Commit graph

624 commits

Author SHA1 Message Date
Geoff Thorpe
1b06804491 When adding positive elements, we can use BN_uadd() instead of BN_add().
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-02-22 19:30:41 +00:00
Andy Polyakov
1751034669 Typo in crypto/bn/asm/x86_64.c, bn_div_words().
PR: 821
2004-02-07 09:51:28 +00:00
Andy Polyakov
d04b1b4656 Typo in PA-RISC 2 rules in crypto/bn/Makefile.ssl 2004-01-30 05:41:23 +00:00
Andy Polyakov
1247092776 HP/UX PA-RISC 2 targets update. 2004-01-29 22:16:08 +00:00
Richard Levitte
1fb724449d make update 2004-01-28 18:38:33 +00:00
Andy Polyakov
27b2b78f90 Even though C specification explicitly says that constant type "stretches"
automatically to accomodate the value, some compilers fail to do so. Most
notably 0x0123456789ABCDEF should come out as long long in 32-bit context,
but HP compiler truncates it to 32-bit value. Which in turn breaks GF(2^m)
arithmetics in hpux-parisc2-cc build. Therefore this fix...
2004-01-25 10:53:43 +00:00
Richard Levitte
79b42e7654 Use sh explicitely to run point.sh
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
d420ac2c7d Use BUF_strlcpy() instead of strcpy().
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:40:17 +00:00
Ulf Möller
380e145daf Add "dif" variable to clean up the loop implementations.
Submitted by: Nils Larsch
2003-12-06 11:55:46 +00:00
Ulf Möller
ce38bb1a8c Avoid segfault if ret==0.
Submitted by: Nils Larsch
2003-12-06 11:39:37 +00:00
Geoff Thorpe
2bfd2c74d2 Incremental cleanups to bn_lib.c.
- Add missing bn_check_top() calls and relocate some others
- Use BN_is_zero() where appropriate
- Remove assert()s that bn_check_top() is already covering
- Simplify the code in places (esp. bn_expand2())
- Only keep ambiguous zero handling if BN_STRICT isn't defined
- Remove some white-space and make some other aesthetic tweaks
2003-12-02 20:01:30 +00:00
Geoff Thorpe
82b2f57e30 Use the BN_is_odd() macro in place of code that (inconsistently) does much
the same thing.

Also, I have some stuff on the back-burner related to some BN_CTX notes
from Peter Gutmann about his cryptlib hacks to the bignum code. The BN_CTX
comments are there to remind me of some relevant points in the code.
2003-12-02 03:28:24 +00:00
Geoff Thorpe
2ae1ea3788 BN_FLG_FREE is of extremely dubious usefulness, and is only referred to
once in the source (where it is set for the benefit of no other code
whatsoever). I've deprecated the declaration in the header and likewise
made the use of the flag conditional in bn_lib.c. Note, this change also
NULLs the 'd' pointer in a BIGNUM when it is reset but not deallocated.
2003-12-02 03:16:56 +00:00
Geoff Thorpe
34066d741a Declare the static BIGNUM "BN_value_one()" more carefully. 2003-12-01 23:13:17 +00:00
Geoff Thorpe
b74cc0776b Add missing bn_check_top()s to bn_kron.c, remove some miscellaneous
white-space, and include extra headers to satisfy debugging builds.
2003-12-01 23:11:45 +00:00
Geoff Thorpe
e7e5fe4705 Add missing bn_check_top()s to bn_gf2m.c and remove some miscellaneous
white-space.
2003-12-01 23:10:21 +00:00
Geoff Thorpe
998ae048e7 The bn_set_max() macro is only "used" by the bn_set_[low|high]() macros
which, in turn, are used nowhere at all. This is a good thing because
bn_set_max() would currently generate code that wouldn't compile (BIGNUM
has no 'max' element).

The only apparent use for bn_set_[low|high] would be for implementing
windowing algorithms, and all of openssl's seem to use bn_***_words()
helpers instead (including the BN_div() that Nils fixed recently, which had
been using independently-coded versions of what these unused macros are
intended for). I'm therefore consigning these macros to cvs oblivion in the
name of readability.
2003-12-01 22:11:08 +00:00
Geoff Thorpe
e65c2b9872 bn_fix_top() exists for compatibility's sake and is mapped to
bn_correct_top() or bn_check_top() depending on debug settings. For
internal source, all bn_fix_top()s should be converted one way or the other
depending on whether the use of bn_correct_top() is justified.

For BN_div_recp(), these cases should not require correction if the other
bignum functions are doing their jobs properly, so convert to
bn_check_top().
2003-12-01 21:59:40 +00:00
Geoff Thorpe
46cb8d3689 If BN_STRICT is defined, don't accept an ambiguous representation of zero
(ie. where top may be zero, or it may be one if the corresponding word is
set to zero). Note, this only affects the macros in bn.h, there are probably
similar corrections required in some c files.

Also, clarify the audit-related macros at the top of the header. Mental
note: I must not forget to clean all this out before 0.9.8 is released ...
2003-11-30 22:23:12 +00:00
Geoff Thorpe
23fc5ac646 Improve a couple of the bignum macros. Note, this doesn't eliminate
tolerance of ambiguous zero-representation, it just improves
BN_abs_is_word() and simplifies other macros that depend on it.
2003-11-30 22:02:10 +00:00
Geoff Thorpe
5734bebe05 Make BN_DEBUG_RAND less painfully slow by only consuming one byte of
pseudo-random data for each bn_pollute().
2003-11-30 21:21:30 +00:00
Geoff Thorpe
657a919598 This improves the placement of check_top() macros in a couple of bn_lib
functions.
2003-11-29 20:34:07 +00:00
Geoff Thorpe
444c3a8492 Get rid of some signed/unsigned comparison warnings. 2003-11-28 16:39:16 +00:00
Richard Levitte
4d8743f490 Netware-specific changes,
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
2003-11-28 13:10:58 +00:00
Geoff Thorpe
81ba5f6713 Due to recent debugging bursts, openssl should be more or less solid
against inconsistent BIGNUMs coming out of any of its API functions. So
this change no longer "fixes" the bn_print.c functions, but it makes for
cleaner code. This patch was a part of ticket 697.

PR: 697
Submitted by: Otto Moerbeek
Reviewed by: Geoff Thorpe
2003-11-25 21:07:59 +00:00
Geoff Thorpe
6defae04f3 Fix some handling in bn_word. This also resolves the issues observed in
ticket 697 (though uses a different solution than the proposed one). This
problem was initially raised by Otto Moerbeek.

PR: 697
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2003-11-25 20:39:19 +00:00
Geoff Thorpe
e1064adfd3 Some changes for bn_gf2m.c: better error checking plus some minor
optimizations.

Submitted by: Nils Larsch
2003-11-25 03:41:20 +00:00
Geoff Thorpe
9e989810ba BN_div() cleanup: replace the use of BN_sub and BN_add with bn_sub_words
and bn_add_words to avoid using fake bignums to window other bignums that
can lead to corruption. This change allows all bignum tests to pass with
BN_DEBUG and BN_DEBUG_RAND debugging and valgrind. NB: This should be
tested on a few different architectures and configuration targets, as the
bignum code this deals with is quite preprocessor (and assembly) sensitive.

Submitted by: Nils Narsch
Reviewed by: Geoff Thorpe, Ulf Moeller
2003-11-22 20:23:41 +00:00
Ulf Möller
1a01733047 BN_set_bit() etc should use "unsigned int".
Keep it as is to avoid an API change, but check for negativ values.

Submitted by: Nils Larsch
2003-11-15 08:37:50 +00:00
Geoff Thorpe
9dde17e8b4 This rewrites two "for" loops in BN_rshift() - equality with zero is
generally a more efficient comparison than comparing two integers, and the
first of these two loops was off-by-one (copying one too many values). This
change also removes a superfluous assignment that would set an unused word
to zero (and potentially allow an overrun in some cases).

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2003-11-13 15:03:14 +00:00
Geoff Thorpe
f75abcefed This extends the debugging macros to use "pollution" during
bn_correct_top(), previously only bn_check_top() did this.
2003-11-06 23:24:44 +00:00
Geoff Thorpe
18f62d4b82 Add debug-screening of input parameters to some functions I'd missed
before.
2003-11-06 23:13:04 +00:00
Geoff Thorpe
5c0c22803e Put more debug screening in BN_div() and correct a comment. 2003-11-06 23:11:07 +00:00
Geoff Thorpe
0ef85c7f45 This is a revert of my previous commit to "improve" the declaration of
constant BIGNUMs. It turns out that this trips up different but equally
useful compiler warnings to -Wcast-qual, and so wasn't worth the ugliness
it created. (Thanks to Ulf for the forehead-slap.)
2003-11-05 19:30:29 +00:00
Ulf Möller
078dd1a0f9 typo in comment 2003-11-05 17:28:59 +00:00
Ulf Möller
2b96c95197 cleanup as discussed with Geoff 2003-11-05 17:28:25 +00:00
Geoff Thorpe
d870740cd7 Put the first stage of my bignum debugging adventures into CVS. This code
is itself experimental, and in addition may cause execution to break on
existing openssl "bugs" that previously were harmless or at least
invisible.
2003-11-04 22:54:49 +00:00
Geoff Thorpe
c465e7941e This is the least unacceptable way I've found for declaring the bignum data
and structures as constant without having to cast away const at any point.
There is still plenty of other code that makes gcc's "-Wcast-qual" unhappy,
but crypto/bn/ is now ok. Purists are welcome to suggest alternatives.
2003-11-04 00:29:09 +00:00
Geoff Thorpe
a9fd78f9da bn_div() does some pretty nasty things with temporary variables,
constructing BIGNUM structures with pointers offset into other bignums
(among other things). This corrects some of it that is too plainly insane,
and tries to ensure that bignums are normalised when passed to other
functions.
2003-10-31 01:35:16 +00:00
Geoff Thorpe
5f747c7f4b When a BN_CTX is used for temporary workspace, the variables are sometimes
left in an inconsistent state when they are released for later reuse. This
change resets the BIGNUMs when they are released back to the context.
2003-10-30 01:07:56 +00:00
Geoff Thorpe
c4db1a8b5c This fixes a couple of cases where an inconsistent BIGNUM could be passed as
input to a function.
2003-10-30 01:03:31 +00:00
Geoff Thorpe
31166ec8f3 Some provisional bignum debugging has begun to detect inconsistent BIGNUM
structures being passed in to or out of API functions, and this corrects a
couple of cases found so far.

Also, lop off a couple of bytes of white-space.
2003-10-29 20:47:49 +00:00
Geoff Thorpe
2754597013 A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Geoff Thorpe
2ce90b9b74 BN_CTX is opaque and the static initialiser BN_CTX_init() is not used
except internally to the allocator BN_CTX_new(), as such this deprecates
the use of BN_CTX_init() in the API. Moreover, the structure definition of
BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself.

NDEBUG should probably only be "forced" in the top-level configuration, but
until it is I will avoid removing it from bn_ctx.c which might surprise
people with massive slow-downs in their keygens. So I've left it in
bn_ctx.c but tidied up the preprocessor logic a touch and made it more
tolerant of debugging efforts.
2003-10-29 18:04:37 +00:00
Geoff Thorpe
db59141467 remove accidentally committed debugging cruft. 2003-10-29 05:35:31 +00:00
Geoff Thorpe
2aaec9cced Update any code that was using deprecated functions so that everything builds
and links with OPENSSL_NO_DEPRECATED defined.
2003-10-29 04:14:08 +00:00
Geoff Thorpe
9d473aa2e4 When OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or should
be) precompiled out in the API headers. This change is to ensure that if
it is defined when compiling openssl, the deprecated functions aren't
implemented either.
2003-10-29 04:06:50 +00:00
Ralf S. Engelschall
6bd27f8644 Fix prime generation loop in crypto/bn/bn_prime.pl by making
sure the loop does correctly stop and breaking ("division by zero")
modulus operations are not performed. The (pre-generated) prime
table crypto/bn/bn_prime.h was already correct, but it could not be
re-generated on some platforms because of the "division by zero"
situation in the script.
2003-09-25 13:57:58 +00:00
Richard Levitte
01fc834bc9 Have ASFLAGS be defined the same way as CFLAGS 2003-05-29 22:20:47 +00:00
Richard Levitte
f5f7dffdd1 Make sure to compare unsigned against unsigned. 2003-05-28 10:34:29 +00:00
Richard Levitte
83743ad039 Fix sign bugs.
PR: 621
2003-05-21 14:29:13 +00:00
Bodo Möller
5679bcce07 make RSA blinding thread-safe 2003-04-02 09:50:22 +00:00
Richard Levitte
78951e7711 Make sure we get the definition of OPENSSL_NO_ERR. 2003-03-20 23:19:41 +00:00
Ulf Möller
66ecdf3bfb more mingw related cleanups. 2003-02-22 18:00:14 +00:00
Ben Laurie
2619676256 Old-style callbacks can be NULL! 2003-02-01 20:58:59 +00:00
Andy Polyakov
722d17cbac This is an *initial* tune-up. This update puts Itanium2 back on par with
Itanium. I mean if overall performance improvement over C version was X
for Itanium, it's X even for Itanium2.
2003-01-19 21:29:59 +00:00
Richard Levitte
2f09524501 A few more files to ignore 2003-01-16 21:32:56 +00:00
Richard Levitte
f8ea5cb579 Make sure everything that may be freed is allocated or initiated.
PR: 446
2003-01-10 08:59:46 +00:00
Andy Polyakov
699543e4a2 Finalizing asm support for UnixWare, SCO, OpenUnix... Note that I've
replaced #if logic around bn_sub_part_words in bn_mul.c. I rely upon
OPENSSL_BN_ASM_PART_WORDS being added by ./Configure script. Would it
still work on non-Unix platforms?
2003-01-09 08:42:04 +00:00
Andy Polyakov
3cc9a89dda Unified targets for ELF assembler modules. Tested on Linux, Solaris and
FreeBSD. Goal is to extend support even to SCO5, UnixWare/OpenUnix...
2003-01-03 17:37:53 +00:00
Andy Polyakov
46a0d4fbcb Support for ILP32 on HPUX-IA64. 2003-01-03 15:10:46 +00:00
Andy Polyakov
04945fda66 pa-risc2.s was not PIC, see RT#426. I strip call to fprintf as it's
never called anyway (it's a debugging assertion). If pa-risc2W.s is
PIC remains to be seen...
2003-01-03 10:52:40 +00:00
Richard Levitte
e9883d285d Finally, a bn_div_words() in VAX assembler that goes through all tests.
PR: 413
2002-12-23 11:25:51 +00:00
Andy Polyakov
316bfb77b5 Fix for "shift count too large" when compiling for hpux-parisc2 and
irix-mips. The bug was introduced with accelerated support for x86_64.
My fault! Fixed now.
2002-12-20 18:11:30 +00:00
Richard Levitte
9b58214e4a More accurate comments. 2002-12-20 16:38:36 +00:00
Richard Levitte
3c801fa460 A little debugging. 2002-12-20 16:38:06 +00:00
Andy Polyakov
2f98abbcb6 x86_64 performance patch. 2002-12-14 20:42:05 +00:00
Richard Levitte
0edad88a31 make update 2002-12-09 02:19:27 +00:00
Geoff Thorpe
e189872486 Nils Larsch submitted;
- a patch to fix a memory leak in rsa_gen.c
  - a note about compiler warnings with unions
  - a note about improving structure element names

This applies his patch and implements a solution to the notes.
2002-12-08 16:45:26 +00:00
Geoff Thorpe
e9224c7177 This is a first-cut at improving the callback mechanisms used in
key-generation and prime-checking functions. Rather than explicitly passing
callback functions and caller-defined context data for the callbacks, a new
structure BN_GENCB is defined that encapsulates this; a pointer to the
structure is passed to all such functions instead.

This wrapper structure allows the encapsulation of "old" and "new" style
callbacks - "new" callbacks return a boolean result on the understanding
that returning FALSE should terminate keygen/primality processing.  The
BN_GENCB abstraction will allow future callback modifications without
needing to break binary compatibility nor change the API function
prototypes. The new API functions have been given names ending in "_ex" and
the old functions are implemented as wrappers to the new ones.  The
OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined,
declaration of the older functions will be skipped. NB: Some
openssl-internal code will stick with the older callbacks for now, so
appropriate "#undef" logic will be put in place - this is in case the user
is *building* openssl (rather than *including* its headers) with this
symbol defined.

There is another change in the new _ex functions; the key-generation
functions do not return key structures but operate on structures passed by
the caller, the return value is a boolean. This will allow for a smoother
transition to having key-generation as "virtual function" in the various
***_METHOD tables.
2002-12-08 05:24:31 +00:00
Richard Levitte
6ab285bf4c I think I got it now. Apparently, the case of having to shift down
the divisor was a bit more complex than I first saw.  The lost bit
can't just be discarded, as there are cases where it is important.
For example, look at dividing 320000 with 80000 vs. 80001 (all
decimals), the difference is crucial.  The trick here is to check if
that lost bit was 1, and in that case, do the following:

1. subtract the quotient from the remainder
2. as long as the remainder is negative, add the divisor (the whole
   divisor, not the shofted down copy) to it, and decrease the
   quotient by one.

There's probably a nice mathematical proof for this already, but I
won't bother with that, unless someone requests it from me.
2002-12-02 21:31:45 +00:00
Richard Levitte
1d3159bcca Make some names consistent. 2002-12-02 02:40:27 +00:00
Richard Levitte
f60ceb54eb Through some experimentation and thinking, I think I finally got the
proper implementation of bn_div_words() for VAX.

If the tests go through well, the next step will be to test on Alpha.
2002-12-02 02:28:27 +00:00
Richard Levitte
0f995b2f40 Small bugfix: even when r == d, we need to adjust r and q.
PR: 366
2002-12-01 02:17:23 +00:00
Richard Levitte
a678430602 Redo the VAX assembler version of bn_div_words().
PR: 366
2002-12-01 00:49:36 +00:00
Richard Levitte
43d601641f A few more memset()s converted to OPENSSL_cleanse().
I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343
2002-11-29 11:30:45 +00:00
Richard Levitte
55f78baf32 Have all tests use EXIT() to exit rather than exit(), since the latter doesn't
always give the expected result on some platforms.
2002-11-28 18:54:30 +00:00
Richard Levitte
2047bda6fb Unused variable removed. 2002-11-27 13:40:41 +00:00
Richard Levitte
821385ad00 Fix an unsigned/signed mismatch. 2002-11-19 11:28:28 +00:00
Richard Levitte
8d6e60486f Fix to build better with DJGPP.
PR: 338

Here's the description, submitted by Gisle Vanem <giva@bgnett.no>:

1. sock_init() renamed to ssl_sock_init() in ./apps/s_socket.c due
   to name-clash with Watt-32.

2. rand() renamed to Rand() in ./crypto/bn/divtest.c due to name-clash
   with <stdlib.h>

3. Added calls to dbug_init()/sock_init() in some demo programs.

4. Changed cflags/lflags in configure. Watt-32 install root now taken
   from $WATT_ROOT.
2002-11-14 11:22:01 +00:00
Bodo Möller
b53e44e572 implement and use new macros BN_get_sign(), BN_set_sign()
Submitted by: Nils Larsch
2002-11-04 13:17:22 +00:00
Richard Levitte
b5148cf1f7 synchronise util/libeay.num with the 0.9.7-stable variant (guys, this
is something we really need to keep track of!).
make update
2002-10-29 14:48:57 +00:00
Bodo Möller
90a617e050 avoid warnings ('index' shadows global declaration)
Submitted by: Nils Larsch
2002-10-29 11:50:20 +00:00
Bodo Möller
259cdf2af9 Sun has agreed to removing the covenant language from most files.
Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>
2002-10-29 10:59:32 +00:00
Bodo Möller
6c950e0dc9 'covenant HOWTO' (what to do about the Sun covenant if you modify the code)
Submitted by: Bodo Moeller
2002-10-29 10:58:07 +00:00
Bodo Möller
19b8d06a79 clean up new code for NIST primes
create new lock CRYPTO_LOCK_BN to avoid race condition
2002-10-28 14:02:19 +00:00
Bodo Möller
5c6bf03117 fast reduction for NIST curves
Submitted by: Nils Larsch
2002-10-28 13:23:24 +00:00
Richard Levitte
e15ea3d9e1 When BN_add_word() reaches top, it shouldn't try to add the the corresponding
word, since that word may not be zero.
2002-10-14 11:33:32 +00:00
Richard Levitte
001ab3abad Use double dashes so makedepend doesn't misunderstand the flags we
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Bodo Möller
c237de058f don't write beyond buffer
Submitted by: Nils Larsch
2002-08-27 13:32:35 +00:00
Richard Levitte
f13ddd5d0a Do not use the word 'modulus', which is a class template name in VC++ 6.0/SP5.
PR: 216, point 3
2002-08-12 21:20:25 +00:00
Bodo Möller
7a8645d171 avoid SIGSEGV
Submitted by: Nils Larsch, Douglas Stebila
2002-08-07 07:53:47 +00:00
Bodo Möller
d28735a05b oops, undo previous change (was just for testing) 2002-08-03 18:28:34 +00:00
Bodo Möller
183847747a fix bn_expand2 2002-08-03 18:27:47 +00:00
Bodo Möller
bac6012308 use bn_wexpand instead of bn_expand2 (the latter is not needed here,
and it does not yet work correctly)

Submitted by: Douglas Stebila
2002-08-03 17:51:29 +00:00
Bodo Möller
909abce800 disable Sun divison algorithm by default 2002-08-02 18:26:02 +00:00
Bodo Möller
33d4e690cc fix bn_expand2 2002-08-02 18:23:55 +00:00
Bodo Möller
d3bcbba45c remove obsolete part of comment 2002-08-02 15:13:10 +00:00
Bodo Möller
0903e56196 remove obsoleted disabled code 2002-08-02 15:07:08 +00:00
Bodo Möller
95ecacf8a2 Let BN_rand_range() abort with an error after 100 iterations
without success.
2002-08-02 15:02:03 +00:00
Bodo Möller
6fb60a84dd Change BN_mod_sqrt() so that it verifies that the input value is
really the square of the return value.
2002-08-02 14:57:53 +00:00
Bodo Möller
5af7d1a3b8 move GF2m tests to the end 2002-08-02 14:49:59 +00:00
Bodo Möller
35b73a1f20 Rename implementations of method functions so that they match
the new method names where _GF... suffixes have been removed.

Revert changes to ..._{get/set}_Jprojective_coordinates_...:
The current implementation for ECC over binary fields does not use
projective coordinates, and if it did, it would not use Jacobian
projective coordinates; so it's OK to use the ..._GFp prefix for all
this.

Add author attributions to some files so that it doesn't look
as if Sun wrote all of this :-)
2002-08-02 14:28:37 +00:00
Bodo Möller
1dc920c8de Binary field arithmetic contributed by Sun Microsystems.
The 'OPENSSL_NO_SUN_DIV' default is still subject to change,
so I didn't bother to finish the CHANGES entry yet.

Submitted by: Douglas Stebila <douglas.stebila@sun.com>, Sheueling Chang <sheueling.chang@sun.com>
(CHANGES entry by Bodo Moeller)
2002-08-02 13:03:55 +00:00
Bodo Möller
12593e6f45 Move zeroing from bn_expand_internal() to bn_expand2() so that it
happens reliably, even if the BIGNUM is already sufficiently large.

[Note that the bn_expand()/bn_wexpand() macros call bn_expand2() only
if the BIGNUM actually has to grow, so this change does not add any
new overhead as currently bn_expand2() is never called directly.]
2002-07-25 12:12:39 +00:00
Bodo Möller
5c9396e37c remove obsolete comment 2002-07-10 08:39:05 +00:00
Richard Levitte
17085b022c Pass CFLAG to dependency makers, so non-standard system include paths are
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Richard Levitte
451dc18f10 Add support for DJGPP.
PR: 75
2002-06-13 20:42:35 +00:00
Richard Levitte
9cdf87f194 Check the return values where memory allocation failures may happen.
PR: 49
2002-05-30 16:47:45 +00:00
Dr. Stephen Henson
dc014d43af Fallback to normal multiply if n2 == 8 and dna or dnb is not zero
in bn_mul_recursive.

This is (hopefully) what was triggering bignum errors on 64 bit
platforms and causing the BN_mod_mul test to fail.
2002-05-10 22:18:13 +00:00
Dr. Stephen Henson
2f9cf160e4 Avoid gcc warning: BN_DEC_CONV when SIXTY_FOUR_BIT is defined is unsigned. 2002-05-10 22:07:37 +00:00
Bodo Möller
d5c21afd4b add missing declaration
Submitted by: Nils Larsch
2002-03-25 23:15:21 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Bodo Möller
66df02fd98 fix BN_rand_range 2001-12-14 10:09:29 +00:00
Richard Levitte
b476df64a1 make update
perl util/mkerr.pl -recurse -write -rebuild
2001-11-15 12:25:14 +00:00
Bodo Möller
c5d4ab7e35 adjust to OpenSSL_0_9_6-stable version 2001-11-09 13:09:11 +00:00
Ulf Möller
5dd955dcd2 openbsd-x86 macros
Submitted by: Toomas Kiisk <vix@cyber.ee>
2001-10-14 00:57:30 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Geoff Thorpe
534aaf3731 "make update". 2001-09-25 20:39:59 +00:00
Ulf Möller
d98a4b7366 bug fix: bn_sqr_recursive output is twice its input size. 2001-09-05 04:43:43 +00:00
Bodo Möller
435037d4e4 OpenSSL copyright notices ... 2001-09-04 11:02:23 +00:00
Geoff Thorpe
91b3f0e691 Correct a typo. 2001-09-03 17:24:27 +00:00
Bodo Möller
983495c4b2 Use uniformly chosen witnesses for Miller-Rabin test
(by using new BN_pseudo_rand_range function)
2001-09-03 12:58:16 +00:00
Richard Levitte
710e5d5639 make update 2001-07-31 17:07:24 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Andy Polyakov
6d03b73e35 Enhanced support for IA-64 Linux and HP-UX (as well as better support for
HP-UX in common in ./config). Note that for the moment of this writing
none of 64-bit platforms pass bntest. I'm committing this anyway as it's
too frustrating to patch snapshots over and over while 0.9.6 is known to
work.
2001-07-30 16:42:15 +00:00
Andy Polyakov
622d3d3592 Support for Intel and HP-UXi assemblers. 2001-07-30 15:54:13 +00:00
Andy Polyakov
19a6e8b32c This fixes "Spurious test failures on IRIX?" reported in April. Apparently
I was wrong in conclusions about when addition starts overflowing in combaX
routines.
2001-06-22 19:17:42 +00:00
Andy Polyakov
52c0d30078 Get rid of "possible WAW dependency" warnings.
Submitted by:
Reviewed by:
PR:
2001-06-11 12:47:52 +00:00
Andy Polyakov
a95541d61e Get rid of RAW dependency warnings.
Submitted by:
Reviewed by:
PR:
2001-05-30 22:01:33 +00:00
Andy Polyakov
4cb73bf8e4 Assembler support for IA-64. See the source code commentary for further
details (performance numbers and accompanying discussions:-). Note that
the code is not engaged in ./Configure yet. I'll add it later this week
along with updates for .spec file.

Submitted by:
Reviewed by:
PR:
2001-05-28 20:02:51 +00:00
Richard Levitte
81b5eeed6a branch on equal is beql, not beq... 2001-05-14 22:10:09 +00:00
Bodo Möller
1f224bf029 Adjust BN_mod_inverse algorithm selection according to experiments on
Ultra-Sparcs (both 32-bit and 64-bit compilations)
2001-04-09 09:28:24 +00:00
Bodo Möller
ac0f1d0b14 comment 2001-04-08 18:47:23 +00:00
Bodo Möller
124d8cf701 code documentation 2001-04-08 18:41:35 +00:00
Bodo Möller
7d0d0996aa binary algorithm for modular inversion 2001-04-08 18:23:44 +00:00
Andy Polyakov
500230ee94 The IRIX fix. Asm recap and corresponding declation.
Submitted by:
Reviewed by:
PR:
2001-03-27 22:30:46 +00:00
Bodo Möller
4f69172d25 Completely remove mont2 stuff.
It does not appear to be faster than the current Montgomery code
except for very small moduli (somewhere between 192 and 224 bits
in a 64-bit Sun environment, and even less than 192 bits
on 32 bit systems).
2001-03-15 18:17:40 +00:00
Bodo Möller
5b054c6955 EC_METHOD based on bn_mont2 (not used in the library) 2001-03-11 17:43:07 +00:00
Bodo Möller
48fe4d6233 More EC stuff, including EC_POINTs_mul() for simultaneous scalar
multiplication of an arbitrary number of points.
2001-03-10 23:18:35 +00:00
Bodo Möller
4e20b1a656 Instead of telling both 'make' and the user that ranlib
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
2001-03-09 14:01:42 +00:00
Richard Levitte
754d494bef Bug fixes. 2001-03-09 01:13:23 +00:00
Bodo Möller
156e85578d Implement EC_GFp_mont_method. 2001-03-08 20:55:16 +00:00
Bodo Möller
ff612904d2 Comment 2001-03-08 16:53:30 +00:00
Bodo Möller
c62b26fdc6 Hide BN_CTX structure details.
Incease the number of BIGNUMs in a BN_CTX.
2001-03-08 15:56:15 +00:00
Bodo Möller
98499135d7 Constify BN_value_one. 2001-03-08 13:58:09 +00:00
Bodo Möller
226cc7ded4 More method functions for EC_GFp_simple_method. 2001-03-08 01:23:28 +00:00
Richard Levitte
70d70a3c81 Code for better build under Darwin (MacOS X).
Submitted by Brad Dominy <jdominy@darwinuser.org>
2001-03-07 10:04:00 +00:00
Dr. Stephen Henson
3d2e469cfa Fix a bug which caused BN_div to produce the
wrong result if rm==num and num < 0.
2001-02-28 00:51:48 +00:00
Richard Levitte
41d2a336ee e_os.h does not belong with the exported headers. Do not put it there
and make all files the depend on it include it without prefixing it
with openssl/.

This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Richard Levitte
a5bc1e8568 Use e_os2.h rather than opensslconf.h, since some needed macros are
defined there.
2001-02-22 14:37:50 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Bodo Möller
f2bc668429 Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1.
Mention BN_[pseudo_]rand with top=-1 in CHANGES.
2001-02-20 08:10:38 +00:00
Richard Levitte
8120813066 Use new-style system-id macros. 2001-02-20 07:43:22 +00:00
Ulf Möller
335c4f0966 BN_rand_range() needs a BN_rand() variant that doesn't set the MSB. 2001-02-20 00:23:07 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Bodo Möller
e306892994 Simplify BN_rand_range 2001-02-10 00:34:02 +00:00
Bodo Möller
792e2ce7f4 Another comment change. (Previous comment does not apply
for range = 11000000... or range = 100000...)
2001-02-08 12:34:08 +00:00
Bodo Möller
3952584571 Change comments. (The expected number of iterations in BN_rand_range
never exceeds 1.333...).
2001-02-08 12:27:22 +00:00
Bodo Möller
a5d2acfc79 oops -- remove observation code 2001-02-08 12:24:41 +00:00
Bodo Möller
35ed8cb8b6 Integrate my implementation of a countermeasure against
Bleichenbacher's DSA attack.  With this implementation, the expected
number of iterations never exceeds 2.

New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
     min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
     min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
2001-02-08 12:14:51 +00:00
Ulf Möller
57e7d3ce15 Bleichenbacher's DSA attack 2001-02-07 22:24:35 +00:00
Ulf Möller
75802000c8 There is no C version of bn_div_3_words 2001-01-23 16:26:15 +00:00
Bodo Möller
137e601277 The C version of bn_sub_part_words is needed not only
in NO_ASM configurations
2000-12-15 10:54:03 +00:00
Bodo Möller
09f4bd2a39 Very few in the "README" is up-to-date 2000-12-15 10:42:11 +00:00
Bodo Möller
3b28dbce7e The BN_mul bug test apparently is no longer needed 2000-12-14 17:46:36 +00:00
Richard Levitte
53b407da84 Problem: bn_mul_normal() misbehaves if the size of b is 0.
Solution: multiply a with 0, putting the result in r, and return.
2000-12-13 15:29:29 +00:00
Richard Levitte
765e531159 In bn_mul_recursive(), make sure the comba routines are only called
when both a and b are of the exact right size.  This may change to
something better later.
2000-12-13 14:47:06 +00:00
Dr. Stephen Henson
2aff7727f7 Rewrite the extension code to use an ASN1_ITEM structure
for its ASN1 operations as well as the old style function
pointers (i2d, d2i, new, free). Change standard extensions
to support this.

Fix a warning in BN_mul(), bn_mul.c about uninitialised 'j'.
2000-12-13 13:47:33 +00:00
Ulf Möller
15156cce0e bn_part_sub_word prototype. 2000-12-08 19:10:33 +00:00
Bodo Möller
8dea52fa42 Fix some things that look like bugs.
One problem that looked like a problem in bn_recp.c at first turned
out to be a BN_mul bug.  An example is given in bn_recp.c; finding
the bug responsible for this is left as an exercise.
2000-12-07 22:06:09 +00:00
Bodo Möller
f7356b677b TEST_MUL and TEST_SQR added. 2000-12-07 11:11:10 +00:00
Bodo Möller
80d89e6a6a Sign-related fixes (and tests).
BN_mod_exp_mont does not work properly yet if modulus m
is negative (we want computations to be carried out
modulo |m|).
2000-12-07 08:48:58 +00:00
Bodo Möller
bc5f2740d2 Move 'q->neg = 0' to those places where it is needed
(just in cases someone uses a negative modulus)
2000-12-07 07:55:26 +00:00
Bodo Möller
aa66eba7c8 BN_mod_sqrt documentation/comment 2000-12-06 21:33:58 +00:00
Ulf Möller
3bb4736289 remove a comment that shouldn't have been there any more 2000-12-06 16:30:23 +00:00
Bodo Möller
bac685417a Faster BN_mod_sqrt algorithm for p == 5 (8). 2000-12-06 12:25:33 +00:00
Bodo Möller
0a52d38b31 Use bc's "print" feature whenever it is available,
not just on certain platforms.
2000-12-06 10:32:55 +00:00
Ulf Möller
a6576c56dd remove useless instruction 2000-12-06 04:48:50 +00:00
Ulf Möller
240f516939 Intel assembler version for bn_sub_part_words(). I haven't got
reliable timings yet, please try it out!
2000-12-06 04:16:38 +00:00
Ulf Möller
aecb0b018f test_mod_mul is useful, let's run it more often. 2000-12-06 04:14:30 +00:00
Ulf Möller
90e7ce363a Use assert as in the rest of the BN library. 2000-12-05 02:00:40 +00:00
Richard Levitte
6a2347ee45 Remove the last bn_wexpand()s that made us break constness. Of
course, that means we need to handle the cases where the two arrays to
bn_mul_recursive() and bn_mul_part_recursive() differ in size.

I haven't yet changed the comments that describe bn_mul_recursive()
and bn_mul_part_recursive().  I want this to be tested by more people
before I consider this change final.  Please test away!
2000-12-04 17:11:59 +00:00
Bodo Möller
e5164b7041 Change error message to "bignum too long" 2000-12-04 09:24:54 +00:00
Bodo Möller
addb309ad6 include <limits.h> 2000-12-03 09:55:08 +00:00
Bodo Möller
152a689cf9 Don't allow BIGNUMs to become so large that computations with dmax
might overflow.
2000-12-03 09:39:04 +00:00
Richard Levitte
c21c35e6a4 Add a comment to explain the purpose of bn_cmp_part_words(). 2000-12-02 21:16:13 +00:00
Ulf Möller
b26f84cbbd last commit was wrong. Now it works. :) 2000-12-02 20:51:47 +00:00
Ulf Möller
0dba0613ea argl 2000-12-02 19:34:42 +00:00
Ulf Möller
ea1b7fe6d4 forgot to remove the loop variable 2000-12-02 16:20:04 +00:00
Ulf Möller
db88223baa Loops like this one:
if (bp == NULL)
                        for (j=0; j<10000; j++)
                                BN_add(&c,&a,&b);

seem to be pretty useless, and bp never is NULL anyway.
2000-12-02 16:13:27 +00:00
Ulf Möller
111482cf2e New function BN_bntest_rand() to detect more BN library bugs.
The bn_cmp_part_words bug was only caught in the BN_mod_mul() test,
not in the BN_mul() test, so apparently the choice of parameters in
some cases is bad.
2000-12-02 07:32:57 +00:00
Ulf Möller
52a1bab2d9 Fix bn_cmp_part_words() and move it to bn_lib.c. 2000-12-02 07:28:43 +00:00
Bodo Möller
5a12df5c40 functionality for BN_mod_sqrt timings 2000-12-01 09:41:21 +00:00
Bodo Möller
b5a25a430a "make depend" 2000-12-01 08:48:42 +00:00
Bodo Möller
12cfcc128c Fix the recently introduced test that checks if the result is 0 2000-11-30 22:58:27 +00:00
Bodo Möller
fc2e05c2d5 Fix BN_rshift, which caused lots of trouble. 2000-11-30 22:34:57 +00:00
Bodo Möller
b2993bdea1 Remove randomness from the test. These constants give me a segment
violation in test_kron on a 32 bit system.
2000-11-30 21:03:13 +00:00
Bodo Möller
470fa98f8a BN_mod_exp(r,a,p,m,ctx) should not be called with r == p.
But even if this is avoided, there are still segmentation violations
(during one of the BN_free()s at the end of test_kron
in some cases, in other cases during BN_kronecker, or
later in BN_sqrt; choosing a different exponentiation
algorithm in bntest.c appears to influence when the SIGSEGV
takes place).
2000-11-30 20:03:24 +00:00
Bodo Möller
de6e207db6 It's "#elif", not "#elsif". 2000-11-30 19:35:51 +00:00