Commit graph

451 commits

Author SHA1 Message Date
Bodo Möller
6c950e0dc9 'covenant HOWTO' (what to do about the Sun covenant if you modify the code)
Submitted by: Bodo Moeller
2002-10-29 10:58:07 +00:00
Bodo Möller
19b8d06a79 clean up new code for NIST primes
create new lock CRYPTO_LOCK_BN to avoid race condition
2002-10-28 14:02:19 +00:00
Bodo Möller
5c6bf03117 fast reduction for NIST curves
Submitted by: Nils Larsch
2002-10-28 13:23:24 +00:00
Richard Levitte
e15ea3d9e1 When BN_add_word() reaches top, it shouldn't try to add the the corresponding
word, since that word may not be zero.
2002-10-14 11:33:32 +00:00
Richard Levitte
09db11783d When BN_add_word() reaches top, it shouldn't try to add the the corresponding
word, since that word may not be zero.
2002-10-14 11:27:16 +00:00
Richard Levitte
001ab3abad Use double dashes so makedepend doesn't misunderstand the flags we
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Richard Levitte
ff90d659e6 Use double dashes so makedepend doesn't misunderstand the flags we
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:21:33 +00:00
Bodo Möller
c237de058f don't write beyond buffer
Submitted by: Nils Larsch
2002-08-27 13:32:35 +00:00
Richard Levitte
bce625987d Do not use the word 'modulus', which is a class template name in VC++ 6.0/SP5.
PR: 216, point 3
2002-08-12 21:20:30 +00:00
Richard Levitte
f13ddd5d0a Do not use the word 'modulus', which is a class template name in VC++ 6.0/SP5.
PR: 216, point 3
2002-08-12 21:20:25 +00:00
Bodo Möller
7a8645d171 avoid SIGSEGV
Submitted by: Nils Larsch, Douglas Stebila
2002-08-07 07:53:47 +00:00
Bodo Möller
d28735a05b oops, undo previous change (was just for testing) 2002-08-03 18:28:34 +00:00
Bodo Möller
183847747a fix bn_expand2 2002-08-03 18:27:47 +00:00
Bodo Möller
bac6012308 use bn_wexpand instead of bn_expand2 (the latter is not needed here,
and it does not yet work correctly)

Submitted by: Douglas Stebila
2002-08-03 17:51:29 +00:00
Bodo Möller
909abce800 disable Sun divison algorithm by default 2002-08-02 18:26:02 +00:00
Bodo Möller
33d4e690cc fix bn_expand2 2002-08-02 18:23:55 +00:00
Bodo Möller
d3bcbba45c remove obsolete part of comment 2002-08-02 15:13:10 +00:00
Bodo Möller
0903e56196 remove obsoleted disabled code 2002-08-02 15:07:08 +00:00
Bodo Möller
95ecacf8a2 Let BN_rand_range() abort with an error after 100 iterations
without success.
2002-08-02 15:02:03 +00:00
Bodo Möller
6fb60a84dd Change BN_mod_sqrt() so that it verifies that the input value is
really the square of the return value.
2002-08-02 14:57:53 +00:00
Bodo Möller
5af7d1a3b8 move GF2m tests to the end 2002-08-02 14:49:59 +00:00
Bodo Möller
35b73a1f20 Rename implementations of method functions so that they match
the new method names where _GF... suffixes have been removed.

Revert changes to ..._{get/set}_Jprojective_coordinates_...:
The current implementation for ECC over binary fields does not use
projective coordinates, and if it did, it would not use Jacobian
projective coordinates; so it's OK to use the ..._GFp prefix for all
this.

Add author attributions to some files so that it doesn't look
as if Sun wrote all of this :-)
2002-08-02 14:28:37 +00:00
Bodo Möller
1dc920c8de Binary field arithmetic contributed by Sun Microsystems.
The 'OPENSSL_NO_SUN_DIV' default is still subject to change,
so I didn't bother to finish the CHANGES entry yet.

Submitted by: Douglas Stebila <douglas.stebila@sun.com>, Sheueling Chang <sheueling.chang@sun.com>
(CHANGES entry by Bodo Moeller)
2002-08-02 13:03:55 +00:00
Bodo Möller
6178bb8fe9 Add bn_dup_expand() comment from the main branch explaining that
bn_dup_expand() is broken.

[No need to fix this in 0.9.7-stable, it is just an unused internal
function.]
2002-07-25 12:14:41 +00:00
Bodo Möller
12593e6f45 Move zeroing from bn_expand_internal() to bn_expand2() so that it
happens reliably, even if the BIGNUM is already sufficiently large.

[Note that the bn_expand()/bn_wexpand() macros call bn_expand2() only
if the BIGNUM actually has to grow, so this change does not add any
new overhead as currently bn_expand2() is never called directly.]
2002-07-25 12:12:39 +00:00
Bodo Möller
5c9396e37c remove obsolete comment 2002-07-10 08:39:05 +00:00
Bodo Möller
089cd046af remove obsolete comment 2002-07-10 08:38:34 +00:00
Richard Levitte
ca55c617e5 Pass CFLAG to dependency makers, so non-standard system include paths are
handled properly.
Part of PR 75
2002-06-27 16:44:52 +00:00
Richard Levitte
17085b022c Pass CFLAG to dependency makers, so non-standard system include paths are
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Richard Levitte
451dc18f10 Add support for DJGPP.
PR: 75
2002-06-13 20:42:35 +00:00
Richard Levitte
573a568dd0 Add support for DJGPP.
PR: 75
2002-06-13 20:40:49 +00:00
Richard Levitte
c4ac954c59 Check the return values where memory allocation failures may happen.
PR: 49
2002-05-30 16:50:38 +00:00
Richard Levitte
9cdf87f194 Check the return values where memory allocation failures may happen.
PR: 49
2002-05-30 16:47:45 +00:00
Dr. Stephen Henson
1c511bdb7c Fallback to normal multiply if n2 == 8 and dna or dnb is not zero
in bn_mul_recursive.

This is (hopefully) what was triggering bignum errors on 64 bit
platforms and causing the BN_mod_mul test to fail.
2002-05-10 22:22:55 +00:00
Dr. Stephen Henson
dc014d43af Fallback to normal multiply if n2 == 8 and dna or dnb is not zero
in bn_mul_recursive.

This is (hopefully) what was triggering bignum errors on 64 bit
platforms and causing the BN_mod_mul test to fail.
2002-05-10 22:18:13 +00:00
Dr. Stephen Henson
f9bd76e4f7 Avoid gcc warning: BN_DEC_CONV when SIXTY_FOUR_BIT is defined is unsigned. 2002-05-10 22:08:22 +00:00
Dr. Stephen Henson
2f9cf160e4 Avoid gcc warning: BN_DEC_CONV when SIXTY_FOUR_BIT is defined is unsigned. 2002-05-10 22:07:37 +00:00
Bodo Möller
d5c21afd4b add missing declaration
Submitted by: Nils Larsch
2002-03-25 23:15:21 +00:00
Bodo Möller
35748f40d6 add missing declaration
Submitted by: Nils Larsch
2002-03-25 23:14:50 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Bodo Möller
66df02fd98 fix BN_rand_range 2001-12-14 10:09:29 +00:00
Richard Levitte
b476df64a1 make update
perl util/mkerr.pl -recurse -write -rebuild
2001-11-15 12:25:14 +00:00
Bodo Möller
c5d4ab7e35 adjust to OpenSSL_0_9_6-stable version 2001-11-09 13:09:11 +00:00
Ulf Möller
5dd955dcd2 openbsd-x86 macros
Submitted by: Toomas Kiisk <vix@cyber.ee>
2001-10-14 00:57:30 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Geoff Thorpe
534aaf3731 "make update". 2001-09-25 20:39:59 +00:00
Ulf Möller
d98a4b7366 bug fix: bn_sqr_recursive output is twice its input size. 2001-09-05 04:43:43 +00:00
Bodo Möller
435037d4e4 OpenSSL copyright notices ... 2001-09-04 11:02:23 +00:00
Geoff Thorpe
91b3f0e691 Correct a typo. 2001-09-03 17:24:27 +00:00
Bodo Möller
983495c4b2 Use uniformly chosen witnesses for Miller-Rabin test
(by using new BN_pseudo_rand_range function)
2001-09-03 12:58:16 +00:00
Richard Levitte
710e5d5639 make update 2001-07-31 17:07:24 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Andy Polyakov
6d03b73e35 Enhanced support for IA-64 Linux and HP-UX (as well as better support for
HP-UX in common in ./config). Note that for the moment of this writing
none of 64-bit platforms pass bntest. I'm committing this anyway as it's
too frustrating to patch snapshots over and over while 0.9.6 is known to
work.
2001-07-30 16:42:15 +00:00
Andy Polyakov
622d3d3592 Support for Intel and HP-UXi assemblers. 2001-07-30 15:54:13 +00:00
Andy Polyakov
19a6e8b32c This fixes "Spurious test failures on IRIX?" reported in April. Apparently
I was wrong in conclusions about when addition starts overflowing in combaX
routines.
2001-06-22 19:17:42 +00:00
Andy Polyakov
52c0d30078 Get rid of "possible WAW dependency" warnings.
Submitted by:
Reviewed by:
PR:
2001-06-11 12:47:52 +00:00
Andy Polyakov
a95541d61e Get rid of RAW dependency warnings.
Submitted by:
Reviewed by:
PR:
2001-05-30 22:01:33 +00:00
Andy Polyakov
4cb73bf8e4 Assembler support for IA-64. See the source code commentary for further
details (performance numbers and accompanying discussions:-). Note that
the code is not engaged in ./Configure yet. I'll add it later this week
along with updates for .spec file.

Submitted by:
Reviewed by:
PR:
2001-05-28 20:02:51 +00:00
Richard Levitte
81b5eeed6a branch on equal is beql, not beq... 2001-05-14 22:10:09 +00:00
Bodo Möller
1f224bf029 Adjust BN_mod_inverse algorithm selection according to experiments on
Ultra-Sparcs (both 32-bit and 64-bit compilations)
2001-04-09 09:28:24 +00:00
Bodo Möller
ac0f1d0b14 comment 2001-04-08 18:47:23 +00:00
Bodo Möller
124d8cf701 code documentation 2001-04-08 18:41:35 +00:00
Bodo Möller
7d0d0996aa binary algorithm for modular inversion 2001-04-08 18:23:44 +00:00
Andy Polyakov
500230ee94 The IRIX fix. Asm recap and corresponding declation.
Submitted by:
Reviewed by:
PR:
2001-03-27 22:30:46 +00:00
Bodo Möller
4f69172d25 Completely remove mont2 stuff.
It does not appear to be faster than the current Montgomery code
except for very small moduli (somewhere between 192 and 224 bits
in a 64-bit Sun environment, and even less than 192 bits
on 32 bit systems).
2001-03-15 18:17:40 +00:00
Bodo Möller
5b054c6955 EC_METHOD based on bn_mont2 (not used in the library) 2001-03-11 17:43:07 +00:00
Bodo Möller
48fe4d6233 More EC stuff, including EC_POINTs_mul() for simultaneous scalar
multiplication of an arbitrary number of points.
2001-03-10 23:18:35 +00:00
Bodo Möller
4e20b1a656 Instead of telling both 'make' and the user that ranlib
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
2001-03-09 14:01:42 +00:00
Richard Levitte
754d494bef Bug fixes. 2001-03-09 01:13:23 +00:00
Bodo Möller
156e85578d Implement EC_GFp_mont_method. 2001-03-08 20:55:16 +00:00
Bodo Möller
ff612904d2 Comment 2001-03-08 16:53:30 +00:00
Bodo Möller
c62b26fdc6 Hide BN_CTX structure details.
Incease the number of BIGNUMs in a BN_CTX.
2001-03-08 15:56:15 +00:00
Bodo Möller
98499135d7 Constify BN_value_one. 2001-03-08 13:58:09 +00:00
Bodo Möller
226cc7ded4 More method functions for EC_GFp_simple_method. 2001-03-08 01:23:28 +00:00
Richard Levitte
70d70a3c81 Code for better build under Darwin (MacOS X).
Submitted by Brad Dominy <jdominy@darwinuser.org>
2001-03-07 10:04:00 +00:00
Dr. Stephen Henson
3d2e469cfa Fix a bug which caused BN_div to produce the
wrong result if rm==num and num < 0.
2001-02-28 00:51:48 +00:00
Richard Levitte
41d2a336ee e_os.h does not belong with the exported headers. Do not put it there
and make all files the depend on it include it without prefixing it
with openssl/.

This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Richard Levitte
a5bc1e8568 Use e_os2.h rather than opensslconf.h, since some needed macros are
defined there.
2001-02-22 14:37:50 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Bodo Möller
f2bc668429 Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1.
Mention BN_[pseudo_]rand with top=-1 in CHANGES.
2001-02-20 08:10:38 +00:00
Richard Levitte
8120813066 Use new-style system-id macros. 2001-02-20 07:43:22 +00:00
Ulf Möller
335c4f0966 BN_rand_range() needs a BN_rand() variant that doesn't set the MSB. 2001-02-20 00:23:07 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Bodo Möller
e306892994 Simplify BN_rand_range 2001-02-10 00:34:02 +00:00
Bodo Möller
792e2ce7f4 Another comment change. (Previous comment does not apply
for range = 11000000... or range = 100000...)
2001-02-08 12:34:08 +00:00
Bodo Möller
3952584571 Change comments. (The expected number of iterations in BN_rand_range
never exceeds 1.333...).
2001-02-08 12:27:22 +00:00
Bodo Möller
a5d2acfc79 oops -- remove observation code 2001-02-08 12:24:41 +00:00
Bodo Möller
35ed8cb8b6 Integrate my implementation of a countermeasure against
Bleichenbacher's DSA attack.  With this implementation, the expected
number of iterations never exceeds 2.

New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
     min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
     min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
2001-02-08 12:14:51 +00:00
Ulf Möller
57e7d3ce15 Bleichenbacher's DSA attack 2001-02-07 22:24:35 +00:00
Ulf Möller
75802000c8 There is no C version of bn_div_3_words 2001-01-23 16:26:15 +00:00
Bodo Möller
137e601277 The C version of bn_sub_part_words is needed not only
in NO_ASM configurations
2000-12-15 10:54:03 +00:00
Bodo Möller
09f4bd2a39 Very few in the "README" is up-to-date 2000-12-15 10:42:11 +00:00
Bodo Möller
3b28dbce7e The BN_mul bug test apparently is no longer needed 2000-12-14 17:46:36 +00:00
Richard Levitte
53b407da84 Problem: bn_mul_normal() misbehaves if the size of b is 0.
Solution: multiply a with 0, putting the result in r, and return.
2000-12-13 15:29:29 +00:00
Richard Levitte
765e531159 In bn_mul_recursive(), make sure the comba routines are only called
when both a and b are of the exact right size.  This may change to
something better later.
2000-12-13 14:47:06 +00:00
Dr. Stephen Henson
2aff7727f7 Rewrite the extension code to use an ASN1_ITEM structure
for its ASN1 operations as well as the old style function
pointers (i2d, d2i, new, free). Change standard extensions
to support this.

Fix a warning in BN_mul(), bn_mul.c about uninitialised 'j'.
2000-12-13 13:47:33 +00:00
Ulf Möller
15156cce0e bn_part_sub_word prototype. 2000-12-08 19:10:33 +00:00
Bodo Möller
8dea52fa42 Fix some things that look like bugs.
One problem that looked like a problem in bn_recp.c at first turned
out to be a BN_mul bug.  An example is given in bn_recp.c; finding
the bug responsible for this is left as an exercise.
2000-12-07 22:06:09 +00:00
Bodo Möller
f7356b677b TEST_MUL and TEST_SQR added. 2000-12-07 11:11:10 +00:00
Bodo Möller
80d89e6a6a Sign-related fixes (and tests).
BN_mod_exp_mont does not work properly yet if modulus m
is negative (we want computations to be carried out
modulo |m|).
2000-12-07 08:48:58 +00:00