Skip to content
  1. Mar 25, 2004
    • Geoff Thorpe's avatar
      Adjust various bignum functions to use BN_CTX for variables instead of · c86f2054
      Geoff Thorpe authored
      locally initialising their own.
      
      NB: I've removed the "BN_clear_free()" loops for the exit-paths in some of
      these functions, and that may be a major part of the performance
      improvements we're seeing. The "free" part can be removed because we're
      using BN_CTX. The "clear" part OTOH can be removed because BN_CTX
      destruction automatically performs this task, so performing it inside
      functions that may be called repeatedly is wasteful. This is currently safe
      within openssl due to the fact that BN_CTX objects are never created for
      longer than a single high-level operation. However, that is only because
      there's currently no mechanism in openssl for thread-local storage. Beyond
      that, this might be an issue for applications using the bignum API directly
      and caching their own BN_CTX objects. The solution is to introduce a flag
      to BN_CTX_start() that allows its variables to be automatically sanitised
      on release during BN_CTX_end(). This way any higher-level function (and
      perhaps the application) can specify this flag in its own
      BN_CTX_start()/BN_CTX_end() pair, and this will cause inner-loop functions
      specifying the flag to be ignored so that sanitisation is handled only once
      back out at the higher level. I will be implementing this in the near
      future.
      c86f2054
    • Geoff Thorpe's avatar
      Replace the BN_CTX implementation with my current work. I'm leaving the · 5c98b2ca
      Geoff Thorpe authored
      little TODO list in there as well as the debugging code (only enabled if
      BN_CTX_DEBUG is defined).
      
      I'd appreciate as much review and testing as can be spared for this. I'll
      commit some changes to other parts of the bignum code shortly to make
      better use of this implementation (no more fixed size limitations). Note
      also that under identical optimisations, I'm seeing a noticable speed
      increase over openssl-0.9.7 - so any feedback to confirm/deny this on other
      systems would also be most welcome.
      5c98b2ca
    • Geoff Thorpe's avatar
      Adds warnings about two curves and fixes the "seed" value for two other · 51487109
      Geoff Thorpe authored
      curves.
      
      Submitted by: Nils Larsch
      51487109
    • Geoff Thorpe's avatar
      ... and this should likewise fix up those RSA implementations that weren't · ea77fc33
      Geoff Thorpe authored
      already built and tested.
      ea77fc33
    • Geoff Thorpe's avatar
      By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key · 46ef873f
      Geoff Thorpe authored
      operations no longer require two distinct BN_CTX structures. This may put
      more "strain" on the current BN_CTX implementation (which has a fixed limit
      to the number of variables it will hold), but so far this limit is not
      triggered by any of the tests pass and I will be changing BN_CTX in the
      near future to avoid this problem anyway.
      
      This also changes the default RSA implementation code to use the BN_CTX in
      favour of initialising some of its variables locally in each function.
      46ef873f
    • Geoff Thorpe's avatar
      Damn, I was a bit hasty with my fix and hadn't spotted the linker · 2d2a5ba3
      Geoff Thorpe authored
      dependency from asn1.
      2d2a5ba3
    • Geoff Thorpe's avatar
      Remove some warnings. · 2bd4e337
      Geoff Thorpe authored
      2bd4e337
    • Geoff Thorpe's avatar
  2. Mar 24, 2004
  3. Mar 23, 2004
  4. Mar 21, 2004
  5. Mar 17, 2004
    • Geoff Thorpe's avatar
      Note my bignum hijinx in case app maintainers are using CHANGES for their · 7f663ce4
      Geoff Thorpe authored
      porting efforts. Also, add Richard's name to the prior change.
      7f663ce4
    • Geoff Thorpe's avatar
      Variety of belt-tightenings in the bignum code. (Please help test this!) · e042540f
      Geoff Thorpe authored
      - Remove some unnecessary "+1"-like fudges. Sizes should be handled
        exactly, as enlarging size parameters causes needless bloat and may just
        make bugs less likely rather than fixing them: bn_expand() macro,
        bn_expand_internal(), and BN_sqr().
      - Deprecate bn_dup_expand() - it's new since 0.9.7, unused, and not that
        useful.
      - Remove unnecessary zeroing of unused bytes in bn_expand2().
      - Rewrite BN_set_word() - it should be much simpler, the previous
        complexities probably date from old mismatched type issues.
      - Add missing bn_check_top() macros in bn_word.c
      - Improve some degenerate case handling in BN_[add|sub]_word(), add
        comments, and avoid a bignum expansion if an overflow isn't possible.
      e042540f
  6. Mar 16, 2004
  7. Mar 15, 2004
  8. Mar 13, 2004
    • Geoff Thorpe's avatar
      Convert openssl code not to assume the deprecated form of BN_zero(). · b6358c89
      Geoff Thorpe authored
      Remove certain redundant BN_zero() initialisations, because BN_CTX_get(),
      BN_init(), [etc] already initialise to zero.
      
      Correct error checking in bn_sqr.c, and be less wishy-wash about how/why
      the result's 'top' value is set (note also, 'max' is always > 0 at this
      point).
      b6358c89
    • Geoff Thorpe's avatar
      The efforts to eliminate the dual-representation of zero and to ensure · 5d735465
      Geoff Thorpe authored
      bignums are passed in and out of functions and APIs in a consistent form
      has highlighted that zero-valued bignums don't need any allocated word
      data. The use of BN_set_word() to initialise a bignum to zero causes
      needless allocation and gives it a return value that must be checked. This
      change converts BN_zero() to a self-contained macro that has no
      return/expression value and does not cause any expansion of bignum data.
      
      Note, it would be tempting to rewrite the deprecated version as a
      success-valued comma expression, such as;
         #define BN_zero(a) ((a)->top = (a)->neg = 0, 1)
      However, this evaluates 'a' twice and would confuse initialisation loops
      (eg. while(..) { BN_zero(bn++) } ). As such, the deprecated version
      continues to use BN_set_word().
      5d735465
    • Geoff Thorpe's avatar
      Document a change I'd already made, and at the same time, correct the · 9e051bac
      Geoff Thorpe authored
      change to work properly; BN_zero() should set 'neg' to zero as well as
      'top' to match the behaviour of BN_new().
      9e051bac
  9. Mar 12, 2004
    • Andy Polyakov's avatar
      IRIX 6.x shared build fix-up. · 30fbcaa2
      Andy Polyakov authored
      For reference. Note that both cc and gcc support -Wl flag, but we can't
      use -Wl,-[not]all with both drivers, because cc rearranges options
      passed through -Wl. We can't use -Wl,-all,libcrypto.a,-notall with cc
      either, because it refuses to start with "no input" error.
      30fbcaa2
  10. Mar 10, 2004
  11. Mar 09, 2004
  12. Mar 08, 2004