unifdef BN_RECURSION

This removes a bunch of incomplete and scary code, which potentially leaks secrets and is not constant time. A performance gain is achieved on arm64 for sizes that we care about, while a minimal decrease in performance is noted for larger sizes on some other platforms. While we will potentially reimplement Karatsuba (or Toom-Cook) at a later date, it will be easier and safer to do it from a clean slate. ok tb@
author: jsing <> 2023-04-19 10:51:22 +0000
committer: jsing <> 2023-04-19 10:51:22 +0000
commit: 0954bbaddbf74f6f184f313822c63bf1b56695bd (patch)
tree: b572e3eea1eb6a5996c544ab694d76a6c2c83085 /src/lib/libcrypto/bn/bn_lib.c
parent: 0aeb12748acb6b4c8e28de80f588e344c1dab0fe (diff)
download: openbsd-0954bbaddbf74f6f184f313822c63bf1b56695bd.tar.gz
openbsd-0954bbaddbf74f6f184f313822c63bf1b56695bd.tar.bz2
openbsd-0954bbaddbf74f6f184f313822c63bf1b56695bd.zip
1 files changed, 1 insertions, 49 deletions
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index f25caa04af..89664fbb97 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_lib.c,v 1.81 2023/04/14 11:04:24 jsing Exp $ */
+/* $OpenBSD: bn_lib.c,v 1.82 2023/04/19 10:51:22 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -735,54 +735,6 @@ BN_set_negative(BIGNUM *bn, int neg)
        bn->neg = ~BN_is_zero(bn) & bn_ct_ne_zero(neg);
 }
-int
-bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
-{
-        int i;
-        BN_ULONG aa, bb;
-        aa = a[n - 1];
-        bb = b[n - 1];
-        if (aa != bb)
-                return ((aa > bb) ? 1 : -1);
-        for (i = n - 2; i >= 0; i--) {
-                aa = a[i];
-                bb = b[i];
-                if (aa != bb)
-                        return ((aa > bb) ? 1 : -1);
-        }
-        return (0);
-}
-/* Here follows a specialised variants of bn_cmp_words().  It has the
-   property of performing the operation on arrays of different sizes.
-   The sizes of those arrays is expressed through cl, which is the
-   common length ( basicall, min(len(a),len(b)) ), and dl, which is the
-   delta between the two lengths, calculated as len(a)-len(b).
-   All lengths are the number of BN_ULONGs...  */
-int
-bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl)
-{
-        int n, i;
-        n = cl - 1;
-        if (dl < 0) {
-                for (i = dl; i < 0; i++) {
-                        if (b[n - i] != 0)
-                                return -1; /* a < b */
-                }
-        }
-        if (dl > 0) {
-                for (i = dl; i > 0; i--) {
-                        if (a[n + i] != 0)
-                                return 1; /* a > b */
-                }
-        }
-        return bn_cmp_words(a, b, cl);
-}
 /*
 * Constant-time conditional swap of a and b.
 * a and b are swapped if condition is not 0.
author	jsing <>	2023-04-19 10:51:22 +0000
committer	jsing <>	2023-04-19 10:51:22 +0000
commit	0954bbaddbf74f6f184f313822c63bf1b56695bd (patch)
tree	b572e3eea1eb6a5996c544ab694d76a6c2c83085 /src/lib/libcrypto/bn/bn_lib.c
parent	0aeb12748acb6b4c8e28de80f588e344c1dab0fe (diff)
download	openbsd-0954bbaddbf74f6f184f313822c63bf1b56695bd.tar.gz openbsd-0954bbaddbf74f6f184f313822c63bf1b56695bd.tar.bz2 openbsd-0954bbaddbf74f6f184f313822c63bf1b56695bd.zip

diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c index f25caa04af..89664fbb97 100644 --- a/src/lib/libcrypto/bn/bn_lib.c +++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bn_lib.c,v 1.81 2023/04/14 11:04:24 jsing Exp $ */	1	/* $OpenBSD: bn_lib.c,v 1.82 2023/04/19 10:51:22 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -735,54 +735,6 @@ BN_set_negative(BIGNUM *bn, int neg)
735	bn->neg = ~BN_is_zero(bn) & bn_ct_ne_zero(neg);	735	bn->neg = ~BN_is_zero(bn) & bn_ct_ne_zero(neg);
736	}	736	}
737		737
738	int
739	bn_cmp_words(const BN_ULONG a, const BN_ULONG b, int n)
740	{
741	int i;
742	BN_ULONG aa, bb;
743
744	aa = a[n - 1];
745	bb = b[n - 1];
746	if (aa != bb)
747	return ((aa > bb) ? 1 : -1);
748	for (i = n - 2; i >= 0; i--) {
749	aa = a[i];
750	bb = b[i];
751	if (aa != bb)
752	return ((aa > bb) ? 1 : -1);
753	}
754	return (0);
755	}
756
757	/* Here follows a specialised variants of bn_cmp_words(). It has the
758	property of performing the operation on arrays of different sizes.
759	The sizes of those arrays is expressed through cl, which is the
760	common length ( basicall, min(len(a),len(b)) ), and dl, which is the
761	delta between the two lengths, calculated as len(a)-len(b).
762	All lengths are the number of BN_ULONGs... */
763
764	int
765	bn_cmp_part_words(const BN_ULONG a, const BN_ULONG b, int cl, int dl)
766	{
767	int n, i;
768
769	n = cl - 1;
770
771	if (dl < 0) {
772	for (i = dl; i < 0; i++) {
773	if (b[n - i] != 0)
774	return -1; /* a < b */
775	}
776	}
777	if (dl > 0) {
778	for (i = dl; i > 0; i--) {
779	if (a[n + i] != 0)
780	return 1; /* a > b */
781	}
782	}
783	return bn_cmp_words(a, b, cl);
784	}
785
786	/*	738	/*
787	* Constant-time conditional swap of a and b.	739	* Constant-time conditional swap of a and b.
788	* a and b are swapped if condition is not 0.	740	* a and b are swapped if condition is not 0.