[openssl/openssl] 9a4ddf: design: Fixed size large numbers
0 views
Skip to first unread message
Richard Levitte
Dec 12, 2025, 1:48:37 AM (5 days ago) Dec 12
to openssl...@openssl.org
Branch: refs/heads/feature/ossl_fn
Home: https://github.com/openssl/openssl
Commit: 9a4ddf83bcd887276733931a517383996fba0e7a
https://github.com/openssl/openssl/commit/9a4ddf83bcd887276733931a517383996fba0e7a
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
A doc/designs/fixed-size-large-numbers.md
Log Message:
-----------
design: Fixed size large numbers
For the longest time, we have mitigated security issues related to large
numbers (BIGNUM) and constant time in a piece-meal fashion, without really
looking at the problem from a zoomed out, holistic perspective.
An interesting aspect in this problem is that large numbers can vary in
size, and that depending on their combined sizes, the time to perform
mathematical calculations with them vary equally much, and may thereby
unintentionally leak information on those numbers.
To mitigate that sort of timing issue, we introduce fixed size numbers,
which are designed to have payload sizes that are pre-determined, usually by
the crypto system that uses them. This means that even a very small number
(let's take 1 as a ridiculous example) would have the same size payload as a
much larger number, and calculations using them would perform across all
payload bits of all input numbers combined.
These fixed size numbers primarly differ from BIGNUMs in that once they have
been allocated to a certain size, that size will not change throughout its
lifetime.
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28522)
Commit: cfee88d925895b08c21902259af9641d2a27eee4
https://github.com/openssl/openssl/commit/cfee88d925895b08c21902259af9641d2a27eee4
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M doc/designs/fixed-size-large-numbers.md
Log Message:
-----------
Fix spelling in doc/designs/fixed-size-large-numbers.md
Found by codespell.
payed → paid
Reviewed-by: Frederik Wedel-Heinen <fwh.o...@gmail.com>
Reviewed-by: Shane Lontis <shane....@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28787)
Commit: ecb93247e1771cbc81b64190eca64238e3e1082c
https://github.com/openssl/openssl/commit/ecb93247e1771cbc81b64190eca64238e3e1082c
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/build.info
A crypto/fn/build.info
A crypto/fn/fn_lib.c
A crypto/fn/fn_local.h
A include/crypto/fn.h
M include/crypto/types.h
M include/openssl/bn.h
A include/openssl/bn_limbs.h
M test/build.info
A test/fn_internal_test.c
A test/recipes/03-test_internal_fn.t
Log Message:
-----------
Add the fixed number type (OSSL_FN) and its allocators and deallocator
This includes a small test program that performs introspection of the
OSSL_FN, to check that diverse functions do what's expected of them.
For future compatibility reasons, the limb type OSSL_FN_ULONG is based
on BN_ULONG. This caused a slight rearrangement of public BIGNUM related
headers.
Note: experiments with changing the current BIGNUM's 'dmax' and 'top' to be
"size_t" has shown disastrous effects, due to some lower level functions
assuming that they'll receive the size in "int" form rather than "size_t"
form (on some major platforms, these two types have different sizes).
Therefore, this change deviates slightly from the design for fixed numbers
(doc/designs/fixed-size-large-numbers.md) by making OSSL_FN's 'dsize' an
"int" rather than a "size_t".
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/project/issues/1649
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28784)
Commit: 2379ba80c182029b5d2cb8cf6f9932cb55a72540
https://github.com/openssl/openssl/commit/2379ba80c182029b5d2cb8cf6f9932cb55a72540
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/bn/bn_dh.c
M crypto/bn/bn_exp.c
M crypto/bn/bn_intern.c
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
M crypto/bn/bn_nist.c
M crypto/bn/bn_prime.c
M crypto/bn/bn_rsa_fips186_5.c
M crypto/bn/bn_srp.c
M crypto/fn/fn_lib.c
M crypto/fn/fn_local.h
M include/crypto/bn.h
M include/crypto/fn.h
Log Message:
-----------
First integration of OSSL_FN into BIGNUM
This integration is made in such a way that OSSL_FN is an optional
'data' field in BIGNUM, i.e. it's allowed to be NULL even though
the BIGNUM's 'd' field is non-NULL.
The public BIGNUM API will do what it can to ensure that the 'data'
field becomes non-NULL, but remains lax on input BIGNUMs, for now.
This allows diverse internal bn constants and hacks to continue to
function with minimal friction. These constants and hacks will
incrementally be modified to use OSSL_FN where they currently use
BN_ULONG.
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/openssl/issues/28931
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28930)
Commit: dd286f40abeba86e01be69bc9c3d8cb6dd7dd44b
https://github.com/openssl/openssl/commit/dd286f40abeba86e01be69bc9c3d8cb6dd7dd44b
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/bn/bn_add.c
M crypto/bn/bn_blind.c
M crypto/bn/bn_conv.c
M crypto/bn/bn_div.c
M crypto/bn/bn_exp.c
M crypto/bn/bn_gf2m.c
M crypto/bn/bn_intern.c
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
M crypto/bn/bn_mod.c
M crypto/bn/bn_mont.c
M crypto/bn/bn_mpi.c
M crypto/bn/bn_mul.c
M crypto/bn/bn_nist.c
M crypto/bn/bn_shift.c
M crypto/bn/bn_sqr.c
Log Message:
-----------
BIGNUM: Adjust the requirements on 'top' and the 'd' array for OSSL_FN compat
BIGNUM is quite sloppy with its contents of the 'd' array above 'top'. This
has been further exasperated by the 'bn_pollute' macro, which makes that slop
quite explicit.
That's fine within a purely BIGNUM context.
Enter OSSL_FN, which requires that the whole 'd' array is numerically
consistent, not just the BN_ULONGs up to 'top'.
This will, of course, cause trouble as soon as an OSSL_FN that's integrated
in a BIGNUM gets passed to OSSL_FN functions.
To ensure consistency, the following updates are made:
- [only for BIGNUMs in which 'data' is non-NULL] when decreasing 'top', all
BN_ULONGs between the preceding 'top' and the new 'top' must be made zero.
- Drop bn_pollute() entirely, as it's now more harmful than useful.
- Modify bn_check_top() to better check the consistency of BIGNUM with
integrated OSSL_FN, by checking that the part of the 'd' array between
'top' and 'dmax' is all zeroes.
- Add the function 'bn_set_top()', which is recommended to use instead of
assigning 'top' directly, as it will zeroise the intermediary limbs in
the 'd' array when 'top' decreases.
On using 'bn_set_top()', it's highly recommended to use it everywhere,
unless you can be absolutely sure that the BIGNUM that's modified will never
be checked with 'bn_check_top()' or passed to any OSSL_FN function.
Related-to: doc/designs/fixed-size-large-numbers.md
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29015)
Commit: 8f88f337c5b086adb69be776602a4ff52772cd47
https://github.com/openssl/openssl/commit/8f88f337c5b086adb69be776602a4ff52772cd47
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/bn/bn_local.h
Log Message:
-----------
BN_DEBUG: Refactor 'bn_check_top', 'bn_wcheck_size' into static inline functions
All the BN_DEBUG code is also moved below the definition of 'struct bignum_st',
to keep the compilers happy.
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29015)
Commit: cd0a17c522936d24baff7d902ad36476a3a212ef
https://github.com/openssl/openssl/commit/cd0a17c522936d24baff7d902ad36476a3a212ef
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/err/err_all.c
M crypto/err/openssl.ec
M crypto/err/openssl.txt
M crypto/fn/build.info
A crypto/fn/fn_err.c
A crypto/fn/fn_intern.c
M crypto/fn/fn_local.h
A include/crypto/fn_intern.h
A include/crypto/fnerr.h
M include/openssl/err.h.in
M test/fn_internal_test.c
Log Message:
-----------
OSSL_FN: Add internal construction and introspection functions
These functions will be useful with other test programs without having
to include crypto/fn/fn_local.h, making them closer to real world use.
This also introduces OSSL_FN errors
Related-to: doc/designs/fixed-size-large-numbers.md
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: 22a9b22d84abaec894da22c9e349c60dd40565bd
https://github.com/openssl/openssl/commit/22a9b22d84abaec894da22c9e349c60dd40565bd
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/fn/build.info
A crypto/fn/fn_addsub.c
M crypto/fn/fn_local.h
M include/crypto/fn.h
M test/README-dev.md
M test/build.info
A test/fn_api_test.c
A test/recipes/11-test_fn_api.t
Log Message:
-----------
OSSL_FN: Add 'add' and 'sub' functions
This also introduces 'cmp' and 'ucmp' functions, as well as an OSSL_FN
API test program.
OSSL_FNs must not be polluted, so if a BIGNUM has a non-NULL 'data'
field, bn_pollute() will not pollute it. It may be a good idea, though,
to pollute an OSSL_FN before an operation result is written to it, for
testing purposes.
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/openssl/issues/28932
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: e9f71e27e4241b9e4caef22f40483075daf64671
https://github.com/openssl/openssl/commit/e9f71e27e4241b9e4caef22f40483075daf64671
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/bn/bn_local.h
Log Message:
-----------
OSSL_FN: Add internal functions to acquire the OSSL_FN from a BIGNUM
bn_acquire_ossl_fn() returns the OSSL_FN of a BIGNUM if there is one,
expanded to a given number of limbs.
bn_release() makes necessary adjustments to the BIGNUM after a run of
OSSL_FN operations on the OSSL instance it's backed by.
These two functions are most useful with BIGNUMs used to store operation
results, and are meant to help refactoring BN operators to be wrappers
around corresponding OSSL_FN operators.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: 905661e05cc03bf93756ba49c0b688a3ea1cd0d7
https://github.com/openssl/openssl/commit/905661e05cc03bf93756ba49c0b688a3ea1cd0d7
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/bn/bn_add.c
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
Log Message:
-----------
OSSL_FN: Wrap BIGNUM 'add' and 'sub' functions around OSSL_FN functions
This involves the following functions:
- 'BN_add'
- 'BN_sub'
- 'BN_uadd'
- 'BN_usub'
Care is taken to use the previous (now legacy) code if any of the argument
BIGNUMs isn't backed by an OSSL_FN (i.e. if its 'data' field is NULL).
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: aea82b4836163626bd1d3e5ec05670a625d70526
https://github.com/openssl/openssl/commit/aea82b4836163626bd1d3e5ec05670a625d70526
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/bn/bn_mul.c
Log Message:
-----------
BIGNUM: fix setting of 'top' in 'bn_mul_fixed_top'
When 'bn_set_top()' was applied, a couple of spots were missed. This
cause some test failures.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: 97efcb74d8e0b8a66515297695950681913ca76e
https://github.com/openssl/openssl/commit/97efcb74d8e0b8a66515297695950681913ca76e
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/fn/build.info
A crypto/fn/fn_ctx.c
M crypto/fn/fn_lib.c
M crypto/fn/fn_local.h
M include/crypto/fn.h
M include/crypto/types.h
M test/fn_internal_test.c
Log Message:
-----------
Add the fixed number context (OSSL_FN_CTX) with (de)allocators and tests
OSSL_FN_CTX is a reimplementation of BN_CTX, with the intent to have
good enough API parity.
The distinguishing feature with OSSL_FN_CTX is that it works as an arena
allocator, so it must be allocated with an estimate of how much memory
space will be needed for all OSSL_FN instances that will be retrieved
from that arena, and a bit of overhead.
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/openssl/issues/28933
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29161)
Commit: 4eb452f181c22033e5a797ae50e2d90f9fa793f2
https://github.com/openssl/openssl/commit/4eb452f181c22033e5a797ae50e2d90f9fa793f2
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/bn/asm/x86_64-gcc.c
M crypto/bn/bn_asm.c
M crypto/bn/bn_local.h
M crypto/bn/bn_mul.c
A crypto/bn/bnw_mul.c
A crypto/bn/bnw_sub.c
M crypto/bn/build.info
Log Message:
-----------
BIGNUM: separate out word-only helper functions from bn_mul.c
This separation will allow us to use the word-only helper functions
from OSSL_FN functions without pulling in functions that operate on
BIGNUMs.
This also starts the collection of source files with word-only BN
functions that haven't found their way into bn_asm.c for various
reasons.
To recognise them, they are prefixed 'bnw_' instead of 'bn_'.
While at it, consitification is done where appropriate among words
helpers.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: bd53a3d9bb76a114c30408e01028171c87034350
https://github.com/openssl/openssl/commit/bd53a3d9bb76a114c30408e01028171c87034350
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/bn/bn_local.h
M crypto/bn/bnw_mul.c
M doc/internal/man3/bn_mul_words.pod
Log Message:
-----------
BIGNUM: add internal function 'bn_mul_truncated'
This is a variant of 'bn_mul_normal' that allows the result array to
have a smaller size than otherwise expected.
'bn_mul_normal' is refactored to be a wrapper around 'bn_mul_truncated',
with an assumed result size (which is the sum of the operands' sizes).
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: 235116c33eb6c9028dc9feeecea71b2f94e4e3a8
https://github.com/openssl/openssl/commit/235116c33eb6c9028dc9feeecea71b2f94e4e3a8
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/fn/fn_intern.c
M include/crypto/fn_intern.h
Log Message:
-----------
OSSL_FN: constify some of the internal construction and introspection functions
This should have been done when they were added.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: 17c679fd808da87e82863466cbd2bb40b3d7ad48
https://github.com/openssl/openssl/commit/17c679fd808da87e82863466cbd2bb40b3d7ad48
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/asn1/x_long.c
M crypto/build.info
A crypto/int.c
M include/crypto/cryptlib.h
Log Message:
-----------
Add ossl_num_bits(), which returns the significant number of bits in a size_t
This existed as an isolated static function in crypto/asn1/x_long.c, but
is really a pretty generic integer function, so it will serve better by
being exactly that.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: 2f93ffdd8d1bc7d27b4349c510fce8c78fd95d13
https://github.com/openssl/openssl/commit/2f93ffdd8d1bc7d27b4349c510fce8c78fd95d13
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/fn/build.info
M crypto/fn/fn_lib.c
A crypto/fn/fn_mul.c
M include/crypto/fn.h
M test/fn_api_test.c
Log Message:
-----------
OSSL_FN: Add the 'mul' function
OSSL_FN_mul() multiplies two operands. The result OSSL_FN may be of any
size, and if it's smaller than the result of multiplying the two operands,
the result is truncated to that size.
This also adds the function OSSL_FN_copy(), a counterpart for BN_copy(),
as well as an OSSL_FN API test program.
Finally, test/fn_api_test.c is updated with a 'struct test_case_st', used
to instruct test functions what numbers to operate on, and some conditions,
and the 'add' and 'sub' test functions are upgraded to use that structure
for their input.
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/openssl/issues/28934
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: 2b9bd6dcf336e60998fdb0523d372591972a5555
https://github.com/openssl/openssl/commit/2b9bd6dcf336e60998fdb0523d372591972a5555
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/bn/bn_mul.c
Log Message:
-----------
OSSL_FN: Wrap BIGNUM the 'mul' function around the OSSL_FN 'mul' function
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Compare: https://github.com/openssl/openssl/compare/0747ea0bd3ed...2b9bd6dcf336
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Home: https://github.com/openssl/openssl
Commit: 9a4ddf83bcd887276733931a517383996fba0e7a
https://github.com/openssl/openssl/commit/9a4ddf83bcd887276733931a517383996fba0e7a
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
A doc/designs/fixed-size-large-numbers.md
Log Message:
-----------
design: Fixed size large numbers
For the longest time, we have mitigated security issues related to large
numbers (BIGNUM) and constant time in a piece-meal fashion, without really
looking at the problem from a zoomed out, holistic perspective.
An interesting aspect in this problem is that large numbers can vary in
size, and that depending on their combined sizes, the time to perform
mathematical calculations with them vary equally much, and may thereby
unintentionally leak information on those numbers.
To mitigate that sort of timing issue, we introduce fixed size numbers,
which are designed to have payload sizes that are pre-determined, usually by
the crypto system that uses them. This means that even a very small number
(let's take 1 as a ridiculous example) would have the same size payload as a
much larger number, and calculations using them would perform across all
payload bits of all input numbers combined.
These fixed size numbers primarly differ from BIGNUMs in that once they have
been allocated to a certain size, that size will not change throughout its
lifetime.
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28522)
Commit: cfee88d925895b08c21902259af9641d2a27eee4
https://github.com/openssl/openssl/commit/cfee88d925895b08c21902259af9641d2a27eee4
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M doc/designs/fixed-size-large-numbers.md
Log Message:
-----------
Fix spelling in doc/designs/fixed-size-large-numbers.md
Found by codespell.
payed → paid
Reviewed-by: Frederik Wedel-Heinen <fwh.o...@gmail.com>
Reviewed-by: Shane Lontis <shane....@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28787)
Commit: ecb93247e1771cbc81b64190eca64238e3e1082c
https://github.com/openssl/openssl/commit/ecb93247e1771cbc81b64190eca64238e3e1082c
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/build.info
A crypto/fn/build.info
A crypto/fn/fn_lib.c
A crypto/fn/fn_local.h
A include/crypto/fn.h
M include/crypto/types.h
M include/openssl/bn.h
A include/openssl/bn_limbs.h
M test/build.info
A test/fn_internal_test.c
A test/recipes/03-test_internal_fn.t
Log Message:
-----------
Add the fixed number type (OSSL_FN) and its allocators and deallocator
This includes a small test program that performs introspection of the
OSSL_FN, to check that diverse functions do what's expected of them.
For future compatibility reasons, the limb type OSSL_FN_ULONG is based
on BN_ULONG. This caused a slight rearrangement of public BIGNUM related
headers.
Note: experiments with changing the current BIGNUM's 'dmax' and 'top' to be
"size_t" has shown disastrous effects, due to some lower level functions
assuming that they'll receive the size in "int" form rather than "size_t"
form (on some major platforms, these two types have different sizes).
Therefore, this change deviates slightly from the design for fixed numbers
(doc/designs/fixed-size-large-numbers.md) by making OSSL_FN's 'dsize' an
"int" rather than a "size_t".
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/project/issues/1649
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28784)
Commit: 2379ba80c182029b5d2cb8cf6f9932cb55a72540
https://github.com/openssl/openssl/commit/2379ba80c182029b5d2cb8cf6f9932cb55a72540
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/bn/bn_dh.c
M crypto/bn/bn_exp.c
M crypto/bn/bn_intern.c
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
M crypto/bn/bn_nist.c
M crypto/bn/bn_prime.c
M crypto/bn/bn_rsa_fips186_5.c
M crypto/bn/bn_srp.c
M crypto/fn/fn_lib.c
M crypto/fn/fn_local.h
M include/crypto/bn.h
M include/crypto/fn.h
Log Message:
-----------
First integration of OSSL_FN into BIGNUM
This integration is made in such a way that OSSL_FN is an optional
'data' field in BIGNUM, i.e. it's allowed to be NULL even though
the BIGNUM's 'd' field is non-NULL.
The public BIGNUM API will do what it can to ensure that the 'data'
field becomes non-NULL, but remains lax on input BIGNUMs, for now.
This allows diverse internal bn constants and hacks to continue to
function with minimal friction. These constants and hacks will
incrementally be modified to use OSSL_FN where they currently use
BN_ULONG.
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/openssl/issues/28931
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28930)
Commit: dd286f40abeba86e01be69bc9c3d8cb6dd7dd44b
https://github.com/openssl/openssl/commit/dd286f40abeba86e01be69bc9c3d8cb6dd7dd44b
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/bn/bn_add.c
M crypto/bn/bn_blind.c
M crypto/bn/bn_conv.c
M crypto/bn/bn_div.c
M crypto/bn/bn_exp.c
M crypto/bn/bn_gf2m.c
M crypto/bn/bn_intern.c
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
M crypto/bn/bn_mod.c
M crypto/bn/bn_mont.c
M crypto/bn/bn_mpi.c
M crypto/bn/bn_mul.c
M crypto/bn/bn_nist.c
M crypto/bn/bn_shift.c
M crypto/bn/bn_sqr.c
Log Message:
-----------
BIGNUM: Adjust the requirements on 'top' and the 'd' array for OSSL_FN compat
BIGNUM is quite sloppy with its contents of the 'd' array above 'top'. This
has been further exasperated by the 'bn_pollute' macro, which makes that slop
quite explicit.
That's fine within a purely BIGNUM context.
Enter OSSL_FN, which requires that the whole 'd' array is numerically
consistent, not just the BN_ULONGs up to 'top'.
This will, of course, cause trouble as soon as an OSSL_FN that's integrated
in a BIGNUM gets passed to OSSL_FN functions.
To ensure consistency, the following updates are made:
- [only for BIGNUMs in which 'data' is non-NULL] when decreasing 'top', all
BN_ULONGs between the preceding 'top' and the new 'top' must be made zero.
- Drop bn_pollute() entirely, as it's now more harmful than useful.
- Modify bn_check_top() to better check the consistency of BIGNUM with
integrated OSSL_FN, by checking that the part of the 'd' array between
'top' and 'dmax' is all zeroes.
- Add the function 'bn_set_top()', which is recommended to use instead of
assigning 'top' directly, as it will zeroise the intermediary limbs in
the 'd' array when 'top' decreases.
On using 'bn_set_top()', it's highly recommended to use it everywhere,
unless you can be absolutely sure that the BIGNUM that's modified will never
be checked with 'bn_check_top()' or passed to any OSSL_FN function.
Related-to: doc/designs/fixed-size-large-numbers.md
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29015)
Commit: 8f88f337c5b086adb69be776602a4ff52772cd47
https://github.com/openssl/openssl/commit/8f88f337c5b086adb69be776602a4ff52772cd47
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/bn/bn_local.h
Log Message:
-----------
BN_DEBUG: Refactor 'bn_check_top', 'bn_wcheck_size' into static inline functions
All the BN_DEBUG code is also moved below the definition of 'struct bignum_st',
to keep the compilers happy.
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29015)
Commit: cd0a17c522936d24baff7d902ad36476a3a212ef
https://github.com/openssl/openssl/commit/cd0a17c522936d24baff7d902ad36476a3a212ef
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/err/err_all.c
M crypto/err/openssl.ec
M crypto/err/openssl.txt
M crypto/fn/build.info
A crypto/fn/fn_err.c
A crypto/fn/fn_intern.c
M crypto/fn/fn_local.h
A include/crypto/fn_intern.h
A include/crypto/fnerr.h
M include/openssl/err.h.in
M test/fn_internal_test.c
Log Message:
-----------
OSSL_FN: Add internal construction and introspection functions
These functions will be useful with other test programs without having
to include crypto/fn/fn_local.h, making them closer to real world use.
This also introduces OSSL_FN errors
Related-to: doc/designs/fixed-size-large-numbers.md
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: 22a9b22d84abaec894da22c9e349c60dd40565bd
https://github.com/openssl/openssl/commit/22a9b22d84abaec894da22c9e349c60dd40565bd
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/fn/build.info
A crypto/fn/fn_addsub.c
M crypto/fn/fn_local.h
M include/crypto/fn.h
M test/README-dev.md
M test/build.info
A test/fn_api_test.c
A test/recipes/11-test_fn_api.t
Log Message:
-----------
OSSL_FN: Add 'add' and 'sub' functions
This also introduces 'cmp' and 'ucmp' functions, as well as an OSSL_FN
API test program.
OSSL_FNs must not be polluted, so if a BIGNUM has a non-NULL 'data'
field, bn_pollute() will not pollute it. It may be a good idea, though,
to pollute an OSSL_FN before an operation result is written to it, for
testing purposes.
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/openssl/issues/28932
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: e9f71e27e4241b9e4caef22f40483075daf64671
https://github.com/openssl/openssl/commit/e9f71e27e4241b9e4caef22f40483075daf64671
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/bn/bn_local.h
Log Message:
-----------
OSSL_FN: Add internal functions to acquire the OSSL_FN from a BIGNUM
bn_acquire_ossl_fn() returns the OSSL_FN of a BIGNUM if there is one,
expanded to a given number of limbs.
bn_release() makes necessary adjustments to the BIGNUM after a run of
OSSL_FN operations on the OSSL instance it's backed by.
These two functions are most useful with BIGNUMs used to store operation
results, and are meant to help refactoring BN operators to be wrappers
around corresponding OSSL_FN operators.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: 905661e05cc03bf93756ba49c0b688a3ea1cd0d7
https://github.com/openssl/openssl/commit/905661e05cc03bf93756ba49c0b688a3ea1cd0d7
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/bn/bn_add.c
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
Log Message:
-----------
OSSL_FN: Wrap BIGNUM 'add' and 'sub' functions around OSSL_FN functions
This involves the following functions:
- 'BN_add'
- 'BN_sub'
- 'BN_uadd'
- 'BN_usub'
Care is taken to use the previous (now legacy) code if any of the argument
BIGNUMs isn't backed by an OSSL_FN (i.e. if its 'data' field is NULL).
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: aea82b4836163626bd1d3e5ec05670a625d70526
https://github.com/openssl/openssl/commit/aea82b4836163626bd1d3e5ec05670a625d70526
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/bn/bn_mul.c
Log Message:
-----------
BIGNUM: fix setting of 'top' in 'bn_mul_fixed_top'
When 'bn_set_top()' was applied, a couple of spots were missed. This
cause some test failures.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: 97efcb74d8e0b8a66515297695950681913ca76e
https://github.com/openssl/openssl/commit/97efcb74d8e0b8a66515297695950681913ca76e
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/fn/build.info
A crypto/fn/fn_ctx.c
M crypto/fn/fn_lib.c
M crypto/fn/fn_local.h
M include/crypto/fn.h
M include/crypto/types.h
M test/fn_internal_test.c
Log Message:
-----------
Add the fixed number context (OSSL_FN_CTX) with (de)allocators and tests
OSSL_FN_CTX is a reimplementation of BN_CTX, with the intent to have
good enough API parity.
The distinguishing feature with OSSL_FN_CTX is that it works as an arena
allocator, so it must be allocated with an estimate of how much memory
space will be needed for all OSSL_FN instances that will be retrieved
from that arena, and a bit of overhead.
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/openssl/issues/28933
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29161)
Commit: 4eb452f181c22033e5a797ae50e2d90f9fa793f2
https://github.com/openssl/openssl/commit/4eb452f181c22033e5a797ae50e2d90f9fa793f2
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/bn/asm/x86_64-gcc.c
M crypto/bn/bn_asm.c
M crypto/bn/bn_local.h
M crypto/bn/bn_mul.c
A crypto/bn/bnw_mul.c
A crypto/bn/bnw_sub.c
M crypto/bn/build.info
Log Message:
-----------
BIGNUM: separate out word-only helper functions from bn_mul.c
This separation will allow us to use the word-only helper functions
from OSSL_FN functions without pulling in functions that operate on
BIGNUMs.
This also starts the collection of source files with word-only BN
functions that haven't found their way into bn_asm.c for various
reasons.
To recognise them, they are prefixed 'bnw_' instead of 'bn_'.
While at it, consitification is done where appropriate among words
helpers.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: bd53a3d9bb76a114c30408e01028171c87034350
https://github.com/openssl/openssl/commit/bd53a3d9bb76a114c30408e01028171c87034350
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/bn/bn_local.h
M crypto/bn/bnw_mul.c
M doc/internal/man3/bn_mul_words.pod
Log Message:
-----------
BIGNUM: add internal function 'bn_mul_truncated'
This is a variant of 'bn_mul_normal' that allows the result array to
have a smaller size than otherwise expected.
'bn_mul_normal' is refactored to be a wrapper around 'bn_mul_truncated',
with an assumed result size (which is the sum of the operands' sizes).
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: 235116c33eb6c9028dc9feeecea71b2f94e4e3a8
https://github.com/openssl/openssl/commit/235116c33eb6c9028dc9feeecea71b2f94e4e3a8
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/fn/fn_intern.c
M include/crypto/fn_intern.h
Log Message:
-----------
OSSL_FN: constify some of the internal construction and introspection functions
This should have been done when they were added.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: 17c679fd808da87e82863466cbd2bb40b3d7ad48
https://github.com/openssl/openssl/commit/17c679fd808da87e82863466cbd2bb40b3d7ad48
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/asn1/x_long.c
M crypto/build.info
A crypto/int.c
M include/crypto/cryptlib.h
Log Message:
-----------
Add ossl_num_bits(), which returns the significant number of bits in a size_t
This existed as an isolated static function in crypto/asn1/x_long.c, but
is really a pretty generic integer function, so it will serve better by
being exactly that.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: 2f93ffdd8d1bc7d27b4349c510fce8c78fd95d13
https://github.com/openssl/openssl/commit/2f93ffdd8d1bc7d27b4349c510fce8c78fd95d13
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/fn/build.info
M crypto/fn/fn_lib.c
A crypto/fn/fn_mul.c
M include/crypto/fn.h
M test/fn_api_test.c
Log Message:
-----------
OSSL_FN: Add the 'mul' function
OSSL_FN_mul() multiplies two operands. The result OSSL_FN may be of any
size, and if it's smaller than the result of multiplying the two operands,
the result is truncated to that size.
This also adds the function OSSL_FN_copy(), a counterpart for BN_copy(),
as well as an OSSL_FN API test program.
Finally, test/fn_api_test.c is updated with a 'struct test_case_st', used
to instruct test functions what numbers to operate on, and some conditions,
and the 'add' and 'sub' test functions are upgraded to use that structure
for their input.
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/openssl/issues/28934
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: 2b9bd6dcf336e60998fdb0523d372591972a5555
https://github.com/openssl/openssl/commit/2b9bd6dcf336e60998fdb0523d372591972a5555
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-11 (Thu, 11 Dec 2025)
Changed paths:
M crypto/bn/bn_mul.c
Log Message:
-----------
OSSL_FN: Wrap BIGNUM the 'mul' function around the OSSL_FN 'mul' function
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Compare: https://github.com/openssl/openssl/compare/0747ea0bd3ed...2b9bd6dcf336
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Reply all
Reply to author
Forward
0 new messages