Rewrite bn2binpad.

Rewrite bn2binpad, removing some OpenSSL specific behaviour and unnecessary
complexity. Our BN_num_bytes() does not return bogus lengths, so we don't
need to see if things work ou

Rewrite bn2binpad.

Rewrite bn2binpad, removing some OpenSSL specific behaviour and unnecessary
complexity. Our BN_num_bytes() does not return bogus lengths, so we don't
need to see if things work out with nominated outputs. Swipe away some
endianness_t, but continue to ignore negatives and don't dare give away
padded zeroes.

Implement a more readable constant time conversion. In particular, the
little endian is the less common use case, which we can implement by
reversing the padded output in place, rather than complicating all of the
conversion code.

ok beck@ tb@

show more ...

Rewrite BN_bn2mpi() using CBB.

The content is effectively a u32 length prefixed field, so use
CBB_add_u32_length_prefixed(). Use BN_bn2binpad() rather than manually
padding if we need to extend and

Rewrite BN_bn2mpi() using CBB.

The content is effectively a u32 length prefixed field, so use
CBB_add_u32_length_prefixed(). Use BN_bn2binpad() rather than manually
padding if we need to extend and use sensible variable names so that the
code becomes more readable.

Note that since CBB can fail we now need to be able to indicate failure.
This means that BN_bn2mpi() can now return -1 when it would not have
previously (correct callers will check that BN_bn2mpi() returns a positive
length).

ok tb@

show more ...

bn_convert: zap extra blank line

Rewrite BN_mpi2bn() using CBS and bn_bin2bn_cbs().

ok tb@

Rewrite BN_lebin2bn() using CBS.

We get an implementation of this for free by having bn_bin2bn_cbs() use
CBS_get_u8() instead of CBS_get_last_u8().

ok tb@

Invert BN_BITS2 handling in bn_bin2bn_cbs() and bn_hex2bn_cbs().

This results in simpler code.

Suggested by tb@ during review.

Rewrite BN_bin2bn() using CBS.

ok tb@

Rename bn_expand() to bn_expand_bits().

Also change the bits type from int to size_t, since that's what the callers
are passing and we can avoid unnecessary input validation.

ok tb@

Reimplement BN_print() and BN_print_fp()

These can now use the internal version of BN_bn2hex() and be direct
wrappers of BIO_printf() and fprintf() as they should have been all
along.

ok jsing

Refactor BN_bn2hex()

Various outputting functions are variants of BN_bn2hex(). They do not
want a sign or they display the BIGNUM at nibble granularity instead
of byte granularity. So add this funct

Refactor BN_bn2hex()

Various outputting functions are variants of BN_bn2hex(). They do not
want a sign or they display the BIGNUM at nibble granularity instead
of byte granularity. So add this functionality to an internal variant
of BN_bn2hex().

with/ok jsing

show more ...

Hide symbols in bn

ok tb@

Avoid crash in BN_asc2bn()

Historically (and currently in OpenSSL), BN_asc2bn() could be called with
NULL, but only for positive numbers. So BN_asc2bn(NULL, "1") would succeed
but BN_asc2bn(NULL, "-

Avoid crash in BN_asc2bn()

Historically (and currently in OpenSSL), BN_asc2bn() could be called with
NULL, but only for positive numbers. So BN_asc2bn(NULL, "1") would succeed
but BN_asc2bn(NULL, "-1"), would crash. The other *2bn functions return a
length, so accepting a NULL makes some sense since it allows callers to
skip over part of the string just parsed (atoi-style).

For BN_asc2bn() a NULL bn makes no sense because it returns a boolean. The
recent CBS rewrite makes BN_asc2bn(NULL, *) always crash which in turn made
Coverity throw a fit.

Another change of behavior from that rewrite pertains to accidents (or is
it madness?) like -0x-11 and 0x-11 being parsed as decimal -17 (which Ingo
of course spotted and diligently documented). This will be addressed later.

ok jsing

show more ...

Fix return check of bn_hex2bn_cbs()

It returns a length, not a Boolean, so check for 0 explicitly. This is
purely cosmetic.

ok jsing

typo: hexidecimal -> hexadecimal

Rewrite BN_{asc,dec,hex}2bn() using CBS.

This gives us more readable and safer code. There are two intentional
changes to behaviour - firstly, all three functions zero any BN that was
passed in, pri

Rewrite BN_{asc,dec,hex}2bn() using CBS.

This gives us more readable and safer code. There are two intentional
changes to behaviour - firstly, all three functions zero any BN that was
passed in, prior to doing any further processing. This means that a passed
BN is always in a known state, regardless of what happens later. Secondly,
BN_asc2bn() now fails on NULL input, rather than crashing. This brings its
behaviour inline with BN_dec2bn() and BN_hex2bn().

ok tb@

show more ...

Rewrite BN_bn2hex() using CBB/CBS.

ok tb@

Rewrite BN_bn2dec() using CBB/CBS.

ok tb@

Rename Hex array to hex_digits.

ok tb@

Move the BN_bn2bin()/BN_bin2bn() family to bn_convert.c

Reorder functions.

No functional change.

Move BN_options() from bn_convert.c to bn_lib.c

Move BN_bn2mpi()/BN_mpi2bn() into bn_convert.c

Rename the largely misnamed bn_print.c to bn_convert.c

This file primarily contains the various BN_bn2*() and BN_*2bn() functions
(along with BN_print() and BN_options()). More function shuffling wi

Rename the largely misnamed bn_print.c to bn_convert.c

This file primarily contains the various BN_bn2*() and BN_*2bn() functions
(along with BN_print() and BN_options()). More function shuffling will
follow.

Discussed with tb@

show more ...