Age | Commit message (Collapse) | Author |
|
|
|
[Problem pointed out by Adam Young <adamy (at) acm.org>]
|
|
PR: 1266
|
|
locally initialising their own.
NB: I've removed the "BN_clear_free()" loops for the exit-paths in some of
these functions, and that may be a major part of the performance
improvements we're seeing. The "free" part can be removed because we're
using BN_CTX. The "clear" part OTOH can be removed because BN_CTX
destruction automatically performs this task, so performing it inside
functions that may be called repeatedly is wasteful. This is currently safe
within openssl due to the fact that BN_CTX objects are never created for
longer than a single high-level operation. However, that is only because
there's currently no mechanism in openssl for thread-local storage. Beyond
that, this might be an issue for applications using the bignum API directly
and caching their own BN_CTX objects. The solution is to introduce a flag
to BN_CTX_start() that allows its variables to be automatically sanitised
on release during BN_CTX_end(). This way any higher-level function (and
perhaps the application) can specify this flag in its own
BN_CTX_start()/BN_CTX_end() pair, and this will cause inner-loop functions
specifying the flag to be ignored so that sanitisation is handled only once
back out at the higher level. I will be implementing this in the near
future.
|
|
is itself experimental, and in addition may cause execution to break on
existing openssl "bugs" that previously were harmless or at least
invisible.
|
|
|
|
PR: 446
|
|
- a patch to fix a memory leak in rsa_gen.c
- a note about compiler warnings with unions
- a note about improving structure element names
This applies his patch and implements a solution to the notes.
|
|
key-generation and prime-checking functions. Rather than explicitly passing
callback functions and caller-defined context data for the callbacks, a new
structure BN_GENCB is defined that encapsulates this; a pointer to the
structure is passed to all such functions instead.
This wrapper structure allows the encapsulation of "old" and "new" style
callbacks - "new" callbacks return a boolean result on the understanding
that returning FALSE should terminate keygen/primality processing. The
BN_GENCB abstraction will allow future callback modifications without
needing to break binary compatibility nor change the API function
prototypes. The new API functions have been given names ending in "_ex" and
the old functions are implemented as wrappers to the new ones. The
OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined,
declaration of the older functions will be skipped. NB: Some
openssl-internal code will stick with the older callbacks for now, so
appropriate "#undef" logic will be put in place - this is in case the user
is *building* openssl (rather than *including* its headers) with this
symbol defined.
There is another change in the new _ex functions; the key-generation
functions do not return key structures but operate on structures passed by
the caller, the return value is a boolean. This will allow for a smoother
transition to having key-generation as "virtual function" in the various
***_METHOD tables.
|
|
|
|
|
|
(by using new BN_pseudo_rand_range function)
|
|
two functions that did expansion on in parameters (BN_mul() and
BN_sqr()). The problem was solved by making bn_dup_expand() which is
a mix of bn_expand2() and BN_dup().
|
|
temporary BIGNUMs. BN_CTX still uses a fixed number of BIGNUMs, but
the BN_CTX implementation could now easily be changed.
|
|
|
|
|
|
|
|
|
|
|
|
primes (negligible for larger ones).
|
|
|
|
|
|
(including another problem in the s3_srvr.c state machine).
|
|
New function BN_pseudo_rand().
Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when
generating DSA primes (why not use BN_is_prime()?)
|
|
|
|
|
|
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.
|
|
Primes p where (p-1)/2 is prime too are called "safe", not "strong".
|
|
|
|
This also avoids the problems with SC4.2 and unpatched SC5.
Submitted by: Andy Polyakov <appro@fy.chalmers.se>
|
|
|
|
|
|
Submitted by:
Reviewed by:
PR:
|
|
|
|
|
|
|
|
|
|
|