Commit graph

810 commits

Author SHA1 Message Date
Andy Polyakov
676517e08e crypto/rc5/Makefile was erroneously omitted from last perlasm unification.
Also remove obsolete and now misleading comments.
2008-01-15 11:27:06 +00:00
Andy Polyakov
addd641f3a Unify ppc assembler make rules. 2008-01-13 22:01:30 +00:00
Andy Polyakov
fa8e921f66 Unify x86 perlasm make rules. 2008-01-11 13:15:11 +00:00
Dr. Stephen Henson
4d1f3f7a6c Update perl asm scripts include paths for perlasm. 2008-01-05 22:28:38 +00:00
Andy Polyakov
c8ec4a1b0b Final (for this commit series) optimized version and with commentary section. 2007-12-29 20:30:09 +00:00
Andy Polyakov
699e1a3a82 This is also informational commit exposing loop modulo scheduling "factor." 2007-12-29 20:28:01 +00:00
Andy Polyakov
64214a2183 New Montgomery multiplication module, ppc64-mont.pl. Reference, non-optimized
implementation. This is essentially informational commit.
2007-12-29 20:26:46 +00:00
Andy Polyakov
ca64056836 Engage x86 assembler in Mac OS X build. 2007-12-18 17:33:49 +00:00
Andy Polyakov
70ba4ee5d5 Commit #16325 fixed one thing but broke DH with certain moduli. 2007-11-03 20:09:04 +00:00
Andy Polyakov
0023adb47a Switch to bn-s390x (it's faster on keys longer than 512 bits) and mention
s390x assembler pack in CHANAGES.
2007-10-01 07:38:32 +00:00
Andy Polyakov
7722e53f12 Yet another ARM update. It appears to be more appropriate to make
developers responsible for -march choice.
2007-09-27 16:27:03 +00:00
Andy Polyakov
75a8e30f4f Minimize stack utilization in probable_prime. 2007-09-18 20:52:05 +00:00
Bodo Möller
08b229e13f Make sure that BN_from_montgomery keeps the BIGNUMS in proper format 2007-09-18 16:35:28 +00:00
Dr. Stephen Henson
710069c19e Fix warnings. 2007-08-12 17:44:32 +00:00
Andy Polyakov
35295bdbee bn_mul_recursive doesn't handle all cases correctly, which results in
BN_mul failures at certain key-length mixes.
PR: 1427
2007-07-08 18:53:03 +00:00
Andy Polyakov
62aa5dd415 Fix build problem on Tru64. 2007-06-29 13:11:45 +00:00
Andy Polyakov
673c55a2fe Latest bn_mont.c modification broke ECDSA test. I've got math wrong, which
is fixed now.
2007-06-29 13:10:19 +00:00
Andy Polyakov
5b89f78a89 Typo in x86_64-mont.pl.
PR: 1549
2007-06-21 11:38:52 +00:00
Andy Polyakov
1c7f8707fd bn_asm for s390x. 2007-06-20 14:10:16 +00:00
Andy Polyakov
2329694222 SPARC Solaris and Linux assemblers treat .align directive differently.
PR: 1547
2007-06-20 12:24:22 +00:00
Dr. Stephen Henson
9677bf0f30 Update .cvsignore 2007-06-18 12:40:24 +00:00
Andy Polyakov
7d9cf7c0bb Eliminate conditional final subtraction in Montgomery assembler modules. 2007-06-17 17:10:03 +00:00
Andy Polyakov
55525742f4 Privatize BN_*_no_branch. 2007-06-11 16:33:03 +00:00
Andy Polyakov
c693b5a55c Commentary updates and minor optimization for bn_mont.c. 2007-06-11 08:53:52 +00:00
Andy Polyakov
6b6443dead Eliminate conditional final subtraction in Montgomery multiplication. 2007-06-10 19:34:38 +00:00
Andy Polyakov
b900df5258 Engage s390x assembler modules. 2007-04-30 09:22:27 +00:00
Andy Polyakov
a2a54ffc5f s390x assembler pack. 2007-04-30 08:42:54 +00:00
Bodo Möller
24a8c25ab5 fix error codes 2007-04-19 15:14:21 +00:00
Bodo Möller
d1e7d1d96c don't violate the bn_check_top assertion in BN_mod_inverse_no_branch() 2007-04-19 14:45:57 +00:00
Bodo Möller
b002265ee3 make BN_FLG_CONSTTIME semantics more fool-proof 2007-03-28 18:41:23 +00:00
Bodo Möller
bd31fb2145 Change to mitigate branch prediction attacks
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2007-03-28 00:15:28 +00:00
Andy Polyakov
8b71d35458 nasm fixes. 2007-03-20 08:55:58 +00:00
Andy Polyakov
760e353528 sparcv9a-mont was modified to handle 32-bit aligned input, but check
for 64-bit alignment was not removed.
2007-03-20 08:54:51 +00:00
Dr. Stephen Henson
af32f9fdda Update from fips2 branch. 2007-02-03 17:32:49 +00:00
Dr. Stephen Henson
560b79cbff Constify version strings and some structures. 2007-01-21 13:07:17 +00:00
Andy Polyakov
64aecc6720 Make armv4t-mont module backward binary compatible with armv4 and rename it
accordingly.
2007-01-17 20:12:41 +00:00
Andy Polyakov
43b8fe1cd0 Montgomery multiplication for ARMv4. 2007-01-11 21:43:25 +00:00
Andy Polyakov
8876e58f34 Montgomery multiplication for MIPS III/IV. Not engaged. 2006-12-29 11:09:33 +00:00
Andy Polyakov
7321a84d4c Minor clean-up in crypto/bn/asm. 2006-12-29 11:05:20 +00:00
Andy Polyakov
4cfe3df1f5 Minor performance improvements to x86-mont.pl. 2006-12-28 12:43:16 +00:00
Andy Polyakov
8f2d60ec26 Fix for "strange errors" exposed by ccgost engine. The fix is
two extra insructions in sqradd loop at line #503.
2006-12-27 10:59:51 +00:00
Andy Polyakov
1702c8c4bf x86-mont.pl sse2 tune-up and integer-only squaring procedure. 2006-12-22 15:28:07 +00:00
Andy Polyakov
87d3af6475 Eliminate 64-bit alignment limitation in sparcv9a-mont. 2006-12-08 15:18:41 +00:00
Andy Polyakov
98939a05b6 alpha-mont.pl: gcc portability fix and make-rule. 2006-12-08 14:18:58 +00:00
Andy Polyakov
d28134b8f3 Minor, +10%, tune-up for x86_64-mont.pl. 2006-12-08 10:13:51 +00:00
Andy Polyakov
8583eba015 Montgomery multiplication routine for Alpha. 2006-12-08 10:12:56 +00:00
Andy Polyakov
73b979e601 Clarify HAL SPARC64 support situation in sparcv9a-mont.pl. 2006-11-28 11:07:36 +00:00
Andy Polyakov
ebae8092cb Minor optimizations based on intruction level profiler feedback. 2006-11-28 10:34:51 +00:00
Andy Polyakov
2e21922eb6 Modulo-schedule loops in sparcv9a-mont.pl. Overall improvement factor
over 0.9.8 is up to 3x on USI&II cores and up to 80% - on USIII&IV.
2006-11-28 07:24:26 +00:00
Andy Polyakov
1c3d2b94be This is "informational" commit. Its mere purpose is to expose "modulo
factor" in inner loops.
2006-11-28 07:20:36 +00:00
Andy Polyakov
48d2335d73 Non-SSE2 path to bn_mul_mont. But it's disabled, because it currently
doesn't give performance improvement.
2006-11-27 14:59:35 +00:00
Dr. Stephen Henson
47a9d527ab Update from 0.9.8 stable. Eliminate duplicate error codes. 2006-11-21 21:29:44 +00:00
Andy Polyakov
31439046e0 bn/asm/ppc.pl to use ppc-xlate.pl. 2006-10-17 14:37:07 +00:00
Andy Polyakov
cecfdbf72d VIA-specific Montgomery multiplication routine. 2006-10-17 07:04:48 +00:00
Bodo Möller
a53cdc5b08 Ensure that the addition mods[i]+delta cannot overflow in probable_prime().
[Problem pointed out by Adam Young <adamy (at) acm.org>]
2006-09-18 14:00:49 +00:00
Andy Polyakov
8ea975d070 +20% tune-up for Power5. 2006-08-09 15:40:30 +00:00
Andy Polyakov
c8a0d0aaf9 Engage assembler in solaris64-x86_64-cc. 2006-07-31 22:28:40 +00:00
Dr. Stephen Henson
f0fa285f75 Update .cvsignore again. 2006-07-17 16:42:06 +00:00
Andy Polyakov
1a4e245f3e Unsigned vs signed comparison warning. 2006-07-04 20:29:14 +00:00
Bodo Möller
48fc582f66 New functions CRYPTO_set_idptr_callback(),
CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type
thread ID, since the 'unsigned long' type of the existing thread ID
does not always work well.
2006-06-23 15:21:36 +00:00
Bodo Möller
c4e7870ac1 Change array representation of binary polynomials to make GF2m part of
the BN library more generally useful.

Submitted by: Douglas Stebila
2006-06-18 22:00:57 +00:00
Bodo Möller
4584eccea0 another thread-safety fix 2006-06-16 01:00:47 +00:00
Bodo Möller
675f605d44 Thread-safety fixes 2006-06-14 08:55:23 +00:00
Andy Polyakov
67d990904e Futher minor PPC assembler update. 2006-05-04 21:30:41 +00:00
Andy Polyakov
c09a0318b7 Minor PPC assembler updates. 2006-05-03 14:07:34 +00:00
Andy Polyakov
2c5d4daac5 Yet another "teaser" Montgomery multiplication module, for PowerPC. 2006-04-30 21:15:29 +00:00
Dr. Stephen Henson
54d853ebc3 Add support for setting keybits and public exponent value for pkey RSA keygen. 2006-04-11 17:28:37 +00:00
Nils Larsch
b4e88ccb28 ensure the pointer is valid before using it 2006-03-18 14:27:41 +00:00
Ulf Möller
3b408d83fe make update 2006-02-12 23:21:56 +00:00
Dr. Stephen Henson
15ac971681 Update filenames in makefiles. 2006-02-04 01:45:59 +00:00
Nils Larsch
8c5a2bd6bb add additional checks + cleanup
Submitted by: David Hartman <david_hartman@symantec.com>
2006-01-29 23:12:22 +00:00
Nils Larsch
3798cb8182 fix comment
PR: 1270
2006-01-13 23:50:26 +00:00
Nils Larsch
2c5fadbce3 2 is a prime
PR: 1266
2006-01-13 23:27:59 +00:00
Andy Polyakov
7a5dbeb782 Minor sparcv9 clean-ups. 2005-12-27 21:27:39 +00:00
Andy Polyakov
3b4a0225e2 As SPARCV9 CPU flavor is [expected to be] detected at run-time, we can
afford to relax SPARCV9/8+ compiler command line and produce "unversal"
binaries as we used to.
2005-12-19 09:10:06 +00:00
Andy Polyakov
a00e414faf Unify sparcv9 assembler naming and build rules among 32- and 64-bit builds.
Engage run-time switch between bn_mul_mont_fpu and bn_mul_mont_int.
2005-12-16 17:39:57 +00:00
Andy Polyakov
f5826b8014 We all make typos:-) Fix just introduced ones in bn.h 2005-12-16 10:43:33 +00:00
Andy Polyakov
4a47f55639 Eliminate warning induced by http://cvs.openssl.org/chngview?cn=14690 and
keep disclaiming narrower than 32-bit support.
2005-12-16 10:37:24 +00:00
Andy Polyakov
68ea60683a Add IALU-only bn_mul_mont for SPARCv9. See commentary section for details. 2005-12-15 22:43:33 +00:00
Andy Polyakov
6df8c74d5b Switch 64-bit sparcv9 platforms from bn(64,64) to bn(64,32). This doesn't
have impact on performance, because amount of multiplications does not
increase with this switch, not on sparcv9 that is. On the contrary, it
actually improves performance, because it spares a load of instructions
used to chase carries. Not to mention that BN assembler modules can be
shared more freely between 32- and 64-bit builts.
2005-12-15 22:40:58 +00:00
Andy Polyakov
877e8e970c Allow for bn(64,32) on LP64 platforms. 2005-12-15 22:31:16 +00:00
Andy Polyakov
07645deeb8 Apply "better safe than sorry" approach after addressing sporadic SEGV in
bn_sub_words to the rest of the sparcv8plus.S.
2005-11-15 08:02:10 +00:00
Andy Polyakov
c52c82ffc1 Attempt to resolve sporadic SEGV crashes in bn_sub_words in OpenSSH. I'm
baffled why it crashes and does it sporadically...
2005-11-11 20:07:07 +00:00
Dr. Stephen Henson
d6a03a23a8 Update from stable branch. 2005-11-11 13:00:07 +00:00
Andy Polyakov
bd2abcae37 Move declaration for optional bn_mul_mont to bn_lcl.h in order to hide
it from mkdef.pl.
2005-11-06 22:10:38 +00:00
Andy Polyakov
a4d729f31d Clarify binary compatibility with HAL/Fujitsu SPARC64 family. 2005-10-25 15:39:47 +00:00
Andy Polyakov
8c0ceb17a2 bn_asm.c update. 2005-10-22 20:20:06 +00:00
Andy Polyakov
c2012f9b82 Eliminate gcc warning in bn_mont.c. 2005-10-22 20:17:01 +00:00
Andy Polyakov
aa2be094ae Add support for 32-bit ABI to sparcv9a-mont.pl module. 2005-10-22 18:16:09 +00:00
Andy Polyakov
4d524040bc Change bn_mul_mont declaration and BN_MONT_CTX. Update CHANGES. 2005-10-22 17:57:18 +00:00
Andy Polyakov
bcb43bb358 Yet another "teaser" Montgomery multiply module, for UltraSPARC. It's not
integrated yet, but it's tested and benchmarked [see commentary section
for further details].
2005-10-19 07:12:06 +00:00
Andy Polyakov
34736de4c0 Flip saved argument block and tp [required for non-SSE2 path]. 2005-10-14 16:05:21 +00:00
Andy Polyakov
5f50d597f2 Make sure x86-mont.pl returns zero even if compiled with no-sse2. 2005-10-14 15:24:06 +00:00
Andy Polyakov
df94f187b9 Fix bug in SMALL_FOOTPRINT path and clarify comment. 2005-10-14 15:22:27 +00:00
Andy Polyakov
35593b33f4 Add timestamp to x86-mont.pl. 2005-10-09 10:26:56 +00:00
Andy Polyakov
54f3d200d3 Throw in bn/asm/x86-mont.pl Montgomery multiplication "teaser". 2005-10-09 09:53:58 +00:00
Andy Polyakov
7a2f4cbfe8 x86_64-mont.pl readability improvement. 2005-10-07 15:18:16 +00:00
Andy Polyakov
5ac7bde7c9 Throw in Montgomery multiplication assembler for x86_64. 2005-10-07 14:18:06 +00:00
Andy Polyakov
9b4eab501a Refine logic in bn_mont.c and eliminate redundant BN_CTX pulls. 2005-10-06 13:12:28 +00:00
Andy Polyakov
ca04d7a208 Leave the decision to call/implement bn_sqr_mont to assembler developer. 2005-10-06 09:12:39 +00:00
Dr. Stephen Henson
40a3c12305 Initialize bignum constants using BN_bin2bn() instead of BN_hex2bn(). This
saves a bit of space and avoids a compiler warning about string length.
2005-10-05 17:51:43 +00:00
Andy Polyakov
22cd982566 Fix typo in exptest.c. 2005-10-04 06:23:15 +00:00
Andy Polyakov
682b112abc Reserve for SMALL_FOOTPRINT bn_asm.c. Currently OPENSSL_SMALL_FOOTPRINT
is defined on Windows CE targets.
2005-10-04 06:22:11 +00:00
Andy Polyakov
e738280547 Add reference implementation for bn_[mul|sqr]_mont, new candidates for
assembler implementation.
2005-10-04 06:19:29 +00:00
Andy Polyakov
6f9afa68cd IA-32 BN tune-up. Performance imrpovement varies with platform and
keylength, this time larger improvement for shorter keys, and reaches
15%. Both SSE2 and IALU code pathes are improved.
2005-09-20 12:26:54 +00:00
Nils Larsch
8215e7a938 fix warnings when building openssl with the following compiler options:
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
        -Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
        -Wstrict-prototypes -Wreturn-type -Wpointer-arith  -W -Wunused
        -Wno-unused-parameter -Wuninitialized
2005-08-28 22:49:57 +00:00
Bodo Möller
7534d131d6 avoid potential spurious BN_free()
Submitted by: David Heine <dlheine@suif.Stanford.EDU>
2005-08-23 04:14:40 +00:00
Nils Larsch
725111f7cb add missing file 2005-08-21 23:02:05 +00:00
Ben Laurie
bf3d6c0c9b Make D-H safer, include well-known primes. 2005-08-21 16:00:17 +00:00
Andy Polyakov
7cfe2a5e65 Fix Intel assembler warnings. 2005-08-10 08:28:36 +00:00
Andy Polyakov
11de71b04c 3-4 times better RSA/DSA performance on WIN64A target. Well, on AMD64 CPU,
EMT64T will hardly exhibit better performance...
2005-08-04 17:35:42 +00:00
Nils Larsch
0260405c68 fix BN_mod_word and give a more reasonable return value if an error occurred 2005-07-25 22:57:54 +00:00
Nils Larsch
17a2994dbd set correct bn->top value 2005-07-21 22:40:39 +00:00
Andy Polyakov
ef428d5681 Fix unwind directives in IA-64 assembler modules. This helps symbolic
debugging and doesn't affect functionality.

Submitted by: David Mosberger

Obtained from: http://www.hpl.hp.com/research/linux/crypto/
2005-07-18 09:54:14 +00:00
Nils Larsch
449bd384ed bugfix: 0 - w (w != 0) is actually negative 2005-07-17 16:09:09 +00:00
Andy Polyakov
31efffbdba Trap condition should be 64-bit when it's due. 2005-07-03 09:17:50 +00:00
Andy Polyakov
aaa5dc614f More elegant solution to "sparse decimal printout on PPC" problem. 2005-07-02 08:58:55 +00:00
Andy Polyakov
8be97c01d1 Decimal printout of a BN is wrong on PPC, it's sparse with very few
significant digits. As soon it verifies elsewhere it goes to 0.9.8 and
0.9.7.
2005-07-01 17:49:47 +00:00
Ben Laurie
a51a97262d Brought forward from 0.9.8 - 64 bit warning fixes and fussy compiler fixes. 2005-06-29 11:02:15 +00:00
Andy Polyakov
bb00084863 Replace _int64 with __int64, which is more widely accepted among Win32
compiler vendors.
2005-06-28 11:50:50 +00:00
Andy Polyakov
c25f2f1cbf Missed -c in IRIX rules. 2005-06-23 20:37:29 +00:00
Andy Polyakov
62526671e9 Typo in bn-mips3 rule. 2005-06-23 16:24:51 +00:00
Andy Polyakov
88ebf53577 Rename mips3.o to bn-mips3.o [it's better in long run] and adjust the
rule to accomodate gcc4, which no longer support SGI as.
2005-06-23 16:23:06 +00:00
Nils Larsch
88737991d2 fix assertion 2005-05-31 20:39:16 +00:00
Andy Polyakov
20a85e9f69 Missing sparcv8.o rule.
PR: 1082
2005-05-31 12:17:35 +00:00
Richard Levitte
9426364be9 Typo 2005-05-29 12:11:50 +00:00
Bodo Möller
a28a5d9c62 Use BN_with_flags() in a cleaner way. 2005-05-27 15:38:53 +00:00
Bodo Möller
c61f571ce0 check BN_copy() return value 2005-05-26 04:30:49 +00:00
Richard Levitte
b172dec864 DEC C complains about bad subscript, but we know better, so let's shut it up. 2005-05-24 03:22:53 +00:00
Andy Polyakov
ce92b6eb9c Further BUILDENV refinement, further fool-proofing of Makefiles and
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
2005-05-16 16:55:47 +00:00
Bodo Möller
46a643763d Implement fixed-window exponentiation to mitigate hyper-threading
timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2005-05-16 01:43:31 +00:00
Andy Polyakov
81a86fcf17 Fool-proofing Makefiles 2005-05-15 22:23:26 +00:00
Ben Laurie
4b26fe30de There must be an explicit way to build the .o! 2005-05-11 16:39:05 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes.
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Richard Levitte
82e8cb403a Since BN_LLONG will only be defined for Alpha/VMS and not VAX/VMS,
there's no need to undefine it here.  Then, let's get a bit paranoid
and not define BN_ULLONG on THIRTY_TWO_BIT machines when BN_LLONG
isn't defined.
2005-05-06 13:34:35 +00:00
Nils Larsch
f15c448a72 remove BN_ncopy, it was only used in bn_nist.c and wasn't particular
useful anyway
2005-05-03 20:27:00 +00:00
Nils Larsch
fcb41c0ee8 rewrite of bn_nist.c, disable support for some curves on 64 bit platforms
for now (it was broken anyway)
2005-05-03 20:23:33 +00:00
Nils Larsch
c1a8a5de13 don't let BN_CTX_free(NULL) segfault 2005-04-29 21:20:31 +00:00
Dr. Stephen Henson
6ec8e63af6 Port BN_MONT_CTX_set_locked() from stable branch.
The function rsa_eay_mont_helper() has been removed because it is no longer
needed after this change.
2005-04-26 23:58:54 +00:00
Dr. Stephen Henson
465b9f6b26 Stop unused variable warning. 2005-04-26 23:45:49 +00:00
Nils Larsch
800e400de5 some updates for the blinding code; summary:
- possibility of re-creation of the blinding parameters after a
  fixed number of uses (suggested by Bodo)
- calculatition of the rsa::e in case it's absent and p and q
  are present (see bug report #785)
- improve the performance when if one rsa structure is shared by
  more than a thread (see bug report #555)
- fix the problem described in bug report #827
- hide the definition ot the BN_BLINDING structure in bn_blind.c
2005-04-26 22:31:48 +00:00
Bodo Möller
aa4ce7315f Fix various incorrect error function codes.
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
2005-04-26 18:53:22 +00:00
Ben Laurie
36d16f8ee0 Add DTLS support. 2005-04-26 16:02:40 +00:00
Nils Larsch
ff22e913a3 - use BN_set_negative and BN_is_negative instead of BN_set_sign
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
29dc350813 Rebuild error codes. 2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
Andy Polyakov
0abfd60604 Extend Solaris x86 support to amd64. 2005-04-04 17:10:53 +00:00
Andy Polyakov
60fd574cdf Make bn/asm/x86_64-gcc.c gcc4 savvy. +r is likely to be initially
introduced for a reason [like bug in initial gcc port], but proposed
=&r is treated correctly by senior 3.2, so we can assume it's safe now.
PR: 1031
2005-04-03 18:53:29 +00:00
Nils Larsch
fea4280a8b fix header 2005-03-30 21:38:29 +00:00
Ben Laurie
42ba5d2329 Blow away Makefile.ssl. 2005-03-30 13:05:57 +00:00
Andy Polyakov
da30c74a27 Remove unused assembler modules. 2005-02-06 13:43:02 +00:00
Andy Polyakov
67ea999d4a This patch was "ignited" by OpenBSD 3>=4 support. They've switched to ELF
and GNU binutils, but kept BSD make... And I took the opportunity to
unify other targets to this common least denominator...
2005-02-06 13:23:34 +00:00
Andy Polyakov
76ef6ac956 Refine PowerPC platform support. 2004-12-20 13:44:34 +00:00
Dr. Stephen Henson
a0e7c8eede Add lots of checks for memory allocation failure, error codes to indicate
failure and freeing up memory if a failure occurs.

PR:620
2004-12-05 01:03:15 +00:00
Richard Levitte
a2ac429da2 Don't use $(EXHEADER) directly in for loops, as most shells will break
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Geoff Thorpe
f79110c633 Two TODO comments taken care of. Nils pointed out that one of them had already
been done, and took care of the other one (which hadn't).

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-09-19 04:43:46 +00:00
Andy Polyakov
16760a3089 Proper support for OpenBSD-i386 shared build, including assember modules!
"Proper" means "compiles and passes test." Versioning is broken (I think).
2004-08-29 21:36:37 +00:00
Andy Polyakov
2b247cf81f OPENSSL_ia32cap final touches. Note that OPENSSL_ia32cap is no longer a
symbol, but a macro expanded as (*(OPENSSL_ia32cap_loc())). The latter
is the only one to be exported to application.
2004-08-29 16:36:05 +00:00
Andy Polyakov
34413fca84 OpenBSD fix-up for new a.out targets. OpenBSD .s.o rule is busted... 2004-08-01 21:16:26 +00:00
Andy Polyakov
ec38ddc765 Clean-up GAS targets: get rid of "cpp" stuff and replace it with "purified"
COFF and a.out targets [similar to ELF targets]. You might notice some
rudementary support for shared mingw builds under cygwin. It works (it
produces cryptoeay32.dll and ssleay32.dll with everything exported by
name), but it's primarily for testing/debugging purposes, at least for
now...
2004-08-01 17:33:58 +00:00
Andy Polyakov
33c3ecf741 Build-n-link new IA-64 modules on Linux and HP-UX. 2004-07-23 23:27:10 +00:00
Andy Polyakov
8169dd73f9 All SIXTY_FOUR_BIT platforms (mind the difference between SIXTY_FOUR_BIT and
SIXTY_FOUR_BIT_LONG) were failing to pass 'cd test; make test_bn'.
2004-07-22 09:32:11 +00:00
Andy Polyakov
859ceeeb51 Anchor AES and SHA-256/-512 assembler from C. 2004-07-18 17:26:01 +00:00
Andy Polyakov
d0590fe6b2 Add anchors for AES, SHA-256/-512 assembler modules and SSE2 code pathes.
I also used this opportunity to clean up some out-of-date targets and
re-group targets by OS.
2004-07-18 16:19:34 +00:00
Geoff Thorpe
ace3ebd661 Improve error handling if decompression of an ec point fails, and cleanup
ec_curve.c (unify comments, etc).

Submitted by: Nils Larsch
Reviewed by: Bodo Moeller, Geoff Thorpe
2004-07-06 15:50:04 +00:00
Andy Polyakov
e2f2a9af2c New scalable bn_mul_add_words loop, which provides up to >20% overall
performance improvement. Make module more gcc friendly and clarify
copyright issues for division routine.
2004-07-01 11:10:38 +00:00
Geoff Thorpe
d459e39012 Tidy up, including;
- Remove unused and unuseful debug cruft.
- Remove unnecessary 'top' fudging from BN_copy().
- Fix a potential memory leak and simplify the expansion logic in
  BN_bin2bn().

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-06-20 04:16:12 +00:00
Geoff Thorpe
df11e1e921 Deprecate unused cruft, and "make update". 2004-06-17 23:50:25 +00:00
Geoff Thorpe
afbe74d386 Actually, that last change to BN_get_word() was a little too simple. 2004-06-17 22:05:40 +00:00
Geoff Thorpe
9088d5f24f As Nils put it;
Yet another question: some time ago you changed BN_set_word.
    Why didn't you change BN_get_word as well?

Quite. I'm also removing the older commented-out implementations to improve
readability. This complex stuff seems to date from a time when the types
didn't match up well.

Submitted by: Nils Larsch, Geoff Thorpe
2004-06-17 20:13:50 +00:00
Geoff Thorpe
cf9056cfda BN_div_word() was breaking when called from BN_bn2dec() (actually, this is
the only function that uses it) because it would trip up an assertion in
bn_div_words() when first invoked. This also adds BN_div_word() testing to
bntest.

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-06-17 20:03:56 +00:00
Andy Polyakov
1809e858bb Eliminate compiler warnings and throw in performance table. 2004-05-28 10:15:58 +00:00
Geoff Thorpe
d6dda126b7 Make some more API types opaquely available from ossl_typ.h, meaning the
corresponding headers are only required for API functions or structure
details. This now includes the bignum types and BUF_MEM. Subsequent commits
will remove various dependencies on bn.h and buffer.h and update the
makefile dependencies.
2004-05-15 18:32:08 +00:00
Andy Polyakov
d3adc3d3ed SSE2 accelerated bn_mul_add_words. Code is currently disabled till proper
config and run-time support is added.
PR: 788
Submitted by: <dean@arctic.org>
Reviewed by: <appro>

Obtained from: http://arctic.org/~dean/crypto/rsa.html
2004-05-06 10:36:49 +00:00
Andy Polyakov
dd55880644 Improved PowerPC support. Proper ./config support for ppc targets,
especially for AIX. But most important BIGNUM assembler implementation
submitted by IBM.

Submitted by: Peter Waltenberg <pwalten@au1.ibm.com>
Reviewed by: appro
2004-04-27 22:05:50 +00:00
Richard Levitte
863d2b196f Print the debug thingies on stderr instead of stdout. If for nothing
else then at least so bc doesn't have problems parsing the output from
bntest :-).
2004-04-20 10:57:07 +00:00
Geoff Thorpe
c57bc2dc51 make update 2004-04-19 18:33:41 +00:00
Richard Levitte
a87228031f RAND_add() wants a double as it's last argument. 2004-03-25 15:52:43 +00:00
Geoff Thorpe
c86f2054f3 Adjust various bignum functions to use BN_CTX for variables instead of
locally initialising their own.

NB: I've removed the "BN_clear_free()" loops for the exit-paths in some of
these functions, and that may be a major part of the performance
improvements we're seeing. The "free" part can be removed because we're
using BN_CTX. The "clear" part OTOH can be removed because BN_CTX
destruction automatically performs this task, so performing it inside
functions that may be called repeatedly is wasteful. This is currently safe
within openssl due to the fact that BN_CTX objects are never created for
longer than a single high-level operation. However, that is only because
there's currently no mechanism in openssl for thread-local storage. Beyond
that, this might be an issue for applications using the bignum API directly
and caching their own BN_CTX objects. The solution is to introduce a flag
to BN_CTX_start() that allows its variables to be automatically sanitised
on release during BN_CTX_end(). This way any higher-level function (and
perhaps the application) can specify this flag in its own
BN_CTX_start()/BN_CTX_end() pair, and this will cause inner-loop functions
specifying the flag to be ignored so that sanitisation is handled only once
back out at the higher level. I will be implementing this in the near
future.
2004-03-25 04:32:24 +00:00
Geoff Thorpe
5c98b2caf5 Replace the BN_CTX implementation with my current work. I'm leaving the
little TODO list in there as well as the debugging code (only enabled if
BN_CTX_DEBUG is defined).

I'd appreciate as much review and testing as can be spared for this. I'll
commit some changes to other parts of the bignum code shortly to make
better use of this implementation (no more fixed size limitations). Note
also that under identical optimisations, I'm seeing a noticable speed
increase over openssl-0.9.7 - so any feedback to confirm/deny this on other
systems would also be most welcome.
2004-03-25 04:16:14 +00:00
Geoff Thorpe
e042540f6b Variety of belt-tightenings in the bignum code. (Please help test this!)
- Remove some unnecessary "+1"-like fudges. Sizes should be handled
  exactly, as enlarging size parameters causes needless bloat and may just
  make bugs less likely rather than fixing them: bn_expand() macro,
  bn_expand_internal(), and BN_sqr().
- Deprecate bn_dup_expand() - it's new since 0.9.7, unused, and not that
  useful.
- Remove unnecessary zeroing of unused bytes in bn_expand2().
- Rewrite BN_set_word() - it should be much simpler, the previous
  complexities probably date from old mismatched type issues.
- Add missing bn_check_top() macros in bn_word.c
- Improve some degenerate case handling in BN_[add|sub]_word(), add
  comments, and avoid a bignum expansion if an overflow isn't possible.
2004-03-17 17:36:54 +00:00
Geoff Thorpe
b6358c89a1 Convert openssl code not to assume the deprecated form of BN_zero().
Remove certain redundant BN_zero() initialisations, because BN_CTX_get(),
BN_init(), [etc] already initialise to zero.

Correct error checking in bn_sqr.c, and be less wishy-wash about how/why
the result's 'top' value is set (note also, 'max' is always > 0 at this
point).
2004-03-13 23:57:20 +00:00
Geoff Thorpe
5d735465d1 The efforts to eliminate the dual-representation of zero and to ensure
bignums are passed in and out of functions and APIs in a consistent form
has highlighted that zero-valued bignums don't need any allocated word
data. The use of BN_set_word() to initialise a bignum to zero causes
needless allocation and gives it a return value that must be checked. This
change converts BN_zero() to a self-contained macro that has no
return/expression value and does not cause any expansion of bignum data.

Note, it would be tempting to rewrite the deprecated version as a
success-valued comma expression, such as;
   #define BN_zero(a) ((a)->top = (a)->neg = 0, 1)
However, this evaluates 'a' twice and would confuse initialisation loops
(eg. while(..) { BN_zero(bn++) } ). As such, the deprecated version
continues to use BN_set_word().
2004-03-13 23:04:15 +00:00
Geoff Thorpe
9e051bac13 Document a change I'd already made, and at the same time, correct the
change to work properly; BN_zero() should set 'neg' to zero as well as
'top' to match the behaviour of BN_new().
2004-03-13 22:10:15 +00:00
Geoff Thorpe
a8aa764d3c Minimise the amount of code dependent on BN_DEBUG_RAND. In particular,
redefine bn_clear_top2max() to be a NOP in the non-debugging case, and
remove some unnecessary usages in bn_nist.c.

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe, Ulf Möller
2004-03-09 03:53:40 +00:00
Geoff Thorpe
e7716b7a19 More changes coming out of the bignum auditing. BN_CTX_get() should ideally
return a "zero" bignum as BN_new() does - so reset 'top'. During
BN_CTX_end(), released bignums should be consistent so enforce this in
debug builds. Also, reduce the number of wasted BN_clear_free() calls from
BN_CTX_end() (typically by 75% or so).

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe, Ulf Möller
2004-03-09 03:47:35 +00:00
Geoff Thorpe
1b06804491 When adding positive elements, we can use BN_uadd() instead of BN_add().
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-02-22 19:30:41 +00:00
Andy Polyakov
1751034669 Typo in crypto/bn/asm/x86_64.c, bn_div_words().
PR: 821
2004-02-07 09:51:28 +00:00
Andy Polyakov
d04b1b4656 Typo in PA-RISC 2 rules in crypto/bn/Makefile.ssl 2004-01-30 05:41:23 +00:00
Andy Polyakov
1247092776 HP/UX PA-RISC 2 targets update. 2004-01-29 22:16:08 +00:00
Richard Levitte
1fb724449d make update 2004-01-28 18:38:33 +00:00
Andy Polyakov
27b2b78f90 Even though C specification explicitly says that constant type "stretches"
automatically to accomodate the value, some compilers fail to do so. Most
notably 0x0123456789ABCDEF should come out as long long in 32-bit context,
but HP compiler truncates it to 32-bit value. Which in turn breaks GF(2^m)
arithmetics in hpux-parisc2-cc build. Therefore this fix...
2004-01-25 10:53:43 +00:00
Richard Levitte
79b42e7654 Use sh explicitely to run point.sh
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
d420ac2c7d Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Ulf Möller
380e145daf Add "dif" variable to clean up the loop implementations.
Submitted by: Nils Larsch
2003-12-06 11:55:46 +00:00
Ulf Möller
ce38bb1a8c Avoid segfault if ret==0.
Submitted by: Nils Larsch
2003-12-06 11:39:37 +00:00
Geoff Thorpe
2bfd2c74d2 Incremental cleanups to bn_lib.c.
- Add missing bn_check_top() calls and relocate some others
- Use BN_is_zero() where appropriate
- Remove assert()s that bn_check_top() is already covering
- Simplify the code in places (esp. bn_expand2())
- Only keep ambiguous zero handling if BN_STRICT isn't defined
- Remove some white-space and make some other aesthetic tweaks
2003-12-02 20:01:30 +00:00
Geoff Thorpe
82b2f57e30 Use the BN_is_odd() macro in place of code that (inconsistently) does much
the same thing.

Also, I have some stuff on the back-burner related to some BN_CTX notes
from Peter Gutmann about his cryptlib hacks to the bignum code. The BN_CTX
comments are there to remind me of some relevant points in the code.
2003-12-02 03:28:24 +00:00
Geoff Thorpe
2ae1ea3788 BN_FLG_FREE is of extremely dubious usefulness, and is only referred to
once in the source (where it is set for the benefit of no other code
whatsoever). I've deprecated the declaration in the header and likewise
made the use of the flag conditional in bn_lib.c. Note, this change also
NULLs the 'd' pointer in a BIGNUM when it is reset but not deallocated.
2003-12-02 03:16:56 +00:00
Geoff Thorpe
34066d741a Declare the static BIGNUM "BN_value_one()" more carefully. 2003-12-01 23:13:17 +00:00