summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/bn/bn_lib.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Rewrite bn_correct_top().jsing2022-11-301-1/+8
| | | | | | | bn_correct_top() is currently a macro and far more complex than it needs to be - rewrite it as a function. ok tb@
* Fix return values bug in BN_ucmp().jsing2022-11-301-4/+6
| | | | | | | | BN_ucmp() is supposed to return -1/0/1 on a < b, a == b and a > b, however it currently returns other negative and positive values when the top of a and b differ. Correct this. ok tb@
* Mop up more BN_DEBUG related code.jsing2022-11-301-6/+1
|
* Make internal header file names consistenttb2022-11-261-2/+2
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Remove BIGNUM consistency macros.jsing2022-11-261-32/+1
| | | | | | | | | | | | Compiling with BN_DEBUG (and if you want to take it further, BN_DEBUG_RAND) supposedly adds consistency checks to the BN code. These are rarely if ever used and introduce a bunch of clutter in the code. Furthermore, there are hacks in place to undo things that the debugging code does. Remove all of this mess and instead rely on always enabled checks, more readable code and proper regress coverage to ensure correct behaviour. "Good riddance." tb@
* Change bn_expand()/bn_wexpand() to indicate failure/success via 0/1.jsing2022-11-241-18/+18
| | | | | | | | | Currently bn_expand()/bn_wexpand() return a BIGNUM *, however none of the callers use this (and many already treat it as a true/false value). Change these functions to return 0 on failure and 1 on success, revising callers that test against NULL in the process. ok tb@
* Use bn_wexpand() rather than bn_expand() with sizeof(BN_ULONG).jsing2022-11-231-2/+2
| | | | | | | This also fixes a bug in BN_MONT_CTX_set(), where the sizeof(BN_ULONG) in the call to bn_expand() was not multiplied by eight (to get bits). ok tb@
* Ensure that bn_expand()/bn_wexpand() fail on negative sizes.jsing2022-11-231-1/+7
| | | | ok tb@
* Turn bn_wexpand() into a function.jsing2022-11-231-2/+11
| | | | | | | | Any sensible compiler will likely inline this anyway (and even if it does not, one extra function call/return is the least of the performance overhead for this code). ok tb@
* Move bn_expand() under bn_expand2().jsing2022-11-231-13/+13
| | | | | | No functional change. ok tb@
* Remove unused bn_dup_expand().jsing2022-11-231-53/+1
| | | | ok tb@
* Move #ifndef OPENSSL_NO_DEPRECATED.jsing2022-11-231-21/+21
| | | | | | | The BN_set_params()/BN_get_params() and associated unused variables are meant to be in this block, not things like BN_new() and BN_free(). ok tb@
* Prepare to provide BN_security_bits()tb2022-06-271-1/+32
| | | | ok beck jsing
* Pull BN_{new,init,clear,clear_free,free} up to the top of bn_lib.cjsing2021-12-271-58/+58
| | | | Discussed with tb@
* Implement the BN_is_negative macro as a functiontb2021-12-041-1/+7
| | | | ok inoguchi jsing
* Provide function implementations for various BN_* macrostb2021-12-041-1/+39
| | | | | | | | BN_abs_is_word, BN_is_{zero,one,word,odd}, BN_one, BN_zero_ex are now implemented as functions for internal use. They will be exposed publicly to replace the macros reaching into BIGNUM in the next bump. ok inoguchi jsing
* Provide replacement functions for the BN_{get,set,with}_flags() macros.tb2021-12-041-1/+25
| | | | ok inoguchi jsing
* Provide replacement functions for the BN_GENCB_set{,_old}() macrostb2021-12-041-1/+19
| | | | | | | | The function implementations are necessary to make BIGNUM opaque. They will be used in libcrypto internally until they will replace the macro implementations with the next bump. ok inoguchi jsing
* Prepare to provide BN_bn2{,le}binpad() and BN_lebin2bn()tb2021-09-081-8/+131
| | | | | | | | | As found by jsg and patrick, this is needed for newer uboot and will also be used in upcoming elliptic curve work. This is from OpenSSL 1.1.1l with minor style tweaks. ok beck inoguchi
* Make BN_num_bits_word() constant time.tb2019-06-171-48/+18
| | | | | | | | | | | | | | | | | Previously, this function would leak the most significant word of its argument due to branching and memory access pattern. This patch is enough to fix the use of BN_num_bits() on RSA prime factors in the library. The diff is a simplified and more readable (but perhaps less efficient) version of https://github.com/openssl/openssl/commit/972c87df by Andy Polyakov and David Benjamin (pre license change). Consult that commit message for details. Subsequent fixes to follow in the near future. Issue pointed out by David Schrammel and Samuel Weiser as part of a larger report. tests & ok inoguchi, ok jsing
* Add range checks to varios ASN1_INTEGER functions to ensure thebeck2019-03-231-1/+3
| | | | | | sizes used remain a positive integer. Should address issue 13799 from oss-fuzz ok tb@ jsing@
* Use a size_t instead of an int for the byte count in BN_swap_ct().tb2018-07-231-6/+9
| | | | | | | | Since bignums use ints for the same purpose, this still uses an int internally after an overflow check. Suggested by and discussed with jsing. ok inoguchi, jsing
* Eliminate the weird condition in the BN_swap_ct() API that at most one bittb2018-07-131-3/+3
| | | | | | | | be set in condition. This makes the constant time bit-twiddling a bit trickier, but it's not too bad. Thanks to halex for an extensive rubber ducking session over a non-spicy spicy tabouleh falafel.. ok jsing, kn
* Sync commentkn2018-07-111-3/+5
| | | | | | Makes it a tad easier to read through and compare with BN_swap_ct(). OK tb
* Turn yesterday's optimistic ! in an XXX comment into a more cautious ?tb2018-07-111-2/+2
|
* Provide BN_swap_ct(), a constant time function that conditionally swapstb2018-07-101-1/+49
| | | | | | | | | | two bignums. It's saner and substantially less ugly than the existing public BN_constantime_swap() function and will be used in forthcoming work on constant time ECC code. From Billy Brumley and his team. Thanks! ok jsing
* Use explicit_bzero() rather than memset() when clearing a BIGNUM.jsing2018-05-121-2/+2
| | | | ok bcook@ tb@
* Provide BN_GENCB_new(), BN_GENCB_free() and BN_GENCB_get_arg()jsing2018-02-201-1/+26
|
* use freezero() instead of memset/explicit_bzero + free. Substantiallyderaadt2017-05-021-9/+5
| | | | | | | | | | reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-6/+5
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* 'accomodate' -> 'accommodate' in comments.krw2016-03-151-2/+2
| | | | Started by diff from Mical Mazurek.
* graduate bn_expand() to a real function. the openssl version of thisderaadt2016-03-041-1/+13
| | | | | | | uses a macro with multiple-evaluations of arguments (different amount than the previous version..), but doug/bcook's inline version makes BIGNUM not opaque [problem spotted by naddy] ok doug
* Correct spelling of OPENSSL_cleanse.jsing2015-09-101-4/+4
| | | | ok miod@
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-121-3/+2
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-111-2/+3
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-101-1/+3
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-101-1/+3
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* remove unused, private version strings except SSL_version_strbcook2014-07-091-3/+1
| | | | | | Also remove unused des_ver.h, which exports some of these strings, but is not installed. ok miod@ tedu@
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* ok, next pass after review: when possible, put the reallocarray argumentsderaadt2014-05-291-1/+1
| | | | in the "size_t nmemb, size_t size"
* convert 53 malloc(a*b) to reallocarray(NULL, a, b). that is 53deraadt2014-05-291-2/+2
| | | | | | | | | potential integer overflows easily changed into an allocation return of NULL, with errno nicely set if need be. checks for an allocations returning NULL are commonplace, or if the object is dereferenced (quite normal) will result in a nice fault which can be detected & repaired properly. ok tedu
* Emergency knfectomie requested by tedu@.jsing2014-05-081-449/+493
|
* with the first bug it uncovered fixed, clear all bignums again.tedu2014-05-071-17/+9
| | | | i've never worked on codebase so resistant to efforts to improve it.
* in BN_clear_free, don't cleanse the data if the static data flag is set.tedu2014-05-071-3/+2
| | | | | | | | much debugging work done by otto. ok miod otto. side note: BN_FLG_STATIC_DATA doesn't actually mean the data is static. it's also used to indicate the data may be secretly shared behind your back as a sort of poor man's refcounting, but without the refcounting.
* revert, thanks sthentedu2014-05-071-9/+17
|
* inspired by a cloudflare diff, cleanse old memory when expanding a bignum.tedu2014-05-051-17/+9
| | | | | | however, instead of trying to audit all the places where a secret bignum is used, apply the big hammer and clear all bignums when freed. ok deraadt miod
* Try to clean the maze of <openssl/bn.h> defines regarding the BN internals.miod2014-04-241-28/+1
| | | | | | | | | | | | | | | | | | | | | | | The intent of this change is to only keep support for two kind of architectures: - those with 32-bit int and long, and 64-bit long long, where ``long * long -> long long'' multiplication routines are available. - those with 64-bit int and long, and no 128-bit long long type. This gets rid of the SIXTY_FOUR_BIT_LONG, SIXTY_FOUR_BIT (not the same!), THIRTY_TWO_BIT, SIXTEEN_BIT and EIGHT_BIT defines. After this change, the types and defines are as follows: arch: 64bit 32bit rationale BN_LLONG undefined defined defined if l * l -> ll BN_ULLONG undefined u long long result of BN_LONG * BN_LONG BN_ULONG u long u int native register size BN_LONG long int the same, signed BN_BITS 128 64 size of 2*BN_ULONG in bits BN_BYTES 8 4 size of 2*BN_ULONG in bytes BN_BITS2 64 32 BN_BITS / 2 Tested on various 32-bit and 64-bit OpenBSD systems of various endianness.
* I'm glad to know that Ultrix CC has a bug optimizing switch() statementsmiod2014-04-231-5/+0
| | | | | lacking an explicit `case 0:' construct. But Ultrix has been dead for more than 15 years, really. Don't give it any reason to move out of its coffin.
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-8/+8
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-0/+52
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-09-21 13:47:15 +0000