Commit graph

573 commits

Author SHA1 Message Date
Bodo Möller
5679bcce07 make RSA blinding thread-safe 2003-04-02 09:50:22 +00:00
Richard Levitte
78951e7711 Make sure we get the definition of OPENSSL_NO_ERR. 2003-03-20 23:19:41 +00:00
Ulf Möller
66ecdf3bfb more mingw related cleanups. 2003-02-22 18:00:14 +00:00
Ben Laurie
2619676256 Old-style callbacks can be NULL! 2003-02-01 20:58:59 +00:00
Andy Polyakov
722d17cbac This is an *initial* tune-up. This update puts Itanium2 back on par with
Itanium. I mean if overall performance improvement over C version was X
for Itanium, it's X even for Itanium2.
2003-01-19 21:29:59 +00:00
Richard Levitte
2f09524501 A few more files to ignore 2003-01-16 21:32:56 +00:00
Richard Levitte
f8ea5cb579 Make sure everything that may be freed is allocated or initiated.
PR: 446
2003-01-10 08:59:46 +00:00
Andy Polyakov
699543e4a2 Finalizing asm support for UnixWare, SCO, OpenUnix... Note that I've
replaced #if logic around bn_sub_part_words in bn_mul.c. I rely upon
OPENSSL_BN_ASM_PART_WORDS being added by ./Configure script. Would it
still work on non-Unix platforms?
2003-01-09 08:42:04 +00:00
Andy Polyakov
3cc9a89dda Unified targets for ELF assembler modules. Tested on Linux, Solaris and
FreeBSD. Goal is to extend support even to SCO5, UnixWare/OpenUnix...
2003-01-03 17:37:53 +00:00
Andy Polyakov
46a0d4fbcb Support for ILP32 on HPUX-IA64. 2003-01-03 15:10:46 +00:00
Andy Polyakov
04945fda66 pa-risc2.s was not PIC, see RT#426. I strip call to fprintf as it's
never called anyway (it's a debugging assertion). If pa-risc2W.s is
PIC remains to be seen...
2003-01-03 10:52:40 +00:00
Richard Levitte
e9883d285d Finally, a bn_div_words() in VAX assembler that goes through all tests.
PR: 413
2002-12-23 11:25:51 +00:00
Andy Polyakov
316bfb77b5 Fix for "shift count too large" when compiling for hpux-parisc2 and
irix-mips. The bug was introduced with accelerated support for x86_64.
My fault! Fixed now.
2002-12-20 18:11:30 +00:00
Richard Levitte
9b58214e4a More accurate comments. 2002-12-20 16:38:36 +00:00
Richard Levitte
3c801fa460 A little debugging. 2002-12-20 16:38:06 +00:00
Andy Polyakov
2f98abbcb6 x86_64 performance patch. 2002-12-14 20:42:05 +00:00
Richard Levitte
0edad88a31 make update 2002-12-09 02:19:27 +00:00
Geoff Thorpe
e189872486 Nils Larsch submitted;
- a patch to fix a memory leak in rsa_gen.c
  - a note about compiler warnings with unions
  - a note about improving structure element names

This applies his patch and implements a solution to the notes.
2002-12-08 16:45:26 +00:00
Geoff Thorpe
e9224c7177 This is a first-cut at improving the callback mechanisms used in
key-generation and prime-checking functions. Rather than explicitly passing
callback functions and caller-defined context data for the callbacks, a new
structure BN_GENCB is defined that encapsulates this; a pointer to the
structure is passed to all such functions instead.

This wrapper structure allows the encapsulation of "old" and "new" style
callbacks - "new" callbacks return a boolean result on the understanding
that returning FALSE should terminate keygen/primality processing.  The
BN_GENCB abstraction will allow future callback modifications without
needing to break binary compatibility nor change the API function
prototypes. The new API functions have been given names ending in "_ex" and
the old functions are implemented as wrappers to the new ones.  The
OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined,
declaration of the older functions will be skipped. NB: Some
openssl-internal code will stick with the older callbacks for now, so
appropriate "#undef" logic will be put in place - this is in case the user
is *building* openssl (rather than *including* its headers) with this
symbol defined.

There is another change in the new _ex functions; the key-generation
functions do not return key structures but operate on structures passed by
the caller, the return value is a boolean. This will allow for a smoother
transition to having key-generation as "virtual function" in the various
***_METHOD tables.
2002-12-08 05:24:31 +00:00
Richard Levitte
6ab285bf4c I think I got it now. Apparently, the case of having to shift down
the divisor was a bit more complex than I first saw.  The lost bit
can't just be discarded, as there are cases where it is important.
For example, look at dividing 320000 with 80000 vs. 80001 (all
decimals), the difference is crucial.  The trick here is to check if
that lost bit was 1, and in that case, do the following:

1. subtract the quotient from the remainder
2. as long as the remainder is negative, add the divisor (the whole
   divisor, not the shofted down copy) to it, and decrease the
   quotient by one.

There's probably a nice mathematical proof for this already, but I
won't bother with that, unless someone requests it from me.
2002-12-02 21:31:45 +00:00
Richard Levitte
1d3159bcca Make some names consistent. 2002-12-02 02:40:27 +00:00
Richard Levitte
f60ceb54eb Through some experimentation and thinking, I think I finally got the
proper implementation of bn_div_words() for VAX.

If the tests go through well, the next step will be to test on Alpha.
2002-12-02 02:28:27 +00:00
Richard Levitte
0f995b2f40 Small bugfix: even when r == d, we need to adjust r and q.
PR: 366
2002-12-01 02:17:23 +00:00
Richard Levitte
a678430602 Redo the VAX assembler version of bn_div_words().
PR: 366
2002-12-01 00:49:36 +00:00
Richard Levitte
43d601641f A few more memset()s converted to OPENSSL_cleanse().
I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343
2002-11-29 11:30:45 +00:00
Richard Levitte
55f78baf32 Have all tests use EXIT() to exit rather than exit(), since the latter doesn't
always give the expected result on some platforms.
2002-11-28 18:54:30 +00:00
Richard Levitte
2047bda6fb Unused variable removed. 2002-11-27 13:40:41 +00:00
Richard Levitte
821385ad00 Fix an unsigned/signed mismatch. 2002-11-19 11:28:28 +00:00
Richard Levitte
8d6e60486f Fix to build better with DJGPP.
PR: 338

Here's the description, submitted by Gisle Vanem <giva@bgnett.no>:

1. sock_init() renamed to ssl_sock_init() in ./apps/s_socket.c due
   to name-clash with Watt-32.

2. rand() renamed to Rand() in ./crypto/bn/divtest.c due to name-clash
   with <stdlib.h>

3. Added calls to dbug_init()/sock_init() in some demo programs.

4. Changed cflags/lflags in configure. Watt-32 install root now taken
   from $WATT_ROOT.
2002-11-14 11:22:01 +00:00
Bodo Möller
b53e44e572 implement and use new macros BN_get_sign(), BN_set_sign()
Submitted by: Nils Larsch
2002-11-04 13:17:22 +00:00
Richard Levitte
b5148cf1f7 synchronise util/libeay.num with the 0.9.7-stable variant (guys, this
is something we really need to keep track of!).
make update
2002-10-29 14:48:57 +00:00
Bodo Möller
90a617e050 avoid warnings ('index' shadows global declaration)
Submitted by: Nils Larsch
2002-10-29 11:50:20 +00:00
Bodo Möller
259cdf2af9 Sun has agreed to removing the covenant language from most files.
Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>
2002-10-29 10:59:32 +00:00
Bodo Möller
6c950e0dc9 'covenant HOWTO' (what to do about the Sun covenant if you modify the code)
Submitted by: Bodo Moeller
2002-10-29 10:58:07 +00:00
Bodo Möller
19b8d06a79 clean up new code for NIST primes
create new lock CRYPTO_LOCK_BN to avoid race condition
2002-10-28 14:02:19 +00:00
Bodo Möller
5c6bf03117 fast reduction for NIST curves
Submitted by: Nils Larsch
2002-10-28 13:23:24 +00:00
Richard Levitte
e15ea3d9e1 When BN_add_word() reaches top, it shouldn't try to add the the corresponding
word, since that word may not be zero.
2002-10-14 11:33:32 +00:00
Richard Levitte
001ab3abad Use double dashes so makedepend doesn't misunderstand the flags we
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Bodo Möller
c237de058f don't write beyond buffer
Submitted by: Nils Larsch
2002-08-27 13:32:35 +00:00
Richard Levitte
f13ddd5d0a Do not use the word 'modulus', which is a class template name in VC++ 6.0/SP5.
PR: 216, point 3
2002-08-12 21:20:25 +00:00
Bodo Möller
7a8645d171 avoid SIGSEGV
Submitted by: Nils Larsch, Douglas Stebila
2002-08-07 07:53:47 +00:00
Bodo Möller
d28735a05b oops, undo previous change (was just for testing) 2002-08-03 18:28:34 +00:00
Bodo Möller
183847747a fix bn_expand2 2002-08-03 18:27:47 +00:00
Bodo Möller
bac6012308 use bn_wexpand instead of bn_expand2 (the latter is not needed here,
and it does not yet work correctly)

Submitted by: Douglas Stebila
2002-08-03 17:51:29 +00:00
Bodo Möller
909abce800 disable Sun divison algorithm by default 2002-08-02 18:26:02 +00:00
Bodo Möller
33d4e690cc fix bn_expand2 2002-08-02 18:23:55 +00:00
Bodo Möller
d3bcbba45c remove obsolete part of comment 2002-08-02 15:13:10 +00:00
Bodo Möller
0903e56196 remove obsoleted disabled code 2002-08-02 15:07:08 +00:00
Bodo Möller
95ecacf8a2 Let BN_rand_range() abort with an error after 100 iterations
without success.
2002-08-02 15:02:03 +00:00
Bodo Möller
6fb60a84dd Change BN_mod_sqrt() so that it verifies that the input value is
really the square of the return value.
2002-08-02 14:57:53 +00:00
Bodo Möller
5af7d1a3b8 move GF2m tests to the end 2002-08-02 14:49:59 +00:00
Bodo Möller
35b73a1f20 Rename implementations of method functions so that they match
the new method names where _GF... suffixes have been removed.

Revert changes to ..._{get/set}_Jprojective_coordinates_...:
The current implementation for ECC over binary fields does not use
projective coordinates, and if it did, it would not use Jacobian
projective coordinates; so it's OK to use the ..._GFp prefix for all
this.

Add author attributions to some files so that it doesn't look
as if Sun wrote all of this :-)
2002-08-02 14:28:37 +00:00
Bodo Möller
1dc920c8de Binary field arithmetic contributed by Sun Microsystems.
The 'OPENSSL_NO_SUN_DIV' default is still subject to change,
so I didn't bother to finish the CHANGES entry yet.

Submitted by: Douglas Stebila <douglas.stebila@sun.com>, Sheueling Chang <sheueling.chang@sun.com>
(CHANGES entry by Bodo Moeller)
2002-08-02 13:03:55 +00:00
Bodo Möller
12593e6f45 Move zeroing from bn_expand_internal() to bn_expand2() so that it
happens reliably, even if the BIGNUM is already sufficiently large.

[Note that the bn_expand()/bn_wexpand() macros call bn_expand2() only
if the BIGNUM actually has to grow, so this change does not add any
new overhead as currently bn_expand2() is never called directly.]
2002-07-25 12:12:39 +00:00
Bodo Möller
5c9396e37c remove obsolete comment 2002-07-10 08:39:05 +00:00
Richard Levitte
17085b022c Pass CFLAG to dependency makers, so non-standard system include paths are
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Richard Levitte
451dc18f10 Add support for DJGPP.
PR: 75
2002-06-13 20:42:35 +00:00
Richard Levitte
9cdf87f194 Check the return values where memory allocation failures may happen.
PR: 49
2002-05-30 16:47:45 +00:00
Dr. Stephen Henson
dc014d43af Fallback to normal multiply if n2 == 8 and dna or dnb is not zero
in bn_mul_recursive.

This is (hopefully) what was triggering bignum errors on 64 bit
platforms and causing the BN_mod_mul test to fail.
2002-05-10 22:18:13 +00:00
Dr. Stephen Henson
2f9cf160e4 Avoid gcc warning: BN_DEC_CONV when SIXTY_FOUR_BIT is defined is unsigned. 2002-05-10 22:07:37 +00:00
Bodo Möller
d5c21afd4b add missing declaration
Submitted by: Nils Larsch
2002-03-25 23:15:21 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Bodo Möller
66df02fd98 fix BN_rand_range 2001-12-14 10:09:29 +00:00
Richard Levitte
b476df64a1 make update
perl util/mkerr.pl -recurse -write -rebuild
2001-11-15 12:25:14 +00:00
Bodo Möller
c5d4ab7e35 adjust to OpenSSL_0_9_6-stable version 2001-11-09 13:09:11 +00:00
Ulf Möller
5dd955dcd2 openbsd-x86 macros
Submitted by: Toomas Kiisk <vix@cyber.ee>
2001-10-14 00:57:30 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Geoff Thorpe
534aaf3731 "make update". 2001-09-25 20:39:59 +00:00
Ulf Möller
d98a4b7366 bug fix: bn_sqr_recursive output is twice its input size. 2001-09-05 04:43:43 +00:00
Bodo Möller
435037d4e4 OpenSSL copyright notices ... 2001-09-04 11:02:23 +00:00
Geoff Thorpe
91b3f0e691 Correct a typo. 2001-09-03 17:24:27 +00:00
Bodo Möller
983495c4b2 Use uniformly chosen witnesses for Miller-Rabin test
(by using new BN_pseudo_rand_range function)
2001-09-03 12:58:16 +00:00
Richard Levitte
710e5d5639 make update 2001-07-31 17:07:24 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Andy Polyakov
6d03b73e35 Enhanced support for IA-64 Linux and HP-UX (as well as better support for
HP-UX in common in ./config). Note that for the moment of this writing
none of 64-bit platforms pass bntest. I'm committing this anyway as it's
too frustrating to patch snapshots over and over while 0.9.6 is known to
work.
2001-07-30 16:42:15 +00:00
Andy Polyakov
622d3d3592 Support for Intel and HP-UXi assemblers. 2001-07-30 15:54:13 +00:00
Andy Polyakov
19a6e8b32c This fixes "Spurious test failures on IRIX?" reported in April. Apparently
I was wrong in conclusions about when addition starts overflowing in combaX
routines.
2001-06-22 19:17:42 +00:00
Andy Polyakov
52c0d30078 Get rid of "possible WAW dependency" warnings.
Submitted by:
Reviewed by:
PR:
2001-06-11 12:47:52 +00:00
Andy Polyakov
a95541d61e Get rid of RAW dependency warnings.
Submitted by:
Reviewed by:
PR:
2001-05-30 22:01:33 +00:00
Andy Polyakov
4cb73bf8e4 Assembler support for IA-64. See the source code commentary for further
details (performance numbers and accompanying discussions:-). Note that
the code is not engaged in ./Configure yet. I'll add it later this week
along with updates for .spec file.

Submitted by:
Reviewed by:
PR:
2001-05-28 20:02:51 +00:00
Richard Levitte
81b5eeed6a branch on equal is beql, not beq... 2001-05-14 22:10:09 +00:00
Bodo Möller
1f224bf029 Adjust BN_mod_inverse algorithm selection according to experiments on
Ultra-Sparcs (both 32-bit and 64-bit compilations)
2001-04-09 09:28:24 +00:00
Bodo Möller
ac0f1d0b14 comment 2001-04-08 18:47:23 +00:00
Bodo Möller
124d8cf701 code documentation 2001-04-08 18:41:35 +00:00
Bodo Möller
7d0d0996aa binary algorithm for modular inversion 2001-04-08 18:23:44 +00:00
Andy Polyakov
500230ee94 The IRIX fix. Asm recap and corresponding declation.
Submitted by:
Reviewed by:
PR:
2001-03-27 22:30:46 +00:00
Bodo Möller
4f69172d25 Completely remove mont2 stuff.
It does not appear to be faster than the current Montgomery code
except for very small moduli (somewhere between 192 and 224 bits
in a 64-bit Sun environment, and even less than 192 bits
on 32 bit systems).
2001-03-15 18:17:40 +00:00
Bodo Möller
5b054c6955 EC_METHOD based on bn_mont2 (not used in the library) 2001-03-11 17:43:07 +00:00
Bodo Möller
48fe4d6233 More EC stuff, including EC_POINTs_mul() for simultaneous scalar
multiplication of an arbitrary number of points.
2001-03-10 23:18:35 +00:00
Bodo Möller
4e20b1a656 Instead of telling both 'make' and the user that ranlib
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
2001-03-09 14:01:42 +00:00
Richard Levitte
754d494bef Bug fixes. 2001-03-09 01:13:23 +00:00
Bodo Möller
156e85578d Implement EC_GFp_mont_method. 2001-03-08 20:55:16 +00:00
Bodo Möller
ff612904d2 Comment 2001-03-08 16:53:30 +00:00
Bodo Möller
c62b26fdc6 Hide BN_CTX structure details.
Incease the number of BIGNUMs in a BN_CTX.
2001-03-08 15:56:15 +00:00
Bodo Möller
98499135d7 Constify BN_value_one. 2001-03-08 13:58:09 +00:00
Bodo Möller
226cc7ded4 More method functions for EC_GFp_simple_method. 2001-03-08 01:23:28 +00:00
Richard Levitte
70d70a3c81 Code for better build under Darwin (MacOS X).
Submitted by Brad Dominy <jdominy@darwinuser.org>
2001-03-07 10:04:00 +00:00
Dr. Stephen Henson
3d2e469cfa Fix a bug which caused BN_div to produce the
wrong result if rm==num and num < 0.
2001-02-28 00:51:48 +00:00
Richard Levitte
41d2a336ee e_os.h does not belong with the exported headers. Do not put it there
and make all files the depend on it include it without prefixing it
with openssl/.

This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Richard Levitte
a5bc1e8568 Use e_os2.h rather than opensslconf.h, since some needed macros are
defined there.
2001-02-22 14:37:50 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Bodo Möller
f2bc668429 Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1.
Mention BN_[pseudo_]rand with top=-1 in CHANGES.
2001-02-20 08:10:38 +00:00
Richard Levitte
8120813066 Use new-style system-id macros. 2001-02-20 07:43:22 +00:00
Ulf Möller
335c4f0966 BN_rand_range() needs a BN_rand() variant that doesn't set the MSB. 2001-02-20 00:23:07 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Bodo Möller
e306892994 Simplify BN_rand_range 2001-02-10 00:34:02 +00:00
Bodo Möller
792e2ce7f4 Another comment change. (Previous comment does not apply
for range = 11000000... or range = 100000...)
2001-02-08 12:34:08 +00:00
Bodo Möller
3952584571 Change comments. (The expected number of iterations in BN_rand_range
never exceeds 1.333...).
2001-02-08 12:27:22 +00:00
Bodo Möller
a5d2acfc79 oops -- remove observation code 2001-02-08 12:24:41 +00:00
Bodo Möller
35ed8cb8b6 Integrate my implementation of a countermeasure against
Bleichenbacher's DSA attack.  With this implementation, the expected
number of iterations never exceeds 2.

New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
     min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
     min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
2001-02-08 12:14:51 +00:00
Ulf Möller
57e7d3ce15 Bleichenbacher's DSA attack 2001-02-07 22:24:35 +00:00
Ulf Möller
75802000c8 There is no C version of bn_div_3_words 2001-01-23 16:26:15 +00:00
Bodo Möller
137e601277 The C version of bn_sub_part_words is needed not only
in NO_ASM configurations
2000-12-15 10:54:03 +00:00
Bodo Möller
09f4bd2a39 Very few in the "README" is up-to-date 2000-12-15 10:42:11 +00:00
Bodo Möller
3b28dbce7e The BN_mul bug test apparently is no longer needed 2000-12-14 17:46:36 +00:00
Richard Levitte
53b407da84 Problem: bn_mul_normal() misbehaves if the size of b is 0.
Solution: multiply a with 0, putting the result in r, and return.
2000-12-13 15:29:29 +00:00
Richard Levitte
765e531159 In bn_mul_recursive(), make sure the comba routines are only called
when both a and b are of the exact right size.  This may change to
something better later.
2000-12-13 14:47:06 +00:00
Dr. Stephen Henson
2aff7727f7 Rewrite the extension code to use an ASN1_ITEM structure
for its ASN1 operations as well as the old style function
pointers (i2d, d2i, new, free). Change standard extensions
to support this.

Fix a warning in BN_mul(), bn_mul.c about uninitialised 'j'.
2000-12-13 13:47:33 +00:00
Ulf Möller
15156cce0e bn_part_sub_word prototype. 2000-12-08 19:10:33 +00:00
Bodo Möller
8dea52fa42 Fix some things that look like bugs.
One problem that looked like a problem in bn_recp.c at first turned
out to be a BN_mul bug.  An example is given in bn_recp.c; finding
the bug responsible for this is left as an exercise.
2000-12-07 22:06:09 +00:00
Bodo Möller
f7356b677b TEST_MUL and TEST_SQR added. 2000-12-07 11:11:10 +00:00
Bodo Möller
80d89e6a6a Sign-related fixes (and tests).
BN_mod_exp_mont does not work properly yet if modulus m
is negative (we want computations to be carried out
modulo |m|).
2000-12-07 08:48:58 +00:00
Bodo Möller
bc5f2740d2 Move 'q->neg = 0' to those places where it is needed
(just in cases someone uses a negative modulus)
2000-12-07 07:55:26 +00:00
Bodo Möller
aa66eba7c8 BN_mod_sqrt documentation/comment 2000-12-06 21:33:58 +00:00
Ulf Möller
3bb4736289 remove a comment that shouldn't have been there any more 2000-12-06 16:30:23 +00:00
Bodo Möller
bac685417a Faster BN_mod_sqrt algorithm for p == 5 (8). 2000-12-06 12:25:33 +00:00
Bodo Möller
0a52d38b31 Use bc's "print" feature whenever it is available,
not just on certain platforms.
2000-12-06 10:32:55 +00:00
Ulf Möller
a6576c56dd remove useless instruction 2000-12-06 04:48:50 +00:00
Ulf Möller
240f516939 Intel assembler version for bn_sub_part_words(). I haven't got
reliable timings yet, please try it out!
2000-12-06 04:16:38 +00:00
Ulf Möller
aecb0b018f test_mod_mul is useful, let's run it more often. 2000-12-06 04:14:30 +00:00
Ulf Möller
90e7ce363a Use assert as in the rest of the BN library. 2000-12-05 02:00:40 +00:00
Richard Levitte
6a2347ee45 Remove the last bn_wexpand()s that made us break constness. Of
course, that means we need to handle the cases where the two arrays to
bn_mul_recursive() and bn_mul_part_recursive() differ in size.

I haven't yet changed the comments that describe bn_mul_recursive()
and bn_mul_part_recursive().  I want this to be tested by more people
before I consider this change final.  Please test away!
2000-12-04 17:11:59 +00:00
Bodo Möller
e5164b7041 Change error message to "bignum too long" 2000-12-04 09:24:54 +00:00
Bodo Möller
addb309ad6 include <limits.h> 2000-12-03 09:55:08 +00:00
Bodo Möller
152a689cf9 Don't allow BIGNUMs to become so large that computations with dmax
might overflow.
2000-12-03 09:39:04 +00:00
Richard Levitte
c21c35e6a4 Add a comment to explain the purpose of bn_cmp_part_words(). 2000-12-02 21:16:13 +00:00
Ulf Möller
b26f84cbbd last commit was wrong. Now it works. :) 2000-12-02 20:51:47 +00:00
Ulf Möller
0dba0613ea argl 2000-12-02 19:34:42 +00:00
Ulf Möller
ea1b7fe6d4 forgot to remove the loop variable 2000-12-02 16:20:04 +00:00
Ulf Möller
db88223baa Loops like this one:
if (bp == NULL)
                        for (j=0; j<10000; j++)
                                BN_add(&c,&a,&b);

seem to be pretty useless, and bp never is NULL anyway.
2000-12-02 16:13:27 +00:00
Ulf Möller
111482cf2e New function BN_bntest_rand() to detect more BN library bugs.
The bn_cmp_part_words bug was only caught in the BN_mod_mul() test,
not in the BN_mul() test, so apparently the choice of parameters in
some cases is bad.
2000-12-02 07:32:57 +00:00
Ulf Möller
52a1bab2d9 Fix bn_cmp_part_words() and move it to bn_lib.c. 2000-12-02 07:28:43 +00:00
Bodo Möller
5a12df5c40 functionality for BN_mod_sqrt timings 2000-12-01 09:41:21 +00:00
Bodo Möller
b5a25a430a "make depend" 2000-12-01 08:48:42 +00:00
Bodo Möller
12cfcc128c Fix the recently introduced test that checks if the result is 0 2000-11-30 22:58:27 +00:00
Bodo Möller
fc2e05c2d5 Fix BN_rshift, which caused lots of trouble. 2000-11-30 22:34:57 +00:00
Bodo Möller
b2993bdea1 Remove randomness from the test. These constants give me a segment
violation in test_kron on a 32 bit system.
2000-11-30 21:03:13 +00:00
Bodo Möller
470fa98f8a BN_mod_exp(r,a,p,m,ctx) should not be called with r == p.
But even if this is avoided, there are still segmentation violations
(during one of the BN_free()s at the end of test_kron
in some cases, in other cases during BN_kronecker, or
later in BN_sqrt; choosing a different exponentiation
algorithm in bntest.c appears to influence when the SIGSEGV
takes place).
2000-11-30 20:03:24 +00:00
Bodo Möller
de6e207db6 It's "#elif", not "#elsif". 2000-11-30 19:35:51 +00:00
Bodo Möller
db5bda670f Changes to Lenka's Montgomery implementation.
Submitted by: Lenka Fibikova
2000-11-30 17:35:17 +00:00
Bodo Möller
19cda70045 Corrections to the comments in BN_mod_inverse. 2000-11-30 12:53:53 +00:00
Bodo Möller
04ca16890b BN_mod_exp problems ... 2000-11-30 11:47:04 +00:00
Bodo Möller
25439b76ad Move reduction step from BN_mod_exp to BN_mod_exp_mont_word.
Fix BN_mod_exp_simple for a==0 (mod m).
Skip useless round in BN_mod_sqrt (1 is always a square, no need
to test BN_kronecker for it).
2000-11-30 09:45:26 +00:00
Bodo Möller
ac445acf69 bn_modfs.c is no longer needed, a BN_sqrt implementation
exists in bn_sqrt.c now
2000-11-30 00:43:41 +00:00
Bodo Möller
77ac92d00a Fix bntest.c problem -- one of the primes got lost 2000-11-30 00:37:49 +00:00
Bodo Möller
73c2522c7c Handle special cases correctly in exponentation functions.
test_bn still fails in the BN_sqrt test because
small primes appear to turn into zero for no
obvious reason, leading to "div by zero" errors.
2000-11-30 00:33:18 +00:00
Bodo Möller
cd2eebfd64 BN_sqrt 2000-11-30 00:18:19 +00:00
Bodo Möller
01e62900c7 BN_legendre is no longer needed now that OpenSSL has BN_kronecker. 2000-11-29 19:59:59 +00:00
Bodo Möller
eb1f1b0a34 Fix BN_kronecker so that it works correctly if 'a' is negative
(we need the two's complement of BN_lsw then).
2000-11-29 19:26:33 +00:00
Bodo Möller
14697d9d6d BN_to_montgomery expects its inputs to be in the interval 0 .. modulus-1,
so we have to reduce the random numbers used in test_mont.

Before this change, test_mont failed in [debug-]solaris-sparcv9-gcc
configurations ("Montgomery multiplication test failed!" because
the multiplication result obtained with Montgomery multiplication
differed from the result obtained by BN_mod_mul).
Substituing the old version of bn_gcd.c (BN_mod_inverse) did not avoid
the problem.

The strange thing is that it I did not observe any problems
when using debug-solaris-sparcv8-gcc and solaris-sparcv9-cc,
as well as when compiling OpenSSL 0.9.6 in the solaric-sparcv9-gcc
configuration on the same system.
2000-11-29 18:08:24 +00:00
Bodo Möller
429b8162c6 add missing braces 2000-11-29 16:43:03 +00:00
Bodo Möller
03a0848922 Fix warnings in expspeed.c (but the segmentation fault remains)
Improve readability of bn_shift.c.

Add comment in bn_lib.c (why zero data between top and max?)

Change bntest.c output for BN_kronecker test
2000-11-29 13:40:08 +00:00
Bodo Möller
9161672950 BN_bin2bn did *not* contain an off-by-one error;
I'm still investigating what caused the segementation fault
(maybe "make clean; make" will cure it ...).
But BN_bin2bn should always reset ret->neg.
2000-11-29 12:53:41 +00:00
Bodo Möller
a08bcccc67 Expand expspeed.c to make BN_kronecker timings.
This caused a segmentation fault in calls to malloc, so I cleaned up
bn_lib.c a little so that it is easier to see what is going on.
The bug turned out to be an off-by-one error in BN_bin2bn.
2000-11-29 12:32:10 +00:00
Bodo Möller
bdec3c5323 Implement BN_kronecker test.
Modify "CHANGES" entry for BN_mod_inverse (it's not just avoiding BN_div
that increases performance, avoiding BN_mul also helps)
2000-11-29 11:06:50 +00:00
Bodo Möller
b6cafbd7d8 Make BN_mod_inverse a little faster 2000-11-29 09:57:13 +00:00
Bodo Möller
499e167fda Improve BN_mod_inverse performance.
Get the BN_mod_exp_mont bugfix (for handling negative inputs) correct
this time.
2000-11-29 09:41:19 +00:00
Richard Levitte
0135e33511 Copy and paste error... bn_add_part_words() should of course call
bn_add_words(), not bn_sub_words()...
2000-11-29 09:36:48 +00:00
Bodo Möller
adcc64cd9e Use BN_pseudo_rand instead of BN_rand 2000-11-28 11:49:12 +00:00
Bodo Möller
c94b6de017 Timings. 2000-11-28 11:47:51 +00:00
Bodo Möller
d79cab27a5 Correct a bug in BN_kronecker.
Sketch the test for BN_kronecker.
2000-11-28 07:53:35 +00:00
Bodo Möller
c782089611 Add test_kron function, which will contain a test for BN_kronecker. 2000-11-28 06:41:05 +00:00
Bodo Möller
265592b99a Add bn_kron.c (BN_kronecker), which I forgot in the previous commit.
Also add the next file in advance so that I can't forget this one :-)
2000-11-28 06:37:43 +00:00
Bodo Möller
077ff61eef Undo previous commit, which was an accident. 2000-11-27 21:22:45 +00:00
Bodo Möller
dcbd0d74d5 Fix BN_is_... macros.
Fix BN_gcd.
Analyze BN_mod_inverse.
Add BN_kronecker.
"make update".
2000-11-27 21:17:20 +00:00
Bodo Möller
1ec0a3862e Change submitted files so that they compile (in particular,
use BN_CTX_start/get/end instead of accessing ctx->tos).

Change indentation to "EAY" style.
2000-11-26 19:20:56 +00:00
Bodo Möller
946cd9a540 Change submitted files so that they compile (in particular,
use BN_CTX_start/get/end instead of accessing ctx->tos).

Change indentation to "EAY" style.
2000-11-26 19:13:52 +00:00
Bodo Möller
5acaa49504 More BN_mod_... functions. 2000-11-26 18:31:32 +00:00
Bodo Möller
535b9b5724 Add bn_mod.c (should have happend in the previous commit ...).
BN_swap manual page.
2000-11-26 16:46:57 +00:00
Bodo Möller
78a0c1f18d modular arithmetics
"make update"
2000-11-26 16:42:38 +00:00
Bodo Möller
6cc5e19d47 Remove CR at line ends. 2000-11-26 12:55:19 +00:00
Bodo Möller
7e0c5264e7 Elliptic curves over GF(p), new BIGNUM functions, Montgomery re-implementation.
These new files will not be included literally in OpenSSL, but I intend
to integrate most of their contents.  Most file names will change,
and when the integration is done, the superfluous files will be deleted.

Submitted by: Lenka Fibikova <fibikova@exp-math.uni-essen.de>
2000-11-26 12:12:35 +00:00
Richard Levitte
73343ac38a Correct a number of syntax errors. 2000-11-22 18:20:31 +00:00
Richard Levitte
c4f3542abf Reimplement bn_div_words, bn_add_words and bn_sub_words for VAX.
I'm a little bit nervous about bn_div_words, as I don't know what it's
supposed to return on overflow.  For now, I trust the rest of the
system to give it numbers that will not cause any overflow...
2000-11-21 23:32:38 +00:00
Richard Levitte
c799770060 Avoid getting warnings about unary - being used on unsigned integer. 2000-11-21 23:29:55 +00:00
Richard Levitte
baa257f1ed Remove two bn_wexpand() from BN_mul(), which is a step toward getting
BN_mul() correctly constified, avoids two realloc()'s that aren't
really necessary and saves memory to boot.  This required a small
change in bn_mul_part_recursive() and the addition of variants of
bn_cmp_words(), bn_add_words() and bn_sub_words() that can take arrays
with differing sizes.

The test results show a performance that very closely matches the
original code from before my constification.  This may seem like a
very small win from a performance point of view, but if one remembers
that the variants of bn_cmp_words(), bn_add_words() and bn_sub_words()
are not at all optimized for the moment (and there's no corresponding
assembler code), and that their use may be just as non-optimal, I'm
pretty confident there are possibilities...

This code needs reviewing!
2000-11-18 22:58:26 +00:00
Richard Levitte
e06cc57118 Remove a declaration for a function that does not exist. 2000-11-18 20:52:14 +00:00
Richard Levitte
0450d28759 Make the definition of bn_add_words() match the definition. 2000-11-18 20:49:02 +00:00
Richard Levitte
227385b719 Make sure BN_DIV2W is not defining when defining it, and remove the
declarations of bn_add_part_words() and bn_sub_part_words() since they
do not exist.
2000-11-17 12:01:55 +00:00
Bodo Möller
28fd5c60de Constify bn_dump1 implementation so that it matches the prototype
in bn.h
2000-11-17 08:36:10 +00:00
Richard Levitte
cbd48ba626 More constification of the BN library. 2000-11-16 22:43:32 +00:00
Richard Levitte
67d93e6f49 Make sure to print the BN counting (BN_COUNT) to stderr instead of
stdout.  bc gets so confused by bean counts.
2000-11-16 22:42:39 +00:00
Richard Levitte
afb83c45e6 Oops, when I clean, I should do it thoroughly. 2000-11-16 22:41:26 +00:00
Richard Levitte
43fcc1b096 I've checked again and again. There really is no need to expand a to
4 times it's size when bn_sqr_recursive() won't look farther than the
original length.  Thereby, constification is no longer a problem.
2000-11-16 21:35:41 +00:00
Ben Laurie
757e392d4e Make Rijndael work! Those long flights have some good points. 2000-11-12 02:13:38 +00:00
Bodo Möller
e1a8ac495b tmp2 is not used in BN_mod_mul_montgomery. 2000-11-09 16:39:01 +00:00
Bodo Möller
7f7b8d6871 BN_CTX-related fixes. 2000-11-08 10:05:34 +00:00
Bodo Möller
e0bf5c11ea Handle BN_copy failure after successful BN_new. 2000-11-07 09:39:51 +00:00
Bodo Möller
58f0f52e67 handle the case when BN_new returns NULL 2000-11-07 09:35:19 +00:00
Richard Levitte
020fc820dc Constify the BIGNUM routines a bit more. The only trouble were the
two functions that did expansion on in parameters (BN_mul() and
BN_sqr()).  The problem was solved by making bn_dup_expand() which is
a mix of bn_expand2() and BN_dup().
2000-11-06 21:15:54 +00:00