Richard Levitte
ed45f3c242
Rearrange rsaz
...
A small rearrangement so the inclusion of rsaz_exp.h would be
unconditional, but what that header defines becomes conditional.
This solves the weirdness where rsaz_exp.h gets in and out of the
dependency list for bn_exp.c, depending on the present architecture.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-23 02:59:47 +02:00
Andy Polyakov
4924b37ee0
bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters.
...
CVE-2015-1788
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-11 13:34:13 +02:00
Matt Caswell
c56353071d
Fix off-by-one error in BN_bn2hex
...
A BIGNUM can have the value of -0. The function BN_bn2hex fails to account
for this and can allocate a buffer one byte too short in the event of -0
being used, leading to a one byte buffer overrun. All usage within the
OpenSSL library is considered safe. Any security risk is considered
negligible.
With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and
Filip Palian for discovering and reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-06-04 09:23:02 +01:00
Dr. Stephen Henson
97cacc537e
make update.
...
Make update with manual edit so EVP_PKEY_asn1_set_item uses the same
ordinal as 1.0.2.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-03 15:39:29 +01:00
Andy Polyakov
60c268b21a
bn/bn_lcl.h: fix MIPS-specific gcc version check.
...
RT#3859
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-26 10:06:28 +02:00
Andy Polyakov
69567687b0
bn/asm/x86_64-mont5.pl: fix valgrind error.
...
bn_get_bits5 was overstepping array boundary by 1 byte. It was exclusively
read overstep and data could not have been used. The only potential problem
would be if array happens to end on the very edge of last accesible page.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-24 21:30:39 +02:00
Andy Polyakov
86e5d1e32b
bn/bn_gf2m.c: appease STACK, unstable code detector.
...
RT#3852
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-24 21:25:59 +02:00
Matt Caswell
efee575ad4
Fix off-by-one in BN_rand
...
If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur. There are no such instances within the OpenSSL at
the moment.
Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
discovering and reporting this issue.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-22 23:40:38 +01:00
Matt Caswell
7cc18d8158
Reject negative shifts for BN_rshift and BN_lshift
...
The functions BN_rshift and BN_lshift shift their arguments to the right or
left by a specified number of bits. Unpredicatable results (including
crashes) can occur if a negative number is supplied for the shift value.
Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian
for discovering and reporting this issue.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-22 23:15:02 +01:00
Richard Levitte
0f539dc1a2
Fix the update target and remove duplicate file updates
...
We had updates of certain header files in both Makefile.org and the
Makefile in the directory the header file lived in. This is error
prone and also sometimes generates slightly different results (usually
just a comment that differs) depending on which way the update was
done.
This removes the file update targets from the top level Makefile, adds
an update: target in all Makefiles and has it depend on the depend: or
local_depend: targets, whichever is appropriate, so we don't get a
double run through the whole file tree.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-22 18:44:33 +02:00
Andy Polyakov
579734ced6
bn/asm/vis3-mont.pl: fix intermittent EC failures on SPARC T3.
...
BLKINIT optimization worked on T4, but for some reason appears "too
aggressive" for T3 triggering intermiitent EC failures. It's not clear
why only EC is affected...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-20 09:11:25 +02:00
Richard Levitte
a3aadb2d9c
make depend
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-14 17:38:31 +02:00
Richard Levitte
b39fc56061
Identify and move common internal libcrypto header files
...
There are header files in crypto/ that are used by a number of crypto/
submodules. Move those to crypto/include/internal and adapt the
affected source code and Makefiles.
The header files that got moved are:
crypto/cryptolib.h
crypto/md32_common.h
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-14 17:21:40 +02:00
Andy Polyakov
7ee7f92025
bn/Makefile: give MacOS X hand to compiler armv8-mont module.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-13 17:14:22 +02:00
Andy Polyakov
d38f1b39f1
bn/asm/armv8-mont.pl: boost performance.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-13 17:14:00 +02:00
Rich Salz
16f8d4ebf0
memset, memcpy, sizeof consistency fixes
...
Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr)
for memset and memcpy. Remove needless casts for those functions.
For memset, replace alternative forms of zero with 0.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-05 22:18:59 -04:00
Rich Salz
b4faea50c3
Use safer sizeof variant in malloc
...
For a local variable:
TYPE *p;
Allocations like this are "risky":
p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption. Instead do this:
p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-04 15:00:13 -04:00
Dr. Stephen Henson
b6eb9827a6
Add OSSL_NELEM macro.
...
Add OSSL_NELEM macro to e_os.h to determine the number of elements in an
array.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-03 12:53:08 +01:00
Rich Salz
b548a1f11c
free null cleanup finale
...
Don't check for NULL before calling OPENSSL_free
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 10:02:07 -04:00
Rich Salz
23a1d5e97c
free NULL cleanup 7
...
This gets BN_.*free:
BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free
BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free
Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd
dead code in engines/e_ubsec.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 21:37:06 -04:00
Rich Salz
4b45c6e52b
free cleanup almost the finale
...
Add OPENSSL_clear_free which merges cleanse and free.
(Names was picked to be similar to BN_clear_free, etc.)
Removed OPENSSL_freeFunc macro.
Fixed the small simple ones that are left:
CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:57:32 -04:00
Rich Salz
b196e7d936
remove malloc casts
...
Following ANSI C rules, remove the casts from calls to
OPENSSL_malloc and OPENSSL_realloc.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-28 15:28:14 -04:00
Emilia Kasper
e22d2199e2
Error checking and memory leak fixes in NISTZ256.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-27 16:21:48 +02:00
Andy Polyakov
313e6ec11f
Add assembly support for 32-bit iOS.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-20 15:06:22 +02:00
Andy Polyakov
cb2ed54582
Add ARMv8 Montgomery multiplication module.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-20 14:39:34 +02:00
Richard Levitte
a80e33b991
Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant
...
With no more symlinks, there's no need for those variables, or the links
target. This also goes for all install: and uninstall: targets that do
nothing but copy $(EXHEADER) files, since that's now taken care of by the
top Makefile.
Also, removed METHTEST from test/Makefile. It looks like an old test that's
forgotten...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Richard Levitte
dee502be89
Stop symlinking, move files to intended directory
...
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.
Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.
Originally-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Matt Caswell
266483d2f5
RAND_bytes updates
...
Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-25 12:38:07 +00:00
Matt Caswell
e4676e900f
Fix probable_prime over large shift
...
In the probable_prime() function we behave slightly different if the number
of bits we are interested in is <= BN_BITS2 (the num of bits in a BN_ULONG).
As part of the calculation we work out a size_limit as follows:
size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1;
There is a problem though if bits == BN_BITS2. Shifting by that much causes
undefined behaviour. I did some tests. On my system BN_BITS2 == 64. So I
set bits to 64 and calculated the result of:
(((BN_ULONG)1) << bits)
I was expecting to get the result 0. I actually got 1! Strangely this...
(((BN_ULONG)0) << BN_BITS2)
...does equal 0! This means that, on my system at least, size_limit will be
off by 1 when bits == BN_BITS2.
This commit fixes the behaviour so that we always get consistent results.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-17 13:41:49 +00:00
Matt Caswell
8c5a7b33c6
Fix error handling in bn_exp
...
In the event of an error |rr| could be NULL. Therefore don't assume you can
use |rr| in the error handling code.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-12 09:18:22 +00:00
Matt Caswell
efb4597345
Remove some functions that are no longer used and break the build with:
...
./config --strict-warnings enable-deprecated
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-10 14:33:03 +00:00
Andy Polyakov
c2cfc956e5
bn/bn_add.c: fix dead code elimination that went bad.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-09 15:54:58 +01:00
Rich Salz
06cf881a3a
Final (for me, for now) dead code cleanup
...
This is a final pass looking for '#if 0'/'#if 1' controls and
removing the appropriate pieces.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-08 18:48:09 -05:00
Rich Salz
fe6d2a339b
Use memset in bn_mont
...
Use memset() not inline code. Compilers are smarter now.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-05 15:07:40 -05:00
Rich Salz
9ccc00ef6e
Dead code cleanup: #if 0 dropped from tests
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-02 11:11:34 -05:00
Richard Levitte
c6ef15c494
clang on Linux x86_64 complains about unreachable code.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-01-29 01:54:09 +01:00
Rich Salz
1a5adcfb5e
"#if 0" removal: header files
...
Remove all "#if 0" blocks from header files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-27 17:44:12 -05:00
Rich Salz
474e469bbd
OPENSSL_NO_xxx cleanup: SHA
...
Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
GENUINE_DSA OPENSSL_NO_SHA0
OPENSSL_NO_SHA OPENSSL_NO_SHA1
OPENSSL_NO_SHA224 OPENSSL_NO_SHA256
OPENSSL_NO_SHA384 OPENSSL_NO_SHA512
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 12:34:45 -05:00
Rich Salz
a00ae6c46e
OPENSSL_NO_xxx cleanup: many removals
...
The following compile options (#ifdef's) are removed:
OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY
This diff is big because of updating the indents on preprocessor lines.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 10:06:22 -05:00
Rich Salz
c436e05bdc
Remove unused eng_rsax and related asm file
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-24 16:27:03 -05:00
Rich Salz
a2b18e657e
ifdef cleanup, part 4a: '#ifdef undef'
...
This removes all code surrounded by '#ifdef undef'
One case is left: memmove() replaced by open-coded for loop,
in crypto/stack/stack.c That needs further review.
Also removed a couple of instances of /* dead code */ if I saw them
while doing the main removal.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-24 10:58:38 -05:00
Matt Caswell
35a1cc90bc
More comment realignment
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:10 +00:00
Matt Caswell
50e735f9e5
Re-align some comments after running the reformat script.
...
This should be a one off operation (subsequent invokation of the
script should not move them)
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:10 +00:00
Matt Caswell
0f113f3ee4
Run util/openssl-format-source -v -c .
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
68d39f3ce6
Move more comments that confuse indent
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
7a2cb6f034
Fix indent comment corruption issue
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Andy Polyakov
f4c46d0aab
bn/bn_const.c: make it indent-friendly.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Andy Polyakov
c27310f938
bn/asm/x86_64-gcc.cL make it indent-friendly.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Andy Polyakov
7cc63545a3
bn/bn_asm.c: make it indent-friendly.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Andy Polyakov
0546db3ef7
bn/bn_exp.c: make it indent-friendly.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
dbd87ffc21
indent has problems with comments that are on the right hand side of a line.
...
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Andy Polyakov
985a9af813
bn/bntest.c: make it indent-friendly.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Andy Polyakov
e95bbc3ca6
bn/bn_recp.c: make it indent-friendly.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Andy Polyakov
5f0b444899
bn/rsaz_exp.c: make it indent-friendly.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:07 +00:00
Matt Caswell
e636e2acd7
Fix source where indent will not be able to cope
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:06 +00:00
Matt Caswell
c80fd6b215
Further comment changes for reformat (master)
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:19:59 +00:00
Rich Salz
4b618848f9
Cleanup OPENSSL_NO_xxx, part 1
...
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
Two typo's on #endif comments fixed:
OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB
OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-14 15:57:28 -05:00
Andy Polyakov
b3d7294976
Add Broadwell performance results.
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-01-13 21:40:14 +01:00
Dr. Stephen Henson
a5a412350d
Remove use of BN_init, BN_RECP_CTX_init from bntest
...
BN_init and BN_RECP_CTX_init are deprecated and are not exported
from shared libraries on some platforms (e.g. Windows) convert
bntest to use BN_new and BN_RECP_CTX_new instead.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-13 15:39:37 +00:00
Rich Salz
6d23cf9744
RT3548: Remove unsupported platforms
...
This last one for this ticket. Removes WIN16.
So long, MS_CALLBACK and MS_FAR. We won't miss you.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-12 17:30:54 -05:00
Rich Salz
fcf64ba0ac
RT3548: Remove some unsupported platforms.
...
This commit removes NCR, Tandem, Cray.
Regenerates TABLE.
Removes another missing BEOS fluff.
The last platform remaining on this ticket is WIN16.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-12 10:40:00 -05:00
Andy Polyakov
a7a44ba55c
Fix for CVE-2014-3570 (with minor bn_asm.c revamp).
...
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2015-01-08 15:49:45 +00:00
Matt Caswell
3a83462dfe
Further comment amendments to preserve formatting prior to source reformat
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-06 15:45:25 +00:00
Andy Polyakov
219338115b
Revert "CHANGES: mention "universal" ARM support."
...
This reverts commit 4fec915069
.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-06 12:11:01 +01:00
Andy Polyakov
4fec915069
CHANGES: mention "universal" ARM support.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-06 11:10:01 +01:00
Andy Polyakov
c1669e1c20
Remove inconsistency in ARM support.
...
This facilitates "universal" builds, ones that target multiple
architectures, e.g. ARMv5 through ARMv7. See commentary in
Configure for details.
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-04 23:45:08 +01:00
Tim Hudson
1d97c84351
mark all block comments that need format preserving so that
...
indent will not alter them when reformatting comments
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-30 22:10:26 +00:00
Matt Caswell
53e95716f5
Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATED
...
Introduce use of DECLARE_DEPRECATED
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:57:14 +00:00
Matt Caswell
5bafb04d2e
Remove redundant OPENSSL_NO_DEPRECATED suppression
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:57:05 +00:00
Richard Levitte
a93891632d
Clear warnings/errors within BN_CTX_DEBUG code sections
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-17 10:15:09 +01:00
Emilia Kasper
a015758d11
Check for invalid divisors in BN_div.
...
Invalid zero-padding in the divisor could cause a division by 0.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit a43bcd9e96
)
2014-12-17 10:01:04 +01:00
Emilia Kasper
9669d2e1ad
Fix unused variable warning
...
The temporary variable causes unused variable warnings in opt mode with clang,
because the subsequent assert is compiled out.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-15 13:12:44 +01:00
Matt Caswell
fd0ba77717
make update
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-11 23:52:47 +00:00
Matt Caswell
02a62d1a4a
Move bn internal functions into bn_int.h and bn_lcl.h
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:42 +00:00
Matt Caswell
1939187922
Make bn opaque
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:27 +00:00
Matt Caswell
aeb556f831
Implement internally opaque bn access from srp
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:02 +00:00
Matt Caswell
829ccf6ab6
Implement internally opaque bn access from dh
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:32 +00:00
Matt Caswell
7a5233118c
Prepare exptest for bn opaquify
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:19 +00:00
Matt Caswell
85bcf27ccc
Prepare for bn opaquify. Implement internal helper functions.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:12 +00:00
Geoff Thorpe
e52a3c3d14
Include <openssl/foo.h> instead of "foo.h"
...
Exported headers shouldn't be included as "foo.h" by code from the same
module, it should only do so for module-internal headers. This is
because the symlinking of exported headers (from include/openssl/foo.h
to crypto/foo/foo.h) is being removed, and the exported headers are
being moved to the include/openssl/ directory instead.
Change-Id: I4c1d80849544713308ddc6999a549848afc25f94
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-08 14:21:35 -05:00
Dr. Stephen Henson
73e45b2dd1
remove OPENSSL_FIPSAPI
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
ebdf37e4b1
remove FIPS module code from crypto/bn
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
e4e5bc39f9
Remove fips_constseg references.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
c603c723ce
Remove OPENSSL_FIPSCANISTER code.
...
OPENSSL_FIPSCANISTER is only set if the fips module is being built
(as opposed to being used). Since the fips module wont be built in
master this is redundant.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:16 +00:00
Dr. Stephen Henson
f072785eb4
Remove fipscanister build functionality from makefiles.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:45 +00:00
Rich Salz
8cfe08b4ec
Remove all .cvsignore files
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28 18:32:43 -05:00
Mike Bland
dbaf608320
Remove redundant test targets outside of test/
...
These correspond to targets of the same name in test/Makefile that clash when
using the single-makefile build method using GitConfigure and GitMake.
Change-Id: If7e900c75f4341b446608b6916a3d76f202026ea
Signed-off-by: Mike Bland <mbland@acm.org>
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-16 16:44:51 -05:00
Dr. Stephen Henson
ecb9966e7c
Fix WIN32 build by disabling bn* calls.
...
The trial division and probable prime with coprime tests are disabled
on WIN32 builds because they use internal functions not exported from
the WIN32 DLLs.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-10-29 22:23:31 +00:00
Rich Salz
df8c39d522
RT3549: Remove obsolete files in crypto
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-10-01 16:05:47 -04:00
Andy Polyakov
323154be33
crypto/bn/bn_nist.c: bring original failing code back for reference.
...
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-09-30 21:00:44 +02:00
Rich Salz
3d81ec5b92
Remove #ifdef's for IRIX_CC_BUG
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-09-25 14:43:24 -04:00
Andy Polyakov
8b07c005fe
crypto/bn/bn_nist.c: work around MSC ARM compiler bug.
...
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-09-25 00:42:26 +02:00
Andy Polyakov
d475b2a3bf
Harmonize Tru64 and Linux make rules.
...
RT: 3333,3165
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-20 10:20:38 +02:00
Andy Polyakov
569e2d1257
crypto/bn/asm/x86_64-mont*.pl: add missing clang detection.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-12 00:44:51 +02:00
Andy Polyakov
15735e4f0e
bn/asm/rsaz-*.pl: allow spaces in Perl path name.
...
RT: 2835
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-08-21 00:17:45 +02:00
Martin Olsson
1afd7fa97c
RT2513: Fix typo's paramter-->parameter
...
I also found a couple of others (padlock and signinit)
and fixed them.
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-08-19 11:09:33 -04:00
Doug Goldstein
448155e9bb
RT2163: Remove some unneeded #include's
...
Several files #include stdio.h and don't need it.
Also, per tjh, remove BN_COUNT
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-08-18 12:50:00 -04:00
Matt Caswell
f8571ce822
Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data.
...
This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.
This does have the impact of masking any *real* unitialised data reads in bn though.
Patch based on approach suggested by Rich Salz.
PR#3415
2014-07-13 22:17:39 +01:00
Andy Polyakov
1b0fe79f3e
x86_64 assembly pack: improve masm support.
2014-07-09 20:08:01 +02:00
Andy Polyakov
eca441b2b4
bn_exp.c: fix x86_64-specific crash with one-word modulus.
...
PR: #3397
2014-07-02 19:35:50 +02:00
Ben Laurie
8892ce7714
Constification - mostly originally from Chromium.
2014-06-29 21:05:23 +01:00
Andy Polyakov
a356e488ad
x86_64 assembly pack: refine clang detection.
2014-06-28 17:23:21 +02:00
Andy Polyakov
406d4af050
bn/asm/rsaz-avx2.pl: fix occasional failures.
2014-06-27 22:41:58 +02:00
Huzaifa Sidhpurwala
3b3b69ab25
Make sure BN_sqr can never return a negative value.
...
PR#3410
2014-06-26 23:56:34 +01:00
Andy Polyakov
f3f620e1e0
bn_exp.c: move check for AD*X to rsaz-avx2.pl.
...
This ensures high performance is situations when assembler supports
AVX2, but not AD*X.
2014-06-27 00:07:15 +02:00
Andy Polyakov
7eb0488280
x86_64 assembly pack: addendum to last clang commit.
2014-06-24 08:37:05 +02:00
Andy Polyakov
ac171925ab
x86_64 assembly pack: allow clang to compile AVX code.
2014-06-24 08:24:25 +02:00
Andy Polyakov
5dcf70a1c5
ARM assembly pack: get ARMv7 instruction endianness right.
...
Pointer out and suggested by: Ard Biesheuvel.
2014-06-06 21:27:18 +02:00
Ben Laurie
c93233dbfd
Tidy up, don't exceed the number of requested bits.
2014-06-01 15:31:27 +01:00
Ben Laurie
46838817c7
Constify and reduce coprime random bits to allow for multiplier.
2014-06-01 15:31:27 +01:00
Felix Laurie von Massenbach
8927c2786d
Add a test to check we're really generating probable primes.
2014-06-01 15:31:27 +01:00
Felix Laurie von Massenbach
9a3a99748b
Remove unused BIGNUMs.
2014-06-01 15:31:27 +01:00
Felix Laurie von Massenbach
c74e148776
Refactor the first prime index.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
982c42cb20
Try skipping over the adding and just picking a new random number.
...
Generates a number coprime to 2, 3, 5, 7, 11.
Speed:
Trial div (add) : trial div (retry) : coprime
1 : 0.42 : 0.84
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
c09ec5d2a0
Generate safe primes not divisible by 3, 5 or 7.
...
~2% speed improvement on trial division.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
b0513819e0
Add a method to generate a prime that is guaranteed not to be divisible by 3 or 5.
...
Possibly some reduction in bias, but no speed gains.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
e46a059ebf
Remove static from probable_prime_dh.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
e55fca760b
Remove indentation from the goto targets.
2014-06-01 15:31:26 +01:00
Geoff Thorpe
12e9f627f9
bignum: allow concurrent BN_MONT_CTX_set_locked()
...
The lazy-initialisation of BN_MONT_CTX was serialising all threads, as
noted by Daniel Sands and co at Sandia. This was to handle the case that
2 or more threads race to lazy-init the same context, but stunted all
scalability in the case where 2 or more threads are doing unrelated
things! We favour the latter case by punishing the former. The init work
gets done by each thread that finds the context to be uninitialised, and
we then lock the "set" logic after that work is done - the winning
thread's work gets used, the losing threads throw away what they've done.
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-05-06 17:43:35 -04:00
Andy Polyakov
bd227733b9
C64x+ assembly pack: make it work with older toolchain.
2014-05-04 16:38:32 +02:00
Geoff Thorpe
a529261891
bignum: fix boundary condition in montgomery logic
...
It's not clear whether this inconsistency could lead to an actual
computation error, but it involved a BIGNUM being passed around the
montgomery logic in an inconsistent state. This was found using flags
-DBN_DEBUG -DBN_DEBUG_RAND, and working backwards from this assertion
in 'ectest';
ectest: bn_mul.c:960: BN_mul: Assertion `(_bnum2->top == 0) ||
(_bnum2->d[_bnum2->top - 1] != 0)' failed
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-04-30 11:49:31 -04:00
Andy Polyakov
f8cee9d081
bn/asm/armv4-gf2m.pl, modes/asm/ghash-armv4.pl: faster multiplication
...
algorithm suggested in following paper:
Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
Polynomial Multiplication on ARM Processors using the NEON Engine.
http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
2014-04-24 10:24:53 +02:00
Dr. Stephen Henson
2514fa79ac
Add functions returning security bits.
...
Add functions to return the "bits of security" for various public key
algorithms. Based on SP800-57.
2014-03-28 14:49:04 +00:00
Dr. Stephen Henson
f9b6c0ba4c
Fix for CVE-2014-0076
...
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483
)
Conflicts:
CHANGES
2014-03-12 14:29:43 +00:00
Dr. Stephen Henson
4cfeb00be9
make depend
2014-02-19 20:09:08 +00:00
Andy Polyakov
eedab5241e
bn/asm/x86_64-mont5.pl: fix compilation error on Solaris.
2014-01-09 13:44:59 +01:00
Andy Polyakov
2218c296b4
ARM assembly pack: make it work with older toolchain.
2013-12-28 12:17:08 +01:00
Andy Polyakov
ec9cc70f72
bn/asm/x86_64-mont5.pl: add MULX/AD*X code path.
...
This also eliminates code duplication between x86_64-mont and x86_64-mont
and optimizes even original non-MULX code.
2013-12-09 21:02:24 +01:00
Andy Polyakov
d1671f4f1a
bn/asm/armv4-mont.pl: add NEON code path.
2013-12-04 22:37:49 +01:00
Andy Polyakov
c5d5f5bd0f
bn/asm/x86_64-mont5.pl: comply with Win64 ABI.
...
PR: 3189
Submitted by: Oscar Ciurana
2013-12-03 23:59:55 +01:00
Andy Polyakov
8bd7ca9996
crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64.
2013-12-03 22:28:48 +01:00
Andy Polyakov
31ed9a2131
crypto/bn/rsaz*: fix licensing note.
...
rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.
2013-12-03 22:08:29 +01:00
Andy Polyakov
6efef384c6
bn/asm/rsaz-x86_64.pl: fix prototype.
2013-12-03 09:43:06 +01:00
Andy Polyakov
b9e87d07cb
ppc64-mont.pl: eliminate dependency on GPRs' upper halves.
2013-11-27 22:50:00 +01:00
Andy Polyakov
d1cf23ac86
Make Makefiles OSF-make-friendly.
...
PR: 3165
2013-11-12 21:51:37 +01:00
Andy Polyakov
4eeb750d20
bn/asm/x86_64-mont.pl: minor optimization [for Decoded ICache].
2013-10-25 10:14:20 +02:00
Andy Polyakov
d6019e1654
PPC assembly pack: add .size directives.
2013-10-15 00:14:39 +02:00
Andy Polyakov
30b9c2348d
bn/asm/*x86_64*.pl: correct assembler requirement for ad*x.
2013-10-14 22:41:00 +02:00
Andy Polyakov
039081b809
Initial aarch64 bits.
2013-10-13 19:15:15 +02:00
Andy Polyakov
0c2adb0a9b
MIPS assembly pack: get rid of deprecated instructions.
...
Latest MIPS ISA specification declared 'branch likely' instructions
obsolete. To makes code future-proof replace them with equivalent.
2013-10-13 13:14:52 +02:00
Andy Polyakov
fa104be35e
bn/asm/rsax-avx2.pl: minor optimization [for Decoded ICache].
2013-10-10 23:06:43 +02:00
Andy Polyakov
37de2b5c1e
bn/bn_exp.c: prefer MULX/AD*X over AVX2.
2013-10-09 11:08:52 +02:00
Andy Polyakov
a5bb5bca52
bn/asm/x86_64-mont*.pl: add MULX/ADCX/ADOX code path.
2013-10-03 00:45:04 +02:00
Andy Polyakov
87954638a6
rsaz-x86_64.pl: add MULX/ADCX/ADOX code path.
2013-10-03 00:30:12 +02:00
Andy Polyakov
72a158703b
crypto/bn/asm/x86_64-mont.pl: minor optimization.
2013-09-09 21:40:33 +02:00
Veres Lajos
478b50cf67
misspellings fixes by https://github.com/vlajos/misspell_fixer
2013-09-05 21:39:42 +01:00
Andy Polyakov
fd8ad019e1
crypto/bn/asm/rsax-x86_64.pl: make it work on Darwin.
2013-08-03 16:28:50 +02:00
Andy Polyakov
5c57c69f9e
bn/asm/rsaz-avx2.pl: Windows-specific fix.
2013-07-12 18:59:17 +02:00
Ben Laurie
852f837f5e
s/rsaz_eligible/rsaz_avx2_eligible/.
2013-07-12 12:47:39 +01:00
Andy Polyakov
ca48ace5c5
Take RSAZ modules into build loop, add glue and engage.
...
RT: 2582, 2850
2013-07-05 21:39:47 +02:00
Andy Polyakov
0b4bb91db6
Add RSAZ assembly modules.
...
RT: 2582, 2850
2013-07-05 21:30:18 +02:00
Andy Polyakov
26e43b48a3
bn/asm/x86_86-mont.pl: optimize reduction for Intel Core family.
2013-07-05 21:10:56 +02:00
Andy Polyakov
cbce8c4644
bn/bn_exp.c: harmonize.
2013-07-05 20:52:58 +02:00
Andy Polyakov
b74ce8d948
bn/bn_exp.c: Solaris-specific fix, T4 MONTMUL relies on alloca.
2013-06-30 23:09:09 +02:00
Andy Polyakov
4ddacd9921
Optimize SPARC T4 MONTMUL support.
...
Improve RSA sing performance by 20-30% by:
- switching from floating-point to integer conditional moves;
- daisy-chaining sqr-sqr-sqr-sqr-sqr-mul sequences;
- using MONTMUL even during powers table setup;
2013-06-18 10:39:38 +02:00
Andy Polyakov
02450ec69d
PA-RISC assembler pack: switch to bve in 64-bit builds.
...
PR: 3074
2013-06-18 10:37:00 +02:00
Adam Langley
8a99cb29d1
Add secure DSA nonce flag.
...
This change adds the option to calculate (EC)DSA nonces by hashing the
message and private key along with entropy to avoid leaking the private
key if the PRNG fails.
2013-06-13 17:26:07 +01:00
Adam Langley
96a4c31be3
Ensure that, when generating small primes, the result is actually of the
...
requested size. Fixes OpenSSL #2701 .
This change does not address the cases of generating safe primes, or
where the |add| parameter is non-NULL.
Conflicts:
crypto/bn/bn.h
crypto/bn/bn_err.c
2013-06-04 18:52:30 +01:00
Adam Langley
2b0180c37f
Ensure that x**0 mod 1 = 0.
2013-06-04 18:47:11 +01:00
Adam Langley
7753a3a684
Add volatile qualifications to two blocks of inline asm to stop GCC from
...
eliminating them as dead code.
Both volatile and "memory" are used because of some concern that the compiler
may still cache values across the asm block without it, and because this was
such a painful debugging session that I wanted to ensure that it's never
repeated.
2013-06-04 18:46:25 +01:00
Andy Polyakov
b69437e1e5
crypto/bn/bn_exp.c: SPARC portability fix.
2013-06-01 09:58:07 +02:00
Andy Polyakov
342dbbbe4e
x86_64-gf2m.pl: fix typo.
2013-03-01 22:36:36 +01:00
Andy Polyakov
7c43601d44
x86_64-gf2m.pl: add missing Windows build fix for #2963 .
...
PR: 3004
2013-03-01 21:43:10 +01:00
Andy Polyakov
750398acd8
bn_nist.c: work around clang 3.0 bug.
2013-02-14 09:51:41 +01:00
Andy Polyakov
4568182a8b
x86_64 assembly pack: keep making Windows build more robust.
...
PR: 2963 and a number of others
2013-02-02 19:54:59 +01:00
Andy Polyakov
46bf83f07a
x86_64 assembly pack: make Windows build more robust.
...
PR: 2963 and a number of others
2013-01-22 22:27:28 +01:00
Andy Polyakov
543fd85460
bn/asm/mips.pl: hardwire local call to bn_div_words.
2013-01-22 21:13:37 +01:00
Ben Laurie
b204ab6506
Update ignores.
2012-12-11 15:52:10 +00:00
Andy Polyakov
904732f68b
C64x+ assembly pack: improve EABI support.
2012-11-28 13:19:10 +00:00
Andy Polyakov
9f6b0635ad
x86_64-gcc.c: resore early clobber constraint.
...
Submitted by: Florian Weimer
2012-11-19 15:02:00 +00:00
Andy Polyakov
68c06bf6b2
Support for SPARC T4 MONT[MUL|SQR] instructions.
...
Submitted by: David Miller, Andy Polyakov
2012-11-17 10:34:11 +00:00
Andy Polyakov
134c00659a
bn_word.c: fix overflow bug in BN_add_word.
2012-11-09 13:58:40 +00:00
Andy Polyakov
1efd583085
SPARCv9 assembly pack: harmonize ABI handling (so that it's handled in one
...
place at a time, by pre-processor in .S case and perl - in .s).
2012-10-25 12:07:32 +00:00
Andy Polyakov
0c832ec5c6
Add VIS3-capable sparcv9-gf2m module.
2012-10-20 15:59:14 +00:00
Andy Polyakov
947d78275b
Add VIS3 Montgomery multiplication.
2012-10-20 09:13:21 +00:00
Andy Polyakov
a58fdc7a34
bn_lcl.h: gcc removed support for "h" constraint, which broke inline
...
assembler.
2012-09-01 13:17:32 +00:00
Andy Polyakov
be0d31b166
Add linux-x32 target.
2012-08-29 14:08:46 +00:00
Andy Polyakov
1a002d88ad
MIPS assembly pack: assign default value to $flavour.
2012-08-17 09:10:31 +00:00
Andy Polyakov
32e03a3016
bn_nist.c: compensate for VC bug [with optimization off!].
...
PR: 2837
2012-07-02 13:30:32 +00:00
Andy Polyakov
8d00f34239
crypto/bn/*.h: move PTR_SIZE_INT to private header.
2012-07-02 13:27:30 +00:00
Andy Polyakov
6251989eb6
x86_64 assembly pack: make it possible to compile with Perl located on
...
path with spaces.
PR: 2835
2012-06-27 10:08:23 +00:00
Ben Laurie
71fa451343
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
Andy Polyakov
3e181369dd
C64x+ assembler pack. linux-c64xplus build is *not* tested nor can it be
...
tested, because kernel is not in shape to handle it *yet*. The code is
committed mostly to stimulate the kernel development.
2012-04-18 13:01:36 +00:00
Dr. Stephen Henson
d3379de5a9
don't shadow
2012-03-30 15:43:32 +00:00
Andy Polyakov
4736eab947
bn/bn_gf2m.c: make new BN_GF2m_mod_inv work with BN_DEBUG_RAND.
2012-03-29 21:35:28 +00:00
Andy Polyakov
0208ab2e3f
bn_nist.c: make new optimized code dependent on BN_LLONG.
2012-02-02 07:46:05 +00:00
Andy Polyakov
ce0727f9bd
bn_nist.c: harmonize buf in BN_nist_mod_256 with other mod functions.
2012-01-06 13:17:47 +00:00
Ben Laurie
e166891e0d
Fix warning.
2011-12-13 15:55:35 +00:00
Andy Polyakov
8c98b2591f
modexp512-x86_64.pl: Solaris protability fix.
...
PR: 2656
2011-12-12 15:10:14 +00:00
Andy Polyakov
5711dd8eac
x86-mont.pl: fix bug in integer-only squaring path.
...
PR: 2648
2011-12-09 14:21:25 +00:00
Andy Polyakov
6600126825
bn/asm/mips.pl: fix typos.
2011-12-01 12:16:09 +00:00
Andy Polyakov
0985bd4f80
bn_nist.c: fix strict-aliasing compiler warning.
2011-11-13 17:31:03 +00:00
Dr. Stephen Henson
20bee9684d
Add RFC5114 DH parameters to OpenSSL. Add test data to dhtest.
2011-11-13 14:07:36 +00:00
Andy Polyakov
29fd6746f5
armv4cpuid.S, armv4-gf2m.pl: make newest code compilable by older assembler.
2011-11-05 13:07:18 +00:00
Andy Polyakov
09f40a3cb9
ppc.pl: fix bug in bn_mul_comba4.
...
PR: 2636
Submitted by: Charles Bryant
2011-11-05 10:16:04 +00:00
Andy Polyakov
0933887112
bn_exp.c: fix corner case in new constant-time code.
...
Submitted by: Emilia Kasper
2011-10-29 19:25:13 +00:00
Andy Polyakov
a9cf0b81fa
Remove superseded MIPS assembler modules.
2011-10-19 21:42:21 +00:00
Bodo Möller
e5641d7f05
BN_BLINDING multi-threading fix.
...
Submitted by: Emilia Kasper (Google)
2011-10-19 14:59:27 +00:00
Andy Polyakov
78f288d5c9
bn_mont.c: get corner cases right in updated BN_from_montgomery_word.
2011-10-17 23:35:00 +00:00
Andy Polyakov
8329e2e776
bn_exp.c: further optimizations using more ideas from
...
http://eprint.iacr.org/2011/239 .
2011-10-17 17:41:49 +00:00
Andy Polyakov
3f66f2040a
x86_64-mont.pl: minor optimization.
2011-10-17 17:39:59 +00:00
Andy Polyakov
2534891874
bn_mont.c: simplify BN_from_montgomery_word.
2011-10-17 17:24:28 +00:00
Andy Polyakov
79ba545c09
bn_shift.c: minimize reallocations, which allows BN_FLG_STATIC_DATA to
...
be shifted in specific cases.
2011-10-17 17:20:48 +00:00
Bodo Möller
4f2015742d
Oops - ectest.c finds further problems beyond those exposed by bntext.c
2011-10-13 14:29:59 +00:00
Bodo Möller
0a06ad76a1
Avoid failed assertion in BN_DEBUG builds
2011-10-13 14:21:39 +00:00
Bodo Möller
cdfe0fdde6
Fix OPENSSL_BN_ASM_MONT5 for corner cases; add a test.
...
Submitted by: Emilia Kasper
2011-10-13 12:35:10 +00:00
Andy Polyakov
03e389cf04
Allow for dynamic base in Win64 FIPS module.
2011-09-14 20:48:49 +00:00
Andy Polyakov
dd83d0f4a7
crypto/bn/bn_gf2m.c: make it work with BN_DEBUG.
2011-09-05 16:14:43 +00:00
Bodo Möller
612fcfbd29
Fix d2i_SSL_SESSION.
2011-09-05 13:31:17 +00:00
Bodo Möller
ae53b299fa
make update
2011-09-05 09:46:15 +00:00
Andy Polyakov
cfdbff23ab
bn_exp.c: improve portability.
2011-08-27 19:38:55 +00:00
Andy Polyakov
6c01cbb6a0
modexp512-x86_64.pl: make it work with ml64.
2011-08-19 06:30:32 +00:00
Andy Polyakov
bf3dfe7fee
bn_div.c: remove duplicate code by merging BN_div and BN_div_no_branch.
2011-08-14 11:31:35 +00:00
Andy Polyakov
e7d1363d12
x86_64-mont5.pl: add missing Win64 support.
2011-08-14 09:06:06 +00:00
Andy Polyakov
10bd69bf4f
armv4-mont.pl: profiler-assisted optimization gives 8%-14% improvement
...
(more for longer keys) on RSA/DSA.
2011-08-13 12:38:41 +00:00
Andy Polyakov
ae8b47f07f
SPARC assembler pack: fix FIPS linking errors.
2011-08-12 21:38:19 +00:00
Andy Polyakov
361512da0d
This commit completes recent modular exponentiation optimizations on
...
x86_64 platform. It targets specifically RSA1024 sign (using ideas
from http://eprint.iacr.org/2011/239 ) and adds more than 10% on most
platforms. Overall performance improvement relative to 1.0.0 is ~40%
in average, with best result of 54% on Westmere. Incidentally ~40%
is average improvement even for longer key lengths.
2011-08-12 16:44:32 +00:00
Andy Polyakov
20735f4c81
alphacpuid.pl: fix alignment bug.
...
alpha-mont.pl: fix typo.
PR: 2577
2011-08-12 12:28:52 +00:00
Andy Polyakov
85ec54a417
x86_64-mont.pl: futher optimization resulting in up to 48% improvement
...
(4096-bit RSA sign benchmark on Core2) in comparison to initial version
from 2005.
2011-08-09 13:05:05 +00:00
Andy Polyakov
be9a8cc2af
Add RSAX builtin engine. It optimizes RSA1024 sign benchmark.
2011-07-20 21:49:46 +00:00
Andy Polyakov
87873f4328
ARM assembler pack: add platform run-time detection.
2011-07-17 17:40:29 +00:00
Andy Polyakov
6179f06077
x86_64-mont.pl: add squaring procedure and improve RSA sign performance
...
by up to 38% (4096-bit benchmark on Core2).
2011-07-05 09:21:03 +00:00
Andy Polyakov
02a73e2bed
s390x-gf2m.pl: commentary update (final performance numbers turned to be
...
higher).
2011-07-04 11:20:33 +00:00
Andy Polyakov
b247f7387f
crypto/bn/Makefile: fix typo.
2011-06-28 08:52:36 +00:00
Andy Polyakov
0c237e42a4
s390x assembler pack: add s390x-gf2m.pl and harmonize AES_xts_[en|de]crypt.
2011-06-27 10:00:31 +00:00
Dr. Stephen Henson
8038e7e44c
PR: 2540
...
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve
Prevent infinite loop in BN_GF2m_mod_inv().
2011-06-22 15:24:05 +00:00
Dr. Stephen Henson
9945b460e2
Give parameters names in prototypes.
2011-06-17 16:47:41 +00:00
Dr. Stephen Henson
f41154b206
#undef bn_div_words as it is defined for FIPS builds.
2011-06-10 14:03:27 +00:00
Andy Polyakov
6715034002
PPC assembler pack: adhere closer to ABI specs, add PowerOpen traceback data.
2011-05-27 13:32:34 +00:00
Andy Polyakov
96abea332c
x86_64-gf2m.pl: add Win64 SEH.
2011-05-22 18:29:11 +00:00
Andy Polyakov
2b9a8ca15b
x86gas.pl: add palignr and move pclmulqdq.
2011-05-16 18:07:00 +00:00
Andy Polyakov
afebe623c5
x86_64 assembler pack: add x86_64-gf2m module.
2011-05-16 17:46:45 +00:00
Andy Polyakov
b0188c4f07
bn_nist.c: fix shadowing warnings.
2011-05-11 20:19:00 +00:00
Dr. Stephen Henson
c2fd598994
Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
...
the FIPS capable OpenSSL.
2011-05-11 14:43:38 +00:00
Dr. Stephen Henson
0b59755f43
Call fipsas.pl directly for pa-risc targets.
2011-05-09 15:23:00 +00:00
Andy Polyakov
1fb97e1313
Optimized bn_nist.c. Performance improvement varies from one benchmark
...
and platform to another. It was measured to deliver 20-30% better
performance on x86 platforms and 30-40% on x86_64, on nistp384 benchmark.
2011-05-09 10:16:32 +00:00
Andy Polyakov
56c5f703c1
IA-64 assembler pack: fix typos and make it work on HP-UX.
2011-05-07 20:36:05 +00:00
Andy Polyakov
58cc21fdea
x86 assembler pack: add bn_GF2m_mul_2x2 implementations (see x86-gf2m.pl for
...
details and performance data).
2011-05-07 10:31:06 +00:00
Andy Polyakov
925596f85b
ARM assembler pack: engage newly introduced armv4-gf2m module.
2011-05-05 21:57:11 +00:00
Dr. Stephen Henson
8d3cdd5b58
Fix warning of signed/unsigned comparison.
2011-05-05 14:47:38 +00:00
Andy Polyakov
75359644d0
ARM assembler pack. Add bn_GF2m_mul_2x2 implementation (see source code
...
for details and performance data).
2011-05-05 07:21:17 +00:00
Andy Polyakov
034688ec4d
bn_gf2m.c: optimized BN_GF2m_mod_inv delivers sometimes 2x of ECDSA sign.
...
Exact improvement coefficients vary from one benchmark and platform to
another, e.g. it performs 70%-33% better on ARM, hereafter less for
longer keys, and 100%-90% better on x86_64.
2011-05-04 15:22:53 +00:00
Dr. Stephen Henson
48da9b8f2a
Fix warning.
2011-04-11 14:52:59 +00:00
Richard Levitte
c6dbe90895
make update
2011-03-24 22:59:02 +00:00
Richard Levitte
537c982306
After some adjustments, apply the changes OpenSSL 1.0.0d on OpenVMS
...
submitted by Steven M. Schweda <sms@antinode.info>
2011-03-19 10:58:14 +00:00
Ben Laurie
edc032b5e3
Add SRP support.
2011-03-12 17:01:19 +00:00
Andy Polyakov
a000759a5c
ia64-mont.pl: optimize short-key performance.
2011-03-04 13:27:29 +00:00
Andy Polyakov
0ab8fd58e1
s390x assembler pack: tune-up and support for new z196 hardware.
2011-03-04 13:09:16 +00:00
Dr. Stephen Henson
949c6f8ccf
Stop warnings.
2011-02-23 16:06:33 +00:00
Dr. Stephen Henson
b7056b6414
Update dependencies.
2011-02-21 17:51:59 +00:00
Dr. Stephen Henson
d749e1080a
Experimental symbol renaming to avoid clashes with regular OpenSSL.
...
Make sure crypto.h is included first in any affected files.
2011-02-16 14:40:06 +00:00
Dr. Stephen Henson
fe26d066ff
Add ECDSA functionality to fips module. Initial very incomplete version
...
of algorithm test program.
2011-02-14 17:14:55 +00:00
Dr. Stephen Henson
133291f8e7
New function BN_nist_mod_func which returns an appropriate function
...
if the passed prime is a NIST prime.
2011-02-14 16:44:29 +00:00
Dr. Stephen Henson
c9a90645a5
Disable some functions in headers with no-ec2m
2011-02-12 17:38:06 +00:00
Dr. Stephen Henson
b331016124
New option to disable characteristic two fields in EC code.
2011-02-12 17:23:32 +00:00
Dr. Stephen Henson
ed12c2f7ca
In FIPS mode only use "Generation by Testing Candidates" equivalent.
2011-02-11 15:19:54 +00:00
Dr. Stephen Henson
14ae26f2e4
Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files
...
that use it.
2011-02-03 17:00:24 +00:00
Bodo Möller
9d0397e977
make update
2011-02-03 10:17:53 +00:00
Dr. Stephen Henson
7edfe67456
Move all FIPSAPI renames into fips.h header file, include early in
...
crypto.h if needed.
Modify source tree to handle change.
2011-01-27 19:10:56 +00:00
Dr. Stephen Henson
7cc684f4f7
Redirect FIPS memory allocation to FIPS_malloc() routine, remove
...
OpenSSL malloc dependencies.
2011-01-27 17:23:43 +00:00
Dr. Stephen Henson
aa87945f47
Update source files to handle new FIPS_lock() location. Add FIPS_lock()
...
definition. Remove stale function references from fips.h
2011-01-27 15:57:31 +00:00
Dr. Stephen Henson
7c8ced94c3
Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer
...
to EVP any more.
Move locking #define into fips.h.
Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
a27de7b7fd
use FIPSEVP in some bn and rsa files
2011-01-27 14:24:42 +00:00
Dr. Stephen Henson
879bd6e38c
Internal version of BN_mod_inverse allowing checking of no-inverse without
...
need to inspect error queue.
2011-01-26 16:59:47 +00:00
Dr. Stephen Henson
df6de39fe7
Change AR to ARX to allow exclusion of fips object modules
2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
13a5519208
Move BN_options function to bn_print.c to remove dependency for BIO printf
...
routines from bn_lib.c
2011-01-25 17:10:30 +00:00
Dr. Stephen Henson
7b1a04519f
add X9.31 prime generation routines from 0.9.8 branch
2011-01-09 13:02:14 +00:00
Andy Polyakov
e822c756b6
s390x assembler pack: adapt for -m31 build, see commentary in Configure
...
for more details.
2010-11-29 20:52:43 +00:00
Andy Polyakov
dd128715a2
s390x.S: fix typo in bn_mul_words.
...
PR: 2380
2010-11-22 21:55:07 +00:00
Dr. Stephen Henson
776654adff
PR: 2295
...
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve
OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
2010-10-11 23:49:22 +00:00
Andy Polyakov
d466588788
MIPS assembler pack: enable it in Configure, add SHA2 module, fix make rules,
...
update commentary...
2010-10-02 11:47:17 +00:00
Andy Polyakov
da4d239dad
Add unified mips.pl, which will replace mips3.s.
2010-09-27 21:19:43 +00:00
Andy Polyakov
0985473636
sha1-mips.pl, mips-mont.pl: unify MIPS assembler modules in respect to
...
ABI and binutils.
2010-09-22 08:43:09 +00:00
Andy Polyakov
f8927c89d0
Alpha assembler pack: adapt for Linux.
...
PR: 2335
2010-09-13 13:28:52 +00:00
Andy Polyakov
dd4a0af370
crypto/bn/asm/s390x.S: drop redundant instructions.
2010-09-10 14:53:36 +00:00
Andy Polyakov
1cbdca7bf2
Harmonize s390x assembler modules with "catch-all" rules from commit#19749.
2010-07-09 12:11:12 +00:00
Andy Polyakov
e216cd6ee9
armv4-mont.pl: addenum to previous commit#19749.
2010-07-08 15:06:01 +00:00
Andy Polyakov
396df7311e
crypto/*/Makefile: unify "catch-all" assembler make rules and harmonize
...
ARM assembler modules.
2010-07-08 15:03:42 +00:00
Ben Laurie
c8bbd98a2b
Fix warnings.
2010-06-12 14:13:23 +00:00
Andy Polyakov
3efe51a407
Revert previous Linux-specific/centric commit#19629. If it really has to
...
be done, it's definitely not the way to do it. So far answer to the
question was to ./config -Wa,--noexecstack (adopted by RedHat).
2010-05-05 22:05:39 +00:00
Ben Laurie
0e3ef596e5
Non-executable stack in asm.
2010-05-05 15:50:13 +00:00
Andy Polyakov
d23f4e9d5a
alpha-mont.pl: comply with stack alignment requirements.
2010-04-10 13:33:04 +00:00
Andy Polyakov
97a6a01f0f
ARMv4 assembler: fix compilation failure. Fix is actually unconfirmed, but
...
I can't think of any other cause for failure
2010-03-29 09:55:19 +00:00
Bodo Möller
2d9dcd4ff0
Always check bn_wexpend() return values for failure (CVE-2009-3245).
...
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)
Submitted by: Neel Mehta
2010-02-23 10:36:35 +00:00
Andy Polyakov
964ed94649
parisc-mont.pl: PA-RISC 2.0 code path optimization based on intruction-
...
level profiling data resulted in almost 50% performance improvement.
PA-RISC 1.1 is also reordered in same manner, mostly to be consistent,
as no gain was observed, not on PA-7100LC.
2010-01-25 23:12:00 +00:00
Andy Polyakov
4f38565204
bn_lcl.h: add MIPS III-specific BN_UMULT_LOHI as alternative to porting
...
crypto/bn/asm/mips3.s from IRIX. Performance improvement is not as
impressive as with complete assembler, but still... it's almost 2.5x
[on R5000].
2010-01-17 12:08:24 +00:00
Andy Polyakov
4407700c40
ia64-mont.pl: add shorter vector support ("shorter" refers to 512 bits and
...
less).
2010-01-17 11:33:59 +00:00
Andy Polyakov
74f2260694
ia64-mont.pl: addp4 is not needed when referring to stack (this is 32-bit
...
HP-UX thing).
2010-01-07 15:36:59 +00:00
Andy Polyakov
1f23001d07
ppc64-mont.pl: commentary update.
2010-01-06 10:58:59 +00:00
Andy Polyakov
dacdcf3c15
Add Montgomery multiplication module for IA-64.
2010-01-06 10:57:55 +00:00
Andy Polyakov
70b76d392f
ppccap.c: fix compiler warning and perform sanity check outside signal masking.
...
ppc64-mont.pl: clarify comment and fix spelling.
2009-12-29 11:18:16 +00:00
Andy Polyakov
3fc2efd241
PA-RISC assembler: missing symbol and typos.
2009-12-28 16:13:35 +00:00
Andy Polyakov
cb3b9b1323
Throw in more PA-RISC assembler.
2009-12-27 20:49:40 +00:00
Andy Polyakov
d741cf2267
ppccap.c: tidy up.
...
ppc64-mont.pl: missing predicate in commentary.
2009-12-27 11:25:24 +00:00
Andy Polyakov
b4b48a107c
ppc64-mont.pl: adapt for 32-bit and engage for all builds.
2009-12-26 21:30:13 +00:00
Dr. Stephen Henson
7e4cae1d2f
PR: 2111
...
Submitted by: Martin Olsson <molsson@opera.com>
Check for bn_wexpand errors in bn_mul.c
2009-12-02 15:28:42 +00:00
Dr. Stephen Henson
e8a682f223
PR: 2062
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BN_rand error handling in bntest.c
2009-10-01 00:21:20 +00:00
Dr. Stephen Henson
73ea416070
Update from 1.0.0-stable.
2009-06-17 11:48:22 +00:00
Dr. Stephen Henson
d70323f1c5
Submitted by: Peter Gutmann <pgut001@cs.auckland.ac.nz>
...
Approved by: steve@openssl.org
Check return values for NULL in case of malloc failure.
2009-06-17 11:25:42 +00:00
Dr. Stephen Henson
779558b9e5
Update from 1.0.0-stable.
2009-06-15 10:27:22 +00:00
Dr. Stephen Henson
477fd4596f
PR: 1835
...
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org
Fix various typos.
2009-02-14 21:49:38 +00:00
Andy Polyakov
0f529cbdc3
s390x-mont.pl: optimize prologue.
2009-02-10 08:46:48 +00:00
Andy Polyakov
8626230a02
s390x assembler pack update.
2009-02-09 15:42:04 +00:00
Dr. Stephen Henson
41b7619596
Fix missing prototype warnings then fix different prototype warnings ;-)
2009-01-11 16:17:26 +00:00
Andy Polyakov
a68c7b9171
bn_lib.c: [re-]fix Win64 compiler warning.
2008-12-29 12:44:33 +00:00
Andy Polyakov
5cabcf96e7
Fix "possible loss of data" Win64 compiler warnings.
2008-12-29 12:35:49 +00:00
Andy Polyakov
be01f79d3d
x86_64 assembler pack: add support for Win64 SEH.
2008-12-19 11:17:29 +00:00
Andy Polyakov
3ebbe8853f
Bring C bn_mul_mont template closer to assembler.
2008-12-16 07:28:38 +00:00
Andy Polyakov
93c4ba07d7
x86_64-xlate.pl update, engage x86_64 assembler in mingw64.
2008-11-14 16:40:37 +00:00
Andy Polyakov
1416aec60d
Update make rules for x86_64 assembler pack.
2008-11-12 08:19:04 +00:00
Andy Polyakov
aa8f38e49b
x86_64 assembler pack to comply with updated styling x86_64-xlate.pl rules.
2008-11-12 08:15:52 +00:00
Andy Polyakov
2fbc8a2aad
Revert commit #17603 , it should have been part of #17617 .
2008-11-12 07:27:36 +00:00
Geoff Thorpe
6343829a39
Revert the size_t modifications from HEAD that had led to more
...
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Bodo Möller
0a8c9f7de1
symbol deobnoxification
2008-11-11 07:08:59 +00:00
Dr. Stephen Henson
0afc9f5bc0
PR: 1777
...
Submitted by: "Alon Bar-Lev" <alon.barlev@gmail.com>
Approved by: steve@openssl.org
Fix some size_t issues.
2008-11-05 23:14:32 +00:00
Dr. Stephen Henson
e6e0c9018c
Fix prototypes.
2008-11-02 18:12:36 +00:00
Dr. Stephen Henson
9619b730b4
Use stddef.h to pick up size_t def.
2008-11-02 16:56:13 +00:00
Dr. Stephen Henson
c76fd290be
Fix warnings about mismatched prototypes, undefined size_t and value computed
...
not used.
2008-11-02 12:50:48 +00:00
Ben Laurie
4d6e1e4f29
size_tification.
2008-11-01 14:37:00 +00:00
Andy Polyakov
122396f2db
Fix SHA512 and optimize BN for mingw64.
2008-11-01 12:46:18 +00:00
Andy Polyakov
f1455b3063
Minor clean-up in bn_lib.c: constification and optimization.
2008-10-28 13:52:51 +00:00
Andy Polyakov
b764f82c64
Fix crash in BN_rshift.
...
PR: 1663
2008-10-28 13:46:14 +00:00
Geoff Thorpe
ae7ec4c71d
Apparently '__top' is also risky, obfuscate further. (All this to
...
avoid inlines...)
2008-10-22 12:00:15 +00:00
Geoff Thorpe
3fdc6c11aa
Use of a 'top' var creates "shadow variable" warnings.
2008-10-22 01:25:45 +00:00
Ben Laurie
0d6f9c7181
Constification.
2008-10-19 22:51:27 +00:00
Andy Polyakov
aff8259510
Fix argument order in BN_nnmod call and implement rigorous boundary
...
condition check.
2008-10-16 07:54:41 +00:00
Andy Polyakov
256b3e9c5f
Optimize bn_correct_top.
2008-10-15 10:48:52 +00:00
Andy Polyakov
762a2e3cab
Remove redundant BN_ucmp, fix boundary condition in BN_nist_mod_224 and
...
reimplement BN_nist_mod_521.
2008-10-15 10:47:48 +00:00
Geoff Thorpe
fa0f834c20
Fix build warnings.
2008-09-15 04:02:37 +00:00
Bodo Möller
f8d6be3f81
Some precautions to avoid potential security-relevant problems.
2008-09-14 13:42:34 +00:00
Andy Polyakov
492279f6f3
AIX build updates.
2008-09-12 14:45:54 +00:00
Geoff Thorpe
4c3296960d
Remove the dual-callback scheme for numeric and pointer thread IDs,
...
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).
Thanks to Bodo, for invaluable review and feedback.
2008-08-06 15:54:15 +00:00
Geoff Thorpe
5f834ab123
Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
...
version some time soon.
2008-07-03 19:59:25 +00:00
Bodo Möller
8228fd89fc
avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
...
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
2008-06-23 20:46:24 +00:00
Bodo Möller
fabe640f5e
Clarifying comment.
2008-05-02 18:47:48 +00:00
Bodo Möller
d05a474556
Montgomery-related minor cleanups/documentation
2008-05-01 18:48:20 +00:00
Andy Polyakov
ba6f95e81b
Add 64-bit support to BN_nist_mod_244 and engage BN_nist_mod_* on 64-bit
...
platforms.
2008-04-24 10:04:26 +00:00
Andy Polyakov
830b8877ba
Takanori Yanagisawa has shown how to correctly use pre-computed values.
...
So in a sense this commit reverts few latest ones fixing bugs in original
code and improving it, most notably adding 64-bit support [though not in
BN_nist_mod_224 yet].
PR: 1593
2008-04-23 08:10:25 +00:00
Andy Polyakov
9912ab6770
Resolve __DECC warning and keep disclaiming support for 16-bit platforms.
2008-04-18 15:47:30 +00:00
Andy Polyakov
299ab428ce
Fix remaining BN_nist_mod_*.
...
PR: 1593
2008-04-18 15:40:57 +00:00
Lutz Jänicke
4c1a6e004a
Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev
...
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>, "Alon Bar-Lev" <alon.barlev@gmail.com>
2008-04-17 10:19:16 +00:00
Andy Polyakov
d4122504a2
Clarifying comment.
2008-04-09 12:06:42 +00:00
Andy Polyakov
2c4226c42b
Do BN_nist_mod_384 by the book, as cheating doesn't work. Other functions
...
will be revised too.
PR: 1593
2008-04-09 11:36:04 +00:00
Andy Polyakov
2819ffb520
Fix fast reduction on NIST curves (as well BN_NIST_ADD_ONE macro).
...
PR: 1593
2008-04-01 08:39:08 +00:00
Dr. Stephen Henson
e2a29d49ca
Update dependencies.
2008-03-29 21:11:25 +00:00
Geoff Thorpe
f7ccba3edf
There was a need to support thread ID types that couldn't be reliably cast
...
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used. This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
56c7754cab
Avoid warnings.
2008-02-28 14:05:01 +00:00
Andy Polyakov
61b05a0025
Make x86_64-mont.pl work with debug Win64 build.
2008-02-27 20:09:28 +00:00
Bodo Möller
7c9882eb24
fix BIGNUM flag handling
2008-02-27 06:01:28 +00:00
Andy Polyakov
089458b096
ppc64-mont optimization.
2008-02-05 13:10:14 +00:00