| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| | |
|
| | |
|
| |
|
|
| |
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
s2n-bignum provides a collection of bignum routines that are written in
pure machine code. Each function is written in constant-time style and
has a formal proof. We intend on making use of these for libcrypto's
bignum implementation on aarch64 and amd64.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This splits BN_mul() into two parts, one of which is a separate bn_mul()
function. This makes the code more readable and managable, while also
providing a better entry point for assembly optimisation. A separate
bn_mul() is provided for the BN_RECURSION implementation, to reduce
complexity.
This also enables bn_mul_comba4() for four word long bignums - this was
disabled for unknown reasons.
ok tb@
|
| |
|
|
|
|
|
|
| |
This splits BN_sqr() into two parts, one of which is a separate bn_sqr()
function. This makes the code more readable and managable, while also
providing a better entry point for assembly optimisation.
ok tb@
|
| | |
|
| |
|
|
| |
No functional change.
|
| |
|
|
|
|
|
| |
Simplify x509v3_cache_extensions() by using a wrapper to avoid
duplication of code for locking and checking the EXFLAG_INVALID flag.
OK tb@
|
| |
|
|
|
|
| |
bn_sqr_comba{4,8}() is now always available.
ok tb@
|
| |
|
|
|
|
|
| |
Wrap these in HAVE_BN_{MUL,SQR}_COMBA{4,8} defines. Add these defines to
bn_arch.h where the architecture currently provides its own version.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
These depend on other macros that are in already in bn_local.h and this
makes them available to other source files. A lot more clean up will be
needed in the future.
Of course x86_64-gcc.c makes use of the same macro names - sprinkle some
undef in there for the time being.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
This will provide a location for machine specific defines, prototypes and
inline functions.
ok tb@
|
| |
|
|
| |
No functional change.
|
| |
|
|
| |
No functional change.
|
| | |
|
| |
|
|
|
|
| |
These are just creating clutter and cause grep noise.
ok miod@
|
| |
|
|
|
|
| |
This comes from OpenSSL commit 3da2e9c4ee45989a426ff513dc6c6250d1e460de.
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
Always provide a bn_div_3_words() function, rather than having deeply
nested compiler conditionals. Use readable variable names, clean up
formatting and use a single exit path.
Tested on various platforms by miod@
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
interfaces, and remove empty assembly OPENSSL_cpuid_setup routines - the
default empty C fallback will work as good.
ok jsing@
|
| |
|
|
|
|
| |
This will simplify review/upcoming changes.
No functional change.
|
| |
|
|
| |
This is the result of `unifdef -m -U BN_COUNT'.
|
| |
|
|
|
|
|
|
|
|
| |
The new BN_CTX code enforces that the context be started before a BIGNUM
can be obtained from it via BN_CTX_get(), tests for ssl/interop and the
openssl app broke, implying missing test coverage in libcrypto itself.
Add the obviously missing bits.
reported by anton
ok jsing
|
| |
|
|
|
| |
on amd64. no pic handling is neccessary since amd64 has full reach.
ok kettenis
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
For various reasons, the ecp_nistp* and ecp_nistz* code is unused. While
ecp_nistp* was being compiled, it is disabled due to
OPENSSL_NO_EC_NISTP_64_GCC_128 being defined. On the other hand,
ecp_nistz* was not even being built.
We will bring in new versions or alternative versions of such code, if we
end up enabling it in the future. For now it is just causing complexity
(and grep noise) while trying to improve the EC code.
Discussed with tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current BN_CTX implementation is an incredibly overengineered piece of
code, which even includes its own debug system.
Rewrite BN_CTX from scratch, simplifying things things considerably by
having a "stack" of BIGNUM pointers and a matching array of group
assignments. This means that BN_CTX_start() and BN_CTX_end() effectively
do not fail. Unlike the previous implementation, if a failure occurs
nothing will work and the BN_CTX must be freed/recreated, instead of
trying to pick up at the point where the failure occurred (which does
not make sense given its intended usage).
Additionally, it has long been documented that BN_CTX_start() must be
called before BN_CTX_get() can be used, however the previous implementation
did not actually enforce this. Now that missing BN_CTX_start() and
BN_CTX_end() calls have been added to DSA and EC, we can actually make
this a hard requirement.
ok tb@
|
| |
|
|
|
|
|
|
| |
We have a function called recallocarray() - make use of it rather than
handrolling a version of it. Also have bn_expand() call bn_wexpand(),
which avoids some duplication.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
If we have a BN_CTX available, make use of it rather than calling BN_new().
Always allocate a new priv_key and pub_key, rather than having complex
reuse dances on entry and exit. Add missing BN_CTX_start()/BN_CTX_end()
calls.
ok tb@
|
| |
|
|
|
|
|
| |
fetch them correctly when building PIC. Also drop unused data, and remove
--no-execute-only from linker flags.
ok kettenis@
|
| |
|
|
|
|
|
| |
fetch them correctly when building PIC. Also drop unused data, and remove
--no-execute-only from linker flags.
ok jsing@ kettenis@
|
| |
|
|
|
|
|
|
|
|
| |
If an ASN.1 BIT STRING a of length > 0 contains only zero bytes in a->data,
this old code would end up reading from a->data[-1]. This may or may not
crash. Luckily, anton observed two openssl-ruby regress test failures in
the last few days, which could eventually be traced back to this (after a
lot of painful digging due to coredumps not working properly).
ok jsing
|
| |
|
|
|
|
|
|
| |
temporarily force sparc64 libcrypto to be built --no-execute-only because
perlasm is still putting tables (intended to be rodata) into text.
This will help dynamic executables, but static executables won't be
saved by this. But this is temporary because we hope the perlasm problem
is fixed soon.
|
| |
|
|
|
|
|
|
| |
perlasm is still putting tables (intended to be rodata) into text.
This will help dynamic executables, but static executables won't be
saved by this. But this is temporary because we hope the perlasm problem
is fixed soon.
ok miod
|
| |
|
|
|
|
|
|
|
|
|
| |
This adds missing BN_CTX_start()/BN_CTX_end() calls, removes NULL checks
before BN_CTX_end()/BN_CTX_free() (since they're NULL safe) and calls
BN_free() instead of BN_clear_free() (which does the same thing).
Also replace stack allocated BIGNUMs with calls to BN_CTX_get(), using the
BN_CTX that is already available.
ok tb@
|
| |
|
|
|
|
|
| |
Rather than having complicated "attempt to reuse" dances, always allocate
priv_key/pub_key, then free and assign on success.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, BN_lshift1() and BN_rshift1() are separate implementations
that are intended to be faster since the shift is known (and only one bit
crosses a word boundary). However, with the rewrite of BN_lshift() and
BN_rshift(), they are either slower or only minimally faster (depending
on architecture).
Avoid duplication and turn BN_lshift1()/BN_rshift1() into functions that
call inlined versions of BN_lshift()/BN_rshift(), making BN_lshift() and
BN_rshift() call the same inlined implementation. This results in a single
implementation and BN_lshift1()/BN_rshift1() that out perform the previous
versions (in part due to compiler optimisation).
Now that none of the original code exists, replace the license and
copyright for this file.
ok tb@
|
| |
|
|
|
|
|
|
| |
This improves readability and eliminates special handling for various
cases, making the code cleaner and closer to constant time. Basic
benchmarking shows a performance gain on modern 64 bit architectures.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
| |
All of our BIGNUMs are cleared when we free them - move the code to
BN_free() and have BN_clear_free() call BN_free(), rather than the other
way around.
ok tb@
|
| |
|
|
| |
ok tb@
|
| | |
|
| |
|
|
| |
tests for TLSv1.3 since that's not currently handled.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This improves readability and eliminates special handling for various
cases, making the code cleaner and closer to constant time.
Basic benchmarking shows a performance gain on modern 64 bit architectures,
while there is a decrease on legacy 32 bit architectures (i386),
particularly for the zero bit shift case (which is now handled in the
same code path).
ok tb@
|
| | |
|
