wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
15111 commits 20 branches 302 tags 153 MiB
Commit graph

1065 commits

Author SHA1 Message Date
Ben Laurie
edc032b5e3 Add SRP support. 2011-03-12 17:01:19 +00:00
Andy Polyakov
a000759a5c ia64-mont.pl: optimize short-key performance. 2011-03-04 13:27:29 +00:00
Andy Polyakov
0ab8fd58e1 s390x assembler pack: tune-up and support for new z196 hardware. 2011-03-04 13:09:16 +00:00
Dr. Stephen Henson
949c6f8ccf Stop warnings. 2011-02-23 16:06:33 +00:00
Dr. Stephen Henson
b7056b6414 Update dependencies. 2011-02-21 17:51:59 +00:00
Dr. Stephen Henson
d749e1080a Experimental symbol renaming to avoid clashes with regular OpenSSL. 
Make sure crypto.h is included first in any affected files.
 2011-02-16 14:40:06 +00:00
Dr. Stephen Henson
fe26d066ff Add ECDSA functionality to fips module. Initial very incomplete version 
of algorithm test program.
 2011-02-14 17:14:55 +00:00
Dr. Stephen Henson
133291f8e7 New function BN_nist_mod_func which returns an appropriate function 
if the passed prime is a NIST prime.
 2011-02-14 16:44:29 +00:00
Dr. Stephen Henson
c9a90645a5 Disable some functions in headers with no-ec2m 2011-02-12 17:38:06 +00:00
Dr. Stephen Henson
b331016124 New option to disable characteristic two fields in EC code. 2011-02-12 17:23:32 +00:00
Dr. Stephen Henson
ed12c2f7ca In FIPS mode only use "Generation by Testing Candidates" equivalent. 2011-02-11 15:19:54 +00:00
Dr. Stephen Henson
14ae26f2e4 Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files 
that use it.
 2011-02-03 17:00:24 +00:00
Bodo Möller
9d0397e977 make update 2011-02-03 10:17:53 +00:00
Dr. Stephen Henson
7edfe67456 Move all FIPSAPI renames into fips.h header file, include early in 
crypto.h if needed.

Modify source tree to handle change.
 2011-01-27 19:10:56 +00:00
Dr. Stephen Henson
7cc684f4f7 Redirect FIPS memory allocation to FIPS_malloc() routine, remove 
OpenSSL malloc dependencies.
 2011-01-27 17:23:43 +00:00
Dr. Stephen Henson
aa87945f47 Update source files to handle new FIPS_lock() location. Add FIPS_lock() 
definition. Remove stale function references from fips.h
 2011-01-27 15:57:31 +00:00
Dr. Stephen Henson
7c8ced94c3 Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer 
to EVP any more.

Move locking #define into fips.h.

Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
 2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
a27de7b7fd use FIPSEVP in some bn and rsa files 2011-01-27 14:24:42 +00:00
Dr. Stephen Henson
879bd6e38c Internal version of BN_mod_inverse allowing checking of no-inverse without 
need to inspect error queue.
 2011-01-26 16:59:47 +00:00
Dr. Stephen Henson
df6de39fe7 Change AR to ARX to allow exclusion of fips object modules 2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
13a5519208 Move BN_options function to bn_print.c to remove dependency for BIO printf 
routines from bn_lib.c
 2011-01-25 17:10:30 +00:00
Dr. Stephen Henson
7b1a04519f add X9.31 prime generation routines from 0.9.8 branch 2011-01-09 13:02:14 +00:00
Andy Polyakov
e822c756b6 s390x assembler pack: adapt for -m31 build, see commentary in Configure 
for more details.
 2010-11-29 20:52:43 +00:00
Andy Polyakov
dd128715a2 s390x.S: fix typo in bn_mul_words. 
PR: 2380
 2010-11-22 21:55:07 +00:00
Dr. Stephen Henson
776654adff PR: 2295 
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
 2010-10-11 23:49:22 +00:00
Andy Polyakov
d466588788 MIPS assembler pack: enable it in Configure, add SHA2 module, fix make rules, 
update commentary...
 2010-10-02 11:47:17 +00:00
Andy Polyakov
da4d239dad Add unified mips.pl, which will replace mips3.s. 2010-09-27 21:19:43 +00:00
Andy Polyakov
0985473636 sha1-mips.pl, mips-mont.pl: unify MIPS assembler modules in respect to 
ABI and binutils.
 2010-09-22 08:43:09 +00:00
Andy Polyakov
f8927c89d0 Alpha assembler pack: adapt for Linux. 
PR: 2335
 2010-09-13 13:28:52 +00:00
Andy Polyakov
dd4a0af370 crypto/bn/asm/s390x.S: drop redundant instructions. 2010-09-10 14:53:36 +00:00
Andy Polyakov
1cbdca7bf2 Harmonize s390x assembler modules with "catch-all" rules from commit#19749. 2010-07-09 12:11:12 +00:00
Andy Polyakov
e216cd6ee9 armv4-mont.pl: addenum to previous commit#19749. 2010-07-08 15:06:01 +00:00
Andy Polyakov
396df7311e crypto/*/Makefile: unify "catch-all" assembler make rules and harmonize 
ARM assembler modules.
 2010-07-08 15:03:42 +00:00
Ben Laurie
c8bbd98a2b Fix warnings. 2010-06-12 14:13:23 +00:00
Andy Polyakov
3efe51a407 Revert previous Linux-specific/centric commit#19629. If it really has to 
be done, it's definitely not the way to do it. So far answer to the
question was to ./config -Wa,--noexecstack (adopted by RedHat).
 2010-05-05 22:05:39 +00:00
Ben Laurie
0e3ef596e5 Non-executable stack in asm. 2010-05-05 15:50:13 +00:00
Andy Polyakov
d23f4e9d5a alpha-mont.pl: comply with stack alignment requirements. 2010-04-10 13:33:04 +00:00
Andy Polyakov
97a6a01f0f ARMv4 assembler: fix compilation failure. Fix is actually unconfirmed, but 
I can't think of any other cause for failure
 2010-03-29 09:55:19 +00:00
Bodo Möller
2d9dcd4ff0 Always check bn_wexpend() return values for failure (CVE-2009-3245). 
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
 2010-02-23 10:36:35 +00:00
Andy Polyakov
964ed94649 parisc-mont.pl: PA-RISC 2.0 code path optimization based on intruction- 
level profiling data resulted in almost 50% performance improvement.
PA-RISC 1.1 is also reordered in same manner, mostly to be consistent,
as no gain was observed, not on PA-7100LC.
 2010-01-25 23:12:00 +00:00
Andy Polyakov
4f38565204 bn_lcl.h: add MIPS III-specific BN_UMULT_LOHI as alternative to porting 
crypto/bn/asm/mips3.s from IRIX. Performance improvement is not as
impressive as with complete assembler, but still... it's almost 2.5x
[on R5000].
 2010-01-17 12:08:24 +00:00
Andy Polyakov
4407700c40 ia64-mont.pl: add shorter vector support ("shorter" refers to 512 bits and 
less).
 2010-01-17 11:33:59 +00:00
Andy Polyakov
74f2260694 ia64-mont.pl: addp4 is not needed when referring to stack (this is 32-bit 
HP-UX thing).
 2010-01-07 15:36:59 +00:00
Andy Polyakov
1f23001d07 ppc64-mont.pl: commentary update. 2010-01-06 10:58:59 +00:00
Andy Polyakov
dacdcf3c15 Add Montgomery multiplication module for IA-64. 2010-01-06 10:57:55 +00:00
Andy Polyakov
70b76d392f ppccap.c: fix compiler warning and perform sanity check outside signal masking. 
ppc64-mont.pl: clarify comment and fix spelling.
 2009-12-29 11:18:16 +00:00
Andy Polyakov
3fc2efd241 PA-RISC assembler: missing symbol and typos. 2009-12-28 16:13:35 +00:00
Andy Polyakov
cb3b9b1323 Throw in more PA-RISC assembler. 2009-12-27 20:49:40 +00:00
Andy Polyakov
d741cf2267 ppccap.c: tidy up. 
ppc64-mont.pl: missing predicate in commentary.
 2009-12-27 11:25:24 +00:00
Andy Polyakov
b4b48a107c ppc64-mont.pl: adapt for 32-bit and engage for all builds. 2009-12-26 21:30:13 +00:00
Dr. Stephen Henson
7e4cae1d2f PR: 2111 
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
 2009-12-02 15:28:42 +00:00
Dr. Stephen Henson
e8a682f223 PR: 2062 
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BN_rand error handling in bntest.c
 2009-10-01 00:21:20 +00:00
Dr. Stephen Henson
73ea416070 Update from 1.0.0-stable. 2009-06-17 11:48:22 +00:00
Dr. Stephen Henson
d70323f1c5 Submitted by: Peter Gutmann <pgut001@cs.auckland.ac.nz> 
Approved by: steve@openssl.org

Check return values for NULL in case of malloc failure.
 2009-06-17 11:25:42 +00:00
Dr. Stephen Henson
779558b9e5 Update from 1.0.0-stable. 2009-06-15 10:27:22 +00:00
Dr. Stephen Henson
477fd4596f PR: 1835 
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.
 2009-02-14 21:49:38 +00:00
Andy Polyakov
0f529cbdc3 s390x-mont.pl: optimize prologue. 2009-02-10 08:46:48 +00:00
Andy Polyakov
8626230a02 s390x assembler pack update. 2009-02-09 15:42:04 +00:00
Dr. Stephen Henson
41b7619596 Fix missing prototype warnings then fix different prototype warnings ;-) 2009-01-11 16:17:26 +00:00
Andy Polyakov
a68c7b9171 bn_lib.c: [re-]fix Win64 compiler warning. 2008-12-29 12:44:33 +00:00
Andy Polyakov
5cabcf96e7 Fix "possible loss of data" Win64 compiler warnings. 2008-12-29 12:35:49 +00:00
Andy Polyakov
be01f79d3d x86_64 assembler pack: add support for Win64 SEH. 2008-12-19 11:17:29 +00:00
Andy Polyakov
3ebbe8853f Bring C bn_mul_mont template closer to assembler. 2008-12-16 07:28:38 +00:00
Andy Polyakov
93c4ba07d7 x86_64-xlate.pl update, engage x86_64 assembler in mingw64. 2008-11-14 16:40:37 +00:00
Andy Polyakov
1416aec60d Update make rules for x86_64 assembler pack. 2008-11-12 08:19:04 +00:00
Andy Polyakov
aa8f38e49b x86_64 assembler pack to comply with updated styling x86_64-xlate.pl rules. 2008-11-12 08:15:52 +00:00
Andy Polyakov
2fbc8a2aad Revert commit #17603, it should have been part of #17617. 2008-11-12 07:27:36 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more 
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
 2008-11-12 03:58:08 +00:00
Bodo Möller
0a8c9f7de1 symbol deobnoxification 2008-11-11 07:08:59 +00:00
Dr. Stephen Henson
0afc9f5bc0 PR: 1777 
Submitted by: "Alon Bar-Lev" <alon.barlev@gmail.com>
Approved by: steve@openssl.org

Fix some size_t issues.
 2008-11-05 23:14:32 +00:00
Dr. Stephen Henson
e6e0c9018c Fix prototypes. 2008-11-02 18:12:36 +00:00
Dr. Stephen Henson
9619b730b4 Use stddef.h to pick up size_t def. 2008-11-02 16:56:13 +00:00
Dr. Stephen Henson
c76fd290be Fix warnings about mismatched prototypes, undefined size_t and value computed 
not used.
 2008-11-02 12:50:48 +00:00
Ben Laurie
4d6e1e4f29 size_tification. 2008-11-01 14:37:00 +00:00
Andy Polyakov
122396f2db Fix SHA512 and optimize BN for mingw64. 2008-11-01 12:46:18 +00:00
Andy Polyakov
f1455b3063 Minor clean-up in bn_lib.c: constification and optimization. 2008-10-28 13:52:51 +00:00
Andy Polyakov
b764f82c64 Fix crash in BN_rshift. 
PR: 1663
 2008-10-28 13:46:14 +00:00
Geoff Thorpe
ae7ec4c71d Apparently '__top' is also risky, obfuscate further. (All this to 
avoid inlines...)
 2008-10-22 12:00:15 +00:00
Geoff Thorpe
3fdc6c11aa Use of a 'top' var creates "shadow variable" warnings. 2008-10-22 01:25:45 +00:00
Ben Laurie
0d6f9c7181 Constification. 2008-10-19 22:51:27 +00:00
Andy Polyakov
aff8259510 Fix argument order in BN_nnmod call and implement rigorous boundary 
condition check.
 2008-10-16 07:54:41 +00:00
Andy Polyakov
256b3e9c5f Optimize bn_correct_top. 2008-10-15 10:48:52 +00:00
Andy Polyakov
762a2e3cab Remove redundant BN_ucmp, fix boundary condition in BN_nist_mod_224 and 
reimplement BN_nist_mod_521.
 2008-10-15 10:47:48 +00:00
Geoff Thorpe
fa0f834c20 Fix build warnings. 2008-09-15 04:02:37 +00:00
Bodo Möller
f8d6be3f81 Some precautions to avoid potential security-relevant problems. 2008-09-14 13:42:34 +00:00
Andy Polyakov
492279f6f3 AIX build updates. 2008-09-12 14:45:54 +00:00
Geoff Thorpe
4c3296960d Remove the dual-callback scheme for numeric and pointer thread IDs, 
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.
 2008-08-06 15:54:15 +00:00
Geoff Thorpe
5f834ab123 Revert my earlier CRYPTO_THREADID commit, I will commit a reworked 
version some time soon.
 2008-07-03 19:59:25 +00:00
Bodo Möller
8228fd89fc avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr() 
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
 2008-06-23 20:46:24 +00:00
Bodo Möller
fabe640f5e Clarifying comment. 2008-05-02 18:47:48 +00:00
Bodo Möller
d05a474556 Montgomery-related minor cleanups/documentation 2008-05-01 18:48:20 +00:00
Andy Polyakov
ba6f95e81b Add 64-bit support to BN_nist_mod_244 and engage BN_nist_mod_* on 64-bit 
platforms.
 2008-04-24 10:04:26 +00:00
Andy Polyakov
830b8877ba Takanori Yanagisawa has shown how to correctly use pre-computed values. 
So in a sense this commit reverts few latest ones fixing bugs in original
code and improving it, most notably adding 64-bit support [though not in
BN_nist_mod_224 yet].
PR: 1593
 2008-04-23 08:10:25 +00:00
Andy Polyakov
9912ab6770 Resolve __DECC warning and keep disclaiming support for 16-bit platforms. 2008-04-18 15:47:30 +00:00
Andy Polyakov
299ab428ce Fix remaining BN_nist_mod_*. 
PR: 1593
 2008-04-18 15:40:57 +00:00
Lutz Jänicke
4c1a6e004a Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev 
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>, "Alon Bar-Lev" <alon.barlev@gmail.com>
 2008-04-17 10:19:16 +00:00
Andy Polyakov
d4122504a2 Clarifying comment. 2008-04-09 12:06:42 +00:00
Andy Polyakov
2c4226c42b Do BN_nist_mod_384 by the book, as cheating doesn't work. Other functions 
will be revised too.
PR: 1593
 2008-04-09 11:36:04 +00:00
Andy Polyakov
2819ffb520 Fix fast reduction on NIST curves (as well BN_NIST_ADD_ONE macro). 
PR: 1593
 2008-04-01 08:39:08 +00:00
Dr. Stephen Henson
e2a29d49ca Update dependencies. 2008-03-29 21:11:25 +00:00
Geoff Thorpe
f7ccba3edf There was a need to support thread ID types that couldn't be reliably cast 
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used.  This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
 2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
56c7754cab Avoid warnings. 2008-02-28 14:05:01 +00:00
Andy Polyakov
61b05a0025 Make x86_64-mont.pl work with debug Win64 build. 2008-02-27 20:09:28 +00:00
Bodo Möller
7c9882eb24 fix BIGNUM flag handling 2008-02-27 06:01:28 +00:00
Andy Polyakov
089458b096 ppc64-mont optimization. 2008-02-05 13:10:14 +00:00
Andy Polyakov
676517e08e crypto/rc5/Makefile was erroneously omitted from last perlasm unification. 
Also remove obsolete and now misleading comments.
 2008-01-15 11:27:06 +00:00
Andy Polyakov
addd641f3a Unify ppc assembler make rules. 2008-01-13 22:01:30 +00:00
Andy Polyakov
fa8e921f66 Unify x86 perlasm make rules. 2008-01-11 13:15:11 +00:00
Dr. Stephen Henson
4d1f3f7a6c Update perl asm scripts include paths for perlasm. 2008-01-05 22:28:38 +00:00
Andy Polyakov
c8ec4a1b0b Final (for this commit series) optimized version and with commentary section. 2007-12-29 20:30:09 +00:00
Andy Polyakov
699e1a3a82 This is also informational commit exposing loop modulo scheduling "factor." 2007-12-29 20:28:01 +00:00
Andy Polyakov
64214a2183 New Montgomery multiplication module, ppc64-mont.pl. Reference, non-optimized 
implementation. This is essentially informational commit.
 2007-12-29 20:26:46 +00:00
Andy Polyakov
ca64056836 Engage x86 assembler in Mac OS X build. 2007-12-18 17:33:49 +00:00
Andy Polyakov
70ba4ee5d5 Commit #16325 fixed one thing but broke DH with certain moduli. 2007-11-03 20:09:04 +00:00
Andy Polyakov
0023adb47a Switch to bn-s390x (it's faster on keys longer than 512 bits) and mention 
s390x assembler pack in CHANAGES.
 2007-10-01 07:38:32 +00:00
Andy Polyakov
7722e53f12 Yet another ARM update. It appears to be more appropriate to make 
developers responsible for -march choice.
 2007-09-27 16:27:03 +00:00
Andy Polyakov
75a8e30f4f Minimize stack utilization in probable_prime. 2007-09-18 20:52:05 +00:00
Bodo Möller
08b229e13f Make sure that BN_from_montgomery keeps the BIGNUMS in proper format 2007-09-18 16:35:28 +00:00
Dr. Stephen Henson
710069c19e Fix warnings. 2007-08-12 17:44:32 +00:00
Andy Polyakov
35295bdbee bn_mul_recursive doesn't handle all cases correctly, which results in 
BN_mul failures at certain key-length mixes.
PR: 1427
 2007-07-08 18:53:03 +00:00
Andy Polyakov
62aa5dd415 Fix build problem on Tru64. 2007-06-29 13:11:45 +00:00
Andy Polyakov
673c55a2fe Latest bn_mont.c modification broke ECDSA test. I've got math wrong, which 
is fixed now.
 2007-06-29 13:10:19 +00:00
Andy Polyakov
5b89f78a89 Typo in x86_64-mont.pl. 
PR: 1549
 2007-06-21 11:38:52 +00:00
Andy Polyakov
1c7f8707fd bn_asm for s390x. 2007-06-20 14:10:16 +00:00
Andy Polyakov
2329694222 SPARC Solaris and Linux assemblers treat .align directive differently. 
PR: 1547
 2007-06-20 12:24:22 +00:00
Dr. Stephen Henson
9677bf0f30 Update .cvsignore 2007-06-18 12:40:24 +00:00
Andy Polyakov
7d9cf7c0bb Eliminate conditional final subtraction in Montgomery assembler modules. 2007-06-17 17:10:03 +00:00
Andy Polyakov
55525742f4 Privatize BN_*_no_branch. 2007-06-11 16:33:03 +00:00
Andy Polyakov
c693b5a55c Commentary updates and minor optimization for bn_mont.c. 2007-06-11 08:53:52 +00:00
Andy Polyakov
6b6443dead Eliminate conditional final subtraction in Montgomery multiplication. 2007-06-10 19:34:38 +00:00
Andy Polyakov
b900df5258 Engage s390x assembler modules. 2007-04-30 09:22:27 +00:00
Andy Polyakov
a2a54ffc5f s390x assembler pack. 2007-04-30 08:42:54 +00:00
Bodo Möller
24a8c25ab5 fix error codes 2007-04-19 15:14:21 +00:00
Bodo Möller
d1e7d1d96c don't violate the bn_check_top assertion in BN_mod_inverse_no_branch() 2007-04-19 14:45:57 +00:00
Bodo Möller
b002265ee3 make BN_FLG_CONSTTIME semantics more fool-proof 2007-03-28 18:41:23 +00:00
Bodo Möller
bd31fb2145 Change to mitigate branch prediction attacks 
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
 2007-03-28 00:15:28 +00:00
Andy Polyakov
8b71d35458 nasm fixes. 2007-03-20 08:55:58 +00:00
Andy Polyakov
760e353528 sparcv9a-mont was modified to handle 32-bit aligned input, but check 
for 64-bit alignment was not removed.
 2007-03-20 08:54:51 +00:00
Dr. Stephen Henson
af32f9fdda Update from fips2 branch. 2007-02-03 17:32:49 +00:00
Dr. Stephen Henson
560b79cbff Constify version strings and some structures. 2007-01-21 13:07:17 +00:00
Andy Polyakov
64aecc6720 Make armv4t-mont module backward binary compatible with armv4 and rename it 
accordingly.
 2007-01-17 20:12:41 +00:00
Andy Polyakov
43b8fe1cd0 Montgomery multiplication for ARMv4. 2007-01-11 21:43:25 +00:00
Andy Polyakov
8876e58f34 Montgomery multiplication for MIPS III/IV. Not engaged. 2006-12-29 11:09:33 +00:00
Andy Polyakov
7321a84d4c Minor clean-up in crypto/bn/asm. 2006-12-29 11:05:20 +00:00
Andy Polyakov
4cfe3df1f5 Minor performance improvements to x86-mont.pl. 2006-12-28 12:43:16 +00:00
Andy Polyakov
8f2d60ec26 Fix for "strange errors" exposed by ccgost engine. The fix is 
two extra insructions in sqradd loop at line #503.
 2006-12-27 10:59:51 +00:00
Andy Polyakov
1702c8c4bf x86-mont.pl sse2 tune-up and integer-only squaring procedure. 2006-12-22 15:28:07 +00:00
Andy Polyakov
87d3af6475 Eliminate 64-bit alignment limitation in sparcv9a-mont. 2006-12-08 15:18:41 +00:00
Andy Polyakov
98939a05b6 alpha-mont.pl: gcc portability fix and make-rule. 2006-12-08 14:18:58 +00:00
Andy Polyakov
d28134b8f3 Minor, +10%, tune-up for x86_64-mont.pl. 2006-12-08 10:13:51 +00:00
Andy Polyakov
8583eba015 Montgomery multiplication routine for Alpha. 2006-12-08 10:12:56 +00:00
Andy Polyakov
73b979e601 Clarify HAL SPARC64 support situation in sparcv9a-mont.pl. 2006-11-28 11:07:36 +00:00
Andy Polyakov
ebae8092cb Minor optimizations based on intruction level profiler feedback. 2006-11-28 10:34:51 +00:00
Andy Polyakov
2e21922eb6 Modulo-schedule loops in sparcv9a-mont.pl. Overall improvement factor 
over 0.9.8 is up to 3x on USI&II cores and up to 80% - on USIII&IV.
 2006-11-28 07:24:26 +00:00
Andy Polyakov
1c3d2b94be This is "informational" commit. Its mere purpose is to expose "modulo 
factor" in inner loops.
 2006-11-28 07:20:36 +00:00
Andy Polyakov
48d2335d73 Non-SSE2 path to bn_mul_mont. But it's disabled, because it currently 
doesn't give performance improvement.
 2006-11-27 14:59:35 +00:00
Dr. Stephen Henson
47a9d527ab Update from 0.9.8 stable. Eliminate duplicate error codes. 2006-11-21 21:29:44 +00:00
Andy Polyakov
31439046e0 bn/asm/ppc.pl to use ppc-xlate.pl. 2006-10-17 14:37:07 +00:00
Andy Polyakov
cecfdbf72d VIA-specific Montgomery multiplication routine. 2006-10-17 07:04:48 +00:00
Bodo Möller
a53cdc5b08 Ensure that the addition mods[i]+delta cannot overflow in probable_prime(). 
[Problem pointed out by Adam Young <adamy (at) acm.org>]
 2006-09-18 14:00:49 +00:00
Andy Polyakov
8ea975d070 +20% tune-up for Power5. 2006-08-09 15:40:30 +00:00
Andy Polyakov
c8a0d0aaf9 Engage assembler in solaris64-x86_64-cc. 2006-07-31 22:28:40 +00:00
Dr. Stephen Henson
f0fa285f75 Update .cvsignore again. 2006-07-17 16:42:06 +00:00
Andy Polyakov
1a4e245f3e Unsigned vs signed comparison warning. 2006-07-04 20:29:14 +00:00
Bodo Möller
48fc582f66 New functions CRYPTO_set_idptr_callback(), 
CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type
thread ID, since the 'unsigned long' type of the existing thread ID
does not always work well.
 2006-06-23 15:21:36 +00:00
Bodo Möller
c4e7870ac1 Change array representation of binary polynomials to make GF2m part of 
the BN library more generally useful.

Submitted by: Douglas Stebila
 2006-06-18 22:00:57 +00:00
Bodo Möller
4584eccea0 another thread-safety fix 2006-06-16 01:00:47 +00:00
Bodo Möller
675f605d44 Thread-safety fixes 2006-06-14 08:55:23 +00:00
Andy Polyakov
67d990904e Futher minor PPC assembler update. 2006-05-04 21:30:41 +00:00
Andy Polyakov
c09a0318b7 Minor PPC assembler updates. 2006-05-03 14:07:34 +00:00
Andy Polyakov
2c5d4daac5 Yet another "teaser" Montgomery multiplication module, for PowerPC. 2006-04-30 21:15:29 +00:00
Dr. Stephen Henson
54d853ebc3 Add support for setting keybits and public exponent value for pkey RSA keygen. 2006-04-11 17:28:37 +00:00
Nils Larsch
b4e88ccb28 ensure the pointer is valid before using it 2006-03-18 14:27:41 +00:00
Ulf Möller
3b408d83fe make update 2006-02-12 23:21:56 +00:00
Dr. Stephen Henson
15ac971681 Update filenames in makefiles. 2006-02-04 01:45:59 +00:00
Nils Larsch
8c5a2bd6bb add additional checks + cleanup 
Submitted by: David Hartman <david_hartman@symantec.com>
 2006-01-29 23:12:22 +00:00
Nils Larsch
3798cb8182 fix comment 
PR: 1270
 2006-01-13 23:50:26 +00:00
Nils Larsch
2c5fadbce3 2 is a prime 
PR: 1266
 2006-01-13 23:27:59 +00:00
Andy Polyakov
7a5dbeb782 Minor sparcv9 clean-ups. 2005-12-27 21:27:39 +00:00
Andy Polyakov
3b4a0225e2 As SPARCV9 CPU flavor is [expected to be] detected at run-time, we can 
afford to relax SPARCV9/8+ compiler command line and produce "unversal"
binaries as we used to.
 2005-12-19 09:10:06 +00:00
Andy Polyakov
a00e414faf Unify sparcv9 assembler naming and build rules among 32- and 64-bit builds. 
Engage run-time switch between bn_mul_mont_fpu and bn_mul_mont_int.
 2005-12-16 17:39:57 +00:00
Andy Polyakov
f5826b8014 We all make typos:-) Fix just introduced ones in bn.h 2005-12-16 10:43:33 +00:00
Andy Polyakov
4a47f55639 Eliminate warning induced by http://cvs.openssl.org/chngview?cn=14690 and 
keep disclaiming narrower than 32-bit support.
 2005-12-16 10:37:24 +00:00
Andy Polyakov
68ea60683a Add IALU-only bn_mul_mont for SPARCv9. See commentary section for details. 2005-12-15 22:43:33 +00:00
Andy Polyakov
6df8c74d5b Switch 64-bit sparcv9 platforms from bn(64,64) to bn(64,32). This doesn't 
have impact on performance, because amount of multiplications does not
increase with this switch, not on sparcv9 that is. On the contrary, it
actually improves performance, because it spares a load of instructions
used to chase carries. Not to mention that BN assembler modules can be
shared more freely between 32- and 64-bit builts.
 2005-12-15 22:40:58 +00:00
Andy Polyakov
877e8e970c Allow for bn(64,32) on LP64 platforms. 2005-12-15 22:31:16 +00:00
Andy Polyakov
07645deeb8 Apply "better safe than sorry" approach after addressing sporadic SEGV in 
bn_sub_words to the rest of the sparcv8plus.S.
 2005-11-15 08:02:10 +00:00
Andy Polyakov
c52c82ffc1 Attempt to resolve sporadic SEGV crashes in bn_sub_words in OpenSSH. I'm 
baffled why it crashes and does it sporadically...
 2005-11-11 20:07:07 +00:00
Dr. Stephen Henson
d6a03a23a8 Update from stable branch. 2005-11-11 13:00:07 +00:00
Andy Polyakov
bd2abcae37 Move declaration for optional bn_mul_mont to bn_lcl.h in order to hide 
it from mkdef.pl.
 2005-11-06 22:10:38 +00:00
Andy Polyakov
a4d729f31d Clarify binary compatibility with HAL/Fujitsu SPARC64 family. 2005-10-25 15:39:47 +00:00
Andy Polyakov
8c0ceb17a2 bn_asm.c update. 2005-10-22 20:20:06 +00:00
Andy Polyakov
c2012f9b82 Eliminate gcc warning in bn_mont.c. 2005-10-22 20:17:01 +00:00
Andy Polyakov
aa2be094ae Add support for 32-bit ABI to sparcv9a-mont.pl module. 2005-10-22 18:16:09 +00:00
Andy Polyakov
4d524040bc Change bn_mul_mont declaration and BN_MONT_CTX. Update CHANGES. 2005-10-22 17:57:18 +00:00
Andy Polyakov
bcb43bb358 Yet another "teaser" Montgomery multiply module, for UltraSPARC. It's not 
integrated yet, but it's tested and benchmarked [see commentary section
for further details].
 2005-10-19 07:12:06 +00:00
Andy Polyakov
34736de4c0 Flip saved argument block and tp [required for non-SSE2 path]. 2005-10-14 16:05:21 +00:00
Andy Polyakov
5f50d597f2 Make sure x86-mont.pl returns zero even if compiled with no-sse2. 2005-10-14 15:24:06 +00:00
Andy Polyakov
df94f187b9 Fix bug in SMALL_FOOTPRINT path and clarify comment. 2005-10-14 15:22:27 +00:00
Andy Polyakov
35593b33f4 Add timestamp to x86-mont.pl. 2005-10-09 10:26:56 +00:00
Andy Polyakov
54f3d200d3 Throw in bn/asm/x86-mont.pl Montgomery multiplication "teaser". 2005-10-09 09:53:58 +00:00
Andy Polyakov
7a2f4cbfe8 x86_64-mont.pl readability improvement. 2005-10-07 15:18:16 +00:00
Andy Polyakov
5ac7bde7c9 Throw in Montgomery multiplication assembler for x86_64. 2005-10-07 14:18:06 +00:00
Andy Polyakov
9b4eab501a Refine logic in bn_mont.c and eliminate redundant BN_CTX pulls. 2005-10-06 13:12:28 +00:00
Andy Polyakov
ca04d7a208 Leave the decision to call/implement bn_sqr_mont to assembler developer. 2005-10-06 09:12:39 +00:00
Dr. Stephen Henson
40a3c12305 Initialize bignum constants using BN_bin2bn() instead of BN_hex2bn(). This 
saves a bit of space and avoids a compiler warning about string length.
 2005-10-05 17:51:43 +00:00
Andy Polyakov
22cd982566 Fix typo in exptest.c. 2005-10-04 06:23:15 +00:00
Andy Polyakov
682b112abc Reserve for SMALL_FOOTPRINT bn_asm.c. Currently OPENSSL_SMALL_FOOTPRINT 
is defined on Windows CE targets.
 2005-10-04 06:22:11 +00:00
Andy Polyakov
e738280547 Add reference implementation for bn_[mul|sqr]_mont, new candidates for 
assembler implementation.
 2005-10-04 06:19:29 +00:00
Andy Polyakov
6f9afa68cd IA-32 BN tune-up. Performance imrpovement varies with platform and 
keylength, this time larger improvement for shorter keys, and reaches
15%. Both SSE2 and IALU code pathes are improved.
 2005-09-20 12:26:54 +00:00
Nils Larsch
8215e7a938 fix warnings when building openssl with the following compiler options: 
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
        -Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
        -Wstrict-prototypes -Wreturn-type -Wpointer-arith  -W -Wunused
        -Wno-unused-parameter -Wuninitialized
 2005-08-28 22:49:57 +00:00
Bodo Möller
7534d131d6 avoid potential spurious BN_free() 
Submitted by: David Heine <dlheine@suif.Stanford.EDU>
 2005-08-23 04:14:40 +00:00
Nils Larsch
725111f7cb add missing file 2005-08-21 23:02:05 +00:00
Ben Laurie
bf3d6c0c9b Make D-H safer, include well-known primes. 2005-08-21 16:00:17 +00:00
Andy Polyakov
7cfe2a5e65 Fix Intel assembler warnings. 2005-08-10 08:28:36 +00:00
Andy Polyakov
11de71b04c 3-4 times better RSA/DSA performance on WIN64A target. Well, on AMD64 CPU, 
EMT64T will hardly exhibit better performance...
 2005-08-04 17:35:42 +00:00
Nils Larsch
0260405c68 fix BN_mod_word and give a more reasonable return value if an error occurred 2005-07-25 22:57:54 +00:00
Nils Larsch
17a2994dbd set correct bn->top value 2005-07-21 22:40:39 +00:00
Andy Polyakov
ef428d5681 Fix unwind directives in IA-64 assembler modules. This helps symbolic 
debugging and doesn't affect functionality.

Submitted by: David Mosberger

Obtained from: http://www.hpl.hp.com/research/linux/crypto/
 2005-07-18 09:54:14 +00:00
Nils Larsch
449bd384ed bugfix: 0 - w (w != 0) is actually negative 2005-07-17 16:09:09 +00:00
Andy Polyakov
31efffbdba Trap condition should be 64-bit when it's due. 2005-07-03 09:17:50 +00:00
Andy Polyakov
aaa5dc614f More elegant solution to "sparse decimal printout on PPC" problem. 2005-07-02 08:58:55 +00:00
Andy Polyakov
8be97c01d1 Decimal printout of a BN is wrong on PPC, it's sparse with very few 
significant digits. As soon it verifies elsewhere it goes to 0.9.8 and
0.9.7.
 2005-07-01 17:49:47 +00:00
Ben Laurie
a51a97262d Brought forward from 0.9.8 - 64 bit warning fixes and fussy compiler fixes. 2005-06-29 11:02:15 +00:00
Andy Polyakov
bb00084863 Replace _int64 with __int64, which is more widely accepted among Win32 
compiler vendors.
 2005-06-28 11:50:50 +00:00
Andy Polyakov
c25f2f1cbf Missed -c in IRIX rules. 2005-06-23 20:37:29 +00:00
Andy Polyakov
62526671e9 Typo in bn-mips3 rule. 2005-06-23 16:24:51 +00:00
Andy Polyakov
88ebf53577 Rename mips3.o to bn-mips3.o [it's better in long run] and adjust the 
rule to accomodate gcc4, which no longer support SGI as.
 2005-06-23 16:23:06 +00:00
Nils Larsch
88737991d2 fix assertion 2005-05-31 20:39:16 +00:00
Andy Polyakov
20a85e9f69 Missing sparcv8.o rule. 
PR: 1082
 2005-05-31 12:17:35 +00:00
Richard Levitte
9426364be9 Typo 2005-05-29 12:11:50 +00:00
Bodo Möller
a28a5d9c62 Use BN_with_flags() in a cleaner way. 2005-05-27 15:38:53 +00:00
Bodo Möller
c61f571ce0 check BN_copy() return value 2005-05-26 04:30:49 +00:00
Richard Levitte
b172dec864 DEC C complains about bad subscript, but we know better, so let's shut it up. 2005-05-24 03:22:53 +00:00
Andy Polyakov
ce92b6eb9c Further BUILDENV refinement, further fool-proofing of Makefiles and 
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
 2005-05-16 16:55:47 +00:00
Bodo Möller
46a643763d Implement fixed-window exponentiation to mitigate hyper-threading 
timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
 2005-05-16 01:43:31 +00:00
Andy Polyakov
81a86fcf17 Fool-proofing Makefiles 2005-05-15 22:23:26 +00:00
Ben Laurie
4b26fe30de There must be an explicit way to build the .o! 2005-05-11 16:39:05 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes. 
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
 2005-05-11 03:45:39 +00:00
Richard Levitte
82e8cb403a Since BN_LLONG will only be defined for Alpha/VMS and not VAX/VMS, 
there's no need to undefine it here.  Then, let's get a bit paranoid
and not define BN_ULLONG on THIRTY_TWO_BIT machines when BN_LLONG
isn't defined.
 2005-05-06 13:34:35 +00:00
Nils Larsch
f15c448a72 remove BN_ncopy, it was only used in bn_nist.c and wasn't particular 
useful anyway
 2005-05-03 20:27:00 +00:00
Nils Larsch
fcb41c0ee8 rewrite of bn_nist.c, disable support for some curves on 64 bit platforms 
for now (it was broken anyway)
 2005-05-03 20:23:33 +00:00
Nils Larsch
c1a8a5de13 don't let BN_CTX_free(NULL) segfault 2005-04-29 21:20:31 +00:00
Dr. Stephen Henson
6ec8e63af6 Port BN_MONT_CTX_set_locked() from stable branch. 
The function rsa_eay_mont_helper() has been removed because it is no longer
needed after this change.
 2005-04-26 23:58:54 +00:00
Dr. Stephen Henson
465b9f6b26 Stop unused variable warning. 2005-04-26 23:45:49 +00:00
Nils Larsch
800e400de5 some updates for the blinding code; summary: 
- possibility of re-creation of the blinding parameters after a
  fixed number of uses (suggested by Bodo)
- calculatition of the rsa::e in case it's absent and p and q
  are present (see bug report #785)
- improve the performance when if one rsa structure is shared by
  more than a thread (see bug report #555)
- fix the problem described in bug report #827
- hide the definition ot the BN_BLINDING structure in bn_blind.c
 2005-04-26 22:31:48 +00:00
Bodo Möller
aa4ce7315f Fix various incorrect error function codes. 
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
 2005-04-26 18:53:22 +00:00
Ben Laurie
36d16f8ee0 Add DTLS support. 2005-04-26 16:02:40 +00:00
Nils Larsch
ff22e913a3 - use BN_set_negative and BN_is_negative instead of BN_set_sign 
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
 2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
29dc350813 Rebuild error codes. 2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
Andy Polyakov
0abfd60604 Extend Solaris x86 support to amd64. 2005-04-04 17:10:53 +00:00
Andy Polyakov
60fd574cdf Make bn/asm/x86_64-gcc.c gcc4 savvy. +r is likely to be initially 
introduced for a reason [like bug in initial gcc port], but proposed
=&r is treated correctly by senior 3.2, so we can assume it's safe now.
PR: 1031
 2005-04-03 18:53:29 +00:00
Nils Larsch
fea4280a8b fix header 2005-03-30 21:38:29 +00:00
Ben Laurie
42ba5d2329 Blow away Makefile.ssl. 2005-03-30 13:05:57 +00:00
Andy Polyakov
da30c74a27 Remove unused assembler modules. 2005-02-06 13:43:02 +00:00
Andy Polyakov
67ea999d4a This patch was "ignited" by OpenBSD 3>=4 support. They've switched to ELF 
and GNU binutils, but kept BSD make... And I took the opportunity to
unify other targets to this common least denominator...
 2005-02-06 13:23:34 +00:00
Andy Polyakov
76ef6ac956 Refine PowerPC platform support. 2004-12-20 13:44:34 +00:00
Dr. Stephen Henson
a0e7c8eede Add lots of checks for memory allocation failure, error codes to indicate 
failure and freeing up memory if a failure occurs.

PR:620
 2004-12-05 01:03:15 +00:00
Richard Levitte
a2ac429da2 Don't use $(EXHEADER) directly in for loops, as most shells will break 
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
 2004-11-02 23:55:01 +00:00
Geoff Thorpe
f79110c633 Two TODO comments taken care of. Nils pointed out that one of them had already 
been done, and took care of the other one (which hadn't).

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
 2004-09-19 04:43:46 +00:00
Andy Polyakov
16760a3089 Proper support for OpenBSD-i386 shared build, including assember modules! 
"Proper" means "compiles and passes test." Versioning is broken (I think).
 2004-08-29 21:36:37 +00:00
Andy Polyakov
2b247cf81f OPENSSL_ia32cap final touches. Note that OPENSSL_ia32cap is no longer a 
symbol, but a macro expanded as (*(OPENSSL_ia32cap_loc())). The latter
is the only one to be exported to application.
 2004-08-29 16:36:05 +00:00
Andy Polyakov
34413fca84 OpenBSD fix-up for new a.out targets. OpenBSD .s.o rule is busted... 2004-08-01 21:16:26 +00:00
Andy Polyakov
ec38ddc765 Clean-up GAS targets: get rid of "cpp" stuff and replace it with "purified" 
COFF and a.out targets [similar to ELF targets]. You might notice some
rudementary support for shared mingw builds under cygwin. It works (it
produces cryptoeay32.dll and ssleay32.dll with everything exported by
name), but it's primarily for testing/debugging purposes, at least for
now...
 2004-08-01 17:33:58 +00:00
Andy Polyakov
33c3ecf741 Build-n-link new IA-64 modules on Linux and HP-UX. 2004-07-23 23:27:10 +00:00
Andy Polyakov
8169dd73f9 All SIXTY_FOUR_BIT platforms (mind the difference between SIXTY_FOUR_BIT and 
SIXTY_FOUR_BIT_LONG) were failing to pass 'cd test; make test_bn'.
 2004-07-22 09:32:11 +00:00
Andy Polyakov
859ceeeb51 Anchor AES and SHA-256/-512 assembler from C. 2004-07-18 17:26:01 +00:00
Andy Polyakov
d0590fe6b2 Add anchors for AES, SHA-256/-512 assembler modules and SSE2 code pathes. 
I also used this opportunity to clean up some out-of-date targets and
re-group targets by OS.
 2004-07-18 16:19:34 +00:00
Geoff Thorpe
ace3ebd661 Improve error handling if decompression of an ec point fails, and cleanup 
ec_curve.c (unify comments, etc).

Submitted by: Nils Larsch
Reviewed by: Bodo Moeller, Geoff Thorpe
 2004-07-06 15:50:04 +00:00
Andy Polyakov
e2f2a9af2c New scalable bn_mul_add_words loop, which provides up to >20% overall 
performance improvement. Make module more gcc friendly and clarify
copyright issues for division routine.
 2004-07-01 11:10:38 +00:00
Geoff Thorpe
d459e39012 Tidy up, including; 
- Remove unused and unuseful debug cruft.
- Remove unnecessary 'top' fudging from BN_copy().
- Fix a potential memory leak and simplify the expansion logic in
  BN_bin2bn().

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
 2004-06-20 04:16:12 +00:00
Geoff Thorpe
df11e1e921 Deprecate unused cruft, and "make update". 2004-06-17 23:50:25 +00:00
Geoff Thorpe
afbe74d386 Actually, that last change to BN_get_word() was a little too simple. 2004-06-17 22:05:40 +00:00
Geoff Thorpe
9088d5f24f As Nils put it; 
Yet another question: some time ago you changed BN_set_word.
    Why didn't you change BN_get_word as well?

Quite. I'm also removing the older commented-out implementations to improve
readability. This complex stuff seems to date from a time when the types
didn't match up well.

Submitted by: Nils Larsch, Geoff Thorpe
 2004-06-17 20:13:50 +00:00
Geoff Thorpe
cf9056cfda BN_div_word() was breaking when called from BN_bn2dec() (actually, this is 
the only function that uses it) because it would trip up an assertion in
bn_div_words() when first invoked. This also adds BN_div_word() testing to
bntest.

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
 2004-06-17 20:03:56 +00:00
Andy Polyakov
1809e858bb Eliminate compiler warnings and throw in performance table. 2004-05-28 10:15:58 +00:00
Geoff Thorpe
d6dda126b7 Make some more API types opaquely available from ossl_typ.h, meaning the 
corresponding headers are only required for API functions or structure
details. This now includes the bignum types and BUF_MEM. Subsequent commits
will remove various dependencies on bn.h and buffer.h and update the
makefile dependencies.
 2004-05-15 18:32:08 +00:00
Andy Polyakov
d3adc3d3ed SSE2 accelerated bn_mul_add_words. Code is currently disabled till proper 
config and run-time support is added.
PR: 788
Submitted by: <dean@arctic.org>
Reviewed by: <appro>

Obtained from: http://arctic.org/~dean/crypto/rsa.html
 2004-05-06 10:36:49 +00:00
Andy Polyakov
dd55880644 Improved PowerPC support. Proper ./config support for ppc targets, 
especially for AIX. But most important BIGNUM assembler implementation
submitted by IBM.

Submitted by: Peter Waltenberg <pwalten@au1.ibm.com>
Reviewed by: appro
 2004-04-27 22:05:50 +00:00
Richard Levitte
863d2b196f Print the debug thingies on stderr instead of stdout. If for nothing 
else then at least so bc doesn't have problems parsing the output from
bntest :-).
 2004-04-20 10:57:07 +00:00
Geoff Thorpe
c57bc2dc51 make update 2004-04-19 18:33:41 +00:00
Richard Levitte
a87228031f RAND_add() wants a double as it's last argument. 2004-03-25 15:52:43 +00:00
Geoff Thorpe
c86f2054f3 Adjust various bignum functions to use BN_CTX for variables instead of 
locally initialising their own.

NB: I've removed the "BN_clear_free()" loops for the exit-paths in some of
these functions, and that may be a major part of the performance
improvements we're seeing. The "free" part can be removed because we're
using BN_CTX. The "clear" part OTOH can be removed because BN_CTX
destruction automatically performs this task, so performing it inside
functions that may be called repeatedly is wasteful. This is currently safe
within openssl due to the fact that BN_CTX objects are never created for
longer than a single high-level operation. However, that is only because
there's currently no mechanism in openssl for thread-local storage. Beyond
that, this might be an issue for applications using the bignum API directly
and caching their own BN_CTX objects. The solution is to introduce a flag
to BN_CTX_start() that allows its variables to be automatically sanitised
on release during BN_CTX_end(). This way any higher-level function (and
perhaps the application) can specify this flag in its own
BN_CTX_start()/BN_CTX_end() pair, and this will cause inner-loop functions
specifying the flag to be ignored so that sanitisation is handled only once
back out at the higher level. I will be implementing this in the near
future.
 2004-03-25 04:32:24 +00:00
Geoff Thorpe
5c98b2caf5 Replace the BN_CTX implementation with my current work. I'm leaving the 
little TODO list in there as well as the debugging code (only enabled if
BN_CTX_DEBUG is defined).

I'd appreciate as much review and testing as can be spared for this. I'll
commit some changes to other parts of the bignum code shortly to make
better use of this implementation (no more fixed size limitations). Note
also that under identical optimisations, I'm seeing a noticable speed
increase over openssl-0.9.7 - so any feedback to confirm/deny this on other
systems would also be most welcome.
 2004-03-25 04:16:14 +00:00
Geoff Thorpe
e042540f6b Variety of belt-tightenings in the bignum code. (Please help test this!) 
- Remove some unnecessary "+1"-like fudges. Sizes should be handled
  exactly, as enlarging size parameters causes needless bloat and may just
  make bugs less likely rather than fixing them: bn_expand() macro,
  bn_expand_internal(), and BN_sqr().
- Deprecate bn_dup_expand() - it's new since 0.9.7, unused, and not that
  useful.
- Remove unnecessary zeroing of unused bytes in bn_expand2().
- Rewrite BN_set_word() - it should be much simpler, the previous
  complexities probably date from old mismatched type issues.
- Add missing bn_check_top() macros in bn_word.c
- Improve some degenerate case handling in BN_[add|sub]_word(), add
  comments, and avoid a bignum expansion if an overflow isn't possible.
 2004-03-17 17:36:54 +00:00
Geoff Thorpe
b6358c89a1 Convert openssl code not to assume the deprecated form of BN_zero(). 
Remove certain redundant BN_zero() initialisations, because BN_CTX_get(),
BN_init(), [etc] already initialise to zero.

Correct error checking in bn_sqr.c, and be less wishy-wash about how/why
the result's 'top' value is set (note also, 'max' is always > 0 at this
point).
 2004-03-13 23:57:20 +00:00
Geoff Thorpe
5d735465d1 The efforts to eliminate the dual-representation of zero and to ensure 
bignums are passed in and out of functions and APIs in a consistent form
has highlighted that zero-valued bignums don't need any allocated word
data. The use of BN_set_word() to initialise a bignum to zero causes
needless allocation and gives it a return value that must be checked. This
change converts BN_zero() to a self-contained macro that has no
return/expression value and does not cause any expansion of bignum data.

Note, it would be tempting to rewrite the deprecated version as a
success-valued comma expression, such as;
   #define BN_zero(a) ((a)->top = (a)->neg = 0, 1)
However, this evaluates 'a' twice and would confuse initialisation loops
(eg. while(..) { BN_zero(bn++) } ). As such, the deprecated version
continues to use BN_set_word().
 2004-03-13 23:04:15 +00:00
Geoff Thorpe
9e051bac13 Document a change I'd already made, and at the same time, correct the 
change to work properly; BN_zero() should set 'neg' to zero as well as
'top' to match the behaviour of BN_new().
 2004-03-13 22:10:15 +00:00
Geoff Thorpe
a8aa764d3c Minimise the amount of code dependent on BN_DEBUG_RAND. In particular, 
redefine bn_clear_top2max() to be a NOP in the non-debugging case, and
remove some unnecessary usages in bn_nist.c.

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe, Ulf Möller
 2004-03-09 03:53:40 +00:00
Geoff Thorpe
e7716b7a19 More changes coming out of the bignum auditing. BN_CTX_get() should ideally 
return a "zero" bignum as BN_new() does - so reset 'top'. During
BN_CTX_end(), released bignums should be consistent so enforce this in
debug builds. Also, reduce the number of wasted BN_clear_free() calls from
BN_CTX_end() (typically by 75% or so).

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe, Ulf Möller
 2004-03-09 03:47:35 +00:00
Geoff Thorpe
1b06804491 When adding positive elements, we can use BN_uadd() instead of BN_add(). 
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
 2004-02-22 19:30:41 +00:00
Andy Polyakov
1751034669 Typo in crypto/bn/asm/x86_64.c, bn_div_words(). 
PR: 821
 2004-02-07 09:51:28 +00:00
Andy Polyakov
d04b1b4656 Typo in PA-RISC 2 rules in crypto/bn/Makefile.ssl 2004-01-30 05:41:23 +00:00
Andy Polyakov
1247092776 HP/UX PA-RISC 2 targets update. 2004-01-29 22:16:08 +00:00
Richard Levitte
1fb724449d make update 2004-01-28 18:38:33 +00:00
Andy Polyakov
27b2b78f90 Even though C specification explicitly says that constant type "stretches" 
automatically to accomodate the value, some compilers fail to do so. Most
notably 0x0123456789ABCDEF should come out as long long in 32-bit context,
but HP compiler truncates it to 32-bit value. Which in turn breaks GF(2^m)
arithmetics in hpux-parisc2-cc build. Therefore this fix...
 2004-01-25 10:53:43 +00:00
Richard Levitte
79b42e7654 Use sh explicitely to run point.sh 
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 14:59:07 +00:00
Richard Levitte
d420ac2c7d Use BUF_strlcpy() instead of strcpy(). 
Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 14:40:17 +00:00
Ulf Möller
380e145daf Add "dif" variable to clean up the loop implementations. 
Submitted by: Nils Larsch
 2003-12-06 11:55:46 +00:00
Ulf Möller
ce38bb1a8c Avoid segfault if ret==0. 
Submitted by: Nils Larsch
 2003-12-06 11:39:37 +00:00
Geoff Thorpe
2bfd2c74d2 Incremental cleanups to bn_lib.c. 
- Add missing bn_check_top() calls and relocate some others
- Use BN_is_zero() where appropriate
- Remove assert()s that bn_check_top() is already covering
- Simplify the code in places (esp. bn_expand2())
- Only keep ambiguous zero handling if BN_STRICT isn't defined
- Remove some white-space and make some other aesthetic tweaks
 2003-12-02 20:01:30 +00:00
Geoff Thorpe
82b2f57e30 Use the BN_is_odd() macro in place of code that (inconsistently) does much 
the same thing.

Also, I have some stuff on the back-burner related to some BN_CTX notes
from Peter Gutmann about his cryptlib hacks to the bignum code. The BN_CTX
comments are there to remind me of some relevant points in the code.
 2003-12-02 03:28:24 +00:00
Geoff Thorpe
2ae1ea3788 BN_FLG_FREE is of extremely dubious usefulness, and is only referred to 
once in the source (where it is set for the benefit of no other code
whatsoever). I've deprecated the declaration in the header and likewise
made the use of the flag conditional in bn_lib.c. Note, this change also
NULLs the 'd' pointer in a BIGNUM when it is reset but not deallocated.
 2003-12-02 03:16:56 +00:00
Geoff Thorpe
34066d741a Declare the static BIGNUM "BN_value_one()" more carefully. 2003-12-01 23:13:17 +00:00
Geoff Thorpe
b74cc0776b Add missing bn_check_top()s to bn_kron.c, remove some miscellaneous 
white-space, and include extra headers to satisfy debugging builds.
 2003-12-01 23:11:45 +00:00
Geoff Thorpe
e7e5fe4705 Add missing bn_check_top()s to bn_gf2m.c and remove some miscellaneous 
white-space.
 2003-12-01 23:10:21 +00:00
Geoff Thorpe
998ae048e7 The bn_set_max() macro is only "used" by the bn_set_[low|high]() macros 
which, in turn, are used nowhere at all. This is a good thing because
bn_set_max() would currently generate code that wouldn't compile (BIGNUM
has no 'max' element).

The only apparent use for bn_set_[low|high] would be for implementing
windowing algorithms, and all of openssl's seem to use bn_***_words()
helpers instead (including the BN_div() that Nils fixed recently, which had
been using independently-coded versions of what these unused macros are
intended for). I'm therefore consigning these macros to cvs oblivion in the
name of readability.
 2003-12-01 22:11:08 +00:00
Geoff Thorpe
e65c2b9872 bn_fix_top() exists for compatibility's sake and is mapped to 
bn_correct_top() or bn_check_top() depending on debug settings. For
internal source, all bn_fix_top()s should be converted one way or the other
depending on whether the use of bn_correct_top() is justified.

For BN_div_recp(), these cases should not require correction if the other
bignum functions are doing their jobs properly, so convert to
bn_check_top().
 2003-12-01 21:59:40 +00:00
Geoff Thorpe
46cb8d3689 If BN_STRICT is defined, don't accept an ambiguous representation of zero 
(ie. where top may be zero, or it may be one if the corresponding word is
set to zero). Note, this only affects the macros in bn.h, there are probably
similar corrections required in some c files.

Also, clarify the audit-related macros at the top of the header. Mental
note: I must not forget to clean all this out before 0.9.8 is released ...
 2003-11-30 22:23:12 +00:00
Geoff Thorpe
23fc5ac646 Improve a couple of the bignum macros. Note, this doesn't eliminate 
tolerance of ambiguous zero-representation, it just improves
BN_abs_is_word() and simplifies other macros that depend on it.
 2003-11-30 22:02:10 +00:00
Geoff Thorpe
5734bebe05 Make BN_DEBUG_RAND less painfully slow by only consuming one byte of 
pseudo-random data for each bn_pollute().
 2003-11-30 21:21:30 +00:00
Geoff Thorpe
657a919598 This improves the placement of check_top() macros in a couple of bn_lib 
functions.
 2003-11-29 20:34:07 +00:00
Geoff Thorpe
444c3a8492 Get rid of some signed/unsigned comparison warnings. 2003-11-28 16:39:16 +00:00
Richard Levitte
4d8743f490 Netware-specific changes, 
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
 2003-11-28 13:10:58 +00:00
Geoff Thorpe
81ba5f6713 Due to recent debugging bursts, openssl should be more or less solid 
against inconsistent BIGNUMs coming out of any of its API functions. So
this change no longer "fixes" the bn_print.c functions, but it makes for
cleaner code. This patch was a part of ticket 697.

PR: 697
Submitted by: Otto Moerbeek
Reviewed by: Geoff Thorpe
 2003-11-25 21:07:59 +00:00
Geoff Thorpe
6defae04f3 Fix some handling in bn_word. This also resolves the issues observed in 
ticket 697 (though uses a different solution than the proposed one). This
problem was initially raised by Otto Moerbeek.

PR: 697
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
 2003-11-25 20:39:19 +00:00
Geoff Thorpe
e1064adfd3 Some changes for bn_gf2m.c: better error checking plus some minor 
optimizations.

Submitted by: Nils Larsch
 2003-11-25 03:41:20 +00:00
Geoff Thorpe
9e989810ba BN_div() cleanup: replace the use of BN_sub and BN_add with bn_sub_words 
and bn_add_words to avoid using fake bignums to window other bignums that
can lead to corruption. This change allows all bignum tests to pass with
BN_DEBUG and BN_DEBUG_RAND debugging and valgrind. NB: This should be
tested on a few different architectures and configuration targets, as the
bignum code this deals with is quite preprocessor (and assembly) sensitive.

Submitted by: Nils Narsch
Reviewed by: Geoff Thorpe, Ulf Moeller
 2003-11-22 20:23:41 +00:00
Ulf Möller
1a01733047 BN_set_bit() etc should use "unsigned int". 
Keep it as is to avoid an API change, but check for negativ values.

Submitted by: Nils Larsch
 2003-11-15 08:37:50 +00:00
Geoff Thorpe
9dde17e8b4 This rewrites two "for" loops in BN_rshift() - equality with zero is 
generally a more efficient comparison than comparing two integers, and the
first of these two loops was off-by-one (copying one too many values). This
change also removes a superfluous assignment that would set an unused word
to zero (and potentially allow an overrun in some cases).

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
 2003-11-13 15:03:14 +00:00
Geoff Thorpe
f75abcefed This extends the debugging macros to use "pollution" during 
bn_correct_top(), previously only bn_check_top() did this.
 2003-11-06 23:24:44 +00:00
Geoff Thorpe
18f62d4b82 Add debug-screening of input parameters to some functions I'd missed 
before.
 2003-11-06 23:13:04 +00:00
Geoff Thorpe
5c0c22803e Put more debug screening in BN_div() and correct a comment. 2003-11-06 23:11:07 +00:00
Geoff Thorpe
0ef85c7f45 This is a revert of my previous commit to "improve" the declaration of 
constant BIGNUMs. It turns out that this trips up different but equally
useful compiler warnings to -Wcast-qual, and so wasn't worth the ugliness
it created. (Thanks to Ulf for the forehead-slap.)
 2003-11-05 19:30:29 +00:00
Ulf Möller
078dd1a0f9 typo in comment 2003-11-05 17:28:59 +00:00
Ulf Möller
2b96c95197 cleanup as discussed with Geoff 2003-11-05 17:28:25 +00:00
Geoff Thorpe
d870740cd7 Put the first stage of my bignum debugging adventures into CVS. This code 
is itself experimental, and in addition may cause execution to break on
existing openssl "bugs" that previously were harmless or at least
invisible.
 2003-11-04 22:54:49 +00:00
Geoff Thorpe
c465e7941e This is the least unacceptable way I've found for declaring the bignum data 
and structures as constant without having to cast away const at any point.
There is still plenty of other code that makes gcc's "-Wcast-qual" unhappy,
but crypto/bn/ is now ok. Purists are welcome to suggest alternatives.
 2003-11-04 00:29:09 +00:00
Geoff Thorpe
a9fd78f9da bn_div() does some pretty nasty things with temporary variables, 
constructing BIGNUM structures with pointers offset into other bignums
(among other things). This corrects some of it that is too plainly insane,
and tries to ensure that bignums are normalised when passed to other
functions.
 2003-10-31 01:35:16 +00:00
Geoff Thorpe
5f747c7f4b When a BN_CTX is used for temporary workspace, the variables are sometimes 
left in an inconsistent state when they are released for later reuse. This
change resets the BIGNUMs when they are released back to the context.
 2003-10-30 01:07:56 +00:00
Geoff Thorpe
c4db1a8b5c This fixes a couple of cases where an inconsistent BIGNUM could be passed as 
input to a function.
 2003-10-30 01:03:31 +00:00
Geoff Thorpe
31166ec8f3 Some provisional bignum debugging has begun to detect inconsistent BIGNUM 
structures being passed in to or out of API functions, and this corrects a
couple of cases found so far.

Also, lop off a couple of bytes of white-space.
 2003-10-29 20:47:49 +00:00
Geoff Thorpe
2754597013 A general spring-cleaning (in autumn) to fix up signed/unsigned warnings. 
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
 2003-10-29 20:24:15 +00:00
Geoff Thorpe
2ce90b9b74 BN_CTX is opaque and the static initialiser BN_CTX_init() is not used 
except internally to the allocator BN_CTX_new(), as such this deprecates
the use of BN_CTX_init() in the API. Moreover, the structure definition of
BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself.

NDEBUG should probably only be "forced" in the top-level configuration, but
until it is I will avoid removing it from bn_ctx.c which might surprise
people with massive slow-downs in their keygens. So I've left it in
bn_ctx.c but tidied up the preprocessor logic a touch and made it more
tolerant of debugging efforts.
 2003-10-29 18:04:37 +00:00
Geoff Thorpe
db59141467 remove accidentally committed debugging cruft. 2003-10-29 05:35:31 +00:00
Geoff Thorpe
2aaec9cced Update any code that was using deprecated functions so that everything builds 
and links with OPENSSL_NO_DEPRECATED defined.
 2003-10-29 04:14:08 +00:00
Geoff Thorpe
9d473aa2e4 When OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or should 
be) precompiled out in the API headers. This change is to ensure that if
it is defined when compiling openssl, the deprecated functions aren't
implemented either.
 2003-10-29 04:06:50 +00:00
Ralf S. Engelschall
6bd27f8644 Fix prime generation loop in crypto/bn/bn_prime.pl by making 
sure the loop does correctly stop and breaking ("division by zero")
modulus operations are not performed. The (pre-generated) prime
table crypto/bn/bn_prime.h was already correct, but it could not be
re-generated on some platforms because of the "division by zero"
situation in the script.
 2003-09-25 13:57:58 +00:00
Richard Levitte
01fc834bc9 Have ASFLAGS be defined the same way as CFLAGS 2003-05-29 22:20:47 +00:00
Richard Levitte
f5f7dffdd1 Make sure to compare unsigned against unsigned. 2003-05-28 10:34:29 +00:00
Richard Levitte
83743ad039 Fix sign bugs. 
PR: 621
 2003-05-21 14:29:13 +00:00
Bodo Möller
5679bcce07 make RSA blinding thread-safe 2003-04-02 09:50:22 +00:00
Richard Levitte
78951e7711 Make sure we get the definition of OPENSSL_NO_ERR. 2003-03-20 23:19:41 +00:00
Ulf Möller
66ecdf3bfb more mingw related cleanups. 2003-02-22 18:00:14 +00:00
Ben Laurie
2619676256 Old-style callbacks can be NULL! 2003-02-01 20:58:59 +00:00
Andy Polyakov
722d17cbac This is an *initial* tune-up. This update puts Itanium2 back on par with 
Itanium. I mean if overall performance improvement over C version was X
for Itanium, it's X even for Itanium2.
 2003-01-19 21:29:59 +00:00
Richard Levitte
2f09524501 A few more files to ignore 2003-01-16 21:32:56 +00:00
Richard Levitte
f8ea5cb579 Make sure everything that may be freed is allocated or initiated. 
PR: 446
 2003-01-10 08:59:46 +00:00
Andy Polyakov
699543e4a2 Finalizing asm support for UnixWare, SCO, OpenUnix... Note that I've 
replaced #if logic around bn_sub_part_words in bn_mul.c. I rely upon
OPENSSL_BN_ASM_PART_WORDS being added by ./Configure script. Would it
still work on non-Unix platforms?
 2003-01-09 08:42:04 +00:00