Commit graph

84 commits

Author SHA1 Message Date
KaoruToda
26a7d938c9 Remove parentheses of return.
Since return is inconsistent, I removed unnecessary parentheses and
unified them.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4541)
2017-10-18 16:05:06 +01:00
KaoruToda
208fb891e3 Since return is inconsistent, I removed unnecessary parentheses and
unified them.
- return (0); -> return 0;
- return (1); -> return 1;
- return (-1); -> return -1;

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4500)
2017-10-09 13:17:09 +01:00
Samuel Weiser
9f9442918a BN_copy now propagates BN_FLG_CONSTTIME
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4377)
2017-09-27 10:03:37 +01:00
Samuel Weiser
3de81a5912 Fixed error in propagating BN_FLG_CONSTTIME flag through BN_MONT_CTX_set, which could lead to information disclosure on RSA primes p and q.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4377)
2017-09-27 10:03:31 +01:00
Paul Yang
edea42c602 Change to check last return value of BN_CTX_get
To make it consistent in the code base

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3749)
2017-06-26 15:40:16 +02:00
Rich Salz
4f22f40507 Copyright consolidation 06/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:51:04 -04:00
Alessandro Ghedini
d188a53617 Convert CRYPTO_LOCK_{DH,DSA,RSA} to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:07:32 -05:00
Rich Salz
349807608f Remove /* foo.c */ comments
This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-26 16:40:43 -05:00
Rich Salz
d59c7c81e3 Remove BN_init
Rename it to be an internal function bn_init.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-30 16:10:12 -05:00
Matt Caswell
90945fa31a Continue standardising malloc style for libcrypto
Continuing from previous commit ensure our style is consistent for malloc
return checks.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-11-09 22:48:41 +00:00
Matt Caswell
6a009812b2 Check for 0 modulus in BN_MONT_CTX_set
The function BN_MONT_CTX_set was assuming that the modulus was non-zero
and therefore that |mod->top| > 0. In an error situation that may not be
the case and could cause a seg fault.

This is a follow on from CVE-2015-1794.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-11 19:57:01 +01:00
Loganaden Velvindron
1a586b3942 Clear BN-mont values when free'ing it.
From a CloudFlare patch.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-07-31 13:38:15 -04:00
Rich Salz
9f040d6dec Some cleanups for crypto/bn
Create bn_free_d utility routine and use it.
Fix RT3950
Also a missing cleanse, from Loganaden Velvindron (loganaden@gmail.com),
who noticed it in a Cloudflare patch.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-07-22 14:43:05 -04:00
Richard Levitte
b39fc56061 Identify and move common internal libcrypto header files
There are header files in crypto/ that are used by a number of crypto/
submodules.  Move those to crypto/include/internal and adapt the
affected source code and Makefiles.

The header files that got moved are:

crypto/cryptolib.h
crypto/md32_common.h

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-14 17:21:40 +02:00
Rich Salz
16f8d4ebf0 memset, memcpy, sizeof consistency fixes
Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr)
for memset and memcpy.  Remove needless casts for those functions.
For memset, replace alternative forms of zero with 0.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-05 22:18:59 -04:00
Rich Salz
b4faea50c3 Use safer sizeof variant in malloc
For a local variable:
        TYPE *p;
Allocations like this are "risky":
        p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption.  Instead do this:
        p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-04 15:00:13 -04:00
Rich Salz
b196e7d936 remove malloc casts
Following ANSI C rules, remove the casts from calls to
OPENSSL_malloc and OPENSSL_realloc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-28 15:28:14 -04:00
Rich Salz
fe6d2a339b Use memset in bn_mont
Use memset() not inline code.  Compilers are smarter now.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-05 15:07:40 -05:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Rich Salz
fcf64ba0ac RT3548: Remove some unsupported platforms.
This commit removes NCR, Tandem, Cray.
Regenerates TABLE.
Removes another missing BEOS fluff.
The last platform remaining on this ticket is WIN16.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-12 10:40:00 -05:00
Dr. Stephen Henson
73e45b2dd1 remove OPENSSL_FIPSAPI
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Doug Goldstein
448155e9bb RT2163: Remove some unneeded #include's
Several files #include stdio.h and don't need it.
Also, per tjh, remove BN_COUNT

Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-08-18 12:50:00 -04:00
Geoff Thorpe
12e9f627f9 bignum: allow concurrent BN_MONT_CTX_set_locked()
The lazy-initialisation of BN_MONT_CTX was serialising all threads, as
noted by Daniel Sands and co at Sandia. This was to handle the case that
2 or more threads race to lazy-init the same context, but stunted all
scalability in the case where 2 or more threads are doing unrelated
things! We favour the latter case by punishing the former. The init work
gets done by each thread that finds the context to be uninitialised, and
we then lock the "set" logic after that work is done - the winning
thread's work gets used, the losing threads throw away what they've done.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-05-06 17:43:35 -04:00
Andy Polyakov
78f288d5c9 bn_mont.c: get corner cases right in updated BN_from_montgomery_word. 2011-10-17 23:35:00 +00:00
Andy Polyakov
2534891874 bn_mont.c: simplify BN_from_montgomery_word. 2011-10-17 17:24:28 +00:00
Richard Levitte
537c982306 After some adjustments, apply the changes OpenSSL 1.0.0d on OpenVMS
submitted by Steven M. Schweda <sms@antinode.info>
2011-03-19 10:58:14 +00:00
Dr. Stephen Henson
7edfe67456 Move all FIPSAPI renames into fips.h header file, include early in
crypto.h if needed.

Modify source tree to handle change.
2011-01-27 19:10:56 +00:00
Dr. Stephen Henson
aa87945f47 Update source files to handle new FIPS_lock() location. Add FIPS_lock()
definition. Remove stale function references from fips.h
2011-01-27 15:57:31 +00:00
Dr. Stephen Henson
7c8ced94c3 Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer
to EVP any more.

Move locking #define into fips.h.

Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
a27de7b7fd use FIPSEVP in some bn and rsa files 2011-01-27 14:24:42 +00:00
Bodo Möller
fabe640f5e Clarifying comment. 2008-05-02 18:47:48 +00:00
Bodo Möller
d05a474556 Montgomery-related minor cleanups/documentation 2008-05-01 18:48:20 +00:00
Bodo Möller
7c9882eb24 fix BIGNUM flag handling 2008-02-27 06:01:28 +00:00
Bodo Möller
08b229e13f Make sure that BN_from_montgomery keeps the BIGNUMS in proper format 2007-09-18 16:35:28 +00:00
Andy Polyakov
673c55a2fe Latest bn_mont.c modification broke ECDSA test. I've got math wrong, which
is fixed now.
2007-06-29 13:10:19 +00:00
Andy Polyakov
c693b5a55c Commentary updates and minor optimization for bn_mont.c. 2007-06-11 08:53:52 +00:00
Andy Polyakov
6b6443dead Eliminate conditional final subtraction in Montgomery multiplication. 2007-06-10 19:34:38 +00:00
Bodo Möller
4584eccea0 another thread-safety fix 2006-06-16 01:00:47 +00:00
Bodo Möller
675f605d44 Thread-safety fixes 2006-06-14 08:55:23 +00:00
Dr. Stephen Henson
d6a03a23a8 Update from stable branch. 2005-11-11 13:00:07 +00:00
Andy Polyakov
c2012f9b82 Eliminate gcc warning in bn_mont.c. 2005-10-22 20:17:01 +00:00
Andy Polyakov
4d524040bc Change bn_mul_mont declaration and BN_MONT_CTX. Update CHANGES. 2005-10-22 17:57:18 +00:00
Andy Polyakov
9b4eab501a Refine logic in bn_mont.c and eliminate redundant BN_CTX pulls. 2005-10-06 13:12:28 +00:00
Andy Polyakov
ca04d7a208 Leave the decision to call/implement bn_sqr_mont to assembler developer. 2005-10-06 09:12:39 +00:00
Andy Polyakov
e738280547 Add reference implementation for bn_[mul|sqr]_mont, new candidates for
assembler implementation.
2005-10-04 06:19:29 +00:00
Nils Larsch
17a2994dbd set correct bn->top value 2005-07-21 22:40:39 +00:00
Dr. Stephen Henson
6ec8e63af6 Port BN_MONT_CTX_set_locked() from stable branch.
The function rsa_eay_mont_helper() has been removed because it is no longer
needed after this change.
2005-04-26 23:58:54 +00:00
Dr. Stephen Henson
a0e7c8eede Add lots of checks for memory allocation failure, error codes to indicate
failure and freeing up memory if a failure occurs.

PR:620
2004-12-05 01:03:15 +00:00
Geoff Thorpe
c86f2054f3 Adjust various bignum functions to use BN_CTX for variables instead of
locally initialising their own.

NB: I've removed the "BN_clear_free()" loops for the exit-paths in some of
these functions, and that may be a major part of the performance
improvements we're seeing. The "free" part can be removed because we're
using BN_CTX. The "clear" part OTOH can be removed because BN_CTX
destruction automatically performs this task, so performing it inside
functions that may be called repeatedly is wasteful. This is currently safe
within openssl due to the fact that BN_CTX objects are never created for
longer than a single high-level operation. However, that is only because
there's currently no mechanism in openssl for thread-local storage. Beyond
that, this might be an issue for applications using the bignum API directly
and caching their own BN_CTX objects. The solution is to introduce a flag
to BN_CTX_start() that allows its variables to be automatically sanitised
on release during BN_CTX_end(). This way any higher-level function (and
perhaps the application) can specify this flag in its own
BN_CTX_start()/BN_CTX_end() pair, and this will cause inner-loop functions
specifying the flag to be ignored so that sanitisation is handled only once
back out at the higher level. I will be implementing this in the near
future.
2004-03-25 04:32:24 +00:00
Geoff Thorpe
b6358c89a1 Convert openssl code not to assume the deprecated form of BN_zero().
Remove certain redundant BN_zero() initialisations, because BN_CTX_get(),
BN_init(), [etc] already initialise to zero.

Correct error checking in bn_sqr.c, and be less wishy-wash about how/why
the result's 'top' value is set (note also, 'max' is always > 0 at this
point).
2004-03-13 23:57:20 +00:00