Run util/openssl-format-source -v -c .

Reviewed-by: Tim Hudson <tjh@openssl.org>

1 files changed, 241 insertions, 253 deletions

diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 2ccd4777f9..de6028698e 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -109,8 +109,6 @@
  *
  */
 
-
-
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
@@ -119,259 +117,249 @@
 #include <openssl/sha.h>
 
 static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
-	{
-	unsigned char *buf=NULL;
-	int ret=0,bit,bytes,mask;
-	time_t tim;
-
-	if (bits == 0)
-		{
-		BN_zero(rnd);
-		return 1;
-		}
-
-	bytes=(bits+7)/8;
-	bit=(bits-1)%8;
-	mask=0xff<<(bit+1);
-
-	buf=(unsigned char *)OPENSSL_malloc(bytes);
-	if (buf == NULL)
-		{
-		BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	/* make a random number and set the top and bottom bits */
-	time(&tim);
-	RAND_add(&tim,sizeof(tim),0.0);
-
-	if (pseudorand)
-		{
-		if (RAND_pseudo_bytes(buf, bytes) == -1)
-			goto err;
-		}
-	else
-		{
-		if (RAND_bytes(buf, bytes) <= 0)
-			goto err;
-		}
+{
+    unsigned char *buf = NULL;
+    int ret = 0, bit, bytes, mask;
+    time_t tim;
+
+    if (bits == 0) {
+        BN_zero(rnd);
+        return 1;
+    }
+
+    bytes = (bits + 7) / 8;
+    bit = (bits - 1) % 8;
+    mask = 0xff << (bit + 1);
+
+    buf = (unsigned char *)OPENSSL_malloc(bytes);
+    if (buf == NULL) {
+        BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* make a random number and set the top and bottom bits */
+    time(&tim);
+    RAND_add(&tim, sizeof(tim), 0.0);
+
+    if (pseudorand) {
+        if (RAND_pseudo_bytes(buf, bytes) == -1)
+            goto err;
+    } else {
+        if (RAND_bytes(buf, bytes) <= 0)
+            goto err;
+    }
 
 #if 1
-	if (pseudorand == 2)
-		{
-		/* generate patterns that are more likely to trigger BN
-		   library bugs */
-		int i;
-		unsigned char c;
-
-		for (i = 0; i < bytes; i++)
-			{
-			RAND_pseudo_bytes(&c, 1);
-			if (c >= 128 && i > 0)
-				buf[i] = buf[i-1];
-			else if (c < 42)
-				buf[i] = 0;
-			else if (c < 84)
-				buf[i] = 255;
-			}
-		}
+    if (pseudorand == 2) {
+        /*
+         * generate patterns that are more likely to trigger BN library bugs
+         */
+        int i;
+        unsigned char c;
+
+        for (i = 0; i < bytes; i++) {
+            RAND_pseudo_bytes(&c, 1);
+            if (c >= 128 && i > 0)
+                buf[i] = buf[i - 1];
+            else if (c < 42)
+                buf[i] = 0;
+            else if (c < 84)
+                buf[i] = 255;
+        }
+    }
 #endif
 
-	if (top != -1)
-		{
-		if (top)
-			{
-			if (bit == 0)
-				{
-				buf[0]=1;
-				buf[1]|=0x80;
-				}
-			else
-				{
-				buf[0]|=(3<<(bit-1));
-				}
-			}
-		else
-			{
-			buf[0]|=(1<<bit);
-			}
-		}
-	buf[0] &= ~mask;
-	if (bottom) /* set bottom bit if requested */
-		buf[bytes-1]|=1;
-	if (!BN_bin2bn(buf,bytes,rnd)) goto err;
-	ret=1;
-err:
-	if (buf != NULL)
-		{
-		OPENSSL_cleanse(buf,bytes);
-		OPENSSL_free(buf);
-		}
-	bn_check_top(rnd);
-	return(ret);
-	}
-
-int     BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
-	{
-	return bnrand(0, rnd, bits, top, bottom);
-	}
-
-int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
-	{
-	return bnrand(1, rnd, bits, top, bottom);
-	}
+    if (top != -1) {
+        if (top) {
+            if (bit == 0) {
+                buf[0] = 1;
+                buf[1] |= 0x80;
+            } else {
+                buf[0] |= (3 << (bit - 1));
+            }
+        } else {
+            buf[0] |= (1 << bit);
+        }
+    }
+    buf[0] &= ~mask;
+    if (bottom)                 /* set bottom bit if requested */
+        buf[bytes - 1] |= 1;
+    if (!BN_bin2bn(buf, bytes, rnd))
+        goto err;
+    ret = 1;
+ err:
+    if (buf != NULL) {
+        OPENSSL_cleanse(buf, bytes);
+        OPENSSL_free(buf);
+    }
+    bn_check_top(rnd);
+    return (ret);
+}
+
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return bnrand(0, rnd, bits, top, bottom);
+}
+
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return bnrand(1, rnd, bits, top, bottom);
+}
 
 #if 1
-int     BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
-	{
-	return bnrand(2, rnd, bits, top, bottom);
-	}
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return bnrand(2, rnd, bits, top, bottom);
+}
 #endif
 
-
 /* random number r:  0 <= r < range */
 static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
-	{
-	int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
-	int n;
-	int count = 100;
-
-	if (range->neg || BN_is_zero(range))
-		{
-		BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
-		return 0;
-		}
-
-	n = BN_num_bits(range); /* n > 0 */
-
-	/* BN_is_bit_set(range, n - 1) always holds */
-
-	if (n == 1)
-		BN_zero(r);
-	else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
-		{
-		/* range = 100..._2,
-		 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
-		do
-			{
-			if (!bn_rand(r, n + 1, -1, 0)) return 0;
-			/* If  r < 3*range,  use  r := r MOD range
-			 * (which is either  r, r - range,  or  r - 2*range).
-			 * Otherwise, iterate once more.
-			 * Since  3*range = 11..._2, each iteration succeeds with
-			 * probability >= .75. */
-			if (BN_cmp(r ,range) >= 0)
-				{
-				if (!BN_sub(r, r, range)) return 0;
-				if (BN_cmp(r, range) >= 0)
-					if (!BN_sub(r, r, range)) return 0;
-				}
-
-			if (!--count)
-				{
-				BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
-				return 0;
-				}
-			
-			}
-		while (BN_cmp(r, range) >= 0);
-		}
-	else
-		{
-		do
-			{
-			/* range = 11..._2  or  range = 101..._2 */
-			if (!bn_rand(r, n, -1, 0)) return 0;
-
-			if (!--count)
-				{
-				BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
-				return 0;
-				}
-			}
-		while (BN_cmp(r, range) >= 0);
-		}
-
-	bn_check_top(r);
-	return 1;
-	}
-
-
-int	BN_rand_range(BIGNUM *r, const BIGNUM *range)
-	{
-	return bn_rand_range(0, r, range);
-	}
-
-int	BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
-	{
-	return bn_rand_range(1, r, range);
-	}
+{
+    int (*bn_rand) (BIGNUM *, int, int, int) =
+        pseudo ? BN_pseudo_rand : BN_rand;
+    int n;
+    int count = 100;
+
+    if (range->neg || BN_is_zero(range)) {
+        BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
+        return 0;
+    }
+
+    n = BN_num_bits(range);     /* n > 0 */
+
+    /* BN_is_bit_set(range, n - 1) always holds */
+
+    if (n == 1)
+        BN_zero(r);
+    else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
+        /*
+         * range = 100..._2, so 3*range (= 11..._2) is exactly one bit longer
+         * than range
+         */
+        do {
+            if (!bn_rand(r, n + 1, -1, 0))
+                return 0;
+            /*
+             * If r < 3*range, use r := r MOD range (which is either r, r -
+             * range, or r - 2*range). Otherwise, iterate once more. Since
+             * 3*range = 11..._2, each iteration succeeds with probability >=
+             * .75.
+             */
+            if (BN_cmp(r, range) >= 0) {
+                if (!BN_sub(r, r, range))
+                    return 0;
+                if (BN_cmp(r, range) >= 0)
+                    if (!BN_sub(r, r, range))
+                        return 0;
+            }
+
+            if (!--count) {
+                BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+                return 0;
+            }
+
+        }
+        while (BN_cmp(r, range) >= 0);
+    } else {
+        do {
+            /* range = 11..._2  or  range = 101..._2 */
+            if (!bn_rand(r, n, -1, 0))
+                return 0;
+
+            if (!--count) {
+                BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+                return 0;
+            }
+        }
+        while (BN_cmp(r, range) >= 0);
+    }
+
+    bn_check_top(r);
+    return 1;
+}
+
+int BN_rand_range(BIGNUM *r, const BIGNUM *range)
+{
+    return bn_rand_range(0, r, range);
+}
+
+int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
+{
+    return bn_rand_range(1, r, range);
+}
 
 #ifndef OPENSSL_NO_SHA512
-/* BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike
- * BN_rand_range, it also includes the contents of |priv| and |message| in the
- * generation so that an RNG failure isn't fatal as long as |priv| remains
- * secret. This is intended for use in DSA and ECDSA where an RNG weakness
- * leads directly to private key exposure unless this function is used. */
-int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM* priv,
-			  const unsigned char *message, size_t message_len,
-			  BN_CTX *ctx)
-	{
-	SHA512_CTX sha;
-	/* We use 512 bits of random data per iteration to
-	 * ensure that we have at least |range| bits of randomness. */
-	unsigned char random_bytes[64];
-	unsigned char digest[SHA512_DIGEST_LENGTH];
-	unsigned done, todo;
-	/* We generate |range|+8 bytes of random output. */
-	const unsigned num_k_bytes = BN_num_bytes(range) + 8;
-	unsigned char private_bytes[96];
-	unsigned char *k_bytes;
-	int ret = 0;
-
-	k_bytes = OPENSSL_malloc(num_k_bytes);
-	if (!k_bytes)
-		goto err;
-
-	/* We copy |priv| into a local buffer to avoid exposing its length. */
-	todo = sizeof(priv->d[0])*priv->top;
-	if (todo > sizeof(private_bytes))
-		{
-		/* No reasonable DSA or ECDSA key should have a private key
-		 * this large and we don't handle this case in order to avoid
-		 * leaking the length of the private key. */
-		BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE);
-		goto err;
-		}
-	memcpy(private_bytes, priv->d, todo);
-	memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
-
-	for (done = 0; done < num_k_bytes;) {
-		if (RAND_bytes(random_bytes, sizeof(random_bytes)) != 1)
-			goto err;
-		SHA512_Init(&sha);
-		SHA512_Update(&sha, &done, sizeof(done));
-		SHA512_Update(&sha, private_bytes, sizeof(private_bytes));
-		SHA512_Update(&sha, message, message_len);
-		SHA512_Update(&sha, random_bytes, sizeof(random_bytes));
-		SHA512_Final(digest, &sha);
-
-		todo = num_k_bytes - done;
-		if (todo > SHA512_DIGEST_LENGTH)
-			todo = SHA512_DIGEST_LENGTH;
-		memcpy(k_bytes + done, digest, todo);
-		done += todo;
-	}
-
-	if (!BN_bin2bn(k_bytes, num_k_bytes, out))
-		goto err;
-	if (BN_mod(out, out, range, ctx) != 1)
-		goto err;
-	ret = 1;
-
-err:
-	if (k_bytes)
-		OPENSSL_free(k_bytes);
-	return ret;
-	}
-#endif  /* OPENSSL_NO_SHA512 */
+/*
+ * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike
+ * BN_rand_range, it also includes the contents of |priv| and |message| in
+ * the generation so that an RNG failure isn't fatal as long as |priv|
+ * remains secret. This is intended for use in DSA and ECDSA where an RNG
+ * weakness leads directly to private key exposure unless this function is
+ * used.
+ */
+int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
+                          const BIGNUM *priv, const unsigned char *message,
+                          size_t message_len, BN_CTX *ctx)
+{
+    SHA512_CTX sha;
+    /*
+     * We use 512 bits of random data per iteration to ensure that we have at
+     * least |range| bits of randomness.
+     */
+    unsigned char random_bytes[64];
+    unsigned char digest[SHA512_DIGEST_LENGTH];
+    unsigned done, todo;
+    /* We generate |range|+8 bytes of random output. */
+    const unsigned num_k_bytes = BN_num_bytes(range) + 8;
+    unsigned char private_bytes[96];
+    unsigned char *k_bytes;
+    int ret = 0;
+
+    k_bytes = OPENSSL_malloc(num_k_bytes);
+    if (!k_bytes)
+        goto err;
+
+    /* We copy |priv| into a local buffer to avoid exposing its length. */
+    todo = sizeof(priv->d[0]) * priv->top;
+    if (todo > sizeof(private_bytes)) {
+        /*
+         * No reasonable DSA or ECDSA key should have a private key this
+         * large and we don't handle this case in order to avoid leaking the
+         * length of the private key.
+         */
+        BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE);
+        goto err;
+    }
+    memcpy(private_bytes, priv->d, todo);
+    memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
+
+    for (done = 0; done < num_k_bytes;) {
+        if (RAND_bytes(random_bytes, sizeof(random_bytes)) != 1)
+            goto err;
+        SHA512_Init(&sha);
+        SHA512_Update(&sha, &done, sizeof(done));
+        SHA512_Update(&sha, private_bytes, sizeof(private_bytes));
+        SHA512_Update(&sha, message, message_len);
+        SHA512_Update(&sha, random_bytes, sizeof(random_bytes));
+        SHA512_Final(digest, &sha);
+
+        todo = num_k_bytes - done;
+        if (todo > SHA512_DIGEST_LENGTH)
+            todo = SHA512_DIGEST_LENGTH;
+        memcpy(k_bytes + done, digest, todo);
+        done += todo;
+    }
+
+    if (!BN_bin2bn(k_bytes, num_k_bytes, out))
+        goto err;
+    if (BN_mod(out, out, range, ctx) != 1)
+        goto err;
+    ret = 1;
+
+ err:
+    if (k_bytes)
+        OPENSSL_free(k_bytes);
+    return ret;
+}
+#endif                          /* OPENSSL_NO_SHA512 */