Hide symbols in bn

ok tb@

Disallow aliasing of return value and modulus

All the functions changed in this commit would silently misbehave if the
return value aliases the modulus, most of the time they would succeed and
retur

Disallow aliasing of return value and modulus

All the functions changed in this commit would silently misbehave if the
return value aliases the modulus, most of the time they would succeed and
return an incorrect result of 0 in that situation. This adjusts all the
functions in BN_mod.c, others and documentation will follow later.

Prompted by a bug report about BN_mod_inverse() by Guido Vranken.

ok jsing

show more ...

Convert BN_copy() with explicit comparison against NULL to bn_copy()

ok jsing

Clean up and simplify BN_mod_lshift{,_quick}().

BN_mod_lshift() already has a BN_CTX available, make use of it rather than
calling BN_dup() and BN_free().

In BN_mod_lshift_quick(), BN_copy() alread

Clean up and simplify BN_mod_lshift{,_quick}().

BN_mod_lshift() already has a BN_CTX available, make use of it rather than
calling BN_dup() and BN_free().

In BN_mod_lshift_quick(), BN_copy() already handles dst == src, so avoid
checking this before the call. The max_shift == 0 case can also be handled
without code duplication. And as with other *_quick() functions, use
BN_ucmp() and BN_usub() directly given the 0 <= a < m constraint.

ok tb@

show more ...

Clean up BN_mod_mul() and simplify BN_mod_sqr().

Use the same naming/code pattern in BN_mod_mul() as is used in BN_mul().
Note that the 'rr' allocation is unnecessary, since both BN_mul() and
BN_sqr

Clean up BN_mod_mul() and simplify BN_mod_sqr().

Use the same naming/code pattern in BN_mod_mul() as is used in BN_mul().
Note that the 'rr' allocation is unnecessary, since both BN_mul() and
BN_sqr() handle the case where r == a || r == b. However, it avoids a
potential copy on the exit from BN_mul()/BN_sqr(), so leave it in place
for now.

Turn BN_mod_sqr() into a wrapper that calls BN_mod_mul(), since it already
calls BN_sqr() in the a == b. The supposed gain of calling BN_mod_ct()
instead of BN_nnmod() does not really exist.

ok tb@

show more ...

Simplify BN_mod_{lshift1,sub}_quick().

The BN_mod_.*_quick() functions require that their inputs are non-negative
and are already reduced. As such, they can and should use BN_ucmp() and
BN_usub() in

Simplify BN_mod_{lshift1,sub}_quick().

The BN_mod_.*_quick() functions require that their inputs are non-negative
and are already reduced. As such, they can and should use BN_ucmp() and
BN_usub() instead of BN_cmp() and BN_add()/BN_sub() (which internally call
BN_uadd()/BN_usub() and potentially BN_cmp()).

ok tb@

show more ...

Simplify BN_nnmod().

In the case that the result is negative (i.e. one of a or m is negative),
the positive result can be achieved via a single BN_usub(). This simplifies
BN_nnmod() and avoids indir

Simplify BN_nnmod().

In the case that the result is negative (i.e. one of a or m is negative),
the positive result can be achieved via a single BN_usub(). This simplifies
BN_nnmod() and avoids indirection via BN_add()/BN_sub(), which do BN_cmp()
and then call into BN_uadd()/BN_usub().

ok tb@

show more ...

Turn BN_mod_{ct,nonct}() into symbols.

Also use accurate/useful variables names.

ok tb@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_l

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

show more ...

Remove BIGNUM consistency macros.

Compiling with BN_DEBUG (and if you want to take it further, BN_DEBUG_RAND)
supposedly adds consistency checks to the BN code. These are rarely if ever
used and int

Remove BIGNUM consistency macros.

Compiling with BN_DEBUG (and if you want to take it further, BN_DEBUG_RAND)
supposedly adds consistency checks to the BN code. These are rarely if ever
used and introduce a bunch of clutter in the code. Furthermore, there are
hacks in place to undo things that the debugging code does.

Remove all of this mess and instead rely on always enabled checks, more
readable code and proper regress coverage to ensure correct behaviour.

"Good riddance." tb@

show more ...

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Split out BN_div and BN_mod into ct and nonct versions for Internal use.
ok jsing@

Stop abusing the ternary operator to decide which function to call in a
return statement.
ok beck@ jsing@

if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.

review & ok deraadt@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need t

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

show more ...

tags as requested by miod and tedu

Emergency knfectomie requested by tedu@.

Try to clean the maze of <openssl/bn.h> defines regarding the BN internals.

The intent of this change is to only keep support for two kind of architectures:
- those with 32-bit int and long, and 64-

Try to clean the maze of <openssl/bn.h> defines regarding the BN internals.

The intent of this change is to only keep support for two kind of architectures:
- those with 32-bit int and long, and 64-bit long long, where
``long * long -> long long'' multiplication routines are available.
- those with 64-bit int and long, and no 128-bit long long type.

This gets rid of the SIXTY_FOUR_BIT_LONG, SIXTY_FOUR_BIT (not the same!),
THIRTY_TWO_BIT, SIXTEEN_BIT and EIGHT_BIT defines.

After this change, the types and defines are as follows:

arch: 64bit 32bit rationale
BN_LLONG undefined defined defined if l * l -> ll
BN_ULLONG undefined u long long result of BN_LONG * BN_LONG
BN_ULONG u long u int native register size
BN_LONG long int the same, signed
BN_BITS 128 64 size of 2*BN_ULONG in bits
BN_BYTES 8 4 size of 2*BN_ULONG in bytes
BN_BITS2 64 32 BN_BITS / 2

Tested on various 32-bit and 64-bit OpenBSD systems of various endianness.

show more ...

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build
functionality for shared libs.

Note that routines such as sslv2_init and friends that use RSA will
not work due to lack of RSA in th

Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build
functionality for shared libs.

Note that routines such as sslv2_init and friends that use RSA will
not work due to lack of RSA in this library.

Needs documentation and help from ports for easy upgrade to full
functionality where legally possible.

show more ...