diff options
| author | Werner Koch <wk@gnupg.org> | 2003-12-19 19:50:04 +0000 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2003-12-19 19:50:04 +0000 |
| commit | 942783ba87c8d36cd0fb1e040c7ed78d0a6dce58 (patch) | |
| tree | 0dd63136838e63c6ae773027d0ecb81d8b3ea47a | |
| parent | 87ab67996b2d67322fdeaf1753010130d5942af6 (diff) | |
| download | libgcrypt-942783ba87c8d36cd0fb1e040c7ed78d0a6dce58.tar.gz | |
* mpi-internal.h [M_DEBUG]: Removed this unused code.
(struct karatsuba_ctx): Added TSPACE_NLIMBS and TP_NLIMBS.
* mpiutil.c (_gcry_mpi_free_limb_space): Add arg NLIMBS and wipe
out the memory. Changed all callers.
* mpih-mul.c (_gcry_mpih_mul_karatsuba_case): Keep track of
allocated limbs.
* mpi-div.c (_gcry_mpi_tdiv_qr): Keep track of allocated limbs.
* mpi-mul.c (gcry_mpi_mul): Ditto.
* mpi-pow.c (gcry_mpi_powm): Ditto.
* mpiutil.c (gcry_mpi_randomize): Use gcry_create_nonce if WEAK
random has been requested.
| -rw-r--r-- | mpi/ChangeLog | 10 | ||||
| -rw-r--r-- | mpi/mpi-div.c | 15 | ||||
| -rw-r--r-- | mpi/mpi-internal.h | 18 | ||||
| -rw-r--r-- | mpi/mpi-mul.c | 8 | ||||
| -rw-r--r-- | mpi/mpi-pow.c | 26 | ||||
| -rw-r--r-- | mpi/mpih-mul.c | 21 | ||||
| -rw-r--r-- | mpi/mpiutil.c | 103 |
7 files changed, 119 insertions, 82 deletions
diff --git a/mpi/ChangeLog b/mpi/ChangeLog index cdcd1ff9..588d24c6 100644 --- a/mpi/ChangeLog +++ b/mpi/ChangeLog @@ -1,5 +1,15 @@ 2003-12-19 Werner Koch <wk@gnupg.org> + * mpi-internal.h [M_DEBUG]: Removed this unused code. + (struct karatsuba_ctx): Added TSPACE_NLIMBS and TP_NLIMBS. + * mpiutil.c (_gcry_mpi_free_limb_space): Add arg NLIMBS and wipe + out the memory. Changed all callers. + * mpih-mul.c (_gcry_mpih_mul_karatsuba_case): Keep track of + allocated limbs. + * mpi-div.c (_gcry_mpi_tdiv_qr): Keep track of allocated limbs. + * mpi-mul.c (gcry_mpi_mul): Ditto. + * mpi-pow.c (gcry_mpi_powm): Ditto. + * Manifest: Empty new file. Also add Manifest files to all CPU specific directories. * Makefile.am: Added. diff --git a/mpi/mpi-div.c b/mpi/mpi-div.c index 378a45a3..6172eb47 100644 --- a/mpi/mpi-div.c +++ b/mpi/mpi-div.c @@ -1,5 +1,6 @@ /* mpi-div.c - MPI functions - * Copyright (C) 1994, 1996, 1998, 2001, 2002, 2003 Free Software Foundation, Inc. + * Copyright (C) 1994, 1996, 1998, 2001, 2002, + * 2003 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -137,6 +138,7 @@ _gcry_mpi_tdiv_qr( gcry_mpi_t quot, gcry_mpi_t rem, gcry_mpi_t num, gcry_mpi_t d unsigned normalization_steps; mpi_limb_t q_limb; mpi_ptr_t marker[5]; + unsigned int marker_nlimbs[5]; int markidx=0; /* Ensure space is enough for quotient and remainder. @@ -194,6 +196,7 @@ _gcry_mpi_tdiv_qr( gcry_mpi_t quot, gcry_mpi_t rem, gcry_mpi_t num, gcry_mpi_t d /* Make sure QP and NP point to different objects. Otherwise the * numerator would be gradually overwritten by the quotient limbs. */ if(qp == np) { /* Copy NP object to temporary space. */ + marker_nlimbs[markidx] = nsize; np = marker[markidx++] = mpi_alloc_limb_space(nsize, mpi_is_secure(quot)); MPN_COPY(np, qp, nsize); @@ -215,6 +218,7 @@ _gcry_mpi_tdiv_qr( gcry_mpi_t quot, gcry_mpi_t rem, gcry_mpi_t num, gcry_mpi_t d /* Shift up the denominator setting the most significant bit of * the most significant word. Use temporary storage not to clobber * the original contents of the denominator. */ + marker_nlimbs[markidx] = dsize; tp = marker[markidx++] = mpi_alloc_limb_space(dsize,mpi_is_secure(den)); _gcry_mpih_lshift( tp, dp, dsize, normalization_steps ); dp = tp; @@ -236,7 +240,9 @@ _gcry_mpi_tdiv_qr( gcry_mpi_t quot, gcry_mpi_t rem, gcry_mpi_t num, gcry_mpi_t d if( dp == rp || (quot && (dp == qp))) { mpi_ptr_t tp; - tp = marker[markidx++] = mpi_alloc_limb_space(dsize, mpi_is_secure(den)); + marker_nlimbs[markidx] = dsize; + tp = marker[markidx++] = mpi_alloc_limb_space(dsize, + mpi_is_secure(den)); MPN_COPY( tp, dp, dsize ); dp = tp; } @@ -272,7 +278,10 @@ _gcry_mpi_tdiv_qr( gcry_mpi_t quot, gcry_mpi_t rem, gcry_mpi_t num, gcry_mpi_t d rem->nlimbs = rsize; rem->sign = sign_remainder; while( markidx ) - mpi_free_limb_space(marker[--markidx]); + { + markidx--; + _gcry_mpi_free_limb_space (marker[markidx], marker_nlimbs[markidx]); + } } void diff --git a/mpi/mpi-internal.h b/mpi/mpi-internal.h index 22699c63..d78c1809 100644 --- a/mpi/mpi-internal.h +++ b/mpi/mpi-internal.h @@ -1,6 +1,6 @@ /* mpi-internal.h - Internal to the Multi Precision Integers - * Copyright (C) 1998 Free Software Foundation, Inc. - * Copyright (C) 1994, 1996, 2000, 2002, 2003 Free Software Foundation, Inc. + * Copyright (C) 1994, 1996, 1998, 2000, 2002, + * 2003 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -169,17 +169,9 @@ typedef int mpi_size_t; /* (must be a signed type) */ /*-- mpiutil.c --*/ -#ifdef M_DEBUG -#define mpi_alloc_limb_space(n,f) _gcry_mpi_debug_alloc_limb_space((n),(f), M_DBGINFO( __LINE__ ) ) -#define mpi_free_limb_space(n) _gcry_mpi_debug_free_limb_space((n), M_DBGINFO( __LINE__ ) ) - mpi_ptr_t _gcry_mpi_debug_alloc_limb_space( unsigned nlimbs, int sec, const char *info ); - void _gcry_mpi_debug_free_limb_space( mpi_ptr_t a, const char *info ); -#else #define mpi_alloc_limb_space(n,f) _gcry_mpi_alloc_limb_space((n),(f)) -#define mpi_free_limb_space(n) _gcry_mpi_free_limb_space((n)) - mpi_ptr_t _gcry_mpi_alloc_limb_space( unsigned nlimbs, int sec ); - void _gcry_mpi_free_limb_space( mpi_ptr_t a ); -#endif +mpi_ptr_t _gcry_mpi_alloc_limb_space( unsigned nlimbs, int sec ); +void _gcry_mpi_free_limb_space( mpi_ptr_t a, unsigned int nlimbs ); void _gcry_mpi_assign_limb_space( gcry_mpi_t a, mpi_ptr_t ap, unsigned nlimbs ); /*-- mpi-bit.c --*/ @@ -211,8 +203,10 @@ int _gcry_mpih_cmp( mpi_ptr_t op1_ptr, mpi_ptr_t op2_ptr, mpi_size_t size ); struct karatsuba_ctx { struct karatsuba_ctx *next; mpi_ptr_t tspace; + unsigned int tspace_nlimbs; mpi_size_t tspace_size; mpi_ptr_t tp; + unsigned int tp_nlimbs; mpi_size_t tp_size; }; diff --git a/mpi/mpi-mul.c b/mpi/mpi-mul.c index 317a3c52..23beee0b 100644 --- a/mpi/mpi-mul.c +++ b/mpi/mpi-mul.c @@ -122,7 +122,7 @@ gcry_mpi_mul( gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v) int usign, vsign, usecure, vsecure, sign_product; int assign_wp=0; mpi_ptr_t tmp_limb=NULL; - + unsigned int tmp_limb_nlimbs = 0; if( u->nlimbs < v->nlimbs ) { /* Swap U and V. */ usize = v->nlimbs; @@ -170,6 +170,7 @@ gcry_mpi_mul( gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v) else { /* Make U and V not overlap with W. */ if( wp == up ) { /* W and U are identical. Allocate temporary space for U. */ + tmp_limb_nlimbs = usize; up = tmp_limb = mpi_alloc_limb_space( usize, usecure ); /* Is V identical too? Keep it identical with U. */ if( wp == vp ) @@ -179,6 +180,7 @@ gcry_mpi_mul( gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v) } else if( wp == vp ) { /* W and V are identical. Allocate temporary space for V. */ + tmp_limb_nlimbs = vsize; vp = tmp_limb = mpi_alloc_limb_space( vsize, vsecure ); /* Copy to the temporary space. */ MPN_COPY( vp, wp, vsize ); @@ -197,7 +199,7 @@ gcry_mpi_mul( gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v) /* copy the temp wp from secure memory back to normal memory */ mpi_ptr_t tmp_wp = mpi_alloc_limb_space (wsize, 0); MPN_COPY (tmp_wp, wp, wsize); - mpi_free_limb_space (wp); + _gcry_mpi_free_limb_space (wp, 0); wp = tmp_wp; } _gcry_mpi_assign_limb_space( w, wp, wsize ); @@ -205,7 +207,7 @@ gcry_mpi_mul( gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v) w->nlimbs = wsize; w->sign = sign_product; if( tmp_limb ) - mpi_free_limb_space( tmp_limb ); + _gcry_mpi_free_limb_space (tmp_limb, tmp_limb_nlimbs); } diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c index e0331d7f..61a115f4 100644 --- a/mpi/mpi-pow.c +++ b/mpi/mpi-pow.c @@ -48,7 +48,9 @@ gcry_mpi_powm( gcry_mpi_t res, gcry_mpi_t base, gcry_mpi_t expo, gcry_mpi_t mod) int negative_result; mpi_ptr_t mp_marker=NULL, bp_marker=NULL, ep_marker=NULL; mpi_ptr_t xp_marker=NULL; - int assign_rp=0; + unsigned int mp_nlimbs = 0, bp_nlimbs = 0, ep_nlimbs = 0; + unsigned int xp_nlimbs = 0; + int assign_rp = 0; mpi_ptr_t tspace = NULL; mpi_size_t tsize=0; /* to avoid compiler warning */ /* fixme: we should check that the warning is void*/ @@ -83,6 +85,7 @@ gcry_mpi_powm( gcry_mpi_t res, gcry_mpi_t base, gcry_mpi_t expo, gcry_mpi_t mod) * mpn_divrem. This will make the intermediate values in the calculation * slightly larger, but the correct result is obtained after a final * reduction using the original MOD value. */ + mp_nlimbs = msec? msize:0; mp = mp_marker = mpi_alloc_limb_space(msize, msec); count_leading_zeros( mod_shift_cnt, mod->d[msize-1] ); if( mod_shift_cnt ) @@ -95,6 +98,7 @@ gcry_mpi_powm( gcry_mpi_t res, gcry_mpi_t base, gcry_mpi_t expo, gcry_mpi_t mod) if( bsize > msize ) { /* The base is larger than the module. Reduce it. */ /* Allocate (BSIZE + 1) with space for remainder and quotient. * (The quotient is (bsize - msize + 1) limbs.) */ + bp_nlimbs = bsec ? (bsize + 1):0; bp = bp_marker = mpi_alloc_limb_space( bsize + 1, bsec ); MPN_COPY( bp, base->d, bsize ); /* We don't care about the quotient, store it above the remainder, @@ -131,17 +135,20 @@ gcry_mpi_powm( gcry_mpi_t res, gcry_mpi_t base, gcry_mpi_t expo, gcry_mpi_t mod) if( rp == bp ) { /* RES and BASE are identical. Allocate temp. space for BASE. */ assert( !bp_marker ); + bp_nlimbs = bsec? bsize:0; bp = bp_marker = mpi_alloc_limb_space( bsize, bsec ); MPN_COPY(bp, rp, bsize); } if( rp == ep ) { /* RES and EXPO are identical. Allocate temp. space for EXPO. */ + ep_nlimbs = esec? esize:0; ep = ep_marker = mpi_alloc_limb_space( esize, esec ); MPN_COPY(ep, rp, esize); } if( rp == mp ) { /* RES and MOD are identical. Allocate temporary space for MOD.*/ assert( !mp_marker ); + mp_nlimbs = msec?msize:0; mp = mp_marker = mpi_alloc_limb_space( msize, msec ); MPN_COPY(mp, rp, msize); } @@ -153,12 +160,15 @@ gcry_mpi_powm( gcry_mpi_t res, gcry_mpi_t base, gcry_mpi_t expo, gcry_mpi_t mod) { mpi_size_t i; - mpi_ptr_t xp = xp_marker = mpi_alloc_limb_space( 2 * (msize + 1), msec ); + mpi_ptr_t xp; int c; mpi_limb_t e; mpi_limb_t carry_limb; struct karatsuba_ctx karactx; + xp_nlimbs = msec? (2 * (msize + 1)):0; + xp = xp_marker = mpi_alloc_limb_space( 2 * (msize + 1), msec ); + memset( &karactx, 0, sizeof karactx ); negative_result = (ep[0] & 1) && base->sign; @@ -192,7 +202,7 @@ gcry_mpi_powm( gcry_mpi_t res, gcry_mpi_t base, gcry_mpi_t expo, gcry_mpi_t mod) tspace = mpi_alloc_limb_space( tsize, 0 ); } else if( tsize < (2*rsize) ) { - mpi_free_limb_space( tspace ); + _gcry_mpi_free_limb_space (tspace, 0); tsize = 2 * rsize; tspace = mpi_alloc_limb_space( tsize, 0 ); } @@ -283,10 +293,10 @@ gcry_mpi_powm( gcry_mpi_t res, gcry_mpi_t base, gcry_mpi_t expo, gcry_mpi_t mod) leave: if( assign_rp ) _gcry_mpi_assign_limb_space( res, rp, size ); - if( mp_marker ) _gcry_mpi_free_limb_space( mp_marker ); - if( bp_marker ) _gcry_mpi_free_limb_space( bp_marker ); - if( ep_marker ) _gcry_mpi_free_limb_space( ep_marker ); - if( xp_marker ) _gcry_mpi_free_limb_space( xp_marker ); - if( tspace ) _gcry_mpi_free_limb_space( tspace ); + if( mp_marker ) _gcry_mpi_free_limb_space( mp_marker, mp_nlimbs ); + if( bp_marker ) _gcry_mpi_free_limb_space( bp_marker, bp_nlimbs ); + if( ep_marker ) _gcry_mpi_free_limb_space( ep_marker, ep_nlimbs ); + if( xp_marker ) _gcry_mpi_free_limb_space( xp_marker, xp_nlimbs ); + if( tspace ) _gcry_mpi_free_limb_space( tspace, 0 ); } diff --git a/mpi/mpih-mul.c b/mpi/mpih-mul.c index 0c54f2e7..e1f6f58e 100644 --- a/mpi/mpih-mul.c +++ b/mpi/mpih-mul.c @@ -356,7 +356,7 @@ _gcry_mpih_mul_n( mpi_ptr_t prodp, secure = gcry_is_secure( up ); tspace = mpi_alloc_limb_space( 2 * size, secure ); _gcry_mpih_sqr_n( prodp, up, size, tspace ); - mpi_free_limb_space( tspace ); + _gcry_mpi_free_limb_space (tspace, 2 * size ); } } else { @@ -367,7 +367,7 @@ _gcry_mpih_mul_n( mpi_ptr_t prodp, secure = gcry_is_secure( up ) || gcry_is_secure( vp ); tspace = mpi_alloc_limb_space( 2 * size, secure ); mul_n (prodp, up, vp, size, tspace); - mpi_free_limb_space( tspace ); + _gcry_mpi_free_limb_space (tspace, 2 * size ); } } } @@ -384,9 +384,11 @@ _gcry_mpih_mul_karatsuba_case( mpi_ptr_t prodp, if( !ctx->tspace || ctx->tspace_size < vsize ) { if( ctx->tspace ) - mpi_free_limb_space( ctx->tspace ); + _gcry_mpi_free_limb_space( ctx->tspace, ctx->tspace_nlimbs ); + ctx->tspace_nlimbs = 2 * vsize; ctx->tspace = mpi_alloc_limb_space( 2 * vsize, - gcry_is_secure( up ) || gcry_is_secure( vp ) ); + (gcry_is_secure( up ) + || gcry_is_secure( vp )) ); ctx->tspace_size = vsize; } @@ -398,7 +400,8 @@ _gcry_mpih_mul_karatsuba_case( mpi_ptr_t prodp, if( usize >= vsize ) { if( !ctx->tp || ctx->tp_size < vsize ) { if( ctx->tp ) - mpi_free_limb_space( ctx->tp ); + _gcry_mpi_free_limb_space( ctx->tp, ctx->tp_nlimbs ); + ctx->tp_nlimbs = 2 * vsize; ctx->tp = mpi_alloc_limb_space( 2 * vsize, gcry_is_secure( up ) || gcry_is_secure( vp ) ); ctx->tp_size = vsize; @@ -440,15 +443,15 @@ _gcry_mpih_release_karatsuba_ctx( struct karatsuba_ctx *ctx ) struct karatsuba_ctx *ctx2; if( ctx->tp ) - mpi_free_limb_space( ctx->tp ); + _gcry_mpi_free_limb_space( ctx->tp, ctx->tp_nlimbs ); if( ctx->tspace ) - mpi_free_limb_space( ctx->tspace ); + _gcry_mpi_free_limb_space( ctx->tspace, ctx->tspace_nlimbs ); for( ctx=ctx->next; ctx; ctx = ctx2 ) { ctx2 = ctx->next; if( ctx->tp ) - mpi_free_limb_space( ctx->tp ); + _gcry_mpi_free_limb_space( ctx->tp, ctx->tp_nlimbs ); if( ctx->tspace ) - mpi_free_limb_space( ctx->tspace ); + _gcry_mpi_free_limb_space( ctx->tspace, ctx->tspace_nlimbs ); gcry_free( ctx ); } } diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c index cfa0f6d4..89a84e94 100644 --- a/mpi/mpiutil.c +++ b/mpi/mpiutil.c @@ -73,7 +73,7 @@ _gcry_mpi_alloc_secure( unsigned nlimbs ) mpi_ptr_t -_gcry_mpi_alloc_limb_space( unsigned nlimbs, int secure ) +_gcry_mpi_alloc_limb_space( unsigned int nlimbs, int secure ) { size_t len = nlimbs * sizeof(mpi_limb_t); mpi_ptr_t p = NULL; @@ -85,20 +85,29 @@ _gcry_mpi_alloc_limb_space( unsigned nlimbs, int secure ) } void -_gcry_mpi_free_limb_space( mpi_ptr_t a ) +_gcry_mpi_free_limb_space( mpi_ptr_t a, unsigned int nlimbs) { - if( !a ) - return; - gcry_free(a); + if (a) + { + size_t len = nlimbs * sizeof(mpi_limb_t); + + /* If we have information on the number of allocated limbs, we + better wipe that space out. This is a failsafe feature if + secure memory has been disabled or was not properly + implemented in user provided allocation functions. */ + if (len) + wipememory (a, len); + gcry_free(a); + } } void -_gcry_mpi_assign_limb_space( gcry_mpi_t a, mpi_ptr_t ap, unsigned nlimbs ) +_gcry_mpi_assign_limb_space( gcry_mpi_t a, mpi_ptr_t ap, unsigned int nlimbs ) { - mpi_free_limb_space(a->d); - a->d = ap; - a->alloced = nlimbs; + _gcry_mpi_free_limb_space (a->d, a->alloced); + a->d = ap; + a->alloced = nlimbs; } @@ -138,57 +147,57 @@ _gcry_mpi_clear( gcry_mpi_t a ) void _gcry_mpi_free( gcry_mpi_t a ) { - if( !a ) - return; - if( a->flags & 4 ) - gcry_free( a->d ); - else { - mpi_free_limb_space(a->d); + if (!a ) + return; + if ((a->flags & 4)) + gcry_free( a->d ); + else + { + _gcry_mpi_free_limb_space(a->d, a->alloced); } - if( a->flags & ~7 ) - log_bug("invalid flag value in mpi\n"); - gcry_free(a); + if ((a->flags & ~7)) + log_bug("invalid flag value in mpi\n"); + gcry_free(a); } static void mpi_set_secure( gcry_mpi_t a ) { - mpi_ptr_t ap, bp; - - if( (a->flags & 1) ) - return; - a->flags |= 1; - ap = a->d; - if( !a->nlimbs ) { - assert(!ap); - return; + mpi_ptr_t ap, bp; + + if ( (a->flags & 1) ) + return; + a->flags |= 1; + ap = a->d; + if (!a->nlimbs) + { + assert(!ap); + return; } - bp = mpi_alloc_limb_space( a->nlimbs, 1 ); - MPN_COPY( bp, ap, a->nlimbs ); - a->d = bp; - mpi_free_limb_space(ap); + bp = mpi_alloc_limb_space (a->nlimbs, 1); + MPN_COPY( bp, ap, a->nlimbs ); + a->d = bp; + _gcry_mpi_free_limb_space (ap, a->alloced); } gcry_mpi_t gcry_mpi_set_opaque( gcry_mpi_t a, void *p, unsigned int nbits ) { - if( !a ) { - a = mpi_alloc(0); - } - - if( a->flags & 4 ) - gcry_free( a->d ); - else { - mpi_free_limb_space(a->d); - } - - a->d = p; - a->alloced = 0; - a->nlimbs = 0; - a->sign = nbits; - a->flags = 4; - return a; + if (!a) + a = mpi_alloc(0); + + if( a->flags & 4 ) + gcry_free( a->d ); + else + _gcry_mpi_free_limb_space (a->d, a->alloced); + + a->d = p; + a->alloced = 0; + a->nlimbs = 0; + a->sign = nbits; + a->flags = 4; + return a; } |