Matt Caswell
3a83462dfe
Further comment amendments to preserve formatting prior to source reformat
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-06 15:45:25 +00:00
Andy Polyakov
219338115b
Revert "CHANGES: mention "universal" ARM support."
...
This reverts commit 4fec915069
.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-06 12:11:01 +01:00
Andy Polyakov
4fec915069
CHANGES: mention "universal" ARM support.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-06 11:10:01 +01:00
Andy Polyakov
c1669e1c20
Remove inconsistency in ARM support.
...
This facilitates "universal" builds, ones that target multiple
architectures, e.g. ARMv5 through ARMv7. See commentary in
Configure for details.
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-04 23:45:08 +01:00
Tim Hudson
1d97c84351
mark all block comments that need format preserving so that
...
indent will not alter them when reformatting comments
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-30 22:10:26 +00:00
Matt Caswell
53e95716f5
Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATED
...
Introduce use of DECLARE_DEPRECATED
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:57:14 +00:00
Matt Caswell
5bafb04d2e
Remove redundant OPENSSL_NO_DEPRECATED suppression
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:57:05 +00:00
Richard Levitte
a93891632d
Clear warnings/errors within BN_CTX_DEBUG code sections
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-17 10:15:09 +01:00
Emilia Kasper
a015758d11
Check for invalid divisors in BN_div.
...
Invalid zero-padding in the divisor could cause a division by 0.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit a43bcd9e96
)
2014-12-17 10:01:04 +01:00
Emilia Kasper
9669d2e1ad
Fix unused variable warning
...
The temporary variable causes unused variable warnings in opt mode with clang,
because the subsequent assert is compiled out.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-15 13:12:44 +01:00
Matt Caswell
fd0ba77717
make update
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-11 23:52:47 +00:00
Matt Caswell
02a62d1a4a
Move bn internal functions into bn_int.h and bn_lcl.h
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:42 +00:00
Matt Caswell
1939187922
Make bn opaque
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:27 +00:00
Matt Caswell
aeb556f831
Implement internally opaque bn access from srp
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:02 +00:00
Matt Caswell
829ccf6ab6
Implement internally opaque bn access from dh
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:32 +00:00
Matt Caswell
7a5233118c
Prepare exptest for bn opaquify
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:19 +00:00
Matt Caswell
85bcf27ccc
Prepare for bn opaquify. Implement internal helper functions.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:12 +00:00
Geoff Thorpe
e52a3c3d14
Include <openssl/foo.h> instead of "foo.h"
...
Exported headers shouldn't be included as "foo.h" by code from the same
module, it should only do so for module-internal headers. This is
because the symlinking of exported headers (from include/openssl/foo.h
to crypto/foo/foo.h) is being removed, and the exported headers are
being moved to the include/openssl/ directory instead.
Change-Id: I4c1d80849544713308ddc6999a549848afc25f94
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-08 14:21:35 -05:00
Dr. Stephen Henson
73e45b2dd1
remove OPENSSL_FIPSAPI
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
ebdf37e4b1
remove FIPS module code from crypto/bn
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
e4e5bc39f9
Remove fips_constseg references.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
c603c723ce
Remove OPENSSL_FIPSCANISTER code.
...
OPENSSL_FIPSCANISTER is only set if the fips module is being built
(as opposed to being used). Since the fips module wont be built in
master this is redundant.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:16 +00:00
Dr. Stephen Henson
f072785eb4
Remove fipscanister build functionality from makefiles.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:45 +00:00
Rich Salz
8cfe08b4ec
Remove all .cvsignore files
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28 18:32:43 -05:00
Mike Bland
dbaf608320
Remove redundant test targets outside of test/
...
These correspond to targets of the same name in test/Makefile that clash when
using the single-makefile build method using GitConfigure and GitMake.
Change-Id: If7e900c75f4341b446608b6916a3d76f202026ea
Signed-off-by: Mike Bland <mbland@acm.org>
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-16 16:44:51 -05:00
Dr. Stephen Henson
ecb9966e7c
Fix WIN32 build by disabling bn* calls.
...
The trial division and probable prime with coprime tests are disabled
on WIN32 builds because they use internal functions not exported from
the WIN32 DLLs.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-10-29 22:23:31 +00:00
Rich Salz
df8c39d522
RT3549: Remove obsolete files in crypto
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-10-01 16:05:47 -04:00
Andy Polyakov
323154be33
crypto/bn/bn_nist.c: bring original failing code back for reference.
...
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-09-30 21:00:44 +02:00
Rich Salz
3d81ec5b92
Remove #ifdef's for IRIX_CC_BUG
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-09-25 14:43:24 -04:00
Andy Polyakov
8b07c005fe
crypto/bn/bn_nist.c: work around MSC ARM compiler bug.
...
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-09-25 00:42:26 +02:00
Andy Polyakov
d475b2a3bf
Harmonize Tru64 and Linux make rules.
...
RT: 3333,3165
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-20 10:20:38 +02:00
Andy Polyakov
569e2d1257
crypto/bn/asm/x86_64-mont*.pl: add missing clang detection.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-12 00:44:51 +02:00
Andy Polyakov
15735e4f0e
bn/asm/rsaz-*.pl: allow spaces in Perl path name.
...
RT: 2835
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-08-21 00:17:45 +02:00
Martin Olsson
1afd7fa97c
RT2513: Fix typo's paramter-->parameter
...
I also found a couple of others (padlock and signinit)
and fixed them.
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-08-19 11:09:33 -04:00
Doug Goldstein
448155e9bb
RT2163: Remove some unneeded #include's
...
Several files #include stdio.h and don't need it.
Also, per tjh, remove BN_COUNT
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-08-18 12:50:00 -04:00
Matt Caswell
f8571ce822
Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data.
...
This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.
This does have the impact of masking any *real* unitialised data reads in bn though.
Patch based on approach suggested by Rich Salz.
PR#3415
2014-07-13 22:17:39 +01:00
Andy Polyakov
1b0fe79f3e
x86_64 assembly pack: improve masm support.
2014-07-09 20:08:01 +02:00
Andy Polyakov
eca441b2b4
bn_exp.c: fix x86_64-specific crash with one-word modulus.
...
PR: #3397
2014-07-02 19:35:50 +02:00
Ben Laurie
8892ce7714
Constification - mostly originally from Chromium.
2014-06-29 21:05:23 +01:00
Andy Polyakov
a356e488ad
x86_64 assembly pack: refine clang detection.
2014-06-28 17:23:21 +02:00
Andy Polyakov
406d4af050
bn/asm/rsaz-avx2.pl: fix occasional failures.
2014-06-27 22:41:58 +02:00
Huzaifa Sidhpurwala
3b3b69ab25
Make sure BN_sqr can never return a negative value.
...
PR#3410
2014-06-26 23:56:34 +01:00
Andy Polyakov
f3f620e1e0
bn_exp.c: move check for AD*X to rsaz-avx2.pl.
...
This ensures high performance is situations when assembler supports
AVX2, but not AD*X.
2014-06-27 00:07:15 +02:00
Andy Polyakov
7eb0488280
x86_64 assembly pack: addendum to last clang commit.
2014-06-24 08:37:05 +02:00
Andy Polyakov
ac171925ab
x86_64 assembly pack: allow clang to compile AVX code.
2014-06-24 08:24:25 +02:00
Andy Polyakov
5dcf70a1c5
ARM assembly pack: get ARMv7 instruction endianness right.
...
Pointer out and suggested by: Ard Biesheuvel.
2014-06-06 21:27:18 +02:00
Ben Laurie
c93233dbfd
Tidy up, don't exceed the number of requested bits.
2014-06-01 15:31:27 +01:00
Ben Laurie
46838817c7
Constify and reduce coprime random bits to allow for multiplier.
2014-06-01 15:31:27 +01:00
Felix Laurie von Massenbach
8927c2786d
Add a test to check we're really generating probable primes.
2014-06-01 15:31:27 +01:00
Felix Laurie von Massenbach
9a3a99748b
Remove unused BIGNUMs.
2014-06-01 15:31:27 +01:00
Felix Laurie von Massenbach
c74e148776
Refactor the first prime index.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
982c42cb20
Try skipping over the adding and just picking a new random number.
...
Generates a number coprime to 2, 3, 5, 7, 11.
Speed:
Trial div (add) : trial div (retry) : coprime
1 : 0.42 : 0.84
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
c09ec5d2a0
Generate safe primes not divisible by 3, 5 or 7.
...
~2% speed improvement on trial division.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
b0513819e0
Add a method to generate a prime that is guaranteed not to be divisible by 3 or 5.
...
Possibly some reduction in bias, but no speed gains.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
e46a059ebf
Remove static from probable_prime_dh.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
e55fca760b
Remove indentation from the goto targets.
2014-06-01 15:31:26 +01:00
Geoff Thorpe
12e9f627f9
bignum: allow concurrent BN_MONT_CTX_set_locked()
...
The lazy-initialisation of BN_MONT_CTX was serialising all threads, as
noted by Daniel Sands and co at Sandia. This was to handle the case that
2 or more threads race to lazy-init the same context, but stunted all
scalability in the case where 2 or more threads are doing unrelated
things! We favour the latter case by punishing the former. The init work
gets done by each thread that finds the context to be uninitialised, and
we then lock the "set" logic after that work is done - the winning
thread's work gets used, the losing threads throw away what they've done.
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-05-06 17:43:35 -04:00
Andy Polyakov
bd227733b9
C64x+ assembly pack: make it work with older toolchain.
2014-05-04 16:38:32 +02:00
Geoff Thorpe
a529261891
bignum: fix boundary condition in montgomery logic
...
It's not clear whether this inconsistency could lead to an actual
computation error, but it involved a BIGNUM being passed around the
montgomery logic in an inconsistent state. This was found using flags
-DBN_DEBUG -DBN_DEBUG_RAND, and working backwards from this assertion
in 'ectest';
ectest: bn_mul.c:960: BN_mul: Assertion `(_bnum2->top == 0) ||
(_bnum2->d[_bnum2->top - 1] != 0)' failed
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-04-30 11:49:31 -04:00
Andy Polyakov
f8cee9d081
bn/asm/armv4-gf2m.pl, modes/asm/ghash-armv4.pl: faster multiplication
...
algorithm suggested in following paper:
Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
Polynomial Multiplication on ARM Processors using the NEON Engine.
http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
2014-04-24 10:24:53 +02:00
Dr. Stephen Henson
2514fa79ac
Add functions returning security bits.
...
Add functions to return the "bits of security" for various public key
algorithms. Based on SP800-57.
2014-03-28 14:49:04 +00:00
Dr. Stephen Henson
f9b6c0ba4c
Fix for CVE-2014-0076
...
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483
)
Conflicts:
CHANGES
2014-03-12 14:29:43 +00:00
Dr. Stephen Henson
4cfeb00be9
make depend
2014-02-19 20:09:08 +00:00
Andy Polyakov
eedab5241e
bn/asm/x86_64-mont5.pl: fix compilation error on Solaris.
2014-01-09 13:44:59 +01:00
Andy Polyakov
2218c296b4
ARM assembly pack: make it work with older toolchain.
2013-12-28 12:17:08 +01:00
Andy Polyakov
ec9cc70f72
bn/asm/x86_64-mont5.pl: add MULX/AD*X code path.
...
This also eliminates code duplication between x86_64-mont and x86_64-mont
and optimizes even original non-MULX code.
2013-12-09 21:02:24 +01:00
Andy Polyakov
d1671f4f1a
bn/asm/armv4-mont.pl: add NEON code path.
2013-12-04 22:37:49 +01:00
Andy Polyakov
c5d5f5bd0f
bn/asm/x86_64-mont5.pl: comply with Win64 ABI.
...
PR: 3189
Submitted by: Oscar Ciurana
2013-12-03 23:59:55 +01:00
Andy Polyakov
8bd7ca9996
crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64.
2013-12-03 22:28:48 +01:00
Andy Polyakov
31ed9a2131
crypto/bn/rsaz*: fix licensing note.
...
rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.
2013-12-03 22:08:29 +01:00
Andy Polyakov
6efef384c6
bn/asm/rsaz-x86_64.pl: fix prototype.
2013-12-03 09:43:06 +01:00
Andy Polyakov
b9e87d07cb
ppc64-mont.pl: eliminate dependency on GPRs' upper halves.
2013-11-27 22:50:00 +01:00
Andy Polyakov
d1cf23ac86
Make Makefiles OSF-make-friendly.
...
PR: 3165
2013-11-12 21:51:37 +01:00
Andy Polyakov
4eeb750d20
bn/asm/x86_64-mont.pl: minor optimization [for Decoded ICache].
2013-10-25 10:14:20 +02:00
Andy Polyakov
d6019e1654
PPC assembly pack: add .size directives.
2013-10-15 00:14:39 +02:00
Andy Polyakov
30b9c2348d
bn/asm/*x86_64*.pl: correct assembler requirement for ad*x.
2013-10-14 22:41:00 +02:00
Andy Polyakov
039081b809
Initial aarch64 bits.
2013-10-13 19:15:15 +02:00
Andy Polyakov
0c2adb0a9b
MIPS assembly pack: get rid of deprecated instructions.
...
Latest MIPS ISA specification declared 'branch likely' instructions
obsolete. To makes code future-proof replace them with equivalent.
2013-10-13 13:14:52 +02:00
Andy Polyakov
fa104be35e
bn/asm/rsax-avx2.pl: minor optimization [for Decoded ICache].
2013-10-10 23:06:43 +02:00
Andy Polyakov
37de2b5c1e
bn/bn_exp.c: prefer MULX/AD*X over AVX2.
2013-10-09 11:08:52 +02:00
Andy Polyakov
a5bb5bca52
bn/asm/x86_64-mont*.pl: add MULX/ADCX/ADOX code path.
2013-10-03 00:45:04 +02:00
Andy Polyakov
87954638a6
rsaz-x86_64.pl: add MULX/ADCX/ADOX code path.
2013-10-03 00:30:12 +02:00
Andy Polyakov
72a158703b
crypto/bn/asm/x86_64-mont.pl: minor optimization.
2013-09-09 21:40:33 +02:00
Veres Lajos
478b50cf67
misspellings fixes by https://github.com/vlajos/misspell_fixer
2013-09-05 21:39:42 +01:00
Andy Polyakov
fd8ad019e1
crypto/bn/asm/rsax-x86_64.pl: make it work on Darwin.
2013-08-03 16:28:50 +02:00
Andy Polyakov
5c57c69f9e
bn/asm/rsaz-avx2.pl: Windows-specific fix.
2013-07-12 18:59:17 +02:00
Ben Laurie
852f837f5e
s/rsaz_eligible/rsaz_avx2_eligible/.
2013-07-12 12:47:39 +01:00
Andy Polyakov
ca48ace5c5
Take RSAZ modules into build loop, add glue and engage.
...
RT: 2582, 2850
2013-07-05 21:39:47 +02:00
Andy Polyakov
0b4bb91db6
Add RSAZ assembly modules.
...
RT: 2582, 2850
2013-07-05 21:30:18 +02:00
Andy Polyakov
26e43b48a3
bn/asm/x86_86-mont.pl: optimize reduction for Intel Core family.
2013-07-05 21:10:56 +02:00
Andy Polyakov
cbce8c4644
bn/bn_exp.c: harmonize.
2013-07-05 20:52:58 +02:00
Andy Polyakov
b74ce8d948
bn/bn_exp.c: Solaris-specific fix, T4 MONTMUL relies on alloca.
2013-06-30 23:09:09 +02:00
Andy Polyakov
4ddacd9921
Optimize SPARC T4 MONTMUL support.
...
Improve RSA sing performance by 20-30% by:
- switching from floating-point to integer conditional moves;
- daisy-chaining sqr-sqr-sqr-sqr-sqr-mul sequences;
- using MONTMUL even during powers table setup;
2013-06-18 10:39:38 +02:00
Andy Polyakov
02450ec69d
PA-RISC assembler pack: switch to bve in 64-bit builds.
...
PR: 3074
2013-06-18 10:37:00 +02:00
Adam Langley
8a99cb29d1
Add secure DSA nonce flag.
...
This change adds the option to calculate (EC)DSA nonces by hashing the
message and private key along with entropy to avoid leaking the private
key if the PRNG fails.
2013-06-13 17:26:07 +01:00
Adam Langley
96a4c31be3
Ensure that, when generating small primes, the result is actually of the
...
requested size. Fixes OpenSSL #2701 .
This change does not address the cases of generating safe primes, or
where the |add| parameter is non-NULL.
Conflicts:
crypto/bn/bn.h
crypto/bn/bn_err.c
2013-06-04 18:52:30 +01:00
Adam Langley
2b0180c37f
Ensure that x**0 mod 1 = 0.
2013-06-04 18:47:11 +01:00
Adam Langley
7753a3a684
Add volatile qualifications to two blocks of inline asm to stop GCC from
...
eliminating them as dead code.
Both volatile and "memory" are used because of some concern that the compiler
may still cache values across the asm block without it, and because this was
such a painful debugging session that I wanted to ensure that it's never
repeated.
2013-06-04 18:46:25 +01:00
Andy Polyakov
b69437e1e5
crypto/bn/bn_exp.c: SPARC portability fix.
2013-06-01 09:58:07 +02:00
Andy Polyakov
342dbbbe4e
x86_64-gf2m.pl: fix typo.
2013-03-01 22:36:36 +01:00