diff options
Diffstat (limited to 'src/lib/libcrypto/bn/bn_lcl.h')
-rw-r--r-- | src/lib/libcrypto/bn/bn_lcl.h | 97 |
1 files changed, 1 insertions, 96 deletions
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h index d5f1250cfd..64855115f2 100644 --- a/src/lib/libcrypto/bn/bn_lcl.h +++ b/src/lib/libcrypto/bn/bn_lcl.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: bn_lcl.h,v 1.38 2022/11/24 01:30:01 jsing Exp $ */ | 1 | /* $OpenBSD: bn_lcl.h,v 1.39 2022/11/26 13:56:33 jsing Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -327,18 +327,6 @@ struct bn_gencb_st { | |||
327 | #define Lw(t) (((BN_ULONG)(t))&BN_MASK2) | 327 | #define Lw(t) (((BN_ULONG)(t))&BN_MASK2) |
328 | #define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) | 328 | #define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) |
329 | 329 | ||
330 | #ifdef BN_DEBUG_RAND | ||
331 | #define bn_clear_top2max(a) \ | ||
332 | { \ | ||
333 | int ind = (a)->dmax - (a)->top; \ | ||
334 | BN_ULONG *ftl = &(a)->d[(a)->top-1]; \ | ||
335 | for (; ind != 0; ind--) \ | ||
336 | *(++ftl) = 0x0; \ | ||
337 | } | ||
338 | #else | ||
339 | #define bn_clear_top2max(a) | ||
340 | #endif | ||
341 | |||
342 | #ifdef BN_LLONG | 330 | #ifdef BN_LLONG |
343 | #define mul_add(r,a,w,c) { \ | 331 | #define mul_add(r,a,w,c) { \ |
344 | BN_ULLONG t; \ | 332 | BN_ULLONG t; \ |
@@ -524,88 +512,6 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_U | |||
524 | int bn_expand(BIGNUM *a, int bits); | 512 | int bn_expand(BIGNUM *a, int bits); |
525 | int bn_wexpand(BIGNUM *a, int words); | 513 | int bn_wexpand(BIGNUM *a, int words); |
526 | 514 | ||
527 | /* Bignum consistency macros | ||
528 | * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from | ||
529 | * bignum data after direct manipulations on the data. There is also an | ||
530 | * "internal" macro, bn_check_top(), for verifying that there are no leading | ||
531 | * zeroes. Unfortunately, some auditing is required due to the fact that | ||
532 | * bn_fix_top() has become an overabused duct-tape because bignum data is | ||
533 | * occasionally passed around in an inconsistent state. So the following | ||
534 | * changes have been made to sort this out; | ||
535 | * - bn_fix_top()s implementation has been moved to bn_correct_top() | ||
536 | * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and | ||
537 | * bn_check_top() is as before. | ||
538 | * - if BN_DEBUG *is* defined; | ||
539 | * - bn_check_top() tries to pollute unused words even if the bignum 'top' is | ||
540 | * consistent. (ed: only if BN_DEBUG_RAND is defined) | ||
541 | * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. | ||
542 | * The idea is to have debug builds flag up inconsistent bignums when they | ||
543 | * occur. If that occurs in a bn_fix_top(), we examine the code in question; if | ||
544 | * the use of bn_fix_top() was appropriate (ie. it follows directly after code | ||
545 | * that manipulates the bignum) it is converted to bn_correct_top(), and if it | ||
546 | * was not appropriate, we convert it permanently to bn_check_top() and track | ||
547 | * down the cause of the bug. Eventually, no internal code should be using the | ||
548 | * bn_fix_top() macro. External applications and libraries should try this with | ||
549 | * their own code too, both in terms of building against the openssl headers | ||
550 | * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it | ||
551 | * defined. This not only improves external code, it provides more test | ||
552 | * coverage for openssl's own code. | ||
553 | */ | ||
554 | |||
555 | #ifdef BN_DEBUG | ||
556 | |||
557 | /* We only need assert() when debugging */ | ||
558 | #include <assert.h> | ||
559 | |||
560 | #ifdef BN_DEBUG_RAND | ||
561 | #define bn_pollute(a) \ | ||
562 | do { \ | ||
563 | const BIGNUM *_bnum1 = (a); \ | ||
564 | if(_bnum1->top < _bnum1->dmax) { \ | ||
565 | unsigned char _tmp_char; \ | ||
566 | /* We cast away const without the compiler knowing, any \ | ||
567 | * *genuinely* constant variables that aren't mutable \ | ||
568 | * wouldn't be constructed with top!=dmax. */ \ | ||
569 | BN_ULONG *_not_const; \ | ||
570 | memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ | ||
571 | arc4random_buf(&_tmp_char, 1); \ | ||
572 | memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ | ||
573 | (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ | ||
574 | } \ | ||
575 | } while(0) | ||
576 | #else | ||
577 | #define bn_pollute(a) | ||
578 | #endif | ||
579 | |||
580 | #define bn_check_top(a) \ | ||
581 | do { \ | ||
582 | const BIGNUM *_bnum2 = (a); \ | ||
583 | if (_bnum2 != NULL) { \ | ||
584 | assert((_bnum2->top == 0) || \ | ||
585 | (_bnum2->d[_bnum2->top - 1] != 0)); \ | ||
586 | bn_pollute(_bnum2); \ | ||
587 | } \ | ||
588 | } while(0) | ||
589 | |||
590 | #define bn_fix_top(a) bn_check_top(a) | ||
591 | |||
592 | #define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) | ||
593 | #define bn_wcheck_size(bn, words) \ | ||
594 | do { \ | ||
595 | const BIGNUM *_bnum2 = (bn); \ | ||
596 | assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ | ||
597 | } while(0) | ||
598 | |||
599 | #else /* !BN_DEBUG */ | ||
600 | |||
601 | #define bn_pollute(a) | ||
602 | #define bn_check_top(a) | ||
603 | #define bn_fix_top(a) bn_correct_top(a) | ||
604 | #define bn_check_size(bn, bits) | ||
605 | #define bn_wcheck_size(bn, words) | ||
606 | |||
607 | #endif | ||
608 | |||
609 | #define bn_correct_top(a) \ | 515 | #define bn_correct_top(a) \ |
610 | { \ | 516 | { \ |
611 | BN_ULONG *ftl; \ | 517 | BN_ULONG *ftl; \ |
@@ -616,7 +522,6 @@ int bn_wexpand(BIGNUM *a, int words); | |||
616 | if (*(ftl--)) break; \ | 522 | if (*(ftl--)) break; \ |
617 | (a)->top = tmp_top; \ | 523 | (a)->top = tmp_top; \ |
618 | } \ | 524 | } \ |
619 | bn_pollute(a); \ | ||
620 | } | 525 | } |
621 | 526 | ||
622 | BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); | 527 | BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); |