef BN_STRICT
#define BN_is_zero(a) ((a)->top == 0)
-#else
-#define BN_is_zero(a) BN_abs_is_word(a,0)
-#endif
#define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg)
#define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg))
#define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1))
@@ -387,14 +379,6 @@
#else
#define BN_zero(a) (BN_set_word((a),0))
#endif
-/* BN_set_sign(BIGNUM *, int) sets the sign of a BIGNUM
- * (0 for a non-negative value, 1 for negative) */
-#define BN_set_sign(a,b) ((a)->neg = (b))
-/* BN_get_sign(BIGNUM *) returns the sign of the BIGNUM */
-#define BN_get_sign(a) ((a)->neg)
-
-/*#define BN_ascii2bn(a) BN_hex2bn(a) */
-/*#define BN_bn2ascii(a) BN_bn2hex(a) */
const BIGNUM *BN_value_one(void);
char * BN_options(void);
@@ -429,6 +413,10 @@
int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
+/* BN_set_negative(): sets sign of a bignum */
+void BN_set_negative(BIGNUM *b, int n);
+/* BN_get_negative(): returns 1 if the bignum is < 0 and 0 otherwise */
+#define BN_is_negative(a) ((a)->neg != 0)
int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
BN_CTX *ctx);
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index bbefd80..05d3598 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -827,6 +827,14 @@
return(1);
}
+void BN_set_negative(BIGNUM *a, int b)
+ {
+ if (b && !BN_is_zero(a))
+ a->neg = 1;
+ else
+ a->neg = 0;
+ }
+
int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
{
int i;
diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
index 5fb8473..055d048 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -134,7 +134,7 @@
}
else
{
- if (BN_get_sign(t))
+ if (BN_is_negative(t))
*p++ = '-';
i=0;
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index c3ad7a1..a377634 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -281,13 +281,13 @@
if ((ctx=BN_CTX_new()) == NULL) goto err;
- if (BN_is_zero(sig->r) || BN_get_sign(sig->r) ||
+ if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
BN_ucmp(sig->r, dsa->q) >= 0)
{
ret = 0;
goto err;
}
- if (BN_is_zero(sig->s) || BN_get_sign(sig->s) ||
+ if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
BN_ucmp(sig->s, dsa->q) >= 0)
{
ret = 0;
diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c
index a8ead01..3431671 100644
--- a/crypto/ec/ec2_mult.c
+++ b/crypto/ec/ec2_mult.c
@@ -296,8 +296,8 @@
}
/* GF(2^m) field elements should always have BIGNUM::neg = 0 */
- BN_set_sign(&r->X, 0);
- BN_set_sign(&r->Y, 0);
+ BN_set_negative(&r->X, 0);
+ BN_set_negative(&r->Y, 0);
ret = 1;
@@ -343,7 +343,7 @@
if (scalar)
{
if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err;
- if (BN_get_sign(scalar))
+ if (BN_is_negative(scalar))
if (!group->meth->invert(group, p, ctx)) goto err;
if (!group->meth->add(group, r, r, p, ctx)) goto err;
}
@@ -351,7 +351,7 @@
for (i = 0; i < num; i++)
{
if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err;
- if (BN_get_sign(scalars[i]))
+ if (BN_is_negative(scalars[i]))
if (!group->meth->invert(group, p, ctx)) goto err;
if (!group->meth->add(group, r, r, p, ctx)) goto err;
}
diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c
index 34c3a95..a9f7c9d 100644
--- a/crypto/ec/ec2_smpl.c
+++ b/crypto/ec/ec2_smpl.c
@@ -354,11 +354,11 @@
}
if (!BN_copy(&point->X, x)) goto err;
- BN_set_sign(&point->X, 0);
+ BN_set_negative(&point->X, 0);
if (!BN_copy(&point->Y, y)) goto err;
- BN_set_sign(&point->Y, 0);
+ BN_set_negative(&point->Y, 0);
if (!BN_copy(&point->Z, BN_value_one())) goto err;
- BN_set_sign(&point->Z, 0);
+ BN_set_negative(&point->Z, 0);
point->Z_is_one = 1;
ret = 1;
@@ -389,12 +389,12 @@
if (x != NULL)
{
if (!BN_copy(x, &point->X)) goto err;
- BN_set_sign(x, 0);
+ BN_set_negative(x, 0);
}
if (y != NULL)
{
if (!BN_copy(y, &point->Y)) goto err;
- BN_set_sign(y, 0);
+ BN_set_negative(y, 0);
}
ret = 1;
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index 236b66c..101f44a 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -203,7 +203,7 @@
next_bit = bit << 1; /* at most 256 */
mask = next_bit - 1; /* at most 255 */
- if (BN_get_sign(scalar))
+ if (BN_is_negative(scalar))
{
sign = -1;
}
diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c
index 1c0052c..75296a3 100644
--- a/crypto/ec/ecp_smpl.c
+++ b/crypto/ec/ecp_smpl.c
@@ -192,7 +192,7 @@
/* group->field */
if (!BN_copy(&group->field, p)) goto err;
- BN_set_sign(&group->field, 0);
+ BN_set_negative(&group->field, 0);
/* group->a */
if (!BN_nnmod(tmp_a, a, p, ctx)) goto err;
diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c
index b96feae..92d2f67 100644
--- a/crypto/ec/ectest.c
+++ b/crypto/ec/ectest.c
@@ -672,7 +672,7 @@
if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
if (!BN_add(z, z, y)) ABORT;
- BN_set_sign(z, 1);
+ BN_set_negative(z, 1);
scalars[0] = y;
scalars[1] = z; /* z = -(order + y) */
@@ -684,7 +684,7 @@
if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
if (!BN_add(z, x, y)) ABORT;
- BN_set_sign(z, 1);
+ BN_set_negative(z, 1);
scalars[0] = x;
scalars[1] = y;
scalars[2] = z; /* z = -(x+y) */
@@ -1147,7 +1147,7 @@
if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
if (!BN_add(z, z, y)) ABORT;
- BN_set_sign(z, 1);
+ BN_set_negative(z, 1);
scalars[0] = y;
scalars[1] = z; /* z = -(order + y) */
@@ -1159,7 +1159,7 @@
if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
if (!BN_add(z, x, y)) ABORT;
- BN_set_sign(z, 1);
+ BN_set_negative(z, 1);
scalars[0] = x;
scalars[1] = y;
scalars[2] = z; /* z = -(x+y) */
diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c
index 712f666..61125b2 100644
--- a/crypto/ecdsa/ecs_ossl.c
+++ b/crypto/ecdsa/ecs_ossl.c
@@ -360,9 +360,9 @@
goto err;
}
- if (BN_is_zero(sig->r) || BN_get_sign(sig->r) ||
+ if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
- BN_get_sign(sig->s) || BN_ucmp(sig->s, order) >= 0)
+ BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0)
{
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE);
ret = 0; /* signature is invalid */
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index b66b4bc..3ee753e 100644
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -622,7 +622,7 @@
if (!BN_sub(r0,r0,m1)) goto err;
/* This will help stop the size of r0 increasing, which does
* affect the multiply if it optimised for a power of 2 size */
- if (BN_get_sign(r0))
+ if (BN_is_negative(r0))
if (!BN_add(r0,r0,rsa->p)) goto err;
if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err;
@@ -634,7 +634,7 @@
* This will *never* happen with OpenSSL generated keys because
* they ensure p > q [steve]
*/
- if (BN_get_sign(r0))
+ if (BN_is_negative(r0))
if (!BN_add(r0,r0,rsa->p)) goto err;
if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
if (!BN_add(r0,r1,m1)) goto err;
@@ -648,7 +648,7 @@
* for absolute equality, just congruency. */
if (!BN_sub(vrfy, vrfy, I)) goto err;
if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err;
- if (BN_get_sign(vrfy))
+ if (BN_is_negative(vrfy))
if (!BN_add(vrfy, vrfy, rsa->n)) goto err;
if (!BN_is_zero(vrfy))
/* 'I' and 'vrfy' aren't congruent mod n. Don't leak
diff --git a/doc/crypto/bn.pod b/doc/crypto/bn.pod
index 210dfea..c3b0d08 100644
--- a/doc/crypto/bn.pod
+++ b/doc/crypto/bn.pod
@@ -27,6 +27,9 @@
int BN_num_bits(const BIGNUM *a);
int BN_num_bits_word(BN_ULONG w);
+ void BN_set_negative(BIGNUM *a, int n);
+ int BN_is_negative(const BIGNUM *a);
+
int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
