summaryrefslogtreecommitdiffstats
path: root/src/crypto/bn
diff options
context:
space:
mode:
Diffstat (limited to 'src/crypto/bn')
-rw-r--r--src/crypto/bn/CMakeLists.txt1
-rw-r--r--src/crypto/bn/asm/rsaz-avx2.pl30
-rw-r--r--src/crypto/bn/asm/rsaz-x86_64.pl25
-rw-r--r--src/crypto/bn/asm/x86_64-mont.pl20
-rw-r--r--src/crypto/bn/asm/x86_64-mont5.pl20
-rw-r--r--src/crypto/bn/exponentiation.c28
-rw-r--r--src/crypto/bn/generic.c2
-rw-r--r--src/crypto/bn/montgomery.c18
-rw-r--r--src/crypto/bn/prime.c2
9 files changed, 47 insertions, 99 deletions
diff --git a/src/crypto/bn/CMakeLists.txt b/src/crypto/bn/CMakeLists.txt
index 232e40a..b7130d7 100644
--- a/src/crypto/bn/CMakeLists.txt
+++ b/src/crypto/bn/CMakeLists.txt
@@ -76,3 +76,4 @@ add_executable(
)
target_link_libraries(bn_test crypto)
+add_dependencies(all_tests bn_test)
diff --git a/src/crypto/bn/asm/rsaz-avx2.pl b/src/crypto/bn/asm/rsaz-avx2.pl
index 3b6ccf8..bbceccb 100644
--- a/src/crypto/bn/asm/rsaz-avx2.pl
+++ b/src/crypto/bn/asm/rsaz-avx2.pl
@@ -79,29 +79,13 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
- =~ /GNU assembler version ([2-9]\.[0-9]+)/) {
- $avx = ($1>=2.19) + ($1>=2.22);
- $addx = ($1>=2.23);
-}
-
-if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
- `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
- $avx = ($1>=2.09) + ($1>=2.10);
- $addx = ($1>=2.10);
-}
-
-if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
- `ml64 2>&1` =~ /Version ([0-9]+)\./) {
- $avx = ($1>=10) + ($1>=11);
- $addx = ($1>=11);
-}
-
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) {
- my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
- $avx = ($ver>=3.0) + ($ver>=3.01);
- $addx = ($ver>=3.03);
-}
+# In upstream, this is controlled by shelling out to the compiler to check
+# versions, but BoringSSL is intended to be used with pre-generated perlasm
+# output, so this isn't useful anyway.
+#
+# TODO(davidben): Enable these after testing. $avx goes up to 2 and $addx to 1.
+$avx = 0;
+$addx = 0;
open OUT,"| \"$^X\" $xlate $flavour $output";
*STDOUT = *OUT;
diff --git a/src/crypto/bn/asm/rsaz-x86_64.pl b/src/crypto/bn/asm/rsaz-x86_64.pl
index 3bd45db..4113d53 100644
--- a/src/crypto/bn/asm/rsaz-x86_64.pl
+++ b/src/crypto/bn/asm/rsaz-x86_64.pl
@@ -98,25 +98,12 @@ die "can't locate x86_64-xlate.pl";
open OUT,"| \"$^X\" $xlate $flavour $output";
*STDOUT=*OUT;
-if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
- =~ /GNU assembler version ([2-9]\.[0-9]+)/) {
- $addx = ($1>=2.23);
-}
-
-if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
- `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
- $addx = ($1>=2.10);
-}
-
-if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
- `ml64 2>&1` =~ /Version ([0-9]+)\./) {
- $addx = ($1>=12);
-}
-
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) {
- my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
- $addx = ($ver>=3.03);
-}
+# In upstream, this is controlled by shelling out to the compiler to check
+# versions, but BoringSSL is intended to be used with pre-generated perlasm
+# output, so this isn't useful anyway.
+#
+# TODO(davidben): Enable this after testing. $addx goes up to 1.
+$addx = 0;
($out, $inp, $mod) = ("%rdi", "%rsi", "%rbp"); # common internal API
{
diff --git a/src/crypto/bn/asm/x86_64-mont.pl b/src/crypto/bn/asm/x86_64-mont.pl
index 39476ab..04c4bea 100644
--- a/src/crypto/bn/asm/x86_64-mont.pl
+++ b/src/crypto/bn/asm/x86_64-mont.pl
@@ -53,20 +53,12 @@ die "can't locate x86_64-xlate.pl";
open OUT,"| \"$^X\" $xlate $flavour $output";
*STDOUT=*OUT;
-if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
- =~ /GNU assembler version ([2-9]\.[0-9]+)/) {
- $addx = ($1>=2.23);
-}
-
-if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
- `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
- $addx = ($1>=2.10);
-}
-
-if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
- `ml64 2>&1` =~ /Version ([0-9]+)\./) {
- $addx = ($1>=12);
-}
+# In upstream, this is controlled by shelling out to the compiler to check
+# versions, but BoringSSL is intended to be used with pre-generated perlasm
+# output, so this isn't useful anyway.
+#
+# TODO(davidben): Enable this option after testing. $addx goes up to 1.
+$addx = 0;
# int bn_mul_mont(
$rp="%rdi"; # BN_ULONG *rp,
diff --git a/src/crypto/bn/asm/x86_64-mont5.pl b/src/crypto/bn/asm/x86_64-mont5.pl
index 80e9126..38def07 100644
--- a/src/crypto/bn/asm/x86_64-mont5.pl
+++ b/src/crypto/bn/asm/x86_64-mont5.pl
@@ -38,20 +38,12 @@ die "can't locate x86_64-xlate.pl";
open OUT,"| \"$^X\" $xlate $flavour $output";
*STDOUT=*OUT;
-if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
- =~ /GNU assembler version ([2-9]\.[0-9]+)/) {
- $addx = ($1>=2.23);
-}
-
-if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
- `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
- $addx = ($1>=2.10);
-}
-
-if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
- `ml64 2>&1` =~ /Version ([0-9]+)\./) {
- $addx = ($1>=12);
-}
+# In upstream, this is controlled by shelling out to the compiler to check
+# versions, but BoringSSL is intended to be used with pre-generated perlasm
+# output, so this isn't useful anyway.
+#
+# TODO(davidben): Enable this after testing. $addx goes up to 1.
+$addx = 0;
# int bn_mul_mont_gather5(
$rp="%rdi"; # BN_ULONG *rp,
diff --git a/src/crypto/bn/exponentiation.c b/src/crypto/bn/exponentiation.c
index 6c5e11b..9cefa62 100644
--- a/src/crypto/bn/exponentiation.c
+++ b/src/crypto/bn/exponentiation.c
@@ -123,6 +123,17 @@
#define RSAZ_ENABLED
#include "rsaz_exp.h"
+
+void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap, const void *table,
+ const BN_ULONG *np, const BN_ULONG *n0, int num,
+ int power);
+void bn_scatter5(const BN_ULONG *inp, size_t num, void *table, size_t power);
+void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power);
+void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, const void *table,
+ const BN_ULONG *np, const BN_ULONG *n0, int num, int power);
+int bn_from_montgomery(BN_ULONG *rp, const BN_ULONG *ap,
+ const BN_ULONG *not_used, const BN_ULONG *np,
+ const BN_ULONG *n0, int num);
#endif
int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) {
@@ -274,10 +285,10 @@ static int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
goto err;
}
- if (BN_ucmp(m, &(recp->N)) < 0) {
+ if (BN_ucmp(m, &recp->N) < 0) {
BN_zero(d);
if (!BN_copy(r, m)) {
- return 0;
+ goto err;
}
BN_CTX_end(ctx);
return 1;
@@ -994,19 +1005,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
/* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
* 512-bit RSA is hardly relevant, we omit it to spare size... */
if (window == 5 && top > 1) {
- void bn_mul_mont_gather5(BN_ULONG * rp, const BN_ULONG * ap,
- const void * table, const BN_ULONG * np,
- const BN_ULONG * n0, int num, int power);
- void bn_scatter5(const BN_ULONG * inp, size_t num, void * table,
- size_t power);
- void bn_gather5(BN_ULONG * out, size_t num, void * table, size_t power);
- void bn_power5(BN_ULONG * rp, const BN_ULONG * ap, const void * table,
- const BN_ULONG * np, const BN_ULONG * n0, int num,
- int power);
- int bn_from_montgomery(BN_ULONG * rp, const BN_ULONG * ap,
- const BN_ULONG * not_used, const BN_ULONG * np,
- const BN_ULONG * n0, int num);
-
BN_ULONG *np = mont->N.d, *n0 = mont->n0, *np2;
/* BN_to_montgomery can contaminate words above .top
diff --git a/src/crypto/bn/generic.c b/src/crypto/bn/generic.c
index 0e7d867..c240a54 100644
--- a/src/crypto/bn/generic.c
+++ b/src/crypto/bn/generic.c
@@ -1068,7 +1068,7 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
tp[num + 1] = 0;
goto enter;
- for (i = 0; i < num; i++) {
+ for (; i < num; i++) {
c0 = 0;
ml = bp[i];
#ifdef mul64
diff --git a/src/crypto/bn/montgomery.c b/src/crypto/bn/montgomery.c
index c6c9c88..3fec7e3 100644
--- a/src/crypto/bn/montgomery.c
+++ b/src/crypto/bn/montgomery.c
@@ -130,16 +130,12 @@ BN_MONT_CTX *BN_MONT_CTX_new(void) {
return NULL;
}
- BN_MONT_CTX_init(ret);
- ret->flags = BN_FLG_MALLOCED;
- return ret;
-}
+ memset(ret, 0, sizeof(BN_MONT_CTX));
+ BN_init(&ret->RR);
+ BN_init(&ret->N);
+ BN_init(&ret->Ni);
-void BN_MONT_CTX_init(BN_MONT_CTX *mont) {
- memset(mont, 0, sizeof(BN_MONT_CTX));
- BN_init(&mont->RR);
- BN_init(&mont->N);
- BN_init(&mont->Ni);
+ return ret;
}
void BN_MONT_CTX_free(BN_MONT_CTX *mont) {
@@ -150,9 +146,7 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) {
BN_free(&mont->RR);
BN_free(&mont->N);
BN_free(&mont->Ni);
- if (mont->flags & BN_FLG_MALLOCED) {
- OPENSSL_free(mont);
- }
+ OPENSSL_free(mont);
}
BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) {
diff --git a/src/crypto/bn/prime.c b/src/crypto/bn/prime.c
index bbb8fe0..d07e609 100644
--- a/src/crypto/bn/prime.c
+++ b/src/crypto/bn/prime.c
@@ -710,7 +710,7 @@ loop:
if (!BN_add_word(rnd, delta)) {
return 0;
}
- if (BN_num_bits(rnd) != bits) {
+ if (BN_num_bits(rnd) != (unsigned)bits) {
goto again;
}
generated by cgit v1.1 at 2024-06-07 21:08:53 +0000