diff options
Diffstat (limited to 'openssl/crypto/bn')
-rw-r--r-- | openssl/crypto/bn/Makefile | 2 | ||||
-rwxr-xr-x | openssl/crypto/bn/asm/vis3-mont.pl | 10 | ||||
-rw-r--r-- | openssl/crypto/bn/asm/x86_64-mont5.pl | 13 | ||||
-rw-r--r-- | openssl/crypto/bn/bn.h | 5 | ||||
-rw-r--r-- | openssl/crypto/bn/bn_err.c | 6 | ||||
-rw-r--r-- | openssl/crypto/bn/bn_gf2m.c | 18 | ||||
-rw-r--r-- | openssl/crypto/bn/bn_lcl.h | 2 | ||||
-rw-r--r-- | openssl/crypto/bn/bn_print.c | 7 | ||||
-rw-r--r-- | openssl/crypto/bn/bn_rand.c | 10 | ||||
-rw-r--r-- | openssl/crypto/bn/bn_shift.c | 10 |
10 files changed, 62 insertions, 21 deletions
diff --git a/openssl/crypto/bn/Makefile b/openssl/crypto/bn/Makefile index 5361dc827..61dce05ad 100644 --- a/openssl/crypto/bn/Makefile +++ b/openssl/crypto/bn/Makefile @@ -176,6 +176,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: bn_prime.h depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/openssl/crypto/bn/asm/vis3-mont.pl b/openssl/crypto/bn/asm/vis3-mont.pl index a1357de0e..263ac02b6 100755 --- a/openssl/crypto/bn/asm/vis3-mont.pl +++ b/openssl/crypto/bn/asm/vis3-mont.pl @@ -100,7 +100,7 @@ $code.=<<___; ld [$ap+12], $t3 or $t0, $aj, $aj add $ap, 16, $ap - stxa $aj, [$anp]0xe2 ! converted ap[0] + stx $aj, [$anp] ! converted ap[0] mulx $aj, $m0, $lo0 ! ap[0]*bp[0] umulxhi $aj, $m0, $hi0 @@ -150,7 +150,7 @@ $code.=<<___; sllx $t1, 32, $aj add $ap, 8, $ap or $t0, $aj, $aj - stxa $aj, [$anp]0xe2 ! converted ap[j] + stx $aj, [$anp] ! converted ap[j] ld [$np+0], $t2 ! np[j] addcc $nlo, $hi1, $lo1 @@ -169,7 +169,7 @@ $code.=<<___; addcc $lo0, $lo1, $lo1 ! np[j]*m1+ap[j]*bp[0] umulxhi $nj, $m1, $nj ! nhi=nj addxc %g0, $hi1, $hi1 - stxa $lo1, [$tp]0xe2 ! tp[j-1] + stx $lo1, [$tp] ! tp[j-1] add $tp, 8, $tp ! tp++ brnz,pt $cnt, .L1st @@ -182,12 +182,12 @@ $code.=<<___; addxc $nj, %g0, $hi1 addcc $lo0, $lo1, $lo1 ! np[j]*m1+ap[j]*bp[0] addxc %g0, $hi1, $hi1 - stxa $lo1, [$tp]0xe2 ! tp[j-1] + stx $lo1, [$tp] ! tp[j-1] add $tp, 8, $tp addcc $hi0, $hi1, $hi1 addxc %g0, %g0, $ovf ! upmost overflow bit - stxa $hi1, [$tp]0xe2 + stx $hi1, [$tp] add $tp, 8, $tp ba .Louter diff --git a/openssl/crypto/bn/asm/x86_64-mont5.pl b/openssl/crypto/bn/asm/x86_64-mont5.pl index fa22c30b1..820de3d6f 100644 --- a/openssl/crypto/bn/asm/x86_64-mont5.pl +++ b/openssl/crypto/bn/asm/x86_64-mont5.pl @@ -3226,11 +3226,16 @@ $code.=<<___; .type bn_get_bits5,\@abi-omnipotent .align 16 bn_get_bits5: - mov $inp,%r10 + lea 0($inp),%r10 + lea 1($inp),%r11 mov $num,%ecx - shr \$3,$num - movzw (%r10,$num),%eax - and \$7,%ecx + shr \$4,$num + and \$15,%ecx + lea -8(%ecx),%eax + cmp \$11,%ecx + cmova %r11,%r10 + cmova %eax,%ecx + movzw (%r10,$num,2),%eax shrl %cl,%eax and \$31,%eax ret diff --git a/openssl/crypto/bn/bn.h b/openssl/crypto/bn/bn.h index 78709d384..5696965e9 100644 --- a/openssl/crypto/bn/bn.h +++ b/openssl/crypto/bn/bn.h @@ -779,6 +779,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num); * wouldn't be constructed with top!=dmax. */ \ BN_ULONG *_not_const; \ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ + /* Debug only - safe to ignore error return */ \ RAND_pseudo_bytes(&_tmp_char, 1); \ memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ @@ -892,6 +893,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 # define BN_F_BN_GF2M_MOD_SQR 136 # define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 # define BN_F_BN_MOD_EXP2_MONT 118 # define BN_F_BN_MOD_EXP_MONT 109 # define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 @@ -907,12 +909,14 @@ void ERR_load_BN_strings(void); # define BN_F_BN_NEW 113 # define BN_F_BN_RAND 114 # define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RSHIFT 146 # define BN_F_BN_USUB 115 /* Reason codes. */ # define BN_R_ARG2_LT_ARG3 100 # define BN_R_BAD_RECIPROCAL 101 # define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 # define BN_R_CALLED_WITH_EVEN_MODULUS 102 # define BN_R_DIV_BY_ZERO 103 # define BN_R_ENCODING_ERROR 104 @@ -920,6 +924,7 @@ void ERR_load_BN_strings(void); # define BN_R_INPUT_NOT_REDUCED 110 # define BN_R_INVALID_LENGTH 106 # define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 # define BN_R_NOT_A_SQUARE 111 # define BN_R_NOT_INITIALIZED 107 # define BN_R_NO_INVERSE 108 diff --git a/openssl/crypto/bn/bn_err.c b/openssl/crypto/bn/bn_err.c index faa7e226b..e7a703826 100644 --- a/openssl/crypto/bn/bn_err.c +++ b/openssl/crypto/bn/bn_err.c @@ -1,6 +1,6 @@ /* crypto/bn/bn_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -94,6 +94,7 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, + {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"}, {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, @@ -109,6 +110,7 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, + {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"}, {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, {0, NULL} }; @@ -117,6 +119,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"}, {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"}, + {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"}, {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"}, {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"}, @@ -125,6 +128,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"}, {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"}, {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"}, + {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"}, {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"}, {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, diff --git a/openssl/crypto/bn/bn_gf2m.c b/openssl/crypto/bn/bn_gf2m.c index aeee49a01..cfa1c7ce1 100644 --- a/openssl/crypto/bn/bn_gf2m.c +++ b/openssl/crypto/bn/bn_gf2m.c @@ -450,8 +450,7 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]) d0 = p[k] % BN_BITS2; d1 = BN_BITS2 - d0; z[n] ^= (zz << d0); - tmp_ulong = zz >> d1; - if (d0 && tmp_ulong) + if (d0 && (tmp_ulong = zz >> d1)) z[n + 1] ^= tmp_ulong; } @@ -694,9 +693,10 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) } # else { - int i, ubits = BN_num_bits(u), vbits = BN_num_bits(v), /* v is copy - * of p */ - top = p->top; + int i; + int ubits = BN_num_bits(u); + int vbits = BN_num_bits(v); /* v is copy of p */ + int top = p->top; BN_ULONG *udp, *bdp, *vdp, *cdp; bn_wexpand(u, top); @@ -740,8 +740,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ubits--; } - if (ubits <= BN_BITS2 && udp[0] == 1) - break; + if (ubits <= BN_BITS2) { + if (udp[0] == 0) /* poly was reducible */ + goto err; + if (udp[0] == 1) + break; + } if (ubits < vbits) { i = ubits; diff --git a/openssl/crypto/bn/bn_lcl.h b/openssl/crypto/bn/bn_lcl.h index 7cd58830e..00f4f0994 100644 --- a/openssl/crypto/bn/bn_lcl.h +++ b/openssl/crypto/bn/bn_lcl.h @@ -294,7 +294,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, # endif # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) # if defined(__GNUC__) && __GNUC__>=2 -# if __GNUC__>=4 && __GNUC_MINOR__>=4 +# if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4) /* "h" constraint is no more since 4.4 */ # define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) # define BN_UMULT_LOHI(low,high,a,b) ({ \ diff --git a/openssl/crypto/bn/bn_print.c b/openssl/crypto/bn/bn_print.c index 4dcaae32b..ab10b957b 100644 --- a/openssl/crypto/bn/bn_print.c +++ b/openssl/crypto/bn/bn_print.c @@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a) char *buf; char *p; - buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + if (a->neg && BN_is_zero(a)) { + /* "-0" == 3 bytes including NULL terminator */ + buf = OPENSSL_malloc(3); + } else { + buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + } if (buf == NULL) { BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE); goto err; diff --git a/openssl/crypto/bn/bn_rand.c b/openssl/crypto/bn/bn_rand.c index 7ac71ec8e..f9fb2e9e4 100644 --- a/openssl/crypto/bn/bn_rand.c +++ b/openssl/crypto/bn/bn_rand.c @@ -121,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) int ret = 0, bit, bytes, mask; time_t tim; + if (bits < 0 || (bits == 1 && top > 0)) { + BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL); + return 0; + } + if (bits == 0) { BN_zero(rnd); return 1; @@ -157,7 +162,8 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) unsigned char c; for (i = 0; i < bytes; i++) { - RAND_pseudo_bytes(&c, 1); + if (RAND_pseudo_bytes(&c, 1) < 0) + goto err; if (c >= 128 && i > 0) buf[i] = buf[i - 1]; else if (c < 42) @@ -168,7 +174,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) } #endif - if (top != -1) { + if (top >= 0) { if (top) { if (bit == 0) { buf[0] = 1; diff --git a/openssl/crypto/bn/bn_shift.c b/openssl/crypto/bn/bn_shift.c index 4f3e8ffed..9673d9a30 100644 --- a/openssl/crypto/bn/bn_shift.c +++ b/openssl/crypto/bn/bn_shift.c @@ -137,6 +137,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + r->neg = a->neg; nw = n / BN_BITS2; if (bn_wexpand(r, a->top + nw + 1) == NULL) @@ -174,6 +179,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + nw = n / BN_BITS2; rb = n % BN_BITS2; lb = BN_BITS2 - rb; |