summaryrefslogtreecommitdiffstats
path: root/crypto/bn/bn_lib.c
Commit message (Collapse)AuthorAgeFilesLines
* Run util/openssl-format-source -v -c .Matt Caswell2015-01-221-669/+683
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Move more comments that confuse indentMatt Caswell2015-01-221-6/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: crypto/dsa/dsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl_locl.h Conflicts: crypto/bn/rsaz_exp.c crypto/evp/e_aes_cbc_hmac_sha1.c crypto/evp/e_aes_cbc_hmac_sha256.c ssl/ssl_locl.h Conflicts: crypto/ec/ec2_oct.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c crypto/ec/ecp_nistputil.c crypto/ec/ecp_oct.c crypto/modes/gcm128.c ssl/ssl_locl.h Conflicts: apps/apps.c crypto/crypto.h crypto/rand/md_rand.c ssl/d1_pkt.c ssl/ssl.h ssl/ssl_locl.h ssl/ssltest.c ssl/t1_enc.c Reviewed-by: Tim Hudson <tjh@openssl.org>
* Fix indent comment corruption issueMatt Caswell2015-01-221-1/+1
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* indent has problems with comments that are on the right hand side of a line.Matt Caswell2015-01-221-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Conflicts: crypto/bn/bn.h crypto/ec/ec_lcl.h crypto/rsa/rsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl.h ssl/ssl3.h Conflicts: crypto/ec/ec_lcl.h ssl/tls1.h Conflicts: crypto/ec/ecp_nistp224.c crypto/evp/evp.h ssl/d1_both.c ssl/ssl.h ssl/ssl_lib.c Conflicts: crypto/bio/bss_file.c crypto/ec/ec_lcl.h crypto/evp/evp.h crypto/store/str_mem.c crypto/whrlpool/wp_block.c crypto/x509/x509_vfy.h ssl/ssl.h ssl/ssl3.h ssl/ssltest.c ssl/t1_lib.c ssl/tls1.h Reviewed-by: Tim Hudson <tjh@openssl.org>
* mark all block comments that need format preserving so thatTim Hudson2015-01-221-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | indent will not alter them when reformatting comments (cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960) Conflicts: crypto/bn/bn_lcl.h crypto/bn/bn_prime.c crypto/engine/eng_all.c crypto/rc4/rc4_utl.c crypto/sha/sha.h ssl/kssl.c ssl/t1_lib.c Conflicts: crypto/rc4/rc4_enc.c crypto/x509v3/v3_scts.c crypto/x509v3/v3nametest.c ssl/d1_both.c ssl/s3_srvr.c ssl/ssl.h ssl/ssl_locl.h ssl/ssltest.c ssl/t1_lib.c Conflicts: crypto/asn1/a_sign.c crypto/bn/bn_div.c crypto/dsa/dsa_asn1.c crypto/ec/ecp_nistp224.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c crypto/ec/ecp_nistputil.c crypto/modes/gcm128.c crypto/opensslv.h ssl/d1_both.c ssl/heartbeat_test.c ssl/s3_clnt.c ssl/s3_srvr.c ssl/ssl_sess.c ssl/t1_lib.c test/testutil.h Conflicts: apps/openssl.c apps/ts.c apps/vms_decc_init.c crypto/aes/aes_core.c crypto/aes/aes_x86core.c crypto/dsa/dsa_ameth.c crypto/ec/ec2_mult.c crypto/evp/evp.h crypto/objects/objects.h crypto/rsa/rsa_pss.c crypto/stack/safestack.h crypto/ts/ts.h crypto/ts/ts_rsp_verify.c crypto/whrlpool/wp_dgst.c crypto/x509v3/v3_ncons.c e_os2.h engines/ccgost/gost89.c engines/ccgost/gost_ctl.c engines/ccgost/gost_keywrap.c engines/ccgost/gost_keywrap.h engines/ccgost/gost_sign.c ssl/kssl.c ssl/s3_srvr.c Reviewed-by: Tim Hudson <tjh@openssl.org>
* Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data.Matt Caswell2014-07-131-0/+9
| | | | | | | | | | | | | This is actually ok for this function, but initialised to zero anyway if PURIFY defined. This does have the impact of masking any *real* unitialised data reads in bn though. Patch based on approach suggested by Rich Salz. PR#3415 (cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)
* Fix 0.9.8 FIPS capable OpenSSL build.Dr. Stephen Henson2014-06-061-52/+0
| | | | | | | | | The object file bn_lib.o is excluded from FIPS builds which causes a linker error for BN_consttime_swap. So move definition from bn_lib.c to bn_gf2m.c This change is *only* needed for OpenSSL 0.9.8 which uses the 1.2 FIPS module.
* Fix for CVE-2014-0076 backported to 0.9.8 branchmancha2014-03-271-0/+52
| | | | | | | | | | | | Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. Thanks for mancha for backporting the fix to OpenSSL 0.9.8 branch.
* Part FIPS bn merge: move functiosn to bn_opt.c to reduce dependencies.Dr. Stephen Henson2008-09-161-19/+0
|
* Change to mitigate branch prediction attacksBodo Möller2007-03-281-1/+1
| | | | | Submitted by: Matthew D Wood Reviewed by: Bodo Moeller
* Update from HEAD.Dr. Stephen Henson2007-01-211-1/+1
|
* remove BN_ncopy, it was only used in bn_nist.c and wasn't particularNils Larsch2005-05-031-40/+0
| | | | useful anyway
* - use BN_set_negative and BN_is_negative instead of BN_set_signNils Larsch2005-04-221-0/+8
| | | | | | and BN_get_sign - implement BN_set_negative as a function - always use "#define BN_is_zero(a) ((a)->top == 0)"
* Tidy up, including;Geoff Thorpe2004-06-201-9/+10
| | | | | | | | | | - Remove unused and unuseful debug cruft. - Remove unnecessary 'top' fudging from BN_copy(). - Fix a potential memory leak and simplify the expansion logic in BN_bin2bn(). Submitted by: Nils Larsch Reviewed by: Geoff Thorpe
* Deprecate unused cruft, and "make update".Geoff Thorpe2004-06-171-0/+3
|
* Actually, that last change to BN_get_word() was a little too simple.Geoff Thorpe2004-06-171-1/+3
|
* As Nils put it;Geoff Thorpe2004-06-171-48/+4
| | | | | | | | | | | Yet another question: some time ago you changed BN_set_word. Why didn't you change BN_get_word as well? Quite. I'm also removing the older commented-out implementations to improve readability. This complex stuff seems to date from a time when the types didn't match up well. Submitted by: Nils Larsch, Geoff Thorpe
* Variety of belt-tightenings in the bignum code. (Please help test this!)Geoff Thorpe2004-03-171-6/+22
| | | | | | | | | | | | | | | - Remove some unnecessary "+1"-like fudges. Sizes should be handled exactly, as enlarging size parameters causes needless bloat and may just make bugs less likely rather than fixing them: bn_expand() macro, bn_expand_internal(), and BN_sqr(). - Deprecate bn_dup_expand() - it's new since 0.9.7, unused, and not that useful. - Remove unnecessary zeroing of unused bytes in bn_expand2(). - Rewrite BN_set_word() - it should be much simpler, the previous complexities probably date from old mismatched type issues. - Add missing bn_check_top() macros in bn_word.c - Improve some degenerate case handling in BN_[add|sub]_word(), add comments, and avoid a bignum expansion if an overflow isn't possible.
* Use BUF_strlcpy() instead of strcpy().Richard Levitte2003-12-271-4/+4
| | | | | | | Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
* Incremental cleanups to bn_lib.c.Geoff Thorpe2003-12-021-48/+38
| | | | | | | | | - Add missing bn_check_top() calls and relocate some others - Use BN_is_zero() where appropriate - Remove assert()s that bn_check_top() is already covering - Simplify the code in places (esp. bn_expand2()) - Only keep ambiguous zero handling if BN_STRICT isn't defined - Remove some white-space and make some other aesthetic tweaks
* BN_FLG_FREE is of extremely dubious usefulness, and is only referred toGeoff Thorpe2003-12-021-1/+7
| | | | | | | once in the source (where it is set for the benefit of no other code whatsoever). I've deprecated the declaration in the header and likewise made the use of the flag conditional in bn_lib.c. Note, this change also NULLs the 'd' pointer in a BIGNUM when it is reset but not deallocated.
* Declare the static BIGNUM "BN_value_one()" more carefully.Geoff Thorpe2003-12-011-1/+1
|
* This improves the placement of check_top() macros in a couple of bn_libGeoff Thorpe2003-11-291-2/+7
| | | | functions.
* BN_set_bit() etc should use "unsigned int".Ulf Möller2003-11-151-0/+9
| | | | | | Keep it as is to avoid an API change, but check for negativ values. Submitted by: Nils Larsch
* This is a revert of my previous commit to "improve" the declaration ofGeoff Thorpe2003-11-051-8/+0
| | | | | | constant BIGNUMs. It turns out that this trips up different but equally useful compiler warnings to -Wcast-qual, and so wasn't worth the ugliness it created. (Thanks to Ulf for the forehead-slap.)
* Put the first stage of my bignum debugging adventures into CVS. This codeGeoff Thorpe2003-11-041-4/+17
| | | | | | is itself experimental, and in addition may cause execution to break on existing openssl "bugs" that previously were harmless or at least invisible.
* This is the least unacceptable way I've found for declaring the bignum dataGeoff Thorpe2003-11-041-0/+8
| | | | | | and structures as constant without having to cast away const at any point. There is still plenty of other code that makes gcc's "-Wcast-qual" unhappy, but crypto/bn/ is now ok. Purists are welcome to suggest alternatives.
* Some provisional bignum debugging has begun to detect inconsistent BIGNUMGeoff Thorpe2003-10-291-1/+0
| | | | | | | structures being passed in to or out of API functions, and this corrects a couple of cases found so far. Also, lop off a couple of bytes of white-space.
* A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.Geoff Thorpe2003-10-291-6/+6
| | | | | | | | | | I have tried to convert 'len' type variable declarations to unsigned as a means to address these warnings when appropriate, but when in doubt I have used casts in the comparisons instead. The better solution (that would get us all lynched by API users) would be to go through and convert all the function prototypes and structure definitions to use unsigned variables except when signed is necessary. The proliferation of (signed) "int" for strictly non-negative uses is unfortunate.
* A few more memset()s converted to OPENSSL_cleanse().Richard Levitte2002-11-291-2/+2
| | | | | | I *think* I got them all covered by now, bu please, if you find any more, tell me and I'll correct it. PR: 343
* fast reduction for NIST curvesBodo Möller2002-10-281-0/+45
| | | | Submitted by: Nils Larsch
* fix bn_expand2Bodo Möller2002-08-031-2/+3
|
* fix bn_expand2Bodo Möller2002-08-021-8/+11
|
* Move zeroing from bn_expand_internal() to bn_expand2() so that itBodo Möller2002-07-251-12/+22
| | | | | | | | happens reliably, even if the BIGNUM is already sufficiently large. [Note that the bn_expand()/bn_wexpand() macros call bn_expand2() only if the BIGNUM actually has to grow, so this change does not add any new overhead as currently bn_expand2() is never called directly.]
* Constify BN_value_one.Bodo Möller2001-03-081-1/+1
|
* Change error message to "bignum too long"Bodo Möller2000-12-041-1/+1
|
* include <limits.h>Bodo Möller2000-12-031-0/+1
|
* Don't allow BIGNUMs to become so large that computations with dmaxBodo Möller2000-12-031-0/+6
| | | | might overflow.
* Add a comment to explain the purpose of bn_cmp_part_words().Richard Levitte2000-12-021-0/+7
|
* last commit was wrong. Now it works. :)Ulf Möller2000-12-021-2/+2
|
* arglUlf Möller2000-12-021-1/+1
|
* Fix bn_cmp_part_words() and move it to bn_lib.c.Ulf Möller2000-12-021-0/+25
|
* Fix warnings in expspeed.c (but the segmentation fault remains)Bodo Möller2000-11-291-0/+1
| | | | | | | | Improve readability of bn_shift.c. Add comment in bn_lib.c (why zero data between top and max?) Change bntest.c output for BN_kronecker test
* BN_bin2bn did *not* contain an off-by-one error;Bodo Möller2000-11-291-3/+2
| | | | | | I'm still investigating what caused the segementation fault (maybe "make clean; make" will cure it ...). But BN_bin2bn should always reset ret->neg.
* Expand expspeed.c to make BN_kronecker timings.Bodo Möller2000-11-291-75/+14
| | | | | | This caused a segmentation fault in calls to malloc, so I cleaned up bn_lib.c a little so that it is easier to see what is going on. The bug turned out to be an off-by-one error in BN_bin2bn.
* modular arithmeticsBodo Möller2000-11-261-0/+29
| | | | "make update"
* More constification of the BN library.Richard Levitte2000-11-161-1/+1
|
* Handle BN_copy failure after successful BN_new.Bodo Möller2000-11-071-4/+8
|
* handle the case when BN_new returns NULLBodo Möller2000-11-071-5/+13
|
* Constify the BIGNUM routines a bit more. The only trouble were theRichard Levitte2000-11-061-109/+153
| | | | | | two functions that did expansion on in parameters (BN_mul() and BN_sqr()). The problem was solved by making bn_dup_expand() which is a mix of bn_expand2() and BN_dup().
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-06 10:33:39 +0000