Commit graph

998 commits

Author SHA1 Message Date
Matt Caswell
3a83462dfe Further comment amendments to preserve formatting prior to source reformat
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-06 15:45:25 +00:00
Andy Polyakov
219338115b Revert "CHANGES: mention "universal" ARM support."
This reverts commit 4fec915069.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-06 12:11:01 +01:00
Andy Polyakov
4fec915069 CHANGES: mention "universal" ARM support.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-06 11:10:01 +01:00
Andy Polyakov
c1669e1c20 Remove inconsistency in ARM support.
This facilitates "universal" builds, ones that target multiple
architectures, e.g. ARMv5 through ARMv7. See commentary in
Configure for details.

Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-04 23:45:08 +01:00
Tim Hudson
1d97c84351 mark all block comments that need format preserving so that
indent will not alter them when reformatting comments

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-30 22:10:26 +00:00
Matt Caswell
53e95716f5 Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATED
Introduce use of DECLARE_DEPRECATED

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:57:14 +00:00
Matt Caswell
5bafb04d2e Remove redundant OPENSSL_NO_DEPRECATED suppression
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:57:05 +00:00
Richard Levitte
a93891632d Clear warnings/errors within BN_CTX_DEBUG code sections
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-17 10:15:09 +01:00
Emilia Kasper
a015758d11 Check for invalid divisors in BN_div.
Invalid zero-padding in the divisor could cause a division by 0.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit a43bcd9e96)
2014-12-17 10:01:04 +01:00
Emilia Kasper
9669d2e1ad Fix unused variable warning
The temporary variable causes unused variable warnings in opt mode with clang,
because the subsequent assert is compiled out.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-15 13:12:44 +01:00
Matt Caswell
fd0ba77717 make update
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-11 23:52:47 +00:00
Matt Caswell
02a62d1a4a Move bn internal functions into bn_int.h and bn_lcl.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:42 +00:00
Matt Caswell
1939187922 Make bn opaque
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:27 +00:00
Matt Caswell
aeb556f831 Implement internally opaque bn access from srp
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:02 +00:00
Matt Caswell
829ccf6ab6 Implement internally opaque bn access from dh
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:32 +00:00
Matt Caswell
7a5233118c Prepare exptest for bn opaquify
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:19 +00:00
Matt Caswell
85bcf27ccc Prepare for bn opaquify. Implement internal helper functions.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:12 +00:00
Geoff Thorpe
e52a3c3d14 Include <openssl/foo.h> instead of "foo.h"
Exported headers shouldn't be included as "foo.h" by code from the same
module, it should only do so for module-internal headers. This is
because the symlinking of exported headers (from include/openssl/foo.h
to crypto/foo/foo.h) is being removed, and the exported headers are
being moved to the include/openssl/ directory instead.

Change-Id: I4c1d80849544713308ddc6999a549848afc25f94
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-08 14:21:35 -05:00
Dr. Stephen Henson
73e45b2dd1 remove OPENSSL_FIPSAPI
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
ebdf37e4b1 remove FIPS module code from crypto/bn
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
e4e5bc39f9 Remove fips_constseg references.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
c603c723ce Remove OPENSSL_FIPSCANISTER code.
OPENSSL_FIPSCANISTER is only set if the fips module is being built
(as opposed to being used). Since the fips module wont be built in
master this is redundant.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:16 +00:00
Dr. Stephen Henson
f072785eb4 Remove fipscanister build functionality from makefiles.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:45 +00:00
Rich Salz
8cfe08b4ec Remove all .cvsignore files
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28 18:32:43 -05:00
Mike Bland
dbaf608320 Remove redundant test targets outside of test/
These correspond to targets of the same name in test/Makefile that clash when
using the single-makefile build method using GitConfigure and GitMake.

Change-Id: If7e900c75f4341b446608b6916a3d76f202026ea
Signed-off-by: Mike Bland <mbland@acm.org>
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-16 16:44:51 -05:00
Dr. Stephen Henson
ecb9966e7c Fix WIN32 build by disabling bn* calls.
The trial division and probable prime with coprime tests are disabled
on WIN32 builds because they use internal functions not exported from
the WIN32 DLLs.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-10-29 22:23:31 +00:00
Rich Salz
df8c39d522 RT3549: Remove obsolete files in crypto
Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-10-01 16:05:47 -04:00
Andy Polyakov
323154be33 crypto/bn/bn_nist.c: bring original failing code back for reference.
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-09-30 21:00:44 +02:00
Rich Salz
3d81ec5b92 Remove #ifdef's for IRIX_CC_BUG
Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-09-25 14:43:24 -04:00
Andy Polyakov
8b07c005fe crypto/bn/bn_nist.c: work around MSC ARM compiler bug.
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-09-25 00:42:26 +02:00
Andy Polyakov
d475b2a3bf Harmonize Tru64 and Linux make rules.
RT: 3333,3165
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-20 10:20:38 +02:00
Andy Polyakov
569e2d1257 crypto/bn/asm/x86_64-mont*.pl: add missing clang detection.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-12 00:44:51 +02:00
Andy Polyakov
15735e4f0e bn/asm/rsaz-*.pl: allow spaces in Perl path name.
RT: 2835

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-08-21 00:17:45 +02:00
Martin Olsson
1afd7fa97c RT2513: Fix typo's paramter-->parameter
I also found a couple of others (padlock and signinit)
and fixed them.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-08-19 11:09:33 -04:00
Doug Goldstein
448155e9bb RT2163: Remove some unneeded #include's
Several files #include stdio.h and don't need it.
Also, per tjh, remove BN_COUNT

Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-08-18 12:50:00 -04:00
Matt Caswell
f8571ce822 Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data.
This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.

This does have the impact of masking any *real* unitialised data reads in bn though.

Patch based on approach suggested by Rich Salz.

PR#3415
2014-07-13 22:17:39 +01:00
Andy Polyakov
1b0fe79f3e x86_64 assembly pack: improve masm support. 2014-07-09 20:08:01 +02:00
Andy Polyakov
eca441b2b4 bn_exp.c: fix x86_64-specific crash with one-word modulus.
PR: #3397
2014-07-02 19:35:50 +02:00
Ben Laurie
8892ce7714 Constification - mostly originally from Chromium. 2014-06-29 21:05:23 +01:00
Andy Polyakov
a356e488ad x86_64 assembly pack: refine clang detection. 2014-06-28 17:23:21 +02:00
Andy Polyakov
406d4af050 bn/asm/rsaz-avx2.pl: fix occasional failures. 2014-06-27 22:41:58 +02:00
Huzaifa Sidhpurwala
3b3b69ab25 Make sure BN_sqr can never return a negative value.
PR#3410
2014-06-26 23:56:34 +01:00
Andy Polyakov
f3f620e1e0 bn_exp.c: move check for AD*X to rsaz-avx2.pl.
This ensures high performance is situations when assembler supports
AVX2, but not AD*X.
2014-06-27 00:07:15 +02:00
Andy Polyakov
7eb0488280 x86_64 assembly pack: addendum to last clang commit. 2014-06-24 08:37:05 +02:00
Andy Polyakov
ac171925ab x86_64 assembly pack: allow clang to compile AVX code. 2014-06-24 08:24:25 +02:00
Andy Polyakov
5dcf70a1c5 ARM assembly pack: get ARMv7 instruction endianness right.
Pointer out and suggested by: Ard Biesheuvel.
2014-06-06 21:27:18 +02:00
Ben Laurie
c93233dbfd Tidy up, don't exceed the number of requested bits. 2014-06-01 15:31:27 +01:00
Ben Laurie
46838817c7 Constify and reduce coprime random bits to allow for multiplier. 2014-06-01 15:31:27 +01:00
Felix Laurie von Massenbach
8927c2786d Add a test to check we're really generating probable primes. 2014-06-01 15:31:27 +01:00
Felix Laurie von Massenbach
9a3a99748b Remove unused BIGNUMs. 2014-06-01 15:31:27 +01:00
Felix Laurie von Massenbach
c74e148776 Refactor the first prime index. 2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
982c42cb20 Try skipping over the adding and just picking a new random number.
Generates a number coprime to 2, 3, 5, 7, 11.

Speed:
Trial div (add) : trial div (retry) : coprime
1 : 0.42 : 0.84
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
c09ec5d2a0 Generate safe primes not divisible by 3, 5 or 7.
~2% speed improvement on trial division.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
b0513819e0 Add a method to generate a prime that is guaranteed not to be divisible by 3 or 5.
Possibly some reduction in bias, but no speed gains.
2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
e46a059ebf Remove static from probable_prime_dh. 2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
e55fca760b Remove indentation from the goto targets. 2014-06-01 15:31:26 +01:00
Geoff Thorpe
12e9f627f9 bignum: allow concurrent BN_MONT_CTX_set_locked()
The lazy-initialisation of BN_MONT_CTX was serialising all threads, as
noted by Daniel Sands and co at Sandia. This was to handle the case that
2 or more threads race to lazy-init the same context, but stunted all
scalability in the case where 2 or more threads are doing unrelated
things! We favour the latter case by punishing the former. The init work
gets done by each thread that finds the context to be uninitialised, and
we then lock the "set" logic after that work is done - the winning
thread's work gets used, the losing threads throw away what they've done.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-05-06 17:43:35 -04:00
Andy Polyakov
bd227733b9 C64x+ assembly pack: make it work with older toolchain. 2014-05-04 16:38:32 +02:00
Geoff Thorpe
a529261891 bignum: fix boundary condition in montgomery logic
It's not clear whether this inconsistency could lead to an actual
computation error, but it involved a BIGNUM being passed around the
montgomery logic in an inconsistent state. This was found using flags
-DBN_DEBUG -DBN_DEBUG_RAND, and working backwards from this assertion
in 'ectest';

ectest: bn_mul.c:960: BN_mul: Assertion `(_bnum2->top == 0) ||
(_bnum2->d[_bnum2->top - 1] != 0)' failed

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-04-30 11:49:31 -04:00
Andy Polyakov
f8cee9d081 bn/asm/armv4-gf2m.pl, modes/asm/ghash-armv4.pl: faster multiplication
algorithm suggested in following paper:

Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
Polynomial Multiplication on ARM Processors using the NEON Engine.

http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
2014-04-24 10:24:53 +02:00
Dr. Stephen Henson
2514fa79ac Add functions returning security bits.
Add functions to return the "bits of security" for various public key
algorithms. Based on SP800-57.
2014-03-28 14:49:04 +00:00
Dr. Stephen Henson
f9b6c0ba4c Fix for CVE-2014-0076
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140

Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483)

Conflicts:

	CHANGES
2014-03-12 14:29:43 +00:00
Dr. Stephen Henson
4cfeb00be9 make depend 2014-02-19 20:09:08 +00:00
Andy Polyakov
eedab5241e bn/asm/x86_64-mont5.pl: fix compilation error on Solaris. 2014-01-09 13:44:59 +01:00
Andy Polyakov
2218c296b4 ARM assembly pack: make it work with older toolchain. 2013-12-28 12:17:08 +01:00
Andy Polyakov
ec9cc70f72 bn/asm/x86_64-mont5.pl: add MULX/AD*X code path.
This also eliminates code duplication between x86_64-mont and x86_64-mont
and optimizes even original non-MULX code.
2013-12-09 21:02:24 +01:00
Andy Polyakov
d1671f4f1a bn/asm/armv4-mont.pl: add NEON code path. 2013-12-04 22:37:49 +01:00
Andy Polyakov
c5d5f5bd0f bn/asm/x86_64-mont5.pl: comply with Win64 ABI.
PR: 3189
Submitted by: Oscar Ciurana
2013-12-03 23:59:55 +01:00
Andy Polyakov
8bd7ca9996 crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64. 2013-12-03 22:28:48 +01:00
Andy Polyakov
31ed9a2131 crypto/bn/rsaz*: fix licensing note.
rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.
2013-12-03 22:08:29 +01:00
Andy Polyakov
6efef384c6 bn/asm/rsaz-x86_64.pl: fix prototype. 2013-12-03 09:43:06 +01:00
Andy Polyakov
b9e87d07cb ppc64-mont.pl: eliminate dependency on GPRs' upper halves. 2013-11-27 22:50:00 +01:00
Andy Polyakov
d1cf23ac86 Make Makefiles OSF-make-friendly.
PR: 3165
2013-11-12 21:51:37 +01:00
Andy Polyakov
4eeb750d20 bn/asm/x86_64-mont.pl: minor optimization [for Decoded ICache]. 2013-10-25 10:14:20 +02:00
Andy Polyakov
d6019e1654 PPC assembly pack: add .size directives. 2013-10-15 00:14:39 +02:00
Andy Polyakov
30b9c2348d bn/asm/*x86_64*.pl: correct assembler requirement for ad*x. 2013-10-14 22:41:00 +02:00
Andy Polyakov
039081b809 Initial aarch64 bits. 2013-10-13 19:15:15 +02:00
Andy Polyakov
0c2adb0a9b MIPS assembly pack: get rid of deprecated instructions.
Latest MIPS ISA specification declared 'branch likely' instructions
obsolete. To makes code future-proof replace them with equivalent.
2013-10-13 13:14:52 +02:00
Andy Polyakov
fa104be35e bn/asm/rsax-avx2.pl: minor optimization [for Decoded ICache]. 2013-10-10 23:06:43 +02:00
Andy Polyakov
37de2b5c1e bn/bn_exp.c: prefer MULX/AD*X over AVX2. 2013-10-09 11:08:52 +02:00
Andy Polyakov
a5bb5bca52 bn/asm/x86_64-mont*.pl: add MULX/ADCX/ADOX code path. 2013-10-03 00:45:04 +02:00
Andy Polyakov
87954638a6 rsaz-x86_64.pl: add MULX/ADCX/ADOX code path. 2013-10-03 00:30:12 +02:00
Andy Polyakov
72a158703b crypto/bn/asm/x86_64-mont.pl: minor optimization. 2013-09-09 21:40:33 +02:00
Veres Lajos
478b50cf67 misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
Andy Polyakov
fd8ad019e1 crypto/bn/asm/rsax-x86_64.pl: make it work on Darwin. 2013-08-03 16:28:50 +02:00
Andy Polyakov
5c57c69f9e bn/asm/rsaz-avx2.pl: Windows-specific fix. 2013-07-12 18:59:17 +02:00
Ben Laurie
852f837f5e s/rsaz_eligible/rsaz_avx2_eligible/. 2013-07-12 12:47:39 +01:00
Andy Polyakov
ca48ace5c5 Take RSAZ modules into build loop, add glue and engage.
RT: 2582, 2850
2013-07-05 21:39:47 +02:00
Andy Polyakov
0b4bb91db6 Add RSAZ assembly modules.
RT: 2582, 2850
2013-07-05 21:30:18 +02:00
Andy Polyakov
26e43b48a3 bn/asm/x86_86-mont.pl: optimize reduction for Intel Core family. 2013-07-05 21:10:56 +02:00
Andy Polyakov
cbce8c4644 bn/bn_exp.c: harmonize. 2013-07-05 20:52:58 +02:00
Andy Polyakov
b74ce8d948 bn/bn_exp.c: Solaris-specific fix, T4 MONTMUL relies on alloca. 2013-06-30 23:09:09 +02:00
Andy Polyakov
4ddacd9921 Optimize SPARC T4 MONTMUL support.
Improve RSA sing performance by 20-30% by:
- switching from floating-point to integer conditional moves;
- daisy-chaining sqr-sqr-sqr-sqr-sqr-mul sequences;
- using MONTMUL even during powers table setup;
2013-06-18 10:39:38 +02:00
Andy Polyakov
02450ec69d PA-RISC assembler pack: switch to bve in 64-bit builds.
PR: 3074
2013-06-18 10:37:00 +02:00
Adam Langley
8a99cb29d1 Add secure DSA nonce flag.
This change adds the option to calculate (EC)DSA nonces by hashing the
message and private key along with entropy to avoid leaking the private
key if the PRNG fails.
2013-06-13 17:26:07 +01:00
Adam Langley
96a4c31be3 Ensure that, when generating small primes, the result is actually of the
requested size. Fixes OpenSSL #2701.

This change does not address the cases of generating safe primes, or
where the |add| parameter is non-NULL.

Conflicts:
	crypto/bn/bn.h
	crypto/bn/bn_err.c
2013-06-04 18:52:30 +01:00
Adam Langley
2b0180c37f Ensure that x**0 mod 1 = 0. 2013-06-04 18:47:11 +01:00
Adam Langley
7753a3a684 Add volatile qualifications to two blocks of inline asm to stop GCC from
eliminating them as dead code.

Both volatile and "memory" are used because of some concern that the compiler
may still cache values across the asm block without it, and because this was
such a painful debugging session that I wanted to ensure that it's never
repeated.
2013-06-04 18:46:25 +01:00
Andy Polyakov
b69437e1e5 crypto/bn/bn_exp.c: SPARC portability fix. 2013-06-01 09:58:07 +02:00
Andy Polyakov
342dbbbe4e x86_64-gf2m.pl: fix typo. 2013-03-01 22:36:36 +01:00