From bff11e9112f1d247c4b0c3dcdf0a019d45da85c2 Mon Sep 17 00:00:00 2001
From: Pieter Wuille <pieter.wuille@gmail.com>
Date: Sun, 26 Oct 2014 05:38:54 -0700
Subject: [PATCH] Verify num=openssl initialization and check repeatability

---
 src/num_openssl.h      |   3 ++
 src/num_openssl_impl.h | 102 +++++++++++++++++++++++++++++++++++++++++
 src/tests.c            |   2 +
 3 files changed, 107 insertions(+)

diff --git a/src/num_openssl.h b/src/num_openssl.h
index 7d03757f68..bb4df38a13 100644
--- a/src/num_openssl.h
+++ b/src/num_openssl.h
@@ -9,6 +9,9 @@
 
 typedef struct {
     BIGNUM bn;
+#ifdef VERIFY
+    void* init;
+#endif
 } secp256k1_num_t;
 
 #endif
diff --git a/src/num_openssl_impl.h b/src/num_openssl_impl.h
index ba98c0e485..b29bb76bcd 100644
--- a/src/num_openssl_impl.h
+++ b/src/num_openssl_impl.h
@@ -15,22 +15,40 @@
 #include "num.h"
 
 void static secp256k1_num_init(secp256k1_num_t *r) {
+#ifdef VERIFY
+    VERIFY_CHECK(r->init != r);
+    r->init = r;
+#endif
     BN_init(&r->bn);
 }
 
 void static secp256k1_num_free(secp256k1_num_t *r) {
+#ifdef VERIFY
+    VERIFY_CHECK(r->init == r);
+    r->init = NULL;
+#endif
     BN_free(&r->bn);
 }
 
 void static secp256k1_num_clear(secp256k1_num_t *r) {
+#ifdef VERIFY
+    VERIFY_CHECK(r->init == r);
+#endif
     BN_clear(&r->bn);
 }
 
 void static secp256k1_num_copy(secp256k1_num_t *r, const secp256k1_num_t *a) {
+#ifdef VERIFY
+    VERIFY_CHECK(r->init == r);
+    VERIFY_CHECK(a->init == a);
+#endif
     BN_copy(&r->bn, &a->bn);
 }
 
 void static secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num_t *a) {
+#ifdef VERIFY
+    VERIFY_CHECK(a->init == a);
+#endif
     unsigned int size = BN_num_bytes(&a->bn);
     VERIFY_CHECK(size <= rlen);
     memset(r,0,rlen);
@@ -38,91 +56,164 @@ void static secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const sec
 }
 
 void static secp256k1_num_set_bin(secp256k1_num_t *r, const unsigned char *a, unsigned int alen) {
+#ifdef VERIFY
+    VERIFY_CHECK(r->init == r);
+#endif
     BN_bin2bn(a, alen, &r->bn);
 }
 
 void static secp256k1_num_set_int(secp256k1_num_t *r, int a) {
+#ifdef VERIFY
+    VERIFY_CHECK(r->init == r);
+#endif
     BN_set_word(&r->bn, a < 0 ? -a : a);
     BN_set_negative(&r->bn, a < 0);
 }
 
 void static secp256k1_num_mod_inverse(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *m) {
+#ifdef VERIFY
+    VERIFY_CHECK(r->init == r);
+    VERIFY_CHECK(a->init == a);
+    VERIFY_CHECK(m->init == m);
+#endif
     BN_CTX *ctx = BN_CTX_new();
     BN_mod_inverse(&r->bn, &a->bn, &m->bn, ctx);
     BN_CTX_free(ctx);
 }
 
 void static secp256k1_num_mod_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, const secp256k1_num_t *m) {
+#ifdef VERIFY
+    VERIFY_CHECK(r->init == r);
+    VERIFY_CHECK(a->init == a);
+    VERIFY_CHECK(b->init == b);
+    VERIFY_CHECK(m->init == m);
+#endif
     BN_CTX *ctx = BN_CTX_new();
     BN_mod_mul(&r->bn, &a->bn, &b->bn, &m->bn, ctx);
     BN_CTX_free(ctx);
 }
 
 int static secp256k1_num_cmp(const secp256k1_num_t *a, const secp256k1_num_t *b) {
+#ifdef VERIFY
+    VERIFY_CHECK(a->init == a);
+    VERIFY_CHECK(b->init == b);
+#endif
     return BN_ucmp(&a->bn, &b->bn);
 }
 
 int static secp256k1_num_eq(const secp256k1_num_t *a, const secp256k1_num_t *b) {
+#ifdef VERIFY
+    VERIFY_CHECK(a->init == a);
+    VERIFY_CHECK(b->init == b);
+#endif
     return BN_cmp(&a->bn, &b->bn) == 0;
 }
 
 void static secp256k1_num_add(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
+#ifdef VERIFY
+    VERIFY_CHECK(r->init == r);
+    VERIFY_CHECK(a->init == a);
+    VERIFY_CHECK(b->init == b);
+#endif
     BN_add(&r->bn, &a->bn, &b->bn);
 }
 
 void static secp256k1_num_sub(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
+#ifdef VERIFY
+    VERIFY_CHECK(r->init == r);
+    VERIFY_CHECK(a->init == a);
+    VERIFY_CHECK(b->init == b);
+#endif
     BN_sub(&r->bn, &a->bn, &b->bn);
 }
 
 void static secp256k1_num_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
+#ifdef VERIFY
+    VERIFY_CHECK(r->init == r);
+    VERIFY_CHECK(a->init == a);
+    VERIFY_CHECK(b->init == b);
+#endif
     BN_CTX *ctx = BN_CTX_new();
     BN_mul(&r->bn, &a->bn, &b->bn, ctx);
     BN_CTX_free(ctx);
 }
 
 void static secp256k1_num_div(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
+#ifdef VERIFY
+    VERIFY_CHECK(r->init == r);
+    VERIFY_CHECK(a->init == a);
+    VERIFY_CHECK(b->init == b);
+#endif
     BN_CTX *ctx = BN_CTX_new();
     BN_div(&r->bn, NULL, &a->bn, &b->bn, ctx);
     BN_CTX_free(ctx);
 }
 
 void static secp256k1_num_mod(secp256k1_num_t *r, const secp256k1_num_t *m) {
+#ifdef VERIFY
+    VERIFY_CHECK(r->init == r);
+    VERIFY_CHECK(m->init == m);
+#endif
     BN_CTX *ctx = BN_CTX_new();
     BN_nnmod(&r->bn, &r->bn, &m->bn, ctx);
     BN_CTX_free(ctx);
 }
 
 int static secp256k1_num_bits(const secp256k1_num_t *a) {
+#ifdef VERIFY
+    VERIFY_CHECK(a->init == a);
+#endif
     return BN_num_bits(&a->bn);
 }
 
 int static secp256k1_num_shift(secp256k1_num_t *r, int bits) {
+#ifdef VERIFY
+    VERIFY_CHECK(r->init == r);
+#endif
     int ret = BN_is_zero(&r->bn) ? 0 : r->bn.d[0] & ((1 << bits) - 1);
     BN_rshift(&r->bn, &r->bn, bits);
     return ret;
 }
 
 int static secp256k1_num_is_zero(const secp256k1_num_t *a) {
+#ifdef VERIFY
+    VERIFY_CHECK(a->init == a);
+#endif
     return BN_is_zero(&a->bn);
 }
 
 int static secp256k1_num_is_odd(const secp256k1_num_t *a) {
+#ifdef VERIFY
+    VERIFY_CHECK(a->init == a);
+#endif
     return BN_is_odd(&a->bn);
 }
 
 int static secp256k1_num_is_neg(const secp256k1_num_t *a) {
+#ifdef VERIFY
+    VERIFY_CHECK(a->init == a);
+#endif
     return BN_is_negative(&a->bn);
 }
 
 int static secp256k1_num_get_bit(const secp256k1_num_t *a, int pos) {
+#ifdef VERIFY
+    VERIFY_CHECK(a->init == a);
+#endif
     return BN_is_bit_set(&a->bn, pos);
 }
 
 void static secp256k1_num_inc(secp256k1_num_t *r) {
+#ifdef VERIFY
+    VERIFY_CHECK(r->init == r);
+#endif
     BN_add_word(&r->bn, 1);
 }
 
 void static secp256k1_num_set_hex(secp256k1_num_t *r, const char *a, int alen) {
+#ifdef VERIFY
+    VERIFY_CHECK(r->init == r);
+#endif
     char *str = (char*)malloc(alen+1);
     memcpy(str, a, alen);
     str[alen] = 0;
@@ -132,6 +223,9 @@ void static secp256k1_num_set_hex(secp256k1_num_t *r, const char *a, int alen) {
 }
 
 void static secp256k1_num_get_hex(char *r, int rlen, const secp256k1_num_t *a) {
+#ifdef VERIFY
+    VERIFY_CHECK(a->init == a);
+#endif
     char *str = BN_bn2hex(&a->bn);
     int len = strlen(str);
     VERIFY_CHECK(rlen >= len);
@@ -142,12 +236,20 @@ void static secp256k1_num_get_hex(char *r, int rlen, const secp256k1_num_t *a) {
 }
 
 void static secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const secp256k1_num_t *a, int bits) {
+#ifdef VERIFY
+    VERIFY_CHECK(a->init == a);
+    VERIFY_CHECK(rl->init == rl);
+    VERIFY_CHECK(rh->init == rh);
+#endif
     BN_copy(&rl->bn, &a->bn);
     BN_rshift(&rh->bn, &a->bn, bits);
     BN_mask_bits(&rl->bn, bits);
 }
 
 void static secp256k1_num_negate(secp256k1_num_t *r) {
+#ifdef VERIFY
+    VERIFY_CHECK(r->init == r);
+#endif
     BN_set_negative(&r->bn, !BN_is_negative(&r->bn));
 }
 
diff --git a/src/tests.c b/src/tests.c
index e5d27f72c7..9f484f3bc1 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -746,6 +746,8 @@ int main(int argc, char **argv) {
     run_ecdsa_openssl();
 #endif
 
+    printf("random run = %llu\n", (unsigned long long)secp256k1_rand32() + (unsigned long long)secp256k1_rand32() << 32);
+
     // shutdown
     secp256k1_stop();
     return 0;