From e93f9a3284c799bb851afaeddd56ed502ba189b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Thu, 27 Jan 2000 01:50:42 +0000 Subject: [PATCH] Run ispell. Clean up bn_mont.c. --- CHANGES | 6 ++ crypto/bn/bn.h | 19 ++-- crypto/bn/bn_mont.c | 133 ++++++++------------------- crypto/bn/bn_print.c | 2 +- doc/crypto/BN_CTX_new.pod | 2 +- doc/crypto/BN_add.pod | 4 +- doc/crypto/BN_add_word.pod | 2 +- doc/crypto/BN_bn2bin.pod | 4 +- doc/crypto/BN_mod_mul_reciprocal.pod | 2 +- doc/crypto/BN_new.pod | 2 +- doc/crypto/BN_set_bit.pod | 2 +- doc/crypto/RAND_load_file.pod | 2 +- doc/crypto/RAND_set_rand_method.pod | 2 +- doc/crypto/RSA_get_ex_new_index.pod | 9 +- doc/crypto/bn.pod | 4 +- doc/crypto/rand.pod | 2 +- 16 files changed, 73 insertions(+), 124 deletions(-) diff --git a/CHANGES b/CHANGES index 2389e2eb4d..ced9abfca0 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] + *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable) + bignum version of BN_from_montgomery() with the working code from + SSLeay 0.9.0 (the word based version is faster anyway), and clean up + the comments. + [Ulf Möller] + *) Avoid a race condition in s2_clnt.c (function get_server_hello) that made it impossible to use the same SSL_SESSION data structure in SSL2 clients in multiple threads. diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 5d789ff96c..456d34f59b 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -257,16 +257,15 @@ typedef struct bn_blinding_st /* Used for montgomery multiplication */ typedef struct bn_mont_ctx_st - { - int use_word; /* 0 for word form, 1 for long form */ - int ri; /* number of bits in R */ - BIGNUM RR; /* used to convert to montgomery form */ - BIGNUM N; /* The modulus */ - BIGNUM Ni; /* The inverse of N */ - BN_ULONG n0; /* word form of inverse, normally only one of - * Ni or n0 is defined */ + { + int use_word; /* 0 for word form, 1 for bignum form */ + int ri; /* number of bits in R */ + BIGNUM RR; /* used to convert to montgomery form */ + BIGNUM N; /* The modulus */ + BIGNUM Ni; /* The inverse of N (bignum form) */ + BN_ULONG n0; /* The inverse of N in word form */ int flags; - } BN_MONT_CTX; + } BN_MONT_CTX; /* Used for reciprocal division/mod functions * It cannot be shared between threads @@ -360,7 +359,7 @@ int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, int BN_mask_bits(BIGNUM *a,int n); int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); #ifndef WIN16 -int BN_print_fp(FILE *fp, BIGNUM *a); +int BN_print_fp(FILE *fp, const BIGNUM *a); #endif #ifdef HEADER_BIO_H int BN_print(BIO *fp, const BIGNUM *a); diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index ee0f410c22..63db577681 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -66,8 +66,6 @@ #include "cryptlib.h" #include "bn_lcl.h" -#define MONT_WORD - int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx) { @@ -108,6 +106,7 @@ err: int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx) { + int retn=0; #ifdef BN_RECURSION_MONT if (mont->use_word) #endif @@ -115,23 +114,23 @@ int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont, BIGNUM *n,*r; BN_ULONG *ap,*np,*rp,n0,v,*nrp; int al,nl,max,i,x,ri; - int retn=0; r= &(ctx->bn[ctx->tos]); - if (!BN_copy(r,a)) goto err1; + if (!BN_copy(r,a)) goto err; n= &(mont->N); ap=a->d; - /* mont->ri is the size of mont->N in bits/words */ + /* mont->ri is the size of mont->N in bits (rounded up + to the word size) */ al=ri=mont->ri/BN_BITS2; nl=n->top; if ((al == 0) || (nl == 0)) { r->top=0; return(1); } max=(nl+al+1); /* allow for overflow (no?) XXX */ - if (bn_wexpand(r,max) == NULL) goto err1; - if (bn_wexpand(ret,max) == NULL) goto err1; + if (bn_wexpand(r,max) == NULL) goto err; + if (bn_wexpand(ret,max) == NULL) goto err; r->neg=a->neg^n->neg; np=n->d; @@ -204,64 +203,34 @@ printf("word BN_from_montgomery %d * %d\n",nl,nl); BN_usub(ret,ret,&(mont->N)); /* XXX */ } retn=1; -err1: - return(retn); } #ifdef BN_RECURSION_MONT else /* bignum version */ { - BIGNUM *t1,*t2,*t3; - int j,i; + BIGNUM *t1,*t2; -#ifdef BN_COUNT -printf("number BN_from_montgomery\n"); -#endif + t1=&(ctx->bn[ctx->tos]); + t2=&(ctx->bn[ctx->tos+1]); + ctx->tos+=2; - t1= &(ctx->bn[ctx->tos]); - t2= &(ctx->bn[ctx->tos+1]); - t3= &(ctx->bn[ctx->tos+2]); + if (!BN_copy(t1,a)) goto err; + BN_mask_bits(t1,mont->ri); - i=mont->Ni.top; - bn_wexpand(ret,i); /* perhaps only i*2 */ - bn_wexpand(t1,i*4); /* perhaps only i*2 */ - bn_wexpand(t2,i*2); /* perhaps only i */ + if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err; + BN_mask_bits(t2,mont->ri); - bn_mul_low_recursive(t2->d,a->d,mont->Ni.d,i,t1->d); + if (!BN_mul(t1,t2,&mont->N,ctx)) goto err; + if (!BN_add(t2,a,t1)) goto err; + BN_rshift(ret,t2,mont->ri); - BN_zero(t3); - BN_set_bit(t3,mont->N.top*BN_BITS2); - bn_sub_words(t3->d,t3->d,a->d,i); - bn_mul_high(ret->d,t2->d,mont->N.d,t3->d,i,t1->d); - - /* hmm... if a is between i and 2*i, things are bad */ - if (a->top > i) - { - j=(int)(bn_add_words(ret->d,ret->d,&(a->d[i]),i)); - if (j) /* overflow */ - bn_sub_words(ret->d,ret->d,mont->N.d,i); - } - ret->top=i; - bn_fix_top(ret); - if (a->d[0]) - BN_add_word(ret,1); /* Always? */ - else /* Very very rare */ - { - for (i=1; iN.top-1; i++) - { - if (a->d[i]) - { - BN_add_word(ret,1); /* Always? */ - break; - } - } - } - - if (BN_ucmp(ret,&(mont->N)) >= 0) - BN_usub(ret,ret,&(mont->N)); - - return(1); + if (BN_ucmp(ret,&mont->N) >= 0) + BN_usub(ret,ret,&mont->N); + ctx->tos-=2; + retn=1; } #endif + err: + return(retn); } BN_MONT_CTX *BN_MONT_CTX_new(void) @@ -307,7 +276,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) BN_copy(&(mont->N),mod); /* Set N */ #ifdef BN_RECURSION_MONT - if (mont->N.top < BN_MONT_CTX_SET_SIZE_WORD) + /* the word-based algorithm is faster */ + if (mont->N.top > BN_MONT_CTX_SET_SIZE_WORD) #endif { BIGNUM tmod; @@ -317,74 +287,47 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; BN_zero(R); - BN_set_bit(R,BN_BITS2); - /* I was bad, this modification of a passed variable was - * breaking the multithreaded stuff :-( - * z=mod->top; - * mod->top=1; */ + BN_set_bit(R,BN_BITS2); /* R = 2^ri */ - buf[0]=mod->d[0]; + buf[0]=mod->d[0]; /* tmod = N mod word size */ buf[1]=0; tmod.d=buf; tmod.top=1; - tmod.max=mod->max; + tmod.max=2; tmod.neg=mod->neg; - + /* Ri = R^-1 mod N*/ if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL) goto err; - BN_lshift(&Ri,&Ri,BN_BITS2); /* R*Ri */ + BN_lshift(&Ri,&Ri,BN_BITS2); /* R*Ri */ if (!BN_is_zero(&Ri)) - { -#if 1 BN_sub_word(&Ri,1); -#else - BN_usub(&Ri,&Ri,BN_value_one()); /* R*Ri - 1 */ -#endif - } - else - { - /* This is not common..., 1 in BN_MASK2, - * It happens when buf[0] was == 1. So for 8 bit, - * this is 1/256, 16bit, 1 in 2^16 etc. - */ - BN_set_word(&Ri,BN_MASK2); - } - BN_div(&Ri,NULL,&Ri,&tmod,ctx); + else /* if N mod word size == 1 */ + BN_set_word(&Ri,BN_MASK2); /* Ri-- (mod word size) */ + BN_div(&Ri,NULL,&Ri,&tmod,ctx); /* Ni = (R*Ri-1)/N */ mont->n0=Ri.d[0]; BN_free(&Ri); - /* mod->top=z; */ } #ifdef BN_RECURSION_MONT else - { + { /* bignum version */ mont->use_word=0; - mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; -#if 1 + mont->ri=BN_num_bits(mod); BN_zero(R); - BN_set_bit(R,mont->ri); -#else - BN_lshift(R,BN_value_one(),mont->ri); /* R */ -#endif + BN_set_bit(R,mont->ri); /* R = 2^ri */ + /* Ri = R^-1 mod N*/ if ((BN_mod_inverse(&Ri,R,mod,ctx)) == NULL) goto err; BN_lshift(&Ri,&Ri,mont->ri); /* R*Ri */ -#if 1 BN_sub_word(&Ri,1); -#else - BN_usub(&Ri,&Ri,BN_value_one()); /* R*Ri - 1 */ -#endif + /* Ni = (R*Ri-1) / N */ BN_div(&(mont->Ni),NULL,&Ri,mod,ctx); BN_free(&Ri); } #endif /* setup RR for conversions */ -#if 1 BN_zero(&(mont->RR)); BN_set_bit(&(mont->RR),mont->ri*2); -#else - BN_lshift(mont->RR,BN_value_one(),mont->ri*2); -#endif BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx); return(1); diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 2f5ab2617b..92eba4574c 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -280,7 +280,7 @@ err: #ifndef NO_BIO #ifndef NO_FP_API -int BN_print_fp(FILE *fp, BIGNUM *a) +int BN_print_fp(FILE *fp, const BIGNUM *a) { BIO *b; int ret; diff --git a/doc/crypto/BN_CTX_new.pod b/doc/crypto/BN_CTX_new.pod index f9ded384e2..45c70fd407 100644 --- a/doc/crypto/BN_CTX_new.pod +++ b/doc/crypto/BN_CTX_new.pod @@ -42,7 +42,7 @@ L, L, L =head1 HISTORY -BN_CTX_new() and BN_CTX_free() are availabe in all versions on SSLeay +BN_CTX_new() and BN_CTX_free() are available in all versions on SSLeay and OpenSSL. BN_CTX_init() was added in SSLeay 0.9.1b. =cut diff --git a/doc/crypto/BN_add.pod b/doc/crypto/BN_add.pod index 3c0bd7104f..16bb5d466a 100644 --- a/doc/crypto/BN_add.pod +++ b/doc/crypto/BN_add.pod @@ -37,13 +37,15 @@ BN_mod_exp, BN_gcd - Arithmetic operations on BIGNUMs BN_add() adds B and B and places the result in B (C). B may be the same B as B or B. -BN_sub() substracts B from B and places the result in B (C). +BN_sub() subtracts B from B and places the result in B (C). BN_mul() multiplies B and B and places the result in B (C). +For multiplication by powers of 2, use BN_lshift(3). BN_div() divides B by B and places the result in B and the remainder in B (C). Either of B and B may be NULL, in which case the respective value is not returned. +For division by powers of 2, use BN_rshift(3). BN_sqr() takes the square of B and places the result in B (C). B and B may be the same B. diff --git a/doc/crypto/BN_add_word.pod b/doc/crypto/BN_add_word.pod index 1ee4429cd9..ee02e98920 100644 --- a/doc/crypto/BN_add_word.pod +++ b/doc/crypto/BN_add_word.pod @@ -27,7 +27,7 @@ arithmetic operations. BN_add_word() adds B to B (C). -BN_sub_word() substracts B from B (C). +BN_sub_word() subtracts B from B (C). BN_mul_word() multiplies B and B (C). diff --git a/doc/crypto/BN_bn2bin.pod b/doc/crypto/BN_bn2bin.pod index 1a6c237744..6bf5f34822 100644 --- a/doc/crypto/BN_bn2bin.pod +++ b/doc/crypto/BN_bn2bin.pod @@ -18,7 +18,7 @@ BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn - Format conversions int BN_dec2bn(BIGNUM **a, const char *str); int BN_print(BIO *fp, const BIGNUM *a); - int BN_print_fp(FILE *fp, BIGNUM *a); + int BN_print_fp(FILE *fp, const BIGNUM *a); int BN_bn2mpi(const BIGNUM *a, unsigned char *to); BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret); @@ -59,7 +59,7 @@ must be large enough to hold the result. The size can be determined by calling BN_bn2mpi(B, NULL). BN_mpi2bn() converts the B bytes long representation at B to -a B and stores it ar B, or in a newly allocated B +a B and stores it at B, or in a newly allocated B if B is NULL. =head1 RETURN VALUES diff --git a/doc/crypto/BN_mod_mul_reciprocal.pod b/doc/crypto/BN_mod_mul_reciprocal.pod index b158a0f318..74d1cc4e5b 100644 --- a/doc/crypto/BN_mod_mul_reciprocal.pod +++ b/doc/crypto/BN_mod_mul_reciprocal.pod @@ -69,6 +69,6 @@ L B was added in SSLeay 0.9.0. Before that, the function BN_reciprocal() was used instead, and the BN_mod_mul_reciprocal() -arguments werde different. +arguments were different. =cut diff --git a/doc/crypto/BN_new.pod b/doc/crypto/BN_new.pod index 8715d99ae7..c1394ff2a3 100644 --- a/doc/crypto/BN_new.pod +++ b/doc/crypto/BN_new.pod @@ -46,7 +46,7 @@ L, L =head1 HISTORY -BN_new(), BN_clear(), BN_free() and BN_clear_free() are availabe in +BN_new(), BN_clear(), BN_free() and BN_clear_free() are available in all versions on SSLeay and OpenSSL. BN_init() was added in SSLeay 0.9.1b. diff --git a/doc/crypto/BN_set_bit.pod b/doc/crypto/BN_set_bit.pod index 75dc5e68e0..fd887ecd89 100644 --- a/doc/crypto/BN_set_bit.pod +++ b/doc/crypto/BN_set_bit.pod @@ -33,7 +33,7 @@ error occurs it B is shorter than B bits. BN_is_bit_set() tests if bit B in B is set. BN_mask_bits() truncates B to an B bit number -(CEn)>). An error occurs it B already is +(CEn)>). An error occurs it B already is shorter than B bits. BN_lshift() shifts B left by B bits and places the result in diff --git a/doc/crypto/RAND_load_file.pod b/doc/crypto/RAND_load_file.pod index 1cd14dc52f..dd344fbd43 100644 --- a/doc/crypto/RAND_load_file.pod +++ b/doc/crypto/RAND_load_file.pod @@ -28,7 +28,7 @@ up to to B are read; if B is -1, the complete file is read. RAND_write_file() writes a number of random bytes (currently 1024) to -file B which can be used to initialze the PRNG by calling +file B which can be used to initialize the PRNG by calling RAND_load_file() in a later session. =head1 RETURN VALUES diff --git a/doc/crypto/RAND_set_rand_method.pod b/doc/crypto/RAND_set_rand_method.pod index b323ab06b7..0e3e3d728a 100644 --- a/doc/crypto/RAND_set_rand_method.pod +++ b/doc/crypto/RAND_set_rand_method.pod @@ -25,7 +25,7 @@ returns a pointer to that method. RAND_set_rand_method() sets the RAND method to B. RAND_get_rand_method() returns a pointer to the current method. -=head1 THE RAND_METHOD STUCTURE +=head1 THE RAND_METHOD STRUCTURE typedef struct rand_meth_st { diff --git a/doc/crypto/RSA_get_ex_new_index.pod b/doc/crypto/RSA_get_ex_new_index.pod index 30900d9258..3e2c525901 100644 --- a/doc/crypto/RSA_get_ex_new_index.pod +++ b/doc/crypto/RSA_get_ex_new_index.pod @@ -25,8 +25,6 @@ RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specifi int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, int idx, long argl, void *argp); - - =head1 DESCRIPTION Several OpenSSL structures can have application specific data attached to them. @@ -42,7 +40,7 @@ new application specific data. It takes three optional function pointers which are called when the parent structure (in this case an RSA structure) is initially created, when it is copied and when it is freed up. If any or all of these function pointer arguments are not used they should be set to NULL. The -precise manner in which these function pointer are called is described in more +precise manner in which these function pointers are called is described in more detail below. B also takes additional long and pointer parameters which will be passed to the supplied functions but which otherwise have no special meaning. It returns an B which should be stored @@ -113,10 +111,11 @@ present in the parent RSA structure when it is called. =head1 SEE ALSO -... +rsa(3) =head1 HISTORY -... +RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data are +available since SSLeay 0.9.0. =cut diff --git a/doc/crypto/bn.pod b/doc/crypto/bn.pod index bc500ab0c1..ca48019b96 100644 --- a/doc/crypto/bn.pod +++ b/doc/crypto/bn.pod @@ -81,7 +81,7 @@ bn - Multiprecision integer arithmetics int BN_hex2bn(BIGNUM **a, const char *str); int BN_dec2bn(BIGNUM **a, const char *str); int BN_print(BIO *fp, const BIGNUM *a); - int BN_print_fp(FILE *fp, BIGNUM *a); + int BN_print_fp(FILE *fp, const BIGNUM *a); int BN_bn2mpi(const BIGNUM *a, unsigned char *to); BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret); @@ -125,7 +125,7 @@ should not be modified or accessed directly. The creation of B objects is described in L; L describes most of the arithmetic operations. -Comparision is described in L; L +Comparison is described in L; L describes certain assignments, L the generation of random numbers, L deals with prime numbers and L with bit operations. The conversion diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod index 3797d4bc2d..0b9ae50c05 100644 --- a/doc/crypto/rand.pod +++ b/doc/crypto/rand.pod @@ -2,7 +2,7 @@ =head1 NAME -rand - Psdeudo-random number generator +rand - Pseudo-random number generator =head1 SYNOPSIS -- GitLab