[openssl/openssl] d1cb7b: design: Fixed size large numbers
0 views
Skip to first unread message
Richard Levitte
Dec 5, 2025, 4:20:34 AM (yesterday) Dec 5
to openssl...@openssl.org
Branch: refs/heads/feature/ossl_fn
Home: https://github.com/openssl/openssl
Commit: d1cb7b07912ed02dc4374ae502e7644bc0de1f2e
https://github.com/openssl/openssl/commit/d1cb7b07912ed02dc4374ae502e7644bc0de1f2e
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
A doc/designs/fixed-size-large-numbers.md
Log Message:
-----------
design: Fixed size large numbers
For the longest time, we have mitigated security issues related to large
numbers (BIGNUM) and constant time in a piece-meal fashion, without really
looking at the problem from a zoomed out, holistic perspective.
An interesting aspect in this problem is that large numbers can vary in
size, and that depending on their combined sizes, the time to perform
mathematical calculations with them vary equally much, and may thereby
unintentionally leak information on those numbers.
To mitigate that sort of timing issue, we introduce fixed size numbers,
which are designed to have payload sizes that are pre-determined, usually by
the crypto system that uses them. This means that even a very small number
(let's take 1 as a ridiculous example) would have the same size payload as a
much larger number, and calculations using them would perform across all
payload bits of all input numbers combined.
These fixed size numbers primarly differ from BIGNUMs in that once they have
been allocated to a certain size, that size will not change throughout its
lifetime.
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28522)
Commit: 526d2a61508f45180ecd3e4f429cfa60ed5b2d3d
https://github.com/openssl/openssl/commit/526d2a61508f45180ecd3e4f429cfa60ed5b2d3d
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M doc/designs/fixed-size-large-numbers.md
Log Message:
-----------
Fix spelling in doc/designs/fixed-size-large-numbers.md
Found by codespell.
payed → paid
Reviewed-by: Frederik Wedel-Heinen <fwh.o...@gmail.com>
Reviewed-by: Shane Lontis <shane....@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28787)
Commit: 98d1e4bc591544f43877c61c37cf8e3626973485
https://github.com/openssl/openssl/commit/98d1e4bc591544f43877c61c37cf8e3626973485
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/build.info
A crypto/fn/build.info
A crypto/fn/fn_lib.c
A crypto/fn/fn_local.h
A include/crypto/fn.h
M include/crypto/types.h
M include/openssl/bn.h
A include/openssl/bn_limbs.h
M test/build.info
A test/fn_internal_test.c
A test/recipes/03-test_internal_fn.t
Log Message:
-----------
Add the fixed number type (OSSL_FN) and its allocators and deallocator
This includes a small test program that performs introspection of the
OSSL_FN, to check that diverse functions do what's expected of them.
For future compatibility reasons, the limb type OSSL_FN_ULONG is based
on BN_ULONG. This caused a slight rearrangement of public BIGNUM related
headers.
Note: experiments with changing the current BIGNUM's 'dmax' and 'top' to be
"size_t" has shown disastrous effects, due to some lower level functions
assuming that they'll receive the size in "int" form rather than "size_t"
form (on some major platforms, these two types have different sizes).
Therefore, this change deviates slightly from the design for fixed numbers
(doc/designs/fixed-size-large-numbers.md) by making OSSL_FN's 'dsize' an
"int" rather than a "size_t".
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/project/issues/1649
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28784)
Commit: 4b4f9f240bb15a95a23091bf2d1c883767f8481b
https://github.com/openssl/openssl/commit/4b4f9f240bb15a95a23091bf2d1c883767f8481b
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/bn/bn_dh.c
M crypto/bn/bn_exp.c
M crypto/bn/bn_intern.c
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
M crypto/bn/bn_nist.c
M crypto/bn/bn_prime.c
M crypto/bn/bn_rsa_fips186_5.c
M crypto/bn/bn_srp.c
M crypto/fn/fn_lib.c
M crypto/fn/fn_local.h
M include/crypto/bn.h
M include/crypto/fn.h
Log Message:
-----------
First integration of OSSL_FN into BIGNUM
This integration is made in such a way that OSSL_FN is an optional
'data' field in BIGNUM, i.e. it's allowed to be NULL even though
the BIGNUM's 'd' field is non-NULL.
The public BIGNUM API will do what it can to ensure that the 'data'
field becomes non-NULL, but remains lax on input BIGNUMs, for now.
This allows diverse internal bn constants and hacks to continue to
function with minimal friction. These constants and hacks will
incrementally be modified to use OSSL_FN where they currently use
BN_ULONG.
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/openssl/issues/28931
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28930)
Commit: 593d687c150592dd23280f6dd406ca495883a221
https://github.com/openssl/openssl/commit/593d687c150592dd23280f6dd406ca495883a221
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/bn/bn_add.c
M crypto/bn/bn_blind.c
M crypto/bn/bn_conv.c
M crypto/bn/bn_div.c
M crypto/bn/bn_exp.c
M crypto/bn/bn_gf2m.c
M crypto/bn/bn_intern.c
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
M crypto/bn/bn_mod.c
M crypto/bn/bn_mont.c
M crypto/bn/bn_mpi.c
M crypto/bn/bn_mul.c
M crypto/bn/bn_nist.c
M crypto/bn/bn_shift.c
M crypto/bn/bn_sqr.c
Log Message:
-----------
BIGNUM: Adjust the requirements on 'top' and the 'd' array for OSSL_FN compat
BIGNUM is quite sloppy with its contents of the 'd' array above 'top'. This
has been further exasperated by the 'bn_pollute' macro, which makes that slop
quite explicit.
That's fine within a purely BIGNUM context.
Enter OSSL_FN, which requires that the whole 'd' array is numerically
consistent, not just the BN_ULONGs up to 'top'.
This will, of course, cause trouble as soon as an OSSL_FN that's integrated
in a BIGNUM gets passed to OSSL_FN functions.
To ensure consistency, the following updates are made:
- [only for BIGNUMs in which 'data' is non-NULL] when decreasing 'top', all
BN_ULONGs between the preceding 'top' and the new 'top' must be made zero.
- Drop bn_pollute() entirely, as it's now more harmful than useful.
- Modify bn_check_top() to better check the consistency of BIGNUM with
integrated OSSL_FN, by checking that the part of the 'd' array between
'top' and 'dmax' is all zeroes.
- Add the function 'bn_set_top()', which is recommended to use instead of
assigning 'top' directly, as it will zeroise the intermediary limbs in
the 'd' array when 'top' decreases.
On using 'bn_set_top()', it's highly recommended to use it everywhere,
unless you can be absolutely sure that the BIGNUM that's modified will never
be checked with 'bn_check_top()' or passed to any OSSL_FN function.
Related-to: doc/designs/fixed-size-large-numbers.md
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29015)
Commit: 3d6e6629e53819eefc013b97c7e7d2c849548f0c
https://github.com/openssl/openssl/commit/3d6e6629e53819eefc013b97c7e7d2c849548f0c
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/bn/bn_local.h
Log Message:
-----------
BN_DEBUG: Refactor 'bn_check_top', 'bn_wcheck_size' into static inline functions
All the BN_DEBUG code is also moved below the definition of 'struct bignum_st',
to keep the compilers happy.
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29015)
Commit: 78a46ac75a9417b84a88f2922530af3842a14dee
https://github.com/openssl/openssl/commit/78a46ac75a9417b84a88f2922530af3842a14dee
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/err/err_all.c
M crypto/err/openssl.ec
M crypto/err/openssl.txt
M crypto/fn/build.info
A crypto/fn/fn_err.c
A crypto/fn/fn_intern.c
M crypto/fn/fn_local.h
A include/crypto/fn_intern.h
A include/crypto/fnerr.h
M include/openssl/err.h.in
M test/fn_internal_test.c
Log Message:
-----------
OSSL_FN: Add internal construction and introspection functions
These functions will be useful with other test programs without having
to include crypto/fn/fn_local.h, making them closer to real world use.
This also introduces OSSL_FN errors
Related-to: doc/designs/fixed-size-large-numbers.md
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: f869535bcdb300a7a6dab5078fe99f171d209f51
https://github.com/openssl/openssl/commit/f869535bcdb300a7a6dab5078fe99f171d209f51
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/fn/build.info
A crypto/fn/fn_addsub.c
M crypto/fn/fn_local.h
M include/crypto/fn.h
M test/README-dev.md
M test/build.info
A test/fn_api_test.c
A test/recipes/11-test_fn_api.t
Log Message:
-----------
OSSL_FN: Add 'add' and 'sub' functions
This also introduces 'cmp' and 'ucmp' functions, as well as an OSSL_FN
API test program.
OSSL_FNs must not be polluted, so if a BIGNUM has a non-NULL 'data'
field, bn_pollute() will not pollute it. It may be a good idea, though,
to pollute an OSSL_FN before an operation result is written to it, for
testing purposes.
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/openssl/issues/28932
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: 6c0fe56c502da5f63c13457f773be6cdfec606d4
https://github.com/openssl/openssl/commit/6c0fe56c502da5f63c13457f773be6cdfec606d4
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/bn/bn_local.h
Log Message:
-----------
OSSL_FN: Add internal functions to acquire the OSSL_FN from a BIGNUM
bn_acquire_ossl_fn() returns the OSSL_FN of a BIGNUM if there is one,
expanded to a given number of limbs.
bn_release() makes necessary adjustments to the BIGNUM after a run of
OSSL_FN operations on the OSSL instance it's backed by.
These two functions are most useful with BIGNUMs used to store operation
results, and are meant to help refactoring BN operators to be wrappers
around corresponding OSSL_FN operators.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: 3671b39614e79fd7cec2fec780b7ca1832983b25
https://github.com/openssl/openssl/commit/3671b39614e79fd7cec2fec780b7ca1832983b25
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/bn/bn_add.c
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
Log Message:
-----------
OSSL_FN: Wrap BIGNUM 'add' and 'sub' functions around OSSL_FN functions
This involves the following functions:
- 'BN_add'
- 'BN_sub'
- 'BN_uadd'
- 'BN_usub'
Care is taken to use the previous (now legacy) code if any of the argument
BIGNUMs isn't backed by an OSSL_FN (i.e. if its 'data' field is NULL).
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: dc6b92b7c3000d6f2e4eb6511d521760ced7d423
https://github.com/openssl/openssl/commit/dc6b92b7c3000d6f2e4eb6511d521760ced7d423
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/bn/bn_mul.c
Log Message:
-----------
BIGNUM: fix setting of 'top' in 'bn_mul_fixed_top'
When 'bn_set_top()' was applied, a couple of spots were missed. This
cause some test failures.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: ab4aacfbc19bf49221593f09217639b5dca73721
https://github.com/openssl/openssl/commit/ab4aacfbc19bf49221593f09217639b5dca73721
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/fn/build.info
A crypto/fn/fn_ctx.c
M crypto/fn/fn_lib.c
M crypto/fn/fn_local.h
M include/crypto/fn.h
M include/crypto/types.h
M test/fn_internal_test.c
Log Message:
-----------
Add the fixed number context (OSSL_FN_CTX) with (de)allocators and tests
OSSL_FN_CTX is a reimplementation of BN_CTX, with the intent to have
good enough API parity.
The distinguishing feature with OSSL_FN_CTX is that it works as an arena
allocator, so it must be allocated with an estimate of how much memory
space will be needed for all OSSL_FN instances that will be retrieved
from that arena, and a bit of overhead.
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/openssl/issues/28933
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29161)
Commit: 2ac84dceb6b53eb124b2839f68643a4c54bd03fb
https://github.com/openssl/openssl/commit/2ac84dceb6b53eb124b2839f68643a4c54bd03fb
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/bn/asm/x86_64-gcc.c
M crypto/bn/bn_asm.c
M crypto/bn/bn_local.h
M crypto/bn/bn_mul.c
A crypto/bn/bnw_mul.c
A crypto/bn/bnw_sub.c
M crypto/bn/build.info
Log Message:
-----------
BIGNUM: separate out word-only helper functions from bn_mul.c
This separation will allow us to use the word-only helper functions
from OSSL_FN functions without pulling in functions that operate on
BIGNUMs.
This also starts the collection of source files with word-only BN
functions that haven't found their way into bn_asm.c for various
reasons.
To recognise them, they are prefixed 'bnw_' instead of 'bn_'.
While at it, consitification is done where appropriate among words
helpers.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: c13c05f3bbde85bd44eb793835738569336cc8e1
https://github.com/openssl/openssl/commit/c13c05f3bbde85bd44eb793835738569336cc8e1
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/bn/bn_local.h
M crypto/bn/bnw_mul.c
M doc/internal/man3/bn_mul_words.pod
Log Message:
-----------
BIGNUM: add internal function 'bn_mul_truncated'
This is a variant of 'bn_mul_normal' that allows the result array to
have a smaller size than otherwise expected.
'bn_mul_normal' is refactored to be a wrapper around 'bn_mul_truncated',
with an assumed result size (which is the sum of the operands' sizes).
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: 6284d27c520c68ab4e3ce91b0e615f01cff2651c
https://github.com/openssl/openssl/commit/6284d27c520c68ab4e3ce91b0e615f01cff2651c
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/fn/fn_intern.c
M include/crypto/fn_intern.h
Log Message:
-----------
OSSL_FN: constify some of the internal construction and introspection functions
This should have been done when they were added.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: a17e9be7b256c1355195fd49c3602165b7b8897e
https://github.com/openssl/openssl/commit/a17e9be7b256c1355195fd49c3602165b7b8897e
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/asn1/x_long.c
M crypto/build.info
A crypto/int.c
M include/crypto/cryptlib.h
Log Message:
-----------
Add ossl_num_bits(), which returns the significant number of bits in a size_t
This existed as an isolated static function in crypto/asn1/x_long.c, but
is really a pretty generic integer function, so it will serve better by
being exactly that.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: 8beca4605606b702b1bbc159e2a9aafa255b33e4
https://github.com/openssl/openssl/commit/8beca4605606b702b1bbc159e2a9aafa255b33e4
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/fn/build.info
M crypto/fn/fn_lib.c
A crypto/fn/fn_mul.c
M include/crypto/fn.h
M test/fn_api_test.c
Log Message:
-----------
OSSL_FN: Add the 'mul' function
OSSL_FN_mul() multiplies two operands. The result OSSL_FN may be of any
size, and if it's smaller than the result of multiplying the two operands,
the result is truncated to that size.
This also adds the function OSSL_FN_copy(), a counterpart for BN_copy(),
as well as an OSSL_FN API test program.
Finally, test/fn_api_test.c is updated with a 'struct test_case_st', used
to instruct test functions what numbers to operate on, and some conditions,
and the 'add' and 'sub' test functions are upgraded to use that structure
for their input.
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/openssl/issues/28934
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: 0747ea0bd3ed07601f5aa43c06ed5ce0bc6335b2
https://github.com/openssl/openssl/commit/0747ea0bd3ed07601f5aa43c06ed5ce0bc6335b2
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/bn/bn_mul.c
Log Message:
-----------
OSSL_FN: Wrap BIGNUM the 'mul' function around the OSSL_FN 'mul' function
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Compare: https://github.com/openssl/openssl/compare/edf3afb34e47...0747ea0bd3ed
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Home: https://github.com/openssl/openssl
Commit: d1cb7b07912ed02dc4374ae502e7644bc0de1f2e
https://github.com/openssl/openssl/commit/d1cb7b07912ed02dc4374ae502e7644bc0de1f2e
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
A doc/designs/fixed-size-large-numbers.md
Log Message:
-----------
design: Fixed size large numbers
For the longest time, we have mitigated security issues related to large
numbers (BIGNUM) and constant time in a piece-meal fashion, without really
looking at the problem from a zoomed out, holistic perspective.
An interesting aspect in this problem is that large numbers can vary in
size, and that depending on their combined sizes, the time to perform
mathematical calculations with them vary equally much, and may thereby
unintentionally leak information on those numbers.
To mitigate that sort of timing issue, we introduce fixed size numbers,
which are designed to have payload sizes that are pre-determined, usually by
the crypto system that uses them. This means that even a very small number
(let's take 1 as a ridiculous example) would have the same size payload as a
much larger number, and calculations using them would perform across all
payload bits of all input numbers combined.
These fixed size numbers primarly differ from BIGNUMs in that once they have
been allocated to a certain size, that size will not change throughout its
lifetime.
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28522)
Commit: 526d2a61508f45180ecd3e4f429cfa60ed5b2d3d
https://github.com/openssl/openssl/commit/526d2a61508f45180ecd3e4f429cfa60ed5b2d3d
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M doc/designs/fixed-size-large-numbers.md
Log Message:
-----------
Fix spelling in doc/designs/fixed-size-large-numbers.md
Found by codespell.
payed → paid
Reviewed-by: Frederik Wedel-Heinen <fwh.o...@gmail.com>
Reviewed-by: Shane Lontis <shane....@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28787)
Commit: 98d1e4bc591544f43877c61c37cf8e3626973485
https://github.com/openssl/openssl/commit/98d1e4bc591544f43877c61c37cf8e3626973485
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/build.info
A crypto/fn/build.info
A crypto/fn/fn_lib.c
A crypto/fn/fn_local.h
A include/crypto/fn.h
M include/crypto/types.h
M include/openssl/bn.h
A include/openssl/bn_limbs.h
M test/build.info
A test/fn_internal_test.c
A test/recipes/03-test_internal_fn.t
Log Message:
-----------
Add the fixed number type (OSSL_FN) and its allocators and deallocator
This includes a small test program that performs introspection of the
OSSL_FN, to check that diverse functions do what's expected of them.
For future compatibility reasons, the limb type OSSL_FN_ULONG is based
on BN_ULONG. This caused a slight rearrangement of public BIGNUM related
headers.
Note: experiments with changing the current BIGNUM's 'dmax' and 'top' to be
"size_t" has shown disastrous effects, due to some lower level functions
assuming that they'll receive the size in "int" form rather than "size_t"
form (on some major platforms, these two types have different sizes).
Therefore, this change deviates slightly from the design for fixed numbers
(doc/designs/fixed-size-large-numbers.md) by making OSSL_FN's 'dsize' an
"int" rather than a "size_t".
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/project/issues/1649
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28784)
Commit: 4b4f9f240bb15a95a23091bf2d1c883767f8481b
https://github.com/openssl/openssl/commit/4b4f9f240bb15a95a23091bf2d1c883767f8481b
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/bn/bn_dh.c
M crypto/bn/bn_exp.c
M crypto/bn/bn_intern.c
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
M crypto/bn/bn_nist.c
M crypto/bn/bn_prime.c
M crypto/bn/bn_rsa_fips186_5.c
M crypto/bn/bn_srp.c
M crypto/fn/fn_lib.c
M crypto/fn/fn_local.h
M include/crypto/bn.h
M include/crypto/fn.h
Log Message:
-----------
First integration of OSSL_FN into BIGNUM
This integration is made in such a way that OSSL_FN is an optional
'data' field in BIGNUM, i.e. it's allowed to be NULL even though
the BIGNUM's 'd' field is non-NULL.
The public BIGNUM API will do what it can to ensure that the 'data'
field becomes non-NULL, but remains lax on input BIGNUMs, for now.
This allows diverse internal bn constants and hacks to continue to
function with minimal friction. These constants and hacks will
incrementally be modified to use OSSL_FN where they currently use
BN_ULONG.
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/openssl/issues/28931
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28930)
Commit: 593d687c150592dd23280f6dd406ca495883a221
https://github.com/openssl/openssl/commit/593d687c150592dd23280f6dd406ca495883a221
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/bn/bn_add.c
M crypto/bn/bn_blind.c
M crypto/bn/bn_conv.c
M crypto/bn/bn_div.c
M crypto/bn/bn_exp.c
M crypto/bn/bn_gf2m.c
M crypto/bn/bn_intern.c
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
M crypto/bn/bn_mod.c
M crypto/bn/bn_mont.c
M crypto/bn/bn_mpi.c
M crypto/bn/bn_mul.c
M crypto/bn/bn_nist.c
M crypto/bn/bn_shift.c
M crypto/bn/bn_sqr.c
Log Message:
-----------
BIGNUM: Adjust the requirements on 'top' and the 'd' array for OSSL_FN compat
BIGNUM is quite sloppy with its contents of the 'd' array above 'top'. This
has been further exasperated by the 'bn_pollute' macro, which makes that slop
quite explicit.
That's fine within a purely BIGNUM context.
Enter OSSL_FN, which requires that the whole 'd' array is numerically
consistent, not just the BN_ULONGs up to 'top'.
This will, of course, cause trouble as soon as an OSSL_FN that's integrated
in a BIGNUM gets passed to OSSL_FN functions.
To ensure consistency, the following updates are made:
- [only for BIGNUMs in which 'data' is non-NULL] when decreasing 'top', all
BN_ULONGs between the preceding 'top' and the new 'top' must be made zero.
- Drop bn_pollute() entirely, as it's now more harmful than useful.
- Modify bn_check_top() to better check the consistency of BIGNUM with
integrated OSSL_FN, by checking that the part of the 'd' array between
'top' and 'dmax' is all zeroes.
- Add the function 'bn_set_top()', which is recommended to use instead of
assigning 'top' directly, as it will zeroise the intermediary limbs in
the 'd' array when 'top' decreases.
On using 'bn_set_top()', it's highly recommended to use it everywhere,
unless you can be absolutely sure that the BIGNUM that's modified will never
be checked with 'bn_check_top()' or passed to any OSSL_FN function.
Related-to: doc/designs/fixed-size-large-numbers.md
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29015)
Commit: 3d6e6629e53819eefc013b97c7e7d2c849548f0c
https://github.com/openssl/openssl/commit/3d6e6629e53819eefc013b97c7e7d2c849548f0c
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/bn/bn_local.h
Log Message:
-----------
BN_DEBUG: Refactor 'bn_check_top', 'bn_wcheck_size' into static inline functions
All the BN_DEBUG code is also moved below the definition of 'struct bignum_st',
to keep the compilers happy.
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29015)
Commit: 78a46ac75a9417b84a88f2922530af3842a14dee
https://github.com/openssl/openssl/commit/78a46ac75a9417b84a88f2922530af3842a14dee
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/err/err_all.c
M crypto/err/openssl.ec
M crypto/err/openssl.txt
M crypto/fn/build.info
A crypto/fn/fn_err.c
A crypto/fn/fn_intern.c
M crypto/fn/fn_local.h
A include/crypto/fn_intern.h
A include/crypto/fnerr.h
M include/openssl/err.h.in
M test/fn_internal_test.c
Log Message:
-----------
OSSL_FN: Add internal construction and introspection functions
These functions will be useful with other test programs without having
to include crypto/fn/fn_local.h, making them closer to real world use.
This also introduces OSSL_FN errors
Related-to: doc/designs/fixed-size-large-numbers.md
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: f869535bcdb300a7a6dab5078fe99f171d209f51
https://github.com/openssl/openssl/commit/f869535bcdb300a7a6dab5078fe99f171d209f51
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/fn/build.info
A crypto/fn/fn_addsub.c
M crypto/fn/fn_local.h
M include/crypto/fn.h
M test/README-dev.md
M test/build.info
A test/fn_api_test.c
A test/recipes/11-test_fn_api.t
Log Message:
-----------
OSSL_FN: Add 'add' and 'sub' functions
This also introduces 'cmp' and 'ucmp' functions, as well as an OSSL_FN
API test program.
OSSL_FNs must not be polluted, so if a BIGNUM has a non-NULL 'data'
field, bn_pollute() will not pollute it. It may be a good idea, though,
to pollute an OSSL_FN before an operation result is written to it, for
testing purposes.
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/openssl/issues/28932
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: 6c0fe56c502da5f63c13457f773be6cdfec606d4
https://github.com/openssl/openssl/commit/6c0fe56c502da5f63c13457f773be6cdfec606d4
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/bn/bn_local.h
Log Message:
-----------
OSSL_FN: Add internal functions to acquire the OSSL_FN from a BIGNUM
bn_acquire_ossl_fn() returns the OSSL_FN of a BIGNUM if there is one,
expanded to a given number of limbs.
bn_release() makes necessary adjustments to the BIGNUM after a run of
OSSL_FN operations on the OSSL instance it's backed by.
These two functions are most useful with BIGNUMs used to store operation
results, and are meant to help refactoring BN operators to be wrappers
around corresponding OSSL_FN operators.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: 3671b39614e79fd7cec2fec780b7ca1832983b25
https://github.com/openssl/openssl/commit/3671b39614e79fd7cec2fec780b7ca1832983b25
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/bn/bn_add.c
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
Log Message:
-----------
OSSL_FN: Wrap BIGNUM 'add' and 'sub' functions around OSSL_FN functions
This involves the following functions:
- 'BN_add'
- 'BN_sub'
- 'BN_uadd'
- 'BN_usub'
Care is taken to use the previous (now legacy) code if any of the argument
BIGNUMs isn't backed by an OSSL_FN (i.e. if its 'data' field is NULL).
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: dc6b92b7c3000d6f2e4eb6511d521760ced7d423
https://github.com/openssl/openssl/commit/dc6b92b7c3000d6f2e4eb6511d521760ced7d423
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/bn/bn_mul.c
Log Message:
-----------
BIGNUM: fix setting of 'top' in 'bn_mul_fixed_top'
When 'bn_set_top()' was applied, a couple of spots were missed. This
cause some test failures.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29028)
Commit: ab4aacfbc19bf49221593f09217639b5dca73721
https://github.com/openssl/openssl/commit/ab4aacfbc19bf49221593f09217639b5dca73721
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/fn/build.info
A crypto/fn/fn_ctx.c
M crypto/fn/fn_lib.c
M crypto/fn/fn_local.h
M include/crypto/fn.h
M include/crypto/types.h
M test/fn_internal_test.c
Log Message:
-----------
Add the fixed number context (OSSL_FN_CTX) with (de)allocators and tests
OSSL_FN_CTX is a reimplementation of BN_CTX, with the intent to have
good enough API parity.
The distinguishing feature with OSSL_FN_CTX is that it works as an arena
allocator, so it must be allocated with an estimate of how much memory
space will be needed for all OSSL_FN instances that will be retrieved
from that arena, and a bit of overhead.
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/openssl/issues/28933
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29161)
Commit: 2ac84dceb6b53eb124b2839f68643a4c54bd03fb
https://github.com/openssl/openssl/commit/2ac84dceb6b53eb124b2839f68643a4c54bd03fb
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/bn/asm/x86_64-gcc.c
M crypto/bn/bn_asm.c
M crypto/bn/bn_local.h
M crypto/bn/bn_mul.c
A crypto/bn/bnw_mul.c
A crypto/bn/bnw_sub.c
M crypto/bn/build.info
Log Message:
-----------
BIGNUM: separate out word-only helper functions from bn_mul.c
This separation will allow us to use the word-only helper functions
from OSSL_FN functions without pulling in functions that operate on
BIGNUMs.
This also starts the collection of source files with word-only BN
functions that haven't found their way into bn_asm.c for various
reasons.
To recognise them, they are prefixed 'bnw_' instead of 'bn_'.
While at it, consitification is done where appropriate among words
helpers.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: c13c05f3bbde85bd44eb793835738569336cc8e1
https://github.com/openssl/openssl/commit/c13c05f3bbde85bd44eb793835738569336cc8e1
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/bn/bn_local.h
M crypto/bn/bnw_mul.c
M doc/internal/man3/bn_mul_words.pod
Log Message:
-----------
BIGNUM: add internal function 'bn_mul_truncated'
This is a variant of 'bn_mul_normal' that allows the result array to
have a smaller size than otherwise expected.
'bn_mul_normal' is refactored to be a wrapper around 'bn_mul_truncated',
with an assumed result size (which is the sum of the operands' sizes).
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: 6284d27c520c68ab4e3ce91b0e615f01cff2651c
https://github.com/openssl/openssl/commit/6284d27c520c68ab4e3ce91b0e615f01cff2651c
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/fn/fn_intern.c
M include/crypto/fn_intern.h
Log Message:
-----------
OSSL_FN: constify some of the internal construction and introspection functions
This should have been done when they were added.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: a17e9be7b256c1355195fd49c3602165b7b8897e
https://github.com/openssl/openssl/commit/a17e9be7b256c1355195fd49c3602165b7b8897e
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/asn1/x_long.c
M crypto/build.info
A crypto/int.c
M include/crypto/cryptlib.h
Log Message:
-----------
Add ossl_num_bits(), which returns the significant number of bits in a size_t
This existed as an isolated static function in crypto/asn1/x_long.c, but
is really a pretty generic integer function, so it will serve better by
being exactly that.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: 8beca4605606b702b1bbc159e2a9aafa255b33e4
https://github.com/openssl/openssl/commit/8beca4605606b702b1bbc159e2a9aafa255b33e4
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/fn/build.info
M crypto/fn/fn_lib.c
A crypto/fn/fn_mul.c
M include/crypto/fn.h
M test/fn_api_test.c
Log Message:
-----------
OSSL_FN: Add the 'mul' function
OSSL_FN_mul() multiplies two operands. The result OSSL_FN may be of any
size, and if it's smaller than the result of multiplying the two operands,
the result is truncated to that size.
This also adds the function OSSL_FN_copy(), a counterpart for BN_copy(),
as well as an OSSL_FN API test program.
Finally, test/fn_api_test.c is updated with a 'struct test_case_st', used
to instruct test functions what numbers to operate on, and some conditions,
and the 'add' and 'sub' test functions are upgraded to use that structure
for their input.
Related-to: doc/designs/fixed-size-large-numbers.md
Resolves: https://github.com/openssl/openssl/issues/28934
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Commit: 0747ea0bd3ed07601f5aa43c06ed5ce0bc6335b2
https://github.com/openssl/openssl/commit/0747ea0bd3ed07601f5aa43c06ed5ce0bc6335b2
Author: Richard Levitte <lev...@openssl.org>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M crypto/bn/bn_mul.c
Log Message:
-----------
OSSL_FN: Wrap BIGNUM the 'mul' function around the OSSL_FN 'mul' function
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29203)
Compare: https://github.com/openssl/openssl/compare/edf3afb34e47...0747ea0bd3ed
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Reply all
Reply to author
Forward
0 new messages