| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
| |
They should go away, but they have not yet disappeared and this
consolidates the source files.
Discussed with tb@
|
| |
|
|
|
|
|
|
|
| |
Nothing actually uses this code, as OPENSSL_BN_ASM_MONT is not defined
unless there is an assembly implementation available (not to mention that
defining both OPENSSL_NO_ASM and OPENSSL_BN_ASM_MONT at the same time is
extra strange).
Discussed with tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide a function that divides a double word (h:l) by d, returning the
quotient q and the remainder r, such that q * d + r is equal to the
numerator. Call this from the three places that currently implement this
themselves.
This is implemented with some slight indirection, which allows for per
architecture implementations, replacing the define/macro tangle, which
messes with variables that are not passed to it.
Also remove a duplicate of bn_div_words() for the BN_ULLONG && BN_DIV2W
case - this is already handled.
ok tb@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This brings in bignum_add(), bignum_cmadd(), bignum_cmul(), bignum_mul()
and bignum_sub(), along with bignum_{mul,sqr}_4_8_alt() and
bignum_{mul,sqr}_8_16_alt().
Discussed with tb@
|
| |
|
|
|
|
| |
These are wrapped with #ifndef HAVE_BN_ADD_MUL_WORDS/HAVE_BN_MUL_WORDS,
which are defined for architectures that provide their own assembly
versions.
|
| |
|
|
|
| |
This is wrapped with #ifndef HAVE_BN_SQR_WORDS, which is then defined for
architectures that provide their own assembly versions.
|
| |
|
|
|
| |
This is wrapped with #ifndef HAVE_BN_DIV_WORDS, which are defined for
architectures that provide their own assembly versions.
|
| | |
|
| |
|
|
|
| |
These are wrapped with #ifndef HAVE_BN_ADD_WORDS/HAVE_BN_SUB_WORDS, which
are defined for architectures that provide their own assembly versions.
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| | |
|
| | |
|
| |
|
|
| |
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
s2n-bignum provides a collection of bignum routines that are written in
pure machine code. Each function is written in constant-time style and
has a formal proof. We intend on making use of these for libcrypto's
bignum implementation on aarch64 and amd64.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This splits BN_mul() into two parts, one of which is a separate bn_mul()
function. This makes the code more readable and managable, while also
providing a better entry point for assembly optimisation. A separate
bn_mul() is provided for the BN_RECURSION implementation, to reduce
complexity.
This also enables bn_mul_comba4() for four word long bignums - this was
disabled for unknown reasons.
ok tb@
|
| |
|
|
|
|
|
|
| |
This splits BN_sqr() into two parts, one of which is a separate bn_sqr()
function. This makes the code more readable and managable, while also
providing a better entry point for assembly optimisation.
ok tb@
|
| |
|
|
| |
No functional change.
|
| |
|
|
|
|
| |
bn_sqr_comba{4,8}() is now always available.
ok tb@
|
| |
|
|
|
|
|
| |
Wrap these in HAVE_BN_{MUL,SQR}_COMBA{4,8} defines. Add these defines to
bn_arch.h where the architecture currently provides its own version.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
These depend on other macros that are in already in bn_local.h and this
makes them available to other source files. A lot more clean up will be
needed in the future.
Of course x86_64-gcc.c makes use of the same macro names - sprinkle some
undef in there for the time being.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
This will provide a location for machine specific defines, prototypes and
inline functions.
ok tb@
|
| |
|
|
| |
No functional change.
|
| |
|
|
| |
No functional change.
|
| | |
|
| |
|
|
|
|
| |
These are just creating clutter and cause grep noise.
ok miod@
|
| |
|
|
|
|
| |
This comes from OpenSSL commit 3da2e9c4ee45989a426ff513dc6c6250d1e460de.
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
Always provide a bn_div_3_words() function, rather than having deeply
nested compiler conditionals. Use readable variable names, clean up
formatting and use a single exit path.
Tested on various platforms by miod@
ok tb@
|
| |
|
|
|
|
| |
This will simplify review/upcoming changes.
No functional change.
|
| |
|
|
| |
This is the result of `unifdef -m -U BN_COUNT'.
|
| |
|
|
|
| |
on amd64. no pic handling is neccessary since amd64 has full reach.
ok kettenis
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current BN_CTX implementation is an incredibly overengineered piece of
code, which even includes its own debug system.
Rewrite BN_CTX from scratch, simplifying things things considerably by
having a "stack" of BIGNUM pointers and a matching array of group
assignments. This means that BN_CTX_start() and BN_CTX_end() effectively
do not fail. Unlike the previous implementation, if a failure occurs
nothing will work and the BN_CTX must be freed/recreated, instead of
trying to pick up at the point where the failure occurred (which does
not make sense given its intended usage).
Additionally, it has long been documented that BN_CTX_start() must be
called before BN_CTX_get() can be used, however the previous implementation
did not actually enforce this. Now that missing BN_CTX_start() and
BN_CTX_end() calls have been added to DSA and EC, we can actually make
this a hard requirement.
ok tb@
|
| |
|
|
|
|
|
|
| |
We have a function called recallocarray() - make use of it rather than
handrolling a version of it. Also have bn_expand() call bn_wexpand(),
which avoids some duplication.
ok tb@
|
| |
|
|
|
|
|
| |
fetch them correctly when building PIC. Also drop unused data, and remove
--no-execute-only from linker flags.
ok kettenis@
|
| |
|
|
|
|
|
| |
fetch them correctly when building PIC. Also drop unused data, and remove
--no-execute-only from linker flags.
ok jsing@ kettenis@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, BN_lshift1() and BN_rshift1() are separate implementations
that are intended to be faster since the shift is known (and only one bit
crosses a word boundary). However, with the rewrite of BN_lshift() and
BN_rshift(), they are either slower or only minimally faster (depending
on architecture).
Avoid duplication and turn BN_lshift1()/BN_rshift1() into functions that
call inlined versions of BN_lshift()/BN_rshift(), making BN_lshift() and
BN_rshift() call the same inlined implementation. This results in a single
implementation and BN_lshift1()/BN_rshift1() that out perform the previous
versions (in part due to compiler optimisation).
Now that none of the original code exists, replace the license and
copyright for this file.
ok tb@
|
| |
|
|
|
|
|
|
| |
This improves readability and eliminates special handling for various
cases, making the code cleaner and closer to constant time. Basic
benchmarking shows a performance gain on modern 64 bit architectures.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
| |
All of our BIGNUMs are cleared when we free them - move the code to
BN_free() and have BN_clear_free() call BN_free(), rather than the other
way around.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This improves readability and eliminates special handling for various
cases, making the code cleaner and closer to constant time.
Basic benchmarking shows a performance gain on modern 64 bit architectures,
while there is a decrease on legacy 32 bit architectures (i386),
particularly for the zero bit shift case (which is now handled in the
same code path).
ok tb@
|
| |
|
|
|
|
|
| |
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct
ok tb
|
| |
|
|
|
|
|
|
|
|
| |
The only real difference between BN_cmp() and BN_ucmp() is that one has
to respect the sign of the BN (although BN_cmp() also gets to deal with
some insanity from accepting NULLs). Rewrite/cleanup BN_ucmp() and turn
BN_cmp() into code that handles differences in sign, before calling
BN_ucmp().
ok tb@
|
