Commit graph

143 commits

Author SHA1 Message Date
Geoff Thorpe
d459e39012 Tidy up, including;
- Remove unused and unuseful debug cruft.
- Remove unnecessary 'top' fudging from BN_copy().
- Fix a potential memory leak and simplify the expansion logic in
  BN_bin2bn().

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-06-20 04:16:12 +00:00
Geoff Thorpe
df11e1e921 Deprecate unused cruft, and "make update". 2004-06-17 23:50:25 +00:00
Geoff Thorpe
d6dda126b7 Make some more API types opaquely available from ossl_typ.h, meaning the
corresponding headers are only required for API functions or structure
details. This now includes the bignum types and BUF_MEM. Subsequent commits
will remove various dependencies on bn.h and buffer.h and update the
makefile dependencies.
2004-05-15 18:32:08 +00:00
Geoff Thorpe
e042540f6b Variety of belt-tightenings in the bignum code. (Please help test this!)
- Remove some unnecessary "+1"-like fudges. Sizes should be handled
  exactly, as enlarging size parameters causes needless bloat and may just
  make bugs less likely rather than fixing them: bn_expand() macro,
  bn_expand_internal(), and BN_sqr().
- Deprecate bn_dup_expand() - it's new since 0.9.7, unused, and not that
  useful.
- Remove unnecessary zeroing of unused bytes in bn_expand2().
- Rewrite BN_set_word() - it should be much simpler, the previous
  complexities probably date from old mismatched type issues.
- Add missing bn_check_top() macros in bn_word.c
- Improve some degenerate case handling in BN_[add|sub]_word(), add
  comments, and avoid a bignum expansion if an overflow isn't possible.
2004-03-17 17:36:54 +00:00
Geoff Thorpe
5d735465d1 The efforts to eliminate the dual-representation of zero and to ensure
bignums are passed in and out of functions and APIs in a consistent form
has highlighted that zero-valued bignums don't need any allocated word
data. The use of BN_set_word() to initialise a bignum to zero causes
needless allocation and gives it a return value that must be checked. This
change converts BN_zero() to a self-contained macro that has no
return/expression value and does not cause any expansion of bignum data.

Note, it would be tempting to rewrite the deprecated version as a
success-valued comma expression, such as;
   #define BN_zero(a) ((a)->top = (a)->neg = 0, 1)
However, this evaluates 'a' twice and would confuse initialisation loops
(eg. while(..) { BN_zero(bn++) } ). As such, the deprecated version
continues to use BN_set_word().
2004-03-13 23:04:15 +00:00
Geoff Thorpe
2ae1ea3788 BN_FLG_FREE is of extremely dubious usefulness, and is only referred to
once in the source (where it is set for the benefit of no other code
whatsoever). I've deprecated the declaration in the header and likewise
made the use of the flag conditional in bn_lib.c. Note, this change also
NULLs the 'd' pointer in a BIGNUM when it is reset but not deallocated.
2003-12-02 03:16:56 +00:00
Geoff Thorpe
46cb8d3689 If BN_STRICT is defined, don't accept an ambiguous representation of zero
(ie. where top may be zero, or it may be one if the corresponding word is
set to zero). Note, this only affects the macros in bn.h, there are probably
similar corrections required in some c files.

Also, clarify the audit-related macros at the top of the header. Mental
note: I must not forget to clean all this out before 0.9.8 is released ...
2003-11-30 22:23:12 +00:00
Geoff Thorpe
23fc5ac646 Improve a couple of the bignum macros. Note, this doesn't eliminate
tolerance of ambiguous zero-representation, it just improves
BN_abs_is_word() and simplifies other macros that depend on it.
2003-11-30 22:02:10 +00:00
Geoff Thorpe
5734bebe05 Make BN_DEBUG_RAND less painfully slow by only consuming one byte of
pseudo-random data for each bn_pollute().
2003-11-30 21:21:30 +00:00
Geoff Thorpe
f75abcefed This extends the debugging macros to use "pollution" during
bn_correct_top(), previously only bn_check_top() did this.
2003-11-06 23:24:44 +00:00
Geoff Thorpe
0ef85c7f45 This is a revert of my previous commit to "improve" the declaration of
constant BIGNUMs. It turns out that this trips up different but equally
useful compiler warnings to -Wcast-qual, and so wasn't worth the ugliness
it created. (Thanks to Ulf for the forehead-slap.)
2003-11-05 19:30:29 +00:00
Ulf Möller
2b96c95197 cleanup as discussed with Geoff 2003-11-05 17:28:25 +00:00
Geoff Thorpe
d870740cd7 Put the first stage of my bignum debugging adventures into CVS. This code
is itself experimental, and in addition may cause execution to break on
existing openssl "bugs" that previously were harmless or at least
invisible.
2003-11-04 22:54:49 +00:00
Geoff Thorpe
c465e7941e This is the least unacceptable way I've found for declaring the bignum data
and structures as constant without having to cast away const at any point.
There is still plenty of other code that makes gcc's "-Wcast-qual" unhappy,
but crypto/bn/ is now ok. Purists are welcome to suggest alternatives.
2003-11-04 00:29:09 +00:00
Geoff Thorpe
2ce90b9b74 BN_CTX is opaque and the static initialiser BN_CTX_init() is not used
except internally to the allocator BN_CTX_new(), as such this deprecates
the use of BN_CTX_init() in the API. Moreover, the structure definition of
BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself.

NDEBUG should probably only be "forced" in the top-level configuration, but
until it is I will avoid removing it from bn_ctx.c which might surprise
people with massive slow-downs in their keygens. So I've left it in
bn_ctx.c but tidied up the preprocessor logic a touch and made it more
tolerant of debugging efforts.
2003-10-29 18:04:37 +00:00
Bodo Möller
5679bcce07 make RSA blinding thread-safe 2003-04-02 09:50:22 +00:00
Geoff Thorpe
e189872486 Nils Larsch submitted;
- a patch to fix a memory leak in rsa_gen.c
  - a note about compiler warnings with unions
  - a note about improving structure element names

This applies his patch and implements a solution to the notes.
2002-12-08 16:45:26 +00:00
Geoff Thorpe
e9224c7177 This is a first-cut at improving the callback mechanisms used in
key-generation and prime-checking functions. Rather than explicitly passing
callback functions and caller-defined context data for the callbacks, a new
structure BN_GENCB is defined that encapsulates this; a pointer to the
structure is passed to all such functions instead.

This wrapper structure allows the encapsulation of "old" and "new" style
callbacks - "new" callbacks return a boolean result on the understanding
that returning FALSE should terminate keygen/primality processing.  The
BN_GENCB abstraction will allow future callback modifications without
needing to break binary compatibility nor change the API function
prototypes. The new API functions have been given names ending in "_ex" and
the old functions are implemented as wrappers to the new ones.  The
OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined,
declaration of the older functions will be skipped. NB: Some
openssl-internal code will stick with the older callbacks for now, so
appropriate "#undef" logic will be put in place - this is in case the user
is *building* openssl (rather than *including* its headers) with this
symbol defined.

There is another change in the new _ex functions; the key-generation
functions do not return key structures but operate on structures passed by
the caller, the return value is a boolean. This will allow for a smoother
transition to having key-generation as "virtual function" in the various
***_METHOD tables.
2002-12-08 05:24:31 +00:00
Bodo Möller
b53e44e572 implement and use new macros BN_get_sign(), BN_set_sign()
Submitted by: Nils Larsch
2002-11-04 13:17:22 +00:00
Bodo Möller
259cdf2af9 Sun has agreed to removing the covenant language from most files.
Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>
2002-10-29 10:59:32 +00:00
Bodo Möller
19b8d06a79 clean up new code for NIST primes
create new lock CRYPTO_LOCK_BN to avoid race condition
2002-10-28 14:02:19 +00:00
Bodo Möller
5c6bf03117 fast reduction for NIST curves
Submitted by: Nils Larsch
2002-10-28 13:23:24 +00:00
Richard Levitte
f13ddd5d0a Do not use the word 'modulus', which is a class template name in VC++ 6.0/SP5.
PR: 216, point 3
2002-08-12 21:20:25 +00:00
Bodo Möller
1dc920c8de Binary field arithmetic contributed by Sun Microsystems.
The 'OPENSSL_NO_SUN_DIV' default is still subject to change,
so I didn't bother to finish the CHANGES entry yet.

Submitted by: Douglas Stebila <douglas.stebila@sun.com>, Sheueling Chang <sheueling.chang@sun.com>
(CHANGES entry by Bodo Moeller)
2002-08-02 13:03:55 +00:00
Dr. Stephen Henson
2f9cf160e4 Avoid gcc warning: BN_DEC_CONV when SIXTY_FOUR_BIT is defined is unsigned. 2002-05-10 22:07:37 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Richard Levitte
b476df64a1 make update
perl util/mkerr.pl -recurse -write -rebuild
2001-11-15 12:25:14 +00:00
Bodo Möller
c5d4ab7e35 adjust to OpenSSL_0_9_6-stable version 2001-11-09 13:09:11 +00:00
Bodo Möller
983495c4b2 Use uniformly chosen witnesses for Miller-Rabin test
(by using new BN_pseudo_rand_range function)
2001-09-03 12:58:16 +00:00
Bodo Möller
c62b26fdc6 Hide BN_CTX structure details.
Incease the number of BIGNUMs in a BN_CTX.
2001-03-08 15:56:15 +00:00
Bodo Möller
98499135d7 Constify BN_value_one. 2001-03-08 13:58:09 +00:00
Bodo Möller
226cc7ded4 More method functions for EC_GFp_simple_method. 2001-03-08 01:23:28 +00:00
Richard Levitte
a5bc1e8568 Use e_os2.h rather than opensslconf.h, since some needed macros are
defined there.
2001-02-22 14:37:50 +00:00
Richard Levitte
8120813066 Use new-style system-id macros. 2001-02-20 07:43:22 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Bodo Möller
e306892994 Simplify BN_rand_range 2001-02-10 00:34:02 +00:00
Bodo Möller
35ed8cb8b6 Integrate my implementation of a countermeasure against
Bleichenbacher's DSA attack.  With this implementation, the expected
number of iterations never exceeds 2.

New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
     min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
     min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
2001-02-08 12:14:51 +00:00
Ulf Möller
57e7d3ce15 Bleichenbacher's DSA attack 2001-02-07 22:24:35 +00:00
Bodo Möller
e5164b7041 Change error message to "bignum too long" 2000-12-04 09:24:54 +00:00
Bodo Möller
152a689cf9 Don't allow BIGNUMs to become so large that computations with dmax
might overflow.
2000-12-03 09:39:04 +00:00
Ulf Möller
111482cf2e New function BN_bntest_rand() to detect more BN library bugs.
The bn_cmp_part_words bug was only caught in the BN_mod_mul() test,
not in the BN_mul() test, so apparently the choice of parameters in
some cases is bad.
2000-12-02 07:32:57 +00:00
Bodo Möller
cd2eebfd64 BN_sqrt 2000-11-30 00:18:19 +00:00
Bodo Möller
a08bcccc67 Expand expspeed.c to make BN_kronecker timings.
This caused a segmentation fault in calls to malloc, so I cleaned up
bn_lib.c a little so that it is easier to see what is going on.
The bug turned out to be an off-by-one error in BN_bin2bn.
2000-11-29 12:32:10 +00:00
Bodo Möller
dcbd0d74d5 Fix BN_is_... macros.
Fix BN_gcd.
Analyze BN_mod_inverse.
Add BN_kronecker.
"make update".
2000-11-27 21:17:20 +00:00
Bodo Möller
5acaa49504 More BN_mod_... functions. 2000-11-26 18:31:32 +00:00
Bodo Möller
78a0c1f18d modular arithmetics
"make update"
2000-11-26 16:42:38 +00:00
Richard Levitte
227385b719 Make sure BN_DIV2W is not defining when defining it, and remove the
declarations of bn_add_part_words() and bn_sub_part_words() since they
do not exist.
2000-11-17 12:01:55 +00:00
Richard Levitte
cbd48ba626 More constification of the BN library. 2000-11-16 22:43:32 +00:00
Bodo Möller
7f7b8d6871 BN_CTX-related fixes. 2000-11-08 10:05:34 +00:00
Richard Levitte
020fc820dc Constify the BIGNUM routines a bit more. The only trouble were the
two functions that did expansion on in parameters (BN_mul() and
BN_sqr()).  The problem was solved by making bn_dup_expand() which is
a mix of bn_expand2() and BN_dup().
2000-11-06 21:15:54 +00:00
Dr. Stephen Henson
2d978cbd30 Changes needed for Tandem NSK, supplied by Scott Uroff (scott@xypro.com).
Fix warnings with BIO_dump_indent().
2000-08-04 00:01:39 +00:00
Bodo Möller
dc434bbcb0 Slightly faster DSA verification (BN_mod_exp2_mont),
marginally faster BN_mod_exp for 1024 bit exponents.
2000-06-08 20:26:03 +00:00
Bodo Möller
6dad7bd69c Speed up DH with small generator. 2000-06-07 21:29:25 +00:00
Ulf Möller
de42b6a7a8 Use NO_FP_API. 2000-06-01 20:25:44 +00:00
Ulf Möller
f1a617edc9 check for WIN32 (needed by Mingw32) 2000-03-01 01:46:34 +00:00
Ulf Möller
775c63fc02 Reorganize bn_mul.c (no bugfix yet), remove obsolete files in BN library. 2000-02-26 22:16:47 +00:00
Bodo Möller
eb5a6a55c5 Commit patch to bn.h that CVS decided to throw away during 'cvs update',
and initialize too_many because memset(..., 0, ...) is not used here.
2000-02-05 20:39:26 +00:00
Ulf Möller
6535eb1728 Use MONT_WORD macro to control if the word-based or the bignum
algorithm is used.
2000-02-05 18:23:05 +00:00
Ulf Möller
9b141126d4 New functions BN_CTX_start(), BN_CTX_get(), BN_CTX_end() to access
temporary BIGNUMs. BN_CTX still uses a fixed number of BIGNUMs, but
the BN_CTX implementation could now easily be changed.
2000-02-05 14:17:32 +00:00
Ulf Möller
657e60fa00 ispell (and minor modifications) 2000-02-03 23:23:24 +00:00
Bodo Möller
7999c65c9b Some 'const's for BNs. 2000-02-03 01:26:07 +00:00
Bodo Möller
aff0825c61 Tolerate negative numbers in BN_is_prime. 2000-02-02 22:18:01 +00:00
Bodo Möller
e74231ed9e rndsort{Miller, Rabin} primality test. 2000-02-02 21:20:44 +00:00
Bodo Möller
a87030a1ed Make DSA_generate_parameters, and fix a couple of bug
(including another problem in the s3_srvr.c state machine).
2000-01-30 02:23:03 +00:00
Richard Levitte
f95a9f678a Declare BN_pseudo_rand(). 2000-01-27 22:07:42 +00:00
Ulf Möller
38e33cef15 Document DSA and SHA.
New function BN_pseudo_rand().
Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when
generating DSA primes (why not use BN_is_prime()?)
2000-01-27 19:31:26 +00:00
Bodo Möller
ec1258dd44 Update comments to provide a better approximation of reality. 2000-01-27 13:00:10 +00:00
Ulf Möller
e93f9a3284 Run ispell.
Clean up bn_mont.c.
2000-01-27 01:50:42 +00:00
Ulf Möller
dd8dec69b8 Document the BN library. 2000-01-23 22:06:24 +00:00
Ulf Möller
4486d0cd7a Document the DH library, and make some minor changes along the way. 2000-01-22 20:05:23 +00:00
Bodo Möller
76aa0ddc86 Turn BN_prime_checks into a macro.
Primes p where (p-1)/2 is prime too are called "safe", not "strong".
2000-01-12 11:57:30 +00:00
Ulf Möller
e371828067 Use "long long" for all Win32 gcc ports. 1999-06-28 16:17:38 +00:00
Bodo Möller
7722424462 With mingw32, use "long long" rather than "_int64" (the latter does
not work, at least the package mentioned in INSTALL.W32 does not know
about it).
1999-06-28 14:38:31 +00:00
Dr. Stephen Henson
8623f693d9 New functions CONF_load_bio() and CONF_load_fp() to load a configuration
file from a bio or fp. Added some more constification to the BN library.
1999-06-20 17:36:11 +00:00
Ben Laurie
8d8a8041ec const/type fixes. 1999-06-05 12:16:33 +00:00
Ben Laurie
84c15db551 Some constification and stacks that slipped through the cracks (how?). 1999-06-04 22:23:10 +00:00
Ben Laurie
b4f76582d4 More evil cast removal. 1999-06-03 18:04:04 +00:00
Ulf Möller
e14d4443a2 Bignum library bug fix. IRIX 6 passes "make test" now!
This also avoids the problems with SC4.2 and unpatched SC5.

Submitted by: Andy Polyakov <appro@fy.chalmers.se>
1999-05-20 01:43:07 +00:00
Ulf Möller
fb92ba64a0 Move prototypes to the right place. 1999-05-17 22:25:31 +00:00
Ulf Möller
7d7d2cbcb0 VMS support.
Submitted by: Richard Levitte <richard@levitte.org>
1999-05-13 11:37:32 +00:00
Ulf Möller
a9be3af5ad Remove NOPROTO definitions and error code comments. 1999-04-26 16:43:10 +00:00
Dr. Stephen Henson
5043fc9fd5 Fix mkerr.pl to find functions returning function pointers (thanks Ulf!)
also add a few missing prototypes.
1999-04-25 11:17:44 +00:00
Bodo Möller
2b6405faa5 Avoid "incomprehensible" errors when required definitions are missing.
Submitted by:
Reviewed by:
PR:
1999-04-24 15:11:39 +00:00
Dr. Stephen Henson
6d31193858 Complete rewrite of the error code generation script. It now runs as a single
script, translates function codes better and doesn't need the K&R function
prototypes to work (NB. the K&R prototypes can't be wiped just yet: they are
still needed by the DEF generator...). I also ran the script with the -rewrite
option to update all the header and source files.
1999-04-24 00:15:18 +00:00
Bodo Möller
ec577822f9 Change #include filenames from <foo.h> to <openssl.h>.
Submitted by:
Reviewed by:
PR:
1999-04-23 22:13:45 +00:00
Ben Laurie
61f5b6f338 Work with -pedantic! 1999-04-23 15:01:15 +00:00
Ulf Möller
169cc7a112 Remove references to .org header file names. 1999-04-22 20:10:06 +00:00
Ulf Möller
8e10f2b3ac Move all autogenerated header file parts to crypto/opensslconf.h. 1999-04-21 17:31:05 +00:00
Ben Laurie
8d7ed6ff90 Deal with generated files. 1998-12-28 21:58:19 +00:00
Ralf S. Engelschall
651d0aff98 Various cleanups and fixed by Marc and Ralf to start the OpenTLS project 1998-12-22 15:04:48 +00:00
Ralf S. Engelschall
dfeab0689f Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00
Ralf S. Engelschall
58964a4922 Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
Ralf S. Engelschall
d02b48c63a Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00