wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3580 commits 20 branches 302 tags 153 MiB
Commit graph

241 commits

Author SHA1 Message Date
Richard Levitte
3a1dbce19d Merge in the IRIX fix from the main development line. 2001-03-27 23:48:35 +00:00
Ulf Möller
42b848bcf1 that was useless - still fails with GCC 2001-03-13 07:12:02 +00:00
Ulf Möller
a1c769a5f6 Alpha workaround. This is a lot slower! 2001-03-13 06:31:36 +00:00
Ulf Möller
98486a9310 improved bignum test as in 0.9.7. 
We need this to find out if the bignum failures on Irix and Alpha are
caused by new 0.9.7 code or just aren't triggered in the 0.9.6 test suite.
 2001-02-27 23:00:42 +00:00
Bodo Möller
6d82a20624 Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1. 
Mention BN_[pseudo_]rand with top=-1 in CHANGES.
 2001-02-20 08:22:25 +00:00
Ulf Möller
faa624f9f9 BN_rand_range() needs a BN_rand() variant that doesn't set the MSB. 2001-02-20 00:17:46 +00:00
Bodo Möller
418a0d151e Simplify BN_rand_range 2001-02-10 00:34:20 +00:00
Bodo Möller
31a74acfd3 Another comment change. (Previous comment does not apply 
for range = 11000000... or range = 100000...)
 2001-02-08 12:33:55 +00:00
Bodo Möller
d82242169b Change comments. (The expected number of iterations in BN_rand_range 
never exceeds 1.333...).
 2001-02-08 12:27:00 +00:00
Bodo Möller
a0707e6170 oops -- remove observation code 2001-02-08 12:25:03 +00:00
Bodo Möller
07fc72fea1 Integrate my implementation of a countermeasure against 
Bleichenbacher's DSA attack.  With this implementation, the expected
number of iterations never exceeds 2.

New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
     min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
     min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
 2001-02-08 12:20:25 +00:00
Ulf Möller
38b3a46ffa DSA fix from main branch. 2001-02-07 22:35:11 +00:00
Ulf Möller
0a0a261d64 Irix fix as in main branch 2001-01-23 16:29:06 +00:00
Bodo Möller
2e72fde15f As in the main branch, there's no longer a need to guess the bc 
version at compile time.
 2001-01-18 12:41:25 +00:00
Bodo Möller
79370621ea Change error message to "bignum too long" 2000-12-04 09:32:26 +00:00
Bodo Möller
4c4f1ee4de include <limits.h> 2000-12-03 09:55:01 +00:00
Bodo Möller
fe772376ec Don't allow BIGNUMs to become so large that computations with dmax 
might overflow.
 2000-12-03 09:37:15 +00:00
Bodo Möller
d2c38b1c73 Fix BN_rshift. 2000-11-30 22:35:52 +00:00
Bodo Möller
ddf72ed59f SSL_CTX-related fixes. 2000-11-08 10:09:10 +00:00
Richard Levitte
43cbb1e3dd Fix from main trunk, 2000-09-27 15:54 levitte: 
A compiler warning removed.  Thanks to the folks at HP!
 2000-10-11 09:46:34 +00:00
Richard Levitte
eb3633164e Fix from main trunk, 2000-09-25 10:52 levitte: 
'ranlib' doesn't always run on some systems.  That's actually
acceptable, since all that happens if it fails is a library with an
index, which makes linking slower, but still working correctly.
 2000-10-11 02:04:16 +00:00
Bodo Möller
fe03519704 Totally remove the supposedly 'faster' variant in 
BN_mod_mul_montgomery, which calls bn_sqr_recursive
without much preparation.

bn_sqr_recursive requires the length of its argument to be
a power of 2, which is not always the case here.
There's no reason for not using BN_sqr -- if a simpler
approach to squaring made sense, then why not change
BN_sqr?  (Using BN_sqr should also speed up DH where g is chosen
such that it becomes small [e.g., 2] when converted
to Montgomery representation.)

Case closed :-)
 2000-09-19 23:25:00 +00:00
Bodo Möller
a45bd29535 Document BN_mod_mul_montgomery bug; 
make disabled code slightly more correct (this does not solve
the problem though).
 2000-09-19 18:02:15 +00:00
Bodo Möller
f4364e0730 Disable buggy code variant in BN_mod_mul_montgomery that was enabled 
in 0.9.6-beta1 and 0.9.6-beta2 and caused the BN_mont_exp_mont_word()
failure (bug report "openssh 2.2.0p1 fails with openssl 0.9.6-beta1").
 2000-09-19 17:21:52 +00:00
Richard Levitte
d0c2ebf414 A patch from HP for better performance. 
Submitted by Kevin Steves <ks@hp.se> 3 months ago...
 2000-09-17 20:04:42 +00:00
Ulf Möller
1d84fd64fc Bug fix: Montgomery multiplication could produce results with the wrong 
sign.
 2000-09-14 18:37:53 +00:00
Richard Levitte
62ab514e98 'make update' 2000-09-07 08:46:51 +00:00
Bodo Möller
bbb8de0966 Avoid abort() throughout the library, except when preprocessor 
symbols for debugging are defined.
 2000-09-04 15:34:43 +00:00
Bodo Möller
5e38616380 Fix for BN_mul_word(a, 0). 2000-09-04 15:30:14 +00:00
Ben Laurie
c9b51693dc max -> dmax in bn_check_top. 2000-08-22 21:23:09 +00:00
Dr. Stephen Henson
2d978cbd30 Changes needed for Tandem NSK, supplied by Scott Uroff (scott@xypro.com). 
Fix warnings with BIO_dump_indent().
 2000-08-04 00:01:39 +00:00
Richard Levitte
8083e1bd9e There's a slight possibility that a is 0 in BN_sub_word(), and might 
therefore have unallocated parts.  Therefore, a check for the 0 case
is needed, resulting with the same thing as when a is negative.
 2000-07-27 21:32:23 +00:00
Richard Levitte
8b4e27e26e In the case where a < 0 and |a| < w, the result (assigned to a) from 
BN_add_word becomes wrongly negative...
This was discovered by Darrel Hankerson <dhankers@cacr.math.uwaterloo.ca>
 2000-07-27 21:17:14 +00:00
Richard Levitte
47ff5de8c2 Darrel Hankerson <dhankers@cacr.math.uwaterloo.ca> correctly discovered 
that of the result pointer to bn_mul was the same as one of the two arguments,
That argument might have it's sign destroyed.  He provided this fix.
 2000-07-26 01:14:16 +00:00
Bodo Möller
904cb691f3 Return bignum '0' when BN_rand is asked for a 0 bit random number. 2000-07-02 19:42:19 +00:00
Ben Laurie
69b5d3c51f Don't let top go below zero! 2000-07-01 16:30:27 +00:00
Bodo Möller
fc57ebc057 Actually comment out the parts of BN_MOD_MUL_WORD that I inteded to 
comment out in the previous commit
 2000-06-23 08:10:28 +00:00
Bodo Möller
e958c5afe7 In BN_mod_exp_mont_word, avoid one application of BN_MOD_MUL_WORD, 
and for small 'a' also a couple of calls to
BN_mod_mul_montgomery(r, r, r, ...).
 2000-06-23 05:51:37 +00:00
Ulf Möller
8415060e1e use faster version 2000-06-21 21:20:46 +00:00
Bodo Möller
24bec03beb This probably fixes a BN_rshift bug. 2000-06-13 15:07:39 +00:00
Bodo Möller
c3b1424cc0 Use BN_CTX_end when exiting early from BN_mod_exp_mont_word because 
BN_mod_exp_atalla could be used.
 2000-06-13 13:50:42 +00:00
Geoff Thorpe
8ba6d1b0cc The atalla functionality doesn't work with the "word" version of 
BN_mod_exp. Call the regular atalla mod_exp operation instead.
 2000-06-13 13:18:51 +00:00
Geoff Thorpe
1c4f90a05d Enable DSO support on alpha (OSF1), cc and gcc. 
Also, "make update" has added some missing functions to libeay.num,
updated the TABLE for the alpha changes, and updated thousands of
dependancies that have changed from recent commits.
 2000-06-13 12:59:38 +00:00
Bodo Möller
814ed26cfa Comment for increased code clarity. 2000-06-09 09:11:30 +00:00
Bodo Möller
dc434bbcb0 Slightly faster DSA verification (BN_mod_exp2_mont), 
marginally faster BN_mod_exp for 1024 bit exponents.
 2000-06-08 20:26:03 +00:00
Bodo Möller
f8989a2155 Use the equivalent of a sliding window (without precomputation 
because we're only handling words anyway) in BN_mod_exp_mont_word
making it a little faster for very small exponents,
and adjust the performance gain estimate in CHANGES according
to slightly more thorough measurements.
(15% faster than BN_mod_exp_mont for "large" base,
20% faster than BN_mod_exp_mont for small base.)
 2000-06-08 09:39:28 +00:00
Bodo Möller
6dad7bd69c Speed up DH with small generator. 2000-06-07 21:29:25 +00:00
Richard Levitte
26a3a48d65 There have been a number of complaints from a number of sources that names 
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.
 2000-06-01 22:19:21 +00:00
Ulf Möller
de42b6a7a8 Use NO_FP_API. 2000-06-01 20:25:44 +00:00
Ulf Möller
623bb80b77 In some of the Makefiles CPP was not defined. 2000-03-20 18:16:52 +00:00